Commit Graph

13372 Commits

Author SHA1 Message Date
Jörg Thalheim
55819e6c86
Revert "zsh: don't clobber the environment of non-login shells"
This reverts commit 6a756af3e7.

Currently zshenv by default only set fpath and HELPDIR without exporting them.
A parent shell would also not set those variables usually as they are shell local.

It also sources a file called set-environment but this is protected by an
environment variable called __NIXOS_SET_ENVIRONMENT_DONE. Hence any modification
done by the parent shell should persist as long as __NIXOS_SET_ENVIRONMENT_DONE
is not unset.

This behavior deviates from what we do in bashrc and breaks common setups such
as tmux/mosh or screen.

Fixes #80437
2020-02-18 15:52:21 +00:00
José Romildo Malaquias
0bcd9a5262
Merge pull request #79939 from romildo/upd.mate
mate: update to version 1.24.0
2020-02-18 11:15:10 -03:00
Jörg Thalheim
7448211021
Merge pull request #80032 from Mic92/redis
nixos/redis: add requirePassFile option
2020-02-17 21:28:04 +00:00
Martin Milata
d85c885dc4 nixos: add /share/hunspell to environment.pathsToLink
So that applications can find hunspell dictionaries installed through
environment.systemPackages.
2020-02-17 03:35:06 +01:00
Silvan Mosberger
06d18a5737
Merge pull request #80204 from CRTified/fix/issue-76620
docker-containers: Move ExecStartPre/ExecStopPost to preStart/postStop
2020-02-16 21:24:05 +01:00
Julien Moutinho
f9be656873
shorewall: fix warnings due to types.loaOf being deprecated (#80154) 2020-02-16 12:53:49 +02:00
CRTified
c83cc9c364 nixos/docker-containers: Move ExecStartPre/ExecStopPost to preStart/postStop
This commit fixes #76620. It moves ExecStartPre and ExecStopPost to
preStart and postStop, as these options are composable. It thus allows
adding additional initialisation scripts or cleanup scripts to the systemd
unit of the docker container.
2020-02-15 23:16:43 +01:00
gtgteq
c359c6959a
nixos/postgresql: Change local auth method from ident to peer (#80179) 2020-02-15 23:55:35 +02:00
Benjamin Staffin
4c5ea02dc5
grub: Update extraConfig example text (#79406)
This expands the example to something one might actually want to use
to set up a serial console.
2020-02-15 16:45:47 -05:00
Eelco Dolstra
f0f040c3f7 nixos/modules/misc/version.nix: Don't parse .git
This leads to inconsistent results between local builds and
Hydra. Also Nix is not a general purpose language, we shouldn't be
parsing .git from inside Nix code.
2020-02-15 20:16:14 +01:00
Eelco Dolstra
a5f883e535 nixos/modules/installer/cd-dvd/channel.nix: Handle null config.system.nixos.revision 2020-02-15 20:16:14 +01:00
Maximilian Bosch
c391343fcd
nixos/nixos-build-vms: switch to python test-driver
In 0945178b3c we decided that Perl-based
VM tests should be deprecated and will be removed between 20.03 and
20.09. So let's switch `nixos-build-vms(8)` to python as well (which is
entirely interactive, so other scripts won't break).

In my experience, the test-driver isn't used most of the time, so this
patch is mainly supposed to get rid of the (probably misleading)
deprecation warning when running `nixos-build-vms`. Apart from that, the
interface for python's test-driver is way nicer.
2020-02-15 19:35:17 +01:00
Maximilian Bosch
6c63107872
nixos/manual: fix build 2020-02-15 19:18:06 +01:00
Jörg Thalheim
466c1df3e2
Merge pull request #79266 from Mic92/knot
nixos/knot: add keyFiles option
2020-02-15 11:15:03 +00:00
Atemu
08ac06edba
docker-containers: Add autoStart option (#76480)
This option allows the user to control whether or not the docker container is
automatically started on boot. The previous default behavior (true) is preserved
2020-02-15 00:57:31 +02:00
José Romildo Malaquias
ba42fef9a7 nixos/mate: add yelp to systemPackages
Without this the Contents item in the Help menu of applications fails
to launch.
2020-02-14 18:31:52 -03:00
Danylo Hlynskyi
5443eee47c
nixos/postgresql: support 0750 for data directory (#65245)
* nixos/postgresql: support 0750 for data directory

This is rework of part of https://github.com/NixOS/nixpkgs/pull/46670.
My usecase was to be able to inspect PG datadir as wheel user.

PG11 now allows starting server with 0750 mask for data dir.
`groupAccess = true` now does this automatically. The only thing you have to do
is to set group ownership.

For PG10 and below, I've described a hack how this can be done. Before this PR
hack was impossible. The hack isn't ideal, because there is short
period of time when dir mode is 0700, so I didn't want to make it official.

Test/example is present too.

* postgresql: allow changing initidb arguments via module system

Closes https://github.com/NixOS/nixpkgs/issues/18829

+ some cleanups

* addressed review comments and some fixes

* whoops

* change groupAccess to tristate, to not force `chmod` on dataDir.

Making mask either 0700 or 0750 is too restrictive..

* WIP

* let's not support group mode for versions pre-11.

