Commit Graph

11862 Commits

Author SHA1 Message Date
Frederik Rietdijk
a06b90a7dc lapp: change postgresql version, fixes metrics 2018-12-19 10:04:00 +01:00
Frederik Rietdijk
9ab61ab8e2 Merge staging-next into staging 2018-12-19 09:00:36 +01:00
Maximilian Bosch
6c6341335b
nixos/test-driver: fix wording in error message about invalid node names
Since 113a6b9325 the test driver
explicitly ensures if the node names won't break the resulting Perl
script at runtime. This slightly improves the correctness of the error
message.
2018-12-18 23:46:54 +01:00
Maximilian Bosch
83fe20e57f
Merge pull request #52485 from pablode/master
nixos/oh-my-zsh: fix wrong manual information
2018-12-18 23:18:27 +01:00
Sander van der Burg
8122431953 Fix adb program module 2018-12-18 21:16:07 +01:00
volth
fed7914539
Merge branch 'staging' into make-perl-pathd 2018-12-18 17:13:27 +00:00
Pablo Delgado Krämer
685c4f5608 nixos/oh-my-zsh: fix wrong manual information
Manual still refers to 'programs.ohMyZsh' although it should be 'programs.zsh.ohMyZsh'.
2018-12-18 14:31:35 +01:00
Jörg Thalheim
f2180a5367
Merge pull request #52458 from tadfisher/emacs-bash-prompt
nixos/bash: Fix prompt regression in Emacs term mode
2018-12-18 09:19:48 +00:00
markuskowa
5289fcc422
Merge pull request #47297 from greydot/bladerf
Introduce hardware/bladeRF module
2018-12-18 09:29:32 +01:00
Lana Black
7112cd8822 nixos/hardware/bladeRF: init at 2.0.2
This allows to easily enable bladerf-related udev rules with nixos
configuration.
2018-12-18 08:11:18 +00:00
Franz Pletz
670c5ac8ef
Merge pull request #46806 from Ma27/disallow-dash-separators-in-machine-declarations
nixos/testing: disallow special chars in machine names in network expressions
2018-12-18 01:03:34 +00:00
Maximilian Bosch
113a6b9325
nixos/testing: disallow special chars in machine names in network expressions
These names are referenced by Perl variables inside the testing
frameworks which don't allow chars like `-` as character inside. An exemplary
expression may look like this:

```
{
  x11-vm = {
    services.xserver.enable = true;
  };
}
```

This expression evaluates, e.g. when running `nixos-build-vms`, but when
trying to run `./result/bin/nixos-run-vms`, an error like this occurs:

```
starting VDE switch for network 1
running the VM test script
error: Can't modify subtraction (-) in scalar assignment at (eval 17) line 1, at EOF
Bareword "test" not allowed while "strict subs" in use at (eval 17) line 1.
Can't modify subtraction (-) in scalar assignment at (eval 17) line 1, at EOF
Bareword "test" not allowed while "strict subs" in use at (eval 17) line 1.
vde_switch: EOF on stdin, cleaning up and exiting
cleaning up
```

This can be very confusing for beginners, this change breaks evaluation
if such names are used for machines.
2018-12-18 01:58:56 +01:00
Samuel Dionne-Riel
321d48d5db
Merge pull request #51397 from samueldr/feature/aarch64-uefi
installer: Adds AArch64 UEFI installer support. (Work towards SBBR and EBBR support)
2018-12-17 18:56:57 -05:00
Tad Fisher
b4b67177b5 nixos/bash: Fix prompt regression in Emacs term mode 2018-12-17 15:42:41 -08:00
Michael Peyton Jones
f64bc036a5
nixos: add XDG sounds module 2018-12-18 00:32:13 +01:00
Jan Tojnar
aacb244889
Merge pull request #51520 from michaelpj/imp/appstream
nixos: add AppStream module
2018-12-18 00:27:23 +01:00
Franz Pletz
58db4c1a7e
Revert "nixos/tests: add clamav test"
This reverts commit 6433f3b13b.

Fixes #52446.
2018-12-17 19:24:44 +01:00
Silvan Mosberger
9673380261
Merge pull request #52168 from cdepillabout/add-bluezFull-package
Add bluez full package
2018-12-17 03:01:49 +01:00
Satoshi Shishiku
5a93f6149a
prosody service: set cafile
Fix s2s_secure_auth.
2018-12-17 01:01:41 +01:00
Jan Tojnar
aead6e12f9
Merge remote-tracking branch 'upstream/master' into staging 2018-12-16 22:55:06 +01:00
Florian Klink
a9eae44ee5 gitlab: run test with 4096 bits if on 64bit, else the the maximum for 32bit 2018-12-16 19:47:35 +01:00
Franz Pletz
6433f3b13b
nixos/tests: add clamav test 2018-12-16 19:04:07 +01:00
Florian Klink
91c65721f7 owncloud: remove server
pkgs.owncloud still pointed to owncloud 7.0.15 (from May 13 2016)

