3
0
Fork 0
forked from mirrors/nixpkgs
Commit graph

6338 commits

Author SHA1 Message Date
Jan Tojnar 23eff453a2
Merge pull request #55742 from aanderse/php-fpm
nixos/phpfpm: allow configuring php.ini files per-pool
2019-02-16 07:28:07 +01:00
Graham Christensen a1525c5d48
docs: give matomo an ID 2019-02-15 17:51:00 -05:00
Jaka Hudoklin 5ae048071d
Merge pull request #55649 from johanot/flannel-with-kubernetes-backend
nixos/flannel: add kubernetes as storage backend (and fix test)
2019-02-15 19:55:56 +01:00
Peter Hoeg 507855e56c
Merge pull request #55667 from amazari/master
zoneminder: fix build issue when using createLocally database
2019-02-15 22:00:31 +08:00
Silvan Mosberger b1bda29f5c
Merge pull request #55517 from florianjacob/cups-fix-ssl-dir
nixos/cups: Fix Unable to encrypt connection:
2019-02-14 21:19:57 +01:00
Silvan Mosberger 8a5925b7eb
Merge pull request #55301 from telotortium/tt-rss_disable_automatic_updates
Remove option config.services.tt-rss.checkForUpdates (forced to false)
2019-02-14 21:15:30 +01:00
Silvan Mosberger 3df95cfd9a
Merge pull request #55540 from florianjacob/matomo
Security: Matomo 3.7.0 -> 3.8.1
2019-02-14 21:13:57 +01:00
Silvan Mosberger c84488329b
Merge pull request #47747 from florianjacob/matomo-archive-processing-service
Matomo archive processing service
2019-02-14 21:05:16 +01:00
Florian Jacob 33b3272692 nixos/cups: Fix Unable to encrypt connection:
Unable to create server credentials
by creating /var/lib/cups/ssl directory.
2019-02-14 20:43:26 +01:00
Silvan Mosberger 80480598d4
Merge pull request #55515 from rycee/wpa_supplicant_citerefentry
nixos/wpa_supplicant: use `<citerefentry>`
2019-02-14 20:38:05 +01:00
Lars Jellema 85675c139f
nixos/quassel: Add support for certificate file 2019-02-14 14:36:21 +01:00
Frederik Rietdijk a25d48cd4f Merge master into staging 2019-02-14 11:35:50 +01:00
Jan Tojnar 606ceda352
gnome3: stop using aliases 2019-02-14 02:31:15 +01:00
Aaron Andersen 5eef3590ae nixos/phpfpm: allow configuring php.ini files per-pool 2019-02-13 19:58:02 -05:00
Michael Raskin f539a6a70e
Merge pull request #55138 from oxij/tree/random-fixes
random cleanups and a tiny fix
2019-02-13 20:16:07 +00:00
Alex Whitt 58d6951971 nzbget: Fix script for copying default config file template (#51235)
* nzbget: Fix configFile / dataDir checking in service script

* nzbget: improve the description for the `configFile` option

* nzbget: Add detail to the `configFile` option description

* nzbget: Improve wording of `configFile` option

* nzbget: Refactor dataDir management into systemd config

* nzbget: Remove debug
2019-02-13 17:38:32 +01:00
Johan Thomsen 94136fdc1b nixos/flannel: node name needs to be configured for flannel to work with kubernetes storage backend 2019-02-13 17:17:52 +01:00
Frederik Rietdijk 7257dedd7c Merge master into staging-next 2019-02-13 12:33:29 +01:00
Francesco Zanini ab912cf744 atlassian services: allow overriding package (#55685) 2019-02-13 08:08:13 +00:00
Alexandre Mazari b93ea9c26f zoneminder: fix build issue when using createLocally database 2019-02-12 22:32:11 +01:00
Johan Thomsen 9522ca5ce9 nixos/flannel: add options to configure kubernetes as config backend for flannel 2019-02-12 18:26:39 +01:00
Franz Pletz adb837eea7
Merge pull request #55024 from telotortium/airsonic-virtualHost
airsonic: Add virtualHost option to set up nginx virtual host
2019-02-12 02:09:25 +00:00
Florian Jacob faac33bc77 nixos/matomo: 3.8.0 introduces matomo.{php,js} files 2019-02-11 17:33:44 +01:00
Michael Francis 34cf79c6d2
Push plex logs to syslog/journald 2019-02-11 10:47:21 +08:00
Robert Helgesson 488a3f09cd
nixos/wpa_supplicant: use <citerefentry>
Fixes #55505
2019-02-10 13:23:28 +01:00
Jörg Thalheim 393b1510c9
Merge pull request #55440 from Mic92/teamspeak
nixos/teamspeak: ipv6 support
2019-02-10 09:02:20 +00:00
Jörg Thalheim d59f9c0e5f
Merge pull request #55432 from Mic92/ttrss
ttrss: database.passwordFile, ldap plugin, configureable socket
2019-02-10 09:01:45 +00:00
Lorenzo 1dca9d763c
nixos/xautolock: improve doc of time parameer
Specify that the `time` parameter expresses minutes.
2019-02-09 20:47:01 +01:00
Matthew Bauer 5c09d977c7 Merge remote-tracking branch 'origin/master' into staging 2019-02-09 12:14:06 -05:00
Robert Schütz efe98cbdc8 nixos/home-assistant: make config.http.server_port an integer 2019-02-09 15:26:55 +01:00
Sarah Brofeldt 8049fafb5d
Merge pull request #55443 from ptman/patch-1
nixos/docker-registry: fix listenAddress
2019-02-08 20:01:22 +01:00
Maximilian Bosch 6fb825b057 nixos/roundcube: add package option
With this option it's possible to specify a custom expression for
`roundcube`, i.e. a roundcube environment with third-party plugins as
shown in the testcase.
2019-02-08 13:35:09 +00:00
Paul Tötterman 23a84e939e nixos/docker-registry: fix listenAddress
listenAddress config option was previously unused in config generation
2019-02-08 14:39:22 +02:00
Jörg Thalheim 6c28dd858b
teamspeak: ipv6 support
Unlike the options descriptions the service was not listen to any
IPs because the address family was limited to ipv4.
2019-02-08 10:28:20 +00:00
Jörg Thalheim f636bb2016
tt-rss: read listen socket from pool
This allows to use a different socket.
The configuration was tested on my server.
2019-02-08 07:08:13 +00:00
Jörg Thalheim 367b1e10cb
tt-rss: add database.passwordFile option 2019-02-08 07:08:10 +00:00
Lily Ballard b0e79359bd nixos/unifi: Update TCP ports
Fixes #55377
2019-02-07 13:18:57 -08:00
Aaron Andersen 1bec75301b nixos/httpd: don't advertise php 2019-02-07 14:25:55 -05:00
Aaron Andersen 70be5b6bb2 nixos/httpd: disable HTTP TRACE method by default 2019-02-07 14:13:45 -05:00
Aaron Andersen dd610ce84f nixos/httpd: disable TLSv1 by default for better security 2019-02-07 14:05:44 -05:00
Léo Gaspard a59a9a7e60
Merge branch 'pr-55320'
* pr-55320:
  nixos/release-notes: mention breaking changes with matrix-synapse update
  nixos/matrix-synapse: reload service with SIGHUP
  nixos/tests/matrix-synapse: generate ca and certificates
  nixos/matrix-synapse: use python to launch synapse
  pythonPackages.pymacaroons-pynacl: remove unmaintained fork
  matrix-synapse: 0.34.1.1 -> 0.99.0
  pythonPackages.pymacaroons: init at 0.13.0
2019-02-07 17:12:04 +01:00
Graham Christensen 11a819c724
Manual: make reproducible 2019-02-06 22:35:58 -05:00
Maximilian Bosch de79d418ba
Merge pull request #53874 from atopuzov/grafana-config
Grafana configuration
2019-02-06 23:41:25 +01:00
Ioannis Koutras 6642f3f213 nixos/syncthing: setup user only on system service 2019-02-06 20:23:13 +01:00
nyanloutre 524e26c69a nixos/matrix-synapse: reload service with SIGHUP
This is used to load new certificates without restarting the service
2019-02-06 16:28:18 +01:00
nyanloutre eb753318b3 nixos/matrix-synapse: use python to launch synapse
launch synapse with the python executable because the startup script is
no longer available
2019-02-06 16:21:07 +01:00
Aleksandar Topuzović 092eab7228
nixos/grafana: implement dashboard & datasource provisioning
Adds the ability to automatically provision datasources and dashboards.
2019-02-06 12:50:24 +01:00
Robert Irelan eab69d998b Remove option config.services.tt-rss.checkForUpdates (forced to false)
Force this option to false. Leaving this as true (currently the default)
is dangerous. If the TT-RSS installation upgrades itself to a newer
version requiring a schema update, the installation will break the next
time the TT-RSS systemd service is restarted.

