1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-23 06:01:15 +00:00
Commit graph

9894 commits

Author SHA1 Message Date
Florian Klink 4d51002216
Merge pull request #49650 from srghma/srghma-patch-1
amazon-image: fix typo in comment
2018-11-03 16:04:47 +01:00
Matthew Bauer 4a8fc5b9aa treewide: remove pkgs_i686
This was getting evaluated eagerly causing assertion failures in
aarch64 systems. We can replace usages of pkgs_i686 with
pkgs.pkgsi686Linux.
2018-11-03 00:56:39 -05:00
Florian Klink 93f8ff68ea
Merge pull request #49658 from mayflower/gitlab-refactor
gitlab: refactor and fix test
2018-11-03 01:49:23 +01:00
lewo 3fb4eb1c43 nixos/dockerPreloader: preload docker images (#49379)
This module permits to preload Docker image in a VM in order to reduce
OIs on file copies. This module has to be only used in testing
environments, when the test requires several Docker images such as in
Kubernetes tests. In this case,
`virtualisation.dockerPreloader.images` can replace the
`services.kubernetes.kubelet.seedDockerImages` options.

The idea is to populate the /var/lib/docker directory by mounting qcow
files (we uses qcow file to avoid permission issues) that contain images.

For each image specified in
config.virtualisation.dockerPreloader.images:
1. The image is loaded by Docker in a VM
2. The resulting /var/lib/docker is written to a QCOW file

This set of QCOW files can then be used to populate the
/var/lib/docker:
1. Each QCOW is mounted in the VM
2. Symlink are created from these mount points to /var/lib/docker
3. A /var/lib/docker/image/overlay2/repositories.json file is generated
4. The docker daemon is started.
2018-11-03 01:00:53 +01:00
Robin Gloster ec7cb84bf0
gitlab: refactor and fix test 2018-11-02 22:40:21 +01:00
Austin Seipp 2266f2014b nixos/postgresql: add myself as maintainer
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2018-11-02 13:52:33 -05:00
Austin Seipp 93aa285376 nixos: fix #48917 by setting SYSTEMD_TIMEDATED_NTP_SERVICES
Setting this variable in the environment of systemd-timedated allows
'timedatectl' to tell if an NTP service is running.

Closes #48917.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2018-11-02 09:10:15 -05:00
Joachim F 2dc0fc6516
Merge pull request #47526 from rnhmjoj/syncthing
nixos/syncthing: move configuration to condigDir
2018-11-02 12:02:51 +00:00
Will Dietz 1fe7abcf2e
Merge pull request #49513 from dtzWill/fix/activation-nscd-path
activation-script: add libc to path to provide nscd when needed
2018-11-02 03:57:25 -05:00
Brian Olsen 0810d631a4
nixos/rspamd: Add support for included files
By default rspamd will look for multiple files in /etc/rspamd/local.d
and /etc/rspamd/override.d to be included in subsections of the merged
final config for rspamd. Most of the config snippets in the official
rspamd documentation are made to these files and so it makes sense for
NixOS to support them and this is what this commit does.

As part of rspamd 1.8.1 support was added for having custom Lua
rules stored in $LOCAL_CONFDIR/rspamd.local.lua which means that it is
now possible for NixOS to support such rules and so this commit also
adds support for this to the rspamd module.
2018-11-02 01:46:57 +01:00
obadz c8c1ed2c78 nixos/zerotier: binds to network-online.target to avoid the 1m30s timeout before kill on shutdown 2018-11-01 23:00:25 +00:00
Sander van der Burg 60298d1e08 nixos/kapacitor: new service 2018-11-01 21:53:45 +01:00
Dejan Lukan 02a3726a12 bacula: 5.2.13 -> 9.2.1 2018-11-01 21:28:16 +01:00
Peter Hoeg db1a40a882 home-assistant: use SIGINT instead of SIGTERM to shut down (#49571)
hass will ignore the standard SIGTERM sent by systemd during stop/restart and we
then have to wait for the timeout after which systemd will forcefully kill the
process.

If instead if we send SIGINT, hass will shut down nicely.

There are many issues reported upstream about the inability to shut down/restart
and it is *supposed* to work with SIGTERM but doesn't.
2018-11-01 16:39:37 +01:00
Robert Hensing a3dbeed475
Merge pull request #49338 from FeepingCreature/improve-warning-message
improve shell.nix warning messages
2018-10-31 23:33:23 +01:00
Joachim F 303390600b
Merge pull request #49312 from typetetris/release-18.09
nixos/ddclient: Fix #49258
2018-10-31 19:40:50 +00:00
Jörg Thalheim 553e0d81ee
Merge pull request #48771 from arianvp/container-tweaks
nixos/containers: Introduce several tweaks to systemd-nspawn from upstream systemd
2018-10-31 16:08:16 +00:00
Johan Thomsen 2617b6800d nixos/kubernetes: Replace KubeDNS with CoreDNS 2018-10-31 13:41:04 +01:00
Will Dietz 8c717a5701 activation-script: add libc to path to provide nscd when needed 2018-10-31 07:03:17 -05:00
Travis Athougies 8cc028fd34 nixos/networking.nix: only setup rpc on glibc
(cherry picked from commit 4177dc3f77)
and
(cherry picked from commit a2f0c95baf)
2018-10-30 20:29:28 -05:00
Will Dietz 2603e3a5e9 gtk: don't hardcode glibc use
(cherry picked from commit 6e6f839093ad080c3a61810e9720165faf103e81)
2018-10-30 19:52:03 -05:00
Will Dietz afdf16b714 apparmor-suid: don't force glibc
(cherry picked from commit 131131e58fc66365854f37f4fe2bf6ca01c8aed6)
2018-10-30 19:50:47 -05:00
Will Dietz 9de0b2883a nixos: use pkgs.getent and stdenv.cc.libc
(cherry picked from commit 52eba9753aeba4f02c8ce0de50f10bd98de1ef1e)
2018-10-30 19:49:43 -05:00
Will Dietz 2d0ec8b288 stage1 boot: use stdenv.cc.libc
(cherry picked from commit d3ae884c9eeb4a6f66ac4e57764c04db16ea7c71)
2018-10-30 19:47:06 -05:00
xeji 6efd811062
Merge pull request #49348 from markuskowa/mod-slurm-upgrade
nixos/slurm: add slurmdbd, run daemons as user
2018-10-31 00:16:11 +01:00
Lizard a937dbedea nixos/libvirtd: utilize onShutdown option (#49480)
`services.virtualisation.libvirtd.onShutdown` was previously unused.
While suspending a domain on host shutdown is the default, this commit
makes it so domains can be shut down, also.
2018-10-31 00:01:00 +01:00
Eric Wolf 1b4e3103bf nixos/ddclient: fix #49258 2018-10-30 22:18:59 +01:00
Markus Kowalewski b388beeca3
nixos/slurm: add maintainer to module and test 2018-10-30 19:50:52 +01:00
Markus Kowalewski d2799d1835
nixos/slurm: node/partitionName option -> list
Make the node and partitionname options lists.
There can be more than paratition or set of nodes.

Add changes to release notes
2018-10-30 19:50:52 +01:00
Markus Kowalewski f51f753416
nixos/slurm: fix obselete string type 2018-10-30 19:50:52 +01:00
Markus Kowalewski 79c9dbfb40
nixos/slurm: add slurmdbd to module
* New options "services.slurm.dbdserver.[enable,config]"
* Add slurmdbd to test slurm.nix
2018-10-30 19:50:52 +01:00
Markus Kowalewski 111d4eb090
nixos/slurm: run ctld as user and fix spool dir
* run as user 'slurm' per default instead of root
* add user/group slurm to ids.nix
* fix default location for the state dir of slurmctld:
  (/var/spool -> /var/spool/slurmctld)
* Update release notes with the above changes
2018-10-30 19:50:46 +01:00
Léo Gaspard b9faae955c
redsocks module: add self as maintainer 2018-10-31 01:06:14 +09:00
Léo Gaspard 930bcbda83
dkimproxy-out module: add self as maintainer 2018-10-31 01:06:04 +09:00
Léo Gaspard 9b34f47b7c
clamsmtp module: add self as maintainer 2018-10-31 01:05:49 +09:00
Léo Gaspard 888034f6ca
dhparams module: add self as maintainer 2018-10-31 01:05:35 +09:00
Jörg Thalheim 6c7ec02503
Merge pull request #48499 from aneeshusa/restart-salt-on-config-changes
nixos/salt: restart on config changes
2018-10-30 15:40:56 +00:00
xeji 1d9481a127
Merge pull request #49395 from dtzWill/update/upower-0.99.9
upower: 0.99.7 -> 0.99.9, lock down service
2018-10-30 15:57:11 +01:00
Lancelot SIX f68cf486d8
Merge pull request #48664 from alyssais/postgres11
postgresql_11: init at 11.0
2018-10-30 15:54:42 +01:00
Lassulus 334dd6f964 nixos/bitlbee: use purple-2 as purple_plugin_path (#49440) 2018-10-30 15:37:41 +01:00
Alyssa Ross c6c7d55790
postgresql*: use underscores in version numbers 2018-10-30 14:32:21 +00:00
Eelco Dolstra be6e4b8af8
Merge pull request #49326 from c0bw3b/nixos/installation-device
nixos/installation-device: set GC initial heap size to 1MB
2018-10-30 14:13:59 +01:00
Will Dietz d7e4c49ffc nixos/upower: lockdown service using upstream settings 2018-10-29 08:09:52 -05:00
Nikita Uvarov 6d4b02df3f
nixos/containers: don't create veths if not configured
Previously, setting "privateNetwork = true" without specifying host and
local addresses would create unconfigured interfaces: ve-$INSTANCE on the host
and eth0 inside the container.

