Commit graph

8410 commits

Author SHA1 Message Date
Matt McHenry
1b7e5eaa79 nixos/dnscache: add module
with improvements suggested by Jörg Thalheim <joerg@thalheim.io>
2017-09-19 21:24:58 -04:00
Matt McHenry
ab851b63da nixos/tinydns: add module
with improvements suggested by Jörg Thalheim <joerg@thalheim.io>
2017-09-19 20:57:41 -04:00
Franz Pletz
406c7a0731 Merge pull request #29521 from aneeshusa/ease-radicale-upgrade
Ease radicale upgrade
2017-09-18 23:13:53 +02:00
gwitmond
bd52618c9d
nixos: add option for bind to not resolve local queries (#29503)
When the user specifies the networking.nameservers setting in the
configuration file, it must take precedence over automatically
derived settings.

The culprit was services.bind that made the resolver set to
127.0.0.1 and ignore the nameserver setting.

This patch adds a flag to services.bind to override the nameserver
to localhost. It defaults to true. Setting this to false prevents the
service.bind and dnsmasq.resolveLocalQueries settings from
overriding the users' settings.

Also, when the user specifies a domain to search, it must be set in
the resolver configuration, even if the user does not specify any
nameservers.

(cherry picked from commit 670b4e29adc16e0a29aa5b4c126703dcca56aeb6)

This commit was accidentally merged to 17.09 but was intended for
master. This is the cherry-pick to master.
2017-09-18 22:54:29 +02:00
Franz Pletz
dc08dcf6e7
ssh service: add sftpFlags option 2017-09-18 21:52:07 +02:00
WilliButz
9198ad65ef tests: add initrd-network-ssh test
starts two VMs:
- one with dropbear listening from initrd,
  waiting for a file
- another connecting via ssh, creating the file
2017-09-18 19:51:46 +02:00
Aneesh Agrawal
28c2cea847 radicale: Test migration functionality
This also provides an example of how to migrate.
2017-09-18 09:11:36 -07:00
WilliButz
0b2d9bbbd2 nixos/tests: add grafana test (#29531) 2017-09-18 16:59:50 +02:00
Robert Klotzner
a9f60224f8 coturn service: Fix coturn to properly come up (#29415)
properly also in case dhcpcd being used.

Without network-online.target, coturn will fail to listen on addresses that
come up with dhcpcd.
2017-09-18 14:54:32 +02:00
Franz Pletz
b179908414
nixos/networking: network is online if default gw set
Previously services depending on network-online.target would wait until
dhcpcd times out if it was enabled and a static network address
configuration was used. Setting the default gateway statically is enough
for the networking to be considered online.

This also adjusts the relevant networking tests to wait for
network-online.target instead of just network.target.
2017-09-18 14:51:38 +02:00
Franz Pletz
decaa2e7bf Merge pull request #29133 from elitak/ipfs
ipfs: workaround for upstream bug; other small fixes
2017-09-18 13:26:39 +02:00
Florian Jacob
839e3c7666 nixos/mysql: declarative users & databases
using Unix socket authentication, ensured on every rebuild.
2017-09-18 13:10:26 +02:00
Kranium Gikos
662b409b72 influxdb service: fixup postStart script to handle TLS 2017-09-18 11:56:30 +02:00
Justin Humm
b5a5d0ba84 gollum service: init 2017-09-18 11:55:00 +02:00
Aneesh Agrawal
fcd590d116 radicale: Add extraArgs option to assist in data migration 2017-09-18 00:29:01 -07:00
Maximilian Güntner
44475cae27 tests: ipfs: enable autoMount tests 2017-09-18 00:05:35 -07:00
Eric Litak
1a15c5d8c6 ipfs: autoMount working without root 2017-09-17 23:57:25 -07:00
Eric Litak
6324317c76 ipfs: workaround for upstream bug; doc fixes 2017-09-17 23:57:25 -07:00
Pascal Bach
c68118ce65 glusterfs service: add support for TLS communication
TLS settings are implemented as submodule.
2017-09-17 18:53:14 +02:00
Franz Pletz
275914323b Merge pull request #27256 from bachp/squid-service
squid service: initial service based on default config
2017-09-17 18:52:53 +02:00
Rodney Lorrimar
6460e459de nixos/gogs: Fix module when no passwords provided
If neither database.password or database.passwordFile were provided,
it would try and fail to coerce null to a string.

This fixes the situation where there is no password for the database.

Resolves #27950
2017-09-17 18:41:53 +02:00
Joachim F
149307476e Merge pull request #29479 from florianjacob/fix-tinc-stable
nixos/tinc: Fix tinc cli wrapper for tinc 1.0
2017-09-17 13:40:20 +00:00
Florian Jacob
8cea87c1eb nixos/tinc: Fix tinc cli wrapper for tinc 1.0.
tinc prior to 1.1 doesn't have the `tinc` executable,
and `tincd` isn't of any use while the daemon already runs.
2017-09-17 10:46:12 +02:00
Antoine Eiche
ea6d37c2bb dockerTools.pullImage: release note regarding sha256 argument value 2017-09-17 08:26:02 +01:00
aszlig
3ba2095a42
nixos/dovecot: Fix createMailUser implementation
This option got introduced in 7904499542
and it didn't check whether mailUser and mailGroup are null, which they
are by default.

