Commit graph

13767 commits

Author SHA1 Message Date
WilliButz
5818c73d95
nixos/prometheus-exporters: add mail exporter module 2019-07-30 19:24:26 +02:00
Joachim F
a7d71da84d
Merge pull request #65585 from delroth/hardened-pti
nixos/hardened: make pti=on overridable
2019-07-30 10:35:31 +00:00
Janne Heß
ae608faa85 nixos/xfs: Add xfs_repair to the initrd
Closes #8820
2019-07-30 09:28:34 +02:00
worldofpeace
7f2f31a812
Merge pull request #65449 from worldofpeace/disable-portals
nixos/xdg: disable portals (again, again)
2019-07-29 21:47:51 -04:00
worldofpeace
1b21c9db91 nixos/xdg: add gtkUsePortal option to portals
Prior to this change GTK_USE_PORTAL was unconditionally
set to "1". For this to not break things you have to have some
sort of portal implementation in extraPortals.

Setting GTK_USE_PORTAL in this manner is actually only useful
when using portals for applications outside flatpak. For example
people using non-flatpak Firefox who want native filechoosers.
It's also WIP for electron applications to support this.
2019-07-29 21:47:09 -04:00
Pierre Bourdon
67b7e70865
nixos/hardened: make pti=on overridable
Introduces a new security.forcePageTableIsolation option (default false
on !hardened, true on hardened) that forces pti=on.
2019-07-30 02:24:56 +02:00
Alexey Shmalko
e50539f7b5
syncthing: create default group if not overridden
The following configuration generates a systemd unit that doesn't
start.
```nix
{
  services.syncthing = {
    enable = true;
    user = "my-user";
  };
}
```

It fails with
```
systemd[1]: Started Syncthing service.
systemd[6745]: syncthing.service: Failed to determine group credentials: No such process
systemd[6745]: syncthing.service: Failed at step GROUP spawning /nix/store/n1ydz3i08nqp1ajc50ycy1zribmphqc9-syncthing-1.1.4-bin/bin/syncthing: No such process
systemd[1]: syncthing.service: Main process exited, code=exited, status=216/GROUP
systemd[1]: syncthing.service: Failed with result 'exit-code'.
```

This is due to the fact that `syncthing` group (default) is not
created if the user is overridden.

Add a separate check for setting up the default group, so that
user/group are created independently.
2019-07-29 21:56:12 +03:00
Andrew Childs
a5328e1386 fluentd: add simple test 2019-07-30 00:37:21 +09:00
Jörg Thalheim
3b0f0741ea
Merge pull request #65335 from Baughn/wifi-crda
wifi: Include CRDA regulatory database
2019-07-29 07:02:22 +01:00
Svein Ove Aas
d28a8cc4af nixos/pantheon: Include CRDA regulatory database 2019-07-28 22:17:19 +01:00
Svein Ove Aas
186dd1ce58 nixos/gnome3: Include CRDA regulatory database 2019-07-28 22:17:10 +01:00
Svein Ove Aas
7ee6226bdd nixos/networkmanager: Include CRDA regulatory database 2019-07-28 22:10:28 +01:00
Svein Ove Aas
ac50d8e709 nixos/wpa_supplicant: Include CRDA regulatory database 2019-07-28 22:10:28 +01:00
Bas van Dijk
9ff408a2a4
Merge pull request #60500 from basvandijk/thanos-init
thanos: init at 0.6.0 & NixOS module
2019-07-28 19:14:55 +02:00
edef
9897956d36
Merge pull request #65485 from arcnmx/pr-taskserver-nixos
nixos/taskserver: crl file is optional
2019-07-28 13:02:05 +00:00
Bas van Dijk
0a59be7136 thanos: 0.5.0 -> 0.6.0 2019-07-28 13:28:27 +02:00
Bas van Dijk
6a59dc35f6 nixos/tests/prometheus-2.nix: increase diskSize of the store machine
This is to fix the following error in the test on aarch64-linux:

store# [  126.911144] thanos[739]: level=error ts=2019-06-16T14:00:26.59870538Z caller=main.go:182 msg="running command failed" err="error executing compaction: first pass of downsampling failed: create dir: mkdir /var/lib/thanos-compact/downsample: no space left on device"
store# [  126.942655] systemd[1]: thanos-compact.service: Main process exited, code=exited, status=1/FAILURE
2019-07-28 13:28:27 +02:00
Bas van Dijk
dc69b3e6ad nixos/thanos: code style: don't use a space before a colon 2019-07-28 13:28:27 +02:00
Bas van Dijk
e32e0e6e02 nixos/thanos: assert that prometheus2 is running and has labels set 2019-07-28 13:28:27 +02:00
Bas van Dijk
13da811853 nixos/thanos: allow overriding arguments to the thanos subcommands 2019-07-28 13:28:27 +02:00
Bas van Dijk
2d0243c187 thanos: 0.4.0 -> 0.5.0-rc.0 2019-07-28 13:28:27 +02:00
Bas van Dijk
ebc65a5f21 nixos/thanos: add module for the thanos service 2019-07-28 13:28:27 +02:00
Frederik Rietdijk
cb3ce5d26d Merge master into staging-next 2019-07-28 12:11:37 +02:00
Frederik Rietdijk
cca5ee9c07 Merge staging-next into staging 2019-07-28 09:10:03 +02:00
arcnmx
c604b38791 nixos/taskserver: crl file is optional 2019-07-27 15:49:46 -07:00
Ashish SHUKLA
d3c2b992d4
sshguard: do not create ipset in post-start
Upstream switched to a different type of ipset table, whereas we
create ipset in post-start which overrides upstream, and renders
sshguard ineffective.

