Commit Graph

13629 Commits

Author SHA1 Message Date
LeOtaku
00d8fc1cde nixos/gnome3: add geoclue application configuration
Co-authored-by: worldofpeace <worldofpeace@protonmail.ch>
2019-05-16 18:46:07 -04:00
LeOtaku
2d93f57db5 nixos/geoclue2: make configurable, can whitelist applications
All options within geoclue.conf[0] have been made configurable.

Additonally, we can now specify whether or not GeoClue
should ask the agent to authorize an application like so:
```
services.geoclue2.appConfig."redshift" = {
  isAllowed = true;
  isSystem = true;
};
```

[0]: https://gitlab.freedesktop.org/geoclue/geoclue/blob/2.5.2/data/geoclue.conf.in

Co-authored-by: worldofpeace <worldofpeace@protonmail.ch>
2019-05-16 18:46:07 -04:00
Bas van Dijk
71fdb69314 nixos: add test for tinydns 2019-05-16 23:46:17 +02:00
Austin Seipp
e2bbc6fb46
nixos: fix services.foundationdb.traceFormat for older server versions
This was a testing oversight that came from #61009 -- I forgot to test
the new traceFormat option with older server versions while I was
working on FDB 6.1.

Since trace_format is only available in 6.1+, emitting it
unconditionally caused older versions of the database fail to start,
reporting an error. We simply gate it behind a version check instead,
and assert the format is always XML on older versions. This avoids the
case where the user has an old version, changes traceFormat willingly,
and then is confused by why it didn't work.

As reported by @TimothyKlim in the comments on commit
c55b9236f0. See

    c55b9236f0 (r33566132)

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2019-05-16 15:16:50 -05:00
Maximilian Güntner
1a84bfc0a2
mxisd: 1.2.0 -> 1.4.3 2019-05-16 21:14:13 +02:00
Frederik Rietdijk
d4464ff8fe Merge master into staging-next 2019-05-16 08:17:55 +02:00
Aaron Andersen
ed6ccd1b27
Merge pull request #61363 from aanderse/miniupnpc
miniupnpc_2: 2.1 -> 2.1.20190408, miniupnpd: 2.1 -> 2.1.20190502
2019-05-15 20:56:59 -04:00
c0bw3b
582fd549fb winstone: drop package and service
Close #56294
Upstream package is unmaintained for years
and nixpkgs provides alternatives
2019-05-15 20:30:48 +02:00
Austin Seipp
2525b88c80
nixos/foundationdb: default to ssd storage engine
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2019-05-15 09:54:11 -05:00
Austin Seipp
427f1e58a4
nixos/foundationdb: chmod 0770 for logs/data files
Slight oversight: this allows members of the FoundationDB group to read
logs.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2019-05-15 09:54:11 -05:00
Austin Seipp
c55b9236f0
nixos: add services.foundationdb.traceFormat option
This allows us to specify JSON trace logging, which is useful for
tooling to injest/transform logs.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2019-05-15 09:54:11 -05:00
Linus Heckemann
89b64ab5e1 nixos-generate-config: add rudimentary high-DPI detection
Fixes the main remaining part of #12345
2019-05-15 06:34:40 +02:00
Linus Heckemann
2b13c29c3c
Merge pull request #60231 from mayflower/tinc-allow-networking-interfaces
nixos/tinc: remove ordering dependency on network.target
2019-05-14 17:51:20 +02:00
Frederik Rietdijk
8abe5ee07e Merge master into staging-next 2019-05-14 10:23:13 +02:00
volth
b51aae10e0
nixos/desktop-managers: let them work when services.xserver.enable=false 2019-05-13 16:57:09 +00:00
lewo
42ee7cdf9d
Merge pull request #61089 from nlewo/pr-fix-layer-order
dockerTools: Fix Docker layers order
2019-05-13 15:27:43 +02:00
worldofpeace
b5f26f3803
Merge pull request #59480 from worldofpeace/fprintd-systemd
nixos/fprintd: use systemd.packages
2019-05-13 03:30:24 -04:00
Eelco Dolstra
de9e238469
FIx some malformed XML in option descriptions
E.g. these were using "<para>" at the *end* of a description. The real
WTF is that this is possible at all...
2019-05-13 09:15:17 +02:00
volth
d7decccc28
nixos/pantheon: fix build with config.allowAliases=false 2019-05-13 04:48:55 +00:00
volth
ac6875d294 nixos/desktop-managers: let them work when 'services.xserver.enable = false'
they can be used by remote desktop software, without X11 running locally
2019-05-13 04:23:56 +00:00
volth
46b9e5c3d4
nixos/enlightenment: fix build with config.allowAliases=false 2019-05-13 03:50:52 +00:00
John Ericson
395bcc0b27
Merge pull request #61257 from matthewbauer/add-binfmt-emulated-systems
nixos/binfmt: handle emulatedSystems
2019-05-12 19:11:52 -04:00
Markus Schmidl
147621f7db nixos/luksroot: GPG Smartcard support for luks encrypted volumes 2019-05-12 20:05:10 +02:00
Frederik Rietdijk
ef0dbef7f1 Merge master into staging-next 2019-05-12 19:59:09 +02:00
Joachim F
b4a43a278b
Merge pull request #60187 from joachifm/feat/configurable-malloc
nixos: configurable system-wide malloc
2019-05-12 15:18:07 +00:00
Joachim F
428ddf0619
Merge pull request #61306 from joachifm/feat/fix-apparmor-boot-linux_5_1
Fix apparmor boot on linux 5.1
2019-05-12 15:17:38 +00:00
Aaron Andersen
496d9f97e6 nixos/miniupnpd: update test to use pkgs.miniupnpc_2 2019-05-12 07:53:30 -04:00
Maximilian Bosch
fa2c6dc3c2
Merge pull request #61311 from turboMaCk/xss-lock-locker-options
xss-lock: improve locker options passing
2019-05-12 11:07:54 +02:00
Maximilian Bosch
d27431b362
nixos/xss-lock: add testcase for lockerCommand with several CLI options. 2019-05-12 03:22:29 +02:00
Maximilian Bosch
775146165d
nixos/xss-lock: improve module
* Don't use `literalExample`, raw Nix values can directly be specified
  as an option example which provides support for highlighting in the
  manual as well.

* Escape shell args for `extraOptions`: I.e. the `-n` option might be
  problematic as a longer notification command might be misinterpreted.
2019-05-12 03:20:44 +02:00
Renaud
e8d7f17c81
Merge pull request #61032 from dtzWill/feature/rngd-harden
rngd: harden service config, settings from arch
2019-05-11 23:36:57 +02:00
Marek Fajkus
7fef2e38ea xss-locker: improve options passing
- allow locker options without hacks
- add extraOptions
2019-05-11 19:33:10 +02:00
Joachim Fasting
92d41f83fd
nixos/tests/hardened: check that apparmor is properly loaded 2019-05-11 18:21:44 +02:00
Joachim Fasting
68f5d1fa4c
nixos/apparmor: ensure that apparmor is selected at boot
Otherwise we're subject to whatever defaults were selected at kernel build
time.

See also: https://github.com/NixOS/nixpkgs/issues/61145
2019-05-11 18:21:38 +02:00
Vladimír Čunát
e8f4ad0169
Merge branch 'master' into staging-next
~5k rebuilds per platform.
Hydra nixpkgs: ?compare=1518759
2019-05-11 09:41:36 +02:00
Matthew Bauer
93a522cf0c nixos/binfmt: fixup 2019-05-10 22:53:14 -04:00
Matthew Bauer
60381b7b11 binfmt: add more magics and masks
New ones taken from this script:

https://github.com/qemu/qemu/blob/master/scripts/qemu-binfmt-conf.sh
2019-05-10 21:00:21 -04:00
kolaente
29d35a9ddb maintainers: add kolaente 2019-05-11 02:01:08 +02:00
Matthew Bauer
153598ebb0 nixos/binfmt: handle emulatedSystems
Fixes #61248
2019-05-10 18:05:59 -04:00
worldofpeace
6c8bb26331
Merge pull request #61048 from Ma27/zmap-package
zmap: init at 2.1.1
2019-05-10 15:19:43 -04:00
Bas van Dijk
4b7aea9e8c
Merge pull request #61237 from basvandijk/journalbeat-fixes
NixOS: support journalbeat >= 6
2019-05-10 18:44:44 +02:00
Bas van Dijk
477c552c7d nixos/journalbeat: support journalbeat >= 6 & add test 2019-05-10 15:41:41 +02:00
Maximilian Bosch
3d6fe3d760
nixos/zmap: init module
The module installs `zmap` globally and links the config files to
`/etc/zmap`, the default location of config files for zmap.

The package provides pretty much a sensitive default, custom configs can
be created like this:

```
{ lib, ... }:
{
  environment.etc."zmap/blacklist.conf" = lib.mkForce {
    text = ''
      # custom zmap blacklist
      0.0.0.0/0
    '';
  };
}
```
2019-05-10 08:12:27 +02:00
Ambroz Bizjak
5bec9dc65b virtualbox: 5.2.28 -> 6.0.6
Quite some fixing was needed to get this to work.

Changes in VirtualBox and additions:

- VirtualBox is no longer officially supported on 32-bit hosts so i686-linux is removed from platforms
  for VirtualBox and the extension pack. 32-bit additions still work.

- There was a refactoring of kernel module makefiles and two resulting bugs affected us which had to be patched.
  These bugs were reported to the bug tracker (see comments near patches).

- The Qt5X11Extras makefile patch broke. Fixed it to apply again, making the libraries logic simpler
  and more correct (it just uses a different base path instead of always linking to Qt5X11Extras).

- Added a patch to remove "test1" and "test2" kernel messages due to forgotten debugging code.

- virtualbox-host NixOS module: the VirtualBoxVM executable should be setuid not VirtualBox.
  This matches how the official installer sets it up.

- Additions: replaced a for loop for installing kernel modules with just a "make install",
  which seems to work without any of the things done in the previous code.

- Additions: The package defined buildCommand which resulted in phases not running, including RUNPATH
  stripping in fixupPhase, and installPhase was defined which was not even run. Fixed this by
  refactoring using phases. Had to set dontStrip otherwise binaries were broken by stripping.
  The libdbus path had to be added later in fixupPhase because it is used via dlopen not directly linked.

- Additions: Added zlib and libc to patchelf, otherwise runtime library errors result from some binaries.
  For some reason the missing libc only manifested itself for mount.vboxsf when included in the initrd.

Changes in nixos/tests/virtualbox:

- Update the simple-gui test to send the right keys to start the VM. With VirtualBox 5
  it was enough to just send "return", but with 6 the Tools thing may be selected by
  default. Send "home" to reliably select Tools, "down" to move to the VM and "return"
  to start it.

- Disable the VirtualBox UART by default because it causes a crash due to a regression
  in VirtualBox (specific to software virtualization and serial port usage). It can
  still be enabled using an option but there is an assert that KVM nested virtualization
  is enabled, which works around the problem (see below).

- Add an option to enable nested KVM virtualization, allowing VirtualBox to use hardware
  virtualization. This works around the UART problem and also allows using 64-bit
  guests, but requires a kernel module parameter.

- Add an option to run 64-bit guests. Tested that the tests pass with that. As mentioned
  this requires KVM nested virtualization.
2019-05-09 23:36:57 +02:00
Renaud
c17ec06f66
Merge pull request #60569 from dtzWill/update/vnstat-2.2
vnstat: 2.1 -> 2.2
2019-05-09 20:09:40 +02:00
worldofpeace
bb7e5566c7
Merge pull request #44086 from erikarvstedt/paperless
paperless: add package and service
2019-05-08 17:17:49 -04:00
Alyssa Ross
7261ffc18e
Merge pull request #60776 from alyssais/xerror
nixos/xserver: improve DM error message when X off
2019-05-08 12:19:14 +00:00
Erik Arvstedt
80c3ddbad8
paperless service: init 2019-05-08 09:26:32 +02:00
Will Dietz
e5d049e469 rngd: harden service config, from arch 2019-05-07 22:53:09 -05:00
adisbladis
d5887ece61
nixos/plasma5: Remove phonon-backend-gstreamer pinned to Qt 5.6
Adds closure size for seemingly no reason
2019-05-07 21:44:29 +01:00
Will Dietz
a2bdd63c4f
Merge pull request #61072 from dtzWill/feature/rngd-debug-flag
rngd: add option to run w/debug flag
2019-05-07 14:59:39 -05:00
Frederik Rietdijk
87a5d8fede Merge staging-next into staging 2019-05-07 19:30:14 +02:00
Antoine Eiche
5ef1223f30 nixos/tests/docker-tools: verify order of layers in stacked images 2019-05-07 16:52:13 +02:00
Joachim Fasting
10d3a0e10b
nixos/tests/hardened: test hardened malloc 2019-05-07 13:45:42 +02:00
Joachim Fasting
48ff4f1197
nixos/hardened: use graphene-hardened malloc by default 2019-05-07 13:45:39 +02:00
Joachim Fasting
a84be28270
nixos/malloc: configure system-wide malloc provider
Currently, this uses the somewhat crude method of setting LD_PRELOAD in the
system environment.  This works, but should be considered a stepping stone to
a more robust solution.
2019-05-07 13:45:38 +02:00
David Izquierdo
b24a87fafe jellyfin: remove assertion if emby enabled: no emby module exists 2019-05-07 11:04:57 +02:00
Will Dietz
b809071ffb rngd: add option to run w/debug flag
Added while testing if adding hardening
directives to the service blocked access
to various sources, might be useful in the future.
2019-05-06 23:44:38 -05:00
Linus Heckemann
864f4f084a
Merge pull request #60237 from mayflower/kexec-no-clobber
nixos/kexec: don't clobber existing kexec-loaded kernel
2019-05-06 21:53:47 +02:00
Alberto Berti
f965fb26a9 nixos/kubernetes: upgrade CoreDNS 1.3.1 -> 1.5.0 2019-05-06 13:10:32 +02:00
Bastian Köcher
4806c8c38d nixos/all-firmware: Enable facetimehd only for i686/x86_64 2019-05-06 10:49:42 +02:00
(cdep)illabout
b12ea62ec9 nixos/systemd-boot: add support for memtest86 EFI app
This commit adds support for installing the memtest86 EFI app and adding
a boot entry for it with systemd-boot.
2019-05-06 17:08:55 +09:00
José Romildo Malaquias
b4941a463e
Merge pull request #59943 from romildo/fix.deepin.modules
nixos/deepin: use only one module for deepin services
2019-05-05 20:52:13 -03:00
volth
f3535aeea3
nix.systemFeatures: minor fix
following up #59148
I forgot the default case of the architectures which do not have minor brothers whose code they can run ("westmere" or any of of AMD)
2019-05-05 22:14:24 +00:00
Robert Schütz
1ea22b8868
Merge pull request #60217 from dotlambda/home-assistant-0.92
home-assistant: 0.91.4 -> 0.92.2
2019-05-05 23:31:31 +02:00
José Romildo Malaquias
78f176158c nixos/deepin: add deepin-anything service 2019-05-05 18:01:28 -03:00
José Romildo Malaquias
8ed9f9fedf nixos/deepin: add dde-dock dbus service 2019-05-05 17:37:46 -03:00
José Romildo Malaquias
9e9b96f073 nixos/deepin: install polkit local authority files in /etc 2019-05-05 17:14:42 -03:00
José Romildo Malaquias
9a1890cafb nixos/deepin: add deepin-screenshot dbus service 2019-05-05 17:14:42 -03:00
José Romildo Malaquias
65c6aff217 nixos/deepin: add deepin-image-viewer dbus service 2019-05-05 17:14:41 -03:00
José Romildo Malaquias
f239997fde nixos/deepin: add dde-session-ui dbus service 2019-05-05 17:14:41 -03:00
José Romildo Malaquias
1294aaece6 nixos/deepin: add dde-calendar dbus service 2019-05-05 17:14:41 -03:00
José Romildo Malaquias
788b45fa13 nixos/deepin: add deepin-turbo systemd service 2019-05-05 17:14:41 -03:00
José Romildo Malaquias
77fa14725f nixos/deepin: move deepin-menu.nix into deepin.nix 2019-05-05 17:14:41 -03:00
José Romildo Malaquias
6121a8e3b5 nixos/deepin: fix the deepin-daemon user and group 2019-05-05 17:14:41 -03:00
José Romildo Malaquias
7c60ac71cf nixos/deepin: add dde-api services and user/group 2019-05-05 17:14:41 -03:00
José Romildo Malaquias
4fcaded92b nixos/deepin: rename dde-daemon module
The deepin module is used to set basic dbus and systedmd services, kernel modules,
groups and users needed by the Deepin Desktop Environment.
2019-05-05 17:14:41 -03:00
Michael Raskin
7770495cd7
Merge pull request #59148 from volth/gcc.arch.v3
compilation for particular x86_64 architecture
2019-05-05 19:12:12 +00:00
Will Dietz
45886612f0 networkmanager: network-online --wants--> NetworkManager-wait-online 2019-05-04 19:04:45 -05:00
Bas van Dijk
517c52ec2e
postgresql: always create the $out/bin directory
This is needed because some PostgreSQL plugins don't have a bin
directory. If only these plugins are listed in cfg.extraPlugins buildEnv
will turn $out/bin into a symbolic link to ${pg}/bin. Lateron we try to
rm $out/bin/{pg_config,postgres,pg_ctl} which will then fail because
$out/bin will be read-only.
2019-05-04 14:11:52 -05:00
Andreas Rammhold
45f58cad33
nixos/misc/nixpkgs: fixed syntax error in overlays example
I was pointed towards a small syntax error in the `nixpkgs.overlays`
documentation. There was a trailing semicolon after the overlay
function.

I also aligned the code a bit better so opening and closing brackets can
be visually matched much better (IMO).
2019-05-04 17:29:04 +02:00
Robert Schütz
d280603bd1 nixos/home-assistant: account for introduction of manifest.json
The `availableComponents` now only contain a single attribute for
every integration.
2019-05-04 12:01:23 +02:00
Renaud
966ee252c2
Merge pull request #59367 from Ma27/fix-hostapd-interface-naming
nixos/hostapd: escape interface names for hostapd
2019-05-03 19:04:00 +02:00
worldofpeace
a01943c7f0
Merge pull request #59856 from c00w/external_gpu
nixos/nvidia: Add NVIDIA optimus option to allow external GPUs
2019-05-03 10:31:11 -04:00
Joachim F
5ad1e9f0bf
Merge pull request #60575 from dtzWill/feature/obfs4proxy
obfs4: init at 0.0.10, use in tor-browser-bundle's, tor service
2019-05-03 09:48:02 +00:00
Will Dietz
329df95958 vnstat: 2.1 -> 2.2
https://humdi.net/vnstat/CHANGES

* enable tests
* add hardening options from upstream's
  example service
* fix "documentation" setting in service:
  either needs to be `unitConfig.Documentation`
  (uppercase) or lowercase but not within unitConfig.
2019-05-03 01:47:57 -05:00
Elis Hirwing
6698c37fe1
Merge pull request #60630 from etu/drop-emby
emby: Drop package and module and refer to jellyfin
2019-05-03 07:58:30 +02:00
Silvan Mosberger
bc5b262c9c
Merge pull request #60333 from azazel75/fix-grafana_reporter
grafana_reporter: Fix library function name
2019-05-03 06:29:09 +02:00
Silvan Mosberger
be1ada3140
Merge pull request #60081 from Streetwalrus/nginx_stapling
nginx: use fullchain.pem for ssl_trusted_certificate
2019-05-03 06:28:38 +02:00
Colin L Rice
d67494972d nixos/nvidia: Add NVIDIA optimus option to allow external GPUs
Without this option - NVIDIA refuses to use an external GPU.
2019-05-02 23:57:28 -04:00
Hsiang-Cheng Yang
e775587d63 softether: 4.25 -> 4.29 (#60665)
* softether: 4.25 -> 4.29

* softether_4_29: restrict to x86_64-linux
Does not build on aarch64 because of upstream "-m64" compile flag
2019-05-02 19:38:37 +02:00
Silvan Mosberger
e3dfd6a8ad
Merge pull request #60543 from Infinisil/fix/znc-gen
nixos/znc: Fix config generator for certain null values
2019-05-02 18:23:10 +02:00
Silvan Mosberger
a3e84ba63a
Merge pull request #55771 from Infinisil/nixos/znapzend/parallel
nixos/znapzend: Run znapzendzetup import in parallel
2019-05-02 18:22:44 +02:00
Alyssa Ross
7658c90f21
nixos/xserver: improve DM error message when X off
Previously, if you, for example, set
services.xserver.displayManager.sddm.enable, but forgot to set
services.xserver.enable, you would get an error message that looked like
this:

    error: attribute 'display-manager' missing

Which was not particularly helpful.

