Commit Graph

782 Commits

Author SHA1 Message Date
Johan Thomsen
f9ad1cae78 nixos/kubernetes: dashboard lockdown
Kubernetes dashboard currently has cluster admin permissions,
which is not recommended.

- Renamed option "services.kubernetes.addons.dashboard.enableRBAC" to "services.kubernetes.addons.dashboard.rbac.enable"
- Added option "services.kubernetes.addons.dashboard.rbac.clusterAdmin", default = false.
- Setting recommended minimal permissions for the dashboard in accordance with https://github.com/kubernetes/dashboard/wiki/Installation
- Updated release note for 18.09.
2018-06-19 22:28:00 +02:00
Michael Raskin
f35cc5eb42
Merge pull request #41764 from oxij/nixos/some-more-related-packages
nixos: add some more related packages
2018-06-13 17:03:56 +00:00
Jan Malakhovski
2a5688574c nixos: doc: make relatedPackages a bit smarter 2018-06-13 16:25:10 +00:00
Johan Thomsen
8d7ea96a13 nixos/kubernetes: improvements
- Added option 'cni.configDir' to allow for having CNI config outside of nix-store
  Existing behavior (writing verbatim CNI conf-files to nix-store) is still available.

- Removed unused option 'apiserver.publicAddress' and changed 'apiserver.address' to 'bindAddress'
  This conforms better to k8s docs and removes existing --bind-address hardcoding to 0.0.0.0

- Fixed c/p mistake in apiserver systemd unit description

- Updated 18.09 release notes to reflect changes to existing options
  And fixed some typos from previous PR

- Make docker images for Kubernetes Dashboard and kube-dns configurable
2018-06-12 22:47:32 +02:00
Matthew Justin Bauer
7996889cf0
Merge branch 'master' into nixos-evaluate 2018-06-10 11:10:11 -04:00
markuskowa
96af022af5 nixos/munge: run munge as user munge instead of root. (#41509)
* Added a note in release notes (incompatibilities)
* Adapt slurm test
* Change user to munge in service.munge
2018-06-09 00:50:28 +02:00
Matthieu Coudron
eb7e0d42db doc: Explain how to hack on kernel
Presents the options available (linuxManualConfig versus overriding
extraConfig, ignoreConfigErrors, autoModules, kernelPreferBuiltin.

For advanced hostPlatform customization refer to the commands shared by ericson1234 at
https://github.com/NixOS/nixpkgs/pull/33813 but it is too advanced to
put in the doc.
2018-06-08 10:36:21 +03:00
Joachim Fasting
2be28b1df5
Revert "Merge pull request #38263 from lopsided98/grub-initrd-secrets"
This reverts commit c06d7950f1, reversing
changes made to 4c25fbe338.

See https://github.com/NixOS/nixpkgs/issues/41608
2018-06-07 14:24:59 +02:00
Joachim F
c06d7950f1
Merge pull request #38263 from lopsided98/grub-initrd-secrets
grub: support initrd secrets
2018-06-06 19:05:54 +00:00
Samuel Dionne-Riel
15fa70cd78 nixos/doc+man: Fixes squishedtogether definitions. 2018-05-31 21:07:15 -04:00
Samuel Dionne-Riel
88ca2b1ec4 nixos/doc: ran make format
With visual inspection that nothing got worse.
2018-05-31 21:03:51 -04:00
Samuel Dionne-Riel
bc0421c4cf doc: Adds xml fixing script. (see previous and next commits)
This script is used to automatically fix issues within xml documentation
files.

The script is *for now* intended to be used ad-hoc, and the commits to
be examined.

A future discussion will define whether:

  * This commit and scripts are kept.
  * The script is extended for common use.

The biggest issue right now with the script is that it *could* in theory
destroy a valid space-less varlistentry.

