1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-12-18 02:46:28 +00:00
Commit graph

16630 commits

Author SHA1 Message Date
aszlig e1d63ada02
nginx: Fix ETag patch to ignore realpath(3) error
While our ETag patch works pretty fine if it comes to serving data off
store paths, it unfortunately broke something that might be a bit more
common, namely when using regexes to extract path components of
location directives for example.

Recently, @devhell has reported a bug with a nginx location directive
like this:

  location ~^/\~([a-z0-9_]+)(/.*)?$" {
    alias /home/$1/public_html$2;
  }

While this might look harmless at first glance, it does however cause
issues with our ETag patch. The alias directive gets broken up by nginx
like this:

  *2 http script copy: "/home/"
  *2 http script capture: "foo"
  *2 http script copy: "/public_html/"
  *2 http script capture: "bar.txt"

In our patch however, we use realpath(3) to get the canonicalised path
from ngx_http_core_loc_conf_s.root, which returns the *configured* value
from the root or alias directive. So in the example above, realpath(3)
boils down to the following syscalls:

  lstat("/home", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
  lstat("/home/$1", 0x7ffd08da6f60) = -1 ENOENT (No such file or directory)

During my review[1] of the initial patch, I didn't actually notice that
what we're doing here is returning NGX_ERROR if the realpath(3) call
fails, which in turn causes an HTTP 500 error.

Since our patch actually made the canonicalisation (and thus additional
syscalls) necessary, we really shouldn't introduce an additional error
so let's - at least for now - silently skip return value if realpath(3)
has failed.

However since we're using the unaltered root from the config we have
another issue, consider this root:

  /nix/store/...-abcde/$1

Calling realpath(3) on this path will fail (except if there's a file
called "$1" of course), so even this fix is not enough because it
results in the ETag not being set to the store path hash.

While this is very ugly and we should fix this very soon, it's not as
serious as getting HTTP 500 errors for serving static files.

I added a small NixOS VM test, which uses the example above as a
regression test.

It seems that my memory is failing these days, since apparently I *knew*
about this issue since digging for existing issues in nixpkgs, I found
this similar pull request which I even reviewed:

https://github.com/NixOS/nixpkgs/pull/66532

However, since the comments weren't addressed and the author hasn't
responded to the pull request, I decided to keep this very commit and do
a follow-up pull request.

[1]: https://github.com/NixOS/nixpkgs/pull/48337

Signed-off-by: aszlig <aszlig@nix.build>
Reported-by: @devhell
Acked-by: @7c6f434c
Acked-by: @yorickvP
Merges: https://github.com/NixOS/nixpkgs/pull/80671
Fixes: https://github.com/NixOS/nixpkgs/pull/66532
2020-03-28 02:57:21 +01:00
Marek Mahut 870a6e262d nixos/quorum: init 2020-03-27 19:31:01 +01:00
Rouven Czerwinski 1685cd7fa7 nixos/test: update test-driver.py for mypy 0.770 2020-03-27 01:57:48 -07:00
Samuel Dionne-Riel eb35d21d77 nixos/rigel: Fix evaluation 2020-03-26 19:29:08 -04:00
Maximilian Bosch 90dcc33603
Merge pull request #40082 from jarjee/update/mongodb
mongodb: 3.4.10 -> 4.0.12
2020-03-26 18:15:09 +01:00
worldofpeace b3ef282fd5 nixos/rygel: link rygel.conf
Fixes https://github.com/NixOS/nixpkgs/issues/83108.
In the future we should make this configurable.
2020-03-26 10:52:10 -04:00
Maximilian Bosch b65ff5d455
nixos/release-notes: mention mongodb update 2020-03-26 14:04:42 +01:00
Maximilian Bosch 2934f04641
nixos/tests/mongodb: rewrite with python
perl-based VM tests are deprecated.
2020-03-26 14:02:49 +01:00
Nathan Smyth 44641ed00b
nixos/tests/mongodb: test against mongodb versions 3.4, 3.6, 4.0
Now has tests for 3.4, 3.6, 4.0. Has some duplication, but it appears to
work on my machine.
2020-03-26 14:02:49 +01:00
zimbatm d8f0c5407e
Merge pull request #82929 from zimbatm/nixos-gerrit
nixos gerrit module
2020-03-26 12:47:15 +01:00
Maximilian Bosch 89bcf4b7e2
Merge pull request #82353 from Ma27/nextcloud-upgrade-path
nixos/nextcloud: fix upgrade path from 19.09 to 20.03
2020-03-26 11:00:23 +01:00
zimbatm d37a0dca13
nixos: add gerrit module
Co-authored-by: edef <edef@edef.eu>
Co-authored-by: Florian Klink <flokli@flokli.de>
2020-03-26 09:28:42 +01:00
Michael Weiss 216a7e7a98
nixosTests.installer: Don't wait for the nixos-manual service
The nixos-manual service was removed in #83199 but we missed the check
in this test which prevents the "tested" job from succeeding [0][1].

