Commit graph

5548 commits

Author SHA1 Message Date
aszlig
55d881eea3
Revert adding .git-revision unconditionally
This reverts commit 1e534e234b.

We already should have a .git directory if it is managed via Git,
otherwise there is no way to get the Git revision if neither
.git-revision or .git is present.

But having .git-revision _and_ .git present seems very much redundant to
me.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @bennofs, @Profpatsch
Issue: #17218
2016-08-09 14:15:06 +02:00
Robin Gloster
b0b0a45bb1 nginx module: fix cfg.config backwards compatibility
fixes #17604
2016-08-09 12:02:21 +00:00
Thomas Tuegel
68922e3f74 nixos/stage-1: use readlink -e in builder
The builder has this convoluted `while` loop which just replicates
`readlink -e`. I'm sure there was a reason at one point, because the
loop has been there since time immemorial. It kept getting copied
around, I suspect because nobody bothered to understand what it actually
did.

Incidentally, this fixes #17513, but I have no idea why.
2016-08-08 09:45:45 -05:00
Thomas Tuegel
ee36bb8588 nixos/stage-1: fix antiquotation 2016-08-08 09:28:17 -05:00
Profpatsch
85ed3ca9c7 libinput.accelProfile: improve docs & new default
The link to some (of course non-existing, i.e. freedesktop) “libinput”
documentation is replaced by a piece of the API documentation.

The default is changed since the documentation suggests `adaptive`
should be it.
https://wayland.freedesktop.org/libinput/doc/latest/group__config.html#gad63796972347f318b180e322e35cee79

Also fix a missing string conversion for `scrollButton`.
2016-08-08 14:01:07 +02:00
Wout Mertens
db8401f603 Merge pull request #17100 from abbradar/resume-delay
nixos stage-1: wait for resume devices to appear
2016-08-08 11:34:38 +02:00
Nikolay Amiantov
1e8894f085 unity3d: use chromium-suid-sandbox 2016-08-08 10:49:00 +03:00
Nikolay Amiantov
b2413e48ae chromium-suid-sandbox module: fix description 2016-08-08 10:17:31 +03:00
Al Zohali
2aba1c4962 phpfpm service: restructured pool configuration
From @fpletz: Keep poolConfigs option for backwards-compatibility.

The original commit 6b3f5b5a42 was previously
reverted by c7860cae1a but the issues were
resolved.
2016-08-08 05:53:53 +02:00
Nikolay Amiantov
986a40421a nixos stage-1: wait for devices during resumption attempt
Also a microimprovement -- use `test -n` instead of `test -e`
since we have already checked that the file exists.
2016-08-08 01:35:43 +03:00
Nikolay Amiantov
3ae468e835 nixos stage-1: move resumption below helper functions' definitions 2016-08-08 01:34:23 +03:00
Nikolay Amiantov
59aa3bb5c8 nixos stage-1: factor device waiting into a function 2016-08-08 01:32:18 +03:00
David Reaver
ed4a061c34 NixOS manual: Add docs for Virtualbox guest (#17454)
Fixes #13311
2016-08-07 04:10:29 +02:00
Rok Garbas
a741978f20 Merge pull request #17479 from elitak/factorio
Factorio: 0.13.8 -> 0.13.13, mod support
2016-08-07 04:09:52 +02:00
Paul Hendry
486b8e7f5c Add Terraria server service (#16832) 2016-08-07 03:58:38 +02:00
jokogr
adeab67bd8 syncthing service: add syncthing-inotify (#17320) 2016-08-06 17:20:18 +02:00
obadz
66d5edf654 chromium: add nixos module security.chromiumSuidSandbox
Closes #17460

Changed the wrapper derivation to produce a second output containing the sandbox.
Add a launch wrapper to try and locate the sandbox (either in /var/setuid-wrappers or in /nix/store).
This launch wrapper also sheds libredirect.so from LD_PRELOAD as Chromium does not tolerate it.

Does not trigger a Chromium rebuild.

cc @cleverca22 @joachifm @jasom
2016-08-06 10:27:47 +01:00
Gabriel Ebner
22088b4b25 nixos/x11: make nvidia driver work again
The nvidia driver module directly sets the services.xserver.drivers
option, while still having nvidia/nvidiaBeta/... etc. in the
videoDrivers option.
2016-08-06 07:26:25 +02:00
Robin Gloster
f4e1041e31 Merge pull request #17503 from peterhoeg/ssh
ssh module: ignore exit code when socket activated
2016-08-05 19:58:06 +02:00
Joachim F
f044035a9e Merge pull request #17470 from layus/synaptics-conflict
Warn for conflict between synaptics and libinput
2016-08-05 19:26:07 +02:00
Gabriel Ebner
5e6ac5fcf3 nixos/x11: output sections for modesetting driver
See #17487.
2016-08-05 18:31:04 +02:00
Joachim F
632f9060f1 Merge pull request #17363 from MatrixAI/zsh-helpdir
zsh: Added HELPDIR variable for interactive shells
2016-08-05 16:45:28 +02:00
Franz Pletz
792f96fbc7 Merge pull request #17489 from mayflower/pkg/gitlab-8-10
gitlab: 8.5.12 -> 8.10.3, update module
2016-08-04 23:35:22 +02:00
Tuomas Tynkkynen
2ea72fa9c8 nixos/luksroot: Reference correct output of openssl 2016-08-04 23:12:39 +03:00
obadz
037d9c6cab nixos-install: add options --closure, --no-channel-copy, --no-root-passwd, and --no-bootloader
Closes #17236