Now we're only creating the user if createMailUser is set in conjunction
with mailUser and the group if mailGroup is set as well.

I've added a NixOS VM test so that we can verify whether dovecot works
without any additional options set, so it serves as a regression test
for issue #29466 and other issues that might come up with future changes
to the Dovecot service.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Fixes: #29466
Cc: @qknight, @abbradar, @ixmatus, @siddharthist
2017-09-17 04:57:20 +02:00
Joachim F
8ceb209830 Merge pull request #29462 from joachifm/trivial-misc-tests
nixos/tests: move kernel-params & sysctl test to misc
2017-09-16 19:51:58 +00:00
Jaka Hudoklin
1adaad1371 Merge pull request #28927 from xtruder/nixos/logkeys/init
logkeys module: init
2017-09-16 16:23:13 +02:00
Joachim F
c0616a3234 Merge pull request #28892 from ryantm/matterbridge2
matterbridge, modules/matterbridge: init at 1.1.0
2017-09-16 12:43:35 +00:00
Joachim Fasting
586d04c588
nixos/tests: expand hardened tests 2017-09-16 13:14:07 +02:00
Matt McHenry
cfbac1beb4 systemd: better document enabled, wantedBy, and requiredBy (#29453)
the systemd.unit(5) discussion of wantedBy and requiredBy is in the
[Install] section, and thus focused on stateful 'systemctl enable'.
so, clarify that in NixOS, wantedBy & requiredBy are still what most
users want, and not to be confused with enabled.
2017-09-16 12:48:16 +02:00
Joachim Fasting
e05459584e
nixos/release-combined: remove basic kernel tests
Arguably, breaking linux-latest should not block a release.  Also, booting
the kernel + basic sanity checking is implicitly exercised by every other
vm test.
2017-09-16 12:45:30 +02:00
Joachim Fasting
ffd56ba4f6
nixos/tests: move kernel-params test to misc 2017-09-16 12:45:28 +02:00
Joachim Fasting
c85cf60c83
nixos/tests: move sysctl test to misc 2017-09-16 12:45:23 +02:00
Silvan Mosberger
fea9e081a9
namecoin service: fix typo 2017-09-15 23:08:53 +02:00
Tuomas Tynkkynen
c8e7aab0c8 sd-image-aarch64: Increase CMA memory so RPi3 virtual console works again 2017-09-15 23:15:16 +03:00
Bjørn Forsman
6b7a9376f1 nixos/wpa_supplicant: use literalExample
For various reasons, big Nix attrsets look ugly in the generated manual
page[1]. Use literalExample to fix it.

[1] Quotes around attribute names are lost, newlines inside multi-line
strings are shown as '\n' and attrs written on multiple lines are joined
into one.
2017-09-15 20:27:48 +02:00
joachim schiele
7904499542 dovecot2: added quota, changed pop3 default 2017-09-15 18:01:29 +02:00
Jörg Thalheim
1ecf3e862f zfsUnstable: init at 2017-09-12 2017-09-15 17:59:37 +02:00
Jörg Thalheim
7d5633ea7a Merge pull request #27342 from lheckemann/installer-changes
Installer changes
2017-09-15 16:19:11 +01:00
Eelco Dolstra
6dad1f70ce
nix: 1.11.14 -> 1.11.15 2017-09-15 16:38:33 +02:00
Rob Vermaas
0783efb41c
google-instance-setup: add openssh to path 2017-09-15 10:43:09 +00:00
aszlig
b5fbb4f362
nixos/tests/acme: Use overridePythonAttrs
Quoting from @FRidh:

  Note overridePythonAttrs exists since 17.09. It overrides the call to
  buildPythonPackage.

While it's not strictly necessary to do this, because postPatch ends up
in drvAttrs anyway, it's probably better to use overridePythonAttrs so
we don't run into problems when the underlying implementation of
buildPythonPackage changes.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2017-09-14 23:18:52 +02:00
Peter Hoeg
4b78d44ab6 mtr nixos module: wrap the proper binary 2017-09-14 19:09:54 +08:00
André-Patrick Bubel
2000fba561
nixos/fileystems: Fix boot fails with encrypted fs
Boot fails when a keyfile is configured for all encrypted filesystems
and no other luks devices are configured. This is because luks support is only
enabled in the initrd, when boot.initrd.luks.devices has entries. When a
fileystem has a keyfile configured though, it is setup by a custom
command, not by boot.initrd.luks.

This commit adds an internal config flag to enable luks support in the
initrd file, even if there are no luks devices configured.
2017-09-14 05:27:41 +02:00
Jörg Thalheim
bb5b084986 tor: skip ControlPort in torrc, if not set. 2017-09-13 23:33:46 +01:00
Tuomas Tynkkynen
0c368ef02f treewide: Escape backslash in strings properly
"\." is apparently the same as "." wheras the correct one is "\\."
2017-09-14 01:03:39 +03:00
aszlig
01fffd94e5
nixos/tests/acme: Patch certifi with cacert
Since 67651d80bc the requests package now
depends on certifi, which in turn provides the CA root certificates that
we need to replace.

