Commit Graph

3103 Commits

Author SHA1 Message Date
William A. Kennington III
c38a9b607f Merge pull request #8654 from ts468/upstream.trusted_grub_integration
grub installation: integrate trustedGRUB + fix broken equality check
2015-07-05 11:34:00 -07:00
Thomas Strobel
65cbbc75b0 grub installation: integrate trustedGRUB + fix broken equality check 2015-07-05 19:51:53 +02:00
Luca Bruno
6c8e6aaa24 nixos docker: fix service and test 2015-07-05 13:57:23 +02:00
lethalman
d7869f46ca Merge pull request #8602 from ts468/upstream.pam
Security: integrate pam_mount into PAM of NixOS
2015-07-05 00:40:49 +02:00
Thomas Strobel
7b6f279142 pam_mount module: integrate pam_mount into PAM of NixOS 2015-07-04 23:42:31 +02:00
Mateusz Kowalczyk
2bd811155e Merge pull request #8603 from ts468/upstream.xen
Xen related stuff
2015-07-04 16:13:33 +01:00
lethalman
07bdaa97da Merge pull request #8554 from dwe11er/luks-detached-header
allow for using LUKS devices with detached header
2015-07-04 13:17:54 +02:00
Arseniy Seroka
b15df9482a Merge pull request #8573 from lihop/shellinabox-service
shellinabox service: initial implementation
2015-07-04 14:02:06 +03:00
Arseniy Seroka
093a8994f9 Merge pull request #8624 from ambrop72/minidlna-update
minidlna 1.1.4
2015-07-04 13:59:32 +03:00
Leroy Hopson
1eb50ebbf2 shellinabox service: intial implementation 2015-07-04 21:18:13 +12:00
Pascal Wittmann
2fd9d56f51 nixos/skydns: fixed reference to skydns 2015-07-04 09:43:28 +02:00
Ambroz Bizjak
42a5ad5c5e minidlna: 1.0.25 -> 1.1.4
Changes:
- gettext is needed to build
- Switched to using non-legacy ffmpeg.
- Removed ffmpeg stuff from include path since it causes build errors related to
a time.h header.
- Removed unneeded patch.
- Adjusted NixOS service due to the binary being renamed.
2015-07-04 09:16:28 +02:00
aszlig
9bc2f77daa
nixos/tests/chromium: Improve sandbox checking.
We no longer need have "SUID sandbox" enabled in the chrome://sandbox
status page and we now also check for "You are adequately sandboxed." to
be absolutely sure that we're running with proper sandboxing.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2015-07-04 02:31:45 +02:00
Joachim Schiele
11cd596aea wordpress: language downloads are now reproducible 2015-07-03 13:06:44 +02:00
Thomas Strobel
8f911263e9 Xen Dom0: add dnsmasq to xen-bridge. 2015-07-02 16:27:40 +02:00
William A. Kennington III
b21fd5d066 nixos/postgresql: Fix initdb for existing, empty postgres partitions 2015-07-02 00:08:02 -07:00
William A. Kennington III
7eae48871f Merge branch 'master.upstream' into staging.upstream 2015-07-01 13:38:17 -07:00
Shea Levy
dd9530c819 Merge remote-tracking branch 'projectorhq/riemann-tools'
Add riemann-tools package and service
2015-07-01 08:45:33 -04:00
Eelco Dolstra
f667310c06 Use mkAfter for services.postgresql.authentication
Authentication methods are tried in order, so if another NixOS module
defines a specific ident mapping like