[0]: https://hydra.nixos.org/build/115472896
[1]: https://hydra.nixos.org/build/115472896/nixlog/94/tail
2020-03-26 01:21:34 +01:00
Maximilian Bosch 702f645aa8
nixos/nextcloud: implement a safe upgrade-path between 19.09 and 20.03
It's impossible to move two major-versions forward when upgrading
Nextcloud. This is an issue when comming from 19.09 (using Nextcloud 16)
and trying to upgrade to 20.03 (using Nextcloud 18 by default).

This patch implements the measurements discussed in #82056 and #82353 to
improve the update process and to circumvent similar issues in the
future:

* `pkgs.nextcloud` has been removed in favor of versioned attributes
  (currently `pkgs.nextcloud17` and `pkgs.nextcloud18`). With that
  approach we can safely backport major-releases in the future to
  simplify those upgrade-paths and we can select one of the
  major-releases as default depending on the configuration (helpful to
  decide whether e.g. `pkgs.nextcloud17` or `pkgs.nextcloud18` should be
  used on 20.03 and `master` atm).

* If `system.stateVersion` is older than `20.03`, `nextcloud17` will be
  used (which is one major-release behind v16 from 19.09). When using a
  package older than the latest major-release available (currently v18),
  the evaluation will cause a warning which describes the issue and
  suggests next steps.

  To make those package-selections easier, a new option to define the
  package to be used for the service (namely
  `services.nextcloud.package`) was introduced.

* If `pkgs.nextcloud` exists (e.g. due to an overlay which was used to
  provide more recent Nextcloud versions on older NixOS-releases), an
  evaluation error will be thrown by default: this is to make sure that
  `services.nextcloud.package` doesn't use an older version by accident
  after checking the state-version. If `pkgs.nextcloud` is added
  manually, it needs to be declared explicitly in
  `services.nextcloud.package`.

* The `nixos/nextcloud`-documentation contains a
  "Maintainer information"-chapter  which describes how to roll out new
  Nextcloud releases and how to deal with old (and probably unsafe)
  versions.

Closes #82056
2020-03-25 22:07:29 +01:00
Emily d930466b77 nixos/initrd-ssh: switch from Dropbear to OpenSSH
Dropbear lags behind OpenSSH significantly in both support for modern
key formats like `ssh-ed25519`, let alone the recently-introduced
U2F/FIDO2-based `sk-ssh-ed25519@openssh.com` (as I found when I switched
my `authorizedKeys` over to it and promptly locked myself out of my
server's initrd SSH, breaking reboots), as well as security features
like multiprocess isolation. Using the same SSH daemon for stage-1 and
the main system ensures key formats will always remain compatible, as
well as more conveniently allowing the sharing of configuration and
host keys.

The main reason to use Dropbear over OpenSSH would be initrd space
concerns, but NixOS initrds are already large (17 MiB currently on my
server), and the size difference between the two isn't huge (the test's
initrd goes from 9.7 MiB to 12 MiB with this change). If the size is
still a problem, then it would be easy to shrink sshd down to a few
hundred kilobytes by using an initrd-specific build that uses musl and
disables things like Kerberos support.

This passes the test and works on my server, but more rigorous testing
and review from people who use initrd SSH would be appreciated!
2020-03-25 08:26:50 +00:00
Eelco Dolstra e51c7f60cb
nixos/release-small.nix: Export options job 2020-03-24 21:17:53 +01:00
Eelco Dolstra 4052f9b849
Compress optionsJSON using brotli 2020-03-24 16:42:04 +01:00
Eelco Dolstra 98481cfdfa
Merge pull request #83199 from edolstra/remove-manual-service
Remove manual service
2020-03-24 15:26:54 +01:00
Eelco Dolstra bd379be538
Remove unused 'rogue' service 2020-03-24 15:25:20 +01:00
Eelco Dolstra aebf9a4709
services/misc/nixos-manual.nix: Remove
Running the manual on a TTY is useless in the graphical ISOs and not
particularly useful in non-graphical ISOs (since you can also run
'nixos-help').

