Commit Graph

506 Commits

Author SHA1 Message Date
Jörg Thalheim
9cfe5a7a54
nixos/redis: add requirePassFile option
Avoids having the password in the nix store.
2020-02-13 17:06:35 +00:00
Yorick van Pelt
4b7d28b0f9
victoriametrics: add module, tests 2020-01-29 19:52:14 +01:00
Jörg Thalheim
382b0aa52d
nixos/openldap: check configuration with slaptest
slapd does only print the error and not the line number.
Sometimes it is not even clear that it fails to start
due to an incorrect configuration file.

Example output of slaptest:

5e1b2179 /nix/store/gbn2v319d4qgw851sg41mcmjm5dpn39i-slapd.conf: line 134 objectClass: Missing closing parenthesis before end of input
ObjectClassDescription = "(" whsp
  numericoid whsp                 ; ObjectClass identifier
  [ "NAME" qdescrs ]
  [ "DESC" qdstring ]
  [ "OBSOLETE" whsp ]
  [ "SUP" oids ]                ; Superior ObjectClasses
  [ ( "ABSTRACT" / "STRUCTURAL" / "AUXILIARY" ) whsp ]
                                  ; default structural
  [ "MUST" oids ]               ; AttributeTypes
  [ "MAY" oids ]                ; AttributeTypes
  whsp ")"
slaptest: bad configuration file!
2020-01-12 14:25:49 +00:00
Aaron Andersen
df059f89e6 nixos/mysql: restart systemd service on abort 2020-01-06 20:08:51 -05:00
rnhmjoj
1d61efb7f1 treewide: use attrs instead of list for types.loaOf options 2020-01-06 10:39:18 -05:00
Christian Kampka
b85286fe66 postgresql: Quote role names when creating database users 2019-12-13 14:10:18 -06:00
Silvan Mosberger
4ee3e8b21d
nixos/treewide: Move rename.nix imports to their respective modules
A centralized list for these renames is not good because:
- It breaks disabledModules for modules that have a rename defined
- Adding/removing renames for a module means having to find them in the
central file
- Merge conflicts due to multiple people editing the central file
2019-12-10 02:51:19 +01:00
Renaud
f640cf49d1
rdf4store: remove pkg and service modules
(#74214)
2019-12-08 20:33:51 +01:00
John Ericson
d0d5136cce Merge remote-tracking branch 'upstream/master' into wrapper-pname-support 2019-11-24 17:25:07 +00:00
John Ericson
9b090ccbca treewide: Get rid of most parseDrvName without breaking compat
That is because this commit should be merged to both master and
release-19.09.
2019-11-24 17:22:28 +00:00
Florian Klink
6303131eb9 nixos/redis: fix merging
https://github.com/NixOS/nixpkgs/pull/71584 did merging without mkMerge.

cc @jtojnar
2019-11-08 15:38:06 +01:00
Silvan Mosberger
dd0a47e7ae
treewide: Switch to system users (#71055)
treewide: Switch to system users
2019-11-01 13:26:43 +01:00
Malte Brandy
fe143bac5b nixos/redis: Disable hugepages for redis via sysctl and not via a systemd-oneshot 2019-10-21 22:38:16 +02:00
Izorkin
632f69e485 nixos/mysql: fix mysqlReplication test 2019-10-13 19:18:51 +03:00
Janne Heß
d6c08776ba treewide: Switch to system users 2019-10-12 22:25:28 +02:00
Aaron Andersen
2448733001
Merge pull request #69371 from dasJ/memcached-sysuser
nixos/memcached: Switch to a system user
2019-10-03 18:11:00 -04:00
Janne Heß
aa27c1c664 nixos/memcached: Switch to a system user 2019-09-24 20:10:19 +02:00
danbst
e557ad74ac move from 19.09 to 20.03 2019-09-22 12:27:39 +03:00
danbst
fb863fceea nixos/postgresql: switch default 9.6 -> 11
This is designed for 19.09 release.
2019-09-21 10:18:56 +03:00
Eelco Dolstra
b0ccd6dd16
Revert "nixos/doc: re-format"
This reverts commit ea6e8775bd. The new
format is not an improvement.
2019-09-19 19:17:30 +02:00
Jan Tojnar
ea6e8775bd
nixos/doc: re-format 2019-09-18 22:13:35 +02:00
adisbladis
8e2fc57a80
postgresql_9_4: Remove package
It's only supported until February 13, 2020 which is during the 19.09 life cycle.
2019-09-07 15:31:27 +01:00
Jan Tojnar
cdf426488b
Merge branch 'master' into staging-next
Fixed trivial conflicts caused by removing rec.
2019-09-06 03:20:09 +02:00
Craige McWhirter
169cb996c5 postgresql: improve identMap description
This patch provides example usage for identMap based upon PostrgeSQL documentation

@thoughtpolice
2019-09-05 12:28:21 -05:00
Vladimír Čunát
f21211ebfe
Merge branch 'master' into staging 2019-09-02 23:25:24 +02:00
Florian Klink
ff2fd6c4e5 nixos/redis: unbreak module
The redis module currently fails to start up, most likely due to running
a chown as non-root in preStart.

While at it, I hardcoded it to use systemd's StateDirectory and
DynamicUser to manage directory permissions, removed the unused
appendOnlyFilename option, and the pidFile option.