Ideally, the installation itself should be immutable (see
https://github.com/NixOS/nixpkgs/issues/55300).
2019-02-05 23:05:23 -08:00
Peter Hoeg 7003a28916
Merge pull request #54541 from dotlambda/home-assistant-0.86
home-assistant: 0.85.1 -> 0.86.4
2019-02-06 09:02:28 +08:00
Silvan Mosberger dfce20e4e3
Merge pull request #51980 from ToxicFrog/munin-plugins
nixos/munin: New options (and some bugfixes) for service configuration
2019-02-05 19:35:03 +01:00
aanderse b8a9c3fbfd redmine: 3.4.8 -> 4.0.1 (#55234)
* redmine: 3.4.8 -> 4.0.1

* nixos/redmine: update nixos test to run against both redmine 3.x and 4.x series

* nixos/redmine: default new installs from 19.03 onward to redmine 4.x series, while keeping existing installs on redmine 3.x series

* nixos/redmine: add comment about default redmine package to 19.03 release notes

* redmine: add aandersea as a maintainer
2019-02-05 11:51:33 +00:00
Robert Irelan 027d4188b2 airsonic: Add virtualHost option to set up nginx virtual host
Modeled after nixos/modules/services/web-apps/tt-rss.nix. The setup is
slightly non-intuitive, so I think it's worth adding upstream.
2019-02-05 00:15:54 -08:00
Ben Kelly ace4855cf6 nixos/munin: enable munin_update and disable munin_stats
munin_update relies on a stats file that exists, but isn't found in the
default location on NixOS; the appropriate plugin configuration is
added.

munin_stats relies on munin-cron writing a logfile, which the NixOS
build of munin does not. (This is probably fixable in the munin package,
but I don't have time to dig into that right now.)
2019-02-04 20:17:26 -05:00
Ben Kelly e7c1449ae9 nixos/munin: add types to Munin options
Some options were missing their types.
2019-02-04 20:17:26 -05:00
Ben Kelly c4437fee7e nixos/munin: add extraCSS option
This permits custom styling of the generated HTML without needing to
build your own Munin package from source. Also comes with an example
that works as a passable dark theme for Munin.
2019-02-04 20:17:26 -05:00
Ben Kelly 6c907851f4 nixos/munin: add extraPlugins and extraAutoPlugins options [#17895]
extraAutoPlugins lets you list plugins and plugin directories to be
autoconfigured, and extraPlugins lets you enable plugins on a one-by-one
basis. This can be used to enable plugins from contrib (although you'll
need to download and check out contrib yourself, then point these
options at it), or plugins you've written yourself.
2019-02-04 20:17:26 -05:00
Ben Kelly b5b82b2cae nixos/munin: require DejaVu fonts if enabled
munin-graph is hardcoded to use DejaVu Mono for the graph legends; if it
can't find it, there's no guarantee it finds a monospaced font at all,
and if it can't find a monospaced font the legends come out badly
misformatted.
2019-02-04 20:17:26 -05:00
Ben Kelly 0c3208a8e4 nixos/munin: add disabledPlugins option
This is just a set of globs to remove from the active plugins directory
after autoconfiguration is complete.

I also removed the hard-coded disabling of "diskstats", since it seems
to work just fine now.
2019-02-04 20:17:26 -05:00
Ben Kelly c74abf763a nixos/munin: add extraPluginConfig option
This lets you specify additional plugin-specific configuration to go in
plugin-conf.d, and complements the extraConfig and extraGlobalConfig
options.
2019-02-04 20:17:26 -05:00
Ben Kelly c02564e37c nixos/munin: fix documentation links
Since this module was written, Munin has moved their documentation from
munin-monitoring.org/wiki to guide.munin-monitoring.org. Most of the
links were broken, and the ones that weren't went to "please use the new
site" pages.
2019-02-04 20:17:26 -05:00
Silvan Mosberger 2d6f84c109
Merge pull request #45412 from costrouc/costrouc/minecraft-server
minecraft-server: 1.12.2 -> 1.13.2 + service refactor
2019-02-05 01:49:24 +01:00
Maximilian Bosch ae7e8c6a2f
Merge pull request #55222 from thefloweringash/nextcloud-nginx-config
nixos/nextcloud: use matching nginx package when configuring nginx
2019-02-05 00:46:43 +01:00
Maximilian Bosch 5a3a543078
Merge pull request #55122 from elseym/ndppd-module
ndppd module: refactor and fix
2019-02-04 21:51:00 +01:00
Andrew Childs a7d9dcab7e nixos/nextcloud: use matching nginx package when configuring nginx
NixOS currently defaults services.nginx.package to
nginxStable. Including configuration files from nginxMainline could
potentially cause incompatible configuration.
2019-02-05 02:59:42 +09:00
Michael Raskin 7ff8a16f07
Merge pull request #55050 from aanderse/redmine-extra-env
nixos/redmine: add an extraEnv option, enable automatic log rotation
2019-02-04 16:28:58 +00:00
Florian Franzen 1278615a48 thinkfan: add option for libatasmart support 2019-02-03 22:34:41 +01:00
Jan Malakhovski cefbe69105 nixos: rippled: fix type
The old state is clearly a bug.
2019-02-03 20:10:13 +00:00
Jan Malakhovski 08cabdf4a9 nixos: rippled: fix indent 2019-02-03 20:10:11 +00:00
Olivier Marty 7a878660a7 nixos/duplicity: init
Add a simple module that wrap duplicity in a systemd service.
2019-02-03 19:13:01 +01:00
Franz Pletz 2746973061
ndppd: don't use weird upstream systemd service unit 2019-02-03 14:39:28 +01:00
elseym 4ce1c59389
ndppd module: refactor 2019-02-03 14:28:54 +01:00
Robert Schütz f85453f060 nixos/home-assistant: add configWritable option 2019-02-03 13:08:11 +01:00
Franz Pletz 14dd9ca1b2
Merge pull request #54706 from pbogdan/lightdm-cursors
nixos/lightdm: allow cursor theme customisation.
2019-02-03 09:09:48 +00:00
Franz Pletz 60c4686bb9
Merge pull request #54709 from pbogdan/lightdm-dpi
nixos/lightdm: inherit DPI settings from xserver config
2019-02-03 09:08:07 +00:00
Franz Pletz 65b26c6555
Merge pull request #54959 from jslight90/gitlab-depenencies
gitlab: add openssh dependency to gitaly
2019-02-03 08:48:16 +00:00
Chris Ostrouchov 58c89ec26a
nixos/mincraft-server: refactor
- allow for options to (added 2 options):
   - agree to eula (eula.txt) true/false will create symlink over
     existing eula.txt to `/nix/store/...`.
   - whitelist users (optional and will symlink over existing
     whitelist.json and create backup)
   - server.properties can be configured with the serverProperties
     option. If there is an existing server.properties it will
     copy it to a server.properties.old to keep the old
     one. server.properties MUST be writable thus symlinking is not
     an option.
  - all ports that are stated in `server.properties` are exposed
    properly in the firewall.

