Commit Graph

12671 Commits

Author SHA1 Message Date
Florian Klink
aa2878cfcf
Merge pull request #58284 from bgamari/gitlab-rails
nixos/gitlab: Package gitlab-rails
2019-03-28 21:12:15 +01:00
Silvan Mosberger
9d4a6cceb7
Merge pull request #57550 from florianjacob/typed-mysql-options
nixos/mysql: specify option types, add tests
2019-03-28 18:55:53 +01:00
Silvan Mosberger
be2f711342
Merge pull request #58487 from bgamari/gitlab-gitaly-procpc
gitaly: Run gitaly with procps in scope
2019-03-28 18:22:27 +01:00
Ben Gamari
af909b3238 nixos/gitlab: Package gitlab-rails
This utility (particularly `gitlab-rails console`) is packaged by GitLab
Omnibus and is used for diagnostics and maintenance operations.
2019-03-28 11:45:31 -04:00
lewo
dc3ed336df
Merge pull request #58345 from xtruder/pkgs/dockerTools/pullImage/finalImageName
dockerTools: add finalImageName parameter for pullImage
2019-03-28 16:25:01 +01:00
Aaron Andersen
417da42c02 nixos/mailcatcher: fix test to be compatible with mailcatcher 7.x series 2019-03-28 11:15:20 -04:00
Ben Gamari
b90f5f03c2 nixos/gitaly: Run gitaly with procps in scope
Gitaly uses `ps` to track the RSS of `gitlab-ruby` and kills it when it
detects excessive memory leakage. See
https://gitlab.com/gitlab-org/gitaly/issues/1562.
2019-03-28 10:48:51 -04:00
Florian Klink
6670b4c37d
Merge pull request #58419 from flokli/ldap-nslcd-startup
nixos/ldap: set proper User= and Group= for nslcd service
2019-03-28 14:30:14 +01:00
Florian Klink
8817bbefdb nixos/ldap: set proper User= and Group= for nslcd service
eb90d97009 broke nslcd, as /run/nslcd was
created/chowned as root user, while nslcd wants to do parts as nslcd
user.

This commit changes the nslcd to run with the proper uid/gid from the
start (through User= and Group=), so the RuntimeDirectory has proper
permissions, too.

In some cases, secrets are baked into nslcd's config file during startup
(so we don't want to provide it from the store).

This config file is normally hard-wired to /etc/nslcd.conf, but we don't
want to use PermissionsStartOnly anymore (#56265), and activation
scripts are ugly, so redirect /etc/nslcd.conf to /run/nslcd/nslcd.conf,
which now gets provisioned inside ExecStartPre=.

This change requires the files referenced to in
users.ldap.bind.passwordFile and users.ldap.daemon.rootpwmodpwFile to be
readable by the nslcd user (in the non-nslcd case, this was already the
case for users.ldap.bind.passwordFile)

fixes #57783
2019-03-28 13:08:47 +01:00
aszlig
ada3239253
nixos/release-notes: Add entry about confinement
First of all, the reason I added this to the "highlights" section is
that we want users to be aware of these options, because in the end we
really want to decrease the attack surface of NixOS services and this is
a step towards improving that situation.

The reason why I'm adding this to the changelog of the NixOS 19.03
release instead of 19.09 is that it makes backporting services that use
these options easier. Doing the backport of the confinement module after
the official release would mean that it's not part of the release
announcement and potentially could fall under the radar of most users.

These options and the whole module also do not change anything in
existing services or affect other modules, so they're purely optional.

Adding this "last minute" to the 19.03 release doesn't hurt and is
probably a good preparation for the next months where we hopefully
confine as much services as we can :-)

I also have asked @samueldr and @lheckemann, whether they're okay with
the inclusion in 19.03. While so far only @samueldr has accepted the
change, we can still move the changelog entry to the NixOS 19.09 release
notes in case @lheckemann rejects it.

Signed-off-by: aszlig <aszlig@nix.build>
2019-03-27 21:07:07 +01:00
aszlig
52299bccf5
nixos/confinement: Use PrivateMounts option
So far we had MountFlags = "private", but as @Infinisil has correctly
noticed, there is a dedicated PrivateMounts option, which does exactly
that and is better integrated than providing raw mount flags.

When checking for the reason why I used MountFlags instead of
PrivateMounts, I found that at the time I wrote the initial version of
this module (Mar 12 06:15:58 2018 +0100) the PrivateMounts option didn't
exist yet and has been added to systemd in Jun 13 08:20:18 2018 +0200.

