Commit graph

10875 commits

Author SHA1 Message Date
Graham Christensen
f14b6cb6ec
Merge pull request #44526 from samueldr/feature/actiavation-failure-identification
nixos/activation: Identifies the snippet that failed
2018-09-02 14:28:10 -04:00
Yorick
1ee3ad6732 wireguard: change preStop to postStop, require network.target (#45569)
* wireguard: change preStop to postStop, require network.target

* wireguard service: network.target -> network-online.target
2018-09-02 17:07:55 +02:00
volth
a9a8043b9b install-grub.pl: avoid double '/' in menu.lst and grub.conf (#45907)
Although double '/' in paths is not a problem for GRUB supplied with nixpkgs, sometimes NixOS's grub.conf read by external GRUB and there are versions of GRUB which fail
2018-09-02 14:34:55 +02:00
Uli Baum
13c3986b7a nixos/tests/networking.*.macvlan: disable reverse path check
Generated reverse path filtering rules for the macvlan interface
seem to be incorrect, causing the test to fail - sometimes or always,
depending on the dhcpcd version used.
- Disable reverse path checking temporarily to avoid blocking the channel
- Print more diagnostic information for debugging
2018-09-02 12:26:28 +02:00
xeji
224a5503ca
nixos/release.nix: disable blivet test (#45931)
- has been broken since 2017-07-24
- no attempts to fix it
- it tests an outdated blivet version (Oct 2014)
2018-09-02 09:37:48 +02:00
Uli Baum
5f72169b03 nixos/displayManagers/auto: allow root auto-login
The switch from slim to lightdm in #30890 broke some nixos tests
because lightdm by default doesn't permit auto-login for root.
Override /etc/pam.d/lightdm-autologin to allow it.
2018-09-02 08:18:10 +02:00
aszlig
f865d0feab
nixos: Split paras by \n\n in option descriptions
What annoyed me for a long time was the fact, that in order to break
into a new paragraph, you need to insert </para><para> in the
description attribute of an option.

Now we will automatically create <para/> elements for every block that
is separated by two consecutive newlines.

I first tried to do this within options-to-docbook.xsl, but it turns
out[1] that this isn't directly possible with XSLT 1.0, so I added
another XSLT file that postprocesses the option descriptions that are
now enclosed in <nixos:option-description/> by options-to-docbook.xsl.

The splitting itself is a bit more involved, because we can't simply
split on every \n\n because we'd also split text nodes of elements, for
example:

  <screen><![CDATA[

    one line

    another one

  ]]></screen>

This would create one <para/> element for "one line" and another for
"another line", which we obviously don't want because <screen/> is used
to display verbatim contents of what a user is seeing on the screen.

So what we do instead is splitting *only* the top-level text nodes
within the outermost <para/> and leave all elements as-is. If there are
more than one <para/> elements at the top-level, we simply don't process
it at all, because the description then already contains </para><para>.

https://www.mhonarc.org/archive/html/xsl-list/2012-09/msg00319.html

Signed-off-by: aszlig <aszlig@nix.build>
Cc: @edolstra, @domenkozar
2018-09-02 08:10:37 +02:00
Florian Klink
953b77f07b bird: set reloadIfChanged to true (#45924)
This will trigger the reload instead of restart command if a definition
changes, which is much more desireable for a routing daemon.
2018-09-02 06:51:32 +02:00
Samuel Dionne-Riel
ca47cc90c2
Merge pull request #39142 from teto/nm_dispatchers
[RDY] networkmanager: enrich dispatcher PATH
2018-09-01 23:26:36 -04:00
Graham Christensen
2d5f599b35
Merge pull request #44347 from zhangyoufu/patch-28620
fix vlan interface bring up on boot
2018-09-01 21:28:31 -04:00
Uli Baum
7e9bd2dae1 nixos/tests/flatpak: explicitly disable gdm to fix eval
The switch to lightdm as default display manager in #30890
broke eval of the flatpak test. Since the test uses the
auto display manager (lightdm), gdm must now be explicitly disabled.
2018-09-02 01:57:20 +02:00
Uli Baum
15e6e1ff6f nixos/nginx: fix type of sslTrustedCertificate option
The option was added in 1251b34b5b
with type `types.path` but default `null`, so eval failed with
the default setting. This broke the acme and certmgr tests.

