Commit graph

5948 commits

Author SHA1 Message Date
Parnell Springmeyer
bae00e8aa8
setcap-wrapper: Merging with upstream master and resolving conflicts 2017-01-25 11:08:05 -08:00
Franz Pletz
516760a6fb
nixos/acme: add random delay to timer
This way we behave like good citizens and won't overload Let's Encrypt
with lots of cert renewal requests at the same time.
2017-01-25 19:15:04 +01:00
Vladimír Čunát
278bbe3b33
add kresd service with basic options
Still celebrating today's 1.2.0 release!
2017-01-25 18:46:28 +01:00
Bob van der Linden
d9987f360a nginx: added serverName option for virtualHosts
This allows overriding the `server_name` attribute of virtual
hosts. By doing so it is possible to have multiple virtualHost
definitions that share the same `server_name`. This is useful in
particular when you need a HTTP as well as a HTTPS virtualhost: same
server_name, different port.
2017-01-25 14:55:55 +01:00
Franz Pletz
b9b95aa4d4 Merge pull request #22034 from mayflower/conntrack-helpers
Disable conntrack helper autoloading by default
2017-01-25 14:18:41 +01:00
Tuomas Tynkkynen
32643dc07d installer: sd-image-*.nix: Document how to build them 2017-01-25 15:07:37 +02:00
Daniel Peebles
95add2c2f7 Merge pull request #22103 from copumpkin/automatic-kafka-broker-id
apache-kafka service: change default brokerId to -1
2017-01-24 22:17:03 -05:00
Tuomas Tynkkynen
0e4c1bfb43 installer: Add SD image expression for Aarch64
This one works on the Raspberry Pi 3 so far.
2017-01-25 02:14:47 +02:00
Tuomas Tynkkynen
b29ee6c8ff U-Boot: Add 64-bit Raspberry Pi 3 build
And rename the old ubootRaspberryPi3 to ubootRaspberryPi3_32bit.
2017-01-25 02:14:47 +02:00
Franz Pletz
8322a12ef2
firewall: disable conntrack helper autoloading by default
This was disabled in the Linux kernel since 4.7 and poses a security risk
if not configured properly.

https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=486dcf43da7815baa615822f3e46883ccca5400f
2017-01-25 01:14:04 +01:00
Franz Pletz
403fdd737e
linux: remove canDisableNetfilterConntrackHelpers feature
This feature is available in all kernels in nixpkgs.
2017-01-25 00:28:55 +01:00
Thomas Tuegel
54df142672
nixos/kde5: use kimpanel with IBus by default 2017-01-24 12:55:06 -06:00
Thomas Tuegel
e38970c60b
nixos/ibus: fix custom panel example
The example was missing a `''`, so it did not appear correctly in the
manual. This also caused the manual to retain references inappropriately.
2017-01-24 12:52:39 -06:00
Michael Raskin
ae4f2fd145 Merge pull request #22066 from mbrgm/journalbeat
journalbeat service: init at 5.1.2
2017-01-24 17:56:48 +00:00
Michael Raskin
7516dbe35e Merge pull request #22045 from rnhmjoj/recursor
PowerDNS Recursor: add package and service
2017-01-24 17:54:47 +00:00
Michael Raskin
47661c831e Merge pull request #22028 from MostAwesomeDude/tahoe
Tahoe-LAFS version bump
2017-01-24 17:49:00 +00:00
Dan Peebles
eebee95176 apache-kafka service: change default brokerId to -1
A default of 0 means that if you deploy two NixOS boxes with the default
configuration, the second will fail because the brokerId was already in
use. Using -1 instead tells it to pick one automatically at first start.
2017-01-24 12:32:22 -05:00
Kai
25d86bdd10 vnstat service: init (#19809) 2017-01-24 14:45:01 +01:00
Tristan Helmich
b3b300b6ff smokeping: setuid for fping6 2017-01-24 12:40:21 +01:00
Vladimír Čunát
fd26ad6f76
nixos programs.man.enable: improve description 2017-01-24 09:59:54 +01:00
Corbin
de4c9e0d15 nixos/services/tahoe: Work around awkward command. 2017-01-23 17:55:41 -08:00
Tuomas Tynkkynen
b63f97c6e6 installer: Include stdenvNoCC
And don't include ArchiveCpio as that one is no longer needed after
5a8147479 ("make-initrd: create reproducible initrds").
2017-01-23 23:49:18 +02:00
Marius Bergmann
00444cbf25 journalbeat service: init at 5.1.2
Journalbeat is a log shipper from systemd/journald to
Logstash/Elasticsearch. I added a package as well as a NixOS service
module for it.
2017-01-23 18:28:55 +01:00
rnhmjoj
6bcf89f217
pdns-recursor: add service 2017-01-23 17:57:48 +01:00
Jaka Hudoklin
90e0ed32ef Merge pull request #22043 from rnhmjoj/dnscrypt-wrapper
dnscrypt-wrapper: add service
2017-01-23 11:23:28 +01:00
rnhmjoj
9f2bb2ed42
dnscrypt-wrapper: add service 2017-01-23 07:06:07 +01:00
Robert Helgesson
cd9f709582
flannel service: fix enable expression
Need to surround the equality check in parentheses.
2017-01-22 21:58:39 +01:00
Franz Pletz
df0301f59b
nixos/networkmanager: trigger assertion instead of error 2017-01-22 20:32:24 +01:00
Charles Strahan
d298a961f1 Merge pull request #21416 from cstrahan/mesos-1.1.0
mesos: 1.0.1 -> 1.1.0
2017-01-21 19:05:18 -05:00
Charles Strahan
5b1b089de3 Merge pull request #8642 from cstrahan/slim-console-cmd
nixos: provide default console_cmd for slim
2017-01-21 19:01:02 -05:00
Charles Strahan
71f92bc8a3
nixos: provide default console_cmd for slim
This provides a default console_cmd for the slim display-manager.

When the user enters "console" as the user name, slim will run this
command.

