Commit graph

756 commits

Author SHA1 Message Date
worldofpeace
456c42c3e8 nixos/xterm: stateVersion disable by default 2019-09-09 12:07:11 -04:00
Samuel Leathers
01268fda85
20.03 is Markhor
* Markhor is a spiral horned animal that is on the endangered species list
* https://en.wikipedia.org/wiki/Markhor
2019-09-09 11:26:58 -04:00
adisbladis
8e2fc57a80
postgresql_9_4: Remove package
It's only supported until February 13, 2020 which is during the 19.09 life cycle.
2019-09-07 15:31:27 +01:00
WilliButz
bb62066225
nixos/prometheus: remove prometheus1 module, rename prometheus2
Prometheus 1 is no longer supported, instead 'services.prometheus'
now configures the Prometheus 2 service.
2019-09-06 21:55:23 +02:00
worldofpeace
5d4890b58d
Merge pull request #67585 from worldofpeace/system-config-printer
nixos/system-config-printer: init
2019-09-06 12:08:23 -04:00
worldofpeace
c6abb69785 rl-1909: note about system-config-printer 2019-09-06 12:06:32 -04:00
adisbladis
194aac9eed
elk-stack: Add release note about elk-5 stack removal 2019-09-06 14:30:49 +01:00
worldofpeace
270b4866e3 rl-1909: make services.gnome3 links sensible 2019-09-06 05:25:27 -04:00
Jan Tojnar
ed54a5b51d
Merge branch 'gtk-no-plus' 2019-09-06 02:57:51 +02:00
Jan Tojnar
72e7d569a7
tree-wide: s/GTK+/GTK/g
GTK was renamed.
2019-09-06 02:54:53 +02:00
Maximilian Bosch
e4bc0e2b5f
weechatScripts.weechat-xmpp: remove
This plugin is fairly outdated and depends on python2 libraries that
don't receive any updates either (xmpppy for instance[1]).

[1] https://pypi.org/project/xmpppy/
2019-09-05 20:03:46 +02:00
Sarah Brofeldt
ef76e7df16 nixos/manual: Fix build after broken Ceph release note 2019-09-04 19:33:07 +02:00
Johan Thomsen
fb22d67fa7 ceph: 13.2.4 -> 14.2.1
* remove kinetic
* release note
* add johanot as maintainer

nixos/ceph: create option for mgr_module_path
  - since the upstream default is no longer correct in v14

* fix module, default location for libexec has changed
* ceph: fix test
2019-09-04 16:17:18 +02:00
Silvan Mosberger
ad13ebe029
Merge pull request #55510 from florianjacob/declarative-printers
nixos/printers: declarative configuration
2019-09-03 17:46:53 +02:00
worldofpeace
9b13731b72
Merge pull request #67522 from worldofpeace/gnome3/harmonize-defaults
Harmonize Gnome3 Defaults
2019-09-01 18:33:00 -04:00
worldofpeace
266db0820e rl-1909: note changes to gnome3 defaults 2019-09-01 18:27:28 -04:00
worldofpeace
acced1a381 rl-1909: note gnome3 profile style options 2019-09-01 18:27:28 -04:00
adisbladis
f140dfb161
nixos/desktop-managers/xterm: Disable by default
It's a confusing default for some display managers that will default
to it even when you have defined another display manager.
2019-09-01 22:17:35 +01:00
William Casarin
cec822a7bb release-notes: add altcoins removal note
Release notes for #67687 (bc08b42da4) [1]
Related issue: #25025 [2]

[1] https://github.com/NixOS/nixpkgs/issues/67687
[2] https://github.com/NixOS/nixpkgs/issues/25025

Suggested-by: @mmahut
Signed-off-by: William Casarin <jb55@jb55.com>
2019-09-01 10:03:18 -07:00
Florian Jacob
18a5d23b55 nixos/printers: declarative configuration 2019-09-01 15:38:30 +02:00
Florian Klink
8680f72c88 nixos/redis: add changelog for #67768 2019-09-01 14:12:47 +02:00
Florian Klink
ff2fd6c4e5 nixos/redis: unbreak module
The redis module currently fails to start up, most likely due to running
a chown as non-root in preStart.

While at it, I hardcoded it to use systemd's StateDirectory and
DynamicUser to manage directory permissions, removed the unused
appendOnlyFilename option, and the pidFile option.

We properly tell redis now it's daemonized, and it'll use notify support
to signal readiness.
2019-09-01 14:08:42 +02:00
worldofpeace
fcec3ff0dc rl-1909: add note about default emoji font 2019-09-01 00:12:12 -04:00
Florian Klink
645de3b611
Merge pull request #67840 from flokli/systemd-sysctl-sysrq-rl
release-notes: mention restricted SysRq key combinations
2019-09-01 03:59:34 +02:00
Marti Serra
d3de35967a crashplan, crashplan-small-business: remove pkg and module 2019-09-01 03:25:19 +02:00
Florian Klink
c48170ac02 release-notes: mention restricted SysRq key combinations
This was missing from #66482.
2019-08-31 18:44:35 +02:00
worldofpeace
0d220e4ed6 nixos/fontconfig-penultimate: disable by default
It currently lacks an emoji font-family which means it has to be
disabled for them to function [0].  Additionally it's fallen out of
necessity to ship custom font rendering settings (as far as I'm aware
of).

