Commit graph

11517 commits

Author SHA1 Message Date
Florian Klink 93f8ff68ea
Merge pull request #49658 from mayflower/gitlab-refactor
gitlab: refactor and fix test
2018-11-03 01:49:23 +01:00
lewo 3fb4eb1c43 nixos/dockerPreloader: preload docker images (#49379)
This module permits to preload Docker image in a VM in order to reduce
OIs on file copies. This module has to be only used in testing
environments, when the test requires several Docker images such as in
Kubernetes tests. In this case,
`virtualisation.dockerPreloader.images` can replace the
`services.kubernetes.kubelet.seedDockerImages` options.

The idea is to populate the /var/lib/docker directory by mounting qcow
files (we uses qcow file to avoid permission issues) that contain images.

For each image specified in
config.virtualisation.dockerPreloader.images:
1. The image is loaded by Docker in a VM
2. The resulting /var/lib/docker is written to a QCOW file

This set of QCOW files can then be used to populate the
/var/lib/docker:
1. Each QCOW is mounted in the VM
2. Symlink are created from these mount points to /var/lib/docker
3. A /var/lib/docker/image/overlay2/repositories.json file is generated
4. The docker daemon is started.
2018-11-03 01:00:53 +01:00
Robin Gloster ec7cb84bf0
gitlab: refactor and fix test 2018-11-02 22:40:21 +01:00
Austin Seipp 2266f2014b nixos/postgresql: add myself as maintainer
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2018-11-02 13:52:33 -05:00
Austin Seipp 93aa285376 nixos: fix #48917 by setting SYSTEMD_TIMEDATED_NTP_SERVICES
Setting this variable in the environment of systemd-timedated allows
'timedatectl' to tell if an NTP service is running.

Closes #48917.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2018-11-02 09:10:15 -05:00
Joachim F 2dc0fc6516
Merge pull request #47526 from rnhmjoj/syncthing
nixos/syncthing: move configuration to condigDir
2018-11-02 12:02:51 +00:00
aszlig 73cdd5a476
nixos/tests/chromium: Fix sandbox info matching
As reported by @andir, the regular expressions that match the sandbox
output are no longer matching in the recent Chromium bump as of
bb03fbc2c8.

Instead of a boolean field that determines whether namespace sandboxes
are on, the namespace sandbox is now an enum within "Layer 1 Sandbox".

I've modified the regular expressions accordingly and also ran the test
for the stable branch, which now succeeds.

Signed-off-by: aszlig <aszlig@nix.build>
Issue: https://github.com/NixOS/nixpkgs/issues/49442
Cc: @bendlas, @andir
2018-11-02 10:23:04 +01:00
Will Dietz 1fe7abcf2e
Merge pull request #49513 from dtzWill/fix/activation-nscd-path
activation-script: add libc to path to provide nscd when needed
2018-11-02 03:57:25 -05:00
Brian Olsen 0810d631a4
nixos/rspamd: Add support for included files
By default rspamd will look for multiple files in /etc/rspamd/local.d
and /etc/rspamd/override.d to be included in subsections of the merged
final config for rspamd. Most of the config snippets in the official
rspamd documentation are made to these files and so it makes sense for
NixOS to support them and this is what this commit does.

As part of rspamd 1.8.1 support was added for having custom Lua
rules stored in $LOCAL_CONFDIR/rspamd.local.lua which means that it is
now possible for NixOS to support such rules and so this commit also
adds support for this to the rspamd module.
2018-11-02 01:46:57 +01:00
obadz c8c1ed2c78 nixos/zerotier: binds to network-online.target to avoid the 1m30s timeout before kill on shutdown 2018-11-01 23:00:25 +00:00
Sander van der Burg 60298d1e08 nixos/kapacitor: new service 2018-11-01 21:53:45 +01:00
Dejan Lukan 02a3726a12 bacula: 5.2.13 -> 9.2.1 2018-11-01 21:28:16 +01:00
Vladimír Čunát cc41aefe44
chromium tests: inherit timeout from the package
/cc #49442.  It should decrease the waste of resources due to abortions.
2018-11-01 20:15:27 +01:00
Peter Hoeg db1a40a882 home-assistant: use SIGINT instead of SIGTERM to shut down (#49571)
hass will ignore the standard SIGTERM sent by systemd during stop/restart and we
then have to wait for the timeout after which systemd will forcefully kill the
process.

If instead if we send SIGINT, hass will shut down nicely.

