3
0
Fork 0
forked from mirrors/nixpkgs
Commit graph

13900 commits

Author SHA1 Message Date
zowoq b464d76126 nixos/cri-o: share registries with nixos/containers 2020-04-24 20:53:36 +10:00
adisbladis 5a3b818368
Merge pull request #85894 from zowoq/podman-crio
podman team: add cri-o packages/module
2020-04-24 11:34:07 +02:00
zowoq 0944d77fc0 nixos/containers: move libpod to nixos/podman 2020-04-24 15:34:05 +10:00
Aaron Andersen 218049c5c2 nixos/gitea: add settings option 2020-04-23 21:06:26 -04:00
zowoq 4484e7981e nixos/cri-o: update maintainers 2020-04-24 08:08:27 +10:00
Florian Klink 25605d2e3f
Merge pull request #85735 from nh2/journald-storage-limit-logs
journald service docs: Add helpful comments about the journal getting full
2020-04-23 13:35:12 +02:00
adisbladis 0dc3e485a1
Merge pull request #85822 from zowoq/cni-collision
nixos/{cri-o,podman}: remove cni-plugins from environment.systemPackages
2020-04-23 11:22:01 +02:00
Florian Klink 04e308a496
Merge pull request #85815 from arianvp/fix-85800
Fix networkd not restarting on unit changes
2020-04-23 10:36:57 +02:00
Arian van Putten f332109ebf nixos/datadog-agent: Fix restartTriggers
Fixes #85800

1d61efb7f1 accidentially changed the
restartTriggers of `datadog-agent.service` to point to the attribute
name (in this case, a location relative to `/etc`), instead of the
location of the config files in the nix store.

This caused datadog to not get restarted on activation of new
config, if the file name hasn't changed.

Fix this, by pointing this back to the location in the nix store.
2020-04-23 09:58:18 +02:00
Arian van Putten 14395cc687 nixos/networkd: Fix restartTriggers
1d61efb7f1 accidentially changed the
restartTriggers of systemd-networkd.service` to point to the attribute
name (in this case, a location relative to `/etc`), instead of the
location of the network-related unit files in the nix store.

This caused systemd-networkd to not get restarted on activation of new
networking config, if the file name hasn't changed.

Fix this, by pointing this back to the location in the nix store.
2020-04-23 09:53:44 +02:00
Frederik Rietdijk cff0669a48 Merge master into staging-next 2020-04-23 08:11:16 +02:00
John Axel Eriksson 41a95b1b7d
The systemd unit for k3s should differ between agents and servers 2020-04-23 07:55:23 +02:00
zowoq 4102db2127 nixos/podman: remove cni-plugins from environment.systemPackages 2020-04-23 10:29:17 +10:00
zowoq 54b59dd6c0 nixos/cri-o: remove cni-plugins from environment.systemPackages 2020-04-23 10:29:11 +10:00
Niklas Hambüchen 811411db6e journald service: Add helpful comments about the journal getting full 2020-04-23 02:24:50 +02:00
Piotr Bogdan 830733db24 nixos/manual: fix build 2020-04-22 16:56:44 +01:00
Frederik Rietdijk 8374a2a0ee Merge master into staging-next 2020-04-22 17:20:20 +02:00
Bas van Dijk 784aa2913a
Merge pull request #79840 from knl/update-oauth2_proxy-to-5.0.0
oauth2_proxy: 3.2.0 -> 5.1.0
2020-04-22 12:15:07 +02:00
Ingo Blechschmidt 2e2da182fe
nixos-containers: add docs about nested containers 2020-04-22 05:30:48 +02:00
Jan Tojnar b231ac2101
Merge pull request #85402 from jtojnar/httpd-php 2020-04-22 04:23:24 +02:00
Aaron Andersen d0de970279 nixos/httpd: some mod_php cleanup 2020-04-21 20:33:18 -04:00
Aaron Andersen ee030b121b nixos/httpd: set modern default values for mpm and http2 2020-04-21 20:33:18 -04:00
Aaron Andersen 20f37a4430 nixos/httpd: run as non root user 2020-04-21 20:33:18 -04:00
worldofpeace af2009a800
Merge pull request #85710 from worldofpeace/gnome-iso-wayland-default
installation-cd-graphical-gnome: don't run xorg default
2020-04-21 18:19:44 -04:00
davidak 6a7e0562de
Update link in /etc/os-release (#85723) 2020-04-22 00:16:22 +02:00
adisbladis 2d91da909e
Merge pull request #85604 from adisbladis/podman-module
nixos/virtualisation.podman: Init module
2020-04-21 23:48:48 +02:00
Raphael Borun Das Gupta 347e251261 nixos/xonsh: source NixOS environment
Without doing that, xonsh is unusable as login shell
2020-04-21 23:43:37 +02:00
Florian Klink c1a6e60335
Merge pull request #85598 from danderson/tailscale-fix-cachedir
nixos/tailscale: set a CacheDir in the systemd unit.
2020-04-21 22:38:32 +02:00
Florian Klink 6ba4ef6580
Merge pull request #85708 from Beskhue/fix-documentation
nixos/phpfpm: fix erroneous pools example
2020-04-21 22:16:15 +02:00
worldofpeace 1f12a07179 installation-cd-graphical-gnome: don't run xorg default
If for some reason the Wayland session fails to start
it will just start the Xorg session.
2020-04-21 15:26:25 -04:00
Florian Klink 91e3358f62
Merge pull request #85692 from nh2/systemd-update-default-rate-limit
journald service: Increase default rate limit 1000 -> 10000.
2020-04-21 21:06:48 +02:00
Thomas Churchman 8880957042 nixos/phpfpm: fix erroneous pools example 2020-04-21 20:59:52 +02:00
Frederik Rietdijk 23be4a8b4d Merge master into staging-next 2020-04-21 19:59:56 +02:00
worldofpeace 9b20a24d4d
Merge pull request #85643 from petabyteboy/feature/generate-config
nixos/tools: adapt for renamed console options
2020-04-21 12:50:55 -04:00
Niklas Hambüchen d16d34732c journald service: Increase default rate limit 1000 -> 10000.
Follows the upstream change of this default:

