1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-19 12:11:28 +00:00
Commit graph

4897 commits

Author SHA1 Message Date
aszlig 636e0e552d
nixos/tests/taskserver: Test imperative users
As the nixos-taskserver command can also be used to imperatively manage
users, we need to test this as well.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-11 12:03:16 +02:00
aszlig 2acf8677fa
nixos/taskserver: Rewrite helper-tool in Python
In the comments of the pull request @nbp wrote:

"Why is it implemented in 3 different languages: Nix, Bash and C?"

And he's right, it doesn't make sense, because we were using C as a
runuser replacement and used Nix to generate the shellscript
boilerplates.

Writing this in Python gets rid of all of this and we also don't need
the boilerplate as well, because we're using Click to handle all the
command line stuff.

Note that this currently is a 1:1 implementation of what we had before.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-11 12:02:52 +02:00
joachifm 9c484f29ce Merge pull request #14564 from valeriangalliat/shout/config
Shout: configure with attrs
2016-04-11 09:56:10 +02:00
joachifm 245f200dd8 Merge pull request #11987 from angus-g/caddy
Add Caddy and its NixOS module
2016-04-11 09:20:21 +02:00
aszlig 85832de2e8
nixos/taskserver: Remove client.cert option
The option is solely for debugging purposes (particularly the unit tests
of the project itself) and doesn't make sense to include it in the NixOS
module options.

If people want to use this, we might want to introduce another option so
that we can insert arbitrary configuration lines.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-10 21:37:12 +02:00
aszlig c1178f171c
nixos/xserver: Use null as default for dpi option
Commit 98d9bba introduced this option as a nullOr type and it actually
checks whether null has been set and only appends -dpi if that's the
case. So let's actually set the default to null instead of 0.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-10 17:46:17 +02:00
Valérian Galliat b0d1eb4579 Shout: configure with attrs 2016-04-10 10:49:32 -04:00
Joachim Fasting cef2814a4f nixos: add optional process information hiding
This module adds an option `security.hideProcessInformation` that, when
enabled, restricts access to process information such as command-line
arguments to the process owner.  The module adds a static group "proc"
whose members are exempt from process information hiding.

Ideally, this feature would be implemented by simply adding the
appropriate mount options to `fileSystems."/proc".fsOptions`, but this
was found to not work in vmtests. To ensure that process information
hiding is enforced, we use a systemd service unit that remounts `/proc`
after `systemd-remount-fs.service` has completed.

To verify the correctness of the feature, simple tests were added to
nixos/tests/misc: the test ensures that unprivileged users cannot see
process information owned by another user, while members of "proc" CAN.

Thanks to @abbradar for feedback and suggestions.
2016-04-10 12:27:06 +02:00
Vladimír Čunát 30f14243c3 Merge branch 'master' into closure-size
Comparison to master evaluations on Hydra:
  - 1255515 for nixos
  - 1255502 for nixpkgs
2016-04-10 11:17:52 +02:00
Franz Pletz b667040c7c Merge pull request #14543 from groxxda/fix/minidlna
minidlna: logging via journalctl, use systemd runtimedirectory, install manpages
2016-04-10 01:14:48 +02:00
Tuomas Tynkkynen 03c6434756 Merge pull request #14526 from Profpatsch/fish-completions
fish: pick up completion files from other packages
2016-04-09 20:08:46 +03:00
joachifm 079c03a2c9 Merge pull request #14539 from colemickens/update-plex
Plex: update plex, plexpass; fix plex module to restart
2016-04-09 18:01:58 +02:00
Brandon Edens 98d9bbaec2 Add DPI option to xserver invocation. 2016-04-08 18:53:42 -07:00
Profpatsch a011083cda fish: pick up completion files from other packages
Some packages bring their own completions in
/share/fish/vendor_completions.d. Now they are picked up by fish from
every path in NIX_PROFILES.
2016-04-09 00:08:48 +02:00
Alexander Ried 72cd570421 minidlna: use journalctl for logging, systemd for runtimedir 2016-04-08 23:04:12 +02:00
Alexander Ried 4d87926795 minidlna: use hostname in DLNA friendly name 2016-04-08 23:04:12 +02:00
Cole Mickens db9640b032 plex module: restart on failure 2016-04-08 10:55:59 -07:00
Joachim Fasting 678e1955b1 manual: delete dangling pointer to real-world NixOS configs
At some point we probably want to replace this with a curated list
of configurations or even an upstreamed repository of examples, but
for now this is just noise.

Fixes NixOS/nixpkgs#14522
2016-04-08 19:34:57 +02:00
Emery Hemingway c7379b30dc u9fs service: switch user with systemd
Drop the broken fsRoot option.
2016-04-08 16:32:30 +02:00
Moritz Ulrich e366d8294e systemd.generators: Generate folders via environment.etc. 2016-04-08 14:50:20 +02:00
Moritz Ulrich 88e2cc480f systemd.generator-packages: Option to specify packages providing generators. 2016-04-08 14:50:20 +02:00
joachifm 6d2df6d578 Merge pull request #14222 from Pleune/fix/iodined-client-mode
iodine service: add client mode implimentation
2016-04-08 02:19:32 +02:00
Eelco Dolstra 133e6e1ea6 httpd.service: Support reload
This is useful when ACME has generated a new TLS certificate.
2016-04-07 17:53:46 +02:00
Vladimír Čunát 710573ce6d Merge #12653: rework default outputs 2016-04-07 16:00:09 +02:00
Vladimír Čunát 9a824f2f1d treewide: rename extraOutputs{ToLink,ToInstall}
This is to get more consistent with `meta.outputsToInstall`.
2016-04-07 15:59:44 +02:00
Vladimír Čunát 2995439003 buildEnv: respect meta.outputsToInstall
As a result `systemPackages` now also respect it.
Only nix-env remains and that has a PR filed:
    https://github.com/NixOS/nix/pull/815
2016-04-07 15:59:44 +02:00
Thomas Tuegel 4ac323d924 kde5: enable libmtp udev rules 2016-04-07 07:44:26 -05:00
Vladimír Čunát d1df28f8e5 Merge 'staging' into closure-size
This is mainly to get the update of bootstrap tools.
Otherwise there were mysterious segfaults:
https://github.com/NixOS/nixpkgs/pull/7701#issuecomment-203389817
2016-04-07 14:40:51 +02:00
aszlig 64e566a49c
nixos/taskserver: Add module documentation
It's not by any means exhaustive, but we're still going to change the
implementation, so let's just use this as a starting point.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-07 14:26:12 +02:00
aszlig 8b793d1916
nixos/taskserver: Rename client.{allow,deny}
These values match against the client IDs only, so let's rename it to
something that actually reflects that. Having client.cert in the same
namespace also could lead to confusion, because the client.cert setting
is for the *debugging* client only.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-07 14:26:11 +02:00
aszlig 04fa5dcdb8
nixos/taskserver: Fix type/description for ciphers
Referring to the GnuTLS documentation isn't very nice if the user has to
use a search engine to find that documentation. So let's directly link
to it.

The type was "str" before, but it's actually a colon-separated string,
so if we set options in multiple modules, the result is one concatenated
string.

I know there is types.envVar, which does the same as separatedString ":"
but I found that it could confuse the reader of the Taskserver module.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-07 14:22:25 +02:00
aszlig 33f948c88b
nixos/taskserver: Fix type for client.{allow,deny}
We already document that we allow special values such as "all" and
"none", but the type doesn't represent that. So let's use an enum in
conjuction with a loeOf type so that this becomes clear.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-07 14:21:42 +02:00
Lluís Batlle i Rossell e1bcc27f1a Making trac/ldap handle httpd 2.4.
The option authzldapauthoritative had been removed in 2.4

I pushed this into 16.03 instead of master first. My fault.
(cherry picked from commit 516f47efef)
2016-04-07 11:40:22 +02:00
Angus Gibson bb6408ba16 caddy service: initial implementation 2016-04-05 23:45:54 +00:00
joachifm 97c8bf61ef Merge pull request #14474 from MatrixAI/fixed-stage1
nixos/stage-1: Removed logCommands conditional for resetting the file descriptors after completion of logging
2016-04-05 22:39:14 +02:00
aszlig 2d89617052
nixos/taskserver: Rename nixos-taskdctl
Using nixos-taskserver is more verbose but less cryptic and I think it
fits the purpose better because it can't be confused to be a wrapper
around the taskdctl command from the upstream project as
nixos-taskserver shares no commonalities with it.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-05 18:53:31 +02:00
aszlig 78925e4a90
nixos/taskserver: Factor out nixos-taskdctl
With a cluttered up module source it's really a pain to navigate through
it, so it's a good idea to put it into another file.

