Commit Graph

12796 Commits

Author SHA1 Message Date
Joachim Fasting
aa24c4e95b
nixos/apparmor: allow reloading profiles without losing confinement
Define ExecReload, otherwise reload implies stop followed by start, which
leaves existing processes in unconfined state [1].

[1]: https://gitlab.com/apparmor/apparmor/wikis/AppArmorInSystemd
2019-04-28 17:38:12 +02:00
Joachim Fasting
f824dad19a
nixos/apparmor: order before sysinit.target
Otherwise, profiles may be loaded way too late in the init process.
2019-04-28 17:38:07 +02:00
Graham Christensen
857069293d
Merge pull request #56565 from andrew-d/adunham/plex-fhs
plex: rewrite to use FHS userenv
2019-04-24 15:00:30 -04:00
Robin Gloster
b2c1ed6355
Merge pull request #53043 from exi/wg-quick
nixos/modules/networking/wg-quick Add wg-quick options support
2019-04-24 17:16:32 +00:00
Peter Hoeg
f81ddbf8e7
Merge pull request #60149 from peterhoeg/u/mosquitto_160
mosquitto: 1.5.8 -> 1.6 + nixos tests
2019-04-24 22:29:08 +08:00
Maximilian Bosch
28a95c4f7f
Merge pull request #60138 from grahamc/wireguard-generate-key
wireguard: add generatePrivateKeyFile option + test
2019-04-24 16:00:34 +02:00
Graham Christensen
06c83a14e1
Wrap 'wg' commands in <command> 2019-04-24 07:46:01 -04:00
Graham Christensen
f57fc6c881
wireguard: add generatePrivateKeyFile option + test
Ideally, private keys never leave the host they're generated on - like
SSH. Setting generatePrivateKeyFile to true causes the PK to be
generate automatically.
2019-04-24 07:46:01 -04:00
Peter Hoeg
c5af9fd4dd nixos/mosquitto: add test 2019-04-24 17:02:20 +08:00
Andrew Dunham
9f7f367bf5 plex: rewrite to use FHS userenv 2019-04-23 20:19:33 -07:00
Silvan Mosberger
508fd8f133
Merge pull request #55413 from msteen/bitwarden_rs
bitwarden_rs: init at 1.8.0
2019-04-24 00:25:08 +02:00
Matthijs Steen
ef1a43030b nixos/bitwarden_rs: init 2019-04-23 23:46:57 +02:00
Silvan Mosberger
ca37c23f91
Merge pull request #58096 from pacien/tedicross-init
tedicross: init at 0.8.7
2019-04-23 23:14:22 +02:00
pacien
d3423dd5c2 nixos/tedicross: add module 2019-04-23 22:52:23 +02:00
markuskowa
d0e70ac2d3
Merge pull request #60010 from JohnAZoidberg/https-urls
HTTPS urls
2019-04-22 23:37:07 +02:00
Daniel Schaefer
92cccb6f83 treewide: Use HTTPS for readthedocs URLs 2019-04-22 20:46:18 +02:00
Aaron Andersen
c3f69d1373
Merge pull request #59381 from aanderse/automysqlbackup
automysqlinit: init at 3.0_rc6
2019-04-22 08:30:23 -04:00
Joachim Fasting
b33da46a8e
nixos/hardened: split description of allowUserNamespaces into paras 2019-04-21 13:11:25 +02:00
mlvzk
113bb0a7e9 nixos/display-managers/startx: fix typos for startx option description
`~/.xinintrc` => `~/.xinitrc`
`autmatically` => `automatically`
2019-04-21 07:46:37 +00:00
Samuel Dionne-Riel
429e554714 nixos/virtualbox: Fixes configuration to evaluate
Fixes issue introduced by #57557
2019-04-20 23:04:13 -04:00
Matthew Bauer
2a8ca24215
Merge pull request #59435 from furrycatherder/fix-tarball
nixos: fix system-tarball
2019-04-20 20:58:42 -04:00
Léo Gaspard
451961ead2
Merge pull request #59880 from florianjacob/matrix-synapse-identity-servers
nixos/matrix-synapse: correct trusted_third_party_id_servers default
2019-04-21 02:41:21 +02:00
Aaron Andersen
4a11ce7f26
cleanup redundant text in modules utilizing mkEnableOption
Closes #59911
2019-04-20 14:44:02 +02:00
Reno Reckling
abf60791e2 nixos/modules/networking/wg-quick Add wg-quick options support
This is an implementation of wireguard support using wg-quick config
generation.

This seems preferrable to the existing wireguard support because
it handles many more routing and resolvconf edge cases than the
current wireguard support.

It also includes work-arounds to make key files work.

This has one quirk:
We need to set reverse path checking in the firewall to false because
it interferes with the way wg-quick sets up its routing.
2019-04-20 14:02:54 +02:00
Matthew Bauer
c1fd154fb6
Merge pull request #57557 from matthewbauer/ova-swap
nixos/virtualbox: add swap file
2019-04-19 10:17:36 -04:00
Matthew Bauer
dbc4543812 nixos/virtualbox: add swap file
Puts 2G swap in /var/swap of OVA. This serves as backup when you hit
the memory cap for the image.

