Commit graph

15181 commits

Author SHA1 Message Date
Jan Hrnko
6868807c2f nixos/redis: port test to python 2019-11-06 15:57:56 +01:00
Jan Hrnko
9ca60eda5a nixos/radarr: port test to python 2019-11-06 15:56:04 +01:00
Maximilian Bosch
abe853b84c
Merge pull request #70336 from abbradar/synapse-ipv6
matrix-synapse service: blacklist local IPv6 addresses by default
2019-11-06 13:14:04 +01:00
Marijan
af117c388b nixos/borgbackup: port test to python 2019-11-06 12:46:24 +01:00
Marijan
54cc018b1e nixos/boot-stage1: port test to python 2019-11-06 12:46:24 +01:00
Marijan
44e6c84ea1 nixos/bind: port test to python 2019-11-06 12:46:24 +01:00
Marijan
db54622145 nixos/beanstalkd: port test to python 2019-11-06 12:46:24 +01:00
Marijan
f794de4e31 nixos/bcachefs: port test to python 2019-11-06 12:46:24 +01:00
Marijan
0f96f9f038 nixos/avahi: port test to python 2019-11-06 12:46:24 +01:00
Marijan
e86b9b9f08 nixos/atd: port test to python 2019-11-06 12:46:24 +01:00
Jan Hrnko
3803abae68 nixos/snapper: port test to python 2019-11-06 12:44:51 +01:00
Jan Hrnko
1b6ca29f6d nixos/strongswan-swanctl: port test to python 2019-11-06 12:43:08 +01:00
Jan Hrnko
c0c04737ed nixos/telegraf: port test to python 2019-11-06 12:40:43 +01:00
Jan Hrnko
8060e76037 nixos/xautolock: port test to python 2019-11-06 12:30:29 +01:00
Jan Hrnko
6ea7ba4d69 nixos/moodle: port test to python 2019-11-06 12:27:14 +01:00
worldofpeace
3485204442 nixos/corefonts: remove
4 years ago in 7edb27b7af the option was made
hidden. We should just remove the module and use mkRemovedOptionModule.
2019-11-06 02:47:00 -05:00
Jan Hrnko
650ccb604b nixos/morty: port test to python 2019-11-06 07:58:22 +01:00
Jan Hrnko
38b2e18faa nixos/upnp: port test to python 2019-11-06 07:54:45 +01:00
Jan Hrnko
13febec464 nixos/zookeeper: port test to python 2019-11-06 07:54:37 +01:00
Jan Hrnko
49914d7d8b nixos/yabar: port test to python 2019-11-06 07:54:16 +01:00
Jan Hrnko
274fb7e0b9 nixos/trickster: port test to python 2019-11-06 07:17:39 +01:00
worldofpeace
5efe49ce67 nixosTests.fontconfig-default-fonts: port to python 2019-11-05 19:51:48 -05:00
worldofpeace
e73c93d8e6
Merge pull request #72834 from mweinelt/pr/tests/migrate-python
nixos/tests: migrate my tests to python
2019-11-05 21:33:50 +00:00
Jan Hrnko
23340a21b6 nixos/trezord: port test to python 2019-11-05 21:45:12 +01:00
Jan Hrnko
5768950f01 nixos/trac: port test to python 2019-11-05 21:45:02 +01:00
Jan Hrnko
6465a56d38 nixos/metabase: port test to python 2019-11-05 21:44:51 +01:00
Izorkin
9a27acedda nixos/phpfpm: fix apply global phpOptions 2019-11-05 23:22:30 +03:00
Jacek Galowicz
d6b7a9909e nixos/firefox: Port integration test to python 2019-11-05 18:07:05 +01:00
Jacek Galowicz
45b339b736 nixos/tests: Implement python test-driver version of getWindowNames and waitForWindow 2019-11-05 18:07:05 +01:00
Jacek Galowicz
fdb72f68ad nixos/matrix-synapse: Port integration test to python 2019-11-05 18:07:04 +01:00
Jacek Galowicz
9c54658226 nixos/tests: Implement python test-driver version of requireActiveUnit 2019-11-05 18:07:00 +01:00
Florian Klink
5fecc35bb2 nixos/vault: convert test to python 2019-11-05 16:57:08 +01:00
EEva (JPotier)
9b78e5f35d vault: fix config when file backend is used
When the option services.vault.storageBackend is set to "file", a
systemd.tmpfiles.rules was added, with extraneous []. These are not
needed and have been removed.
2019-11-05 16:54:34 +01:00
Martin Weinelt
014970bc17
nixos/knot: add myself as maintainer for test 2019-11-05 16:19:44 +01:00
Martin Weinelt
76df6d67ea
nixos/knot: port test to python 2019-11-05 16:19:40 +01:00
Martin Weinelt
e13f4057e4
nixos/babeld: port test to python 2019-11-05 16:19:35 +01:00
Colin L Rice
c861f8083d sd-image: Add the compressed file path for hydra.
This makes the nixos on arm user instructions work again.
2019-11-05 10:10:51 -05:00
Jan Tojnar
9d36ef765c
gjs: various improvements (#72805)
gjs: various improvements
2019-11-05 16:00:24 +01:00
Florian Klink
c3566c7a4f
Merge pull request #70352 from wucke13/systemd-importd
systemd: add systemd-importd
2019-11-05 15:42:44 +01:00
Eelco Dolstra
50ea99cbc1
nixos/tests/quake3.nix: Remove
This was a demo of the VM testing approach in an old paper but there's
no need to keep it around.
2019-11-05 15:14:30 +01:00
Eelco Dolstra
aa98348f88
jormungandr: Remove
This is a good example of a package/module that should be distributed
externally (e.g. as a flake [1]): it's not stable yet so anybody who
seriously wants to use it will want to use the upstream repo. Also,
it's highly specialized so NixOS is not really the right place at the
moment (every NixOS module slows down NixOS evaluation for everybody).

[1] https://github.com/edolstra/jormungandr/tree/flake
2019-11-05 15:00:58 +01:00
Frederik Rietdijk
c4e30cf98c Merge staging-next into staging 2019-11-05 14:18:08 +01:00
Marijan
7d98a8ba77 nixos/simple: port test to python 2019-11-05 12:00:26 +01:00
Marijan
16d2fccfd9 nixos/nix-generate-config: port test to python 2019-11-05 12:00:26 +01:00
Marijan
1afa50aef1 nixos/fsck: port test to python 2019-11-05 12:00:26 +01:00
Marijan
04f0961627 nixos/transmission: port test to python 2019-11-05 12:00:26 +01:00
Marijan
daa97862b5 nixos/tor: port test to python 2019-11-05 12:00:26 +01:00
Marijan
b786c1be04 nixos/openssh: port test to python 2019-11-05 12:00:19 +01:00
John Ericson
acd2d19484
Merge pull request #72347 from NixOS/bash-no-undef-vars
treewide: `set -u` everywhere
2019-11-04 19:52:33 -05:00
Jan Tojnar
3d89ead7c6
gjs: move to top-level 2019-11-05 00:47:04 +01:00
Julian Stecklina
40396a7e12 nixos/zfs: convert test to python 2019-11-04 23:51:10 +01:00
Jacek Galowicz
48508da01e nixos/automysqlackup: Port test to python 2019-11-04 23:51:10 +01:00
Jacek Galowicz
986a1eb32b nixos/ammonite: Port test to python 2019-11-04 23:51:10 +01:00
Jacek Galowicz
e5ee596263 nixos/acme: Port test to python 2019-11-04 23:51:10 +01:00
Jacek Galowicz
d4a5ea5219 nixos/boot: Port test to python 2019-11-04 23:51:10 +01:00
Jana Traue
cdd4d4fadf nixos/wireguard: convert generated test to python 2019-11-04 23:51:10 +01:00
Jana Traue
baec88a119 nixos/wireguard: convert default test to python 2019-11-04 23:51:09 +01:00
Jana Traue
8b12f0ddcc nixos/quake3: convert test to python 2019-11-04 23:51:09 +01:00
Julian Stecklina
2af2d59fd6 nixos/emacs-daemon: convert test to python 2019-11-04 23:51:09 +01:00
Jana Traue
9b33b5d38c nixos/gitea: convert test to python 2019-11-04 23:51:09 +01:00
Jacek Galowicz
8eead58520 nixos/postgres: Port test to python 2019-11-04 23:51:09 +01:00
Jacek Galowicz
75d3e810d6 nixos/bittorrent: Port test to python 2019-11-04 23:51:09 +01:00
Jacek Galowicz
be48c5c571 nixos/login: Port test to python 2019-11-04 23:51:09 +01:00
Jacek Galowicz
7d19c5aaa7 nixos/test: Pythonify documentation 2019-11-04 23:50:50 +01:00
Florian Klink
ac97edf013 nixos/test: use ptpython as repl 2019-11-04 23:50:27 +01:00
Jacek Galowicz
3a28fefe7d nixos/test: Port test driver to python
Thanks @blitz and @jtraue for help with implementing machine methods
2019-11-04 23:50:27 +01:00
Robin Gloster
db502b034f
Merge pull request #71139 from philandstuff/ssh-agent-pkcs11-whitelist
ssh-agent: add agentPKCS11Whitelist option
2019-11-04 22:16:06 +01:00
Gabriel Ebner
cb8423d19b
Merge pull request #72698 from gebner/digimend-drivers
digimend drivers for graphics tablets
2019-11-04 21:19:06 +01:00
Marek Mahut
e51f707437
Merge pull request #72729 from mmahut/trac
nixos/trac: init
2019-11-04 17:53:49 +01:00
Aaron Andersen
5c3715379d nixos/httpd: allow user to specify a minimal list of apache modules 2019-11-04 11:21:20 -05:00
Max Veytsman
de1cbcc692 nixos/nat: fix typo in comment
This iptables directive is marking packets coming from the internal interfaces so they can later be NATed by the rule in 22378e6996/nixos/modules/services/networking/nat.nix (L38-L42) .