These changes is rebased part of the original PR #3021.
2018-10-29 14:02:50 +01:00
Pavel Goran a57bbf4e63 nixos/tomcat: add purifyOnStart option
With this option enabled, before creating file/directories/symlinks in baseDir
according to configuration, old occurences of them are removed.

This prevents remainders of an old configuration (libraries, webapps, you name
it) from persisting after activating a new configuration.
2018-10-29 18:26:22 +07:00
Aaron Andersen 36d695f696 filesystems: escape spaces in fstab with \040 2018-10-28 20:49:34 -04:00
Matthew Bauer a943bc9e04
Merge pull request #48801 from matthewbauer/cloneConfigExtra
ova: add cloneConfigExtra option
2018-10-28 19:05:16 -05:00
Jörg Thalheim eb70af18f4
Merge pull request #48875 from Izorkin/nginx-prestart
nginx: add custom options
2018-10-28 23:13:20 +00:00
Silvan Mosberger 74854265b1
Merge pull request #49317 from c0bw3b/nixos/demovm
nixos/virtualbox-image: increase disk to 50G
2018-10-28 22:21:37 +01:00
Silvan Mosberger 04b4ca37bd
Merge pull request #49360 from tadfisher/logind-suspend-then-hibernate
nixos/systemd: support "suspend-then-hibernate" logind option
2018-10-28 22:18:39 +01:00
Tad Fisher 8520839b6a nixos/systemd: support "suspend-then-hibernate" logind option 2018-10-28 13:41:21 -07:00
Renaud deacd0bd73
nixos/rngd: fix exec flags and udev rules
TPM1.2 support has been dropped in rng-tools v6.5
see caef8cce97

rngd won't access /dev/tpm0 anymore and the "--no-tpm=1" option is now unrecognised
2018-10-28 17:31:35 +01:00
FeepingCreature 83a65a9182 improve shell.nix warning messages 2018-10-28 14:08:01 +01:00
Joachim F e5ce19f6ab
Merge pull request #46330 from geistesk/wavemon-module
nixos/wavemon: create module
2018-10-28 10:16:54 +00:00
Renaud fc476599ad
installation-device: set GC initial heap size to 1MB
100000 (100kB) is too aggressive (too low) and gets ignored by the GC
See issue #43339
2018-10-28 10:48:00 +01:00
Robert Hensing 696a8bd2b5 nixpkgs.overlays: Add note about nixpkgs.pkgs' treatment of other options 2018-10-28 02:11:00 +02:00
Robert Hensing 5f894a67f5 nixos/modules/misc/nixpkgs.nix: Use pure Nixpkgs function 2018-10-28 02:09:43 +02:00
Renaud 7ab76cc5e8
nixos/virtualbox-image: increase disk to 50G
100GB breaks cptofs but 50GB is fine and benchmarks shows it takes the same time as building the demo VBox VM with a 10GB disk

+ enabled VM sound output by default
+ set USB controller in USB2.0 mode
+ add manifest file in the OVA as it allows integrity checking on imports
2018-10-28 00:53:54 +02:00
aanderse 1381019e49 nixos/rsyslogd & nixos/syslog-ng: fix broken module (#47306)
* journald: forward message to syslog by default if a syslog implementation is installed

* added a test to ensure rsyslog is receiving messages when expected

* added rsyslogd tests to release.nix
2018-10-27 19:01:30 +02:00
xeji 6419bdac05
Merge pull request #47241 from oxij/pull/36261-fix-local-hostname-alternative
nixos/networking: add hostname to /etc/hosts by default, simplify
2018-10-27 16:55:10 +02:00
Robert Hensing a54a799d59 NixOS: nixpkgs.pkgs: Append overlays when specified 2018-10-27 14:51:54 +02:00
Tuomas Tynkkynen ad7f2d120e nixos/installation-cd-minimal: Drop fontconfig
Shouldn't be needed for anything.
2018-10-27 15:17:13 +03:00
Tuomas Tynkkynen cc92fc0a83 nixos/installation-device: Move systemPackages additions to profiles/base
Other package additions are there as well.
2018-10-27 15:17:13 +03:00
Tuomas Tynkkynen 717206010f nixos/installer: Drop extra copy of w3m
The nixos-manual service already uses w3m-nographics for a variant that
drops unnecessary junk like various image libraries.

iso_minimal closure (i.e. uncompressed) goes from 1884M -> 1837M.
2018-10-27 13:16:30 +03:00
Samuel Leathers 5b30cd77db
nixos/grafana_reporter: initial service 2018-10-27 05:15:03 -04:00
Bas van Dijk 0b381dd9ca
Merge pull request #49197 from LumiGuide/strongswan-swanctl-5.7.1
strongswan-swanctl: adapt options to strongswan-5.7.1
2018-10-27 09:34:53 +01:00
Silvan Mosberger 932e27c53f
Merge pull request #49152 from 1000101/master
nixos/trezord: revised and updated udev rules
2018-10-27 01:18:46 +02:00
Silvan Mosberger d67da5ba9b
Merge pull request #49064 from jslight90/users
nixos/users: fix users home directory with isNormalUser
2018-10-27 00:59:16 +02:00
Silvan Mosberger f374addc10
Merge pull request #48844 from c0bw3b/svc/ddclient
nixos/ddclient: make RuntimeDirectory and configFile private
2018-10-27 00:29:18 +02:00
Bas van Dijk ca655e8b14 strongswan-swanctl: adapt options to strongswan-5.7.1
The changes were found by executing the following in the strongswan
repo (https://github.com/strongswan/strongswan):

git diff 5.6.3..5.7.1 src/swanctl/swanctl.opt
2018-10-26 23:46:02 +02:00
Jan Tojnar 82218835c5
Merge pull request #43133 from worldofpeace/gsignond
gsignond: init at 1.0.7
2018-10-26 19:29:56 +02:00
Ján Hrnko a88e0ef9aa nixos/trezord: revised and updated udev rules 2018-10-26 14:53:31 +02:00
Michael Weiss 163adc5039
Merge pull request #48916 from colemickens/sway-module
programs.sway-beta: module init (temporary until sway-beta becomes sway-1.0)
2018-10-25 19:12:38 +02:00
Marwan Aljubeh 8ddefe857d nixos/nextcloud: fix a typo
The NextCloud `adminpass` option sets the admin password, not the database password.
2018-10-25 18:04:36 +02:00
Maximilian Bosch 5dc1748043
Merge pull request #48728 from qolii/eternal-terminal-module
nixos/eternal-terminal: init new module.
2018-10-25 14:51:22 +02:00
qolii c0d90b57d6 Address more review feedback. 2018-10-24 17:57:33 -07:00
Cole Mickens da960bb899 sway-beta: module init 2018-10-24 14:56:29 -07:00
Jeff Slight d7fcd1dcbf nixos/users: fix users home directory with isNormalUser 2018-10-24 10:38:56 -07:00
Renaud b2f6aa0069
nixos/rngd: use new name pkgs.rng-tools
Instead of pkgs.rng_tools which is now an alias
2018-10-24 13:46:08 +02:00
Michael Weiss 2eb372d59d
nixos/rootston: Remove the module and the package (#48905)
Rootston is just a reference compositor so it doesn't make that much
sense to have a module for it. Upstream doesn't really like it as well:

"Rootston will never be intended for downstream packages, it's an
internal thing we use for testing." - SirCmpwn [0]

Removing the package and the module shouldn't cause much problems
because it was marked as broken until
886131c243. If required the package can
still be accessed via wlroots.bin (could be useful for testing
purposes).

[0]: https://github.com/NixOS/nixpkgs/issues/38344#issuecomment-378449256
2018-10-23 20:38:33 +02:00
Izorkin af8ae49395 nginx: add custom options 2018-10-23 21:04:07 +03:00
Rob Vermaas debbed29d1 datadog-agent: add option to enable trace agent 2018-10-23 12:30:06 +02:00
Renaud ab5380ec82
nixos/ddclient: make configFile private
/run/ddclient/ddclient.conf should be installed in mode 660 (readable and writeable only by ddclient.service user and group)
2018-10-23 00:43:41 +02:00
Renaud f76a9eb526
nixos/ddclient: make RuntimeDirectory private
ddclient will raise a warning if /run/ddclient/ is world-readable
2018-10-22 23:58:12 +02:00
Jörg Thalheim 9a7bca27cc
Merge pull request #48834 from dhess/dovenull-group-fix
dovecot: dovenull user should have its own group.
2018-10-22 22:46:17 +01:00
Arian van Putten 9f72791516 nixos/containers: Introduce several tweaks to systemd-nspawn from upstream systemd
* Lets container@.service  be activated by machines.target instead of
  multi-user.target

  According to the systemd manpages, all containers that are registered
  by machinectl, should be inside machines.target for easy stopping
  and starting container units altogether

* make sure container@.service and container.slice instances are
  actually located in machine.slice

  https://plus.google.com/112206451048767236518/posts/SYAueyXHeEX
  See original commit: https://github.com/NixOS/systemd/commit/45d383a3b8

* Enable Cgroup delegation for nixos-containers

  Delegate=yes should be set for container scopes where a systemd instance
  inside the container shall manage the hierarchies below its own cgroup
  and have access to all controllers.

