3
0
Fork 0
forked from mirrors/nixpkgs
Commit graph

6169 commits

Author SHA1 Message Date
Vladimír Čunát 52e1a198cf Merge branch 'master' into staging 2016-09-17 00:31:34 +02:00
Eric Sagnes 2d2c311304 cadvisor test: fix (#18671)
* influxdb module: add postStart

* cadvisor module: increase TimeoutStartSec

Under high load, the cadvisor module can take longer than the default 90
seconds to start. This change should hopefully fix the test on Hydra.
2016-09-16 22:06:16 +02:00
obadz 93974eb98b grub: fix manual build 2016-09-16 19:12:47 +01:00
obadz eda4f5d409 grub: clarify efiInstallAsRemovable docstring 2016-09-16 18:09:50 +01:00
obadz 1c9ac8aabc grub: add boot.loader.grub.efiInstallAsRemovable
Closes #16374
2016-09-16 18:02:36 +01:00
aszlig dc364e8b18
nixos/xfce: Fix reference to Gtk 2
Regression introduced by bccd75094f.

The mentioned commit removed the pkgs.gtk attribute, but forgot to
change this within the xfce module.

Tested using the xfce NixOS test and it has passed on my machine.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-09-16 17:15:47 +02:00
obadz 29caa185a7 lightdm: obbey services.xserver.{window/desktop}Manager.default 2016-09-16 15:03:45 +01:00
obadz a20c2ce4b8 xfce: install networkmanager applet when networkmanager is enabled 2016-09-16 15:03:41 +01:00
aszlig e85e51d41f
nixos/pam: Fix wrong string concatenation
Regression introduced by 1010271c63.

This caused the line after using the loginuid module to be concatenated
with the next line without a newline.

In turn this has caused a lot of the NixOS VM tests to either run very
slowly (because of constantly hitting PAM errors) or simply fail.

I have tested this only with one of the failing NixOS tests.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-09-16 15:36:31 +02:00
Robin Gloster 0201869418
prometheus.nodeExporter module: improve after feedback
cc @teh @groxxda @fpletz
2016-09-16 15:10:18 +02:00
Ioannis Koutras d78e68b1a4 sddm: 0.13.0 -> 0.14.0 2016-09-16 15:09:18 +03:00
Joachim F 321843426d Merge pull request #18631 from joachifm/hidepid-external-doc
hidepid module: detailed description to external doc
2016-09-16 11:20:14 +02:00
Joachim Fasting 22d6c97855
unbound service: extend isLocalAddress to handle ipv6 2016-09-16 09:47:36 +02:00
Domen Kožar 00b7c5c5c2 Merge pull request #18624 from ericsagnes/fix/cadvisor
Cadvisor: update and fix test
2016-09-16 09:10:08 +02:00
Kamil Chmielewski 914e0e594c buildGoPackage: deps.json -> deps.nix in NIXON
https://github.com/NixOS/nixpkgs/pull/17254#issuecomment-245295541

* update docs to describe `deps.nix`
* include goDeps in nix-shell GOPATH
* NixOS 16.09 rel notes about replacing goPackages
2016-09-16 00:04:55 +01:00
zimbatm 7a6b860e1c Merge pull request #18437 from Mic92/telegraf
Telegraf
2016-09-15 23:21:08 +01:00
Robin Gloster 55b8430f6f
Merge branch 'prometheus-node-exporter' of https://github.com/teh/nixpkgs into prometheus-nixos-exporter 2016-09-15 20:59:17 +02:00
Robin Gloster e43a15720d
prometheus module: add nodeExporter submodule 2016-09-15 20:31:03 +02:00
Joachim Fasting bf538515b7
nixos/ids: remove static unbound uid 2016-09-15 15:37:20 +02:00
Joachim Fasting 5dc60051fa
unbound service: some pre-chroot isolation
While entering the chroot should provide the same amount of isolation,
the preStart script will run with full root privileges and so would
benefit from some isolation as well (in particular due to
unbound-anchor, which can perform network I/O).
2016-09-15 15:37:20 +02:00
Joachim Fasting 39f5182a30
unbound service: use auto-generated uid
1. The preStart script ensures consistent ownership, even if the unbound
   user's uid has changed
2. The unbound daemon does not generate data that needs to be private to
   it, so it would not matter that a different service would end up
   owning its data (as long as unbound remains enabled, it should reclaim
   ownership soon enough anyway).

Thus, there's no clear benefit to allocate a dedicated uid for the
unbound service.  This releases uid/gid 48.

Also, because the preStart script creates the data directory, there's no
need to specify a homedir or ask for its creation.
2016-09-15 15:37:19 +02:00
Joachim Fasting 0759e77dfd
unbound service: add reference to man:unbound.conf(8) 2016-09-15 15:37:19 +02:00
Joachim Fasting 52432ee63d
unbound service: non-blocking random in chroot
/dev/random is an exhaustible resource. Presumably, unbound will not be
used to generate long-term encryption keys and so allowing it to use
/dev/random only increases the risk of entropy exhaustion for no
benefit.
2016-09-15 15:37:19 +02:00
Joachim Fasting 7980523e00
unbound service: convenient handling of local forward addresses
do-not-query-localhost defaults to yes; with this patch, unbound is
configured to query localhost if any of the forward addresses are local.
2016-09-15 15:37:19 +02:00
Joachim Fasting 527b3dc1df
hidepid module: detailed description to external doc 2016-09-15 15:36:03 +02:00
Evgeny Egorochkin 9dd366c385 add Azure bootstrap blob list 2016-09-15 16:27:47 +03:00
Eric Sagnes db387a6f0d cadvisor: fix test 2016-09-15 21:28:41 +09:00
Joachim F fbcb93852c Merge pull request #18047 from Nadrieril/ttrss
tt-rss service: Use nginx virtualhosts; improve config options
2016-09-15 13:37:20 +02:00
Joachim F c571a7f221 Merge pull request #18500 from tvon/fix/gocd-server-options
gocd-server: add startupOptions, empty extraOptions
2016-09-15 13:24:48 +02:00
Eelco Dolstra 32d00f50ec Merge pull request #18573 from peterhoeg/systemd_user_cfg
systemd: support setting defaults for user instances
2016-09-14 13:39:57 +02:00
Bjørn Forsman 1010271c63 nixos/pam: clean up generated files (no functional change) (#18580)
The generated files in /etc/pam.d/ typically have a lot of empty lines
in them, due to how the generated Nix strings are joined together;
optional elements that are excluded still produce a newline. This patch
changes how the files are generated to create more compact,
human-friendly output files.

The change is basically this, repeated:

-  ''
-    ${optionalString use_ldap
-        "account sufficient ${pam_ldap}/lib/security/pam_ldap.so"}
-  ''
+  optionalString use_ldap ''
+    account sufficient ${pam_ldap}/lib/security/pam_ldap.so
+  ''
2016-09-14 11:56:07 +01:00
Théophane Hufschmitt 0401260922 selfoss service: init 2016-09-14 09:23:56 +02:00
Jörg Thalheim 8fddcad3f9
telegraf: init at 1.0.0
Signed-off-by: Jörg Thalheim <joerg@higgsboson.tk>
2016-09-14 07:19:55 +02:00
aszlig 1781e95577
Merge pull request #18567 (VirtualBox 5.1.6)
This introduces VirtualBox version 5.1.6 along with a few refactored
stuff, notably:

  * Kernel modules and user space applications are now separate
    derivations.
  * If config.pulseaudio doesn't exist in nixpkgs config, the default is
    now to build with PulseAudio modules.
  * A new updater to keep VirtualBox up to date.

All subtests in nixos/tests/virtualbox.nix succeed on my machine and
VirtualBox was reported to be working by @DamienCassou (although with
unrelated audio problems for another fix/branch) and @calbrecht.
2016-09-14 02:20:16 +02:00
aszlig f7563efa6e
nixos/tests/vbox: Add destroyVM for all subtests
One reason why it took me so long for debugging the test failure with
systemd-detect-virt was that simple-cli has succeeded while the former
has not.

This now makes sure we have consistency accross all the subtests and if
problems like the one in the previos commit ever show up again, we will
have just the headless test succeeding and it's more obvious where the
actual problem resides.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-09-14 02:12:16 +02:00
Vladimír Čunát aa0fa19373 gtk2: move gtk-update-icon-cache to gtk2.out
... to be useful for regeneration when building nixos environments.
Fixes #18536 (hopefully).
2016-09-13 23:51:57 +02:00
aszlig 80c2cc350c
nixos/tests/vbox: Disable audio for VBox guests
We don't have (simulated) sound hardware within the qemu VM, neither do
we have it available within VirtualBox that's running within the qemu
VMs.

With sound hardware the VirtualBox UI displays an error dialog, which in
turn causes the VM process to hang on unregister. This in turn has
caused the tests to fail because of the following error:

Cannot unregister the machine '...' while it is locked

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-09-13 23:17:47 +02:00
Reno Reckling 8ea8659f29 Remove tomcat vm test timing issues
(cherry picked from commit 090f1f0722)
Signed-off-by: Domen Kožar <domen@dev.si>
2016-09-13 22:46:46 +02:00
Domen Kožar a5de1cd8b5 Disable nixos.tests.panamax
https://github.com/NixOS/nixpkgs/issues/18209#issuecomment-246763699
2016-09-13 20:41:40 +02:00
Domen Kožar 9911a2f490 Merge pull request #18560 from MatrixAI/root-sudo-group-switch
sudo: Allow root to use sudo to switch groups
2016-09-13 16:22:07 +02:00
Jaka Hudoklin 7a9dd489d6 Merge pull request #18481 from offlinehacker/pkgs/docker/1.12.1
docker: 1.10.3 -> 1.12.1
2016-09-13 15:59:18 +02:00
Roger Qiu de0737aed5 sudo: Allow root to use sudo to switch groups 2016-09-13 23:15:56 +10:00
aszlig 562c7f56f0
nixos/tests/vbox: Make shutdown less noisy
Using waitUntilSucceeds for testing whether the shutdown signalling
files have vanished is quite noisy because it prints two lines for every
try. This is now fixed with a while loop on the guest VM which does the
same check but with only one output for the command that's executed and
another one when the conditions are met.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-09-13 14:55:52 +02:00
Jaka Hudoklin 5d9c62541a docker module: updates
- logDriver option, use journald for logging by default
- keep storage driver intact by default, as docker has sane defaults
- do not choose storage driver in tests, docker will choose by itself
- use dockerd binary as "docker daemon" command is deprecated and will be
  removed
- add overlay2 to list of storage drivers
2016-09-13 12:51:13 +02:00
Tom Hunger 0ded9a63a3 prometheus-node-exporter: Add module. 2016-09-13 11:28:45 +01:00
Nikolay Amiantov 4748709926 Merge commit 'refs/pull/18498/head' of git://github.com/NixOS/nixpkgs 2016-09-13 12:51:34 +03:00
Alexander Ried 60a9edbbeb tests.networking: remove network-interfaces.target 2016-09-13 11:19:23 +02:00
Alexander Ried 85c36d1f7d network-interfaces.target: add deprecation notice 2016-09-13 11:19:23 +02:00
Alexander Ried 072c1dcc4a network-interfaces-scripted: rework dependencies 2016-09-13 11:19:23 +02:00
Alexander Ried e90471d792 systemd-networkd.service: remove network-interfaces.target ordering 2016-09-13 11:19:23 +02:00
Alexander Ried 2d46004b74 multi-user.target should not pull network.target 2016-09-13 11:19:22 +02:00
Alexander Ried 8524df1259 networking.nat: replace network-interfaces.target
We can replace this safely with network-pre because iptables does not
care whether the interfaces exist or not.
2016-09-13 11:19:22 +02:00
Alexander Ried 60430b140c lshd service: remove use of network-interfaces.target 2016-09-13 11:19:22 +02:00
Alexander Ried d43b2b9c85 openvpn service: network-interfaces.target -> network.target 2016-09-13 11:19:22 +02:00
Alexander Ried 97416eaeef gpve service: network-interfaces.target -> network.target 2016-09-13 11:19:22 +02:00
Alexander Ried 4231293010 cluster.kubernetes: fix service ordering
Requires does NOT imply After, so I added the missing ordering.
2016-09-13 11:19:22 +02:00
Alexander Ried 5481831263 misc.etcd: get closer to upstream service definition
taken from
https://github.com/coreos/etcd/blob/master/contrib/systemd/etcd.service

I intentionally kept "After = network.target" because I think it's
missing upstream (https://github.com/coreos/etcd/pull/6388)
2016-09-13 11:19:22 +02:00
Alexander Ried 23ca90b013 monitoring.monit: get closer to upstream service definition
taken from
e02247e048/system/startup/monit.service.in?at=master
2016-09-13 11:19:22 +02:00
Alexander Ried fbf0abf4af softether: improve service dependencies 2016-09-13 11:19:22 +02:00
Alexander Ried 9819cdc71a wicd: get closer to upstream service definition
taken from
http://bazaar.launchpad.net/~wicd-devel/wicd/experimental/view/head:/other/wicd.service
2016-09-13 11:19:22 +02:00
Alexander Ried 3ada966bd5 treewide: minor format / style / documentation fixes 2016-09-13 11:19:22 +02:00
Alexander Ried bc7710468d networking.dhcpcd: use upstream targets 2016-09-13 11:19:22 +02:00
Joachim Fasting 3dc69799b6 tomcat: remove use of network-interfaces.target 2016-09-13 11:19:22 +02:00
Joachim Fasting c71bb91f66 peerflix: remove use of network-interfaces.target 2016-09-13 11:19:22 +02:00
Joachim Fasting 820b769fc8 oauth2_proxy: remove use of network-interfaces.target 2016-09-13 11:19:22 +02:00
Joachim Fasting b5756c8660 kibana service: remove use of network-interfaces.target 2016-09-13 11:19:22 +02:00
Joachim Fasting 94ed3de09e elasticsearch service: remove use of network-interfaces.target 2016-09-13 11:19:22 +02:00
Joachim Fasting b6e5c620a3 marathon service: remove use of network-interfaces.target 2016-09-13 11:19:22 +02:00
Joachim Fasting 3826c19392 chronos service: remove use of network-interfaces.target 2016-09-13 11:19:22 +02:00
Joachim Fasting 5a2a3510b9 zerobin service: remove use of network-interfaces.target 2016-09-13 11:19:22 +02:00
Joachim Fasting c7ed675fe3 xinetd service: remove use of network-interfaces.target 2016-09-13 11:19:22 +02:00
Joachim Fasting cda9af6eb8 wpa-supplicant service: remove use of network-interfaces.target 2016-09-13 11:19:22 +02:00
Joachim Fasting 768b333dc1 tinc service: remove use of network-interfaces.target 2016-09-13 11:19:22 +02:00
Joachim Fasting 795defaae0 tcpcrypt service: remove use of network-interfaces.target 2016-09-13 11:19:22 +02:00
Joachim Fasting 67d9369e5d radicale service: network-interfaces.target -> network{,-online}.target 2016-09-13 11:19:22 +02:00
Joachim Fasting 652e0b4b8a oidentd service: network-interfaces.target -> network.target 2016-09-13 11:19:22 +02:00
Joachim Fasting ae71667451 cjdns service: network-interfaces.target -> network.target 2016-09-13 11:19:22 +02:00
Joachim Fasting 69e15b7ba5 bind service: network-interfaces.target -> network.target 2016-09-13 11:19:22 +02:00
Joachim Fasting 22976bc951 openafs-client service: network-interfaces.target -> network.target 2016-09-13 11:19:22 +02:00
Joachim Fasting 1a60210561 nagios service: network-interfaces.target -> network.target 2016-09-13 11:19:22 +02:00
Joachim Fasting b38c0c94ab graphite service: network-interfaces.target -> network.target 2016-09-13 11:19:22 +02:00
Joachim Fasting c2d007e0f7 zookeeper service: network-interfaces.target -> network.target 2016-09-13 11:19:22 +02:00
Joachim Fasting 4c7f53e9b4 svnserve service: network-interfaces.target -> network.target 2016-09-13 11:19:22 +02:00
Joachim Fasting 9b1177f69d mesos-slave service: network-interfaces.target -> network.target 2016-09-13 11:19:22 +02:00
Joachim Fasting 2d48f1c487 mesos-master service: network-interfaces.target -> network.target 2016-09-13 11:19:22 +02:00
Joachim Fasting ebc8e082e9 folding-at-home service: network-interfaces.target -> network.target 2016-09-13 11:19:22 +02:00
Joachim Fasting 5a085caea3 apache-kafka service: network-interfaces.target -> network.target 2016-09-13 11:19:22 +02:00
Joachim Fasting 54b3e4fdf6 neo4j service: network-interfaces.target -> network.target 2016-09-13 11:19:22 +02:00
Joachim Fasting 167eef2bab influxdb service: network-interfaces.target -> network.target 2016-09-13 11:19:22 +02:00
Joachim Fasting 926428bdb5 cassandra service: network-interfaces.target -> network.target 2016-09-13 11:19:21 +02:00
Reno Reckling 6ff44c571b mumble: fix failing vm tests
modify tests to not fail if the event handlers are
registered too slowly or if the wrong window is in focus

(cherry picked from commit e087b0d12f)
Signed-off-by: Domen Kožar <domen@dev.si>
2016-09-13 09:45:08 +02:00
Данило Глинський (Danylo Hlynskyi) 896b2916ab nixos: fix typo in networking.interfaces.<name?>.virtual (#18548) 2016-09-13 08:04:00 +02:00
Alexander Ried 06b2897c40 networking.dhcpcd: Don't add to system closure when using networkd (#18436) 2016-09-13 07:55:17 +02:00
aszlig eea4af1c4c
nixos/virtualbox-image: Fix path to virtualbox
VirtualBox user space binaries now no longer reside in linuxPackages, so
let's use the package for the real user space binaries instead.

Tested using the following command:

nix-build nixos/release.nix -A ova.x86_64-linux

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-09-13 07:26:59 +02:00
Robert Helgesson b023e8f303 haveged module: clean up service configuration (#18513)
Switches from the forking service type to simple by running haveged in
the foreground. Also restricts the execution environment a bit (these
are inspired by the Debian service file).
2016-09-13 07:07:46 +02:00
Eric Sagnes b32252ddfa NixOS manual: add module option types doc (#18525) 2016-09-13 07:04:02 +02:00
aszlig 4a44eca07d
nixos/release-notes: Add VirtualBox changes
The change is backwards-compatible for users of the NixOS module but not
if people were using the package directly, so let's warn users about
that.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-09-13 06:34:33 +02:00
aszlig 8bd89c922d
virtualbox: Split kernel modules into own package
Putting the kernel modules into the same output path as the main
VirtualBox derivation causes all of VirtualBox to be rebuilt on every
single kernel update.

The build process of VirtualBox already outputs the kernel module source
along with the generated files for the configuration of the main
VirtualBox package. We put this into a different output called "modsrc"
which we re-use from linuxPackages.virtualbox, which is now only
containing the resulting kernel modules without the main user space
implementation.

This not only has the advantage of decluttering the Nix expression for
the user space portions but also gets rid of the need to nuke references
and the need to patch out "depmod -a".