There are many issues reported upstream about the inability to shut down/restart
and it is *supposed* to work with SIGTERM but doesn't.
2018-11-01 16:39:37 +01:00
Robert Hensing a3dbeed475
Merge pull request #49338 from FeepingCreature/improve-warning-message
improve shell.nix warning messages
2018-10-31 23:33:23 +01:00
Joachim F 303390600b
Merge pull request #49312 from typetetris/release-18.09
nixos/ddclient: Fix #49258
2018-10-31 19:40:50 +00:00
Jörg Thalheim 553e0d81ee
Merge pull request #48771 from arianvp/container-tweaks
nixos/containers: Introduce several tweaks to systemd-nspawn from upstream systemd
2018-10-31 16:08:16 +00:00
Johan Thomsen eea2db1240 nixos/kubernetes: Added rl-1903 entry documenting kubedns -> coredns 2018-10-31 13:41:04 +01:00
Johan Thomsen 2617b6800d nixos/kubernetes: Replace KubeDNS with CoreDNS 2018-10-31 13:41:04 +01:00
Will Dietz 8c717a5701 activation-script: add libc to path to provide nscd when needed 2018-10-31 07:03:17 -05:00
Travis Athougies 8cc028fd34 nixos/networking.nix: only setup rpc on glibc
(cherry picked from commit 4177dc3f774523fea7d181601d7c3301fda13790)
and
(cherry picked from commit a2f0c95baf57fb735dd47b5db73274f7e75df7c9)
2018-10-30 20:29:28 -05:00
Will Dietz 2603e3a5e9 gtk: don't hardcode glibc use
(cherry picked from commit 6e6f839093ad080c3a61810e9720165faf103e81)
2018-10-30 19:52:03 -05:00
Will Dietz afdf16b714 apparmor-suid: don't force glibc
(cherry picked from commit 131131e58fc66365854f37f4fe2bf6ca01c8aed6)
2018-10-30 19:50:47 -05:00
Will Dietz 9de0b2883a nixos: use pkgs.getent and stdenv.cc.libc
(cherry picked from commit 52eba9753aeba4f02c8ce0de50f10bd98de1ef1e)
2018-10-30 19:49:43 -05:00
Will Dietz 2d0ec8b288 stage1 boot: use stdenv.cc.libc
(cherry picked from commit d3ae884c9eeb4a6f66ac4e57764c04db16ea7c71)
2018-10-30 19:47:06 -05:00
xeji 6efd811062
Merge pull request #49348 from markuskowa/mod-slurm-upgrade
nixos/slurm: add slurmdbd, run daemons as user
2018-10-31 00:16:11 +01:00
Lizard a937dbedea nixos/libvirtd: utilize onShutdown option (#49480)
`services.virtualisation.libvirtd.onShutdown` was previously unused.
While suspending a domain on host shutdown is the default, this commit
makes it so domains can be shut down, also.
2018-10-31 00:01:00 +01:00
Robin Gloster 4c8a198f12 tests/docs: remove remnants of old allowPing default (#49198)
This has been defaulting to true since 16.03, we don't need this code
anymore, also the note in the documentation has been obsolete for quite
a while.
2018-10-30 22:26:43 +01:00
Eric Wolf 1b4e3103bf nixos/ddclient: fix #49258 2018-10-30 22:18:59 +01:00
Markus Kowalewski b388beeca3
nixos/slurm: add maintainer to module and test 2018-10-30 19:50:52 +01:00
Markus Kowalewski d2799d1835
nixos/slurm: node/partitionName option -> list
Make the node and partitionname options lists.
There can be more than paratition or set of nodes.

Add changes to release notes
2018-10-30 19:50:52 +01:00
Markus Kowalewski f51f753416
nixos/slurm: fix obselete string type 2018-10-30 19:50:52 +01:00
Markus Kowalewski 79c9dbfb40
nixos/slurm: add slurmdbd to module
* New options "services.slurm.dbdserver.[enable,config]"
* Add slurmdbd to test slurm.nix
2018-10-30 19:50:52 +01:00
Markus Kowalewski 111d4eb090
nixos/slurm: run ctld as user and fix spool dir
* run as user 'slurm' per default instead of root
* add user/group slurm to ids.nix
* fix default location for the state dir of slurmctld:
  (/var/spool -> /var/spool/slurmctld)
* Update release notes with the above changes
2018-10-30 19:50:46 +01:00
Léo Gaspard b9faae955c
redsocks module: add self as maintainer 2018-10-31 01:06:14 +09:00
Léo Gaspard 930bcbda83
dkimproxy-out module: add self as maintainer 2018-10-31 01:06:04 +09:00
Léo Gaspard 9b34f47b7c
clamsmtp module: add self as maintainer 2018-10-31 01:05:49 +09:00
Léo Gaspard 888034f6ca
dhparams module: add self as maintainer 2018-10-31 01:05:35 +09:00
Jörg Thalheim 6c7ec02503
Merge pull request #48499 from aneeshusa/restart-salt-on-config-changes
nixos/salt: restart on config changes
2018-10-30 15:40:56 +00:00
xeji 1d9481a127
Merge pull request #49395 from dtzWill/update/upower-0.99.9
upower: 0.99.7 -> 0.99.9, lock down service
2018-10-30 15:57:11 +01:00
Lancelot SIX f68cf486d8
Merge pull request #48664 from alyssais/postgres11
postgresql_11: init at 11.0
2018-10-30 15:54:42 +01:00
Lassulus 334dd6f964 nixos/bitlbee: use purple-2 as purple_plugin_path (#49440) 2018-10-30 15:37:41 +01:00
Alyssa Ross 5bde0f6002
release notes: update for postgres rename 2018-10-30 14:33:36 +00:00
Alyssa Ross 91c746cacc
postgresql_11: init at 11.0 2018-10-30 14:33:35 +00:00
Alyssa Ross c6c7d55790
postgresql*: use underscores in version numbers 2018-10-30 14:32:21 +00:00
Eelco Dolstra be6e4b8af8
Merge pull request #49326 from c0bw3b/nixos/installation-device
nixos/installation-device: set GC initial heap size to 1MB
2018-10-30 14:13:59 +01:00
Alyssa Ross 94360c11e9
docs: update sample postgresql package
postgresql90 no longer exists in nixpkgs.
2018-10-30 12:40:24 +00:00
Alyssa Ross 9594b59f13
postgresql10: rename from postgresql100 2018-10-30 12:40:20 +00:00
Léo Gaspard 02e1f00ffd
dovecot, opensmtpd: add link to test in meta.tests
Rationale
---------

Currently, tests are hard to discover. For instance, someone updating
`dovecot` might not notice that the interaction of `dovecot` with
`opensmtpd` is handled in the `opensmtpd.nix` test.

And even for someone updating `opensmtpd`, it requires manual work to go
check in `nixos/tests` whether there is actually a test, especially
given not so many packages in `nixpkgs` have tests and this is thus most
of the time useless.

Finally, for the reviewer, it is much easier to check that the “Tested
via one or more NixOS test(s)” has been checked if the file modified
already includes the list of relevant tests.

Implementation
--------------

Currently, this commit only adds the metadata in the package. Each
element of the `meta.tests` attribute is a derivation that, when it
builds successfully, means the test has passed (ie. following the same
convention as NixOS tests).

