3
0
Fork 0
forked from mirrors/nixpkgs
Commit graph

11263 commits

Author SHA1 Message Date
Austin Seipp 0ce90d58cc nixos/chrony: clean up, rework to be a little closer to upstream
Most importantly, this sets PrivateTmp, ProtectHome, and ProtectSystem
so that Chrony flaws are mitigated, should they occur.

Moving to ProtectSystem=full however, requires moving the chrony key
files under /var/lib/chrony -- which should be fine, anyway.

This also ensures ConditionCapability=CAP_SYS_TIME is set, ensuring
that chronyd will only be launched in an environment where such a
capability can be granted.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2018-09-24 15:42:44 -05:00
Michael Raskin ce411911e8
Merge pull request #47289 from 1000101/master
trezord: 2.0.14 -> 2.0.19 and nixos/trezord: revised and updated udev rules
2018-09-24 20:08:44 +00:00
Matthew Bauer 2b7d6e463e nixos: don’t enableQt4Support for installer profile
This is already done in
installer/cd-dvd/installation-cd-graphical-kde.nix but not in
profiles/graphical.nix. Related to #47256.
2018-09-24 15:07:25 -05:00
Jan Malakhovski 563d5b1c87 nixos: top-level: indent 2018-09-24 19:45:16 +00:00
Jan Malakhovski fece91537b nixos: top-level: evaluate assertions before warnings
or else at least the following config will fail with an evaluation error
instead of an assert

```
{
  services.nixosManual.enable = false;
  services.nixosManual.showManual = true;
}
```
2018-09-24 19:45:15 +00:00
Domen Kožar 6eacc17157
nixos tests: move common configuration into separate file
This allows tests outside nixos to use acme setup.
2018-09-24 20:07:33 +01:00
1000101 082bf52e31 nixos/trezord: revised and updated udev rules
nixos/trezord: revised and updated udev rules
2018-09-24 19:55:14 +02:00
xeji 9163c057e7
Merge pull request #47155 from xeji/p/installer-tests
nixos/tests/installer: prevent race between parted and udev
2018-09-24 18:59:50 +02:00
xeji c525111133
nixos/tests/hound: fix non-deterministic failure (#47152)
The test failed on Hydra in one instance because a request to the
server was sent before indexing was finished.
Retry the request until it succeeds (or times out).
2018-09-24 17:31:46 +02:00
Edward Tjörnhammar 8ab4cbdac3 nixos: initrd/luks: make uuid specified devices discoverable 2018-09-24 16:35:46 +02:00
Jörg Thalheim 21b29cdd43
Merge pull request #34409 from steveeJ/steveej-qemu-vm-fixes
qemu-vm: fix script syntax and VM args
2018-09-24 11:59:52 +01:00
Eelco Dolstra 9c53116d49
Revert "nixos: set nixos in nixPath"
This reverts commit 67c8c49177.

'nix run nixos.firefox' is *not* supposed to work - the Nix 2.x
interface attempts to standardize on nixpkgs.*, to get rid of the
nixos/nixpkgs confusion that existed with the channels interface. So
let's not bring that confusion back.
2018-09-24 10:42:01 +02:00
Samuel Dionne-Riel ebf041d4bd
Merge pull request #46193 from oxij/nixos/manual-to-doc
nixos: doc: implement #12542
2018-09-24 00:09:23 -04:00
Jörg Thalheim 5e5cd96189
Merge pull request #47180 from avnik/fix/rmilter
Fix rmilter socket path, add deprecation notice
2018-09-24 01:40:13 +01:00
Matthew Bauer cc72143f7d
Merge pull request #47206 from matthewbauer/add-nixos-to-nixpath
nixos: set nixos in nixPath
2018-09-23 18:47:44 -05:00
Matthew Bauer 1f0626a789
Merge pull request #47205 from matthewbauer/add-kdoctools
kde: add kdoctools to default environment
2018-09-23 18:46:36 -05:00
Matthew Bauer eb1b55b38f
Merge pull request #47204 from matthewbauer/make-firefox-default
nixos: make firefox the default browser
2018-09-23 18:45:03 -05:00
Uli Baum 2742063677 nixos/network-interfaces-scripted: fix container networking bug
When a bridge interface was reconfigured, running containers using
this bridge lost connectivity: restarting network-addresses-brN.service
triggered a restart of network-setup.service via a "partOf" relationship
introduced in 07e0c0e0a2.
This in turn restarted brN-netdev.service.
The bridge was thus destroyed and recreated with the same name but a new
interface id, causing attached veth interfaces to lose their connection.

This change removes the "partOf" relationship between
network-setup.service and network-addresses-brN.service for all bridges.
2018-09-23 23:08:19 +02:00
Jan Malakhovski 0f3b89bbed nixos: doc: move non-service parts of service.nixosManual to documentation.nixos 2018-09-23 20:50:47 +00:00
Jan Malakhovski fe744d3fb1 nixos: doc: rename manual to manualHTML, cleanup references
Because when I see "config.system.build.manual.manual" after I forgot
what it means I ask "Why do I need that second `.manual` there again?".
Doesn't happen with `config.system.build.manual.manualHTML`.
2018-09-23 20:47:58 +00:00
Will Dietz 7c74bc002f 19.03: fix section id 2018-09-23 15:25:16 -05:00
Matthew Bauer 611cc31aa4 kde: add kdoctools to default environment
khelpcenter needs meinproc5 to work properly. Hopefully doesn’t effect
closure sizes too much - kdoctools is rather small.

Fixes #46539

/cc @ttuegel
2018-09-23 13:38:50 -05:00
Sarah Brofeldt 7ac9e75583
Merge pull request #46959 from worldofpeace/emby/correct-permission
nixos/emby: ensure plugins are writeable
2018-09-23 20:33:29 +02:00
Sarah Brofeldt 7fb0194d41
Merge pull request #45161 from Gerschtli/update/ts3
teamspeak_server: 3.0.13.6 -> 3.3.0
2018-09-23 20:24:48 +02:00
John Ericson 1146ae1a71 release-notes/19.03: add release notes for nix 2.0 requirement bump
This is taken from the 18.09 change, which was reverted on release-18.09
but not master. The now-false 18.09 release notes were just removed from
master in 29854e2426, but since the
underlying change is still there, release notes for 19.03 are warranted.
This commit takes the now-reverted release notes and reuses them for
that.
2018-09-23 12:01:58 -04:00
John Ericson fe20b58d66 release-notes: Add missing "Backward Incompatibilities" section
This has been part of every release since 17.03. I think the template
for new releases should be updated to contain this.
2018-09-23 12:01:49 -04:00
Alexander V. Nikolaev 868040ee22 rmilter: deprecation notice 2018-09-23 18:51:40 +03:00
Matthew Bauer 29854e2426
Revert "nixos docs: add release notes for nix 2.0 requiremnt bump"
This reverts commit 18f9539655.

(cherry picked from commit 02bb97e5bb)
2018-09-23 11:23:20 -04:00
Pavel Goran 5e16e671ea nixos/tomcat: add aliases sub-option for virtual hosts 2018-09-23 21:49:17 +07:00
Vladyslav Mykhailichenko 3b7ecaa798 iwd: 0.7 -> 0.8 2018-09-23 15:26:55 +03:00
xeji 589b290b43
nixos/tests/prosody: use sqlite database (#47185)
The test didn't catch an issue with luadbi because it used
internal storage only. Switch to sqlite to test sql access.
2018-09-23 10:46:22 +02:00
Frederik Rietdijk 56853dc6d8
Merge pull request #45941 from NixOS/staging-next
Staging next
2018-09-23 09:31:28 +02:00
Matthew Bauer 67c8c49177 nixos: set nixos in nixPath
This makes using the nixos channel work out of the box with the new
Nix commands. For example:

$ nix run nixos.firefox -c firefox

Fixes #46536
2018-09-23 00:14:27 -05:00
Matthew Bauer 94bec239d5 nixos: make firefox default browser
Without this the graphical installer has no way to open the manual.
You can fix it yourself by installing any HTML browser but this might
be unfamiliar to users new to NixOS and without any other way to open
the manual. The downside is it will also increase download sizes.