[0]: https://github.com/NixOS/nixpkgs/pull/67215
2019-08-30 19:50:30 -04:00
edef
722940fcdc nixos/release-notes: fix indentation 2019-08-30 19:32:25 +00:00
adisbladis
41d1b8fa88
emacsPackages: Drop old emacsPackages (non-NG) sets
These have been deprecated for a long time now and has not seen much maintenance.
2019-08-30 16:43:16 +01:00
Peter Simons
19a1e15501 rl-1909.xml: fix XML syntax error that broke the NixOS manual 2019-08-29 20:29:19 +02:00
Arian van Putten
604b7c139f Fix letsencrypt (#60219)
* nixos/acme: Fix ordering of cert requests

When subsequent certificates would be added, they would
not wake up nginx correctly due to target units only being triggered
once. We now added more fine-grained systemd dependencies to make sure
nginx always is aware of new certificates and doesn't restart too early
resulting in a crash.

Furthermore, the acme module has been refactored. Mostly to get
rid of the deprecated PermissionStartOnly systemd options which were
deprecated. Below is a summary of changes made.

* Use SERVICE_RESULT to determine status
This was added in systemd v232. we don't have to keep track
of the EXITCODE ourselves anymore.

* Add regression test for requesting mutliple domains

* Deprecate 'directory' option
We now use systemd's StateDirectory option to manage
create and permissions of the acme state directory.

* The webroot is created using a systemd.tmpfiles.rules rule
instead of the preStart script.

* Depend on certs directly

By getting rid of the target units, we make sure ordering
is correct in the case that you add new certs after already
having deployed some.

Reason it broke before:  acme-certificates.target would
be in active state, and if you then add a new cert, it
would still be active and hence nginx would restart
without even requesting a new cert. Not good!  We
make the dependencies more fine-grained now. this should fix that

* Remove activationDelay option

It complicated the code a lot, and is rather arbitrary. What if
your activation script takes more than activationDelay seconds?

Instead, one should use systemd dependencies to make sure some
action happens before setting the certificate live.

e.g. If you want to wait until your cert is published in DNS DANE /
TLSA, you could create a unit that blocks until it appears in DNS:

```
RequiredBy=acme-${cert}.service
After=acme-${cert}.service
ExecStart=publish-wait-for-dns-script
```
2019-08-29 16:32:59 +02:00
worldofpeace
b49a76566d
Merge pull request #67626 from worldofpeace/xfce4-14-doc
rl-1909: add note about Xfce 4.14
2019-08-28 13:54:16 -04:00
worldofpeace
722746c056 rl-1909: add note about Xfce 4.14 2019-08-28 09:57:01 -04:00
Maximilian Bosch
56a7bc05e1
nixos/treewide: drop dependencies to keys.target
The `keys.target` is used to indicate whether all NixOps keys were
successfully uploaded on an unattended reboot. However this can cause
startup issues e.g. with NixOS containers (see #67265) and can block
boots even though this might not be needed (e.g. with a dovecot2
instance running that doesn't need any of the NixOps keys).

As described in the NixOps manual[1], dependencies to keys should be
defined like this now:

``` nix
{
  systemd.services.myservice = {
    after = [ "secret-key.service" ];
    wants = [ "secret-key.service" ];
  };
}
```

However I'd leave the issue open until it's discussed whether or not to
keep `keys.target` in `nixpkgs`.

[1] https://nixos.org/nixops/manual/#idm140737322342384
2019-08-27 18:55:55 +02:00
Silvan Mosberger
210756a450
nixos/pdns-recursor: implement a settings option (#67251)
nixos/pdns-recursor: implement a `settings` option
2019-08-27 14:34:32 +02:00
rnhmjoj
d5f098a96c
nixos/doc: mention extraConfig -> settings change in pdns-recursor 2019-08-26 17:47:25 +02:00
Florian Klink
0fb17141fb nixos/systemd: enable cgroup accounting by default
If this is the default for OpenShift already, we probably can enable it
as well.

