Commit Graph

4995 Commits

Author SHA1 Message Date
aszlig
9720e16adc
nixos/pcscd: Improve and clean up module
So far the module only allowed for the ccid driver, but there are a lot
of other PCSC driver modules out there, so let's add an option called
"plugins", which boils down to a store path that links together all the
paths specified.

We don't need to create stuff in /var/lib/pcsc anymore, because we
patched pcsclite to allow setting PCSCLITE_HP_DROPDIR.

Another new option is readerConfig, which is especially useful for
non-USB readers that aren't autodetected.

The systemd service now is no longer Type=forking, because we're now
passing the -f (foreground) option to pcscd.

Tested against a YubiKey 4, SCR335 and a REINER SCT USB reader.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @wkennington
2016-06-04 16:39:19 +02:00
Nikolay Amiantov
1dfdc3e521 nixos manual: fix syntax
It appears I've cherry-picked wrong commit without this fix.
2016-06-03 19:23:17 +03:00
Nikolay Amiantov
1942957b53 nixos manual: document Gtk and Qt themes 2016-06-03 19:14:52 +03:00
Shea Levy
83c2629f15 Merge pull request #15895 from cerana/stage2-sysfs
stage2: if no /proc, also mount /sys
2016-06-03 11:32:57 -04:00
Domen Kožar
5260686aa8 fix https://github.com/NixOS/nixops/issues/331 2016-06-03 15:55:17 +01:00
obadz
4c5fdf42ed nixos/modules/misc/version.nix: check that .git is a directory
That's not the case for git submodules
Fixes #15928
2016-06-03 13:38:41 +01:00
Eelco Dolstra
7c19b395eb Explicitly specify the subsystem for /dev/vboxguest
Otherwise systemd gets confused and forgets about device units after
reloading.

https://github.com/NixOS/nixops/issues/391
https://github.com/systemd/systemd/issues/3423
2016-06-03 00:33:15 +02:00
Domen Kožar
81cdd0bf96 fix manual 2016-06-01 21:55:31 +01:00
Domen Kožar
3e631800d1 Add hydra package and its NixOS module.
This was originally removed in d4d0e449d7.
The intent was not to maintain hydra expression at two places.

Nowadays we have enough devs to maintain this despite copy/pasta.

This should encourage more people to use Hydra, which is a really
great piece of software together with Nix.

Tested a deploy using https://github.com/peti/hydra-tutorial
2016-06-01 21:55:31 +01:00
Joel Moberg
20826c2a5d nixos kde5: improve test
IceWM is not part of KDE 5 and is now no longer part of the test. KDE 5
applications: Dolphin, System Monitor, and System Settings are started
in this test.
2016-06-01 17:09:51 +02:00
Wilhelm Schuster
5f8d14546b Manual: Explicitly mark commands that require to be run as root (#15589)
* manual: Mark commands that require root

Mark every command that requires to be run as root by prefixing them
with '#' instead of '$'.

* manual: Add note about commands that require root
2016-06-01 15:23:32 +01:00
Nahum Shalman
9b0a5ced13 stage2: if no /proc, also mount /sys 2016-06-01 13:26:14 +00:00
Eelco Dolstra
e8ad22be12 Rename gummiboot module 2016-06-01 12:55:56 +02:00
Eelco Dolstra
9f0e137338 Rename boot.loader.gummiboot.enable -> boot.loader.systemd-boot.enable 2016-06-01 12:55:52 +02:00
Bob van der Linden
4e6697dcb6 acme: added option security.acme.preliminarySelfsigned (#15562) 2016-06-01 11:39:46 +01:00
Nikolay Amiantov
164ead312e Merge pull request #15793 from abbradar/unity3d-pkg
Unity3D package
2016-06-01 12:59:12 +03:00
Tuomas Tynkkynen
0229693354 iso-image.nix: Fix path to EFI blob after systemd-boot switch
This evaluates, but I can't verify if it works.

