3
0
Fork 0
forked from mirrors/nixpkgs
Commit graph

4285 commits

Author SHA1 Message Date
Vladimír Čunát 3e387c3e00 Merge branch 'staging'
Darwin isn't in a perfect state, in particular its bootstrap tools won't
build which will block nixpkgs channel. But on the whole it seems
acceptable.
2016-05-13 10:14:53 +02:00
Franz Pletz df8958435e grafana: 2.6.0 -> 3.0.1 (#15395)
* grafana: 2.6.0 -> 3.0.1

* grafana module: Fix anonymous auth & add analytics config
2016-05-13 02:28:24 +02:00
Данило Глинський (Danylo Hlynskyi) bc2fe9f2cd typo in authorizedKeysFiles 2016-05-12 18:01:17 +03:00
Joachim Fasting 639dcffa0b Merge pull request #15403 from Shados/maintain-teamspeak-server
teamspeak-server package & module maintenance
2016-05-12 13:01:38 +02:00
Alexei Robyn 11b0972544 teamspeak-server module: Create data directory by
leveraging users.users.<user>.createHome instead of a preStart script.
preStart script is still required to ensure proper creation of logging
directory.
2016-05-12 20:49:17 +10:00
Domen Kožar 25e3c091a0 Revert "nixos/nat: Allow nat without an externalInterface"
This reverts commit 431a98b12b.

Breaks nixos tests: http://hydra.nixos.org/build/35538207
2016-05-12 11:04:06 +01:00
Joachim Fasting 1aff127b56 Merge pull request #10988 from Shados/improve-rsnapshot-service
rsnapshot service: Avoid package rebuild, create+use /etc/rsnapshot.conf
2016-05-12 05:24:01 +02:00
Vladimír Čunát 6c2fbfbd77 Merge branch 'master' into staging 2016-05-12 04:53:38 +02:00
Franz Pletz 431a98b12b nixos/nat: Allow nat without an externalInterface 2016-05-12 01:52:13 +02:00
Alexei Robyn 1e2ec5817c rsnapshot module: Enable manual rsnapshot usage with module config. 2016-05-12 09:27:59 +10:00
Alexei Robyn c90d5eb298 rsnapshot module: Avoid package rebuild, pass config file explicitly. 2016-05-12 09:27:52 +10:00
Nikolay Amiantov 700e2952be Merge pull request #15012 from abbradar/unixodbc
UnixODBC updates
2016-05-11 17:42:33 +03:00
Joachim Fasting a0e8d542c7 Merge pull request #15377 from womfoo/sniproxy
sniproxy: init at 0.4.0 with dependency udns: init at 0.4
2016-05-11 15:14:33 +02:00
Shea Levy 67d430096f Add kerberos mappings for MIT exchange server 2016-05-11 09:09:24 -04:00
Alexei Robyn ce7a544b92 nixos: ensure TERMINFO is set before user shells are run 2016-05-11 22:16:38 +10:00
Domen Kožar ccbcf1b6c2 nixos: require pkgs.which
This properly implements revert in
0729f60697.

We used to have which='type -P' alias, but really it's best to just
rely on which package, only 88K in size.

cc @edolstra
2016-05-11 10:37:46 +01:00
Kranium Gikos Mendoza 356f1bdac8 sniproxy service: init 2016-05-11 13:27:28 +08:00
Herwig Hochleitner 2d280840f8 gnome-keyring: add gcr dependency to service
gcr is used to provide the popup dialog, this fixes gnome-keyring for
non-gnome sessions
2016-05-10 19:53:33 +02:00
Joachim Fasting d4d7bfe07b
grsecurity: add option to disable chroot caps restriction
The chroot caps restriction disallows chroot'ed processes from running
any command that requires `CAP_SYS_ADMIN`, breaking `nixos-rebuild`. See
e.g., https://github.com/NixOS/nixpkgs/issues/15293

