Shea Levy
03b888e205
Merge branch 'stage2-generalise-containers' of https://github.com/rickynils/nixpkgs
2016-09-07 05:39:22 -04:00
Eelco Dolstra
70be99c645
Merge pull request #18365 from NixOS/fix-sshd-failure
...
Make /var/empty immutable (with chattr +i)
2016-09-07 11:18:49 +02:00
Domen Kožar
8f95e6f6aa
hardcode e2fsprogs, idempotent chmod, remove care condition
2016-09-07 10:49:27 +02:00
Rickard Nilsson
ab9537ca22
nixos: Generalise the container tests in stage-2 boot
...
This way, stage-2 behaves correctly also for libvirt-lxc containers.
Some more discussion on this:
a7a08188bf
bfe46a653b
2016-09-07 07:50:04 +00:00
Langston Barrett
492a90f1c9
dovecot service: require mail{User,Group} with sieveScripts
...
fixes #17702 .
2016-09-07 01:50:59 +00:00
Nikolay Amiantov
aed2cd32f8
nixos containers: hopefully fix test failures
...
Closes #18377 .
2016-09-07 02:55:48 +03:00
Franz Pletz
9190dbcc0e
Merge pull request #18366 from groxxda/acme-loop
...
security.acme: require networking for client, remove loop without fallbackHost
2016-09-06 23:02:07 +02:00
Domen Kožar
3877ec5b2f
Make /var/empty immutable
...
Fixes #14910 and #18358
Deployed to an existing server, restarted sshd and polkit to verify
they don't fail.
2016-09-06 20:13:33 +02:00
Thomas Tuegel
caac16a924
Merge pull request #18362 from ericsagnes/fix/im-description
...
input-methods modules: fix engine description
2016-09-06 11:42:28 -05:00
Alexander Ried
e84b803300
security.acme: remove loop when no fallbackHost is given
2016-09-06 17:47:00 +02:00
Alexander Ried
7f98dca782
security.acme: the client really needs networking
...
Actually this can be improved since the client only needs network
connectivity if it needs to renew the certificate.
2016-09-06 17:47:00 +02:00
Eelco Dolstra
98102ebd92
Enable the runuser command from util-linux
...
Fixes #14701 .
2016-09-06 17:23:27 +02:00
Eelco Dolstra
f2ddf2a9be
nix: 1.11.3 -> 1.11.4
2016-09-06 16:15:22 +02:00
Eelco Dolstra
1fef99942e
nixos-rebuild: Move the Nix fallback store paths into a separate file
2016-09-06 16:07:47 +02:00
Eric Sagnes
314c30cbf1
input-methods modules: fix engine description
2016-09-06 22:53:15 +09:00
obadz
3f1ceae281
Partially revert "Revert "nixos: remove rsync from base install and add explicit path in nixos-install""
...
This partially reverts commit 0aa7520670
.
Fine for rsync to be in system path but we still need the explicit path
in nixos-install in case it is invoked from non-NixOS systems and also
to fix OVA test failure
See also 0aa7520670
cc @edolstra
2016-09-06 11:49:03 +01:00
Eelco Dolstra
520cb14f16
Fix infinite recursion introduced by f3c32cb2c1
2016-09-05 18:17:22 +02:00
Eelco Dolstra
1a1a31c9d8
Merge pull request #18321 from groxxda/cleanup
...
various: minor cleanup
2016-09-05 17:11:45 +02:00
Eelco Dolstra
5b5c2fb9c0
Make the default fonts conditional on services.xserver.enable
...
We were pulling in 44 MiB of fonts in the default configuration, which
is a bit excessive for headless configurations like EC2
instances. Note that dejavu_minimal ensures that remote X11-forwarded
applications still have a basic font regardless.
2016-09-05 15:51:37 +02:00
Eelco Dolstra
f3c32cb2c1
Let services.openssh.forwardX11 imply programs.ssh.setXAuthLocation
2016-09-05 15:38:42 +02:00
Alexander Ried
53f3c2a278
systemd: add some missing upstream units
2016-09-05 15:03:46 +02:00
Alexander Ried
322c823193
agetty: remove override for container-getty@.service since it's upstream
...