We properly tell redis now it's daemonized, and it'll use notify support
to signal readiness.
2019-09-01 14:08:42 +02:00
Peter Simons
fa49f7ce6b nixos/redis: drop unnecessary dependencies from systemd unit 2019-09-01 09:04:11 +02:00
Peter Simons
0808f5ad1d
Merge pull request #67768 from peti/t/redis
nixos/redis: disable transparent huge pages (TLP) before starting Redis
2019-09-01 08:49:25 +02:00
Silvan Mosberger
478e7184f8
nixos/modules: Remove all usages of types.string
And replace them with a more appropriate type

Also fix up some minor module problems along the way
2019-08-31 18:19:00 +02:00
Frederik Rietdijk
ad1d58c622 Merge staging-next into staging 2019-08-31 10:04:20 +02:00
Peter Simons
afd448a9fa nixos/redis: disable transparent huge pages (TLP) before starting Redis 2019-08-30 18:10:06 +02:00
Peter Simons
28dee92fff nixos/redis: move 'redis_init.service' into the preStart hook of 'redis.service' 2019-08-30 15:39:50 +02:00
Frederik Rietdijk
5061fe0c2c Merge staging-next into staging 2019-08-28 08:26:42 +02:00
volth
35d68ef143 treewide: remove redundant quotes 2019-08-26 21:40:19 +00:00
Janne Heß
cabab90ad2 nixos/memcached: Remove PrivateUsers
Seems to break systems using the hardened profile.
Ref #62936
cc @Izorkin
2019-08-25 16:34:06 +02:00
Marek Mahut
4754ca7d2e
Merge pull request #62936 from dasJ/sandbox-memcached
nixos/memcached: Isolate the service
2019-08-13 08:56:34 +02:00
Danylo Hlynskyi
329fa4b01e
Merge pull request #66401 from eadwu/postgresql/fix-quoted-query
nixos/postgresql: fix quoted queries
2019-08-11 22:46:50 +03:00
Silvan Mosberger
ce82d0b61a
Couchdb: Don't chown /var/log to couchdb (#65347)
Couchdb: Don't chown /var/log to couchdb
2019-08-10 01:36:15 +02:00
Edmund Wu
18d176dc20
nixos/postgresql: fix quoted queries 2019-08-09 15:11:24 -04:00
Danylo Hlynskyi
0730e81785
postgresql: running initdb from command line now works (#65309)
The issue was only with NixOS service, `postgresql` installed through
`nix-env` was not affected.

Fixes https://github.com/NixOS/nixpkgs/issues/23655
2019-08-07 14:17:36 +03:00
danbst
363ba3f403 change groupAccess to tristate, to not force chmod on dataDir.
Making mask either 0700 or 0750 is too restrictive..
2019-07-25 01:00:26 +03:00
danbst
e54ad9812b whoops 2019-07-25 00:17:01 +03:00
danbst
b643e0aee3 addressed review comments and some fixes 2019-07-24 23:34:21 +03:00
Silvan Mosberger
5e974362be
nixos/couchdb: Prevent it from chowning /var/log to couchdb:couchdb
The default for logFile is /var/log/couchdb.log, and the tmpfile rules chown
${dirOf cfg.logFile}, which is just /var/log, to couchdb:couchdb.

This was found by Edes' report on IRC, which looked like

    Detected unsafe path transition /var/log → /var/log/journal during canonicalization of /var/log/journal

While this bug has been present since the initial couchdb module in
62438c09f7 by @garbas, this wasn't a
problem, because the initial module only created and chowned /var/log
if it didn't exist yet, which can't occur because this gets created in
the initial phases of NixOS startup.

However with the recent move from manual preStart chown scripts to
systemd.tmpfiles.rules in 062efe018d (#59389),
this chown is suddenly running unconditionally at every system
activation, therefore triggering the above error.
2019-07-24 20:52:53 +02:00
danbst
7e4e37fff4 postgresql: allow changing initidb arguments via module system
Closes https://github.com/NixOS/nixpkgs/issues/18829

+ some cleanups
2019-07-23 21:56:26 +03:00
danbst
92a015d35d nixos/postgresql: support 0750 for data directory
This is rework of part of https://github.com/NixOS/nixpkgs/pull/46670.
My usecase was to be able to inspect PG datadir as wheel user.

PG11 now allows starting server with 0750 mask for data dir.
`groupAccess = true` now does this automatically. The only thing you have to do
is to set group ownership.

For PG10 and below, I've described a hack how this can be done. Before this PR
hack was impossible. The hack isn't ideal, because there is short
period of time when dir mode is 0700, so I didn't want to make it official.

Test/example is present too.
2019-07-23 21:56:26 +03:00
Danylo Hlynskyi
d54e52276b
postgresql: update docs
https://github.com/NixOS/nixpkgs/issues/32156
2019-07-23 14:17:14 +03:00
Danylo Hlynskyi
caa0f82bf8
docs: update docs for postgresql plugins (#64899)
docs: update docs for postgresql plugins

Co-Authored-By: Mario Rodas <marsam@users.noreply.github.com>
2019-07-21 22:05:41 +03:00
Jamey Sharp
d4e5748c1b nixos/openldap: fix assertion
In commit d43dc68db3, @Mic92 split the
rootpw option to allow specifying it in a file kept outside the Nix
store, as an alternative to specifying the password directly in the
config.

Prior to that, rootpw's type was `str`, but in order to allow both
alternatives, it had to become `nullOr str` with a default of `null`. So
I can see why this assertion, that either rootpw or rootpwFile are
specified, makes sense to add here.

However, these options aren't used if the configDir option is set, so as
written this assertion breaks valid configurations, including the
configuration used by nixos/tests/ldap.nix.