nix-build -A tests.installer.simple '<nixos/release.nix>' succeeds ✓
2016-08-04 16:22:25 +01:00
Benno Fünfstück
3f3d18c017 Merge pull request #17218 from bennofs/fix-nixos-version
fix nixos-version --hash when building from git
2016-08-04 15:56:08 +02:00
Christian Kauhaus
ea7e705cd9 varnish: fix localstatedir for varnish* tools (#17508)
The varnish tools (varnishstat, varnishlog, ...) tried to load the VSM
file from a spurious var directory in the Nix store. Fix the default so
the tools "just work" when also keeping services.varnish.stateDir at the
default.

Notes:
- The tools use $localstatedir/$HOSTNAME so I've adapted the default for
  stateDir as well to contain hostName.
- Added postStop action to remove the localstatedir. There is no point
  in keeping it around when varnish does not run, as it regenerates it
  on startup anyway.

Fixes #7495
2016-08-04 15:25:23 +02:00
Peter Hoeg
c4cba0e51f ssh module: ignore exit code when socket activated
sshd will at times fail when exiting. When socket activated, this will
leave a number of sshd@ service instances in the failed state, so we
simply ignore the error code if we are running socket activated.

Recommended by upstream:
http://systemd-devel.freedesktop.narkive.com/d0eapMCG/socket-activated-sshd-service-showing-up-as-a-failure-when-the-client-connection-fails

Fixes: #3279
2016-08-04 16:47:44 +08:00
Damien Cassou
c5d9dc9cfa Merge pull request #17418 from DamienCassou/offlineimap-module-reporting
offlineimap's module: change UI to syslog
2016-08-04 08:33:20 +02:00
Franz Pletz
8a8971788c gitlab module: update documentation 2016-08-04 02:29:50 +02:00
Franz Pletz
d8fd06641a gitlab module: split up gitlab-runner script
The name gitlab-runner clashes with a component of Gitlab CI with the
same name and only confuses people. It's now called gitlab-bundle and
a convenience-script gitlab-rake for easier invocation of rake tasks
was added. This was the primary use case of gitlab-runner.
2016-08-04 02:29:45 +02:00
Franz Pletz
c39b6025d8 gitlab: 8.5.12 -> 8.10.3, update module
Fixes #14795.
2016-08-04 02:29:44 +02:00
Eric Litak
d33540734f factorio: rudimentary mod support for factorio's nixos module 2016-08-03 16:44:51 -07:00
Robin Gloster
1b979d8384 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-08-03 13:34:44 +00:00
Joachim F
772a7bb49b Merge pull request #17425 from joachifm/grsec-efi
grsecurity module: disable EFI runtime services by default
2016-08-03 10:48:25 +02:00
Guillaume Maudoux
0f0be5e498 Warn for conflict between synaptics and libinput 2016-08-03 08:15:18 +02:00
Eric Sagnes
338c425e08 hydra-module: add default to buildMachinesFiles 2016-08-03 13:14:12 +09:00
Eric Sagnes
128389b60c hydra-module: honor user and group ids 2016-08-03 13:13:57 +09:00
Casey Ransom
9ecc587e3b cassandra service: init
The module will configure a Cassandra server with common options being
tweakable. Included is also a test which will spin up 3 nodes and
verify that the cluster can be formed, broken, and repaired.
2016-08-02 20:58:35 -04:00
Robin Gloster
1be4907ca2 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-08-02 13:46:36 +00:00
Rodney Lorrimar
6711e62d51 nixos manual: add Emacs section (fixes #13217)
In light of Emacs packaging improvements such as those mentioned
in #11503, and with the addition of a systemd service (#15807
and #16356), and considering that the wiki page is completely
out of date (#13217), it seems that some documentation is in order.
2016-08-02 11:17:52 +01:00
Joachim Fasting
43fc394a5c
grsecurity module: disable EFI runtime services by default
Enabling EFI runtime services provides a venue for injecting code into
the kernel.

When grsecurity is enabled, we close this by default by disabling access
to EFI runtime services.  The upshot of this is that
/sys/firmware/efi/efivars will be unavailable by default (and attempts
to mount it will fail).

