3
0
Fork 0
forked from mirrors/nixpkgs
Commit graph

15524 commits

Author SHA1 Message Date
Tom Fitzhenry 9d92c9d0a7 iso-image: add 'serial console' boot entry
Prior to this commit, installation over serial console would requiring
manually having to modify the kernel modeline, as described in
https://github.com/NixOS/nixpkgs/issues/58198 .

This is unnecessarily fiddly, so this commit adds a syslinux boot
entry that has serial enabled.

GRUB already has a serial console entry:
2c07a0800a/nixos/modules/installer/cd-dvd/iso-image.nix (L311-L317)

Why 115200 bps? This is already used in other places, e.g. https://github.com/NixOS/nixpkgs/pull/58196

I tested this change by building the image, booting the image, and
observing the boot process over serial:

    $ cd nixos/
    $ nix-build -A config.system.build.isoImage -I nixos-config=modules/installer/cd-dvd/installation-cd-minimal.nix default.nix
    $ sudo cp /nix/store/arcl702c3z8xlndlvnfplq9yhixjvs9k-nixos-20.09pre-git-x86_64-linux.iso/iso/nixos-20.09pre-git-x86_64-linux.iso /dev/sdb

    $ picocom -b 115200 /dev/ttyUSB0
2020-12-22 16:16:15 +08:00
WilliButz 1c55621706
nixos/codimd: rename to hedgedoc
CodiMD was renamed to HedgeDoc. The user, group and state directory,
will be named hedgedoc instead of codimd, starting with stateVersion
"21.03".
2020-12-22 01:39:03 +01:00
WilliButz 8fc05f7a19
Merge pull request #107292 from mguentner/nginxlog_exporter
nginxlog_exporter:  1.3.0 -> 1.8.1 + module w/ tests
2020-12-21 21:40:16 +01:00
John Ericson 9a6d2ba1c5
Merge pull request #107338 from Ericson2314/thermald-allow-custom-package
nixos/thermald: Allow switching package
2020-12-21 15:23:53 -05:00
Maximilian Güntner 65fd031277
nixos: add prometheus_nginxlog_exporter module + test 2020-12-21 21:23:39 +01:00
Timo Kaufmann 8aaf788e34
Merge pull request #99037 from mohe2015/fix-mongodb
nixos/mongodb: fix running initialScript without a set root password
2020-12-21 19:41:51 +01:00
John Ericson 4bded92554 nixos/thermald: Allow switching package
Sometimes newer versions than what nixpkgs provides is needed for
certain hardware, especially for stable releases where I will backport
this commit.
2020-12-21 18:14:53 +00:00
Bjørn Forsman 39fad297fd nixos: fix "nixos-rebuild build-vm-with-bootloader" for EFI systems
`nixos-rebuild build-vm-with-bootloader` currently fails with the
default NixOS EFI configuration:

  $ cat >configuration.nix <<EOF
  {
    fileSystems."/".device = "/dev/sda1";
    boot.loader.systemd-boot.enable = true;
    boot.loader.efi.canTouchEfiVariables = true;
  }
  EOF

  $ nixos-rebuild build-vm-with-bootloader -I nixos-config=$PWD/configuration.nix -I nixpkgs=https://github.com/NixOS/nixpkgs/archive/nixos-20.09.tar.gz
  [...]
  insmod: ERROR: could not insert module /nix/store/1ibmgfr13r8b6xyn4f0wj115819f359c-linux-5.4.83/lib/modules/5.4.83/kernel/fs/efivarfs/efivarfs.ko.xz: No such device
  mount: /sys/firmware/efi/efivars: mount point does not exist.
  [    1.908328] reboot: Power down
  builder for '/nix/store/dx2ycclyknvibrskwmii42sgyalagjxa-nixos-boot-disk.drv' failed with exit code 32
  [...]

Fix it by setting virtualisation.useEFIBoot = true in qemu-vm.nix, when
efi is needed.

And remove the now unneeded configuration in
./nixos/tests/systemd-boot.nix, since it's handled globally.

Before:
* release-20.03: successful build, unsuccessful run
* release-20.09 (and master): unsuccessful build

After:
* Successful build and run.

