3
0
Fork 0
forked from mirrors/nixpkgs
Commit graph

2364 commits

Author SHA1 Message Date
Peter Simons 43bae26b33 Merge pull request #5627 from oxij/update-postfix
postfix: make 2.11 the default, nixos: update postfix config for 2.11
2015-01-11 11:28:31 +01:00
Arseniy Seroka 4f596fb93f Revert "zsh: profile-relative functions path"
This reverts commit 766207ca1d.

We need to solve the problem with `environment.profileRelativeEnvVars`.
The best workaround is to make profileRelativeEnvVars prepend paths.
2015-01-10 22:11:13 +03:00
Joachim Fasting 97bac259d0 dnscrypt-proxy service: update AppArmor profile
This patch fixes the AppArmor profile path clause and adds
(currently ignored) network rules.

The AppArmor profile used to be defined for the path sbin/dnscrypt-proxy,
but the real path is bin/dnscrypt-proxy (due to sbin now being a symlink
to bin), which permitted the service to run unconfined.

Adding the network rules has no effect other than improving correctness,
as the version of AppArmor in the NixOS kernel fails to enforce network
rules.
2015-01-09 15:08:07 +01:00
Shea Levy cca8bae86e Merge branch 'rngd-fix' of git://github.com/abbradar/nixpkgs 2015-01-08 09:36:29 -05:00
Matthias Beyer 5e6068d913 Put shell aliases in interactiveShellInit 2015-01-08 15:18:26 +01:00
Matthias Beyer c5e855e060 Add basic nixos module for fish shell 2015-01-08 15:18:26 +01:00
lethalman 908c47b281 Merge pull request #5550 from abbradar/fprintd
add fprintd support
2015-01-08 14:58:22 +01:00
William A. Kennington III dd7efcbf36 java: More default cleanups 2015-01-07 14:55:41 -08:00
William A. Kennington III c82410eeda java: Normalize to the default jre / jdk 2015-01-07 14:55:41 -08:00
William A. Kennington III 9a7766e054 nixos/network-interfaces: Add mstpd support for bridges 2015-01-07 14:49:24 -08:00
Peter Simons 24f5b2a1a0 Merge pull request #5619 from oxij/various-changes-2
Various (hopefully) small changes
2015-01-07 16:59:10 +01:00
Jan Malakhovski 265c1c1472 postfix: make 2.11 the default, nixos: update postfix config for 2.11
postfix 2.11 is much more humane with respect to disk writes since it uses
sockets (which do not change inodes on accesses) instead of fifos (which do).
2015-01-07 15:43:32 +00:00
Jan Malakhovski b6646f7ba7 nixos: make zsh use fcntl for locking history files by default
Without this zsh creates and then unlinks .lock files at each interactive
input line, which is inhumane with respect to disk.
2015-01-07 15:43:01 +00:00
j-keck 3ced0d94ac doc: use postgresql94
update postgresql module doc to use postgresql94 (was postgresql93)
2015-01-07 13:21:18 +01:00
William A. Kennington III 20d2092ff8 nixos/base: Add efi management utilities 2015-01-07 01:52:47 -08:00
Russell O'Connor d1a58ef7c6 google-compute-image.nix: Try to download all SSH host keys from metadata server. 2015-01-06 12:06:54 -05:00
Nikolay Amiantov dbc0395b2b nixos/rngd: some fixes 2015-01-06 17:27:07 +03:00
Domen Kožar c876f7a25d document options to nixos-install script 2015-01-06 14:49:24 +01:00
Nikolay Amiantov 2aaeacc579 nixos/modprobe: wrap all of kmod 2015-01-06 16:39:00 +03:00
Russell O'Connor 3251948029 Generate SSH host public key from the private key. 2015-01-05 15:20:55 -05:00
Russell O'Connor d1cbbff1e3 Call wget directly in fetch-ssh-keys service. 2015-01-05 15:20:55 -05:00
Russell O'Connor 6382e16014 google-compute-image.nix: unconditionally clean up /root/key.pub /root/authorized-keys-metadata 2015-01-05 15:18:02 -05:00
Russell O'Connor b19ab1f046 google-comute-image.nix: set umask 077 when downloading private keys from the metadata server. 2015-01-05 15:01:49 -05:00
Russell O'Connor e548a4330d google-compute-image.nix: use internal google NTP server. 2015-01-05 12:45:23 -05:00
Peter Simons ea94a6d653 nixos/modules/services/misc/nix-daemon.nix: document meaning of '0' for the buildCores attribute 2015-01-05 15:38:08 +01:00
Rob Vermaas c5caa853ec dd-agent: set SSL_CERT_FILE for dogstatsd.
(cherry picked from commit c67204dec2)
2015-01-05 13:15:22 +01:00
Eelco Dolstra ae7d79cd61 Fix some bad gids
Issue #3727.
2015-01-05 11:58:17 +01:00
Rob Vermaas bc09e53343 Minor fixes to EC2 image generation script. Set autoresponder, so no interaction is necessary. Write output in a format that can be easily included in ec2-amis.nix of nixops.
(cherry picked from commit 96904915d9)
2015-01-05 09:35:48 +01:00
Rob Vermaas 1a4164b71d Use nixos-images bucket for GCE images.
(cherry picked from commit bdd3a3bac8)
2015-01-05 09:35:42 +01:00
Rob Vermaas 357f6a2c97 Fixes for script that builds and uploads EC2 s3 backed images. Mostly credential related.
(cherry picked from commit 42c0bc4b8f)
2015-01-05 09:35:38 +01:00
Rob Vermaas ea9530b5c7 Fix GCE image build.
(cherry picked from commit 98af87cd4a)
2015-01-05 09:35:35 +01:00
Khalid Jebbari b385d14b81 Fix typo in recursive set example 2015-01-04 19:28:16 +01:00
Khalid Jebbari 1d3a592ae0 Bad name for the NixOS download page 2015-01-04 18:33:30 +01:00
Domen Kožar 79a51b0cf3 Add Type information into manual and manpages, fixes #4600 2015-01-04 15:41:32 +01:00
William A. Kennington III 8ec82fcb18 nixos/samba: Allow package version setting 2015-01-03 21:45:16 -08:00
Kirill Elagin 766207ca1d zsh: profile-relative functions path
This is needed mostly for autocompletion.
2015-01-04 02:02:59 +03:00
Nikolay Amiantov a164a0b4c5 nixos/fprintd: add service and pam support 2015-01-03 19:50:40 +03:00
Domen Kožar 3d7ff07258 fix manual 2015-01-03 16:32:07 +01:00
Domen Kožar 1f523bb23d clarify things about hashed passwords and mutableUsers 2015-01-02 17:32:56 +01:00
William A. Kennington III 8627110091 icedtea: Make major version nonspecific attrs 2015-01-02 00:24:49 -08:00
Nicolas B. Pierron 816229593a Merge pull request #5441 from nbp/mkAlias
modules: Extract mkAliasDefinition from the rename.nix NixOS module.
2015-01-01 06:59:42 -08:00
Sebastián Bernardo Galkin 24abe2b2b3 Bumblebee config to enable multiple monitors
Added configurations to `bumblebee` package to easy multiple monitors on Optimus
machines.