  This is equivalent to enabling all accounting options on the systemd
  process inside the system container.  This means that systemd inside
  the container is responsible for managing Cgroup resources for
  unit files that enable accounting options inside.  Without this
  option, units that make use of cgroup features within system
  containers might misbehave

  See original commit: https://github.com/NixOS/systemd/commit/a931ad47a8

  from the manpage:
    Turns on delegation of further resource control partitioning to
    processes of the unit. Units where this is enabled may create and
    manage their own private subhierarchy of control groups below the
    control group of the unit itself. For unprivileged services (i.e.
    those using the User= setting) the unit's control group will be made
    accessible to the relevant user. When enabled the service manager
    will refrain from manipulating control groups or moving processes
    below the unit's control group, so that a clear concept of ownership
    is established: the control group tree above the unit's control
    group (i.e. towards the root control group) is owned and managed by
    the service manager of the host, while the control group tree below
    the unit's control group is owned and managed by the unit itself.
    Takes either a boolean argument or a list of control group
    controller names. If true, delegation is turned on, and all
    supported controllers are enabled for the unit, making them
    available to the unit's processes for management. If false,
    delegation is turned off entirely (and no additional controllers are
    enabled). If set to a list of controllers, delegation is turned on,
    and the specified controllers are enabled for the unit. Note that
    additional controllers than the ones specified might be made
    available as well, depending on configuration of the containing
    slice unit or other units contained in it. Note that assigning the
    empty string will enable delegation, but reset the list of
    controllers, all assignments prior to this will have no effect.
    Defaults to false.

    Note that controller delegation to less privileged code is only safe
    on the unified control group hierarchy. Accordingly, access to the
    specified controllers will not be granted to unprivileged services
    on the legacy hierarchy, even when requested.

    The following controller names may be specified: cpu, cpuacct, io,
    blkio, memory, devices, pids. Not all of these controllers are
    available on all kernels however, and some are specific to the
    unified hierarchy while others are specific to the legacy hierarchy.
    Also note that the kernel might support further controllers, which
    aren't covered here yet as delegation is either not supported at all
    for them or not defined cleanly.
2018-10-22 22:36:08 +02:00
Drew Hess fa388534e4
dovecot: dovenull user should have its own group.
Quoting from https://wiki.dovecot.org/UserIds#dovenulluser:

"It should belong to its own private dovenull group where no one else
belongs to..."
2018-10-22 15:01:47 -04:00
Victor SENE 2a164f598c nixos/nextcloud: extend documentation for nginx configuration
Co-authored-by: Robin Gloster <mail@glob.in>
2018-10-22 19:50:37 +02:00
Kier Davis dfdaf39ec3
ckb module: use exec when starting the daemon process
This avoids leaving the parent shell process (the one executing the
unit script) lying around.
2018-10-22 13:23:30 +01:00
Kier Davis 81178785c9
ckb, ckb module: rename to ckb-next
The upstream package has officially changed its name to ckb-next.
2018-10-22 13:23:30 +01:00
Kier Davis 8069b09d05
ckb module: update systemd service parameters to match upstream
This changes the description and restart mode to the values present
in lib/systemd/system/ckb.service within the ckb package.
2018-10-22 13:22:02 +01:00
Kier Davis 85526bce87
ckb-next: 0.2.9 -> 0.3.2
In this update:

* binaries `ckb` and `ckb-daemon` are renamed to `ckb-next` and `ckb-next-daemon`
* build system changed from qmake to cmake
* the directory searched for animation plugins no longer needs to be patched, as a result of the build system change
* modprobe patch has been bumped, since the source repository layout has changed
* the cmake scripts are quite FHS-centric and require patching to fix install locations
2018-10-22 13:22:01 +01:00
Jörg Thalheim 0a5b4fda63
Merge pull request #48791 from markuskowa/fix-munge
nixos/munge: do not create unnecessary log dir
2018-10-21 22:59:51 +01:00
Matthew Bauer 1902adb437 ova: add cloneConfigExtra option
Customize virtualbox ovas to contain a clone config option giving some
useful hints.

Fixes #38429
2018-10-21 14:52:49 -05:00
Arian van Putten 3be00fa60c nixos/systemd-nspawn: Remove dependency on bogus "machine.target"
"machine.target" doesn't actually exist, it's misspelled version
of "machines.target".  However, the "systemd-nspawn@.service"
unit already has a default dependency on "machines.target"
2018-10-21 21:51:51 +02:00
Markus Kowalewski e3a86019d6
nixos/munge: do not create unnecessary log dir
/var/log/munge is not used. All log messages go to syslog
2018-10-21 20:46:09 +02:00
Joachim F ca127588c1
Merge pull request #48625 from exarkun/48622.tor-disable-socksport
nixos/tor: better support non-anonymous services
2018-10-21 18:27:02 +00:00
Ben Wolsieffer eadb9c822b raspberrypi-bootloader: pass initrd to kernel
NixOS is unable to boot using the RPi bootloader (w/o U-Boot) unless the initrd
is configured.
2018-10-21 17:44:11 +03:00
Ben Wolsieffer e2fbada6f8 raspberrypi-bootloader: uboot: allow specification of target directory 2018-10-21 17:44:11 +03:00
Ben Wolsieffer 1afff7c10b raspberrypi-bootloader: support Raspberry Pi 3 w/o U-Boot and explicitly support
Raspberry Pi Zero
2018-10-21 17:44:11 +03:00
Ben Wolsieffer bcb9e17bba raspberrypi-bootloader: allow specification of target directory 2018-10-21 17:44:11 +03:00
Jörg Thalheim c4a7ebb46b
Merge pull request #47070 from Mic92/grafana-improvements
Grafana: secrets outside of the nix store + smtp
2018-10-21 14:21:09 +01:00
Linus Heckemann 45981145ad nixos/wrappers: remove outdated upgrade code
As mentioned in the code comments themselves, this was only necessary
for 16.09 -> 17.03 and as such is obsolete.
2018-10-21 15:12:36 +02:00
Heitham Omar 433ea7bf3a gnupg: Fix, set current tty in interactive shell
GPG_TTY was not being set to the current tty, breaking pinentry-tty/pinentry-curses.
2018-10-21 10:19:04 +01:00
Renaud cb9237d16f
Merge pull request #47775 from florianjacob/munin-var-run-to-run
nixos/munin: move from /var/run to /run
2018-10-21 10:07:25 +02:00
Michael Raskin 3491dd06a1
Merge pull request #47224 from pvgoran/tomcat-virtualhost-aliases
nixos/tomcat: add aliases sub-option for virtual hosts
2018-10-21 07:54:52 +00:00
qolii ee0444576f Address review feedback. 2018-10-20 13:52:43 -07:00
qolii af1a285017 nixos/eternal-terminal: init new module. 2018-10-20 13:52:12 -07:00
Silvan Mosberger 1fa1bcbab0
nixos/znc: Fix confOptions.uriPrefix not being applied
This was overlooked on a rebase of mine on master, when I didn't realize
that in the time of me writing the znc changes this new option got
introduced.
2018-10-20 20:56:30 +02:00
Silvan Mosberger 039fc37f9c
nixos/znc: Fix confOptions.extraZncConf being applied to wrong section
This bug was introduced in https://github.com/NixOS/nixpkgs/pull/41467
2018-10-20 20:36:18 +02:00
Pierre Bourdon cf58856d90 nixos/prometheus: add webExternalUrl option
Similar to the prometheus.alertmanager.webExternalUrl option, but for
Prometheus itself.
2018-10-20 13:45:55 +02:00
Matthew Bauer 5b73b46aec
Merge pull request #48689 from Tmplt/fix-compton
nixos/compton: fix corrupt colours with Mesa 18 on AMD
2018-10-19 15:40:43 -05:00
Maximilian Bosch e8fb77a944
Merge pull request #46152 from Ma27/fix-setxkbmap-completion
zsh: patch `_setxkbmap` completion script
2018-10-19 14:33:04 +02:00
worldofpeace 4f4e20bc79 nixos/gsignond: init 2018-10-19 06:29:04 -04:00
Jörg Thalheim e37892744f
Merge pull request #48640 from gnidorah/kvmgt
kvmgt module: add restart on failure
2018-10-19 10:45:04 +01:00
Sarah Brofeldt 58717759b3
Merge pull request #48546 from andrew-d/andrew/hide-zfs-import-warning
nixos/zfs: Hide useless errors when waiting for zpool to be ready
2018-10-19 10:07:09 +02:00
Tmplt df41d53f9d nixos/compton: fix corrupt colours with Mesa 18 on AMD
On AMD hardware with Mesa 18, compton renders some colours incorrectly
when using the glx backend. This patch sets an environmental variable
for compton so colours are rendered correctly.