Last owncloud server update in nixpkgs was in Jun 2016.
At the same time Nextcloud forked away from it, indicating users
switched over to that.

cc @matej (original maintainer)
2018-12-16 15:05:53 +01:00
Florian Klink
50500219af apache-httpd/limesurvey.nix: fix copypasta from owncloud 2018-12-16 15:05:53 +01:00
Johan Thomsen
d2048b0d7e nixos/kubernetes: don't enable all alpha feature gates for the test cases 2018-12-16 13:41:48 +01:00
Florian Klink
34d45007e2
Merge pull request #51053 from Ma27/draft-nextcloud-module-docs
nixos/nextcloud: add basic module documentation and warn about current upgrading issues
2018-12-16 12:16:47 +01:00
Rickard Nilsson
b20fcce195 nixos/nm-setup-hostsdir: RemainAfterExist -> RemainAfterExit 2018-12-15 08:33:28 +01:00
(cdep)illabout
9039cc3f28
Add explanation of using the bluezFull package in nixos documentation. 2018-12-15 14:49:41 +09:00
volth
bb9557eb7c lib.makePerlPath -> perlPackages.makePerlPath 2018-12-15 03:50:31 +00:00
Florian Klink
da6a3271bb
Merge pull request #51624 from dasJ/slapd-log
nixos/openldap: Support configuring the log level
2018-12-14 11:12:43 +01:00
Elis Hirwing
6fa51fe5cf
nixos/lightdm: Fix spelling of option in docs 2018-12-13 22:26:12 +01:00
Elis Hirwing
c974813b92
nixos/sddm: Fix spelling of option in docs 2018-12-13 22:25:19 +01:00
Bas van Dijk
5d970e740e pythonPackages.elasticsearch-curator: 5.5.4 -> 5.6.0 2018-12-13 20:58:58 +01:00
Janne Heß
3c54d6b2f8 nixos/openldap: Support configuring the log level 2018-12-13 15:14:59 +01:00
Renaud
562b7a7702
Merge pull request #51922 from hedning/fix-xmonad-test
nixos/tests/xmonad: fix terminal title
2018-12-13 14:02:23 +01:00
Sarah Brofeldt
7a57774158
Merge pull request #51938 from johanot/nixos-kubernetes-test-fix
nixos/kubernetes: fix import path of default nixpkgs
2018-12-13 13:05:25 +01:00
Samuel Dionne-Riel
ad27b068d7 installer: Adds AArch64 UEFI installer support. 2018-12-12 19:26:34 -05:00
Jörg Thalheim
5feba458a2
Merge pull request #50316 from arianvp/fix-dynamic-user
Disable nscd caching
2018-12-12 23:18:09 +00:00
Tor Hedin Brønner
d776b224da nixos/tests/xmonad: fix terminal title
bash now sets a different title.
2018-12-12 21:30:47 +01:00
Johan Thomsen
1a00b86334 nixos/kubernetes: fix import path of default nixpkgs 2018-12-12 21:30:32 +01:00
Svein Ove Aas
4e5b365644
nvidia: Improve assertion documentation 2018-12-12 15:25:39 +00:00
Arian van Putten
1d5f4cbb78 nixos/nscd: Add a descriptive comment to the nscd configuration 2018-12-12 15:35:46 +01:00
Arian van Putten
ef6ed03e2f nixos/nscd: Address doc feedback 2018-12-12 15:35:40 +01:00
Arian van Putten
a74619c1ae nixos/nscd: also add netgroup to the config
It was the last database that wasn't listed.
2018-12-12 15:35:40 +01:00
Arian van Putten
de76c16f9c nixos/nscd: Merge nscd and sssd-nscd config 2018-12-12 15:35:40 +01:00
Arian van Putten
335b41b3fb nixos/nscd: Add release note entry about nscd changes 2018-12-12 15:35:40 +01:00
Arian van Putten
99d3279952 nixos/nscd: Disable negative caching of hosts
Hopefully fixes #50290
2018-12-12 15:35:40 +01:00
Arian van Putten
e712417936 nixos/nscd: Disable caching of group and passwd
Systemd provides an option for allocating DynamicUsers
which we want to use in NixOS to harden service configuration.
However, we discovered that the user wasn't allocated properly
for services. After some digging this turned out to be, of course,
a cache inconsistency problem.

When a DynamicUser creation is performed, Systemd check beforehand
whether the requested user already exists statically. If it does,
it bails out. If it doesn't, systemd continues with allocating the
user.

