Commit Graph

4434 Commits

Author SHA1 Message Date
zimbatm
2c7e5a6d8e Merge pull request #13434 from spacefrogg/oath-module
config.security.oath: new module
2016-02-26 18:06:28 +00:00
Nikolay Amiantov
c88a06a860 cups service: set path for cups-genppdupdate 2016-02-26 18:27:41 +03:00
zimbatm
8d4c2340d3 Merge pull request #13396 from mayflower/pkg/gitlab
gitlab: 8.0.5 -> 8.5.1, service improvements
2016-02-26 11:19:28 +00:00
Domen Kožar
a469681a51 Merge pull request #13365 from abbradar/cups-second-attempt
CUPS update (second attempt)
2016-02-26 11:13:30 +00:00
zimbatm
c86e10c115 Merge pull request #13469 from tg-x/acme-external
simp_le: external_pem.sh plugin is now called external.sh
2016-02-26 10:48:55 +00:00
Franz Pletz
cd0f14f23e gitlab: Add documentation
Fixes #13303.
2016-02-26 08:56:39 +01:00
Franz Pletz
e9393bd426 fixup! gitlab: 8.0.5 -> 8.5.0, service improvements
Make the gitlab packages and components overrideable.
2016-02-26 08:56:08 +01:00
Franz Pletz
44a4592a1c fixup! gitlab: 8.0.5 -> 8.5.0, service improvements
gitlab-shell is now talking over the unix socket to gitlab, so the TCP
port isn't needed anymore.
2016-02-26 08:31:20 +01:00
Franz Pletz
3fd51a9ab2 fixup! gitlab: 8.0.5 -> 8.5.0, service improvements
Some debugging and development leftovers.
2016-02-26 07:08:31 +01:00
Franz Pletz
bcfa59bf82 gitlab: 8.0.5 -> 8.5.0, service improvements
Updates gitlab to the current stable version and fixes a lot of features that
were broken, at least with the current version and our configuration.

Quite a lot of sweat and tears has gone into testing nearly all features and
reading/patching the Gitlab source as we're about to deploy gitlab for our
whole company.

Things to note:

 * The gitlab config is now written as a nix attribute set and will be
   converted to JSON. Gitlab uses YAML but JSON is a subset of YAML.
   The `extraConfig` opition is also an attribute set that will be merged
   with the default config. This way *all* Gitlab options are supported.

 * Some paths like uploads and configs are hardcoded in rails  (at least
   after my study of the Gitlab source). This is why they are linked from
   the Gitlab root to /run/gitlab and then linked to the  configurable
   `statePath`.

 * Backup & restore should work out of the box from another Gitlab instance.

 * gitlab-git-http-server has been replaced by gitlab-workhorse upstream.
   Push & pull over HTTPS works perfectly. Communication to gitlab is done
   over unix sockets. An HTTP server is required to proxy requests to
   gitlab-workhorse over another unix socket at
   `/run/gitlab/gitlab-workhorse.socket`.

 * The user & group running gitlab are now configurable. These can even be
   changed for live instances.

 * The initial email address & password of the root user can be configured.

