1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-12-25 03:17:13 +00:00
Commit graph

7190 commits

Author SHA1 Message Date
Linus Heckemann b73e3b6095 GNOME: 3.22 -> 3.24
This is a squash commit of the joint work from:

* Jan Tojnar (@jtojnar)
* Linus Heckemann (@lheckemann)
* Ryan Mulligan (@ryantm)
* romildo (@romildo)
* Tom Hunger (@teh)
2017-08-28 15:32:49 +01:00
Robin Gloster 8994b27c54
libvirtd module: add qemu_kvm to path 2017-08-28 12:54:41 +02:00
Franz Pletz 951106c650
lldpd: 0.9.7 -> 0.9.8
Now uses the upstream systemd unit which adds lots of hardening flags.
2017-08-27 02:33:32 +02:00
Joachim F 1715436b75 Merge pull request #27833 from volth/hpsa-2.40
nixos/hardware/raid/hpsa: init at 2.40
2017-08-26 23:10:57 +00:00
Jörg Thalheim 2d43c1fa9f Revert "boot.kernelParams: dedup and sort"
This reverts commit 9e00c643d8.

reason: https://github.com/NixOS/nixpkgs/pull/28392#issuecomment-325130848
2017-08-26 15:45:24 +01:00
Jörg Thalheim 66b42344f3 Merge pull request #28392 from volth/patch-53
boot.kernelParams: dedup and sort
2017-08-26 14:14:14 +01:00
Joachim F 227697bc67 Merge pull request #28562 from oxij/nixos/i2pd
nixos: i2pd: bits and pieces
2017-08-26 10:07:35 +00:00
Phil 4f2935390e nixos/usbguard: create package and module (#28363)
* nixos/usbguard: create package and module

No usbguard module or package existed for NixOS previously. USBGuard
will protect you from BadUSB attacks. (assuming configuration is done
correctly)

* nixos/usbguard: remove extra packages

Users can override this by themselves.

* nixos/usbguard: add maintainer and fix style
2017-08-25 23:35:18 +01:00
Jörg Thalheim e861a26b82 Merge pull request #28476 from disassembler/airsonic
airsonic: init at 10.0.0
2017-08-25 23:19:49 +01:00
Jörg Thalheim 3ba09a8e2c nixos/airsonic: remove full-path commands from preStart
systemd services are initialised with a default PATH.
This path includes coreutils.
2017-08-25 23:18:46 +01:00
Jörg Thalheim 6905e59e25 nixos/airsonic: change script to serviceConfig.ExecStart
- shell invocation is not necessary here
2017-08-25 23:18:46 +01:00
Frederik Rietdijk 665d393919 Merge remote-tracking branch 'upstream/master' into HEAD 2017-08-25 19:39:41 +02:00
Frederik Rietdijk 997043c137 bepasty: move out of python-packages
because its a (web) application and thus doesn't belong there.
2017-08-25 19:36:18 +02:00
Jan Malakhovski 27aa99753b nixos: i2pd: fix indent 2017-08-25 12:49:10 +00:00
Jan Malakhovski 3594c4eec6 nixos: i2pd: tiny fix in a description 2017-08-25 12:49:10 +00:00
SLNOS fd872c9b71 nixos: i2pd: enable ElGamal precomputation by default 2017-08-25 12:49:10 +00:00
SLNOS af5de701b7 nixos: i2pd: add logLevel 2017-08-25 12:49:10 +00:00
SLNOS 042329be5e nixos: i2pd: one fork less, one process less 2017-08-25 12:49:10 +00:00
SLNOS b42a107bc6 nixos: i2pd: rename extIp -> address to harmonize with tor 2017-08-25 12:49:10 +00:00
SLNOS c21d434d1b nixos: i2pd: change httpproxy port to its default value 2017-08-25 12:49:10 +00:00
aszlig dd5f0d9538
nixos: Fix build of manual
Regression introduced by 520a43ced3.

Using XML tag characters for things that are not tags needs to be
properly indicated by an entity.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2017-08-25 14:08:11 +02:00
Jörg Thalheim 47295b4677 Merge pull request #28552 from romildo/fix.oblogout
oblogout: add description for configuration options
2017-08-25 09:35:36 +01:00
Izorkin 520a43ced3 Fix zsh completions (#28550)
* Fix zsh completions

* Fix zsh completions (fix commit)

* Fix zsh completions (fix commit)
2017-08-25 09:34:21 +01:00
Robert Helgesson f861426de9
nixos/tlp: mask systemd-rfkill socket
This fixes a spurious error on boot. See #24737.
2017-08-25 10:09:25 +02:00
Jörg Thalheim 21df7ec4cf Merge pull request #28549 from evujumenuk/exit_on_reboot
containers: remove EXIT_ON_REBOOT
2017-08-25 07:02:31 +01:00
Jörg Thalheim ddf540d44c Merge pull request #27096 from gnidorah/maxx
maxx: init at 1.1.0
2017-08-25 06:40:31 +01:00
Peter Hoeg ecdabb1b5b Merge pull request #28481 from mpcsh/master
nixos/caddy: improve documentation
2017-08-25 09:56:40 +08:00
romildo 51df72e4f6 oblogout: add description for configuration options 2017-08-24 18:10:32 -03:00
evujumenuk 36dd8edde1 containers: remove EXIT_ON_REBOOT
EXIT_ON_REBOOT has been obsolete since sometime in 2014.
2017-08-24 20:48:24 +02:00
Frederik Rietdijk 31ba3649ec Merge pull request #28189 from Nadrieril/ffsync-non-root
firefox syncserver service: run as non-root user by default
2017-08-24 20:47:52 +02:00
Mark Cohen 8511a3378b nixos/caddy: improve documentation
There was no documentation for the "config" option, and it wasn't quite
clear whether it was supposed to be a file, a string, or what. This
commit removes that ambiguity.
2017-08-24 13:39:06 -04:00
gnidorah 15ae2cbeea maxx: use libredirect 2017-08-24 19:34:08 +03:00
Thomas Tuegel 27c043c49b Merge pull request #28470 from benley/fix-pam-kwallet5
nixos: Fix pam_kwallet5 integration
2017-08-24 11:32:49 -05:00
Joachim F 9447b8b9cd Merge pull request #28338 from oxij/nixos/better-tor
nixos: better tor config
2017-08-24 08:12:59 +00:00
Philipp Hausmann de1a25cd69 nixos/hail: init (#28442) 2017-08-23 18:23:13 +00:00
Samuel Leathers 85329b96e0 nixos/airsonic: add module 2017-08-23 13:06:28 -04:00
Joachim F f1514a5876 Merge pull request #27699 from volth/varnish-fixes-sq
nixos/varnish: made compatible with varnish 5.1.2, add modules
2017-08-22 22:01:00 +00:00
Robin Gloster ce7e2c06b1
prometheus-unifi-exporter: make ordering more robust 2017-08-22 20:26:18 +02:00
Benjamin Staffin 2e65e2df94 nixos: Fix pam_kwallet5 integration
Fixes #28469
2017-08-22 11:52:14 -04:00
SLNOS 2c4a925ab0 nixos: tor: rename portSpec -> port, type all "port"s properly 2017-08-22 14:57:07 +00:00
SLNOS 30a3cccd07 nixos: tor: better submodule for hidden services
Rebased onto master with a different implementation.
Originally: "add support for serving hidden services".
2017-08-22 14:57:07 +00:00
SLNOS 9226f4886f nixos: tor: more options, no unexpected consequences for default relay operators
Before this commit default relay configuration could produce unexpected
real life consequences. This patch makes those choices explicit and
documents them extensively.
2017-08-22 14:57:06 +00:00
danbst 65ff0d5f9d switch-to-configuration: fix detection of changes between rebuilds for template instances
This makes declarative containers truly reloadable. Current code already declares it:

