3
0
Fork 0
forked from mirrors/nixpkgs
Commit graph

10325 commits

Author SHA1 Message Date
Tuomas Tynkkynen 6b6a575748 Merge remote-tracking branch 'upstream/master' into staging
Conflicts:
	pkgs/tools/networking/telnet/default.nix
	pkgs/top-level/aliases.nix
2018-05-16 03:09:33 +03:00
Matthew Justin Bauer 2a3399b3c8
Merge pull request #39978 from hedning/plymouth-quit-wait
Make plymouth work with gdm wayland
2018-05-15 14:28:47 -05:00
aszlig fa0b60f59a
nixos/tests/installer: Add lndir to extraDeps
In commit 17dd7bcd89 the systemd unit
generator now uses lndir instead of "ln -s", so we need to have lndir
available in the Nix store for the installer tests to be able to build
the units and thus the whole system.

This should fix the installer tests, although I have only tested it with
the "simple" subtest.

Signed-off-by: aszlig <aszlig@nix.build>
Cc: @jtojnar, @xeji, @edolstra
2018-05-15 18:51:53 +02:00
Matthew Justin Bauer a3e4340149
Merge pull request #39536 from teto/iproute
[RDY] iproute: copy files in /etc
2018-05-15 11:36:31 -05:00
Yorick 261d993519
module-list: add youtrack module to list 2018-05-15 17:34:31 +02:00
Matthieu Coudron b75a9599b4 release notes: mention iproute2 module 2018-05-15 21:55:10 +09:00
Matthieu Coudron 1e0975f4c0 iproute2: module to create rt_table file & co
When doing source routing/multihoming, it's practical to give names to routing
tables. The absence of the rt_table file in /etc make this impossible.
This patch recreates these files on rebuild so that they can be modified
by the user see NixOS#38638.

iproute2 is modified to look into config.networking.iproute2.confDir instead of
/etc/iproute2.
2018-05-15 21:55:04 +09:00
aszlig a7f79620ac
nixos: Fix build of the manual
The manual still had a reference to an option that was already renamed
ages ago and a7ed44ccad made it 'visible'.

With the visible attribute set to false for extraKernelModules, the
option no longer appears in the manual and thus breaks the link from the
manual to the options.

This is easily fixed by referring to boot.initrd.kernelModules instead
of the obsolete option boot.initrd.extraKernelModules.

Signed-off-by: aszlig <aszlig@nix.build>
Cc: @rycee, @matthewbauer
2018-05-15 14:54:57 +02:00
Jan Tojnar d5060ac3a7
Merge pull request #33371 from jtojnar/flatpak
Flatpak
2018-05-15 14:19:33 +02:00
Jan Tojnar d614f32e7a
nixos/flatpak: add docs 2018-05-15 14:18:45 +02:00
Jan Tojnar 21ff482f7d
nixos/xdg-desktop-portal: add test 2018-05-15 14:18:44 +02:00
Jan Tojnar 1c04363714
nixos/flatpak: add test 2018-05-15 14:18:44 +02:00
Maximilian Bosch 91365cd23a nexus: fix setup and nixos test (#40522)
The original `nexus` derivation required `/run/sonatype-work/nexus3`
which explicitly depended on the NixOS path structure.

This would break `nexus` for everyone using `nixpkgs` on a non-NixOS
system, additionally the module never created `/run/sonatype-work`, so
the systemd unit created in `services.nexus` fails as well. The issue
wasn't actively known as the `nixos/nexus` test wasn't registered in
Hydra (see #40257).

This patch contains the following changes:

* Adds `tests.nexus` to `release.nix` to run the test on Hydra.

* Makes JVM parameters configurable: by default all JVM options were located
  in `result/bin/nexus.vmoptions` which made it quite hard to patch
  these parameters. Now it's possible to override all parameters by
  running `VM_OPTS_FILE=custom-nexus.vmoptions ./result/bin/nexus run`
  (after patching the `nexus` shell script), additionally it's possible
  to override these parameters with `services.nexus.vmoptions`.

* Bumped Nexus from 3.5.1 to 3.11.0

* Run the `nexus` test on Hydra with `callTest` in `nixos/release.nix`,
  furthermore the test checks if the UI is available on the specified
  port.

* Added myself as maintainer for the NixOS test and the package to have
  some more people in case of further breakage.

* Added sufficient disk space to the `nexus` test, otherwise the service
  fails with the following errors:

  ```
  com.orientechnologies.orient.core.exception.ODatabaseException: Cannot create database 'accesslog'
  com.orientechnologies.orient.core.exception.OLowDiskSpaceException: Error occurred while executing
    a write operation to database 'accesslog' due to limited free space on the disk (242 MB). The database
    is now working in read-only mode. Please close the database (or stop OrientDB), make room on your hard
    drive and then reopen the database. The minimal required space is 256 MB. Required space is now set to
    256MB (you can change it by setting parameter storage.diskCache.diskFreeSpaceLimit) .
  ```

/cc @ironpinguin @xeji
2018-05-15 14:10:29 +02:00
Jan Tojnar ec80c5e4c4
nixos/flatpak: allow specifying extra portals 2018-05-15 13:31:13 +02:00
Jan Tojnar 17dd7bcd89
nixos/systemd-lib: fix conflict with dbus.service.d directory
When a package contains a directory in one of the systemd directories
(like flatpak does), it is symlinked into the *-units derivation.
Then later, the derivation will try to create the directory, which
will fail:

mkdir: cannot create directory '/nix/store/…-user-units/dbus.service.d': File exists
builder for '/nix/store/…-user-units.drv' failed with exit code 1

Closes: #33233
2018-05-15 13:28:30 +02:00
Jan Tojnar e0a42d991c
nixos/flatpak: init 2018-05-15 13:28:29 +02:00
John Ericson f2017c40ae Merge remote-tracking branch 'upstream/master' into staging 2018-05-14 22:53:10 -04:00
Uli Baum dd73ab0092 nixos/tests: prevent stateVersion warnings in eval
... introduced by 1f0b6922d3
continuation of 88fa50c2f2
2018-05-15 00:22:35 +02:00
John Ericson 01a525b84e Merge remote-tracking branch 'upstream/master' into staging 2018-05-14 13:31:20 -04:00
Arcadio Rubio García efde5fefb3 nixos: stumpwm: switch from package marked as broken to working quicklisp package (#40501) 2018-05-14 18:37:53 +02:00
John Ericson 8e891e6ed4 Merge remote-tracking branch 'upstream/master' into staging 2018-05-14 10:57:33 -04:00
Samuel Dionne-Riel 0ccfe14e25 nixos/grub: Implements use of file format for splashImage.
GRUB 2.0 supports png, jpeg and tga. This will use the image's suffix to
load the right module.

As jpeg module is named jpeg, jpg is renamed jpeg.

If the user uses wrong image suffix for an image, it wouldn't work anyway.

This will leave up to two additional left-over files in /boot/ if user switches
through all the supported file formats. The module already left the png
image if the user disabled the splash image.
2018-05-13 19:51:50 -04:00
Samuel Dionne-Riel 8f3a541a3d nixos/grub: Updates splashImage description to match reality.
Fixes #4911
2018-05-13 19:48:00 -04:00
Uli Baum 88fa50c2f2 nixos/tests: set default stateVersion in test VMs
... to avoid lots of warnings during eval
introduced by 1f0b6922d3
2018-05-14 00:01:15 +02:00
xeji 642bed4b3e
nixos/tests/acme: fix on i686, improve timing (#40410)
... to prevent non-deterministic failures
2018-05-13 19:59:59 +02:00
xeji c482b41f40
Merge pull request #40373 from xeji/fix-mesos-test
nixos/mesos: fix non-deterministic service and test failure
2018-05-13 19:57:24 +02:00
xeji 8c78d3a527
Merge pull request #40416 from oxij/os/fix-some-types
nixos: fix some types
2018-05-13 18:15:55 +02:00
Frederik Rietdijk 658b7c3f2e Merge master into staging 2018-05-13 12:13:25 +02:00
John Ericson 2c5d915200 Merge commit '92b7a814f26ee1d37e989431c18518c67285a332' into staging 2018-05-13 01:02:09 -04:00
Yegor Timoshenko a298167152 stage-1: remove tuxonice handling 2018-05-13 06:28:37 +03:00
Jan Malakhovski fb2a8d6669 nixos: systemd.services.*.environment: fix type 2018-05-13 01:15:37 +00:00
Jan Malakhovski 44d612d6e5 nixos: services.xserver.desktopManager.xterm.enable: fix type 2018-05-13 01:15:23 +00:00
Jan Malakhovski 1f0b6922d3 nixos: version: produce a warning when no system.nixos.stateVersion is explicitly set 2018-05-12 19:27:10 +00:00
Jan Malakhovski 095fe5b43d nixos: rename system.{stateVersion,defaultChannel} -> system.nixos.\1 2018-05-12 19:27:09 +00:00
Niklas Hambüchen 7f79a4fe11 manual: Clarify that limits.conf doesn't apply to systemd services. (#40267)
Say how systemd services can be set instead.

