Commit graph

7429 commits

Author SHA1 Message Date
worldofpeace
a686dc071c nixos/pantheon: don't set GIO_EXTRA_MODULES 2019-08-19 19:03:37 -04:00
worldofpeace
5b09814b57 nixos/gnome3: don't set GIO_EXTRA_MODULES 2019-08-19 19:03:37 -04:00
worldofpeace
4bb6625767 nixos/gvfs: set GIO_EXTRA_MODULES 2019-08-19 19:03:37 -04:00
worldofpeace
eb127d2005 nixos/gvfs: add package option 2019-08-19 18:56:41 -04:00
worldofpeace
67ad8a788f nixos/gvfs: move out of GNOME 2019-08-19 18:53:43 -04:00
Marek Mahut
3b6258946f
Merge pull request #64407 from dasJ/icingaweb-test
nixos/icingaweb: Fix module path; Add test
2019-08-19 21:27:16 +02:00
Marek Mahut
c4592aa161
Merge pull request #63973 from apvodney/master
u9fs service: start after network.target
2019-08-19 21:11:19 +02:00
Marek Mahut
d7b3d2d0fd
Merge pull request #65995 from danderson/master
nixos/sshguard: create ipsets before starting, and clean up after stopping.
2019-08-19 21:05:42 +02:00
Marek Mahut
7c15694c29
Merge pull request #66271 from vdot0x23/patch-1
nixos/stubby: clearer wording for upstreamServers
2019-08-19 20:58:45 +02:00
worldofpeace
9125f51b70
Merge pull request #66860 from worldofpeace/dconf-update
nixos/dconf: cleanup
2019-08-19 11:59:06 -04:00
davidak
6d4c69e640 netdata: enable cgroup accounting 2019-08-19 14:57:41 +02:00
Marek Mahut
f0d1db99db
Merge pull request #66857 from nrdxp/fix/caddy
caddy: remove 'bin' attribute
2019-08-19 13:50:14 +02:00
worldofpeace
38c7d55d5d nixos/pantheon: use programs.dconf 2019-08-18 21:56:52 -04:00
worldofpeace
a7b5d6142f nixos/gnome3: use programs.dconf 2019-08-18 21:55:52 -04:00
Timothy DeHerrera
98e6c1432e
caddy: remove 'bin' attribute 2019-08-18 18:46:21 -06:00
Silvan Mosberger
918e1e0925
nixos/cadvisor: allow passing custom arguments (#66855)
nixos/cadvisor: allow passing custom arguments
2019-08-19 02:28:38 +02:00
Aaron Andersen
8227b2f29e
Merge pull request #66399 from mmahut/metabase
metabase: service module and test
2019-08-18 19:49:05 -04:00
tilpner
944a3a0dfc
nixos/cadvisor: allow passing custom arguments 2019-08-19 01:32:01 +02:00
Nikolay Amiantov
79ebe562fb shadowsocks service: support dual-stack server
Enable IPv6 by default.
2019-08-18 23:07:51 +03:00
WilliButz
4835f65e95
Merge pull request #66814 from mguentner/synapse_1_3_1
matrix-synapse: 1.2.1 -> 1.3.1
2019-08-18 19:30:14 +02:00
Eric Litak
ccf3557015 nixos/cjdns: add extraConfig option (#53502) 2019-08-18 18:47:56 +02:00
Marek Mahut
e6fb350cf6
Merge pull request #66606 from DerTim1/riemann-config
nixos/riemann-tools: Add ExtraArgs Config Option
2019-08-18 18:47:19 +02:00
danbst
d80cd26ff9 Merge branch 'master' into flip-map-foreach 2019-08-18 18:00:25 +03:00
Danylo Hlynskyi
2b393c8913
elasticsearch: add example on how to use plugins (#55115)
See https://discourse.nixos.org/t/elastic-search-plugins/1997
2019-08-18 17:11:20 +03:00
Florian Klink
36ece762e5
Merge pull request #66621 from flokli/gitlab-12.1.6
gitlab-ce: 12.0.3 -> 12.1.6
2019-08-18 14:08:14 +02:00
Marek Mahut
69089e990e modules: adding metabase service 2019-08-18 13:44:26 +02:00
worldofpeace
ce0511e302 nixos/flatpak: add comment about selinux 2019-08-18 04:23:17 -04:00
worldofpeace
1728bc8d22 flatpak: 1.2.4 -> 1.4.2
* Regenerated all patches for 1.4.2 and resolved
  any conflicts.

* fix-test-paths.patch doesn't copy the whole locale archive
  because we have C.UTF8 now.

* nixos/flatpak creates a Flatpak system helper user
  Change introduced in 1.3.2.

Changes:
See https://github.com/flatpak/flatpak/releases/tag/1.3.1 through
1.4.2.
2019-08-18 04:23:17 -04:00
Maximilian Güntner
dac8fe9cee
nixos/matrix-synapse: use notify instead of simple
Starting with 1.3.0, matrix-synapse supports notifying
systemd. Relevant PR: matrix-org/synapse#5732
2019-08-18 09:41:33 +02:00
worldofpeace
5892773eb6 nixos/pantheon: adjust to renamed gnome3 options 2019-08-17 16:34:55 -04:00
Marek Mahut
caf9b8cc35
Merge pull request #66591 from aanderse/zabbix-proxy
nixos/zabbixProxy: fix database initialization logic
2019-08-17 20:55:13 +02:00
Symphorien Gibol
c3e1e64e4c remove all instances of nix-env -i without -A in the NixOS manual
motivation: https://nixos.wiki/wiki/FAQ/Why_not_use_nix-env_-i_foo%3F
2019-08-17 18:04:43 +02:00
WilliButz
ecd4d03dfe
grafana-loki: fix typo in service config 2019-08-17 12:08:51 +02:00
Marek Mahut
5712bea91b trezord: adding emultor support 2019-08-16 16:58:48 +02:00
Aaron Andersen
efbdce2e96 nixos/mantisbt: drop unmaintained module 2019-08-15 21:01:23 -04:00
Aaron Andersen
265163da07 nixos/systemhealth: drop unmaintained module 2019-08-15 21:01:23 -04:00
Aaron Andersen
ac4327c025 nixos/awstats: replace usage of deprecated services.httpd.extraSubservices 2019-08-15 21:00:27 -04:00
aszlig
dc525e8b12
Merge pull request #66648 (improve xkbvalidate)
This allows xkbvalidate to be compiled via Clang and also has a few
other portability improvements, eg. it now can even be compiled on OS X,
even though it's probably not needed there.

In addition, I changed the binary name so that it matches the package
name.

I'm merging this in right now, because there is only the xserver NixOS
module where this is used, so the risk of a catastrophic breakage is
very low.

Checks and build done by ofborg also ran successfully and I also did a
few local tests (eg. running via valgrind to avoid leaks) to make sure
it's still working properly.
2019-08-15 01:32:09 +02:00
aszlig
16ecd0d5ca
xkbvalidate: Rename output binary to xkbvalidate
So far, the output binary has been just "validate", which is quite a
very generic name and doesn't match the package name.

Even though I highly doubt that this program will ever be used outside
of NixOS modules, it's nevertheless less confusing to have a consistent
naming.

Signed-off-by: aszlig <aszlig@nix.build>
2019-08-15 01:11:32 +02:00
worldofpeace
bc0072305b
Merge pull request #66638 from worldofpeace/favorite-apps-gnome3
nixos/gnome3: set favorite-apps
2019-08-14 17:12:48 -04:00
worldofpeace
83c0b5f06f nixos/gnome3: set favorite-apps
The upstream defaults [0] for this key include shotwell and
rhythmbox which aren't installed by the gnome3 module.
We swap these out for gnome-photos and gnome-music
which are.