So this patch fixes the assertion so that it doesn't fire if configDir
is set.
2019-07-17 11:08:10 +03:00
Danylo Hlynskyi
475f1ebd98
Merge branch 'master' into postgresql-plugins-bin 2019-07-16 11:32:52 +03:00
Austin Seipp
acb1134074
nixos/foundationdb: s/pidFile/pidfile/
Fixes an evaluation regression introduced by a case-typo in
de6e5ea815

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2019-07-09 17:11:31 -05:00
Thorsten Weber
46ea3ebc19 nixos/mysql: make ExecStartPost script fail on error 2019-07-03 08:50:21 +02:00
Aaron Andersen
d0a147e841 nixos/mysql: run ExecStartPost as root (again) to preserve compatibility with installs that have been secured 2019-06-30 21:59:47 -04:00
Aaron Andersen
e0590da813 nixos/mysql: turn ExecStartPost into a shell script and simplify code 2019-06-30 21:58:27 -04:00
Aaron Andersen
ae02678a9d
Merge pull request #63786 from aanderse/mysql
mysql: drop support for deprecated package & module option
2019-06-27 12:14:35 -04:00
Graham Christensen
38c28ef10c
Merge pull request #56265 from aanderse/permissions-start-only
replace deprecated usage of PermissionsStartOnly (part 2)
2019-06-25 18:04:22 -04:00
Aaron Andersen
fb918a9254 nixos/mysql: drop rootPassword option 2019-06-25 17:26:53 -04:00
Aaron Andersen
931921664f
Merge pull request #63392 from ivan/cassandra-default-cluster-name
nixos/cassandra: use cassandra's default cluster name "Test Cluster"
2019-06-25 07:18:10 -04:00
Ivan Kozik
a476b9bf54 nixos/cassandra: use cassandra's default cluster name "Test Cluster"
The change to "NixOS Test Cluster" in #59179 broke startup of existing clusters
that used the previously-default cluster name "Test Cluster":

ERROR 23:00:47 Fatal exception during initialization
org.apache.cassandra.exceptions.ConfigurationException: Saved cluster name Test Cluster != configured name NixOS Test Cluster

Fixes #63388.
2019-06-18 00:36:46 +00:00
Jan Tojnar
a3f2131eb6 doc: Use prompt more often 2019-06-17 13:25:50 +02:00
aszlig
c26584f1e5
nixos: Fix build of manual
Manual build broken by 79f7f89442, which
is part of pull request #59179 (Fix Cassandra, improve config and
tests).

The issue was just a small error because of an unbalanced <literal/>
tag, so only a "/" was missing :-)

Signed-off-by: aszlig <aszlig@nix.build>
Cc: @aanderse
2019-06-14 05:36:06 +02:00
Daniel Schaefer
03503121da nixos/cassandra: Don't force SimpleSeedProvider
If the `seedAddresses` is not set, don't force `SimpleSeedProvider` to
be in `seed_provider`. This could cause problems in a multi-datacenter
deployment when a different seed provider is preferred.
2019-06-13 04:36:42 +02:00
Daniel Schaefer
79f7f89442 nixos/cassandra: Use docbook instead of markdown style 2019-06-13 04:36:41 +02:00
Daniel Schaefer
9ecd584785 nixos/cassandra: Add option for password file path
If you're on a multi user system you don't want to have the password in
the nix-store. With the new jmxRolesFile option you can specify your own
protected file instead.
2019-06-13 04:36:41 +02:00
Daniel Schaefer
35531f4016 nixos/cassandra: Allow setting JMX credentials
If we have the ability to enable remote JMX we should also support
setting credentials for that because they become required if you turn it
on.
2019-06-13 04:36:41 +02:00
Daniel Schaefer
c1991fb18d nixos/cassandra: Add clusterName 2019-06-13 04:36:41 +02:00
Daniel Schaefer
f0031432ce nixos/cassandra: Add nixos conf for Java env 2019-06-13 04:36:40 +02:00
Daniel Schaefer
746b82bd4a nixos/cassandra: Allow setting of seed addresses
Allow for more intuitive specifying of seed node addresses with Nix
syntax.
2019-06-13 04:34:03 +02:00
Daniel Schaefer
a2aa01be0c nixos/cassandra: Enable CQL server by default
Resolves #50954
2019-06-13 04:34:03 +02:00
Janne Heß
c0e5acb16d nixos/memcached: Isolate the service
memcached is (as the name suggests) an in-memory database so FS access
is not required.
2019-06-10 09:50:04 +02:00
Florian Klink
5ea7a3eb21 nixos/mysql: drop services.mysql.pidDir
mysql already has its socket path hardcoded to to
/run/mysqld/mysqld.sock.
There's not much value in making the pidDir configurable, which also
points to /run/mysqld by default.

We only seem to use `services.mysql.pidDir` in the wordpress startup
script, to wait for mysql to boot up, but we can also simply wait on the
(hardcoded) socket location too.

