Commit Graph

8042 Commits

Author SHA1 Message Date
Jörg Thalheim
67b1d6a16d
Merge pull request #34905 from vcunat/p/kresd-TLS
kresd service: add listenTLS option
2018-02-13 10:41:52 +00:00
Franz Pletz
eb862c48dd
systemd: 234 -> 237
Co-Authored-By: Florian Klink <flokli@flokli.de>
Co-Authored-By: Andreas Rammhold <andreas@rammhold.de>
2018-02-13 01:24:24 +01:00
Ruben Maher
ac52cb3aed nixos/prometheus/alertmanager: double hyphenate long opts (#34914)
Alertmanager 0.13.0 doesn't support single dash long options, so '-config.file'
for example is parsed as '-c', which leads to the service not starting.
2018-02-12 18:02:38 -05:00
Vladimír Čunát
05d6a7edb6
kresd service: add listenTLS option
Also fix some deficiencies in the systemd multi-socket stuff.
2018-02-12 20:48:25 +01:00
Franz Pletz
74736f26c2
bird2: init at 2.0.1 2018-02-11 23:35:05 +01:00
Vladimír Čunát
968b866dcc
Merge #32774: slurm-spank-x11: init at 0.2.5 2018-02-10 22:48:22 +01:00
Daniel Schaefer
713a69d083 nixos/acpid: pass event parameters to handler (#34190)
Previously the parameters were just dropped. Now they can be read
from within the handler script. An example to show this is added.

Makes use of the new writeShellScript function as suggested in:
issue #21557

resolves:  #21557
2018-02-10 13:26:05 +00:00
Jörg Thalheim
2cab78bc1d
Merge pull request #34384 from gnidorah/nvidia-optimus
modules/nvidia-optimus: fix module blacklisting
2018-02-10 12:14:21 +00:00
Jörg Thalheim
9fab083b79
Merge pull request #34524 from Infinisil/physlock-allowAnyUser
nixos/physlock: add allowAnyUser option
2018-02-10 09:58:36 +00:00
Jörg Thalheim
7914e6be3e
Merge pull request #34655 from markus1189/zookeeper-package-option
zookeeper.service: option for package and add to environment
2018-02-10 09:54:12 +00:00
Netix (Espinet François)
2a2e885cd0 nixos/freeradius : init - Added freeradius service
Inspired from the dhcpd service implementation
Only 2 configurations options at the moment:
- enabled
- path to config directory (defaults to /etc/raddb)

