1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-23 06:01:15 +00:00
Commit graph

12009 commits

Author SHA1 Message Date
worldofpeace 416f057bc3
Merge pull request #68213 from worldofpeace/ead/fix
nixos/iwd: add tmpfiles rule for ead service
2019-09-07 03:40:06 -04:00
adisbladis b3a06f10d1 iso-image-kde: Disable synaptics
It's been deprecated since 17.09 and libinput is a better default
2019-09-07 03:30:45 -04:00
worldofpeace 93e5683353
Merge pull request #68182 from worldofpeace/chrome-gnome-shell
nixos/gnome3: enable chrome-gnome-shelll
2019-09-07 03:13:22 -04:00
Marek Mahut af9c515c8b nixos/jormungandr: adding RUST_BACKTRACE until service is stable 2019-09-07 08:31:28 +02:00
worldofpeace e49049493a
Merge pull request #68233 from worldofpeace/plasma5-enable-libinput
nixos/plasma5: enable libinput
2019-09-06 19:23:28 -04:00
worldofpeace 466f5e5346 nixos/plasma5: enable libinput 2019-09-06 19:18:52 -04:00
worldofpeace 4e89375846
Merge pull request #67917 from worldofpeace/lightdm-pam-gnome-keyring
nixos/lightdm: fix pam rules
2019-09-06 18:50:07 -04:00
worldofpeace 0c602541a3 nixos/lightdm: fix pam rules
Rules are a translation of what's done in the
GDM module and adjustments based of looking at
Arch Linux's configuration and upstream's.

A side effect of this change is that gnome-keyring
and kwallet modules should work as expected when in-
cluded.

Fixes #64259 #62045
2019-09-06 18:22:22 -04:00
Frederik Rietdijk 66bc7fc1b3 Merge master into staging-next 2019-09-06 22:46:05 +02:00
WilliButz bb62066225
nixos/prometheus: remove prometheus1 module, rename prometheus2
Prometheus 1 is no longer supported, instead 'services.prometheus'
now configures the Prometheus 2 service.
2019-09-06 21:55:23 +02:00
worldofpeace b9d9045d57 nixos/cupsd: passwordless admin for wheel with polkit 2019-09-06 13:51:38 -04:00
Nikolay Amiantov daa9ea2987 murmur service: fix typo in description 2019-09-06 20:29:20 +03:00
worldofpeace 5d4890b58d
Merge pull request #67585 from worldofpeace/system-config-printer
nixos/system-config-printer: init
2019-09-06 12:08:23 -04:00
worldofpeace 998f59ccda nixos/mate: enable system-config-printer
After some research this should be installed as a program
in Mate or Cinnamon.
2019-09-06 12:06:32 -04:00
worldofpeace 335b8c65c7 nixos/plasma5: use system-config-printer module 2019-09-06 12:06:32 -04:00
worldofpeace 146532b272 nixos/xfce4-14: use system-config-printer module 2019-09-06 12:06:32 -04:00
worldofpeace 2fe7bd3ab3 nixos/gnome3: use system-config-printer module 2019-09-06 12:06:32 -04:00
worldofpeace 6b99ec2dbe nixos/pantheon: use system-config-printer module 2019-09-06 12:06:32 -04:00
Silvan Mosberger cd9f199c2b
Merge pull request #68210 from ivan/nixos-railcar-string
nixos/railcar: remove use of the deprecated string type
2019-09-06 17:42:50 +02:00
worldofpeace 3722f1d20e nixos/iwd: add tmpfiles rule for ead service
This is needed for the wired service ead.service.
(in ReadWritePaths)
2019-09-06 11:32:55 -04:00
talyz 240649a510 nixos/gitlab: Extract arbitrary secrets from extraConfig
Adds the ability to make any parameter specified in extraConfig secret
by defining it an attrset containing the attr _secret, which in turn
is a path to a file containing the actual secret.
2019-09-06 16:57:23 +02:00
talyz b351454cac nixos/gitlab: Use postgresql module options to provision local db
Use the postgresql module to provision a local db (if
databaseCreateLocally is true) instead of doing this locally.

