Commit graph

8086 commits

Author SHA1 Message Date
Andreas Rammhold
7ae9699e1c
Merge pull request #34759 from dotlambda/dovecot
nixos/dovecot: no " in mailbox.name
2018-02-09 12:43:03 +01:00
Robert Schütz
6ceece6b59 nixos/dovecot: no " in mailbox.name 2018-02-09 12:20:55 +01:00
Hamish
3a2b0cdf5c nixos/traefik: make group configurable for docker support (#34749) 2018-02-09 09:37:29 +00:00
Brian Olsen
908fc5e14b
nixos/rspamd: options for worker configuration and socket activation 2018-02-09 06:19:03 +01:00
Florian Baumann
7e76b127cd
Multiple users with hashedPassword is broken in mosquitto
If you have more than 1 User with hasedPassword Option set it generates 

```
rm -f /var/lib/mosquitto/passwd
touch /var/lib/mosquitto/passwd
echo 'user1:$6$xxx' > /var/lib/mosquitto/passwd
echo 'user2:$6$xxx' > /var/lib/mosquitto/passwd
```

Which ends up in only having 1 user.
2018-02-08 22:46:06 +01:00
Joachim F
65e6fbf2b5
Merge pull request #34690 from dotlambda/tor
nixos/tor: add hiddenServices.<name>.authorizeClient
2018-02-08 17:08:44 +00:00
Eric Bailey
6b45dbd99c services.mysql: properly quote database.name 2018-02-08 17:32:41 +01:00
Eelco Dolstra
6bc889205a
sshd: Remove UsePrivilegeSeparation option
This option is deprecated, see https://www.openssh.com/txt/release-7.5.
2018-02-08 13:32:55 +01:00
Frederik Rietdijk
c0f6aac818
Merge pull request #34574 from dotlambda/home-assistant
nixos/home-assistant: support platform=... scheme for autoExtraComponents
2018-02-08 10:53:35 +00:00
Jörg Thalheim
b6bcba6537 nixos/zfs: fix typo in enableLegacyCrypto description 2018-02-08 10:24:47 +00:00
Robert Schütz
355de06fe4 nixos/tor: add hiddenServices.<name>.authorizeClient 2018-02-08 10:02:22 +01:00
sjau
0d65e2e0e5 zfs: add migration path for new crypto format
fixes #34559
2018-02-07 20:46:16 +00:00
Eelco Dolstra
847ea13be3
Doh 2018-02-07 19:47:03 +01:00
Eelco Dolstra
0f5d5970b2
nixos-prepare-root: Remove
This is no longer needed thanks to Nix 2.0 magic.
2018-02-07 19:39:14 +01:00
Eelco Dolstra
5d8860b919
nixos-install: Accept --substituters
This is useful in tests where we don't have network access. Passing
--substituters "" prevents wasting time by checking cache.nixos.org.
2018-02-07 19:39:13 +01:00
Eelco Dolstra
598a3f5b30
nixos-install: Create /etc 2018-02-07 19:10:13 +01:00
Eelco Dolstra
6daad9b3c5
nixos-install: Fix --closure 2018-02-07 18:22:05 +01:00
Eelco Dolstra
da702a4034
nixos-enter: Don't require root
Of course, you'll get a bunch of warnings from the activation script:

  $ nixos-enter --root /tmp/mnt/
  setting up /etc...
  mount: /dev: permission denied.
  mount: /dev/pts: permission denied.
  mount: /dev/shm: permission denied.
  mount: /sys: permission denied.
  /nix/var/nix/profiles/system/activate: line 74: /proc/sys/kernel/modprobe: Permission denied
  chown: changing ownership of '/run/wrappers/wrappers.0pKlU8JsvV/dbus-daemon-launch-helper': Invalid argument
  NOTE: Under Linux, effective file capabilities must either be empty, or
        exactly match the union of selected permitted and inheritable bits.
  Failed to set capabilities on file `/run/wrappers/wrappers.0pKlU8JsvV/ping' (Operation not permitted)
  chown: changing ownership of '/run/wrappers/wrappers.0pKlU8JsvV/unix_chkpwd': Invalid argument

  [root@nixos:/]#
2018-02-07 17:59:04 +01:00
Eelco Dolstra
16bdaf3d03
Remove creation of /dev/{fd,stdin,stdout,stderr}
This is already provided by devtmpfs.
2018-02-07 17:58:21 +01:00
Eelco Dolstra
bb030ece3b
nixos-enter: Check whether --root denotes a NixOS installation 2018-02-07 17:23:05 +01:00
Eelco Dolstra
f0979ca30e
nixos-install: Don't require root
E.g.

  nixos-install --root /tmp/mnt/ --no-bootloader --no-root-passwd

now works for non-root users.
2018-02-07 17:20:26 +01:00
Eelco Dolstra
df117acab7
ISO images: Initialize the Nix database with correct NAR hashes/sizes
The boot test now runs "nix verify" to ensure that all hashes are
correct.
2018-02-07 16:54:23 +01:00
rnhmjoj
5118b86800 nixos/monero: init 2018-02-07 08:04:36 -05:00
Tuomas Tynkkynen
a008a9cb3b nixos/sd-image-armv7l-multiplatform: Port RPi config.txt changes from aarch64 image
As was done in commit cd2e740dde.
2018-02-07 06:30:34 +02:00
Matthieu Coudron
fe4f4de1c9 strongswan module: make it work with ipsec l2tp
l2tp saves its secrets into /etc/ipsec.d but strongswan would not read
them. l2tp checks for /etc/ipsec.secrets includes /etc/ipsec.d and if
not tries to write into it.