Having a default is rather important; the virtual terminals don't work
with some display drivers, so having a broken X session can leave you
locked out of your machine.
2017-01-21 18:59:28 -05:00
Franz Pletz
ab90eac835
networking: fix typo in resolvconf option edns0 2017-01-21 20:41:11 +01:00
Daiderd Jordan
1aa77d0519 Merge pull request #19363 from schneefux/gogs-module
gogs: init module
2017-01-21 16:25:16 +01:00
Franz Pletz
068dad3a21
systemd-boot: fix evaluation 2017-01-21 14:42:10 +01:00
Linus Heckemann
98bd722d1d systemd-boot: allow setting editor security option (#21853) 2017-01-21 14:24:26 +01:00
schneefux
67c4512060
gogs service: init 2017-01-21 13:38:24 +01:00
Thomas Tuegel
1e266dac0d
ibus: make panel configurable 2017-01-20 18:51:29 -06:00
Daiderd Jordan
2b2b0b566d Merge pull request #20183 from womfoo/init/netdata-service
netdata service: init
2017-01-20 21:05:10 +01:00
Nikolay Amiantov
d75a3cfb29 Merge pull request #21995 from abbradar/opencl
Fix OpenCL support
2017-01-20 12:09:17 +03:00
Graham Christensen
c0f3b8d629
wordpress: 4.6.1 -> 4.7.1 for multiple CVEs
CVE-2017-5487 CVE-2017-5488 CVE-2017-5489 CVE-2017-5490 CVE-2017-5491 CVE-2017-5492 CVE-2017-5493
2017-01-19 22:53:49 -05:00
Nikolay Amiantov
221685aee9 opengl service: mention that you can add OpenCL drivers 2017-01-20 03:37:51 +03:00
Bjørn Forsman
6a52a130de nixos/kde5: enable system-config-printer dbus service
Without it, the following error is shown in the "Add Printer" window:

Failed to group devices: 'The name org.fedoraproject.Config.Printing was not provided by any .service files'
2017-01-18 20:39:17 +01:00
Robin Gloster
f4f4200d9a
install-devices: add vim
This moves vim to the install-device profile to add vim to netboot, too.

Fixes #20013 (see discussion there for further information)
2017-01-18 17:57:31 +01:00
Michael Weiss
460b43dbfe firewall: Improve the comments (documentation) (#21862)
* Fix the FW names

FW_REFUSE was removed and nixos-fw-input was renamed to nixos-fw.

* Update the comment (documentation) at the top

Order the chains of the main table alphabetically (like in the rest of
the file) and add nixos-fw-rpfilter (from the raw table) and nixos-drop
(used while reloading the firewall).

* Refactor the module (mainly comments)

- Move some attributes to the top for better visibility (that should
  hopefully make it easier to read and understand this module without
  jumping around too much).
- Add some missing examples and improve some descriptions.
- Reorder the mkOption attributes for consistency.
- Wrap lines at 72 characters.
- Use two spaces between sentences.
2017-01-18 17:18:11 +01:00
Eelco Dolstra
42a7d906d9
EC2 AMIs: 16.09.666.3738950 -> 16.09.1508.3909827
In particular, this includes a fix for using ephemeral disks for /tmp,
and adds AMIs for the new eu-west-2 (London) and us-east-2 (Ohio)
regions.
2017-01-18 12:42:39 +01:00
gnidorah
4a662e5206 nano: add nix syntax hightlight, nano module: provide default (#21912)
this is awesome! thanks.
2017-01-18 12:05:30 +01:00
Jörg Thalheim
8fa8e4ada9 Merge pull request #21961 from kierdavis/ckb
ckb: add to module list
2017-01-18 08:32:02 +01:00
Kier Davis
3aa218edbf
ckb: add to module list
Not the first time I've forgotten to do this.
2017-01-17 23:12:21 +00:00
Svein Ove Aas
fec95a40f1
ddclient: Don't include blank server= lines. 2017-01-16 18:54:49 +01:00
Tristan Helmich
e5f353d5cd couchpotato module: init 2017-01-16 12:54:43 +01:00
Jörg Thalheim
28093e42ec Merge pull request #21864 from pjones/pjones/dovecot
dovecot: Fix sieve scripts
2017-01-16 12:42:06 +01:00
Nicolas B. Pierron
c4e2dc36f2 Fix typo, lib.listOf --> types.listOf 2017-01-16 01:17:33 +01:00
Nicolas B. Pierron
a0615e2a9f Fix typo in nixpkgs.nix module. 2017-01-16 01:17:33 +01:00
Nicolas B. Pierron
2d6532b330 Update overlay documentation by following nits from aneeshusa. 2017-01-16 01:17:33 +01:00
Nicolas B. Pierron
83f7d5fc0a Add NixOS option 'nixpkgs.overlays' to set the argument of Nixpkgs. 2017-01-16 01:17:33 +01:00
Bjørn Forsman
4c803b904e nixos/clamav: set "clamav" user's primary group to "clamav"
So that the files created by the clamav service is owned by group
"clamav" instead of "nogroup".
2017-01-15 22:56:34 +01:00
Franz Pletz
30645560cd Merge pull request #21880 from mguentner/ipfs_empty_repo
services: ipfs: add emptyRepo option, refactor
2017-01-15 18:16:00 +01:00
Nikolay Amiantov
3eafa26d75 Merge pull request #21828 from abbradar/hwdb-verify
udev service: verify that hwdb is generated without errors
2017-01-15 19:53:53 +03:00
Nikolay Amiantov
70a6628848 Merge pull request #21882 from abbradar/dhcp6
DHCPv6 improvements
2017-01-15 19:53:33 +03:00
Nikolay Amiantov
820b4cd067 firewall service: allow DHCPv6 client traffic 2017-01-15 19:38:54 +03:00
Nikolay Amiantov
1158eda66a dhcpd service: add DHCPv6 support 2017-01-15 19:38:53 +03:00
Maarten Hoogendoorn
69391e3423 kube-controller-manager service: Allow restarts on failure 2017-01-15 13:27:45 +01:00
Jaka Hudoklin
b5f4db2170 Merge pull request #21050 from offlinehacker/nixos/programs/chromium/add
chromium module: add support for chromium policies as nixos module
2017-01-15 01:28:34 +01:00
sternenseemann
9f56dd9d63 nixos/pulseaudio: make daemon.conf configurable (#20888)
This adds pulseaudio.daemon.config, which is a set of keys to values
which are directly translated to keys and values of pulseaudio's
daemon.conf, e. g.

    hardware.pulseaudio.daemon.config = { flat-volumes = "no"; }

becomes

    flat-volumes=no

in pulse/daemon.conf.
2017-01-14 22:58:16 +01:00
Bjørn Forsman
d2413943fa nixos/prometheus: add configText option for alertmanager
The reason being less mental overhead when reading upstream
documentation. Examples can be pasted right into the configuration
instead of translating to Nix attrset first.
2017-01-14 15:41:05 +01:00
Sheena Artrip
5c5648b1f6
caddy: add package config option 2017-01-13 22:29:26 -05:00
Maximilian Güntner
a541f86f8b
services: ipfs: add emptyRepo option, refactor 2017-01-14 04:01:43 +01:00
Peter Jones
75aaae34a9
dovecot: Fix sieve scripts
Make sure that the output of the sieve compiler produces files that
have a newer time stamp than the source sieve script.  Otherwise you
get errors in the logs about Dovecot not being able to compile do to a
permission issue.
2017-01-13 14:19:29 -07:00
Pascal Wittmann
d760d9cccc Merge pull request #21836 from kierdavis/ckb
ckb: init at 0.2.6
2017-01-13 21:44:21 +01:00
Eelco Dolstra
96b6968950
nix: 1.11.5 -> 1.11.6 2017-01-13 11:38:09 +01:00
makefu
e9c6cf02e6
services.logstash: rename address to listenAddress 2017-01-13 10:19:32 +01:00
makefu
10303e9e47
services.logstash: update example and default filter 2017-01-13 10:19:19 +01:00
Jörg Thalheim
4b24ec524d Merge pull request #21835 from volth/miredo-no-checkconf
miredo: do not run miredo-checkconf
2017-01-13 00:25:30 +01:00
Kier Davis
ea7a8bf2d9
ckb: init at 0.2.6
ckb is a driver for Corsair keyboards/mice. It also contains a graphical tool for configuring their LED backlight settings.

