Commit Graph

11961 Commits

Author SHA1 Message Date
Linus Heckemann
783f2c84e8 nixos/zfs: autoscrub only after boot is complete
Fixes #53583
2019-01-14 21:00:20 +01:00
Franz Pletz
d947944d70
Merge pull request #53962 from elseym/sonarr
sonarr service: add more options to module
2019-01-14 19:33:58 +00:00
elseym
44e1aabd02
nzbget service: fix preStart script and add more options to module 2019-01-14 20:30:44 +01:00
elseym
31ad79f432
sonarr service: add more options to module 2019-01-14 20:30:10 +01:00
Maximilian Bosch
f90bd42c89
nixos/gitea: add git to the service path
Otherwise commands like `git push` will fail if the machine doesn't have
git installed.
2019-01-14 16:04:02 +01:00
Maximilian Bosch
ad3a50e25b
nixos/gitea: add option to disable registration
Although this can be added to `extraOptions` I figured that it makes
sense to add an option to explicitly promote this feature in our
documentation since most of the self-hosted gitea instances won't be
intended for common use I guess.

Also added a notice that this should be added after the initial deploy
as you have to register yourself using that feature unless the install
wizard is used.
2019-01-14 16:04:02 +01:00
Franz Pletz
ca0639837c
Merge pull request #53871 from elseym/fix-container-extraveths
nixos/containers: explicitly set link up on host for extraVeths
2019-01-14 03:59:19 +00:00
Vladimír Čunát
9d16949d42
nixos manual: fix a typo that made it invalid XML
The problem was merge to master in the bfbadab4 commit.
2019-01-13 23:23:32 +01:00
Jörg Thalheim
bfbadab4a4
Merge pull request #53801 from Mic92/nixos-builders
nixos-rebuild: allow to override builders
2019-01-13 21:59:43 +00:00
Jan Tojnar
e35acd7f1c gnome3: link nautilus-python paths to environment 2019-01-13 17:43:33 +01:00
Profpatsch
c8c53fcb11 modules/profiles/minimal: sound is disabled by default
The option is `false` by default since
e349ccc77f, so we don’t need to mention
it explicitely in these minimal configs.
2019-01-13 13:47:36 +01:00
elseym
8a8bf886b5
nixos/containers: explicitly set link up on host for extraVeths 2019-01-13 11:27:39 +01:00
Vladimír Čunát
570d84a01e
Merge branch 'staging-next' 2019-01-13 00:39:38 +01:00
Silvan Mosberger
497e6f1705
Merge pull request #51661 from eonpatapon/testing-hosts
test: set machines fqdn in /etc/hosts
2019-01-12 20:41:13 +01:00
Frederik Rietdijk
9f827d66f5
Update nixos/doc/manual/man-nixos-rebuild.xml
Co-Authored-By: Mic92 <Mic92@users.noreply.github.com>
2019-01-12 18:26:00 +00:00
Frederik Rietdijk
f45195fb44
Update nixos/doc/manual/man-nixos-rebuild.xml
Co-Authored-By: Mic92 <Mic92@users.noreply.github.com>
2019-01-12 18:25:52 +00:00
Samuel Dionne-Riel
2646a64fbc
Merge pull request #53827 from samueldr/feature/data-in-logs
tests: Logs timing in tests
2019-01-12 12:54:56 -05:00
Samuel Dionne-Riel
3b68ddb6fe
Merge pull request #53828 from samueldr/feature/double-alarm-time
tests: Wait for shell for twice as long (10m)
2019-01-12 12:08:14 -05:00
Vladimír Čunát
bde8efe792
Merge branch 'master' into staging-next
A couple thousand rebuilds have accumulated on master.
2019-01-12 12:19:34 +01:00
Samuel Dionne-Riel
b28b37eb00 tests: Wait for shell for twice as long (10m)
See #49441 for an earlier attempt, which was subsequently reverted. I am
assuming that doubling the time will be sufficient if the machine is
overloaded since so many of the tests already pass at 5 minutes, while
still not holding back failures for needlessly long.
2019-01-11 22:40:19 -05:00
Samuel Dionne-Riel
5d93e2c01c test-driver: Logs time taken for nests 2019-01-11 22:36:31 -05:00
Samuel Dionne-Riel
1fe0018df8 test-driver: Adds time it took to connect to guest in logs
This will make it possible to track whether the time is generous or not
when ran on hydra.
2019-01-11 22:36:31 -05:00
Joachim F
8ffae68b22
Merge pull request #53806 from pbogdan/krb-test-eval
nixos/tests/kerberos: fix evaluation
2019-01-11 17:09:38 +00:00
Eelco Dolstra
94ea1c2d83
nix: 2.1.3 -> 2.2 2019-01-11 12:47:06 +01:00
Jörg Thalheim
e40bfa4d85
nixos-rebuild: allow to override builders
Since nix 2.0 the no-build-hook option was replaced by the builders options
that allows to override remote builders ad-hoc.
Since it is useful to disable remote builders updating nixos without network,
this commit reintroduces the option.
2019-01-11 11:40:25 +00:00
Piotr Bogdan
cfc281f571 nixos/tests/kerberos: fix evaluation 2019-01-11 04:36:51 +00:00
Maximilian Bosch
44a80294f7
Merge pull request #53746 from zaninime/patch-1
nexus: 3.12.1 -> 3.14.0-04
2019-01-10 23:01:26 +01:00
Maximilian Bosch
edcd1494f7
nixos/nexus: increase disk size of VM test to 8GB
Nexus increased their default minimum disk space requirement to 4GB:

```
com.orientechnologies.orient.core.exception.OLowDiskSpaceException: Error occurred while executing a
write operation to database 'OSystem' due to limited free space on the disk (1823 MB). The database
is now working in read-only mode. Please close the database (or stop OrientDB), make room on your hard
drive and then reopen the database. The minimal required space is 4096 MB. Required space is now
set to 4096MB (you can change it by setting parameter storage.diskCache.diskFreeSpaceLimit) .
server# [   72.560866] zqnav3mg7m6ixvdcacgj7p5ibijpibx5-unit-script-nexus-start[627]:   DB name="OSystem"
```

