Commit graph

11464 commits

Author SHA1 Message Date
Elis Hirwing
89bc406be5
Merge pull request #64413 from davidtwco/jackett/package
nixos/jackett: add package option
2019-07-07 21:33:11 +02:00
Jamey Sharp
f7c776760b nixos/nscd: only drop privs after nss module init
NixOS usually needs nscd just to have a single place where
LD_LIBRARY_PATH can be set to include all NSS modules, but nscd is also
useful if some of the NSS modules need to read files which are only
accessible by root.

For example, nixos/modules/config/ldap.nix needs this when
  users.ldap.enable = true;
  users.ldap.daemon.enable = false;
and users.ldap.bind.passwordFile exists. In that case, the module
creates an /etc/ldap.conf which is only readable by root, but which the
NSS module needs to read in order to find out what LDAP server to
connect to and with what credentials.

If nscd is started as root and configured with the server-user option in
nscd.conf, then it gives each NSS module the opportunity to initialize
itself before dropping privileges. The initialization happens in the
glibc-internal __nss_disable_nscd function, which pre-loads all the
configured NSS modules for passwd, group, hosts, and services (but not
netgroup for some reason?) and, for each loaded module, calls an init
function if one is defined. After that finishes, nscd's main() calls
nscd_init() which ends by calling finish_drop_privileges().

There are provisions in systemd for using DynamicUser with a service
which needs to drop privileges itself, so this patch does that.
2019-07-07 08:43:41 -07:00
Maximilian Bosch
beff2f8d75 nixos/graylog: use types.lines for extraConfig
The `types.lines` type makes it possible to define `extraConfig` in
multiple files and simply concat the contents.
2019-07-07 14:49:39 +02:00
David Wood
e2247dceb3
nixos/lidarr: re-add home attribute
This was accidentally removed in a previous PR and broke things.
2019-07-07 12:31:28 +01:00
David Wood
7f32961ea2
nixos/jackett: add package option
This allows users of the module to override the package to a newer
version. Particularly useful as Jackett warns that old versions may not
work.
2019-07-07 12:23:01 +01:00
worldofpeace
ab34f8b39b
Merge pull request #63824 from JohnAZoidberg/zoneminder-alias
nixos/zoneminder: Fix package and service build
2019-07-06 21:19:23 -04:00
edef
4a405d8995 nixos/networking: filter out empty entries 2019-07-07 00:49:40 +00:00
Maximilian Bosch
3464c602e8
nixos/graylog: fix startup
Until now the startup failed with an error like this:

```
com.github.joschi.jadconfig.ValidationException: Parent path /var/lib/graylog/server for Node ID file at /var/lib/graylog/server/node-id is not a directory
```

This happens since `graylog.service` ensures that `/var/lib/graylog`
exists, however it doesn't take care of the directory for
`cfg.nodeIdFile`.
2019-07-06 20:42:56 +02:00
Jamey Sharp
c38fa99757 nixos/nscd: don't need to specify username
Thanks to @arianvp for pointing out that when DynamicUser is true,
systemd defaults the value of User to be the name of the unit, which in
this case is already "nscd".
2019-07-06 09:24:49 -07:00
Vladimír Čunát
0746c4dbb4
Merge branch 'master' into staging-next
There are several thousand rebuilds from master already.
Hydra nixpkgs: ?compare=1528940
2019-07-06 13:44:40 +02:00
Jörg Thalheim
df65cd3734
nixos/zfs: enable requestEncryptionCredentials by default (#64316)
nixos/zfs: enable requestEncryptionCredentials by default
2019-07-06 09:02:45 +01:00
Jörg Thalheim
2143f6f34f
Merge pull request #64355 from Izorkin/hardwareKSM
nixos/ksm: add option sleep
2019-07-06 08:54:34 +01:00
Jörg Thalheim
e111f23233
Merge pull request #64329 from Izorkin/netdata
nixos/netdata: update service config
2019-07-06 08:52:41 +01:00
Izorkin
fb4d71a39f nixos/netdata: increase performance 2019-07-06 10:15:21 +03:00
Izorkin
6e592faa92 nixos/netdata: enable reload service and add PID file 2019-07-06 10:12:20 +03:00
Izorkin
8364ade833 nixos/ksm: add option sleep 2019-07-06 10:08:27 +03:00
Aaron Andersen
1cd3b98c3a nixos/tt-rss: remove deprecated usage of PermissionsStartOnly, specify a group to run service as, and fix local pgsql database creation 2019-07-05 22:04:56 -04:00
Silvan Mosberger
944e21cf7c
Merge pull request #63339 from Slabity/master
Fix restya-board's phpfpm.pools option
2019-07-06 03:00:52 +02:00
Tyler Slabinski
120cf906a6 nixos/restya-board: Fix phpfpm.pools option 2019-07-05 20:16:13 -04:00
Thomas Tuegel
56d5963382
Merge pull request #54525 from ttuegel/feature/qt-5/wrap-qt-apps
Wrap Qt applications
2019-07-05 14:38:10 -05:00
Thomas Tuegel
f79fd2e826
wrapQtAppsHook: wrap Qt applications for runtime dependencies 2019-07-05 10:41:41 -05:00
Elis Hirwing
823120765c
Merge pull request #64113 from davidtwco/lidarr/users-groups-firewalls
nixos/lidarr: add user/group/openFirewall opts.
2019-07-05 12:20:49 +02:00
Aaron Andersen
c7efe78963
Merge pull request #64274 from aanderse/limesurvey
nixos/limesurvey: module fixes & cleanup
2019-07-04 21:25:49 -04:00
Ivan Jager
a38449f159 nixos/zfs: enable requestEncryptionCredentials by default
Since zfsStable now supports encryption, it no longer makes sense to set
the default based on whether we're using zfsUnstable
2019-07-04 16:11:52 -05:00
Joachim Fasting
c3cc7034e2
nixos/hardened: harder inet defaults
See e.g., https://github.com/NixOS/nixpkgs/issues/63768