see https://github.com/openshift/machine-config-operator/pull/581
2019-08-25 22:26:12 +02:00
Alexander V. Nikolaev
885511cb5c rmilter: remove deprecated package (and module) 2019-08-24 17:33:48 +03:00
Robin Gloster
948b3e34a5
squid: remove v3, default to v4 2019-08-22 00:39:52 +02:00
Robin Gloster
f4fc845e5b
Merge remote-tracking branch 'upstream/master' into openssl-1.1 2019-08-21 14:25:13 +02:00
Aaron Andersen
249b4ad942
Merge pull request #66492 from aanderse/extra-subservice-cleanup
nixos/httpd: extraSubservices cleanup
2019-08-20 18:55:08 -04:00
Florian Klink
93a03177f2
Merge pull request #66482 from flokli/systemd-sysctl
nixos/systemd: install sysctl snippets
2019-08-19 16:32:00 +02:00
Nikolay Amiantov
9b30cf0cb4 nixos release notes: mention systemd.packages changes 2019-08-19 13:25:15 +03:00
Florian Klink
bafc256915 nixos/systemd: remove separate coredump module 2019-08-18 17:54:26 +02:00
Florian Klink
9be0327a49 nixos/systemd: install sysctl snippets
systemd provides two sysctl snippets, 50-coredump.conf and
50-default.conf.

These enable:
 - Loose reverse path filtering
 - Source route filtering
 - `fq_codel` as a packet scheduler (this helps to fight bufferbloat)

This also configures the kernel to pass coredumps to `systemd-coredump`.
These sysctl snippets can be found in `/etc/sysctl.d/50-*.conf`,
and overridden via `boot.kernel.sysctl`
(which will place the parameters in `/etc/sysctl.d/60-nixos.conf`.

Let's start using these, like other distros already do for quite some
time, and remove those duplicate `boot.kernel.sysctl` options we
previously did set.

In the case of rp_filter (which systemd would set to 2 (loose)), make
our overrides to "1" more explicit.
2019-08-18 17:54:26 +02:00
Florian Klink
e5965bd489 nixos/sysctl: rename /etc/sysctl.d/nixos.conf -> 60-nixos.conf
sysctl.d(5) recommends prefixing all filenames in /etc/sysctl.d with a
two-digit number and a dash, to simplify the ordering of the files.

Some packages provide custom files, often with "50-" prefix.
To ensure user-supplied configuration takes precedence over the one
specified via `boot.kernel.sysctl`, prefix the file generated there with
"60-".
2019-08-18 17:54:26 +02:00
danbst
d80cd26ff9 Merge branch 'master' into flip-map-foreach 2019-08-18 18:00:25 +03:00
Aaron Andersen
efbdce2e96 nixos/mantisbt: drop unmaintained module 2019-08-15 21:01:23 -04:00
Aaron Andersen
265163da07 nixos/systemhealth: drop unmaintained module 2019-08-15 21:01:23 -04:00
Matthew Bauer
011b12c3ca nixos: Add release notes for CUPS changes 2019-08-14 11:47:48 -04:00
worldofpeace
397c7d26fc installer: Don't run as root
There's many reason why it is and is going to
continue to be difficult to do this:

1. All display-managers (excluding slim) default PAM rules
   disallow root auto login.

2. We can't use wayland

3. We have to use system-wide pulseaudio

4. It could break applications in the session.
   This happened to dolphin in plasma5
   in the past.

This is a growing technical debt, let's just use
passwordless sudo.
2019-08-12 14:45:27 -04:00
Pierre Bourdon
67d1cf4707
nixos/ibus: do not default-install ibus-qt
ibus-qt has not seen a release in 5 years and is only relevant for Qt
4.x, which is becoming more and more rare. Using my current laptop as a
data point, ibus-qt is the only dependency left that drags in qt-4.8.7.
2019-08-10 19:37:12 +02:00
Matthew Bauer
ddf38a8241
Merge pull request #65002 from matthewbauer/binfmt-wasm
Add binfmt interpreter for wasm
2019-08-09 14:04:21 -04:00
Silvan Mosberger
013d403f30
nixos/dwm-status: add module (#51319)
nixos/dwm-status: add module
2019-08-09 15:39:50 +02:00
danbst
29ba0a0adf add release notes 2019-08-05 14:34:51 +03:00
WilliButz
370370aa2c
nixos/release-notes: add note about prometheus-exporters 2019-08-02 18:50:02 +02:00
Robin Gloster
30969073f0
Merge remote-tracking branch 'upstream/master' into openssl-1.1 2019-08-02 03:01:30 +02:00
adisbladis
9e9c6de50c
nodejs-8_x: Drop package
It will be EOL within the support period of 19.09
2019-08-02 02:34:47 +02:00
Robin Gloster
9b750c2474
shibboleth-sp: 2.6.1 -> 3.0.4.1 2019-07-30 00:06:12 +02:00
Aaron Andersen
ebd9067473 nixos/mediawiki: add release notes for 19.09 2019-07-23 22:03:20 -04:00
Aaron Andersen
72ef4786e1
Merge pull request #64151 from aanderse/httpd-extraSubservices
nixos/httpd: module cleanup
2019-07-23 21:58:40 -04:00
Maximilian Bosch
3944aa051c
nixos/nextcloud: write config to additional config file
One of the main problems of the Nextcloud module is that it's currently
not possible to alter e.g. database configuration after the initial
setup as it's written by their imperative installer to a file.