Fixes #8598.
2016-02-26 07:08:31 +01:00
Profpatsch
70c02402c8 networkmanager: fix link-local ip addresses
NetworkManager needs an additional avahi-user to use link-local
IPv4 (and probably IPv6) addresses. avahi-autoipd also needs to be
patched to the right path.
2016-02-26 03:28:56 +01:00
Tanner Doshier
4e5ef470a7 ec2-data: ensure providing a SSH host key is actually optional
2701665904 broke this.
2016-02-25 20:11:49 -06:00
zimbatm
b73c5ae291 Merge pull request #10546 from aszlig/nixops-issue-350
Fixes for NixOps issue #350
2016-02-26 00:33:49 +00:00
tg(x)
629a89343e simp_le: external_pem.sh plugin is now called external.sh 2016-02-26 01:31:58 +01:00
zimbatm
76f5cf3f31 Merge pull request #13324 from zimbatm/doc-from-wiki
Converting the wiki to documentation
2016-02-25 19:37:43 +00:00
zimbatm
dc314aad12 samba module: add more description
Fixes #13281
2016-02-25 19:36:55 +00:00
zimbatm
93a0306e79 sane module: add more documentation
Imported from https://nixos.org/wiki/Scanners
2016-02-25 19:36:46 +00:00
Michael Raitza
d09c7986de config.security.oath: new module
Add a module to make options to pam_oath module configurable.
These are:
 - enable - enable the OATH pam module
 - window - number of OTPs to check
 - digits - length of the OTP (adds support for two-factor auth)
 - usersFile - filename to store OATH credentials in
2016-02-25 13:52:45 +00:00
Emery
b16dc8dcc5 New hdapsd module 2016-02-24 21:51:13 +01:00
Jordan Mulcahey
a2b8cc0aaf netatalk: 3.1.0 -> 3.1.7, new service module 2016-02-24 19:32:54 +01:00
Eelco Dolstra
e2af876c78 Merge pull request #13415 from MatrixAI/master
nixos/stage-1/2: Added -r option to read so that read interprets backslashes literally
2016-02-24 13:50:59 +01:00
Brian McKenna
7d91ee54c9 openbox: fix copy/paste typo in config 2016-02-24 22:54:08 +11:00
Roger Qiu
5cf823e1f4 nixos/stage-1/2: Added -r option to read so that read interprets backslashes literally, and corrected the comment about optional logging. 2016-02-24 18:54:25 +11:00
zimbatm
2a0f6453d5 Merge pull request #12540 from eskimor/libinput-master
nixos: Libinput: Add support like there is for synaptics
2016-02-24 00:01:38 +00:00
zimbatm
cfa99e5a99 Merge pull request #13114 from colemickens/azure
azure: package qemu 2.2.0 to fix VHD creation
2016-02-23 22:47:44 +00:00
zimbatm
55ca9eb477 Merge pull request #13115 from colemickens/azure-agent
azure-agent: switch back to upstream WALinuxAgent
2016-02-23 22:46:30 +00:00
zimbatm
09c14170d8 Merge pull request #13125 from abbradar/uwsgi
Refactor uWSGI
2016-02-23 22:32:54 +00:00
Eelco Dolstra
d9d6a92d5e sshd.nix: Ensure global config goes before user Match blocks
Hopefully fixes #13393.
2016-02-23 18:03:33 +01:00
Eelco Dolstra
cacf2d063e Merge pull request #13059 from abbradar/udev-local-priority
Make local udev rules higher prioritized
2016-02-23 16:41:47 +01:00
Nikolay Amiantov
32df5ed4c2 udev service: make local rules apply after all others 2016-02-23 15:17:24 +03:00
Eelco Dolstra
deae4eff7b Make stage-1/2 logging unconditional, and drop log level to "debug"
Using "debug" level prevents spamming the console with messages twice
(once directly and once via kmsg).
2016-02-23 11:56:09 +01:00
Eelco Dolstra
6f6e2c430f test-instrumentation.nix: Only clear $PAGER in the backdoor shell 2016-02-23 11:56:09 +01:00
Eelco Dolstra
806b27a297 qemu-guest.nix: Disable rngd
This gets rid of a zillion "rngd[N]: read error" messages during boot.
2016-02-23 11:56:09 +01:00
Roger Qiu
474d5a7bd0 nixos/stage-2: Added boot.logCommands 2016-02-23 11:56:09 +01:00
Roger Qiu
142f65e07a nixos/stage-1: Added boot.initrd.logCommands 2016-02-23 11:56:08 +01:00
Pascal Wittmann
5d6d841d58 Merge pull request #13373 from tomberek/revert_kippo_twisted
kippo: revert twisted dependency
2016-02-22 23:50:17 +01:00
Thomas Bereknyei
e31c8922e0 kippo: revert twisted dependency 2016-02-22 13:57:24 -05:00
Franz Pletz
2d5e6a27fc Merge pull request #13355 from grahamc/ttyNumberString-issue3608
nixos-manual: Accept numbers for ttyNumber, closes #3608
2016-02-22 19:34:16 +01:00
Graham Christensen
f57c049e0b nixos-manual: Accept numbers for ttyNumber, closes #3608 2016-02-22 11:25:16 -06:00
Nikolay Amiantov
8b124b7521 nixos.tests.printing: fix for new CUPS version
It looks like now queue is not immediately cleared from cancelled jobs.
Instead, files like "c00001" are left alongside "d00001-001", and
cleanup happens at some later point of time. Also, all new jobs are
assigned consecutive numbers now (00002, 00003 etc.). So when
original d00001 file is finally cleaned, it breaks the test. Fixed
by checking for any "d*" file inside the queue and cleaning it by
ourselves to ensure that each job works correctly.
2016-02-22 12:42:06 +03:00
Sou Bunnbu
7fcecec58b Merge pull request #11254 from ericsagnes/standardize-im
Improve and standardize input methods
2016-02-22 10:13:54 +08:00
zimbatm
a7715e3e06 Merge pull request #10231 from zimbatm/apache-intermediate-ssl
apache-httpd: adopt mozilla's SSL configuration recommendation
2016-02-20 19:14:51 +00:00
Robin Gloster
686c09dd38 wpa_supplicant module: after network-interfaces.target
fixes #13136
2016-02-20 17:41:02 +00:00
Arseniy Seroka
cbb06df02f Merge pull request #13142 from zimbatm/zerotierone-1.1.4
Zerotierone 1.1.4
2016-02-20 17:09:59 +03:00
Eric Sagnes
dc6bd61187 added input method related changelog 2016-02-20 13:04:02 +09:00
zimbatm
433f979cee zerotierone: adopt systemd unit from upstream
See
5db538d85e/ext/installfiles/linux/systemd/zerotier-one.service
2016-02-19 22:56:19 +00:00
Nikolay Amiantov
b6c49abba0 uwsgi service: update documentation 2016-02-19 18:09:27 +03:00
Nikolay Amiantov
e48c991131 uwsgi service: refactor, throw more errors and drop simultaneous Python 2/3 in path 2016-02-19 18:09:26 +03:00
Thomas Tuegel
7bca3cd8dc kde5: reduce default installation size 2016-02-19 06:21:50 -06:00
Nikolay Amiantov
b457b7a7ea Merge pull request #13069 from abbradar/m3d
OctoPrint and plugins and support for M3D Micro 3D-printer
2016-02-19 14:27:32 +03:00
Cole Mickens
86cbd505c5 azure-agent: switch back to upstream WALinuxAgent 2016-02-18 21:11:21 -08:00
Cole Mickens
718848d5aa azure: package qemu @ 2.2.0
This commit packages qemu-220. This package is qemu-2.2.0
and is only used with Azure.
2016-02-18 21:08:28 -08:00
Eric Sagnes
3ad12f2dec inputMethod service: init 2016-02-19 08:52:18 +09:00
Bjørn Forsman
b2b1511353 nixos/collectd: add defaultText to package option
CC @fpletz
2016-02-18 20:30:05 +01:00
tg(x)
de787adb90 tlsdated: add missing default value for extraOptions 2016-02-18 05:29:12 +01:00
Franz Pletz
ed979124ca collectd service: Add option package 2016-02-18 03:44:55 +01:00
aszlig
7bdcfb33f4
nixos: Provide a defaultText for type = package
We don't want to build all those things along with the manual, so that's
what the defaultText attribute is for.

