3
0
Fork 0
forked from mirrors/nixpkgs
Commit graph

6169 commits

Author SHA1 Message Date
Peter Hoeg 639e5401ff dbus: add socket activation but do not enable it
The following changes are included:

1) install user unit files from upstream dbus
2) use absolute paths to config for --system and --session instances
3) make socket activation of user units configurable

There has been a number of PRs to address this, so this one does the
bare minimum, which is to make the functionality available and
configurable but defaults to off.

Related PRs:
 - #18382
 - #18222

(cherry picked from commit f7215c9b5b)
Signed-off-by: Domen Kožar <domen@dev.si>
2016-09-30 13:14:53 +02:00
Tuomas Tynkkynen a34ec1517f nixos-install: Bug fix for root password not being asked
Since some changes to the setuid wrappers, there is a symlink involved
and it doesn't resolve correctly inside the chroot. Do the check inside
the chroot to make it work again.
2016-09-29 23:17:53 +03:00
Eelco Dolstra 020e88704a kde4: Get rid of some Nepomuk cruft by default 2016-09-29 20:03:54 +02:00
Eelco Dolstra c2495261a8 kde4: Allow disabling dependency on MariaDB
This reduces the runtime closure of a KDE4 system by ~172 MiB.
2016-09-29 20:03:50 +02:00
Joachim F e2c7f7135d Merge pull request #19060 from bachp/confd-etcd-port
confd service: change default etcd port 4001 -> 2379
2016-09-29 14:59:51 +02:00
Eelco Dolstra a9166d143d Some release notes updates 2016-09-29 13:48:38 +02:00
Joachim F 4d3282a8fe Merge pull request #18993 from ericsagnes/mod/php-fpm
php-fpm module: cleanup
2016-09-29 13:14:32 +02:00
Eelco Dolstra 97bfc2fac9 runCommand: Use stdenvNoCC
This ensures that most "trivial" derivations used to build NixOS
configurations no longer depend on GCC. For commands that do invoke
gcc, there is runCommandCC.
2016-09-29 13:06:43 +02:00
Eelco Dolstra 0cb16a6955 Add stdenvNoCC
This is a standard environment that doesn't contain a C/C++
compiler. This is mostly to prevent trivial builders like runCommand
and substituteAll from pulling in gcc for simple configuration changes
on NixOS.
2016-09-29 13:06:41 +02:00
Eelco Dolstra 518340624d Merge remote-tracking branch 'origin/master' into staging 2016-09-29 13:06:14 +02:00
Eelco Dolstra 75a1ec8a65 NixOS: Use runCommand instead of mkDerivation in a few places 2016-09-29 13:05:28 +02:00
Peter Hoeg 1049fd49ed systemd: add user target support
This allows us to define system user targets in addition to the existing
services, timers and sockets.

Furthermore, we add a top-level configuration keyword:

 - Documentation
2016-09-29 17:02:10 +08:00
Pascal Bach 7d6c02d45a confd service: change default etcd port 4001 -> 2379
New versions of etcd listen on 2379 by default.
This is also the official IANA assigned port.
2016-09-28 23:35:54 +02:00
Graham Christensen 9ebc98e53d Merge pull request #19040 from grahamc/broken-mast
Mark packages as broken: asterisk, cryptopp, redmine, moodle, opera, openstack-neutron, mesos
2016-09-28 16:50:05 -04:00
Peter Simons 7c7e88b45e Merge pull request #19046 from rycee/bump/bash-completion
Bump bash completion to 2.4
2016-09-28 18:39:24 +02:00
Robert Helgesson e8817a2d20
bash-completion: change attribute name
This changes the attribute name of bash-completion from `bashCompletion`
to `bash-completion`. Keeps `bashCompletion` as an alias for the new
name.
2016-09-28 17:46:29 +02:00
Vladimír Čunát 77604964b6 Merge branch 'master' into staging 2016-09-28 17:13:59 +02:00
zimbatm 60cdc8c1f8 Merge pull request #19015 from Mic92/zsh
zsh: do not export HISTFILE, HISTSIZE, SAVEHIST
2016-09-28 15:36:07 +01:00
Graham Christensen e2688e072d
moodle: mark as broken
https://github.com/NixOS/nixpkgs/issues/18856
2016-09-28 08:52:18 -04:00
Eric Sagnes 7ad26bdc6e improvements from feedback 2016-09-28 11:05:22 +09:00
Graham Christensen 310b3d39f7 Merge pull request #18994 from grahamc/mediawiki
mediawiki: 1.23.13 -> 1.27.1
2016-09-27 16:33:31 -04:00
Jörg Thalheim 9049ab1a3b
zsh: do not export HISTFILE, HISTSIZE, SAVEHIST
Every interactive zsh sources /etc/zshrc (see STARTUP/SHUTDOWN FILES in zshautll(1))
Therefor every interactive zsh process will respect the content of these variables.
Using `export` will also lead to child processes inheriting this value.
This leads to problems, if other interactive shells are spawned such as bash,
because they use an incomptabible history format (without timestamps).
There seems to be also cases, where the local HISTSIZE in ~/.zshrc is
not sourced but /etc/zshrc, which leads to history truncation in other shells.
2016-09-27 22:19:53 +02:00
Franz Pletz a6d4ea4c2c
treewide: remove executable flags from .nix files 2016-09-27 22:15:00 +02:00
Franz Pletz 77779323c5
gitlab: 8.11.2 -> 8.12.1 2016-09-27 18:41:02 +02:00
Herwig Hochleitner 5fa7cf9f97 postgrey: add types to service 2016-09-27 15:35:02 +02:00
Herwig Hochleitner 5609fe521d postgrey: init at 1.36 (includes service) 2016-09-27 15:35:02 +02:00
Graham Christensen 8504237863
mediawiki: 1.23.13 -> 1.27.1 2016-09-26 21:53:36 -04:00
Eric Sagnes b14ecbb96f php-fpm module: cleanup
- Added example for the pool option
- Unified PHP-FPM spelling
2016-09-27 10:20:22 +09:00
Graham Christensen 43c546ce91 Merge pull request #18989 from grahamc/wordpress
wordpress: 4.3.1 -> 4.6.1 + add a test
2016-09-26 19:36:34 -04:00
Graham Christensen 4671806183
wordpress: 4.3.1 -> 4.6.1 + add a test 2016-09-26 19:36:07 -04:00
Christoph Hrdinka 553a3295c1 nsd: 4.1.9 -> 4.1.12
4.1.12
======

Bugfixes
--------

Fix malformed edns query assertion failure, reported by Michal Kepien (NASK).

4.1.11
======

Features
--------

* When tcp is more than half full, use short timeout for tcp session.
* Patch for {max,min}-{refresh,retry}-time from YAMAGUCHI Takanori.
* Fix #790: size-limit-xfr can stop NSD from downloading infinite zone transfer data size, from Toshifumi Sakaguchi. Fixes CVE-2016-6173 JVN#63359718 JPCERT#91251865.

Bugfixes
--------

* Fix build without IPv6, patch from Zdenek Kaspar.
* Fix #783: Trying to run a root server without having configured it silently gives wrong answers.
* Fix #782: Serve DS record but parent zone has no NS record.
* Fix nsec3 missing for nsec3 signed parent and child for DS at zonecut.

4.1.10
======

Features
--------

* ip-freebind: yesno option in nsd.conf sets IP_FREEBIND socket option for Linux, binds to interfaces and addresses that are down.
* NSD includes AAAA before A for queries over IPV6 (in delegations). And TC is set if no glue can be provided with a delegation because of packet size.
* print notice that nsd is starting before taking off.

Bugfixes
--------

* Fix for openssl 1.1.0, HMAC_CTX size not exported from openssl.
* Fix #751: NSD fails to occlude names below a DNAME.
* If set without nsd.db print "" as the default in the man pages.
* Fix #755: NSD spins after a zone update and a lot of TCP queries.
* Fix for NSEC3 with zone signed without exact match for empty nonterminals, the answer for that domain gets closest encloser.
* #772 Document that recvmmsg has IPv6 problems on some linux kernels.

