Commit graph

191001 commits

Author SHA1 Message Date
Arian van Putten
604b7c139f Fix letsencrypt (#60219)
* nixos/acme: Fix ordering of cert requests

When subsequent certificates would be added, they would
not wake up nginx correctly due to target units only being triggered
once. We now added more fine-grained systemd dependencies to make sure
nginx always is aware of new certificates and doesn't restart too early
resulting in a crash.

Furthermore, the acme module has been refactored. Mostly to get
rid of the deprecated PermissionStartOnly systemd options which were
deprecated. Below is a summary of changes made.

* Use SERVICE_RESULT to determine status
This was added in systemd v232. we don't have to keep track
of the EXITCODE ourselves anymore.

* Add regression test for requesting mutliple domains

* Deprecate 'directory' option
We now use systemd's StateDirectory option to manage
create and permissions of the acme state directory.

* The webroot is created using a systemd.tmpfiles.rules rule
instead of the preStart script.

* Depend on certs directly

By getting rid of the target units, we make sure ordering
is correct in the case that you add new certs after already
having deployed some.

Reason it broke before:  acme-certificates.target would
be in active state, and if you then add a new cert, it
would still be active and hence nginx would restart
without even requesting a new cert. Not good!  We
make the dependencies more fine-grained now. this should fix that

* Remove activationDelay option

It complicated the code a lot, and is rather arbitrary. What if
your activation script takes more than activationDelay seconds?

Instead, one should use systemd dependencies to make sure some
action happens before setting the certificate live.

e.g. If you want to wait until your cert is published in DNS DANE /
TLSA, you could create a unit that blocks until it appears in DNS:

```
RequiredBy=acme-${cert}.service
After=acme-${cert}.service
ExecStart=publish-wait-for-dns-script
```
2019-08-29 16:32:59 +02:00
José Romildo Malaquias
097ae482d4
Merge pull request #67628 from romildo/upd.enlightenment
enlightenment.enlightenment: 0.22.4 -> 0.23.0
2019-08-29 10:28:41 -03:00
José Romildo Malaquias
35f4e95fb0
Merge pull request #67621 from romildo/upd.rage
enlightenment.rage: 0.3.0 -> 0.3.1
2019-08-29 10:27:22 -03:00
Robin Gloster
cbd4d59daf
Merge pull request #67177 from Izorkin/virt-viewer
virt-viewer: remove unused packages
2019-08-29 15:20:17 +02:00
Izorkin
4471efd9e0
virt-viewer: remove unused packages 2019-08-29 15:16:34 +02:00
Izorkin
066bd13613
libvirt-glib: remove unused packages 2019-08-29 15:16:34 +02:00
Mario Rodas
0fc011ed25
Merge pull request #67640 from xrelkd/update/eksctl
eksctl: 0.4.2 -> 0.4.3
2019-08-29 07:57:25 -05:00
Robin Gloster
9a83c29311
Merge pull request #67681 from mayflower/confluence-update
atlassian-confluence: 6.15.6 -> 6.15.8
2019-08-29 14:14:59 +02:00
Mario Rodas
9533d32b35
Merge pull request #67675 from marsam/update-1password
1password: 0.5.7 -> 0.6.1
2019-08-29 06:45:41 -05:00
Kevin Cox
e356ccda2c
Merge pull request #67679 from xrelkd/update/cargo-web
cargo-web: 0.6.25 -> 0.6.26
2019-08-29 12:40:06 +01:00
xrelkd
b5977ddd8e cargo-web: 0.6.25 -> 0.6.26 2019-08-29 18:03:52 +08:00
Florian Klink
132a8382b0
Merge pull request #66922 from davidak/netdata_enableCgroupAccounting
netdata: enable cgroup accounting
2019-08-29 11:56:57 +02:00
Simon Lackerbauer
48c153d57f
atlassian-confluence: 6.15.6 -> 6.15.8 2019-08-29 11:15:20 +02:00
Peter Hoeg
5e3334bc55
Merge pull request #67612 from peterhoeg/u/hidapi
hidapi: 0.8.0-RC1 -> 0.9.0
2019-08-29 16:37:21 +08:00
Mario Rodas
2af98a46c1
1password: 0.5.7 -> 0.6.1 2019-08-29 03:00:00 -05:00
Jaka Hudoklin
8d1510abfb
Merge pull request #67606 from endocrimes/r-vault-1.2.2
vault: 1.0.2 -> 1.2.2
2019-08-29 07:07:09 +00:00
Vincent Laporte
3f63225309 ocamlPackages.batteries: 2.9.0 -> 2.10.0
Ensures compatibility with OCaml 4.08.
2019-08-29 05:42:43 +00:00
worldofpeace
2cb1eda297
Merge pull request #67660 from lightbulbjim/qtpass-wayland
qtpass: 1.2.3 -> 1.3.0
2019-08-29 00:56:08 -04:00
Chris Rendle-Short
8de860b60d qtpass: 1.2.3 -> 1.3.0 2019-08-29 14:52:47 +10:00
Chris Rendle-Short
392763aea6 qtpass: fix missing app icon and name when running under Wayland
Patch has been upstreamed and should be safe to remove in versions >
1.3.0
2019-08-29 12:38:36 +10:00
worldofpeace
bde1c6b5e8
Merge pull request #67604 from peterhoeg/f/gcompris
gcompris: use Qt mkDerivation
2019-08-28 22:26:43 -04:00
Peter Hoeg
8d3c2c8538 gcompris: use Qt mkDerivation 2019-08-29 10:22:22 +08:00
Daniel Fullmer
33b67761be zerotierone: 1.4.2 -> 1.4.4 (#67648) 2019-08-28 20:28:46 +00:00
Pascal Bach
02ed974bba nixos/gitlab-runner: add missing HOME to environment (#67450)
Gitlab runner fails to start if HOME is not set.
2019-08-28 20:27:28 +00:00
WilliButz
b602b5c067
Merge pull request #67634 from mmahut/prometheus-cups-exporter
prometheus-cups-exporter: init at unstable-2019-03-17
2019-08-28 21:07:16 +02:00
Andreas Rammhold
f43086caa9
Merge pull request #67637 from andir/dovecot
dovecot-pigeonhole: 0.5.7.1 -> 0.5.7.2 (CVE-2019-11500)
2019-08-28 20:58:10 +02:00
Imuli
7863697575 fly: 5.3.0 -> 5.4.1 (#67633) 2019-08-28 12:30:18 -06:00
Graham Christensen
ff6b4b12b7
Merge pull request #67642 from kisik21/lr-maintainership
lr: add myself (@kisik21) as maintainer
2019-08-28 14:14:20 -04:00
Marek Mahut
0c4cb4c102 prometheus-cups-exporter: init at unstable-2019-03-17 2019-08-28 19:56:12 +02:00
worldofpeace
b49a76566d
Merge pull request #67626 from worldofpeace/xfce4-14-doc
rl-1909: add note about Xfce 4.14
2019-08-28 13:54:16 -04:00
Vika
cd7142b288
lr: add myself (@kisik21) as maintainer
As an answer to #67638, I'm adopting this package, adding myself as a
maintainer.
2019-08-28 20:49:36 +03:00
worldofpeace
58fd72f3e9
Merge pull request #67490 from kisik21/master
libargon2: fixed cross-compilation
2019-08-28 13:02:05 -04:00
Danielle Lancashire
4b99f9ba0b
vault: add raft backend to vault service 2019-08-28 18:42:18 +02:00
Silvan Mosberger
6233291d95
Merge pull request #64738 from rnhmjoj/magnetico
magnetico: init package and service
2019-08-28 18:39:21 +02:00
Silvan Mosberger
fb7611a496
Merge pull request #65661 from davidak/containers
nixos-containers: add TimeoutStartSec option
2019-08-28 18:37:30 +02:00
Vika
06073ae7df libargon2: fixed cross-compilation
Makefile had a hardcoded unprefixed ar. I wrote a patch (sending it
upstream) and added an optional make flag to override it in case we're
cross-compiling.