Fixes #46537
2018-09-22 23:33:16 -05:00
Uli Baum 845ae983f6 nixos/iso-image: fix 32bit UEFI boot
UEFI iso image for i686 didn't boot because the
default boot file was incorrectly named bootx32.efi.
The correct name is bootia32.efi.
2018-09-23 00:18:50 +02:00
Stefan Junker f777d2b719 virtualization/qemu-vm: fix and improve virtio/scsi switching 2018-09-22 23:29:19 +02:00
xeji 6e6e0a987b
nixos/tests/codimd: fix non-deterministic failure (#47179)
Test failed non-deterministically due to an obvious copy/paste error.
Fix it and increase wait time to 10s (2s may not be enough on Hydra).
2018-09-22 21:31:46 +02:00
WilliButz 13e738f1e8 nixos/release.nix: run test for pgjwt (#47181) 2018-09-22 20:49:23 +02:00
Alexander V. Nikolaev 08f266490b rmilter: move rmilter.sock out of /run/rmilter
/run/rmilter is set by systemd, and have root:root ownership, which
prevent pid file to write.

This fix suggested to be promoted to 18.09 branch.
(Although rmilter itself is deprecated, and I plan to remove it, after
18.09 would be released)
2018-09-22 20:57:08 +03:00
Michael Peyton Jones 5b3c8485d6 sddm: link whole sddm directory, not just themes (#47174) 2018-09-22 19:23:31 +02:00
Uli Baum 7dd6a5192d nixos/tests/installer: stop udev queue before calling mdadm
In the swraid test, temporarily stop udev queue execution while
creating mdraid devices to prevent a race with udev, see
https://groups.google.com/forum/#!topic/scylladb-dev/u87yHgo3ylU
2018-09-22 12:33:15 +02:00
Uli Baum c46677fec2 nixos/tests/installer: use flock for all parted calls
to further reduce risk of race with udev, like util-linux
recommends for sfdisk:
https://github.com/karelzak/util-linux/blob/v2.32/disk-utils/sfdisk.8#L71
2018-09-22 12:22:17 +02:00
Uli Baum a5183762c5 nixos/tests/installer: prevent race between parted and udev
by combining all parted commands into a single parted call.
This eliminates one cause of non-deterministic failure.
2018-09-22 01:32:06 +02:00
Christian Kögler 1ce496bfab nixos lircd: fix deletion of lircd socket 2018-09-21 23:47:26 +02:00
Jan Tojnar 93408aecc4
Merge pull request #46274 from mvnetbiz/libratbag
libratbag: init at v0.9.903
2018-09-21 22:49:17 +02:00
Matt Votava 9a859fb7f9 libratbag: init at v0.9.903
Add package libratbag and service module ratbagd
Libratbag contains ratbagd daemon and ratbagctl cli to configure
buttons, dpi, leds, etc. of gaming mice.
Add mvnetbiz to maintainers.
2018-09-21 02:13:49 -07:00
Jörg Thalheim 06df7c9a33
Merge pull request #47077 from xeji/p/ferm-test
nixos/tests/ferm: disable dhcpcd
2018-09-21 09:58:00 +01:00
Sarah Brofeldt a4e9ab65f6
Merge pull request #47102 from xeji/p/test-atd
nixos/tests/atd: wait for atd to start
2018-09-21 10:09:28 +02:00
Uli Baum 8ffd65b12e nixos/tests/atd: wait for atd to start
The test failed non-deterministically when an at command was
issued before the atd daemon was running.
2018-09-21 09:22:03 +02:00
Graham Christensen 10450ffd5b
Merge pull request #47017 from grahamc/docker-tools-test
dockerTools.buildImage: test that created=now makes an unstable date
2018-09-20 20:02:51 -04:00
Uli Baum 5e7b7b805a nixos/tests/ferm: disable dhcpcd
The test failed in one run on Hydra, logs look like
dhcpcd changed ipv6 routing at just the wrong time.
Disable dhcpcd. It's not needed, the test uses static IPs anyway.
2018-09-21 01:17:41 +02:00
Jörg Thalheim 9046673696 nixos/grafana: option to configure smtp 2018-09-20 23:06:10 +01:00
Jörg Thalheim 7eb9c348fb nixos/grafana: options to store secrets not in nix store 2018-09-20 23:06:10 +01:00
xeji e40d850fd1
nixos/tests/gdk-pixbuf: fix test on i686 (#46916)
Test didn't run because it tried to create a VM with 4096M RAM
but qemu-system-i386 has a hard 2047M memory limit.
- reduce memory to 2047M on i686.
- increase timeout 300s -> 1800s because the tests are much slower
  on i686 and timed out.
2018-09-20 21:29:37 +02:00
Graham Christensen aedc651903
dockerTools.buildImage: test that created=now makes an unstable date 2018-09-20 13:06:14 -04:00
adisbladis b0987f2013
Merge pull request #46510 from worldofpeace/installer-refactor
installer: refactor
2018-09-20 22:55:42 +08:00
Florian Jacob 4392ec653c nixos/systemd-lib: fix assertValueOneOf
when value is not a string
2018-09-20 13:40:50 +02:00
xeji 05659962cd
nixos/tests/networking.virtual: prevent non-deterministic failure (#46949)
The test failed non-deterministically on Hydra because interfaces
sometimes weren't yet fully cleaned up when the result was checked.
2018-09-20 13:20:12 +02:00
Maximilian Bosch 18d461533b
zsh: patch _setxkbmap completion script
Instead of searching `/usr` it should search for the `xkb`,
$XDG_DATA_DIRS will be searched. With this approach we allow compliance
on NixOS and non-NixOS systems to find `symbols` in the `xkb` directory.

The patch has been accepted by upstream, but isn't released yet, so this
is mainly a temporary fix until we can bump ZSH to the next stable version.

The `xserver` module links `/share/X11/xkb` to `/run/current-system` to
make this possible.

The fix can be tested inside the following VM:

```
{
  zshtest = {
    programs.zsh.enable = true;
    users.extraUsers.vm = {
      password = "vm";
      isNormalUser = true;
    };
    services.xserver.enable = true;
  };
}
```

Fixes #46025
2018-09-20 12:54:34 +02:00
Maximilian Bosch 8b58a7187c nixos/yabar: fix module & test (#46954)
The `pkgs.yabar` package is relatively old (2016-04) and contains
several issues fixed on master. `yabar-unstable` containsa recent master
build with several fixes and a lot of new features (I use
`yabar-unstable` for some time now and had no issues with it).

In the upstream bugtracker some bugs could be fixed on ArchLinux by
simply installing `yabar-git` (an AUR package which builds a recent
master).

To stabilize the module, the option `programs.yabar.package` now
defaults to `pkgs.yabar-unstable` and yields a warning with several
linked issues that are known on `pkgs.yabar`.

The test has been refactored as well to ensure that `yabar` actually
starts (and avoid non-deterministic random success) and takes a
screenshot of a very minimalistic configuration on IceWM.