4.1.9
=====

Bugfixes
--------

* Change the nsd.db file version because of nanosecond precision fix.
2016-09-27 00:14:24 +02:00
zimbatm d4c66e2f46 Merge pull request #18694 from bachp/runner-master
gitlab-runner: add package and service
2016-09-26 22:45:39 +01:00
Frederik Rietdijk 4020035513 Merge pull request #18935 from rycee/pullout/radicale
radicale: break into own package
2016-09-26 22:14:42 +02:00
aszlig 2af7051197
nixos/offlineimap: Move to services/mail
The services/networking directory is already quite polluted and the
first point where I was looking for the offlineimap module was in
services/mail and didn't find it there.

Offlineimap already has IMAP in its name and clearly belongs to the
"mail" category so let's move it there.

Tested by evaluating a configuration with services.offlineimap enabled.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @DamienCassou
2016-09-26 21:18:06 +02:00
aszlig 603b73f1e1
nixos/offlineimap: Don't build the package on eval
Coercing the derivation to string causes the package to be built during
evaluation rather than during actual realization which is completely
unnecessary because we don't need additional Nix expression information
for the package (nor do we need it for the service).

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @DamienCassou
Cc: @Profpatsch (stumbled on this because of him)
2016-09-26 21:07:06 +02:00
Eric Sagnes 3504a546e6 [WIP] typo fixes, few improvements 2016-09-27 00:36:59 +09:00
zimbatm ff980cc553 Merge pull request #18961 from wlhlm/nginx-events
Allow configuration of events{} block in nginx module
2016-09-26 13:41:54 +01:00
Wilhelm Schuster 54c5154b90 nginx module: Add option to configure events block 2016-09-26 12:16:53 +02:00
Eric Sagnes 8d656d2ca0 nixos-doc: add reviewing-contributions 2016-09-26 15:44:06 +09:00
Eelco Dolstra 0d81c482e3 Merge pull request #18953 from joachifm/remove-connman-uid
nixos/ids: remove unused connman uid
2016-09-26 08:17:35 +02:00
aszlig cb2f84e4d7
nixos/activation: Rename "tmpfs" to "specialfs"
Using "tmpfs" as a script part for system.activationScripts is a bit
misleading since 6efcfe03ae.

We no longer solely mount tmpfs within this script, so using "specialfs"
fits more nicely in terms of naming.

Tested against the "simple" NixOS installer test.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-09-26 02:04:54 +02:00
aszlig f94ea04805
nixos/activation: Avoid remounting non-existing FS
Regression introduced by 79d4636d50.

The mentioned commit moves /run/keys from stage 2 to
boot.specialFileSystems, the latter being remounted during system
activation.

Unfortunately, the specialMount function in the activation script does
this unconditionally and thus will fail if it can't be remounted because
the mount point simply doesn't exist.

We now check the mount point for existance and only remount if it exists
but mkdir + mount it if it doesn't.

Tested against the "simple" NixOS installer test.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-09-26 02:04:54 +02:00
Robert Helgesson 9d2a831497
radicale: break into own package
Since this is an application it is not suitable for pythonPackages,
which is more appropriate for Python modules.
2016-09-25 22:15:19 +02:00
Wilhelm Schuster 0d1e1b1810 containers module: Add option to enable tunnel access
This adds the containers.<name>.enableTun option allowing containers to
access /dev/net/tun. This is required by openvpn, tinc, etc. in order to
work properly inside containers.

The new option builds on top of two generic options
containers.<name>.additionalCapabilities and
containers.<name>.allowedDevices which also can be used for example when
adding support for FUSE later down the road.
2016-09-25 19:25:17 +02:00
Joachim Fasting 66f50a7631
nixos/ids: remove unused connman uid
The static connman uid is not referenced anywhere in NixOS.
2016-09-25 16:55:27 +02:00
Michele Guerini Rocco ec8d5945ce connman: disable connman-vpn by default (#18323) 2016-09-25 08:02:29 +02:00
jokogr b12debc076 grub: Do not check for duplicated devices in mirroredBoots on UEFI (#18625)
When Grub is to be used with UEFI, it is not going to write to any MBR
of any disk. As such, it is safe to use multiple "nodev" device entries
when mirroring the ESP partition to multiple disks.

E.g.:

```
boot.loader.grub = {
  enable = true;
  version = 2;
  zfsSupport = true;
  efiSupport = true;
  mirroredBoots = [
    { devices = [ "nodev" ]; path = "/boot1"; efiSysMountPoint = "/boot1"; }
    { devices = [ "nodev" ]; path = "/boot2"; efiSysMountPoint = "/boot2"; }
    { devices = [ "nodev" ]; path = "/boot3"; efiSysMountPoint = "/boot3"; }
  ];
};

boot.loader.efi.canTouchEfiVariables = true;
```

Fixes #18584
2016-09-25 07:37:18 +02:00
Arseniy Seroka 8b16e5fad8 Merge pull request #18833 from DamienCassou/rsnapshot-module-config
rsnapshot: add default options to module config
2016-09-25 01:07:49 +04:00
Vladimír Čunát c68850c6be nixos opengl: use mesa_drivers.out
...instead of mesa_noglu.out. Closures of systems remain unchanged,
as both are in (and the .out output is very small anyway).
This is to make sure that we use lib*GL* that aren't slowed down by grsecurity.
2016-09-24 19:21:39 +02:00
Vladimír Čunát fffc7638cd Merge branch 'master' into staging 2016-09-24 18:54:31 +02:00
Joachim F e2a9617185 Merge pull request #18915 from Mic92/container
containers: fix dynamic hash lookup
2016-09-24 18:41:43 +02:00
Joachim F 2522504bd1 Merge pull request #18463 from regnat/selfoss
Selfoss : add package and module
2016-09-24 16:10:39 +02:00
Nikolay Amiantov a63ca1bf3d stage-1 module: remove check that swap device has a label
All swap device option sets "have" a label, it's just that sometimes it's
undefined. Because we set a `device` attribute when we have a label anyway it's
ok to just check device prefix.

Fixes #18891.
2016-09-24 13:06:27 +03:00
Nikolay Amiantov f42e0dc9fd Merge pull request #18691 from abbradar/keys-fs
stage-2 init: move /run/keys mount to boot.specialFileSystems
2016-09-24 13:34:28 +04:00
Jörg Thalheim d6ce2e4bcb
containers: fix dynamic hash lookup
we want the content of attribute as a key:
b9df84cd4f broke this
2016-09-24 09:26:52 +02:00
Thomas Tuegel 84f7009994
nixos/input-methods: use gtk2 attribute for GTK 2 2016-09-23 17:28:47 -05:00
Pascal Bach de38c1bca0 gitlab-runner service: initial version 2016-09-23 22:39:12 +02:00
Wei-Ming Yang e330807e1f
murmur service: welcome -> welcometext
fixed incorrect option name `welcome` to `welcometext`.

joachifm added a rename for backwards compat.