Signed-off-by: aszlig <aszlig@nix.build>
2019-03-27 20:34:32 +01:00
aszlig
861a1cec60
nixos/confinement: Remove handling for StartOnly
Noted by @Infinisil on IRC:

   infinisil: Question regarding the confinement PR
   infinisil: On line 136 you do different things depending on
              RootDirectoryStartOnly
   infinisil: But on line 157 you have an assertion that disallows that
              option being true
   infinisil: Is there a reason behind this or am I missing something

I originally left this in so that once systemd supports that, we can
just flip a switch and remove the assertion and thus support
RootDirectoryStartOnly for our confinement module.

However, this doesn't seem to be on the roadmap for systemd in the
foreseeable future, so I'll just remove this, especially because it's
very easy to add it again, once it is supported.

Signed-off-by: aszlig <aszlig@nix.build>
2019-03-27 20:22:37 +01:00
Maximilian Bosch
3fc3096da8
Merge pull request #58432 from aanderse/mailcatcher
nixos/mailcatcher: init module for existing package
2019-03-27 16:11:15 +01:00
Aaron Andersen
c99ea1c203 nixos/mailcatcher: add nixos test 2019-03-27 09:56:46 -04:00
Aaron Andersen
395ec8c0d4 nixos/mailcatcher: init module for existing package 2019-03-27 09:15:47 -04:00
Benjamin Hipple
8b3500c650 nixos.cron: fix docstring sentence 2019-03-26 23:22:20 -04:00
Silvan Mosberger
2a72707c1f
nixos/modules: Remove about 50 option renames from <=2015
These are all `mkRenamedOptionModule` ones from 2015 (there are none
from 2014). `mkAliasOptionModule` from 2015 were left in because those
don't give any warning at all.
2019-03-27 03:10:14 +01:00
Florian Klink
0a1451afe3 nixos/ldap: rename password file options properly
users.ldap.daemon.rootpwmodpw -> users.ldap.daemon.rootpwmodpwFile
users.ldap.bind.password -> users.ldap.bind.passwordFile

as users.ldap.daemon.rootpwmodpw never was part of a release, no
mkRenamedOptionModule is introduced.
2019-03-27 02:53:56 +01:00
Silvan Mosberger
8471ab7624
Merge pull request #57836 from reanimus/duo-secure-fail
nixos/security: make duo support secure failure correctly
2019-03-27 01:58:42 +01:00
Daiderd Jordan
018d329dbc
Merge pull request #57928 from averelld/plex-update
plex: 1.14.1.5488 -> 1.15.1.791
2019-03-26 20:22:34 +01:00
Jaka Hudoklin
468df177c4
dockerTools: add finalImageName parameter for pullImage 2019-03-26 19:35:14 +01:00
Florian Klink
476760bfeb
Merge pull request #57578 from bgamari/gitlab-extra-initializers
nixos/gitlab: Allow configuration of extra initializers
2019-03-26 11:08:11 +01:00
aszlig
68efd790b8
nixos: Don't enable Docker by default
Regression introduced by c94005358c.

The commit introduced declarative docker containers and subsequently
enables docker whenever any declarative docker containers are defined.

This is done via an option with type "attrsOf somesubmodule" and a check
on whether the attribute set is empty.

Unfortunately, the check was whether a *list* is empty rather than
wether an attribute set is empty, so "mkIf (cfg != [])" *always*
evaluates to true and thus subsequently enables docker by default:

$ nix-instantiate --eval nixos --arg configuration {} \
    -A config.virtualisation.docker.enable
true

Fixing this is simply done by changing the check to "mkIf (cfg != {})".

Tested this by running the "docker-containers" NixOS test and it still
passes.

