1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-19 04:02:10 +00:00
Commit graph

5553 commits

Author SHA1 Message Date
obadz 57b7c3c545 nixos-install: more robust way of sourcing fresh version of self 2016-08-09 21:39:40 +01:00
Robin Gloster 3cf5d5ebed nginx module: fixup events in config 2016-08-09 17:11:28 +00:00
obadz 74b3ad148d nixos/tests/installer.nix: add libxml2 & libxslt to prevent download attempts 2016-08-09 17:01:42 +01:00
aszlig f8fad62c8e
Merge branch 'nixpkgs-git-revision-fix'
Addresses #17218 in a better way in that it doesn't create a
".git-revision" file on every nixos-rebuild, because we already have
".git" available. Even if we don't nixos-rebuild can't create the
"git-revision" file.

Tested via:

nix-build -E '(import ./nixos/tests/make-test.nix {
  name = "foo";
  machine = {};
  testScript = "startAll; $machine->execute(\"nixos-version >&2\");";
})'

Closes: #17610
Acked-by: @bennofs
2016-08-09 17:34:35 +02:00
aszlig 0b9d9eded1
nixos/version: Try to get Git revison from .git
Let's first try if we can determine the Git revision from the .git
directory and if that fails, fall back to get the info from the
".git-revision" file... and after that use something generic like
"master".

This should address #17218 in better way, because we don't need to
create another redundant file in the source checkout of nixpkgs.

I'm not going to route of falling back to using .git, because after
55d881e, we already have ".git-revision" files in people's Git
repositories, which in turn means that nixos-version will report that
old file every time even if the working tree has updated.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @bennofs, Profpatsch
Reported-by: @devhell
Fixes: #17218
2016-08-09 14:18:20 +02:00
aszlig 55d881eea3
Revert adding .git-revision unconditionally
This reverts commit 1e534e234b.

We already should have a .git directory if it is managed via Git,
otherwise there is no way to get the Git revision if neither
.git-revision or .git is present.

But having .git-revision _and_ .git present seems very much redundant to
me.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @bennofs, @Profpatsch
Issue: #17218
2016-08-09 14:15:06 +02:00
Robin Gloster b0b0a45bb1 nginx module: fix cfg.config backwards compatibility
fixes #17604
2016-08-09 12:02:21 +00:00
Thomas Tuegel 68922e3f74 nixos/stage-1: use readlink -e in builder
The builder has this convoluted `while` loop which just replicates
`readlink -e`. I'm sure there was a reason at one point, because the
loop has been there since time immemorial. It kept getting copied
around, I suspect because nobody bothered to understand what it actually
did.

Incidentally, this fixes #17513, but I have no idea why.
2016-08-08 09:45:45 -05:00
Thomas Tuegel ee36bb8588 nixos/stage-1: fix antiquotation 2016-08-08 09:28:17 -05:00
Profpatsch 85ed3ca9c7 libinput.accelProfile: improve docs & new default
The link to some (of course non-existing, i.e. freedesktop) “libinput”
documentation is replaced by a piece of the API documentation.

The default is changed since the documentation suggests `adaptive`
should be it.
https://wayland.freedesktop.org/libinput/doc/latest/group__config.html#gad63796972347f318b180e322e35cee79

Also fix a missing string conversion for `scrollButton`.
2016-08-08 14:01:07 +02:00
Wout Mertens db8401f603 Merge pull request #17100 from abbradar/resume-delay
nixos stage-1: wait for resume devices to appear
2016-08-08 11:34:38 +02:00
Nikolay Amiantov 1e8894f085 unity3d: use chromium-suid-sandbox 2016-08-08 10:49:00 +03:00
Nikolay Amiantov b2413e48ae chromium-suid-sandbox module: fix description 2016-08-08 10:17:31 +03:00
Al Zohali 2aba1c4962 phpfpm service: restructured pool configuration
From @fpletz: Keep poolConfigs option for backwards-compatibility.

The original commit 6b3f5b5a42 was previously
reverted by c7860cae1a but the issues were
resolved.
2016-08-08 05:53:53 +02:00
Nikolay Amiantov 986a40421a nixos stage-1: wait for devices during resumption attempt
Also a microimprovement -- use `test -n` instead of `test -e`
since we have already checked that the file exists.
2016-08-08 01:35:43 +03:00
Nikolay Amiantov 3ae468e835 nixos stage-1: move resumption below helper functions' definitions 2016-08-08 01:34:23 +03:00
Nikolay Amiantov 59aa3bb5c8 nixos stage-1: factor device waiting into a function 2016-08-08 01:32:18 +03:00
David Reaver ed4a061c34 NixOS manual: Add docs for Virtualbox guest (#17454)
Fixes #13311
2016-08-07 04:10:29 +02:00
Rok Garbas a741978f20 Merge pull request #17479 from elitak/factorio
Factorio: 0.13.8 -> 0.13.13, mod support
2016-08-07 04:09:52 +02:00
Paul Hendry 486b8e7f5c Add Terraria server service (#16832) 2016-08-07 03:58:38 +02:00
jokogr adeab67bd8 syncthing service: add syncthing-inotify (#17320) 2016-08-06 17:20:18 +02:00
obadz 66d5edf654 chromium: add nixos module security.chromiumSuidSandbox
Closes #17460

Changed the wrapper derivation to produce a second output containing the sandbox.
Add a launch wrapper to try and locate the sandbox (either in /var/setuid-wrappers or in /nix/store).
This launch wrapper also sheds libredirect.so from LD_PRELOAD as Chromium does not tolerate it.