Fix the comment accordingly.
2019-11-04 17:00:22 +01:00
Linus Heckemann
6f41b1c842
Merge pull request #68193 from chkno/nixos-option-rewrite
nixos-option C++ rewrite with --all
2019-11-04 16:55:04 +01:00
Robin Gloster
754e315fb5 release-notes 20.03: added notice for rewritten nixos-option 2019-11-04 15:14:42 +01:00
Chuck
1e7985942b snake_case -> camelCase 2019-11-04 15:11:45 +01:00
Chuck
445145d5b9 Support aggregate types attrsOf and listOf 2019-11-04 15:11:45 +01:00
Chuck
a3e31df4d7 (clang-format for has_example) 2019-11-04 15:11:45 +01:00
Chuck
57a5752300 Add maintainer 2019-11-04 15:11:45 +01:00
Chuck
5646240870 Only print example when there is one 2019-11-04 15:11:45 +01:00
Chuck
4d17d5b31f snake_case -> camelCase 2019-11-04 15:11:45 +01:00
Chuck
84d55716a9 Don't print header on stderr
Automated consumers can use 'sed 1d' or similar to remove this header.

This probably makes this output *easier* to consume correctly.  Having
this header show up in consumers' terminal or log output is probably not
useful, but hiding it without hiding all error messages would have been
more troublesome that just stripping it from stdout.

I.e., previously, unsophisticated use would show undesired output:
  $ some-other-tool
  This attribute set contains:
  This attribute set contains:
  This attribute set contains:
  This attribute set contains:
  <Actual some-other-tool output>

The simplest way to hide this undesired output would have been
nixos-option ... 2>/dev/null, which would hide all error messages.
We do not wish to encourage that.

Correct use would have been something like:
  nixos-option ... 2> >( grep --line-buffered -v 'This attribute set contains:')

After this change, correct use is simpler:
  nixos-option ... | sed 1d
or
  nixos-option ... | sed '1/This attribute set contains:/d'
if the caller don't know if this invocation of nixos-option will yield
an attribute listing or an option description.
2019-11-04 15:11:45 +01:00
Chuck
2ddd2d0760 Explain why header goes on stderr 2019-11-04 15:11:45 +01:00
Chuck
94a068fe36 Pass values by reference
Switch from convention "appease clang-tidy --checks='*'" to
"References are like non-nullptr pointers".  The clang-tidy check
"google-runtime-references" complains about non-const reference
arguments, but this is not a convention used in Nix.
2019-11-04 15:11:45 +01:00
Chuck
3d3ce8df7f Pass Context by reference
Switch from convention "appease clang-tidy --checks='*'" to
"References are like non-nullptr pointers".  The clang-tidy check
"google-runtime-references" complains about non-const reference
arguments, but this is not a convention used in Nix.
2019-11-04 15:11:45 +01:00
Chuck
c967e3fd3e Hold state and autoArgs by reference
Switch from convention "appease clang-tidy --checks='*'" to
"References are like non-nullptr pointers".  The clang-tidy check
"google-runtime-references" complains about non-const reference
arguments, but this is not a convention used in Nix.
2019-11-04 15:11:45 +01:00
Chuck
c457766a1f Use std::get_if 2019-11-04 15:11:45 +01:00
Chuck
88183eb484 Per reviewer request, cast the other side.
I don't think this matters.  As long as one or the other of these is
a std::string, I get an operator== that looks at content rather than
pointer equality.  I picked casting the constant over casting the dynamic
thing in hopes that the compiler would have a better chance at optimizing
away any runtime cost.

Deferring to reviewer.
2019-11-04 15:11:45 +01:00
Chuck
aa8e1d5f1e Always say which path component had trouble 2019-11-04 15:11:45 +01:00
Chuck
c352bfeaf0 Switch from east const to west const
For consistency with the Nix C++ convention.

:~(
2019-11-04 15:11:45 +01:00
Chuck
b8db81573a Support submodules (Fixes #13121) 2019-11-04 15:11:45 +01:00
Chuck
88349921a4 clang-format 2019-11-04 15:11:45 +01:00
Chuck
6b405f9789 Fix missing "using ThrownError" 2019-11-04 15:11:45 +01:00
Chuck
0adf77e2ee Narrow the «not defined» check to just ThrownError 2019-11-04 15:11:45 +01:00
Chuck
c7c684aaa3 Preserve type of rethrown exceptions 2019-11-04 15:11:45 +01:00
Chuck
d89ccc1554 Correct syntax for license specification 2019-11-04 15:11:45 +01:00
Chuck
2336982957 Add license
This is important because this contains some code copied from nix (as an
interim expediency until that functionality can be exported via nix's
API).  The license specified here must be compatible with this borrowing.
Select the same license that nix is released under: lgpl2Plus.
2019-11-04 15:11:45 +01:00
Chuck
f3eedb6020 Parallel build is the default, so no need to specify 2019-11-04 15:11:45 +01:00
Chuck
e1ecc2b6c1 Remove list sorting 2019-11-04 15:11:45 +01:00
Chuck
36c00c1080 Use format strings, not concatenation, in error messages 2019-11-04 15:11:44 +01:00
Chuck
4af8dbf896 Reformat for 4-space indentation
Specifically, with
  clang-format --style='{ IndentWidth: 4, BreakBeforeBraces: Mozilla, ColumnLimit: 120, PointerAlignment: Middle }'
which was the clang-format invocation that produced the fewest diffs on
the nix source out of ~20 that I tried.
2019-11-04 15:11:44 +01:00
Chuck
74f05df671 nixos/nixos-option: Fix references to old name 2019-11-04 15:11:44 +01:00
Chuck
26c45dfec2 nixos/nixos-option: Show options' types #27920 2019-11-04 15:11:44 +01:00
Chuck
59c5bfc86b nixos/nixos-option: Rewrite in a more suitable language
Also add --all, which shows the value of all options.  Diffing the --all
output on either side of contemplated changes is a lovely way to better
understand what's going on inside nixos.
2019-11-04 15:11:44 +01:00
Aaron Andersen
9c28599bfe nixos/httpd: drop stateDir option, hardcode to /run/httpd 2019-11-04 07:32:28 -05:00
Marcello Sylvester Bauer
d6169284c4 nixos/libinput: apply options to all device types
Instead of assign the libinput options to touchpad devices only, it
should be appied by any device using libinput.
Due to the fact that `40-libinput.conf` already defines libinput as
driver for any detected input device, we can use `MatchDriver` to appy
options.
2019-11-04 13:02:08 +01:00
Donal Cahill
ddc35b13f6 roundcube: tests - add space to db password, check setup script worked 2019-11-04 10:03:00 +00:00
Wout Mertens
59e731b0ac
Merge pull request #55645 from eonpatapon/qemu-vm-drives
nixos/qemu-vm: declarative drives
2019-11-04 08:30:37 +01:00
Marek Mahut
794c919765
Merge pull request #68327 from mmilata/moin
nixos/moinmoin: init module
2019-11-03 21:36:12 +01:00
Gabriel Ebner
c2b54c59e8 nixos/digimend: init module 2019-11-03 17:32:46 +01:00
Matthew Bauer
88e69097fa
Merge pull request #72664 from contrun/patch-2
pam_mount: change order of lines in pam_mount.conf
2019-11-03 11:31:39 -05:00
Marek Mahut
e71b1e3363 tests: adding trac 2019-11-03 17:24:22 +01:00
Marek Mahut
f3b8d9bae3 nixos/trac: service init 2019-11-03 17:24:08 +01:00
Benjamin Hipple
3d73b6db85 nixos/nginx: update comment
It says Apache, but this is for Nginx; looks like a copy-paste error.
2019-11-03 10:22:56 -05:00
worldofpeace
4e2161f9ed nixos/xdg/sounds: add sound-theme-freedesktop 2019-11-03 10:19:26 -05:00
worldofpeace
4bdbbc1b33 nixos/gnome3: add sound-theme-freedesktop
I've noticed a similar issue in Pantheon, without this
sound theme installed there's no system sounds.
I believe it's because the gnome theme and the pantheon
theme inherit this one.
2019-11-03 10:19:25 -05:00
Alex Rice
66611546f0 brillo: init at 1.4.8 2019-11-03 14:42:43 +01:00
Florian Klink
52ed193ec7 nixosTests.systemd-nspawn: add test
This adds a test downloading an nspawn container via http, and ensures
sha256sum verification and gpg signature verification work.
2019-11-03 14:29:07 +01:00
Renaud
266d3dd7f6
Merge pull request #72187 from Izorkin/netdata-fix
nixos/netdata: add which to path
2019-11-03 14:06:51 +01:00
Renaud
a5807e79c9
Merge pull request #71507 from SRGOM/patch-11
nixos/x11/libinput: Document values for option
2019-11-03 12:30:09 +01:00
Peter Hoeg
8bddbbaf84
Merge pull request #72404 from peterhoeg/u/displaylink
displaylink: make it work!
2019-11-03 14:19:41 +08:00
B YI
f40f98a732
pam_mount: change order of lines in pam_mount.conf
Change order of pam_mount.conf.xml so that users can override the preset configs.