However, by checking whether the user exists,  nscd will store
the fact that the user does not exist in it's negative cache.
When the service tries to lookup what user is associated to its
uid (By calling whoami, for example), it will try to consult
libnss_systemd.so However this will read from the cache and tell
report that the user doesn't exist, and thus will return that
there is no user associated with the uid. It will continue
to do so for the cache duration time.  If the service
doesn't immediately looks up its username, this bug is not
triggered, as the cache will be invalidated around this time.
However, if the service is quick enough, it might end up
in a situation where it's incorrectly reported that the
user doesn't exist.

Preferably, we would not be using nscd at all. But we need to
use it because glibc reads  nss modules from /etc/nsswitch.conf
by looking relative to the global LD_LIBRARY_PATH.  Because LD_LIBRARY_PATH
is not set globally (as that would lead to impurities and ABI issues),
glibc will fail to find any nss modules.
Instead, as a hack, we start up nscd with LD_LIBRARY_PATH set
for only that service. Glibc will forward all nss syscalls to
nscd, which will then respect the LD_LIBRARY_PATH and only
read from locations specified in the NixOS config.
we can load nss modules in a pure fashion.

However, I think by accident, we just copied over the default
settings of nscd, which actually caches user and group lookups.
We already disable this when sssd is enabled, as this interferes
with the correct working of libnss_sss.so as it already
does its own caching of LDAP requests.
(See https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/deployment_guide/usingnscd-sssd)

Because nscd caching is now also interferring with libnss_systemd.so
and probably also with other nsss modules, lets just pre-emptively
disable caching for now for all options related to users and groups,
but keep it for caching hosts ans services lookups.

Note that we can not just put in /etc/nscd.conf:
enable-cache passwd no

As this will actually cause glibc to _not_ forward the call to nscd
at all, and thus never reach the nss modules. Instead we set
the negative and positive cache ttls  to 0 seconds as a workaround.
This way, Glibc will always forward requests to nscd, but results
will never be cached.

Fixes #50273
2018-12-12 15:35:40 +01:00
Arian van Putten
eb88005130 nixos/systemd: Add a regression test for #50273 2018-12-12 15:35:39 +01:00
Vladimír Čunát
ad3e9191d1
nixos/nvidia: improve the assertion again
/cc ac19d5e34 #51836.
2018-12-12 00:26:09 +01:00
Benjamin Staffin
1181d6153e
logind: make killUserProcesses an option (#51426)
Right now it's not at all obvious that one can override this option
using `services.logind.extraConfig`; we might as well add an option
for `killUserProcesses` directly so it's clear and documented.
2018-12-11 16:51:16 -05:00
Vladimír Čunát
ac19d5e34f
Merge #51836: nixos/nvidia: fix inverted assertion 2018-12-11 21:41:20 +01:00
Kai Wohlfahrt
337bc20e5f kerberos: Add tests/kerberos to release.nix 2018-12-11 13:33:10 +00:00
Kai Wohlfahrt
ade842f51a kerberos: move user binaries to default output
The intention of the previous change was to move krb5-config to .dev (it
gives the locations of headers), but it grabbed all of the user-facing
binaries too. This puts them back.
2018-12-11 13:33:10 +00:00
Kai Wohlfahrt
d752677b1b kerberos: explicitly install krb5Full.dev for tests
This contains all of the user binaries as of 13e6a5c.
2018-12-11 13:33:10 +00:00
Kai Wohlfahrt
f5b4918de4 kerberos_server: ensure only one realm configured
Leave options for multiple realms for similarity to krb5, and future
expansion. Currently not tested because I can't make it work and don't need
it.
2018-12-11 13:33:10 +00:00
Kai Wohlfahrt
4e4a599e7e kerberos_server: Keep ACL file in store
Could also move kdc.conf, but this makes it inconvenient to use command line
utilities with heimdal, as it would require specifying --config-file with every
command.
2018-12-11 13:33:10 +00:00
Kai Wohlfahrt
6cca9c0f9f kerberos-server: add kerberos option
Allow switching out kerberos server implementation.

Sharing config is probably sensible, but implementation is different enough to
be worth splitting into two files. Not sure this is the correct way to split an
implementation, but it works for now.