No changes in functionality here, just splitting up the files and fixing
references.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-05 18:53:31 +02:00
aszlig 61b8d9ebe0
nixos/tests: Add a test for the Taskserver service
A small test which checks whether tasks can be synced using the
Taskserver.

It doesn't test group functionality because I suspect that they're not
yet implemented upstream. I haven't done an in-depth check on that but I
couldn't find a method of linking groups to users yet so I guess this
will get in with one of the text releases of Taskwarrior/Taskserver.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-05 18:53:31 +02:00
aszlig 0141b4887d
nixos/taskserver: Use nixos-taskdctl in preStart
Finally, this is where we declaratively set up our organisations and
users/groups, which looks like this in the system configuration:

services.taskserver.organisations.NixOS.users = [ "alice" "bob" ];

This automatically sets up "alice" and "bob" for the "NixOS"
organisation, generates the required client keys and signs it via the
CA.

However, we still need to use nixos-taskdctl export-user in order to
import these certificates on the client.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-05 18:53:31 +02:00
aszlig 227229653a
nixos/taskserver: Add a nixos-taskdctl command
It's a helper for NixOS systems to make it easier to handle CA
certificate signing, similar to what taskd provides but comes preseeded
with the values from the system configuration.

The tool is very limited at the moment and only allows to *add*
organisations, users and groups. Deletion and suspension however is much
simpler to implement, because we don't need to handle certificate
signing.

Another limitation is that we don't take into account whether
certificates and keys are already set in the system configuration and if
they're set it will fail spectacularly.

For passing the commands to the taskd command, we're using a small C
program which does setuid() and setgid() to the Taskserver user and
group, because runuser(1) needs PAM (quite pointless if you're already
root) and su(1) doesn't allow for setting the group and setgid()s to the
default group of the user, so it even doesn't work in conjunction with
sg(1).

In summary, we now have a shiny nixos-taskdctl command, which lets us do
things like:

nixos-taskdctl add-org NixOS
nixos-taskdctl add-user NixOS alice
nixos-taskdctl export-user NixOS alice

The last command writes a series of shell commands to stdout, which then
can be imported on the client by piping it into a shell as well as doing
it for example via SSH:

ssh root@server nixos-taskdctl export-user NixOS alice | sh

Of course, in terms of security we need to improve this even further so
that we generate the private key on the client and just send a CSR to
the server so that we don't need to push any secrets over the wire.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-05 18:53:31 +02:00
aszlig 5146f76095
nixos/taskserver: Add an option for organisations
We want to declaratively specify users and organisations, so let's add
another module option "organisations", which allows us to specify users,
groups and of course organisations.

The implementation of this is not yet done and this is just to feed the
boilerplate.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-05 18:53:31 +02:00
aszlig 274fe2a23b
nixos/taskserver: Fix generating server cert
We were generating a self-signed certificate for the server so far,
which we obviously don't want.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-05 18:53:31 +02:00
aszlig 77d7545fac
nixos/taskserver: Introduce a new fqdn option
Using just the host for the common name *and* for listening on the port
is quite a bad idea if you want to listen on something like :: or an
internal IP address which is proxied/tunneled to the outside.

Hence this separates host and fqdn.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-05 18:53:31 +02:00
aszlig d94ac7a454
nixos/taskserver: Use types.str instead of string
The "string" option type has been deprecated since a long time
(800f9c2), so let's not use it here.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-05 18:53:31 +02:00
aszlig 411c6f77a3
nixos/taskserver: Add trust option to config file
The server starts up without that option anyway, but it complains about
its value not being set. As we probably want to have access to that
configuration value anyway, let's expose this via the NixOS module as
well.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-05 18:53:31 +02:00
aszlig 1f410934f2
nixos/taskserver: Properly indent CA config lines
No change in functionality, but it's easier to read when properly
indented.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-05 18:53:31 +02:00
aszlig 3d820d5ba1
nixos/taskserver: Refactor module for CA creation
Now the service starts up if only the services.taskserver.enable option
is set to true.

We now also have three systemd services (started in this order):

 * taskserver-init: For creating the necessary data directory and also
                    includes a refecence to the configuration file in
                    the Nix store.
 * taskserver-ca:   Only enabled if none of the server.key, server.cert,
                    server.crl and caCert options are set, so we can
                    allow for certificates that are issued by another
                    CA.
                    This service creates a new CA key+certificate and a
                    server key+certificate and signs the latter using
                    the CA key.
                    The permissions of these keys/certs are set quite
                    strictly to allow only the root user to sign
                    certificates.
 * taskserver:      The main Taskserver service which just starts taskd.

We now also log to stdout and thus to the journal.

Of course, there are still a few problems left to solve, for instance:

 * The CA currently only signs the server certificates, so it's
   only usable for clients if the server doesn't validate client certs
   (which is kinda pointless).
 * Using "taskd <command>" is currently still a bit awkward to use, so
   we need to properly wrap it in environment.systemPackages to set the
   dataDir by default.
 * There are still a few configuration options left to include, for
   example the "trust" option.
 * We might want to introduce an extraConfig option.
 * It might be useful to allow for declarative configuration of
   organisations and users, especially when it comes to creating client
   certificates.
 * The right signal has to be sent for the taskserver service to reload
   properly.
 * Currently the CA and server certificates are created using
   server.host as the common name and doesn't set additional certificate
   information. This could be improved by adding options that explicitly
   set that information.

As for the config file, we might need to patch taskd to allow for
setting not only --data but also a --cfgfile, which then omits the
${dataDir}/config file. We can still use the "include" directive from
the file specified using --cfgfile in order to chainload
${dataDir}/config.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-05 18:53:31 +02:00
aszlig 6d38a59c2d
nixos/taskserver: Improve module options
The descriptions for the options previously seem to be from the
taskdrc(5) manual page. So in cases where they didn't make sense for us
I changed the wording a bit (for example for client.deny we don't have a
"comma-separated list".

Also, I've reordered things a bit for consistency (type, default,
example and then description) and add missing types, examples and
docbook tags.

Options that are not used by default now have a null value, so that we
can generate a configuration file out of all the options defined for the
module.

The dataDir default value is now /var/lib/taskserver, because it doesn't
make sense to put just yet another empty subdirectory in it and "data"
doesn't quite make sense anyway, because it also contains the
configuration file as well.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-05 18:53:31 +02:00
aszlig 8081c791e9
nixos/taskserver: Remove options for log/pidFile
We're aiming for a proper integration into systemd/journald, so we
really don't want zillions of separate log files flying around in our
system.

Same as with the pidFile. The latter is only needed for taskdctl, which
is a SysV-style initscript and all of its functionality plus a lot more
is handled by systemd already.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-05 18:53:31 +02:00
aszlig 5060ee456c
nixos/taskserver: Unify taskd user and group
The service doesn't start with the "taskd" user being present, so we
really should add it. And while at it, it really makes sense to add a
default group as well.

I'm using a check for the user/group name as well, to allow the
taskserver to be run as an existing user.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-05 18:53:31 +02:00
aszlig 743993f4be
nixos/ids: Rename uid and add gid for "taskd"
I'm renaming the attribute name for uid, because the user name is called
"taskd" so we should really use the same name for it.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-05 18:53:31 +02:00
Matthias Beyer 5442f22d05
Add taskserver to ids.nix 2016-04-05 18:53:31 +02:00
Matthias Beyer 80ae0fe9a2
Add taskserver to module-list 2016-04-05 18:53:31 +02:00
Matthias Beyer e6ace2a76a
taskd service: Add initialization script 2016-04-05 18:53:31 +02:00
Matthias Beyer da53312f5c
Add services file for taskwarrior server service 2016-04-05 18:53:31 +02:00
Roger Qiu 53e8e93939 nixos/stage-1: Removed logCommands conditional for resetting the file descriptors after completion of logging 2016-04-06 00:27:18 +10:00
Eelco Dolstra ab2855b975 Add 16.03 AMIs 2016-04-05 11:25:12 +02:00
Eelco Dolstra 69c746d06b Update AMI creation script 2016-04-05 11:25:12 +02:00
joachifm f09854c379 Merge pull request #14426 from nbp/fix-rl1603-typo
Fix typo in service.syncthing.dataDir description.
2016-04-04 12:41:35 +02:00
Nicolas B. Pierron 411408f74c Fix typo in service.syncthing.dataDir description. 2016-04-03 17:36:38 +00:00
joachifm 4559bff785 Merge pull request #14395 from peterhoeg/pa
pulseaudio nixos module: run as systemd user service instead
2016-04-02 22:24:26 +00:00
joachifm 376b57fefe Merge pull request #14396 from peterhoeg/dbus
dbus nixos module: add units for systemd user session
2016-04-02 22:23:42 +00:00
joachifm 687d21e4fd Merge pull request #14405 from jerith666/crashplan-46-r2
Crashplan 46 r2
2016-04-02 22:06:40 +00:00
Matt McHenry 213a8a1e96 crashplan: fix vardir file existence check 2016-04-02 16:43:12 -04:00
Rastus Vernon d6998b0674 nixos manual: recommend use of dd for writing the image
Unetbootin works by altering the image and placing a boot loader on it.
For this reason, it cannot work with UEFI and the installation guides
for other distributions (incl. Debian and Fedora) recommend against
using it.