Implementation was also inspired from ArchLinux
systemd file and corrected with @dotlambda and
@fpletz help.
2018-02-10 09:59:01 +01:00
Masayuki Takeda
65faff97ff nixos/lxd: partial fix 2018-02-10 17:18:53 +09:00
Jörg Thalheim
79315b632e
Merge pull request #34728 from dpc/master
Add pam option to enable Google Authenticator
2018-02-10 08:16:50 +00:00
Jörg Thalheim
5be14cce39
Merge pull request #34753 from noqqe/master
Multiple users with hashedPassword is broken in mosquitto
2018-02-10 07:59:49 +00:00
markuskowa
bf53dc68c2 nixos/rdma-core: add module for soft RoCE and test (#34607) 2018-02-10 07:52:03 +00:00
Dawid Ciężarkiewicz
5c746a0a84 nixos/pam: support for Google Authenticator 2018-02-09 21:09:03 -08:00
Graham Christensen
5aabf0fc34
Merge pull request #33898 from oxij/nixos/related-packages-v5
nixos: doc: implement related packages in the manual (again)
2018-02-09 20:36:27 -05:00
Jan Malakhovski
0d1a643210 nixos/xen-dom0: add related packages, make it play well with them
This is a custom attribute set example of `relatedPackages` option usage.
2018-02-09 19:51:07 +00:00
Jan Malakhovski
e5268344fe nixos/adb: add related package
This is an attribute path example of `relatedPackages` option usage.
2018-02-09 19:51:06 +00:00
Jan Malakhovski
eb38b8676a nixos/tmux: add related package
This is a trivial example of `relatedPackages` option usage.
2018-02-09 19:51:06 +00:00
Franz Pletz
1fcbc7055c
Merge pull request #33700 from roberth/nixos-externalpkgs
nixos: Add nixpkgs.pkgs option
2018-02-09 18:47:48 +00:00
Franz Pletz
3748f3aac8
Merge pull request #32582 from Ma27/yabar-module
yabar: add module
2018-02-09 18:43:59 +00:00
Andreas Rammhold
04051ee9d0
Merge pull request #34562 from griff/rspamd-workers
nixos/rspamd: worker configuration, socket activation and tests
2018-02-09 14:45:54 +01:00
Andreas Rammhold
7ae9699e1c
Merge pull request #34759 from dotlambda/dovecot
nixos/dovecot: no " in mailbox.name
2018-02-09 12:43:03 +01:00
Robert Schütz
6ceece6b59 nixos/dovecot: no " in mailbox.name 2018-02-09 12:20:55 +01:00
Hamish
3a2b0cdf5c nixos/traefik: make group configurable for docker support (#34749) 2018-02-09 09:37:29 +00:00
Brian Olsen
908fc5e14b
nixos/rspamd: options for worker configuration and socket activation 2018-02-09 06:19:03 +01:00
Florian Baumann
7e76b127cd
Multiple users with hashedPassword is broken in mosquitto
If you have more than 1 User with hasedPassword Option set it generates 

```
rm -f /var/lib/mosquitto/passwd
touch /var/lib/mosquitto/passwd
echo 'user1:$6$xxx' > /var/lib/mosquitto/passwd
echo 'user2:$6$xxx' > /var/lib/mosquitto/passwd
```

