3
0
Fork 0
forked from mirrors/nixpkgs
Commit graph

5995 commits

Author SHA1 Message Date
WilliButz 60eff0eecb
nixos/grafana: use new default for connMaxLifetime 2018-12-05 20:49:45 +01:00
Jean-Philippe Braun 691932bba6 cassandra: add option to configure logging
As cassandra start script hardcodes the location of logback
configuration to `CASSANDRA_CONF_DIR/logback.xml` there is no way to
pass an alternate file via `$JVM_OPTS` for example.

Also, without logback configuration DEBUG level is used which is not
necessary for standard usage.

With this commit a default logback configuration is set with log level
INFO.

Configuration borrowed from:
https://docs.datastax.com/en/cassandra/3.0/cassandra/configuration/configLoggingLevels.html
2018-12-05 15:17:37 +01:00
Pierre Bourdon 3873f43fc3 prometheus/exporters: fix regression in DynamicUser behavior
Instead of setting User/Group only when DynamicUser is disabled, the
previous version of the code set it only when it was enabled. This
caused services with DynamicUser enabled to actually run as nobody, and
services without DynamicUser enabled to run as root.

Regression from fbb7e0c82f.
2018-12-05 11:26:38 +01:00
Pierre Bourdon 199b4c4743 prometheus/exporters/tor: make CPython happy by defining $HOME 2018-12-05 11:26:38 +01:00
Austin Seipp 2a22554092 nixos/cockroachdb: simplify dataDir management, tweaks
This cleans up the CockroachDB expression, with a few suggestions from
@aszlig.

However, it brought up the note of using systemd's StateDirectory=
directive, which is a nice feature for managing long-term data files,
especially for UID/GID assigned services. However, it can only manage
directories under /var/lib (for global services), so it has to introduce
a special path to make use of it at all in the case someone wants a path
at a different root.

While the dataDir directive at the NixOS level is _occasionally_ useful,
I've gone ahead and removed it for now, as this expression is so new,
and it makes the expression cleaner, while other kinks can be worked out
and people can test drive it.

CockroachDB's dataDir directive, instead, has been replaced with
systemd's StateDirectory management to place the data under
/var/lib/cockroachdb for all uses.

There's an included RequiresMountsFor= clause like usual though, so if
people want dependencies for any kind of mounted device at boot
time/before database startup, it's easy to specify using their own
mount/filesystems clause.

This can also be reverted if necessary, but, we can see if anyone ever
actually wants that later on before doing it -- it's a backwards
compatible change, anyway.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2018-12-04 19:44:16 -06:00
Red Davies 4173b845ca mediawiki: 1.29.1 -> 1.31.1
1.29.1 is out of support and has security vulnerabilities. 1.31.1 is current LTS.
2018-12-03 21:04:08 +00:00
Bjørn Forsman bb94d419fb nixos/jenkins-job-builder: add accessTokenFile option
The new option allows storing the secret access token outside the world
readable Nix store.
2018-12-03 17:07:29 +01:00
Bjørn Forsman 8ebfd5c45c nixos/jenkins-job-builder: stop reloadScript on error
Currently there are two calls to curl in the reloadScript, neither which
check for errors. If something is misconfigured (like wrong authToken),
the only trace that something wrong happened is this log message:

  Asking Jenkins to reload config
  <h1>Bad Message 400</h1><pre>reason: Illegal character VCHAR='<'</pre>

The service isn't marked as failed, so it's easy to miss.

Fix it by passing --fail to curl.

While at it:
* Add $curl_opts and $jenkins_url variables to keep the curl command
  lines DRY.
* Add --show-error to curl to show short error message explanation when
  things go wrong (like HTTP 401 error).
* Lower-case the $CRUMB variable as upper case is for exported environment
  variables.

The new behaviour, when having wrong accessToken:

  Asking Jenkins to reload config
  curl: (22) The requested URL returned error: 401

And the service is clearly marked as failed in `systemctl --failed`.
2018-12-03 17:07:29 +01:00
Frederik Rietdijk a510aa2672 Merge master into staging-next 2018-12-03 12:18:43 +01:00
Piotr Bogdan 9ca3414e05 nixos/cockroachdb: supply defaultText for the package option 2018-12-02 20:50:57 -06:00
Austin Seipp 4594b18070 nixos/chrony: fix misplaced ConditionCapability= directive
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2018-12-02 20:32:47 -06:00
Izorkin 953be3e283 mariadb: change location configuration file to /etc/my.cnf 2018-12-02 22:15:02 +03:00
Silvan Mosberger 4afae70e2b
Merge pull request #48423 from charles-dyfis-net/bees
bees: init at 0.6.1; nixos/modules: services.bees init
2018-12-02 18:38:47 +01:00
markuskowa 506d4c7e44
Merge pull request #51329 from c0bw3b/cleanup/gnu-https
Favor HTTPS URLs - the GNU edition
2018-12-02 16:52:33 +01:00
c0bw3b 0498ccd076 Treewide: use HTTPS on GNU domains
HTTP -> HTTPS for :
- http://gnu.org/
- http://www.gnu.org/
- http://elpa.gnu.org/
- http://lists.gnu.org/
- http://gcc.gnu.org/
- http://ftp.gnu.org/ (except in fetchurl mirrors)
- http://bugs.gnu.org/
2018-12-02 15:51:59 +01:00
Bas van Dijk 7035598251
Merge pull request #51225 from LumiGuide/elk-6.5.1
elk: 6.3.2 -> 6.5.1
2018-12-02 14:44:47 +01:00
John Boehr 4226ddc034 nixos/cockroachdb: create new service
This also includes a full end-to-end CockroachDB clustering test to
ensure everything basically works. However, this test is not currently
enabled by default, though it can be run manually. See the included
comments in the test for more information.