After some research[1] it turned out that it's possible to override all values
with an additional config file. The documentation has been
slightly updated to remain up-to-date, but the warnings should
remain there as the imperative configuration is still used and may cause
unwanted side-effects.

Also simplified the postgresql test which uses `ensure{Databases,Users}` to
configure the database.

Fixes #49783

[1] https://github.com/NixOS/nixpkgs/issues/49783#issuecomment-483063922
2019-07-22 18:29:52 +02:00
WilliButz
294bed66dc
nixos/release-notes: add note about nginx-exporter 2019-07-22 16:41:10 +02:00
Aaron Andersen
9b970d07f3 nixos/httpd: drop postgresql reference 2019-07-20 18:36:24 -04:00
Aaron Andersen
0fd69629c7 nixos/httpd: mark extraSubservices option as deprecated 2019-07-20 18:36:19 -04:00
Graham Christensen
d51b522a6e
Merge pull request #64052 from aanderse/tomcat-connector
nixos/httpd: drop tomcat-connector httpd subservice
2019-07-19 15:25:44 -04:00
Matthew Bauer
857f7fb4af nixos/binfmt: update release notes and provide examples 2019-07-17 17:09:20 -04:00
Linus Heckemann
a935eff7fa
Merge pull request #62835 from lheckemann/ipv6-privacy-extensions
Ipv6 privacy extensions
2019-07-14 19:27:54 +02:00
Aaron Andersen
c13fbe0551
Merge pull request #63844 from aanderse/zabbix-cleanup
nixos/zabbix: overhaul package & module
2019-07-12 06:12:51 -04:00
Aaron Andersen
08286b4f29 nixos/httpd: drop tomcat-connector httpd subservice 2019-07-11 20:58:55 -04:00
Aaron Andersen
649ec93c37 foswiki: drop package & httpd subservice 2019-07-11 19:46:30 -04:00
Aaron Andersen
6a1de5460b nixos/httpd: remove broken trac subservice 2019-07-11 19:19:27 -04:00
Aaron Andersen
6891fb4103 nixos/zabbixWeb: replace httpd subservice with new module 2019-07-11 18:45:46 -04:00
Aaron Andersen
ca336ac985
Merge pull request #64050 from aanderse/mercurial
nixos/httpd: drop mercurial httpd subservice
2019-07-09 12:54:01 -04:00
Ben Wolsieffer
d82840dbd1 nixos/release-notes: fix bad merge of cargo-vendor entry and overall indentation 2019-07-08 21:13:58 -04:00
adisbladis
d614edeb32
Revert Nodejs-8_x deprecation
This was supposed to go through a pull request

Revert "nodePackages: Regenerate node packages for nodejs 10 & 12"
This reverts commit 6a17bdf397.

Revert "nodejs-8_x: Drop package"
This reverts commit e06c97b71d.
2019-07-05 12:23:27 +01:00
adisbladis
e06c97b71d
nodejs-8_x: Drop package
It will be EOL within the support period of 19.09
2019-07-05 12:21:42 +01:00
Danylo Hlynskyi
d0e3c02a49
Merge pull request #63954 from nh2/consul-1.5.2
consul: 1.4.2 -> 1.4.4 -> 1.5.2
2019-07-04 19:55:39 +03:00
Elis Hirwing
80c7463a92
php: drop 7.1
PHP 7.1 is currently on life support, as in only recieving security related patches.

This will only continue until: 2019-12-01

This date are in the middle of the 19.09 lifecycle. So it would be
nice to not have it in the 19.09 stable release. Dropping it now would
also result in less maintanance in updating them.