Which ends up in only having 1 user.
2018-02-08 22:46:06 +01:00
Joachim F
65e6fbf2b5
Merge pull request #34690 from dotlambda/tor
nixos/tor: add hiddenServices.<name>.authorizeClient
2018-02-08 17:08:44 +00:00
Eric Bailey
6b45dbd99c services.mysql: properly quote database.name 2018-02-08 17:32:41 +01:00
Eelco Dolstra
6bc889205a
sshd: Remove UsePrivilegeSeparation option
This option is deprecated, see https://www.openssh.com/txt/release-7.5.
2018-02-08 13:32:55 +01:00
Frederik Rietdijk
c0f6aac818
Merge pull request #34574 from dotlambda/home-assistant
nixos/home-assistant: support platform=... scheme for autoExtraComponents
2018-02-08 10:53:35 +00:00
Jörg Thalheim
b6bcba6537 nixos/zfs: fix typo in enableLegacyCrypto description 2018-02-08 10:24:47 +00:00
Robert Schütz
355de06fe4 nixos/tor: add hiddenServices.<name>.authorizeClient 2018-02-08 10:02:22 +01:00
sjau
0d65e2e0e5 zfs: add migration path for new crypto format
fixes #34559
2018-02-07 20:46:16 +00:00
rnhmjoj
5118b86800 nixos/monero: init 2018-02-07 08:04:36 -05:00
Tuomas Tynkkynen
a008a9cb3b nixos/sd-image-armv7l-multiplatform: Port RPi config.txt changes from aarch64 image
As was done in commit cd2e740dde.
2018-02-07 06:30:34 +02:00
Robert Schütz
b5ecdfa977 nixos/acme: Fix xml (#34683) 2018-02-06 23:27:28 +00:00
Joachim Schiele
edeacd00ad security.acme: default name value via module system (#34388) 2018-02-06 21:08:57 +00:00
Joachim F
97ab8d8981
Merge pull request #17106 from spacefrogg/openafs
openafs: Refactor and introduce server module
2018-02-06 14:43:55 +00:00
Markus Hauck
77218de812 zookeeper.service: option for package and add to environment 2018-02-06 09:59:01 +01:00
Philipp Dörfler
35441b52d9
Wrapped ${mailbox.name} in "s to allow for space in mailbox names. 2018-02-05 17:06:49 +01:00
Frederik Rietdijk
ba34a70086
Merge pull request #33866 from yesbox/fix_newgrp
nixos: sg/newgrp should always be available, not chfn
2018-02-05 10:47:23 +00:00
David McFarland
fbba0d0ee5 matrix-synapse: default server_name to hostname 2018-02-04 21:22:55 -04:00
David McFarland
a4b7de74a5 matrix-synapse: default to postgresql on 18.03 2018-02-04 21:22:55 -04:00
David McFarland
1472fa8685 matrix-synapse: create and connect to local postgresql db 2018-02-04 21:22:54 -04:00
Thomas Tuegel
4688dd0cf5
Merge pull request #34526 from ttuegel/bugfix/plasma-integration/font-style
plasma-integration: Fix font style name bug with Qt >= 5.8
2018-02-04 17:41:50 -06:00
Sarah Brofeldt
bf58890a5a nixos/k8s: Enable Node authorizer and NodeRestriction by default 2018-02-04 21:23:36 +01:00
Thomas Tuegel
77a607aa88
nixos/plasma5: Fix font style names in kdeglobals 2018-02-04 13:31:04 -06:00
Robert Schütz
59eb19224b nixos/home-assistant: support platform=... scheme for autoExtraComponents
See https://home-assistant.io/components/sensor.luftdaten/ for an example component using that scheme.
2018-02-04 11:09:55 +01:00
Vladimír Čunát
dd57c63793
Merge branch 'staging'
There are some Darwin regressions and a mysterious Lisp issue,
but also a security update of curl...
2018-02-03 10:56:07 +01:00
Vladimír Čunát
84fb5c6a0d
nixos/availableKernelModules: add a keyboard module
Non-working keyboards during boot are quite a problem; see:
https://github.com/NixOS/nixpkgs/pull/33529#issuecomment-361164997
2018-02-03 10:46:53 +01:00
adisbladis
7ebb82e04f
home-assistant: Fix incorrect xml closing tag 2018-02-03 16:54:02 +08:00
Frederik Rietdijk
55e0f12761 Merge remote-tracking branch 'upstream/master' into HEAD 2018-02-03 09:48:42 +01:00
Frederik Rietdijk
db58049f75
Merge pull request #34494 from dotlambda/home-assistant
home-assistant: compute extraComponents from config
2018-02-03 08:01:50 +00:00
Tuomas Tynkkynen
10c8e6d0c5 Merge remote-tracking branch 'upstream/master' into staging 2018-02-03 02:50:21 +02:00
Jörg Thalheim
a4170403e6
Merge pull request #33897 from rnhmjoj/digits
Avoid package attributes starting with a digit
2018-02-02 19:30:23 +00:00
Michael Raitza
d0ebdbd308 nixos/openafsServer: OpenAFS server nixos module 2018-02-02 16:43:44 +01:00
Shea Levy
43f647e5b4
Merge branch 'dynamic-function-args' 2018-02-02 09:41:16 -05:00
Vladimír Čunát
bbfca0f371
knot-resolver: 1.5.3 -> 2.0.0 (feature update)
Also split extraFeatures into a wrapper derivation.
So far, no changes like user renaming nor systemd unit rework.
2018-02-02 15:26:36 +01:00
Silvan Mosberger
cfd22b733b
physlock: add allowAnyUser option 2018-02-02 14:03:00 +01:00
Robert Schütz
78c2ca326e home-assistant: compute extraComponents from config 2018-02-02 09:48:50 +01:00
Jan Tojnar
dfe7a54d19
nixos/pipewire: init 2018-02-01 22:40:51 +01:00
Michael Raitza
ce74e1cc36 nixos/openafsClient: Extend client service functionality
Add a lot of options to the client to make it more usable and compatible
with the OpenAFS server module.
2018-02-01 16:35:24 +01:00
Michael Raitza
c389d705f3 nixos/openafsClient: relocate nixos module 2018-02-01 16:35:18 +01:00
rnhmjoj
1fec496f38
nixos/networking-interfaces: add preferTempAddress option 2018-02-01 13:14:09 +01:00
Jörg Thalheim
57d72d4140
Merge pull request #34442 from rnhmjoj/virtual
Fix virtualType for network-interfaces-scripted
2018-02-01 10:35:13 +00:00
rnhmjoj
e28ecd5528
fix 2018-02-01 10:51:35 +01:00
Frederik Rietdijk
d30735f889
Merge pull request #34188 from dotlambda/home-assistant
home-assistant: init at 0.62.1
2018-02-01 08:44:48 +00:00
Vladimír Čunát
2fb4606f38
Merge branch 'master' into staging
Haskell rebuild.
Hydra: ?compare=1430378
2018-02-01 09:36:23 +01:00
Eelco Dolstra
700e21d6da nix-daemon.nix: Updates for Nix 2.0
* The environment variables NIX_CONF_DIR, NIX_BUILD_HOOK and
  NIX_REMOTE are no longer needed.

