Commit Graph

17741 Commits

Author SHA1 Message Date
Vincent Breitmoser
6d52e2e897 nixos/nix-daemon: mention potential breakage in release notes 2020-07-05 16:53:38 +02:00
Vincent Breitmoser
5395397fd6 nixos/nix-daemon: work on buildMachines submodule 2020-07-05 16:51:55 +02:00
John Ericson
1ed248eac2 nixos/nix-daemon: Organize buildMachine options with a submodule 2020-07-05 16:51:55 +02:00
Benjamin Asbach
632104e5a4 postfix: deprecated sslCACert in favour of tlsTrustedAuthorities
`sslCACert` was used for trust store of client and server certificates. Since `smtpd_tls_ask_ccert` defaults to no the setup of `smtpd_tls_CApath` was removed.

>By default (see smtpd_tls_ask_ccert), client certificates are not requested, and smtpd_tls_CApath should remain empty.
see http://www.postfix.org/postconf.5.html#smtpd_tls_CAfile
2020-07-05 14:53:34 +02:00
Benjamin Asbach
9d697837f0 postfix: used recommended configuration key to enable tls
> With Postfix 2.3 and later use smtp_tls_security_level instead.

http://www.postfix.org/postconf.5.html#smtp_use_tls
2020-07-05 14:50:40 +02:00
Lassulus
e0f07f9b8d
Merge pull request #63165 from CRTified/module/initrd-ovpn
nixos/system/boot/initrd-openvpn: New openvpn options for initrd
2020-07-05 14:32:52 +02:00
Jan Tojnar
07cebeffb8
Merge pull request #86473 from bachp/virtualbox-vmsvga 2020-07-05 04:11:44 +02:00
worldofpeace
d3a40e7cfc
Merge pull request #92270 from samuelgrf/fix/whether-typo
nixos/*: fix misspellings of whether
2020-07-04 09:34:28 -04:00
Samuel Gräfenstein
5bb0b72720
nixos/*: wheter -> whether 2020-07-04 15:20:41 +02:00
Samuel Gräfenstein
850d7d1790
nixos/*: wether -> whether 2020-07-04 15:17:03 +02:00
Niklas Hambüchen
7c903ca1d2
Merge pull request #92205 from chkno/qemu-vm-cleanup
qemu-vm device name cleanup
2020-07-04 15:08:52 +02:00
Niklas Hambüchen
5b16d4c9ce qemu-vm.nix: Fix device name hardcodes on useBootLoader.
boot.loader.grub.device` was hardcoded to `bootDevice`, which is
wrong, because that's the device for `/`, and with `useBootLoader`
the boot loader is not on that device.

This bug probably came into existence because of bad naming;
`virtualisation.bootDevice` has description
"The disk to be used for the root filesystem", which is very confusing;
it should be `.rootDevice` then!
Unfortunately, the description is right and the attribute name is wrong,
so it is not easy to change this without deprecation.

This commit ensures that even if you use `useBootLoader` and
`diskInterface == "scsi"`, the created VM can boot through, and can run
`nixos-rebuild afterwards.