56904d7c42/nixos/modules/virtualisation/containers.nix (L488)

```
  restartIfChanged = false;
```

56904d7c42/nixos/modules/virtualisation/containers.nix (L540)

```
  reloadIfChanged = true;
```

Original author: @chrisfarms in 6e36619b27
Most of stuff from that commit has already been ported.
2017-08-22 15:04:18 +03:00
Christian Albrecht 964799e556 sks and pgpkeyserver-lite modules: init (#27515)
* modules sks and pgpkeyserver-lite:
  runs the sks keyserver with optional nginx proxy for webgui.
* Add calbrecht to maintainers
* module sks: fix default hkpAddress value
* module pgpkeyserver-lite: make hkpAddress a string type option
  and use (builtins.head services.sks.hkpAddress) as default value
* module sks: remove leftover service dependencies
2017-08-22 12:27:00 +02:00
Franz Pletz 66fe192301 Merge pull request #28293 from makefu/module/gitlab-runner/configOptions
module gitlab-runner: introduce configOptions and configFile
2017-08-21 20:27:48 +02:00
Franz Pletz cfb716e6a5
phpfpm service: remove NoNewPrivileges systemd option
This interferes with sendmail because suid won't work. Fixes #26611.
2017-08-21 19:24:17 +02:00
Frederik Rietdijk 6bbc3a0b24 Merge commit '3b29468313bc8604fe8f85c8d9316fd276d3985c' into HEAD 2017-08-21 04:44:40 +02:00
Casey Rodarmor ae02dd2d0a nixos/mpd: allow configuring playlist directory (#28252) 2017-08-20 20:34:34 +00:00
Vladimír Čunát 7c7c83e233
buildLinux: allow overriding stdenv on each call 2017-08-20 08:24:52 +02:00
volth 9e00c643d8 boot.kernelParams: dedup and sort
dedup and sort boot.kernelParams  to avoid restarting services on eval order change
Fixes https://github.com/NixOS/nixpkgs/issues/28277
2017-08-19 06:21:13 +00:00
Maximilian Bosch a73c721f3f
programs.zsh: move evlauation of ${zshAliases} after cfg.interactiveShellInit
`cfg.interactiveShellInit` is used by modules like
`programs.zsh.oh-my-zsh`. This means that all aliases defined in
`programs.zsh.shellAliases` might be overriden which is highly
unpredictable
2017-08-18 21:48:38 +02:00
Maximilian Güntner 0f02879e01
ipfs: added defaultMode, added norouting service 2017-08-17 03:30:57 +02:00
makefu e6785422ae
module gitlab-runner: introduce configOptions and configFile
Also removes configText, functionality is now provided more conveniently by configOptions.
Keep in mind that this breaks compatibility with previous configurations,
configFile provides a means to protect the CI token from being written into the nix store.
2017-08-15 16:06:55 +02:00
Peter Hoeg 698efcb7b5 open-vm-tools: do not pull x dependencies unconditionally
The "headless" configuration option is ignored because we unconditionally
reference pkgs.open-vm-tools.

This fixes that.
2017-08-15 17:05:30 +08:00
gnidorah b73ae0a695 maxx: move deps from module to package 2017-08-14 11:13:49 +03:00
Jean-Pierre PRUNARET e6157451c1 nixos/munin: scripts need to be executable in order to build a wrapper
"Builder called die: Cannot wrap
/nix/store/XXX-munin-available-plugins/plugin.sh because it is not an
executable file"

[Bjørn: Keep DRY, quote "$file".]
2017-08-14 07:50:32 +02:00
Joachim F 3e21f91a39 Merge pull request #27796 from LumiGuide/postage
postage: init at 3.2.17 & add NixOS module
2017-08-13 20:59:06 +00:00
Joachim Fasting c0769dc6ef
nixos/hardened profile: increase ASLR entropy 2017-08-13 21:44:13 +02:00
Franz Pletz 2d5a04e5bd
nixos/agetty: override upstream default
Also see c2cf696430.
2017-08-13 19:07:38 +02:00
Frederik Rietdijk 7ebcd39a0f Merge commit '4c49205' into HEAD 2017-08-13 18:34:59 +02:00
Silvan Mosberger e16a0988bc
radicale: 1.1.4 -> 2.1.2
This commit readds and updates the 1.x package from 1.1.4 to 1.1.6 which
also includes the needed command for migrating to 2.x

The module is adjusted to the version change, defaulting to radicale2 if
stateVersion >= 17.09 and radicale1 otherwise. It also now uses
ExecStart instead of the script service attribute. Some missing dots at
the end of sentences were also added.