* A /bin/sh (from busybox) is provided by default in sandboxes.

* Various options were renamed.
2018-01-31 22:26:05 +01:00
WilliButz
c2fa5f1729
nixos/xautolock: fix default defaults/examples, add assertions
see issue #34371
2018-01-31 21:43:23 +01:00
Shea Levy
943592f698
Add setFunctionArgs lib function.
Among other things, this will allow *2nix tools to output plain data
while still being composable with the traditional
callPackage/.override interfaces.
2018-01-31 14:02:19 -05:00
Robert Schütz
bacbc48cfe home-assistant: add NixOS module 2018-01-31 12:30:31 +01:00
rnhmjoj
46c158a32f
nixos/networking-interfaces: set default value for virtualType 2018-01-31 05:51:09 +01:00
Peter Hoeg
dc52fc6dda aria2 (nixos): actually load the module
Fixes #33991
2018-01-31 09:42:03 +08:00
Vladimír Čunát
c9171e5a4c
Merge branch 'master' into staging
Hydra: ?compare=1430035
2018-01-30 19:51:33 +01:00
Tuomas Tynkkynen
71631a922b runInLinuxVM: Use QEMU command line that works on other architectures
... by moving the existing definition to qemu-flags.nix and reusing
that.
2018-01-30 16:57:27 +02:00
Tuomas Tynkkynen
8e83158f12 nixos/qemu: Deduplicate QEMU serialDevice into qemu-flags.nix 2018-01-30 16:57:27 +02:00
Robert Hensing
f2a45a47d4 nixos: Add nixpkgs.pkgs option
This lets the user set pkgs directly, so that it can be injected
externally and be reused among evaluations of NixOS.
2018-01-30 12:57:03 +01:00
Jörg Thalheim
add22af095
Merge pull request #34381 from JohnAZoidberg/less
nixos/less configure less with module
2018-01-30 10:41:39 +00:00
Daniel Schaefer
288898d6f1 nixos/less: use lesspipe package for preprocessing
Rather than a custom script the less config now uses the lesspipe
package config by default.
2018-01-29 22:08:32 +07:00
gnidorah
7b2482ea54 modules/nvidia-optimus: fix module blacklisting 2018-01-29 15:46:15 +03:00
Daniel Schaefer
192c2330d0 nixos/less configure less with module 2018-01-29 18:40:22 +07:00
Jan Tojnar
0f21306ca3
Merge pull request #33900 from jtojnar/nginx-acme
nixos/nginx: allow using existing ACME certificate
2018-01-29 01:38:45 +01:00
Graham Christensen
e2a54266c4
openssh: Build with Kerberos by default
This reverts commit 09696e32c390c232ec7ac506df6457fb93c1f536.
which reverted f596aa0f4a
to move it to staging
2018-01-28 16:36:01 -05:00
Graham Christensen
15a4977409
Revert "openssh: Build with Kerberos by default"
This reverts commit a232dd66ee.