Solution:
Have the strongswan module create /etc/ipsec.d and /etc/ipsec.secrets
when networkmanager_l2tp is installed.
Include /etc/ipsec.secrets in
/nix/store/hash-strongswan/etc/ipsec.secrets so that it can find l2tp
secrets.

Also when the ppp 'nopeerdns' option is used, the DNS resolver tries to
write into an alternate file /etc/ppp/resolv.conf. This fails when
/etc/ppp does not exist so the module creates it by default.
2018-02-07 13:21:49 +09:00
Robert Schütz
b5ecdfa977 nixos/acme: Fix xml (#34683) 2018-02-06 23:27:28 +00:00
Joachim Schiele
edeacd00ad security.acme: default name value via module system (#34388) 2018-02-06 21:08:57 +00:00
Joachim F
97ab8d8981
Merge pull request #17106 from spacefrogg/openafs
openafs: Refactor and introduce server module
2018-02-06 14:43:55 +00:00
Markus Hauck
77218de812 zookeeper.service: option for package and add to environment 2018-02-06 09:59:01 +01:00
Eelco Dolstra
cc0caac098
Move creation of /root to the activation script
...so it appears in a new installation before rebooting the system.
2018-02-05 22:12:18 +01:00
Eelco Dolstra
f9e64dbe76
nixos-enter: Don't mount special filesystems
The activation script already does this.
2018-02-05 21:05:02 +01:00
Eelco Dolstra
1346923ffa
modprobe activation: Order after specialfs
It requires the existence of /proc.
2018-02-05 21:04:40 +01:00
Eelco Dolstra
e88f28965a
nixos-install: Make compatible with Nix 2.0
The use of Nix 2.0 significantly simplifies the installer, since we
can just pass a different store URI (--store /mnt) - it's no longer
needed to set up a chroot environment for the build, and to bootstrap
Nix into the chroot.

Also, commands that need to run in the installation (namely boot
loader installation and setting a root password) are now executed
using nixos-enter.

This also removes the need for nixos-prepare-root since any required
initialisation is done by Nix or by the activation script.
2018-02-05 19:50:36 +01:00
Eelco Dolstra
60cb23001a
Add a "nixos-enter" command
This factors out the functionality in nixos-install for running a
command inside a NixOS installation (nixos-install --chroot).
2018-02-05 19:41:54 +01:00
Philipp Dörfler
35441b52d9
Wrapped ${mailbox.name} in "s to allow for space in mailbox names. 2018-02-05 17:06:49 +01:00
Frederik Rietdijk
ba34a70086
Merge pull request #33866 from yesbox/fix_newgrp
nixos: sg/newgrp should always be available, not chfn
2018-02-05 10:47:23 +00:00
David McFarland
fbba0d0ee5 matrix-synapse: default server_name to hostname 2018-02-04 21:22:55 -04:00
David McFarland
a4b7de74a5 matrix-synapse: default to postgresql on 18.03 2018-02-04 21:22:55 -04:00
David McFarland
1472fa8685 matrix-synapse: create and connect to local postgresql db 2018-02-04 21:22:54 -04:00
Thomas Tuegel
4688dd0cf5
Merge pull request #34526 from ttuegel/bugfix/plasma-integration/font-style
plasma-integration: Fix font style name bug with Qt >= 5.8
2018-02-04 17:41:50 -06:00
Sarah Brofeldt
bf58890a5a nixos/k8s: Enable Node authorizer and NodeRestriction by default 2018-02-04 21:23:36 +01:00
Thomas Tuegel
77a607aa88
nixos/plasma5: Fix font style names in kdeglobals 2018-02-04 13:31:04 -06:00
Robert Schütz
59eb19224b nixos/home-assistant: support platform=... scheme for autoExtraComponents
See https://home-assistant.io/components/sensor.luftdaten/ for an example component using that scheme.
2018-02-04 11:09:55 +01:00
Vladimír Čunát
dd57c63793
Merge branch 'staging'
There are some Darwin regressions and a mysterious Lisp issue,
but also a security update of curl...
2018-02-03 10:56:07 +01:00
Vladimír Čunát
84fb5c6a0d
nixos/availableKernelModules: add a keyboard module
Non-working keyboards during boot are quite a problem; see:
https://github.com/NixOS/nixpkgs/pull/33529#issuecomment-361164997
2018-02-03 10:46:53 +01:00
adisbladis
7ebb82e04f
home-assistant: Fix incorrect xml closing tag 2018-02-03 16:54:02 +08:00
Frederik Rietdijk
55e0f12761 Merge remote-tracking branch 'upstream/master' into HEAD 2018-02-03 09:48:42 +01:00
Frederik Rietdijk
db58049f75
Merge pull request #34494 from dotlambda/home-assistant
home-assistant: compute extraComponents from config
2018-02-03 08:01:50 +00:00
Tuomas Tynkkynen
10c8e6d0c5 Merge remote-tracking branch 'upstream/master' into staging 2018-02-03 02:50:21 +02:00
Jörg Thalheim
a4170403e6
Merge pull request #33897 from rnhmjoj/digits
Avoid package attributes starting with a digit
2018-02-02 19:30:23 +00:00
Michael Raitza
d0ebdbd308 nixos/openafsServer: OpenAFS server nixos module 2018-02-02 16:43:44 +01:00
Shea Levy
43f647e5b4
Merge branch 'dynamic-function-args' 2018-02-02 09:41:16 -05:00
Vladimír Čunát
bbfca0f371
knot-resolver: 1.5.3 -> 2.0.0 (feature update)
Also split extraFeatures into a wrapper derivation.
So far, no changes like user renaming nor systemd unit rework.
2018-02-02 15:26:36 +01:00
Silvan Mosberger
cfd22b733b
physlock: add allowAnyUser option 2018-02-02 14:03:00 +01:00
Robert Schütz
78c2ca326e home-assistant: compute extraComponents from config 2018-02-02 09:48:50 +01:00
Jan Tojnar
dfe7a54d19
nixos/pipewire: init 2018-02-01 22:40:51 +01:00
Michael Raitza
ce74e1cc36 nixos/openafsClient: Extend client service functionality
Add a lot of options to the client to make it more usable and compatible
with the OpenAFS server module.
2018-02-01 16:35:24 +01:00
Michael Raitza
c389d705f3 nixos/openafsClient: relocate nixos module 2018-02-01 16:35:18 +01:00
rnhmjoj
1fec496f38
nixos/networking-interfaces: add preferTempAddress option 2018-02-01 13:14:09 +01:00
Jörg Thalheim
57d72d4140
Merge pull request #34442 from rnhmjoj/virtual
Fix virtualType for network-interfaces-scripted
2018-02-01 10:35:13 +00:00
rnhmjoj
e28ecd5528
fix 2018-02-01 10:51:35 +01:00
Frederik Rietdijk
d30735f889
Merge pull request #34188 from dotlambda/home-assistant
home-assistant: init at 0.62.1
2018-02-01 08:44:48 +00:00
Vladimír Čunát
2fb4606f38
Merge branch 'master' into staging
Haskell rebuild.
Hydra: ?compare=1430378
2018-02-01 09:36:23 +01:00
Eelco Dolstra
700e21d6da nix-daemon.nix: Updates for Nix 2.0
* The environment variables NIX_CONF_DIR, NIX_BUILD_HOOK and
  NIX_REMOTE are no longer needed.