This is not strictly a grsecurity related option, it could be made into
a general option, but it seems to be of particular interest to
grsecurity users (for non-grsecurity users, there are other, more
immediate kernel injection attack dangers to contend with anyway).
2016-08-02 10:24:49 +02:00
Joachim Fasting
79ac02ed64
dnscrypt-proxy service: update resolver list 2016-08-02 09:36:22 +02:00
Franz Pletz
c90a43f4c5 nginx module: fix evaluation of root location option 2016-08-01 19:38:10 +02:00
Joachim Fasting
d1572d06fe
grsecurity module: correct internal note 2016-08-01 16:27:14 +02:00
Rok Garbas
34237beca6 Merge pull request #15862 from mayflower/nginx-module
Declarative nginx module with ACME support
2016-08-01 13:10:06 +02:00
Joachim Fasting
c91d07b668
dnscrypt-proxy module: types.string should be types.str 2016-08-01 12:55:42 +02:00
Eric Sagnes
c7bd26e537 version module: refactor with fileContents 2016-08-01 18:40:36 +09:00
Eric Sagnes
1114ab41e6 release.nix: refactor with fileContents 2016-08-01 18:35:26 +09:00
Eelco Dolstra
0804f67024 Fix epub generation
* Hydra doesn't like spaces in filenames.

* The zip file contained nix/store/.../OEBPS rather than OEBPS at
  top-level, causing some programs (like okular) to barf.

* Remove the redundant $dst/epub directory.
2016-08-01 11:10:22 +02:00
Eelco Dolstra
d5756cdf0a Remove the PDF manual
PDF is very 20th century and nobody reads technical documentation this
way anymore.
2016-08-01 11:10:21 +02:00
Eelco Dolstra
83eb49220b Manual: Only include the release number (e.g. 16.03)
This prevents gratuitous rebuilds of the manual every time the Git
revision changes.

Should help a bit with #17261.
2016-08-01 11:10:21 +02:00
Eelco Dolstra
2a05368ff3 Remove $NIXOS_LABEL and $NIXOS_VERSION
Relying on environment variables to override configuration options is
ugly, and there is no reason for them.
2016-08-01 11:10:02 +02:00
Damien Cassou
19af5b444e offlineimap's module: change UI to syslog
The 'syslog' UI "allows better integration with systemd":
http://www.offlineimap.org/doc/Changelog.html#offlineimap-v660-rc2-2015-10-15
2016-08-01 09:37:53 +02:00
Gabriel Ebner
dbd856d724 Merge pull request #17387 from cko/redis
redis: 3.0.7 -> 3.2.2
2016-08-01 08:13:08 +02:00
Robin Gloster
63c7b4f9a7 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-07-31 20:51:34 +00:00
Franz Pletz
d7f7ef4c21 Merge pull request #15496 from kampfschlaefer/containers_more_veth_interfaces
Declarative containers: more veth interfaces
2016-07-31 19:13:59 +02:00
Langston Barrett
a28273df32 mopidy service: add default value for configuration (#17385)
Mopidy will start if the configuration is empty.

Fixes #17381.
2016-07-31 18:35:09 +02:00
Christine Koppelt
07ca9bd4bc Redis: add entry to release notes 2016-07-31 15:28:56 +02:00
Franz Pletz
76b21b7adb nixos/firewall: Refactor rpfilter, allow DHCPv4 (#17325)
Adds a new chain in the raw table for reverse path filtering and optional
logging. A rule to allow serving DHCPv4 was also added as it is commonly
needed and poses no security risk even when no DHCPv4 server is running.

Fixes #10101.
2016-07-31 13:49:24 +02:00
Profpatsch
8a6047a525 nixos/pulseaudio: increase service restart time
Pulseaudio doesn’t like being restarted too quickly.
2016-07-30 23:42:54 +02:00
Profpatsch
5074a79937 nixos/pulseaudio: tcp streaming & zeroconf
Adds options for tcp streaming and avahi zeroconf support (so that the
server can be easily found by clients).
There is also an option to allow anonymous clients to stream to the
server (by default pulseaudio uses a cookie mechanism, see manpage).
2016-07-30 23:42:54 +02:00
Thomas Tuegel
d5bec1a145 kde5: rename extra-cmake-modules variants
Instead of one package `extra-cmake-modules`, there is now `ecm` and
`ecmNoHooks`. The latter is used when one does not want to incur a Qt 5
dependency; it is also available as a top-level package
`extra-cmake-modules`.
2016-07-30 14:06:43 -05:00
Gabriel Ebner
07fc65289a nixos/x11: remove unneccessary special cases 2016-07-30 17:03:16 +02:00
Gabriel Ebner
5c9309c231 xorg.xorgserver: enable glamor support 2016-07-30 13:37:51 +02:00
Thomas Tuegel
3dea00d90e nixos/kde: phonon moved to qt5 2016-07-29 10:29:15 -05:00
Rob Vermaas
9494b764d2 dd-agent: support jmx, needs a separate daemon nowadays.
(cherry picked from commit 1425a1f964adc2e2eb668810f3f158089035cd3d)
2016-07-29 12:42:07 +00:00
Roger Qiu
c0ff64c2e8 zsh: Added HELPDIR variable for interactive shells, as the help directory is distribution specific, and will be useful for using run-help 2016-07-29 20:36:06 +10:00
Arnold Krille
07de11f165 containers: add myself to the maintainers of the tests
Seems like the right thing to do.
2016-07-28 23:06:41 +02:00
Arnold Krille
9045a8e24c declarative containers: additional veths
With these changes, a container can have more then one veth-pair. This allows for example to have LAN and DMZ as bridges on the host and add dedicated containers for proxies, ipv4-firewall and ipv6-firewall. Or to have a bridge for normal WAN, one bridge for administration and one bridge for customer-internal communication. So that web-server containers can be reached from outside per http, from the management via ssh and can talk to their database via the customer network.