Remove ipset creation from post-start, and let it get automatically
by upstream script (sshg-fw-ipset) as part of startup
2019-07-27 10:59:50 +05:30
worldofpeace
1e4d9e08cd nixos/plasma5: enable xdg.portal 2019-07-26 22:36:32 -04:00
worldofpeace
16c6f169a2 nixos/gnome3: enable xdg.portal 2019-07-26 22:36:14 -04:00
worldofpeace
785158fd64 nixos/flatpak: require xdg.portal to be enabled 2019-07-26 22:35:50 -04:00
worldofpeace
c4d06eff3f nixos/xdg: disable portal (again) 2019-07-26 22:33:49 -04:00
Aaron Andersen
1ab91bee65
Merge pull request #65418 from mmahut/proxy_server
nixos/zabbixProxy: server is a mandatory parameter
2019-07-26 18:46:21 -04:00
Aaron Andersen
5596b69771 nixos/httpd: remove duplicate module entries from httpd.conf 2019-07-26 17:51:06 -04:00
Silvan Mosberger
d3dfe06c38
nixos/xserver: add option to install custom xkb layouts (#47764)
nixos/xserver: add option to install custom xkb layouts
2019-07-26 20:43:37 +02:00
rnhmjoj
e91f0c38c0
docs/xserver: use <note> tag for notes 2019-07-26 18:08:05 +02:00
rnhmjoj
3effc55b5b
docs/xserver: document xserver.extraLayouts 2019-07-26 18:08:04 +02:00
rnhmjoj
171d5c9200
nixos/xserver: add option to install custom xkb layouts 2019-07-26 18:08:04 +02:00
Marek Mahut
6e762653de module zabbixProxy: server is a mandatory parameter 2019-07-26 16:22:47 +02:00
Frederik Rietdijk
0f6bda38fe Merge staging-next into staging 2019-07-26 14:45:31 +02:00
Jörg Thalheim
741046a4d6
Merge pull request #65331 from Mic92/zfs-trim
nixos/zfs: add trim service
2019-07-26 07:53:33 +01:00
Léo Gaspard
5f33bcd953
matrix-synapse: fix documentation better 2019-07-25 15:37:32 +02:00
Jörg Thalheim
1d86714a2b
nixos/zfs: add trim service
Introduces a trim timer similar to the fstrim service.
According to zpool(8) for consumer hardware periodic manual TRIM
is preferred over automatic TRIM that ZFS implements.
The period of one week is based on recommendations of fstrim.
2019-07-25 12:47:43 +01:00
Orivej Desh
32fbbc6f9b Merge master into staging 2019-07-25 09:23:21 +00:00
Kevin Rauscher
17c2f79e39 bloop: allow specifying extra cli options 2019-07-25 09:28:13 +02:00
Thomas Tuegel
294e75e832
Merge pull request #65339 from ttuegel/wrap-pinentry_qt5
pinentry: Use qt5.wrapQtApps as needed
2019-07-24 16:07:40 -05:00
Thomas Tuegel
9235a8eaef
nixos/config/no-x-libs: Fix pinentry arguments 2019-07-24 15:22:07 -05:00
Kevin Rauscher
d6b6015d34 bloop: get closer to standard bloop packaging 2019-07-24 21:42:40 +02:00
Robin Gloster
5806e71834
Merge pull request #65299 from Ma27/fix-nextcloud-test
nixos/nextcloud: fix inclusion of trusted_domains in override config
2019-07-24 19:28:06 +00:00
Silvan Mosberger
12eb0f524b
nixos/tests: Reenable couchdb
Works just fine in current master
2019-07-24 20:53:02 +02:00
Silvan Mosberger
5e974362be
nixos/couchdb: Prevent it from chowning /var/log to couchdb:couchdb
The default for logFile is /var/log/couchdb.log, and the tmpfile rules chown
${dirOf cfg.logFile}, which is just /var/log, to couchdb:couchdb.

This was found by Edes' report on IRC, which looked like

    Detected unsafe path transition /var/log → /var/log/journal during canonicalization of /var/log/journal

While this bug has been present since the initial couchdb module in
62438c09f7 by @garbas, this wasn't a
problem, because the initial module only created and chowned /var/log
if it didn't exist yet, which can't occur because this gets created in
the initial phases of NixOS startup.