My use case is to mount a gocryptfs (a fuse program) volume. I can not do that in current order.

Because even if I change the `<fusermount>` and `<fuserumount>` by add below to extraVolumes
```
<fusemount>${pkgs.fuse}/bin/mount.fuse %(VOLUME) %(MNTPT) "%(before=\"-o \" OPTIONS)"</fusemount>
<fuseumount>${pkgs.fuse}/bin/fusermount -u %(MNTPT)</fuseumount>
```
mount.fuse still does not work because it can not find `fusermount`. pam_mount will told stat /bin/fusermount failed.

Fine, I can add a `<path>` section to extraVolumes
```
<path>${pkgs.fuse}/bin:${pkgs.coreutils}/bin:${pkgs.utillinux}/bin</path>
```
but then the `<path>` section is overridden by the hardcoded `<path>${pkgs.utillinux}/bin</path>` below. So it still does not work.
2019-11-03 12:43:01 +08:00
Maximilian Bosch
e017e96f76
Merge pull request #72612 from danielfullmer/gpg-agent-pinentry-doc-fix
nixos-generate-config: Fix incorrectly named option
2019-11-02 21:43:42 +01:00
wucke13
29ac226225 systemd: adding support for systemd-importd
Adding `systemd-importd` to the build, so that `machinectl`s `import-.*`
may actually do anything. Currently they fail with

```
Failed to transfer image: The name org.freedesktop.import1 was not provided by any .service files
```
as `systemd-importd` is not built. Also registers the regarding dbus
api and service in the systemd module.
2019-11-02 21:33:18 +01:00
Daniel Fullmer
c7b123a81a nixos-generate-config: Fix incorrectly named option
This appears to be a typo from c2576266ba
2019-11-02 15:46:16 -04:00
Florian Klink
bb4bf2fb46
Merge pull request #72094 from lejonet/ceph-tests
nixos/ceph: Rename old ceph test and add new multi-node test
2019-11-02 14:48:42 +01:00
Andreas Rammhold
5d5b1405a7
Merge pull request #68483 from chkno/optional-home-bin-in-path
nixos/shells-environment: Make ~/bin/ in $PATH optional
2019-11-02 14:27:24 +01:00
John Ericson
9df7efe0c6 stdenv: Don't stop set -u-ing
Before, we very carefully unapplied and reapplied `set -u` so the rest
of Nixpkgs could continue to not fail on undefined variables. Let's rip
off the band-aid.
2019-11-01 22:03:47 +00:00
Andrew Childs
bd61216f55 ec2/create-amis.sh: register root device as /dev/xvda
For the case of blkfront drives, there appears to be no difference
between /dev/sda1 and /dev/xvda: the drive always appears as the
kernel device /dev/xvda.

For the case of nvme drives, the root device typically appears as
/dev/nvme0n1.  Amazon provides the 'ec2-utils' package for their first
party linux ("Amazon Linux"), which configures udev to create symlinks
from the provided name to the nvme device name. This name is
communicated through nvme "Identify Controller" response, which can be
inspected with:

  nvme id-ctrl --raw-binary /dev/nvme0n1 | cut -c3073-3104 | hexdump -C

On Amazon Linux, where the device is attached as "/dev/xvda", this
creates:

- /dev/xvda  -> nvme0n1
- /dev/xvda1 -> nvme0n1p1

On NixOS where the device is attach as "/dev/sda1", this creates:

- /dev/sda1  -> nvme0n1
- /dev/sda11 -> nvme0n1p1

This is odd, but not inherently a problem.

NixOS unconditionally configures grub to install to `/dev/xvda`, which
fails on an instance using nvme storage. With the root device name set
to xvda, both blkfront and nvme drives are accessible as /dev/xvda,
either directly or by symlink.
2019-11-02 05:58:58 +09:00
Jörg Thalheim
b55a7a3a57
ec2-utils: init at 0.5.1, include in amazon-image profile (#67347)
ec2-utils: init at 0.5.1, include in amazon-image profile
2019-11-01 20:57:44 +00:00
Daniel Kuehn
6ac9d1fbdc
nixos/ceph: Rewrite old single-node test with new framework 2019-11-01 21:48:22 +01:00
Marek Mahut
43a0b4b31f
Merge pull request #72415 from 1000101/trickster
nixos/trickster: init
2019-11-01 15:39:50 +01:00
Jan Hrnko
4adb3dd7de nixos/trickster: add test 2019-11-01 14:10:53 +01:00
worldofpeace
a0b037b863
Merge pull request #72391 from urkud/gnupg-pinentry-gnome3
nixos/gnupg: add dbus dependencies for gnome3 pinentry
2019-11-01 13:02:21 +00:00
Yury G. Kudryashov
7240566f74 nixos/gnupg: add dbus dependencies for gnome3 pinentry 2019-11-01 08:58:11 -04:00
Daniel Kuehn
079dab7de1 Merge branch 'ceph-tests' of https://github.com/lejonet/nixpkgs into ceph-tests 2019-11-01 13:42:17 +01:00
Silvan Mosberger
dd0a47e7ae
treewide: Switch to system users (#71055)
treewide: Switch to system users
2019-11-01 13:26:43 +01:00
Daniel Kuehn
5fbf0cf5ce
nixos/ceph: Rename old ceph test and add new multi-node test to all-tests.nix 2019-11-01 13:21:04 +01:00
Jan Hrnko
9b0aefac86 nixos/trickster: init 2019-11-01 10:57:29 +01:00
Renaud
e69fd930ed
Merge pull request #72193 from Ma27/bump-nexus
nexus: 3.18.1-01 -> 3.19.1-01
2019-11-01 08:55:24 +01:00
Peter Hoeg
d936b17d14 nixos/displaylink: write out required xorg.conf fragment
Invoke xrandr to actually connect the device.

Additionally, we let systemd create the logs directory and use our module loader
instead of handling it manually.
2019-11-01 13:06:28 +08:00
ShaRose
9e2308ed80 nixos/dnsdist: Add CAP_NET_BIND_SERVICE to AmbientCapabilities
It seems that dnsdist doesn't actually request CAP_NET_BIND_SERVICE, which is why normally it's executed and root and setuids to another, unprivileged, user. This means that as it is, dnsdist will be unable to bind to any port under 1024 and will fail with access denied.

Removing CAP_SETGID and CAP_SETUID is also related to this as we don't actually change the uid or gid after the fact as we use DynamicUser. (That part isn't strictly NEEDED but there's no reason to have those capabilities if we don't use them).

There are also some additional sandboxing we can remove from the service definition as they are assumed true or strict by DynamicUser: specifically PrivateTmp and ProtectSystem respectively.

ProtectHome is still there, despite being assumed read-only as setting it to true means they are seen as empty. I don't think it really matters as I don't know if systemd will ignore it or not, but I didn't see any reason to go hunting for excuses to make it a bigger change.
2019-10-31 13:27:55 -02:30
worldofpeace
d5c639c545
Merge pull request #72281 from peterhoeg/f/geoclue
nixos/geoclue: minor cleanups
2019-10-31 13:58:25 +00:00
Peter Hoeg
0838d6d4cd nixos/geoclue: add worldofpeace as maintainer 2019-10-31 09:57:20 -04:00
Graham Christensen
cda4a36eda
Merge pull request #72186 from AmineChikhaoui/ec2-19-09-amis
ec2-amis.nix: add 19.09 amis
2019-10-31 11:13:11 +01:00
Marek Mahut
392b12f252
Merge pull request #72089 from prusnak/trezor-udev-rules
trezor-udev-rules: init at unstable-2019-07-17
2019-10-31 10:48:48 +01:00
Jörg Thalheim
c91a1be877
nixos/orangefs: init at 2.9.7, add modules and test (#67591)
nixos/orangefs: init at 2.9.7, add modules and test
2019-10-31 09:27:14 +00:00
adisbladis
3af4f88acd
nixos.pulseaudio: Remove bad recommendation to use pulseaudio in system-wide mode
Upstream Pulseaudio has always stated that system-wide is not
recommended and comes with a number of usability and security drawbacks.
2019-10-30 16:00:08 +00:00
Pavol Rusnak
d124858efe
trezor-udev-rules: init at unstable-2019-07-17 2019-10-30 15:15:22 +01:00
worldofpeace
bae09a1c39 nixosTests.fontconfig-default-fonts: re-add twitter-color-emoji 2019-10-30 15:03:26 +01:00
Florian Klink
992035cff0
Merge pull request #72007 from NinjaTrappeur/nin-acme-custom-dir-uri
nixos/acme: Custom ACME endpoint
2019-10-30 12:17:51 +01:00
Robin Gloster
a861855dfb
Merge pull request #72283 from urkud/fix-pinentry-sway
nixos/gnupg: fix pinentry in sway (fix a typo in 3c39093c0d)
2019-10-30 11:15:03 +01:00
Félix Baylac-Jacqué
781f0cf2ec nixos/tests/acme.nix: remove pebble custom endpoint patch
The recent custom endpoint addition allows us to directly point
certbot to the custom Pebble directory endpoint.