Uses the switch from config.krb5 to select implementation.
2018-12-11 13:33:10 +00:00
Kai Wohlfahrt
fe8f2b8813 kerberos-server: switch to ExecStart
script causes problems for forking services like MIT Kerberos.
2018-12-11 13:33:10 +00:00
Kai Wohlfahrt
4f9af77287 kerberos-server: cleanup of kerberos.nix
General cleanup before adding more options.
2018-12-11 13:33:10 +00:00
Kai Wohlfahrt
ee3bd730d4 kerberos-server: move kadmind to systemd
Don't use socket activation, as inetd is discouraged by heimdal documentation.
2018-12-11 13:33:10 +00:00
Kai Wohlfahrt
dfdd348206 kerberos-server: Fix sbin paths
tcpd doesn't have sbin anymore (so it was broken), and heimdal just symlinks to
bin.
2018-12-11 13:33:10 +00:00
Jappie Klooster
e576c3b385 doc: Fix insecure nginx docs (#51840) 2018-12-11 11:02:56 +00:00
markuskowa
9fba490258
Merge pull request #50862 from markuskowa/fix-slurm-module
nixos/slurm: set slurmd KillMode and add extraConfigPaths
2018-12-11 00:45:47 +01:00
Samuel Dionne-Riel
abcb25bd8d aerospike: Disables build on aarch64
The issue with its inclusion in the manual has been side-stepped by
matching on the platforms in supports.
2018-12-10 14:55:19 -05:00
Andrew Childs
f2332809fd nixos/nvidia: fix inverted assertion 2018-12-11 02:04:10 +09:00
Tor Hedin Brønner
59d1fb6151
Merge pull request #44497 from hedning/gnome-upstream-wayland
Add gnome wayland support
2018-12-10 16:53:27 +01:00
Tim Steinbach
97ad321e42
zsh-autosuggestions: Fix module for 0.5.0
The update for zsh-autosuggestions in #51752 broke the module.
This fix reflects the required changes.
2018-12-10 10:11:33 -05:00
Vladimír Čunát
3946d83a3c
nixos tests: disable kafka for now
They consistently fail since openjdk bump with some out-of-space errors.
That's not a problem by itself, but each test instance ties a build slot
for many hours and consequently they also delay channels as those wait
for all builds to finish.

Feel free to re-enable when fixed, of course.
2018-12-10 13:19:00 +01:00
Tor Hedin Brønner
75e223bf7a nixos/tests/gnome3-gdm: port to wayland
The test now runs wayland, which means we can no longer use X11 style testing.
Instead we get gnome shell to execute javascript through its dbus interface.
2018-12-10 10:36:25 +01:00
Tor Hedin Brønner
116c16d9e2 nixos/tests/gnome3: select X11 gnome shell explicitely
This isn't strictly necessary yet as LightDM doesn't read the wayland sessions,
but there's no harm in being explicit.
2018-12-10 10:36:25 +01:00
Tor Hedin Brønner
3c0e70402f nixos/displayManager: Note that sessionCommands aren't run on Wayland 2018-12-10 10:36:25 +01:00
Tor Hedin Brønner
cdd266c73b nixos/gnome3: Implement sessionPath through environment.extraInit
This will simply make the `sessionPath` more likely to work.
2018-12-10 10:36:25 +01:00
Tor Hedin Brønner
48a9a24910 nixos/sddm: Enable wayland-sessions
LightDM is unable to separate between `wayland-sessions/gnome.desktop` and
`xsessions/gnome.desktop` so I ommitted adding this to LightDM.
2018-12-10 10:36:24 +01:00
markuskowa
c362f98ba0
Merge pull request #51791 from dotlambda/borgbackup-1.1.8
borgbackup: 1.1.7 -> 1.1.8
2018-12-09 22:34:02 +01:00
Tor Hedin Brønner
80fdafb373 nixos/tests/gnome3: fix terminal title
The tests passes, but that's just because a race condition where the window is
titled `Terminal` long enough.
2018-12-09 19:27:06 +01:00
Tor Hedin Brønner
373be8207a nixos/tests/i3wm: fix terminal title
Probably due to #51678 which makes bash set the terminal title.
2018-12-09 18:29:51 +01:00
Robert Schütz
3cbf18f32b nixos/tests/borgbackup: test borg mount 2018-12-09 18:17:27 +01:00
Markus Kowalewski
8eee1ec2a9
tests/slurm: wait for open DBD port
This makes tests more reliable. It seems
that waitForUnit(slurmdbd.service) is not sufficient
on some systems.
2018-12-09 13:36:53 +01:00
Tor Hedin Brønner
9895ce24b4 nixos/displayManager: Install wayland sessions from extraSessionFilePackages 2018-12-09 11:04:42 +01:00
Yegor Timoshenko
5c685feca1
Merge pull request #51678 from NixOS/yegortimoshenko-patch-1
nixos/bash: set title in PS1
2018-12-08 21:35:05 +03:00
markuskowa
9a7ce7d69a
Merge pull request #51728 from ck3d/fix-lirc-runtime-owner-ship
nixos lirc: fix owner-ship of runtime directory
2018-12-08 18:08:14 +01:00
Jörg Thalheim
91a7848fe2
nixos/release-notes: mention removal of quassel-webserver 2018-12-08 16:31:28 +00:00
Jörg Thalheim
da4e257fce
Merge pull request #51670 from Mic92/quassel-webserver
quassel-webserver: remove
2018-12-08 16:26:45 +00:00
Frederik Rietdijk
3e950d584c Merge staging-next into master 2018-12-08 16:29:21 +01:00
markuskowa
86d80a7b78
Merge pull request #51583 from WilliButz/grafana-update
grafana: 5.3.4 -> 5.4.0
2018-12-08 15:42:15 +01:00
Renaud
53218d4a39
nixos/systemd-nspawn: accept all Exec and Files options
See: https://www.freedesktop.org/software/systemd/man/systemd.nspawn.html
Closes #49712
2018-12-08 14:41:37 +01:00
Christian Kögler
4bb55815be nixos lirc: fix owner-ship of runtime directory 2018-12-08 14:37:02 +01:00
Frederik Rietdijk
e0950ae9ad Merge master into staging-next 2018-12-08 12:40:13 +01:00
Graham Christensen
ca3f089a83
Merge pull request #51314 from Izorkin/mariadb-my.cnf
mariadb: change location configuration file to /etc/my.cnf
2018-12-07 15:37:53 -05:00
Yegor Timoshenko
d53077b20c
nixos/bash: set title in PS1 2018-12-07 22:42:55 +03:00
Jörg Thalheim
40c8969b4c
quassel-webserver: remove
Package is broken and the original maintainer does not respond.
Unless someone wants to pick it up, I propose the removal.