[0]: https://gitlab.gnome.org/GNOME/gnome-shell/blob/3.32.2/data/org.gnome.shell.gschema.xml.in#L42
2019-08-14 16:55:45 -04:00
Matthew Bauer
e9b7085ff8 cups: add myself as maintainer 2019-08-14 11:47:48 -04:00
Matthew Bauer
c068488817 nixos/cupsd: use socket-based activation by default
Make socket-based activation the
default (services.printing.startWhenNeeded)
2019-08-14 11:47:12 -04:00
Matthew Bauer
28040465be nixos/cupsd: include /run/cups/cups.sock in ListenStreams
This socket should always be created by systemd.
2019-08-14 11:47:12 -04:00
Matthew Bauer
35e633bde5 nixos/cupsd: only enable cups when startWhenNeeded = false
cups-browsed was pulling in cups.service even when we were using the
socket-based initialization.
2019-08-14 11:47:12 -04:00
Matthew Bauer
04ea093eb6 nixos/cupsd: Set CUPS_DATADIR globally
This is used by some programs that need CUPS data files. For instance,
print-manager looks here for printing test pages.
2019-08-14 11:47:12 -04:00
Matthew Bauer
3411c1566a
Merge pull request #66480 from primeos/nixos-fuse
nixos/fuse: init
2019-08-14 10:16:02 -04:00
Ben Gamari
d7d873b8cb nixos/gitlab: Delete stale hooks directories with -R
These can be directories.
2019-08-14 15:29:50 +02:00
WilliButz
ddf15d321f
Merge pull request #66612 from fadenb/oxidized_permission_issue
nixos/oxidized: Use symlinks for config files
2019-08-14 11:56:34 +02:00
Tristan Helmich (omniIT)
02dfc07a04 nixos/oxidized: Use symlinks for config files
The old `cp` suffers from a permission issue on the 2nd start of the
service. The files were copied from the read-only nix store. On the 2nd
start of the service the `cp` failed.
The new version force creates a symlink which does not suffer from this.
2019-08-14 09:30:51 +00:00
Tim Digel
5bbde1e1ca nixos/riemann-tools: Add ExtraArgs Config Option
Added option "extraArgs" to forward any switches to riemann-tools.
2019-08-14 08:26:13 +02:00
Aaron Andersen
9af06755f3 nixos/zabbixProxy: fix database initialization logic 2019-08-13 18:50:28 -04:00
Marek Mahut
cb8f4b0552
Merge pull request #65439 from aanderse/httpd-extra-modules
nixos/httpd: remove duplicate module entries from httpd.conf
2019-08-13 18:51:15 +02:00
Aaron Andersen
6f6468bef3
Merge pull request #65728 from Infinisil/types-eithers
lib/types: Add oneOf, extension of either to a list of types
2019-08-13 11:48:42 -04:00
Marek Mahut
4754ca7d2e
Merge pull request #62936 from dasJ/sandbox-memcached
nixos/memcached: Isolate the service
2019-08-13 08:56:34 +02:00
Jeff Slight
2ee14c34ed
nixos/gitlab: properly clear out initializers 2019-08-12 12:50:02 -07:00
Franz Pletz
f3160a2db6
Merge pull request #66476 from WilliButz/fix-prometheus-alertmanager-option
nixos/prometheus2: replace alertmanagerURL with new alertmanagers option
2019-08-12 17:59:27 +00:00
Maximilian Bosch
f0d6955052
Merge pull request #66470 from WilliButz/update-blackbox-exporter
prometheus-blackbox-exporter: 0.12.0 -> 0.14.0, run tests and check config
2019-08-12 19:38:43 +02:00
Silvan Mosberger
a7c7bb156f
clight: init (#64309)
clight: init
2019-08-12 18:18:05 +02:00
Graham Christensen
5d807f80c7
Merge pull request #63864 from cransom/datadog-agent-integrations-fix
datadog-agent: fix extraIntegrations
2019-08-12 12:15:48 -04:00
Edmund Wu
7c8ea897be
clight: include module 2019-08-12 11:56:47 -04:00
Edmund Wu
c4de0bf492
timezone.nix -> locale.nix
Also includes geolocation information abstracted from redshift.nix
2019-08-12 11:56:40 -04:00
WilliButz
c28ded36ef
nixos/prometheus-blackbox-exporter: add config check 2019-08-12 10:53:00 +02:00
WilliButz
543f219b30
nixos/prometheus: replace 'alertmanagerURL' options for prometheus2
Prometheus2 does no longer support the command-line flag to specify
an alertmanager. Instead it now supports both service discovery and
configuration of alertmanagers in the alerting config section.

Simply mapping the previous option to an entry in the new alertmanagers
section is not enough to allow for complete configurations of an
alertmanager.

Therefore the option alertmanagerURL is no longer used and instead
a full alertmanager configuration is expected.
2019-08-12 10:42:28 +02:00
Danylo Hlynskyi
329fa4b01e
Merge pull request #66401 from eadwu/postgresql/fix-quoted-query
nixos/postgresql: fix quoted queries
2019-08-11 22:46:50 +03:00
Notkea
4ff9a48398 nixos/postgresql-wal-receiver: add module (#63799) 2019-08-11 20:09:42 +03:00
Michael Weiss
2473d902e6
nixos/fuse: init
Add a module for /etc/fuse.conf.
Fixes #30923.
2019-08-11 16:13:23 +02:00
Jean Potier
9847967594
Fix typo in assert in grafana module
Current assert prevents using secretKeyFile entirely
2019-08-11 13:21:26 +03:00
worldofpeace
1ce7ece4b2
Merge pull request #66398 from worldofpeace/gnome3-option-renames
Move certain GNOME3 options to programs
2019-08-10 11:17:47 -04:00
worldofpeace
be3fe4a869 nixos/gpaste: move to programs 2019-08-10 11:17:18 -04:00
Alex Guzman
9fec6dfa39 roon-server: add back state directory 2019-08-09 22:21:46 -07:00
Silvan Mosberger
ce82d0b61a
Couchdb: Don't chown /var/log to couchdb (#65347)
Couchdb: Don't chown /var/log to couchdb
2019-08-10 01:36:15 +02:00
Alex Guzman
d830ae9af3 [roon-server] Use non-deprecated string type 2019-08-09 13:02:46 -07:00
Edmund Wu
18d176dc20
nixos/postgresql: fix quoted queries 2019-08-09 15:11:24 -04:00
worldofpeace
f12f2bb828 nixos/gnome-documents: move to programs 2019-08-09 12:56:11 -04:00
worldofpeace
6c525b1076 nixos/gnome-disks: move to programs 2019-08-09 12:56:11 -04:00
worldofpeace
ff0e3aae35 nixos/file-roller: move to programs 2019-08-09 12:56:11 -04:00
worldofpeace
db69d2dfe7 nixos/evince: move to programs 2019-08-09 12:56:11 -04:00
Silvan Mosberger
013d403f30
nixos/dwm-status: add module (#51319)
nixos/dwm-status: add module
2019-08-09 15:39:50 +02:00
Marek Mahut
f14628e576
Merge pull request #66341 from Ma27/bump-prometheus-wireguard-exporter
prometheus-wireguard-exporter: 3.0.0 -> 3.0.1
2019-08-09 13:12:06 +02:00
Periklis Tsirakidis
95dec03601 [throttled] Enable custom config 2019-08-09 09:22:38 +02:00
Silvan Mosberger
88bb9fa403
nixos/modules: Replace all nested types.either's with types.oneOf's 2019-08-08 23:35:52 +02:00
Maximilian Bosch
41b9c5f1da
nixos/prometheus-wireguard-exporter: add support for -r switch
With this switch activated, the exporter also exposes the remote IP of
each active WireGuard peer.
2019-08-08 21:54:49 +02:00
Alex Guzman
9f9b458ce3 [roon-server] don't create user if user changes defaults
If the user changes the user for roon, we can assume they handled the setup for it
2019-08-07 13:23:36 -07:00
Alex Guzman
6572b5e4a1 [roon-server] make roon user a system user 2019-08-07 13:12:57 -07:00
Alex Guzman
f160233793 roon-server: let nix assign ids 2019-08-07 12:34:52 -07:00
Alex Guzman
62d242d1cd roon-server: Add actual user piping
Adds defined IDs
2019-08-07 12:27:52 -07:00
Alex Guzman
8becc897ea roon-server: disable DynamicUser
DynamicUser currently breaks the backup functionality provided by roon,
as the roon server cannot write to non-canonical directories and the
recycled UIDs/GIDs would make managing permissions for the directory
impossible. On top of that, it would break the ability to manage the
local music library files (as it would not be able to delete them).
2019-08-07 11:57:42 -07:00
Thomas Tuegel
38f3c6afa1
Merge pull request #66226 from xvello/xvello/bluez-qt
Add bluez-qt as an explicit dependency of plasma5
2019-08-07 08:46:02 -05:00
vdot0x23
386f9739b5
nixos/stubby: Clearer wording for upstreamServers
Indicate that upstreamServers actually replaces defaults instead of adding to default.
2019-08-07 12:23:20 +00:00
Danylo Hlynskyi
0730e81785
postgresql: running initdb from command line now works (#65309)
The issue was only with NixOS service, `postgresql` installed through
`nix-env` was not affected.

Fixes https://github.com/NixOS/nixpkgs/issues/23655
2019-08-07 14:17:36 +03:00
worldofpeace
a4c6a7b336
Merge pull request #63790 from chpatrick/gdm-autosuspend-option
nixos/gdm: add autoSuspend option
2019-08-06 18:09:20 -04:00
Patrick Chilton
7c854aa974 nixos/gdm: add autoSuspend option 2019-08-06 18:08:21 -04:00
Xavier Vello
e383d99244 Add bluez-qt as an explicit dependency of plasma5
When bluetooth is enabled, we install bluedevil, but
its applet cannot work without the qml components in
bluez-qt.