cc: @vincentbernat @fpletz
2018-09-02 01:35:59 +02:00
Graham Christensen
53c77e64fe
nixos docs: footnotes: give IDs 2018-09-01 16:24:37 -04:00
Graham Christensen
73bff467d2
makefile: auto-format xml docs outside of the doc subdir 2018-09-01 16:20:49 -04:00
Graham Christensen
34d2ec7c09
nixos docs: give IDs to things 2018-09-01 16:20:49 -04:00
Graham Christensen
18fd616351
nixos docs: Give sections IDs 2018-09-01 16:20:49 -04:00
Uli Baum
d660428f85 nixos-generate-config.pl: remove executable bit
it was erroneously set in cb1ca42009
although this file isn't executable before patching shebangs.
2018-09-01 21:29:30 +02:00
volth
2413fcdfeb services.xserver.windowManager.session: handle duplicate names (#37690) 2018-09-01 21:27:17 +02:00
Vladimír Čunát
37a45e5a97
nixos-generate-config: fix perl quoting after cb1ca42 2018-09-01 21:13:54 +02:00
Samuel Dionne-Riel
4ff5f304b9 nixos/manual: nixos-help knows about colon-separated BROWSER
This is the semantics as understood by `xdg-open`. Using these semantics
on a non-colon-separated variable works because it acts as if it was a
one element long list.

This fixes an issue where it would try to exec
`google-chrome-beta:google-chrome:chromium:firefox` on a system
configured with these semantics in mind.
2018-09-01 13:48:49 -04:00
Vladimír Čunát
0e7ba35ddc
Merge #45910: Fix i686 installer iso build 2018-09-01 19:15:39 +02:00
Samuel Dionne-Riel
3aae9fc3f9 nixos/iso-image.nix: fixes i686 installer iso build.
Fixes #45908
2018-09-01 13:00:58 -04:00
Venkateswara Rao Mandela
cb1ca42009 nixos/doc: add instructions for installation behind a proxy (#45854)
The instructions to install nixos behind a proxy were not clear. While
one could guess that setting http_proxy variables can get the install
rolling, one could end up with an installed system where the proxy
settings for the nix-daemon are not configured.

This commit updates the documentation with

1. steps to install behind a proxy

2. configure the global proxy settings so that nix-daemon can access
internet.

3. Pointers to use nesting.clone in case one has to use different proxy
settings on different networks.
2018-09-01 16:12:35 +02:00
xeji
ff679f86a2
Merge pull request #30890 from Lassulus/slim-lightdm
display-managers: make lightdm the default
2018-09-01 16:11:38 +02:00
volth
2c072b9ddc stage-1-init.sh: do not check mounted filesystems (#45891)
fsck of a mounted filesystems fails with error code 8 "Operational error" and halts the boot processing
2018-09-01 15:26:16 +02:00
Jörg Thalheim
58c29e9e75
Merge pull request #45875 from wizeman/u/fix-transmission-mod2
nixos/transmission: fix AppArmor profile to include keyutils
2018-09-01 12:13:22 +01:00
Uli Baum
43e30b1ead nixos/tests/installer: add missing system.extraDependencies
Since 1b11fdd0df the test VM
depends on some extra packages to build the system to be installed.
This broke the installer test as it tried to download/build these
packages in a sandbox.
2018-09-01 11:50:02 +02:00
Vladimír Čunát
9b0649ae3e
Merge #45774: linux_testing_bcachefs: upgrade, add tests 2018-09-01 11:06:29 +02:00
Vladimír Čunát
0473466ba5
Merge #45731: artwork update (replacing old logo) 2018-09-01 10:43:20 +02:00
Okina Matara
3d1fecd5bd nixos/tests/bcachefs: init 2018-08-31 21:19:53 -05:00
Graham Christensen
4477cf04b6
Document running nixos-rebuild switch to clear /boot space 2018-08-31 21:37:07 -04:00
lassulus
fc035da4a4 xserver.displayManager: change default
Switch from slim to lightdm as the display-manager.
    If plasma5 is used as desktop-manager use sdddm.
    If gnome3 is used as desktop-manager use gdm.