fixes #51614
2018-12-07 16:46:36 +00:00
Frederik Rietdijk
5f554279ec Merge master into staging-next 2018-12-07 15:22:35 +01:00
Renaud
0eb2f4b5f5
Merge pull request #50809 from sorki/wireguard_containers_wont_modprobe
wireguard: don't modprobe if boot.isContainer is set
2018-12-07 11:06:28 +01:00
lewo
f7e67be1dc
Merge pull request #51528 from grahamc/buildImage-on-layered-image
dockertools buildImage: support new-style image specs
2018-12-07 09:44:58 +01:00
aszlig
776f084cf1
nixos/tests: Fix wrong arch in runInMachine test
Since 83b27f60ce, the tests were moved
into all-tests.nix and some of the tooling has changed so that
subattributes of test expressions are now recursively evaluated until a
derivation with a .test attribute has been found.

Unfortunately this isn't the case for all of the tests and the
runInMachine doesn't use the makeTest function other tests are using but
instead uses runInMachine, which doesn't generate a .test attribute.

Whener a .test attribute wasn't found by the new handleTest function, it
recurses down again until there is no value left that is an attribute
set and subsequently returns its unchanged value. This however has the
drawback that instead of getting different attributes for each
architecture we only get the last architecture in the supportedSystems
list.

In the case of the release.nix, the last architecture in
supportedSystems is "aarch64-linux", so the runInMachine test is always
built on that architecture.

In order to work around this, I changed runInMachine to emit a .test
attribute so that it looks to handleTest like it was a test created via
makeTest.

Signed-off-by: aszlig <aszlig@nix.build>
2018-12-07 05:56:53 +01:00
Peter Hoeg
728aaf4af6
Merge pull request #51622 from dotlambda/home-assistant-0.83
home-assistant: 0.82.1 -> 0.83.3
2018-12-07 09:24:16 +08:00
Samuel Dionne-Riel
70488665fa
Merge pull request #51207 from samueldr/fix/sd-image-slimming
sd-image: Slims the ext4 filesystem even more.
2018-12-06 23:35:09 +00:00
Robert Schütz
b63bb15612 home-assistant: 0.82.1 -> 0.83.3 2018-12-06 14:59:27 +01:00
eburimu
f17dd04f12 extlinux-conf: fix cross compilation 2018-12-06 03:42:02 +03:00
WilliButz
60eff0eecb
nixos/grafana: use new default for connMaxLifetime 2018-12-05 20:49:45 +01:00
Graham Christensen
c88337c9ac
dockerTools.buildImage: support using a layered image in fromImage
Docker images used to be, essentially, a linked list of layers. Each
layer would have a tarball and a json document pointing to its parent,
and the image pointed to the top layer:

    imageA  ----> layerA
                    |
                    v
                  layerB
                    |
                    v
                  layerC

The current image spec changed this format to where the Image defined
the order and set of layers:

    imageA  ---> layerA
            |--> layerB
            `--> layerC

For backwards compatibility, docker produces images which follow both
specs: layers point to parents, and images also point to the entire
list:

    imageA  ---> layerA
            |      |
            |      v
            |--> layerB
            |      |
            |      v
            `--> layerC

This is nice for tooling which supported the older version and never
updated to support the newer format.

Our `buildImage` code only supported the old version, so in order for
`buildImage` to properly generate an image based on another image
with `fromImage`, the parent image's layers must fully support the old
mechanism.

This is not a problem in general, but is a problem with
`buildLayeredImage`.

`buildLayeredImage` creates images with newer image spec, because
individual store paths don't have a guaranteed parent layer. Including
a specific parent ID in the layer's json makes the output less likely
to cache hit when published or pulled.