Since dd writes the image verbatim to the drive, and not just the files,
it is not necessary to change the label after using it for UEFI
installations.

vcunat: tiny changes to the PR. Close #14139.
2016-04-02 17:41:38 +02:00
Peter Hoeg ca3f82e258 pulseaudio nixos module: run as systemd user service instead
Most of the desktop environments will spawn pulseaudio, but we can instead simply run it as a systemd service instead.

This patch also makes the system wide service run in foreground as recommended by the systemd projects and allows it to use sd_notify to signal ready instead of reading a pid written to a file. It is now also restarted on failure.

The user version has been tested with KDE and works fine there.

The system-wide version runs, but I haven't actually used it and upstream does not recommend running in this mode.
2016-04-02 23:18:22 +08:00
Peter Hoeg 83cb6ec399 dbus nixos module: add units for systemd user session
This patch makes dbus launch with any user session instead of
leaving it up to the desktop environment launch script to run it.

It has been tested with KDE, which simply uses the running daemon
instead of launching its own.

This is upstream's recommended way to run dbus.
2016-04-02 23:11:57 +08:00
Arnold Krille 3c819f28f5 containers: Make declarative containers real systemd services
Without the templating (which is still present for imperative containers), it
will be possible to set individual dependencies. Like depending on the network
only if the hostbridge or hardware interfaces are used.

Ported from #3021
2016-04-02 17:07:41 +02:00
Arnold Krille 2d6a2b4131 containers tests: Distinguish declarative and imperative containers 2016-04-02 17:07:41 +02:00
Arnold Krille 3b31c52d4b containers: Add more tests for ipv6 and hostbridge
A testcase each for
- declarative ipv6-only container
  Seems odd to define the container IPs with their prefix length attached.
  There should be a better way…
- declarative bridged container

Also fix the ping test by waiting for the container to start

When the ping was executed, the container might not have finished starting. Or
the host-side of the container wasn't finished with config. Waiting for
2 seconds in between fixes this.
2016-04-02 17:07:41 +02:00
Arnold Krille aa46904490 containers: Add a hostbridge and ipv6 addresses
This allows the containers to have their interface in a bridge on the host.
Also this adds IPv6 addresses to the containers both with bridged and unbridged
network.
2016-04-02 17:07:41 +02:00
Eelco Dolstra f2af8874e8 Revert "initrd: Use modprobe from busybox"
This reverts commit 45c218f893.

Busybox's modprobe causes numerous "Unknown symbol" errors in the
kernel log, even though the modules do appear to load correctly.
2016-04-01 17:39:09 +02:00
joachifm b9ba6e2f6b Merge pull request #14297 from elitak/mfi
mfi: init at 2.1.11
2016-04-01 14:57:28 +00:00
Eelco Dolstra 3fb1708427 ssh: Fix support for ssh-dss host keys 2016-04-01 15:54:52 +02:00
Arseniy Seroka 882d0b35b8 Merge pull request #14145 from MostAwesomeDude/tahoe
services: Add Tahoe-LAFS service.
2016-04-01 15:23:37 +03:00
Eric Litak 0de2d2fbcd mfi: init at 2.1.11
This package has some outdated dependencies, so old versions of mongodb
and v8 had to be re-added as well.
2016-04-01 02:45:11 -07:00
Vladimír Čunát ab15a62c68 Merge branch 'master' into closure-size
Beware that stdenv doesn't build. It seems something more will be needed
than just resolution of merge conflicts.
2016-04-01 10:06:01 +02:00
joachifm ba90ae904e Merge pull request #14346 from rnhmjoj/syncthing-daemon
syncthing: run daemon with dedicated user as default
2016-04-01 00:07:53 +00:00
rnhmjoj a98a918b10 syncthing: run daemon with dedicated user as default 2016-04-01 01:26:52 +02:00
Domen Kožar d8abfc87c6 changelog: correct path to gitit nixos module 2016-03-31 23:49:38 +01:00
Domen Kožar cc25628212 changelog: note binutils upgrade
(cherry picked from commit 216c840ca8)
Signed-off-by: Domen Kožar <domen@dev.si>
2016-03-31 23:47:38 +01:00
Domen Kožar 9dfc6829fe changelog: note release date
(cherry picked from commit 279557e6d2)
Signed-off-by: Domen Kožar <domen@dev.si>
2016-03-31 23:47:34 +01:00
Domen Kožar b357ee9a6f changelog: add all new NixOS modules
(cherry picked from commit d231868990)
Signed-off-by: Domen Kožar <domen@dev.si>
2016-03-31 23:47:31 +01:00
Domen Kožar 55a86b799e nixos-generate-config.pl: correct path for broadcom-43xx
(cherry picked from commit b01eedaeec)
Signed-off-by: Domen Kožar <domen@dev.si>
2016-03-31 23:47:20 +01:00
Corbin e3e5633307 services: Add Tahoe-LAFS service.
Including systemd configuration and much of the standard storage node and
introducer configuration.
2016-03-31 14:01:09 -07:00
Eelco Dolstra 4e356cefd7 Move the EC2 AMI registry from the NixOps repo
NixOps has infrequent releases, so it's not the best place for keeping
the list of current AMIs. Putting them in Nixpkgs means that AMI
updates will be delivered as part of the NixOS channels.
2016-03-31 14:16:51 +02:00
Eelco Dolstra e60be0923b NixOS manual: Add some release notes 2016-03-31 12:32:33 +02:00
Franz Pletz e5334ceca2 Merge pull request #14305 from benwbooth/xe-guest-utilities-6.2.0
xe-guest-utilities: init at 6.2.0
2016-03-31 10:12:42 +02:00
aszlig a3ac630092
nixos/tests: Add a test for keyboard layouts
I had the basic version of this laying around for some while but didn't
continue on it. Originally it was for testing support for the Neo layout
introduced back then (8cd6d53).

We only test the first three Neo layers, because the last three layers
are largely comprised of special characters and in addition to that the
support for the VT keymap seems to be limited compared to the Xorg
keymap.

Yesterday @NicolasPetton on IRC had troubles with the Colemak layout
(IRC logs: http://nixos.org/irc/logs/log.20160330, starting at 16:08)
and I found that test again, so I went for improving and adding to
<nixpkgs>.

While the original problem seemed to be related to GDM, we can still add
another subtest that checks whether GDM correctly applies the keyboard
layout. However I don't have a clue how to properly configure the
keyboard layout on GDM, at least not within the NixOS configuration.

The main goal of this test is not to test a complete set of all key
mappings but to check whether the keymap is loaded and working at all.

It also serves as an example for NixOS keyboard configurations.

The list of keyboard layouts is by no means complete, so everybody is
free to add their own to the test or improve the existing ones.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-03-31 09:49:08 +02:00
Eelco Dolstra 1783e33b06 Fix the boot-ec2-config test 2016-03-30 22:22:40 +02:00
Eelco Dolstra 0d3738cdcc Fix the EC2 test
We now generate a qcow2 image to prevent hitting Hydra's output size
limit. Also updated /root/user-data -> /etc/ec2-metadata/user-data.

http://hydra.nixos.org/build/33843133
2016-03-30 21:50:23 +02:00
Ben Booth 449d908b88 xe-guest-utilities: init at 6.2.0
use mkEnableOption

use sha256

add xe-guest-utilities to module-list.nix
2016-03-30 09:27:40 -07:00
Domen Kožar e2e56a902f fix eval 2016-03-30 16:43:36 +01:00
Eelco Dolstra c94f8a4abd nixos-rebuild: Fix Nix fallback
Somebody forgot that Bash is not a real programming language...
2016-03-30 16:36:18 +02:00
Domen Kožar 96be420e44 move growpart out of nixos into cloud-init package 2016-03-30 14:40:24 +01:00
joachifm f807cce1eb Merge pull request #14175 from peterhoeg/tmux
tmux nixos module: add nixos program module for tmux
2016-03-29 20:26:42 +00:00
Nikolay Amiantov 63f1eb6b00 xserver service: add glamoregl for intel drivers
Closes #14286

