3
0
Fork 0
forked from mirrors/nixpkgs
Commit graph

5843 commits

Author SHA1 Message Date
Thomas Tuegel 1e266dac0d
ibus: make panel configurable 2017-01-20 18:51:29 -06:00
Daiderd Jordan 2b2b0b566d Merge pull request #20183 from womfoo/init/netdata-service
netdata service: init
2017-01-20 21:05:10 +01:00
Nikolay Amiantov d75a3cfb29 Merge pull request #21995 from abbradar/opencl
Fix OpenCL support
2017-01-20 12:09:17 +03:00
Graham Christensen c0f3b8d629
wordpress: 4.6.1 -> 4.7.1 for multiple CVEs
CVE-2017-5487 CVE-2017-5488 CVE-2017-5489 CVE-2017-5490 CVE-2017-5491 CVE-2017-5492 CVE-2017-5493
2017-01-19 22:53:49 -05:00
Nikolay Amiantov 221685aee9 opengl service: mention that you can add OpenCL drivers 2017-01-20 03:37:51 +03:00
Bjørn Forsman 6a52a130de nixos/kde5: enable system-config-printer dbus service
Without it, the following error is shown in the "Add Printer" window:

Failed to group devices: 'The name org.fedoraproject.Config.Printing was not provided by any .service files'
2017-01-18 20:39:17 +01:00
Robin Gloster f4f4200d9a
install-devices: add vim
This moves vim to the install-device profile to add vim to netboot, too.

Fixes #20013 (see discussion there for further information)
2017-01-18 17:57:31 +01:00
Michael Weiss 460b43dbfe firewall: Improve the comments (documentation) (#21862)
* Fix the FW names

FW_REFUSE was removed and nixos-fw-input was renamed to nixos-fw.

* Update the comment (documentation) at the top

Order the chains of the main table alphabetically (like in the rest of
the file) and add nixos-fw-rpfilter (from the raw table) and nixos-drop
(used while reloading the firewall).

* Refactor the module (mainly comments)

- Move some attributes to the top for better visibility (that should
  hopefully make it easier to read and understand this module without
  jumping around too much).
- Add some missing examples and improve some descriptions.
- Reorder the mkOption attributes for consistency.
- Wrap lines at 72 characters.
- Use two spaces between sentences.
2017-01-18 17:18:11 +01:00
Eelco Dolstra 42a7d906d9
EC2 AMIs: 16.09.666.3738950 -> 16.09.1508.3909827
In particular, this includes a fix for using ephemeral disks for /tmp,
and adds AMIs for the new eu-west-2 (London) and us-east-2 (Ohio)
regions.
2017-01-18 12:42:39 +01:00
gnidorah 4a662e5206 nano: add nix syntax hightlight, nano module: provide default (#21912)
this is awesome! thanks.
2017-01-18 12:05:30 +01:00
Jörg Thalheim 8fa8e4ada9 Merge pull request #21961 from kierdavis/ckb
ckb: add to module list
2017-01-18 08:32:02 +01:00
Kier Davis 3aa218edbf
ckb: add to module list
Not the first time I've forgotten to do this.
2017-01-17 23:12:21 +00:00
Svein Ove Aas fec95a40f1
ddclient: Don't include blank server= lines. 2017-01-16 18:54:49 +01:00
Tristan Helmich e5f353d5cd couchpotato module: init 2017-01-16 12:54:43 +01:00
Jörg Thalheim 28093e42ec Merge pull request #21864 from pjones/pjones/dovecot
dovecot: Fix sieve scripts
2017-01-16 12:42:06 +01:00
Nicolas B. Pierron c4e2dc36f2 Fix typo, lib.listOf --> types.listOf 2017-01-16 01:17:33 +01:00
Nicolas B. Pierron a0615e2a9f Fix typo in nixpkgs.nix module. 2017-01-16 01:17:33 +01:00
Nicolas B. Pierron 2d6532b330 Update overlay documentation by following nits from aneeshusa. 2017-01-16 01:17:33 +01:00
Nicolas B. Pierron 83f7d5fc0a Add NixOS option 'nixpkgs.overlays' to set the argument of Nixpkgs. 2017-01-16 01:17:33 +01:00
Bjørn Forsman 4c803b904e nixos/clamav: set "clamav" user's primary group to "clamav"
So that the files created by the clamav service is owned by group
"clamav" instead of "nogroup".
2017-01-15 22:56:34 +01:00
Franz Pletz 30645560cd Merge pull request #21880 from mguentner/ipfs_empty_repo
services: ipfs: add emptyRepo option, refactor
2017-01-15 18:16:00 +01:00
Nikolay Amiantov 3eafa26d75 Merge pull request #21828 from abbradar/hwdb-verify
udev service: verify that hwdb is generated without errors
2017-01-15 19:53:53 +03:00
Nikolay Amiantov 70a6628848 Merge pull request #21882 from abbradar/dhcp6
DHCPv6 improvements
2017-01-15 19:53:33 +03:00
Nikolay Amiantov 820b4cd067 firewall service: allow DHCPv6 client traffic 2017-01-15 19:38:54 +03:00
Nikolay Amiantov 1158eda66a dhcpd service: add DHCPv6 support 2017-01-15 19:38:53 +03:00
Maarten Hoogendoorn 69391e3423 kube-controller-manager service: Allow restarts on failure 2017-01-15 13:27:45 +01:00
Jaka Hudoklin b5f4db2170 Merge pull request #21050 from offlinehacker/nixos/programs/chromium/add
chromium module: add support for chromium policies as nixos module
2017-01-15 01:28:34 +01:00
sternenseemann 9f56dd9d63 nixos/pulseaudio: make daemon.conf configurable (#20888)
This adds pulseaudio.daemon.config, which is a set of keys to values
which are directly translated to keys and values of pulseaudio's
daemon.conf, e. g.