Switch to using the local unix socket for db connections by default;
this is needed since dbs created by the postgresql module only support
peer authentication.

Instead of running the rake tasks db:schema:load, db:migrate and
db:seed_fu, run gitlab:db:configure, which in turn runs these tasks
when needed.

Solves issue #53852 for gitlab.
2019-09-06 16:56:20 +02:00
Jan Tojnar f9237f3152
Merge branch 'master' into staging-next 2019-09-06 16:55:11 +02:00
talyz cbdf94c0f3 nixos/gitlab: Add support for storing secrets in files
Add support for storing secrets in files outside the nix store, since
files in the nix store are world-readable and secrets therefore can't
be stored safely there.

The old string options are kept, since they can potentially be handy
for testing purposes, but their descriptions now state that they
shouldn't be used in production. The manual section is updated to use
the file options rather than the string options and the tests now test
both.
2019-09-06 16:54:22 +02:00
Ivan Kozik 5a03f90525 nixos/railcar: remove use of the deprecated string type
This fixes the warning being emitted by nixos-rebuild switch:

building Nix...
building the system configuration...
trace: warning: types.string is deprecated because it quietly concatenates strings

It started emitting a warning in #66346.
2019-09-06 14:53:11 +00:00
worldofpeace 792444af84 nixos/system-config-printer: init 2019-09-06 09:40:17 -04:00
adisbladis a3032415f7
kibana5: Remove EOL package 2019-09-06 14:30:49 +01:00
adisbladis 4e30b30a65
logstash5: Remove EOL package 2019-09-06 14:22:15 +01:00
talyz 7648b4f8ba nixos/gitlab: Fix missing ca_file for SMTP
Work around upstream issue #790 by explicitly referencing the
ca-certificates.crt file.
2019-09-06 10:17:31 +02:00
worldofpeace ca5ec234ce nixos/gnome3: enable chrome-gnome-shelll 2019-09-05 23:10:09 -04:00
worldofpeace 2f14615ddc nixos/chrome-gnome-shell: enable in firefox 2019-09-05 23:07:59 -04:00
Jan Tojnar cdf426488b
Merge branch 'master' into staging-next
Fixed trivial conflicts caused by removing rec.
2019-09-06 03:20:09 +02:00
Jan Tojnar ed54a5b51d
Merge branch 'gtk-no-plus' 2019-09-06 02:57:51 +02:00
Jan Tojnar 72e7d569a7
tree-wide: s/GTK+/GTK/g
GTK was renamed.
2019-09-06 02:54:53 +02:00
Craige McWhirter 169cb996c5 postgresql: improve identMap description
This patch provides example usage for identMap based upon PostrgeSQL documentation

@thoughtpolice
2019-09-05 12:28:21 -05:00
Sarah Brofeldt 11e72e547d
Merge pull request #67563 from johanot/kubernetes-1.15-withmodulerevert
kubernetes: 1.14.3 -> 1.15.3

Also reverts the module systemd dependencies
2019-09-05 07:34:11 +02:00
Katharina Fey 589c156869 nixos/railcar: small style changes 2019-09-04 22:46:42 +00:00
Katharina Fey 8f7da8ce0b nixos/railcar: init 2019-09-04 22:46:42 +00:00
Eelco Dolstra 37e333af9a
nix: 2.2.2 -> 2.3 2019-09-04 21:36:49 +02:00
Silvan Mosberger 7ff619f440
Merge pull request #68015 from aanderse/zookeeper
nixos/zookeeper: recursively set permissions and ownership on dataDir
2019-09-04 19:00:49 +02:00
Andrew Childs 5501274b5f amazon-image.nix: add EFI support, enable by default for aarch64 2019-09-05 00:52:17 +09:00
Johan Thomsen d891283aa4 nixos/kubernetes: make module compatible with v1.15.x 2019-09-04 17:38:41 +02:00
Johan Thomsen 00975b5628 Revert "Merge pull request #56789 from mayflower/upstream-k8s-refactor"
This reverts commit 7dc6e77bc2, reversing
changes made to bce47ea9d5.

