1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-12-21 13:44:50 +00:00
Commit graph

101 commits

Author SHA1 Message Date
Maximilian Bosch e826a6ce03
nixos/dovecot2: refactor mailboxes option
Specifying mailboxes as a list isn't a good approach since this makes it
impossible to override values. For backwards-compatibility, it's still
possible to declare a list of mailboxes, but a deprecation warning will
be shown.
2020-06-17 22:05:58 +02:00
Jörg Thalheim a9a5016644
Merge pull request #87833 from Izorkin/sandbox-mysql 2020-06-16 18:13:43 +01:00
Andreas Rammhold 55c09a884a nixos/modules/system/boot/networkd: enable socket activation
Since cd1dedac67 systemd-networkd has it's
netlink socket created via a systemd.socket unit. One might think that
this doesn't make much sense since networkd is just going to create it's
own socket on startup anyway. The difference here is that we have
configuration-time control over things like socket buffer sizes vs
compile-time constants.

For larger setups where networkd has to create a lot of (virtual)
devices the default buffer size of currently 128MB is not enough.

A good example is a machine with >100 virtual interfaces (e.g.,
wireguard tunnels, VLANs, …) that all have to be brought up during
startup. The receive buffer size will spike due to all the generated
message from the new interfaces. Eventually some of the message will be
dropped since there is not enough (permitted) buffer space available.

By having networkd start through / with a netlink socket created by
systemd we can configure the `ReceiveBufferSize` parameter in the socket
options without recompiling networkd.

Since the actual memory requirements depend on hardware, timing, exact
configurations etc. it isn't currently possible to infer a good default
from within the NixOS module system. Administrators are advised to
monitor the logs of systemd-networkd for `rtnl: kernel receive buffer
overrun` spam and increase the memory as required.

Note: Increasing the ReceiveBufferSize doesn't allocate any memory.  It
just increases the upper bound on the kernel side. The memory allocation
depends on the amount of messages that are queued on the kernel side of
the netlink socket.
2020-06-16 00:41:41 +02:00
Samuel Dionne-Riel 04161c4c72
Merge pull request #90391 from samueldr/fix/manual-zstd-note
nixos/release-notes: Amend note about image compression
2020-06-15 14:58:39 -04:00
Samuel Dionne-Riel 0f7fb7d62f nixos/release-notes: Amend note about image compression 2020-06-15 14:46:22 -04:00
Florian Klink af3c1000a4
Merge pull request #90343 from flokli/hardware-u2f-remove
hardware/u2f: remove module
2020-06-15 17:53:47 +02:00
Frederik Rietdijk 59dda0a42a Merge master into staging-next 2020-06-15 08:07:00 +02:00
Florian Klink 89c3e73dad hardware/u2f: remove module
udev gained native support to handle FIDO security tokens, so we don't
need a module which only added the now obsolete udev rules.

Fixes: https://github.com/NixOS/nixpkgs/issues/76482
2020-06-14 15:13:31 +02:00
Michele Guerini Rocco 1d924f0354
Merge pull request #89772 from rnhmjoj/dnschain
dnschain: remove
2020-06-13 13:37:02 +02:00
rnhmjoj 8fa6c0d12d
nixos/release-notes: document dnschain removal 2020-06-13 12:33:31 +02:00
Frederik Rietdijk febc27b59a Merge master into staging-next 2020-06-12 08:57:26 +02:00
adisbladis 1a5dafcd5b
services.x11.videoDrivers: Don't include vmware driver by default
A better option for vmware guests is to set `virtualisation.vmware.guest.enable`.
2020-06-11 18:49:29 +02:00
Izorkin df7e52814d nixos/mysql: enable sandbox mode 2020-06-10 12:38:40 +03:00
Frederik Rietdijk 8576d24b2a Merge staging-next into staging 2020-06-08 12:08:51 +02:00
Frederik Rietdijk dc33419285 Merge master into staging-next 2020-06-08 12:06:12 +02:00
Marek Mahut 7b9d7cc05d
Merge pull request #85947 from prusnak/images-zstd
Use zstd for ISO and SD images
2020-06-07 19:09:43 +02:00
Frederik Rietdijk 1c68570ab2 Merge staging-next into staging 2020-06-05 19:42:16 +02:00
Frederik Rietdijk 43f71029cc Merge master into staging-next 2020-06-05 19:40:53 +02:00
Vladimír Čunát 677e3960b5
Merge #82342: rustPlatform: increase build-speed of checkPhase
...for rust-packages (into staging)
2020-06-05 09:12:30 +02:00
Ben Wolsieffer 14eceb5991 nixos/grub: support initrd secrets 2020-06-04 18:30:46 -04:00
Frederik Rietdijk b7ff746540 python3: now points to python38
Note this also means python3Minimal is now also Python 3.8.