Using assertions, we can make this message much better.
2019-05-02 16:19:59 +00:00
Will Dietz
f24f72e60b nixos tor: use obfs4proxy, make transport list customizable 2019-05-01 21:56:05 -05:00
Silvan Mosberger
b6a6162919
Merge pull request #55422 from nand0p/ethminer
ethminer: init at 0.18.0-rc.0
2019-05-02 01:29:09 +02:00
Fernando J Pando
3325773754 nixos/ethminer: init
- Tested on NixOS
2019-05-01 17:20:26 -04:00
Silvan Mosberger
c68124b5f0
Merge pull request #60097 from Mic92/openldap-rootpw-file
nixos/openldap: make rootpw option optional
2019-05-01 22:29:55 +02:00
Elis Hirwing
02cd2b00e7
emby: Drop package and module and refer to jellyfin 2019-05-01 17:47:32 +02:00
Elis Hirwing
ea439dc4d0
Merge pull request #60617 from nyanloutre/jellyfin_10_3_2
jellyfin: 10.3.1 -> 10.3.2
2019-05-01 13:39:09 +02:00
nyanloutre
f82bfd5e80
nixos/jellyfin: add test to all-tests.nix 2019-05-01 11:57:34 +02:00
Silvan Mosberger
a27dc9d3ab
nixos/znc: Fix config generator for certain null values
The type of ZNC's config option specifies that a configuration like

  config.User.paul = null;

should be valid, which is useful for clearing/disabling property sets
like Users and Networks. However until now the config generator
implementation didn't actually cover null values, meaning you'd get an
error like

  error: value is null while a set was expected, at /foo.nix:29:10

This fixes the implementation to correcly allow clearing of property
sets.
2019-05-01 00:06:11 +02:00
worldofpeace
7df410c6d4
Merge pull request #59630 from worldofpeace/setcap-gnome-keyring
gnome3.gnome-keyring: CAP_IPC_LOCK gnome-keyring-daemon
2019-04-30 13:17:03 -04:00
volth
5a2356cff1
nix.systemFeatures: minor refactor 2019-04-30 16:28:21 +00:00
volth
5ad79dc4bb compilation for particular x86_64 architecture 2019-04-30 14:28:04 +00:00
Frederik Rietdijk
fd2bd6e433
Merge staging-next into master 2019-04-30 15:50:24 +02:00
Sarah Brofeldt
10c671ff7c
Merge pull request #60415 from johanot/kubernetes-fix-control-plane-online-unit
nixos/kubernetes: fix control-plane-online prestart dependency
2019-04-30 11:52:05 +02:00
Linus Heckemann
6b6f25e926 nixos/kexec: log what's happening 2019-04-29 22:43:16 +02:00
Johan Thomsen
29bf511ef9 nixos/kubernetes: fix control-plane-online prestart dependency
The kubeconfig provided to the kubernetes-control-plane-online.service
is invalid. However, the apiserver /healthz endpoint can be accessed without auth so it's
simpler to just use curl for that.
2019-04-29 17:42:16 +02:00
Joachim F
b2a165e786
Merge pull request #60377 from joachifm/feat/apparmor-systemd
nixos/apparmor: service unit improvements
2019-04-29 12:36:24 +00:00
Daniel Schaefer
786f02f7a4 treewide: Remove usage of isNull
isNull "is deprecated; just write e == null instead" says the Nix manual
2019-04-29 14:05:50 +02:00
Frederik Rietdijk
2f936f85d8 Merge master into staging-next 2019-04-29 13:46:20 +02:00
Silvan Mosberger
da4f6a2a09 browserpass: Remove v2 and switch to buildGoModule (#60282) 2019-04-28 11:05:24 -07:00
Edmund Wu
162546f0a1 nixos/luksroot: create /run/cryptsetup (#60235)
Needed since 2.0.0
Changed to /run/cryptsetup from /run/lock/cryptsetup in 2.0.1
2019-04-28 17:49:32 +00:00
Joachim Fasting
aa24c4e95b
nixos/apparmor: allow reloading profiles without losing confinement
Define ExecReload, otherwise reload implies stop followed by start, which
leaves existing processes in unconfined state [1].

[1]: https://gitlab.com/apparmor/apparmor/wikis/AppArmorInSystemd
2019-04-28 17:38:12 +02:00
Joachim Fasting
f824dad19a
nixos/apparmor: order before sysinit.target
Otherwise, profiles may be loaded way too late in the init process.
2019-04-28 17:38:07 +02:00
Joachim F
e666cc4e7e
Merge pull request #60334 from bhipple/fix/doc-typo
nixos.grafana: fix docstring typo
2019-04-28 15:07:06 +00:00
Aaron Andersen
3fce35fde2
Merge pull request #59465 from minijackson/module-jellyfin 2019-04-28 10:21:35 -04:00
Michael Weiss
6852c080d8
nixos/sks: Fix another regression from ab5dcc7068
The two directories KDB and PTree do not exist before the SKS DB is
build for the first time. If /var/db/sks is empty and the module is
enabled via "services.sks.enable = true;" the following error will
occur:
...-unit-script-sks-db-pre-start[xxx]:
ln: failed to create symbolic link 'KDB/DB_CONFIG': No such file or directory

To avoid this both links have to be created after the DB is build.
Note: Creating the directories manually might be better but the initial
build might be skipped as a result:
unit-script-sks-db-pre-start[xxxxx]: KeyDB directory already exists.  Exiting.
unit-script-sks-db-pre-start[xxxxx]: PTree directory already exists.  Exiting.
2019-04-28 14:45:21 +02:00
Minijackson
ab9378980a
nixos/jellyfin: add simple test 2019-04-28 11:03:51 +02:00
Minijackson
eb8dac2fcd
nixos/jellyfin: init 2019-04-28 11:03:50 +02:00
elseym
5fb48557f5
documize-module: refactor and add more options 2019-04-28 07:45:17 +02:00
Michael Weiss
698388bc61 Revert "nixos/switch-to-configuration: Never stop system.slice"
This change was only a temporary workaround and isn't required anymore,
since /etc/systemd/system/system.slice should not be present on any
recent NixOS system (which makes this change a no-op).

This reverts commit 7098b0fcdf.
2019-04-28 07:21:34 +02:00
Silvan Mosberger
77fb90d27e
Merge pull request #59731 from ajs124/ejabberd_test
ejabberd: refactor module, add test
2019-04-27 23:36:52 +02:00
Michael Weiss
15010f0436
sway: Read the configuration from /etc before /nix/store (#60319)
This change will load all configuration files from /etc, to make it easy
to override them, but fallback to /nix/store/.../etc/sway/config to make
Sway work out-of-the-box with the default configuration on non NixOS
systems.
2019-04-27 22:38:18 +02:00
Michael Weiss
753e1e0bab
nixos/sks: Fix the module (the pre-start script was broken)
Unfortunately the changes in ab5dcc7068
introduced a typo (took me a while to spot that...) that broke the
whole module (or at least the sks-db systemd unit).

The systemd unit was failing with the following error message:
...-unit-script-sks-db-pre-start[xxx]: KDB/DB_CONFIG exists but is not a symlink.
2019-04-27 19:19:27 +02:00
Sarah Brofeldt
22348f951c
Merge pull request #60197 from etu/patch-gitea-generated-config
nixos/gitea: Don't include not needed database options depending on type
2019-04-27 19:16:33 +02:00
Benjamin Hipple
d084937fe7 nixos.grafana: fix docstring typo 2019-04-27 13:09:48 -04:00
Alberto Berti
47f62b4821 grafana_reporter: Fix library function name 2019-04-27 19:09:06 +02:00
Florian Klink
033882e0b7
Merge pull request #60019 from aanderse/nzbget
nzbget: fix broken service, as well as some improvements
2019-04-27 18:26:50 +02:00
Aaron Andersen
8d64ec7a17
Merge pull request #59424 from florianjacob/journalwatch
journalwatch: fix broken package, general maintenance
2019-04-27 10:58:45 -04:00
Lassulus
9cda3faecd
Merge pull request #53444 from wedens/earlyoom-notifications
nixos/earlyoom: add notificationsCommand option
2019-04-27 21:34:37 +09:00
aszlig
7ba9b0a41b
nixos: Fix build of manual
The build error has been introduced by 56dcc319cf.

Using a <simplesect/> within a <para/> is not allowed and subsequently
fails to validate while building the manual.

So instead, I moved the <simplesect/> further down and outside of the
<para/> to fix this.

Signed-off-by: aszlig <aszlig@nix.build>
Cc: @aaronjanse, @Lassulus, @danbst
2019-04-27 12:39:37 +02:00
Matthieu Coudron
03fb00d565
Merge pull request #60223 from Ma27/write-i3cfg-to-etc
nixos/window-managers/i3: write config file to `/etc/i3/config`
2019-04-27 18:46:57 +09:00
Lassulus
f099d3d8b6
Merge pull request #57561 from aaronjanse/patch-5
nixos/manual: document auto-login
2019-04-27 16:07:06 +09:00
Lassulus
21fe4fd176
Merge pull request #58181 from fgaz/nixos/zeronet/fix1
nixos/zeronet: add fileserverPort option
2019-04-27 15:45:30 +09:00
Frederik Rietdijk
883232c00d Merge master into staging-next 2019-04-27 07:01:38 +02:00
Maximilian Bosch
a1ffabe4de
nixos/window-managers/i3: write config file to /etc/i3/config
The default config of i3 provides a key binding to reload, so changes
take effect immediately:

```
bindsym $mod+Shift+c reload
```

Unfortunately the current module uses the store path of the `configFile`
option. So when I change the config in NixOS, a store path will be
created, but the current i3 process will continue to use the old one,
hence a restart of i3 is required currently.

This change links the config to `/etc/i3/config` and alters the X
startup script accordingly so after each rebuild, the config can be
reloaded.
2019-04-26 21:12:52 +02:00
Peter Hoeg
eb6ce1c8a9
Merge pull request #60146 from peterhoeg/f/packagekit
nixos/packagekit: make it not error out + test
2019-04-26 14:19:46 +08:00
Aaron Andersen
5b76046db3 nixos/nzbget: fix broken service, add a nixos test, as well as some general improvements 2019-04-25 20:28:39 -04:00
Linus Heckemann
4d667685c2 nixos/kexec: don't clobber existing kexec-loaded kernel 2019-04-26 00:35:10 +02:00
Linus Heckemann
d4cd164082 nixos/tinc: remove ordering dependency on network.target
This allows configuring IP addresses on a tinc interface using
networking.interfaces."tinc.${n}".ipv[46].addresses.

Previously, this would fail with timeouts, because of the dependency
chain
tinc.${netname}.service
--after--> network.target
--after--> network-addresses-tinc.${n}.service (and network-link-…)
--after--> sys-subsystem-net-devices-tinc.${n}.device

But the network interface doesn't exist until tinc creates it! So
systemd waits in vain for the interface to appear, and by then the
network-addresses-* and network-link-* units have failed. This leads
to the network link not being brought up and the network addresses not
being assigned, which in turn stops tinc from actually working.
2019-04-25 22:54:11 +02:00
volth
c01ea27ce3
nixos-generate-config: do not build btrfs-tools when btrfs is not used
cross-compilation of `btrfs-tools` is broken, and this usually needless dependency of each system closure on `btrfs-tools` prevents cross-compilation of whole system closures
2019-04-25 12:08:20 +00:00
Elis Hirwing
71450b1c1a
nixos/gitea: Don't include not needed database options depending on type
This was discovered in https://github.com/NixOS/nixpkgs/pull/60014
2019-04-25 08:30:14 +02:00
Florian Jacob
e916cdf02d nixos/journalwatch: permissionsStartOnly is deprecated
See #53852 for details,
related to the efforts in #56265
2019-04-24 21:26:29 +02:00
Graham Christensen
857069293d
Merge pull request #56565 from andrew-d/adunham/plex-fhs
plex: rewrite to use FHS userenv
2019-04-24 15:00:30 -04:00
Robin Gloster
b2c1ed6355
Merge pull request #53043 from exi/wg-quick
nixos/modules/networking/wg-quick Add wg-quick options support
2019-04-24 17:16:32 +00:00
Frederik Rietdijk
0a7bcb3b03 Merge staging into staging-next 2019-04-24 18:38:11 +02:00
Peter Hoeg
ab15949f81 nixos/packagekit: add test 2019-04-24 22:31:36 +08:00
Peter Hoeg
1bc408ec3a nixos/packagekit: make it not error out and use upstream systemd unit 2019-04-24 22:31:36 +08:00
Peter Hoeg
f81ddbf8e7
Merge pull request #60149 from peterhoeg/u/mosquitto_160
mosquitto: 1.5.8 -> 1.6 + nixos tests
2019-04-24 22:29:08 +08:00
Maximilian Bosch
28a95c4f7f
Merge pull request #60138 from grahamc/wireguard-generate-key
wireguard: add generatePrivateKeyFile option + test
2019-04-24 16:00:34 +02:00
Graham Christensen
06c83a14e1
Wrap 'wg' commands in <command> 2019-04-24 07:46:01 -04:00
Graham Christensen
f57fc6c881
wireguard: add generatePrivateKeyFile option + test
Ideally, private keys never leave the host they're generated on - like
SSH. Setting generatePrivateKeyFile to true causes the PK to be
generate automatically.
2019-04-24 07:46:01 -04:00
Peter Hoeg
c5af9fd4dd nixos/mosquitto: add test 2019-04-24 17:02:20 +08:00
Andrew Dunham
9f7f367bf5 plex: rewrite to use FHS userenv 2019-04-23 20:19:33 -07:00
Matthew Bauer
84d00355e8 Merge remote-tracking branch 'NixOS/master' into staging 2019-04-23 22:00:42 -04:00
Silvan Mosberger
508fd8f133
Merge pull request #55413 from msteen/bitwarden_rs
bitwarden_rs: init at 1.8.0
2019-04-24 00:25:08 +02:00
Matthijs Steen
ef1a43030b nixos/bitwarden_rs: init 2019-04-23 23:46:57 +02:00
Silvan Mosberger
ca37c23f91
Merge pull request #58096 from pacien/tedicross-init
tedicross: init at 0.8.7
2019-04-23 23:14:22 +02:00
pacien
d3423dd5c2 nixos/tedicross: add module 2019-04-23 22:52:23 +02:00
Jörg Thalheim
d43dc68db3
nixos/openldap: make rootpw option optional
This allows to store passwords in external files outside of the world-readable
nix store.
2019-04-23 16:35:33 +01:00
Janne Heß
5fbf306760 nixos/icingaweb2: Fix environment.etc assignment 2019-04-23 14:04:40 +02:00
ajs124
3e32e150cb nixos/ejabberd: migrate to tmpfiles, drop runit 2019-04-23 14:00:49 +02:00
Dan Elkouby
83c9b6ee39 nginx: use fullchain.pem for ssl_trusted_certificate
Some ACME clients do not generate full.pem, which is the same as
fullchain.pem + the certificate key (key.pem), which is not necessary
for verifying OCSP staples.
2019-04-23 12:33:19 +03:00
markuskowa
d0e70ac2d3
Merge pull request #60010 from JohnAZoidberg/https-urls
HTTPS urls
2019-04-22 23:37:07 +02:00
Daniel Schaefer
92cccb6f83 treewide: Use HTTPS for readthedocs URLs 2019-04-22 20:46:18 +02:00
Maximilian Bosch
c957341ef5
nixos-container: allow setting custom local and host address
I have a nixops network where I deploy containers using the `container`
backend which uses `nixos-container` intenrally to deploy several
containers to a certain host.

During that time I removed and added new containers and while trying to
deploy those to a different host I realized that it isn't guaranteed
that each container gets the same IP address which is a problem as some
parts of the deployment need to know which container is using which IP
(i.e. to configure port forwarding on the host).

With this change you can specify the container's IP like this (and don't
have to use the arbitrarily used 10.233.0.0/16 subnet):

```
$ nixos-container create test --config-file test-container.nix \
    --local-address 10.235.1.2 --host-address 10.235.1.1
```
2019-04-22 18:13:45 +02:00
Samuel Dionne-Riel
8a74ebeb01
nixos/virtualbox: Fixes configuration to evaluate
Fixes issue introduced by #57557
2019-04-22 11:22:00 -04:00
Aaron Andersen
c3f69d1373
Merge pull request #59381 from aanderse/automysqlbackup
automysqlinit: init at 3.0_rc6
2019-04-22 08:30:23 -04:00
Joachim Fasting
b33da46a8e
nixos/hardened: split description of allowUserNamespaces into paras 2019-04-21 13:11:25 +02:00
mlvzk
113bb0a7e9 nixos/display-managers/startx: fix typos for startx option description
`~/.xinintrc` => `~/.xinitrc`
`autmatically` => `automatically`
2019-04-21 07:46:37 +00:00
Samuel Dionne-Riel
429e554714 nixos/virtualbox: Fixes configuration to evaluate
Fixes issue introduced by #57557
2019-04-20 23:04:13 -04:00
Matthew Bauer
2a8ca24215
Merge pull request #59435 from furrycatherder/fix-tarball
nixos: fix system-tarball
2019-04-20 20:58:42 -04:00
Léo Gaspard
451961ead2
Merge pull request #59880 from florianjacob/matrix-synapse-identity-servers
nixos/matrix-synapse: correct trusted_third_party_id_servers default
2019-04-21 02:41:21 +02:00
Matthew Bauer
799fa4d404 Merge remote-tracking branch 'origin/master' into staging 2019-04-20 19:31:35 -04:00
Aaron Andersen
4a11ce7f26
cleanup redundant text in modules utilizing mkEnableOption
Closes #59911
2019-04-20 14:44:02 +02:00
Reno Reckling
abf60791e2 nixos/modules/networking/wg-quick Add wg-quick options support
This is an implementation of wireguard support using wg-quick config
generation.

This seems preferrable to the existing wireguard support because
it handles many more routing and resolvconf edge cases than the
current wireguard support.

It also includes work-arounds to make key files work.

This has one quirk:
We need to set reverse path checking in the firewall to false because
it interferes with the way wg-quick sets up its routing.
2019-04-20 14:02:54 +02:00
Aaron Andersen
e5b583bef4 nixos/httpd: cleanup old apache2.2 syntax 2019-04-20 07:32:55 -04:00
Jan Tojnar
d3259ed673
Merge branch 'master' into staging 2019-04-20 12:49:01 +02:00
Matthew Bauer
c1fd154fb6
Merge pull request #57557 from matthewbauer/ova-swap
nixos/virtualbox: add swap file
2019-04-19 10:17:36 -04:00
Matthew Bauer
dbc4543812 nixos/virtualbox: add swap file
Puts 2G swap in /var/swap of OVA. This serves as backup when you hit
the memory cap for the image.