Moving to staging
2018-01-28 16:36:01 -05:00
Aneesh Agrawal
716d1612af
openssh: Build with Kerberos by default
This can be disabled with the `withKerberos` flag if desired.
Make the relevant assertions lazy,
so that if an overlay is used to set kerberos to null,
a later override can explicitly set `withKerberos` to false.

Don't build with GSSAPI by default;
the patchset is large and a bit hairy,
and it is reasonable to follow upstream who has not merged it
in not enabling it by default.
2018-01-28 16:36:00 -05:00
Graham Christensen
f596aa0f4a
Revert "openssh: Build with Kerberos by default"
This reverts commit a232dd66ee.

Moving to staging
2018-01-28 16:32:52 -05:00
Aneesh Agrawal
a232dd66ee
openssh: Build with Kerberos by default
This can be disabled with the `withKerberos` flag if desired.
Make the relevant assertions lazy,
so that if an overlay is used to set kerberos to null,
a later override can explicitly set `withKerberos` to false.

Don't build with GSSAPI by default;
the patchset is large and a bit hairy,
and it is reasonable to follow upstream who has not merged it
in not enabling it by default.
2018-01-28 16:30:46 -05:00
Franz Pletz
36103e9863
nixos/powerManagement: remove duplicate definition
When not set just use the kernel default. `nixos-generate-config` will pick
a reasonable default.

cc #34350
2018-01-28 21:53:07 +01:00
Franz Pletz
50dda062d8
Merge pull request #34350 from Ma27/fix-powermanagement-default
nixos/powerManagement: set `cpuFreqGovernor` with `mkOptionDefault`
2018-01-28 14:46:51 +00:00
Jesper
2b270c1596 nixos/containers: Enable use of the network.useHostResolvConf option (#34354) 2018-01-28 14:42:15 +00:00
Maximilian Bosch
8ed3a90cdf
nixos/powerManagement: set cpuFreqGovernor with mkOptionDefault
`nixos-generate-config` detects the `cpuFreqGovernor` suited best for my
machine, e.g. `powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";`.

However the `powerManagement` module sets a sensitive default for
`cpuFreqGovernor` using `mkDefault` to avoid breackage with older
setups. Since 140ac2f1 the `hardware-configuration.nix` sets the
gorvernor with `mkDefault` as well which causes evaluation errors if the
powermanagement module is enabled:

```
error: The unique option `powerManagement.cpuFreqGovernor' is defined multiple times, in `/home/ma27/Projects/nixos-config/hardware-configuration.nix' and `/nix/var/nix/profiles/per-user/root/channels/nixos/nixpkgs/nixos/modules/config/power-management.nix'.
```

Using `mkOptionDefault` rather than `mkDefault` in the powermanagement
module fixes this issue as it decreases the priority of the module and
prefers the value set in `hardware-configuration.nix`.

