Commit graph

5040 commits

Author SHA1 Message Date
Wilhelm Schuster
5f8d14546b Manual: Explicitly mark commands that require to be run as root (#15589)
* manual: Mark commands that require root

Mark every command that requires to be run as root by prefixing them
with '#' instead of '$'.

* manual: Add note about commands that require root
2016-06-01 15:23:32 +01:00
Nahum Shalman
9b0a5ced13 stage2: if no /proc, also mount /sys 2016-06-01 13:26:14 +00:00
Eelco Dolstra
e8ad22be12 Rename gummiboot module 2016-06-01 12:55:56 +02:00
Eelco Dolstra
9f0e137338 Rename boot.loader.gummiboot.enable -> boot.loader.systemd-boot.enable 2016-06-01 12:55:52 +02:00
Bob van der Linden
4e6697dcb6 acme: added option security.acme.preliminarySelfsigned (#15562) 2016-06-01 11:39:46 +01:00
Nikolay Amiantov
164ead312e Merge pull request #15793 from abbradar/unity3d-pkg
Unity3D package
2016-06-01 12:59:12 +03:00
Tuomas Tynkkynen
0229693354 iso-image.nix: Fix path to EFI blob after systemd-boot switch
This evaluates, but I can't verify if it works.

@edolstra
2016-06-01 12:14:00 +03:00
Eelco Dolstra
f222689aba Use systemd-boot instead of gummiboot
Gummiboot is part of systemd now so we may as well use it.
2016-05-31 17:02:47 +02:00
obadz
0c9e904943 toxvpn: restartIfChanged = false & minor cleanups 2016-05-30 14:23:52 +01:00
anderspapitto
dd2bb96dbe syncthing service: respect cfg.package (#15810) 2016-05-30 10:14:19 +02:00
obadz
d18ba0f50d toxvpn: init at 20151111
(Authored by @cleverca22)
2016-05-30 00:21:22 +01:00
aszlig
dc38003af9
nixos/containers: Create an empty machine-id file
Since systemd version 230, it is required to have a machine-id file
prior to the startup of the container. If the file is empty, a transient
machine ID is generated by systemd-nspawn.

See systemd/systemd#3014 for more details on the matter.

This unbreaks all of the containers-* NixOS tests.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @edolstra
Closes: #15808
2016-05-29 18:38:37 +02:00
Nikolay Amiantov
281db6bbc3 unity3d service: init 2016-05-29 17:38:36 +03:00
Joachim Fasting
b05bb30361
slurm service: robust reference to slurm bin output 2016-05-28 15:28:21 +02:00
Joachim Fasting
c420d0fb28
slurm service: fix typo in option description 2016-05-28 15:28:21 +02:00
Joachim Fasting
4e74479807
networking config: specify resolv.conf options as list of strings 2016-05-28 14:28:13 +02:00
Christian Zagrodnick
14dfdeb31a
networking config: support setting resolv.conf options
Closes: #11372
2016-05-28 14:28:13 +02:00
Joachim Fasting
44548c8a9e Merge pull request #15596 from rnhmjoj/master
fish: 2.2.0 -> 2.3.0
2016-05-28 00:53:12 +02:00
Joachim Fasting
a03cbebeb5
diod service: Capabilities -> CapabilityBoundingSet
`Capabilities` is obsolete in recent systemd and will be simply
ignored.

Note: this is the only service using `Capabilites`, per `git grep`.
2016-05-27 16:26:55 +02:00
Joachim Fasting
f7e7b814a9 Merge pull request #15668 from joachifm/fontDir-builderDefs
config.fonts.fontdir: use runCommand instead of builderDefs
2016-05-27 16:17:58 +02:00
Vladimír Čunát
e4832c7541 Merge branch 'staging'
Includes a security update of libxml2.
2016-05-27 15:58:40 +02:00
Joachim Fasting
a487cacef4 Merge pull request #15745 from peterhoeg/tmux-env
tmux module: set TMUX_TMPDIR via environment instead of wrapper
2016-05-27 13:23:48 +02:00
Peter Hoeg
5404595b55 tmux module: set TMUX_TMPDIR via environment instead of wrapper 2016-05-27 17:29:19 +08:00
Eelco Dolstra
b786b00023 KDE test: Bump kdm start timeout
Hopefully this will fix random failures like
http://hydra.nixos.org/build/36249079.
2016-05-27 11:22:27 +02:00
Joachim Fasting
b24e58a82b
config.fonts.fontdir: use runCommand instead of builderDefs
The primary motivation here is to get rid of builderDefs, but now the
resulting font directory is also linked into /run/current-system/sw,
which fixes #15194.
2016-05-26 22:39:01 +02:00
Vladimír Čunát
81039713fa Merge branch 'master' into staging
... to get the systemd update (rebuilding ~7k jobs).
2016-05-26 16:50:22 +02:00
aszlig
3b8a2a793c
nixos/tests/vbox: Fix invocation of dbus
VBoxService needs dbus in order to work properly, which failed to start
up so far, because it was searching in /run/current-system/sw for its
configuration files.