Forwarding remains enabled for now, need to determine its effects on
virtualization, if any.
2019-07-04 19:24:44 +02:00
Joachim Fasting
c233e24d54
nixos/hardened: disable ftrace by default 2019-07-04 19:24:41 +02:00
Joachim Fasting
44b6999614
nixos/malloc: use ld preload
This is more robust than setting via environment variable, though it does come
later in the load sequence.  An added benefit is affecting the current
session.
2019-07-04 19:24:40 +02:00
Matthieu Coudron
2ebeba4927 nixos/iperf: add openFirewall setting
Opens the specified tcp port.
2019-07-04 16:58:56 +02:00
Jörg Thalheim
5c80009d0d
netdata: update build config (#64241)
netdata: update build config
2019-07-04 13:35:20 +01:00
Aaron Andersen
5da6d04840 nixos/limesurvey: module fixes & cleanup 2019-07-04 06:16:59 -04:00
Izorkin
064a19afe2 nixos/netdata: add capabilites to freeipmi.plugin 2019-07-04 13:08:38 +03:00
Jamey Sharp
4c64375e91 nixos/nscd: delete redundant nscd.conf options
These options were being set to the same value as the defaults that are
hardcoded in nscd. Delete them so it's clear which settings are actually
important for NixOS.

One exception is `threads 1`, which is different from the built-in
default of 4. However, both values are equivalent because nscd forces
the number of threads to be at least as many as the number of kinds of
databases it supports, which is 5.
2019-07-03 15:34:44 -07:00
Jamey Sharp
de251704d6 nixos/nscd: run with a dynamic user
nscd doesn't create any files outside of /run/nscd unless the nscd.conf
"persistent" option is used, which we don't do by default. Therefore it
doesn't matter what UID/GID we run this service as, so long as it isn't
shared with any other running processes.

/run/nscd does need to be owned by the same UID that the service is
running as, but systemd takes care of that for us thanks to the
RuntimeDirectory directive.

If someone wants to turn on the "persistent" option, they need to
manually configure users.users.nscd and systemd.tmpfiles.rules so that
/var/db/nscd is owned by the same user that nscd runs as.

In an all-defaults boot.isContainer configuration of NixOS, this removes
the only user which did not have a pre-assigned UID.
2019-07-03 13:27:29 -07:00
Jamey Sharp
597563d248 nixos/nscd: let systemd manage directories
Previously this module created both /var/db/nscd and /run/nscd using
shell commands in a preStart script. Note that both of these paths are
hard-coded in the nscd source. (Well, the latter is actually
/var/run/nscd but /var/run is a symlink to /run so it works out the
same.)

/var/db/nscd is only used if the nscd.conf "persistent" option is turned
on for one or more databases, which it is not in our default config
file. I'm not even sure persistent mode can work under systemd, since
`nscd --shutdown` is not synchronous so systemd will always
unceremoniously kill nscd without reliably giving it time to mark the
databases as unused. Nonetheless, if someone wants to use that option,
they can ensure the directory exists using systemd.tmpfiles.rules.

systemd can create /run/nscd for us with the RuntimeDirectory directive,
with the added benefit of causing systemd to delete the directory on
service stop or restart. The default value of RuntimeDirectoryMode is
755, the same as the mode which this module was using before.

I don't think the `rm -f /run/nscd/nscd.pid` was necessary after NixOS
switched to systemd and used its PIDFile directive, because systemd
deletes the specified file after the service stops, and because the file
can't persist across reboots since /run is a tmpfs. Even if the file
still exists when nscd starts, it's only a problem if the pid it
contains has been reused by another process, which is unlikely. Anyway,
this change makes that deletion even less necessary, because now systemd
deletes the entire /run/nscd directory when the service stops.
2019-07-03 12:39:48 -07:00
Jamey Sharp
93f185df65 nixos/nscd: no longer need to wait for readiness
This postStart step was introduced on 2014-04-24 with the comment that
"Nscd forks into the background before it's ready to accept
connections."

However, that was fixed upstream almost two months earlier, on
2014-03-03, with the comment that "This, along with setting the nscd
service type to forking in its systemd configuration file, allows
systemd to be certain that the nscd service is ready and is accepting
connections."