Credits to vcunat for the initial patch.
2016-03-29 18:52:04 +03:00
Vladimír Čunát d9b98b6b50 manual rl-16.03: document broadcom issue #12595 2016-03-29 16:32:50 +02:00
Domen Kožar c56c3b6596 nixos/lib/testing.nix: make 'config' a free variable
cc @edolstra
2016-03-29 14:16:54 +01:00
Franz Pletz dcae10ebda wpa_supplicant service: Depend on interfaces being present 2016-03-28 21:52:23 +00:00
Graham Christensen 37617a2c45 nixos.tests.installer.swraid: mdadm verbosity
These two steps seem to fail intermittently with exit code 1. It isn't clear to me why, or what the issue is. Adding the `--verbose` option, hoping to capture some debugging information which might aid stabilization. Also: I was unable to replicate the failure locally.
2016-03-28 14:00:00 -05:00
joachifm e496e5cd75 Merge pull request #14176 from peterhoeg/vbox
virtualbox service: fix use of deprecated option names
2016-03-28 13:54:16 +00:00
Peter Hoeg 8d1660ce14 virtualbox service: fix use of deprecated option names 2016-03-28 14:22:18 +08:00
Nikolay Amiantov 25754a5fc2 uwsgi service: use python.buildEnv, fix PATH 2016-03-27 19:23:01 +03:00
Nikolay Amiantov ea5c7d553c dspam service: run after postgresql to prevent segfaults 2016-03-27 19:23:01 +03:00
Peter Hoeg a314814c19 tmux nixos module: add nixos program module for tmux
This basic module allows you to specify the tmux configuration.

As great as tmux is, some of the defaults are pretty awful, so having a
way to specify the config really helps.
2016-03-27 13:24:09 +08:00
Kevin Cox 26bd115c9c etcd: 2.1.2 -> 2.3.0 2016-03-26 22:47:15 -04:00
Mitchell Pleune 879778091a iodine service: add clients implimentation
- services.iodined moved to services.iodine
- configuration file backwards compatable
- old iodine server configuration moved to services.iodine.server
- attribute set services.iodine.clients added to specify any number
  of iodine clients
  - example:
    iodine.clients.home = { server = "iodinesubdomain.yourserver.com"; ... };
  - client services names iodine-name where name would be home
2016-03-26 21:16:29 -04:00
Eelco Dolstra 54ca7e9f75 Restore core dumps
Systemd 229 sets kernel.core_pattern to "|/bin/false" by default,
unless systemd-coredump is enabled. Revert back to the default of
writing "core" in the current directory.
2016-03-25 17:29:29 +01:00
Eelco Dolstra ddd480ac30 Revert "Remove which -> type -P alias."
This reverts commit e8e8164f34. I
misread the original commit as adding the "which" package, but it only
adds it to base.nix. So then the original motivation (making it work
in subshells) doesn't hold. Note that we already have some convenience
aliases that don't work in subshells either (such as "ll").
2016-03-25 17:17:07 +01:00
Eelco Dolstra fca9b335ae Hide sendmailSetuidWrapper 2016-03-25 16:08:34 +01:00
Brian McKenna e50bee65f0 opengl.extraPackages32: pkgsi686Linux in example
Issue #12616 uses this example but the commit doesn't.
2016-03-26 00:50:56 +11:00
Domen Kožar 7a89a85622 nix.useChroot: allow 'relaxed' as a value 2016-03-25 12:50:39 +00:00
Joachim Fasting ea443d719c nixos/tests: implement a trivial test for sudo
This is an alternative to NixOS/nixpkgs#6721, with
improvements suggested by @edolstra
2016-03-25 06:33:11 +01:00
Arseniy Seroka 2358582976 Merge pull request #14045 from otwieracz/master
znapzend: added
2016-03-24 23:10:40 +03:00
Slawomir Gonet 3ff417cbb7 znapzend service: init at 0.15.3 2016-03-24 20:57:33 +01:00
Joachim Fasting 2438c61255 dnscrypt-proxy vmtest: more specific waitForUnit
The test sometimes times out waiting for multi-user.target; this
should be more robust.
2016-03-24 17:14:22 +01:00
Joachim Fasting 1ca4610577 dnscrypt-proxy service: change default upstream resolver
Previously, the cisco resolver was used on the theory that it would
provide the best user experience regardless of location.  The downsides
of cisco are 1) logging; 2) missing supoprt for DNS security extensions.

The new upstream resolver is located in Holland, supports DNS security,
and *claims* to not log activity. For users outside of Europe, this will
mean reduced performance, but I believe it's a worthy tradeoff.
2016-03-24 17:14:22 +01:00
Joachim Fasting 9bf6e64860 dnscrypt-proxy service: use dynamic uid/gid
The daemon doesn't have any portable data, reserving a
UID/GID for it is redundant.

This frees up UID/GID 151.
2016-03-24 17:14:22 +01:00
Joachim Fasting 03bdf8f03c dnscrypt-proxy service: additional hardening
Run the daemon with private /home and /run/user to
prevent it from enumerating users on the system.
2016-03-24 17:14:22 +01:00
Joachim Fasting 4001917359 dnscrypt-proxy service: cosmetic enhancements 2016-03-24 17:14:22 +01:00
joachifm f8858c383b Merge pull request #14140 from Pleune/fix/iodined-wait-for-network
iodined service: wantedBy ip-up.target
2016-03-24 13:20:00 +00:00
Domen Kožar d43da3c488 Pin hydra-www and hydra-queue-runner uids
hydra user is already pinned, this is needed due to
https://github.com/NixOS/nixpkgs/issues/14148

(cherry picked from commit 0858ece1ad)
Signed-off-by: Domen Kožar <domen@dev.si>
2016-03-23 12:17:18 +00:00
Mitchell Pleune 927aaecbcb iodined service: wantedBy ip-up.target
When iodined tries to start before any interface other than loopback has an ip, iodined fails.
Wait for ip-up.target

The above is because of the following:
in iodined's code: src/common.c line 157
	the flag AI_ADDRCONFIG is passed as a flag to getaddrinfo.
	Iodine uses the function

		get_addr(char *host,
			int port,
			int addr_family,
			int flags,
			struct sockaddr_storage *out);

	to get address information via getaddrinfo().

	Within get_addr, the flag AI_ADDRCONFIG is forced.

	What this flag does, is cause getaddrinfo to return
	"Name or service not known" as an error explicitly if no ip
	has been assigned to the computer.
	see getaddrinfo(3)

Wait for an ip before starting iodined.
2016-03-22 23:40:49 -04:00
Domen Kožar ba78130c21 remove elrangR15 and riak 1.3.0 as they're outdated
(cherry picked from commit 4452a68425)
Signed-off-by: Domen Kožar <domen@dev.si>
2016-03-22 21:40:07 +00:00
Pascal Wittmann 4295ad5ee8 Merge pull request #14079 from NixOS/add-radicale-user
radicale service: run with dedicated user
2016-03-21 13:56:23 +01:00
aszlig 96a9c23f49
Merge branch 'chromium-source-refactor'
Fixes #12794 by reverting the source tree splitup (c92dbff) to use the
source tarball directly into the main Chromium derivation and making the
whole source/ subdirectory obsolete. The reasons for this are explained
in 4f981b4f84.

This also now renames the "sources.nix" file to "upstream-info.nix",
which is a more proper name for the file, because it not only contains
"source code" but also the Chrome binaries needed for the proprietary
plugins (of course "source" could also mean "where to get it", but I
wanted to avoid this ambiguity entirely).

I have successfully built and tested this using the VM tests.

All results can be found here:

https://headcounter.org/hydra/eval/313435
2016-03-21 04:10:06 +01:00
aszlig e047d79279
nixos/tests/chromium: Propagate "system" to pkgs
Assigning the channelMap by the function attrset argument at the
top-level of the test expression file may reference a different
architecture than we need for the tests.

So if we get the pkgs attribute by auto-calling, this will lead to test
failure because we have a different architecture for the test than for
the browser.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-03-21 03:50:38 +01:00
aszlig 3bd71b135b
nixos/tests/chromium: Allow overriding channel map
This has been the case before e45c211, but it turns out that it's very
useful to override the channel packages so we can run tests with
different Chromium build options.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-03-20 22:20:39 +01:00
Domen Kožar 1536834ee0 Merge pull request #14066 from jerith666/crashplan-46
crashplan: 3.6.4 -> 4.6.0
2016-03-20 20:10:28 +00:00
Matt McHenry 447c97f929 crashplan: 3.6.4 -> 4.6.0
* the major change is to set TARGETDIR=${vardir}, and symlink from
  ${vardir} back to ${out} instead of the other way around.  this
  gives CP more liberty to write to more directories -- in particular
  it seems to want to write some configuration files outside of conf?