It might also be a good idea to actually patch certifi with our version
of cacert by default so that if we want to override and/or add something
we only need to do it once.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @fpletz, @k0ral, @FRidh
2017-09-13 23:16:43 +02:00
aszlig
bda38317eb
nixos/tests/letsencrypt: Fix nginx options
The enableSSL option has been deprecated in
a912a6a291, so we switch to using onlySSL.

I've also explicitly disabled enableACME, because this is the default
and we don't actually want to have ACME enabled for a host which runs an
actual ACME server.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2017-09-13 23:16:40 +02:00
aszlig
11b3ae74e1
nixos/tests: Add a basic test for ACME
The test here is pretty basic and only tests nginx, but it should get us
started to write tests for different webservers and different ACME
implementations.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2017-09-13 23:16:37 +02:00
aszlig
b3162a1074
nixos/tests: Add common modules for letsencrypt
These modules implement a way to test ACME based on a test instance of
Letsencrypt's Boulder service. The service implementation is in
letsencrypt.nix and the second module (resolver.nix) is a support-module
for the former, but can also be used for tests not involving ACME.

The second module provides a DNS server which hosts a root zone
containing all the zones and /etc/hosts entries (except loopback) in the
entire test network, so this can be very useful for other modules that
need DNS resolution.

Originally, I wrote these modules for the Headcounter deployment, but
I've refactored them a bit to be generally useful to NixOS users. The
original implementation can be found here:

https://github.com/headcounter/deployment/tree/89e7feafb/modules/testing

Quoting parts from the commit message of the initial implementation of
the Letsencrypt module in headcounter/deployment@95dfb31110:

    This module is going to be used for tests where we need to
    impersonate an ACME service such as the one from Letsencrypt within
    VM tests, which is the reason why this module is a bit ugly (I only
    care if it's working not if it's beautiful).

    While the module isn't used anywhere, it will serve as a pluggable
    module for testing whether ACME works properly to fetch certificates
    and also as a replacement for our snakeoil certificate generator.

Also quoting parts of the commit where I have refactored the same module
in headcounter/deployment@85fa481b34:

    Now we have a fully pluggable module which automatically discovers
    in which network it's used via the nodes attribute.

    The test environment of Boulder used "dns-test-srv", which is a fake
    DNS server that's resolving almost everything to 127.0.0.1. On our
    setup this is not useful, so instead we're now running a local BIND
    name server which has a fake root zone and uses the mentioned node
    attribute to automatically discover other zones in the network of
    machines and generate delegations from the root zone to the
    respective zones with the primaryIPAddress of the node.

    ...

    We want to use real letsencrypt.org FQDNs here, so we can't get away
    with the snakeoil test certificates from the upstream project but
    now roll our own.

    This not only has the benefit that we can easily pass the snakeoil
    certificate to other nodes, but we can (and do) also use it for an
    nginx proxy that's now serving HTTPS for the Boulder web front end.

The Headcounter deployment tests are simulating a production scenario
with real IPs and nameservers so it won't need to rely on
networking.extraHost. However in this implementation we don't
necessarily want to do that, so I've added auto-discovery of
networking.extraHosts in the resolver module.

Another change here is that the letsencrypt module now falls back to
using a local resolver, the Headcounter implementation on the other hand
always required to add an extra test node which serves as a resolver.

I could have squashed both modules into the final ACME test, but that
would make it not very reusable, so that's the main reason why I put
these modules in tests/common.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2017-09-13 23:16:33 +02:00
Robin Gloster
f5e0e94b2a
nixos/redmine: fix create role
postgresql create role no longer supports NOCREATEUSER option. See
https://www.postgresql.org/docs/9.6/static/release-9-6.html for
details.
2017-09-13 21:55:50 +02:00
Joachim F
c9200f8d9c Merge pull request #28874 from ryantm/mattermost
nixos/mattermost: fix create role
2017-09-13 19:41:25 +00:00
Jörg Thalheim
13edd9765a Merge pull request #29125 from geistesk/firehol-3.1.4
firehol: init at 3.1.4, iprange: init at 1.0.3
2017-09-13 18:10:22 +01:00
Vladimír Čunát
97ac29cafc
hpsa service: fallout from #28557 merge and revert 2017-09-13 07:55:48 +02:00
Pascal Bach
a217d73381 node-exporter service: fix documentation for enabledCollectors 2017-09-12 22:38:17 +02:00
Vladimír Čunát
422adc3063
Merge branch 'staging'
10k staging builds are not yet finished on Hydra (mostly darwin),
but we now have a 20k jobs rebuilding directly on master, so we would
never get to merge this way...
2017-09-12 19:17:52 +02:00
Jörg Thalheim
39e327eeb5 nixos/openafs-client: update cellServDB 2009-06-29 -> 2017-03-14 2017-09-12 13:12:41 +01:00
Bjørn Forsman
6b9ee30672 nixos/gitolite: don't leak nix store hash into gitolite-admin username/key
It doesn't look good when the initial admin user is named
"<hash>-gitolite-admin" and the key stored as
"<hash>-gitolite-admin.pub". Instead, make it simply "gitolite-admin"
and "gitolite-admin.pub".
2017-09-12 10:56:11 +02:00
Edward Tjörnhammar
847ce53ab1
nixos, i2pd: nat option, default true 2017-09-12 10:13:29 +02:00
Jörg Thalheim
26619935d1 Merge pull request #29083 from timor/physlock-11-dev
physlock: 0.5 -> 11-dev
2017-09-12 08:56:52 +01:00
Jörg Thalheim
ebc1127cb9 Merge pull request #29247 from pvgoran/gitolite-RequiresMountsFor
nixos/gitolite: add RequiresMountsFor unit option
2017-09-12 08:02:51 +01:00
Bjørn Forsman
fc02a0265a nixos/samba: remove space in "[ global ]" heading
Use consistent no-space style. (All documentation I've seen use no
space, and the generated section headings from the NixOS module also use
no space.)
2017-09-12 08:03:14 +02:00
Frederik Rietdijk
628b6c0e9d Merge remote-tracking branch 'upstream/master' into HEAD 2017-09-11 22:52:53 +02:00
pvgoran
4c4f73c0eb services.gitolite: Add RequiresMountsFor unit option ...
... to ensure that the filesystem where `dataDir` resides is mounted when we do initialization or upgrade.
2017-09-12 02:03:51 +07:00
Pascal Bach
334e23d244 nixos/prometheus-collectd-exporter: init module (#29212)
* prometheus-collectd-exporter service: init module

