1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-12-21 05:25:38 +00:00
Commit graph

17231 commits

Author SHA1 Message Date
Izorkin da08b22e1a nixos/mysql-replication: ignore system databases in binary log 2020-05-14 17:29:40 +03:00
Izorkin f52700fc14 nixos/tests/mysql-replication: fix test script
MariaDB 10.4 introduces a number of changes to the authentication
process, intended to make things easier and more intuitive.
2020-05-14 17:29:40 +03:00
Izorkin 90f30032f3 nixos/tests/mariadb-galera-rsync: fix test script
MariaDB 10.4 introduces a number of changes to the authentication
process, intended to make things easier and more intuitive.
2020-05-14 17:29:40 +03:00
Izorkin 963259d4ed nixos/tests/mariadb-galera-mariabackup: fix test script
MariaDB 10.4 introduces a number of changes to the authentication
process, intended to make things easier and more intuitive.
2020-05-14 17:29:40 +03:00
Izorkin a4c7e0f502 nixos/mysql: add release notes 2020-05-14 17:29:40 +03:00
Izorkin b8c8e810aa nixos/mysql: disable load pluginx auth_socket in mariadb 2020-05-14 17:29:40 +03:00
Izorkin a40a811b17 mariadb-galera: 25.3.27 -> 26.4.3 2020-05-14 17:29:40 +03:00
Nikolaj Hey Hinnerskov 496bd1c706 nixosTests.kubernetes: port tests to python 2020-05-14 15:14:02 +02:00
Florian Klink 4a85559ffc
Merge pull request #87016 from flokli/nsswitch-cleanup
nixos/nsswitch cleanup nss modules
2020-05-14 14:55:43 +02:00
Eelco Dolstra 0ffc85d64b
Remove unused files 2020-05-14 14:34:50 +02:00
Jörg Thalheim 1694c0b3f7
Merge pull request #86376 from c00w/vendor_mod 2020-05-14 08:25:01 +01:00
Linus Heckemann 85a0587884
Merge pull request #87219 from serokell/kirelagin/postgres-no-time
postgres: Do not log timestamp
2020-05-14 08:34:44 +02:00
Colin L Rice c5f18c44b1
go-modules: Doc updates 2020-05-14 07:21:52 +01:00
Jeff Slight fe07adef7f
nixos/logrotate: add newline before extraConfig
Co-authored-by: Ryan Mulligan <ryan@ryantm.com>
2020-05-13 20:52:26 -07:00
AndersonTorres 1c2c0b2eb8 lwm: init at 1.2.4
lwm is a lightweight window manager
2020-05-13 21:32:54 -03:00
AndersonTorres 43ce2a5219 berry: init at 0.1.5
berry is a small window manager for X11
2020-05-13 21:32:54 -03:00
AndersonTorres 6aeaa1019c yeahwm: init at 0.3.5
yeahwm is a small window manager for X11, inspired by evilwm
2020-05-13 21:32:54 -03:00
AndersonTorres 58a93ee62d smallwm: init at 2020-02-28 2020-05-13 21:32:54 -03:00
Jeff Slight 90ce7f508a nixos/logrotate: add options for basic paths 2020-05-13 13:44:58 -07:00
Kirill Elagin 084bd32bad
postgresql: Fix formatting in option description
Co-authored-by: Mario Rodas <marsam@users.noreply.github.com>
2020-05-13 23:33:08 +03:00
Jeff Slight c94911c5b7 nixos/logrotate: use lib.mkEnableOption 2020-05-13 11:58:51 -07:00
Jaka Hudoklin 9a29fe5808
Merge pull request #87576 from xtruder/pkgs/libvirtd/polkit
libvirtd: polkit integration, security fixes
2020-05-13 21:00:51 +07:00
Jaka Hudoklin 056ab3d278 nixos/libvirtd: use polkit for auth 2020-05-13 21:00:04 +07:00
Jörg Thalheim 6c437ef1bb
Merge pull request #85567 from Izorkin/nginx-sandbox 2020-05-13 10:34:02 +01:00
Dietrich Daroch 735c9a70d7 Services,IPFS,Fix: Require the ipfs-migrator package for handling upgrades.
Without it, the services get stuck on startup when the IPFS repo needs upgrades.
2020-05-13 00:15:50 -07:00
Linus Heckemann db010c5537