Thanks to that, we can ditch the Pebble patch we were using so far;
making this test maintenance easier.
2019-10-30 11:09:40 +01:00
Félix Baylac-Jacqué
5671fa2396 nixos/modules/security/acme.nix: add server option
Add a new option permitting to point certbot to an ACME Directory
Resource URI other than Let's Encrypt production/staging one.

In the meantime, we are deprecating the now useless Let's Encrypt
production flag.
2019-10-30 11:08:12 +01:00
Frederik Rietdijk
91a714000a nixos manual: refer to nix and nixpkgs manuals 2019-10-30 10:25:09 +01:00
Frederik Rietdijk
70bb2e4151 nixos manual: have a toc for each part and chapter
to be inline with the Nixpkgs manual. This makes navigating to
particular sections easier.
2019-10-30 10:25:09 +01:00
Frederik Rietdijk
d727754d9a nixos manual: move preface into own file 2019-10-30 10:25:09 +01:00
Frederik Rietdijk
227dff4e70 nixos manual: reduce toc depth
to reduce the amount of information presented.
2019-10-30 10:25:09 +01:00
Yury G. Kudryashov
1105cec98d gnupg: fix pinentry in sway (fix a typo in 3c39093c0d) 2019-10-30 02:00:39 -04:00
Aaron Andersen
722b99beb9
Merge pull request #69342 from Kiwi/matomo-updates
Matomo (module, package) updates
2019-10-29 23:09:27 -04:00
Peter Hoeg
d7ebe00453 nixos/geoclue: minor cleanups
- spawn the geoclue-agent directly instead of running it via bash
 - document why we cannot use DynamicUser = true
 - have systemd create the home directory instead of using an explicit
   tmpfiles.d fragment
2019-10-30 10:50:52 +08:00
Silvan Mosberger
90e30394f5
go-shadowsocks2: init at 0.0.11 (#67516)
go-shadowsocks2: init at 0.0.11
2019-10-30 01:05:59 +01:00
Martin Milata
605379bc62
nixos/matomo: add test 2019-10-29 21:02:39 +00:00
Robin Gloster
3c39093c0d
gnupg: fix pinentry on sway 2019-10-29 20:30:23 +01:00
Evils-Devils
5a78ce30d4 Fancontrol: add test etc from #70933 (#72065)
* lm_sensors: add fancontrol module + nixos test

fancontrol is a small script that checks temperature sensors and adapts
fan speeds accordingly. It reads a text config file that can be
auto-generated by running the pwmconfig wizard on the live system.
2019-10-29 15:06:32 +01:00
Daniel Kuehn
47604c7026
nixos/ceph: Rewrite test to take all important values from a single attrset 2019-10-29 15:00:28 +01:00
Frederik Rietdijk
980d658fbd nixos.tests.fontconfig-default-fonts: remove twitter-color-emoji 2019-10-29 13:53:04 +01:00
Maximilian Bosch
df7727042f
nexus: 3.18.1-01 -> 3.19.1-01
Relevant release notes:

* https://help.sonatype.com/repomanager3/release-notes/2019-release-notes#id-2019ReleaseNotes-RepositoryManager3.19.1
* https://help.sonatype.com/repomanager3/release-notes/2019-release-notes#id-2019ReleaseNotes-RepositoryManager3.19.0

Also added `preferLocalBuild = true;` to prevent builds on remote
machines as this only means elevated network access (tarball is fetched
locally and uploaded to the builder) and the build is fairly trivial.

To fix the startup I had to add the JVM parameter `java.endorsed.dirs`
to ensure that all libraries are loaded properly[1].

[1] https://issues.sonatype.org/browse/NEXUS-21603
2019-10-28 21:34:55 +01:00
Maximilian Bosch
47724fc77c
nixos/networkd: add ipv4-fallback and fallback as valid options to LinkLocalAddressing
Both options were introduced in systemd v243[1]. Those options can be
used to ensure that LinkLocalAddressing is only configured for a given
interface if DHCPv4 fails. To quote `systemd.network(5)`:

```
If "fallback" or "ipv4-fallback" is specified, then an IPv4
link-local address is configured only when DHCPv4 fails. If "fallback", an IPv6 link-local
address is always configured, and if "ipv4-fallback", the address is not configured. Note
that, the fallback mechanism works only when DHCPv4 client is enabled, that is, it requires
"DHCP=yes" or "DHCP=ipv4".
```

[1] 8bc17bb3f7
2019-10-28 20:51:17 +01:00
Izorkin
001b3d5764 nixos/netdata: add which to path 2019-10-28 21:20:57 +03:00
AmineChikhaoui
dc13a7f26a
ec2-amis.nix: add 19.09 amis
replace /home/deploy -> $HOME to allow running the script from outside
the bastion.
2019-10-28 14:04:20 -04:00
caadar
028dacdcfb cups: fix misleading comment 2019-10-28 16:48:34 +01:00
talyz
d5db11ccbd nixos/gitlab: Remove the old lib symlink in the state directory
Also, remove the old and unused PermissionsStartOnly definition in the
gitlab-workhorse systemd service.
2019-10-28 14:56:37 +01:00
talyz
041cbd860d nixos/gitlab: Abort on error and use of unset variables
Default behavior is to continue executing the script even when one or
multiple steps fail. We want to abort early if any part of the
initialization fails to not run with a partially initialized state.

Default behavior also allows dereferencing non-existent variables,
potentially resulting in hard-to-find bugs.
2019-10-28 14:56:37 +01:00
Silvan Mosberger
13b893fd9a
Merge pull request #72140 from alunduil/add-zfs-replication-to-module-list
nixos/zfs: add autoReplication to module list
2019-10-28 12:33:15 +01:00
Franz Pletz
5d22f7afe1
nixos/acme: fix staging endpoint url
fixes #72067
2019-10-28 10:12:39 +01:00
Linus Heckemann
e7a6123a07
Merge pull request #72080 from Infinisil/znapzend-improvements
Znapzend improvements
2019-10-28 09:43:49 +01:00
Robert Djubek
6ea626d3e2
nixos/matomo: fix deprecation warnings
Fixes the phpfpm deprecation warnings about listen and extraConfig by
using fpm.socket and settings. Removes phpfpmProcessManagerConfig.
2019-10-28 05:07:27 +00:00
Alex Brandt
a2d83bf8b9 nixos/zfs: add autoReplication to module list 2019-10-27 22:03:21 -07:00
Daniel Kuehn
db0787c87a nixos/ceph: Reduce RAM allocation for the test machines and change the sharing of the admin keyring to the shared directory instead of netcat 2019-10-27 16:56:52 +01:00
Frederik Rietdijk
059a572616 Merge staging-next into staging 2019-10-27 15:28:19 +01:00
Daniel Kuehn
916520151e nixos/ceph: Rename old ceph test and add new multi-node test
Rename the old ceph test to ceph-single-node and add a new test
ceph-multi-node. The ceph-single-node represents a dev cluster whereas
ceph-multi-node is closer to a prod cluster.
2019-10-27 13:46:05 +01:00
Silvan Mosberger
f124b7addc
nixos/znapzend: Increase starting timeout 2019-10-27 12:29:31 +01:00
Silvan Mosberger
698dfed2e6
nixos/znapzend: Add options for features 2019-10-27 12:06:18 +01:00
Silvan Mosberger
de357d5781
Merge pull request #65698 from Infinisil/system-users
Increase the system user id range
2019-10-27 10:41:39 +01:00
Vladimír Čunát
d9c5d584cd Merge branch 'master' into release-docs
It's been a very long time, so I think a merge will be better than
a rebase.  There was only one simple conflict.
2019-10-27 10:29:58 +01:00
Silvan Mosberger
5532065d06
nixos/acme: Fix allowKeysForGroup not applying immediately
Previously setting `allowKeysForGroup = true; group = "foo"` would not
apply the group permission change of the certificates until the service
gets restarted. This commit fixes this by making systemd restart the
service every time it changes.

Note that applying this commit to a system with an already running acme
systemd service doesn't fix this immediately and you still need to wait
for the next refresh (or call `systemctl restart acme-<domain>`). Once
everybody's service has restarted once this should be a problem of the
past.
2019-10-27 00:49:32 +02:00
Aaron Andersen
33474166e3
Merge pull request #69436 from tshaynik/fix/nextcloud-nginx-sts
nixos/nextcloud: add Strict-Transport-Security
2019-10-26 12:34:36 -04:00
Aaron Andersen
50e5139893 redmine: drop 3.4.x package 2019-10-26 10:40:16 -04:00
Franz Pletz
a8fccf2172
Merge pull request #72000 from flokli/virtualbox-vboxnet0-systemd-networkd-wait-online-service
nixos/virtualbox: fix systemd-networkd-wait-online.service waiting for vboxnet0
2019-10-26 13:01:47 +00:00
Gemini Lasswell
d6549a2c42 nixos/yggdrasil: remove DynamicUser for systemd 243 2019-10-26 13:51:31 +02:00
Gemini Lasswell
b8cb8c39d6 nixos/yggdrasil: add service 2019-10-26 13:51:31 +02:00
Aaron Andersen
2921e8a82a
Merge pull request #71789 from tomfitzhenry/openarena-server
openarena: add module and test
2019-10-26 07:48:19 -04:00
Elias Probst
8d8c3cadd6 Fix typo in message (vswichtesvswitches) 2019-10-26 13:26:01 +02:00
Florian Klink
32fd88726b nixos/virtualbox: fix systemd-networkd-wait-online.service waiting for vboxnet0
While switching NixOS configurations with both

networking.useNetworkd = true;
virtualisation.virtualbox.host.enable;

You often end up waiting for systemd-networkd-wait-online.service.