Supports JSON and binary (optional) protocol
of collectd.

* nixos/prometheus-collectd-exporter: submodule is not needed for collectdBinary
2017-09-11 19:17:00 +01:00
lewo
3a377e26b2 nixos/nova-image: cleanup image builders (#29242)
There are currently two ways to build Openstack image. This just picks
best of both, to keep only one!

- Image is resizable
- Cloudinit is enable
- Password authentication is disable by default
- Use the same layer than other image builders (ec2, gce...)
2017-09-11 17:33:33 +01:00
Robert
1b1fc65505 NixOS Manual: document assertions and warnings (#29206)
* NixOS Manual: document assertions and warnings

* NixOS manual: re-wrap assertions text
2017-09-11 17:12:50 +01:00
Vladimír Čunát
d6f9c0b353
nixos tests: restrict sysctl and plasma5 to x86_64-linux
- sysctl is new and never succeeded on i686-linux
  > cannot stat /proc/sys/net/core/bpf_jit_enable: No such file or directory
- testing plasma5 on i686 would defeat part of the reason why we ended
  supporting i686 (lots of stuff built on Hydra)
2017-09-11 07:35:19 +02:00
timor
ae87a30a83 physlock: 0.5 -> 11-dev
Update physlock to a more current version which supports PAM and
systemd-logind.  Amongst others, this should work now with the slim
login manager without any additional configuration, because it does
not rely on the utmp mechanism anymore.
2017-09-10 22:43:05 +02:00
Thomas Bach
4d101993bf manual: reworked submodule section for better readability
The section was strange to read, as the initial example already used
`listOf' which is mentioned in the very first paragraph. Then you read
in a subsection about `listOf' and the exact same example is given
once again.
2017-09-10 20:51:50 +02:00
Thomas Bach
f37a1e155e manual: fixed remaining placeholder literal 2017-09-10 20:51:50 +02:00
Thomas Bach
572726a570 manual: name' is not an argument for mkOption' 2017-09-10 20:51:50 +02:00
Ryan Mulligan
9c786d82f2 matterbridge, modules/matterbridge: init at 1.1.0 2017-09-10 08:57:28 -07:00
Jörg Thalheim
7641d0e335 Merge pull request #29171 from vaibhavsagar/znc-open-firewall
znc: open firewall with configured port
2017-09-10 14:34:29 +01:00
Jörg Thalheim
9b8f67969e Merge pull request #29191 from LumiGuide/fix-test-elk-i686
tests/elk: Fixed failing build on i686.
2017-09-10 11:53:34 +01:00
Falco Peijnenburg
11ccf69f75 tests/elk: Fixed failing build on i686.
Too much memory is required for the test.
2017-09-10 12:45:48 +02:00
Vaibhav Sagar
c7dd5e146b znc: add openFirewall configuration option 2017-09-10 18:41:39 +08:00
Franz Pletz
0d206c0b6c
nixos/release: xmonad isn't release-critical 2017-09-10 11:01:26 +02:00
Frederik Rietdijk
dab3272f47 Merge remote-tracking branch 'upstream/master' into HEAD 2017-09-10 08:56:39 +02:00
Vaibhav Sagar
83d89e9b22 znc: open firewall with configured port
The configuration doesn't currently open the configured port, which is
less convenient than opening it.
2017-09-10 11:30:46 +08:00
Vaibhav Sagar
405050b2cb znc: fix network example configuration
s/ssl/useSSL/
2017-09-10 11:25:29 +08:00
Ruben Maher
4ff9e9e333 nixos/transmission: make it possible to use a different home directory (#29138) 2017-09-09 20:19:35 +00:00
Joachim Fasting
8aa0618cf0
nixos/hardened: blacklist a few obscure net protocols 2017-09-09 17:37:17 +02:00
Joachim Fasting
2bce0b13e7
nixos/hardened: set mmap_min_addr
This is set in the hardened linux config as well but sysctl is more
flexible & works with any boot.kernelPackages
2017-09-09 17:37:15 +02:00
Tim Steinbach
84e34d4d5d
tests: xmonad less dependent on timings 2017-09-09 10:07:34 -04:00
Joachim F
b5163bc937 Merge pull request #29071 from nh2/glusterfs-glusterfind-dirs
glusterfs service: Ensure dirs needed by `glusterfind` exist
2017-09-09 13:07:39 +00:00
Pascal Bach
2ed89eddf3 squid service: intial service based on default config 2017-09-09 12:44:46 +02:00
geistesk
2316f16ac0 nixos/fireqos: add service 2017-09-09 00:29:46 +02:00
Frederik Rietdijk
febd5e323d Merge remote-tracking branch 'upstream/master' into HEAD 2017-09-08 20:48:14 +02:00
Michael Alan Dorman
cd283e9234 mfi: Remove remaining reference to mfi.nix
This file was removed in 6f0b538044, but sufficient care was not taken
to remove all references to it.  Without this change, trying to
rebuild nixos fails.
2017-09-08 14:33:45 +02:00
Tim Steinbach
539dcef15e
tests: Fix copperhead call 2017-09-07 19:43:51 -04:00
Vladimír Čunát
94036cabda
nixos/release*: fixup evaluation of the tested job 2017-09-07 21:52:28 +02:00
Bjørn Forsman
eed14baec3 nixos/postfix: undo deprecation of extraConfig, extraMasterConf
I realize that advanced users like to configure services with Nix
attrsets, but I don't think we should remove the option to use the
(configuration) language provided by upstream.
2017-09-07 21:41:29 +02:00
Jörg Thalheim
6f0b538044 nixos/mfi: remove 2017-09-07 10:24:03 +01:00
Niklas Hambüchen
5bc38fc089 glusterfs service: Ensure dirs needed by glusterfind exist 2017-09-07 10:38:52 +02:00
Frederik Rietdijk
d38ee5b46c Merge remote-tracking branch 'upstream/master' into HEAD 2017-09-07 09:29:44 +02:00
Tim Steinbach
9d89fe932c
tests: Fix hibernate
(cherry picked from commit 024b501907)
2017-09-06 22:02:34 -04:00
Tim Steinbach
024b501907
tests: Fix hibernate 2017-09-06 22:01:48 -04:00
Tim Steinbach
7faad2dce8 Merge pull request #29040 from NeQuissimus/tests_sys
More basic system tests
2017-09-06 15:04:10 -04:00
Tim Steinbach
a54b2e3ba2 Merge pull request #29002 from NeQuissimus/docker_edge_module_test
docker: Package in module, tests
2017-09-06 15:03:56 -04:00
Tim Steinbach
0857e4c84d Merge pull request #28989 from NeQuissimus/tests_xmonad
Add XMonad test
2017-09-06 15:03:41 -04:00
Frederik Rietdijk
9e27b88141 Merge remote-tracking branch 'upstream/master' into HEAD 2017-09-06 20:17:53 +02:00
makefu
ca54a86162
dnscrypt-wrapper module: fix permissions and options
When keys get refreshed a folder with the permissions of the root user
get created in the home directory of the user dnscrypt-wrapper. This
prevents the service from restarting.