Fixes #46899
2018-09-20 12:47:46 +02:00
worldofpeace a16c6d85a1 nixos/emby: ensure plugins are writeable 2018-09-20 06:35:51 -04:00
Eelco Dolstra 869f615ff4
nix: 2.1.1 -> 2.1.2 2018-09-20 00:17:45 +02:00
Domen Kožar 5715aa1951
datadog-agent: remove privateTmp=true
This allows postgres integration to connect to socket in /tmp
2018-09-19 18:53:51 +01:00
Edmund Wu 1a15b10ae3 lightdm: fix tmpfiles path (#46886) 2018-09-19 16:54:13 +02:00
xeji beb8ca2887
nixos/tests/hibernate: prevent non-deterministic failure (#46882)
... that occurred mostly on i686. Improve timing.
With this, the failures are no longer reproducible on my machine.
2018-09-19 16:19:45 +02:00
xeji daf40ab165
nixos/tests/containers-imperative: fix on i686 (#46874)
Test failed on i686 in a sandbox because some packages required
to build the nixos manual for the container were missing. Add them.
2018-09-19 16:19:31 +02:00
WilliButz 3961cab52f codimd: remove unneeded defaults 2018-09-18 23:15:34 +02:00
WilliButz fc93264f59 codimd: fix option configuration.saml.idpCert 2018-09-18 23:15:34 +02:00
Elis Hirwing 5664e64a01 nixos/activation: Switch from bash to sh to avoid reading users bash config (#46851)
This fixes #46750. This should also work with non-POSIX shells like in #46042.
2018-09-18 21:47:14 +02:00
Janne Heß be6e995085 nixos/tt_rss: Give a proper UID 2018-09-18 21:46:52 +02:00
xeji a83d61b708
nixos/release.nix: disable tests.ec2-config (#46830)
This test doesn't work in a sandbox and never succeeded on Hydra.
It simulates an EC2 instance reconfiguring itself at runtime,
which needs network access.
2018-09-18 19:27:36 +02:00
Frederik Rietdijk de419917a3 Merge master into staging-next 2018-09-18 18:44:48 +02:00
Jörg Thalheim f8b2c1318c
Merge pull request #46634 from mdorman/airsonic-parameters
airsonic: provide additional jvm configuration
2018-09-18 08:20:53 +01:00
xeji 8a2bf1319d
Merge pull request #46769 from samueldr/zhf/grub
Fixes grub1 installer tests
2018-09-17 19:12:23 +02:00
Jean-Paul Calderone 57834da7fc nixos/tor: Correct "transparent" typo 2018-09-17 16:13:11 +02:00
Samuel Dionne-Riel b63c539bdc nixos/tests/installer: grub1 needs /tmp to exist. 2018-09-17 09:31:43 -04:00
Graham Christensen c8cc8d496d
Merge pull request #46777 from erikarvstedt/docs
Improve docs
2018-09-17 09:31:30 -04:00
WilliButz dd5dcc65ac nixos/tests: add test for codimd 2018-09-17 15:18:52 +02:00
WilliButz db846a88a8 nixos/codimd: add module 2018-09-17 15:18:52 +02:00
Erik Arvstedt 4c755e1218 nixos display-managers: fix typo in description 2018-09-17 15:03:01 +02:00
Erik Arvstedt a91330a41b nixos tests doc: update VM state path 2018-09-17 15:02:58 +02:00
Erik Arvstedt 6e203af399 nixos tests doc: add example statement 2018-09-17 13:08:08 +02:00
Erik Arvstedt b0956b0ae3 nixos tests doc: fix example statement
False statements don't cause NixOS tests to fail, we need to throw an
exception or terminate.
2018-09-17 13:08:02 +02:00
worldofpeace 67e9571ba4 nixos/lightdm: use systemd.tmpfiles (#46734)
This also makes logs appear at /var/log/lightdm
2018-09-17 11:02:21 +02:00
Peter Hoeg f456d7f575
Merge pull request #32045 from ck3d/nixos-lirc
initial NixOS module for LIRC
2018-09-17 11:35:15 +08:00
Peter Hoeg 3904016a3d
Merge pull request #43812 from binarin/epmd-systemd-pr
epmd: Introduce erlang port mapper daemon service
2018-09-17 11:33:09 +08:00
Jörg Thalheim 8ceaf29f3b
Merge pull request #46741 from pacien/exim-module-package-opt
exim: parametrise package
2018-09-16 22:53:02 +01:00
Jörg Thalheim fc41ea8c8e
Merge pull request #46144 from dasJ/nullidentdmod-module
nixos/nullidentdmod: Init
2018-09-16 22:06:59 +01:00
rembo10 f1c9d5cf23 Add sickbeard module (with SickGear & SickRage) 2018-09-16 21:54:16 +02:00
pacien d73ed4264f exim: parametrise package
This allows the definition of a custom derivation of Exim,
which can be used to enable custom features such as LDAP and PAM support.

The default behaviour remains unchanged (defaulting to pkgs.exim).
2018-09-16 15:19:29 +02:00
Bob van der Linden 5fbc521bf9
tests: bittorrent: add bobvanderlinden as maintainer 2018-09-15 23:10:26 +02:00
Bob van der Linden 276ffc5656
tests: bittorrent: improve stability
This attempts to improve stability of the test by using existing
services for miniupnpd and transmission.

It also uses explicit addresses for the network interfaces so that the
external IP addresses are valid internet addresses (thus fixing
validation problems from upnpc).

Also disable eth0 from being used to transfer torrents over without that
being the intention.
2018-09-15 23:10:25 +02:00
Bob van der Linden 32c63c6905
tests: upnp: init test for upnp using miniupnpd / miniupnpc 2018-09-15 23:10:25 +02:00
Bob van der Linden d3eff01076
nixos: miniupnpd: use iptables scripts 2018-09-15 23:10:24 +02:00
Christian Kögler 533efd0cfd initial NixOS module for LIRC 2018-09-14 03:57:51 +02:00
Michael Alan Dorman c76312aea5 airsonic: provide additional jvm configuration
This allows the user, among other things, to configure jukebox output
to go to non-default alsa devices.
2018-09-13 20:05:02 -04:00
Márton Boros f96dde6fd7
Increase Virtualbox disk image size
10G is not enough for a desktop installation, and resizing a Virtualbox disk image is a pain. 
Let's increase the default disk size to 100G. It does not require more storage space, since the empty bits are left out.
2018-09-13 23:15:41 +02:00
Sarah Brofeldt d024f91349
Merge pull request #46573 from johanot/kubernetes-1.10-1.11
kubernetes: 1.10.5 -> 1.11.3
2018-09-13 11:29:11 +02:00
Nick Hu 574f4c4069 profile-sync-daemon: 5.53 -> 6.33 2018-09-13 17:15:13 +09:00
Domen Kožar bef541c569 datadog: add live process monitoring 2018-09-13 09:11:06 +01:00
Domen Kožar 049b3a6cc2 nixos: remove unneeded api_key from config 2018-09-13 09:11:06 +01:00
Uli Baum 1df2560dde Merge branch 'master' into staging-next 2018-09-13 10:08:53 +02:00
Johan Thomsen a49f56c3b1 kubernetes: 1.10.5 -> 1.11.3
Fixed minor issue where kube-addon manager complaints about
/opt/namespace.yaml missing.

Added release notes with reference to Kubernetes 1.11 release notes.

closes #43882
2018-09-12 15:17:02 +02:00
Robin Gloster 929f71d381
grafana module: allow path for extraConfig vals 2018-09-12 14:21:46 +02:00
Robin Gloster 515a7aa452
acme module: fix self-signed cert with openssl 1.1 2018-09-12 13:40:46 +02:00
Sarah Brofeldt 66f6105978 nixos/doc: Add stable pre-release warning (#46473) 2018-09-11 15:42:15 +02:00
Joachim F e02575b906
Merge pull request #46381 from Chiiruno/dev/zeronet
nixos/zeronet: Fix TOR permissions, add torAlways option
2018-09-11 10:28:32 +00:00
Jörg Thalheim 1bdba70b71
Merge pull request #44496 from Yarny0/hylafaxplus
Hylafaxplus
2018-09-11 10:48:19 +01:00
Jörg Thalheim c8ccc433df
nixos/hylafax: show correct option in warning message. 2018-09-11 10:38:04 +01:00
Erik Arvstedt 7a42623c23 networking.hostId: fix cmd in description
1. Simplify the command by reading directly from /etc/machine-id which
is already a random, lower-case hex string
2. Previously, the command output could be too short because of missing
leading digits. This is now fixed.
2018-09-11 11:29:04 +02:00
worldofpeace 2430a13bca installer: refactor 2018-09-11 02:23:16 -04:00
volth 16edfb22b8
oops 2018-09-10 02:39:15 +00:00
volth 502b37ae63
nixos/initrd-network: multiple fixes
* acquire DHCP on the interfaces with networking.interface.$name.useDHCP == true or on all interfaces if networking.useDHCP == true (was only only "eth0")
 * respect "mtu" if it was in DHCP answer (it happens in the wild)
 * acquire and set up staticroutes (unlike others clients, udhcpc does not do the query by default); this supersedes https://github.com/NixOS/nixpkgs/pull/41829
2018-09-10 02:10:47 +00:00
Edward Tjörnhammar 9dc661aa72
nixos/i2pd: Update options to encompass recent additions to the daemon
Also:
  * switch to flat sysdir
  * remove nixos default reseeds, rely on program defaults
  * refactor config expressions
2018-09-09 18:48:51 +02:00
xeji 17c51ef436
Merge pull request #45925 from markuskowa/ompi-up
slurm: 17.11.9-2 -> 18.08.0-1
2018-09-09 14:20:00 +02:00
Jan Malakhovski b23f6a3714 nixos: xdg: fix indent and eol spaces 2018-09-08 17:20:56 -05:00
Matthew Bauer fb0e0dcbc6 xdg/mime.nix: ensure $out/share/mime/packages exists
For update-mime-database to work, you must have to have some mime
packages installed. In some DEs like XFCE this is not guaranteed to
happen. In that case just skip the update-mime-database call.

Fixes #46162
2018-09-08 16:54:12 -05:00
Jan Malakhovski 4e5e240770 nixos/release.nix: add configuration parameter 2018-09-08 21:49:12 +00:00
Jan Malakhovski c3593f3599 nixos/release.nix: import lib once 2018-09-08 21:49:08 +00:00
Jan Malakhovski fe0b5273cc nixos/release.nix: make makeNetboot more like makeIso 2018-09-08 21:49:06 +00:00
Markus Kowalewski 0051772890
nixos/slurm: add option clusterName
slurm 18.08 requires ClusterName to be set
(set to default).
2018-09-08 23:14:54 +02:00
Okina Matara 9c97f37761 nixos/zeronet: Fix TOR permissions, add torAlways option 2018-09-08 12:12:11 -05:00
Michael Weiss 53ef5441bb nixos/sks: Make the webroot option optional
That way the built-in web server is usable by default but users can use
$HOME/web directly (instead of having to use a symlink), if they want to
customize the webpage.
2018-09-08 17:01:35 +02:00
Michael Weiss eb0050ca45 nixos/sks: Use a group and don't add sks to systemPackages
Without a group the gid will default to 65534 (2^16 - 2) which maps to
"nogroup". IMO it makes more sense to explicitly set a valid group.

