Commit graph

808 commits

Author SHA1 Message Date
Michael Raskin
31a4e2e28b
Merge pull request #93457 from ju1m/apparmor
apparmor: fix and improve the service
2020-09-27 13:07:38 +00:00
Cole Helbling
937359fcf1
nixos/update-users-groups: /etc/shadow owned by root:shadow 2020-09-25 09:38:35 -07:00
Robin Gloster
a485504740 config.users.ldap: do not include nss module if turned off 2020-09-25 12:03:42 +02:00
Jörg Thalheim
99406adaae
nixos/update-users-groups: write files truly atomic
Having the .tmp suffix is broken w.r.t. to multiple writers,
as they would overwrite existing files. using the atomic flag
will make write_file to create a unique temporary file it gets renamed
to its target.
2020-09-23 10:51:01 +02:00
Jörg Thalheim
f072d4dadc
nixos/update-users-groups: fix encoding of json database
The issue here is that updateFile expects a unicode string while
encode_json returns a binary string unlike to_json.
2020-09-23 10:50:57 +02:00
Jörg Thalheim
52bdb3eb7b
nixos/update-users-group: treat all file as utf-8
Ideally we would treat everything as bytes however our database is
already utf-8 encoded so we need to stay compatible.
2020-09-23 10:50:55 +02:00
Robert Helgesson
fbc5093649
hooks: add moveSystemdUserUnitsHook
This hook moves systemd user service file from `lib/systemd/user` to
`share/systemd/user`. This is to allow systemd to find the user
services when installed into a user profile. The `lib/systemd/user`
path does not work since `lib` is not in `XDG_DATA_DIRS`.
2020-09-12 18:29:46 +02:00
WORLDofPEACE
2ab42dcc9e
Merge pull request #97171 from davidak/defaultPackages
nixos/config: add defaultPackages option
2020-09-08 19:40:45 -04:00
Richard Marko
f54612264e nixos/jack,pulseaudio: fix pulse connection to jackd service
This fixes the case when Jack Audio Daemon is running
as a service via `services.jack.jackd` and Pulseaudio
running as a *user* service.

Two issues prevented connecting `pulse` with `jackd`:
* Missing `JACK_PROMISCUOUS_SERVER` environment variable for `pulse` user service,
  resulting in `pulse` trying to access `jackd` as if it was running as part of
  the users session.
* `jackd` not being able to access socket created by `pulse` due to socket
  created using user ID and `users` group. Change allows `jackd` to access
  the socket created by `pulse` correctly.

`pulse` now also autoloads `module-jack-sink` and `module-jack-source`
if `services.jack.jackd.enable` is set.

The default `pulse` package is now set to `pulseaudioFull` automatically
if `services.jack.jackd.enable` is set.
2020-09-08 08:44:20 +02:00
davidak
74b3d66baf nixos/config: add defaultPackages option
readd perl (used in shell scripts), rsync (needed for NixOps) and strace (common debugging tool)

they where previously removed in https://github.com/NixOS/nixpkgs/pull/91213

Co-authored-by: Timo Kaufmann <timokau@zoho.com>
Co-authored-by: 8573 <8573@users.noreply.github.com>
2020-09-06 18:58:20 +02:00
Julien Moutinho
fb6d63f3fd apparmor: fix and improve the service 2020-09-06 07:43:03 +02:00
Jan Tojnar
f0cb5c6a15
Revert "nixos/fontconfig: fix 50-user.conf handling"
This reverts commit 8425726f86.

This should have been reverted in https://github.com/NixOS/nixpkgs/pull/95358
but I forgot about it.
2020-09-06 02:56:31 +02:00
Jan Tojnar
4f0f26771e
Merge pull request #95358 from jtojnar/global-fontconfig 2020-09-05 00:19:38 +02:00
Jan Tojnar
7ecabdc22b
Merge pull request #96992 from jtojnar/fc-dtd-urn
treewide: use URN for fontconfig DTD
2020-09-04 17:12:29 +02:00
Jörg Thalheim
02a2649220
Merge pull request #89748 from heinic/krb5-lists 2020-09-03 07:31:22 +01:00
Jan Tojnar
6dd3b54ccc
treewide: use URN for fontconfig DTD
To match upstream change:

9c46ef4aac
2020-09-03 06:39:00 +02:00
rnhmjoj
20d491a317
treewide: completely remove types.loaOf 2020-09-02 00:42:50 +02:00
Jan Tojnar
b49a769970
fontconfig: get rid of rest of versioned configs
The incompatibility does not seem to exist any more: programs linked against fc 2.12
on fc 2.14 system seem to at least display text, even while printing tons of errors
(as long as you generate fc cache manually), and same thing the other way around.
Hopefully it will not be an issue in the future.
2020-08-29 19:16:22 +02:00
Nico Heitmann
0bee87c400 nixos/krb5: add list to example configuration
Updated the relevant nixos test to match the example configuration.
2020-08-25 17:18:56 +02:00
Jan Tojnar
2adf17f8c2
Merge pull request #95869 from jtojnar/fc-local-regression
nixos/fontconfig: fix local.conf regression
2020-08-20 23:43:47 +02:00
Jan Tojnar
fe1b9ebaf1
nixos/fontconfig: fix local.conf regression
Another part of edf2541f02 was missed while
rebasing https://github.com/NixOS/nixpkgs/pull/93562, resulting in incorrect path
as described by https://github.com/NixOS/nixpkgs/issues/86601#issuecomment-675462227
2020-08-20 20:09:28 +02:00
davidak
5a3738d22b
nixos/systemPackages: clean up (#91213)
* nixos/systemPackages: clean up

* Update nixos/doc/manual/release-notes/rl-2009.xml

Co-authored-by: Jan Tojnar <jtojnar@gmail.com>

* Update nixos/doc/manual/release-notes/rl-2009.xml

Co-authored-by: 8573 <8573@users.noreply.github.com>

Co-authored-by: Jan Tojnar <jtojnar@gmail.com>
Co-authored-by: 8573 <8573@users.noreply.github.com>
2020-08-20 13:45:54 +00:00
Silvan Mosberger
c6aa9e4af6
Merge pull request #95681 from flokli/fontconfig-penultimate-remove
nixos/fonts: remove fontconfig-penultimate
2020-08-17 23:47:52 +02:00
Florian Klink
8425726f86 nixos/fontconfig: fix 50-user.conf handling
Apparently, edf2541f02 was missed while
rebasing https://github.com/NixOS/nixpkgs/pull/93562.

Provide 50-user.conf in fontconfig if includeUserConf is true (the
default), and don't try removing the non-existent one if it's disabled

Fixes https://github.com/NixOS/nixpkgs/issues/95685
Fixes https://github.com/NixOS/nixpkgs/issues/95712
2020-08-17 23:12:57 +02:00
Florian Klink
1d51b526e4 nixos/fonts/fontconfig-penultimate: remove module 2020-08-17 13:25:46 +02:00
Vladimír Čunát
0a3386369c
qemu: fix build with environment.noXlibs = true
In some tests, e.g. -f nixos/release.nix tests.simple.x86_64-linux
we use noXlibs and qemu.ga.  Now that output is tiny but to get it
a full qemu build is done, and some dependencies like gtk3 won't build
with noXlibs due to their dependencies being too stripped down.

Therefore let's reduce qemu features in noXlibs case.
The `sdlSupport = false;` part probably wasn't needed,
but I added it for consistency.
2020-08-16 18:25:31 +02:00
Ben Wolsieffer
8f1de2e7c0 environment.noXlibs: disable X11 support in cairo 2020-08-16 10:33:44 +00:00
Jan Tojnar
0a4a62459a
nixos/fontconfig: Reintroduce unversioned fonts.conf
Turns out lot of software (including Chromium) use bundled fontconfig
so we either need to wrap every one of those, or re-introduce the global unversioned config.
The latter is easier but weakens hermetic configs. But perhaps those are not really worth the effort.
2020-08-13 20:56:43 +02:00
Florian Klink
f527651a67 nixos/fontconfig: stop generating fontconfig_210 config and cache
This fontconfig version isn't used anywhere inside nixpkgs anymore.
2020-08-12 13:40:45 +02:00
Jörg Thalheim
ba930d8679
nixos/modules: remove trailing whitespace
This leads to ci failure otherwise if the file gets changed.
git-blame can ignore whitespace changes.
2020-08-07 14:45:39 +01:00
Vladimír Čunát
7a5c6fee0f
Merge branch 'master' into staging-next
Some rebuilds, e.g. all of haskell.
Hydra nixpkgs: ?compare=1601713
2020-07-22 08:37:19 +02:00
edef
2e4fb5cf4c nixos/users-groups: don't consider a system with Google OS Login inaccessible
This allows disabling users.mutableUsers without configuring any
authentication mechanisms (passwords, authorized SSH keys) other than
Google OS Login.
2020-07-19 00:28:02 +00:00
Jan Tojnar
821dba740e
Merge branch 'staging-next' into staging 2020-07-15 09:29:01 +02:00
adisbladis
5733967290
nixos.users-groups: Set up subuid/subgid mappings for all normal users
This is required by (among others) Podman to run containers in rootless mode.

Other distributions such as Fedora and Ubuntu already set up these mappings.