  local hydra all ident map=hydra-users

it should appear before the generic

  local all all ident
2015-07-01 13:49:02 +02:00
William A. Kennington III
612f0bdd67 Merge branch 'master.upstream' into staging.upstream 2015-06-30 23:58:07 -07:00
Tobias Geerinckx-Rice
013f88ac7e nixos: gnome-keyring: fix module description 2015-07-01 02:22:27 +02:00
Robert Pitts and Trenton Strong
bbb36ea039 Add riemann-tools to nixpkgs
Adds package via bundlerEnv and service for Riemann health.
2015-06-30 17:16:51 -04:00
Eelco Dolstra
96b325b0b7 Remove option ec2.metadata 2015-06-30 17:25:56 +02:00
Eelco Dolstra
32b9ca3219 EC2: Don't blackhole 169.254.169.254
https://github.com/NixOS/nixops/issues/267
2015-06-30 17:04:19 +02:00
Eelco Dolstra
a9b3d75e9e nix.buildMachines: Fewer required fields 2015-06-30 00:51:07 +02:00
Marcin Falkiewicz
c1becad3eb nixos/modules/system/boot/luksroot.nix: allow for LUKS devices with detached header 2015-06-29 17:36:47 +02:00
aszlig
f9bd72f24c
nixos/iso-image: Allow to customize menu label.
It comes in handy to alter the menu label if you're not building a NixOS
installer image but for example if you want to build a live system and
still want to re-use the iso-image.nix module.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2015-06-28 23:30:17 +02:00
Edward Tjörnhammar
ed9dc1fd9e nixos: added gitit service 2015-06-28 12:39:52 +02:00
William A. Kennington III
b6322e1215 krb5: Break out into a lib and not lib version 2015-06-26 22:05:47 -07:00
William A. Kennington III
ef253212f4 Merge branch 'master.upstream' into staging.upstream 2015-06-26 17:25:49 -07:00
William A. Kennington III
fee9ef8659 nixos: Replace pkgs.openssh with config.programs.ssh.package 2015-06-26 17:09:58 -07:00
Eelco Dolstra
1f3f31b2a8 Add options nix.{trustedUsers,allowedUsers}
These are just trusted-users and allowed-users in nix.conf. It's
useful to have options for them so that different modules can specify
trusted/allowed users.
2015-06-26 18:45:27 +02:00
Eelco Dolstra
fb203a34c0 nix.buildMachines: Don't require sshUser 2015-06-26 18:44:44 +02:00
Peter Simons
449c14d20b Merge pull request #8520 from hrdinka/fix/postfix-recipient_delimiter
postfix: fix recipient_delimiter option
2015-06-26 14:18:58 +02:00
Christoph Hrdinka
6839ad653a postfix: fix recipient_delimiter option
This reverts commit 88f4b75a00 and fixes the
recipientDelimiter config option. Till then the camel case variant was used
while recipient_delimiter would have been right.
2015-06-26 14:05:53 +02:00
Damien Cassou
ffe164d758 Merge pull request #8484 from DamienCassou/fix-blocking-stumpwm-module
Don't block the system after starting stumpwm
2015-06-26 11:40:59 +02:00
Damien Cassou
0bd3737bd0 stumpwm: don't block after starting stumpwm
This is important to let nixos configure everything, e.g., a desktop
manager.
2015-06-26 11:38:04 +02:00
Joachim Schiele
011993c86a wordpress: usability updates 2015-06-25 16:21:14 +02:00
Thomas Tuegel
a8c52d0958 Merge branch 'master' into staging 2015-06-25 09:15:05 -05:00
Thomas Tuegel
0aa8e64967 kde5: JSON manifest format 2015-06-25 09:03:40 -05:00
Rok Garbas
d405d036c5 redmine service: fixing a typo, pointing to bundler package 2015-06-25 15:24:57 +02:00
Russell O'Connor
46f06ccde7 uwsgi-service: Add user/group for uwsgi service.
Also add a uwsgi directory under /run (defaulting to /run/uwsgi) where the uwsgi user can place sockets.
2015-06-24 14:48:53 +00:00
Simon Vandel Sillesen
9dab1a840c tvheadend: init at 4.0.4 2015-06-24 13:22:09 +00:00
William A. Kennington III
6532863ac4 unifi: 3.2.10 -> 4.6.3 2015-06-23 10:09:44 -07:00
Arseniy Seroka
266531b5b0 Merge pull request #8422 from travisbhartwell/update/atom-shell-to-electron
atom-shell: renamed to electron and updated 0.19.1 -> 0.28.2
2015-06-23 18:54:22 +03:00
William A. Kennington III
282d03befa Merge branch 'master.upstream' into staging.upstream 2015-06-22 10:57:36 -07:00
Luca Bruno
f00440fac5 nixos/x11: start session with dbus-launch
This is needed by most window managers. Desktop environments
usually launch dbus-launch if a session hasn't been started yet
so this shouldn't hurt. The worst it can happen is that one
dbus session will be unused in case it's started twice.

The GDM change is backported from recent gdm.
2015-06-22 16:12:20 +00:00
Peter Simons
88f4b75a00 nixos: recipientDelimiter is no longer a valid configuration option in Postfix 2.11.x or later
Note that this change in Postfix might affect the mlmmj.nix service in
ways I don't fully understand.
2015-06-22 12:47:23 +02:00
Peter Simons
e08074ff6d nixos: fix code that sets up /etc/postfix
The sample config files have moved from ${postfix}/share to ${postfix}/etc in
version 2.11.4.
2015-06-22 12:47:23 +02:00
Arseniy Seroka
cf44a27fc4 fix argument in mkEnableOption 2015-06-21 18:21:21 +03:00
Travis B. Hartwell
caa216b640 atom-shell: renamed to electron and updated 0.19.1 -> 0.28.2
Added systemd to buildEnv path because of new libudev dependency.
2015-06-19 15:32:12 -06:00
Damien Cassou
90912f8aa5 Merge pull request #8401 from DamienCassou/document-desktopManagerHandlesLidAndPower-in-systemd
Explanation to desktopManagerHandlesLidAndPower
2015-06-19 14:02:04 +02:00
Damien Cassou
26e424a4aa Explanation to desktopManagerHandlesLidAndPower
With this patch, systemd-inhibit outputs a descriptive message when
desktopManagerHandlesLidAndPower=true (the default).