Superseedes #65440 that failed to address the issue.
2019-08-06 21:53:30 +02:00
Franz Pletz
666b291d19
Merge pull request #66073 from WilliButz/fix-unifi
nixos/unifi: create data directory with correct permissions
2019-08-06 16:34:30 +00:00
worldofpeace
7a53b1cbe7
Merge pull request #65860 from etu/surf-display-kiosk-session
Surf display kiosk session
2019-08-05 14:41:56 -04:00
Elis Hirwing
792da0c4d4
nixos/surf-display: Add kiosk display manager session 2019-08-05 17:50:06 +02:00
WilliButz
d6a4902662
nixos/unifi: create data directory with correct permissions 2019-08-05 15:09:16 +02:00
Danylo Hlynskyi
7585496eff
Merge branch 'master' into flip-map-foreach 2019-08-05 14:09:28 +03:00
danbst
0f8596ab3f mass replace "flip map -> forEach"
See `forEach`-introduction commit.
```
rg 'flip map ' --files-with-matches | xargs sed -i 's/flip map /forEach /g'
```
2019-08-05 14:03:38 +03:00
danbst
91bb646e98 Revert "mass replace "flip map -> foreach""
This reverts commit 3b0534310c.
2019-08-05 14:01:45 +03:00
worldofpeace
d745487c1e nixos/pantheon: use filechooser module
Setting GTK_CSD=1 works around the issue
we were having with this [0]

[0]: https://github.com/elementary/files/issues/971
2019-08-05 05:43:48 -04:00
worldofpeace
399ff42d73 nixos/pantheon: set GTK_CSD
Causes various issues when not set
* https://github.com/elementary/files/issues/971
* https://github.com/elementary/default-settings/pull/103
* https://github.com/cassidyjames/ideogram/issues/26

However this can cause certain problems in gala
* https://github.com/elementary/gala/issues/244
2019-08-05 05:42:35 -04:00
David Anderson
089da1c14d nixos/sshguard: create ipsets before starting, and clean up after stopping.
The fix for #62874 introduced a race condition on startup: the postStart
commands that configure the firewall run concurrently with sshguard's
creation of the ipsets that the rules depend on. Unfortunately iptables
fails hard when referencing an ipset that doesn't exist, so this causes
non-deterministic crashlooping until sshguard wins the race.

This change fixes that race condition by always creating the ipset and
reconfiguring the firewall before starting sshguard, so that the order
of operations is always deterministic.

This change also cleans up the ipsets on sshguard shutdown, so that
removing sshguard from a running system doesn't leave state behind.

Fixes #65985.
2019-08-04 16:23:22 -07:00
bake
9e2a710117 nixos/gitolite: dataDir group-readable 2019-08-04 18:47:02 +09:00
Frederik Rietdijk
27e030a1cc
Merge pull request #62812 from Tomahna/bloop
bloop: 1.2.5 -> 1.3.2
2019-08-04 10:07:16 +02:00
Jörg Thalheim
d02ead41f8
Merge pull request #65407 from alunduil/add-zfs-replication
Add zfs replication
2019-08-03 09:14:08 +01:00
Frederik Rietdijk
d20a59d2e5 Merge master into staging-next 2019-08-02 23:27:18 +02:00
WilliButz
1ce989cce6
nixos/prometheus-exporters: update documentation 2019-08-02 18:50:01 +02:00
WilliButz
29d765e250
nixos/prometheus-wireguard-exporter: use ExecStart instead of script 2019-08-02 18:50:01 +02:00
WilliButz
afd0dc17d6
nixos/prometheus-exporters: use DynamicUser by default
Only define seperate users and groups when necessary.
2019-08-02 18:50:01 +02:00
WilliButz
495222a840
nixos/prometheus-exporter: use separate user for each exporter
Stop using nobody/nogroup by default and use seperate users for each
exporter instead.
2019-08-02 18:49:56 +02:00
WilliButz
c221f9fdf2
Merge pull request #65751 from mayflower/pkgs/prometheus-postgres-exporter
prometheus-postgres-exporter: init at 0.5.1
2019-08-02 18:45:32 +02:00
Alex Brandt
bdd7b5a3ab nixos/zfs: add autoReplication functionality
This adds a simple configuration for sending snapshots to a remote
system using zfs-replicate that ties into the autoSnapshot settings
already present in services.zfs.autoSnapshot.
2019-08-02 08:04:21 -07:00
Franz Pletz
e4c60a1e42
prometheus-postgres-exporter: init at 0.5.1 2019-08-02 15:59:29 +02:00
Frederik Rietdijk
6f723b9bad Merge master into staging-next 2019-08-02 09:18:37 +02:00
Peter Hoeg
f2639566b5
Merge pull request #30712 from peterhoeg/f/service
systemd user services shouldn't run as root and other "non-interactive" users
2019-08-02 11:58:27 +08:00
Robin Gloster
443b0f6332
Merge pull request #65566 from rasendubi/syncthing-group-fix
syncthing: create default group if not overridden
2019-08-01 23:17:37 +00:00
Robin Gloster
41dac4bf9f
Merge pull request #65582 from WilliButz/add-mailexporter
prometheus-mail-exporter: init at 2019-07-14, add module and test
2019-08-01 23:14:21 +00:00
Robin Gloster
19c737fd79
Merge pull request #65699 from jslight90/patch-5
nixos/gitlab: fix config initializer permissions
2019-08-01 23:08:39 +00:00
Frederik Rietdijk
55e4555b77 Merge master into staging-next 2019-08-01 09:42:54 +02:00
Colin L Rice
d7aa6df31f nix-daemon: Fix builduser count to work when maxJobs is auto 2019-08-01 01:54:28 -04:00
Aaron Andersen
a1f738ba87
Merge pull request #62748 from aanderse/mediawiki
nixos/mediawiki: init service to replace httpd subservice
2019-07-31 22:12:23 -04:00
Jeff Slight
7efcbead2c
nixos/gitlab: fix config initializer permissions 2019-07-31 14:55:08 -07:00
worldofpeace
ea8fc75160
Merge pull request #64948 from ambrop72/videodrivers-radeon-alias
nixos/xserver: Make radeon in videoDrivers an alias for ati.
2019-07-31 02:13:24 -04:00
WilliButz
5818c73d95
nixos/prometheus-exporters: add mail exporter module 2019-07-30 19:24:26 +02:00
worldofpeace
7f2f31a812
Merge pull request #65449 from worldofpeace/disable-portals
nixos/xdg: disable portals (again, again)
2019-07-29 21:47:51 -04:00
Alexey Shmalko
e50539f7b5
syncthing: create default group if not overridden
The following configuration generates a systemd unit that doesn't
start.
```nix
{
  services.syncthing = {
    enable = true;
    user = "my-user";
  };
}
```

It fails with
```
systemd[1]: Started Syncthing service.
systemd[6745]: syncthing.service: Failed to determine group credentials: No such process
systemd[6745]: syncthing.service: Failed at step GROUP spawning /nix/store/n1ydz3i08nqp1ajc50ycy1zribmphqc9-syncthing-1.1.4-bin/bin/syncthing: No such process
systemd[1]: syncthing.service: Main process exited, code=exited, status=216/GROUP
systemd[1]: syncthing.service: Failed with result 'exit-code'.
```

This is due to the fact that `syncthing` group (default) is not
created if the user is overridden.

Add a separate check for setting up the default group, so that
user/group are created independently.
2019-07-29 21:56:12 +03:00
Jörg Thalheim
3b0f0741ea
Merge pull request #65335 from Baughn/wifi-crda
wifi: Include CRDA regulatory database
2019-07-29 07:02:22 +01:00
Svein Ove Aas
d28a8cc4af nixos/pantheon: Include CRDA regulatory database 2019-07-28 22:17:19 +01:00
Svein Ove Aas
186dd1ce58 nixos/gnome3: Include CRDA regulatory database 2019-07-28 22:17:10 +01:00
Svein Ove Aas
7ee6226bdd nixos/networkmanager: Include CRDA regulatory database 2019-07-28 22:10:28 +01:00
Svein Ove Aas
ac50d8e709 nixos/wpa_supplicant: Include CRDA regulatory database 2019-07-28 22:10:28 +01:00
Bas van Dijk
9ff408a2a4
Merge pull request #60500 from basvandijk/thanos-init
thanos: init at 0.6.0 & NixOS module
2019-07-28 19:14:55 +02:00
edef
9897956d36
Merge pull request #65485 from arcnmx/pr-taskserver-nixos
nixos/taskserver: crl file is optional
2019-07-28 13:02:05 +00:00
Bas van Dijk
0a59be7136 thanos: 0.5.0 -> 0.6.0 2019-07-28 13:28:27 +02:00
Bas van Dijk
dc69b3e6ad nixos/thanos: code style: don't use a space before a colon 2019-07-28 13:28:27 +02:00
Bas van Dijk
e32e0e6e02 nixos/thanos: assert that prometheus2 is running and has labels set 2019-07-28 13:28:27 +02:00
Bas van Dijk
13da811853 nixos/thanos: allow overriding arguments to the thanos subcommands 2019-07-28 13:28:27 +02:00
Bas van Dijk
2d0243c187 thanos: 0.4.0 -> 0.5.0-rc.0 2019-07-28 13:28:27 +02:00
Bas van Dijk
ebc65a5f21 nixos/thanos: add module for the thanos service 2019-07-28 13:28:27 +02:00
Frederik Rietdijk
cb3ce5d26d Merge master into staging-next 2019-07-28 12:11:37 +02:00
Frederik Rietdijk
cca5ee9c07 Merge staging-next into staging 2019-07-28 09:10:03 +02:00
arcnmx
c604b38791 nixos/taskserver: crl file is optional 2019-07-27 15:49:46 -07:00
Ashish SHUKLA
d3c2b992d4
sshguard: do not create ipset in post-start
Upstream switched to a different type of ipset table, whereas we
create ipset in post-start which overrides upstream, and renders
sshguard ineffective.

