3
0
Fork 0
forked from mirrors/nixpkgs
Commit graph

500 commits

Author SHA1 Message Date
Aaron Andersen 3792fef4ec nixos/mysql: add group option 2020-08-12 07:10:56 -04:00
Aaron Andersen 9b56677634 nixos/mysql: remove variable with confusing name 2020-08-11 21:09:41 -04:00
Jörg Thalheim ba930d8679
nixos/modules: remove trailing whitespace
This leads to ci failure otherwise if the file gets changed.
git-blame can ignore whitespace changes.
2020-08-07 14:45:39 +01:00
Pascal Bach cee4e14bdf nixos/postgresql: fix setup script
The missing () caused parts of the escripts to be added to the
ExecStartPost line instead of inside the script.

This caused postgresql start to fail under certain conditions.
2020-08-06 19:47:17 +02:00
Aaron Andersen f42f8a6d3c nixos/postgresql: replace deprecated usage of PermissionsStartOnly 2020-08-05 17:31:16 -04:00
Aaron Andersen e50e89e1a8 nixos/postgresql: conditionally provision data directory with StateDirectory 2020-08-05 17:31:16 -04:00
Aaron Andersen 4f5fc729c7 nixos/postgresql: use a standard default value for dataDir 2020-08-05 17:31:12 -04:00
Vincent Ambo c0122d335b nixos/openldap: add option for configuring OpenLDAP package to use
In certain cases, for example when custom OpenLDAP modules are
compiled into the binary, users may want to override the package used
for OpenLDAP.

This is especially common in setups where LDAP is the primary
authentication source, as good password hashing mechanisms need to be
enabled as extra modules.
2020-07-01 20:49:04 +01:00
Janne Heß 55127e16af
nixos/memcached: Type all options 2020-06-30 09:36:45 +01:00
Janne Heß d00e5e84cc
nixos/virtuoso: Type all options 2020-06-30 09:36:44 +01:00
Janne Heß 9786adf23b
nixos/redis: Type all options
redis: switch back to mkOption
2020-06-30 09:36:40 +01:00
Janne Heß b3d1377084
nixos/firebird: Type all options 2020-06-30 09:35:42 +01:00
Janne Heß ae6a6f421c
nixos/mongodb: Type all options 2020-06-30 09:35:41 +01:00
Jan Tojnar 33d79f110d
nixos/openldap: fix eval
Fixes

	error: The option value `meta.maintainers' in `nixos/modules/services/databases/openldap.nix' is not of type `list of maintainers'.
2020-06-18 16:20:20 +02:00
Jörg Thalheim a9a5016644
Merge pull request #87833 from Izorkin/sandbox-mysql 2020-06-16 18:13:43 +01:00
Izorkin eed170d9ab nixos/mysql: fix init databases on first start in sandbox mode 2020-06-10 12:38:42 +03:00
Izorkin a9d5f088b5 nixos/mysql: update tmpfiles rules 2020-06-10 12:38:42 +03:00
Izorkin df7e52814d nixos/mysql: enable sandbox mode 2020-06-10 12:38:40 +03:00
Jörg Thalheim 10acf9ae00
nixos/redis: add redis group 2020-06-10 08:58:34 +01:00
Michele Guerini Rocco c18ee4cfa0
Merge pull request #89044 from joachimschmidt557/rethinkdb-enable-option
nixos/rethinkdb: refactor enable option
2020-05-28 10:03:24 +02:00
Michele Guerini Rocco 429f976089
Merge pull request #87812 from joachimschmidt557/mysql-enable-option
nixos/mysql: refactor enable option
2020-05-28 10:02:25 +02:00
joachimschmidt557 2059f44af0 nixos/rethinkdb: refactor enable option 2020-05-27 21:36:31 +02:00
Jamie McClymont 8cdc8687bf redis: handle changes to systemd support
The 6.0 changelog notes that systemd support was rewritten. The effects
of that seem to be twofold:

* Redis will silently fail to sd_notify if not built with libsystemd,
  breaking our unit configuration.
* It also appears to misbehave if told to daemonize when running under
  systemd -- note that upstream's sample unit configuration does not
  daemonize:
  https://github.com/antirez/redis/blob/unstable/utils/systemd-redis_server.service
2020-05-17 20:23:48 +12:00
Eelco Dolstra b7ddd316f1 postgresql: Use runuser instead of sudo
Currently, sudo doesn't work in a NixOS container running inside a Nix
build, because Nix's seccomp filter doesn't allow setuid programs. In
any case, runuser is a bit lower-overhead than sudo.
2020-05-15 00:25:27 +02:00
Izorkin da08b22e1a nixos/mysql-replication: ignore system databases in binary log 2020-05-14 17:29:40 +03:00
Izorkin b8c8e810aa nixos/mysql: disable load pluginx auth_socket in mariadb 2020-05-14 17:29:40 +03:00
joachimschmidt557 cd1152ff7c nixos/mysql: refactor enable option 2020-05-14 13:08:41 +02:00
Linus Heckemann 85a0587884
Merge pull request #87219 from serokell/kirelagin/postgres-no-time
postgres: Do not log timestamp
2020-05-14 08:34:44 +02:00
Kirill Elagin 084bd32bad
postgresql: Fix formatting in option description
Co-authored-by: Mario Rodas <marsam@users.noreply.github.com>
2020-05-13 23:33:08 +03:00
Kirill Elagin 652958eefa postgres: Do not log timestamp
By default, postgres prefixes each log line with a timestamp. On NixOS
logs are written to journal anyway, so they include an external
timestamp, so the timestamp ends up being printed twice, which clutters
the log.

* Add a module option to change the log prefix.
* Set it to upstream default sans timestamp.
2020-05-08 00:13:20 +03:00
joachimschmidt557 dc78d14d65 nixos/postgresql: refactor enable option
More consistency with other modules (mkEnableOption)
2020-05-07 10:59:07 +02:00
Florian Klink 450f8a44f9 nixosTests.ldap: remove
This seems to have worked in 15f105d41f (5
months ago) but broke somewhere in the meantime.

The current module doesn't seem to be underdocumented and might need a
serious refactor. It requires quite some hacks to get it to work (see
https://github.com/NixOS/nixpkgs/issues/86305#issuecomment-621129942),
or how the ldap.nix test used systemd.services.openldap.preStart and
made quite some assumptions on internals.

Mic92 agreed on being added as a maintainer for the module, as he uses
it a lot and can possibly fix eventual breakages. For the most basic
startup breakages, the remaining openldap.nix test might suffice.
2020-05-06 14:56:21 +02:00
Dominik Xaver Hörl 0412bde942 treewide: add bool type to enable options, or make use of mkEnableOption
Add missing type information to manually specified enable options or replace them by mkEnableOption where appropriate.
2020-04-21 08:55:36 +02:00
Florian Klink 4009ef44e9 cockroachdb: remove stray trailing whitespace 2020-04-03 00:34:18 +02:00
Léo Gaspard bb5c622963
Merge pull request #82739 from danbst/document-postgresql-upgrade
Document postgresql upgrade
2020-03-31 23:50:06 +02:00
Aaron Andersen 3474b55614 nixos/mysql: fix service so it works with mysql80 package 2020-03-20 20:54:17 -04:00
danbst a723672c20 doc/postgresql: apply xmlformat 2020-03-16 19:30:23 +02:00
danbst 759fd9b0b0 nixos/postgresql: add upgrade documentation 2020-03-16 19:30:23 +02:00
Aaron Andersen 641b94bdd0 nixos/mysql: add settings and configFile options 2020-03-10 15:15:11 -04:00
Jörg Thalheim 7448211021
Merge pull request #80032 from Mic92/redis
nixos/redis: add requirePassFile option
2020-02-17 21:28:04 +00:00
gtgteq c359c6959a
nixos/postgresql: Change local auth method from ident to peer (#80179) 2020-02-15 23:55:35 +02:00
Maximilian Bosch 6c63107872
nixos/manual: fix build 2020-02-15 19:18:06 +01:00
danbst 84535e0a47 let's not support group mode for versions pre-11.
The only fix is to change mode to 0700 before start, because otherwise postgresql
doesn't start, and error is non-obvious.
2020-02-14 19:16:34 +02:00
danbst 2c77c53487 Merge branch 'master' into postgresql_group 2020-02-14 19:00:52 +02:00
Jörg Thalheim 9cfe5a7a54
nixos/redis: add requirePassFile option
Avoids having the password in the nix store.
2020-02-13 17:06:35 +00:00
Yorick van Pelt 4b7d28b0f9
victoriametrics: add module, tests 2020-01-29 19:52:14 +01:00
Jörg Thalheim 382b0aa52d
nixos/openldap: check configuration with slaptest
slapd does only print the error and not the line number.
Sometimes it is not even clear that it fails to start
due to an incorrect configuration file.