@edolstra
2016-06-01 12:14:00 +03:00
Eelco Dolstra
f222689aba Use systemd-boot instead of gummiboot
Gummiboot is part of systemd now so we may as well use it.
2016-05-31 17:02:47 +02:00
obadz
0c9e904943 toxvpn: restartIfChanged = false & minor cleanups 2016-05-30 14:23:52 +01:00
anderspapitto
dd2bb96dbe syncthing service: respect cfg.package (#15810) 2016-05-30 10:14:19 +02:00
obadz
d18ba0f50d toxvpn: init at 20151111
(Authored by @cleverca22)
2016-05-30 00:21:22 +01:00
aszlig
dc38003af9
nixos/containers: Create an empty machine-id file
Since systemd version 230, it is required to have a machine-id file
prior to the startup of the container. If the file is empty, a transient
machine ID is generated by systemd-nspawn.

See systemd/systemd#3014 for more details on the matter.

This unbreaks all of the containers-* NixOS tests.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @edolstra
Closes: #15808
2016-05-29 18:38:37 +02:00
Nikolay Amiantov
281db6bbc3 unity3d service: init 2016-05-29 17:38:36 +03:00
Joachim Fasting
b05bb30361
slurm service: robust reference to slurm bin output 2016-05-28 15:28:21 +02:00
Joachim Fasting
c420d0fb28
slurm service: fix typo in option description 2016-05-28 15:28:21 +02:00
Joachim Fasting
4e74479807
networking config: specify resolv.conf options as list of strings 2016-05-28 14:28:13 +02:00
Christian Zagrodnick
14dfdeb31a
networking config: support setting resolv.conf options
Closes: #11372
2016-05-28 14:28:13 +02:00
Joachim Fasting
44548c8a9e Merge pull request #15596 from rnhmjoj/master
fish: 2.2.0 -> 2.3.0
2016-05-28 00:53:12 +02:00
Joachim Fasting
a03cbebeb5
diod service: Capabilities -> CapabilityBoundingSet
`Capabilities` is obsolete in recent systemd and will be simply
ignored.

Note: this is the only service using `Capabilites`, per `git grep`.
2016-05-27 16:26:55 +02:00
Joachim Fasting
f7e7b814a9 Merge pull request #15668 from joachifm/fontDir-builderDefs
config.fonts.fontdir: use runCommand instead of builderDefs
2016-05-27 16:17:58 +02:00
Vladimír Čunát
e4832c7541 Merge branch 'staging'
Includes a security update of libxml2.
2016-05-27 15:58:40 +02:00
Joachim Fasting
a487cacef4 Merge pull request #15745 from peterhoeg/tmux-env
tmux module: set TMUX_TMPDIR via environment instead of wrapper
2016-05-27 13:23:48 +02:00
Peter Hoeg
5404595b55 tmux module: set TMUX_TMPDIR via environment instead of wrapper 2016-05-27 17:29:19 +08:00
Eelco Dolstra
b786b00023 KDE test: Bump kdm start timeout
Hopefully this will fix random failures like
http://hydra.nixos.org/build/36249079.
2016-05-27 11:22:27 +02:00
Joachim Fasting
b24e58a82b
config.fonts.fontdir: use runCommand instead of builderDefs
The primary motivation here is to get rid of builderDefs, but now the
resulting font directory is also linked into /run/current-system/sw,
which fixes #15194.
2016-05-26 22:39:01 +02:00
Vladimír Čunát
81039713fa Merge branch 'master' into staging
... to get the systemd update (rebuilding ~7k jobs).
2016-05-26 16:50:22 +02:00
aszlig
3b8a2a793c
nixos/tests/vbox: Fix invocation of dbus
VBoxService needs dbus in order to work properly, which failed to start
up so far, because it was searching in /run/current-system/sw for its
configuration files.

We now no longer run with the --system flag but specify the
configuration file directly instead.

This fixes at least the "simple-gui" test and probably the others as
well, which I haven't tested yet.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-05-26 16:48:32 +02:00
aszlig
3fd3911105
nixos/tests/vbox: Replace waitForWindow with xprop
We can't use waitForWindow here because it runs xwininfo as user root,
who in turn is not authorized to connect to the X server running as
alice.

