Commit graph

7829 commits

Author SHA1 Message Date
Rhys
8777174d60 nixos/oauth2_proxy: actually pass provider-specific options
Syntax errors prevented important parameters from being passed to
oauth2_proxy, which could have permitted unauthorised access to
services behind the proxy.
2017-07-21 00:27:06 +02:00
Pascal Bach
22acfd0327 docker service: add option to do automatic pruning
This allows to run the prune job periodically on a machine.
By default the if enabled the job is run once a week.

The structure is similar to how system.autoUpgrade works.
2017-07-20 20:33:16 +02:00
Michael Peyton Jones
b09c87ab47 Factorio service: fix typo in attribute path 2017-07-20 20:32:25 +02:00
Franz Pletz
226964861f Merge pull request #27405 from rvl/postgresql-xml
postgresql: fix nixos tests and add xml support
2017-07-20 20:31:38 +02:00
Franz Pletz
00b6ac7bd3 Merge pull request #26419 from roblabla/feature-sasl
cyrus-sasl: Add saslauthd service and LDAP support
2017-07-20 20:23:52 +02:00
Graham Christensen
2b2a6f2070
nixos/ldap: remove tls_checkpeer no when using TLS 2017-07-19 19:23:40 -04:00
Rodney Lorrimar
0b027720af nixos tests: run postgresql tests with postgres user 2017-07-19 22:13:02 +01:00
Daiderd Jordan
a03d6116ce
gitlab: fix archive urls for gitlab service
Accessing an url like https://gitlab.example.org/group/project/repository/archive.tar.gz?ref=master
requires tar/gzip to be in the path of the gitlab-workhorse service otherwise it fails.
2017-07-19 21:34:17 +02:00
zimbatm
14f53e5251 Merge pull request #26214 from zimbatm/google-compute-image
Google compute image
2017-07-19 09:49:20 +01:00
Benno Fünfstück
99fbd867ef Merge pull request #27031 from jerith666/cnijfilter-2-80
cnijfilter: init at 2.80
2017-07-18 14:37:32 +02:00
Graham Christensen
ef95175ba3
manual: update mailing list links 2017-07-18 07:54:36 -04:00
Domen Kožar
d03178aae3
Point to the new mailing list by replacing the old link 2017-07-18 13:44:10 +02:00
Rob Vermaas
ec313abdce
Add file with Azure image locations, similar to ec2-amis.nix. Will be used by nixops.
(cherry picked from commit e93f26847ea41cce6633b6a0feb6ce31b0722d5d)
2017-07-18 09:18:51 +00:00
Rob Vermaas
412bfda422
Add file with GCE image locations, similar to ec2-amis.nix. Will be used by nixops.
(cherry picked from commit 9d810ddcc1938a90090fd60f8924f4e83acbeee2)
2017-07-18 09:16:15 +00:00
Eelco Dolstra
17642b5fd0
nix: 1.11.12 -> 1.11.13 2017-07-18 10:54:01 +02:00
Jörg Thalheim
26f85e4253 Merge pull request #27410 from florianjacob/journalwatch
journalwatch & journalwatch service: init at 1.1.0
2017-07-18 08:19:33 +01:00
Aristid Breitkreuz
9b0ff955fd wireguard: allow not storing private keys in world-readable /nix/store (#27433)
* wireguard: allow not storing private keys in world-readable /nix/store
2017-07-17 23:55:31 +02:00
Falco Peijnenburg
b09d036342 Strongswan after network-online instead of network
The systemd service file shipped with strongswan has strongswan started after `network-online`. It turns out that this is for good reason: failure to connect on boot otherwise. 

See this thread on the mailing list, which my colleague initiated after finding that our NixOS strongswan config wouldn't connect on boot:
https://lists.strongswan.org/pipermail/users/2017-January/010359.html

Tested on a local config (which has the strongswan service config overridden).
2017-07-17 20:17:58 +02:00
Wout Mertens
c4783a982b nginx: add gzip_vary to recommended settings
Google PageSpeed recommends turning this on to allow proxies to cache
2017-07-17 20:15:59 +02:00
Jörg Thalheim
04c944cdb4 Merge pull request #27057 from Nadrieril/bitlbee-libpurple
bitlbee service: Add option to load libpurple plugins into bitlbee
2017-07-17 18:07:43 +01:00
Robin Gloster
b8d92a7840
programs.gnupg: use extraInit instead of interactiveShellInit
Otherwise some programmes cannot use the GPG agent, e.g. applications
started from dmenu.

Behaviour was changed in #26888, this reverts that part.
2017-07-17 18:45:37 +02:00
Matt McHenry
67d02cd60a cnijfilter: init at 2.80
this driver reads support files from lib/bjlib as well as lib/cups,
which is why the path in cupsd.nix is tweaked
2017-07-17 07:32:23 -04:00
Nadrieril
8669fb1f96 tinc service: BindToAddress and ListenAddress are different options, they should not be mistaken 2017-07-17 13:07:49 +02:00
Benno Fünfstück
1d78df2729 Merge pull request #27000 from Balletie/fix/pulseaudio-alsa-conf
pulseaudio: Resolve conflicting asound.conf of pulseaudio and alsa
2017-07-17 08:20:38 +02:00
volth
870375e19d all-hardware.nix: add VMware support. (#27430)
NixOS does not boot in VMware guest without these modules
2017-07-17 02:38:10 +02:00
Graham Christensen
8df6d351c4 Merge pull request #26912 from knedlsepp/fix-autoResize
nixos: Force check the filesystem before resizing
2017-07-16 16:54:54 -04:00
Graham Christensen
653badee82 Merge pull request #26259 from bachp/mysql-datadir-changelog
Mysql datadir changelog
2017-07-16 16:51:17 -04:00
Graham Christensen
3d176b7ff1 Merge pull request #25670 from Mic92/cups-hardening
cups: mount private /tmp
2017-07-16 16:41:33 -04:00
Graham Christensen
6b879ef36e Merge pull request #23964 from benley/nixos-manual-launcher
nixos: nix snowflake logo for the nixos manual launcher
2017-07-16 16:28:30 -04:00
aszlig
b618843860
nixos/taskserver: Fix manual PKI management
The helper tool had a very early check whether the automatically created
CA key/cert are available and thus it would abort if the key was
unavailable even though we don't need or even want to have the CA key.