Example output of slaptest:

5e1b2179 /nix/store/gbn2v319d4qgw851sg41mcmjm5dpn39i-slapd.conf: line 134 objectClass: Missing closing parenthesis before end of input
ObjectClassDescription = "(" whsp
  numericoid whsp                 ; ObjectClass identifier
  [ "NAME" qdescrs ]
  [ "DESC" qdstring ]
  [ "OBSOLETE" whsp ]
  [ "SUP" oids ]                ; Superior ObjectClasses
  [ ( "ABSTRACT" / "STRUCTURAL" / "AUXILIARY" ) whsp ]
                                  ; default structural
  [ "MUST" oids ]               ; AttributeTypes
  [ "MAY" oids ]                ; AttributeTypes
  whsp ")"
slaptest: bad configuration file!
2020-01-12 14:25:49 +00:00
Aaron Andersen df059f89e6 nixos/mysql: restart systemd service on abort 2020-01-06 20:08:51 -05:00
rnhmjoj 1d61efb7f1 treewide: use attrs instead of list for types.loaOf options 2020-01-06 10:39:18 -05:00
Christian Kampka b85286fe66 postgresql: Quote role names when creating database users 2019-12-13 14:10:18 -06:00
Silvan Mosberger 4ee3e8b21d
nixos/treewide: Move rename.nix imports to their respective modules
A centralized list for these renames is not good because:
- It breaks disabledModules for modules that have a rename defined
- Adding/removing renames for a module means having to find them in the
central file
- Merge conflicts due to multiple people editing the central file
2019-12-10 02:51:19 +01:00
Renaud f640cf49d1
rdf4store: remove pkg and service modules
(#74214)
2019-12-08 20:33:51 +01:00
John Ericson d0d5136cce Merge remote-tracking branch 'upstream/master' into wrapper-pname-support 2019-11-24 17:25:07 +00:00
John Ericson 9b090ccbca treewide: Get rid of most parseDrvName without breaking compat
That is because this commit should be merged to both master and
release-19.09.
2019-11-24 17:22:28 +00:00
Florian Klink 6303131eb9 nixos/redis: fix merging
https://github.com/NixOS/nixpkgs/pull/71584 did merging without mkMerge.

cc @jtojnar
2019-11-08 15:38:06 +01:00
Silvan Mosberger dd0a47e7ae
treewide: Switch to system users (#71055)
treewide: Switch to system users
2019-11-01 13:26:43 +01:00
Malte Brandy fe143bac5b nixos/redis: Disable hugepages for redis via sysctl and not via a systemd-oneshot 2019-10-21 22:38:16 +02:00
Izorkin 632f69e485 nixos/mysql: fix mysqlReplication test 2019-10-13 19:18:51 +03:00
Janne Heß d6c08776ba treewide: Switch to system users 2019-10-12 22:25:28 +02:00
Aaron Andersen 2448733001
Merge pull request #69371 from dasJ/memcached-sysuser
nixos/memcached: Switch to a system user
2019-10-03 18:11:00 -04:00
Janne Heß aa27c1c664 nixos/memcached: Switch to a system user 2019-09-24 20:10:19 +02:00
danbst e557ad74ac move from 19.09 to 20.03 2019-09-22 12:27:39 +03:00
danbst fb863fceea nixos/postgresql: switch default 9.6 -> 11
This is designed for 19.09 release.
2019-09-21 10:18:56 +03:00
Eelco Dolstra b0ccd6dd16
Revert "nixos/doc: re-format"
This reverts commit ea6e8775bd. The new
format is not an improvement.
2019-09-19 19:17:30 +02:00
Jan Tojnar ea6e8775bd
nixos/doc: re-format 2019-09-18 22:13:35 +02:00
adisbladis 8e2fc57a80
postgresql_9_4: Remove package
It's only supported until February 13, 2020 which is during the 19.09 life cycle.
2019-09-07 15:31:27 +01:00
Jan Tojnar cdf426488b
Merge branch 'master' into staging-next
Fixed trivial conflicts caused by removing rec.
2019-09-06 03:20:09 +02:00
Craige McWhirter 169cb996c5 postgresql: improve identMap description
This patch provides example usage for identMap based upon PostrgeSQL documentation