The only fix is to change mode to 0700 before start, because otherwise postgresql
doesn't start, and error is non-obvious.
2020-02-14 20:51:20 +02:00
danbst
84535e0a47 let's not support group mode for versions pre-11.
The only fix is to change mode to 0700 before start, because otherwise postgresql
doesn't start, and error is non-obvious.
2020-02-14 19:16:34 +02:00
danbst
2c77c53487 Merge branch 'master' into postgresql_group 2020-02-14 19:00:52 +02:00
snicket2100
50a597cd7a
installation-cd-graphical-base.nix: adding git (#79098) 2020-02-14 18:52:18 +02:00
Symphorien Gibol
5359d90b15 nixos/btrfs: make autoScrub not prevent shutdown or suspend
Fixes: #79086 #79017
2020-02-14 12:00:00 +00:00
Michele Guerini Rocco
3d3392a492
Merge pull request #80090 from crabtw/master
nixos/pppd: fix build error
2020-02-14 10:50:47 +01:00
Michele Guerini Rocco
66b5b29977
Merge pull request #80076 from rnhmjoj/alsa
nixos/alsa: replace list by attrset in environment.etc
2020-02-14 09:40:41 +01:00
Jyun-Yan You
0f8d1ac47d nixos/pppd: fix build error 2020-02-14 12:51:50 +08:00
rnhmjoj
f01bcccd25
nixos/unclutter: fix remaining typo 2020-02-14 01:28:03 +01:00
rnhmjoj
2ad680ac73
nixos/alsa: replace list by attrset in environment.etc 2020-02-14 01:17:18 +01:00
Florian Klink
7564f4faf3
Merge pull request #78360 from serokell/mkaito/caddy-restart
nixos/caddy: resync with upstream unit file
2020-02-13 23:26:11 +01:00
Florian Klink
aaa1c7b28f
Merge pull request #79663 from primeos/brightnessctl-systemd-support
brightnessctl: Add systemd support
2020-02-13 23:14:20 +01:00
Jörg Thalheim
9cfe5a7a54
nixos/redis: add requirePassFile option
Avoids having the password in the nix store.
2020-02-13 17:06:35 +00:00
Graham Christensen
ddd09101c5
Merge pull request #79967 from grahamc/nixos-enter-fd2
nixos-enter: redirect to fd2 instead of a file named /dev/stderr
2020-02-13 11:39:35 -05:00
Jörg Thalheim
b300ccd7f3
Merge pull request #79961 from dtzWill/update/iwd-1.5
ell,iwd: 0.28, 1.5, minor touchups, drop tmpfiles snippet
2020-02-13 10:53:51 +00:00
Michele Guerini Rocco
21b31c4e51
Merge pull request #79998 from rnhmjoj/urxvt-fix
rxvt-unicode: fix typo in aliases.nix
2020-02-13 11:04:56 +01:00
Marek Mahut
4011c2a2aa
Merge pull request #76481 from fare-patches/vesa
Deprecate the boot.vesa option
2020-02-13 09:47:54 +01:00
rnhmjoj
ceb35dac58
nixos/sway: use new package name for rxvt-unicode 2020-02-13 09:36:35 +01:00
rnhmjoj
9290e6e7ba
nixos/urxvtd: use new package name for rxvt-unicode 2020-02-13 09:33:58 +01:00
Ryan Mulligan
5a358eade8
Merge pull request #69125 from jslight90/mattermost-5.15
mattermost: 5.9.0 -> 5.15.0
2020-02-12 20:56:00 -08:00
Graham Christensen
2d42fc240c
nixos-enter: redirect to fd2 instead of a file named /dev/stderr
In some cases, /dev/stderr may not point to a sensible location. For
example, running nixos-enter inside a systemd unit where the unit's
StandardOutput and StandardError are set to be sockets. In these
cases, this line would fail.

Piping to fd2 directly works just as well, even under strange and
twisted executions.

Co-authored-by: Michael Bishop <michael.bishop@iohk.io>
2020-02-12 21:18:27 -05:00
Will Dietz
ac8a92543b
iwd: drop tmpfiles snippet, services use StateDirectory already
Originally added in [1], and iwd added StateDirectory to its services
in [2] -- 4 days later.

("StateDirectory wasn't used when tmpfile snippet was added to NixOS")
(nevermind git -> release delay)

[1] 6e54e9253a
[2] upstream iwd git rev: 71ae0bee9c6320dae0083ed8c1700bc8fff1defb
2020-02-12 19:29:28 -06:00
worldofpeace
2d3163260b
Merge pull request #79830 from ilya-fedin/fix-xdg-current-desktop
Add DesktopNames parameter to generated desktop session files
2020-02-12 13:34:48 -05:00
Florian Klink
b2c2eaea6d
Merge pull request #79862 from flokli/fix-run-keys
nixos/filesystems: don't chown /run/keys recursively
2020-02-12 17:52:23 +01:00
Jörg Thalheim
e2ef8b439f
knot: add keyFiles option
This useful to include tsig keys using nixops without adding those
world-readable to the nix store.
2020-02-12 16:36:42 +00:00
Jörg Thalheim
88029bce39
knot: drop dynamic user
This makes it hard to include secret files.
Also using tools like keymgr becomes harder.
2020-02-12 16:34:10 +00:00
Ilya Fedin
f7768c939a nixos/display-managers: Add DesktopNames parameter to generated desktop session files
Some display managers (e.g. SDDM) set the XDG_CURRENT_DESKTOP variable accroding to this parameter.
If this variable is not defined, there will be some problems (e.g. MATE doesn't have icons on the desktop).

Fixes https://github.com/NixOS/nixpkgs/issues/71427
2020-02-12 07:00:39 +04:00
Michele Guerini Rocco
48704fbd4f
Merge pull request #71302 from tokudan/encrypted-swap-entropy-fix
rngd: Start early during boot and encrypted swap entropy fix
2020-02-12 01:28:03 +01:00
Florian Klink
4c8bdd1c4f nixos/filesystems: don't chown /run/keys recursively
3c74e48d9c was a bit too much, it updated
permissions of all files recursively, causing files to be readable by
the group.

This isn't a problem immediately after bootup, but on a new activation,
as tmpfiles.d get restarted then, updating the permission bits of
now-existing files.

