1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-22 21:50:55 +00:00
Commit graph

4964 commits

Author SHA1 Message Date
danbst 63f9ef9f19 tomcat service: bump default tomcat to 8.5
See migration changelogs at
- 7.0 -> 8.0: https://tomcat.apache.org/migration-8.html
- 8.0 -> 8.5: https://tomcat.apache.org/migration-85.html
2016-09-09 18:29:12 +02:00
danbst a01d4ee3f4 tomcat: add danbst as maintainer 2016-09-09 18:29:12 +02:00
danbst f1072611a4 tomcat service: call shutdown in preStop, because postStop is too late (systemd kills process) 2016-09-09 18:29:12 +02:00
danbst 0c2d943529 tomcat: split default webapps to separate output (~6M) 2016-09-09 18:29:12 +02:00
Lengyel Balázs 127924954b Linux-kernel: Workaround for https://github.com/NixOS/nixpkgs/issues/18451
remove after upstream gets fixed
2016-09-09 11:47:48 +02:00
Robert Helgesson bf371a8b06 radicale service: use "simple" service type (#18406)
Radicale can run as a foreground service and will then emits logging and
errors on the standard output. This helps the logging end up in the
systemd journal.
2016-09-08 12:34:22 +02:00
Damien Cassou 6dc9ed317c Merge pull request #18244 from DamienCassou/emacs-gtk_data_prefix
emacs module: Fix to get properly themed GTK apps
2016-09-08 09:05:11 +02:00
aszlig dd98b6fb9f
nixos/stage2: Fix mounting special filesystems
This partially reverts commit ab9537ca22.

From the manpage of systemd-nspawn(1):

  Note that systemd-nspawn will mount file systems private to the
  container to /dev, /run and similar.

Testing this in a shell turns out:

$ sudo systemd-nspawn --bind-ro=/nix/store "$(readlink "$(which ls)")" /proc
Spawning container aszlig on /home/aszlig.
Press ^] three times within 1s to kill container.
/etc/localtime does not point into /usr/share/zoneinfo/, not updating
container timezone.
1          execdomains  kpageflags    stat
acpi       fb           loadavg       swaps
asound     filesystems  locks         sys
buddyinfo  fs           meminfo       sysrq-trigger
bus        interrupts   misc          sysvipc
cgroups    iomem        modules       thread-self
cmdline    ioports      mounts        timer_list
config.gz  irq          mtrr          timer_stats
consoles   kallsyms     net           tty
cpuinfo    kcore        pagetypeinfo  uptime
crypto     key-users    partitions    version
devices    keys         scsi          vmallocinfo
diskstats  kmsg         self          vmstat
dma        kpagecgroup  slabinfo      zoneinfo
driver     kpagecount   softirqs
Container aszlig exited successfully.

So the test on whether PID 1 exists in /proc is enough, because if we
use PID namespaces there actually _is_ a PID 1 (as shown above) and the
special file systems are already mounted. A test on the $containers
variable actually mounts them twice.

This unbreaks NixOS containers and I've tested this against the
containers-imperative NixOS test.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @rickynils, @shlevy, @edolstra
2016-09-07 18:10:08 +02:00
Rob Vermaas 2410608814 NixOS 17.03 will be called Gorilla 2016-09-07 15:05:00 +00:00
aszlig fb46df8a9a
nixos: Fix ordering of firewall.service
Follow-up to the following commits:

  abdc5961c3cdf9f5893ea1e91ba08ff5089f53a4: Fix starting the firewall
  e090701e2d09aec3e8866ab9a8e53c37973ffeb4: Order before sysinit

Solely use sysinit.target here instead of multi-user.target because we
want to make sure that the iptables rules are applied *before* any
socket units are started.

The reason I've dropped the wantedBy on multi-user.target is that
sysinit.target is already a part of the dependency chain of
multi-user.target.

To make sure that this holds true, I've added a small test case to
ensure that during switch of the configuration the firewall.service is
considered as well.

Tested using the firewall NixOS test.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @edolstra
2016-09-07 15:11:24 +02:00
Eelco Dolstra e090701e2d firewall: Order before sysinit
Suggested by @aszlig.
2016-09-07 14:42:30 +02:00
Eelco Dolstra abdc5961c3 Fix starting the firewall
Probably as a result of 992c514a20, it
was not being started anymore.