In addition to that the parameters of dnscrypt-wrapper have
changed in upstream and in the newly packaged software.
2017-09-06 15:27:05 +02:00
Tim Steinbach
b4ccef2163
tests: Add environment 2017-09-05 19:05:37 -04:00
Tim Steinbach
3e2975e892
tests: Add kernelParams 2017-09-05 19:04:43 -04:00
Tim Steinbach
04b0f3255f
tests: Add sysctl 2017-09-05 19:03:54 -04:00
Franz Pletz
bbeeee220a
Merge remote-tracking branch 'origin/master' into staging 2017-09-05 20:14:08 +02:00
Franz Pletz
1bed4773f5
postgresql92: remove last references 2017-09-05 18:20:56 +02:00
pbogdan
94a4183bda nixos/fontconfig: fix substitutions option (#28895) 2017-09-05 16:20:42 +00:00
Tim Steinbach
52341c03e8
tests: linux-copperhead is not release-blocking 2017-09-05 12:15:23 -04:00
Jörg Thalheim
3558ed8bfd Merge pull request #28988 from NeQuissimus/tests_kernel_basic
Add basic kernel tests
2017-09-05 16:38:50 +01:00
Tim Steinbach
656ec9de0e
Add basic kernel tests 2017-09-05 10:38:07 -04:00
Frederik Rietdijk
d7ef196c26 Merge remote-tracking branch 'upstream/master' into HEAD 2017-09-05 10:11:06 +02:00
Tim Steinbach
380ed98bd7
docker: Add test for docker-edge, check for proper versions in tests 2017-09-04 19:02:44 -04:00
Tim Steinbach
2bb57ef776
docker: Allow package selection in module 2017-09-04 19:02:05 -04:00
Michele Catalano
4ea1d49643 nexus: Add module for nexus.
Add also myself as maintainer
Add simple test of the nexus service
2017-09-04 22:32:02 +02:00
Tim Steinbach
e153fa84a5
Add XMonad test 2017-09-04 14:03:20 -04:00
Orivej Desh
7803d69b78 nixos: update glibc locales link 2017-09-03 18:00:35 +00:00
John Ericson
241ced7dab nixos/hardware/raid/hpsa: Use NIX_BINUTILS
NIX_CC no longer includes nix-support/dynamic-linker
2017-09-03 11:39:16 -04:00
Jaka Hudoklin
4521225d22 nixos/xpra: allow to set extra options (#28934) 2017-09-03 16:30:08 +01:00
Jörg Thalheim
4391330033 Merge pull request #28893 from jtojnar/gpaste-service
gnome3.gpaste: Add GPaste service
2017-09-03 16:27:30 +01:00
Franz Pletz
2f48144d0e
gitlab: 9.4.5 -> 9.5.2 2017-09-03 15:50:52 +02:00
Graham Christensen
83043c948e
release notes: gnupg programs are no longer suffixed 2017-09-03 09:02:41 -04:00
Robin Gloster
97a2cd0748
nginx: module fix example
Closes #28926
2017-09-03 14:05:32 +02:00
The Admin
cdb0038052 logkeys module: init 2017-09-03 12:52:57 +02:00
Robin Gloster
eedffc5277
gitlab module: fix permissions and path 2017-09-02 23:31:26 +02:00
Robin Gloster
aaff3fa5f3
gitlab module: fix postgres superUser
(cherry picked from commit edd8265c366186d62d870c23e2b2437ae4de4c0d)
2017-09-02 23:30:53 +02:00
Robin Gloster
45605db3e0
gitlab: fix postgres calls 2017-09-02 23:30:49 +02:00
Robin Gloster
0156db2da5
Merge remote-tracking branch 'upstream/master' into HEAD 2017-09-02 23:29:04 +02:00
Philipp Steinpass
d784b83005 nixos/hydra postgresql: Fix #27314 and add test case 2017-09-02 23:07:42 +02:00
Graham Christensen
8d8b5f57eb Merge pull request #28903 from grahamc/systemd-boot-nixos-version
Include date and NixOS version in systemd-boot entries
2017-09-02 15:43:20 -04:00
Joachim Fasting
bb036a327c
nixos/chromium-suid-sandbox: remove reference to grsecurity 2017-09-02 20:35:28 +02:00
Joachim Fasting
268eb4adb7
nixos: purge remaining grsecurity bits
:(