This significantly weakens chroot protections, but to break
nixos-rebuild out of the box is too severe.
2016-05-10 16:17:08 +02:00
Joachim Fasting e38e3dcdb6
dnscrypt-proxy service: allow user to specify their own resolver list 2016-05-10 07:08:37 +02:00
Joachim Fasting bd448b7139
dnscrypt-proxy service: use up-to-date dnscrypt-resolvers list
The list of public proxies is updated now and again and it's probably a
good idea to always work from the most recent list, rather than the one
that is shipped with the release.  This can be crucial in case of
resolvers that are revealed to have gone rogue or otherwise have been
compromised.
2016-05-10 07:07:58 +02:00
rnhmjoj e8fff51947
unclutter: prevent service restarting too soon 2016-05-09 23:28:30 +02:00
Vladimír Čunát 65a9fa8cdc Merge branch 'master' into staging 2016-05-08 21:24:48 +02:00
Joachim Fasting 87a28c9385
transmission service: fix libcap lib output reference
After 7382afac40
2016-05-07 21:48:54 +02:00
Joachim Fasting c5d1bff2b6
apparmor-suid module: fix libcap lib output reference
After 7382afac40
2016-05-07 21:48:29 +02:00
Joachim Fasting 1d2fcde841
dnscrypt-proxy service: fix libcap output reference
After 7382afac40 shared objects are in
`libcap.lib`
2016-05-07 20:18:27 +02:00
Joachim Fasting 5b90702cd6 Merge pull request #15243 from sindikat/patch-1
update docs for services.dictd.* config options
2016-05-07 16:44:41 +02:00
Nikolay Amiantov 17e4803de7 initrd-ssh service: fix build 2016-05-07 15:38:46 +03:00
Nikolay Amiantov f7c02f8670 ejabberd service: add image thumbnailing support 2016-05-07 14:31:16 +03:00
Nikolay Amiantov c99b050af0 Merge commit 'refs/pull/14568/head' of git://github.com/NixOS/nixpkgs into staging 2016-05-07 03:44:06 +03:00
aszlig 67223ee205
nixos/stage-1: Don't kill kernel threads
Unfortunately, pkill doesn't distinguish between kernel and user space
processes, so we need to make sure we don't accidentally kill kernel
threads.

Normally, a kernel thread ignores all signals, but there are a few that
do. A quick grep on the kernel source tree (as of kernel 4.6.0) shows
the following source files which use allow_signal():

  drivers/isdn/mISDN/l1oip_core.c
  drivers/md/md.c
  drivers/misc/mic/cosm/cosm_scif_server.c
  drivers/misc/mic/cosm_client/cosm_scif_client.c
  drivers/net/wireless/broadcom/brcm80211/brcmfmac/sdio.c
  drivers/staging/rtl8188eu/core/rtw_cmd.c
  drivers/staging/rtl8712/rtl8712_cmd.c
  drivers/target/iscsi/iscsi_target.c
  drivers/target/iscsi/iscsi_target_login.c
  drivers/target/iscsi/iscsi_target_nego.c
  drivers/usb/atm/usbatm.c
  drivers/usb/gadget/function/f_mass_storage.c
  fs/jffs2/background.c
  fs/lockd/clntlock.c
  fs/lockd/svc.c
  fs/nfs/nfs4state.c
  fs/nfsd/nfssvc.c

While not all of these are necessarily kthreads and some functionality
may still be unimpeded, it's still quite harmful and can cause
unexpected side-effects, especially because some of these kthreads are
storage-related (which we obviously don't want to kill during bootup).

During discussion at #15226, @dezgeg suggested the following
implementation:

for pid in $(pgrep -v -f '@'); do
    if [ "$(cat /proc/$pid/cmdline)" != "" ]; then
        kill -9 "$pid"
    fi
done

This has a few downsides:

 * User space processes which use an empty string in their command line
   won't be killed.
 * It results in errors during bootup because some shell-related
   processes are already terminated (maybe it's pgrep itself, haven't
   checked).
 * The @ is searched within the full command line, not just at the
   beginning of the string. Of course, we already had this until now, so
   it's not a problem of his implementation.

I posted an alternative implementation which doesn't suffer from the
first point, but even that one wasn't sufficient:

for pid in $(pgrep -v -f '^@'); do
    readlink "/proc/$pid/exe" &> /dev/null || continue
    echo "$pid"
done | xargs kill -9

This one spawns a subshell, which would be included in the processes to
kill and actually kills itself during the process.

So what we have now is even checking whether the shell process itself is
in the list to kill and avoids killing it just to be sure.

Also, we don't spawn a subshell anymore and use /proc/$pid/exe to
distinguish between user space and kernel processes like in the comments
of the following StackOverflow answer:

http://stackoverflow.com/a/12231039

We don't need to take care of terminating processes, because what we
actually want IS to terminate the processes.