My understanding of systemd.special(7) (section "Special passive
system units") is that the firewall should want network-pre.target,
rather than the other way around (not very intuitive...). This in
itself does not cause the firewall to be wanted, which is why the
wanted-by relationship with multi-user.target is necessary.

http://hydra.nixos.org/build/39965589
2016-09-07 14:30:11 +02:00
Eelco Dolstra 58b028f9ee nfs module: Fix dependency on statd and idmapd
http://hydra.nixos.org/build/40038016
2016-09-07 14:15:57 +02:00
Eelco Dolstra 015c984537 nfs module: Improve descriptions 2016-09-07 14:15:57 +02:00
Alexey Shmalko b7237abc08 avahi-daemon: remove default browse-domains
These domains are not actually default but examples. See
https://github.com/lathiat/avahi/blob/master/avahi-daemon/avahi-daemon.conf#L24
for default config.
2016-09-07 13:58:21 +02:00
Shea Levy 03b888e205 Merge branch 'stage2-generalise-containers' of https://github.com/rickynils/nixpkgs 2016-09-07 05:39:22 -04:00
Eelco Dolstra 70be99c645 Merge pull request #18365 from NixOS/fix-sshd-failure
Make /var/empty immutable (with chattr +i)
2016-09-07 11:18:49 +02:00
Domen Kožar 8f95e6f6aa hardcode e2fsprogs, idempotent chmod, remove care condition 2016-09-07 10:49:27 +02:00
Rickard Nilsson ab9537ca22 nixos: Generalise the container tests in stage-2 boot
This way, stage-2 behaves correctly also for libvirt-lxc containers.

Some more discussion on this:
a7a08188bf
bfe46a653b
2016-09-07 07:50:04 +00:00
Langston Barrett 492a90f1c9 dovecot service: require mail{User,Group} with sieveScripts
fixes #17702.
2016-09-07 01:50:59 +00:00
Nikolay Amiantov aed2cd32f8 nixos containers: hopefully fix test failures
Closes #18377.
2016-09-07 02:55:48 +03:00
Franz Pletz 9190dbcc0e Merge pull request #18366 from groxxda/acme-loop
security.acme: require networking for client, remove loop without fallbackHost
2016-09-06 23:02:07 +02:00
Domen Kožar 3877ec5b2f Make /var/empty immutable
Fixes #14910 and #18358

Deployed to an existing server, restarted sshd and polkit to verify
they don't fail.
2016-09-06 20:13:33 +02:00
Thomas Tuegel caac16a924 Merge pull request #18362 from ericsagnes/fix/im-description
input-methods modules: fix engine description
2016-09-06 11:42:28 -05:00
Alexander Ried e84b803300 security.acme: remove loop when no fallbackHost is given 2016-09-06 17:47:00 +02:00
Alexander Ried 7f98dca782 security.acme: the client really needs networking
Actually this can be improved since the client only needs network
connectivity if it needs to renew the certificate.
2016-09-06 17:47:00 +02:00
Eelco Dolstra 98102ebd92 Enable the runuser command from util-linux
Fixes #14701.
2016-09-06 17:23:27 +02:00
Eelco Dolstra f2ddf2a9be nix: 1.11.3 -> 1.11.4 2016-09-06 16:15:22 +02:00
Eelco Dolstra 1fef99942e nixos-rebuild: Move the Nix fallback store paths into a separate file 2016-09-06 16:07:47 +02:00
Eric Sagnes 314c30cbf1 input-methods modules: fix engine description 2016-09-06 22:53:15 +09:00
obadz 3f1ceae281 Partially revert "Revert "nixos: remove rsync from base install and add explicit path in nixos-install""
This partially reverts commit 0aa7520670.

Fine for rsync to be in system path but we still need the explicit path
in nixos-install in case it is invoked from non-NixOS systems and also
to fix OVA test failure