Fixes https://github.com/NixOS/nixpkgs/issues/28859
2017-09-02 20:35:24 +02:00
Joachim Fasting
9935806894
nixos/release-notes: grsecurity support removed for 17.09 2017-09-02 20:35:07 +02:00
Graham Christensen
62652be111
Include date and NixOS version in systemd-boot entries
Grub configs include the NixOS version and date they were built, now
systemd can have fun too:

    version Generation 99 NixOS 17.03.1700.51a83266d1, Linux Kernel 4.9.43, Built on 2017-08-30
    version Generation 100 NixOS 17.03.1700.51a83266d1, Linux Kernel 4.9.43, Built on 2017-08-30
    version Generation 101 NixOS 17.03.1700.51a83266d1, Linux Kernel 4.9.43, Built on 2017-08-31
    version Generation 102 NixOS 17.03.1700.51a83266d1, Linux Kernel 4.9.43, Built on 2017-09-01
    version Generation 103 NixOS 17.03.1700.51a83266d1, Linux Kernel 4.9.43, Built on 2017-09-02
    version Generation 104 NixOS 17.09beta41.1b8c7786ee, Linux Kernel 4.9.46, Built on 2017-09-02
    version Generation 105 NixOS 17.09.git.1b8c778, Linux Kernel 4.9.46, Built on 2017-09-02
2017-09-02 14:28:34 -04:00
aszlig
880a0409e8
nixos/deluge: Fix last wrong package attribute
I missed this in 799435b7ca.

This time I used "git grep -F pythonPackages.deluge" just to be sure :-)

Thanks a lot to @roconnor for spotting this.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Reported-by: @roconnor
2017-09-02 19:44:14 +02:00
Jan Tojnar
6ca6ea9e23
nixos/gnome3.gpaste: add service 2017-09-02 17:43:01 +02:00
Frederik Rietdijk
c2e23a4948 Merge pull request #28871 from romildo/mate
mate desktop: some improvements
2017-09-02 13:21:40 +02:00
Jörg Thalheim
7b20952c04 Merge pull request #28726 from vyp/interception-tools
interception-tools: init at 0.1.1
2017-09-02 08:24:57 +01:00
xd1le
e0b44a09b8 interception-tools: init at 0.1.1
The latest release of libyamlcpp in nixpkgs does not build because it
uses an older version of boost than the one in nixpkgs and therefore
expects a particular header file which does not exist in the latest
boost anymore. For this reason, a later (git) version of libyamlcpp is
used here (which actually doesn't even require boost).

The substituteInPlace in the prePatch phase is needed because libevdev
places its headers in non-standard places, meaning Nix cannot normally
find them. The `cut` command removes the first two "-I" characters from
the output of `pkg-config`. This needs to be in the prePatch phase
because otherwise Nix will patch these lines to `/var/empty`, meaning
you would have less specific replacement (in case other lines are also
patched to `/var/empty`).