The scheme with a start UID/GID offset starting at 100000 and increasing in 65536 increments is copied from Fedora.
2020-07-13 13:15:02 +02:00
Jan Tojnar
09558f1dbf
Merge pull request #73795 from worldofpeace/fontconfig-2.13.92 2020-07-13 03:34:06 +02:00
Raghav Sood
23e259cf7d
nixos/users-groups: fix mkChangedOptionModule for root password hash 2020-07-12 02:06:22 +00:00
Jan Tojnar
edf2541f02
fontconfig: Only read versioned config dirs
Falling back to unversioned `/etc/fonts/conf.d` when versioned one does not exist
is problematic since it only occurs on non-NixOS systems and those are likely
to have a different version of fontconfig. When those versions use incompatible
elements in the config, apps using fontconfig will crash.

Instead, we are now falling back to the in-package `fonts.conf` file that loads
both the versioned global `conf.d` directory and the in-package `conf.d` since using
upstream settings on non-NixOS is preferable to not being able to use apps there.

In fact, we would not even need to link `fonts.conf`, as the in-package `fonts.conf`
will be always used unless someone creates the global one manually (the option is still
retained if one wants to write a custom NixOS module and to avoid unnecessary stat call on NixOS).

Additionally, since the `fonts.conf` will always load `conf.d` from the package, we no longer
need to install them to sytem `/etc` in the module. This needed some mucking with `50-user.conf`
which disables configs in user directories (a good thing IMO, NixOS module will turn it back on)
but otherwise, it is cleaner. The files are still prioritized by their name, regardless of their location.

See https://github.com/NixOS/nixpkgs/pull/73795#issuecomment-634370125 for more information.
2020-07-11 17:05:13 +02:00
rnhmjoj
c37347af7e
nixos/users-groups: handle password hashes with special meaning 2020-07-04 12:21:49 +02:00
rnhmjoj
99899e2e46
nixos/users-groups: add assertion for ":" in hashes 2020-07-04 12:21:49 +02:00
rnhmjoj
751c2ed6e4
nixos/users-groups: do not check validity of empty hashes 2020-07-04 12:21:49 +02:00
rnhmjoj
900ae97569
nixos/users-groups: clearly document special hash values
This explanation was contained in the description of
security.initialRootPassword but got lost when it was deprecated
a long ago (f496c3c) and removed.
2020-07-04 12:21:48 +02:00
rnhmjoj
a6ed7d4845
nixos/users-groups: remove ancient security.initialRootPassword option
This option has been deprecated for a long time because is redundant
(users.users.root.initialHashedPassword exists).
Moreover, being of type string, it required to handle the special value
"!" separately, instead of using just `null`.
2020-07-04 12:14:37 +02:00
Jörg Thalheim
b2aa673d5a
nixos: fix manual build
https://github.com/NixOS/nixpkgs/pull/92240#issuecomment-653740926
2020-07-04 10:23:25 +01:00
Niklas Hambüchen
06b8b96500 docs: Explain how to set password-less logins.
This explains the

    # Allow the user to log in as root without a password.
    users.users.root.initialHashedPassword = "";

that the NixOS installer live systems use in
`profiles/installation-device.nix`.
2020-07-04 02:05:03 +02:00
Profpatsch
517be84135 small treewide: his -> theirs/its
SJW brigade represent. ;)

Co-authored-by: Jan Tojnar <jtojnar@gmail.com>
2020-06-23 16:49:50 +02:00
Florian Klink
f5f8b08f16
Merge pull request #91065 from Infinisil/move-fontultimate
nixos/fontconfig: Move deprecated ultimate removals to relevant module
2020-06-19 00:07:46 +02:00
Silvan Mosberger
78453e6ba6
nixos/fontconfig: Move deprecated ultimate removals to relevant module
This was a mistake in https://github.com/NixOS/nixpkgs/pull/61570, this
does not belong to prometheus
2020-06-18 23:12:18 +02:00
rnhmjoj
470ce4784e
nixos/users: validate password hashes 2020-06-15 20:08:36 +02:00
Vladimír Čunát
92aa60918f
nixos i18n.supportedLocales: increase systemPackages priority
https://discourse.nixos.org/t/conflict-between-glibc-and-glibclocales-workaround-inside/7608
2020-06-11 10:22:20 +02:00
Marek Mahut
7b9d7cc05d
Merge pull request #85947 from prusnak/images-zstd
Use zstd for ISO and SD images
2020-06-07 19:09:43 +02:00
Nico Heitmann
2b694b1e9f nixos/krb5: output lists as multiple config entries
Fixes #89626
2020-06-07 16:52:27 +02:00
Nico Heitmann
5ed0924e7b nixos/krb5: refactor indentation generation
mkVal is no longer aware of the indentation depth. Indentation is
added to each line of the result when it is included in nested
entries.
2020-06-07 16:40:40 +02:00
Eelco Dolstra
bbfc47326b Don't enable nix-bash-completions when using Nix 2.4
2.4 has its own completion script which collides with
nix-bash-completions.
2020-06-04 14:18:18 +02:00
Michael Weiss
234d95a6fc
nixos/networking: Add the FQDN and hostname to /etc/hosts
This fixes the output of "hostname --fqdn" (previously the domain name
was not appended). Additionally it's now possible to use the FQDN.