@thoughtpolice
2019-09-05 12:28:21 -05:00
Vladimír Čunát f21211ebfe
Merge branch 'master' into staging 2019-09-02 23:25:24 +02:00
Florian Klink ff2fd6c4e5 nixos/redis: unbreak module
The redis module currently fails to start up, most likely due to running
a chown as non-root in preStart.

While at it, I hardcoded it to use systemd's StateDirectory and
DynamicUser to manage directory permissions, removed the unused
appendOnlyFilename option, and the pidFile option.

We properly tell redis now it's daemonized, and it'll use notify support
to signal readiness.
2019-09-01 14:08:42 +02:00
Peter Simons fa49f7ce6b nixos/redis: drop unnecessary dependencies from systemd unit 2019-09-01 09:04:11 +02:00
Peter Simons 0808f5ad1d
Merge pull request #67768 from peti/t/redis
nixos/redis: disable transparent huge pages (TLP) before starting Redis
2019-09-01 08:49:25 +02:00
Silvan Mosberger 478e7184f8
nixos/modules: Remove all usages of types.string
And replace them with a more appropriate type

Also fix up some minor module problems along the way
2019-08-31 18:19:00 +02:00
Frederik Rietdijk ad1d58c622 Merge staging-next into staging 2019-08-31 10:04:20 +02:00
Peter Simons afd448a9fa nixos/redis: disable transparent huge pages (TLP) before starting Redis 2019-08-30 18:10:06 +02:00
Peter Simons 28dee92fff nixos/redis: move 'redis_init.service' into the preStart hook of 'redis.service' 2019-08-30 15:39:50 +02:00
Frederik Rietdijk 5061fe0c2c Merge staging-next into staging 2019-08-28 08:26:42 +02:00
volth 35d68ef143 treewide: remove redundant quotes 2019-08-26 21:40:19 +00:00
Janne Heß cabab90ad2 nixos/memcached: Remove PrivateUsers
Seems to break systems using the hardened profile.
Ref #62936
cc @Izorkin
2019-08-25 16:34:06 +02:00
Marek Mahut 4754ca7d2e
Merge pull request #62936 from dasJ/sandbox-memcached
nixos/memcached: Isolate the service
2019-08-13 08:56:34 +02:00
Danylo Hlynskyi 329fa4b01e
Merge pull request #66401 from eadwu/postgresql/fix-quoted-query
nixos/postgresql: fix quoted queries
2019-08-11 22:46:50 +03:00
Silvan Mosberger ce82d0b61a
Couchdb: Don't chown /var/log to couchdb (#65347)
Couchdb: Don't chown /var/log to couchdb
2019-08-10 01:36:15 +02:00
Edmund Wu 18d176dc20
nixos/postgresql: fix quoted queries 2019-08-09 15:11:24 -04:00
Danylo Hlynskyi 0730e81785
postgresql: running initdb from command line now works (#65309)
The issue was only with NixOS service, `postgresql` installed through
`nix-env` was not affected.