(infinisil) nixos/minecraft-server: Fix, refactor and polish

Adds an option `declarative` (defaulted to false), in order to stay
(mostly) backwards compatible. The only thing that's not backwards
compatible is that you now need to agree to the EULA on evaluation time,
but that's guarded by an assertion and therefore doesn't need a release
note.
2019-02-03 02:16:11 +01:00
Aaron Andersen 52bd7c5f2a nixos/redmine: add an extraEnv option (which could be used to turn on debug logging, etc...), enable automatic log rotation 2019-02-01 09:17:05 -05:00
Vladimír Čunát 8ba516664b
Merge branch 'staging-next' into staging 2019-02-01 09:42:53 +01:00
Jan Tojnar 65e6d80ecd
Merge pull request #53425 from dtzWill/update/fwupd-1.2.3
fwupd: 1.2.1 -> 1.2.3

Co-authored-by: Jan Tojnar <jtojnar@gmail.com>
2019-01-31 23:22:38 +01:00
forficate dd705fb45f nixos/transmission: Bug fix Appamor Transmission startup errors (#54873) 2019-01-31 17:51:48 +00:00
aanderse c6cd07707b nixos/httpd: rename apache log files to have a .log file extension (#54529)
nixos/httpd: rename apache log files to have a .log file extension
2019-01-31 04:04:58 +02:00
Danylo Hlynskyi 30c312341f
Merge pull request #54637 from danbst/small-eval-optimization
module system: small eval optimization
2019-01-31 00:42:24 +02:00
danbst 27982b408e types.optionSet: deprecate and remove last usages 2019-01-31 00:41:10 +02:00
Jeff Slight 059e5e0ba0 gitlab: add openssh dependency to gitaly 2019-01-30 11:29:32 -08:00
Chris Ostrouchov 5a5def3753
munge: fix module munge.key permissions from 0700 -> 0400 readonly 2019-01-30 12:53:54 -05:00
Franz Pletz 72f324dbc7
Merge pull request #45567 from johanot/certmgr-rootca-patch
certmgr: Add patch for optional trust of self-signed certificates at remote cfssl apiserver
2019-01-30 17:37:42 +00:00
Robert Schütz 0525fa54e8
Merge pull request #54739 from Nadrieril/fix-ffsync
Fix firefox sync-server
2019-01-30 16:26:31 +01:00
Nadrieril 375020cf99 nixos/syncserver: mild cleanup 2019-01-30 15:59:01 +01:00
Nadrieril 63c7fe0819 nixos/syncserver: use gunicorn
As described in `syncserver`'s documentation.
Makes it possible to run behind a reverse proxy.
2019-01-30 15:59:00 +01:00
Nadrieril 957d0589ad pythonPackages.syncserver: move to all-packages.nix and fix dependencies 2019-01-30 15:59:00 +01:00
worldofpeace 50b83e7b6a nixos/pantheon: use gnome3.file-roller 2019-01-29 19:37:41 -05:00
Michael Raskin 423e26a1c5
Merge pull request #54524 from aanderse/redmine
redmine: add missing 'migrate' command prior to starting the application
2019-01-29 22:27:57 +00:00
Silvan Mosberger 400912df0f
Merge pull request #53002 from delroth/nginx-sso
nginx-sso: init at 0.15.1 (+ nixos service/test)
2019-01-29 20:10:37 +01:00
Silvan Mosberger 997cd3159e
Merge pull request #54475 from Izorkin/mysql-restartTrigger
mysql: add restartTrigger for my.cnf
2019-01-29 19:54:24 +01:00
Pierre Bourdon 43fcfc274d
nixos: add nginx-sso service 2019-01-29 19:54:14 +01:00
Aaron Andersen d13d35104d Merge remote-tracking branch 'upstream/master' into redmine 2019-01-29 09:24:33 -05:00
Silvan Mosberger f73df1862c
Merge pull request #54495 from peterhoeg/f/sshguard
nixos/sshguard: fix syslog identifiers and pid file
2019-01-29 09:35:36 +01:00
Robert Schütz f908f6c982 nixos/home-assistant: don't run json2yaml at every start 2019-01-29 08:56:51 +01:00
Robert Schütz 7cc7c5374c nixos/home-assistant: add lovelaceConfig option 2019-01-29 08:56:51 +01:00
Silvan Mosberger 2146511740
Merge pull request #54562 from pjones/pjones/netdata-plugins/master
nixos/netdata: Add option to include extra plugins
2019-01-28 19:56:24 +01:00
Piotr Bogdan 6e581656d1 nixos/lightdm: inherit DPI settings from xserver config 2019-01-28 18:00:28 +00:00
Piotr Bogdan 4ad82dd6cd nixos/lightdm: allow cursor theme customisation. 2019-01-28 17:59:28 +00:00
Peter Jones 0da9489c6a
nixos/netdata: Add option to include extra plugins
New option `extraPluginPaths' that allows users to supply additional
paths for netdata plugins.  Very useful for when you want to use
custom collection scripts.
2019-01-28 09:02:47 -07:00
Elis Hirwing ab5dcc7068
nixos/sks: Add option to configure database settings
This can be used for options to tweak the behavior around the database.
2019-01-28 11:14:37 +01:00
Peter Hoeg ee472e4521 nixos/sshguard: fix syslog ids, no more pid file, cleanups
1. Allow syslog identifiers with special characters
2. Do not write a pid file as we are running in foreground anyway
3. Clean up the module for readability

Without this, when deploying using nixops, restarting sshguard would make
nixops show an error about restarting the service although the service is
actually being restarted.
2019-01-28 11:36:29 +08:00
Jan Tojnar dd06999e32
fwupd: fix installed tests 2019-01-28 00:15:00 +01:00
Will Dietz 55fa570046
fwupd: blacklist test plugin by default
Don't add the testing "webcam" device,
which is unexpected to see when querying
what devices fwupd believes exist :).

Won't change behavior for anyone defining
the blacklistPlugin option already,
but doesn't seem worth making more complicated.
2019-01-27 21:26:42 +01:00
Silvan Mosberger f2daf4295e
Merge pull request #54708 from erictapen/unifi-maintainer
unifi, nixos/unifi: add erictapen as maintainer
2019-01-27 19:02:40 +01:00
Justin Humm 38f23046a3
unifi, nixos/unifi: add erictapen as maintainer 2019-01-27 17:28:15 +01:00
Maximilian Bosch acbadcdbba
nixos/wpa_supplicant: escape interface names to listen on
Systemd provides some functionality to escape strings that are supposed
to be part of a unit name[1]. This seems to be used for interface names
in `sys-subsystem-net-devices-{interface}.device` and breaks
wpa_supplicant if the wireless interface name has a dash which is
encoded to \x2d.

Such an interface name is rather rare, but used i.e. when configuring
multiple wireless interfaces with `networking.wlanInterfaces`[2] to have on
interface for `wpa_supplicant` and another one for `hostapd`.

[1] https://www.freedesktop.org/software/systemd/man/systemd-escape.html
[2] https://nixos.org/nixos/options.html#networking.wlaninterfaces
2019-01-27 11:59:18 +01:00
Matthew Bauer 92f0f8dd68 Merge remote-tracking branch 'NixOS/master' into staging 2019-01-27 00:01:13 -05:00
Jörg Thalheim e9b5bd9813
Merge pull request #54600 from volth/patch-301
nixos/collectd: restart on failure
2019-01-26 11:23:02 +00:00
Milan Pässler 24d5e30b5f nixos/prosody: add ExecReload
Add an ExecReload command to the prosody service, to allow reloading
prosody by sending SIGHUP to the main process, for example to update
certificates without restarting the server. This is exactly how the
`prosodyctl` tool does it.

Note: Currently there is a bug which prevents mod_http from reloading the
certificates properly: https://issues.prosody.im/1216.
2019-01-26 03:12:09 +01:00
volth b3c5e9ac1e
nixos/collectd: restart on failure
`collectd' might fail because of a failure in any of numerous plugins.
For example `virt' plugin sometimes fails if `collectd' is started before `libvirtd'
2019-01-26 00:31:32 +00:00
worldofpeace 78da8d668b pantheon: init a 5.0 2019-01-24 20:54:14 +00:00
Janne Heß 9a1b53304a nixos/mysql: Support bootstrapping a Galera cluster
The default galera_new_cluster script tries to set this environment
variable using systemctl set-environment which doesn't work if the
variable is not being used in the unit file ;)
2019-01-24 17:39:19 +01:00
Franz Pletz 4602b43a33
certmgr service: add package option 2019-01-24 12:11:15 +01:00
John Wiegley 0305c55888
Merge pull request #53702 from aanderse/apache-ssl-opt
nixos/httpd: add options sslCiphers & sslProtocols
2019-01-23 19:27:17 -08:00
Silvan Mosberger 968eb6b3e0
Merge pull request #54514 from LeOtaku/fix/restic-timer-config
nixos/restic: change type of timerConfig option
2019-01-24 00:40:52 +01:00
Silvan Mosberger 7222fd9e21
Merge pull request #53986 from Ma27/document-dovecot-prometheus-exporter-issues
nixos/prometheus-dovecot-exporter: enhance `socketPath` documentation
2019-01-24 00:17:20 +01:00
Maximilian Bosch ca72dbd125
nixos/prometheus-dovecot-exporter: enhance socketPath documentation
In Dovecot 2.3[1] the stats module changed and now the UNIX socket
provided by Dovecot by default isn't compatible anymore with the
exporter[2]. By enabling the `old-stats` plugin in Dovecot this issue
can be solved which should be documented in this module.