Added in systemd/systemd@68ac53e
2016-09-05 15:03:35 +02:00
Alexander Ried
2fd6b36c51
networkd.module: remove before network-online
...
this is already upstream default
2016-09-05 15:03:35 +02:00
Alexander Ried
992c514a20
(network,remote-fs)-pre: remove duplicate wantedBy and before
...
this is part of (network,remote-fs).target, repectively
2016-09-05 15:03:35 +02:00
Eelco Dolstra
ab49ebe6fa
Make it possible to disable "info"
2016-09-05 14:53:27 +02:00
Eelco Dolstra
5e5df88457
modules/profiles/minimal.nix: Disable "man"
2016-09-05 14:53:27 +02:00
Eelco Dolstra
ba70ce28ae
no-x-libs.nix: Ensure that dbus doesn't use X11
...
It appears that packageOverrides no longer overrides aliases, so
aliases like
dbus_tools = self.dbus.out;
dbus_daemon = self.dbus.daemon;
now use the old, non-overriden version of dbus. That seems like a
pretty serious regression in general, but for this particular problem,
I've fixed it by replacing dbus_daemon by dbus.daemon and dbus_tools
by dbus.
2016-09-05 13:45:59 +02:00
Eelco Dolstra
0aa7520670
Revert "nixos: remove rsync from base install and add explicit path in nixos-install"
...
This reverts commit 582313bafe
.
Removing rsync is actually pointless because nixos-install depends on
it. So if it's part of the system closure, we may as well provide it
to users.
Probably with the next Nix release we can drop the use of rsync and
use "nix copy" instead.
2016-09-05 13:45:59 +02:00
Joachim Fasting
269f739ded
grsecurity module: set nixpkgs.config.grsecurity = true
2016-09-05 00:56:17 +02:00
Tom Hunger
d459916501
prometheus service: rename values to match prometheus 1.0 naming.
2016-09-04 20:03:45 +01:00
Benjamin Staffin
58869cf310
prometheus service: add
...
This is based on @benleys work: https://github.com/NixOS/nixpkgs/pull/8216
I updated changed the user and group ids.
2016-09-04 20:03:32 +01:00
Domen Kožar
393e646e4f
setuid-wrappers: correctly umount the tmpfs
2016-09-04 17:56:00 +02:00
Jaka Hudoklin
c083ab99b2
Merge pull request #17969 from offlinehacker/pkgs/etcd/update-3.0.6
...
Update etcd, improve nixos module, fix nixos tests
2016-09-04 16:31:50 +02:00
Rok Garbas
095c7aefe1
nixos/manual: mentioning other zsh options at program.zsh.enable
...
fixes #13224
2016-09-04 16:31:29 +02:00
Karn Kallio
8d977ead38
setuid-wrappers : Prepare permissions for running wrappers
...
The new setuid-wrappers in /run cannot be executed by users due to:
1) the temporary directory does not allow access
2) the /run is mounted nosuid
2016-09-04 03:19:32 +02:00
Alexander Ried
1542bddcc8
nixos-install.sh: Create /var ( #18266 )
...
Got lost in a6670c1a0b
2016-09-03 19:17:44 +02:00
Joachim F
3db5311be9
Merge pull request #18207 from tavyc/quagga-module
...
quagga service: init
2016-09-03 16:23:23 +02:00
Damien Cassou
f96cd1ea64
emacs module: Fix to get properly themed GTK apps
2016-09-03 08:25:25 +02:00
Tuomas Tynkkynen
e2c6740c37
Merge commit 'adaee73' from staging into master
...
This one was already merged into release-16.09, so let's not have the
stable branch is ahead of master and confuse things. In addition to
that, currently we have an odd situation that master has less things
actually finished building than in staging.
Conflicts:
pkgs/data/documentation/man-pages/default.nix
2016-09-03 01:02:51 +03:00
Vladimír Čunát
02217bf697
Merge #17838 : postgresql: Fix use with extensions
2016-09-02 20:09:40 +02:00
Octavian Cerna
a30d4654f2
quagga service: New NixOS module.
2016-09-02 13:59:51 +03:00
Rob Vermaas
d6dbe43af2
bightbox-image.nix: use lib in stead of stdenv.lib. Fixes #18208
2016-09-02 10:04:09 +00:00
Lancelot SIX
5b8072fff6
postgresql: Fix use with extensions
...
Fixes #15512 and #16032
With the multi output, postgresql cannot find at runtime what is its
basedir when looking for libdir and pkglibdir. This commit fixes that.
