The original idea behind this change (described in ticket #11064) was to
improve the assertions to avoid that users of the X server accidentally
forget to configure a DM or WM.
However this caused several issues with setups that require X, but no DM
or WM. The keymap testcases became instable as well as now disabling DMs
needs to be done explicitly.
(see https://github.com/NixOS/nixpkgs/pull/31268#issuecomment-347080036)
In the end the idea behind the change and #11064 was obviously a
mistake, so reverting it completely for now should be fine.
The dovecot bump to 2.3.1 caused the dovecot service to fail to start
because it would try to chgrp sockets to dovecot whereas our default
dovecot group is called dovecot2.
This fixes the `update-locatedb` service when using the `mlocate`
package.
The service as-is does not properly handle flags during update of the
relevant database when configured to use the `mlocate` package.
The man entry for `updatedb` associated with `mlocate` does not say
that it supports environment variables in place of command line flags,
whereas the `findutils` package's updatedb does so.
To support this distinction, we pass the relevant settings as flags to
the `updatedb` program when using the `mlocate` package.
Fixes#29279
We should be able to deploy a NixOS 18.03 system with the current nixops
stable release. Some options were renamed, so instead of
`mkRenamedOptionModule` we introduce them as read-only interal options
that won't be rendered in the manual.
Only the options that are needed to make nixops evaluations succeed were
added.
This commit should probably be reverted after or before the 18.09 release,
depending on the nixops 1.6 release.
The user will not get the warning that these have been renamed but
this change is mentioned in the release notes.
Fixes#34253.
The isKexecable flag treated Linux without kexec as just a normal
variant, when it really should be treated as a special case incurring
complexity debt to support.
This service will never run automatically, but it encapsulates the
necessary logic and configuration to run a restore of the latest
archive, and allows to hook more specific logic, such as loading
a database dump, via `postStart`.
A new option `explicitSymlinks` will set `-H` when creating an archive.
This option makes tarsnap follow any symlinks specified explicitly on
the commandline, but not any found inside the file tree.
A new option `followSymlinks` will set `-L` when creating an archive.
This option makes tarsnap follow any symlinks found anywhere in the file
tree instead of storing them as-is.
X libraries in LD_LIBRARY_PATH seem to not be needed anymore.
I've tracked this addition as far as I could
(02cef04c81) and they seem to be added for unfree
NVIDIA and ATI drivers but at least for NVIDIA they are not needed anymore. We
can add them with patchelf instead if it turns out to be the case with ATI.
The psmouse module is for PS/2 mouse only, which doesn't exist outside
x86. But we can test for the mousedev module just as well which is used
for the '-device usb-tablet' emulated by QEMU.
Uses the HTTPS url for cases where the existing URL has a permanent
redirect. For each domain, at least one fixed derivation URL was
downloaded to test the domain is properly serving downloads.
Also fixes jbake source URL, which was broken.
Currently broken on NixOS due to hardcoded modprobe binary path (see
bug #30756 from Oct 2017), no activity on a proposed fix for months.
As the protocol is terribly broken anyways, let's better remove it
completely, and not talk about anymore ;-)
Closes#30756.
- prometheus exporters are now configured with
`services.prometheus.exporters.<name>`
- the exporters are now defined by attribute sets
from which the options for each exporter are generated
- most of the exporter definitions are used unchanged,
except for some changes that should't have any impact
on the functionality.
The working directory needs the x flag, otherwise executors (e.g. sparks executor) are unable to cd into their sandbox and create e.g. temporary files.
In AdRoll/hologram#62 support was added to hologram to configure
LDAP-based authorization of which roles a user was allowed to get
credentials for. This adds the ability to configure that.
Additionally, AdRoll/hologram/#94 added support to customize the LDAP
group query, so this also feeds that configuration through.
fixes#37393
Instead of intersecting system strings, we filter with the sort of
patterns used in `meta.platforms`.
Indicating this change `forTheseSystems` has been renamed to
`forMatchingSystems`, since the given list is now patterns to match, and
not the systems themselves. [Just as with `meta.platforms`, systems
strings are also supported for backwards compatibility.]
This is more flexible, and makes the `forMatchingSystems` and
packagePlatforms` cases more analogous.
Using gitea over ssh had two isses:
1. No shell was set for the user
2. Gitea tried to write logs to
/nix/store/x83q12kyd9gw1pay036dxz2dq0apf17h-gitea-1.3.2-bin/log when
serving the ssh usage.
By default, OnlyKey device (https://crp.to/p/) won't work on Linux (and,
therefore, NixOS). This is unintuitive and requires one to search for a
solution in the documentation.
This change allows one to enable OnlyKey device support directly from
their NixOS configuration.
Commit 1f2b938 introduced a module for evilwm as a window-manager, but
did not actually add this module to window-manager's default.nix which
renders it useless.