[1] https://wiki2.dovecot.org/Upgrading/2.3
[2] https://github.com/kumina/dovecot_exporter/issues/8
2019-01-23 23:51:48 +01:00
Pascal Bach 8347722775 nixos/plex: allow access to hardware acceleration libraries
CUDA and OpenCL libraries are located in /run/opengldriver/lib and Plex
can make use of them if available.
2019-01-23 23:07:40 +01:00
Silvan Mosberger d9f39b7252
Merge pull request #54310 from Mic92/postgresq-backup
nixos/postgresqlBackup: add backupAll option
2019-01-23 21:40:39 +01:00
LeOtaku 63ed962e4b nixos/restic: change type of timerConfig option to attrsOf unitOption
This is needed for correctly passing the option to "systemd.timer"
2019-01-23 21:29:02 +01:00
Jörg Thalheim 6ad1271a4c
Merge pull request #54113 from telotortium/xrdp-clipboard-fix
xrdp: fix clipboard for non-ASCII characters
2019-01-22 18:51:04 +00:00
Izorkin ea02ddc0be mysql: add restartTrigger for my.cnf 2019-01-22 21:05:21 +03:00
Robert Irelan 8844f09d53 xrdp: fix clipboard for non-ASCII characters
Without this line, attempting to copy and paste non-ASCII characters
will result in error messages like the following (and pasting from the
server to the client will not work):

```
CLIPBOARD  clipboard_send_data_response_for_text: 823 : ERROR: clipboard_send_data_response_for_text: bad string
```
2019-01-22 09:52:53 -08:00
Silvan Mosberger 120ce2f399
Merge pull request #54197 from dermetfan/fix/nixos-mysql
nixos/mysql: fix option `ensureDatabases`
2019-01-22 15:35:16 +01:00
Silvan Mosberger 2f9ef8c563
Merge pull request #54051 from Ma27/optional-prometheus-source_labels
nixos/prometheus: make `source_labels` optional
2019-01-22 15:18:06 +01:00
Jan Tojnar dd3626c036
Merge pull request #53695 from chpatrick/gnome-flashback-session
nixos/gnome3: add GNOME Flashback sessions option
2019-01-21 12:01:32 +01:00
Patrick Chilton b25095bcda nixos/gnome3: add GNOME Flashback sessions option 2019-01-21 11:17:49 +01:00
Wout Mertens e445eabbe8
Merge pull request #41440 from wmertens/php-per-pool
phpfpm: allow configuring PHP package per-pool
2019-01-21 08:35:49 +01:00
Jörg Thalheim 1af4f366ca
nixos/postgresqlBackup: add backupAll option
For large setups it is useful to list all databases explicit
(for example if temporary databases are also present) and store them in extra
files.
For smaller setups it is more convenient to just backup all databases at once,
because it is easy to forget to update configuration when adding/renaming
databases. pg_dumpall also has the advantage that it backups users/passwords.

As a result the module becomes easier to use because it is sufficient
in the default case to just set one option (services.postgresqlBackup.enable).
2019-01-19 11:41:06 +00:00
worldofpeace 9d6fc7ad04 nixos/file-roller: init 2019-01-18 15:04:36 -05:00
Peter Hoeg 9f5b5fee9c
Merge pull request #48101 from peterhoeg/f/pykms_master
nixos pykms: run via DynamicUser
2019-01-18 15:52:12 +08:00
Peter Hoeg eaa665e243
Merge pull request #53495 from peterhoeg/p/zm
zoneminder: init at 1.32.3 and add NixOS module
2019-01-18 15:49:28 +08:00
Robin Stumm 429c0bf60c nixos/mysql: fix option ensureDatabases
The database name needs to be quoted
in case it contains special characters
so the MySQL service does not fail to start.
2019-01-17 19:08:50 +01:00
Jan Tojnar 23c1a234dc
Merge pull request #54124 from jtojnar/remove-packages-by-name
nixos/desktops: deduplicate removePackagesByName
2019-01-17 16:05:14 +01:00
Jan Tojnar bedc81fcb6
nixos/desktops: deduplicate removePackagesByName
GNOME, MATE and LxQt all use removePackagesByName. Let’s move it to a single
place, rename the attributes to meaningful name and add docs.
2019-01-17 07:13:25 +01:00
Maximilian Bosch 003132c2dd
nixos/prometheus: make source_labels optional
It's possible to skip `source_labels` entirely, an example for this is
the blackbox exporter configuration:

https://github.com/prometheus/blackbox_exporter#prometheus-configuration
2019-01-16 14:01:43 +01:00
Vladyslav M 95a0e24381
Merge pull request #53952 from Ma27/improve-gitea-module
nixos/gitea: minor fixes
2019-01-15 23:55:16 +02:00
Peter Hoeg 982354284d zoneminder (nixos): add basic module 2019-01-15 21:27:45 +08:00
Franz Pletz d947944d70
Merge pull request #53962 from elseym/sonarr
sonarr service: add more options to module
2019-01-14 19:33:58 +00:00
elseym 44e1aabd02
nzbget service: fix preStart script and add more options to module 2019-01-14 20:30:44 +01:00
elseym 31ad79f432
sonarr service: add more options to module 2019-01-14 20:30:10 +01:00
Maximilian Bosch f90bd42c89
nixos/gitea: add git to the service path
Otherwise commands like `git push` will fail if the machine doesn't have
git installed.
2019-01-14 16:04:02 +01:00
Maximilian Bosch ad3a50e25b
nixos/gitea: add option to disable registration
Although this can be added to `extraOptions` I figured that it makes
sense to add an option to explicitly promote this feature in our
documentation since most of the self-hosted gitea instances won't be
intended for common use I guess.

Also added a notice that this should be added after the initial deploy
as you have to register yourself using that feature unless the install
wizard is used.
2019-01-14 16:04:02 +01:00
Jan Tojnar e35acd7f1c gnome3: link nautilus-python paths to environment 2019-01-13 17:43:33 +01:00
Yorick 4d68e82dbc nixos/borgbackup: use coercedTo instead of apply on paths (#53756)
so multiple declarations merge properly
2019-01-10 16:34:02 +01:00
Vladimír Čunát 829ada37bf
Merge #53365: nixos/nsd: Don't override bind via nixpkgs.config 2019-01-10 11:00:40 +01:00
Aaron Andersen fd5a88687c nixos/httpd: add options sslCiphers & sslProtocols 2019-01-09 11:30:19 -05:00
Robin Gloster c75571d66c
Merge pull request #53598 from mayflower/atlassian-updates
atlassian updates
2019-01-08 17:56:13 +00:00
Silvan Mosberger 6a942aec5b
Merge pull request #52765 from Izorkin/datadog-agent
datadog-agent: 6.4.2 -> 6.8.3
2019-01-08 16:01:26 +01:00
Izorkin 47a8b13efa datadog-agent: 6.4.2 -> 6.8.3 2019-01-08 11:16:44 +03:00
Robin Gloster 89d24aca93
atlassian-crowd: 3.2.5 -> 3.3.3 2019-01-07 21:54:23 +01:00
Franz Pletz b60f8fc6e2
atlassian modules: don't chown home recursively
This can take a long time and should not be necassary anyway.
2019-01-07 21:54:20 +01:00
Matthew Bauer de30f4e61d
Merge pull request #51570 from eonpatapon/cassandra-logging
cassandra: add option to configure logging
2019-01-07 12:41:07 -06:00
Bas van Dijk 6ac10cd764
Merge pull request #53399 from LumiGuide/feat-wordpress-copy-plugins
apache-httpd/wordpress: copy plugins and themes instead of symlinking
2019-01-07 13:41:29 +01:00
Tim Steinbach 289fe57eea
urxvt: Allow switching out package 2019-01-07 07:35:20 -05:00
Falco Peijnenburg 9d2c9157d7 nixos/apache-httpd/wordpress: copy plugins and themes instead of symlinking
Symlinking works for most plugins and themes, but Avada, for instance, fails to
understand the symlink, causing its file path stripping to fail. This results in
requests that look like:

https://example.com/wp-content//nix/store/...plugin/path/some-file.js

Since hard linking directories is not allowed, copying is the next best thing.
2019-01-06 17:51:31 +01:00
Frederik Rietdijk e5381cdece Merge master into staging-next 2019-01-06 09:36:23 +01:00
Jörg Thalheim 09fb07e4af
Merge pull request #52943 from ck3d/vdr-enableLirc
nixos vdr: introduce option enableLirc
2019-01-05 17:51:41 +01:00
Jörg Thalheim 9b2f0fbcdd
nixos/lirc: expose socket path via passthru 2019-01-05 13:22:39 +01:00
Frederik Rietdijk 9618abe87c Merge master into staging-next 2019-01-04 21:13:19 +01:00
aszlig 6446d9eee8
nixos/nsd: Improve checking for empty dnssec zones
While at it (see previous commit), using attrNames in combination with
length is a bit verbose for checking whether the filtered attribute set
is empty, so let's just compare it against an empty attribute set.