Motivation for the revert in #67563
2019-09-04 17:37:02 +02:00
Johan Thomsen fb22d67fa7 ceph: 13.2.4 -> 14.2.1
* remove kinetic
* release note
* add johanot as maintainer

nixos/ceph: create option for mgr_module_path
  - since the upstream default is no longer correct in v14

* fix module, default location for libexec has changed
* ceph: fix test
2019-09-04 16:17:18 +02:00
Kristoffer 85baedaca3 ceph: 12.2.7 -> 13.2.4
* maintain only one version
* ceph-client: init
* include ceph-volume python tool in output

nixos/ceph: extraConfig, fix test, wait for ceph-mgr to become active

* run ceph with disk group permission
* add extraConfig option for the global section
needed per cluster
* clear up how ceph.conf is generated
* fix ceph testcase
2019-09-04 16:01:42 +02:00
Peter Hoeg 5eef8c231a
Merge pull request #68094 from peterhoeg/f/darkhttp
nixos/darkhttpd: fix package reference
2019-09-04 17:08:14 +08:00
Vladimír Čunát 4aad2947f8
Merge branch 'master' into staging-next 2019-09-04 11:00:56 +02:00
Silvan Mosberger ce944b4bde
Merge pull request #64552 from evanjs/feature/openrazer-2.3.1
openrazer: init at 2.6.0
2019-09-03 19:14:58 +02:00
Aaron Andersen b54a120a82 nixos/zookeeper: recursively set permissions and ownership on dataDir 2019-09-03 11:57:57 -04:00
Silvan Mosberger ad13ebe029
Merge pull request #55510 from florianjacob/declarative-printers
nixos/printers: declarative configuration
2019-09-03 17:46:53 +02:00
Averell Dalton 1ced270258 blueman: add module for new systemd services 2019-09-03 10:26:54 +02:00
worldofpeace 0c52651bb7
Merge pull request #67935 from jtojnar/gnome-fixes
gnome3.gvfs: fix eval with allowAliases = false
2019-09-02 22:14:30 -04:00
Jan Tojnar fa03881954
gnome3.glib-networking: replace with alias
Since we moved gsettings-desktop-schemas to top-level, gnome3.glib-networking was the same as glib-networking.
We could try to make the top-level variant not depend on gsettings-desktop-schemas again but that is probably
pointless, as the dependency is rather small compared to things like libproxy. Instead, we will just drop
the package in gnome3 attr set and always rely on the top-level expression.
2019-09-03 03:48:06 +02:00
Nikolay Amiantov 0a29a2e37c syncplay module: init 2019-09-03 00:30:12 +02:00
Vladimír Čunát f21211ebfe
Merge branch 'master' into staging 2019-09-02 23:25:24 +02:00
Andreas Rammhold 4e60699fa7
Merge pull request #67858 from flokli/local-fs-target-services
nixos: remove dependencies on local-fs.target
2019-09-02 09:16:41 +02:00
worldofpeace b1326ffc81 nixos/pantheon: add onboard
It's used as an on-screen keyboard.
Hopefully in future they can ship their native app [0]

[0]: https://github.com/elementary/keyboard
2019-09-02 00:15:30 -04:00
Samuel Dionne-Riel 8a530a0bab
Merge pull request #67895 from lopsided98/sd-image-clone-config
sd-image: don't use installer.cloneConfig option that is not imported
2019-09-01 22:16:48 -04:00
worldofpeace 9b13731b72
Merge pull request #67522 from worldofpeace/gnome3/harmonize-defaults
Harmonize Gnome3 Defaults
2019-09-01 18:33:00 -04:00
adisbladis f140dfb161
nixos/desktop-managers/xterm: Disable by default
It's a confusing default for some display managers that will default
to it even when you have defined another display manager.
2019-09-01 22:17:35 +01:00
Maximilian Bosch d8d759bb90
Merge pull request #67877 from WilliButz/fix/67874
nixos/prometheus-exporters: fix user generation
2019-09-01 21:15:35 +02:00
Ben Wolsieffer 9e5aa25c53 sd-image: don't use installer.cloneConfig option that is not imported
This once again allows sd-image.nix to imported standalone to build SD images
of arbitrary NixOS systems.
2019-09-01 14:15:33 -04:00
Florian Klink f74735c9d7 nixos: remove dependencies on local-fs.target
Since https://github.com/NixOS/nixpkgs/pull/61321, local-fs.target is
part of sysinit.target again, meaning units without
DefaultDependencies=no will automatically depend on it, and the manual
set dependencies can be dropped.
2019-09-01 19:06:38 +02:00
Florian Klink 7f42adf7a2
Merge pull request #67848 from flokli/google-compute-config-units
google-compute-config.nix: fix comments, update google-*.service units, fix paths in gce
2019-09-01 19:04:06 +02:00
Florian Klink 8e7c47bf9e
Merge pull request #67888 from aanderse/deluge
nixos/deluge: fix directory creation errors
2019-09-01 19:03:20 +02:00
Aaron Andersen c6b3ed4bfc nixos/deluge: fix directory creation errors 2019-09-01 10:20:42 -04:00
Florian Jacob 18a5d23b55 nixos/printers: declarative configuration 2019-09-01 15:38:30 +02:00
Florian Klink ff2fd6c4e5 nixos/redis: unbreak module
The redis module currently fails to start up, most likely due to running
a chown as non-root in preStart.

