1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-23 22:20:51 +00:00
Commit graph

6500 commits

Author SHA1 Message Date
David McFarland 7deb425286 nixos: use pkgsi686Linux for pkgs_i686 (#24772) 2017-04-26 18:20:38 +02:00
Pascal Bach 846f36203c docker: pass all proxy variables to docker daemon
This makes things as noProxy work too.
2017-04-26 16:55:36 +02:00
Jörg Thalheim 9d3c118320
google-compute-image: append .raw.tar.gz suffix
This restores behavior of image generation before f1708a9d7d
2017-04-26 16:40:38 +02:00
Daniel Peebles 1ec8afdfdc Merge pull request #25197 from copumpkin/azure-image-common
azure-image: switch to use the common make-disk-image.nix
2017-04-25 17:18:08 -04:00
Tristan Helmich 50ad243f78
openvpn service: source up/down scripts
source the up/down scripts instead of executing them to avoid loosing
access to special variables like $1
2017-04-25 13:18:54 -04:00
Eelco Dolstra e4190943c8
nix: 1.11.8 -> 1.11.9 2017-04-25 17:19:10 +02:00
Maximilian Bosch baa3b3efff
programs.zsh.syntax-highlighting: refactor highlighters option for proper validation
Right now the `programs.zsh.syntax-highlighting.highlighters` option
lacks appropriate validation which can cause confusing things when
mistyping a higlighter for zsh-syntax-highlighting.
2017-04-25 16:00:26 +02:00
Edward Tjörnhammar 45470c65f5
nixos: static ids for jackett, radarr, sonarr 2017-04-25 12:08:21 +02:00
aszlig 72f2b506c7
nixos/grub: Add another example for extraEntries
Someone on IRC wanted to boot Fedora from another disk. While I'm not
too familiar with UEFI booting in conjunction with GRUB2 it took some
time to get it to work.

So in order to safe others from frustration I'm adding this as another
example to the extraEntries option.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2017-04-25 08:50:43 +02:00
Dan Peebles ee2cffbdb4 azure-image: switch to use the common make-disk-image.nix 2017-04-25 02:59:13 +00:00
Graham Christensen 3ab98d0971 Merge pull request #24999 from grahamc/qemu
qemu module: add virtualisation.cores option
2017-04-24 21:30:39 -04:00
Daniel Peebles f2d1aa05de Merge pull request #25165 from copumpkin/google-image-common
google-compute-image: switch to use the common make-disk-image.nix
2017-04-24 18:30:26 -04:00
Graham Christensen 4585fdb9d4
qemu module: add virtualisation.cores option
QEMU can allow guests to access more than one host core at a time.
Previously, this had to be done via ad-hoc arguments:

    virtualisation.qemu.options = ["-smp 12"];

Now you can simply specify:

    virtualisation.cores = 12;
2017-04-24 15:23:46 -04:00
Franz Pletz e74ea4282a
avahi service: add reflector option 2017-04-24 21:06:42 +02:00
Edward Tjörnhammar 0277345265
nixos, i2pd: remove, no longer needed, extip hack 2017-04-24 20:49:13 +02:00
Dan Peebles 9fae0f3f38 google-compute-image: switch to use the common make-disk-image.nix 2017-04-24 18:38:10 +00:00
Kirill 7a6738fefc Implement aria2 service for controlling a daemon via rpc. 2017-04-24 18:50:40 +03:00
aszlig 79e712822f
nixos/xserver: Document xrandrHeads.apply
It was asked by @CMCDragonkai to elaborate on that, so let's just do
this by actually providing a code comment.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2017-04-24 12:02:10 +02:00
aszlig 8266c89b55
nixos/xserver: Fix up/refactor xrandrHeads option
Using invalid module options in the submodule isn't very nice, because
it doesn't give very useful errors in case of type mismatch, also we
don't get descriptions of these options as they're effecively
nonexistent to the module system. Another downside of this is that
merging of these options isn't done correctly as well (eg. for
types.lines).

So we now have proper submodules for each xrandrHead and we also use
corcedTo in the type of xrandrHeads so that we can populate the
submodule's "output" option in case a plain string is defined for a list
item.