However with the recent move from manual preStart chown scripts to
systemd.tmpfiles.rules in 062efe018d (#59389),
this chown is suddenly running unconditionally at every system
activation, therefore triggering the above error.
2019-07-24 20:52:53 +02:00
Thomas Tuegel
3d76d810ed
Merge pull request #65090 from eadwu/compton/7
compton: 6.2 -> 7
2019-07-24 06:41:09 -05:00
Peter Hoeg
bede9851a1
Merge pull request #65078 from peterhoeg/f/st
nixos/syncthing: do not use nogroup
2019-07-24 13:22:08 +08:00
Aaron Andersen
ebd9067473 nixos/mediawiki: add release notes for 19.09 2019-07-23 22:03:20 -04:00
Aaron Andersen
455d33f514 nixos/mediawiki: init service to replace httpd subservice 2019-07-23 22:02:33 -04:00
Aaron Andersen
72ef4786e1
Merge pull request #64151 from aanderse/httpd-extraSubservices
nixos/httpd: module cleanup
2019-07-23 21:58:40 -04:00
Florian Klink
101a4be5a7
Add spotifyd package and service (#65092)
Add spotifyd package and service
2019-07-24 00:54:24 +02:00
Silvan Mosberger
8403187566
thelounge: init at 3.0.1 (#51947)
thelounge: init at 3.0.1
2019-07-23 13:45:43 +02:00
Maximilian Bosch
c5e515f5c7
nixos/nextcloud: fix inclusion of trusted_domains in override config
Regression I caused with 3944aa051c, sorry
for this! The Nextcloud installer broke back then because
`trusted_domains` was an empty value by default (a.k.a an empty array)
which seemed to break the config merger of Nextcloud as Nextcloud
doesn't do recursive merging and now no domain was trusted because of
that, hence Nextcloud was unreachable for the `curl` call.
2019-07-23 13:29:43 +02:00
Mrmaxmeier
37a2f058ed nixos/thelounge: init
The Lounge is the official and community-managed fork of Shout.
This intends to replace the `shout` service.
2019-07-23 13:18:01 +02:00
Danylo Hlynskyi
d54e52276b
postgresql: update docs
https://github.com/NixOS/nixpkgs/issues/32156
2019-07-23 14:17:14 +03:00
Domen Kožar
cfd507d581
system-boot: configurationLimit should be null as default 2019-07-23 10:20:09 +02:00
WilliButz
5dc50eab68
Merge pull request #65102 from d-goldin/patch-1
docs prometheus.exporters: typo fix.
2019-07-23 10:06:20 +02:00
worldofpeace
356d9ad758 nixos/pantheon: don't add extraPortals
Pantheon's XDG Portal is still WIP and we
it's probably not proper to use gtk's one.
2019-07-23 03:43:41 -04:00
steve-chavez
dfd3a0269c Shorten mkEnableOption description 2019-07-23 12:19:28 +09:00
steve-chavez
5ccfa0c816 nixos/modules: add greenclip user service 2019-07-23 12:19:28 +09:00
worldofpeace
b1bc0645ea gdk-pixbuf: rename from gdk_pixbuf 2019-07-22 18:50:57 -04:00
Robin Gloster
da2eda65e3
Merge pull request #65179 from delroth/bind-extraconfig
nixos/bind: allow manual additions to zone config fragments
2019-07-22 17:53:49 +00:00
Robin Gloster
e891178dde
Merge pull request #63900 from Ma27/nextcloud-declarative-dbconfig
nixos/nextcloud: write config to additional config file
2019-07-22 16:50:02 +00:00
Johan Thomsen
bbd4a0c100 nixos/gitlab: gitlab-workhorse requires exiftool on path to process uploaded images 2019-07-22 16:41:16 +00:00
Maximilian Bosch
3944aa051c
nixos/nextcloud: write config to additional config file
One of the main problems of the Nextcloud module is that it's currently
not possible to alter e.g. database configuration after the initial
setup as it's written by their imperative installer to a file.

After some research[1] it turned out that it's possible to override all values
with an additional config file. The documentation has been
slightly updated to remain up-to-date, but the warnings should
remain there as the imperative configuration is still used and may cause
unwanted side-effects.

Also simplified the postgresql test which uses `ensure{Databases,Users}` to
configure the database.

Fixes #49783

[1] https://github.com/NixOS/nixpkgs/issues/49783#issuecomment-483063922
2019-07-22 18:29:52 +02:00
WilliButz
294bed66dc
nixos/release-notes: add note about nginx-exporter 2019-07-22 16:41:10 +02:00
WilliButz
c64f621bfd
nixos/prometheus-nginx-exporter: update module
Update exporter submodule to match the new exporter version.
2019-07-22 16:41:10 +02:00
WilliButz
fb6f0a48bb
nixos/prometheus-exporters: add option renaming for submodules
Adds the functionality to create option renamings and removals
for exporter submodules as in nixos/modules/rename.nix.
2019-07-22 16:41:10 +02:00
WilliButz
77ccb1fe6a
nixos/tests/prometheus-exporters: replace 'with lib;'
Replace 'with lib;' by explicit function imports.
2019-07-22 16:41:10 +02:00
WilliButz
774221191d
nixos/prometheus-exporters: refactor imports, replace 'with lib;'
Pass through 'options' to exporter definitions and replace 'with lib;'
by explicit function imports.
2019-07-22 16:41:09 +02:00
WilliButz
01ee2ee2ba
nixos/test: fix prometheus-{bind,varnish}-exporter tests 2019-07-22 16:41:09 +02:00
Nikolay Amiantov
a0ba42e3f4
Merge pull request #64268 from jameysharp/nscd-dynamicuser
nixos/nscd: DynamicUser and other cleanups
2019-07-22 16:23:07 +03:00
Nikolay Amiantov
5f4288d49d boot tests: don't use globbing
Turns out I broke all the boot tests except netboot.