The driver is implemented as a userland daemon. A NixOS module is included that runs this as a systemd service.
2017-01-12 18:25:14 +00:00
Domen Kožar
e5dcce837a
nixos: fix terminal-server, fixes #21834 2017-01-12 16:41:33 +01:00
Volth
ac0b6b9a2c miredo: do not run miredo-checkconf 2017-01-12 14:30:58 +00:00
Nikolay Amiantov
6dbcf7d2e9 udev service: verify that hwdb is generated without errors 2017-01-12 11:11:59 +03:00
Jörg Thalheim
05a4fbd56d Merge pull request #21814 from gpyh/zsh-autosuggestions
Fix zshrc ordering
2017-01-11 22:29:25 +01:00
Jörg Thalheim
62708c29f8 Merge pull request #21570 from michaelpj/services/arbtt
arbtt service: init
2017-01-11 22:27:52 +01:00
gpyh
373e40736a Fix zshrc ordering
The content of programs.zsh.interactiveShellInit was
inserted too soon in the generated zshrc
This caused some settings related to autocompletion to be ignored
2017-01-11 22:03:27 +01:00
Jörg Thalheim
9c8517a9eb Merge pull request #21788 from Mic92/apparmor
apparmor: support for lxc profiles
2017-01-11 08:39:54 +01:00
Yacine Hmito
f88e2fb5f1 zsh-autosuggestions: init at 0.3.3 (#21792)
Added a related `programs.zsh.enableAutosuggestions` option
2017-01-11 07:00:48 +01:00
Jörg Thalheim
30a554acfb
apparmor: support for lxc profiles 2017-01-10 23:01:03 +01:00
Franz Pletz
e4fb2bb0c5
Revert "nixos/stage2: Check for each special mount individually and mount missing ones. (#21370)"
This reverts commit 712e62c260.

This commit broke NixOS containers. Systemd wouldn't detect if a container
started successfully and would kill it again after a grace period.

Additionally this prints mount errors due to already mounted filesystems
at boot.
2017-01-10 17:35:38 +01:00
Vladimír Čunát
11696e290d
nixos networking.dnsExtensionMechanism = true; by default
https://github.com/NixOS/nixpkgs/issues/12470#issuecomment-266785641
I've been using it for weeks without encountering any problems.
2017-01-10 15:15:01 +01:00
Franz Pletz
88908145ea
nixos installer: don't log refused packets to console
Fixes #19764.
2017-01-09 19:24:41 +01:00
oida
d423567a95
prometheus-snmp-exporter: added nixos module 2017-01-09 18:05:28 +01:00
Robin Gloster
575afe3fa7
prometheus exporter modules: unify firewall handling 2017-01-09 15:31:37 +01:00
Corbin
618b249fc5 prometheus module: add blackboxExporter 2017-01-09 15:20:26 +01:00
Corbin
bd45d5fe8d prometheus module: add jsonExporter 2017-01-09 15:20:26 +01:00
Corbin
1b839a586b prometheus module: add varnishExporter 2017-01-09 15:20:26 +01:00
Corbin
363fa27448 promeutheus.nginxExporter: add improvements
- use ExecStart and ExecReload
 - add extraFlags
2017-01-09 15:20:26 +01:00
Robin Gloster
39e8eaf8b6 prometheus module: add nginxExporter 2017-01-09 15:20:26 +01:00
Peter Hoeg
f1b8c3b119 pulseaudio nixos module: use the units provided by upstream (#21633)
I have left in 2 NixOS custom config directives, so the configuration
should be the same with the only change in behaviour being that the
service is not eagerly loaded but in fact only socket activated, which
it should be.
2017-01-09 13:47:33 +01:00
Sebastian Hagen
712e62c260 nixos/stage2: Check for each special mount individually and mount missing ones. (#21370) 2017-01-09 10:32:23 +01:00
teh
a878365b77 nixos docs: update for Nginx + ACME (#21320)
Closes #20698.
2017-01-09 06:39:10 +01:00
Svein Ove Aas
a4fca56897
ddclient: Write /etc/ddclient.conf when requested
Fixes #20101

From PR #21417
2017-01-09 06:29:15 +01:00
Daniel Peebles
b0264bb63c Merge pull request #21703 from copumpkin/httpd-no-mkdir
httpd module: don't create documentRoot directory if it doesn't exist
2017-01-09 00:28:41 -05:00
Jörg Thalheim
94c4eab6cc Merge pull request #21733 from regellosigkeitsaxiom/master
Added option networking.wireless.networks.*.priority
2017-01-08 17:45:52 +01:00
florianjacob
ef8fd815cc update os-release manpage link
the old manpage at 0pointer is still there, but does not seem to get updated
2017-01-07 19:57:03 +02:00
Valentin Shirokov
e138d3afdf Added option networking.wireless.networks.*.priority
It is literal 'priority' option of wpa_supplicant.conf
2017-01-07 20:23:12 +08:00
Franz Pletz
e6708cea37
bind: fix collision of binaries in outputs
Using outputsToInstall the intended behaviour of including host and dnsutils
when bind is installed can be implemented instead of using symlinks to fix
installing all outputs individually with nix-env.