* A /bin/sh (from busybox) is provided by default in sandboxes.

* Various options were renamed.
2018-01-31 22:26:05 +01:00
WilliButz
c2fa5f1729
nixos/xautolock: fix default defaults/examples, add assertions
see issue #34371
2018-01-31 21:43:23 +01:00
Shea Levy
943592f698
Add setFunctionArgs lib function.
Among other things, this will allow *2nix tools to output plain data
while still being composable with the traditional
callPackage/.override interfaces.
2018-01-31 14:02:19 -05:00
Robert Schütz
bacbc48cfe home-assistant: add NixOS module 2018-01-31 12:30:31 +01:00
rnhmjoj
46c158a32f
nixos/networking-interfaces: set default value for virtualType 2018-01-31 05:51:09 +01:00
Peter Hoeg
dc52fc6dda aria2 (nixos): actually load the module
Fixes #33991
2018-01-31 09:42:03 +08:00
Vladimír Čunát
c9171e5a4c
Merge branch 'master' into staging
Hydra: ?compare=1430035
2018-01-30 19:51:33 +01:00
Tuomas Tynkkynen
71631a922b runInLinuxVM: Use QEMU command line that works on other architectures
... by moving the existing definition to qemu-flags.nix and reusing
that.
2018-01-30 16:57:27 +02:00
Tuomas Tynkkynen
8e83158f12 nixos/qemu: Deduplicate QEMU serialDevice into qemu-flags.nix 2018-01-30 16:57:27 +02:00
Robert Hensing
f2a45a47d4 nixos: Add nixpkgs.pkgs option
This lets the user set pkgs directly, so that it can be injected
externally and be reused among evaluations of NixOS.
2018-01-30 12:57:03 +01:00
Jörg Thalheim
add22af095
Merge pull request #34381 from JohnAZoidberg/less
nixos/less configure less with module
2018-01-30 10:41:39 +00:00
Daniel Schaefer
288898d6f1 nixos/less: use lesspipe package for preprocessing
Rather than a custom script the less config now uses the lesspipe
package config by default.
2018-01-29 22:08:32 +07:00
gnidorah
7b2482ea54 modules/nvidia-optimus: fix module blacklisting 2018-01-29 15:46:15 +03:00
Daniel Schaefer
192c2330d0 nixos/less configure less with module 2018-01-29 18:40:22 +07:00
Jan Tojnar
0f21306ca3
Merge pull request #33900 from jtojnar/nginx-acme
nixos/nginx: allow using existing ACME certificate
2018-01-29 01:38:45 +01:00
Graham Christensen
e2a54266c4
openssh: Build with Kerberos by default
This reverts commit 09696e32c390c232ec7ac506df6457fb93c1f536.
which reverted f596aa0f4a
to move it to staging
2018-01-28 16:36:01 -05:00
Graham Christensen
15a4977409
Revert "openssh: Build with Kerberos by default"
This reverts commit a232dd66ee.

Moving to staging
2018-01-28 16:36:01 -05:00
Aneesh Agrawal
716d1612af
openssh: Build with Kerberos by default
This can be disabled with the `withKerberos` flag if desired.
Make the relevant assertions lazy,
so that if an overlay is used to set kerberos to null,
a later override can explicitly set `withKerberos` to false.