Topical bug: <https://bugs.freedesktop.org/show_bug.cgi?id=104597>
2018-10-19 01:10:11 +02:00
Daniel Rutz c98a7bf8f2 nixos/sshd: Use port type instead of int
This change leads to an additional check of the port number at build time, making invalid port values impossible.
2018-10-18 23:42:20 +02:00
Jörg Thalheim 5a1f0f9aa3
tinc: remove unnecessary networking.interfaces
This breaks with networking backends enabled and
also creates large delays on boot when some services depends
on the network target. It is also not really required
because tinc does create those interfaces itself.

fixes #27070
2018-10-18 21:37:56 +01:00
gnidorah a6603fd8a8 kvmgt module: add service restart on failure 2018-10-18 22:35:32 +03:00
Jörg Thalheim 2ce94fafcd
Merge pull request #48571 from spacefrogg/openafs
Openafs security updates
2018-10-18 16:08:04 +01:00
Michael Raitza 290a7d2ee9 nixos/openafs: Add defaultText to avoid evaluating packages 2018-10-18 13:11:52 +02:00
adisbladis 78c0e1aa11
nixos/pulseaudio: Add extraModules config option 2018-10-18 16:27:43 +08:00
Silvan Mosberger 77e90ef365
Merge pull request #45030 from eadwu/nvidia_x11_beta/396.51
nvidia_x11_beta: reinit at 410.57
2018-10-18 09:10:05 +02:00
Edmund Wu 21bb1fa004
nvidia_x11_beta: reinit at 410.57 2018-10-17 19:30:44 -04:00
Maximilian Bosch 13e4110650
Merge pull request #48131 from Ma27/weechat-multiuser-support
nixos/weechat: add setuid wrapper for `screen' to ensure true multiuser capabilities
2018-10-17 23:39:30 +02:00
markuskowa ab27adc2dd
Merge pull request #47154 from ck3d/fix-nixos-lirc-socket
nixos lircd: fix deletion of lircd socket
2018-10-17 21:52:48 +02:00
Jörg Thalheim f6ded23889
Merge pull request #48460 from Mic92/postfix-setuid
postfix: add setgid wrapper for postqueue/postdrop
2018-10-17 14:48:43 +01:00
Jean-Paul Calderone 4a71e2942c nixos/tor: better support non-anonymous services
Tor requires ``SOCKSPort 0`` when non-anonymous hidden services are
enabled.  If the configuration doesn't enable Tor client features,
generate a configuration file that explicitly includes this disabling
to allow such non-anonymous hidden services to be created (note that
doing so still requires additional configuration).  See #48622.
2018-10-17 08:56:59 -04:00
clefru 725fcdef3f Fix hostapd's place in systemd dependency tree. (#45464)
* nat/bind/dhcp.service:
  Remove. Those services have nothing to do with a link-level service.

* sys-subsystem-net-devices-${if}.device:
  Add as BindsTo dependency as this will make hostapd stop when the
  device is unplugged.

* network-link-${if}.service:
  Add hostapd as dependency for this service via requiredBy clause,
  so that the network link is only considered to be established
  only after hostapd has started.

* network.target:
  Remove this from wantedBy clause as this is already implied from
  dependencies stacked above hostapd. And if it's not implied than
  starting hostapd is not required for this particular network
  configuration.
2018-10-17 09:18:52 +02:00
Silvan Mosberger e443bbf6fd
Merge pull request #45470 from Infinisil/znc-config
nixos/znc: More flexible module, cleanups
2018-10-17 03:01:30 +02:00
Silvan Mosberger 8319ec35b2
Merge pull request #47975 from aneeshusa/make-container-journals-available-from-host
containers: Make systemd journals available from the host
2018-10-17 02:56:05 +02:00
Eelco Dolstra b6bac6c144
Revert "Merge pull request #48122 from zimbatm/pkg-nixos-rebuild"
This reverts commit 10addad603, reversing
changes made to 7786575c6c.

NixOS scripts should be kept in the NixOS source tree, not in
pkgs. Moving them around is just confusing and creates unnecessary
code/history churn.
2018-10-16 20:25:44 +02:00
Andrew Dunham c3e004799c Hide useless errors when waiting for zpool to be ready 2018-10-16 02:45:25 -07:00
zimbatm 1875344542
nixos-*: init as package
Move all the nixos-* scripts from the nixos distribution as real
packages in the pkgs/ package set.

This allows non-nixos users to run the script as well. For example,
deploying a remote machine with:

    nixos-rebuild --target-host root@hostname --build-host root@hostname
2018-10-16 11:12:36 +02:00
zimbatm b7a07313cc
move the codeName to /.codeName
Make the codeName globally accessible in the repo. The release is not
only for NixOS anymore.
2018-10-16 11:11:28 +02:00
Aneesh Agrawal a962d53806 salt: Restart on config changes 2018-10-15 19:59:25 -07:00
Aneesh Agrawal 37c9915340 nixos/salt-minion: Fix salt-call without -c 2018-10-15 19:59:09 -07:00
Aneesh Agrawal adf8261192 nixos/salt-minion: Remove trailing whitespace 2018-10-15 19:59:00 -07:00
Joachim F 205aff5a65
Merge pull request #48439 from joachifm/hardened-misc
nixos/security/misc: init
2018-10-15 21:25:42 +00:00
Joachim Fasting f4ea22e5de
nixos/security/misc: init
A module for security options that are too small to warrant their own module.

The impetus for adding this module is to make it more convenient to override
the behavior of the hardened profile wrt user namespaces.
Without a dedicated option for user namespaces, the user needs to
1) know which sysctl knob controls userns
2) know how large a value the sysctl knob needs to allow e.g.,
   Nix sandbox builds to work

In the future, other mitigations currently enabled by the hardened profile may
be promoted to options in this module.
2018-10-15 23:11:37 +02:00
Eelco Dolstra 0bdd0d8e04
amazon-image.nix: Disable udisks
This reduces the system closure by 89 MiB.
2018-10-15 21:54:28 +02:00
Eelco Dolstra 47dfe25e1b
ec2-amis.nix: Add 18.09 images 2018-10-15 21:43:16 +02:00
rnhmjoj 16f67637ba
nixos/syncthing: move configuration to condigDir
fixes #47513 following the upstream recommended settings:
https://github.com/syncthing/syncthing/issues/3434#issuecomment-235401876
2018-10-15 20:34:50 +02:00
Jörg Thalheim 91ddc9d27f
postfix: add setgid wrapper for postqueue/postdrop
Both postqueue[1] and postdrop[2] implement a subset of administration
task that are supposed to be run unprivileged users
and require the setgid bit to full-fill this task.

[1] http://www.postfix.org/postqueue.1.html
[2] http://www.postfix.org/postdrop.1.html
2018-10-15 13:14:41 +01:00
Joachim F a179d44bd1
Merge pull request #47538 from xaverdh/kmscon-autologin
nixos/kmscon: Add autologin option
2018-10-15 11:25:19 +00:00
Joachim Fasting cb845123d4
nixos/hardened: add myself to maintainers 2018-10-15 01:33:33 +02:00
Joachim Fasting e619998eb3
nixos/lock-kernel-modules: add myself to maintainers 2018-10-15 01:33:30 +02:00
Aneesh Agrawal d85317c7b2 nixos/containers: Make systemd journals available from the host
This is set by default if using the upstream systemd-nspawn@ units.
2018-10-14 14:40:08 -07:00
Silvan Mosberger 81c3ae9492
nixos/znc: add config option
This option represents the ZNC configuration as a Nix value. It will be
converted to a syntactically valid file. This provides:
- Flexibility: Any ZNC option can be used
- Modularity: These values can be set from any NixOS module and will be
merged correctly
- Overridability: Default values can be overridden