Fixes #19761.
2017-01-07 02:44:54 +01:00
Dan Peebles
df7b4f4f6f httpd module: don't create documentRoot directory if it doesn't exist
It hides bugs and do you ever actually want to serve up an empty directory?
It was pretty confusing to me when it tried to write into a read-only store
path because I accidentally pointed it to the wrong store path.
2017-01-05 21:19:16 -05:00
volth
9bb6d91c73 httpd: setuptools is not top-level 2017-01-05 17:37:33 +00:00
Jörg Thalheim
ca0d747d6d Merge pull request #21578 from Mic92/zfs
zfs: add unstable variant
2017-01-05 12:52:56 +01:00
Jörg Thalheim
4029470a6f
zfs: add unstable variant
Until now nixos only delivered the latest zfs release. This release is often not
compatible with the latest mainline kernel. Therefor an unstable variant is
added, which might be based on testing releases or git revisions.

fixes #21359
2017-01-05 08:40:50 +01:00
Joachim F
02053c31c1 Merge pull request #21586 from pngwjpgh/postgrey
Postgrey
2017-01-05 07:24:47 +01:00
Franz Pletz
cdbffaa86e Merge pull request #21625 from mayflower/smokeping
smokeping: Allow customization of cgiurl and imgurl
2017-01-04 21:56:12 +01:00
Joachim F
9e0dc9fa7c Merge pull request #21592 from joachifm/cjdns-optional-extraHosts
cjdns service: optional extraHosts
2017-01-04 18:54:09 +01:00
Alexander Kahl
61d125b842 sssd: init at 1.14.2
perlPackages.TextWrapI18N: init at 0.06
perlPackages.Po4a: init at 0.47
jade: init at 1.2.1
ding-libs: init at 0.6.0

Switch nscd to no-caching mode if SSSD is enabled.

abbradar: disable jade parallel building.

Closes #21150
2017-01-04 03:07:20 +03:00
Graham Christensen
85dbc754a1 Merge pull request #21621 from volth/fix-synaptics-symlink
synaptics: fix broken symlink
2017-01-03 18:13:40 -05:00
Tristan Helmich
f808502aba smokeping: cleanup (option ordering) 2017-01-03 23:10:59 +01:00
Tristan Helmich
b5703eaa80 smokeping: Allow full override of imgurl + cgiurl 2017-01-03 23:10:54 +01:00
Chris Martin
6a7664e6cd Add some more details about useSandbox 2017-01-03 14:24:49 -05:00
volth
428daee5bc fix broken link to synaptics config 2017-01-03 19:23:24 +00:00
Eelco Dolstra
d496f23df0
amazon-image.nix: Remove redundant log message
(cherry picked from commit c4b5ed5db74cde94b19d519a8d875e3f7df48a76)
2017-01-03 17:32:47 +01:00
Eelco Dolstra
b297af42d2
Fix using ephemeral disks for /tmp etc. in EC2 instances
This code in amazon-image.nix:

  if mountFS "$device" "$mp" "" auto; then
    if [ -z "$diskForUnionfs" ]; then diskForUnionfs="$mp"; fi
  fi

relies on mountFS to return a zero exit status if mounting
succeeds. But the lustrateRoot check in mountFS was causing a non-zero
exit status. As a result /disk0 would be mounted, but not used for
/tmp.

(cherry picked from commit d082ed8c35dec48aee2afd1303b3c8b2a1b242b0)
2017-01-03 17:32:42 +01:00
Thomas Tuegel
0723aa8108 Merge pull request #21466 from abbradar/kde-wrapper
Flatten nested kdeWrappers
2017-01-03 08:21:39 -06:00
Jörg Thalheim
1d72e81d6f Merge pull request #21608 from volth/miredo-fix-kill-path
miredo: fix path to "kill"
2017-01-03 11:30:56 +01:00
Eelco Dolstra
0108c31e22
nix: 1.11.4 -> 1.11.5 2017-01-03 11:25:38 +01:00
volth
c737809465 miredo-fix-kill-path 2017-01-03 10:10:34 +00:00
Nikolay Amiantov
1dceb2290c kde5 service: use flattening kdeWrapper 2017-01-03 02:33:19 +03:00
Balletie
e5f5aa52e5
pommed service: use pommed-light
The pommed package was marked as broken. It is also severely
unmaintained. I therefore chose to replace it entirely with
`pommed-light`, for now.
2017-01-02 19:40:50 +01:00
Tomas Hlavaty
bdb9cd1e17 cjdns service: optionally add cjdns hosts to networking.extraHosts
Enabling this incurs a heavy eval-time cost, but it's a nice usability
enhancement; satisfy both concerns by making it optional (default
false).
2017-01-02 19:31:37 +01:00
Joachim Fasting
237af1853a
Revert "nixos/cjdns: do not ammend /etc/hosts"
This reverts commit 60ded3f363.

We want to make this optional instead.
2017-01-02 19:31:11 +01:00
Jörg Thalheim
1cc8b83079 Merge pull request #21566 from bjornfor/hostname
nixos: provide /etc/hostname
2017-01-02 19:27:06 +01:00
Bjørn Forsman
cb9195b7bc nixos: provide /etc/hostname
/etc/hostname is the file used by hostnamectl(1) and the
org.freedesktop.hostname1 dbus service (both provided by systemd) to get
the "static hostname". Better provide it so that users of those
tools/services get a proper hostname.

An example of an issue created by the lack of /etc/hostname is that the
bluetooth stack on NixOS identifies itself to peers as "BlueZ $VERSION"
instead of the hostname.

References:
https://www.freedesktop.org/software/systemd/man/hostname.html

Changes v1 -> v2:
  * ensure /etc/hostname ends with a newline
2017-01-02 19:14:06 +01:00
Gregor Kleen
9383b2cf34 postgrey: backwards compatability 2017-01-02 18:01:42 +01:00
gnidorah
90deca3a0c nixos-generate-config: detect CPU governor
* cpu-freq: Try powersave if ondemand is not available

* Revert "cpu-freq: Try powersave if ondemand is not available"