Instead of silently skipping multiple primary heads, we now have an
assertion, which displays a message and aborts configuration evaluation
appropriately.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2017-04-24 11:22:55 +02:00
Tad Fisher bf427b9bae ups: fix config generation 2017-04-23 21:35:48 -07:00
Dan Peebles f1708a9d7d make-disk-image: change to be less VM-centric
This changes much of the make-disk-image.nix logic (and thus most NixOS
image building) to use LKL to set up the target directory structure rather
than a Linux VM. The only work we still do in a VM is less IO-heavy stuff
that while still time-consuming, is less of the overall load. The goal is
to kill more of that stuff, but that will require deeper changes to NixOS
activation scripts and switch-to-configuration.pl, and I don't want to
bite off too much at once.
2017-04-24 02:30:00 +00:00
Maximilian Bosch 0a12aafde4 zsh-syntax-highlighting: Add more configuration options and move to module (#25153)
* programs.zsh: factor zsh-syntax-highlighting out into its own module

* programs.zsh.syntax-highlighting: add `highlighters` option

* programs.zsh: document BC break introduced by moving zsh-syntax-completion into its own module
2017-04-23 21:17:31 +02:00
aszlig 83e1400e0c
nixos/slim: Implement logging to journal
The main change here is a patch of SLiM to tread a log file of
/dev/stderr specially in that it now uses std::cerr instead of a file
for logging.

This allows us to set the logfile to stderr in NixOS for the generated
SLiM configuration file and we now get logging to the systemd journal.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2017-04-23 19:25:23 +02:00
Rodney Lorrimar ced172010a gogs service: add option for enabling "secure" cookies 2017-04-23 16:27:43 +01:00
William Casarin 35eeb08dc6 plex: fix startup issue
Fixes an issue with plex on startup

Fixes #24090
2017-04-23 08:26:18 -07:00
Rodney Lorrimar 0e90a05a52 gogs service: generate the secret key only once, then reuse 2017-04-23 15:05:44 +01:00
Maximilian Bosch 9ec64d2890 oh-my-zsh: add module (#25140)
* programs.zsh: add enableOhMyZsh option to automate setup of oh-my-zsh in global zshrc

* programs.zsh: make oh-my-zsh plugins configurable

* programs.zsh: add ohMyZshCustom option

* programs.zsh: add ohMyZshTheme option

* programs.zsh: applying minor fixes to evaluate expressions properly

* programs.zsh: fix ordering of oh-my-zsh config and execution

* programs.zsh: move all oh-my-zsh params into its own scope named programs.zsh.oh-my-zsh
2017-04-23 13:58:07 +02:00
Jörg Thalheim 44c3726dca
fcron: install systab
fixes #25072
2017-04-23 11:44:04 +02:00
Joachim Fasting 063ac40304
nixos: add a "hardened" profile
The idea is to provide a convenient way to enable most vanilla hardening
features in one go.  The hardened profile, then, will serve as a place for
features that enhance security but cannot be enabled for all deployments
because they interfere with legitimate use cases (e.g., using ptrace to
debug problems in an already running process).

Closes https://github.com/NixOS/nixpkgs/pull/24680
2017-04-23 11:00:52 +02:00
Michael Weiss e1244f6e8a Revert "display-manager: fix argument handling of sddm"
This reverts commit 6b7c5ba535.

Unfortunately it seems like this broke slim, lightdm and gdm (see #25068
and #23264). This is already reverted in the 17.03 branch (99dfb6d).

TODO: We need tests for slim and lightdm and fix the test for gdm
(failing since 2016-10-26) to prevent such breakage in the future.
2017-04-23 03:19:07 +02:00
Rodney Lorrimar cfa1faa37c gogs service: chmod 440 config file
Directory which contains the config file /var/lib/gogs already
has mode 700 but users are liable to change these things.
2017-04-22 17:51:04 +01:00
Rodney Lorrimar 79d52bc26c gogs service: don't copy database password to nix store
Relevant to #24288
2017-04-22 17:07:21 +01:00
Rodney Lorrimar 0c9512d263 gogs service: fix encoding of secret key
I was getting a secret key like this:

  [security]
  SECRET_KEY = 7X

Use coreutils base64 instead to get the full 256 bits of randomness.
2017-04-22 17:07:20 +01:00
Ismaïl Senhaji 9497aec292 Add Elantech ETPS/2 Trackpoint (ThinkPad Yoga 260) 2017-04-22 13:42:57 +02:00
Benno Fünfstück 855155083a Merge pull request #24755 from LumiGuide/bepasty-secretKeyFile
bepasty: add secretKeyFile option
2017-04-22 00:07:04 +02:00
Fernando J Pando 4ac06ea6a1 buildbot: 0.9.4 -> 0.9.5
- adds distro dependency
- buildbot nodaemon in service module
- fakerepo for module tests
- service module parameter fixup
- tested on nixos
- tested on darwin
2017-04-21 10:32:36 -04:00
Roger Qiu bb6a5b079f nixos/xserver: Changed xrandrHeads to support corresponding monitor section configuration in Xorg 2017-04-21 22:01:29 +10:00
Marius Bergmann 6572f5e81b keepalived service: init (#22755) 2017-04-20 12:50:59 +01:00
aszlig e662e035f9
nixos/systemd-boot-builder: Don't write .pyc files
This has surfaced since d990aa7163.

The "simpleUefiGummiboot" installer test fails since this commit,
because that commit introduced a small check to verify whether the store
was altered.

While installing NixOS for the first time, the store is usually in
/mnt/nix/store and without the read-only bind mount that's preventing
programs from altering the store.

So after nixos-install is done creating the system closure and setting
it as the active system profile, the bootloader is written from the
closure inside the chroot. The systemd-boot-builder is invoked during
this step, which adds .pyc files for various Python modules of the
Python 3 store path, which in turn invalidates the hash of the Python 3
store path itself.

At the time the system is booted up again, the nix-store is verified and
fails with something like this:

path /nix/store/zvm545rqc4d97caqq9h7344bnd06jhzb-python3-3.5.3 was
modified! expected hash
b2c975f4b8d197443fbb09690fb3f6545e165dd44c9309d7d6df2fce0579ebeb, got
bccca19f39c9d26d857ccf1fb72818b2b817967e6d497a25a1283e36ed0acf01

Running the interpreter with the -B argument prevents Python from
writing those byte code files:

https://docs.python.org/3/using/cmdline.html#cmdoption-B

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2017-04-20 00:37:02 +02:00
Benno Fünfstück 149656581d Merge pull request #24601 from pbogdan/unclutter
unclutter: Fix default value of $DISPLAY
2017-04-19 18:40:43 +02:00
Jörg Thalheim 8174b447a2 znapsend: do not spawn a shell in the service 2017-04-19 13:56:51 +02:00
Robin Stumm 725b84be18 znapzend service: fix reload 2017-04-19 01:05:55 +02:00
Jörg Thalheim b2ed3db94a Merge pull request #24962 from makefu/modules/command-not-found/refactor
Refactor command-not-found
2017-04-18 17:18:20 +02:00
Vladimír Čunát 91ad6b3597
Revert "grub module: fix efiInstallAsRemovable description"
This reverts commit c2b56626f1.
It broke creating the manual.  I suspect the descriptions are
auto-wrapped by <para> and </para>.

We've been through this already in 3af715af90.
/cc #24978, @zraexy, @Mic92.
2017-04-18 14:26:36 +02:00
Jörg Thalheim 6b7c5ba535
display-manager: fix argument handling of sddm
previously session type was not correctly set.

fixes #23264
2017-04-18 01:41:17 +02:00
zraexy c2b56626f1 grub module: fix efiInstallAsRemovable description 2017-04-17 14:45:56 -08:00
John Ericson 37e5e71fdf Merge pull request #24974 from Ericson2314/mapNullable
Introduce `mapNullable` into lib and use it in a few places
2017-04-17 17:12:14 -04:00
John Ericson 85aa5005af Introduce mapNullable into lib and use it in a few places
Also simply some configure flag logic my grep also alerted me too.
2017-04-17 17:04:04 -04:00
makefu 5a5db609e5
command-not-found: add options
add option to disable command-not-found as well as option to define dbPath.
Disabling this may remove the perl dependency for bash/zsh prompts
2017-04-17 16:48:47 +02:00
Daniel Peebles e9f1d8693a Merge pull request #23026 from copumpkin/nixos-install-wip
Refactor nixos-install to separate out filesystem build logic
2017-04-17 09:50:35 -04:00
Markus Mueller 5042e9d009
network-interfaces-scripted: Add static parameter for default gateway 2017-04-16 22:59:53 +02:00
Jörg Thalheim 002a2b479a Merge pull request #24486 from srp/master
slock needs suid privileges
2017-04-16 21:40:21 +02:00
Christian Kögler d2e46b9f70 dhcpcd service: clear exit code of exitHook (#24909)
* dhcpcd: clear exit code of exitHook