Signed-off-by: aszlig <aszlig@nix.build>
Cc: @benley, @danbst, @Infinisil, @nlewo
2019-03-26 07:10:18 +01:00
Matthew Bauer
2924563f88
Merge pull request #57925 from rnhmjoj/ifnames-fix
nixos/tests/predictable-interfaces: fix failure on aarch64
2019-03-25 22:23:11 -04:00
Matthew Bauer
38c6c7c8a3
Merge pull request #57617 from aaronjanse/patch-20190313a
nixos/manual: clarify declarative packages section
2019-03-25 22:16:47 -04:00
Matthew Bauer
d468f4b27e
Merge pull request #57139 from delroth/firewall-dedup
nixos/firewall: canonicalize ports lists
2019-03-25 22:15:17 -04:00
Ben Gamari
f2bdc91b35 nixos/gitlab: Allow configuration of extra initializers
This adds a configuration option allowing the addition of additional
initializers in config/extra-gitlab.rb.
2019-03-25 15:18:35 -04:00
Jean-Baptiste Giraudeau
0333d877c2
Use same user for both prometheus 1 and 2. Use StateDirectory. 2019-03-25 14:49:22 +01:00
Jean-Baptiste Giraudeau
5ae25922b5
Prometheus2: --web.external-url need two dash. 2019-03-25 14:36:48 +01:00
Jean-Baptiste Giraudeau
bfbae97cfa
Rollback versionning of services.prometheus.{exporters, alertmanager}. 2019-03-25 14:36:46 +01:00
Alberto Berti
e17b464a43
Fix alertmanager service definition. Thanks to @eonpatapon 2019-03-25 14:36:45 +01:00
Alberto Berti
1b6ce80c2b
Make it pass a minimal test 2019-03-25 14:36:44 +01:00
Alberto Berti
11b89720b7
Add prometheus2 configuration to the prometheus modules
As the configuration for the exporters and alertmanager is unchanged
between the two major versions this patch tries to minimize
duplication while at the same time as there's no upgrade path from 1.x
to 2.x, it allows running the two services in parallel. See also #56037
2019-03-25 14:36:44 +01:00
Samuel Dionne-Riel
60847311e6 nixos/virtualbox-image: set the root fsType to reenable root FS resizing
This otherwise does not eval `:tested` any more, which means no nixos
channel updates.

Regression comes from 0eb6d0735f (#57751)
which added an assertion stopping the use of `autoResize` when the
filesystem cannot be resized automatically.
2019-03-24 22:41:26 -04:00
Danylo Hlynskyi
40cc269561
Merge branch 'master' into postgresql-socket-in-run 2019-03-25 01:06:59 +02:00
Benjamin Staffin
c94005358c NixOS: Run Docker containers as declarative systemd services (#55179)
* WIP: Run Docker containers as declarative systemd services

* PR feedback round 1

* docker-containers: add environment, ports, user, workdir options

* docker-containers: log-driver, string->str, line wrapping

* ExecStart instead of script wrapper, %n for container name

* PR feedback: better description and example formatting

* Fix docbook formatting (oops)