Merge pull request #85687 from mayflower/privacyidea
Init privacyIDEA packages and modules
2020-05-13 09:08:57 +02:00
Timmy Xiao fd13ca9f84 pam: fix spelling mistake in configuration 2020-05-12 15:56:37 -04:00
Izorkin 94391fce1d nixos/nginx: add option enableSandbox 2020-05-12 20:03:29 +03:00
Izorkin aa12fb8adb nginxModules: add option allowMemoryWriteExecute
The allowMemoryWriteExecute option is required to checking enabled nginxModules
and disable the nginx sandbox mode MemoryDenyWriteExecute.
2020-05-12 20:03:29 +03:00
Izorkin c7106610f1 nixos/tests: add nginx-sandbox test 2020-05-12 20:03:29 +03:00
Izorkin af6d0095f7 nixos/tests: fix nginx-pubhtml test 2020-05-12 20:03:29 +03:00
Izorkin 97a0928ccb nixos/nginx: add release notes 2020-05-12 20:03:28 +03:00
Izorkin 628354c686 nixos/nginx: enable sandboxing 2020-05-12 20:03:27 +03:00
adisbladis 30236aceaf
Merge pull request #87581 from cole-h/doas
nixos/doas: default rule should be first
2020-05-12 18:38:51 +02:00
Jacek Galowicz 11f49fb94d
Merge pull request #79966 from chkno/bcache
nixos/bcache: Installer test for / on bcache
2020-05-12 18:21:44 +02:00
Silvan Mosberger 6440000547
Merge pull request #87599 from helsinki-systems/znapzend-oracle-mode 2020-05-12 15:39:25 +02:00
Silvan Mosberger fea63944fd
Merge pull request #87280 from helsinki-systems/znapzend-mbuffer-path 2020-05-12 15:37:38 +02:00
betaboon fd41795f58 nixos/pixiecore: fix escaping of cmdline 2020-05-12 15:14:49 +02:00
Florian Klink d6f90e4f9e
Merge pull request #73530 from eadwu/nvidia/systemd-pm
nixos/nvidia: include systemd power management
2020-05-12 13:54:45 +02:00
Linus Heckemann 90c0191735
Merge pull request #85428 from serokell/kirelagin/unit-script-name
systemd: Simplify unit script names
2020-05-12 09:35:26 +02:00
Jacek Galowicz efe0051a9d
Merge pull request #87632 from chkno/installer-test-machine-name-fix
nixos/tests/installer: Fix machine name
2020-05-12 09:32:44 +02:00
Anderson Torres bae0829384
Merge pull request #87288 from AndersonTorres/tinywm-upload
tinywm: init at 2014-04-22
2020-05-11 21:31:41 -03:00
Chuck f9091581e8 nixos/tests/installer: Fix machine name 2020-05-11 15:41:18 -07:00
Matthew Bauer 43545032af
Merge pull request #87314 from matthewbauer/bazel-flat
build-bazel-package: switch hash mode to “flat”
2020-05-11 15:27:48 -05:00
Matthew Bauer fe48f63c3c build-bazel-package: Add hash change to changelog 2020-05-11 13:19:52 -05:00
Florian Klink 23ba506113 nixos/nsswitch: improve error message
Show the config option triggering the assertion, so people don't
necessary lookup the nixpkgs source code.
2020-05-11 16:14:51 +02:00
Florian Klink 90bc3ec9b9 nixos/sssd remove redundant condition
This is all inside a global cfg.enable conditional, so we don't need to
check here again.
2020-05-11 16:14:51 +02:00
Florian Klink 4a69bf2a1e nixos/systemd: enable systemd-provided nss modules unconditionally
A disabled nscd breaks nss module loading on NixOS, and systemd without
its nss modules doesn't really work either - instead of silently
disabling its nss modules if nscd is disabled, let the assertion in
nsswitch handle this.
2020-05-11 16:14:51 +02:00
Florian Klink 1df38e2a1d nixos/nsswitch: update comment next to assertion 2020-05-11 16:14:51 +02:00
Florian Klink 0f6f544aaf nixos/sssd: drop assertion
This is now already triggered by the nsswitch module, as we set