Closes #51306. Closes #38665.

Co-authored-by: Austin Seipp <aseipp@pobox.com>
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2018-12-01 19:07:49 -06:00
Bas van Dijk fbf0efc6a7 elk: 6.3.2 -> 6.5.1 2018-12-01 12:47:12 +01:00
Austin Seipp ee14496ae2 nixos/dhcpcd: (try to) restart chrony in the exitHook
As the comment notes, restarts/exits of dhcpcd generally require
restarting the NTP service since, if name resolution fails for a pool of
servers, the service might break itself. To be on the safe side, try
restarting Chrony in these instances, too.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2018-11-30 18:50:33 -06:00
Austin Seipp 7b8d9700e1 nixos/chrony: don't emit initstepslew when servers is empty
Setting the server list to be empty is useful e.g. for hardware-only
or virtualized reference clocks that are passed through to the system
directly. In this case, initstepslew has no effect, so don't emit it.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2018-11-30 18:50:32 -06:00
Jan Tojnar e02516db75
nixos/gnome3: enable remote desktop on wayland 2018-11-30 21:35:21 +01:00
Jan Tojnar d359635ab4
gnome3.gnome-remote-desktop: init at 0.1.6 2018-11-30 21:35:21 +01:00
Tor Hedin Brønner 2c8565a3ce
nixos/gdm: use XDG_DATA_DIRS to find sessions
Gdm now searches for session files in XDG_DATA_DIRS so we no longer need the
sessions_dir.patch.
2018-11-30 21:34:47 +01:00
Robert Schütz 74e283403c
nixos/borgbackup: allow paths to be empty or relative (#51275)
This former necessary in order to exclusively use `--pattern` or `--patterns-from`.
Fixes #51267.
2018-11-30 17:37:50 +01:00
Florian Klink aa490a543e
Merge pull request #48049 from Vskilet/roundcube-module
nixos/roundcube: add roundcube module
2018-11-30 13:29:00 +01:00
Charles Duffy 86db2f394c
nixos/modules: services.bees init 2018-11-29 20:27:45 -06:00
Maximilian Bosch 216a954540
nixos/nextcloud: add basic module documentation and warn about current upgrading issues
Part of #49783. NextCloud tracks in its `config.php` the application's
state which makes it hard for the module to modify configurations during
upgrades.

It will take time until the issue is properly fixed, therefore we
decided to warn about this in the manual.

This PR addresses two things:

* Adding a basic example for nextcloud. I figured it to be helpful to
  add some basic usage instructions when adding a new manual entry.
  Advanced documentation may follow later.

  For now this document actively links to the service options, so users
  are guided to the remaining options that can be helpful in certain
  cases.

* Add a warning about upgrades and manual changes in
  `/var/lib/nextcloud`. This will be fixed in the future, but it's
  definetely helpful to document the current issues in the manual (as
  proposed in https://github.com/NixOS/nixpkgs/issues/49783#issuecomment-439691127).
2018-11-29 11:59:54 +01:00
Florian Klink 3caeeabb14 gitlab: stop regenerating the authorized_keys file 2018-11-28 23:09:23 +01:00
Robin Gloster 1262a5ca97
roundcube: apply code review suggestions 2018-11-28 18:53:37 +01:00
Robin Gloster 9ace7f6409
roundcube: clean-up and add test 2018-11-28 18:52:10 +01:00
Victor SENE 2f8073bd92
roundcube: IPv6 by default 2018-11-28 18:52:10 +01:00
Victor SENE b5120953c6
nixos/roundcube: add roundcube module and default configuration 2018-11-28 18:52:08 +01:00
Léo Gaspard f161f02552
Merge branch 'pr-51043'
* pr-51043:
  nixos/urxvtd: remove socket activation
2018-11-29 00:50:01 +09:00
Brandon Black dacbd5a61a nixos/ntp: use upstream default restrictions to avoid DDoS (#50762)
Fixes #50732
2018-11-28 10:15:25 +00:00
Domen Kožar d04fedd715
postgresql: Enable systemd integration for 9.6+
This allows, finally, proper detection when postgresql is ready to
accept connections. Until now, it was possible that services depending
on postgresql would fail in a race condition trying to connect
to postgresql.
2018-11-27 19:16:21 +00:00
Jean-Philippe Braun cdacdc0686 nixos/kubernetes: allow to disable clusterCidr
Fix option type and set --allocate-node-cidr to false if no clusterCidr
is defined.
2018-11-26 16:36:30 +01:00
fishyfriend b34b39cab4 nixos/urxvtd: remove socket activation
This fixes #23193. urxvtd is not presently compatible with socket activation.
2018-11-25 15:25:19 -05:00
Silvan Mosberger b5f4f228d6
Merge pull request #51012 from griff/rspamd-proxy-type
nixos/rspamd: Allow worker type to be proxy again
2018-11-25 21:07:42 +01:00
Renaud 6a5fff3741
Merge pull request #51001 from c0bw3b/cleanup/more-https
Treewide: use more HTTPS-enabled sources
2018-11-25 16:22:34 +01:00
Brian Olsen 0d753af661
nixos/rspamd: Allow worker type to be proxy again
When reworking the rspamd workers I disallowed `proxy` as a type and
instead used `rspamd_proxy` which is the correct name for that worker
type. That change breaks peoples existing config and so I have made this
commit which allows `proxy` as a worker type again but makes it behave
as `rspamd_proxy` and prints a warning if you use it.
2018-11-25 16:03:34 +01:00
Franz Pletz c1d760f0bf
Merge pull request #50469 from mguentner/mxisd
mxisd: init at 1.2.0 plus service with test
2018-11-25 13:26:05 +00:00
Maximilian Güntner efae5d43ef
modules: add mxisd with test 2018-11-25 14:24:10 +01:00
Craig Younkins eff461c8ef treewide: systemd timeout arguments to use infinity instead of 0 (#50934)
Fixes https://github.com/NixOS/nixpkgs/issues/49700
2018-11-25 13:33:22 +01:00
c0bw3b 5e4ceba7bf nixos/mediawiki: fetch over https 2018-11-24 23:18:26 +01:00
c0bw3b c615b0504b nixos/flashpolicyd: fix url and use https 2018-11-24 23:13:09 +01:00
c0bw3b 434eab9955 nixos/systemhealth: fix url and use https 2018-11-24 23:07:30 +01:00
Joachim F e426613174
Merge pull request #50950 from jonasnick/nixos-tor-hiddenservice-version
nixos/tor: add HiddenServiceVersion option
2018-11-24 12:41:37 +00:00
Michael Raskin 5e159d463b
Merge pull request #49228 from Ekleog/rss2email-module
rss2email module: init
2018-11-23 22:30:29 +00:00
Jonas Nick 5640aa2814 nixos/tor: add HiddenServiceVersion option 2018-11-23 20:53:02 +00:00
Andreas Rammhold 51c3082119 nixos/prometheus: require one alertmanager configuration parameter
This commit adds an assertion that checks that either `configFile` or
`configuration` is configured for alertmanager. The alertmanager config
can not be an empty attributeset. The check executed with `amtool` fails
before the service even has the chance to start. We should probably not
allow a broken alertmanager configuration anyway.