Remove ipset creation from post-start, and let it get automatically
by upstream script (sshg-fw-ipset) as part of startup
2019-07-27 10:59:50 +05:30
worldofpeace
1e4d9e08cd nixos/plasma5: enable xdg.portal 2019-07-26 22:36:32 -04:00
worldofpeace
16c6f169a2 nixos/gnome3: enable xdg.portal 2019-07-26 22:36:14 -04:00
worldofpeace
785158fd64 nixos/flatpak: require xdg.portal to be enabled 2019-07-26 22:35:50 -04:00
Aaron Andersen
1ab91bee65
Merge pull request #65418 from mmahut/proxy_server
nixos/zabbixProxy: server is a mandatory parameter
2019-07-26 18:46:21 -04:00
Aaron Andersen
5596b69771 nixos/httpd: remove duplicate module entries from httpd.conf 2019-07-26 17:51:06 -04:00
Silvan Mosberger
d3dfe06c38
nixos/xserver: add option to install custom xkb layouts (#47764)
nixos/xserver: add option to install custom xkb layouts
2019-07-26 20:43:37 +02:00
rnhmjoj
171d5c9200
nixos/xserver: add option to install custom xkb layouts 2019-07-26 18:08:04 +02:00
Marek Mahut
6e762653de module zabbixProxy: server is a mandatory parameter 2019-07-26 16:22:47 +02:00
Orivej Desh
32fbbc6f9b Merge master into staging 2019-07-25 09:23:21 +00:00
Kevin Rauscher
17c2f79e39 bloop: allow specifying extra cli options 2019-07-25 09:28:13 +02:00
Kevin Rauscher
d6b6015d34 bloop: get closer to standard bloop packaging 2019-07-24 21:42:40 +02:00
Robin Gloster
5806e71834
Merge pull request #65299 from Ma27/fix-nextcloud-test
nixos/nextcloud: fix inclusion of trusted_domains in override config
2019-07-24 19:28:06 +00:00
Silvan Mosberger
5e974362be
nixos/couchdb: Prevent it from chowning /var/log to couchdb:couchdb
The default for logFile is /var/log/couchdb.log, and the tmpfile rules chown
${dirOf cfg.logFile}, which is just /var/log, to couchdb:couchdb.

This was found by Edes' report on IRC, which looked like

    Detected unsafe path transition /var/log → /var/log/journal during canonicalization of /var/log/journal

While this bug has been present since the initial couchdb module in
62438c09f7 by @garbas, this wasn't a
problem, because the initial module only created and chowned /var/log
if it didn't exist yet, which can't occur because this gets created in
the initial phases of NixOS startup.

However with the recent move from manual preStart chown scripts to
systemd.tmpfiles.rules in 062efe018d (#59389),
this chown is suddenly running unconditionally at every system
activation, therefore triggering the above error.
2019-07-24 20:52:53 +02:00
Thomas Tuegel
3d76d810ed
Merge pull request #65090 from eadwu/compton/7
compton: 6.2 -> 7
2019-07-24 06:41:09 -05:00
Peter Hoeg
bede9851a1
Merge pull request #65078 from peterhoeg/f/st
nixos/syncthing: do not use nogroup
2019-07-24 13:22:08 +08:00
Aaron Andersen
455d33f514 nixos/mediawiki: init service to replace httpd subservice 2019-07-23 22:02:33 -04:00
Aaron Andersen
72ef4786e1
Merge pull request #64151 from aanderse/httpd-extraSubservices
nixos/httpd: module cleanup
2019-07-23 21:58:40 -04:00
Florian Klink
101a4be5a7
Add spotifyd package and service (#65092)
Add spotifyd package and service
2019-07-24 00:54:24 +02:00
Silvan Mosberger
8403187566
thelounge: init at 3.0.1 (#51947)
thelounge: init at 3.0.1
2019-07-23 13:45:43 +02:00
Maximilian Bosch
c5e515f5c7
nixos/nextcloud: fix inclusion of trusted_domains in override config
Regression I caused with 3944aa051c, sorry
for this! The Nextcloud installer broke back then because
`trusted_domains` was an empty value by default (a.k.a an empty array)
which seemed to break the config merger of Nextcloud as Nextcloud
doesn't do recursive merging and now no domain was trusted because of
that, hence Nextcloud was unreachable for the `curl` call.
2019-07-23 13:29:43 +02:00
Mrmaxmeier
37a2f058ed nixos/thelounge: init
The Lounge is the official and community-managed fork of Shout.
This intends to replace the `shout` service.
2019-07-23 13:18:01 +02:00
Danylo Hlynskyi
d54e52276b
postgresql: update docs
https://github.com/NixOS/nixpkgs/issues/32156
2019-07-23 14:17:14 +03:00
WilliButz
5dc50eab68
Merge pull request #65102 from d-goldin/patch-1
docs prometheus.exporters: typo fix.
2019-07-23 10:06:20 +02:00
worldofpeace
356d9ad758 nixos/pantheon: don't add extraPortals
Pantheon's XDG Portal is still WIP and we
it's probably not proper to use gtk's one.
2019-07-23 03:43:41 -04:00
steve-chavez
dfd3a0269c Shorten mkEnableOption description 2019-07-23 12:19:28 +09:00
steve-chavez
5ccfa0c816 nixos/modules: add greenclip user service 2019-07-23 12:19:28 +09:00
worldofpeace
b1bc0645ea gdk-pixbuf: rename from gdk_pixbuf 2019-07-22 18:50:57 -04:00
Robin Gloster
da2eda65e3
Merge pull request #65179 from delroth/bind-extraconfig
nixos/bind: allow manual additions to zone config fragments
2019-07-22 17:53:49 +00:00
Robin Gloster
e891178dde
Merge pull request #63900 from Ma27/nextcloud-declarative-dbconfig
nixos/nextcloud: write config to additional config file
2019-07-22 16:50:02 +00:00
Johan Thomsen
bbd4a0c100 nixos/gitlab: gitlab-workhorse requires exiftool on path to process uploaded images 2019-07-22 16:41:16 +00:00
Maximilian Bosch
3944aa051c
nixos/nextcloud: write config to additional config file
One of the main problems of the Nextcloud module is that it's currently
not possible to alter e.g. database configuration after the initial
setup as it's written by their imperative installer to a file.

After some research[1] it turned out that it's possible to override all values
with an additional config file. The documentation has been
slightly updated to remain up-to-date, but the warnings should
remain there as the imperative configuration is still used and may cause
unwanted side-effects.

Also simplified the postgresql test which uses `ensure{Databases,Users}` to
configure the database.

Fixes #49783

[1] https://github.com/NixOS/nixpkgs/issues/49783#issuecomment-483063922
2019-07-22 18:29:52 +02:00
WilliButz
c64f621bfd
nixos/prometheus-nginx-exporter: update module
Update exporter submodule to match the new exporter version.
2019-07-22 16:41:10 +02:00
WilliButz
fb6f0a48bb
nixos/prometheus-exporters: add option renaming for submodules
Adds the functionality to create option renamings and removals
for exporter submodules as in nixos/modules/rename.nix.
2019-07-22 16:41:10 +02:00
WilliButz
774221191d
nixos/prometheus-exporters: refactor imports, replace 'with lib;'
Pass through 'options' to exporter definitions and replace 'with lib;'
by explicit function imports.
2019-07-22 16:41:09 +02:00
WilliButz
01ee2ee2ba
nixos/test: fix prometheus-{bind,varnish}-exporter tests 2019-07-22 16:41:09 +02:00
Nikolay Amiantov
a0ba42e3f4
Merge pull request #64268 from jameysharp/nscd-dynamicuser
nixos/nscd: DynamicUser and other cleanups
2019-07-22 16:23:07 +03:00
Franz Pletz
376b5fd000
Merge pull request #64463 from Ma27/graylog-test
nixos/graylog: minor fixes, add test
2019-07-21 20:53:39 +00:00
Aaron Andersen
44565adda5
Merge pull request #60436 from nbardiuk/master
nixos/tiddlywiki: init
2019-07-21 16:39:42 -04:00
Franz Pletz
bc418837d5
Merge pull request #65225 from Ma27/bump-prometheus-wireguard-exporter
prometheus-wireguard-exporter: 2.0.1 -> 3.0.0
2019-07-21 20:19:22 +00:00
Maximilian Bosch
7095bdf988
nixos/prometheus-exporters/wireguard: add support for -s switch
Since version 3.0 all allowed IPs and subnets are exposed by the
exporter. With `-s` set on the CLI, instead of a comma-separated list,
each allowed IP and subnet will be in a single field with the schema
`allowed_ip_<index>`.
2019-07-21 21:39:49 +02:00
Danylo Hlynskyi
caa0f82bf8
docs: update docs for postgresql plugins (#64899)
docs: update docs for postgresql plugins

