1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-12-03 19:15:39 +00:00
Commit graph

14348 commits

Author SHA1 Message Date
Jan Tojnar 51dad85947
nixos/hamster: fix eval
Fixes

	error: The option value `meta.maintainers' in `nixos/modules/programs/hamster.nix' is not of type `list of maintainers'.
2020-06-18 16:22:13 +02:00
Jan Tojnar 33d79f110d
nixos/openldap: fix eval
Fixes

	error: The option value `meta.maintainers' in `nixos/modules/services/databases/openldap.nix' is not of type `list of maintainers'.
2020-06-18 16:20:20 +02:00
Lassulus 7dcb8dc239
Merge pull request #90144 from pbogdan/undervolt
nixos/undervolt: misc cleanups / fixes
2020-06-18 11:52:09 +02:00
WilliButz 57a3249994
Merge pull request #90662 from srhb/redis-exporter
prometheus-redis-exporter: init at 1.7.0
2020-06-18 11:25:23 +02:00
Sarah Brofeldt 344e64a4d9 nixos/prometheus-redis-exporter: init 2020-06-18 11:13:25 +02:00
rnhmjoj edc6a76cc0
nixos/documentation: add option to generate caches
Previously the NixOS-specific configuration for man-db was in the
package itself and /etc/man.conf was completely ignored.
This change moves it to /etc/man_db.conf, making declarative
configuration practical again.

It's now possible to generate the mandb caches for all packages
installed through NixOS `environment.systemPackages` at build-time.
The standard location for the stateful cache (/var/cache/man) is also
configured to allow users to run `mandb` manually if they wish.

Since generating the cache can be expensive the option is off by
default.
2020-06-18 10:17:04 +02:00
Cole Helbling 13e2c75c93
nixos/sudo: default rule should be first
In /etc/sudoers, the last-matched rule will override all
previously-matched rules. Thus, make the default rule show up first (but
still allow some wiggle room for a user to `mkBefore` it), before any
user-defined rules.
2020-06-17 17:48:51 -07:00
Maximilian Bosch 0510cbe849
Merge pull request #90646 from Ma27/matrix-maintainer-team
maintainers/teams: add matrix team
2020-06-18 00:23:55 +02:00
John Ericson 4044d81d5c IPFS NixOS module: Socket unit file more precise
The systemd socket unit files now more precisely track the IPFS
configuration, by including any multaddr they can make a `ListenStream`
for. (The daemon doesn't currently support anything which would use
`ListDatagram`, so we don't need to worry about that.)

The tests use some of these features.
2020-06-17 21:43:04 +00:00
lewo b20f9112d2
Merge pull request #89486 from Ma27/dovecot-mailboxes
nixos/dovecot2: turn `mailboxes`-option into an attr-set
2020-06-17 22:19:09 +02:00
Maximilian Bosch e826a6ce03
nixos/dovecot2: refactor mailboxes option
Specifying mailboxes as a list isn't a good approach since this makes it
impossible to override values. For backwards-compatibility, it's still
possible to declare a list of mailboxes, but a deprecation warning will
be shown.
2020-06-17 22:05:58 +02:00
Maximilian Bosch 650617253e
maintainers/teams: add matrix team 2020-06-17 21:55:29 +02:00
Pascal Bach f29063ff0b nixos/virtualbox-image: change graphics adapter to vmswga 2020-06-17 18:43:28 +02:00
Pascal Bach ec9792a3f5 nixos/virtualbox-guest: add vmware driver
VMSGVA is recommended by virtualbox for Linux clients.
Compared to VBoxVGA and VBoxSVGA it also supports 3D acceleration.

Adding the driver makes nixos work with all three supported graphics card
types.
2020-06-17 18:43:27 +02:00
Silvan Mosberger f03e85f703
Merge pull request #74589 from tmplt/fix-physlock
nixos/physlock: add suspend-then-hibernate to lockOn.suspend units
2020-06-17 18:06:52 +02:00
Michele Guerini Rocco 4ddf9b763b
Merge pull request #83171 from rnhmjoj/hash
nixos/users: validate password hashes
2020-06-17 17:25:34 +02:00
Lassulus 98cac435f3
Merge pull request #89814 from alexfmpe/patch-3
Fix typo
2020-06-17 16:22:27 +02:00
Maximilian Bosch fc179ef8a6
nixos/dovecot2: add autoexpunge setting
To automatically purge old email.

See also https://wiki.dovecot.org/MailboxSettings
2020-06-17 01:07:27 +02:00
tmplt 51e995cc05 nixos/physlock: add suspend-then-hibernate to suspend/hibernate units 2020-06-16 23:42:56 +02:00
Florian Klink d72530162a
Merge pull request #90604 from maralorn/systemd-oneshot-warning
nixos/systemd: Update warning for restarting oneshots
2020-06-16 23:35:22 +02:00
Jan Tojnar 75e756b8e1
Merge pull request #90051 from fabianhauser/hamster-time-tracker 2020-06-16 23:08:45 +02:00
Malte Brandy 0d4134de4a
nixos/systemd: Update warning for restarting oneshots
Restart= can be anything other than on-success and always for onehost units as of
10e72727ee
which is contained in systemd 245.
2020-06-16 22:10:12 +02:00
James Kay 912a58428c libinput: ensure that we only apply touchpad options to touchpads 2020-06-16 20:44:10 +01:00
Jörg Thalheim a9a5016644
Merge pull request #87833 from Izorkin/sandbox-mysql 2020-06-16 18:13:43 +01:00
Jan Tojnar 7c20a53506
Merge pull request #90539 from r-ryantm/auto-update/fwupd 2020-06-16 16:43:33 +02:00
Aaron Andersen b6108e021b
Merge pull request #89327 from mweinelt/go-neb-module
nixos/go-neb: init
2020-06-16 06:30:29 -04:00
Florian Klink ac7a5f3685
Merge pull request #90386 from danielfullmer/systemd-bootctl-update
nixos/systemd-boot: update bootloader if needed
2020-06-16 11:33:48 +02:00
Jan Tojnar 0f0bcec11c
fwupd: Add passthru consistency test
We need to keep the passthru.filesInstalledToEtc and passthru.defaultBlacklistedPlugins in sync with the package contents so let's add a test to enforce that.
2020-06-16 11:20:55 +02:00
Florian Klink 42b92250b9 nixos/systemd-boot: fix default boot entry selection
6cd12ebcfe
changed behaviour - now the "default" entry needs to identity an entry
with its full name, including the ".conf".