Adding pkgs.sks to environment.systemPackages is not required (IIRC we
want to avoid bloating environment.systemPackages). Instead it seems
like a better idea to make the relevant binaries available to the user
sks and enable useDefaultShell so that "su -l sks" can be used for
manual interaction (that way the files will always have the correct
owner).
2018-09-08 16:24:05 +02:00
Michael Weiss a0d3d098ff nixos/sks: Add a webroot option
The module will now, by default, serve a simple webpage via the built-in
web server (instead of displaying an error message).
2018-09-08 16:24:05 +02:00
Graham Christensen ca7391daf2
Merge pull request #46341 from obsidiansystems/fix-46320
nixpkgs module: Fix defaulting of `localSystem` and `system`
2018-09-08 09:16:41 -04:00
Yarny0 12fa95f2d6 modules: HylaFAX server configuration
This commit adds the following
* the uucp user
* options for HylaFAX server to control startup and modems
* systemd services for HylaFAX server processes
  including faxgettys for modems
* systemd services to maintain the HylaFAX spool area,
  including cleanup with faxcron and faxqclean
* default configuration for all server processes
  for a minimal working configuration

Some notes:

* HylaFAX configuration cannot be initialized with faxsetup
  (as it would be common on other Linux distributions).
  The hylafaxplus package contains a template spool area.
* Modems are controlled by faxgetty.
  Send-only configuration (modems controlled by faxq)
  is not supported by this configuration setup.
* To enable the service, one or more modems must be defined with
  config.services.hylafax.modems .
* Sending mail *should* work:
  HylaFAX will use whatever is in
  config.services.mail.sendmailSetuidWrapper.program
  unless overridden with the sendmailPath option.
* The admin has to create a hosts.hfaxd file somewhere
  (e.g. in /etc) before enabling HylaFAX.
  This file controls access to the server (see hosts.hfaxd(5) ).
  Sadly, HylaFAX does not permit account-based access
  control as is accepts connections via TCP only.
* Active fax polling should work; I can't test it.
* Passive fax polling is not supported by HylaFAX.
* Pager transmissions (with sendpage) are disabled by default.
  I have never tested or used these.
* Incoming data/voice/"extern"al calls
  won't be handled by default.
  I have never tested or used these.
2018-09-08 14:21:40 +02:00
Michael Weiss 28a46c2c6f
Merge pull request #46361 from primeos/nixos-sks
nixos/sks: Minor improvements
2018-09-08 14:16:55 +02:00
Tad Fisher 56b3c5b2dd nixos/networkmanager: fix VPN plugin service definition targets (#46201) 2018-09-08 14:10:51 +02:00
Michael Weiss 6764d41ecc nixos/sks: Update the descriptions and add meta.maintainers
TODO: Merge this module with https://github.com/NixOS/nixpkgs/pull/24516
2018-09-08 13:44:11 +02:00
Michael Weiss a0d7b88911 nixos/sks: Add a dataDir option 2018-09-08 13:44:08 +02:00
Jan Tojnar 667e54bdb0
Merge pull request #45045 from jtojnar/rygel
Rygel
2018-09-08 06:22:37 +01:00
Jan Tojnar 60ae12f5de
nixos/rygel: init 2018-09-08 06:57:14 +02:00
John Ericson 9f9723b179 nixpkgs module: Fix defaulting of localSystem and system
Take two of #40708 (4fe2898608).

That PR attempted to bidirectionally default `config.nixpkgs.system` and
`config.nixpkgs.localSystem.system` to each be updated by the other. But
this is not possible with the way the module system works. Divergence in
certain cases in inevitable.

This PR is more conservative and just has `system` default `localSystem`
and `localSystem` make the final call as-is. This solves a number of
issues.

 - `localSystem` completely overrides `system`, just like with nixpkgs
 proper. There is no need to specify `localSystem.system` to clobber the
 old system.

 - `config.nixpkgs.localSystem` is exactly what is passed to nixpkgs. No
 spooky steps.

 - `config.nixpkgs.localSystem` is elaborated just as nixpkgs would so
 that all attributes are available, not just the ones the user
 specified.

The remaining issue is just that `config.nixpkgs.system` doesn't update
based on `config.nixpkgs.localSystem.system`. It should never be
referred to lest it is a bogus stale value because
`config.nixpkgs.localSystem` overwrites it.

Fixes #46320
2018-09-07 16:43:56 -04:00
Timo Kaufmann e326c0156d
Merge pull request #45728 from Ma27/nixos/weechat-module
nixos/weechat: add module
2018-09-07 17:19:46 +02:00
Silvan Mosberger 00c6f85d18
Merge pull request #44341 from shmish111/riemann-options
nixos/riemann: refactor config
2018-09-07 16:41:59 +02:00
Maximilian Bosch 18d419141d
nixos/weechat: cleanup module, add module documentation
This adds several improvements the previously introduced
`services.weechat` module:

* Dropped `services.weechat.init` as the initialization script can now
  be done on package-level since 2af41719bc using the `configure`
  function.

* Added `sessionName` option to explicitly configure a name for the
  `screen` session (by default: weechat-screen).

* Added `binary` option to configure the binary name (e.g.
  `weechat-headless`).

* Added docs regarding `screen` session and `weechat.service`.
2018-09-07 13:45:13 +02:00
Yegor Timoshenko b54987715b
weechat: add NixOS module 2018-09-07 13:09:08 +02:00
David Smith 1d497bbff1 nixos/riemann: refactor config
Previously it was only possible to use very simple Riemann config.
For more complicated scenarios you need a directory of clojure
files and the config file that riemann starts with should be in this
directory.
2018-09-07 09:46:46 +01:00
Franz Pletz 48f2b0c909
Merge pull request #46235 from alexshpilkin/networkd-link-multicast
nixos/networkd: support MULTICAST, fix RequiredForOnline and [Route]
2018-09-07 07:44:58 +00:00
Alexander Shpilkin ecf73103ab
nixos/networkd: do not require gateway for routes
A route via a tunnel interface does not require a gateway to be
specified, so do not check for the Gateway= field on routes at all.
2018-09-07 02:23:12 +03:00
Alexander Shpilkin 8fdb6fba30
nixos/networkd: fix handling of RequiredForOnline 2018-09-07 02:01:21 +03:00
Alexander Shpilkin 423e46a24f
nixos/networkd: support MULTICAST flag on links
Support Multicast= option in [Link] section of network units,
introduced in systemd/systemd#9118.
2018-09-07 01:56:46 +03:00
xeji 5fc8ebdda0
Merge pull request #45784 from oxij/pull/44720-shell-env-edited
nixos/shells: Avoid overriding the environment for other child shells
2018-09-06 20:30:34 +02:00
Silvan Mosberger aed92ec2e9
Merge pull request #44134 from dasJ/iperf
nixos/iperf: Init the module
2018-09-06 18:52:30 +02:00
Janne Heß 32a2d08b23 nixos/nullidentdmod: Init 2018-09-06 16:31:20 +02:00
John Ericson f66257cfce doc: Add release notes for top-level {build,host,target}Platform deprecation
I forgot to do this in e51f736076.
2018-09-06 09:55:37 -04:00
John Ericson 24209d29f0
Merge pull request #46148 from obsidiansystems/plain-system-host
top-level, stdenv: Make `system` and `stdenv.system` describe the hostPlatform
2018-09-06 09:37:20 -04:00
John Ericson 8ae27030aa doc: Add changelog entry for new definition of system and stdenv.system
See the previous commit for details.
2018-09-06 09:24:08 -04:00
Shea Levy 18337f3ece
Merge branch 'no-toPath' 2018-09-06 08:09:53 -04:00
Janne Heß 9e25ebc03a nixos/iperf: Init the module 2018-09-06 12:38:30 +02:00
Eelco Dolstra 1510f324a3
nix: 2.1 -> 2.1.1 2018-09-06 01:12:03 +02:00
Maximilian Bosch df05618f2a nixos/activation: fix activation script for non-POSIX shells (#46042)
This fixes an issue with shells like fish that are not fully POSIX
compliant. The syntax `ENV=val cmd' doesn't work properly in there.