    hardware.pulseaudio.daemon.config = { flat-volumes = "no"; }

becomes

    flat-volumes=no

in pulse/daemon.conf.
2017-01-14 22:58:16 +01:00
Bjørn Forsman d2413943fa nixos/prometheus: add configText option for alertmanager
The reason being less mental overhead when reading upstream
documentation. Examples can be pasted right into the configuration
instead of translating to Nix attrset first.
2017-01-14 15:41:05 +01:00
Sheena Artrip 5c5648b1f6
caddy: add package config option 2017-01-13 22:29:26 -05:00
Maximilian Güntner a541f86f8b
services: ipfs: add emptyRepo option, refactor 2017-01-14 04:01:43 +01:00
Peter Jones 75aaae34a9
dovecot: Fix sieve scripts
Make sure that the output of the sieve compiler produces files that
have a newer time stamp than the source sieve script.  Otherwise you
get errors in the logs about Dovecot not being able to compile do to a
permission issue.
2017-01-13 14:19:29 -07:00
Pascal Wittmann d760d9cccc Merge pull request #21836 from kierdavis/ckb
ckb: init at 0.2.6
2017-01-13 21:44:21 +01:00
Eelco Dolstra 96b6968950
nix: 1.11.5 -> 1.11.6 2017-01-13 11:38:09 +01:00
makefu e9c6cf02e6
services.logstash: rename address to listenAddress 2017-01-13 10:19:32 +01:00
makefu 10303e9e47
services.logstash: update example and default filter 2017-01-13 10:19:19 +01:00
Jörg Thalheim 4b24ec524d Merge pull request #21835 from volth/miredo-no-checkconf
miredo: do not run miredo-checkconf
2017-01-13 00:25:30 +01:00
Kier Davis ea7a8bf2d9
ckb: init at 0.2.6
ckb is a driver for Corsair keyboards/mice. It also contains a graphical tool for configuring their LED backlight settings.

The driver is implemented as a userland daemon. A NixOS module is included that runs this as a systemd service.
2017-01-12 18:25:14 +00:00
Domen Kožar e5dcce837a
nixos: fix terminal-server, fixes #21834 2017-01-12 16:41:33 +01:00
Volth ac0b6b9a2c miredo: do not run miredo-checkconf 2017-01-12 14:30:58 +00:00
Nikolay Amiantov 6dbcf7d2e9 udev service: verify that hwdb is generated without errors 2017-01-12 11:11:59 +03:00
Jörg Thalheim 05a4fbd56d Merge pull request #21814 from gpyh/zsh-autosuggestions
Fix zshrc ordering
2017-01-11 22:29:25 +01:00
Jörg Thalheim 62708c29f8 Merge pull request #21570 from michaelpj/services/arbtt
arbtt service: init
2017-01-11 22:27:52 +01:00
gpyh 373e40736a Fix zshrc ordering
The content of programs.zsh.interactiveShellInit was
inserted too soon in the generated zshrc
This caused some settings related to autocompletion to be ignored
2017-01-11 22:03:27 +01:00
Jörg Thalheim 9c8517a9eb Merge pull request #21788 from Mic92/apparmor
apparmor: support for lxc profiles
2017-01-11 08:39:54 +01:00
Yacine Hmito f88e2fb5f1 zsh-autosuggestions: init at 0.3.3 (#21792)
Added a related `programs.zsh.enableAutosuggestions` option
2017-01-11 07:00:48 +01:00
Jörg Thalheim 30a554acfb
apparmor: support for lxc profiles 2017-01-10 23:01:03 +01:00
Franz Pletz e4fb2bb0c5
Revert "nixos/stage2: Check for each special mount individually and mount missing ones. (#21370)"
This reverts commit 712e62c260.

This commit broke NixOS containers. Systemd wouldn't detect if a container
started successfully and would kill it again after a grace period.

Additionally this prints mount errors due to already mounted filesystems
at boot.
2017-01-10 17:35:38 +01:00
Vladimír Čunát 11696e290d
nixos networking.dnsExtensionMechanism = true; by default
https://github.com/NixOS/nixpkgs/issues/12470#issuecomment-266785641
I've been using it for weeks without encountering any problems.
2017-01-10 15:15:01 +01:00
Franz Pletz 88908145ea
nixos installer: don't log refused packets to console
Fixes #19764.
2017-01-09 19:24:41 +01:00
oida d423567a95
prometheus-snmp-exporter: added nixos module 2017-01-09 18:05:28 +01:00
Robin Gloster 575afe3fa7
prometheus exporter modules: unify firewall handling 2017-01-09 15:31:37 +01:00
Corbin 618b249fc5 prometheus module: add blackboxExporter 2017-01-09 15:20:26 +01:00
Corbin bd45d5fe8d prometheus module: add jsonExporter 2017-01-09 15:20:26 +01:00
Corbin 1b839a586b prometheus module: add varnishExporter 2017-01-09 15:20:26 +01:00
Corbin 363fa27448 promeutheus.nginxExporter: add improvements
- use ExecStart and ExecReload
 - add extraFlags
2017-01-09 15:20:26 +01:00
Robin Gloster 39e8eaf8b6 prometheus module: add nginxExporter 2017-01-09 15:20:26 +01:00
Peter Hoeg f1b8c3b119 pulseaudio nixos module: use the units provided by upstream (#21633)
I have left in 2 NixOS custom config directives, so the configuration
should be the same with the only change in behaviour being that the
service is not eagerly loaded but in fact only socket activated, which
it should be.
2017-01-09 13:47:33 +01:00
Sebastian Hagen 712e62c260 nixos/stage2: Check for each special mount individually and mount missing ones. (#21370) 2017-01-09 10:32:23 +01:00
teh a878365b77 nixos docs: update for Nginx + ACME (#21320)
Closes #20698.
2017-01-09 06:39:10 +01:00
Svein Ove Aas a4fca56897
ddclient: Write /etc/ddclient.conf when requested
Fixes #20101