Reported-In: https://github.com/NixOS/nixpkgs/issues/86422
2020-06-15 20:22:45 -04:00
Daniel Fullmer 7e3519a7cf nixos/systemd-boot: update bootloader if needed 2020-06-15 20:22:45 -04:00
rnhmjoj 470ce4784e
nixos/users: validate password hashes 2020-06-15 20:08:36 +02:00
Florian Klink af3c1000a4
Merge pull request #90343 from flokli/hardware-u2f-remove
hardware/u2f: remove module
2020-06-15 17:53:47 +02:00
Arian van Putten cfd672a94d nixos/acme: Also fix ordering for apache 2020-06-15 11:05:00 +02:00
Arian van Putten 681cc105ce nixos/acme: Make sure nginx is running before certs are requested
This fixes https://github.com/NixOS/nixpkgs/issues/81842

We should probably also fix this for Apache, which recently also learned
to use ACME.
2020-06-15 11:04:59 +02:00
Matt Layher 562beabff3
nixos/corerad: use passAsFile while converting settings JSON to TOML
Signed-off-by: Matt Layher <mdlayher@gmail.com>
2020-06-14 13:30:17 -04:00
Silvan Mosberger 00e448172f
Merge pull request #89781 from mdlayher/mdl-corerad-settings 2020-06-14 16:48:54 +02:00
Matt Layher f1a4b100fd
nixos/corerad: add settings option to supersede configFile
Signed-off-by: Matt Layher <mdlayher@gmail.com>
2020-06-14 10:07:16 -04:00
Florian Klink 89c3e73dad hardware/u2f: remove module
udev gained native support to handle FIDO security tokens, so we don't
need a module which only added the now obsolete udev rules.

Fixes: https://github.com/NixOS/nixpkgs/issues/76482
2020-06-14 15:13:31 +02:00
eyjhb 7279428096
boot.initrd.luks.devices: add preOpenCommands and postOpenCommands 2020-06-14 12:03:00 +02:00
Peter Hoeg eb62c7edc8
Merge pull request #90261 from prusnak/installer-zstd-rm
images: remove original files when using zstd for compression
2020-06-14 10:39:10 +08:00
rnhmjoj e23c57c347
nixos/ncdns: init module 2020-06-14 01:09:33 +02:00
Pavol Rusnak 490fc040be
images: remove original files when using zstd for compression 2020-06-14 00:19:11 +02:00
Michele Guerini Rocco 1d924f0354
Merge pull request #89772 from rnhmjoj/dnschain
dnschain: remove
2020-06-13 13:37:02 +02:00
rnhmjoj 2e5019b92c
dnschain: remove package and NixOS module
The software is unmaintained since ~2014 and the package
can't be built anymore (issue #89205).
2020-06-13 12:33:31 +02:00
Arian van Putten 71a6d32c18 nixos/timesyncd: Make dbus-activatible
Upstream has this alias too; so that dbus activation works.
What I don't fully understand is why this would ever be useful given
this unit is already started way in early boot; even before dbus is up.
But lets just keep behaviour similar to upstream and then ask these
questions to upstream.
2020-06-13 12:23:45 +02:00
Arian van Putten cd1dedac67 nixos/networkd: Make activatible through dbus and netlink
With this systemd buffers netlink messages in early boot from the kernel
itself; and passes them on to networkd for processing once it's started.
Makes sure no routing messages are missed.

Also makes an alias so that dbus can activate this unit. Upstream has
this too.
2020-06-13 12:23:45 +02:00
Arian van Putten 0e18e5db99 nixos/resolved: Include dbus alias of resolved unit
This will make dbus socket activation for it work

When `systemd-resolved` is restarted; this would lead to unavailability
of DNS lookups.  You're supposed to use DBUS socket activation to buffer
resolved requests; such that restarts happen without downtime
2020-06-13 12:23:45 +02:00
John Ericson 1c4480e931
Merge pull request #90157 from obsidiansystems/socket-based-ipfs
Add socket-based IPFS support
2020-06-12 18:31:01 -04:00
Matthew Bauer 2c2f6c0b38 nixos/ipfs: only set listenstream when gateway/api is default 2020-06-12 17:15:34 -05:00
Matthew Bauer 982a17a48e nixos/ipfs: always expose sockets 2020-06-12 17:15:34 -05:00
Matthew Bauer fa06d8f961 nixos/ipfs: actually use upstream systemd units 2020-06-12 17:15:34 -05:00
Matthew Bauer b36ef706fb nixos/ipfs: add startWhenNeeded option
This makes it possible to only start IPFS when needed. So a user’s
IPFS daemon only starts when they actually use it.

A few important warnings though:

  - This probably shouldn’t be mixed with services.ipfs.autoMount
    since you want /ipfs and /ipns aren’t activated like this
  - ipfs.socket assumes that you are using ports 5001 and 8080 for the
    API and gateway respectively. We could do some parsing to figure
    out what is in apiAddress and gatewayAddress, but that’s kind of
    difficult given the nonstandard address format.
  - Apparently? this doesn’t work with the --api commands used in the tests.