While at it, I hardcoded it to use systemd's StateDirectory and
DynamicUser to manage directory permissions, removed the unused
appendOnlyFilename option, and the pidFile option.

We properly tell redis now it's daemonized, and it'll use notify support
to signal readiness.
2019-09-01 14:08:42 +02:00
WilliButz 7786d0718c
nixos/prometheus-exporters: fix user generation 2019-09-01 12:51:39 +02:00
worldofpeace d64d6c520e
Merge pull request #67473 from worldofpeace/wingpanel/fix-network-indicator
nixos/pantheon: fix launching nm-applet components
2019-09-01 04:36:06 -04:00
worldofpeace 83d60f72ae
Merge pull request #67667 from jtojnar/default-emoji
nixos/fontconfig: Allow setting default emoji font
2019-09-01 03:58:27 -04:00
Peter Simons fa49f7ce6b nixos/redis: drop unnecessary dependencies from systemd unit 2019-09-01 09:04:11 +02:00
Peter Simons 0808f5ad1d
Merge pull request #67768 from peti/t/redis
nixos/redis: disable transparent huge pages (TLP) before starting Redis
2019-09-01 08:49:25 +02:00
Jan Tojnar eafe887671 nixos/fonts.enableDefaultFonts: add Noto Emoji
These days, emoji are ubiqitous so we need to add emoji font.
2019-09-01 00:09:25 -04:00
Jan Tojnar b31c7e527e nixos/fontconfig: Allow setting default emoji font
In fontconfig’s 60-generic.conf, order of preference is estabilished for emoji
font family. Because fontconfig parses the config files in lexicographic order,
appending each <prefer> from <alias> element to the family’s prefer list
(to be prepended before the family) [1], our font family defaults stored
in 52-nixos-default-fonts.conf will take precedence. That is, of course, unless
the default „weak“ binding [2] is used. Emoji family binds strongly [3],
so we need to set binding to “same” for our <alias>es to be considered before
the ones from 60-generic.conf.

By default, we will set the option to all emoji fonts supported by fontconfig,
so that emoji works for user if they have at least one emoji font installed.
If they have multiple emoji fonts installed, we will use the fontconfig’s
order of preference [4].

[1]: https://github.com/bohoomil/fontconfig-ultimate/issues/51#issuecomment-64678322
[2]: https://www.freedesktop.org/software/fontconfig/fontconfig-user.html#AEN25
[3]: cc8442dec8
[4]: c41c922018
2019-09-01 00:09:25 -04:00
Aaron Andersen 3ee1adcf6e
Merge pull request #67818 from xvapx/remove/crashplan
Remove/crashplan
2019-08-31 21:47:27 -04:00
Marti Serra d3de35967a crashplan, crashplan-small-business: remove pkg and module 2019-09-01 03:25:19 +02:00
Florian Klink e95d4c734a google-compute-config.nix: use sysctl snippets from gce
We make them available at ${gce}/sysctl.d and add them to
environments.etc, like we do with the systemd ones.
2019-09-01 02:55:28 +02:00
Florian Klink d658dd4ce0 google-compute-config.nix: add coreutils to google-instance-setup's $PATH
It executes bin/google_set_multiqueue which will execute basename
2019-09-01 01:23:18 +02:00
Florian Klink 106a1fe265 google-compute-config: sync with upstream units
With local-fs.target part of sysinit.target
(https://github.com/NixOS/nixpkgs/pull/61321), we don't need to add it
explicitly to certain units anymore, and can change dependencies like
they are in other distros (I picked from Google's official CentOS 7
image here).