This happens because the vboxnet0 device doesn't have a carrier until
virtualbox machines are started, so networkd gets stuck in
"Configuring":

⇒  networkctl list
IDX LINK          TYPE      OPERATIONAL SETUP
  1 lo            loopback  carrier     unmanaged
  2 wlp2s0        wlan      routable    unmanaged
  3 vboxnet0      ether     no-carrier  configuring

This updates the NixOS virtualbox host module to include a
RequiredForOnline=no statement in the generated 40-vboxnet0.network
file, so networkd doesn't consider it necessary for
systemd-networkd-wait-online.service to finish.
2019-10-26 00:45:42 +02:00
WilliButz
509fadd01a
nixos/i18n: use str instead of string for consoleKeyMap 2019-10-26 00:07:55 +02:00
Maximilian Bosch
4a5c0e029d
Merge pull request #71963 from dtzWill/security/nextcloud17-php-and-nginx-config
Address nextcloud "urgent security issue" w/nginx per upstream recs
2019-10-25 19:12:18 +02:00
Martin Milata
ad034104cc nixos/moin: init 2019-10-25 17:51:09 +02:00
Mathieu A.-Tetreault
054ceb826e plymouth: Add extra config field
Signed-off-by: Mathieu A.-Tetreault <alexandretm@amotus.ca>
2019-10-25 11:22:45 -04:00
Maximilian Bosch
6db4ae1f27
Merge pull request #70441 from doronbehar/package-gotify-server
gotify-server: init at 2.0.10
2019-10-25 17:10:14 +02:00
Janne Heß
2abe2b2cda nixos/stunnel: Add maintainers 2019-10-25 16:19:57 +02:00
Janne Heß
4a32dbd1e1 nixos/stunnel: Fix CA files 2019-10-25 16:19:57 +02:00
Maximilian Bosch
3461ec2ffd
nixos/gotify: init module and test 2019-10-25 16:19:41 +02:00
Tom Fitzhenry
6d90d17a96 openarena: add test 2019-10-26 00:57:54 +11:00
Tom Fitzhenry
230fc22e61 openarena: add module for dedicated server 2019-10-26 00:57:54 +11:00
Jörg Thalheim
8e0563e7e6
Merge pull request #71970 from johanot/create-gce-nitpick
scripts/gce: make image name configurable
2019-10-25 14:28:06 +01:00
Will Dietz
f6c45bff6d
nixos/nextcloud: update config for "urgent security issue"
https://nextcloud.com/blog/urgent-security-issue-in-nginx-php-fpm/
2019-10-25 06:50:29 -05:00
Johan Thomsen
b263e57c57 scripts/gce: make image name configurable 2019-10-25 10:10:42 +02:00
Florian Klink
dc84a7d4e3
Merge pull request #71291 from NinjaTrappeur/nin-update-acme
simp_le: 0.9.0 -> 0.16.0
2019-10-24 16:08:02 +02:00
Frederik Rietdijk
32389de159 Merge master into staging-next 2019-10-24 08:27:04 +02:00
Eelco Dolstra
52e739cc58 nix-daemon.nix: Fix checkConfig 2019-10-23 21:30:28 +02:00
Félix Baylac-Jacqué
0c0af28cd5 nixos/tests/letsencrypt: use Pebble instead of Boulder
Let's encrypt bumped ACME to V2. We need to update our nixos test to
be compatible with this new protocol version.

We decided to drop the Boulder ACME server in favor of the more
integration test friendly Pebble.

- overriding cacert not necessary
- this avoids rebuilding lots of packages needlessly
- nixos/tests/acme: use pebble's ca for client tests
- pebble always generates its own ca which has to be fetched

TODO: write proper commit msg :)
2019-10-23 21:17:17 +02:00
Drew
6445a7cf7d users-groups: fix typo
Fix typo in the ``users.users.<name>.packages`` option description.
2019-10-23 20:49:15 +02:00
Ricardo M. Correia
4cd2cb43fb
Merge pull request #71137 from erictapen/smokeping-fix-permission
nixos/smokeping: replace smokeping.fcgi with a symlink
2019-10-23 18:19:15 +00:00
Silva Alejandro Ismael
35ae47e44b nixos/zsh-syntax-highlighting: Fix highlighting when ohMyZsh is enabled
From https://github.com/zsh-users/zsh-syntax-highlighting#faq:

"It must be sourced after all custom widgets have been created
(i.e., after all zle -N calls and after running compinit)."

zsh-syntax-highlighting must be sourced to the end.
2019-10-23 11:54:52 -03:00
Frederik Rietdijk
09c9a2de7e Merge master into staging-next 2019-10-23 16:50:09 +02:00
Félix Baylac-Jacqué
38e84151e0 certbot: 0.31.0 -> 0.39.0
Updating:

- nixos module to use the new `account_reg.json` file.
- use nixpkgs pebble for integration tests.

Co-authored-by: Florian Klink <flokli@flokli.de>

Replace certbot-embedded pebble
2019-10-23 13:12:11 +02:00
Florian Klink
c3098d182d nixos/network: remove 99-main.network
Just maching all network interfaces caused many breakages, see #18962
and #71106.

We already don't support the global networking.useDHCP,
networking.defaultGateway(6) options if networking.useNetworkd is
enabled, but direct users to configure the per-device
networking.interfaces.<name?>.… options.
2019-10-23 11:39:27 +02:00
Frederik Rietdijk
a85e58ac13 Merge master into staging-next 2019-10-23 09:38:37 +02:00
Bjørn Forsman
263a81e285 nixos-rebuild: support sudo + --target-host
This adds support for deploying to remote hosts without being root:

  sudo nixos-rebuild --target-host non-root@host

Without this change, only root@host is able to deploy.

The idea is that if the local command is run with sudo, so should the
remote one, thus there is no need for adding any CLI options.
2019-10-22 20:44:25 +02:00
Matthias Beyer
4e3aa7b7b8 mpd: restart always
Signed-off-by: Matthias Beyer <mail@beyermatthias.de>
2019-10-22 16:30:14 +02:00
Aaron Andersen
43a3d8dc29
Merge pull request #71461 from etu/lidarr-specify-datadir-option
nixos/lidarr: Add dataDir option
2019-10-22 05:07:49 -04:00
Frederik Rietdijk
a456fbfeed Merge staging-next into staging 2019-10-22 09:20:03 +02:00
worldofpeace
7dc84e1824 installer: use sddm in plasma5
Slim is abandoned and won't work with wayland.
It's in our best interest to use the display-manager
that makes most sense for Plasma5, sddm.

We've already moved on from it being default in #30890
and the graphical.nix profile, which the virtualbox profile uses,
has sddm anyway.
2019-10-22 00:28:47 -04:00
worldofpeace
4f890f86fe
Merge pull request #71547 from hedning/seahorse-ssh-askpass
nixos/seahorse: Use seahorse's askpass by default
2019-10-21 21:43:52 +00:00
Malte Brandy
fe143bac5b nixos/redis: Disable hugepages for redis via sysctl and not via a systemd-oneshot 2019-10-21 22:38:16 +02:00
Florian Klink
1125fb02cc
Merge pull request #71428 from talyz/gitlab-already-initialized-constant
gitlab: Get rid of most 'already initialized constant'-warnings
2019-10-21 20:52:54 +02:00
Tor Hedin Brønner
aa910d164d nixos/seahorse: use seahorse's askpass by default 2019-10-21 18:01:15 +02:00
Franz Pletz
cc9b18f223
Merge pull request #71406 from astro/collectd
collectd: plugins configuration, buildMinimalPackage
2019-10-21 10:34:34 +00:00
edef
0599c89d58
Merge pull request #71338 from edef1c/nix-daemon-opt-aliases
nixos/nix-daemon: don't refer to deprecated option aliases
2019-10-21 09:59:13 +00:00
SRGOM
fe26d4c0df
nixos/x11/libinput: Document values for option
For option `scrollMethod`, document that there is an available value of `button`.
2019-10-21 12:46:01 +05:30
Aaron Andersen
1c4b13bb5b
Merge pull request #71067 from aanderse/httpd
nixos/httpd: remove deprecated extraSubservices option
2019-10-20 20:36:33 -04:00
Florian Klink
f24b4fb411
nixos/networkmanager: remove networking.networkmanager.dynamic… (#71337)
nixos/networkmanager: remove networking.networkmanager.dynamicHosts
2019-10-21 02:33:28 +02:00
Aaron Andersen
9a91679b7a nixos/httpd: remove deprecated extraSubservices option 2019-10-20 20:16:45 -04:00
worldofpeace
d67b8a9eb1
Merge pull request #71456 from vcunat/p/doc-interface-naming
nixos release notes: interfaces might get renamed
2019-10-21 00:12:44 +00:00
Vladimír Čunát
9a54d17799 nixos release notes: interfaces might get renamed
Fixes #71086.
2019-10-20 20:12:03 -04:00
worldofpeace
64468d4121
Merge pull request #70931 from symphorien/system-config-printer
system-config-printer: 1.5.11 -> 1.5.12
2019-10-20 23:39:48 +00:00
worldofpeace
18ea428e76 rl-1909: add note for blueman 2019-10-20 19:37:13 -04:00
Dima
a16de399a1 release-notes 19.09: removal of non-LTS kernel attrs
Even though the release obviously already happened, I think it might
still make sense to add a short note about the attributes not being
supported any longer (and going forward).