* dhcpcd: restart ntp server in oneshot in exit-hook
2017-04-16 20:10:44 +02:00
Jörg Thalheim 16f5bc07f8 Merge pull request #24948 from peterhoeg/m/bluetooth
bluetooth: use upstream's recommendation for enabling interfaces
2017-04-16 18:09:51 +02:00
Dan Peebles d990aa7163 Refactor nixos-install to separate out filesystem build logic
The key distinction I'm drawing is that there's a component that deals
with the store of the machine being built, and another component for
the store building it. The inner part of it assumes nothing from the
builder (doesn't need chroot or root powers) so it can run comfortably
inside a Nix build, as well as nixos-rebuild. I have some upcoming work
that will use that to significantly speed up and streamline image builds
for NixOS, especially on virtualized hosts like EC2, but it's also a
reasonable speedup on native hosts.
2017-04-16 16:09:41 +00:00
Joachim F 2db0cf0897 Merge pull request #24900 from pjones/pjones/plex-service
plex: Don't overwrite primary database on restart
2017-04-16 13:09:26 +01:00
Peter Hoeg 99d4ed5861 bluetooth: use upstream's recommendation for enabling interfaces
bluez no longer recommends spawning "hciconfig <device> up" from a udev rule as
the main bluez daemon now supports automatically enabling power for all devices.

Reference: http://www.bluez.org/release-of-bluez-5-35/
2017-04-16 16:57:11 +08:00
edef 27e750e29b etcd module: fix extraConf manual link 2017-04-16 00:26:23 +02:00
Jörg Thalheim b9d9083322
powertop: add module 2017-04-15 15:17:02 +02:00
Jaka Hudoklin a98c26cdc4 Merge pull request #24921 from peterhoeg/f/k8s
kubernetes: fix interpolation error and move services to own target
2017-04-15 10:43:25 +02:00
Peter Jones 5a50b26662
plex: Don't overwrite primary database on restart
This change fixes two major issues:

  1. If you don't use SIGQUIT to stop Plex it will corrupt its own
     database :(

  2. Newer versions of Plex keep metadata in the
     `com.plexapp.plugins.library.db` database.  This is the file that
     we copy into `/var/lib/plex/.skeleton`.  If we copy the empty
     database on top of this one the user will lose their entire
     library metadata.  This change skips the copy if the file
     already exists.
2017-04-14 11:19:29 -07:00
Vladimír Čunát 2090aa4f65
Merge: fixup a bad merge
For details see:
https://github.com/NixOS/nixpkgs/commit/24444513fb5#commitcomment-21767916
2017-04-14 19:11:17 +02:00
Thomas Tuegel 48b5b77bb7 Merge pull request #24813 from benley/nm-openvpn
nixos: Add nm-openvpn to the networkmanager group
2017-04-14 05:44:01 -05:00
Vladimír Čunát 5b3f807597
Merge #24179: openssh: 7.4p1 -> 7.5p1 2017-04-14 12:16:26 +02:00
Vladimír Čunát da20d0e488
murmur service: fix typos from #24830 2017-04-14 11:05:42 +02:00
Vladimír Čunát 24444513fb
Merge branch 'staging' 2017-04-14 10:32:13 +02:00
Daniel Peebles 09a9a472ee Merge pull request #24830 from mayflower/refactor/boolToString
treewide: use boolToString function
2017-04-13 09:45:31 -04:00
Peter Hoeg a3ee3b51d7 k8s: use slice and target for kubernetes 2017-04-13 19:32:10 +08:00
Peter Hoeg bf4be8f1dd k8s: convert int to string to avoid interpolation error 2017-04-13 19:31:43 +08:00
Jörg Thalheim 5ca7e8a69a
fcron: do not chmod at all
fcron does handle permissions on its own correctly
2017-04-13 12:28:19 +02:00
Jörg Thalheim 9223fde9f3 Merge pull request #24843 from mayflower/smokeping_service
smokeping service: restart on-failure
2017-04-13 11:27:28 +02:00
Domen Kožar 635822da82
nixos: escape brackets in systemd units
One day we should just whitelist instead of blacklist chars.