Including the rest on the VM 8GB should be the most suitable solution.
As the installer test also takes 8GB of disk size this should still be
in an acceptable range.
2019-01-10 22:44:26 +01:00
lewo
7612a6add4
Merge pull request #52870 from xtruder/pkgs/dockerTools/buildLayeredImage/extraCommands
dockerTools: allow to pass extraCommands, uid and gid to buildLayered image
2019-01-10 19:00:19 +01:00
Yorick
4d68e82dbc nixos/borgbackup: use coercedTo instead of apply on paths (#53756)
so multiple declarations merge properly
2019-01-10 16:34:02 +01:00
Jaka Hudoklin
954cda5c9d
dockerTools: allow to pass extraCommands, uid and gid to buildLayeredImage 2019-01-10 16:02:23 +01:00
Vladimír Čunát
287144e342
Merge branch 'master' into staging-next 2019-01-10 13:07:21 +01:00
Vladimír Čunát
829ada37bf
Merge #53365: nixos/nsd: Don't override bind via nixpkgs.config 2019-01-10 11:00:40 +01:00
Aaron Andersen
fd5a88687c nixos/httpd: add options sslCiphers & sslProtocols 2019-01-09 11:30:19 -05:00
Claudio Bley
cb0b629894 nixos/luksroot: Fix typo Verifiying -> Verifying 2019-01-08 15:45:02 -05:00
Robin Gloster
c75571d66c
Merge pull request #53598 from mayflower/atlassian-updates
atlassian updates
2019-01-08 17:56:13 +00:00
Silvan Mosberger
6a942aec5b
Merge pull request #52765 from Izorkin/datadog-agent
datadog-agent: 6.4.2 -> 6.8.3
2019-01-08 16:01:26 +01:00
Jörg Thalheim
ba9f589180
Merge pull request #53446 from Mic92/systemd-udev-settle
nixos/systemd-udev-settle: don't restart on upgrades
2019-01-08 13:05:25 +01:00
Izorkin
47a8b13efa datadog-agent: 6.4.2 -> 6.8.3 2019-01-08 11:16:44 +03:00
Matthew Bauer
04373fd3cc
Merge pull request #52594 from matthewbauer/fix-51025
make-disk-image: use filterSource instead of cleanSource
2019-01-07 16:29:58 -06:00
Matthew Bauer
f05d8f31ec make-disk-image: use filterSource instead of cleanSource
cleanSource does not appear to work correctly in this case. The path
does not get coerced to a string, resulting in a dangling symlink
produced in channel.nix.  Not sure why, but this
seems to fix it.

