Commit Graph

4476 Commits

Author SHA1 Message Date
joachifm
e496e5cd75 Merge pull request #14176 from peterhoeg/vbox
virtualbox service: fix use of deprecated option names
2016-03-28 13:54:16 +00:00
Peter Hoeg
8d1660ce14 virtualbox service: fix use of deprecated option names 2016-03-28 14:22:18 +08:00
Nikolay Amiantov
25754a5fc2 uwsgi service: use python.buildEnv, fix PATH 2016-03-27 19:23:01 +03:00
Nikolay Amiantov
ea5c7d553c dspam service: run after postgresql to prevent segfaults 2016-03-27 19:23:01 +03:00
Kevin Cox
26bd115c9c etcd: 2.1.2 -> 2.3.0 2016-03-26 22:47:15 -04:00
Eelco Dolstra
54ca7e9f75 Restore core dumps
Systemd 229 sets kernel.core_pattern to "|/bin/false" by default,
unless systemd-coredump is enabled. Revert back to the default of
writing "core" in the current directory.
2016-03-25 17:29:29 +01:00
Eelco Dolstra
ddd480ac30 Revert "Remove which -> type -P alias."
This reverts commit e8e8164f34. I
misread the original commit as adding the "which" package, but it only
adds it to base.nix. So then the original motivation (making it work
in subshells) doesn't hold. Note that we already have some convenience
aliases that don't work in subshells either (such as "ll").
2016-03-25 17:17:07 +01:00
Eelco Dolstra
fca9b335ae Hide sendmailSetuidWrapper 2016-03-25 16:08:34 +01:00
Brian McKenna
e50bee65f0 opengl.extraPackages32: pkgsi686Linux in example
Issue #12616 uses this example but the commit doesn't.
2016-03-26 00:50:56 +11:00
Domen Kožar
7a89a85622 nix.useChroot: allow 'relaxed' as a value 2016-03-25 12:50:39 +00:00
Joachim Fasting
ea443d719c nixos/tests: implement a trivial test for sudo
This is an alternative to NixOS/nixpkgs#6721, with
improvements suggested by @edolstra
2016-03-25 06:33:11 +01:00
Arseniy Seroka
2358582976 Merge pull request #14045 from otwieracz/master
znapzend: added
2016-03-24 23:10:40 +03:00
Slawomir Gonet
3ff417cbb7 znapzend service: init at 0.15.3 2016-03-24 20:57:33 +01:00
Joachim Fasting
2438c61255 dnscrypt-proxy vmtest: more specific waitForUnit
The test sometimes times out waiting for multi-user.target; this
should be more robust.
2016-03-24 17:14:22 +01:00
Joachim Fasting
1ca4610577 dnscrypt-proxy service: change default upstream resolver
Previously, the cisco resolver was used on the theory that it would
provide the best user experience regardless of location.  The downsides
of cisco are 1) logging; 2) missing supoprt for DNS security extensions.

The new upstream resolver is located in Holland, supports DNS security,
and *claims* to not log activity. For users outside of Europe, this will
mean reduced performance, but I believe it's a worthy tradeoff.
2016-03-24 17:14:22 +01:00
Joachim Fasting
9bf6e64860 dnscrypt-proxy service: use dynamic uid/gid
The daemon doesn't have any portable data, reserving a
UID/GID for it is redundant.

This frees up UID/GID 151.
2016-03-24 17:14:22 +01:00
Joachim Fasting
03bdf8f03c dnscrypt-proxy service: additional hardening
Run the daemon with private /home and /run/user to
prevent it from enumerating users on the system.
2016-03-24 17:14:22 +01:00
Joachim Fasting
4001917359 dnscrypt-proxy service: cosmetic enhancements 2016-03-24 17:14:22 +01:00
joachifm
f8858c383b Merge pull request #14140 from Pleune/fix/iodined-wait-for-network
iodined service: wantedBy ip-up.target
2016-03-24 13:20:00 +00:00
Domen Kožar
d43da3c488 Pin hydra-www and hydra-queue-runner uids
hydra user is already pinned, this is needed due to
https://github.com/NixOS/nixpkgs/issues/14148

(cherry picked from commit 0858ece1ad)
Signed-off-by: Domen Kožar <domen@dev.si>
2016-03-23 12:17:18 +00:00
Mitchell Pleune
927aaecbcb iodined service: wantedBy ip-up.target
When iodined tries to start before any interface other than loopback has an ip, iodined fails.
Wait for ip-up.target

The above is because of the following:
in iodined's code: src/common.c line 157
	the flag AI_ADDRCONFIG is passed as a flag to getaddrinfo.
	Iodine uses the function

		get_addr(char *host,
			int port,
			int addr_family,
			int flags,
			struct sockaddr_storage *out);

	to get address information via getaddrinfo().