Closes https://github.com/NixOS/nixpkgs/pull/18570
2016-09-23 16:08:14 +02:00
Matt McHenry de9546307f
nix-optimise service: init
Closes https://github.com/NixOS/nixpkgs/pull/18378
2016-09-23 16:08:03 +02:00
Joachim F 7529fd3bff Merge pull request #18818 from Jookia/RFC_htpdate
Rfc htpdate
2016-09-23 15:19:49 +02:00
Charles Strahan 3fe8eca17b Merge pull request #18853 from kvz/patch-2
Run riak with its `dataDir` as `HOME` so Erlang cookie can be written
2016-09-22 20:51:25 -04:00
Daiderd Jordan 0027c7119d Merge pull request #18806 from kvz/patch-1
riak: update service example
2016-09-23 00:31:06 +02:00
Kevin van Zonneveld 6d3b06ce37 Run riak with its dataDir as HOME so Erlang cookie can be written
See https://github.com/NixOS/nixpkgs/issues/18852
2016-09-22 22:49:30 +02:00
Jookia e23cc550b3 nixos: add htpdate module 2016-09-23 02:02:20 +10:00
Damien Cassou 76923385bc
rsnapshot: add default options to module config 2016-09-22 15:04:46 +02:00
Eelco Dolstra b9df84cd4f nixos-container: Syntax fixes
Get rid of the "or null" stuff. Also change 'cfg . "foo"' to 'cfg.foo'.

Also fixed what appears to be an actual bug: in postStartScript,
cfg.attribute (where attribute is a function argument) should be
cfg.${attribute}.
2016-09-22 14:06:22 +02:00
Kevin van Zonneveld 6ee89c907c Remove reference to riak2
As mentioned by LnL in IRC, we

> used to have riak and riak2

But this seems no longer the case, hence the example should be updated.
2016-09-21 14:34:31 +02:00
Domen Kožar 30e35d1218 Merge pull request #18622 from rvl/mongodb-test-default-i686
mongodb service: Add test case and fix default storage engine on i686
2016-09-21 14:19:45 +02:00
Domen Kožar 001d314e87 Merge pull request #18574 from ericsagnes/feat/mongodb
MongoDB service: switch configuration format to YAML
2016-09-21 14:19:17 +02:00
Domen Kožar 80437576f9 /var/empty: silently ignore errors (if on tmpfs) #18781 2016-09-21 10:29:14 +02:00
Benjamin Staffin ab40702c96 Merge pull request #18770 from mayflower/prometheus-alertmanager
Prometheus alertmanager module
2016-09-20 19:54:40 -04:00
Thomas Tuegel d7d74a1922
nixos/tests/kde5: fix test name 2016-09-20 14:53:36 -05:00
0ida 619ab48988 prometheus: add options for alertmanager 2016-09-20 19:35:03 +02:00
0ida fdded2c554 prometheus alertmanager module: init 2016-09-20 19:35:03 +02:00
Eelco Dolstra 7a4209c356 Merge remote-tracking branch 'origin/master' into staging 2016-09-20 17:46:09 +02:00
Robin Gloster 0fa64b718f
gitlab module: enable postgres pg_trgm extension 2016-09-20 17:45:23 +02:00
aszlig 97801380b0
nixos/networking: Use type lines for localCommands
Using types.str doesn't work if you want to mkBefore/mkAfter across
different module definitions, because it only allows for one definition
for the same priority.

This is especially useful if you deploy Hetzner machines via NixOps,
because the physical specification already defines localCommands.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-09-20 13:32:17 +02:00
Nikolay Amiantov 00f444d0c1 initrd-ssh service: check that authorized keys are added 2016-09-20 12:16:10 +03:00
Alexey Shmalko 60cfc558be Merge pull request #18718 from Mic92/powerdns
powerdns: init at 4.0.1
2016-09-20 11:07:51 +03:00
Alexey Shmalko 631c54c7a6 Merge pull request #18693 from Mic92/awesome
awesome: fix LUA_PATH for luaModules
2016-09-20 11:05:42 +03:00
Benjamin Saunders 0b4f8b93e6 matrix-synapse: 0.17.1 -> 0.18.0 2016-09-19 21:00:51 -07:00
Shea Levy 3f02cbbcaf Merge branch 'rngd-wantedBy' of git://github.com/srp/nixpkgs-1 2016-09-19 19:06:51 -04:00
Alexander Ried e52418fd08 monetdb module: remove since it's not packaged 2016-09-19 23:11:13 +02:00
Bjørn Forsman 4fdc9fa7d9 nixos/autofs: fix typo afuese -> afuse 2016-09-19 13:49:47 +02:00
Guillaume Maudoux 2184df98f7 Add changelog for container config (#18756) 2016-09-19 11:05:10 +02:00
Jörg Thalheim 0a42f98eac
awesome: fix LUA_PATH for luaModules
lua modules can be also within share/ within a package.
Previously only lib/ was included
2016-09-18 19:18:03 +02:00
Bjørn Forsman 32efdb7128 treewide: sshfsFuse -> sshfs-fuse 2016-09-18 17:44:30 +02:00
Jörg Thalheim b0a1c0b343
powerdns: init at 4.0.1
fixes #18703
2016-09-18 14:52:44 +02:00
Moritz Ulrich 01e44ac1f9 emacs: 24.5 -> 25.1
This commit removes all references to emacs24 with the exception of
emacs24-macports. The two folders in `pkgs/applications/editors` named
`emacs-24` and `emacs-24` are consolidated to a new `emacs` folder.

Various parts in nixpkgs also referenced `emacs24Packages` (pinned to
`emacs24`) explicitly where `emacsPackages` (non-pinned) is more
appropriate. These references get fixed by this commit too.
2016-09-18 13:38:21 +02:00
Scott R. Parish a560223119 rngd: update modalias to match cpu type
It looks like the cpu type part of modalias might have changed, my
systems (4.4.20 and 4.7.2) show something like the following:

```
cpu:type:x86,ven0000fam0006mod003F:feature:,0000,0001,0002,0003,0004,0005,0006,0007,0008,0009,000B,000C,000D,000E,000F,0010,0011,0013,0017,0018,0019,001A,001C,002B,0034,003B,003D,0068,006F,0070,0072,0074,0075,0076,007D,0080,0081,0089,008C,008D,0091,0093,0094,0095,0096,0097,0098,0099,009A,009B,009C,009D,009E,009F,00C0,00C5,0120,0123,0125,0127,0128,0129,012A,0140
```

Update the rngd modalias rule to match this so udev properly has
systemd start rngd.
2016-09-17 18:36:57 -07:00
Eric Sagnes 9132088dab pump.io test: adapt mongodb extraConf to YAML 2016-09-18 09:30:04 +09:00
Eric Sagnes 5cd565e507 mongodb service: switch configuration format to YAML
Configuration format has changed from MongoDB 2.6 to
YAML and MongoDB 2.4 is EOL since March 2016.
2016-09-18 09:29:35 +09:00
Thomas Tuegel 48999a953b Merge pull request #18656 from jokogr/u/sddm-0.14.0
sddm: 0.13.0 -> 0.14.0
2016-09-17 17:01:29 -05:00
Thomas Tuegel 9300b4903f
Revert "nixos/pam: clean up generated files (no functional change) (#18580)"
This reverts commit 1010271c63.
This reverts commit e85e51d41f.

The first commit causes multiple regressions. The second commit tries to
fix the regressions, but does not catch all of them. There are multiple
failing tests, one of which is blocking a package update. That is not
acceptable for a cosmetic patch.
2016-09-17 16:39:49 -05:00
Nikolay Amiantov 79d4636d50 stage-2 init: move /run/keys mount to boot.specialFileSystems 2016-09-17 15:39:24 +03:00
Franz Pletz 0a4d60622c
16.09 changelog: add changes to reverse path filter
See #17325.
2016-09-17 14:20:33 +02:00
Karn Kallio 2f91de22f5
enlightenment service: update gtk and gnome attributes 2016-09-17 12:32:51 +02:00
Nikolay Amiantov bf5d2bc215 16.09 changelog: add mention of special filesystems changes 2016-09-17 13:26:03 +03:00
Rodney Lorrimar 795a6e7610 mongodb service: add test case 2016-09-17 10:47:36 +01:00
Joachim F e06ead81bf Merge pull request #18630 from joachifm/unbound-improvements
Unbound service improvements
2016-09-17 10:56:42 +02:00
Vladimír Čunát 52e1a198cf Merge branch 'master' into staging 2016-09-17 00:31:34 +02:00
Eric Sagnes 2d2c311304 cadvisor test: fix (#18671)
* influxdb module: add postStart

* cadvisor module: increase TimeoutStartSec

Under high load, the cadvisor module can take longer than the default 90
seconds to start. This change should hopefully fix the test on Hydra.
2016-09-16 22:06:16 +02:00
obadz 93974eb98b grub: fix manual build 2016-09-16 19:12:47 +01:00
obadz eda4f5d409 grub: clarify efiInstallAsRemovable docstring 2016-09-16 18:09:50 +01:00
obadz 1c9ac8aabc grub: add boot.loader.grub.efiInstallAsRemovable
Closes #16374
2016-09-16 18:02:36 +01:00
aszlig dc364e8b18
nixos/xfce: Fix reference to Gtk 2
Regression introduced by bccd75094f.