Like them, use StandardOutput=journal+console to pipe google-*.service
output to the serial console as well.
2019-08-31 22:49:29 +02:00
Florian Klink a811437e6e google-compute-config.nix: update comment about ssh login
also move OS Login next to it, for better understandability
2019-08-31 22:49:29 +02:00
Florian Klink bbb525d541 google-compute-config: remove amazon pv-grub comment 2019-08-31 22:49:29 +02:00
Silvan Mosberger 478e7184f8
nixos/modules: Remove all usages of types.string
And replace them with a more appropriate type

Also fix up some minor module problems along the way
2019-08-31 18:19:00 +02:00
Frederik Rietdijk 98ef78326d Merge staging-next into staging 2019-08-31 18:07:33 +02:00
Frederik Rietdijk 69d58ee245
Merge pull request #66822 from NixOS/staging-next
Staging next
2019-08-31 18:05:43 +02:00
Aaron Andersen 58163e633b
Merge pull request #62954 from abbradar/auditd
auditd service: make more useful
2019-08-31 12:04:59 -04:00
Frederik Rietdijk 96e5474329 Merge master into staging-next 2019-08-31 18:04:31 +02:00
Silvan Mosberger 4727a40be9
Merge pull request #65283 from averelld/add-x2goserver-module
Add x2goserver module
2019-08-31 17:49:41 +02:00
Aaron Andersen 5858a3693e
Merge pull request #67758 from etu/init-usbtop
usbtop: init at 1.0
2019-08-31 09:48:23 -04:00
Samuel Leathers 4b515cf6ef
Merge remote-tracking branch 'upstream/master' into staging-next
* upstream/master:
  vimPlugins: update (#67823)
  mattermost-desktop: 4.2.0 -> 4.2.3 (#67717)
  lightspark: init at 0.8.1 (#67425)
  anki: 2.1.11 -> 2.1.14 (#67738)
  nixos/{namecoind,bitcoind}: removing the altcoin prefix
  rust-cbindgen: 0.8.7 -> 0.9.0
2019-08-31 06:53:44 -04:00
Marek Mahut 3059cd038c
Merge pull request #67777 from mmahut/altcoins
nixos/{namecoind,bitcoind}: removing the altcoin prefix
2019-08-31 10:33:44 +02:00
Marek Mahut 74d7ce4248 nixos/{namecoind,bitcoind}: removing the altcoin prefix 2019-08-31 10:15:03 +02:00
Frederik Rietdijk ad1d58c622 Merge staging-next into staging 2019-08-31 10:04:20 +02:00
Frederik Rietdijk fc74ba8291 Merge master into staging-next 2019-08-31 09:50:38 +02:00
Florian Klink 4e586dea50
Merge pull request #63773 from flokli/installation-device-fixes
installation-device.nix: explain sshd usage, don't include clone-config
2019-08-31 02:59:23 +02:00
worldofpeace 7820be7a8f nixos/gnome3: additions to core-shell
Adds:

- gnome-color-manager
- services.avahi
  It appears that GeoClue requires its daemon and IIRC has
  been default enabled in other distros for a while.
- orca
  It's the default screen-reader.
2019-08-30 20:42:01 -04:00
worldofpeace dcbad82b28 nixos/gnome3: cleanup core-utilities
core-utilities is meant to be the base utilities for a GNOME system.