This also introduces a test for alertmanager configuration that piggy
backs on the existing prometheus tests.
2018-11-23 19:45:17 +01:00
Andreas Rammhold b1032db5a9 nixos/prometheus: check alertmanager configuration 2018-11-23 19:45:17 +01:00
Andreas Rammhold d1ef00ebee nixos/prometheus: add package option to alertmanager 2018-11-23 19:45:17 +01:00
Jörg Thalheim d3aeed389c
Merge pull request #50641 from blaxill/firewallMerge
nixos/firewall: Always use global firewall.allowed rules
2018-11-23 11:42:16 +00:00
Ben Blaxill 308ab4ea25 Rename back to default and better release notes 2018-11-22 19:24:23 -05:00
Markus Kowalewski 25af518845
nixos/slurm: add extraConfigPaths options 2018-11-22 11:43:05 +01:00
Jörg Thalheim 769735d8a1
netdata: create missing /etc/netdata
Since netdata 1.11.0 updated in https://github.com/NixOS/nixpkgs/pull/50459
it needs to have a /etc/netdata directory, which we did not create by default.
fixes #50893
2018-11-21 23:00:04 +00:00
Matthew Bauer 75999d4e38
Merge pull request #41887 from gmarmstrong/fix/seahorse-update
nixos/seahorse: require gnome3.dconf
2018-11-21 15:15:32 -06:00
Ben Blaxill 32779b4c74 Refactor out the set operations 2018-11-20 21:29:33 -05:00
Markus Kowalewski ae93ed0f0d
nixos/slurm: set slurmd KillMode to process
The default of systemd is to kill the
the whole cgroup of a service. For slurmd
this means that all running jobs get killed
as well whenever the configuration is updated (and activated).

To avoid this behaviour we set "KillMode=process"
to kill only slurmd on reload. This is how
slurm configures the systemd service.

See:
https://bugs.schedmd.com/show_bug.cgi?id=2095#c24
508f866ea1
2018-11-20 22:26:42 +01:00
Samuel Dionne-Riel a041dc8ab7
Merge pull request #50499 from delroth/syncthing-relay
syncthing-relay module: init
2018-11-20 01:40:23 +00:00
Richard Marko 3ffda36356 wireguard: don't modprobe if boot.isContainer is set 2018-11-20 01:17:04 +01:00
Linus Heckemann 388d36951c
Merge pull request #49735 from pvgoran/mysql-support-mysql57
nixos/mysql: support package=mysql57
2018-11-19 20:49:08 +01:00
Ben Blaxill 551d2f7ed2 nixos/firewall: Always use global firewall.allowed rules
Apply global firewall.allowed* rules separately from the
interface specific rules.
2018-11-18 22:50:01 -05:00
Pierre Bourdon 08f24cadaa syncthing-relay module: init 2018-11-19 01:09:54 +01:00
Renaud 7f84561cc3
Merge pull request #49631 from janikrabe/master
oidentd: 2.2.2 -> 2.3.1
2018-11-19 00:31:02 +01:00
Benno Fünfstück 773e8d07bc nixos/accountsservice: set XDG_DATA_DIRS correctly 2018-11-18 17:16:24 +01:00
Pavel Goran 21e9c35f5f nixos/mysql: support package=mysql57 2018-11-18 12:25:36 +07:00
Jörg Thalheim 31d2593ced
netdata: fix python plugins
fixes #33366
2018-11-17 15:38:15 +00:00
Jörg Thalheim dfd77bc26f
Merge pull request #50459 from marsam/feature/netdata-darwin
netdata: 1.10.0 -> 1.11.0
2018-11-17 15:01:06 +00:00
Samuel Dionne-Riel 07eaaf6c8b
Merge pull request #49838 from dasJ/mysql-datadir
nixos/mysql: Explicitly set datadir in my.cnf
2018-11-16 19:21:01 +00:00
Jörg Thalheim 348b7b8be9 nixos/netdata: own plugins must the looked up first
Otherwise netdata will not find python modules.
To make sure netdata still pick up our setuid version of apps.plugin
we rename the original executable.
2018-11-16 11:24:27 -05:00
Eelco Dolstra 5835b2796e
Merge pull request #50440 from Mic92/nix-cores
nixos/nix-daemon: default to build with all cores available
2018-11-16 09:13:44 +01:00
Jörg Thalheim ced57f7888
nixos/nix-daemon: default to build with all cores available
These days build systems are more robust w.r.t. to concurrency.
Most users will have at least two cores in their machines.
Therefore I suggest to increase the number of cores used for building.

