Commit Graph

13468 Commits

Author SHA1 Message Date
Daniël de Kok
c619bbbbef nixos/btsync: remove
Remove the btsync module. Bittorrent Sync was renamed to Resilio Sync in
2016, which is supported by the resilio module. Since Resilio Sync had
some security updates since 2016, it is not safe to run Bittorrent Sync
anymore.
2019-06-03 09:16:13 +02:00
worldofpeace
c6748ef63f
Merge pull request #61746 from abbradar/gnome-pa
nixos/gdm: use Fedora's PulseAudio configuration
2019-06-02 18:16:04 -04:00
Nikolay Amiantov
00972dc89c nixos/gdm: use Fedora's PulseAudio configuration
This is needed to avoid GDM PulseAudio instance acting as a network
source/sink or grabing the A2DP bluetooth sink making A2DP unusable
for any other user. In the future having this fixed in PulseAudio
would be preferred [0]. Current possible upstream fix could be [1].

[0]: https://github.com/NixOS/nixpkgs/pull/61746#issuecomment-493956980
[1]: https://gitlab.freedesktop.org/pulseaudio/pulseaudio/merge_requests/10
2019-06-02 18:01:53 -04:00
Izorkin
5612650767 nixos/nginx: add ipv6 options to resolver 2019-06-02 19:29:30 +00:00
Edmund Wu
3207f7e1ce
compton: try not to conflict wintypes 2019-06-02 14:16:31 -04:00
Aaron Andersen
ce778b8292 nixos: remove duplicate section from release notes 2019-06-02 10:14:16 -04:00
Florian Klink
640afe964e
Barco clickshare (#59891)
Barco clickshare
2019-06-02 12:41:21 +02:00
Matthew Bauer
f21b846afe
Merge pull request #57752 from aanderse/limesurvey
limesurvey: 2.05_plus_141210 -> 3.17.1+190408, init module
2019-06-01 17:31:15 -04:00
Matthew Bauer
002cce23f7
Merge pull request #62050 from aanderse/hydron
nixos/hydron: replace deprecated usage of PermissionsStartOnly
2019-06-01 17:29:24 -04:00
Gabriel Ebner
a40660a6da
octoprint: 1.3.10 -> 1.3.11 (#62321)
octoprint: 1.3.10 -> 1.3.11
2019-06-01 11:27:56 +02:00
Franz Pletz
4bb4df32aa
Merge pull request #62329 from WilliButz/split-prometheus-tests
nixos/tests/prometheus-exporters: split into single tests
2019-05-31 22:58:32 +00:00
Matthew Bauer
f2a8948078 treewide: use buildPackages for config builders
Partially reapplies 35af6e3605

buildPackages need to be used only for image builders.
Otherwise, the bootloader builder may be setup using the wrong arch,
rendering it unusable
2019-05-31 23:27:49 +02:00
Christian Kampka
0d570e020e Revert "treewide: use buildPackages for config builders"
This reverts commit 35af6e3605.
2019-05-31 23:27:49 +02:00
Christian Kampka
fd15f37b37 Revert "extlinux-conf: fix cross compilation"
This reverts commit f17dd04f12.
2019-05-31 23:27:49 +02:00
Florian Klink
b3dd39ca0e
Merge pull request #62325 from grahamc/wireguard-master
wireguard: 0.0.20190406 -> 0.0.20190531 and Change peers without tearing down the interface, handle DNS failures better
2019-05-31 23:17:18 +02:00
Florian Klink
5ea7a3eb21 nixos/mysql: drop services.mysql.pidDir
mysql already has its socket path hardcoded to to
/run/mysqld/mysqld.sock.
There's not much value in making the pidDir configurable, which also
points to /run/mysqld by default.

We only seem to use `services.mysql.pidDir` in the wordpress startup
script, to wait for mysql to boot up, but we can also simply wait on the
(hardcoded) socket location too.

A much nicer way to accomplish that would be to properly describe a
dependency on mysqld.service. This however is not easily doable, due to
how the apache-httpd module was designed.
2019-05-31 22:27:55 +02:00
Florian Klink
edd10c12f7 nixos/mysql: run as mysql user and group
As we don't need to setup data directories from ExecStartPre= scripts
anymore, which required root, but use systemd.tmpfiles.rules instead,
everything can be run as just the mysql user.
2019-05-31 22:27:55 +02:00
Florian Klink
25494cc193 nixos/mysql: reformat, move logical steps into variables
define commands like "waiting for the mysql socket to appear" or "setup
initial databases" in a let expression, so the main control flow becomes
more readable.
2019-05-31 22:27:48 +02:00
Florian Klink
50dda813e2 nixos/mysql: use systemd.tmpfiles to setup dataDir and pidDir
We need to keep using `RuntimeDirectory=mysqld`, which translates to
`/run/mysqld`, as this is used for the location of the file socket, that
could differ with what is configured via `cfg.pidDir`.
2019-05-31 22:20:42 +02:00
WilliButz
7884354c0f
nixos/tests/prometheus-exporters: split into single tests
Generates a set of tests, rather than one large test for all exporters.
2019-05-31 22:02:56 +02:00
Andreas Rammhold
d9238d723b
Merge pull request #62136 from flokli/tmux-tmpdir
tmux module: Fix escaping in TMUX_TMPDIR
2019-05-31 21:42:47 +02:00
Graham Christensen
1de35c7f5e
wireguard: attempt infinity times to resolve a peer 2019-05-31 14:51:31 -04:00
Graham Christensen
dc44fc1760
wireguard: add each peer in a separate service
Before, changing any peers caused the entire WireGuard interface to
be torn down and rebuilt. By configuring each peer in a separate
service we're able to only restart the affected peers.

Adding each peer individually also means individual peer
configurations can fail, but the overall interface and all other peers
will still be added.

A WireGuard peer's internal identifier is its public key. This means
it is the only reliable identifier to use for the systemd service.
2019-05-31 14:51:25 -04:00
WilliButz
ba17b32b43
nixos/prometheus-fritzbox-exporter: update binary name 2019-05-31 18:50:27 +02:00
adisbladis
b19e8388c9
nixos/pulseaudio: Set speex-float-5 as default resample-method
The upstream default (speex-float-1) results in audible artifacts
2019-05-31 16:05:39 +01:00
Klemens Nanni
7f104aa6e2 tmux module: Fix escaping in TMUX_TMPDIR
5404595b55 relocated code but kept
one backslah too many, leading to

	$ tmux
	error creating /run/user/$(id -u)/tmux-1000 (No such file or directory)

/run/user/$UID/ is created by pam_systemd(3) which also populates
XD_RUNTIME_DIR with that value.

Alternatively, TMUX_TMPDIR might simply default to XDG_RUNTIME_DIR
without providing the same directory yet again as default string in
parameter substitution, however such behaviour change is subject to
another patch.

In fact, with `security.polkit.enable = false` systemd_logind(8) fails
to start and /run/user/$UID/ is never created for unprivileged users
in proper login sessions;  XDG_RUNTIME_DIR would consequently not be
set either.

Removing the fallback to /run/user/$UID/ would have caused TMUX_TMPDIR
to be empty, which in turn would lead tmux(1) to use /tmp/.  This
effectively breaks the idea of isolated sockets entirely while hiding
errors from the user.
2019-05-31 15:09:59 +02:00
Will Dietz
a72d6f9349
Merge pull request #60954 from dtzWill/fix/network-online-actually-online-with-networkmanager
networkmanager: network-online --wants--> NetworkManager-wait-online
2019-05-30 23:05:57 -05:00
Janne Heß
672495d596 nixos/bird: Fix reload
When calling reload, bird attempts to reload the file that was given in
the command line. As the change of ${configFile} is never picked up,
bird will just reload the old file.
This way, the configuration is placed at a known location and updated.
2019-05-31 01:21:18 +02:00
Matthew Bauer
a472b1449d
Merge pull request #61104 from adisbladis/plasma5-no-qt56
nixos/plasma5: Remove phonon-backend-gstreamer pinned to Qt 5.6
2019-05-30 16:17:28 -04:00
Matthew Bauer
b64b2b57f0
Merge pull request #61423 from volth/de-xrdp
nixos/desktop-managers: let them work when 'services.xserver.enable = false'
2019-05-30 15:46:09 -04:00
Yarny0
b38bdf6d2f nixos/clickshare: init module
The clickshare-csc1 package brings a udev rule file
to grant access to the ClickShare dongle if connected.
This module provides an option to install that rule file.
Only users in the "clickshare" users group have access.
2019-05-30 19:58:45 +02:00
Gabriel Ebner
18f564b882 octoprint: 1.3.10 -> 1.3.11 2019-05-30 18:10:29 +02:00
Matthew Bauer
38fdc9f8f8
Merge pull request #59076 from Yarny0/cups-path-fix
nixos/printing: fix CUPS `SetEnv` directive placement
2019-05-30 10:52:28 -04:00
Nikolay Amiantov
f23c110692 murmur service: log to journald by default
Save an option to log to file with new `logFile` option.

As a side effect deprecate `pidfile` option and instead use systemd's
RuntimeDirectory.
2019-05-30 15:43:32 +03:00
gnidorah
ea82b7f98d nixos/jack: init 2019-05-30 07:25:30 +03:00
Pierre Bourdon
9e60eab8f5
nixos/malloc: apply allocator settings to systemd units
This uses systemd's system.conf/user.conf "DefaultEnvironment" feature
to set the allocator's LD_PRELOAD near-globally.
2019-05-30 12:07:34 +09:00
Matthew Bauer
0a2b9719fd
Merge pull request #62157 from Lassulus/syncthing-fix
nixos/syncthing: run init only if a devices or folders are set
2019-05-29 21:02:18 -04:00
Pierre Bourdon
1cc8ea7cb4
nixos/malloc: add scudo from LLVM compiler-rt 2019-05-30 02:35:50 +09:00
Florian Klink
b09c6ac05b
nixos: Make 'nesting.clone' work in NixOS tests (#62069)
nixos: Make 'nesting.clone' work in NixOS tests
2019-05-29 14:45:53 +02:00
lassulus
87e9e65b6f nixos/syncthing: run init only if devices or folders are set 2019-05-29 13:57:39 +02:00
Arian van Putten
cbc45b5981 nixos: Make nesting.children work in NixOS tests
We differentiate between modules and baseModules in  the
VM builder for NixOS tests. This way, nesting.children, eventhough
it doesn't inherit from parent, still has enough config to
actually complete the test. Otherwise, the qemu modules
would not be loaded, for example, and a nesting.children
statement would not evaluate.
2019-05-29 12:50:49 +02:00
Aaron Andersen
73e175a6ce nixos/limesurvey: add basic nixos test 2019-05-28 23:02:38 -04:00
Aaron Andersen
5cf98d29e7 nixos/limesurvey: init module to replace apache subservice 2019-05-28 23:02:34 -04:00
lassulus
ddfb687d5e nixos/syncthing: better examples for declarative options 2019-05-29 07:12:14 +09:00
Daniel Schaefer
eccb90a2d9 compton: 0.1_beta2.5 -> 6.2 (#61681)
* compton-git: 5.1-rc2 -> 6.2

vsync is now a boolean option, see:
https://github.com/yshui/compton/pull/130

menu-opacity is deprecated and there's a warning that says:
Please use the wintype option `opacity` of `popup_menu` and
`dropdown_menu` instead.