* Use a list of strings for ports, expand documentation

* docker-continers: add a simple nixos test

* waitUntilSucceeds to avoid potential weird async issues

* Don't enable docker daemon unless we actually need it

* PR feedback: leave ExecReload undefined
2019-03-25 00:59:09 +02:00
Bob van der Linden
4c1af9b371
nixos/tests: nghttpx: /var/run -> /run 2019-03-24 21:15:35 +01:00
Bob van der Linden
09bff929df
nixos/tests: osquery: /var/run -> /run 2019-03-24 21:15:34 +01:00
Bob van der Linden
d8dc1226f4
nixos/openvswitch: /var/run -> /run 2019-03-24 21:15:34 +01:00
Bob van der Linden
8c1e00095a
nixos/docker: /var/run -> /run 2019-03-24 21:15:34 +01:00
Bob van der Linden
1eefda5595
nixos/xpra: /var/run -> /run 2019-03-24 21:15:33 +01:00
Bob van der Linden
889bb1e91e
nixos/kodi: /var/run -> /run 2019-03-24 21:15:33 +01:00
Bob van der Linden
65710d1df5
nixos/mighttpd2: /var/run -> /run 2019-03-24 21:15:33 +01:00
Bob van der Linden
f09fb4d4dd
nixos/tt-rss: /var/run -> /run 2019-03-24 21:15:32 +01:00
Bob van der Linden
9b100c4e6f
nixos/selfoss: /var/run -> /run 2019-03-24 21:15:32 +01:00
Bob van der Linden
cdc6f2e484
nixos/restya-board: /var/run -> /run 2019-03-24 21:15:31 +01:00
Bob van der Linden
bde23ec9a3
nixos/codimd: /var/run -> /run 2019-03-24 21:15:31 +01:00
Bob van der Linden
60481ba3fd
nixos/hologram-agent: /var/run -> /run 2019-03-24 21:15:30 +01:00
Bob van der Linden
798931135e
nixos/fcron: /var/run -> /run 2019-03-24 21:15:30 +01:00
Bob van der Linden
0cf1944c36
nixos/cups: /var/run -> /run 2019-03-24 21:15:30 +01:00
Bob van der Linden
323e8ef375
nixos/xrdp: /var/run -> /run 2019-03-24 21:15:29 +01:00
Bob van der Linden
210b7134d3
nixos/wpa_supplicant: /var/run -> /run 2019-03-24 21:15:29 +01:00
Bob van der Linden
b9e27ec43e
nixos/supplicant: /var/run -> /run 2019-03-24 21:15:29 +01:00
Bob van der Linden
8062476f73
nixos/raccoon: /var/run -> /run 2019-03-24 21:15:28 +01:00
Bob van der Linden
34738dea2a
nixos/ocserv: /var/run -> /run 2019-03-24 21:15:28 +01:00
Bob van der Linden
cc5f08fed8
nixos/miniupnpd: /var/run -> /run 2019-03-24 21:15:28 +01:00
Bob van der Linden
321bc431cc
nixos/lldpd: /var/run -> /run 2019-03-24 21:15:27 +01:00
Bob van der Linden
1e48222cbe
nixos/ircd-hybrid: /var/run -> /run 2019-03-24 21:15:27 +01:00
Bob van der Linden
937e733c04
nixos/htpdate: /var/run -> /run 2019-03-24 21:15:26 +01:00
Bob van der Linden
1a567685b2
nixos/hostapd: /var/run -> /run 2019-03-24 21:15:26 +01:00
Bob van der Linden
82dee48ef2
nixos/bind: /var/run -> /run 2019-03-24 21:15:26 +01:00
Bob van der Linden
9afbe4c2bd
nixos/avahi-daemon: /var/run -> /run 2019-03-24 21:15:25 +01:00
Bob van der Linden
08558245a4
nixos/asterisk: /var/run -> /run 2019-03-24 21:13:19 +01:00
Dmitry Kalinkin
cf7f234ff5
Merge pull request #57527 from Chiiruno/dev/meguca
Init: statik, Update: easyjson, quicktemplate, meguca, hydron
2019-03-24 15:26:37 -04:00
Robert Schütz
149f580412
home-assistant: 0.89.2 -> 0.90.1 (#58017)
https://www.home-assistant.io/blog/2019/03/20/release-90/
2019-03-24 19:45:35 +01:00
Andreas Rammhold
af27dbf1d1
Merge pull request #57897 from rnhmjoj/fix-ipv6
nixos/containers: create veths if only IPv6 is configured
2019-03-24 18:17:06 +01:00
Andreas Rammhold
862615b86e
nixos/release: make ipv6 tests as important as legacy IP tests
IPv6 container support broke a while ago and we didn't notice it. Making
them part of the (small) release test set should fix that. At this point
in time they should be granted the same amount of importance as the
legacy IP tests.
2019-03-24 18:09:39 +01:00
worldofpeace
ffe35f3f76 nixos/pantheon: add meta.maintainers 2019-03-24 07:04:28 -04:00
worldofpeace
f812cba2cf nixos/pantheon/files: add meta.maintainers 2019-03-24 07:04:28 -04:00
worldofpeace
415bceed8e nixos/pantheon/contractor: add meta.maintainers 2019-03-24 07:04:28 -04:00
worldofpeace
3565b1775a nixos/gsignond: add meta.maintainers 2019-03-24 07:04:28 -04:00
Tom Fitzhenry
0d67c6a52b syslinux: change serial bit rate to 115200
Prior to this commit an installation over serial via syslinux would
involve:
1. setting bitrate to BIOS's bitrate (typically 115200)
2. setting bitrate to syslinux's bitrate (38400)
3. setting bitrate to stty's bitrate (115200)

By changing syslinux's bitrate to 115200, an installation over serial
is a smoother experience, and consistent with the GRUB2 installation
which is also 115200 bps.