The only point where this (and any previous) approach falls short if we
have processes that act like fork bombs, because they might spawn
additional processes between the pgrep and the killing. We can only
address this with process/control groups and this still won't save us
because the root user can escape from that as well.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Fixes: #15226
2016-05-06 16:24:42 +02:00
Lluís Batlle i Rossell 9f6afb7d78 Fixing nfsd service, wait on local-fs.
Otherwise, mountd was started exporting directories before local-fs was ready,
and it failed to start nfsd on missing fs.
2016-05-06 15:03:30 +02:00
Peter Simons d270604117 nixos: remove redundant services.dovecot2.package option
Instead of using this option, please modify the dovecot package by means of an
override. For example:

  nixpkgs.config.packageOverrides = super: {
    dovecot = super.dovecot.override { withPgSQL = true; };
  };

Closes https://github.com/NixOS/nixpkgs/issues/14097.
2016-05-06 10:10:06 +02:00
zimbatm 3ade1e7d3e Merge branch 'pr/14911' 2016-05-05 21:28:27 +01:00
Joaquim Pedro França Simão 133dc10e5a open-vm-tools: fixes host VMware errors 2016-05-05 21:27:54 +01:00
Mirzhan Irkegulov 0d28a8a501 update docs for services.dictd.* config options
added types for both options and an example for services.dictd.DBs
2016-05-05 20:11:16 +01:00
Eric Litak 3531c42e5d
factorio: module fixes 2016-05-05 20:11:52 +02:00
Joachim Fasting 23fd70b719 Merge pull request #15018 from ericsagnes/pkg-fix/php
php: add default php.ini
2016-05-05 19:16:04 +02:00
Joachim Fasting 5f09248ae8 Merge pull request #15228 from rnhmjoj/master
unclutter: switch to user service and add options
2016-05-05 18:37:27 +02:00
Vladimír Čunát 1dc36904d8 Merge #14920: windows improvements, mainly mingw 2016-05-05 08:30:19 +02:00
rnhmjoj e34814e317
unclutter: switch to user service and add options 2016-05-04 21:15:49 +02:00
Joachim Fasting 0a61ab5845 Merge pull request #15200 from Pleune/fix/bspwm-java-noreparenting
bspwm: add _JAVA_AWT_WM_NONREPARENTING=1
2016-05-04 06:18:38 +02:00
Joachim Fasting da767356f2
grsecurity: support disabling TCP simultaneous connect
Defaults to OFF because disabling TCP simultaneous connect breaks some
legitimate use cases, notably WebRTC [1], but it's nice to provide the
option for deployments where those features are unneeded anyway.

This is an alternative to https://github.com/NixOS/nixpkgs/pull/4937

[1]: http://article.gmane.org/gmane.linux.documentation/9425
2016-05-04 03:53:24 +02:00
Mitchell Pleune 571e9b5f1f bspwm: add _JAVA_AWT_WM_NONREPARENTING=1
bspwm is not in java's internal list of non-reparrenting
window managers. See https://awesomewm.org/wiki/Problems_with_Java
2016-05-03 17:46:48 -04:00
Bjørn Forsman 78b6e8c319 jenkins service: improve curl call in postStart
* Perform HTTP HEAD request instead of full GET (lighter weight)
* Don't log output of curl to the journal (it's noise/debug)
* Use explicit http:// URL scheme
* Reduce poll interval from 10s to 2s (respond to state changes
  quicker). Probably not relevant on boot (lots of services compete for
  the CPU), but online service restarts/reloads should be quicker.
* Pass --fail to curl (should be more robust against false positives)
* Use 4 space indent for shell code.
2016-05-03 23:12:45 +02:00
Bjørn Forsman 51e5beca42 jenkins service: remove unneeded (and brittle) part of postStart
The current postStart code holds Jenkins off the "started" state until
Jenkins becomes idle. But it should be enough to wait until Jenkins
start handling HTTP requests to consider it "started".

More reasons why the current approach is bad and we should remove it,
from @coreyoconnor in
https://github.com/NixOS/nixpkgs/issues/14991#issuecomment-216572571:

  1. Repeatedly curling for a specific human-readable string to
  determine "Active" is fragile. For instance, what happens when jenkins
  is localized?

  2. The time jenkins takes to initializes is variable. This (at least
  used to) depend on the number of jobs and any plugin upgrades requested.

  3. Jenkins can be requested to restart from the UI. Which will not
  affect the status of the service. This means that the service being
  "active" does not imply jenkins is initialized. Downstream services
  cannot assume jenkins is initialized if the service is active. Might
  as well accept that and remove the initialized test from service
  startup.