Fixes #83157.
2020-03-24 15:25:20 +01:00
Tor Hedin Brønner 038a8890a7
rl-2009: note gnome desktop upgrade 2020-03-24 07:11:17 +01:00
Jan Tojnar 30ef9b92fa
gnome3.vino: remove
It has been removed from g-s-d, only a tiny bit remain in g-c-c.
2020-03-24 07:11:14 +01:00
Tor Hedin Brønner 859c46c933
gnome3.gnome-flashback: 3.34.2 -> 3.36.0
* Removed the use of gnome-screensaver (https://gitlab.gnome.org/GNOME/gnome-flashback/issues/18)
* Flashback's menu-related environment variables are now set in the gnome3.nix module instead of gnome-panel to resolve dependency conflict.
2020-03-24 07:10:58 +01:00
Tor Hedin Brønner 7ec546bc25
nixos/gnome-keyring: add portals 2020-03-24 07:10:48 +01:00
Martin Milata fdc36e2c89 nixos/sympa: fix outgoing messaging
Because ProtectKernelModules implies NoNewPrivileges, postfix's sendmail
executable, which is setgid, wasn't able to send mail.
2020-03-24 02:35:39 +01:00
Martin Milata 8f632b404f sympa: build with --enable-fhs
Update module accordingly.
2020-03-24 02:32:22 +01:00
Jan Tojnar 986fbf4799
Merge branch 'staging-next' into staging 2020-03-24 01:51:55 +01:00
worldofpeace a82c39f178
Merge pull request #80066 from worldofpeace/mate-upstream
nixos/mate: use upstream session
2020-03-23 13:37:10 -04:00
Orivej Desh (NixOS) aa049c802b
Merge pull request #83042 from aanderse/mysql-fixup
nixos/mysql: fix service so it works with mysql80 package
2020-03-23 16:37:58 +00:00
Izorkin d508a2f366 nixos/netdata: fix permissions for perf.plugin 2020-03-23 12:24:49 +03:00
Izorkin a3c769fef6 nixos/netdata: fix permissions for slabinfo.plugin 2020-03-23 12:24:49 +03:00
Lancelot SIX 37ffa6ea51 nixos/griphite: Migrate to python3, drop graphite-pager 2020-03-22 22:47:53 -07:00
Orivej Desh 1b89aa3f7a Merge branch 'master' into staging 2020-03-23 00:53:16 +00:00
Aaron Andersen b69b7a12af
Merge pull request #78938 from aanderse/duo-activation-scripts
nixos/duosec: replace insecure skey option with secure secretKeyFile option
2020-03-22 20:46:42 -04:00
Aaron Andersen 6f0c1cdbd9 nixos/duosec: rename ikey option to integrationKey 2020-03-22 20:25:11 -04:00
Aaron Andersen b9dca769f1 nixos/duosec: replace insecure skey option with secure secretKeyFile option 2020-03-22 20:23:55 -04:00
Maximilian Bosch e65c411356
Merge pull request #83153 from ciil/fail2ban-warning
fail2ban: fix firewall warning
2020-03-23 00:42:36 +01:00
markuskowa 667df74501
Merge pull request #83131 from ck3d/fix-kodi-lirc
kodi: fix lirc support
2020-03-22 21:29:45 +01:00
Simon Lackerbauer 017dca51fa
fail2ban: fix firewall warning 2020-03-22 18:11:36 +01:00
markuskowa a9d7a1ee5b
Merge pull request #81277 from markuskowa/upd-rdma-core
nixos/rdma-core: 27.0 -> 28.0, update RXE module
2020-03-22 18:01:09 +01:00
Maximilian Bosch fc316f7b31
nixos/ssmtp: declare all option renames manually
While renaming `networking.defaultMailServer` directly to
`services.ssmtp` is shorter and probably clearer, it causes eval errors
due to the second rename (directDelivery -> enable) when using e.g. `lib.mkForce`.