Future Work
-----------

In the future, the tools could be made aware of this `meta.tests`
attribute, and for instance a `--with-tests` could be added to
`nix-build` so that it also builds all the tests. Or a `--without-tests`
to build without all the tests. @Profpatsch described in his NixCon talk
such systems.

Another thing that would help in the future would be the possibility to
reasonably easily have cross-derivation nix tests without the whole
NixOS VM stack. @7c6f434c already proposed such a system.

This RFC currently handles none of these concerns. Only the addition of
`meta.tests` as metadata to be used by maintainers to remember to run
relevant tests.
2018-10-30 21:31:39 +09:00
Tuomas Tynkkynen 2380f6a4fa nixos/tests/rsyslogd: Fix eval 2018-10-30 14:27:44 +02:00
xeji 8bbdee09dd
Merge pull request #49441 from srhb/debug-hydra-failures
NixOS tests: Wait for shell for 10x longer (50m)
2018-10-30 11:37:41 +01:00
Sarah Brofeldt 9bc10e1291 NixOS tests: Wait for shell for 10x longer (50m) 2018-10-30 09:22:42 +01:00
Eric Wolf 30d2792091 nixos/release-notes for 18.09: fix missing entry
- the addition of the groups kvm and render breaks the configuration of
   users, which added them
2018-10-30 08:41:13 +01:00
xeji 21a7ca7c08
Merge pull request #49074 from c0bw3b/pkg/veracrypt
veracrypt: 1.22 -> 1.23 / truecrypt: remove and alias to veracrypt
2018-10-29 23:53:29 +01:00
Eelco Dolstra 0d15004cba
Merge pull request #49401 from aherrmann/stringify-modules-path
nixos/lib/eval-config.nix: toString modulesPath
2018-10-29 16:21:09 +01:00
Andreas Herrmann 044ceae280 nixos/lib/eval-config.nix: toString modulesPath
Referencing modulesPath in NixOS configurations can cause evaluation
errors in restricted mode.  If used as `${modulesPath}` (as in all
use-sites in nixpkgs) the modules subtree is copied into its own store
path. Access to this path will be forbidden in restricted mode.

Converting to a string solves this issue.
`${builtins.toString modulesPath}` will point to a subdirectory of the
nixpkgs tree out of which evalModules is called.

This change converts modulesPath to a string by default so that the
call-site doesn't have to anymore.
2018-10-29 15:46:20 +01:00
Will Dietz d7e4c49ffc nixos/upower: lockdown service using upstream settings 2018-10-29 08:09:52 -05:00
Robert Schütz 6017fdfe91 nixos/tests/home-assistant: no longer ignore "Timer got out of sync" error
That error message was removed in https://github.com/home-assistant/home-assistant/pull/17398.
2018-10-29 13:30:06 +01:00
Pavel Goran a57bbf4e63 nixos/tomcat: add purifyOnStart option
With this option enabled, before creating file/directories/symlinks in baseDir
according to configuration, old occurences of them are removed.

This prevents remainders of an old configuration (libraries, webapps, you name
it) from persisting after activating a new configuration.
2018-10-29 18:26:22 +07:00
Aaron Andersen 36d695f696 filesystems: escape spaces in fstab with \040 2018-10-28 20:49:34 -04:00
Matthew Bauer a943bc9e04
Merge pull request #48801 from matthewbauer/cloneConfigExtra
ova: add cloneConfigExtra option
2018-10-28 19:05:16 -05:00
Jörg Thalheim eb70af18f4
Merge pull request #48875 from Izorkin/nginx-prestart
nginx: add custom options
2018-10-28 23:13:20 +00:00
Silvan Mosberger 74854265b1
Merge pull request #49317 from c0bw3b/nixos/demovm
nixos/virtualbox-image: increase disk to 50G
2018-10-28 22:21:37 +01:00
Silvan Mosberger 04b4ca37bd
Merge pull request #49360 from tadfisher/logind-suspend-then-hibernate
nixos/systemd: support "suspend-then-hibernate" logind option
2018-10-28 22:18:39 +01:00
Silvan Mosberger 0ab2621a7f
Merge pull request #49350 from c0bw3b/nixos/rngd
nixos/rngd: fix exec flags and udev rules
2018-10-28 22:15:21 +01:00
Tad Fisher 8520839b6a nixos/systemd: support "suspend-then-hibernate" logind option 2018-10-28 13:41:21 -07:00
Jörg Thalheim 4249dc2fe7
Merge pull request #49355 from Mic92/sddm
nixos/plasma5: disable ocr tests
2018-10-28 19:58:16 +00:00
Jörg Thalheim f974b979a5
nixos/plasma5: disable ocr tests
This is brittle and breaks the test
2018-10-28 19:13:12 +00:00
Renaud deacd0bd73
nixos/rngd: fix exec flags and udev rules
TPM1.2 support has been dropped in rng-tools v6.5
see caef8cce97

rngd won't access /dev/tpm0 anymore and the "--no-tpm=1" option is now unrecognised
2018-10-28 17:31:35 +01:00
FeepingCreature 83a65a9182 improve shell.nix warning messages 2018-10-28 14:08:01 +01:00
obadz 07db5f1c8c
Merge pull request #48901 from Ekleog/opensmtpd-6.4.0
opensmtpd: 6.0.3p1 -> 6.4.0
2018-10-28 13:00:57 +00:00
Joachim F e5ce19f6ab
Merge pull request #46330 from geistesk/wavemon-module
nixos/wavemon: create module
2018-10-28 10:16:54 +00:00
Renaud fc476599ad
installation-device: set GC initial heap size to 1MB
100000 (100kB) is too aggressive (too low) and gets ignored by the GC
See issue #43339
2018-10-28 10:48:00 +01:00
Robert Hensing 696a8bd2b5 nixpkgs.overlays: Add note about nixpkgs.pkgs' treatment of other options 2018-10-28 02:11:00 +02:00
Robert Hensing 5f894a67f5 nixos/modules/misc/nixpkgs.nix: Use pure Nixpkgs function 2018-10-28 02:09:43 +02:00
Renaud 7ab76cc5e8
nixos/virtualbox-image: increase disk to 50G
100GB breaks cptofs but 50GB is fine and benchmarks shows it takes the same time as building the demo VBox VM with a 10GB disk