Also done:
Remove unused/unneeded options, mkRemovedOptionModule unfortunately doesn't work
inside submodules (yet). The options userName and modulePackages were never used
to begin with
2018-10-14 20:39:42 +02:00
Janne Heß 7748c3da1b nixos/nixos-install: Unset system
The system variable is used from the (possibly polluted) shell
environment.
This causes nixos-install to fail in a nix-shell because the system
shell variable is automatically set to the current system (e.g.
x86_64-linux).
2018-10-14 20:12:08 +02:00
Silvan Mosberger 0ea64098dc
Merge pull request #48006 from NickHu/psd
profile-sync-daemon: add missing path to systemd service
2018-10-14 14:10:03 +02:00
Nick Hu 9cd21807c8 nixos/profile-sync-daemon: add missing path to systemd service 2018-10-14 13:02:33 +01:00
Peter Hoeg abe0e22e20
Merge pull request #48119 from mrVanDalo/update_syncthing
nixos/modules: services.syncthing add guiAddress parameter
2018-10-14 18:47:51 +08:00
Ingolf Wagner d2e1dd7fc7
nixos/modules: services.syncthing use types.str instead of types.string
As Infinisil mentioned in https://github.com/NixOS/nixpkgs/pull/48119#discussion_r224974201
2018-10-14 06:46:42 +02:00
Ingolf Wagner fa6c8ec2a7
nixos/modules: services.syncthing add guiAddress parameter 2018-10-14 00:52:25 +02:00
Silvan Mosberger d4f2f4c79d
Merge pull request #44441 from mnacamura/shell-aliases
environment.shellAliases: change default behavior
2018-10-13 17:46:11 +02:00
Yegor Timoshenko 6e4d0c4a8a
Merge pull request #47691 from florianjacob/matomo-choose-package
nixos/matomo: introduce services.matomo.package option
2018-10-13 15:27:00 +00:00
Florian Jacob a1825aecfc
nixos/matomo: introduce services.matomo.package option 2018-10-13 15:25:12 +00:00
Mitsuhiro Nakamura c941577dcb nixos/shells: enable to nullify already defined aliases 2018-10-14 00:14:49 +09:00
Mitsuhiro Nakamura 3b5449b80c nixos/shells: programs.*sh.shellAliases override environment.shellAliases 2018-10-14 00:14:09 +09:00
Mitsuhiro Nakamura e4e160cc39 nixos/shells: do not override user-defined shell aliases 2018-10-14 00:13:13 +09:00
Yegor Timoshenko 605eb4098f
Merge pull request #47696 from Ma27/dont-run-thefuck-on-bash
nixos/thefuck: don't run thefuck on `environment.shellInit'
2018-10-13 15:12:50 +00:00
Alexey Shmalko df2696c430
Merge pull request #48307 from delroth/prom-tor
prometheus-tor-exporter: init at 0.3
2018-10-13 17:59:23 +03:00
Silvan Mosberger 4eee2cd0e0
nixos/znc: move to own folder
Move legacy options to separate file
2018-10-13 15:04:53 +02:00
Jörg Thalheim b899df4f3f
Merge pull request #48292 from jslight90/gitlab
nixos/gitlab: add custom hooks directory for gitlab-shell
2018-10-13 10:55:42 +01:00
Pierre Bourdon 86d644f8cc prometheus-tor-exporter: init at 0.3
Upstream: https://github.com/atx/prometheus-tor_exporter
2018-10-13 10:10:29 +02:00
volth 0d44d639f6 nixos/qemu-guest-agent: pkgs.{kvm -> qemu} (#48293)
there is no top-level pkgs.kvm
2018-10-13 00:41:46 +02:00
Jörg Thalheim 6a5e62e5e6
Merge pull request #48248 from volth/environment.extraSetup
use buildPackages in environment.extraSetup
2018-10-12 22:35:11 +01:00
Jörg Thalheim 156d2fbf5d
Merge pull request #48272 from avnik/fix/rmilter
nixos/rmilter: don't enable by default, if rspamd enabled
2018-10-12 22:34:08 +01:00
Jeff Slight 7bafe25553 add custom hooks directory to gitlab-shell
Add custom_hooks_dir to gitlab-shell yml config file.
2018-10-12 09:33:37 -07:00
Alexander V. Nikolaev b61dd2bcb7 nixos/rmilter: don't enable by default, if rspamd enabled 2018-10-12 17:39:06 +03:00
Jan Tojnar a112f16a75
Merge pull request #42562 from ambrop72/gdk-pixbuf-fix
Use a NixOS module for generating the gdk-pixbuf loaders cache.
2018-10-12 15:52:06 +02:00
Jörg Thalheim 6bd73e860b
Merge pull request #48245 from volth/patch-258
bootStage1: fix cross build
2018-10-12 14:42:43 +01:00
Silvan Mosberger c26d6001ed
Merge pull request #45890 from lopsided98/buildbot-python3
buildbot: Python 3 support and other improvements
2018-10-12 14:06:41 +02:00
volth b3dff39105
bootStage1: fix cross build (@matthewbauer's solution) 2018-10-12 09:24:00 +00:00
Ben Wolsieffer 73c523a605 buildbot: add Python 3 support 2018-10-11 21:39:11 -04:00
volth dbb445736f use buildPackages in environment.extraSetup 2018-10-12 01:16:50 +00:00
volth 9dd5dc57a7
bootStage1: fix cross build 2018-10-12 00:45:59 +00:00
Franz Pletz a1802fc115
Merge pull request #48229 from lopsided98/luks-ssh-fix
nixos: initrd/luks: fix detection of devices by UUID
2018-10-11 21:56:41 +00:00
Ben Wolsieffer 76977590fa nixos: initrd/luks: fix detection of devices by UUID 2018-10-11 16:02:41 -04:00
Ben Wolsieffer 264cb7407c nixos: initrd/luks: make script indentation consistent 2018-10-11 15:53:53 -04:00
Silvan Mosberger c81ca5491f
Merge pull request #46041 from nh2/issue-46038-nix-daemon-ssh-path
nix-daemon service: Ensure `ssh` is on PATH. Fixes #46038.
2018-10-11 21:51:37 +02:00
Silvan Mosberger c881a04a5d
Merge pull request #47902 from pvgoran/correct-mkEnableOption-uses
nixos: correct improper uses of mkEnableOption, clarify service descr…
2018-10-11 21:31:32 +02:00
Silvan Mosberger a232e5f13c
Merge pull request #48026 from mnacamura/fish-escapeshellarg
nixos/fish: use 'escapeShellArg' for shell aliases
2018-10-11 21:14:39 +02:00
Michael Raskin a29603344a
Merge pull request #48189 from aanderse/redmine
redmine: refactor, cleanup, bug fix, and add functionality
2018-10-11 15:32:43 +00:00
Victor SENE 2dcd512e74 nixos/nextcloud: add poolConfig option (#48094) 2018-10-11 14:13:23 +00:00
Franz Pletz 0aabc77a03
Merge pull request #48055 from WilliButz/add-exporter-tests
nixos/tests: add test for prometheus exporters
2018-10-11 13:58:14 +00:00
xeji e7f67f97f2
Merge pull request #47252 from xeji/p/fix-47210
nixos/network-interfaces-scripted: fix a container networking bug
2018-10-11 14:55:33 +02:00
Aaron Andersen 975f476cd2 quoting stateDir path in case it includes spaces 2018-10-11 08:04:47 -04:00
obadz 6fca3c5700 cups-googlecloudprint: init at 20160502 2018-10-11 09:19:58 +01:00
Aaron Andersen 1cb5b509f1 redmine: refactor, cleanup, bug fix, and add functionality
- added package option to specify which version of redmine
- added themes option back in to allow specifying redmine themes
- added plugins option back in to allow specifying redmine plugins
- added database.socket option to allow mysql unix socket authentication
- added port option to allow specifying the port rails runs on

- cleaned up Gemfile so it is much less hacky
- switched to ruby version 2.4 by default as suggested by documentation http://www.redmine.org/projects/redmine/wiki/redmineinstall#Installing-Redmine
- fixed an annoyance (bug) in the service causing recursive symlinks
- fixed ownership bug on log files generated by redmine
- updates reflecting renames in nixos options

- added a nixos test
2018-10-10 21:04:08 -04:00
xeji af6e2464bb
nixos/display-managers/startx: init (#47773)
Dummy display manager that allows running X as a normal user.
The X server is started manually from a vt using `startx`.
Session startup commands must be provided by the user
in ~/.xinitrc, which is NOT automatically generated.
2018-10-10 23:07:44 +02:00
Peter Hoeg 98649aea0f
Merge pull request #48098 from peterhoeg/f/opti
nix-optimise: do not run in container
2018-10-10 20:57:10 +08:00
Renaud d3b79965df
Revert "Increase Virtualbox disk image size" (#48151) 2018-10-10 12:53:48 +02:00
Maximilian Bosch 018573b757
nixos/weechat: add setuid wrapper for `screen' to ensure true multiuser capabilities
Previously you either had to set the setuid bit yourself or workaround
`isSystemUser = true` (for a loginable shell) to access the weechat
screen.

`programs.screen` shouldn't do this by default to avoid taking too much
assumptions about the setup, however `services.weechat` explicitly
requires tihs.