Sources:

* https://bugzilla.redhat.com/show_bug.cgi?id=754285
* https://ro-che.info/articles/2017-03-26-increase-open-files-limit

Signed-off-by: Niklas Hambüchen <mail@nh2.me>
2018-05-12 17:44:57 +02:00
xeji a19cc36e1a
nixos/tests/mysql-backup: fix non-deterministic failure (#40258)
Sometimes failed because of delayed creation of the backup file.
2018-05-12 11:37:35 +02:00
Tim Steinbach 92cf881675
Merge pull request #40390 from xeji/kafka
nixos/tests/kafka: fix and refactor tests
2018-05-11 22:02:53 -04:00
Uli Baum 13f83ba05f nixos/tests/kafka: fix and refactor tests
- refactor into single file for all versions
- improve timing, prevent non-deterministic failures
- fix tests for i686-linux
2018-05-12 02:16:25 +02:00
Ihor Antonov 08ebd830a5 Fix kernel crash caused by absent root device 2018-05-12 02:55:33 +03:00
Ihor Antonov e4777ae2d8 Fix kernel panic on ec2 kvm instances caused by io timeout on nvme root volume 2018-05-12 02:55:33 +03:00
John Ericson ee4b56edd3 Merge remote-tracking branch 'upstream/master' into staging 2018-05-11 14:36:08 -04:00
Uli Baum ec00b6fbb3 nixos/mesos-slave: start after docker
If docker is enabled, start mesos-slave.service after docker.service
to avoid a race condition that could result in mesos-slave to fail
with "Failed to create docker: Timed out getting docker version"
2018-05-11 19:37:31 +02:00
Uli Baum 0d2a4ed49c nixos/tests/mesos: wait for all services and ports
to be available before sending requests.
Avoids non-deterministic test failure.
2018-05-11 19:26:35 +02:00
Robert Schütz d283368d73
Merge pull request #39681 from pstn/gnunet-service
nixos/gnunet: create switch for package.
2018-05-11 14:13:17 +02:00
Sarah Brofeldt 0e1e0df243
Merge pull request #40304 from xeji/fix-graphite-test
nixos/tests/graphite: fix test
2018-05-11 13:56:56 +02:00
Philipp Steinpass c3dba0b7a7 nixos/gnunet: create switch for package. 2018-05-11 13:54:00 +02:00
Yegor Timoshenko 35375aa7ed
hostapd: remove assertion (allow 5GHz channels) 2018-05-11 13:56:18 +03:00
Markus Hauck d12afa6642 googleearth: init at 7.1.8.3036 2018-05-11 09:34:29 +02:00
Uli Baum 50efa1979d nixos/release-combined.nix: fix eval of tested job
bug introduced by f8d047da50
2018-05-11 00:47:43 +02:00
Uli Baum 840e5d8bda nixos/tests/graphite: fix test
- adapt netcat options to libressl-nc
- wait for services to be started and accepting connections
2018-05-10 23:30:56 +02:00
John Ericson 67db915a43 Merge remote-tracking branch 'upstream/master' into staging 2018-05-10 16:35:04 -04:00
xeji 558f4b3368
nixos/tests/plotinus: fix non-deterministic failure (#40239)
Test failed sometimes, likely because a window didn't get focus.
2018-05-10 19:38:02 +02:00
xeji f8d047da50
nixos/release-combined.nix: make tests consistent (#40131)
... with release-small.nix
Tests for small channel should be a subset of tests for full channel.
2018-05-10 19:36:58 +02:00
John Ericson 42f6e7c4e4 Merge remote-tracking branch 'upstream/master' into staging 2018-05-10 12:04:17 -04:00
Robert Schütz da58afdd68 nixos/tests/home-assistant: print log before failing 2018-05-10 13:12:35 +02:00
Frederik Rietdijk 64c8c6dcb3 Merge master into staging 2018-05-10 09:30:56 +02:00
aszlig 67a8c66f68
nixos/dovecot: Fix usage of dhparams option
The pull request that added dhparams (#39507) was made at the time where
the dhparams module overhaul (#39526) wasn't done yet, so it's still
using the old mechanics of the module.

As stated in the release notes:

  Module implementers should not set a specific bit size in order to let
  users configure it by themselves if they want to have a different bit
  size than the default (2048).

  An example usage of this would be:

    { config, ... }:

    {
      security.dhparams.params.myservice = {};
      environment.etc."myservice.conf".text = ''
        dhparams = ${config.security.dhparams.params.myservice.path}
      '';
    }

Signed-off-by: aszlig <aszlig@nix.build>
Cc: @qknight, @abbradar, @hrdinka, @leenaars
2018-05-10 08:29:29 +02:00
aszlig fb9f5e4a03
nixos/testing: Fix output of systemd messages
Regression introduced by d4468bedb5.

No systemd messages are shown anymore during VM test runs, which is not
very helpful if you want to find out about failures.

There is a bit of a conflict between testing and the change that
introduced the regression. While the mentioned commit makes sure that
the primary console is tty0 for virtualisation.graphics = false, our VM
tests need to have the serial console as primary console.

So in order to support both, I added a new virtualisation.qemu.consoles
option, which allows to specify those options using the module system.

The default of this option is to use the changes that were introduced
and in test-instrumentation.nix we use only the serial console the same
way as before.

For test-instrumentation.nix I didn't add a baudrate to the serial
console because I can't find a reason on top of my head why it should
need it. There also wasn't a reason stated when that was introduced in
7499e4a5b9.

Signed-off-by: aszlig <aszlig@nix.build>
Cc: @flokli, @dezgeg, @edolstra
2018-05-10 08:21:20 +02:00
xeji 3d6f752c51
Merge pull request #39099 from teto/qemu_agent
qemu-guest-agent: init module
2018-05-10 01:22:52 +02:00
Sarah Brofeldt 3befef8279
Merge pull request #39671 from johanot/keepalived-vrrpInstanceTracking
nixos/keepalived: Implemented vrrp-instance track scripts and track interfaces
2018-05-09 20:54:36 +02:00
Emmanuel Rosa 0198bcc1eb gnucash: add upgrade instructions to NixOS release notes 2018-05-09 13:21:38 -04:00
jD91mZM2 77a6cbb1c1
zsh: move setEnvironment stuff to zprofile 2018-05-09 14:58:29 +02:00
Uli Baum 844698c436 nixos/tests/statsd: fix non-deterministic failure
Test failed sometimes because the service took more time to start.
2018-05-09 12:38:09 +02:00
Frederik Rietdijk a18b493e02 Merge master into staging 2018-05-09 10:48:01 +02:00
Matthew Justin Bauer dd55c957e2
Merge pull request #40051 from nh2/manual-option-types-attrs
manual: Document `types.attrs`
2018-05-09 07:55:17 +00:00
Matthew Justin Bauer 0b58a5b260
Merge pull request #40052 from flokli/input_leds-doc
modules/system/boot/luksroot: remove comment about input_leds for caps lock
2018-05-09 07:54:47 +00:00
Nikolay Amiantov e711da345c base profile: add mkpasswd to system packages
Allows the user to generate password hashes for the installed system easier.
2018-05-09 00:20:02 +03:00
Matthew Bauer 6748534d83 Merge remote-tracking branch 'upstream/master' into staging 2018-05-08 09:36:00 -05:00
Nikolay Amiantov a08645e9be nginx module: add upstream extraConfig 2018-05-08 16:32:11 +03:00
Joachim Schiele 851d5d72a3 dovecot2: added ssl_dh using security.dhparams
The 18.03 channel includes dovecot 2.3, which requires ssl_dh to be set.
-> fixes https://github.com/nixcloud/nixcloud-webservices/issues/21
2018-05-08 15:51:39 +03:00
jD91mZM2 6c4c36fcbc
NetworkManager: add noDns option 2018-05-08 13:42:39 +02:00
Matthieu Coudron f5e169c608 openntpd: make -s flag work
after seeing
`adjtime failed: Invalid argument` in my syslog, I tried using
`ntpd -s` but it would trigger
`/etc/ntpd.conf: No such file or directory`
see https://github.com/NixOS/nixpkgs/issues/31885

Instead of running the daemon with a specific config file, use the
standard file so that user are able to use the ntp executable without
having to look for the current config file.
2018-05-08 19:15:57 +09:00
Johan Thomsen 41d4bd29ac nixos/keepalived: Implemented vrrp-instance tracking scripts and interfaces.
Tracking scripts in particular, cannot be included in extraOpts, because script declaration has to be above script usage in keepalived.conf.
Changes are fully backward compatible.
2018-05-08 11:25:53 +02:00
aszlig 78b4b90d6c
Merge pull request #39526 (improve dhparams)
This introduces an option that allows us to turn off stateful generation
of Diffie-Hellman parameters, which in some way is still "stateful" as
the generated DH params file is non-deterministic.

However what we can avoid with this is to have an increased surface for
failures during system startup, because generation of the parameters is
done during build-time.

Aside from adding a NixOS VM test it also restructures the type of the
security.dhparams.params option, so that it's a submodule.

A new defaultBitSize option is also there to allow users to set a
system-wide default.

I added a release notes entry that described what has changed and also
included a few notes for module developers using this module, as the
first usage already popped up in NixOS/nixpkgs#39507.

Thanks to @Ekleog and @abbradar for reviewing.
2018-05-08 02:09:46 +02:00
Florian Klink 7499e4a5b9 modules/virtualisation/qemu-vm: set console baudrate to 115200 2018-05-07 19:23:47 +03:00
Florian Klink d4468bedb5 modules/virtualisation/qemu-vm: always enable serial console
Always enable both tty and serial console, but set preferred console
depending on cfg.graphical.
Even in qemu graphical mode, you can switch to the serial console via
Ctrl+Alt+3.