I was mainly considering Jellyfish and Jaguar (and Jackrabbit).
Originally I was inclined for Jellyfish, but then I thought of the
release T-shirts someone makes and it didn't seem suitable...
Jaguar would keep the name referring to a car as well, but as a
not-too-old (Mac) OS version is codenamed that way, I didn't go for it.
I've started digging into the actual cause of the problem a week ago but
didn't continue fixing this.
The reason why the tests are failing is because
torvalds/linux/commit/72f5e08dbba2d01aa90b592cf76c378ea233b00b has
remapped the location of the TSS into the CPU entry area and we did
update our default kernel to version 4.14 in NixOS/nixpkgs@88530e02b6.
Back to VirtualBox: The guru meditation happens in
selmRCGuestTssPostWriteCheck, which I think is only a followup error. I
believe the right location couldn't be determined by VirtualBox and thus
the write check function triggers that panic because it's reading from
the wrong location.
So the actual problem *only* surfaces whenever we use software
virtualization, which we do for our tests because we don't have nested
virtualization available.
Our tests are also for testing the functionality of VirtualBox itself
and not certain kernel versions or kernel features, so for the time
being and until this is fixed, let's actually use kernel version 4.9 for
the guests within the VM tests. Kernel 4.9 didn't have the mentioned
change of the TSS location and thus the tests succeed.
Signed-off-by: aszlig <aszlig@nix.build>
Cc: @dtzWill
Resolved the following conflicts (by carefully applying patches from the both
branches since the fork point):
pkgs/development/libraries/epoxy/default.nix
pkgs/development/libraries/gtk+/3.x.nix
pkgs/development/python-modules/asgiref/default.nix
pkgs/development/python-modules/daphne/default.nix
pkgs/os-specific/linux/systemd/default.nix
Kernel symlinks don't have st_size. Really thought I tested this, guess I ran the
wrong NixOS test :(
This reverts commit 6dab907ebe, reversing
changes made to eab479a5f0.
This can be used to fix issues where udhcpc times out before
acquiring a lease. For example of these issues, see:
https://bugs.alpinelinux.org/issues/3105#note-8
Signed-off-by: Dino A. Dai Zovi <ddz@theta44.org>
The function arguments for make-squashfs.nix have changed in
df117acab7, so we need to change them here
as well.
The boot.netboot NixOS VM test now succeeds again.
Signed-off-by: aszlig <aszlig@nix.build>
Cc: @edolstra
Updated to the latest version of the nixos-v237 branch, which fixes two
things:
* Make sure that systemd looks in /etc for configuration files.
https://github.com/NixOS/systemd/pull/15
* Fix handling of the x-initrd.mount option.
https://github.com/NixOS/systemd/pull/16
I've added NixOS VM tests for both to ensure we won't run into
regressions. The newly added systemd test only tests for that and is by
no means exhaustive, but it's a start.
Personally I only wanted to fix the former issue, because that's the one
I've been debugging. After sending in a pull request for our systemd
fork (https://github.com/NixOS/systemd/pull/17) I got a notice from
@Mic92, that he already fixed this and his fix was even better as it's
even suitable for upstream (so we hopefully can drop that patch
someday).
The reason why the second one came in was simply because it has been
merged before the former, but I thought it would be a good idea to have
tests for that as well.
In addition I've removed the sysconfdir=$out/etc entry to make sure the
default (/etc) is used. Installing is still done to $out, because those
directories that were previously into sysconfdir now get into
factoryconfdir.
Quote from commit NixOS/systemd@98067cc806:
By default systemd should read all its configuration from /etc.
Therefore we rely on -Dsysconfdir=/etc in meson as default value.
Unfortunately this would also lead to installation of systemd's own
configuration files to `/etc` whereas we are limited to /nix/store. To
counter that this commit introduces two new configuration variables
`factoryconfdir` and `factorypkgconfdir` to install systemd's own
configuration into nix store again, while having executables looking
up files in /etc.
Tested this change against all of the NixOS VM tests we have in
nixos/release.nix. Between this change and its parent no new tests were
failing (although a lot of them were flaky).
Signed-off-by: aszlig <aszlig@nix.build>
Cc: @Mic92, @tk-ecotelecom, @edolstra, @fpletz
Fixes: #35415Fixes: #35268
Pass the -L flag to curl to make it follow redirects. This fixes an
issue I found when setting up reverse proxy for Jenkins. Without this
fix, the returned HTTP code was stuck at 302, making postStart fail the
service (it expects 200 or 403).
All 5 daemon types can be enabled and configured through the module and the module both creates the ceph.conf required but also creates and enables specific services for each daemon, based on the systemd service files that upstream provides.