system.nssModules.
2020-05-11 16:14:51 +02:00
Florian Klink 1fb6c37597 nixos/samba: move nss database configuration into samba module 2020-05-11 16:14:50 +02:00
Florian Klink fd21793de6 nixos/avahi: move nss database configuration into avahi module 2020-05-11 16:14:50 +02:00
Florian Klink 4f9c8ef791 nixos/ldap: move nss database configuration into ldap module
now that passwdArray and shadowArray aren't used anymore, these can be
folded.
2020-05-11 16:14:50 +02:00
Florian Klink 36b6e26d40 nixos/systemd: add to system.nssDatabases.group too
nixos/modules/config/nsswitch.nix uses `passwdArray` for both `passwd`
and `group`, but when moving this into the systemd module in
c0995d22ee, it didn't get split
appropriately.
2020-05-11 16:14:50 +02:00
Florian Klink 2297508783 nixos/google-oslogin: add to system.nssDatabases.group too
nixos/modules/config/nsswitch.nix uses `passwdArray` for both `passwd`
and `group`, but when moving this into the google-oslogin module in
4b71b6f8fa, it didn't get split
appropriately.
2020-05-11 16:14:50 +02:00
Florian Klink ecf327d697 nixos/sssd: add to system.nssDatabases.group too
nixos/modules/config/nsswitch.nix uses `passwdArray` for both `passwd`
and `group`, but when moving this into the sss module in
edddc7c82a, it didn't get split
appropriately.
2020-05-11 16:14:50 +02:00
Michel Weitbrecht 90533bfde2
nixos/znapzend: Add oracleMode feature; add maintainer
The feature destroys snapshots one-by-one instead of all at once.
If many snapshots accumulated, destroying them all at once can fail
because the argument list is too long. See
https://github.com/oetiker/znapzend/blob/master/lib/ZnapZend/ZFS.pm#L284
2020-05-11 14:35:30 +02:00
Michel Weitbrecht c46b26b9ad
nixos/znapzend: Use generic mbuffer path
The configured mbuffer path will be called on both the source and target
system. If you use pkgs.mbuffer from the source host and the target host
does not have this exact derivation, you will get a broken pipe when
sending snapshots. This is the case when transferring to a non-NixOS
system or to a host with a different mbuffer version.
2020-05-11 14:26:39 +02:00
Florian Klink b12c08ca88
Merge pull request #87414 from chkno/specify-shell-when-sudoing-to-user-with-unknown-shell
nixos/test-driver: Specify /bin/sh shell when running a bourne shell script as the user
2020-05-11 13:32:46 +02:00
Michele Guerini Rocco da19aa1319
Merge pull request #87593 from vojta001/monero
monero: fix rcp.restricted option
2020-05-11 12:39:16 +02:00
Jörg Thalheim 11c18faa4e
Merge pull request #85862 from Izorkin/nginx-paths 2020-05-11 11:17:04 +01:00
Vojtěch Káně e7ab236cab monero: fix rcp.restricted option
According to https://monerodocs.org/interacting/monerod-reference/#node-rpc-api
the correct option is restricted-rpc, not restrict-rpc.
2020-05-11 12:11:58 +02:00
Cole Helbling 01b645e872
nixos/doas: default rule should be first
In /etc/doas.conf, the last-matched rule will override all
previously-matched rules. Thus, make the default rule show up first (but
still allow some wiggle room for a user to `mkBefore` it), before any
user-defined rules.
2020-05-10 22:14:16 -07:00
Dominique Martinet d8fa2627f3 mpd: remove user/group from conf
the options should not be set as we already change user with service
file, man mpd.conf says "Do not use this option if you start MPD as an
unprivileged user"