(cherry picked from commit 7163d3a9df35904d0c9acc9f643fd70ee3108539)
(cherry picked from commit a64b8c3c191af1317cfdc1ea4f4e5f881c4cf503)
2019-10-20 19:35:22 -04:00
Elis Hirwing
9319dd17d8
nixos/lidarr: Add dataDir option
This will bring this module to a state to be consistent with how the
other forks (sonarr & radarr) works.
2019-10-20 21:20:53 +02:00
Jan Tojnar
f849554226
Merge branch 'staging-next' into staging 2019-10-20 16:49:29 +02:00
Florian Klink
ca6c91e395 nixos/networkmanager: remove networking.networkmanager.dynamicHosts
This option was removed because allowing (multiple) regular users to
override host entries affecting the whole system opens up a huge attack
vector. There seem to be very rare cases where this might be useful.
Consider setting system-wide host entries using networking.hosts,
provide them via the DNS server in your network, or use
networking.networkmanager.appendNameservers to point your system to
another (local) nameserver to set those entries.
2019-10-20 16:37:41 +02:00
Florian Klink
0a4373a46d
Merge pull request #71319 from talyz/gitlab-revert-clear-out-initializers
Revert "nixos/gitlab: properly clear out initializers"
2019-10-20 13:38:14 +02:00
worldofpeace
42f567b30d Revert "nixos/gnome3: fix gnome-flashback"
This reverts commit 60aedadc59.

Using tests from #71212 I am now unable to reproduce there being issues
with starting the default metacity flashback session without this.
2019-10-19 19:57:49 -04:00
ft
1390ed10e7 nixos/widnow-managers/xmonad: fix systemd identifier for xmonad 2019-10-19 16:36:29 -07:00
ft
5834d78a20 ssdm: fix identifier for xserver-wrapper 2019-10-19 16:36:29 -07:00
ft
6a600b1c22 roundcube: fix -- quoting string env variable 2019-10-19 16:08:54 -07:00
Astro
06abd24886 nixos/collectd: add option buildMinimalPackage 2019-10-20 00:53:49 +02:00
Astro
e2283d9533 nixos/collectd: add plugin config 2019-10-20 00:53:49 +02:00
worldofpeace
a13b8ce0b8
Merge pull request #71115 from hedning/plymouth-gdm-fix
nixos/plymouth: do not order `plymouth-quit` after `display-manager`
2019-10-19 22:34:46 +00:00
talyz
ed4a09c6f3 gitlab: Get rid of most 'already initialized constant'-warnings
On start, unicorn, sidekiq and other parts running ruby code emits
quite a few warnings similar to

/var/gitlab/state/config/application.rb:202: warning: already initialized constant Gitlab::Application::LOOSE_EE_APP_ASSETS
/nix/store/ysb0lgbzxp7a9y4yl8d4f9wrrzy9kafc-gitlab-ee-12.3.5/share/gitlab/config/application.rb:202: warning: previous definition of LOOSE_EE_APP_ASSETS was here
/var/gitlab/state/lib/gitlab.rb:38: warning: already initialized constant Gitlab::COM_URL
/nix/store/ysb0lgbzxp7a9y4yl8d4f9wrrzy9kafc-gitlab-ee-12.3.5/share/gitlab/lib/gitlab.rb:38: warning: previous definition of COM_URL was here

This seems to be caused by the same ruby files being evaluated
multiple times due to the paths being different - sometimes they're
loaded using the direct path and sometimes through a symlink, due to
our split between config and package data. To fix this, we make sure
that the offending files in the state directory always reference the
store path, regardless of that being the real file or a symlink.
2019-10-19 19:30:28 +02:00
Tor Hedin Brønner
927a6fdaad nixos/gnome3: launch gnome-shell wayland with RT scheduling
We create a wrapper which launches gnome-shell with the correct environment and
cap_sys_nice.

We can then override gnome-shell-wayland.service to use this wrapper.

NOTE: We need to force clear the environment, because the defaults aren't good
for user services. That should probably be fixed.
2019-10-19 17:14:38 +02:00
edef
5b1f864242
Merge pull request #59806
openssh: 7.9p1 -> 8.1p1
2019-10-19 12:16:08 +00:00
Will Dietz
6db7c9cf1d nixos: add release note for openssh upgrade \o/ 2019-10-19 12:05:27 +00:00
worldofpeace
cf05f707d8
Merge pull request #71210 from worldofpeace/fix-gnome-flashback
nixos/gnome3: fix gnome-flashback
2019-10-18 23:57:45 +00:00
worldofpeace
1554e4a95e
Merge pull request #71298 from symphorien/nm-fortissl
networkmanager-fortisslvpn: create the local state directory
2019-10-18 23:50:33 +00:00
Symphorien Gibol
a37b9636f7 networkmanager-fortisslvpn: create the local state directory
Otherwise connecting simply fails:
VPN connection: failed to connect: 'La création du fichier « /tmp/lib/NetworkManager-fortisslvpn/0507e3ef-f0e0-4153-af64-b3d9a025877c.config.XSB19Z » a échoué : No such file or directory'
2019-10-18 19:49:56 -04:00
worldofpeace
676a988b8c
Merge pull request #71355 from chkno/fix-storeContents-doc
nixos/make-iso9660-image: Fix storeContents documentation
2019-10-18 21:49:46 +00:00
worldofpeace
30cfe8d5f1
Merge pull request #71341 from edef1c/rabbitmq-example
nixos/rabbitmq: use a literalExample for example configItems
2019-10-18 21:07:02 +00:00
Chuck
ac65940537 nixos/make-iso9660-image: Fix doc typo 2019-10-18 11:58:28 -07:00
Chuck
4623f0a2c6 nixos/make-iso9660-image: Fix storeContents documentation
`packages` was renamed to `storeContents` in
668c146e33, but this comment
describing its purpose was not updated to match.
2019-10-18 11:58:05 -07:00
Florian Klink
c41b37ef25
nixos/networkmanager: use tmpfiles to setup state directories (#71322)
nixos/networkmanager: use tmpfiles to setup state directories
2019-10-18 17:58:45 +02:00
edef
32c7f772f7 nixos/rabbitmq: use a literalExample for example configItems 2019-10-18 12:36:16 +00:00
edef
a68219b79b nixos/nix-daemon: don't refer to deprecated option aliases
The `gc-` prefixed versions of these options have been
deprecated since Nix 2.0.
2019-10-18 12:27:43 +00:00
Frederik Rietdijk
1b5c537f45 Merge staging-next into staging 2019-10-18 12:27:41 +02:00
Florian Klink
5e593038d1 nixos/networkmanager: use tmpfiles to setup state directories 2019-10-18 12:11:55 +02:00
WilliButz
917b127314
Merge pull request #71243 from d-goldin/prometheus_blackbox_configfile
prometheus-blackbox-exporter: coercing cfg to path
2019-10-18 08:11:03 +02:00
talyz
201cca9a04 Revert "nixos/gitlab: properly clear out initializers"
This reverts commit 2ee14c34ed.

This caused the initializers directory to be cleaned out while gitlab
was running in some instances. We clean out the directory on the
preStart stage already, so ensuring existance and permissions should
suffice.
2019-10-18 08:00:56 +02:00
Dima
b788467ec4 prometheus-blackbox-exporter: fixing path issue
This fixes an issue with a recent addition of a config file
check in c28ded36ef.

Previously it was possible to supply a path as a string
to `configFile`. Now it will fail checking the config file
during evaluation of the module due to sandboxing.

A toggle to disable the check, more informative log messages
and handling for various configFile values are added.
2019-10-18 02:03:02 +02:00
Eelco Dolstra
5b324c1825
Remove references to the nixpkgs-channels repo
Channel branches are now provided in the nixpkgs repo.

Issue #71176.
2019-10-17 19:44:03 +02:00
Frederik Rietdijk
0256080d11 nixos/pppd: add description for peers, unbreaks metrics job and channel
services.pppd.peers was lacking a description, causing a trace warning
resulting in a parse error in the metrics job.
2019-10-17 13:59:52 +02:00
Florian Klink
36756e930f udisks2: use tmpfiles instead of activation script to create /var/lib/udisks2 2019-10-16 20:31:33 -04:00
Franz Pletz
ec6224b6cd Revert "installer: Disable udisks"
This reverts commit 571fb74f44.

The dependency on gtk2 was removed.

Co-authored-by: Florian Klink <flokli@flokli.de>
2019-10-16 20:31:24 -04:00
Franz Pletz
3d832dee59 gnupg: disable gui/pinentry support by default
This solves the dependency cycle in gcr alternatively so there won't be
two gnupg store paths in a standard NixOS system which has udisks2 enabled
by default.

NixOS users are expected to use the gpg-agent user service to pull in the
appropriate pinentry flavour or install it on their systemPackages and set
it in their local gnupg agent config instead.

