Nikolay Amiantov
9a11dda5fd
nfsd service: don't run exportfs
...
It's run by service already.
2017-02-05 03:17:38 +03:00
Nikolay Amiantov
5b043ea361
nfs service: create state directories
2017-02-05 03:17:38 +03:00
Vladimír Čunát
a2c867fd39
Merge branch 'staging'
2017-02-04 21:02:46 +01:00
Hannu Hartikainen
d91b39b3f9
illum: init at 0.4
2017-02-04 20:22:51 +02:00
Joachim F
17cc22a619
Merge pull request #22225 from bachp/glusterfs-service
...
glusterfs: add service
2017-02-04 15:15:39 +01:00
laMudri
7c27554033
xfce: make xfwm optional
2017-02-04 11:55:01 +00:00
Tim Jaeger
83241c091d
gogs: fix error on push
...
Pushing to gogs only works if the `gogs` user's shell is `bash`. For error and
solution, refer to [this SO thread](http://stackoverflow.com/a/22315659 )
2017-02-04 12:16:37 +01:00
Sarah Brofeldt
ac6606fbf4
bumblebee service: Fix type error when pmMethod = "bbswitch"
2017-02-04 10:44:44 +01:00
rnhmjoj
a3ff62d48c
namecoind: refactor nixos module
2017-02-03 20:06:45 +01:00
rnhmjoj
f7d49037a4
dnschain service: overhaul option interface & implementation
...
Closes https://github.com/NixOS/nixpkgs/pull/22041
2017-02-03 19:49:16 +01:00
Ricardo Ardissone
0bae18fb55
sane service: mention the lp group for printer+scanners
2017-02-03 20:54:04 +03:00
Joachim Fasting
0c31286f75
grsecurity docs: some polish
...
Fix minor formatting issues, excessive punctuation, and also some
improved wording.
2017-02-03 18:47:07 +01:00
Nikolay Amiantov
230c97c944
Merge pull request #22303 from abbradar/nfs4
...
NFS improvements
2017-02-03 20:04:25 +03:00
Guillaume Maudoux
698f178d4e
default nixos config: add firewall options.
...
By showing how to open ports in the firewall and how to disable it, we make users aware that there is a firewall enabled by default.
2017-02-03 16:45:11 +01:00
Vladimír Čunát
2ba076e99c
Merge branch 'master' into staging
...
>11k more build jobs on master, just for Linux :-/
This way staging will never catch up.
2017-02-03 15:32:08 +01:00
Nikolay Amiantov
9eb540b807
qemu-vm module: fix boot.tmpOnTmpfs
...
This option caused systemd to mount /tmp on top of /tmp/{xchg,shared}.
Fixes #21490 .
2017-02-03 15:02:34 +03:00
Vladimír Čunát
adab4cd58b
Merge branch 'master' into staging
2017-02-03 11:47:38 +01:00
Benjamin Staffin
53e6431d61
Merge pull request #22358 from yorickvP/asteriskupd
...
asterisk: add lts version
2017-02-03 02:30:34 -05:00
Nikolay Amiantov
5247140e57
Merge pull request #21875 from abbradar/gateway-interface
...
Allow specifying interface for default gateway
2017-02-03 02:26:31 +03:00
Pascal Bach
ff3f3399ae
filesystems: add support to mount glusterfs
2017-02-02 23:16:52 +01:00
Pascal Bach
19759cfeab
services: add GlusterFS service
...
This service is only limited in configuration options.
But it is sufficient to run glusterd and configure it using the gluster command
2017-02-02 23:16:52 +01:00
Daiderd Jordan
f87fb85259
Merge pull request #22376 from LumiGuide/wordpress-4.7.2
...
wordpress: 4.7.1 -> 4.7.2 (Security fix)
2017-02-02 19:30:36 +01:00
Daniel Peebles
ff8a21e03c
Merge pull request #22348 from nand0p/hologram-module
...
hologram: 8d86e3f -> d20d1c3
2017-02-02 17:42:07 +01:00
Fernando J Pando
1d85e0bbab
hologram: 8d86e3f -> d20d1c3
...
- Updates dependencies
- Adds configuration module
- Tested on Nixos Unstable
2017-02-02 11:31:42 -05:00
Bas van Dijk
5cc75352f8
wordpress: 4.7.1 -> 4.7.2
...
See: https://make.wordpress.org/core/2017/02/01/disclosure-of-additional-security-fix-in-wordpress-4-7-2/
2017-02-02 16:41:32 +01:00
Yorick van Pelt
1b47bc9477
service.asterisk: add package option
2017-02-02 15:16:00 +01:00
Nikolay Amiantov
0cb487ee04
network-interfaces service: add defaultGateway{,6}.interface
2017-02-02 01:53:00 +03:00
Nikolay Amiantov
4abcef2ba1
bluez service: use upstream units
2017-02-02 00:52:54 +03:00
Nikolay Amiantov
8ef14f80e3
systemd service: add aliases option
2017-02-02 00:52:54 +03:00
Tristan Helmich
24f3abdafb
Revert "Make services.xserver.xkbDir conflict free when overriden."
...
This reverts commit 82bcfef109Fixes #22290 , #22352 .
Signed-off-by: Franz Pletz <fpletz@fnordicwalking.de>
2017-02-01 22:37:04 +01:00
Nikolay Amiantov
c34cfa21d4
Merge pull request #22343 from abbradar/dbus-etc
...
dbus service: use /etc/dbus-1 for configuration
2017-02-01 23:00:07 +03:00
Nikolay Amiantov
e0e9fddf56
nfsd service: use upstream systemd units
...
* Use /etc/nfs.conf as the recommended upstream way to configure services.
* Move server options to nfsd module.
2017-02-01 19:47:33 +03:00
Eelco Dolstra
9d6a55aefd
~/.nixpkgs -> ~/.config/nixpkgs
...
The former is still respected as a fallback for config.nix for
backwards compatibility (but not for overlays because they're a new
feature).
2017-02-01 16:07:55 +01:00
Vladimír Čunát
a2e7770b51
Merge branch 'master' into staging
...
There have been some larger security rebuilds on master.
2017-02-01 15:56:35 +01:00
Nikolay Amiantov
72b3746266
dbus service: remove {system,session}.conf from config dir
...
They are already included by dbus from /run/current-system/sw/share/dbus-1.
2017-02-01 15:37:24 +03:00
Nikolay Amiantov
39344a36d3
dbus service: use /etc/dbus-1 for configuration
...
Also use upstream systemd units.
2017-02-01 15:03:22 +03:00
Franz Pletz
f96c3f1844
Merge pull request #22180 from mguentner/offline_ipfs
...
services: ipfs: separate system units, add offline mode
2017-02-01 03:41:31 +01:00
Nikolay Amiantov
876a6d7f03
rpcbind service: use upstream systemd unit
2017-02-01 02:45:19 +03:00
Peter Simons
10349e72b9
nixos: drop unused 'haskellPackages' option from ihaskell service
...
Closes https://github.com/NixOS/nixpkgs/issues/19039 .
2017-01-31 22:38:01 +01:00
Vladimír Čunát
01751a9447
Merge #22309 : vim: allow building with gtk3
2017-01-31 09:41:24 +01:00
Aneesh Agrawal
68b4a1f669
nixos: Respect nixpkgs.overlays ( #22221 )
2017-01-31 09:38:02 +01:00
Benjamin Staffin
e01c15d433
nixos: if gnome3 is installed, build gvim for gtk3 too
2017-01-31 02:36:35 -05:00
Nikolay Amiantov
8d379ddfef
opengl service: use option for XDG_DATA_DIRS
2017-01-31 04:38:09 +03:00
Nikolay Amiantov
98b0195dde
video services: don't install OpenCL files to /etc
...
They shouldn't be needed now that we search them in /run/opengl-driver.
2017-01-31 03:36:25 +03:00
Edward Tjörnhammar
b08524bf01
nixos: nylon, use named instances
2017-01-30 20:32:06 +01:00
Parnell Springmeyer
128bdac94f
Conditionally logging debug messages based on the WRAPPER_DEBUG env var being set (or not)
2017-01-30 12:59:29 -06:00
Parnell Springmeyer
d8ecd5eb0d
Switching to individually generated derivations
2017-01-30 12:26:56 -06:00
Vladimír Čunát
9cd2dbc569
Merge branch 'master' into staging
...
Hopefully this will fix the mass abortion on Hydra;
restarting the jobs didn't help.