* nixos/compton: Keep vSync option backwards compatible

The new upstream option tries to make the best choice for the user.
Therefore the behaviour should stay the same with this backwards
compatibility patch.

* compton-git: Remove DRM option

It's deprecated and shouldn't be used.
https://github.com/yshui/compton/pull/130/files#r285505456

* compton-git: Remove new_backends option

Was removed in "Let old/new backends co-exist"
b0c5db9f5aa500dc3568cc6fe68493df98794d4d

* compton: 0.1_beta2.5 -> 6.2

Drop the legacy, unmaintained version and use the fork for real.
2019-05-28 13:37:13 +02:00
Daiderd Jordan
8ce93e26b0
nixos: add test for uwsgi 2019-05-27 23:03:22 +02:00
José Romildo Malaquias
00d6232b47
Merge pull request #62035 from romildo/upd.lumina
lumina.lumina: 1.4.0-p1 -> 1.5.0
2019-05-27 17:41:58 -03:00
Silvan Mosberger
e383ed6a2d
nixos/xdg/mime: disable fdatasync when building the XDG MIME database (#62076)
nixos/xdg/mime: disable fdatasync when building the XDG MIME database
2019-05-27 18:18:54 +02:00
Ding Xiang Fei
359fd5b729 nixos/modules/virtualisation/google-compute-config.nix: pin filesystem type to ext4 for now
Fix #61859.
Assertion fails when a Google Compute Engine image is built, because
now choices of filesystem types are restricted to `f2fs` and `ext` family if
auto-resizing is enabled.
This change will pin the filesystem used on such an image to be `ext4` for now.
2019-05-27 14:15:02 +08:00
gnidorah
eac62f61d1 nixos/kvmgt: fix starting condition 2019-05-26 22:02:43 +03:00
Michael Peyton Jones
9131bf59a7
nixos: add StateDirectory for fprintd 2019-05-26 18:06:46 +01:00
Aaron Andersen
de6e5ea815 nixos/foundationdb: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-05-26 07:20:58 -04:00
Aaron Andersen
1540a85458 nixos/frab: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-05-26 07:20:58 -04:00
Aaron Andersen
89dae4b1ae nixos/murmur: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-05-26 07:20:58 -04:00
Aaron Andersen
fff8b9bcaa nixos/netdata: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-05-26 07:20:57 -04:00
Aaron Andersen
12dec59905 nixos/octoprint: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-05-26 07:20:57 -04:00
Aaron Andersen
fbe5943237 nixos/opendkim: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-05-26 07:20:57 -04:00
Aaron Andersen
114bd801f4 nixos/jira: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-05-26 07:20:57 -04:00
Aaron Andersen
65f449fe33 nixos/graylog: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-05-26 07:20:57 -04:00
Aaron Andersen
8034dac42f nixos/firebird: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-05-26 07:20:57 -04:00
Aaron Andersen
4775c59528 nixos/dspam: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-05-26 07:20:57 -04:00
Aaron Andersen
204be04531 nixos/crowd: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-05-26 07:20:56 -04:00
Aaron Andersen
99f74c268b nixos/confluence: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-05-26 07:20:56 -04:00
Aaron Andersen
8ac5973610 nixos/boinc: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-05-26 07:20:56 -04:00
Aaron Andersen
e734494a59 nixos/autossh: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-05-26 07:20:56 -04:00
Aaron Andersen
e85d03e52b nixos/aria2: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-05-26 07:20:56 -04:00
Aaron Andersen
b6bfb874ec nixos/apache-kafka: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-05-26 07:20:56 -04:00
Aaron Andersen
2c350782ba nixos/alerta: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-05-26 07:20:56 -04:00
Aaron Andersen
ff2fdc294e nixos/kapacitor: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-05-26 07:20:55 -04:00
Aaron Andersen
46a5db0810 nixos/quassel: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-05-26 07:20:55 -04:00
Aaron Andersen
780ff9a4eb nixos/riemann-tools: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-05-26 07:20:55 -04:00
Aaron Andersen
cdcc504848 nixos/scollector: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-05-26 07:20:55 -04:00
Aaron Andersen
d33c64eec8 nixos/slimserver: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-05-26 07:20:55 -04:00
Aaron Andersen
307a99bb01 nixos/squid: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-05-26 07:20:55 -04:00
Aaron Andersen
dd9598cf54 nixos/teamspeak3: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-05-26 07:20:54 -04:00
Aaron Andersen
0b7305e783 nixos/unifi: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-05-26 07:20:54 -04:00
Aaron Andersen
4a4d3a2e04 nixos/zeronet: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-05-26 07:20:54 -04:00
Aaron Andersen
c7481e6340 nixos/hbase: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-05-26 07:20:54 -04:00
Aaron Andersen
93235b8a85 nixos/minidlna: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-05-26 07:20:54 -04:00
Aaron Andersen
74b34535fc nixos/gollum: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-05-26 07:20:48 -04:00
Ambroz Bizjak
370d3af0c4 nixos: Don't set LD_LIBRARY_PATH for graphics drivers that don't need it.
A new internal option `hardware.opengl.setLdLibraryPath` is added which controls if `LD_LIBRARY_PATH` should be set to `/run/opengl-driver(-32)/lib`. It is false by default and is meant to be set to true by any driver which requires it. If this option is false, then `opengl.nix` and `xserver.nix` will not set `LD_LIBRARY_PATH`.

Currently Mesa and NVidia drivers don't set `setLdLibraryPath` because they work with libglvnd and do not override libraries, while `amdgpu-pro`, `ati` and `parallels-guest` set it to true (the former two really need it, the last one doesn't build so is presumed to).

Additionally, the `libPath` attribute within entries of `services.xserver.drivers` is removed. This made `xserver.nix` add the driver path directly to the `LD_LIBRARY_PATH` for the display manager (including X server). Not only is it redundant when the driver is added to `hardware.opengl.package` (assuming that `hardware.opengl.enable` is true), in fact all current drivers except `ati` set it incorrectly to the package path instead of package/lib.

This removal of `LD_LIBRARY_PATH` could break certain packages using CUDA, but only those that themselves load `libcuda` or other NVidia driver libraries using `dlopen` (not if they just use `cudatoolkit`). A few have already been fixed but it is practically impossible to test all because most packages using CUDA are libraries/frameworks without a simple way to test.

Fixes #11434 if only Mesa or NVidia graphics drivers are used.
2019-05-26 10:23:46 +02:00
Bryan Gardiner
2400191caf
nixos/xdg/mime: disable fdatasync when building the XDG MIME database
Back in 2013, update-mime-database started using fdatasync() to write out
its changes after processing each file in /share/mime, with the reasoning
that a corrupted database from an interruption midway would be
problematic for applications[1].  Unfortunately, this caused a
significant regression in the time required to run update-mime-database:
commonly from under a second to half a minute or more.

This delay affects the time required to build system-path on NixOS, when
xdg.mime.enable is true (the default).  For example, on one of my systems
system-path builds in ~48 seconds, 45 of which are update-mime-database.
This makes rapidly building new system configurations not fun.

This commit disables the calls to fdatasync().  update-mime-database
checks an environment variable, PKGSYSTEM_ENABLE_FSYNC, to determine
whether it should sync, and we can set this to false.  system-path
already only has whatever filesystem commit guarantees that the Nix
builder provides.  Furthermore, there is no risk of a failed MIME
database update messing up existing packages, because this is Nix.

(This issue was also reported at and discussed by Debian, Red Hat, and
Gentoo at least.)

[1] https://bugs.freedesktop.org/show_bug.cgi?id=70366
2019-05-25 21:00:25 -07:00
Arian van Putten
a48047a755 nixos: Add test that demonstrates how to use nesting.clone
This is actually very useful. Allows you to test switch-to-configuration

nesting.children is still currently still broken as it will throw
away 'too much' of the config, including the modules that make
nixos tests work in the first place. But that's something for
another time.
2019-05-26 00:37:13 +02:00
Arian van Putten
d50b434234 nixos: Make 'nesting.clone' work in NixOS tests
Because nesting.clone calls 'eval-config.nix' manually,
without the 'extraArgs' argument that provides the 'nodes'
argument to nixos modules in nixos tests, evaluating
of 'nesting.clone' definitions would fail with the following error

while evaluating the module argument `nodes' in "<redacted>"
while evaluating the attribute '_module.args.nodes' at undefined position:
attribute 'nodes' missing, at <redacted./nixpkgs/lib/modules.nix:163:28

by not using 'extraArgs' but a nixos module instead, the nodes parameter
gets propagated to the 'eval-config.nix' call that  'nesting.clone'
makes too -  getting rid of the error.

See  https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/system/activation/top-level.nix#L13-L23
See  https://github.com/NixOS/nixpkgs/blob/master/nixos/lib/build-vms.nix#L27
See  https://github.com/NixOS/nixpkgs/issues/20886#issuecomment-495952149
2019-05-26 00:20:21 +02:00
Silvan Mosberger
0040ca936e
Merge pull request #56175 from MostAwesomeDude/tahoe-service
Fix tahoe service
2019-05-25 21:53:23 +02:00
Aaron Andersen
191e4b0755 nixos/heartbeat: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-05-25 13:48:41 -04:00
Aaron Andersen
73342be85b nixos/riemann-dash: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-05-25 13:48:41 -04:00
Aaron Andersen
a8defe81d1 nixos/mopidy: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-05-25 13:48:41 -04:00
Aaron Andersen
9fc6955abc nixos/couchpotato: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-05-25 13:48:41 -04:00
Aaron Andersen
86fd8c910d nixos/charybdis: replace deprecated usage of PermissionsStartOnly 2019-05-25 13:48:41 -04:00
Markus Schneider
c30bd387d2 leftwm: enable service 2019-05-26 01:27:04 +09:00
Aaron Andersen
2726c45b01 nixos/nagios: update apacheHttpd configuration from 2.2 to 2.4 syntax 2019-05-25 10:38:07 -04:00
Maximilian Bosch
5fa93517f5
Merge pull request #61971 from sjau/wg_client_start
wireguard: restart on failure\nAs a oneshot service, if the startup f…
2019-05-25 16:36:56 +02:00
Aaron Andersen
c2f8d6334c nixos/nagios: replace deprecated usage of PermissionsStartOnly
see #53852
2019-05-25 10:33:58 -04:00
sjau
1bff53cb84
wireguard: restart on failure
As a oneshot service, if the startup failed it would never be attempted again.
This is problematic when peer's addresses require DNS. DNS may not be reliably available at
the time wireguard starts. Converting this to a simple service with Restart
and RestartAfter directives allows the service to be reattempted, but at
the cost of losing the oneshot semantics.