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-09-13 06:12:38 +02:00
Eric Sagnes 79f72966e6 systemd module: optionSet -> submodule 2016-09-13 12:56:36 +09:00
Eric Sagnes 78858f2f8d networkd module: optionSet -> submodule 2016-09-13 12:56:05 +09:00
Eric Sagnes 69713a882c containers module: optionSet -> submodule 2016-09-13 12:54:59 +09:00
Eric Sagnes 062928c3ad network-interfaces module: optionSet -> submodule 2016-09-13 12:54:40 +09:00
Eric Sagnes 12a1de8305 etc module: optionSet -> submodule 2016-09-13 12:53:13 +09:00
Eric Sagnes 96f5788346 luksroot module: optionSet -> submodule 2016-09-13 12:53:13 +09:00
Eric Sagnes 55e437806a grub module: optionSet -> submodule 2016-09-13 12:53:12 +09:00
Eric Sagnes 03ee88f666 zope2 module: optionSet -> submodule 2016-09-13 12:53:12 +09:00
Eric Sagnes c16d03ddc5 winstone module: optionSet -> submodule 2016-09-13 12:53:12 +09:00
Eric Sagnes 7e5a24c23a i2pd module: optionSet -> submodule 2016-09-13 12:53:12 +09:00
Eric Sagnes b73ca0df27 tinc module: optionSet -> submodule 2016-09-13 12:53:12 +09:00
Eric Sagnes 8d58771b94 openvpn module: optionSet -> submodule 2016-09-13 12:53:11 +09:00
Eric Sagnes 775d98acbc xinet module: optionSet -> submodule 2016-09-13 12:53:11 +09:00
Eric Sagnes 819524a0d3 supplicant module: optionSet -> submodule 2016-09-13 12:53:11 +09:00
Eric Sagnes 48d6fa933c sshd module: optionSet -> submodule 2016-09-13 12:53:11 +09:00
Eric Sagnes d89a718baf prosody module: optionSet -> submodule 2016-09-13 12:53:11 +09:00
Eric Sagnes c3bdee3c39 nat module: optionSet -> submodule 2016-09-13 12:53:10 +09:00
Eric Sagnes 1b3c03b49c tahoe module: optionSet -> submodule 2016-09-13 12:53:10 +09:00
Eric Sagnes 981df6387c ups module: optionSet -> submodule 2016-09-13 12:53:10 +09:00
Eric Sagnes 06c11a62b3 smartd module: optionSet -> submodule 2016-09-13 12:53:10 +09:00
Eric Sagnes ef04462ea9 rippled module: optionSet -> submodule 2016-09-13 12:53:10 +09:00
Eric Sagnes c1cad56c6e logcheck module: optionSet -> submodule 2016-09-13 12:53:09 +09:00
Eric Sagnes 495a24d912 brscan4 module: optionSet -> submodule 2016-09-13 12:53:09 +09:00
Eric Sagnes 09a3ea1abf bacula module: optionSet -> submodule 2016-09-13 12:53:09 +09:00
Eric Sagnes fff4a9ee01 pam module: optionSet -> submodule 2016-09-13 12:53:09 +09:00
Eric Sagnes 3acf336f15 acme module: optionSet -> submodule 2016-09-13 12:53:09 +09:00
Eric Sagnes 77f572f072 users-groups module: optionSet -> submodule 2016-09-13 12:53:09 +09:00
Nikolay Amiantov 9b26cb92e3 Merge branch 'displaylink'
Close #18041
2016-09-13 01:59:47 +03:00
Nikolay Amiantov bc493ccfcc displaylink service: init 2016-09-13 00:30:35 +03:00
Kirill Boltaev a769e0ffae nixos manual: mention gtk-related alias changes 2016-09-12 18:26:06 +03:00
Langston Barrett 25a7ded89c audio services: use mkEnableOption (#18524) 2016-09-12 04:47:08 +02:00
Franz Pletz 80f38e9032
prometheus service: move to separate folder 2016-09-11 23:20:26 +02:00
Franz Pletz 5a7e5537aa Merge pull request #18298 from teh/prometheus-service
Prometheus service
2016-09-11 23:18:36 +02:00
aszlig b4e2b6bc6a
nixos/lib/testing: Fix unsetting $xchg
Regression introduced by 4dcb685af9.

Unsetting the environment variable shortly before using it is not going
to end up very well, so let's just filter out the variable from the
output of export and unset it shortly afterwards.

This fixes the runInMachine NixOS test.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-09-11 17:31:12 +02:00
aszlig 4ac7b7d5de
nixos/modules/rename: Remove docker-registry
This is a follow-up to 9c1cdedcba and
fed3501b07.

Discussion:

https://github.com/NixOS/nixpkgs/issues/18209#issuecomment-245968857

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @domenkozar
Issue: #18209
2016-09-11 16:51:20 +02:00
Rodney Lorrimar 4908d7bf20 nixos-manual: Add a chapter about writing documentation
It's more about the practical side of DocBook-wrangling than anything
else.
2016-09-11 13:21:09 +01:00
Rodney Lorrimar 3de354c73d nixos-manual(emacs): Add a section about configuring DocBook 5 schemas 2016-09-11 12:07:36 +01:00
Rodney Lorrimar aeb00f1681 nixos-manual(emacs): Fix typo reported by @rasendubi 2016-09-11 12:07:36 +01:00
Franz Pletz 5c38882f38
toxvpn service: doesn't require online network
Tested that it detects network changes quickly.
2016-09-11 08:16:55 +02:00
Franz Pletz c58654e2b7
treewide: fix fallout of ip-up deprecation
See #18319 for details. Starting network-online.target manually does not
work as it hangs indefinitely.

Additionally, don't treat avahi and dhcpcd special and sync their systemd units
with the respective upstream suggestion.
2016-09-11 08:13:04 +02:00
Tom von Schwerdtner e934231029 gocd-server: add startupOptions, empty extraOptions
The extraOptions option has default values which seems surprising.  This
moves those values to startupOptions (which is what gocd-agent uses) and
empties out the default extraOptions.

The gocd-agent startupOptions description was also changed to remove the
mention of the example (given there isn't one).
2016-09-10 17:52:06 -04:00
Tuomas Tynkkynen 0dbfb0fc48 Merge commit 'bd6e40c' from staging into master
Major changes being pulled in:

- mesa: maintenance 12.0.1 -> 12.0.2
- texlive: 2015 -> 2016
2016-09-10 23:23:44 +03:00
Joachim Fasting 0a6221578a
mpd service: replace script with serviceConfig.ExecStart 2016-09-10 18:30:14 +02:00
Joachim Fasting 009c1848c2
mpd service: add types to all options 2016-09-10 18:30:14 +02:00
Langston Barrett 77cedff4e7 ympd service: init (#18371)
ympd provides a web ui, it is suitable to be run as a service.
Fixes #17878.

service has no requirements b/c user might be using remote mpd
instance.
2016-09-10 18:23:39 +02:00
Alexander Ried 27bc34f1e4 treewide: deprecate ip-up.target (#18319)
Systemd upstream provides targets for networking. This also includes a target network-online.target.

In this PR I remove / replace most occurrences since some of them were even wrong and could delay startup.
2016-09-10 18:03:59 +02:00
Joachim F be33fc8973 Merge pull request #18446 from siddharthist/docs/ipv6-per-interface
nixos manual: disable ipv6 per interface
2016-09-10 17:08:30 +02:00
Vladimír Čunát bd6e40c27d Merge #16391: texlive: 2015 -> 2016
Mirroring isn't finalized, but we'll have to fix that on the go.
2016-09-10 12:04:25 +02:00
Domen Kožar 9c1cdedcba Remove test leftover from docker-registry
(cherry picked from commit d171c59926)
Signed-off-by: Domen Kožar <domen@dev.si>
2016-09-10 10:49:55 +02:00
Eelco Dolstra 4dcb685af9 runInMachine: Unset another variable
Thanks @cstrahan.
2016-09-09 20:02:56 +02:00
Domen Kožar fed3501b07 Remove docker-registry as it's deprecated #18209 2016-09-09 18:50:42 +02:00
danbst 63f9ef9f19 tomcat service: bump default tomcat to 8.5
See migration changelogs at
- 7.0 -> 8.0: https://tomcat.apache.org/migration-8.html
- 8.0 -> 8.5: https://tomcat.apache.org/migration-85.html
2016-09-09 18:29:12 +02:00
danbst a01d4ee3f4 tomcat: add danbst as maintainer 2016-09-09 18:29:12 +02:00
danbst f1072611a4 tomcat service: call shutdown in preStop, because postStop is too late (systemd kills process) 2016-09-09 18:29:12 +02:00
danbst 0c2d943529 tomcat: split default webapps to separate output (~6M) 2016-09-09 18:29:12 +02:00
Thomas Tuegel e5a79b0eae
nixos/tests/kde5: rename from sddm-kde5 and run by default
(cherry picked from commit 701f02a6ee)
2016-09-09 10:12:38 -05:00
Thomas Tuegel 0fdaae8be4
nixos/tests/sddm-kde5: don't run tests through krunner
(cherry picked from commit 1f510dc7cd)
2016-09-09 10:12:31 -05:00
Lengyel Balázs 127924954b Linux-kernel: Workaround for https://github.com/NixOS/nixpkgs/issues/18451
remove after upstream gets fixed
2016-09-09 11:47:48 +02:00
Langston Barrett 2ab6020930 nixos manual: disable ipv6 per interface
from a discussion on #13293
2016-09-08 18:12:05 +00:00
Rodney Lorrimar 5537503dec nixos/tests/pump.io: Fix systemd unit config
Ref #18209

(cherry picked from commit 3fd603c02f)
2016-09-08 17:06:49 +01:00
Eelco Dolstra 75baee8523 runInMachine: Support passAsFile
We need to rewrite attributes passed via files to their location in
/tmp/xchg in the VM. Otherwise functions like runCommand don't work.
2016-09-08 15:38:56 +02:00
Eric Sagnes f39f829441 nixos: unbreak influxdb test (due to new API)
Data from the documentation example[1] was used.

[1] https://docs.influxdata.com/influxdb/v1.0/guides/writing_data/

[Bjørn: change commit message.]
2016-09-08 15:01:10 +02:00
Robert Helgesson bf371a8b06 radicale service: use "simple" service type (#18406)
Radicale can run as a foreground service and will then emits logging and
errors on the standard output. This helps the logging end up in the
systemd journal.
2016-09-08 12:34:22 +02:00
Peter Hoeg 23b76b23f5 support user config 2016-09-08 16:40:54 +08:00
Bjørn Forsman 351d124376 nixos/release-notes: PHP config-file-scan-dir /etc -> /etc/php.d 2016-09-08 09:41:14 +02:00
Damien Cassou 6dc9ed317c Merge pull request #18244 from DamienCassou/emacs-gtk_data_prefix
emacs module: Fix to get properly themed GTK apps
2016-09-08 09:05:11 +02:00
aszlig dd98b6fb9f
nixos/stage2: Fix mounting special filesystems
This partially reverts commit ab9537ca22.

From the manpage of systemd-nspawn(1):

  Note that systemd-nspawn will mount file systems private to the
  container to /dev, /run and similar.