2017-01-30 18:39:36 +01:00
Vaibhav Sagar
63f609b1a4
ihaskell: remove service configuration. ( #22268 )
...
See #22047 . This change should be reverted after IHaskell has been
updated to support GHC 8.
2017-01-30 08:38:42 +01:00
Parnell Springmeyer
264db4e309
Set merge + mkIf always surprises me
2017-01-29 17:10:32 -06:00
Parnell Springmeyer
f2f3f1479e
Derp, wrong path name
2017-01-29 16:54:27 -06:00
Parnell Springmeyer
0f728de67e
More migration cleanup + todos for cleanup
2017-01-29 16:52:23 -06:00
Parnell Springmeyer
4856b42ab6
Gotta provide sane defaults! This is what I get for 5AM coding
2017-01-29 16:47:14 -06:00
Parnell Springmeyer
9abe7528e4
Switching locate over to new wrapper API
2017-01-29 11:27:08 -06:00
Edward Tjörnhammar
e324c02aa5
nixos: i2pd, follow redirect
2017-01-29 18:00:58 +01:00
Parnell Springmeyer
6777e6f812
Merging with upstream
2017-01-29 05:54:01 -06:00
Parnell Springmeyer
c5f1f9a3b5
More mistake fixes
2017-01-29 05:45:43 -06:00
Parnell Springmeyer
9f82c9903d
More fixes
2017-01-29 05:44:29 -06:00
Parnell Springmeyer
cfe4351c33
I'm clearly very tired
2017-01-29 05:39:54 -06:00
Parnell Springmeyer
3215bcf445
Beebooboop
2017-01-29 05:39:18 -06:00
Parnell Springmeyer
a3e9d77640
More derp? It's 5am...
2017-01-29 05:36:47 -06:00
Parnell Springmeyer
1cc500ea8e
Syntax wibble
2017-01-29 05:34:50 -06:00
Parnell Springmeyer
628e6a83d0
More derp
2017-01-29 05:33:56 -06:00
Nicolas B. Pierron
82bcfef109
Make services.xserver.xkbDir conflict free when overriden.
2017-01-29 12:24:31 +01:00
Parnell Springmeyer
70b8167d4a
A few more tweaks
2017-01-29 05:05:30 -06:00
Parnell Springmeyer
4aa0923009
Getting rid of the var indirection and using a bin path instead
2017-01-29 04:11:01 -06:00
Parnell Springmeyer
a8cb2afa98
Fixing a bunch of issues
2017-01-29 01:58:12 -06:00
Parnell Springmeyer
af3b9a3d46
More wibbles?
2017-01-29 01:41:39 -06:00
Parnell Springmeyer
48564d1ae5
Another wibble
2017-01-29 01:31:33 -06:00
Parnell Springmeyer
5077699605
Derp derp
2017-01-29 01:27:11 -06:00
Parnell Springmeyer
0707a3eaa2
Qualify with lib
2017-01-29 01:23:10 -06:00
Parnell Springmeyer
8e159b9d1e
Qualify mkOption with lib
2017-01-29 01:22:47 -06:00
Parnell Springmeyer
70ec24093c
Removing dead code
2017-01-29 01:22:19 -06:00
Parnell Springmeyer
82de4c0fad
setcap-wrapper: Syntax wibble
2017-01-29 01:20:02 -06:00
Parnell Springmeyer
7680a40a37
setcap-wrapper: Syntax wibble
2017-01-29 01:16:04 -06:00
Parnell Springmeyer
2f113ee90a
setcap-wrapper: Minor refactor
2017-01-29 01:08:36 -06:00
Parnell Springmeyer
3fe7b1a4c9
setcap-wrapper: Addressing more PR feedback, unifying drvs, and cleaning up a bit
2017-01-29 01:07:12 -06:00
Parnell Springmeyer
e92b8402b0
Addressing PR feedback
2017-01-28 20:48:03 -08:00
Tuomas Tynkkynen
424cfe7686
Merge remote-tracking branch 'upstream/master' into staging
2017-01-29 02:16:29 +02:00
Joachim F
ac1e65c302
Merge pull request #22230 from michaelpj/services/arbtt-fix-wanted-by
...
arbtt: multi-user.target does not exist in user systemd
2017-01-29 00:37:17 +01:00
Michael Peyton Jones
46c0da1818
arbtt: multi-user.target does not exist in user systemd
2017-01-28 14:29:19 +00:00
Joachim Fasting
6303d2b0ca
nixos: add sysstat to module list
...
The service itself was added in d3d7f43f76
2017-01-28 12:27:34 +01:00
Franz Pletz
ae3fc70ede
Merge pull request #22124 from mayflower/feature/frab
...
frab: init at 2016-12-28 & module
2017-01-27 17:15:05 +01:00
Dan Peebles
ced27b2966
fluentd module: add configurable package option
2017-01-27 15:08:23 +00:00
Guillaume Maudoux
29667f639c
dbus: catch new services without reboot ( #20871 )
...
DBus daemon now loads its config from /run/current-system/dbus.
Reloading the daemon makes it re-read that file and catch the updates
after a system upgrade.
2017-01-27 14:46:13 +01:00
Tuomas Tynkkynen
be0e48e48f
Merge remote-tracking branch 'upstream/master' into staging
2017-01-27 02:18:44 +02:00
Maximilian Güntner
123dd9f4e7
services: ipfs: separate system units, add offline mode
...
Offline mode: When adding a lot of data, start this service.
It will will not flood the DHT since it only exposes the API.
When you are done simply reverse the process.
2017-01-27 00:27:50 +01:00
Mike Cooper
18eff26dd9
Fix typo in pulseaudio.nix
2017-01-26 20:52:33 +01:00
Parnell Springmeyer
9de070e620
Setuid wrapper should not be constrained to a specific linux kernel version
2017-01-26 09:39:37 -08:00
Parnell Springmeyer
01e6b82f3f
Removing dead code
2017-01-26 09:20:15 -08:00
Robin Gloster
a38f1911d3
systemd: 231 -> 232
...
Includes adding some more upstream units and removing obsolete (-.slice) ones.
2017-01-26 17:52:52 +01:00
Tuomas Tynkkynen
e2a2f6d595
Merge pull request #22117 from dezgeg/aarch64-for-merge
...
Aarch64 (ARM64) support
2017-01-26 17:52:28 +02:00
Gregor Kleen
06211e700b
locate: build in correct dbpath
2017-01-26 12:57:03 +01:00
Gregor Kleen
cc1ebd1db4
locate: enhance mlocate support
2017-01-26 12:57:02 +01:00
Gregor Kleen
114e738e41
locate: better mlocate support & cleanup
2017-01-26 12:56:53 +01:00
Parnell Springmeyer
189a0c2579
Wrap with quotes as-per GCC's recommendation
2017-01-26 02:07:36 -08:00
Parnell Springmeyer
c30cf645f8
Make setting of the wrapper macros a compile-time error
2017-01-26 02:06:24 -08:00
Parnell Springmeyer
a26a796d5c
Merging against master - updating smokingpig, rebase was going to be messy
2017-01-26 02:00:04 -08:00
Parnell Springmeyer
ad8fde5e5d
Andddd more derp
2017-01-26 01:33:25 -08:00
Parnell Springmeyer
ce36b58e21
Derp
2017-01-26 01:31:49 -08:00
Parnell Springmeyer
f64b06a3e0
Hmmm
2017-01-26 01:13:19 -08:00
Parnell Springmeyer
fd974085bf
It's clearly quite late
2017-01-26 01:04:12 -08:00
Parnell Springmeyer
61fe8de40c
Silly, should just have one activation script
2017-01-26 01:03:18 -08:00
Parnell Springmeyer
48a0c5a3a7
More fixing
2017-01-26 01:00:46 -08:00
Parnell Springmeyer
21368c4c67
Hmm, unnecessary
2017-01-26 00:58:44 -08:00
Parnell Springmeyer
a4f905afc2
Enhhh I think compile time macros are gross
2017-01-26 00:41:00 -08:00
Parnell Springmeyer
785684f6c2
Ahhh, my compile-time macros confused me...of course they did...
2017-01-26 00:39:17 -08:00
Parnell Springmeyer
1ad541171e
Hmm
2017-01-26 00:36:35 -08:00
Parnell Springmeyer
e8bec4c75f
Implicit declared function...