Fixes https://github.com/NixOS/nixpkgs/issues/23655
2019-08-07 14:17:36 +03:00
danbst 363ba3f403 change groupAccess to tristate, to not force chmod on dataDir.
Making mask either 0700 or 0750 is too restrictive..
2019-07-25 01:00:26 +03:00
danbst e54ad9812b whoops 2019-07-25 00:17:01 +03:00
danbst b643e0aee3 addressed review comments and some fixes 2019-07-24 23:34:21 +03:00
Silvan Mosberger 5e974362be
nixos/couchdb: Prevent it from chowning /var/log to couchdb:couchdb
The default for logFile is /var/log/couchdb.log, and the tmpfile rules chown
${dirOf cfg.logFile}, which is just /var/log, to couchdb:couchdb.

This was found by Edes' report on IRC, which looked like

    Detected unsafe path transition /var/log → /var/log/journal during canonicalization of /var/log/journal

While this bug has been present since the initial couchdb module in
62438c09f7 by @garbas, this wasn't a
problem, because the initial module only created and chowned /var/log
if it didn't exist yet, which can't occur because this gets created in
the initial phases of NixOS startup.

However with the recent move from manual preStart chown scripts to
systemd.tmpfiles.rules in 062efe018d (#59389),
this chown is suddenly running unconditionally at every system
activation, therefore triggering the above error.
2019-07-24 20:52:53 +02:00
danbst 7e4e37fff4 postgresql: allow changing initidb arguments via module system
Closes https://github.com/NixOS/nixpkgs/issues/18829

+ some cleanups
2019-07-23 21:56:26 +03:00
danbst 92a015d35d nixos/postgresql: support 0750 for data directory
This is rework of part of https://github.com/NixOS/nixpkgs/pull/46670.
My usecase was to be able to inspect PG datadir as wheel user.

PG11 now allows starting server with 0750 mask for data dir.
`groupAccess = true` now does this automatically. The only thing you have to do
is to set group ownership.

For PG10 and below, I've described a hack how this can be done. Before this PR
hack was impossible. The hack isn't ideal, because there is short
period of time when dir mode is 0700, so I didn't want to make it official.

Test/example is present too.
2019-07-23 21:56:26 +03:00
Danylo Hlynskyi d54e52276b
postgresql: update docs
https://github.com/NixOS/nixpkgs/issues/32156
2019-07-23 14:17:14 +03:00
Danylo Hlynskyi caa0f82bf8
docs: update docs for postgresql plugins (#64899)
docs: update docs for postgresql plugins

Co-Authored-By: Mario Rodas <marsam@users.noreply.github.com>
2019-07-21 22:05:41 +03:00
Jamey Sharp d4e5748c1b nixos/openldap: fix assertion
In commit d43dc68db3, @Mic92 split the
rootpw option to allow specifying it in a file kept outside the Nix
store, as an alternative to specifying the password directly in the
config.

Prior to that, rootpw's type was `str`, but in order to allow both
alternatives, it had to become `nullOr str` with a default of `null`. So
I can see why this assertion, that either rootpw or rootpwFile are
specified, makes sense to add here.

However, these options aren't used if the configDir option is set, so as
written this assertion breaks valid configurations, including the
configuration used by nixos/tests/ldap.nix.

So this patch fixes the assertion so that it doesn't fire if configDir
is set.
2019-07-17 11:08:10 +03:00
Danylo Hlynskyi 475f1ebd98
Merge branch 'master' into postgresql-plugins-bin 2019-07-16 11:32:52 +03:00
Austin Seipp acb1134074
nixos/foundationdb: s/pidFile/pidfile/
Fixes an evaluation regression introduced by a case-typo in
de6e5ea815