Fixes https://github.com/NixOS/nixops/issues/614
2017-04-12 15:56:26 +02:00
Tristan Helmich 13e9cc15f1 smokeping service: restart on-failure 2017-04-12 15:23:19 +02:00
Bjørn Forsman d916ce2ef4 nixos/lighttpd: set $HOME for gitweb sub-service
This allows gitweb to expand '~' in /etc/gitconfig. Without a $HOME
variable, it fails to list any projects and instead show the text
"No such projects found" in the UI.

Setting $HOME to the gitweb project root seems like a sensible value.
2017-04-11 22:54:31 +02:00
edanaher e3559c23c2 acme: Add "domain" option to separate domain from name
Fixes #24731.
2017-04-11 18:28:05 +02:00
Franz Pletz 3ab45f4b36
treewide: use boolToString function 2017-04-11 18:18:53 +02:00
Benjamin Staffin 47a5f9acee
nixos: Add nm-openvpn to the networkmanager group
This is to satisfy the polkit restriction limiting
org.freedesktop.NetworkManager.* dbus messages to members of that
group.

Should help with #24806
2017-04-10 22:41:55 -04:00
Aneesh Agrawal 8f4d778509 radicale: Add aneeshusa as maintainer 2017-04-10 20:04:17 -04:00
Aneesh Agrawal 769b991be6 openssh: 7.4p1 -> 7.5p1
Release notes are available at https://www.openssh.com/txt/release-7.5.
Mostly a bugfix release, no major backwards-incompatible changes.