fixes #50376
2018-11-16 02:05:30 +00:00
Ryan Mulligan 23dfa4e073 nixos/mysql: fix ensureUsers example formatting
closes #50441
2018-11-15 17:46:09 -08:00
Rafael García Gallego 8bf4fe85f1 selfoss (service): fix port in service config (#50411) 2018-11-15 19:22:20 +00:00
Léo Gaspard 0483ce0eee
rss2email module: init
Also adding `system-sendmail` package for sharing the code with other
modules or packages needing it.
2018-11-15 23:44:16 +09:00
Linus Heckemann f73afe6ccf
Merge pull request #50356 from mayflower/gitlab-smtp-fix
gitlab: fix smtp setting
2018-11-15 12:13:18 +01:00
Vladimír Čunát e229065842
Merge #50280: xorg: init xf86-video-vboxvideo ...
Based on reports X wouldn't start out of the box and seems OK now.
In case there are still some problems, we can improve later.
I checked that nixos.tests.virtualbox.* still succeed.
2018-11-14 20:34:48 +01:00
Robin Gloster 74df0823f3
gitlab: fix smtp setting
fixes #50163
2018-11-14 18:58:45 +01:00
Daniel Peebles 9b7c57cdc8
Merge pull request #50348 from DzmitrySudnik/exhibitor-service-fix
exhibitor: fix paths for zookeeper shell scripts
2018-11-14 09:32:14 -05:00
Dzmitry Sudnik 5517661935 exhibitor: fix paths for zookeeper shell scripts to point to local folders 2018-11-14 09:30:01 -05:00
Linus Heckemann 231e671758
Merge pull request #49736 from nh2/glusterfs-service-simple-unit-no-forking
glusterfs service: Switch to simple unit instead of forking
2018-11-14 12:35:57 +01:00
Samuel Dionne-Riel 58c0c2574c
Merge pull request #49840 from markuskowa/fix-pgBackup
nixos/postgresqlBackup: set to umask to 0077
2018-11-14 01:40:38 +00:00
Tobias Happ 4839403dd6 nixos/{lightdm,sddm,xpra}: remove enabling of logToFile 2018-11-13 21:52:37 +01:00
Jörg Thalheim e3ac65f4c1
Merge pull request #50186 from dingxiangfei2009/cloud-init-btrfs
Allow cloud-init to support creating btrfs partitions
2018-11-13 14:17:30 +00:00
Jörg Thalheim a5c74762cb
nixos/cloud-init: add enable suffix to ext4/btrfs
Makes the optional more self-describing and allows future extensions
2018-11-13 10:28:40 +00:00
Robert Hensing 9871fe3564
Merge pull request #47346 from NixOS/roberth-patch-1
rabbitmq module: Update documentation
2018-11-13 10:03:38 +01:00
Ding Xiang Fei a965921af9 allow cloud-init to support creating btrfs partitions 2018-11-13 13:14:34 +08:00
Vladimír Čunát 9108b24253
xorg: init xf86-video-vboxvideo at 1.0.0
... and switch to it by default in virtualbox guests
2018-11-12 20:29:14 +01:00
Edward Tjörnhammar 888d01da48
nixos/minetest fix: add missing uid/gid for minetest 2018-11-11 12:47:09 +01:00
Silvan Mosberger e888a997d0
Merge pull request #49743 from nh2/glusterfs-4.0.0
glusterfs: 3.12.12 -> 4.0.0
2018-11-11 01:42:48 +01:00
Jörg Thalheim 1d261945c7
Merge pull request #50113 from ryantm/monit
nixos/monit: change type of 'config' option to lines
2018-11-10 14:47:38 +00:00
Jörg Thalheim 4ec41a9a9e
Merge pull request #50115 from Ekleog/nextcloud-pgsql-unix
nextcloud module: document process for using with pgsql unix auth
2018-11-10 14:37:18 +00:00
Silvan Mosberger 9c984b06c4
Merge pull request #38514 from disassembler/grafana-reporter
grafana-reporter: init at 2.0.1
2018-11-10 15:15:21 +01:00
Silvan Mosberger e468a1091b
Merge pull request #48687 from danielrutz/port-type
Add port type
2018-11-10 15:12:07 +01:00
Léo Gaspard 221e0fae38
nextcloud module: document process for using with pgsql unix auth 2018-11-10 12:30:54 +09:00
Silvan Mosberger 38b2520b96
Merge pull request #37365 from proteansec/pkgs/bacula
bacula: 5.2.13 -> 9.2.1
2018-11-10 04:23:28 +01:00
volth 5ea22a5b00 nixos/nix: ignore nix.checkConfig when cross-compiling (#48225)
* nixos/nix: ignore nix.checkConfig when cross-compiling

the check always fails because of architecture mismatch

* typos
2018-11-09 19:18:06 -06:00
Ryan Mulligan 8d0b95dc09 nixos/monit: change type of 'config' option to lines
By using types.lines for 'config', we can specify monit configurations
in lots of modules and they can all be automatically combined together
with newlines. This is desireable because different modules might want
to each specify the small monitoring task specific to their service.