Signed-off-by: aszlig <aszlig@nix.build>
2019-01-04 01:59:28 +01:00
aszlig 751bdacc9b
nixos/nsd: Don't override bind via nixpkgs.config
When generating values for the services.nsd.zones attribute using values
from pkgs, we'll run into an infinite recursion because the nsd module
has a condition on the top-level definition of nixpkgs.config.

While it would work to push the definition a few levels down, it will
still only work if we don't use bind tools for generating zones.

As far as I could see, Python support for BIND seems to be only needed
for the dnssec-* tools, so instead of using nixpkgs.config, we now
directly override pkgs.bind instead of globally in nixpkgs.

To illustrate the problem with a small test case, instantiating the
following Nix expression from the nixpkgs source root will cause the
mentioned infinite recursion:

  (import ./nixos {
    configuration = { lib, pkgs, ... }: {
      services.nsd.enable = true;
      services.nsd.zones = import (pkgs.writeText "foo.nix" ''
        { "foo.".data = "xyz";
          "foo.".dnssec = true;
        }
      '');
    };
  }).vm

With this change, generating zones via import-from-derivation is now
possible again.

Signed-off-by: aszlig <aszlig@nix.build>
Cc: @pngwjpgh
2019-01-04 01:49:50 +01:00
Jean-Philippe Braun 4f99f8d2cb nixos/prometheus-bind-exporter: add module 2019-01-03 21:14:21 +01:00
Frederik Rietdijk 2da31b80bb Merge master into staging-next 2019-01-03 20:07:35 +01:00
Silvan Mosberger 2b1c9fd8a7
Merge pull request #53301 from cdepillabout/remove-cpufreqgov-alias
nixos/cpufreq: Remove the alias to set the cpu frequency governor
2019-01-03 17:47:53 +01:00
(cdep)illabout 46ecec8239
nixos/cpufreq: Remove the alias to set the cpu frequency governor
This PR temporarily fixes the issue with PR 53041 as explained
here:

https://github.com/NixOS/nixpkgs/pull/53041#commitcomment-31825338

The alias `powerManagement.cpufreq.governor` to
`powerManagement.cpuFreqGovernor` has been removed.
2019-01-03 20:57:49 +09:00
Сухарик a285cead44 nixos/display-managers: allow pure wayland sessions 2019-01-03 09:38:36 +03:00
Frederik Rietdijk 092e3b50a8 Merge master into staging-next 2019-01-02 21:08:27 +01:00
ajs124 325e314aae
sshd: Add restartTrigger for sshd_config
Co-Authored-By: Franz Pletz <fpletz@fnordicwalking.de>
2019-01-02 20:11:01 +01:00
Franz Pletz 0ea65cd96c
shairport-sync service: fix default arguments 2019-01-02 19:17:22 +01:00
(cdep)illabout b0f10d2d53
cpufreq: add option for setting the cpu max and min frequencies
This adds a NixOS option for setting the CPU max and min frequencies
with `cpufreq`.  The two options that have been added are:

- `powerManagement.cpufreq.max`
- `powerManagement.cpufreq.min`

It also adds an alias to the `powerManagement.cpuFreqGovernor` option as
`powerManagement.cpufreq.governor`.  This updates the installer to use
the new option name.  It also updates the manual with a note about
the new name.
2019-01-01 19:18:12 +09:00
Frederik Rietdijk 070290bda7 Merge master into staging-next 2018-12-31 12:00:36 +01:00
Silvan Mosberger 070254317e
Revert "nixos/ddclient: make RuntimeDirectory and configFile private" 2018-12-29 16:53:43 +01:00
Christian Kögler 987fdea1a8 nixos vdr: introduce option enableLirc
also introduce option socket for lirc, to have access to socket path
2018-12-26 22:59:06 +01:00
Frederik Rietdijk e45ca47f14 Merge staging-next into staging 2018-12-26 09:30:32 +01:00
worldofpeace c1599d29d9 gcr: rename from gnome3.gcr 2018-12-25 20:14:28 -05:00
worldofpeace 3f6c81da4d
Merge pull request #52592 from worldofpeace/geoclue/correct-sysconf
geoclue2: correct sysconfdir
2018-12-25 19:03:22 -05:00
worldofpeace c65edd687f geoclue2: correct sysconfdir 2018-12-25 18:38:19 -05:00
Jan Tojnar ef935fa101
Merge branch 'master' into staging 2018-12-24 15:02:29 +01:00
Jörg Thalheim 044ff3dc66
nixos/vdr: don't delete recordings 2018-12-23 18:54:39 +01:00
Jörg Thalheim 633bc1d09b
Merge pull request #52686 from Mic92/vdr
vdr: revisited version of https://github.com/NixOS/nixpkgs/pull/32050
2018-12-23 16:19:27 +01:00
Emery Hemingway 124d8ccc69
Add IPFS warning 2018-12-22 20:04:19 +01:00
Jörg Thalheim 45986ec587
nixos/vdr: create video directory automatically 2018-12-22 15:13:35 +01:00
Christian Kögler dd3f755cf4
vdr: initial at 2.4.0 and nixos module
used same plugin mechanism as kodi does
2018-12-22 15:13:25 +01:00
worldofpeace 94af8ebde2 nixos/displayManager: only install wayland sessions if they exist in extraSessionFilePackages
Not everyone is using wayland just yet.
2018-12-22 01:15:09 -05:00
Samuel Dionne-Riel 3c38cc8058
Merge pull request #51813 from samueldr/aarch64/disable-non-arm-builds-part-1
aarch64: ZHF for aarch64 (1/??)
2018-12-20 21:06:52 -05:00
Maximilian Bosch 87ebc2ad0b
Merge pull request #52345 from r-ryantm/auto-update/clickhouse
clickhouse: 18.14.9 -> 18.14.18
2018-12-20 18:48:37 +01:00
Jörg Thalheim 2dd13d4ba0 nixos/glusterfs: remove unused PYTHONPATH
this directory does not exists
2018-12-20 14:54:56 +00:00
Maximilian Bosch 64d05bbdd2
clickhouse: fix module and package runtime
Although the package itself builds fine, the module fails because it
tries to log into a non-existant file in `/var/log` which breaks the
service. Patching to default config to log to stdout by default fixes
the issue. Additionally this is the better solution as NixOS heavily
relies on systemd (and thus journald) for logging.

Also, the runtime relies on `/etc/localtime` to start, as it's not
required by the module system we set UTC as sensitive default when using
the module.

To ensure that the service's basic functionality is available, a simple
NixOS test has been added.
2018-12-20 13:03:41 +01:00
Jeremy Apthorp 654c3124b2
shairport-sync: don't daemonize
This flag causes the shairport-sync server to attempt to daemonize, but it looks like systemd is already handling that. With the `-d` argument, shairport-sync immediately exits—it seems that something (systemd I'm guessing?) is sending it SIGINT or SIGTERM.