I added a paragraph in the release notes on how to update to a newer
version.
2017-08-13 17:23:43 +02:00
Peter Hoeg 4ce76d9e1a ddclient nixos module: follow best practice for running daemons
Couple of changes:

 - move home to /var/lib/ddclient so we can enable ProtectSystem=full
 - do not stick binary into systemPackages as it will only run as a daemon
 - run as dedicated user/group
 - document why we cannot run as type=forking (output is swallowed)
 - secure things by running with ProtectSystem and PrivateTmp
 - .pid file goes into /run/ddclient
 - let nix create the home directory instead of handling it manually
 - make the interval configurable
2017-08-13 21:56:48 +08:00
Peter Hoeg beec141d84 ddclient: assign group for ddclient 2017-08-13 21:56:48 +08:00
Franz Pletz 9fda9f8c79 Merge pull request #27903 from volth/issue-27857-libvirt-xml-manipulation
libvirt: 3.5.0 -> 3.6.0
2017-08-12 21:45:01 +02:00
Nadrieril 69a4836df5 firefox syncserver service: run as non-root user by default 2017-08-12 14:42:50 +01:00
Frederik Rietdijk c06fb4a269 Merge pull request #28188 from Nadrieril/ffsync-fix-pythonpath
firefox syncserver service: fix PYTHONPATH
2017-08-12 15:11:53 +02:00
Nadrieril d6c1d2f793 firefox syncserver service: fix PYTHONPATH 2017-08-12 14:08:25 +01:00
Robin Gloster 79ac09ea06
ripple-rest: remove
marked as broken for > 1 yr, development is frozen and author recommends
moving to https://github.com/ripple/ripple-lib
2017-08-12 13:38:32 +02:00
Franz Pletz 5d2764eb68
prometheus-blackbox-exporter: 0.5.0 -> 0.8.1 2017-08-12 11:05:23 +02:00
Jörg Thalheim c2e7b0e0b4 Merge pull request #27997 from richardlarocque/mosquitto_hashed_pass_docs
nixos/mosquitto: Fix instructions for password gen
2017-08-12 09:07:22 +01:00
Phil b4d2cd6f6a nixos/tor: add tor hidden service options (#28081)
* nixos/tor: add hiddenServices option

This change allows to configure hidden services more conveniently.

* nixos/tor: fix default/example mixup

* nixos/tor: use docbook in documentation

Also use more elegant optionalString for optional strings.

* tor: seperate hidden service port by newline

* tor: better example for hidden service path

a path below /var/lib/tor is usually used for hidden services
2017-08-11 22:59:52 +01:00
Keith Amidon f9204b9762 nixos/samba: fix pam service name typo (#28049)
The PAM service name used before this commit was "sambda", with an
extra 'd'. For some reason I don't quite fully understand this typo
prevents GDM from starting. This change fixes that as tested in VMs
built using "nixos-rebuild -I nixpkgs=<mypkgs> build-vm".
2017-08-11 20:13:33 +00:00
Franz Pletz 991745046f Merge pull request #27993 from Nadrieril/rsync-run-as-user
rsync service: allow running as user (plus some tweaks)
2017-08-11 19:12:46 +02:00
Peter Hoeg b6f7713d33 Merge pull request #28127 from peterhoeg/f/collectd
influxdb (on nixos): reduce closure size by 99.99% (and a bit)
2017-08-12 00:01:46 +08:00
Franz Pletz 61d133c1ee Merge pull request #27939 from evujumenuk/wireguard-rt_tables
wireguard: add per-peer routing table option
2017-08-11 16:27:07 +02:00
Peter Hoeg 211593fe49 influxdb nixos module: allow customizing the collectd dependency 2017-08-11 22:12:49 +08:00
Joachim F 793523d7bc Merge pull request #28089 from volth/patch-9
nixos/tinc: do not tell systemd where is pidfile
2017-08-11 13:31:57 +00:00
Tristan Helmich aa8e60d934 graylog module: adapt to Graylog version 2.3.0 2017-08-11 13:07:30 +02:00
Domen Kožar 486e1c3c16 Merge pull request #27998 from davidak/macOS
replace "Mac OS X" and "OS X" with "macOS"
2017-08-11 13:01:36 +02:00
Peter Simons 1b30d15369 Merge pull request #28123 from jerith666/post-fix-up
Post fix up
2017-08-11 09:36:58 +02:00
Matt McHenry 9186dda4a9 postfix: wakeup value should be used even if wakeupUnusedComponent is not defined 2017-08-10 21:32:03 -04:00
Matt McHenry 01fbf30041 postfix: warn about deprecated extraMasterConf option 2017-08-10 21:32:03 -04:00
Matt McHenry edd4a0efe3 postfix: fix typo in transport_maps path 2017-08-10 21:32:02 -04:00
volth 15351c4780 apply 'restartIfChanged = false' to all libvirtd services
Although it is quite safe to restart ```libvirtd``` when there are only ```qemu``` machines, in case if there are ```libvirt_lxc``` containers, a restart may result in putting the whole system into an odd state: the containers go on running but the new ```libvirtd``` daemons do not see them.
2017-08-10 11:34:32 +00:00
Joachim Fasting 767b2ae327
nixos/dnscrypt-proxy: default to random upstream resolver 2017-08-10 01:19:17 +02:00
volth b32b18631e nixos/tinc: do not tell systemd where is pidfile
```Tinc```'s pid file has more info than just a pid