This commit also updates the module to use current idioms.
2018-11-09 16:07:42 -08:00
Franz Pletz 8ba51ef5ec
Merge pull request #49809 from griff/rspamd-workers
nixos/rspamd: Multiple workers, extraConfig priority & postfix integration
2018-11-09 02:55:02 +00:00
Brian Olsen e01605be15
nixos/rspamd: Add options for postfix integration
The `rmilter` module has options for configuring `postfix` to use it but
since that module is deprecated because rspamd now has a builtin worker
that supports the milter protocol this commit adds similar `postfix`
integration options directly to the `rspamd` module.
2018-11-09 01:31:27 +01:00
Renaud 6399b103d8
Merge pull request #49814 from aanderse/gitea
nixos/gitea: fix mysql issue, add mysql socket auth, and add a nixos test
2018-11-08 23:45:46 +01:00
Aaron Andersen 3ed52c7804 nixos/gitea: add mysql socket authentication as an option 2018-11-08 17:30:58 -05:00
Aaron Andersen 0bbb6f4f2a nixos/gitea: fix systemd after target when mysql is the database of choice 2018-11-08 17:30:36 -05:00
Sander van der Burg 530b4bcadd nixos/alerta: create new module + add kapacitor integration 2018-11-08 22:34:23 +01:00
Janik Rabe 49e97f8f88 oidentd: 2.2.2 -> 2.3.1
* Added license: GPLv2.
* Updated homepage and description.
* CFLAGS are no longer necessary as of version 2.2.0.
* Option '-a ::' is no longer necessary as of version 2.2.0.
2018-11-07 14:51:45 +02:00
Markus Kowalewski a0371d4761
nixos/postgresqlBackup: set to umask to 0077
* Ensure that the backup file is only readable by the owner
* Add file permission test to tests
2018-11-06 21:59:29 +01:00
sveitser 13892da3e7 nixos/jupyter: wait for network.target 2018-11-06 20:40:20 +01:00
Franz Pletz 159a5f31bc
Merge pull request #49792 from griff/rspamd-multifile-enable
nixos/rspamd: Fix enable for locals and overrides
2018-11-06 18:25:47 +00:00
Janne Heß c7f5457aa6 nixos/mysql: Explicitly set datadir in my.cnf
While this seems silly at first (it's already given as start parameter
to mysqld), it seems like xtrabackup needs that sometimes.
Without it, a Galera cluster cannot be run using the xtrabackup
replication method.
2018-11-06 18:38:28 +01:00
Peter Simons a7afcff928 nixos: packagekit can no longer use "nix" default back-end
The code in question does not support Nix 2.0 yet.

Closes https://github.com/NixOS/nixpkgs/issues/49793.
2018-11-06 12:13:14 +01:00
Sarah Brofeldt 81de3e39b0
Merge pull request #49516 from johanot/kubedns-to-coredns
nixos/kubernetes: KubeDNS -> CoreDNS
2018-11-06 10:30:49 +01:00
Brian Olsen fba69f388b
nixos/rspamd: Put extraConfig in included files
The lines stored in `extraConfig` and `worker.<name?>.extraConfig`
should take precedent over values from included files but in order to do
this in rspamd UCL they need to be stored in a file that then gets
included with a high priority. This commit uses the overrides option to
store the value of the two `extraConfig` options in `extra-config.inc`
and `worker-<name?>.inc` respectively.
2018-11-06 00:34:23 +01:00
Brian Olsen 46ef075e7d
nixos/rspamd: Add defaults for rspamd_proxy worker 2018-11-06 00:32:14 +01:00
Brian Olsen 3a4459a305
nixos/rspamd: Support multiple workers
When the workers option for rspamd was originally implemented it was
based on a flawed understanding of how workers are configured in rspamd.
This meant that while rspamd supports configuring multiple workers of
the same type, so that different controller workers could have different
passwords, the NixOS module did not support this because it would write
an invalid configuration file if you tried.

Specifically a configuration like the one below:

```
workers.controller = {};
workers.controller2 = {
  type = "controller";
};
```

Would result in a rspamd configuration of:

```
worker {
  type = "controller";
  count = 1;
  .include "$CONFDIR/worker-controller.inc"
}
worker "controller2" {
  type = "controller";
  count = 1;
}
```

While to get multiple controller workers it should instead be:

```
worker "controller" {
  type = "controller";
  count = 1;
  .include "$CONFDIR/worker-controller.inc"
}
worker "controller" {
  type = "controller";
  count = 1;
}
```
2018-11-06 00:26:55 +01:00
Brian Olsen c853b34824
nixos/rspamd: Fix enable for locals and overrides
When implementing #49620 I included an enable option for both the
locals and overrides options but the code writing the files didn't
actually look at enable and so would write the file regardless of its
value. I also set the type to loaOf which should have been attrsOf
since the code was not written to handle the options being lists.

This fixes both of those issues.
2018-11-05 17:50:34 +01:00
Michael Raskin 6b8252d367
Merge pull request #44303 from pvgoran/tomcat-clean-basedir
nixos/tomcat: add purifyOnStart option
2018-11-04 17:50:38 +00:00
Andreas Rammhold 6795bdd58c nixos/prometheus: check configuration before starting service
With `promtool` we can check the validity of a configuration before
deploying it. This avoids situations where you would end up with a
broken monitoring system without noticing it - since the monitoring
broke down. :-)
2018-11-04 15:08:44 +01:00
Andreas Rammhold 0de150e0f2 nixos/prometheus: add package option
With a package option we can let the user decide what package to use for
prometheus without requiring an overlay.
2018-11-04 15:08:44 +01:00
Andreas Rammhold c891dac82f
Merge pull request #49283 from aanderse/solr
solr: 4.10.3 -> 7.5.0, refactor service to reflect major changes in version bump
2018-11-04 13:24:15 +01:00
Niklas Hambüchen c3cddfcef1 glusterfs: 3.12.2 -> 4.0.0 2018-11-04 11:18:15 +01:00
Niklas Hambüchen 92f40bab2b glusterfs service: Switch to simple unit instead of forking.
Gluster's pidfile handling is bug-ridden.