The scripts to set up the containers are now rendered several times instead of just one template. The scripts now contain per-container code to configure the extra veth interfaces. The default template without support for extra-veths is still rendered for the imperative containers.

Also a test is there to see if extra veths can be placed into host-bridges or can be reached via routing.
2016-07-28 23:06:41 +02:00
Eelco Dolstra
fd5bbdb436 nixos-containers: Set DevicePolicy=closed
This makes the container a bit more secure, by preventing root
creating device nodes to access the host file system, for
instance. (Reference: systemd-nspawn@.service in systemd.)
2016-07-28 17:58:55 +02:00
Eelco Dolstra
bf3edfbb3c nixos-containers: Use systemd 231's --notify-ready flag 2016-07-28 17:58:52 +02:00
Robin Gloster
a193fecf0e nginx module: improve statusPage generated code
Adds ::1 as allowed host and turns of access_log for the status page.
2016-07-28 11:59:13 +00:00
Robin Gloster
3ccfca7d6b nginx module: httpConfig backward compatibility
Revert httpConfig its old behaviour and make it mutually exclusive to
the new structured configuration. Adds appendHttpConfig to have the
ability to write custom config in the generated http block.
2016-07-28 11:59:13 +00:00
Robin Gloster
511410789b nginx module: make client_max_body_size configurable 2016-07-28 11:59:13 +00:00
Tristan Helmich
8c61b3af03 nginx: fixed duplicate http declaration 2016-07-28 11:59:13 +00:00
Robin Gloster
91680de317 nginx module: add statusPage option 2016-07-28 11:59:13 +00:00
Robin Gloster
a294ad01b3 nginx module: make recommended settings optional 2016-07-28 11:59:13 +00:00
Robin Gloster
186a8400ed nginx module: make httpConfig backward compatible 2016-07-28 11:59:13 +00:00
Robin Gloster
5dd7cf964a nginx module: improve documentation 2016-07-28 11:59:13 +00:00
Franz Pletz
de8008a1b1 nginx module: Enable http2 2016-07-28 11:59:13 +00:00
Franz Pletz
e982aeae6a nginx module: Add default proxy headers for tomcat 2016-07-28 11:59:13 +00:00
Robin Gloster
3830a890ab nginx module: add option to make vhost default 2016-07-28 11:59:13 +00:00
Robin Gloster
138945500e nginx module: implement basic auth 2016-07-28 11:59:13 +00:00
Robin Gloster
ff12ee35b7 nginx module: redirect to same protocol 2016-07-28 11:59:13 +00:00
Robin Gloster
e18f8e8b66 nginx module: turn off basic auth on acme locations 2016-07-28 11:59:13 +00:00
Franz Pletz
4e5c7913e9 nginx module: Add acmeFallbackHost vhost option 2016-07-28 11:59:13 +00:00
Franz Pletz
811f243ce6 nginx module: Add extraConfig for locations 2016-07-28 11:59:13 +00:00
Franz Pletz
d5a097fdb6 nginx module: Don't create acme certs if acme is not enabled 2016-07-28 11:59:13 +00:00
Tristan Helmich
c61157b7e6 nginx module: Add dhParams option 2016-07-28 11:59:13 +00:00
Tristan Helmich
35d76a72ab nginx module: Add sslCiphers option 2016-07-28 11:59:13 +00:00
Tristan Helmich
8bd1f401bb nginx module: Add sslProtocols option 2016-07-28 11:59:13 +00:00
Tristan Helmich
900b311a38 nginx module: Fix ACME extraDomains, fix challenge url to not redirect to allow renewals 2016-07-28 11:59:13 +00:00
Tristan Helmich
4676983990 nginx module: Add ACME support for ssl sites 2016-07-28 11:59:13 +00:00
Robin Gloster
f298be9ef4 nginx module: declarative config 2016-07-28 11:58:37 +00:00
Robin Gloster
356c2fe00d Revert "nginx: Verify that configuration is syntactically correct" (#17337) 2016-07-28 13:55:06 +02:00
Peter Hoeg
62f2f72e98 tmux module: do not override keys by default in VI mode (#17330)
We want to stick to upstream defaults as much as possible.