    [root@nixos:~]# stty
    speed 115200 baud; line = 0;
    -brkint ixoff iutf8
    -iexten

In a future commit I will add default serial terminals to the syslinux
kernel lines.
2019-03-24 19:36:30 +11:00
Dmitry Kalinkin
6f95ac3588
Merge pull request #57988 from lopsided98/buildbot-update
buildbot: 1.8.1 -> 2.1.0
2019-03-23 20:38:20 -04:00
markuskowa
d71472beaf
Merge pull request #57434 from ck3d/user-dwm
nixos dwm: start user installed dwm if available
2019-03-23 23:49:34 +01:00
Ben Gamari
2036550a46 nixos/docker-registry: Allow use of non-filesystem storage
Previously this module precluded use of storage backends other than
`filesystem`. It is now possible to configure another storage backend
manually by setting `services.dockerRegistry.storagePath` to `null` and
configuring the other backend via `extraConfig`.
2019-03-23 10:32:56 +00:00
tv
59fac1a6d7 nixos/nginx: use writeNginxConfig 2019-03-23 11:16:14 +01:00
Frederik Rietdijk
23e431387b Merge staging-next into staging 2019-03-23 09:20:09 +01:00
Okina Matara
40d7079f79
nixos/meguca: Add videoPaths, set postgresql version to 11 2019-03-23 01:19:29 -05:00
Joachim F
94864bbd37
Merge pull request #57133 from markuskowa/upd-slurm
slurm: 18.08.5.2 -> 18.08.6.2
2019-03-23 06:17:58 +00:00
Ben Wolsieffer
b2e11e0cdf buildbot: 1.8.1 -> 2.1.0 2019-03-22 18:43:15 -04:00
Averell Dalton
028a4b6a53 plex: 1.14.1.5488 -> 1.15.2.793 2019-03-22 20:33:22 +01:00
Sarah Brofeldt
78c95f561f
Merge pull request #58031 from dotlambda/elasticsearch-curator-application
elasticsearch-curator: add top-level package using older click
2019-03-22 20:11:54 +01:00
Gabriel Ebner
03f7c82e62
Merge pull request #57826 from gebner/anbox
anbox: init at 2019-03-07
2019-03-22 19:19:47 +01:00
Florian Klink
9aa57902cc
Merge pull request #57938 from flokli/network-manager-rename-changelog
network-manager: move para about service rename to 19.09 changelog
2019-03-22 19:18:47 +01:00
Dmitry Kalinkin
0e57b98b2c
Merge pull request #57596 from artemist/nginx-return
nixos/nginx: add return option to location
2019-03-22 14:08:33 -04:00
Vladimír Čunát
1ad3f34a99
nixos manual Makefile: improve purity
And be quiet when building/downloading the required tools.
2019-03-22 14:48:08 +01:00
Vladimír Čunát
4c3ec0e325
nixos docs: run the formatting tool (no content change)
As documented in the docs themselves :-)
2019-03-22 14:44:11 +01:00
lewo
715365ee02
Merge pull request #58024 from nlewo/openstack-fstype
openstackImage: set the / fsType to reenable root FS resizing
2019-03-22 14:40:27 +01:00
lewo
c8a65c2d71
Merge pull request #57751 from talyz/master
filesystems: Add autoResize assertion
2019-03-22 14:35:57 +01:00
Vladimír Čunát
11d204a9c4
nixos docs: improve GPU driver documentation
I'm not 100% sure about the incompatibility lines,
but I believe it's better to discourage these anyway.
If you find better information, feel free to amend...

