Commit Graph

7496 Commits

Author SHA1 Message Date
Franz Pletz
d0435ba032
network-interfaces: device routes for default gateway
Iff interface is set, it makes sense to add device route by default.
2017-09-28 02:14:07 +02:00
Jörg Thalheim
0a6fca15fd Merge pull request #29881 from volth/patch-67
nixos/tinc: add "restartTriggers" back
2017-09-28 00:57:26 +01:00
Ryan Mulligan
c6f513b56a nixos/monit: install monit as system package, use default config file path 2017-09-28 01:20:20 +02:00
volth
ddd13e1375 nixos/tinc: add "restartTriggers" back
Add "restartTriggers" back to restart the Tinc daemon when its peer is removed.
Reverted #27660
2017-09-27 23:16:02 +00:00
Bjørn Forsman
3c6eb3a247 nixos/iso-image.nix: add top-level /version.txt file
This makes it easy to identify which NixOS version is written to an USB
stick without actually booting it.
2017-09-28 00:54:28 +02:00
Niklas Hambüchen
f4c53f1940 consul service: Restart on failure.
Consul is a service you typically want to have running all the time;
it's not supposed to quit by itself.
2017-09-28 00:41:15 +02:00
Franz Pletz
8237fa43d3 Merge pull request #29697 from zimbatm/gdm-on-nvidia
GDM fixes
2017-09-28 00:20:18 +02:00
Rostislav Beneš
0cad98dde1
nixos/xserver,gdm: let GDM handle X server verbosity. 2017-09-28 00:18:57 +02:00
Rostislav Beneš
4ef82339c9
nixos/gdm,nvidia: new options to enable GDM on Wayland and disabling it for nvidia drivers. 2017-09-28 00:18:57 +02:00
Rostislav Beneš
4f91397c98
nixos/nvidia: populating /dev with nvidia devices at boot 2017-09-28 00:18:57 +02:00
Jörg Thalheim
2b8cba2ff5 Merge pull request #29874 from mbrgm/znc-fix
znc: fix openFirewall option
2017-09-27 23:08:51 +01:00
Franz Pletz
0ee866ed72
kbd service: systemd-vconsole-setup is triggered by udev
cc #22470
2017-09-27 23:38:29 +02:00
Franz Pletz
725dee203a
wpa_supplicant service: restart instead of stop & start
We now wait for dhcpcd to acquire a lease but dhcpcd is restarted on
system activation. As wpa_supplicant is stopped while dhcpcd is
restarting a significant delay is introduced on systems with wireless
network connections only. This changes the wpa_supplicant service to
also be restarted together with dhcpcd in case both services were
changed.
2017-09-27 23:38:03 +02:00
Alexander Ried
4a2442032e Revert "kbd service: use /dev/tty1 for systemd-vconsole-setup"
This reverts commit 0c81594a29.

It's no longer needed since systemd-vconsole-setup enumerates all ttys
until it finds a suitable one since systemd v234.
2017-09-27 23:37:24 +02:00
Joerg Thalheim
23f398012b nixos: skip restarting systemd-logind to not break x11 2017-09-27 22:28:27 +01:00
Marius Bergmann
dd50575d5a znc: fix openFirewall option
The current version is broken:
- there's no `openFirewall` attribute directly in the `cfg` set
- the `port` option is an attribute of the `confOptions` set

I used the proper attribute for the firewall port and moved the `openFirewall`
option directly up to the `services.znc` set, as it's rather a general option
for the whole service than a znc-specific option (which are located inside the
`confOptions` set).
2017-09-27 22:18:03 +02:00
Niklas Hambüchen
18eecae4b6 glusterfs service: Change default killMode to "control-group".
This is a better default for NixOS because it ensures that config
changes happen fully when NixOS users expect it.
2017-09-27 20:54:13 +02:00
Niklas Hambüchen
08f7e4516c glusterfs service: Ensure log directory exists for glustereventsd.
Prevents glustereventsd failing at startup in case it starts
before glusterd has started (whose `preStart` would also
create the needed directory).
2017-09-27 20:53:42 +02:00
Niklas Hambüchen
e233a518bd glusterfs service: Add killMode and stopKillTimeout options 2017-09-27 20:53:39 +02:00
Niklas Hambüchen
bd54b72676 glusterfs service: Add settings to disable rpcbind and the events daemon.
See also https://github.com/NixOS/nixpkgs/pull/22225#pullrequestreview-26459886
2017-09-27 19:51:42 +02:00
Niklas Hambüchen
5e2815dfb7 glusterfs service: Don't make it a prerequisite of network-online.target.
This introduces dependency cycles.

A network file system to be running is not required for a network
connection to be available.

19759cfeab (commitcomment-22044519)
2017-09-27 19:17:23 +02:00
Rodney Lorrimar
56eba66f77 mysqlBackup service: let it work with default settings
* Grants enough privileges to the configured user so that it can run
  mysqldump.

* Adds a nixos test.

* Use systemd timers instead of a cronjob (by @fadenb).

* Creates a new user for backups by default, instead of using mysql
  user.

* Ensures that backup user has write permissions on backup location.

* Write backup to a temporary file before renaming so that a failed
  backup won't overwrite the previous backup, and so that the backup
  location will never contain a partial backup.

Breaking changes:

 * Renamed period to calendar to reflect the change in how to
   configure the backup time.

 * A failed backup will no longer result in cron sending an e-mail --
   users' monitoring systems must be updated.

Resolves #24728
2017-09-27 18:44:49 +02:00
Joerg Thalheim
75ba415fbc nixos/tinc: remove useless script argument
ExecStart is sufficient and more transparent to the user.
2017-09-27 17:57:39 +02:00
Joerg Thalheim
ad8cb0917f nixos/tinc: do not add Device= by default
tinc can figure this out based on DeviceType.
I also got `/dev/net/tun FD in bad state` after a particular upgrade.
2017-09-27 17:57:39 +02:00
Eelco Dolstra
79d547b4bb
nix-daemon: Bump the default number of build users
While it's annoying to pollute the user database with a lot of nixbld*
users, 10 users is really too low for many modern systems.
2017-09-27 17:13:16 +02:00
Peter Simons
99e24590cb nixos(spamassassin): fix trailing whitespace 2017-09-27 14:50:52 +02:00
Peter Simons
bfab392e6e nixos(spamassassin): provide /etc/spamassassin to fix sa-learn et al
Spamassassin expects its system-wide configuration at /etc/spamassassin, and
some user tools (like sa-learn) need to read those configuration files.
Therefore, we provide a symlink from /etc/spamassassin to the appropriate Nix
store path to make sure those tools work without the user having to pass an
elaborate --siteconfig path that, potentially, changes every time the system
updates.