2016-09-02 11:51:21 +02:00
Nikolay Amiantov
608ee1c7b3
mjpg-streamer service: restart on failure
2016-09-02 11:44:16 +03:00
Luca Bruno
15bb6bb9d6
Merge pull request #15893 from groxxda/fix/accountsservice
...
accountsservice: refactor package and service
2016-09-02 08:16:10 +00:00
Domen Kožar
a6670c1a0b
Fixes #18124 : atomically replace /var/setuid-wrappers/ ( #18186 )
...
Before this commit updating /var/setuid-wrappers/ folder introduced
a small window where NixOS activation scripts could be terminated
and resulted into empty /var/setuid-wrappers/ folder.
That's very unfortunate because one might lose sudo binary.
Instead we use two atomic operations mv and ln (as described in
https://axialcorps.com/2013/07/03/atomically-replacing-files-and-directories/ )
to achieve atomicity.
Since /var/setuid-wrappers is not a directory anymore, tmpfs mountpoints
were removed in installation scripts and in boot process.
Tested:
- upgrade /var/setuid-wrappers/ from folder to a symlink
- make sure /run/setuid-wrappers-dirs/ legacy symlink is really deleted
2016-09-01 20:57:51 +02:00
Данило Глинський (Danylo Hlynskyi)
78cd9f8ebc
virtualbox: add headless build (without Qt dependency) ( #18026 )
2016-09-01 20:54:58 +02:00
Domen Kožar
d163882770
Merge pull request #18172 from Profpatsch/startAt-type
...
systemd-unit-options: startAt can be a list
2016-09-01 20:44:32 +02:00
Alexander Ried
1529641b52
accountsservice: add support for mutableUsers = false
...
Add code to accountsservice that returns an error if the environment
variable NIXOS_USERS_PURE is set. This variable is set from the nixos
accountsservice module if mutableUsers = false
2016-09-01 15:25:28 +02:00
Joachim Fasting
6df8de50f3
unbound service: whitespace fixes
2016-09-01 14:51:33 +02:00
Joachim Fasting
03c2c87ed6
unbound service: use mkEnableOption
2016-09-01 14:51:32 +02:00
Tuomas Tynkkynen
8c4aeb1780
Merge staging into master
...
Brings in:
- changed output order for multiple outputs:
https://github.com/NixOS/nixpkgs/pull/14766
- audit disabled by default
https://github.com/NixOS/nixpkgs/pull/17916
Conflicts:
pkgs/development/libraries/openldap/default.nix
2016-09-01 13:27:27 +03:00
Tuomas Tynkkynen
d02e5a7d8f
nixos/filesystems: Drop compat code for filesystems.*.options type
2016-09-01 12:18:33 +03:00
Eelco Dolstra
8172cd734c
docdev -> devdoc
...
It's "developer documentation", not "documentation developer" after
all.
2016-09-01 11:07:23 +02:00
Domen Kožar
f5271680c4
Fixes #14831 by using full path for binaries used in install-grub.pl
...
Both btrfs-progs and utillinux are ~5MB, we may discuss in future
to handle this better but I see no better way at the moment than
increaing purity in the install process.
2016-09-01 10:36:38 +02:00
Domen Kožar
2a7293fd9d
install-grub.pl: fix a double slash prefix bug
2016-09-01 10:14:44 +02:00
Domen Kožar
5e5b0d039c
install-grub.pl: add comments
2016-09-01 10:14:44 +02:00
Profpatsch
488f0d9cb3
systemd-unit-options: startAt can be a list
...
OnCalendar entrys can be specified multiple times in a systemd timer, to
make more complex scheduling possible.
Tested by manually checking the timer generated by the following:
systemd = {
services.huhu = {
description = "meh";
wantedBy = [ "default.target" ];
serviceConfig.ExecStart = "/bin/sh -c 'printf HUHU!'";
startAt = [ "*:*:0/30" "*:0/1:15" ];
};
};
It prints HUHU to the log at seconds 0, 15 and 30 of each minute.
2016-09-01 00:39:36 +02:00
Tuomas Tynkkynen
16b3e26da4
audit: Disable by default
...
Because in its default enabled state it it causes a global performance
hit on all system calls (https://fedorahosted.org/fesco/ticket/1311 ) and
unwanted spam in dmesg, in particular when using Chromium
(https://github.com/NixOS/nixpkgs/issues/13710 ).