A much nicer way to accomplish that would be to properly describe a
dependency on mysqld.service. This however is not easily doable, due to
how the apache-httpd module was designed.
2019-05-31 22:27:55 +02:00
Florian Klink
edd10c12f7 nixos/mysql: run as mysql user and group
As we don't need to setup data directories from ExecStartPre= scripts
anymore, which required root, but use systemd.tmpfiles.rules instead,
everything can be run as just the mysql user.
2019-05-31 22:27:55 +02:00
Florian Klink
25494cc193 nixos/mysql: reformat, move logical steps into variables
define commands like "waiting for the mysql socket to appear" or "setup
initial databases" in a let expression, so the main control flow becomes
more readable.
2019-05-31 22:27:48 +02:00
Florian Klink
50dda813e2 nixos/mysql: use systemd.tmpfiles to setup dataDir and pidDir
We need to keep using `RuntimeDirectory=mysqld`, which translates to
`/run/mysqld`, as this is used for the location of the file socket, that
could differ with what is configured via `cfg.pidDir`.
2019-05-31 22:20:42 +02:00
Aaron Andersen
de6e5ea815 nixos/foundationdb: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-05-26 07:20:58 -04:00
Aaron Andersen
8034dac42f nixos/firebird: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-05-26 07:20:57 -04:00
Aaron Andersen
c7481e6340 nixos/hbase: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-05-26 07:20:54 -04:00
phile314-fh
62d4c2b34a mongodb: Add authentication support
* nixos/mongodb: Add authentication support

* nixos/mongodb: Add initial script option

* nixos/mongodb: Make initial root password configurable

* nixos/mongodb: Start only on loopback interface for setup procedure

* nixos/mongodb: Test auth/initial script

* nixos/mongodb: Code formatting

Co-Authored-By: Lassulus <github@lassul.us>
2019-05-25 18:09:30 +09:00
Silvan Mosberger
f631167557
Merge pull request #58702 from florianjacob/fix-mysql
nixos/mysql: fix typing-induced bugs
2019-05-24 19:51:54 +02:00
Florian Klink
cd96b50d90
nixos/postgresql: add ensureDatabases & ensureUsers options (#56720)
nixos/postgresql: add ensureDatabases & ensureUsers options
2019-05-20 10:58:48 +02:00
Robin Gloster
6cf583cf2f
Merge pull request #60406 from JohnAZoidberg/remove-isnull
treewide: Remove usage of isNull
2019-05-18 09:36:24 +00:00
Austin Seipp
e2bbc6fb46
nixos: fix services.foundationdb.traceFormat for older server versions
This was a testing oversight that came from #61009 -- I forgot to test
the new traceFormat option with older server versions while I was
working on FDB 6.1.

Since trace_format is only available in 6.1+, emitting it
unconditionally caused older versions of the database fail to start,
reporting an error. We simply gate it behind a version check instead,
and assert the format is always XML on older versions. This avoids the
case where the user has an old version, changes traceFormat willingly,
and then is confused by why it didn't work.

As reported by @TimothyKlim in the comments on commit
c55b9236f0. See

    c55b9236f0 (r33566132)

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2019-05-16 15:16:50 -05:00
Austin Seipp
2525b88c80
nixos/foundationdb: default to ssd storage engine
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2019-05-15 09:54:11 -05:00
Austin Seipp
427f1e58a4
nixos/foundationdb: chmod 0770 for logs/data files
Slight oversight: this allows members of the FoundationDB group to read
logs.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2019-05-15 09:54:11 -05:00
Austin Seipp
c55b9236f0
nixos: add services.foundationdb.traceFormat option
This allows us to specify JSON trace logging, which is useful for
tooling to injest/transform logs.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2019-05-15 09:54:11 -05:00
Bas van Dijk
517c52ec2e
postgresql: always create the $out/bin directory
This is needed because some PostgreSQL plugins don't have a bin
directory. If only these plugins are listed in cfg.extraPlugins buildEnv
will turn $out/bin into a symbolic link to ${pg}/bin. Lateron we try to
rm $out/bin/{pg_config,postgres,pg_ctl} which will then fail because
$out/bin will be read-only.
2019-05-04 14:11:52 -05:00
Daniel Schaefer
786f02f7a4 treewide: Remove usage of isNull
isNull "is deprecated; just write e == null instead" says the Nix manual
2019-04-29 14:05:50 +02:00
Jörg Thalheim
d43dc68db3
nixos/openldap: make rootpw option optional
This allows to store passwords in external files outside of the world-readable
nix store.
2019-04-23 16:35:33 +01:00
Aaron Andersen
b1be2f1584 nixos/influxdb: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-04-13 07:00:59 -04:00
Aaron Andersen
062efe018d nixos/couchdb: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-04-13 07:00:58 -04:00
Aaron Andersen
e51f86a018 nixos/clickhouse: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-04-13 07:00:58 -04:00
Aaron Andersen
0113cc0de9 nixos/stanchion: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-04-13 07:00:57 -04:00
Aaron Andersen
2f50cd06dc nixos/memcached: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-04-13 07:00:55 -04:00
Florian Klink
2457510db4
Merge pull request #51918 from bobvanderlinden/var-run
tree-wide: nixos: /var/run -> /run
2019-04-07 20:09:46 +02:00
Florian Jacob
14571f5ed0 nixos/mysql: fix initialScript option
which was wrongly specified as types.lines
Prevent it from getting copied to nix store as people might use it for
credentials, and make the tests cover it.
2019-04-01 21:08:47 +02:00
Florian Jacob
77978c1518 nixos/mysql: fix support for non-specified database schema
and increase test coverage to catch this
2019-04-01 20:01:29 +02:00
Simon Lackerbauer
88c31ae57c
nixos/openldap: add new options 2019-04-01 17:24:33 +02:00
Silvan Mosberger
9d4a6cceb7
Merge pull request #57550 from florianjacob/typed-mysql-options
nixos/mysql: specify option types, add tests
2019-03-28 18:55:53 +01:00
Aaron Andersen
44a798e36f nixos/postgresql: added new options to mimic mysql module 2019-03-27 21:21:12 -04:00
Bob van der Linden
e8434784bd nixos/rethinkdb: /var/run -> /run 2019-03-20 00:02:43 +01:00
Bob van der Linden
af0380997f nixos/redis: /var/run -> /run 2019-03-20 00:02:43 +01:00
Bob van der Linden
09d3ea4f67 nixos/openldap: /var/run -> /run 2019-03-20 00:02:43 +01:00
Bob van der Linden
660ee99293 nixos/mongodb: /var/run -> /run 2019-03-20 00:02:43 +01:00
Bob van der Linden
651f05c47c nixos/couchdb: /var/run -> /run 2019-03-20 00:02:42 +01:00
Florian Jacob
5bec5e8cb1 nixos/mysql: specify option types 2019-03-15 16:32:36 +01:00
aszlig
ef553788d0
postgresql: Move socket dir to /run/postgresql
The default, which is /tmp, has a few issues associated with it:

One being that it makes it easy for users on the system to spoof a
PostgreSQL server if it's not running, causing applications to connect
to their provided sockets instead of just failing to connect.

