1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-25 15:11:35 +00:00
Commit graph

13948 commits

Author SHA1 Message Date
WilliButz ecd4d03dfe
grafana-loki: fix typo in service config 2019-08-17 12:08:51 +02:00
Frederik Rietdijk c68f58d95c Merge master into staging-next 2019-08-17 09:30:16 +02:00
Samuel Dionne-Riel b750ebf1b3
Merge pull request #60422 from kwohlfahrt/device-tree
nixos/hardware.deviceTree: new module
2019-08-16 13:26:48 -04:00
Marek Mahut 20ea4b6dd3 tests: adding trezord 2019-08-16 17:05:13 +02:00
Marek Mahut 5712bea91b trezord: adding emultor support 2019-08-16 16:58:48 +02:00
Edmund Wu aa251bbc3e
systemd-networkd: link: Name -> OriginalName 2019-08-15 21:58:24 -04:00
Aaron Andersen efbdce2e96 nixos/mantisbt: drop unmaintained module 2019-08-15 21:01:23 -04:00
Aaron Andersen 265163da07 nixos/systemhealth: drop unmaintained module 2019-08-15 21:01:23 -04:00
Aaron Andersen 1dcf51f8eb nixos/tests/subversion: drop unreferenced/unmaintained test 2019-08-15 21:00:27 -04:00
Aaron Andersen d1129a5688 nixos/tests/php-pcre: replace usage of deprecated services.httpd.extraSubservices 2019-08-15 21:00:27 -04:00
Aaron Andersen ac4327c025 nixos/awstats: replace usage of deprecated services.httpd.extraSubservices 2019-08-15 21:00:27 -04:00
Joachim Fasting 4ead3d2ec3
Revert "nixos/hardened: use graphene-hardened malloc by default"
This reverts commit 48ff4f1197.

Causes too much breakage to be enabled by default [1][2].

[1]: https://github.com/NixOS/nixpkgs/issues/61489
[2]: https://github.com/NixOS/nixpkgs/issues/65000
2019-08-15 18:49:57 +02:00
Joachim Fasting da0b67c946
nixos-hardened: disable unprivileged userfaultfd syscalls
New in 5.2 [1]

[1]: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cefdca0a86be517bc390fc4541e3674b8e7803b0
2019-08-15 18:43:34 +02:00
Joachim Fasting 4b21d1ac8c
nixos-hardened: enable page alloc randomization 2019-08-15 18:43:32 +02:00
Marek Mahut 08749c4860
Merge pull request #66588 from lschuermann/nixos-enter-silent
nixos-enter: add --silent to suppress activation script output
2019-08-15 10:22:27 +02:00
Peter Hoeg 503ca1f40c nixos aws: use in-kernel ixgbevf driver (#58956) 2019-08-15 02:58:22 +03:00
aszlig dc525e8b12
Merge pull request #66648 (improve xkbvalidate)
This allows xkbvalidate to be compiled via Clang and also has a few
other portability improvements, eg. it now can even be compiled on OS X,
even though it's probably not needed there.

In addition, I changed the binary name so that it matches the package
name.

I'm merging this in right now, because there is only the xserver NixOS
module where this is used, so the risk of a catastrophic breakage is
very low.

Checks and build done by ofborg also ran successfully and I also did a
few local tests (eg. running via valgrind to avoid leaks) to make sure
it's still working properly.
2019-08-15 01:32:09 +02:00
aszlig 16ecd0d5ca
xkbvalidate: Rename output binary to xkbvalidate
So far, the output binary has been just "validate", which is quite a
very generic name and doesn't match the package name.

Even though I highly doubt that this program will ever be used outside
of NixOS modules, it's nevertheless less confusing to have a consistent
naming.

Signed-off-by: aszlig <aszlig@nix.build>
2019-08-15 01:11:32 +02:00
worldofpeace bc0072305b
Merge pull request #66638 from worldofpeace/favorite-apps-gnome3
nixos/gnome3: set favorite-apps
2019-08-14 17:12:48 -04:00
worldofpeace 83c0b5f06f nixos/gnome3: set favorite-apps
The upstream defaults [0] for this key include shotwell and
rhythmbox which aren't installed by the gnome3 module.
We swap these out for gnome-photos and gnome-music
which are.