Of course you can always start automatically with startWhenNeeded =
false, or just running ‘systemctl start ipfs.service’.

Tested with the following test (modified from tests/ipfs.nix):

  import ./make-test-python.nix ({ pkgs, ...} : {
    name = "ipfs";

    nodes.machine = { ... }: {
      services.ipfs = {
        enable = true;
        startWhenNeeded = true;
      };
    };

    testScript = ''
      start_all()

      machine.wait_until_succeeds("ipfs id")
      ipfs_hash = machine.succeed("echo fnord | ipfs add | awk '{ print $2 }'")

      machine.succeed(f"ipfs cat /ipfs/{ipfs_hash.strip()} | grep fnord")
    '';
  })

Fixes #90145

Update nixos/modules/services/network-filesystems/ipfs.nix

Co-authored-by: Florian Klink <flokli@flokli.de>
2020-06-12 17:15:27 -05:00
Jörg Thalheim 8df5edc153
Merge pull request #87178 from hax404/teeworlds-module-test
nixos/{modules,tests}/teeworlds: init
2020-06-12 19:52:06 +01:00
Maximilian Bosch 267b93da34
Merge pull request #89662 from aanderse/ssmtp
nixos/ssmtp: add settings option
2020-06-12 16:09:13 +02:00
Michele Guerini Rocco a2fd1ba544
Merge pull request #89159 from datafoo/fix-issue-89158
nixos/networking: check interface state files exist before acting on them
2020-06-12 15:31:57 +02:00
Aaron Andersen ad2330f642 nixos/ssmtp: drop authPass option in favor of authPassFile, or services.ssmtp.settings.AuthPass if absolutely required 2020-06-12 06:41:56 -04:00
Matthew Bauer c5f40198f3 nixos/ipfs: consolidate services into one ipfs.service
Previously we had three services for different config flavors. This is
confusing because only one instance of IPFS can run on a host / port
combination at once. So move all into ipfs.service, which contains the
configuration specified in services.ipfs.

Also remove the env wrapper and just use systemd env configuration.
2020-06-11 15:27:22 -05:00
Matthew Bauer 74ff433320 nixos/ipfs: remove unused auto migrate feature 2020-06-11 14:32:06 -05:00
Samuel Dionne-Riel 476c8e0754 sd-image-raspberrypi4: mount boot partition
This should have been done initially, as otherwise it gets awfully
awkward to boot into new generations by default.

This system-specific image wasn't expected to be long-lived, thus why it
didn't end up being polished much.

Reality shows us we may be stuck with it for a bit longer, so let's make
it easier to use for new users.
2020-06-11 14:41:18 -04:00
Samuel Dionne-Riel 34caab71bb sd-image: Make firmware partition name configurable
This will be helpful in the now too-long-lived image for the Raspberry
Pi 4. We'll be able to properly configure the partition to be useful.
2020-06-11 14:41:18 -04:00
Samuel Dionne-Riel 37e50ca635 raspberrypi-builder: ensure scripts fails on error
The way this ends up being called with the raspberry pi 4 image builder
ends up not using the `-e` from the shebang.

In turn, the builds fails during cross-compilation. The wrong coreutils
ends up being used, but this is not made apparent.