Instead of relying on build-time search for .iso we can use a proper attribute.
2019-07-22 14:44:53 +03:00
Andrew Childs
d2144755a4 nixos-test-driver: allow configuration of net frontend and backend
When IPXE tests were added, an option was added for configuring only
the frontend, and the backend configuration was dropped entirely. This
caused most installer tests to fail.
2019-07-22 13:44:27 +03:00
Franz Pletz
376b5fd000
Merge pull request #64463 from Ma27/graylog-test
nixos/graylog: minor fixes, add test
2019-07-21 20:53:39 +00:00
Aaron Andersen
44565adda5
Merge pull request #60436 from nbardiuk/master
nixos/tiddlywiki: init
2019-07-21 16:39:42 -04:00
Franz Pletz
bc418837d5
Merge pull request #65225 from Ma27/bump-prometheus-wireguard-exporter
prometheus-wireguard-exporter: 2.0.1 -> 3.0.0
2019-07-21 20:19:22 +00:00
Maximilian Bosch
7095bdf988
nixos/prometheus-exporters/wireguard: add support for -s switch
Since version 3.0 all allowed IPs and subnets are exposed by the
exporter. With `-s` set on the CLI, instead of a comma-separated list,
each allowed IP and subnet will be in a single field with the schema
`allowed_ip_<index>`.
2019-07-21 21:39:49 +02:00
Maximilian Bosch
543ef567d9
prometheus-wireguard-exporter: 2.0.1 -> 3.0.0
Two new releases are available:
* https://github.com/MindFlavor/prometheus_wireguard_exporter/releases/tag/3.0.0
* https://github.com/MindFlavor/prometheus_wireguard_exporter/releases/tag/2.0.2

The main new feature is that the exporter exposes all allowed ips and
subnets.
2019-07-21 21:39:48 +02:00
Danylo Hlynskyi
caa0f82bf8
docs: update docs for postgresql plugins (#64899)
docs: update docs for postgresql plugins

Co-Authored-By: Mario Rodas <marsam@users.noreply.github.com>
2019-07-21 22:05:41 +03:00
edef
1c9a2d4d7f nixos/programs/ssh: allow specifying known host CAs 2019-07-21 14:23:41 +00:00
Anders Lundstedt
53841fcea9 nixos/spotifyd: init 2019-07-21 00:58:20 +02:00
Aaron Andersen
9b970d07f3 nixos/httpd: drop postgresql reference 2019-07-20 18:36:24 -04:00
Aaron Andersen
0fd69629c7 nixos/httpd: mark extraSubservices option as deprecated 2019-07-20 18:36:19 -04:00
Aaron Andersen
505df09d50 nixos/httpd: drop the port option 2019-07-20 18:29:46 -04:00
Thomas Tuegel
a071bfa7e7
Merge pull request #65188 from xvello/master
plasma5: allow to configure the default phonon backend
2019-07-20 15:35:09 -05:00
Xavier Vello
df748aeefe nixos/plasma5: allow to configure the default phonon backend
Introduce a new .plasma5.phononBackend option. Default value
"gstreamer" installs the same packages as before. "vlc" installs
only the vlc phonon backend.
2019-07-20 21:53:46 +02:00
Samuel Dionne-Riel
56836c31ad nixos/tests: drop tomcat connector test
The httpd subservice was dropped in #64052.
2019-07-20 15:19:45 -04:00
Pierre Bourdon
6332bc25cd
nixos/bind: allow manual additions to zone config fragments 2019-07-20 17:50:37 +02:00
Aaron Andersen
30920fbf69
Merge pull request #64741 from dasJ/gitea-smtp-pw
nixos/gitea: Support SMTP without pw in the store
2019-07-20 08:32:51 -04:00
Aaron Andersen
faf884ca9b
Merge pull request #64365 from aanderse/tt-rss
nixos/tt-rss: remove deprecated usage of PermissionsStartOnly, specify a group to run service as, and fix local pgsql database creation
2019-07-20 08:23:48 -04:00
worldofpeace
d734750608 nixos/xdg: default portal from xserver.enable
same affect as f84a4ef892
but we won't need to enable the module independently for DE
modules.
2019-07-19 19:47:02 -04:00
Samuel Dionne-Riel
f84a4ef892 nixos/xdg: Disables portal by default...
Left to do: re-enable as needed in the usual situations.