Unfortunately a few of them were missing, so let's add them.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-02-17 21:12:24 +01:00
Nikolay Amiantov
53269f1455 octoprint service: init 2016-02-17 17:05:59 +03:00
Rob Vermaas
b2f2d2fef3 Fix azure image, by adding subformat=fixed to disk generation. 2016-02-17 12:02:52 +00:00
Eric Sagnes
3ed3f061da nabi service: init 2016-02-17 20:44:29 +09:00
Eric Sagnes
4a199d9955 uim service: init 2016-02-17 20:44:29 +09:00
Eric Sagnes
52dd53373f ibus service: refactoring 2016-02-17 20:44:29 +09:00
Eric Sagnes
295d670024 fcitx-with-plugins: add fcitx-configtool and fcitx-qt5 2016-02-17 20:44:29 +09:00
Eric Sagnes
850be632a0 fcitx service: init 2016-02-17 20:44:29 +09:00
Vladimír Čunát
e9520e81b3 Merge branch 'master' into staging 2016-02-17 10:06:31 +01:00
Nikolay Amiantov
1c8a21dfad Merge branch 'pdnsd-service' of https://github.com/nfjinjing/nixpkgs
Closes #12932
2016-02-16 20:35:01 +03:00
Nikolay Amiantov
39e9b43082 Merge branch 'gammu-smsd' of https://github.com/zohl/nixpkgs into zohl-gammu-smsd
Closes #12998
2016-02-16 19:40:00 +03:00
Franz Pletz
932d2cbd2c Merge pull request #13000 from mayflower/feat/unbound-dnssec
unbound: 1.5.3 -> 1.5.7, hardening, DNSSEC support & cleanup
2016-02-16 02:13:35 +01:00
Arseniy Seroka
6b205a9eba Merge pull request #12988 from colemickens/cfdyndns
cfdyndns: init at 0.0.1
2016-02-16 00:24:32 +03:00
Cole Mickens
c7571611dc cfdyndns: init at 0.0.1 2016-02-15 12:54:04 -08:00
Arseniy Seroka
a13f9a708b Merge pull request #12992 from lukasepple/master
intel2200BGFirmware: init at 3.1
2016-02-15 22:10:49 +03:00
lukasepple
0b72e7e247 intel2200BGFirmware: init at 3.1
This commit adds the firmware for the Intel 2200BG wireless cards for
the ipw2200 kernel module. Also it changes the
networking.enableIntel2200BGFirmware option to set it as
hardware.firmware since firmware-linux-nonfree does not contain the
appropiate firmware anymore. Also hardware.enableAllFirmware does enable
the intel2200BGFirmware now.
2016-02-15 19:53:07 +01:00
Tuomas Tynkkynen
eb9a85a389 Merge pull request #12742 from dezgeg/pr-uboot-changes
U-Boot: 2015.10 -> 2016.01, refactor & support some new boards
2016-02-15 16:10:37 +02:00
Franz Pletz
483e78d0f0 unbound service: add fetching root anchor for DNSSEC 2016-02-15 03:59:42 +01:00
Franz Pletz
9ba533ee4a unbound service: add types to options 2016-02-15 03:59:35 +01:00
Franz Pletz
fe4b0a4801 unbound service: retab 2016-02-15 03:59:15 +01:00
Al Zohali
7b7cf281d3 gammu-smsd service: init 2016-02-15 00:26:41 +03:00
Nikolay Amiantov
a0afc49f0f dspam service: restrict socket access 2016-02-14 10:35:06 +03:00
Nikolay Amiantov
2cee5a42b0 dspam service: set ClientHost 2016-02-14 10:35:04 +03:00
Franz Pletz
6a036d9fca Merge pull request #9913 from chris-martin/synaptics-options
Add synaptics options for palm detection and scroll speed
2016-02-14 06:08:36 +01:00
Markus Wotringer
4bc9e8a785 elasticsearch2: init at 2.2.0
changes by @globin:
 * updated 2.1.0 to 2.2.0
 * moved to a new derivation

closes #11446

Signed-off-by: Robin Gloster <mail@glob.in>
2016-02-13 15:03:09 +00:00
Robin Gloster
c2b578386e kibana: fix pkg and module 2016-02-13 15:03:09 +00:00
Robin Gloster
e1493f2ba7 logstash module: use literalExample 2016-02-13 15:03:09 +00:00
Edward Tjörnhammar
9c249a3adf nixos: i2pd, make config options adhere to version 2.4.0 2016-02-13 15:22:31 +01:00
Nikolay Amiantov
c9d38164b7 dspam service: make maintenance script verbose 2016-02-12 18:00:00 +03:00
Eelco Dolstra
abdbdbebf6 nixos/tests/simple.nix: Include minimal.nix
This reduces the amount of rebuilds (particularly some X11 stuff)
after changing some dependencies like systemd.
2016-02-12 14:35:41 +01:00
Eelco Dolstra
928035378d Fix typo 2016-02-12 14:35:40 +01:00
Robin Gloster
648e596c5f Merge pull request #12683 from heydojo/bluetooth--plasma5
kde5 bluedevil plasmoid : enable bluez5 bluetooth functionality
2016-02-12 13:49:54 +01:00
Eelco Dolstra
fd8bd17c3e postgresql: Bump default version to 9.5 2016-02-12 13:20:11 +01:00
Peter Simons
a1fa485378 Revert "Remove double-backslashes from grub conf file".
This reverts commit b861bf8ddf, because according to @mdorman [1] this
change rendered his NixOS systems unbootable, and we probably don't want that.

