Vincent Breitmoser
6d52e2e897
nixos/nix-daemon: mention potential breakage in release notes
2020-07-05 16:53:38 +02:00
Vincent Breitmoser
5395397fd6
nixos/nix-daemon: work on buildMachines submodule
2020-07-05 16:51:55 +02:00
John Ericson
1ed248eac2
nixos/nix-daemon: Organize buildMachine options with a submodule
2020-07-05 16:51:55 +02:00
Benjamin Asbach
632104e5a4
postfix: deprecated sslCACert
in favour of tlsTrustedAuthorities
...
`sslCACert` was used for trust store of client and server certificates. Since `smtpd_tls_ask_ccert` defaults to no the setup of `smtpd_tls_CApath` was removed.
>By default (see smtpd_tls_ask_ccert), client certificates are not requested, and smtpd_tls_CApath should remain empty.
see http://www.postfix.org/postconf.5.html#smtpd_tls_CAfile
2020-07-05 14:53:34 +02:00
Benjamin Asbach
9d697837f0
postfix: used recommended configuration key to enable tls
...
> With Postfix 2.3 and later use smtp_tls_security_level instead.
http://www.postfix.org/postconf.5.html#smtp_use_tls
2020-07-05 14:50:40 +02:00
Lassulus
e0f07f9b8d
Merge pull request #63165 from CRTified/module/initrd-ovpn
...
nixos/system/boot/initrd-openvpn: New openvpn options for initrd
2020-07-05 14:32:52 +02:00
Jan Tojnar
07cebeffb8
Merge pull request #86473 from bachp/virtualbox-vmsvga
2020-07-05 04:11:44 +02:00
worldofpeace
d3a40e7cfc
Merge pull request #92270 from samuelgrf/fix/whether-typo
...
nixos/*: fix misspellings of whether
2020-07-04 09:34:28 -04:00
Samuel Gräfenstein
5bb0b72720
nixos/*: wheter -> whether
2020-07-04 15:20:41 +02:00
Samuel Gräfenstein
850d7d1790
nixos/*: wether -> whether
2020-07-04 15:17:03 +02:00
Niklas Hambüchen
7c903ca1d2
Merge pull request #92205 from chkno/qemu-vm-cleanup
...
qemu-vm device name cleanup
2020-07-04 15:08:52 +02:00
Niklas Hambüchen
5b16d4c9ce
qemu-vm.nix: Fix device name hardcodes on useBootLoader
.
...
boot.loader.grub.device` was hardcoded to `bootDevice`, which is
wrong, because that's the device for `/`, and with `useBootLoader`
the boot loader is not on that device.
This bug probably came into existence because of bad naming;
`virtualisation.bootDevice` has description
"The disk to be used for the root filesystem", which is very confusing;
it should be `.rootDevice` then!
Unfortunately, the description is right and the attribute name is wrong,
so it is not easy to change this without deprecation.
This commit ensures that even if you use `useBootLoader` and
`diskInterface == "scsi"`, the created VM can boot through, and can run
`nixos-rebuild afterwards.
It also adds extra commentary to explain what's going on in this module
in general in relation to `useBootLoader`.
2020-07-04 14:47:36 +02:00
Niklas Hambüchen
2fa351b6a5
qemu-vm.nix: Do not mount /boot
read-only.
...
There does not seem to be a good reason to do this, and it breaks running
`nixos-rebuild boot --install-bootloader` inside the VM.
2020-07-04 14:44:33 +02:00
Chuck
e74755c422
nixos/qemu-vm: Don't assume boot drive is always vdb
2020-07-04 14:40:42 +02:00
rnhmjoj
c37347af7e
nixos/users-groups: handle password hashes with special meaning
2020-07-04 12:21:49 +02:00
rnhmjoj
99899e2e46
nixos/users-groups: add assertion for ":" in hashes
2020-07-04 12:21:49 +02:00
rnhmjoj
751c2ed6e4
nixos/users-groups: do not check validity of empty hashes
2020-07-04 12:21:49 +02:00
rnhmjoj
900ae97569
nixos/users-groups: clearly document special hash values
...
This explanation was contained in the description of
security.initialRootPassword but got lost when it was deprecated
a long ago (f496c3c
) and removed.
2020-07-04 12:21:48 +02:00
rnhmjoj
a6ed7d4845
nixos/users-groups: remove ancient security.initialRootPassword option
...