The issue I faced is already fixed on master, but this ensures no one
ends up with a failed build "succeeding".
2020-06-11 14:41:18 -04:00
adisbladis a5a52e8c73
Merge pull request #88718 from adisbladis/vmware-xorg-driver-defaults
services.x11.videoDrivers: Don't include vmware driver on non-x86 platforms
2020-06-11 19:03:24 +02:00
adisbladis 1a5dafcd5b
services.x11.videoDrivers: Don't include vmware driver by default
A better option for vmware guests is to set `virtualisation.vmware.guest.enable`.
2020-06-11 18:49:29 +02:00
Martin Milata 876bf3abc9 nixos/prometheus-lnd-exporter: init 2020-06-11 18:23:54 +02:00
Matthew Bauer 656783a3d1
Merge pull request #89540 from Patryk27/fixes/lxd-lxcfs
Fix `lxd`, so that it works with `lxcfs`
2020-06-11 10:49:40 -05:00
Matthew Bauer a4959d36ef
Merge pull request #90128 from vcunat/p/locales-priority
nixos i18n.supportedLocales: increase systemPackages priority
2020-06-11 10:44:35 -05:00
Piotr Bogdan afae933693 nixos/undervolt: simplify CLI args generation 2020-06-11 15:24:28 +01:00
Piotr Bogdan 24e0e05654 nixos/undervolt: use int type for numeric options 2020-06-11 15:24:28 +01:00
Piotr Bogdan f224b243db nixos/undervolt: fix up options' descriptions
The default `undervolt` package does not accept floating point numbers for any of its numeric
arguments. This also mentions in what units are the values expressed.
2020-06-11 15:24:28 +01:00
Piotr Bogdan 6fb11e5227 nixos/undervolt: add a warning for the enable option
Also use the convenience `mkEnableOption` function for simplicity.
2020-06-11 15:24:28 +01:00
WilliButz 3190ba12f7
Merge pull request #90077 from mdlayher/mdl-nixos-apcupsd
nixos/prometheus-apcupsd-exporter: new module
2020-06-11 15:23:33 +02:00
WilliButz 016a538f71
Merge pull request #89810 from mdlayher/mdl-keylight-exporter
prometheus-keylight-exporter: init at 0.1.1
2020-06-11 15:14:17 +02:00
Vladimír Čunát 92aa60918f
nixos i18n.supportedLocales: increase systemPackages priority
https://discourse.nixos.org/t/conflict-between-glibc-and-glibclocales-workaround-inside/7608
2020-06-11 10:22:20 +02:00
Matt Layher e45146d94b
nixos/prometheus-apcupsd-exporter: new module
Signed-off-by: Matt Layher <mdlayher@gmail.com>
2020-06-10 17:33:41 -04:00
Fabian Hauser 9c95e8150a hamster: init at 3.0.2 2020-06-10 22:05:18 +02:00
Jörg Thalheim 7a4ee350b0
Merge pull request #90027 from Mic92/redis
nixos/redis: add redis group
2020-06-10 19:02:15 +01:00
David Izquierdo f2d1568282 transmission: add libstdc++ and libgcc_s permissions to apparmor profile 2020-06-10 19:50:24 +02:00
Matt Layher e77426822f
nixos/prometheus-keylight-exporter: new module
Signed-off-by: Matt Layher <mdlayher@gmail.com>
2020-06-10 13:12:43 -04:00
Vladimír Čunát a5f5d020c6
Merge branch 'staging-next' 2020-06-10 16:13:48 +02:00
José Romildo Malaquias a421af29e4
nixos/opensmtpd: add a setgid wrapper for smtpctl (#89962)
The setgid is currently required for offline enqueuing, and
unfortunately smtpctl is currently not split from sendmail so there's
little running around it.
2020-06-10 15:08:36 +02:00
Izorkin eed170d9ab nixos/mysql: fix init databases on first start in sandbox mode 2020-06-10 12:38:42 +03:00
Izorkin a9d5f088b5 nixos/mysql: update tmpfiles rules 2020-06-10 12:38:42 +03:00
Izorkin df7e52814d nixos/mysql: enable sandbox mode 2020-06-10 12:38:40 +03:00
Jörg Thalheim 10acf9ae00
nixos/redis: add redis group 2020-06-10 08:58:34 +01:00
Vladimír Čunát 6e9bb30566
Merge branch 'master' into staging-next
In particular, this fixes ISO evaluation.
2020-06-10 09:41:53 +02:00
Peter Hoeg 5a0e9e63c7
Merge pull request #89457 from NixOS/f/pam_ordering
nixos/pam: mount encrypted home earlier
2020-06-10 10:12:21 +08:00
Jan Tojnar c637cbe992
Merge branch 'master' into staging-next 2020-06-10 04:10:34 +02:00
zimbatm 9494fdeeb3
Merge pull request #70327 from abbradar/synapse-plugins
Refactor Synapse plugins, add matrix-synapse-pam
2020-06-09 23:54:54 +02:00
zowoq fa607bc939 nixos/gnome3: nixos-artwork -> pkgs.nixos-artwork 2020-06-09 15:33:37 +10:00
Izorkin 1086ae52fb nixos/ssh: add crypto options 2020-06-08 22:10:36 +03:00
Alexandre Esteves 063043fa63
Fix typo 2020-06-08 16:47:46 +01:00
Frederik Rietdijk dc33419285 Merge master into staging-next 2020-06-08 12:06:12 +02:00
Florian Klink b56c66e7e8
Merge pull request #89762 from nlewo/nextcloud-oc_pass
nixos/nextcloud: preserve OC_PASS env variable in the occ wrapper
2020-06-08 10:57:49 +02:00
Florian Klink 3590f02e7d
Merge pull request #88574 from JJJollyjim/qemu-vm-qboot-opt
nixos/qemu-vm: add option to use qboot
2020-06-08 10:46:11 +02:00
Jamie McClymont 55912f3535 nixos/qemu-vm: add option to use a non-standard BIOS
I'd like to change the default on x86 platforms to qboot at some point, since it
saves a fair bit of startup time.
2020-06-08 11:21:53 +12:00
Antoine Eiche cb682317b0 nixos/nextcloud: preserve OC_PASS env variable in the occ wrapper
The OC_PASS environment variable can be used to create a user with
`occ user:add --password-from-env`. It is currently not possible to
use the `nextcloud-occ` to "non-interactively" create a user since
this variable is ignored by sudo.
2020-06-07 20:47:11 +02:00
worldofpeace d508591039
Merge pull request #86163 from worldofpeace/wallpaper-refactor
Gnome and Pantheon: install nixos wallpapers
2020-06-07 14:44:59 -04:00
Marek Mahut 7b9d7cc05d
Merge pull request #85947 from prusnak/images-zstd
Use zstd for ISO and SD images
2020-06-07 19:09:43 +02:00
Nadrieril e4f445008e
boot: fix order of arguments for hasPrefix (#89751) 2020-06-07 18:43:15 +02:00
Vojtěch Káně a5e6901702 traefik: unify TOML generation
As a side effect, the dynamic config file is now indented
2020-06-07 17:19:45 +02:00
Aaron Andersen 6394b12a07 nixos/ssmtp: add settings option 2020-06-07 10:28:22 -04:00
Frederik Rietdijk 6b8223e634 Merge master into staging-next 2020-06-07 09:25:12 +02:00
Georg Haas 6d1ca7db4a
nixos/{modules,tests}/teeworlds: init
add module and test
2020-06-06 17:06:23 +02:00
Janne Heß 644f9e74e7
nixos/freeswitch: Unit improvements and add fs_cli
This switches the unit to Restart=on-failure and switches the CPU policy
to fifo (the daemon tries to do that itself, but is denied permission).