```
# cat /run/tinc.dmz.pid
12209 7BD4A657B4A04364D268D188A0F4AA972A05247D802149246BBE1F1E689CABA1 127.0.0.1 port 656
```
so ```systemd``` fails to parse it.
It results in long (re)start times when ```systemd``` waits for a correct pid file to appear.
2017-08-09 22:35:20 +00:00
volth 7e5332c868 tinc: allow the daemon to write to files in /etc/tinc/${network}/hosts
Follow up https://github.com/NixOS/nixpkgs/pull/27756: tinc daemon may also create new files in ```/etc/tinc/$network/hosts```
2017-08-10 00:09:45 +02:00
Dan Peebles b48ffa332b services.fluentd: add plugins option
This allows us to pass in additional ad-hoc fluentd plugins for custom
output formats and other goodness.
2017-08-08 22:02:56 +00:00
Michael Raskin 29c3ea0cf0 Merge pull request #27925 from adisbladis/networkmanager_unbound
networkmanager service: use unbound if enabled
2017-08-08 12:13:42 +02:00
Jörg Thalheim 035e0198c5 Merge pull request #27978 from makefu/module/influxdb/bind-fix
influxdb module: collectd.port is now called bind-address
2017-08-08 07:51:03 +01:00
Wout Mertens 18fa60db30 Merge pull request #28008 from alexandergall/add-cloud-image
nixos/cloud-image: add module
2017-08-08 07:29:08 +02:00
Franz Pletz bfc78abf2b Merge pull request #28019 from Infinisil/fix-default-text-xmonad
xmonad service: add defaultText to extraPackages to fix rendering in docs
2017-08-08 02:15:45 +02:00
evujumenuk eaab02b94f wireguard: convert "table" to an interface option
Do the right thing, and use multiple interfaces for policy routing. For example, WireGuard interfaces do not allow multiple routes for the same CIDR range.
2017-08-08 01:45:19 +02:00
Silvan Mosberger 7bc42a8971
xmonad service: add defaultText to extraPackages to fix rendering in docs 2017-08-08 01:14:58 +02:00
davidak 3270aa896b replace "Mac OS X" and "OS X" with "macOS"
as it is the official name since 2016

https://en.wikipedia.org/wiki/Macintosh_operating_systems#Desktop

exception are parts refering to older versions of macOS like

"GUI support for Mac OS X 10.6 - 10.12. Note that Emacs 23 and later [...]"
2017-08-07 21:41:30 +02:00
Bas van Dijk ca64eaadf8 postage: init at 3.2.17 & add NixOS module 2017-08-07 20:35:23 +02:00
Wout Mertens 339330b322 Merge pull request #27426 from rnhmjoj/nginx
nginx: make enabling SSL port-specific
2017-08-07 16:46:28 +02:00
Frederik Rietdijk e6808e30ae Merge pull request #27931 from gnidorah/kde
Fix some KDE applications
2017-08-07 13:15:36 +02:00
Alexander Gall a0a4bea2a6 nixos/cloud-image: add module
The module creates an image for an openstack-based cloud using the
cloud-init package.
2017-08-07 13:03:02 +02:00
Richard Larocque b27d8c5d0a nixos/mosquitto: Fix instructions for password gen
Fixes https://github.com/NixOS/nixpkgs/issues/27996.

Updates instructions for generating hashes passwords for use in a
Mosquitto password file.  Using `mosquitto_passwd` to generate these
hashes is a little less convenient, but the results are more likely to
be compatible with the mosquitto daemon.

As far as I can tell, the hashes generated with `mkpassd` did not work
as intended.  But this may have been hidden by another bug:
https://github.com/NixOS/nixpkgs/issues/27130.
2017-08-06 15:54:36 -07:00
Joachim F 9f93150ec9 Merge pull request #27820 from dalaing/piwik-install-doc-fix
nixos/piwik: clarifies setup documentation
2017-08-06 22:58:52 +01:00
Nadrieril a4d07290cb rsync service: allow running as not root 2017-08-06 22:57:53 +01:00
Nadrieril 94fc613cc7 rsync service: restart service on configuration change 2017-08-06 22:57:53 +01:00
Nadrieril 541377e5f0 rsync service: modernize config file generation 2017-08-06 22:57:53 +01:00
makefu c8e96826ae
influxdb module: collectd.port is now called bind-address
with the influxdb release we have packaged (and newer releases)
collectd.port has been streamlined to bind-address which takes a string
instead of a number.

ref: https://github.com/influxdata/influxdb/blob/master/services/collectd/README.md
2017-08-06 14:49:56 +02:00
gnidorah 0e28d3af1d nixos: add pathes for KDE applications 2017-08-06 12:55:10 +03:00
Robin Gloster 2dddc6dcf6 libvirt: don't suspend and resume on change 2017-08-05 11:00:02 +00:00
Jan Tojnar c9d419a22b gnome: Further fixes for Using the 'memory' GSettings backend issue 2017-08-05 12:21:00 +02:00
evujumenuk 6070d91e93 wireguard: remove "table" option from example
Most users will be served well by the default "table" setting ("main").
2017-08-04 21:00:45 +02:00
evujumenuk e355f7044d wireguard: add per-peer routing table option
This adds a convenient per-peer option to set the routing table that associated routes are added to. This functionality is very useful for isolating interfaces from the kernel's global routing and forcing all traffic of a virtual interface (or a group of processes, via e.g. "ip rule add uidrange 10000-10009 lookup 42") through Wireguard.
2017-08-04 18:30:53 +02:00
Phil 4f277bd920 nixos/networking/nat: add option for protocol
This commit adds an option to allow udp port forwarding (see #24894).
2017-08-04 17:03:05 +02:00
adisbladis da7755b75c
networkmanager service: use unbound if enabled 2017-08-04 13:50:06 +08:00
Robin Gloster dc13376ee2
wvdial: remove 2017-08-04 02:24:07 +02:00
Robin Gloster a4647bc33f
tlsdate: remove
Dead and does not build with openssl 1.1.
Debian has removed it, too.
2017-08-04 02:24:03 +02:00
Robin Gloster 485a8fef73
modules: specify some types 2017-08-04 02:20:31 +02:00
Robin Gloster 94a2cba8d9
nginx module: add resolver config 2017-08-04 02:15:46 +02:00
Robin Gloster 75bbcd4215
nginx module: include uwsgi_params 2017-08-04 02:15:01 +02:00
Markus Mueller c678fc385e
confluence: fix optional sso 2017-08-04 02:13:51 +02:00
Franz Pletz 02791ced34