This option has been deprecated for a long time because is redundant
(users.users.root.initialHashedPassword exists).
Moreover, being of type string, it required to handle the special value
"!" separately, instead of using just `null`.
2020-07-04 12:14:37 +02:00
Utku Demir
cc46362929
dockerTools: Support files directly under /nix/store
...
Also makes sure that the files inside a layer added in a sorted order
to make the results more deterministic.
2020-07-04 22:00:57 +12:00
Jörg Thalheim
b2aa673d5a
nixos: fix manual build
...
https://github.com/NixOS/nixpkgs/pull/92240#issuecomment-653740926
2020-07-04 10:23:25 +01:00
Jörg Thalheim
81aeaeb252
Merge pull request #92240 from nh2/better-empty-password-docs
...
docs: Explain how to set password-less logins.
2020-07-04 07:24:37 +01:00
Chuck
a5e211dd7f
nixos/qemu-vm: Generalize drive naming
2020-07-03 19:36:45 -07:00
Niklas Hambüchen
06b8b96500
docs: Explain how to set password-less logins.
...
This explains the
# Allow the user to log in as root without a password.
users.users.root.initialHashedPassword = "";
that the NixOS installer live systems use in
`profiles/installation-device.nix`.
2020-07-04 02:05:03 +02:00
Chuck
800639f287
nixos/qemu-vm: Refactor: Combine duplicate disk definitions
2020-07-03 11:31:43 -07:00
Peter Hoeg
8bc7721fb1
Merge pull request #91765 from asdf8dfafjk/onedrive_module
...
nixos/onedrive: init
2020-07-03 10:08:42 +08:00
Graham Christensen
9d335706a0
Merge pull request #92092 from ElvishJerricco/zfs-encryption-systemd-ask-password
...
ZFS: Update description for requestEncryptionCredentials
2020-07-02 17:25:53 -04:00
Will Fancher
b5f7b79a2d
ZFS: Update description for requestEncryptionCredentials
2020-07-02 16:08:50 -04:00
Graham Christensen
105e63469d
Merge pull request #91344 from ElvishJerricco/zfs-encryption-systemd-ask-password
...
ZFS: Ask for stage 2 encryption passwords using systemd-ask-password
2020-07-02 14:15:18 -04:00
Will Fancher
e2f1594695
ZFS: Set IFS=$'\t' for the read command in stage 2 load-key
...
Co-authored-by: Graham Christensen <graham@grahamc.com>
2020-07-02 13:50:29 -04:00
Will Fancher
05f8cba1b6
ZFS: Pipe /dev/null into the stage 2 load-key script
...
Just in case something reads stdin, so that `while read ds kl` doesn't
miss anything
2020-07-02 13:50:28 -04:00
Will Fancher
c128229dce
plymouth: Enable systemd-ask-password-plymouth
2020-07-02 13:50:23 -04:00
zowoq
f1cf202dbb
nixos/podman: restrict test to x86_64-linux
2020-07-03 00:17:15 +10:00
Markus Kowalewski
61fceac1bb
nixos/slurm: add pmix to test and cleanup test
...
* use tmpfiles to create key for munge
* add mpitest source
* add a subtest for PMIx/MPI startup
2020-07-02 15:39:47 +02:00
Konrad Förstner
7ec38adfdc
nixos/doc/manual: Fix parted's set subcommand for esp partition
...
With 'set 3 boot on' the error 'file system "/boot" is not a FAT EFI
system partition (ESP) file system' occurs when running
"nixos-install" during the basic installation (tested in in a
VirtualBox VM).
2020-07-02 08:40:01 +02:00
Samuel Dionne-Riel
736c7ca712
Merge pull request #82718 from misuzu/armv7l-ext4-fs-fix
...
nixos/lib/make-ext4-fs: use mkfs.ext4 instead of cptofs
2020-07-01 21:38:07 -04:00
Vincent Ambo
c0122d335b
nixos/openldap: add option for configuring OpenLDAP package to use
...
In certain cases, for example when custom OpenLDAP modules are
compiled into the binary, users may want to override the package used
for OpenLDAP.
This is especially common in setups where LDAP is the primary
authentication source, as good password hashing mechanisms need to be
enabled as extra modules.