This reverts commit 4dc56db37e.
Consult available scaling governors; for freshly generated configs, this provides a better experience than relying on a default that might not work everywhere.
2017-01-02 17:20:28 +01:00
Gregor Kleen
65f0ddbd53 postgrey: improve formatting 2017-01-02 15:42:51 +01:00
Gregor Kleen
58fa71b39c postgrey: allow additional whitelists 2017-01-02 15:40:54 +01:00
Gregor Kleen
82291bae49 postgrey: more verbose default socket 2017-01-02 15:32:50 +01:00
Gregor Kleen
3c0d02c387 postgrey: coerce integers 2017-01-02 15:27:00 +01:00
Gregor Kleen
e2dd0799a8 postgrey: fix submodule syntax 2017-01-02 15:19:00 +01:00
Gregor Kleen
e196ad2c66 postgrey: add descriptions to IPv?CIDR 2017-01-02 15:12:39 +01:00
Gregor Kleen
06bcdc177c postgrey: extended configuration 2017-01-02 15:10:03 +01:00
Michael Peyton Jones
10e2d88f6c arbtt service: init 2017-01-01 18:59:01 +00:00
Bjørn Forsman
49d444416c nixos: cosmetic refactor of environment.etc."hostid"
Create the file using attrset instead of list, to make it easier to
later provide other files in the same module.
2017-01-01 17:08:34 +01:00
Jörg Thalheim
05f2f8e1fd Merge pull request #21505 from tg-x/mpd-listen
mpd: listen on 127.0.0.1 by default
2017-01-01 16:06:17 +01:00
tg(x)
002f3c8760 mpd: listen on 127.0.0.1 by default 2017-01-01 13:46:39 +01:00
Robin Stumm
11fe837758 rename sound.enableMediaKeys to sound.mediaKeys.enable and add volumeStep 2017-01-01 11:44:07 +01:00
Jörg Thalheim
84a50084c3 Merge pull request #21444 from league/fix/gphoto2-udev
gphoto2: nixos programs module to configure udev
2017-01-01 11:16:28 +01:00
Jörg Thalheim
ce99e34b17
docker: deprecate socketActivation option 2017-01-01 09:03:09 +01:00
Jörg Thalheim
dd4bedba52 Merge pull request #21447 from nlewo/pr/glance
nixos/glance: init at liberty version
2017-01-01 06:39:37 +01:00
volth
06b372f24f miredo: init at 1.2.6 2016-12-31 21:03:27 +01:00
Bjørn Forsman
76923648af nixos/gnome3: add gnome-settings-daemon udev rules (enables bluetooth GUI)
Without this, gnome-settings-daemon will not have write access to
/dev/rfkill, which in turn cause it to advertise no "airplane mode" over
D-Bus, which in turn the bluetooth panel code in gnome-control-center
interprets as "there are no bluetooth dongles" (and the button to turn
on bluetooth is grayed out). The end result that bluetooth operations
cannot be done in the GNOME desktop.

See upstream discussion:

http://lists.usefulinc.com/pipermail/gnome-bluetooth/2016-July/thread.html
http://lists.usefulinc.com/pipermail/gnome-bluetooth/2016-December/thread.html
2016-12-31 13:05:38 +01:00
Frederik Rietdijk
361dae67d4 flexget: move out of python-packages.nix
because it is an application and not a library.
2016-12-31 09:52:45 +01:00
Antoine Eiche
49efa083c7 nixos/glance: set default glance package
Before, it was overridden in the config section to avoid problem related
to manual generation.
2016-12-31 09:36:57 +01:00
Antoine Eiche
6c94d6437d nixos/glance: init at liberty version
This commit is based on initial works made by domenkozar.
2016-12-31 09:36:57 +01:00
Joachim Fasting
d8659f24e6
dnscrypt-proxy service: order before nss-lookup.target 2016-12-30 20:27:05 +01:00
Alexey Lebedeff
59361a2a81 i2pd module: fix typo (#21525) 2016-12-30 15:14:05 +01:00
Данило Глинський (Danylo Hlynskyi)
970a09eb74 Fix typo 2016-12-30 13:29:43 +02:00
Charles Strahan
7ebcada020
mesos: 1.0.1 -> 1.1.0 2016-12-29 20:09:46 -05:00
Graham Christensen
8ed4c8b73b
openssh: 7.4p1 no longer backgrounds when systemd is starting it. 2016-12-29 17:04:46 -05:00
Eelco Dolstra
bbd03e236a
Use looser 9pfs caching in VM tests/builds
This can give significant speed ups, see
7e20254412.
2016-12-29 21:26:16 +01:00
Robin Gloster
d8ef63fc73
crowd module: fix OpenID server 2016-12-29 00:41:42 +01:00
Tim Digel
81d8a457ed Fix asterisk & asterisk: 13.6.0 -> 14.1.2 (#20788)
* fix/asterisk-module: use unix-group for asterisk-files
* fix/asterisk-module: add configOption to use some default config-files
* fix/asterisk-module: correction of skel copy
* fix/asterisk-module: use /etc/asterisk as configDir
* fix/asterisk-module: add reload; do not restart unit
* asterisk: 13.6.0 -> 14.1.2
* fix/asterisk: compile with lua, pjsip, format_mp3
* fix/asterisk: fix indentation
* fix/asterisk: remove broken flag
2016-12-28 23:04:58 +01:00
Lluís Batlle i Rossell
e0078b2cb5 Make the minimal iso not use profile/minimal, +vim
The profile minimal has several drawbacks: no man pages, unusual 'dbus'
lib that makes many X11 pieces to rebuild, etc.

With xz compression in the squashfs, despite these additions, the iso is
smaller than what it was in 16.09.
2016-12-28 16:07:16 +01:00
Lluís Batlle i Rossell
33d07c7ea9 zfs cannot be distributed. Disabling it in the isos.
It seems that it is a GPL violation to distribute zfs in the
installation ISOs.

https://sfconservancy.org/blog/2016/feb/25/zfs-and-linux/

If anyone knows the issue better and has a reason to reenable it
legally, feel free to reenable it. I don't know much about it.
2016-12-28 14:57:06 +01:00
Bjørn Forsman
9ec867f59f nixos/prometheus: unbreak alertmanager default config
The current default value of listenAddress = null blows up:

  $ nixos-rebuild build
  error: cannot coerce null to a string, at
  .../nixpkgs/nixos/modules/services/monitoring/prometheus/alertmanager.nix:97:16

With listenAddress = "" we use the same default as upstream and there is
no blow up :-)
2016-12-28 13:52:15 +01:00
Michael Raskin
400886f3d0 Merge pull request #19854 from andjscott/mlocate
[WIP] mlocate: init at version 0.26
2016-12-28 10:24:11 +00:00
Franz Pletz
7ae2d221cd
bird service: add bird to systemPackages
For the tool birdc to monitor and configure bird.
2016-12-28 06:35:31 +01:00
Christopher League
6eead52e12 gphoto2: nixos programs module to configure udev
Closes #21420.
2016-12-27 17:47:38 -05:00
Michael Raskin
c311871a6d xserver.wacom: update xorg.conf.d name after upstream change of the number 2016-12-27 23:47:29 +01:00
lassulus
cfbe501d4e nixos/graphite: fix beacon config parameter 2016-12-27 19:38:18 +01:00
Bjørn Forsman
b20fdff521 nixos/prometheus: make scrapeConfigs.*.static_configs.*.labels optional
...by providing a default value of "no labels" (an empty attrset).