2017-01-26 00:35:01 -08:00
Parnell Springmeyer
a20e65724b
Fixing
2017-01-26 00:32:59 -08:00
Parnell Springmeyer
025555d7f1
More fixes and improvements
2017-01-26 00:05:40 -08:00
Franz Pletz
fbf762e0b7
frab module: init
2017-01-25 23:58:21 +01:00
Robin Gloster
117e5547d1
Merge pull request #21311 from makefu/services/logstash
...
services.logstash: default options, examples and address update
2017-01-25 22:11:40 +01:00
Shaun Sharples
462ef74442
factorio: remove autosave-interval from command-line options
2017-01-25 21:39:37 +01:00
Shaun Sharples
7f358917ee
factorio: settings moved from command-line options to server-settings.json
2017-01-25 21:39:37 +01:00
Pascal Bach
01fd86723c
install-device: correct command to start sshd
2017-01-25 21:09:31 +01:00
Pascal Bach
03ef04f0a4
install-device: permit root login with password
...
Allow password login to the installation this allows doing remote installation
via SSH. All that need to be done on the local machine is:
1. Boot from the installation media
2. Set a password with passwd
3. Enable SSH with systemctl start sshd
It is safe as root doesn't have a password by default
and SSH is disabled by default.
Fixes #20718
2017-01-25 21:09:31 +01:00
Parnell Springmeyer
bae00e8aa8
setcap-wrapper: Merging with upstream master and resolving conflicts
2017-01-25 11:08:05 -08:00
Franz Pletz
516760a6fb
nixos/acme: add random delay to timer
...
This way we behave like good citizens and won't overload Let's Encrypt
with lots of cert renewal requests at the same time.
2017-01-25 19:15:04 +01:00
Vladimír Čunát
278bbe3b33
add kresd service with basic options
...
Still celebrating today's 1.2.0 release!
2017-01-25 18:46:28 +01:00
Bob van der Linden
d9987f360a
nginx: added serverName option for virtualHosts
...
This allows overriding the `server_name` attribute of virtual
hosts. By doing so it is possible to have multiple virtualHost
definitions that share the same `server_name`. This is useful in
particular when you need a HTTP as well as a HTTPS virtualhost: same
server_name, different port.
2017-01-25 14:55:55 +01:00
Franz Pletz
b9b95aa4d4
Merge pull request #22034 from mayflower/conntrack-helpers
...
Disable conntrack helper autoloading by default
2017-01-25 14:18:41 +01:00
Tuomas Tynkkynen
32643dc07d
installer: sd-image-*.nix: Document how to build them
2017-01-25 15:07:37 +02:00
Daniel Peebles
95add2c2f7
Merge pull request #22103 from copumpkin/automatic-kafka-broker-id
...
apache-kafka service: change default brokerId to -1
2017-01-24 22:17:03 -05:00
Tuomas Tynkkynen
0e4c1bfb43
installer: Add SD image expression for Aarch64
...
This one works on the Raspberry Pi 3 so far.
2017-01-25 02:14:47 +02:00
Tuomas Tynkkynen
b29ee6c8ff
U-Boot: Add 64-bit Raspberry Pi 3 build
...
And rename the old ubootRaspberryPi3 to ubootRaspberryPi3_32bit.
2017-01-25 02:14:47 +02:00
Franz Pletz
8322a12ef2
firewall: disable conntrack helper autoloading by default
...
This was disabled in the Linux kernel since 4.7 and poses a security risk
if not configured properly.
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=486dcf43da7815baa615822f3e46883ccca5400f
2017-01-25 01:14:04 +01:00
Franz Pletz
403fdd737e
linux: remove canDisableNetfilterConntrackHelpers feature
...
This feature is available in all kernels in nixpkgs.
2017-01-25 00:28:55 +01:00
Thomas Tuegel
54df142672
nixos/kde5: use kimpanel with IBus by default
2017-01-24 12:55:06 -06:00
Thomas Tuegel
e38970c60b
nixos/ibus: fix custom panel example
...
The example was missing a `''`, so it did not appear correctly in the
manual. This also caused the manual to retain references inappropriately.
2017-01-24 12:52:39 -06:00
Michael Raskin
ae4f2fd145
Merge pull request #22066 from mbrgm/journalbeat
...
journalbeat service: init at 5.1.2
2017-01-24 17:56:48 +00:00
Michael Raskin
7516dbe35e
Merge pull request #22045 from rnhmjoj/recursor
...
PowerDNS Recursor: add package and service
2017-01-24 17:54:47 +00:00
Michael Raskin
47661c831e
Merge pull request #22028 from MostAwesomeDude/tahoe
...
Tahoe-LAFS version bump
2017-01-24 17:49:00 +00:00
Dan Peebles
eebee95176
apache-kafka service: change default brokerId to -1
...
A default of 0 means that if you deploy two NixOS boxes with the default
configuration, the second will fail because the brokerId was already in
use. Using -1 instead tells it to pick one automatically at first start.
2017-01-24 12:32:22 -05:00
Kai
25d86bdd10
vnstat service: init ( #19809 )
2017-01-24 14:45:01 +01:00
Tristan Helmich
b3b300b6ff
smokeping: setuid for fping6
2017-01-24 12:40:21 +01:00
Vladimír Čunát
fd26ad6f76
nixos programs.man.enable: improve description
2017-01-24 09:59:54 +01:00
Corbin
de4c9e0d15
nixos/services/tahoe: Work around awkward command.
2017-01-23 17:55:41 -08:00
Tuomas Tynkkynen
b63f97c6e6
installer: Include stdenvNoCC
...
And don't include ArchiveCpio as that one is no longer needed after
5a8147479
2017-01-23 23:49:18 +02:00
Marius Bergmann
00444cbf25
journalbeat service: init at 5.1.2
...
Journalbeat is a log shipper from systemd/journald to
Logstash/Elasticsearch. I added a package as well as a NixOS service
module for it.
2017-01-23 18:28:55 +01:00
rnhmjoj
6bcf89f217
pdns-recursor: add service
2017-01-23 17:57:48 +01:00
Jaka Hudoklin
90e0ed32ef
Merge pull request #22043 from rnhmjoj/dnscrypt-wrapper
...
dnscrypt-wrapper: add service
2017-01-23 11:23:28 +01:00
rnhmjoj
9f2bb2ed42
dnscrypt-wrapper: add service
2017-01-23 07:06:07 +01:00
Robert Helgesson
cd9f709582
flannel service: fix enable expression
...
Need to surround the equality check in parentheses.
2017-01-22 21:58:39 +01:00
Franz Pletz
df0301f59b
nixos/networkmanager: trigger assertion instead of error
2017-01-22 20:32:24 +01:00
Charles Strahan
d298a961f1
Merge pull request #21416 from cstrahan/mesos-1.1.0
...
mesos: 1.0.1 -> 1.1.0
2017-01-21 19:05:18 -05:00
Charles Strahan
5b1b089de3
Merge pull request #8642 from cstrahan/slim-console-cmd
...
nixos: provide default console_cmd for slim
2017-01-21 19:01:02 -05:00
Charles Strahan
71f92bc8a3
nixos: provide default console_cmd for slim
...
This provides a default console_cmd for the slim display-manager.
When the user enters "console" as the user name, slim will run this
command.
Having a default is rather important; the virtual terminals don't work
with some display drivers, so having a broken X session can leave you
locked out of your machine.
2017-01-21 18:59:28 -05:00
Franz Pletz
ab90eac835
networking: fix typo in resolvconf option edns0
2017-01-21 20:41:11 +01:00
Daiderd Jordan
1aa77d0519
Merge pull request #19363 from schneefux/gogs-module
...
gogs: init module
2017-01-21 16:25:16 +01:00
Franz Pletz
068dad3a21
systemd-boot: fix evaluation
2017-01-21 14:42:10 +01:00
Linus Heckemann
98bd722d1d
systemd-boot: allow setting editor security option ( #21853 )
2017-01-21 14:24:26 +01:00
schneefux
67c4512060
gogs service: init
2017-01-21 13:38:24 +01:00
Thomas Tuegel
1e266dac0d
ibus: make panel configurable
2017-01-20 18:51:29 -06:00
Daiderd Jordan
2b2b0b566d
Merge pull request #20183 from womfoo/init/netdata-service
...
netdata service: init
2017-01-20 21:05:10 +01:00
Nikolay Amiantov
d75a3cfb29
Merge pull request #21995 from abbradar/opencl
...
Fix OpenCL support
2017-01-20 12:09:17 +03:00
Graham Christensen
c0f3b8d629
wordpress: 4.6.1 -> 4.7.1 for multiple CVEs
...