+ enabled VM sound output by default
+ set USB controller in USB2.0 mode
+ add manifest file in the OVA as it allows integrity checking on imports
2018-10-28 00:53:54 +02:00
aanderse 1381019e49 nixos/rsyslogd & nixos/syslog-ng: fix broken module (#47306)
* journald: forward message to syslog by default if a syslog implementation is installed

* added a test to ensure rsyslog is receiving messages when expected

* added rsyslogd tests to release.nix
2018-10-27 19:01:30 +02:00
xeji 6419bdac05
Merge pull request #47241 from oxij/pull/36261-fix-local-hostname-alternative
nixos/networking: add hostname to /etc/hosts by default, simplify
2018-10-27 16:55:10 +02:00
Robert Hensing a54a799d59 NixOS: nixpkgs.pkgs: Append overlays when specified 2018-10-27 14:51:54 +02:00
Tuomas Tynkkynen ad7f2d120e nixos/installation-cd-minimal: Drop fontconfig
Shouldn't be needed for anything.
2018-10-27 15:17:13 +03:00
Tuomas Tynkkynen cc92fc0a83 nixos/installation-device: Move systemPackages additions to profiles/base
Other package additions are there as well.
2018-10-27 15:17:13 +03:00
Tuomas Tynkkynen 717206010f nixos/installer: Drop extra copy of w3m
The nixos-manual service already uses w3m-nographics for a variant that
drops unnecessary junk like various image libraries.

iso_minimal closure (i.e. uncompressed) goes from 1884M -> 1837M.
2018-10-27 13:16:30 +03:00
Samuel Leathers 5b30cd77db
nixos/grafana_reporter: initial service 2018-10-27 05:15:03 -04:00
Bas van Dijk 0b381dd9ca
Merge pull request #49197 from LumiGuide/strongswan-swanctl-5.7.1
strongswan-swanctl: adapt options to strongswan-5.7.1
2018-10-27 09:34:53 +01:00
Léo Gaspard 58f701ab74 opensmtpd: 6.0.3p1 -> 6.4.0p1 2018-10-27 12:15:09 +09:00
Silvan Mosberger 932e27c53f
Merge pull request #49152 from 1000101/master
nixos/trezord: revised and updated udev rules
2018-10-27 01:18:46 +02:00
Silvan Mosberger d67da5ba9b
Merge pull request #49064 from jslight90/users
nixos/users: fix users home directory with isNormalUser
2018-10-27 00:59:16 +02:00
Silvan Mosberger f374addc10
Merge pull request #48844 from c0bw3b/svc/ddclient
nixos/ddclient: make RuntimeDirectory and configFile private
2018-10-27 00:29:18 +02:00
Bas van Dijk ca655e8b14 strongswan-swanctl: adapt options to strongswan-5.7.1
The changes were found by executing the following in the strongswan
repo (https://github.com/strongswan/strongswan):

git diff 5.6.3..5.7.1 src/swanctl/swanctl.opt
2018-10-26 23:46:02 +02:00
Jan Tojnar 82218835c5
Merge pull request #43133 from worldofpeace/gsignond
gsignond: init at 1.0.7
2018-10-26 19:29:56 +02:00
Ján Hrnko a88e0ef9aa nixos/trezord: revised and updated udev rules 2018-10-26 14:53:31 +02:00
Michael Weiss 163adc5039
Merge pull request #48916 from colemickens/sway-module
programs.sway-beta: module init (temporary until sway-beta becomes sway-1.0)
2018-10-25 19:12:38 +02:00
Marwan Aljubeh 8ddefe857d nixos/nextcloud: fix a typo
The NextCloud `adminpass` option sets the admin password, not the database password.
2018-10-25 18:04:36 +02:00
Maximilian Bosch 5dc1748043
Merge pull request #48728 from qolii/eternal-terminal-module
nixos/eternal-terminal: init new module.
2018-10-25 14:51:22 +02:00
qolii c0d90b57d6 Address more review feedback. 2018-10-24 17:57:33 -07:00
Cole Mickens da960bb899 sway-beta: module init 2018-10-24 14:56:29 -07:00
c0bw3b b47fccff0a truecrypt: remove and alias to veracrypt
TrueCrypt has been retired for a while now and the source archive we
pointed to is gone. Moreover the VeraCrypt fork is available, maintained
and fixes issues previous audits found in TrueCrypt.
2018-10-24 20:34:17 +02:00
Jeff Slight d7fcd1dcbf nixos/users: fix users home directory with isNormalUser 2018-10-24 10:38:56 -07:00
Renaud b2f6aa0069
nixos/rngd: use new name pkgs.rng-tools
Instead of pkgs.rng_tools which is now an alias
2018-10-24 13:46:08 +02:00
Michael Weiss 2eb372d59d
nixos/rootston: Remove the module and the package (#48905)
Rootston is just a reference compositor so it doesn't make that much
sense to have a module for it. Upstream doesn't really like it as well:

"Rootston will never be intended for downstream packages, it's an
internal thing we use for testing." - SirCmpwn [0]

Removing the package and the module shouldn't cause much problems
because it was marked as broken until
886131c243. If required the package can
still be accessed via wlroots.bin (could be useful for testing
purposes).