[1] b861bf8ddf (commitcomment-16058598)
2016-02-12 13:14:34 +01:00
Jinjing Wang
73b9a9662d pdnsd service: init 2016-02-12 19:53:41 +08:00
Peter Simons
7bd6fc90cb Merge pull request #12725 from jerith666/postfix-dns-bl
postfix service: implement DNS blacklist support
2016-02-12 12:43:27 +01:00
Franz Pletz
c29205f965 Merge pull request #12941 from elitak/unifi_fix
unifi: LD_LIBRARY_PATH hack for embedded libsnappyjava.so, fixes #12897
2016-02-12 08:22:20 +01:00
Edward Tjörnhammar
faf01ab0f7 Merge pull request #12038 from womfoo/facetimehd
facetimehd: PCIe webcam support for Macbooks
2016-02-12 07:32:42 +01:00
Edward Tjörnhammar
81b5223c97 nixos: gitit, wrong type restriction redacted 2016-02-12 07:00:37 +01:00
Matt McHenry
40c7d554d4 postfix service: implement DNS blacklist support 2016-02-11 22:13:09 -05:00
Ben Booth
b861bf8ddf Remove double-backslashes from grub conf file
The double-backspashes in the splashimage, kernel, and initrd sections serve no purpose and confuse pygrub
2016-02-11 12:05:15 -08:00
Eric Litak
fc8a16f4ed unifi: LD_LIBRARY_PATH hack for embedded libsnappyjava.so, fixes #12897 2016-02-11 09:06:33 -08:00
Nikolay Amiantov
ccece1ca88 dspam service: restart on failure 2016-02-11 14:03:34 +03:00
Eelco Dolstra
86c2a0f783 mediawiki: 1.23.9 -> 1.23.13 2016-02-11 11:24:44 +01:00
Robin Gloster
c341a01281 Merge pull request #12913 from tg-x/tinc-chroot
tinc: enable chroot
2016-02-10 18:15:39 +01:00
tg(x)
5c19830b77 tinc: chroot option 2016-02-10 17:29:36 +01:00
Eelco Dolstra
652ff6902c Merge pull request #12910 from abbradar/postgresql-no-su
postgresql service: don't use su
2016-02-10 12:01:06 +01:00
Eelco Dolstra
e892379472 Merge pull request #12909 from abbradar/vconsole-container
kbd module: don't setup vconsoles if we are in a container
2016-02-10 11:56:51 +01:00
Nikolay Amiantov
7ab80e8f79 kbd module: don't setup vconsoles if we are in a container 2016-02-10 13:38:27 +03:00
Eelco Dolstra
a4f5dc8bbf Merge pull request #12908 from abbradar/nixos-install-no-check
nixos-install: don't check that /mnt is a mount point
2016-02-10 11:29:39 +01:00
tg(x)
c768172919 tinc: enable chroot 2016-02-10 01:49:41 +01:00
Nikolay Amiantov
37bb4855c8 postfix module: fix link to postfix-files 2016-02-10 02:59:15 +03:00
Nikolay Amiantov
90ef11ddcd postgresql service: don't use su 2016-02-10 02:12:05 +03:00
Nikolay Amiantov
46f3975d99 nixos-install: don't check that /mnt is a mount point 2016-02-10 02:08:36 +03:00
Nikolay Amiantov
0024c10a5c dovecot service: add sendmail_path 2016-02-10 02:06:10 +03:00
Nikolay Amiantov
c420a6f1ef acme service: update plugins enum 2016-02-10 02:06:01 +03:00
Nikolay Amiantov
2202bb9cf5 postsrsd: fix secret generation 2016-02-10 02:05:53 +03:00
Nikolay Amiantov
5396a01b6c init-script-builder: handle containers without a kernel 2016-02-10 02:05:47 +03:00
Robin Gloster
5bfcce9ed9 Merge pull request #12894 from nathan7/raw-psk
wpa_supplicant module: add an option for accepting raw PSKs
2016-02-09 17:23:24 +01:00
Nathan Zadoks
9e986c161b wpa_supplicant module: add an option for accepting raw PSKs
fix #12892
2016-02-09 17:20:35 +01:00
Eelco Dolstra
4d760edb94 Add FIXME 2016-02-09 16:15:57 +01:00
Rob Vermaas
fdbbcef8a2 Fix waagent revision, previous did not exist anymore. 2016-02-09 14:52:54 +00:00
Robin Gloster
0ee88cffca Merge pull request #10417 from puffnfresh/nixos/mmc_block
initrd: add mmc_block to default available modules
2016-02-08 23:51:46 +01:00
Eric Sagnes
f03ce60bd2 i3service: remove dmenu and i3 from env packages 2016-02-08 13:31:03 +09:00
Vladimír Čunát
a115bff08c Merge branch 'master' into staging 2016-02-07 13:52:42 +01:00
Aneesh Agrawal
3c5fca9618 filesystems: use list of strings for fs options
Allow usage of list of strings instead of a comma-separated string
for filesystem options. Deprecate the comma-separated string style
with a warning message; convert this to a hard error after 16.09.
15.09 was just released, so this provides a deprecation period during
the 16.03 release.

