1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-12-25 03:17:13 +00:00
Commit graph

137 commits

Author SHA1 Message Date
Jan Tojnar ea6e8775bd
nixos/doc: re-format 2019-09-18 22:13:35 +02:00
obadz e5e6b514f5 citrix-receiver: decomission in favor of citrix-workspace.
Already documented in #64645
2019-09-14 11:11:44 +01:00
worldofpeace 456c42c3e8 nixos/xterm: stateVersion disable by default 2019-09-09 12:07:11 -04:00
adisbladis 8e2fc57a80
postgresql_9_4: Remove package
It's only supported until February 13, 2020 which is during the 19.09 life cycle.
2019-09-07 15:31:27 +01:00
WilliButz bb62066225
nixos/prometheus: remove prometheus1 module, rename prometheus2
Prometheus 1 is no longer supported, instead 'services.prometheus'
now configures the Prometheus 2 service.
2019-09-06 21:55:23 +02:00
worldofpeace 5d4890b58d
Merge pull request #67585 from worldofpeace/system-config-printer
nixos/system-config-printer: init
2019-09-06 12:08:23 -04:00
worldofpeace c6abb69785 rl-1909: note about system-config-printer 2019-09-06 12:06:32 -04:00
adisbladis 194aac9eed
elk-stack: Add release note about elk-5 stack removal 2019-09-06 14:30:49 +01:00
worldofpeace 270b4866e3 rl-1909: make services.gnome3 links sensible 2019-09-06 05:25:27 -04:00
Maximilian Bosch e4bc0e2b5f
weechatScripts.weechat-xmpp: remove
This plugin is fairly outdated and depends on python2 libraries that
don't receive any updates either (xmpppy for instance[1]).

[1] https://pypi.org/project/xmpppy/
2019-09-05 20:03:46 +02:00
Sarah Brofeldt ef76e7df16 nixos/manual: Fix build after broken Ceph release note 2019-09-04 19:33:07 +02:00
Johan Thomsen fb22d67fa7 ceph: 13.2.4 -> 14.2.1
* remove kinetic
* release note
* add johanot as maintainer

nixos/ceph: create option for mgr_module_path
  - since the upstream default is no longer correct in v14

* fix module, default location for libexec has changed
* ceph: fix test
2019-09-04 16:17:18 +02:00
Silvan Mosberger ad13ebe029
Merge pull request #55510 from florianjacob/declarative-printers
nixos/printers: declarative configuration
2019-09-03 17:46:53 +02:00
worldofpeace 9b13731b72
Merge pull request #67522 from worldofpeace/gnome3/harmonize-defaults
Harmonize Gnome3 Defaults
2019-09-01 18:33:00 -04:00
worldofpeace 266db0820e rl-1909: note changes to gnome3 defaults 2019-09-01 18:27:28 -04:00
worldofpeace acced1a381 rl-1909: note gnome3 profile style options 2019-09-01 18:27:28 -04:00
adisbladis f140dfb161
nixos/desktop-managers/xterm: Disable by default
It's a confusing default for some display managers that will default
to it even when you have defined another display manager.
2019-09-01 22:17:35 +01:00
William Casarin cec822a7bb release-notes: add altcoins removal note
Release notes for #67687 (bc08b42da4) [1]
Related issue: #25025 [2]

[1] https://github.com/NixOS/nixpkgs/issues/67687
[2] https://github.com/NixOS/nixpkgs/issues/25025

Suggested-by: @mmahut
Signed-off-by: William Casarin <jb55@jb55.com>
2019-09-01 10:03:18 -07:00
Florian Jacob 18a5d23b55 nixos/printers: declarative configuration 2019-09-01 15:38:30 +02:00
Florian Klink 8680f72c88 nixos/redis: add changelog for #67768 2019-09-01 14:12:47 +02:00
Florian Klink ff2fd6c4e5 nixos/redis: unbreak module
The redis module currently fails to start up, most likely due to running
a chown as non-root in preStart.

While at it, I hardcoded it to use systemd's StateDirectory and
DynamicUser to manage directory permissions, removed the unused
appendOnlyFilename option, and the pidFile option.