See #45728
2018-10-10 11:11:34 +02:00
Jörg Thalheim af7c57232b
Merge pull request #48080 from Lassulus/gnome-gdm
nixos/gnome3: don't autoenable gdm
2018-10-09 23:22:41 +01:00
Vincent Ambo 5ead27394d journaldriver: 1.0.0 -> 1.1.0 (#48106)
Included changes:

* upstream repository has moved, URLs changed accordingly
* journaldriver bumped to new upstream release

The new release includes an important workaround for an issue that
could cause log-forwarding to fail after service restarts due to
invalid journal cursors being persisted.
2018-10-09 23:45:43 +02:00
Joachim F 5fc62fa49c
Merge pull request #48043 from Vskilet/emby
nixos/emby : use the dataDir option
2018-10-09 08:54:07 +00:00
lassulus 5a752ad879 nixos/gnome3: don't autoenable gdm
This seems to cause problems if people have other display-managers
enabled
2018-10-08 23:05:18 +02:00
Samuel Dionne-Riel 7fb45271b2
Merge pull request #47917 from arianvp/fix-imperative-containers
Fix imperative containers
2018-10-08 16:55:38 -04:00
Timo Kaufmann a88dad2684
Merge pull request #48039 from lheckemann/murmur-mention-mumble
murmur: mention mumble in description
2018-10-08 21:46:38 +02:00
Matthew Bauer dd6f6951cf
Merge pull request #45109 from jfrankenau/module-triggerhappy
nixos/triggerhappy: add module for triggerhappy hotkey daemon
2018-10-08 14:42:59 -05:00
Matthew Bauer 7432fde1ad
Merge pull request #44920 from eadwu/init/lightdm-enso-os-greeter
lightdm-enso-os-greeter: init at 0.2.1
2018-10-08 13:54:31 -05:00
WilliButz fbb7e0c82f
nixos/prometheus-exporters: fix unapplied service config
Prior to this commit, the default values for `Restart`, `PrivateTmp` and
`WorkingDirectory` were falsely ignored.

I also added myself as maintainer.
2018-10-08 17:21:49 +02:00
WilliButz 24320f4a9e
nixos/prometheus-varnish-exporter: avoid crash on restart 2018-10-08 17:21:48 +02:00
Victor SENE 7d43e2a861 nixos/emby : use the dataDir option 2018-10-08 14:49:09 +02:00
Linus Heckemann 68a2fceed5 nixos/murmur: mention mumble in description
This makes the option easier to find with the options search or in the
manpage.
2018-10-08 13:33:36 +02:00
Mitsuhiro Nakamura fb0b3ac721 nixos/fish: use 'escapeShellArg' for shell aliases 2018-10-08 09:28:53 +09:00
lassulus 99c8dc4a11 charybdis service: bin/charybdis-ircd -> bin/charybdis 2018-10-07 13:10:50 +02:00
Andrew Childs c477d6658c nixos/prometheus-snmp-exporter: fix command line argument format 2018-10-07 11:35:55 +09:00
c74d d8bcd2c3d8 nixos/bash: Use escapeShellArg for shell aliases
This patch uses the library function `lib.escapeShellArg` to improve
the handling of shell aliases in the NixOS module `bash`, copying the
corresponding change made to the `zsh` module in commit
1e211a70cb (for which GitHub pull
request #47471 was filed).

This patch resolves GitHub issue #16973.

This change presumably also should be copied to the `fish` module, but
I don't know `fish` syntax so that won't be done by me.

GitHub: Close NixOS/nixpkgs#16973.
2018-10-06 20:01:27 +00:00
Will Dietz 003c20e02c
Merge pull request #47554 from dtzWill/update/light-1.2
light: 1.1.2 -> 1.2, use new udev support instead of setuid wrapper.
2018-10-05 23:15:44 -05:00
Matthew Bauer bd3c840301
Merge pull request #46964 from florianjacob/systemd-assert-value-tostring
nixos/systemd-lib: fix assertValueOneOf
2018-10-05 23:00:41 -05:00
Matthew Bauer 907afd17f9
Merge pull request #46068 from azazel75/alertmanager-flags
Prometheus Alertmanager: Allow the definition of extra options on commandline
2018-10-05 22:52:48 -05:00
Matthew Bauer 91078ee339
Merge pull request #46106 from NickHu/psd
profile-sync-daemon: 5.53 -> 6.33
2018-10-05 22:51:59 -05:00
Matthew Bauer 33d24042d4
Merge pull request #46443 from bobvanderlinden/pr-test-upnp
Miniupnpd and bittorrent improvements
2018-10-05 22:48:24 -05:00
Matthew Bauer 357d32e2b3
Merge pull request #46459 from volth/volth-patch-3
nixos/initrd-network: multiple DHCP fixes
2018-10-05 22:47:45 -05:00
Matthew Bauer 751dc01977
Merge pull request #46649 from brainrape/patch-1
Increase Virtualbox disk image size
2018-10-05 22:42:06 -05:00
Matthew Bauer ef7d2215a5
Merge pull request #46856 from dasJ/tt_rss_uid
nixos/tt_rss: Give a proper UID
2018-10-05 22:41:27 -05:00
Graham Christensen b4755393cc
Merge pull request #47920 from grahamc/link-to-definition
docs: Link to Definition
2018-10-05 13:13:15 -04:00
Arian van Putten 3624bb5362 nixos-container: Force container to talk to host nix-daemon
When logging into a container by using
  nixos-container root-login
all nix-related commands in the container would fail, as they
tried to modify the nix db and nix store, which are mounted
read-only in the container.  We want nixos-container to not
try to modify the nix store at all, but instead delegate
any build commands to the nix daemon of the host operating system.

This already works for non-root users inside a nixos-container,
as it doesn't 'own' the nix-store, and thus defaults
to talking to the daemon socket at /nix/var/nix/daemon-socket/,
which is bind-mounted to the host daemon-socket, causing all nix
commands to be delegated to the host.

However, when we are the root user inside the container, we have the
same uid as the nix store owner, eventhough it's not actually
the same root user (due to user namespaces). Nix gets confused,
and is convinced it's running in single-user mode, and tries
to modify the nix store directly instead.

By setting `NIX_REMOTE=daemon` in `/etc/profile`, we force nix
to operate in multi-user mode, so that it will talk to the host
daemon instead, which will modify the nix store for the container.

This fixes #40355
2018-10-05 18:36:47 +02:00
Graham Christensen 4312cfdbda
version.nix: extract revision-fetching function 2018-10-05 11:06:28 -04:00
nyanloutre bb06b5b442 nixos/emby: fixes binary name change introduced by #47659 2018-10-05 09:25:39 +02:00
Pavel Goran 858b263bf0 nixos: correct improper uses of mkEnableOption, clarify service descriptions
Several service definitions used `mkEnableOption` with text starting
with "Whether to", which produced funny option descriptions like
"Whether to enable Whether to run the rspamd daemon..".

This commit corrects this, and adds short descriptions of services
to affected service definitions.
2018-10-05 13:14:45 +07:00
Peter Hoeg c81d370bb9
Merge branch 'master' into f/activation 2018-10-05 10:08:56 +08:00
Peter Hoeg 4dada63a17 plasma5: run kbuildsycoca5 in the user context 2018-10-05 10:06:40 +08:00
Peter Hoeg 8118d6eb2e switch-to-configuration.pl: activate the nixos-activation.service user service 2018-10-05 10:06:40 +08:00
Peter Hoeg 1353ba2678 system-activation: support script fragments to run in a user context 2018-10-05 10:06:40 +08:00
Vladimír Čunát de93b32f90
nixos-option: fix #47722 when missing ~/.nix-defexpr/channels
The problem was that the non-fatal warning was not omitted
from the output when constructing a nix expression.
Now it seems OK for me.  When return code is OK,
the warnings don't get passed anywhere, but I expect
that won't matter for this utility.  Fatal errors are still shown.
2018-10-04 16:52:17 +02:00
Pascal Wittmann b9e7935eff
Merge pull request #47603 from Mic92/bitlbee
nixos/bitlbee: add pam option
2018-10-04 12:48:09 +02:00
Peter Hoeg 6b4d336651
Merge pull request #47838 from peterhoeg/f/plasma
kcheckpass: it is in kscreenlocker, not plasma-workspace
2018-10-04 15:42:46 +08:00
Matthew Bauer 1ffe83caa7
Merge pull request #42846 from ambrop72/optimus-prime-config-master
nixos/xserver: Implement configuration of NVIDIA Optimus via PRIME
2018-10-03 22:56:53 -05:00
Peter Hoeg d10a84eb21 kcheckpass: it is in kscreenlocker, not plasma-workspace 2018-10-04 10:17:40 +08:00
Jörg Thalheim 6a995e986a
Merge pull request #47159 from eqyiel/nextcloud
nextcloud module: init
2018-10-03 23:42:40 +01:00
Florian Jacob c54aa26a2d nixos/munin: move from /var/run to /run
as using /var/run now emits a warning by systemd's tmpfiles.d.
As /var/run is already a symlink to /run, this can't break anything, and
data does not need to be migrated.
2018-10-03 17:36:37 +02:00
Márton Boros d8a555d819
Fix systemd timer unit documentation
Fixes #36210
2018-10-03 14:39:36 +02:00
Maximilian Bosch 7297cc5501 nixos/activation: fix systemd-user daemon-reload in auto-upgrade service (#47695)
The autoupgrade service defined in `system.autoUpgrade`
(`nixos/modules/installer/tools/auto-upgrade.nix`) doesn't have `su` in
its path and thus yields a warning during the `daemon-reload`.

Specifying the absolute path fixes the issue.

Fixes #47648
2018-10-03 12:31:08 +02:00
Peter Hoeg 7af39cb9b8
Merge pull request #47482 from peterhoeg/f/hyperv
nixos on hyperv: load proper modules and make installer use the module
2018-10-03 11:45:29 +08:00
Maximilian Bosch bccd0faee4
nixos/thefuck: don't run thefuck on `environment.shellInit'
The init script slightly differs depending on which shell is in use.
So for bash it should be in the interactiveShellInit as well.