https://github.com/systemd/systemd/pull/8660
2020-04-21 18:29:03 +02:00
adisbladis 43f383c464
nixos.virtualisation.containers: Init common /etc/containers configuration module
What's happening now is that both cri-o and podman are creating
/etc/containers/policy.json.

By splitting out the creation of configuration files we can make the
podman module leaner & compose better with other container software.
2020-04-21 10:38:39 +01:00
adisbladis 650df709fb
nixos.virtualisation: Move containers.nix to nixos-containers.nix
In anticipation of the new containers module.
2020-04-21 10:36:56 +01:00
adisbladis f0a92ef1d9
nixos/podman: Add maintainer team & add myself to podman team 2020-04-21 10:03:22 +01:00
adisbladis b512a788a4
nixos/virtualisation.podman: Init module 2020-04-21 10:03:18 +01:00
Dominik Xaver Hörl 0412bde942 treewide: add bool type to enable options, or make use of mkEnableOption
Add missing type information to manually specified enable options or replace them by mkEnableOption where appropriate.
2020-04-21 08:55:36 +02:00
Frederik Rietdijk 803b3d296c Merge staging-next into staging 2020-04-21 08:29:51 +02:00
Milan Pässler d19089e1e7 nixos/tools: adapt for renamed console options 2020-04-21 02:07:53 +02:00
David Anderson cee5ddbb28 nixos/tailscale: set a CacheDir in the systemd unit.
Fixes a bug where tailscaled drops some files into / when CacheDir
is unset.

Signed-off-by: David Anderson <dave@natulte.net>
2020-04-20 15:35:55 -07:00
Marek Mahut 60100a7c92
Merge pull request #83769 from dadada/nixos/dokuwiki-multi-server
nixos/dokuwiki: add support for multi-site, additional plugins and templates
2020-04-20 19:39:48 +02:00
Eelco Dolstra f76d7b5e41
Merge pull request #85620 from matthewbauer/use-modulesPath-for-nixos-generate-config
nixos/nixos-generate-config.pl: use modulesPath instead of <nixpkgs>
2020-04-20 17:25:17 +02:00
Matthew Bauer c45295d47e nixos/nixos-generate-config.pl: use modulesPath instead of <nixpkgs>
For imports, it is better to use ‘modulesPath’ than rely on <nixpkgs>
being correctly set. Some users may not have <nixpkgs> set correctly.
In addition, when ‘pure-eval=true’, <nixpkgs> is unset.
2020-04-20 09:57:17 -05:00
Léo Gaspard 203955fa0c
Merge pull request #82714 from delroth/s3tc
libtxc_dxtn{,_s2tc}: remove from nixpkgs + hardware.opengl options
2020-04-20 13:41:47 +02:00
Jörg Thalheim 2f0ee4bd0b
Merge pull request #85371 from Mic92/tmpfiles 2020-04-20 10:32:58 +01:00
Kirill Elagin daac85d991 fixup! systemd: Add prefix to unit script derivations
* Avoid extra string interpolation.
2020-04-20 12:01:54 +03:00
Nikola Knezevic 3c551848be oauth2_proxy: Update NixOS module
Update to match the current flags and apply fixes to all breaking changes.
2020-04-20 10:11:46 +02:00
adisbladis ab37d7e7ea
nixos-containers: Add support for custom nixpkgs argument 2020-04-20 07:33:46 +01:00
Pierre Bourdon 1b89bffcf4
libtxc_dxtn{,_s2tc}: remove from nixpkgs + hardware.opengl options
Context: discussion in https://github.com/NixOS/nixpkgs/pull/82630