Co-Authored-By: Mario Rodas <marsam@users.noreply.github.com>
2019-07-21 22:05:41 +03:00
Anders Lundstedt
53841fcea9 nixos/spotifyd: init 2019-07-21 00:58:20 +02:00
Aaron Andersen
9b970d07f3 nixos/httpd: drop postgresql reference 2019-07-20 18:36:24 -04:00
Aaron Andersen
0fd69629c7 nixos/httpd: mark extraSubservices option as deprecated 2019-07-20 18:36:19 -04:00
Aaron Andersen
505df09d50 nixos/httpd: drop the port option 2019-07-20 18:29:46 -04:00
Xavier Vello
df748aeefe nixos/plasma5: allow to configure the default phonon backend
Introduce a new .plasma5.phononBackend option. Default value
"gstreamer" installs the same packages as before. "vlc" installs
only the vlc phonon backend.
2019-07-20 21:53:46 +02:00
Pierre Bourdon
6332bc25cd
nixos/bind: allow manual additions to zone config fragments 2019-07-20 17:50:37 +02:00
Aaron Andersen
30920fbf69
Merge pull request #64741 from dasJ/gitea-smtp-pw
nixos/gitea: Support SMTP without pw in the store
2019-07-20 08:32:51 -04:00
Aaron Andersen
faf884ca9b
Merge pull request #64365 from aanderse/tt-rss
nixos/tt-rss: remove deprecated usage of PermissionsStartOnly, specify a group to run service as, and fix local pgsql database creation
2019-07-20 08:23:48 -04:00
Graham Christensen
d51b522a6e
Merge pull request #64052 from aanderse/tomcat-connector
nixos/httpd: drop tomcat-connector httpd subservice
2019-07-19 15:25:44 -04:00
Dima
186222ce7b
Fixing minor typo in prometheus exporters doc 2019-07-19 21:13:57 +02:00
Edmund Wu
23ae47a2d0
compton: 6.2 -> 7 2019-07-19 13:07:21 -04:00
worldofpeace
00eef848b2 nixos/doc: fix build
Adjusts to options renamed in 90b1197301
2019-07-18 20:40:24 -04:00
worldofpeace
3531a229d1 nixos/pantheon: add gtk xdg desktop portal 2019-07-18 20:03:12 -04:00
worldofpeace
69f2836c1b
Merge pull request #64575 from pasqui23/portal
nixos/xdg: add portal option
2019-07-18 20:00:09 -04:00
Pasquale
90b1197301 nixos/xdg: add portal option
This factors the configuration out of the flatpak module.
2019-07-18 19:59:07 -04:00
Peter Simons
c768e1ff48
Merge pull request #64794 from peti/t/postfix-module
nixos: add 'localRecipients' config option for Postfix
2019-07-18 19:14:36 +02:00
fuwa
562b5061a7 nixos/tor: fix obfs4 package 2019-07-19 04:11:17 +08:00
Florian Klink
9d339e3b45
Merge pull request #61312 from Yarny0/tsm-client
TSM client
2019-07-18 02:46:31 +02:00
Robin Gloster
0972409c95
Merge pull request #64550 from bgamari/gitlab-12.0
gitlab: 11.10.8 -> 12.0.3
2019-07-17 16:01:03 +00:00
Jamey Sharp
d4e5748c1b nixos/openldap: fix assertion
In commit d43dc68db3, @Mic92 split the
rootpw option to allow specifying it in a file kept outside the Nix
store, as an alternative to specifying the password directly in the
config.

Prior to that, rootpw's type was `str`, but in order to allow both
alternatives, it had to become `nullOr str` with a default of `null`. So
I can see why this assertion, that either rootpw or rootpwFile are
specified, makes sense to add here.

However, these options aren't used if the configDir option is set, so as
written this assertion breaks valid configurations, including the
configuration used by nixos/tests/ldap.nix.

So this patch fixes the assertion so that it doesn't fire if configDir
is set.
2019-07-17 11:08:10 +03:00
Nikolay Amiantov
294751a4fc
Merge pull request #62955 from abbradar/resolvconf
resolvconf service: init
2019-07-17 11:07:12 +03:00
Nazarii Bardiuk
976928daa2
nixos/tiddlywiki: init
Service that runs TiddlyWiki nodejs server
2019-07-16 23:12:16 +01:00
Ambroz Bizjak
4f309207c7 nixos/xserver: Make radeon in videoDrivers an alias for ati.
The old open-source driver for AMD/ATI GPUs is commonly known as "radeon"
despite the historical package name xf86-video-ati. For example it presents
itself as RADEON in the Xorg log. So adding "radeon" to videoDrivers should
work.

Also changed the docs for the videoDrivers option to use "radeon" in the
default value instead of "ati".

Fixes #37917
2019-07-16 23:02:09 +02:00
Vladimír Čunát
2b28e4c96f
Merge #64892: 'staging-next' (another iteration)
It's not completely without regressions, but I believe we can deal with
the rest directly on master.  This is required for Firefox security fixes.
2019-07-16 19:32:17 +02:00
Frederik Rietdijk
a28a9ac156 Merge master into staging-next 2019-07-16 11:15:46 +02:00
Danylo Hlynskyi
475f1ebd98
Merge branch 'master' into postgresql-plugins-bin 2019-07-16 11:32:52 +03:00
Robin Gloster
52fd300b8c
gitlab module: fix permissions 2019-07-16 03:51:17 +02:00
Robin Gloster
3469c206f2
gitlab-shell: better gitlab_shell_secret location
So this won't be cleaned up by removing config/*
2019-07-16 03:51:11 +02:00
Robin Gloster
783c2f6106
gitlab module: clean up permission handling
This is WIP to get rid of PermissionsStartOnly=true
2019-07-16 01:19:07 +02:00
Nikolay Amiantov
01b90dce78 resolvconf service: init
This is a refactor of how resolvconf is managed on NixOS. We split it
into a separate service which is enabled internally depending on whether
we want /etc/resolv.conf to be managed by it. Various services now take
advantage of those configuration options.

We also now use systemd instead of activation scripts to update
resolv.conf.

NetworkManager now uses the right option for rc-manager DNS
automatically, so the configuration option shouldn't be exposed.
2019-07-15 20:25:39 +03:00
WilliButz
a9ce5f6c59
nixos/grafana: add grafana user to group 'grafana' 2019-07-15 18:33:19 +02:00
Peter Simons
59bacaca3d nixos: add 'localRecipients' config option for Postfix
The new option services.postfix.localRecipients allows
configuring the postfix option 'local_recipient_maps'. When
set to a list of user names (or patterns), that map
effectively replaces the lookup in the system's user
database that's used by default to determine which local
users are valid.