Testing this in a shell turns out:

$ sudo systemd-nspawn --bind-ro=/nix/store "$(readlink "$(which ls)")" /proc
Spawning container aszlig on /home/aszlig.
Press ^] three times within 1s to kill container.
/etc/localtime does not point into /usr/share/zoneinfo/, not updating
container timezone.
1          execdomains  kpageflags    stat
acpi       fb           loadavg       swaps
asound     filesystems  locks         sys
buddyinfo  fs           meminfo       sysrq-trigger
bus        interrupts   misc          sysvipc
cgroups    iomem        modules       thread-self
cmdline    ioports      mounts        timer_list
config.gz  irq          mtrr          timer_stats
consoles   kallsyms     net           tty
cpuinfo    kcore        pagetypeinfo  uptime
crypto     key-users    partitions    version
devices    keys         scsi          vmallocinfo
diskstats  kmsg         self          vmstat
dma        kpagecgroup  slabinfo      zoneinfo
driver     kpagecount   softirqs
Container aszlig exited successfully.

So the test on whether PID 1 exists in /proc is enough, because if we
use PID namespaces there actually _is_ a PID 1 (as shown above) and the
special file systems are already mounted. A test on the $containers
variable actually mounts them twice.

This unbreaks NixOS containers and I've tested this against the
containers-imperative NixOS test.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @rickynils, @shlevy, @edolstra
2016-09-07 18:10:08 +02:00
Rob Vermaas 2410608814 NixOS 17.03 will be called Gorilla 2016-09-07 15:05:00 +00:00
aszlig 75efdc6502
nixos/tests/blivet: Fix btrfs-related tests
The loopback-based tests use a storage size of 102400 blocks (one block
is 1024 bytes), which doesn't seem to fit for btrfs volumes in recent
btrfs versions. I'm setting this to 409600 (400 MB) now so that it
should be enough for later versions in case they need even more space
for subvolumes.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-09-07 16:32:12 +02:00
aszlig fb46df8a9a
nixos: Fix ordering of firewall.service
Follow-up to the following commits:

  abdc5961c3cdf9f5893ea1e91ba08ff5089f53a4: Fix starting the firewall
  e090701e2d09aec3e8866ab9a8e53c37973ffeb4: Order before sysinit

Solely use sysinit.target here instead of multi-user.target because we
want to make sure that the iptables rules are applied *before* any
socket units are started.

The reason I've dropped the wantedBy on multi-user.target is that
sysinit.target is already a part of the dependency chain of
multi-user.target.

To make sure that this holds true, I've added a small test case to
ensure that during switch of the configuration the firewall.service is
considered as well.

Tested using the firewall NixOS test.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @edolstra
2016-09-07 15:11:24 +02:00
Eelco Dolstra e090701e2d firewall: Order before sysinit
Suggested by @aszlig.
2016-09-07 14:42:30 +02:00
Eelco Dolstra abdc5961c3 Fix starting the firewall
Probably as a result of 992c514a20, it
was not being started anymore.

My understanding of systemd.special(7) (section "Special passive
system units") is that the firewall should want network-pre.target,
rather than the other way around (not very intuitive...). This in
itself does not cause the firewall to be wanted, which is why the
wanted-by relationship with multi-user.target is necessary.

http://hydra.nixos.org/build/39965589
2016-09-07 14:30:11 +02:00
Eelco Dolstra d8625f6d25 Make the NFSv4 tests release-critical
We can probably drop NFSv3...
2016-09-07 14:15:57 +02:00
Eelco Dolstra 58b028f9ee nfs module: Fix dependency on statd and idmapd
http://hydra.nixos.org/build/40038016
2016-09-07 14:15:57 +02:00
Eelco Dolstra 015c984537 nfs module: Improve descriptions 2016-09-07 14:15:57 +02:00
Alexey Shmalko b7237abc08 avahi-daemon: remove default browse-domains
These domains are not actually default but examples. See
https://github.com/lathiat/avahi/blob/master/avahi-daemon/avahi-daemon.conf#L24
for default config.
2016-09-07 13:58:21 +02:00
Shea Levy 03b888e205 Merge branch 'stage2-generalise-containers' of https://github.com/rickynils/nixpkgs 2016-09-07 05:39:22 -04:00
Eelco Dolstra 70be99c645 Merge pull request #18365 from NixOS/fix-sshd-failure
Make /var/empty immutable (with chattr +i)
2016-09-07 11:18:49 +02:00
Domen Kožar 8f95e6f6aa hardcode e2fsprogs, idempotent chmod, remove care condition 2016-09-07 10:49:27 +02:00
Rickard Nilsson ab9537ca22 nixos: Generalise the container tests in stage-2 boot
This way, stage-2 behaves correctly also for libvirt-lxc containers.

Some more discussion on this:
a7a08188bf
bfe46a653b
2016-09-07 07:50:04 +00:00
Langston Barrett 492a90f1c9 dovecot service: require mail{User,Group} with sieveScripts
fixes #17702.
2016-09-07 01:50:59 +00:00
Nikolay Amiantov aed2cd32f8 nixos containers: hopefully fix test failures
Closes #18377.
2016-09-07 02:55:48 +03:00
Franz Pletz 9190dbcc0e Merge pull request #18366 from groxxda/acme-loop
security.acme: require networking for client, remove loop without fallbackHost
2016-09-06 23:02:07 +02:00
Domen Kožar 3877ec5b2f Make /var/empty immutable
Fixes #14910 and #18358

Deployed to an existing server, restarted sshd and polkit to verify
they don't fail.
2016-09-06 20:13:33 +02:00
Thomas Tuegel caac16a924 Merge pull request #18362 from ericsagnes/fix/im-description
input-methods modules: fix engine description
2016-09-06 11:42:28 -05:00
Alexander Ried e84b803300 security.acme: remove loop when no fallbackHost is given 2016-09-06 17:47:00 +02:00
Alexander Ried 7f98dca782 security.acme: the client really needs networking
Actually this can be improved since the client only needs network
connectivity if it needs to renew the certificate.
2016-09-06 17:47:00 +02:00
Eelco Dolstra 98102ebd92 Enable the runuser command from util-linux
Fixes #14701.
2016-09-06 17:23:27 +02:00
Eelco Dolstra f2ddf2a9be nix: 1.11.3 -> 1.11.4 2016-09-06 16:15:22 +02:00
Eelco Dolstra 1fef99942e nixos-rebuild: Move the Nix fallback store paths into a separate file 2016-09-06 16:07:47 +02:00
Eric Sagnes 314c30cbf1 input-methods modules: fix engine description 2016-09-06 22:53:15 +09:00
obadz 3f1ceae281 Partially revert "Revert "nixos: remove rsync from base install and add explicit path in nixos-install""
This partially reverts commit 0aa7520670.

Fine for rsync to be in system path but we still need the explicit path
in nixos-install in case it is invoked from non-NixOS systems and also
to fix OVA test failure

See also 0aa7520670

cc @edolstra
2016-09-06 11:49:03 +01:00
Eelco Dolstra 520cb14f16 Fix infinite recursion introduced by f3c32cb2c1 2016-09-05 18:17:22 +02:00
Eelco Dolstra 1a1a31c9d8 Merge pull request #18321 from groxxda/cleanup
various: minor cleanup
2016-09-05 17:11:45 +02:00
Eelco Dolstra 5b5c2fb9c0 Make the default fonts conditional on services.xserver.enable
We were pulling in 44 MiB of fonts in the default configuration, which
is a bit excessive for headless configurations like EC2
instances. Note that dejavu_minimal ensures that remote X11-forwarded
applications still have a basic font regardless.
2016-09-05 15:51:37 +02:00
Eelco Dolstra f3c32cb2c1 Let services.openssh.forwardX11 imply programs.ssh.setXAuthLocation 2016-09-05 15:38:42 +02:00
Alexander Ried 53f3c2a278 systemd: add some missing upstream units 2016-09-05 15:03:46 +02:00
Alexander Ried 322c823193 agetty: remove override for container-getty@.service since it's upstream
Added in systemd/systemd@68ac53e
2016-09-05 15:03:35 +02:00
Alexander Ried 2fd6b36c51 networkd.module: remove before network-online
this is already upstream default
2016-09-05 15:03:35 +02:00
Alexander Ried 992c514a20 (network,remote-fs)-pre: remove duplicate wantedBy and before
this is part of (network,remote-fs).target, repectively
2016-09-05 15:03:35 +02:00
Eelco Dolstra ab49ebe6fa Make it possible to disable "info" 2016-09-05 14:53:27 +02:00
Eelco Dolstra 5e5df88457 modules/profiles/minimal.nix: Disable "man" 2016-09-05 14:53:27 +02:00
Eelco Dolstra ba70ce28ae no-x-libs.nix: Ensure that dbus doesn't use X11
It appears that packageOverrides no longer overrides aliases, so
aliases like

  dbus_tools = self.dbus.out;
  dbus_daemon = self.dbus.daemon;

now use the old, non-overriden version of dbus. That seems like a
pretty serious regression in general, but for this particular problem,
I've fixed it by replacing dbus_daemon by dbus.daemon and dbus_tools
by dbus.
2016-09-05 13:45:59 +02:00
Eelco Dolstra 0aa7520670 Revert "nixos: remove rsync from base install and add explicit path in nixos-install"
This reverts commit 582313bafe.

Removing rsync is actually pointless because nixos-install depends on
it. So if it's part of the system closure, we may as well provide it
to users.