Don't build with GSSAPI by default;
the patchset is large and a bit hairy,
and it is reasonable to follow upstream who has not merged it
in not enabling it by default.
2018-01-28 16:36:00 -05:00
Graham Christensen
f596aa0f4a
Revert "openssh: Build with Kerberos by default"
This reverts commit a232dd66ee.

Moving to staging
2018-01-28 16:32:52 -05:00
Aneesh Agrawal
a232dd66ee
openssh: Build with Kerberos by default
This can be disabled with the `withKerberos` flag if desired.
Make the relevant assertions lazy,
so that if an overlay is used to set kerberos to null,
a later override can explicitly set `withKerberos` to false.

Don't build with GSSAPI by default;
the patchset is large and a bit hairy,
and it is reasonable to follow upstream who has not merged it
in not enabling it by default.
2018-01-28 16:30:46 -05:00
Franz Pletz
36103e9863
nixos/powerManagement: remove duplicate definition
When not set just use the kernel default. `nixos-generate-config` will pick
a reasonable default.

cc #34350
2018-01-28 21:53:07 +01:00
Franz Pletz
50dda062d8
Merge pull request #34350 from Ma27/fix-powermanagement-default
nixos/powerManagement: set `cpuFreqGovernor` with `mkOptionDefault`
2018-01-28 14:46:51 +00:00
Jesper
2b270c1596 nixos/containers: Enable use of the network.useHostResolvConf option (#34354) 2018-01-28 14:42:15 +00:00
Maximilian Bosch
8ed3a90cdf
nixos/powerManagement: set cpuFreqGovernor with mkOptionDefault
`nixos-generate-config` detects the `cpuFreqGovernor` suited best for my
machine, e.g. `powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";`.

However the `powerManagement` module sets a sensitive default for
`cpuFreqGovernor` using `mkDefault` to avoid breackage with older
setups. Since 140ac2f1 the `hardware-configuration.nix` sets the
gorvernor with `mkDefault` as well which causes evaluation errors if the
powermanagement module is enabled:

```
error: The unique option `powerManagement.cpuFreqGovernor' is defined multiple times, in `/home/ma27/Projects/nixos-config/hardware-configuration.nix' and `/nix/var/nix/profiles/per-user/root/channels/nixos/nixpkgs/nixos/modules/config/power-management.nix'.
```

Using `mkOptionDefault` rather than `mkDefault` in the powermanagement
module fixes this issue as it decreases the priority of the module and
prefers the value set in `hardware-configuration.nix`.

I have confirmed the change using the following VM declaration:

```
{
  cpuFreq = { lib, ... }: {
    powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
    powerManagement.enable = true;
  };
}
```
2018-01-28 09:38:45 +01:00
Luke Adams
1537ce9dc7 samba4/sambaMaster: Modify services to align with Samba project usage 2018-01-26 22:37:17 +01:00
Franz Pletz
cb7fe51ee6
nixos/postfix: separate list option elements with commas 2018-01-26 14:10:17 +01:00
Markus Kowalewski
85ca8f121b slurm-spank-x11: init at 0.2.5 2018-01-25 13:58:14 -08:00
WilliButz
9bd7798d9c
nixos/postfix: fix default postfix config
`services.postfix.config` is now correctly merged with the default attrset
specified in the module. Some options that are lists in postfix also
have to be lists in nix to be merged correctly. Other default options are
now set with `mkDefault` so they can be overridden via the module system.
2018-01-24 23:35:28 +01:00
Tuomas Tynkkynen
d02c2d694e nixos/sd-image-*.nix: Bring back high consoleLogLevel
3d040f9305 removed it from installation-device.nix, but the default
loglevel is just too low for ARM and the like.
2018-01-24 18:23:32 +02:00
Tuomas Tynkkynen
cd2e740dde nixos/sd-image-aarch64.nix: Set avoid_warnings in RPi config.txt
Also add some comments on the existing config settings as well.
2018-01-24 18:23:31 +02:00
Michael Raitza
8a77ae81ad openafsClient: rename to openafs 2018-01-24 13:20:47 +01:00
Jörg Thalheim
e45dfded2b
Merge pull request #34052 from volth/patch-86
nixos/libvirtd: add qemu-img to $PATH of the daemon
2018-01-22 14:39:29 +00:00
Tuomas Tynkkynen
95880aaf06 nixos/initrd: Don't include some x86-specific modules unconditionally 2018-01-22 12:53:33 +02:00
Tuomas Tynkkynen
962e79ef32 nixos/make-disk-image.nix: Support EFI images
- Add a new parameter `imageType` that can specify either "efi" or
  "legacy" (the default which should see no change in behaviour by
  this patch).

- EFI images get a GPT partition table (instead of msdos) with a
  mandatory ESP partition (so we add an assert that `partitioned`
  is true).

- Use the partx tool from util-linux to determine exact start + size
  of the root partition. This is required because GPT stores a secondary
  partition table at the end of the disk, so we can't just have
  mkfs.ext4 create the filesystem until the end of the disk.