Signed-off-by: Maximilian Bosch <maximilian@mbosch.me>
2019-05-25 16:32:14 +02:00
Florian Klink
e4de353830
wireguard service: allow empty interfaces (#61743)
wireguard service: allow empty interfaces
2019-05-25 16:30:27 +02:00
Aaron Andersen
609c1580d8 nixos/nagios: change group from nogroup to nagios
see #55370
2019-05-25 10:25:49 -04:00
Aaron Andersen
d27be52b3d nixos/hydron: replace deprecated usage of PermissionsStartOnly
see #53852
2019-05-25 08:38:15 -04:00
phile314-fh
62d4c2b34a mongodb: Add authentication support
* nixos/mongodb: Add authentication support

* nixos/mongodb: Add initial script option

* nixos/mongodb: Make initial root password configurable

* nixos/mongodb: Start only on loopback interface for setup procedure

* nixos/mongodb: Test auth/initial script

* nixos/mongodb: Code formatting

Co-Authored-By: Lassulus <github@lassul.us>
2019-05-25 18:09:30 +09:00
Nikolay Amiantov
cfadd988e5 wireguard service: allow empty interfaces
This is needed in case one wants to use wg-quick on NixOS.
2019-05-25 11:17:36 +03:00
Milan Pässler
387d85b271 nixos/prosody: add authentication option (fixes #53134)
Passwords should not be stored in plain text by default. On existing
installations the next time a users user accounts will automatically
be upgraded from plain to hashed one-by-one as they log in.
2019-05-24 23:51:44 +02:00
José Romildo Malaquias
272fa9d41c lumina: init package set for the lumina desktop 2019-05-24 17:20:15 -03:00
Franz Pletz
5fa8cd257a
Merge pull request #51206 from krebs/xmonad-config
xmonad service: add .config option
2019-05-24 18:37:55 +00:00
Franz Pletz
eb7c11d552
Merge pull request #58718 from Ma27/validate-ssh-configs
nixos/sshd: validate ssh configs during build
2019-05-24 18:30:04 +00:00
Maximilian Bosch
00a5222499
nixos/sshd: validate ssh configs during build
With `sshd -t` config validation for SSH is possible. Until now, the
config generated by Nix was applied without any validation (which is
especially a problem for advanced config like `Match` blocks).

When deploying broken ssh config with nixops to a remote machine it gets
even harder to fix the problem due to the broken ssh that makes reverts
with nixops impossible.

This change performs the validation in a Nix build environment by
creating a store path with the config and generating a mocked host key
which seems to be needed for the validation. With a broken config, the
deployment already fails during the build of the derivation.

The original attempt was done in #56345 by adding a submodule for Match
groups to make it harder screwing that up, however that made the module
far more complex and config should be described in an easier way as
described in NixOS/rfcs#42.
2019-05-24 20:16:53 +02:00
Silvan Mosberger
f631167557
Merge pull request #58702 from florianjacob/fix-mysql
nixos/mysql: fix typing-induced bugs
2019-05-24 19:51:54 +02:00
worldofpeace
713bbb769c
Merge pull request #47153 from Ma27/hunspell-fr_FR-dictionary
hunspellDict.fr-any: Link `fr-moderne.dic` to `fr_FR.dic`
2019-05-23 13:30:05 -04:00
Florian Klink
1e739293bc
nixosTests.signal-desktop: add test (#61916)
nixosTests.signal-desktop: add test
2019-05-23 15:59:09 +02:00
Maximilian Bosch
a9d67d54b0
hunspellDicts.fr-any: link fr-moderne to fr_FR
Some packages like `ibus-engines.typing-booster` require the dictionary
`fr_FR.dic` to provide proper support for the french language.

Until now the hunspell package set of nixpkgs didn't provide this
dictionary. It has been recommended to use `fr-moderne` as base and link
`fr_FR.dic` from it as done by other distros such as ArchLinux.

See https://github.com/NixOS/nixpkgs/issues/46940#issuecomment-423684570

Fixes #46940
2019-05-23 15:53:50 +02:00
markuskowa
3a28c99923
Merge pull request #61894 from mkenigs/fix-typo
docker: fix typo
2019-05-23 10:03:01 +02:00
Florian Klink
5695696664 nixosTests.signal-desktop: add test 2019-05-23 00:56:46 +02:00
Carl Dong
f15118a883 nixos/bitcoind: add bitcoind service 2019-05-22 15:48:57 -04:00
Malte Brandy
ab5926ba67 nixos/nextcloud: Improve autoUpdateApps description string 2019-05-22 19:07:42 +02:00
mkenigs
42232ebea4
docker: fix typo 2019-05-22 08:40:01 -07:00
Renaud
42c0ce80e6
Merge pull request #61610 from worldofpeace/init/graphene
graphene: init at 1.8.6
2019-05-22 17:26:46 +02:00
Ingolf Wanger
e4f1e144a0 syncthing: made module more NixOps friendly 2019-05-22 22:39:34 +09:00
Yegor Timoshenko
6a63021eba
Merge pull request #60207 from volth/patch-329
nixos-generate-config: do not build btrfs-tools when btrfs is not used
2019-05-22 15:32:00 +03:00
Matthew Bauer
6d036d5b26
Merge pull request #61037 from bkchr/facetimehd_aarch64_fix
nixos/all-firmware: Enable facetimehd only for i686/x86_64
2019-05-21 16:14:15 -05:00
Malte Brandy
49f05a1760
nixos/nextcloud: Add options services.nextcloud.autoUpdateApps
nixos/nextcloud: Add documentation for nextcloud app installation and updates

nixos/nextcloud: Enable autoUpdateApps in nextcloud test

nixos/nextcloud: Fix typo in nixos/modules/services/web-apps/nextcloud.xml

Co-Authored-By: Florian Klink <flokli@flokli.de>

nixos/nextcloud: Escape html in option description

nixos/nextcloud: Fix autoUpdateApps URL in documentation.

Co-Authored-By: Florian Klink <flokli@flokli.de>
2019-05-21 13:24:23 +02:00
Matthew Bauer
022d8ab861
Merge pull request #61036 from cdepillabout/nixos-memtest-loader
nixos/systemd-boot: add support for memtest86 EFI app
2019-05-20 21:42:40 -05:00
(cdep)illabout
d88d675051
Change non-open-source to unfree in description. 2019-05-21 11:34:11 +09:00
worldofpeace
6543e794a6
Merge pull request #61546 from cizra/libfprint-vfs0090
libfprint: added a fork for Lenovo ThinkPad
2019-05-20 14:16:34 -04:00
Elmo Todurov
432944cdb3 fprintd: added option to use fork for Lenovo ThinkPad 2019-05-20 20:48:30 +03:00
Vladimír Čunát
dd917dc71a nixos/release-notes: mention length of release support
I took the date for 19.03 from the announcement:
https://discourse.nixos.org/t/nixos-19-03-release/2652
2019-05-20 12:31:24 +01:00
William Casarin
9a81e9cd9e xinetd: exec xinetd on launch
I noticed xinetd process doesn't get exec'd on launch, exec here so the bash
process doesn't stick around.

Signed-off-by: William Casarin <jb55@jb55.com>
2019-05-20 10:37:35 +01:00
Florian Klink
cd96b50d90
nixos/postgresql: add ensureDatabases & ensureUsers options (#56720)
nixos/postgresql: add ensureDatabases & ensureUsers options
2019-05-20 10:58:48 +02:00
lassulus
a3e7e1bbc8 nixos/syncthing: add options for declarative device/folder config 2019-05-20 17:56:17 +09:00
worldofpeace
82135b6c81 nixos/geoclue2: don't run as root 2019-05-19 18:53:18 -04:00
Aaron Andersen
b5a0c38e55
Merge pull request #59401 from mguentner/mxisd_1_3
mxisd: 1.2.0 -> 1.4.3
2019-05-19 07:00:47 -04:00
Neil Mayhew
f14cf438b4 nixos/modules: Ensure the colord user is a system user
Ideally, it should have an assigned uid and gid
2019-05-18 16:48:34 -06:00
Maximilian Güntner
e2c58c19c4
tests: add mxisd to all-tests 2019-05-18 22:18:01 +02:00
Robin Gloster
6e546e0326
Merge pull request #60087 from dasJ/icingaweb-etc
nixos/icingaweb2: Fix environment.etc assignment
2019-05-18 10:03:40 +00:00
Robin Gloster
a1dcac5104
Merge pull request #57523 from mayflower/kube-apiserver-preferred-address-types
nixos/kubernetes: Add preferredAddressTypes option to apiserver
2019-05-18 09:57:12 +00:00
Robin Gloster
6cf583cf2f
Merge pull request #60406 from JohnAZoidberg/remove-isnull
treewide: Remove usage of isNull
2019-05-18 09:36:24 +00:00
Robin Gloster
dac48ea4a1
Merge pull request #61025 from azazel75/upgrade-coredns
nixos/kubernetes: upgrade CoreDNS 1.3.1 -> 1.5.0
2019-05-18 09:19:04 +00:00
Silvan Mosberger
85c0a4dc33
Merge pull request #61512 from c0bw3b/pkg/winstone
winstone: drop package and service
2019-05-17 17:36:38 +02:00
Renaud
c5fd2a457e
Merge pull request #60670 from nyanloutre/factorio_sandbox
nixos/factorio: sandbox service using systemd
2019-05-17 13:40:02 +02:00
nyanloutre
85b3448e6a nixos/factorio: sandbox service using systemd
- DynamicUser enabled instead of static uid/gid
- Enables most sandboxing options systemd offers
2019-05-17 10:25:49 +02:00
Vladimír Čunát
fc67de1802
Merge branch 'staging-next'
A few thousand Darwin jobs are still pending, but there we're depending
on this merge to fix the channel-blocking lz4 failure.
https://hydra.nixos.org/eval/1519778?compare=1519770
2019-05-17 09:43:32 +02:00
worldofpeace
cc7c76f206 nixosTests.graphene: init 2019-05-16 21:29:17 -04:00
Bas van Dijk
240ae5eb87
Merge pull request #61604 from basvandijk/tinydns-nixos-test
nixos: add test for tinydns
2019-05-17 01:48:40 +02:00
LeOtaku
efcdac63fe nixos/pantheon: add geoclue application configuration
Co-authored-by: worldofpeace <worldofpeace@protonmail.ch>
2019-05-16 18:46:07 -04:00
LeOtaku
00d8fc1cde nixos/gnome3: add geoclue application configuration
Co-authored-by: worldofpeace <worldofpeace@protonmail.ch>
2019-05-16 18:46:07 -04:00
LeOtaku
2d93f57db5 nixos/geoclue2: make configurable, can whitelist applications
All options within geoclue.conf[0] have been made configurable.