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2019-07-09 17:11:31 -05:00
Thorsten Weber 46ea3ebc19 nixos/mysql: make ExecStartPost script fail on error 2019-07-03 08:50:21 +02:00
Aaron Andersen d0a147e841 nixos/mysql: run ExecStartPost as root (again) to preserve compatibility with installs that have been secured 2019-06-30 21:59:47 -04:00
Aaron Andersen e0590da813 nixos/mysql: turn ExecStartPost into a shell script and simplify code 2019-06-30 21:58:27 -04:00
Aaron Andersen ae02678a9d
Merge pull request #63786 from aanderse/mysql
mysql: drop support for deprecated package & module option
2019-06-27 12:14:35 -04:00
Graham Christensen 38c28ef10c
Merge pull request #56265 from aanderse/permissions-start-only
replace deprecated usage of PermissionsStartOnly (part 2)
2019-06-25 18:04:22 -04:00
Aaron Andersen fb918a9254 nixos/mysql: drop rootPassword option 2019-06-25 17:26:53 -04:00
Aaron Andersen 931921664f
Merge pull request #63392 from ivan/cassandra-default-cluster-name
nixos/cassandra: use cassandra's default cluster name "Test Cluster"
2019-06-25 07:18:10 -04:00
Ivan Kozik a476b9bf54 nixos/cassandra: use cassandra's default cluster name "Test Cluster"
The change to "NixOS Test Cluster" in #59179 broke startup of existing clusters
that used the previously-default cluster name "Test Cluster":

ERROR 23:00:47 Fatal exception during initialization
org.apache.cassandra.exceptions.ConfigurationException: Saved cluster name Test Cluster != configured name NixOS Test Cluster

Fixes #63388.
2019-06-18 00:36:46 +00:00
Jan Tojnar a3f2131eb6 doc: Use prompt more often 2019-06-17 13:25:50 +02:00
aszlig c26584f1e5
nixos: Fix build of manual
Manual build broken by 79f7f89442, which
is part of pull request #59179 (Fix Cassandra, improve config and
tests).

The issue was just a small error because of an unbalanced <literal/>
tag, so only a "/" was missing :-)

Signed-off-by: aszlig <aszlig@nix.build>
Cc: @aanderse
2019-06-14 05:36:06 +02:00
Daniel Schaefer 03503121da nixos/cassandra: Don't force SimpleSeedProvider
If the `seedAddresses` is not set, don't force `SimpleSeedProvider` to
be in `seed_provider`. This could cause problems in a multi-datacenter
deployment when a different seed provider is preferred.
2019-06-13 04:36:42 +02:00
Daniel Schaefer 79f7f89442 nixos/cassandra: Use docbook instead of markdown style 2019-06-13 04:36:41 +02:00
Daniel Schaefer 9ecd584785 nixos/cassandra: Add option for password file path
If you're on a multi user system you don't want to have the password in
the nix-store. With the new jmxRolesFile option you can specify your own
protected file instead.
2019-06-13 04:36:41 +02:00
Daniel Schaefer 35531f4016 nixos/cassandra: Allow setting JMX credentials
If we have the ability to enable remote JMX we should also support
setting credentials for that because they become required if you turn it
on.
2019-06-13 04:36:41 +02:00
Daniel Schaefer c1991fb18d nixos/cassandra: Add clusterName 2019-06-13 04:36:41 +02:00
Daniel Schaefer f0031432ce nixos/cassandra: Add nixos conf for Java env 2019-06-13 04:36:40 +02:00
Daniel Schaefer 746b82bd4a nixos/cassandra: Allow setting of seed addresses
Allow for more intuitive specifying of seed node addresses with Nix
syntax.
2019-06-13 04:34:03 +02:00
Daniel Schaefer a2aa01be0c nixos/cassandra: Enable CQL server by default
Resolves #50954
2019-06-13 04:34:03 +02:00
Janne Heß c0e5acb16d nixos/memcached: Isolate the service
memcached is (as the name suggests) an in-memory database so FS access
is not required.
2019-06-10 09:50:04 +02:00
Florian Klink 5ea7a3eb21 nixos/mysql: drop services.mysql.pidDir
mysql already has its socket path hardcoded to to
/run/mysqld/mysqld.sock.
There's not much value in making the pidDir configurable, which also
points to /run/mysqld by default.

We only seem to use `services.mysql.pidDir` in the wordpress startup
script, to wait for mysql to boot up, but we can also simply wait on the
(hardcoded) socket location too.