The following are removed and the gnome3 module will no longer include:
- accerciser
- gnome-nettool
- gnome-power-manager
- gucharmap
- nautilus-sendto
  See https://gitlab.gnome.org/GNOME/gnome-build-meta/merge_requests/246
- gnome-usage
- vinagre
- gnome-documents
  See https://gitlab.gnome.org/GNOME/gnome-build-meta/merge_requests/157
- dconf-editor
- gnome-todo
- gnome-tweaks
- evolution

The following were added:
- cheese
- geary
2019-08-30 20:42:01 -04:00
worldofpeace 90319d5e33 nixos/seahorse: move to programs 2019-08-30 20:42:01 -04:00
worldofpeace 0d220e4ed6 nixos/fontconfig-penultimate: disable by default
It currently lacks an emoji font-family which means it has to be
disabled for them to function [0].  Additionally it's fallen out of
necessity to ship custom font rendering settings (as far as I'm aware
of).

[0]: https://github.com/NixOS/nixpkgs/pull/67215
2019-08-30 19:50:30 -04:00
Evan Stoll e9b167bef4 nixos/hardware/openrazer: init at 2.6.0 2019-08-30 17:22:53 -04:00
Averell Dalton f0d23b6343 x2goserver: add module 2019-08-30 19:54:12 +02:00
Elis Hirwing aacf9235d8
nixos/usbtop: Add module to install usbtop and to enable kernel module 2019-08-30 18:54:33 +02:00
Peter Simons eedf3dc6e2 nixos/mailman: decouple the mailman module from the postfix module
https://github.com/NixOS/nixpkgs/pull/67708#discussion_r319579987 suggested
that simply appending the necessary maps to the appropriate attributes in
services.postfix.config gets the job done; we don't special support in the
postfix module to accomplish that.
2019-08-30 18:44:47 +02:00
adisbladis f7b5be81a8
Merge pull request #66301 from adisbladis/emacspackages-deprecated-drop
emacs-packages: Drop deprecated package sets
2019-08-30 17:18:20 +01:00
Peter Simons afd448a9fa nixos/redis: disable transparent huge pages (TLP) before starting Redis 2019-08-30 18:10:06 +02:00
Peter Simons 6b87772ca4 nixos/mailman: don't reserve a static uid in the system
Any system uid will do, so we let the system allocate
one for us. The 'mailman' group is gone entirely since
we don't need it. Users who wish to run the 'mailman'
administration utility can do so via 'sudo':

    $ sudo -u mailman mailman info

Also, simplify the syntax of our user.users entry to
rely on an attribute set rather than a list.
2019-08-30 18:00:36 +02:00
worldofpeace da456aff25
Merge pull request #67702 from mweinelt/pr/fwupd-cfg.package
nixos/fwupd: add package option
2019-08-30 11:54:42 -04:00
adisbladis 41d1b8fa88
emacsPackages: Drop old emacsPackages (non-NG) sets
These have been deprecated for a long time now and has not seen much maintenance.
2019-08-30 16:43:16 +01:00
Peter Simons 28dee92fff nixos/redis: move 'redis_init.service' into the preStart hook of 'redis.service' 2019-08-30 15:39:50 +02:00
Peter Simons 5a81797119 nixos/mailman: cosmetic 2019-08-30 15:38:43 +02:00
Peter Simons 4eaf714454
Merge pull request #67708 from peti/t/mailman
NixOS module for GNU Mailman Core
2019-08-30 10:27:40 +02:00
worldofpeace 2f7d0993b7
Merge pull request #67363 from worldofpeace/dbus-datadir
dbus: don't make datadir /etc, set runstatedir to /run
2019-08-29 19:46:51 -04:00
Vika 844200a06f
nixos/bash: Improve Emacs detection for PS1
That's one of my itches - when I'm sshing from Emacs' term to a NixOS
machine, it doesn't detect that I'm running emacs and showing a title
escape sequence. This commit fixes it, checking against $TERM to
prevent this from ever bothering anyone again.
2019-08-30 00:28:57 +03:00
Martin Weinelt af1c07b679 nixos/fwupd: add package option 2019-08-29 20:45:22 +02:00
Peter Simons c1c1ce7221 mailman: add NixOS module to install and deploy the mailing list server 2019-08-29 20:29:35 +02:00
Arian van Putten 604b7c139f Fix letsencrypt (#60219)
* nixos/acme: Fix ordering of cert requests

When subsequent certificates would be added, they would
not wake up nginx correctly due to target units only being triggered
once. We now added more fine-grained systemd dependencies to make sure
nginx always is aware of new certificates and doesn't restart too early
resulting in a crash.