Without this change we get

  $ nixos-rebuild test -I nixpkgs=.
  building Nix...
  building the system configuration...
  error: The option `services.prometheus.scrapeConfigs.[definition 1-entry 1].static_configs.[definition 1-entry 1].labels' is used but not defined.

which is unneeded, because labels _are_ optional.
2016-12-25 15:38:55 +01:00
Jörg Thalheim
585c642bf8
docker: use upstream service file from package 2016-12-25 00:09:13 +01:00
Jörg Thalheim
f4e58c2eb2 Merge pull request #21395 from jerith666/plex-firewall
plex: add config option to open recommended network ports
2016-12-24 23:31:04 +01:00
Matt McHenry
b64214f66f plex: add config option to open recommended network ports
as prescribed at https://support.plex.tv/hc/en-us/articles/201543147-What-network-ports-do-I-need-to-allow-through-my-firewall-
2016-12-24 15:36:52 -05:00
Jörg Thalheim
c23032a8b1 docker: update service units from upstream
All the new options in detail:

Enable docker in multi-user.target make container created with restart=always
to start. We still want socket activation as it decouples dependencies between
the existing of /var/run/docker.sock and the docker daemon. This means that
services can rely on the availability of this socket. Fixes #11478 #21303

  wantedBy = ["multi-user.target"];

This allows us to remove the postStart hack, as docker reports on its own when
it is ready.

  Type=notify

The following will set unset some limits because overhead in kernel's ressource
accounting was observed. Note that these limit only apply to containerd.
Containers will have their own limit set.

  LimitNPROC=infinity
  LimitCORE=infinity
  TasksMax=infinity

Upgrades may require schema migrations. This can delay the startup of dockerd.

  TimeoutStartSec=0

Allows docker to create its own cgroup subhierarchy to apply ressource limits on
containers.

  Delegate=true

When dockerd is killed, container should be not affected to allow
`live restore` to work.

  KillMode=process
2016-12-23 21:39:38 +01:00
Matt McHenry
3c10e68c40
plex: fix a minor syntax issue in systemd ExecStart 2016-12-23 08:02:08 -05:00
tv
de44544ceb nginx service: use default_server parameter instead of default (#21371) 2016-12-23 11:52:44 +01:00
Felix Richter
d8478c7912 services.nginx: allow startup with ipv6 disabled (#21360)
currently services.nginx does not start up if `networking.enableIPv6 = false`
the commit changes the nginx behavior to handle this case accordingly.
The commit resolves #21308
2016-12-23 11:49:35 +01:00
Rok Garbas
e6fa6b21e1 apacheHttpdPackages.mod_perl: init at 2.0.10 2016-12-22 13:36:44 +01:00
Eelco Dolstra
ea46420fc0
Use overlayfs instead of unionfs-fuse in the VM tests
Overlayfs is quite a bit faster, e.g. with it the KDE 5 test takes ~7m
instead of ~30m on my laptop (which is still not great, since plain
9pfs is ~4m30s).
2016-12-21 20:49:08 +01:00
Bjørn Forsman
caa476b357 nixos/prometheus: add services.prometheus.configText option
The structured options are incomplete compared to upstream and I think
it will be a maintenance burden to try to keep up. Instead, provide an
option for the raw config file contents (prometheus.yml).
2016-12-21 00:32:24 +01:00
Eelco Dolstra
a02bb00156
Enable virtualisation.writableStore by default
This works around:

  machine: must succeed: nix-store -qR /run/current-system | grep nixos-
  machine# error: changing ownership of path ‘/nix/store’: Invalid argument

Probably Nix shouldn't be anal about the ownership of the store unless
it's trying to build/write to the store.

http://hydra.nixos.org/build/45093872/nixlog/17/raw
(cherry picked from commit 57a0f14064)
2016-12-20 10:52:47 +01:00
Eelco Dolstra
f173da375d
Use only one build of qemu in VM tests
Previously we were using two or three (qemu_kvm, qemu_test, and
qemu_test with a different dbus when minimal.nix is included).

(cherry picked from commit 8bfa4ce82e)
2016-12-20 10:52:46 +01:00
Eelco Dolstra
aad5d1f9a7
virtualisation.qemu.program: Remove
This option is defined in qemu-vm.nix, but that module is not always
imported.

http://hydra.nixos.org/build/44817443
(cherry picked from commit 03c55005df)
2016-12-20 10:52:46 +01:00
Markov Dmitry
efd5508b89 systemd: add slice support 2016-12-20 10:49:08 +01:00
Maximilian Güntner
0cf907ae12
nixos-rebuild: Fix SSHOPTS typo
Signed-off-by: Maximilian Güntner <code@klandest.in>
2016-12-18 22:39:27 +01:00
Joachim Fasting
361633db3b
rmilter service: fix invalid directive
RuntimeDirectoryPermissions -> RuntimeDirectoryMode

Would result in warnings like "unknown lvalue" on startup
2016-12-18 12:42:37 +01:00
Joachim Fasting
c27eeeafd9
brltty service: wait for devices to settle
Otherwise it starts way too early, only to fail and having to restart
until devices are available.  It is less wasteful to simply wait until
there's a reasonable chance of success.  This is consistent with
upstream.
2016-12-18 12:42:14 +01:00
Joachim Fasting
142930113c
Revert "mysql service: specify a default package"
This reverts commit 4358d3d439.

Not having a default was deliberate, see
1ce6fff4e2

Thanks to @ocharles for making me aware of this.
2016-12-17 22:36:38 +01:00
Joachim Fasting
c2219007e8
Revert "mysql service: specify defaultText for package option"
This reverts commit 52d12b473a.
2016-12-17 22:36:15 +01:00
Peter Hoeg
987aac7794
/etc/hosts and /etc/nsswitch.conf cleanups
fixes #18183
2016-12-17 16:01:35 +01:00
Jörg Thalheim
579051fe66 networkd: add extraConfig to all units
networkd options are always correct or up to date. This option allows to by
pass type checking. It is also easier to write because examples can be just copy
and paste from manpages.
2016-12-17 15:23:34 +01:00
Jörg Thalheim
d49e0d5fa5 networkd: allow to supply own unit files
Networkd units can contain secrets. In future also wireguard vpn will be supported by
networkd. To avoid leakage of private keys, those could be then also put outside
of the /nix/store

Having a writeable /etc/systemd/network also allows to quick fix network issues,
when upgrading `nixos-rebuild switch` would require network on its own (due
updates).
2016-12-17 15:23:34 +01:00
Bjørn Forsman
3af715af90 Revert "fix 2 xml errors in the description of boot.loader.grub.efiInstallAsRemovable"
This reverts commit 656cc3acaf because it
causes building the manual to fail:

  $ nixos-rebuild build
  ...
  building path(s) ‘/nix/store/s9y5z78z5pssvmixcmv9ix13gs8xj87f-manual-olinkdb’
  Writing /nix/store/s9y5z78z5pssvmixcmv9ix13gs8xj87f-manual-olinkdb/manual.db for book(book-nixos-manual)
  ./man-pages.xml:625: element para: Relax-NG validity error : Did not expect element para there
  ./man-pages.xml:3: element variablelist: Relax-NG validity error : Element refsection has extra content: variablelist
  ./man-pages.xml:29: element refsection: Relax-NG validity error : Element refentry has extra content: refsection
  ./man-pages.xml:3: element reference: Relax-NG validity error : Element reference failed to validate content
  ./man-pages.xml fails to validate

CC @cleverca22, @Mic92
2016-12-17 11:45:31 +01:00
Jörg Thalheim
1590461887 ntp: make timesyncd the new default
- most nixos user only require time synchronisation,
  while ntpd implements a battery-included ntp server (1,215 LOCs of C-Code vs 64,302)
- timesyncd support ntp server per interface (if configured through dhcp for instance)
- timesyncd is already included in the systemd package, switching to it would
  save a little disk space (1,5M)
2016-12-17 00:00:45 +01:00
rnhmjoj
993cbf8acb uxrvtd: Fix clipboard 2016-12-16 23:55:50 +01:00
Bjørn Forsman
ebe67d69d0 collectd service: change /var/lib/collectd perms: 700 -> 755
The collectd service runs as an unprivileged user by default, so it does
not leak more information to its data directory than any user can obtain
elsewhere by other means.