* run.conf does not need 'export'

* minor tweaks to CrashPlanDesktop.patch
2016-03-20 13:56:54 -04:00
joachifm 3273605aef Merge pull request #14033 from joachifm/clfswm-broken
Mark clfswm as broken
2016-03-20 15:27:41 +00:00
Pascal Wittmann a491b75523 radicale service: run with dedicated user
This is done in the context of #11908.
2016-03-20 15:50:14 +01:00
zimbatm 008f170bcb Merge pull request #14012 from peti/update-gnupg
Update default version of gnupg to 2.1.x
2016-03-20 00:05:15 +00:00
Pascal Wittmann 8ddfab0cf2 nixos/manpages: enable linebreaking after slashes
Allow linbreaks after slashes in long URLs. The option used
is documented at

   http://docbook.sourceforge.net/release/xsl/current/doc/manpages/man.break.after.slash.html

This commit fixes #4538.
2016-03-19 17:16:59 +01:00
Joachim Fasting e891e50946 nixos: disable the clfswm window manager module 2016-03-19 15:52:18 +01:00
Joachim Fasting ece457c62f nixos/tests: fix docker test
The docker service is socket activated by default; thus,
`waitForUnit("docker.service")` before any docker command causes the
unit test to time out.

Instead, do `waitForUnit("sockets.target")` to ensure that sockets are
setup before running docker commands.
2016-03-19 03:18:17 +01:00
Peter Simons 9a2ee42f52 Document the fact that the firewall allows pings by default in rl-1603.xml. 2016-03-18 12:00:39 +01:00
Peter Simons c523aeffde nixos/tests/firewall.nix: ping now succeeds in the firewall's default configuration 2016-03-18 11:44:07 +01:00
Peter Simons 5391882ebd services.xserver.startGnuPGAgent: remove obsolete NixOS option
GnuPG 2.1.x changed the way the gpg-agent works, and that new approach no
longer requires (or even supports) the "start everything as a child of the
agent" scheme we've implemented in NixOS for older versions.

To configure the gpg-agent for your X session, add the following code to
~/.xsession or some other appropriate place that's sourced at start-up:

    gpg-connect-agent /bye
    GPG_TTY=$(tty)
    export GPG_TTY

If you want to use gpg-agent for SSH, too, also add the settings

    unset SSH_AGENT_PID
    export SSH_AUTH_SOCK="${HOME}/.gnupg/S.gpg-agent.ssh"

and make sure that

    enable-ssh-support

is included in your ~/.gnupg/gpg-agent.conf.

The gpg-agent(1) man page has more details about this subject, i.e. in the
"EXAMPLES" section.
2016-03-18 11:06:31 +01:00
Peter Simons de11380679 nixos/modules/services/x11/xserver.nix: fix minor typo 2016-03-18 11:02:01 +01:00
Peter Simons a0ab4587b7 Set networking.firewall.allowPing = true by default.
This patch fixes https://github.com/NixOS/nixpkgs/issues/12927.

It would be great to configure good rate-limiting defaults for this via
/proc/sys/net/ipv4/icmp_ratelimit and /proc/sys/net/ipv6/icmp/ratelimit,
too, but I didn't since I don't know what a "good default" would be.
2016-03-17 19:40:13 +01:00
Joachim Fasting 12877098cb dnscrypt-proxy service: expose option to use ephemeral keys
Some users may wish to improve their privacy by using per-query
key pairs, which makes it more difficult for upstream resolvers to
track users across IP addresses.
2016-03-17 15:02:33 +01:00
Joachim Fasting a0663e3709 dnscrypt-proxy service: documentation fixes
- fix `enable` option description
  using `mkEnableOption longDescription` is incorrect; override
  `description` instead
- additional details for proper usage of the service, including
  an example of the recommended configuration
- clarify `localAddress` option description
- clarify `localPort` option description
- clarify `customResolver` option description
2016-03-17 14:18:30 +01:00
Franz Pletz 38579a1cc9 gitlab service: Remove emailFrom option
Not being used anymore. Use `services.gitlab.extraConfig.gitlab.email_from`
instead.
2016-03-17 04:16:25 +01:00
Peter Simons 6c601ed1f0 Merge pull request #13838 from peti/drop-old-dovecot-versions
Drop support for dovecot 2.1.x from Nixpkgs and NixOS.
2016-03-16 14:36:52 +01:00
Nikolay Amiantov 851af5e888 cups service: fix gutenprint update when there's no printers 2016-03-15 21:46:33 +03:00
Eelco Dolstra b250ac9290 Remove setting non-existent sysctl options
(cherry picked from commit 1010ced00c)
2016-03-15 17:44:30 +01:00
Eelco Dolstra 3135af2511 NixOS release: Don't depend on chromium
This is failing because it exceeds the hydra-queue-runner size limit.

http://hydra.nixos.org/build/33303819
2016-03-15 16:06:09 +01:00
Eelco Dolstra 55e71f45cc Fix NixOS tested job 2016-03-15 15:43:57 +01:00
Eelco Dolstra daa093bf3c Build most ISOs/OVAs for x86_64-linux only
Probably not many people care about i686-linux any more, but building
all these images is fairly expensive (e.g. in the worst case, every
Nixpkgs commit would trigger a few gigabytes of uploads to S3).
2016-03-15 14:15:12 +01:00
Eelco Dolstra 10293b87a9 Combine ISO generation steps
This folds adding hydra-build-products into the actual ISO generation,
preventing an unnecessary download of the ISO.
2016-03-15 14:15:12 +01:00
Eelco Dolstra 5cc7bcda30 Combine OVA generation steps
Previously this was done in three derivations (one to build the raw
disk image, one to convert to OVA, one to add a hydra-build-products
file). Now it's done in one step to reduce the amount of copying
to/from S3. In particular, not uploading the raw disk image prevents
us from hitting hydra-queue-runner's size limit of 2 GiB.
2016-03-15 14:15:12 +01:00
Tanner Doshier ab1008014d tarsnap: 1.0.36.1 -> 1.0.37 2016-03-14 17:56:48 -05:00
Peter Simons b7c8085c30 Merge pull request #13837 from peti/drop-old-postfix-versions
Drop support for postfix 2.x from Nixpkgs and NixOS.
2016-03-14 21:52:56 +01:00
Domen Kožar 68d30cdfcb NixOS 16.09 is called Flounder
chosen by @zimbatm as our documentation hero in 16.03
2016-03-14 19:09:54 +00:00
Rickard Nilsson 6ff5821be6 nixos/filesystems: Fix fs options type error 2016-03-14 17:24:36 +01:00
Robin Gloster 3f9b00c2d8 Merge pull request #13906 from Zer0-/gitlab_version_bump
Gitlab version bump
2016-03-14 13:29:13 +01:00
Nikolay Amiantov 363f024864 Merge pull request #13861 from abbradar/mjpg-streamer
mjpg-streamer: update and add NixOS service
2016-03-14 15:19:03 +03:00
Vladimír Čunát d6b46ecb30 Merge branch 'closure-size' into p/default-outputs 2016-03-14 11:27:15 +01:00
Nikolay Amiantov 305fa26005 Merge pull request #13850 from abbradar/e20
Update Enlightenment, rename e19 -> enlightenment, drop e16
2016-03-14 02:28:58 +03:00
Nikolay Amiantov 7e57e2c0fb autofs service: clear lockfile before start
autofs uses a lock file in /tmp to check if it's running -- unclean
shutdown breaks the service until one manually removes it.
2016-03-14 01:02:40 +03:00
Philipp Volguine 10198b586e gitlab service startup fix
-gitlab-sidekiq was being started with a misspelled argument name
 which caused the mailer queue to never run and never send mail
2016-03-13 21:04:11 +00:00
Edward Tjörnhammar c65026bfa5 nixos: i2pd, change to yes/no config entries and explicitly enable client endpoints 2016-03-13 21:36:30 +01:00
Evgeny Egorochkin 158d723812 virtualization/azure: update the scripts for image maintenance 2016-03-13 13:57:31 +02:00
Evgeny Egorochkin cc947ef934 virtualization/azure: reorder WALA and SSHD 2016-03-13 13:57:31 +02:00
Evgeny Egorochkin 6f47b2c16d virtualization/azure: turn off verbose logging 2016-03-13 13:57:31 +02:00
Evgeny Egorochkin 0d4e5649dc virtualization/azure: make the image dynamic again since azure-cli upload bug is fixed 2016-03-13 13:57:30 +02:00
Evgeny Egorochkin 7a4684bee1 virtualization/azure: take entropy handling code out of WALA and execute it before SSHD generates the host keys 2016-03-13 13:57:30 +02:00
Cole Mickens 73487f4619 virtualization/azure: fixes
azure-agent: add option for verbose logging
azure-agent: disable ssh host key regeneration
azure-common: set verbose logging on
azure-image: increase size to 30GB
2016-03-13 13:57:30 +02:00
Domen Kožar 77ae55308c fix installer tests #13559 2016-03-12 20:19:40 +00:00
Nikolay Amiantov 83ff545bfd mjpg-streamer service: init 2016-03-12 18:53:02 +03:00
Nikolay Amiantov 4a01f70f8f octoprint service: add extraConfig 2016-03-12 18:52:16 +03:00
Thomas Tuegel 5d36644f42 mantisbt: fix typo in documentation 2016-03-12 07:48:36 -06:00
makefu 626bfce3b8 graphite: fix carbonCache graphiteWeb graphiteApi
This commit implements the changes necessary to start up a graphite carbon Cache
with twisted and start the corresponding graphiteWeb service.
Dependencies need to be included via python buildEnv to include all recursive
implicit dependencies.