Fixes https://github.com/NixOS/nixpkgs/issues/29414.
2017-09-27 14:50:52 +02:00
Daniel Peebles
79d8ccf4f0 Merge pull request #28777 from copumpkin/installer-chroot
nixos-install: re-enable --chroot option
2017-09-26 12:23:19 -07:00
Dan Peebles
186c120bed nixos-install: re-enable --chroot option
I forgot to implement it the first time around. Whoops!
2017-09-26 07:25:14 -07:00
Jörg Thalheim
c74418a4e6 Merge pull request #29426 from Mic92/zfsUnstable
nixos/zfs: import encrypted datasets by default for zfsUnstable
2017-09-26 09:10:44 +01:00
Jörg Thalheim
9164517c18 nixos/zfs: import encrypted datasets by default for zfsUnstable 2017-09-26 09:08:53 +01:00
Jörg Thalheim
b303aa0155 Merge pull request #29762 from samueldr/pr/update-mediawiki
mediawiki: 1.27.3 -> 1.29.1
2017-09-26 08:04:08 +01:00
Jörg Thalheim
bda2d25a50 Merge pull request #28856 from jtojnar/at-spi2-core
gnome3.at-spi2-core: fix service not found error
2017-09-26 00:39:49 +01:00
Pavel Goran
cee657f9a3 nixos/gitolite: add enableGitAnnex option 2017-09-25 22:03:00 +02:00
Joerg Thalheim
194c4002b6 wireguard: fix function for adding routes 2017-09-25 20:42:03 +01:00
Jörg Thalheim
08b827ae8e Merge pull request #29753 from andir/wireguard-allowed-ips-as-route-optional
networking.wireguard: added `allowedIpsAsRoutes` boolean to control p…
2017-09-25 20:32:11 +01:00
Andreas Rammhold
846070e028
networking.wireguard: added allowedIpsAsRoutes boolean to control peer routes
Sometimes (especially in the default route case) it is required to NOT
add routes for all allowed IP ranges. One might run it's own custom
routing on-top of wireguard and only use the wireguard addresses to
exchange prefixes with the remote host.
2017-09-25 21:30:52 +02:00
Joachim F
ffd6cbe3d1 Merge pull request #28503 from phile314/fusion-inventory
Fusion inventory: Init at 2.3.18
2017-09-25 12:58:44 +00:00
Franz Pletz
263185aa68
nixos/network-interfaces: ensure slave interfaces are up
Fixes #28620.
2017-09-25 14:06:38 +02:00
Franz Pletz
13a110e696
nixos/network-interfaces: cannot delay device units
Systemd is complaining that it can't delay the startup of device units.
We have a before dependency on the respective device unit for every
netdev service, which doesn't make any sense because we create the
actual interface in this service.
2017-09-25 14:06:38 +02:00
Franz Pletz
3a670daa98
nixos/network-interfaces: IPs must always be set
Previously, depending on the environment and the type of interface that
was created, the configured IPs of an interface wouldn't be applied on a
nixos-rebuild switch. It works after a reboot.

This patch ensures that the network-addresses service is started
either via the network-link service or if the networking target is
activated (i.e. on system activation).

Fixes #28474 #16230.
2017-09-25 14:06:38 +02:00
Silvan Mosberger
a8c97ad23e nixos/radicale: fix default version (#29743) 2017-09-25 10:18:42 +00:00
Philipp Hausmann
1a23ff8a13 FusionInventory: Code cleanup 2017-09-25 10:39:11 +02:00
Philipp Hausmann
6b788e36df FusionInventory: Add NixOS module. 2017-09-25 10:39:11 +02:00
Samuel Dionne-Riel
0b1c73f4da mediawiki: 1.27.3 -> 1.29.1 2017-09-24 22:49:22 -04:00
Jörg Thalheim
975c7b2204 Merge pull request #29450 from jerith666/djb-1709
Add modules for tinydns and dnscache from djbdns
2017-09-24 15:39:29 +01:00
Joerg Thalheim
735b41c34f nixos/tinydns: default data to empty string
(not strictly required to start the service)
2017-09-24 15:38:25 +01:00
Kranium Gikos
412fa16bff influxdb sevice: make postStart test work with non-localhost configurations (#29734)
make postStart test work with non-localhost configurations
2017-09-24 15:37:17 +01:00
Jörg Thalheim
d20bd77c93 Merge pull request #29717 from fare-patches/nfsd
nfsd: add extraNfsdConfig
2017-09-24 15:13:42 +01:00
Robin Gloster
43404d9acf
systemd-tmpfiles: fix docs
We have been doing this since 4e4161c212
2017-09-24 13:17:46 +02:00
Jan Tojnar
69698ec11c gnome3: only maintain single GNOME 3 package set (#29397)
* gnome3: only maintain single GNOME 3 package set

GNOME 3 was split into 3.10 and 3.12 in #2694. Unfortunately, we barely have the resources
to update a single version of GNOME. Maintaining multiple versions just does not make sense.
Additionally, it makes viewing history using most Git tools bothersome.

This commit renames `pkgs/desktops/gnome-3/3.24` to `pkgs/desktops/gnome-3`, removes
the config variable for choosing packageset (`environment.gnome3.packageSet`), updates
the hint in maintainer script, and removes the `gnome3_24` derivation from `all-packages.nix`.

Closes: #29329

* maintainers/scripts/gnome: Use fixed GNOME 3 directory

Since we now allow only a single GNOME 3 package set, specifying
the working directory is not necessary.

This commit sets the directory to `pkgs/desktops/gnome-3`.
2017-09-24 12:15:50 +01:00
Robin Gloster
9ba024f6d8
kubernetes: fix hashes after dockerTools change 2017-09-24 12:09:07 +02:00
Matej Cotman
6ea272ced4 kubernetes: fix dns addon hashes, fix clusterDns, enable proxy on master 2017-09-24 11:44:25 +02:00
Jaka Hudoklin
ddf5de5de0 kubernetes module: refactor module system, kube-dns as module 2017-09-24 11:44:25 +02:00
Jaka Hudoklin
2beadcf181 kubernetes module: seedDockerImages option for seeding docker images built with nix 2017-09-24 11:44:25 +02:00
Jaka Hudoklin
9d97c92d68 kubernetes module: webhook authorization for kubelet 2017-09-24 11:44:25 +02:00
Jaka Hudoklin
7c893623d4 kubernetes module: fix documentation links 2017-09-24 11:44:25 +02:00
Jaka Hudoklin
74f99525e0 kubernetes module: add featureGates option 2017-09-24 11:44:25 +02:00
Jaka Hudoklin
55dbbfd899 kubernetes module: kubelet, add socat to path for kubectl portforward 2017-09-24 11:44:25 +02:00
Jaka Hudoklin
8e48fff268 kubernetes module: enable leader elect by default 2017-09-24 11:44:25 +02:00
Jaka Hudoklin
856ca7347f kubernetes module: add storage and tolerations addmission controllers 2017-09-24 11:44:25 +02:00
Jaka Hudoklin
d842d539d9 kubernetes module: fix cidr ranges 2017-09-24 11:44:25 +02:00
Jaka Hudoklin
b25d155976 kubernetes module: default auth mode to only RBAC 2017-09-24 11:44:25 +02:00
Jaka Hudoklin
c2622910ab kubernetes module: add support for common CA file 2017-09-24 11:44:25 +02:00
Jaka Hudoklin
c96ca5f3bd kubernetes module: per service kubeconfig support 2017-09-24 11:44:25 +02:00
Jaka Hudoklin
7dfeac88ac kubernetes module: flannel support, minor fixes
- add flannel support
- remove deprecated authorizationRBACSuperAdmin option
- rename from deprecated poratalNet to serviceClusterIpRange
- add nodeIp option for kubelet
- kubelet, add br_netfilter to kernelModules
- enable firewall by default
- enable dns by default on node and on master
- disable iptables for docker by default on nodes
- dns, restart on failure
- update tests

and other minor changes
2017-09-24 11:44:25 +02:00
Matej Cotman
8e14e978c8 kubernetes: fix minor issues 2017-09-24 11:44:25 +02:00
Matej Cotman
ed322f4235 kubernetes: update service 2017-09-24 11:44:25 +02:00
Jaka Hudoklin
90d5468ad6 kubernetes module: authorization improvements 2017-09-24 11:44:25 +02:00
Matej Cotman
c3cfd92d24 kubernetes: 1.5.6 -> 1.6.4 2017-09-24 11:44:25 +02:00
Graham Christensen
f3b9ac73e2
nixos/rabbitmq: fix restarts and sasl logs
1. The chmod 400 with the preset cookie prevented restarts, as
on the second boot it would fail to write to the cookie. Oops.

2. As far as I can tell, sasl logs were disabled because of the
following error:

{error,{cannot_log_to_tty,sasl_report_tty_h,not_installed}}

Not because we actually wanted to disable them. This meant the
management plugin wasn't usable due to a bug set to be fixed in
3.7.0.
2017-09-23 17:58:43 -04:00
Francois-Rene Rideau
62983f5cae nfsd: add extraNfsdConfig 2017-09-23 16:22:27 -04:00
Jaka Hudoklin
ac775ac6dd Merge pull request #21077 from xtruder/nixos/programs/npm/add
npm module: add npm module for global npm config
2017-09-23 20:35:58 +02:00
Jaka Hudoklin
948f4a9c6d npm module: add npm as nixos program 2017-09-23 20:34:55 +02:00
Franz Pletz
0f5cd17f2c
nixos-generate-config: add programs options examples 2017-09-23 20:03:19 +02:00
Franz Pletz
3d040f9305
nixos/install: disable kernel debug console logging
Add another option for debugging instead. Lots of users have been
complaining about this default behaviour.