The fix was released several months later in glibc 2.20, which was
merged in NixOS sometime before 15.09, so it certainly should be safe to
remove this workaround by now.
2019-07-03 12:26:47 -07:00
Aaron Andersen
aa05aad470 nixos/wordpress: create module to replace the httpd subservice 2019-07-03 11:47:33 -04:00
Aaron Andersen
8d7dc105b1
Merge pull request #63931 from aanderse/phpfpm
phpfpm: revert #63156
2019-07-03 07:04:17 -04:00
Aaron Andersen
9f2518da59
Merge pull request #64199 from thorstenweber83/fix-mysql-test
nixos/mysql: fix mysql test after #63862
2019-07-03 06:27:40 -04:00
Aaron Andersen
ec80ffc621
Merge pull request #62061 from aanderse/nagios
nixos/nagios: module updates
2019-07-03 06:19:35 -04:00
talyz
732af03ace networkmanager: Documentation cleanup.
- Refer to external documentation for dns option
- Clean up macAddress option
- Improve references
2019-07-03 09:40:05 +00:00
talyz
80acb28bee networkmanager: Add rc-manager option
Add an option to set the rc-manager parameter in NetworkManager.conf,
which controls how NetworkManager handles resolv.conf. This sets the
default rc-manager to "resolvconf", which solves #61490. It
additionally allows the user to change rc-manager without interference
from configuration activations.
2019-07-03 09:40:05 +00:00
Frederik Rietdijk
25a77b7210 Merge staging-next into staging 2019-07-03 08:59:42 +02:00
Thorsten Weber
46ea3ebc19 nixos/mysql: make ExecStartPost script fail on error 2019-07-03 08:50:21 +02:00
David Wood
16c394fe0f
nixos/deluge: Add extractor dependencies.
This commit adds the "Extractor" plugin dependencies to the PATH of the
`deluged` service.
2019-07-02 22:26:38 +01:00
David Wood
9837facf21
nixos/deluge: user, group and web firewall opts.
This commit adds new options to the Deluge service:

- Allow configuration of the user/group which runs the deluged daemon.
- Allow configuration of the user/group which runs the deluge web
  daemon.
- Allow opening firewall for the deluge web daemon.
2019-07-02 22:26:34 +01:00
Tadeo Kondrak
fef4dc526f
nixos/programs/shell.nix: don't use unnecessary GNU-specific option 2019-07-02 03:08:14 -06:00
Peter Hoeg
10dd03e0a3
Merge pull request #63551 from Steell/roon-server
roon-server: init at 100600401
2019-07-02 10:06:29 +08:00
Aaron Andersen
f2a499549f nixos/httpd: drop mercurial httpd subservice 2019-07-01 15:34:00 -04:00
David Wood
6ba90c2aae
nixos/lidarr: add user/group/openFirewall opts.
This commit adds new configuration options to the Lidarr module that
allows configuration of the user and group that Lidarr runs as; and to
open the firewall for the Lidarr port.
2019-07-01 16:17:18 +01:00
worldofpeace
3f4a353737 treewide: use dontUnpack 2019-07-01 04:23:51 -04:00
worldofpeace
cab7c6cbd9 treewide: use dontConfigure 2019-07-01 04:23:51 -04:00
Aaron Andersen
d0a147e841 nixos/mysql: run ExecStartPost as root (again) to preserve compatibility with installs that have been secured 2019-06-30 21:59:47 -04:00
Aaron Andersen
e0590da813 nixos/mysql: turn ExecStartPost into a shell script and simplify code 2019-06-30 21:58:27 -04:00
Aaron Andersen
26a5f32096 nixos/redmine: cosmetic cleanup 2019-06-30 07:24:23 -04:00
Aaron Andersen
e702468f6b nixos/redmine: add database.createLocally option 2019-06-30 07:24:18 -04:00
Aaron Andersen
278d867a9b Revert "Merge pull request #63156 from Izorkin/phpfpm-rootless"
This reverts commit b5478fd1a2, reversing
changes made to dbb00bfcbf.
2019-06-28 21:47:43 -04:00
Aaron Andersen
4b98e262a0 Revert "nixos/phpfpm: Remove usage of undefined variable fpmCfg"
This reverts commit 54645ce43a.
2019-06-28 21:47:17 -04:00
Ambroz Bizjak
c07fb9cebd nixos/opengl: Don't set XDG_DATA_DIRS.
This was added in #19936 so that vulkan-loader finds the ICD config files. It is
not needed any more after #62869 where it was ensured that the loader looks in
/run/opengl-driver(-32)/share.
2019-06-28 14:36:29 +02:00
worldofpeace
8789ff3179
Merge pull request #63822 from worldofpeace/dde-control-center/init
deepin.dde-control-center: init at 4.10.11
2019-06-27 22:15:52 -04:00
worldofpeace
8c2bcb181e nixos/deepin: add dde-control-center 2019-06-27 22:15:13 -04:00
Elis Hirwing
54645ce43a
nixos/phpfpm: Remove usage of undefined variable fpmCfg 2019-06-27 20:39:18 +02:00
Elis Hirwing
b5478fd1a2
Merge pull request #63156 from Izorkin/phpfpm-rootless
phpfpm: do not run anything as root
2019-06-27 19:13:53 +02:00
Elis Hirwing
dbb00bfcbf
Merge pull request #63726 from davidtwco/lidarr/specify-package
nixos/lidarr: allow specifying package
2019-06-27 19:06:51 +02:00
Aaron Andersen
fa01a229e7
Merge pull request #63101 from dasJ/gitea-jwt
nixos/gitea: Generate a JWT secret for git LFS
2019-06-27 13:06:17 -04:00
Aaron Andersen
ae02678a9d
Merge pull request #63786 from aanderse/mysql
mysql: drop support for deprecated package & module option
2019-06-27 12:14:35 -04:00
Domen Kožar
2072043efb
duplicati: fix StateDirectory 2019-06-27 14:15:37 +02:00
Peter Hoeg
67cca52fd9
Merge pull request #53204 from peterhoeg/m/libvirt
libvirt: support proper networking in user session
2019-06-27 11:39:48 +08:00
Janne Heß
8c3dd6f5e7 nixos/gitea: Generate a JWT secret for git LFS 2019-06-27 03:29:02 +02:00
Aaron Andersen
616e52e21b
Merge pull request #63622 from aanderse/zoneminder
nixos/zoneminder: fix some issues with database.createLocally option
2019-06-26 20:36:26 -04:00
Daniel Schaefer
19851ec1fc nixos/zoneminder: Fix nginx config check
NixOS wouldn't build because the nginx config checker fails.