Does not trigger a Chromium rebuild.

cc @cleverca22 @joachifm @jasom
2016-08-06 10:27:47 +01:00
Gabriel Ebner 22088b4b25 nixos/x11: make nvidia driver work again
The nvidia driver module directly sets the services.xserver.drivers
option, while still having nvidia/nvidiaBeta/... etc. in the
videoDrivers option.
2016-08-06 07:26:25 +02:00
Robin Gloster f4e1041e31 Merge pull request #17503 from peterhoeg/ssh
ssh module: ignore exit code when socket activated
2016-08-05 19:58:06 +02:00
Joachim F f044035a9e Merge pull request #17470 from layus/synaptics-conflict
Warn for conflict between synaptics and libinput
2016-08-05 19:26:07 +02:00
Gabriel Ebner 5e6ac5fcf3 nixos/x11: output sections for modesetting driver
See #17487.
2016-08-05 18:31:04 +02:00
Joachim F 632f9060f1 Merge pull request #17363 from MatrixAI/zsh-helpdir
zsh: Added HELPDIR variable for interactive shells
2016-08-05 16:45:28 +02:00
Franz Pletz 792f96fbc7 Merge pull request #17489 from mayflower/pkg/gitlab-8-10
gitlab: 8.5.12 -> 8.10.3, update module
2016-08-04 23:35:22 +02:00
Tuomas Tynkkynen 2ea72fa9c8 nixos/luksroot: Reference correct output of openssl 2016-08-04 23:12:39 +03:00
obadz 037d9c6cab nixos-install: add options --closure, --no-channel-copy, --no-root-passwd, and --no-bootloader
Closes #17236

nix-build -A tests.installer.simple '<nixos/release.nix>' succeeds ✓
2016-08-04 16:22:25 +01:00
Benno Fünfstück 3f3d18c017 Merge pull request #17218 from bennofs/fix-nixos-version
fix nixos-version --hash when building from git
2016-08-04 15:56:08 +02:00
Christian Kauhaus ea7e705cd9 varnish: fix localstatedir for varnish* tools (#17508)
The varnish tools (varnishstat, varnishlog, ...) tried to load the VSM
file from a spurious var directory in the Nix store. Fix the default so
the tools "just work" when also keeping services.varnish.stateDir at the
default.

Notes:
- The tools use $localstatedir/$HOSTNAME so I've adapted the default for
  stateDir as well to contain hostName.
- Added postStop action to remove the localstatedir. There is no point
  in keeping it around when varnish does not run, as it regenerates it
  on startup anyway.

Fixes #7495
2016-08-04 15:25:23 +02:00
Peter Hoeg c4cba0e51f ssh module: ignore exit code when socket activated
sshd will at times fail when exiting. When socket activated, this will
leave a number of sshd@ service instances in the failed state, so we
simply ignore the error code if we are running socket activated.

Recommended by upstream:
http://systemd-devel.freedesktop.narkive.com/d0eapMCG/socket-activated-sshd-service-showing-up-as-a-failure-when-the-client-connection-fails

Fixes: #3279
2016-08-04 16:47:44 +08:00
Damien Cassou c5d9dc9cfa Merge pull request #17418 from DamienCassou/offlineimap-module-reporting
offlineimap's module: change UI to syslog
2016-08-04 08:33:20 +02:00
Franz Pletz 8a8971788c gitlab module: update documentation 2016-08-04 02:29:50 +02:00
Franz Pletz d8fd06641a gitlab module: split up gitlab-runner script
The name gitlab-runner clashes with a component of Gitlab CI with the
same name and only confuses people. It's now called gitlab-bundle and
a convenience-script gitlab-rake for easier invocation of rake tasks
was added. This was the primary use case of gitlab-runner.
2016-08-04 02:29:45 +02:00
Franz Pletz c39b6025d8 gitlab: 8.5.12 -> 8.10.3, update module
Fixes #14795.
2016-08-04 02:29:44 +02:00
Eric Litak d33540734f factorio: rudimentary mod support for factorio's nixos module 2016-08-03 16:44:51 -07:00
Robin Gloster 1b979d8384 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-08-03 13:34:44 +00:00
Joachim F 772a7bb49b Merge pull request #17425 from joachifm/grsec-efi
grsecurity module: disable EFI runtime services by default
2016-08-03 10:48:25 +02:00
Guillaume Maudoux 0f0be5e498 Warn for conflict between synaptics and libinput 2016-08-03 08:15:18 +02:00
Eric Sagnes 338c425e08 hydra-module: add default to buildMachinesFiles 2016-08-03 13:14:12 +09:00
Eric Sagnes 128389b60c hydra-module: honor user and group ids 2016-08-03 13:13:57 +09:00
Casey Ransom 9ecc587e3b cassandra service: init
The module will configure a Cassandra server with common options being
tweakable. Included is also a test which will spin up 3 nodes and
verify that the cluster can be formed, broken, and repaired.
2016-08-02 20:58:35 -04:00
Robin Gloster 1be4907ca2 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-08-02 13:46:36 +00:00
Rodney Lorrimar 6711e62d51 nixos manual: add Emacs section (fixes #13217)
In light of Emacs packaging improvements such as those mentioned
in #11503, and with the addition of a systemd service (#15807
and #16356), and considering that the wiki page is completely
out of date (#13217), it seems that some documentation is in order.
2016-08-02 11:17:52 +01:00
Joachim Fasting 43fc394a5c
grsecurity module: disable EFI runtime services by default
Enabling EFI runtime services provides a venue for injecting code into
the kernel.