[0]: https://gitlab.gnome.org/GNOME/gnome-shell/blob/3.32.2/data/org.gnome.shell.gschema.xml.in#L42
2019-08-14 16:55:45 -04:00
Matthew Bauer e9b7085ff8 cups: add myself as maintainer 2019-08-14 11:47:48 -04:00
Matthew Bauer 01cd4663d6 tests/printing: don’t wait for unit services
These are now socket activated, we don’t need it to start up front.
2019-08-14 11:47:48 -04:00
Matthew Bauer 011b12c3ca nixos: Add release notes for CUPS changes 2019-08-14 11:47:48 -04:00
Matthew Bauer c068488817 nixos/cupsd: use socket-based activation by default
Make socket-based activation the
default (services.printing.startWhenNeeded)
2019-08-14 11:47:12 -04:00
Matthew Bauer 28040465be nixos/cupsd: include /run/cups/cups.sock in ListenStreams
This socket should always be created by systemd.
2019-08-14 11:47:12 -04:00
Matthew Bauer 35e633bde5 nixos/cupsd: only enable cups when startWhenNeeded = false
cups-browsed was pulling in cups.service even when we were using the
socket-based initialization.
2019-08-14 11:47:12 -04:00
Matthew Bauer 04ea093eb6 nixos/cupsd: Set CUPS_DATADIR globally
This is used by some programs that need CUPS data files. For instance,
print-manager looks here for printing test pages.
2019-08-14 11:47:12 -04:00
worldofpeace dd49cf711e
Merge pull request #66338 from worldofpeace/installer/no-root
installer: Don't run as root
2019-08-14 11:20:54 -04:00
Matthew Bauer 3411c1566a
Merge pull request #66480 from primeos/nixos-fuse
nixos/fuse: init
2019-08-14 10:16:02 -04:00
Ben Gamari d7d873b8cb nixos/gitlab: Delete stale hooks directories with -R
These can be directories.
2019-08-14 15:29:50 +02:00
Frederik Rietdijk 8d56f2472e Merge master into staging-next 2019-08-14 13:45:54 +02:00
WilliButz ddf15d321f
Merge pull request #66612 from fadenb/oxidized_permission_issue
nixos/oxidized: Use symlinks for config files
2019-08-14 11:56:34 +02:00
Tristan Helmich (omniIT) 02dfc07a04 nixos/oxidized: Use symlinks for config files
The old `cp` suffers from a permission issue on the 2nd start of the
service. The files were copied from the read-only nix store. On the 2nd
start of the service the `cp` failed.
The new version force creates a symlink which does not suffer from this.
2019-08-14 09:30:51 +00:00
Tim Digel 5bbde1e1ca nixos/riemann-tools: Add ExtraArgs Config Option
Added option "extraArgs" to forward any switches to riemann-tools.
2019-08-14 08:26:13 +02:00
worldofpeace d66f89022f
Merge pull request #66593 from aaronjanse/crashdump-poll-fix
fix crashDump overheating
2019-08-13 19:11:26 -04:00
Aaron Janse 011fa89b92 nixos/modules/misc/crashdump: remove idle=poll (fix #66464)
Previously, "idle=poll" would severely overheat some CPUs
2019-08-13 16:08:22 -07:00
Aaron Andersen 9af06755f3 nixos/zabbixProxy: fix database initialization logic 2019-08-13 18:50:28 -04:00
Leon Schuermann 415993d6b7 nixos-enter: silent activation script option
Also, fix a few shellcheck errors.
2019-08-13 23:48:58 +02:00
Matthew Bauer 329e097828
Merge pull request #66425 from Gerschtli/fix/path-order
environment.profiles: fix order of profiles and PATH
2019-08-13 15:06:09 -04:00
Marek Mahut cb8f4b0552
Merge pull request #65439 from aanderse/httpd-extra-modules
nixos/httpd: remove duplicate module entries from httpd.conf
2019-08-13 18:51:15 +02:00
Aaron Andersen 6f6468bef3
Merge pull request #65728 from Infinisil/types-eithers
lib/types: Add oneOf, extension of either to a list of types
2019-08-13 11:48:42 -04:00
Peter Hoeg 16bd66818a
Merge pull request #63716 from peterhoeg/f/mosquitto
nixos/mosquitto: make the tests run
2019-08-13 22:45:38 +08:00
WilliButz 7a29431da9
Merge pull request #66561 from Ma27/document-user-services-on-rebuild
nixos/doc: document that services defined with `systemd.users` aren't restarted by nixos-rebuild
2019-08-13 16:43:40 +02:00
Maximilian Bosch 551230b7f6
nixos/doc: document that services defined with systemd.users aren't restarted by nixos-rebuild 2019-08-13 16:26:09 +02:00
WilliButz bab5455d80
Merge pull request #62914 from Ma27/improve-nixos-rebuild-manpage
doc/nixos-rebuild(8): add Nix options to summary
2019-08-13 15:54:51 +02:00
Domen Kožar 0047672d58
Merge pull request #66436 from domenkozar/nixos-options-doc-nix
make-options-doc: expose Nix set and add asciidoc variant
2019-08-13 12:20:18 +02:00
Marek Mahut 4754ca7d2e
Merge pull request #62936 from dasJ/sandbox-memcached
nixos/memcached: Isolate the service
2019-08-13 08:56:34 +02:00
Marek Mahut c78fead206
Merge pull request #63735 from Ekleog/drop-old-kernels
manual: remind to drop kernels that will get EOL'd
2019-08-12 23:31:00 +02:00
Jeff Slight 2ee14c34ed
nixos/gitlab: properly clear out initializers 2019-08-12 12:50:02 -07:00
worldofpeace 397c7d26fc installer: Don't run as root
There's many reason why it is and is going to
continue to be difficult to do this:

1. All display-managers (excluding slim) default PAM rules
   disallow root auto login.

2. We can't use wayland

3. We have to use system-wide pulseaudio

4. It could break applications in the session.
   This happened to dolphin in plasma5
   in the past.

This is a growing technical debt, let's just use
passwordless sudo.
2019-08-12 14:45:27 -04:00
Franz Pletz f3160a2db6
Merge pull request #66476 from WilliButz/fix-prometheus-alertmanager-option
nixos/prometheus2: replace alertmanagerURL with new alertmanagers option
2019-08-12 17:59:27 +00:00
Maximilian Bosch f0d6955052
Merge pull request #66470 from WilliButz/update-blackbox-exporter
prometheus-blackbox-exporter: 0.12.0 -> 0.14.0, run tests and check config
2019-08-12 19:38:43 +02:00
Silvan Mosberger a7c7bb156f
clight: init (#64309)
clight: init
2019-08-12 18:18:05 +02:00
Graham Christensen 5d807f80c7
Merge pull request #63864 from cransom/datadog-agent-integrations-fix
datadog-agent: fix extraIntegrations
2019-08-12 12:15:48 -04:00
Edmund Wu 7c8ea897be
clight: include module 2019-08-12 11:56:47 -04:00
Edmund Wu c4de0bf492
timezone.nix -> locale.nix
Also includes geolocation information abstracted from redshift.nix
2019-08-12 11:56:40 -04:00
Michael Weiss 62f7711e29
Fix the indentation
Co-Authored-By: Alexey Shmalko <rasen.dubi@gmail.com>
2019-08-12 13:37:15 +02:00
Domen Kožar dcd50c0ea0
pkgs.lib -> lib 2019-08-12 11:46:53 +02:00
WilliButz c28ded36ef
nixos/prometheus-blackbox-exporter: add config check 2019-08-12 10:53:00 +02:00
WilliButz a8847c870a
nixos/rename: add prometheus2 change 2019-08-12 10:42:29 +02:00
WilliButz 543f219b30
nixos/prometheus: replace 'alertmanagerURL' options for prometheus2
Prometheus2 does no longer support the command-line flag to specify
an alertmanager. Instead it now supports both service discovery and
configuration of alertmanagers in the alerting config section.

Simply mapping the previous option to an entry in the new alertmanagers
section is not enough to allow for complete configurations of an
alertmanager.

Therefore the option alertmanagerURL is no longer used and instead
a full alertmanager configuration is expected.
2019-08-12 10:42:28 +02:00
worldofpeace e9e165fa23
Merge pull request #66449 from delroth/no-ibus-qt
nixos/ibus: do not default-install ibus-qt
2019-08-11 22:41:02 -04:00
Lassulus 612871e2ec
Merge pull request #66375 from emmanuelrosa/syncthing-1.2.1
syncthing: 1.1.4 -> 1.2.1
2019-08-12 00:22:25 +02:00
worldofpeace bddce34e49
Merge pull request #66478 from aanderse/nylas-mail
nylas-mail-bin: drop package which is no longer supported upstream
2019-08-11 17:52:26 -04:00
Aaron Andersen 26f128c1af nylas-mail-bin: drop package which is no longer supported upstream 2019-08-11 17:44:05 -04:00
Danylo Hlynskyi 329fa4b01e
Merge pull request #66401 from eadwu/postgresql/fix-quoted-query
nixos/postgresql: fix quoted queries
2019-08-11 22:46:50 +03:00
Notkea 4ff9a48398 nixos/postgresql-wal-receiver: add module (#63799) 2019-08-11 20:09:42 +03:00
Michael Weiss 2473d902e6
nixos/fuse: init
Add a module for /etc/fuse.conf.
Fixes #30923.
2019-08-11 16:13:23 +02:00
Jean Potier 9847967594
Fix typo in assert in grafana module
Current assert prevents using secretKeyFile entirely
2019-08-11 13:21:26 +03:00
Emmanuel Rosa d80670bdc2 syncthing: 1.1.4 -> 1.2.1
syncthing-gtk: add missing runtime dependencies