The mentioned commit removed the pkgs.gtk attribute, but forgot to
change this within the xfce module.

Tested using the xfce NixOS test and it has passed on my machine.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-09-16 17:15:47 +02:00
obadz 29caa185a7 lightdm: obbey services.xserver.{window/desktop}Manager.default 2016-09-16 15:03:45 +01:00
obadz a20c2ce4b8 xfce: install networkmanager applet when networkmanager is enabled 2016-09-16 15:03:41 +01:00
aszlig e85e51d41f
nixos/pam: Fix wrong string concatenation
Regression introduced by 1010271c63.

This caused the line after using the loginuid module to be concatenated
with the next line without a newline.

In turn this has caused a lot of the NixOS VM tests to either run very
slowly (because of constantly hitting PAM errors) or simply fail.

I have tested this only with one of the failing NixOS tests.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-09-16 15:36:31 +02:00
Robin Gloster 0201869418
prometheus.nodeExporter module: improve after feedback
cc @teh @groxxda @fpletz
2016-09-16 15:10:18 +02:00
Ioannis Koutras d78e68b1a4 sddm: 0.13.0 -> 0.14.0 2016-09-16 15:09:18 +03:00
Joachim F 321843426d Merge pull request #18631 from joachifm/hidepid-external-doc
hidepid module: detailed description to external doc
2016-09-16 11:20:14 +02:00
Joachim Fasting 22d6c97855
unbound service: extend isLocalAddress to handle ipv6 2016-09-16 09:47:36 +02:00
Domen Kožar 00b7c5c5c2 Merge pull request #18624 from ericsagnes/fix/cadvisor
Cadvisor: update and fix test
2016-09-16 09:10:08 +02:00
Kamil Chmielewski 914e0e594c buildGoPackage: deps.json -> deps.nix in NIXON
https://github.com/NixOS/nixpkgs/pull/17254#issuecomment-245295541

* update docs to describe `deps.nix`
* include goDeps in nix-shell GOPATH
* NixOS 16.09 rel notes about replacing goPackages
2016-09-16 00:04:55 +01:00
zimbatm 7a6b860e1c Merge pull request #18437 from Mic92/telegraf
Telegraf
2016-09-15 23:21:08 +01:00
Robin Gloster 55b8430f6f
Merge branch 'prometheus-node-exporter' of https://github.com/teh/nixpkgs into prometheus-nixos-exporter 2016-09-15 20:59:17 +02:00
Robin Gloster e43a15720d
prometheus module: add nodeExporter submodule 2016-09-15 20:31:03 +02:00
Joachim Fasting bf538515b7
nixos/ids: remove static unbound uid 2016-09-15 15:37:20 +02:00
Joachim Fasting 5dc60051fa
unbound service: some pre-chroot isolation
While entering the chroot should provide the same amount of isolation,
the preStart script will run with full root privileges and so would
benefit from some isolation as well (in particular due to
unbound-anchor, which can perform network I/O).
2016-09-15 15:37:20 +02:00
Joachim Fasting 39f5182a30
unbound service: use auto-generated uid
1. The preStart script ensures consistent ownership, even if the unbound
   user's uid has changed
2. The unbound daemon does not generate data that needs to be private to
   it, so it would not matter that a different service would end up
   owning its data (as long as unbound remains enabled, it should reclaim
   ownership soon enough anyway).

Thus, there's no clear benefit to allocate a dedicated uid for the
unbound service.  This releases uid/gid 48.

Also, because the preStart script creates the data directory, there's no
need to specify a homedir or ask for its creation.
2016-09-15 15:37:19 +02:00
Joachim Fasting 0759e77dfd
unbound service: add reference to man:unbound.conf(8) 2016-09-15 15:37:19 +02:00
Joachim Fasting 52432ee63d
unbound service: non-blocking random in chroot
/dev/random is an exhaustible resource. Presumably, unbound will not be
used to generate long-term encryption keys and so allowing it to use
/dev/random only increases the risk of entropy exhaustion for no
benefit.
2016-09-15 15:37:19 +02:00
Joachim Fasting 7980523e00
unbound service: convenient handling of local forward addresses
do-not-query-localhost defaults to yes; with this patch, unbound is
configured to query localhost if any of the forward addresses are local.
2016-09-15 15:37:19 +02:00
Joachim Fasting 527b3dc1df
hidepid module: detailed description to external doc 2016-09-15 15:36:03 +02:00
Evgeny Egorochkin 9dd366c385 add Azure bootstrap blob list 2016-09-15 16:27:47 +03:00
Eric Sagnes db387a6f0d cadvisor: fix test 2016-09-15 21:28:41 +09:00
Joachim F fbcb93852c Merge pull request #18047 from Nadrieril/ttrss
tt-rss service: Use nginx virtualhosts; improve config options
2016-09-15 13:37:20 +02:00
Joachim F c571a7f221 Merge pull request #18500 from tvon/fix/gocd-server-options
gocd-server: add startupOptions, empty extraOptions
2016-09-15 13:24:48 +02:00
Eelco Dolstra 32d00f50ec Merge pull request #18573 from peterhoeg/systemd_user_cfg
systemd: support setting defaults for user instances
2016-09-14 13:39:57 +02:00
Bjørn Forsman 1010271c63 nixos/pam: clean up generated files (no functional change) (#18580)
The generated files in /etc/pam.d/ typically have a lot of empty lines
in them, due to how the generated Nix strings are joined together;
optional elements that are excluded still produce a newline. This patch
changes how the files are generated to create more compact,
human-friendly output files.

The change is basically this, repeated:

-  ''
-    ${optionalString use_ldap
-        "account sufficient ${pam_ldap}/lib/security/pam_ldap.so"}
-  ''
+  optionalString use_ldap ''
+    account sufficient ${pam_ldap}/lib/security/pam_ldap.so
+  ''
2016-09-14 11:56:07 +01:00
Théophane Hufschmitt 0401260922 selfoss service: init 2016-09-14 09:23:56 +02:00
Jörg Thalheim 8fddcad3f9
telegraf: init at 1.0.0
Signed-off-by: Jörg Thalheim <joerg@higgsboson.tk>
2016-09-14 07:19:55 +02:00
aszlig 1781e95577
Merge pull request #18567 (VirtualBox 5.1.6)
This introduces VirtualBox version 5.1.6 along with a few refactored
stuff, notably:

  * Kernel modules and user space applications are now separate
    derivations.
  * If config.pulseaudio doesn't exist in nixpkgs config, the default is
    now to build with PulseAudio modules.
  * A new updater to keep VirtualBox up to date.

All subtests in nixos/tests/virtualbox.nix succeed on my machine and
VirtualBox was reported to be working by @DamienCassou (although with
unrelated audio problems for another fix/branch) and @calbrecht.
2016-09-14 02:20:16 +02:00
aszlig f7563efa6e
nixos/tests/vbox: Add destroyVM for all subtests
One reason why it took me so long for debugging the test failure with
systemd-detect-virt was that simple-cli has succeeded while the former
has not.