Additonally, we can now specify whether or not GeoClue
should ask the agent to authorize an application like so:
```
services.geoclue2.appConfig."redshift" = {
  isAllowed = true;
  isSystem = true;
};
```

[0]: https://gitlab.freedesktop.org/geoclue/geoclue/blob/2.5.2/data/geoclue.conf.in

Co-authored-by: worldofpeace <worldofpeace@protonmail.ch>
2019-05-16 18:46:07 -04:00
Bas van Dijk
71fdb69314 nixos: add test for tinydns 2019-05-16 23:46:17 +02:00
Austin Seipp
e2bbc6fb46
nixos: fix services.foundationdb.traceFormat for older server versions
This was a testing oversight that came from #61009 -- I forgot to test
the new traceFormat option with older server versions while I was
working on FDB 6.1.

Since trace_format is only available in 6.1+, emitting it
unconditionally caused older versions of the database fail to start,
reporting an error. We simply gate it behind a version check instead,
and assert the format is always XML on older versions. This avoids the
case where the user has an old version, changes traceFormat willingly,
and then is confused by why it didn't work.

As reported by @TimothyKlim in the comments on commit
c55b9236f0. See

    c55b9236f0 (r33566132)

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2019-05-16 15:16:50 -05:00
Maximilian Güntner
1a84bfc0a2
mxisd: 1.2.0 -> 1.4.3 2019-05-16 21:14:13 +02:00
Frederik Rietdijk
d4464ff8fe Merge master into staging-next 2019-05-16 08:17:55 +02:00
Aaron Andersen
ed6ccd1b27
Merge pull request #61363 from aanderse/miniupnpc
miniupnpc_2: 2.1 -> 2.1.20190408, miniupnpd: 2.1 -> 2.1.20190502
2019-05-15 20:56:59 -04:00
c0bw3b
582fd549fb winstone: drop package and service
Close #56294
Upstream package is unmaintained for years
and nixpkgs provides alternatives
2019-05-15 20:30:48 +02:00
Austin Seipp
2525b88c80
nixos/foundationdb: default to ssd storage engine
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2019-05-15 09:54:11 -05:00
Austin Seipp
427f1e58a4
nixos/foundationdb: chmod 0770 for logs/data files
Slight oversight: this allows members of the FoundationDB group to read
logs.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2019-05-15 09:54:11 -05:00
Austin Seipp
c55b9236f0
nixos: add services.foundationdb.traceFormat option
This allows us to specify JSON trace logging, which is useful for
tooling to injest/transform logs.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2019-05-15 09:54:11 -05:00
Linus Heckemann
89b64ab5e1 nixos-generate-config: add rudimentary high-DPI detection
Fixes the main remaining part of #12345
2019-05-15 06:34:40 +02:00
Linus Heckemann
2b13c29c3c
Merge pull request #60231 from mayflower/tinc-allow-networking-interfaces
nixos/tinc: remove ordering dependency on network.target
2019-05-14 17:51:20 +02:00
Frederik Rietdijk
8abe5ee07e Merge master into staging-next 2019-05-14 10:23:13 +02:00
volth
b51aae10e0
nixos/desktop-managers: let them work when services.xserver.enable=false 2019-05-13 16:57:09 +00:00
lewo
42ee7cdf9d
Merge pull request #61089 from nlewo/pr-fix-layer-order
dockerTools: Fix Docker layers order
2019-05-13 15:27:43 +02:00
worldofpeace
b5f26f3803
Merge pull request #59480 from worldofpeace/fprintd-systemd
nixos/fprintd: use systemd.packages
2019-05-13 03:30:24 -04:00
Eelco Dolstra
de9e238469
FIx some malformed XML in option descriptions
E.g. these were using "<para>" at the *end* of a description. The real
WTF is that this is possible at all...
2019-05-13 09:15:17 +02:00
volth
d7decccc28
nixos/pantheon: fix build with config.allowAliases=false 2019-05-13 04:48:55 +00:00
volth
ac6875d294 nixos/desktop-managers: let them work when 'services.xserver.enable = false'
they can be used by remote desktop software, without X11 running locally
2019-05-13 04:23:56 +00:00
volth
46b9e5c3d4
nixos/enlightenment: fix build with config.allowAliases=false 2019-05-13 03:50:52 +00:00
John Ericson
395bcc0b27
Merge pull request #61257 from matthewbauer/add-binfmt-emulated-systems
nixos/binfmt: handle emulatedSystems
2019-05-12 19:11:52 -04:00
Markus Schmidl
147621f7db nixos/luksroot: GPG Smartcard support for luks encrypted volumes 2019-05-12 20:05:10 +02:00
Frederik Rietdijk
ef0dbef7f1 Merge master into staging-next 2019-05-12 19:59:09 +02:00
Joachim F
b4a43a278b
Merge pull request #60187 from joachifm/feat/configurable-malloc
nixos: configurable system-wide malloc
2019-05-12 15:18:07 +00:00
Joachim F
428ddf0619
Merge pull request #61306 from joachifm/feat/fix-apparmor-boot-linux_5_1
Fix apparmor boot on linux 5.1
2019-05-12 15:17:38 +00:00
Aaron Andersen
496d9f97e6 nixos/miniupnpd: update test to use pkgs.miniupnpc_2 2019-05-12 07:53:30 -04:00
Maximilian Bosch
fa2c6dc3c2
Merge pull request #61311 from turboMaCk/xss-lock-locker-options
xss-lock: improve locker options passing
2019-05-12 11:07:54 +02:00
Maximilian Bosch
d27431b362
nixos/xss-lock: add testcase for lockerCommand with several CLI options. 2019-05-12 03:22:29 +02:00
Maximilian Bosch
775146165d
nixos/xss-lock: improve module
* Don't use `literalExample`, raw Nix values can directly be specified
  as an option example which provides support for highlighting in the
  manual as well.

* Escape shell args for `extraOptions`: I.e. the `-n` option might be
  problematic as a longer notification command might be misinterpreted.
2019-05-12 03:20:44 +02:00
Renaud
e8d7f17c81
Merge pull request #61032 from dtzWill/feature/rngd-harden
rngd: harden service config, settings from arch
2019-05-11 23:36:57 +02:00
Marek Fajkus
7fef2e38ea xss-locker: improve options passing
- allow locker options without hacks
- add extraOptions
2019-05-11 19:33:10 +02:00
Joachim Fasting
92d41f83fd
nixos/tests/hardened: check that apparmor is properly loaded 2019-05-11 18:21:44 +02:00
Joachim Fasting
68f5d1fa4c
nixos/apparmor: ensure that apparmor is selected at boot
Otherwise we're subject to whatever defaults were selected at kernel build
time.

See also: https://github.com/NixOS/nixpkgs/issues/61145
2019-05-11 18:21:38 +02:00
Vladimír Čunát
e8f4ad0169
Merge branch 'master' into staging-next
~5k rebuilds per platform.
Hydra nixpkgs: ?compare=1518759
2019-05-11 09:41:36 +02:00
Matthew Bauer
93a522cf0c nixos/binfmt: fixup 2019-05-10 22:53:14 -04:00
Matthew Bauer
60381b7b11 binfmt: add more magics and masks
New ones taken from this script:

https://github.com/qemu/qemu/blob/master/scripts/qemu-binfmt-conf.sh
2019-05-10 21:00:21 -04:00
kolaente
29d35a9ddb maintainers: add kolaente 2019-05-11 02:01:08 +02:00
Matthew Bauer
153598ebb0 nixos/binfmt: handle emulatedSystems
Fixes #61248
2019-05-10 18:05:59 -04:00
worldofpeace
6c8bb26331
Merge pull request #61048 from Ma27/zmap-package
zmap: init at 2.1.1
2019-05-10 15:19:43 -04:00
Bas van Dijk
4b7aea9e8c
Merge pull request #61237 from basvandijk/journalbeat-fixes
NixOS: support journalbeat >= 6
2019-05-10 18:44:44 +02:00
Bas van Dijk
477c552c7d nixos/journalbeat: support journalbeat >= 6 & add test 2019-05-10 15:41:41 +02:00
Maximilian Bosch
3d6fe3d760
nixos/zmap: init module
The module installs `zmap` globally and links the config files to
`/etc/zmap`, the default location of config files for zmap.

The package provides pretty much a sensitive default, custom configs can
be created like this:

```
{ lib, ... }:
{
  environment.etc."zmap/blacklist.conf" = lib.mkForce {
    text = ''
      # custom zmap blacklist
      0.0.0.0/0
    '';
  };
}
```
2019-05-10 08:12:27 +02:00
Ambroz Bizjak
5bec9dc65b virtualbox: 5.2.28 -> 6.0.6
Quite some fixing was needed to get this to work.

Changes in VirtualBox and additions:

- VirtualBox is no longer officially supported on 32-bit hosts so i686-linux is removed from platforms
  for VirtualBox and the extension pack. 32-bit additions still work.

- There was a refactoring of kernel module makefiles and two resulting bugs affected us which had to be patched.
  These bugs were reported to the bug tracker (see comments near patches).

- The Qt5X11Extras makefile patch broke. Fixed it to apply again, making the libraries logic simpler
  and more correct (it just uses a different base path instead of always linking to Qt5X11Extras).

- Added a patch to remove "test1" and "test2" kernel messages due to forgotten debugging code.

- virtualbox-host NixOS module: the VirtualBoxVM executable should be setuid not VirtualBox.
  This matches how the official installer sets it up.

- Additions: replaced a for loop for installing kernel modules with just a "make install",
  which seems to work without any of the things done in the previous code.

- Additions: The package defined buildCommand which resulted in phases not running, including RUNPATH
  stripping in fixupPhase, and installPhase was defined which was not even run. Fixed this by
  refactoring using phases. Had to set dontStrip otherwise binaries were broken by stripping.
  The libdbus path had to be added later in fixupPhase because it is used via dlopen not directly linked.

- Additions: Added zlib and libc to patchelf, otherwise runtime library errors result from some binaries.
  For some reason the missing libc only manifested itself for mount.vboxsf when included in the initrd.