Location without a trailing slash "could allow an attacker to read file
stored outside the target folder.", source:
https://github.com/yandex/gixy/blob/master/docs/en/plugins/aliastraversal.md

Shouldn't change the behaviour according to
https://serverfault.com/questions/607615/using-trailing-slashes-in-nginx-configuration/607731#607731
2019-06-26 20:45:55 +02:00
pacien
b05870d223 nixos/cgit: fix config example
The order of the keys matters: scan-path must be the last key for other settings
to be taken into account.
2019-06-26 19:59:31 +02:00
Eelco Dolstra
8e620e1bc5
Merge pull request #63810 from NixOS/binaryCaches-default
nix.binaryCaches: always set https://cache.nixos.org
2019-06-26 18:51:17 +02:00
Domen Kožar
f572d4eb91
duplicati: PermissionsStartOnly is deprecated 2019-06-26 15:52:00 +02:00
Domen Kožar
036728f3f4
nix.binaryCaches: always set https://cache.nixos.org
There are many support questions when people add a new binary cache
and they suddenly lose nixos substitutions.

Most of the users want to keep that, so we're doing a breaking change.

Previously to disable all binary caches one had to do:

  nix.binaryCache = [];

Now the same is possible via:

  nix.binaryCache = lib.mkForce;
2019-06-26 14:30:56 +02:00
Frederik Rietdijk
d843e16cb8 Merge master into staging-next 2019-06-26 13:22:30 +02:00
José Romildo Malaquias
b86c7b8568 nixos/deepin: add dde-launcher usb service 2019-06-26 00:40:17 -03:00
Samuel Dionne-Riel
6fba2c3565 sd-image-raspberrypi: populateBoot -> populateFirmware
Fixes an incomplete change from the last changes.
2019-06-25 20:49:34 -04:00
Graham Christensen
7b8a7cee78
Merge pull request #63699 from NinjaTrappeur/nin-hostapd-noscan
hostapd: add noscan mode
2019-06-25 18:08:58 -04:00
Graham Christensen
38c28ef10c
Merge pull request #56265 from aanderse/permissions-start-only
replace deprecated usage of PermissionsStartOnly (part 2)
2019-06-25 18:04:22 -04:00
Aaron Andersen
fb918a9254 nixos/mysql: drop rootPassword option 2019-06-25 17:26:53 -04:00
Aaron Andersen
74ff20fae7 nixos/zoneminder: fix some issues with database.createLocally option 2019-06-25 12:20:22 -04:00
Jan Tojnar
07d1d3ed68
Merge branch 'master' into staging 2019-06-25 18:06:43 +02:00
Frederik Rietdijk
4589a04299 Merge master into staging-next 2019-06-25 16:26:29 +02:00
Steve Elliott
725e2793dd roon-server: init at 100600401 2019-06-25 09:34:07 -04:00
Eelco Dolstra
aef7f1b31a
Typo 2019-06-25 14:46:04 +02:00
Domen Kožar
e8916cc6af
duplicati: allow changing the user 2019-06-25 14:28:03 +02:00
Vladimír Čunát
145a620802
Merge branch 'master' into staging-next
Hydra nixpkgs: ?compare=1527134
2019-06-25 14:04:12 +02:00
Aaron Andersen
931921664f
Merge pull request #63392 from ivan/cassandra-default-cluster-name
nixos/cassandra: use cassandra's default cluster name "Test Cluster"
2019-06-25 07:18:10 -04:00
Samuel Dionne-Riel
6bc2d30ee3
Merge pull request #62462 from samueldr/sd-image/fat-free
sd-image: FAT free /boot
2019-06-24 14:53:49 -04:00
Samuel Dionne-Riel
7c819989f9
Merge pull request #63147 from samueldr/aarch64/graphics-fixes
aarch64: misc. graphical boot fixes
2019-06-24 14:53:01 -04:00
Samuel Dionne-Riel
c4a12ee9c0
Merge pull request #62852 from samueldr/fix/xterm-desktop-manager-default
nixos/desktop-managers/xterm: Defaults to xserver's state
2019-06-24 14:48:58 -04:00
David Wood
7e38a64709
nixos/lidarr: allow specifying package
This commit allows users of `services.lidarr` to specify the package
that is used with `services.lidarr.package`.
2019-06-24 09:53:38 +01:00
Matthew Bauer
500c13ed46
Merge pull request #63609 from tokudan/udev-executable-check
udev: change error message if RUN entry is not executable
2019-06-23 21:43:31 -04:00
Matthew Bauer
8768d1c83a nixos: add hardware/network/intel-2200bg.nix to module-list
this is referenced by nixos-generate-config.pl. See
https://github.com/NixOS/nixpkgs/pull/63091 for more discussion.
2019-06-23 20:30:27 -04:00
Félix Baylac-Jacqué
5121f8d1e6
hostapd: starting hostapd systemd service at boot. 2019-06-24 00:26:27 +02:00
Félix Baylac-Jacqué
98deb87354
hostapd: Add noscan mode.
Applies OpenWRT's noscan patch to hostapd and the relevant option to
the hostapd module.