Remove deprecated `UsePrivilegeSeparation` option,
which is now mandatory.
2017-04-10 19:39:22 -04:00
Nikolay Amiantov c8c340b05a tlp service: mask systemd-rfkill
Fixes #24737.
2017-04-11 02:09:29 +03:00
pajowu b70077f551 browserpass: switch build source to git HEAD
Precompiled version only supports linux64, git version should also support darwin
2017-04-10 23:45:41 +02:00
pajowu 857a3b872c browserpass: init at 1.0.2 2017-04-10 20:06:53 +02:00
Franz Pletz f1f9020224
crowd service: fix secure sso cookies
Crowd didn't detect a secure connection before.
2017-04-10 15:39:37 +02:00
Franz Pletz 4f0dd2f746
prometheus service: add scrapeConfigs.params option 2017-04-10 14:31:27 +02:00
Jörg Thalheim fa4eff9b52 Merge pull request #24360 from clefru/gce-image-shrink-on-master
Shrink GCE bootstrap image to minimum size, and auto-expand it to actual size on first boot.
2017-04-10 12:01:53 +02:00
pngwjpgh 773c456ef4 networkmanager: fix dispatcher scripts (#24507)
networkmanager used `source` to mean `text` and wrote dispatcher scripts with the default mode (0666), which means networkmanager wouldn't call them.
2017-04-09 13:14:04 +01:00
Timofei Kushnir 42e1314727 nixos: remove duplicate wrapperDir PATH addition (#24703) 2017-04-09 13:07:33 +01:00
Bas van Dijk 01a8de97eb avahi-daemon: refactored using some abstraction 2017-04-09 11:18:53 +02:00
Jörg Thalheim b4820d4948 Merge pull request #24645 from Mic92/stage-2
Stage-2 cleanup
2017-04-08 21:52:22 +02:00
Bas van Dijk ecf03368f8 bepasty: add secretKeyFile option
This gives users the option to store secrets outside the
world-readable Nix store.
2017-04-08 19:32:19 +02:00
Michael Raskin 861726579b Merge pull request #24008 from phile314/slimserver
slimserver: Init at 7.9.0 (pkg + module)
2017-04-08 17:43:41 +02:00
Jörg Thalheim cb6d1fdfd9 Merge pull request #24331 from LumiGuide/ssmtp-AuthPassFile
ssmtp: use the authPassFile option instead of authPass
2017-04-08 17:22:26 +02:00
Jörg Thalheim 21e3c2a72f
sstmp: document how to specify port/AuthPassFile 2017-04-08 17:20:18 +02:00
Thomas Tuegel 2214b638a7
nixos/fonts: install gyre-fonts by default
gyre-fonts provides high-quality TrueType substitutes for standard PostScript
fonts. Unlike most other distributions, NixOS does not install Ghostscript and
its Type 1 fonts by default, so we must get the standard fonts elsewhere.
2017-04-08 09:33:21 -05:00
Thomas Tuegel d0954b5494
nixos/fontconfig-ultimate: Restore presets
The `preset` option was accidentally removed.
2017-04-08 08:22:01 -05:00
Bas van Dijk 2030a91f58 cadviser: add storageDriverPasswordFile option
This gives users the option of storing the storageDriverPassword outside the
world-readable Nix store.
2017-04-08 14:15:18 +02:00
Aristid Breitkreuz 4ca22140d9 Merge pull request #24669 from gnidorah/master2
autorandr: 53d29f9 -> 855c18b and module
2017-04-08 12:17:57 +02:00
Sorin Iclanzan b41dd2fae0 nixos/compton: fixup option descriptions (#24724)
* Fix `fadeExclude` description.
* Fix typo in `shadowExclude`.
2017-04-08 05:04:55 +01:00
Peter Simons 67d735e8df Merge pull request #23409 from florianjacob/avahi-point-to-point-interfaces
avahi-daemon service: Add option to enable point-to-point interfaces.
2017-04-07 12:35:05 +02:00
Jaka Hudoklin 43880af56f Merge pull request #23135 from ljli/earlyoom-service-init
earlyoom service: init
2017-04-06 23:31:28 +02:00
Alexey Shmalko b8e71f2969 Merge pull request #24651 from edanaher/add-fvwm-window-manager
fvwm module: init; now fvwm can be used as an xserver.windowManager
2017-04-06 16:29:28 +03:00
0xABAB 58fbf4a44e nixos/filesystems: skip filesystem check for bindfs (#24671)
Bindfs (FUSE) provides a pseudo-filesystem and as such does not benefit from a file system check.
2017-04-06 12:35:25 +01:00
gnidorah ca733de964 autorandr: 53d29f9 -> 855c18b and module 2017-04-06 13:28:40 +03:00
Jörg Thalheim 62c79a1de8
stage-2: shellsheck recommendations 2017-04-05 21:40:57 +02:00
Jörg Thalheim e3f031b200
stage-2: reduce mkdir commands 2017-04-05 21:40:51 +02:00
Michael Weiss a6420e13a2 luksroot: Wait for the header (device) to appear
The LUKS header can be on another device (e.g. a USB stick). In my case
it can take up to two seconds until the partition on my USB stick is
available (i.e. the decryption fails without this patch). This will also
remove some redundancy by providing the shell function `wait_target` and
slightly improve the output (one "." per second and a success/failure
indication after 10 seconds instead of always printing "ok").
2017-04-05 20:39:03 +02:00
Evan Danaher 7a38b0858f fvwm module: init; now fvwm can be used as an xserver.windowManager 2017-04-05 11:12:46 -04:00
Jörg Thalheim a17344c2ad
stage-2: process options as first action
this way `set -x` is set early
2017-04-05 09:05:18 +02:00
Jörg Thalheim b42af25223
stage-2: replace readonly-mountpoint by findmnt 2017-04-05 09:05:18 +02:00
Jörg Thalheim a5ad8b4f69
stage-2: simplify exporting path 2017-04-05 09:05:13 +02:00
Profpatsch a1e6176cbf modules/searx: fix configFile type 2017-04-04 20:40:31 +02:00
Eelco Dolstra e84d5b23e1
Allow systemd-fsck@.service to find fsck.*
Fixes "fsck.ext4 doesn't exist, not checking file system on ...".
2017-04-04 18:17:05 +02:00
Eelco Dolstra de51ad6cd1
Don't restart systemd-fsck@ units
Restarting them is useless since the filesystem is already
checked. Worse, restarting them causes the filesystem to be unmounted.

Also remove an override for systemd-rkill@.service which no longer
exists.
2017-04-04 16:40:18 +02:00
Eelco Dolstra 01dbf03628
network-link-*.service: Set stopIfChanged = false
This reduces the time window during which IP addresses are gone during
switch-to-configuration. A complication is that with stopIfChanged =
true, preStop would try to delete the *new* IP addresses rather than
the old one (since the preStop script now runs after the switch to the
new configuration). So we now record the actually configured addresses
in /run/nixos/network/addresses/<interface>. This is more robust in
any case.