Changes in nixos/tests/virtualbox:

- Update the simple-gui test to send the right keys to start the VM. With VirtualBox 5
  it was enough to just send "return", but with 6 the Tools thing may be selected by
  default. Send "home" to reliably select Tools, "down" to move to the VM and "return"
  to start it.

- Disable the VirtualBox UART by default because it causes a crash due to a regression
  in VirtualBox (specific to software virtualization and serial port usage). It can
  still be enabled using an option but there is an assert that KVM nested virtualization
  is enabled, which works around the problem (see below).

- Add an option to enable nested KVM virtualization, allowing VirtualBox to use hardware
  virtualization. This works around the UART problem and also allows using 64-bit
  guests, but requires a kernel module parameter.

- Add an option to run 64-bit guests. Tested that the tests pass with that. As mentioned
  this requires KVM nested virtualization.
2019-05-09 23:36:57 +02:00
Renaud
c17ec06f66
Merge pull request #60569 from dtzWill/update/vnstat-2.2
vnstat: 2.1 -> 2.2
2019-05-09 20:09:40 +02:00
worldofpeace
bb7e5566c7
Merge pull request #44086 from erikarvstedt/paperless
paperless: add package and service
2019-05-08 17:17:49 -04:00
Alyssa Ross
7261ffc18e
Merge pull request #60776 from alyssais/xerror
nixos/xserver: improve DM error message when X off
2019-05-08 12:19:14 +00:00
Erik Arvstedt
80c3ddbad8
paperless service: init 2019-05-08 09:26:32 +02:00
Will Dietz
e5d049e469 rngd: harden service config, from arch 2019-05-07 22:53:09 -05:00
adisbladis
d5887ece61
nixos/plasma5: Remove phonon-backend-gstreamer pinned to Qt 5.6
Adds closure size for seemingly no reason
2019-05-07 21:44:29 +01:00
Will Dietz
a2bdd63c4f
Merge pull request #61072 from dtzWill/feature/rngd-debug-flag
rngd: add option to run w/debug flag
2019-05-07 14:59:39 -05:00
Frederik Rietdijk
87a5d8fede Merge staging-next into staging 2019-05-07 19:30:14 +02:00
Antoine Eiche
5ef1223f30 nixos/tests/docker-tools: verify order of layers in stacked images 2019-05-07 16:52:13 +02:00
Joachim Fasting
10d3a0e10b
nixos/tests/hardened: test hardened malloc 2019-05-07 13:45:42 +02:00
Joachim Fasting
48ff4f1197
nixos/hardened: use graphene-hardened malloc by default 2019-05-07 13:45:39 +02:00
Joachim Fasting
a84be28270
nixos/malloc: configure system-wide malloc provider
Currently, this uses the somewhat crude method of setting LD_PRELOAD in the
system environment.  This works, but should be considered a stepping stone to
a more robust solution.
2019-05-07 13:45:38 +02:00
David Izquierdo
b24a87fafe jellyfin: remove assertion if emby enabled: no emby module exists 2019-05-07 11:04:57 +02:00
Will Dietz
b809071ffb rngd: add option to run w/debug flag
Added while testing if adding hardening
directives to the service blocked access
to various sources, might be useful in the future.
2019-05-06 23:44:38 -05:00
Linus Heckemann
864f4f084a
Merge pull request #60237 from mayflower/kexec-no-clobber
nixos/kexec: don't clobber existing kexec-loaded kernel
2019-05-06 21:53:47 +02:00
Alberto Berti
f965fb26a9 nixos/kubernetes: upgrade CoreDNS 1.3.1 -> 1.5.0 2019-05-06 13:10:32 +02:00
Bastian Köcher
4806c8c38d nixos/all-firmware: Enable facetimehd only for i686/x86_64 2019-05-06 10:49:42 +02:00
(cdep)illabout
b12ea62ec9 nixos/systemd-boot: add support for memtest86 EFI app
This commit adds support for installing the memtest86 EFI app and adding
a boot entry for it with systemd-boot.
2019-05-06 17:08:55 +09:00
José Romildo Malaquias
b4941a463e
Merge pull request #59943 from romildo/fix.deepin.modules
nixos/deepin: use only one module for deepin services
2019-05-05 20:52:13 -03:00
volth
f3535aeea3
nix.systemFeatures: minor fix
following up #59148
I forgot the default case of the architectures which do not have minor brothers whose code they can run ("westmere" or any of of AMD)
2019-05-05 22:14:24 +00:00
Robert Schütz
1ea22b8868
Merge pull request #60217 from dotlambda/home-assistant-0.92
home-assistant: 0.91.4 -> 0.92.2
2019-05-05 23:31:31 +02:00
José Romildo Malaquias
78f176158c nixos/deepin: add deepin-anything service 2019-05-05 18:01:28 -03:00
José Romildo Malaquias
8ed9f9fedf nixos/deepin: add dde-dock dbus service 2019-05-05 17:37:46 -03:00
José Romildo Malaquias
9e9b96f073 nixos/deepin: install polkit local authority files in /etc 2019-05-05 17:14:42 -03:00
José Romildo Malaquias
9a1890cafb nixos/deepin: add deepin-screenshot dbus service 2019-05-05 17:14:42 -03:00
José Romildo Malaquias
65c6aff217 nixos/deepin: add deepin-image-viewer dbus service 2019-05-05 17:14:41 -03:00
José Romildo Malaquias
f239997fde nixos/deepin: add dde-session-ui dbus service 2019-05-05 17:14:41 -03:00
José Romildo Malaquias
1294aaece6 nixos/deepin: add dde-calendar dbus service 2019-05-05 17:14:41 -03:00
José Romildo Malaquias
788b45fa13 nixos/deepin: add deepin-turbo systemd service 2019-05-05 17:14:41 -03:00
José Romildo Malaquias
77fa14725f nixos/deepin: move deepin-menu.nix into deepin.nix 2019-05-05 17:14:41 -03:00
José Romildo Malaquias
6121a8e3b5 nixos/deepin: fix the deepin-daemon user and group 2019-05-05 17:14:41 -03:00
José Romildo Malaquias
7c60ac71cf nixos/deepin: add dde-api services and user/group 2019-05-05 17:14:41 -03:00
José Romildo Malaquias
4fcaded92b nixos/deepin: rename dde-daemon module
The deepin module is used to set basic dbus and systedmd services, kernel modules,
groups and users needed by the Deepin Desktop Environment.
2019-05-05 17:14:41 -03:00
Michael Raskin
7770495cd7
Merge pull request #59148 from volth/gcc.arch.v3
compilation for particular x86_64 architecture
2019-05-05 19:12:12 +00:00
Will Dietz
45886612f0 networkmanager: network-online --wants--> NetworkManager-wait-online 2019-05-04 19:04:45 -05:00
Bas van Dijk
517c52ec2e
postgresql: always create the $out/bin directory
This is needed because some PostgreSQL plugins don't have a bin
directory. If only these plugins are listed in cfg.extraPlugins buildEnv
will turn $out/bin into a symbolic link to ${pg}/bin. Lateron we try to
rm $out/bin/{pg_config,postgres,pg_ctl} which will then fail because
$out/bin will be read-only.
2019-05-04 14:11:52 -05:00
Andreas Rammhold
45f58cad33
nixos/misc/nixpkgs: fixed syntax error in overlays example
I was pointed towards a small syntax error in the `nixpkgs.overlays`
documentation. There was a trailing semicolon after the overlay
function.

I also aligned the code a bit better so opening and closing brackets can
be visually matched much better (IMO).
2019-05-04 17:29:04 +02:00
Robert Schütz
d280603bd1 nixos/home-assistant: account for introduction of manifest.json
The `availableComponents` now only contain a single attribute for
every integration.
2019-05-04 12:01:23 +02:00
Renaud
966ee252c2
Merge pull request #59367 from Ma27/fix-hostapd-interface-naming
nixos/hostapd: escape interface names for hostapd
2019-05-03 19:04:00 +02:00
worldofpeace
a01943c7f0
Merge pull request #59856 from c00w/external_gpu
nixos/nvidia: Add NVIDIA optimus option to allow external GPUs
2019-05-03 10:31:11 -04:00
Joachim F
5ad1e9f0bf
Merge pull request #60575 from dtzWill/feature/obfs4proxy
obfs4: init at 0.0.10, use in tor-browser-bundle's, tor service
2019-05-03 09:48:02 +00:00
Will Dietz
329df95958 vnstat: 2.1 -> 2.2
https://humdi.net/vnstat/CHANGES

* enable tests
* add hardening options from upstream's
  example service
* fix "documentation" setting in service:
  either needs to be `unitConfig.Documentation`
  (uppercase) or lowercase but not within unitConfig.
2019-05-03 01:47:57 -05:00
Elis Hirwing
6698c37fe1
Merge pull request #60630 from etu/drop-emby
emby: Drop package and module and refer to jellyfin
2019-05-03 07:58:30 +02:00
Silvan Mosberger
bc5b262c9c
Merge pull request #60333 from azazel75/fix-grafana_reporter
grafana_reporter: Fix library function name
2019-05-03 06:29:09 +02:00
Silvan Mosberger
be1ada3140
Merge pull request #60081 from Streetwalrus/nginx_stapling
nginx: use fullchain.pem for ssl_trusted_certificate
2019-05-03 06:28:38 +02:00
Colin L Rice
d67494972d nixos/nvidia: Add NVIDIA optimus option to allow external GPUs
Without this option - NVIDIA refuses to use an external GPU.
2019-05-02 23:57:28 -04:00
Hsiang-Cheng Yang
e775587d63 softether: 4.25 -> 4.29 (#60665)
* softether: 4.25 -> 4.29

* softether_4_29: restrict to x86_64-linux
Does not build on aarch64 because of upstream "-m64" compile flag
2019-05-02 19:38:37 +02:00
Silvan Mosberger
e3dfd6a8ad
Merge pull request #60543 from Infinisil/fix/znc-gen
nixos/znc: Fix config generator for certain null values
2019-05-02 18:23:10 +02:00
Silvan Mosberger
a3e84ba63a
Merge pull request #55771 from Infinisil/nixos/znapzend/parallel
nixos/znapzend: Run znapzendzetup import in parallel
2019-05-02 18:22:44 +02:00
Alyssa Ross
7658c90f21
nixos/xserver: improve DM error message when X off
Previously, if you, for example, set
services.xserver.displayManager.sddm.enable, but forgot to set
services.xserver.enable, you would get an error message that looked like
this:

    error: attribute 'display-manager' missing

Which was not particularly helpful.