The 32-bit thing is completely GPU-agnostic, so I can't see why we had
it separately for proprietary drivers and missing for the rest.
2019-03-22 14:31:17 +01:00
Jörg Thalheim
e6ad7eeecd
Merge pull request #58055 from dtzWill/fix/zsh-history-dont-export-vars
zsh: don't export HISTFILE and friends
2019-03-22 07:02:29 +00:00
Wael M. Nasreddine
5af0780492
Merge remote-tracking branch 'origin/master' into staging
* origin/master: (693 commits)
  buildGoModule: use go_1_12 instead of go_1_11 (#58103)
  gitAndTools.lab: 0.15.2 -> 0.15.3 (#58091)
  signal-desktop: 1.22.0 -> 1.23.0
  added missing semicolon to documentation
  terminus_font_ttf: 4.46.0 -> 4.47.0
  buildGoModule: remove SSL env vars in favor of cacert in buildInputs (#58071)
  dav1d: init at 0.2.1
  dropbox-cli: 2018.11.28 -> 2019.02.14
  atlassian-confluence: 6.14.1 -> 6.14.2
  maintainers: update email for dywedir
  python.pkgs.hglib: use patch to specify hg path (#57926)
  chkrootkit: 0.52 -> 0.53
  radare2-cutter: 1.7.2 -> 1.8.0
  autorandr: 1.7 -> 1.8
  pythonPackages.pyhepmc: fix build
  llvm-polly/clang-polly: use latest llvm
  apulse: 0.1.11.1 -> 0.1.12, cleanup
  factorio: experimental 0.17.14 → 0.17.16 (#58000)
  sequeler: 0.6.7 -> 0.6.8
  nasc: 0.5.1 -> 0.5.2
  ...
2019-03-21 21:01:25 -07:00
Dmitry Moskowski
7e4ca152a4 added missing semicolon to documentation 2019-03-21 22:22:13 +00:00
Matthew Bauer
73be6fba8b
Merge pull request #54625 from FlorianFranzen/efi32
grub: Support 32bit EFI on 64bit platforms
2019-03-21 11:39:45 -04:00
Will Dietz
173f79f690 zsh: don't export HISTFILE and friends
Just set them normally.
Exporting them will propagate them to all executed programs
such as bash (as used by nix-shell or nix run),
and badness ensues when different formats are used.
2019-03-21 10:28:20 -05:00
Robert Schütz
c0409de98d elasticsearch-curator: add top-level package using older click
See https://github.com/NixOS/nixpkgs/pull/58023 for a discussion
of why this is necessary. The upstream issue can be found at
https://github.com/elastic/curator/pull/1280.
2019-03-21 11:53:32 +01:00
Antoine Eiche
f116d046f6 openstackImage: set the / fsType to reenable root FS resizing
Since 34234dcb51, the reisizefs tool is
embeded only if the `fsType` starts with `ext`. The default `fsType`
value is `auto`.
2019-03-21 10:04:07 +01:00
Alyssa Ross
0cd7f32a4c
Merge pull request #54627 from FlorianFranzen/waybar
waybar: init at 0.4.0
2019-03-20 23:38:04 +00:00
Samuel Leathers
439936101c
Merge pull request #57856 from Izorkin/zsh-options
nixos/zsh: enable configure history and custom options
2019-03-20 13:08:43 -04:00
Samuel Leathers
cafd07a54e
Merge pull request #56423 from Izorkin/nginx-unit
unit: add service unit and update package
2019-03-20 13:08:05 -04:00
rnhmjoj
552e583ef0
nixos/containers: create veths if only IPv6 is configured
This fixes the failing nixos.tests.containers-ipv6 test. Thanks to andir.
2019-03-20 04:38:10 +01:00
Florian Klink
a54e41a673 network-manager: move para about service rename to 19.09 changelog 2019-03-20 03:09:59 +01:00
Bob van der Linden
40679eb3c8 nixos/zabbix: /var/run -> /run 2019-03-20 00:02:46 +01:00
Bob van der Linden
3068252913 nixos/nagios: /var/run -> /run 2019-03-20 00:02:45 +01:00
Bob van der Linden
78acc82432 nixos/svnserve: /var/run -> /run 2019-03-20 00:02:45 +01:00
Bob van der Linden
3f17dcbbfd nixos/spice-vdagentd: /var/run -> /run 2019-03-20 00:02:45 +01:00
Bob van der Linden
231d815721 nixos/mbpfan: /var/run -> /run 2019-03-20 00:02:45 +01:00
Bob van der Linden
e1376ddd3d nixos/matrix-synapse: /var/run -> /run 2019-03-20 00:02:45 +01:00
Bob van der Linden
c67f2f0815 nixos/spamassassin: /var/run -> /run 2019-03-20 00:02:44 +01:00
Bob van der Linden
edd5c88086 nixos/postgrey: /var/run -> /run 2019-03-20 00:02:44 +01:00
Bob van der Linden
0438ad4712 nixos/pfix-srsd: /var/run -> /run 2019-03-20 00:02:44 +01:00
Bob van der Linden
e8434784bd nixos/rethinkdb: /var/run -> /run 2019-03-20 00:02:43 +01:00
Bob van der Linden
af0380997f nixos/redis: /var/run -> /run 2019-03-20 00:02:43 +01:00
Bob van der Linden
09d3ea4f67 nixos/openldap: /var/run -> /run 2019-03-20 00:02:43 +01:00
Bob van der Linden
660ee99293 nixos/mongodb: /var/run -> /run 2019-03-20 00:02:43 +01:00
Bob van der Linden
651f05c47c nixos/couchdb: /var/run -> /run 2019-03-20 00:02:42 +01:00
Bob van der Linden
66fb3aa1be nixos/bacula: /var/run -> /run 2019-03-20 00:01:45 +01:00
Bob van der Linden
9d4bc79003 nixos/zsh: do not use /var/run 2019-03-20 00:01:45 +01:00
Bob van der Linden
8f6aaa8b78 nixos/xonsh: do not use /var/run 2019-03-20 00:01:45 +01:00
Bob van der Linden
45d43a6472 nixos/fish: do not use /var/run 2019-03-20 00:01:45 +01:00
Bob van der Linden
bad7d82487 nixos/bash: do not use /var/run 2019-03-20 00:01:45 +01:00
Jörg Thalheim
b488c60cdb network-manager: rename systemd service back to match upstream
Compatibility with other distributions/software and expectation
of users coming from other systems should have higher priority over consistency.
In particular this fixes #51375, where the NetworkManager-wait-online.service
broke as a result of this.
2019-03-19 23:48:08 +01:00
rnhmjoj
0279449209
nixos/tests/predictable-interfaces: fix failure on aarch64 2019-03-19 23:20:23 +01:00
Alexey Shmalko
89845931e4
acpilight: add to module-list
acpilight package and module have been added to nixpkgs, but the
module hasn't been added to module-list.nix, so using it results in
the following error.

```
The option `hardware.acpilight' defined in `/etc/nixos/configuration.nix' does not exist.
```