Fixes #57171 and fixes #22696
2019-04-19 10:15:48 -04:00
ajs124
2b84c8d560 nixos/ejabberd: add basic test 2019-04-19 12:44:43 +02:00
Florian Jacob
34aa25b8dc nixos/matrix-synapse: correct trusted_third_party_id_servers default
the servers are equivalent and synchronized, but Riot defaults to use vector.im
Source: https://github.com/matrix-org/synapse/blob/v0.99.3/docs/sample_config.yaml#L701
2019-04-19 11:54:06 +02:00
AmineChikhaoui
548932640b
ec2-amis.nix: add 19.03 amis 2019-04-18 23:07:14 -04:00
Aaron Andersen
3464b50c61
Merge pull request #59389 from aanderse/issue/53853-1
replace deprecated usage of PermissionsStartOnly (part 1)
2019-04-18 20:46:28 -04:00
markuskowa
dac0051e60
Merge pull request #59188 from gnidorah/maxx
maxx: 1.1.0 -> 2.0.1
2019-04-18 21:48:01 +02:00
Linus Heckemann
42c107c2aa
Merge pull request #49537 from mayflower/stage1-symlink-fix
nixos stage-1: fix init existence test
2019-04-18 17:59:08 +02:00
Pierre Bourdon
5d2bb3d715 nixos/stage-1: "find-libs" shell script is for the host 2019-04-18 15:02:51 +02:00
Bas van Dijk
cccc7a93d2
Merge pull request #59828 from basvandijk/prometheus-refactoring
nixos/prometheus: refactored & added more missing options
2019-04-18 13:43:53 +02:00
Bas van Dijk
cdd82681b3 nixos/prometheus: add more missing options 2019-04-18 12:53:13 +02:00
Bas van Dijk
285fd3c05a nixos/prometheus: abstract over optional option creation 2019-04-18 11:55:43 +02:00
Domen Kožar
9bc23f31d2
Merge pull request #48337 from transumption/201810/nginx-etag
nginx: if root is in Nix store, use path's hash as ETag
2019-04-18 16:41:49 +07:00
aszlig
d533285224
nixos/tests/nginx: Add subtest for Nix ETag patch
This is to make sure that we get different ETag values whenever we
switch to a different store path but with the same file contents.

I've checked this against the old behaviour without the patch and it
fails as expected.

Signed-off-by: aszlig <aszlig@nix.build>
2019-04-18 09:41:13 +02:00
Frederik Rietdijk
2346182c2c Merge staging-next into staging 2019-04-18 08:26:30 +02:00
volth
ca7a18a24b
nixos/netboot: import -> callPackage
Copy-paste from iso-image.nix

Besides the simplification, it should use `pkgs.buildPackages.squashfsTools` because it is used in `nativeBuildInputs` instead of incorrect `pkgs.squashfsTools` which was forced by `import'
2019-04-18 01:11:04 +00:00
ajs124
e03932bbca xmpp-sendmessage: init script file, use in prosody test 2019-04-17 23:36:07 +02:00
worldofpeace
7abeda982a gnome3.gsettings-desktop-schemas -> gsettings-desktop-schemas
gnome3.pomodoro is left out because I don't want to create a conflict.
2019-04-17 13:39:23 -04:00
Robin Gloster
b278cd86e1
Merge branch 'master' into kube-apiserver-preferred-address-types 2019-04-17 16:40:06 +00:00
Robin Gloster
44afc81af1
Merge pull request #57693 from mayflower/kube-apiserver-proxy-client-certs
nixos/kubernetes: Add proxy client certs to apiserver
2019-04-17 16:38:51 +00:00
Robin Gloster
7dc6e77bc2
Merge pull request #56789 from mayflower/upstream-k8s-refactor
nixos/kubernetes: stabilize cluster deployment/startup across machines
2019-04-17 16:37:58 +00:00
Bas van Dijk
55ef5d4246 nixos/prometheus: set optional attributes to type types.nullOr
This makes sure that when a user hasn't set a Prometheus option it
won't show up in the prometheus.yml configuration file. This results
in smaller and easier to understand configuration files.
2019-04-17 14:49:09 +02:00
Bas van Dijk
57e5b75f9c nixos/prometheus: filter out the _module attr in a central place
We previously filtered out the `_module` attribute in a NixOS
configuration by filtering it using the option's `apply` function.

This meant that every option that had a submodule type needed to have
this apply function. Adding this function is easy to forget thus this
mechanism is error prone.

We now recursively filter out the `_module` attributes at the place we
construct the Prometheus configuration file. Since we now do the filtering
centrally we don't have to do it per option making it less prone to errors.
2019-04-17 14:08:16 +02:00
Joachim F
d7da5e2af2
Merge pull request #53826 from delroth/randstruct-custom-seed
nixos: allow customizing the kernel RANDSTRUCT seed
2019-04-16 17:49:19 +00:00
volth
9498c8f443 captive-browser: init at 2019-04-14 2019-04-16 14:52:38 +00:00
Bas van Dijk
a913d0891c nixos/prometheus: filter out empty srcape_configs attributes
This results in a smaller prometheus.yml config file.

It also allows us to use the same options for both prometheus-1 and
prometheus-2 since the new options for prometheus-2 default to null
and will be filtered out if they are not set.
2019-04-16 16:06:11 +02:00
Bas van Dijk
a23db5db08 nixos/prometheus: add new ec2_sd_config options for prometheus2 2019-04-16 16:04:33 +02:00
Andrew Childs
ad7e232f88 nixos/prometheus: add ec2_sd_configs section to scrape_configs 2019-04-16 13:43:52 +02:00
Bas van Dijk
e7fadde7a7 nixos/doc: remove prometheus2 notes from the 19.09 release notes
prometheus2 has been backported to 19.03 so it won't be new for 19.09.
2019-04-16 09:47:45 +02:00
Bas van Dijk
d1940beb3a nixos/prometheus/pushgateway: add module and test 2019-04-16 08:09:38 +02:00
Aaron Andersen
5f4df8e509 automysqlinit: init at 3.0_rc6 2019-04-15 21:51:55 -04:00
worldofpeace
2d6247a414 gnome3.gnome-keyring: CAP_IPC_LOCK gnome-keyring-daemon
From gkd-capability.c:

This program needs the CAP_IPC_LOCK posix capability.
We want to allow either setuid root or file system based capabilies
to work. If file system based capabilities, this is a no-op unless
the root user is running the program. In that case we just drop
capabilities down to IPC_LOCK. If we are setuid root, then change to the
invoking user retaining just the IPC_LOCK capability. The application
is aborted if for any reason we are unable to drop privileges.
2019-04-15 14:59:56 -04:00
worldofpeace
27ac8cb2c4
Merge pull request #59185 from worldofpeace/glib-networking
nixos/glib-networking: init
2019-04-15 13:17:58 -04:00
worldofpeace
7802b18958 nixos/pantheon: use glib-networking module 2019-04-15 13:11:58 -04:00
Eelco Dolstra
5399f34ad9
nix: 2.2 -> 2.2.2 2019-04-15 19:06:57 +02:00
worldofpeace
b0e9f85f47 nixos/glib-networking: init
Note that we were previously didn't have glib-networking
in systemd.packages so the PacRunner was non-functional.
2019-04-15 13:04:06 -04:00
adisbladis
9a176d669a
nixos/tox-node: Add descriptions to module options.
Missing these broke the tarball build
https://hydra.nixos.org/build/92258938/nixlog/1
2019-04-15 17:11:10 +01:00
José Romildo Malaquias
c32b50a5f7
Merge pull request #59520 from romildo/upd.deepin.deepin-daemon
nixos/dde-daemon: init
2019-04-15 10:30:51 -03:00
adisbladis
4b4caa9413
Merge pull request #59368 from suhr/tox-node
nixos/tox-node: init
2019-04-15 12:28:27 +03:00
adisbladis
454aa43213
nixos/tox-node: Dont hardcode bootstrap nodes
Get these from upstream tox-node package instead.
This is likely to cause less maintenance overhead over time and
following upstream bootstrap node changes is automated.
2019-04-15 09:27:32 +01:00
Сухарик
6cb40f7b0b
nixos/tox-node: init 2019-04-15 09:27:27 +01:00
Bas van Dijk
e5724e8e66
Merge pull request #59514 from basvandijk/elk-7.0.0
elk7: init at 7.0.0
2019-04-15 07:05:13 +02:00
José Romildo Malaquias
46a4e92d92 nixos/deepin-daemon: init 2019-04-14 21:47:45 -03:00
Bas van Dijk
13352f28d2 elk7: init at 7.0.0
This adds the following new packages:

+ elasticsearch7
+ elasticsearch7-oss
+ logstash7
+ logstash7-oss
+ kibana7
+ kibana7-oss
+ filebeat7
+ heartbeat7
+ metricbeat7
+ packetbeat7
+ journalbeat7

The default major version of the ELK stack stays at 6. We should
probably set it to 7 in a next commit.
2019-04-14 21:39:46 +02:00
Silvan Mosberger
a63c182d53
Merge pull request #59315 from Infinisil/znc-docs-url
nixos/znc: Fix URL XML for config option
2019-04-14 17:33:49 +02:00
worldofpeace
6846d4ab85 nixos/fprintd: use systemd.packages
Upstream has a systemd service.
2019-04-14 10:19:57 -04:00
worldofpeace
4616b4ec85
Merge pull request #21860 from e-user/bugfix/upstream/gnome-pam
nixos/gdm: use provided PAM login configuration wherever possible
2019-04-14 09:52:17 -04:00
Alexander Kahl
56bd0110e7 nixos/pam: Add GNOME keyring use_authtok directive to password group 2019-04-14 09:50:22 -04:00
Alexander Kahl
5b9895b1a0 nixos/gdm: use provided PAM login configuration wherever possible
Fixes #21859
2019-04-14 09:49:01 -04:00
worldofpeace
c9a925d82b
Merge pull request #59433 from romildo/upd.deepin.deepin-menu
nixos/deepin-menu: init
2019-04-14 09:18:15 -04:00
José Romildo Malaquias
9e99eed443 nixos/deepin-menu: init 2019-04-14 10:00:44 -03:00
Linus Heckemann
0fc80a576a
Merge pull request #59423 from lheckemann/initramfs-improvements
Initramfs improvements
2019-04-14 12:10:26 +02:00
Sarah Brofeldt
f839011719
Merge pull request #58512 from aanderse/solr
solr: init at 8.0.0
2019-04-14 11:16:28 +02:00
gnidorah
1a4072e90f maxx: 1.1.0 -> 2.0.1 2019-04-14 09:51:29 +03:00
Sean Haugh
040d159eb4 nixos: fix system-tarball 2019-04-13 22:14:37 -05:00
Danylo Hlynskyi
eddb31be99
Merge pull request #55121 from Ma27/add-option-support-to-nixos-build-vms
nixos-build-vms: pass `--option` to `nix-build`
2019-04-14 02:57:57 +03:00
Linus Heckemann
b499c52de5 stage-1: provide meaningful names to initrd and module tree 2019-04-13 23:22:56 +02:00
Aaron Andersen
55ddb04a8a nixos/zookeeper: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-04-13 07:01:01 -04:00
Aaron Andersen
a1c48c3f63 nixos/vault: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-04-13 07:01:01 -04:00
Aaron Andersen
053c9a7992 nixos/sonarr: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-04-13 07:01:01 -04:00
Aaron Andersen
bb649d96b0 nixos/smokeping: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-04-13 07:01:00 -04:00
Aaron Andersen
484e896d7a nixos/radarr: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-04-13 07:01:00 -04:00
Aaron Andersen
021b287b84 nixos/peerflix: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-04-13 07:01:00 -04:00
Aaron Andersen
0672f867bc nixos/mysql-backup: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-04-13 07:01:00 -04:00
Aaron Andersen
89cbee4d3e nixos/mxisd: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-04-13 07:01:00 -04:00
Aaron Andersen
cd46038ae5 nixos/jackett: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-04-13 07:00:59 -04:00
Aaron Andersen
b7f376c01b nixos/ipfs: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-04-13 07:00:59 -04:00
Aaron Andersen
b1be2f1584 nixos/influxdb: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-04-13 07:00:59 -04:00
Aaron Andersen
6ac630bad3 nixos/etcd: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-04-13 07:00:59 -04:00
Aaron Andersen
062efe018d nixos/couchdb: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-04-13 07:00:58 -04:00
Aaron Andersen
56c7960d66 nixos/codimd: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-04-13 07:00:58 -04:00
Aaron Andersen
e51f86a018 nixos/clickhouse: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-04-13 07:00:58 -04:00
Aaron Andersen
e5d8ba59cc nixos/traefik: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-04-13 07:00:58 -04:00
Aaron Andersen
cefbee3edc nixos/syncthing: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-04-13 07:00:58 -04:00
Aaron Andersen
0113cc0de9 nixos/stanchion: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-04-13 07:00:57 -04:00
Aaron Andersen
a585d29bfd nixos/rss2email: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-04-13 07:00:57 -04:00
Aaron Andersen
2ebbe3988b nixos/rabbitmq: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-04-13 07:00:57 -04:00
Aaron Andersen
7b2be9b328 nixos/postgresqlBackup: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-04-13 07:00:57 -04:00
Aaron Andersen
64fdacc580 nixos/nullmailer: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-04-13 07:00:57 -04:00
Aaron Andersen
a6bbc55ae1 nixos/nexus: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-04-13 07:00:56 -04:00
Aaron Andersen
7808202b38 nixos/munge: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-04-13 07:00:56 -04:00
Aaron Andersen
919c87a106 nixos/mpd: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-04-13 07:00:56 -04:00
Aaron Andersen
8c48c55c2d nixos/minio: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-04-13 07:00:56 -04:00
Aaron Andersen
89081eef5d nixos/mesos: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-04-13 07:00:56 -04:00
Aaron Andersen
2f50cd06dc nixos/memcached: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-04-13 07:00:55 -04:00
Aaron Andersen
5f9a639f69 nixos/liquidsoap: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-04-13 07:00:55 -04:00
Aaron Andersen
8fe1c5b30f nixos/lidarr: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-04-13 07:00:55 -04:00
Aaron Andersen
09af9fcd34 nixos/collectd: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-04-13 07:00:55 -04:00
markuskowa
7d363d46ba
Merge pull request #59362 from matthiasbeyer/ympd-port-int
ympd service: Allow webPort to be int
2019-04-12 20:59:13 +02:00
Maximilian Bosch
f975bbae11
nixos/hostapd: escape interface names for hostapd
Same problem as described in acbadcdbba.

When using multiple interfaces for wifi with `networking.wlanInterfaces`
and the interface for `hostapd` contains a dash, this will fail as
systemd escapes dashes in its device names.
2019-04-12 19:27:19 +02:00
Graham Christensen
628ba24e77
Merge pull request #59349 from mogorman/manual-upgrading
nixos/manual: update 17.03 -> 19.03 in upgrading section
2019-04-12 12:19:12 -04:00
Matthias Beyer
31884f788e ympd service: Allow webPort to be int
Signed-off-by: Matthias Beyer <mail@beyermatthias.de>
2019-04-12 18:17:10 +02:00
Matthew O'Gorman
da035d3ad6
nixos/manual: update 17.03 -> 19.03 in upgrading section 2019-04-12 12:16:30 -04:00
Silvan Mosberger
92ae299998
Merge pull request #59081 from Yarny0/hylafax-updates
HylaFAX: fix ModemGroup, also minor metadata updates
2019-04-12 16:30:46 +02:00
Bas van Dijk
08b277e0da
Merge pull request #56017 from elohmeier/prom-tls
prometheus: add tls_config
2019-04-12 12:57:54 +02:00
Joachim F
5dafbb2cb1
Merge pull request #56719 from bricewge/miniflux-service
miniflux: add service
2019-04-12 09:57:30 +00:00
Yarny0
e57156bcaa nixos/hylafax: fix faxq ModemGroup setting
The manpage claims that the "limit" in the setting::
  <name>:[<limit>:]<regex>
is optional and defaults to zero, implying no limit.
However, tests confirmed that it actually isn't optional.

Without limit, the setting ``any:.*`` places
outbound jobs on infinite hold if no particular
modem was specified on the sendfax command line.
The new default value ``any:0:.*`` from
this commit uses any available modem to
send jobs if not modem was given to sendfax.
2019-04-12 11:11:49 +02:00
Yarny0
1438f7b664 nixos/hylafax: add 'yarny' (= myself) as maintainer
I forgot to do this when I submitted this module with
commit 12fa95f2d6.
2019-04-12 11:11:48 +02:00
Silvan Mosberger
2d1fa68c83
Merge pull request #59044 from teto/strongswan_path
strongswan module: use strings for secrets.
2019-04-11 22:51:24 +02:00
Enno Lohmeier
da7aeb1b7d prometheus: add tls_config 2019-04-11 20:34:31 +02:00
Silvan Mosberger
b8dc0f9a5b
nixos/znc: Fix URL XML for config option 2019-04-11 16:59:19 +02:00
Frederik Rietdijk
230c67f43b Merge master into staging-next 2019-04-11 07:50:23 +02:00
Ryan Mulligan
0960fc72b7
Merge pull request #49868 from jfrankenau/fix-triggerhappy
nixos/triggerhappy: add option user
2019-04-10 20:56:19 -07:00
Matthieu Coudron
08b8c6caf2 nixos/strongswan: use strings for secrets.
The nixos module artifically enforces type.path whereas the ipsec secret configuration files
accept pattern or relative paths.
Enforcing absolute paths already caused problems with l2tp vpn:
https://github.com/nm-l2tp/NetworkManager-l2tp/issues/108
2019-04-11 11:44:49 +09:00
Aaron Andersen
ee7565af9d solr: init at 8.0.0 2019-04-10 20:12:41 -04:00
Bas van Dijk
38ae3fe584
Merge pull request #59270 from basvandijk/alertmanager-DynamicUser
nixos/prometheus/alertmanager: use DynamicUser instead of nobody
2019-04-10 22:56:17 +02:00
Bas van Dijk
cd4486ecc3 nixos/prometheus/alertmanager: use DynamicUser instead of nobody
See issue #55370
2019-04-10 20:38:40 +02:00
Jörg Thalheim
4d4f110ca5
Merge pull request #59181 from Izorkin/nginx-format
nixos/nginx: fix error in writeNginxConfig
2019-04-10 19:23:34 +01:00
Bas van Dijk
739bdff4a4 nixos/prometheus/alertmanager: use ExecStart instead of script
This results in a simpler service unit which doesn't first have to
start a shell:

  > cat /nix/store/s95nsr8zbkblklanqpkiap49mkwbaq45-unit-alertmanager.service/alertmanager.service
  ...
  ExecStart=/nix/store/4g784lwcy7kp69hg0z2hfwkhjp2914lr-alertmanager-0.16.2-bin/bin/alertmanager \
    --config.file /nix/store/p2c7fyi2jkkwq04z2flk84q4wyj2ggry-checked-config \
    --web.listen-address [::1]:9093 \
    --log.level warn
  ...
2019-04-10 15:03:09 +02:00
Linus Heckemann
4557373d68
Merge pull request #58858 from worldofpeace/pantheon/lightdm-gtk-greeter
nixos/pantheon: enable lightdm gtk greeter
2019-04-10 09:36:20 +02:00
Robin Gloster
f370553f8f
Merge pull request #58804 from Ma27/roundcube-fixes
roundcube: minor fixes
2019-04-09 18:30:00 +00:00
aszlig
f98b4b0fda
nixos: Fix build of manual
Commit 29d7d8f44d has introduced another
section with the ID "sec-release-19.09-incompatibilities", which
subsequently causes the build to fail.

I just merged both sections and the manual is now building again.