Issue https://github.com/NixOS/nixops/issues/640.
2017-04-04 15:13:49 +02:00
Eelco Dolstra 35dbcbb296
Fix eval error due to config.ec2.hvm 2017-04-04 13:49:13 +02:00
Eelco Dolstra 279565c3d6
Revert "Revert "EC2: Disable PV support""
This reverts commit 71710fd099.
2017-04-04 13:03:05 +02:00
Jörg Thalheim 847fdaaddc Merge pull request #24502 from Mic92/rtl8192su-firmware
rtl8192su-firmware: init at unstable-2016-10-05
2017-04-04 12:09:13 +02:00
Jörg Thalheim 71710fd099
Revert "EC2: Disable PV support"
This reverts commit fbe6d23624.

this breaks every non-ec2 (non-hvm) system

cc @edolstra
2017-04-04 12:05:21 +02:00
Piotr Bogdan c91c3209f3 unclutter: Fix default value of $DISPLAY 2017-04-03 18:41:11 +01:00
Eelco Dolstra 8cc3db6b67
Add 17.03 AMIs 2017-04-03 17:46:34 +02:00
Eelco Dolstra fbe6d23624
EC2: Disable PV support
Unfortunately, somewhere between 16.09 and 17.03, paravirtualized
instances stopped working. They hang at the pv-grub prompt
("grubdom>"). I tried reverting to a 4.4 kernel, reverting kernel
compression from xz to bzip2 (even though pv-grub is supposed to
support xz), and reverting the only change to initrd generation
(5a8147479e). Nothing worked so I'm
giving up.
2017-04-03 17:46:34 +02:00
Thomas Tuegel bd0163fc34
Merge branch 'fontconfig-penultimate' 2017-04-03 09:31:20 -05:00
Thomas Tuegel 89bfa112cf
fontconfig-penultimate: 0.2.1 -> 0.3.2 2017-04-03 09:26:19 -05:00
Thomas Tuegel 03942659ca
nixos/fontconfig: remove renderMonoTTFAsBitmap 2017-04-03 08:24:32 -05:00
Thomas Tuegel 21c9190a5f
nixos/fontconfig: remove forceAutohint option 2017-04-03 08:23:32 -05:00
Thomas Tuegel 7a78892c47
nixos/fontconfig: disable autohint by default 2017-04-03 08:22:03 -05:00
Alexey Shmalko fa4fe71105
docker: fix socket permissions
Docker socket is world writable. This means any user on the system is
able to invoke docker command. (Which is equal to having a root access
to the machine.)

This commit makes socket group-writable and owned by docker group.

Inspired by
https://github.com/docker/docker/blob/master/contrib/init/systemd/docker.socket
2017-04-03 09:05:37 -04:00
Shea Levy 3a26d09e15 initrd-ssh: Use initrd secrets for host keys 2017-04-02 16:33:37 -04:00
Shea Levy b09490a322 systemd-boot: Support initrd secrets 2017-04-02 16:33:37 -04:00
Shea Levy 59c0977300 Add facility to append secrets to the initrd 2017-04-02 16:33:37 -04:00
Niklas Hambüchen ee0f3e7ad9 acme: Use chown -R for challenges directory. Fixes #24529.
Commit 75f131da02 added
`chown 'nginx:nginx' '/var/lib/acme'` to the pre-start script,
but since it doesn't use `chown -R`, it is possible that there
are older existing subdirs (like `acme-challenge`)
that are owned to `root` from before that commit went it.
2017-04-01 15:22:01 +02:00
Eelco Dolstra 80b40fdf03
sshd.nix: Alternative fix for #19589
AFAICT, this issue only occurs when sshd is socket-activated. It turns
out that the preStart script's stdout and stderr are connected to the
socket, not just the main command's. So explicitly connect stderr to
the journal and redirect stdout to stderr.
2017-03-31 16:18:58 +02:00
Eelco Dolstra 4e79b0b075
Revert "sshd: separate key generation into another service"
This reverts commit 1a74eedd07. It
breaks NixOps, which expects that

  rm -f /etc/ssh/ssh_host_ed25519_key*
  systemctl restart sshd
  cat /etc/ssh/ssh_host_ed25519_key.pub