Furthermore, the acme module has been refactored. Mostly to get
rid of the deprecated PermissionStartOnly systemd options which were
deprecated. Below is a summary of changes made.

* Use SERVICE_RESULT to determine status
This was added in systemd v232. we don't have to keep track
of the EXITCODE ourselves anymore.

* Add regression test for requesting mutliple domains

* Deprecate 'directory' option
We now use systemd's StateDirectory option to manage
create and permissions of the acme state directory.

* The webroot is created using a systemd.tmpfiles.rules rule
instead of the preStart script.

* Depend on certs directly

By getting rid of the target units, we make sure ordering
is correct in the case that you add new certs after already
having deployed some.

Reason it broke before:  acme-certificates.target would
be in active state, and if you then add a new cert, it
would still be active and hence nginx would restart
without even requesting a new cert. Not good!  We
make the dependencies more fine-grained now. this should fix that

* Remove activationDelay option

It complicated the code a lot, and is rather arbitrary. What if
your activation script takes more than activationDelay seconds?

Instead, one should use systemd dependencies to make sure some
action happens before setting the certificate live.

e.g. If you want to wait until your cert is published in DNS DANE /
TLSA, you could create a unit that blocks until it appears in DNS:

```
RequiredBy=acme-${cert}.service
After=acme-${cert}.service
ExecStart=publish-wait-for-dns-script
```
2019-08-29 16:32:59 +02:00
Florian Klink 132a8382b0
Merge pull request #66922 from davidak/netdata_enableCgroupAccounting
netdata: enable cgroup accounting
2019-08-29 11:56:57 +02:00
Jaka Hudoklin 8d1510abfb
Merge pull request #67606 from endocrimes/r-vault-1.2.2
vault: 1.0.2 -> 1.2.2
2019-08-29 07:07:09 +00:00
Pascal Bach 02ed974bba nixos/gitlab-runner: add missing HOME to environment (#67450)
Gitlab runner fails to start if HOME is not set.
2019-08-28 20:27:28 +00:00
Danielle Lancashire 4b99f9ba0b
vault: add raft backend to vault service 2019-08-28 18:42:18 +02:00
Silvan Mosberger 6233291d95
Merge pull request #64738 from rnhmjoj/magnetico
magnetico: init package and service
2019-08-28 18:39:21 +02:00
Silvan Mosberger fb7611a496
Merge pull request #65661 from davidak/containers
nixos-containers: add TimeoutStartSec option
2019-08-28 18:37:30 +02:00
Matthew Bauer b8f9e09ad1
Merge pull request #67260 from pstch/fix/xsession-allow-session-choice
nixos/x11: provide selected session to custom session
2019-08-28 11:07:19 -04:00
Hugo Geoffroy a23798e478 nixos/x11: provide selected session to custom session
The custom session script is always executed (when it exists). This change
passes the selected session script and select session name to the custom session
script, so that it can defer to the selected session script based on the value
of the selected session name.
2019-08-28 16:58:12 +02:00
davidak eba686ddfa nixos-containers: add TimeoutStartSec option
Default is now 1m instead of global default of 15sec. It is also
configurable.