Mesa has been supporting S3TC natively without requiring these libraries
since the S3TC patent expired in December 2017.
2020-04-20 03:19:41 +02:00
Emily ef7e6eeaf4 nixos/acme: set maintainers to acme team 2020-04-20 01:39:31 +01:00
Florian Klink a88d17bc69
Merge pull request #83301 from evils/tuptime
Tuptime: Init Package, Module and Test
2020-04-19 23:38:53 +02:00
worldofpeace f882896cc8
Merge pull request #73934 from flokli/nixos-test-port-cockroachdb
nixosTests.cockroachdb: port to python
2020-04-19 16:30:45 -04:00
Yegor Timoshenko 6f1165a0cb
Merge pull request #84522 from emilazy/add-linux-hardened-patches
linux_*_hardened: use linux-hardened patch set
2020-04-19 20:01:35 +03:00
Michael Weiss 0e4417f118
Revert "nixos: Introduce nix.buildLocation option"
This reverts commit 5291925fd2.
Reason: This started to cause severe regressions, see:
- https://github.com/NixOS/nixpkgs/issues/85552
- https://github.com/NixOS/nixpkgs/pull/83166#pullrequestreview-395960588
Fixes #85552.
2020-04-19 15:16:08 +02:00
dadada 2d86cca35e
nixos/dokuwiki: change default of aclFile and usersFile
`aclFile` and `usersFile` will be set to a default value if `aclUse` is
specified and aclFile is not overriden by `acl`.
2020-04-18 23:37:19 +02:00
dadada 9460fb5788
nixos/dokuwiki: modify usersFile and aclFile
Use types.str instead of types.path to exclude private information from
the derivation.
Add a warinig about the contents of acl beeing included in the nix
store.
2020-04-18 23:37:19 +02:00
dadada 2b67a89f29
nixos/dokuwiki: dokuwiki user 2020-04-18 23:37:19 +02:00
dadada 2e699f1db1
nixos/dokuwiki: add option disableActions 2020-04-18 23:37:18 +02:00
dadada a58dc30d34
nixos/dokuwiki: set default value for usersFile
If usersFile is not set, a file is created along the stateDir that can
hold the users and supports dynamically adding users using the web GUI.
2020-04-18 23:37:18 +02:00
dadada 0228046eec
nixos/dokuwiki: add assertion for usersFile 2020-04-18 23:37:18 +02:00
dadada af6a7a0486
nixos/dokuwiki: add plugins and templates options
Adds support for additional plugins and templates similarly to how
wordpress.nix does it.

Plugins and templates need to be packaged as in the example.
2020-04-18 23:37:18 +02:00
dadada 71baf4801c
nixos/dokuwiki: refactor 2020-04-18 23:37:18 +02:00
dadada dc7ed06615
nixos/dokuwiki: add <name?> option
Enables multi-site configurations.

This break compatibility with prior configurations that expect options
for a single dokuwiki instance in `services.dokuwiki`.
2020-04-18 23:37:18 +02:00
John Ericson 1ea80c2cc3 Merge remote-tracking branch 'upstream/master' into staging 2020-04-18 15:40:49 -04:00
Jörg Thalheim 35eb7793a3
Merge pull request #83166 from avnik/nix-build-location 2020-04-18 18:37:15 +01:00
Alexander V. Nikolaev 5291925fd2 nixos: Introduce nix.buildLocation option
Allow to specify where package build will happens.
It helps big packages (like browsers) not to overflow tmpfs.
2020-04-18 20:31:04 +03:00
worldofpeace 996ae856b6
Merge pull request #85365 from immae/fix_acme_postrun
nixos/acme: Fix postRun in acme certificate being ran at every run
2020-04-18 13:16:16 -04:00
Alyssa Ross 1b0d8015fe nixos/rss2email: globally install rss2email
For man pages.
2020-04-18 14:16:00 +00:00
Pavol Rusnak fadcfc3ea4
treewide: per RFC45, remove more unquoted URLs 2020-04-18 14:04:37 +02:00
John Ericson e3d50e5cb0 Merge branch 'master' of github.com:NixOS/nixpkgs into staging 2020-04-18 00:10:08 -04:00
Milan Pässler 16a4332d60 nixos/deluge: support 2.x 2020-04-18 02:00:04 +02:00
John Ericson 33c2a76c5e Merge remote-tracking branch 'upstream/master' into staging 2020-04-17 18:40:51 -04:00
Ismaël Bouya 8e88b8dce2
nixos/acme: Fix postRun in acme certificate being ran at every run 2020-04-17 22:16:50 +02:00
Emily b0d5032ee4 nixos/hardened: add emily to maintainers 2020-04-17 16:13:39 +01:00
Emily ad9bfe2254 nixos/hardened: enable user namespaces for root
linux-hardened sets kernel.unprivileged_userns_clone=0 by default; see
anthraxx/linux-hardened@104f44058f.

This allows the Nix sandbox to function while reducing the attack
surface posed by user namespaces, which allow unprivileged code to
exercise lots of root-only code paths and have lead to privilege
escalation vulnerabilities in the past.

We can safely leave user namespaces on for privileged users, as root
already has root privileges, but if you're not running builds on your
machine and really want to minimize the kernel attack surface then you
can set security.allowUserNamespaces to false.

Note that Chrome's sandbox requires either unprivileged CLONE_NEWUSER or
setuid, and Firefox's silently reduces the security level if it isn't
allowed (see about:support), so desktop users may want to set:

    boot.kernel.sysctl."kernel.unprivileged_userns_clone" = true;
2020-04-17 16:13:39 +01:00
Emily 84f258bf09 nixos/hardened: don't set vm.unprivileged_userfaultfd
Upstreamed in anthraxx/linux-hardened@a712392b88.
2020-04-17 16:13:39 +01:00
Emily cc28d51237 nixos/hardened: don't set vm.mmap_min_addr
Upstreamed in anthraxx/linux-hardened@f1fe0a64dd.
2020-04-17 16:13:39 +01:00
Emily 46d12cca56 nixos/hardened: don't set vm.mmap_rnd{,_compat}_bits
Upstreamed in anthraxx/linux-hardened@ae6d85f437.
2020-04-17 16:13:39 +01:00
Emily af4f57b2c4 nixos/hardened: don't set net.core.bpf_jit_harden
Upstreamed in anthraxx/linux-hardened@82e384401d.
2020-04-17 16:13:39 +01:00
Emily 71bbd876b7 nixos/hardened: don't set kernel.unprivileged_bpf_disabled
Upstreamed in anthraxx/linux-hardened@1a3e0c2830.
2020-04-17 16:13:39 +01:00
Emily 9da578a78f nixos/hardened: don't set kernel.dmesg_restrict
Upstreamed in anthraxx/linux-hardened@e3d3f13ffb.
2020-04-17 16:13:39 +01:00
Emily cf1bce6a7a nixos/hardened: don't set vsyscall=none
Upstreamed in anthraxx/linux-hardened@d300b0fdad.
2020-04-17 16:13:39 +01:00
Emily 3b32cd2a5b nixos/hardened: don't set slab_nomerge
Upstreamed in anthraxx/linux-hardened@df29f9248c.
2020-04-17 16:13:39 +01:00
Euan Kemp bc138f407f
nixos/k3s: add initial k3s service
* nixos/k3s: simplify config expression