The behaviour of the default `bumblebee` package hasn't change, so this change
is backwards compatible. Users who want to connect a monitor to their discrete
card should use the package `bumblebee_display` instead.

Also added new configuration option to nixos bumblebee module:

```
hardware.bumblebee.connectDisplay = true
```

will enable the new configuration, but the default is still false.
2014-12-30 19:17:42 -08:00
Charles Strahan 94dd4b9721 ruby: WIP 2014-12-30 21:05:00 -05:00
Eelco Dolstra c2af4f3ea8 Tweak 2014-12-31 01:29:05 +01:00
Vladimír Čunát 13d5f305da nixos/doc release notes: mention intel GPU driver
(cherry picked from commit 3865ab9e69)
2014-12-31 01:29:05 +01:00
aszlig d137ff33e2
nixos/release-notes: Fix typo in VirtualBox notes.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-12-30 23:42:14 +01:00
Eelco Dolstra 3370ee6a13 Document small channels 2014-12-30 22:31:27 +01:00
Eelco Dolstra cf1d9ed317 Release notes tweak 2014-12-30 18:43:13 +01:00
Eelco Dolstra 4df1ca0875 Sort stuff 2014-12-30 18:43:13 +01:00
Eelco Dolstra 512d788a68 Create AMIs in the lb-nixos account 2014-12-30 18:32:45 +01:00
Eelco Dolstra adf62ba9c1 Drop reference to obsolete ControlGroupAttribute option 2014-12-30 18:32:05 +01:00
Eelco Dolstra c502369a23 Release notes 2014-12-30 18:25:02 +01:00
Eelco Dolstra 5f2d5fcc12 Release date 2014-12-30 18:12:52 +01:00
Eelco Dolstra e62cb5585d Merge pull request #5507 from DamienCassou/systemd-user-timers
Add systemd.user.timers
2014-12-30 15:40:43 +01:00
Damien Cassou dcc93abe74 Add systemd.user.timers 2014-12-30 05:46:36 +01:00
Tobias Geerinckx-Rice c64257b8e5 Fix user-facing typos (mainly in descriptions) 2014-12-30 03:31:03 +01:00
Jaka Hudoklin 1b19b7a3bf Merge pull request #5491 from offlinehacker/cadvisor
Add cadvisor package and nixos module
2014-12-29 17:58:43 +01:00
Shea Levy 9245516b46 gummiboot-builder.py: run nix with no build-users-group
During install, the bootloader script gets run inside a chroot after the
/etc/group bind-mount is unmounted. Since we're not doing any building,
this should be safe, but really nix should just not care if the group
does not exist when no build is needed.