The [upstream systemd unit](https://github.com/mikebrady/shairport-sync/blob/master/scripts/shairport-sync.service.in#L10) doesn't pass `-d`.
2018-12-19 22:37:25 -08:00
Frederik Rietdijk 9ab61ab8e2 Merge staging-next into staging 2018-12-19 09:00:36 +01:00
volth fed7914539
Merge branch 'staging' into make-perl-pathd 2018-12-18 17:13:27 +00:00
Silvan Mosberger 9673380261
Merge pull request #52168 from cdepillabout/add-bluezFull-package
Add bluez full package
2018-12-17 03:01:49 +01:00
Satoshi Shishiku 5a93f6149a
prosody service: set cafile
Fix s2s_secure_auth.
2018-12-17 01:01:41 +01:00
Jan Tojnar aead6e12f9
Merge remote-tracking branch 'upstream/master' into staging 2018-12-16 22:55:06 +01:00
Florian Klink 91c65721f7 owncloud: remove server
pkgs.owncloud still pointed to owncloud 7.0.15 (from May 13 2016)

Last owncloud server update in nixpkgs was in Jun 2016.
At the same time Nextcloud forked away from it, indicating users
switched over to that.

cc @matej (original maintainer)
2018-12-16 15:05:53 +01:00
Florian Klink 50500219af apache-httpd/limesurvey.nix: fix copypasta from owncloud 2018-12-16 15:05:53 +01:00
Florian Klink 34d45007e2
Merge pull request #51053 from Ma27/draft-nextcloud-module-docs
nixos/nextcloud: add basic module documentation and warn about current upgrading issues
2018-12-16 12:16:47 +01:00
Rickard Nilsson b20fcce195 nixos/nm-setup-hostsdir: RemainAfterExist -> RemainAfterExit 2018-12-15 08:33:28 +01:00
(cdep)illabout 9039cc3f28
Add explanation of using the bluezFull package in nixos documentation. 2018-12-15 14:49:41 +09:00
volth bb9557eb7c lib.makePerlPath -> perlPackages.makePerlPath 2018-12-15 03:50:31 +00:00
Florian Klink da6a3271bb
Merge pull request #51624 from dasJ/slapd-log
nixos/openldap: Support configuring the log level
2018-12-14 11:12:43 +01:00
Elis Hirwing 6fa51fe5cf
nixos/lightdm: Fix spelling of option in docs 2018-12-13 22:26:12 +01:00
Elis Hirwing c974813b92
nixos/sddm: Fix spelling of option in docs 2018-12-13 22:25:19 +01:00
Bas van Dijk 5d970e740e pythonPackages.elasticsearch-curator: 5.5.4 -> 5.6.0 2018-12-13 20:58:58 +01:00
Janne Heß 3c54d6b2f8 nixos/openldap: Support configuring the log level 2018-12-13 15:14:59 +01:00
Arian van Putten 1d5f4cbb78 nixos/nscd: Add a descriptive comment to the nscd configuration 2018-12-12 15:35:46 +01:00
Arian van Putten a74619c1ae nixos/nscd: also add netgroup to the config
It was the last database that wasn't listed.
2018-12-12 15:35:40 +01:00
Arian van Putten de76c16f9c nixos/nscd: Merge nscd and sssd-nscd config 2018-12-12 15:35:40 +01:00
Arian van Putten 99d3279952 nixos/nscd: Disable negative caching of hosts
Hopefully fixes #50290
2018-12-12 15:35:40 +01:00
Arian van Putten e712417936 nixos/nscd: Disable caching of group and passwd
Systemd provides an option for allocating DynamicUsers
which we want to use in NixOS to harden service configuration.
However, we discovered that the user wasn't allocated properly
for services. After some digging this turned out to be, of course,
a cache inconsistency problem.

When a DynamicUser creation is performed, Systemd check beforehand
whether the requested user already exists statically. If it does,
it bails out. If it doesn't, systemd continues with allocating the
user.

However, by checking whether the user exists,  nscd will store
the fact that the user does not exist in it's negative cache.
When the service tries to lookup what user is associated to its
uid (By calling whoami, for example), it will try to consult
libnss_systemd.so However this will read from the cache and tell
report that the user doesn't exist, and thus will return that
there is no user associated with the uid. It will continue
to do so for the cache duration time.  If the service
doesn't immediately looks up its username, this bug is not
triggered, as the cache will be invalidated around this time.
However, if the service is quick enough, it might end up
in a situation where it's incorrectly reported that the
user doesn't exist.

Preferably, we would not be using nscd at all. But we need to
use it because glibc reads  nss modules from /etc/nsswitch.conf
by looking relative to the global LD_LIBRARY_PATH.  Because LD_LIBRARY_PATH
is not set globally (as that would lead to impurities and ABI issues),
glibc will fail to find any nss modules.
Instead, as a hack, we start up nscd with LD_LIBRARY_PATH set
for only that service. Glibc will forward all nss syscalls to
nscd, which will then respect the LD_LIBRARY_PATH and only
read from locations specified in the NixOS config.
we can load nss modules in a pure fashion.

However, I think by accident, we just copied over the default
settings of nscd, which actually caches user and group lookups.
We already disable this when sssd is enabled, as this interferes
with the correct working of libnss_sss.so as it already
does its own caching of LDAP requests.
(See https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/deployment_guide/usingnscd-sssd)

Because nscd caching is now also interferring with libnss_systemd.so
and probably also with other nsss modules, lets just pre-emptively
disable caching for now for all options related to users and groups,
but keep it for caching hosts ans services lookups.

Note that we can not just put in /etc/nscd.conf:
enable-cache passwd no

As this will actually cause glibc to _not_ forward the call to nscd
at all, and thus never reach the nss modules. Instead we set
the negative and positive cache ttls  to 0 seconds as a workaround.
This way, Glibc will always forward requests to nscd, but results
will never be cached.

Fixes #50273
2018-12-12 15:35:40 +01:00
Kai Wohlfahrt f5b4918de4 kerberos_server: ensure only one realm configured
Leave options for multiple realms for similarity to krb5, and future
expansion. Currently not tested because I can't make it work and don't need
it.
2018-12-11 13:33:10 +00:00
Kai Wohlfahrt 4e4a599e7e kerberos_server: Keep ACL file in store
Could also move kdc.conf, but this makes it inconvenient to use command line
utilities with heimdal, as it would require specifying --config-file with every
command.
2018-12-11 13:33:10 +00:00
Kai Wohlfahrt 6cca9c0f9f kerberos-server: add kerberos option
Allow switching out kerberos server implementation.

Sharing config is probably sensible, but implementation is different enough to
be worth splitting into two files. Not sure this is the correct way to split an
implementation, but it works for now.

Uses the switch from config.krb5 to select implementation.
2018-12-11 13:33:10 +00:00
Kai Wohlfahrt fe8f2b8813 kerberos-server: switch to ExecStart
script causes problems for forking services like MIT Kerberos.
2018-12-11 13:33:10 +00:00
Kai Wohlfahrt 4f9af77287 kerberos-server: cleanup of kerberos.nix
General cleanup before adding more options.
2018-12-11 13:33:10 +00:00
Kai Wohlfahrt ee3bd730d4 kerberos-server: move kadmind to systemd
Don't use socket activation, as inetd is discouraged by heimdal documentation.
2018-12-11 13:33:10 +00:00
Kai Wohlfahrt dfdd348206 kerberos-server: Fix sbin paths
tcpd doesn't have sbin anymore (so it was broken), and heimdal just symlinks to
bin.
2018-12-11 13:33:10 +00:00
Jappie Klooster e576c3b385 doc: Fix insecure nginx docs (#51840) 2018-12-11 11:02:56 +00:00
markuskowa 9fba490258
Merge pull request #50862 from markuskowa/fix-slurm-module
nixos/slurm: set slurmd KillMode and add extraConfigPaths
2018-12-11 00:45:47 +01:00
Samuel Dionne-Riel abcb25bd8d aerospike: Disables build on aarch64
The issue with its inclusion in the manual has been side-stepped by
matching on the platforms in supports.
2018-12-10 14:55:19 -05:00
Tor Hedin Brønner 3c0e70402f nixos/displayManager: Note that sessionCommands aren't run on Wayland 2018-12-10 10:36:25 +01:00
Tor Hedin Brønner cdd266c73b nixos/gnome3: Implement sessionPath through environment.extraInit
This will simply make the `sessionPath` more likely to work.
2018-12-10 10:36:25 +01:00
Tor Hedin Brønner 48a9a24910 nixos/sddm: Enable wayland-sessions
LightDM is unable to separate between `wayland-sessions/gnome.desktop` and
`xsessions/gnome.desktop` so I ommitted adding this to LightDM.
2018-12-10 10:36:24 +01:00
Florian Jacob 959ba6f055 nixos/matomo: rename matomo_setup_update to matomo-setup-update
to make it consistent with other NixOS systemd services and `matomo-archive-processing.service`.
Also, consistently spell Matomo with capital M.
2018-12-09 14:42:27 +01:00
Florian Jacob ed6a60de1e nixos/matomo: add automatic archive processing 2018-12-09 14:42:27 +01:00
Tor Hedin Brønner 9895ce24b4 nixos/displayManager: Install wayland sessions from extraSessionFilePackages 2018-12-09 11:04:42 +01:00
markuskowa 9a7ce7d69a
Merge pull request #51728 from ck3d/fix-lirc-runtime-owner-ship
nixos lirc: fix owner-ship of runtime directory
2018-12-08 18:08:14 +01:00
Jörg Thalheim da4e257fce
Merge pull request #51670 from Mic92/quassel-webserver
quassel-webserver: remove
2018-12-08 16:26:45 +00:00
Frederik Rietdijk 3e950d584c Merge staging-next into master 2018-12-08 16:29:21 +01:00
markuskowa 86d80a7b78
Merge pull request #51583 from WilliButz/grafana-update
grafana: 5.3.4 -> 5.4.0
2018-12-08 15:42:15 +01:00
Christian Kögler 4bb55815be nixos lirc: fix owner-ship of runtime directory 2018-12-08 14:37:02 +01:00
Frederik Rietdijk e0950ae9ad Merge master into staging-next 2018-12-08 12:40:13 +01:00
Graham Christensen ca3f089a83
Merge pull request #51314 from Izorkin/mariadb-my.cnf
mariadb: change location configuration file to /etc/my.cnf
2018-12-07 15:37:53 -05:00
Jörg Thalheim 40c8969b4c
quassel-webserver: remove
Package is broken and the original maintainer does not respond.
Unless someone wants to pick it up, I propose the removal.