When grsecurity is enabled, we close this by default by disabling access
to EFI runtime services.  The upshot of this is that
/sys/firmware/efi/efivars will be unavailable by default (and attempts
to mount it will fail).

This is not strictly a grsecurity related option, it could be made into
a general option, but it seems to be of particular interest to
grsecurity users (for non-grsecurity users, there are other, more
immediate kernel injection attack dangers to contend with anyway).
2016-08-02 10:24:49 +02:00
Joachim Fasting 79ac02ed64
dnscrypt-proxy service: update resolver list 2016-08-02 09:36:22 +02:00
Franz Pletz c90a43f4c5 nginx module: fix evaluation of root location option 2016-08-01 19:38:10 +02:00
Joachim Fasting d1572d06fe
grsecurity module: correct internal note 2016-08-01 16:27:14 +02:00
Rok Garbas 34237beca6 Merge pull request #15862 from mayflower/nginx-module
Declarative nginx module with ACME support
2016-08-01 13:10:06 +02:00
Joachim Fasting c91d07b668
dnscrypt-proxy module: types.string should be types.str 2016-08-01 12:55:42 +02:00
Eric Sagnes c7bd26e537 version module: refactor with fileContents 2016-08-01 18:40:36 +09:00
Eric Sagnes 1114ab41e6 release.nix: refactor with fileContents 2016-08-01 18:35:26 +09:00
Eelco Dolstra 0804f67024 Fix epub generation
* Hydra doesn't like spaces in filenames.

* The zip file contained nix/store/.../OEBPS rather than OEBPS at
  top-level, causing some programs (like okular) to barf.

* Remove the redundant $dst/epub directory.
2016-08-01 11:10:22 +02:00
Eelco Dolstra d5756cdf0a Remove the PDF manual
PDF is very 20th century and nobody reads technical documentation this
way anymore.
2016-08-01 11:10:21 +02:00
Eelco Dolstra 83eb49220b Manual: Only include the release number (e.g. 16.03)
This prevents gratuitous rebuilds of the manual every time the Git
revision changes.

Should help a bit with #17261.
2016-08-01 11:10:21 +02:00
Eelco Dolstra 2a05368ff3 Remove $NIXOS_LABEL and $NIXOS_VERSION
Relying on environment variables to override configuration options is
ugly, and there is no reason for them.
2016-08-01 11:10:02 +02:00
Damien Cassou 19af5b444e offlineimap's module: change UI to syslog
The 'syslog' UI "allows better integration with systemd":
http://www.offlineimap.org/doc/Changelog.html#offlineimap-v660-rc2-2015-10-15
2016-08-01 09:37:53 +02:00
Gabriel Ebner dbd856d724 Merge pull request #17387 from cko/redis
redis: 3.0.7 -> 3.2.2
2016-08-01 08:13:08 +02:00
Robin Gloster 63c7b4f9a7 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-07-31 20:51:34 +00:00
Franz Pletz d7f7ef4c21 Merge pull request #15496 from kampfschlaefer/containers_more_veth_interfaces
Declarative containers: more veth interfaces
2016-07-31 19:13:59 +02:00
Langston Barrett a28273df32 mopidy service: add default value for configuration (#17385)
Mopidy will start if the configuration is empty.

Fixes #17381.
2016-07-31 18:35:09 +02:00
Christine Koppelt 07ca9bd4bc Redis: add entry to release notes 2016-07-31 15:28:56 +02:00
Franz Pletz 76b21b7adb nixos/firewall: Refactor rpfilter, allow DHCPv4 (#17325)
Adds a new chain in the raw table for reverse path filtering and optional
logging. A rule to allow serving DHCPv4 was also added as it is commonly
needed and poses no security risk even when no DHCPv4 server is running.