Also add the package to $PATH to be able to use fs_cli easily.
2020-06-05 20:16:43 +02:00
Frederik Rietdijk 43f71029cc Merge master into staging-next 2020-06-05 19:40:53 +02:00
Jörg Thalheim 7048a817b2
Merge pull request #85418 from lopsided98/grub-initrd-secrets 2020-06-05 16:03:48 +01:00
Patryk Wychowaniec 6c6924b2eb
lxd: When lxcfs is enabled, start lxd with explicit LXD_LXC_TEMPLATE_CONFIG 2020-06-05 16:37:31 +02:00
Patryk Wychowaniec 72e80cdc54
lxd: Add proper support for nftables 2020-06-05 16:37:31 +02:00
Eelco Dolstra b00463d406
Merge pull request #89479 from edolstra/nix-2.4-completion
Don't enable nix-bash-completions when using Nix 2.4
2020-06-05 13:29:10 +02:00
Jörg Thalheim abb2f6038c
Merge pull request #89525 from Mic92/cgmanager 2020-06-05 11:46:42 +01:00
Florian Klink c055fc0319
Merge pull request #89510 from flokli/buildbot-pbPort
nixos/buildbot-master: fix typo in services.buildbot-master.bpPort
2020-06-05 11:50:25 +02:00
Jörg Thalheim 073d2fc4d5
cgmanager: remove
fixes #30023
2020-06-05 09:47:12 +01:00
Florian Klink 1fd972bd50 nixos/buildbot-master: fix typo in services.buildbot-master.bpPort
It's pbPort, and it's also a connection string, meaning
listen-on-localhost is also possible. Provide an alias for the old
option name, so old configs still work.
2020-06-05 01:29:03 +02:00
Ben Wolsieffer 14eceb5991 nixos/grub: support initrd secrets 2020-06-04 18:30:46 -04:00
Ben Wolsieffer 50a5e5597a nixos/stage-1: make boot.initrd.secrets appear in the manual 2020-06-04 17:53:29 -04:00
Frederik Rietdijk 08900c0554 Merge master into staging-next 2020-06-04 15:25:54 +02:00
Robin Gloster 79454f15ac
gitlab: 12.10.8 -> 13.0.3
https://about.gitlab.com/releases/2020/05/22/gitlab-13-0-released/
https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/
https://about.gitlab.com/releases/2020/05/29/gitlab-13-0-3-released/

The gitaly gitlab-shell config has moved into gitaly.toml. See
https://gitlab.com/gitlab-org/gitaly/-/issues/2182 for more info.
2020-06-04 14:32:39 +02:00
Eelco Dolstra bbfc47326b Don't enable nix-bash-completions when using Nix 2.4
2.4 has its own completion script which collides with
nix-bash-completions.
2020-06-04 14:18:18 +02:00
Peter Hoeg 66e040eaac nixos/pam: mount encrypted home earlier
This patch was done by curro:

The generated /etc/pam.d/* service files invoke the pam_systemd.so
session module before pam_mount.so, if both are enabled (e.g. via
security.pam.services.foo.startSession and
security.pam.services.foo.pamMount respectively).

This doesn't work in the most common scenario where the user's home
directory is stored in a pam-mounted encrypted volume (because systemd
will fail to access the user's systemd configuration).
2020-06-04 13:14:30 +08:00
Michael Weiss a448d9156b
Merge pull request #89407 from primeos/empty-hostname-fix
nixos: Allow empty hostnames again
2020-06-03 16:18:28 +02:00
Michael Weiss a6afdbb70b
nixos: Allow empty hostnames again
This fixes a regression from 993baa587c which requires
networking.hostName to be a valid DNS label [0].
Unfortunately we missed the fact that the hostnames may also be empty,
if the user wants to obtain it from a DHCP server. This is even required
by a few modules/images (e.g. Amazon EC2, Azure, and Google Compute).

[0]: https://github.com/NixOS/nixpkgs/pull/76542#issuecomment-638138666
2020-06-03 15:23:37 +02:00
Eelco Dolstra aef2bc1330
nix: 2.3.6 -> 2.3.6 2020-06-03 14:57:39 +02:00
Jörg Thalheim 4cbf76797e
Merge pull request #89337 from mweinelt/hass-yaml-fun 2020-06-03 11:19:03 +01:00
Symphorien Gibol 3dbd629fa4 ibus: fix installation of dconf database
Fixes this warning at ibus-daemon startup:

(ibus-dconf:15691): dconf-WARNING **: 21:49:24.018: unable to open file '/etc/dconf/db/ibus': Failed to open file ?/etc/dconf/db/ibus?: open() failed: No such file or directory; expect degraded performance
2020-06-02 22:32:03 +02:00
Martin Weinelt da6b277f96
nixos/home-assistant: allow arbitrary yaml functions 2020-06-02 15:51:35 +02:00
Martin Weinelt 642e9916c6
nixos/go-neb: init 2020-06-02 15:25:05 +02:00
Graham Christensen 4512cd1385
Merge pull request #60174 from exarkun/patch-2
Fix the rootPartitionUUID description
2020-06-02 08:54:51 -04:00
Jörg Thalheim 53d0dc6638
Merge pull request #51270 from aneeshusa/enable-setuid-wrapper-for-chsh
nixos/shadow: create setuid wrapper for chsh
2020-06-02 10:50:31 +01:00
Florian Klink 8a388c8296
Merge pull request #82258 from erikarvstedt/fix-xchg-caching
fix inconsistent caching of VM xchg dirs
2020-06-01 22:34:48 +02:00
Erik Arvstedt d85dc4f690
qemu-vm: fix inconsistent caching of xchg dirs
xchg is advertised as a bidirectional exchange dir, but file content
transfer from host to VM fails due to caching:
If a file is read in the VM and then modified on the host, subsequent
re-reads in the VM can yield old, cached data.
This is caused by the use of 9p's cache=loose mode that is explicitly
meant for read-only mounts.