- (Unrelated to any EFI changes) Since we're depending on the
  `-E offset=X` option to mkfs which is only supported by e2fsprogs,
  disallow any attempts of creating partitioned disk images where
  the root filesystem is not ext4.
2018-01-22 11:18:23 +02:00
Graham Christensen
931a0b8be8
Merge pull request #34128 from teto/doc_simple
Doc: simple precisions
2018-01-21 22:40:36 -05:00
Matthieu Coudron
91648a2f22 environment.variables: give an example 2018-01-22 10:40:23 +09:00
Matthieu Coudron
d9ebd0d35b zsh doc: precise environment.shellAliases 2018-01-22 10:40:23 +09:00
Jörg Thalheim
a1e2f2a339 nixos/initrd-network: fix docbook syntax 2018-01-22 00:01:49 +00:00
Svein Ove Aas
5c5259d68d initrd-network: Document the need for modules 2018-01-21 17:43:41 +00:00
Leon Schuermann
04c4c01089 nixos/stunnel: add module (#33151) 2018-01-21 11:23:07 +00:00
Sarah Brofeldt
ed792d3a45
Merge pull request #33842 from mimadrid/fix/resilio-sync
resilio-sync: fixed typo knownHosts -> entry.knownHosts
2018-01-21 12:11:29 +01:00
Vladimír Čunát
5402412b97
Merge #33600: xfce: cleanup, hyphenate attributes 2018-01-21 09:52:58 +01:00
Jörg Thalheim
dfa6a81a31
Merge pull request #33331 from cransom/netdata-module
netdata service: fix permissions for apps.plugin
2018-01-19 23:19:29 +00:00
volth
c4eb23062e
nixos/libvirtd: add qemu-img to $PATH of the daemon
...because daemon's $PATH does not include "/run/current-system/sw/bin"
2018-01-19 16:28:01 +00:00
Jan Tojnar
d2d1a2dfba
Merge pull request #28882 from jtojnar/chrome-gnome-shell
chrome-gnome-shell: refactor
2018-01-19 13:40:42 +01:00
Leon Schuermann
c61a9dfd2e
sshd: provide option to disable firewall altering 2018-01-18 22:55:28 +08:00
Rob Vermaas
38538f3206
Merge pull request #33423 from AmineChikhaoui/gce-ssh-keys
Fix ssh keys retrieval in GCE instances
2018-01-18 13:06:00 +01:00
Leon Schuermann
f297ddb5c9 sudo: define extra rules in Nix language (#33905) 2018-01-17 14:56:08 +00:00
Roman Kuznetsov
f63604a598
kubernetes-dashboard (module): 1.6.3 -> 1.8.2 2018-01-17 09:01:32 +01:00
Francesco Gazzetta
356eeb0d4f nixos/mighttpd2: init 2018-01-16 21:04:09 +00:00
rnhmjoj
c946c101d6
avoid package attributes starting with a digit 2018-01-16 21:13:16 +01:00
Robin Gloster
9bceb2b353
oh-my-zsh module: reword & fix manual build
docbook interpreted this as a tag and this sounded as if the option
defaulted to putting the cached directory into the nix store.

cc @Ma27 @fpletz
2018-01-16 21:02:54 +01:00
Maximilian Bosch
b55d4c0564 programs.zsh.ohMyZsh: add cacheDir option (#33150)
The default cache directory set by oh-my-zsh is $ohMyZsh/cache which
lives in the Nix store in our case. This causes issues with several
completion plugins provided by oh-my-zsh.
2018-01-16 17:29:46 +00:00
Jörg Thalheim
822c949833
Merge pull request #33915 from lheckemann/remove-amd-hybrid-graphics
amd-hybrid-graphics module: remove
2018-01-16 15:57:37 +00:00
Leon Schuermann
22e83d2667 openvpn: add warning about world-readable credentials 2018-01-16 11:40:16 +07:00
Linus Heckemann
730f8530a8 amd-hybrid-graphics module: remove
This was only applicable to very specific hardware, and the only person
with an apparent interest in maintaining it (me) no longer uses the
hardware in question.
2018-01-15 23:17:12 +00:00
Jan Tojnar
41d252d7a4
nixos/nginx: allow using existing ACME certificate
When a domain has a lot of subdomains, it is quite easy to hit the rate limit:

https://letsencrypt.org/docs/rate-limits/

Instead you can define the certificate manually in `security.acme.certs` and list the subdomains in the `extraDomains` option.
2018-01-15 13:48:45 +01:00
Leon Schuermann
e45a06ebd1 openvpn: add option to store credentials 2018-01-15 14:34:58 +07:00
Jesper Geertsen Jonsson
8c0558dbb2 sg/newgrp should always be available, not chfn
sg and newgrp only changes the current user session and should be
available to users even if the "users.mutableUsers" option is set.
These are common, useful commands.

chfn does modify the /etc/passwd GECOS field which is also controlled
by the option "users.users.<name?>.description", so it's less
appropriate to make it available when "users.mutableUsers" is set.