We properly tell redis now it's daemonized, and it'll use notify support
to signal readiness.
2019-09-01 14:08:42 +02:00
worldofpeace fcec3ff0dc rl-1909: add note about default emoji font 2019-09-01 00:12:12 -04:00
Florian Klink 645de3b611
Merge pull request #67840 from flokli/systemd-sysctl-sysrq-rl
release-notes: mention restricted SysRq key combinations
2019-09-01 03:59:34 +02:00
Marti Serra d3de35967a crashplan, crashplan-small-business: remove pkg and module 2019-09-01 03:25:19 +02:00
Florian Klink c48170ac02 release-notes: mention restricted SysRq key combinations
This was missing from #66482.
2019-08-31 18:44:35 +02:00
worldofpeace 0d220e4ed6 nixos/fontconfig-penultimate: disable by default
It currently lacks an emoji font-family which means it has to be
disabled for them to function [0].  Additionally it's fallen out of
necessity to ship custom font rendering settings (as far as I'm aware
of).

[0]: https://github.com/NixOS/nixpkgs/pull/67215
2019-08-30 19:50:30 -04:00
edef 722940fcdc nixos/release-notes: fix indentation 2019-08-30 19:32:25 +00:00
adisbladis 41d1b8fa88
emacsPackages: Drop old emacsPackages (non-NG) sets
These have been deprecated for a long time now and has not seen much maintenance.
2019-08-30 16:43:16 +01:00
Peter Simons 19a1e15501 rl-1909.xml: fix XML syntax error that broke the NixOS manual 2019-08-29 20:29:19 +02:00
Arian van Putten 604b7c139f Fix letsencrypt (#60219)
* nixos/acme: Fix ordering of cert requests

When subsequent certificates would be added, they would
not wake up nginx correctly due to target units only being triggered
once. We now added more fine-grained systemd dependencies to make sure
nginx always is aware of new certificates and doesn't restart too early
resulting in a crash.

Furthermore, the acme module has been refactored. Mostly to get
rid of the deprecated PermissionStartOnly systemd options which were
deprecated. Below is a summary of changes made.

* Use SERVICE_RESULT to determine status
This was added in systemd v232. we don't have to keep track
of the EXITCODE ourselves anymore.

* Add regression test for requesting mutliple domains

* Deprecate 'directory' option
We now use systemd's StateDirectory option to manage
create and permissions of the acme state directory.

* The webroot is created using a systemd.tmpfiles.rules rule
instead of the preStart script.

* Depend on certs directly

By getting rid of the target units, we make sure ordering
is correct in the case that you add new certs after already
having deployed some.

Reason it broke before:  acme-certificates.target would
be in active state, and if you then add a new cert, it
would still be active and hence nginx would restart
without even requesting a new cert. Not good!  We
make the dependencies more fine-grained now. this should fix that

* Remove activationDelay option

It complicated the code a lot, and is rather arbitrary. What if
your activation script takes more than activationDelay seconds?

Instead, one should use systemd dependencies to make sure some
action happens before setting the certificate live.

e.g. If you want to wait until your cert is published in DNS DANE /
TLSA, you could create a unit that blocks until it appears in DNS:

```
RequiredBy=acme-${cert}.service
After=acme-${cert}.service
ExecStart=publish-wait-for-dns-script
```
2019-08-29 16:32:59 +02:00
worldofpeace b49a76566d
Merge pull request #67626 from worldofpeace/xfce4-14-doc
rl-1909: add note about Xfce 4.14
2019-08-28 13:54:16 -04:00
worldofpeace 722746c056 rl-1909: add note about Xfce 4.14 2019-08-28 09:57:01 -04:00
Maximilian Bosch 56a7bc05e1
nixos/treewide: drop dependencies to keys.target
The `keys.target` is used to indicate whether all NixOps keys were
successfully uploaded on an unattended reboot. However this can cause
startup issues e.g. with NixOS containers (see #67265) and can block
boots even though this might not be needed (e.g. with a dovecot2
instance running that doesn't need any of the NixOps keys).

As described in the NixOps manual[1], dependencies to keys should be
defined like this now:

``` nix
{
  systemd.services.myservice = {
    after = [ "secret-key.service" ];
    wants = [ "secret-key.service" ];
  };
}
```

However I'd leave the issue open until it's discussed whether or not to
keep `keys.target` in `nixpkgs`.