9p doesn't provide any suitable cache modes, so fix this by disabling
caching.

Also, remove a now unnecessary sync in the test driver.
2020-06-01 21:55:33 +02:00
Lassulus 29062cec8d
Merge pull request #88744 from davidak/chromium-example
nixos/chromium: add example and update description
2020-06-01 18:24:01 +02:00
Florian Klink a2eccf3a30
Merge pull request #89274 from flokli/nscd-disable-positive-hosts-caching
nixos/nscd: set positive hosts caching ttl to 0
2020-06-01 17:24:02 +02:00
Maximilian Bosch 78ca0c506b
Merge pull request #89240 from jakobrs/formally-to-formerly
nixos/libvirtd: correct spelling
2020-06-01 17:14:54 +02:00
Notkea ab327b27a1
nixos/mautrix-telegram: add module (#63589) 2020-06-01 08:45:04 +00:00
Notkea 523743157a
matrix-appservice-discord: init at 0.5.2 (#62744)
* matrix-appservice-discord: init at 0.5.2

* nixos/matrix-appservice-discord: add module
2020-06-01 08:43:38 +00:00
Nikolay Amiantov cd92184f3d
matrix-synapse service: add plugins option 2020-06-01 10:30:22 +02:00
Florian Klink 09244cbd98 nixos/nscd: set positive hosts caching ttl to 0
This effectively disables nscd's built-in hosts cache, which turns out
to be erratic in some cases.

We only use nscd these days as a more ABI-neutral NSS dispatcher
mechanism.

Local caching should still be possible with local resolvers in
/etc/resolv.conf (via the `dns` NSS module), or without local resolvers
via systemd-networkd (via the `resolve` nss module)

We don't set enable-cache to no due to
https://github.com/NixOS/nixpkgs/pull/50316#discussion_r241035226.
2020-06-01 01:12:43 +02:00
Mario Rodas c9d9ba0f7b
Merge pull request #83307 from servalcatty/fix/v2ray-check
nixos/v2ray: check v2ray config during the build time
2020-05-31 16:32:03 -05:00
Florian Klink 09a7612cbe
Merge pull request #88434 from pstch/patch-2
nixos/haproxy: add reloading support, use upstream service hardening
2020-05-31 23:11:44 +02:00
Hugo Geoffroy c784d3ab76 nixos/haproxy: add reloading support, use upstream service hardening
Refactor the systemd service definition for the haproxy reverse proxy,
using the upstream systemd service definition. This allows the service
to be reloaded on changes, preserving existing server state, and adds
some hardening options.
2020-05-31 22:35:27 +02:00
Florian Klink 4cd605f3ca
Merge pull request #62671 from kfiz/networking-proxy_arp-fix
tasks/network-interfaces.nix: Enable ip_forwarding for ipv4 and p…
2020-05-31 22:22:49 +02:00
Florian Klink 414e1c6305
Merge pull request #88887 from mweinelt/vsftpd
vsftpd: listen on both address families
2020-05-31 16:34:01 +02:00
jakobrs 3052b4eafb
nixos/libvirtd: correct spelling
formally -> formerly
2020-05-31 08:38:09 +02:00
Robin Gloster b64205d164
Merge pull request #85293 from petabyteboy/feature/gitlab-12-9-x
gitlab: 12.8.10 -> 12.10.6
2020-05-31 06:10:29 +02:00
Edmund Wu 180d1d37b2
nixos/kvmgt: allow multiple uuids on same mdev 2020-05-30 12:13:54 -04:00
datafoo 8f16f66b27 nixos/networking: check interface state files exist before acting on them
Fix #89158
2020-05-29 12:20:06 +02:00
Frederik Rietdijk 03de4c02fb Merge staging-next into staging 2020-05-28 22:05:36 +02:00
José Romildo Malaquias 6b227dd56f
Merge pull request #89040 from romildo/upd.deepin-screenshot
deepin.deepin-screenshot: remove (has been archived upstream)
2020-05-28 09:30:14 -03:00
Peter Hoeg ad0df8414e
Merge pull request #88942 from peterhoeg/m/kde_ddc
powerdevil: add DDC support
2020-05-28 19:14:51 +08:00
Michele Guerini Rocco c18ee4cfa0
Merge pull request #89044 from joachimschmidt557/rethinkdb-enable-option
nixos/rethinkdb: refactor enable option
2020-05-28 10:03:24 +02:00
Michele Guerini Rocco 429f976089
Merge pull request #87812 from joachimschmidt557/mysql-enable-option
nixos/mysql: refactor enable option
2020-05-28 10:02:25 +02:00
joachimschmidt557 2059f44af0 nixos/rethinkdb: refactor enable option 2020-05-27 21:36:31 +02:00
José Romildo Malaquias b5bc39f7ab deepin.deepin-screenshot: remove (has been archived upstream)
It has been deprecated (migrated to deepin-screen-recorder after v20).
2020-05-27 15:06:27 -03:00
Michele Guerini Rocco a4f9e8bf68
Merge pull request #85900 from rnhmjoj/dnscrypt
nixos/dnscrypt-wrapper: use dnscrypt-proxy1
2020-05-27 19:52:53 +02:00
Eelco Dolstra e8896deced
nix: 2.3.4 -> 2.3.5 2020-05-27 16:48:28 +02:00
Frederik Rietdijk 362d88c2b1 Merge staging-next into staging 2020-05-27 15:27:28 +02:00
Marek Mahut 8f1c621b4e Merge pull request #88881 from mmahut/ergo
ergo: init at 3.2.5
2020-05-27 11:34:24 +02:00
José Romildo Malaquias d6a534937d
Merge pull request #88791 from romildo/upd.lumina
nixos/lumina: use xsession provided
2020-05-26 20:44:06 -03:00
José Romildo Malaquias d4fc8a16a2
Merge pull request #88603 from romildo/upd.enlightenment
enlightenment.enlightenment: 0.23.1 -> 0.24.0, cleanup and fixes
2020-05-26 20:43:00 -03:00
Marek Mahut fdc48e5c7e nixos/ergo: init 2020-05-26 21:47:31 +02:00
Peter Hoeg a3aec35383 nixos/plasma: support setting brightness via DDC 2020-05-26 22:28:15 +08:00
Doro Rose 5d3a72f683 networking-interfaces.nix: remove broken NDP bits from proxyARP
The `networking.interfaces.<name?>.proxyARP` option previously mentioned it would also enable IPv6 forwarding and `proxy_ndp`.