However, because CHFN_RESTRICT in login.defs is never set in current
NixOS the chfn functionality is never available to users anyway and
may as well have its SUID disabled, as only root is able to use it.
This is recommended in the chfn man page in this case.
2018-01-14 20:54:40 +01:00
Joachim F
b6c696cc6f
Merge pull request #33444 from rnhmjoj/dnscrypt-wrapper
nixos/dnscrypt-wrapper: fix rotate script failing to restart the service
2018-01-14 11:33:02 +00:00
Sarah Brofeldt
ee4e6ebbfa
Merge pull request #32822 from LumiGuide/elk6
ELK: 5.6.1 -> 5.6.5 & add ELK 6.1.0
2018-01-14 10:40:50 +01:00
Miguel Madrid Mencía
22341c42e7
resilio-sync: fixed typo knownHosts -> entry.knownHosts 2018-01-13 23:44:39 +01:00
Jan Tojnar
38b6d7b60e
nixos/chrome-gnome-shell: init 2018-01-13 15:19:19 +01:00
Joachim F
ed250d8093
Merge pull request #27131 from richardlarocque/mosquitto_pw
mosquitto: Explicitly configure password file
2018-01-13 12:02:45 +00:00
Eelco Dolstra
dddcd10ecc
Don't set 'config.xorg = {}'
This makes memoization of Nixpkgs evaluation less effective, since
some Nixpkgs invocations may have 'config = {}' while others may have
'config = { xorg = {}; }'.

Instead set 'config = {}'.
2018-01-11 19:31:05 +01:00
zimbatm
1276a3b12a
nixos/acme: configurable TOS hash (#33522)
This hash tends to change and upstream simp_le doesn't seem to keep up
with the changes.
2018-01-11 14:19:15 +00:00
Jörg Thalheim
788c5195f3 Revert "nixos/udev: fix outdated udev rules for network devices"
This reverts commit 45c5a915980fbe1fa6f0ff80ab2d11b60b844d9e.

This breaks PredictableNetworkInterfaceNames on systems without networkd.
We should only include this file from systemd, when networkd is enabled.
2018-01-11 11:21:16 +00:00
Eelco Dolstra
6bbd67d45a
EC2 AMIs: 17.09.2356.cb751f9b1c3 -> 17.09.2681.59661f21be6 2018-01-10 13:16:49 +01:00
Joachim F
a6912f589e
Merge pull request #33629 from rnhmjoj/dnscrypt-proxy
Restore dnscrypt-proxy
2018-01-09 21:34:14 +00:00
John Ericson
eec050f395
Merge pull request #33577 from dtzWill/fix/cross-2
Minor cross fixes, 2
2018-01-09 12:36:53 -05:00
Vladimír Čunát
d6bf8eb71b
Merge #33614: nixos/kresd improvements
The PR was extended with other fixes.  All tested by me atop 17.09.
2018-01-09 17:26:31 +01:00
Ben Gamari
b2cbffae64 nixos/security-wrapper: Fix cross-compilation 2018-01-09 11:25:19 -05:00
Vladimír Čunát
4bc4c08838
nixos/kresd: service nitpicks 2018-01-09 17:25:18 +01:00
Vladimír Čunát
3ab85ed1ac
nixos/kresd: use DNSSEC root trust anchor from nixpkgs
in read-only way.  If the cache directory is empty and you use the
very same service for system's DNS, kresd is unable to bootstrap root
trust anchors, as it would need a DNS lookup.

Also, if we don't rely on bootstrap, the extra lua deps of kresd could
be dropped by default, but let's not do that now, as the difference in
closure size is only ~4 MB, and there may be other use cases than
running the package as nixos service this way.
2018-01-09 17:24:49 +01:00
Vladimír Čunát
f312e6d993
nixos/kresd: use systemd.tmpfiles
Since 4e4161c212 it works on nixos-rebuild.
2018-01-09 17:11:36 +01:00
José Romildo Malaquias
8b416450ea mate: let caja find extensions and gsettings schemas 2018-01-09 02:40:04 +02:00
José Romildo Malaquias
598c6c13f0 mate-panel: let mate-panel find applets in config system path 2018-01-09 02:40:04 +02:00
José Romildo Malaquias
ca27392d9c mate-control-center: add gsettings schemas path to XDG vars
mate-control-center depends on mate-settings-daemon, but the later needs
gsettings schemas  provided by the former. To fix this the gsettings schema
path from mate-control-center is added to XDG_DATA_DIRS at session
startup.
2018-01-09 02:40:04 +02:00
José Romildo Malaquias
1bacb88c6a mate-session-manager: add debug option to mate service 2018-01-09 02:40:04 +02:00
Andreas Rammhold
637d5dd00c tomcat9: 9.0.0.M17 -> 9.0.2
also renamed from tomcatUnstable to tomcat9
2018-01-09 01:31:06 +01:00
rnhmjoj
94d28f3672
nixos/dnscrypt-proxy: use new dyne.org repository 2018-01-09 00:33:19 +01:00
Jörg Thalheim
71cce26342 nixos/udev: fix outdated udev rules for network devices
Udev changed its internal naming, so this rule file no longer applied correctly.
Therefore some properties such as network driver no longer matched in
systemd-networkd.

After updating we have more properties in systemd-networkd:

$ sudo networkctl status wlp3s0
...
   Driver: iwlwifi
...

To prevent this in future, the file is no copied from systemd directly
2018-01-08 16:59:33 +01:00
Andrey Golovizin
f19d959ef1 nixos/kresd: fix systemd dependency cycle
The unnecessary dependency of sockets.target on kresd.service causes a
dependency cycle preventing kresd.service from starting at boot:

sockets.target -> kresd.service -> basic.target -> sockets.target
2018-01-08 15:52:26 +01:00
Yegor Timoshenko
85b84527f6
mopidy: fix, resolves #32234 2018-01-08 14:32:36 +00:00
rnhmjoj
4ebb9621f4
Revert "nixos/dnscrypt-proxy: remove"
This reverts commit 5dc2853981.
The project has a new maintainer.
2018-01-08 15:09:33 +01:00
Yegor Timoshenko
f7a9f96725
nixos/xfce: clean up, use hyphenated attributes 2018-01-08 05:12:05 +00:00
Johannes Bornhold
a88b4d4db1 nixos/matrix-synapse: Add module parameter extraConfigFiles (#33276)
This allows to configure additional configuration files for Synapse. This way
secrets can be kept in a secure place on the file system without a need to go
through the Nix store.
2018-01-07 20:13:48 +00:00
Joachim Fasting
5dc2853981 nixos/dnscrypt-proxy: remove
The upstream project ceased.