This added ~286MiB to the base system closure, which is enough to bring
the sd images over the limit allowed on Hydra.
2019-07-19 19:28:51 -04:00
Graham Christensen
a463582040
Merge pull request #65079 from mmahut/typo
Renaming security.virtualization.flushL1DataCache to virtualisation
2019-07-19 16:12:52 -04:00
Graham Christensen
d51b522a6e
Merge pull request #64052 from aanderse/tomcat-connector
nixos/httpd: drop tomcat-connector httpd subservice
2019-07-19 15:25:44 -04:00
Dima
186222ce7b
Fixing minor typo in prometheus exporters doc 2019-07-19 21:13:57 +02:00
Edmund Wu
23ae47a2d0
compton: 6.2 -> 7 2019-07-19 13:07:21 -04:00
Marek Mahut
e72f25673d Renaming security.virtualization.flushL1DataCache to virtualisation
Fixes #65044
2019-07-19 15:49:37 +02:00
worldofpeace
00eef848b2 nixos/doc: fix build
Adjusts to options renamed in 90b1197301
2019-07-18 20:40:24 -04:00
worldofpeace
3531a229d1 nixos/pantheon: add gtk xdg desktop portal 2019-07-18 20:03:12 -04:00
worldofpeace
69f2836c1b
Merge pull request #64575 from pasqui23/portal
nixos/xdg: add portal option
2019-07-18 20:00:09 -04:00
Pasquale
90b1197301 nixos/xdg: add portal option
This factors the configuration out of the flatpak module.
2019-07-18 19:59:07 -04:00
Peter Simons
c768e1ff48
Merge pull request #64794 from peti/t/postfix-module
nixos: add 'localRecipients' config option for Postfix
2019-07-18 19:14:36 +02:00
fuwa
562b5061a7 nixos/tor: fix obfs4 package 2019-07-19 04:11:17 +08:00
Florian Klink
9d339e3b45
Merge pull request #61312 from Yarny0/tsm-client
TSM client
2019-07-18 02:46:31 +02:00
Matthew Bauer
857f7fb4af nixos/binfmt: update release notes and provide examples 2019-07-17 17:09:20 -04:00
Matthew Bauer
1acc701fdb nixos/binfmt: handle wasm binaries
This adds handling for WASM binaries to binfmt’s emulatedSystems. To
enable, add this to your configuration:

  boot.binfmt.emulatedSystems = [ "wasm32-wasi" ];

After rebuilding with nixos-rebuild switch, you can run wasm binaries
directly.
2019-07-17 17:00:46 -04:00
Robin Gloster
0972409c95
Merge pull request #64550 from bgamari/gitlab-12.0
gitlab: 11.10.8 -> 12.0.3
2019-07-17 16:01:03 +00:00
Jamey Sharp
d4e5748c1b nixos/openldap: fix assertion
In commit d43dc68db3, @Mic92 split the
rootpw option to allow specifying it in a file kept outside the Nix
store, as an alternative to specifying the password directly in the
config.

Prior to that, rootpw's type was `str`, but in order to allow both
alternatives, it had to become `nullOr str` with a default of `null`. So
I can see why this assertion, that either rootpw or rootpwFile are
specified, makes sense to add here.

However, these options aren't used if the configDir option is set, so as
written this assertion breaks valid configurations, including the
configuration used by nixos/tests/ldap.nix.

So this patch fixes the assertion so that it doesn't fire if configDir
is set.
2019-07-17 11:08:10 +03:00
Nikolay Amiantov
294751a4fc
Merge pull request #62955 from abbradar/resolvconf
resolvconf service: init
2019-07-17 11:07:12 +03:00
Peter Hoeg
db858b4d30
Merge pull request #64806 from peterhoeg/f/exec
nixos/systemd: 242 supports Type = exec
2019-07-17 14:09:20 +07:00
Nazarii Bardiuk
976928daa2
nixos/tiddlywiki: init
Service that runs TiddlyWiki nodejs server
2019-07-16 23:12:16 +01:00
Ambroz Bizjak
4f309207c7 nixos/xserver: Make radeon in videoDrivers an alias for ati.
The old open-source driver for AMD/ATI GPUs is commonly known as "radeon"
despite the historical package name xf86-video-ati. For example it presents
itself as RADEON in the Xorg log. So adding "radeon" to videoDrivers should
work.

Also changed the docs for the videoDrivers option to use "radeon" in the
default value instead of "ati".

Fixes #37917
2019-07-16 23:02:09 +02:00
Vladimír Čunát
2b28e4c96f
Merge #64892: 'staging-next' (another iteration)
It's not completely without regressions, but I believe we can deal with
the rest directly on master.  This is required for Firefox security fixes.
2019-07-16 19:32:17 +02:00
Frederik Rietdijk
a28a9ac156 Merge master into staging-next 2019-07-16 11:15:46 +02:00
Danylo Hlynskyi
475f1ebd98
Merge branch 'master' into postgresql-plugins-bin 2019-07-16 11:32:52 +03:00
Robin Gloster
52fd300b8c
gitlab module: fix permissions 2019-07-16 03:51:17 +02:00
Robin Gloster
3469c206f2
gitlab-shell: better gitlab_shell_secret location
So this won't be cleaned up by removing config/*
2019-07-16 03:51:11 +02:00
Aaron Andersen
ee1231890d
Merge pull request #64810 from WilliButz/grafana-extend-test
nixos/tests: extend grafana test, nixos/grafana: use group grafana instead of nogroup
2019-07-15 20:43:36 -04:00
Robin Gloster
783c2f6106
gitlab module: clean up permission handling
This is WIP to get rid of PermissionsStartOnly=true
2019-07-16 01:19:07 +02:00
Nikolay Amiantov
b392c5ab4d
Merge pull request #64815 from abbradar/ipxe-efi
IPXE EFI netboot fix
2019-07-15 21:21:29 +03:00
Nikolay Amiantov
01b90dce78 resolvconf service: init
This is a refactor of how resolvconf is managed on NixOS. We split it
into a separate service which is enabled internally depending on whether
we want /etc/resolv.conf to be managed by it. Various services now take
advantage of those configuration options.

We also now use systemd instead of activation scripts to update
resolv.conf.