Fixes #14991.
2016-05-03 22:24:13 +02:00
Tuomas Tynkkynen aadaa91379 Merge remote-tracking branch 'upstream/master' into staging
Conflicts:
	pkgs/applications/networking/browsers/vivaldi/default.nix
	pkgs/misc/emulators/wine/base.nix
2016-05-03 23:12:48 +03:00
William A. Kennington III 4dc716115f Add missing files
(cherry picked from commit 5917fc2f50c87bbdd6ba0be339849a030a7eba10)
2016-05-02 13:04:41 -05:00
William A. Kennington III 60b3484928 dbus: Fix for new 1.10 version
(cherry picked from commit 68a4a6df3971d66aa988bba680351a30fbadbed3)
2016-05-02 13:04:20 -05:00
Joachim Fasting 60a27781d6
grsecurity module: fix grsec-lock unit ordering
Requirement without ordering implies parallel execution; it is crucial
that sysctl tunables are finalized before the lock is engaged, however.
2016-05-02 11:28:24 +02:00
Arseniy Seroka 48b739cc25 Merge pull request #15094 from jraygauthier/jrg/brscan4_init_rebased
brscan4: init at 0.4.3-3
2016-05-01 21:48:30 +03:00
Raymond Gauthier 758e8bd1a1 brscan4: init at 0.4.3-3
A sane backend for recent brother scanners.

Depends on the presence of etc files generated by the
nixos module of the same name.

Supports network scanner specification through the
nixos module.
2016-05-01 14:42:25 -04:00
Tobias Geerinckx-Rice 5508687ec2
Remove now useless proprietary Copy.com client and service
<https://techlib.barracuda.com/Copy/FAQ>

SaaS.
2016-05-01 14:38:08 +02:00
Thomas Tuegel dbe1bb06d9 Merge pull request #14741 from cruegge/dbus-activation-environment
xsession: Update DBus activation environment
2016-05-01 06:55:35 -05:00
Franz Pletz 02760890f3 Merge pull request #14992 from avnik/rspamd
Rspamd/Rmilter update
2016-05-01 12:49:56 +02:00
Thomas Tuegel 370120bd5f kde5: don't install GStreamer modules system-wide 2016-04-30 12:22:01 -05:00
Thomas Tuegel 2875293615 nixos/networkmanager: fix syntax error 2016-04-30 12:20:06 -05:00
Arseniy Seroka 277154e901 Merge pull request #15078 from phile314/master
elasticsearch: Install elastic search modules properly
2016-04-29 20:31:47 +03:00
Joachim Fasting 4fb9b060c3 Merge pull request #15063 from mayflower/upstream/graylog
Add graylog package and service
2016-04-29 15:32:53 +02:00
Philipp Hausmann 7d7380b011 elasticsearch: Install elastic search modules properly, fixes groovy script support. 2016-04-29 12:59:50 +02:00
Nahum Shalman 83c0aca062 installer: simple PXE bootable NixOS installer
The Nix store squashfs is stored inside the initrd instead of separately