I have confirmed the change using the following VM declaration:

```
{
  cpuFreq = { lib, ... }: {
    powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
    powerManagement.enable = true;
  };
}
```
2018-01-28 09:38:45 +01:00
Luke Adams
1537ce9dc7 samba4/sambaMaster: Modify services to align with Samba project usage 2018-01-26 22:37:17 +01:00
Franz Pletz
cb7fe51ee6
nixos/postfix: separate list option elements with commas 2018-01-26 14:10:17 +01:00
Markus Kowalewski
85ca8f121b slurm-spank-x11: init at 0.2.5 2018-01-25 13:58:14 -08:00
WilliButz
9bd7798d9c
nixos/postfix: fix default postfix config
`services.postfix.config` is now correctly merged with the default attrset
specified in the module. Some options that are lists in postfix also
have to be lists in nix to be merged correctly. Other default options are
now set with `mkDefault` so they can be overridden via the module system.
2018-01-24 23:35:28 +01:00
Tuomas Tynkkynen
d02c2d694e nixos/sd-image-*.nix: Bring back high consoleLogLevel
3d040f9305 removed it from installation-device.nix, but the default
loglevel is just too low for ARM and the like.
2018-01-24 18:23:32 +02:00
Tuomas Tynkkynen
cd2e740dde nixos/sd-image-aarch64.nix: Set avoid_warnings in RPi config.txt
Also add some comments on the existing config settings as well.
2018-01-24 18:23:31 +02:00
Michael Raitza
8a77ae81ad openafsClient: rename to openafs 2018-01-24 13:20:47 +01:00
Jörg Thalheim
e45dfded2b
Merge pull request #34052 from volth/patch-86
nixos/libvirtd: add qemu-img to $PATH of the daemon
2018-01-22 14:39:29 +00:00
Tuomas Tynkkynen
95880aaf06 nixos/initrd: Don't include some x86-specific modules unconditionally 2018-01-22 12:53:33 +02:00
Tuomas Tynkkynen
962e79ef32 nixos/make-disk-image.nix: Support EFI images
- Add a new parameter `imageType` that can specify either "efi" or
  "legacy" (the default which should see no change in behaviour by
  this patch).

- EFI images get a GPT partition table (instead of msdos) with a
  mandatory ESP partition (so we add an assert that `partitioned`
  is true).

- Use the partx tool from util-linux to determine exact start + size
  of the root partition. This is required because GPT stores a secondary
  partition table at the end of the disk, so we can't just have
  mkfs.ext4 create the filesystem until the end of the disk.

- (Unrelated to any EFI changes) Since we're depending on the
  `-E offset=X` option to mkfs which is only supported by e2fsprogs,
  disallow any attempts of creating partitioned disk images where
  the root filesystem is not ext4.
2018-01-22 11:18:23 +02:00
Graham Christensen
931a0b8be8
Merge pull request #34128 from teto/doc_simple
Doc: simple precisions
2018-01-21 22:40:36 -05:00
Matthieu Coudron
91648a2f22 environment.variables: give an example 2018-01-22 10:40:23 +09:00
Matthieu Coudron
d9ebd0d35b zsh doc: precise environment.shellAliases 2018-01-22 10:40:23 +09:00
Jörg Thalheim
a1e2f2a339 nixos/initrd-network: fix docbook syntax 2018-01-22 00:01:49 +00:00
Svein Ove Aas
5c5259d68d initrd-network: Document the need for modules 2018-01-21 17:43:41 +00:00
Leon Schuermann
04c4c01089 nixos/stunnel: add module (#33151) 2018-01-21 11:23:07 +00:00
Sarah Brofeldt
ed792d3a45
Merge pull request #33842 from mimadrid/fix/resilio-sync
resilio-sync: fixed typo knownHosts -> entry.knownHosts
2018-01-21 12:11:29 +01:00
Vladimír Čunát
5402412b97
Merge #33600: xfce: cleanup, hyphenate attributes 2018-01-21 09:52:58 +01:00
Jörg Thalheim
dfa6a81a31
Merge pull request #33331 from cransom/netdata-module
netdata service: fix permissions for apps.plugin
2018-01-19 23:19:29 +00:00
volth
c4eb23062e
nixos/libvirtd: add qemu-img to $PATH of the daemon
...because daemon's $PATH does not include "/run/current-system/sw/bin"
2018-01-19 16:28:01 +00:00
Jan Tojnar
d2d1a2dfba
Merge pull request #28882 from jtojnar/chrome-gnome-shell
chrome-gnome-shell: refactor
2018-01-19 13:40:42 +01:00
Leon Schuermann
c61a9dfd2e
sshd: provide option to disable firewall altering 2018-01-18 22:55:28 +08:00
Rob Vermaas
38538f3206
Merge pull request #33423 from AmineChikhaoui/gce-ssh-keys
Fix ssh keys retrieval in GCE instances
2018-01-18 13:06:00 +01:00
Leon Schuermann
f297ddb5c9 sudo: define extra rules in Nix language (#33905) 2018-01-17 14:56:08 +00:00
Roman Kuznetsov
f63604a598
kubernetes-dashboard (module): 1.6.3 -> 1.8.2 2018-01-17 09:01:32 +01:00
Francesco Gazzetta
356eeb0d4f nixos/mighttpd2: init 2018-01-16 21:04:09 +00:00
rnhmjoj
c946c101d6
avoid package attributes starting with a digit 2018-01-16 21:13:16 +01:00
Robin Gloster
9bceb2b353
oh-my-zsh module: reword & fix manual build
docbook interpreted this as a tag and this sounded as if the option
defaulted to putting the cached directory into the nix store.