NetworkManager now uses the right option for rc-manager DNS
automatically, so the configuration option shouldn't be exposed.
2019-07-15 20:25:39 +03:00
Nikolay Amiantov
a2e8be9fc3 boot tests: add UEFI PXE netboot testing
Generalize netboot testing and add tests for UEFI PXE netboot.
2019-07-15 19:34:19 +03:00
WilliButz
b01b1fd62d
nixos/tests: extend grafana test
Also test configurations with postgresql and mariadb.
2019-07-15 18:33:26 +02:00
Nikolay Amiantov
81d35a9d7e nixos-test-driver: support netRomFile
Needed for UEFI PXE netboot testing.
2019-07-15 19:33:26 +03:00
Nikolay Amiantov
e4837acf21 nixos netboot: explicitly specify initrd
Needed for iPXE on UEFI, see http://forum.ipxe.org/archive/index.php/thread-7589.html
2019-07-15 19:33:21 +03:00
WilliButz
a9ce5f6c59
nixos/grafana: add grafana user to group 'grafana' 2019-07-15 18:33:19 +02:00
Peter Simons
59bacaca3d nixos: add 'localRecipients' config option for Postfix
The new option services.postfix.localRecipients allows
configuring the postfix option 'local_recipient_maps'. When
set to a list of user names (or patterns), that map
effectively replaces the lookup in the system's user
database that's used by default to determine which local
users are valid.

This option is useful to explicitly set local users that are
allowed to receive e-mail from the outside world. For local
injection i.e. via the 'sendmail' command this option has no
effect.
2019-07-15 17:36:20 +02:00
Peter Hoeg
eb55dd5e6b nixos/systemd: 242 supports Type = exec 2019-07-15 20:28:26 +08:00
Yarny0
d99462ff5a nixos/backup/tsm: init module
Based on the programs/tsm-client module,
this commit introduces a systemd service that uses the
tsm-client to create regular backups of the machine.
2019-07-15 09:41:37 +02:00
Yarny0
f5b873f43c nixos/tsm-client: init module
This commit brings a module that installs the
IBM Spectrum Protect (Tivoli Storage Manager)
command-line client together with its
system-wide client system-options file `dsm.sys`.
2019-07-15 09:41:37 +02:00
Vladimír Čunát
3686036e02
Merge branch 'master' into staging-next
Hydra nixpkgs: ?compare=1530372
2019-07-15 09:39:03 +02:00
Janne Heß
1e23007dcd nixos/gitea: Support SMTP without pw in the store 2019-07-14 22:48:10 +02:00
Linus Heckemann
a935eff7fa
Merge pull request #62835 from lheckemann/ipv6-privacy-extensions
Ipv6 privacy extensions
2019-07-14 19:27:54 +02:00
Silvan Mosberger
5eac339829
nixos/redmine: add database.createLocally option (#63932)
nixos/redmine: add database.createLocally option
2019-07-14 16:22:37 +02:00
Nikolay Amiantov
8951505dc9
Merge pull request #62956 from abbradar/nm-fixes
NetworkManager fixes
2019-07-13 22:31:13 +03:00
Léo Gaspard
8f38f0341c
Merge pull request #63639 from Ekleog/fix-matrix-doc
matrix-synapse: fix documentation
2019-07-13 18:17:14 +02:00
José Romildo Malaquias
c3282487dd xfce4-13: rename to xfce4-14 2019-07-13 08:42:05 -03:00
caadar
6fea6dbc00 manual: mention jmacs as emacs imitation 2019-07-13 11:01:17 +02:00
Frederik Rietdijk
54065ae20d Merge master into staging-next 2019-07-13 09:45:40 +02:00
Silvan Mosberger
2d7bce29d1
nixos/install-grub: include child configs in grub menu (#45345)
nixos/install-grub: include child configs in grub menu
2019-07-13 03:07:02 +02:00
Jamey Sharp
d79584c902 nixos/nscd: document why it is configured this way 2019-07-12 12:07:45 -07:00
Silvan Mosberger
5b8b5a694c
Merge pull request #64112 from davidtwco/deluge/users-groups-firewalls
nixos/deluge: add user/group/openFirewall opts and extraction packages to path
2019-07-12 20:26:55 +02:00
Florian Klink
a234b91271
Merge pull request #64621 from gloaming/dhcpcd-before-network-online
nixos/dhcpcd: Before network-online.target
2019-07-12 12:48:01 +02:00
Aaron Andersen
c13fbe0551
Merge pull request #63844 from aanderse/zabbix-cleanup
nixos/zabbix: overhaul package & module
2019-07-12 06:12:51 -04:00
Vladimír Čunát
2c3f18721e
Merge #59924: knot-resolver: 3.2.1 -> 4.1.0 (security) 2019-07-12 09:14:53 +02:00
Daniel Frank
ed86bbad84 system.autoUpgrade: optionally allow rebooting the system on kernel change (#64267)
* autoUpgrade: optionally allow rebooting the system on kernel change

