Commit Graph

4636 Commits

Author SHA1 Message Date
Wout Mertens
db8401f603 Merge pull request #17100 from abbradar/resume-delay
nixos stage-1: wait for resume devices to appear
2016-08-08 11:34:38 +02:00
Nikolay Amiantov
1e8894f085 unity3d: use chromium-suid-sandbox 2016-08-08 10:49:00 +03:00
Nikolay Amiantov
b2413e48ae chromium-suid-sandbox module: fix description 2016-08-08 10:17:31 +03:00
Al Zohali
2aba1c4962 phpfpm service: restructured pool configuration
From @fpletz: Keep poolConfigs option for backwards-compatibility.

The original commit 6b3f5b5a42 was previously
reverted by c7860cae1a but the issues were
resolved.
2016-08-08 05:53:53 +02:00
Nikolay Amiantov
986a40421a nixos stage-1: wait for devices during resumption attempt
Also a microimprovement -- use `test -n` instead of `test -e`
since we have already checked that the file exists.
2016-08-08 01:35:43 +03:00
Nikolay Amiantov
3ae468e835 nixos stage-1: move resumption below helper functions' definitions 2016-08-08 01:34:23 +03:00
Nikolay Amiantov
59aa3bb5c8 nixos stage-1: factor device waiting into a function 2016-08-08 01:32:18 +03:00
Rok Garbas
a741978f20 Merge pull request #17479 from elitak/factorio
Factorio: 0.13.8 -> 0.13.13, mod support
2016-08-07 04:09:52 +02:00
Paul Hendry
486b8e7f5c Add Terraria server service (#16832) 2016-08-07 03:58:38 +02:00
jokogr
adeab67bd8 syncthing service: add syncthing-inotify (#17320) 2016-08-06 17:20:18 +02:00
obadz
66d5edf654 chromium: add nixos module security.chromiumSuidSandbox
Closes #17460

Changed the wrapper derivation to produce a second output containing the sandbox.
Add a launch wrapper to try and locate the sandbox (either in /var/setuid-wrappers or in /nix/store).
This launch wrapper also sheds libredirect.so from LD_PRELOAD as Chromium does not tolerate it.

Does not trigger a Chromium rebuild.

cc @cleverca22 @joachifm @jasom
2016-08-06 10:27:47 +01:00
Gabriel Ebner
22088b4b25 nixos/x11: make nvidia driver work again
The nvidia driver module directly sets the services.xserver.drivers
option, while still having nvidia/nvidiaBeta/... etc. in the
videoDrivers option.
2016-08-06 07:26:25 +02:00
Robin Gloster
f4e1041e31 Merge pull request #17503 from peterhoeg/ssh
ssh module: ignore exit code when socket activated
2016-08-05 19:58:06 +02:00
Joachim F
f044035a9e Merge pull request #17470 from layus/synaptics-conflict
Warn for conflict between synaptics and libinput
2016-08-05 19:26:07 +02:00
Gabriel Ebner
5e6ac5fcf3 nixos/x11: output sections for modesetting driver
See #17487.
2016-08-05 18:31:04 +02:00
Joachim F
632f9060f1 Merge pull request #17363 from MatrixAI/zsh-helpdir
zsh: Added HELPDIR variable for interactive shells
2016-08-05 16:45:28 +02:00
Franz Pletz
792f96fbc7 Merge pull request #17489 from mayflower/pkg/gitlab-8-10
gitlab: 8.5.12 -> 8.10.3, update module
2016-08-04 23:35:22 +02:00
Tuomas Tynkkynen
2ea72fa9c8 nixos/luksroot: Reference correct output of openssl 2016-08-04 23:12:39 +03:00
obadz
037d9c6cab nixos-install: add options --closure, --no-channel-copy, --no-root-passwd, and --no-bootloader
Closes #17236

nix-build -A tests.installer.simple '<nixos/release.nix>' succeeds ✓
2016-08-04 16:22:25 +01:00
Benno Fünfstück
3f3d18c017 Merge pull request #17218 from bennofs/fix-nixos-version
fix nixos-version --hash when building from git
2016-08-04 15:56:08 +02:00
Christian Kauhaus
ea7e705cd9 varnish: fix localstatedir for varnish* tools (#17508)
The varnish tools (varnishstat, varnishlog, ...) tried to load the VSM
file from a spurious var directory in the Nix store. Fix the default so
the tools "just work" when also keeping services.varnish.stateDir at the
default.

Notes:
- The tools use $localstatedir/$HOSTNAME so I've adapted the default for
  stateDir as well to contain hostName.
- Added postStop action to remove the localstatedir. There is no point
  in keeping it around when varnish does not run, as it regenerates it
  on startup anyway.

Fixes #7495
2016-08-04 15:25:23 +02:00
Peter Hoeg
c4cba0e51f ssh module: ignore exit code when socket activated
sshd will at times fail when exiting. When socket activated, this will
leave a number of sshd@ service instances in the failed state, so we
simply ignore the error code if we are running socket activated.