Unfortunately, this causes a rebuild of native packages.

This commit also fixes the pkg-config file to be generated correctly,
patch was provided by @worldofpeace.
2019-08-28 19:35:19 +03:00
xrelkd
fb68a01449 eksctl: 0.4.2 -> 0.4.3 2019-08-29 00:33:33 +08:00
Peter Simons
47391ab53b
Merge pull request #67635 from NixOS/haskell-updates
LTS Haskell 14.3, cabal-install 3.0.0.0, ghc-8.8.1 fixes
2019-08-28 18:04:18 +02:00
Andreas Rammhold
46ff96c05b
dovecot-pigeonhole: 0.5.7.1 -> 0.5.7.2 (CVE-2019-11500)
This is a followup on #67623
2019-08-28 17:57:57 +02:00
Peter Simons
38a581902e hackage-packages.nix: automatic Haskell package set update
This update was generated by hackage2nix v2.14.4-7-ga804c35 from Hackage revision
222d2ffb87.
2019-08-28 15:52:04 +00:00
Peter Simons
995d0782f5 configuration-ghc-8.8.x.nix: cosmetic 2019-08-28 15:50:33 +00:00
Peter Simons
2e08ac73ca cabal-install: override native Cabal version on older compilers 2019-08-28 15:50:33 +00:00
Peter Simons
374a39e598 cabal-install: jailbreak build for ghc 8.8.x 2019-08-28 15:50:33 +00:00
Peter Simons
a9dd9c7c2f haskell-resolv: add overrides for older compilers 2019-08-28 15:50:33 +00:00
Peter Simons
5137dc389a haskell-HTTP: drop obsolete patches for ghc 8.8.x 2019-08-28 15:50:33 +00:00
Peter Simons
7304dc1479 haskell-regex-base: jailbreak build for ghc 8.8.x 2019-08-28 15:50:33 +00:00
Peter Simons
e2dfa9f721 haskell-QuickCheck: drop obsolete patches for ghc 8.8.x 2019-08-28 15:50:33 +00:00
Peter Simons
9d4300b4b2 haskell-resolv: drop obsolete patches for ghc 8.8.x 2019-08-28 15:50:33 +00:00
Peter Simons
83bc9776ca cabal-install: version 3.x is out officially 2019-08-28 15:50:33 +00:00
Peter Simons
0fc727c3e1 hackage-packages.nix: automatic Haskell package set update
This update was generated by hackage2nix v2.14.4-7-ga804c35 from Hackage revision
f3caaa39bd.
2019-08-28 15:50:33 +00:00