Signed-off-by: aszlig <aszlig@nix.build>
2019-04-09 17:18:43 +02:00
Frederik Rietdijk
d108b49168 Merge master into staging-next 2019-04-09 16:38:35 +02:00
Bas van Dijk
2f2e2971d6
Merge pull request #58255 from jbgi/prometheus2
Add Prometheus 2 service in parallel with 1.x version (continuation)
2019-04-09 14:14:18 +02:00
Bas van Dijk
b423b73adc nixos/doc: add Prometheus stateDir handling to rl-1909.xml 2019-04-09 13:13:44 +02:00
Bas van Dijk
c95179b52f nixos/prometheus: add back the option services.prometheus.dataDir
This is to ensure more backwards compatibility. Note this is not 100%
backwards compatible because we now require dataDir to begin with /var/lib/.
2019-04-09 13:13:34 +02:00
Bas van Dijk
7062a073e8 elk: 6.5.1 -> 6.7.1 2019-04-09 12:34:01 +02:00
Robin Gloster
a58ab8fc05
Merge pull request #58398 from Ma27/package-documize
documize-community: init at 2.2.1
2019-04-08 22:34:11 +00:00
Maximilian Bosch
acbb74ed18
documize-community: init at 2.2.1
Documize is an open-source alternative for wiki software like Confluence
based on Go and EmberJS. This patch adds the sources for the community
edition[1], for commercial their paid-plan[2] needs to be used.

For commercial use a derivation that bundles the commercial package and
contains a `$out/bin/documize` can be passed to
`services.documize.enable`.

The package compiles the Go sources, the build process also bundles the
pre-built frontend from `gui/public` into the binary.

The NixOS module generates a simple `systemd` unit which starts the
service as a dynamic user, database and a reverse proxy won't be
configured.

[1] https://www.documize.com/get-started/
[2] https://www.documize.com/pricing/
2019-04-08 23:54:57 +02:00
worldofpeace
acedc516fe nixos/pantheon: use evince module 2019-04-08 16:40:54 -04:00
Linus Heckemann
0ce382d868 rl-1903: pantheon notes phrasing/organisation 2019-04-08 16:22:58 -04:00
Ingo Blechschmidt
efff2e1aa6 iodine: improve password handling (#58806)
Before this change, only passwords not containing shell metacharacters could be
used, and because the password was passed as a command-line argument, local
users could (in a very small window of time) record the password and (in an
indefinity window of time) record the length of the password.

We also use the opportunity to add a call to `exec` in the systemd start
script, so that no shell needs to hang around waiting for iodine to stop.
2019-04-08 21:20:26 +02:00
Bas van Dijk
29d7d8f44d nixos/doc: added the Prometheus changes to the 19.09 release notes 2019-04-08 19:39:22 +02:00
Bas van Dijk
eed84d1f8d nixos/prometheus: fix indentation and unnecessary parenthesis 2019-04-08 19:14:42 +02:00
Samuel Dionne-Riel
ef0ca61215
Merge pull request #58027 from DanielFabian/gfxpayload
grub: Add gfxpayload
2019-04-08 10:06:59 -04:00
Izorkin
496a73d46d nixos/nginx: fix error in writeNginxConfig 2019-04-08 16:44:23 +03:00
Bas van Dijk
394970047e nixos/tests: register the prometheus2 test 2019-04-08 15:24:23 +02:00
Bas van Dijk
7cf27feb2f
nixos/prometheus: get rid of empty arguments
Previously the prometheus.service file looked like:

  ExecStart=/nix/store/wjkhfw3xgkmavz1akkqir99w4lbqhak7-prometheus-1.8.2-bin/bin/prometheus -storage.local.path=/var/lib/prometheus/metrics \
    -config.file=/nix/store/zsnvzw51mk3n1cxjd0351bj39k1j6j27-prometheus.yml-check-config-checked \
    -web.listen-address=0.0.0.0:9090 \
    -alertmanager.notification-queue-capacity=10000 \
    -alertmanager.timeout=10s \
     \

  Restart=always

Now it's:

  ExecStart=/nix/store/wjkhfw3xgkmavz1akkqir99w4lbqhak7-prometheus-1.8.2-bin/bin/prometheus \
    -storage.local.path=/var/lib/prometheus/metrics \
    -config.file=/nix/store/zsnvzw51mk3n1cxjd0351bj39k1j6j27-prometheus.yml-check-config-checked \
    -web.listen-address=0.0.0.0:9090 \
    -alertmanager.notification-queue-capacity=10000 \
    -alertmanager.timeout=10s
  Restart=always
2019-04-08 14:59:12 +02:00
Bas van Dijk
a59c92903e
nixos/prometheus: use ExecStart instead of a shell script
This uses fewer lines of code and one less process.
2019-04-08 14:59:12 +02:00
Daniel Fabian
84ff0956a8 grub: Add support for gfxpayload in grub. Needed for NVIDIA drivers before KMS, afaik 2019-04-08 11:34:39 +01:00
Aneesh Agrawal
24ae4ae604 nixos/sshd: Remove obsolete Protocol options (#59136)
OpenSSH removed server side support for the v.1 Protocol
in version 7.4: https://www.openssh.com/txt/release-7.4,
making this option a no-op.
2019-04-08 09:49:31 +02:00
Samuel Dionne-Riel
40d59c6e8e
Merge pull request #58976 from gilligan/remove-nodejs6
Remove nodejs-6_x which is about to enter EOL
2019-04-07 19:49:24 -04:00
worldofpeace
8f93650fe4 nixos/pantheon: add warning when not using LightDM 2019-04-07 17:51:41 -04:00
worldofpeace
d3d5c674ba nixos/lightdm-greeters/pantheon: add warning 2019-04-07 17:51:19 -04:00
Florian Klink
2457510db4
Merge pull request #51918 from bobvanderlinden/var-run
tree-wide: nixos: /var/run -> /run
2019-04-07 20:09:46 +02:00
Frederik Rietdijk
7f7da0a16f Merge master into staging-next 2019-04-07 15:14:52 +02:00
Robin Gloster
0498ba6e06
Merge pull request #59078 from dtzWill/fix-and-update/nextcloud
nextcloud: fix use of mismatched php versions, updates
2019-04-07 09:55:39 +00:00
Frederik Rietdijk
4a125f6b20 Merge master into staging-next 2019-04-07 08:33:41 +02:00
Léo Gaspard
07fdcb348f
Merge pull request #59056 from aanderse/mod_php-sendmail
nixos/httpd: replace ssmtp with system-sendmail
2019-04-06 20:57:58 +02:00
Will Dietz
27d78f4c6c nextcloud: use same php package throughout!
`phpPackage` is 7.3 by default, but `pkgs.php` is 7.2,
so this saves the need for an extra copy of php
for the purpose of running nextcloud's cron;
more importantly this fixes problems with extensions
not loading since they are built against a different php.
2019-04-06 10:34:14 -05:00
aszlig
6fe989eaed
nixos/tests/acme: Use exact match in TOS location
Since the switch to check the nginx config with gixy in
59fac1a6d7, the ACME test doesn't build
anymore, because gixy reports the following false-positive (reindented):

  >> Problem: [alias_traversal] Path traversal via misconfigured alias.
  Severity: MEDIUM
  Description: Using alias in a prefixed location that doesn't ends with
               directory separator could lead to path traversal
               vulnerability.
  Additional info: https://github.com/yandex/gixy/blob/master/docs/en/plugins/aliastraversal.md
  Pseudo config:

  server {
    server_name letsencrypt.org;

    location /documents/2017.11.15-LE-SA-v1.2.pdf {
      alias /nix/store/y4h5ryvnvxkajkmqxyxsk7qpv7bl3vq7-2017.11.15-LE-SA-v1.2.pdf;
    }
  }

The reason this is a false-positive is because the destination is not a
directory, so something like "/foo.pdf../other.txt" won't work here,
because the resulting path would be ".../destfile.pdf../other.txt".

Nevertheless it's a good idea to use the exact match operator (=), to
not only shut up gixy but also gain a bit of performance in lookup (not
that it would matter in our test).

Signed-off-by: aszlig <aszlig@nix.build>
2019-04-06 12:51:56 +02:00
Aaron Andersen
9c9a6f380e nixos/httpd: replace ssmtp with system-sendmail 2019-04-06 06:34:46 -04:00
Pierre Bourdon
f8eec8dc34 environment.noXlibs: disable gnome3 support for pinentry (#59051) 2019-04-06 10:06:55 +00:00
Silvan Mosberger
82b8ff405b
Merge pull request #58778 from aanderse/davmail
nixos/davmail: set logging default to warn, instead of debug
2019-04-06 06:23:48 +02:00
Jeremy Apthorp
e8b68dd4f4 miniflux: add service 2019-04-06 03:52:15 +02:00
Silvan Mosberger
cddafbcc60
Merge pull request #57782 from bkchr/gnupg_program
programs.gnupg: Support setting the gnupg program
2019-04-05 15:43:18 +02:00
Gabriel Ebner
ad5cabf575 nixos/evince: init 2019-04-05 15:03:31 +02:00
Yarny0
631c71da83 nixos/printing: fix CUPS SetEnv directive placement
With CUPS v2.3b5, the configuration directive `SetEnv`
moved from `cupsd.conf` to `cups-files.conf`.  See also
d47f6aec43 .

We have to follow up as `SetEnv` is now ignored in `cupsd.conf`.
Without this, executables called by cups
can't find other executables they depend on,
like `gs` or `perl`.
2019-04-05 14:23:59 +02:00
Tor Hedin Brønner
c99a666aac
nixos/gnome3: add new default fonts
- source-code-pro is now the default monospace font
- source-sans-pro seems to be used somewhere too:
  https://wiki.gnome.org/Engagement/BrandGuidelines
2019-04-05 12:13:39 +02:00
Jan Tojnar
cb1a20499a
Merge branch 'master' into staging 2019-04-05 11:37:15 +02:00
Bastian Köcher
c0deb007fc programs.gnupg: Support setting the gnupg package 2019-04-05 08:49:53 +02:00
Jörg Thalheim
4aeafc6b63
tests/pdns-recursor: use waitForOpenPort as port check
This should be safer w.r.t. race conditions.
2019-04-05 02:30:28 +01:00
Jörg Thalheim
e49a143ac7
Merge pull request #58982 from Mic92/pdns
pdns-recursor: 4.1.11 -> 4.1.12
2019-04-05 02:23:48 +01:00
Jörg Thalheim
6dd7483ce1
Merge pull request #57979 from 4z3/writeNginxConfig
nixos/nginx: use nginxfmt and gixy
2019-04-04 20:23:58 +01:00
Silvan Mosberger
fab50f0e91
Merge pull request #57716 from dasJ/redo-icingaweb2
nixos/icingaweb2: Replace most options with toINI
2019-04-04 21:20:01 +02:00
Jörg Thalheim
d8445c9925
tests/pdns-recursor: add 2019-04-04 19:42:49 +01:00
tobias pflug
0e296d5fcd
Remove nodejs-6_x which is about to enter EOL
- Remove nodejs-6_x
- Set nodejs / nodejs-slim to nodejs-8_x / nodejs-slim-8_x
- Re-generate node2nix generated files using nodejs-8_x instead
2019-04-04 18:43:06 +01:00
Peter Hoeg
61613a2512
Merge pull request #57337 from peterhoeg/m/logitech
nixos: better support for logitech devices and update relevant packages
2019-04-03 21:19:56 +08:00
Silvan Mosberger
c978593908
Merge pull request #58509 from symphorien/all-fw
nixos: make hardware.enableAllFirmware enable *all* firmware
2019-04-03 06:32:16 +02:00
Maximilian Bosch
6b6348eaba
nixos/roundcube: only configure postgres config if localhost is used as database
When using a different database, the evaluation fails as
`config.services.postgresql.package` is only set if `services.postgresql` is enabled.

Also, the systemd service shouldn't have a relation to postgres if a
remote database is used.
2019-04-02 16:02:53 +02:00
Aaron Andersen
01cec5155f nixos/davmail: set logging default to warn, instead of debug 2019-04-02 09:52:32 -04:00
Franz Pletz
ff36d95878
nixos/quicktun: init 2019-04-02 12:16:48 +02:00
Franz Pletz
ab574424a0
Merge pull request #57789 from Ma27/wireguard-test
nixos/wireguard: add test
2019-04-02 08:11:52 +00:00
Florian Jacob
14571f5ed0 nixos/mysql: fix initialScript option
which was wrongly specified as types.lines
Prevent it from getting copied to nix store as people might use it for
credentials, and make the tests cover it.
2019-04-01 21:08:47 +02:00
Florian Jacob
77978c1518 nixos/mysql: fix support for non-specified database schema
and increase test coverage to catch this
2019-04-01 20:01:29 +02:00
Léo Gaspard
e3b87b04b7 Revert "Merge pull request #57559 from Ekleog/iso-image-reproducibilization"
This reverts commit bb32e322a5, reversing
changes made to e0b4356c0d.
2019-04-01 18:17:42 +02:00
Silvan Mosberger
86956b98e6
Merge pull request #58639 from Infinisil/update/browserpass
browserpass: 2.0.22 -> 3.0.1
2019-04-01 17:31:41 +02:00
Simon Lackerbauer
88c31ae57c
nixos/openldap: add new options 2019-04-01 17:24:33 +02:00
Florian Klink
8313a5dcd3
Merge pull request #58588 from shazow/fix/vlc
vlc: Add chromecast support; libmicrodns: Init at 0.0.10
2019-04-01 17:16:42 +02:00
Tim Steinbach
03389563a2
linux: Fix kernel-testing test 2019-04-01 10:04:54 -04:00
Andrey Petrov
c37aa79639 vlc: add chromecastSupport option
Enables Chromecast support by default in VLC.

Fixes #58365.

Includes release note.
2019-04-01 09:44:56 -04:00
Tim Steinbach
5aef5c5931
kafka: Add test for 2.2
Also add back tests, don't seem broken anymore.

This is just fine:
nix-build ./nixos/release.nix -A tests.kafka.kafka_2_1.x86_64-linux -A tests.kafka.kafka_2_2.x86_64-linux
2019-04-01 08:39:25 -04:00
Tim Steinbach
3db50cc82f
linux: Add testing test 2019-04-01 08:31:36 -04:00
John Ericson
4ccb74011f Merge commit '18aa59b0f26fc707e7313f8467e67159e61600c2' from master into staging
There was one conflict in the NixOS manual; I checked that it still
built after resolving it.
2019-04-01 00:40:03 -04:00
Silvan Mosberger
e98ee8d70c
nixos/browserpass: update for v3
See https://github.com/browserpass/browserpass-native/issues/31

Additionally browserpass was removed from systemPackages, because it
doesn't need to be installed, browsers will get the path to the binary
from the native messaging host JSON.
2019-04-01 01:24:54 +02:00
Will Dietz
c8a9c1c2b8 yubico-pam: add nixos integration 2019-03-31 12:04:35 -05:00
worldofpeace
ffd2e9b572 nixos/rename: drop system.nixos.{stateVersion, defaultChannel}
Comment said to remove these before 18.09 was released :(
2019-03-30 18:18:39 -04:00
Silvan Mosberger
81e2fb5303
Merge pull request #58458 from worldofpeace/colord/no-root
nixos/colord: don't run as root
2019-03-30 04:06:55 +01:00
worldofpeace
099cc0482b nixos/pantheon: enable lightdm gtk greeter
Pantheon's greeter has numerous issues that cannot be
fixed in a timely manner, and users are better off if they just
didn't use it by default.
2019-03-29 21:29:59 -04:00
worldofpeace
f22fbe1175 nixos/colord: don't run as root
Using systemd.packages because there's
a system colord service and colord-session user service
included.
2019-03-29 20:56:06 -04:00
Florian Klink
a6abf97e05
Merge pull request #58420 from Infinisil/remove-renames
Remove a bunch of old option renames
2019-03-30 00:48:25 +01:00
Peter Romfeld
364cbd088e minio: init at 4.0.13 2019-03-29 15:50:36 +01:00
Graham Christensen
bb32e322a5
Merge pull request #57559 from Ekleog/iso-image-reproducibilization
iso-image: make reproducible by not relying on mcopy's readdir
2019-03-29 08:02:56 -04:00
aszlig
dcf40f7c24
Merge pull request #57519 (systemd-confinement)
Currently if you want to properly chroot a systemd service, you could do
it using BindReadOnlyPaths=/nix/store or use a separate derivation which
gathers the runtime closure of the service you want to chroot. The
former is the easier method and there is also a method directly offered
by systemd, called ProtectSystem, which still leaves the whole store
accessible. The latter however is a bit more involved, because you need
to bind-mount each store path of the runtime closure of the service you
want to chroot.

This can be achieved using pkgs.closureInfo and a small derivation that
packs everything into a systemd unit, which later can be added to
systemd.packages.

However, this process is a bit tedious, so the changes here implement
this in a more generic way.

Now if you want to chroot a systemd service, all you need to do is:

  {
    systemd.services.myservice = {
      description = "My Shiny Service";
      wantedBy = [ "multi-user.target" ];

      confinement.enable = true;
      serviceConfig.ExecStart = "${pkgs.myservice}/bin/myservice";
    };
  }

If more than the dependencies for the ExecStart* and ExecStop* (which
btw. also includes script and {pre,post}Start) need to be in the chroot,
it can be specified using the confinement.packages option. By default
(which uses the full-apivfs confinement mode), a user namespace is set
up as well and /proc, /sys and /dev are mounted appropriately.

In addition - and by default - a /bin/sh executable is provided, which
is useful for most programs that use the system() C library call to
execute commands via shell.

Unfortunately, there are a few limitations at the moment. The first
being that DynamicUser doesn't work in conjunction with tmpfs, because
systemd seems to ignore the TemporaryFileSystem option if DynamicUser is
enabled. I started implementing a workaround to do this, but I decided
to not include it as part of this pull request, because it needs a lot
more testing to ensure it's consistent with the behaviour without
DynamicUser.

The second limitation/issue is that RootDirectoryStartOnly doesn't work
right now, because it only affects the RootDirectory option and doesn't
include/exclude the individual bind mounts or the tmpfs.

A quirk we do have right now is that systemd tries to create a /usr
directory within the chroot, which subsequently fails. Fortunately, this
is just an ugly error and not a hard failure.

The changes also come with a changelog entry for NixOS 19.03, which is
why I asked for a vote of the NixOS 19.03 stable maintainers whether to
include it (I admit it's a bit late a few days before official release,
sorry for that):

  @samueldr:

    Via pull request comment[1]:

      +1 for backporting as this only enhances the feature set of nixos,
      and does not (at a glance) change existing behaviours.

    Via IRC:

      new feature: -1, tests +1, we're at zero, self-contained, with no
      global effects without actively using it, +1, I think it's good

  @lheckemann:

    Via pull request comment[2]:

      I'm neutral on backporting. On the one hand, as @samueldr says,
      this doesn't change any existing functionality. On the other hand,
      it's a new feature and we're well past the feature freeze, which
      AFAIU is intended so that new, potentially buggy features aren't
      introduced in the "stabilisation period". It is a cool feature
      though? :)

A few other people on IRC didn't have opposition either against late
inclusion into NixOS 19.03:

  @edolstra:  "I'm not against it"
  @Infinisil: "+1 from me as well"
  @grahamc:   "IMO its up to the RMs"

So that makes +1 from @samueldr, 0 from @lheckemann, 0 from @edolstra
and +1 from @Infinisil (even though he's not a release manager) and no
opposition from anyone, which is the reason why I'm merging this right
now.

I also would like to thank @Infinisil, @edolstra and @danbst for their
reviews.

