Commit graph

3276 commits

Author SHA1 Message Date
Jakob Gillich
0f1de2ea9f miniupnpd: firewall config 2015-12-13 16:44:58 +01:00
Nikolay Amiantov
5250582396 nixos/acme: fix timer unit 2015-12-13 17:01:59 +03:00
Nikolay Amiantov
9e0257c104 Merge branch 'feature/simp_le-service' of https://github.com/mayflower/nixpkgs into mayflower-feature/simp_le-service 2015-12-13 17:01:42 +03:00
aszlig
02b568414d
nixos/test-instrumentation: Set vm.min_free_kbytes
We hit page allocation failures a lot at random for VM tests, in case of
my own Hydra when it comes to the installer tests. The reason for this
is that once the memory of the VM gets heavily fragmented the kernel is
unable to allocate new pages.

Setting vm.min_free_kbytes to 16MB forces the kernel to keep a minimum
of 16 MB free.

I've done some testing accross repeated runs of the installer tests with
and without vm.min_free_kbytes set. So accross 30 test runs for each
settings, all of the tests with the option being set passed while 14
tests without that sysctl option triggered page allocation failures.

Sure, running 30 tests is not a guarantee that 16MB is enough, but we'll
see how it turns out in the long run across all VM tests.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2015-12-13 03:18:10 +01:00
Thomas Tuegel
d6e3a8e921 nixos/kde5: enable SVG icons in GTK programs
Fixes #10758.
2015-12-12 14:35:10 -06:00
goibhniu
6a4b71afa5 Merge pull request #11294 from mayflower/service/shairport-sync
shairport-sync service: add module
2015-12-12 20:37:44 +01:00
Franz Pletz
6734127545 shairport-sync service: add module
Adds a new service module for shairport-sync. Tested with a local
and remote pulseaudio server. Needs to be run as a user in the pulse group
to access pulseaudio.
2015-12-12 20:30:47 +01:00
Thomas Tuegel
fac138a2f5 nixos/sddm: fix indentation 2015-12-12 11:36:45 -06:00
Thomas Tuegel
b07fa98f82 nixos/sddm: add setupScript and stopScript options
These options allow setting the start and stop scripts for the display
manager. Making these configurable is necessary to allow some hardware
configurations. Upstream ships empty scripts by default, anyway.
2015-12-12 11:31:26 -06:00
Franz Pletz
1685b9d06e nixos/acme: Add module documentation 2015-12-12 16:06:53 +01:00
Franz Pletz
9374ddb895 nixos/acme: validMin & renewInterval aren't cert-specific 2015-12-12 16:06:53 +01:00
Franz Pletz
0517d59a66 nixos/acme: Improve documentation 2015-12-12 16:06:52 +01:00
Franz Pletz
de24b00d41 nixos/simp_le: Rename to security.acme 2015-12-12 16:06:52 +01:00
Franz Pletz
e7362a877d nixos/simp_le: Use systemd for setting user and group
This is much cleaner and we don't depend on sudo.
2015-12-12 16:06:52 +01:00
Nikolay Amiantov
1641c19d0b nixos/simp_le: use /var/lib/simp_le as root dir by default
/etc on NixOS is regenerated on boot and there was movement
towards making it read-only -- so let's keep dynamic state elsewhere.
2015-12-12 16:06:52 +01:00
Nikolay Amiantov
6906baae5c nixos/simp_le: improve configuration options 2015-12-12 16:06:52 +01:00
Franz Pletz
612781e816 simp_le service: letsencrypt cert auto-renewal
This new service invokes `simp_le` for a defined set of certs on a regular
basis with a systemd timer. `simp_le` is smart enough to handle account
registration, domain validation and renewal on its own. The only thing
required is an existing HTTP server that serves the path
`/.well-known/acme-challenge` from the webroot cert parameter.

Example:

  services.simp_le.certs."foo.example.com" = {
    webroot = "/var/www/challenges";
    extraDomains = [ "www.example.com" ];
    email = "foo@example.com";
    validMin = 2592000;
    renewInterval = "weekly";
  };