[0]: https://github.com/NixOS/nixpkgs/issues/38344#issuecomment-378449256
2018-10-23 20:38:33 +02:00
Izorkin af8ae49395 nginx: add custom options 2018-10-23 21:04:07 +03:00
Rob Vermaas debbed29d1 datadog-agent: add option to enable trace agent 2018-10-23 12:30:06 +02:00
Renaud ab5380ec82
nixos/ddclient: make configFile private
/run/ddclient/ddclient.conf should be installed in mode 660 (readable and writeable only by ddclient.service user and group)
2018-10-23 00:43:41 +02:00
Renaud f76a9eb526
nixos/ddclient: make RuntimeDirectory private
ddclient will raise a warning if /run/ddclient/ is world-readable
2018-10-22 23:58:12 +02:00
Jörg Thalheim 9a7bca27cc
Merge pull request #48834 from dhess/dovenull-group-fix
dovecot: dovenull user should have its own group.
2018-10-22 22:46:17 +01:00
Arian van Putten 9f72791516 nixos/containers: Introduce several tweaks to systemd-nspawn from upstream systemd
* Lets container@.service  be activated by machines.target instead of
  multi-user.target

  According to the systemd manpages, all containers that are registered
  by machinectl, should be inside machines.target for easy stopping
  and starting container units altogether

* make sure container@.service and container.slice instances are
  actually located in machine.slice

  https://plus.google.com/112206451048767236518/posts/SYAueyXHeEX
  See original commit: https://github.com/NixOS/systemd/commit/45d383a3b8

* Enable Cgroup delegation for nixos-containers

  Delegate=yes should be set for container scopes where a systemd instance
  inside the container shall manage the hierarchies below its own cgroup
  and have access to all controllers.

  This is equivalent to enabling all accounting options on the systemd
  process inside the system container.  This means that systemd inside
  the container is responsible for managing Cgroup resources for
  unit files that enable accounting options inside.  Without this
  option, units that make use of cgroup features within system
  containers might misbehave

  See original commit: https://github.com/NixOS/systemd/commit/a931ad47a8

  from the manpage:
    Turns on delegation of further resource control partitioning to
    processes of the unit. Units where this is enabled may create and
    manage their own private subhierarchy of control groups below the
    control group of the unit itself. For unprivileged services (i.e.
    those using the User= setting) the unit's control group will be made
    accessible to the relevant user. When enabled the service manager
    will refrain from manipulating control groups or moving processes
    below the unit's control group, so that a clear concept of ownership
    is established: the control group tree above the unit's control
    group (i.e. towards the root control group) is owned and managed by
    the service manager of the host, while the control group tree below
    the unit's control group is owned and managed by the unit itself.
    Takes either a boolean argument or a list of control group
    controller names. If true, delegation is turned on, and all
    supported controllers are enabled for the unit, making them
    available to the unit's processes for management. If false,
    delegation is turned off entirely (and no additional controllers are
    enabled). If set to a list of controllers, delegation is turned on,
    and the specified controllers are enabled for the unit. Note that
    additional controllers than the ones specified might be made
    available as well, depending on configuration of the containing
    slice unit or other units contained in it. Note that assigning the
    empty string will enable delegation, but reset the list of
    controllers, all assignments prior to this will have no effect.
    Defaults to false.

    Note that controller delegation to less privileged code is only safe
    on the unified control group hierarchy. Accordingly, access to the
    specified controllers will not be granted to unprivileged services
    on the legacy hierarchy, even when requested.

    The following controller names may be specified: cpu, cpuacct, io,
    blkio, memory, devices, pids. Not all of these controllers are
    available on all kernels however, and some are specific to the
    unified hierarchy while others are specific to the legacy hierarchy.
    Also note that the kernel might support further controllers, which
    aren't covered here yet as delegation is either not supported at all
    for them or not defined cleanly.
2018-10-22 22:36:08 +02:00
Drew Hess fa388534e4
dovecot: dovenull user should have its own group.
Quoting from https://wiki.dovecot.org/UserIds#dovenulluser:

"It should belong to its own private dovenull group where no one else
belongs to..."
2018-10-22 15:01:47 -04:00
Victor SENE 2a164f598c nixos/nextcloud: extend documentation for nginx configuration
Co-authored-by: Robin Gloster <mail@glob.in>
2018-10-22 19:50:37 +02:00
Kier Davis dfdaf39ec3
ckb module: use exec when starting the daemon process
This avoids leaving the parent shell process (the one executing the
unit script) lying around.
2018-10-22 13:23:30 +01:00
Kier Davis 81178785c9
ckb, ckb module: rename to ckb-next
The upstream package has officially changed its name to ckb-next.
2018-10-22 13:23:30 +01:00
Kier Davis 8069b09d05
ckb module: update systemd service parameters to match upstream
This changes the description and restart mode to the values present
in lib/systemd/system/ckb.service within the ckb package.
2018-10-22 13:22:02 +01:00
Kier Davis 85526bce87
ckb-next: 0.2.9 -> 0.3.2
In this update:

* binaries `ckb` and `ckb-daemon` are renamed to `ckb-next` and `ckb-next-daemon`
* build system changed from qmake to cmake
* the directory searched for animation plugins no longer needs to be patched, as a result of the build system change
* modprobe patch has been bumped, since the source repository layout has changed
* the cmake scripts are quite FHS-centric and require patching to fix install locations
2018-10-22 13:22:01 +01:00
Léo Gaspard 5cd6c65054 wasm: remove alias to unbreak the channel
Nixpkgs' channel currently can't move forward so long as there is a
trace in evaluating the top-level arguments. Which means that it isn't
possible to add a warning message to warn users of future package
removal.

So the only way forward appears to be just removing the alias
altogether.

(cherry picked from commit b4133ebc17c2742a76d912f4f0bf46719bc7800e)
2018-10-22 09:58:00 +02:00
Jörg Thalheim 0a5b4fda63
Merge pull request #48791 from markuskowa/fix-munge
nixos/munge: do not create unnecessary log dir
2018-10-21 22:59:51 +01:00
Matthew Bauer 1902adb437 ova: add cloneConfigExtra option
Customize virtualbox ovas to contain a clone config option giving some
useful hints.