CVE-2017-5487 CVE-2017-5488 CVE-2017-5489 CVE-2017-5490 CVE-2017-5491 CVE-2017-5492 CVE-2017-5493
2017-01-19 22:53:49 -05:00
Nikolay Amiantov
221685aee9
opengl service: mention that you can add OpenCL drivers
2017-01-20 03:37:51 +03:00
Bjørn Forsman
6a52a130de
nixos/kde5: enable system-config-printer dbus service
...
Without it, the following error is shown in the "Add Printer" window:
Failed to group devices: 'The name org.fedoraproject.Config.Printing was not provided by any .service files'
2017-01-18 20:39:17 +01:00
Robin Gloster
f4f4200d9a
install-devices: add vim
...
This moves vim to the install-device profile to add vim to netboot, too.
Fixes #20013 (see discussion there for further information)
2017-01-18 17:57:31 +01:00
Michael Weiss
460b43dbfe
firewall: Improve the comments (documentation) ( #21862 )
...
* Fix the FW names
FW_REFUSE was removed and nixos-fw-input was renamed to nixos-fw.
* Update the comment (documentation) at the top
Order the chains of the main table alphabetically (like in the rest of
the file) and add nixos-fw-rpfilter (from the raw table) and nixos-drop
(used while reloading the firewall).
* Refactor the module (mainly comments)
- Move some attributes to the top for better visibility (that should
hopefully make it easier to read and understand this module without
jumping around too much).
- Add some missing examples and improve some descriptions.
- Reorder the mkOption attributes for consistency.
- Wrap lines at 72 characters.
- Use two spaces between sentences.
2017-01-18 17:18:11 +01:00
Eelco Dolstra
42a7d906d9
EC2 AMIs: 16.09.666.3738950 -> 16.09.1508.3909827
...
In particular, this includes a fix for using ephemeral disks for /tmp,
and adds AMIs for the new eu-west-2 (London) and us-east-2 (Ohio)
regions.
2017-01-18 12:42:39 +01:00
gnidorah
4a662e5206
nano: add nix syntax hightlight, nano module: provide default ( #21912 )
...
this is awesome! thanks.
2017-01-18 12:05:30 +01:00
Jörg Thalheim
8fa8e4ada9
Merge pull request #21961 from kierdavis/ckb
...
ckb: add to module list
2017-01-18 08:32:02 +01:00
Kier Davis
3aa218edbf
ckb: add to module list
...
Not the first time I've forgotten to do this.
2017-01-17 23:12:21 +00:00
Svein Ove Aas
fec95a40f1
ddclient: Don't include blank server= lines.
2017-01-16 18:54:49 +01:00
Tristan Helmich
e5f353d5cd
couchpotato module: init
2017-01-16 12:54:43 +01:00
Jörg Thalheim
28093e42ec
Merge pull request #21864 from pjones/pjones/dovecot
...
dovecot: Fix sieve scripts
2017-01-16 12:42:06 +01:00
Nicolas B. Pierron
c4e2dc36f2
Fix typo, lib.listOf --> types.listOf
2017-01-16 01:17:33 +01:00
Nicolas B. Pierron
a0615e2a9f
Fix typo in nixpkgs.nix module.
2017-01-16 01:17:33 +01:00
Nicolas B. Pierron
2d6532b330
Update overlay documentation by following nits from aneeshusa.
2017-01-16 01:17:33 +01:00
Nicolas B. Pierron
83f7d5fc0a
Add NixOS option 'nixpkgs.overlays' to set the argument of Nixpkgs.
2017-01-16 01:17:33 +01:00
Bjørn Forsman
4c803b904e
nixos/clamav: set "clamav" user's primary group to "clamav"
...
So that the files created by the clamav service is owned by group
"clamav" instead of "nogroup".
2017-01-15 22:56:34 +01:00
Franz Pletz
30645560cd
Merge pull request #21880 from mguentner/ipfs_empty_repo
...
services: ipfs: add emptyRepo option, refactor
2017-01-15 18:16:00 +01:00
Nikolay Amiantov
3eafa26d75
Merge pull request #21828 from abbradar/hwdb-verify
...
udev service: verify that hwdb is generated without errors
2017-01-15 19:53:53 +03:00
Nikolay Amiantov
70a6628848
Merge pull request #21882 from abbradar/dhcp6
...
DHCPv6 improvements
2017-01-15 19:53:33 +03:00
Nikolay Amiantov
820b4cd067
firewall service: allow DHCPv6 client traffic
2017-01-15 19:38:54 +03:00
Nikolay Amiantov
1158eda66a
dhcpd service: add DHCPv6 support
2017-01-15 19:38:53 +03:00
Maarten Hoogendoorn
69391e3423
kube-controller-manager service: Allow restarts on failure
2017-01-15 13:27:45 +01:00
Jaka Hudoklin
b5f4db2170
Merge pull request #21050 from offlinehacker/nixos/programs/chromium/add
...
chromium module: add support for chromium policies as nixos module
2017-01-15 01:28:34 +01:00
sternenseemann
9f56dd9d63
nixos/pulseaudio: make daemon.conf configurable ( #20888 )
...
This adds pulseaudio.daemon.config, which is a set of keys to values
which are directly translated to keys and values of pulseaudio's
daemon.conf, e. g.
hardware.pulseaudio.daemon.config = { flat-volumes = "no"; }
becomes
flat-volumes=no
in pulse/daemon.conf.
2017-01-14 22:58:16 +01:00
Bjørn Forsman
d2413943fa
nixos/prometheus: add configText option for alertmanager
...
The reason being less mental overhead when reading upstream
documentation. Examples can be pasted right into the configuration
instead of translating to Nix attrset first.
2017-01-14 15:41:05 +01:00
Sheena Artrip
5c5648b1f6
caddy: add package config option
2017-01-13 22:29:26 -05:00
Maximilian Güntner
a541f86f8b
services: ipfs: add emptyRepo option, refactor
2017-01-14 04:01:43 +01:00
Peter Jones
75aaae34a9
dovecot: Fix sieve scripts
...
Make sure that the output of the sieve compiler produces files that
have a newer time stamp than the source sieve script. Otherwise you
get errors in the logs about Dovecot not being able to compile do to a
permission issue.
2017-01-13 14:19:29 -07:00
Pascal Wittmann
d760d9cccc
Merge pull request #21836 from kierdavis/ckb
...
ckb: init at 0.2.6
2017-01-13 21:44:21 +01:00
Eelco Dolstra
96b6968950
nix: 1.11.5 -> 1.11.6
2017-01-13 11:38:09 +01:00
makefu
e9c6cf02e6
services.logstash: rename address to listenAddress
2017-01-13 10:19:32 +01:00
makefu
10303e9e47
services.logstash: update example and default filter
2017-01-13 10:19:19 +01:00
Jörg Thalheim
4b24ec524d
Merge pull request #21835 from volth/miredo-no-checkconf
...
miredo: do not run miredo-checkconf
2017-01-13 00:25:30 +01:00
Kier Davis
ea7a8bf2d9
ckb: init at 0.2.6
...
ckb is a driver for Corsair keyboards/mice. It also contains a graphical tool for configuring their LED backlight settings.
The driver is implemented as a userland daemon. A NixOS module is included that runs this as a systemd service.
2017-01-12 18:25:14 +00:00
Domen Kožar
e5dcce837a
nixos: fix terminal-server, fixes #21834
2017-01-12 16:41:33 +01:00
Volth
ac0b6b9a2c
miredo: do not run miredo-checkconf
2017-01-12 14:30:58 +00:00
Nikolay Amiantov
6dbcf7d2e9
udev service: verify that hwdb is generated without errors
2017-01-12 11:11:59 +03:00
Jörg Thalheim
05a4fbd56d
Merge pull request #21814 from gpyh/zsh-autosuggestions
...
Fix zshrc ordering
2017-01-11 22:29:25 +01:00
Jörg Thalheim
62708c29f8
Merge pull request #21570 from michaelpj/services/arbtt
...
arbtt service: init
2017-01-11 22:27:52 +01:00
gpyh
373e40736a
Fix zshrc ordering
...
The content of programs.zsh.interactiveShellInit was
inserted too soon in the generated zshrc
This caused some settings related to autocompletion to be ignored
2017-01-11 22:03:27 +01:00
Jörg Thalheim
9c8517a9eb
Merge pull request #21788 from Mic92/apparmor
...
apparmor: support for lxc profiles
2017-01-11 08:39:54 +01:00
Yacine Hmito
f88e2fb5f1
zsh-autosuggestions: init at 0.3.3 ( #21792 )
...