cc @Ma27 @fpletz
2018-01-16 21:02:54 +01:00
Maximilian Bosch
b55d4c0564 programs.zsh.ohMyZsh: add cacheDir option (#33150)
The default cache directory set by oh-my-zsh is $ohMyZsh/cache which
lives in the Nix store in our case. This causes issues with several
completion plugins provided by oh-my-zsh.
2018-01-16 17:29:46 +00:00
Jörg Thalheim
822c949833
Merge pull request #33915 from lheckemann/remove-amd-hybrid-graphics
amd-hybrid-graphics module: remove
2018-01-16 15:57:37 +00:00
Leon Schuermann
22e83d2667 openvpn: add warning about world-readable credentials 2018-01-16 11:40:16 +07:00
Linus Heckemann
730f8530a8 amd-hybrid-graphics module: remove
This was only applicable to very specific hardware, and the only person
with an apparent interest in maintaining it (me) no longer uses the
hardware in question.
2018-01-15 23:17:12 +00:00
Jan Tojnar
41d252d7a4
nixos/nginx: allow using existing ACME certificate
When a domain has a lot of subdomains, it is quite easy to hit the rate limit:

https://letsencrypt.org/docs/rate-limits/

Instead you can define the certificate manually in `security.acme.certs` and list the subdomains in the `extraDomains` option.
2018-01-15 13:48:45 +01:00
Leon Schuermann
e45a06ebd1 openvpn: add option to store credentials 2018-01-15 14:34:58 +07:00
Jesper Geertsen Jonsson
8c0558dbb2 sg/newgrp should always be available, not chfn
sg and newgrp only changes the current user session and should be
available to users even if the "users.mutableUsers" option is set.
These are common, useful commands.

chfn does modify the /etc/passwd GECOS field which is also controlled
by the option "users.users.<name?>.description", so it's less
appropriate to make it available when "users.mutableUsers" is set.

However, because CHFN_RESTRICT in login.defs is never set in current
NixOS the chfn functionality is never available to users anyway and
may as well have its SUID disabled, as only root is able to use it.
This is recommended in the chfn man page in this case.
2018-01-14 20:54:40 +01:00
Joachim F
b6c696cc6f
Merge pull request #33444 from rnhmjoj/dnscrypt-wrapper
nixos/dnscrypt-wrapper: fix rotate script failing to restart the service
2018-01-14 11:33:02 +00:00
Sarah Brofeldt
ee4e6ebbfa
Merge pull request #32822 from LumiGuide/elk6
ELK: 5.6.1 -> 5.6.5 & add ELK 6.1.0
2018-01-14 10:40:50 +01:00
Miguel Madrid Mencía
22341c42e7
resilio-sync: fixed typo knownHosts -> entry.knownHosts 2018-01-13 23:44:39 +01:00
Jan Tojnar
38b6d7b60e
nixos/chrome-gnome-shell: init 2018-01-13 15:19:19 +01:00
Joachim F
ed250d8093
Merge pull request #27131 from richardlarocque/mosquitto_pw
mosquitto: Explicitly configure password file
2018-01-13 12:02:45 +00:00
Eelco Dolstra
dddcd10ecc
Don't set 'config.xorg = {}'
This makes memoization of Nixpkgs evaluation less effective, since
some Nixpkgs invocations may have 'config = {}' while others may have
'config = { xorg = {}; }'.