Fixes #38429
2018-10-21 14:52:49 -05:00
Arian van Putten 3be00fa60c nixos/systemd-nspawn: Remove dependency on bogus "machine.target"
"machine.target" doesn't actually exist, it's misspelled version
of "machines.target".  However, the "systemd-nspawn@.service"
unit already has a default dependency on "machines.target"
2018-10-21 21:51:51 +02:00
Markus Kowalewski e3a86019d6
nixos/munge: do not create unnecessary log dir
/var/log/munge is not used. All log messages go to syslog
2018-10-21 20:46:09 +02:00
Joachim F ca127588c1
Merge pull request #48625 from exarkun/48622.tor-disable-socksport
nixos/tor: better support non-anonymous services
2018-10-21 18:27:02 +00:00
Ben Wolsieffer eadb9c822b raspberrypi-bootloader: pass initrd to kernel
NixOS is unable to boot using the RPi bootloader (w/o U-Boot) unless the initrd
is configured.
2018-10-21 17:44:11 +03:00
Ben Wolsieffer e2fbada6f8 raspberrypi-bootloader: uboot: allow specification of target directory 2018-10-21 17:44:11 +03:00
Ben Wolsieffer 1afff7c10b raspberrypi-bootloader: support Raspberry Pi 3 w/o U-Boot and explicitly support
Raspberry Pi Zero
2018-10-21 17:44:11 +03:00
Ben Wolsieffer bcb9e17bba raspberrypi-bootloader: allow specification of target directory 2018-10-21 17:44:11 +03:00
Jörg Thalheim c4a7ebb46b
Merge pull request #47070 from Mic92/grafana-improvements
Grafana: secrets outside of the nix store + smtp
2018-10-21 14:21:09 +01:00
Linus Heckemann 45981145ad nixos/wrappers: remove outdated upgrade code
As mentioned in the code comments themselves, this was only necessary
for 16.09 -> 17.03 and as such is obsolete.
2018-10-21 15:12:36 +02:00
Renaud cb9237d16f
Merge pull request #47775 from florianjacob/munin-var-run-to-run
nixos/munin: move from /var/run to /run
2018-10-21 10:07:25 +02:00
Michael Raskin 3491dd06a1
Merge pull request #47224 from pvgoran/tomcat-virtualhost-aliases
nixos/tomcat: add aliases sub-option for virtual hosts
2018-10-21 07:54:52 +00:00
qolii ee0444576f Address review feedback. 2018-10-20 13:52:43 -07:00
qolii af1a285017 nixos/eternal-terminal: init new module. 2018-10-20 13:52:12 -07:00
Silvan Mosberger 1fa1bcbab0
nixos/znc: Fix confOptions.uriPrefix not being applied
This was overlooked on a rebase of mine on master, when I didn't realize
that in the time of me writing the znc changes this new option got
introduced.
2018-10-20 20:56:30 +02:00
Silvan Mosberger 039fc37f9c
nixos/znc: Fix confOptions.extraZncConf being applied to wrong section
This bug was introduced in https://github.com/NixOS/nixpkgs/pull/41467
2018-10-20 20:36:18 +02:00
Pierre Bourdon cf58856d90 nixos/prometheus: add webExternalUrl option
Similar to the prometheus.alertmanager.webExternalUrl option, but for
Prometheus itself.
2018-10-20 13:45:55 +02:00
Matthew Bauer 5b73b46aec
Merge pull request #48689 from Tmplt/fix-compton
nixos/compton: fix corrupt colours with Mesa 18 on AMD
2018-10-19 15:40:43 -05:00
Maximilian Bosch e8fb77a944
Merge pull request #46152 from Ma27/fix-setxkbmap-completion
zsh: patch `_setxkbmap` completion script
2018-10-19 14:33:04 +02:00
Daniel Rutz 0885a65169 nixos/doc: Add documentation for types.port type 2018-10-19 12:33:24 +02:00
worldofpeace 4f4e20bc79 nixos/gsignond: init 2018-10-19 06:29:04 -04:00
Jörg Thalheim e37892744f
Merge pull request #48640 from gnidorah/kvmgt
kvmgt module: add restart on failure
2018-10-19 10:45:04 +01:00
Sarah Brofeldt 58717759b3
Merge pull request #48546 from andrew-d/andrew/hide-zfs-import-warning
nixos/zfs: Hide useless errors when waiting for zpool to be ready
2018-10-19 10:07:09 +02:00
Tmplt df41d53f9d nixos/compton: fix corrupt colours with Mesa 18 on AMD
On AMD hardware with Mesa 18, compton renders some colours incorrectly
when using the glx backend. This patch sets an environmental variable
for compton so colours are rendered correctly.

Topical bug: <https://bugs.freedesktop.org/show_bug.cgi?id=104597>
2018-10-19 01:10:11 +02:00
Daniel Rutz c98a7bf8f2 nixos/sshd: Use port type instead of int
This change leads to an additional check of the port number at build time, making invalid port values impossible.
2018-10-18 23:42:20 +02:00
Jörg Thalheim 5a1f0f9aa3
tinc: remove unnecessary networking.interfaces
This breaks with networking backends enabled and
also creates large delays on boot when some services depends
on the network target. It is also not really required
because tinc does create those interfaces itself.