In this case we don't need a mkIf as `bash` is enabled by default
on NixOS.
2018-10-03 02:11:17 +02:00
Jan Malakhovski c57892462b nixos/networking: add hostname to /etc/hosts by default
We use `127.0.1.1` instead of `127.0.0.1` because some applications will fail if
`127.0.0.1` resolves to something other than `localhost`.

Debian does the same.

See #1248 and #36261.
2018-10-02 23:58:36 +00:00
Jan Malakhovski 1ece5041a4 nixos/networking: simplify /etc/hosts generation, add asserts
Since `networking.hosts` is properly typed all of that magic `/etc/hosts` generator
does can be dropped. People that disagree with the value of `networking.hosts` can
simply `mkForce`.
2018-10-02 23:58:35 +00:00
Jörg Thalheim b12c759f76
Merge pull request #47563 from jameysharp/unscripted
Replace several activation script snippets with declarative configuration
2018-10-02 19:21:34 +01:00
Peter Simons 1af8f3a980 nixos: include system-level dconf resources in GDM's profile
This is necessary when system-wide dconf settings must be configured, i.e. to
disable GDM's auto-suspending of the machine when no user is logged in.

Related to https://github.com/NixOS/nixpkgs/issues/42053.
2018-10-02 13:27:59 +02:00
Eelco Dolstra 2c9265c950
nix: 2.1.2 -> 2.1.3 2018-10-02 11:07:48 +02:00
Jörg Thalheim bc0d87a4f1
Merge pull request #47455 from nyanloutre/steamPackages.steam-udev
steamPackages.steam: add udev rules and update to 1.0.0.56
2018-10-02 00:55:41 +01:00
Alyssa Ross c1dbb90bfd lightdm: add extraConfig option (#47630) 2018-10-02 00:35:32 +02:00
Franz Pletz 11ba2f270f
nixos/clamav: fix freshclam service if db up to date 2018-10-02 00:26:38 +02:00
Franz Pletz f8d681a91f
nixos/clamav: fix daemon/updater services toggling 2018-10-02 00:26:38 +02:00
Jörg Thalheim d334c1c1d0 nixos/bitlbee: option to use pam 2018-10-01 18:25:11 +01:00
Will Dietz 5cc251df89 light: user needs to be in the 'video' group 2018-09-30 21:21:23 -05:00
Will Dietz c78cda2a1a light: 1.1.2 -> 1.2, use new udev support instead of setuid wrapper. 2018-09-30 21:15:29 -05:00
Jamey Sharp b63f65aea0 nixos/pam: create wtmp/lastlog iff using pam_lastlog
I think pam_lastlog is the only thing that writes to these files in
practice on a modern Linux system, so in a configuration that doesn't
use that module, we don't need to create these files.

I used tmpfiles.d instead of activation snippets to create the logs.
It's good enough for upstream and other distros; it's probably good
enough for us.
2018-09-30 11:08:12 -07:00
Jamey Sharp 188bdfb95d nixos/opengl: create /run/opengl-driver using tmpfiles.d
Anything that uses OpenGL starts after sysinit.target, so
systemd-tmpfiles runs before anything that needs these symlinks.
2018-09-30 11:08:12 -07:00
Jamey Sharp dab5c632bd nixos/activation: don't create /run/nix
Nix 2.0 no longer uses these directories.

/run/nix/current-load was moved to /nix/var/nix/current-load in 2017
(Nix commit d7653dfc6dea076ecbe00520c6137977e0fced35). Anyway,
src/build-remote/build-remote.cc will create the current-load directory
if it doesn't exist already.

/run/nix/remote-stores seems to have been deprecated since 2014 (Nix
commit b1af336132cfe8a6e4c54912cc512f8c28d4ebf3) when the documentation
for $NIX_OTHER_STORES was removed, and support for it was dropped
entirely in 2016 (Nix commit 4494000e04122f24558e1436e66d20d89028b4bd).
2018-09-30 11:08:12 -07:00
Jamey Sharp ae3d3b0fff nixos/polkit: use tmpfiles to clean old dirs
These don't need to get cleaned up during activation; that can wait
until systemd-tmpfiles-setup runs.
2018-09-30 11:08:11 -07:00
Jamey Sharp bbc0f6f005 nixos/systemd: don't create /var/lib/udev
As far as I can tell, systemd has never used this directory, so I think
this is a holdover from before udev merged into systemd.
2018-09-30 11:05:47 -07:00
Jamey Sharp 10e8650515 nixos/systemd: let journald create /var/log/journal
The default value for journald's Storage option is "auto", which
determines whether to log to /var/log/journal based on whether that
directory already exists. So NixOS has been unconditionally creating
that directory in activation scripts.

However, we can get the same behavior by configuring journald.conf to
set Storage to "persistent" instead. In that case, journald will create
the directory itself if necessary.
2018-09-30 11:04:43 -07:00
Jamey Sharp 8d40083690 nixos/stage-2: create empty machine-id at boot
Previously, the activation script was responsible for ensuring that
/etc/machine-id exists. However, the only time it could not already
exist is during stage-2-init, not while switching configurations,
because one of the first things systemd does when starting up as PID 1
is to create this file. So I've moved the initialization to
stage-2-init.

Furthermore, since systemd will do the equivalent of
systemd-machine-id-setup if /etc/machine-id doesn't have valid contents,
we don't need to do that ourselves.

We _do_, however, want to ensure that the file at least exists, because
systemd also uses the non-existence of this file to guess that this is a
first-boot situation. In that case, systemd tries to create some
symlinks in /etc/systemd/system according to its presets, which it can't
do because we've already populated /etc according to the current NixOS
configuration.

This is not necessary for any other activation script snippets, so it's
okay to do it after stage-2-init runs the activation script. None of
them declare a dependency on the "systemd" snippet. Also, most of them
only create files or directories in ways that obviously don't need the
machine-id set.
2018-09-30 10:45:35 -07:00
Franz Pletz ebd38185c8 nixos/nextcloud: init
Co-authored-by: Franz Pletz <fpletz@fnordicwalking.de>
Co-authored-by: Robin Gloster <mail@glob.in>
Co-authored-by: Janne Heß <janne@hess.ooo>
Co-authored-by: Florian Klink <flokli@flokli.de>
2018-10-01 02:07:43 +09:30
Johan Thomsen a91c293aaf kubernetes: 1.11.3 -> 1.12.0
- kubelet CAdvisor port has been removed
2018-09-30 14:49:26 +02:00
nyanloutre da86afba0d
nixos/steam-hardware: module init 2018-09-30 11:22:32 +02:00
Jamey Sharp f449242e83 nixos/systemd: remove activation dependency
As far as I can tell, the systemd snippet hasn't depended on groups
being initialized since 5d02c02a9b in
2015, when a `setfacl` call was removed.
2018-09-29 23:37:38 -07:00
Graham Christensen 8413f22bb3
docs: format 2018-09-29 20:51:11 -04:00
Will Dietz 243e28bc96 nix-daemon: only add channels dir to NIX_PATH if exists
Per reviewer comment (thanks!).
2018-09-29 20:29:33 -04:00
Will Dietz f3a114e088 NIX_PATH: don't prepend $HOME-based value in session variable, set later
environment.sessionVariables cannot refer to the values of env vars,
and as a result this has caused problems in a variety of scenarios.

One use for these is that they're injected into /etc/profile,
elewhere these are used to populate an 'envfile' for pam
(`pam 5 pam_env.conf`) which mentions use of HOME being
potentially problematic.

Anyway if the goal is to make things easier for users,
simply do the NIX_PATH modification as extraInit.

This fixes the annoying problems generated by the current approach
(#40165 and others) while hopefully serving the original goal.

One way to check if things are borked is to try:

$ sudo env | grep NIX_PATH

Which (before this change) prints NIX_PATH variable with
an unexpanded $HOME in the value.

-------

This does mean the following won't contain user channels for 'will':
$ sudo -u will nix-instantiate --eval -E builtins.nixPath

However AFAICT currently they won't be present either,
due to unescaped $HOME.  Unsure if similar situation for other users
of sessionVariables (not sudo) work with current situation
(if they exist they will regress after this change AFAIK).
2018-09-29 20:29:33 -04:00
Dominik Xaver Hörl 73de073405 nixos/kmscon: Add autologin option 2018-09-29 21:55:14 +02:00
Elis Hirwing aba95986d2
lidarr: init at 0.3.1.471
Fork of sonarr (as radarr) but for music instead of series and movies.
2018-09-29 21:40:29 +02:00
Matthew Bauer 21c26ca390
Merge pull request #46607 from rembo10/sickbeard
Sickbeard/Sickgear/Sickrage: Init and module
2018-09-29 13:58:43 -05:00
Maximilian Bosch 1e211a70cb nixos/zsh: use `escapeShelLArg' for shell aliases (#47471)
Previously single quotes were used by default for aliases and the module
never warned about possible collisions when having a shell alias which
relies on single quotes.