It also adds extra commentary to explain what's going on in this module
in general in relation to `useBootLoader`.
2020-07-04 14:47:36 +02:00
Niklas Hambüchen
2fa351b6a5 qemu-vm.nix: Do not mount /boot read-only.
There does not seem to be a good reason to do this, and it breaks running
`nixos-rebuild boot --install-bootloader` inside the VM.
2020-07-04 14:44:33 +02:00
Chuck
e74755c422 nixos/qemu-vm: Don't assume boot drive is always vdb 2020-07-04 14:40:42 +02:00
rnhmjoj
c37347af7e
nixos/users-groups: handle password hashes with special meaning 2020-07-04 12:21:49 +02:00
rnhmjoj
99899e2e46
nixos/users-groups: add assertion for ":" in hashes 2020-07-04 12:21:49 +02:00
rnhmjoj
751c2ed6e4
nixos/users-groups: do not check validity of empty hashes 2020-07-04 12:21:49 +02:00
rnhmjoj
900ae97569
nixos/users-groups: clearly document special hash values
This explanation was contained in the description of
security.initialRootPassword but got lost when it was deprecated
a long ago (f496c3c) and removed.
2020-07-04 12:21:48 +02:00
rnhmjoj
a6ed7d4845
nixos/users-groups: remove ancient security.initialRootPassword option
This option has been deprecated for a long time because is redundant
(users.users.root.initialHashedPassword exists).
Moreover, being of type string, it required to handle the special value
"!" separately, instead of using just `null`.
2020-07-04 12:14:37 +02:00
Utku Demir
cc46362929
dockerTools: Support files directly under /nix/store
Also makes sure that the files inside a layer added in a sorted order
to make the results more deterministic.
2020-07-04 22:00:57 +12:00
Jörg Thalheim
b2aa673d5a
nixos: fix manual build
https://github.com/NixOS/nixpkgs/pull/92240#issuecomment-653740926
2020-07-04 10:23:25 +01:00
Jörg Thalheim
81aeaeb252
Merge pull request #92240 from nh2/better-empty-password-docs
docs: Explain how to set password-less logins.
2020-07-04 07:24:37 +01:00
Chuck
a5e211dd7f nixos/qemu-vm: Generalize drive naming 2020-07-03 19:36:45 -07:00
Niklas Hambüchen
06b8b96500 docs: Explain how to set password-less logins.
This explains the

    # Allow the user to log in as root without a password.
    users.users.root.initialHashedPassword = "";

that the NixOS installer live systems use in
`profiles/installation-device.nix`.
2020-07-04 02:05:03 +02:00
Chuck
800639f287 nixos/qemu-vm: Refactor: Combine duplicate disk definitions 2020-07-03 11:31:43 -07:00
Peter Hoeg
8bc7721fb1
Merge pull request #91765 from asdf8dfafjk/onedrive_module
nixos/onedrive: init
2020-07-03 10:08:42 +08:00
Graham Christensen
9d335706a0
Merge pull request #92092 from ElvishJerricco/zfs-encryption-systemd-ask-password
ZFS: Update description for requestEncryptionCredentials
2020-07-02 17:25:53 -04:00
Will Fancher
b5f7b79a2d ZFS: Update description for requestEncryptionCredentials 2020-07-02 16:08:50 -04:00
Graham Christensen
105e63469d
Merge pull request #91344 from ElvishJerricco/zfs-encryption-systemd-ask-password
ZFS: Ask for stage 2 encryption passwords using systemd-ask-password
2020-07-02 14:15:18 -04:00
Will Fancher
e2f1594695 ZFS: Set IFS=$'\t' for the read command in stage 2 load-key
Co-authored-by: Graham Christensen <graham@grahamc.com>
2020-07-02 13:50:29 -04:00
Will Fancher
05f8cba1b6 ZFS: Pipe /dev/null into the stage 2 load-key script
Just in case something reads stdin, so that `while read ds kl` doesn't
miss anything
2020-07-02 13:50:28 -04:00
Will Fancher
c128229dce plymouth: Enable systemd-ask-password-plymouth 2020-07-02 13:50:23 -04:00
zowoq
f1cf202dbb nixos/podman: restrict test to x86_64-linux 2020-07-03 00:17:15 +10:00
Markus Kowalewski
61fceac1bb
nixos/slurm: add pmix to test and cleanup test
* use tmpfiles to create key for munge
* add mpitest source
* add a subtest for PMIx/MPI startup
2020-07-02 15:39:47 +02:00
Konrad Förstner
7ec38adfdc nixos/doc/manual: Fix parted's set subcommand for esp partition
With 'set 3 boot on' the error 'file system "/boot" is not a FAT EFI
system partition (ESP) file system' occurs when running
"nixos-install" during the basic installation (tested in in a
VirtualBox VM).
2020-07-02 08:40:01 +02:00
Samuel Dionne-Riel
736c7ca712
Merge pull request #82718 from misuzu/armv7l-ext4-fs-fix
nixos/lib/make-ext4-fs: use mkfs.ext4 instead of cptofs
2020-07-01 21:38:07 -04:00
Vincent Ambo
c0122d335b nixos/openldap: add option for configuring OpenLDAP package to use
In certain cases, for example when custom OpenLDAP modules are
compiled into the binary, users may want to override the package used
for OpenLDAP.