This updates the `Z` to be a `z` (the non-recursive variant), and adds a
`d` to ensure a directory is created (which should be covered by the
initrd shell script anyway)
2020-02-11 21:52:27 +01:00
Michael Weiss
5282bc9a74
nixos/brightnessctl: Remove the module
Due to the support of the systemd-logind API the udev rules aren't
required anymore which renders this module useless [0].
Note: brightnessctl should now require a working D-Bus setup and a valid
local logind session for this to work.

[0]: https://github.com/NixOS/nixpkgs/pull/79663
2020-02-10 23:18:20 +01:00
worldofpeace
09f7e376c2
Merge pull request #79416 from jtojnar/flatpak-1.6
flatpak: 1.4.2 → 1.6.1
2020-02-10 12:57:19 -05:00
Jan Tojnar
f1aa8416d7 xdg-desktop-portal: 1.4.2 → 1.6.0
* https://github.com/flatpak/xdg-desktop-portal/releases/tag/1.6.0
* https://github.com/flatpak/xdg-desktop-portal/releases/tag/1.5.4
* https://github.com/flatpak/xdg-desktop-portal/releases/tag/1.5.3
* https://github.com/flatpak/xdg-desktop-portal/releases/tag/1.5.2
* https://github.com/flatpak/xdg-desktop-portal/releases/tag/1.5.1
* https://github.com/flatpak/xdg-desktop-portal/releases/tag/1.5.0
2020-02-10 12:55:25 -05:00
Michele Guerini Rocco
019b637fb1
Merge pull request #79747 from mmilata/fix-mangled-usernames
nixos: fix bunch of mangled usernames
2020-02-10 18:21:31 +01:00
Thomas Tuegel
fb098ea543
Merge pull request #79744 from ttuegel/bug--plasma-5.17-ports
nixos/plasma5: Port initial configurations from Plasma 5.16
2020-02-10 11:08:23 -06:00
Martin Milata
d99808c720 nixos/supybot: fix username
Broken in 1d61efb7f1.
2020-02-10 17:56:51 +01:00
Martin Milata
5d3d3eac8b nixos/statsd: fix username
Broken in 1d61efb7f1.
2020-02-10 17:56:35 +01:00
Martin Milata
17c72ef75f nixos/heapster: fix username
Broken in 1d61efb7f1.
2020-02-10 17:55:46 +01:00
Eelco Dolstra
0e6ceb8758
Merge pull request #68897 from edolstra/master
Flake support
2020-02-10 16:44:54 +01:00
Eelco Dolstra
fb05afd78d Doh 2020-02-10 16:32:59 +01:00
Eelco Dolstra
8f86624ac9 nixos-rebuild: Remove TODOs 2020-02-10 15:45:27 +01:00
Eelco Dolstra
c05cc615f2 nixos.revision: Use null instead of "master"
"master" is not a valid SHA-1 commit hash, and it's not even
necessarily the branch used. 'nixos-version --revision' now returns an
error if the commit hash is not known.
2020-02-10 15:45:15 +01:00
Eelco Dolstra
b98ea45608 nixos-version --json: Use builtins.toJSON 2020-02-10 15:45:10 +01:00
Eelco Dolstra
f9392f04ae nixos-rebuild: Remove --keep-going flag 2020-02-10 15:45:06 +01:00
Eelco Dolstra
4089dbf090 nixos-rebuild: Make 'edit' work with with flakes 2020-02-10 15:45:03 +01:00
Yorick van Pelt
e242eccb0b
nixos/buildkite-agents: update release notes 2020-02-10 13:36:30 +01:00
Yorick van Pelt
f003810989
nixos/buildkite-agents: support multiple buildkite agents 2020-02-10 13:35:14 +01:00
Florian Klink
4e0fea3fe2 Merge pull request #77578 from m1cr0man/master
Replace simp-le with lego and support DNS-01 challenge
2020-02-10 11:47:30 +01:00
Kevin Rauscher
05b4fe20a7 mopidy: update to python3
mopidy: 2.3.1 -> 3.0.1
mopidy-iris: 3.43.0 -> 3.44.0
mopidy-spotify: 3.1.0 -> 4.0.1
pykka: 1.2.0 -> 2.0.1
2020-02-10 09:53:13 +01:00
Silvan Mosberger
cb1f1b4260
nixos/sudo: Fix extraRules example rendering 2020-02-10 01:37:07 +01:00
Silvan Mosberger
637bb9fa98
Merge pull request #72060 from lopsided98/sanoid-init
sanoid: add package, NixOS module and test
2020-02-10 01:28:41 +01:00
Silvan Mosberger
6169eef798
Merge pull request #78024 from wamserma/minidlna-interval
minidlna: provide configuration option for announce interval
2020-02-10 01:25:47 +01:00
Silvan Mosberger
b9d7f1fe24 Merge pull request #65397 from mmilata/sympa
sympa: init at 6.2.52 + NixOS module
2020-02-10 01:23:45 +01:00
Ben Wolsieffer
7684537e33
nixos/sanoid, nixos/syncoid: init module and test 2020-02-10 01:12:39 +01:00
Maximilian Bosch
c2f2366f5c Merge pull request #79485 from Ma27/grocy
grocy: init at 2.6.0
2020-02-09 23:11:46 +01:00
worldofpeace
d12524fd51 Merge pull request #78453 from wedens/memtest-efi-grub
nixos/grub: make memtest work with EFI
2020-02-09 16:09:58 -05:00
Maximilian Bosch
13f7b75553
nixos/grocy: init module
Co-authored-by: elseym <elseym@me.com>
2020-02-09 21:55:27 +01:00
jrp2014
788d8769f7 nixos/virtualisation.hypervGuest: use elevator=noop
Microsoft recommends the NOOP I/O scheduler for disk performance in HYPER-V:

https://docs.microsoft.com/en-us/windows-server/virtualization/hyper-v/best-practices-for-running-linux-on-hyper-v