Add the module to module-list.nix.
2019-03-19 23:21:36 +02:00
Peter Hoeg
fe97297bb1 logitech (nixos): support module for logitech input devices 2019-03-19 09:58:57 +08:00
aszlig
12efcc2dee
Merge overlayfs fix, LTS kernel bump and test
In Linux 4.19 there has been a major rework of the overlayfs
implementation and it now opens files in lowerdir with O_NOATIME, which
in turn caused issues in our VM tests because the process owner of QEMU
doesn't match the file owner of the lowerdir.

The crux here is that 9p propagates the O_NOATIME flag to the host and
the guest kernel has no way of verifying whether that flag will lead to
any problems beforehand.

There is ongoing work to possibly fix this in the kernel, but it will
take a while until there is a working patch and consensus.

So in order to bring our default kernel back to 4.19 and of course make
it possible to run newer kernels in VM tests, I'm merging a small QEMU
patch as an interim solution, which we can drop once we have a working
fix in the next round of stable kernels.

Now we already had Linux 4.19 set as the default kernel, but that was
subsequently reverted in 048c36ccaa
because the patch we have used was the revert of the commit I bisected a
while ago.

This patch broke overlayfs in other ways, so I'm also merging in a VM
test by @bachp, which only tests whether overlayfs is working, just to
be on the safe side that something like this won't happen in the future.

Even though this change could be considered a moderate mass-rebuild at
least for GNU/Linux, I'm merging this to master, mainly to give us some
time to get it into the current 19.03 release branch (and subsequent
testing window) once we got no new breaking builds from Hydra.

Cc: @samueldr, @lheckemann

Fixes: https://github.com/NixOS/nixpkgs/issues/54509
Fixes: https://github.com/NixOS/nixpkgs/issues/48828
Merges: https://github.com/NixOS/nixpkgs/pull/57641
Merges: https://github.com/NixOS/nixpkgs/pull/54508
2019-03-19 00:15:51 +01:00
Yurii Izorkin
f56d507e06 nixos/datadog-agent: change start command (#57871) 2019-03-18 13:31:04 -07:00
Izorkin
53d05fd0cc nixos/zsh: enable configure history and custom options 2019-03-18 19:57:54 +03:00
worldofpeace
5e7623aefc nixos/tests/colord: init 2019-03-18 08:05:42 -04:00
Florian Franzen
e51a840259 grub: Support 32bit EFI on 64bit x86 platforms 2019-03-18 10:38:07 +01:00
Florian Franzen
52d0db7e73 nixos/waybar: init module 2019-03-18 09:56:27 +01:00
Edward Tjörnhammar
0f03f28b75 nixos/anbox: init module
Co-authored-by: Luke Adams <luke.adams@belljar.io>
Co-authored-by: Volth <volth@webmaster.ms>
Co-authored-by: Jörg Thalheim <Mic92@users.noreply.github.com>
Co-authored-by: Edward Tjörnhammar <ed@cflags.cc>
Co-authored-by: Gabriel Ebner <gebner@gebner.org>
2019-03-18 09:28:02 +01:00
Alex Guzman
0c34b9fcf8
nixos/security: make duo support secure failure correctly
seems that this got broken when the config option was made to use enums. "secure" got replaced with "enum", which isn't a valid option for the failure mode.
2019-03-17 18:25:20 -07:00
Maximilian Bosch
0c4e9e397e
nixos/wireguard: add test
After working on the last wireguard bump (#57534), we figured that it's
probably a good idea to have a basic test which confirms that a simple
VPN with wireguard still works.