Another one is that it makes sandboxing of PostgreSQL and other services
unnecessarily difficult. This is already the case if only PrivateTmp is
used in a systemd service, so in order for such a service to be able to
connect to PostgreSQL, a bind mount needs to be done from /tmp to some
other path, so the service can access it. This pretty much defeats the
whole purpose of PrivateTmp.

We regularily run into issues with this in the past already (one example
would be https://github.com/NixOS/nixpkgs/pull/24317) and with the new
systemd-confinement mode upcoming in
https://github.com/NixOS/nixpkgs/pull/57519, it makes it even more
tedious to sandbox services.

I've tested this change against all the postgresql NixOS VM tests and
they still succeed and I also grepped through the source tree to replace
other occasions where we might have /tmp hardcoded. Luckily there were
very few occasions.

Signed-off-by: aszlig <aszlig@nix.build>
Cc: @ocharles, @thoughtpolice, @danbst
2019-03-15 04:52:35 +01:00
Janne Heß
2a6f518b90 nixos/openldap: Fix quoting of log level 2019-03-07 14:19:50 +01:00
Symphorien Gibol
a915b33315 nixos: add preferLocalBuild=true; on derivations for config files 2019-02-22 20:11:27 +01:00
Silvan Mosberger
997cd3159e
Merge pull request #54475 from Izorkin/mysql-restartTrigger
mysql: add restartTrigger for my.cnf
2019-01-29 19:54:24 +01:00
Janne Heß
9a1b53304a nixos/mysql: Support bootstrapping a Galera cluster
The default galera_new_cluster script tries to set this environment
variable using systemctl set-environment which doesn't work if the
variable is not being used in the unit file ;)
2019-01-24 17:39:19 +01:00
Izorkin
ea02ddc0be mysql: add restartTrigger for my.cnf 2019-01-22 21:05:21 +03:00
Robin Stumm
429c0bf60c nixos/mysql: fix option ensureDatabases
The database name needs to be quoted
in case it contains special characters
so the MySQL service does not fail to start.
2019-01-17 19:08:50 +01:00
Matthew Bauer
de30f4e61d
Merge pull request #51570 from eonpatapon/cassandra-logging
cassandra: add option to configure logging
2019-01-07 12:41:07 -06:00
Samuel Dionne-Riel
3c38cc8058
Merge pull request #51813 from samueldr/aarch64/disable-non-arm-builds-part-1
aarch64: ZHF for aarch64 (1/??)
2018-12-20 21:06:52 -05:00
Maximilian Bosch
64d05bbdd2
clickhouse: fix module and package runtime
Although the package itself builds fine, the module fails because it
tries to log into a non-existant file in `/var/log` which breaks the
service. Patching to default config to log to stdout by default fixes
the issue. Additionally this is the better solution as NixOS heavily
relies on systemd (and thus journald) for logging.

Also, the runtime relies on `/etc/localtime` to start, as it's not
required by the module system we set UTC as sensitive default when using
the module.

To ensure that the service's basic functionality is available, a simple
NixOS test has been added.
2018-12-20 13:03:41 +01:00
Janne Heß
3c54d6b2f8 nixos/openldap: Support configuring the log level 2018-12-13 15:14:59 +01:00
Samuel Dionne-Riel
abcb25bd8d aerospike: Disables build on aarch64
The issue with its inclusion in the manual has been side-stepped by
matching on the platforms in supports.
2018-12-10 14:55:19 -05:00
Graham Christensen
ca3f089a83
Merge pull request #51314 from Izorkin/mariadb-my.cnf
mariadb: change location configuration file to /etc/my.cnf
2018-12-07 15:37:53 -05:00
Jean-Philippe Braun
691932bba6 cassandra: add option to configure logging
As cassandra start script hardcodes the location of logback
configuration to `CASSANDRA_CONF_DIR/logback.xml` there is no way to
pass an alternate file via `$JVM_OPTS` for example.

Also, without logback configuration DEBUG level is used which is not
necessary for standard usage.

With this commit a default logback configuration is set with log level
INFO.

Configuration borrowed from:
https://docs.datastax.com/en/cassandra/3.0/cassandra/configuration/configLoggingLevels.html
2018-12-05 15:17:37 +01:00
Austin Seipp
2a22554092 nixos/cockroachdb: simplify dataDir management, tweaks
This cleans up the CockroachDB expression, with a few suggestions from
@aszlig.

However, it brought up the note of using systemd's StateDirectory=
directive, which is a nice feature for managing long-term data files,
especially for UID/GID assigned services. However, it can only manage
directories under /var/lib (for global services), so it has to introduce
a special path to make use of it at all in the case someone wants a path
at a different root.

While the dataDir directive at the NixOS level is _occasionally_ useful,
I've gone ahead and removed it for now, as this expression is so new,
and it makes the expression cleaner, while other kinks can be worked out
and people can test drive it.