NixOS: fix syncthing-init NixOS test
2019-08-11 08:35:04 +07:00
Domen Kožar 6cf861c617
make-options-doc: add asciidoc variant 2019-08-10 20:11:04 +02:00
Silvan Mosberger ca3820dd00
nixos/misc: Fix nixpkgs.config merge function
Previously nested attrsets would override each other
2019-08-10 20:03:11 +02:00
Pierre Bourdon 67d1cf4707
nixos/ibus: do not default-install ibus-qt
ibus-qt has not seen a release in 5 years and is only relevant for Qt
4.x, which is becoming more and more rare. Using my current laptop as a
data point, ibus-qt is the only dependency left that drags in qt-4.8.7.
2019-08-10 19:37:12 +02:00
worldofpeace 2eaef474f2
Merge pull request #66236 from worldofpeace/test-reorganize
Reorganize GNOME tests, re-enable LightDM for release-combined
2019-08-10 11:23:57 -04:00
worldofpeace 1ce7ece4b2
Merge pull request #66398 from worldofpeace/gnome3-option-renames
Move certain GNOME3 options to programs
2019-08-10 11:17:47 -04:00
worldofpeace 0722e88665 nixos/gpaste: don't set sessionPath
Not needed since f63d94eba3
2019-08-10 11:17:18 -04:00
worldofpeace be3fe4a869 nixos/gpaste: move to programs 2019-08-10 11:17:18 -04:00
Domen Kožar 3a93fcfd1e
make-options-doc: expose Nix set 2019-08-10 14:24:11 +02:00
Domen Kožar 5ce8864c54
Merge pull request #66328 from domenkozar/nixos-options-doc
Extract NixOS options documentation generation to a function
2019-08-10 14:07:19 +02:00
Tobias Happ 33c834f2fb environment.profiles: fix order of profiles
This change is needed because the order of profiles correlate to the
order in PATH, therefore "/etc/profiles/per-user/$USER" always appeared
after the system packages directories.
2019-08-10 10:28:12 +02:00
Alex Guzman 9fec6dfa39 roon-server: add back state directory 2019-08-09 22:21:46 -07:00
Silvan Mosberger ce82d0b61a
Couchdb: Don't chown /var/log to couchdb (#65347)
Couchdb: Don't chown /var/log to couchdb
2019-08-10 01:36:15 +02:00
Alex Guzman d830ae9af3 [roon-server] Use non-deprecated string type 2019-08-09 13:02:46 -07:00
Edmund Wu 18d176dc20
nixos/postgresql: fix quoted queries 2019-08-09 15:11:24 -04:00
Matthew Bauer ddf38a8241
Merge pull request #65002 from matthewbauer/binfmt-wasm
Add binfmt interpreter for wasm
2019-08-09 14:04:21 -04:00
Matthieu Coudron 2da1ad60a8 boot.kernelPackages: check for conflicts
It's currently possible to set conflicting `boot.kernelPackages` several times
which can prove confusing.
This is an attempt to warn for this.
2019-08-10 02:27:52 +09:00
worldofpeace f12f2bb828 nixos/gnome-documents: move to programs 2019-08-09 12:56:11 -04:00
worldofpeace 6c525b1076 nixos/gnome-disks: move to programs 2019-08-09 12:56:11 -04:00
worldofpeace ff0e3aae35 nixos/file-roller: move to programs 2019-08-09 12:56:11 -04:00
worldofpeace db69d2dfe7 nixos/evince: move to programs 2019-08-09 12:56:11 -04:00
Silvan Mosberger 013d403f30
nixos/dwm-status: add module (#51319)
nixos/dwm-status: add module
2019-08-09 15:39:50 +02:00
Bas van Dijk fae25242e9
Merge pull request #66327 from basvandijk/parameterizable-nixos-generate-config
nixos-generate-config: enable overriding configuration.nix
2019-08-09 14:39:34 +02:00
Frederik Rietdijk 9bd78cb048 Merge master into staging-next 2019-08-09 14:00:27 +02:00
Marek Mahut f14628e576
Merge pull request #66341 from Ma27/bump-prometheus-wireguard-exporter
prometheus-wireguard-exporter: 3.0.0 -> 3.0.1
2019-08-09 13:12:06 +02:00
Periklis Tsirakidis 95dec03601 [throttled] Enable custom config 2019-08-09 09:22:38 +02:00
Silvan Mosberger 88bb9fa403
nixos/modules: Replace all nested types.either's with types.oneOf's 2019-08-08 23:35:52 +02:00
Maximilian Bosch 41b9c5f1da
nixos/prometheus-wireguard-exporter: add support for -r switch
With this switch activated, the exporter also exposes the remote IP of
each active WireGuard peer.
2019-08-08 21:54:49 +02:00
Bas van Dijk 810388afd2 nixos-generate-config: enable overriding configuration.nix 2019-08-08 17:00:10 +02:00
Domen Kožar 5cfd034af0
Extract NixOS options documentation generation to a function
Motivation is to support other repositories containing nixos
modules that would like to generate options documentation:

- nix-darwin
- private repos
- arion
- ??
2019-08-08 16:18:09 +02:00
Alex Guzman 9f9b458ce3 [roon-server] don't create user if user changes defaults
If the user changes the user for roon, we can assume they handled the setup for it
2019-08-07 13:23:36 -07:00
Alex Guzman 6572b5e4a1 [roon-server] make roon user a system user 2019-08-07 13:12:57 -07:00
worldofpeace 45643baf22 nixosTests.pantheon: enable for all platforms 2019-08-07 15:55:39 -04:00
worldofpeace 63a1787ed5 nixosTests.gnome{xorg}: re-enable on aarch64 2019-08-07 15:53:26 -04:00
Alex Guzman f160233793 roon-server: let nix assign ids 2019-08-07 12:34:52 -07:00
Alex Guzman 62d242d1cd roon-server: Add actual user piping
Adds defined IDs
2019-08-07 12:27:52 -07:00
Alex Guzman 8becc897ea roon-server: disable DynamicUser
DynamicUser currently breaks the backup functionality provided by roon,
as the roon server cannot write to non-canonical directories and the
recycled UIDs/GIDs would make managing permissions for the directory
impossible. On top of that, it would break the ability to manage the
local music library files (as it would not be able to delete them).
2019-08-07 11:57:42 -07:00
Thomas Tuegel 38f3c6afa1
Merge pull request #66226 from xvello/xvello/bluez-qt
Add bluez-qt as an explicit dependency of plasma5
2019-08-07 08:46:02 -05:00
Kai Wohlfahrt 28cf80acf8 nixos/hardware.deviceTree: Move things around
In response to comments, create a sub-folder for deviceTree packages
(starting with rpi), and a top-level package for helpers.
2019-08-07 13:51:22 +01:00
Kai Wohlfahrt dd0a951279 nixos/hardware.deviceTree: new module
Add support for custom device-tree files, and applying overlays to them.
This is useful for supporting non-discoverable hardware, such as sensors
attached to GPIO pins on a Raspberry Pi.
2019-08-07 13:51:22 +01:00
vdot0x23 386f9739b5
nixos/stubby: Clearer wording for upstreamServers
Indicate that upstreamServers actually replaces defaults instead of adding to default.
2019-08-07 12:23:20 +00:00
Danylo Hlynskyi 0730e81785
postgresql: running initdb from command line now works (#65309)
The issue was only with NixOS service, `postgresql` installed through
`nix-env` was not affected.

Fixes https://github.com/NixOS/nixpkgs/issues/23655
2019-08-07 14:17:36 +03:00
Nikola Knezevic d0ef94258d Make hostname in tests overridable
The original form effectively forbade any NixOS configuration that is under
test to explicitly set the hostname.
2019-08-07 10:31:13 +02:00
worldofpeace 6f86c002dd nixosTests.lightdm: add me to maintainers 2019-08-06 20:51:44 -04:00
worldofpeace 9d0996ff11 nixosTests.gnome3{xorg}: add gnome3 maintainers 2019-08-06 20:51:44 -04:00
worldofpeace feb4b30074 nixos/release-combined: re-enable lightdm test
This has been tested in the Pantheon test
for a year now and it does fine on hydra.
2019-08-06 20:51:44 -04:00
worldofpeace 71d42da8f5 nixos/release-combined: add gnome3 test for wayland
We should be ensuring that this session functions
as well because it's default.
2019-08-06 20:51:44 -04:00
worldofpeace 5efe51ccc2 nixosTests.gnome3: rename from gnome3-gdm
The actual only difference from the gnome3-xorg
test is that this tests the wayland session.
It's also more accurate to call it just "gnome3"
since wayland is default here.
2019-08-06 20:51:44 -04:00
worldofpeace 087c640e1a nixosTests.gnome3-xorg: rename from gnome3 2019-08-06 19:13:35 -04:00
worldofpeace a4c6a7b336
Merge pull request #63790 from chpatrick/gdm-autosuspend-option
nixos/gdm: add autoSuspend option
2019-08-06 18:09:20 -04:00
Patrick Chilton 7c854aa974 nixos/gdm: add autoSuspend option 2019-08-06 18:08:21 -04:00
Xavier Vello e383d99244 Add bluez-qt as an explicit dependency of plasma5
When bluetooth is enabled, we install bluedevil, but
its applet cannot work without the qml components in
bluez-qt.

Superseedes #65440 that failed to address the issue.
2019-08-06 21:53:30 +02:00
Franz Pletz 666b291d19
Merge pull request #66073 from WilliButz/fix-unifi
nixos/unifi: create data directory with correct permissions
2019-08-06 16:34:30 +00:00
Silvan Mosberger 9a44f44d4c
lib/types: Add oneOf, extension of either to a list of types 2019-08-06 14:08:42 +02:00
Andreas Rammhold 955480e6bf
Merge pull request #65950 from aanderse/mysql-update
mysql57: 5.7.25 -> 5.7.27
2019-08-06 08:15:50 +00:00
worldofpeace 7a53b1cbe7
Merge pull request #65860 from etu/surf-display-kiosk-session
Surf display kiosk session
2019-08-05 14:41:56 -04:00
Elis Hirwing 792da0c4d4
nixos/surf-display: Add kiosk display manager session 2019-08-05 17:50:06 +02:00
WilliButz d6a4902662
nixos/unifi: create data directory with correct permissions 2019-08-05 15:09:16 +02:00
danbst 29ba0a0adf add release notes 2019-08-05 14:34:51 +03:00
Danylo Hlynskyi 7585496eff
Merge branch 'master' into flip-map-foreach 2019-08-05 14:09:28 +03:00
danbst 0f8596ab3f mass replace "flip map -> forEach"
See `forEach`-introduction commit.
```
rg 'flip map ' --files-with-matches | xargs sed -i 's/flip map /forEach /g'
```
2019-08-05 14:03:38 +03:00
danbst 91bb646e98 Revert "mass replace "flip map -> foreach""
This reverts commit 3b0534310c.
2019-08-05 14:01:45 +03:00
worldofpeace d745487c1e nixos/pantheon: use filechooser module
Setting GTK_CSD=1 works around the issue
we were having with this [0]