This now makes sure we have consistency accross all the subtests and if
problems like the one in the previos commit ever show up again, we will
have just the headless test succeeding and it's more obvious where the
actual problem resides.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-09-14 02:12:16 +02:00
Vladimír Čunát aa0fa19373 gtk2: move gtk-update-icon-cache to gtk2.out
... to be useful for regeneration when building nixos environments.
Fixes #18536 (hopefully).
2016-09-13 23:51:57 +02:00
aszlig 80c2cc350c
nixos/tests/vbox: Disable audio for VBox guests
We don't have (simulated) sound hardware within the qemu VM, neither do
we have it available within VirtualBox that's running within the qemu
VMs.

With sound hardware the VirtualBox UI displays an error dialog, which in
turn causes the VM process to hang on unregister. This in turn has
caused the tests to fail because of the following error:

Cannot unregister the machine '...' while it is locked

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-09-13 23:17:47 +02:00
Reno Reckling 8ea8659f29 Remove tomcat vm test timing issues
(cherry picked from commit 090f1f0722)
Signed-off-by: Domen Kožar <domen@dev.si>
2016-09-13 22:46:46 +02:00
Domen Kožar a5de1cd8b5 Disable nixos.tests.panamax
https://github.com/NixOS/nixpkgs/issues/18209#issuecomment-246763699
2016-09-13 20:41:40 +02:00
Domen Kožar 9911a2f490 Merge pull request #18560 from MatrixAI/root-sudo-group-switch
sudo: Allow root to use sudo to switch groups
2016-09-13 16:22:07 +02:00
Jaka Hudoklin 7a9dd489d6 Merge pull request #18481 from offlinehacker/pkgs/docker/1.12.1
docker: 1.10.3 -> 1.12.1
2016-09-13 15:59:18 +02:00
Roger Qiu de0737aed5 sudo: Allow root to use sudo to switch groups 2016-09-13 23:15:56 +10:00
aszlig 562c7f56f0
nixos/tests/vbox: Make shutdown less noisy
Using waitUntilSucceeds for testing whether the shutdown signalling
files have vanished is quite noisy because it prints two lines for every
try. This is now fixed with a while loop on the guest VM which does the
same check but with only one output for the command that's executed and
another one when the conditions are met.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-09-13 14:55:52 +02:00
Jaka Hudoklin 5d9c62541a docker module: updates
- logDriver option, use journald for logging by default
- keep storage driver intact by default, as docker has sane defaults
- do not choose storage driver in tests, docker will choose by itself
- use dockerd binary as "docker daemon" command is deprecated and will be
  removed
- add overlay2 to list of storage drivers
2016-09-13 12:51:13 +02:00
Tom Hunger 0ded9a63a3 prometheus-node-exporter: Add module. 2016-09-13 11:28:45 +01:00
Nikolay Amiantov 4748709926 Merge commit 'refs/pull/18498/head' of git://github.com/NixOS/nixpkgs 2016-09-13 12:51:34 +03:00
Alexander Ried 60a9edbbeb tests.networking: remove network-interfaces.target 2016-09-13 11:19:23 +02:00
Alexander Ried 85c36d1f7d network-interfaces.target: add deprecation notice 2016-09-13 11:19:23 +02:00
Alexander Ried 072c1dcc4a network-interfaces-scripted: rework dependencies 2016-09-13 11:19:23 +02:00
Alexander Ried e90471d792 systemd-networkd.service: remove network-interfaces.target ordering 2016-09-13 11:19:23 +02:00
Alexander Ried 2d46004b74 multi-user.target should not pull network.target 2016-09-13 11:19:22 +02:00
Alexander Ried 8524df1259 networking.nat: replace network-interfaces.target
We can replace this safely with network-pre because iptables does not
care whether the interfaces exist or not.
2016-09-13 11:19:22 +02:00
Alexander Ried 60430b140c lshd service: remove use of network-interfaces.target 2016-09-13 11:19:22 +02:00
Alexander Ried d43b2b9c85 openvpn service: network-interfaces.target -> network.target 2016-09-13 11:19:22 +02:00
Alexander Ried 97416eaeef gpve service: network-interfaces.target -> network.target 2016-09-13 11:19:22 +02:00
Alexander Ried 4231293010 cluster.kubernetes: fix service ordering
Requires does NOT imply After, so I added the missing ordering.
2016-09-13 11:19:22 +02:00
Alexander Ried 5481831263 misc.etcd: get closer to upstream service definition
taken from
https://github.com/coreos/etcd/blob/master/contrib/systemd/etcd.service

I intentionally kept "After = network.target" because I think it's
missing upstream (https://github.com/coreos/etcd/pull/6388)
2016-09-13 11:19:22 +02:00
Alexander Ried 23ca90b013 monitoring.monit: get closer to upstream service definition
taken from
e02247e048/system/startup/monit.service.in?at=master
2016-09-13 11:19:22 +02:00
Alexander Ried fbf0abf4af softether: improve service dependencies 2016-09-13 11:19:22 +02:00
Alexander Ried 9819cdc71a wicd: get closer to upstream service definition
taken from
http://bazaar.launchpad.net/~wicd-devel/wicd/experimental/view/head:/other/wicd.service
2016-09-13 11:19:22 +02:00
Alexander Ried 3ada966bd5 treewide: minor format / style / documentation fixes 2016-09-13 11:19:22 +02:00
Alexander Ried bc7710468d networking.dhcpcd: use upstream targets 2016-09-13 11:19:22 +02:00
Joachim Fasting 3dc69799b6 tomcat: remove use of network-interfaces.target 2016-09-13 11:19:22 +02:00
Joachim Fasting c71bb91f66 peerflix: remove use of network-interfaces.target 2016-09-13 11:19:22 +02:00
Joachim Fasting 820b769fc8 oauth2_proxy: remove use of network-interfaces.target 2016-09-13 11:19:22 +02:00
Joachim Fasting b5756c8660 kibana service: remove use of network-interfaces.target 2016-09-13 11:19:22 +02:00
Joachim Fasting 94ed3de09e elasticsearch service: remove use of network-interfaces.target 2016-09-13 11:19:22 +02:00
Joachim Fasting b6e5c620a3 marathon service: remove use of network-interfaces.target 2016-09-13 11:19:22 +02:00
Joachim Fasting 3826c19392 chronos service: remove use of network-interfaces.target 2016-09-13 11:19:22 +02:00
Joachim Fasting 5a2a3510b9 zerobin service: remove use of network-interfaces.target 2016-09-13 11:19:22 +02:00
Joachim Fasting c7ed675fe3 xinetd service: remove use of network-interfaces.target 2016-09-13 11:19:22 +02:00
Joachim Fasting cda9af6eb8 wpa-supplicant service: remove use of network-interfaces.target 2016-09-13 11:19:22 +02:00
Joachim Fasting 768b333dc1 tinc service: remove use of network-interfaces.target 2016-09-13 11:19:22 +02:00
Joachim Fasting 795defaae0 tcpcrypt service: remove use of network-interfaces.target 2016-09-13 11:19:22 +02:00
Joachim Fasting 67d9369e5d radicale service: network-interfaces.target -> network{,-online}.target 2016-09-13 11:19:22 +02:00
Joachim Fasting 652e0b4b8a oidentd service: network-interfaces.target -> network.target 2016-09-13 11:19:22 +02:00
Joachim Fasting ae71667451 cjdns service: network-interfaces.target -> network.target 2016-09-13 11:19:22 +02:00
Joachim Fasting 69e15b7ba5 bind service: network-interfaces.target -> network.target 2016-09-13 11:19:22 +02:00
Joachim Fasting 22976bc951 openafs-client service: network-interfaces.target -> network.target 2016-09-13 11:19:22 +02:00
Joachim Fasting 1a60210561 nagios service: network-interfaces.target -> network.target 2016-09-13 11:19:22 +02:00
Joachim Fasting b38c0c94ab graphite service: network-interfaces.target -> network.target 2016-09-13 11:19:22 +02:00
Joachim Fasting c2d007e0f7 zookeeper service: network-interfaces.target -> network.target 2016-09-13 11:19:22 +02:00
Joachim Fasting 4c7f53e9b4 svnserve service: network-interfaces.target -> network.target 2016-09-13 11:19:22 +02:00
Joachim Fasting 9b1177f69d mesos-slave service: network-interfaces.target -> network.target 2016-09-13 11:19:22 +02:00
Joachim Fasting 2d48f1c487 mesos-master service: network-interfaces.target -> network.target 2016-09-13 11:19:22 +02:00
Joachim Fasting ebc8e082e9 folding-at-home service: network-interfaces.target -> network.target 2016-09-13 11:19:22 +02:00
Joachim Fasting 5a085caea3 apache-kafka service: network-interfaces.target -> network.target 2016-09-13 11:19:22 +02:00
Joachim Fasting 54b3e4fdf6 neo4j service: network-interfaces.target -> network.target 2016-09-13 11:19:22 +02:00
Joachim Fasting 167eef2bab influxdb service: network-interfaces.target -> network.target 2016-09-13 11:19:22 +02:00
Joachim Fasting 926428bdb5 cassandra service: network-interfaces.target -> network.target 2016-09-13 11:19:21 +02:00
Reno Reckling 6ff44c571b mumble: fix failing vm tests
modify tests to not fail if the event handlers are
registered too slowly or if the wrong window is in focus