atlassian-{jira,confluence}: add crowd sso support 2017-08-04 02:13:42 +02:00
Simon Lackerbauer 1075919413
unifi: add options to control JVM heap size
Our controller was acting very sluggish at times and increasing
available RAM for the JVM fixes this.
2017-08-04 02:12:31 +02:00
Franz Pletz 3b472d78a8
avahi-daemon service: add cacheEntriesMax option 2017-08-04 02:10:11 +02:00
Franz Pletz 32e7904624
gnupg agent module: fix ssh agent assertion logic 2017-08-04 02:07:49 +02:00
Markus Mueller 53d2f0980d
nat: always flush nixos nat rules on firewall start/reload
Fixes #27510
2017-08-03 21:16:14 +02:00
Volth 84a6a3683b libvirt: 3.5.0 -> 3.6.0 2017-08-03 13:53:57 +00:00
Daniel Fullmer caaa79f246 nixos/pulseaudio: Fix for missing zeroconf module 2017-08-03 14:21:34 +02:00
Peter Hoeg 72a64ea4f1 nsswitch: add systemd module
In order for DynamicUser = true to work in services, we need the
nss-systemd module to be able to resolve the user and group names
generated dynamically.
2017-08-03 10:51:06 +08:00
Profpatsch 5d62d8775c modules/systemd: improve logind.extraConfig example
Since we have a .handleLidSwitch option now, give an other example.
2017-08-03 03:07:05 +02:00
Dave Laing d690701ff7 nixos/piwik: clarifies setup documentation
The piwki setup documentation as it stands has two issues:
- the `ALTER USER root` line does not work with MariaDB or MySQL 5.5
- the auth plugin details vary between MariaDB and MySQL
2017-08-02 08:38:16 +10:00
Christian Albrecht 93965870a8 nixos/auditd: break ordering cycle (#27577)
auditd creates an ordering cycle by adding wantedBy = [ "basic.target" ],
because of this the job job systemd-update-utmp.service/start is deleted.

Adding unitConfig.DefaultDependencies = false; to the auditd service unbreaks the cycle.

See also #11864
2017-08-01 20:45:01 +01:00
Volth b998d8e8b7 nixos/hardware/raid/hpsa: init at 2.40 2017-08-01 12:52:04 +00:00
Franz Pletz c217f48c35
searx: 0.11.0 -> 0.12.0 2017-08-01 06:16:03 +02:00
Taeradan 67890f73af postfix service: typo in transport filepath 2017-07-31 21:05:03 +02:00
aszlig 4f901203e8
nixos/timezone: Fix evaluation error
Evaluation error introduced in a0d464033c.

If the value for timeZone is null it shouldn't be even tried to coerce
it into a string.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @lheckemann, @joachifm
2017-07-31 17:15:30 +02:00
Linus Heckemann a0d464033c nixos/timezone: support imperative timezone configuration (#26608)
Fixes #26469.
2017-07-31 15:55:24 +01:00
Valentin Shirokov d30b2eb1c0 Removed networking.fqdn option
Adding it was a mistake which can only lead to problems and confusion.
2017-07-31 13:55:41 +02:00
Valentin Shirokov a74c0c6652 Removed deprecation warning for networking.extraHosts 2017-07-31 10:04:01 +02:00
Frederik Rietdijk 740d76371e Merge commit 'ba68231273bea4cba01413fd2a0e56d68db9234c' into HEAD 2017-07-31 09:12:15 +02:00
Jörg Thalheim 758bf31a22 Merge pull request #27756 from volth/tinc-fix
tinc: allow the daemon to write to files in /etc/tinc/${network}/hosts
2017-07-30 11:15:15 +01:00
Jörg Thalheim 12e8bea477 Merge pull request #27578 from Ma27/bugfix/thefuck/support-for-non-posix-compliant-shells
programs.thefuck: support shells that don't use `/etc/profile`
2017-07-30 11:13:07 +01:00
sshisk e79d11b623 postfix service: fix extraMasterConf (#27755)
thanks
2017-07-30 11:37:51 +02:00
Vladimír Čunát 8177561e8f
Merge #27105: more correct form of /etc/hosts 2017-07-30 09:57:41 +02:00
Maximilian Bosch 26655f505f
programs.thefuck: support shells that don't use /etc/profile 2017-07-30 08:23:35 +02:00
Frederik Rietdijk 20b8e4b4cf Merge remote-tracking branch 'upstream/master' into HEAD 2017-07-30 08:09:11 +02:00
Volth 3b82d7db82 tinc: allow the daemon to write to files in /etc/tinc/${network}/hosts 2017-07-30 00:25:04 +00:00
Volth faac018630 environment.etc: add user/group option
fixes #27546
2017-07-29 23:56:46 +01:00
volth eaa2d27b90 nixos/tinc: remove restartTriggers
```restartTriggers``` pointed to the constant files in ```/nix/store/``` and had to effect.
2017-07-29 21:32:28 +02:00
Florian Jacob 3e69c650ab nixos/systemd-networkd: allow [Link] section in .network files 2017-07-29 21:25:21 +02:00
Bjørn Forsman aff0725a7d nixos/lighttpd: add enableUpstreamMimeTypes option
enableUpstreamMimeTypes controls whether to include the list of mime
types bundled with lighttpd (upstream). This option is enabled by
default and gives a much more complete mime type list than we currently
have. If you disable this, no mime types will be added by NixOS and you
will have to add your own mime types in services.lighttpd.extraConfig.
2017-07-29 14:24:40 +02:00
Bjørn Forsman b339e6e13f nixos/lighttpd: update list of allowed module names
* mod_dirlisting is auto-loaded by lighttpd and should not be explicitly
  loaded in the configuration file.
* The rest comes from looking at "ls -1 $lighttpd/lib/*.so" when
  lighttpd is built with "enableMagnet" and "enableMysql".
2017-07-29 14:24:40 +02:00
Frederik Rietdijk b2608b8910 Merge remote-tracking branch 'upstream/master' into HEAD 2017-07-29 13:08:11 +02:00
Joel Thompson 168fbde17a exhibitor: Fix bug with automatic instance management
Exhibitor tests the auto-manage-instances config value to see if it's a
non-zero integer, rather than a true/false string, which was getting
put into the config before. This now causes autoManageInstances to
behave correctly.
2017-07-28 15:54:48 -04:00
Franz Pletz b116fa5ff2
Merge branch 'master' into staging 2017-07-28 16:08:30 +02:00
aszlig 6e5d2f8963
nixos/xserver: Properly validate XKB options
Checking the keyboard layout has been a long set of hurdles so far, with
several attempts. Originally, the checking was introduced by @lheckemann
in #23709.