From PR #21417
2017-01-09 06:29:15 +01:00
Daniel Peebles b0264bb63c Merge pull request #21703 from copumpkin/httpd-no-mkdir
httpd module: don't create documentRoot directory if it doesn't exist
2017-01-09 00:28:41 -05:00
Jörg Thalheim 94c4eab6cc Merge pull request #21733 from regellosigkeitsaxiom/master
Added option networking.wireless.networks.*.priority
2017-01-08 17:45:52 +01:00
florianjacob ef8fd815cc update os-release manpage link
the old manpage at 0pointer is still there, but does not seem to get updated
2017-01-07 19:57:03 +02:00
Valentin Shirokov e138d3afdf Added option networking.wireless.networks.*.priority
It is literal 'priority' option of wpa_supplicant.conf
2017-01-07 20:23:12 +08:00
Franz Pletz e6708cea37
bind: fix collision of binaries in outputs
Using outputsToInstall the intended behaviour of including host and dnsutils
when bind is installed can be implemented instead of using symlinks to fix
installing all outputs individually with nix-env.

Fixes #19761.
2017-01-07 02:44:54 +01:00
Dan Peebles df7b4f4f6f httpd module: don't create documentRoot directory if it doesn't exist
It hides bugs and do you ever actually want to serve up an empty directory?
It was pretty confusing to me when it tried to write into a read-only store
path because I accidentally pointed it to the wrong store path.
2017-01-05 21:19:16 -05:00
volth 9bb6d91c73 httpd: setuptools is not top-level 2017-01-05 17:37:33 +00:00
Jörg Thalheim ca0d747d6d Merge pull request #21578 from Mic92/zfs
zfs: add unstable variant
2017-01-05 12:52:56 +01:00
Jörg Thalheim 4029470a6f
zfs: add unstable variant
Until now nixos only delivered the latest zfs release. This release is often not
compatible with the latest mainline kernel. Therefor an unstable variant is
added, which might be based on testing releases or git revisions.

fixes #21359
2017-01-05 08:40:50 +01:00
Joachim F 02053c31c1 Merge pull request #21586 from pngwjpgh/postgrey
Postgrey
2017-01-05 07:24:47 +01:00
Franz Pletz cdbffaa86e Merge pull request #21625 from mayflower/smokeping
smokeping: Allow customization of cgiurl and imgurl
2017-01-04 21:56:12 +01:00
Joachim F 9e0dc9fa7c Merge pull request #21592 from joachifm/cjdns-optional-extraHosts
cjdns service: optional extraHosts
2017-01-04 18:54:09 +01:00
Alexander Kahl 61d125b842 sssd: init at 1.14.2
perlPackages.TextWrapI18N: init at 0.06
perlPackages.Po4a: init at 0.47
jade: init at 1.2.1
ding-libs: init at 0.6.0

Switch nscd to no-caching mode if SSSD is enabled.

abbradar: disable jade parallel building.

Closes #21150
2017-01-04 03:07:20 +03:00
Graham Christensen 85dbc754a1 Merge pull request #21621 from volth/fix-synaptics-symlink
synaptics: fix broken symlink
2017-01-03 18:13:40 -05:00
Tristan Helmich f808502aba smokeping: cleanup (option ordering) 2017-01-03 23:10:59 +01:00
Tristan Helmich b5703eaa80 smokeping: Allow full override of imgurl + cgiurl 2017-01-03 23:10:54 +01:00
Chris Martin 6a7664e6cd Add some more details about useSandbox 2017-01-03 14:24:49 -05:00
volth 428daee5bc fix broken link to synaptics config 2017-01-03 19:23:24 +00:00
Eelco Dolstra d496f23df0
amazon-image.nix: Remove redundant log message
(cherry picked from commit c4b5ed5db74cde94b19d519a8d875e3f7df48a76)
2017-01-03 17:32:47 +01:00
Eelco Dolstra b297af42d2
Fix using ephemeral disks for /tmp etc. in EC2 instances
This code in amazon-image.nix:

  if mountFS "$device" "$mp" "" auto; then
    if [ -z "$diskForUnionfs" ]; then diskForUnionfs="$mp"; fi
  fi

relies on mountFS to return a zero exit status if mounting
succeeds. But the lustrateRoot check in mountFS was causing a non-zero
exit status. As a result /disk0 would be mounted, but not used for
/tmp.