This noscan patch adds a new `noscan` option allowing us to create
some overlapping BSSs in HT40+/- mode.

Note: this option is disabled by default, we leave this up to the end
user whether it should be enabled or not.

Not being able to create those overlapping BSSs is basically
preventing us to use 802.11n in any urban area where chances to
overlap with another SSID are extremely high.

The patch we are using is a courtesy of the openwrt team and is
applied to the defaul hostapd package in both OpenWRT and Archlinux.
2019-06-24 00:26:20 +02:00
Frederik Rietdijk
dafee3d91a Merge master into staging-next 2019-06-23 15:38:41 +02:00
Matthew Bauer
9d9b98cdfb
Merge pull request #62891 from jtojnar/nixos-documentation-nixos-help-use-w3m-1-by-default
nixos/documentation: nixos-help: use w3m(1) by default
2019-06-22 21:37:22 -04:00
Domen Kožar
c687da8940
duplicati: change default interface to 127.0.0.1 for a saner default
Existing 'lo' didn't work for me as it was failing to assign an IP.
2019-06-22 20:26:18 +02:00
Domen Kožar
224a6562a4
Add configurationLimit to systemd-boot to prevent running out of disk space
Refs #23926
2019-06-22 20:11:11 +02:00
Vladimír Čunát
3e4b15f0c4
Merge branch 'master' into staging-next
Hydra nixpkgs: ?compare=1526638
2019-06-22 14:35:35 +02:00
Daniel Frank
b40a38fe8a udev: be more verbose about the error 2019-06-21 18:05:14 +02:00
Daniel Frank
f8cf9de7ce udev: change error message if RUN entry is not executable 2019-06-21 11:27:56 +02:00
Frederik Rietdijk
72d647f3d8 Merge master into staging-next 2019-06-21 08:20:26 +02:00
Peter Hoeg
28563ef5cb libvirtd (nixos): support bridging for user sessions 2019-06-21 11:11:48 +08:00
Silvan Mosberger
852fe410fc
nixos/zfs: Remove requestEncryptionCredentials assertion
zfs >= 0.8 supporting encryption is now stable
2019-06-21 03:33:09 +02:00
Ivan Kozik
41c6d7adfc nixos/prometheus-node-exporter: fix systemd unit for systemd 242 (#63540)
Avoid having a backslash at the end of ExecStart=.

See https://github.com/NixOS/nixpkgs/issues/63533 for details
about the change to systemd's unit parser.

Fixes #63383.
2019-06-20 17:04:36 -04:00
Matthew Bauer
2b8ea614b8
Merge pull request #63090 from NixOS/nomodeset
kernel.nix: boot.vesa implies nomodeset
2019-06-20 15:31:17 -04:00
Matthew Bauer
808d6fc7de
Merge pull request #63087 from matthiasbeyer/fix-ddclient-extraconfig
Fix ddclient extraConfig
2019-06-20 15:28:04 -04:00
worldofpeace
d672ceeb68
Merge pull request #63204 from michaelpj/imp/localtime-upstream
localtime: use upstream unit, fix polkit rules
2019-06-19 08:38:03 -04:00
Eelco Dolstra
7eb332af5d
Remove default value for nixpkgs.system
Using "builtins.currentSystem" doesn't work in pure evaluation mode,
and even when it's explicitly set (which it always is, in
nixos/lib/eval-config.nix), it breaks manual generation because the
manual tries to render the default value.
2019-06-19 14:07:45 +02:00
Michael Peyton Jones
0073c1fb0b
localtime: use upstream unit and fix polkit rule installation
Also don't allocate a user - the upstream unit uses DynamicUser.
2019-06-19 11:07:44 +01:00
Aaron Andersen
93412bc35f
Merge pull request #63413 from etu/gitea-183-update
gitea: 1.8.2 -> 1.8.3
2019-06-19 05:46:48 -04:00
Elis Hirwing
3576ba7c19
nixos/gitea: Add missing tmpfiles rules 2019-06-19 07:45:51 +02:00
Frederik Rietdijk
f120248daf Merge staging-next into staging 2019-06-18 11:07:56 +02:00
Frederik Rietdijk
41377252e5 Merge master into staging-next 2019-06-18 10:53:28 +02:00
Jan Tojnar
1ef7e40a9c
doc: Clean up programlisting & screen (#63316)
doc: Clean up programlisting & screen
2019-06-18 09:47:15 +02:00
Vladimír Čunát
0aa9f35a99
Merge branch 'master' into staging-next
Hydra nixpkgs: ?compare=1525828
2019-06-18 09:44:13 +02:00
Ivan Kozik
a476b9bf54 nixos/cassandra: use cassandra's default cluster name "Test Cluster"
The change to "NixOS Test Cluster" in #59179 broke startup of existing clusters
that used the previously-default cluster name "Test Cluster":

ERROR 23:00:47 Fatal exception during initialization
org.apache.cassandra.exceptions.ConfigurationException: Saved cluster name Test Cluster != configured name NixOS Test Cluster