closes #10518

Signed-off-by: Robin Gloster <mail@glob.in>
2016-02-06 19:48:30 +00:00
Robin Gloster
f7aa921773 Merge pull request #12560 from tvestelind/haka
Haka: new package
2016-02-06 20:32:39 +01:00
Nikolay Amiantov
b16b5bcaa3 Merge pull request #12811 from abbradar/pulseaudio-device-manager
Load PulseAudio's module-device-manager only for KDE
2016-02-06 22:10:40 +03:00
Nikolay Amiantov
8ade67e8c1 Merge pull request #12797 from abbradar/udev-reload
udev service: restart on rules change
2016-02-06 18:57:24 +03:00
Rickard Nilsson
5c20877d40 opensmtpd: Add option that can disable adding sendmail to the system path 2016-02-06 11:54:56 +01:00
aszlig
b060d70d7f
nixos/udev: Fix printing impure FHS paths
The test only checked for existence of the rule file in the output path
of the rulefile generator.

However, we also need to check whether the basename of the file is also
the one we're currently searching for.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-02-05 15:31:04 +01:00
Eelco Dolstra
2701665904 Fetch all EC2 metadata / user data in the initrd
Since we're already fetching one datum, we may as well fetch the
others needed by fetch-ec2-data. This also eliminates the dependency
on wget.
2016-02-04 15:45:54 +01:00
Eelco Dolstra
5c72b20dde amazon-init.nix: Be less spammy 2016-02-04 15:45:54 +01:00
Eelco Dolstra
95584666e9 amazon-init.nix: Don't run nixos-rebuild if we don't have to 2016-02-04 15:45:54 +01:00
Nikolay Amiantov
ae662cdb11 display-manager module: load pulseaudio's module-device-manager only for KDE 2016-02-04 13:59:17 +03:00
Kranium Gikos Mendoza
46ecb25d68 facetimehd: blacklist bdc_pci when enabled 2016-02-04 11:31:28 +08:00
aszlig
c10a17a3eb
nixos/udev: Always fail if rules contain FHS paths
Partially reverts the following commits:

  9f2a61c59c
  9c13fe6604

As @edolstra pointed out, it would make more sense to do this by default
instead of having that allowImpurePaths option. This of course might
break systems which add extra packages to udev, but on the upside it's
hard to miss one of these paths now because it won't get buried in the
ocean of build output lines.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-02-03 16:40:41 +01:00
aszlig
9c13fe6604
nixos/tests/installer: Fail on impure udev rules
With 9f2a61c in place, let's actually use this in the installer tests to
make sure we won't shovel FHS paths down the throad of unstable channel
users.

I've tested this by running all of the installer tests for x86_64-linux
and they all succeeded.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-02-03 15:53:44 +01:00
aszlig
9f2a61c59c
nixos/udev: Add an option to fail on FHS paths
So far we were merely printing a warning if there are still references
to (/usr)/s?bin, but we actually want to make sure that we fix those
paths, especially on updates of packages that come with udev rules.

This adds a new option allowImpurePaths, which when set to false will
cause the "udev-rules" derivation to fail.

I've set this to true by default, to not break existing systems too much
and the intention is to set it to false for a few NixOS VM tests.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-02-03 15:48:52 +01:00
aszlig
80983bbe54
nixos/udev: Provide a better warning for FHS paths
We were trying to find FHS references in all of the rules found in
services.udev.packages. Unfortunately we're still fixing up paths in the
same derivation where we are checking those references, so for example
references to /sbin/modprobe were still printed to be needed to fixup
even though they were already fixed at the time.

So now we're printing a more helpful warning message which is also
conditional (before the warning message was printed regardless of
whether there are any rules that need fixup) and is based off the rules
that were already fixed up.

The new warning message not only contains the build-local rule files but
also the original files from other store paths and the FHS path
references that were still found.

With 8ecd3a5e1d reverted, we now get this:

/nix/store/...-udev-rules/63-md-raid-arrays.rules (originally from
 /nix/store/...-mdadm-3.3.4/lib/udev/rules.d/63-md-raid-arrays.rules)
 contains references to /usr/bin/readlink and /usr/bin/basename.

Which is now more accurate to what is not yet fixed and where it's
coming from.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-02-03 15:48:52 +01:00
aszlig
ee68bdc42e
nixos/udev: Fix up readlink and basename as well
In 8ecd3a5, we fixed up the FHS paths for stage 1, but unfortunately we
have a similar udev rules generator twice one for the initrd and one
without. So we might need to refactor this in the future.

For now, let's just fix the references to readlink and basename in the
udev module as well until we have properly addressed this.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Fixes: #12722
2016-02-03 15:45:37 +01:00
Eelco Dolstra
42709fb4e9 switch-to-configuration: Handle failure to read /proc/1/exe
It's not entirely clear why this happens, but sometimes /proc/1/exe
returns a bogus value, like
/ar3a3j6b9livhy5fcfv69izslhgk4gcz-systemd-217/lib/systemd/systemd. In
any case, we can just conservatively assume that we need to restart
systemd when this happens.

Fixes #10261.
2016-02-03 15:01:18 +01:00
Vladimír Čunát
4fede53c09 nixos manuals: bring back package references
This reverts most of 89e983786a, as those references are sanitized now.
Fixes #10039, at least most of it.