(cherry picked from commit d082ed8c35dec48aee2afd1303b3c8b2a1b242b0)
2017-01-03 17:32:42 +01:00
Thomas Tuegel 0723aa8108 Merge pull request #21466 from abbradar/kde-wrapper
Flatten nested kdeWrappers
2017-01-03 08:21:39 -06:00
Jörg Thalheim 1d72e81d6f Merge pull request #21608 from volth/miredo-fix-kill-path
miredo: fix path to "kill"
2017-01-03 11:30:56 +01:00
Eelco Dolstra 0108c31e22
nix: 1.11.4 -> 1.11.5 2017-01-03 11:25:38 +01:00
volth c737809465 miredo-fix-kill-path 2017-01-03 10:10:34 +00:00
Nikolay Amiantov 1dceb2290c kde5 service: use flattening kdeWrapper 2017-01-03 02:33:19 +03:00
Balletie e5f5aa52e5
pommed service: use pommed-light
The pommed package was marked as broken. It is also severely
unmaintained. I therefore chose to replace it entirely with
`pommed-light`, for now.
2017-01-02 19:40:50 +01:00
Tomas Hlavaty bdb9cd1e17 cjdns service: optionally add cjdns hosts to networking.extraHosts
Enabling this incurs a heavy eval-time cost, but it's a nice usability
enhancement; satisfy both concerns by making it optional (default
false).
2017-01-02 19:31:37 +01:00
Joachim Fasting 237af1853a
Revert "nixos/cjdns: do not ammend /etc/hosts"
This reverts commit 60ded3f363.

We want to make this optional instead.
2017-01-02 19:31:11 +01:00
Jörg Thalheim 1cc8b83079 Merge pull request #21566 from bjornfor/hostname
nixos: provide /etc/hostname
2017-01-02 19:27:06 +01:00
Bjørn Forsman cb9195b7bc nixos: provide /etc/hostname
/etc/hostname is the file used by hostnamectl(1) and the
org.freedesktop.hostname1 dbus service (both provided by systemd) to get
the "static hostname". Better provide it so that users of those
tools/services get a proper hostname.

An example of an issue created by the lack of /etc/hostname is that the
bluetooth stack on NixOS identifies itself to peers as "BlueZ $VERSION"
instead of the hostname.

References:
https://www.freedesktop.org/software/systemd/man/hostname.html

Changes v1 -> v2:
  * ensure /etc/hostname ends with a newline
2017-01-02 19:14:06 +01:00
Gregor Kleen 9383b2cf34 postgrey: backwards compatability 2017-01-02 18:01:42 +01:00
gnidorah 90deca3a0c nixos-generate-config: detect CPU governor
* cpu-freq: Try powersave if ondemand is not available

* Revert "cpu-freq: Try powersave if ondemand is not available"

This reverts commit 4dc56db37e.
Consult available scaling governors; for freshly generated configs, this provides a better experience than relying on a default that might not work everywhere.
2017-01-02 17:20:28 +01:00
Gregor Kleen 65f0ddbd53 postgrey: improve formatting 2017-01-02 15:42:51 +01:00
Gregor Kleen 58fa71b39c postgrey: allow additional whitelists 2017-01-02 15:40:54 +01:00
Gregor Kleen 82291bae49 postgrey: more verbose default socket 2017-01-02 15:32:50 +01:00
Gregor Kleen 3c0d02c387 postgrey: coerce integers 2017-01-02 15:27:00 +01:00
Gregor Kleen e2dd0799a8 postgrey: fix submodule syntax 2017-01-02 15:19:00 +01:00
Gregor Kleen e196ad2c66 postgrey: add descriptions to IPv?CIDR 2017-01-02 15:12:39 +01:00
Gregor Kleen 06bcdc177c postgrey: extended configuration 2017-01-02 15:10:03 +01:00
Michael Peyton Jones 10e2d88f6c arbtt service: init 2017-01-01 18:59:01 +00:00
Bjørn Forsman 49d444416c nixos: cosmetic refactor of environment.etc."hostid"
Create the file using attrset instead of list, to make it easier to
later provide other files in the same module.
2017-01-01 17:08:34 +01:00
Jörg Thalheim 05f2f8e1fd Merge pull request #21505 from tg-x/mpd-listen
mpd: listen on 127.0.0.1 by default
2017-01-01 16:06:17 +01:00
tg(x) 002f3c8760 mpd: listen on 127.0.0.1 by default 2017-01-01 13:46:39 +01:00
Robin Stumm 11fe837758 rename sound.enableMediaKeys to sound.mediaKeys.enable and add volumeStep 2017-01-01 11:44:07 +01:00
Jörg Thalheim 84a50084c3 Merge pull request #21444 from league/fix/gphoto2-udev
gphoto2: nixos programs module to configure udev
2017-01-01 11:16:28 +01:00
Jörg Thalheim ce99e34b17
docker: deprecate socketActivation option 2017-01-01 09:03:09 +01:00
Jörg Thalheim dd4bedba52 Merge pull request #21447 from nlewo/pr/glance
nixos/glance: init at liberty version
2017-01-01 06:39:37 +01:00
volth 06b372f24f miredo: init at 1.2.6 2016-12-31 21:03:27 +01:00
Bjørn Forsman 76923648af nixos/gnome3: add gnome-settings-daemon udev rules (enables bluetooth GUI)
Without this, gnome-settings-daemon will not have write access to
/dev/rfkill, which in turn cause it to advertise no "airplane mode" over
D-Bus, which in turn the bluetooth panel code in gnome-control-center
interprets as "there are no bluetooth dongles" (and the button to turn
on bluetooth is grayed out). The end result that bluetooth operations
cannot be done in the GNOME desktop.