We now no longer run with the --system flag but specify the
configuration file directly instead.

This fixes at least the "simple-gui" test and probably the others as
well, which I haven't tested yet.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-05-26 16:48:32 +02:00
aszlig
3fd3911105
nixos/tests/vbox: Replace waitForWindow with xprop
We can't use waitForWindow here because it runs xwininfo as user root,
who in turn is not authorized to connect to the X server running as
alice.

So instead, we use xprop from user alice which should fix waiting for
the VirtualBox manager window.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-05-26 16:48:32 +02:00
Alexander Ried
8fbdb40ef0 services.*ntp*: Add time-sync.target to ntp clients (#15714)
See: https://www.freedesktop.org/software/systemd/man/systemd.special.html#time-sync.target
2016-05-26 16:25:36 +02:00
Eelco Dolstra
b37d6d8996 Fix failure to start old containers
The existence of $root/var/lib/private/host-notify as a socket
prevented a bind mount:

  container foo[8083]: Failed to create mount point /var/lib/containers/foo/var/lib/private/host-notify: No such device or address
2016-05-26 16:19:40 +02:00
aszlig
ecd3cbb9e7
nixos/tests/vbox: Start X server with user "alice"
The VirtualBox tests so far ran the X server as root instead of user
"alice" and it did work, because we had access control turned off by
default.

Fortunately, it was changed in 1541fa351b.

As a side effect, it caused all the VirtualBox tests to fail because
they now can't connect to the X server, which is a good thing because
it's a bug of the VirtualBox tests.

So to fix it, let's just start the X server as user alice.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-05-26 15:05:23 +02:00
aszlig
cb796ccd09
nixos/test-driver/Logger: Replace invalid UTF-8
Regression introduced by d84741a4bf.

The mentioned commit actually is a good thing, because we now get the
output from the X session.

Unfortunately, for the i3wm test, the i3-config-wizard prints out the
raw keyboard symbols directly coming from xcb, so the output isn't
necessarily proper UTF-8.

As the XML::Writer already expects valid UTF-8 input, we assume that
everything that comes into sanitise() will be UTF-8 from the start. So
we just decode() it using FB_DEFAULT as the check argument so that
every invalid character is replaced by the unicode replacement
character:

https://en.wikipedia.org/wiki/Specials_(Unicode_block)#Replacement_character

We simply re-oncode it again afterwards and return it, so we should
always get out valid UTF-8 in the log XML.

For more information about FB_DEFAULT and FB_CROAK, have a look at:

http://search.cpan.org/~dankogai/Encode-2.84/Encode.pm#Handling_Malformed_Data

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-05-26 14:24:33 +02:00
Domen Kožar
467cd6f3a4 Make i3wm test a release blocker
Catch issues like
331fa2feff
2016-05-26 10:47:15 +01:00
obadz
e78a99c35b nixos/tests/installer.nix: nixos-generate-config detects LUKS since a7baec7
Fixes nix-build '<nixos/release.nix>' -A tests.installer.luksroot.x86_64-linux
2016-05-26 04:02:36 +01:00
rnhmjoj
17ec9368cd
fish: 2.2.0 -> 2.3.0 2016-05-26 00:10:22 +02:00
obadz
331fa2feff xsession: fix variable read before set introduced in c99608c 2016-05-25 17:47:36 +01:00
Eelco Dolstra
a7baec7cb1 nixos-generate-config: Emit LUKS configuration for boot device 2016-05-25 18:04:41 +02:00
Eelco Dolstra
c6ab4ab206 nixos-generate-config: Enable strictness 2016-05-25 18:04:34 +02:00
Eelco Dolstra
845c9b50bf boot.initrd.luks.devices: Change into an attribute set
This allows setting options for the same LUKS device in different
modules. For example, the auto-generated hardware-configuration.nix
can contain

  boot.initrd.luks.devices.crypted.device = "/dev/disk/...";

while configuration.nix can add

  boot.initrd.luks.devices.crypted.allowDiscards = true;