This is especially common in setups where LDAP is the primary
authentication source, as good password hashing mechanisms need to be
enabled as extra modules.
2020-07-01 20:49:04 +01:00
misuzu
9ac1ab10c9 nixos/lib/make-ext4-fs: use mkfs.ext4 instead of cptofs
This fixes image creation on armv7l when image is bigger than 2G.
Also fix some reproducibility issues and other cptofs issues.
2020-07-01 11:32:28 +03:00
Michele Guerini Rocco
dab676b2d7
Merge pull request #65231 from buckley310/grub-password
grub: add support for passwords
2020-07-01 09:04:30 +02:00
Alexandre Esteves
e10e7d6a8b
testing-python: fix typo 2020-06-30 22:31:32 -05:00
CRTified
c684398c6a nixos/system/boot/initrd-openvpn: Add openvpn options for initrd
nixos/tests/initrd-openvpn: Add test for openvpn in the initramfs

The module in this commit adds new options that allows the
integration of an OpenVPN client into the initrd.
This can be used e.g. to remotely unlock LUKS devices.

This commit also adds two tests for `boot.initrd.network.openvpn`.
The first one is a basic test to validate that a failing connection
does not prevent the machine from booting.

The second test validates that this module actually creates a valid
openvpn connection.
For this, it spawns three nodes:

  - The client that uses boot.initrd.network.openvpn
  - An OpenVPN server that acts as gateway and forwards a port
    to the client
  - A node that is external to the OpenVPN network

The client connects to the OpenVPN server and spawns a netcat instance
that echos a value to every client.
Afterwards, the external node checks if it receives this value over the
forwarded port on the OpenVPN gateway.
2020-07-01 00:08:55 +02:00
Profpatsch
1c04554e4b lorri: 1.0 -> 1.1 2020-06-30 17:12:03 +02:00
Michele Guerini Rocco
5abeb133de
Merge pull request #91794 from rnhmjoj/fish-mandb
nixos/fish: enable man cache generation
2020-06-30 13:43:22 +02:00
Lancelot SIX
a3db82fe45
Merge pull request #91756 from JJJollyjim/fix-graphite-web-patch
graphite-web: fix patch
2020-06-30 08:26:35 +01:00
rnhmjoj
5b59329234
nixos/fish: enable man cache generation 2020-06-29 22:28:32 +02:00
_
a3b0864bb0 nixos/onedrive: init 2020-06-29 19:56:41 +05:30
misuzu
fc9f994ee5
nixos/gitlab-runner: add more global options (#86946) 2020-06-29 13:35:21 +00:00
Jamie McClymont
3f31678607 nixos/graphite: ensure graphite-api is properly tested
Until now, it was failing to start in the test, as it was searching for an
influxdb database
2020-06-29 22:04:23 +12:00
Jamie McClymont
3c8762de8e nixos/graphite: unmark test as broken 2020-06-29 21:42:29 +12:00
Florian Klink
aed85b7279
Merge pull request #85223 from arianvp/acme-fix-nginx-after
nixos/acme: Fix ordering of certificate requests (#81482)
2020-06-29 10:17:25 +02:00
Linus Heckemann
5b8b201e44 Revert "traefik: unify TOML generation"
This reverts commit a5e6901702.

yj doesn't distinguish floats and ints, which breaks some configs.
2020-06-29 09:34:41 +02:00
Florian Klink
9e248c9ec9
Merge pull request #91046 from NinjaTrappeur/nin-delete-vm-state
test-driver.py: delete VM state directory after test run
2020-06-28 18:41:38 +02:00
Robert Schütz
595a3d14b7
Merge pull request #91168 from dotlambda/radicale-3.0.3
radicale: 2.1.11 -> 3.0.3
2020-06-28 12:48:56 +02:00
Maximilian Bosch
d651626eb9
Merge pull request #91545 from Frostman/docker-19.03.12
docker: 19.03.11 -> 19.03.12
2020-06-27 16:01:11 +02:00
Graham Christensen
38060ee399
Merge pull request #91666 from Atemu/undervolt-warning
undervolt: clarify that the service is unofficial
2020-06-27 08:39:55 -04:00
Atemu
2c7402b54d undervolt: clarify that the service is unofficial
The original warning almost made it sound like the service was made by or
somehow connected to Intel which is not the case
2020-06-27 14:21:58 +02:00
Sergey Lukjanov
afc8bd6a7b docker: use git tags instead of revs 2020-06-26 14:55:52 -07:00
Christoph Hrdinka
b2655b6a34
Merge pull request #91514 from NinjaTrappeur/nin-fix-nsdconf
nixos/nsd: symlink conf file to /etc/nsd
2020-06-26 23:24:30 +02:00
Marek Mahut
bb7c60708a
Merge pull request #91497 from 1000101/blockbook
nixos/blockbook-frontend: init
2020-06-26 21:17:36 +02:00
Félix Baylac-Jacqué
7020dc8eac
nixos/nsd: symlink conf file to /etc/nsd
We remove the configFile build flag override in the NixOS module.