Fixes https://github.com/NixOS/nixpkgs/issues/107255
2020-12-21 08:55:13 +01:00
Florian Klink e45d9000b5
Merge pull request #107112 from Izorkin/samba-wsdd-fix
nixos/samba-wsdd: fix starting
2020-12-20 13:16:17 +01:00
Florian Klink 49853c69f5
Merge pull request #101482 from m1cr0man/jwsfix
nixos/acme: lego run when account is missing
2020-12-20 11:06:19 +01:00
mohe2015 ecb0291e1a
nixos/mongodb: fix running initialScript without a set root password
Co-authored-by: Timo Kaufmann <timokau@zoho.com>
2020-12-19 18:14:29 +01:00
Silvan Mosberger e52f705248
Merge pull request #84324 from Emantor/init/icecc_icemon
Icecream support
2020-12-19 17:54:28 +01:00
Linus Heckemann b1fc183639
Merge pull request #97145 from lheckemann/initrd-improvements
Initrd improvements
2020-12-18 18:15:27 +01:00
Silvan Mosberger 9e6737710c Revert "Module-builtin assertions, disabling assertions and submodule assertions" 2020-12-18 16:44:37 +01:00
Silvan Mosberger 7698aa9776
Merge pull request #97023 from Infinisil/module-assertions
Module-builtin assertions, disabling assertions and submodule assertions
2020-12-18 14:17:52 +01:00
Lucas Savva e3120397a5 nixos/acme: Remove dependency on system version for hash
This means that all systems running from master will trigger
new certificate creation on next rebuild. Race conditions around
multiple account creation are fixed in #106857, not this commit.
2020-12-18 12:57:35 +00:00
Eelco Dolstra a8c49a97a6
nix: 2.3.9 -> 2.3.10 2020-12-18 12:33:49 +01:00
Michele Guerini Rocco d7b52849f8
Merge pull request #97362 from martinetd/wakeonlan
wakeonlan service: use powerUpCommands
2020-12-18 08:39:02 +01:00
Linus Heckemann 834cc5d5fa nixos/initrd: docbookise "compressor" description 2020-12-17 23:01:08 +01:00
Silvan Mosberger 767d80099c
lib/modules: Introduce _module.checks.*.check
Previously the .enable option was used to encode the condition as well,
which lead to some oddness:
- In order to encode an assertion, one had to invert it
- To disable a check, one had to mkForce it

By introducing a separate .check option this is solved because:
- It can be used to encode assertions
- Disabling is done separately with .enable option, whose default can be
  overridden without a mkForce
2020-12-17 21:52:24 +01:00
rnhmjoj 9728907cd3
console: remove console.extraTTYs option
This closes issue #88085
2020-12-17 21:29:33 +01:00
Izorkin 299f93dfdc
nixos/samba-wsdd: fix starting 2020-12-17 20:52:30 +03:00
Andreas Rammhold fa0d499dbf
Merge pull request #106995 from andir/ml2pr/PATCH-nixos-users-groups-createHome-Ensure-HOME-permissions-fix-description
nixos/users-groups: createHome: Ensure HOME permissions, fix description
2020-12-17 17:23:46 +01:00
Dominik Xaver Hörl d4ef25db5d nixos/initrd: add compressorArgs, make compressor option public 2020-12-17 11:38:10 +01:00
Doron Behar 749c9f1f19
Merge pull request #92582 from truh/plantuml-server-squash 2020-12-16 22:02:57 +02:00
Markus Kowalewski 5df0cf7461
nixos/slurm: fix dbdserver config file handling
Since slurm-20.11.0.1 the dbd server requires slurmdbd.conf to be
in mode 600 to protect the database password. This change creates
slurmdbd.conf on-the-fly at service startup and thus avoids that
the database password ends up in the nix store.
2020-12-16 20:34:14 +01:00
Alyssa Ross e17d4b05a1 nixos/tor: don't do privoxy stuff by default
It's very surprising that services.tor.client.enable would set
services.privoxy.enable.  This violates the principle of least
astonishment, because it's Privoxy that can integrate with Tor, rather
than the other way around.

So this patch moves the Privoxy Tor integration to the Privoxy module,
and it also disables it by default.  This change is documented in the
release notes.

Reported-by: V <v@anomalous.eu>
2020-12-16 12:20:03 +00:00
Klemens Nanni 8833983f26 nixos/users-groups: createHome: Ensure HOME permissions, fix description
configuration.nix(1) states

    users.extraUsers.<name>.createHome
        [...] If [...] the home directory already exists but is not
        owned by the user, directory owner and group will be changed to
        match the user.

i.e. ownership would change only if the user mismatched;  the code
however ignores the owner, it is sufficient to enable `createHome`:

    if ($u->{createHome}) {
        make_path($u->{home}, { mode => 0700 }) if ! -e $u->{home};
        chown $u->{uid}, $u->{gid}, $u->{home};
    }

Furthermore, permissions are ignored on already existing directories and
therefore may allow others to read private data eventually.

Given that createHome already acts as switch to not only create but
effectively own the home directory, manage permissions in the same
manner to ensure the intended default and cover all primary attributes.

Avoid yet another configuration option to have administrators make a
clear and simple choice between securely managing home directories
and optionally defering management to own code (taking care of custom
location, ownership, mode, extended attributes, etc.).