As pointed out by @8573 in #16999, this was not the case.
2016-07-28 13:10:42 +02:00
Peter Hoeg
65ef5d8f5b rspam module: use mkEnableOption
See #17329.
2016-07-28 07:06:35 +02:00
Franz Pletz
8a1e7cd556 rspamd service: fix runtime directory, log to syslog
Fixes #17144.
2016-07-28 06:22:29 +02:00
Franz Pletz
d23521b16c rmilter service: use runtime dirctory for socket 2016-07-28 06:22:23 +02:00
Christine Koppelt
39da575262 add epub for NixOS manual (second try) (#17205) 2016-07-28 04:27:39 +02:00
Robin Lambertz
b65e9d87e2 matrix-synapse: Only run StartPre script when data folder doesn't exist (#17216) 2016-07-28 04:13:21 +02:00
Franz Pletz
996c9837fa Merge pull request #17322 from RamKromberg/init/motif
motif: init at 2.3.6 & nedit: 5.6 -> 5.6a
2016-07-28 03:53:38 +02:00
Ram Kromberg
3800bb5017 motif: init at 2.3.6 2016-07-28 01:33:45 +03:00
Bjørn Forsman
c7860cae1a Revert "phpfpm service: restructured pool configuration"
This reverts commit 6b3f5b5a42 because it
introduced a non-backwards compatible change in the phpfpm interface,
without really needing to. The new interface, if needed, can be re-added
alongside the old interface.

Commit 98e419c0e2 ("tt-rss service: init at 16.3")
depends on the new interface, so this commit updates the tt-rss service
to work with the old services.phpfpm.poolConfigs interface.
2016-07-27 23:53:58 +02:00
Robin Lambertz
103805dec5 nginx: Verify that configuration is syntactically correct (#17208) 2016-07-27 22:24:08 +02:00
Shawn Warren
7234275cd5 bump gocd-server version to 16.6.0-3590 (#17304)
Update gocd-server package version to 16.6.0-3590 including new sha.  Modify heapSize
and maxMemory mkOption to accurately reflect their intended purpose of configuring
initial java heap sizes.
2016-07-27 18:44:28 +02:00
Rok Garbas
14e8071921 Merge pull request #17305 from hiberno/update-elk-stack
Update elk stack
2016-07-27 18:42:08 +02:00
Christian Lask
6d68a1fbf3 logstash: 1.5.3 -> 2.3.4
Note: the option to configure the watchdog timeout seems to be gone
in the 2.3 series of Logstash. It complains about an unknown option
and it is not in the source anymore. I am thus removing this
configuration option to adjust the service to these changes, too.
2016-07-27 17:45:38 +02:00
Tristan Helmich
c9b9692347 tinc: add Restart in systemd service config 2016-07-27 10:38:57 +02:00
Joachim F
ad127bb55d Merge pull request #17271 from jokogr/fix/syncthing-system-service
syncthing: fix system service
2016-07-27 03:23:08 +02:00
Bjørn Forsman
0a2174f195 nixos/lighttpd: move cgit setup to cgit.nix
To where it really belongs. Separation of concern.
2016-07-26 15:37:24 +02:00
Ioannis Koutras
24968fc1c1 syncthing: fix system service 2016-07-26 13:10:15 +03:00
Wout Mertens
62d11a6961 Merge pull request #17206 from nathan-gs/patch-2
Fix #9759 SSMTP sendmail wrapper
2016-07-26 10:52:19 +02:00
Wout Mertens
3bb18c68d2 Merge pull request #17042 from rasendubi/etc
etc: remove obsolete directories
2016-07-26 09:04:10 +02:00
Luca Bruno
5c738ec37e gnome3: drop 3.18 2016-07-25 22:49:12 +02:00
Alexey Shmalko
fe9cabedf0
etc: remove obsolete directories
This patch adds handling of a directory becoming a symlink in
/etc. Before this patch, the directory wasn't removed and then
symlinking failed, which caused directory not being updated at all.

The idea for the patch goes to @abbradar at
https://github.com/NixOS/nixpkgs/issues/16978#issuecomment-232921903:
> A heuristic idea for this -- a function `isStatic :: Path -> Bool`:
>
> * if path `/etc/foo` is a file, return True iff it's a symlink to `/etc/static/foo`.
> * if path is a directory, return True iff for all items in it `isStatic` is True.
>
> On any conflicts, if old path is static, it's safe to replace and/or
> delete stale. Otherwise make a backup and notify the user via a
> journal entry and console output.

The only difference here -- it will not replace user configs.