For instance,

``` nix
{ lib, ... }: {
  networking.defaultMailServer = {
    hostName = "localhost";
    directDelivery = lib.mkForce true;
    domain = "example.org";
  };
}
```

would break with the following (rather confusing) error:

```
error: The option value `services.ssmtp.enable' in `/home/ma27/Projects/nixpkgs/nixos/modules/programs/ssmtp.nix' is not of type `boolean'.
(use '--show-trace' to show detailed location information)
```
2020-03-22 15:52:01 +01:00
Michael Raskin afd997aab6
Merge pull request #83000 from djahandarie/master
nixos/supplicant: Don't *stop* supplicant on machine resume. Fixes #51582
2020-03-22 12:36:33 +00:00
Christian Kögler 8f12a72488 kodi: fix lirc support
* adapted to the way kodi finds the lircd socket
* added lirc package to build support for lirc
2020-03-22 12:47:25 +01:00
Graham Christensen 28cb73749b
Merge pull request #82696 from bhipple/u/ami
nixos-ami: update nvme_core.io_timeout for linux kernel >= 4.15
2020-03-22 07:18:53 -04:00
Jörg Thalheim 2edf67b62f
Merge pull request #82801 from Izorkin/fail2ban
nixos/fail2ban: add warning if work fail2ban without firewall
2020-03-22 08:31:50 +00:00
Matthew Bauer b94300945a
Merge pull request #75940 from davidtwco/wooting-init
wooting: init wootility, wooting-udev-rules and module
2020-03-22 02:03:52 -04:00
Benjamin Hipple 129176452c nixos-ami: update nvme_core.io_timeout for linux kernel >= 4.15
NixOS 20.03 is built on kernel 5.4 and 19.09 is on 4.19, so we should update
this option to the highest value possible, per linked upstream instructions from
Amazon.
2020-03-22 00:35:56 -04:00
Matthew Bauer 9d8d66baf5
nixos/nixpkgs.nix: Allow just using config in system (#80818)
* nixos/nixpkgs.nix: Allow just using config in system

This assertion requires system to work properly. We might not have
this in cases where the user just sets config and wants Nixpkgs to
infer system from that. This adds a default for when this happens,
using doubleFromSystem.

* parens
2020-03-21 23:23:24 -04:00
Aaron Andersen 6c47902e01 nixos/mysql: test with mysql80 package 2020-03-21 15:47:38 -04:00
Aaron Andersen 4f9cea70bd nixos/duosec: fix indentation 2020-03-21 10:34:12 -04:00
Jörg Thalheim bfb747aacf
Merge pull request #82286 from yesbox/netdata_module_package_option
nixos/netdata: add module package option
2020-03-21 11:21:39 +00:00
Peter Hoeg 7f838b4dde display-manager: systemd-udev-settle serves no purpose 2020-03-21 11:15:42 +08:00
Peter Hoeg 8a31cf1459 zfs: document systemd-udev-settle dependency 2020-03-21 11:15:06 +08:00
Peter Hoeg 53a51f212a atd: systemd-udev-settle serves no purpose 2020-03-21 11:15:06 +08:00
bb010g 34dd64b0cc nixos/documentation: Allow specifying extraSources
Because there was absolutely no way of setting this without rewriting
parts of the module otherwise.
2020-03-20 19:05:32 -07:00
Aaron Andersen 3474b55614 nixos/mysql: fix service so it works with mysql80 package 2020-03-20 20:54:17 -04:00
volth 4d57e56b71
$toplevel/system: use kernel's architecture
`$toplevel/system` of a system closure with `x86_64` kernel and `i686` userland should contain "x86_64-linux".

If `$toplevel/system` contains "i686-linux", the closure will be run using `qemu-system-i386`, which is able to run `x86_64` kernel on most Intel CPU, but fails on AMD.

So this fix is for a rare case of `x86_64` kernel + `i686` userland + AMD CPU
2020-03-20 16:55:44 +00:00
Darius Jahandarie 5fa345922f nixos/supplicant: Don't *stop* supplicant on machine resume. Fixes #51582 2020-03-20 11:08:34 -04:00
Eelco Dolstra a0a61c3e34 nixos-option: Disable on Nix >= 2.4 because it doesn't compile
This is needed when using the overlay from the Nix flake.
2020-03-20 14:52:22 +01:00
Josef Kemetmüller bffc749210 nixosTests.fenics: Add basic test 2020-03-19 21:48:27 -07:00
Silvan Mosberger b962045c94
Merge pull request #82960 from Infinisil/fix-nixos-eval-pkgs
nixos: Fix pkgs exporting
2020-03-19 22:26:37 +01:00
Silvan Mosberger d28f138160
nixos: Fix pkgs exporting
This needs adjustment after dcdd232939
2020-03-19 21:19:25 +01:00
Jesper Geertsen Jonsson 02c2c864d1 resilio: fix a list being assigned to the option config.users.groups 2020-03-19 11:25:56 -05:00
Florian Klink d96bd3394b nixos/manual: fix build 2020-03-19 15:32:34 +01:00
Florian Klink 4e53f84c79 nixos/zerotierone: switch from manually generating the .link file to use the module
Previously, systemd.network.links was only respected with networkd
enabled, but it's really udev taking care of links, no matter if
networkd is enabled or not.