Fixes #51025.

/cc @elvishjericco
2019-01-07 16:28:50 -06:00
Robin Gloster
89d24aca93
atlassian-crowd: 3.2.5 -> 3.3.3 2019-01-07 21:54:23 +01:00
Franz Pletz
b60f8fc6e2
atlassian modules: don't chown home recursively
This can take a long time and should not be necassary anyway.
2019-01-07 21:54:20 +01:00
Matthew Bauer
de30f4e61d
Merge pull request #51570 from eonpatapon/cassandra-logging
cassandra: add option to configure logging
2019-01-07 12:41:07 -06:00
Bas van Dijk
6ac10cd764
Merge pull request #53399 from LumiGuide/feat-wordpress-copy-plugins
apache-httpd/wordpress: copy plugins and themes instead of symlinking
2019-01-07 13:41:29 +01:00
Tim Steinbach
289fe57eea
urxvt: Allow switching out package 2019-01-07 07:35:20 -05:00
Matthew Bauer
751c03e8fd
Merge pull request #47665 from erikarvstedt/initrd-improvements
Minor initrd improvements
2019-01-06 21:48:26 -06:00
Falco Peijnenburg
9d2c9157d7 nixos/apache-httpd/wordpress: copy plugins and themes instead of symlinking
Symlinking works for most plugins and themes, but Avada, for instance, fails to
understand the symlink, causing its file path stripping to fail. This results in
requests that look like:

https://example.com/wp-content//nix/store/...plugin/path/some-file.js

Since hard linking directories is not allowed, copying is the next best thing.
2019-01-06 17:51:31 +01:00
Joachim Fasting
e6538caa48
nixos/tests: re-enable hardened test
Has been okay since 62623b60d5
2019-01-06 14:08:20 +01:00
Joachim Fasting
39c30a33c1
nixos/tests/hardened: test loading out-of-tree-modules 2019-01-06 13:19:28 +01:00
Frederik Rietdijk
a4250d1478 Merge staging-next into staging 2019-01-06 09:48:31 +01:00
Frederik Rietdijk
e5381cdece Merge master into staging-next 2019-01-06 09:36:23 +01:00
Jörg Thalheim
09fb07e4af
Merge pull request #52943 from ck3d/vdr-enableLirc
nixos vdr: introduce option enableLirc
2019-01-05 17:51:41 +01:00
Jörg Thalheim
8a2389e4a1
Merge pull request #53404 from Mic92/xsslock
nixos/xss-lock: specify a default locker
2019-01-05 16:44:29 +01:00
Jörg Thalheim
2614c8a6c5
nixos/xss-lock: specify a default locker
Having a default locker is less error-prone and more convenient.
Incorrect values might leave the machine vulnerable since there is no
fallback.
2019-01-05 16:42:30 +01:00
Vladimír Čunát
d84a33d85b
Merge branch 'master' into staging-next
A few more rebuilds (~1k on x86_64-linux).
2019-01-05 15:02:04 +01:00
Joachim Fasting
167578163a
nixos/hardened profile: always enable pti 2019-01-05 14:07:39 +01:00
Joachim Fasting
3f1f443125
nixos/hardened profile: slab/slub hardening
slab_nomerge may reduce surface somewhat

slub_debug is used to enable additional sanity checks and "red zones" around
allocations to detect read/writes beyond the allocated area, as well as
poisoning to overwrite free'd data.

The cost is yet more memory fragmentation ...
2019-01-05 14:07:37 +01:00
Jörg Thalheim
0a2c8cc1db
nixos/systemd-udev-settle: don't restart on upgrades
The idea is that we only need this target during boot,
however there is no point on restarting it on every upgrade.

This hopefully fixes #21954
2019-01-05 13:57:29 +01:00
Jörg Thalheim
9b2f0fbcdd
nixos/lirc: expose socket path via passthru 2019-01-05 13:22:39 +01:00
Frederik Rietdijk
60a3973a55 Merge staging-next into staging 2019-01-05 10:15:00 +01:00
worldofpeace
21327795ce nixos/version: add LOGO to /etc/os-release 2019-01-05 00:03:39 -05:00
Frederik Rietdijk
9618abe87c Merge master into staging-next 2019-01-04 21:13:19 +01:00
Michael Weiss
65c953976c
Merge pull request #53138 from gnidorah/sway
nixos/sway: Improve the wrapper
2019-01-04 11:49:07 +01:00
aszlig
6446d9eee8
nixos/nsd: Improve checking for empty dnssec zones
While at it (see previous commit), using attrNames in combination with
length is a bit verbose for checking whether the filtered attribute set
is empty, so let's just compare it against an empty attribute set.