This issue has been addressed in #45932 and #45945, however it has been
recommended to use a single shell (`stdenv.shell' which is either
`bash' or `sh') to significantly reduce the maintenance overload in the
future.

See https://github.com/NixOS/nixpkgs/issues/45897#issuecomment-417923464

Fixes #45897

/cc @FRidh @xaverdh @etu
2018-09-05 22:48:47 +02:00
xeji f70dc57ad3
nixos/tests/opensmtpd: prevent non-deterministic failure (#46071)
A sporadic failure occured on Hydra because a request was sent
to smtpd after the systemd unit was started, but before the daemon
was actually listening. Fix by checking for open ports first.
2018-09-05 22:36:17 +02:00
Matthew Bauer 4120a9dda7
Merge pull request #42295 from avnik/libprefixed-to-multioutput/heimdal
Libprefixed to multioutput/heimdal
2018-09-05 13:50:13 -05:00
xeji ba52f4cb76
statsd: mark broken, disable nixos test (#46097)
It's broken with node v8 and the upstream project is dead
(last commit Nov. 2016), see #45946 and
https://github.com/etsy/statsd/issues/646
2018-09-05 16:48:14 +02:00
Jan Tojnar bf8386a411
Merge pull request #46058 from symphorien/dconf-dbus
dconf module: add dconf to services.dbus.packages
2018-09-05 14:51:06 +01:00
Alberto Berti 69e4e4934d Allow the definition of extra options on commandline
I stumbled upon an issue with the Alertmanager that required
an additional comand line option. See https://groups.google.com/forum/#!msg/prometheus-users/-5wd-P13xCI/lGLBHHgnBgAJ
2018-09-04 23:19:26 +02:00
Uli Baum 62086c6be6 nixos/tests/novacomd: prevent non-deterministic failure
A sporadic failure occured on Hydra because a request was sent
to the daemon after the systemd unit was started, but before the
daemon was actually listening. Fix by checking for open port first.
2018-09-04 22:46:44 +02:00
Symphorien Gibol 88ae8f7d55 dconf module: add dconf to services.dbus.packages
Some programs like eog seem to need dconf accessible on dbus.
Without this change I get

(eog:1738): dconf-WARNING **: 21:20:52.770: failed to commit changes to
dconf: GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: The name
ca.desrt.dconf was not provided by any .service files
2018-09-04 21:19:31 +02:00
Niklas Hambüchen 31919bce6b nix-daemon service: Ensure ssh is on PATH. Fixes #46038.
This fixes a regression introduced in commit
  700e21d6da

nix needs ssh on path for the SSH substituter functionality,
not only the distributed builds functionality.

Signed-off-by: Niklas Hambüchen <mail@nh2.me>
2018-09-04 16:19:35 +02:00
Vladimír Čunát 1428d00aa4
Merge branch 'master' into staging-next
Hydra: ?compare=1477053
2018-09-04 13:06:45 +02:00
Tim Steinbach 5fccac2b8d
kernel: Remove Copperhead
The patches are unmaintained and suggest a false sense of security
2018-09-03 11:18:11 -04:00
Francesco Gazzetta 25a14fc261
nixos docs: system restart to apply containers nat 2018-09-03 14:42:48 +02:00
Eelco Dolstra 347638ccfe
nix: 2.0.4 -> 2.1 2018-09-03 01:37:55 +02:00
aszlig 4652f2f87e
nixos: Document option description changes
This adds a release notes entry to make users (and especially
developers) aware so they no longer need to use </para><para> in option
descriptions as this is now done automatically on every two consecutive
newlines.

More details can be found in the commit message of f865d0feab.

Signed-off-by: aszlig <aszlig@nix.build>
2018-09-03 01:14:46 +02:00
Samuel Dionne-Riel e144899b74 release-notes: Adds 19.03 — Koi 2018-09-02 17:47:24 -04:00
Graham Christensen 14b0456686
Merge pull request #45930 from aszlig/option-description-parbreak
nixos: Split paras by \n\n in option descriptions
2018-09-02 16:08:06 -04:00
Graham Christensen 61deecdc34
nixos docs: more IDs 2018-09-02 15:56:24 -04:00
Graham Christensen ff23dd110b
nixos docs: more IDs 2018-09-02 15:47:59 -04:00
Samuel Dionne-Riel a92cfb5725
Merge pull request #45912 from xeji/p/dhcpcd
dhcpcd: 6.11.5 -> 7.0.8
2018-09-02 15:28:15 -04:00
Christopher Birkbeck 0dd7a0f266 Added an example for environment.variable. (#45956) 2018-09-02 21:21:14 +02:00
Graham Christensen 146f8bac7e
Merge pull request #45911 from samueldr/fix/nixos-help-browser
nixos/manual: nixos-help knows about colon-separated BROWSER
2018-09-02 14:30:22 -04:00
Graham Christensen f14b6cb6ec
Merge pull request #44526 from samueldr/feature/actiavation-failure-identification
nixos/activation: Identifies the snippet that failed
2018-09-02 14:28:10 -04:00
Yorick 1ee3ad6732 wireguard: change preStop to postStop, require network.target (#45569)
* wireguard: change preStop to postStop, require network.target

* wireguard service: network.target -> network-online.target
2018-09-02 17:07:55 +02:00
volth a9a8043b9b install-grub.pl: avoid double '/' in menu.lst and grub.conf (#45907)
Although double '/' in paths is not a problem for GRUB supplied with nixpkgs, sometimes NixOS's grub.conf read by external GRUB and there are versions of GRUB which fail
2018-09-02 14:34:55 +02:00
Uli Baum 13c3986b7a nixos/tests/networking.*.macvlan: disable reverse path check
Generated reverse path filtering rules for the macvlan interface
seem to be incorrect, causing the test to fail - sometimes or always,
depending on the dhcpcd version used.
- Disable reverse path checking temporarily to avoid blocking the channel
- Print more diagnostic information for debugging
2018-09-02 12:26:28 +02:00
Frederik Rietdijk b910b697f6 Merge master into staging 2018-09-02 12:10:33 +02:00
xeji 224a5503ca
nixos/release.nix: disable blivet test (#45931)
- has been broken since 2017-07-24
- no attempts to fix it
- it tests an outdated blivet version (Oct 2014)
2018-09-02 09:37:48 +02:00
Uli Baum 5f72169b03 nixos/displayManagers/auto: allow root auto-login
The switch from slim to lightdm in #30890 broke some nixos tests
because lightdm by default doesn't permit auto-login for root.
Override /etc/pam.d/lightdm-autologin to allow it.
2018-09-02 08:18:10 +02:00
aszlig f865d0feab
nixos: Split paras by \n\n in option descriptions
What annoyed me for a long time was the fact, that in order to break
into a new paragraph, you need to insert </para><para> in the
description attribute of an option.

Now we will automatically create <para/> elements for every block that
is separated by two consecutive newlines.

I first tried to do this within options-to-docbook.xsl, but it turns
out[1] that this isn't directly possible with XSLT 1.0, so I added
another XSLT file that postprocesses the option descriptions that are
now enclosed in <nixos:option-description/> by options-to-docbook.xsl.

The splitting itself is a bit more involved, because we can't simply
split on every \n\n because we'd also split text nodes of elements, for
example:

  <screen><![CDATA[

    one line

    another one

  ]]></screen>

This would create one <para/> element for "one line" and another for
"another line", which we obviously don't want because <screen/> is used
to display verbatim contents of what a user is seeing on the screen.