Recommended by upstream:
http://systemd-devel.freedesktop.narkive.com/d0eapMCG/socket-activated-sshd-service-showing-up-as-a-failure-when-the-client-connection-fails

Fixes: #3279
2016-08-04 16:47:44 +08:00
Damien Cassou
c5d9dc9cfa Merge pull request #17418 from DamienCassou/offlineimap-module-reporting
offlineimap's module: change UI to syslog
2016-08-04 08:33:20 +02:00
Franz Pletz
8a8971788c gitlab module: update documentation 2016-08-04 02:29:50 +02:00
Franz Pletz
d8fd06641a gitlab module: split up gitlab-runner script
The name gitlab-runner clashes with a component of Gitlab CI with the
same name and only confuses people. It's now called gitlab-bundle and
a convenience-script gitlab-rake for easier invocation of rake tasks
was added. This was the primary use case of gitlab-runner.
2016-08-04 02:29:45 +02:00
Franz Pletz
c39b6025d8 gitlab: 8.5.12 -> 8.10.3, update module
Fixes #14795.
2016-08-04 02:29:44 +02:00
Eric Litak
d33540734f factorio: rudimentary mod support for factorio's nixos module 2016-08-03 16:44:51 -07:00
Joachim F
772a7bb49b Merge pull request #17425 from joachifm/grsec-efi
grsecurity module: disable EFI runtime services by default
2016-08-03 10:48:25 +02:00
Guillaume Maudoux
0f0be5e498 Warn for conflict between synaptics and libinput 2016-08-03 08:15:18 +02:00
Rodney Lorrimar
6711e62d51 nixos manual: add Emacs section (fixes #13217)
In light of Emacs packaging improvements such as those mentioned
in #11503, and with the addition of a systemd service (#15807
and #16356), and considering that the wiki page is completely
out of date (#13217), it seems that some documentation is in order.
2016-08-02 11:17:52 +01:00
Joachim Fasting
43fc394a5c
grsecurity module: disable EFI runtime services by default
Enabling EFI runtime services provides a venue for injecting code into
the kernel.

When grsecurity is enabled, we close this by default by disabling access
to EFI runtime services.  The upshot of this is that
/sys/firmware/efi/efivars will be unavailable by default (and attempts
to mount it will fail).

This is not strictly a grsecurity related option, it could be made into
a general option, but it seems to be of particular interest to
grsecurity users (for non-grsecurity users, there are other, more
immediate kernel injection attack dangers to contend with anyway).
2016-08-02 10:24:49 +02:00
Joachim Fasting
79ac02ed64
dnscrypt-proxy service: update resolver list 2016-08-02 09:36:22 +02:00
Franz Pletz
c90a43f4c5 nginx module: fix evaluation of root location option 2016-08-01 19:38:10 +02:00
Joachim Fasting
d1572d06fe
grsecurity module: correct internal note 2016-08-01 16:27:14 +02:00
Rok Garbas
34237beca6 Merge pull request #15862 from mayflower/nginx-module
Declarative nginx module with ACME support
2016-08-01 13:10:06 +02:00
Joachim Fasting
c91d07b668
dnscrypt-proxy module: types.string should be types.str 2016-08-01 12:55:42 +02:00
Eric Sagnes
c7bd26e537 version module: refactor with fileContents 2016-08-01 18:40:36 +09:00
Eelco Dolstra
83eb49220b Manual: Only include the release number (e.g. 16.03)
This prevents gratuitous rebuilds of the manual every time the Git
revision changes.

Should help a bit with #17261.
2016-08-01 11:10:21 +02:00
Eelco Dolstra
2a05368ff3 Remove $NIXOS_LABEL and $NIXOS_VERSION
Relying on environment variables to override configuration options is
ugly, and there is no reason for them.
2016-08-01 11:10:02 +02:00
Damien Cassou
19af5b444e offlineimap's module: change UI to syslog
The 'syslog' UI "allows better integration with systemd":
http://www.offlineimap.org/doc/Changelog.html#offlineimap-v660-rc2-2015-10-15
2016-08-01 09:37:53 +02:00
Franz Pletz
d7f7ef4c21 Merge pull request #15496 from kampfschlaefer/containers_more_veth_interfaces
Declarative containers: more veth interfaces
2016-07-31 19:13:59 +02:00
Langston Barrett
a28273df32 mopidy service: add default value for configuration (#17385)
Mopidy will start if the configuration is empty.

Fixes #17381.
2016-07-31 18:35:09 +02:00
Franz Pletz
76b21b7adb nixos/firewall: Refactor rpfilter, allow DHCPv4 (#17325)
Adds a new chain in the raw table for reverse path filtering and optional
logging. A rule to allow serving DHCPv4 was also added as it is commonly
needed and poses no security risk even when no DHCPv4 server is running.

Fixes #10101.
2016-07-31 13:49:24 +02:00
Profpatsch
8a6047a525 nixos/pulseaudio: increase service restart time
Pulseaudio doesn’t like being restarted too quickly.
2016-07-30 23:42:54 +02:00
Profpatsch
5074a79937 nixos/pulseaudio: tcp streaming & zeroconf
Adds options for tcp streaming and avahi zeroconf support (so that the
server can be easily found by clients).
There is also an option to allow anonymous clients to stream to the
server (by default pulseaudio uses a cookie mechanism, see manpage).
2016-07-30 23:42:54 +02:00
Thomas Tuegel
d5bec1a145 kde5: rename extra-cmake-modules variants
Instead of one package `extra-cmake-modules`, there is now `ecm` and
`ecmNoHooks`. The latter is used when one does not want to incur a Qt 5
dependency; it is also available as a top-level package
`extra-cmake-modules`.
2016-07-30 14:06:43 -05:00
Gabriel Ebner
07fc65289a nixos/x11: remove unneccessary special cases 2016-07-30 17:03:16 +02:00
Gabriel Ebner
5c9309c231 xorg.xorgserver: enable glamor support 2016-07-30 13:37:51 +02:00
Thomas Tuegel
3dea00d90e nixos/kde: phonon moved to qt5 2016-07-29 10:29:15 -05:00
Rob Vermaas
9494b764d2 dd-agent: support jmx, needs a separate daemon nowadays.
(cherry picked from commit 1425a1f964)
2016-07-29 12:42:07 +00:00