The initial implementation just was trying to check whether the symbols/
directory contained the layout name.

Unfortunately, that wasn't enough and keyboard variants weren't
recognized, so if you set layout to eg. "dvorak" it will fail with an
error (#25526).

So my improvement on that was to use sed to filter rules/base.lst and
match the layout against that. I fucked up twice with this, first
because layout can be a comma-separated list which I didn't account for
and second because I ran into a Nix issue (NixOS/nix#1426).

After fixing this, it still wasn't enough (and this is btw. what
localectl also does), because we were *only* matching rules but not
symbols, so using "eu" as a layout won't work either.

I decided now it's the time to actually use libxkbcommon to try
compiling the keyboard options and see whether it succeeds. This comes
in the form of a helper tool called xkbvalidate.

IMHO this approach is a lot less error-prone and we can be sure that we
don't forget about anything because that's what the X server itself uses
to compile the keymap.

Another advantage of this is that we now validate the full set of XKB
options rather than just the layout.

Tested this against a variety of wrong and correct keyboard
configurations and against the "keymap" NixOS VM tests.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @lheckemann, @peti, @7c6f434c, @tohl, @vcunat, @lluchs
Fixes: #27597
2017-07-28 12:39:55 +02:00
Valentin Shirokov 635ecd802f Deprecation warning for networking.extraHosts 2017-07-28 00:15:17 +03:00
Robin Gloster 2799a94963
zfs, spl: 0.6.5.11 -> 0.7.0 2017-07-27 19:00:54 +02:00
Volth 688dc4e4c3 tinc_pre: avoid infinite loop with EBADFD on network restart 2017-07-27 18:04:33 +02:00
Mateusz Kowalczyk 93d364f4f5 mongodb: we already set quiet in config 2017-07-27 13:26:36 +01:00
Graham Christensen 107d931b44 Merge pull request #27677 from peterhoeg/u/mcelog
mcelog: 148 -> 153
2017-07-27 06:34:10 -04:00
Peter Hoeg f5c0607f8d mcelog: use .service file from upstream 2017-07-27 13:06:20 +08:00
rnhmjoj a912a6a291
nginx: make enabling SSL port-specific 2017-07-27 03:45:53 +02:00
Volth c6128d2feb nixos/varnish: made compatible with varnish 5.2.1, add modules
* nixos/varnish: command line compatible with varnish 5.2.1, fixes
https://github.com/NixOS/nixpkgs/issues/27409
* nixos/varnish: add support for modules (services.varnish.extraModules)
* varnish-modules: init at 0.10.2
* varnish-geoip: init at 1.0.2
* varnish-rtstatus: init at 1.2.0
* varnish-digest: init at 1.0.1
* added services.varnish.extraCommandLine option
2017-07-26 23:32:49 +00:00
Graham Christensen d4ef5ac0e9
nixos/tahoe: fixup create-introducer, syntax regression from 90acbe5, improperly patched in 72f85b9e07 2017-07-26 19:13:21 -04:00
Graham Christensen 72f85b9e07
nixos/tahoe: fixup create-introducer, syntax regression from 90acbe5 2017-07-26 19:05:26 -04:00
Martin Wohlert 9be26f81ca change swap.randomEncryption config option to "coercedTo" for backwards compatibility 2017-07-26 20:57:10 +03:00
Martin Wohlert c3d5cfdc3c swap: extend randomEncryption to plainOpen and ability to select cipher 2017-07-26 20:57:10 +03:00
John Ericson 9be40841ea Merge remote-tracking branch 'upstream/master' into staging-base
Conflicts:
	pkgs/build-support/cc-wrapper/default.nix
	pkgs/build-support/gcc-wrapper-old/builder.sh
	pkgs/build-support/trivial-builders.nix
	pkgs/desktops/kde-4.14/kde-package/default.nix
	pkgs/development/compilers/openjdk-darwin/8.nix
	pkgs/development/compilers/openjdk-darwin/default.nix
	pkgs/development/compilers/openjdk/7.nix
	pkgs/development/compilers/openjdk/8.nix
	pkgs/development/compilers/oraclejdk/jdk-linux-base.nix
	pkgs/development/compilers/zulu/default.nix
	pkgs/development/haskell-modules/generic-builder.nix
	pkgs/misc/misc.nix
	pkgs/stdenv/generic/builder.sh
	pkgs/stdenv/generic/setup.sh
2017-07-26 13:46:04 -04:00
Peter Hoeg 588e3da3f4 Merge pull request #26761 from gnidorah/master3
qt5ct module: expose qtstyleplugins
2017-07-26 22:44:45 +08:00
Nikolay Amiantov 358abce837 autofs service: fix the manual
Fixes #27202.
2017-07-26 15:24:43 +03:00
k0ral a3e6df6ee2 environment.noXlibs: Disable gnome when noXLibs is set (#27567) 2017-07-26 08:54:42 +02:00
edef 10c6df2e3c nixos/…/swap.nix: don't create a LUKS header for randomEncryption
Creating and then erasing the key relies on the disk erasing data
correctly, and otherwise allows attackers to simply decrypt swap just
using "secretkey". We don't actually need a LUKS header, so we can save
ourselves some pointless disk writes and identifiability.

In addition, I wouldn't have made the awful mistake of backing up my swap partition's LUKS header instead of my zpool's. May my data rest in peace.
2017-07-26 08:45:50 +02:00
0xABAB 90acbe5449
Cleanup tahoe module
- Remove useless escape of question mark
- Fix and quoting
- Add some '&&s' for correctness
- Add escapeShellArg
- Remove &&s in preStart

Edited by grahamc: fixed the ${} typo on line 246
2017-07-25 22:09:43 -04:00
Volth 00512470ec tinc service: add CLI tools to the $PATH
Now user can execute e.g. "sudo tinc.netname dump nodes"
2017-07-25 23:13:58 +02:00
Jörg Thalheim 97544a6c38 Merge pull request #27627 from volth/zookeeper-escape-shell
nixos/zookeeper: escape cfg.extraCmdLineOptions
2017-07-25 07:46:05 +01:00
Charles Strahan c1fdf3341b Merge pull request #27347 from cstrahan/osquery-new
osquery: init at 2.5.2
2017-07-24 21:51:10 -04:00
Charles Strahan 53426f6cb9
osquery: init at 2.5.2 2017-07-24 21:47:32 -04:00
Volth f2bfb459c4 nixos/zookeeper: escape cfg.extraCmdLineOptions 2017-07-24 22:27:58 +00:00
gnidorah 52deb4b460 maxx: 1.0.0 -> 1.1.0 2017-07-24 13:19:45 +03:00
Aristid Breitkreuz 63190540a8 wireguard: sometimes module tries to re-add the default route, which fails - use replace to make it succeed 2017-07-23 23:08:39 +02:00
Joachim F 1a768eba2a Merge pull request #26632 from jazmit/nixpkgs
coturn: allow use of ports < 1024
2017-07-23 12:56:05 +01:00
gnidorah 9f61c7f947 qt5ct module: expose qtstyleplugins 2017-07-23 12:56:04 +03:00
Frederik Rietdijk 29f91c107f Merge remote-tracking branch 'upstream/master' into HEAD 2017-07-23 11:23:43 +02:00
Jörg Thalheim b1bff52a5c Merge pull request #27469 from Ma27/oh-my-zsh/make-pkg-configurable
programs.zsh.ohMyZsh: add `package` option to make package overrides on module-base easier
2017-07-22 10:00:35 +01:00
Thomas Tuegel 6a004bf9c8
Merge branch 'master' into bugfix/staging/stdenv 2017-07-21 20:36:34 -05:00
Joel Thompson 9dc51dc00d exhibitor: Fix bugs in previous package
The previous package didn't build properly due to a bug in the build
script, and the nixos module didn't evaluate due to missing descriptions
in the options. This fixes both issues.

It also adds missing command-line options that weren't able to be set
and properly converts bools to the strings exhibitor expects.
2017-07-21 16:14:04 -04:00
Franz Pletz 1697684591
docker module: fix autoPrune.enable description
cc #27503
2017-07-21 16:54:40 +02:00
Joel Thompson 4b42fc4b8a exhibitor: init at 3.4.9
Initial Exhibitor nix package and nixos module for Netflix's Exhibitor,
which is a manager for Apache Zookeeper.
2017-07-21 09:45:37 -04:00
Rhys 8777174d60 nixos/oauth2_proxy: actually pass provider-specific options
Syntax errors prevented important parameters from being passed to
oauth2_proxy, which could have permitted unauthorised access to
services behind the proxy.
2017-07-21 00:27:06 +02:00
Pascal Bach 22acfd0327 docker service: add option to do automatic pruning
This allows to run the prune job periodically on a machine.
By default the if enabled the job is run once a week.