Added a related `programs.zsh.enableAutosuggestions` option
2017-01-11 07:00:48 +01:00
Jörg Thalheim
30a554acfb
apparmor: support for lxc profiles
2017-01-10 23:01:03 +01:00
Franz Pletz
e4fb2bb0c5
Revert "nixos/stage2: Check for each special mount individually and mount missing ones. ( #21370 )"
...
This reverts commit 712e62c260
2017-01-10 17:35:38 +01:00
Vladimír Čunát
11696e290d
nixos networking.dnsExtensionMechanism = true; by default
...
https://github.com/NixOS/nixpkgs/issues/12470#issuecomment-266785641
I've been using it for weeks without encountering any problems.
2017-01-10 15:15:01 +01:00
Franz Pletz
88908145ea
nixos installer: don't log refused packets to console
...
Fixes #19764 .
2017-01-09 19:24:41 +01:00
oida
d423567a95
prometheus-snmp-exporter: added nixos module
2017-01-09 18:05:28 +01:00
Robin Gloster
575afe3fa7
prometheus exporter modules: unify firewall handling
2017-01-09 15:31:37 +01:00
Corbin
618b249fc5
prometheus module: add blackboxExporter
2017-01-09 15:20:26 +01:00
Corbin
bd45d5fe8d
prometheus module: add jsonExporter
2017-01-09 15:20:26 +01:00
Corbin
1b839a586b
prometheus module: add varnishExporter
2017-01-09 15:20:26 +01:00
Corbin
363fa27448
promeutheus.nginxExporter: add improvements
...
- use ExecStart and ExecReload
- add extraFlags
2017-01-09 15:20:26 +01:00
Robin Gloster
39e8eaf8b6
prometheus module: add nginxExporter
2017-01-09 15:20:26 +01:00
Peter Hoeg
f1b8c3b119
pulseaudio nixos module: use the units provided by upstream ( #21633 )
...
I have left in 2 NixOS custom config directives, so the configuration
should be the same with the only change in behaviour being that the
service is not eagerly loaded but in fact only socket activated, which
it should be.
2017-01-09 13:47:33 +01:00
Sebastian Hagen
712e62c260
nixos/stage2: Check for each special mount individually and mount missing ones. ( #21370 )
2017-01-09 10:32:23 +01:00
teh
a878365b77
nixos docs: update for Nginx + ACME ( #21320 )
...
Closes #20698 .
2017-01-09 06:39:10 +01:00
Svein Ove Aas
a4fca56897
ddclient: Write /etc/ddclient.conf when requested
...
Fixes #20101
From PR #21417
2017-01-09 06:29:15 +01:00
Daniel Peebles
b0264bb63c
Merge pull request #21703 from copumpkin/httpd-no-mkdir
...
httpd module: don't create documentRoot directory if it doesn't exist
2017-01-09 00:28:41 -05:00
Jörg Thalheim
94c4eab6cc
Merge pull request #21733 from regellosigkeitsaxiom/master
...
Added option networking.wireless.networks.*.priority
2017-01-08 17:45:52 +01:00
florianjacob
ef8fd815cc
update os-release manpage link
...
the old manpage at 0pointer is still there, but does not seem to get updated
2017-01-07 19:57:03 +02:00
Valentin Shirokov
e138d3afdf
Added option networking.wireless.networks.*.priority
...
It is literal 'priority' option of wpa_supplicant.conf
2017-01-07 20:23:12 +08:00
Franz Pletz
e6708cea37
bind: fix collision of binaries in outputs
...
Using outputsToInstall the intended behaviour of including host and dnsutils
when bind is installed can be implemented instead of using symlinks to fix
installing all outputs individually with nix-env.
Fixes #19761 .
2017-01-07 02:44:54 +01:00
Dan Peebles
df7b4f4f6f
httpd module: don't create documentRoot directory if it doesn't exist
...
It hides bugs and do you ever actually want to serve up an empty directory?
It was pretty confusing to me when it tried to write into a read-only store
path because I accidentally pointed it to the wrong store path.
2017-01-05 21:19:16 -05:00
volth
9bb6d91c73
httpd: setuptools is not top-level
2017-01-05 17:37:33 +00:00
Jörg Thalheim
ca0d747d6d
Merge pull request #21578 from Mic92/zfs
...
zfs: add unstable variant
2017-01-05 12:52:56 +01:00
Jörg Thalheim
4029470a6f
zfs: add unstable variant
...
Until now nixos only delivered the latest zfs release. This release is often not
compatible with the latest mainline kernel. Therefor an unstable variant is
added, which might be based on testing releases or git revisions.
fixes #21359
2017-01-05 08:40:50 +01:00
Joachim F
02053c31c1
Merge pull request #21586 from pngwjpgh/postgrey
...
Postgrey
2017-01-05 07:24:47 +01:00
Franz Pletz
cdbffaa86e
Merge pull request #21625 from mayflower/smokeping
...
smokeping: Allow customization of cgiurl and imgurl
2017-01-04 21:56:12 +01:00
Joachim F
9e0dc9fa7c
Merge pull request #21592 from joachifm/cjdns-optional-extraHosts
...
cjdns service: optional extraHosts
2017-01-04 18:54:09 +01:00
Alexander Kahl
61d125b842
sssd: init at 1.14.2
...
perlPackages.TextWrapI18N: init at 0.06
perlPackages.Po4a: init at 0.47
jade: init at 1.2.1
ding-libs: init at 0.6.0
Switch nscd to no-caching mode if SSSD is enabled.
abbradar: disable jade parallel building.
Closes #21150
2017-01-04 03:07:20 +03:00
Graham Christensen
85dbc754a1
Merge pull request #21621 from volth/fix-synaptics-symlink
...
synaptics: fix broken symlink
2017-01-03 18:13:40 -05:00
Tristan Helmich
f808502aba
smokeping: cleanup (option ordering)
2017-01-03 23:10:59 +01:00
Tristan Helmich
b5703eaa80
smokeping: Allow full override of imgurl + cgiurl
2017-01-03 23:10:54 +01:00
Chris Martin
6a7664e6cd
Add some more details about useSandbox
2017-01-03 14:24:49 -05:00
volth
428daee5bc
fix broken link to synaptics config
2017-01-03 19:23:24 +00:00
Eelco Dolstra
d496f23df0
amazon-image.nix: Remove redundant log message
...
(cherry picked from commit c4b5ed5db74cde94b19d519a8d875e3f7df48a76)
2017-01-03 17:32:47 +01:00
Eelco Dolstra
b297af42d2
Fix using ephemeral disks for /tmp etc. in EC2 instances
...
This code in amazon-image.nix:
if mountFS "$device" "$mp" "" auto; then
if [ -z "$diskForUnionfs" ]; then diskForUnionfs="$mp"; fi
fi
relies on mountFS to return a zero exit status if mounting
succeeds. But the lustrateRoot check in mountFS was causing a non-zero
exit status. As a result /disk0 would be mounted, but not used for
/tmp.
(cherry picked from commit d082ed8c35dec48aee2afd1303b3c8b2a1b242b0)
2017-01-03 17:32:42 +01:00
Thomas Tuegel
0723aa8108
Merge pull request #21466 from abbradar/kde-wrapper
...
Flatten nested kdeWrappers
2017-01-03 08:21:39 -06:00
Jörg Thalheim
1d72e81d6f
Merge pull request #21608 from volth/miredo-fix-kill-path
...
miredo: fix path to "kill"
2017-01-03 11:30:56 +01:00
Eelco Dolstra
0108c31e22
nix: 1.11.4 -> 1.11.5
2017-01-03 11:25:38 +01:00
volth
c737809465
miredo-fix-kill-path
2017-01-03 10:10:34 +00:00
Nikolay Amiantov
1dceb2290c
kde5 service: use flattening kdeWrapper
2017-01-03 02:33:19 +03:00
Balletie
e5f5aa52e5
pommed service: use pommed-light
...
The pommed package was marked as broken. It is also severely
unmaintained. I therefore chose to replace it entirely with
`pommed-light`, for now.
2017-01-02 19:40:50 +01:00
Tomas Hlavaty
bdb9cd1e17
cjdns service: optionally add cjdns hosts to networking.extraHosts
...
Enabling this incurs a heavy eval-time cost, but it's a nice usability
enhancement; satisfy both concerns by making it optional (default
false).