The death dates can be seen on following links:
 - https://endoflife.date/php
 - https://php.net/supported-versions.php
 - https://en.wikipedia.org/wiki/PHP#Release_history
2019-07-04 14:31:49 +02:00
Aaron Andersen
b9e68389d1 nixos/wordpress: add release notes for 19.09 2019-07-03 11:50:34 -04:00
Aaron Andersen
f2a499549f nixos/httpd: drop mercurial httpd subservice 2019-07-01 15:34:00 -04:00
Niklas Hambüchen
9d17e5e77c manual: Add consul upgrade notes 2019-06-30 17:08:08 +02:00
Frederik Rietdijk
41377252e5 Merge master into staging-next 2019-06-18 10:53:28 +02:00
Jan Tojnar
a3f2131eb6 doc: Use prompt more often 2019-06-17 13:25:50 +02:00
Jan Tojnar
11cb382a4c
nixos/doc: Fix spurious indentation 2019-06-17 12:28:26 +02:00
Frederik Rietdijk
7adbdd9758 Merge master into staging-next 2019-06-16 09:04:24 +02:00
Frederik Rietdijk
395da1280e
Merge pull request #63100 from aanderse/phabricator-remove
drop unmaintained phabricator package, service, and httpd subservice
2019-06-15 13:08:48 +02:00
Aaron Andersen
3fabe1accb nixos/release-notes: add entry for phabricator 2019-06-15 07:02:11 -04:00
Frederik Rietdijk
7953a65269 Merge staging-next into staging 2019-06-12 09:24:00 +02:00
Frederik Rietdijk
7184efb40a Merge master into staging-next 2019-06-12 09:22:07 +02:00
Tobias Happ
003b42f332 nixos/dwm-status: add module 2019-06-12 00:15:10 +02:00
Robin Gloster
68c30f0d9b
Merge pull request #62153 from WilliButz/avahi-refactor
avahi: set service directory and refactor module
2019-06-11 14:04:33 +00:00
adisbladis
32b374f780
Merge pull request #62315 from adisbladis/pulseaudio/resample-method
nixos/pulseaudio: Set speex-float-5 as default resample-method
2019-06-10 15:05:44 +02:00
Maximilian Bosch
338a6e3f38
Merge pull request #62935 from danieldk/cargo-vendor-change-doc
nixos/release-notes: document changed CargoSha256 hashes
2019-06-10 10:56:33 +02:00
Frederik Rietdijk
e58f0f6c99 Merge master into staging-next 2019-06-10 10:35:50 +02:00
Daniël de Kok
b5b5648be8 nixos/release-notes: document changed CargoSha256 hashes
cargoSha256 hashes change as result of changes in cargo-vendor, as
discussed in #60668.
2019-06-10 08:42:19 +02:00
Frederik Rietdijk
d3afcac771 Merge master into staging-next 2019-06-09 12:28:52 +02:00
Elis Hirwing
40af20b472
php: Upgrade to php73 as default php 2019-06-09 11:18:44 +02:00
Izorkin
82ad143a51
nixos/zsh: move zsh setopt 2019-06-09 00:13:01 +02:00
Linus Heckemann
ab225fc1ab release notes: document IPv6 privacy extensions change 2019-06-07 21:53:59 +02:00
worldofpeace
29cc54c383 rl-1909: add note about PulseAudio resample-method 2019-06-06 18:50:33 -04:00
Vladimír Čunát
c0ccf42c69
Merge branch 'staging-next' into staging 2019-06-05 11:12:34 +02:00
WilliButz
229e7834eb
nixos/doc: add section about avahi changes 2019-06-04 00:23:49 +02:00
Vladimír Čunát
ee86a325dd
Merge branch 'staging-next' into staging
Conflicts (simple):
	nixos/doc/manual/release-notes/rl-1909.xml
2019-06-03 22:34:49 +02:00
Andreas Rammhold
9077623324
nixos/misc: warn when someone is using the nixops autoLuks module
The autoLuks module is not really compatible with the updated systemd
version anymore. We started dropping NixOS specific patches that caused
unwanted side effects that we had to work around otherwise.

This change points users towards the relevant PR and spits out a bit of
information on how to deal with the situation.
2019-06-03 15:05:23 +02:00
Andreas Rammhold
024a383d64
nixos/systemd: migrate systemd-timesync state when required
Somewhen between systemd v239 and v242 upstream decided to no longer run
a few system services with `DyanmicUser=1` but failed to provide a
migration path for all the state those services left behind.

For the case of systemd-timesync the state has to be moved from
/var/lib/private/systemd/timesync to /var/lib/systemd/timesync if
/var/lib/systemd/timesync is currently a symlink.

We only do this if the stateVersion is still below 19.09 to avoid
starting to have an ever growing activation script for (then) ancient
systemd migrations that are no longer required.

See https://github.com/systemd/systemd/issues/12131 for details about
the missing migration path and related discussion.
2019-06-03 15:05:19 +02:00
Andreas Rammhold
1b7b1dbe2f
nixos/networkd: rename GatewayOnlink to GatewayOnLink
This follows upstreams renaming of the option [1].

[1] 9cb8c55934
2019-06-03 15:05:17 +02:00
Daniël de Kok
344ccd0d6d nixos/release-notes: mention removal of Bittorrent Sync 2019-06-03 09:18:39 +02:00
Aaron Andersen
ce778b8292 nixos: remove duplicate section from release notes 2019-06-02 10:14:16 -04:00
Matthew Bauer
f21b846afe
Merge pull request #57752 from aanderse/limesurvey
limesurvey: 2.05_plus_141210 -> 3.17.1+190408, init module
2019-06-01 17:31:15 -04:00
Florian Klink
5ea7a3eb21 nixos/mysql: drop services.mysql.pidDir
mysql already has its socket path hardcoded to to
/run/mysqld/mysqld.sock.
There's not much value in making the pidDir configurable, which also
points to /run/mysqld by default.