See upstream discussion:

http://lists.usefulinc.com/pipermail/gnome-bluetooth/2016-July/thread.html
http://lists.usefulinc.com/pipermail/gnome-bluetooth/2016-December/thread.html
2016-12-31 13:05:38 +01:00
Frederik Rietdijk 361dae67d4 flexget: move out of python-packages.nix
because it is an application and not a library.
2016-12-31 09:52:45 +01:00
Antoine Eiche 49efa083c7 nixos/glance: set default glance package
Before, it was overridden in the config section to avoid problem related
to manual generation.
2016-12-31 09:36:57 +01:00
Antoine Eiche 6c94d6437d nixos/glance: init at liberty version
This commit is based on initial works made by domenkozar.
2016-12-31 09:36:57 +01:00
Joachim Fasting d8659f24e6
dnscrypt-proxy service: order before nss-lookup.target 2016-12-30 20:27:05 +01:00
Alexey Lebedeff 59361a2a81 i2pd module: fix typo (#21525) 2016-12-30 15:14:05 +01:00
Данило Глинський (Danylo Hlynskyi) 970a09eb74 Fix typo 2016-12-30 13:29:43 +02:00
Charles Strahan 7ebcada020
mesos: 1.0.1 -> 1.1.0 2016-12-29 20:09:46 -05:00
Graham Christensen 8ed4c8b73b
openssh: 7.4p1 no longer backgrounds when systemd is starting it. 2016-12-29 17:04:46 -05:00
Eelco Dolstra bbd03e236a
Use looser 9pfs caching in VM tests/builds
This can give significant speed ups, see
7e20254412.
2016-12-29 21:26:16 +01:00
Robin Gloster d8ef63fc73
crowd module: fix OpenID server 2016-12-29 00:41:42 +01:00
Tim Digel 81d8a457ed Fix asterisk & asterisk: 13.6.0 -> 14.1.2 (#20788)
* fix/asterisk-module: use unix-group for asterisk-files
* fix/asterisk-module: add configOption to use some default config-files
* fix/asterisk-module: correction of skel copy
* fix/asterisk-module: use /etc/asterisk as configDir
* fix/asterisk-module: add reload; do not restart unit
* asterisk: 13.6.0 -> 14.1.2
* fix/asterisk: compile with lua, pjsip, format_mp3
* fix/asterisk: fix indentation
* fix/asterisk: remove broken flag
2016-12-28 23:04:58 +01:00
Lluís Batlle i Rossell e0078b2cb5 Make the minimal iso not use profile/minimal, +vim
The profile minimal has several drawbacks: no man pages, unusual 'dbus'
lib that makes many X11 pieces to rebuild, etc.

With xz compression in the squashfs, despite these additions, the iso is
smaller than what it was in 16.09.
2016-12-28 16:07:16 +01:00
Lluís Batlle i Rossell 33d07c7ea9 zfs cannot be distributed. Disabling it in the isos.
It seems that it is a GPL violation to distribute zfs in the
installation ISOs.

https://sfconservancy.org/blog/2016/feb/25/zfs-and-linux/

If anyone knows the issue better and has a reason to reenable it
legally, feel free to reenable it. I don't know much about it.
2016-12-28 14:57:06 +01:00
Bjørn Forsman 9ec867f59f nixos/prometheus: unbreak alertmanager default config
The current default value of listenAddress = null blows up:

  $ nixos-rebuild build
  error: cannot coerce null to a string, at
  .../nixpkgs/nixos/modules/services/monitoring/prometheus/alertmanager.nix:97:16

With listenAddress = "" we use the same default as upstream and there is
no blow up :-)
2016-12-28 13:52:15 +01:00
Michael Raskin 400886f3d0 Merge pull request #19854 from andjscott/mlocate
[WIP] mlocate: init at version 0.26
2016-12-28 10:24:11 +00:00
Franz Pletz 7ae2d221cd
bird service: add bird to systemPackages
For the tool birdc to monitor and configure bird.
2016-12-28 06:35:31 +01:00
Christopher League 6eead52e12 gphoto2: nixos programs module to configure udev
Closes #21420.
2016-12-27 17:47:38 -05:00
Michael Raskin c311871a6d xserver.wacom: update xorg.conf.d name after upstream change of the number 2016-12-27 23:47:29 +01:00
lassulus cfbe501d4e nixos/graphite: fix beacon config parameter 2016-12-27 19:38:18 +01:00
Bjørn Forsman b20fdff521 nixos/prometheus: make scrapeConfigs.*.static_configs.*.labels optional
...by providing a default value of "no labels" (an empty attrset).

Without this change we get

  $ nixos-rebuild test -I nixpkgs=.
  building Nix...
  building the system configuration...
  error: The option `services.prometheus.scrapeConfigs.[definition 1-entry 1].static_configs.[definition 1-entry 1].labels' is used but not defined.

which is unneeded, because labels _are_ optional.
2016-12-25 15:38:55 +01:00
Jörg Thalheim 585c642bf8
docker: use upstream service file from package 2016-12-25 00:09:13 +01:00
Jörg Thalheim f4e58c2eb2 Merge pull request #21395 from jerith666/plex-firewall
plex: add config option to open recommended network ports
2016-12-24 23:31:04 +01:00
Matt McHenry b64214f66f plex: add config option to open recommended network ports
as prescribed at https://support.plex.tv/hc/en-us/articles/201543147-What-network-ports-do-I-need-to-allow-through-my-firewall-
2016-12-24 15:36:52 -05:00
Jörg Thalheim c23032a8b1 docker: update service units from upstream
All the new options in detail:

Enable docker in multi-user.target make container created with restart=always
to start. We still want socket activation as it decouples dependencies between
the existing of /var/run/docker.sock and the docker daemon. This means that
services can rely on the availability of this socket. Fixes #11478 #21303

  wantedBy = ["multi-user.target"];

This allows us to remove the postStart hack, as docker reports on its own when
it is ready.