2017-01-02 19:31:37 +01:00
Joachim Fasting
237af1853a
Revert "nixos/cjdns: do not ammend /etc/hosts"
...
This reverts commit 60ded3f363
2017-01-02 19:31:11 +01:00
Jörg Thalheim
1cc8b83079
Merge pull request #21566 from bjornfor/hostname
...
nixos: provide /etc/hostname
2017-01-02 19:27:06 +01:00
Bjørn Forsman
cb9195b7bc
nixos: provide /etc/hostname
...
/etc/hostname is the file used by hostnamectl(1) and the
org.freedesktop.hostname1 dbus service (both provided by systemd) to get
the "static hostname". Better provide it so that users of those
tools/services get a proper hostname.
An example of an issue created by the lack of /etc/hostname is that the
bluetooth stack on NixOS identifies itself to peers as "BlueZ $VERSION"
instead of the hostname.
References:
https://www.freedesktop.org/software/systemd/man/hostname.html
Changes v1 -> v2:
* ensure /etc/hostname ends with a newline
2017-01-02 19:14:06 +01:00
Gregor Kleen
9383b2cf34
postgrey: backwards compatability
2017-01-02 18:01:42 +01:00
gnidorah
90deca3a0c
nixos-generate-config: detect CPU governor
...
* cpu-freq: Try powersave if ondemand is not available
* Revert "cpu-freq: Try powersave if ondemand is not available"
This reverts commit 4dc56db37e
2017-01-02 17:20:28 +01:00
Gregor Kleen
65f0ddbd53
postgrey: improve formatting
2017-01-02 15:42:51 +01:00
Gregor Kleen
58fa71b39c
postgrey: allow additional whitelists
2017-01-02 15:40:54 +01:00
Gregor Kleen
82291bae49
postgrey: more verbose default socket
2017-01-02 15:32:50 +01:00
Gregor Kleen
3c0d02c387
postgrey: coerce integers
2017-01-02 15:27:00 +01:00
Gregor Kleen
e2dd0799a8
postgrey: fix submodule syntax
2017-01-02 15:19:00 +01:00
Gregor Kleen
e196ad2c66
postgrey: add descriptions to IPv?CIDR
2017-01-02 15:12:39 +01:00
Gregor Kleen
06bcdc177c
postgrey: extended configuration
2017-01-02 15:10:03 +01:00
Michael Peyton Jones
10e2d88f6c
arbtt service: init
2017-01-01 18:59:01 +00:00
Bjørn Forsman
49d444416c
nixos: cosmetic refactor of environment.etc."hostid"
...
Create the file using attrset instead of list, to make it easier to
later provide other files in the same module.
2017-01-01 17:08:34 +01:00
Jörg Thalheim
05f2f8e1fd
Merge pull request #21505 from tg-x/mpd-listen
...
mpd: listen on 127.0.0.1 by default
2017-01-01 16:06:17 +01:00
tg(x)
002f3c8760
mpd: listen on 127.0.0.1 by default
2017-01-01 13:46:39 +01:00
Robin Stumm
11fe837758
rename sound.enableMediaKeys to sound.mediaKeys.enable and add volumeStep
2017-01-01 11:44:07 +01:00
Jörg Thalheim
84a50084c3
Merge pull request #21444 from league/fix/gphoto2-udev
...
gphoto2: nixos programs module to configure udev
2017-01-01 11:16:28 +01:00
Jörg Thalheim
ce99e34b17
docker: deprecate socketActivation option
2017-01-01 09:03:09 +01:00
Jörg Thalheim
dd4bedba52
Merge pull request #21447 from nlewo/pr/glance
...
nixos/glance: init at liberty version
2017-01-01 06:39:37 +01:00
volth
06b372f24f
miredo: init at 1.2.6
2016-12-31 21:03:27 +01:00
Bjørn Forsman
76923648af
nixos/gnome3: add gnome-settings-daemon udev rules (enables bluetooth GUI)
...
Without this, gnome-settings-daemon will not have write access to
/dev/rfkill, which in turn cause it to advertise no "airplane mode" over
D-Bus, which in turn the bluetooth panel code in gnome-control-center
interprets as "there are no bluetooth dongles" (and the button to turn
on bluetooth is grayed out). The end result that bluetooth operations
cannot be done in the GNOME desktop.
See upstream discussion:
http://lists.usefulinc.com/pipermail/gnome-bluetooth/2016-July/thread.html
http://lists.usefulinc.com/pipermail/gnome-bluetooth/2016-December/thread.html
2016-12-31 13:05:38 +01:00
Frederik Rietdijk
361dae67d4
flexget: move out of python-packages.nix
...
because it is an application and not a library.
2016-12-31 09:52:45 +01:00
Antoine Eiche
49efa083c7
nixos/glance: set default glance package
...
Before, it was overridden in the config section to avoid problem related
to manual generation.
2016-12-31 09:36:57 +01:00
Antoine Eiche
6c94d6437d
nixos/glance: init at liberty version
...
This commit is based on initial works made by domenkozar.
2016-12-31 09:36:57 +01:00
Joachim Fasting
d8659f24e6
dnscrypt-proxy service: order before nss-lookup.target
2016-12-30 20:27:05 +01:00
Alexey Lebedeff
59361a2a81
i2pd module: fix typo ( #21525 )
2016-12-30 15:14:05 +01:00
Данило Глинський (Danylo Hlynskyi)
970a09eb74
Fix typo
2016-12-30 13:29:43 +02:00
Charles Strahan
7ebcada020
mesos: 1.0.1 -> 1.1.0
2016-12-29 20:09:46 -05:00
Graham Christensen
8ed4c8b73b
openssh: 7.4p1 no longer backgrounds when systemd is starting it.
2016-12-29 17:04:46 -05:00
Eelco Dolstra
bbd03e236a
Use looser 9pfs caching in VM tests/builds
...
This can give significant speed ups, see
7e20254412
2016-12-29 21:26:16 +01:00
Robin Gloster
d8ef63fc73
crowd module: fix OpenID server
2016-12-29 00:41:42 +01:00
Tim Digel
81d8a457ed
Fix asterisk & asterisk: 13.6.0 -> 14.1.2 ( #20788 )
...
* fix/asterisk-module: use unix-group for asterisk-files
* fix/asterisk-module: add configOption to use some default config-files
* fix/asterisk-module: correction of skel copy
* fix/asterisk-module: use /etc/asterisk as configDir
* fix/asterisk-module: add reload; do not restart unit
* asterisk: 13.6.0 -> 14.1.2
* fix/asterisk: compile with lua, pjsip, format_mp3
* fix/asterisk: fix indentation
* fix/asterisk: remove broken flag
2016-12-28 23:04:58 +01:00
Lluís Batlle i Rossell
e0078b2cb5
Make the minimal iso not use profile/minimal, +vim
...
The profile minimal has several drawbacks: no man pages, unusual 'dbus'
lib that makes many X11 pieces to rebuild, etc.
With xz compression in the squashfs, despite these additions, the iso is
smaller than what it was in 16.09.
2016-12-28 16:07:16 +01:00
Lluís Batlle i Rossell
33d07c7ea9
zfs cannot be distributed. Disabling it in the isos.
...
It seems that it is a GPL violation to distribute zfs in the
installation ISOs.
https://sfconservancy.org/blog/2016/feb/25/zfs-and-linux/
If anyone knows the issue better and has a reason to reenable it
legally, feel free to reenable it. I don't know much about it.
2016-12-28 14:57:06 +01:00
Bjørn Forsman
9ec867f59f
nixos/prometheus: unbreak alertmanager default config
...
The current default value of listenAddress = null blows up:
$ nixos-rebuild build
error: cannot coerce null to a string, at
.../nixpkgs/nixos/modules/services/monitoring/prometheus/alertmanager.nix:97:16
With listenAddress = "" we use the same default as upstream and there is
no blow up :-)
2016-12-28 13:52:15 +01:00
Michael Raskin
400886f3d0
Merge pull request #19854 from andjscott/mlocate
...
[WIP] mlocate: init at version 0.26
2016-12-28 10:24:11 +00:00
Franz Pletz
7ae2d221cd
bird service: add bird to systemPackages
...
For the tool birdc to monitor and configure bird.
2016-12-28 06:35:31 +01:00
Christopher League
6eead52e12
gphoto2: nixos programs module to configure udev
...
Closes #21420 .