Fixes #5494
2014-12-29 07:09:10 -05:00
Ricardo M. Correia 1d44322d53 grsecurity: Update stable and test patches
stable: 3.0-3.14.27-201412211908 -> 3.0-3.14.27-201412280859
test:   3.0-3.17.7-201412211910  -> 3.0-3.18.1-201412281149
2014-12-29 03:00:47 +01:00
Matej Cotman 9eb24c72ff systemd: fix permissions on /var/log/journal 2014-12-28 22:37:50 +01:00
Charles Strahan 145733c479 Merge branch 'master' of github.com:nixos/nixpkgs into pleasant-ruby
Conflicts:
	pkgs/applications/version-management/redmine/default.nix
	pkgs/development/interpreters/ruby/gem.nix
	pkgs/development/interpreters/ruby/generated.nix
	pkgs/development/interpreters/ruby/patches.nix
	pkgs/development/tools/vagrant/default.nix
	pkgs/servers/consul/default.nix
2014-12-28 14:29:52 -05:00
Domen Kožar 43af22b2de Merge pull request #5487 from luke-clifton/lc-btsync-group
btsync groups
2014-12-28 20:25:13 +01:00
Charles Strahan 4ed847d81d redmine: fix use of bundler 2014-12-28 14:22:11 -05:00
Jaka Hudoklin b6198f08e3 nixos: add cadvisor service 2014-12-28 20:21:41 +01:00
Eelco Dolstra ea9d391bb5 Fix ntpd
Since the 4.2.8 upgrade, ntpd is broken on NixOS:

  Dec 28 19:06:54 hagbard ntpd[27723]: giving up resolving host 1.nixos.pool.ntp.org: Servname not supported for ai_socktype (-8)

This appears to be because DNS resolution doesn't work in chroots
anymore (due to /etc being missing). So disable chroots for now. It's
probably better to use systemd's containment facilities anyway.
2014-12-28 19:38:45 +01:00
Alexander Kjeldaas da1f8578b0 Eradicate gzip -9 without -n 2014-12-28 13:45:27 +01:00
Luke Clifton 3c8914f94e Changed group id to match user id 2014-12-28 19:47:12 +08:00
Luke Clifton b625c3dd4b Added group id to ids.nix 2014-12-28 18:10:02 +08:00
Vladimír Čunát 61d9f06760 fix a typo from 2627198b0c 2014-12-28 10:44:50 +01:00
Luke Clifton 0c477eb38f Documentation update 2014-12-28 17:26:59 +08:00
Luke Clifton 61ff1b2b0a Moved UMask to correct location 2014-12-28 16:44:27 +08:00
Luke Clifton 5fdd6f6a66 Change umask 2014-12-28 16:39:56 +08:00
William A. Kennington III 2627198b0c nixos/firewall: Add ipset utility 2014-12-28 00:04:49 -08:00
Luke Clifton 5866a9df03 added group 2014-12-28 13:23:10 +08:00
Luke Clifton fabcc2cf7b Added btsync group to btsync user 2014-12-28 13:17:37 +08:00
Vladimír Čunát 3c050d00a5 upower: use newer version by default
Tested on KDE4, fixed with xfce, and was used with GNOME before.
CC @lethalman.

I did not test e19, as it won't build, probably due to #5392 @shlevy.
CC maintainer @matejc.

Also removed a forgotten unused patch.
2014-12-27 22:46:46 +01:00
Domen Kožar ec5fcfa82c network-manager: specify full path to sytemctl binary
(cherry picked from commit af8f76c256)
Signed-off-by: Domen Kožar <domen@dev.si>
2014-12-27 11:53:07 +01:00
Bjørn Forsman 0a8623d6a9 nixos/munin: add /var/setuid-wrappers to PATH
/var/setuid-wrappers is an extension of the system profile, so it
belongs in PATH for the munin service.
2014-12-25 15:43:51 +01:00
aszlig c7e3ddf7ff
nixos/synergy: Fix use of the "optional" function.
Commit 939edb1 reintroduced autoStart, but instead of creating a list of
units for the wantedBy list with optional it became a list of lists of
units.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-12-24 12:35:57 +01:00
Domen Kožar a4961f09f6 Merge pull request #5390 from abbradar/nixos-isntall
nixos-install: fix -I flag
2014-12-23 18:15:14 +01:00
Nicolas B. Pierron d7f29acd48 modules: Extract mkAliasDefinition from the rename.nix NixOS module. 2014-12-22 22:38:38 +01:00
Igor Pashev 2b91b9b594 Strongswan: updown script uses ip and iptables utilities 2014-12-22 20:20:52 +00:00
Luca Bruno 79209e30b5 nixos: Add -verbose to xserverArgs example 2014-12-22 21:01:12 +01:00
lethalman 50789593df Merge pull request #5346 from svenkeidel/disable-xserver-verbose-logging
disable verbose logging for XServer, fixes #4333
2014-12-22 20:59:06 +01:00
Benno Fünfstück 914b76bad4 services.mpd: use systemd's user option
For some reason, mpd fails to open the sound card if using mpd's user
option. Starting mpd directly as the mpd user works for me.
2014-12-22 11:22:14 +00:00
lethalman d0fdad5f36 Merge pull request #5419 from ehmry/tox-bootstrapd
tox-bootstrapd
2014-12-22 11:16:44 +01:00
Nicolas B. Pierron 6a7971bee7 Merge pull request #5416 from nbp/nixos-option-include
nixos-option: Support -I option
2014-12-21 15:11:11 -08:00
Nicolas B. Pierron e4fb4168fc Merge pull request #5415 from nbp/nixos-options-submodules
nixos-option: Handle submodules
2014-12-21 15:10:46 -08:00
Nicolas B. Pierron 91cc22e841 Merge pull request #5405 from nbp/nixos-options-derivation
nixos-option: Print the outPath of derivation for option values.
2014-12-20 16:51:49 -08:00
Nicolas B. Pierron c231506b5a Merge pull request #5362 from nbp/update-channels
Add a script to add git branches for each channel.