This option is useful to explicitly set local users that are
allowed to receive e-mail from the outside world. For local
injection i.e. via the 'sendmail' command this option has no
effect.
2019-07-15 17:36:20 +02:00
Yarny0
d99462ff5a nixos/backup/tsm: init module
Based on the programs/tsm-client module,
this commit introduces a systemd service that uses the
tsm-client to create regular backups of the machine.
2019-07-15 09:41:37 +02:00
Vladimír Čunát
3686036e02
Merge branch 'master' into staging-next
Hydra nixpkgs: ?compare=1530372
2019-07-15 09:39:03 +02:00
Janne Heß
1e23007dcd nixos/gitea: Support SMTP without pw in the store 2019-07-14 22:48:10 +02:00
Silvan Mosberger
5eac339829
nixos/redmine: add database.createLocally option (#63932)
nixos/redmine: add database.createLocally option
2019-07-14 16:22:37 +02:00
danbst
3b0534310c mass replace "flip map -> foreach"
See `foreach`-introduction commit.
```
rg 'flip map ' --files-with-matches | xargs sed -i 's/flip map /foreach /g'
```
2019-07-14 13:46:10 +03:00
Nikolay Amiantov
8951505dc9
Merge pull request #62956 from abbradar/nm-fixes
NetworkManager fixes
2019-07-13 22:31:13 +03:00
José Romildo Malaquias
c3282487dd xfce4-13: rename to xfce4-14 2019-07-13 08:42:05 -03:00
caadar
6fea6dbc00 manual: mention jmacs as emacs imitation 2019-07-13 11:01:17 +02:00
Frederik Rietdijk
54065ae20d Merge master into staging-next 2019-07-13 09:45:40 +02:00
Jamey Sharp
d79584c902 nixos/nscd: document why it is configured this way 2019-07-12 12:07:45 -07:00
Silvan Mosberger
5b8b5a694c
Merge pull request #64112 from davidtwco/deluge/users-groups-firewalls
nixos/deluge: add user/group/openFirewall opts and extraction packages to path
2019-07-12 20:26:55 +02:00
Florian Klink
a234b91271
Merge pull request #64621 from gloaming/dhcpcd-before-network-online
nixos/dhcpcd: Before network-online.target
2019-07-12 12:48:01 +02:00
Aaron Andersen
c13fbe0551
Merge pull request #63844 from aanderse/zabbix-cleanup
nixos/zabbix: overhaul package & module
2019-07-12 06:12:51 -04:00
Vladimír Čunát
2c3f18721e
Merge #59924: knot-resolver: 3.2.1 -> 4.1.0 (security) 2019-07-12 09:14:53 +02:00
Aaron Andersen
08286b4f29 nixos/httpd: drop tomcat-connector httpd subservice 2019-07-11 20:58:55 -04:00
Aaron Andersen
649ec93c37 foswiki: drop package & httpd subservice 2019-07-11 19:46:30 -04:00
Aaron Andersen
6a1de5460b nixos/httpd: remove broken trac subservice 2019-07-11 19:19:27 -04:00
Aaron Andersen
4191c80c31 nixos/zabbixProxy: init module 2019-07-11 18:55:58 -04:00
Aaron Andersen
70092c9acb nixos/zabbixAgent & nixos/zabbixServer: various module updates 2019-07-11 18:54:15 -04:00
Aaron Andersen
6891fb4103 nixos/zabbixWeb: replace httpd subservice with new module 2019-07-11 18:45:46 -04:00
Matthew Bauer
99c04c74cf
Merge pull request #63581 from PsyanticY/zabbix-4.0
zabbix:1.8 -> 4.0 | remove old packages
2019-07-11 15:05:05 -04:00
worldofpeace
a6ce6c1052
Merge pull request #61981 from ambrop72/no-opengl-ld-library-path
nixos: Don't set LD_LIBRARY_PATH for graphics drivers that don't need it.
2019-07-11 13:15:51 -04:00
PsyanticY
16f8a17416 zabbix:1.8 -> 4.0 | remove old packages 2019-07-11 17:22:26 +01:00
Nikolay Amiantov
48b3e70534
Update nixos/modules/services/networking/networkmanager.nix
Co-Authored-By: worldofpeace <worldofpeace@protonmail.ch>
2019-07-11 18:37:51 +03:00
Craig Hall
2ae58dfc79 nixos/dhcpcd: Before network-online.target
Instead of network.target. Fixes #60900 (delayed boot).
2019-07-11 12:23:41 +01:00
Frederik Rietdijk
22cb7f25f2 Merge master into staging-next 2019-07-11 09:40:10 +02:00
Edmund Wu
7d95bc0c85
nixos/libinput: use types.lines for additionalOptions 2019-07-10 12:22:57 -04:00
Vladimír Čunát
9efdd2e434
knot-resolver: 3.2.1 -> 4.0.0
https://lists.nic.cz/pipermail/knot-resolver-users/2019/000136.html

Similar commit worked fine for me, including the nixos service.
I'd like to still improve the service to support easy passing of sockets
to http module.
2019-07-10 17:40:04 +02:00
Peter Hoeg
8317663b94 nixos/syncthing: do not use nogroup
We were already creating a group for the user under which to run syncthing but
we were defaulting to running as `nogroup`.

Additionally, use `install` instead of multiple calls to mkdir/cp/chown.
2019-07-10 21:29:25 +08:00
Frederik Rietdijk
da96a4119f Merge staging-next into staging 2019-07-10 08:52:50 +02:00
Frederik Rietdijk
fb6260fcf7
Merge pull request #64236 from NixOS/staging-next
Staging next
2019-07-10 08:52:04 +02:00
Austin Seipp
acb1134074
nixos/foundationdb: s/pidFile/pidfile/
Fixes an evaluation regression introduced by a case-typo in
de6e5ea815

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2019-07-09 17:11:31 -05:00
Aaron Andersen
ca336ac985
Merge pull request #64050 from aanderse/mercurial
nixos/httpd: drop mercurial httpd subservice
2019-07-09 12:54:01 -04:00
Frederik Rietdijk
79a03641d5 Merge staging-next into staging 2019-07-09 15:46:26 +02:00
Frederik Rietdijk
74c24385cb Merge master into staging-next 2019-07-09 15:46:00 +02:00
Frederik Rietdijk
7cf5909fad Merge staging-next into staging 2019-07-09 15:44:08 +02:00
WilliButz
3f598c0faa
nixos/loki: add module 2019-07-08 16:09:56 +02:00
Elis Hirwing
3b354cc037
Merge pull request #64412 from davidtwco/lidarr/fix-home
nixos/lidarr: re-add home attribute
2019-07-07 21:35:06 +02:00
Elis Hirwing
89bc406be5
Merge pull request #64413 from davidtwco/jackett/package
nixos/jackett: add package option
2019-07-07 21:33:11 +02:00
Jamey Sharp
f7c776760b nixos/nscd: only drop privs after nss module init
NixOS usually needs nscd just to have a single place where
LD_LIBRARY_PATH can be set to include all NSS modules, but nscd is also
useful if some of the NSS modules need to read files which are only
accessible by root.

For example, nixos/modules/config/ldap.nix needs this when
  users.ldap.enable = true;
  users.ldap.daemon.enable = false;
and users.ldap.bind.passwordFile exists. In that case, the module
creates an /etc/ldap.conf which is only readable by root, but which the
NSS module needs to read in order to find out what LDAP server to
connect to and with what credentials.

If nscd is started as root and configured with the server-user option in
nscd.conf, then it gives each NSS module the opportunity to initialize
itself before dropping privileges. The initialization happens in the
glibc-internal __nss_disable_nscd function, which pre-loads all the
configured NSS modules for passwd, group, hosts, and services (but not
netgroup for some reason?) and, for each loaded module, calls an init
function if one is defined. After that finishes, nscd's main() calls
nscd_init() which ends by calling finish_drop_privileges().

There are provisions in systemd for using DynamicUser with a service
which needs to drop privileges itself, so this patch does that.
2019-07-07 08:43:41 -07:00
Maximilian Bosch
beff2f8d75 nixos/graylog: use types.lines for extraConfig
The `types.lines` type makes it possible to define `extraConfig` in
multiple files and simply concat the contents.
2019-07-07 14:49:39 +02:00
David Wood
e2247dceb3
nixos/lidarr: re-add home attribute
This was accidentally removed in a previous PR and broke things.
2019-07-07 12:31:28 +01:00
David Wood
7f32961ea2
nixos/jackett: add package option
This allows users of the module to override the package to a newer
version. Particularly useful as Jackett warns that old versions may not
work.
2019-07-07 12:23:01 +01:00
worldofpeace
ab34f8b39b
Merge pull request #63824 from JohnAZoidberg/zoneminder-alias
nixos/zoneminder: Fix package and service build
2019-07-06 21:19:23 -04:00
Janne Heß
9e2a8f5023 nixos/icingaweb: Fix module path; Add test 2019-07-07 03:03:59 +02:00
Maximilian Bosch
3464c602e8
nixos/graylog: fix startup
Until now the startup failed with an error like this:

```
com.github.joschi.jadconfig.ValidationException: Parent path /var/lib/graylog/server for Node ID file at /var/lib/graylog/server/node-id is not a directory
```

This happens since `graylog.service` ensures that `/var/lib/graylog`
exists, however it doesn't take care of the directory for
`cfg.nodeIdFile`.
2019-07-06 20:42:56 +02:00
Jamey Sharp
c38fa99757 nixos/nscd: don't need to specify username
Thanks to @arianvp for pointing out that when DynamicUser is true,
systemd defaults the value of User to be the name of the unit, which in
this case is already "nscd".
2019-07-06 09:24:49 -07:00
Vladimír Čunát
0746c4dbb4
Merge branch 'master' into staging-next
There are several thousand rebuilds from master already.
Hydra nixpkgs: ?compare=1528940
2019-07-06 13:44:40 +02:00
Jörg Thalheim
e111f23233
Merge pull request #64329 from Izorkin/netdata
nixos/netdata: update service config
2019-07-06 08:52:41 +01:00
Izorkin
fb4d71a39f nixos/netdata: increase performance 2019-07-06 10:15:21 +03:00
Izorkin
6e592faa92 nixos/netdata: enable reload service and add PID file 2019-07-06 10:12:20 +03:00
Aaron Andersen
1cd3b98c3a nixos/tt-rss: remove deprecated usage of PermissionsStartOnly, specify a group to run service as, and fix local pgsql database creation 2019-07-05 22:04:56 -04:00
Silvan Mosberger
944e21cf7c
Merge pull request #63339 from Slabity/master
Fix restya-board's phpfpm.pools option
2019-07-06 03:00:52 +02:00
Tyler Slabinski
120cf906a6 nixos/restya-board: Fix phpfpm.pools option 2019-07-05 20:16:13 -04:00
Thomas Tuegel
56d5963382
Merge pull request #54525 from ttuegel/feature/qt-5/wrap-qt-apps
Wrap Qt applications
2019-07-05 14:38:10 -05:00
Thomas Tuegel
f79fd2e826
wrapQtAppsHook: wrap Qt applications for runtime dependencies 2019-07-05 10:41:41 -05:00
Elis Hirwing
823120765c
Merge pull request #64113 from davidtwco/lidarr/users-groups-firewalls
nixos/lidarr: add user/group/openFirewall opts.
2019-07-05 12:20:49 +02:00
Aaron Andersen
c7efe78963
Merge pull request #64274 from aanderse/limesurvey
nixos/limesurvey: module fixes & cleanup
2019-07-04 21:25:49 -04:00
Matthieu Coudron
2ebeba4927 nixos/iperf: add openFirewall setting
Opens the specified tcp port.
2019-07-04 16:58:56 +02:00
Jörg Thalheim
5c80009d0d
netdata: update build config (#64241)
netdata: update build config
2019-07-04 13:35:20 +01:00
Aaron Andersen
5da6d04840 nixos/limesurvey: module fixes & cleanup 2019-07-04 06:16:59 -04:00
Izorkin
064a19afe2 nixos/netdata: add capabilites to freeipmi.plugin 2019-07-04 13:08:38 +03:00
Jamey Sharp
4c64375e91 nixos/nscd: delete redundant nscd.conf options
These options were being set to the same value as the defaults that are
hardcoded in nscd. Delete them so it's clear which settings are actually
important for NixOS.