This patch also cleans up the EFI bootloader entries in the ISO.
2017-09-23 20:03:19 +02:00
Silvan Mosberger
eca23233b2 encrypted devices: add label set assertion (#29651) 2017-09-23 19:02:16 +01:00
Robin Gloster
08b09fdc5c
fanctl, fan module: remove
This has been broken nearly all the time due to the patches needed to
iproute2 not being compatible with the newer versions we have been
shipping. As long as Ubuntu does not manage to upstream these changes
so they are maintained with iproute2 and we don't have a maintainer
updating these patches to new iproute2 versions it is not feasible to
have this available.
2017-09-23 17:55:33 +02:00
Peter Simons
99f759de1c Revert "nixos: add option for bind to not resolve local queries (#29503)"
This reverts commit 670b4e29ad. The change
added in this commit was controversial when it was originally suggested
in https://github.com/NixOS/nixpkgs/pull/29205. Then that PR was closed
and a new one opened, https://github.com/NixOS/nixpkgs/pull/29503,
effectively circumventing the review process. I don't agree with this
modification. Adding an option 'resolveLocalQueries' to tell the locally
running name server that it should resolve local DNS queries feels
outright nuts. I agree that the current state is unsatisfactory and that
it should be improved, but this is not the right way.

(cherry picked from commit 23a021d12e)
2017-09-23 16:41:34 +02:00
Bjørn Forsman
3a58e41e43 nixos/gitolite: use group 'gitolite' instead of 'nogroup'
Having files (git repositories) owned by 'nogroup' is a bad idea.
2017-09-23 16:33:52 +02:00
Joachim Fasting
1df6cf5d1d
nixos/lock-kernel-modules: fix deferred fileSystem mounts
Ensure that modules required by all declared fileSystems are explicitly
loaded.  A little ugly but fixes the deferred mount test.

See also https://github.com/NixOS/nixpkgs/issues/29019
2017-09-22 23:55:04 +02:00
Joachim Fasting
15a4f9d8ef
nixos/hardened: simplify script 2017-09-22 23:53:06 +02:00
Pavel Goran
c73a3813fa nixos/gitolite: customize .gitolite.rc declaratively
Add the `extraGitoliteRc` option to customize the `.gitolite.rc`
configuration file declaratively.

Resolves #29249.
2017-09-22 18:29:35 +02:00
Jörg Thalheim
42be8dbe15 Merge pull request #29344 from Moredread/fix/fileystem-encrypted-keyfile-missing-initrd-support
nixos/fileystems: Fix boot fails with encrypted fs
2017-09-22 12:46:17 +01:00
Matt McHenry
0ece5fc509 nixos/pfix-srsd: add module 2017-09-21 21:44:55 -04:00
Jörg Thalheim
743848bb46 Merge pull request #29581 from eqyiel/fix-rpc-gssd
nixos/nfs: allow setting the path to krb5.keytab
2017-09-22 01:41:10 +01:00
Michael Weiss
351f5fc585 fuse3: init at 3.1.1
This includes fuse-common (fusePackages.fuse_3.common) as recommended by
upstream. But while fuse(2) and fuse3 would normally depend on
fuse-common we can't do that in nixpkgs while fuse-common is just
another output from the fuse3 multiple-output derivation (i.e. this
would result in a circular dependency). To avoid building fuse3 twice I
decided it would be best to copy the shared files (i.e. the ones
provided by fuse(2) and fuse3) from fuse-common to fuse (version 2) and
avoid collision warnings by defining priorities. Now it should be
possible to install an arbitrary combination of "fuse", "fuse3", and
"fuse-common" without getting any collision warnings. The end result
should be the same and all changes should be backwards compatible
(assuming that mount.fuse from fuse3 is backwards compatible as stated
by upstream [0] - if not this might break some /etc/fstab definitions
but that should be very unlikely).

My tests with sshfs (version 2 and 3) didn't show any problems.

See #28409 for some additional information.

[0]: https://github.com/libfuse/libfuse/releases/tag/fuse-3.0.0
2017-09-21 23:59:46 +02:00
Joachim F
c913f7155f Merge pull request #27340 from bachp/glusterfs-tls
glusterfs service: add support for TLS communication
2017-09-21 20:27:25 +00:00
Jörg Thalheim
ba174fc5a7 Merge pull request #29285 from bachp/node-exporter-docs
node-exporter service: fix documentation for enabledCollectors
2017-09-21 21:04:09 +01:00
Pascal Bach
8ed758696c gluster service: use str instead of path for private key
This pervents the user from accidently commiting the key to the nix store.
If providing a path instead of a string.
2017-09-21 20:35:35 +02:00
Robin Gloster
e2822f6384
gitlab: 9.5.2 -> 9.5.5 2017-09-21 20:26:12 +02:00
Peter Hoeg
6558f81bc9 kmscon: reset ExecStart to allow override
The getty@.service unit already has an ExecStart so we cannot simply set a new
one in order to override it or we will get this error:

systemd[1]: getty@tty1.service: Service has more than one ExecStart= setting, which is only allowed for Type=oneshot services. Refusing.

Instead "reset" ExecStart by setting it to empty which is the systemd way of
doing it.
2017-09-21 10:02:03 +08:00
Raphael Das Gupta
42d6e933d6 xonsh: fix typo ("xnosh") in "enable" description 2017-09-21 00:47:57 +02:00
Robin Gloster
370ac6275e
gitlab module: fix shell hook path 2017-09-20 23:51:26 +02:00
Ruben Maher
98a2316166 nfs-utils: set /etc/krb5.keytab as default path for rpc-gssd
Currently the `rpc-gssd.service` has a `ConditionPathExists` clause that can
never be met, because it's looking for stateful data inside `/nix/store`.

`auth-rpcgss-module.service` also only starts if this file exists.

Fixes NixOS/nixpkgs#29509.
2017-09-20 15:36:26 +01:00
Rob Vermaas
1b71376cf2
Make sure dummy kernel module is loaded for hologram-agent.
(cherry picked from commit eb873f6c78)
2017-09-20 10:58:24 +00:00
Matt McHenry
1b7e5eaa79 nixos/dnscache: add module
with improvements suggested by Jörg Thalheim <joerg@thalheim.io>
2017-09-19 21:24:58 -04:00
Matt McHenry
ab851b63da nixos/tinydns: add module
with improvements suggested by Jörg Thalheim <joerg@thalheim.io>
2017-09-19 20:57:41 -04:00
Franz Pletz
406c7a0731 Merge pull request #29521 from aneeshusa/ease-radicale-upgrade
Ease radicale upgrade
2017-09-18 23:13:53 +02:00
gwitmond
bd52618c9d
nixos: add option for bind to not resolve local queries (#29503)
When the user specifies the networking.nameservers setting in the
configuration file, it must take precedence over automatically
derived settings.

The culprit was services.bind that made the resolver set to
127.0.0.1 and ignore the nameserver setting.

This patch adds a flag to services.bind to override the nameserver
to localhost. It defaults to true. Setting this to false prevents the
service.bind and dnsmasq.resolveLocalQueries settings from
overriding the users' settings.

Also, when the user specifies a domain to search, it must be set in
the resolver configuration, even if the user does not specify any
nameservers.

(cherry picked from commit 670b4e29ad)

This commit was accidentally merged to 17.09 but was intended for
master. This is the cherry-pick to master.
2017-09-18 22:54:29 +02:00
Franz Pletz
dc08dcf6e7
ssh service: add sftpFlags option 2017-09-18 21:52:07 +02:00
Robert Klotzner
a9f60224f8 coturn service: Fix coturn to properly come up (#29415)
properly also in case dhcpcd being used.