Additionally cairo is a requirement of graphiteWeb and pycairo is not a standard
python package (buildPythonPackage) and therefore cannot be included via
buildEnv. It also needs cairo in the Library PATH.
2016-03-12 02:02:04 +01:00
Nikolay Amiantov 7fb2291f55 enlightenment.enlightenment: 0.20.3 -> 0.20.6 2016-03-12 03:10:47 +03:00
Nikolay Amiantov 3f6ad460e7 enlightenment.efl: 1.16.1 -> 1.17.0 2016-03-12 03:10:46 +03:00
Nikolay Amiantov e358d9498c e19: rename to enlightenment, drop old one 2016-03-12 03:10:37 +03:00
Peter Simons c73a22aed5 Drop support for dovecot 2.1.x from Nixpkgs and NixOS.
Version 2.2.x has been stable for a long time; let's give up support for
the obsolete version.
2016-03-11 16:03:09 +01:00
Peter Simons 24fe7bab08 Drop support for postfix 2.x from Nixpkgs and NixOS.
Version 3.x has been stable for a long time; let's give up support for
the obsolete versions.
2016-03-11 16:01:43 +01:00
Peter Simons ce6a1a6cea Revert "Drop support for postfix 2.x from Nixpkgs and NixOS."
This reverts commit a889c683dd. Sorry, I
pushed to the wrong branch. :-(
2016-03-11 16:00:49 +01:00
Vladimír Čunát 61556b727a nixos/mantisbt: add a simple service
It doesn't really deserve a package, as it's just a bunch of PHP scripts
copied into a folder and we have to copy on reconfiguration anyway.
2016-03-11 15:59:26 +01:00
Peter Simons a889c683dd Drop support for postfix 2.x from Nixpkgs and NixOS.
Version 3.x has been stable for a long time; let's give up support for
the obsolete versions.
2016-03-11 15:58:03 +01:00
Thomas Tuegel d8dceb7077 kde5: install colord-kde when colord is enabled 2016-03-11 08:45:50 -06:00
joachifm 0f6e93d9d0 Merge pull request #13780 from joachifm/dnscrypt-vmtest-for-upstream
nixos/tests: implement dnscrypt-proxy test
2016-03-11 11:22:41 +00:00
Vladimír Čunát c801cd1a04 php: fixup build when configured with httpd via nixos 2016-03-11 11:54:53 +01:00
Nikolay Amiantov 08893956fb Merge pull request #13823 from abbradar/colord
colord color management daemon
2016-03-11 13:50:12 +03:00
Joachim Fasting 19492185fa nixos/tests: implement dnscrypt-proxy test
This test verifies that the daemon actually activates upon a
user-initiated ping, when using the recommended configuration.
2016-03-11 11:35:09 +01:00
Vladimír Čunát 6f9fe31b42 awstats: init at 7.4, including a simple service 2016-03-11 10:37:06 +01:00
Nikolay Amiantov 4e58b33dee colord service: init 2016-03-11 01:58:40 +03:00
Nikolay Amiantov 776845bbeb xiccd: init at 0.2.2 2016-03-11 01:26:56 +03:00
Nikolay Amiantov 1111f73dde sw-raid: rename mdadmShutdown
See aac666e302
I've forgotten to add the change.
2016-03-09 21:06:27 +03:00
kklas aac666e302 sw-raid: make mdmon start from initrd
Also add required systemd services for starting/stopping mdmon.

Closes #13447.
abbradar: fixed `mdadmShutdown` service name according to de facto conventions.
2016-03-09 21:03:49 +03:00
Rok Garbas d014088c95 nixos/doc: adding line about the change in service.syncthing 2016-03-09 12:23:27 +01:00
Rob Vermaas ed5920ec65 Remove kill -9 -1 from initrd of amazon-image.nix. This causes a kernel panic. 2016-03-09 09:55:25 +00:00
Joachim Fasting e7cfccbcc2 dnscrypt-proxy service: fix apparmor profile
The daemon additionally requires libcap, liblz4, and libattr.
2016-03-09 04:13:19 +01:00
Michael Raskin b27de68c4e Merge pull request #13777 from eqyiel/upstream
vsftpd: Add possibility to specify path to RSA key file
2016-03-09 03:02:29 +00:00
Joachim Fasting e3ae435aad dnscrypt-proxy service: fix default resolver name
The "opendns" resolver has changed name to "cisco", causing the default
dnscrypt-proxy configuration to fail.
2016-03-09 02:59:30 +01:00
Mango Chutney 973219c973 vsftpd.nix: Add possibility to add RSA key file 2016-03-09 01:32:44 +00:00
Nikolay Amiantov 392bde8809 Merge pull request #13763 from Profpatsch/printing-gutenprint-example
modules/cupsd: clarify how to set gutenprint
2016-03-08 20:42:18 +03:00
Christoph Hrdinka 1e3fef77d5 Merge pull request #13739 from romildo/update.jwm
jwm: 2.2.2 -> 1406
2016-03-08 18:23:52 +01:00
Profpatsch d37729f4b8 modules/cupsd: clarify how to set gutenprint 2016-03-08 16:39:17 +01:00
Vladimír Čunát 1952d5d5f7 nixos/foswiki: basic working service definition
Activation is as simple as:
  services.httpd = {
    enable = true;
    adminAddr = "nobody@example.com";
    extraSubservices = [ {
      serviceType = "foswiki";
    } ];
  };
2016-03-08 16:38:43 +01:00
Vladimír Čunát 09af15654f Merge master into closure-size
The kde-5 stuff still didn't merge well.
I hand-fixed what I saw, but there may be more problems.
2016-03-08 09:58:19 +01:00
Franz Pletz eb5a897161 Merge remote-tracking branch 'origin/pr/13505'
Fixes #13505.
2016-03-08 01:01:44 +01:00
Vladimír Čunát 8291ea61b0 nvidia: allow using the beta driver, mainly in future 2016-03-07 23:33:17 +01:00
Robin Gloster bcfb3dd9c6 Merge pull request #13748 from zohl/misc
a few descriptions fixups
2016-03-07 21:42:26 +01:00
Al Zohali 896a70aa52 KDC description fix 2016-03-07 23:24:35 +03:00
Al Zohali a227bd4e3b nix.requireSignedBinaryCaches: description fix 2016-03-07 23:24:35 +03:00
Ricardo M. Correia 99a27e7137 nixos.transmission: whitelist lz4 in AppArmor rules 2016-03-07 21:01:55 +01:00
José Romildo Malaquias 82e12688a2 jwm: window manager module addition 2016-03-07 16:07:13 -03:00
joachifm 453686a24a Merge pull request #13705 from aneeshusa/use-bin-instead-of-sbin-for-openssh
openssh: use bin instead of sbin folder
2016-03-07 12:03:37 +00:00
joachifm 8cff02206b Merge pull request #13725 from nathan7/bird-user
bird module: run as user/group `bird`, not `ircd`
2016-03-07 11:34:06 +00:00
Christoph Hrdinka 67e93e984c Merge pull request #13723 from Profpatsch/wheter
wheter -> whether
2016-03-07 10:51:43 +01:00
Profpatsch 7f44b58609 wheter → whether
Nice weather today, isn’t it?
2016-03-07 03:06:54 +01:00
Nathan Zadoks 0360e410b7 bird module: run as user/group bird, not ircd 2016-03-07 02:02:58 +01:00
Bjørn Forsman d99033beb9 grafana service: unbreak
Accidentally broken by 4fede53c09
("nixos manuals: bring back package references").