If people are running it as root and are worried about information leak,
we can add collectd group and set perms to 750.

CC @offlinehacker.

Fixes #21198.
2016-12-16 23:04:42 +01:00
Antoine Eiche
a932f68d9c nixos/keystone: secrets can be read from files
A secret can be stored in a file. It is written at runtime in the
configuration file.
Note it is also possible to write them in the nix store for dev
purposes.
2016-12-16 20:53:32 +01:00
Antoine Eiche
415c9ff90b nixos/keystone: init at liberty version
This commit introduces a nixos module for the Openstack Keystone
service. It also provides a optional bootstrap step that creates some
basic initial resources (tenants, endpoints,...).

The provided test starts Keystone by enabling bootstrapping and checks
if user creation works well.

This commit is based on initial works made by domenkozar.
2016-12-16 20:53:32 +01:00
michael bishop
656cc3acaf fix 2 xml errors in the description of boot.loader.grub.efiInstallAsRemovable 2016-12-16 20:39:40 +01:00
michael bishop
e5cefadef7 fix indentation in several nixos option descriptions 2016-12-16 18:29:25 +01:00
romildo
2e7105467b lxqt: better organize system packages
Split packages in three categories, all of them going into the system
package list:
- pre-requisite packages
- core packages
- optional packages

Add a new configuration option 'environment.lxqt.excludePackages' to
specify optional LXQt packages that should be excluded from system
packages.

Add 'gvfs' as a pre-requisite package, needed by 'pcmanfm-qt' to
handle virtual places, like "Computer" and "Network".
2016-12-15 22:45:06 +01:00
aszlig
1471426749
nixos/test-instrumentation: Fix eval of boot tests
The boot tests import test-instrumentation.nix directly to create a VM
image that only contains things such as the backdoor and serial console
the same way as used by other NixOS VM tests.

With one difference though: It doesn't need nor want to have 9p
filesystems mounted, because we actually want to test an image rather
than re-using most stuff from the host's store.

Change tested against the boot.uefiUsb and ipv6 tests, just that it
becomes clear we don't break either the tests with 9p nor the boot
tests (which were already broken but now succeed).

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-12-15 21:07:19 +01:00
Jörg Thalheim
3b763fef44 nssModules: include correct systemd output
fixes libnss_myhost, libnss_mymachines, libnss_resolve are located here
2016-12-15 20:23:16 +01:00
Eelco Dolstra
705829b29a Merge pull request #20500 from aszlig/qemu-patched-for-nixos-tests
nixos/tests: Use a patched QEMU for testing
2016-12-15 12:38:29 +01:00
Jörg Thalheim
cc864af928 bird: refactor module
- syntax check before deploying configuration
- remove static unnessary static uid/gid (configuration is opened as root)
- add service hardening
2016-12-15 11:38:45 +01:00
Jörg Thalheim
9871d3cb42 Merge pull request #21087 from offlinehacker/nixos/kubernetes1/fixdns
kubernetes module: fix default dns ip
2016-12-15 01:14:54 +01:00
Jörg Thalheim
ebd85b632a
ferm: reload rules on updates instead of restart 2016-12-14 16:09:11 +01:00
Renaud
fa0a63ec13 fail2ban service : improve ssh jail (#21131)
Improvement to the ssh-iptables to block the port(s) actually defined
for sshd in config.services.openssh.ports
2016-12-14 14:58:02 +01:00
Nikolay Amiantov
17d0a570ab Merge pull request #21137 from jerith666/cupsd-path
use symlink to ensure cupsd.conf PATH always points to a valid store path
2016-12-14 14:42:27 +03:00
Matt McHenry
05fb82732c use symlink to ensure cupsd.conf PATH always points to a valid store path
even if cups rewrites its config file due to config changes made through
its web-based management UI, we need to keep the PATH pointing to
currently-live nix store directories.  fixes #20806.
2016-12-13 21:35:56 -05:00
Joachim Fasting
d893c86b34
terraria service: fixup worldPath option type
Otherwise, using the defaults results in a type error.
2016-12-13 15:12:33 +01:00
Joachim Fasting
33088accc8
terraria service: fix tmux output
tmux.bin was removed in 5535d94394

Use `lib.getBin` to be more robust to future changes.
2016-12-13 15:12:31 +01:00
Fernando J Pando
50466c2d4f
buildbot: 0.9.0rc4 -> 0.9.0.post1
- updates buildbot to version 9 release
- adds nixos configuration module
- fixes buildbot-www package deps
- re-hardcode path to tail
- builbot configuration via module vars