> NOOP is a first-in first-out queue that passes the schedule decision
> to be made by the hypervisor. It is recommended to use NOOP as the
> scheduler when running Linux virtual machine on Hyper-V.
2020-02-09 19:50:13 +01:00
Lucas Savva
75fa8027eb
nixos/acme: Update release note, remove redundant requires
Merge remote-tracking branch 'remotes/upstream/master'
2020-02-09 16:31:07 +00:00
Michael Raskin
f320a0231c
Merge pull request #67376 from oxij/nixos/zsh-doc
nixos: zsh: add more helpful documentation into generated files
2020-02-09 11:58:30 +00:00
Lucas Savva
636eb23157
nixos/acme: Fix b.example.com test 2020-02-09 11:34:17 +00:00
worldofpeace
8396961c9c
Merge pull request #79300 from jtojnar/default-wm-fix
nixos/services.xserver: Fix legacy options for default wm without dm
2020-02-08 21:28:14 -05:00
Lucas Savva
ac983cff48
nixos/acme: add dns-01 test, fix cert locating bug 2020-02-09 02:09:34 +00:00
Thomas Tuegel
d5757a8880
nixos/plasma5: Port initial configurations from Plasma 5.16 2020-02-08 09:25:14 -06:00
Franz Pletz
64ece8cc9c
Merge pull request #79248 from flokli/run-keys-group
nixos/filesystems: ensure keys gid on /run/keys mountpoint
2020-02-08 14:52:20 +00:00
Franz Pletz
589789997f
nixos/initrd-network: always run postCommands
As outlined in #71447, postCommands should always be run if networking
in initrd is enabled. regardless if the configuration actually
succeeded.
2020-02-08 14:57:49 +01:00
Franz Pletz
d25c1a8fdc
nixos/initrd-network: use ipconfig from klibc
This apparently has features that the version from Arch's
mkinitcpio-nfs-utils does not have. Fixes #75314.
2020-02-08 14:57:49 +01:00
Franz Pletz
ea7d02406b
nixos/initrd-network: flush interfaces before stage 2
Depending on the network management backend being used, if the interface
configuration in stage 1 is not cleared, there might still be some old
addresses or routes from stage 1 present in stage 2 after network
configuration has finished.
2020-02-08 14:04:02 +01:00
Franz Pletz
44e289f93b
nixos/stage-1: fix predictable interfaces names
This makes predictable interfaces names available as soon as possible
with udev by adding the default network link units to initrd which are read
by udev. Also adds some udev rules that are needed but which would normally
loaded from the udev store path which is not included in the initrd.
2020-02-08 14:04:02 +01:00
Daniel Frank
d14ba1e1ad
security.rngd: start rngd during early boot to reduce entropy starvation due to encrypted swap and remove PrivateTmp to avoid a circular dependency 2020-02-08 12:29:13 +01:00
Daniel Frank
1ac86e14c7
swap: depend on rngd if enabled and randomEncryption is configured to
avoid entropy starvation during boot
2020-02-08 12:26:09 +01:00
Spencer Janssen
3b70d0f6d1 nixos/pulseaudio: Enable udev rules 2020-02-07 15:54:35 -06:00
Martin Milata
097ab90850 nixos/sympa: init module 2020-02-07 22:54:27 +01:00
Markus S. Wamser
696979e0bc modules/wireguard: fix typo in documentation 2020-02-07 20:54:35 +01:00
worldofpeace
5e307dc68d Revert "nixos/xfce: use sessionPackages"
This reverts commit 966e56cdfb.

See https://github.com/NixOS/nixpkgs/pull/78421#issuecomment-582891431.
2020-02-07 10:16:26 -05:00
Jörg Thalheim
341241b1c8
Merge pull request #78886 from Mic92/restic-fixes
Restic fixes: pruning, process substitution (take 2)
2020-02-07 14:14:16 +00:00
Matt McHenry
5ad71cfe84
fix pruneCmd to use optionals so multi-element list is preserved 2020-02-07 10:25:33 +00:00
Jan Tojnar
07281f23b6
Merge pull request #79371 from jtojnar/hughsie-pkgs
fwupd: split daemon again
2020-02-07 00:35:27 +01:00
risson
301bca0734
nixos/tmux: rename extraTmuxConf to extraConfig (#77423) 2020-02-06 15:29:36 -08:00
Jan Tojnar
e5f7dacc93
nixos/fwupd: disable test plugins implicitly
invalid test was introduced in 297d1598ef
and it is disabled in the shipped daemon.conf.

I forgot to reflect that in the module, which caused the daemon to print the following on start-up:

    FuEngine             invalid has incorrect built version invalid

and the command to warn:

    WARNING: The daemon has loaded 3rd party code and is no longer supported by the upstream developers!

To reduce the change of this happening in the future, I moved the list of default disabled plug-ins to the package expression.

I also set the value of the NixOS module option in the config section of the module instead of the default value used previously,
which will allow users to not care about these plug-ins.
2020-02-06 22:32:13 +01:00
Silvan Mosberger
5acd168425
Merge pull request #59827 from oxij/nixos/suppress-systemd-units
nixos/systemd: add an option to suppress system units
2020-02-06 18:11:01 +01:00
Thomas Tuegel
1a903be2de
Merge pull request #79011 from ttuegel/update--plasma-5.17.5
Plasma 5.17.5
2020-02-06 09:59:51 -06:00
Aaron Andersen
f87440fd0f
Merge pull request #79046 from aanderse/http2
nixos/httpd: add http2 option
2020-02-06 06:43:13 -05:00
Jan Tojnar
bd9c5b933c
nixos/services.xserver: Fix legacy options for default wm without dm
We switched to unified default session option services.xserver.displayManager.defaultSession
and included fallback path for the legacy options. Unfortunately when only
services.xserver.windowManager.default is set and not services.xserver.desktopManager.default,
it got incorrectly converted to the new option.