* system.autoUpgrade: Better documentation and readability
2019-07-12 09:09:50 +03:00
Aaron Andersen
08286b4f29 nixos/httpd: drop tomcat-connector httpd subservice 2019-07-11 20:58:55 -04:00
Aaron Andersen
649ec93c37 foswiki: drop package & httpd subservice 2019-07-11 19:46:30 -04:00
Aaron Andersen
6a1de5460b nixos/httpd: remove broken trac subservice 2019-07-11 19:19:27 -04:00
Aaron Andersen
4191c80c31 nixos/zabbixProxy: init module 2019-07-11 18:55:58 -04:00
Aaron Andersen
70092c9acb nixos/zabbixAgent & nixos/zabbixServer: various module updates 2019-07-11 18:54:15 -04:00
Aaron Andersen
6891fb4103 nixos/zabbixWeb: replace httpd subservice with new module 2019-07-11 18:45:46 -04:00
Matthew Bauer
99c04c74cf
Merge pull request #63581 from PsyanticY/zabbix-4.0
zabbix:1.8 -> 4.0 | remove old packages
2019-07-11 15:05:05 -04:00
worldofpeace
c924032b68
Merge pull request #63894 from ambrop72/no-opengl-xdg-data-dirs
nixos/opengl: Don't set XDG_DATA_DIRS.
2019-07-11 13:16:08 -04:00
worldofpeace
a6ce6c1052
Merge pull request #61981 from ambrop72/no-opengl-ld-library-path
nixos: Don't set LD_LIBRARY_PATH for graphics drivers that don't need it.
2019-07-11 13:15:51 -04:00
PsyanticY
16f8a17416 zabbix:1.8 -> 4.0 | remove old packages 2019-07-11 17:22:26 +01:00
Nikolay Amiantov
48b3e70534
Update nixos/modules/services/networking/networkmanager.nix
Co-Authored-By: worldofpeace <worldofpeace@protonmail.ch>
2019-07-11 18:37:51 +03:00
Venkateswara Rao Mandela
bc68f85326 nixos/tests: add test for showing child configuration in grub menu
- Create a child configuration named "Work" with an extra config file.
- Name the default configuration as "Home" :-)
- Once the VM is setup, reboot and verify that it has booted into
default configuration.
- Reboot into the "Work" configuration via grub.
- Verify that we have booted into the "Work" configuration and that
the extra config file is present.

This test works for the simple grub configuration and simple UEFI
Grub configuration. UEFI Systemd is not included in the test.
2019-07-11 17:40:25 +05:30
Venkateswara Rao Mandela
b08400a4d2 nixos/tests: installer: restructure simpleUefiGrub test data 2019-07-11 17:38:25 +05:30
Venkateswara Rao Mandela
c400ab55d6 nixos/tests: installer: restructure simple test data 2019-07-11 17:38:25 +05:30
Venkateswara Rao Mandela
7f363b034e nixos/install-grub: include child configs in grub menu
Add configs listed under the fine-tune subdirectory to the grub menu.
Use specified configuration name for the entry if available.
2019-07-11 17:38:25 +05:30
Craig Hall
2ae58dfc79 nixos/dhcpcd: Before network-online.target
Instead of network.target. Fixes #60900 (delayed boot).
2019-07-11 12:23:41 +01:00
Frederik Rietdijk
22cb7f25f2 Merge master into staging-next 2019-07-11 09:40:10 +02:00
worldofpeace
0ad1b80a3b
Merge pull request #64588 from eadwu/libinput/additional-options-type-lines
nixos/libinput: use `types.lines` for additionalOptions
2019-07-10 22:24:50 -04:00
edef
4a633b5618
Merge pull request #64548 from NixOS/etcd-3.3.13
etcd: 3.3.1 -> 3.3.13
2019-07-10 17:11:44 +00:00
Edmund Wu
7d95bc0c85
nixos/libinput: use types.lines for additionalOptions 2019-07-10 12:22:57 -04:00
Vladimír Čunát
9efdd2e434
knot-resolver: 3.2.1 -> 4.0.0
https://lists.nic.cz/pipermail/knot-resolver-users/2019/000136.html

Similar commit worked fine for me, including the nixos service.
I'd like to still improve the service to support easy passing of sockets
to http module.
2019-07-10 17:40:04 +02:00
Peter Hoeg
8317663b94 nixos/syncthing: do not use nogroup
We were already creating a group for the user under which to run syncthing but
we were defaulting to running as `nogroup`.

Additionally, use `install` instead of multiple calls to mkdir/cp/chown.
2019-07-10 21:29:25 +08:00
Frederik Rietdijk
da96a4119f Merge staging-next into staging 2019-07-10 08:52:50 +02:00
Frederik Rietdijk
fb6260fcf7
Merge pull request #64236 from NixOS/staging-next
Staging next
2019-07-10 08:52:04 +02:00
edef
b3bce2cfa2 nixos/tests/etcd-cluster: be more lenient about member addition 2019-07-10 00:42:48 +00:00
edef
950d91cc9c nixos/tests: include the etcd-cluster test in all-tests.nix
We seem to have had this test for quite a while, but nothing seems to
reference it.
2019-07-09 23:46:57 +00:00
Austin Seipp
acb1134074
nixos/foundationdb: s/pidFile/pidfile/
Fixes an evaluation regression introduced by a case-typo in
de6e5ea815

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2019-07-09 17:11:31 -05:00
Maximilian Bosch
16d0b8dcbd
nixos/graylog: add test
Basic test which confirms new inputs can be created and that messages
can be sent to a UDP-GELF input using `netcat`.

This test requires 4GB of RAM to avoid issues due insufficient
memory (please refer to `nixos/tests/elk.nix` for a detailed explanation of
the issue) for elasticsearch.