Fixes #10101.
2016-07-31 13:49:24 +02:00
Profpatsch 8a6047a525 nixos/pulseaudio: increase service restart time
Pulseaudio doesn’t like being restarted too quickly.
2016-07-30 23:42:54 +02:00
Profpatsch 5074a79937 nixos/pulseaudio: tcp streaming & zeroconf
Adds options for tcp streaming and avahi zeroconf support (so that the
server can be easily found by clients).
There is also an option to allow anonymous clients to stream to the
server (by default pulseaudio uses a cookie mechanism, see manpage).
2016-07-30 23:42:54 +02:00
Thomas Tuegel d5bec1a145 kde5: rename extra-cmake-modules variants
Instead of one package `extra-cmake-modules`, there is now `ecm` and
`ecmNoHooks`. The latter is used when one does not want to incur a Qt 5
dependency; it is also available as a top-level package
`extra-cmake-modules`.
2016-07-30 14:06:43 -05:00
Gabriel Ebner 07fc65289a nixos/x11: remove unneccessary special cases 2016-07-30 17:03:16 +02:00
Gabriel Ebner 5c9309c231 xorg.xorgserver: enable glamor support 2016-07-30 13:37:51 +02:00
Thomas Tuegel 3dea00d90e nixos/kde: phonon moved to qt5 2016-07-29 10:29:15 -05:00
Rob Vermaas 9494b764d2 dd-agent: support jmx, needs a separate daemon nowadays.
(cherry picked from commit 1425a1f964)
2016-07-29 12:42:07 +00:00
Roger Qiu c0ff64c2e8 zsh: Added HELPDIR variable for interactive shells, as the help directory is distribution specific, and will be useful for using run-help 2016-07-29 20:36:06 +10:00
Arnold Krille 07de11f165 containers: add myself to the maintainers of the tests
Seems like the right thing to do.
2016-07-28 23:06:41 +02:00
Arnold Krille 9045a8e24c declarative containers: additional veths
With these changes, a container can have more then one veth-pair. This allows for example to have LAN and DMZ as bridges on the host and add dedicated containers for proxies, ipv4-firewall and ipv6-firewall. Or to have a bridge for normal WAN, one bridge for administration and one bridge for customer-internal communication. So that web-server containers can be reached from outside per http, from the management via ssh and can talk to their database via the customer network.

The scripts to set up the containers are now rendered several times instead of just one template. The scripts now contain per-container code to configure the extra veth interfaces. The default template without support for extra-veths is still rendered for the imperative containers.

Also a test is there to see if extra veths can be placed into host-bridges or can be reached via routing.
2016-07-28 23:06:41 +02:00
Eelco Dolstra fd5bbdb436 nixos-containers: Set DevicePolicy=closed
This makes the container a bit more secure, by preventing root
creating device nodes to access the host file system, for
instance. (Reference: systemd-nspawn@.service in systemd.)
2016-07-28 17:58:55 +02:00
Eelco Dolstra bf3edfbb3c nixos-containers: Use systemd 231's --notify-ready flag 2016-07-28 17:58:52 +02:00
Robin Gloster a193fecf0e nginx module: improve statusPage generated code
Adds ::1 as allowed host and turns of access_log for the status page.
2016-07-28 11:59:13 +00:00
Robin Gloster 3ccfca7d6b nginx module: httpConfig backward compatibility
Revert httpConfig its old behaviour and make it mutually exclusive to
the new structured configuration. Adds appendHttpConfig to have the
ability to write custom config in the generated http block.
2016-07-28 11:59:13 +00:00
Robin Gloster 511410789b nginx module: make client_max_body_size configurable 2016-07-28 11:59:13 +00:00
Tristan Helmich 8c61b3af03 nginx: fixed duplicate http declaration 2016-07-28 11:59:13 +00:00
Robin Gloster 91680de317 nginx module: add statusPage option 2016-07-28 11:59:13 +00:00
Robin Gloster a294ad01b3 nginx module: make recommended settings optional 2016-07-28 11:59:13 +00:00
Robin Gloster 186a8400ed nginx module: make httpConfig backward compatible 2016-07-28 11:59:13 +00:00
Robin Gloster 5dd7cf964a nginx module: improve documentation 2016-07-28 11:59:13 +00:00
Franz Pletz de8008a1b1 nginx module: Enable http2 2016-07-28 11:59:13 +00:00
Franz Pletz e982aeae6a nginx module: Add default proxy headers for tomcat 2016-07-28 11:59:13 +00:00
Robin Gloster 3830a890ab nginx module: add option to make vhost default 2016-07-28 11:59:13 +00:00
Robin Gloster 138945500e nginx module: implement basic auth 2016-07-28 11:59:13 +00:00
Robin Gloster ff12ee35b7 nginx module: redirect to same protocol 2016-07-28 11:59:13 +00:00
Robin Gloster e18f8e8b66 nginx module: turn off basic auth on acme locations 2016-07-28 11:59:13 +00:00
Franz Pletz 4e5c7913e9 nginx module: Add acmeFallbackHost vhost option 2016-07-28 11:59:13 +00:00
Franz Pletz 811f243ce6 nginx module: Add extraConfig for locations 2016-07-28 11:59:13 +00:00
Franz Pletz d5a097fdb6 nginx module: Don't create acme certs if acme is not enabled 2016-07-28 11:59:13 +00:00
Tristan Helmich c61157b7e6 nginx module: Add dhParams option 2016-07-28 11:59:13 +00:00
Tristan Helmich 35d76a72ab nginx module: Add sslCiphers option 2016-07-28 11:59:13 +00:00
Tristan Helmich 8bd1f401bb nginx module: Add sslProtocols option 2016-07-28 11:59:13 +00:00
Tristan Helmich 900b311a38 nginx module: Fix ACME extraDomains, fix challenge url to not redirect to allow renewals 2016-07-28 11:59:13 +00:00
Tristan Helmich 4676983990 nginx module: Add ACME support for ssl sites 2016-07-28 11:59:13 +00:00
Robin Gloster f298be9ef4 nginx module: declarative config 2016-07-28 11:58:37 +00:00
Robin Gloster 356c2fe00d Revert "nginx: Verify that configuration is syntactically correct" (#17337) 2016-07-28 13:55:06 +02:00
Peter Hoeg 62f2f72e98 tmux module: do not override keys by default in VI mode (#17330)
We want to stick to upstream defaults as much as possible.