Unfortunately our NixOS test didn't catch this, because it was just
switching from a configuration with an automatically created CA to a
manual configuration without deleting the generated keys and certs.

This is done now in the tests and it's also fixed in the helper tool.

Reported-by: @jpotier
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2017-07-16 20:38:15 +02:00
Nadrieril
65e38b7c52 bitlbee service: Add option to load libpurple plugins into bitlbee 2017-07-16 14:19:39 +01:00
Franz Pletz
951b932456 Merge pull request #27403 from rnhmjoj/nginx
nginx: make listen addresses configurable
2017-07-16 13:50:18 +02:00
Christian Kögler
e8a8f1233a snapper: add nixos module
fixes #27154
2017-07-16 10:06:42 +01:00
Florian Jacob
63bb133373 journalwatch & journalwatch service: init at 1.1.0 2017-07-16 00:14:19 +02:00
zimbatm
c93d68b6ed google-compute-image module: use google services
This adds a few google-specific services to setup the machine.

Accounts are now dynamically created using the google-accounts-daemon,
which allows to click on the "SSH" button in the console and have it
working.

The NixOS image now supports the userdata startup and shutdown scripts.

Misc:
* add all the google services from https://github.com/GoogleCloudPlatform/compute-image-packages/tree/master/google_compute_engine_init/systemd
* add udev rules for disk labels
* synched sysctl rules with https://github.com/GoogleCloudPlatform/compute-image-packages/blob/master/google_config/sysctl/11-gce-network-security.conf
2017-07-15 19:36:38 +01:00
Rodney Lorrimar
502a272ee7 postgresql: enable XML functions
I suspect these functions aren't widely used, but they are enabled in
PostgreSQL on Ubuntu and Arch.
2017-07-15 14:58:17 +01:00
Rodney Lorrimar
39ef4d2fe9 nixos tests: fix postgresql tests
1. Needs to call makeTest or else nothing happens when you run
   `nix-build nixos/tests/postgresql.nix`.

2. Tests run as root, so there needs to be a corresponding user in
   PostgreSQL.
2017-07-15 14:54:42 +01:00
Bjørn Forsman
b8e109d6ac nixos/libvirt: prevent OVMF path from being garbage collected
Use xmlstarlet to update the OVMF path on each startup, like we do for
<emulator>...qemu-kvm</emulator>.

A libvirt domain using UEFI cannot start if the OVMF path is garbage
collected/missing.
2017-07-14 22:07:57 +02:00
Bjørn Forsman
292827b0e0 nixos/libvirt: modify xml with xmlstarlet
Instead of grep and sed, which is brittle.

(I don't know how to preserve the comment we currently add to say that
this line is auto-updated. But I don't think it adds much value, so I'm
not spending any effort on it.)
2017-07-14 22:07:57 +02:00
rnhmjoj
e40f3bea3e
nginx: make listen addresses configurable 2017-07-14 21:26:54 +02:00
Bjørn Forsman
407b56986e nixos/lighttpd: fix indent (tab -> space) 2017-07-14 20:37:25 +02:00
Joachim Schiele
af7c7b42c1 postfix: complete remake of postfix service (#27276) 2017-07-14 16:55:53 +02:00
Bjørn Forsman
8a35f751d1 nixos/spice-vdagentd: remove needless shell 2017-07-14 16:28:25 +02:00
Daniel Fullmer
627260ddbf gnupg agent module: Only set tty for interactive shells 2017-07-14 00:22:20 +02:00
Daniel Fullmer
38e971d2e1 gnupg agent module: Fix dirmngr.enable option 2017-07-14 00:22:20 +02:00
Daniel Fullmer
3d360a5ffb gnupg agent module: Remove unnecessary unit configuration
These just seem to duplicate upstream systemd units, which are already
included in nixos configuration by systemd.packages
2017-07-14 00:22:20 +02:00
Eelco Dolstra
40cf34aaae
nix: 1.11.11 -> 1.11.12 2017-07-13 16:37:11 +02:00
florianjacob
9937f13308 resolved: use resolved's static resolv.conf (#27144)
because it is upstream's recommended mode of operation:
https://www.freedesktop.org/software/systemd/man/systemd-resolved.html#/etc/resolv.conf
2017-07-13 14:40:31 +01:00
Jörg Thalheim
b14bcd873a Merge pull request #27142 from florianjacob/resolved-multicastdns-support
networkd: Allow new MulticastDNS setting
2017-07-13 14:35:23 +01:00
Jörg Thalheim
c29b5b5a40 Merge pull request #27350 from veprbl/slurm
Bump slurm, add pyslurm
2017-07-13 09:32:51 +01:00