The group option actually is not documented at all anymore and probably
no longer exists.

These options get in the way of setting up confinement for the service,
as it would otherwise be pretty straightforward to setup, but even if
mpd is not root it would check the user exists within the chroot which
is more work (need to get nss working):

  systemd.services.mpd = {
    serviceConfig.BindPaths = [
      # mpd state dir
      "/var/lib/mpd"
      # notify systemd service started up
      "/run/systemd/notify"
    ];
    serviceConfig.BindReadOnlyPaths = [
      "/path/to/music:/var/lib/mpd/music"
    ];
    # ProtectSystem is not compatible with confinement
    serviceConfig.ProtectSystem = lib.mkForce false;
    confinement = {
      enable = true;
      binSh = null;
      mode = "chroot-only";
    };
  };
2020-05-10 20:24:33 +02:00
Gaelan 4ed7e23636 nixos/device-tree: fix package name in examples
deviceTree_rpi got renamed to device-tree_rpi a while back, so this updates the examples to reflect that.
2020-05-10 20:13:54 +02:00
Dominique Martinet 4c81174f4c
nixos/confinement: add conflict for ProtectSystem service option
Systemd ProtectSystem is incompatible with the chroot we make
for confinement. The options is redundant with what we do anyway
so warn if it had been set and advise to disable it.

Merges: https://github.com/NixOS/nixpkgs/pull/87420
2020-05-10 19:25:41 +02:00
Edmund Wu 9a269f555a
nixos/nvidia: include systemd power management 2020-05-10 11:25:50 -04:00
Richard Marko a6ac6d00f9 nixos/raspberrypi-builder: fix cross using buildPackages 2020-05-10 16:03:31 +02:00
Richard Marko 03ae0c0fe2 nixos/uboot-builder: fix cross using buildPackages 2020-05-10 16:03:31 +02:00
Andreas Rammhold a432f832bf nixos/tests/gitdaemon: fix spurious test failures due to flaky network
This test is sometimes flaky on hydra as at the time of the `git clone`
the network isn't really configured yet[1]. That problem doesn't seem to
occur locally but if you run it on a machine with high enough load (such
as hydra build machines). Hopefully this will make the test not flaky
anymore.

[1] https://hydra.nixos.org/build/118710378/nixlog/21/raw
2020-05-10 15:58:54 +02:00
José Romildo Malaquias be03474637
Merge pull request #77054 from formbay/nvidia-persistenced
nixos/nvidia : added nvidia-persistenced
2020-05-10 07:42:47 -03:00
adisbladis 68ee2396f6
Merge pull request #86488 from cole-h/doas
nixos/doas: init
2020-05-10 10:33:29 +02:00
Matthew Bauer b907387ffe
Merge pull request #87212 from matthewbauer/dont-include-gdk-pixbuf-module-file
nixos/gdk-pixbuf.nix: don’t set GDK_PIXBUF_MODULE_FILE in cross
2020-05-09 14:06:48 -05:00
Florian Klink 8325e0db11 Revert "nixos/resolved: Include dbus alias of resolved unit"
This reverts commit 7fe539f799.
2020-05-09 20:05:01 +02:00
Chuck 751a27020e nixos/test-driver: Specify /bin/sh shell when running a bourne shell script as the user
The test harness provides the commands it wishes to run in Bourne
syntax.  This fails if the user uses a different shell.  For example,
with fish:

  machine.wait_for_unit("graphical-session.target", "alice")

machine # fish: Unsupported use of '='. To run '-u`' with a modified environment, please use 'env XDG_RUNTIME_DIR=/run/user/`id -u`…'
machine # XDG_RUNTIME_DIR=/run/user/`id -u` systemctl --user --no-pager show "graphical-session.target"
machine # ^
machine # [   16.329957] su[1077]: pam_unix(su:session): session closed for user alice
error: retrieving systemctl info for unit "graphical-session.target" under user "alice" failed with exit code 127
2020-05-09 11:01:17 -07:00
Florian Klink d4c2f1ab5d
Merge pull request #87263 from arianvp/resolved-dbus
nixos/resolved: Include dbus alias of resolved unit
2020-05-09 18:06:50 +02:00
Robin Gloster f1f0e82c50
privacyidea: address reviews 2020-05-09 12:11:44 +02:00
Eelco Dolstra 10d74709fe
Merge pull request #87191 from edolstra/no-nested-logs
testing{-python}.nix: Remove log pretty-printing cruft
2020-05-09 09:00:27 +02:00
Mario Rodas 72654dc57e
Merge pull request #87210 from Frostman/prom-2.18.0
prometheus: 2.17.2 -> 2.18.1
2020-05-08 14:03:15 -05:00
AndersonTorres 44d90b0619 tinywm: init at 2014-04-22
A tiny window manger for X11
2020-05-08 15:29:25 -03:00
Alexey Shmalko afbab5a3f3
Merge pull request #85996 from misuzu/nixos-install-low-memory
nixos/nixos-installer: use temporary directory on target filesystem
2020-05-08 18:40:24 +03:00
Sergey Lukjanov 742e5bff36 prometheus: 2.17.2 -> 2.18.1 2020-05-08 07:40:38 -07:00
Michael Raskin 50684f118a
Merge pull request #87264 from prusnak/rfc45
treewide: per RFC45, remove more unquoted URLs
2020-05-08 14:30:09 +00:00
Jörg Thalheim 43b3c15228
Merge pull request #87255 from symphorien/dovecot-restart-module 2020-05-08 15:05:10 +01:00
Pavol Rusnak 6abf4a43ad
treewide: per RFC45, remove more unquoted URLs 2020-05-08 15:20:47 +02:00
Arian van Putten 7fe539f799 nixos/resolved: Include dbus alias of resolved unit
This will make dbus socket activation for it work