See also 0aa7520670

cc @edolstra
2016-09-06 11:49:03 +01:00
Eelco Dolstra 520cb14f16 Fix infinite recursion introduced by f3c32cb2c1 2016-09-05 18:17:22 +02:00
Eelco Dolstra 1a1a31c9d8 Merge pull request #18321 from groxxda/cleanup
various: minor cleanup
2016-09-05 17:11:45 +02:00
Eelco Dolstra 5b5c2fb9c0 Make the default fonts conditional on services.xserver.enable
We were pulling in 44 MiB of fonts in the default configuration, which
is a bit excessive for headless configurations like EC2
instances. Note that dejavu_minimal ensures that remote X11-forwarded
applications still have a basic font regardless.
2016-09-05 15:51:37 +02:00
Eelco Dolstra f3c32cb2c1 Let services.openssh.forwardX11 imply programs.ssh.setXAuthLocation 2016-09-05 15:38:42 +02:00
Alexander Ried 53f3c2a278 systemd: add some missing upstream units 2016-09-05 15:03:46 +02:00
Alexander Ried 322c823193 agetty: remove override for container-getty@.service since it's upstream
Added in systemd/systemd@68ac53e
2016-09-05 15:03:35 +02:00
Alexander Ried 2fd6b36c51 networkd.module: remove before network-online
this is already upstream default
2016-09-05 15:03:35 +02:00
Alexander Ried 992c514a20 (network,remote-fs)-pre: remove duplicate wantedBy and before
this is part of (network,remote-fs).target, repectively
2016-09-05 15:03:35 +02:00
Eelco Dolstra ab49ebe6fa Make it possible to disable "info" 2016-09-05 14:53:27 +02:00
Eelco Dolstra 5e5df88457 modules/profiles/minimal.nix: Disable "man" 2016-09-05 14:53:27 +02:00
Eelco Dolstra ba70ce28ae no-x-libs.nix: Ensure that dbus doesn't use X11
It appears that packageOverrides no longer overrides aliases, so
aliases like

  dbus_tools = self.dbus.out;
  dbus_daemon = self.dbus.daemon;

now use the old, non-overriden version of dbus. That seems like a
pretty serious regression in general, but for this particular problem,
I've fixed it by replacing dbus_daemon by dbus.daemon and dbus_tools
by dbus.
2016-09-05 13:45:59 +02:00
Eelco Dolstra 0aa7520670 Revert "nixos: remove rsync from base install and add explicit path in nixos-install"
This reverts commit 582313bafe.

Removing rsync is actually pointless because nixos-install depends on
it. So if it's part of the system closure, we may as well provide it
to users.

Probably with the next Nix release we can drop the use of rsync and
use "nix copy" instead.
2016-09-05 13:45:59 +02:00
Joachim Fasting 269f739ded
grsecurity module: set nixpkgs.config.grsecurity = true 2016-09-05 00:56:17 +02:00
Tom Hunger d459916501 prometheus service: rename values to match prometheus 1.0 naming. 2016-09-04 20:03:45 +01:00
Benjamin Staffin 58869cf310 prometheus service: add
This is based on @benleys work: https://github.com/NixOS/nixpkgs/pull/8216
I updated changed the user and group ids.
2016-09-04 20:03:32 +01:00
Domen Kožar 393e646e4f setuid-wrappers: correctly umount the tmpfs 2016-09-04 17:56:00 +02:00
Jaka Hudoklin c083ab99b2 Merge pull request #17969 from offlinehacker/pkgs/etcd/update-3.0.6
Update etcd, improve nixos module, fix nixos tests
2016-09-04 16:31:50 +02:00
Rok Garbas 095c7aefe1
nixos/manual: mentioning other zsh options at program.zsh.enable
fixes #13224
2016-09-04 16:31:29 +02:00
Karn Kallio 8d977ead38
setuid-wrappers : Prepare permissions for running wrappers
The new setuid-wrappers in /run cannot be executed by users due to:

1) the temporary directory does not allow access
2) the /run is mounted nosuid
2016-09-04 03:19:32 +02:00
Alexander Ried 1542bddcc8 nixos-install.sh: Create /var (#18266)
Got lost in a6670c1a0b
2016-09-03 19:17:44 +02:00
Joachim F 3db5311be9 Merge pull request #18207 from tavyc/quagga-module
quagga service: init
2016-09-03 16:23:23 +02:00
Damien Cassou f96cd1ea64 emacs module: Fix to get properly themed GTK apps 2016-09-03 08:25:25 +02:00
Tuomas Tynkkynen e2c6740c37 Merge commit 'adaee73' from staging into master
This one was already merged into release-16.09, so let's not have the
stable branch is ahead of master and confuse things. In addition to
that, currently we have an odd situation that master has less things
actually finished building than in staging.

Conflicts:
	pkgs/data/documentation/man-pages/default.nix
2016-09-03 01:02:51 +03:00
Vladimír Čunát 02217bf697 Merge #17838: postgresql: Fix use with extensions 2016-09-02 20:09:40 +02:00
Octavian Cerna a30d4654f2 quagga service: New NixOS module. 2016-09-02 13:59:51 +03:00
Rob Vermaas d6dbe43af2 bightbox-image.nix: use lib in stead of stdenv.lib. Fixes #18208 2016-09-02 10:04:09 +00:00
Lancelot SIX 5b8072fff6
postgresql: Fix use with extensions
Fixes #15512 and #16032

With the multi output, postgresql cannot find at runtime what is its
basedir when looking for libdir and pkglibdir. This commit fixes that.
2016-09-02 11:51:21 +02:00
Nikolay Amiantov 608ee1c7b3 mjpg-streamer service: restart on failure 2016-09-02 11:44:16 +03:00
Luca Bruno 15bb6bb9d6 Merge pull request #15893 from groxxda/fix/accountsservice
accountsservice: refactor package and service
2016-09-02 08:16:10 +00:00
Domen Kožar a6670c1a0b Fixes #18124: atomically replace /var/setuid-wrappers/ (#18186)
Before this commit updating /var/setuid-wrappers/ folder introduced
a small window where NixOS activation scripts could be terminated
and resulted into empty /var/setuid-wrappers/ folder.