I have fixed https://bugzilla.redhat.com/show_bug.cgi?id=1509340
in an attempt to improve it but that is far from enough.

The gluster developers describe another pidfile issue as
"our brick-process management is a total nightmare", see
f1071f17e0/xlators/mgmt/glusterd/src/glusterd-utils.c (L5907-L5924)

I have observed multiple cases where glusterd doesn't start correctly
and systemd doesn't notice because of the erroneous pidfile handling.

To improve the situation, we don't let glusterd daemonize itself any more
and instead use `--no-daemon` and the `Simple` service type.
2018-11-04 11:09:30 +01:00
Robin Gloster eadb998581
gitlab module: fix config handling 2018-11-04 00:26:01 +01:00
Joachim F 9c44eebbbd
Merge pull request #49620 from griff/rspamd-multifile
nixos/rspamd: Add support for included files
2018-11-03 19:06:02 +00:00
Robert Hensing 4aa30166d1 rabbitmq module: Update documentation after proofreading
Thanks @c0bw3b, @lsix!
2018-11-03 19:19:04 +01:00
Niklas Hambüchen 2cb7f5fb1e consul: 0.9.3 -> 1.3.0.
Removes the old UI build tooling; it is no longer necessary
because as of 1.2.0 it's bundled into the server binary.
It doesn't even need to have JS built, because it's bundled into
the release commit's source tree (see #48714).

The UI is enabled by default, so the NixOS service is
updated to directly use `ui = webUi;` now.

Fixes #48714.
Fixes #44192.
Fixes #41243.
Fixes #35602.

Signed-off-by: Niklas Hambüchen <mail@nh2.me>
2018-11-03 18:39:46 +01:00
Aaron Andersen 1b725def23 solr: 4.10.3 -> 7.5.0, refactor service to reflect major changes in version bump, NixOS test included 2018-11-03 13:14:13 -04:00
Robin Gloster ec7cb84bf0
gitlab: refactor and fix test 2018-11-02 22:40:21 +01:00
Austin Seipp 2266f2014b nixos/postgresql: add myself as maintainer
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2018-11-02 13:52:33 -05:00
Austin Seipp 93aa285376 nixos: fix #48917 by setting SYSTEMD_TIMEDATED_NTP_SERVICES
Setting this variable in the environment of systemd-timedated allows
'timedatectl' to tell if an NTP service is running.

Closes #48917.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2018-11-02 09:10:15 -05:00
Joachim F 2dc0fc6516
Merge pull request #47526 from rnhmjoj/syncthing
nixos/syncthing: move configuration to condigDir
2018-11-02 12:02:51 +00:00
Brian Olsen 0810d631a4
nixos/rspamd: Add support for included files
By default rspamd will look for multiple files in /etc/rspamd/local.d
and /etc/rspamd/override.d to be included in subsections of the merged
final config for rspamd. Most of the config snippets in the official
rspamd documentation are made to these files and so it makes sense for
NixOS to support them and this is what this commit does.

As part of rspamd 1.8.1 support was added for having custom Lua
rules stored in $LOCAL_CONFDIR/rspamd.local.lua which means that it is
now possible for NixOS to support such rules and so this commit also
adds support for this to the rspamd module.
2018-11-02 01:46:57 +01:00
obadz c8c1ed2c78 nixos/zerotier: binds to network-online.target to avoid the 1m30s timeout before kill on shutdown 2018-11-01 23:00:25 +00:00
Sander van der Burg 60298d1e08 nixos/kapacitor: new service 2018-11-01 21:53:45 +01:00
Dejan Lukan 02a3726a12 bacula: 5.2.13 -> 9.2.1 2018-11-01 21:28:16 +01:00
Peter Hoeg db1a40a882 home-assistant: use SIGINT instead of SIGTERM to shut down (#49571)
hass will ignore the standard SIGTERM sent by systemd during stop/restart and we
then have to wait for the timeout after which systemd will forcefully kill the
process.

If instead if we send SIGINT, hass will shut down nicely.

There are many issues reported upstream about the inability to shut down/restart
and it is *supposed* to work with SIGTERM but doesn't.
2018-11-01 16:39:37 +01:00
Johan Thomsen 2617b6800d nixos/kubernetes: Replace KubeDNS with CoreDNS 2018-10-31 13:41:04 +01:00
Will Dietz 2603e3a5e9 gtk: don't hardcode glibc use
(cherry picked from commit 6e6f839093ad080c3a61810e9720165faf103e81)
2018-10-30 19:52:03 -05:00
xeji 6efd811062
Merge pull request #49348 from markuskowa/mod-slurm-upgrade
nixos/slurm: add slurmdbd, run daemons as user
2018-10-31 00:16:11 +01:00
Markus Kowalewski b388beeca3
nixos/slurm: add maintainer to module and test 2018-10-30 19:50:52 +01:00
Markus Kowalewski d2799d1835
nixos/slurm: node/partitionName option -> list
Make the node and partitionname options lists.
There can be more than paratition or set of nodes.