This means until now, `buildLayeredImage` could not be the input to
`buildImage`.

The changes in this PR change `buildImage` to only use the layer's
manifest when locating parent IDs. This does break buildImage on
extremely old Docker images, though I do wonder how many of these
exist.

This work has been sponsored by Target.
2018-12-05 14:25:54 -05:00
Jean-Philippe Braun
691932bba6 cassandra: add option to configure logging
As cassandra start script hardcodes the location of logback
configuration to `CASSANDRA_CONF_DIR/logback.xml` there is no way to
pass an alternate file via `$JVM_OPTS` for example.

Also, without logback configuration DEBUG level is used which is not
necessary for standard usage.

With this commit a default logback configuration is set with log level
INFO.

Configuration borrowed from:
https://docs.datastax.com/en/cassandra/3.0/cassandra/configuration/configLoggingLevels.html
2018-12-05 15:17:37 +01:00
Pierre Bourdon
3873f43fc3 prometheus/exporters: fix regression in DynamicUser behavior
Instead of setting User/Group only when DynamicUser is disabled, the
previous version of the code set it only when it was enabled. This
caused services with DynamicUser enabled to actually run as nobody, and
services without DynamicUser enabled to run as root.

Regression from fbb7e0c82f.
2018-12-05 11:26:38 +01:00
Pierre Bourdon
199b4c4743 prometheus/exporters/tor: make CPython happy by defining $HOME 2018-12-05 11:26:38 +01:00
Florian Klink
5c82aa8854 pkgsi686Linux.nixosTests.gitlab: fix 32 bit tests
GitLab 11.5.1 dropped the dependency to posix_spawn, which is broken on
32bit. (See https://gitlab.com/gitlab-org/gitlab-ce/issues/53525)

The only part missing is decreasing virtualisation.memorySize to
something that a 32 bit qemu still executes.

The maximum seems to be 2047, and tests passed with that value for me.
2018-12-05 10:47:18 +01:00
Austin Seipp
2a22554092 nixos/cockroachdb: simplify dataDir management, tweaks
This cleans up the CockroachDB expression, with a few suggestions from
@aszlig.

However, it brought up the note of using systemd's StateDirectory=
directive, which is a nice feature for managing long-term data files,
especially for UID/GID assigned services. However, it can only manage
directories under /var/lib (for global services), so it has to introduce
a special path to make use of it at all in the case someone wants a path
at a different root.

While the dataDir directive at the NixOS level is _occasionally_ useful,
I've gone ahead and removed it for now, as this expression is so new,
and it makes the expression cleaner, while other kinks can be worked out
and people can test drive it.

CockroachDB's dataDir directive, instead, has been replaced with
systemd's StateDirectory management to place the data under
/var/lib/cockroachdb for all uses.

There's an included RequiresMountsFor= clause like usual though, so if
people want dependencies for any kind of mounted device at boot
time/before database startup, it's easy to specify using their own
mount/filesystems clause.

This can also be reverted if necessary, but, we can see if anyone ever
actually wants that later on before doing it -- it's a backwards
compatible change, anyway.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2018-12-04 19:44:16 -06:00
Florian Klink
0834e98ece
Merge pull request #51393 from arianvp/container-names
nixos/containers: Add assertion for container name length
2018-12-05 01:25:16 +01:00
Tim Steinbach
16f42b3694 kafka: Add 2.1 2018-12-05 00:06:07 +00:00
Tim Steinbach
7c5d43f4f5 kafka: Add test for 2.0 2018-12-05 00:06:07 +00:00
Michael Peyton Jones
656b74f021
nixos: add AppStream module 2018-12-04 20:26:25 +00:00
Jörg Thalheim
7dbb64aca4
Merge pull request #51493 from marsam/feature/docs-remove-nix-repl-references
docs: Remove nix-repl references
2018-12-04 10:53:09 +00:00
Renaud
68b17ada12
Merge pull request #51475 from redvers/update/mediawiki
mediawiki: 1.29.1 -> 1.31.1
2018-12-04 08:06:57 +01:00
Mario Rodas
f1dd6faaaa
docs: Remove nix-repl references
nix-repl has been deprecated
2018-12-03 21:37:54 -05:00
Jörg Thalheim
958d8e625e
Merge pull request #49392 from uvNikita/nixos/containers/veths
nixos/containers: don't create veths if not configured
2018-12-03 23:44:50 +00:00
Red Davies
4173b845ca mediawiki: 1.29.1 -> 1.31.1
1.29.1 is out of support and has security vulnerabilities. 1.31.1 is current LTS.
2018-12-03 21:04:08 +00:00
Bjørn Forsman
bb94d419fb nixos/jenkins-job-builder: add accessTokenFile option
The new option allows storing the secret access token outside the world
readable Nix store.
2018-12-03 17:07:29 +01:00
Bjørn Forsman
8ebfd5c45c nixos/jenkins-job-builder: stop reloadScript on error
Currently there are two calls to curl in the reloadScript, neither which
check for errors. If something is misconfigured (like wrong authToken),
the only trace that something wrong happened is this log message:

  Asking Jenkins to reload config
  <h1>Bad Message 400</h1><pre>reason: Illegal character VCHAR='<'</pre>

The service isn't marked as failed, so it's easy to miss.