Also updated the examples/docs to use /disk/disk/by-uuid instead of
/dev/sda, since we shouldn't promote the use of the latter.
2016-05-25 18:04:21 +02:00
Eelco Dolstra
32bed83b18 Remove boot.loader.grub.timeout and boot.loader.gummiboot.timeout
There is a generic boot.loader.timeout option.
2016-05-25 11:39:17 +02:00
Eelco Dolstra
fe875b4100 nixos/tests/boot.nix: Remove empty module 2016-05-25 11:39:17 +02:00
obadz
47950b5353 modules/misc/version.nix: populate nixosRevision based on <nixpkgs/.git> when possible (#15624)
Example:

$ nixos-option system.nixosLabel
Value:
"16.09.git.4643ca1"
2016-05-24 23:34:28 +01:00
Eelco Dolstra
c726773f26 cpufreq: Fix "sh: modprobe: command not found" 2016-05-24 21:48:42 +02:00
Eelco Dolstra
c99608c638 Add an option to write the X session log to the journal
... rather than ~/.xsession-errors. It might make sense to make this
the default, in order to eliminate ad hoc, uncentralised, poorly
discoverable log files.
2016-05-24 21:46:38 +02:00
Eelco Dolstra
d84741a4bf X server: Log to the journal instead of /var/log/X.0.log
This ensures that "journalctl -u display-manager" does what you would
expect in 2016. However, the main reason is to ensure that our VM
tests show the output of the X server.

A slight problem is that with KDE user switching, messages from the
various X servers end up in the same place. However, that's an
improvement over the previous situation, where the second X server
would overwrite the /var/log/X.0.log of the first. (This was caused by
the fact that we were passing a hard-coded value for -logfile.)
2016-05-24 21:45:26 +02:00
Eelco Dolstra
3e7b510281 nixos.tests.swraid: Drop mdadm -W
This command is racy because it will return a non-zero exit code if
the array is already clean. This caused numerous random failures. It
should be unnecessary anyway. (Maybe in the past we needed this
because of #15226.)

http://hydra.nixos.org/job/nixos/release-16.03/nixos.tests.installer.swraid.i686-linux
2016-05-24 17:20:22 +02:00
Eelco Dolstra
ad29b72686 test-driver: Fix "unit X is inactive and there are no pending jobs"
This was causing many random test failures.
2016-05-24 16:33:14 +02:00
Joachim Fasting
e27e0b3d75 Merge pull request #15620 from Cornu/mosquitto
mosquitto service: init
2016-05-24 13:56:06 +02:00
Joachim Fasting
493cae8756
Revert "Merge pull request #15384 from Shados/fix-preshell-terminfo"
This reverts commit 4e9833d9e8, reversing
changes made to 6194e9d801.

Setting TERMINFO prevents ncurses from reading TERMINFO_DIRS.  See
https://github.com/NixOS/nixpkgs/pull/15384#issuecomment-221205596
2016-05-24 11:13:46 +02:00
Hans-Harro Horn
77f2c305b6 mosquitto service: init
Initial Mosquitto MQTT Broker service file.
2016-05-24 10:49:03 +02:00
zimbatm
4d0a421f18 Merge pull request #15646 from vcunat/p/man-db
man-db: make it the default man provider
2016-05-24 09:25:10 +01:00
Markus Mueller
19ee3baa32 ldap module: fix activationScripts declaration 2016-05-23 22:54:15 +02:00
Vladimír Čunát
b9df4311dc man-db: make it the default man provider
For now, leave the old implementation under `man-old` attribute.

Small warning: I had a leftover ~/.nix-profile/man from an old package,
which caused man-db's man prefer it and ignore ~/.nix-profile/share/man.
The PATH->MANPATH code just selects the first match for each PATH item.
2016-05-23 19:53:05 +02:00
Joachim Fasting
0f384e5cf2
dnscrypt-proxy service: update resolver list 2016-05-23 16:44:20 +02:00
Taeradan
77028b1e8d
fail2ban service: add iproute to PATH
iproute is required for blocking via null routes; without it, rules
based on routes.conf will fail.