2016-12-27 17:47:38 -05:00
Michael Raskin
c311871a6d
xserver.wacom: update xorg.conf.d name after upstream change of the number
2016-12-27 23:47:29 +01:00
lassulus
cfbe501d4e
nixos/graphite: fix beacon config parameter
2016-12-27 19:38:18 +01:00
Bjørn Forsman
b20fdff521
nixos/prometheus: make scrapeConfigs.*.static_configs.*.labels optional
...
...by providing a default value of "no labels" (an empty attrset).
Without this change we get
$ nixos-rebuild test -I nixpkgs=.
building Nix...
building the system configuration...
error: The option `services.prometheus.scrapeConfigs.[definition 1-entry 1].static_configs.[definition 1-entry 1].labels' is used but not defined.
which is unneeded, because labels _are_ optional.
2016-12-25 15:38:55 +01:00
Jörg Thalheim
585c642bf8
docker: use upstream service file from package
2016-12-25 00:09:13 +01:00
Jörg Thalheim
f4e58c2eb2
Merge pull request #21395 from jerith666/plex-firewall
...
plex: add config option to open recommended network ports
2016-12-24 23:31:04 +01:00
Matt McHenry
b64214f66f
plex: add config option to open recommended network ports
...
as prescribed at https://support.plex.tv/hc/en-us/articles/201543147-What-network-ports-do-I-need-to-allow-through-my-firewall-
2016-12-24 15:36:52 -05:00
Jörg Thalheim
c23032a8b1
docker: update service units from upstream
...
All the new options in detail:
Enable docker in multi-user.target make container created with restart=always
to start. We still want socket activation as it decouples dependencies between
the existing of /var/run/docker.sock and the docker daemon. This means that
services can rely on the availability of this socket. Fixes #11478 #21303
wantedBy = ["multi-user.target"];
This allows us to remove the postStart hack, as docker reports on its own when
it is ready.
Type=notify
The following will set unset some limits because overhead in kernel's ressource
accounting was observed. Note that these limit only apply to containerd.
Containers will have their own limit set.
LimitNPROC=infinity
LimitCORE=infinity
TasksMax=infinity
Upgrades may require schema migrations. This can delay the startup of dockerd.
TimeoutStartSec=0
Allows docker to create its own cgroup subhierarchy to apply ressource limits on
containers.
Delegate=true
When dockerd is killed, container should be not affected to allow
`live restore` to work.
KillMode=process
2016-12-23 21:39:38 +01:00
Matt McHenry
3c10e68c40
plex: fix a minor syntax issue in systemd ExecStart
2016-12-23 08:02:08 -05:00
tv
de44544ceb
nginx service: use default_server parameter instead of default ( #21371 )
2016-12-23 11:52:44 +01:00
Felix Richter
d8478c7912
services.nginx: allow startup with ipv6 disabled ( #21360 )
...
currently services.nginx does not start up if `networking.enableIPv6 = false`
the commit changes the nginx behavior to handle this case accordingly.
The commit resolves #21308
2016-12-23 11:49:35 +01:00
Rok Garbas
e6fa6b21e1
apacheHttpdPackages.mod_perl: init at 2.0.10
2016-12-22 13:36:44 +01:00
Eelco Dolstra
ea46420fc0
Use overlayfs instead of unionfs-fuse in the VM tests
...
Overlayfs is quite a bit faster, e.g. with it the KDE 5 test takes ~7m
instead of ~30m on my laptop (which is still not great, since plain
9pfs is ~4m30s).
2016-12-21 20:49:08 +01:00
Bjørn Forsman
caa476b357
nixos/prometheus: add services.prometheus.configText option
...
The structured options are incomplete compared to upstream and I think
it will be a maintenance burden to try to keep up. Instead, provide an
option for the raw config file contents (prometheus.yml).
2016-12-21 00:32:24 +01:00
Eelco Dolstra
a02bb00156
Enable virtualisation.writableStore by default
...
This works around:
machine: must succeed: nix-store -qR /run/current-system | grep nixos-
machine# error: changing ownership of path ‘/nix/store’: Invalid argument
Probably Nix shouldn't be anal about the ownership of the store unless
it's trying to build/write to the store.
http://hydra.nixos.org/build/45093872/nixlog/17/raw
(cherry picked from commit 57a0f14064
2016-12-20 10:52:47 +01:00
Eelco Dolstra
f173da375d
Use only one build of qemu in VM tests
...
Previously we were using two or three (qemu_kvm, qemu_test, and
qemu_test with a different dbus when minimal.nix is included).
(cherry picked from commit 8bfa4ce82e
2016-12-20 10:52:46 +01:00
Eelco Dolstra
aad5d1f9a7
virtualisation.qemu.program: Remove
...
This option is defined in qemu-vm.nix, but that module is not always
imported.
http://hydra.nixos.org/build/44817443
(cherry picked from commit 03c55005df
2016-12-20 10:52:46 +01:00
Markov Dmitry
efd5508b89
systemd: add slice support
2016-12-20 10:49:08 +01:00
Maximilian Güntner
0cf907ae12
nixos-rebuild: Fix SSHOPTS typo
...
Signed-off-by: Maximilian Güntner <code@klandest.in>
2016-12-18 22:39:27 +01:00
Joachim Fasting
361633db3b
rmilter service: fix invalid directive
...
RuntimeDirectoryPermissions -> RuntimeDirectoryMode
Would result in warnings like "unknown lvalue" on startup
2016-12-18 12:42:37 +01:00
Joachim Fasting
c27eeeafd9
brltty service: wait for devices to settle
...
Otherwise it starts way too early, only to fail and having to restart
until devices are available. It is less wasteful to simply wait until
there's a reasonable chance of success. This is consistent with
upstream.
2016-12-18 12:42:14 +01:00
Joachim Fasting
142930113c
Revert "mysql service: specify a default package"
...
This reverts commit 4358d3d4391ce6fff4e2
2016-12-17 22:36:38 +01:00
Joachim Fasting
c2219007e8
Revert "mysql service: specify defaultText for package option"
...
This reverts commit 52d12b473a
2016-12-17 22:36:15 +01:00
Peter Hoeg
987aac7794
/etc/hosts and /etc/nsswitch.conf cleanups
...
fixes #18183
2016-12-17 16:01:35 +01:00
Jörg Thalheim
579051fe66
networkd: add extraConfig to all units
...
networkd options are always correct or up to date. This option allows to by
pass type checking. It is also easier to write because examples can be just copy
and paste from manpages.
2016-12-17 15:23:34 +01:00
Jörg Thalheim
d49e0d5fa5
networkd: allow to supply own unit files
...
Networkd units can contain secrets. In future also wireguard vpn will be supported by
networkd. To avoid leakage of private keys, those could be then also put outside
of the /nix/store
Having a writeable /etc/systemd/network also allows to quick fix network issues,
when upgrading `nixos-rebuild switch` would require network on its own (due
updates).
2016-12-17 15:23:34 +01:00
Bjørn Forsman
3af715af90
Revert "fix 2 xml errors in the description of boot.loader.grub.efiInstallAsRemovable"
...
This reverts commit 656cc3acaf
2016-12-17 11:45:31 +01:00
Jörg Thalheim
1590461887
ntp: make timesyncd the new default
...
- most nixos user only require time synchronisation,
while ntpd implements a battery-included ntp server (1,215 LOCs of C-Code vs 64,302)
- timesyncd support ntp server per interface (if configured through dhcp for instance)
- timesyncd is already included in the systemd package, switching to it would
save a little disk space (1,5M)
2016-12-17 00:00:45 +01:00
rnhmjoj
993cbf8acb
uxrvtd: Fix clipboard
2016-12-16 23:55:50 +01:00
Bjørn Forsman
ebe67d69d0
collectd service: change /var/lib/collectd perms: 700 -> 755
...
The collectd service runs as an unprivileged user by default, so it does
not leak more information to its data directory than any user can obtain
elsewhere by other means.
If people are running it as root and are worried about information leak,
we can add collectd group and set perms to 750.
CC @offlinehacker.
Fixes #21198 .
2016-12-16 23:04:42 +01:00
Antoine Eiche
a932f68d9c
nixos/keystone: secrets can be read from files
...
A secret can be stored in a file. It is written at runtime in the
configuration file.
Note it is also possible to write them in the nix store for dev
purposes.
2016-12-16 20:53:32 +01:00
Antoine Eiche
415c9ff90b
nixos/keystone: init at liberty version
...