2020-07-01 20:49:04 +01:00
misuzu
9ac1ab10c9
nixos/lib/make-ext4-fs: use mkfs.ext4 instead of cptofs
...
This fixes image creation on armv7l when image is bigger than 2G.
Also fix some reproducibility issues and other cptofs issues.
2020-07-01 11:32:28 +03:00
Michele Guerini Rocco
dab676b2d7
Merge pull request #65231 from buckley310/grub-password
...
grub: add support for passwords
2020-07-01 09:04:30 +02:00
Alexandre Esteves
e10e7d6a8b
testing-python: fix typo
2020-06-30 22:31:32 -05:00
CRTified
c684398c6a
nixos/system/boot/initrd-openvpn: Add openvpn options for initrd
...
nixos/tests/initrd-openvpn: Add test for openvpn in the initramfs
The module in this commit adds new options that allows the
integration of an OpenVPN client into the initrd.
This can be used e.g. to remotely unlock LUKS devices.
This commit also adds two tests for `boot.initrd.network.openvpn`.
The first one is a basic test to validate that a failing connection
does not prevent the machine from booting.
The second test validates that this module actually creates a valid
openvpn connection.
For this, it spawns three nodes:
- The client that uses boot.initrd.network.openvpn
- An OpenVPN server that acts as gateway and forwards a port
to the client
- A node that is external to the OpenVPN network
The client connects to the OpenVPN server and spawns a netcat instance
that echos a value to every client.
Afterwards, the external node checks if it receives this value over the
forwarded port on the OpenVPN gateway.
2020-07-01 00:08:55 +02:00
Profpatsch
1c04554e4b
lorri: 1.0 -> 1.1
2020-06-30 17:12:03 +02:00
Michele Guerini Rocco
5abeb133de
Merge pull request #91794 from rnhmjoj/fish-mandb
...
nixos/fish: enable man cache generation
2020-06-30 13:43:22 +02:00
Lancelot SIX
a3db82fe45
Merge pull request #91756 from JJJollyjim/fix-graphite-web-patch
...
graphite-web: fix patch
2020-06-30 08:26:35 +01:00
rnhmjoj
5b59329234
nixos/fish: enable man cache generation
2020-06-29 22:28:32 +02:00
_
a3b0864bb0
nixos/onedrive: init
2020-06-29 19:56:41 +05:30
misuzu
fc9f994ee5
nixos/gitlab-runner: add more global options ( #86946 )
2020-06-29 13:35:21 +00:00
Jamie McClymont
3f31678607
nixos/graphite: ensure graphite-api is properly tested
...
Until now, it was failing to start in the test, as it was searching for an
influxdb database
2020-06-29 22:04:23 +12:00
Jamie McClymont
3c8762de8e
nixos/graphite: unmark test as broken
2020-06-29 21:42:29 +12:00
Florian Klink
aed85b7279
Merge pull request #85223 from arianvp/acme-fix-nginx-after
...
nixos/acme: Fix ordering of certificate requests (#81482 )
2020-06-29 10:17:25 +02:00
Linus Heckemann
5b8b201e44
Revert "traefik: unify TOML generation"
...
This reverts commit a5e6901702
.
yj doesn't distinguish floats and ints, which breaks some configs.
2020-06-29 09:34:41 +02:00
Florian Klink
9e248c9ec9
Merge pull request #91046 from NinjaTrappeur/nin-delete-vm-state
...
test-driver.py: delete VM state directory after test run
2020-06-28 18:41:38 +02:00
Robert Schütz
595a3d14b7
Merge pull request #91168 from dotlambda/radicale-3.0.3
...
radicale: 2.1.11 -> 3.0.3
2020-06-28 12:48:56 +02:00
Maximilian Bosch
d651626eb9
Merge pull request #91545 from Frostman/docker-19.03.12
...
docker: 19.03.11 -> 19.03.12
2020-06-27 16:01:11 +02:00
Graham Christensen
38060ee399
Merge pull request #91666 from Atemu/undervolt-warning
...
undervolt: clarify that the service is unofficial
2020-06-27 08:39:55 -04:00
Atemu
2c7402b54d
undervolt: clarify that the service is unofficial
...