However, the `proxy_ndp` option was never actually set (the non-existing `net.ipv6.conf.proxy_arp` sysctl was set
instead). In addition `proxy_ndp` also needs individual entries for each ip to proxy for.

Proxy ARP and Proxy NDP are two different concepts, and enabling the latter
should be a conscious decision.

This commit removes the broken NDP support, and disables explicitly
enabling IPv6 forwarding (which is the default in most cases anyways)

Fixes #62339.
2020-05-26 00:53:10 +02:00
Martin Weinelt c18fae4a35 vsftpd: listen on both address families 2020-05-25 20:14:20 +02:00
José Romildo Malaquias f78e757cf3 nixos/lumina: use xsession provided 2020-05-25 12:16:48 -03:00
oxalica fe3e52c291
earlyoom: patch absolute dbus path and make nixos module up to date (#88443)
* earlyoom: patch absolute path of dbus-send

* nixos/earlyoom: replace `notificationsCommand` with `enableNotification`

* nixos/earlyoom: setup `systembus-notify` when `enableNotification`
2020-05-25 10:13:55 -05:00
zowoq 2689dfaa08 nixos/cri-o: default to upstream pause 2020-05-25 12:27:49 +02:00
zowoq eeff166faa nixos/cri-o: add runtime option 2020-05-25 12:27:49 +02:00
zowoq 9e7fbc6f2c nixos/cri-o, cri-o: add wrapper 2020-05-25 12:27:49 +02:00
Jan Tojnar 0af23b05ab
Merge pull request #75435 from Elyhaka/fprintd 2020-05-25 12:22:48 +02:00
Florian Klink 921a4ec9c1
Merge pull request #76542 from primeos/etc-hosts-fqdn-fix
nixos/networking: Add the FQDN and hostname to /etc/hosts
2020-05-25 22:57:24 +02:00
Michael Weiss 993baa587c
nixos: Require networking.hostName to be a valid DNS label
This also means that the hostname must not contain the domain name part
anymore (i.e. must not be a FQDN).
See RFC 1035 [0], "man 5 hostname", or the kernel documentation [1].
Note: For legacy reasons we also allow underscores inside of the label
but this is not recommended and intentionally left undocumented.

[0]: https://tools.ietf.org/html/rfc1035
[1]: https://www.kernel.org/doc/html/latest/admin-guide/sysctl/kernel.html#domainname-hostname

Co-authored-by: zimbatm <zimbatm@zimbatm.com>
2020-05-25 18:13:39 +02:00
Michael Weiss 234d95a6fc
nixos/networking: Add the FQDN and hostname to /etc/hosts
This fixes the output of "hostname --fqdn" (previously the domain name
was not appended). Additionally it's now possible to use the FQDN.

This works by unconditionally adding two entries to /etc/hosts:
127.0.0.1 localhost
::1 localhost

These are the first two entries and therefore gethostbyaddr() will
always resolve "127.0.0.1" and "::1" back to "localhost" [0].
This works because nscd (or rather the nss-files module) returns the
first matching row from /etc/hosts (and ignores the rest).

The FQDN and hostname entries are appended later to /etc/hosts, e.g.:
127.0.0.2 nixos-unstable.test.tld nixos-unstable
::1 nixos-unstable.test.tld nixos-unstable
Note: We use 127.0.0.2 here to follow nss-myhostname (systemd) as close
as possible. This has the advantage that 127.0.0.2 can be resolved back
to the FQDN but also the drawback that applications that only listen to
127.0.0.1 (and not additionally ::1) cannot be reached via the FQDN.
If you would like this to work you can use the following configuration:
```nix
networking.hosts."127.0.0.1" = [
  "${config.networking.hostName}.${config.networking.domain}"
  config.networking.hostName
];
```

Therefore gethostbyname() resolves "nixos-unstable" to the FQDN
(canonical name): "nixos-unstable.test.tld".

Advantages over the previous behaviour:
- The FQDN will now also be resolved correctly (the entry was missing).
- E.g. the command "hostname --fqdn" will now work as expected.
Drawbacks:
- Overrides entries form the DNS (an issue if e.g. $FQDN should resolve
  to the public IP address instead of 127.0.0.1)
  - Note: This was already partly an issue as there's an entry for
    $HOSTNAME (without the domain part) that resolves to
    127.0.1.1 (!= 127.0.0.1).
- Unknown (could potentially cause other unexpected issues, but special
  care was taken).

[0]: Some applications do apparently depend on this behaviour (see
c578924) and this is typically the expected behaviour.