This commit introduces a nixos module for the Openstack Keystone
service. It also provides a optional bootstrap step that creates some
basic initial resources (tenants, endpoints,...).
The provided test starts Keystone by enabling bootstrapping and checks
if user creation works well.
This commit is based on initial works made by domenkozar.
2016-12-16 20:53:32 +01:00
michael bishop
656cc3acaf
fix 2 xml errors in the description of boot.loader.grub.efiInstallAsRemovable
2016-12-16 20:39:40 +01:00
michael bishop
e5cefadef7
fix indentation in several nixos option descriptions
2016-12-16 18:29:25 +01:00
romildo
2e7105467b
lxqt: better organize system packages
...
Split packages in three categories, all of them going into the system
package list:
- pre-requisite packages
- core packages
- optional packages
Add a new configuration option 'environment.lxqt.excludePackages' to
specify optional LXQt packages that should be excluded from system
packages.
Add 'gvfs' as a pre-requisite package, needed by 'pcmanfm-qt' to
handle virtual places, like "Computer" and "Network".
2016-12-15 22:45:06 +01:00
aszlig
1471426749
nixos/test-instrumentation: Fix eval of boot tests
...
The boot tests import test-instrumentation.nix directly to create a VM
image that only contains things such as the backdoor and serial console
the same way as used by other NixOS VM tests.
With one difference though: It doesn't need nor want to have 9p
filesystems mounted, because we actually want to test an image rather
than re-using most stuff from the host's store.
Change tested against the boot.uefiUsb and ipv6 tests, just that it
becomes clear we don't break either the tests with 9p nor the boot
tests (which were already broken but now succeed).
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-12-15 21:07:19 +01:00
Jörg Thalheim
3b763fef44
nssModules: include correct systemd output
...
fixes libnss_myhost, libnss_mymachines, libnss_resolve are located here
2016-12-15 20:23:16 +01:00
Eelco Dolstra
705829b29a
Merge pull request #20500 from aszlig/qemu-patched-for-nixos-tests
...
nixos/tests: Use a patched QEMU for testing
2016-12-15 12:38:29 +01:00
Jörg Thalheim
cc864af928
bird: refactor module
...
- syntax check before deploying configuration
- remove static unnessary static uid/gid (configuration is opened as root)
- add service hardening
2016-12-15 11:38:45 +01:00
Jörg Thalheim
9871d3cb42
Merge pull request #21087 from offlinehacker/nixos/kubernetes1/fixdns
...
kubernetes module: fix default dns ip
2016-12-15 01:14:54 +01:00
Jörg Thalheim
ebd85b632a
ferm: reload rules on updates instead of restart
2016-12-14 16:09:11 +01:00
Renaud
fa0a63ec13
fail2ban service : improve ssh jail ( #21131 )
...
Improvement to the ssh-iptables to block the port(s) actually defined
for sshd in config.services.openssh.ports
2016-12-14 14:58:02 +01:00
Nikolay Amiantov
17d0a570ab
Merge pull request #21137 from jerith666/cupsd-path
...
use symlink to ensure cupsd.conf PATH always points to a valid store path
2016-12-14 14:42:27 +03:00
Matt McHenry
05fb82732c
use symlink to ensure cupsd.conf PATH always points to a valid store path
...
even if cups rewrites its config file due to config changes made through
its web-based management UI, we need to keep the PATH pointing to
currently-live nix store directories. fixes #20806 .
2016-12-13 21:35:56 -05:00
Joachim Fasting
d893c86b34
terraria service: fixup worldPath option type
...
Otherwise, using the defaults results in a type error.
2016-12-13 15:12:33 +01:00
Joachim Fasting
33088accc8
terraria service: fix tmux output
...
tmux.bin was removed in 5535d94394
2016-12-13 15:12:31 +01:00
Fernando J Pando
50466c2d4f
buildbot: 0.9.0rc4 -> 0.9.0.post1
...
- updates buildbot to version 9 release
- adds nixos configuration module
- fixes buildbot-www package deps
- re-hardcode path to tail
- builbot configuration via module vars
fixes #19759
2016-12-13 10:52:56 +01:00
montag451
ea5551b551
containers: fix broken /etc/hosts entries when localAddress contains a netmask
2016-12-12 09:20:28 +01:00
montag451
4889c271ca
Add macvlan support for declarative containers
2016-12-12 07:34:28 +01:00
Jaka Hudoklin
2867f88781
kubernetes module: fix default dns ip
2016-12-12 01:25:23 +01:00
Gregor Kleen
d5ec2a2c9d
postsrsd: additional configuration
...
fixes #19933
2016-12-11 21:43:45 +01:00
Joachim F
9af356258b
Merge pull request #20971 from kierdavis/boinc
...
boinc service: add to module list
2016-12-11 13:06:09 +01:00
Jaka Hudoklin
a033906969
chromium module: add support for chromium policies as nixos module
2016-12-10 20:45:16 +01:00
Joachim Fasting
230994a30a
psd service: assert that at least one user must be configured
...
Using the default config, a user will experience a run-time failure.
This is poor UX, assert the requirement up-front.
2016-12-10 20:35:44 +01:00
Joachim Fasting
4697f83984
openfire service: more informative assertion failure message
...
Explain why the assertion fails; the user already knows that it *has*
failed.
2016-12-10 20:35:43 +01:00
Joachim Fasting
2a4902dd80
dante service: fix config option type
...
The type was simply str but the default is null, thus resulting in a
conversion error if the user fails to declare a value.
2016-12-10 20:35:41 +01:00
Joachim Fasting
fafb6657c1
syslogd service: assert conflict with rsyslogd
...
Enabling both these at the same time fails because they implement the
same interface.
2016-12-10 20:35:39 +01:00
Joachim Fasting
19b96176b4
couchdb service: fix test in preStart
...
Otherwise you'd get errors like "-f no such command".
2016-12-10 20:35:20 +01:00
Nikolay Amiantov
9cca8e3f87
uwsgi service: fix for new pythonPackages
2016-12-08 21:03:41 +03:00
Kier Davis
2606994cc6
boinc service: use <link> instead of <ulink>
2016-12-08 15:50:52 +00:00
Kier Davis
2994123161
boinc service: add to module list
...
The module itself was added in 811c39c6a4
2016-12-08 15:46:51 +00:00
Joachim Fasting
f39d13cd3e
grsecurity doc: describe work-around for gitlab
...
Fixes https://github.com/NixOS/nixpkgs/issues/20959
2016-12-08 11:59:57 +01:00
Joachim Fasting
984d9ebb56
hidepid: polkit and systemd-logind compatibility
...
`systemd.hideProcessInformation = true`, would break interactions
requiring polkit arbitration such as initating poweroff/reboot as a
normal user; the polkit daemon cannot be expected to make decisions
about processes that don't exist as far as it is concerned.
systemd-logind lacks the `sys_ptrace` capability and so needs to be part
of the designated proc gid, even though it runs as root.
Fixes https://github.com/NixOS/nixpkgs/issues/20948
2016-12-07 01:12:05 +01:00
Joachim F
e436874ef0
Merge pull request #20919 from joachifm/privoxy-service-improvements
...
Privoxy service improvements
2016-12-06 14:16:28 +01:00
Joachim Fasting
0e765c72e5
grsecurity: enable module hardening
2016-12-06 01:23:58 +01:00
Joachim Fasting
31d79afbe5
grsecurity docs: note that pax_sanitize_slab defaults to fast
2016-12-06 01:23:51 +01:00
Joachim Fasting
071fbcda24
grsecurity: enable optional sysfs restrictions
...
Fairly severe, but can be disabled at bootup via
grsec_sysfs_restrict=0. For the NixOS module we ensure that it is
disabled, for systemd compatibility.
2016-12-06 01:23:36 +01:00
Joachim Fasting
8c1f5afdf3
grsecurity: delay toggling of sysctls until system is up
...
We generally trust init, so there's little point in having these enabled
during early bootup; it accomplishes little except fill our logs with
spam.
2016-12-06 01:22:53 +01:00
Joachim Fasting
3dcdc2d2b0
privoxy service: remove static uid
...
The service owns no data, having a static uid serves no purpose.
This frees up uid/gid 32
2016-12-05 13:37:08 +01:00
Joachim Fasting
ad88f1040e
privoxy service: additional isolation
2016-12-05 13:21:31 +01:00
Jaka Hudoklin
b72f8ccc5c
xpra module: add xpra, as xserver display-manager
2016-12-04 22:38:10 +01:00