As pointed out by @8573 in #16999, this was not the case.
2016-07-28 13:10:42 +02:00
Peter Hoeg 65ef5d8f5b rspam module: use mkEnableOption
See #17329.
2016-07-28 07:06:35 +02:00
Franz Pletz 8a1e7cd556 rspamd service: fix runtime directory, log to syslog
Fixes #17144.
2016-07-28 06:22:29 +02:00
Franz Pletz d23521b16c rmilter service: use runtime dirctory for socket 2016-07-28 06:22:23 +02:00
Christine Koppelt 39da575262 add epub for NixOS manual (second try) (#17205) 2016-07-28 04:27:39 +02:00
Robin Lambertz b65e9d87e2 matrix-synapse: Only run StartPre script when data folder doesn't exist (#17216) 2016-07-28 04:13:21 +02:00
Franz Pletz 996c9837fa Merge pull request #17322 from RamKromberg/init/motif
motif: init at 2.3.6 & nedit: 5.6 -> 5.6a
2016-07-28 03:53:38 +02:00
Ram Kromberg 3800bb5017 motif: init at 2.3.6 2016-07-28 01:33:45 +03:00
Bjørn Forsman c7860cae1a Revert "phpfpm service: restructured pool configuration"
This reverts commit 6b3f5b5a42 because it
introduced a non-backwards compatible change in the phpfpm interface,
without really needing to. The new interface, if needed, can be re-added
alongside the old interface.

Commit 98e419c0e2 ("tt-rss service: init at 16.3")
depends on the new interface, so this commit updates the tt-rss service
to work with the old services.phpfpm.poolConfigs interface.
2016-07-27 23:53:58 +02:00
Robin Lambertz 103805dec5 nginx: Verify that configuration is syntactically correct (#17208) 2016-07-27 22:24:08 +02:00
Shawn Warren 7234275cd5 bump gocd-server version to 16.6.0-3590 (#17304)
Update gocd-server package version to 16.6.0-3590 including new sha.  Modify heapSize
and maxMemory mkOption to accurately reflect their intended purpose of configuring
initial java heap sizes.
2016-07-27 18:44:28 +02:00
Rok Garbas 14e8071921 Merge pull request #17305 from hiberno/update-elk-stack
Update elk stack
2016-07-27 18:42:08 +02:00
Christian Lask 6d68a1fbf3 logstash: 1.5.3 -> 2.3.4
Note: the option to configure the watchdog timeout seems to be gone
in the 2.3 series of Logstash. It complains about an unknown option
and it is not in the source anymore. I am thus removing this
configuration option to adjust the service to these changes, too.
2016-07-27 17:45:38 +02:00
Tristan Helmich c9b9692347 tinc: add Restart in systemd service config 2016-07-27 10:38:57 +02:00
Joachim F ad127bb55d Merge pull request #17271 from jokogr/fix/syncthing-system-service
syncthing: fix system service
2016-07-27 03:23:08 +02:00
Bjørn Forsman 0a2174f195 nixos/lighttpd: move cgit setup to cgit.nix
To where it really belongs. Separation of concern.
2016-07-26 15:37:24 +02:00
Ioannis Koutras 24968fc1c1 syncthing: fix system service 2016-07-26 13:10:15 +03:00
Wout Mertens 62d11a6961 Merge pull request #17206 from nathan-gs/patch-2
Fix #9759 SSMTP sendmail wrapper
2016-07-26 10:52:19 +02:00
Wout Mertens 3bb18c68d2 Merge pull request #17042 from rasendubi/etc
etc: remove obsolete directories
2016-07-26 09:04:10 +02:00
Luca Bruno 5c738ec37e gnome3: drop 3.18 2016-07-25 22:49:12 +02:00
Alexey Shmalko fe9cabedf0
etc: remove obsolete directories
This patch adds handling of a directory becoming a symlink in
/etc. Before this patch, the directory wasn't removed and then
symlinking failed, which caused directory not being updated at all.