So instead, we use xprop from user alice which should fix waiting for
the VirtualBox manager window.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-05-26 16:48:32 +02:00
Alexander Ried
8fbdb40ef0 services.*ntp*: Add time-sync.target to ntp clients (#15714)
See: https://www.freedesktop.org/software/systemd/man/systemd.special.html#time-sync.target
2016-05-26 16:25:36 +02:00
Eelco Dolstra
b37d6d8996 Fix failure to start old containers
The existence of $root/var/lib/private/host-notify as a socket
prevented a bind mount:

  container foo[8083]: Failed to create mount point /var/lib/containers/foo/var/lib/private/host-notify: No such device or address
2016-05-26 16:19:40 +02:00
aszlig
ecd3cbb9e7
nixos/tests/vbox: Start X server with user "alice"
The VirtualBox tests so far ran the X server as root instead of user
"alice" and it did work, because we had access control turned off by
default.

Fortunately, it was changed in 1541fa351b.

As a side effect, it caused all the VirtualBox tests to fail because
they now can't connect to the X server, which is a good thing because
it's a bug of the VirtualBox tests.

So to fix it, let's just start the X server as user alice.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-05-26 15:05:23 +02:00
aszlig
cb796ccd09
nixos/test-driver/Logger: Replace invalid UTF-8
Regression introduced by d84741a4bf.

The mentioned commit actually is a good thing, because we now get the
output from the X session.

Unfortunately, for the i3wm test, the i3-config-wizard prints out the
raw keyboard symbols directly coming from xcb, so the output isn't
necessarily proper UTF-8.

As the XML::Writer already expects valid UTF-8 input, we assume that
everything that comes into sanitise() will be UTF-8 from the start. So
we just decode() it using FB_DEFAULT as the check argument so that
every invalid character is replaced by the unicode replacement
character:

https://en.wikipedia.org/wiki/Specials_(Unicode_block)#Replacement_character

We simply re-oncode it again afterwards and return it, so we should
always get out valid UTF-8 in the log XML.

For more information about FB_DEFAULT and FB_CROAK, have a look at:

http://search.cpan.org/~dankogai/Encode-2.84/Encode.pm#Handling_Malformed_Data

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-05-26 14:24:33 +02:00
Domen Kožar
467cd6f3a4 Make i3wm test a release blocker
Catch issues like
331fa2feff
2016-05-26 10:47:15 +01:00
obadz
e78a99c35b nixos/tests/installer.nix: nixos-generate-config detects LUKS since a7baec7
Fixes nix-build '<nixos/release.nix>' -A tests.installer.luksroot.x86_64-linux
2016-05-26 04:02:36 +01:00
rnhmjoj
17ec9368cd
fish: 2.2.0 -> 2.3.0 2016-05-26 00:10:22 +02:00
obadz
331fa2feff xsession: fix variable read before set introduced in c99608c 2016-05-25 17:47:36 +01:00
Eelco Dolstra
a7baec7cb1 nixos-generate-config: Emit LUKS configuration for boot device 2016-05-25 18:04:41 +02:00
Eelco Dolstra
c6ab4ab206 nixos-generate-config: Enable strictness 2016-05-25 18:04:34 +02:00
Eelco Dolstra
845c9b50bf boot.initrd.luks.devices: Change into an attribute set
This allows setting options for the same LUKS device in different
modules. For example, the auto-generated hardware-configuration.nix
can contain

  boot.initrd.luks.devices.crypted.device = "/dev/disk/...";

while configuration.nix can add

  boot.initrd.luks.devices.crypted.allowDiscards = true;

Also updated the examples/docs to use /disk/disk/by-uuid instead of
/dev/sda, since we shouldn't promote the use of the latter.
2016-05-25 18:04:21 +02:00
Eelco Dolstra
32bed83b18 Remove boot.loader.grub.timeout and boot.loader.gummiboot.timeout
There is a generic boot.loader.timeout option.
2016-05-25 11:39:17 +02:00