With that being done, you also don't need to specify
`systemd.services."serial-getty@ttyS0".enable = true;` either as described in
https://nixos.wiki/wiki/Cheatsheet#Building_a_service_as_a_VM_.28for_testing.29,
as systemd automatically spawns a getty on consoles passwd via cmdline.

This also means, vms built by 'nixos-rebuild build-vm' can simply be run
properly in nographic mode by appending `-nographic` to `result/bin/run-*-vm`,
without the need to explicitly add platform-specific QEMU_KERNEL_PARAMS.
2018-05-07 19:23:47 +03:00
Florian Klink 36f4b7f6ba virtualisation/qemu-vm.nix: remove ttys
unused.
2018-05-07 19:23:47 +03:00
Florian Klink 046e374c99 virtualisation/qemu-vm.nix: use lib.optionalString 2018-05-07 19:23:47 +03:00
Ben Wolsieffer a75aee3923 nixos/grub: support initrd secrets 2018-05-07 10:35:56 -04:00
Christoph Hrdinka 7e542f7f33
Merge pull request #40054 from aszlig/nsd-root-server
nixos/nsd: Allow to configure root zone
2018-05-07 13:55:30 +02:00
Matthew Justin Bauer 11df600bf8
Merge pull request #39680 from bgamari/fix-acme-post-stop
nixos/acme: Fix broken post-stop script
2018-05-07 04:19:49 +00:00
aszlig a8b7372380
nixos: Add release notes about dhparams changes
This is not only to make users aware of the changes but also to give a
heads up to developers which are using the module. Specifically if they
rely on security.dhparams.path only.

Signed-off-by: aszlig <aszlig@nix.build>
2018-05-07 05:02:41 +02:00
aszlig 81fc2c3509
nixos/dhparams: Add a defaultBitSize option
This allows to set the default bit size for all the Diffie-Hellman
parameters defined in security.dhparams.params and it's particularly
useful so that we can set it to a very low value in tests (so it doesn't
take ages to generate).

Regardless for the use in testing, this also has an impact in production
systems if the owner wants to set all of them to a different size than
2048, they don't need to set it individually for every params that are
set.

I've added a subtest to the "dhparams" NixOS test to ensure this is
working properly.

Signed-off-by: aszlig <aszlig@nix.build>
2018-05-07 04:58:52 +02:00
aszlig 1eeeceb9c7
nixos/nsd: Allow to configure root zone
When trying to run NSD to serve the root zone, one gets the following
error message:

error: illegal name: '.'

This is because the name of the zone is used as the derivation name for
building the zone file. However, Nix doesn't allow derivation names
starting with a period.

So whenever the zone is "." now, the file name generated is "root"
instead of ".".

I also added an assertion that makes sure the user sets
services.nsd.rootServer, otherwise NSD will fail at runtime because it
prevents serving the root zone without an explicit compile-time option.

Tested this by adding a root zone to the "nsd" NixOS VM test.

Signed-off-by: aszlig <aszlig@nix.build>
Cc: @hrdinka, @qknight
2018-05-07 04:05:41 +02:00
Florian Klink 5855459f49 modules/system/boot/luksroot: remove comment about input_leds for caps lock
Since f2a9f9aeab, we already load
"input_leds", so this comment isn't useful anymore.
2018-05-07 01:42:37 +02:00
Niklas Hambüchen 6e7f4f99d1 manual: Document types.attrs
Signed-off-by: Niklas Hambüchen <mail@nh2.me>
2018-05-07 00:36:39 +02:00
Alex Brandt fdebbce726 nixos/modules/services/scheduling/fcron: add setuid to fcrontab
Without fcrontab being setuid, every attempt by an user in the fcron
group to edit their own crontab (via `fcrontab -e`) results in the
following error:

```
2018-05-06 11:29:07 ERROR could not change euid to 273: Operation not permitted
2018-05-06 11:29:07 ERROR fcron child aborted: this does not affect the main fcron daemon, but this may prevent a job from being run or an email from being sent.
```

Adding setuid by hand has resolved this issue and aligns with the way
fcrontab is installed on other distributions.
2018-05-06 11:24:09 -07:00
Joachim F e97d8fc0cb
Merge pull request #39455 from Ekleog/matterbridge-configfile
matterbridge module: add configPath option as a workaround, waiting for nix encryption
2018-05-06 17:29:43 +00:00
WilliButz e2dfac67f7
nixos/promtheus-dnsmasq-exporter: add module 2018-05-06 13:58:39 +02:00
Tristan Helmich 560e91f1a7 nixos/matrix-synapse service: url_preview_url_blacklist fix (#40027)
Moved list of ip ranges to url_preview_ip_range_blacklist defaults.
Fixes #40017
2018-05-06 09:49:04 +00:00
xeji cd960b965f
Merge pull request #38622 from obadz/minidlna-module
nixos/minidlna: add loglevel config
2018-05-06 00:13:39 +02:00
xeji 76c8e5ea3b
Merge pull request #39055 from abbradar/reload-stop
firewall service: run stop commands in reload
2018-05-05 22:13:15 +02:00
Joachim F 1be056ca30
Merge pull request #40000 from JohnAZoidberg/docmodule-optional-fix
nixos/documentation: Correct use of lib.optional
2018-05-05 20:09:44 +00:00
Tuomas Tynkkynen bc828721ed nixos/lib/make-ext4-fs: Add a sanity check
I ended up with a corrupted image with the debugfs contraption once, and
given I couldn't reproduce the problem I suppose that happens if the
filesystem of the builder runs out of space.

At least in this instance fsck could detect it, so let's add it as a
sanity check.
2018-05-05 19:30:54 +03:00
Daniel Schaefer 43650115e3 nixos/documentation: Correct use of lib.optional
lib.optional returns a singleton or an empty list. Therefore the
argument does not need to be wrapped in a list.
An alternative patch could have used lib.optionals but seems like no
more elements are going to be added to the optional list.
2018-05-05 15:55:53 +07:00
Jaka Hudoklin 3ec4528dcf
Merge pull request #39991 from xeji/remove-fleet
fleet, panamax: remove
2018-05-05 08:07:14 +02:00
gnidorah 9f1da66587 ndppd module: init (#35533) 2018-05-05 00:33:20 -05:00
bricewge 21b926003d sshguard: service creates /var/lib/sshguard 2018-05-05 00:29:44 -05:00
Matthew Justin Bauer bcf8e74986
Merge pull request #39938 from edef1c/net-dbus-list-units
switch-to-configuration: use Net::DBus to retrieve the list of units
2018-05-04 23:26:56 -05:00
Uli Baum c3eefe801a fleet: remove package, module, test
deprecated and unmaintained upstream
2018-05-05 00:28:16 +02:00
Uli Baum f039bf9abc panamax: remove packages, module and test
was broken and depends on (deprecated) fleet
packages: panamax_api, panamax_ui
2018-05-05 00:27:15 +02:00
Matthew Justin Bauer 8723594059
rl-1809: add googleearth 2018-05-04 14:41:13 -05:00
Tad Fisher 19445fa145 nixos/powerManagement: add "med_power_with_dipm" scsiLinkPolicy 2018-05-04 10:33:42 -07:00
Pascal Bach 7f53ee8412 restic-rest-server module: init 2018-05-04 16:55:06 +02:00
Tor Hedin Brønner 5777272bd2 nixos/plymouth: multi-user.target wants plymouth-quit-wait.service
This is apparent from the service file directory in plymouth:
├── multi-user.target.wants
│   ├── plymouth-quit.service -> ../plymouth-quit.service
│   └── plymouth-quit-wait.service -> ../plymouth-quit-wait.service

Leaving it unspecified caused gdm-wayland to crash on boot, see #39615.