Fixes #63388.
2019-06-18 00:36:46 +00:00
Matthew Bauer
4d6f65b81f
Merge pull request #62167 from matthewbauer/alias-libgl
Add libGL* aliases
2019-06-17 15:18:29 -04:00
Matthew Bauer
263f5891b6 treewide: mesa_noglu, mesa_drivers, libGL_driver -> mesa
Just use mesa for these to be more clear. Move these to aliases.nix
2019-06-17 14:43:18 -04:00
Jörg Thalheim
55e2c850a3
nixos/kvmgt: fix starting condition (#62096)
nixos/kvmgt: fix starting condition
2019-06-17 16:32:54 +01:00
Jan Tojnar
a3f2131eb6 doc: Use prompt more often 2019-06-17 13:25:50 +02:00
Jan Tojnar
11cb382a4c
nixos/doc: Fix spurious indentation 2019-06-17 12:28:26 +02:00
Izorkin
eee87b460e nixos/phpfpm: remove options services.phpfpm.poolConfigs 2019-06-17 09:15:51 +03:00
Izorkin
6093c04b67 nixos/tt-rss: fix work with phpfpm-rootless mode 2019-06-17 09:15:48 +03:00
Samuel Dionne-Riel
288118cdfa sd-image: Adds removed options for removed options
This will keep configuration configuring the size of the /boot partition
still build, while showing the deprecation warning.

In 99.9% of cases I assume ignoring the configuration is better, as the
sd-image builder already is pretty opinionated in that matter.
2019-06-16 17:47:32 -04:00
Samuel Dionne-Riel
c113c094cf sd-image: Pull less slack in the image by accounting for slack
The slack, seemingly, accounted for more than the minimum required for
slack plus the two partitions.

This change makes the gap a somewhat abstracted amount, but is not
configurable within the derivation.
2019-06-16 17:47:31 -04:00
Samuel Dionne-Riel
1843e00146 sd-image: Updates comments 2019-06-16 17:47:31 -04:00
Samuel Dionne-Riel
8634d5700d sd-image: firmware partition reduced to 20MiB 2019-06-16 17:47:31 -04:00
Samuel Dionne-Riel
53884e1b94 sd-image: Switch /boot to the ext4 partition 2019-06-16 17:47:31 -04:00
Samuel Dionne-Riel
6e9e78b618 sd-image: Moves /boot into rootfs
The current FAT32 partition is kept as it is required for the Raspberry
Pi family of hardware. It is where the firmware is kept.

The partition is kept bootable, and the boot files kept in there until
the following commits, to keep all commits of this series individually
bootable.
2019-06-16 17:47:30 -04:00
volth
f3282c8d1e treewide: remove unused variables (#63177)
* treewide: remove unused variables

* making ofborg happy
2019-06-16 19:59:05 +00:00
Bjørn Forsman
8f551be935 nixos-generate-config: don't emit tmpfs entry for /tmp
Because it most likely comes from the boot.tmpOnTmpfs option in
configuration.nix (managed declaratively).
2019-06-16 16:21:54 +02:00
Bjørn Forsman
4213e48dd9 nixos-generate-config: add dm-snapshot module if LVM is detected
Without this, the system becomes unbootable if the user creates a LVM
snapshot and reboots.

Fixes https://github.com/NixOS/nixpkgs/issues/33646

(The same kind of problem was fixed in RHEL a few years back:
https://bugzilla.redhat.com/show_bug.cgi?id=1287940)
2019-06-16 15:30:54 +02:00
Bjørn Forsman
9e45f6feac nixos-generate-config: don't generate swapDevices for *files*
Up until now, the output has been the same for swap devices and swap
files:

  { device = "/var/swapfile"; }

Whereas for swap *files* it's easier to manage them declaratively in
configuration.nix:

  { device = "/var/swapfile"; size = 8192; }

(NixOS will create the swapfile, and later resize it, if the size
attribute is changed.)