This also fixes https://github.com/NixOS/nixpkgs/issues/16978.
2016-07-25 15:50:53 +03:00
Robin Gloster
f222d98746 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-07-25 12:47:13 +00:00
Joachim F
0050338610 Merge pull request #17087 from j1r1k/pulseaudio-extraClientConf
pulseaudio module: add extraClientConf option
2016-07-24 15:52:01 +02:00
Nikolay Amiantov
ddb75882b6 kbd task: fix colors in early initrd 2016-07-24 15:08:49 +03:00
Joachim Fasting
88138d43fa
grsecurity test: add note explaining what the tcc -run test accomplishes 2016-07-24 12:54:07 +02:00
Joachim Fasting
8c8d6b4053
grsecurity test: verify that the grsec device node is created 2016-07-24 12:54:07 +02:00
Joachim Fasting
96542a1b00
grsecurity module: assert RBAC support in kernel 2016-07-24 12:54:07 +02:00
Joachim Fasting
5ece58ed66
grsecurity module: add gradm to system path 2016-07-24 12:54:07 +02:00
Joachim F
027cb61088 Merge pull request #16891 from joachifm/grsec-doc
manual: add chapter on Grsecurity/PaX
2016-07-24 12:48:27 +02:00
Daiderd Jordan
eab1ec23f0 Merge pull request #17194 from Profpatsch/document-container-root
nixos/manual: document you need root for container
2016-07-24 12:01:47 +02:00
Benno Fünfstück
1e534e234b fix nixos-version --hash when building from git 2016-07-23 22:59:03 +02:00
Emery Hemingway
90ee01cd3d nixos: disable DHCP on ZeroTier interfaces 2016-07-23 21:04:42 +02:00
Nathan Bijnens
bb528e714d Fix #9759 SSMTP sendmail wrapper - cfg instead of full path 2016-07-23 20:58:58 +02:00
Joachim Fasting
edbaba6d3c
nixos release notes: document changes to grsecurity/PaX 2016-07-23 19:09:47 +02:00
Joachim Fasting
190890cdac
nixos manual: add chapter on grsecurity/PaX
Explain the "what", "why", and "how" of grsecurity/PaX
on NixOS.
2016-07-23 19:09:43 +02:00
Nathan Bijnens
cf3867a5ef Fix #9759 SSMTP sendmail wrapper 2016-07-23 18:00:10 +02:00
Profpatsch
2f074321c7 nixos/manual: document you need root for container 2016-07-23 06:21:56 +02:00
ben smith
c38e6a2a60 mysql: fix replication tests (#17174)
Eliminate race condition in replication test
Remove replication configuration from standalone test
Improve mysql command syntax consistency
2016-07-23 00:37:05 +02:00
Shawn Warren
9886c80daa Add gocd agent and server service packages (#16273)
GoCD is an open source continuous delivery server specializing in advanced workflow
modeling and visualization.  Update maintainers list to include swarren83.  Update
module list to include gocd agent and server module.  Update packages list to include
gocd agent and server package.  Update version, revision and checksum for GoCD
release 16.5.0.
2016-07-23 00:29:18 +02:00
Moritz Ulrich
f8ea8c7197 tt-rss: Fix evaluation by disabling nginx-options.
The nginx.virtualHosts option isn't merged yet. We can re-enable these
features when https://github.com/NixOS/nixpkgs/pull/15862 is merged.
2016-07-22 09:54:25 +02:00
Rok Garbas
d73c115aa4 Merge pull request #16132 from zohl/tt-rss
tt-rss service: init at 16.3
2016-07-21 20:48:18 +02:00
Al Zohali
98e419c0e2 tt-rss service: init at 16.3 2016-07-21 20:46:35 +03:00
Eelco Dolstra
a78ecb0d33 Remove nixos.tests.boot.biosUsb.* as release blockers
These have a high random failure rate, blocking channel updates. Issue
2016-07-21 11:44:55 +02:00
Michele Guerini Rocco
267e362fbc syncthing: Allow the user service to be enabled with systemctl (#17136) 2016-07-21 04:49:58 +02:00
Robin Gloster
1f04b4a566 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-07-21 00:56:43 +00:00
ben smith
e641974f06 MySQL Replication (that actually works) (#7198)
Improves replication functionality by:
 * adding slaveHost on the 'master' role
 * adds slave user to master with replication only permissions
2016-07-21 02:15:55 +02:00
Rok Garbas
db7b4fb073 Merge pull request #6846 from wizeman/u/zfs-auto-snap-flags
nixos: ZFS auto-snapshot improvements
2016-07-21 01:53:11 +02:00
davidak
83bdc8e858 caddy service: add options to change ACME certificate authority (#16969)
and agree to let's encrypt subscriber agreement
2016-07-21 01:51:09 +02:00
cransom
4a9b640f37 smokeping: init at 2.6.11 (#17090)
Includes a module for service setup and a test
to verify functionality of both service and pkg.
2016-07-21 01:07:59 +02:00
Rok Garbas
760da3e3f3 nixos: init programs.xonsh 2016-07-21 00:55:36 +02:00
Nikolay Amiantov
3cc54bbad9 Merge pull request #17082 from abbradar/fix-early-kbd
Use new early kbd-setting code in initrd and fix layouts from external packages
2016-07-20 23:52:45 +04:00
Bjørn Forsman
78eac466b0 nixos/ddclient: add warning about password being world readable
Closes #16885.
2016-07-19 16:51:42 +02:00
Matthew Justin Bauer
802a700373 virtualbox: fix virtualbox guest additions (#16964) 2016-07-19 13:55:44 +02:00
Robin Gloster
203846b9de Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-07-19 10:37:02 +00:00
Svein Ove Aas
9a8e0d1c2e zfs: Force sync on shutdown (#16903) 2016-07-19 09:57:13 +02:00
Christian Kauhaus
3530f3f20a systemd: make ctrl-alt-del target configurable. (#16911)
We currently only allow upstream's default of "reboot.target" due to the
way the symlinks are initialized. I made this configurable similar to the
default unit.
2016-07-19 09:42:53 +02:00
Eric Merritt
eb92804f91 nixos-containers: init package (#16959)
This moves nixos-containers into its own package so that it can be
relied upon by other packages/systems. This should make development
using dynamic containers much easier.
2016-07-19 08:13:06 +02:00
Nikolay Amiantov
9cc70b419c nixos/tests: add hibernation test 2016-07-19 05:20:02 +03:00
Nikolay Amiantov
399db54e35 nixos/qemu: don't recreate extra disks 2016-07-19 05:20:02 +03:00
Franz Pletz
febcd39afa nixos/grafana: set plugins path, fix image generation
Also add options to configure which organization should have anonymous access.
2016-07-19 00:18:12 +02:00
Jiri Marsicek
7d0990b594 pulseaudio module: add extraClientConf option 2016-07-19 00:14:58 +02:00
Nikolay Amiantov
cf64a7ecc0 kbd module: fix keymaps search for loadkeys 2016-07-18 23:46:38 +03:00
Nikolay Amiantov
7bed3d0cb3 nixos stage-1: move keymap handling to kbd module 2016-07-18 23:27:45 +03:00
Nikolay Amiantov
6f89369440 libinput service: add libinput to udev packages
See #17054
2016-07-18 17:14:34 +03:00
Nikolay Amiantov
3d69653d6b plymouth service: stop splash screen before a failure prompt 2016-07-18 13:45:37 +03:00
Nikolay Amiantov
7513a1d2f5 plymouth service: update root fs before stage 2 2016-07-18 13:45:37 +03:00
Nikolay Amiantov
9cab592abd plymouth service: style fixes 2016-07-18 13:45:37 +03:00
Nikolay Amiantov
86ad25625f nixos stage-1: add custom pre failure dialog commands 2016-07-18 13:45:37 +03:00
obadz
08fe395074 nixos/tests/installer.nix: add curl on host machine
add curl so that rather than seeing the test attempt to download
curl's tarball, we see what it's trying to download.
2016-07-17 21:17:55 +01:00
Nikolay Amiantov
f4ea97ae90 Revert "nixos/tests/installer: Fix matching LUKS prompt"
This reverts commit ec072cbc4c.