I wrote the patch. (I believe it is NixOS specific.)
2017-09-02 16:17:53 +10:00
Ryan Mulligan
8585898909 nixos/mattermost: fix create role
postgresql create role no longer supports NOCREATEUSER option. See
https://www.postgresql.org/docs/9.6/static/release-9-6.html for
details.
2017-09-01 14:24:44 -07:00
romildo
c4dd81b81d mate: remove icon cache 2017-09-01 17:27:24 -03:00
aszlig
799435b7ca
nixos/deluge: Fix deluge package attribute
Regression introduced by fa5e343242.

The deluge package no longer resides in pythonPackages but now is a
top-level package.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @grantwwu, @fpletz
2017-09-01 18:07:12 +02:00
Jan Tojnar
137db3efb5
gnome3.at-spi2-core: fix service not found error
The service was not registered as a systemd service resulting in errors
in the system journal every time a GNOME application was launched.

See: #16327
2017-09-01 17:22:18 +02:00
Florian Jacob
786e9711f5 nixos/piwik: fix nginx submodule's ssl defaults
previous mkDefault did not work as expected,
as it did not overwrite the original submodule's defaults when the user
did not specify any custom options at all.
2017-09-01 08:13:34 +02:00
Jan Tojnar
3b9f0c6a46
gnome3 tests: fix by providing more memory
/cc #28053.
2017-09-01 07:51:05 +02:00
Jörg Thalheim
d0e4aef32a Merge pull request #28781 from romildo/mate
mate: add the MATE desktop environment
2017-08-31 18:57:20 +01:00
romildo
56345c0ee4 mate: add icon themes 2017-08-31 13:30:44 -03:00
Gabriel Ebner
1dcfcefd35 Merge pull request #28783 from ryantm/calibre-server
nixos/calibre-server: fix ExecStart call
2017-08-31 14:36:59 +02:00
Graham Christensen
8a11b0d7df Merge pull request #28775 from grahamc/describe-stateVersion
Document the stateVersion more
2017-08-31 06:47:09 -04:00
davidak
8f389f3316 nixos/bcachefs: init module 2017-08-31 05:39:31 -05:00
Florian Jacob
d22c1c0719 mysql service: Make initialDatabases.schema attribute optional 2017-08-31 11:32:25 +02:00
Eelco Dolstra
79954b9d1f
nix: 1.11.13 -> 1.11.14 2017-08-31 11:00:09 +02:00
Symphorien Gibol
90ef2183f7 grub module: assume /nix/store is a bind mount even if it is not read only
Fixes #14999
2017-08-31 10:56:34 +02:00
Ryan Mulligan
39a982dc3e nixos/calibre-server: fix ExecStart call
calibre-server changed the way you specify the library from using
--with-library to just allowing the directory to be specified. See
https://manual.calibre-ebook.com/generated/en/calibre-server.html for
details.
2017-08-30 21:14:45 -07:00
romildo
dcebb0668b mate: add the MATE desktop environment 2017-08-31 00:16:51 -03:00
Graham Christensen
8efb46b609
configuration.nix: Document the stateVersion more 2017-08-30 21:41:35 -04:00
Graham Christensen
9d2777a5a5
Mark synaptics as deprecated 2017-08-30 20:32:45 -04:00
Graham Christensen
1b68193167
profiles/graphical.nix: enable libinput over synaptics 2017-08-30 20:25:11 -04:00
Graham Christensen
af51aa79d2
installer: add a comment hinting about enabling libinput for touchpads 2017-08-30 20:24:36 -04:00
Franz Pletz
5d5be9706e
Impala makes packaging a life-long addiction
Take that recursive acronym, GNU!
2017-08-30 23:13:56 +02:00
Franz Pletz
6a7066eb53
release documentation: reorder beta steps 2017-08-30 22:51:32 +02:00
Franz Pletz
5393b0fc1d Merge pull request #28749 from florianjacob/piwik-improve-config
nixos/piwik: Adjust to recent NixOS changes, use nginx's virtualHost instead of replicating [WIP]
2017-08-30 22:28:19 +02:00
Robin Gloster
de31f879bd
release documentation: update to current procedure 2017-08-30 22:24:34 +02:00
Florian Jacob
ae9d311565 nixos/piwik: adjust to addSSL and forceSSL now being mutually exclusive 2017-08-30 22:13:26 +02:00
Florian Jacob
0544ac4a1b nixos/piwik: Make webServerUser default to nginx
if the nginx option is used.
Noted that either webServerUser or nginx option is mandatory.
Also introduce an assertion if both are not set,
and a warning if both are set.
Resolves #27704.
2017-08-30 22:05:02 +02:00
Florian Jacob
adb03f32a1 nixos/piwik: Remove part about mail problems
Sending mail works out of the box as of resolution of #26611.
2017-08-30 22:05:01 +02:00
Florian Jacob
746cc06f13 nixos/piwik: use nginx' virtualHost submodule
instead of redeclaring part of the options. Backward-compatible change.
This gives the same flexibility to the user as nginx itself.
This also resolves the piwik module break from nginx' enableSSL introduction from #27426.
2017-08-30 22:05:00 +02:00
Linus Heckemann
46e41da543 cron service: fix reliance on etc.timezone
This does not fully address the issue, as cron will not restart when
the timezone is changed imperatively as it presumably needs to.
2017-08-30 21:35:17 +02:00
Vladimír Čunát
6b95cf646c
Merge: fixups to staging merge
None are large rebuilds; most are on staging already.
2017-08-30 21:17:17 +02:00
Frederik Rietdijk
6d4bd78fad Merge commit '2858c41' into HEAD 2017-08-30 21:07:07 +02:00
Robin Gloster
7cd46a0594
nginx module: add proxyResolveWhileRunning option 2017-08-30 21:01:53 +02:00
Robin Gloster
4ffa9ddb30
nginx module: allow basic configuration of upstreams 2017-08-30 21:01:53 +02:00
Franz Pletz
759daba980
nginx module: first proxy_set_header takes precendence 2017-08-30 21:01:52 +02:00
Franz Pletz
65c2203ffc
nginx module: add option for proxying websocket requests 2017-08-30 21:01:52 +02:00
Franz Pletz
530282eebe
nginx module: fix applying recommended proxy headers
Previously, if proxy_set_header would be used in an extraConfig of
a location, the headers defined in the http block by
recommendedProxySettings would be cleared. As this is not the intended
behaviour, these settings are now included from a separate file if
needed.
2017-08-30 21:01:52 +02:00
Robin Gloster
0371f2b5cc
nginx module: clean up SSL/listen handling 2017-08-30 21:01:52 +02:00
Franz Pletz
05c9a95d0e Merge pull request #28378 from Ma27/fix-zshrc-eval-order
programs.zsh: move evlauation of `${zshAliases}` after `cfg.interactiveShellInit`
2017-08-30 19:58:49 +02:00
Franz Pletz
b5a95f6289 Merge pull request #28741 from bachp/gitlab-runner-improve
Gitlab runner improve
2017-08-30 18:52:17 +02:00
Franz Pletz
e3a8f58a21 Merge pull request #28746 from mguentner/ipfstest
tests: fix ipfs test, test actual networking functionality
2017-08-30 18:50:40 +02:00
Eric Litak
5050c56382 ipfs: adding mountDir options but disabling broken autoMount 2017-08-30 08:24:38 -07:00
Eric Litak
5554ea5583 ipfs: preStart configuration moved into daemon services 2017-08-30 08:17:34 -07:00
Eric Litak
ba976021af ipfs: refactor; wrapper adjustment 2017-08-30 08:17:34 -07:00
Eric Litak
952424217b ipfs: optionally manage ulimit -n in serviceConfig 2017-08-30 08:17:34 -07:00
Eric Litak
5f9bad6ceb ipfs: add extraConfig option 2017-08-30 08:17:34 -07:00
Eric Litak
a48a2c4f78 ipfs: add autoMount option 2017-08-30 08:17:34 -07:00
Maximilian Güntner
a1302eab3a
tests: fix ipfs test, test actual networking functionality 2017-08-30 15:28:50 +02:00
Silvan Mosberger
76dec4a4d2 znapzend service: add autoCreation option 2017-08-30 14:13:13 +02:00
Pascal Bach
233781410d gitlab-runner service: allow adding additional tools to PATH
This is similar to how it is implemented for the Jenkins service.