Adding `escapeShellArg` works around this fixes the issue and ensures that a
properly quoted value is written to `/etc/zshrc`.
2018-09-28 23:42:55 +02:00
xeji f7c434b2a6
Merge pull request #47449 from griff/remove-rspamd-socket-activation
nixos/rspamd: Remove non-working socket activation
2018-09-28 21:03:04 +02:00
Brian Olsen 783a58f363
nixos/rspamd: Remove non-working socket activation
The socket activation I added to the rspamd module doesn't actually work
and can't be made to work without changes to rspamd.

See: #47421
See: rspamd/rspamd#2035
2018-09-28 19:43:34 +02:00
aszlig fd8bca45c9
nixos/kexec: Fix typo in meta.platforms
Evaluation error introduced in 599c4df46a.

There is only a "platformS" attribute in kexectools.meta, so let's use
this and from the code in the kexec module it operates on a list,
matching the corresponding platforms, so this seems to be the attribute
the original author intended.

Tested by building nixos/tests/kexec.nix on x86_64-linux and while it
evaluates now, the test still fails by timing out shortly after the
kexec:

machine: waiting for the VM to finish booting
machine# Cannot find the ESP partition mount point.

This however seems to be an unrelated issue and was also the case before
the commit mentioned above.

Signed-off-by: aszlig <aszlig@nix.build>
Cc: @edolstra, @dezgeg
2018-09-28 17:44:42 +02:00
Peter Hoeg 6e3e136f77 nixos on hyperv: hot-add CPU 2018-09-28 22:28:26 +08:00
Peter Hoeg ca6d41ae65 nixos-installer: use the hyperv module on hyperv 2018-09-28 22:28:18 +08:00
Peter Hoeg 3a76bc7a79 nixos on hyperv: load modules and set video mode 2018-09-28 22:28:17 +08:00
Tuomas Tynkkynen 599c4df46a nixos/kexec: Replace meta.available checks
This sort of code breaks config.{allowBroken, allowUnsupportedSystem} =
true by making them do unpredictable things.
2018-09-28 15:01:00 +03:00
Jörg Thalheim 1d65e473e7
Merge pull request #47462 from Mic92/fix-logind-user-temp
systemd: don't restart user-runtime-dir@ on upgrades
2018-09-28 12:10:02 +01:00
Jörg Thalheim aa69bb5743 systemd: don't restart user-runtime-dir@ on upgrades
Likewise logind we should not try to restart this service after upgrade,
the user's current session depends on it.
2018-09-28 11:37:20 +01:00
Tuomas Tynkkynen d6e3db44cf Add ssh backdoor to VM tests infrastructure.
Thanks to @dezgeg for prototype implementation, I've
cleaned it up and added documentation.
2018-09-28 10:53:08 +01:00
Jörg Thalheim 2dc1d75eb4
Merge pull request #35690 from griff/rspamd-socketruntime
nixos/rspamd: Preserve runtime directory when using socket activation
2018-09-27 14:09:12 +01:00
Robert Hensing 6c568b6644 rabbitmq module: Update documentation
Elaborate on the two config file formats.
2018-09-27 13:13:27 +02:00
Franz Pletz e7ca9af4cc
shairport-sync: fix pulseaudio support & default arguments 2018-09-26 18:12:02 +02:00
Domen Kožar 82feb4b66e
postgresql: give postgres user a shell 2018-09-26 12:11:40 +01:00
zimbatm 9fb79868ab google-compute-engine: 20180510 -> 20180905
The list of corresponding NixOS services are also updated
2018-09-26 11:48:16 +02:00
aszlig 9bfd864c59
Merge reording asserts in NixOS eval (#47293)
Changes the evaluation order in that it evaluates assertions before
warnings, so that eg. the following would work:

  { config, lib, ... }:

  {
    options.foo = lib.mkOption {
      type = lib.types.bool;
      default = true;
      description = "...";
    };

    options.bar = lib.mkOption {
      type = lib.types.bool;
      default = false;
      description = "...";
    };

    config = lib.mkMerge [
      (lib.mkIf config.bar {
        system.build.bar = "foobar";
      })
      (lib.mkIf config.foo {
        assertions = lib.singleton {
          assertion = config.bar;
          message = "Bar needs to be enabled";
        };
        systemd.services.foo = {
          description = "Foo";
          serviceConfig.ExecStart = config.system.build.bar;
        };
      })
    ];
  }

This is because the systemd module includes definitions for warnings
that would trigger evaluation of the config.system.build.bar definition.

The original pull request references a breakage due to the following:

  {
    services.nixosManual.enable = false;
    services.nixosManual.showManual = true;
  }

However, changing the eval order between asserts and warnings clearly is
a corner case here and it only happens because of the aforementioned
usage of warnings in the systemd module and needs more discussion.

Nevertheless, this is still useful because it lowers the evaluation time
whenever an assertion is hit, which is a hard failure anyway.
2018-09-26 01:18:41 +02:00
aszlig c5bb43188d
nixos: Fix eval error for documentation.nixos
Introduced by 0f3b89bbed.

If services.nixosManual.showManual is enabled and
documentation.nixos.enable is not, there is no
config.system.build.manual available, so evaluation fails. For example
this is the case for the installer tests.

There is however an assertion which should catch exactly this, but it
isn't thrown because the usage of config.system.build.manual is
evaluated earlier than the assertions.

So I split the assertion off into a separate mkIf to make sure it is
shown appropriately and also fixed the installation-device profile to
enable documentation.nixos.

Signed-off-by: aszlig <aszlig@nix.build>
Cc: @oxij
2018-09-25 23:39:44 +02:00
Alexey Lebedeff afa2be4464 rabbitmq module: modernize after package upgrade
- Use socket-activated epmd - that way there won't be any trouble when
  more than one erlang system is used within a single host.
- Use new automation-friendly configuration file format
- Use systemd notifications instead of buggy 'rabbitmqctl wait' for
  confirming successful server startup.
  'wait' bug: https://github.com/rabbitmq/rabbitmq-server/issues/463
- Use 'rabbitmqctl shutdown' instead of 'stop', because it's not
  pid-file based
- Use sane systemd unit defaults from RabbitMQ repo:
  https://github.com/rabbitmq/rabbitmq-server/blob/master/docs/rabbitmq-server.service.example
- Support for external plugins
2018-09-25 11:19:23 +02:00
Sarah Brofeldt ded8f28c3a Revert "virtualization/qemu-vm: fix and improve virtio/scsi switching"
This reverts commit f777d2b719.
cc #34409
This breaks evaluation of the tested job:
attribute 'diskInterface' missing, at /nix/store/5k9kk52bv6zsvsyyvpxhm8xmwyn2yjvx-source/pkgs/build-support/vm/default.nix:316:24
2018-09-25 11:10:10 +02:00
Michael Raskin 61abf3bbd9
Merge pull request #47298 from oxij/nixos/doc-in-installer
nixos: fix fallout from #46193
2018-09-25 09:00:43 +00:00
WilliButz 78ad8d4a62 nixos/gitlab: rebuild authorized_keys during preStart
This updates the path to the 'gitlab-shell' to the
correct store path when gitlab is restarted.
2018-09-25 03:53:32 +02:00
Robin Gloster dc915565ba gitlab module: workhorse may start before gitlab 2018-09-25 03:53:32 +02:00
Kristoffer Thømt Ravneberg f17f59ca8e nixos/gitlab: avoid creating recursive symlinks, add gitlab-rake deps 2018-09-25 03:53:32 +02:00
xeji bc22265e65
Merge pull request #47296 from matthewbauer/closure-size-reductions
ISO/OVA closure size reductions
2018-09-24 23:21:02 +02:00
Jan Malakhovski 1a6ce11518 nixos: doc: fix minimal profile and installer configs 2018-09-24 21:07:59 +00:00
Jan Malakhovski 3c0cced272 nixos: doc: nixos-manual: fix assert 2018-09-24 21:07:55 +00:00
Austin Seipp 0ce90d58cc nixos/chrony: clean up, rework to be a little closer to upstream
Most importantly, this sets PrivateTmp, ProtectHome, and ProtectSystem
so that Chrony flaws are mitigated, should they occur.

Moving to ProtectSystem=full however, requires moving the chrony key
files under /var/lib/chrony -- which should be fine, anyway.

This also ensures ConditionCapability=CAP_SYS_TIME is set, ensuring
that chronyd will only be launched in an environment where such a
capability can be granted.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2018-09-24 15:42:44 -05:00
Matthew Bauer 2b7d6e463e nixos: don’t enableQt4Support for installer profile
This is already done in
installer/cd-dvd/installation-cd-graphical-kde.nix but not in
profiles/graphical.nix. Related to #47256.
2018-09-24 15:07:25 -05:00
Jan Malakhovski 563d5b1c87 nixos: top-level: indent 2018-09-24 19:45:16 +00:00
Jan Malakhovski fece91537b nixos: top-level: evaluate assertions before warnings
or else at least the following config will fail with an evaluation error
instead of an assert

```
{
  services.nixosManual.enable = false;
  services.nixosManual.showManual = true;
}
```
2018-09-24 19:45:15 +00:00