Fixes issue where start of many containers (40+) fail
https://github.com/NixOS/nixpkgs/issues/65001
2019-08-28 14:54:51 +02:00
rnhmjoj 182830f542
nixos/magnetico: init service 2019-08-28 14:19:24 +02:00
volth 08f68313a4 treewide: remove redundant rec 2019-08-28 11:07:32 +00:00
Linus Heckemann 5e2f89bbce
Merge pull request #67394 from Ma27/drop-keys.target-dependency
nixos/treewide: drop dependencies to `keys.target`
2019-08-28 12:01:22 +02:00
Peter Hoeg 73701a7a05
Merge pull request #67487 from dasJ/suspend-then-hibernate
nixos/systemd: Add suspend-then-hibernate units
2019-08-28 17:29:17 +08:00
Frederik Rietdijk 5061fe0c2c Merge staging-next into staging 2019-08-28 08:26:42 +02:00
worldofpeace 27a4afefbe
Merge pull request #66859 from worldofpeace/xfce4-14-module
nixos/xfce4-14: init
2019-08-27 22:37:03 -04:00
Peter Hoeg 33bf2acc5e nixos/darkhttpd: fix package reference 2019-08-28 09:04:58 +08:00
Eelco Dolstra 35c1c170d7 nix.conf: Set sandbox-fallback = false
For security, we don't want the sandbox to be disabled silently.
2019-08-27 21:17:20 +02:00
worldofpeace 156f335161
Merge pull request #67549 from worldofpeace/gnome-control-center/fix-sharing
Fix sharing in gnome-control-center
2019-08-27 14:28:15 -04:00
Maximilian Bosch 56a7bc05e1
nixos/treewide: drop dependencies to keys.target
The `keys.target` is used to indicate whether all NixOps keys were
successfully uploaded on an unattended reboot. However this can cause
startup issues e.g. with NixOS containers (see #67265) and can block
boots even though this might not be needed (e.g. with a dovecot2
instance running that doesn't need any of the NixOps keys).

As described in the NixOps manual[1], dependencies to keys should be
defined like this now:

``` nix
{
  systemd.services.myservice = {
    after = [ "secret-key.service" ];
    wants = [ "secret-key.service" ];
  };
}
```

However I'd leave the issue open until it's discussed whether or not to
keep `keys.target` in `nixpkgs`.

[1] https://nixos.org/nixops/manual/#idm140737322342384
2019-08-27 18:55:55 +02:00
Matthew Bauer 4081bec5ac
zsh: remove unfunction on TERM=dumb
Unfortunately this gives an error when precmd or preexec exists. Removing to avoid that.
2019-08-27 11:00:58 -04:00
Frederik Rietdijk 98640fd482 Merge master into staging-next 2019-08-27 16:36:47 +02:00
Marek Mahut b40ee82685
Merge pull request #67556 from mmahut/matomo
nixos/matomo: fixing the configuration path
2019-08-27 16:13:34 +02:00
rnhmjoj 05ddde928d
nixos/dnschain: disable DNSSEC for namecoin TLDs 2019-08-27 14:42:06 +02:00
Silvan Mosberger 210756a450
nixos/pdns-recursor: implement a settings option (#67251)
nixos/pdns-recursor: implement a `settings` option
2019-08-27 14:34:32 +02:00
Marek Mahut 3a9d17ef04 nixos/matomo: fixing the configuration path 2019-08-27 11:44:34 +02:00
Florian Klink 9a02d9c75e
Merge pull request #66984 from flokli/systemd-cgroup-accounting
nixos/systemd: enable systemd cgroup accounting by default
2019-08-27 11:38:28 +02:00
worldofpeace 8a24bc2e08 nixos/gnome-user-share: cleanup
* No sessionPath!

* add to systemd.packages
  This is for the gnome-user-share-webdav.service.

* Update option description
2019-08-27 03:07:57 -04:00
Aaron Andersen 87fdc06a97
Merge pull request #63634 from aanderse/moodle
moodle: init at 3.7.1
2019-08-26 21:12:44 -04:00
volth 35d68ef143 treewide: remove redundant quotes 2019-08-26 21:40:19 +00:00
Matthew Bauer ed87d12187
Merge pull request #67476 from matthewbauer/fix-66745
nixos/update-users-groups.pl: chomp hashedPassword
2019-08-26 15:54:13 -04:00
rnhmjoj 0e0a533d9a
nixos/pdns-recursor: add luaConfig option 2019-08-26 17:46:04 +02:00
rnhmjoj 92d956267a
nixos/pdns-recursor: implement a settings option 2019-08-26 17:46:03 +02:00
Peter Simons 95c021393f mailman: reserve uid & gid in NixOS 2019-08-26 16:17:39 +02:00
Peter Hoeg c876affce0 nixos darkhttpd: module to enable darkhttpd 2019-08-26 19:57:49 +08:00