So what we do instead is splitting *only* the top-level text nodes
within the outermost <para/> and leave all elements as-is. If there are
more than one <para/> elements at the top-level, we simply don't process
it at all, because the description then already contains </para><para>.

https://www.mhonarc.org/archive/html/xsl-list/2012-09/msg00319.html

Signed-off-by: aszlig <aszlig@nix.build>
Cc: @edolstra, @domenkozar
2018-09-02 08:10:37 +02:00
Florian Klink 953b77f07b bird: set reloadIfChanged to true (#45924)
This will trigger the reload instead of restart command if a definition
changes, which is much more desireable for a routing daemon.
2018-09-02 06:51:32 +02:00
Samuel Dionne-Riel ca47cc90c2
Merge pull request #39142 from teto/nm_dispatchers
[RDY] networkmanager: enrich dispatcher PATH
2018-09-01 23:26:36 -04:00
Graham Christensen 2d5f599b35
Merge pull request #44347 from zhangyoufu/patch-28620
fix vlan interface bring up on boot
2018-09-01 21:28:31 -04:00
Uli Baum 7e9bd2dae1 nixos/tests/flatpak: explicitly disable gdm to fix eval
The switch to lightdm as default display manager in #30890
broke eval of the flatpak test. Since the test uses the
auto display manager (lightdm), gdm must now be explicitly disabled.
2018-09-02 01:57:20 +02:00
Uli Baum 15e6e1ff6f nixos/nginx: fix type of sslTrustedCertificate option
The option was added in 1251b34b5b
with type `types.path` but default `null`, so eval failed with
the default setting. This broke the acme and certmgr tests.

cc: @vincentbernat @fpletz
2018-09-02 01:35:59 +02:00
Graham Christensen 53c77e64fe
nixos docs: footnotes: give IDs 2018-09-01 16:24:37 -04:00
Graham Christensen 73bff467d2
makefile: auto-format xml docs outside of the doc subdir 2018-09-01 16:20:49 -04:00
Graham Christensen 34d2ec7c09
nixos docs: give IDs to things 2018-09-01 16:20:49 -04:00
Graham Christensen 18fd616351
nixos docs: Give sections IDs 2018-09-01 16:20:49 -04:00
Uli Baum d660428f85 nixos-generate-config.pl: remove executable bit
it was erroneously set in cb1ca42009
although this file isn't executable before patching shebangs.
2018-09-01 21:29:30 +02:00
volth 2413fcdfeb services.xserver.windowManager.session: handle duplicate names (#37690) 2018-09-01 21:27:17 +02:00
Vladimír Čunát 37a45e5a97
nixos-generate-config: fix perl quoting after cb1ca42 2018-09-01 21:13:54 +02:00
volth 0fa04d646d alternative for iproute module (#41801) 2018-09-01 20:28:23 +02:00
Samuel Dionne-Riel 4ff5f304b9 nixos/manual: nixos-help knows about colon-separated BROWSER
This is the semantics as understood by `xdg-open`. Using these semantics
on a non-colon-separated variable works because it acts as if it was a
one element long list.

This fixes an issue where it would try to exec
`google-chrome-beta:google-chrome:chromium:firefox` on a system
configured with these semantics in mind.
2018-09-01 13:48:49 -04:00
Vladimír Čunát 0e7ba35ddc
Merge #45910: Fix i686 installer iso build 2018-09-01 19:15:39 +02:00
Samuel Dionne-Riel 3aae9fc3f9 nixos/iso-image.nix: fixes i686 installer iso build.
Fixes #45908
2018-09-01 13:00:58 -04:00
Vladimír Čunát 2d6179d1e8
Merge branch 'master' into staging
A few trivial conflicts due to *Platforms mass replace.
2018-09-01 17:38:18 +02:00
Vladimír Čunát 2e7cb61cfb
Merge #45720: coreutils: split a coreutils-full version 2018-09-01 17:03:49 +02:00
Venkateswara Rao Mandela cb1ca42009 nixos/doc: add instructions for installation behind a proxy (#45854)
The instructions to install nixos behind a proxy were not clear. While
one could guess that setting http_proxy variables can get the install
rolling, one could end up with an installed system where the proxy
settings for the nix-daemon are not configured.

This commit updates the documentation with

1. steps to install behind a proxy

2. configure the global proxy settings so that nix-daemon can access
internet.

3. Pointers to use nesting.clone in case one has to use different proxy
settings on different networks.
2018-09-01 16:12:35 +02:00
xeji ff679f86a2
Merge pull request #30890 from Lassulus/slim-lightdm
display-managers: make lightdm the default
2018-09-01 16:11:38 +02:00
volth 2c072b9ddc stage-1-init.sh: do not check mounted filesystems (#45891)
fsck of a mounted filesystems fails with error code 8 "Operational error" and halts the boot processing
2018-09-01 15:26:16 +02:00
Jörg Thalheim 58c29e9e75
Merge pull request #45875 from wizeman/u/fix-transmission-mod2
nixos/transmission: fix AppArmor profile to include keyutils
2018-09-01 12:13:22 +01:00
Uli Baum 43e30b1ead nixos/tests/installer: add missing system.extraDependencies
Since 1b11fdd0df the test VM
depends on some extra packages to build the system to be installed.
This broke the installer test as it tried to download/build these
packages in a sandbox.
2018-09-01 11:50:02 +02:00
Vladimír Čunát 9b0649ae3e
Merge #45774: linux_testing_bcachefs: upgrade, add tests 2018-09-01 11:06:29 +02:00
Vladimír Čunát 0473466ba5
Merge #45731: artwork update (replacing old logo) 2018-09-01 10:43:20 +02:00
Okina Matara 3d1fecd5bd nixos/tests/bcachefs: init 2018-08-31 21:19:53 -05:00
Graham Christensen 4477cf04b6
Document running nixos-rebuild switch to clear /boot space 2018-08-31 21:37:07 -04:00
lassulus fc035da4a4 xserver.displayManager: change default
Switch from slim to lightdm as the display-manager.
    If plasma5 is used as desktop-manager use sdddm.
    If gnome3 is used as desktop-manager use gdm.

    Based on #12516
2018-08-31 17:57:39 +02:00
Ricardo M. Correia 6376c5df87 nixos/transmission: fix AppArmor profile to include keyutils 2018-08-31 17:19:29 +02:00
Tobias Happ 8f0bafcaff nixos/gitea: fix pre start script (#44979)
The gitea path is hardcoded in hooks directory in files of paths like:
    repositories/<user>/<repo>.git/hooks/update.d/gitea
2018-08-31 16:39:58 +02:00
John Ericson 2c4a75e9ef
Merge pull request #45820 from obsidiansystems/dont-use-obsolete-platform-aliases
treewide: Dont use obsolete platform aliases
2018-08-31 09:56:10 -04:00
xeji 4db15ba7b8
Merge pull request #45748 from xeji/p/nfs-232
nfs-utils: 2.1.1 -> 2.3.2, integrate libnfsidmap
2018-08-31 14:23:56 +02:00
チルノ 17564e0ed9 nixos/zeronet: init (#44842) 2018-08-31 11:40:23 +01:00
Sarah Brofeldt bb321a2624
Merge pull request #45811 from Nadrieril/fix-usbguard-auditfile
nixos/usbguard: ensure the audit log file can be created 
nixos/usbguard: disable debug output
2018-08-31 11:40:13 +02:00
Franz Pletz 1cc916b5b2
Merge pull request #45810 from vincentbernat/fix/nginx-stapling
nixos/nginx: ensure TLS OCSP stapling works out of the box with LE
2018-08-31 07:18:40 +00:00
Jan Tojnar f0136e4bc8
Merge pull request #45638 from aanderse/incron
incron: init at 0.5.12
2018-08-31 06:54:58 +01:00
Aaron Andersen 9b12db6928 changed from forking to simple as recommended by @aszlig 2018-08-31 03:03:04 +00:00
Aaron Andersen d7d7533c18 changes as per requested by @aszlig 2018-08-31 02:52:49 +00:00
Aaron Andersen 7bc2a0dd64 removed quotes when not needed as suggested by @aszlig 2018-08-31 02:17:38 +00:00
John Ericson 2c2f1e37d4 reewide: Purge all uses stdenv.system and top-level system
It is deprecated and will be removed after 18.09.
2018-08-30 17:20:32 -04:00
Nadrieril 9b9ba8405b nixos/usbguard: ensure the audit log file can be created
Since version 0.7.3, usbguard-daemon won't start if the file cannot be opened.
2018-08-30 21:54:22 +01:00
Nadrieril 08148a746a nixos/usbguard: disable debug output 2018-08-30 21:54:22 +01:00
Vincent Bernat 1251b34b5b nixos/nginx: ensure TLS OCSP stapling works out of the box with LE
The recommended TLS configuration comes with `ssl_stapling on` and
`ssl_stapling_verify on`. However, this last directive also requires
the use of `ssl_trusted_certificate` to verify the received answer.
When using `enableACME` or similar, we can help the user by providing
the correct value for the directive.