With our module fixed, there's no need to manually manage the text file
anymore.

This was originally applied in 3d1079a20d,
but was reverted due to 1115959a8d causing
evaluation errors on hydra.
2020-03-19 14:16:26 +01:00
Florian Klink 355c58e485 nixos/networkd: respect systemd.network.links also with disabled systemd-networkd
This mirrors the behaviour of systemd - It's udev that parses `.link`
files, not `systemd-networkd`.

This was originally applied in 36ef112a47,
but was reverted due to 1115959a8d causing
evaluation errors on hydra.
2020-03-19 14:15:32 +01:00
Izorkin c75398b10a nixos/fail2ban: disable work fail2ban without firewall 2020-03-18 09:54:19 +03:00
Martin Baillie 6e055c9f4a tailscale: init at 0.96-33
Signed-off-by: Martin Baillie <martin@baillie.email>
2020-03-18 05:07:47 +00:00
Niklas Hambüchen 9d45737ae7
Merge pull request #82767 from thefloweringash/rpfilter-assertion-types
nixos/firewall: fix types in reverse path assertion
2020-03-18 04:11:01 +01:00
Andrew Childs e110f5ecc1 nixos/firewall: fix types in reverse path assertion
Broken by 0f973e273c in #73533

The type of the checkReversePath option allows "strict" and "loose" as
well as boolean values.
2020-03-18 10:54:55 +09:00
Niklas Hambüchen 0908ec4952
Merge pull request #82665 from bhipple/doc/upower
doc: update 20.03 release notes regarding upower
2020-03-18 02:44:18 +01:00
Antoine Eiche 39621bb8de nixos/alertmanager: start after the network-online target
If the host network stack is slow to start, the alertmanager fails to
start with this error message:

    caller=main.go:256 msg="unable to initialize gossip mesh" err="create memberlist: Failed to get final advertise address: No private IP address found, and explicit IP not provided"

This bug can be reproduced by shutting down the network stack and
restarting the alertmanager.

Note I don't know why I didn't hit this issue with previous
alertmanager releases.
2020-03-17 22:18:20 +01:00
goibhniu 5241e5a193
Merge pull request #79851 from mmilata/supybot-enhancements
nixos/supybot: switch to python3, enable systemd sandboxing, add option for installing plugins
2020-03-17 19:07:41 +00:00
davidak c7e4c3b5a3 nixos/phpfpm: add example to socket 2020-03-17 15:34:43 +01:00
davidak dc434b0704 Doc: Fix typo 2020-03-17 13:26:55 +01:00
Benjamin Hipple 90c3fa478b doc: update 20.03 release notes regarding upower
UPower works just fine in 20.03, but only if the service is enabled.