Co-authored-by: Florian Klink <flokli@flokli.de>
2020-05-25 14:06:25 +02:00
Michele Guerini Rocco 379690ba90
Merge pull request #85539 from rnhmjoj/breezy
treewide: replace bazaar with breezy
2020-05-25 09:37:14 +02:00
rnhmjoj aee614c996
treewide: replace bazaar with breezy 2020-05-25 09:22:54 +02:00
rnhmjoj 743eea4c5f
nixos/dnscrypt-wrapper: make provider keys configurable 2020-05-25 09:16:23 +02:00
rnhmjoj fd3727a313
nixos/dnscrypt-wrapper: use dnscrypt-proxy1 2020-05-25 09:16:23 +02:00
Sascha Grunert 6653328aef cri-o: update module configuration
- Update the default pause image
- Set the cgroup manager to systemd
- Enable `manage_ns_lifecycle` instead of the deprecated
  `manage_network_ns_lifecycle` option

Signed-off-by: Sascha Grunert <sgrunert@suse.com>
2020-05-25 02:24:57 +02:00
davidak 297c265113 nixos/chromium: add example and update description 2020-05-24 21:39:44 +02:00
Florian Klink 73b4ea16f7
Merge pull request #88725 from aanderse/modem-manager
nixos/networkmanager: apply --filter-policy=STRICT to modemmanager service
2020-05-24 19:44:15 +02:00
Kim Lindberger 825e20ff46
Merge pull request #82753 from Kloenk/feature/engelsystem
engelsystem: init at 3.1.0
2020-05-24 16:31:23 +02:00
Finn Behrens fc4d6f4215
nixos/engelsystem: init 2020-05-24 15:44:04 +02:00
markuskowa ff88568673
Merge pull request #87934 from gnidorah/cde
nixos/cde: add extraPackages option
2020-05-24 15:16:43 +02:00
gnidorah 3f20aa9468 nixos/cde: add extraPackages option 2020-05-24 15:59:49 +03:00
Aaron Andersen a036bae1fc
Merge pull request #83287 from iv-nn/add-rtorrent-service
nixos/rtorrent: add service
2020-05-24 08:14:41 -04:00
Philipp Bartsch 2827491c23 nixos/usbguard: update systemd sandboxing features
Apply upstream systemd service configuration options to improve
sandboxing.
2020-05-24 10:36:07 +02:00
José Romildo Malaquias fa8bd535fc enlightenment.enlightenment: fix setuid wrappers 2020-05-24 00:22:53 -03:00
José Romildo Malaquias 182f587c2f nixos/enlightenment: add ephoto and rage 2020-05-24 00:22:53 -03:00
José Romildo Malaquias 9c6322258a nixos/enlightenment: remove some themes and xauth
- E already comes with a default icon theme
- There are already the gtk default Adwaita themes for gtk2, gtk3 and icons
- Remove gnome-icon-theme (from old gtk2)
- Remove tango-icon-theme
- Remove xauth (used by kdesu), as kdesu is not a componnent of E. If
  really needed it should be added in the system configuration.
2020-05-24 00:22:53 -03:00
José Romildo Malaquias b1676e5a96 nixos/enlightenment: no need to explicitly set XDG_MENU_PREFIX
It is already set in the source code upstream.
2020-05-24 00:22:53 -03:00
José Romildo Malaquias 5a73d925ca nixos/enlightenment: use display manager session packages 2020-05-24 00:22:53 -03:00
ivann 67178ebe23
nixos/rtorrent: add service 2020-05-24 03:12:32 +02:00
Aaron Andersen 563a3f5a81 nixos/networkmanager: apply --filter-policy=STRICT to modemmanager service 2020-05-23 20:49:13 -04:00
Frederik Rietdijk 8a77c900dd Merge staging-next into staging 2020-05-23 10:25:19 +02:00
Florian Klink 93ff93d539
Merge pull request #88607 from flokli/udev-rules-run-current-system-systemd
nixos/udev: support /run/current-system/systemd in udevRules
2020-05-22 17:10:51 +02:00
Florian Klink d64d42e023 nixos/udev: support /run/current-system/systemd in udevRules
https://github.com/NixOS/nixpkgs/pull/88492 flipped some references to
systemctl from config.systemd.package to /run/current-system/systemd/,
which udevRules obviously isn't able resolve.

If we encounter such references, replace them with
config.systemd.package before doing the check.
2020-05-22 14:43:58 +02:00
Florian Klink cfb4d0dfe3
Merge pull request #84032 from teto/fix_kernel_merge
Fix kernel configuration merge
2020-05-22 13:32:22 +02:00
David Terry 8724c96e71 nixos/bazarr: init 2020-05-22 11:23:31 +02:00
Lassulus 79f41b296c
Merge pull request #81104 from bb2020/transmission
nixos/transmission: fix startup directory creation
2020-05-22 11:23:17 +02:00
Lassulus d84d8e802e
Merge pull request #79175 from helsinki-systems/init/sogo
sogo: init at 4.3.2
2020-05-22 11:04:39 +02:00
Florian Klink 822918df4c nixos/scripted-networking: use udev to configure link MACAddress and MTUBytes
The `network-link-${i.name}` units raced with other things trying to
configure the interface, or ran before the interface was available.

Instead of running our own set of shell scripts on boot, and hoping
they're executed at the right time, we can make use of udev to configure
the interface *while they appear*, by providing `.link` files in
/etc/systemd/network/*.link to set MACAddress and MTUBytes.

This doesn't require networkd to be enabled, and is populated properly
on non-networkd systems since
https://github.com/NixOS/nixpkgs/pull/82941.

This continues clean-up work done in
https://github.com/NixOS/nixpkgs/pull/85170 for the scripted networking
stack.

The only leftover part of the `network-link-${i.name}` unit (bringing
the interface up) is moved to the beginning of the
`network-addresses-${i.name}` unit.

Fixes: https://github.com/NixOS/nixpkgs/issues/74471
Closes: https://github.com/NixOS/nixpkgs/pull/87116
2020-05-22 10:58:00 +02:00