Before the patch:

    $ systemd-inhibit
         Who: /nix/store/[...]-xsession [...] (UID 1000/cassou, PID 18561/systemd-inhibit)
        What: handle-power-key:handle-lid-switch
         Why: Unknown reason
        Mode: block

After the patch:

    $ systemd-inhibit
         Who: /nix/store/[...]-xsession [...] (UID 1000/cassou, PID 18561/systemd-inhibit)
        What: handle-power-key:handle-lid-switch
         Why: See NixOS configuration option 'services.xserver.displayManager.desktopManagerHandlesLidAndPower' for more information.
        Mode: block
2015-06-19 11:16:32 +02:00
Vladimír Čunát
61596bf405 Merge #8363: pure-darwin stdenv 2015-06-18 22:38:08 +02:00
William A. Kennington III
295846a254 nixos/nix-serve: Run as a separate user and add a signing key parameter 2015-06-17 19:10:39 -07:00
William A. Kennington III
8e19ac8d7c Merge branch 'master.upstream' into staging.upstream 2015-06-17 11:57:40 -07:00
William A. Kennington III
d4fc2b4d99 nixos/install-grub: Fix grub1 installation 2015-06-17 11:47:36 -07:00
rushmorem
d9c56c696f Replaces https://github.com/NixOS/nixpkgs/pull/8368 2015-06-17 19:26:17 +02:00
Rushmore Mushambi
8170e74d9f Revert "Make it possible to boot NixOS from a SCSI Disk on KVM" 2015-06-17 19:13:08 +02:00
rushmorem
ee3768b9ba Make it possible to boot NixOS from a SCSI Disk on KVM
Currently NixOS can't boot from a SCSI disk as a KVM Guest.
I found this out while installing it on the new [Linode KVM
platform](https://www.linode.com/docs/platform/kvm#custom-kernel-configuration).
2015-06-17 17:28:07 +02:00
Eelco Dolstra
f93d8425c3 Installer test: Fix booting from SCSI
This is required by the GRUB 1 test.
2015-06-17 15:47:43 +02:00
Luca Bruno
d5628c982d Bypass /etc/gdm/Xsession. Closes #8351 2015-06-16 11:20:20 +00:00
Luca Bruno
aa800fa0fe Merge branch 'master' into staging 2015-06-15 09:56:29 +02:00
lethalman
e08bbc0bc1 Merge pull request #8159 from cransom/dd-agent
Allow custom tags to be set for datadog monitoring
2015-06-15 18:43:14 +02:00
Casey Ransom
d3212beff9 Allow custom tags to be set for datadog monitoring 2015-06-15 16:37:27 +00:00
Eelco Dolstra
6e6a96d42c Some more type cleanup 2015-06-15 18:18:46 +02:00
Eelco Dolstra
c63bc92d4c types.uniq types.str -> types.str 2015-06-15 18:12:32 +02:00
Eelco Dolstra
19ffa212af types.uniq types.int -> types.int
types.int already implies uniqueness.
2015-06-15 18:11:32 +02:00
Eelco Dolstra
c738b309ee types.uniq types.bool -> types.bool 2015-06-15 18:10:26 +02:00
Eelco Dolstra
9366af1b94 "types.uniq types.string" -> "types.str" 2015-06-15 18:08:49 +02:00
Bjørn Forsman
74d5adcb4d nixos: move environment.{variables => sessionVariables}.MODULE_DIR
This solves the problem that modprobe does not know about $MODULE_DIR
when run via sudo, and instead wrongly tries to read /lib/modules/:

  $ sudo strace -efile modprobe foo |& grep modules
  open("/lib/modules/3.14.37/modules.softdep", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
  open("/lib/modules/3.14.37/modules.dep.bin", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
  open("/lib/modules/3.14.37/modules.dep.bin", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
  open("/lib/modules/3.14.37/modules.alias.bin", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)

Without this patch, one would have to use sudo -E (preserves environment
vars). But that option is reserved for sudo users with extra rights
(SETENV), so it's not a solution.