The idea for the patch goes to @abbradar at
https://github.com/NixOS/nixpkgs/issues/16978#issuecomment-232921903:
> A heuristic idea for this -- a function `isStatic :: Path -> Bool`:
>
> * if path `/etc/foo` is a file, return True iff it's a symlink to `/etc/static/foo`.
> * if path is a directory, return True iff for all items in it `isStatic` is True.
>
> On any conflicts, if old path is static, it's safe to replace and/or
> delete stale. Otherwise make a backup and notify the user via a
> journal entry and console output.

The only difference here -- it will not replace user configs.

This also fixes https://github.com/NixOS/nixpkgs/issues/16978.
2016-07-25 15:50:53 +03:00
Robin Gloster f222d98746 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-07-25 12:47:13 +00:00
Joachim F 0050338610 Merge pull request #17087 from j1r1k/pulseaudio-extraClientConf
pulseaudio module: add extraClientConf option
2016-07-24 15:52:01 +02:00
Nikolay Amiantov ddb75882b6 kbd task: fix colors in early initrd 2016-07-24 15:08:49 +03:00
Joachim Fasting 88138d43fa
grsecurity test: add note explaining what the tcc -run test accomplishes 2016-07-24 12:54:07 +02:00
Joachim Fasting 8c8d6b4053
grsecurity test: verify that the grsec device node is created 2016-07-24 12:54:07 +02:00
Joachim Fasting 96542a1b00
grsecurity module: assert RBAC support in kernel 2016-07-24 12:54:07 +02:00
Joachim Fasting 5ece58ed66
grsecurity module: add gradm to system path 2016-07-24 12:54:07 +02:00
Joachim F 027cb61088 Merge pull request #16891 from joachifm/grsec-doc
manual: add chapter on Grsecurity/PaX
2016-07-24 12:48:27 +02:00
Daiderd Jordan eab1ec23f0 Merge pull request #17194 from Profpatsch/document-container-root
nixos/manual: document you need root for container
2016-07-24 12:01:47 +02:00
Benno Fünfstück 1e534e234b fix nixos-version --hash when building from git 2016-07-23 22:59:03 +02:00
Emery Hemingway 90ee01cd3d nixos: disable DHCP on ZeroTier interfaces 2016-07-23 21:04:42 +02:00
Nathan Bijnens bb528e714d Fix #9759 SSMTP sendmail wrapper - cfg instead of full path 2016-07-23 20:58:58 +02:00
Joachim Fasting edbaba6d3c
nixos release notes: document changes to grsecurity/PaX 2016-07-23 19:09:47 +02:00
Joachim Fasting 190890cdac
nixos manual: add chapter on grsecurity/PaX
Explain the "what", "why", and "how" of grsecurity/PaX
on NixOS.
2016-07-23 19:09:43 +02:00
Nathan Bijnens cf3867a5ef Fix #9759 SSMTP sendmail wrapper 2016-07-23 18:00:10 +02:00
Profpatsch 2f074321c7 nixos/manual: document you need root for container 2016-07-23 06:21:56 +02:00
ben smith c38e6a2a60 mysql: fix replication tests (#17174)
Eliminate race condition in replication test
Remove replication configuration from standalone test
Improve mysql command syntax consistency
2016-07-23 00:37:05 +02:00
Shawn Warren 9886c80daa Add gocd agent and server service packages (#16273)
GoCD is an open source continuous delivery server specializing in advanced workflow
modeling and visualization.  Update maintainers list to include swarren83.  Update
module list to include gocd agent and server module.  Update packages list to include
gocd agent and server package.  Update version, revision and checksum for GoCD
release 16.5.0.
2016-07-23 00:29:18 +02:00
Moritz Ulrich f8ea8c7197 tt-rss: Fix evaluation by disabling nginx-options.
The nginx.virtualHosts option isn't merged yet. We can re-enable these
features when https://github.com/NixOS/nixpkgs/pull/15862 is merged.
2016-07-22 09:54:25 +02:00
Rok Garbas d73c115aa4 Merge pull request #16132 from zohl/tt-rss
tt-rss service: init at 16.3
2016-07-21 20:48:18 +02:00
Al Zohali 98e419c0e2 tt-rss service: init at 16.3 2016-07-21 20:46:35 +03:00
Eelco Dolstra a78ecb0d33 Remove nixos.tests.boot.biosUsb.* as release blockers
These have a high random failure rate, blocking channel updates. Issue
2016-07-21 11:44:55 +02:00
Michele Guerini Rocco 267e362fbc syncthing: Allow the user service to be enabled with systemctl (#17136) 2016-07-21 04:49:58 +02:00
Robin Gloster 1f04b4a566 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-07-21 00:56:43 +00:00
ben smith e641974f06 MySQL Replication (that actually works) (#7198)
Improves replication functionality by:
 * adding slaveHost on the 'master' role
 * adds slave user to master with replication only permissions
2016-07-21 02:15:55 +02:00
Rok Garbas db7b4fb073 Merge pull request #6846 from wizeman/u/zfs-auto-snap-flags
nixos: ZFS auto-snapshot improvements
2016-07-21 01:53:11 +02:00
davidak 83bdc8e858 caddy service: add options to change ACME certificate authority (#16969)
and agree to let's encrypt subscriber agreement
2016-07-21 01:51:09 +02:00
cransom 4a9b640f37 smokeping: init at 2.6.11 (#17090)
Includes a module for service setup and a test
to verify functionality of both service and pkg.
2016-07-21 01:07:59 +02:00
Rok Garbas 760da3e3f3 nixos: init programs.xonsh 2016-07-21 00:55:36 +02:00
Nikolay Amiantov 3cc54bbad9 Merge pull request #17082 from abbradar/fix-early-kbd
Use new early kbd-setting code in initrd and fix layouts from external packages
2016-07-20 23:52:45 +04:00
Bjørn Forsman 78eac466b0 nixos/ddclient: add warning about password being world readable
Closes #16885.
2016-07-19 16:51:42 +02:00
Matthew Justin Bauer 802a700373 virtualbox: fix virtualbox guest additions (#16964) 2016-07-19 13:55:44 +02:00
Robin Gloster 203846b9de Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-07-19 10:37:02 +00:00
Svein Ove Aas 9a8e0d1c2e zfs: Force sync on shutdown (#16903) 2016-07-19 09:57:13 +02:00
Christian Kauhaus 3530f3f20a systemd: make ctrl-alt-del target configurable. (#16911)
We currently only allow upstream's default of "reboot.target" due to the
way the symlinks are initialized. I made this configurable similar to the
default unit.
2016-07-19 09:42:53 +02:00
Eric Merritt eb92804f91 nixos-containers: init package (#16959)
This moves nixos-containers into its own package so that it can be
relied upon by other packages/systems. This should make development
using dynamic containers much easier.
2016-07-19 08:13:06 +02:00
Nikolay Amiantov 9cc70b419c nixos/tests: add hibernation test 2016-07-19 05:20:02 +03:00
Nikolay Amiantov 399db54e35 nixos/qemu: don't recreate extra disks 2016-07-19 05:20:02 +03:00
Franz Pletz febcd39afa nixos/grafana: set plugins path, fix image generation
Also add options to configure which organization should have anonymous access.
2016-07-19 00:18:12 +02:00
Jiri Marsicek 7d0990b594 pulseaudio module: add extraClientConf option 2016-07-19 00:14:58 +02:00
Nikolay Amiantov cf64a7ecc0 kbd module: fix keymaps search for loadkeys 2016-07-18 23:46:38 +03:00
Nikolay Amiantov 7bed3d0cb3 nixos stage-1: move keymap handling to kbd module 2016-07-18 23:27:45 +03:00
Nikolay Amiantov 6f89369440 libinput service: add libinput to udev packages
See #17054
2016-07-18 17:14:34 +03:00
Nikolay Amiantov 3d69653d6b plymouth service: stop splash screen before a failure prompt 2016-07-18 13:45:37 +03:00
Nikolay Amiantov 7513a1d2f5 plymouth service: update root fs before stage 2 2016-07-18 13:45:37 +03:00
Nikolay Amiantov 9cab592abd plymouth service: style fixes 2016-07-18 13:45:37 +03:00
Nikolay Amiantov 86ad25625f nixos stage-1: add custom pre failure dialog commands 2016-07-18 13:45:37 +03:00
obadz 08fe395074 nixos/tests/installer.nix: add curl on host machine
add curl so that rather than seeing the test attempt to download
curl's tarball, we see what it's trying to download.
2016-07-17 21:17:55 +01:00
Nikolay Amiantov f4ea97ae90 Revert "nixos/tests/installer: Fix matching LUKS prompt"
This reverts commit ec072cbc4c.