Using assertions, we can make this message much better.
2019-05-02 16:19:59 +00:00
Will Dietz
f24f72e60b nixos tor: use obfs4proxy, make transport list customizable 2019-05-01 21:56:05 -05:00
Silvan Mosberger
b6a6162919
Merge pull request #55422 from nand0p/ethminer
ethminer: init at 0.18.0-rc.0
2019-05-02 01:29:09 +02:00
Fernando J Pando
3325773754 nixos/ethminer: init
- Tested on NixOS
2019-05-01 17:20:26 -04:00
Silvan Mosberger
c68124b5f0
Merge pull request #60097 from Mic92/openldap-rootpw-file
nixos/openldap: make rootpw option optional
2019-05-01 22:29:55 +02:00
Elis Hirwing
02cd2b00e7
emby: Drop package and module and refer to jellyfin 2019-05-01 17:47:32 +02:00
Elis Hirwing
ea439dc4d0
Merge pull request #60617 from nyanloutre/jellyfin_10_3_2
jellyfin: 10.3.1 -> 10.3.2
2019-05-01 13:39:09 +02:00
nyanloutre
f82bfd5e80
nixos/jellyfin: add test to all-tests.nix 2019-05-01 11:57:34 +02:00
Silvan Mosberger
a27dc9d3ab
nixos/znc: Fix config generator for certain null values
The type of ZNC's config option specifies that a configuration like

  config.User.paul = null;

should be valid, which is useful for clearing/disabling property sets
like Users and Networks. However until now the config generator
implementation didn't actually cover null values, meaning you'd get an
error like

  error: value is null while a set was expected, at /foo.nix:29:10

This fixes the implementation to correcly allow clearing of property
sets.
2019-05-01 00:06:11 +02:00
worldofpeace
7df410c6d4
Merge pull request #59630 from worldofpeace/setcap-gnome-keyring
gnome3.gnome-keyring: CAP_IPC_LOCK gnome-keyring-daemon
2019-04-30 13:17:03 -04:00
volth
5a2356cff1
nix.systemFeatures: minor refactor 2019-04-30 16:28:21 +00:00
volth
5ad79dc4bb compilation for particular x86_64 architecture 2019-04-30 14:28:04 +00:00
Frederik Rietdijk
fd2bd6e433
Merge staging-next into master 2019-04-30 15:50:24 +02:00
Sarah Brofeldt
10c671ff7c
Merge pull request #60415 from johanot/kubernetes-fix-control-plane-online-unit
nixos/kubernetes: fix control-plane-online prestart dependency
2019-04-30 11:52:05 +02:00
Linus Heckemann
6b6f25e926 nixos/kexec: log what's happening 2019-04-29 22:43:16 +02:00
Johan Thomsen
29bf511ef9 nixos/kubernetes: fix control-plane-online prestart dependency
The kubeconfig provided to the kubernetes-control-plane-online.service
is invalid. However, the apiserver /healthz endpoint can be accessed without auth so it's
simpler to just use curl for that.
2019-04-29 17:42:16 +02:00
Joachim F
b2a165e786
Merge pull request #60377 from joachifm/feat/apparmor-systemd
nixos/apparmor: service unit improvements
2019-04-29 12:36:24 +00:00
Daniel Schaefer
786f02f7a4 treewide: Remove usage of isNull
isNull "is deprecated; just write e == null instead" says the Nix manual
2019-04-29 14:05:50 +02:00
Frederik Rietdijk
2f936f85d8 Merge master into staging-next 2019-04-29 13:46:20 +02:00
Silvan Mosberger
da4f6a2a09 browserpass: Remove v2 and switch to buildGoModule (#60282) 2019-04-28 11:05:24 -07:00
Edmund Wu
162546f0a1 nixos/luksroot: create /run/cryptsetup (#60235)
Needed since 2.0.0
Changed to /run/cryptsetup from /run/lock/cryptsetup in 2.0.1
2019-04-28 17:49:32 +00:00
Joachim Fasting
aa24c4e95b
nixos/apparmor: allow reloading profiles without losing confinement
Define ExecReload, otherwise reload implies stop followed by start, which
leaves existing processes in unconfined state [1].

[1]: https://gitlab.com/apparmor/apparmor/wikis/AppArmorInSystemd
2019-04-28 17:38:12 +02:00
Joachim Fasting
f824dad19a
nixos/apparmor: order before sysinit.target
Otherwise, profiles may be loaded way too late in the init process.
2019-04-28 17:38:07 +02:00
Joachim F
e666cc4e7e
Merge pull request #60334 from bhipple/fix/doc-typo
nixos.grafana: fix docstring typo
2019-04-28 15:07:06 +00:00
Aaron Andersen
3fce35fde2
Merge pull request #59465 from minijackson/module-jellyfin 2019-04-28 10:21:35 -04:00
Michael Weiss
6852c080d8
nixos/sks: Fix another regression from ab5dcc7068
The two directories KDB and PTree do not exist before the SKS DB is
build for the first time. If /var/db/sks is empty and the module is
enabled via "services.sks.enable = true;" the following error will
occur:
...-unit-script-sks-db-pre-start[xxx]:
ln: failed to create symbolic link 'KDB/DB_CONFIG': No such file or directory

To avoid this both links have to be created after the DB is build.
Note: Creating the directories manually might be better but the initial
build might be skipped as a result:
unit-script-sks-db-pre-start[xxxxx]: KeyDB directory already exists.  Exiting.
unit-script-sks-db-pre-start[xxxxx]: PTree directory already exists.  Exiting.
2019-04-28 14:45:21 +02:00
Minijackson
ab9378980a
nixos/jellyfin: add simple test 2019-04-28 11:03:51 +02:00
Minijackson
eb8dac2fcd
nixos/jellyfin: init 2019-04-28 11:03:50 +02:00
elseym
5fb48557f5
documize-module: refactor and add more options 2019-04-28 07:45:17 +02:00
Michael Weiss
698388bc61 Revert "nixos/switch-to-configuration: Never stop system.slice"
This change was only a temporary workaround and isn't required anymore,
since /etc/systemd/system/system.slice should not be present on any
recent NixOS system (which makes this change a no-op).

This reverts commit 7098b0fcdf.
2019-04-28 07:21:34 +02:00
Silvan Mosberger
77fb90d27e
Merge pull request #59731 from ajs124/ejabberd_test
ejabberd: refactor module, add test
2019-04-27 23:36:52 +02:00
Michael Weiss
15010f0436
sway: Read the configuration from /etc before /nix/store (#60319)
This change will load all configuration files from /etc, to make it easy
to override them, but fallback to /nix/store/.../etc/sway/config to make
Sway work out-of-the-box with the default configuration on non NixOS
systems.
2019-04-27 22:38:18 +02:00
Michael Weiss
753e1e0bab
nixos/sks: Fix the module (the pre-start script was broken)
Unfortunately the changes in ab5dcc7068
introduced a typo (took me a while to spot that...) that broke the
whole module (or at least the sks-db systemd unit).

The systemd unit was failing with the following error message:
...-unit-script-sks-db-pre-start[xxx]: KDB/DB_CONFIG exists but is not a symlink.
2019-04-27 19:19:27 +02:00
Sarah Brofeldt
22348f951c
Merge pull request #60197 from etu/patch-gitea-generated-config
nixos/gitea: Don't include not needed database options depending on type
2019-04-27 19:16:33 +02:00
Benjamin Hipple
d084937fe7 nixos.grafana: fix docstring typo 2019-04-27 13:09:48 -04:00
Alberto Berti
47f62b4821 grafana_reporter: Fix library function name 2019-04-27 19:09:06 +02:00
Florian Klink
033882e0b7
Merge pull request #60019 from aanderse/nzbget
nzbget: fix broken service, as well as some improvements
2019-04-27 18:26:50 +02:00
Aaron Andersen
8d64ec7a17
Merge pull request #59424 from florianjacob/journalwatch
journalwatch: fix broken package, general maintenance
2019-04-27 10:58:45 -04:00
Lassulus
9cda3faecd
Merge pull request #53444 from wedens/earlyoom-notifications
nixos/earlyoom: add notificationsCommand option
2019-04-27 21:34:37 +09:00
aszlig
7ba9b0a41b
nixos: Fix build of manual
The build error has been introduced by 56dcc319cf.

Using a <simplesect/> within a <para/> is not allowed and subsequently
fails to validate while building the manual.

So instead, I moved the <simplesect/> further down and outside of the
<para/> to fix this.

Signed-off-by: aszlig <aszlig@nix.build>
Cc: @aaronjanse, @Lassulus, @danbst
2019-04-27 12:39:37 +02:00
Matthieu Coudron
03fb00d565
Merge pull request #60223 from Ma27/write-i3cfg-to-etc
nixos/window-managers/i3: write config file to `/etc/i3/config`
2019-04-27 18:46:57 +09:00
Lassulus
f099d3d8b6
Merge pull request #57561 from aaronjanse/patch-5
nixos/manual: document auto-login
2019-04-27 16:07:06 +09:00
Lassulus
21fe4fd176
Merge pull request #58181 from fgaz/nixos/zeronet/fix1
nixos/zeronet: add fileserverPort option
2019-04-27 15:45:30 +09:00
Frederik Rietdijk
883232c00d Merge master into staging-next 2019-04-27 07:01:38 +02:00
Maximilian Bosch
a1ffabe4de
nixos/window-managers/i3: write config file to /etc/i3/config
The default config of i3 provides a key binding to reload, so changes
take effect immediately:

```
bindsym $mod+Shift+c reload
```

Unfortunately the current module uses the store path of the `configFile`
option. So when I change the config in NixOS, a store path will be
created, but the current i3 process will continue to use the old one,
hence a restart of i3 is required currently.

This change links the config to `/etc/i3/config` and alters the X
startup script accordingly so after each rebuild, the config can be
reloaded.
2019-04-26 21:12:52 +02:00
Peter Hoeg
eb6ce1c8a9
Merge pull request #60146 from peterhoeg/f/packagekit
nixos/packagekit: make it not error out + test
2019-04-26 14:19:46 +08:00
Aaron Andersen
5b76046db3 nixos/nzbget: fix broken service, add a nixos test, as well as some general improvements 2019-04-25 20:28:39 -04:00
Linus Heckemann
4d667685c2 nixos/kexec: don't clobber existing kexec-loaded kernel 2019-04-26 00:35:10 +02:00
Linus Heckemann
d4cd164082 nixos/tinc: remove ordering dependency on network.target
This allows configuring IP addresses on a tinc interface using
networking.interfaces."tinc.${n}".ipv[46].addresses.