A much nicer way to accomplish that would be to properly describe a
dependency on mysqld.service. This however is not easily doable, due to
how the apache-httpd module was designed.
2019-05-31 22:27:55 +02:00
Florian Klink edd10c12f7 nixos/mysql: run as mysql user and group
As we don't need to setup data directories from ExecStartPre= scripts
anymore, which required root, but use systemd.tmpfiles.rules instead,
everything can be run as just the mysql user.
2019-05-31 22:27:55 +02:00
Florian Klink 25494cc193 nixos/mysql: reformat, move logical steps into variables
define commands like "waiting for the mysql socket to appear" or "setup
initial databases" in a let expression, so the main control flow becomes
more readable.
2019-05-31 22:27:48 +02:00
Florian Klink 50dda813e2 nixos/mysql: use systemd.tmpfiles to setup dataDir and pidDir
We need to keep using `RuntimeDirectory=mysqld`, which translates to
`/run/mysqld`, as this is used for the location of the file socket, that
could differ with what is configured via `cfg.pidDir`.
2019-05-31 22:20:42 +02:00
Aaron Andersen de6e5ea815 nixos/foundationdb: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-05-26 07:20:58 -04:00
Aaron Andersen 8034dac42f nixos/firebird: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-05-26 07:20:57 -04:00
Aaron Andersen c7481e6340 nixos/hbase: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-05-26 07:20:54 -04:00
phile314-fh 62d4c2b34a mongodb: Add authentication support
* nixos/mongodb: Add authentication support

* nixos/mongodb: Add initial script option

* nixos/mongodb: Make initial root password configurable

* nixos/mongodb: Start only on loopback interface for setup procedure

* nixos/mongodb: Test auth/initial script

* nixos/mongodb: Code formatting

Co-Authored-By: Lassulus <github@lassul.us>
2019-05-25 18:09:30 +09:00
Silvan Mosberger f631167557
Merge pull request #58702 from florianjacob/fix-mysql
nixos/mysql: fix typing-induced bugs
2019-05-24 19:51:54 +02:00
Florian Klink cd96b50d90
nixos/postgresql: add ensureDatabases & ensureUsers options (#56720)
nixos/postgresql: add ensureDatabases & ensureUsers options
2019-05-20 10:58:48 +02:00
Robin Gloster 6cf583cf2f
Merge pull request #60406 from JohnAZoidberg/remove-isnull
treewide: Remove usage of isNull
2019-05-18 09:36:24 +00:00
Austin Seipp e2bbc6fb46
nixos: fix services.foundationdb.traceFormat for older server versions
This was a testing oversight that came from #61009 -- I forgot to test
the new traceFormat option with older server versions while I was
working on FDB 6.1.

Since trace_format is only available in 6.1+, emitting it
unconditionally caused older versions of the database fail to start,
reporting an error. We simply gate it behind a version check instead,
and assert the format is always XML on older versions. This avoids the
case where the user has an old version, changes traceFormat willingly,
and then is confused by why it didn't work.

As reported by @TimothyKlim in the comments on commit
c55b9236f0. See

    c55b9236f0 (r33566132)