This should fix that.

Closes: https://github.com/NixOS/nixpkgs/issues/76684
2020-02-06 02:34:56 +01:00
Eelco Dolstra
c08930874a nixos-rebuild: Propagate various flake lock file flags
And also --refresh and --no-net.
2020-02-05 23:15:18 +01:00
Eelco Dolstra
2a0cf385d2 nixos-rebuild: Avoid subshell reading hostname
Co-Authored-By: Jörg Thalheim <Mic92@users.noreply.github.com>
2020-02-05 23:15:18 +01:00
Eelco Dolstra
2452042c47 nixos-rebuild: Support -L flag 2020-02-05 23:15:18 +01:00
Eelco Dolstra
98e322b929 nixos-rebuild: uri -> url 2020-02-05 23:15:18 +01:00
Eelco Dolstra
fb051f0dec nixos-{rebuild,container}: Use flakeref#attrpath syntax
This makes them consistent with the 'nix' command line.
2020-02-05 23:15:18 +01:00
Eelco Dolstra
cfd468adbb nixos-rebuild: Use /etc/nixos/flake.nix if it exists 2020-02-05 23:15:18 +01:00
Eelco Dolstra
7e9b745174 nixos-version: Add --json flag and show system.configurationRevision 2020-02-05 23:15:18 +01:00
Eelco Dolstra
855fcc324a Add option system.configurationRevision to record revision of top-level flake 2020-02-05 23:15:18 +01:00
Eelco Dolstra
22cc7ab78c nixos-rebuild: Add --flake option 2020-02-05 23:15:18 +01:00
Benjamin Staffin
d04bdce3d1
docker-containers: Don't unconditionally prune images (#79253)
NixOS has `virtualisation.docker.autoPrune.enable` for this
functionality; we should not do it every time a container starts up.

(also, some trivial documentation fixes)
2020-02-05 16:30:31 -05:00
Danylo Hlynskyi
437e1f69be
bash-my-aws: init at 20200111 (#76793)
* bash-my-aws: init at 20191231

Create bma-init

* Update
2020-02-05 22:37:52 +02:00
Frederik Rietdijk
419bc0a4cd Revert "Revert "Merge master into staging-next""
In 87a19e9048 I merged staging-next into master using the GitHub gui as intended.
In ac241fb7a5 I merged master into staging-next for the next staging cycle, however, I accidentally pushed it to master.
Thinking this may cause trouble, I reverted it in 0be87c7979. This was however wrong, as it "removed" master.

This reverts commit 0be87c7979.
2020-02-05 19:41:25 +01:00
Frederik Rietdijk
0be87c7979 Revert "Merge master into staging-next"
I merged master into staging-next but accidentally pushed it to master.
This should get us back to 87a19e9048.

This reverts commit ac241fb7a5, reversing
changes made to 76a439239e.
2020-02-05 19:18:35 +01:00
Vladimír Čunát
baeed035ea
Merge #78628: knot-resolver: 4.3.0 -> 5.0.1
The service needed lots of changes. A few smaller changes
are added into the PR, e.g. replacement for PR #72014.
See the commit messages for details.
2020-02-05 16:57:02 +01:00
Silvan Mosberger
3ab846e34a
Merge pull request #35188 from sorki/overlayfs
use overlayfs by default for netboot and iso
2020-02-05 13:46:04 +01:00
Richard Marko
0c20feb231 use overlayfs by default for netboot and iso 2020-02-05 10:35:59 +01:00
Maximilian Bosch
87d4951a82
Merge pull request #78660 from buckley310/dircolors
nixos/bash: configure $LS_COLORS for interactive shells
2020-02-05 09:08:41 +01:00
wedens
7b5550a3fc nixos/grub: make memtest work with EFI
Memtest86+ doesn't support EFI, so unfree Memtest86 is used when EFI
support is enabled (systemd-boot currently also uses Memtest86 when
memtest is enabled).
2020-02-05 11:12:55 +07:00
Florian Klink
3c74e48d9c nixos/filesystems: ensure keys gid on /run/keys mountpoint
boot.specialFileSystems is used to describe mount points to be set up in
stage 1 and 2.

We use it to create /run/keys already there, so sshd-in-initrd scenarios
can consume keys sent over through nixops send-keys.

However, it seems the kernel only supports the gid=… option for tmpfs,
not ramfs, causing /run/keys to be owned by the root group, not keys
group.

This was/is worked around in nixops by running a chown root:keys
/run/keys whenever pushing keys [1], and as machines had to have pushed keys
to be usable, this was pretty much always the case.

This is causing regressions in setups not provisioned via nixops, that
still use /run/keys for secrets (through cloud provider startup scripts
for example), as suddenly being an owner of the "keys" group isn't
enough to access the folder.

This PR removes the defunct gid=… option in the mount script called in
stage 1 and 2, and introduces a tmpfiles rule which takes care of fixing
up permissions as part of sysinit.target (very early in systemd bootup,
so before regular services are started).

In case of nixops deployments, this doesn't change anything.
nixops-based deployments receiving secrets from nixops send-keys in
initrd will simply have the permissions already set once tmpfiles is
started.