The structure is similar to how system.autoUpgrade works.
2017-07-20 20:33:16 +02:00
Michael Peyton Jones b09c87ab47 Factorio service: fix typo in attribute path 2017-07-20 20:32:25 +02:00
Franz Pletz 00b6ac7bd3 Merge pull request #26419 from roblabla/feature-sasl
cyrus-sasl: Add saslauthd service and LDAP support
2017-07-20 20:23:52 +02:00
Maximilian Bosch 95bf0cc1cb
programs.zsh.ohMyZsh: add package option to make package overrides on module-base easier 2017-07-20 08:54:10 +02:00
Graham Christensen 2b2a6f2070
nixos/ldap: remove tls_checkpeer no when using TLS 2017-07-19 19:23:40 -04:00
Daiderd Jordan a03d6116ce
gitlab: fix archive urls for gitlab service
Accessing an url like https://gitlab.example.org/group/project/repository/archive.tar.gz?ref=master
requires tar/gzip to be in the path of the gitlab-workhorse service otherwise it fails.
2017-07-19 21:34:17 +02:00
zimbatm 14f53e5251 Merge pull request #26214 from zimbatm/google-compute-image
Google compute image
2017-07-19 09:49:20 +01:00
Benno Fünfstück 99fbd867ef Merge pull request #27031 from jerith666/cnijfilter-2-80
cnijfilter: init at 2.80
2017-07-18 14:37:32 +02:00
Rob Vermaas ec313abdce
Add file with Azure image locations, similar to ec2-amis.nix. Will be used by nixops.
(cherry picked from commit e93f26847e)
2017-07-18 09:18:51 +00:00
Rob Vermaas 412bfda422
Add file with GCE image locations, similar to ec2-amis.nix. Will be used by nixops.
(cherry picked from commit 9d810ddcc1)
2017-07-18 09:16:15 +00:00
Eelco Dolstra 17642b5fd0
nix: 1.11.12 -> 1.11.13 2017-07-18 10:54:01 +02:00
Jörg Thalheim 26f85e4253 Merge pull request #27410 from florianjacob/journalwatch
journalwatch & journalwatch service: init at 1.1.0
2017-07-18 08:19:33 +01:00
Aristid Breitkreuz 9b0ff955fd wireguard: allow not storing private keys in world-readable /nix/store (#27433)
* wireguard: allow not storing private keys in world-readable /nix/store
2017-07-17 23:55:31 +02:00
Falco Peijnenburg b09d036342 Strongswan after network-online instead of network
The systemd service file shipped with strongswan has strongswan started after `network-online`. It turns out that this is for good reason: failure to connect on boot otherwise. 

See this thread on the mailing list, which my colleague initiated after finding that our NixOS strongswan config wouldn't connect on boot:
https://lists.strongswan.org/pipermail/users/2017-January/010359.html

Tested on a local config (which has the strongswan service config overridden).
2017-07-17 20:17:58 +02:00
Wout Mertens c4783a982b nginx: add gzip_vary to recommended settings
Google PageSpeed recommends turning this on to allow proxies to cache
2017-07-17 20:15:59 +02:00
Jörg Thalheim 04c944cdb4 Merge pull request #27057 from Nadrieril/bitlbee-libpurple
bitlbee service: Add option to load libpurple plugins into bitlbee
2017-07-17 18:07:43 +01:00
Robin Gloster b8d92a7840
programs.gnupg: use extraInit instead of interactiveShellInit
Otherwise some programmes cannot use the GPG agent, e.g. applications
started from dmenu.

Behaviour was changed in #26888, this reverts that part.
2017-07-17 18:45:37 +02:00
Frederik Rietdijk 3eceecb90d Merge remote-tracking branch 'upstream/master' into HEAD 2017-07-17 13:52:01 +02:00
Matt McHenry 67d02cd60a cnijfilter: init at 2.80
this driver reads support files from lib/bjlib as well as lib/cups,
which is why the path in cupsd.nix is tweaked
2017-07-17 07:32:23 -04:00
Nadrieril 8669fb1f96 tinc service: BindToAddress and ListenAddress are different options, they should not be mistaken 2017-07-17 13:07:49 +02:00
Benno Fünfstück 1d78df2729 Merge pull request #27000 from Balletie/fix/pulseaudio-alsa-conf
pulseaudio: Resolve conflicting asound.conf of pulseaudio and alsa
2017-07-17 08:20:38 +02:00
volth 870375e19d all-hardware.nix: add VMware support. (#27430)
NixOS does not boot in VMware guest without these modules
2017-07-17 02:38:10 +02:00
Graham Christensen 8df6d351c4 Merge pull request #26912 from knedlsepp/fix-autoResize
nixos: Force check the filesystem before resizing
2017-07-16 16:54:54 -04:00
Graham Christensen 3d176b7ff1 Merge pull request #25670 from Mic92/cups-hardening
cups: mount private /tmp
2017-07-16 16:41:33 -04:00
Graham Christensen 6b879ef36e Merge pull request #23964 from benley/nixos-manual-launcher
nixos: nix snowflake logo for the nixos manual launcher
2017-07-16 16:28:30 -04:00
aszlig b618843860
nixos/taskserver: Fix manual PKI management
The helper tool had a very early check whether the automatically created
CA key/cert are available and thus it would abort if the key was
unavailable even though we don't need or even want to have the CA key.

Unfortunately our NixOS test didn't catch this, because it was just
switching from a configuration with an automatically created CA to a
manual configuration without deleting the generated keys and certs.

This is done now in the tests and it's also fixed in the helper tool.

Reported-by: @jpotier
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2017-07-16 20:38:15 +02:00
Jörg Thalheim c2cf696430 nixos/agetty: override upstream default
Since systemd 234 we keep default value for ExecStart in the upstream service file.
Therefor we need to override it in our module.
2017-07-16 18:29:57 +01:00
Nadrieril 65e38b7c52 bitlbee service: Add option to load libpurple plugins into bitlbee 2017-07-16 14:19:39 +01:00
Franz Pletz 951b932456 Merge pull request #27403 from rnhmjoj/nginx
nginx: make listen addresses configurable
2017-07-16 13:50:18 +02:00
Christian Kögler e8a8f1233a snapper: add nixos module
fixes #27154
2017-07-16 10:06:42 +01:00
Florian Jacob 63bb133373 journalwatch & journalwatch service: init at 1.1.0 2017-07-16 00:14:19 +02:00
zimbatm c93d68b6ed google-compute-image module: use google services
This adds a few google-specific services to setup the machine.