This reverts commit eb1369670b and adds more.
2020-06-04 18:08:29 +02:00
Maximilian Bosch 59e8e7a129
rust: improve docs
Co-authored-by: cole-h <cole.e.helbling@outlook.com>
Co-authored-by: asymmetric <lorenzo@mailbox.org>
2020-05-31 21:47:32 +02:00
Frederik Rietdijk 362d88c2b1 Merge staging-next into staging 2020-05-27 15:27:28 +02:00
Michael Weiss 993baa587c
nixos: Require networking.hostName to be a valid DNS label
This also means that the hostname must not contain the domain name part
anymore (i.e. must not be a FQDN).
See RFC 1035 [0], "man 5 hostname", or the kernel documentation [1].
Note: For legacy reasons we also allow underscores inside of the label
but this is not recommended and intentionally left undocumented.

[0]: https://tools.ietf.org/html/rfc1035
[1]: https://www.kernel.org/doc/html/latest/admin-guide/sysctl/kernel.html#domainname-hostname

Co-authored-by: zimbatm <zimbatm@zimbatm.com>
2020-05-25 18:13:39 +02:00
Michael Weiss 234d95a6fc
nixos/networking: Add the FQDN and hostname to /etc/hosts
This fixes the output of "hostname --fqdn" (previously the domain name
was not appended). Additionally it's now possible to use the FQDN.

This works by unconditionally adding two entries to /etc/hosts:
127.0.0.1 localhost
::1 localhost

These are the first two entries and therefore gethostbyaddr() will
always resolve "127.0.0.1" and "::1" back to "localhost" [0].
This works because nscd (or rather the nss-files module) returns the
first matching row from /etc/hosts (and ignores the rest).

The FQDN and hostname entries are appended later to /etc/hosts, e.g.:
127.0.0.2 nixos-unstable.test.tld nixos-unstable
::1 nixos-unstable.test.tld nixos-unstable
Note: We use 127.0.0.2 here to follow nss-myhostname (systemd) as close
as possible. This has the advantage that 127.0.0.2 can be resolved back
to the FQDN but also the drawback that applications that only listen to
127.0.0.1 (and not additionally ::1) cannot be reached via the FQDN.
If you would like this to work you can use the following configuration:
```nix
networking.hosts."127.0.0.1" = [
  "${config.networking.hostName}.${config.networking.domain}"
  config.networking.hostName
];
```

Therefore gethostbyname() resolves "nixos-unstable" to the FQDN
(canonical name): "nixos-unstable.test.tld".

Advantages over the previous behaviour:
- The FQDN will now also be resolved correctly (the entry was missing).
- E.g. the command "hostname --fqdn" will now work as expected.
Drawbacks:
- Overrides entries form the DNS (an issue if e.g. $FQDN should resolve
  to the public IP address instead of 127.0.0.1)
  - Note: This was already partly an issue as there's an entry for
    $HOSTNAME (without the domain part) that resolves to
    127.0.1.1 (!= 127.0.0.1).
- Unknown (could potentially cause other unexpected issues, but special
  care was taken).

[0]: Some applications do apparently depend on this behaviour (see
c578924) and this is typically the expected behaviour.

Co-authored-by: Florian Klink <flokli@flokli.de>
2020-05-25 14:06:25 +02:00
rnhmjoj 201bf4bfb8
nixos/release-notes: document bazaar removal 2020-05-25 09:28:48 +02:00
Maximilian Bosch 6574ba1946
rust*: add docs for testing packages
See also https://discourse.nixos.org/t/rust-build-speed-improvements/7225
2020-05-24 18:37:34 +02:00
Frederik Rietdijk d578248611 Merge staging-next into staging 2020-05-24 10:10:06 +02:00
Frederik Rietdijk 8a77c900dd Merge staging-next into staging 2020-05-23 10:25:19 +02:00
Jamie McClymont 3d2def38ae grafana: 6.7.3 -> 7.0.0
This version removes PhantomJS support.