(cherry picked from commit e087b0d12f)
Signed-off-by: Domen Kožar <domen@dev.si>
2016-09-13 09:45:08 +02:00
Данило Глинський (Danylo Hlynskyi) 896b2916ab nixos: fix typo in networking.interfaces.<name?>.virtual (#18548) 2016-09-13 08:04:00 +02:00
Alexander Ried 06b2897c40 networking.dhcpcd: Don't add to system closure when using networkd (#18436) 2016-09-13 07:55:17 +02:00
aszlig eea4af1c4c
nixos/virtualbox-image: Fix path to virtualbox
VirtualBox user space binaries now no longer reside in linuxPackages, so
let's use the package for the real user space binaries instead.

Tested using the following command:

nix-build nixos/release.nix -A ova.x86_64-linux

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-09-13 07:26:59 +02:00
Robert Helgesson b023e8f303 haveged module: clean up service configuration (#18513)
Switches from the forking service type to simple by running haveged in
the foreground. Also restricts the execution environment a bit (these
are inspired by the Debian service file).
2016-09-13 07:07:46 +02:00
Eric Sagnes b32252ddfa NixOS manual: add module option types doc (#18525) 2016-09-13 07:04:02 +02:00
aszlig 4a44eca07d
nixos/release-notes: Add VirtualBox changes
The change is backwards-compatible for users of the NixOS module but not
if people were using the package directly, so let's warn users about
that.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-09-13 06:34:33 +02:00
aszlig 8bd89c922d
virtualbox: Split kernel modules into own package
Putting the kernel modules into the same output path as the main
VirtualBox derivation causes all of VirtualBox to be rebuilt on every
single kernel update.

The build process of VirtualBox already outputs the kernel module source
along with the generated files for the configuration of the main
VirtualBox package. We put this into a different output called "modsrc"
which we re-use from linuxPackages.virtualbox, which is now only
containing the resulting kernel modules without the main user space
implementation.

This not only has the advantage of decluttering the Nix expression for
the user space portions but also gets rid of the need to nuke references
and the need to patch out "depmod -a".

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-09-13 06:12:38 +02:00
Eric Sagnes 79f72966e6 systemd module: optionSet -> submodule 2016-09-13 12:56:36 +09:00
Eric Sagnes 78858f2f8d networkd module: optionSet -> submodule 2016-09-13 12:56:05 +09:00
Eric Sagnes 69713a882c containers module: optionSet -> submodule 2016-09-13 12:54:59 +09:00
Eric Sagnes 062928c3ad network-interfaces module: optionSet -> submodule 2016-09-13 12:54:40 +09:00
Eric Sagnes 12a1de8305 etc module: optionSet -> submodule 2016-09-13 12:53:13 +09:00
Eric Sagnes 96f5788346 luksroot module: optionSet -> submodule 2016-09-13 12:53:13 +09:00
Eric Sagnes 55e437806a grub module: optionSet -> submodule 2016-09-13 12:53:12 +09:00
Eric Sagnes 03ee88f666 zope2 module: optionSet -> submodule 2016-09-13 12:53:12 +09:00
Eric Sagnes c16d03ddc5 winstone module: optionSet -> submodule 2016-09-13 12:53:12 +09:00
Eric Sagnes 7e5a24c23a i2pd module: optionSet -> submodule 2016-09-13 12:53:12 +09:00
Eric Sagnes b73ca0df27 tinc module: optionSet -> submodule 2016-09-13 12:53:12 +09:00
Eric Sagnes 8d58771b94 openvpn module: optionSet -> submodule 2016-09-13 12:53:11 +09:00
Eric Sagnes 775d98acbc xinet module: optionSet -> submodule 2016-09-13 12:53:11 +09:00
Eric Sagnes 819524a0d3 supplicant module: optionSet -> submodule 2016-09-13 12:53:11 +09:00
Eric Sagnes 48d6fa933c sshd module: optionSet -> submodule 2016-09-13 12:53:11 +09:00
Eric Sagnes d89a718baf prosody module: optionSet -> submodule 2016-09-13 12:53:11 +09:00
Eric Sagnes c3bdee3c39 nat module: optionSet -> submodule 2016-09-13 12:53:10 +09:00
Eric Sagnes 1b3c03b49c tahoe module: optionSet -> submodule 2016-09-13 12:53:10 +09:00
Eric Sagnes 981df6387c ups module: optionSet -> submodule 2016-09-13 12:53:10 +09:00
Eric Sagnes 06c11a62b3 smartd module: optionSet -> submodule 2016-09-13 12:53:10 +09:00
Eric Sagnes ef04462ea9 rippled module: optionSet -> submodule 2016-09-13 12:53:10 +09:00
Eric Sagnes c1cad56c6e logcheck module: optionSet -> submodule 2016-09-13 12:53:09 +09:00
Eric Sagnes 495a24d912 brscan4 module: optionSet -> submodule 2016-09-13 12:53:09 +09:00
Eric Sagnes 09a3ea1abf bacula module: optionSet -> submodule 2016-09-13 12:53:09 +09:00
Eric Sagnes fff4a9ee01 pam module: optionSet -> submodule 2016-09-13 12:53:09 +09:00
Eric Sagnes 3acf336f15 acme module: optionSet -> submodule 2016-09-13 12:53:09 +09:00
Eric Sagnes 77f572f072 users-groups module: optionSet -> submodule 2016-09-13 12:53:09 +09:00
Nikolay Amiantov 9b26cb92e3 Merge branch 'displaylink'
Close #18041
2016-09-13 01:59:47 +03:00
Nikolay Amiantov bc493ccfcc displaylink service: init 2016-09-13 00:30:35 +03:00
Kirill Boltaev a769e0ffae nixos manual: mention gtk-related alias changes 2016-09-12 18:26:06 +03:00
Langston Barrett 25a7ded89c audio services: use mkEnableOption (#18524) 2016-09-12 04:47:08 +02:00
Franz Pletz 80f38e9032
prometheus service: move to separate folder 2016-09-11 23:20:26 +02:00
Franz Pletz 5a7e5537aa Merge pull request #18298 from teh/prometheus-service
Prometheus service
2016-09-11 23:18:36 +02:00
aszlig b4e2b6bc6a
nixos/lib/testing: Fix unsetting $xchg
Regression introduced by 4dcb685af9.