Without network-online.target, coturn will fail to listen on addresses that
come up with dhcpcd.
2017-09-18 14:54:32 +02:00
Franz Pletz
b179908414
nixos/networking: network is online if default gw set
Previously services depending on network-online.target would wait until
dhcpcd times out if it was enabled and a static network address
configuration was used. Setting the default gateway statically is enough
for the networking to be considered online.

This also adjusts the relevant networking tests to wait for
network-online.target instead of just network.target.
2017-09-18 14:51:38 +02:00
Franz Pletz
decaa2e7bf Merge pull request #29133 from elitak/ipfs
ipfs: workaround for upstream bug; other small fixes
2017-09-18 13:26:39 +02:00
Florian Jacob
839e3c7666 nixos/mysql: declarative users & databases
using Unix socket authentication, ensured on every rebuild.
2017-09-18 13:10:26 +02:00
Kranium Gikos
662b409b72 influxdb service: fixup postStart script to handle TLS 2017-09-18 11:56:30 +02:00
Justin Humm
b5a5d0ba84 gollum service: init 2017-09-18 11:55:00 +02:00
Aneesh Agrawal
fcd590d116 radicale: Add extraArgs option to assist in data migration 2017-09-18 00:29:01 -07:00
Eric Litak
1a15c5d8c6 ipfs: autoMount working without root 2017-09-17 23:57:25 -07:00
Eric Litak
6324317c76 ipfs: workaround for upstream bug; doc fixes 2017-09-17 23:57:25 -07:00
Pascal Bach
c68118ce65 glusterfs service: add support for TLS communication
TLS settings are implemented as submodule.
2017-09-17 18:53:14 +02:00
Franz Pletz
275914323b Merge pull request #27256 from bachp/squid-service
squid service: initial service based on default config
2017-09-17 18:52:53 +02:00
Rodney Lorrimar
6460e459de nixos/gogs: Fix module when no passwords provided
If neither database.password or database.passwordFile were provided,
it would try and fail to coerce null to a string.

This fixes the situation where there is no password for the database.

Resolves #27950
2017-09-17 18:41:53 +02:00
Joachim F
149307476e Merge pull request #29479 from florianjacob/fix-tinc-stable
nixos/tinc: Fix tinc cli wrapper for tinc 1.0
2017-09-17 13:40:20 +00:00
Florian Jacob
8cea87c1eb nixos/tinc: Fix tinc cli wrapper for tinc 1.0.
tinc prior to 1.1 doesn't have the `tinc` executable,
and `tincd` isn't of any use while the daemon already runs.
2017-09-17 10:46:12 +02:00
aszlig
3ba2095a42
nixos/dovecot: Fix createMailUser implementation
This option got introduced in 7904499542
and it didn't check whether mailUser and mailGroup are null, which they
are by default.

Now we're only creating the user if createMailUser is set in conjunction
with mailUser and the group if mailGroup is set as well.

I've added a NixOS VM test so that we can verify whether dovecot works
without any additional options set, so it serves as a regression test
for issue #29466 and other issues that might come up with future changes
to the Dovecot service.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Fixes: #29466
Cc: @qknight, @abbradar, @ixmatus, @siddharthist
2017-09-17 04:57:20 +02:00
Jaka Hudoklin
1adaad1371 Merge pull request #28927 from xtruder/nixos/logkeys/init
logkeys module: init
2017-09-16 16:23:13 +02:00
Joachim F
c0616a3234 Merge pull request #28892 from ryantm/matterbridge2
matterbridge, modules/matterbridge: init at 1.1.0
2017-09-16 12:43:35 +00:00
Matt McHenry
cfbac1beb4 systemd: better document enabled, wantedBy, and requiredBy (#29453)
the systemd.unit(5) discussion of wantedBy and requiredBy is in the
[Install] section, and thus focused on stateful 'systemctl enable'.
so, clarify that in NixOS, wantedBy & requiredBy are still what most
users want, and not to be confused with enabled.
2017-09-16 12:48:16 +02:00
Silvan Mosberger
fea9e081a9
namecoin service: fix typo 2017-09-15 23:08:53 +02:00
Tuomas Tynkkynen
c8e7aab0c8 sd-image-aarch64: Increase CMA memory so RPi3 virtual console works again 2017-09-15 23:15:16 +03:00
Bjørn Forsman
6b7a9376f1 nixos/wpa_supplicant: use literalExample
For various reasons, big Nix attrsets look ugly in the generated manual
page[1]. Use literalExample to fix it.

[1] Quotes around attribute names are lost, newlines inside multi-line
strings are shown as '\n' and attrs written on multiple lines are joined
into one.
2017-09-15 20:27:48 +02:00
joachim schiele
7904499542 dovecot2: added quota, changed pop3 default 2017-09-15 18:01:29 +02:00
Jörg Thalheim
1ecf3e862f zfsUnstable: init at 2017-09-12 2017-09-15 17:59:37 +02:00
Jörg Thalheim
7d5633ea7a Merge pull request #27342 from lheckemann/installer-changes
Installer changes
2017-09-15 16:19:11 +01:00
Eelco Dolstra
6dad1f70ce
nix: 1.11.14 -> 1.11.15 2017-09-15 16:38:33 +02:00
Rob Vermaas
0783efb41c
google-instance-setup: add openssh to path 2017-09-15 10:43:09 +00:00
Peter Hoeg
4b78d44ab6 mtr nixos module: wrap the proper binary 2017-09-14 19:09:54 +08:00
André-Patrick Bubel
2000fba561
nixos/fileystems: Fix boot fails with encrypted fs
Boot fails when a keyfile is configured for all encrypted filesystems
and no other luks devices are configured. This is because luks support is only
enabled in the initrd, when boot.initrd.luks.devices has entries. When a
fileystem has a keyfile configured though, it is setup by a custom
command, not by boot.initrd.luks.

This commit adds an internal config flag to enable luks support in the
initrd file, even if there are no luks devices configured.
2017-09-14 05:27:41 +02:00
Jörg Thalheim
bb5b084986 tor: skip ControlPort in torrc, if not set. 2017-09-13 23:33:46 +01:00
Tuomas Tynkkynen
0c368ef02f treewide: Escape backslash in strings properly
"\." is apparently the same as "." wheras the correct one is "\\."
2017-09-14 01:03:39 +03:00
Robin Gloster
f5e0e94b2a
nixos/redmine: fix create role
postgresql create role no longer supports NOCREATEUSER option. See
https://www.postgresql.org/docs/9.6/static/release-9-6.html for
details.
2017-09-13 21:55:50 +02:00
Joachim F
c9200f8d9c Merge pull request #28874 from ryantm/mattermost
nixos/mattermost: fix create role
2017-09-13 19:41:25 +00:00
Jörg Thalheim
13edd9765a Merge pull request #29125 from geistesk/firehol-3.1.4
firehol: init at 3.1.4, iprange: init at 1.0.3
2017-09-13 18:10:22 +01:00
Vladimír Čunát
97ac29cafc
hpsa service: fallout from #28557 merge and revert 2017-09-13 07:55:48 +02:00
Pascal Bach
a217d73381 node-exporter service: fix documentation for enabledCollectors 2017-09-12 22:38:17 +02:00
Vladimír Čunát
422adc3063
Merge branch 'staging'
10k staging builds are not yet finished on Hydra (mostly darwin),
but we now have a 20k jobs rebuilding directly on master, so we would
never get to merge this way...
2017-09-12 19:17:52 +02:00
Jörg Thalheim
39e327eeb5 nixos/openafs-client: update cellServDB 2009-06-29 -> 2017-03-14 2017-09-12 13:12:41 +01:00
Bjørn Forsman
6b9ee30672 nixos/gitolite: don't leak nix store hash into gitolite-admin username/key
It doesn't look good when the initial admin user is named
"<hash>-gitolite-admin" and the key stored as
"<hash>-gitolite-admin.pub". Instead, make it simply "gitolite-admin"
and "gitolite-admin.pub".
2017-09-12 10:56:11 +02:00
Edward Tjörnhammar
847ce53ab1
nixos, i2pd: nat option, default true 2017-09-12 10:13:29 +02:00
Jörg Thalheim
26619935d1 Merge pull request #29083 from timor/physlock-11-dev
physlock: 0.5 -> 11-dev
2017-09-12 08:56:52 +01:00
Jörg Thalheim
ebc1127cb9 Merge pull request #29247 from pvgoran/gitolite-RequiresMountsFor
nixos/gitolite: add RequiresMountsFor unit option
2017-09-12 08:02:51 +01:00
Bjørn Forsman
fc02a0265a nixos/samba: remove space in "[ global ]" heading
Use consistent no-space style. (All documentation I've seen use no
space, and the generated section headings from the NixOS module also use
no space.)
2017-09-12 08:03:14 +02:00
Frederik Rietdijk
628b6c0e9d Merge remote-tracking branch 'upstream/master' into HEAD 2017-09-11 22:52:53 +02:00
pvgoran
4c4f73c0eb services.gitolite: Add RequiresMountsFor unit option ...
... to ensure that the filesystem where `dataDir` resides is mounted when we do initialization or upgrade.
2017-09-12 02:03:51 +07:00
Pascal Bach
334e23d244 nixos/prometheus-collectd-exporter: init module (#29212)
* prometheus-collectd-exporter service: init module