To create / update references to remote / local channels, you have to run `./maintainers/scripts/update-channel-branches.sh` while you are at the top-level of nixpkgs work directory.  To make this convenient for Nixpkgs / NixOS developer, one can run the following command:

```
$ git config --add alias.fetch-channels '!sh -c "$(git rev-parse --show-cdup)maintainers/scripts/update-channel-branches.sh"'
```

Which will register the alias fetch-channels such that the script can used from sub-directory of nixpkgs by running `git fetch-channels`.
2014-12-20 16:49:18 -08:00
Nicolas B. Pierron 974edc5056 nixos-option: Use <nixpkgs/nixos> instead of <nixpkgs>. 2014-12-21 01:33:06 +01:00
Emery Hemingway 01910e84f9 nixos: tox-bootstrapd service 2014-12-20 18:20:27 -05:00
Nicolas B. Pierron 82a5f54c0d nixos-option: Support -I option. 2014-12-20 20:30:19 +01:00
Nicolas B. Pierron c9682a22ff nixos-option: Produce nicer error messages in case of typos. 2014-12-20 19:52:28 +01:00
Nicolas B. Pierron 640428d3c5 nixos-option: Handle 'attrsOf submodule' options. 2014-12-20 19:16:43 +01:00
Nicolas B. Pierron cd2f7ce9f9 nixos-option: Improve error messages to avoid reporting internal location and traces. 2014-12-19 23:00:52 +01:00
Nicolas B. Pierron b2abfe54b3 nixos-option: Print derivation outPath within attribute sets and list, when the strict mode is used. 2014-12-19 23:00:00 +01:00
Nicolas B. Pierron 9db6a84f0b nixos-option: Print the outPath of derivation for option values. 2014-12-19 22:33:24 +01:00
Eelco Dolstra 80a85541d5 Typo 2014-12-19 14:38:33 +01:00
Eelco Dolstra 5ad3a02938 Shut up a warning from udev
Issue #5260.
2014-12-19 14:37:50 +01:00
Mathijs Kwik 6e728a42ec virtualisation.qemuNetworkingOptions -> virtualisation.qemu.networkingOptions 2014-12-19 11:59:00 +01:00
Mathijs Kwik 6cdacdd4a2 nixos/qemu-vm: make networking options configurable 2014-12-19 08:52:06 +01:00
wmertens a8c726da56 Merge pull request #5378 from benley/mesos
mesos-slave: add config option for slave attributes
2014-12-19 08:10:07 +01:00
Evgeny Egorochkin 87610ca0fd kde4: enable akonadi by default 2014-12-19 08:59:22 +02:00
Evgeny Egorochkin 939edb1873 synergy: restore autostart option.
closes #5334
2014-12-19 08:25:23 +02:00
Evgeny Egorochkin 9225af50d0 resurrect torsocks-faster 2014-12-19 08:05:41 +02:00
Evgeny Egorochkin eb0874d5ff rename torify to tsocks, to avoid name clashes and make it clear which wrapper library is used 2014-12-19 08:05:41 +02:00
Evgeny Egorochkin 633cc58d5c torsocks: enable by default if tor client functionality is enabled 2014-12-19 08:05:41 +02:00
Evgeny Egorochkin 824b3b1a99 tor: restore the Privoxy setup, but configure the system Privoxy instead of running a separate instance. 2014-12-19 08:05:41 +02:00
Evgeny Egorochkin 1fe5314dc5 tor: restore strong circuit isolation 2014-12-19 08:05:41 +02:00
Evgeny Egorochkin da118cf60b Revert "nixos: Remove torify module"
tsocks is still useful because it's less strict

This reverts commit 1b26faeb69.
2014-12-19 08:05:41 +02:00
Benjamin Staffin c47cefd05e nixos/mesos: Parameterize mesos slave attributes
Added attributes to nixos/tests/mesos.nix to verify that mesos-slave
attributes work. If the generated attributes are invalid, the daemon
should fail to start.

Change-Id: I5511245add30aba658b1af22cd7355b0bbf5d15c
2014-12-18 14:47:24 -08:00
aszlig efb2b27a8f
nixos: Add VBox hardening to 14.12 release notes.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-12-18 22:58:37 +01:00
wmertens 5f7530a1d7 zfs hostId: Instructions to derive from machine-id 2014-12-18 22:52:29 +01:00
Nicolas B. Pierron 9334085e80 update-channel-branches.sh: Add verbosity to improve the user experience, and update NixOS documentation. 2014-12-18 22:25:21 +01:00
Nikolay Amiantov 22eb0e22d3 nixos-install: fix -I flag 2014-12-18 22:43:40 +03:00
aszlig f7384b8c75
nixos/virtualbox: Revert disable hardening.
This reverts commit 5d67b17901.