The `sane` case wasn't fixed, as it calls a *function* in pkgs to get
the default value.
2016-02-03 14:47:14 +01:00
Vladimír Čunát
e0feace5cd nixos docs: allow displaying package references
This is an improved version of original #12357.
For the purpose of generating docs, evaluate options with each derivation
in `pkgs` (recursively) replaced by a fake with path "\${pkgs.attribute.path}".
It isn't perfect, but it seems to cover a vast majority of use cases.
Caveat: even if the package is reached by a different means,
the path above will be shown and not e.g. `${config.services.foo.package}`.

As before, defaults created by `mkDefault` aren't displayed,
but documentation shouldn't (mostly) be a reason to use that anymore.

Note: t wouldn't be enough to just use `lib.mapAttrsRecursive`,
because derivations are also (special) attribute sets.
2016-02-03 14:47:14 +01:00
Nikolay Amiantov
1dce7c0b82 initrd-ssh module: don't check if network is up
We already do this in initrd-network.
2016-02-03 16:37:10 +03:00
Nikolay Amiantov
b4528a696a initrd-network: call postCommands only if network is up 2016-02-03 16:35:21 +03:00
Eelco Dolstra
20b54bd989 Merge pull request #12724 from abbradar/udev-hwdb
udev service: generate hwdb database from all udev packages
2016-02-03 14:24:11 +01:00
aszlig
8ecd3a5e1d
nixos/stage-1: Fix references to readlink/basename
Fixes references coming from the mdadm udev rules.

This addresses #12722 (mdadm udev rules have references to /usr/bin) but
still won't fix the warning, though (if we want to fix the warnings, we
will have to patch the udev rules generater in services/hardware/udev).

For common mdraid functionality, this shouldn't fix anything, because
the wrong references seem to only apply to containers, see these
(wrapped) lines from ${mdadm}/lib/udev/rules.d/63-md-raid-arrays.rules:

  # Tell systemd to run mdmon for our container, if we need it.
  ENV{MD_LEVEL}=="raid[1-9]*",
    ENV{MD_CONTAINER}=="?*",
  PROGRAM="/usr/bin/readlink $env{MD_CONTAINER}",
    ENV{MD_MON_THIS}="%c"
    ENV{MD_MON_THIS}=="?*",
    PROGRAM="/usr/bin/basename $env{MD_MON_THIS}",
    ENV{SYSTEMD_WANTS}+="mdmon@%c.service"

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-02-03 14:19:24 +01:00
Nikolay Amiantov
6b5f90a1a1 udev service: restart on rules change 2016-02-03 15:44:43 +03:00
Nikolay Amiantov
1d70e2fb75 initrd modules: move passwd and nsswitch back to initrd-ssh
Partially reverts commit 901163c0c7.
This has broken remote SSH into initrd because ${cfg.shell} is not
expanded. Also, nsswitch is useless without libnss_files.so which
are installed by initrd-ssh.
2016-02-03 14:56:55 +03:00
Nikolay Amiantov
815ff00ee0 initrd-ssh module: enable only if initrd network is enabled 2016-02-03 14:55:52 +03:00
Nikolay Amiantov
cc70183cee initrd-network module: initialize network before other pre-LVM commands
This is needed to ensure that network will be initialized before LUKS
passphrase is asked.
2016-02-03 14:55:42 +03:00
Guillaume Maudoux
9f358f809d Configure a default trust store for openssl 2016-02-03 12:42:01 +01:00
Vladimír Čunát
889351af8b Revert "Merge #12357: nixos docs: show references to packages"
The PR wasn't good enough yet.
This reverts commit b2a37ceeea, reversing
changes made to 7fa9a1abce.
2016-02-03 12:16:33 +01:00
Eelco Dolstra
69ec09f38a Don't make chromium-beta/dev release blockers
Generally we shouldn't ship pre-release versions anyway, and we
certainly don't want them to be release blockers. Also, chromium
builds are just too slow to have them blocking the channel (see
https://github.com/NixOS/nixpkgs/issues/12794).
2016-02-03 11:49:50 +01:00
Vladimír Čunát
b2a37ceeea Merge #12357: nixos docs: show references to packages 2016-02-03 10:07:27 +01:00
Eelco Dolstra
e618492168 Revert "Do not relocate /nix and /tmp to small disks on AWS"
This reverts commit f10bead8fd because
it doesn't work - there is no lsblk in the initrd, and there is a
missing backslash.
2016-02-02 19:59:28 +01:00
Eelco Dolstra
cc925d0506 boot.initrd.network: Support DHCP
This allows us to use it for EC2 instances.
2016-02-02 19:59:27 +01:00
Eelco Dolstra
901163c0c7 Split the initrd sshd support into a separate module
Also, drop boot.initrd.postEarlyDeviceCommands since preLVMCommands
should work fine.
2016-02-02 19:59:27 +01:00
Eelco Dolstra
06731dfcae ec2: Don't use ephemeral disks for /nix unionfs
This is a regression introduced by merging the EBS and S3 images. The
EBS images had a special marker /.ebs to prevent the initrd from using
ephemeral storage for the unionfs, but this marker was missing in the
consolidated image.

The fix is to check the file ami-manifest-path on the metadata server
to see if we're an S3-based instance. This does require networking in
the initrd.

Issue #12613.
2016-02-02 19:59:27 +01:00
cransom user
f10bead8fd Do not relocate /nix and /tmp to small disks on AWS
The default behavior with an m3.medium instance is to relocate
/nix and /tmp to /disk0 because an assumption is made that any
ephemeral disk is larger than the root volume.  Rather than make
that assumption, add a check to see if the disk is larger, and
only then relocate /nix and /tmp.