See also 193ab8be67
2016-07-17 22:44:54 +03:00
Benno Fünfstück 336786addc nixos/lightdm: support greeter-less auto login
This adds configuration options for automatic login and disabling the
greeter (this should avoid the dependency on gtk).
2016-07-17 18:54:23 +02:00
Benno Fünfstück 8881f940a9 nixos/sddm: options documentation improvements 2016-07-17 18:54:23 +02:00
Benno Fünfstück be625ad36b xsession: fix multiple arguments with logToJournal
KDM and LightDM (at least with autologin) call the xsession-script with
two arguments: the first is the path of the xsession script itself,
while the second one are the actual arguments. The line to re-exec the
script under systemd-cat only forwarded a single argument, therefore
breaking LightDM and KDM login. This commit fixes the issue by always
forwarding all the arguments.
2016-07-17 18:54:23 +02:00
Nikolay Amiantov 193ab8be67 Revert "nixos stage-1: try to quit plymouth if started on failure"
This reverts commit c69c76ca7e.

This patch was messed up during a rebase -- the commit title doesn't match what
it really does at all (it is actually a broken attempt to get LUKS passphrase
prompts in Plymouth).
2016-07-17 15:03:13 +03:00
aszlig ec072cbc4c
nixos/tests/installer: Fix matching LUKS prompt
The LUKS passphrase prompt has changed from "Enter passphrase" to "Enter
LUKS Passphrase" in c69c76ca7e, so the OCR
detection of the test fails indefinitely.