Probably with the next Nix release we can drop the use of rsync and
use "nix copy" instead.
2016-09-05 13:45:59 +02:00
Langston Barrett ee501fd49a networkmanager: add information from wiki to docs (#18245)
* networkmanager: add information from wiki to docs

Specifically:
 * mention nmcli, nmtui
 * mention gtk and kde applets

fixes #13273
2016-09-05 11:13:47 +02:00
Joachim Fasting 269f739ded
grsecurity module: set nixpkgs.config.grsecurity = true 2016-09-05 00:56:17 +02:00
Tom Hunger d459916501 prometheus service: rename values to match prometheus 1.0 naming. 2016-09-04 20:03:45 +01:00
Benjamin Staffin 58869cf310 prometheus service: add
This is based on @benleys work: https://github.com/NixOS/nixpkgs/pull/8216
I updated changed the user and group ids.
2016-09-04 20:03:32 +01:00
Domen Kožar 393e646e4f setuid-wrappers: correctly umount the tmpfs 2016-09-04 17:56:00 +02:00
Jaka Hudoklin c083ab99b2 Merge pull request #17969 from offlinehacker/pkgs/etcd/update-3.0.6
Update etcd, improve nixos module, fix nixos tests
2016-09-04 16:31:50 +02:00
Rok Garbas 095c7aefe1
nixos/manual: mentioning other zsh options at program.zsh.enable
fixes #13224
2016-09-04 16:31:29 +02:00
Vladimír Čunát 2217b328f9 texlive: rename the directory texlive-new -> texlive 2016-09-04 14:53:30 +02:00
Jörg Thalheim 94dd66882f ferm: fix race condition in integration test (#18288)
curl sent the request faster then nginx bound the port in some cases
2016-09-04 14:34:06 +02:00
Karn Kallio 8d977ead38
setuid-wrappers : Prepare permissions for running wrappers
The new setuid-wrappers in /run cannot be executed by users due to:

1) the temporary directory does not allow access
2) the /run is mounted nosuid
2016-09-04 03:19:32 +02:00
Alexander Ried 1542bddcc8 nixos-install.sh: Create /var (#18266)
Got lost in a6670c1a0b
2016-09-03 19:17:44 +02:00
Joachim F 78b4b632ae Merge pull request #18085 from Mic92/ferm
ferm: add integration test
2016-09-03 17:27:38 +02:00
Joachim F 3db5311be9 Merge pull request #18207 from tavyc/quagga-module
quagga service: init
2016-09-03 16:23:23 +02:00
Graham Christensen ff5fd1ec40 etcd-cluster: split up openssl commands 2016-09-03 13:59:28 +02:00
Damien Cassou f96cd1ea64 emacs module: Fix to get properly themed GTK apps 2016-09-03 08:25:25 +02:00
Tuomas Tynkkynen e2c6740c37 Merge commit 'adaee73' from staging into master
This one was already merged into release-16.09, so let's not have the
stable branch is ahead of master and confuse things. In addition to
that, currently we have an odd situation that master has less things
actually finished building than in staging.

Conflicts:
	pkgs/data/documentation/man-pages/default.nix
2016-09-03 01:02:51 +03:00
Vladimír Čunát 02217bf697 Merge #17838: postgresql: Fix use with extensions 2016-09-02 20:09:40 +02:00
Octavian Cerna eb14130934 quagga test: Add test for the quagga service. 2016-09-02 14:00:32 +03:00
Octavian Cerna a30d4654f2 quagga service: New NixOS module. 2016-09-02 13:59:51 +03:00
Rob Vermaas d6dbe43af2 bightbox-image.nix: use lib in stead of stdenv.lib. Fixes #18208 2016-09-02 10:04:09 +00:00
Lancelot SIX 5b8072fff6
postgresql: Fix use with extensions
Fixes #15512 and #16032

With the multi output, postgresql cannot find at runtime what is its
basedir when looking for libdir and pkglibdir. This commit fixes that.
2016-09-02 11:51:21 +02:00
Nikolay Amiantov 608ee1c7b3 mjpg-streamer service: restart on failure 2016-09-02 11:44:16 +03:00
Luca Bruno 15bb6bb9d6 Merge pull request #15893 from groxxda/fix/accountsservice
accountsservice: refactor package and service
2016-09-02 08:16:10 +00:00
Domen Kožar b84b523baf unstable is now 17.03 2016-09-02 08:47:21 +02:00
Domen Kožar a6670c1a0b Fixes #18124: atomically replace /var/setuid-wrappers/ (#18186)
Before this commit updating /var/setuid-wrappers/ folder introduced
a small window where NixOS activation scripts could be terminated
and resulted into empty /var/setuid-wrappers/ folder.

That's very unfortunate because one might lose sudo binary.

Instead we use two atomic operations mv and ln (as described in
https://axialcorps.com/2013/07/03/atomically-replacing-files-and-directories/)
to achieve atomicity.

Since /var/setuid-wrappers is not a directory anymore, tmpfs mountpoints
were removed in installation scripts and in boot process.

Tested:

- upgrade /var/setuid-wrappers/ from folder to a symlink
- make sure /run/setuid-wrappers-dirs/ legacy symlink is really deleted
2016-09-01 20:57:51 +02:00
Данило Глинський (Danylo Hlynskyi) 78cd9f8ebc virtualbox: add headless build (without Qt dependency) (#18026) 2016-09-01 20:54:58 +02:00
Domen Kožar d163882770 Merge pull request #18172 from Profpatsch/startAt-type
systemd-unit-options: startAt can be a list
2016-09-01 20:44:32 +02:00
Alexander Ried 1529641b52 accountsservice: add support for mutableUsers = false
Add code to accountsservice that returns an error if the environment
variable NIXOS_USERS_PURE is set. This variable is set from the nixos
accountsservice module if mutableUsers = false
2016-09-01 15:25:28 +02:00
Joachim Fasting 6df8de50f3
unbound service: whitespace fixes 2016-09-01 14:51:33 +02:00
Joachim Fasting 03c2c87ed6
unbound service: use mkEnableOption 2016-09-01 14:51:32 +02:00
Tuomas Tynkkynen 8c4aeb1780 Merge staging into master
Brings in:
    - changed output order for multiple outputs:
      https://github.com/NixOS/nixpkgs/pull/14766
    - audit disabled by default
      https://github.com/NixOS/nixpkgs/pull/17916

 Conflicts:
	pkgs/development/libraries/openldap/default.nix
2016-09-01 13:27:27 +03:00
Tuomas Tynkkynen d02e5a7d8f nixos/filesystems: Drop compat code for filesystems.*.options type 2016-09-01 12:18:33 +03:00
Eelco Dolstra 8172cd734c docdev -> devdoc
It's "developer documentation", not "documentation developer" after
all.
2016-09-01 11:07:23 +02:00
Domen Kožar f5271680c4 Fixes #14831 by using full path for binaries used in install-grub.pl
Both btrfs-progs and utillinux are ~5MB, we may discuss in future
to handle this better but I see no better way at the moment than
increaing purity in the install process.
2016-09-01 10:36:38 +02:00
Domen Kožar 2a7293fd9d install-grub.pl: fix a double slash prefix bug 2016-09-01 10:14:44 +02:00
Domen Kožar 5e5b0d039c install-grub.pl: add comments 2016-09-01 10:14:44 +02:00
Profpatsch 488f0d9cb3 systemd-unit-options: startAt can be a list
OnCalendar entrys can be specified multiple times in a systemd timer, to
make more complex scheduling possible.

Tested by manually checking the timer generated by the following:

    systemd = {
      services.huhu = {
        description = "meh";
        wantedBy = [ "default.target" ];
        serviceConfig.ExecStart = "/bin/sh -c 'printf HUHU!'";
        startAt = [ "*:*:0/30" "*:0/1:15" ];
      };
    };

It prints HUHU to the log at seconds 0, 15 and 30 of each minute.
2016-09-01 00:39:36 +02:00
Tuomas Tynkkynen 838c75398c release notes: Fix unclosed tag 2016-09-01 01:11:50 +03:00
Tuomas Tynkkynen 5ad122b500 release notes: Add note about audit being disabled by default 2016-08-31 23:15:47 +03:00
Tuomas Tynkkynen 16b3e26da4 audit: Disable by default
Because in its default enabled state it it causes a global performance
hit on all system calls (https://fedorahosted.org/fesco/ticket/1311) and
unwanted spam in dmesg, in particular when using Chromium
(https://github.com/NixOS/nixpkgs/issues/13710).
2016-08-31 23:15:41 +03:00
Tuomas Tynkkynen 5eff0b990c audit service: Explicitly call auditctl to disable everything
Otherwise, journald might be starting auditing.
Some reading:
    - https://fedorahosted.org/fesco/ticket/1311
    - https://github.com/systemd/systemd/issues/959
    - 64f83d3087
2016-08-31 23:15:32 +03:00
obadz a3621b1047 nixos/…/swap.nix: add some safety assertions for randomEncryption 2016-08-31 15:29:11 +01:00
Domen Kožar d8d75ddec6 Revert "setuid-wrappers: Update wrapper dir atomically."
This reverts commit ee535056ce.

It doesn't work yet.
2016-08-31 16:25:18 +02:00
Nikolay Amiantov 4499a505ed hidepid service: use new boot.specialFileSystems 2016-08-31 17:16:41 +03:00
Nikolay Amiantov a4879c44c9 Merge pull request #18160 from obadz/swap-encryption
nixos/…/swap.nix: remove backslashes from deviceName
2016-08-31 17:59:45 +04:00
Nikolay Amiantov 7fa8c424bd nixos filesystems: move special filesystems to a dedicated option
Fixes #18159.
2016-08-31 16:50:13 +03:00
obadz a7d238136d nixos/…/swap.nix: remove backslashes from deviceName
Fixes #8277

Prior to this, backslashes would end up in fstab and the swap partition
was not activated.  Swap files seemed to work fine.
2016-08-31 14:40:21 +01:00
Shea Levy ee535056ce setuid-wrappers: Update wrapper dir atomically.
Fixes #18124.
2016-08-31 08:00:57 -04:00
zimbatm 17dbfeb450 Merge pull request #18152 from roblabla/bugfix-zeroTierOneConfigurablePackage
zerotierone: make package configurable
2016-08-31 12:34:59 +01:00
roblabla caa1350e07 zerotierone: make package configurable 2016-08-31 12:39:55 +02:00
Domen Kožar da421bc75f Fix #4210: Remove builderDefs
This was one of the ways to build packages, we are trying
hard to minimize different ways so it's easier for newcomers
to learn only one way.