fixes #19759
2016-12-13 10:52:56 +01:00
montag451
ea5551b551 containers: fix broken /etc/hosts entries when localAddress contains a netmask 2016-12-12 09:20:28 +01:00
montag451
4889c271ca Add macvlan support for declarative containers 2016-12-12 07:34:28 +01:00
Jaka Hudoklin
2867f88781 kubernetes module: fix default dns ip 2016-12-12 01:25:23 +01:00
Gregor Kleen
d5ec2a2c9d
postsrsd: additional configuration
fixes #19933
2016-12-11 21:43:45 +01:00
Joachim F
9af356258b Merge pull request #20971 from kierdavis/boinc
boinc service: add to module list
2016-12-11 13:06:09 +01:00
Jaka Hudoklin
a033906969 chromium module: add support for chromium policies as nixos module 2016-12-10 20:45:16 +01:00
Joachim Fasting
230994a30a
psd service: assert that at least one user must be configured
Using the default config, a user will experience a run-time failure.
This is poor UX, assert the requirement up-front.
2016-12-10 20:35:44 +01:00
Joachim Fasting
4697f83984
openfire service: more informative assertion failure message
Explain why the assertion fails; the user already knows that it *has*
failed.
2016-12-10 20:35:43 +01:00
Joachim Fasting
2a4902dd80
dante service: fix config option type
The type was simply str but the default is null, thus resulting in a
conversion error if the user fails to declare a value.
2016-12-10 20:35:41 +01:00
Joachim Fasting
fafb6657c1
syslogd service: assert conflict with rsyslogd
Enabling both these at the same time fails because they implement the
same interface.
2016-12-10 20:35:39 +01:00
Joachim Fasting
19b96176b4
couchdb service: fix test in preStart
Otherwise you'd get errors like "-f no such command".
2016-12-10 20:35:20 +01:00
Nikolay Amiantov
9cca8e3f87 uwsgi service: fix for new pythonPackages 2016-12-08 21:03:41 +03:00
Kier Davis
2606994cc6
boinc service: use <link> instead of <ulink> 2016-12-08 15:50:52 +00:00
Kier Davis
2994123161
boinc service: add to module list
The module itself was added in 811c39c6a4,
but it looks like I forgot to reference it to module-list.nix.
2016-12-08 15:46:51 +00:00
Joachim Fasting
f39d13cd3e
grsecurity doc: describe work-around for gitlab
Fixes https://github.com/NixOS/nixpkgs/issues/20959
2016-12-08 11:59:57 +01:00
Joachim Fasting
984d9ebb56
hidepid: polkit and systemd-logind compatibility
`systemd.hideProcessInformation = true`, would break interactions
requiring polkit arbitration such as initating poweroff/reboot as a
normal user; the polkit daemon cannot be expected to make decisions
about processes that don't exist as far as it is concerned.

systemd-logind lacks the `sys_ptrace` capability and so needs to be part
of the designated proc gid, even though it runs as root.

Fixes https://github.com/NixOS/nixpkgs/issues/20948
2016-12-07 01:12:05 +01:00
Joachim F
e436874ef0 Merge pull request #20919 from joachifm/privoxy-service-improvements
Privoxy service improvements
2016-12-06 14:16:28 +01:00
Joachim Fasting
0e765c72e5
grsecurity: enable module hardening 2016-12-06 01:23:58 +01:00
Joachim Fasting
31d79afbe5
grsecurity docs: note that pax_sanitize_slab defaults to fast 2016-12-06 01:23:51 +01:00
Joachim Fasting
071fbcda24
grsecurity: enable optional sysfs restrictions
Fairly severe, but can be disabled at bootup via
grsec_sysfs_restrict=0. For the NixOS module we ensure that it is
disabled, for systemd compatibility.
2016-12-06 01:23:36 +01:00
Joachim Fasting
8c1f5afdf3
grsecurity: delay toggling of sysctls until system is up
We generally trust init, so there's little point in having these enabled
during early bootup; it accomplishes little except fill our logs with
spam.
2016-12-06 01:22:53 +01:00
Joachim Fasting
3dcdc2d2b0
privoxy service: remove static uid
The service owns no data, having a static uid serves no purpose.

This frees up uid/gid 32
2016-12-05 13:37:08 +01:00
Joachim Fasting
ad88f1040e
privoxy service: additional isolation 2016-12-05 13:21:31 +01:00
Vladimír Čunát
a1ae627362
nixos GDM: fix #19896
- As noted on github, GDM needs different parameters for X.
- Making xserverArgs a true list instead of concat-string helps to
  filter it and it feels more correct anyway.
- Tested: gdm+gnome, lightdm+gnome.  There seems to be no logout option
  in gnome, and gdm doesn't offer other sessions, but maybe these are normal.
2016-12-04 14:54:31 +01:00
Jörg Thalheim
e00632e200 Merge pull request #20858 from Mic92/lxcfs
lxcfs: init at 2.0.4
2016-12-04 11:33:07 +01:00
Jörg Thalheim
7c7dc15cbf
lxcfs: add module 2016-12-04 11:26:17 +01:00
Franz Pletz
69bee1b361 Merge pull request #20770 from mguentner/more_ipfs
services: IPFS: add test and more config parameters
2016-12-04 01:46:09 +01:00
Franz Pletz
2401f06801
containers: disable dhcpcd on veth bridge interfaces 2016-12-04 01:41:10 +01:00
Jörg Thalheim
aa854f192e
cgmanager: add module 2016-12-02 13:52:04 +01:00
lbonn
288e75c5f9 wireguard: remove dependency on ip-up.target
It was deprecated and removed from all modules in the tree by #18319.

The wireguard module PR (#17933) was still in the review at the time and
the deprecated usage managed to slip inside.
2016-12-01 00:11:16 +01:00
Franz Pletz
3000ae8602
gitlab service: fix sidekiq queue config 2016-11-29 17:42:46 +01:00
Domen Kožar
75f131da02 acme: ensure nginx challenges directory is writeable 2016-11-29 15:56:01 +01:00
Domen Kožar
69e0740baa Merge pull request #20795 from cleverca22/netboot
make the /nix/store writable under netboot images
2016-11-29 15:47:39 +01:00
michael bishop
e710edeecf
make the /nix/store writable under netboot images 2016-11-29 10:31:07 -04:00
Erik Rybakken
2f0cc0d3f0 unclutter-xfixes service: init
Closes #18398
2016-11-29 14:25:32 +01:00
Joachim F
8eefcb5c09 Merge pull request #19900 from michalpalka/xen-fix-xen-bridge2
xen service: fix wrong netmask handed out by xen-bridge.service
2016-11-28 16:31:05 +01:00
Joachim F
944868dd9b Merge pull request #19851 from michalpalka/xen-fix-xen-bridge
xen service: fix iptables race condition in xen-bridge.service
2016-11-28 16:30:16 +01:00
Maximilian Güntner
0526a5c90a
services: add gatewayAddress and apiAddress to ipfs
Signed-off-by: Maximilian Güntner <code@klandest.in>
2016-11-28 15:33:51 +01:00
Aycan iRiCAN
37715d1f46 hydra-module: add cfg.package to hydra-evaluator path 2016-11-28 15:53:44 +02:00
Joachim Fasting
e99228db30
grsecurity module: force a known good kernel package set
Previously, we would only set a default value, on the theory that
`boot.kernelPackages` could be used to sanely configure a custom grsec
kernel.  Regrettably, this is not the case and users who expect e.g.,
`boot.kernelPackages = pkgs.linuxPackages_latest` to work will end up
with a non-grsec kernel (this problem has come up twice on the bug
tracker recently).

With this patch, `security.grsecurity.enable = true` implies
`boot.kernelPackages = linuxPackages_grsec_nixos` and any customization
must be done via package override or by eschewing the module.
2016-11-28 12:11:04 +01:00
Sophie Taylor
016fa06c71
cjdns: Improving systemd unit description 2016-11-27 22:07:51 -05:00