Previously, this would fail with timeouts, because of the dependency
chain
tinc.${netname}.service
--after--> network.target
--after--> network-addresses-tinc.${n}.service (and network-link-…)
--after--> sys-subsystem-net-devices-tinc.${n}.device

But the network interface doesn't exist until tinc creates it! So
systemd waits in vain for the interface to appear, and by then the
network-addresses-* and network-link-* units have failed. This leads
to the network link not being brought up and the network addresses not
being assigned, which in turn stops tinc from actually working.
2019-04-25 22:54:11 +02:00
volth
c01ea27ce3
nixos-generate-config: do not build btrfs-tools when btrfs is not used
cross-compilation of `btrfs-tools` is broken, and this usually needless dependency of each system closure on `btrfs-tools` prevents cross-compilation of whole system closures
2019-04-25 12:08:20 +00:00
Elis Hirwing
71450b1c1a
nixos/gitea: Don't include not needed database options depending on type
This was discovered in https://github.com/NixOS/nixpkgs/pull/60014
2019-04-25 08:30:14 +02:00
Florian Jacob
e916cdf02d nixos/journalwatch: permissionsStartOnly is deprecated
See #53852 for details,
related to the efforts in #56265
2019-04-24 21:26:29 +02:00
Graham Christensen
857069293d
Merge pull request #56565 from andrew-d/adunham/plex-fhs
plex: rewrite to use FHS userenv
2019-04-24 15:00:30 -04:00
Robin Gloster
b2c1ed6355
Merge pull request #53043 from exi/wg-quick
nixos/modules/networking/wg-quick Add wg-quick options support
2019-04-24 17:16:32 +00:00
Frederik Rietdijk
0a7bcb3b03 Merge staging into staging-next 2019-04-24 18:38:11 +02:00
Peter Hoeg
ab15949f81 nixos/packagekit: add test 2019-04-24 22:31:36 +08:00
Peter Hoeg
1bc408ec3a nixos/packagekit: make it not error out and use upstream systemd unit 2019-04-24 22:31:36 +08:00
Peter Hoeg
f81ddbf8e7
Merge pull request #60149 from peterhoeg/u/mosquitto_160
mosquitto: 1.5.8 -> 1.6 + nixos tests
2019-04-24 22:29:08 +08:00
Maximilian Bosch
28a95c4f7f
Merge pull request #60138 from grahamc/wireguard-generate-key
wireguard: add generatePrivateKeyFile option + test
2019-04-24 16:00:34 +02:00
Graham Christensen
06c83a14e1
Wrap 'wg' commands in <command> 2019-04-24 07:46:01 -04:00
Graham Christensen
f57fc6c881
wireguard: add generatePrivateKeyFile option + test
Ideally, private keys never leave the host they're generated on - like
SSH. Setting generatePrivateKeyFile to true causes the PK to be
generate automatically.
2019-04-24 07:46:01 -04:00
Peter Hoeg
c5af9fd4dd nixos/mosquitto: add test 2019-04-24 17:02:20 +08:00
Andrew Dunham
9f7f367bf5 plex: rewrite to use FHS userenv 2019-04-23 20:19:33 -07:00
Matthew Bauer
84d00355e8 Merge remote-tracking branch 'NixOS/master' into staging 2019-04-23 22:00:42 -04:00
Silvan Mosberger
508fd8f133
Merge pull request #55413 from msteen/bitwarden_rs
bitwarden_rs: init at 1.8.0
2019-04-24 00:25:08 +02:00
Matthijs Steen
ef1a43030b nixos/bitwarden_rs: init 2019-04-23 23:46:57 +02:00
Silvan Mosberger
ca37c23f91
Merge pull request #58096 from pacien/tedicross-init
tedicross: init at 0.8.7
2019-04-23 23:14:22 +02:00
pacien
d3423dd5c2 nixos/tedicross: add module 2019-04-23 22:52:23 +02:00
Jörg Thalheim
d43dc68db3
nixos/openldap: make rootpw option optional
This allows to store passwords in external files outside of the world-readable
nix store.
2019-04-23 16:35:33 +01:00
Janne Heß
5fbf306760 nixos/icingaweb2: Fix environment.etc assignment 2019-04-23 14:04:40 +02:00
ajs124
3e32e150cb nixos/ejabberd: migrate to tmpfiles, drop runit 2019-04-23 14:00:49 +02:00
Dan Elkouby
83c9b6ee39 nginx: use fullchain.pem for ssl_trusted_certificate
Some ACME clients do not generate full.pem, which is the same as
fullchain.pem + the certificate key (key.pem), which is not necessary
for verifying OCSP staples.
2019-04-23 12:33:19 +03:00
markuskowa
d0e70ac2d3
Merge pull request #60010 from JohnAZoidberg/https-urls
HTTPS urls
2019-04-22 23:37:07 +02:00
Daniel Schaefer
92cccb6f83 treewide: Use HTTPS for readthedocs URLs 2019-04-22 20:46:18 +02:00
Maximilian Bosch
c957341ef5
nixos-container: allow setting custom local and host address
I have a nixops network where I deploy containers using the `container`
backend which uses `nixos-container` intenrally to deploy several
containers to a certain host.

During that time I removed and added new containers and while trying to
deploy those to a different host I realized that it isn't guaranteed
that each container gets the same IP address which is a problem as some
parts of the deployment need to know which container is using which IP
(i.e. to configure port forwarding on the host).

With this change you can specify the container's IP like this (and don't
have to use the arbitrarily used 10.233.0.0/16 subnet):

```
$ nixos-container create test --config-file test-container.nix \
    --local-address 10.235.1.2 --host-address 10.235.1.1
```
2019-04-22 18:13:45 +02:00
Samuel Dionne-Riel
8a74ebeb01
nixos/virtualbox: Fixes configuration to evaluate
Fixes issue introduced by #57557
2019-04-22 11:22:00 -04:00
Aaron Andersen
c3f69d1373
Merge pull request #59381 from aanderse/automysqlbackup
automysqlinit: init at 3.0_rc6
2019-04-22 08:30:23 -04:00
Joachim Fasting
b33da46a8e
nixos/hardened: split description of allowUserNamespaces into paras 2019-04-21 13:11:25 +02:00
mlvzk
113bb0a7e9 nixos/display-managers/startx: fix typos for startx option description
`~/.xinintrc` => `~/.xinitrc`
`autmatically` => `automatically`
2019-04-21 07:46:37 +00:00
Samuel Dionne-Riel
429e554714 nixos/virtualbox: Fixes configuration to evaluate
Fixes issue introduced by #57557
2019-04-20 23:04:13 -04:00
Matthew Bauer
2a8ca24215
Merge pull request #59435 from furrycatherder/fix-tarball
nixos: fix system-tarball
2019-04-20 20:58:42 -04:00
Léo Gaspard
451961ead2
Merge pull request #59880 from florianjacob/matrix-synapse-identity-servers
nixos/matrix-synapse: correct trusted_third_party_id_servers default
2019-04-21 02:41:21 +02:00
Matthew Bauer
799fa4d404 Merge remote-tracking branch 'origin/master' into staging 2019-04-20 19:31:35 -04:00
Aaron Andersen
4a11ce7f26
cleanup redundant text in modules utilizing mkEnableOption
Closes #59911
2019-04-20 14:44:02 +02:00
Reno Reckling
abf60791e2 nixos/modules/networking/wg-quick Add wg-quick options support
This is an implementation of wireguard support using wg-quick config
generation.

This seems preferrable to the existing wireguard support because
it handles many more routing and resolvconf edge cases than the
current wireguard support.

It also includes work-arounds to make key files work.

This has one quirk:
We need to set reverse path checking in the firewall to false because
it interferes with the way wg-quick sets up its routing.
2019-04-20 14:02:54 +02:00
Aaron Andersen
e5b583bef4 nixos/httpd: cleanup old apache2.2 syntax 2019-04-20 07:32:55 -04:00
Jan Tojnar
d3259ed673
Merge branch 'master' into staging 2019-04-20 12:49:01 +02:00
Matthew Bauer
c1fd154fb6
Merge pull request #57557 from matthewbauer/ova-swap
nixos/virtualbox: add swap file
2019-04-19 10:17:36 -04:00
Matthew Bauer
dbc4543812 nixos/virtualbox: add swap file
Puts 2G swap in /var/swap of OVA. This serves as backup when you hit
the memory cap for the image.

Fixes #57171 and fixes #22696
2019-04-19 10:15:48 -04:00
ajs124
2b84c8d560 nixos/ejabberd: add basic test 2019-04-19 12:44:43 +02:00
Florian Jacob
34aa25b8dc nixos/matrix-synapse: correct trusted_third_party_id_servers default
the servers are equivalent and synchronized, but Riot defaults to use vector.im
Source: https://github.com/matrix-org/synapse/blob/v0.99.3/docs/sample_config.yaml#L701
2019-04-19 11:54:06 +02:00
AmineChikhaoui
548932640b
ec2-amis.nix: add 19.03 amis 2019-04-18 23:07:14 -04:00
Aaron Andersen
3464b50c61
Merge pull request #59389 from aanderse/issue/53853-1
replace deprecated usage of PermissionsStartOnly (part 1)
2019-04-18 20:46:28 -04:00
markuskowa
dac0051e60
Merge pull request #59188 from gnidorah/maxx
maxx: 1.1.0 -> 2.0.1
2019-04-18 21:48:01 +02:00
Linus Heckemann
42c107c2aa
Merge pull request #49537 from mayflower/stage1-symlink-fix
nixos stage-1: fix init existence test
2019-04-18 17:59:08 +02:00
Pierre Bourdon
5d2bb3d715 nixos/stage-1: "find-libs" shell script is for the host 2019-04-18 15:02:51 +02:00
Bas van Dijk
cccc7a93d2
Merge pull request #59828 from basvandijk/prometheus-refactoring
nixos/prometheus: refactored & added more missing options
2019-04-18 13:43:53 +02:00
Bas van Dijk
cdd82681b3 nixos/prometheus: add more missing options 2019-04-18 12:53:13 +02:00
Bas van Dijk
285fd3c05a nixos/prometheus: abstract over optional option creation 2019-04-18 11:55:43 +02:00
Domen Kožar
9bc23f31d2
Merge pull request #48337 from transumption/201810/nginx-etag
nginx: if root is in Nix store, use path's hash as ETag
2019-04-18 16:41:49 +07:00
aszlig
d533285224
nixos/tests/nginx: Add subtest for Nix ETag patch
This is to make sure that we get different ETag values whenever we
switch to a different store path but with the same file contents.

I've checked this against the old behaviour without the patch and it
fails as expected.