The original warning almost made it sound like the service was made by or
somehow connected to Intel which is not the case
2020-06-27 14:21:58 +02:00
Sergey Lukjanov
afc8bd6a7b
docker: use git tags instead of revs
2020-06-26 14:55:52 -07:00
Christoph Hrdinka
b2655b6a34
Merge pull request #91514 from NinjaTrappeur/nin-fix-nsdconf
...
nixos/nsd: symlink conf file to /etc/nsd
2020-06-26 23:24:30 +02:00
Marek Mahut
bb7c60708a
Merge pull request #91497 from 1000101/blockbook
...
nixos/blockbook-frontend: init
2020-06-26 21:17:36 +02:00
Félix Baylac-Jacqué
7020dc8eac
nixos/nsd: symlink conf file to /etc/nsd
...
We remove the configFile build flag override in the NixOS module.
Instead of embedding the conf file link to the binaries, we symlink it
to /etc/nsd/nsd.nix, the hardcoded config file location for the
various CLI nsd utilities.
This config file build option override is triggerring a nsd rebuild
for each configuration change. This prevent us to use the nixos cache
in many cases.
Co-authored-by: Erjo <erjo@cocoba.work>
2020-06-26 20:18:33 +02:00
Niklas Hambüchen
5c5f7a22fe
Merge pull request #90701 from nh2/issue-90613-fix-consul-reboot-test
...
consul.passthru.tests: Fix failure on current consul versions, add more tests
2020-06-26 19:40:10 +02:00
Marek Mahut
31cd000bb6
Merge pull request #91613 from 1000101/1000101
...
maintainers: fix previously uncaught name issues
2020-06-26 17:12:34 +02:00
1000101
6c3b36212a
maintainers: fix previously uncaught name issues
2020-06-26 16:38:27 +02:00
1000101
c6d346b323
nixos/blockbook-frontend: add tests
2020-06-26 16:16:49 +02:00
1000101
de3c56ffd8
nixos/blockbook-frontend: init
2020-06-26 16:16:49 +02:00
zowoq
a8efeed583
Merge pull request #91138 from zowoq/podman
...
podman: 1.9.3 -> 2.0.1
2020-06-26 12:14:22 +10:00
zowoq
29b75dc074
Merge pull request #91458 from mdlayher/mdl-corerad-0.2.7
...
corerad: 0.2.6 -> 0.2.7
2020-06-26 09:45:59 +10:00
zowoq
e89446656d
nixos/{podman,containers}: libpod.conf -> containers.conf
2020-06-26 08:09:36 +10:00
zowoq
033ba9c73d
nixos/podman: use cgroupfs for rootless crun test
2020-06-26 08:09:36 +10:00
Frederik Rietdijk
bef20b38ef
Merge master into staging-next
2020-06-25 13:48:05 +02:00
Kim Lindberger
c00bf081d9
Merge pull request #88940 from stigtsp/package/convos-init
...
convos: init at 4.22
2020-06-25 09:32:33 +02:00
Matt Layher
09f0d65317
nixos/corerad: set systemd unit Type=notify
...
Signed-off-by: Matt Layher <mdlayher@gmail.com>
2020-06-24 22:09:20 -04:00
Timo Kaufmann
41ba255e23
Merge pull request #77982 from symphorien/sshl_ipv6
...
nixos/sslh: make it possible (and the default) to listen on ipv6, plus regression test
2020-06-24 22:13:19 +02:00
Frederik Rietdijk
16287a8cb8
Merge master into staging-next
2020-06-24 19:04:03 +02:00
rnhmjoj
33c4a4bdd5
nixos/tests: add test for grub authentication
2020-06-24 10:22:53 +02:00
rnhmjoj
b520055df6
nixos/lib/test-driver: add wait_for_console_text
...
This method is similar to wait_for_text but is based on matching
serial console lines instead of the VGA output.
2020-06-24 10:22:53 +02:00
Fabian Möller
c07a6f8743
nixos/generic-extlinux-compatible: fix docbook syntax
2020-06-23 20:51:02 +02:00
Vladimír Čunát
64cf1e79dd
Merge #91363 : small treewide: his -> theirs/its
2020-06-23 19:11:13 +02:00
Sean Buckley
37ec7c488a
grub: add support for passwords
...
This patch adds support for user accounts/passwords in GRUB 2.
When configured, everything but the default option is password-protected.