One exception is `threads 1`, which is different from the built-in
default of 4. However, both values are equivalent because nscd forces
the number of threads to be at least as many as the number of kinds of
databases it supports, which is 5.
2019-07-03 15:34:44 -07:00
Jamey Sharp
de251704d6 nixos/nscd: run with a dynamic user
nscd doesn't create any files outside of /run/nscd unless the nscd.conf
"persistent" option is used, which we don't do by default. Therefore it
doesn't matter what UID/GID we run this service as, so long as it isn't
shared with any other running processes.

/run/nscd does need to be owned by the same UID that the service is
running as, but systemd takes care of that for us thanks to the
RuntimeDirectory directive.

If someone wants to turn on the "persistent" option, they need to
manually configure users.users.nscd and systemd.tmpfiles.rules so that
/var/db/nscd is owned by the same user that nscd runs as.

In an all-defaults boot.isContainer configuration of NixOS, this removes
the only user which did not have a pre-assigned UID.
2019-07-03 13:27:29 -07:00
Jamey Sharp
597563d248 nixos/nscd: let systemd manage directories
Previously this module created both /var/db/nscd and /run/nscd using
shell commands in a preStart script. Note that both of these paths are
hard-coded in the nscd source. (Well, the latter is actually
/var/run/nscd but /var/run is a symlink to /run so it works out the
same.)

/var/db/nscd is only used if the nscd.conf "persistent" option is turned
on for one or more databases, which it is not in our default config
file. I'm not even sure persistent mode can work under systemd, since
`nscd --shutdown` is not synchronous so systemd will always
unceremoniously kill nscd without reliably giving it time to mark the
databases as unused. Nonetheless, if someone wants to use that option,
they can ensure the directory exists using systemd.tmpfiles.rules.

systemd can create /run/nscd for us with the RuntimeDirectory directive,
with the added benefit of causing systemd to delete the directory on
service stop or restart. The default value of RuntimeDirectoryMode is
755, the same as the mode which this module was using before.

I don't think the `rm -f /run/nscd/nscd.pid` was necessary after NixOS
switched to systemd and used its PIDFile directive, because systemd
deletes the specified file after the service stops, and because the file
can't persist across reboots since /run is a tmpfs. Even if the file
still exists when nscd starts, it's only a problem if the pid it
contains has been reused by another process, which is unlikely. Anyway,
this change makes that deletion even less necessary, because now systemd
deletes the entire /run/nscd directory when the service stops.
2019-07-03 12:39:48 -07:00
Jamey Sharp
93f185df65 nixos/nscd: no longer need to wait for readiness
This postStart step was introduced on 2014-04-24 with the comment that
"Nscd forks into the background before it's ready to accept
connections."

However, that was fixed upstream almost two months earlier, on
2014-03-03, with the comment that "This, along with setting the nscd
service type to forking in its systemd configuration file, allows
systemd to be certain that the nscd service is ready and is accepting
connections."

The fix was released several months later in glibc 2.20, which was
merged in NixOS sometime before 15.09, so it certainly should be safe to
remove this workaround by now.
2019-07-03 12:26:47 -07:00
Aaron Andersen
aa05aad470 nixos/wordpress: create module to replace the httpd subservice 2019-07-03 11:47:33 -04:00
Aaron Andersen
8d7dc105b1
Merge pull request #63931 from aanderse/phpfpm
phpfpm: revert #63156
2019-07-03 07:04:17 -04:00
Aaron Andersen
9f2518da59
Merge pull request #64199 from thorstenweber83/fix-mysql-test
nixos/mysql: fix mysql test after #63862
2019-07-03 06:27:40 -04:00
Aaron Andersen
ec80ffc621
Merge pull request #62061 from aanderse/nagios
nixos/nagios: module updates
2019-07-03 06:19:35 -04:00
talyz
732af03ace networkmanager: Documentation cleanup.
- Refer to external documentation for dns option
- Clean up macAddress option
- Improve references
2019-07-03 09:40:05 +00:00
talyz
80acb28bee networkmanager: Add rc-manager option
Add an option to set the rc-manager parameter in NetworkManager.conf,
which controls how NetworkManager handles resolv.conf. This sets the
default rc-manager to "resolvconf", which solves #61490. It
additionally allows the user to change rc-manager without interference
from configuration activations.
2019-07-03 09:40:05 +00:00
Frederik Rietdijk
25a77b7210 Merge staging-next into staging 2019-07-03 08:59:42 +02:00
Thorsten Weber
46ea3ebc19 nixos/mysql: make ExecStartPost script fail on error 2019-07-03 08:50:21 +02:00
Peter Hoeg
897834f015 nixos/nix-optimise: be smarter about when we run the store optimiser
We might be inside a NixOS container on a non-NixOS host, so instead of not
running at all inside a container, check if the nix-daemon socket is writable as
it will tell us if the store is managed from here or outside.

Fixes #63578
2019-07-03 09:37:14 +08:00
David Wood
16c394fe0f
nixos/deluge: Add extractor dependencies.
This commit adds the "Extractor" plugin dependencies to the PATH of the
`deluged` service.
2019-07-02 22:26:38 +01:00
David Wood
9837facf21
nixos/deluge: user, group and web firewall opts.
This commit adds new options to the Deluge service:

- Allow configuration of the user/group which runs the deluged daemon.
- Allow configuration of the user/group which runs the deluge web
  daemon.
- Allow opening firewall for the deluge web daemon.
2019-07-02 22:26:34 +01:00
Peter Hoeg
10dd03e0a3
Merge pull request #63551 from Steell/roon-server
roon-server: init at 100600401
2019-07-02 10:06:29 +08:00
Aaron Andersen
f2a499549f nixos/httpd: drop mercurial httpd subservice 2019-07-01 15:34:00 -04:00
Casey Ransom
35d58c3421 datadog-agent: fix extraIntegrations
The override that builds the custom python for integrations-core was
overriding python, but pythonPackages was still being inherited from a
call to `datadog-integrations-core {}`, causing
service.datadog-agent.extraIntegrations to be ignored.
2019-07-01 11:45:19 -04:00
David Wood
6ba90c2aae
nixos/lidarr: add user/group/openFirewall opts.
This commit adds new configuration options to the Lidarr module that
allows configuration of the user and group that Lidarr runs as; and to
open the firewall for the Lidarr port.
2019-07-01 16:17:18 +01:00
worldofpeace
3f4a353737 treewide: use dontUnpack 2019-07-01 04:23:51 -04:00
worldofpeace
cab7c6cbd9 treewide: use dontConfigure 2019-07-01 04:23:51 -04:00
Aaron Vodney
cc83a0d081 u9fs service: start after network.target 2019-06-30 22:43:08 -04:00
Aaron Andersen
d0a147e841 nixos/mysql: run ExecStartPost as root (again) to preserve compatibility with installs that have been secured 2019-06-30 21:59:47 -04:00
Aaron Andersen
e0590da813 nixos/mysql: turn ExecStartPost into a shell script and simplify code 2019-06-30 21:58:27 -04:00
Aaron Andersen
26a5f32096 nixos/redmine: cosmetic cleanup 2019-06-30 07:24:23 -04:00
Aaron Andersen
e702468f6b nixos/redmine: add database.createLocally option 2019-06-30 07:24:18 -04:00
Aaron Andersen
278d867a9b Revert "Merge pull request #63156 from Izorkin/phpfpm-rootless"
This reverts commit b5478fd1a2, reversing
changes made to dbb00bfcbf.
2019-06-28 21:47:43 -04:00
Aaron Andersen
4b98e262a0 Revert "nixos/phpfpm: Remove usage of undefined variable fpmCfg"
This reverts commit 54645ce43a.
2019-06-28 21:47:17 -04:00
worldofpeace
8789ff3179
Merge pull request #63822 from worldofpeace/dde-control-center/init
deepin.dde-control-center: init at 4.10.11
2019-06-27 22:15:52 -04:00
worldofpeace
8c2bcb181e nixos/deepin: add dde-control-center 2019-06-27 22:15:13 -04:00
Elis Hirwing
54645ce43a
nixos/phpfpm: Remove usage of undefined variable fpmCfg 2019-06-27 20:39:18 +02:00
Elis Hirwing
b5478fd1a2
Merge pull request #63156 from Izorkin/phpfpm-rootless
phpfpm: do not run anything as root
2019-06-27 19:13:53 +02:00
Elis Hirwing
dbb00bfcbf
Merge pull request #63726 from davidtwco/lidarr/specify-package
nixos/lidarr: allow specifying package
2019-06-27 19:06:51 +02:00
Aaron Andersen
fa01a229e7
Merge pull request #63101 from dasJ/gitea-jwt
nixos/gitea: Generate a JWT secret for git LFS
2019-06-27 13:06:17 -04:00
Aaron Andersen
ae02678a9d
Merge pull request #63786 from aanderse/mysql
mysql: drop support for deprecated package & module option
2019-06-27 12:14:35 -04:00
Domen Kožar
2072043efb
duplicati: fix StateDirectory 2019-06-27 14:15:37 +02:00
Janne Heß
8c3dd6f5e7 nixos/gitea: Generate a JWT secret for git LFS 2019-06-27 03:29:02 +02:00
Aaron Andersen
616e52e21b
Merge pull request #63622 from aanderse/zoneminder
nixos/zoneminder: fix some issues with database.createLocally option
2019-06-26 20:36:26 -04:00
Daniel Schaefer
19851ec1fc nixos/zoneminder: Fix nginx config check
NixOS wouldn't build because the nginx config checker fails.