2016-08-31 23:15:41 +03:00
Tuomas Tynkkynen
5eff0b990c
audit service: Explicitly call auditctl to disable everything
...
Otherwise, journald might be starting auditing.
Some reading:
- https://fedorahosted.org/fesco/ticket/1311
- https://github.com/systemd/systemd/issues/959
- 64f83d3087
2016-08-31 23:15:32 +03:00
obadz
a3621b1047
nixos/…/swap.nix: add some safety assertions for randomEncryption
2016-08-31 15:29:11 +01:00
Domen Kožar
d8d75ddec6
Revert "setuid-wrappers: Update wrapper dir atomically."
...
This reverts commit ee535056ce
.
It doesn't work yet.
2016-08-31 16:25:18 +02:00
Nikolay Amiantov
4499a505ed
hidepid service: use new boot.specialFileSystems
2016-08-31 17:16:41 +03:00
Nikolay Amiantov
a4879c44c9
Merge pull request #18160 from obadz/swap-encryption
...
nixos/…/swap.nix: remove backslashes from deviceName
2016-08-31 17:59:45 +04:00
Nikolay Amiantov
7fa8c424bd
nixos filesystems: move special filesystems to a dedicated option
...
Fixes #18159 .
2016-08-31 16:50:13 +03:00
obadz
a7d238136d
nixos/…/swap.nix: remove backslashes from deviceName
...
Fixes #8277
Prior to this, backslashes would end up in fstab and the swap partition
was not activated. Swap files seemed to work fine.
2016-08-31 14:40:21 +01:00
Shea Levy
ee535056ce
setuid-wrappers: Update wrapper dir atomically.
...
Fixes #18124 .
2016-08-31 08:00:57 -04:00
zimbatm
17dbfeb450
Merge pull request #18152 from roblabla/bugfix-zeroTierOneConfigurablePackage
...
zerotierone: make package configurable
2016-08-31 12:34:59 +01:00
roblabla
caa1350e07
zerotierone: make package configurable
2016-08-31 12:39:55 +02:00
Domen Kožar
da421bc75f
Fix #4210 : Remove builderDefs
...
This was one of the ways to build packages, we are trying
hard to minimize different ways so it's easier for newcomers
to learn only one way.
This also:
- removes texLive (old), fixes #14807
- removed upstream-updater, if that code is still used it should be in
separate repo
- changes a few packages like gitit/mit-scheme to use new texlive
2016-08-31 11:34:46 +02:00
Mango Chutney
40d2fa2a1b
Don't break grow-partition
2016-08-31 03:06:46 +00:00
Nathan Zadoks
f503f648b3
virtualbox-image module: enable partition / filesystem growth
2016-08-30 16:48:05 -04:00
Nathan Zadoks
346c31000b
amazon-grow-partition module: rename to grow-partition
2016-08-30 16:48:04 -04:00
Nathan Zadoks
1de8e1b02e
amazon-grow-partition module: autodetect the root device
2016-08-30 16:48:04 -04:00
Nikolay Amiantov
509733a343
Merge pull request #17822 from abbradar/systemd-mounts
...
nixos filesystems: unify special filesystems handling
2016-08-30 22:42:19 +04:00
Domen Kožar
e561edc322
update-users-groups.pl: correctly guard duplicate uids for declarative users
...
Verified that following nixos configuration:
users.users.foo = {
uid = 1000;
name = "foo";
};
users.users.bar = {
name = "bar";
};
Before this commit both users will get uid of 1000, after it's applied
bar will correctly get 1001.
2016-08-30 17:14:14 +02:00
Eelco Dolstra
83103dc267
Merge pull request #18104 from ericsagnes/feat/nixos-manual-gen-cleanup
...
nixos manual: cleanup generation
2016-08-30 10:35:18 +02:00
obadz
03b9a159fe
opensmtpd nixos module: chmod & chown until the daemon's heart's content
2016-08-30 02:13:22 +01:00
Eric Sagnes
b50e627ef6
nixos manual: cleanup generation
2016-08-30 09:40:05 +09:00
Joachim Fasting
dab32a1fa6
nixos manual: move chapter on grsecurity to auto-generated module docs
2016-08-29 23:48:12 +02:00
Joachim Fasting
d78e0ed1f9
dnscrypt-proxy module: move detailed info to module documentation
2016-08-29 23:48:12 +02:00
Joachim Fasting
68210aa772
dnscrypt-proxy module: serviceConfig.Group is redundant
...