2020-06-23 19:01:43 +02:00
Florian Klink
d227d81c9a
Merge pull request #91195 from flokli/extlinux-conf-builder-dtbname
...
extlinux-conf-builder: expose and use base builder command, allow a custom FDT to be specified
2020-06-23 18:07:31 +02:00
Profpatsch
517be84135
small treewide: his -> theirs/its
...
SJW brigade represent. ;)
Co-authored-by: Jan Tojnar <jtojnar@gmail.com>
2020-06-23 16:49:50 +02:00
Will Fancher
0d55d48f0f
ZFS: Ask for stage 2 encryption passwords using systemd-ask-password
2020-06-23 06:25:21 -04:00
Robert Schütz
d77fb3729d
nixos/radicale: use radicale3
2020-06-23 12:02:27 +02:00
Markus S. Wamser
e4356601d3
tests/taskserver: fix gnutls invocation
...
test failed because gnutls-cli does not properly report connection
errors any more, fixed by increasing the debug level for gnutls-cli
Fixes : #84507
Closes : #90718
2020-06-23 12:01:54 +02:00
Michele Guerini Rocco
1b5e0d480e
Merge pull request #91261 from rnhmjoj/intel
...
nixos/doc: add section on Intel DDX drivers
2020-06-23 11:29:38 +02:00
Jörg Thalheim
7aaffa71dc
Merge pull request #91216 from Mic92/nixos-config-generate
...
nixos-generate-config: refer to nixos-hardware
2020-06-22 23:52:48 +01:00
Jörg Thalheim
e943489f24
nixos-generate-config: refer to nixos-hardware
2020-06-22 23:51:08 +01:00
rnhmjoj
1b17b3b915
nixos/doc: add section on Intel DDX drivers
2020-06-22 17:50:18 +02:00
Stig Palmquist
a71fd5cb20
nixos/convos: add test
2020-06-22 13:58:35 +02:00
Stig Palmquist
042a2d8baf
nixos/convos: init
2020-06-22 13:58:34 +02:00
Frederik Rietdijk
7481da9cbd
Merge master into staging-next
2020-06-22 08:46:16 +02:00
Florian Klink
44d75efd7f
Merge pull request #91214 from flokli/make-ext4-fs-fudge-factor
...
nixos/make-ext4-fs: increase fudge factor from 1.03 to 1.10
2020-06-21 22:13:12 +02:00
Jörg Thalheim
9aa668ef04
Merge pull request #91154 from Mic92/homeassistant
2020-06-21 13:59:28 +01:00
Florian Klink
387f3b58d2
hardware.deviceTree: add name
...
This can be used to explicitly specify a specific dtb file, relative to
the dtb base.
Update the generic-extlinux-compatible module to make use of this option.
2020-06-21 13:48:22 +02:00
Florian Klink
bd8137aef1
extlinux-conf-builder.sh: allow a custom FDT to be specified
...
Some bootloaders might not properly detect the model.
If the specific model is known by configuration, provide a way to
explicitly point to a specific dtb in the extlinux.conf.
2020-06-21 13:48:22 +02:00
Florian Klink
afa627730e
nixos/sd-image-*: use boot.loader.generic-extlinux-compatible.populateCmd
...
While getting rid of the separate extlinux-conf-builder import, this now
also honors boot.loader.timeout in the initial sd card image if
specified.
2020-06-21 13:48:17 +02:00
Florian Klink
54129e72b4
nixos/generic-extlinux-compatible: introduce boot.loader.generic-extlinux-compatible.populateCmd
...
This option exposes the builder command used to populate an image,
honoring all options except the -c <path-to-default-configuration>
argument.
Useful to have for sdImage.populateRootCommands.
Special care needs to be taken w.r.t cross - the populate command runs
on the host platform, the activation script on the build platform (so
the builders differ)
2020-06-21 13:41:22 +02:00
Jörg Thalheim
a68c7e0fa7
nixos/home-assistant: fix tests
2020-06-21 10:58:29 +01:00
edef
c27fc6a5e5
nixos/gerrit: allow configuring replication declaratively ( #91200 )
2020-06-21 08:54:14 +00:00
Florian Klink
43424688db
nixos/deviceTree: fix description
...
hardware.deviceTree.base points to a path, not a package (and also if of
types.path)
It defaults to ${config.boot.kernelPackages.kernel}/dtbs.
2020-06-21 10:39:10 +02:00