  Type=notify

The following will set unset some limits because overhead in kernel's ressource
accounting was observed. Note that these limit only apply to containerd.
Containers will have their own limit set.

  LimitNPROC=infinity
  LimitCORE=infinity
  TasksMax=infinity

Upgrades may require schema migrations. This can delay the startup of dockerd.

  TimeoutStartSec=0

Allows docker to create its own cgroup subhierarchy to apply ressource limits on
containers.

  Delegate=true

When dockerd is killed, container should be not affected to allow
`live restore` to work.

  KillMode=process
2016-12-23 21:39:38 +01:00
Matt McHenry 3c10e68c40
plex: fix a minor syntax issue in systemd ExecStart 2016-12-23 08:02:08 -05:00
tv de44544ceb nginx service: use default_server parameter instead of default (#21371) 2016-12-23 11:52:44 +01:00
Felix Richter d8478c7912 services.nginx: allow startup with ipv6 disabled (#21360)
currently services.nginx does not start up if `networking.enableIPv6 = false`
the commit changes the nginx behavior to handle this case accordingly.
The commit resolves #21308
2016-12-23 11:49:35 +01:00
Rok Garbas e6fa6b21e1 apacheHttpdPackages.mod_perl: init at 2.0.10 2016-12-22 13:36:44 +01:00
Eelco Dolstra ea46420fc0
Use overlayfs instead of unionfs-fuse in the VM tests
Overlayfs is quite a bit faster, e.g. with it the KDE 5 test takes ~7m
instead of ~30m on my laptop (which is still not great, since plain
9pfs is ~4m30s).
2016-12-21 20:49:08 +01:00
Bjørn Forsman caa476b357 nixos/prometheus: add services.prometheus.configText option
The structured options are incomplete compared to upstream and I think
it will be a maintenance burden to try to keep up. Instead, provide an
option for the raw config file contents (prometheus.yml).
2016-12-21 00:32:24 +01:00
Eelco Dolstra a02bb00156
Enable virtualisation.writableStore by default
This works around:

  machine: must succeed: nix-store -qR /run/current-system | grep nixos-
  machine# error: changing ownership of path ‘/nix/store’: Invalid argument

Probably Nix shouldn't be anal about the ownership of the store unless
it's trying to build/write to the store.

http://hydra.nixos.org/build/45093872/nixlog/17/raw
(cherry picked from commit 57a0f14064)
2016-12-20 10:52:47 +01:00
Eelco Dolstra f173da375d
Use only one build of qemu in VM tests
Previously we were using two or three (qemu_kvm, qemu_test, and
qemu_test with a different dbus when minimal.nix is included).

(cherry picked from commit 8bfa4ce82e)
2016-12-20 10:52:46 +01:00
Eelco Dolstra aad5d1f9a7
virtualisation.qemu.program: Remove
This option is defined in qemu-vm.nix, but that module is not always
imported.

http://hydra.nixos.org/build/44817443
(cherry picked from commit 03c55005df)
2016-12-20 10:52:46 +01:00
Markov Dmitry efd5508b89 systemd: add slice support 2016-12-20 10:49:08 +01:00
Maximilian Güntner 0cf907ae12
nixos-rebuild: Fix SSHOPTS typo
Signed-off-by: Maximilian Güntner <code@klandest.in>
2016-12-18 22:39:27 +01:00
Joachim Fasting 361633db3b
rmilter service: fix invalid directive
RuntimeDirectoryPermissions -> RuntimeDirectoryMode

Would result in warnings like "unknown lvalue" on startup
2016-12-18 12:42:37 +01:00
Joachim Fasting c27eeeafd9
brltty service: wait for devices to settle
Otherwise it starts way too early, only to fail and having to restart
until devices are available.  It is less wasteful to simply wait until
there's a reasonable chance of success.  This is consistent with
upstream.
2016-12-18 12:42:14 +01:00
Joachim Fasting 142930113c
Revert "mysql service: specify a default package"
This reverts commit 4358d3d439.

Not having a default was deliberate, see
1ce6fff4e2

Thanks to @ocharles for making me aware of this.
2016-12-17 22:36:38 +01:00
Joachim Fasting c2219007e8
Revert "mysql service: specify defaultText for package option"
This reverts commit 52d12b473a.
2016-12-17 22:36:15 +01:00
Peter Hoeg 987aac7794
/etc/hosts and /etc/nsswitch.conf cleanups
fixes #18183
2016-12-17 16:01:35 +01:00
Jörg Thalheim 579051fe66 networkd: add extraConfig to all units
networkd options are always correct or up to date. This option allows to by
pass type checking. It is also easier to write because examples can be just copy
and paste from manpages.
2016-12-17 15:23:34 +01:00
Jörg Thalheim d49e0d5fa5 networkd: allow to supply own unit files
Networkd units can contain secrets. In future also wireguard vpn will be supported by
networkd. To avoid leakage of private keys, those could be then also put outside
of the /nix/store

Having a writeable /etc/systemd/network also allows to quick fix network issues,
when upgrading `nixos-rebuild switch` would require network on its own (due
updates).
2016-12-17 15:23:34 +01:00
Bjørn Forsman 3af715af90 Revert "fix 2 xml errors in the description of boot.loader.grub.efiInstallAsRemovable"
This reverts commit 656cc3acaf because it
causes building the manual to fail:

  $ nixos-rebuild build
  ...
  building path(s) ‘/nix/store/s9y5z78z5pssvmixcmv9ix13gs8xj87f-manual-olinkdb’
  Writing /nix/store/s9y5z78z5pssvmixcmv9ix13gs8xj87f-manual-olinkdb/manual.db for book(book-nixos-manual)
  ./man-pages.xml:625: element para: Relax-NG validity error : Did not expect element para there
  ./man-pages.xml:3: element variablelist: Relax-NG validity error : Element refsection has extra content: variablelist
  ./man-pages.xml:29: element refsection: Relax-NG validity error : Element refentry has extra content: refsection
  ./man-pages.xml:3: element reference: Relax-NG validity error : Element reference failed to validate content
  ./man-pages.xml fails to validate

CC @cleverca22, @Mic92
2016-12-17 11:45:31 +01:00
Jörg Thalheim 1590461887 ntp: make timesyncd the new default
- most nixos user only require time synchronisation,
  while ntpd implements a battery-included ntp server (1,215 LOCs of C-Code vs 64,302)
- timesyncd support ntp server per interface (if configured through dhcp for instance)
- timesyncd is already included in the systemd package, switching to it would
  save a little disk space (1,5M)
2016-12-17 00:00:45 +01:00
rnhmjoj 993cbf8acb uxrvtd: Fix clipboard 2016-12-16 23:55:50 +01:00
Bjørn Forsman ebe67d69d0 collectd service: change /var/lib/collectd perms: 700 -> 755
The collectd service runs as an unprivileged user by default, so it does
not leak more information to its data directory than any user can obtain
elsewhere by other means.

If people are running it as root and are worried about information leak,
we can add collectd group and set perms to 750.

CC @offlinehacker.

Fixes #21198.
2016-12-16 23:04:42 +01:00
Antoine Eiche a932f68d9c nixos/keystone: secrets can be read from files
A secret can be stored in a file. It is written at runtime in the
configuration file.
Note it is also possible to write them in the nix store for dev
purposes.
2016-12-16 20:53:32 +01:00
Antoine Eiche 415c9ff90b nixos/keystone: init at liberty version
This commit introduces a nixos module for the Openstack Keystone
service. It also provides a optional bootstrap step that creates some
basic initial resources (tenants, endpoints,...).

The provided test starts Keystone by enabling bootstrapping and checks
if user creation works well.

This commit is based on initial works made by domenkozar.
2016-12-16 20:53:32 +01:00
michael bishop 656cc3acaf fix 2 xml errors in the description of boot.loader.grub.efiInstallAsRemovable 2016-12-16 20:39:40 +01:00
michael bishop e5cefadef7 fix indentation in several nixos option descriptions 2016-12-16 18:29:25 +01:00
romildo 2e7105467b lxqt: better organize system packages
Split packages in three categories, all of them going into the system
package list:
- pre-requisite packages
- core packages
- optional packages

Add a new configuration option 'environment.lxqt.excludePackages' to
specify optional LXQt packages that should be excluded from system
packages.

Add 'gvfs' as a pre-requisite package, needed by 'pcmanfm-qt' to
handle virtual places, like "Computer" and "Network".
2016-12-15 22:45:06 +01:00
aszlig 1471426749
nixos/test-instrumentation: Fix eval of boot tests
The boot tests import test-instrumentation.nix directly to create a VM
image that only contains things such as the backdoor and serial console
the same way as used by other NixOS VM tests.

With one difference though: It doesn't need nor want to have 9p
filesystems mounted, because we actually want to test an image rather
than re-using most stuff from the host's store.

Change tested against the boot.uefiUsb and ipv6 tests, just that it
becomes clear we don't break either the tests with 9p nor the boot
tests (which were already broken but now succeed).

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-12-15 21:07:19 +01:00
Jörg Thalheim 3b763fef44 nssModules: include correct systemd output
fixes libnss_myhost, libnss_mymachines, libnss_resolve are located here
2016-12-15 20:23:16 +01:00
Eelco Dolstra 705829b29a Merge pull request #20500 from aszlig/qemu-patched-for-nixos-tests
nixos/tests: Use a patched QEMU for testing
2016-12-15 12:38:29 +01:00
Jörg Thalheim cc864af928 bird: refactor module
- syntax check before deploying configuration
- remove static unnessary static uid/gid (configuration is opened as root)
- add service hardening
2016-12-15 11:38:45 +01:00
Jörg Thalheim 9871d3cb42 Merge pull request #21087 from offlinehacker/nixos/kubernetes1/fixdns
kubernetes module: fix default dns ip
2016-12-15 01:14:54 +01:00
Jörg Thalheim ebd85b632a
ferm: reload rules on updates instead of restart 2016-12-14 16:09:11 +01:00
Renaud fa0a63ec13 fail2ban service : improve ssh jail (#21131)
Improvement to the ssh-iptables to block the port(s) actually defined
for sshd in config.services.openssh.ports
2016-12-14 14:58:02 +01:00
Nikolay Amiantov 17d0a570ab Merge pull request #21137 from jerith666/cupsd-path
use symlink to ensure cupsd.conf PATH always points to a valid store path
2016-12-14 14:42:27 +03:00
Matt McHenry 05fb82732c use symlink to ensure cupsd.conf PATH always points to a valid store path
even if cups rewrites its config file due to config changes made through
its web-based management UI, we need to keep the PATH pointing to
currently-live nix store directories.  fixes #20806.
2016-12-13 21:35:56 -05:00
Joachim Fasting d893c86b34
terraria service: fixup worldPath option type
Otherwise, using the defaults results in a type error.
2016-12-13 15:12:33 +01:00
Joachim Fasting 33088accc8
terraria service: fix tmux output
tmux.bin was removed in 5535d94394