	Within get_addr, the flag AI_ADDRCONFIG is forced.

	What this flag does, is cause getaddrinfo to return
	"Name or service not known" as an error explicitly if no ip
	has been assigned to the computer.
	see getaddrinfo(3)

Wait for an ip before starting iodined.
2016-03-22 23:40:49 -04:00
Domen Kožar
ba78130c21 remove elrangR15 and riak 1.3.0 as they're outdated
(cherry picked from commit 4452a68425)
Signed-off-by: Domen Kožar <domen@dev.si>
2016-03-22 21:40:07 +00:00
Pascal Wittmann
4295ad5ee8 Merge pull request #14079 from NixOS/add-radicale-user
radicale service: run with dedicated user
2016-03-21 13:56:23 +01:00
aszlig
96a9c23f49
Merge branch 'chromium-source-refactor'
Fixes #12794 by reverting the source tree splitup (c92dbff) to use the
source tarball directly into the main Chromium derivation and making the
whole source/ subdirectory obsolete. The reasons for this are explained
in 4f981b4f84.

This also now renames the "sources.nix" file to "upstream-info.nix",
which is a more proper name for the file, because it not only contains
"source code" but also the Chrome binaries needed for the proprietary
plugins (of course "source" could also mean "where to get it", but I
wanted to avoid this ambiguity entirely).

I have successfully built and tested this using the VM tests.

All results can be found here:

https://headcounter.org/hydra/eval/313435
2016-03-21 04:10:06 +01:00
aszlig
e047d79279
nixos/tests/chromium: Propagate "system" to pkgs
Assigning the channelMap by the function attrset argument at the
top-level of the test expression file may reference a different
architecture than we need for the tests.

So if we get the pkgs attribute by auto-calling, this will lead to test
failure because we have a different architecture for the test than for
the browser.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-03-21 03:50:38 +01:00
aszlig
3bd71b135b
nixos/tests/chromium: Allow overriding channel map
This has been the case before e45c211, but it turns out that it's very
useful to override the channel packages so we can run tests with
different Chromium build options.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-03-20 22:20:39 +01:00
Domen Kožar
1536834ee0 Merge pull request #14066 from jerith666/crashplan-46
crashplan: 3.6.4 -> 4.6.0
2016-03-20 20:10:28 +00:00
Matt McHenry
447c97f929 crashplan: 3.6.4 -> 4.6.0
* the major change is to set TARGETDIR=${vardir}, and symlink from
  ${vardir} back to ${out} instead of the other way around.  this
  gives CP more liberty to write to more directories -- in particular
  it seems to want to write some configuration files outside of conf?

* run.conf does not need 'export'

* minor tweaks to CrashPlanDesktop.patch
2016-03-20 13:56:54 -04:00
joachifm
3273605aef Merge pull request #14033 from joachifm/clfswm-broken
Mark clfswm as broken
2016-03-20 15:27:41 +00:00
Pascal Wittmann
a491b75523 radicale service: run with dedicated user
This is done in the context of #11908.
2016-03-20 15:50:14 +01:00
zimbatm
008f170bcb Merge pull request #14012 from peti/update-gnupg
Update default version of gnupg to 2.1.x
2016-03-20 00:05:15 +00:00
Pascal Wittmann
8ddfab0cf2 nixos/manpages: enable linebreaking after slashes
Allow linbreaks after slashes in long URLs. The option used
is documented at

   http://docbook.sourceforge.net/release/xsl/current/doc/manpages/man.break.after.slash.html

This commit fixes #4538.
2016-03-19 17:16:59 +01:00
Joachim Fasting
e891e50946 nixos: disable the clfswm window manager module 2016-03-19 15:52:18 +01:00
Joachim Fasting
ece457c62f nixos/tests: fix docker test
The docker service is socket activated by default; thus,
`waitForUnit("docker.service")` before any docker command causes the
unit test to time out.