The issues have been resolved by ac603e208c.

Tested this with hostonlyifs and USB support with extension pack.

Conflicts:
	nixos/modules/programs/virtualbox-host.nix

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Tested-by: Mateusz Kowalczyk <fuuzetsu@fuuzetsu.co.uk>
2014-12-18 18:18:32 +01:00
Eelco Dolstra 63c14e259d ssh-agent: Don't have a timeout by default
IMHO, having a short timeout (1h) defeats the point of using
ssh-agent, which is not to have to retype passphrases all the time. Of
course, users who want timeouts can set programs.ssh.agentTimeout.

This restores the 14.04 behaviour.
2014-12-18 15:34:29 +01:00
Eelco Dolstra bf0f2adbeb Fix container test
http://hydra.nixos.org/build/17989795
2014-12-18 14:18:53 +01:00
aszlig d45649b415
nixos/tests/virtualbox: Disable debug logging.
Especially if the user isn't in the vboxusers group anymore, this gets
VERY noisy, because the VBoxSVC process emits warnings for every single
USB device noting that it's only possible to access it when the user is
in the vboxusers group.

So, we now have a debug attribute, where we can enable it when
necessary.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-12-18 14:06:13 +01:00
aszlig ef691d5c30
nixos/tests/virtualbox: Don't use vboxusers group.
At least when we're running in hardening mode, because it's needed there
only for USB support.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-12-18 14:06:13 +01:00
aszlig 2af435b5cd
nixos/tests/blivet: Fix by avoiding "nix-store".
The "nix-store" command within the VM test is running without
NIX_REMOTE=daemon and since Nix 1.8 tries to open the store database in
read-write mode even for nix-store -qR.

Now, we're doing this properly and rely on setup hooks, which is the
same method that's used when you're building a library which depends on
blivet.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-12-18 14:06:13 +01:00
aszlig ac603e208c
virtualbox: Fix runtime paths in hardening mode.
Because we have to rely on setuid wrappers on NixOS, we can't easily
hardcode the executable paths and set it 4755. So for all calls, we need
to change the runtime path executable directory to /var/setuid-wrappers/
and for verification we need to retain the executable directory.

Also note, that usually VBoxNetAdpCtl, VBoxNetDHCP, VBoxNetNAT, VBoxSDL
and VBoxVolInfo don't reside in directories that are commonly in PATH,
but in /usr/lib/virtualbox in most mainstream distros. But because the
names of these executables are distinctive enough to not cause
collisions with other setuid programs, I'll leave it like that and not
patch up setuid-wrappers.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-12-18 14:06:13 +01:00
Domen Kožar 3d5220e691 release notes: reindent, remove renames (redudant)
(cherry picked from commit 8566f66ea4)
Signed-off-by: Domen Kožar <domen@dev.si>
2014-12-18 12:22:22 +01:00
Domen Kožar 44af18f8ae update release notes
(cherry picked from commit 33e9a0503a)
Signed-off-by: Domen Kožar <domen@dev.si>
2014-12-18 12:22:17 +01:00
Domen Kožar 432490e319 fix users.mutableUsers = false; install in iso
(cherry picked from commit 9bc8bcbbdc)
Signed-off-by: Domen Kožar <domen@dev.si>
2014-12-18 12:18:49 +01:00
Eelco Dolstra 89697b0fc1 Improve /etc/sudoers message 2014-12-18 11:51:42 +01:00
William A. Kennington III 1036c66d43 nixos/network-interfaces: Add ipv6 gateway support 2014-12-17 17:56:29 -08:00
Eelco Dolstra c812e45292 switch-to-configuration: Ignore slice units 2014-12-18 01:47:36 +01:00
Eelco Dolstra bde9ae18cf Revert "enable bash autocomplete by default"
This reverts commit ee8e15fe76. See
discussion at ee8e15fe76.
2014-12-18 00:36:46 +01:00
Eelco Dolstra d34c600414 Remove udev from /run/opengl-drivers
/run/opengl-drivers should contain only libGL-related libraries, not
stuff like udev. Injecting anything into LD_LIBRARY_PATH is dangerous
because it can break applications that expect a different version of
the library.

Caused by eef9a8ac2a. Fixes #5371.
2014-12-17 17:00:10 +01:00
Rob Vermaas b8a4095003 It is called Dingo! yes, Dingo! 2014-12-17 16:42:52 +01:00
Domen Kožar d2462e2957 nixos/tests/gitlab.nix: set TimeoutStartSec to 10min
(cherry picked from commit 5bafb9cf0f)
Signed-off-by: Domen Kožar <domen@dev.si>
2014-12-17 16:40:53 +01:00
Luca Bruno 614162ee6c Some lua and awesome improvements
- Move lgi to luaPackages
- Use luaPackages in awesome and passthru lua
- Allow to pass lua modules to the awesome WM so that those can be used in the configuration
2014-12-17 15:08:21 +01:00
Mathijs Kwik 4aebd5ef87 Merge pull request #5358 from bluescreen303/nixos-extra-modules
nixos: allow adding extra modules through environment
2014-12-17 09:48:35 +01:00
wmertens 0d5bd2a0f3 Merge pull request #5254 from ehmry/network-filesystems
nixos: configure samba and rsync shares with sets
2014-12-17 07:07:28 +01:00
wmertens 2fb69f5277 Merge pull request #5196 from madjar/cloud-init
cloud-init: add expression and service
2014-12-17 06:58:54 +01:00
William A. Kennington III 681ae2fa7f nixos/consul: Don't timeout if start job has many retries 2014-12-16 15:42:08 -08:00
Mathijs Kwik 73f18fd42f nixos: allow adding extra modules through environment
This is useful for adding extra functionality or defaults to _every_
nixos evaluation.