This works by unconditionally adding two entries to /etc/hosts:
127.0.0.1 localhost
::1 localhost

These are the first two entries and therefore gethostbyaddr() will
always resolve "127.0.0.1" and "::1" back to "localhost" [0].
This works because nscd (or rather the nss-files module) returns the
first matching row from /etc/hosts (and ignores the rest).

The FQDN and hostname entries are appended later to /etc/hosts, e.g.:
127.0.0.2 nixos-unstable.test.tld nixos-unstable
::1 nixos-unstable.test.tld nixos-unstable
Note: We use 127.0.0.2 here to follow nss-myhostname (systemd) as close
as possible. This has the advantage that 127.0.0.2 can be resolved back
to the FQDN but also the drawback that applications that only listen to
127.0.0.1 (and not additionally ::1) cannot be reached via the FQDN.
If you would like this to work you can use the following configuration:
```nix
networking.hosts."127.0.0.1" = [
  "${config.networking.hostName}.${config.networking.domain}"
  config.networking.hostName
];
```

Therefore gethostbyname() resolves "nixos-unstable" to the FQDN
(canonical name): "nixos-unstable.test.tld".

Advantages over the previous behaviour:
- The FQDN will now also be resolved correctly (the entry was missing).
- E.g. the command "hostname --fqdn" will now work as expected.
Drawbacks:
- Overrides entries form the DNS (an issue if e.g. $FQDN should resolve
  to the public IP address instead of 127.0.0.1)
  - Note: This was already partly an issue as there's an entry for
    $HOSTNAME (without the domain part) that resolves to
    127.0.1.1 (!= 127.0.0.1).
- Unknown (could potentially cause other unexpected issues, but special
  care was taken).

[0]: Some applications do apparently depend on this behaviour (see
c578924) and this is typically the expected behaviour.

Co-authored-by: Florian Klink <flokli@flokli.de>
2020-05-25 14:06:25 +02:00
zowoq
f4852591c1
nixos/zram: make zstd the default (#87917) 2020-05-21 21:30:03 +03:00
Florian Klink
ea462c742e nixos/resolvconf: always run systemctl of the currently running systemd 2020-05-21 10:29:22 +02:00
Florian Klink
783f40bb70 nixos/power-management: always run systemctl of the currently running systemd 2020-05-21 10:28:29 +02:00
Florian Klink
23ba506113 nixos/nsswitch: improve error message
Show the config option triggering the assertion, so people don't
necessary lookup the nixpkgs source code.
2020-05-11 16:14:51 +02:00
Florian Klink
1df38e2a1d nixos/nsswitch: update comment next to assertion 2020-05-11 16:14:51 +02:00
Florian Klink
1fb6c37597 nixos/samba: move nss database configuration into samba module 2020-05-11 16:14:50 +02:00
Florian Klink
fd21793de6 nixos/avahi: move nss database configuration into avahi module 2020-05-11 16:14:50 +02:00
Florian Klink
4f9c8ef791 nixos/ldap: move nss database configuration into ldap module
now that passwdArray and shadowArray aren't used anymore, these can be
folded.
2020-05-11 16:14:50 +02:00
Florian Klink
c0995d22ee nixos/systemd: move NSS module logic to systemd module
We keep the conditional on only adding if nscd is enabled for now.
2020-05-05 15:59:30 +02:00
Florian Klink
7426bec45e nixos/systemd/resolved: add resolve to nss hosts database if enabled
We keep the "only add the nss module if nscd is enabled" logic for now.

The assertion never was triggered, so it can be removed.
2020-05-05 15:59:30 +02:00
Florian Klink
4b71b6f8fa nixos/google-oslogin: Move nsswitch config into the module
Motivation: #86350
2020-04-30 17:51:13 +02:00
Florian Klink
c01ac3ed12
Merge pull request #85998 from helsinki-systems/make-nsswitch-more-flexible
nixos/nsswitch: Make databases more configurable
2020-04-29 01:28:33 +02:00
Janne Heß
edddc7c82a
nixos/sss: Move nsswitch config into the module 2020-04-28 17:02:46 +02:00
Dominik Xaver Hörl
c10d82358f treewide: add types to boolean / enable options or make use of mkEnableOption 2020-04-27 09:32:01 +02:00
Janne Heß
bc2a4b341a
nixos/nsswitch: Make databases more configurable
Instead of hardcoding all nss modules that are added into nsswitch,
there are now options exposed.
This allows users to add own nss modules (I had this issue with
winbindd, for example).
Also, nss modules could be moved to their NixOS modules which would
make the nsswitch module slimmer.