Co-authored-by: Florian Klink <flokli@flokli.de>
2019-10-16 20:31:16 -04:00
Franz Pletz
c2576266ba nixos/gnupg: add option for setting pinentry flavours
Co-authored-by: Florian Klink <flokli@flokli.de>
2019-10-16 20:31:05 -04:00
Franz Pletz
cb0adc11ff pinentry: build with multiple outputs in single drv
Co-authored-by: Florian Klink <flokli@flokli.de>
Co-authored-by: worldofpeace <worldofpeace@protonmail.ch>
2019-10-16 20:30:52 -04:00
worldofpeace
2fbccbc728 Revert "Merge pull request #71095 from flokli/pinentry-cleanup"
This reverts commit 823da4d492, reversing
changes made to b75c8ee3bc.
2019-10-16 20:28:21 -04:00
worldofpeace
823da4d492
Merge pull request #71095 from flokli/pinentry-cleanup
Split pinentry flavors and enable udisks2 on install media again
2019-10-17 00:24:15 +00:00
Florian Klink
e397b949a9 udisks2: use tmpfiles instead of activation script to create /var/lib/udisks2 2019-10-16 19:56:50 -04:00
Franz Pletz
b04b354e2c Revert "installer: Disable udisks"
This reverts commit 571fb74f44.

The dependency on gtk2 was removed.

Co-authored-by: Florian Klink <flokli@flokli.de>
2019-10-16 19:56:50 -04:00
Franz Pletz
b5bea4ce32 gnupg: disable gui/pinentry support by default
This solves the dependency cycle in gcr alternatively so there won't be
two gnupg store paths in a standard NixOS system which has udisks2 enabled
by default.

NixOS users are expected to use the gpg-agent user service to pull in the
appropriate pinentry flavour or install it on their systemPackages and set
it in their local gnupg agent config instead.

Co-authored-by: Florian Klink <flokli@flokli.de>
2019-10-16 19:56:50 -04:00
Franz Pletz
edea9fed72 nixos/gnupg: add option for setting pinentry flavours
Co-authored-by: Florian Klink <flokli@flokli.de>
2019-10-16 19:56:49 -04:00
Franz Pletz
a4916fdea5 pinentry: build with multiple outputs in single drv
Co-authored-by: Florian Klink <flokli@flokli.de>
Co-authored-by: worldofpeace <worldofpeace@protonmail.ch>
2019-10-16 19:56:49 -04:00
Florian Klink
fff04a0a49
nixos/pppd: init (#71105)
nixos/pppd: init
2019-10-17 01:15:55 +02:00
worldofpeace
0dbbeabdab nixos/gnome3: copy flashback gschema overrides 2019-10-15 20:56:09 -04:00
worldofpeace
60aedadc59 nixos/gnome3: fix gnome-flashback
This session would fail to start because we didn't have it in systemd.packages
(as we've switched to systemd gnome-session).

Haven't tested custom sessions.
2019-10-15 20:15:46 -04:00
David Anderson
ae02b3dd1f nixos/tests/pppd: init
This test creates a PPPoE link between two machines, and verifies
that the machines can ping each other.
2019-10-15 08:36:09 -07:00
David Anderson
997a6f6f1e nixos/pppd: init 2019-10-15 08:36:09 -07:00
Tor Hedin Brønner
2c7f0f06b7
nixos/system-environment: prepend wrapperDir to PATH (#70430)
This fixes user environment setup for sessions which doesn't successfully go
through a shell init.

Note we don't go through `sessionVariables` as we want the wrappers to have
highest priority. It would also cause wrapperDir to occur twice when in shell
sessions, as shells use `sessionVariables` too while prepending wrapperDir in a
custom snippet.

In particular logging in and out of gnome-shell could result in a broken path
without this fix.
2019-10-15 13:17:38 +02:00
Jörg Thalheim
faa7ce3ee5
Merge pull request #70240 from woffs/pr-etc-zpool.d
nixos module zfs: provide /etc/zfs/zpool.d
2019-10-15 11:45:52 +01:00
Maximilian Bosch
7774945b70
Merge pull request #70469 from Vskilet/matrix-synapse-update
matrix-synapse: 1.3.1 -> 1.4.0
2019-10-15 01:31:21 +02:00
Victor SENE
372422390f
matrix-synapse: 1.3.1 -> 1.4.0
Bumps `matrix-synapse` to version 1.4.0[1]. With this version the
following changes in the matrix-synapse module were needed:

* Removed `trusted_third_party_id_servers`: option is marked as deprecated
  and ignored by matrix-synapse[2].
* Added `account_threepid_delegates` options as replacement for 3rdparty
  server features[3].
* Added `redaction_retention_period` option to configure how long
  redacted options should be kept in the database.
* Added `ma27` as maintainer for `matrix-synapse`.

Co-Authored-By: Notkea <pacien@users.noreply.github.com>
Co-authored-by: Maximilian Bosch <maximilian@mbosch.me>

[1] https://matrix.org/blog/2019/10/03/synapse-1-4-0-released
[2] https://github.com/matrix-org/synapse/pull/5875
[3] https://github.com/matrix-org/synapse/pull/5876
2019-10-15 01:11:18 +02:00
Arian van Putten
8fb23f6117
Fix typo in 19.09 release notes 2019-10-14 23:30:09 +02:00
Philip Potter
8120184bf1 ssh-agent: add agentPKCS11Whitelist option
If you want to be able to use OpenSC with ssh-agent, you need to be able
to add it to the ssh-agent whitelist.  This adds an option,
agentPKCS11Whitelist, that exposes the option.

Note that I currently work around this by injecting the parameter into
the agentTimeout option:

    programs.ssh.agentTimeout = "1h -P ${pkgs.opensc}/lib/opensc-pkcs11.so";

but I feel that a proper option would be better :)
2019-10-14 20:45:28 +01:00
Justin Humm
b8cd11f347
smokeping: add erictapen as maintainer 2019-10-14 21:23:11 +02:00
Justin Humm
9eb067b0d7
nixos/smokeping: replace smokeping.fcgi with a symlink
This fixes a regression from bb649d96b0.
There were permission problems, when the preStart script tried to copy
the smokeping.fcgi file over the old file.
2019-10-14 21:11:47 +02:00
WilliButz
104b93eef0
Merge pull request #70070 from Ma27/borgbackup-removable-devices
nixos/borgbackup: add option to allow removable devices
2019-10-14 18:02:30 +02:00
Maximilian Bosch
2dfc67517a
nixos/borgbackup: add option to allow removable devices
When having backup jobs that persist to a removable device like an
external HDD, the directory shouldn't be created by an activation script
as this might confuse auto-mounting tools such as udiskie(8).

In this case the job will simply fail, with the former approach
udiskie ran into some issues as the path `/run/media/ma27/backup` was
already there and owned by root.
2019-10-14 17:28:44 +02:00
Tor Hedin Brønner
5924bab20b nixos/plymouth: do not order plymouth-quit after display-manager
GDM now specifies ordering between `plymouth-quit` and `display-manager`:
9be5321097

This causes an ordering cycle between GDM and plymouth-quit which can result in
systemd breaking GDM:
```
plymouth-quit.service: Job display-manager.service/start deleted to break
                       ordering cycle starting with plymouth-quit.service/start
```

Not sure how often this triggers, as I've run my system with plymouth and
9be5321097 without any issues. But I did catch a VM doing this.