* nixos/k3s: add config assertions and trim unneeded bits

* nixos/k3s: add a test that k3s works; minor module improvements

This is a single-node test. Eventually we should also have a multi-node
test to verify the agent bit works, but that one's more involved.

* nixos/k3s: add option description

* nixos/k3s: add defaults for token/serveraddr

Now that the assertion enforces their presence, we dont' need to use the typesystem for it.

* nixos/k3s: remove unneeded sudo in test

* nixos/k3s: add to test list
2020-04-17 16:39:54 +02:00
Jan Tojnar 4816b426a0
nixos/httpd: remove unnecessary override
This was introduced in c801cd1a04
but it no longer seems necessary.
2020-04-17 14:41:21 +02:00
Jan Tojnar c214e63f2e
nixos/httpd: Use extensions from php package
After the recent rewrite, enabled extensions are passed to php programs
through an extra ini file by a wrapper. Since httpd uses shared module
instead of program, the wrapper did not affect it and no extensions
other than built-ins were loaded.

To fix this, we are passing the extension config another way – by adding it
to the service's generated config.

For now we are hardcoding the path to the ini file. It would be nice to add
the path to the passthru and use that once the PHP expression settles down.
2020-04-17 14:38:29 +02:00
adisbladis 5340ebe085
mopidy: Create a mopidyPackages set
This is to avoid mixing python versions in the same plugin closure.
2020-04-17 12:39:03 +01:00
Kirill Elagin a9e9d37fc8 systemd: Add prefix to unit script derivations
Add a distinctive `unit-script` prefix to systemd unit scripts to make
them easier to find in the store directory. Do not add this prefix to
actual script file name as it clutters logs.
2020-04-17 13:55:48 +03:00
Kirill Elagin f1a78e1b5e fixup! systemd: Simplify unit script names 2020-04-17 13:44:48 +03:00
Kirill Elagin 5822d03851 systemd: Simplify unit script names
Current journal output from services started by `script` rather than
`ExexStart` is unreadable because the name of the file (which journalctl
records and outputs) quite literally takes 1/3 of the screen (on smaller
screens).

Make it shorter. In particular:

* Drop the `unit-script` prefix as it is not very useful.
* Use `writeShellScriptBin` to write them because:
  * It has a `checkPhase` which is better than no checkPhase.
  * The script itself ends up having a short name.
2020-04-17 10:17:46 +03:00
Yegor Timoshenko 8262ecd369
Merge pull request #85004 from emilazy/add-initrd-secrets-path-assertion
nixos/stage-1: check secret paths before copying
2020-04-16 17:42:40 +03:00
worldofpeace b61999e4ad
Merge pull request #85332 from arianvp/revert-acme
Revert "nixos/acme: Fix allowKeysForGroup not applying immediately"
2020-04-16 08:43:36 -04:00
Jörg Thalheim 4cc7c2e55a
tmpfiles: load user-defined entries first
systemd-tmpfiles will load all files in lexicographic order and ignores rules
for the same path in later files with a warning Since we apply the default rules
provided by systemd, we should load user-defines rules first so users have a
chance to override defaults.
2020-04-16 13:02:24 +01:00
Maximilian Bosch 74d6e86ec2
nixos/doc: fix database-setup example for matrix-synapse
Closes #85327
2020-04-16 11:38:15 +02:00
Arian van Putten 5c1c642939 Revert "nixos/acme: Fix allowKeysForGroup not applying immediately"
This reverts commit 5532065d06.

As far as I can tell setting RemainAfterExit=true here completely breaks
certificate renewal, which is really bad!

the sytemd timer will activate the service unit every OnCalendar=,
however with RemainAfterExit=true the service is already active! So the
timer doesn't rerun the service!

The commit also broke the actual tests, (As it broke activation too)
but this was fixed later in https://github.com/NixOS/nixpkgs/pull/76052
I wrongly assumed that PR fixed renewal too, which it didn't!