The script could, in practical use, be changed and extended to normalize
some parts of the XML files, mainly:

  * A common quoting style for attributes
  * Fix-up some weird formatting automatically that xmlformat doesn't
    catch
2018-05-31 21:02:15 -04:00
Johan Thomsen
df54c25f5a Kubernetes:
- Added information regarding breaking changes to release note for 18.09
- Changed golang version comment in kubernetes package
- Added @johanot to maintainers list
2018-05-26 11:19:12 +02:00
Walter Franzini
205a9f2576 minor improvement to nix installation instructions (#40521)
* improve nix installation instructions

in the command

	$ bash <(curl https://nixos.org/nix/install)

<(..) is a bashism.  The documentation now show a command that does
not require to be executed by bash.
2018-05-16 00:23:00 -05:00
Matthew Justin Bauer
a3e4340149
Merge pull request #39536 from teto/iproute
[RDY] iproute: copy files in /etc
2018-05-15 11:36:31 -05:00
Matthieu Coudron
b75a9599b4 release notes: mention iproute2 module 2018-05-15 21:55:10 +09:00
aszlig
a7f79620ac
nixos: Fix build of the manual
The manual still had a reference to an option that was already renamed
ages ago and a7ed44ccad made it 'visible'.

With the visible attribute set to false for extraKernelModules, the
option no longer appears in the manual and thus breaks the link from the
manual to the options.

This is easily fixed by referring to boot.initrd.kernelModules instead
of the obsolete option boot.initrd.extraKernelModules.

Signed-off-by: aszlig <aszlig@nix.build>
Cc: @rycee, @matthewbauer
2018-05-15 14:54:57 +02:00
Jan Malakhovski
095fe5b43d nixos: rename system.{stateVersion,defaultChannel} -> system.nixos.\1 2018-05-12 19:27:09 +00:00
Markus Hauck
d12afa6642 googleearth: init at 7.1.8.3036 2018-05-11 09:34:29 +02:00
Emmanuel Rosa
0198bcc1eb gnucash: add upgrade instructions to NixOS release notes 2018-05-09 13:21:38 -04:00
Matthew Justin Bauer
dd55c957e2
Merge pull request #40051 from nh2/manual-option-types-attrs
manual: Document `types.attrs`
2018-05-09 07:55:17 +00:00
jD91mZM2
6c4c36fcbc
NetworkManager: add noDns option 2018-05-08 13:42:39 +02:00
aszlig
78b4b90d6c
Merge pull request #39526 (improve dhparams)
This introduces an option that allows us to turn off stateful generation
of Diffie-Hellman parameters, which in some way is still "stateful" as
the generated DH params file is non-deterministic.

However what we can avoid with this is to have an increased surface for
failures during system startup, because generation of the parameters is
done during build-time.

Aside from adding a NixOS VM test it also restructures the type of the
security.dhparams.params option, so that it's a submodule.

A new defaultBitSize option is also there to allow users to set a
system-wide default.

I added a release notes entry that described what has changed and also
included a few notes for module developers using this module, as the
first usage already popped up in NixOS/nixpkgs#39507.

Thanks to @Ekleog and @abbradar for reviewing.
2018-05-08 02:09:46 +02:00
Ben Wolsieffer
a75aee3923 nixos/grub: support initrd secrets 2018-05-07 10:35:56 -04:00
aszlig
a8b7372380
nixos: Add release notes about dhparams changes
This is not only to make users aware of the changes but also to give a
heads up to developers which are using the module. Specifically if they
rely on security.dhparams.path only.

Signed-off-by: aszlig <aszlig@nix.build>
2018-05-07 05:02:41 +02:00
Niklas Hambüchen
6e7f4f99d1 manual: Document types.attrs
Signed-off-by: Niklas Hambüchen <mail@nh2.me>
2018-05-07 00:36:39 +02:00
Matthew Justin Bauer
8723594059
rl-1809: add googleearth 2018-05-04 14:41:13 -05:00
Antoine Eiche
d35dcb1280 dockerTools.pullImage: documentation and release note 2018-05-02 21:32:20 +02:00
Robin Gloster
fe9096ef09
Merge branch 'master' into docker-registry-enhancements 2018-05-02 13:12:57 +02:00
Graham Christensen
eca5c99bf8
nixos docs: format =) 2018-05-01 19:57:09 -04:00
Graham Christensen
fd2dce9708
nixos docs: ignore generated files 2018-05-01 19:50:02 -04:00
Graham Christensen
9d4b966c4d
nixos docs: fixup 2018-05-01 19:43:52 -04:00
Graham Christensen
4f5a995b03
Merge pull request #39786 from grahamc/format-nixpkgs-docs-target
nixpkgs doc: add format Make target
2018-05-01 19:39:31 -04:00
Graham Christensen
374a3bdf5b
nixos docs: makefile for formatting 2018-05-01 18:03:25 -04:00
edef
1a18fedae4 nixos doc: mananager -> manager 2018-05-01 19:58:50 +02:00
Maximilian Bosch
593dc45141
nixos/docker-registry: cleanup module definition & enhance testcase
The following changes have been applied:

- the property `http.headers.X-Content-Type-Options` must a list of
  strings rather than a serialized list
- instead of `/etc/docker/registry/config.yml` the configuration will be
  written with `pkgs.writeText` and the store path will be used to run
  the registry. This reduces the risk of possible impurities by relying
  on the Nix store only.
- cleaned up the property paths to easy readability and reduce the
  verbosity.
- enhanced the testcase to ensure that digests can be deleted as well
- the `services.docker-registry.extraConfig` object will be merged with
  `registryConfig`

/cc @ironpinguin
2018-05-01 15:23:39 +02:00
Graham Christensen
5d03cce7ed
Merge pull request #38351 from grahamc/user-channels
Add user channels to the default nix path
2018-05-01 07:19:38 -04:00
Graham Christensen
8ab8d9cb74
Add user channels to the default nix path 2018-05-01 06:30:31 -04:00
Jörg Thalheim
101dca2d9a
Merge pull request #39798 from lheckemann/nixos-install-chroot-doc
nixos-install manual: remove --chroot option
2018-05-01 08:21:31 +01:00
Linus Heckemann
152454d987 nixos-install manual: remove --chroot option
This option has been removed from the tool in favour of nixos-enter.
2018-05-01 07:36:35 +01:00
Graham Christensen
d1165dba99
Merge pull request #38831 from rdnetto/improve-cross-refs
Improve cross referencing in NixOS Manual
2018-04-30 21:30:20 -04:00
Michael Raskin
fd8dcdfa9d
Merge pull request #39416 from Ma27/fix-.version-config
.version: don't read from `.version` and deduplicate `.version-suffix` references
2018-04-30 08:33:19 +00:00
Graham Christensen
8caaec894e
Merge pull request #39649 from grahamc/hacking-docs
NixOS docs: making it easier to hack on
2018-04-29 21:56:45 -04:00
Matthew Justin Bauer
f12b93162a
rl-1809: add netcat note 2018-04-29 18:30:42 -05:00
Maximilian Bosch
9274ea3903
treewide: rename version attributes
As suggested in https://github.com/NixOS/nixpkgs/pull/39416#discussion_r183845745
the versioning attributes in `lib` should be consistent to
`nixos/version` which implicates the following changes:

* `lib.trivial.version` -> `lib.trivial.release`
* `lib.trivial.suffix` -> `lib.trivial.versionSuffix`
* `lib.nixpkgsVersion` -> `lib.version`

As `lib.nixpkgsVersion` is referenced several times in `NixOS/nixpkgs`,
`NixOS/nix` and probably several user's setups. As the rename will cause
a notable impact it's better to keep `lib.nixpkgsVersion` as alias with
a warning yielded by `builtins.trace`.
2018-04-28 14:23:53 +02:00
Graham Christensen
74fcb1c770
nixos docs: include note about make for debugging the nixos docs 2018-04-28 04:15:16 -04:00
Graham Christensen
a77dc213a7
nixos manual: update xi:include for configuruation.nix's options-db 2018-04-28 04:04:56 -04:00
Graham Christensen
0ff0d138e4
nixos docs: Add a makefile for hacking on the nixos docs 2018-04-28 04:00:55 -04:00
Graham Christensen
59f8b1e844
nixos docs: Move generated XML in to a specific subdirectory to allow easier hacking 2018-04-27 22:44:51 -04:00
Graham Christensen
68d48cecf6
Merge pull request #31418 from ryantm/doc-nixos-extra-module-path
lib/eval-config: document NIXOS_EXTRA_MODULE_PATH
2018-04-27 21:26:06 -04:00