Supports JSON and binary (optional) protocol
of collectd.

* nixos/prometheus-collectd-exporter: submodule is not needed for collectdBinary
2017-09-11 19:17:00 +01:00
lewo
3a377e26b2 nixos/nova-image: cleanup image builders (#29242)
There are currently two ways to build Openstack image. This just picks
best of both, to keep only one!

- Image is resizable
- Cloudinit is enable
- Password authentication is disable by default
- Use the same layer than other image builders (ec2, gce...)
2017-09-11 17:33:33 +01:00
timor
ae87a30a83 physlock: 0.5 -> 11-dev
Update physlock to a more current version which supports PAM and
systemd-logind.  Amongst others, this should work now with the slim
login manager without any additional configuration, because it does
not rely on the utmp mechanism anymore.
2017-09-10 22:43:05 +02:00
Ryan Mulligan
9c786d82f2 matterbridge, modules/matterbridge: init at 1.1.0 2017-09-10 08:57:28 -07:00
Jörg Thalheim
7641d0e335 Merge pull request #29171 from vaibhavsagar/znc-open-firewall
znc: open firewall with configured port
2017-09-10 14:34:29 +01:00
Vaibhav Sagar
c7dd5e146b znc: add openFirewall configuration option 2017-09-10 18:41:39 +08:00
Frederik Rietdijk
dab3272f47 Merge remote-tracking branch 'upstream/master' into HEAD 2017-09-10 08:56:39 +02:00
Vaibhav Sagar
83d89e9b22 znc: open firewall with configured port
The configuration doesn't currently open the configured port, which is
less convenient than opening it.
2017-09-10 11:30:46 +08:00
Vaibhav Sagar
405050b2cb znc: fix network example configuration
s/ssl/useSSL/
2017-09-10 11:25:29 +08:00
Ruben Maher
4ff9e9e333 nixos/transmission: make it possible to use a different home directory (#29138) 2017-09-09 20:19:35 +00:00
Joachim Fasting
8aa0618cf0
nixos/hardened: blacklist a few obscure net protocols 2017-09-09 17:37:17 +02:00
Joachim Fasting
2bce0b13e7
nixos/hardened: set mmap_min_addr
This is set in the hardened linux config as well but sysctl is more
flexible & works with any boot.kernelPackages
2017-09-09 17:37:15 +02:00
Joachim F
b5163bc937 Merge pull request #29071 from nh2/glusterfs-glusterfind-dirs
glusterfs service: Ensure dirs needed by `glusterfind` exist
2017-09-09 13:07:39 +00:00
Pascal Bach
2ed89eddf3 squid service: intial service based on default config 2017-09-09 12:44:46 +02:00
geistesk
2316f16ac0 nixos/fireqos: add service 2017-09-09 00:29:46 +02:00
Frederik Rietdijk
febd5e323d Merge remote-tracking branch 'upstream/master' into HEAD 2017-09-08 20:48:14 +02:00
Michael Alan Dorman
cd283e9234 mfi: Remove remaining reference to mfi.nix
This file was removed in 6f0b538044, but sufficient care was not taken
to remove all references to it.  Without this change, trying to
rebuild nixos fails.
2017-09-08 14:33:45 +02:00
Bjørn Forsman
eed14baec3 nixos/postfix: undo deprecation of extraConfig, extraMasterConf
I realize that advanced users like to configure services with Nix
attrsets, but I don't think we should remove the option to use the
(configuration) language provided by upstream.
2017-09-07 21:41:29 +02:00
Jörg Thalheim
6f0b538044 nixos/mfi: remove 2017-09-07 10:24:03 +01:00
Niklas Hambüchen
5bc38fc089 glusterfs service: Ensure dirs needed by glusterfind exist 2017-09-07 10:38:52 +02:00
Frederik Rietdijk
d38ee5b46c Merge remote-tracking branch 'upstream/master' into HEAD 2017-09-07 09:29:44 +02:00
Tim Steinbach
a54b2e3ba2 Merge pull request #29002 from NeQuissimus/docker_edge_module_test
docker: Package in module, tests
2017-09-06 15:03:56 -04:00
Frederik Rietdijk
9e27b88141 Merge remote-tracking branch 'upstream/master' into HEAD 2017-09-06 20:17:53 +02:00
makefu
ca54a86162
dnscrypt-wrapper module: fix permissions and options
When keys get refreshed a folder with the permissions of the root user
get created in the home directory of the user dnscrypt-wrapper. This
prevents the service from restarting.

In addition to that the parameters of dnscrypt-wrapper have
changed in upstream and in the newly packaged software.
2017-09-06 15:27:05 +02:00
Franz Pletz
bbeeee220a
Merge remote-tracking branch 'origin/master' into staging 2017-09-05 20:14:08 +02:00
Franz Pletz
1bed4773f5
postgresql92: remove last references 2017-09-05 18:20:56 +02:00
pbogdan
94a4183bda nixos/fontconfig: fix substitutions option (#28895) 2017-09-05 16:20:42 +00:00
Frederik Rietdijk
d7ef196c26 Merge remote-tracking branch 'upstream/master' into HEAD 2017-09-05 10:11:06 +02:00
Tim Steinbach
2bb57ef776
docker: Allow package selection in module 2017-09-04 19:02:05 -04:00
Michele Catalano
4ea1d49643 nexus: Add module for nexus.
Add also myself as maintainer
Add simple test of the nexus service
2017-09-04 22:32:02 +02:00
Orivej Desh
7803d69b78 nixos: update glibc locales link 2017-09-03 18:00:35 +00:00
John Ericson
241ced7dab nixos/hardware/raid/hpsa: Use NIX_BINUTILS
NIX_CC no longer includes nix-support/dynamic-linker
2017-09-03 11:39:16 -04:00
Jaka Hudoklin
4521225d22 nixos/xpra: allow to set extra options (#28934) 2017-09-03 16:30:08 +01:00
Jörg Thalheim
4391330033 Merge pull request #28893 from jtojnar/gpaste-service
gnome3.gpaste: Add GPaste service
2017-09-03 16:27:30 +01:00
Franz Pletz
2f48144d0e
gitlab: 9.4.5 -> 9.5.2 2017-09-03 15:50:52 +02:00
Robin Gloster
97a2cd0748
nginx: module fix example
Closes #28926
2017-09-03 14:05:32 +02:00
The Admin
cdb0038052 logkeys module: init 2017-09-03 12:52:57 +02:00
Robin Gloster
eedffc5277
gitlab module: fix permissions and path 2017-09-02 23:31:26 +02:00
Robin Gloster
aaff3fa5f3
gitlab module: fix postgres superUser
(cherry picked from commit edd8265c36)
2017-09-02 23:30:53 +02:00
Robin Gloster
45605db3e0
gitlab: fix postgres calls 2017-09-02 23:30:49 +02:00
Robin Gloster
0156db2da5
Merge remote-tracking branch 'upstream/master' into HEAD 2017-09-02 23:29:04 +02:00
Philipp Steinpass
d784b83005 nixos/hydra postgresql: Fix #27314 and add test case 2017-09-02 23:07:42 +02:00
Graham Christensen
8d8b5f57eb Merge pull request #28903 from grahamc/systemd-boot-nixos-version
Include date and NixOS version in systemd-boot entries
2017-09-02 15:43:20 -04:00
Joachim Fasting
bb036a327c
nixos/chromium-suid-sandbox: remove reference to grsecurity 2017-09-02 20:35:28 +02:00
Joachim Fasting
268eb4adb7
nixos: purge remaining grsecurity bits
:(