CockroachDB's dataDir directive, instead, has been replaced with
systemd's StateDirectory management to place the data under
/var/lib/cockroachdb for all uses.

There's an included RequiresMountsFor= clause like usual though, so if
people want dependencies for any kind of mounted device at boot
time/before database startup, it's easy to specify using their own
mount/filesystems clause.

This can also be reverted if necessary, but, we can see if anyone ever
actually wants that later on before doing it -- it's a backwards
compatible change, anyway.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2018-12-04 19:44:16 -06:00
Piotr Bogdan
9ca3414e05 nixos/cockroachdb: supply defaultText for the package option 2018-12-02 20:50:57 -06:00
Izorkin
953be3e283 mariadb: change location configuration file to /etc/my.cnf 2018-12-02 22:15:02 +03:00
John Boehr
4226ddc034 nixos/cockroachdb: create new service
This also includes a full end-to-end CockroachDB clustering test to
ensure everything basically works. However, this test is not currently
enabled by default, though it can be run manually. See the included
comments in the test for more information.

Closes #51306. Closes #38665.

Co-authored-by: Austin Seipp <aseipp@pobox.com>
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2018-12-01 19:07:49 -06:00
Domen Kožar
d04fedd715
postgresql: Enable systemd integration for 9.6+
This allows, finally, proper detection when postgresql is ready to
accept connections. Until now, it was possible that services depending
on postgresql would fail in a race condition trying to connect
to postgresql.
2018-11-27 19:16:21 +00:00
Linus Heckemann
388d36951c
Merge pull request #49735 from pvgoran/mysql-support-mysql57
nixos/mysql: support package=mysql57
2018-11-19 20:49:08 +01:00
Pavel Goran
21e9c35f5f nixos/mysql: support package=mysql57 2018-11-18 12:25:36 +07:00
Samuel Dionne-Riel
07eaaf6c8b
Merge pull request #49838 from dasJ/mysql-datadir
nixos/mysql: Explicitly set datadir in my.cnf
2018-11-16 19:21:01 +00:00
Ryan Mulligan
23dfa4e073 nixos/mysql: fix ensureUsers example formatting
closes #50441
2018-11-15 17:46:09 -08:00
Janne Heß
c7f5457aa6 nixos/mysql: Explicitly set datadir in my.cnf
While this seems silly at first (it's already given as start parameter
to mysqld), it seems like xtrabackup needs that sometimes.
Without it, a Galera cluster cannot be run using the xtrabackup
replication method.
2018-11-06 18:38:28 +01:00
Austin Seipp
2266f2014b nixos/postgresql: add myself as maintainer
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2018-11-02 13:52:33 -05:00
Alyssa Ross
c6c7d55790
postgresql*: use underscores in version numbers 2018-10-30 14:32:21 +00:00
Graham Christensen
8413f22bb3
docs: format 2018-09-29 20:51:11 -04:00
Domen Kožar
82feb4b66e
postgresql: give postgres user a shell 2018-09-26 12:11:40 +01:00
Graham Christensen
34d2ec7c09
nixos docs: give IDs to things 2018-09-01 16:20:49 -04:00
Thomas Bach
31e11bdd60 cassandra: rewrote service from scratch
Adds a replacement for the previously broken
`services.database.cassandra` with tests for a multi-node setup.
2018-08-07 14:48:43 +00:00
Austin Seipp
d5eccebda5 nixos/manual: wordsmithing on fdb chapter
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2018-08-05 08:42:43 -05:00
Austin Seipp
f42f0a1c48 nixos/foundationdb: show an example python script in the documentation
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2018-08-04 16:56:16 -05:00
Austin Seipp
aa79ae0c64 foundationdb: install python bindings
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2018-08-04 16:56:16 -05:00
Austin Seipp
1fdfa1ca13 nixos/manual: fix inclusion of FoundationDB documentation
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2018-07-30 18:30:40 -05:00
Tuomas Tynkkynen
96190535e5 Revert "nixos: rename system.{stateVersion,defaultChannel} -> system.nixos.\1"
This reverts commit 095fe5b43d.

Pointless renames considered harmful. All they do is force people to
spend extra work updating their configs for no benefit, and hindering
the ability to switch between unstable and stable versions of NixOS.

Like, what was the value of having the "nixos." there? I mean, by
definition anything in a NixOS module has something to do with NixOS...
2018-07-28 00:12:55 +03:00
Silvan Mosberger
f2632f5c60
Merge pull request #42748 from patternspandemic/neo4j-service
nixos/neo4j: Update module, make compatible with neo4j 3.4
2018-07-16 22:31:25 +02:00
Wael M. Nasreddine
fd2448b2e6 aerospike: init at 4.2.0.4
Co-authored-by: Volth <volth@webmaster.ms>
2018-07-16 04:21:47 +00:00
patternspandemic
d9d9200496
nixos/neo4j: Update module, make compatible with neo4j 3.4 2018-07-12 19:28:40 -07:00
Florian Klink
fff5923686 nixos/modules: users.(extraUsers|extraGroup->users|group) 2018-06-30 03:02:58 +02:00
Bas van Dijk
68fa306be6 pgmanage: remove deprecated postage alias
The following has been removed:

* The `services.postage` alias for the `services.pgmanage` module
* The `postage` alias for the `pgmanage` package
2018-06-23 13:32:13 +02:00
Aneesh Agrawal
94bd4787a9 nixos/postgresql: Use listen_addresses, not -i
The -i flag to control if PostgreSQL listens for TCP/IP connections has
been deprecated, so replace it with the modern alternative.
2018-06-13 23:03:02 -07:00
Peter Hoeg
5b468ea6b1 nixos mysql: make start-up more robust (#41010)
1) Change start-type to ```notify``` when running MariaDB so that we don't have to busy-wait for the
socket to appear.