With the assumption that swap files are specified in configuration.nix,
it's silly to output them to hardware-configuration.nix.
2019-06-16 15:26:33 +02:00
Izorkin
6290bf9067 nixos/selfoss: fix work with phpfpm-rootless mode 2019-06-16 12:33:51 +03:00
Izorkin
d44f759b55 nixos/restya-board: fix work with phpfpm-rootless mode 2019-06-16 12:33:51 +03:00
Izorkin
5b1a4730bc nixos/nextcloud: fix work with phpfpm-rootless mode 2019-06-16 12:33:51 +03:00
Izorkin
08dae69741 nixos/matomo: fix work with phpfpm-rootless mode 2019-06-16 12:33:51 +03:00
Izorkin
5d3805487a nixos/zoneminder: fix work with phpfpm-rootless mode 2019-06-16 12:33:51 +03:00
Izorkin
2172419101 nixos/icingaweb2: fix work with phpfpm-rootless mode 2019-06-16 12:33:51 +03:00
Izorkin
d49857a885 nixos/limesurvey: fix work with phpfpm-rootless mode 2019-06-16 12:33:51 +03:00
Izorkin
59a33f25e5 nixos/roundcube: fix work with phpfpm-rootless mode 2019-06-16 12:33:51 +03:00
Izorkin
320e8ab5d7 nixos/phpfpm: do not run anything as root 2019-06-16 12:33:49 +03:00
Frederik Rietdijk
7adbdd9758 Merge master into staging-next 2019-06-16 09:04:24 +02:00
Jan Tojnar
b1ee53d87b
nixos/enlightenment: fix build with config.allowAliases=false (#61421)
nixos/enlightenment: fix build with config.allowAliases=false
2019-06-16 04:07:26 +02:00
Samuel Dionne-Riel
5d92d16b49 sd-image-aarch64: Allows early modesetting for Allwinner boards
This will reduce the confusion at boot, where the only thing visible is
the last message from u-boot; where it looks like the board is
hung, while in reality it's likely resizing partitions.
2019-06-15 14:26:21 -04:00
Samuel Dionne-Riel
390f2071df sd-image-aarch64: Allows early modesetting for the Raspberry Pi
This will reduce the confusion at boot, where the only thing visible is
the last message from u-boot; where it looks like the Raspberry Pi is
hung, while in reality it's likely resizing partitions.
2019-06-15 14:26:20 -04:00
Frederik Rietdijk
395da1280e
Merge pull request #63100 from aanderse/phabricator-remove
drop unmaintained phabricator package, service, and httpd subservice
2019-06-15 13:08:48 +02:00
Frederik Rietdijk
482c74cfb8 Merge staging into staging-next 2019-06-15 10:49:30 +02:00
Frederik Rietdijk
9bd6c5d817
Merge staging-next into master 2019-06-15 10:46:55 +02:00
Yegor Timoshenko
d089f23390
Merge pull request #62853 from samueldr/fix/sshd-cross-compile-issue
nixos/sshd: fixes validation for cross-compilation
2019-06-15 10:37:35 +03:00
Frederik Rietdijk
31f22a5bb3 Merge staging-next into staging 2019-06-15 08:43:33 +02:00
Frederik Rietdijk
087b87758e Merge master into staging-next 2019-06-15 08:17:58 +02:00
Samuel Dionne-Riel
861bbbcb3c nixos/sshd: fixes validation for cross-compilation
See https://github.com/NixOS/nixpkgs/pull/62853
2019-06-15 00:56:42 -04:00
Samuel Dionne-Riel
8c14a6f641
Merge pull request #63135 from Ma27/captive-browser-regression
nixos/captive-browser: fix module
2019-06-14 21:29:26 -04:00
Florian Klink
e0818a1530
nixos/systemd: enable systemd-tmpfiles-setup and -clean for user sessions (#62813)
nixos/systemd: enable systemd-tmpfiles-setup and -clean for user sessions
2019-06-14 22:43:15 +02:00
Maximilian Bosch
d9f7bac91f
nixos/captive-browser: fix module
Fixes the broken metrics evaluation which was caused by a `trace`
warning in stdout which confused `jq` in `pkgs/top-level/metrics.nix`.

Also made the `bind-device` feature optional as suggested after the
merge.
2019-06-14 20:38:33 +02:00
Vladimír Čunát
788261a1a9
Merge branch 'master' into staging-next
Brings in Haskell rebuild.
Hydra nixpkgs: ?compare=1525186
2019-06-14 17:47:23 +02:00
aszlig
c26584f1e5
nixos: Fix build of manual
Manual build broken by 79f7f89442, which
is part of pull request #59179 (Fix Cassandra, improve config and
tests).

The issue was just a small error because of an unbalanced <literal/>
tag, so only a "/" was missing :-)

Signed-off-by: aszlig <aszlig@nix.build>
Cc: @aanderse
2019-06-14 05:36:06 +02:00
Aaron Andersen
fadceeb075
Merge pull request #59179 from JohnAZoidberg/cassandra-module
Fix Cassandra, improve config and tests
2019-06-13 20:37:10 -04:00
Aaron Andersen
a49b546c92 nixos/httpd: remove unmaintained subservice (phabricator) 2019-06-13 17:12:13 -04:00
Aaron Andersen
e278ff48bc nixos/phd: remove unmaintained service 2019-06-13 17:09:45 -04:00
Lasse Blaauwbroek
0515392ed3 Fix ddclient extraConfig
The the extraConfig variable is added below the domain variable in the
ddclient config file. The domain variable should always be last.