Without this fix, grafana won't start:

$ systemctl status grafana
...
systemd[1]: Starting Grafana Service Daemon...
systemd[1]: Started Grafana Service Daemon.
grafana[666]: 2016/03/06 19:57:32 [log.go:75 Fatal()] [E] Failed to detect generated css or javascript files in static root (%!s(MISSING)), have you executed default grunt task?
systemd[1]: grafana.service: Main process exited, code=exited, status=1/FAILURE
systemd[1]: grafana.service: Unit entered failed state.
systemd[1]: grafana.service: Failed with result 'exit-code'.
2016-03-06 21:16:47 +01:00
Marius Bakke 7135553cf1 unbound: drop sbin directory 2016-03-06 12:50:41 +00:00
Profpatsch af4e8a4d3b manual/installing: add loadkeys hint
Closes #13702 and fixes #3132.
(Tiny changes by vcunat.)
2016-03-06 11:05:39 +01:00
Aneesh Agrawal bb39304ce6 openssh: use bin instead of sbin folder
References #11939.
2016-03-05 23:56:32 -05:00
Brian McKenna f3d6e9ec71 exwm service: init 2016-03-06 09:04:51 +11:00
Adam Boseley 5b83791207 spice-vdagentd service : initial at 0.16.0 2016-03-05 07:56:47 +10:00
joachifm 2bf5629618 Merge pull request #10139 from mstrm/clamav
clamav: Use freshclam.conf defined by clamav-updater module if enabled
2016-03-04 11:59:49 +00:00
Nikolay Amiantov 26bf9b28d8 opendkim service: improve domains documentation 2016-03-04 14:51:28 +03:00
Martin Sturm 507ad9a4f9 clamav: Use freshclam.conf defined by clamav-updater module if enabled 2016-03-04 02:26:44 +01:00
joachifm 6048f0fbd6 Merge pull request #11738 from grwlf/syncthing
Support SOCKS5 proxy for the Syncthing service
2016-03-04 01:18:40 +00:00
aszlig 6cf6c3fbc9
nixos: Fix build of manual
Broken by 17389e256f.

The description attributes of mkOption are parsed by XSLT, so we can
create a DocBook manual out of it.

Unfortunately, the passwordHash option had a description which includes
a <password> placeholder which is recognized by DocBook XSL as a valid
start tag. So as there is obviously no </password>, the build of the
manual bailed out with a parsing error.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Reported-by: devhell <"^"@regexmail.net>
2016-03-03 21:35:31 +01:00
Eelco Dolstra 6bd0c3fe9d ifplugd: Remove
This package hasn't been updated in 11 years, and isn't really useful
anymore in a modern Linux system.
2016-03-03 19:43:11 +01:00
Franz Pletz aa819b8d39 Merge pull request #13591 from mayflower/services/nntp-proxy
nntp-proxy service: init
2016-03-03 18:57:25 +01:00
Shea Levy c4a36a15a1 Merge branch 'nm-privacy-ext' 2016-03-03 12:51:41 -05:00
Shea Levy bcdd81d9e1 networkmanager: Enable ipv6 privacy extensions by default 2016-03-03 12:01:01 -05:00
Domen Kožar 73ba0ae2de Remove which -> type -P alias.
Aliases are not the same as programs. They won't work in subshells.
It's better to just use which as it's only 88K.
2016-03-03 16:15:25 +00:00
Tristan Helmich 17389e256f nntp-proxy service: init 2016-03-03 14:14:19 +01:00
Evgeny Egorochkin 18d43d74f6 azure-image: provide configuration.nix which allows nixos-rebuild to build a working generation and add helpful comments 2016-03-03 04:03:07 +02:00
joachifm 4fa37759be Merge pull request #13548 from joelmo/nixos-unstable
avahi: fix test
2016-03-02 20:55:42 +00:00
Nathan Zadoks 1904ef7f09 systemd: enable upstream systemd-binfmt.service
Since we don't restart sysinit.service in switch-to-configuration, this
additionally overrides systemd-binfmt.service to depend on
proc-sys-fs-binfmt_misc.automount, which is normally provided by
sysinit.service.
2016-03-02 21:00:47 +01:00
joachifm ebc1178a83 Merge pull request #13619 from anderslundstedt/transmissionumask
Respect umask settings in Transmission config
2016-03-02 19:17:56 +00:00
Anders Lundstedt c2bce0cd02 Respect umask settings in Transmission config
In NixOS/nixpkgs@da6bc44 @thoughtpolice
made the Transmission NixOS module override the umask setting in the
Transmission config. This commit removes that override.

I want a different umask setting and I guess it is possible that other
people might want it to. Thus I think it is a good idea to respect the
umask settings in the Transmission config.
2016-03-02 19:26:48 +01:00
Domen Kožar ba05826707 Attempt to fix transient grub1 test kernel panics
Example: http://hydra.nixos.org/build/32469819/nixlog/26/raw
2016-03-02 17:31:57 +00:00
Nikolay Amiantov 23dd97ee88 Merge commit 'refs/pull/13412/head' of git://github.com/NixOS/nixpkgs 2016-03-02 18:56:24 +03:00
Peter Simons ed5eb2aed8 Fix Emacs syntax highlighting in NixOS dovecot module. 2016-03-02 16:11:49 +01:00
Alex Franchuk 69d8cb4a6b libreswan: add package and service to nixos 2016-03-02 09:44:30 -05:00
aszlig a429444a75
nixos/release: Replace a: b: a // b by mergeAttrs
No change in functionality, it just looks nicer that way.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-03-02 02:18:35 +01:00
Maxwell e50da7ee6a bspwm: add startThroughSession & sessionScript option
Add ability to do a more traditional bspwm startup (using the bspwm-session
script provided by nixpkgs.bspwm) as an alternative to directly starting
sxhkd & bspwm

Also added the ability to specify a custom startup script, instead of
relying on the provided bspwm-session
2016-03-01 17:29:15 -05:00
aszlig f70ec0de69
Merge pull request #13585 (nixos-tests-splitup)
This splits a few NixOS tests (namely Chromium, VirtualBox and the
networking tests) into several subtests that are exposed via attributes.

The networking tests were already split up but they didn't expose an
attribute set of available tests but used a function attribute to
specify the resulting test instead.

A new function callSubTests in nixos/release.nix is now responsible for
gathering subtests, which is also used for the installer and boot tests.
The latter is now placed in a tests.boot.* namespace rather than
"polluting" the tests attribute set with its subtest.
2016-03-01 23:17:01 +01:00
Eelco Dolstra b2197b84c2 Fix NixOS eval 2016-03-01 22:07:54 +01:00
Eelco Dolstra f3d94cfc23 Revert "Add the tool "nixos-typecheck" that can check an option declaration to:"
This reverts commit cad8957eab. It
breaks NixOps, but more importantly, such major changes to the module
system really need to be reviewed.
2016-03-01 20:52:06 +01:00
aszlig 1f89aa6c7f
nixos/tests: Remove tests.boot.boot* prefixes
As @bobvanderlinden suggests in #13585:

"Looks like that cleans things up quite a bit! Just one aesthetics note,
the boot tests could now be renamed from boot.bootBiosCdrom to
boot.biosCdrom in nixos/tests/boot.nix:L33.

That makes them more consistent with the other tests."

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-03-01 19:02:36 +01:00
aszlig e45c211b50
nixos/tests/chromium: Split up into subtests
This makes it easier to test just a specific channel rather than to
force testing all builds down the users/testers throat. Especially this
makes it easier to test NixOS channel upgrades only against the Chromium
stable channel instead of just removing the beta/dev channels from the
tests entirely (as done in 69ec09f38a).

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-03-01 01:04:51 +01:00
aszlig 7eea91fbc0
nixos/release: Use callSubTests for subtests
Should clean up a lot of these redundant lines for various sub-tests.

Note that the tests.boot* are now called tests.boot.boot*, but otherwise
all the test attribute names should stay the same.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @edolstra
Cc: @wkennington
Cc: @bobvanderlinden
2016-03-01 01:04:42 +01:00
aszlig 2f2536b935
nixos/tests/networking: Expose subtests via attrs
So far the networking test expression only generated a single test
depending on the passed "test" attribute. This makes it difficult to
autodiscover the subtests with our shiny new callSubTests function.

This change essentially doesn't change the behaviour of the subtests but
rather exposes them as an attribute set instead of relying on a
particular input argument.