Accounts are now dynamically created using the google-accounts-daemon,
which allows to click on the "SSH" button in the console and have it
working.

The NixOS image now supports the userdata startup and shutdown scripts.

Misc:
* add all the google services from https://github.com/GoogleCloudPlatform/compute-image-packages/tree/master/google_compute_engine_init/systemd
* add udev rules for disk labels
* synched sysctl rules with https://github.com/GoogleCloudPlatform/compute-image-packages/blob/master/google_config/sysctl/11-gce-network-security.conf
2017-07-15 19:36:38 +01:00
Bjørn Forsman b8e109d6ac nixos/libvirt: prevent OVMF path from being garbage collected
Use xmlstarlet to update the OVMF path on each startup, like we do for
<emulator>...qemu-kvm</emulator>.

A libvirt domain using UEFI cannot start if the OVMF path is garbage
collected/missing.
2017-07-14 22:07:57 +02:00
Bjørn Forsman 292827b0e0 nixos/libvirt: modify xml with xmlstarlet
Instead of grep and sed, which is brittle.

(I don't know how to preserve the comment we currently add to say that
this line is auto-updated. But I don't think it adds much value, so I'm
not spending any effort on it.)
2017-07-14 22:07:57 +02:00
rnhmjoj e40f3bea3e
nginx: make listen addresses configurable 2017-07-14 21:26:54 +02:00
Bjørn Forsman 407b56986e nixos/lighttpd: fix indent (tab -> space) 2017-07-14 20:37:25 +02:00
Joachim Schiele af7c7b42c1 postfix: complete remake of postfix service (#27276) 2017-07-14 16:55:53 +02:00
Bjørn Forsman 8a35f751d1 nixos/spice-vdagentd: remove needless shell 2017-07-14 16:28:25 +02:00
Daniel Fullmer 627260ddbf gnupg agent module: Only set tty for interactive shells 2017-07-14 00:22:20 +02:00
Daniel Fullmer 38e971d2e1 gnupg agent module: Fix dirmngr.enable option 2017-07-14 00:22:20 +02:00
Daniel Fullmer 3d360a5ffb gnupg agent module: Remove unnecessary unit configuration
These just seem to duplicate upstream systemd units, which are already
included in nixos configuration by systemd.packages
2017-07-14 00:22:20 +02:00
Eelco Dolstra 40cf34aaae
nix: 1.11.11 -> 1.11.12 2017-07-13 16:37:11 +02:00
florianjacob 9937f13308 resolved: use resolved's static resolv.conf (#27144)
because it is upstream's recommended mode of operation:
https://www.freedesktop.org/software/systemd/man/systemd-resolved.html#/etc/resolv.conf
2017-07-13 14:40:31 +01:00
Jörg Thalheim b14bcd873a Merge pull request #27142 from florianjacob/resolved-multicastdns-support
networkd: Allow new MulticastDNS setting
2017-07-13 14:35:23 +01:00
Jörg Thalheim c29b5b5a40 Merge pull request #27350 from veprbl/slurm
Bump slurm, add pyslurm
2017-07-13 09:32:51 +01:00
Dmitry Kalinkin b917a8760e slurm: 15-08-5-1 -> 17.02.6, slurm-llnl -> slurm 2017-07-13 03:13:05 -04:00
Linus Heckemann 77ce02201e nixos-install: use FIFO for system closure
This avoids running out of space in space-constrained environments,
e.g. VMs with relatively small amounts of memory and tmp on tmpfs
2017-07-13 06:30:24 +01:00
Linus Heckemann 8b1f1d93fa nixos-install: only search for nixpkgs when needed 2017-07-13 06:26:44 +01:00
Daniel Peebles 598d79ae7d Merge pull request #27341 from lheckemann/installer-fixes
nixos-install: quote nixos-prepare-root arguments
2017-07-13 00:31:44 -04:00
Peter Hoeg 5cb11abc9e systemd: paths and slices are supported for user units too 2017-07-13 11:55:48 +08:00
Linus Heckemann fa5700544b nixos-install: quote nixos-prepare-root arguments
This prevents the script from breaking when channel_root is empty.
2017-07-12 21:58:25 +01:00
Charles Strahan c79e0b2ba0 Merge pull request #26907 from volth/vault
vault: 0.6.5 -> 0.7.3 with service
2017-07-11 15:02:29 -04:00
Pascal Bach c725924dfd gitlab-runner service: support graceful termination (#27222)
The current behavior was for gitlab-runner is to immediately terminate when there
was a restart required. This can lead to aborted builds and is annoying to users.

By enabling graceful mode gitlab-runner will wait for all builds to finish before
terminating. The disadvantage is that a nixos-rebuild switch needs to wait till
all jobs are done. Because of that it is not enabled by default.
2017-07-11 15:38:46 +01:00
Valentin Shirokov d29fc731b3 Example of networking.hosts is now literalExample 2017-07-09 23:12:57 +03:00
Christian Albrecht ebaff599ba nixos/auditd: init at 2.7.6 (#27261)
#11864 Support Linux audit subsystem
Add the auditd.service as NixOS module to be able to
generate profiles from /var/log/audit/audit.log
with apparmor-utils.

auditd needs the folder /var/log/audit to be present on start
so this is generated in ExecPreStart.

auditd starts with -s nochange so that effective audit processing
is managed by the audit.service.
2017-07-09 17:59:09 +01:00
Jörg Thalheim e86a7e439a Merge pull request #27229 from bachp/minio-more-config
minio service: add additional config options
2017-07-09 16:38:45 +01:00
Pascal Bach 0fb8456b13 minio service: add additional config options
Set access and secret key and disable browser.
Tests extended to do real operations against minio.
2017-07-09 15:19:50 +02:00
Daiderd Jordan 8189811d3f Merge pull request #25648 from yacinehmito/custom
Make zshrc more predictable
2017-07-09 10:45:40 +02:00
Joachim F a00a880572 Merge pull request #27055 from jfrankenau/mpd-startWhenNeeded
mpd service: Start when needed and harden
2017-07-09 09:34:31 +01:00
Valentin Shirokov 163393865f Style optimizations 2017-07-09 08:56:36 +03:00
Valentin Shirokov 2f97993992 Documentation fixes 2017-07-09 00:28:05 +03:00
Michael Raskin 0d2d5e2147 Merge pull request #27143 from florianjacob/networkmanager-support-resolved
networkmanager service: use resolved if enabled
2017-07-08 22:34:09 +02:00
Valentin Shirokov 396db6493d Style adjustments
Also dangerous typo fix
2017-07-08 23:04:47 +03:00