[0]: https://github.com/elementary/files/issues/971
2019-08-05 05:43:48 -04:00
worldofpeace 399ff42d73 nixos/pantheon: set GTK_CSD
Causes various issues when not set
* https://github.com/elementary/files/issues/971
* https://github.com/elementary/default-settings/pull/103
* https://github.com/cassidyjames/ideogram/issues/26

However this can cause certain problems in gala
* https://github.com/elementary/gala/issues/244
2019-08-05 05:42:35 -04:00
David Anderson 089da1c14d nixos/sshguard: create ipsets before starting, and clean up after stopping.
The fix for #62874 introduced a race condition on startup: the postStart
commands that configure the firewall run concurrently with sshguard's
creation of the ipsets that the rules depend on. Unfortunately iptables
fails hard when referencing an ipset that doesn't exist, so this causes
non-deterministic crashlooping until sshguard wins the race.

This change fixes that race condition by always creating the ipset and
reconfiguring the firewall before starting sshguard, so that the order
of operations is always deterministic.

This change also cleans up the ipsets on sshguard shutdown, so that
removing sshguard from a running system doesn't leave state behind.

Fixes #65985.
2019-08-04 16:23:22 -07:00
Aaron Andersen f1faec8249 nixos/mysql: test the mysql package, not just mariadb 2019-08-04 10:41:55 -04:00
bake 9e2a710117 nixos/gitolite: dataDir group-readable 2019-08-04 18:47:02 +09:00
Frederik Rietdijk 27e030a1cc
Merge pull request #62812 from Tomahna/bloop
bloop: 1.2.5 -> 1.3.2
2019-08-04 10:07:16 +02:00
Jörg Thalheim d02ead41f8
Merge pull request #65407 from alunduil/add-zfs-replication
Add zfs replication
2019-08-03 09:14:08 +01:00
Sarah Brofeldt bf4cddf13b
Merge pull request #65616 from JohnAZoidberg/cassandra-jmxport-test
nixos/tests/cassandra: Test jmxPort
2019-08-03 08:40:17 +02:00
Frederik Rietdijk 7560e2d64f
Merge pull request #65376 from abbradar/mdadm-upstream
Use upstream units for mdadm
2019-08-03 08:06:07 +02:00
Frederik Rietdijk d20a59d2e5 Merge master into staging-next 2019-08-02 23:27:18 +02:00
WilliButz 370370aa2c
nixos/release-notes: add note about prometheus-exporters 2019-08-02 18:50:02 +02:00
WilliButz 1ce989cce6
nixos/prometheus-exporters: update documentation 2019-08-02 18:50:01 +02:00
WilliButz 29d765e250
nixos/prometheus-wireguard-exporter: use ExecStart instead of script 2019-08-02 18:50:01 +02:00
WilliButz afd0dc17d6
nixos/prometheus-exporters: use DynamicUser by default
Only define seperate users and groups when necessary.
2019-08-02 18:50:01 +02:00
WilliButz 495222a840
nixos/prometheus-exporter: use separate user for each exporter
Stop using nobody/nogroup by default and use seperate users for each
exporter instead.
2019-08-02 18:49:56 +02:00
WilliButz c221f9fdf2
Merge pull request #65751 from mayflower/pkgs/prometheus-postgres-exporter
prometheus-postgres-exporter: init at 0.5.1
2019-08-02 18:45:32 +02:00
Susan Potter 6923b76eb5
nixos/doc+manual: change copyright year 2018->2019 2019-08-02 10:45:04 -05:00
Alex Brandt bdd7b5a3ab nixos/zfs: add autoReplication functionality
This adds a simple configuration for sending snapshots to a remote
system using zfs-replicate that ties into the autoSnapshot settings
already present in services.zfs.autoSnapshot.
2019-08-02 08:04:21 -07:00
Franz Pletz e4c60a1e42
prometheus-postgres-exporter: init at 0.5.1 2019-08-02 15:59:29 +02:00
Vladimír Čunát a89f245f3b
Merge branch 'master' into openssl-1.1
... to avoid the accidental gnupatch rebuild
2019-08-02 09:47:38 +02:00
Frederik Rietdijk 6f723b9bad Merge master into staging-next 2019-08-02 09:18:37 +02:00
Peter Hoeg f2639566b5
Merge pull request #30712 from peterhoeg/f/service
systemd user services shouldn't run as root and other "non-interactive" users
2019-08-02 11:58:27 +08:00
Robin Gloster 30969073f0
Merge remote-tracking branch 'upstream/master' into openssl-1.1 2019-08-02 03:01:30 +02:00
adisbladis 9e9c6de50c
nodejs-8_x: Drop package
It will be EOL within the support period of 19.09
2019-08-02 02:34:47 +02:00
Robin Gloster 443b0f6332
Merge pull request #65566 from rasendubi/syncthing-group-fix
syncthing: create default group if not overridden
2019-08-01 23:17:37 +00:00
Robin Gloster 41dac4bf9f
Merge pull request #65582 from WilliButz/add-mailexporter
prometheus-mail-exporter: init at 2019-07-14, add module and test
2019-08-01 23:14:21 +00:00
Robin Gloster 19c737fd79
Merge pull request #65699 from jslight90/patch-5
nixos/gitlab: fix config initializer permissions
2019-08-01 23:08:39 +00:00
worldofpeace 64b4a24047 nixos/xdg/portal: set GTK_USE_PORTAL with lib.mkIf
If lib.optional is given a false value it will return an empty list.
Thusly the set-environment script can have

```
export GTK_USE_PORTAL=
```

