Commit Graph

9174 Commits

Author SHA1 Message Date
Samuel Dionne-Riel
3aae9fc3f9 nixos/iso-image.nix: fixes i686 installer iso build.
Fixes #45908
2018-09-01 13:00:58 -04:00
Tobias Happ
8f0bafcaff nixos/gitea: fix pre start script (#44979)
The gitea path is hardcoded in hooks directory in files of paths like:
    repositories/<user>/<repo>.git/hooks/update.d/gitea
2018-08-31 16:39:58 +02:00
John Ericson
2c4a75e9ef
Merge pull request #45820 from obsidiansystems/dont-use-obsolete-platform-aliases
treewide: Dont use obsolete platform aliases
2018-08-31 09:56:10 -04:00
チルノ
17564e0ed9 nixos/zeronet: init (#44842) 2018-08-31 11:40:23 +01:00
Sarah Brofeldt
bb321a2624
Merge pull request #45811 from Nadrieril/fix-usbguard-auditfile
nixos/usbguard: ensure the audit log file can be created 
nixos/usbguard: disable debug output
2018-08-31 11:40:13 +02:00
Franz Pletz
1cc916b5b2
Merge pull request #45810 from vincentbernat/fix/nginx-stapling
nixos/nginx: ensure TLS OCSP stapling works out of the box with LE
2018-08-31 07:18:40 +00:00
Jan Tojnar
f0136e4bc8
Merge pull request #45638 from aanderse/incron
incron: init at 0.5.12
2018-08-31 06:54:58 +01:00
Aaron Andersen
9b12db6928 changed from forking to simple as recommended by @aszlig 2018-08-31 03:03:04 +00:00
Aaron Andersen
d7d7533c18 changes as per requested by @aszlig 2018-08-31 02:52:49 +00:00
Aaron Andersen
7bc2a0dd64 removed quotes when not needed as suggested by @aszlig 2018-08-31 02:17:38 +00:00
John Ericson
2c2f1e37d4 reewide: Purge all uses stdenv.system and top-level system
It is deprecated and will be removed after 18.09.
2018-08-30 17:20:32 -04:00
Nadrieril
9b9ba8405b nixos/usbguard: ensure the audit log file can be created
Since version 0.7.3, usbguard-daemon won't start if the file cannot be opened.
2018-08-30 21:54:22 +01:00
Nadrieril
08148a746a nixos/usbguard: disable debug output 2018-08-30 21:54:22 +01:00
Vincent Bernat
1251b34b5b nixos/nginx: ensure TLS OCSP stapling works out of the box with LE
The recommended TLS configuration comes with `ssl_stapling on` and
`ssl_stapling_verify on`. However, this last directive also requires
the use of `ssl_trusted_certificate` to verify the received answer.
When using `enableACME` or similar, we can help the user by providing
the correct value for the directive.

The result can be tested with:

    openssl s_client -connect web.example.com:443 -status 2> /dev/null

Without OCSP stapling, we get:

    OCSP response: no response sent

After this change, we get:

    OCSP Response Data:
        OCSP Response Status: successful (0x0)
        Response Type: Basic OCSP Response
        Version: 1 (0x0)
        Responder Id: C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
        Produced At: Aug 30 20:46:00 2018 GMT
2018-08-30 22:47:41 +02:00
Jan Tojnar
8a8056c302
Merge pull request #45058 from michaelpj/imp/freedesktop-modules
freedesktop modules: init
2018-08-30 16:14:35 +01:00
Bjørn Forsman
ee56a2cc19 treewide: fix typo: asumed -> assumed 2018-08-30 10:19:20 +02:00
Johannes Lötzsch
bb08d1c13f nixos/zabbix: fix initial database creation (#45750)
without this fix the database setup fails with „could not connect to database postgres: FATAL:  role "root" does not exist“
2018-08-30 08:25:13 +01:00
Graham Christensen
a141b3aad8
Merge pull request #33686 from samueldr/artwork/iso
(Installation media) Bootloader artwork refresh
2018-08-29 15:31:13 -04:00
Nikolay Amiantov
69407cb013 firewall service: respect marks in rpfilter (#39054)
This allows one to add rules which change a packet's routing table:

iptables -t raw -I PREROUTING 1 -m set --match-set myset src -j MARK --set-mark 2
ip rule add fwmark 2 table 1 priority 1000
ip route add default dev wg0 table 1

to the beginning of raw table PREROUTING chain, and still have rpfilter.
2018-08-29 20:50:53 +02:00
Brian Olsen
9540b1c535 nixos/tests: Set DefaultTimeoutStartSec very high (#44916)
DefaultTimeoutStartSec is normally set to 90 seconds and works fine. But
when running NixOS tests on a very slow machine (like a VM without
nested virtualisation support) this default is to low and causes
systemd units to fail spuriously. One symptom of this issue are tests
at times failing with "timed out waiting for the VM to connect".

Since the VM connect timeout is 300 seconds I also set
DefaultTimeoutStartSec to this which is ridiculously high.
2018-08-29 12:12:12 +02:00
Aaron Andersen
d9943e6bba added option to specify which packages are available to the system incrontab
recommendation by @jtojnar and @maurer
2018-08-29 00:43:28 +00:00
Aaron Andersen
3d1091eb5b added a check to make sure a situation where a defined configuration wouldn't be unused as per recommended by @maurer 2018-08-28 23:50:55 +00:00
Ben Wolsieffer
442681cc2a nixos/networkd: fix range assertions on 32 bit Nix 2018-08-28 19:31:10 -04:00
Matt McHenry
94a906b59a systemd: ensure fsck Requires/After links are created in mount units
systemd-fsck-generator only produces these lines if it can find the
necessary fsck executable in its PATH.

fixes #29139.
2018-08-28 17:12:49 +02:00
Tuomas Tynkkynen
69b4f427b6 nixos/zabbix-agent: Make the Zabbix package user-configurable 2018-08-28 17:43:12 +03:00
Eelco Dolstra
c251ec691a
virtualization.growPartition -> virtualisation.growPartition
There never was a 'virtualization.growPartition'. This got messed up
in eddf30cc93.

Issue #36590.
2018-08-28 14:24:39 +02:00
Jörg Thalheim
6a0a12a921
Merge pull request #45659 from vincentbernat/fix/nginx-gzip
Small nginx tweaks
2018-08-28 09:35:58 +01:00
Aaron Andersen
b77f38c3cd added a comment about the PATH variable under which incrontab commands will run 2018-08-27 21:31:55 +00:00
Aaron Andersen
7840d00532 clarified the descriptions of the allow and deny options 2018-08-27 21:15:03 +00:00
Aaron Andersen
fc1f33bc2c fixed issue with system jobs 2018-08-27 15:23:19 +00:00
Jörg Thalheim
a6ced42c60
Merge pull request #44990 from Ma27/reload-user-units-during-activation
nixos/switch-to-configuration: reload user units
2018-08-27 11:12:42 +01:00
Jörg Thalheim
831ecca60f
Merge pull request #45281 from Gerschtli/zsh-completion
nixos/zsh: Adds enableGlobalCompInit option
2018-08-27 10:45:29 +01:00
Jörg Thalheim
4e365aa453 nixos/zsh: make enableGlobalCompInit description less ambiguous 2018-08-27 10:43:31 +01:00
Vincent Bernat
bd075eb914 nginx: add more gzipped MIME types
The additions are:

 - image/svg+xml for SVG images
 - application/atom+xml for Atom feeds

These types are also present in mime.types. For better readability,
the list is sorted and formatted with one type per line.
2018-08-26 21:48:55 +02:00
Vincent Bernat
06a5fb2ada nginx: use a compression level of 5 in recommended configuration
While there is little gain of space to use a compression level of 9,
the CPU usage is significant. Many experiments point to use something
between 4 and 6. For example:

 - https://mjanja.ch/2015/03/finding-the-nginx-gzip_comp_level-sweet-spot/
 - 3bda5b93ed/nginx.conf (L93)
2018-08-26 21:43:34 +02:00
Jörg Thalheim
a78b364ed4
Merge pull request #44890 from dywedir/iwd
iwd: 0.4 -> 0.7
2018-08-26 17:25:42 +01:00
Augustin Borsu
4d3ce5ca36 nixos/jupyter: init service 2018-08-26 12:00:54 +02:00
Aaron Andersen
fc03a9f5b7 initial work on incron service 2018-08-25 18:08:24 -04:00
Bas van Dijk
32200033a6 elasticsearch-curator: include the module in the module-list & fix bug 2018-08-25 18:53:10 +02:00
David Smith
2ec33f527b elasticsearch-curator: don't need to add enable to elasticsearch-curator service 2018-08-25 18:53:10 +02:00
David Smith
3744467589 nixos/curator: init elasticsearch curator
https://www.elastic.co/guide/en/elasticsearch/client/curator/5.5/index.html
2018-08-25 18:53:10 +02:00
Bas van Dijk
7d04961c95
Merge pull request #44389 from Mic92/es6
elasticsearch: use 6.x as default version, remove unsupported releases
2018-08-25 17:04:07 +02:00
Vladyslav Mykhailichenko
d73fd69952 iwd: 0.4 -> 0.7 2018-08-25 15:26:52 +03:00
adisbladis
dff43f10f6
Merge pull request #45608 from etu/fix-gitea-locale-updates
nixos/gitea: Symlink gitea locales to match running gitea version
2018-08-25 15:25:27 +08:00
Elis Hirwing
a098cc98d9
nixos/gitea: Symlink gitea locales to match running gitea version
This prevents issues when gitea adds new locales etc. And if they
change locale values in future versions. Or if you rollback to a
previous version of gitea it might be a good idea to use the previous
locale files.
2018-08-25 09:19:53 +02:00
Eric Wolf
7f8b1dd32f systemd: added groups kvm, render
they need to exist according to the README of systemd
2018-08-25 05:18:53 +03:00
Sarah Brofeldt
8f61e96c1e nixos/datadog-agent: Fix type of use_dogstatsd (#45587) 2018-08-25 00:18:59 +02:00
Samuel Dionne-Riel
41e7de42de Use a themed grub for the installer image
This replaces systemd-boot with grub, it is at feature parity, as in it
can do everything systemd-boot did in the previous commit.
2018-08-24 13:04:56 -04:00
Samuel Dionne-Riel
2f7d9c9f78 Adds refind to the installer image.
This is a 277K (as of right now) addition that can greatly help in some
last recourse scenarios. The specific rEFInd setup will not be able to
boot the installer image, but this is not why it has been added. It has
been added to make use of its volumes scanning capabilities to boot
existing EFI images on the target computer, which is sometimes necessary
with buggy EFI. While is isn't NixOS's job to fix buggy EFI, shipping
this small bit with the installer will help the unlucky few.

Example scenario: two wildly different EFI implementation I have
encountered have fatal flaws in which they sometimes will lose all the
settings, this includes boot configuration. This is compounded by the
fact that the two specific and distinct implementation do not allow
manually adding ESP paths from their interface. The only recourse is to
let the EFI boot the default paths, EFI/boot/boot{platform}.efi, which
is not a default location used by the NixOS bootloaders. rEFInd is able
to scan the volumes and detect the existing efi bootloaders, and boot
them successfully.
2018-08-24 13:04:56 -04:00
Samuel Dionne-Riel
853475fed7 Fixes isolinux configuration for new artwork. 2018-08-24 13:04:56 -04:00