Closes #15638
2016-05-23 15:57:21 +02:00
Vladimír Čunát
e7080becfd release notes: mention xorg-server update 2016-05-23 15:24:00 +02:00
Vladimír Čunát
5eb0e1360a release notes: mention removal of shell aliases 2016-05-23 15:16:41 +02:00
Domen Kožar
16535d4a71 setuid-wrappers: remove config.system.path from the closure
The motivation is using sudo in chroot nix builds, a somewhat
special edge case I have and pulling system path into chroot
yields to some very nasty bug like
https://github.com/NixOS/nixpkgs/issues/15581

Previously:

$ cat /var/setuid-wrappers/sudo.real
/nix/store/3sm04dzh0994r86xqxy52jjc0lqnkn65-system-path/bin/sudo

After the change:

$ cat /var/setuid-wrappers/sudo.real
/nix/store/4g9sxbzy8maxf1v217ikp69c0c3q12as-sudo-1.8.15/bin/sudo
2016-05-23 13:47:23 +01:00
Vladimír Čunát
358533dc61 nixos xserver: fix evdev driver with xserver 1.18
... and add its man page.
Now I seem to be running fine with the new server.
2016-05-23 13:02:55 +02:00
Vladimír Čunát
69cc0a7bc5 xf86-input-evdev: split dev output 2016-05-23 13:02:55 +02:00
Eelco Dolstra
0c5ebbd744 Merge pull request #15598 from rnhmjoj/systemd
Remove systemd shell aliases
2016-05-23 10:28:34 +02:00
Vladimír Čunát
05a36304ea nixos ati_unfree: auto-switch xorg to fglrxComat 2016-05-23 10:12:44 +02:00
Vladimír Čunát
0b192a0976 Merge branch 'master' into staging
That's to get mesa rebuild from master, as it's nontrivial.
2016-05-23 09:02:10 +02:00
Joachim Fasting
89d50c4341 Merge pull request #15630 from obadz/opensmtpd
opensmtpd: 5.7.3p2 -> 5.9.2p1
2016-05-23 08:52:42 +02:00
obadz
e69ed2b64b opensmtpd: 5.7.3p2 -> 5.9.2p1 2016-05-23 02:59:20 +01:00
Eelco Dolstra
c7d92f9485 xf86-video-modesetting: Remove
This driver is part of xorg-server now, so we were using an outdated
version.
2016-05-22 23:05:30 +02:00
Kranium Gikos Mendoza
25fbac5b52 mod_auth_mellon: init at 0.12.0 2016-05-23 02:02:25 +08:00
Joachim Fasting
d9796f44f6
manual: minor cleanups 2016-05-22 20:01:52 +02:00
Joachim Fasting
d6575c96fb
transmission service: robust lib references in apparmor profile 2016-05-22 20:01:29 +02:00
Vladimír Čunát
73f1f5eb39 imagemagick: split dev output to fix #9604
Also fixup references to imagemagick.
2016-05-22 13:41:15 +02:00
Vladimír Čunát
f4eb808554 xf86-input-synaptics: split dev output 2016-05-22 12:10:38 +02:00
Vladimír Čunát
c4661e9643 Merge: make dev output references explicit
This is a rebase of most commits from #14766,
resolving conflicts and a few other evaluation problems.
2016-05-22 12:09:23 +02:00
Arnold Krille
bf0e745597 unbound service: do not initialize root cert
When enableRootTrustAnchor is set to false, there is really no point in
initializing the root key before starting unbound.

Fixes #15605.
2016-05-21 22:27:27 +02:00
rnhmjoj
1d9651e723
Remove systemd shell aliases 2016-05-21 19:25:21 +02:00
Ben Smith
3a1beb6347
redis service: add firewall and VM overcommit options
- Add vm.over_commit setting for background saving
- Add openFirewall setting

Closes #10193
2016-05-21 18:17:36 +02:00
Alexander Ried
31fa7eda70 releasenotes: fix opengl.extraPackages option name
Should be merged into master and release-16.03 I guess
2016-05-21 16:34:58 +02:00
Bjørn Forsman
c7db50e24f Revert "network-manager: multiple outputs"
This reverts commit c25907d072.

I think this commit broke the NixOS service for NetworkManager. At least
with this, and the two previous reverts, everything is back to normal.
(With multiple-outputs split, it would have reduced the closure size by
3 MiB.)
2016-05-21 13:12:44 +02:00
Bjørn Forsman
167272f01d Revert "networkmanager service: fixup"
This reverts commit 7ac1ef05fa.