This also:

- removes texLive (old), fixes #14807
- removed upstream-updater, if that code is still used it should be in
  separate repo
- changes a few packages like gitit/mit-scheme to use new texlive
2016-08-31 11:34:46 +02:00
Mango Chutney 40d2fa2a1b Don't break grow-partition 2016-08-31 03:06:46 +00:00
Nathan Zadoks f503f648b3 virtualbox-image module: enable partition / filesystem growth 2016-08-30 16:48:05 -04:00
Nathan Zadoks 346c31000b amazon-grow-partition module: rename to grow-partition 2016-08-30 16:48:04 -04:00
Nathan Zadoks 1de8e1b02e amazon-grow-partition module: autodetect the root device 2016-08-30 16:48:04 -04:00
Nikolay Amiantov 509733a343 Merge pull request #17822 from abbradar/systemd-mounts
nixos filesystems: unify special filesystems handling
2016-08-30 22:42:19 +04:00
Domen Kožar e561edc322 update-users-groups.pl: correctly guard duplicate uids for declarative users
Verified that following nixos configuration:

    users.users.foo = {
      uid = 1000;
      name = "foo";
    };
    users.users.bar = {
      name = "bar";
    };

Before this commit both users will get uid of 1000, after it's applied
bar will correctly get 1001.
2016-08-30 17:14:14 +02:00
Tuomas Tynkkynen d3dc3d4130 Merge remote-tracking branch 'dezgeg/shuffle-outputs' into staging
https://github.com/NixOS/nixpkgs/pull/14766
2016-08-30 12:43:37 +03:00
Eelco Dolstra 83103dc267 Merge pull request #18104 from ericsagnes/feat/nixos-manual-gen-cleanup
nixos manual: cleanup generation
2016-08-30 10:35:18 +02:00
Tuomas Tynkkynen 03fb2c1f32 doc: Document changes to multiple-output conventions 2016-08-30 04:46:59 +03:00
obadz 03b9a159fe opensmtpd nixos module: chmod & chown until the daemon's heart's content 2016-08-30 02:13:22 +01:00
Eric Sagnes b50e627ef6 nixos manual: cleanup generation 2016-08-30 09:40:05 +09:00
Joachim Fasting dab32a1fa6
nixos manual: move chapter on grsecurity to auto-generated module docs 2016-08-29 23:48:12 +02:00
Joachim Fasting d78e0ed1f9
dnscrypt-proxy module: move detailed info to module documentation 2016-08-29 23:48:12 +02:00
Joachim Fasting 68210aa772
dnscrypt-proxy module: serviceConfig.Group is redundant
Same as user's primary group if left unspecified
2016-08-29 23:48:12 +02:00
Joachim Fasting 23a7e6e911
dnscrypt-proxy module: formatting 2016-08-29 23:48:11 +02:00
Vladimír Čunát 4f73633f26 treewide: stop using fontbhttf 2016-08-29 22:28:50 +02:00
Guillaume Maudoux 3aef93e8f0 nixos/containers: Process config like toplevel options (#17365) 2016-08-29 18:25:50 +02:00
Eelco Dolstra 2755bcfa7c In $NIX_PATH, use nixpkgs=...
This is required by the "nix" command to find Nixpkgs.
2016-08-29 17:50:25 +02:00
Jörg Thalheim 2ed6529444
ferm: add integration test 2016-08-29 15:34:30 +02:00
obadz b74793bd1c Merge branch 'master' into staging
Conflicts:
	pkgs/tools/system/facter/default.nix
2016-08-29 12:44:17 +01:00
Robin Gloster 6808de76e6
nixos doc: module meta attribute section cleanup 2016-08-29 09:34:24 +00:00
Eric Sagnes aa8e663b6e nixos doc: add modules meta-attributes (#18078) 2016-08-29 07:54:25 +00:00
Robin Gloster e17bc25943
Merge remote-tracking branch 'upstream/master' into staging 2016-08-29 00:24:47 +00:00
Thomas Tuegel 1074c159f7
nixos/cpu-freq: list correct default governor in description 2016-08-28 17:14:37 -05:00
Nadrieril 3846329c97
tt-rss service: Default to multiple user mode 2016-08-28 11:20:18 -07:00
Nadrieril 789a37f0fc
tt-rss service: #15862 has been merged; enable nginx virtualhost config 2016-08-28 11:20:17 -07:00
obadz 92d929c884 Merge branch 'master' into staging 2016-08-28 14:48:02 +01:00
obadz 4f299fdd53 nixos/modules/rename.nix: fix eval error
cc @Profpatsch @joachifm  @domenkozar
2016-08-28 14:47:24 +01:00
obadz c7142c1aa3 Merge branch 'master' into staging 2016-08-28 13:33:13 +01:00
Domen Kožar e01e92f12f Merge pull request #15025 from ericsagnes/modules/manual
manual: automatically generate modules documentation
2016-08-28 13:57:34 +02:00
Domen Kožar 4af09e0031 Merge pull request #14311 from Profpatsch/mkRemovedOptionModule-replacement
mkRemovedOptionModule: add replacement argument
2016-08-28 13:55:28 +02:00
obadz 57ddc155fc Merge branch 'master' into staging
Conflicts:
	pkgs/games/scummvm/default.nix
2016-08-28 12:20:59 +01:00
obadz f0da094b2e virtualbox-image: remove raw image (hopefully fixes ova tests)
See also 80660f8
2016-08-28 11:33:15 +01:00
Bjørn Forsman 26f65ae860 nixos/redis: enforce owner/perms on /var/lib/redis (#18046)
Previously it was only set once, now it is enforced on each start-up of
redis.service. Also set _ownership_ recursively, so that the
/var/lib/redis/dump.rdb file is guaranteed to be accessible by the
currently configured redis user.

Fixes issue #9687, where redis wouldn't start because /var/lib/redis had
wrong owner.
2016-08-28 08:05:14 +00:00
obadz 3de6e5be50 Merge branch 'master' into staging
Conflicts:
      pkgs/applications/misc/navit/default.nix
      pkgs/applications/networking/mailreaders/alpine/default.nix
      pkgs/applications/networking/mailreaders/realpine/default.nix
      pkgs/development/compilers/ghc/head.nix
      pkgs/development/libraries/openssl/default.nix
      pkgs/games/liquidwar/default.nix
      pkgs/games/spring/springlobby.nix
      pkgs/os-specific/linux/kernel/perf.nix
      pkgs/servers/sip/freeswitch/default.nix
      pkgs/tools/archivers/cromfs/default.nix
      pkgs/tools/graphics/plotutils/default.nix
2016-08-27 23:54:54 +01:00
Nadrieril 33d6371fd9
tt-rss service: Allow connecting to the database through Unix socket 2016-08-27 13:55:00 -07:00
Nadrieril 3a4db71b35
tt-rss service: Use the correct user to run the application 2016-08-27 13:54:46 -07:00
Nadrieril bc9c9dd6bd
tt-rss service: Allow setting application root 2016-08-27 13:54:31 -07:00
Nikolay Amiantov 6efcfe03ae nixos filesystems: unify early filesystems handling
A new internal config option `fileSystems.<name>.early` is added to indicate
that the filesystem needs to be loaded very early (i.e. in initrd). They are
transformed to a shell script in `system.build.earlyMountScript` with calls to
an undefined `specialMount` function, which is expected to be caller-specific.
This option is used by stage-1, stage-2 and activation script to set up and
remount those filesystems.  Options for them are updated according to systemd
defaults.
2016-08-27 13:38:20 +03:00
Nikolay Amiantov 3f70fcd4c1 Merge pull request #11484 from oxij/nixos-toposort-filesystems
lib: add toposort, nixos: use toposort for fileSystems to properly support bind and move mounts
2016-08-27 14:34:55 +04:00
obadz 80660f8261 virtualbox-image: use vmdk wrapper instead of vdi copy (avoids 1 disk copy) 2016-08-27 03:02:53 +01:00
obadz 58db7f508f virtualbox-image: remove configFile to let clone-config do its job in demo
Fixes #13927
cc @edolstra

configFile in make-disk-image clashes with clone-config as the latter does
nothing if it finds a a /etc/nixos/configuration.nix during stage-2.
2016-08-27 02:07:47 +01:00
Franz Pletz eba0098eab
nixos/doc/gitlab: fix build 2016-08-26 15:47:39 +02:00
Joachim F 0cbba7c673 Merge pull request #17941 from romildo/upd.efl
efl: 1.17.2 -> 1.18.0
2016-08-26 15:04:29 +02:00
Franz Pletz d70f83e7e9
gitlab: 8.10.6 -> 8.11.2 2016-08-26 15:03:19 +02:00
Graham Christensen 8d10928ad0 Merge pull request #17908 from Mic92/ferm
Ferm
2016-08-25 20:38:02 -04:00
Robin Gloster c011aa86ab
nginx module: add index and tryFiles 2016-08-25 23:27:56 +00:00
Jörg Thalheim 7b354ce8cc
ferm: init at 2.3 2016-08-25 21:37:19 +02:00
Profpatsch 56a320d4a3 nixos/pulseaudio: remove stray load-modules
There was an additional load-modules put into `default.pa` which caused
pulse to fail.
2016-08-25 19:34:57 +02:00
Bjørn Forsman fbf9162cbb treewide: cups_filters -> cups-filters 2016-08-25 17:48:35 +02:00
Jaka Hudoklin 0630233afa etcd module: add test for simple one node etcd service 2016-08-25 14:42:22 +02:00
Carles Pagès 3374aa25bc cjdns: fix assertion. 2016-08-25 08:57:18 +02:00
Bjørn Forsman 6cd8f48327 nixos/filesystems: update /etc/fstab comment header 2016-08-24 20:40:58 +02:00
Jaka Hudoklin 8256c07fc0 etcd module: add support for ssl, better defaults, fix tests 2016-08-24 20:12:24 +02:00
Igor Pashev 7e48ecc0c0
Merge nixpkgs.config.perlPackageOverrides 2016-08-24 19:58:45 +02:00
obadz e208e698f9 deleted: nixos/modules/virtualisation/qemu-opts (file likely checked in by accident) 2016-08-24 18:07:43 +01:00
obadz 697518d467 nixos-install: remove manifest related stuff 2016-08-24 16:09:30 +01:00
Franz Pletz c0fa26ef3b Merge remote-tracking branch 'origin/master' into hardened-stdenv 2016-08-24 11:01:53 +02:00
Markus Mueller 07c44b81c3 ldap: Add option for NSS integration 2016-08-23 21:12:51 +02:00
Markus Mueller e04c3506eb ldap: Add option for login PAM integration 2016-08-23 21:12:51 +02:00
Jan Malakhovski b267785c43 nixos: generalize copy-paste from stage-1 and zfs to utils 2016-08-23 18:14:06 +00:00
Jan Malakhovski 8da59c406c nixos: copy resize2fs only for stage-1 fileSystems 2016-08-23 18:14:05 +00:00
Jan Malakhovski 65d26c4dc1 nixos: apply toposort to fileSystems to support bind and move mounts
And use new `config.system.build.fileSystems` property everywhere.
2016-08-23 18:14:05 +00:00
Jan Malakhovski 2c8ca0d1bd nixos: tasks/fileSystems: cleanup 2016-08-23 18:02:07 +00:00
Jan Malakhovski 1266852fd8 Revert a soon to be useless pice of "nixos/stage-1: add mechanism which lustrates all impurities from / (#17784)"
This reverts a pice of commit 3d16af70bf.
2016-08-23 17:48:14 +00:00
Robin Gloster 7413278f9b Revert "Remove lsh, broken & unmaintained"
This reverts commit 73f4c2bdf8.
2016-08-23 15:32:41 +00:00
Robin Gloster 3a18f06eab Revert "lsh: remove last references"
This reverts commit 8329066d5e.
2016-08-23 15:31:33 +00:00
José Romildo Malaquias 98a630586e enlightenment: adapt service for efl-0.18.0 2016-08-23 11:50:45 -03:00
Nikolay Amiantov 1df4dd6bf5 initrd-ssh service: ensure that keys got copied into initrd
Fixes #17927.
2016-08-23 16:20:26 +03:00
obadz ab08440f9c Revert "Temporarily disable chromium test"
This reverts commit 9e6eec201b.