    Based on #12516
2018-08-31 17:57:39 +02:00
Ricardo M. Correia
6376c5df87 nixos/transmission: fix AppArmor profile to include keyutils 2018-08-31 17:19:29 +02:00
Tobias Happ
8f0bafcaff nixos/gitea: fix pre start script (#44979)
The gitea path is hardcoded in hooks directory in files of paths like:
    repositories/<user>/<repo>.git/hooks/update.d/gitea
2018-08-31 16:39:58 +02:00
John Ericson
2c4a75e9ef
Merge pull request #45820 from obsidiansystems/dont-use-obsolete-platform-aliases
treewide: Dont use obsolete platform aliases
2018-08-31 09:56:10 -04:00
xeji
4db15ba7b8
Merge pull request #45748 from xeji/p/nfs-232
nfs-utils: 2.1.1 -> 2.3.2, integrate libnfsidmap
2018-08-31 14:23:56 +02:00
チルノ
17564e0ed9 nixos/zeronet: init (#44842) 2018-08-31 11:40:23 +01:00
Sarah Brofeldt
bb321a2624
Merge pull request #45811 from Nadrieril/fix-usbguard-auditfile
nixos/usbguard: ensure the audit log file can be created 
nixos/usbguard: disable debug output
2018-08-31 11:40:13 +02:00
Franz Pletz
1cc916b5b2
Merge pull request #45810 from vincentbernat/fix/nginx-stapling
nixos/nginx: ensure TLS OCSP stapling works out of the box with LE
2018-08-31 07:18:40 +00:00
Jan Tojnar
f0136e4bc8
Merge pull request #45638 from aanderse/incron
incron: init at 0.5.12
2018-08-31 06:54:58 +01:00
Aaron Andersen
9b12db6928 changed from forking to simple as recommended by @aszlig 2018-08-31 03:03:04 +00:00
Aaron Andersen
d7d7533c18 changes as per requested by @aszlig 2018-08-31 02:52:49 +00:00
Aaron Andersen
7bc2a0dd64 removed quotes when not needed as suggested by @aszlig 2018-08-31 02:17:38 +00:00
John Ericson
2c2f1e37d4 reewide: Purge all uses stdenv.system and top-level system
It is deprecated and will be removed after 18.09.
2018-08-30 17:20:32 -04:00
Nadrieril
9b9ba8405b nixos/usbguard: ensure the audit log file can be created
Since version 0.7.3, usbguard-daemon won't start if the file cannot be opened.
2018-08-30 21:54:22 +01:00
Nadrieril
08148a746a nixos/usbguard: disable debug output 2018-08-30 21:54:22 +01:00
Vincent Bernat
1251b34b5b nixos/nginx: ensure TLS OCSP stapling works out of the box with LE
The recommended TLS configuration comes with `ssl_stapling on` and
`ssl_stapling_verify on`. However, this last directive also requires
the use of `ssl_trusted_certificate` to verify the received answer.
When using `enableACME` or similar, we can help the user by providing
the correct value for the directive.

The result can be tested with:

    openssl s_client -connect web.example.com:443 -status 2> /dev/null

Without OCSP stapling, we get:

    OCSP response: no response sent

After this change, we get:

    OCSP Response Data:
        OCSP Response Status: successful (0x0)
        Response Type: Basic OCSP Response
        Version: 1 (0x0)
        Responder Id: C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
        Produced At: Aug 30 20:46:00 2018 GMT
2018-08-30 22:47:41 +02:00
Uli Baum
e0ca51c367 nixos/tests/nfs: fix nfs4 client mount path
nfs4 exports from a virtual filesystem root,
so the client mount path differs from nfs3
2018-08-30 19:57:39 +02:00
Samuel Dionne-Riel
aa0556415b
Merge pull request #45779 from grahamc/bump-nix-version
Nix minimal version: 1.11 -> 2.0
2018-08-30 11:39:18 -04:00
Jan Tojnar
8a8056c302
Merge pull request #45058 from michaelpj/imp/freedesktop-modules
freedesktop modules: init
2018-08-30 16:14:35 +01:00
Jan Malakhovski
8952375b48 nixos/shells: fix indent everywhere
to comply with `doc/coding-conventions.xml`
2018-08-30 13:20:39 +00:00
Tor Hedin Brønner
d273db48c6 nixos/shells: avoid overriding the environment for child shells
A shared exported guard `__NIXOS_SET_ENVIRONMENT_DONE` is introduced that can
be used to prevent child shells from sourcing `system.build.setEnvironment`
the second time.