2) Do not manually create the directory under /run as we can get systemd to do
that for us. This opens up the possibility later for not having to launch as root.
2018-05-24 16:42:16 +02:00
Jan Malakhovski
095fe5b43d nixos: rename system.{stateVersion,defaultChannel} -> system.nixos.\1 2018-05-12 19:27:09 +00:00
Austin Seipp
5a24d99fa6 foundationdb: split into multiple, major-versioned packages to make upgrades user-controllable
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2018-05-01 15:47:36 -05:00
Austin Seipp
55eec81118 nixos: add TLS support to FoundationDB module, and tweak setup a bit
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2018-05-01 15:47:36 -05:00
Austin Seipp
ed5cbbbc44 foundationdb: install the java client library
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2018-05-01 15:47:36 -05:00
Michael Weiss
1b8642dff6
nixos/monetdb: init (#39812) 2018-05-01 16:44:12 +02:00
Graham Christensen
d1165dba99
Merge pull request #38831 from rdnetto/improve-cross-refs
Improve cross referencing in NixOS Manual
2018-04-30 21:30:20 -04:00
Austin Seipp
e4e8562806 nixos: typofixes/tab deletion in some foundationdb docs/module
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2018-04-25 00:05:18 -05:00
Austin Seipp
18f28a6413 nixos: add foundationdb module, documentation
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2018-04-23 12:13:09 -05:00
Matthew Justin Bauer
12ce909ac9
Merge pull request #38303 from LumiGuide/fix-pgmanage-sql_root
pgmanage: the data_root option is renamed to sql_root
2018-04-17 10:08:15 -05:00
Reuben D'Netto
42a84598fb Added cross-references to NixOS manual 2018-04-12 09:39:14 +10:00
Austin Seipp
7413eb8b49 nixos/postgresql: remove ancient hack for postgres 8.4
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2018-04-11 12:25:11 -05:00
Bas van Dijk
c8eef1d771 pgmanage: the data_root option is renamed to sql_root 2018-04-01 19:16:04 +02:00
Jan Malakhovski
7079e744d4 Merge branch 'master' into staging
Resolved the following conflicts (by carefully applying patches from the both
branches since the fork point):

   pkgs/development/libraries/epoxy/default.nix
   pkgs/development/libraries/gtk+/3.x.nix
   pkgs/development/python-modules/asgiref/default.nix
   pkgs/development/python-modules/daphne/default.nix
   pkgs/os-specific/linux/systemd/default.nix
2018-03-10 20:38:13 +00:00
Jörg Thalheim
6749f6e26e
Merge pull request #36249 from Ekleog/openldap-module-declarative-contents
Openldap module declarative contents
2018-03-03 19:00:13 +00:00
Léo Gaspard
aeef7c91f1
openldap module: allow defining contents declaratively 2018-03-03 15:33:23 +01:00
Léo Gaspard
cca9ec2a66
openldap module: cleanup 2018-03-03 15:33:01 +01:00
Shea Levy
fec543436d
nixos: Move uses of stdenv.shell to runtimeShell. 2018-03-01 14:38:53 -05:00
Franz Pletz
37c009ca74
Merge pull request #34028 from florianjacob/matomo
piwik is now matomo
2018-02-26 06:53:58 +00:00
Sarah Brofeldt
2ea8f8acdf nixos/mysql: Unbreak initial database creation 2018-02-24 20:07:55 +01:00
Florian Jacob
48e449ee70 nixos/piwik: rename to matomo 2018-02-22 22:03:55 +01:00
Frederik Rietdijk
b2f53c76f8 postgis: get rid of composableDerivation
In this change composableDerivation is removed in favor of
stdenv.mkDerivation.
2018-02-20 22:17:16 +01:00
Eric Bailey
6b45dbd99c services.mysql: properly quote database.name 2018-02-08 17:32:41 +01:00
Jörg Thalheim
f29ecd56c1
Merge pull request #33372 from Mic92/memcache
nixos/memcached: make unix sockets usuable
2018-01-04 18:39:48 +01:00
Jörg Thalheim
c9c8a2c5b3 nixos/memcached: make unix sockets usuable
before:
  - /var/run/memcached is a bad default for a socket path, since its
    parent directory must be writeable by memcached.
  - Socket directory was not created by the module itself -> this was
    left as a burden to the user?
  - Having a static uid with a dynamic user name is not very useful.

after:
  - Replace services.memcached.socket by a boolean flag. This simplifies
    our code, since we do not have to check if the user specifies a
    path with a parent directory that should be owned by memcached
    (/run/memcached/memcached.sock -> /run/memcached).
  - Remove fixed uid/gid allocation. The only file ever owned by the
    daemon is the socket that will be recreated on every start.
    Therefore user and group ids do not need to be static.
  - only create the memcached user, if the user has not specified a
    different one. The major use case for changing option is to allow
    existing services (such as php-fpm) opening the local unix socket.
    If we would unconditionally create a user that option would be
    useless.
2018-01-03 12:33:36 +01:00
Jörg Thalheim
453e15ec91 nixos/redis: remove static uid/gid assignment
all files are chowned on startup
2018-01-03 11:18:04 +01:00
Robin Gloster
86c7db0ac4 mysql module: cleanup obsolete checks 2017-12-29 02:18:35 +01:00
Franz Pletz
903a7e2f94
Merge pull request #31641 from danbst/patch-13
mysql module: fix flaky check
2017-11-16 00:07:55 +01:00
Danylo Hlynskyi
9f7315caf2
mysql module: fix flaky check
Comparing packages via equality will lead to different results when package and module are from different
`nixpkgs` checkouts.