Resolves #82529; see issue for details.
2020-03-16 20:08:35 -04:00
Léo Gaspard a0307bad46
Merge pull request #79120 from symphorien/iodine
Iodine: ipv6 support, updates, hardening, nixos test....
2020-03-16 23:42:12 +01:00
Matthew Bauer 67b0ddf3f3 Merge remote-tracking branch 'origin/staging' into mb-cross-fixes-march-2020 2020-03-16 14:34:03 -04:00
Danylo Hlynskyi fab05f17d1
Merge pull request #80114 from rnhmjoj/initrd
nixos/boot: add option to disable initrd
2020-03-16 20:04:24 +02:00
danbst a723672c20 doc/postgresql: apply xmlformat 2020-03-16 19:30:23 +02:00
danbst 759fd9b0b0 nixos/postgresql: add upgrade documentation 2020-03-16 19:30:23 +02:00
Maximilian Bosch a2e06fc342
Merge pull request #80447 from Ma27/bump-matrix-synapse
matrix-synapse: 1.9.1 -> 1.11.1
2020-03-16 10:55:38 +01:00
Maximilian Bosch 849e16888f
nixos/doc/matrix-synapse: refactor
* Linkify all service options used in the code-examples.
* Demonstrated the use of `riot-web.override {}`.
* Moved the example how to configure a postgresql-database for
  `matrix-synapse` to this document from the 20.03 release-notes.
2020-03-16 10:39:42 +01:00
Pierre Bourdon b8ef2285b5 nixos/stubby: set Type=notify on the systemd service
Fixes some dependency ordering problems at boot time with services that
require DNS. Without Type=notify these services might be started before
stubby was ready to accept DNS requests.
2020-03-16 10:10:45 +05:30
Maximilian Bosch 8be61f7a36
matrix-synapse: 1.9.1 -> 1.11.1
https://github.com/matrix-org/synapse/releases/tag/v1.10.0
https://github.com/matrix-org/synapse/releases/tag/v1.10.1
https://github.com/matrix-org/synapse/releases/tag/v1.11.0
https://github.com/matrix-org/synapse/releases/tag/v1.11.1
2020-03-15 17:09:51 +01:00
Silvan Mosberger 7c3f3e9c51
Merge pull request #72029 from lschuermann/tpm2-module
nixos/tpm2: init
2020-03-15 15:47:06 +01:00
Silvan Mosberger 779b7ff3d8
Merge pull request #80931 from LEXUGE/master
smartdns: init at 30
2020-03-15 15:36:05 +01:00
Leon Schuermann 156b879c2e nixos/tpm2: init
This commit adds udev rules, the userspace resource manager and
PKCS#11 module support.
2020-03-15 12:16:32 +01:00
Léo Gaspard 7566b4f924
Merge pull request #82614 from Ekleog/xfce4-remove-alias
xfce4-12: remove alias
2020-03-15 12:00:20 +01:00
volth 687aa06c70 nixos/scripted-networking: fix bridge setup when libvirtd uses socket activation 2020-03-15 11:29:14 +07:00
volth d8664c78b1 libvirt: 6.0.0 -> 6.1.0, fix module 2020-03-15 11:29:04 +07:00
adisbladis c00777042f
Merge pull request #82620 from aanderse/ssh-silent
nixos/ssh: silence ssh-keygen during configuration validation
2020-03-15 01:21:38 +00:00
Harry Ying 629d3bab18
nixos/smartdns: init first generation config 2020-03-15 08:53:20 +08:00
Aaron Andersen f383fa344e nixos/sshd: only include AuthorizedKeysCommand and AuthorizedKeysCommandUser options if explicitly set 2020-03-14 19:50:11 -04:00
Aaron Andersen f5951f520c nixos/ssh: silence ssh-keygen during configuration validation 2020-03-14 19:37:30 -04:00
Florian Klink 74f451b851
Merge pull request #82413 from aanderse/authorized-keys-command
nixos/sshd: add authorizedKeysCommand and authorizedKeysCommandUser options
2020-03-14 23:58:47 +01:00
Léo Gaspard 175f9ef4f8 xfce4-12: remove alias 2020-03-14 22:05:50 +01:00
zimbatm 001be890f7 folding@home: 6.02 -> 7.5.1
The v7 series is very different.

This commit introduces the 3 packages: fahclient, fahcontrol and
fahviewer. It also rebuilds the NixOS module to map better with the new
client.
2020-03-14 13:01:26 -07:00
Jörg Thalheim 4a8a014be4
Merge pull request #82468 from Mic92/kvmgt
nixos/kvmgt: udev rules + fix module initialisation
2020-03-14 07:17:28 +00:00
Andrew Childs 01f03f30db nixos/prometheus: add checkConfig
Workaround for https://github.com/prometheus/prometheus/issues/5222
2020-03-14 04:40:55 +00:00
Andrew Childs 2c121f4215 nixos/firewall: fix inverted assertion for reverse path filtering
Previously the assertion passed if the kernel had support OR the
filter was *enabled*. In the case of a kernel without support, the
`checkReversePath` option defaulted to false, and then failed the
assertion.
2020-03-14 04:32:07 +00:00
florianjacob 8b07500163
nixos/lib: use removePrefix in escapeSystemdPath 2020-03-14 03:13:04 +00:00
Joachim Fasting 1b575dbd79 nixos/firejail: use local runCommand
Also:

- use `runtimeShell`; and
- remove unused `makeWrapper` input; and
- `exec()` to shed wrapping shell
2020-03-14 03:09:48 +00:00
Mario Rodas ee599f376c
Merge pull request #71329 from tilpner/cadvisor-no-docker
nixos/cadvisor: don't enable docker
2020-03-13 20:35:46 -05:00
Vladimír Čunát 0729b8c55e
Revert Merge #82310: nixos/systemd: apply .link
...even when networkd is disabled

This reverts commit ce78f3ac70, reversing
changes made to dc34da0755.