The result can be tested with:

    openssl s_client -connect web.example.com:443 -status 2> /dev/null

Without OCSP stapling, we get:

    OCSP response: no response sent

After this change, we get:

    OCSP Response Data:
        OCSP Response Status: successful (0x0)
        Response Type: Basic OCSP Response
        Version: 1 (0x0)
        Responder Id: C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
        Produced At: Aug 30 20:46:00 2018 GMT
2018-08-30 22:47:41 +02:00
Uli Baum e0ca51c367 nixos/tests/nfs: fix nfs4 client mount path
nfs4 exports from a virtual filesystem root,
so the client mount path differs from nfs3
2018-08-30 19:57:39 +02:00
Samuel Dionne-Riel aa0556415b
Merge pull request #45779 from grahamc/bump-nix-version
Nix minimal version: 1.11 -> 2.0
2018-08-30 11:39:18 -04:00
Jan Tojnar 8a8056c302
Merge pull request #45058 from michaelpj/imp/freedesktop-modules
freedesktop modules: init
2018-08-30 16:14:35 +01:00
Vladimír Čunát 6f2f91f307
Merge #42880: libinput: split .bin output 2018-08-30 15:29:32 +02:00
Vladimír Čunát ab539ab863
libinput: make .bin the first output
That's the convention:
2018-08-30 15:27:26 +02:00
Jan Malakhovski 8952375b48 nixos/shells: fix indent everywhere
to comply with `doc/coding-conventions.xml`
2018-08-30 13:20:39 +00:00
Tor Hedin Brønner d273db48c6 nixos/shells: avoid overriding the environment for child shells
A shared exported guard `__NIXOS_SET_ENVIRONMENT_DONE` is introduced that can
be used to prevent child shells from sourcing `system.build.setEnvironment`
the second time.

This fixes e.g. `nix run derivation` when run from e.g. ZSH through the console or
ssh. Before this Bash would resource the common environment resetting the `PATH`
environment variable.

We also export `system.build.setEnvironment` to `/etc/set-environment` making it
easy to reset the common environment with `. /etc/set-environment` when
needed and to grep for environment variables in `/etc` (which was the
motivation of #30418).

This reverts changes made in b00a3fc6fd
(the original #30418).
2018-08-30 13:20:39 +00:00
Graham Christensen 18f9539655
nixos docs: add release notes for nix 2.0 requiremnt bump 2018-08-30 08:52:43 -04:00
Bjørn Forsman ee56a2cc19 treewide: fix typo: asumed -> assumed 2018-08-30 10:19:20 +02:00
Johannes Lötzsch bb08d1c13f nixos/zabbix: fix initial database creation (#45750)
without this fix the database setup fails with „could not connect to database postgres: FATAL:  role "root" does not exist“
2018-08-30 08:25:13 +01:00
Graham Christensen a141b3aad8
Merge pull request #33686 from samueldr/artwork/iso
(Installation media) Bootloader artwork refresh
2018-08-29 15:31:13 -04:00
Nikolay Amiantov 69407cb013 firewall service: respect marks in rpfilter (#39054)
This allows one to add rules which change a packet's routing table:

iptables -t raw -I PREROUTING 1 -m set --match-set myset src -j MARK --set-mark 2
ip rule add fwmark 2 table 1 priority 1000
ip route add default dev wg0 table 1

to the beginning of raw table PREROUTING chain, and still have rpfilter.
2018-08-29 20:50:53 +02:00
xeji 70b3ac8378
nixos/tests/i3wm: prevent non-deterministic failure (#45759)
Test failed sporadically on Hydra, probably due to timing issues.
These changes should make that less likely to occur.
2018-08-29 19:38:35 +02:00
xeji ff6a61ad1b
nixos/tests/mesos: fix test (#45758)
fallout from 39e678e24e :
dockerTools.buildImage no longer applies default tag "latest"
2018-08-29 19:38:00 +02:00
Brian Olsen 9540b1c535 nixos/tests: Set DefaultTimeoutStartSec very high (#44916)
DefaultTimeoutStartSec is normally set to 90 seconds and works fine. But
when running NixOS tests on a very slow machine (like a VM without
nested virtualisation support) this default is to low and causes
systemd units to fail spuriously. One symptom of this issue are tests
at times failing with "timed out waiting for the VM to connect".

Since the VM connect timeout is 300 seconds I also set
DefaultTimeoutStartSec to this which is ridiculously high.
2018-08-29 12:12:12 +02:00
Samuel Dionne-Riel 01259ef98f nixos/grub: Uses the new artwork as the default option.
This also includes a set of defaults *for this option*, where when not
used, other saner defaults are used.
2018-08-29 00:04:58 -04:00
Samuel Dionne-Riel e8406f937e nixos/grub: Adds background color and mode options
The background color option is self-explanatory.

The mode is either `normal` or `stretch`, they are as defined by GRUB,
where normal will put the image in the top-left corner of the menu, and
stretch is the default, where it stretches the image without
consideration for the aspect ratio.

 * https://www.gnu.org/software/grub/manual/grub/grub.html#background_005fimage
2018-08-29 00:04:58 -04:00
Samuel Dionne-Riel bc5b26b4ab Reviews use of old nixos wallpaper to use one with the new logo.
The wallpaper used is *structurally compatible* with the other one,
meaning that the logo is at the same location, and not bigger.

It has one drawback: the logo is brighter, which clashes with the grub
usage. This is to be fixed with new options in grub.
2018-08-29 00:04:58 -04:00
Aaron Andersen d9943e6bba added option to specify which packages are available to the system incrontab
recommendation by @jtojnar and @maurer
2018-08-29 00:43:28 +00:00
Aaron Andersen 3d1091eb5b added a check to make sure a situation where a defined configuration wouldn't be unused as per recommended by @maurer 2018-08-28 23:50:55 +00:00
Ben Wolsieffer 442681cc2a nixos/networkd: fix range assertions on 32 bit Nix 2018-08-28 19:31:10 -04:00
Dennis Gosnell 7d23ffb736 virtualbox: Change the virtualbox tests to not build the unfree tests by default. (#45415) 2018-08-28 22:28:47 +02:00
Vladimír Čunát fd3927ac29
coreutils: split a coreutils-full version
- default coreutils is stripped of /share/ (11 -> 2 MiB)
- coreutils-full retains /share/ and adds openssl for faster *sum tools
- NixOS systemPackages contains coreutils-full
- *Support parameter defaults are moved inside
  (it seemed confusing to have `? false` and "at once" with `? isLinux`)

Closure considerations:
+ typical build-time closure will get lighter by ~9 MiB
- typical closure of NixOS installation will grow by ~2 MiB,
  due to referring to both versions.  I think it would be possible to
  re-use most of the utils between the two versions, but the expression
  would get much more complex.

I considered having stdenv with minimal coreutils and the default
`coreutils` attribute being full, but it turned out there were too many
trivial references in nixpkgs, so it didn't seem easy to keep rebuild
impact of openssl from growing significantly.
2018-08-28 22:17:07 +02:00
Matt McHenry 94a906b59a systemd: ensure fsck Requires/After links are created in mount units
systemd-fsck-generator only produces these lines if it can find the
necessary fsck executable in its PATH.

fixes #29139.
2018-08-28 17:12:49 +02:00
Tuomas Tynkkynen 69b4f427b6 nixos/zabbix-agent: Make the Zabbix package user-configurable 2018-08-28 17:43:12 +03:00
Eelco Dolstra c251ec691a
virtualization.growPartition -> virtualisation.growPartition
There never was a 'virtualization.growPartition'. This got messed up
in eddf30cc93.

Issue #36590.
2018-08-28 14:24:39 +02:00
Jörg Thalheim 6a0a12a921
Merge pull request #45659 from vincentbernat/fix/nginx-gzip
Small nginx tweaks
2018-08-28 09:35:58 +01:00
Aaron Andersen b77f38c3cd added a comment about the PATH variable under which incrontab commands will run 2018-08-27 21:31:55 +00:00
Aaron Andersen 7840d00532 clarified the descriptions of the allow and deny options 2018-08-27 21:15:03 +00:00
Aaron Andersen fc1f33bc2c fixed issue with system jobs 2018-08-27 15:23:19 +00:00
Jörg Thalheim a6ced42c60
Merge pull request #44990 from Ma27/reload-user-units-during-activation
nixos/switch-to-configuration: reload user units
2018-08-27 11:12:42 +01:00
Jörg Thalheim 831ecca60f
Merge pull request #45281 from Gerschtli/zsh-completion
nixos/zsh: Adds enableGlobalCompInit option
2018-08-27 10:45:29 +01:00
Jörg Thalheim 4e365aa453 nixos/zsh: make enableGlobalCompInit description less ambiguous 2018-08-27 10:43:31 +01:00
Vincent Bernat bd075eb914 nginx: add more gzipped MIME types
The additions are:

 - image/svg+xml for SVG images
 - application/atom+xml for Atom feeds

These types are also present in mime.types. For better readability,
the list is sorted and formatted with one type per line.
2018-08-26 21:48:55 +02:00
Vincent Bernat 06a5fb2ada nginx: use a compression level of 5 in recommended configuration
While there is little gain of space to use a compression level of 9,
the CPU usage is significant. Many experiments point to use something
between 4 and 6. For example:

 - https://mjanja.ch/2015/03/finding-the-nginx-gzip_comp_level-sweet-spot/
 - 3bda5b93ed/nginx.conf (L93)
2018-08-26 21:43:34 +02:00
Jörg Thalheim a78b364ed4
Merge pull request #44890 from dywedir/iwd
iwd: 0.4 -> 0.7
2018-08-26 17:25:42 +01:00
Jörg Thalheim b7d7e20b3d
Merge pull request #45647 from xeji/p/netdata-test
nixos/tests/netdata: fix non-deterministic failure
2018-08-26 13:50:10 +01:00
Jörg Thalheim b1aa9cbdbf
Merge pull request #45649 from xeji/p/networking-tests
nixos/tests/networking: fix routes and virtual tests
2018-08-26 13:45:55 +01:00
Uli Baum 3f8756ce10 nixos/tests/networking: fix "virtual" tests
`ip route` now displays extended tun attributes, so the expected
output of this test changed.