[1]: https://github.com/NixOS/nixpkgs/pull/57519#issuecomment-477322127
[2]: https://github.com/NixOS/nixpkgs/pull/57519#issuecomment-477548395
2019-03-29 04:37:53 +01:00
Maximilian Bosch
673c8193cd
Merge pull request #58489 from aanderse/mailcatcher
nixos/mailcatcher: fix test to be compatible with mailcatcher 7.x series
2019-03-29 04:01:02 +01:00
Symphorien Gibol
15229e1a62 nixos: make hardware.enableAllFirmware enable *all* firmware 2019-03-28 23:59:57 +01:00
Silvan Mosberger
1660845954
Merge pull request #58196 from tomfitzhenry/iso-syslinux-serial-consistent
syslinux: change serial bit rate to 115200
2019-03-28 22:51:48 +01:00
Florian Klink
aa2878cfcf
Merge pull request #58284 from bgamari/gitlab-rails
nixos/gitlab: Package gitlab-rails
2019-03-28 21:12:15 +01:00
Silvan Mosberger
9d4a6cceb7
Merge pull request #57550 from florianjacob/typed-mysql-options
nixos/mysql: specify option types, add tests
2019-03-28 18:55:53 +01:00
Silvan Mosberger
be2f711342
Merge pull request #58487 from bgamari/gitlab-gitaly-procpc
gitaly: Run gitaly with procps in scope
2019-03-28 18:22:27 +01:00
Ben Gamari
af909b3238 nixos/gitlab: Package gitlab-rails
This utility (particularly `gitlab-rails console`) is packaged by GitLab
Omnibus and is used for diagnostics and maintenance operations.
2019-03-28 11:45:31 -04:00
lewo
dc3ed336df
Merge pull request #58345 from xtruder/pkgs/dockerTools/pullImage/finalImageName
dockerTools: add finalImageName parameter for pullImage
2019-03-28 16:25:01 +01:00
Aaron Andersen
417da42c02 nixos/mailcatcher: fix test to be compatible with mailcatcher 7.x series 2019-03-28 11:15:20 -04:00
Ben Gamari
b90f5f03c2 nixos/gitaly: Run gitaly with procps in scope
Gitaly uses `ps` to track the RSS of `gitlab-ruby` and kills it when it
detects excessive memory leakage. See
https://gitlab.com/gitlab-org/gitaly/issues/1562.
2019-03-28 10:48:51 -04:00
Florian Klink
6670b4c37d
Merge pull request #58419 from flokli/ldap-nslcd-startup
nixos/ldap: set proper User= and Group= for nslcd service
2019-03-28 14:30:14 +01:00
Florian Klink
8817bbefdb nixos/ldap: set proper User= and Group= for nslcd service
eb90d97009 broke nslcd, as /run/nslcd was
created/chowned as root user, while nslcd wants to do parts as nslcd
user.

This commit changes the nslcd to run with the proper uid/gid from the
start (through User= and Group=), so the RuntimeDirectory has proper
permissions, too.

In some cases, secrets are baked into nslcd's config file during startup
(so we don't want to provide it from the store).

This config file is normally hard-wired to /etc/nslcd.conf, but we don't
want to use PermissionsStartOnly anymore (#56265), and activation
scripts are ugly, so redirect /etc/nslcd.conf to /run/nslcd/nslcd.conf,
which now gets provisioned inside ExecStartPre=.

This change requires the files referenced to in
users.ldap.bind.passwordFile and users.ldap.daemon.rootpwmodpwFile to be
readable by the nslcd user (in the non-nslcd case, this was already the
case for users.ldap.bind.passwordFile)

fixes #57783
2019-03-28 13:08:47 +01:00
Aaron Andersen
7f3d0aee1c nixos/redmine: test configuration with postgresql as well as mysql 2019-03-27 21:21:17 -04:00
Aaron Andersen
44a798e36f nixos/postgresql: added new options to mimic mysql module 2019-03-27 21:21:12 -04:00
aszlig
ada3239253
nixos/release-notes: Add entry about confinement
First of all, the reason I added this to the "highlights" section is
that we want users to be aware of these options, because in the end we
really want to decrease the attack surface of NixOS services and this is
a step towards improving that situation.

The reason why I'm adding this to the changelog of the NixOS 19.03
release instead of 19.09 is that it makes backporting services that use
these options easier. Doing the backport of the confinement module after
the official release would mean that it's not part of the release
announcement and potentially could fall under the radar of most users.

These options and the whole module also do not change anything in
existing services or affect other modules, so they're purely optional.

Adding this "last minute" to the 19.03 release doesn't hurt and is
probably a good preparation for the next months where we hopefully
confine as much services as we can :-)

I also have asked @samueldr and @lheckemann, whether they're okay with
the inclusion in 19.03. While so far only @samueldr has accepted the
change, we can still move the changelog entry to the NixOS 19.09 release
notes in case @lheckemann rejects it.

Signed-off-by: aszlig <aszlig@nix.build>
2019-03-27 21:07:07 +01:00
aszlig
52299bccf5
nixos/confinement: Use PrivateMounts option
So far we had MountFlags = "private", but as @Infinisil has correctly
noticed, there is a dedicated PrivateMounts option, which does exactly
that and is better integrated than providing raw mount flags.

When checking for the reason why I used MountFlags instead of
PrivateMounts, I found that at the time I wrote the initial version of
this module (Mar 12 06:15:58 2018 +0100) the PrivateMounts option didn't
exist yet and has been added to systemd in Jun 13 08:20:18 2018 +0200.

Signed-off-by: aszlig <aszlig@nix.build>
2019-03-27 20:34:32 +01:00
aszlig
861a1cec60
nixos/confinement: Remove handling for StartOnly
Noted by @Infinisil on IRC:

   infinisil: Question regarding the confinement PR
   infinisil: On line 136 you do different things depending on
              RootDirectoryStartOnly
   infinisil: But on line 157 you have an assertion that disallows that
              option being true
   infinisil: Is there a reason behind this or am I missing something

I originally left this in so that once systemd supports that, we can
just flip a switch and remove the assertion and thus support
RootDirectoryStartOnly for our confinement module.

However, this doesn't seem to be on the roadmap for systemd in the
foreseeable future, so I'll just remove this, especially because it's
very easy to add it again, once it is supported.

Signed-off-by: aszlig <aszlig@nix.build>
2019-03-27 20:22:37 +01:00
Maximilian Bosch
3fc3096da8
Merge pull request #58432 from aanderse/mailcatcher
nixos/mailcatcher: init module for existing package
2019-03-27 16:11:15 +01:00
Aaron Andersen
c99ea1c203 nixos/mailcatcher: add nixos test 2019-03-27 09:56:46 -04:00
Aaron Andersen
395ec8c0d4 nixos/mailcatcher: init module for existing package 2019-03-27 09:15:47 -04:00
Benjamin Hipple
8b3500c650 nixos.cron: fix docstring sentence 2019-03-26 23:22:20 -04:00
Silvan Mosberger
2a72707c1f
nixos/modules: Remove about 50 option renames from <=2015
These are all `mkRenamedOptionModule` ones from 2015 (there are none
from 2014). `mkAliasOptionModule` from 2015 were left in because those
don't give any warning at all.
2019-03-27 03:10:14 +01:00
Florian Klink
0a1451afe3 nixos/ldap: rename password file options properly
users.ldap.daemon.rootpwmodpw -> users.ldap.daemon.rootpwmodpwFile
users.ldap.bind.password -> users.ldap.bind.passwordFile

as users.ldap.daemon.rootpwmodpw never was part of a release, no
mkRenamedOptionModule is introduced.
2019-03-27 02:53:56 +01:00
Silvan Mosberger
8471ab7624
Merge pull request #57836 from reanimus/duo-secure-fail
nixos/security: make duo support secure failure correctly
2019-03-27 01:58:42 +01:00
Daiderd Jordan
018d329dbc
Merge pull request #57928 from averelld/plex-update
plex: 1.14.1.5488 -> 1.15.1.791
2019-03-26 20:22:34 +01:00
Jaka Hudoklin
468df177c4
dockerTools: add finalImageName parameter for pullImage 2019-03-26 19:35:14 +01:00
Florian Klink
476760bfeb
Merge pull request #57578 from bgamari/gitlab-extra-initializers
nixos/gitlab: Allow configuration of extra initializers
2019-03-26 11:08:11 +01:00
aszlig
68efd790b8
nixos: Don't enable Docker by default
Regression introduced by c94005358c.

The commit introduced declarative docker containers and subsequently
enables docker whenever any declarative docker containers are defined.

This is done via an option with type "attrsOf somesubmodule" and a check
on whether the attribute set is empty.

Unfortunately, the check was whether a *list* is empty rather than
wether an attribute set is empty, so "mkIf (cfg != [])" *always*
evaluates to true and thus subsequently enables docker by default:

$ nix-instantiate --eval nixos --arg configuration {} \
    -A config.virtualisation.docker.enable
true

Fixing this is simply done by changing the check to "mkIf (cfg != {})".

Tested this by running the "docker-containers" NixOS test and it still
passes.

Signed-off-by: aszlig <aszlig@nix.build>
Cc: @benley, @danbst, @Infinisil, @nlewo
2019-03-26 07:10:18 +01:00
Matthew Bauer
2924563f88
Merge pull request #57925 from rnhmjoj/ifnames-fix
nixos/tests/predictable-interfaces: fix failure on aarch64
2019-03-25 22:23:11 -04:00
Matthew Bauer
38c6c7c8a3
Merge pull request #57617 from aaronjanse/patch-20190313a
nixos/manual: clarify declarative packages section
2019-03-25 22:16:47 -04:00
Matthew Bauer
d468f4b27e
Merge pull request #57139 from delroth/firewall-dedup
nixos/firewall: canonicalize ports lists
2019-03-25 22:15:17 -04:00
Ben Gamari
f2bdc91b35 nixos/gitlab: Allow configuration of extra initializers
This adds a configuration option allowing the addition of additional
initializers in config/extra-gitlab.rb.
2019-03-25 15:18:35 -04:00
Jean-Baptiste Giraudeau
0333d877c2
Use same user for both prometheus 1 and 2. Use StateDirectory. 2019-03-25 14:49:22 +01:00
Jean-Baptiste Giraudeau
5ae25922b5
Prometheus2: --web.external-url need two dash. 2019-03-25 14:36:48 +01:00
Jean-Baptiste Giraudeau
bfbae97cfa
Rollback versionning of services.prometheus.{exporters, alertmanager}. 2019-03-25 14:36:46 +01:00
Alberto Berti
e17b464a43
Fix alertmanager service definition. Thanks to @eonpatapon 2019-03-25 14:36:45 +01:00
Alberto Berti
1b6ce80c2b
Make it pass a minimal test 2019-03-25 14:36:44 +01:00
Alberto Berti
11b89720b7
Add prometheus2 configuration to the prometheus modules
As the configuration for the exporters and alertmanager is unchanged
between the two major versions this patch tries to minimize
duplication while at the same time as there's no upgrade path from 1.x
to 2.x, it allows running the two services in parallel. See also #56037
2019-03-25 14:36:44 +01:00
Samuel Dionne-Riel
60847311e6 nixos/virtualbox-image: set the root fsType to reenable root FS resizing
This otherwise does not eval `:tested` any more, which means no nixos
channel updates.

Regression comes from 0eb6d0735f (#57751)
which added an assertion stopping the use of `autoResize` when the
filesystem cannot be resized automatically.
2019-03-24 22:41:26 -04:00
Danylo Hlynskyi
40cc269561
Merge branch 'master' into postgresql-socket-in-run 2019-03-25 01:06:59 +02:00
Benjamin Staffin
c94005358c NixOS: Run Docker containers as declarative systemd services (#55179)
* WIP: Run Docker containers as declarative systemd services

* PR feedback round 1

* docker-containers: add environment, ports, user, workdir options

* docker-containers: log-driver, string->str, line wrapping

* ExecStart instead of script wrapper, %n for container name

* PR feedback: better description and example formatting

* Fix docbook formatting (oops)

* Use a list of strings for ports, expand documentation

* docker-continers: add a simple nixos test

* waitUntilSucceeds to avoid potential weird async issues

* Don't enable docker daemon unless we actually need it

* PR feedback: leave ExecReload undefined
2019-03-25 00:59:09 +02:00
Bob van der Linden
4c1af9b371
nixos/tests: nghttpx: /var/run -> /run 2019-03-24 21:15:35 +01:00
Bob van der Linden
09bff929df
nixos/tests: osquery: /var/run -> /run 2019-03-24 21:15:34 +01:00
Bob van der Linden
d8dc1226f4
nixos/openvswitch: /var/run -> /run 2019-03-24 21:15:34 +01:00
Bob van der Linden
8c1e00095a
nixos/docker: /var/run -> /run 2019-03-24 21:15:34 +01:00
Bob van der Linden
1eefda5595
nixos/xpra: /var/run -> /run 2019-03-24 21:15:33 +01:00
Bob van der Linden
889bb1e91e
nixos/kodi: /var/run -> /run 2019-03-24 21:15:33 +01:00
Bob van der Linden
65710d1df5
nixos/mighttpd2: /var/run -> /run 2019-03-24 21:15:33 +01:00
Bob van der Linden
f09fb4d4dd
nixos/tt-rss: /var/run -> /run 2019-03-24 21:15:32 +01:00
Bob van der Linden
9b100c4e6f
nixos/selfoss: /var/run -> /run 2019-03-24 21:15:32 +01:00
Bob van der Linden
cdc6f2e484
nixos/restya-board: /var/run -> /run 2019-03-24 21:15:31 +01:00
Bob van der Linden
bde23ec9a3
nixos/codimd: /var/run -> /run 2019-03-24 21:15:31 +01:00
Bob van der Linden
60481ba3fd
nixos/hologram-agent: /var/run -> /run 2019-03-24 21:15:30 +01:00
Bob van der Linden
798931135e
nixos/fcron: /var/run -> /run 2019-03-24 21:15:30 +01:00
Bob van der Linden
0cf1944c36
nixos/cups: /var/run -> /run 2019-03-24 21:15:30 +01:00
Bob van der Linden
323e8ef375
nixos/xrdp: /var/run -> /run 2019-03-24 21:15:29 +01:00
Bob van der Linden
210b7134d3
nixos/wpa_supplicant: /var/run -> /run 2019-03-24 21:15:29 +01:00
Bob van der Linden
b9e27ec43e
nixos/supplicant: /var/run -> /run 2019-03-24 21:15:29 +01:00
Bob van der Linden
8062476f73
nixos/raccoon: /var/run -> /run 2019-03-24 21:15:28 +01:00
Bob van der Linden
34738dea2a
nixos/ocserv: /var/run -> /run 2019-03-24 21:15:28 +01:00
Bob van der Linden
cc5f08fed8
nixos/miniupnpd: /var/run -> /run 2019-03-24 21:15:28 +01:00
Bob van der Linden
321bc431cc
nixos/lldpd: /var/run -> /run 2019-03-24 21:15:27 +01:00
Bob van der Linden
1e48222cbe
nixos/ircd-hybrid: /var/run -> /run 2019-03-24 21:15:27 +01:00
Bob van der Linden
937e733c04
nixos/htpdate: /var/run -> /run 2019-03-24 21:15:26 +01:00
Bob van der Linden
1a567685b2
nixos/hostapd: /var/run -> /run 2019-03-24 21:15:26 +01:00
Bob van der Linden
82dee48ef2
nixos/bind: /var/run -> /run 2019-03-24 21:15:26 +01:00
Bob van der Linden
9afbe4c2bd
nixos/avahi-daemon: /var/run -> /run 2019-03-24 21:15:25 +01:00
Bob van der Linden
08558245a4
nixos/asterisk: /var/run -> /run 2019-03-24 21:13:19 +01:00
Dmitry Kalinkin
cf7f234ff5
Merge pull request #57527 from Chiiruno/dev/meguca
Init: statik, Update: easyjson, quicktemplate, meguca, hydron
2019-03-24 15:26:37 -04:00
Robert Schütz
149f580412
home-assistant: 0.89.2 -> 0.90.1 (#58017)
https://www.home-assistant.io/blog/2019/03/20/release-90/
2019-03-24 19:45:35 +01:00
Andreas Rammhold
af27dbf1d1
Merge pull request #57897 from rnhmjoj/fix-ipv6
nixos/containers: create veths if only IPv6 is configured
2019-03-24 18:17:06 +01:00
Andreas Rammhold
862615b86e
nixos/release: make ipv6 tests as important as legacy IP tests
IPv6 container support broke a while ago and we didn't notice it. Making
them part of the (small) release test set should fix that. At this point
in time they should be granted the same amount of importance as the
legacy IP tests.
2019-03-24 18:09:39 +01:00
worldofpeace
ffe35f3f76 nixos/pantheon: add meta.maintainers 2019-03-24 07:04:28 -04:00
worldofpeace
f812cba2cf nixos/pantheon/files: add meta.maintainers 2019-03-24 07:04:28 -04:00
worldofpeace
415bceed8e nixos/pantheon/contractor: add meta.maintainers 2019-03-24 07:04:28 -04:00
worldofpeace
3565b1775a nixos/gsignond: add meta.maintainers 2019-03-24 07:04:28 -04:00
Tom Fitzhenry
0d67c6a52b syslinux: change serial bit rate to 115200
Prior to this commit an installation over serial via syslinux would
involve:
1. setting bitrate to BIOS's bitrate (typically 115200)
2. setting bitrate to syslinux's bitrate (38400)
3. setting bitrate to stty's bitrate (115200)

By changing syslinux's bitrate to 115200, an installation over serial
is a smoother experience, and consistent with the GRUB2 installation
which is also 115200 bps.

    [root@nixos:~]# stty
    speed 115200 baud; line = 0;
    -brkint ixoff iutf8
    -iexten

In a future commit I will add default serial terminals to the syslinux
kernel lines.
2019-03-24 19:36:30 +11:00
Dmitry Kalinkin
6f95ac3588
Merge pull request #57988 from lopsided98/buildbot-update
buildbot: 1.8.1 -> 2.1.0
2019-03-23 20:38:20 -04:00
markuskowa
d71472beaf
Merge pull request #57434 from ck3d/user-dwm
nixos dwm: start user installed dwm if available
2019-03-23 23:49:34 +01:00
Francesco Gazzetta
58f682742e nixos/zeronet: add fileserverPort option
Without it, zeronet tried to write one to the read-only config file and
crashed
2019-03-23 17:58:57 +01:00
Ben Gamari
2036550a46 nixos/docker-registry: Allow use of non-filesystem storage
Previously this module precluded use of storage backends other than
`filesystem`. It is now possible to configure another storage backend
manually by setting `services.dockerRegistry.storagePath` to `null` and
configuring the other backend via `extraConfig`.
2019-03-23 10:32:56 +00:00
tv
59fac1a6d7 nixos/nginx: use writeNginxConfig 2019-03-23 11:16:14 +01:00
Frederik Rietdijk
23e431387b Merge staging-next into staging 2019-03-23 09:20:09 +01:00
Okina Matara
40d7079f79
nixos/meguca: Add videoPaths, set postgresql version to 11 2019-03-23 01:19:29 -05:00
Joachim F
94864bbd37
Merge pull request #57133 from markuskowa/upd-slurm
slurm: 18.08.5.2 -> 18.08.6.2
2019-03-23 06:17:58 +00:00
Ben Wolsieffer
b2e11e0cdf buildbot: 1.8.1 -> 2.1.0 2019-03-22 18:43:15 -04:00
Averell Dalton
028a4b6a53 plex: 1.14.1.5488 -> 1.15.2.793 2019-03-22 20:33:22 +01:00
Sarah Brofeldt
78c95f561f
Merge pull request #58031 from dotlambda/elasticsearch-curator-application
elasticsearch-curator: add top-level package using older click
2019-03-22 20:11:54 +01:00
Gabriel Ebner
03f7c82e62
Merge pull request #57826 from gebner/anbox
anbox: init at 2019-03-07
2019-03-22 19:19:47 +01:00
Florian Klink
9aa57902cc
Merge pull request #57938 from flokli/network-manager-rename-changelog
network-manager: move para about service rename to 19.09 changelog
2019-03-22 19:18:47 +01:00
Dmitry Kalinkin
0e57b98b2c
Merge pull request #57596 from artemist/nginx-return
nixos/nginx: add return option to location
2019-03-22 14:08:33 -04:00
Vladimír Čunát
1ad3f34a99
nixos manual Makefile: improve purity
And be quiet when building/downloading the required tools.
2019-03-22 14:48:08 +01:00
Vladimír Čunát
4c3ec0e325
nixos docs: run the formatting tool (no content change)
As documented in the docs themselves :-)
2019-03-22 14:44:11 +01:00
lewo
715365ee02
Merge pull request #58024 from nlewo/openstack-fstype
openstackImage: set the / fsType to reenable root FS resizing
2019-03-22 14:40:27 +01:00
lewo
c8a65c2d71
Merge pull request #57751 from talyz/master
filesystems: Add autoResize assertion
2019-03-22 14:35:57 +01:00
Vladimír Čunát
11d204a9c4
nixos docs: improve GPU driver documentation
I'm not 100% sure about the incompatibility lines,
but I believe it's better to discourage these anyway.
If you find better information, feel free to amend...