Also, because MariaDB is actually supported, added a note to option description to make this knowledge more discover-able.
2017-11-14 03:08:15 +02:00
Maximilian Bosch
82062f7080
services.postgres: fix quoting in the description of superUser
`nixos-option` evals the description and the '`' is used to
define shell commands.

Due to this, the following error appears:

```
$ nixos-option services.postgresql.superUser
Value:
"root"

Default:
"root"

Description:

/run/current-system/sw/bin/nixos-option: line 294: root: command not found
/run/current-system/sw/bin/nixos-option: line 294: postgres: command not found
NixOS traditionally used  as superuser, most other distros use .
From 17.09 we also try to follow this standard. Internal since changing this value
would lead to breakage while setting up databases.
```
2017-11-13 22:22:35 +01:00
Raphael Das Gupta
27c8fd24e5 nixos/mysql: fix typo in description of mysql.bind option 2017-11-07 11:09:40 +01:00
Bas van Dijk
c894327215 postage: replaced by pgmanage-10.0.2
postage is no longer maintained and has been replaced by the identical pgmanage. See:

https://github.com/workflowproducts/postage#postage-has-been-replaced-with-pgmanage

The following error is raised when a user enables the deprecated `services.postage.enable` option:

Failed assertions:
- services.postage is deprecated in favor of pgmanage. They have the same options so just substitute postage for pgmanage.
2017-11-03 00:14:00 +01:00
Kranium Gikos
412fa16bff influxdb sevice: make postStart test work with non-localhost configurations (#29734)
make postStart test work with non-localhost configurations
2017-09-24 15:37:17 +01:00
Florian Jacob
839e3c7666 nixos/mysql: declarative users & databases
using Unix socket authentication, ensured on every rebuild.
2017-09-18 13:10:26 +02:00
Kranium Gikos
662b409b72 influxdb service: fixup postStart script to handle TLS 2017-09-18 11:56:30 +02:00
Franz Pletz
1bed4773f5
postgresql92: remove last references 2017-09-05 18:20:56 +02:00
Philipp Steinpass
d784b83005 nixos/hydra postgresql: Fix #27314 and add test case 2017-09-02 23:07:42 +02:00
Florian Jacob
d22c1c0719 mysql service: Make initialDatabases.schema attribute optional 2017-08-31 11:32:25 +02:00
Joachim F
3e21f91a39 Merge pull request #27796 from LumiGuide/postage
postage: init at 3.2.17 & add NixOS module
2017-08-13 20:59:06 +00:00
Peter Hoeg
b6f7713d33 Merge pull request #28127 from peterhoeg/f/collectd
influxdb (on nixos): reduce closure size by 99.99% (and a bit)
2017-08-12 00:01:46 +08:00
Peter Hoeg
211593fe49 influxdb nixos module: allow customizing the collectd dependency 2017-08-11 22:12:49 +08:00
Bas van Dijk
ca64eaadf8 postage: init at 3.2.17 & add NixOS module 2017-08-07 20:35:23 +02:00
makefu
c8e96826ae
influxdb module: collectd.port is now called bind-address
with the influxdb release we have packaged (and newer releases)
collectd.port has been streamlined to bind-address which takes a string
instead of a number.

ref: https://github.com/influxdata/influxdb/blob/master/services/collectd/README.md
2017-08-06 14:49:56 +02:00
Mateusz Kowalczyk
93d364f4f5 mongodb: we already set quiet in config 2017-07-27 13:26:36 +01:00
Joachim F
8791cad96b Merge pull request #26598 from moretea/mysql-add-bind-option
mysql module: add option to bind to an address
2017-06-27 19:43:41 +01:00
Calvin Cheng
3270545094 rethinkdb service: initial implementation 2017-06-27 02:09:15 +02:00
Maarten Hoogendoorn
d847b5c763 mysql module: add option to bind to an address 2017-06-15 16:08:15 +02:00
Pascal Bach
de52d2450e Cleanup PostgreSQL for state version 17.09 (#25753)
* postgresql service: make 9.6 the default version for 17.09

* postgresql service: change default superuser for 17.09

Change the default superuser from `root` to `postgres` for state
version 17.09

* postgresql service: change default data directory for 17.09

The new directory includes the schema version of the database.
This makes upgrades easier and is more consistent with other distros.

* updated nixos release notes
2017-05-30 21:05:39 +01:00
Pascal Bach
f469bd83bb mysql service: change default data directory for 17.09
The new directory is now moved to /var/lib/mysql. This makes it consistent with
with upstream.
2017-05-20 15:46:13 +02:00
Orivej Desh
8f634a78b9 clickhouse: init at 1.1.54190 2017-04-27 13:25:58 +00:00
Franz Pletz
3ab45f4b36
treewide: use boolToString function 2017-04-11 18:18:53 +02:00
Will Dietz
cb73cb9e62 neo4j service: neo4j-wrapper is deprecated, merge into neo4j.conf 2017-03-19 16:56:53 -05:00
Will Dietz
515fc22263 neo4j service: fix package installed into env to match running service 2017-03-19 16:56:52 -05:00
Will Dietz
63f1a14ae5 neo4j service: increase file limit, per warning emitted at startup (#23961) 2017-03-18 01:03:09 +01:00