Fixes #57171 and fixes #22696
2019-04-19 10:15:48 -04:00
Florian Jacob
34aa25b8dc nixos/matrix-synapse: correct trusted_third_party_id_servers default
the servers are equivalent and synchronized, but Riot defaults to use vector.im
Source: https://github.com/matrix-org/synapse/blob/v0.99.3/docs/sample_config.yaml#L701
2019-04-19 11:54:06 +02:00
AmineChikhaoui
548932640b
ec2-amis.nix: add 19.03 amis 2019-04-18 23:07:14 -04:00
Aaron Andersen
3464b50c61
Merge pull request #59389 from aanderse/issue/53853-1
replace deprecated usage of PermissionsStartOnly (part 1)
2019-04-18 20:46:28 -04:00
markuskowa
dac0051e60
Merge pull request #59188 from gnidorah/maxx
maxx: 1.1.0 -> 2.0.1
2019-04-18 21:48:01 +02:00
Linus Heckemann
42c107c2aa
Merge pull request #49537 from mayflower/stage1-symlink-fix
nixos stage-1: fix init existence test
2019-04-18 17:59:08 +02:00
Pierre Bourdon
5d2bb3d715 nixos/stage-1: "find-libs" shell script is for the host 2019-04-18 15:02:51 +02:00
Bas van Dijk
cccc7a93d2
Merge pull request #59828 from basvandijk/prometheus-refactoring
nixos/prometheus: refactored & added more missing options
2019-04-18 13:43:53 +02:00
Bas van Dijk
cdd82681b3 nixos/prometheus: add more missing options 2019-04-18 12:53:13 +02:00
Bas van Dijk
285fd3c05a nixos/prometheus: abstract over optional option creation 2019-04-18 11:55:43 +02:00
Domen Kožar
9bc23f31d2
Merge pull request #48337 from transumption/201810/nginx-etag
nginx: if root is in Nix store, use path's hash as ETag
2019-04-18 16:41:49 +07:00
aszlig
d533285224
nixos/tests/nginx: Add subtest for Nix ETag patch
This is to make sure that we get different ETag values whenever we
switch to a different store path but with the same file contents.

I've checked this against the old behaviour without the patch and it
fails as expected.

Signed-off-by: aszlig <aszlig@nix.build>
2019-04-18 09:41:13 +02:00
Robin Gloster
44afc81af1
Merge pull request #57693 from mayflower/kube-apiserver-proxy-client-certs
nixos/kubernetes: Add proxy client certs to apiserver
2019-04-17 16:38:51 +00:00
Robin Gloster
7dc6e77bc2
Merge pull request #56789 from mayflower/upstream-k8s-refactor
nixos/kubernetes: stabilize cluster deployment/startup across machines
2019-04-17 16:37:58 +00:00
Bas van Dijk
55ef5d4246 nixos/prometheus: set optional attributes to type types.nullOr
This makes sure that when a user hasn't set a Prometheus option it
won't show up in the prometheus.yml configuration file. This results
in smaller and easier to understand configuration files.
2019-04-17 14:49:09 +02:00
Bas van Dijk
57e5b75f9c nixos/prometheus: filter out the _module attr in a central place
We previously filtered out the `_module` attribute in a NixOS
configuration by filtering it using the option's `apply` function.

This meant that every option that had a submodule type needed to have
this apply function. Adding this function is easy to forget thus this
mechanism is error prone.

We now recursively filter out the `_module` attributes at the place we
construct the Prometheus configuration file. Since we now do the filtering
centrally we don't have to do it per option making it less prone to errors.
2019-04-17 14:08:16 +02:00
Joachim F
d7da5e2af2
Merge pull request #53826 from delroth/randstruct-custom-seed
nixos: allow customizing the kernel RANDSTRUCT seed
2019-04-16 17:49:19 +00:00
Bas van Dijk
a913d0891c nixos/prometheus: filter out empty srcape_configs attributes
This results in a smaller prometheus.yml config file.

It also allows us to use the same options for both prometheus-1 and
prometheus-2 since the new options for prometheus-2 default to null
and will be filtered out if they are not set.
2019-04-16 16:06:11 +02:00
Bas van Dijk
a23db5db08 nixos/prometheus: add new ec2_sd_config options for prometheus2 2019-04-16 16:04:33 +02:00
Andrew Childs
ad7e232f88 nixos/prometheus: add ec2_sd_configs section to scrape_configs 2019-04-16 13:43:52 +02:00
Bas van Dijk
e7fadde7a7 nixos/doc: remove prometheus2 notes from the 19.09 release notes
prometheus2 has been backported to 19.03 so it won't be new for 19.09.
2019-04-16 09:47:45 +02:00
Bas van Dijk
d1940beb3a nixos/prometheus/pushgateway: add module and test 2019-04-16 08:09:38 +02:00
Aaron Andersen
5f4df8e509 automysqlinit: init at 3.0_rc6 2019-04-15 21:51:55 -04:00
worldofpeace
27ac8cb2c4
Merge pull request #59185 from worldofpeace/glib-networking
nixos/glib-networking: init
2019-04-15 13:17:58 -04:00
worldofpeace
7802b18958 nixos/pantheon: use glib-networking module 2019-04-15 13:11:58 -04:00