Verified locally that cd063d7 fixes the problem.
cc @edolstra @aszlig
2016-08-23 14:16:58 +01:00
Joachim Fasting f3ef4383c6
nix-daemon service: fix unbalanced parens in description 2016-08-23 13:06:25 +02:00
Eelco Dolstra 3fe93d2f75 Fix virtualbox test evaluation 2016-08-23 13:05:14 +02:00
Eelco Dolstra 9e6eec201b Temporarily disable chromium test
It's hanging and blocking the unstable channel.

http://hydra.nixos.org/build/38984676

@aszlig
2016-08-23 13:01:34 +02:00
Tuomas Tynkkynen 01c197df68 glib: Add some FIXMEs about inappropriate outputs 2016-08-23 05:05:42 +03:00
Tuomas Tynkkynen b61fbf3132 treewide: Fix output references to openssl 2016-08-23 04:53:27 +03:00
Tuomas Tynkkynen 8877efa65b treewide: Fix output references to gnome.GConf 2016-08-23 04:52:57 +03:00
Tuomas Tynkkynen c73aa79a8f graphite service: Use correct output of cairo 2016-08-23 03:20:21 +03:00
Thomas Tuegel cb78ef0eb3 kde5: colord-kde moved 2016-08-22 18:49:13 -05:00
Tuomas Tynkkynen 282277dbc8 treewide: Use more makeBinPath 2016-08-23 01:18:10 +03:00
Tuomas Tynkkynen 74a3a2cd7e treewide: Use makeBinPath 2016-08-23 01:18:10 +03:00
Tuomas Tynkkynen d3705faa56 treewide: Use makeLibraryPath in LD_LIBRARY_PATHs 2016-08-23 00:14:00 +03:00
Bjørn Forsman 8b18f3814f treewide: update cifs-utils attr references (cifs_utils -> cifs-utils) 2016-08-22 17:28:26 +02:00
obadz ba50fd7170 Merge branch 'master' into staging 2016-08-22 01:18:11 +01:00
obadz 3d16af70bf nixos/stage-1: add mechanism which lustrates all impurities from / (#17784)
lustrate /ˈlʌstreɪt/ verb.
  purify by expiatory sacrifice, ceremonial washing, or some other
  ritual action.

- sudo touch /etc/NIXOS_LUSTRATE
  ⇒ on next reboot, during stage 1, everything but /nix and /boot
  is moved to /old-root
- echo "etc/passwd" | sudo tee -a /etc/NIXOS_LUSTRATE
  ⇒ on next reboot, during stage 1, everything but /nix and /boot
  is moved to /old-root; except /etc/passwd is copied back.

Useful for installing NixOS in place on another distro. For instance:

$ nix-env -iE '_: with import <nixpkgs/nixos> { configuration = {}; }; with config.system.build; [ nixos-generate-config manual.manpages ]'
$ sudo mkdir /etc/nixos
$ sudo `which nixos-generate-config`

… edit the configuration files in /etc/nixos using man configuration.nix
  if needed

  maybe add: users.extraUsers.root.initialHashedPassword = "" ?

… Build the entire NixOS system and link it to the system profile:
$ nix-env -p /nix/var/nix/profiles/system -f '<nixpkgs/nixos>' -A system --set

… If you were using a single user install:
$ sudo chown -R 0.0 /nix

… NixOS is about to take over
$ sudo touch /etc/NIXOS
$ sudo touch /etc/NIXOS_LUSTRATE

… Let's keep the configuration files we just created
$ echo etc/nixos | sudo tee -a /etc/NIXOS_LUSTRATE

$ sudo mv -v /boot /boot.bak &&
  sudo /nix/var/nix/profiles/system/bin/switch-to-configuration boot
$ sudo reboot

… NixOS boots, Stage 1 moves all the old distro stuff in /old-root.
2016-08-22 01:15:13 +01:00
Domen Kožar 36f851813b Merge pull request #17891 from abbradar/hibernation-test
nixos tests: add hibernation test to blockers
2016-08-21 21:40:46 +02:00
Ruslan Babayev 159412db2e mattermost: cosmetic: remove stray character (#17897) 2016-08-21 19:20:10 +02:00
Nikolay Amiantov 74a5c99904 nixos tests: add hibernation test to blockers 2016-08-21 17:34:00 +03:00
obadz 68936edfb3 Merge branch 'master' into staging 2016-08-21 12:03:41 +01:00
Vladimír Čunát b4821ece01 nixos: blacklist radeon module if using amdgpu 2016-08-21 11:58:14 +02:00
Domen Kožar acaa6a4c2b Merge pull request #17469 from ericsagnes/module/hydra
Improvements to Hydra module
2016-08-20 19:50:50 +02:00
Nikolay Amiantov 3b22b8add0 Merge branch 'font-updates' into staging
Closes #16730. Closes #17770. Closes #17846.

Test plan:

* Check that `fonts.fontconfig.ultimate.preset` changes things;
* Check that `fonts.fontconfig.dpi` changes things;
* Check that `fonts.fontconfig.defaultFonts.monospace` changes things;

Tested with AbiWord, mousepad and Firefox.
2016-08-20 03:23:02 +03:00
Nikolay Amiantov f961fc7dd1 freetype: re-add infinality patches
archfan has updated those patches for the new version.
2016-08-20 03:21:05 +03:00
cmfwyp 1c7114da69 freetype: 2.6.2 -> 2.6.5
The fontconfig-ultimate patches are unmaintained. Since they were
not updated for newer FreeType versions, this removes them and
disables fontconfig-ultimate by default.
2016-08-20 03:21:05 +03:00
Nikolay Amiantov e3ab0826c2 fontconfig-ultimate: 2015-12-06 -> 2016-04-23
This removes our hardcoded presets which weren't updated for quite some time.
Infinality now has new hardcoded presets in freetype, which can be overriden if
desired with environment variables (as before). Accordingly, updated NixOS
module to set the hardcoded preset.

Additionally used a more "right" type for substitutions.
2016-08-20 03:21:05 +03:00
Eric Sagnes e80e8b9dc9 fontconfig module: respect upstream definitions 2016-08-20 03:21:05 +03:00
Eric Sagnes cd2948a72e fontconfig: fix etc priority 2016-08-20 03:21:05 +03:00
Vladimír Čunát c74145467d Merge #17852: gtk3: 3.20.8 -> 3.20.9
Note: the merge also adds a few master commits,
but those should matter.
2016-08-20 01:18:04 +02:00
Nikolay Amiantov 6b41f1132c nixos treewide: don't set MODULE_DIR 2016-08-19 17:56:54 +03:00
Nikolay Amiantov 5ff6e98486 modprobe service: drop kmod wrapper 2016-08-19 17:56:49 +03:00
Nikolay Amiantov ff22705793 treewide: replace several /sbin paths by /bin 2016-08-19 17:56:45 +03:00
Benno Fünfstück 51b165c7d2 nixos/shadow: setuid wrappers for new{uid,gid}map
These utils are not related to user management, so they should be
available even if immutable users are enabled.
2016-08-19 14:59:33 +02:00
Joachim F 65ef681c94 Merge pull request #17803 from mfine/mfine-always-write-ssh-keys
buildkite-agent: always write ssh keys
2016-08-19 03:33:58 +02:00
Ricardo M. Correia 1cf9bcaa3f zfs: print the output of the zpool command (if any) when it succeeds 2016-08-18 17:27:57 +02:00
Ricardo M. Correia c2e5fd959d Merge pull request #16901 from Baughn/zfs-nvme-fix
zfs: Keep trying root import until it works
2016-08-18 17:26:43 +02:00
Corbin 09e75a4c29 services/graphite: Fix paths to some Python packages.
Unbreaks some private Graphite deployments.
2016-08-17 21:14:31 -07:00
Shea Levy 2942895d55 Merge branch 'install-bootloader-flag' 2016-08-17 21:16:29 -04:00
Joachim F c2bfce8de8 Merge pull request #16762 from matthewbauer/gnustep2
Add "gnustep" to nixpkgs
2016-08-17 23:38:56 +02:00
Mark Fine c8c4f504f7 buildkite-agent: always write out the ssh keys. 2016-08-17 14:24:48 -07:00
Franz Pletz b4cc9bd63a Merge remote-tracking branch 'origin/master' into hardened-stdenv
Fixes #17801 and #17802.
2016-08-17 19:43:43 +02:00
8573 34435a9502 redshift: Fix default value of $DISPLAY (#17746)
Before commit 54fa0cfe4e, the `redshift`
service was run with the environment variable `DISPLAY` set to `:0`.