This addresses https://github.com/NixOS/nixpkgs/issues/12613
2016-02-02 01:40:41 +00:00
aszlig
ecefd2167a
nixos/connman: Fix assertion for networkmanager
Regression introduced by 5184aaa1ea.

The fix was intended to remove the "x == true/false" assertions, but by
accident a "x == false" was made "x == true" instead of "(!x)".

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Reported-by: devhell <"^"@regexmail.net>
2016-02-01 19:33:50 +01:00
Eelco Dolstra
45c218f893 initrd: Use modprobe from busybox 2016-02-01 18:19:24 +01:00
Eelco Dolstra
b21ef9c9e6 Don't include wireless-tools/iw/rfkill when wireless is disabled
This is mostly to get rid of some useless stuff in VMs/containers.
2016-02-01 18:19:23 +01:00
Eelco Dolstra
5184aaa1ea Use booleans properly 2016-02-01 18:19:23 +01:00
Eelco Dolstra
a7b7ac8bfb openssh: Enable DSA host/client keys
This applies a patch from Fedora to make HostKeyAlgorithms do the
right thing, fixing the issue described in
401782cb67.
2016-02-01 16:31:43 +01:00
Nikolay Amiantov
7330bfe464 udev service: generate proper hwdb database 2016-02-01 14:09:49 +03:00
Eelco Dolstra
1d6379bd30 Merge pull request #12458 from k0ral/acpid
Rewrite acpid module in a more generic way
2016-02-01 11:22:31 +01:00
Rickard Nilsson
e430f14da3 nixos-rebuild: Don't propagate --no-out-link arg to nix-store 2016-02-01 10:54:58 +01:00
Rickard Nilsson
b5b7805543 nixos-rebuild: Do not create result symlinks for boot/switch actions (resolves #12665) 2016-02-01 10:37:53 +01:00
Nikolay Amiantov
53e0f8b1cd Merge branch 'fontconfig-caches' into staging
Closes #12668, fixes #12648
2016-02-01 12:20:06 +03:00
Tomas Vestelind
de2d609317 haka in unstable release notes 2016-02-01 09:47:23 +01:00
Tuomas Tynkkynen
4cf9bf9eb0 sd-image.nix: Move the /boot partition up to 8M
Reportedly some ARM boards need some boot code at the start of a SD card
that could be larger than a megabyte. Change it to 8M, and while at it
reduce the /boot size such that the root partition should now start on a
128M boundary (the flash on SD cards really don't like non-aligned
writes these days).
2016-02-01 10:46:17 +02:00
Tuomas Tynkkynen
b6621196e0 sd-image-armv7l-multiplatform.nix: Add ttymxc0 to the list of consoles
Needed for the RS-232 port on Wandboard Quad (and presumably other boards
using the i.MX6 SoC).
2016-02-01 10:46:17 +02:00
Ryan Mulligan
8fee229261 desktop manager service: fix and improve default error
Before the error if the wrong default desktop was chosen would be:

/nixpkgs-channels/lib/modules.nix:282:11:
Default desktop manager ($(defaultDM)) not found.

which has the string interpolation done incorreclty. Now that is fixed
and it is more user-friendly as:

/nixpkgs-channels/lib/modules.nix:282:11:

Default desktop manager (gnome) not found.
Probably you want to change
  services.xserver.desktopManager.default = "gnome";
to one of
  services.xserver.desktopManager.default = "gnome3";
  services.xserver.desktopManager.default = "none";
2016-01-31 13:00:15 -08:00
Luca Bruno
932ee094e1 gnome3: drop GNOME 3.16 2016-01-31 13:59:48 +01:00
Oliver Charles
ab2db6239d lightdm: Allow background colors and images. Fixes #12684 2016-01-31 09:52:28 +00:00
Franz Pletz
65e5a727eb Merge pull request #11737 from MatrixAI/master
Simplified totalmem calculation for zram.nix
2016-01-30 23:14:44 +01:00
Franz Pletz
dbb01a863b Merge pull request #12699 from simonvandel/sundtek
sundtek: 2015-12-12 -> 2016-01-26 + service change
2016-01-30 20:41:04 +01:00
Simon Vandel Sillesen
81e99998f7 sundtek: 2015-12-12 -> 2016-01-26 + service change
* There is no need for hydra to build this, hence preferLocal
* service change: do not hardcode a wait time of 5 seconds
2016-01-30 20:08:52 +01:00
Tony White
ddfb660f7b kde5 bluedevil plasmoid : enable bluez5 bluetooth functionality
- Fixed a bug in bluedevil (link to a .js file)
    - Made bluez5 the default bluetooth service except for kde4
    - created org.bluez.obex systemd dbus service
    - Patched bluez5 using bluez-5.37-obexd_without_systemd-1.patch
    in order to enable obex when using either the bluedevil plasmoid
    or dolpin file manager within plasma workspaces 5.

    The functionality was tested using a Sony Xperia Z, the machine
    and the handset paired  and two different files were sent in both
    directions successfully.
2016-01-29 22:08:42 +00:00
aszlig
6fec28e043
nixos-manual: Further simplify stripAnyPrefixes
First of all this fixes an evaluation error I introduced in ae466ba,
which wasn't triggered by any of my own tests against the change because
there are usually no NixOS options that are declared outside of the
<nixpkgs> tree. I renamed the attribute name from "fn" to "fileName"
first and later to "fullPath" but forgot one still occuring "filename".

Thanks to @vcunat for noticing this.