Instead, do `waitForUnit("sockets.target")` to ensure that sockets are
setup before running docker commands.
2016-03-19 03:18:17 +01:00
Peter Simons
9a2ee42f52 Document the fact that the firewall allows pings by default in rl-1603.xml. 2016-03-18 12:00:39 +01:00
Peter Simons
c523aeffde nixos/tests/firewall.nix: ping now succeeds in the firewall's default configuration 2016-03-18 11:44:07 +01:00
Peter Simons
5391882ebd services.xserver.startGnuPGAgent: remove obsolete NixOS option
GnuPG 2.1.x changed the way the gpg-agent works, and that new approach no
longer requires (or even supports) the "start everything as a child of the
agent" scheme we've implemented in NixOS for older versions.

To configure the gpg-agent for your X session, add the following code to
~/.xsession or some other appropriate place that's sourced at start-up:

    gpg-connect-agent /bye
    GPG_TTY=$(tty)
    export GPG_TTY

If you want to use gpg-agent for SSH, too, also add the settings

    unset SSH_AGENT_PID
    export SSH_AUTH_SOCK="${HOME}/.gnupg/S.gpg-agent.ssh"

and make sure that

    enable-ssh-support

is included in your ~/.gnupg/gpg-agent.conf.

The gpg-agent(1) man page has more details about this subject, i.e. in the
"EXAMPLES" section.
2016-03-18 11:06:31 +01:00
Peter Simons
de11380679 nixos/modules/services/x11/xserver.nix: fix minor typo 2016-03-18 11:02:01 +01:00
Peter Simons
a0ab4587b7 Set networking.firewall.allowPing = true by default.
This patch fixes https://github.com/NixOS/nixpkgs/issues/12927.

It would be great to configure good rate-limiting defaults for this via
/proc/sys/net/ipv4/icmp_ratelimit and /proc/sys/net/ipv6/icmp/ratelimit,
too, but I didn't since I don't know what a "good default" would be.
2016-03-17 19:40:13 +01:00
Joachim Fasting
12877098cb dnscrypt-proxy service: expose option to use ephemeral keys
Some users may wish to improve their privacy by using per-query
key pairs, which makes it more difficult for upstream resolvers to
track users across IP addresses.
2016-03-17 15:02:33 +01:00
Joachim Fasting
a0663e3709 dnscrypt-proxy service: documentation fixes
- fix `enable` option description
  using `mkEnableOption longDescription` is incorrect; override
  `description` instead
- additional details for proper usage of the service, including
  an example of the recommended configuration
- clarify `localAddress` option description
- clarify `localPort` option description
- clarify `customResolver` option description
2016-03-17 14:18:30 +01:00
Franz Pletz
38579a1cc9 gitlab service: Remove emailFrom option
Not being used anymore. Use `services.gitlab.extraConfig.gitlab.email_from`
instead.
2016-03-17 04:16:25 +01:00
Peter Simons
6c601ed1f0 Merge pull request #13838 from peti/drop-old-dovecot-versions
Drop support for dovecot 2.1.x from Nixpkgs and NixOS.
2016-03-16 14:36:52 +01:00
Nikolay Amiantov
851af5e888 cups service: fix gutenprint update when there's no printers 2016-03-15 21:46:33 +03:00
Eelco Dolstra
b250ac9290 Remove setting non-existent sysctl options
(cherry picked from commit 1010ced00c)
2016-03-15 17:44:30 +01:00
Eelco Dolstra
3135af2511 NixOS release: Don't depend on chromium
This is failing because it exceeds the hydra-queue-runner size limit.

http://hydra.nixos.org/build/33303819
2016-03-15 16:06:09 +01:00
Eelco Dolstra
55e71f45cc Fix NixOS tested job 2016-03-15 15:43:57 +01:00
Eelco Dolstra
daa093bf3c Build most ISOs/OVAs for x86_64-linux only
Probably not many people care about i686-linux any more, but building
all these images is fairly expensive (e.g. in the worst case, every
Nixpkgs commit would trigger a few gigabytes of uploads to S3).
2016-03-15 14:15:12 +01:00
Eelco Dolstra
10293b87a9 Combine ISO generation steps
This folds adding hydra-build-products into the actual ISO generation,
preventing an unnecessary download of the ISO.
2016-03-15 14:15:12 +01:00
Eelco Dolstra
5cc7bcda30 Combine OVA generation steps
Previously this was done in three derivations (one to build the raw
disk image, one to convert to OVA, one to add a hydra-build-products
file). Now it's done in one step to reduce the amount of copying
to/from S3. In particular, not uploading the raw disk image prevents
us from hitting hydra-queue-runner's size limit of 2 GiB.
2016-03-15 14:15:12 +01:00