Commit Graph

4206 Commits

Author SHA1 Message Date
Jaka Hudoklin
9d97c92d68 kubernetes module: webhook authorization for kubelet 2017-09-24 11:44:25 +02:00
Jaka Hudoklin
7c893623d4 kubernetes module: fix documentation links 2017-09-24 11:44:25 +02:00
Jaka Hudoklin
74f99525e0 kubernetes module: add featureGates option 2017-09-24 11:44:25 +02:00
Jaka Hudoklin
55dbbfd899 kubernetes module: kubelet, add socat to path for kubectl portforward 2017-09-24 11:44:25 +02:00
Jaka Hudoklin
8e48fff268 kubernetes module: enable leader elect by default 2017-09-24 11:44:25 +02:00
Jaka Hudoklin
856ca7347f kubernetes module: add storage and tolerations addmission controllers 2017-09-24 11:44:25 +02:00
Jaka Hudoklin
d842d539d9 kubernetes module: fix cidr ranges 2017-09-24 11:44:25 +02:00
Jaka Hudoklin
b25d155976 kubernetes module: default auth mode to only RBAC 2017-09-24 11:44:25 +02:00
Jaka Hudoklin
c2622910ab kubernetes module: add support for common CA file 2017-09-24 11:44:25 +02:00
Jaka Hudoklin
c96ca5f3bd kubernetes module: per service kubeconfig support 2017-09-24 11:44:25 +02:00
Jaka Hudoklin
7dfeac88ac kubernetes module: flannel support, minor fixes
- add flannel support
- remove deprecated authorizationRBACSuperAdmin option
- rename from deprecated poratalNet to serviceClusterIpRange
- add nodeIp option for kubelet
- kubelet, add br_netfilter to kernelModules
- enable firewall by default
- enable dns by default on node and on master
- disable iptables for docker by default on nodes
- dns, restart on failure
- update tests

and other minor changes
2017-09-24 11:44:25 +02:00
Matej Cotman
8e14e978c8 kubernetes: fix minor issues 2017-09-24 11:44:25 +02:00
Matej Cotman
ed322f4235 kubernetes: update service 2017-09-24 11:44:25 +02:00
Jaka Hudoklin
90d5468ad6 kubernetes module: authorization improvements 2017-09-24 11:44:25 +02:00
Matej Cotman
c3cfd92d24 kubernetes: 1.5.6 -> 1.6.4 2017-09-24 11:44:25 +02:00
Graham Christensen
f3b9ac73e2
nixos/rabbitmq: fix restarts and sasl logs
1. The chmod 400 with the preset cookie prevented restarts, as
on the second boot it would fail to write to the cookie. Oops.

2. As far as I can tell, sasl logs were disabled because of the
following error:

{error,{cannot_log_to_tty,sasl_report_tty_h,not_installed}}

Not because we actually wanted to disable them. This meant the
management plugin wasn't usable due to a bug set to be fixed in
3.7.0.
2017-09-23 17:58:43 -04:00
Robin Gloster
08b09fdc5c
fanctl, fan module: remove
This has been broken nearly all the time due to the patches needed to
iproute2 not being compatible with the newer versions we have been
shipping. As long as Ubuntu does not manage to upstream these changes
so they are maintained with iproute2 and we don't have a maintainer
updating these patches to new iproute2 versions it is not feasible to
have this available.
2017-09-23 17:55:33 +02:00
Peter Simons
99f759de1c Revert "nixos: add option for bind to not resolve local queries (#29503)"
This reverts commit 670b4e29ad. The change
added in this commit was controversial when it was originally suggested
in https://github.com/NixOS/nixpkgs/pull/29205. Then that PR was closed
and a new one opened, https://github.com/NixOS/nixpkgs/pull/29503,
effectively circumventing the review process. I don't agree with this
modification. Adding an option 'resolveLocalQueries' to tell the locally
running name server that it should resolve local DNS queries feels
outright nuts. I agree that the current state is unsatisfactory and that
it should be improved, but this is not the right way.

(cherry picked from commit 23a021d12e)
2017-09-23 16:41:34 +02:00
Bjørn Forsman
3a58e41e43 nixos/gitolite: use group 'gitolite' instead of 'nogroup'
Having files (git repositories) owned by 'nogroup' is a bad idea.
2017-09-23 16:33:52 +02:00
Pavel Goran
c73a3813fa nixos/gitolite: customize .gitolite.rc declaratively
Add the `extraGitoliteRc` option to customize the `.gitolite.rc`
configuration file declaratively.

Resolves #29249.
2017-09-22 18:29:35 +02:00
Joachim F
c913f7155f Merge pull request #27340 from bachp/glusterfs-tls
glusterfs service: add support for TLS communication
2017-09-21 20:27:25 +00:00
Jörg Thalheim
ba174fc5a7 Merge pull request #29285 from bachp/node-exporter-docs
node-exporter service: fix documentation for enabledCollectors
2017-09-21 21:04:09 +01:00
Pascal Bach
8ed758696c gluster service: use str instead of path for private key
This pervents the user from accidently commiting the key to the nix store.
If providing a path instead of a string.
2017-09-21 20:35:35 +02:00
Robin Gloster
e2822f6384
gitlab: 9.5.2 -> 9.5.5 2017-09-21 20:26:12 +02:00
Peter Hoeg
6558f81bc9 kmscon: reset ExecStart to allow override
The getty@.service unit already has an ExecStart so we cannot simply set a new
one in order to override it or we will get this error:

systemd[1]: getty@tty1.service: Service has more than one ExecStart= setting, which is only allowed for Type=oneshot services. Refusing.