The 32-bit thing is completely GPU-agnostic, so I can't see why we had
it separately for proprietary drivers and missing for the rest.
2019-03-22 14:31:17 +01:00
Jörg Thalheim
e6ad7eeecd
Merge pull request #58055 from dtzWill/fix/zsh-history-dont-export-vars
zsh: don't export HISTFILE and friends
2019-03-22 07:02:29 +00:00
Wael M. Nasreddine
5af0780492
Merge remote-tracking branch 'origin/master' into staging
* origin/master: (693 commits)
  buildGoModule: use go_1_12 instead of go_1_11 (#58103)
  gitAndTools.lab: 0.15.2 -> 0.15.3 (#58091)
  signal-desktop: 1.22.0 -> 1.23.0
  added missing semicolon to documentation
  terminus_font_ttf: 4.46.0 -> 4.47.0
  buildGoModule: remove SSL env vars in favor of cacert in buildInputs (#58071)
  dav1d: init at 0.2.1
  dropbox-cli: 2018.11.28 -> 2019.02.14
  atlassian-confluence: 6.14.1 -> 6.14.2
  maintainers: update email for dywedir
  python.pkgs.hglib: use patch to specify hg path (#57926)
  chkrootkit: 0.52 -> 0.53
  radare2-cutter: 1.7.2 -> 1.8.0
  autorandr: 1.7 -> 1.8
  pythonPackages.pyhepmc: fix build
  llvm-polly/clang-polly: use latest llvm
  apulse: 0.1.11.1 -> 0.1.12, cleanup
  factorio: experimental 0.17.14 → 0.17.16 (#58000)
  sequeler: 0.6.7 -> 0.6.8
  nasc: 0.5.1 -> 0.5.2
  ...
2019-03-21 21:01:25 -07:00
Dmitry Moskowski
7e4ca152a4 added missing semicolon to documentation 2019-03-21 22:22:13 +00:00
Matthew Bauer
73be6fba8b
Merge pull request #54625 from FlorianFranzen/efi32
grub: Support 32bit EFI on 64bit platforms
2019-03-21 11:39:45 -04:00
Will Dietz
173f79f690 zsh: don't export HISTFILE and friends
Just set them normally.
Exporting them will propagate them to all executed programs
such as bash (as used by nix-shell or nix run),
and badness ensues when different formats are used.
2019-03-21 10:28:20 -05:00
Robert Schütz
c0409de98d elasticsearch-curator: add top-level package using older click
See https://github.com/NixOS/nixpkgs/pull/58023 for a discussion
of why this is necessary. The upstream issue can be found at
https://github.com/elastic/curator/pull/1280.
2019-03-21 11:53:32 +01:00
Antoine Eiche
f116d046f6 openstackImage: set the / fsType to reenable root FS resizing
Since 34234dcb51, the reisizefs tool is
embeded only if the `fsType` starts with `ext`. The default `fsType`
value is `auto`.
2019-03-21 10:04:07 +01:00
Alyssa Ross
0cd7f32a4c
Merge pull request #54627 from FlorianFranzen/waybar
waybar: init at 0.4.0
2019-03-20 23:38:04 +00:00
Samuel Leathers
439936101c
Merge pull request #57856 from Izorkin/zsh-options
nixos/zsh: enable configure history and custom options
2019-03-20 13:08:43 -04:00
Samuel Leathers
cafd07a54e
Merge pull request #56423 from Izorkin/nginx-unit
unit: add service unit and update package
2019-03-20 13:08:05 -04:00
rnhmjoj
552e583ef0
nixos/containers: create veths if only IPv6 is configured
This fixes the failing nixos.tests.containers-ipv6 test. Thanks to andir.
2019-03-20 04:38:10 +01:00
Florian Klink
a54e41a673 network-manager: move para about service rename to 19.09 changelog 2019-03-20 03:09:59 +01:00
Bob van der Linden
40679eb3c8 nixos/zabbix: /var/run -> /run 2019-03-20 00:02:46 +01:00
Bob van der Linden
3068252913 nixos/nagios: /var/run -> /run 2019-03-20 00:02:45 +01:00
Bob van der Linden
78acc82432 nixos/svnserve: /var/run -> /run 2019-03-20 00:02:45 +01:00
Bob van der Linden
3f17dcbbfd nixos/spice-vdagentd: /var/run -> /run 2019-03-20 00:02:45 +01:00
Bob van der Linden
231d815721 nixos/mbpfan: /var/run -> /run 2019-03-20 00:02:45 +01:00
Bob van der Linden
e1376ddd3d nixos/matrix-synapse: /var/run -> /run 2019-03-20 00:02:45 +01:00
Bob van der Linden
c67f2f0815 nixos/spamassassin: /var/run -> /run 2019-03-20 00:02:44 +01:00
Bob van der Linden
edd5c88086 nixos/postgrey: /var/run -> /run 2019-03-20 00:02:44 +01:00
Bob van der Linden
0438ad4712 nixos/pfix-srsd: /var/run -> /run 2019-03-20 00:02:44 +01:00
Bob van der Linden
e8434784bd nixos/rethinkdb: /var/run -> /run 2019-03-20 00:02:43 +01:00
Bob van der Linden
af0380997f nixos/redis: /var/run -> /run 2019-03-20 00:02:43 +01:00
Bob van der Linden
09d3ea4f67 nixos/openldap: /var/run -> /run 2019-03-20 00:02:43 +01:00
Bob van der Linden
660ee99293 nixos/mongodb: /var/run -> /run 2019-03-20 00:02:43 +01:00
Bob van der Linden
651f05c47c nixos/couchdb: /var/run -> /run 2019-03-20 00:02:42 +01:00
Bob van der Linden
66fb3aa1be nixos/bacula: /var/run -> /run 2019-03-20 00:01:45 +01:00
Bob van der Linden
9d4bc79003 nixos/zsh: do not use /var/run 2019-03-20 00:01:45 +01:00
Bob van der Linden
8f6aaa8b78 nixos/xonsh: do not use /var/run 2019-03-20 00:01:45 +01:00
Bob van der Linden
45d43a6472 nixos/fish: do not use /var/run 2019-03-20 00:01:45 +01:00
Bob van der Linden
bad7d82487 nixos/bash: do not use /var/run 2019-03-20 00:01:45 +01:00
Jörg Thalheim
b488c60cdb network-manager: rename systemd service back to match upstream
Compatibility with other distributions/software and expectation
of users coming from other systems should have higher priority over consistency.
In particular this fixes #51375, where the NetworkManager-wait-online.service
broke as a result of this.
2019-03-19 23:48:08 +01:00
rnhmjoj
0279449209
nixos/tests/predictable-interfaces: fix failure on aarch64 2019-03-19 23:20:23 +01:00
Alexey Shmalko
89845931e4
acpilight: add to module-list
acpilight package and module have been added to nixpkgs, but the
module hasn't been added to module-list.nix, so using it results in
the following error.

```
The option `hardware.acpilight' defined in `/etc/nixos/configuration.nix' does not exist.
```

Add the module to module-list.nix.
2019-03-19 23:21:36 +02:00
Peter Hoeg
fe97297bb1 logitech (nixos): support module for logitech input devices 2019-03-19 09:58:57 +08:00
aszlig
12efcc2dee
Merge overlayfs fix, LTS kernel bump and test
In Linux 4.19 there has been a major rework of the overlayfs
implementation and it now opens files in lowerdir with O_NOATIME, which
in turn caused issues in our VM tests because the process owner of QEMU
doesn't match the file owner of the lowerdir.

The crux here is that 9p propagates the O_NOATIME flag to the host and
the guest kernel has no way of verifying whether that flag will lead to
any problems beforehand.

There is ongoing work to possibly fix this in the kernel, but it will
take a while until there is a working patch and consensus.

So in order to bring our default kernel back to 4.19 and of course make
it possible to run newer kernels in VM tests, I'm merging a small QEMU
patch as an interim solution, which we can drop once we have a working
fix in the next round of stable kernels.

Now we already had Linux 4.19 set as the default kernel, but that was
subsequently reverted in 048c36ccaa
because the patch we have used was the revert of the commit I bisected a
while ago.

This patch broke overlayfs in other ways, so I'm also merging in a VM
test by @bachp, which only tests whether overlayfs is working, just to
be on the safe side that something like this won't happen in the future.

Even though this change could be considered a moderate mass-rebuild at
least for GNU/Linux, I'm merging this to master, mainly to give us some
time to get it into the current 19.03 release branch (and subsequent
testing window) once we got no new breaking builds from Hydra.

Cc: @samueldr, @lheckemann

Fixes: https://github.com/NixOS/nixpkgs/issues/54509
Fixes: https://github.com/NixOS/nixpkgs/issues/48828
Merges: https://github.com/NixOS/nixpkgs/pull/57641
Merges: https://github.com/NixOS/nixpkgs/pull/54508
2019-03-19 00:15:51 +01:00
Yurii Izorkin
f56d507e06 nixos/datadog-agent: change start command (#57871) 2019-03-18 13:31:04 -07:00
Izorkin
53d05fd0cc nixos/zsh: enable configure history and custom options 2019-03-18 19:57:54 +03:00
worldofpeace
5e7623aefc nixos/tests/colord: init 2019-03-18 08:05:42 -04:00
Florian Franzen
e51a840259 grub: Support 32bit EFI on 64bit x86 platforms 2019-03-18 10:38:07 +01:00
Florian Franzen
52d0db7e73 nixos/waybar: init module 2019-03-18 09:56:27 +01:00
Edward Tjörnhammar
0f03f28b75 nixos/anbox: init module
Co-authored-by: Luke Adams <luke.adams@belljar.io>
Co-authored-by: Volth <volth@webmaster.ms>
Co-authored-by: Jörg Thalheim <Mic92@users.noreply.github.com>
Co-authored-by: Edward Tjörnhammar <ed@cflags.cc>
Co-authored-by: Gabriel Ebner <gebner@gebner.org>
2019-03-18 09:28:02 +01:00
Alex Guzman
0c34b9fcf8
nixos/security: make duo support secure failure correctly
seems that this got broken when the config option was made to use enums. "secure" got replaced with "enum", which isn't a valid option for the failure mode.
2019-03-17 18:25:20 -07:00
Maximilian Bosch
0c4e9e397e
nixos/wireguard: add test
After working on the last wireguard bump (#57534), we figured that it's
probably a good idea to have a basic test which confirms that a simple
VPN with wireguard still works.

This test starts two peers with a `wg0` network interface and adds a v4
and a v6 route that goes through `wg0`.
2019-03-18 00:22:23 +01:00
Izorkin
42a99b1be2 nixos/unit: init service unit 2019-03-16 19:54:21 +03:00
Léo Gaspard
59c5630f60
Merge branch 'pr-57699'
* pr-57699:
  nixos/matrix: add manual section about self-hosting a matrix client and server
2019-03-16 14:48:39 +01:00
Florian Jacob
ef52869ef1 nixos/matrix: add manual section
about self-hosting a matrix client and server
2019-03-16 14:26:07 +01:00
talyz
0eb6d0735f filesystems: Add autoResize assertion
Assert that autoResize is only used when fsType is explicitly set to a
supported filesystem: if it's set to "auto", the default, the required
resizing tools won't be copied into the initrd even if the actual
filesystem is supported.
2019-03-16 13:01:35 +01:00
Vladimír Čunát
3aecf21239
Merge #56922: nixos/knot: init basic service + tests 2019-03-16 09:17:15 +01:00
Silvan Mosberger
056b9d0085
Merge pull request #57633 from talyz/master
amazon-image.nix: Resolve failure to include resize2fs
2019-03-16 05:12:05 +01:00
aszlig
116bdc9f55
nixos/manual: Document PostgreSQL socket change
This is a backwards-incompatible change and while it won't probably
affect a whole lot of users, it makes sense to give them a heads-up
anyway.

Signed-off-by: aszlig <aszlig@nix.build>
2019-03-16 03:03:21 +01:00
Janne Heß
b0daedd371 nixos/icingaweb2: Replace most options with toINI 2019-03-15 20:35:29 +01:00
talyz
261372b69c amazon-image.nix: Resolve failure to include resize2fs
Since 34234dcb51, for resize2fs to be automatically included in
initrd, a filesystem needed for boot must be explicitly defined as an
ext* type filesystem.
2019-03-15 17:33:45 +01:00
Florian Jacob
3d8090458c nixos/mysql: expand tests to mariadb and ensureUsers / ensureDatabases 2019-03-15 16:32:36 +01:00
Florian Jacob
5bec5e8cb1 nixos/mysql: specify option types 2019-03-15 16:32:36 +01:00
Pascal Bach
a8307b9f39 nixos/overlayfs: add test 2019-03-15 15:15:32 +01:00
Silvan Mosberger
f8de52a2fe
Revert "nixos/nginx: support h2c" 2019-03-15 14:31:11 +01:00
Markus
2e29412e9c nixos/kubernetes: Add proxy client certs to apiserver 2019-03-15 13:21:43 +00:00
Ryan Mulligan
4b6a41a939
Merge pull request #57077 from callahad/brother-dsseries
dsseries: init at 1.0.5-1
2019-03-14 21:17:31 -07:00
Aaron Janse
0258cff887
nixos/manual: reword note in declarative packages section 2019-03-14 21:11:27 -07:00
aszlig
ef553788d0
postgresql: Move socket dir to /run/postgresql
The default, which is /tmp, has a few issues associated with it:

One being that it makes it easy for users on the system to spoof a
PostgreSQL server if it's not running, causing applications to connect
to their provided sockets instead of just failing to connect.

Another one is that it makes sandboxing of PostgreSQL and other services
unnecessarily difficult. This is already the case if only PrivateTmp is
used in a systemd service, so in order for such a service to be able to
connect to PostgreSQL, a bind mount needs to be done from /tmp to some
other path, so the service can access it. This pretty much defeats the
whole purpose of PrivateTmp.

We regularily run into issues with this in the past already (one example
would be https://github.com/NixOS/nixpkgs/pull/24317) and with the new
systemd-confinement mode upcoming in
https://github.com/NixOS/nixpkgs/pull/57519, it makes it even more
tedious to sandbox services.

I've tested this change against all the postgresql NixOS VM tests and
they still succeed and I also grepped through the source tree to replace
other occasions where we might have /tmp hardcoded. Luckily there were
very few occasions.

Signed-off-by: aszlig <aszlig@nix.build>
Cc: @ocharles, @thoughtpolice, @danbst
2019-03-15 04:52:35 +01:00
aszlig
d13ad389b4
nixos/confinement: Explicitly set serviceConfig
My implementation was relying on PrivateDevices, PrivateTmp,
PrivateUsers and others to be false by default if chroot-only mode is
used.

However there is an ongoing effort[1] to change these defaults, which
then will actually increase the attack surface in chroot-only mode,
because it is expected that there is no /dev, /sys or /proc.

If for example PrivateDevices is enabled by default, there suddenly will
be a mounted /dev in the chroot and we wouldn't detect it.

Fortunately, our tests cover that, but I'm preparing for this anyway so
that we have a smoother transition without the need to fix our
implementation again.

Thanks to @Infinisil for the heads-up.

[1]: https://github.com/NixOS/nixpkgs/issues/14645

Signed-off-by: aszlig <aszlig@nix.build>
2019-03-15 04:13:01 +01:00
Silvan Mosberger
fb879ae920
Merge pull request #57174 from worldofpeace/pantheon/cleanup
nixos/pantheon cleanup
2019-03-15 01:26:49 +01:00
aszlig
9e9af4f9c0
nixos/confinement: Allow to include the full unit
From @edolstra at [1]:

  BTW we probably should take the closure of the whole unit rather than
  just the exec commands, to handle things like Environment variables.

With this commit, there is now a "fullUnit" option, which can be enabled
to include the full closure of the service unit into the chroot.

However, I did not enable this by default, because I do disagree here
and *especially* things like environment variables or environment files
shouldn't be in the closure of the chroot.

For example if you have something like:

  { pkgs, ... }:

  {
    systemd.services.foobar = {
      serviceConfig.EnvironmentFile = ${pkgs.writeText "secrets" ''
        user=admin
        password=abcdefg
      '';
    };
  }

We really do not want the *file* to end up in the chroot, but rather
just the environment variables to be exported.

Another thing is that this makes it less predictable what actually will
end up in the chroot, because we have a "globalEnvironment" option that
will get merged in as well, so users adding stuff to that option will
also make it available in confined units.

I also added a big fat warning about that in the description of the
fullUnit option.

[1]: https://github.com/NixOS/nixpkgs/pull/57519#issuecomment-472855704

Signed-off-by: aszlig <aszlig@nix.build>
2019-03-14 20:04:33 +01:00
aszlig
46f7dd436f
nixos/confinement: Allow to configure /bin/sh
Another thing requested by @edolstra in [1]:

  We should not provide a different /bin/sh in the chroot, that's just
  asking for confusion and random shell script breakage. It should be
  the same shell (i.e. bash) as in a regular environment.

While I personally would even go as far to even have a very restricted
shell that is not even a shell and basically *only* allows "/bin/sh -c"
with only *very* minimal parsing of shell syntax, I do agree that people
expect /bin/sh to be bash (or the one configured by environment.binsh)
on NixOS.

So this should make both others and me happy in that I could just use
confinement.binSh = "${pkgs.dash}/bin/dash" for the services I confine.

[1]: https://github.com/NixOS/nixpkgs/pull/57519#issuecomment-472855704

Signed-off-by: aszlig <aszlig@nix.build>
2019-03-14 19:14:05 +01:00
aszlig
0ba48f46da
nixos/systemd-chroot: Rename chroot to confinement
Quoting @edolstra from [1]:

  I don't really like the name "chroot", something like "confine[ment]"
  or "restrict" seems better. Conceptually we're not providing a
  completely different filesystem tree but a restricted view of the same
  tree.

I already used "confinement" as a sub-option and I do agree that
"chroot" sounds a bit too specific (especially because not *only* chroot
is involved).

So this changes the module name and its option to use "confinement"
instead of "chroot" and also renames the "chroot.confinement" to
"confinement.mode".