As the lists are now handled by the modules system, we can use mkOrder
to ensure a proper order as well as mkForce to override one specific
database type instead of the entire file.
2020-04-26 03:16:57 +02:00
Pavol Rusnak
8a67595636
nixos/system-path: add zstd 2020-04-24 18:34:11 +02:00
worldofpeace
90e16f7ed6
Merge pull request #84242 from gnidorah/qt
nixos/qt5: support adwaita-dark theme
2020-04-24 08:47:21 -04:00
Matthew Bauer
7cc40e15e4 treewide/nixos: use stdenv.cc.libc instead of glibc when available
This prevents duplication in cross-compiled nixos machines. The
bootstrapped glibc differs from the natively compiled one, so we get
two glibc’s in the closure. To reduce closure size, just use
stdenv.cc.libc where available.
2020-04-06 16:36:27 -04:00
Matthew Bauer
8a5059e1cc fontconfig: only generate cache on native compilation
We can’t cross-compile the cache, so just skip it for now.
2020-04-06 16:36:22 -04:00
gnidorah
a6580c3164 nixos/qt5: support adwaita-dark theme 2020-04-05 08:38:08 +03:00
Frederik Rietdijk
92124ed660 Merge master into staging-next 2020-04-03 21:54:40 +02:00
worldofpeace
b0ac19e050 nixos: add freedesktop/gnome/myself maintainers 2020-04-01 20:53:09 -04:00
Matthew Bauer
67b0ddf3f3 Merge remote-tracking branch 'origin/staging' into mb-cross-fixes-march-2020 2020-03-16 14:34:03 -04:00
Silvan Mosberger
ec6e4db6e4
nixos/networking: Add hostFiles option
When blocklists are built with a derivation, using extraHosts would
require IFD, since the result of the derivation needs to be converted to
a string again.

By introducing this option no IFD is needed for such use-cases, since
the fetched files can be assigned directly.
2020-03-07 01:53:31 +01:00
Matthew Bauer
1265615594 gtk-icon-cache: get native gtk3 for icon cache 2020-03-06 00:45:48 -05:00
Martin Milata
d85c885dc4 nixos: add /share/hunspell to environment.pathsToLink
So that applications can find hunspell dictionaries installed through
environment.systemPackages.
2020-02-17 03:35:06 +01:00
Michele Guerini Rocco
48704fbd4f
Merge pull request #71302 from tokudan/encrypted-swap-entropy-fix
rngd: Start early during boot and encrypted swap entropy fix
2020-02-12 01:28:03 +01:00
worldofpeace
09f7e376c2
Merge pull request #79416 from jtojnar/flatpak-1.6
flatpak: 1.4.2 → 1.6.1
2020-02-10 12:57:19 -05:00
Jan Tojnar
f1aa8416d7 xdg-desktop-portal: 1.4.2 → 1.6.0
* https://github.com/flatpak/xdg-desktop-portal/releases/tag/1.6.0
* https://github.com/flatpak/xdg-desktop-portal/releases/tag/1.5.4
* https://github.com/flatpak/xdg-desktop-portal/releases/tag/1.5.3
* https://github.com/flatpak/xdg-desktop-portal/releases/tag/1.5.2
* https://github.com/flatpak/xdg-desktop-portal/releases/tag/1.5.1
* https://github.com/flatpak/xdg-desktop-portal/releases/tag/1.5.0
2020-02-10 12:55:25 -05:00
Daniel Frank
1ac86e14c7
swap: depend on rngd if enabled and randomEncryption is configured to
avoid entropy starvation during boot
2020-02-08 12:26:09 +01:00
Spencer Janssen
3b70d0f6d1 nixos/pulseaudio: Enable udev rules 2020-02-07 15:54:35 -06:00
Silvan Mosberger
97ff64e351
nixos/resolvconf: Remove useHostResolvConf option
Never had any effect
2020-02-05 00:28:32 +01:00
Aaron Andersen
28bedc5f11 nixos/ldap: add CAP_SYS_RESOURCE capability to nslcd service 2020-01-31 10:12:41 -05:00
Aaron Andersen
90c96ec31d nixos/ldap: remove redundant configuration options 2020-01-31 09:55:33 -05:00
rnhmjoj
1d61efb7f1 treewide: use attrs instead of list for types.loaOf options 2020-01-06 10:39:18 -05:00
Robert Hensing
71358c4f1e swapDevices.<name>.device can be a swap file. 2019-12-28 20:00:50 +01:00
rnhmjoj
a35b12ed21
nixos/console: set colors using kernel parameters
This commit changes the console colors implementation
to use the kernel parameters instead of relying on terminal
escape sequences. This means the palette is applied by the
kernel itself with no custom code running in the initrd
and works for all virtual terminals (not only tty0).
2019-12-20 00:27:35 +01:00
rnhmjoj
c9276c1b52
nixos: unify virtual console options
This commit moves all the virtual console related options
to a dedicated config/console.nix NixOS module.