One of a few reverts needed to unbreak networkmanager NixOS service
since the multiple-output split (to save 3 MiB of closure size).
2016-05-21 13:12:44 +02:00
Bjørn Forsman
d1463ac750 Revert "nixos/networkmanager: fix syntax error"
This reverts commit 2875293615.

One of a few reverts needed to unbreak networkmanager NixOS service
since the multiple-output split (to save 3 MiB of closure size).
2016-05-21 13:12:44 +02:00
Nikolay Amiantov
53b8852498 initrd-ssh service: add assertions for host keys 2016-05-20 23:34:28 +03:00
Joachim Fasting
d12e9c1a30 Merge pull request #15365 from bendlas/fix-gnome-keyring
gnome-keyring: add gcr dependency to service
2016-05-20 15:18:11 +02:00
Domen Kožar
9d745c6795 typo 2016-05-20 13:55:48 +01:00
Domen Kožar
2d6d731f24 nixos: add a small section about kernel module dev 2016-05-20 11:55:38 +01:00
Domen Kožar
2a3c0ca3d5 command-not-found: disable module until it's fixed again
See https://github.com/NixOS/nixos-channel-scripts/issues/4
2016-05-19 20:02:06 +01:00
Tuomas Tynkkynen
2a73de6e6c treewide: Make explicit that 'dev' output of openssl is used 2016-05-19 10:02:23 +02:00
Tuomas Tynkkynen
f81af4e6f0 treewide: Make explicit that 'dev' output of glib is used 2016-05-19 10:00:35 +02:00
Tuomas Tynkkynen
2132c86c45 nixos/dbus: Reference correct output of 'dbus' 2016-05-18 22:58:00 +03:00
Peter Hoeg
60025e3524 tmux module: add additional variables for configuring tmux
Also wraps the tmux binary, so that sockets are stored under /run
2016-05-18 19:24:03 +08:00
Joachim Fasting
cf5e07ca5b Merge pull request #15471 from telotortium/subsonic
subsonic: change NixOS home directory config
2016-05-18 04:01:32 +02:00
Domen Kožar
b49bf121b8 rename iElectric to domenkozar to match GitHub 2016-05-17 13:00:47 +01:00
Robert Irelan
cf14dad167 Add script to move /var/subsonic to cfg.home 2016-05-16 14:42:22 -07:00
Robert Irelan
40d4f6df81 Move from ExecStart{,Pre} to systemd.nix attributes 2016-05-16 14:08:32 -07:00
Ricardo Ardissone
6067eddf83 minetest-server module: fix executable path 2016-05-15 18:46:45 -03:00
Joachim Fasting
3ad0276e7e Merge pull request #15435 from mayflower/nzbget_no_config
nzbget: 16.4 -> 17.0-r1686 and nzbget service
2016-05-15 14:05:31 +02:00
Joachim Fasting
fbdb82cc17 Merge pull request #15473 from romildo/fix.xfce4-screenshooter
xfce4: rename application xfce4screenshooter to xfce4-screenshooter
2016-05-15 12:17:32 +02:00
José Romildo Malaquias
44d347aba5 xfce4: rename application xfce4screenshooter to xfce4-screenshooter 2016-05-15 06:56:46 -03:00
Joachim Fasting
b740e046ab
dnscrypt-proxy service: robust lib references in apparmor profile
Use getLib to avoid future problems caused by re-ordering outputs.
2016-05-15 11:55:17 +02:00
Rok Garbas
03b115f8e0 nixos/i3lock-color: added to pam 2016-05-15 07:47:31 +02:00
Robert Irelan
a712d8ff0b subsonic: change NixOS home directory config
Move Subsonic state directory from `/var/subsonic` to
`/var/lib/subsonic`, since the general convention is for each
application to put its state directory there.

Also, automatically set the home directory of the `subsonic` user to the
value of `config.services.subsonic.home`, rather than setting it to a
value hardcoded in the module. This keeps the home directory of the
`subsonic` user and the state directory for the Subsonic application in
sync.
2016-05-14 14:13:30 -07:00
Tuomas Tynkkynen
0561e14c3b bind: Split into multiple outputs
A patch is needed to make bind not print its configure flags on
'named -V'.
2016-05-14 22:12:59 +03:00