[1]: https://github.com/NixOS/nixpkgs/pull/57519#issuecomment-472855704

Signed-off-by: aszlig <aszlig@nix.build>
2019-03-14 19:14:03 +01:00
aszlig
ac64ce9945
nixos: Add 'chroot' options to systemd.services
Currently, if you want to properly chroot a systemd service, you could
do it using BindReadOnlyPaths=/nix/store (which is not what I'd call
"properly", because the whole store is still accessible) or use a
separate derivation that gathers the runtime closure of the service you
want to chroot. The former is the easier method and there is also a
method directly offered by systemd, called ProtectSystem, which still
leaves the whole store accessible. The latter however is a bit more
involved, because you need to bind-mount each store path of the runtime
closure of the service you want to chroot.

This can be achieved using pkgs.closureInfo and a small derivation that
packs everything into a systemd unit, which later can be added to
systemd.packages. That's also what I did several times[1][2] in the
past.

However, this process got a bit tedious, so I decided that it would be
generally useful for NixOS, so this very implementation was born.

Now if you want to chroot a systemd service, all you need to do is:

  {
    systemd.services.yourservice = {
      description = "My Shiny Service";
      wantedBy = [ "multi-user.target" ];

      chroot.enable = true;
      serviceConfig.ExecStart = "${pkgs.myservice}/bin/myservice";
    };
  }

If more than the dependencies for the ExecStart* and ExecStop* (which
btw. also includes "script" and {pre,post}Start) need to be in the
chroot, it can be specified using the chroot.packages option. By
default (which uses the "full-apivfs"[3] confinement mode), a user
namespace is set up as well and /proc, /sys and /dev are mounted
appropriately.

In addition - and by default - a /bin/sh executable is provided as well,
which is useful for most programs that use the system() C library call
to execute commands via shell. The shell providing /bin/sh is dash
instead of the default in NixOS (which is bash), because it's way more
lightweight and after all we're chrooting because we want to lower the
attack surface and it should be only used for "/bin/sh -c something".

Prior to submitting this here, I did a first implementation of this
outside[4] of nixpkgs, which duplicated the "pathSafeName" functionality
from systemd-lib.nix, just because it's only a single line.

However, I decided to just re-use the one from systemd here and
subsequently made it available when importing systemd-lib.nix, so that
the systemd-chroot implementation also benefits from fixes to that
functionality (which is now a proper function).

Unfortunately, we do have a few limitations as well. The first being
that DynamicUser doesn't work in conjunction with tmpfs, because it
already sets up a tmpfs in a different path and simply ignores the one
we define. We could probably solve this by detecting it and try to
bind-mount our paths to that different path whenever DynamicUser is
enabled.

The second limitation/issue is that RootDirectoryStartOnly doesn't work
right now, because it only affects the RootDirectory option and not the
individual bind mounts or our tmpfs. It would be helpful if systemd
would have a way to disable specific bind mounts as well or at least
have some way to ignore failures for the bind mounts/tmpfs setup.

Another quirk we do have right now is that systemd tries to create a
/usr directory within the chroot, which subsequently fails. Fortunately,
this is just an ugly error and not a hard failure.

[1]: https://github.com/headcounter/shabitica/blob/3bb01728a0237ad5e7/default.nix#L43-L62
[2]: https://github.com/aszlig/avonc/blob/dedf29e092481a33dc/nextcloud.nix#L103-L124
[3]: The reason this is called "full-apivfs" instead of just "full" is
     to make room for a *real* "full" confinement mode, which is more
     restrictive even.
[4]: https://github.com/aszlig/avonc/blob/92a20bece4df54625e/systemd-chroot.nix

Signed-off-by: aszlig <aszlig@nix.build>
2019-03-14 19:14:01 +01:00
Matthew Bauer
b703c4d998 plasma5: fix typo from pr #57037
Thanks @Yarny0
2019-03-14 14:09:13 -04:00
Aaron Janse
bd9b82dece
nixos/manual: fix typo 2019-03-14 02:17:31 +00:00
Aaron Janse
f67eb111ac
nixos/manual: clarify declarative packages section 2019-03-13 18:40:00 -07:00
Martin Weinelt
a978d3dcd2
nixos/knot: init 2019-03-14 01:28:53 +01:00
Michael Weiss
9179a3a406
Merge pull request #57414 from primeos/sway-1.0
sway: Switch to 1.0
2019-03-13 22:40:37 +01:00
Artemis Tosini
fee854ed01
nixos/nginx: add return option to location 2019-03-13 17:31:01 +00:00
Andrew Childs
c53703a6b2 nixos/prometheus: use append instead of insert for opening firewalls (#55224)
Inserting with `-I` causes the rules to placed before `ctstate`
tracking, while `-A` places them alongside all other allow rules.
2019-03-13 12:44:36 +02:00
Michael Weiss
578fe3f5a0
nixos/sway: Improve the module and adapt it to NixOS
This commit contains the following changes:
- nixos/sway: Remove the beta references
- sway: Drop buildDocs
- nixos/sway: Improve the documentation
- sway,nixos/sway: Adapt Sway to NixOS
  - Copy the default configuration file to /etc/sway/config (Sway will
    still load the identical file from the Nix store but this makes it
    easier to copy the default configuration file).
  - This will also remove all references to the Nix store from the
    default configuration file as they will eventually be garbage
    collected which is a problem if the user copies it.
  - I've also decided to drop the default wallpaper (alternatively we
    could copy it to a fixed location).
- nixos/sway: Drop the package option
2019-03-13 11:37:11 +01:00
Aaron Janse
56dcc319cf
nixos/manual: document auto-login
fix #29526
2019-03-12 22:23:05 -07:00
Léo Gaspard
f7fb88c324
iso-image: make reproducible by not relying on mcopy's readdir 2019-03-13 03:19:40 +01:00
Jascha Geerds
ffedc3e4a9 misc: Remove myself from list of maintainers
Unfortunately I don't have the time anymore to maintain those
packages.
2019-03-12 23:50:52 +01:00
Michael Weiss
45004c6f63
sway: Switch to 1.0
This is the result of executing:
git mv -f pkgs/applications/window-managers/sway/beta.nix pkgs/applications/window-managers/sway/default.nix
git mv -f nixos/modules/programs/sway-beta.nix nixos/modules/programs/sway.nix

And removing sway-beta from the following files:
pkgs/top-level/all-packages.nix
nixos/modules/module-list.nix
2019-03-12 22:29:39 +01:00
Markus
7e71cd8292 nixos/flannel: Add iptables package to service path 2019-03-12 15:30:33 +00:00
Johan Thomsen
292c1ce7ff nixos/gitlab: added gzip and bzip2 as dependencies for gitaly 2019-03-12 15:04:45 +00:00
Johan Thomsen
968d3c9c05 nixos/gitlab: improved test to check download of repository archives 2019-03-12 15:04:45 +00:00
Markus
87d1a82627 nixos/kubernetes: Add preferredAddressTypes option to apiserver 2019-03-12 15:01:14 +00:00
Matthew Bauer
7890494813
Merge pull request #57037 from matthewbauer/remove-xdg-desktop-menu-dummy
plasma: handle kbuildsycoca5 better
2019-03-11 22:58:40 -04:00
Andreas Rammhold
c55427ca43
nixos/doc: add types prefix to addCheck example
The function `addCheck` resides within the attrset `types`. We should be
explicit about this since otherwise people might be confused where it
does come from / why it doesn't work for them.
2019-03-11 22:56:56 +01:00
Christian Kögler
9f7f16cd7b nixos dwm: start user installed dwm if available
dwm has no configuration file. The user has to install his own version.
2019-03-11 20:18:08 +01:00
Christian Albrecht
e3a80ebc40
Cleanup pki: remove mkWaitCurl 2019-03-11 12:22:59 +01:00
Christian Albrecht
45e683fbd6
Cleanup pki: control-plane-online 2019-03-11 12:22:59 +01:00
Christian Albrecht
50c5f489ef
Cleanup pki: scheduler 2019-03-11 12:22:53 +01:00
Christian Albrecht
46653f84c9
Cleanup pki: proxy 2019-03-11 12:22:49 +01:00
Christian Albrecht
73657b7fcf
Cleanup pki: kubelet 2019-03-11 12:22:44 +01:00
Christian Albrecht
ea6985ffc1
Cleanup pki: flannel 2019-03-11 12:22:40 +01:00
Christian Albrecht
ce83dc2c52
Cleanup pki: controller-manager 2019-03-11 12:22:36 +01:00
Christian Albrecht
8ab50cb239
Cleanup pki: apiserver and etcd 2019-03-11 12:22:31 +01:00
Christian Albrecht
ee9dd4386a
Cleanup pki: addon-manager 2019-03-11 12:16:58 +01:00
Vladimír Čunát
8d502fd425
Merge branch 'staging-next' into staging 2019-03-10 08:05:27 +01:00
Matthew Bauer
8a08d7e7cc
Merge pull request #56031 from matthewbauer/priorities
Add some more priorities
2019-03-09 18:02:55 -05:00
worldofpeace
36d4dba317 nixos/pantheon: more mkDefault 2019-03-09 17:29:29 -05:00
worldofpeace
c41a2d28d3 nixos/pantheon: cleanup systemPackages
We don't need gnome-bluetooth because its executables
path is already hardcoded into the contractor file, as that's
the only place it is needed.
Don't think we need gnome-power-manager either.

Also add programs like geary to removePackagesByName.
2019-03-09 17:29:08 -05:00
Silvan Mosberger
6ad76ff1ba
Merge pull request #52096 from furrycatherder/davmail
nixos/davmail: init
2019-03-09 22:41:55 +01:00
Markus Kowalewski
62ea707e31
nixos/tests: make slurm test more reliable 2019-03-09 22:31:40 +01:00
Matthew Bauer
a923a5bbdc
ova: remove stateVersion
This is undefined in the default configuration.nix template.
2019-03-09 14:25:05 -05:00
Pierre Bourdon
18bc8203a1
nixos/firewall: canonicalize firewall ports lists
Fixes #56086.
2019-03-09 20:02:04 +01:00
Pierre Bourdon
843215ac1c
nixos/firewall: use types.port where appropriate 2019-03-09 19:45:11 +01:00
Sean Haugh
f2730d881b nixos/davmail: init
Co-authored-by: Aaron Andersen <aaron@fosslib.net>
Co-authored-by: Silvan Mosberger <infinisil@icloud.com>
2019-03-09 12:05:15 -06:00
scaroo
56aa491ad7 zonminder: Fix database name and username
PR #56889 messed up db and use naming while fixing the scope of the initialDatabases property.
This patch fixes the issue.
2019-03-09 17:21:29 +01:00
worldofpeace
fa64c63fa0
Merge pull request #56552 from worldofpeace/elementary-screenshot-tool/fix-conceal-text
pantheon.elementary-screenshot-tool: fix conceal text
2019-03-09 11:03:37 -05:00
Alexandre Mazari
d7f6cdeda4 Fix locally created database (#56889)
* zoneminder: fix initial database creation

Move initialDatabases directive from the 'ensureUsers' scope to the correct outer 'mysql' one.

* zoneminder: Fix mysql username to match unix username

When database.createLocally is used, a mysql user is created with the ensureUsers directive.
It ensures that the unix user with the name provided exists and can connect to MySQL through socket.
Thus, the MySQL username used by php/perl scripts must match the unix user owning the server PID.

This patch sets the default mysql user to 'zoneminder' instead of 'zmuser'.
2019-03-09 17:57:39 +02:00
Graham Christensen
777e94d903
Merge pull request #55436 from layus/warn-manual-ids
Nixos manual: error out on missing IDs
2019-03-09 08:21:07 -05:00
volth
c730f29e7f network-scripting: do not run resolvconf if /etc/resolv.conf is managed manually (#56682)
The second invocation of resolvconf, missed in https://github.com/NixOS/nixpkgs/pull/32308
2019-03-09 13:42:14 +02:00
Jonas Juselius
279716c330 nixos/kubernetes: add dns addonmanger reconcile mode option (#55834)
Allow coredns ConfigMap and Depolyment to be editable by the user. An use
case is augmenting the default, generated dns records with local services.
2019-03-09 12:57:41 +02:00
Aristid Breitkreuz
3671047632 virtualbox-host module: fix warnings syntax 2019-03-09 11:39:22 +01:00
aanderse
d800bd923f nixos/redmine: replace imagemagickBig with imagemagick (#57078) 2019-03-08 23:47:11 +01:00
Silvan Mosberger
eeb373386f
Merge pull request #55192 from JordanForks/master
nixos/nginx: support h2c
2019-03-08 21:08:35 +01:00
Silvan Mosberger
70ed39d899
Merge pull request #56322 from bendlas/warn-virtualbox-config
virtualbox: add warning for ineffective nixpkgs config
2019-03-08 21:06:50 +01:00
Silvan Mosberger
a95182882f
Merge pull request #56790 from Ma27/improve-error-handling-for-nixos-install
nixos/nixos-install: tell the user what to do if setting a root password failed
2019-03-08 21:05:48 +01:00
Maximilian Bosch
eaf98c7bcf
nixos/nixos-install: tell the user what to do if setting a root password failed
If setting a root password using the `passwd` call in the
`nixos-install` script fails, it should be explained how set it manually
to ensure that nobody gets accidentally locked out of the system.
2019-03-08 19:57:02 +01:00
Jordan Johnson-Doyle
04425c6223
nixos/nginx: support h2c 2019-03-08 17:50:46 +00:00
Silvan Mosberger
a540993d62
Merge pull request #56171 from bachp/tautulli
tautulli/plexpy: 1.4.25 -> 2.1.26 (renamed)
2019-03-08 16:52:40 +01:00
Silvan Mosberger
21c6592a42
Merge pull request #56987 from bachp/nextcloud-ocm-provider
nixos/nextcloud: fix escapings and ocm-provider
2019-03-08 16:49:36 +01:00
Bas van Dijk
e44e2455d3 strongswan-swanctl: fix module by setting the new SWANCTL_DIR envvar 2019-03-08 16:11:38 +01:00
Dan Callahan
c80385d934
dsseries: init at 1.0.5-1 2019-03-08 15:02:22 +00:00
Silvan Mosberger
9fa52ae9a2
Merge pull request #56589 from johanot/kubernetes-module-stabilization
nixos/kubernetes: minor module fixes
2019-03-08 15:47:15 +01:00
Jan Malakhovski
570aed4b46 lib: add showWarnings 2019-03-08 11:19:18 +02:00
Christian Albrecht
154356d820
nixos/kubernetes: Fix kube-control-plane-online must not be present
outside kubernetes module.
2019-03-08 09:36:59 +01:00
Johan Thomsen
80c4fd4f85 nixos/kubernetes: minor module fixes
- mkDefault etcd instance name
- make sure ca-cert in mkKubeConfig can be overriden
- fix controller-manager "tls-private-key-file" flag name
2019-03-08 09:18:51 +01:00
Ryan Mulligan
18f6dbe6be nixos/hdaps: automatically enable the hdapsd kernel module (#56309)
patch by hpoussin via
https://discourse.nixos.org/t/hdapsd-automatically-enable-the-hdapsd-kernel-module/2183
2019-03-08 09:50:02 +02:00
Silvan Mosberger
6c81f41e36
Merge pull request #56880 from mayflower/bash-root-prompt-fix
nixos/bash: fix root prompt
2019-03-08 03:10:18 +01:00
Silvan Mosberger
0036842e8d
Merge pull request #57006 from kyren/bepasty-fix
nixos/bepasty: switch to python3Packages to match bepasty package
2019-03-08 01:54:48 +01:00
Silvan Mosberger
4a9a596fbf
Merge pull request #56625 from aanderse/phpfpm
set phpOptions per phpfpm pool, instead of applying to every phpfpm pool
2019-03-08 01:53:18 +01:00
Silvan Mosberger
782cc919c8
Merge pull request #56254 from shosti/gnupg-ssh-austh-sock
nixos/gnupg: set SSH_AUTH_SOCK in non-interactive settings
2019-03-08 01:46:34 +01:00
Matthew Bauer
393b359f13 plasma: handle ksycoca5 better
- Remove xdg-desktop-menu-dummy.menu kbuildsycoca5. Not sure why we
  need it but it is a pretty big failure if it exists.
  See issue #56176.

- plasma: clear ksycoca cache before building

  This is needed to pick up on software removed since the last cache
  update. Otherwise it hangs around as zombies forever (or until the
  cache is cleared).

- Add the above + the icon cache cleanup to plasmaSetup

  This will be run for the logged in user on each nixos-rebuild.
  Unfortunately this only works if you are managing software through
  nixos-rebuild (nix-env users need to run this manually, otherwise
  log out and log back in).
2019-03-07 15:11:04 -05:00
Danylo Hlynskyi
60e8fcf0e5
module system: revert "remove types.optionSet", just deprecate (#56857)
The explicit remove helped to uncover some hidden uses of `optionSet`
in NixOps. However it makes life harder for end-users of NixOps - it will
be impossible to deploy 19.03 systems with old NixOps, but there is no
new release of NixOps with `optionSet` fixes.

Also, "deprecation" process isn't well defined. Even that `optionSet` was
declared "deprecated" for many years, it was never announced. Hence, I
leave "deprecation" announce. Then, 3 releases after announce,
we can announce removal of this feature.

This type has to be removed, not `throw`-ed in runtime, because it makes
some perfectly fine code to fail. For example:
```
$ nix-instantiate --eval -E '(import <nixpkgs/lib>).types' --strict
trace: `types.list` is deprecated; use `types.listOf` instead
error: types.optionSet is deprecated; use types.submodule instead
(use '--show-trace' to show detailed location information)
```
2019-03-07 21:28:09 +02:00
Silvan Mosberger
34e67f3f9f
Merge pull request #56578 from serokell/youtrack-hostname
youtrack: add hostname to path
2019-03-07 18:56:29 +01:00
Christian Höppner
c568dad253
nixos/youtrack: add hostname to path 2019-03-07 17:21:20 +01:00
Janne Heß
2a6f518b90 nixos/openldap: Fix quoting of log level 2019-03-07 14:19:50 +01:00
Michael Raskin
500d61560f Release notes: switch to modesetting: mention backlight problem 2019-03-07 13:38:19 +01:00
kyren
4bf1d8c67d nixos/bepasty: switch to python3Packages to match bepasty package
I think the bepasty nixos service has been broken since c539c02, since
bepasty changed from using python2.7 to python3.7.  This updates the
nixos module to refer to the matching python version.
2019-03-06 22:18:59 -05:00
Danylo Hlynskyi
ef1911d045 zram: revert "change default algorithm to zstd" (#56856)
19.03 default kernel is still 4.14, which doesn't support zstd. So,
zramSwap in current fasion fails on default kernel.
2019-03-07 02:11:20 +02:00
Danylo Hlynskyi
af5909a272
nixos/auto-upgrade: enable service only when it's enabled in options (#56948)
* nixos/auto-upgrade: enable service only when it's enabled in options

This reduced closure size of `tinyContainer` from 449 MB to 403 MB
2019-03-07 02:09:02 +02:00
Silvan Mosberger
502a4263a3
Merge pull request #55936 from tobim/modules/snapserver
nixos/snapserver: init
2019-03-07 00:00:48 +01:00
Tobias Mayer
085751b63b nixos/snapserver: init
A nixos module for configuring the server side of pkgs.snapcast.
The module is named "snapserver" following upstream convention.
This commit does not provide module for the corresponding client.