This fixes e.g. `nix run derivation` when run from e.g. ZSH through the console or
ssh. Before this Bash would resource the common environment resetting the `PATH`
environment variable.

We also export `system.build.setEnvironment` to `/etc/set-environment` making it
easy to reset the common environment with `. /etc/set-environment` when
needed and to grep for environment variables in `/etc` (which was the
motivation of #30418).

This reverts changes made in b00a3fc6fd
(the original #30418).
2018-08-30 13:20:39 +00:00
Graham Christensen
18f9539655
nixos docs: add release notes for nix 2.0 requiremnt bump 2018-08-30 08:52:43 -04:00
Bjørn Forsman
ee56a2cc19 treewide: fix typo: asumed -> assumed 2018-08-30 10:19:20 +02:00
Johannes Lötzsch
bb08d1c13f nixos/zabbix: fix initial database creation (#45750)
without this fix the database setup fails with „could not connect to database postgres: FATAL:  role "root" does not exist“
2018-08-30 08:25:13 +01:00
Graham Christensen
a141b3aad8
Merge pull request #33686 from samueldr/artwork/iso
(Installation media) Bootloader artwork refresh
2018-08-29 15:31:13 -04:00
Nikolay Amiantov
69407cb013 firewall service: respect marks in rpfilter (#39054)
This allows one to add rules which change a packet's routing table:

iptables -t raw -I PREROUTING 1 -m set --match-set myset src -j MARK --set-mark 2
ip rule add fwmark 2 table 1 priority 1000
ip route add default dev wg0 table 1

to the beginning of raw table PREROUTING chain, and still have rpfilter.
2018-08-29 20:50:53 +02:00
xeji
70b3ac8378
nixos/tests/i3wm: prevent non-deterministic failure (#45759)
Test failed sporadically on Hydra, probably due to timing issues.
These changes should make that less likely to occur.
2018-08-29 19:38:35 +02:00
xeji
ff6a61ad1b
nixos/tests/mesos: fix test (#45758)
fallout from 39e678e24e :
dockerTools.buildImage no longer applies default tag "latest"
2018-08-29 19:38:00 +02:00
Brian Olsen
9540b1c535 nixos/tests: Set DefaultTimeoutStartSec very high (#44916)
DefaultTimeoutStartSec is normally set to 90 seconds and works fine. But
when running NixOS tests on a very slow machine (like a VM without
nested virtualisation support) this default is to low and causes
systemd units to fail spuriously. One symptom of this issue are tests
at times failing with "timed out waiting for the VM to connect".

Since the VM connect timeout is 300 seconds I also set
DefaultTimeoutStartSec to this which is ridiculously high.
2018-08-29 12:12:12 +02:00
Samuel Dionne-Riel
01259ef98f nixos/grub: Uses the new artwork as the default option.
This also includes a set of defaults *for this option*, where when not
used, other saner defaults are used.
2018-08-29 00:04:58 -04:00
Samuel Dionne-Riel
e8406f937e nixos/grub: Adds background color and mode options
The background color option is self-explanatory.

The mode is either `normal` or `stretch`, they are as defined by GRUB,
where normal will put the image in the top-left corner of the menu, and
stretch is the default, where it stretches the image without
consideration for the aspect ratio.

 * https://www.gnu.org/software/grub/manual/grub/grub.html#background_005fimage
2018-08-29 00:04:58 -04:00
Samuel Dionne-Riel
bc5b26b4ab Reviews use of old nixos wallpaper to use one with the new logo.
The wallpaper used is *structurally compatible* with the other one,
meaning that the logo is at the same location, and not bigger.