testing renewals is hard, as we need to sleep in tests.
2020-04-16 10:37:04 +02:00
Jan Tojnar 4b706490da
Merge branch 'staging-next' into staging 2020-04-16 10:10:38 +02:00
Maximilian Bosch 2d55f9c01a
Merge pull request #84266 from Ma27/nspawn-overrides
nixos/systemd-nspawn: disallow multiple packages with `.nspawn`-units
2020-04-16 00:24:33 +02:00
Maximilian Bosch 70ecf83c33
Merge pull request #82339 from Ma27/captive-browser-xdg
nixos/captive-browser: set chromium's data-dir to a XDG-compliant location
2020-04-16 00:06:12 +02:00
Maximilian Bosch dca0b71876
Merge pull request #85162 from Ma27/build-vms-file-loc
nixos/build-vms: propagate file location
2020-04-15 17:42:12 +02:00
jakobrs 34f242c13d nixos/installer: Add terminus_font to installation_iso_base 2020-04-15 14:21:42 +02:00
Michele Guerini Rocco da232ea497
Merge pull request #78129 from flyfloh/airsonic-vhost
airsonic: fix virtualHost option
2020-04-15 09:18:28 +02:00
Matthew Bauer 57e20c5d87
Merge pull request #83362 from bachp/boinc
nixos/boinc: simplify setup of boinc service
2020-04-14 15:55:54 -04:00
Maximilian Bosch 57087ea280
Merge pull request #85165 from mayflower/alertmanager-clustering
prometheus/alertmanager: implement HA clustering support
2020-04-14 16:13:34 +02:00
worldofpeace 6304c9af48
Merge pull request #85222 from mayflower/libinput-manual-ref
nixos/libinput: refer to libinput manual
2020-04-14 09:42:55 -04:00
worldofpeace e4c5e68fca
Merge pull request #84255 from prikhi/lightdm-mini-greeter-040
lightdm-mini-greeter: 0.3.4 -> 0.4.0
2020-04-14 08:38:23 -04:00
Linus Heckemann 9953a26be1 nixos/libinput: refer to libinput manual 2020-04-14 14:31:49 +02:00
Sander van der Burg 0ffb720e8c nixos/dysnomia: fix documentRoot property 2020-04-14 14:31:13 +02:00
Michele Guerini Rocco 86d71ddbed
Merge pull request #85170 from flokli/networking-virtual
nixos/networking: fix setting MAC Address and MTU in networkd, fix tests
2020-04-14 14:20:49 +02:00
Jörg Thalheim fd438d5f09
Merge pull request #85185 from m1cr0man/legoaccounts
acme: share accounts between certificates
2020-04-14 13:12:57 +01:00
Jaka Hudoklin de6891ffd0
Merge pull request #83930 from xtruder/nixos/virtualisation/hyperv-image
modules/virtualisation: add hyperv-image
2020-04-14 03:27:22 +00:00
John Ericson c8a6ea5161 Merge remote-tracking branch 'upstream/master' into staging 2020-04-13 22:17:15 -04:00
Lucas Savva 827d5e6b44
acme: share accounts between certificates
There are strict rate limits on account creation for Let's Encrypt
certificates. It is important to reuse credentails when possible.
2020-04-14 00:15:16 +01:00
Matthew Bauer e520d6af29
Merge pull request #84415 from matthewbauer/mb-cross-fixes-april2020
Cross compilation fixes [april 2020]
2020-04-13 16:48:38 -04:00
Florian Klink 532528190b nixos/networking: move network-link-${i.name} to scripted networking
The unit sets MTU and MAC Address even with networkd enabled, which
isn't necessary anymore, as networkd handles this by itself.
2020-04-13 22:03:35 +02:00
Florian Klink ca391c8a4f nixos/networking: add assertion catching setting mac addresses on tun devices
Setting a MAC Address on a tun interface isn't supported, and invoking
the corresponding command fails.
2020-04-13 22:03:35 +02:00
Florian Klink cddc7a28b8 nixos/networking: fix setting .macAddress and .mtu with networkd
This needs to be set in the .linkConfig of a .network
2020-04-13 22:03:35 +02:00
Robin Gloster e484ca3d9b
alertmanager: implement HA clustering support 2020-04-13 18:39:51 +02:00
Jörg Thalheim 4c3f1d321a
Merge pull request #76723 from jokogr/u/traefik-2.1.1
Traefik: 1.7.14 -> 2.2.0
2020-04-13 17:16:54 +01:00
Maximilian Bosch ec6bac99cc
nixos/build-vms: propagate file location
When trying to build a VM using `nixos-build-vms` with a configuration
that doesn't evaluate, an error "at `<unknown-file>`" is usually shown.

This happens since the `build-vms.nix` creates a VM-network of
NixOS-configurations that are attr-sets or functions and don't contain
any file information. This patch manually adds the `_file`-attribute to
tell the module-system which file contained broken configuration:

```
$ cat vm.nix
{ vm.invalid-option = 1; }

$ nixos-build-vms vm.nix
error: The option `invalid-option' defined in `/home/ma27/Projects/nixpkgs/vm.nix@node-vm' does not exist.
(use '--show-trace' to show detailed location information)
```
2020-04-13 17:50:13 +02:00
Mario Rodas 66e43c6588
Merge pull request #84599 from doronbehar/nodejs-python3
nodejs: use python3 if possible
2020-04-13 07:44:05 -05:00
Maximilian Bosch 1bf1ae3966
Merge pull request #85092 from mayflower/prometheus-local-config-gen
prometheus: use runCommandNoCCLocal for config gen
2020-04-13 11:03:16 +02:00
Ioannis Koutras 1f61fbf326 nixos/traefik: make config deep mergeable 2020-04-12 22:50:36 +02:00
Ioannis Koutras bc766b003a nixos/traefik: Adapt to traefik v2
This commit:

1. Updates the path of the traefik package, so that the out output is
   used.
2. Adapts the configuration settings and options to Traefik v2.
3. Formats the NixOS traefik service using nixfmt.
2020-04-12 22:50:36 +02:00
Robin Gloster 0e040d16e8
prometheus: use runCommandNoCCLocal for config gen 2020-04-12 20:13:23 +02:00
Graham Christensen 56c8b7eeda
Merge pull request #84946 from bqv/nftables
nixos/nftables: fix typo in ruleset example
2020-04-12 09:38:55 -04:00
Graham Christensen 35d8514a91
Merge pull request #81848 from grahamc/nested-specialisation
specialisation: replace nesting with named configurations
2020-04-12 08:56:11 -04:00
Graham Christensen ec2d28e323
specialisation: replace nesting with named configurations
Co-authored-by: worldofpeace <worldofpeace@protonmail.ch>
2020-04-12 08:12:50 -04:00
Emily 91c6809946 nixos/stage-1: check secret paths before copying
Fixes #84976.
2020-04-11 16:42:47 +01:00
Emily 8a37c3dd1a nixos/initrd-ssh: fix typo in docs 2020-04-11 16:19:48 +01:00
Frederik Rietdijk f8c6921e97
hydra: wrap executables with hydra env vars
We already set the relevant env vars in the systemd services. That does
not help one when executing any of the executables outside a service,
e.g. when creating a new user.
2020-04-11 14:36:42 +02:00
Maximilian Bosch c9504b0b68
Merge pull request #84940 from symphorien/rouncube-spell
roundcube: use pspell for spellchecking
2020-04-11 14:33:43 +02:00
worldofpeace 15d5a2adc1
Merge pull request #84849 from samueldr/fix/nextcloud-upgrade-wording
nextcloud: Review installation upgrade warning wording
2020-04-10 22:55:20 -04:00
Tony Olagbaiye c1c9905aae nixos/nftables: fix typo in ruleset example 2020-04-10 23:48:52 +01:00
Eelco Dolstra aa084e2a24
nix: Fix fallback paths 2020-04-10 21:13:15 +02:00
Michael Reilly 84cf00f980
treewide: Per RFC45, remove all unquoted URLs 2020-04-10 17:54:53 +01:00
edef 6fbacea8e5
Merge pull request #84602 from alyssais/ssh
nixos/ssh: don't accept ssh-dss keys
2020-04-10 16:05:36 +00:00
Eelco Dolstra cea352d276
nix: 2.3.3 -> 2.3.4 2020-04-10 17:23:28 +02:00
Symphorien Gibol 9e417bc9e3 roundcube: use pspell for spellchecking
By default, upstream enables a third party service in the cloud:
https://github.com/roundcube/roundcubemail/blob/1.4.3/config/defaults.inc.php#L790-L798
2020-04-10 12:00:00 +00:00
worldofpeace df8c30fa25 iso-image: make $ARCH shorter
we use stdenv.hostPlatform.uname.processor, which I believe is just like
`uname -p`.

Example values:
```
(import <nixpkgs> { system = "x86_64-linux"; }).stdenv.hostPlatform.uname.processor
"x86_64"

(import <nixpkgs> { system = "aarch64-linux"; }).stdenv.hostPlatform.uname.processor
aarch64

(import <nixpkgs> { system = "armv7l-linux"; }).stdenv.hostPlatform.uname.processor
"armv7l"
```
2020-04-09 20:10:01 -04:00
worldofpeace a775961c8f Revert "Revert "iso-image: normalize volumeID""
This reverts commit 21b50e6f68.
2020-04-09 20:06:32 -04:00
worldofpeace 21b50e6f68
Revert "iso-image: normalize volumeID" 2020-04-09 19:43:59 -04:00
worldofpeace 8583d99e42
Merge pull request #83551 from worldofpeace/iso-id
iso-image: normalize volumeID
2020-04-09 19:31:52 -04:00
Samuel Dionne-Riel a1efbdb600 nextcloud: Review installation upgrade warning wording
The new wording does not assume the user is upgrading.

This is because a user could be setting up a new installation on 20.03
on a server that has a 19.09 or before stateVersion!!

The new wording ensures that confusion is reduced by stating that they
do not have to care about the assumed 16→17 transition.

Then, the wording explains that they should, and how to upgrade to
version 18.

It also reviews the confusing wording about "multiple" upgrades.

* * *

The only thing we cannot really do is stop a fresh install of 17 if
there was no previous install, as it cannot be detected. That makes a
useless upgrade forced for new users with old state versions.

It is also important to state that they must set their package to
Nextcloud 18, as future upgrades to Nextcloud will not allow an uprade
from 17!

I assume future warning messages will exist specifically stating what to
do to go from 18 to 19, then 19 to 20, etc...
2020-04-09 16:52:25 -04:00
Jörg Thalheim d7ff6ab94a
acme: create certificates in subdirectory
This allows to have multiple certificates with the same common name.
Lego uses in its internal directory the common name to name the certificate.

fixes #84409
2020-04-09 08:26:07 +01:00
Maximilian Bosch 2577ec2932
Merge pull request #84570 from Mic92/max-jobs
nixos: default nix.maxJobs to auto
2020-04-09 00:36:14 +02:00
Nejc Zupan 479c521af9
Automatically restart netdata on failures
I've had Netdata crash on me sometimes. Rarely but more than once. And I lost days of data before I noticed.