Another thing that he pointed out was that the "stripPrefix" function
can be factored away entirely, because it's very similar to
"removePrefix" in <nixpkgs/lib>.

Unfortunately we can't use "removePrefix" as is, because we need to
account for the final shlash.

So instead of removing it twice and/or retaining "stripPrefix", let's
append a shlash on every "prefixesToStrip" and we can use "removePrefix"
as is.

Tested with:

taalo-build nixos/release.nix -A tests.installer.simple.x86_64-linux

And:

w3m -dump "$(
  nix-build nixos/release.nix -A manual.x86_64-linux
)/share/doc/nixos/options.html"

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @vcunat
2016-01-29 20:14:11 +01:00
aszlig
ae466ba15c
nixos-manual: Simplify stripping prefixes
Let's use a simple (unflipped) fold and break out the actual core
stripPrefix function from stripAnyPrefixes (I personally love
point-less^H^H^H^Hfree style but if I'd be anal I'd even go further and
factor away the "fn:").

Also, let's use path as a better name for "fn" (filename), because
that's what it is and also cannot be confused with "fn" meaning
"function".

We now toString all of the prefixes, so there shouldn't be any need to
implicily toString the extraSources anymore.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-01-29 16:33:19 +01:00
aszlig
a581f72f22
nixos-manual: Fix stripping declaration prefixes
Regression introduced by e6cd147ae7.

This broke all of the installer tests, because they needed to rebuild
the manual within the test machine, while it only has a closure of the
already pre-built system in place.

The problem here was just that the order of the arguments got mixed up
in stripAnyPrefixes, so it was actually trying to strip the path off the
prefix, not the other way around.

So in the end no prefix was stripped at all, so we ended up having full
store paths in the manual, which in turn caused the build within the VM
to fail, because the prefixes differed.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-01-29 16:33:19 +01:00
Nikolay Amiantov
39b5bc3b2f fontconfig service: add pre-generated fonts caches 2016-01-29 14:41:26 +03:00
Roger Qiu
5d3b1b84f5 zram: simplified totalmem calculation for zram.nix 2016-01-29 22:41:20 +11:00
Vladimír Čunát
de0af30716 Merge branch 'master' into staging 2016-01-29 10:19:48 +01:00
Eelco Dolstra
bfebc7342e Fix some references to deprecated /etc/ssl/certs/ca-bundle.crt 2016-01-29 02:32:05 +01:00
Sergey Mironov
a4d977e01f syncthing: support SOCKS5 proxying for relays 2016-01-27 22:47:09 +03:00
Kranium Gikos Mendoza
9213916ca7 facetimehd: init at git-20160127 2016-01-28 02:59:36 +08:00
Eelco Dolstra
2352e2589e audit: Disable in containers
This barfs:

Jan 18 12:46:32 machine 522i0x9l80z7gw56iahxjjsdjp0xi10q-audit-start[506]: The audit system is disabled
2016-01-26 16:25:40 +01:00
Nikolay Amiantov
b52acfdf01 nixos xserver: remove vaapiDrivers
Use hardware.opengl.extraPackages instead.
2016-01-26 13:42:40 +03:00
Nikolay Amiantov
1ae1791e8e nixos opengl: add extraPackages and extraPackages32 2016-01-26 13:42:39 +03:00
Tony White
c95bd5d085 sddm: add numlock switch
- added numlock on boot switch
- simply add :
services.xserver.displayManager.sddm.autoNumlock = true;
to configuration.nix and sddm will start
with numlock enabled.
2016-01-26 06:17:32 +00:00
Arseniy Seroka
e395cb0214 Merge pull request #12601 from tomberek/gateone_update
Gateone: fix cacerts dependency
2016-01-25 23:14:53 +03:00
Eelco Dolstra
310aadc48b Merge pull request #12557 from ryanartecona/nixos-manual-custom-options
NixOS manual: allow options from nix packages
2016-01-25 10:43:39 +01:00
Franz Pletz
ff51021920 Merge pull request #12590 from exi/askpass-in-env
nixos-ssh: set SSH_ASKPASS globally and not just on interactive shells
2016-01-25 10:42:31 +01:00
Vladimír Čunát
2af19df364 Merge branch 'master' into staging 2016-01-25 10:02:25 +01:00
Vladimír Čunát
3e1599f57b nixos-generate-config: fix #12595: broadcom quoting 2016-01-25 07:57:53 +01:00
Thomas Bereknyei
80d38d12b4 Gateone: fix cacerts dependency 2016-01-24 16:52:06 -05:00
Reno Reckling
312bae7fc0 nixos-ssh: set SSH_ASKPASS globally and not just on interactive shells
If we limit SSH_ASKPASS to interactive shells, users are unable to trigger
the ssh-passphrase dialog from their desktop environment autostart scripts.
Usecase: I call ssh-add during my desktop environment autostart and want to have
the passphrase dialog immediately after startup.
For this to work, SSH_ASKPASS needs to be propagated properly on
non-interactive shells.
2016-01-24 11:18:30 +01:00
Dan Peebles
dd18447055 grsecurity: add NixOS VM test 2016-01-24 04:06:19 +00:00
Dan Peebles
e409d0fed3 nixos: update-locatedb - harden via systemd (#7220)
Also, use systemd timers.

Most of the work is by @thoughtpolice but I changed enough of it to warrant changing commit author.
2016-01-23 20:44:30 +00:00
Dan Peebles
7ccda42007 nixos: uptimed - rewrite and harden a bit (#7220)
This is mostly @thoughtpolice's work, but I cleaned it up a bit.
2016-01-23 19:28:01 +00:00