The useNetworkd argument still exists however.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @wkennington
2016-03-01 01:04:42 +01:00
aszlig b3337edd0b
nixos/release.nix: Add a callSubTests function
This should de-clutter the various redundant lines of callTest's on
subtests so that every main test file should have only one line with a
callSubTests instead.

Overrides work the same way as callTest, except that if the system
attribute is explicitly specified we do not generate attributes for all
available systems.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @edolstra
2016-03-01 01:04:35 +01:00
joachifm 3d382e7f22 Merge pull request #13522 from Pleune/fix/x11-bspwm-update
x11 service: bspwm limit sxhkd freqency
2016-03-01 00:03:22 +00:00
aszlig 5bab623fb9
nixos/tests/virtualbox: Split up subtests
Now subtests are separate derivations, because the individual tests do
not depend on state from previous test runs.

This has the advantage that it's easier to run individiual tests and
it's also easier to pinpoint individual tests that randomly fail.

I ran all of these tests locally and they still succeed.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-02-29 20:15:31 +01:00
Luca Bruno 55c20bfe89 Merge pull request #10288 from lethalman/gnomeiso
installer: add graphical GNOME iso
2016-02-29 15:56:47 +01:00
Luca Bruno aa9576bceb installer: add graphical GNOME iso 2016-02-29 15:51:38 +01:00
Mitchell Pleune b5ee64410d x11 service: bspwm limit sxhkd freqency
add '-f 100' as an argument to sxhkd to keep it from flooding bspwm

add SXHKD_SHELL=/bin/sh to help default to a faster shell than what may
be set in $SHELL (example: with zsh)
2016-02-29 08:40:18 -05:00
Eelco Dolstra 56e68d4d5f Manual: rl-unstable.xml -> rl-1603.xml 2016-02-29 11:39:46 +01:00
Thomas Strobel 2d6696fc0a nixos-modules: Fixes related to "literalExample" and "defaultText". 2016-02-29 01:47:12 +01:00
Thomas Strobel cad8957eab Add the tool "nixos-typecheck" that can check an option declaration to:
- Enforce that an option declaration has a "defaultText" if and only if the
   type of the option derives from "package", "packageSet" or "nixpkgsConfig"
   and if a "default" attribute is defined.

 - Enforce that the value of the "example" attribute is wrapped with "literalExample"
   if the type of the option derives from "package", "packageSet" or "nixpkgsConfig".

 - Warn if a "defaultText" is defined in an option declaration if the type of
   the option does not derive from "package", "packageSet" or "nixpkgsConfig".

 - Warn if no "type" is defined in an option declaration.
2016-02-29 01:09:00 +01:00
Franz Pletz a9d24cedeb Merge pull request #12487 from hrdinka/refactor/nsd
Refactor NSD service and update to 4.1.7
2016-02-28 17:13:21 +01:00
Joel Moberg 75e96d2c30 avahi: fix test
Reflects module changes made by cdd7310a50
2016-02-28 16:18:39 +01:00
tg(x) be3bd972d5 grsecurity: add 4.1 kernel 2016-02-28 15:00:16 +01:00
Franz Pletz fde23a01b4 nixos/collectd: Fix package option
Commit ed979124ca was missing some code.
2016-02-28 14:55:58 +01:00
Thomas Tuegel c62bf00442 nixos: remove top-level uim option 2016-02-28 07:12:55 -06:00
Thomas Tuegel efad7bd47d fcitx: show available engines in module description 2016-02-28 07:12:55 -06:00
Thomas Tuegel a91161aa57 nixos: remove qtPlugins and gtkPlugins
Both Qt and GTK load plugins from the active profiles
automatically, so it is sufficient to install input methods
system-wide. Overriding the plugin paths may interfere with correct
operation of other plugins.
2016-02-28 07:12:55 -06:00
Domen Kožar 02c7d65bf9 fix NixOS eval 2016-02-28 09:36:23 +00:00
Vladimír Čunát f8516a0717 nixos copySystemConfiguration: fix when chrooted
Fixes #7974. Also makes the description more informative.
2016-02-28 10:08:42 +01:00
Domen Kožar 8b2be11b13 note the desktopManagerHandlesLidAndPower removal 2016-02-28 08:33:14 +00:00
Domen Kožar 4c17d3892b Merge pull request #9727 from Profpatsch/dm-lid-management
remove desktopManagerHandlesLidAndPower
2016-02-28 08:28:17 +00:00
Christoph Hrdinka fd46f18cf6 nsd service: add build time config validation 2016-02-28 09:18:39 +01:00
Nicolas B. Pierron 73630b8986 nsd service: add non-backward compatible release note entry 2016-02-28 09:18:39 +01:00
Christoph Hrdinka c4c9019105 nsd service: make use of literalExample 2016-02-28 09:18:11 +01:00
Christoph Hrdinka 6a096504cc nsd service: add missing options 2016-02-28 09:18:11 +01:00
Christoph Hrdinka 8442a7d12c nsd service: code cleanup
Puts everything in alphanumeric order and removes unnecessary spaces to better
match NixOS coding style.
2016-02-28 09:18:11 +01:00
Domen Kožar 88df035818 Merge pull request #13524 from makefu/bepasty-recursive-env
services.bepasty: buildEnv for creating PYTHONPATH
2016-02-28 06:20:29 +00:00
tg(x) 38614d3f6a grsecurity: use kernel version instead of testing / stable 2016-02-28 04:10:59 +01:00
makefu 3f7c600666 services.bepasty: buildEnv for creating PYTHONPATH
Fixes 'You need gevent installed to use this worker.' as well as missing Flask deps.
2016-02-28 01:35:56 +01:00
Graham Christensen 7df907b272 moodle: 2.8.5 -> 2.8.10 for CVE-2016-0724 CVE-2016-0725 2016-02-27 17:22:14 -06:00
Eelco Dolstra bf9c57fc49 Improve services.locate.period deprecation message 2016-02-27 20:48:12 +01:00
Eelco Dolstra d4636fa254 Revert "Add a way to pin a NixOS version within the module system."
This reverts commit a5992ad61b. Motivation:

a5992ad61b (commitcomment-14986820)
2016-02-27 20:48:12 +01:00
Domen Kožar 04422bb3ca Merge pull request #8630 from lihop/nixos/fix-formatting
nixos: fix formatting of option examples
2016-02-27 10:08:37 +00:00
Vladimír Čunát 3cf9cd8bc3 Merge #12796: nixos docs: show references to packages
(version 2) A better implementation of #10039, after #12357.
This time I did more thorough checking.

See commit messages for details.
2016-02-27 10:48:12 +01:00
Leroy Hopson 392ca77d4c nixos/activation-script: fix formatting of example 2016-02-27 22:25:40 +13:00
Leroy Hopson c1e674c4ca xserver service: fix formatting of example 2016-02-27 22:25:40 +13:00
Leroy Hopson 25fd9e31a2 phpfpm service: fix formatting of example 2016-02-27 22:25:40 +13:00
Leroy Hopson eb90705d45 fail2ban service: fix formatting of example 2016-02-27 22:25:39 +13:00
Leroy Hopson f6f892e2d6 nsd service: fix formatting of example 2016-02-27 22:25:39 +13:00
Leroy Hopson 24d5d28820 cacert: fix formatting of example 2016-02-27 22:25:39 +13:00
Leroy Hopson 3fc6470515 nixos/freetds: fix formatting of example 2016-02-27 22:25:39 +13:00
Leroy Hopson 3e326efffc nixos/vpnc: fix formatting of example 2016-02-27 22:25:39 +13:00
Robert Klotzner e361cdd5c3 nixos: libinput use mkEnableOption 2016-02-27 07:24:47 +01:00
Thomas Tuegel 639c6b91a9 ibus: add engine list to module description 2016-02-26 18:43:54 -06:00
Thomas Tuegel 2383a708f6 ibus: refresh cache at startup 2016-02-26 18:43:41 -06:00
Thomas Tuegel 272cf5c44f Merge branch 'ibus' 2016-02-26 18:10:11 -06:00
Thomas Tuegel d30a128467 ibus: rewrite NixOS module 2016-02-26 18:08:48 -06:00
Arseniy Seroka 766ad682f1 Merge pull request #13471 from Profpatsch/networkmanager-link-local
networkmanager: fix link-local ip addresses
2016-02-27 02:55:31 +03:00
zimbatm 2c7e5a6d8e Merge pull request #13434 from spacefrogg/oath-module
config.security.oath: new module
2016-02-26 18:06:28 +00:00
Nikolay Amiantov c88a06a860 cups service: set path for cups-genppdupdate 2016-02-26 18:27:41 +03:00