Signed-off-by: aszlig <aszlig@nix.build>
2019-04-18 09:41:13 +02:00
Frederik Rietdijk
2346182c2c Merge staging-next into staging 2019-04-18 08:26:30 +02:00
volth
ca7a18a24b
nixos/netboot: import -> callPackage
Copy-paste from iso-image.nix

Besides the simplification, it should use `pkgs.buildPackages.squashfsTools` because it is used in `nativeBuildInputs` instead of incorrect `pkgs.squashfsTools` which was forced by `import'
2019-04-18 01:11:04 +00:00
ajs124
e03932bbca xmpp-sendmessage: init script file, use in prosody test 2019-04-17 23:36:07 +02:00
worldofpeace
7abeda982a gnome3.gsettings-desktop-schemas -> gsettings-desktop-schemas
gnome3.pomodoro is left out because I don't want to create a conflict.
2019-04-17 13:39:23 -04:00
Robin Gloster
b278cd86e1
Merge branch 'master' into kube-apiserver-preferred-address-types 2019-04-17 16:40:06 +00:00
Robin Gloster
44afc81af1
Merge pull request #57693 from mayflower/kube-apiserver-proxy-client-certs
nixos/kubernetes: Add proxy client certs to apiserver
2019-04-17 16:38:51 +00:00
Robin Gloster
7dc6e77bc2
Merge pull request #56789 from mayflower/upstream-k8s-refactor
nixos/kubernetes: stabilize cluster deployment/startup across machines
2019-04-17 16:37:58 +00:00
Bas van Dijk
55ef5d4246 nixos/prometheus: set optional attributes to type types.nullOr
This makes sure that when a user hasn't set a Prometheus option it
won't show up in the prometheus.yml configuration file. This results
in smaller and easier to understand configuration files.
2019-04-17 14:49:09 +02:00
Bas van Dijk
57e5b75f9c nixos/prometheus: filter out the _module attr in a central place
We previously filtered out the `_module` attribute in a NixOS
configuration by filtering it using the option's `apply` function.

This meant that every option that had a submodule type needed to have
this apply function. Adding this function is easy to forget thus this
mechanism is error prone.

We now recursively filter out the `_module` attributes at the place we
construct the Prometheus configuration file. Since we now do the filtering
centrally we don't have to do it per option making it less prone to errors.
2019-04-17 14:08:16 +02:00
Joachim F
d7da5e2af2
Merge pull request #53826 from delroth/randstruct-custom-seed
nixos: allow customizing the kernel RANDSTRUCT seed
2019-04-16 17:49:19 +00:00
volth
9498c8f443 captive-browser: init at 2019-04-14 2019-04-16 14:52:38 +00:00
Bas van Dijk
a913d0891c nixos/prometheus: filter out empty srcape_configs attributes
This results in a smaller prometheus.yml config file.

It also allows us to use the same options for both prometheus-1 and
prometheus-2 since the new options for prometheus-2 default to null
and will be filtered out if they are not set.
2019-04-16 16:06:11 +02:00
Bas van Dijk
a23db5db08 nixos/prometheus: add new ec2_sd_config options for prometheus2 2019-04-16 16:04:33 +02:00
Andrew Childs
ad7e232f88 nixos/prometheus: add ec2_sd_configs section to scrape_configs 2019-04-16 13:43:52 +02:00
Bas van Dijk
e7fadde7a7 nixos/doc: remove prometheus2 notes from the 19.09 release notes
prometheus2 has been backported to 19.03 so it won't be new for 19.09.
2019-04-16 09:47:45 +02:00
Bas van Dijk
d1940beb3a nixos/prometheus/pushgateway: add module and test 2019-04-16 08:09:38 +02:00
Aaron Andersen
5f4df8e509 automysqlinit: init at 3.0_rc6 2019-04-15 21:51:55 -04:00
worldofpeace
2d6247a414 gnome3.gnome-keyring: CAP_IPC_LOCK gnome-keyring-daemon
From gkd-capability.c:

This program needs the CAP_IPC_LOCK posix capability.
We want to allow either setuid root or file system based capabilies
to work. If file system based capabilities, this is a no-op unless
the root user is running the program. In that case we just drop
capabilities down to IPC_LOCK. If we are setuid root, then change to the
invoking user retaining just the IPC_LOCK capability. The application
is aborted if for any reason we are unable to drop privileges.
2019-04-15 14:59:56 -04:00
worldofpeace
27ac8cb2c4
Merge pull request #59185 from worldofpeace/glib-networking
nixos/glib-networking: init
2019-04-15 13:17:58 -04:00
worldofpeace
7802b18958 nixos/pantheon: use glib-networking module 2019-04-15 13:11:58 -04:00
Eelco Dolstra
5399f34ad9
nix: 2.2 -> 2.2.2 2019-04-15 19:06:57 +02:00
worldofpeace
b0e9f85f47 nixos/glib-networking: init
Note that we were previously didn't have glib-networking
in systemd.packages so the PacRunner was non-functional.
2019-04-15 13:04:06 -04:00
adisbladis
9a176d669a
nixos/tox-node: Add descriptions to module options.
Missing these broke the tarball build
https://hydra.nixos.org/build/92258938/nixlog/1
2019-04-15 17:11:10 +01:00
José Romildo Malaquias
c32b50a5f7
Merge pull request #59520 from romildo/upd.deepin.deepin-daemon
nixos/dde-daemon: init
2019-04-15 10:30:51 -03:00
adisbladis
4b4caa9413
Merge pull request #59368 from suhr/tox-node
nixos/tox-node: init
2019-04-15 12:28:27 +03:00
adisbladis
454aa43213
nixos/tox-node: Dont hardcode bootstrap nodes
Get these from upstream tox-node package instead.
This is likely to cause less maintenance overhead over time and
following upstream bootstrap node changes is automated.
2019-04-15 09:27:32 +01:00
Сухарик
6cb40f7b0b
nixos/tox-node: init 2019-04-15 09:27:27 +01:00
Bas van Dijk
e5724e8e66
Merge pull request #59514 from basvandijk/elk-7.0.0
elk7: init at 7.0.0
2019-04-15 07:05:13 +02:00
José Romildo Malaquias
46a4e92d92 nixos/deepin-daemon: init 2019-04-14 21:47:45 -03:00
Bas van Dijk
13352f28d2 elk7: init at 7.0.0
This adds the following new packages:

+ elasticsearch7
+ elasticsearch7-oss
+ logstash7
+ logstash7-oss
+ kibana7
+ kibana7-oss
+ filebeat7
+ heartbeat7
+ metricbeat7
+ packetbeat7
+ journalbeat7

The default major version of the ELK stack stays at 6. We should
probably set it to 7 in a next commit.
2019-04-14 21:39:46 +02:00
Silvan Mosberger
a63c182d53
Merge pull request #59315 from Infinisil/znc-docs-url
nixos/znc: Fix URL XML for config option
2019-04-14 17:33:49 +02:00
worldofpeace
6846d4ab85 nixos/fprintd: use systemd.packages
Upstream has a systemd service.
2019-04-14 10:19:57 -04:00
worldofpeace
4616b4ec85
Merge pull request #21860 from e-user/bugfix/upstream/gnome-pam
nixos/gdm: use provided PAM login configuration wherever possible
2019-04-14 09:52:17 -04:00
Alexander Kahl
56bd0110e7 nixos/pam: Add GNOME keyring use_authtok directive to password group 2019-04-14 09:50:22 -04:00
Alexander Kahl
5b9895b1a0 nixos/gdm: use provided PAM login configuration wherever possible
Fixes #21859
2019-04-14 09:49:01 -04:00
worldofpeace
c9a925d82b
Merge pull request #59433 from romildo/upd.deepin.deepin-menu
nixos/deepin-menu: init
2019-04-14 09:18:15 -04:00
José Romildo Malaquias
9e99eed443 nixos/deepin-menu: init 2019-04-14 10:00:44 -03:00
Linus Heckemann
0fc80a576a
Merge pull request #59423 from lheckemann/initramfs-improvements
Initramfs improvements
2019-04-14 12:10:26 +02:00
Sarah Brofeldt
f839011719
Merge pull request #58512 from aanderse/solr
solr: init at 8.0.0
2019-04-14 11:16:28 +02:00
gnidorah
1a4072e90f maxx: 1.1.0 -> 2.0.1 2019-04-14 09:51:29 +03:00
Sean Haugh
040d159eb4 nixos: fix system-tarball 2019-04-13 22:14:37 -05:00
Danylo Hlynskyi
eddb31be99
Merge pull request #55121 from Ma27/add-option-support-to-nixos-build-vms
nixos-build-vms: pass `--option` to `nix-build`
2019-04-14 02:57:57 +03:00
Linus Heckemann
b499c52de5 stage-1: provide meaningful names to initrd and module tree 2019-04-13 23:22:56 +02:00
Aaron Andersen
55ddb04a8a nixos/zookeeper: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-04-13 07:01:01 -04:00
Aaron Andersen
a1c48c3f63 nixos/vault: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-04-13 07:01:01 -04:00
Aaron Andersen
053c9a7992 nixos/sonarr: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-04-13 07:01:01 -04:00
Aaron Andersen
bb649d96b0 nixos/smokeping: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-04-13 07:01:00 -04:00
Aaron Andersen
484e896d7a nixos/radarr: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-04-13 07:01:00 -04:00
Aaron Andersen
021b287b84 nixos/peerflix: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-04-13 07:01:00 -04:00
Aaron Andersen
0672f867bc nixos/mysql-backup: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-04-13 07:01:00 -04:00
Aaron Andersen
89cbee4d3e nixos/mxisd: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-04-13 07:01:00 -04:00
Aaron Andersen
cd46038ae5 nixos/jackett: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-04-13 07:00:59 -04:00
Aaron Andersen
b7f376c01b nixos/ipfs: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-04-13 07:00:59 -04:00
Aaron Andersen
b1be2f1584 nixos/influxdb: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-04-13 07:00:59 -04:00
Aaron Andersen
6ac630bad3 nixos/etcd: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-04-13 07:00:59 -04:00
Aaron Andersen
062efe018d nixos/couchdb: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-04-13 07:00:58 -04:00
Aaron Andersen
56c7960d66 nixos/codimd: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-04-13 07:00:58 -04:00
Aaron Andersen
e51f86a018 nixos/clickhouse: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-04-13 07:00:58 -04:00
Aaron Andersen
e5d8ba59cc nixos/traefik: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-04-13 07:00:58 -04:00
Aaron Andersen
cefbee3edc nixos/syncthing: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-04-13 07:00:58 -04:00
Aaron Andersen
0113cc0de9 nixos/stanchion: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-04-13 07:00:57 -04:00
Aaron Andersen
a585d29bfd nixos/rss2email: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-04-13 07:00:57 -04:00
Aaron Andersen
2ebbe3988b nixos/rabbitmq: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-04-13 07:00:57 -04:00
Aaron Andersen
7b2be9b328 nixos/postgresqlBackup: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-04-13 07:00:57 -04:00