We only seem to use `services.mysql.pidDir` in the wordpress startup
script, to wait for mysql to boot up, but we can also simply wait on the
(hardcoded) socket location too.

A much nicer way to accomplish that would be to properly describe a
dependency on mysqld.service. This however is not easily doable, due to
how the apache-httpd module was designed.
2019-05-31 22:27:55 +02:00
Florian Klink
edd10c12f7 nixos/mysql: run as mysql user and group
As we don't need to setup data directories from ExecStartPre= scripts
anymore, which required root, but use systemd.tmpfiles.rules instead,
everything can be run as just the mysql user.
2019-05-31 22:27:55 +02:00
Aaron Andersen
5cf98d29e7 nixos/limesurvey: init module to replace apache subservice 2019-05-28 23:02:34 -04:00
Maximilian Bosch
a9d67d54b0
hunspellDicts.fr-any: link fr-moderne to fr_FR
Some packages like `ibus-engines.typing-booster` require the dictionary
`fr_FR.dic` to provide proper support for the french language.

Until now the hunspell package set of nixpkgs didn't provide this
dictionary. It has been recommended to use `fr-moderne` as base and link
`fr_FR.dic` from it as done by other distros such as ArchLinux.

See https://github.com/NixOS/nixpkgs/issues/46940#issuecomment-423684570

Fixes #46940
2019-05-23 15:53:50 +02:00
Vladimír Čunát
dd917dc71a nixos/release-notes: mention length of release support
I took the date for 19.03 from the announcement:
https://discourse.nixos.org/t/nixos-19-03-release/2652
2019-05-20 12:31:24 +01:00
Elis Hirwing
02cd2b00e7
emby: Drop package and module and refer to jellyfin 2019-05-01 17:47:32 +02:00
Aaron Andersen
5b76046db3 nixos/nzbget: fix broken service, add a nixos test, as well as some general improvements 2019-04-25 20:28:39 -04:00
Bas van Dijk
e7fadde7a7 nixos/doc: remove prometheus2 notes from the 19.09 release notes
prometheus2 has been backported to 19.03 so it won't be new for 19.09.
2019-04-16 09:47:45 +02:00
adisbladis
4b4caa9413
Merge pull request #59368 from suhr/tox-node
nixos/tox-node: init
2019-04-15 12:28:27 +03:00
Сухарик
6cb40f7b0b
nixos/tox-node: init 2019-04-15 09:27:27 +01:00
Sarah Brofeldt
f839011719
Merge pull request #58512 from aanderse/solr
solr: init at 8.0.0
2019-04-14 11:16:28 +02:00
Frederik Rietdijk
230c67f43b Merge master into staging-next 2019-04-11 07:50:23 +02:00
Aaron Andersen
ee7565af9d solr: init at 8.0.0 2019-04-10 20:12:41 -04:00
Bas van Dijk
cd4486ecc3 nixos/prometheus/alertmanager: use DynamicUser instead of nobody
See issue #55370
2019-04-10 20:38:40 +02:00
Linus Heckemann
4557373d68
Merge pull request #58858 from worldofpeace/pantheon/lightdm-gtk-greeter
nixos/pantheon: enable lightdm gtk greeter
2019-04-10 09:36:20 +02:00
aszlig
f98b4b0fda
nixos: Fix build of manual
Commit 29d7d8f44d has introduced another
section with the ID "sec-release-19.09-incompatibilities", which
subsequently causes the build to fail.

I just merged both sections and the manual is now building again.

Signed-off-by: aszlig <aszlig@nix.build>
2019-04-09 17:18:43 +02:00
Frederik Rietdijk
d108b49168 Merge master into staging-next 2019-04-09 16:38:35 +02:00
Bas van Dijk
2f2e2971d6
Merge pull request #58255 from jbgi/prometheus2
Add Prometheus 2 service in parallel with 1.x version (continuation)
2019-04-09 14:14:18 +02:00
Bas van Dijk
b423b73adc nixos/doc: add Prometheus stateDir handling to rl-1909.xml 2019-04-09 13:13:44 +02:00
Linus Heckemann
0ce382d868 rl-1903: pantheon notes phrasing/organisation 2019-04-08 16:22:58 -04:00
Bas van Dijk
29d7d8f44d nixos/doc: added the Prometheus changes to the 19.09 release notes 2019-04-08 19:39:22 +02:00
Jan Tojnar
cb1a20499a
Merge branch 'master' into staging 2019-04-05 11:37:15 +02:00
tobias pflug
0e296d5fcd
Remove nodejs-6_x which is about to enter EOL
- Remove nodejs-6_x
- Set nodejs / nodejs-slim to nodejs-8_x / nodejs-slim-8_x
- Re-generate node2nix generated files using nodejs-8_x instead
2019-04-04 18:43:06 +01:00
Florian Klink
8313a5dcd3
Merge pull request #58588 from shazow/fix/vlc
vlc: Add chromecast support; libmicrodns: Init at 0.0.10
2019-04-01 17:16:42 +02:00
Andrey Petrov
c37aa79639 vlc: add chromecastSupport option
Enables Chromecast support by default in VLC.