NOTE: I also tried to remove the ordering in GDM to see if plymouth managed to
live longer, but it didn't seem to help. So I opted to stick as close to
upstream (upstream GDM specifies ordering, but plymouth does not).
2019-10-14 13:08:51 +02:00
Jörg Thalheim
d633ec9787
Merge pull request #70601 from Mic92/zfs-trim
nixos/zfs: only enable trim if zfs is enabled
2019-10-14 11:04:35 +01:00
Jörg Thalheim
12880e57e1
nixos/zfs: mention trim support in the release notes 2019-10-14 10:30:59 +01:00
Jörg Thalheim
9a89467606
nixos/zfs: simplify logic for scrub/autosnapshot service
This makes them consistent with the way zfs.trim is enabled
and allow to enable them by default in future.
2019-10-14 10:30:57 +01:00
Silvan Mosberger
23d920c8f0
nixos/users: Increase maximum system uid/gid from 499 to 999
This enlarges the system uid/gid range 6-fold, from 100 to 600 ids. This
is a preventative measure against running out of dynamically allocated
ids for NixOS services with isSystemUser, which should become the
preferred way of allocating uids for non-real users.
2019-10-14 01:59:19 +02:00
worldofpeace
dd050270c7 nixos/environment: don't set GTK_DATA_PREFIX or GTK_EXE_PREFIX
We had these set so gtk2 can discover themes properly, however we failed
realize that gtk2 already has a patch that makes it search in XDG_DATA_DIRS.
I don't believe any issue is solved by setting these.
2019-10-13 19:54:09 -04:00
Florian Klink
5d5b79d517
nixos/mysql: fix mysqlReplication test (#61671)
nixos/mysql: fix mysqlReplication test
2019-10-13 23:05:23 +02:00
worldofpeace
6339c5864a
Merge pull request #70999 from c0bw3b/tests/fix/getfacl
nixos.tests: silence getfacl absolute path message
2019-10-13 17:49:52 +00:00
worldofpeace
6d5fe6b8ed
Merge pull request #71065 from worldofpeace/gdm-no-plymouth-conflict
nixos/gdm: don't conflict with plymouth-quit
2019-10-13 17:34:00 +00:00
worldofpeace
ed20a541c5 nixos/gdm: don't conflict with plymouth-quit
Co-Authored-By: Tor Hedin Brønner <torhedinbronner@gmail.com>
2019-10-13 13:30:43 -04:00
Maximilian Bosch
927204c987
Merge pull request #68441 from jonringer/fix-nextcloud-test
nixos/nextcloud: fix postgresql/redis test
2019-10-13 18:41:27 +02:00
Izorkin
632f69e485 nixos/mysql: fix mysqlReplication test 2019-10-13 19:18:51 +03:00
Vladimír Čunát
4e6826a3b2
Merge branch 'staging-next'
It's not perfect, but I think we can deal with the rest of the
regressions directly on master, so that this process does not stall.
2019-10-13 16:10:58 +02:00
Maximilian Bosch
81414c0a90
nixos/nextcloud: fix postgresql test 2019-10-13 14:32:14 +02:00
Maximilian Bosch
87178a2e6e
Merge pull request #71058 from WilliButz/add-nextcloud-exporter
prometheus-nextcloud-exporter: init at 2019-10-12, with module and test
2019-10-13 13:47:41 +02:00
Vladimír Čunát
b5697c6954
Merge branch 'master' into staging-next
Hydra nixpkgs: ?compare=1548439
2019-10-13 13:31:33 +02:00
Maximilian Bosch
eeb4726446
nixos/prometheus-wireguard-exporter: remove addr option
This option was added by mistake since `listenAddress` exists by default
for each prometheus-exporter. Using
`services.prometheus.exporters.wireguard.addr` will now cause a warning,
but doesn't break eval.
2019-10-13 12:16:46 +02:00
Vladimír Čunát
7818f30cc4
Merge #70499: nixos/steam-hardware: add uinput to boot.kernelModules 2019-10-13 10:21:49 +02:00
Tor Hedin Brønner
d15e5b02fe
nixos/lightdm: do not conflict with plymouth (#71061)
Having `display-manager` conflict with `plymouth-quit` causes this lock up:

 - `plymouth-quit-wait` starts up, waiting for plymouth-quit to run
 - `lightdm` starts up
 - `plymouth-quit` can't start, it conflicts with lightdm
 - `plymouth-quit-wait` keeps waiting on plymouth-quit to kill plymouthd

The idea is having LightDM control when plymouth quits, but communication with
plymouth was broken: https://github.com/NixOS/nixpkgs/pull/71064

Unfortunately having the conflict breaks switching to configurations with
plymouth enabled. So we still need to remove the conflict.

fixes #71034
2019-10-13 10:03:54 +02:00
Symphorien Gibol
172950661f nixos/system-config-printer: depends on packagekit 2019-10-13 00:09:40 +02:00
Jonathan Ringer
5e8ae589a4
nixos/nextcloud: fix postgresql/redis test 2019-10-12 15:07:27 -07:00
WilliButz
91b2c844df
nixos/tests/prometheus-exporters: add nextcloud exporter 2019-10-12 23:17:49 +02:00
WilliButz
d953d328ca
nixos/prometheus-nextcloud-exporter: add module 2019-10-12 23:17:48 +02:00
Janne Heß
d6c08776ba treewide: Switch to system users 2019-10-12 22:25:28 +02:00
Florian Klink
aac5207b3f
babeld: add test (#71006)
babeld: add test
2019-10-12 18:04:37 +02:00
Joachim F
a8b2e302c6
Merge pull request #41841 from Izorkin/samba
samba: fix autostart service
2019-10-12 14:31:39 +00:00
Mario Rodas
af4351ab85
Merge pull request #69255 from minijackson/init-shiori
Init shiori
2019-10-12 09:01:58 -05:00
Martin Weinelt
97d2959028
nixos/tests: add babeld 2019-10-12 15:35:53 +02:00
Florian Klink
696d1d8a86
Merge pull request #71013 from worldofpeace/pulseaudio-no-autospawn
nixos/pulseaudio: don't autospawn ever
2019-10-12 14:36:49 +02:00
Florian Klink
e24526d38e
Merge pull request #69422 from arianvp/fix-machinectl
nixos/systemd: Make machinectl work with NixOS
2019-10-12 14:12:44 +02:00
Joachim F
5bea2997fe
nixos/hardened: blacklist old filesystems (#70482)
The rationale for this is that old filesystems have recieved little scrutiny
wrt. security relevant bugs.

Lifted from OpenSUSE[1].

[1]: 8cb42fb665

Co-Authored-By: Renaud <c0bw3b@users.noreply.github.com>
2019-10-12 10:08:44 +00:00
worldofpeace
361b5f7f65 nixos/pulseaudio: don't autospawn ever
This is long been superseded by socket activation.
Additonally using autospawn nudges some unpleasant
GDM related issues.
2019-10-11 21:41:15 -04:00
Jan Tojnar
6c8aed6391
Merge branch 'master' into staging-next 2019-10-12 00:50:21 +02:00
c0bw3b
1f7455cf0d nixos.tests: silence getfacl absolute path message
Default getfacl behavior is to remove leading slash on absolute
paths in its header printed to stdout.
Before the header it will also print a message about it...

Switches -p -or --absolute-names can turn this off
and remove some noise from our tests logs.
2019-10-11 23:20:57 +02:00
Tor Hedin Brønner
5b7c900192
nixos/gdm: do not restart on reload switch (#70357)
Not entirely sure how this works, but this does seem to fix reload switch
killing the current graphical session.
2019-10-11 20:07:16 +02:00
Florian Klink
1aad3acf15
nixos/gitlab: Don't print sensitive data to log on startup (#70861)
nixos/gitlab: Don't print sensitive data to log on startup
2019-10-11 18:10:16 +02:00
Jan Tojnar
1739d34904
Merge pull request #70734 from jtojnar/nixos-rebuild-remote-fish
nixos-rebuild: Fix target-host using fish
2019-10-11 13:26:11 +02:00
Aaron Andersen
0b6067f93e
Merge pull request #68836 from Thra11/wacomtablet-kcm
wacomtablet: init at 3.2.0
2019-10-11 05:52:37 -04:00
Eelco Dolstra
9d0de0dc57
nix-daemon.nix: Shut up warning 2019-10-10 16:24:33 +02:00
Eelco Dolstra
27d2857a99
nix-daemon.nix: Use 'nix ping-store' to initialize directories 2019-10-10 16:24:33 +02:00
Eelco Dolstra
2c97f0669d
Typo 2019-10-10 16:24:33 +02:00
Eelco Dolstra
4b950c42cd
nix-daemon.nix: Drop Nix 1.x compatibility
Probably didn't work anyway anymore.
2019-10-10 16:24:33 +02:00
Eelco Dolstra
4e0d6a5ff8
Don't create /nix/var/nix/{gcroots,per-user}/per-user with 1777 permission
In fact, don't create them at all because Nix does that automatically.

Also remove modules/programs/shell.nix because everything it did is
now done automatically by Nix.
2019-10-10 16:24:33 +02:00
Eelco Dolstra
3ab3614e2b
nix: 2.3 -> 2.3.1 2019-10-10 16:23:33 +02:00
Olgierd "Allgreed" Kasprowicz
3fd657f421 Add a hint on Virtualbox machine setup
By default VMSVGA is set, which causes failure upon X startup.
2019-10-10 00:49:43 +02:00
worldofpeace
1169336cd9
Merge pull request #70448 from worldofpeace/lightdm-improve-systemd
nixos/lightdm: improve systemd service
2019-10-09 21:22:19 +00:00
wodim
c5daa2cb3b
Fix typo 2019-10-09 20:42:36 +02:00
worldofpeace
f853bb4369 rl-1909: brief package version changes 2019-10-09 13:51:44 -04:00
Robin Gloster
0bf7300375
Merge pull request #70850 from yoohaemin/patch-1
Fix documentation typo
2019-10-09 17:35:41 +02:00
Robin Gloster
8e1fdad7c6
Merge pull request #70858 from manveru/nginx-map-hash-sizes
nginx: add map_hash_*_size options
2019-10-09 17:32:40 +02:00
Christoph Hrdinka
65be608330
Merge pull request #70371 from dminuoso/dovecot-fix-type
dovecot: fix wrong type in configFile option
2019-10-09 17:25:12 +02:00
talyz
dc29a45fc9 nixos/gitlab: Don't print sensitive data to log on startup
gitlab:db:configure prints the root user's password to stdout on
successful setup, which means it will be logged to the
journal. Silence this informational output. Errors are printed to
stderr and will thus still be let through.
2019-10-09 16:59:18 +02:00
Franz Pletz
f024e7b769
Merge pull request #67890 from mguentner/mxisd_ma1sd
mxisd: 1.4.5 -> 1.4.6 ☺ ma1sd: init at 2.1.1
2019-10-09 14:36:56 +00:00
Milan Pässler
ff0148d868 nixos/nginx: use mailcap mime.types
The mime type definitions included with nginx are very incomplete, so
we use a list of mime types from the mailcap package, which is also
used by most other Linux distributions by default.
2019-10-09 14:20:40 +00:00