Location without a trailing slash "could allow an attacker to read file
stored outside the target folder.", source:
https://github.com/yandex/gixy/blob/master/docs/en/plugins/aliastraversal.md

Shouldn't change the behaviour according to
https://serverfault.com/questions/607615/using-trailing-slashes-in-nginx-configuration/607731#607731
2019-06-26 20:45:55 +02:00
pacien
b05870d223 nixos/cgit: fix config example
The order of the keys matters: scan-path must be the last key for other settings
to be taken into account.
2019-06-26 19:59:31 +02:00
Eelco Dolstra
8e620e1bc5
Merge pull request #63810 from NixOS/binaryCaches-default
nix.binaryCaches: always set https://cache.nixos.org
2019-06-26 18:51:17 +02:00
Domen Kožar
f572d4eb91
duplicati: PermissionsStartOnly is deprecated 2019-06-26 15:52:00 +02:00
Domen Kožar
036728f3f4
nix.binaryCaches: always set https://cache.nixos.org
There are many support questions when people add a new binary cache
and they suddenly lose nixos substitutions.

Most of the users want to keep that, so we're doing a breaking change.

Previously to disable all binary caches one had to do:

  nix.binaryCache = [];

Now the same is possible via:

  nix.binaryCache = lib.mkForce;
2019-06-26 14:30:56 +02:00
José Romildo Malaquias
b86c7b8568 nixos/deepin: add dde-launcher usb service 2019-06-26 00:40:17 -03:00
Graham Christensen
7b8a7cee78
Merge pull request #63699 from NinjaTrappeur/nin-hostapd-noscan
hostapd: add noscan mode
2019-06-25 18:08:58 -04:00
Graham Christensen
38c28ef10c
Merge pull request #56265 from aanderse/permissions-start-only
replace deprecated usage of PermissionsStartOnly (part 2)
2019-06-25 18:04:22 -04:00
Aaron Andersen
fb918a9254 nixos/mysql: drop rootPassword option 2019-06-25 17:26:53 -04:00
Aaron Andersen
74ff20fae7 nixos/zoneminder: fix some issues with database.createLocally option 2019-06-25 12:20:22 -04:00
Steve Elliott
725e2793dd roon-server: init at 100600401 2019-06-25 09:34:07 -04:00
Domen Kožar
e8916cc6af
duplicati: allow changing the user 2019-06-25 14:28:03 +02:00
Aaron Andersen
931921664f
Merge pull request #63392 from ivan/cassandra-default-cluster-name
nixos/cassandra: use cassandra's default cluster name "Test Cluster"
2019-06-25 07:18:10 -04:00
Samuel Dionne-Riel
c4a12ee9c0
Merge pull request #62852 from samueldr/fix/xterm-desktop-manager-default
nixos/desktop-managers/xterm: Defaults to xserver's state
2019-06-24 14:48:58 -04:00
David Wood
7e38a64709
nixos/lidarr: allow specifying package
This commit allows users of `services.lidarr` to specify the package
that is used with `services.lidarr.package`.
2019-06-24 09:53:38 +01:00
Matthew Bauer
500c13ed46
Merge pull request #63609 from tokudan/udev-executable-check
udev: change error message if RUN entry is not executable
2019-06-23 21:43:31 -04:00
Félix Baylac-Jacqué
5121f8d1e6
hostapd: starting hostapd systemd service at boot. 2019-06-24 00:26:27 +02:00
Félix Baylac-Jacqué
98deb87354
hostapd: Add noscan mode.
Applies OpenWRT's noscan patch to hostapd and the relevant option to
the hostapd module.

This noscan patch adds a new `noscan` option allowing us to create
some overlapping BSSs in HT40+/- mode.

Note: this option is disabled by default, we leave this up to the end
user whether it should be enabled or not.

Not being able to create those overlapping BSSs is basically
preventing us to use 802.11n in any urban area where chances to
overlap with another SSID are extremely high.

The patch we are using is a courtesy of the openwrt team and is
applied to the defaul hostapd package in both OpenWRT and Archlinux.
2019-06-24 00:26:20 +02:00
Domen Kožar
c687da8940
duplicati: change default interface to 127.0.0.1 for a saner default
Existing 'lo' didn't work for me as it was failing to assign an IP.
2019-06-22 20:26:18 +02:00
Daniel Frank
b40a38fe8a udev: be more verbose about the error 2019-06-21 18:05:14 +02:00
Daniel Frank
f8cf9de7ce udev: change error message if RUN entry is not executable 2019-06-21 11:27:56 +02:00
Ivan Kozik
41c6d7adfc nixos/prometheus-node-exporter: fix systemd unit for systemd 242 (#63540)
Avoid having a backslash at the end of ExecStart=.

See https://github.com/NixOS/nixpkgs/issues/63533 for details
about the change to systemd's unit parser.

Fixes #63383.
2019-06-20 17:04:36 -04:00
Matthew Bauer
808d6fc7de
Merge pull request #63087 from matthiasbeyer/fix-ddclient-extraconfig
Fix ddclient extraConfig
2019-06-20 15:28:04 -04:00
Ivan Kozik
f2ea454617 usbguard-nox: init at 0.7.4
This is just usbguard without the Qt GUI that brings in Qt dependencies.

Remove pandoc to reduce closure size. The usbguard build appears to
use it only for spell checking.

Remove asciidoctor because 0.7.1 switched to asciidoc. But don't add
a dependency on asciidoc, because that causes the build fails on
external DTDs.
2019-06-20 13:49:47 +00:00
worldofpeace
d672ceeb68
Merge pull request #63204 from michaelpj/imp/localtime-upstream
localtime: use upstream unit, fix polkit rules
2019-06-19 08:38:03 -04:00
Michael Peyton Jones
0073c1fb0b
localtime: use upstream unit and fix polkit rule installation
Also don't allocate a user - the upstream unit uses DynamicUser.
2019-06-19 11:07:44 +01:00
Aaron Andersen
93412bc35f
Merge pull request #63413 from etu/gitea-183-update
gitea: 1.8.2 -> 1.8.3
2019-06-19 05:46:48 -04:00
Elis Hirwing
3576ba7c19
nixos/gitea: Add missing tmpfiles rules 2019-06-19 07:45:51 +02:00
Frederik Rietdijk
41377252e5 Merge master into staging-next 2019-06-18 10:53:28 +02:00
Vladimír Čunát
0aa9f35a99
Merge branch 'master' into staging-next
Hydra nixpkgs: ?compare=1525828
2019-06-18 09:44:13 +02:00
Ivan Kozik
a476b9bf54 nixos/cassandra: use cassandra's default cluster name "Test Cluster"
The change to "NixOS Test Cluster" in #59179 broke startup of existing clusters
that used the previously-default cluster name "Test Cluster":

ERROR 23:00:47 Fatal exception during initialization
org.apache.cassandra.exceptions.ConfigurationException: Saved cluster name Test Cluster != configured name NixOS Test Cluster

Fixes #63388.
2019-06-18 00:36:46 +00:00
Jan Tojnar
a3f2131eb6 doc: Use prompt more often 2019-06-17 13:25:50 +02:00