Fixes #42344

[1]: 884d6c3994/nixops/backends/__init__.py (L267-L269)
2020-02-05 01:53:26 +01:00
Silvan Mosberger
c4e912ac79
Merge pull request #79243 from Infinisil/remove-hostresolvconf
nixos/resolvconf: Remove useHostResolvConf option
2020-02-05 00:53:53 +01:00
Silvan Mosberger
97ff64e351
nixos/resolvconf: Remove useHostResolvConf option
Never had any effect
2020-02-05 00:28:32 +01:00
Silvan Mosberger
b4cc413928
Merge pull request #77594 from Frostman/fix-grub-extrafiles-mirroredboots
Fix boot.loader.grub.extraFiles when used with mirroredBoots
2020-02-05 00:22:35 +01:00
Florian Klink
eb09e82120
Merge pull request #79162 from misuzu/systemd-sleep-config
nixos/systemd: add `systemd.sleep.extraConfig` config option
2020-02-04 23:02:53 +01:00
Jörg Thalheim
6cfc7e9bd2
Merge pull request #78448 from snicket2100/irqbalance-systemd
irqbalance: systemd service config aligned with upstream
2020-02-04 14:21:04 +00:00
Jörg Thalheim
c24a2d3e32
nixos/irqbalance: re-add multi-user.target
otherwise the service is never started by us.
2020-02-04 14:20:12 +00:00
Sergey Lukjanov
7144b9ac54 Fix boot.loader.grub.extraFiles when used with mirroredBoots
Substitute @bootPath@ in boot.loader.grub.extraPrepareConfig script
same way as it's done for boot.loader.grub.extraEntries option.
2020-02-03 15:37:00 -08:00
Lucas Savva
2181313c54
nixos/acme: simplify email resolve logic 2020-02-03 21:37:22 +00:00
Florian Klink
d4a951f31d
Merge pull request #78960 from aanderse/nslcd
nixos/ldap: remove redundant configuration options
2020-02-03 19:42:47 +01:00
Evan Stoll
e341719193 openrazer: 2.6.0 -> 2.7.0
openrazer: remove superfluous period from hardware.openrazer.enable
2020-02-03 10:00:35 -08:00
misuzu
f93a9074e4 nixos/systemd: add systemd.sleep.extraConfig config option 2020-02-03 18:33:15 +02:00
worldofpeace
74e4cb7ea4
Merge pull request #78543 from Atemu/dnscrypt-proxy2-service
nixos/dnscrypt-proxy2: init
2020-02-02 23:02:06 -05:00
Maximilian Bosch
5c2a7d0f07
Merge pull request #79015 from mayflower/pkg/prometheus-xmpp-alerts
prometheus-xmpp-alerts: init at 0.4.2
2020-02-02 18:46:53 +01:00
Maximilian Bosch
c2d2c2d0ca
Merge pull request #72931 from Ma27/restart-dhcp-on-exit-hook-change
nixos/dhcpcd: restart dhcpcd if exit hook changed
2020-02-02 18:33:34 +01:00
snicket2100
04bfeeac79 irqbalance: using systemd service definition from the package itself 2020-02-02 18:09:45 +01:00
Yegor Timoshenko
92d689d66b nixos/dnscrypt-proxy2: init
This removes the original dnscrypt-proxy module as well.

Co-authored-by: Atemu <atemu.main@gmail.com>
Co-authored-by: Silvan Mosberger <contact@infinisil.com>
Co-authored-by: ryneeverett <ryneeverett@gmail.com>
Co-authored-by: worldofpeace <worldofpeace@protonmail.ch>
2020-02-02 11:11:27 -05:00
Eelco Dolstra
26aba55951
Revert "add config.environment.ld-linux"
This reverts commit af665d822a, see
https://github.com/NixOS/nixpkgs/pull/78798#issuecomment-580059834 for
the reasons in a similar PR.
2020-02-02 15:29:49 +01:00
Eelco Dolstra
5495cb91eb
Revert "rmdir: avoid failing when directory did not exist"
This reverts commit 45db499d2d.
2020-02-02 15:29:40 +01:00
Maximilian Bosch
0f10495eb9
Merge pull request #74624 from Ma27/networkd-units-internal
nixos/networkd: mark `units` option as internal
2020-02-02 07:59:57 +01:00
Aaron Andersen
5b5856f6fb nixos/httpd: add http2 option 2020-02-01 19:08:02 -05:00
Jörg Thalheim
c9d6dee9e4
nixos/locate: don't create /var/cache
This is already handled by the default systemd tmpfiles.

fixes #78941
2020-02-01 17:14:52 +00:00
Franz Pletz
add880c5e8
prometheus-xmpp-alerts: init at 0.4.2 2020-02-01 15:04:01 +01:00
Thomas Tuegel
33dfefad14
nixos/plasma5: install plasma-browser-integration 2020-02-01 06:59:13 -06:00
Linus Heckemann
3af5a40fe2
Merge pull request #78843 from rnhmjoj/ipv6-privacy
nixos/networking-interfaces: change preferTempAddress to allow disabling temp addresses
2020-02-01 12:04:58 +01:00
rnhmjoj
2485e6399e
nixos/networking-interfaces: change preferTempAddress to allow disabling temp addresses 2020-02-01 11:38:40 +01:00
Eelco Dolstra
eaf1fbaef4
nixos-rebuild: --use-remote-sudo does not take an argument
Also remove outdated comment about trailing space.
2020-02-01 10:09:33 +01:00
Maximilian Bosch
7f49fa63ca
Merge pull request #75439 from Ma27/submodule-fixes-for-nixos-option
nixos/nixos-option: fix evaluator to render a full submodule entry
2020-02-01 10:00:59 +01:00
Maximilian Bosch
f9bb054180
Merge pull request #78968 from ju1m/nsd_types_lines
nsd : use types.lines where appropriate
2020-02-01 09:51:23 +01:00
Aaron Andersen
be1c62932f
Merge pull request #78802 from aanderse/httpd-cleanup
nixos/httpd: module cleanup
2020-01-31 21:09:25 -05:00
Thomas Tuegel
9b85a399fd
nixos/plasma5: startkde -> startplasma-x11 2020-01-31 19:55:25 -06:00
Aaron Andersen
0224720562 nixos/httpd: provision log directory with tmpfiles instead of mkdir 2020-01-31 20:39:25 -05:00
Aaron Andersen
01ccb67598 nixos/httpd: code cleanup 2020-01-31 20:39:12 -05:00
Julien Moutinho
1a1e5f7be5 nsd: use types.lines where appropriate 2020-01-31 20:40:48 +01:00
Aaron Andersen
bf348f07d7
Merge pull request #78902 from aanderse/duo-unix
nixos/duosec: fix configuration issue with "groups" option
2020-01-31 14:19:54 -05:00
Aaron Andersen
28bedc5f11 nixos/ldap: add CAP_SYS_RESOURCE capability to nslcd service 2020-01-31 10:12:41 -05:00
Aaron Andersen
90c96ec31d nixos/ldap: remove redundant configuration options 2020-01-31 09:55:33 -05:00
Benjamin
5d2a7238df
nixos/jupyter: Fix documentation example for jupyter.kernels (#56415)
* Fix documentation example for `jupyter.kernels`