That's very unfortunate because one might lose sudo binary.

Instead we use two atomic operations mv and ln (as described in
https://axialcorps.com/2013/07/03/atomically-replacing-files-and-directories/)
to achieve atomicity.

Since /var/setuid-wrappers is not a directory anymore, tmpfs mountpoints
were removed in installation scripts and in boot process.

Tested:

- upgrade /var/setuid-wrappers/ from folder to a symlink
- make sure /run/setuid-wrappers-dirs/ legacy symlink is really deleted
2016-09-01 20:57:51 +02:00
Данило Глинський (Danylo Hlynskyi) 78cd9f8ebc virtualbox: add headless build (without Qt dependency) (#18026) 2016-09-01 20:54:58 +02:00
Domen Kožar d163882770 Merge pull request #18172 from Profpatsch/startAt-type
systemd-unit-options: startAt can be a list
2016-09-01 20:44:32 +02:00
Alexander Ried 1529641b52 accountsservice: add support for mutableUsers = false
Add code to accountsservice that returns an error if the environment
variable NIXOS_USERS_PURE is set. This variable is set from the nixos
accountsservice module if mutableUsers = false
2016-09-01 15:25:28 +02:00
Joachim Fasting 6df8de50f3
unbound service: whitespace fixes 2016-09-01 14:51:33 +02:00
Joachim Fasting 03c2c87ed6
unbound service: use mkEnableOption 2016-09-01 14:51:32 +02:00
Tuomas Tynkkynen 8c4aeb1780 Merge staging into master
Brings in:
    - changed output order for multiple outputs:
      https://github.com/NixOS/nixpkgs/pull/14766
    - audit disabled by default
      https://github.com/NixOS/nixpkgs/pull/17916

 Conflicts:
	pkgs/development/libraries/openldap/default.nix
2016-09-01 13:27:27 +03:00
Tuomas Tynkkynen d02e5a7d8f nixos/filesystems: Drop compat code for filesystems.*.options type 2016-09-01 12:18:33 +03:00
Eelco Dolstra 8172cd734c docdev -> devdoc
It's "developer documentation", not "documentation developer" after
all.
2016-09-01 11:07:23 +02:00
Domen Kožar f5271680c4 Fixes #14831 by using full path for binaries used in install-grub.pl
Both btrfs-progs and utillinux are ~5MB, we may discuss in future
to handle this better but I see no better way at the moment than
increaing purity in the install process.
2016-09-01 10:36:38 +02:00
Domen Kožar 2a7293fd9d install-grub.pl: fix a double slash prefix bug 2016-09-01 10:14:44 +02:00
Domen Kožar 5e5b0d039c install-grub.pl: add comments 2016-09-01 10:14:44 +02:00
Profpatsch 488f0d9cb3 systemd-unit-options: startAt can be a list
OnCalendar entrys can be specified multiple times in a systemd timer, to
make more complex scheduling possible.

Tested by manually checking the timer generated by the following:

    systemd = {
      services.huhu = {
        description = "meh";
        wantedBy = [ "default.target" ];
        serviceConfig.ExecStart = "/bin/sh -c 'printf HUHU!'";
        startAt = [ "*:*:0/30" "*:0/1:15" ];
      };
    };

It prints HUHU to the log at seconds 0, 15 and 30 of each minute.
2016-09-01 00:39:36 +02:00
Tuomas Tynkkynen 16b3e26da4 audit: Disable by default
Because in its default enabled state it it causes a global performance
hit on all system calls (https://fedorahosted.org/fesco/ticket/1311) and
unwanted spam in dmesg, in particular when using Chromium
(https://github.com/NixOS/nixpkgs/issues/13710).
2016-08-31 23:15:41 +03:00
Tuomas Tynkkynen 5eff0b990c audit service: Explicitly call auditctl to disable everything
Otherwise, journald might be starting auditing.
Some reading:
    - https://fedorahosted.org/fesco/ticket/1311
    - https://github.com/systemd/systemd/issues/959
    - 64f83d3087
2016-08-31 23:15:32 +03:00
obadz a3621b1047 nixos/…/swap.nix: add some safety assertions for randomEncryption 2016-08-31 15:29:11 +01:00
Domen Kožar d8d75ddec6 Revert "setuid-wrappers: Update wrapper dir atomically."
This reverts commit ee535056ce.