Fixes https://github.com/NixOS/nixpkgs/issues/28859
2017-09-02 20:35:24 +02:00
Graham Christensen
62652be111
Include date and NixOS version in systemd-boot entries
Grub configs include the NixOS version and date they were built, now
systemd can have fun too:

    version Generation 99 NixOS 17.03.1700.51a83266d1, Linux Kernel 4.9.43, Built on 2017-08-30
    version Generation 100 NixOS 17.03.1700.51a83266d1, Linux Kernel 4.9.43, Built on 2017-08-30
    version Generation 101 NixOS 17.03.1700.51a83266d1, Linux Kernel 4.9.43, Built on 2017-08-31
    version Generation 102 NixOS 17.03.1700.51a83266d1, Linux Kernel 4.9.43, Built on 2017-09-01
    version Generation 103 NixOS 17.03.1700.51a83266d1, Linux Kernel 4.9.43, Built on 2017-09-02
    version Generation 104 NixOS 17.09beta41.1b8c7786ee, Linux Kernel 4.9.46, Built on 2017-09-02
    version Generation 105 NixOS 17.09.git.1b8c778, Linux Kernel 4.9.46, Built on 2017-09-02
2017-09-02 14:28:34 -04:00
aszlig
880a0409e8
nixos/deluge: Fix last wrong package attribute
I missed this in 799435b7ca.

This time I used "git grep -F pythonPackages.deluge" just to be sure :-)

Thanks a lot to @roconnor for spotting this.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Reported-by: @roconnor
2017-09-02 19:44:14 +02:00
Jan Tojnar
6ca6ea9e23
nixos/gnome3.gpaste: add service 2017-09-02 17:43:01 +02:00
Frederik Rietdijk
c2e23a4948 Merge pull request #28871 from romildo/mate
mate desktop: some improvements
2017-09-02 13:21:40 +02:00
Jörg Thalheim
7b20952c04 Merge pull request #28726 from vyp/interception-tools
interception-tools: init at 0.1.1
2017-09-02 08:24:57 +01:00
xd1le
e0b44a09b8 interception-tools: init at 0.1.1
The latest release of libyamlcpp in nixpkgs does not build because it
uses an older version of boost than the one in nixpkgs and therefore
expects a particular header file which does not exist in the latest
boost anymore. For this reason, a later (git) version of libyamlcpp is
used here (which actually doesn't even require boost).

The substituteInPlace in the prePatch phase is needed because libevdev
places its headers in non-standard places, meaning Nix cannot normally
find them. The `cut` command removes the first two "-I" characters from
the output of `pkg-config`. This needs to be in the prePatch phase
because otherwise Nix will patch these lines to `/var/empty`, meaning
you would have less specific replacement (in case other lines are also
patched to `/var/empty`).

I wrote the patch. (I believe it is NixOS specific.)
2017-09-02 16:17:53 +10:00
Ryan Mulligan
8585898909 nixos/mattermost: fix create role
postgresql create role no longer supports NOCREATEUSER option. See
https://www.postgresql.org/docs/9.6/static/release-9-6.html for
details.
2017-09-01 14:24:44 -07:00
romildo
c4dd81b81d mate: remove icon cache 2017-09-01 17:27:24 -03:00
aszlig
799435b7ca
nixos/deluge: Fix deluge package attribute
Regression introduced by fa5e343242.

The deluge package no longer resides in pythonPackages but now is a
top-level package.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @grantwwu, @fpletz
2017-09-01 18:07:12 +02:00
Jan Tojnar
137db3efb5
gnome3.at-spi2-core: fix service not found error
The service was not registered as a systemd service resulting in errors
in the system journal every time a GNOME application was launched.

See: #16327
2017-09-01 17:22:18 +02:00
Florian Jacob
786e9711f5 nixos/piwik: fix nginx submodule's ssl defaults
previous mkDefault did not work as expected,
as it did not overwrite the original submodule's defaults when the user
did not specify any custom options at all.
2017-09-01 08:13:34 +02:00
Jörg Thalheim
d0e4aef32a Merge pull request #28781 from romildo/mate
mate: add the MATE desktop environment
2017-08-31 18:57:20 +01:00
romildo
56345c0ee4 mate: add icon themes 2017-08-31 13:30:44 -03:00
Gabriel Ebner
1dcfcefd35 Merge pull request #28783 from ryantm/calibre-server
nixos/calibre-server: fix ExecStart call
2017-08-31 14:36:59 +02:00
Graham Christensen
8a11b0d7df Merge pull request #28775 from grahamc/describe-stateVersion
Document the stateVersion more
2017-08-31 06:47:09 -04:00
davidak
8f389f3316 nixos/bcachefs: init module 2017-08-31 05:39:31 -05:00
Florian Jacob
d22c1c0719 mysql service: Make initialDatabases.schema attribute optional 2017-08-31 11:32:25 +02:00
Eelco Dolstra
79954b9d1f
nix: 1.11.13 -> 1.11.14 2017-08-31 11:00:09 +02:00
Symphorien Gibol
90ef2183f7 grub module: assume /nix/store is a bind mount even if it is not read only
Fixes #14999
2017-08-31 10:56:34 +02:00
Ryan Mulligan
39a982dc3e nixos/calibre-server: fix ExecStart call
calibre-server changed the way you specify the library from using
--with-library to just allowing the directory to be specified. See
https://manual.calibre-ebook.com/generated/en/calibre-server.html for
details.
2017-08-30 21:14:45 -07:00
romildo
dcebb0668b mate: add the MATE desktop environment 2017-08-31 00:16:51 -03:00
Graham Christensen
8efb46b609
configuration.nix: Document the stateVersion more 2017-08-30 21:41:35 -04:00
Graham Christensen
9d2777a5a5
Mark synaptics as deprecated 2017-08-30 20:32:45 -04:00
Graham Christensen
1b68193167
profiles/graphical.nix: enable libinput over synaptics 2017-08-30 20:25:11 -04:00
Graham Christensen
af51aa79d2
installer: add a comment hinting about enabling libinput for touchpads 2017-08-30 20:24:36 -04:00
Franz Pletz
5d5be9706e
Impala makes packaging a life-long addiction
Take that recursive acronym, GNU!
2017-08-30 23:13:56 +02:00
Florian Jacob
ae9d311565 nixos/piwik: adjust to addSSL and forceSSL now being mutually exclusive 2017-08-30 22:13:26 +02:00
Florian Jacob
0544ac4a1b nixos/piwik: Make webServerUser default to nginx
if the nginx option is used.
Noted that either webServerUser or nginx option is mandatory.
Also introduce an assertion if both are not set,
and a warning if both are set.
Resolves #27704.
2017-08-30 22:05:02 +02:00
Florian Jacob
adb03f32a1 nixos/piwik: Remove part about mail problems
Sending mail works out of the box as of resolution of #26611.
2017-08-30 22:05:01 +02:00
Florian Jacob
746cc06f13 nixos/piwik: use nginx' virtualHost submodule
instead of redeclaring part of the options. Backward-compatible change.
This gives the same flexibility to the user as nginx itself.
This also resolves the piwik module break from nginx' enableSSL introduction from #27426.
2017-08-30 22:05:00 +02:00
Linus Heckemann
46e41da543 cron service: fix reliance on etc.timezone
This does not fully address the issue, as cron will not restart when
the timezone is changed imperatively as it presumably needs to.
2017-08-30 21:35:17 +02:00
Vladimír Čunát
6b95cf646c
Merge: fixups to staging merge
None are large rebuilds; most are on staging already.
2017-08-30 21:17:17 +02:00
Frederik Rietdijk
6d4bd78fad Merge commit '2858c41' into HEAD 2017-08-30 21:07:07 +02:00
Robin Gloster
7cd46a0594
nginx module: add proxyResolveWhileRunning option 2017-08-30 21:01:53 +02:00
Robin Gloster
4ffa9ddb30
nginx module: allow basic configuration of upstreams 2017-08-30 21:01:53 +02:00
Franz Pletz
759daba980
nginx module: first proxy_set_header takes precendence 2017-08-30 21:01:52 +02:00
Franz Pletz
65c2203ffc
nginx module: add option for proxying websocket requests 2017-08-30 21:01:52 +02:00
Franz Pletz
530282eebe
nginx module: fix applying recommended proxy headers
Previously, if proxy_set_header would be used in an extraConfig of
a location, the headers defined in the http block by
recommendedProxySettings would be cleared. As this is not the intended
behaviour, these settings are now included from a separate file if
needed.
2017-08-30 21:01:52 +02:00
Robin Gloster
0371f2b5cc
nginx module: clean up SSL/listen handling 2017-08-30 21:01:52 +02:00
Franz Pletz
05c9a95d0e Merge pull request #28378 from Ma27/fix-zshrc-eval-order
programs.zsh: move evlauation of `${zshAliases}` after `cfg.interactiveShellInit`
2017-08-30 19:58:49 +02:00
Franz Pletz
b5a95f6289 Merge pull request #28741 from bachp/gitlab-runner-improve
Gitlab runner improve
2017-08-30 18:52:17 +02:00
Eric Litak
5050c56382 ipfs: adding mountDir options but disabling broken autoMount 2017-08-30 08:24:38 -07:00
Eric Litak
5554ea5583 ipfs: preStart configuration moved into daemon services 2017-08-30 08:17:34 -07:00
Eric Litak
ba976021af ipfs: refactor; wrapper adjustment 2017-08-30 08:17:34 -07:00
Eric Litak
952424217b ipfs: optionally manage ulimit -n in serviceConfig 2017-08-30 08:17:34 -07:00
Eric Litak
5f9bad6ceb ipfs: add extraConfig option 2017-08-30 08:17:34 -07:00
Eric Litak
a48a2c4f78 ipfs: add autoMount option 2017-08-30 08:17:34 -07:00
Silvan Mosberger
76dec4a4d2 znapzend service: add autoCreation option 2017-08-30 14:13:13 +02:00
Pascal Bach
233781410d gitlab-runner service: allow adding additional tools to PATH
This is similar to how it is implemented for the Jenkins service.