Use `lib.getBin` to be more robust to future changes.
2016-12-13 15:12:31 +01:00
Fernando J Pando 50466c2d4f
buildbot: 0.9.0rc4 -> 0.9.0.post1
- updates buildbot to version 9 release
- adds nixos configuration module
- fixes buildbot-www package deps
- re-hardcode path to tail
- builbot configuration via module vars

fixes #19759
2016-12-13 10:52:56 +01:00
montag451 ea5551b551 containers: fix broken /etc/hosts entries when localAddress contains a netmask 2016-12-12 09:20:28 +01:00
montag451 4889c271ca Add macvlan support for declarative containers 2016-12-12 07:34:28 +01:00
Jaka Hudoklin 2867f88781 kubernetes module: fix default dns ip 2016-12-12 01:25:23 +01:00
Gregor Kleen d5ec2a2c9d
postsrsd: additional configuration
fixes #19933
2016-12-11 21:43:45 +01:00
Joachim F 9af356258b Merge pull request #20971 from kierdavis/boinc
boinc service: add to module list
2016-12-11 13:06:09 +01:00
Jaka Hudoklin a033906969 chromium module: add support for chromium policies as nixos module 2016-12-10 20:45:16 +01:00
Joachim Fasting 230994a30a
psd service: assert that at least one user must be configured
Using the default config, a user will experience a run-time failure.
This is poor UX, assert the requirement up-front.
2016-12-10 20:35:44 +01:00
Joachim Fasting 4697f83984
openfire service: more informative assertion failure message
Explain why the assertion fails; the user already knows that it *has*
failed.
2016-12-10 20:35:43 +01:00
Joachim Fasting 2a4902dd80
dante service: fix config option type
The type was simply str but the default is null, thus resulting in a
conversion error if the user fails to declare a value.
2016-12-10 20:35:41 +01:00
Joachim Fasting fafb6657c1
syslogd service: assert conflict with rsyslogd
Enabling both these at the same time fails because they implement the
same interface.
2016-12-10 20:35:39 +01:00
Joachim Fasting 19b96176b4
couchdb service: fix test in preStart
Otherwise you'd get errors like "-f no such command".
2016-12-10 20:35:20 +01:00
Nikolay Amiantov 9cca8e3f87 uwsgi service: fix for new pythonPackages 2016-12-08 21:03:41 +03:00
Kier Davis 2606994cc6
boinc service: use <link> instead of <ulink> 2016-12-08 15:50:52 +00:00
Kier Davis 2994123161
boinc service: add to module list
The module itself was added in 811c39c6a4,
but it looks like I forgot to reference it to module-list.nix.
2016-12-08 15:46:51 +00:00
Joachim Fasting f39d13cd3e
grsecurity doc: describe work-around for gitlab
Fixes https://github.com/NixOS/nixpkgs/issues/20959
2016-12-08 11:59:57 +01:00
Joachim Fasting 984d9ebb56
hidepid: polkit and systemd-logind compatibility
`systemd.hideProcessInformation = true`, would break interactions
requiring polkit arbitration such as initating poweroff/reboot as a
normal user; the polkit daemon cannot be expected to make decisions
about processes that don't exist as far as it is concerned.

systemd-logind lacks the `sys_ptrace` capability and so needs to be part
of the designated proc gid, even though it runs as root.

Fixes https://github.com/NixOS/nixpkgs/issues/20948
2016-12-07 01:12:05 +01:00
Joachim F e436874ef0 Merge pull request #20919 from joachifm/privoxy-service-improvements
Privoxy service improvements
2016-12-06 14:16:28 +01:00
Joachim Fasting 0e765c72e5
grsecurity: enable module hardening 2016-12-06 01:23:58 +01:00
Joachim Fasting 31d79afbe5
grsecurity docs: note that pax_sanitize_slab defaults to fast 2016-12-06 01:23:51 +01:00
Joachim Fasting 071fbcda24
grsecurity: enable optional sysfs restrictions
Fairly severe, but can be disabled at bootup via
grsec_sysfs_restrict=0. For the NixOS module we ensure that it is
disabled, for systemd compatibility.
2016-12-06 01:23:36 +01:00
Joachim Fasting 8c1f5afdf3
grsecurity: delay toggling of sysctls until system is up
We generally trust init, so there's little point in having these enabled
during early bootup; it accomplishes little except fill our logs with
spam.
2016-12-06 01:22:53 +01:00
Joachim Fasting 3dcdc2d2b0
privoxy service: remove static uid
The service owns no data, having a static uid serves no purpose.

This frees up uid/gid 32
2016-12-05 13:37:08 +01:00
Joachim Fasting ad88f1040e
privoxy service: additional isolation 2016-12-05 13:21:31 +01:00
Vladimír Čunát a1ae627362
nixos GDM: fix #19896
- As noted on github, GDM needs different parameters for X.
- Making xserverArgs a true list instead of concat-string helps to
  filter it and it feels more correct anyway.
- Tested: gdm+gnome, lightdm+gnome.  There seems to be no logout option
  in gnome, and gdm doesn't offer other sessions, but maybe these are normal.
2016-12-04 14:54:31 +01:00
Jörg Thalheim e00632e200 Merge pull request #20858 from Mic92/lxcfs
lxcfs: init at 2.0.4
2016-12-04 11:33:07 +01:00
Jörg Thalheim 7c7dc15cbf
lxcfs: add module 2016-12-04 11:26:17 +01:00
Franz Pletz 69bee1b361 Merge pull request #20770 from mguentner/more_ipfs
services: IPFS: add test and more config parameters
2016-12-04 01:46:09 +01:00