See https://github.com/NixOS/nixpkgs/issues/33540
2018-01-07 17:00:32 +01:00
Robin Gloster
e606bb252b
gitlab module: config changes for gitlab 10.3 2018-01-07 05:02:56 +01:00
Robin Gloster
69c396f273
gitlab module: gitaly fixes 2018-01-07 05:02:35 +01:00
Graham Christensen
013580caf0
Merge pull request #30518 from Infinisil/usbmuxd-service
usbmuxd service: init
2018-01-06 15:53:42 -05:00
Jaakko Luttinen
eeaa82bde1 nixos/availableKernelModules: add logitech hid
This adds support for Logitech (wireless) USB keyboards at boot
2018-01-06 17:11:30 +00:00
Léo Gaspard
7b878a443a
nixos/clamav: replace mkIf [] with optional 2018-01-06 16:52:14 +01:00
Léo Gaspard
cb506e6e2e
nixos/clamsmtp: init 2018-01-06 16:08:54 +01:00
zimbatm
eddf30cc93
nixos: introduce boot.growPartition (#33521)
Move it from being a profile
2018-01-06 13:52:51 +00:00
Orivej Desh
b249907d04
Merge pull request #33197 from bgamari/gitlab-jws-fix
gitlab: Rename jws_private_key to openid_connect_signing_key
2018-01-06 03:08:57 +00:00
José Romildo Malaquias
d0eb40b311 lightdm-gtk-greater: add configuration options for clock format and indicators 2018-01-06 02:20:53 +00:00
zimbatm
80f13dc31d fixup! buildkite-agent: change hooksPath type to 'path' (and prevent it from hitting the store) 2018-01-05 22:55:20 +00:00
Robin Gloster
cfed96ca51 nixos/service.tt-rss: improve pgsql support, do not use static uid/gid 2018-01-05 14:47:54 +01:00
Jaakko Luttinen
c26ff43905 nixos/service.tt-rss: improve mysql automatic setup
If the user chooses MySQL, it is enabled by default. Also, the used database is
created automatically along with the user and permissions.
2018-01-05 14:47:54 +01:00
Jaakko Luttinen
68855595ce nixos/service.tt-rss: enable nginx automatically 2018-01-05 14:47:54 +01:00
Jaakko Luttinen
13eaae1610 nixos/service.tt-rss: use tt_rss user
- Add tt_rss system user.
- Use tt_rss as the user by default.
- Create tt_rss user and group automatically if used.
2018-01-05 14:47:54 +01:00
Jaakko Luttinen
c9b46ccea1 nixos/service.tt-rss: fix #27048 2018-01-05 14:47:54 +01:00
rnhmjoj
c883311327
nixos/dnscrypt-wrapper: fix rotate script failing to restart the service 2018-01-05 02:37:09 +01:00
Jörg Thalheim
f29ecd56c1
Merge pull request #33372 from Mic92/memcache
nixos/memcached: make unix sockets usuable
2018-01-04 18:39:48 +01:00
AmineChikhaoui
5dba59d494
Fixes https://github.com/NixOS/nixops/issues/756.
Seems the google compute metadata service behavior changed a bit
recently which caused this issue ?
see: https://cloud.google.com/compute/docs/storing-retrieving-metadata
2018-01-04 16:50:05 +01:00
Peter Hoeg
423dd6cc29
Merge pull request #33415 from peterhoeg/p/hv
hyperv-daemons: package and nixos module
2018-01-04 21:11:34 +08:00
Peter Hoeg
85e507ebea hyperv-daemons: add nixos module 2018-01-04 21:09:01 +08:00
Maximilian Bosch
dbc414a8a5
yabar: add module
To make the configuration of `yabar` more pleasant and easier to
validate, a NixOS module will be quite helpful.

An example config could look like this:

```
{
  programs.yabar = {
    enable = true;
    bars.top.indicators.exec = "YA_DATE";
  };
}
```

The module adds a user-controlled systemd service which runs `yabar` after
starting up X.
2018-01-04 09:58:21 +01:00
Jörg Thalheim
c9c8a2c5b3 nixos/memcached: make unix sockets usuable
before:
  - /var/run/memcached is a bad default for a socket path, since its
    parent directory must be writeable by memcached.
  - Socket directory was not created by the module itself -> this was
    left as a burden to the user?
  - Having a static uid with a dynamic user name is not very useful.