When `systemd-resolved` is restarted; this would lead to unavailability
of DNS lookups.  You're supposed to use DBUS socket activation to buffer
resolved requests; such that restarts happen without downtime
2020-05-08 14:21:25 +02:00
Symphorien Gibol 8fc8eec0e7 nixos/tt-rss.service: set syslogidentifier 2020-05-08 12:00:00 +00:00
Symphorien Gibol 0f3b4928b2 dovecot: restart when modules are changed 2020-05-08 12:00:00 +00:00
Symphorien Gibol e96c52efdb tt-rss: restart on failure
as should be the default with all long-running services
2020-05-08 12:00:00 +00:00
Symphorien Gibol c7db8c1927 tt-rss: make less insanely verbose.
Fixes #74427
2020-05-08 12:00:00 +00:00
Jörg Thalheim ddef88772e
Merge pull request #86242 from lordcirth/ipfs05 2020-05-08 10:51:21 +01:00
Utku Demir f5a90a7aab
dockerTools.buildImage: Preserve environment variables from the parent image 2020-05-08 21:49:16 +12:00
Jörg Thalheim 8b5707b547
nixos/ipfs: convert tests to python driver & simplify 2020-05-08 10:48:47 +01:00
Kirill Elagin 652958eefa postgres: Do not log timestamp
By default, postgres prefixes each log line with a timestamp. On NixOS
logs are written to journal anyway, so they include an external
timestamp, so the timestamp ends up being printed twice, which clutters
the log.

* Add a module option to change the log prefix.
* Set it to upstream default sans timestamp.
2020-05-08 00:13:20 +03:00
Matthew Bauer c33e8c4986 nixos/gdk-pixbuf.nix: don’t set GDK_PIXBUF_MODULE_FILE in cross
From 6c5983a291, this should not be
necessary for gdk-pixbuf to work correctly.
2020-05-07 14:39:42 -05:00
Jörg Thalheim c880c7b592
Merge pull request #84136 from Izorkin/mariadb-galera-test
nixos/tests: add check mariadb galera cluster
2020-05-07 15:51:17 +01:00
Eelco Dolstra 3f80fadec4 testing{-python}.nix: Remove log pretty-printing cruft
This completes the removal of the nested log feature, which previously
got removed from Nix, Hydra, stdenv and GNU Make. In particular, this
means that the output of VM builds no longer contains a copy of
jQuery.
2020-05-07 15:56:30 +02:00
José Romildo Malaquias 9e1975bebd
Merge pull request #86519 from romildo/upd.efl
enlightenment.efl: 1.23.3 -> 1.24.0; new test module
2020-05-07 10:52:52 -03:00
Eelco Dolstra 78f2a83029 test-driver.py: Fix deadlock when the log queue gets full
If a program (e.g. nixos-install) writes more than 1000 lines to
stderr during execute(), then process_serial_output() deadlocks
waiting for the queue to be processed. So use an unbounded queue
instead.

We should probably get rid of the structured log output (log.xml),
since then we don't need the log queue anymore.
2020-05-07 15:25:24 +02:00
Eelco Dolstra ecdb5c4320
nixos-install: 'nix build' -> nix-build
'nix build' is an experimental command so we shouldn't use it
yet. (nixos-rebuild also uses 'nix', but only when using flakes, which
are themselves an experimental feature.)
2020-05-07 13:12:29 +02:00