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2019-05-16 15:16:50 -05:00
Austin Seipp 2525b88c80
nixos/foundationdb: default to ssd storage engine
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2019-05-15 09:54:11 -05:00
Austin Seipp 427f1e58a4
nixos/foundationdb: chmod 0770 for logs/data files
Slight oversight: this allows members of the FoundationDB group to read
logs.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2019-05-15 09:54:11 -05:00
Austin Seipp c55b9236f0
nixos: add services.foundationdb.traceFormat option
This allows us to specify JSON trace logging, which is useful for
tooling to injest/transform logs.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2019-05-15 09:54:11 -05:00
Bas van Dijk 517c52ec2e
postgresql: always create the $out/bin directory
This is needed because some PostgreSQL plugins don't have a bin
directory. If only these plugins are listed in cfg.extraPlugins buildEnv
will turn $out/bin into a symbolic link to ${pg}/bin. Lateron we try to
rm $out/bin/{pg_config,postgres,pg_ctl} which will then fail because
$out/bin will be read-only.
2019-05-04 14:11:52 -05:00
Daniel Schaefer 786f02f7a4 treewide: Remove usage of isNull
isNull "is deprecated; just write e == null instead" says the Nix manual
2019-04-29 14:05:50 +02:00
Jörg Thalheim d43dc68db3
nixos/openldap: make rootpw option optional
This allows to store passwords in external files outside of the world-readable
nix store.
2019-04-23 16:35:33 +01:00
Aaron Andersen b1be2f1584 nixos/influxdb: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-04-13 07:00:59 -04:00
Aaron Andersen 062efe018d nixos/couchdb: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-04-13 07:00:58 -04:00
Aaron Andersen e51f86a018 nixos/clickhouse: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-04-13 07:00:58 -04:00
Aaron Andersen 0113cc0de9 nixos/stanchion: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-04-13 07:00:57 -04:00
Aaron Andersen 2f50cd06dc nixos/memcached: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-04-13 07:00:55 -04:00
Florian Klink 2457510db4
Merge pull request #51918 from bobvanderlinden/var-run
tree-wide: nixos: /var/run -> /run
2019-04-07 20:09:46 +02:00
Florian Jacob 14571f5ed0 nixos/mysql: fix initialScript option
which was wrongly specified as types.lines
Prevent it from getting copied to nix store as people might use it for
credentials, and make the tests cover it.
2019-04-01 21:08:47 +02:00
Florian Jacob 77978c1518 nixos/mysql: fix support for non-specified database schema
and increase test coverage to catch this
2019-04-01 20:01:29 +02:00
Simon Lackerbauer 88c31ae57c
nixos/openldap: add new options 2019-04-01 17:24:33 +02:00
Silvan Mosberger 9d4a6cceb7
Merge pull request #57550 from florianjacob/typed-mysql-options
nixos/mysql: specify option types, add tests
2019-03-28 18:55:53 +01:00
Aaron Andersen 44a798e36f nixos/postgresql: added new options to mimic mysql module 2019-03-27 21:21:12 -04:00
Bob van der Linden e8434784bd nixos/rethinkdb: /var/run -> /run 2019-03-20 00:02:43 +01:00
Bob van der Linden af0380997f nixos/redis: /var/run -> /run 2019-03-20 00:02:43 +01:00
Bob van der Linden 09d3ea4f67 nixos/openldap: /var/run -> /run 2019-03-20 00:02:43 +01:00
Bob van der Linden 660ee99293 nixos/mongodb: /var/run -> /run 2019-03-20 00:02:43 +01:00
Bob van der Linden 651f05c47c nixos/couchdb: /var/run -> /run 2019-03-20 00:02:42 +01:00
Florian Jacob 5bec5e8cb1 nixos/mysql: specify option types 2019-03-15 16:32:36 +01:00
aszlig ef553788d0
postgresql: Move socket dir to /run/postgresql
The default, which is /tmp, has a few issues associated with it:

One being that it makes it easy for users on the system to spoof a
PostgreSQL server if it's not running, causing applications to connect
to their provided sockets instead of just failing to connect.

Another one is that it makes sandboxing of PostgreSQL and other services
unnecessarily difficult. This is already the case if only PrivateTmp is
used in a systemd service, so in order for such a service to be able to
connect to PostgreSQL, a bind mount needs to be done from /tmp to some
other path, so the service can access it. This pretty much defeats the
whole purpose of PrivateTmp.

We regularily run into issues with this in the past already (one example
would be https://github.com/NixOS/nixpkgs/pull/24317) and with the new
systemd-confinement mode upcoming in
https://github.com/NixOS/nixpkgs/pull/57519, it makes it even more
tedious to sandbox services.

I've tested this change against all the postgresql NixOS VM tests and
they still succeed and I also grepped through the source tree to replace
other occasions where we might have /tmp hardcoded. Luckily there were
very few occasions.

Signed-off-by: aszlig <aszlig@nix.build>
Cc: @ocharles, @thoughtpolice, @danbst
2019-03-15 04:52:35 +01:00