Instead set 'config = {}'.
2018-01-11 19:31:05 +01:00
zimbatm
1276a3b12a
nixos/acme: configurable TOS hash (#33522)
This hash tends to change and upstream simp_le doesn't seem to keep up
with the changes.
2018-01-11 14:19:15 +00:00
Jörg Thalheim
788c5195f3 Revert "nixos/udev: fix outdated udev rules for network devices"
This reverts commit 45c5a915980fbe1fa6f0ff80ab2d11b60b844d9e.

This breaks PredictableNetworkInterfaceNames on systems without networkd.
We should only include this file from systemd, when networkd is enabled.
2018-01-11 11:21:16 +00:00
Eelco Dolstra
6bbd67d45a
EC2 AMIs: 17.09.2356.cb751f9b1c3 -> 17.09.2681.59661f21be6 2018-01-10 13:16:49 +01:00
Joachim F
a6912f589e
Merge pull request #33629 from rnhmjoj/dnscrypt-proxy
Restore dnscrypt-proxy
2018-01-09 21:34:14 +00:00
John Ericson
eec050f395
Merge pull request #33577 from dtzWill/fix/cross-2
Minor cross fixes, 2
2018-01-09 12:36:53 -05:00
Vladimír Čunát
d6bf8eb71b
Merge #33614: nixos/kresd improvements
The PR was extended with other fixes.  All tested by me atop 17.09.
2018-01-09 17:26:31 +01:00
Ben Gamari
b2cbffae64 nixos/security-wrapper: Fix cross-compilation 2018-01-09 11:25:19 -05:00
Vladimír Čunát
4bc4c08838
nixos/kresd: service nitpicks 2018-01-09 17:25:18 +01:00
Vladimír Čunát
3ab85ed1ac
nixos/kresd: use DNSSEC root trust anchor from nixpkgs
in read-only way.  If the cache directory is empty and you use the
very same service for system's DNS, kresd is unable to bootstrap root
trust anchors, as it would need a DNS lookup.

Also, if we don't rely on bootstrap, the extra lua deps of kresd could
be dropped by default, but let's not do that now, as the difference in
closure size is only ~4 MB, and there may be other use cases than
running the package as nixos service this way.
2018-01-09 17:24:49 +01:00
Vladimír Čunát
f312e6d993
nixos/kresd: use systemd.tmpfiles
Since 4e4161c212 it works on nixos-rebuild.
2018-01-09 17:11:36 +01:00
José Romildo Malaquias
8b416450ea mate: let caja find extensions and gsettings schemas 2018-01-09 02:40:04 +02:00
José Romildo Malaquias
598c6c13f0 mate-panel: let mate-panel find applets in config system path 2018-01-09 02:40:04 +02:00
José Romildo Malaquias
ca27392d9c mate-control-center: add gsettings schemas path to XDG vars
mate-control-center depends on mate-settings-daemon, but the later needs
gsettings schemas  provided by the former. To fix this the gsettings schema
path from mate-control-center is added to XDG_DATA_DIRS at session
startup.
2018-01-09 02:40:04 +02:00
José Romildo Malaquias
1bacb88c6a mate-session-manager: add debug option to mate service 2018-01-09 02:40:04 +02:00
Andreas Rammhold
637d5dd00c tomcat9: 9.0.0.M17 -> 9.0.2
also renamed from tomcatUnstable to tomcat9
2018-01-09 01:31:06 +01:00