Also it's ensured that elasticsearch has an open HTTP port for communication
when starting `graylog`. This is a workaround to ensure that all services
are started in proper order, even in test environments with less power.
However this shouldn't be implemented in the `nixos/graylog` module as
this might be harmful when using elasticsearch clusters that require e.g.
authentication and/or run on different servers.
2019-07-09 23:57:45 +02:00
Aaron Andersen
ca336ac985
Merge pull request #64050 from aanderse/mercurial
nixos/httpd: drop mercurial httpd subservice
2019-07-09 12:54:01 -04:00
Frederik Rietdijk
79a03641d5 Merge staging-next into staging 2019-07-09 15:46:26 +02:00
Frederik Rietdijk
74c24385cb Merge master into staging-next 2019-07-09 15:46:00 +02:00
Frederik Rietdijk
7cf5909fad Merge staging-next into staging 2019-07-09 15:44:08 +02:00
rnhmjoj
1738283e6e nixos/network-interfaces: make preferTempAddr=false work again 2019-07-09 08:08:45 +02:00
Ben Wolsieffer
d82840dbd1 nixos/release-notes: fix bad merge of cargo-vendor entry and overall indentation 2019-07-08 21:13:58 -04:00
Nikolay Amiantov
13b8156030 kvmgt service: use modprobe, force-load module 2019-07-08 22:21:09 +03:00
WilliButz
d902420290
nixos/tests: add test for loki 2019-07-08 16:10:00 +02:00
WilliButz
3f598c0faa
nixos/loki: add module 2019-07-08 16:09:56 +02:00
Elis Hirwing
3b354cc037
Merge pull request #64412 from davidtwco/lidarr/fix-home
nixos/lidarr: re-add home attribute
2019-07-07 21:35:06 +02:00
Elis Hirwing
89bc406be5
Merge pull request #64413 from davidtwco/jackett/package
nixos/jackett: add package option
2019-07-07 21:33:11 +02:00
Jamey Sharp
f7c776760b nixos/nscd: only drop privs after nss module init
NixOS usually needs nscd just to have a single place where
LD_LIBRARY_PATH can be set to include all NSS modules, but nscd is also
useful if some of the NSS modules need to read files which are only
accessible by root.

For example, nixos/modules/config/ldap.nix needs this when
  users.ldap.enable = true;
  users.ldap.daemon.enable = false;
and users.ldap.bind.passwordFile exists. In that case, the module
creates an /etc/ldap.conf which is only readable by root, but which the
NSS module needs to read in order to find out what LDAP server to
connect to and with what credentials.

If nscd is started as root and configured with the server-user option in
nscd.conf, then it gives each NSS module the opportunity to initialize
itself before dropping privileges. The initialization happens in the
glibc-internal __nss_disable_nscd function, which pre-loads all the
configured NSS modules for passwd, group, hosts, and services (but not
netgroup for some reason?) and, for each loaded module, calls an init
function if one is defined. After that finishes, nscd's main() calls
nscd_init() which ends by calling finish_drop_privileges().

There are provisions in systemd for using DynamicUser with a service
which needs to drop privileges itself, so this patch does that.
2019-07-07 08:43:41 -07:00
Maximilian Bosch
beff2f8d75 nixos/graylog: use types.lines for extraConfig
The `types.lines` type makes it possible to define `extraConfig` in
multiple files and simply concat the contents.
2019-07-07 14:49:39 +02:00
David Wood
e2247dceb3
nixos/lidarr: re-add home attribute
This was accidentally removed in a previous PR and broke things.
2019-07-07 12:31:28 +01:00
David Wood
7f32961ea2
nixos/jackett: add package option
This allows users of the module to override the package to a newer
version. Particularly useful as Jackett warns that old versions may not
work.
2019-07-07 12:23:01 +01:00
worldofpeace
ab34f8b39b
Merge pull request #63824 from JohnAZoidberg/zoneminder-alias
nixos/zoneminder: Fix package and service build
2019-07-06 21:19:23 -04:00
edef
4a405d8995 nixos/networking: filter out empty entries 2019-07-07 00:49:40 +00:00
Maximilian Bosch
3464c602e8
nixos/graylog: fix startup
Until now the startup failed with an error like this:

```
com.github.joschi.jadconfig.ValidationException: Parent path /var/lib/graylog/server for Node ID file at /var/lib/graylog/server/node-id is not a directory
```

This happens since `graylog.service` ensures that `/var/lib/graylog`
exists, however it doesn't take care of the directory for
`cfg.nodeIdFile`.
2019-07-06 20:42:56 +02:00
Jamey Sharp
c38fa99757 nixos/nscd: don't need to specify username
Thanks to @arianvp for pointing out that when DynamicUser is true,
systemd defaults the value of User to be the name of the unit, which in
this case is already "nscd".
2019-07-06 09:24:49 -07:00
Vladimír Čunát
0746c4dbb4
Merge branch 'master' into staging-next
There are several thousand rebuilds from master already.
Hydra nixpkgs: ?compare=1528940
2019-07-06 13:44:40 +02:00
Jörg Thalheim
df65cd3734
nixos/zfs: enable requestEncryptionCredentials by default (#64316)
nixos/zfs: enable requestEncryptionCredentials by default
2019-07-06 09:02:45 +01:00