The change made other display managers not quit plymouth properly however. By
removing "multi-user.target" from `plymouth-quit.after` this is resolved.
2018-05-04 16:06:57 +02:00
Eelco Dolstra 9d0b6b9dfc
nix: 2.0.1 -> 2.0.2 2018-05-04 13:28:36 +02:00
John Ericson cf06e42d1c Merge remote-tracking branch 'upstream/master' into staging 2018-05-03 16:35:36 -04:00
edef 54a13b07d5 switch-to-configuration: use Net::DBus to retrieve the list of units
This resolves the FIXME, and opens up the possibility of using more of
the systemd DBus interface to make things more robust.
2018-05-03 20:19:23 +02:00
Rob Vermaas 41512bfdae
Merge pull request #39654 from AmineChikhaoui/issue-38623
GCE: pull the ssh host keys from the metadata service as expected by NixOps.
2018-05-03 17:16:26 +02:00
Matthew Justin Bauer eeb016e8f0
Merge branch 'staging' into fix-ncurses-darwin-extensions 2018-05-02 15:40:38 -05:00
Matthew Bauer ca30c5e061 Revert "Merge pull request #28206 from edef1c/net-dbus-list-units"
This reverts commit e508f0eec1, reversing
changes made to bead42df5d.
2018-05-02 15:02:29 -05:00
Antoine Eiche d35dcb1280 dockerTools.pullImage: documentation and release note 2018-05-02 21:32:20 +02:00
Matthew Justin Bauer e508f0eec1
Merge pull request #28206 from edef1c/net-dbus-list-units
switch-to-configuration: use Net::DBus to retrieve the list of units
2018-05-02 12:49:37 -05:00
Samuel Leathers f515ca67f5
nixos/dnsdist: initial service 2018-05-02 10:30:30 -04:00
WilliButz 27eb2859f2 prometheus-nginx-exporter: fix bool to string coercion 2018-05-02 16:18:20 +02:00
Robin Gloster fe9096ef09
Merge branch 'master' into docker-registry-enhancements 2018-05-02 13:12:57 +02:00
Samuel Leathers 78f09c9102 nixos/prometheus-surfboard-exporter: add new module 2018-05-02 13:04:34 +02:00
Graham Christensen eca5c99bf8
nixos docs: format =) 2018-05-01 19:57:09 -04:00
Graham Christensen fd2dce9708
nixos docs: ignore generated files 2018-05-01 19:50:02 -04:00
Graham Christensen 9d4b966c4d
nixos docs: fixup 2018-05-01 19:43:52 -04:00
Graham Christensen 4f5a995b03
Merge pull request #39786 from grahamc/format-nixpkgs-docs-target
nixpkgs doc: add format Make target
2018-05-01 19:39:31 -04:00
Graham Christensen 374a3bdf5b
nixos docs: makefile for formatting 2018-05-01 18:03:25 -04:00
Matthew Justin Bauer c46c5b8f4e
Merge pull request #39836 from flokli/virtualbox-5.2.10
virtualbox: 5.2.8 -> 5.2.10
2018-05-01 16:32:48 -05:00
Will Dietz fdc581d8c3
Merge pull request #39407 from dtzWill/feature/check-nix.conf
nixos/nix-daemon: optionally (on by default) check nix.conf can be read
2018-05-01 16:09:20 -05:00
Florian Klink d3527d947f virtualisation.virtualbox.host: migrate from mkOption to mkEnableOption 2018-05-01 22:47:54 +02:00
Florian Klink 92e559212a virtualisation.virtualbox.host: introduce enableExtensionPack 2018-05-01 22:47:46 +02:00
Austin Seipp 5a24d99fa6 foundationdb: split into multiple, major-versioned packages to make upgrades user-controllable
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2018-05-01 15:47:36 -05:00
Austin Seipp 55eec81118 nixos: add TLS support to FoundationDB module, and tweak setup a bit
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2018-05-01 15:47:36 -05:00
Austin Seipp ed5cbbbc44 foundationdb: install the java client library
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2018-05-01 15:47:36 -05:00
edef 1a18fedae4 nixos doc: mananager -> manager 2018-05-01 19:58:50 +02:00
WilliButz cb4c2834ef nixos/prometheus-varnish-exporter: update module 2018-05-01 18:00:53 +02:00
Matthew Justin Bauer 4e58e23262
Merge pull request #39478 from pngwjpgh/infinoted
nixos/infinoted: Abstract over libinfinity version
2018-05-01 10:22:25 -05:00
Michael Weiss 1b8642dff6
nixos/monetdb: init (#39812) 2018-05-01 16:44:12 +02:00
WilliButz de60146f59 nixos/promtheus-nginx-exporter: update module 2018-05-01 15:45:48 +02:00
Michele Catalano afd3136e8e
nixos/docker-registry: Add support for garbage collector to docker registry 2018-05-01 15:23:47 +02:00
Maximilian Bosch 593dc45141
nixos/docker-registry: cleanup module definition & enhance testcase
The following changes have been applied:

- the property `http.headers.X-Content-Type-Options` must a list of
  strings rather than a serialized list
- instead of `/etc/docker/registry/config.yml` the configuration will be
  written with `pkgs.writeText` and the store path will be used to run
  the registry. This reduces the risk of possible impurities by relying
  on the Nix store only.
- cleaned up the property paths to easy readability and reduce the
  verbosity.
- enhanced the testcase to ensure that digests can be deleted as well
- the `services.docker-registry.extraConfig` object will be merged with
  `registryConfig`

/cc @ironpinguin
2018-05-01 15:23:39 +02:00
Michele Catalano f5c0b3f887
nixos/docker-registry: add more configuration options for docker-registry 2018-05-01 14:53:50 +02:00
Graham Christensen 5d03cce7ed
Merge pull request #38351 from grahamc/user-channels
Add user channels to the default nix path
2018-05-01 07:19:38 -04:00
Graham Christensen 8ab8d9cb74
Add user channels to the default nix path 2018-05-01 06:30:31 -04:00
Julien Langlois 519b64592d hitch: init at 1.4.8 + service + test (#39358)
Add the Hitch TLS reverse proxy as an option for TLS termination.
2018-05-01 10:36:36 +01:00
Jörg Thalheim 101dca2d9a
Merge pull request #39798 from lheckemann/nixos-install-chroot-doc
nixos-install manual: remove --chroot option
2018-05-01 08:21:31 +01:00
Linus Heckemann 152454d987 nixos-install manual: remove --chroot option
This option has been removed from the tool in favour of nixos-enter.
2018-05-01 07:36:35 +01:00
Graham Christensen ab1648bf0d
nixpkgs doc: add format Make target 2018-04-30 22:37:58 -04:00
Graham Christensen d1165dba99
Merge pull request #38831 from rdnetto/improve-cross-refs
Improve cross referencing in NixOS Manual
2018-04-30 21:30:20 -04:00
Milo b405a6537c nixos/bspwm: spawn bpswm process in the background and properly set waiPID (#39707) 2018-04-30 17:03:05 +00:00
Maximilian Bosch e12cc85b07
nixos/osquery: add test
Some time ago I fixed the broken package `osquery` (see #39336).
I had to test the package manually by starting the daemon locally,
however this doesn't ensure that the module is still functional.

In order to cover the package *and* the integration with the NixOS
module I thought that adding a testcase might be the best idea.

The current testcase does the following things:

* Starts an `osqueryd` service in a test machine with customized logger
  path and PID file

* Ensures that the `osqueryd.service` unit is running

* Checks if the customized flags (`pidfile`, `logger_path`) are applied
  to `osquery`.

* Performs a simple test query against the `etc_hosts` database to check
  if the basic funcitonality of `osquery` (storing system information into
  a database) works fine.
2018-04-30 16:49:38 +02:00
Michael Raskin fd8dcdfa9d
Merge pull request #39416 from Ma27/fix-.version-config
.version: don't read from `.version` and deduplicate `.version-suffix` references
2018-04-30 08:33:19 +00:00
aszlig b3d5ca8359
nixos/dhparams: Set default bit size to 2048
@Ekleog writes in https://github.com/NixOS/nixpkgs/pull/39526:

> I think a default of 4096 is maybe too much? See certbot/certbot#4973;
> Let's Encrypt supposedly know what they are doing and use a
> pre-generated 2048-bit DH params (and using the same DH params as
> others is quite bad, even compared to lower bit size, if I correctly
> remember the attacks available -- because it increases by as much the
> value of breaking the group).

> Basically I don't have anything personal against 4096, but fear it may
> re-start the arms race: people like having "more security" than their
> distributions, and having NixOS already having more security than is
> actually useful (I personally don't know whether a real-size quantum
> computer will come before or after our being able to break 2048-bit
> keys, let alone 3072-bit ones -- see wikipedia for some numbers).

> So basically, I'd have set it to 3072 in order to both decrease build
> time and avoid having people setting it to 8192 and complaining about
> how slow things are, but that's just my opinion. :)

While he suggests is 3072 I'm using 2048 now, because it's the default
of "openssl dhparam". If users want to have a higher value, they can
still change it.

Signed-off-by: aszlig <aszlig@nix.build>
2018-04-30 05:53:38 +02:00
Graham Christensen 8caaec894e
Merge pull request #39649 from grahamc/hacking-docs
NixOS docs: making it easier to hack on
2018-04-29 21:56:45 -04:00
aszlig f148c5c4a1
nixos/tests: Fix QEMU flags for SCSI disks
The ability to specify "-drive if=scsi" has been removed in QEMU version
2.12 (introduced in 3e3b39f173).

Quote from https://wiki.qemu.org/ChangeLog/2.12#Incompatible_changes:

> The deprecated way of configuring SCSI devices with "-drive if=scsi"
> on x86 has been removed. Use an appropriate SCSI controller together
> "-device scsi-hd" or "-device scsi-cd" and a corresponding "-blockdev"
> parameter instead.

So whenever the diskInterface is "scsi" we use the new way to specify
the drive and fall back to the deprecated way for the time being. The
reason why I'm not using the new way for "virtio" and "ide" as well is
because there is no simple generic way anymore to specify these.

This also turns the type of the virtualisation.qemu.diskInterface option
to be an enum, so the user knows which values are allowed but we can
also make sure the right value is provided to prevent typos.

I've tested this against a few non-disk-related NixOS VM tests but also
the installer.grub1 test (because it uses "ide" as its drive interface),
the installer.simple test (just to be sure it still works with
"virtio") and all the tests in nixos/tests/boot.nix.

In order to be able to run the grub1 test I had to go back to
8b1cf100cd (which is a known commit where
that test still works) and apply the QEMU update and this very commit,
because right now the test is broken.

Apart from the tests here in nixpkgs, I also ran another[1] test in
another repository which uses the "scsi" disk interface as well (in
comparison to most of the installer tests, this one actually failed
prior to this commit).