See also 193ab8be67
2016-07-17 22:44:54 +03:00
Benno Fünfstück
336786addc nixos/lightdm: support greeter-less auto login
This adds configuration options for automatic login and disabling the
greeter (this should avoid the dependency on gtk).
2016-07-17 18:54:23 +02:00
Benno Fünfstück
8881f940a9 nixos/sddm: options documentation improvements 2016-07-17 18:54:23 +02:00
Benno Fünfstück
be625ad36b xsession: fix multiple arguments with logToJournal
KDM and LightDM (at least with autologin) call the xsession-script with
two arguments: the first is the path of the xsession script itself,
while the second one are the actual arguments. The line to re-exec the
script under systemd-cat only forwarded a single argument, therefore
breaking LightDM and KDM login. This commit fixes the issue by always
forwarding all the arguments.
2016-07-17 18:54:23 +02:00
Nikolay Amiantov
193ab8be67 Revert "nixos stage-1: try to quit plymouth if started on failure"
This reverts commit c69c76ca7e.

This patch was messed up during a rebase -- the commit title doesn't match what
it really does at all (it is actually a broken attempt to get LUKS passphrase
prompts in Plymouth).
2016-07-17 15:03:13 +03:00
aszlig
ec072cbc4c
nixos/tests/installer: Fix matching LUKS prompt
The LUKS passphrase prompt has changed from "Enter passphrase" to "Enter
LUKS Passphrase" in c69c76ca7e, so the OCR
detection of the test fails indefinitely.

Unfortunately, this doesn't fix the test because we have a real problem
here:

Enter LUKS Passphrase:
killall: cryptsetup: no process killed
Enter LUKS Passphrase:

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @abbradar
2016-07-17 11:20:25 +02:00
Michele Guerini Rocco
47f59a51e4 nixos/compton: add user service (#16652) 2016-07-17 02:25:38 +02:00
Frederik Rietdijk
24fdb7ce21 Merge pull request #16889 from grahamc/sysstat
sysstat: Create systemd service for historical sar data
2016-07-16 19:29:13 +02:00
Thomas Tuegel
b2cf5aabb0 nixos/kde5: add missing Plasma packages 2016-07-16 10:14:50 -05:00
Thomas Tuegel
32c1f05aed nixos/kde5: install missing frameworks 2016-07-16 10:14:48 -05:00
Thomas Tuegel
d3747a2261 kinit: use a setuid wrapper for start_kdeinit 2016-07-16 10:14:47 -05:00
Thomas Tuegel
888c66f97d nixos/kde5: disable setuid wrapper for kdeinit
We need to pass certain environment variables through the wrapper, but I
don't know how to do that yet. The setuid-root feature serves only to
hide kdeinit from the OOM killer, so this is not critical.
2016-07-16 10:14:46 -05:00
Thomas Tuegel
1cb4aacf18 nixos/kde5: fix paths to setuid programs 2016-07-16 10:14:45 -05:00
Joachim F
ed50ef318b Merge pull request #15848 from matthewbauer/packagekit
Add in PackageKit
2016-07-16 13:29:08 +02:00
Joachim F
8f43f111c0 Merge pull request #15840 from anderspapitto/pulse-jack
pulseaudio service: set DISPLAY
2016-07-16 13:26:39 +02:00
Joachim F
86ba20b3d8 Merge pull request #16686 from AndersonTorres/pekwm
pekwm: init at 0.1.17
2016-07-16 13:19:00 +02:00
Joachim Fasting
59c9a88a6b
grsecurity module: tweak lockTunables option description 2016-07-16 11:11:35 +02:00
Joachim Fasting
cef7150bc7
grsecurity module: grsecurity is not capitalized mid-sentence 2016-07-16 11:11:35 +02:00
Joachim Fasting
94824303be
grsecurity module: smarter container support
Only set tunables required for container support if there are any containers.
2016-07-16 11:11:35 +02:00
Joachim Fasting
c606b9876f
grsecurity module: enforce size overflows by default
It is better to make this conditional on whether the configuration contains a
known size overflow that could prevent the system from booting.
2016-07-16 11:11:35 +02:00
obadz
cfc0a5415b Revert "fontconfig: fix etc priority"
This reverts commit 1e53d4a777.

Closes #16983

cc @vcunat @ericsagnes @dezgeg
2016-07-15 20:44:21 +02:00
Robin Gloster
0749876016 Merge pull request #15957 from mayflower/sonarr_upstream
sonarr: init at 2.0.0.4146 + sonarr service
2016-07-15 17:34:18 +02:00
Bjørn Forsman
8c2d888401 jenkins: move $out/{lib => webapps}/jenkins.war
As pointed out by @danbst, the tomcat NixOS module expects packages
listed in services.tomcat.webapps to either be direct .war file paths or
have .war files inside a "webapps" directory.

Commit 4075c10a59
("jenkins: move .war file from $out to $out/lib/jenkins.war") broke
jenkins + tomcat. Fix it by moving jenkins.war to $out/webapps/.
2016-07-15 17:18:44 +02:00
Robin Gloster
5185bc1773 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-07-15 14:41:01 +00:00
Tristan Helmich
ed466b7fef sonarr service: initial service 2016-07-15 16:18:37 +02:00
Bjørn Forsman
4075c10a59 jenkins: move .war file from $out to $out/lib/jenkins.war
Fixes #14137, also known as:

  $ nix-shell -p jenkins
  bash: source: /nix/store/ln1yw6c2v8bb2cjqfr1z5aqcssw054wa-jenkins-2.3:
  cannot execute binary file
  [nix-shell exited with error]

The problem is that jenkins.war is not installed inside the directory
$out, but rather _as the file_ $out. Fix it by moving the file to
$out/lib/jenkins.war.

While at it, move buildCommand so that the "meta" section is at the end
of the expression (standard style), and quote shell variables.
2016-07-15 15:12:52 +02:00
Frederik Rietdijk
cfb4a19f51 Merge pull request #16967 from davidak/caddy-fix
caddy service: fix nix store output path
2016-07-15 12:26:18 +02:00
Eelco Dolstra
55eb18d212 Add some more info to the nixos-version manpage 2016-07-15 12:02:39 +02:00
Luca Bruno
4b8c31d981 gnome3: enable X libinput by default
See https://bugzilla.gnome.org/show_bug.cgi?id=764257#c12
2016-07-14 22:06:18 +01:00
davidak
d2164cfcda caddy service: fix nix store output path
systemd[11376]: caddy.service: Failed at step EXEC spawning /nix/store/ghpcwj6paccc92l1gk7ykb6gf2i2w6fi-go1.6-caddy-0.8.3/bin/caddy: No such file or directory
2016-07-14 22:04:55 +02:00
Vladimír Čunát
1b5ac05845 Merge branch 'staging'
Includes security fixes in gd and libarchive.
2016-07-14 15:51:28 +02:00
obadz
de80d0544c ecryptfs: add test to release-combined.nix 2016-07-14 11:52:50 +02:00
obadz
f76a8fbbac ecryptfs: add test to release (#16910)
Would have caught regression #16766
2016-07-13 14:57:13 +02:00
davidak
d97a107426 nixos-version: fix syntax error and add -h (#16906)
* nixos-version: fix syntax error

* nixos-version: add -h parameter
2016-07-13 09:11:32 +02:00
Nikolay Amiantov
d9aafc885f Merge branch 'early-kbd' into staging 2016-07-13 03:56:07 +03:00