The environment variable loading fails when using the example for `kernels` config, due to incorrect syntax. The error being something along the lines of `path not found`.

Thanks to @Infinisil and @layus for suggestions.
2020-01-31 15:30:02 +01:00
Vladimír Čunát
02bf0557c0
nixos/kresd: add .instances option 2020-01-31 15:22:52 +01:00
Vladimír Čunát
ae74a0e27c
(nixos/)knot-resolver: 4.3.0 -> 5.0.0
Minor incompatibilities due to moving to upstream defaults:
  - capabilities are used instead of systemd.socket units
  - the control socket moved:
    /run/kresd/control -> /run/knot-resolver/control/1
  - cacheDir moved and isn't configurable anymore
  - different user+group names, without static IDs

Thanks Mic92 for multiple ideas.
2020-01-31 15:22:52 +01:00
Vladimír Čunát
0a8fb01b80
nixos/kresd: fix a recent error in description 2020-01-31 15:06:27 +01:00
Andreas Rammhold
355b31c98e
Merge pull request #78476 from Ma27/networkd-vrf-options
nixos/networkd: add vrfConfig option for netdevs, add simple test
2020-01-31 13:28:22 +01:00
Jörg Thalheim
c23f10da6a
fail2ban: 0.10.5 -> 0.11.1 (#67931)
fail2ban: 0.10.5 -> 0.11.1
2020-01-31 08:58:58 +00:00
Alyssa Ross
0167eb303f nixos/mailman: make mailman package configurable
This will allow users to provide other archiver plugins than the
default mailman-hyperkitty.
2020-01-30 23:14:45 +00:00
Alyssa Ross
8f4fd4d9f5 nixos/mailman: restart services when config changed 2020-01-30 23:14:45 +00:00
Alyssa Ross
881dd9963f mailman-web: use upstream, improve NixOS module
Previously, some files were copied into the Nixpkgs tree, which meant
we wouldn't easily be able to update them, and was also just messy.

The reason it was done that way before was so that a few NixOS
options could be substituted in.  Some problems with doing it this way
were that the _package_ changed depending on the values of the
settings, which is pretty strange, and also that it only allowed those
few settings to be set.

In the new model, mailman-web is a usable package without needing to
override, and I've implemented the NixOS options in a much more
flexible way.  NixOS' mailman-web config file first reads the
mailman-web settings to use as defaults, but then it loads another
configuration file generated from the new services.mailman.webSettings
option, so _any_ mailman-web Django setting can be customised by the
user, rather than just the three that were supported before.  I've
kept the old options, but there might not really be any good reason to
keep them.
2020-01-30 23:14:45 +00:00
Alyssa Ross
a8538a73a7 mailman: init package for Mailman CLI
We already had python3Packages.mailman, but that's only really usable
as a library.  The only other option was to create a whole Python
environment, which was undesirable to install as a system-wide
package.
2020-01-30 23:14:45 +00:00
Alyssa Ross
8d9636e092 nixos/mailman: don't set Postfix hashes
It's likely that a user might want to set multiple values for
relay_domains, transport_maps, and local_recipient_maps, and the order
is significant.  This means that there's no good way to set these
across multiple NixOS modules, and they should probably all be set
together in the user's Postfix configuration.

So, rather than setting these in the Mailman module, just make the
Mailman module check that the values it needs to occur somewhere, and
advise the user on what to set if not.
2020-01-30 23:14:45 +00:00
Alyssa Ross
db0a3712bb nixos/mailman: support running through uwsgi 2020-01-30 23:14:45 +00:00
Alyssa Ross
c397d1909f nixos/mailman: don't keep secrets in the Nix store
This replaces all Mailman secrets with ones that are generated the
first time the service is run.  This replaces the hyperkittyApiKey
option, which would lead to a secret in the world-readable store.
Even worse were the secrets hard-coded into mailman-web, which are not
just world-readable, but identical for all users!