Upstream change: https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=118eda77d6602616bc523a17ee45171e879d1818
2018-08-26 14:24:07 +02:00
Uli Baum f021702d21 nixos/tests/networking: fix routes tests
The output format of `ip route` changed, it now explicitly
shows "proto static" for static routes.
2018-08-26 14:15:15 +02:00
Uli Baum a44469d7b6 nixos/tests/netdata: fix non-deterministic failure
The test sporadically failed on hydra when a request was made
before the service was actually listening on its port.
Explicitly wait for the port to open.
2018-08-26 13:38:58 +02:00
Augustin Borsu 4d3ce5ca36 nixos/jupyter: init service 2018-08-26 12:00:54 +02:00
xeji 3050406388
nixos/tests/matrix-synapse: fix test (#45596)
Since matrix-synapse 0.33.0 underscores in server names are rejected
by server name validation, causing the test to fail:
  valueError: Server name 'server_sqlite' contains invalid characters
Relevant upstream change:
546bc9e28b
2018-08-26 10:38:52 +02:00
Bas van Dijk a144c798e5
Merge pull request #44340 from shmish111/es-curator
nixos/curator: init elasticsearch curator
2018-08-26 01:33:34 +02:00
xeji b2dc75cd03
Merge pull request #43736 from volth/patch-208
qemu: 2.12.1 -> 3.0.0
2018-08-26 01:28:12 +02:00
Aaron Andersen fc03a9f5b7 initial work on incron service 2018-08-25 18:08:24 -04:00
Bas van Dijk 228705fc33 elasticsearch-curator: add note to the NixOS release notes 2018-08-25 18:59:32 +02:00
Bas van Dijk 241377ee76 nixos/tests/elk.nix: make sure the test doesn't wait for too long on elasticsearch-curator 2018-08-25 18:53:10 +02:00
Bas van Dijk 32200033a6 elasticsearch-curator: include the module in the module-list & fix bug 2018-08-25 18:53:10 +02:00
David Smith 842000566b elasticsearch-curator: add test 2018-08-25 18:53:10 +02:00
David Smith 2ec33f527b elasticsearch-curator: don't need to add enable to elasticsearch-curator service 2018-08-25 18:53:10 +02:00
David Smith 3744467589 nixos/curator: init elasticsearch curator
https://www.elastic.co/guide/en/elasticsearch/client/curator/5.5/index.html
2018-08-25 18:53:10 +02:00
Bas van Dijk 7d04961c95
Merge pull request #44389 from Mic92/es6
elasticsearch: use 6.x as default version, remove unsupported releases
2018-08-25 17:04:07 +02:00
Uli Baum 268bb4ea3c nixos/tests/munin: fix non-deterministic failure
- wait for node to listen before starting munin-cron
- increase timeout for munin-cron startup
- disable a failing plugin to remove irrelevant error message
2018-08-25 14:27:41 +02:00
Vladyslav Mykhailichenko d73fd69952 iwd: 0.4 -> 0.7 2018-08-25 15:26:52 +03:00
adisbladis dff43f10f6
Merge pull request #45608 from etu/fix-gitea-locale-updates
nixos/gitea: Symlink gitea locales to match running gitea version
2018-08-25 15:25:27 +08:00
Elis Hirwing a098cc98d9
nixos/gitea: Symlink gitea locales to match running gitea version
This prevents issues when gitea adds new locales etc. And if they
change locale values in future versions. Or if you rollback to a
previous version of gitea it might be a good idea to use the previous
locale files.
2018-08-25 09:19:53 +02:00
Eric Wolf 7f8b1dd32f systemd: added groups kvm, render
they need to exist according to the README of systemd
2018-08-25 05:18:53 +03:00
Sarah Brofeldt 8f61e96c1e nixos/datadog-agent: Fix type of use_dogstatsd (#45587) 2018-08-25 00:18:59 +02:00
Samuel Dionne-Riel 41e7de42de Use a themed grub for the installer image
This replaces systemd-boot with grub, it is at feature parity, as in it
can do everything systemd-boot did in the previous commit.
2018-08-24 13:04:56 -04:00
Samuel Dionne-Riel 2f7d9c9f78 Adds refind to the installer image.
This is a 277K (as of right now) addition that can greatly help in some
last recourse scenarios. The specific rEFInd setup will not be able to
boot the installer image, but this is not why it has been added. It has
been added to make use of its volumes scanning capabilities to boot
existing EFI images on the target computer, which is sometimes necessary
with buggy EFI. While is isn't NixOS's job to fix buggy EFI, shipping
this small bit with the installer will help the unlucky few.

Example scenario: two wildly different EFI implementation I have
encountered have fatal flaws in which they sometimes will lose all the
settings, this includes boot configuration. This is compounded by the
fact that the two specific and distinct implementation do not allow
manually adding ESP paths from their interface. The only recourse is to
let the EFI boot the default paths, EFI/boot/boot{platform}.efi, which
is not a default location used by the NixOS bootloaders. rEFInd is able
to scan the volumes and detect the existing efi bootloaders, and boot
them successfully.
2018-08-24 13:04:56 -04:00
Samuel Dionne-Riel 853475fed7 Fixes isolinux configuration for new artwork. 2018-08-24 13:04:56 -04:00
Uli Baum 672a0ebd80 nixos/tests/wordpress: fix test
- explicitly add dbHost to fix test
- remove unnecessary options that are set by default anyway
2018-08-24 15:48:39 +02:00
Bas van Dijk 551fec4467 Merge branch 'master' into es6 2018-08-23 23:41:27 +02:00
Ryan Mulligan 5c5baaf17d treewide: remove mailing list references 2018-08-23 09:24:44 -07:00
volth d4ef7c6772 usb-storage -> uas
Following up https://github.com/NixOS/nixpkgs/pull/23665

Bootable USB-drives are not limited to ISO-images, there can be "normal" MBR/GPT-partitioned disk connected via USB-rack.
Also, "uas" implies "usb-storage", so there is no need to mention both.
2018-08-23 01:42:34 +00:00
Samuel Dionne-Riel 05310e3172
Merge pull request #44919 from Vodurden/init-undervolt
undervolt: init at 0.2.8
2018-08-22 10:13:55 -04:00
Sarah Brofeldt 4c6171c173 nixos/dhcpcd: Wait for devices to settle 2018-08-22 00:20:28 +02:00
Ben Wolsieffer 6897945879 nixos/networkd: replace range with assertRange 2018-08-22 00:11:14 +02:00
xeji d9e5447e7f
Merge pull request #45405 from NixOS/nixos-netboot-dedup
nixos/netboot: Remove redundant setting
2018-08-21 23:24:27 +02:00
Sarah Brofeldt f8306941b7
Merge pull request #45441 from lopsided98/cfssl-user-fix
nixos/cfssl: don't create user/group unless service is enabled
2018-08-21 22:42:29 +02:00
Ben Wolsieffer c6191c8abf nixos/cfssl: don't create user/group unless service is enabled 2018-08-21 16:24:31 -04:00
Robert Schütz 33be3c4630 home-assistant: 0.75.2 -> 0.76.1
Also simplify the way overrides are defined for better readability
and use the opportunity to introduce a packageOverrides option.
2018-08-21 19:26:54 +02:00
Samuel Dionne-Riel 73d348c8eb
Merge pull request #45215 from srhb/no-password-install
nixos/doc: New installer note on unattended installs
2018-08-21 10:25:08 -04:00
Michael Raskin 980cbff93c
Merge pull request #45353 from aanderse/redmine
redmine: 2.5.2 -> 3.4.6
2018-08-21 14:04:02 +00:00
Will Fancher f0957b9477 sd-image: Fix cross compiling 2018-08-21 14:05:23 +03:00