Let's be nice and restart it on failures by default.
2020-04-08 20:58:06 +01:00
Maximilian Bosch e8a4b9fe9b
Merge pull request #84501 from Ma27/bump-hydra
hydra: 2020-03-24 -> 2020-04-07
2020-04-08 20:08:29 +02:00
Jan Tojnar 521ddb1397
Merge pull request #83400 from jtojnar/malcontent-0.7
malcontent: 0.6.0 → 0.7.0
2020-04-08 17:38:17 +02:00
Jörg Thalheim 0b5d6d9e39
Merge pull request #84556 from Mic92/runtime-shell
treewide: use runtimeShell in nixos/
2020-04-08 16:34:55 +01:00
worldofpeace 309fed2b2f
nixos/malcontent: enable accounts-daemon, tweak description 2020-04-08 17:08:16 +02:00
Jan Tojnar f3d1333f0d
malcontent-ui: split from malcontent
The 0.7.0 update allows us to split the package.
2020-04-08 17:08:15 +02:00
B YI 07bc7b971d
nixos/initrd-ssh: fix typo (#84719) 2020-04-08 17:04:29 +02:00
worldofpeace 94eb65a287 nixos/gnome-remote-desktop: enable pipewire
We need the pipewire service to actually use this.
Tested with g-c-c Sharing.
2020-04-08 10:18:23 +02:00
Alyssa Ross 387b9bf352
nixos/ssh: don't accept ssh-dss keys
These have been deprecated long enough.  I think this default was even
made non-functional by 2337c7522a.  But
it's still a scary thing to see there.

Fixes https://github.com/NixOS/nixpkgs/issues/33381.
2020-04-07 13:35:51 +00:00
Doron Behar 16243290e2 nixos/npm: enable using a specific nodejs package 2020-04-07 15:34:06 +03:00
Maximilian Bosch 0f5c38feed
hydra: 2020-03-24 -> 2020-04-07
Also removed `pkgs.hydra-flakes` since flake-support has been merged
into master[1]. Because of that, `pkgs.hydra-unstable` is now compiled
against `pkgs.nixFlakes` and currently requires a patch since Hydra's
master doesn't compile[2] atm.

[1] https://github.com/NixOS/hydra/pull/730
[2] https://github.com/NixOS/hydra/pull/732
2020-04-07 14:11:12 +02:00
Jörg Thalheim e6a15db534
nixos: default nix.maxJobs to auto
Instead of making the configuration less portable by hard coding the number of
jobs equal to the cores we can also let nix set the same number at runtime.
2020-04-07 08:45:56 +01:00
Jörg Thalheim cf3328e7e3
treewide: use runtimeShell in nixos/
This is needed for cross-compilation.
2020-04-07 07:26:47 +01:00
Matthew Bauer 7cc40e15e4 treewide/nixos: use stdenv.cc.libc instead of glibc when available
This prevents duplication in cross-compiled nixos machines. The
bootstrapped glibc differs from the natively compiled one, so we get
two glibc’s in the closure. To reduce closure size, just use
stdenv.cc.libc where available.
2020-04-06 16:36:27 -04:00
Matthew Bauer 8a5059e1cc fontconfig: only generate cache on native compilation
We can’t cross-compile the cache, so just skip it for now.
2020-04-06 16:36:22 -04:00
Matthew Bauer 6c5983a291 gdk-pixbuf: make target env hook
Unfortunately, we need to emulate the system to get a real cache.
Native version doesn’t know the right paths.
2020-04-06 16:36:22 -04:00
worldofpeace 50fe769887 nixos/pantheon: use new notifications
We have this bug https://github.com/elementary/gala/issues/636
when using notifications in gala. It's likely to not really be fixed
because all development is on the new notifications server.
2020-04-06 02:48:07 -04:00
worldofpeace 92e9009172
Merge pull request #84215 from worldofpeace/pantheon-update-04-03
Pantheon update 2020-04-03
2020-04-05 22:23:32 -04:00
José Romildo Malaquias 9908785fa7
Merge pull request #84230 from romildo/upd.gnome-icon-theme
gnome2.gnome_icon_theme: 2.91.93 -> 3.12.0
2020-04-05 22:42:58 -03:00
José Romildo Malaquias 737586bf4f gnome2.gnome-icon-theme: move to pkgs/data/icons 2020-04-05 22:14:23 -03:00
worldofpeace 6949162361 pantheon.xml: drop slow shutdown workaround
Them removing cerbere and registering with the SessionManager
should make shutdown very fast. This was even done in plank [0]
which was the last factor outside cerbere causing this.

[0]]: a8d2f255b2
2020-04-05 20:39:12 -04:00
worldofpeace 4fa0ae2f1f pantheon.elementary-dock: init at 2020-02-28
It seems Pantheon has forked Plank.
2020-04-05 20:39:11 -04:00
worldofpeace 120a2f3033 pantheon.cerbere: remove 2020-04-05 20:39:11 -04:00
Elis Hirwing 3b6539896b
Merge pull request #83896 from etu/slim-down-default-php-v3
PHP: Make the default package more sane [v3]
2020-04-05 20:00:03 +02:00
Florian Klink a8989b353a Revert "nixos/hardened: build sandbox incompatible with namespaces"
As discussed in https://github.com/NixOS/nixpkgs/pull/73763, prevailing
consensus is to revert that commit. People use the hardened profile on
machines and run nix builds, and there's no good reason to use
unsandboxed builds at all unless you're in a platform that doesn't
support them.

This reverts commit 00ac71ab19.
2020-04-05 17:38:15 +02:00
talyz 5ace72cd6c
nixos/nextcloud: Use php.enabledExtensions 2020-04-05 16:46:44 +02:00
talyz 4ff523f691
php: Simplify php-packages import, rename exts -> extensions 2020-04-05 16:45:41 +02:00
Elis Hirwing a2099156ec
php: split php.packages to php.packages and php.extensions
So now we have only packages for human interaction in php.packages and
only extensions in php.extensions. With this php.packages.exts have
been merged into the same attribute set as all the other extensions to
make it flat and nice.