All of them now succeed.

[1]: 9b5a119972/tests/system/kernel/bfq.nix

Signed-off-by: aszlig <aszlig@nix.build>
Cc: @edostra, @grahamc, @dezgeg, @abbradar, @ts468
2018-04-30 03:02:59 +02:00
aszlig 1907120f23
nixos/tests/udisks2: Fix USB device hotplug
The usb_add and usb_del monitor commands have been removed in QEMU
version 2.12 (introduced in 3e3b39f173).

Quote from https://wiki.qemu.org/ChangeLog/2.12#Incompatible_changes:

> The deprecated HMP commands "usb_add" and "usb_del" have been removed.
> Use "device_add" and "device_del" as replacement instead.

So we're doing exactly that and the udisks2 test now works again.

Signed-off-by: aszlig <aszlig@nix.build>
Cc: @edolstra
2018-04-30 03:02:57 +02:00
Matthew Justin Bauer f12b93162a
rl-1809: add netcat note 2018-04-29 18:30:42 -05:00
aszlig 146cb02542
nixos/tests/hibernate: Fix netcat flags
I'm not sure why 024b501907 used -q 0
because even netcat-openbsd has the -N flag which IMO is the better way
to shutdown the socket on EOF.

Our default netcat implementation has changed once again[1] in
3c3b82234a and we're now using LibreSSL's
implementation, which doesn't have a -q flag.

See https://github.com/NixOS/nixpkgs/pull/39634 for the pull request
introducing the switch.

[1]: https://github.com/NixOS/nixpkgs/pull/19982

Signed-off-by: aszlig <aszlig@nix.build>
Cc: @matthewbauer, @dtzWill, @Mic92
2018-04-29 23:46:47 +02:00
xeji 1937b810b6
Merge pull request #39340 from xeji/interim-fix-39069
nixos/networkd: wait for udev to settle before starting networkd
2018-04-29 20:45:09 +02:00
Ben Gamari 7d68eadf37 nixos/acme: Fix broken post-stop script
Previously the script would contain an empty `if` block (which is invalid
syntax) if both `data.activationDelay == null` and `data.postRun == ""`. Fix
this by adding a no-op `true`.
2018-04-29 13:32:02 -04:00
aszlig 97adb03a9e
nixos/tests/predictable-interface-names: Refactor
The Nix expression here is really hard to read with multiple (and
unnecessarily) nested lets and it also generates attribute names based
on the derivation generated by makeTest, which will result in these
attribute names:

  * vm-test-run-predictableInterfaceNames
  * vm-test-run-predictableInterfaceNames-with-networkd
  * vm-test-run-unpredictableInterfaceNames
  * vm-test-run-unpredictableInterfaceNames-with-networkd

With the refactor the attribute names are now:

  * predictable
  * predictableNetworkd
  * unpredictable
  * unpredictableNetworkd

So now the code is even shorter and IMHO slightly more readable.

Signed-off-by: aszlig <aszlig@nix.build>
Cc: @symphorien, @fpletz, @adisbladis
2018-04-29 15:36:56 +02:00
Peter Hoeg 3c63bda681
Merge pull request #39137 from peterhoeg/m/lcd
nixos lcdproc: module for lcdd/lcdproc
2018-04-28 22:57:59 +00:00
Tim Steinbach 9774c8a0de
linux-copperhead: Fix test 2018-04-28 20:20:47 +00:00
AmineChikhaoui f514a68969
barf if pulling the ssh host keys fails 2018-04-28 17:07:54 +01:00
AmineChikhaoui 4a86f8c9ab
remove the entire temporary directory 2018-04-28 17:06:25 +01:00
AmineChikhaoui 3b8c7424d1
pull the ssh host keys from the metadata service as expected by NixOps.
Issues: #38623 https://github.com/NixOS/nixops/issues/930.
2018-04-28 16:52:46 +01:00
aszlig 1b1b76f70a
nixos/tests/chromium: Wait 10s after new window
This is a very very very ugly workaround and it's because Chromium seems
to eat keystroke for a few seconds after a new window is created.

I haven't found a better solution yet, so let's at least unbreak the
test until we come up with a better way.

Thanks to @vcunat for bringing this to my attention and also doing the
initial bisect.

The change that brought up this problem was 2b29e40153,
which updated Chromium from version 65.0.3325.181 to version
66.0.3359.117. Unfortunately the upstream changelog[1] is way too large
to actually guess what the breaking change is.

[1]: https://chromium.googlesource.com/chromium/src/+log/65.0.3325.181..66.0.3359.117?pretty=fuller&n=10000

Signed-off-by: aszlig <aszlig@nix.build>
Cc: @bendlas, @vcunat
2018-04-28 17:35:13 +02:00
Maximilian Bosch 9274ea3903
treewide: rename version attributes
As suggested in https://github.com/NixOS/nixpkgs/pull/39416#discussion_r183845745
the versioning attributes in `lib` should be consistent to
`nixos/version` which implicates the following changes:

* `lib.trivial.version` -> `lib.trivial.release`
* `lib.trivial.suffix` -> `lib.trivial.versionSuffix`
* `lib.nixpkgsVersion` -> `lib.version`

As `lib.nixpkgsVersion` is referenced several times in `NixOS/nixpkgs`,
`NixOS/nix` and probably several user's setups. As the rename will cause
a notable impact it's better to keep `lib.nixpkgsVersion` as alias with
a warning yielded by `builtins.trace`.
2018-04-28 14:23:53 +02:00
Maximilian Bosch 39909289f4
lib: deduplicate version/suffix references
The logic regarding the generated `.version-suffix` file is already
defined in `lib/trivial.nix` and shouldn't be duplicated in
`nixos/version`.
2018-04-28 14:23:13 +02:00
Jörg Thalheim f9fe798f95
Merge pull request #39612 from bgamari/cupsd-loglevel
cupsd: Introduce services.printing.logLevel option
2018-04-28 12:50:48 +01:00
Tuomas Tynkkynen dda74d9e50 nixos/qemu-vm: Always add a virtio RNG device to the quest
mke2fs has this annoying property that it uses getrandom() to get random
numbers (for whatever purposes) which blocks until the kernel's secure
RNG has sufficient entropy, which it usually doesn't in the early boot
(except if your CPU supports RDRAND) where we may need to create the
root disk.

So let's give the VM a virtio RNG to avoid the boot getting stuck at
mke2fs.
2018-04-28 12:48:06 +03:00
Graham Christensen 74fcb1c770
nixos docs: include note about make for debugging the nixos docs 2018-04-28 04:15:16 -04:00
Graham Christensen a77dc213a7
nixos manual: update xi:include for configuruation.nix's options-db 2018-04-28 04:04:56 -04:00
Graham Christensen 0ff0d138e4
nixos docs: Add a makefile for hacking on the nixos docs 2018-04-28 04:00:55 -04:00
Graham Christensen 59f8b1e844
nixos docs: Move generated XML in to a specific subdirectory to allow easier hacking 2018-04-27 22:44:51 -04:00
Graham Christensen 68d48cecf6
Merge pull request #31418 from ryantm/doc-nixos-extra-module-path
lib/eval-config: document NIXOS_EXTRA_MODULE_PATH
2018-04-27 21:26:06 -04:00
Sarah Brofeldt b15e884f80
Merge pull request #39617 from Mic92/nixos-generate-config
nixos/nixos-generate-config: update search command
2018-04-28 00:33:21 +02:00
Matthew Justin Bauer 1c9dc7daa1
Merge pull request #39459 from oxij/nixos/isolinux
nixos: installer: cleanup a bit
2018-04-27 17:30:51 -05:00
Badi Abdul-Wahid df3566c956 unifi, nixos/unifi: support LTS (5.6.36) and release (5.7.20)
Ubiquiti has both a LTS and current version of their Unifi controller software.

The latter adds new features, but may drop support for some devices.

This adds the capability to use either for the unifi module but defaults
to the LTS version, which was the previous behavior.
2018-04-28 00:27:33 +02:00
Jörg Thalheim 91e58ad48a
Merge pull request #39613 from bgamari/networkd-requiredforonline
networkd: Allow RequiredForOnline field in [Link] section
2018-04-27 23:21:34 +01:00
Jörg Thalheim 468f3ce0ed nixos/xserver: remove nvidiaLegacy173 from videoDrivers.examples
see 92265e807e (commitcomment-28773179)
2018-04-27 23:02:09 +01:00
xeji 06a3f2033f
Merge pull request #39431 from fdietze/patch-1
nixos manual: Fix typo in Syntax Summary
2018-04-27 23:10:26 +02:00
Yegor Timoshenko 6e33df0f6f
Merge pull request #39008 from serokell/youtrack
Youtrack package and service
2018-04-27 22:16:57 +03:00
Yegor Timoshenko e71c36369f
Merge pull request #39002 from serokell/oauth2_proxy_mod
oauth2_proxy: refactor service
2018-04-27 22:15:50 +03:00
Jörg Thalheim e8d5070e23 nixos/nixos-generate-config: update search command 2018-04-27 18:19:05 +01:00
Jan Malakhovski 92265e807e nixos: xserver: add related packages 2018-04-27 18:10:04 +01:00
Jan Malakhovski 5ec94de03c nixos: alsa: better docstring 2018-04-27 18:07:19 +01:00
Profpatsch 900cec79a0 lib/debug: add replacement instructions & release notes
for every deprecated function.
2018-04-27 18:59:39 +02:00
Profpatsch b90104ea0e lib/debug: fix use-sites of deprecated debug functions 2018-04-27 18:59:39 +02:00
Ben Gamari 192352ff2f nixos/cupsd: Introduce services.printing.logLevel option
Previously we indirectly suggested that the user use
services.printing.extraConf to set this, but this doesn't work with the
default merge ordering. Fix this by making it an independent option.
Fixes #39611.
2018-04-27 16:41:49 +00:00
Ben Gamari 65c1cfce3f nixos/networkd: Allow RequiredForOnline field in [Link] section
This was previously missing.
2018-04-27 16:41:16 +00:00
Yorick van Pelt 000482ffc4
youtrack: add service 2018-04-27 17:33:41 +02:00
Yorick van Pelt 048c991eb0
oauth2_proxy: use explicit upstream default for setXauthrequest 2018-04-27 16:45:38 +02:00
Rodney Lorrimar 3e446ecd56 nixos/buildkite-agent: fix variable expansion in hook scripts
@cleverca found this bug in the declarative hooks config. Any shell
variables referenced in a hook script would get expanded by the hooks
directory builder.