Fix it by passing --fail to curl.

While at it:
* Add $curl_opts and $jenkins_url variables to keep the curl command
  lines DRY.
* Add --show-error to curl to show short error message explanation when
  things go wrong (like HTTP 401 error).
* Lower-case the $CRUMB variable as upper case is for exported environment
  variables.

The new behaviour, when having wrong accessToken:

  Asking Jenkins to reload config
  curl: (22) The requested URL returned error: 401

And the service is clearly marked as failed in `systemctl --failed`.
2018-12-03 17:07:29 +01:00
Frederik Rietdijk
a510aa2672 Merge master into staging-next 2018-12-03 12:18:43 +01:00
Piotr Bogdan
9ca3414e05 nixos/cockroachdb: supply defaultText for the package option 2018-12-02 20:50:57 -06:00
Austin Seipp
4594b18070 nixos/chrony: fix misplaced ConditionCapability= directive
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2018-12-02 20:32:47 -06:00
Michael Weiss
fa5b8f82c5
Merge pull request #51316 from primeos/sway
nixos/sway-beta: Improve the wrapper
2018-12-02 22:03:31 +01:00
Izorkin
953be3e283 mariadb: change location configuration file to /etc/my.cnf 2018-12-02 22:15:02 +03:00
Silvan Mosberger
4afae70e2b
Merge pull request #48423 from charles-dyfis-net/bees
bees: init at 0.6.1; nixos/modules: services.bees init
2018-12-02 18:38:47 +01:00
Jörg Thalheim
50071c4475
Revert "nixos/luksroot: Check whether the device already exists"
This reverts commit 9cd4ce98bf.

This might be broken for some people: https://github.com/NixOS/nixpkgs/pull/50281#issuecomment-443516289
2018-12-02 17:27:35 +00:00
markuskowa
506d4c7e44
Merge pull request #51329 from c0bw3b/cleanup/gnu-https
Favor HTTPS URLs - the GNU edition
2018-12-02 16:52:33 +01:00
c0bw3b
0498ccd076 Treewide: use HTTPS on GNU domains
HTTP -> HTTPS for :
- http://gnu.org/
- http://www.gnu.org/
- http://elpa.gnu.org/
- http://lists.gnu.org/
- http://gcc.gnu.org/
- http://ftp.gnu.org/ (except in fetchurl mirrors)
- http://bugs.gnu.org/
2018-12-02 15:51:59 +01:00
Arian van Putten
bf102825ef nixos/containers: Add assertion for container name length
When privateNetwork is enabled, currently the container's interface name
is derived from the container name. However, there's a hard limit
on the size of interface names. To avoid conflicts and other issues,
we set a limit on the container name when privateNetwork is enabled.

Fixes #38509
2018-12-02 15:26:39 +01:00
Bas van Dijk
7035598251
Merge pull request #51225 from LumiGuide/elk-6.5.1
elk: 6.3.2 -> 6.5.1
2018-12-02 14:44:47 +01:00
Jörg Thalheim
31f67bed5b
Merge pull request #51379 from Gerschtli/add/programs-nm-applet
nixos/nm-applet: add nm-applet program
2018-12-02 11:49:45 +00:00
Jan Tojnar
a51a99c690
gobject-introspection: rename package
camelCase package name was a huge inconsistency in GNOME package set.
2018-12-02 12:42:29 +01:00
Jörg Thalheim
b3662053b3
nixos/nm-applet: make the module smaller
more readable imho
2018-12-02 11:38:47 +00:00
Tobias Happ
95cbb71abe nixos/nm-applet: add nm-applet program 2018-12-02 12:18:47 +01:00
John Boehr
4226ddc034 nixos/cockroachdb: create new service
This also includes a full end-to-end CockroachDB clustering test to
ensure everything basically works. However, this test is not currently
enabled by default, though it can be run manually. See the included
comments in the test for more information.

Closes #51306. Closes #38665.