Bash and docker-machine are added by default as they are required in
many cases.
2017-08-30 13:58:47 +02:00
Pascal Bach
73c4a3f641 gitlab-runner service: honor proxy variables 2017-08-30 13:58:46 +02:00
Jörg Thalheim
5d4a54ca4d network-interfaces-scripted: don't add 'lo' as device dependency
systemd does not create device units for loopback devices,
since they are not physical.
2017-08-30 13:01:47 +02:00
Graham Christensen
128cdeffd0
compiz: drop 2017-08-30 06:59:20 -04:00
Daniel Peebles
ec75a30b66 Merge pull request #28722 from copumpkin/filterSource-cleanup
Deduplicate some filterSource invocations
2017-08-29 21:19:28 -04:00
Symphorien Gibol
bd54589233 networkmanager_iodine: init at 1.2.0 2017-08-30 02:58:29 +02:00
Dan Peebles
e2589b3ca2 Deduplicate some filterSource invocations
This version should have more conventional regexes that work across many
platforms and regex engines. This is an issue because up until Nix 1.11,
Nix called out to the libc regex matcher, which behaved differently on
Darwin and Linux. And in Nix 1.12, we're moving to std::regex which will
also behave differently here.

And yes, I do actually evaluate make-disk-image.nix on Darwin ;)
2017-08-29 20:27:04 -04:00
Franz Pletz
7d1d019650 Merge pull request #27826 from Infinisil/radicale
radicale: update to version 2
2017-08-30 02:17:34 +02:00
Franz Pletz
b91ed35325 Merge pull request #28660 from NeQuissimus/frandom_patch
frandom: Remove
2017-08-30 02:04:56 +02:00
Franz Pletz
3e18f32f68 Merge pull request #28465 from danbst/reloadable-containers
Reloadable containers
2017-08-30 02:01:46 +02:00
Tim Steinbach
ae742fa495
frandom: Remove 2017-08-29 20:01:25 -04:00
Richard Yang
64994b3638 tasks/filesystems: Make sure /dev/pts/ptmx is 0666 (#28490)
This is required for running commands likes screen and tmux, especially inside containers.

See also : https://www.kernel.org/doc/Documentation/filesystems/devpts.txt
2017-08-30 01:50:29 +02:00