My use case is overriding behaviour for all nixos tests, for example
setting packageOverrides to newer versions and changing some default
dependencies/settings.

By making this accessible through an environment variable, this can now
be fully accomplished externally. No more need to fork
nixos/nixpkgs (which becomes a maintenance burden), just use the channel
instead and plug in via this envvar.
2014-12-16 19:13:15 +01:00
Eelco Dolstra be0e73b938 cups: Build with SERVERROOT set to /etc/cups 2014-12-16 18:23:41 +01:00
Eelco Dolstra dc6c8b9714 cupsd.nix: Clean up environment.etc 2014-12-16 18:23:41 +01:00
tv@shackspace.de b71f3c4315 nixos/cupsd: use cups-files.conf 2014-12-16 18:23:40 +01:00
aszlig e36bec661c
nixos/virtualbox: Fix warning on enableHardening.
The warning was displayed whenever services.virtualboxHost.enable was
true, but if people were to enable hardening, they'd still get that
annoying message.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-12-16 11:24:55 +01:00
Eelco Dolstra 997531d172 Document screen incompatibility 2014-12-15 19:55:37 +01:00
aszlig 8bbf1dc80e
nixos/tests/virtualbox: Improve logging.
This also makes showvminfo obsolete, as we get the same information from
the hosts log.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-12-15 19:17:38 +01:00
aszlig d85fabd68c
nixos/virtualbox/hostonlyif: Fix writing to /root.
Creates unnecessary cruft in the root users home directory, which we
really don't need. Except the log, but therefore we now cat the log to
stderr and the private temporary directory is cleaned up afterwards.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-12-15 19:16:43 +01:00
Sven Keidel 7199db8aab disable verbose logging for XServer, fixes #4333
The current options for the XServer produce a huge amount of log messages. The
server produces around 70-80 messages per minute. The most messages look like
this:

display-manager-start[1846]: GetModeLine - scrn: 0 clock: 75200
display-manager-start[1846]: GetModeLine - hdsp: 1366 hbeg: 1414 hend: 1478 httl: 1582
display-manager-start[1846]: vdsp: 768 vbeg: 772 vend: 779 vttl: 792 flags: 9

Since theses messages aren't very useful, I propose to remove the `-logverbose`
and `-verbose` options from the XServer arguments.
2014-12-15 18:59:49 +01:00
aszlig 5d67b17901
nixos/virtualbox: Disable hardening for now.
This should display a big fat warning that people can hardly miss until
we have fixed the issues with the host-only-interfaces that persist when
hardining is enabled.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-12-15 18:53:41 +01:00
aszlig 9bf16a9c33
nixos/tests/virtualbox: Add test for hostonlyif.
Essentially adds two more VirtualBox VMs to the test and also increases
the memory size of the qemu VM to 768 MB to make sure we don't run out
of memory too soon.

We're testing whether those two VMs can talk to either each other
(currently via ICMP only) or to/from the host via TCP/IP.

Also, this restructures the VM test a bit, so that we now pass in a
custom stage2Init script that has access to the store via a private
mount over the /nix/store that's already in the initrd. The reason why
this is a private mount is that we don't want to shadow the Nix store of
the initrd, essentially breaking cleanup functionality after the custom
stage 2 script (currently this is only "poweroff -f").