Co-authored-by: Austin Seipp <aseipp@pobox.com>
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2018-12-01 19:07:49 -06:00
Janne Heß
9cd4ce98bf nixos/luksroot: Check whether the device already exists
The new reuse behaviour is cool and really useful but it breaks one of
my use cases. When using kexec, I have a script which will unlock the
disks in my initrd. However, do_open_passphrase will fail if the disk is
already unlocked.
2018-12-01 23:42:51 +01:00
Renaud
947be9e992
Merge pull request #51199 from samueldr/fix/iso-image-fat32
iso-image: Verifies the FAT partition at build.
2018-12-01 16:14:55 +01:00
Michael Weiss
062602d81e nixos/sway-beta: Improve the wrapper
According to the dbus-launch documentation [0] "--exit-with-session"
shouldn't be used: "This option is not recommended, since it will
consume input from the terminal where it was started; it is mainly
provided for backwards compatibility." And it also states: "To start a
D-Bus session within a text-mode session, do not use dbus-launch.
Instead, see dbus-run-session(1)."

The new wrapper also avoids starting an additional D-Bus session if
DBUS_SESSION_BUS_ADDRESS is already set.

Fix #51303.

[0]: https://dbus.freedesktop.org/doc/dbus-launch.1.html
[1]: https://dbus.freedesktop.org/doc/dbus-run-session.1.html
2018-12-01 15:15:27 +01:00
Bas van Dijk
fbf0efc6a7 elk: 6.3.2 -> 6.5.1 2018-12-01 12:47:12 +01:00
Austin Seipp
ee14496ae2 nixos/dhcpcd: (try to) restart chrony in the exitHook
As the comment notes, restarts/exits of dhcpcd generally require
restarting the NTP service since, if name resolution fails for a pool of
servers, the service might break itself. To be on the safe side, try
restarting Chrony in these instances, too.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2018-11-30 18:50:33 -06:00
Austin Seipp
7b8d9700e1 nixos/chrony: don't emit initstepslew when servers is empty
Setting the server list to be empty is useful e.g. for hardware-only
or virtualized reference clocks that are passed through to the system
directly. In this case, initstepslew has no effect, so don't emit it.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2018-11-30 18:50:32 -06:00
Samuel Dionne-Riel
61bdaad9a9 sd-image: Slims the ext4 filesystem even more.
This is to try and squeeze more lost space from the image, so that hydra
starts building it again.

The fsck previous to the resize2fs is required so resize2fs works.

The one afterwards is a sanity check.

Using `-M` from resize2fs will not give much saved space due to a known
(in the manual) issue.

```
[samueldr@aarch64:~/nixpkgs]$ ls -lh result-*/*/*.img
-r--r--r-- 1 root root 2.2G Jan  1  1970 result-original/sd-image/nixos-sd-image-18.09.git.a7fd431-aarch64-linux.img
-r--r--r-- 1 root root 2.1G Jan  1  1970 result-M/sd-image/nixos-sd-image-18.09.git.a7fd431-aarch64-linux.img
-r--r--r-- 1 root root 1.9G Jan  1  1970 result-slimmed/sd-image/nixos-sd-image-18.09.git.a7fd431-aarch64-linux.img
```

```
[samueldr@aarch64:~/nixpkgs]$ nix path-info -S ./result-original
/nix/store/c8k9n78gylx293rjh762fr05a069kxp2-nixos-sd-image-18.09.git.a7fd431-aarch64-linux.img   3844125000

[samueldr@aarch64:~/nixpkgs]$ nix path-info -S ./result-slimmed
/nix/store/962238skj5mnzhrsmjy23dyzmxk77sp4-nixos-sd-image-18.09.git.a7fd431-aarch64-linux.img   3447473208
```
2018-11-30 19:11:49 -05:00
Jan Tojnar
e02516db75
nixos/gnome3: enable remote desktop on wayland 2018-11-30 21:35:21 +01:00
Jan Tojnar
d359635ab4
gnome3.gnome-remote-desktop: init at 0.1.6 2018-11-30 21:35:21 +01:00
Tor Hedin Brønner
2c8565a3ce
nixos/gdm: use XDG_DATA_DIRS to find sessions
Gdm now searches for session files in XDG_DATA_DIRS so we no longer need the
sessions_dir.patch.
2018-11-30 21:34:47 +01:00
Edmund Wu
ea1be31262
nvidia: expose nvidia_x11_legacy390 2018-11-30 13:58:22 -05:00
Robert Schütz
74e283403c
nixos/borgbackup: allow paths to be empty or relative (#51275)
This former necessary in order to exclusively use `--pattern` or `--patterns-from`.
Fixes #51267.
2018-11-30 17:37:50 +01:00
Florian Klink
aa490a543e
Merge pull request #48049 from Vskilet/roundcube-module
nixos/roundcube: add roundcube module
2018-11-30 13:29:00 +01:00
Charles Duffy
f50bfe267a
nixos.tests.bees: init 2018-11-29 20:27:47 -06:00
Charles Duffy
86db2f394c
nixos/modules: services.bees init 2018-11-29 20:27:45 -06:00
Florian Klink
43762227f8
Merge pull request #49385 from krav/gitlab-shell-authorized-keys
gitlab-shell: 8.3.3->8.4.1, fix hardcoded paths
2018-11-29 21:18:08 +01:00