Currently most of these are defined in config/i18n.nix
with a "console" prefix like `i18n.consoleFont`,
`i18n.consoleColors` or under `boot` and are implemented
in tasks/kbd.nix.
Since they have little to do with actual internationalisation
and are (informally) in an attrset already, it makes sense to
move them to a specific module.
2019-12-20 00:27:34 +01:00
Silvan Mosberger
4ee3e8b21d
nixos/treewide: Move rename.nix imports to their respective modules
A centralized list for these renames is not good because:
- It breaks disabledModules for modules that have a rename defined
- Adding/removing renames for a module means having to find them in the
central file
- Merge conflicts due to multiple people editing the central file
2019-12-10 02:51:19 +01:00
Christian Kauhaus
918c2ca01a Remove networking.hostConf option
This PR is part of the networking.* namespace cleanup. We feel that
networking.hostConf is rarely used and provides little value compared to
using environment.etc."host.conf" directly.

Provide sensible default: multi on
2019-11-29 12:08:34 +01:00
Andreas Rammhold
a06529b7ad
nixos: default environment.homeBinInPath to false
This is a more sane default since we do not magically (without opt-in)
pull in binaries from `~/bin`. That is not really an expected behavior
for many users. Users that still want that behavior can now just flip
that switch.
2019-11-26 12:44:12 +01:00
Christian Kauhaus
3ea442ca94 networking.vpnc: remove option
This PR is part of the networking.* namespace cleanup.

The Cisco VPN module is currently of limited value since it just creates
config files but does not manage services. The same functionality can be
achieved by using _environment.etc_ instead.

It would be a different situation if we had a full service module. So if
you are annoyed by this change, please consider write a more featureful
module and put its options unter _services.networking.vpnc_.

Note that this change removes options for *Cisco VPN*, not
*networkmanager-vpn*.
2019-11-24 14:03:29 +01:00
IDF31
61cd421c75 nixos/qt5: use correct qtstyleplugins attribute 2019-11-21 10:10:50 -05:00
worldofpeace
6783fdd561
Merge pull request #71416 from worldofpeace/gnome3-sound-theme
nixos/gnome3: add sound-theme-freedesktop
2019-11-09 21:33:49 +00:00
worldofpeace
070fbc350c nixos/fontconfig-ultimate: remove
This module has been obsolete for several years now.
2019-11-06 12:02:35 -05:00
worldofpeace
3485204442 nixos/corefonts: remove
4 years ago in 7edb27b7af the option was made
hidden. We should just remove the module and use mkRemovedOptionModule.
2019-11-06 02:47:00 -05:00
worldofpeace
4e2161f9ed nixos/xdg/sounds: add sound-theme-freedesktop 2019-11-03 10:19:26 -05:00
Andreas Rammhold
5d5b1405a7
Merge pull request #68483 from chkno/optional-home-bin-in-path
nixos/shells-environment: Make ~/bin/ in $PATH optional
2019-11-02 14:27:24 +01:00
adisbladis
3af4f88acd
nixos.pulseaudio: Remove bad recommendation to use pulseaudio in system-wide mode
Upstream Pulseaudio has always stated that system-wide is not
recommended and comes with a number of usability and security drawbacks.
2019-10-30 16:00:08 +00:00
Silvan Mosberger
de357d5781
Merge pull request #65698 from Infinisil/system-users
Increase the system user id range
2019-10-27 10:41:39 +01:00
WilliButz
509fadd01a
nixos/i18n: use str instead of string for consoleKeyMap 2019-10-26 00:07:55 +02:00
Frederik Rietdijk
32389de159 Merge master into staging-next 2019-10-24 08:27:04 +02:00
Drew
6445a7cf7d users-groups: fix typo
Fix typo in the ``users.users.<name>.packages`` option description.
2019-10-23 20:49:15 +02:00
Franz Pletz
cb0adc11ff pinentry: build with multiple outputs in single drv
Co-authored-by: Florian Klink <flokli@flokli.de>
Co-authored-by: worldofpeace <worldofpeace@protonmail.ch>
2019-10-16 20:30:52 -04:00
worldofpeace
2fbccbc728 Revert "Merge pull request #71095 from flokli/pinentry-cleanup"
This reverts commit 823da4d492, reversing
changes made to b75c8ee3bc.
2019-10-16 20:28:21 -04:00
Franz Pletz
a4916fdea5 pinentry: build with multiple outputs in single drv
Co-authored-by: Florian Klink <flokli@flokli.de>
Co-authored-by: worldofpeace <worldofpeace@protonmail.ch>
2019-10-16 19:56:49 -04:00
Tor Hedin Brønner
2c7f0f06b7
nixos/system-environment: prepend wrapperDir to PATH (#70430)
This fixes user environment setup for sessions which doesn't successfully go
through a shell init.