Instead "reset" ExecStart by setting it to empty which is the systemd way of
doing it.
2017-09-21 10:02:03 +08:00
Robin Gloster
370ac6275e
gitlab module: fix shell hook path 2017-09-20 23:51:26 +02:00
Rob Vermaas
1b71376cf2
Make sure dummy kernel module is loaded for hologram-agent.
(cherry picked from commit eb873f6c78)
2017-09-20 10:58:24 +00:00
Franz Pletz
406c7a0731 Merge pull request #29521 from aneeshusa/ease-radicale-upgrade
Ease radicale upgrade
2017-09-18 23:13:53 +02:00
gwitmond
bd52618c9d
nixos: add option for bind to not resolve local queries (#29503)
When the user specifies the networking.nameservers setting in the
configuration file, it must take precedence over automatically
derived settings.

The culprit was services.bind that made the resolver set to
127.0.0.1 and ignore the nameserver setting.

This patch adds a flag to services.bind to override the nameserver
to localhost. It defaults to true. Setting this to false prevents the
service.bind and dnsmasq.resolveLocalQueries settings from
overriding the users' settings.

Also, when the user specifies a domain to search, it must be set in
the resolver configuration, even if the user does not specify any
nameservers.

(cherry picked from commit 670b4e29ad)

This commit was accidentally merged to 17.09 but was intended for
master. This is the cherry-pick to master.
2017-09-18 22:54:29 +02:00
Franz Pletz
dc08dcf6e7
ssh service: add sftpFlags option 2017-09-18 21:52:07 +02:00
Robert Klotzner
a9f60224f8 coturn service: Fix coturn to properly come up (#29415)
properly also in case dhcpcd being used.

Without network-online.target, coturn will fail to listen on addresses that
come up with dhcpcd.
2017-09-18 14:54:32 +02:00
Franz Pletz
b179908414
nixos/networking: network is online if default gw set
Previously services depending on network-online.target would wait until
dhcpcd times out if it was enabled and a static network address
configuration was used. Setting the default gateway statically is enough
for the networking to be considered online.

This also adjusts the relevant networking tests to wait for
network-online.target instead of just network.target.
2017-09-18 14:51:38 +02:00
Franz Pletz
decaa2e7bf Merge pull request #29133 from elitak/ipfs
ipfs: workaround for upstream bug; other small fixes
2017-09-18 13:26:39 +02:00
Florian Jacob
839e3c7666 nixos/mysql: declarative users & databases
using Unix socket authentication, ensured on every rebuild.
2017-09-18 13:10:26 +02:00
Kranium Gikos
662b409b72 influxdb service: fixup postStart script to handle TLS 2017-09-18 11:56:30 +02:00
Justin Humm
b5a5d0ba84 gollum service: init 2017-09-18 11:55:00 +02:00
Aneesh Agrawal
fcd590d116 radicale: Add extraArgs option to assist in data migration 2017-09-18 00:29:01 -07:00
Eric Litak
1a15c5d8c6 ipfs: autoMount working without root 2017-09-17 23:57:25 -07:00
Eric Litak
6324317c76 ipfs: workaround for upstream bug; doc fixes 2017-09-17 23:57:25 -07:00
Pascal Bach
c68118ce65 glusterfs service: add support for TLS communication
TLS settings are implemented as submodule.
2017-09-17 18:53:14 +02:00
Franz Pletz
275914323b Merge pull request #27256 from bachp/squid-service
squid service: initial service based on default config
2017-09-17 18:52:53 +02:00
Rodney Lorrimar
6460e459de nixos/gogs: Fix module when no passwords provided
If neither database.password or database.passwordFile were provided,
it would try and fail to coerce null to a string.

This fixes the situation where there is no password for the database.

Resolves #27950
2017-09-17 18:41:53 +02:00
Joachim F
149307476e Merge pull request #29479 from florianjacob/fix-tinc-stable
nixos/tinc: Fix tinc cli wrapper for tinc 1.0
2017-09-17 13:40:20 +00:00
Florian Jacob
8cea87c1eb nixos/tinc: Fix tinc cli wrapper for tinc 1.0.
tinc prior to 1.1 doesn't have the `tinc` executable,
and `tincd` isn't of any use while the daemon already runs.
2017-09-17 10:46:12 +02:00
aszlig
3ba2095a42
nixos/dovecot: Fix createMailUser implementation
This option got introduced in 7904499542
and it didn't check whether mailUser and mailGroup are null, which they
are by default.

Now we're only creating the user if createMailUser is set in conjunction
with mailUser and the group if mailGroup is set as well.

I've added a NixOS VM test so that we can verify whether dovecot works
without any additional options set, so it serves as a regression test
for issue #29466 and other issues that might come up with future changes
to the Dovecot service.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Fixes: #29466
Cc: @qknight, @abbradar, @ixmatus, @siddharthist
2017-09-17 04:57:20 +02:00
Jaka Hudoklin
1adaad1371 Merge pull request #28927 from xtruder/nixos/logkeys/init
logkeys module: init
2017-09-16 16:23:13 +02:00
Joachim F
c0616a3234 Merge pull request #28892 from ryantm/matterbridge2
matterbridge, modules/matterbridge: init at 1.1.0
2017-09-16 12:43:35 +00:00
Silvan Mosberger
fea9e081a9
namecoin service: fix typo 2017-09-15 23:08:53 +02:00
Bjørn Forsman
6b7a9376f1 nixos/wpa_supplicant: use literalExample
For various reasons, big Nix attrsets look ugly in the generated manual
page[1]. Use literalExample to fix it.

[1] Quotes around attribute names are lost, newlines inside multi-line
strings are shown as '\n' and attrs written on multiple lines are joined
into one.
2017-09-15 20:27:48 +02:00
joachim schiele
7904499542 dovecot2: added quota, changed pop3 default 2017-09-15 18:01:29 +02:00