[1] https://nixos.org/nixops/manual/#idm140737322342384
2019-08-27 18:55:55 +02:00
Silvan Mosberger 210756a450
nixos/pdns-recursor: implement a settings option (#67251)
nixos/pdns-recursor: implement a `settings` option
2019-08-27 14:34:32 +02:00
rnhmjoj d5f098a96c
nixos/doc: mention extraConfig -> settings change in pdns-recursor 2019-08-26 17:47:25 +02:00
Florian Klink 0fb17141fb nixos/systemd: enable cgroup accounting by default
If this is the default for OpenShift already, we probably can enable it
as well.

see https://github.com/openshift/machine-config-operator/pull/581
2019-08-25 22:26:12 +02:00
Alexander V. Nikolaev 885511cb5c rmilter: remove deprecated package (and module) 2019-08-24 17:33:48 +03:00
Robin Gloster 948b3e34a5
squid: remove v3, default to v4 2019-08-22 00:39:52 +02:00
Robin Gloster f4fc845e5b
Merge remote-tracking branch 'upstream/master' into openssl-1.1 2019-08-21 14:25:13 +02:00
Aaron Andersen 249b4ad942
Merge pull request #66492 from aanderse/extra-subservice-cleanup
nixos/httpd: extraSubservices cleanup
2019-08-20 18:55:08 -04:00
Florian Klink 93a03177f2
Merge pull request #66482 from flokli/systemd-sysctl
nixos/systemd: install sysctl snippets
2019-08-19 16:32:00 +02:00
Nikolay Amiantov 9b30cf0cb4 nixos release notes: mention systemd.packages changes 2019-08-19 13:25:15 +03:00
Florian Klink bafc256915 nixos/systemd: remove separate coredump module 2019-08-18 17:54:26 +02:00
Florian Klink 9be0327a49 nixos/systemd: install sysctl snippets
systemd provides two sysctl snippets, 50-coredump.conf and
50-default.conf.

These enable:
 - Loose reverse path filtering
 - Source route filtering
 - `fq_codel` as a packet scheduler (this helps to fight bufferbloat)

This also configures the kernel to pass coredumps to `systemd-coredump`.
These sysctl snippets can be found in `/etc/sysctl.d/50-*.conf`,
and overridden via `boot.kernel.sysctl`
(which will place the parameters in `/etc/sysctl.d/60-nixos.conf`.

Let's start using these, like other distros already do for quite some
time, and remove those duplicate `boot.kernel.sysctl` options we
previously did set.

In the case of rp_filter (which systemd would set to 2 (loose)), make
our overrides to "1" more explicit.
2019-08-18 17:54:26 +02:00
Florian Klink e5965bd489 nixos/sysctl: rename /etc/sysctl.d/nixos.conf -> 60-nixos.conf
sysctl.d(5) recommends prefixing all filenames in /etc/sysctl.d with a
two-digit number and a dash, to simplify the ordering of the files.

Some packages provide custom files, often with "50-" prefix.
To ensure user-supplied configuration takes precedence over the one
specified via `boot.kernel.sysctl`, prefix the file generated there with
"60-".
2019-08-18 17:54:26 +02:00
danbst d80cd26ff9 Merge branch 'master' into flip-map-foreach 2019-08-18 18:00:25 +03:00
Aaron Andersen efbdce2e96 nixos/mantisbt: drop unmaintained module 2019-08-15 21:01:23 -04:00
Aaron Andersen 265163da07 nixos/systemhealth: drop unmaintained module 2019-08-15 21:01:23 -04:00
Matthew Bauer 011b12c3ca nixos: Add release notes for CUPS changes 2019-08-14 11:47:48 -04:00
worldofpeace 397c7d26fc installer: Don't run as root
There's many reason why it is and is going to
continue to be difficult to do this:

1. All display-managers (excluding slim) default PAM rules
   disallow root auto login.

2. We can't use wayland

3. We have to use system-wide pulseaudio

4. It could break applications in the session.
   This happened to dolphin in plasma5
   in the past.

This is a growing technical debt, let's just use
passwordless sudo.
2019-08-12 14:45:27 -04:00