I determined which options got changed by executing the following
commands in the strongswan repository:
git diff -U20 5.6.0..5.6.1 src/swanctl/swanctl.opt
git diff -U20 5.6.0..5.6.1 conf
The strongswan-swanctl systemd service starts charon-systemd. This implements a IKE daemon
very similar to charon, but it's specifically designed for use with systemd. It uses the
systemd libraries for a native integration.
Instead of using starter and an ipsec.conf based configuration, the daemon is directly
managed by systemd and configured with the swanctl configuration backend.
See: https://wiki.strongswan.org/projects/strongswan/wiki/Charon-systemd
Note that the strongswan.conf and swantctl.conf configuration files are automatically
generated based on NixOS options under services.strongswan-swanctl.strongswan and
services.strongswan-swanctl.swanctl respectively.
* digitalbitbox: init at 2.2.2
The commits that lead to this have been squashed from independent
commits see branch @vidbina/add/digitalbitbox-wip that did the
following:
- 0a3030fa0ec digitalbitbox: init at 2.2.2
- c18ffa3ffd4 digitalbitbox: moved meta to EOF
- 0c5f3d6972a digitalbitbox: using preConfigure + configureFlags
- a85b1dfc3fd digitalbitbox: nativeBuildInputs
- 90bdd35ef0f digitalbitbox: autoreconfHook
- 91810eea055 digitalbitbox: default installPhase & makeWrapper
- 90e43fb7e2a digitalbitbox: doc rm $PWD hack & printf-tee deal
- fd033b2fe5a digitalbitbox: cleanup, alphabetically sort attrs
- c5907982db3 digitalbitbox: added hardware module
- 88e46bc9ae0 digitalbitbox: added program module
- amend to change name: dbb-app -> digitalbitbox
- amend to add install instructions based on feedback
(https://github.com/NixOS/nixpkgs/pull/33787#issuecomment-362813149)
- amend to add longDescription
- moved program to its own dir
- overridable udev rules handling
- added docs to manual
- added package attr to program module
- added package attr to hardware module
* digitalbitbox: use libsForQt5.callPackage
These (outdated) derivations are only used by nixos/lib/testing.nix.
If we want to provide jquery & jquery-ui packages this is better done
in nodePackages.
Eelco Dolstra wrote:
Hm, this is not really the intended use of stateVersion. From the description:
Every once in a while, a new NixOS release may change
configuration defaults in a way incompatible with stateful
data. For instance, if the default version of PostgreSQL
changes, the new version will probably be unable to read your
existing databases. To prevent such breakage, you can set the
value of this option to the NixOS release with which you want
to be compatible. The effect is that NixOS will option
defaults corresponding to the specified release (such as using
an older version of PostgreSQL).
So this is only intended for options that have some corresponding on-disk state. AFAICT this is not the case for sound. In any case stateVersion is a necessary evil that only exists because we can't just upgrade Postgres databases or change SSH host keys. It's not necessary for things like whether sound is enabled. (If the user discovers that sound is suddenly disabled, they can just enable it.)
I had some vague recollection that we also had a configVersion option setting to control the defaults for non-state-related options, but I can't find it so maybe it was only discussed.
Use systemd to create the directory for UNIX socket. Also use localhost instead
of 127.0.0.1 as is done in default cupsd.conf so that IPv6 is enabled when
available.
Use systemd to create the directory for UNIX socket. Also use localhost instead
of 127.0.0.1 as is done in default cupsd.conf so that IPv6 is enabled when
available.
- split outputs (doc, man, out)
- a new runtime dependency on getconf
- fix up SCRIPTS_DIR in wrapper
- clean output folder of stray doc files
- add license & maintainer
Tested with `nixos/tests/rabbitmq.nix`, inside a docker image and manually.
novacom and novacomd build on aarch64, but the daemon
fails to start with something like:
novacomd[547]: unhandled level 2 translation fault (11) at 0x00000000, esr 0x92000046
So, uh, nevermind that then.
This is unlikely to break and is a cheap test.
I'd like to be notified if it stops working.
If this ever blocks anything and I've been notified
you have my blessing to remove this as I doubt
many folks depend on it.
We want to wait for both stacks to be active before declaring that network is active.
So either both default gateways must be specified or only IPv4 if IPv6 is disabled to
avoid dhcpcd for network-online.target.
When the znapzend module was enabled for the first time with pure =
true; then the list of previous entries is empty, but xargs still tried
to execute a znapzendzetup delete command with no arguments, which made
it fail
network-online.target properly depends on the underlying network
management tool (e.g. NixOS static configuration scripts, dhcpcd,
NetworkManager, networkd) signalling that all interfaces are up and
appropriately configured (to whatever degree possible/required), whereas
network.target only indicates that the network management tool itself
has started.