Note we don't go through `sessionVariables` as we want the wrappers to have
highest priority. It would also cause wrapperDir to occur twice when in shell
sessions, as shells use `sessionVariables` too while prepending wrapperDir in a
custom snippet.

In particular logging in and out of gnome-shell could result in a broken path
without this fix.
2019-10-15 13:17:38 +02:00
Silvan Mosberger
23d920c8f0
nixos/users: Increase maximum system uid/gid from 499 to 999
This enlarges the system uid/gid range 6-fold, from 100 to 600 ids. This
is a preventative measure against running out of dynamically allocated
ids for NixOS services with isSystemUser, which should become the
preferred way of allocating uids for non-real users.
2019-10-14 01:59:19 +02:00
worldofpeace
361b5f7f65 nixos/pulseaudio: don't autospawn ever
This is long been superseded by socket activation.
Additonally using autospawn nudges some unpleasant
GDM related issues.
2019-10-11 21:41:15 -04:00
Haemin Yoo
8fc5984e83
Fix documentation typo 2019-10-09 19:43:12 +09:00
worldofpeace
57481b7a1c nixos/system-environment: use pam syntax for home variable 2019-10-05 09:43:47 -04:00
Michael Peyton Jones
d8b9742deb nixos/system-environment: fix syntax for environment variables
`@` synax is for `PAM_ITEM`s, `HOME` needs to use `$`.
2019-10-01 21:19:04 -04:00
Michael Peyton Jones
9d61ddaf82 nixos/system-environment: replace env vars in values of variables too
We were only replacing them in the profiles. We also need to do this in
the values of variables, including both the session-relative variables
and the non-session-relative variables.
2019-10-01 21:18:54 -04:00
Jörg Thalheim
46dfb2d090
nixos/sysctl: reduce prio of "kernel.kptr_restrict" to mkDefault
Users should be able to override this value without having to use mkForce.
2019-09-26 10:09:31 +01:00
worldofpeace
b3f4ce351e nixos/xdg/icons: match XCURSOR_PATH spec 2019-09-18 13:03:14 -04:00
worldofpeace
df56adac53 nixos/xdg/icons: use profileRelativeSessionVariables 2019-09-18 11:13:42 -04:00
worldofpeace
671404509b nixos/terminfo: use profileRelativeSessionVariables 2019-09-18 11:13:42 -04:00
Robert Helgesson
866cc3e792 nixos/system-environment: introduce environment.profileRelativeSessionVariables
There is a need for having sessionVariables set relative to the Nix Profiles.
Such as in #68383.
2019-09-18 11:09:43 -04:00
Chuck
b6c97cadc2 nixos/shells-environment: Make ~/bin/ in $PATH optional 2019-09-12 06:35:37 -07:00
Matthew Bauer
c270c0ce6a
Merge pull request #67795 from matthewbauer/remove-hidden-bins
nixos/system-path: remove wrappers from system-path
2019-09-09 12:26:55 -04:00
Matthew Bauer
54d039f8f4 nixos/system-path: remove wrappers from system-path
Remove .*-wrapped files from system-path. These files aren’t needed in
the path for users.
2019-09-09 12:26:20 -04:00
volth
7b8fb5c06c treewide: remove redundant quotes 2019-09-08 23:38:31 +00:00
Jan Tojnar
cdf426488b
Merge branch 'master' into staging-next
Fixed trivial conflicts caused by removing rec.
2019-09-06 03:20:09 +02:00
Jan Tojnar
72e7d569a7
tree-wide: s/GTK+/GTK/g
GTK was renamed.
2019-09-06 02:54:53 +02:00
Vladimír Čunát
f21211ebfe
Merge branch 'master' into staging 2019-09-02 23:25:24 +02:00
Jan Tojnar
eafe887671 nixos/fonts.enableDefaultFonts: add Noto Emoji
These days, emoji are ubiqitous so we need to add emoji font.
2019-09-01 00:09:25 -04:00
Jan Tojnar
b31c7e527e nixos/fontconfig: Allow setting default emoji font
In fontconfig’s 60-generic.conf, order of preference is estabilished for emoji
font family. Because fontconfig parses the config files in lexicographic order,
appending each <prefer> from <alias> element to the family’s prefer list
(to be prepended before the family) [1], our font family defaults stored
in 52-nixos-default-fonts.conf will take precedence. That is, of course, unless
the default „weak“ binding [2] is used. Emoji family binds strongly [3],
so we need to set binding to “same” for our <alias>es to be considered before
the ones from 60-generic.conf.

By default, we will set the option to all emoji fonts supported by fontconfig,
so that emoji works for user if they have at least one emoji font installed.
If they have multiple emoji fonts installed, we will use the fontconfig’s
order of preference [4].