Prevent variable expansion by quoting the here doc limit string.
2018-04-27 12:17:40 +01:00
Matthieu Coudron ca0604190e qemu-guest-agent: init module
Allow out of band communication between qemu VMs and the host.
Useful to retrieve IPs of VMs from the host (for instance when libvirt can't analyze
DHCP requests because VMs are configured with static addresses or when
there is connectivity default).
2018-04-27 18:32:15 +09:00
Vladimír Čunát 88695c6e94
Revert "release-combined: don't include tests.chromium"
This reverts commit 1d06254998.
We now get a build and maybe have a workaround #39570; /cc #39476.
2018-04-27 02:42:12 +02:00
Franz Pletz dc62e8509a
nixos/caddy: fix ca api endpoint, now uses v2 2018-04-27 01:11:54 +02:00
Matthew Justin Bauer 1d06254998
release-combined: don't include tests.chromium
The chromium package will frequently time out . Note that this is unrelated to the test but a side effect because the test depends on chromium.

https://hydra.nixos.org/job/nixos/trunk-combined/nixos.tests.chromium.x86_64-linux

See also #39476
2018-04-26 10:14:51 -05:00
Nikolay Amiantov b827307c52 dante service: default for logoutput
Log to journald via syslog by default; also improve option type.
2018-04-26 13:57:11 +03:00
Nikolay Amiantov bd140fb41d dante service: restart only on failure
Normal exit code shouldn't result in a restart.
2018-04-26 13:57:11 +03:00
Gregor Kleen 274579cc95 nixos/infinoted: Abstract over libinfinity version 2018-04-26 08:35:00 +02:00
aszlig ce87773867
nixos/dhparams: Clean up module expression
First of all let's start with a clean up the multiline string
indentation for descriptions, because having two indentation levels
after description is a waste of screen estate.

A quick survey in the form of the following also reveals that the
majority of multiline strings in nixpkgs is starting the two beginning
quotes in the same line:

$ find -name '*.nix' -exec sed -n -e '/=$/ { n; /'\'\''/p }' {} + | wc -l
817
$ find -name '*.nix' -exec grep "= *'' *\$" {} + | wc -l
14818

The next point is to get the type, default and example attributes on top
of the description because that's the way it's rendered in the manual.

Most services have their enable option close to the beginning of the
file, so let's move it to the top.

Also, I found the script attribute for dhparams-init.service a bit hard
to read as it was using string concatenation to split a "for" loop.

Now for the more substantial clean ups rather than just code style:

  * Remove the "with lib;" at the beginning of the module, because it
    makes it easier to do a quick check with "nix-instantiate --parse".
  * Use ConditionPathExists instead of test -e for checking whether we
    need to generate the dhparams file. This avoids spawning a shell if
    the file exists already and it's probably more common that it will
    exist, except for the initial creation of course.
  * When cleaning up old dhparams file, use RemainAfterExit so that the
    unit won't be triggered again whenever we stop and start a service
    depending on it.
  * Capitalize systemd unit descriptions to be more in par with most
    other unit descriptions (also see 0c5e837b66).
  * Use "=" instead of "==" for conditionals using []. It's just a very
    small nitpick though and it will only fail for POSIX shells. Bash on
    the other side accepts it anyway.

Signed-off-by: aszlig <aszlig@nix.build>
Cc: @Ekleog
2018-04-26 08:04:52 +02:00
aszlig 3e11ff6e0d
nixos/dhparams: Introduce a 'stateful' option
This option allows us to turn off stateful generation of Diffie-Hellman
parameters, which in some way is still stateful as the generated DH
params file is non-deterministic.

However what we can avoid with this is to have an increased surface for
failures during system startup, because generation of the parameters is
done during build-time.

Another advantage of this is that we no longer need to take care of
cleaning up the files that are no longer used and in my humble opinion I
would have preferred that #11505 (which puts the dhparams in the Nix
store) would have been merged instead of #22634 (which we have now).

Luckily we can still change that and this change gives the user the
option to put the dhparams into the Nix store.

Beside of the more obvious advantages pointed out here, this also
effects test runtime if more services are starting to use this (for
example see #39507 and #39288), because generating DH params could take
a long time depending on the bit size which adds up to test runtime.

If we generate the DH params in a separate derivation, subsequent test
runs won't need to wait for DH params generation during bootup.

Of course, tests could still mock this by force-disabling the service
and adding a service or activation script that places pre-generated DH
params in /var/lib/dhparams but this would make tests less readable and
the workaround would have to be made for each test affected.

Note that the 'stateful' option is still true by default so that we are
backwards-compatible with existing systems.

Signed-off-by: aszlig <aszlig@nix.build>
Cc: @Ekleog, @abbradar, @fpletz
2018-04-26 08:04:50 +02:00
aszlig 761266bd18
nixos/dhparams: Turn params into a submodule
We're going to implement an option which allows us to turn off stateful
handling of Diffie-Hellman parameter files by putting them into the Nix
store.

However, modules now might need a way to reference these files, so we
add a now path option to every param specified, which carries a
read-only value of the path where to find the corresponding DH params
file.

I've also improved the description of security.dhparams.params a bit so
that it uses <warning/> and <note/>.

The NixOS VM test also reflects this change and checks whether the old
way to specify the bit size still works.

Signed-off-by: aszlig <aszlig@nix.build>
Cc: @Ekleog
2018-04-26 08:04:48 +02:00
aszlig 4de774a63b
nixos/dhparams: Add a VM test
We're going to make changes to the dhparams module so we really want to
make sure we don't break it, so having a NixOS VM test is to make sure
we don't blow things up and can iterate on it.

Signed-off-by: aszlig <aszlig@nix.build>
Cc: @Ekleog
2018-04-26 08:04:45 +02:00
Robin Gloster 94f5e5ad14
Revert "gitlab: disable"
This reverts commit 68c4605f1a.

Gitlab has been fixed
2018-04-26 00:15:24 +02:00
Robin Gloster 783fb86de4
gitlab module: update to gitlab 10.7 2018-04-26 00:15:24 +02:00
Matthew Justin Bauer e4d2d32a32
Merge pull request #33679 from flokli/deluge-module
Deluge: use mkEnableOption, add test
2018-04-25 14:54:34 -05:00
Matthew Justin Bauer a4a2626cd9
Merge pull request #35280 from markus1189/logkeys
Logkeys: Update and add `device` option to service
2018-04-25 14:48:29 -05:00
John Ericson ba52ae5048 treewide: isArm -> isAarch32
Following legacy packing conventions, `isArm` was defined just for
32-bit ARM instruction set. This is confusing to non packagers though,
because Aarch64 is an ARM instruction set.

The official ARM overview for ARMv8[1] is surprisingly not confusing,
given the overall state of affairs for ARM naming conventions, and
offers us a solution. It divides the nomenclature into three levels:

```
ISA:             ARMv8   {-A, -R, -M}
                 /    \
Mode:     Aarch32     Aarch64
             |         /   \
Encoding:   A64      A32   T32
```

At the top is the overall v8 instruction set archicture. Second are the
two modes, defined by bitwidth but differing in other semantics too, and
buttom are the encodings, (hopefully?) isomorphic if they encode the
same mode.

The 32 bit encodings are mostly backwards compatible with previous
non-Thumb and Thumb encodings, and if so we can pun the mode names to
instead mean "sets of compatable or isomorphic encodings", and then
voilà we have nice names for 32-bit and 64-bit arm instruction sets
which do not use the word ARM so as to not confused either laymen or
experienced ARM packages.