Fixes #58365.

Includes release note.
2019-04-01 09:44:56 -04:00
John Ericson
4ccb74011f Merge commit '18aa59b0f26fc707e7313f8467e67159e61600c2' from master into staging
There was one conflict in the NixOS manual; I checked that it still
built after resolving it.
2019-04-01 00:40:03 -04:00
worldofpeace
099cc0482b nixos/pantheon: enable lightdm gtk greeter
Pantheon's greeter has numerous issues that cannot be
fixed in a timely manner, and users are better off if they just
didn't use it by default.
2019-03-29 21:29:59 -04:00
aszlig
dcf40f7c24
Merge pull request #57519 (systemd-confinement)
Currently if you want to properly chroot a systemd service, you could do
it using BindReadOnlyPaths=/nix/store or use a separate derivation which
gathers the runtime closure of the service you want to chroot. The
former is the easier method and there is also a method directly offered
by systemd, called ProtectSystem, which still leaves the whole store
accessible. The latter however is a bit more involved, because you need
to bind-mount each store path of the runtime closure of the service you
want to chroot.

This can be achieved using pkgs.closureInfo and a small derivation that
packs everything into a systemd unit, which later can be added to
systemd.packages.

However, this process is a bit tedious, so the changes here implement
this in a more generic way.

Now if you want to chroot a systemd service, all you need to do is:

  {
    systemd.services.myservice = {
      description = "My Shiny Service";
      wantedBy = [ "multi-user.target" ];

      confinement.enable = true;
      serviceConfig.ExecStart = "${pkgs.myservice}/bin/myservice";
    };
  }

If more than the dependencies for the ExecStart* and ExecStop* (which
btw. also includes script and {pre,post}Start) need to be in the chroot,
it can be specified using the confinement.packages option. By default
(which uses the full-apivfs confinement mode), a user namespace is set
up as well and /proc, /sys and /dev are mounted appropriately.

In addition - and by default - a /bin/sh executable is provided, which
is useful for most programs that use the system() C library call to
execute commands via shell.

Unfortunately, there are a few limitations at the moment. The first
being that DynamicUser doesn't work in conjunction with tmpfs, because
systemd seems to ignore the TemporaryFileSystem option if DynamicUser is
enabled. I started implementing a workaround to do this, but I decided
to not include it as part of this pull request, because it needs a lot
more testing to ensure it's consistent with the behaviour without
DynamicUser.

The second limitation/issue is that RootDirectoryStartOnly doesn't work
right now, because it only affects the RootDirectory option and doesn't
include/exclude the individual bind mounts or the tmpfs.

A quirk we do have right now is that systemd tries to create a /usr
directory within the chroot, which subsequently fails. Fortunately, this
is just an ugly error and not a hard failure.

The changes also come with a changelog entry for NixOS 19.03, which is
why I asked for a vote of the NixOS 19.03 stable maintainers whether to
include it (I admit it's a bit late a few days before official release,
sorry for that):

  @samueldr:

    Via pull request comment[1]:

      +1 for backporting as this only enhances the feature set of nixos,
      and does not (at a glance) change existing behaviours.

    Via IRC:

      new feature: -1, tests +1, we're at zero, self-contained, with no
      global effects without actively using it, +1, I think it's good

  @lheckemann:

    Via pull request comment[2]:

      I'm neutral on backporting. On the one hand, as @samueldr says,
      this doesn't change any existing functionality. On the other hand,
      it's a new feature and we're well past the feature freeze, which
      AFAIU is intended so that new, potentially buggy features aren't
      introduced in the "stabilisation period". It is a cool feature
      though? :)

A few other people on IRC didn't have opposition either against late
inclusion into NixOS 19.03:

  @edolstra:  "I'm not against it"
  @Infinisil: "+1 from me as well"
  @grahamc:   "IMO its up to the RMs"

So that makes +1 from @samueldr, 0 from @lheckemann, 0 from @edolstra
and +1 from @Infinisil (even though he's not a release manager) and no
opposition from anyone, which is the reason why I'm merging this right
now.

I also would like to thank @Infinisil, @edolstra and @danbst for their
reviews.

[1]: https://github.com/NixOS/nixpkgs/pull/57519#issuecomment-477322127
[2]: https://github.com/NixOS/nixpkgs/pull/57519#issuecomment-477548395
2019-03-29 04:37:53 +01:00
Florian Klink
8817bbefdb nixos/ldap: set proper User= and Group= for nslcd service
eb90d97009 broke nslcd, as /run/nslcd was
created/chowned as root user, while nslcd wants to do parts as nslcd
user.