Signed-off-by: aszlig <aszlig@nix.build>
2019-01-04 01:59:28 +01:00
aszlig
751bdacc9b
nixos/nsd: Don't override bind via nixpkgs.config
When generating values for the services.nsd.zones attribute using values
from pkgs, we'll run into an infinite recursion because the nsd module
has a condition on the top-level definition of nixpkgs.config.

While it would work to push the definition a few levels down, it will
still only work if we don't use bind tools for generating zones.

As far as I could see, Python support for BIND seems to be only needed
for the dnssec-* tools, so instead of using nixpkgs.config, we now
directly override pkgs.bind instead of globally in nixpkgs.

To illustrate the problem with a small test case, instantiating the
following Nix expression from the nixpkgs source root will cause the
mentioned infinite recursion:

  (import ./nixos {
    configuration = { lib, pkgs, ... }: {
      services.nsd.enable = true;
      services.nsd.zones = import (pkgs.writeText "foo.nix" ''
        { "foo.".data = "xyz";
          "foo.".dnssec = true;
        }
      '');
    };
  }).vm

With this change, generating zones via import-from-derivation is now
possible again.

Signed-off-by: aszlig <aszlig@nix.build>
Cc: @pngwjpgh
2019-01-04 01:49:50 +01:00
Matthew Bauer
74312c7ef5
Merge pull request #52760 from akru/master
lib/make-ext4-fs: more efficient store maker
2019-01-03 15:07:27 -06:00
Matthew Bauer
9c5cde46a6 nixos/all-firmware: include raspberrypiWirelessFirmware when building 2019-01-03 15:05:38 -06:00
Jean-Philippe Braun
4f99f8d2cb nixos/prometheus-bind-exporter: add module 2019-01-03 21:14:21 +01:00
Frederik Rietdijk
2da31b80bb Merge master into staging-next 2019-01-03 20:07:35 +01:00
Silvan Mosberger
2b1c9fd8a7
Merge pull request #53301 from cdepillabout/remove-cpufreqgov-alias
nixos/cpufreq: Remove the alias to set the cpu frequency governor
2019-01-03 17:47:53 +01:00
(cdep)illabout
46ecec8239
nixos/cpufreq: Remove the alias to set the cpu frequency governor
This PR temporarily fixes the issue with PR 53041 as explained
here:

https://github.com/NixOS/nixpkgs/pull/53041#commitcomment-31825338

The alias `powerManagement.cpufreq.governor` to
`powerManagement.cpuFreqGovernor` has been removed.
2019-01-03 20:57:49 +09:00
Сухарик
a285cead44 nixos/display-managers: allow pure wayland sessions 2019-01-03 09:38:36 +03:00
Matthew Bauer
921a47bc92 treewide: remove cross assertions
sd-image-raspberrypi, sd-image-aarch64, and
sd-image-armv7l-multiplatform can all be cross compiled now.
2019-01-02 23:02:50 -06:00
Matthew Bauer
35af6e3605 treewide: use buildPackages for config builders 2019-01-02 23:02:50 -06:00
Frederik Rietdijk
092e3b50a8 Merge master into staging-next 2019-01-02 21:08:27 +01:00
ajs124
325e314aae
sshd: Add restartTrigger for sshd_config
Co-Authored-By: Franz Pletz <fpletz@fnordicwalking.de>
2019-01-02 20:11:01 +01:00
Franz Pletz
0ea65cd96c
shairport-sync service: fix default arguments 2019-01-02 19:17:22 +01:00
Vladimír Čunát
70bff06140
Merge branch 'master' into staging 2019-01-02 17:19:23 +01:00
(cdep)illabout
b0f10d2d53
cpufreq: add option for setting the cpu max and min frequencies
This adds a NixOS option for setting the CPU max and min frequencies
with `cpufreq`.  The two options that have been added are:

- `powerManagement.cpufreq.max`
- `powerManagement.cpufreq.min`

It also adds an alias to the `powerManagement.cpuFreqGovernor` option as
`powerManagement.cpufreq.governor`.  This updates the installer to use
the new option name.  It also updates the manual with a note about
the new name.
2019-01-01 19:18:12 +09:00
gnidorah
d15425f816 nixos/sway: Improve the wrapper
Port a change by @primeos from sway-beta module to sway module.

https://github.com/NixOS/nixpkgs/pull/51316
2019-01-01 11:21:15 +03:00
Frederik Rietdijk
070290bda7 Merge master into staging-next 2018-12-31 12:00:36 +01:00
Frederik Rietdijk
c6e043d57c Remove composableDerivation, closes #18763 2018-12-30 12:33:45 +00:00
Silvan Mosberger
45c073e4da
Merge pull request #52930 from Ekleog/low-prio-syspath
system-path: set implicitly installed packages to be low-priority
2018-12-30 00:29:59 +01:00
Silvan Mosberger
070254317e
Revert "nixos/ddclient: make RuntimeDirectory and configFile private" 2018-12-29 16:53:43 +01:00
adisbladis
0ff4d0a516
fish: 2.7.1 -> 3.0.0 2018-12-28 21:23:24 +00:00
Frederik Rietdijk
10afccf145 Merge staging-next into staging 2018-12-27 18:11:34 +01:00
Dmitry Kalinkin
3edd5cb227
Merge pull request #51294 from eadwu/nvidia_x11/legacy_390
nvidia: expose nvidia_x11_legacy390
2018-12-27 09:08:53 -05:00
Joachim Fasting
ea4f371627
nixos/security/misc: expose SMT control option
For the hardened profile disable symmetric multi threading.  There seems to be
no *proven* method of exploiting cache sharing between threads on the same CPU
core, so this may be considered quite paranoid, considering the perf cost.
SMT can be controlled at runtime, however.  This is in keeping with OpenBSD
defaults.

TODO: since SMT is left to be controlled at runtime, changing the option
definition should take effect on system activation.  Write to
/sys/devices/system/cpu/smt/control
2018-12-27 15:00:49 +01:00
Joachim Fasting
e9761fa327
nixos/security/misc: expose l1tf mitigation option
For the hardened profile enable flushing whenever the hypervisor enters the
guest, but otherwise leave at kernel default (conditional flushing as of
writing).
2018-12-27 15:00:48 +01:00
Joachim Fasting
84fb8820db
nixos/security/misc: factor out protectKernelImage
Introduces the option security.protectKernelImage that is intended to control
various mitigations to protect the integrity of the running kernel
image (i.e., prevent replacing it without rebooting).

This makes sense as a dedicated module as it is otherwise somewhat difficult
to override for hardened profile users who want e.g., hibernation to work.
2018-12-27 15:00:47 +01:00
Joachim Fasting
9db84f6fcd
nixos/security/misc: use mkMerge for easier extension 2018-12-27 15:00:46 +01:00
Christian Kögler
987fdea1a8 nixos vdr: introduce option enableLirc
also introduce option socket for lirc, to have access to socket path
2018-12-26 22:59:06 +01:00
Léo Gaspard
fa98337a15
system-path: set implicitly installed packages to be low-priority
The aim is to minimize surprises: when the user explicitly installs a
package in their configuration, it should override any package
implicitly installed by NixOS.
2018-12-26 23:16:17 +09:00
Samuel Dionne-Riel
302d53df2b nixos/sd-image-aarch64-new-kernel: Added to release
This, paired with the previous commit, ensures the channel won't be held
back from a kernel upgrade and a non-building sd image, while still
having a new-kernel variant available.
2018-12-26 11:03:32 +00:00
Samuel Dionne-Riel
207210660f nixos/sd-image-aarch64: Configures it to use the default kernel 2018-12-26 11:03:32 +00:00
Frederik Rietdijk
e45ca47f14 Merge staging-next into staging 2018-12-26 09:30:32 +01:00
Dmitry Kalinkin
c7f26a34e8
Merge pull request #52896 from veprbl/pr/gmane_wo_net-snmp
treewide: Fix broken Gmane URLs
2018-12-25 22:55:03 -05:00
Craig Younkins
8b12b17df3
treewide: Fix broken Gmane URLs 2018-12-25 22:34:55 -05:00
worldofpeace
c1599d29d9 gcr: rename from gnome3.gcr 2018-12-25 20:14:28 -05:00