after:
  - Replace services.memcached.socket by a boolean flag. This simplifies
    our code, since we do not have to check if the user specifies a
    path with a parent directory that should be owned by memcached
    (/run/memcached/memcached.sock -> /run/memcached).
  - Remove fixed uid/gid allocation. The only file ever owned by the
    daemon is the socket that will be recreated on every start.
    Therefore user and group ids do not need to be static.
  - only create the memcached user, if the user has not specified a
    different one. The major use case for changing option is to allow
    existing services (such as php-fpm) opening the local unix socket.
    If we would unconditionally create a user that option would be
    useless.
2018-01-03 12:33:36 +01:00
Jörg Thalheim
453e15ec91 nixos/redis: remove static uid/gid assignment
all files are chowned on startup
2018-01-03 11:18:04 +01:00
Léo Gaspard
aa241aed14 nixos/dkimproxy-out: init (#33229) 2018-01-03 01:23:02 +00:00
Casey Ransom
f3cba4f6bb netdata service: fix permissions for apps.plugin
apps.plugin requires capabilities for full process monitoring. with
1.9.0, netdata allows multiple directories to search for plugins and the
setuid directory can be specified here.

the module is backwards compatible with older configs. a test is
included that verifies data gathering for the elevated privileges. one
additional attribute is added to make configuration more generic than
including configuration in string form.
2018-01-02 17:57:19 -05:00
Ryan Trinkle
f1a6fa6eec
Merge pull request #32258 from ryantrinkle/add-nat-extraCommands
nat: add extraCommands option
2018-01-02 14:32:42 -05:00
Frederik Rietdijk
804285f589 Merge remote-tracking branch 'upstream/staging' into HEAD 2018-01-02 19:10:45 +01:00
Uli Schlachter
5465d6f7de awesome: Use --search instead of $LUA_PATH/$LUA_CPATH
Instead of polluting the environment with environment variables which
are inherited by processes spawned from awesome, use the command line
argument "--search" to add things to the search path.

cc #33169
2018-01-02 17:24:56 +00:00
Jörg Thalheim
310ad4345b
Merge pull request #30686 from gnidorah/keyring
pam: add optional pam_gnome_keyring integration
2018-01-02 14:58:45 +01:00
Jörg Thalheim
54b16bcd11
Merge pull request #33227 from Ekleog/fcron-opensmtpd
fcron module: be compatible with non-wrapped sendmail's, like opensmt…
2018-01-02 09:26:53 +01:00
Bas van Dijk
803077ef1c elk: add elasticsearch6, logstash6, kibana6 and the beats at v6.1.0
This change is backwards compatible since the ELK tools at version 5.x
remain unchanged.

The test suite now both tests ELK-5 and ELK-6.
2018-01-02 01:15:29 +01:00
Franz Pletz
1a69b2029f
Merge pull request #33273 from fadenb/patch-1
lldpd module: create a lldpd user as system user
2018-01-01 23:46:50 +00:00
gnidorah
f15fad898b pam: add optional pam_gnome_keyring integration 2018-01-01 21:58:37 +03:00
Frederik Rietdijk
4cc2a38854 Merge remote-tracking branch 'upstream/master' into HEAD 2018-01-01 18:15:13 +01:00
Jörg Thalheim
0bbf671b5a
Merge pull request #31157 from sorki/lxcfs_pam_related
[wip] lxcfs,pam: disable cgmanager, enable pam_cgfs, lxcfs 2.0.7 -> 2.0.8
2018-01-01 15:42:03 +01:00
Frederik Rietdijk
1869e7e5b0 Merge remote-tracking branch 'upstream/master' into HEAD 2018-01-01 15:09:55 +01:00
Tristan Helmich
3b74349661
lldpd module: create a lldpd user as system user 2018-01-01 14:22:58 +01:00
Léo Gaspard
70a085b62f nixos/rspamd: add extraConfig parameter (#33226) 2017-12-31 15:11:15 +00:00
Vladimír Čunát
1fcd92ce92
Merge branch 'master' into staging
A few thousand rebuilds from master, again.
Hydra: ?compare=1422362
2017-12-31 09:53:49 +01:00
Orivej Desh
dac8f27f96 nixos/beegfs: fix the build of the NixOS manual 2017-12-31 07:52:32 +00:00
Markus Kowalewski
b7fdefc8a4 beegfs: init at 6.17
package, kernel module, nixos module, and nixos test
2017-12-31 07:07:02 +00:00
Yegor Timoshenko
0dd6bd214d
xfce: resolve conflict with KDE
This resolves some aspects of #33231, but GDK_PIXBUF_MODULE_FILE doesn't really belong to any DE module.
2017-12-31 05:22:15 +00:00
Orivej Desh
54d01b0e97
Merge pull request #32914 from Infinisil/znapzendzetup
znapzend service: stateless setup
2017-12-31 03:45:40 +00:00
Léo Gaspard
341583b2d2
fcron module: be compatible with non-wrapped sendmail's, like opensmtpd's 2017-12-31 03:34:11 +01:00
Yegor Timoshenko
c31ac41810
libinput: disableWhileTyping = false by default 2017-12-30 22:02:16 +00:00
Frederik Rietdijk
2d0bead714 Merge remote-tracking branch 'upstream/master' into HEAD 2017-12-30 17:04:54 +01:00
Ben Gamari
b95cdd4f6c gitlab: Rename jws_private_key to openid_connect_signing_key
See
24d56df29b
2017-12-29 22:11:04 -05:00
Vladimír Čunát
a1a3e54ac9
Merge branch 'master' into staging
Haskell rebuild :-)
Hydra: ?compare=1421865
2017-12-29 18:39:36 +01:00
gnidorah
766ae1ecf9 tmux module: add secureSocket option 2017-12-29 15:05:20 +03:00