Fix handling of port and controlPort

Fix stream uri generation & address review

Remove unused streams options & add description

Add missing description & Remove default fs path

Use types.port for ports & formatting improvements

Force mpd and mopidy to wait for snapserver
2019-03-06 23:40:05 +01:00
Pascal Bach
415b927653 nixos/nextcloud: fix escapings and ocm-provider 2019-03-06 21:56:27 +01:00
Christian Albrecht
ff382c18c8
nixos/kubernetes: Address review: Move remaining paths to pki 2019-03-06 17:56:28 +01:00
Herwig Hochleitner
8b6a38ce7e nixos/virtualbox: add warning when for ineffective nixpkgs config
nixpkgs.config.virtualbox.enableExtensionPack doesn't do anything, but
used to. Add a warning for the unsuspecting.
2019-03-06 17:31:54 +01:00
Christian Albrecht
e148cb040b
nixos/kubernetes: Address review: rename node-online target 2019-03-06 17:17:20 +01:00
Andreas Rammhold
219b247e5b
Merge pull request #56607 from andir/cryptsetup-2.1
cryptsetup: 2.0.6 -> 2.1.0
2019-03-06 16:55:26 +01:00
Christian Albrecht
5684034693
nixos/kubernetes: Address review: Remove restart from certmgr bootstrap service 2019-03-06 16:55:13 +01:00
Christian Albrecht
7323b77435
nixos/kubernetes: Address review: Separate preStart from certificates 2019-03-06 16:55:08 +01:00
Christian Albrecht
52fe1d2e7a
nixos/kubernetes: Address review: Move controller manager paths into pki 2019-03-06 16:55:04 +01:00
Christian Albrecht
6e9037fed0
nixos/kubernetes: Address review: Move bootstrapping addons into own service 2019-03-06 16:54:50 +01:00
Christian Albrecht
ff91d5818c
nixos/kubernetes: Address review: Rename targets and move proxy to node-online.target 2019-03-06 16:54:22 +01:00
Janne Heß
3de5726e9b nixos/nginx: Support additional listen parameters (#56835) 2019-03-06 11:42:46 +02:00
Antoine Eiche
af23d1e2e7 nixos/test/docker-tools: fix Nix image digest 2019-03-06 09:26:33 +01:00
Wael Nasreddine
51fdca9cad
Merge pull request #56567 from Izorkin/datadog-agent
datadog-agent: update go packages and sub-packages
2019-03-05 16:59:21 -08:00
Linus Heckemann
efbd24ffcc nixos/bash: fix root prompt
b4b67177b5 introduced a regression of
its own: the prompt would end with $ for all users, not with # for
root as it should.
2019-03-05 13:27:32 +01:00
Silvan Mosberger
09c3fb0d75
Merge pull request #56774 from worldofpeace/mate/cleanup
nixos/mate: cleanup
2019-03-05 12:26:14 +01:00
Domen Kožar
f60459a023
Merge pull request #55142 from FlorianFranzen/thinkfan_smart
thinkfan: add option for libatasmart support
2019-03-05 17:47:13 +07:00
Jan Malakhovski
ca496b194f nixos: doc: increase maxdepth for xsltproc
See https://github.com/NixOS/nixpkgs/issues/37903#issuecomment-376618117
for details. With the previous patch and some custom modules included in
`configuration.nix` the above bug is very easy to trigger.

This is a simplest workaround I have. A proper solution would look like
https://github.com/NixOS/nixpkgs/issues/37903#issuecomment-376980838.
2019-03-05 09:41:40 +00:00
Arian van Putten
2e75a7b516 nixos: doc: optionally include all modules in manual generation
Before this change `man 5 configuration.nix` would only show options of modules in
the `baseModules` set, which consists only of the list of modules in
`nixos/modules/module-list.nix`

With this change applied and `documentation.nixos.includeAllModules` option enabled
all modules included in `configuration.nix` file will be used instead.

This makes configurations with custom modules self-documenting. It also means
that importing non-`baseModules` modules like `gce.nix` or `azure.nix`
will make their documentation available in `man 5 configuration.nix`.

`documentation.nixos.includeAllModules` is currently set to `false` by
default as enabling it usually uncovers bugs and prevents evaluation.
It should be set to `true` in a release or two.

This was originally implemented in #47177, edited for more configurability,
documented and rebased onto master by @oxij.
2019-03-05 09:41:40 +00:00
matix2267
6ab2aea003 nixos/doc: Small updates about wireless configuration. (#55918)
* Reference networking section from installation
* Add info about pskRaw option in networking.wireless.networks
2019-03-05 04:27:15 +02:00
worldofpeace
a00c5e301e nixos/mate: cleanup 2019-03-04 21:07:01 -05:00
Silvan Mosberger
f274fc8656
Merge pull request #56550 from Infinisil/doc/xrandr/monitorConfig
nixos/xserver: Point to man page for options available in monitorConfig
2019-03-04 22:08:15 +01:00
Silvan Mosberger
8f33ad7ca9
Merge pull request #56243 from aanderse/redmine
nixos/redmine: fix permissions & cleanup
2019-03-04 22:06:33 +01:00
worldofpeace
59f47088fb nixos/pantheon: add elementary-redacted-script to fonts
Needed by elementary-screenshot-tool to conceal text.
2019-03-04 14:11:15 -05:00
Peter Hoeg
011fe4a246
Merge pull request #56571 from peterhoeg/u/mqtt
mosquitto: 1.5.5 -> 1.5.8
2019-03-04 12:23:45 +08:00
Silvan Mosberger
8c4babb8ba
Merge pull request #53463 from OlivierMarty/master
nixos/duplicity: init
2019-03-04 01:22:29 +01:00
Christian Albrecht
74962bf767
nixos/kubernetes: No need to restart services besides certmgr
within the node join script, since certmgr is taking care of
restarting services.
2019-03-03 19:43:15 +01:00
Christian Albrecht
7df88bd802
nixos/kubernetes: Put dashboard service account into bootstrapAddons
to prevent errors in log about missing permissions when
addon manager starts the dashboard.
2019-03-03 19:43:15 +01:00
Christian Albrecht
fd28c0a82a
nixos/kubernetes: Seed docker images before kubelet service start
to speed up startup time because it can be parallelized.
2019-03-03 19:43:14 +01:00
Christian Albrecht
cf8389c904
nixos/kubernetes: Add longer timeouts for waiting services 2019-03-03 19:43:14 +01:00
Christian Albrecht
51aeaaffc2
nixos/kubernetes: flannel needs iptables in service path 2019-03-03 19:43:13 +01:00
Christian Albrecht
62f03750e4
nixos/kubernetes: Stabilize services startup across machines
by adding targets and curl wait loops to services to ensure services
are not started before their depended services are reachable.

Extra targets cfssl-online.target and kube-apiserver-online.target
syncronize starts across machines and node-online.target ensures
docker is restarted and ready to deploy containers on after flannel
has discussed the network cidr with apiserver.

Since flannel needs to be started before addon-manager to configure
the docker interface, it has to have its own rbac bootstrap service.

The curl wait loops within the other services exists to ensure that when
starting the service it is able to do its work immediately without
clobbering the log about failing conditions.

By ensuring kubernetes.target is only reached after starting the
cluster it can be used in the tests as a wait condition.

In kube-certmgr-bootstrap mkdir is needed for it to not fail to start.

The following is the relevant part of systemctl list-dependencies

default.target
● ├─certmgr.service
● ├─cfssl.service
● ├─docker.service
● ├─etcd.service
● ├─flannel.service
● ├─kubernetes.target
● │ ├─kube-addon-manager.service
● │ ├─kube-proxy.service
● │ ├─kube-apiserver-online.target
● │ │ ├─flannel-rbac-bootstrap.service
● │ │ ├─kube-apiserver-online.service
● │ │ ├─kube-apiserver.service
● │ │ ├─kube-controller-manager.service
● │ │ └─kube-scheduler.service
● │ └─node-online.target
● │   ├─node-online.service
● │   ├─flannel.target
● │   │ ├─flannel.service
● │   │ └─mk-docker-opts.service
● │   └─kubelet.target
● │     └─kubelet.service
● ├─network-online.target
● │ └─cfssl-online.target
● │   ├─certmgr.service
● │   ├─cfssl-online.service
● │   └─kube-certmgr-bootstrap.service
2019-03-03 19:39:02 +01:00
Christian Albrecht
f9e2f76a59
nixos/kubernetes: Add systemd path units
to protect services from crashing and clobbering the logs when
certificates are not in place yet and make sure services are activated
when certificates are ready.

To prevent errors similar to "kube-controller-manager.path: Failed to
enter waiting state: Too many open files"
fs.inotify.max_user_instances has to be increased.
2019-03-03 19:34:57 +01:00
Andreas Rammhold
768336a74b
Merge pull request #56233 from jtojnar/nginx-tlsv13
nixos/nginx: Enable TLS 1.3 support
2019-03-03 14:19:38 +01:00
Aaron Andersen
cddb117b96 nixos/icingaweb2, nixos/restya-board, nixos/zoneminder: set phpOptions per phpfpm pool, instead of applying to every phpfpm pool 2019-03-03 07:33:25 -05:00
worldofpeace
812b88f902 nixos/mate: use gsd module 2019-03-03 04:02:25 -05:00
Aaron Andersen
43258201b9 nixos/redmine: fix permissions & cleanup 2019-03-02 23:16:19 -05:00
Robert Schütz
a3b6b49eac
Merge pull request #55383 from dotlambda/home-assistant-0.87
home-assistant: 0.86.4 -> 0.87.1
2019-03-03 02:23:23 +01:00
Matthew Bauer
b0799b4219
Merge pull request #56115 from matthewbauer/nixos-rebuild-upgrade-nix
nixos-rebuild: try to get Nix fallback from new channel first
2019-03-02 18:48:28 -05:00
Tristan Helmich (omniIT)
9efddfa2c1 graylog: 2.5.1 -> 3.0.0 2019-03-02 17:03:40 +00:00
Andreas Rammhold
839a37fdd2
nixos/tests/installer: add cryptsetup tests for LUKS format 2 & default format 2019-03-02 13:56:52 +01:00
Robert Schütz
77482629b0 nixos/home-assistant: use preferLocalBuild = true for configuration 2019-03-02 12:37:48 +01:00
Robert Schütz
971187eada nixos/home-assistant: account for "The Great Migration"
See https://developers.home-assistant.io/blog/2019/02/19/the-great-migration.html
and https://github.com/NixOS/nixpkgs/issues/55958#issuecomment-466793526.
2019-03-02 12:37:48 +01:00
Piotr Bogdan
b01302b85e nixos/manual: fix build 2019-03-02 10:32:24 +00:00
Sarah Brofeldt
ecd5ec3521
Merge pull request #56377 from LnL7/nixos-rebuild-edit
nixos-rebuild: add changelog/docs for edit subcommand
2019-03-02 10:12:07 +01:00
worldofpeace
a589f6e1dc
Merge pull request #56562 from worldofpeace/module/gsd
nixos/gnome-settings-daemon: init
2019-03-01 22:01:26 -05:00
Franz Pletz
542e384916
Merge pull request #56496 from bachp/nextcloud-nginx-recommended
nixos/nextcloud: Update recommended nginx settings
2019-03-02 01:18:18 +00:00
Julien Moutinho
2a61c058c6 rmilter: fix inetSocket
IPv6 address has to be between [] and the port after.
2019-03-02 01:12:21 +00:00
Franz Pletz
e4808a6587
Merge pull request #56489 from Ma27/add-nextcloud-overwriteprotocol-option
nixos/nextcloud: add overwriteProtocol option
2019-03-02 00:21:26 +00:00
Pascal Bach
390b6108a2 nixos/nextcloud: don't make phpPackages configurable
It needs to match the version in phpfm which is hard coded.
So there is no point in being able to change it.
2019-03-02 00:16:57 +01:00
Pascal Bach
f0c0b8d949 nixos/nextcloud: move phpPackage and phpOptions into pool
This allows to have a php configuration for nextcloud that is independent
of the global configuration.
2019-03-02 00:16:56 +01:00
Pascal Bach
8f1b163b00 nixos/nextcloud: use PHP 7.3 instead of 7.1 by default 2019-03-02 00:16:55 +01:00
Pascal Bach
7f8620900a nixos/nextcloud: update recommended nginx settings
This updates the configuration to the recommendations in
https://docs.nextcloud.com/server/15/admin_manual/installation/nginx.html
2019-03-02 00:16:55 +01:00
worldofpeace
a2b665446a nixos/pantheon: use gnome-settings-daemon module 2019-03-01 14:55:12 -05:00
worldofpeace
5ce2eba776 nixos/gnome-settings-daemon: init 2019-03-01 14:55:12 -05:00
worldofpeace
b5df81f1a1
Merge pull request #56553 from worldofpeace/plasma/xdg-user-dirs
nixos/plasma5: add xdg-user-dirs to create user directories
2019-03-01 13:25:58 -05:00
Peter Hoeg
0e40b7bfc2 mosquitto (nixos): notify systemd when started 2019-03-01 18:54:24 +08:00
David Duarte
b381c27b58 nixos/coredns: init (#54931) 2019-03-01 11:10:44 +02:00
Frederik Rietdijk
2fcb11a244 Merge staging-next into master 2019-03-01 09:06:20 +01:00
Izorkin
35b6943507 datadog-trace-agent: trace-agent moved to datadog-agent 2019-03-01 10:47:02 +03:00
worldofpeace
2e5f64bb83 nixos/plasma5: add xdg-user-dirs to create user directories 2019-02-28 19:12:28 -05:00
Silvan Mosberger
94411a4c08
nixos/xserver: Point to man page for options available in monitorConfig 2019-03-01 00:44:19 +01:00
Yurii Izorkin
fa20f98571 datadog-agent: 6.9.0 -> 6.10.0 (#56523) 2019-02-28 11:48:49 -08:00
Pascal Bach
8b3ffebcdc tautulli/plexpy: 1.4.25 -> 2.1.26 (renamed)
PlexPy was renamed to Tautulli.

This renames the module as well as the application accordingly.
Aliases are kept for backwards compatibility.

# Conflicts:
#	nixos/modules/services/misc/tautulli.nix
2019-02-28 19:07:00 +01:00
Aaron Andersen
51c897c37d nixos/plexpy: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-02-28 18:54:34 +01:00
José Romildo Malaquias
8705341dc9 mate: enable gvfs service (#56469) 2019-02-28 15:24:37 +01:00
Gabriel Ebner
80812af9e4
Merge pull request #56446 from hyperfekt/fish_generate-completions
nixos/fish: generate autocompletions from man pages
2019-02-28 10:17:15 +01:00
Danylo Hlynskyi
79cc48cdbb
Revert "Merge pull request #54980 from danbst/etc-relative" (#56507)
This reverts commit 0b91fa43e4, reversing
changes made to 183919a0c0.
2019-02-28 07:48:40 +02:00
Matthew Bauer
5dee926eb9
nixos/no-x-libs.nix: override pinentry directly
This is more specific and we avoid having gtk or qt libraries come in at all.
2019-02-27 23:53:50 -05:00
Maximilian Bosch
b42c24f7f2
nixos/nextcloud: add overwriteProtocol option
The overwriteprotocol option can be used to force Nextcloud to generate
URLs with the given protocol. This is useful for instances behind
reverse proxies that serve Nextcloud with HTTPS.

In this case Nextcloud can't determine the proper protocol and it needs
to be configured manually.
2019-02-27 22:14:35 +01:00
hyperfekt
3731835efc nixos/fish: generate autocompletions from man pages 2019-02-27 12:23:48 +01:00
Averell Dalton
7f7209ef9a nixos/docker: add enableNvidia option 2019-02-27 09:56:03 +01:00
Robert Schütz
029adf9619
Revert "nixos/fish: generate autocompletions from man pages" (#56439)
System rebuilds currently fail due to collisions.
See also https://github.com/NixOS/nixpkgs/issues/56432.
2019-02-27 00:08:57 +01:00
Dmitry Kalinkin
c9d5546635
openafs: minor documentation fix 2019-02-26 14:49:59 -05:00
Tom F
9f07fa719c Document the addresses Alertmanager will listen on (#56409)
https://github.com/golang/go/issues/9334 describes how net.Listen (as used by Alertmanager):
* listens on 127.0.0.1 if the listenAddress is "localhost"
* listens on all interfaces if the listenAddress is ""
2019-02-26 14:59:11 +01:00
Matthieu Coudron
20bbfc39e4 services.nextcloud: add logLevel (#56400)
a vlaue between 0 and 4 to help debug problems
2019-02-26 09:18:08 +01:00
Domen Kožar
0fd85a1f99
nixos release: there's a wildcard protection now for release-* on github 2019-02-26 14:12:46 +07:00
Linus Heckemann
bd018946eb 19.09 is Loris.
https://en.wikipedia.org/wiki/Loris
2019-02-25 23:21:14 +01:00
Linus Heckemann
31f0972e27
Merge pull request #52464 from hyperfekt/fish_generate-completions
nixos/fish: generate autocompletions from man pages
2019-02-25 22:03:51 +01:00
Daiderd Jordan
ad0b82d067
nixos-rebuild: add changelog/docs for edit subcommand 2019-02-25 19:36:23 +01:00
Jan Tojnar
f93ff28c62 nixos/nginx: Enable TLS 1.3 support 2019-02-25 16:47:19 +01:00
hyperfekt
5cc6377647 nixos/fish: generate autocompletions from man pages 2019-02-25 16:39:04 +01:00
xeji
0a63b6528b
Merge pull request #55547 from delroth/fix-warnings
Fix 3 warnings in nixos/tests
2019-02-25 16:01:42 +01:00
Andreas Rammhold
64c60a813d nixos/gnunet: fix typo in PrivateTmp parameter (#56343)
Systemd expects `PrivateTmp` and not `PrivateTemp` in the service
configuration.

I found this by chance while grepping through nixpkgs…
2019-02-25 15:53:36 +01:00
Linus Heckemann
dd25140305
Merge pull request #56326 from uvNikita/openssh/fix-socket
sshd: fix startWhenNeeded and listenAddresses combination
2019-02-25 12:06:11 +01:00
Elis Hirwing
0d3230f339
Merge pull request #56335 from Izorkin/nginx-fix-config
nginx: fix formating the config file
2019-02-25 10:59:37 +01:00
Silvan Mosberger
02db11d369
Merge pull request #55792 from sdier/fix/pam-update
Allow duosec to be used in nixos as a pam module.
2019-02-25 01:38:51 +01:00
Daiderd Jordan
50fec3dcd2 nixos-rebuild: add edit command (#56241) 2019-02-25 00:59:35 +01:00
Nikita Uvarov
131e31cd1b
sshd: fix startWhenNeeded and listenAddresses combination
Previously, if startWhenNeeded was set, listenAddresses option was
ignored and daemon was listening on all interfaces.
Fixes #56325.
2019-02-25 00:51:58 +01:00
Scott Dier
a11ad16bd7 nixos/security: Add release note for duosec pam support for 19.03. 2019-02-24 22:49:01 +00:00
Scott Dier
a3273e85e3 nixos/security: Fix pam configuration file generation. 2019-02-24 22:49:01 +00:00
Scott Dier
4e9ac79ef5 nixos/security: Allow configuration of pam for duosec. 2019-02-24 22:49:01 +00:00
Scott Dier
096e66a8ad nixos/security: Add duo-unix support to pam.
Also whitespace cleanup of surrounding code.
2019-02-24 22:48:56 +00:00
Izorkin
569248b3c2 nginx: fix formating the config file 2019-02-24 19:50:58 +03:00
Ryan Mulligan
d14f102334
Merge pull request #44573 from vincentbernat/feature/cloudstack
nixos/cloudstack-image: initial import
2019-02-24 08:28:42 -08:00
Léo Gaspard
5fa2c13696
Merge pull request #56257 from pacien/synapse-0.99.1.1-homeserverscript
matrix-synapse: restore service wrapper script
2019-02-24 17:11:41 +01:00
Frederik Rietdijk
c2eac6741b Merge master into staging-next 2019-02-24 09:19:12 +01:00
Elis Hirwing
d7ba376435
Merge pull request #56280 from Izorkin/nginx-config
nginx: formating the config file
2019-02-24 08:57:31 +01:00
Elis Hirwing
d4f487a78b
Merge pull request #56220 from SeTSeR/master
acpilight: init at 1.1
2019-02-24 08:28:51 +01:00