Note that setting the hostname inside the VirtualBox VM is *not* for
additional fanciness but to produce a different store path for the VM
image, so that VirtualBox doesn't bail out when trying to use an image
which is already attached to another VM.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-12-15 17:52:20 +01:00
aszlig 245baeb2f6
nixos/virtualbox: Note about "vboxusers" group.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-12-15 17:52:19 +01:00
aszlig e03e0ff42a
nixos/virtualbox: Allow to disable hardening.
Hardening mode in VirtualBox is quite restrictive and on some systems it
could make sense to disable hardening mode, especially while we still
have issues with hostonly networking and other issues[TM] we don't know
or haven't tested yet.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-12-15 17:52:18 +01:00
aszlig 77831e8467
nixos/tests/virtualbox: Generalize expression.
We're going to create more than one VirtualBox VM, so let's dynamically
generate subs specific to a particular VirtualBox VM, merging everything
into the testScript and machine expressions.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-12-15 17:52:16 +01:00
Eelco Dolstra bed675f400 nixos-generate-config: Don't emit networking.hostId
Systemd already generates /etc/machine-id. So there is no need to
generate another unique host identifer.
2014-12-15 17:03:28 +01:00
Eelco Dolstra 0d3a229baa nixos-generate-config: Add time zone 2014-12-15 16:55:03 +01:00
Peter Simons 60f21f983f nixos/doc/manual/release-notes/rl-1412.xml: document change of default time zone
https://github.com/NixOS/nixpkgs/pull/5332
2014-12-15 16:38:04 +01:00
Peter Simons 0f2b026bfe nixos/modules/system/boot/luksroot.nix: hyperlinkify an URL in the documentation 2014-12-15 16:31:18 +01:00
Peter Simons 137ffc9929 Switch default timezone in NixOS from "CET" to "UTC".
Suggested in https://github.com/NixOS/nixpkgs/pull/5332.
2014-12-15 16:31:18 +01:00
Eelco Dolstra 88412c865d Fix ANSI escape in warning messages
Seems to have been broken by accident in 7d1ddae58e.
2014-12-15 16:19:35 +01:00
Thomas Tuegel 32e41c2280 nixos: fix config.fonts.fontconfig.ultimate.allowBitmaps
The option was incorrectly negated, so that 'allowBitmaps = true'
actually disabled bitmap fonts.
2014-12-15 09:16:40 -06:00
Rob Vermaas b48e41b8d7 cron: make into systemd.service and make it depend on /etc/localtime
so that changes in timezone will trigger a restart of cron service.
2014-12-15 14:50:12 +01:00
Eelco Dolstra cfe26e4438 Fix using Apache httpd 2.2 2014-12-15 13:13:17 +01:00
wmertens d3d38c38c5 Merge pull request #5326 from prikhi/refactor-psd-config
profile-sync-daemon: refactor nixos module
2014-12-14 19:38:31 +01:00
Nicolas B. Pierron 42c3c205c4 Merge remote-tracking branch 'origin/master' into syncserver 2014-12-14 14:17:56 +01:00
Domen Kožar 3d74b38101 add chromium test to the tested job
(cherry picked from commit fa4e45f20c)
Signed-off-by: Domen Kožar <domen@dev.si>
2014-12-14 13:47:19 +01:00
Domen Kožar d62d45642c fix quake3 test
(cherry picked from commit fde7e1286e)
Signed-off-by: Domen Kožar <domen@dev.si>
2014-12-14 13:47:19 +01:00
Domen Kožar a7bcba42c5 Merge pull request #5328 from paraseba/master
Fix networkmanager resumeCommands
2014-12-14 13:09:15 +01:00
Jaka Hudoklin ca32d20d6e nixos/gitlab: enable tests in release 2014-12-14 13:05:35 +01:00
Jaka Hudoklin 6ae50a4cc6 nixos/kubernetes: fix test, make more deterministic by having more ram 2014-12-14 13:05:35 +01:00
Sebastián Bernardo Galkin aba0d8a73d Fix networkmanager resumeCommands
Small typo prevented the post resume script to restart network manager
2014-12-14 03:46:54 -08:00
Domen Kožar 5d9b24e1ec typo
(cherry picked from commit ad4e371acf)
Signed-off-by: Domen Kožar <domen@dev.si>
2014-12-14 11:29:09 +01:00
Domen Kožar 48a282b913 http://nixos.org -> https://nixos.org
(cherry picked from commit 78bb17dd22e4da4e3810fbc78185d73bb25ea73e)
Signed-off-by: Domen Kožar <domen@dev.si>
2014-12-14 11:26:45 +01:00
Domen Kožar ba5fad6dfa Merge pull request #5323 from offlinehacker/gitlab_i686_fix
gitlab: fix i686-linux build and module
2014-12-14 09:48:44 +01:00
Pavan Rikhi 25da0e2518 profile-sync-daemon: refactor module 2014-12-14 00:45:08 -05:00
Jaka Hudoklin bbc44bf0da nixos/gitlab: imporove tests 2014-12-14 02:30:13 +01:00
Jaka Hudoklin 90683792aa gitlab: fix i686-linux build and module
It turns out that installing therubytracer, with dependency on old v8, even
when using source libv8 version is problematic.
(see
http://stackoverflow.com/questions/21666379/problems-installing-gitlab-on-odroid-v8-lib-not-available).

But wait, rails does not even need therubytracer, just any kind of javascript
server side execution framework like nodejs. Well just use that, as also
suggested from different internet sources (look link above), it works just
fine.
2014-12-14 02:24:12 +01:00
Pavan Rikhi 0df1c05f71 Add the Profile Sync Daemon Package & NixOS Module 2014-12-13 09:24:12 -05:00
aszlig 69858d7743
nixos: Add VM test for VirtualBox.
Currently it pretty much tests starting up virtual machines and just
shutting down afterwards, but for both VBoxManage and the VirtualBox
GUI.

This helps catching errors in hardened mode, however we still need to
test whether networking works the way intended (and I fear that this is
broken at the moment).

The VirtualBox VM is _not_ using hardware virtualization support (thus
we use system = "i686-linux", because x86_64 has no emulation support),
because we're already within a qemu VM, which means it's going to be
slow as hell (that's why I've written own subs just for testing
startup/shutdown/whatnot with respective timeouts).