Example Nginx vhost:

  services.nginx.appendConfig = ''
    http {
      server {
        server_name _;
        listen 80;
        listen [::]:80;

        location /.well-known/acme-challenge {
          root /var/www/challenges;
        }

        location / {
          return 301 https://$host$request_uri;
        }
      }
    }
  '';
2015-12-12 16:06:51 +01:00
Thomas Tuegel
3960ecb933 Merge branch 'plasma-5.5' 2015-12-11 07:21:50 -06:00
Thomas Tuegel
b858a32d27 nixos/kde5: enable Breeze SDDM theme 2015-12-11 07:09:08 -06:00
Thomas Tuegel
78a6d62b48 sddm: wrap to include themes 2015-12-11 07:09:07 -06:00
Thomas Tuegel
8a1682ce3f nixos/kde5: reformat Phonon backend package list 2015-12-11 07:08:33 -06:00
Thomas Tuegel
92a484bdf2 nixos/kde5: install Breeze icons if available 2015-12-11 07:08:33 -06:00
Thomas Tuegel
9b7ae36087 nixos/kde5: only install Orion if Breeze GTK unavailable 2015-12-11 07:08:33 -06:00
Thomas Tuegel
521d9e5064 nixos/kde5: comment on Oxygen icons move 2015-12-11 07:08:33 -06:00
Eelco Dolstra
b67fdd2068 Merge pull request #11628 from grwlf/allproxy
set all_proxy environment variable
2015-12-11 12:57:36 +01:00
Sergey Mironov
565707c57a set all_proxy environment variable 2015-12-11 11:20:00 +03:00
Arseniy Seroka
79d0fc45a9 Merge pull request #11565 from jgillich/rkt
rkt: add service
2015-12-11 08:04:44 +03:00
Jakob Gillich
c85ada394f rkt: add service 2015-12-11 05:53:20 +01:00
Arseniy Seroka
bc8d08a511 Merge pull request #11548 from jgillich/upnpd
miniupnpd: add service
2015-12-10 23:32:51 +03:00
Nicole Angel
c840974c24 grub: fix typo in variable name (trivial) 2015-12-10 19:52:08 +01:00
Ricardo M. Correia
3f842516a1 nixos.transmission: fix apparmor profile 2015-12-10 19:00:08 +01:00
Evgeny Egorochkin
c16f90f515 Azure image: update ssh key type, start before the Azure agent 2015-12-09 07:42:37 +02:00
Evgeny Egorochkin
6db67186f2 Azure image: package and add azure agent 2015-12-09 07:42:37 +02:00
Jakob Gillich
29871ee2dd miniupnpd: add service 2015-12-09 00:28:41 +01:00
Bjørn Forsman
2acf59efa4 nixos/redmine: improve assert message
Give the user more context.
2015-12-08 22:52:02 +01:00
Pascal Wittmann
93d8671e2c nixos/rabbitmq: fix link to documentation 2015-12-08 20:14:33 +01:00
Jakob Gillich
80720501cb ddclient: fix ssl option 2015-12-08 11:11:14 +01:00
Gabriel Ebner
f4c01fc004 systemd: enable timedated, hostnamed, localed. 2015-12-07 20:25:53 +01:00
Markus Wotringer
9a350d5f1e cntlm: refactor to systemd service, fixes #11339 2015-12-07 15:40:43 +01:00
Jakob Gillich
6c9931c556 shout: fix preStart, fixes #11516
preStart must be a string
2015-12-07 15:24:29 +01:00
Rodney Lorrimar
b13b9489ad pump.io service: init
Pump.io runs its web server as a standalone service listening on
443. It's also possible to put the service behind a HTTP reverse proxy.
2015-12-06 13:35:21 +00:00
Tobias Geerinckx-Rice
214a9537c8 hostapd service: improve option descriptions 2015-12-05 23:42:56 +01:00
Arseniy Seroka
86c3f435d1 Merge pull request #11415 from zenhack/dwm-wm
xserver: dwm as a window manager
2015-12-05 13:49:45 +03:00
Vladimír Čunát
263fd55d4b Merge recent staging built on Hydra
http://hydra.nixos.org/eval/1231884
Only Darwin jobs seem to be queued now,
but we can't afford to wait for that single build slave.
2015-12-05 11:11:51 +01:00
Nikolay Amiantov
cf3202acac nixos/bumblebee: update for new packages 2015-12-05 00:54:09 +03:00
Nikolay Amiantov
ae7ff02081 tlp: use module_init_tools, avoid recompilation for nixos 2015-12-05 00:54:09 +03:00
Christoph Hrdinka
e2720bfb70 nsd service: use mkEnableOption 2015-12-04 16:13:02 +01:00
Moritz Ulrich
ff66ac9dd0 Fix evaluation after merge of #11450. 2015-12-04 15:40:47 +01:00
Arseniy Seroka
6d8bb1f629 Merge pull request #11450 from AndersonTorres/nixos-modules-window-managers
Getting rid of mkOption in NixOS window manager modules
2015-12-04 16:33:22 +03:00
Arseniy Seroka
0c05f14d53 Merge pull request #10535 from roblabla/feature-updateGitlab8.0.5
gitlab: 7.4.2 -> 8.0.5
2015-12-04 16:30:09 +03:00