This test starts two peers with a `wg0` network interface and adds a v4
and a v6 route that goes through `wg0`.
2019-03-18 00:22:23 +01:00
Izorkin
42a99b1be2 nixos/unit: init service unit 2019-03-16 19:54:21 +03:00
Léo Gaspard
59c5630f60
Merge branch 'pr-57699'
* pr-57699:
  nixos/matrix: add manual section about self-hosting a matrix client and server
2019-03-16 14:48:39 +01:00
Florian Jacob
ef52869ef1 nixos/matrix: add manual section
about self-hosting a matrix client and server
2019-03-16 14:26:07 +01:00
talyz
0eb6d0735f filesystems: Add autoResize assertion
Assert that autoResize is only used when fsType is explicitly set to a
supported filesystem: if it's set to "auto", the default, the required
resizing tools won't be copied into the initrd even if the actual
filesystem is supported.
2019-03-16 13:01:35 +01:00
Vladimír Čunát
3aecf21239
Merge #56922: nixos/knot: init basic service + tests 2019-03-16 09:17:15 +01:00
Silvan Mosberger
056b9d0085
Merge pull request #57633 from talyz/master
amazon-image.nix: Resolve failure to include resize2fs
2019-03-16 05:12:05 +01:00
aszlig
116bdc9f55
nixos/manual: Document PostgreSQL socket change
This is a backwards-incompatible change and while it won't probably
affect a whole lot of users, it makes sense to give them a heads-up
anyway.

Signed-off-by: aszlig <aszlig@nix.build>
2019-03-16 03:03:21 +01:00
Janne Heß
b0daedd371 nixos/icingaweb2: Replace most options with toINI 2019-03-15 20:35:29 +01:00
talyz
261372b69c amazon-image.nix: Resolve failure to include resize2fs
Since 34234dcb51, for resize2fs to be automatically included in
initrd, a filesystem needed for boot must be explicitly defined as an
ext* type filesystem.
2019-03-15 17:33:45 +01:00
Florian Jacob
3d8090458c nixos/mysql: expand tests to mariadb and ensureUsers / ensureDatabases 2019-03-15 16:32:36 +01:00
Florian Jacob
5bec5e8cb1 nixos/mysql: specify option types 2019-03-15 16:32:36 +01:00
Pascal Bach
a8307b9f39 nixos/overlayfs: add test 2019-03-15 15:15:32 +01:00
Silvan Mosberger
f8de52a2fe
Revert "nixos/nginx: support h2c" 2019-03-15 14:31:11 +01:00
Ryan Mulligan
4b6a41a939
Merge pull request #57077 from callahad/brother-dsseries
dsseries: init at 1.0.5-1
2019-03-14 21:17:31 -07:00
Aaron Janse
0258cff887
nixos/manual: reword note in declarative packages section 2019-03-14 21:11:27 -07:00
aszlig
ef553788d0
postgresql: Move socket dir to /run/postgresql
The default, which is /tmp, has a few issues associated with it:

One being that it makes it easy for users on the system to spoof a
PostgreSQL server if it's not running, causing applications to connect
to their provided sockets instead of just failing to connect.

Another one is that it makes sandboxing of PostgreSQL and other services
unnecessarily difficult. This is already the case if only PrivateTmp is
used in a systemd service, so in order for such a service to be able to
connect to PostgreSQL, a bind mount needs to be done from /tmp to some
other path, so the service can access it. This pretty much defeats the
whole purpose of PrivateTmp.

We regularily run into issues with this in the past already (one example
would be https://github.com/NixOS/nixpkgs/pull/24317) and with the new
systemd-confinement mode upcoming in
https://github.com/NixOS/nixpkgs/pull/57519, it makes it even more
tedious to sandbox services.

I've tested this change against all the postgresql NixOS VM tests and
they still succeed and I also grepped through the source tree to replace
other occasions where we might have /tmp hardcoded. Luckily there were
very few occasions.

Signed-off-by: aszlig <aszlig@nix.build>
Cc: @ocharles, @thoughtpolice, @danbst
2019-03-15 04:52:35 +01:00