fixes #27070
2018-10-18 21:37:56 +01:00
gnidorah a6603fd8a8 kvmgt module: add service restart on failure 2018-10-18 22:35:32 +03:00
Jörg Thalheim 2ce94fafcd
Merge pull request #48571 from spacefrogg/openafs
Openafs security updates
2018-10-18 16:08:04 +01:00
Michael Raitza 290a7d2ee9 nixos/openafs: Add defaultText to avoid evaluating packages 2018-10-18 13:11:52 +02:00
adisbladis 78c0e1aa11
nixos/pulseaudio: Add extraModules config option 2018-10-18 16:27:43 +08:00
Silvan Mosberger 77e90ef365
Merge pull request #45030 from eadwu/nvidia_x11_beta/396.51
nvidia_x11_beta: reinit at 410.57
2018-10-18 09:10:05 +02:00
Edmund Wu 21bb1fa004
nvidia_x11_beta: reinit at 410.57 2018-10-17 19:30:44 -04:00
Maximilian Bosch 13e4110650
Merge pull request #48131 from Ma27/weechat-multiuser-support
nixos/weechat: add setuid wrapper for `screen' to ensure true multiuser capabilities
2018-10-17 23:39:30 +02:00
markuskowa ab27adc2dd
Merge pull request #47154 from ck3d/fix-nixos-lirc-socket
nixos lircd: fix deletion of lircd socket
2018-10-17 21:52:48 +02:00
Jörg Thalheim f6ded23889
Merge pull request #48460 from Mic92/postfix-setuid
postfix: add setgid wrapper for postqueue/postdrop
2018-10-17 14:48:43 +01:00
Jean-Paul Calderone 4a71e2942c nixos/tor: better support non-anonymous services
Tor requires ``SOCKSPort 0`` when non-anonymous hidden services are
enabled.  If the configuration doesn't enable Tor client features,
generate a configuration file that explicitly includes this disabling
to allow such non-anonymous hidden services to be created (note that
doing so still requires additional configuration).  See #48622.
2018-10-17 08:56:59 -04:00
clefru 725fcdef3f Fix hostapd's place in systemd dependency tree. (#45464)
* nat/bind/dhcp.service:
  Remove. Those services have nothing to do with a link-level service.

* sys-subsystem-net-devices-${if}.device:
  Add as BindsTo dependency as this will make hostapd stop when the
  device is unplugged.

* network-link-${if}.service:
  Add hostapd as dependency for this service via requiredBy clause,
  so that the network link is only considered to be established
  only after hostapd has started.

* network.target:
  Remove this from wantedBy clause as this is already implied from
  dependencies stacked above hostapd. And if it's not implied than
  starting hostapd is not required for this particular network
  configuration.
2018-10-17 09:18:52 +02:00
Silvan Mosberger e443bbf6fd
Merge pull request #45470 from Infinisil/znc-config
nixos/znc: More flexible module, cleanups
2018-10-17 03:01:30 +02:00
Silvan Mosberger 8319ec35b2
Merge pull request #47975 from aneeshusa/make-container-journals-available-from-host
containers: Make systemd journals available from the host
2018-10-17 02:56:05 +02:00
Eelco Dolstra b6bac6c144
Revert "Merge pull request #48122 from zimbatm/pkg-nixos-rebuild"
This reverts commit 10addad603, reversing
changes made to 7786575c6c.

NixOS scripts should be kept in the NixOS source tree, not in
pkgs. Moving them around is just confusing and creates unnecessary
code/history churn.
2018-10-16 20:25:44 +02:00
Andrew Dunham c3e004799c Hide useless errors when waiting for zpool to be ready 2018-10-16 02:45:25 -07:00
zimbatm 1875344542
nixos-*: init as package
Move all the nixos-* scripts from the nixos distribution as real
packages in the pkgs/ package set.

This allows non-nixos users to run the script as well. For example,
deploying a remote machine with:

    nixos-rebuild --target-host root@hostname --build-host root@hostname
2018-10-16 11:12:36 +02:00
zimbatm b7a07313cc
move the codeName to /.codeName
Make the codeName globally accessible in the repo. The release is not
only for NixOS anymore.
2018-10-16 11:11:28 +02:00
Aneesh Agrawal a962d53806 salt: Restart on config changes 2018-10-15 19:59:25 -07:00
Aneesh Agrawal 37c9915340 nixos/salt-minion: Fix salt-call without -c 2018-10-15 19:59:09 -07:00
Aneesh Agrawal adf8261192 nixos/salt-minion: Remove trailing whitespace 2018-10-15 19:59:00 -07:00
Joachim F 205aff5a65
Merge pull request #48439 from joachifm/hardened-misc
nixos/security/misc: init
2018-10-15 21:25:42 +00:00
Joachim Fasting f4ea22e5de
nixos/security/misc: init
A module for security options that are too small to warrant their own module.

The impetus for adding this module is to make it more convenient to override
the behavior of the hardened profile wrt user namespaces.
Without a dedicated option for user namespaces, the user needs to
1) know which sysctl knob controls userns
2) know how large a value the sysctl knob needs to allow e.g.,
   Nix sandbox builds to work

In the future, other mitigations currently enabled by the hardened profile may
be promoted to options in this module.
2018-10-15 23:11:37 +02:00
Eelco Dolstra 0bdd0d8e04
amazon-image.nix: Disable udisks
This reduces the system closure by 89 MiB.
2018-10-15 21:54:28 +02:00
Eelco Dolstra 47dfe25e1b
ec2-amis.nix: Add 18.09 images 2018-10-15 21:43:16 +02:00
rnhmjoj 16f67637ba
nixos/syncthing: move configuration to condigDir
fixes #47513 following the upstream recommended settings:
https://github.com/syncthing/syncthing/issues/3434#issuecomment-235401876
2018-10-15 20:34:50 +02:00
Graham Christensen 94c6f1ba0e
Merge pull request #48463 from Ekleog/release-notes-license
release-notes/18-09: add licenses marked as unfree
2018-10-15 10:33:31 -04:00
Léo Gaspard 861b70f483
nixos manual: automatic reflow 2018-10-15 23:10:55 +09:00
Léo Gaspard 2a2c99673b
release-notes/18-09: add licenses marked as unfree 2018-10-15 23:10:54 +09:00
Jörg Thalheim 91ddc9d27f
postfix: add setgid wrapper for postqueue/postdrop
Both postqueue[1] and postdrop[2] implement a subset of administration
task that are supposed to be run unprivileged users
and require the setgid bit to full-fill this task.