Unsetting the environment variable shortly before using it is not going
to end up very well, so let's just filter out the variable from the
output of export and unset it shortly afterwards.

This fixes the runInMachine NixOS test.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-09-11 17:31:12 +02:00
aszlig 4ac7b7d5de
nixos/modules/rename: Remove docker-registry
This is a follow-up to 9c1cdedcba and
fed3501b07.

Discussion:

https://github.com/NixOS/nixpkgs/issues/18209#issuecomment-245968857

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @domenkozar
Issue: #18209
2016-09-11 16:51:20 +02:00
Rodney Lorrimar 4908d7bf20 nixos-manual: Add a chapter about writing documentation
It's more about the practical side of DocBook-wrangling than anything
else.
2016-09-11 13:21:09 +01:00
Rodney Lorrimar 3de354c73d nixos-manual(emacs): Add a section about configuring DocBook 5 schemas 2016-09-11 12:07:36 +01:00
Rodney Lorrimar aeb00f1681 nixos-manual(emacs): Fix typo reported by @rasendubi 2016-09-11 12:07:36 +01:00
Franz Pletz 5c38882f38
toxvpn service: doesn't require online network
Tested that it detects network changes quickly.
2016-09-11 08:16:55 +02:00
Franz Pletz c58654e2b7
treewide: fix fallout of ip-up deprecation
See #18319 for details. Starting network-online.target manually does not
work as it hangs indefinitely.

Additionally, don't treat avahi and dhcpcd special and sync their systemd units
with the respective upstream suggestion.
2016-09-11 08:13:04 +02:00
Tom von Schwerdtner e934231029 gocd-server: add startupOptions, empty extraOptions
The extraOptions option has default values which seems surprising.  This
moves those values to startupOptions (which is what gocd-agent uses) and
empties out the default extraOptions.

The gocd-agent startupOptions description was also changed to remove the
mention of the example (given there isn't one).
2016-09-10 17:52:06 -04:00
Tuomas Tynkkynen 0dbfb0fc48 Merge commit 'bd6e40c' from staging into master
Major changes being pulled in:

- mesa: maintenance 12.0.1 -> 12.0.2
- texlive: 2015 -> 2016
2016-09-10 23:23:44 +03:00
Joachim Fasting 0a6221578a
mpd service: replace script with serviceConfig.ExecStart 2016-09-10 18:30:14 +02:00
Joachim Fasting 009c1848c2
mpd service: add types to all options 2016-09-10 18:30:14 +02:00
Langston Barrett 77cedff4e7 ympd service: init (#18371)
ympd provides a web ui, it is suitable to be run as a service.
Fixes #17878.

service has no requirements b/c user might be using remote mpd
instance.
2016-09-10 18:23:39 +02:00
Alexander Ried 27bc34f1e4 treewide: deprecate ip-up.target (#18319)
Systemd upstream provides targets for networking. This also includes a target network-online.target.

In this PR I remove / replace most occurrences since some of them were even wrong and could delay startup.
2016-09-10 18:03:59 +02:00
Joachim F be33fc8973 Merge pull request #18446 from siddharthist/docs/ipv6-per-interface
nixos manual: disable ipv6 per interface
2016-09-10 17:08:30 +02:00
Vladimír Čunát bd6e40c27d Merge #16391: texlive: 2015 -> 2016
Mirroring isn't finalized, but we'll have to fix that on the go.
2016-09-10 12:04:25 +02:00
Domen Kožar 9c1cdedcba Remove test leftover from docker-registry
(cherry picked from commit d171c59926)
Signed-off-by: Domen Kožar <domen@dev.si>
2016-09-10 10:49:55 +02:00
Eelco Dolstra 4dcb685af9 runInMachine: Unset another variable
Thanks @cstrahan.
2016-09-09 20:02:56 +02:00
Domen Kožar fed3501b07 Remove docker-registry as it's deprecated #18209 2016-09-09 18:50:42 +02:00
danbst 63f9ef9f19 tomcat service: bump default tomcat to 8.5
See migration changelogs at
- 7.0 -> 8.0: https://tomcat.apache.org/migration-8.html
- 8.0 -> 8.5: https://tomcat.apache.org/migration-85.html
2016-09-09 18:29:12 +02:00
danbst a01d4ee3f4 tomcat: add danbst as maintainer 2016-09-09 18:29:12 +02:00
danbst f1072611a4 tomcat service: call shutdown in preStop, because postStop is too late (systemd kills process) 2016-09-09 18:29:12 +02:00
danbst 0c2d943529 tomcat: split default webapps to separate output (~6M) 2016-09-09 18:29:12 +02:00
Thomas Tuegel e5a79b0eae
nixos/tests/kde5: rename from sddm-kde5 and run by default
(cherry picked from commit 701f02a6ee)
2016-09-09 10:12:38 -05:00
Thomas Tuegel 0fdaae8be4
nixos/tests/sddm-kde5: don't run tests through krunner
(cherry picked from commit 1f510dc7cd)
2016-09-09 10:12:31 -05:00
Lengyel Balázs 127924954b Linux-kernel: Workaround for https://github.com/NixOS/nixpkgs/issues/18451
remove after upstream gets fixed
2016-09-09 11:47:48 +02:00
Langston Barrett 2ab6020930 nixos manual: disable ipv6 per interface
from a discussion on #13293
2016-09-08 18:12:05 +00:00
Rodney Lorrimar 5537503dec nixos/tests/pump.io: Fix systemd unit config
Ref #18209

(cherry picked from commit 3fd603c02f)
2016-09-08 17:06:49 +01:00
Eelco Dolstra 75baee8523 runInMachine: Support passAsFile
We need to rewrite attributes passed via files to their location in
/tmp/xchg in the VM. Otherwise functions like runCommand don't work.
2016-09-08 15:38:56 +02:00
Eric Sagnes f39f829441 nixos: unbreak influxdb test (due to new API)
Data from the documentation example[1] was used.

[1] https://docs.influxdata.com/influxdb/v1.0/guides/writing_data/

[Bjørn: change commit message.]
2016-09-08 15:01:10 +02:00
Robert Helgesson bf371a8b06 radicale service: use "simple" service type (#18406)
Radicale can run as a foreground service and will then emits logging and
errors on the standard output. This helps the logging end up in the
systemd journal.
2016-09-08 12:34:22 +02:00
Peter Hoeg 23b76b23f5 support user config 2016-09-08 16:40:54 +08:00
Bjørn Forsman 351d124376 nixos/release-notes: PHP config-file-scan-dir /etc -> /etc/php.d 2016-09-08 09:41:14 +02:00
Damien Cassou 6dc9ed317c Merge pull request #18244 from DamienCassou/emacs-gtk_data_prefix
emacs module: Fix to get properly themed GTK apps
2016-09-08 09:05:11 +02:00
aszlig dd98b6fb9f
nixos/stage2: Fix mounting special filesystems
This partially reverts commit ab9537ca22.

From the manpage of systemd-nspawn(1):

  Note that systemd-nspawn will mount file systems private to the
  container to /dev, /run and similar.

Testing this in a shell turns out:

$ sudo systemd-nspawn --bind-ro=/nix/store "$(readlink "$(which ls)")" /proc
Spawning container aszlig on /home/aszlig.
Press ^] three times within 1s to kill container.
/etc/localtime does not point into /usr/share/zoneinfo/, not updating
container timezone.
1          execdomains  kpageflags    stat
acpi       fb           loadavg       swaps
asound     filesystems  locks         sys
buddyinfo  fs           meminfo       sysrq-trigger
bus        interrupts   misc          sysvipc
cgroups    iomem        modules       thread-self
cmdline    ioports      mounts        timer_list
config.gz  irq          mtrr          timer_stats
consoles   kallsyms     net           tty
cpuinfo    kcore        pagetypeinfo  uptime
crypto     key-users    partitions    version
devices    keys         scsi          vmallocinfo
diskstats  kmsg         self          vmstat
dma        kpagecgroup  slabinfo      zoneinfo
driver     kpagecount   softirqs
Container aszlig exited successfully.