I'm sorry; Hydra has been unable to evaluate, always returning
> error: unexpected EOF reading a line
and I've been unable to reproduce the problem locally.  Bisecting
pointed to this merge, but I still can't see what exactly was wrong.
2020-03-13 22:05:33 +01:00
Michele Guerini Rocco 7b15d6cee4
Merge pull request #81241 from thefloweringash/nesting-system
nixos/activation: propagate system to nested configurations
2020-03-13 09:58:10 +01:00
Jörg Thalheim 505d241ee3
nixos/kvmgt: add udev rules for unprivileged access 2020-03-13 07:04:26 +00:00
Jörg Thalheim 85aae79ca1
nixos/kvmgt: fix driver option
extraModprobeConfig could be applied too late i.e. if the driver has been
loaded in initrd, while the harddrive is still encrypted.
Using a kernelParams works in all cases however.
2020-03-13 07:03:45 +00:00
snicket2100 65abd808d5 firejail: system package on programs.firejail.enable
this way the man page etc. becomes available if we enable firejail with
`programs.firejail.enable = true`
2020-03-13 03:28:08 +00:00
Maximilian Bosch 7e978ca324
nixos/manual: fix build 2020-03-13 02:04:26 +01:00
Aaron Andersen dbe59eca84 nixos/sshd: add authorizedKeysCommand and authorizedKeysCommandUser options 2020-03-12 21:00:12 -04:00
Maximilian Bosch 6d14bac048
nixos/python-test-driver: allow single char as hostName and fix misleading error-message
In case of invalid chars, the error-message references "perl variables"
which is not the case here as the python-based framework is used.
2020-03-13 01:06:12 +01:00
Florian Klink ce78f3ac70
Merge pull request #82310 from flokli/systemd-network-link-no-networkd
nixos/systemd: apply .link even when networkd is disabled
2020-03-12 15:47:59 -07:00
Léo Gaspard 693d834c37
Merge pull request #76739 from symphorien/mail_plugins
nixos/dovecot: add an option to enable mail_plugins
2020-03-12 22:44:23 +01:00
Léo Gaspard 26b1ef1506
Merge pull request #80141 from symphorien/scrub
nixos/btrfs: make autoScrub not prevent shutdown or suspend
2020-03-12 22:39:34 +01:00
Markus Kowalewski 2c7f8d56dc
nixos/rxe: use iproute instead of rdma-core
The rdma-core packages dropped rxe_cfg in favour
of iproute's rdma utility (see https://github.com/linux-rdma/rdma-core/pull/678/files)
2020-03-12 22:32:44 +01:00
adisbladis f3adcbd150
Merge pull request #82411 from adisbladis/ntpd-extraconfig
services.ntpd: Add extraConfig parameter
2020-03-12 16:37:25 +00:00
Silvan Mosberger 8f2109cda4
Merge pull request #81945 from Infinisil/hostFiles
Introduce `networking.hostFiles` option
2020-03-12 15:56:30 +01:00
adisbladis 63c35a9c28
services.ntpd: Add extraConfig parameter 2020-03-12 14:44:59 +00:00
Léo Gaspard 06bdfc5e32
Merge pull request #82185 from matt-snider/master
ankisyncd, nixos/ankisyncd: init at 2.1.0
2020-03-12 11:47:42 +01:00
lewo cbb21b2a8a
Merge pull request #81214 from buckley310/updateDelay
NixOS/auto-upgrade: Add optional randomized delay
2020-03-12 09:06:32 +01:00
Florian Klink 2220060133
Merge pull request #82148 from devhell/tests_signal-desktop
tests: Fix signal-desktop
2020-03-11 17:52:48 -07:00
Graham Christensen 10f625b3d2
Merge pull request #81402 from mmilata/firejail-example
nixos/firejail: add example for wrappedBinaries
2020-03-11 20:28:35 -04:00
Jörg Thalheim 154f9e1bd9
Merge pull request #82340 from nyanloutre/vsftpd_pam_fix
nixos/vsftpd: fix missing default pam_service_name
2020-03-11 22:29:43 +00:00
Jörg Thalheim 9aa23e31b3
Merge pull request #80904 from talyz/haproxy-fixes
nixos/haproxy: Revive the haproxy user and group
2020-03-11 22:23:13 +00:00
Maximilian Bosch b7cdb64ac2
treewide: remove myself from a few packages I don't use anymore 2020-03-11 22:29:30 +01:00
nyanloutre 7ab00c48d8
nixos/vsftpd: fix missing default pam_service_name
9458ec4 removed the ftp pam service which was used by default by vsftpd
2020-03-11 21:15:47 +01:00
Elis Hirwing a04010b64a
php: 7.3.15 -> 7.4.3 2020-03-11 20:20:22 +01:00
talyz bb7ad853fb nixos/haproxy: Revive the haproxy user and group
Running haproxy with "DynamicUser = true" doesn't really work, since
it prohibits specifying a TLS certificate bundle with limited
permissions. This revives the haproxy user and group, but makes them
dynamically allocated by NixOS, rather than statically allocated. It
also adds options to specify which user and group haproxy runs as.
2020-03-11 19:52:37 +01:00
Silvan Mosberger fc2b132c94
Merge pull request #82326 from mmilata/rename-fix-module-path
nixos: fix module paths in rename.nix
2020-03-11 19:35:40 +01:00
Martin Milata d08ede042b nixos: fix module paths in rename.nix 2020-03-11 15:59:22 +01:00
Florian Klink 3d1079a20d nixos/zerotierone: switch from manually generating the .link file to use the module
Previously, systemd.network.links was only respected with networkd
enabled, but it's really udev taking care of links, no matter if
networkd is enabled or not.