This can rub certain bugs the wrong way #65679
so lets make sure this isn't set in the environment
at all.
2019-08-01 17:51:51 -04:00
Frederik Rietdijk 55e4555b77 Merge master into staging-next 2019-08-01 09:42:54 +02:00
Colin L Rice d7aa6df31f nix-daemon: Fix builduser count to work when maxJobs is auto 2019-08-01 01:54:28 -04:00
Aaron Andersen a1f738ba87
Merge pull request #62748 from aanderse/mediawiki
nixos/mediawiki: init service to replace httpd subservice
2019-07-31 22:12:23 -04:00
Artemis Tosini 42c3eefd77
nixos/xonsh: Use the package specified in the package option 2019-07-31 23:28:13 +00:00
Nikolay Amiantov 717b8b3219 systemd service: remove generator-packages option
Use systemd.packages instead, it's less error prone and more in line with
what's expected.
2019-08-01 00:55:35 +03:00
Nikolay Amiantov ca780f4a18 swraid service: use upstream units
This fixes a serious bug on NixOS with swraid where mdadm arrays weren't
properly stopped on shutdown. Rather than fixing the unit by adding
`Before=final.target` we completely move to upstream units, which uses
systemd shutdown hooks instead. This also drives down maintenance costs
for us.
2019-08-01 00:55:35 +03:00
Nikolay Amiantov b458121105 stage-1 initrd: replace absolute paths for mdadm
We don't patch basename and readlink now too as they were added for
mdadm in 8ecd3a5e1d.
2019-08-01 00:55:35 +03:00
Nikolay Amiantov 5636fe572b systemd test: add test for systemd-shutdown scripts 2019-08-01 00:55:35 +03:00
Nikolay Amiantov a304fc5d75 systemd service: add support for shutdown packages
Shutdown hooks are executed right before the shutdown, which is useful
for some applications. Among other things this is needed for mdadm hook
to run.
2019-08-01 00:55:35 +03:00
Nikolay Amiantov fd405dab3e systemd service: rename generator-packages 2019-08-01 00:55:35 +03:00
Jeff Slight 7efcbead2c
nixos/gitlab: fix config initializer permissions 2019-07-31 14:55:08 -07:00
edef 4bcc6e11d3
Merge pull request #65227 from NixOS/openssh-known-hosts-ca
nixos/programs/ssh: allow specifying known host CAs
2019-07-31 12:08:58 +00:00
worldofpeace bb4f61f73d
Merge pull request #64121 from tadeokondrak/nixos/programs/shell.nix/remove-gnu-specific-option
nixos/programs/shell.nix: don't use unnecessary GNU-specific option
2019-07-31 02:19:59 -04:00
worldofpeace ea8fc75160
Merge pull request #64948 from ambrop72/videodrivers-radeon-alias
nixos/xserver: Make radeon in videoDrivers an alias for ati.
2019-07-31 02:13:24 -04:00
worldofpeace 6a79f6fb71 nixosTests.flatpak-builder: enable portals
Forgot about this test. Shouldn't fail with an assertion
error anymore.
2019-07-30 23:52:25 -04:00
Daniel Schaefer 8fbf9559df nixos/tests/cassandra: Test jmxPort
The test sets it to a non-standard port so it won't work accidentally
now and we'll be sure that our NixOS option works.
2019-07-31 00:55:04 +02:00
WilliButz deedad80c7
nixos/tests/prometheus-exporters: add mail exporter 2019-07-30 19:29:22 +02:00
WilliButz 5818c73d95
nixos/prometheus-exporters: add mail exporter module 2019-07-30 19:24:26 +02:00
Joachim F a7d71da84d
Merge pull request #65585 from delroth/hardened-pti
nixos/hardened: make pti=on overridable
2019-07-30 10:35:31 +00:00
Janne Heß ae608faa85 nixos/xfs: Add xfs_repair to the initrd
Closes #8820
2019-07-30 09:28:34 +02:00
worldofpeace 7f2f31a812
Merge pull request #65449 from worldofpeace/disable-portals
nixos/xdg: disable portals (again, again)
2019-07-29 21:47:51 -04:00
worldofpeace 1b21c9db91 nixos/xdg: add gtkUsePortal option to portals
Prior to this change GTK_USE_PORTAL was unconditionally
set to "1". For this to not break things you have to have some
sort of portal implementation in extraPortals.