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-12-13 11:43:44 +01:00
aszlig 0d71ec8a6e
nixos/virtualbox: Fix setuid wrappers.
We only need to have setuid-root wrappers for VBox{Headless,SDL} and
VirtualBox, otherwise VBoxManage will run as root and NOT drop
privileges!

Fixes #5283.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-12-13 07:52:19 +01:00
Nicolas B. Pierron 1a1fc17957 Firefox Sync Server: Create the private config file as non-world readable. 2014-12-12 22:14:38 +01:00
Nicolas B. Pierron a0154145d5 Firefox Sync Server: Fix copy&paste issue. 2014-12-12 22:13:03 +01:00
Jaka Hudoklin d8ee91cb54 nixos: container profile, fix a few things 2014-12-12 20:28:01 +01:00
Jaka Hudoklin 13e58784bf nixos/gitlab: fixes
- fix timezone data not found
- fix module, add simple test
- allow to set port
2014-12-12 18:01:31 +01:00
Thomas Hunger 59995e168c nixos: Add gitlab and gitlab-shell
I had to make several adjustments to make it work with nixos:

* Replace relative config file lookups with ENV variable.
* Modify gitlab-shell to not clear then environment when running
  pre-receive.
* Modify gitlab-shell to write some environment variables into
  the .authorized_keys file to make sure gitlab-shell reads the
  correct config file.
* Log unicorn output to syslog.
  I tried various ways of adding a syslog package but the bundler would
  not pick them up. Please fix in a better way if possible.
* Gitlab-runner program wrapper.
  This is useful to run e.g. backups etc. with the correct
  environment set up.
2014-12-12 18:01:29 +01:00
Vladimír Čunát 3bcd3ed017 nixos: check resumeDevice is absolute path and document
Fixes #5219 after merging #4995.

(cherry picked from commit 0681d61c37)
Signed-off-by: Domen Kožar <domen@dev.si>
2014-12-12 11:11:57 +01:00
Eelco Dolstra 8bb494c170 Get rid of a warning about dbus in the activation script 2014-12-12 10:45:37 +01:00
aszlig cf7f15c92c
nixos-install: Pass CA cert bundle to chroot.
Since we're using HTTPS for the binary cache (introduced in faf0797) by
default, the binary cache should also be available during installation.

The file that is defined in SSL_CERT_FILE outside of the chroot is
copied over to /tmp/ca-cert.crt inside the chroot, so we have an
absolute path we can reference during nixos-install. However, this might
end up with the file not being cleaned up properly from outside of the
store, but neither would be /tmp/root so the cleanup issue needs to be
solved in another place (or commit to be more exact).

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-12-12 03:03:14 +01:00
Jaka Hudoklin f2e20fa837 nixos: container profile, update /init symlink on rebuild 2014-12-12 02:55:23 +01:00
ambrop7@gmail.com 65393ca8d3 virtualbox: Unbreak the nixos module. 2014-12-12 00:16:33 +01:00
Jaka Hudoklin e1383d0833 Merge pull request #5300 from ambrop72/virtualbox-network-interface
virtualbox: Allow disabling the network interface.
2014-12-11 23:51:52 +01:00
Nicolas B. Pierron 0570a08b83 Merge remote-tracking branch 'origin/master' into syncserver 2014-12-11 23:49:19 +01:00
Nicolas B. Pierron 01886aef22 Add Firefox Sync server module. 2014-12-11 23:48:15 +01:00
lethalman 786a0c92c6 Merge pull request #5299 from bjornfor/gnome-enable-mtp-support
nixos/gnome: enable MTP support in gvfs
2014-12-11 23:41:05 +01:00
Jaka Hudoklin 91961c2a32 nixos/mesos: fix typo 2014-12-11 23:35:39 +01:00
ambrop7@gmail.com 9fa2c35ec8 virtualbox: Allow disabling the network interface.
The current nixos module for VirtualBox unconditionally configures a vboxnet0
network interface at boot. This may be undesired, especially when the user wants
to manage network interfaces in a centralized manner.
2014-12-11 23:35:03 +01:00
Jaka Hudoklin 4be1089781 nixos: move kubernetes & fleet to services/cluster 2014-12-11 23:32:37 +01:00
Jaka Hudoklin 5dac2ec412 Merge pull request #5297 from fmapfmapfmap/tor-extra-config
Tor module: append redundant specifications of 'extraConfig', via 'types.lines'.
2014-12-11 23:22:52 +01:00
Jaka Hudoklin deb28cf0b1 nixos: container tarball release
- Create container nixos profile
- Create lxc-container nixos config using container nixos profile
- Docker nixos image, use nixos profile for its base config
2014-12-11 23:17:27 +01:00
Jaka Hudoklin a782b890d5 nixos/make-system-tarball: extra commands to be executed before archive 2014-12-11 23:17:27 +01:00
Bjørn Forsman f3a46c3858 nixos/gnome: enable MTP support in gvfs
To support browsing files on Android phones in Nautilus (and other GVFS
based file browsers).
2014-12-11 23:13:39 +01:00
vi c005dc0e6b Tor module: append redundant specifications of 'extraConfig', via 'types.lines'. 2014-12-11 14:23:48 +00:00