The nextcloud module have been updated to reflect this change as well
as the documentation.
2020-04-05 16:45:17 +02:00
Elis Hirwing fc1034a1fa
nixos/nextcloud: upgrade to php74 2020-04-05 16:44:48 +02:00
talyz ed20aae86c
nixos/nextcloud: Get nextcloud working 2020-04-05 16:44:42 +02:00
Jan Tojnar f74f2f3548
nixos/gdm: fix startup
In 7f838b4dde, we dropped systemd-udev-settle.service from display-manager.service's wants.
Unfortunately, we are doing something wrong since without it both Xorg and Wayland fail to start:

	Failed to open gpu '/dev/dri/card0': GDBus.Error:org.freedesktop.DBus.Error.AccessDenied: Operation not permitted

Until we sort this out, let's add systemd-udev-settle.service to GDM to unblock the channels.
2020-04-05 16:40:30 +02:00
Florian Klink 502073b09a nixos/rxe: fix option description
This caused an opening xml tag in our docbook pipeline and failed the
manual build.
2020-04-05 15:30:08 +02:00
Frederik Rietdijk e50c67ad7e
Merge pull request #83618 from NixOS/staging-next
Staging next
2020-04-05 13:13:21 +02:00
Frederik Rietdijk 518d5be4f5 ssh validationPackage is a single value, not a list 2020-04-05 13:04:25 +02:00
Frederik Rietdijk 866c5aa090 Merge master into staging-next 2020-04-05 08:33:39 +02:00
gnidorah a6580c3164 nixos/qt5: support adwaita-dark theme 2020-04-05 08:38:08 +03:00
Tor Hedin Brønner c9d988b0e1 nixos/ibus: fix evaluation
Need to reference through `config` when checking what other modules have set.
2020-04-05 02:23:38 +02:00
Maximilian Bosch a9e3ec1d6e
nixos/systemd-nspawn: disallow multiple packages with .nspawn-units
In contrast to `.service`-units, it's not possible to declare an
`overrides.conf`, however this is done by `generateUnits` for `.nspawn`
units as well. This change breaks the build if you have two derivations
configuring one nspawn unit.

This will happen in a case like this:

``` nix
{ pkgs, ... }: {
  systemd.packages = [
    (pkgs.writeTextDir "etc/systemd/nspawn/container0.nspawn" ''
      [Files]
      Bind=/tmp
    '')
  ];
  systemd.nspawn.container0 = {
    /* ... */
  };
}
```
2020-04-04 21:11:21 +02:00
Pavan Rikhi 84b8775a67
lightdm-mini-greeter: 0.3.4 -> 0.4.0 2020-04-04 09:40:49 -04:00
Martin Milata 2acddcb28f nixos/matrix-synapse: remove web_client option
Removed in matrix-synapse-0.34.
2020-04-04 14:05:08 +02:00
José Romildo Malaquias 4d9a57bd76 treewide: rename gnome2.gnome_icon_theme package to use dashes 2020-04-03 23:24:53 -03:00
Frederik Rietdijk 92124ed660 Merge master into staging-next 2020-04-03 21:54:40 +02:00
Joachim F 18b89e7abd
Merge pull request #73763 from kmcopper/hardening-profile
Improvements to the NixOS Hardened Profile
2020-04-03 18:48:12 +00:00
Evils b29d48acfb nixos/tuptime: init module 2020-04-03 17:29:56 +02:00
Silvan Mosberger eb0148e90b
Merge pull request #84074 from Infinisil/fix-literal-option-examples
nixos/treewide: Fix incorrectly rendered examples
2020-04-03 15:41:53 +02:00
Bastian Köcher 644d643d68 nixos/wg-quick: Fix after wireguard got upstreamed 2020-04-03 12:39:35 +02:00
Florian Klink f25a301a0a nixos/chrony: move to StateDirectory and tmpfiles.d 2020-04-03 00:34:18 +02:00
Florian Klink 4009ef44e9 cockroachdb: remove stray trailing whitespace 2020-04-03 00:34:18 +02:00
Silvan Mosberger c06bcddaad
Merge pull request #83258 from mmilata/sympa-6.2.54
nixos/sympa: fix outgoing emails, update package version
2020-04-03 00:24:57 +02:00
Eelco Dolstra 74e7ef35fe nix-daemon.nix: Add option nix.registry
This allows you to specify the system-wide flake registry. One use is
to pin 'nixpkgs' to the Nixpkgs version used to build the system:

  nix.registry.nixpkgs.flake = nixpkgs;

where 'nixpkgs' is a flake input. This ensures that commands like

  $ nix run nixpkgs#hello

pull in a minimum of additional store paths.

You can also use this to redirect flakes, e.g.

  nix.registry.nixpkgs.to = {
    type = "github";
    owner = "my-org";
    repo = "my-nixpkgs";
  };
2020-04-02 19:38:00 +02:00
Silvan Mosberger 49859351ea
Merge pull request #84103 from mmilata/moinmoin-b42
nixos/moinmoin: fix maintainer reference
2020-04-02 17:02:59 +02:00
Jörg Thalheim 5fb2a9d8c7
Merge pull request #79828 from Mic92/zed
nixos/zfs: populate PATH with needed programs for zed
2020-04-02 13:42:01 +01:00