Instead of embedding the conf file link to the binaries, we symlink it
to /etc/nsd/nsd.nix, the hardcoded config file location for the
various CLI nsd utilities.

This config file build option override is triggerring a nsd rebuild
for each configuration change. This prevent us to use the nixos cache
in many cases.

Co-authored-by: Erjo <erjo@cocoba.work>
2020-06-26 20:18:33 +02:00
Niklas Hambüchen
5c5f7a22fe
Merge pull request #90701 from nh2/issue-90613-fix-consul-reboot-test
consul.passthru.tests: Fix failure on current consul versions, add more tests
2020-06-26 19:40:10 +02:00
Marek Mahut
31cd000bb6
Merge pull request #91613 from 1000101/1000101
maintainers: fix previously uncaught name issues
2020-06-26 17:12:34 +02:00
1000101
6c3b36212a maintainers: fix previously uncaught name issues 2020-06-26 16:38:27 +02:00
1000101
c6d346b323 nixos/blockbook-frontend: add tests 2020-06-26 16:16:49 +02:00
1000101
de3c56ffd8 nixos/blockbook-frontend: init 2020-06-26 16:16:49 +02:00
zowoq
a8efeed583
Merge pull request #91138 from zowoq/podman
podman: 1.9.3 -> 2.0.1
2020-06-26 12:14:22 +10:00
zowoq
29b75dc074
Merge pull request #91458 from mdlayher/mdl-corerad-0.2.7
corerad: 0.2.6 -> 0.2.7
2020-06-26 09:45:59 +10:00
zowoq
e89446656d nixos/{podman,containers}: libpod.conf -> containers.conf 2020-06-26 08:09:36 +10:00
zowoq
033ba9c73d nixos/podman: use cgroupfs for rootless crun test 2020-06-26 08:09:36 +10:00
Frederik Rietdijk
bef20b38ef Merge master into staging-next 2020-06-25 13:48:05 +02:00
Kim Lindberger
c00bf081d9
Merge pull request #88940 from stigtsp/package/convos-init
convos: init at 4.22
2020-06-25 09:32:33 +02:00
Matt Layher
09f0d65317
nixos/corerad: set systemd unit Type=notify
Signed-off-by: Matt Layher <mdlayher@gmail.com>
2020-06-24 22:09:20 -04:00
Timo Kaufmann
41ba255e23
Merge pull request #77982 from symphorien/sshl_ipv6
nixos/sslh: make it possible (and the default) to listen on ipv6, plus regression test
2020-06-24 22:13:19 +02:00
Frederik Rietdijk
16287a8cb8 Merge master into staging-next 2020-06-24 19:04:03 +02:00
rnhmjoj
33c4a4bdd5
nixos/tests: add test for grub authentication 2020-06-24 10:22:53 +02:00
rnhmjoj
b520055df6
nixos/lib/test-driver: add wait_for_console_text
This method is similar to wait_for_text but is based on matching
serial console lines instead of the VGA output.
2020-06-24 10:22:53 +02:00
Fabian Möller
c07a6f8743
nixos/generic-extlinux-compatible: fix docbook syntax 2020-06-23 20:51:02 +02:00
Vladimír Čunát
64cf1e79dd
Merge #91363: small treewide: his -> theirs/its 2020-06-23 19:11:13 +02:00
Sean Buckley
37ec7c488a
grub: add support for passwords
This patch adds support for user accounts/passwords in GRUB 2.
When configured, everything but the default option is password-protected.
2020-06-23 19:01:43 +02:00
Florian Klink
d227d81c9a
Merge pull request #91195 from flokli/extlinux-conf-builder-dtbname
extlinux-conf-builder: expose and use base builder command, allow a custom FDT to be specified
2020-06-23 18:07:31 +02:00
Profpatsch
517be84135 small treewide: his -> theirs/its
SJW brigade represent. ;)