fixes #51614
2018-12-07 16:46:36 +00:00
Frederik Rietdijk 5f554279ec Merge master into staging-next 2018-12-07 15:22:35 +01:00
Renaud 0eb2f4b5f5
Merge pull request #50809 from sorki/wireguard_containers_wont_modprobe
wireguard: don't modprobe if boot.isContainer is set
2018-12-07 11:06:28 +01:00
WilliButz 60eff0eecb
nixos/grafana: use new default for connMaxLifetime 2018-12-05 20:49:45 +01:00
Jean-Philippe Braun 691932bba6 cassandra: add option to configure logging
As cassandra start script hardcodes the location of logback
configuration to `CASSANDRA_CONF_DIR/logback.xml` there is no way to
pass an alternate file via `$JVM_OPTS` for example.

Also, without logback configuration DEBUG level is used which is not
necessary for standard usage.

With this commit a default logback configuration is set with log level
INFO.

Configuration borrowed from:
https://docs.datastax.com/en/cassandra/3.0/cassandra/configuration/configLoggingLevels.html
2018-12-05 15:17:37 +01:00
Pierre Bourdon 3873f43fc3 prometheus/exporters: fix regression in DynamicUser behavior
Instead of setting User/Group only when DynamicUser is disabled, the
previous version of the code set it only when it was enabled. This
caused services with DynamicUser enabled to actually run as nobody, and
services without DynamicUser enabled to run as root.

Regression from fbb7e0c82f.
2018-12-05 11:26:38 +01:00
Pierre Bourdon 199b4c4743 prometheus/exporters/tor: make CPython happy by defining $HOME 2018-12-05 11:26:38 +01:00
Austin Seipp 2a22554092 nixos/cockroachdb: simplify dataDir management, tweaks
This cleans up the CockroachDB expression, with a few suggestions from
@aszlig.

However, it brought up the note of using systemd's StateDirectory=
directive, which is a nice feature for managing long-term data files,
especially for UID/GID assigned services. However, it can only manage
directories under /var/lib (for global services), so it has to introduce
a special path to make use of it at all in the case someone wants a path
at a different root.

While the dataDir directive at the NixOS level is _occasionally_ useful,
I've gone ahead and removed it for now, as this expression is so new,
and it makes the expression cleaner, while other kinks can be worked out
and people can test drive it.

CockroachDB's dataDir directive, instead, has been replaced with
systemd's StateDirectory management to place the data under
/var/lib/cockroachdb for all uses.

There's an included RequiresMountsFor= clause like usual though, so if
people want dependencies for any kind of mounted device at boot
time/before database startup, it's easy to specify using their own
mount/filesystems clause.

This can also be reverted if necessary, but, we can see if anyone ever
actually wants that later on before doing it -- it's a backwards
compatible change, anyway.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2018-12-04 19:44:16 -06:00
Red Davies 4173b845ca mediawiki: 1.29.1 -> 1.31.1
1.29.1 is out of support and has security vulnerabilities. 1.31.1 is current LTS.
2018-12-03 21:04:08 +00:00
Bjørn Forsman bb94d419fb nixos/jenkins-job-builder: add accessTokenFile option
The new option allows storing the secret access token outside the world
readable Nix store.
2018-12-03 17:07:29 +01:00
Bjørn Forsman 8ebfd5c45c nixos/jenkins-job-builder: stop reloadScript on error
Currently there are two calls to curl in the reloadScript, neither which
check for errors. If something is misconfigured (like wrong authToken),
the only trace that something wrong happened is this log message:

  Asking Jenkins to reload config
  <h1>Bad Message 400</h1><pre>reason: Illegal character VCHAR='<'</pre>

The service isn't marked as failed, so it's easy to miss.

Fix it by passing --fail to curl.

While at it:
* Add $curl_opts and $jenkins_url variables to keep the curl command
  lines DRY.
* Add --show-error to curl to show short error message explanation when
  things go wrong (like HTTP 401 error).
* Lower-case the $CRUMB variable as upper case is for exported environment
  variables.

The new behaviour, when having wrong accessToken:

  Asking Jenkins to reload config
  curl: (22) The requested URL returned error: 401

And the service is clearly marked as failed in `systemctl --failed`.
2018-12-03 17:07:29 +01:00
Frederik Rietdijk a510aa2672 Merge master into staging-next 2018-12-03 12:18:43 +01:00
Piotr Bogdan 9ca3414e05 nixos/cockroachdb: supply defaultText for the package option 2018-12-02 20:50:57 -06:00
Austin Seipp 4594b18070 nixos/chrony: fix misplaced ConditionCapability= directive
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2018-12-02 20:32:47 -06:00
Izorkin 953be3e283 mariadb: change location configuration file to /etc/my.cnf 2018-12-02 22:15:02 +03:00
Silvan Mosberger 4afae70e2b
Merge pull request #48423 from charles-dyfis-net/bees
bees: init at 0.6.1; nixos/modules: services.bees init
2018-12-02 18:38:47 +01:00
markuskowa 506d4c7e44
Merge pull request #51329 from c0bw3b/cleanup/gnu-https
Favor HTTPS URLs - the GNU edition
2018-12-02 16:52:33 +01:00
c0bw3b 0498ccd076 Treewide: use HTTPS on GNU domains
HTTP -> HTTPS for :
- http://gnu.org/
- http://www.gnu.org/
- http://elpa.gnu.org/
- http://lists.gnu.org/
- http://gcc.gnu.org/
- http://ftp.gnu.org/ (except in fetchurl mirrors)
- http://bugs.gnu.org/
2018-12-02 15:51:59 +01:00
Bas van Dijk 7035598251
Merge pull request #51225 from LumiGuide/elk-6.5.1
elk: 6.3.2 -> 6.5.1
2018-12-02 14:44:47 +01:00
John Boehr 4226ddc034 nixos/cockroachdb: create new service
This also includes a full end-to-end CockroachDB clustering test to
ensure everything basically works. However, this test is not currently
enabled by default, though it can be run manually. See the included
comments in the test for more information.

Closes #51306. Closes #38665.