(cherry picked from commit 976fd407796877b538c470d3a5253ad3e1f7bc68)
Signed-off-by: Domen Kožar <domen@dev.si>
2016-04-29 10:42:39 +01:00
Eelco Dolstra ecfc523d32 Update EC2 AMIs to 16.03.659.011ea84
This includes the binutils mass rebuild.
2016-04-29 10:28:35 +02:00
Eric Sagnes a8bc5b67f8 php: add default php.ini 2016-04-29 15:26:20 +09:00
Joachim Fasting 45c0a63c17 Merge pull request #15014 from groxxda/refactor/fail2ban
fail2ban: rework service
2016-04-29 01:26:55 +02:00
Tristan Helmich e48580c083 graylog service: Initial graylog service 2016-04-28 23:27:57 +02:00
Nikolay Amiantov c4440c9c74 Revert "pulseaudio: select correct outputs"
This reverts commit 5e2bb0b31c.
2016-04-28 17:06:09 +03:00
Nikolay Amiantov 5e2bb0b31c pulseaudio: select correct outputs
Original fixes by ttuegel and peterhoeg.
2016-04-28 16:45:42 +03:00
Nikolay Amiantov d619a75da1 pulseaudio: select correct outputs
Original fixes by ttuegel and peterhoeg.
2016-04-28 16:42:16 +03:00
Alexander V. Nikolaev 36954ee405 rspamd: configurable bindSocket and bindUISocket 2016-04-28 14:21:19 +03:00
Alexander V. Nikolaev 5c260399e1 rmilter: correct paths to sockets 2016-04-28 14:21:18 +03:00
Alexander V. Nikolaev c84c174eb2 rmilter: socket activation in nixos 2016-04-28 14:21:04 +03:00
Tuomas Tynkkynen de0847c731 taskserver service: Really check that it is enabled 2016-04-28 01:14:17 +03:00
Tuomas Tynkkynen 4ff8f377af Merge remote-tracking branch 'upstream/master' into staging 2016-04-28 00:13:53 +03:00
Tuomas Tynkkynen 49d1acb50f Merge pull request #14896 from elitak/rtl8723bs
rtl8723bs: improved build and split off firmware
2016-04-28 00:04:44 +03:00
Graham Christensen 56f8206b85 Update etc example to not use a real config file
A user noticed the example for `hosts`, took the `mode` permissions literally, and ended up with surprising behavior on their system. Updating the documentation to not reference a real config file which might have real permissions requirements.
2016-04-27 10:27:52 -05:00
Nikolay Amiantov e6e7c1e914 logmein-hamachi: init at 2.1.0.139, add nixos service 2016-04-27 16:15:01 +03:00
Nikolay Amiantov c5fcab987b pulseaudio service: fix service path 2016-04-27 15:51:28 +03:00
Nikolay Amiantov 21f984f590 xfce service: add noDesktop option 2016-04-27 14:59:56 +03:00
Nikolay Amiantov 7ac1ef05fa networkmanager service: fixup 2016-04-27 13:51:43 +03:00
Nikolay Amiantov 16bdef1350 bluetooth service: fix w.r.t. multiple outputs 2016-04-27 13:48:06 +03:00
Nikolay Amiantov 5a40332d70 unix-odbc-drivers module: update for new unixODBCDrivers 2016-04-26 23:58:11 +03:00
Nikolay Amiantov 89dfbd1215 Merge commit 'refs/pull/14936/head' of git://github.com/NixOS/nixpkgs 2016-04-26 23:14:47 +03:00
Alexander Ried fc941899a3 fail2ban: rework service 2016-04-26 20:34:41 +02:00
Nikolay Amiantov 23a093ebe8 dbus service: fix path to the launch helper 2016-04-26 16:10:30 +03:00
Nikolay Amiantov dfe608c8a2 symlinkJoin: accept set as an argument with additional options 2016-04-26 15:37:42 +03:00
Thomas Tuegel c25907d072 network-manager: multiple outputs 2016-04-25 19:04:24 -05:00
Thomas Tuegel 522ed7ce76 nixos/kde5: phonon-backend-gstreamer is not optional 2016-04-25 19:04:24 -05:00
Thomas Tuegel 5896befee0 nixos/kde5: install kactivitymanagerd 2016-04-25 19:04:24 -05:00
Christoph Ruegge 769a33bedd xsession: make updating DBus environment optional 2016-04-25 23:37:18 +02:00
Arseniy Seroka fd5ed06b0d Merge pull request #14977 from jerith666/crashplan-46-r3
Crashplan: 4.6.0-r2 -> 4.6.0-r3
2016-04-25 20:38:42 +03:00
Franz Pletz e16851b900 networking module: Add some missing literalExample 2016-04-25 18:15:52 +02:00
Matt McHenry 8262d7bdd4 crashplan: always overwrite binaries in /var/lib/ to ensure that updates are applied fully 2016-04-25 12:11:50 -04:00
Nikolay Amiantov 5f19542581 Merge commit 'refs/pull/14694/head' of git://github.com/NixOS/nixpkgs into staging 2016-04-25 18:02:23 +03:00
Nikolay Amiantov 09f02b918e Merge branch 'master' of git://github.com/NixOS/nixpkgs into staging 2016-04-25 18:02:10 +03:00
Tuomas Tynkkynen 1d4b21ef42 treewide: Use correct output of config.nix.package in non-string contexts 2016-04-25 16:44:38 +02:00
Tuomas Tynkkynen 60f5659dad treewide: Use correct output in ${config.nix.package}/bin 2016-04-25 16:44:37 +02:00
Tuomas Tynkkynen bee04a37ad amazon-init.nix: Use makeBinPath
This also fixes the incorrect use of 'dev' outputs from
config.nix.package and pkgs.systemd.
2016-04-25 16:44:37 +02:00
Tuomas Tynkkynen 70f5c840af nix-daemon service: Don't have the output in the `nix.package' option
1) It unnecessarily exposes implementation details.
2) It breaks all existing configs that have e.g.
   `nix.package = pkgs.nixUnstable;`.
2016-04-25 16:44:37 +02:00
Théophane Hufschmitt 201590fd97 zerobin service : init 2016-04-25 13:18:58 +02:00
Nikolay Amiantov 5ede7d4d92 octoprint: use makeSearchPathOutput 2016-04-25 13:24:40 +03:00