Commit 54fa0cfe4e changed this to
instead use the value of the `services.xserver.display` configuration
option in the value of the `DISPLAY` variable. In so doing, no default
value was provided for the case where `services.xserver.display` is
`null`.

While the default value of `services.xserver.display` is `0`, use of
which by the `redshift` module would result in `DISPLAY` again being
set to `:0`, `services.xserver.display` may also be `null`, to which
value it is set by, e.g., the `lightdm` module.

In the case that `services.xserver.display` is `null`, with the change
made in commit 54fa0cfe4e, the `DISPLAY`
variable in the environment of the `redshift` service would be set to
`:` (a single colon), which, according to my personal experience,
would result in —

  - the `redshift` service failing to start; and

  - systemd repeatedly attempting to restart the `redshift` service,
    looping indefinitely, while the hapless `redshift` spews error
    messages into the journal.

It can be observed that the malformed value of `DISPLAY` is likely at
fault for this issue by executing the following commands in an
ordinary shell, with a suitable `redshift` executable, and the X11
display not already tinted:

  - `redshift -O 2500` — This command should reduce the color
    temperature of the display (making it more reddish).

  - `DISPLAY=':' redshift -O 6500` — This command should raise the
    color temperature back up, were it not for the `DISPLAY`
    environment variable being set to `:` for it, which should cause
    it to, instead, fail with several error messages.

This commit attempts to fix this issue by having the `DISPLAY`
environment variable for the `redshift` service default to its old
value of `:0` in the case that `services.xserver.display` is `null`.

I have tested this solution on NixOS, albeit without the benefit of a
system with multiple displays.
2016-08-17 13:34:26 +02:00
Franz Pletz 131bc22b84 gitlab service: add option for db_key_base secret 2016-08-17 13:17:47 +02:00
Julien Langlois 552c30c155 stage-1: exclude zram devices from resumeDevices 2016-08-17 00:21:47 -07:00
Franz Pletz efab1cb928 Merge pull request #17782 from Baughn/unifi-fix
Unifi controller fixes
2016-08-17 06:24:55 +02:00
Matthew Bauer f541715057 gnustep: fix gdomap service
This gets rid of the rest of the pidfile stuff and makes gdomap just act
like a normal systemd process. Also reword "enable" option.
2016-08-16 21:11:06 +00:00
Matthew Bauer 08ce2d9d40 gnustep: remove gdnc service
gdnc is a user process and can't be made into a NixOS module very
easily. It can still be put in the user's login script. According to the
GNUstep documentation it will be started as soon as it is needed.
2016-08-16 21:11:05 +00:00
Matthew Bauer 5ea9bd0920 gnustep: fix naming of gnustep stuff
This should fix the NixOS issues.
2016-08-16 21:11:05 +00:00
Artyom Shalkhakov 697982b91b gnustep: fix gdnc, gdomap
Both gdnc and gdomap seem to work.
2016-08-16 21:00:31 +00:00
Artyom Shalkhakov d3d580ebbe gnustep: cleanup
Major clean-up. Everything builds fine.
2016-08-16 21:00:27 +00:00
Artyom Shalkhakov 9b17cd8fab gnustep: add nixos deamons
Adding basic daemons: gdomap and gdnc. It seems that GWorkspace
does is unable to work properly without the daemons.
2016-08-16 21:00:21 +00:00
Svein Ove Aas 102472b8de unifi: Open required ports by default.
The controller does not work at all if they aren't, with the exception
of special configurations involving L3 or custom ports.
2016-08-16 21:01:49 +01:00
Svein Ove Aas e3f0a09b6d unifi: chown the data dir as well.
It needs to be writeable.
2016-08-16 21:01:49 +01:00
Domen Kožar bab8a2ebe3 netboot: prepare for https://github.com/NixOS/nixos-channel-scripts/issues/6 2016-08-16 17:27:11 +02:00
obadz 24f8cf08cc nixos/lib/make-disk-image: refactor to use nixos-install
- Replace hand-rolled version of nixos-install in make-disk-image by an
  actual call to nixos-install
- Required a few cleanups of nixos-install
- nixos-install invokes an activation script which the hand-rolled version
  in make-disk-image did not do. We remove /etc/machine-id as that's
  a host-specific, impure, output of the activation script

Testing:

nix-build '<nixpkgs/nixos/release.nix>' -A tests.installer.simple passes

Also tried generating an image with:

nix-build -E 'let
    pkgs = import <nixpkgs> {};
    lib = pkgs.lib;
    nixos = import <nixpkgs/nixos> {
      configuration = {
        fileSystems."/".device = "/dev/disk/by-label/nixos";
        boot.loader.grub.devices = [ "/dev/sda" ];
        boot.loader.grub.extraEntries = '"''"'
          menuentry "Ubuntu" {
             insmod ext2
             search --set=root --label ubuntu
             configfile /boot/grub/grub.cfg
          }
        '"''"';
      };
    };
  in import <nixpkgs/nixos/lib/make-disk-image.nix> {
    inherit pkgs lib;
    config = nixos.config;
    diskSize = 2000;
    partitioned = false;
    installBootLoader = false;
  }'

Then installed the image:
$ sudo df if=./result/nixos.img of=/dev/sdaX bs=1M
$ sudo resize2fs /dev/disk/by-label/nixos
$ sudo mount /dev/disk/by-label/nixos /mnt
$ sudo mount --rbind /proc /mnt/proc
$ sudo mount --rbind /dev /mnt/dev
$ sudo chroot /mnt /nix/var/nix/profiles/system/bin/switch-to-configuration boot

[ … optionally do something about passwords … ]

and successfully rebooted to that image.

Was doing all this from inside a Ubuntu VM with a single user nix install.
2016-08-16 15:31:16 +01:00
Franz Pletz 35654b7fc1 Merge pull request #17743 from mayflower/service/mattermost 2016-08-16 14:54:25 +02:00
Shea Levy b4954a8f38 Deprecate --install-grub in favor of --install-bootloader for nixos-rebuild.
Fixes #14293
2016-08-16 07:51:58 -04:00
Eelco Dolstra 38f306f492 Merge pull request #17768 from obadz/nixos-install
nixos-install: cleanups & improvements to run on non-NixOS systems
2016-08-16 13:31:50 +02:00
Robin Gloster 33e1c78ae3 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-08-16 07:54:01 +00:00
obadz 806e88c137 nixos-install: cleanups & improvements to run on non-NixOS systems
- Fix --no-bootloader which didn't do what it advertised
- Hardcode nixbld GID so that systems which do not have a nixbld user
  can still run nixos-install (only with --closure since they can't
  build anything)
- Cleanup: get rid of NIX_CONF_DIR(=/tmp)/nix.conf and pass arguments instead
- Cleanup: don't assume that the target system has '<nixpkgs/nixos>' or
  '<nixos-config>' to see if config.users.mutableUsers. Instead check if
  /var/setuid-wrappers/passwd is there

Installing NixOS now works from a Ubuntu host (using --closure).

nix-build -A tests.installer.simple '<nixpkgs/nixos/release.nix>' succeeds ✓
2016-08-16 02:47:49 +01:00
obadz 1759825b34 nixos/tests/ecryptfs: placate some commands causing many builds failure
These commands shouldn't have to be here in the first place as ecryptfs
homes should be automatically unmounted during logoff.
2016-08-16 02:47:08 +01:00
Svein Ove Aas 98b213a110 zfs: Keep trying root import until it works
Works around #11003.
2016-08-16 01:45:02 +01:00
Shea Levy 9adad8612b Revert "Merge branch 'modprobe-fix' of git://github.com/abbradar/nixpkgs"
Was meant to go into staging, sorry

This reverts commit 57b2d1e9b0, reversing
changes made to 760b2b9048.
2016-08-15 19:05:52 -04:00
Shea Levy 57b2d1e9b0 Merge branch 'modprobe-fix' of git://github.com/abbradar/nixpkgs 2016-08-15 19:01:44 -04:00
Nikolay Amiantov 1f63958772 nixos treewide: don't set MODULE_DIR 2016-08-16 00:19:25 +03:00
Nikolay Amiantov b2ebecd9e5 modprobe service: drop kmod wrapper 2016-08-16 00:19:25 +03:00
Nikolay Amiantov 1afd250676 treewide: replace several /sbin paths by /bin 2016-08-16 00:19:25 +03:00
obadz 760b2b9048 nixos/make-disk-image: add ability to defer bootloader install until image has been flashed 2016-08-15 20:01:55 +01:00
Joachim Fasting f9c3076e58
grsecurity docs: mention chromium setuid sandbox 2016-08-15 20:36:47 +02:00
Joachim Fasting 050b7eec16
grsecurity module: systemd-nspawn requires cap_sys_admin
As with 9ca3504a798291fbd7c49fcfeec8b64daa2022ad

Closes https://github.com/NixOS/nixpkgs/issues/17714
2016-08-15 20:36:47 +02:00
Joachim Fasting 7fd99066c4
grsecurity module: permit chmod +s in sandboxed builds
While useless, some builds may dabble with setuid bits (e.g.,
util-linux), which breaks under grsec.  In the interest of user
friendliness, we once again compromise by disabling an otherwise useful
feature ...

Closes https://github.com/NixOS/nixpkgs/issues/17501
2016-08-15 20:36:47 +02:00
Joachim Fasting 567640d80c
grsecurity docs: add note about user namespaces 2016-08-15 20:36:46 +02:00
Robin Lambertz dacc3fa985 phpfpm: allow old config format as well (#17754) 2016-08-15 14:41:26 +02:00
Franz Pletz 7c6d253544 mattermost service: init 2016-08-15 04:15:11 +02:00
Nikolay Amiantov 4a35d08970 autofs service: make service more like upstream one 2016-08-14 22:39:23 +03:00
Nikolay Amiantov bda3423b3a networkmanager service: make wanted by network.target, drop networkmanager-init 2016-08-14 22:38:58 +03:00
Nikolay Amiantov 0f59901b57 ejabberd service: move service to foreground 2016-08-14 22:37:06 +03:00
Svein Ove Aas ed83a0ec8b crashplan: Wait for filesystems to be mounted before starting 2016-08-14 11:56:21 +02:00
Franz Pletz bd4490e277 Merge branch 'master' into hardened-stdenv 2016-08-13 16:59:55 +02:00