Unfortunately, this doesn't fix the test because we have a real problem
here:

Enter LUKS Passphrase:
killall: cryptsetup: no process killed
Enter LUKS Passphrase:

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @abbradar
2016-07-17 11:20:25 +02:00
Michele Guerini Rocco 47f59a51e4 nixos/compton: add user service (#16652) 2016-07-17 02:25:38 +02:00
Frederik Rietdijk 24fdb7ce21 Merge pull request #16889 from grahamc/sysstat
sysstat: Create systemd service for historical sar data
2016-07-16 19:29:13 +02:00
Thomas Tuegel b2cf5aabb0 nixos/kde5: add missing Plasma packages 2016-07-16 10:14:50 -05:00
Thomas Tuegel 32c1f05aed nixos/kde5: install missing frameworks 2016-07-16 10:14:48 -05:00
Thomas Tuegel d3747a2261 kinit: use a setuid wrapper for start_kdeinit 2016-07-16 10:14:47 -05:00
Thomas Tuegel 888c66f97d nixos/kde5: disable setuid wrapper for kdeinit
We need to pass certain environment variables through the wrapper, but I
don't know how to do that yet. The setuid-root feature serves only to
hide kdeinit from the OOM killer, so this is not critical.
2016-07-16 10:14:46 -05:00
Thomas Tuegel 1cb4aacf18 nixos/kde5: fix paths to setuid programs 2016-07-16 10:14:45 -05:00
Joachim F ed50ef318b Merge pull request #15848 from matthewbauer/packagekit
Add in PackageKit
2016-07-16 13:29:08 +02:00
Joachim F 8f43f111c0 Merge pull request #15840 from anderspapitto/pulse-jack
pulseaudio service: set DISPLAY
2016-07-16 13:26:39 +02:00
Joachim F 86ba20b3d8 Merge pull request #16686 from AndersonTorres/pekwm
pekwm: init at 0.1.17
2016-07-16 13:19:00 +02:00
Joachim Fasting 59c9a88a6b
grsecurity module: tweak lockTunables option description 2016-07-16 11:11:35 +02:00
Joachim Fasting cef7150bc7
grsecurity module: grsecurity is not capitalized mid-sentence 2016-07-16 11:11:35 +02:00
Joachim Fasting 94824303be
grsecurity module: smarter container support
Only set tunables required for container support if there are any containers.
2016-07-16 11:11:35 +02:00
Joachim Fasting c606b9876f
grsecurity module: enforce size overflows by default
It is better to make this conditional on whether the configuration contains a
known size overflow that could prevent the system from booting.
2016-07-16 11:11:35 +02:00
obadz cfc0a5415b Revert "fontconfig: fix etc priority"
This reverts commit 1e53d4a777.

Closes #16983

cc @vcunat @ericsagnes @dezgeg
2016-07-15 20:44:21 +02:00
Robin Gloster 0749876016 Merge pull request #15957 from mayflower/sonarr_upstream
sonarr: init at 2.0.0.4146 + sonarr service
2016-07-15 17:34:18 +02:00
Bjørn Forsman 8c2d888401 jenkins: move $out/{lib => webapps}/jenkins.war
As pointed out by @danbst, the tomcat NixOS module expects packages
listed in services.tomcat.webapps to either be direct .war file paths or
have .war files inside a "webapps" directory.

Commit 4075c10a59
("jenkins: move .war file from $out to $out/lib/jenkins.war") broke
jenkins + tomcat. Fix it by moving jenkins.war to $out/webapps/.
2016-07-15 17:18:44 +02:00
Robin Gloster 5185bc1773 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-07-15 14:41:01 +00:00
Tristan Helmich ed466b7fef sonarr service: initial service 2016-07-15 16:18:37 +02:00
Bjørn Forsman 4075c10a59 jenkins: move .war file from $out to $out/lib/jenkins.war
Fixes #14137, also known as:

  $ nix-shell -p jenkins
  bash: source: /nix/store/ln1yw6c2v8bb2cjqfr1z5aqcssw054wa-jenkins-2.3:
  cannot execute binary file
  [nix-shell exited with error]

The problem is that jenkins.war is not installed inside the directory
$out, but rather _as the file_ $out. Fix it by moving the file to
$out/lib/jenkins.war.

While at it, move buildCommand so that the "meta" section is at the end
of the expression (standard style), and quote shell variables.
2016-07-15 15:12:52 +02:00
Frederik Rietdijk cfb4a19f51 Merge pull request #16967 from davidak/caddy-fix
caddy service: fix nix store output path
2016-07-15 12:26:18 +02:00
Eelco Dolstra 55eb18d212 Add some more info to the nixos-version manpage 2016-07-15 12:02:39 +02:00
Luca Bruno 4b8c31d981 gnome3: enable X libinput by default
See https://bugzilla.gnome.org/show_bug.cgi?id=764257#c12
2016-07-14 22:06:18 +01:00
davidak d2164cfcda caddy service: fix nix store output path
systemd[11376]: caddy.service: Failed at step EXEC spawning /nix/store/ghpcwj6paccc92l1gk7ykb6gf2i2w6fi-go1.6-caddy-0.8.3/bin/caddy: No such file or directory
2016-07-14 22:04:55 +02:00