Bash and docker-machine are added by default as they are required in
many cases.
2017-08-30 13:58:47 +02:00
Pascal Bach
73c4a3f641 gitlab-runner service: honor proxy variables 2017-08-30 13:58:46 +02:00
Jörg Thalheim
5d4a54ca4d network-interfaces-scripted: don't add 'lo' as device dependency
systemd does not create device units for loopback devices,
since they are not physical.
2017-08-30 13:01:47 +02:00
Graham Christensen
128cdeffd0
compiz: drop 2017-08-30 06:59:20 -04:00
Daniel Peebles
ec75a30b66 Merge pull request #28722 from copumpkin/filterSource-cleanup
Deduplicate some filterSource invocations
2017-08-29 21:19:28 -04:00
Symphorien Gibol
bd54589233 networkmanager_iodine: init at 1.2.0 2017-08-30 02:58:29 +02:00
Dan Peebles
e2589b3ca2 Deduplicate some filterSource invocations
This version should have more conventional regexes that work across many
platforms and regex engines. This is an issue because up until Nix 1.11,
Nix called out to the libc regex matcher, which behaved differently on
Darwin and Linux. And in Nix 1.12, we're moving to std::regex which will
also behave differently here.

And yes, I do actually evaluate make-disk-image.nix on Darwin ;)
2017-08-29 20:27:04 -04:00
Franz Pletz
7d1d019650 Merge pull request #27826 from Infinisil/radicale
radicale: update to version 2
2017-08-30 02:17:34 +02:00
Franz Pletz
b91ed35325 Merge pull request #28660 from NeQuissimus/frandom_patch
frandom: Remove
2017-08-30 02:04:56 +02:00
Franz Pletz
3e18f32f68 Merge pull request #28465 from danbst/reloadable-containers
Reloadable containers
2017-08-30 02:01:46 +02:00
Tim Steinbach
ae742fa495
frandom: Remove 2017-08-29 20:01:25 -04:00
Richard Yang
64994b3638 tasks/filesystems: Make sure /dev/pts/ptmx is 0666 (#28490)
This is required for running commands likes screen and tmux, especially inside containers.

See also : https://www.kernel.org/doc/Documentation/filesystems/devpts.txt
2017-08-30 01:50:29 +02:00
Pascal Bach
322d0c562c auto-upgrade: add proxy support
Add the proxy variables so that auto upgrade works behind a proxy.
2017-08-30 01:25:47 +02:00
Vladimír Čunát
dc93744273
rogue: omit from the installation media
At least for now.  It would increase the ISO size by ~10 MB,
after the fixup in the parent commit.
2017-08-29 16:15:15 +02:00
Vladimír Čunát
2858c41823
Merge branch 'master' into staging
There were some conflicts in python modules, commented at #28314.
2017-08-29 10:51:54 +02:00
Michael Weiss
ea23f8bb07 cups service: Automatically detect Gutenprint in drivers
Additional CUPS drivers can be added via "services.printing.drivers" but
Gutenprint was an exception. It was possible to add a Gutenprint
derivation to that list and it would work at first but unlike the other
drivers Gutenprint requires a script to be run after each update or any
attempt to print something would simply fail and an error would show up
in the jobs queue (http://localhost:631/jobs/):
"The PPD version (5.2.11) is not compatible with Gutenprint 5.2.13.
Please run
`/nix/store/7762kpyhfkcgmr3q81v1bbyy0bjhym80-gutenprint-5.2.13/sbin/cups-genppdupdate'
as administrator."
This is due to state in "/var/lib/cups/ppd" and one would need to run
"/nix/store/.../bin/cups-genppdupdate -p /var/lib/cups/ppd" manually.
The alternative was to enable the following option:
"services.printing.gutenprint" but this had two disadvantages:
1) It is an exception that one could be unaware of or that could
potentially cause some confusion.
2) One couldn't use a customized Gutenprint derivation in
"services.printing.drivers" but would instead have to overwrite
"pkgs.gutenprint".