environment.sessionVariables are set by PAM, so they are included in the
environment used by sudo.
2015-06-14 18:56:58 +02:00
Domen Kožar
a2deb7a2c9 Merge pull request #8322 from unaizalakain/master
The user specified in the conf should run MPD
2015-06-14 11:41:36 +02:00
Dan Peebles
10e75453b2 Factor the NixOS channel building code out into its own file, so I can use it elsewhere 2015-06-13 21:55:29 -04:00
Dan Peebles
ebde5fd9d4 Use the right nix when doing things in our amazoninit 2015-06-13 21:26:50 -04:00
Unai Zalakain
8811724ec9 The user specified in the conf should run MPD 2015-06-13 23:24:19 +02:00
Oliver Matthews
2434ee4aab Allow setting mediatomb interface 2015-06-13 15:16:28 +00:00
Luca Bruno
033605e87f Merge branch 'nixos-subdir'
Conflicts:
	nixos/modules/system/boot/loader/grub/grub.nix
2015-06-13 15:18:12 +02:00
Luca Bruno
c3e832b323 stage-1: mkdir -p /mnt-root, it may be created earlier by some hooks 2015-06-13 15:02:51 +02:00
Luca Bruno
3754de550f nixos/grub: allow customization of the nix store path 2015-06-13 15:02:00 +02:00
William A. Kennington III
954801a9a8 Merge branch 'master.upstream' into staging.upstream 2015-06-12 13:47:46 -07:00
Shea Levy
5ee75e236c apache-kafka: Enable overriding the kafka package 2015-06-12 15:56:06 -04:00
Sander van der Burg
fd187980c7 Put dysnomia in system environment if Disnix is enabled 2015-06-12 16:18:42 +00:00
Joachim Fasting
ffc6275e55 dnscrypt-proxy service: support custom providers
The primary use-case is private DNSCrypt providers.

Also rename the `port` option to differentiate it from the
`customResolver.port` option.
2015-06-12 15:12:33 +02:00
Joachim Fasting
8131065b63 dnscrypt-proxy service: use mkEnableOption 2015-06-12 15:12:33 +02:00
Joachim Fasting
2e8bc2bd5c nixos: cosmetic improvements to dnscrypt-proxy service module
Remove superflous whitespace & comments
2015-06-12 15:12:33 +02:00
Joachim Fasting
a88a6bc676 nixos: additional hardening for dnscrypt-proxy
- Run as unprivileged user/group via systemd, obviating the need to
  specify capabilities, etc.
- Run with private tmp and minimal device name space
2015-06-12 15:12:33 +02:00
Joachim Fasting
823bb5dd4d nixos: implement socket-activation for dnscrypt-proxy
The socket definition is derived from upstream with the
exception that it does not depend on network.target, as
this creates a cycle between basic.target and sockets.target.

The apparmor profile has been updated to account for additional
runtime dependencies introduced by enabling systemd support.
2015-06-12 15:12:33 +02:00
Joachim Fasting
dfe20de782 nixos: permit dnscrypt-proxy service to read basic user/group info
If nscd is not running, dnscrypt-proxy crashes without read access
to /etc/{password,group,nsswitch.conf}.
2015-06-12 15:12:30 +02:00
Thomas Tuegel
2a2448bcb7 Merge pull request #8182 from ttuegel/openblas
Numerical computing overhaul
2015-06-12 08:06:03 -05:00
Thomas Tuegel
c02dd4a726 Update release notes about OpenBLAS 2015-06-12 08:04:02 -05:00
Eelco Dolstra
07aa0f7f21 Revert "Use nixUnstable by default"
This reverts commit 64a41b7a90.
2015-06-12 13:20:18 +02:00
Luca Bruno
da7748a6fc nixos: set high fs.inotify.max_user_watches when xserver is enabled 2015-06-12 13:02:35 +02:00
Thomas Strobel
399b549611 Fix: xen-bridge systemd service 2015-06-12 12:52:14 +02:00
Thomas Strobel
a6e12c23fc Link Xen scripts to /etc/xen 2015-06-12 12:52:14 +02:00
Dan Peebles
4b758e374e Initial attempt at configuring from EC2 userdata (with input from cstrahan). Now with VM tests! 2015-06-11 23:16:35 -04:00
Dan Peebles
b6c589b2da Simple EC2 user-data VM test 2015-06-11 22:54:04 -04:00
William A. Kennington III
ffcd8acee6 nixos/pulseaudio: Fix description 2015-06-11 17:26:12 -07:00
Eelco Dolstra
cd28c5517c Revert "Drop tests.installer.grub1 as release critical"
This reverts commit 1907ca8a2a. See

1907ca8a2a (commitcomment-9719007)
2015-06-12 01:37:45 +02:00
Rickard Nilsson
7a0ca52267 scollector: Change type of collectors to allow proper merging 2015-06-11 16:49:43 +02:00
William A. Kennington III
502a19b2b4 nixos/grub: Support labeling efi bootloaders with independent id's 2015-06-10 15:47:08 -07:00