Co-authored-by: Jan Tojnar <jtojnar@gmail.com>
2020-06-23 16:49:50 +02:00
Will Fancher
0d55d48f0f ZFS: Ask for stage 2 encryption passwords using systemd-ask-password 2020-06-23 06:25:21 -04:00
Robert Schütz
d77fb3729d nixos/radicale: use radicale3 2020-06-23 12:02:27 +02:00
Markus S. Wamser
e4356601d3
tests/taskserver: fix gnutls invocation
test failed because gnutls-cli does not properly report connection
errors any more, fixed by increasing the debug level for gnutls-cli

Fixes: #84507
Closes: #90718
2020-06-23 12:01:54 +02:00
Michele Guerini Rocco
1b5e0d480e
Merge pull request #91261 from rnhmjoj/intel
nixos/doc: add section on Intel DDX drivers
2020-06-23 11:29:38 +02:00
Jörg Thalheim
7aaffa71dc
Merge pull request #91216 from Mic92/nixos-config-generate
nixos-generate-config: refer to nixos-hardware
2020-06-22 23:52:48 +01:00
Jörg Thalheim
e943489f24
nixos-generate-config: refer to nixos-hardware 2020-06-22 23:51:08 +01:00
rnhmjoj
1b17b3b915
nixos/doc: add section on Intel DDX drivers 2020-06-22 17:50:18 +02:00
Stig Palmquist
a71fd5cb20
nixos/convos: add test 2020-06-22 13:58:35 +02:00
Stig Palmquist
042a2d8baf
nixos/convos: init 2020-06-22 13:58:34 +02:00
Frederik Rietdijk
7481da9cbd Merge master into staging-next 2020-06-22 08:46:16 +02:00
Florian Klink
44d75efd7f
Merge pull request #91214 from flokli/make-ext4-fs-fudge-factor
nixos/make-ext4-fs: increase fudge factor from 1.03 to 1.10
2020-06-21 22:13:12 +02:00
Jörg Thalheim
9aa668ef04
Merge pull request #91154 from Mic92/homeassistant 2020-06-21 13:59:28 +01:00
Florian Klink
387f3b58d2 hardware.deviceTree: add name
This can be used to explicitly specify a specific dtb file, relative to
the dtb base.

Update the generic-extlinux-compatible module to make use of this option.
2020-06-21 13:48:22 +02:00
Florian Klink
bd8137aef1 extlinux-conf-builder.sh: allow a custom FDT to be specified
Some bootloaders might not properly detect the model.
If the specific model is known by configuration, provide a way to
explicitly point to a specific dtb in the extlinux.conf.
2020-06-21 13:48:22 +02:00
Florian Klink
afa627730e nixos/sd-image-*: use boot.loader.generic-extlinux-compatible.populateCmd
While getting rid of the separate extlinux-conf-builder import, this now
also honors boot.loader.timeout in the initial sd card image if
specified.
2020-06-21 13:48:17 +02:00
Florian Klink
54129e72b4 nixos/generic-extlinux-compatible: introduce boot.loader.generic-extlinux-compatible.populateCmd
This option exposes the builder command used to populate an image,
honoring all options except the -c <path-to-default-configuration>
argument.

Useful to have for sdImage.populateRootCommands.

Special care needs to be taken w.r.t cross - the populate command runs
on the host platform, the activation script on the build platform (so
the builders differ)
2020-06-21 13:41:22 +02:00
Jörg Thalheim
a68c7e0fa7
nixos/home-assistant: fix tests 2020-06-21 10:58:29 +01:00
edef
c27fc6a5e5
nixos/gerrit: allow configuring replication declaratively (#91200) 2020-06-21 08:54:14 +00:00
Florian Klink
43424688db nixos/deviceTree: fix description
hardware.deviceTree.base points to a path, not a package (and also if of
types.path)

It defaults to ${config.boot.kernelPackages.kernel}/dtbs.
2020-06-21 10:39:10 +02:00