Add changes to release notes
2018-10-30 19:50:52 +01:00
Markus Kowalewski f51f753416
nixos/slurm: fix obselete string type 2018-10-30 19:50:52 +01:00
Markus Kowalewski 79c9dbfb40
nixos/slurm: add slurmdbd to module
* New options "services.slurm.dbdserver.[enable,config]"
* Add slurmdbd to test slurm.nix
2018-10-30 19:50:52 +01:00
Markus Kowalewski 111d4eb090
nixos/slurm: run ctld as user and fix spool dir
* run as user 'slurm' per default instead of root
* add user/group slurm to ids.nix
* fix default location for the state dir of slurmctld:
  (/var/spool -> /var/spool/slurmctld)
* Update release notes with the above changes
2018-10-30 19:50:46 +01:00
Léo Gaspard b9faae955c
redsocks module: add self as maintainer 2018-10-31 01:06:14 +09:00
Léo Gaspard 930bcbda83
dkimproxy-out module: add self as maintainer 2018-10-31 01:06:04 +09:00
Léo Gaspard 9b34f47b7c
clamsmtp module: add self as maintainer 2018-10-31 01:05:49 +09:00
Jörg Thalheim 6c7ec02503
Merge pull request #48499 from aneeshusa/restart-salt-on-config-changes
nixos/salt: restart on config changes
2018-10-30 15:40:56 +00:00
xeji 1d9481a127
Merge pull request #49395 from dtzWill/update/upower-0.99.9
upower: 0.99.7 -> 0.99.9, lock down service
2018-10-30 15:57:11 +01:00
Lancelot SIX f68cf486d8
Merge pull request #48664 from alyssais/postgres11
postgresql_11: init at 11.0
2018-10-30 15:54:42 +01:00
Lassulus 334dd6f964 nixos/bitlbee: use purple-2 as purple_plugin_path (#49440) 2018-10-30 15:37:41 +01:00
Alyssa Ross c6c7d55790
postgresql*: use underscores in version numbers 2018-10-30 14:32:21 +00:00
Will Dietz d7e4c49ffc nixos/upower: lockdown service using upstream settings 2018-10-29 08:09:52 -05:00
Pavel Goran a57bbf4e63 nixos/tomcat: add purifyOnStart option
With this option enabled, before creating file/directories/symlinks in baseDir
according to configuration, old occurences of them are removed.

This prevents remainders of an old configuration (libraries, webapps, you name
it) from persisting after activating a new configuration.
2018-10-29 18:26:22 +07:00
Jörg Thalheim eb70af18f4
Merge pull request #48875 from Izorkin/nginx-prestart
nginx: add custom options
2018-10-28 23:13:20 +00:00
Samuel Leathers 5b30cd77db
nixos/grafana_reporter: initial service 2018-10-27 05:15:03 -04:00
Bas van Dijk 0b381dd9ca
Merge pull request #49197 from LumiGuide/strongswan-swanctl-5.7.1
strongswan-swanctl: adapt options to strongswan-5.7.1
2018-10-27 09:34:53 +01:00
Silvan Mosberger 932e27c53f
Merge pull request #49152 from 1000101/master
nixos/trezord: revised and updated udev rules
2018-10-27 01:18:46 +02:00
Silvan Mosberger f374addc10
Merge pull request #48844 from c0bw3b/svc/ddclient
nixos/ddclient: make RuntimeDirectory and configFile private
2018-10-27 00:29:18 +02:00
Bas van Dijk ca655e8b14 strongswan-swanctl: adapt options to strongswan-5.7.1
The changes were found by executing the following in the strongswan
repo (https://github.com/strongswan/strongswan):

git diff 5.6.3..5.7.1 src/swanctl/swanctl.opt
2018-10-26 23:46:02 +02:00
Jan Tojnar 82218835c5
Merge pull request #43133 from worldofpeace/gsignond
gsignond: init at 1.0.7
2018-10-26 19:29:56 +02:00
Wout Mertens 69936b5655 phpfpm: allow configuring PHP package per-pool
props to @4levels
2018-10-26 16:11:07 +01:00
Ján Hrnko a88e0ef9aa nixos/trezord: revised and updated udev rules 2018-10-26 14:53:31 +02:00
Marwan Aljubeh 8ddefe857d nixos/nextcloud: fix a typo
The NextCloud `adminpass` option sets the admin password, not the database password.
2018-10-25 18:04:36 +02:00
Maximilian Bosch 5dc1748043
Merge pull request #48728 from qolii/eternal-terminal-module
nixos/eternal-terminal: init new module.
2018-10-25 14:51:22 +02:00
qolii c0d90b57d6 Address more review feedback. 2018-10-24 17:57:33 -07:00
Izorkin af8ae49395 nginx: add custom options 2018-10-23 21:04:07 +03:00
Rob Vermaas debbed29d1 datadog-agent: add option to enable trace agent 2018-10-23 12:30:06 +02:00
Renaud ab5380ec82
nixos/ddclient: make configFile private
/run/ddclient/ddclient.conf should be installed in mode 660 (readable and writeable only by ddclient.service user and group)
2018-10-23 00:43:41 +02:00
Renaud f76a9eb526
nixos/ddclient: make RuntimeDirectory private
ddclient will raise a warning if /run/ddclient/ is world-readable
2018-10-22 23:58:12 +02:00
Jörg Thalheim 9a7bca27cc
Merge pull request #48834 from dhess/dovenull-group-fix
dovecot: dovenull user should have its own group.
2018-10-22 22:46:17 +01:00
Drew Hess fa388534e4
dovecot: dovenull user should have its own group.
Quoting from https://wiki.dovecot.org/UserIds#dovenulluser:

"It should belong to its own private dovenull group where no one else
belongs to..."
2018-10-22 15:01:47 -04:00
Victor SENE 2a164f598c nixos/nextcloud: extend documentation for nginx configuration
Co-authored-by: Robin Gloster <mail@glob.in>
2018-10-22 19:50:37 +02:00
Markus Kowalewski e3a86019d6
nixos/munge: do not create unnecessary log dir
/var/log/munge is not used. All log messages go to syslog
2018-10-21 20:46:09 +02:00
Joachim F ca127588c1
Merge pull request #48625 from exarkun/48622.tor-disable-socksport
nixos/tor: better support non-anonymous services
2018-10-21 18:27:02 +00:00
Jörg Thalheim c4a7ebb46b
Merge pull request #47070 from Mic92/grafana-improvements
Grafana: secrets outside of the nix store + smtp
2018-10-21 14:21:09 +01:00
Renaud cb9237d16f
Merge pull request #47775 from florianjacob/munin-var-run-to-run
nixos/munin: move from /var/run to /run
2018-10-21 10:07:25 +02:00
Michael Raskin 3491dd06a1
Merge pull request #47224 from pvgoran/tomcat-virtualhost-aliases
nixos/tomcat: add aliases sub-option for virtual hosts
2018-10-21 07:54:52 +00:00
qolii ee0444576f Address review feedback. 2018-10-20 13:52:43 -07:00
qolii af1a285017 nixos/eternal-terminal: init new module. 2018-10-20 13:52:12 -07:00
Silvan Mosberger 1fa1bcbab0
nixos/znc: Fix confOptions.uriPrefix not being applied
This was overlooked on a rebase of mine on master, when I didn't realize
that in the time of me writing the znc changes this new option got
introduced.
2018-10-20 20:56:30 +02:00
Silvan Mosberger 039fc37f9c
nixos/znc: Fix confOptions.extraZncConf being applied to wrong section
This bug was introduced in https://github.com/NixOS/nixpkgs/pull/41467
2018-10-20 20:36:18 +02:00
Pierre Bourdon cf58856d90 nixos/prometheus: add webExternalUrl option
Similar to the prometheus.alertmanager.webExternalUrl option, but for
Prometheus itself.
2018-10-20 13:45:55 +02:00
Matthew Bauer 5b73b46aec
Merge pull request #48689 from Tmplt/fix-compton
nixos/compton: fix corrupt colours with Mesa 18 on AMD
2018-10-19 15:40:43 -05:00
Maximilian Bosch e8fb77a944
Merge pull request #46152 from Ma27/fix-setxkbmap-completion
zsh: patch `_setxkbmap` completion script
2018-10-19 14:33:04 +02:00
worldofpeace 4f4e20bc79 nixos/gsignond: init 2018-10-19 06:29:04 -04:00
Tmplt df41d53f9d nixos/compton: fix corrupt colours with Mesa 18 on AMD
On AMD hardware with Mesa 18, compton renders some colours incorrectly
when using the glx backend. This patch sets an environmental variable
for compton so colours are rendered correctly.

Topical bug: <https://bugs.freedesktop.org/show_bug.cgi?id=104597>
2018-10-19 01:10:11 +02:00
Daniel Rutz c98a7bf8f2 nixos/sshd: Use port type instead of int
This change leads to an additional check of the port number at build time, making invalid port values impossible.
2018-10-18 23:42:20 +02:00
Jörg Thalheim 5a1f0f9aa3
tinc: remove unnecessary networking.interfaces
This breaks with networking backends enabled and
also creates large delays on boot when some services depends
on the network target. It is also not really required
because tinc does create those interfaces itself.

fixes #27070
2018-10-18 21:37:56 +01:00
Jörg Thalheim 2ce94fafcd
Merge pull request #48571 from spacefrogg/openafs
Openafs security updates
2018-10-18 16:08:04 +01:00
Michael Raitza 290a7d2ee9 nixos/openafs: Add defaultText to avoid evaluating packages 2018-10-18 13:11:52 +02:00
Maximilian Bosch 13e4110650
Merge pull request #48131 from Ma27/weechat-multiuser-support
nixos/weechat: add setuid wrapper for `screen' to ensure true multiuser capabilities
2018-10-17 23:39:30 +02:00
markuskowa ab27adc2dd
Merge pull request #47154 from ck3d/fix-nixos-lirc-socket
nixos lircd: fix deletion of lircd socket
2018-10-17 21:52:48 +02:00
Jörg Thalheim f6ded23889
Merge pull request #48460 from Mic92/postfix-setuid
postfix: add setgid wrapper for postqueue/postdrop
2018-10-17 14:48:43 +01:00
Jean-Paul Calderone 4a71e2942c nixos/tor: better support non-anonymous services
Tor requires ``SOCKSPort 0`` when non-anonymous hidden services are
enabled.  If the configuration doesn't enable Tor client features,
generate a configuration file that explicitly includes this disabling
to allow such non-anonymous hidden services to be created (note that
doing so still requires additional configuration).  See #48622.
2018-10-17 08:56:59 -04:00
clefru 725fcdef3f Fix hostapd's place in systemd dependency tree. (#45464)
* nat/bind/dhcp.service:
  Remove. Those services have nothing to do with a link-level service.

* sys-subsystem-net-devices-${if}.device:
  Add as BindsTo dependency as this will make hostapd stop when the
  device is unplugged.

* network-link-${if}.service:
  Add hostapd as dependency for this service via requiredBy clause,
  so that the network link is only considered to be established
  only after hostapd has started.

* network.target:
  Remove this from wantedBy clause as this is already implied from
  dependencies stacked above hostapd. And if it's not implied than
  starting hostapd is not required for this particular network
  configuration.
2018-10-17 09:18:52 +02:00
Silvan Mosberger e443bbf6fd
Merge pull request #45470 from Infinisil/znc-config
nixos/znc: More flexible module, cleanups
2018-10-17 03:01:30 +02:00
Aaron Andersen 4ed7d822be redmine: add missing 'migrate' command prior to starting the application
required for plugins with a database component
see: http://www.redmine.org/projects/redmine/wiki/Plugins
2018-10-16 15:08:24 -04:00
Aneesh Agrawal a962d53806 salt: Restart on config changes 2018-10-15 19:59:25 -07:00
Aneesh Agrawal 37c9915340 nixos/salt-minion: Fix salt-call without -c 2018-10-15 19:59:09 -07:00