[1]: https://github.com/bohoomil/fontconfig-ultimate/issues/51#issuecomment-64678322
[2]: https://www.freedesktop.org/software/fontconfig/fontconfig-user.html#AEN25
[3]: cc8442dec8
[4]: c41c922018
2019-09-01 00:09:25 -04:00
Silvan Mosberger
478e7184f8
nixos/modules: Remove all usages of types.string
And replace them with a more appropriate type

Also fix up some minor module problems along the way
2019-08-31 18:19:00 +02:00
Frederik Rietdijk
ad1d58c622 Merge staging-next into staging 2019-08-31 10:04:20 +02:00
worldofpeace
0d220e4ed6 nixos/fontconfig-penultimate: disable by default
It currently lacks an emoji font-family which means it has to be
disabled for them to function [0].  Additionally it's fallen out of
necessity to ship custom font rendering settings (as far as I'm aware
of).

[0]: https://github.com/NixOS/nixpkgs/pull/67215
2019-08-30 19:50:30 -04:00
volth
08f68313a4 treewide: remove redundant rec 2019-08-28 11:07:32 +00:00
Frederik Rietdijk
5061fe0c2c Merge staging-next into staging 2019-08-28 08:26:42 +02:00
volth
35d68ef143 treewide: remove redundant quotes 2019-08-26 21:40:19 +00:00
Matthew Bauer
fc565c1b9d nixos/update-users-groups.pl: chomp hashedPassword
We don’t want any trailing whitespace, otherwise we mess up the
formating of the shadow file. Some things like readFile may have the
trailing new line.

Fixes #66745
2019-08-25 23:42:31 -04:00
worldofpeace
9d5f1eb581 nixos/vte: ensure bash vte snippet appears first
Fixes #67312
2019-08-23 10:11:48 -04:00
worldofpeace
4ba10fbbfd
Merge pull request #66990 from worldofpeace/gnome-vte-config
nixos/gnome-terminal: init
2019-08-21 16:17:05 -04:00
worldofpeace
79dd78b911 nixos/vte: init
This module correctly includes the vte.sh script
required for vte terminals like gnome-terminal to show the
CWD in the window title and preserved across instances.

This is achieved with the options:
* programs.bash.vteIntegration
* programs.zsh.vteIntegration

as it's best to keep this configuration unguarded by gnome3.enable
to support other vte terminals (such as elementary-terminal).
Note the distinction between Zsh and Bash doesn't include
a different script, as this script only supports those two shells.
2019-08-21 16:16:04 -04:00
Jan Tojnar
d736138b00
Merge pull request #67071 from jtojnar/fontconfig-harmonization
nixos/fontconfig: harmonize with penultimate
2019-08-21 17:44:30 +02:00
worldofpeace
1d0d69a214 nixos/qt5: init
This moduule has the following options:
* platformTheme
* style

This allows us to configure the Qt5 theme engine and style.
2019-08-20 12:24:55 -04:00
Jan Tojnar
67367587eb
nixos/fontconfig: harmonize comments 2019-08-20 13:59:28 +02:00
Jan Tojnar
e7dc9d0b90
nixos/fontconfig: harmonize file names 2019-08-20 13:57:46 +02:00
Jan Tojnar
0d4fc97686
nixos/fontconfig: harmonize folder variables 2019-08-20 13:56:00 +02:00
Jan Tojnar
be2cf1f093
nixos/fontconfig: harmonize indentation 2019-08-20 13:54:18 +02:00
Jan Tojnar
1a3f604de3
nixos/fontconfig-penultimate: reorder
to be more in line with fontconfig.nix
2019-08-20 13:50:52 +02:00
Florian Klink
9be0327a49 nixos/systemd: install sysctl snippets
systemd provides two sysctl snippets, 50-coredump.conf and
50-default.conf.

These enable:
 - Loose reverse path filtering
 - Source route filtering
 - `fq_codel` as a packet scheduler (this helps to fight bufferbloat)

This also configures the kernel to pass coredumps to `systemd-coredump`.
These sysctl snippets can be found in `/etc/sysctl.d/50-*.conf`,
and overridden via `boot.kernel.sysctl`
(which will place the parameters in `/etc/sysctl.d/60-nixos.conf`.

Let's start using these, like other distros already do for quite some
time, and remove those duplicate `boot.kernel.sysctl` options we
previously did set.

In the case of rp_filter (which systemd would set to 2 (loose)), make
our overrides to "1" more explicit.
2019-08-18 17:54:26 +02:00
Florian Klink
e5965bd489 nixos/sysctl: rename /etc/sysctl.d/nixos.conf -> 60-nixos.conf
sysctl.d(5) recommends prefixing all filenames in /etc/sysctl.d with a
two-digit number and a dash, to simplify the ordering of the files.

Some packages provide custom files, often with "50-" prefix.
To ensure user-supplied configuration takes precedence over the one
specified via `boot.kernel.sysctl`, prefix the file generated there with
"60-".
2019-08-18 17:54:26 +02:00