This commit changes the nslcd to run with the proper uid/gid from the
start (through User= and Group=), so the RuntimeDirectory has proper
permissions, too.

In some cases, secrets are baked into nslcd's config file during startup
(so we don't want to provide it from the store).

This config file is normally hard-wired to /etc/nslcd.conf, but we don't
want to use PermissionsStartOnly anymore (#56265), and activation
scripts are ugly, so redirect /etc/nslcd.conf to /run/nslcd/nslcd.conf,
which now gets provisioned inside ExecStartPre=.

This change requires the files referenced to in
users.ldap.bind.passwordFile and users.ldap.daemon.rootpwmodpwFile to be
readable by the nslcd user (in the non-nslcd case, this was already the
case for users.ldap.bind.passwordFile)

fixes #57783
2019-03-28 13:08:47 +01:00
aszlig
ada3239253
nixos/release-notes: Add entry about confinement
First of all, the reason I added this to the "highlights" section is
that we want users to be aware of these options, because in the end we
really want to decrease the attack surface of NixOS services and this is
a step towards improving that situation.

The reason why I'm adding this to the changelog of the NixOS 19.03
release instead of 19.09 is that it makes backporting services that use
these options easier. Doing the backport of the confinement module after
the official release would mean that it's not part of the release
announcement and potentially could fall under the radar of most users.

These options and the whole module also do not change anything in
existing services or affect other modules, so they're purely optional.

Adding this "last minute" to the 19.03 release doesn't hurt and is
probably a good preparation for the next months where we hopefully
confine as much services as we can :-)

I also have asked @samueldr and @lheckemann, whether they're okay with
the inclusion in 19.03. While so far only @samueldr has accepted the
change, we can still move the changelog entry to the NixOS 19.09 release
notes in case @lheckemann rejects it.

Signed-off-by: aszlig <aszlig@nix.build>
2019-03-27 21:07:07 +01:00
Danylo Hlynskyi
40cc269561
Merge branch 'master' into postgresql-socket-in-run 2019-03-25 01:06:59 +02:00
Dmitry Kalinkin
6f95ac3588
Merge pull request #57988 from lopsided98/buildbot-update
buildbot: 1.8.1 -> 2.1.0
2019-03-23 20:38:20 -04:00
Frederik Rietdijk
23e431387b Merge staging-next into staging 2019-03-23 09:20:09 +01:00
Ben Wolsieffer
b2e11e0cdf buildbot: 1.8.1 -> 2.1.0 2019-03-22 18:43:15 -04:00
Florian Klink
9aa57902cc
Merge pull request #57938 from flokli/network-manager-rename-changelog
network-manager: move para about service rename to 19.09 changelog
2019-03-22 19:18:47 +01:00
Vladimír Čunát
4c3ec0e325
nixos docs: run the formatting tool (no content change)
As documented in the docs themselves :-)
2019-03-22 14:44:11 +01:00
Wael M. Nasreddine
5af0780492
Merge remote-tracking branch 'origin/master' into staging
* origin/master: (693 commits)
  buildGoModule: use go_1_12 instead of go_1_11 (#58103)
  gitAndTools.lab: 0.15.2 -> 0.15.3 (#58091)
  signal-desktop: 1.22.0 -> 1.23.0
  added missing semicolon to documentation
  terminus_font_ttf: 4.46.0 -> 4.47.0
  buildGoModule: remove SSL env vars in favor of cacert in buildInputs (#58071)
  dav1d: init at 0.2.1
  dropbox-cli: 2018.11.28 -> 2019.02.14
  atlassian-confluence: 6.14.1 -> 6.14.2
  maintainers: update email for dywedir
  python.pkgs.hglib: use patch to specify hg path (#57926)
  chkrootkit: 0.52 -> 0.53
  radare2-cutter: 1.7.2 -> 1.8.0
  autorandr: 1.7 -> 1.8
  pythonPackages.pyhepmc: fix build
  llvm-polly/clang-polly: use latest llvm
  apulse: 0.1.11.1 -> 0.1.12, cleanup
  factorio: experimental 0.17.14 → 0.17.16 (#58000)
  sequeler: 0.6.7 -> 0.6.8
  nasc: 0.5.1 -> 0.5.2
  ...
2019-03-21 21:01:25 -07:00
Florian Klink
a54e41a673 network-manager: move para about service rename to 19.09 changelog 2019-03-20 03:09:59 +01:00
Jörg Thalheim
b488c60cdb network-manager: rename systemd service back to match upstream
Compatibility with other distributions/software and expectation
of users coming from other systems should have higher priority over consistency.
In particular this fixes #51375, where the NetworkManager-wait-online.service
broke as a result of this.
2019-03-19 23:48:08 +01:00
Léo Gaspard
59c5630f60
Merge branch 'pr-57699'
* pr-57699:
  nixos/matrix: add manual section about self-hosting a matrix client and server
2019-03-16 14:48:39 +01:00