[1] http://www.postfix.org/postqueue.1.html
[2] http://www.postfix.org/postdrop.1.html
2018-10-15 13:14:41 +01:00
Joachim F a179d44bd1
Merge pull request #47538 from xaverdh/kmscon-autologin
nixos/kmscon: Add autologin option
2018-10-15 11:25:19 +00:00
Pierre Bourdon 01d1f77681 tests/prometheus-exporters: add new Tor exporter
This new exporter was added in #48307.
2018-10-14 20:12:07 -05:00
Joachim Fasting cb845123d4
nixos/hardened: add myself to maintainers 2018-10-15 01:33:33 +02:00
Joachim Fasting e619998eb3
nixos/lock-kernel-modules: add myself to maintainers 2018-10-15 01:33:30 +02:00
Aneesh Agrawal d85317c7b2 nixos/containers: Make systemd journals available from the host
This is set by default if using the upstream systemd-nspawn@ units.
2018-10-14 14:40:08 -07:00
Silvan Mosberger 7e31678043
nixos/znc: Add release note entry for removed options 2018-10-14 20:39:50 +02:00
Silvan Mosberger 81c3ae9492
nixos/znc: add config option
This option represents the ZNC configuration as a Nix value. It will be
converted to a syntactically valid file. This provides:
- Flexibility: Any ZNC option can be used
- Modularity: These values can be set from any NixOS module and will be
merged correctly
- Overridability: Default values can be overridden

Also done:
Remove unused/unneeded options, mkRemovedOptionModule unfortunately doesn't work
inside submodules (yet). The options userName and modulePackages were never used
to begin with
2018-10-14 20:39:42 +02:00
Janne Heß 7748c3da1b nixos/nixos-install: Unset system
The system variable is used from the (possibly polluted) shell
environment.
This causes nixos-install to fail in a nix-shell because the system
shell variable is automatically set to the current system (e.g.
x86_64-linux).
2018-10-14 20:12:08 +02:00
Silvan Mosberger 0ea64098dc
Merge pull request #48006 from NickHu/psd
profile-sync-daemon: add missing path to systemd service
2018-10-14 14:10:03 +02:00
Nick Hu 9cd21807c8 nixos/profile-sync-daemon: add missing path to systemd service 2018-10-14 13:02:33 +01:00
Peter Hoeg abe0e22e20
Merge pull request #48119 from mrVanDalo/update_syncthing
nixos/modules: services.syncthing add guiAddress parameter
2018-10-14 18:47:51 +08:00
Ingolf Wagner d2e1dd7fc7
nixos/modules: services.syncthing use types.str instead of types.string
As Infinisil mentioned in https://github.com/NixOS/nixpkgs/pull/48119#discussion_r224974201
2018-10-14 06:46:42 +02:00
Ingolf Wagner fa6c8ec2a7
nixos/modules: services.syncthing add guiAddress parameter 2018-10-14 00:52:25 +02:00
Silvan Mosberger d4f2f4c79d
Merge pull request #44441 from mnacamura/shell-aliases
environment.shellAliases: change default behavior
2018-10-13 17:46:11 +02:00
Yegor Timoshenko 6e4d0c4a8a
Merge pull request #47691 from florianjacob/matomo-choose-package
nixos/matomo: introduce services.matomo.package option
2018-10-13 15:27:00 +00:00
Florian Jacob a1825aecfc
nixos/matomo: introduce services.matomo.package option 2018-10-13 15:25:12 +00:00
Mitsuhiro Nakamura c941577dcb nixos/shells: enable to nullify already defined aliases 2018-10-14 00:14:49 +09:00
Mitsuhiro Nakamura 3b5449b80c nixos/shells: programs.*sh.shellAliases override environment.shellAliases 2018-10-14 00:14:09 +09:00
Mitsuhiro Nakamura e4e160cc39 nixos/shells: do not override user-defined shell aliases 2018-10-14 00:13:13 +09:00
Yegor Timoshenko 605eb4098f
Merge pull request #47696 from Ma27/dont-run-thefuck-on-bash
nixos/thefuck: don't run thefuck on `environment.shellInit'
2018-10-13 15:12:50 +00:00
Alexey Shmalko df2696c430
Merge pull request #48307 from delroth/prom-tor
prometheus-tor-exporter: init at 0.3
2018-10-13 17:59:23 +03:00
Silvan Mosberger 4eee2cd0e0
nixos/znc: move to own folder
Move legacy options to separate file
2018-10-13 15:04:53 +02:00
Jörg Thalheim b899df4f3f
Merge pull request #48292 from jslight90/gitlab
nixos/gitlab: add custom hooks directory for gitlab-shell
2018-10-13 10:55:42 +01:00
Pierre Bourdon 86d644f8cc prometheus-tor-exporter: init at 0.3
Upstream: https://github.com/atx/prometheus-tor_exporter
2018-10-13 10:10:29 +02:00
volth 0d44d639f6 nixos/qemu-guest-agent: pkgs.{kvm -> qemu} (#48293)
there is no top-level pkgs.kvm
2018-10-13 00:41:46 +02:00
Jörg Thalheim 6a5e62e5e6
Merge pull request #48248 from volth/environment.extraSetup
use buildPackages in environment.extraSetup
2018-10-12 22:35:11 +01:00
Jörg Thalheim 156d2fbf5d
Merge pull request #48272 from avnik/fix/rmilter
nixos/rmilter: don't enable by default, if rspamd enabled
2018-10-12 22:34:08 +01:00
Jeff Slight 7bafe25553 add custom hooks directory to gitlab-shell
Add custom_hooks_dir to gitlab-shell yml config file.
2018-10-12 09:33:37 -07:00
Alexander V. Nikolaev b61dd2bcb7 nixos/rmilter: don't enable by default, if rspamd enabled 2018-10-12 17:39:06 +03:00
Jan Tojnar a112f16a75
Merge pull request #42562 from ambrop72/gdk-pixbuf-fix
Use a NixOS module for generating the gdk-pixbuf loaders cache.
2018-10-12 15:52:06 +02:00
Jörg Thalheim 6bd73e860b
Merge pull request #48245 from volth/patch-258
bootStage1: fix cross build
2018-10-12 14:42:43 +01:00