While here, simplify and thereby fix misleading documentation.
2020-12-16 03:40:29 +01:00
Guillaume Girol 824d2c92bd
Merge pull request #82584 from Atemu/dnscrypt-default-config
dnscrypt-proxy2: base settings on example config
2020-12-15 19:47:43 +00:00
Michele Guerini Rocco 12f367b51c
Merge pull request #104722 from rnhmjoj/wpa-fix
nixos/wireless: fix failure with no interfaces
2020-12-15 08:37:33 +01:00
Linus Heckemann c40f06022a
Merge pull request #106073 from minijackson/tinc-rfc42-and-tests
nixos/tinc: rfc42 and tests
2020-12-14 21:52:57 +01:00
Linus Heckemann cc786acdce
Merge pull request #105397 from kisik21/mailman-other-mta-support
nixos/mailman: make Postfix support optional (provided you configure the MTA yourself)
2020-12-14 09:46:05 +01:00
Vika ad023b0c88
nixos/mailman: make Postfix support optional (provided you configure the MTA yourself)
Mailman can now work with MTAs other than Postfix. You'll have to configure
it yourself using the options in `services.mailman.settings.mta`.

This addition is reflected in the release notes for 21.03.
2020-12-14 02:41:30 +03:00
Minijackson 499e366d7b
nixos/tinc: add settings and hostSettings for RFC42-style options 2020-12-13 21:33:38 +01:00
WilliButz 8727a0178f
Merge pull request #106788 from urbas/py-air-control-exporter-cli
nixos/prometheus-exporters/py-air-control: invoke exporter command
2020-12-12 21:48:01 +01:00
Matej Urbas 4970fbedbc nixos/prometheus-exporters/py-air-control: invoke exporter command
Package `py-air-control exporter` v0.1.5 comes with a new CLI. This change uses the new CLI (which simplifies the exporter's systemd service setup).
2020-12-12 20:19:54 +00:00
Florian Klink ce0fdd4dc0
Merge pull request #106697 from aanderse/mpd
nixos/mpd: conditionally provision required directories with StateDirectory
2020-12-12 20:48:54 +01:00
Jörg Thalheim 95042a58fb
Merge pull request #106751 from urbas/sd-image-first-boot-awk-missing
nixos/sd-image: explicit reference to the gawk package
2020-12-12 16:37:54 +00:00
Jörg Thalheim 5f0d38f05b
Merge pull request #106715 from Mic92/tinc 2020-12-12 16:35:59 +00:00
Matej Urbas aa38540423 nixos/sd-image: explicit reference to the gawk package
The `awk` command is not installed in the standard env. So this command fails if the `awk` command is not installed by some external module.
2020-12-12 15:43:09 +00:00
Linus Heckemann f448ec3365
Merge pull request #98731 from mayflower/ldap-nss-optional
config.users.ldap: do not include nss module if turned off
2020-12-12 10:53:39 +01:00
Linus Heckemann 54e9ee81a4
Merge pull request #106672 from alyssais/mailman
mailman: run non-minutely jobs
2020-12-12 10:12:39 +01:00
Atemu e4c49db668 nixos/dnscrypt-proxy2: base settings on example config
Dnscrypt-proxy needs some options to be set before it can do anything useful.

Currently, we only apply what the user configured which, by default, is nothing.

This leads to the dnscrypt-proxy2 service failing to start when you only set
`enable = true;` which is not a great user experience.

This patch makes the module take the example config from the upstream repo as a
base on top of which the user-specified settings are applied (it contains sane
defaults).

An option has been added to restore the old behaviour.
2020-12-12 09:15:11 +01:00
Jörg Thalheim 2cdec00dd2
nixos/tinc: add reload command 2020-12-12 07:37:16 +01:00
Aaron Andersen 77a8496907 nixos/mpd: conditionally provision required directories with StateDirectory 2020-12-11 19:35:43 -05:00
Aaron Andersen 9826371e44
Merge pull request #101224 from aanderse/ldap
nixos/ldap: restart nslcd when configuration changes
2020-12-11 17:18:12 -05:00
Guillaume Girol a7b60e6bdf
Merge pull request #104727 from chkno/fuse-dot-sshfs
nixos/locate: Fix sshfs exclusion
2020-12-11 20:32:28 +00:00
Alyssa Ross a2460414cb
nixos/mailman: run non-minutely jobs
Fixes: b478e0043c
 ("nixos/mailman: refactor")
2020-12-11 17:23:50 +00:00
Peter Hoeg aa995fb0b7 nixos/sshguard: do not do IPv6 setup/teardown unconditionally 2020-12-11 16:19:45 +08:00
Peter Simons 21b8fe302f
Merge pull request #106580 from rissson/nixos-postfix-fix-mastercf-type
nixos/postfix: fix masterCf type
2020-12-11 09:14:47 +01:00