Co-authored-by: Austin Seipp <aseipp@pobox.com>
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2018-12-01 19:07:49 -06:00
Bas van Dijk fbf0efc6a7 elk: 6.3.2 -> 6.5.1 2018-12-01 12:47:12 +01:00
Austin Seipp ee14496ae2 nixos/dhcpcd: (try to) restart chrony in the exitHook
As the comment notes, restarts/exits of dhcpcd generally require
restarting the NTP service since, if name resolution fails for a pool of
servers, the service might break itself. To be on the safe side, try
restarting Chrony in these instances, too.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2018-11-30 18:50:33 -06:00
Austin Seipp 7b8d9700e1 nixos/chrony: don't emit initstepslew when servers is empty
Setting the server list to be empty is useful e.g. for hardware-only
or virtualized reference clocks that are passed through to the system
directly. In this case, initstepslew has no effect, so don't emit it.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2018-11-30 18:50:32 -06:00
Jan Tojnar e02516db75
nixos/gnome3: enable remote desktop on wayland 2018-11-30 21:35:21 +01:00
Jan Tojnar d359635ab4
gnome3.gnome-remote-desktop: init at 0.1.6 2018-11-30 21:35:21 +01:00
Tor Hedin Brønner 2c8565a3ce
nixos/gdm: use XDG_DATA_DIRS to find sessions
Gdm now searches for session files in XDG_DATA_DIRS so we no longer need the
sessions_dir.patch.
2018-11-30 21:34:47 +01:00
Robert Schütz 74e283403c
nixos/borgbackup: allow paths to be empty or relative (#51275)
This former necessary in order to exclusively use `--pattern` or `--patterns-from`.
Fixes #51267.
2018-11-30 17:37:50 +01:00
Florian Klink aa490a543e
Merge pull request #48049 from Vskilet/roundcube-module
nixos/roundcube: add roundcube module
2018-11-30 13:29:00 +01:00
Charles Duffy 86db2f394c
nixos/modules: services.bees init 2018-11-29 20:27:45 -06:00
Maximilian Bosch 216a954540
nixos/nextcloud: add basic module documentation and warn about current upgrading issues
Part of #49783. NextCloud tracks in its `config.php` the application's
state which makes it hard for the module to modify configurations during
upgrades.

It will take time until the issue is properly fixed, therefore we
decided to warn about this in the manual.

This PR addresses two things:

* Adding a basic example for nextcloud. I figured it to be helpful to
  add some basic usage instructions when adding a new manual entry.
  Advanced documentation may follow later.

  For now this document actively links to the service options, so users
  are guided to the remaining options that can be helpful in certain
  cases.

* Add a warning about upgrades and manual changes in
  `/var/lib/nextcloud`. This will be fixed in the future, but it's
  definetely helpful to document the current issues in the manual (as
  proposed in https://github.com/NixOS/nixpkgs/issues/49783#issuecomment-439691127).
2018-11-29 11:59:54 +01:00
Florian Klink 3caeeabb14 gitlab: stop regenerating the authorized_keys file 2018-11-28 23:09:23 +01:00
Robin Gloster 1262a5ca97
roundcube: apply code review suggestions 2018-11-28 18:53:37 +01:00
Robin Gloster 9ace7f6409
roundcube: clean-up and add test 2018-11-28 18:52:10 +01:00
Victor SENE 2f8073bd92
roundcube: IPv6 by default 2018-11-28 18:52:10 +01:00
Victor SENE b5120953c6
nixos/roundcube: add roundcube module and default configuration 2018-11-28 18:52:08 +01:00
Léo Gaspard f161f02552
Merge branch 'pr-51043'
* pr-51043:
  nixos/urxvtd: remove socket activation
2018-11-29 00:50:01 +09:00
Brandon Black dacbd5a61a nixos/ntp: use upstream default restrictions to avoid DDoS (#50762)
Fixes #50732
2018-11-28 10:15:25 +00:00
Domen Kožar d04fedd715
postgresql: Enable systemd integration for 9.6+
This allows, finally, proper detection when postgresql is ready to
accept connections. Until now, it was possible that services depending
on postgresql would fail in a race condition trying to connect
to postgresql.
2018-11-27 19:16:21 +00:00
Jean-Philippe Braun cdacdc0686 nixos/kubernetes: allow to disable clusterCidr
Fix option type and set --allocate-node-cidr to false if no clusterCidr
is defined.
2018-11-26 16:36:30 +01:00
fishyfriend b34b39cab4 nixos/urxvtd: remove socket activation
This fixes #23193. urxvtd is not presently compatible with socket activation.
2018-11-25 15:25:19 -05:00
Silvan Mosberger b5f4f228d6
Merge pull request #51012 from griff/rspamd-proxy-type
nixos/rspamd: Allow worker type to be proxy again
2018-11-25 21:07:42 +01:00
Renaud 6a5fff3741
Merge pull request #51001 from c0bw3b/cleanup/more-https
Treewide: use more HTTPS-enabled sources
2018-11-25 16:22:34 +01:00
Brian Olsen 0d753af661
nixos/rspamd: Allow worker type to be proxy again
When reworking the rspamd workers I disallowed `proxy` as a type and
instead used `rspamd_proxy` which is the correct name for that worker
type. That change breaks peoples existing config and so I have made this
commit which allows `proxy` as a worker type again but makes it behave
as `rspamd_proxy` and prints a warning if you use it.
2018-11-25 16:03:34 +01:00
Franz Pletz c1d760f0bf
Merge pull request #50469 from mguentner/mxisd
mxisd: init at 1.2.0 plus service with test
2018-11-25 13:26:05 +00:00
Maximilian Güntner efae5d43ef
modules: add mxisd with test 2018-11-25 14:24:10 +01:00
Craig Younkins eff461c8ef treewide: systemd timeout arguments to use infinity instead of 0 (#50934)
Fixes https://github.com/NixOS/nixpkgs/issues/49700
2018-11-25 13:33:22 +01:00
c0bw3b 5e4ceba7bf nixos/mediawiki: fetch over https 2018-11-24 23:18:26 +01:00
c0bw3b c615b0504b nixos/flashpolicyd: fix url and use https 2018-11-24 23:13:09 +01:00
c0bw3b 434eab9955 nixos/systemhealth: fix url and use https 2018-11-24 23:07:30 +01:00
Joachim F e426613174
Merge pull request #50950 from jonasnick/nixos-tor-hiddenservice-version
nixos/tor: add HiddenServiceVersion option
2018-11-24 12:41:37 +00:00
Michael Raskin 5e159d463b
Merge pull request #49228 from Ekleog/rss2email-module
rss2email module: init
2018-11-23 22:30:29 +00:00
Jonas Nick 5640aa2814 nixos/tor: add HiddenServiceVersion option 2018-11-23 20:53:02 +00:00
Andreas Rammhold 51c3082119 nixos/prometheus: require one alertmanager configuration parameter
This commit adds an assertion that checks that either `configFile` or
`configuration` is configured for alertmanager. The alertmanager config
can not be an empty attributeset. The check executed with `amtool` fails
before the service even has the chance to start. We should probably not
allow a broken alertmanager configuration anyway.

This also introduces a test for alertmanager configuration that piggy
backs on the existing prometheus tests.
2018-11-23 19:45:17 +01:00
Andreas Rammhold b1032db5a9 nixos/prometheus: check alertmanager configuration 2018-11-23 19:45:17 +01:00
Andreas Rammhold d1ef00ebee nixos/prometheus: add package option to alertmanager 2018-11-23 19:45:17 +01:00
Jörg Thalheim d3aeed389c
Merge pull request #50641 from blaxill/firewallMerge
nixos/firewall: Always use global firewall.allowed rules
2018-11-23 11:42:16 +00:00
Ben Blaxill 308ab4ea25 Rename back to default and better release notes 2018-11-22 19:24:23 -05:00
Markus Kowalewski 25af518845
nixos/slurm: add extraConfigPaths options 2018-11-22 11:43:05 +01:00
Jörg Thalheim 769735d8a1
netdata: create missing /etc/netdata
Since netdata 1.11.0 updated in https://github.com/NixOS/nixpkgs/pull/50459
it needs to have a /etc/netdata directory, which we did not create by default.
fixes #50893
2018-11-21 23:00:04 +00:00
Matthew Bauer 75999d4e38
Merge pull request #41887 from gmarmstrong/fix/seahorse-update
nixos/seahorse: require gnome3.dconf
2018-11-21 15:15:32 -06:00
Ben Blaxill 32779b4c74 Refactor out the set operations 2018-11-20 21:29:33 -05:00
Markus Kowalewski ae93ed0f0d
nixos/slurm: set slurmd KillMode to process
The default of systemd is to kill the
the whole cgroup of a service. For slurmd
this means that all running jobs get killed
as well whenever the configuration is updated (and activated).

To avoid this behaviour we set "KillMode=process"
to kill only slurmd on reload. This is how
slurm configures the systemd service.

See:
https://bugs.schedmd.com/show_bug.cgi?id=2095#c24
508f866ea1
2018-11-20 22:26:42 +01:00