At one point in my configuration I had:
boot.kernel.sysctl = {
# https://unix.stackexchange.com/questions/13019/description-of-kernel-printk-values
"kernel.printk" = "4 4 1 7";
};
which triggered:
error: The unique option `boot.kernel.sysctl.kernel.printk' is defined multiple times, in `/home/teto/dotfiles/nixpkgs/mptcp-unstable.nix' and `/home/teto/nixpkgs/nixos/modules/system/boot/kernel.nix'.
(use ‘--show-trace’ to show detailed location information)
Traceback (most recent call last):
File "/home/teto/nixops/scripts/nixops", line 984, in <module>
args.op()
File "/home/teto/nixops/scripts/nixops", line 406, in op_deploy
max_concurrent_activate=args.max_concurrent_activate)
File "/home/teto/nixops/nixops/deployment.py", line 1045, in deploy
self.run_with_notify('deploy', lambda: self._deploy(**kwargs))
File "/home/teto/nixops/nixops/deployment.py", line 1034, in run_with_notify
f()
File "/home/teto/nixops/nixops/deployment.py", line 1045, in <lambda>
self.run_with_notify('deploy', lambda: self._deploy(**kwargs))
File "/home/teto/nixops/nixops/deployment.py", line 985, in _deploy
self.configs_path = self.build_configs(dry_run=dry_run, repair=repair, include=include, exclude=exclude)
File "/home/teto/nixops/nixops/deployment.py", line 653, in build_configs
raise Exception("unable to build all machine configurations")
Exception: unable to build all machine configurations
This simple addition allows to override it.
After the systemd 237 upgrade, radvd wouldn't start anymore because the
PID file cannot be written. It seems that directories in /run has to be
explicitely defined as RuntimeDirectory now. The PID file isn't needed
due to systemd, though, so it was removed along with forking and loggia
via syslog.
This fixes the ipv6 NixOS test.
Alertmanager 0.13.0 doesn't support single dash long options, so '-config.file'
for example is parsed as '-c', which leads to the service not starting.
Previously the parameters were just dropped. Now they can be read
from within the handler script. An example to show this is added.
Makes use of the new writeShellScript function as suggested in:
issue #21557
resolves: #21557
Inspired from the dhcpd service implementation
Only 2 configurations options at the moment:
- enabled
- path to config directory (defaults to /etc/raddb)
Implementation was also inspired from ArchLinux
systemd file and corrected with @dotlambda and
@fpletz help.
This allows one to specify "related packages" in NixOS that get rendered into
the configuration.nix(5) man page. The interface philosophy is pretty much
stolen from TeX bibliography.
See the next several commits for examples.
Currently, when building NixOS from a git clone, Nix has to copy
the entire repo at >1GB into the store by default. That is not
necessary and causes a dumping large path message.
If you need the old behaviour for some reason, you will have to
specify it by passing the path to your repo explicitly as the
nixpkgs argument like this:
--arg nixpkgs '{outPath = ./.; revCount = 56789; shortRev = "gfedcba"; }'
If you have more than 1 User with hasedPassword Option set it generates
```
rm -f /var/lib/mosquitto/passwd
touch /var/lib/mosquitto/passwd
echo 'user1:$6$xxx' > /var/lib/mosquitto/passwd
echo 'user2:$6$xxx' > /var/lib/mosquitto/passwd
```
Which ends up in only having 1 user.
Of course, you'll get a bunch of warnings from the activation script:
$ nixos-enter --root /tmp/mnt/
setting up /etc...
mount: /dev: permission denied.
mount: /dev/pts: permission denied.
mount: /dev/shm: permission denied.
mount: /sys: permission denied.
/nix/var/nix/profiles/system/activate: line 74: /proc/sys/kernel/modprobe: Permission denied
chown: changing ownership of '/run/wrappers/wrappers.0pKlU8JsvV/dbus-daemon-launch-helper': Invalid argument
NOTE: Under Linux, effective file capabilities must either be empty, or
exactly match the union of selected permitted and inheritable bits.
Failed to set capabilities on file `/run/wrappers/wrappers.0pKlU8JsvV/ping' (Operation not permitted)
chown: changing ownership of '/run/wrappers/wrappers.0pKlU8JsvV/unix_chkpwd': Invalid argument
[root@nixos:/]#
l2tp saves its secrets into /etc/ipsec.d but strongswan would not read
them. l2tp checks for /etc/ipsec.secrets includes /etc/ipsec.d and if
not tries to write into it.
Solution:
Have the strongswan module create /etc/ipsec.d and /etc/ipsec.secrets
when networkmanager_l2tp is installed.
Include /etc/ipsec.secrets in
/nix/store/hash-strongswan/etc/ipsec.secrets so that it can find l2tp
secrets.
Also when the ppp 'nopeerdns' option is used, the DNS resolver tries to
write into an alternate file /etc/ppp/resolv.conf. This fails when
/etc/ppp does not exist so the module creates it by default.