Upstream also stopped vendoring dependencies, so I switched to buildGoModule.
2020-05-23 12:04:18 +12:00
Orivej Desh 16d7f7edae Merge branch 'master' into staging 2020-05-22 09:13:23 +00:00
Florian Klink 822918df4c nixos/scripted-networking: use udev to configure link MACAddress and MTUBytes
The `network-link-${i.name}` units raced with other things trying to
configure the interface, or ran before the interface was available.

Instead of running our own set of shell scripts on boot, and hoping
they're executed at the right time, we can make use of udev to configure
the interface *while they appear*, by providing `.link` files in
/etc/systemd/network/*.link to set MACAddress and MTUBytes.

This doesn't require networkd to be enabled, and is populated properly
on non-networkd systems since
https://github.com/NixOS/nixpkgs/pull/82941.

This continues clean-up work done in
https://github.com/NixOS/nixpkgs/pull/85170 for the scripted networking
stack.

The only leftover part of the `network-link-${i.name}` unit (bringing
the interface up) is moved to the beginning of the
`network-addresses-${i.name}` unit.

Fixes: https://github.com/NixOS/nixpkgs/issues/74471
Closes: https://github.com/NixOS/nixpkgs/pull/87116
2020-05-22 10:58:00 +02:00
zowoq f4852591c1
nixos/zram: make zstd the default (#87917) 2020-05-21 21:30:03 +03:00
Jörg Thalheim 834ef12d4f
release-notes: document buildGoModule changes better. 2020-05-20 11:25:46 +01:00
gnidorah b9d37e55a0
maxx: drop (#87715) 2020-05-19 14:38:59 -04:00
Wout Mertens fd05023849
Merge pull request #86848 from primeos/git-add-doc-output
git: Add a doc output for the HTML and text files
2020-05-18 21:28:58 +02:00
Jan Tojnar f8a9c6efac
Merge branch 'staging-next' into staging 2020-05-18 21:09:48 +02:00
Michael Weiss 9f2faa1f6f
git-doc: init 2020-05-18 16:53:13 +02:00
zowoq 5195aed617 rkt: remove 2020-05-16 09:23:07 +10:00
Florian Klink 6f4f37d655 nixos/manual: fix build
This broke in https://github.com/NixOS/nixpkgs/pull/86376

Also, fix some stray trailing whitespaces
2020-05-14 18:18:34 +02:00
Izorkin a4c7e0f502 nixos/mysql: add release notes 2020-05-14 17:29:40 +03:00
Frederik Rietdijk 404fe35d65 Merge staging-next into staging 2020-05-14 09:37:03 +02:00
Colin L Rice c5f18c44b1
go-modules: Doc updates 2020-05-14 07:21:52 +01:00
Izorkin 94391fce1d nixos/nginx: add option enableSandbox 2020-05-12 20:03:29 +03:00
Izorkin 97a0928ccb nixos/nginx: add release notes 2020-05-12 20:03:28 +03:00
John Ericson 1ac5398589 *-wrapper; Switch from infixSalt to suffixSalt
I hate the thing too even though I made it, and rather just get rid of
it. But we can't do that yet. In the meantime, this brings us more
inline with autoconf and will make it slightly easier for me to write a
pkg-config wrapper, which we need.
2020-05-12 00:44:44 -04:00
Matthew Bauer 43545032af
Merge pull request #87314 from matthewbauer/bazel-flat
build-bazel-package: switch hash mode to “flat”
2020-05-11 15:27:48 -05:00
Matthew Bauer fe48f63c3c build-bazel-package: Add hash change to changelog 2020-05-11 13:19:52 -05:00
Jörg Thalheim 11c18faa4e
Merge pull request #85862 from Izorkin/nginx-paths 2020-05-11 11:17:04 +01:00
adisbladis 68ee2396f6
Merge pull request #86488 from cole-h/doas
nixos/doas: init
2020-05-10 10:33:29 +02:00