This new approach simply detects a Gutenprint derivation in
"services.printing.gutenprint" by checking if the meta set of a
derivation contains "isGutenprint = true". Therefore no special
exception for Gutenprint would be required and it could easily be
applied to other drivers if they would require such a script to be run.
2017-08-29 05:25:12 +04:00
Franz Pletz
8e622d2689
phpfpm service: allow netlink sockets for sendmail
Fixes #26611.
2017-08-29 00:41:31 +02:00
Tom Hunger
932b167321 Fix indentation. 2017-08-28 15:56:04 +01:00
Linus Heckemann
b73e3b6095 GNOME: 3.22 -> 3.24
This is a squash commit of the joint work from:

* Jan Tojnar (@jtojnar)
* Linus Heckemann (@lheckemann)
* Ryan Mulligan (@ryantm)
* romildo (@romildo)
* Tom Hunger (@teh)
2017-08-28 15:32:49 +01:00
Robin Gloster
8994b27c54
libvirtd module: add qemu_kvm to path 2017-08-28 12:54:41 +02:00
Franz Pletz
951106c650
lldpd: 0.9.7 -> 0.9.8
Now uses the upstream systemd unit which adds lots of hardening flags.
2017-08-27 02:33:32 +02:00
Joachim F
1715436b75 Merge pull request #27833 from volth/hpsa-2.40
nixos/hardware/raid/hpsa: init at 2.40
2017-08-26 23:10:57 +00:00
Jörg Thalheim
2d43c1fa9f Revert "boot.kernelParams: dedup and sort"
This reverts commit 9e00c643d8.

reason: https://github.com/NixOS/nixpkgs/pull/28392#issuecomment-325130848
2017-08-26 15:45:24 +01:00
Jörg Thalheim
66b42344f3 Merge pull request #28392 from volth/patch-53
boot.kernelParams: dedup and sort
2017-08-26 14:14:14 +01:00
Joachim F
227697bc67 Merge pull request #28562 from oxij/nixos/i2pd
nixos: i2pd: bits and pieces
2017-08-26 10:07:35 +00:00
Phil
4f2935390e nixos/usbguard: create package and module (#28363)
* nixos/usbguard: create package and module

No usbguard module or package existed for NixOS previously. USBGuard
will protect you from BadUSB attacks. (assuming configuration is done
correctly)

* nixos/usbguard: remove extra packages

Users can override this by themselves.

* nixos/usbguard: add maintainer and fix style
2017-08-25 23:35:18 +01:00
Jörg Thalheim
e861a26b82 Merge pull request #28476 from disassembler/airsonic
airsonic: init at 10.0.0
2017-08-25 23:19:49 +01:00
Jörg Thalheim
3ba09a8e2c nixos/airsonic: remove full-path commands from preStart
systemd services are initialised with a default PATH.
This path includes coreutils.
2017-08-25 23:18:46 +01:00
Jörg Thalheim
6905e59e25 nixos/airsonic: change script to serviceConfig.ExecStart
- shell invocation is not necessary here
2017-08-25 23:18:46 +01:00
Frederik Rietdijk
665d393919 Merge remote-tracking branch 'upstream/master' into HEAD 2017-08-25 19:39:41 +02:00
Frederik Rietdijk
997043c137 bepasty: move out of python-packages
because its a (web) application and thus doesn't belong there.
2017-08-25 19:36:18 +02:00
Jan Malakhovski
27aa99753b nixos: i2pd: fix indent 2017-08-25 12:49:10 +00:00
Jan Malakhovski
3594c4eec6 nixos: i2pd: tiny fix in a description 2017-08-25 12:49:10 +00:00
SLNOS
fd872c9b71 nixos: i2pd: enable ElGamal precomputation by default 2017-08-25 12:49:10 +00:00
SLNOS
af5de701b7 nixos: i2pd: add logLevel 2017-08-25 12:49:10 +00:00
SLNOS
042329be5e nixos: i2pd: one fork less, one process less 2017-08-25 12:49:10 +00:00
SLNOS
b42a107bc6 nixos: i2pd: rename extIp -> address to harmonize with tor 2017-08-25 12:49:10 +00:00
SLNOS
c21d434d1b nixos: i2pd: change httpproxy port to its default value 2017-08-25 12:49:10 +00:00
aszlig
dd5f0d9538
nixos: Fix build of manual
Regression introduced by 520a43ced3.

Using XML tag characters for things that are not tags needs to be
properly indicated by an entity.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2017-08-25 14:08:11 +02:00
Jörg Thalheim
47295b4677 Merge pull request #28552 from romildo/fix.oblogout
oblogout: add description for configuration options
2017-08-25 09:35:36 +01:00
Izorkin
520a43ced3 Fix zsh completions (#28550)
* Fix zsh completions

* Fix zsh completions (fix commit)

* Fix zsh completions (fix commit)
2017-08-25 09:34:21 +01:00
Robert Helgesson
f861426de9
nixos/tlp: mask systemd-rfkill socket
This fixes a spurious error on boot. See #24737.
2017-08-25 10:09:25 +02:00
Jörg Thalheim
21df7ec4cf Merge pull request #28549 from evujumenuk/exit_on_reboot
containers: remove EXIT_ON_REBOOT
2017-08-25 07:02:31 +01:00
Jörg Thalheim
ddf540d44c Merge pull request #27096 from gnidorah/maxx
maxx: init at 1.1.0
2017-08-25 06:40:31 +01:00
Peter Hoeg
ecdabb1b5b Merge pull request #28481 from mpcsh/master
nixos/caddy: improve documentation
2017-08-25 09:56:40 +08:00
romildo
51df72e4f6 oblogout: add description for configuration options 2017-08-24 18:10:32 -03:00
evujumenuk
36dd8edde1 containers: remove EXIT_ON_REBOOT
EXIT_ON_REBOOT has been obsolete since sometime in 2014.
2017-08-24 20:48:24 +02:00
Frederik Rietdijk
31ba3649ec Merge pull request #28189 from Nadrieril/ffsync-non-root
firefox syncserver service: run as non-root user by default
2017-08-24 20:47:52 +02:00
Mark Cohen
8511a3378b nixos/caddy: improve documentation
There was no documentation for the "config" option, and it wasn't quite
clear whether it was supposed to be a file, a string, or what. This
commit removes that ambiguity.
2017-08-24 13:39:06 -04:00
gnidorah
15ae2cbeea maxx: use libredirect 2017-08-24 19:34:08 +03:00
Thomas Tuegel
27c043c49b Merge pull request #28470 from benley/fix-pam-kwallet5
nixos: Fix pam_kwallet5 integration
2017-08-24 11:32:49 -05:00
Joachim F
9447b8b9cd Merge pull request #28338 from oxij/nixos/better-tor
nixos: better tor config
2017-08-24 08:12:59 +00:00
Philipp Hausmann
de1a25cd69 nixos/hail: init (#28442) 2017-08-23 18:23:13 +00:00
Samuel Leathers
85329b96e0 nixos/airsonic: add module 2017-08-23 13:06:28 -04:00
Joachim F
f1514a5876 Merge pull request #27699 from volth/varnish-fixes-sq
nixos/varnish: made compatible with varnish 5.1.2, add modules
2017-08-22 22:01:00 +00:00
Robin Gloster
ce7e2c06b1
prometheus-unifi-exporter: make ordering more robust 2017-08-22 20:26:18 +02:00
Benjamin Staffin
2e65e2df94 nixos: Fix pam_kwallet5 integration
Fixes #28469
2017-08-22 11:52:14 -04:00
SLNOS
2c4a925ab0 nixos: tor: rename portSpec -> port, type all "port"s properly 2017-08-22 14:57:07 +00:00
SLNOS
30a3cccd07 nixos: tor: better submodule for hidden services
Rebased onto master with a different implementation.
Originally: "add support for serving hidden services".
2017-08-22 14:57:07 +00:00
SLNOS
9226f4886f nixos: tor: more options, no unexpected consequences for default relay operators
Before this commit default relay configuration could produce unexpected
real life consequences. This patch makes those choices explicit and
documents them extensively.
2017-08-22 14:57:06 +00:00
danbst
65ff0d5f9d switch-to-configuration: fix detection of changes between rebuilds for template instances
This makes declarative containers truly reloadable. Current code already declares it:

56904d7c42/nixos/modules/virtualisation/containers.nix (L488)

```
  restartIfChanged = false;
```

56904d7c42/nixos/modules/virtualisation/containers.nix (L540)

```
  reloadIfChanged = true;
```

Original author: @chrisfarms in 6e36619b27
Most of stuff from that commit has already been ported.
2017-08-22 15:04:18 +03:00
Christian Albrecht
964799e556 sks and pgpkeyserver-lite modules: init (#27515)
* modules sks and pgpkeyserver-lite:
  runs the sks keyserver with optional nginx proxy for webgui.
* Add calbrecht to maintainers
* module sks: fix default hkpAddress value
* module pgpkeyserver-lite: make hkpAddress a string type option
  and use (builtins.head services.sks.hkpAddress) as default value
* module sks: remove leftover service dependencies
2017-08-22 12:27:00 +02:00