services.mailman.hyperkittyApiKey has been removed, and so can no
longer be used to determine whether to enable Hyperkitty.  In its
place, there is a new option, services.mailman.hyperkitty.enable.  For
consistency, services.mailman.hyperkittyBaseUrl has been renamed to
services.mailman.hyperkitty.baseUrl.
2020-01-30 23:14:45 +00:00
Alyssa Ross
112fa077b1 nixos/mailman: siteOwner default -> example
A default of example.com is useful to nobody.  The correct value of
this depends on the system.
2020-01-30 23:14:45 +00:00
Alyssa Ross
547b91b971 nixos/mailman: add webUser option
Not everybody is using Apache.
2020-01-30 23:14:45 +00:00
Aaron Andersen
28c815e34b nixos/duosec: fix configuration issue with "groups" option 2020-01-30 14:16:17 -05:00
Jörg Thalheim
4fa2d4b5c3
nixos/restic: use optionalString/optionalAttrs where possible 2020-01-30 17:07:21 +00:00
Matt McHenry
1c9684abd6
restic: add dynamicFilesFrom 2020-01-30 17:00:10 +00:00
Matt McHenry
c6994e90dc
restic: add support for pruning 2020-01-30 16:59:34 +00:00
Silvan Mosberger
2118cddc82
nixos/freeswitch: init (#76821)
nixos/freeswitch: init
2020-01-30 16:45:47 +01:00
misuzu
0a43e431ca nixos/freeswitch: init 2020-01-30 17:16:49 +02:00
Jörg Thalheim
8a14852fd3
nixos/lxd: add package options for LXC, LXD and ZFS (#73902)
nixos/lxd: add package options for LXC, LXD and ZFS
2020-01-30 14:51:12 +00:00
Jörg Thalheim
ccb3846596
lxd: also use default text for other package options 2020-01-30 14:26:54 +00:00
Silvan Mosberger
32718c9992
VictoriaMetrics: init at v1.32.5, add module, tests (#78038)
VictoriaMetrics: init at v1.32.5, add module, tests
2020-01-30 14:02:42 +01:00
Jörg Thalheim
d72905c58b
Merge pull request #78615 from msteen/bitwarden_rs
bitwarden_rs: 1.9.1 -> 1.13.1
2020-01-30 11:02:48 +00:00
Aaron Andersen
596e0fcb39
Merge pull request #76583 from aanderse/httpd-locations
nixos/httpd: add locations option to virtualHosts
2020-01-29 21:01:35 -05:00
Alyssa Ross
85a9743f13 spamassassin: use /etc/mail/spamassassin for config
Using a custom path in the Nix store meant that users of the module
couldn't add their own config files, which is a desirable feature.  I
don't think avoiding /etc buys us anything.
2020-01-30 00:47:10 +00:00
worldofpeace
c95612a5a2 nixos/display-managers/auto: remove
This module allows root autoLogin, so we would break that for users, but
they shouldn't be using it anyways. This gives the impression like auto
is some special display manager, when it's just lightdm and special pam
rules to allow root autoLogin. It was created for NixOS's testing
so I believe this is where it belongs.
2020-01-29 19:05:46 -05:00
Aaron Andersen
7adffb14cd
Merge pull request #78419 from utsl42/fix-unifi-install
nixos/unifi: use systemd tmpfiles instead of preStart
2020-01-29 18:55:57 -05:00
worldofpeace
c693bd142c
Merge pull request #78745 from bene1618/dhcpcd
nixos/dhcpcd: Add option for dhcpcd waiting behaviour
2020-01-29 18:08:20 -05:00
Izorkin
96e2669114 nixos/fail2ban: enable sandboxing 2020-01-29 23:15:56 +03:00
Izorkin
f1d7dfe29f nixos/fail2ban: add custom options 2020-01-29 23:15:56 +03:00
Izorkin
a55be8d794 nixos/fail2ban: update serviceConfig 2020-01-29 23:15:56 +03:00
Izorkin
182012ef43 nixos/fail2ban: add options to enable work service with iptables-compat 2020-01-29 23:15:56 +03:00
Izorkin
68d601d65c nixos/fail2ban: clean-up configuration 2020-01-29 23:15:56 +03:00
Yorick van Pelt
4b7d28b0f9
victoriametrics: add module, tests 2020-01-29 19:52:14 +01:00
Mario Rodas
deedf24c88
Merge pull request #75922 from tadfisher/kbfs-fixes
kbfs, nixos/keybase, nixos/kbfs: fix KBFS, add enableRedirector option
2020-01-28 19:13:40 -05:00
worldofpeace
138c94c75c
Merge pull request #77408 from petabyteboy/feature/geary-module
nixos/geary: init
2020-01-28 18:45:45 -05:00
Jörg Thalheim
6464a3b455
nixos: home-assistant: can dial out (#78009)
nixos: home-assistant: can dial out
2020-01-28 23:03:57 +00:00
Yorick
508343962e nixos/docker-containers: add imageFile and dependsOn options
- the `imageFile` option allows to load an image from a derivation
- the  `dependsOn` option can be used to specify dependencies between container systemd units.

Co-authored-by: Christian Höppner <mkaito@users.noreply.github.com>
2020-01-28 22:00:54 +01:00
Matthijs Steen
44dff89215 bitwarden_rs: 1.9.1 -> 1.13.1 2020-01-28 17:26:49 +01:00
Silvan Mosberger
766b78841f
Don't set background to black if ~/.background-image not prese… (#78346)
Don't set background to black if ~/.background-image not present
2020-01-28 16:42:44 +01:00
Symphorien Gibol
28321223d8 dovecot: add missing descriptions 2020-01-28 12:00:00 +00:00
Symphorien Gibol
7a40ced06b nixos/modules/services/mail/dovecot.nix: nixpkgs-fmt 2020-01-28 12:00:00 +00:00
symphorien
56f9c51b05 Update nixos/modules/services/mail/dovecot.nix
Co-Authored-By: Léo Gaspard <github@leo.gaspard.ninja>
2020-01-28 20:30:25 +01:00
Symphorien Gibol
0da7a14f16 nixos/dovecot: add an option to enable mail_plugins
Motivation:
if enableQuota is true, mail plugins cannot be enabled in extraConfig
because of the problem described here:

https://doc.dovecot.org/configuration_manual/config_file/config_file_syntax/#variable-expansion

doveconf: Warning: /etc/dovecot/dovecot.conf line 8: Global setting
mail_plugins won't change the setting inside an earlier filter at
/etc/dovecot/dovecot.conf line 5 (if this is intentional, avoid this
warning by moving the global setting before /etc/dovecot/dovecot.conf
line 5)
2020-01-28 20:30:25 +01:00