Same as user's primary group if left unspecified
2016-08-29 23:48:12 +02:00
Joachim Fasting
23a7e6e911
dnscrypt-proxy module: formatting
2016-08-29 23:48:11 +02:00
Vladimír Čunát
4f73633f26
treewide: stop using fontbhttf
2016-08-29 22:28:50 +02:00
Guillaume Maudoux
3aef93e8f0
nixos/containers: Process config like toplevel options ( #17365 )
2016-08-29 18:25:50 +02:00
Eelco Dolstra
2755bcfa7c
In $NIX_PATH, use nixpkgs=...
...
This is required by the "nix" command to find Nixpkgs.
2016-08-29 17:50:25 +02:00
Robin Gloster
e17bc25943
Merge remote-tracking branch 'upstream/master' into staging
2016-08-29 00:24:47 +00:00
Thomas Tuegel
1074c159f7
nixos/cpu-freq: list correct default governor in description
2016-08-28 17:14:37 -05:00
obadz
92d929c884
Merge branch 'master' into staging
2016-08-28 14:48:02 +01:00
obadz
4f299fdd53
nixos/modules/rename.nix: fix eval error
...
cc @Profpatsch @joachifm @domenkozar
2016-08-28 14:47:24 +01:00
obadz
c7142c1aa3
Merge branch 'master' into staging
2016-08-28 13:33:13 +01:00
Domen Kožar
e01e92f12f
Merge pull request #15025 from ericsagnes/modules/manual
...
manual: automatically generate modules documentation
2016-08-28 13:57:34 +02:00
Domen Kožar
4af09e0031
Merge pull request #14311 from Profpatsch/mkRemovedOptionModule-replacement
...
mkRemovedOptionModule: add replacement argument
2016-08-28 13:55:28 +02:00
obadz
57ddc155fc
Merge branch 'master' into staging
...
Conflicts:
pkgs/games/scummvm/default.nix
2016-08-28 12:20:59 +01:00
obadz
f0da094b2e
virtualbox-image: remove raw image (hopefully fixes ova tests)
...
See also 80660f8
2016-08-28 11:33:15 +01:00
Bjørn Forsman
26f65ae860
nixos/redis: enforce owner/perms on /var/lib/redis ( #18046 )
...
Previously it was only set once, now it is enforced on each start-up of
redis.service. Also set _ownership_ recursively, so that the
/var/lib/redis/dump.rdb file is guaranteed to be accessible by the
currently configured redis user.
Fixes issue #9687 , where redis wouldn't start because /var/lib/redis had
wrong owner.
2016-08-28 08:05:14 +00:00
obadz
3de6e5be50
Merge branch 'master' into staging
...
Conflicts:
pkgs/applications/misc/navit/default.nix
pkgs/applications/networking/mailreaders/alpine/default.nix
pkgs/applications/networking/mailreaders/realpine/default.nix
pkgs/development/compilers/ghc/head.nix
pkgs/development/libraries/openssl/default.nix
pkgs/games/liquidwar/default.nix
pkgs/games/spring/springlobby.nix
pkgs/os-specific/linux/kernel/perf.nix
pkgs/servers/sip/freeswitch/default.nix
pkgs/tools/archivers/cromfs/default.nix
pkgs/tools/graphics/plotutils/default.nix
2016-08-27 23:54:54 +01:00
Nikolay Amiantov
6efcfe03ae
nixos filesystems: unify early filesystems handling
...
A new internal config option `fileSystems.<name>.early` is added to indicate
that the filesystem needs to be loaded very early (i.e. in initrd). They are
transformed to a shell script in `system.build.earlyMountScript` with calls to
an undefined `specialMount` function, which is expected to be caller-specific.
This option is used by stage-1, stage-2 and activation script to set up and
remount those filesystems. Options for them are updated according to systemd
defaults.
2016-08-27 13:38:20 +03:00
Nikolay Amiantov
3f70fcd4c1
Merge pull request #11484 from oxij/nixos-toposort-filesystems
...
lib: add toposort, nixos: use toposort for fileSystems to properly support bind and move mounts
2016-08-27 14:34:55 +04:00
obadz
80660f8261
virtualbox-image: use vmdk wrapper instead of vdi copy (avoids 1 disk copy)
2016-08-27 03:02:53 +01:00