[1]: https://developer.arm.com/products/architecture/a-profile
2018-04-25 15:28:55 -04:00
Jan Tojnar ad589329e7
nixos/release.nix: add tests.gdk-pixbuf 2018-04-25 18:37:44 +02:00
Peter Hoeg 077811ebe3 nixos lcdproc: module for lcdd/lcdproc 2018-04-25 22:16:07 +08:00
Ben Wolsieffer 4d40adb86d nginx: allow basic auth passwords to be specified in a file 2018-04-25 15:37:09 +02:00
Sarah Brofeldt 25abc29f47
Merge pull request #39473 from xeji/update-keymap-test
nixos/tests/keymap: wait for xdotool to succeed
2018-04-25 11:17:53 +02:00
xeji 6891bda370 nixos/tests/keymap: wait for xdotool to succeed
xdotool failed in rare cases when a window was already created
but not yet decorated by the window manager.
also prevent a (never observed but possible) race condition
2018-04-25 10:16:52 +02:00
Austin Seipp e4e8562806 nixos: typofixes/tab deletion in some foundationdb docs/module
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2018-04-25 00:05:18 -05:00
Peter Hoeg 45f1205bab
Merge pull request #39304 from peterhoeg/f/ha
home-assistant: add a few knobs and make config YAML
2018-04-25 01:35:12 +00:00
Jan Malakhovski 2460063575 nixos: installer: cleanup a bit 2018-04-25 00:55:22 +00:00
Léo Gaspard e199143f11
matterbridge module: add configPath option as a workaround, waiting for nix encryption 2018-04-25 01:37:37 +02:00
Felix Dietze 2ac306c91c
nixos manual: Fix typo in Syntax Summary 2018-04-24 21:57:51 +02:00
Robert Schütz e4a6e320bb home-assistant: simplify definition of configFile 2018-04-24 20:49:16 +02:00
Will Dietz fa1d1eec6e nixos/nix-daemon: optionally (on by default) check nix.conf can be read
* checks using package providing the nix-daemon that we'll be using
* made optional (unlike some other config checks) "just in case":
  since this requires running the new Nix on the builder, this
  won't work in a few (AFAIK very uncommon) situations such as
  cross-compiling NixOS or using `include` directives in nix.conf

This does rely on Nix2 but not by the builder.
Since we only offer Nix2+ in-tree this should be fine,
and may otherwise be required anyway.
2018-04-24 10:16:57 -05:00
Matthew Justin Bauer 1b0a7bfe38
Merge pull request #31833 from pngwjpgh/feat/acme/delay
nixos/acme: Allow for time window between cert issue and activation
2018-04-24 10:06:02 -05:00
Sarah Brofeldt 65abd2e63f
Merge pull request #39400 from xeji/improve-keymap-tests
nixos/tests/keymap: improve keymap tests
2018-04-24 11:49:53 +02:00
xeji 84a6e18947 nixos/tests/keymap: improve keymap tests
simplify tests, prevent timeouts and non-deterministic failures
2018-04-24 11:13:48 +02:00
Michael Raskin 6048470df1
Merge pull request #39342 from samueldr/fix/nixos-enter-efivarfs
nixos-enter: Ensures presence of full /sys tree. (for efivarfs)
2018-04-23 21:42:12 +00:00
gnidorah ce8f347ca8 nixos/hans, nixos/iodine: fix passwordFile attribute 2018-04-23 23:40:47 +03:00
Austin Seipp 18f28a6413 nixos: add foundationdb module, documentation
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2018-04-23 12:13:09 -05:00
Matthew Justin Bauer 14e66c1659
Merge pull request #36734 from gnidorah/hans
nixos/hans: init
2018-04-23 11:42:09 -05:00
Jan Malakhovski fbd4563b53 nixos: documentation: implement documentation.dev.enable option
I know that "devinfo" output does not currently exist, but so does "devman".
It is mentioned in the nixpkgs manual, but no derivation in nixpkgs actually uses it.
2018-04-23 15:08:58 +02:00
Jan Malakhovski 483815a743 nixos: documentation: move some code around, make docstrings more informative 2018-04-23 15:08:58 +02:00
adisbladis dd486e64e5
Merge pull request #39322 from elitak/trezor
trezord: Added Trezor Model-T (v2) udev rules
2018-04-23 18:14:20 +08:00
Peter Hoeg b886faa6b6 home-assistant: use remarshal to convert configuration to YAML
HA doesn't mind the configuration being JSON instead of YAML but since YAML is
the official language, use that as it allows users to easily exchange config
data with other parties in the community.
2018-04-23 16:53:13 +08:00
Peter Hoeg 4cd88807d8 home-assistant: make port configurable so we can use it elsewhere
Additionally, some settings based on NixOS configuation is set via defaultConfig
which is then merged with the user provided configration.

For now that just means http port and time zone but others can easily be added.
2018-04-23 16:53:12 +08:00
Jörg Thalheim 54bcf06084
Merge pull request #39155 from NixOS/zramSwap-one-dev
zramSwap: default to 1 device
2018-04-23 08:44:16 +01:00
Samuel Dionne-Riel 14cab1ac57 nixos-enter: Ensures presence of full /sys tree.
This partially reverts a change from e88f28965a
which removed the `mount --rbind /sys`.

While true that the activation scripts will mount `sysfs` at `/sys`,
none of the mountpoints lower in the `/sys` tree are handled by the
activation script, which includes `efivarfs`.

This fixes #38477 since it ensures the presence of `efivarfs` in the
`/sys` tree, which is why the systemd-boot installation failed.
2018-04-22 16:02:57 -04:00
Tuomas Tynkkynen 6a819c8f8c nixos/iso-image.nix: Fix typo 2018-04-22 22:12:17 +03:00
xeji 236703f9f3 nixos/systemd-networkd: wait for udev to settle
... to avoid race condition between udevd renaming and
networkd configuring interfaces (39069)
2018-04-22 21:02:57 +02:00
Nikolay Amiantov 7c90a86770 wireguard service: use scripts instead of ExecStarts/Stops
This is more in line with what other services do; also looks cleaner.
It changes configuration entries for pre-and post-hooks type to lines from
lists of strings which are more logical for them; coersion is provided for
backwards compatibility.

Finally, add several steps to improve robustness:

1. Load kernel module on start if not loaded;
2. Don't remove wireguard interface on start; it is removed on service stop. If
   it's not something is wrong.
2018-04-22 13:33:11 -05:00
Joachim F f442bfc02a
Merge pull request #39048 from oxij/nixos/fix-rename-bugs
nixos: fix rename.nix bugs
2018-04-22 17:46:09 +00:00
Bastian Köcher 6ed495cf13 raspberrypi-bootloader: Adds firmwareConfig config option
The `firmwareConfig` option will be appended to `/boot/config.txt`.
2018-04-22 18:27:17 +03:00
Bastian Köcher 8bc970bbc7 raspberrypi-bootloader: Adds support for using uboot
Uboot is copied into `/boot` in the installation process.
The boot entries are created by calling the `generic-extlinux-compatible` builder.
2018-04-22 18:27:17 +03:00
Jörg Thalheim fecda3498b
Merge pull request #27117 from cjxgm/fix-nspawn-missing-suffix
systemd.nspawn: fix missing suffix
2018-04-22 15:21:07 +01:00
Robert Hensing 1441806c27 nixpkgs: add nixos function 2018-04-22 12:34:02 +01:00
Eric Litak 4bf61fa67a trezord: Added Trezor Model-T (v2) udev rules 2018-04-21 22:04:47 -07:00
Matthew Justin Bauer e4717c902f
Merge pull request #27958 from LumiGuide/strongswan-swanctl
nixos: add the strongswan-swanctl service
2018-04-21 15:47:39 -05:00
Gregor Kleen 79eebad055 Fix incorrect merge 2018-04-21 22:34:39 +02:00
Gregor Kleen e11cb1d2a9 Merge branch 'master' of github.com:NixOS/nixpkgs into feat/acme/delay 2018-04-21 22:34:01 +02:00
Matthew Justin Bauer 29dc27c5a3
Merge pull request #30908 from kierdavis/boinc-fhs
boinc service: use an FHS environment (CI now passing)
2018-04-21 15:25:58 -05:00
Matthew Justin Bauer 1eea73eaa8
Merge branch 'master' into feat/acme/delay 2018-04-21 14:53:23 -05:00
Matthew Justin Bauer 7a516cd0c3
Merge branch 'master' into feat/nsd/dnssec 2018-04-21 14:48:30 -05:00
Matthew Justin Bauer aeff4242db
Merge pull request #31969 from Assassinkin/master
Update sssd integration with pam as documented by RedHat
2018-04-21 14:36:47 -05:00
Jörg Thalheim dc0653f54f
Merge pull request #38816 from Ekleog/dovecot-lda-test
dovecot module: test dovecot's LDA
2018-04-21 19:55:23 +01:00
Jörg Thalheim 862f5b0b34
Merge pull request #35541 from xeji/containers-extraflags
nixos/containers: add extraFlags option
2018-04-21 14:16:49 +01:00
Jörg Thalheim a3e197a222
Merge pull request #39300 from erikarvstedt/openvpn-no-timestamps
openvpn: remove redundant timestamps from log output
2018-04-21 13:18:48 +01:00
Erik Arvstedt 683eeab299 openvpn: remove redundant timestamps from log output
The systemd journal is already logging and showing timestamps
2018-04-21 14:17:22 +02:00
Jörg Thalheim bf6998bdfa
Merge pull request #39297 from xeji/tests/gnome3-gdm
nixos/tests/gnome3-gdm: fix broken test
2018-04-21 11:40:52 +01:00
Lassulus 6db2057f00 nixos/restic: init (#38948) 2018-04-21 11:12:43 +01:00
xeji 4c14202bd1 nixos/tests/gnome3-gdm: fix broken test
test always failed due to multiple bugs
2018-04-21 12:09:30 +02:00
Peter Hoeg e10718f0ff
Merge pull request #39232 from Infinisil/sshd-options
nixos/sshd: add options for kexAlgorithms, ciphers and MACs
2018-04-21 04:45:18 +00:00
Matthew Justin Bauer 6b11a5ff13
Merge pull request #38979 from xeji/tests-systemd
nixos/tests/systemd: fix broken test
2018-04-20 18:04:12 -05:00
Eelco Dolstra 03b36522e7
nix: 2.0 -> 2.0.1 2018-04-20 23:37:18 +02:00
Daiderd Jordan 58fd592019
Merge pull request #38356 from Infinisil/fix/environment
nixos/systemd: Fix environment type -> allows overriding
2018-04-20 22:22:05 +02:00
Wout Mertens 77a1993b46
Merge pull request #38918 from gnidorah/gitweb
nixos/gitweb: add gitwebTheme option
2018-04-20 21:32:34 +02:00
Franz Pletz d65a6cc6c9
Merge pull request #39165 from WilliButz/update-postfix-exporter
prometheus-postfix-exporter: 2017-06-01 -> 0.1.1, update module
2018-04-20 18:26:50 +00:00
Silvan Mosberger ee3fd4ad53
nixos/sshd: add options for kexAlgorithms, ciphers and MACs 2018-04-20 19:05:19 +02:00
Daniel Peebles ec569fc482
Merge pull request #39164 from ngortheone/master
Fix root volume resizing on EC2 KVM instances (M5, C5, etc)
2018-04-20 09:04:38 -04:00
aszlig a9cd8ef23e
nixos/tests/containers-imperative: Fix eval
The commit c6f7d43678 changed the system
attribute to be below config.nixpkgs.localSystem, but the test still
uses the old attribute.