With our module fixed, there's no need to manually manage the text file
anymore.
2020-03-11 10:21:37 +01:00
Florian Klink 36ef112a47 nixos/networkd: respect systemd.network.links also with disabled systemd-networkd
This mirrors the behaviour of systemd - It's udev that parses `.link`
files, not `systemd-networkd`.
2020-03-11 10:21:37 +01:00
Félix Baylac-Jacqué 1115959a8d tests/networking: remove pkgs.lib usages. 2020-03-11 10:21:37 +01:00
Edward Tjörnhammar b155a62dad nixos/lightdm-tiny-greeter: init module 2020-03-11 08:12:35 +00:00
Sarah Brofeldt 9093928444
Merge pull request #81941 from volth/patch-390
tests/kubernetes: remove unreferenced variable and import from inexisting file
2020-03-11 07:45:33 +01:00
Jan Tojnar 6bba9428d9
Merge pull request #81431 from jtojnar/malcontent-0.6
malcontent: 0.4.0 → 0.6.0
2020-03-11 04:08:59 +01:00
Jan Tojnar 31dd8332bc
nixos/malcontent: init 2020-03-10 23:30:20 +01:00
Jesper Geertsen Jonsson b42babd160 nixos/netdata: add module package option 2020-03-10 23:06:01 +01:00
Matt Snider acba458b7e nixos/ankisyncd: init at 2.1.0 2020-03-10 22:45:33 +01:00
Aaron Andersen 641b94bdd0 nixos/mysql: add settings and configFile options 2020-03-10 15:15:11 -04:00
Linus Heckemann dfc70d37f4
Merge pull request #82252 from mayflower/radius-http2
FreeRADIUS improvements
2020-03-10 16:01:46 +01:00
Linus Heckemann 065716ab95 nixos/freeradius: depend on network.target, not online 2020-03-10 15:54:29 +01:00
Linus Heckemann 0587329191 freeradius: make debug logging optional 2020-03-10 15:54:02 +01:00
adisbladis 6fcce60fd5
Merge pull request #82139 from adisbladis/switch-to-configuration-manual
switch-to-configuration: Add new option X-OnlyManualStart
2020-03-10 11:17:33 +00:00
Martin Milata 1affd47cc1 nixos/supybot: python3 switch, add plugin options
Python2 seems to be no longer supported by limnoria upstream.
2020-03-09 23:32:54 +01:00
Martin Milata 57f5fb62d4 nixos/supybot: enable systemd sandboxing options 2020-03-09 23:32:54 +01:00
Martin Milata b150e08169 nixos/supybot: stateDir in /var/lib, use tmpfiles
Moving the stateDir is needed in order to use ProtectSystem=strict
systemd option.
2020-03-09 23:29:04 +01:00
devhell 534f1337c1 tests: Fix signal-desktop
This test fails due to OOM on the VM. Setting the memory of the VM to
1024 lets the test succeed.

Cc: @flokli
2020-03-09 13:13:51 +00:00
adisbladis db6c94304f
switch-to-configuration: Add new option X-OnlyManualStart
This is to facilitate units that should _only_ be manually started and
not activated when a configuration is switched to.

More specifically this is to be used by the new Nixops deploy-*
targets created in https://github.com/NixOS/nixops/pull/1245 that are
triggered by Nixops before/after switch-to-configuration is called.
2020-03-09 11:28:07 +00:00