works.
2017-03-31 16:18:58 +02:00
Jörg Thalheim 50f7a7ca2e
rtl8192su-firmware: init at unstable-2016-10-05 2017-03-31 10:49:38 +02:00
Scott R. Parish 7138b55918
slock: needs the ability to be install with suid privileges 2017-03-30 14:36:53 -07:00
sternenseemann fd3a99633b 2bwm: init at 0.2 2017-03-30 19:21:27 +02:00
Robin Gloster 8a18e1f7f1
quagga service: disable 2017-03-30 16:23:33 +02:00
Robin Gloster a79891f6b2
sitecopy: remove 2017-03-30 12:06:09 +02:00
Eelco Dolstra a57bcd38b4
update-users-groups.pl: Keep track of deallocated UIDs/GIDs
When a user or group is revived, this allows it to be allocated the
UID/GID it had before.

A consequence is that UIDs and GIDs are no longer reused.

Fixes #24010.
2017-03-29 18:13:18 +02:00
romildo 2630e7384f qt5ct: add a nixos module to enable qt5ct
In order to use qt5ct (Qt5 Configuration Tool) to configure Qt5
settings (theme, font, icons, etc.) under DE/WM without Qt
integration, the environment variable QT_QPA_PLATFORMTHEME should be
set to "qt5ct".

It can be done automatically by this module, or by setting the
variable explicitly in the user or in the system configuration.
2017-03-29 06:17:23 -03:00
Bas van Dijk 1d52c677be ssmtp: use the authPassFile option instead of authPass
This gives users the option of storing the authPass outside the
world-readable Nix store.
2017-03-29 00:34:23 +02:00
Tim Steinbach eb70ae34b1 Merge pull request #24254 from bachp/gitlab-runner-9
Upgrade Gitlab Runner
2017-03-28 18:21:35 -04:00
Jörg Thalheim 36fca93290
rename iana_etc to iana-etc
fixes #23621
2017-03-28 22:35:15 +02:00
Pascal Bach 8373124202 gitlab-runner: make v1 runner available
gitlab-runner 9.0.0 is only compatible with gitlab >= 9.0
gitlab-runner1 1.11.1 is only compatible with gitlab < 9.4
2017-03-28 21:02:43 +02:00
Bas van Dijk 6f2eca1744 wordpress: replace the dbPassword option with dbPasswordFile (#24146)
We shouldn't force users to store passwords in the world-readable Nix store.
2017-03-28 17:38:16 +02:00
Clemens Fruhwirth 72ec884cc6 Make GCE image as small as possible and incorporate partition growing
when users of nixops specified a larger root disk via
deployment.gce.rootDiskSize

1GB is the smallest possible size as GCP doesn't support
fractions of GB for RAW images, see
https://cloud.google.com/compute/docs/images/import-existing-image#requirements
2017-03-27 17:41:42 +02:00
Robin Gloster d1228f95e9
Revert "Revert "gdm module: only make xserver args overrideable""
This reverts commit 4e57e7f7c6.

This actually broke gnome3 and didn't fix anything, I failed bisecting.
2017-03-27 17:20:56 +02:00
Franz Pletz 1b95985b71 Merge pull request #24148 from volth/libvirt-3.1.0
libvirt: 3.0.0 -> 3.1.0
2017-03-27 10:02:06 +02:00
Rodney Lorrimar db14ea3926 longview service: don't write passwords to nix store
Adds services.longview.{apiKeyFile,mysqlPasswordFile} options as
alternatives to apiKey and mysqlPassword, which still work, but are
deprecated with a warning message.

Related to #24288.
2017-03-26 23:06:42 +01:00
c74d a4ac5506f5 google-compute-image: fix Yama LSM option conflict
Having fixed the Google Compute Engine image build process's copying
of store paths in PR #24264, I ran `nixos-rebuild --upgrade switch`...
and the GCE image broke again, because it sets the NixOS configuration
option for the sysctl variable `kernel.yama.ptrace_scope` to
`mkDefault "1"`, i.e., with override priority 1000, and now the
`sysctl` module sets the same option to `mkDefault "0"` (this was
changed in commit 86721a5f78).

This patch raises the override priority of the Google Compute Engine
image configuration's definition of the Yama sysctl option to 500
(still lower than the priority of an unmodified option definition).

I have tested that this patch allows the Google Compute Engine image
to again build successfully for me.
2017-03-26 21:09:58 +02:00