So the test on whether PID 1 exists in /proc is enough, because if we
use PID namespaces there actually _is_ a PID 1 (as shown above) and the
special file systems are already mounted. A test on the $containers
variable actually mounts them twice.

This unbreaks NixOS containers and I've tested this against the
containers-imperative NixOS test.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @rickynils, @shlevy, @edolstra
2016-09-07 18:10:08 +02:00
Rob Vermaas 2410608814 NixOS 17.03 will be called Gorilla 2016-09-07 15:05:00 +00:00
aszlig 75efdc6502
nixos/tests/blivet: Fix btrfs-related tests
The loopback-based tests use a storage size of 102400 blocks (one block
is 1024 bytes), which doesn't seem to fit for btrfs volumes in recent
btrfs versions. I'm setting this to 409600 (400 MB) now so that it
should be enough for later versions in case they need even more space
for subvolumes.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-09-07 16:32:12 +02:00
aszlig fb46df8a9a
nixos: Fix ordering of firewall.service
Follow-up to the following commits:

  abdc5961c3cdf9f5893ea1e91ba08ff5089f53a4: Fix starting the firewall
  e090701e2d09aec3e8866ab9a8e53c37973ffeb4: Order before sysinit

Solely use sysinit.target here instead of multi-user.target because we
want to make sure that the iptables rules are applied *before* any
socket units are started.

The reason I've dropped the wantedBy on multi-user.target is that
sysinit.target is already a part of the dependency chain of
multi-user.target.

To make sure that this holds true, I've added a small test case to
ensure that during switch of the configuration the firewall.service is
considered as well.

Tested using the firewall NixOS test.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @edolstra
2016-09-07 15:11:24 +02:00
Eelco Dolstra e090701e2d firewall: Order before sysinit
Suggested by @aszlig.
2016-09-07 14:42:30 +02:00
Eelco Dolstra abdc5961c3 Fix starting the firewall
Probably as a result of 992c514a20, it
was not being started anymore.

My understanding of systemd.special(7) (section "Special passive
system units") is that the firewall should want network-pre.target,
rather than the other way around (not very intuitive...). This in
itself does not cause the firewall to be wanted, which is why the
wanted-by relationship with multi-user.target is necessary.

http://hydra.nixos.org/build/39965589
2016-09-07 14:30:11 +02:00
Eelco Dolstra d8625f6d25 Make the NFSv4 tests release-critical
We can probably drop NFSv3...
2016-09-07 14:15:57 +02:00
Eelco Dolstra 58b028f9ee nfs module: Fix dependency on statd and idmapd
http://hydra.nixos.org/build/40038016
2016-09-07 14:15:57 +02:00
Eelco Dolstra 015c984537 nfs module: Improve descriptions 2016-09-07 14:15:57 +02:00
Alexey Shmalko b7237abc08 avahi-daemon: remove default browse-domains
These domains are not actually default but examples. See
https://github.com/lathiat/avahi/blob/master/avahi-daemon/avahi-daemon.conf#L24
for default config.
2016-09-07 13:58:21 +02:00
Shea Levy 03b888e205 Merge branch 'stage2-generalise-containers' of https://github.com/rickynils/nixpkgs 2016-09-07 05:39:22 -04:00
Eelco Dolstra 70be99c645 Merge pull request #18365 from NixOS/fix-sshd-failure
Make /var/empty immutable (with chattr +i)
2016-09-07 11:18:49 +02:00
Domen Kožar 8f95e6f6aa hardcode e2fsprogs, idempotent chmod, remove care condition 2016-09-07 10:49:27 +02:00
Rickard Nilsson ab9537ca22 nixos: Generalise the container tests in stage-2 boot
This way, stage-2 behaves correctly also for libvirt-lxc containers.

Some more discussion on this:
a7a08188bf
bfe46a653b
2016-09-07 07:50:04 +00:00
Langston Barrett 492a90f1c9 dovecot service: require mail{User,Group} with sieveScripts
fixes #17702.
2016-09-07 01:50:59 +00:00
Nikolay Amiantov aed2cd32f8 nixos containers: hopefully fix test failures
Closes #18377.
2016-09-07 02:55:48 +03:00
Franz Pletz 9190dbcc0e Merge pull request #18366 from groxxda/acme-loop
security.acme: require networking for client, remove loop without fallbackHost
2016-09-06 23:02:07 +02:00
Domen Kožar 3877ec5b2f Make /var/empty immutable
Fixes #14910 and #18358

Deployed to an existing server, restarted sshd and polkit to verify
they don't fail.
2016-09-06 20:13:33 +02:00
Thomas Tuegel caac16a924 Merge pull request #18362 from ericsagnes/fix/im-description
input-methods modules: fix engine description
2016-09-06 11:42:28 -05:00
Alexander Ried e84b803300 security.acme: remove loop when no fallbackHost is given 2016-09-06 17:47:00 +02:00
Alexander Ried 7f98dca782 security.acme: the client really needs networking
Actually this can be improved since the client only needs network
connectivity if it needs to renew the certificate.
2016-09-06 17:47:00 +02:00
Eelco Dolstra 98102ebd92 Enable the runuser command from util-linux
Fixes #14701.
2016-09-06 17:23:27 +02:00
Eelco Dolstra f2ddf2a9be nix: 1.11.3 -> 1.11.4 2016-09-06 16:15:22 +02:00
Eelco Dolstra 1fef99942e nixos-rebuild: Move the Nix fallback store paths into a separate file 2016-09-06 16:07:47 +02:00
Eric Sagnes 314c30cbf1 input-methods modules: fix engine description 2016-09-06 22:53:15 +09:00
obadz 3f1ceae281 Partially revert "Revert "nixos: remove rsync from base install and add explicit path in nixos-install""
This partially reverts commit 0aa7520670.

Fine for rsync to be in system path but we still need the explicit path
in nixos-install in case it is invoked from non-NixOS systems and also
to fix OVA test failure

See also 0aa7520670

cc @edolstra
2016-09-06 11:49:03 +01:00
Eelco Dolstra 520cb14f16 Fix infinite recursion introduced by f3c32cb2c1 2016-09-05 18:17:22 +02:00
Eelco Dolstra 1a1a31c9d8 Merge pull request #18321 from groxxda/cleanup
various: minor cleanup
2016-09-05 17:11:45 +02:00
Eelco Dolstra 5b5c2fb9c0 Make the default fonts conditional on services.xserver.enable
We were pulling in 44 MiB of fonts in the default configuration, which
is a bit excessive for headless configurations like EC2
instances. Note that dejavu_minimal ensures that remote X11-forwarded
applications still have a basic font regardless.
2016-09-05 15:51:37 +02:00
Eelco Dolstra f3c32cb2c1 Let services.openssh.forwardX11 imply programs.ssh.setXAuthLocation 2016-09-05 15:38:42 +02:00
Alexander Ried 53f3c2a278 systemd: add some missing upstream units 2016-09-05 15:03:46 +02:00
Alexander Ried 322c823193 agetty: remove override for container-getty@.service since it's upstream
Added in systemd/systemd@68ac53e
2016-09-05 15:03:35 +02:00
Alexander Ried 2fd6b36c51 networkd.module: remove before network-online
this is already upstream default
2016-09-05 15:03:35 +02:00
Alexander Ried 992c514a20 (network,remote-fs)-pre: remove duplicate wantedBy and before
this is part of (network,remote-fs).target, repectively
2016-09-05 15:03:35 +02:00
Eelco Dolstra ab49ebe6fa Make it possible to disable "info" 2016-09-05 14:53:27 +02:00
Eelco Dolstra 5e5df88457 modules/profiles/minimal.nix: Disable "man" 2016-09-05 14:53:27 +02:00