(cherry picked from commit ba0ba6dc79)
2019-06-13 18:25:59 +02:00
Wout Mertens
7938c1613d
kernel.nix: boot.vesa implies nomodeset
Without nomodeset the console is reset to 80x25 after Grub
2019-06-13 17:58:08 +02:00
Maximilian Bosch
d1990cff8d
Merge pull request #58036 from volth/captive-browser
nixos/programs.captive-browser: init
2019-06-13 14:05:13 +02:00
Danylo Hlynskyi
e718eb6243
Merge pull request #62712 from danbst/module-conflict-naming
NixOS module system: improve one of error messages
2019-06-13 11:59:54 +03:00
Daniel Schaefer
03503121da nixos/cassandra: Don't force SimpleSeedProvider
If the `seedAddresses` is not set, don't force `SimpleSeedProvider` to
be in `seed_provider`. This could cause problems in a multi-datacenter
deployment when a different seed provider is preferred.
2019-06-13 04:36:42 +02:00
Daniel Schaefer
79f7f89442 nixos/cassandra: Use docbook instead of markdown style 2019-06-13 04:36:41 +02:00
Daniel Schaefer
9ecd584785 nixos/cassandra: Add option for password file path
If you're on a multi user system you don't want to have the password in
the nix-store. With the new jmxRolesFile option you can specify your own
protected file instead.
2019-06-13 04:36:41 +02:00
Daniel Schaefer
35531f4016 nixos/cassandra: Allow setting JMX credentials
If we have the ability to enable remote JMX we should also support
setting credentials for that because they become required if you turn it
on.
2019-06-13 04:36:41 +02:00
Daniel Schaefer
c1991fb18d nixos/cassandra: Add clusterName 2019-06-13 04:36:41 +02:00
Daniel Schaefer
f0031432ce nixos/cassandra: Add nixos conf for Java env 2019-06-13 04:36:40 +02:00
Daniel Schaefer
746b82bd4a nixos/cassandra: Allow setting of seed addresses
Allow for more intuitive specifying of seed node addresses with Nix
syntax.
2019-06-13 04:34:03 +02:00
Daniel Schaefer
a2aa01be0c nixos/cassandra: Enable CQL server by default
Resolves #50954
2019-06-13 04:34:03 +02:00
Maximilian Bosch
401360e15b
Merge pull request #61923 from aanderse/gitea
nixos/gitea: make use of declarative features where applicable
2019-06-13 01:01:18 +02:00
Wael Nasreddine
da3ec20a72
Merge pull request #63035 from rvolosatovs/update/go
go: 1.12.5->1.12.6, 1.11.10->1.11.11
2019-06-12 08:50:39 -07:00
Eelco Dolstra
734b3e7758
Merge pull request #62966 from bjornfor/nixos-generate-config-bcache
nixos-generate-config: add support for bcache
2019-06-12 10:06:17 +02:00
Frederik Rietdijk
7953a65269 Merge staging-next into staging 2019-06-12 09:24:00 +02:00
Frederik Rietdijk
7184efb40a Merge master into staging-next 2019-06-12 09:22:07 +02:00
Franz Pletz
9b2ee2c057
Merge pull request #62838 from mayflower/fix/cryptsetup-kernel-crypto
cryptsetup: enable kernel crypto api support again
2019-06-12 05:05:38 +00:00
Robin Gloster
68c30f0d9b
Merge pull request #62153 from WilliButz/avahi-refactor
avahi: set service directory and refactor module
2019-06-11 14:04:33 +00:00
pacien
7cc0c50e39 nixos/cgit: mention filters in configText example 2019-06-11 15:27:56 +02:00
Jörg Thalheim
e829aeefa3
Merge pull request #62101 from michaelpj/imp/lenovo-throttled
throttled: fix for Intel CPU throttling issues
2019-06-11 11:10:52 +01:00
Lucas Savva
24e974b904
bind: Remove deprecated flag from rndc-confgen
Fixes bind.service startup issue after NixOS/nixpkgs#61619
2019-06-11 09:05:56 +02:00
worldofpeace
814c4c1b9d
Merge pull request #61366 from romildo/upd.deepin.dde-file-manager
deepin.dde-file-manager: init at 4.8.6.2
2019-06-11 02:00:43 -04:00
José Romildo Malaquias
057016a2c5 nixos/deepin: add dde-file-manager services 2019-06-11 01:57:16 -04:00
Matthew Bauer
02698c4a61
Merge pull request #59803 from volth/patch-316
nixos/netboot: import -> callPackage
2019-06-10 21:30:23 -04:00
Matthew Bauer
049884ba12
Merge pull request #62941 from woffs/openvpn-url
openvpn: fix static key mini howto url
2019-06-10 21:24:53 -04:00
Aaron Andersen
7145cf224c nixos/gitea: replace deprecated usage of PermissionsStartOnly
see #53852
2019-06-10 20:32:35 -04:00
Aaron Andersen
9d251d8b21 nixos/gitea: define a gitea group to avoid "nogroup" ownership 2019-06-10 20:32:35 -04:00
Aaron Andersen
615f8b8982 nixos/gitea: utilize mysql|postgresql.ensureDatabases & ensureUsers to provision databases 2019-06-10 20:32:28 -04:00
Bjørn Forsman
4755811a12 nixos-generate-config: add support for bcache
Add "bcache" to boot.initrd.availableKernelModules if a bcache device is
detected.

This fixes a problem I've had one too many times: I install NixOS and
forget to add "bcache", resulting in an unbootable machine (until fixed
with Live CD). Now NixOS will do it for me.
2019-06-10 21:22:07 +02:00
Nikolay Amiantov
493bb6035a networkmanager service: install strongswan configuration file only if enabled 2019-06-10 20:20:47 +03:00
Nikolay Amiantov
5be5991c80 networkmanager service: remove with pkgs
Avoid using `with` which isn't particularly needed.
2019-06-10 20:20:46 +03:00
Nikolay Amiantov
33b7e5f6c7 networkmanager service: fix simultaneous append and insert of nameservers
Before only one of them could work at the same time.
2019-06-10 18:54:32 +03:00
Nikolay Amiantov
68de116eb4 networkmanager service: override DNS when it's actually needed
Logic expression was incorrect before.
2019-06-10 18:54:27 +03:00
adisbladis
32b374f780
Merge pull request #62315 from adisbladis/pulseaudio/resample-method
nixos/pulseaudio: Set speex-float-5 as default resample-method
2019-06-10 15:05:44 +02:00
Frank Doepper
f7ef7bacb7 openvpn: fix static key mini howto url 2019-06-10 13:02:45 +02:00