Setting GTK_USE_PORTAL in this manner is actually only useful
when using portals for applications outside flatpak. For example
people using non-flatpak Firefox who want native filechoosers.
It's also WIP for electron applications to support this.
2019-07-29 21:47:09 -04:00
Pierre Bourdon 67b7e70865
nixos/hardened: make pti=on overridable
Introduces a new security.forcePageTableIsolation option (default false
on !hardened, true on hardened) that forces pti=on.
2019-07-30 02:24:56 +02:00
Robin Gloster 9b750c2474
shibboleth-sp: 2.6.1 -> 3.0.4.1 2019-07-30 00:06:12 +02:00
Alexey Shmalko e50539f7b5
syncthing: create default group if not overridden
The following configuration generates a systemd unit that doesn't
start.
```nix
{
  services.syncthing = {
    enable = true;
    user = "my-user";
  };
}
```

It fails with
```
systemd[1]: Started Syncthing service.
systemd[6745]: syncthing.service: Failed to determine group credentials: No such process
systemd[6745]: syncthing.service: Failed at step GROUP spawning /nix/store/n1ydz3i08nqp1ajc50ycy1zribmphqc9-syncthing-1.1.4-bin/bin/syncthing: No such process
systemd[1]: syncthing.service: Main process exited, code=exited, status=216/GROUP
systemd[1]: syncthing.service: Failed with result 'exit-code'.
```

This is due to the fact that `syncthing` group (default) is not
created if the user is overridden.

Add a separate check for setting up the default group, so that
user/group are created independently.
2019-07-29 21:56:12 +03:00
Andrew Childs a5328e1386 fluentd: add simple test 2019-07-30 00:37:21 +09:00
Jörg Thalheim 3b0f0741ea
Merge pull request #65335 from Baughn/wifi-crda
wifi: Include CRDA regulatory database
2019-07-29 07:02:22 +01:00
Svein Ove Aas d28a8cc4af nixos/pantheon: Include CRDA regulatory database 2019-07-28 22:17:19 +01:00
Svein Ove Aas 186dd1ce58 nixos/gnome3: Include CRDA regulatory database 2019-07-28 22:17:10 +01:00
Svein Ove Aas 7ee6226bdd nixos/networkmanager: Include CRDA regulatory database 2019-07-28 22:10:28 +01:00
Svein Ove Aas ac50d8e709 nixos/wpa_supplicant: Include CRDA regulatory database 2019-07-28 22:10:28 +01:00
Bas van Dijk 9ff408a2a4
Merge pull request #60500 from basvandijk/thanos-init
thanos: init at 0.6.0 & NixOS module
2019-07-28 19:14:55 +02:00
edef 9897956d36
Merge pull request #65485 from arcnmx/pr-taskserver-nixos
nixos/taskserver: crl file is optional
2019-07-28 13:02:05 +00:00
Bas van Dijk 0a59be7136 thanos: 0.5.0 -> 0.6.0 2019-07-28 13:28:27 +02:00
Bas van Dijk 6a59dc35f6 nixos/tests/prometheus-2.nix: increase diskSize of the store machine
This is to fix the following error in the test on aarch64-linux:

store# [  126.911144] thanos[739]: level=error ts=2019-06-16T14:00:26.59870538Z caller=main.go:182 msg="running command failed" err="error executing compaction: first pass of downsampling failed: create dir: mkdir /var/lib/thanos-compact/downsample: no space left on device"
store# [  126.942655] systemd[1]: thanos-compact.service: Main process exited, code=exited, status=1/FAILURE
2019-07-28 13:28:27 +02:00
Bas van Dijk dc69b3e6ad nixos/thanos: code style: don't use a space before a colon 2019-07-28 13:28:27 +02:00
Bas van Dijk e32e0e6e02 nixos/thanos: assert that prometheus2 is running and has labels set 2019-07-28 13:28:27 +02:00
Bas van Dijk 13da811853 nixos/thanos: allow overriding arguments to the thanos subcommands 2019-07-28 13:28:27 +02:00
Bas van Dijk 2d0243c187 thanos: 0.4.0 -> 0.5.0-rc.0 2019-07-28 13:28:27 +02:00
Bas van Dijk ebc65a5f21 nixos/thanos: add module for the thanos service 2019-07-28 13:28:27 +02:00
Frederik Rietdijk cb3ce5d26d Merge master into staging-next 2019-07-28 12:11:37 +02:00