I have not tested whether the test actually succeeds but just checked
whether evaluation works and it evaluates successfully now.

Signed-off-by: aszlig <aszlig@nix.build>
2018-04-20 12:25:04 +02:00
John Ericson 53686e8995
Merge pull request #38485 from obsidiansystems/nixos-nixpkgs-options
nixpkgs module: Clean up platform options
2018-04-19 14:59:58 -04:00
WilliButz c3d46165db
nixos/prometheus-postfix-exporter: update module 2018-04-19 19:47:13 +02:00
Ihor Antonov 3a47c7e8f6 growPartition: fix volume resizing on EC2 NVME instances
The previous code for this accidentally picked up a "p" when computing the partition number.
This logic should be more robust
2018-04-19 13:36:03 -04:00
Wout Mertens 8e3a14549f
zramSwap: remove mentions of old kernels 2018-04-19 16:53:40 +02:00
Wout Mertens dd5e2a08fb
zramSwap: default to 1 device
One device per cpu is only needed for kernel 3.14
2018-04-19 16:44:08 +02:00
Peter Hoeg 740bafa9a0
Merge pull request #36864 from peterhoeg/f/ddclient
nixos ddclient: support multiple domains and run via systemd timer [WIP]
2018-04-19 05:12:29 +00:00
Matthew Justin Bauer 8fb93be481
Merge pull request #38705 from tokudan/murmur_tmpfix
murmur: fix /tmp usage
2018-04-18 22:12:29 -05:00
WilliButz 01af301443 prometheus-exporters: add dovecot exporter module 2018-04-19 00:35:27 +02:00
Robert Schütz 5bd12c694b
nixos/tor: use RuntimeDirectory, StateDirectory (#39083) 2018-04-18 09:42:45 +02:00
Bas van Dijk ae94825b4a elasticsearch6: fix startup due to missing jvm.options 2018-04-18 00:38:48 +02:00
Jörg Thalheim 6bd83e624c
Merge pull request #39072 from jbgi/azure-agent-mount-resource-option
Azure agent mount resource option + bash to path
2018-04-17 21:12:36 +01:00
Jörg Thalheim a2ce342bf1
Merge pull request #39074 from jbgi/jira-updates
atlassian-jira: 7.7.0 -> 7.9 and add bash to service path
2018-04-17 19:51:54 +01:00
gnidorah 9029ed933c nixos/gitweb: add gitwebTheme option 2018-04-17 20:07:01 +03:00
Matthew Justin Bauer 8691bb57d3
Merge pull request #36406 from alesguzik/bluez-midi
Bluetooth MIDI support
2018-04-17 10:54:23 -05:00
Matthew Justin Bauer ef7f1c5e03
Merge pull request #36440 from dywedir/iwd
iwd: 2017-12-14 -> 0.1
2018-04-17 10:53:37 -05:00
Matthew Justin Bauer 4fe1c9e35f
Merge pull request #37388 from acowley/mlocate-updatedb
update-locatedb: fix update-locatedb service for mlocate
2018-04-17 10:42:20 -05:00
Matthew Justin Bauer 9e01411a7c
Merge pull request #37515 from MHOOO/patch-2
Fix permission on working directory
2018-04-17 10:40:49 -05:00
Matthew Justin Bauer 1a1f26ab3f
Merge pull request #37786 from woffs/fixing-quagga
quagga service: fix service and re-enable test
2018-04-17 10:12:11 -05:00
Matthew Justin Bauer 12ce909ac9
Merge pull request #38303 from LumiGuide/fix-pgmanage-sql_root
pgmanage: the data_root option is renamed to sql_root
2018-04-17 10:08:15 -05:00
Jean-Baptiste Giraudeau 15e44477b3
Add bash to jira PATH: required by health checks. 2018-04-17 16:44:04 +02:00
Jean-Baptiste Giraudeau 28e352cff8
azure-agent: add bash to service path.
as is often required by linux extensions.
2018-04-17 16:26:04 +02:00
Jean-Baptiste Giraudeau 1d971b7a9f
azure-agent: add option to control auto mount
of resource disk.
2018-04-17 16:04:04 +02:00
Graham Christensen f4ff297cd5
Merge pull request #39031 from teto/loglevel
kernel: fix boot.consoleLogLevel description
2018-04-17 08:51:14 -04:00
Graham Christensen 1f4cf80639
Merge pull request #39066 from ckauhaus/submit/38674-installdocs-mkfs
Clarify installation steps w.r.t. disk partitions
2018-04-17 08:49:41 -04:00
Christian Kauhaus bca80d67a0 Clarify installation steps w.r.t. disk partitions
- mkfs.fat needs `-n` to set a partition label, not `-L`.
- create /mnt/boot before mounting
- leave out detailed LVM example as advanced users already how to create
  LVs while it is detracting for novices.

Re #38674
2018-04-17 14:29:07 +02:00
Nikolay Amiantov 4fc0b4edca acme service: generate a CA for self-signed certificate
This is needed because simp_le expects two certificates in fullchain.pem, leading to error:

> Not enough PEM encoded messages were found in fullchain.pem; at least 2 were expected, found 1.

We now create a CA and sign the key with it instead, providing correct fullchain.pem.

Also cleanup service a bit -- use PATH and a private temporary directory (which
is more suitable).
2018-04-17 12:53:29 +03:00
Gabriel Ebner d91caac6c3 services.tt-rss: do not unnecessarily start nginx 2018-04-17 11:44:52 +02:00
Nikolay Amiantov b81aa02800 firewall service: run stop commands in reload
Do cleanup of user-created additional rules.

Of course it'd be much better to just use iptables-{save,restore} for
declarative management, but as it's still not there...
2018-04-17 12:41:36 +03:00
Jan Malakhovski b57a6e9a5f nixos: rename.nix: fix bugs
Introduced in 286b007bd3 and then
in 2e6b796761.

This a proper fix for what 70c6f6572d tried to do.
Removing the "config" prefix triggers the bug on pure nixos too, not only
on nixops.
2018-04-17 09:05:21 +00:00
Jan Malakhovski 4018d44641 Revert "nixos/version: fix nixops pre 1.6 compatibility"
This reverts commit 70c6f6572d.
2018-04-17 09:05:20 +00:00
Matthieu Coudron 9f7eabcc21 kernel: fix boot.consoleLogLevel description
The current description describes the opposite influence of the setting
https://www.kernel.org/doc/Documentation/admin-guide/kernel-parameters.txt
2018-04-17 10:45:30 +09:00
Reuben D'Netto 7292c5a570 Fixed indentation 2018-04-17 09:19:55 +10:00
Joachim F 4881002e10
Merge pull request #38982 from das-g/patch-2
nixos manual: add missing space after "copytoram"
2018-04-16 20:52:16 +00:00
Tuomas Tynkkynen 333a24a628 nixos/release.nix: Add SD images for ARMv6 + ARMv7
These don't have affect the default Hydra setup (you need to pass
the relevant system in the supportedSystem list) but let's add it for
completeness and convenience.
2018-04-16 20:39:51 +03:00
Tuomas Tynkkynen bd77849b2f nixos/installer/channel: Add some files that the channel also has
Nothing probably uses this, but let's be pedantic and have the
pre-included channel on the install media be as close as possible to
what 'nix-channel --update' will give them.

The only remaining difference is that the channel adds programs.sqlite,
which is fundamentally unfixable.
2018-04-16 20:39:51 +03:00
Yorick van Pelt a037cbd46b
oauth2_proxy: add keyFile, make some options optional 2018-04-16 14:06:22 +02:00
adisbladis 247c97b699
Merge pull request #35896 from wucke13/master
Solving #30396
2018-04-16 20:04:52 +08:00