It doesn't work yet.
2016-08-31 16:25:18 +02:00
Nikolay Amiantov 4499a505ed hidepid service: use new boot.specialFileSystems 2016-08-31 17:16:41 +03:00
Nikolay Amiantov a4879c44c9 Merge pull request #18160 from obadz/swap-encryption
nixos/…/swap.nix: remove backslashes from deviceName
2016-08-31 17:59:45 +04:00
Nikolay Amiantov 7fa8c424bd nixos filesystems: move special filesystems to a dedicated option
Fixes #18159.
2016-08-31 16:50:13 +03:00
obadz a7d238136d nixos/…/swap.nix: remove backslashes from deviceName
Fixes #8277

Prior to this, backslashes would end up in fstab and the swap partition
was not activated.  Swap files seemed to work fine.
2016-08-31 14:40:21 +01:00
Shea Levy ee535056ce setuid-wrappers: Update wrapper dir atomically.
Fixes #18124.
2016-08-31 08:00:57 -04:00
zimbatm 17dbfeb450 Merge pull request #18152 from roblabla/bugfix-zeroTierOneConfigurablePackage
zerotierone: make package configurable
2016-08-31 12:34:59 +01:00
roblabla caa1350e07 zerotierone: make package configurable 2016-08-31 12:39:55 +02:00
Domen Kožar da421bc75f Fix #4210: Remove builderDefs
This was one of the ways to build packages, we are trying
hard to minimize different ways so it's easier for newcomers
to learn only one way.

This also:

- removes texLive (old), fixes #14807
- removed upstream-updater, if that code is still used it should be in
  separate repo
- changes a few packages like gitit/mit-scheme to use new texlive
2016-08-31 11:34:46 +02:00
Mango Chutney 40d2fa2a1b Don't break grow-partition 2016-08-31 03:06:46 +00:00
Nathan Zadoks f503f648b3 virtualbox-image module: enable partition / filesystem growth 2016-08-30 16:48:05 -04:00
Nathan Zadoks 346c31000b amazon-grow-partition module: rename to grow-partition 2016-08-30 16:48:04 -04:00
Nathan Zadoks 1de8e1b02e amazon-grow-partition module: autodetect the root device 2016-08-30 16:48:04 -04:00
Nikolay Amiantov 509733a343 Merge pull request #17822 from abbradar/systemd-mounts
nixos filesystems: unify special filesystems handling
2016-08-30 22:42:19 +04:00
Domen Kožar e561edc322 update-users-groups.pl: correctly guard duplicate uids for declarative users
Verified that following nixos configuration:

    users.users.foo = {
      uid = 1000;
      name = "foo";
    };
    users.users.bar = {
      name = "bar";
    };

Before this commit both users will get uid of 1000, after it's applied
bar will correctly get 1001.
2016-08-30 17:14:14 +02:00
Eelco Dolstra 83103dc267 Merge pull request #18104 from ericsagnes/feat/nixos-manual-gen-cleanup
nixos manual: cleanup generation
2016-08-30 10:35:18 +02:00
obadz 03b9a159fe opensmtpd nixos module: chmod & chown until the daemon's heart's content 2016-08-30 02:13:22 +01:00
Eric Sagnes b50e627ef6 nixos manual: cleanup generation 2016-08-30 09:40:05 +09:00
Joachim Fasting dab32a1fa6
nixos manual: move chapter on grsecurity to auto-generated module docs 2016-08-29 23:48:12 +02:00
Joachim Fasting d78e0ed1f9
dnscrypt-proxy module: move detailed info to module documentation 2016-08-29 23:48:12 +02:00
Joachim Fasting 68210aa772
dnscrypt-proxy module: serviceConfig.Group is redundant
Same as user's primary group if left unspecified
2016-08-29 23:48:12 +02:00
Joachim Fasting 23a7e6e911
dnscrypt-proxy module: formatting 2016-08-29 23:48:11 +02:00
Vladimír Čunát 4f73633f26 treewide: stop using fontbhttf 2016-08-29 22:28:50 +02:00
Guillaume Maudoux 3aef93e8f0 nixos/containers: Process config like toplevel options (#17365) 2016-08-29 18:25:50 +02:00