It has one drawback: the logo is brighter, which clashes with the grub
usage. This is to be fixed with new options in grub.
2018-08-29 00:04:58 -04:00
Aaron Andersen
d9943e6bba added option to specify which packages are available to the system incrontab
recommendation by @jtojnar and @maurer
2018-08-29 00:43:28 +00:00
Aaron Andersen
3d1091eb5b added a check to make sure a situation where a defined configuration wouldn't be unused as per recommended by @maurer 2018-08-28 23:50:55 +00:00
Ben Wolsieffer
442681cc2a nixos/networkd: fix range assertions on 32 bit Nix 2018-08-28 19:31:10 -04:00
Dennis Gosnell
7d23ffb736 virtualbox: Change the virtualbox tests to not build the unfree tests by default. (#45415) 2018-08-28 22:28:47 +02:00
Matt McHenry
94a906b59a systemd: ensure fsck Requires/After links are created in mount units
systemd-fsck-generator only produces these lines if it can find the
necessary fsck executable in its PATH.

fixes #29139.
2018-08-28 17:12:49 +02:00
Tuomas Tynkkynen
69b4f427b6 nixos/zabbix-agent: Make the Zabbix package user-configurable 2018-08-28 17:43:12 +03:00
Eelco Dolstra
c251ec691a
virtualization.growPartition -> virtualisation.growPartition
There never was a 'virtualization.growPartition'. This got messed up
in eddf30cc93.

Issue #36590.
2018-08-28 14:24:39 +02:00
Jörg Thalheim
6a0a12a921
Merge pull request #45659 from vincentbernat/fix/nginx-gzip
Small nginx tweaks
2018-08-28 09:35:58 +01:00
Aaron Andersen
b77f38c3cd added a comment about the PATH variable under which incrontab commands will run 2018-08-27 21:31:55 +00:00
Aaron Andersen
7840d00532 clarified the descriptions of the allow and deny options 2018-08-27 21:15:03 +00:00
Aaron Andersen
fc1f33bc2c fixed issue with system jobs 2018-08-27 15:23:19 +00:00
Jörg Thalheim
a6ced42c60
Merge pull request #44990 from Ma27/reload-user-units-during-activation
nixos/switch-to-configuration: reload user units
2018-08-27 11:12:42 +01:00
Jörg Thalheim
831ecca60f
Merge pull request #45281 from Gerschtli/zsh-completion
nixos/zsh: Adds enableGlobalCompInit option
2018-08-27 10:45:29 +01:00
Jörg Thalheim
4e365aa453 nixos/zsh: make enableGlobalCompInit description less ambiguous 2018-08-27 10:43:31 +01:00
Vincent Bernat
bd075eb914 nginx: add more gzipped MIME types
The additions are:

 - image/svg+xml for SVG images
 - application/atom+xml for Atom feeds

These types are also present in mime.types. For better readability,
the list is sorted and formatted with one type per line.
2018-08-26 21:48:55 +02:00
Vincent Bernat
06a5fb2ada nginx: use a compression level of 5 in recommended configuration
While there is little gain of space to use a compression level of 9,
the CPU usage is significant. Many experiments point to use something
between 4 and 6. For example:

 - https://mjanja.ch/2015/03/finding-the-nginx-gzip_comp_level-sweet-spot/
 - 3bda5b93ed/nginx.conf (L93)
2018-08-26 21:43:34 +02:00
Jörg Thalheim
a78b364ed4
Merge pull request #44890 from dywedir/iwd
iwd: 0.4 -> 0.7
2018-08-26 17:25:42 +01:00
Jörg Thalheim
b7d7e20b3d
Merge pull request #45647 from xeji/p/netdata-test
nixos/tests/netdata: fix non-deterministic failure
2018-08-26 13:50:10 +01:00
Jörg Thalheim
b1aa9cbdbf
Merge pull request #45649 from xeji/p/networking-tests
nixos/tests/networking: fix routes and virtual tests
2018-08-26 13:45:55 +01:00
Uli Baum
3f8756ce10 nixos/tests/networking: fix "virtual" tests
`ip route` now displays extended tun attributes, so the expected
output of this test changed.

Upstream change: https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=118eda77d6602616bc523a17ee45171e879d1818
2018-08-26 14:24:07 +02:00
Uli Baum
f021702d21 nixos/tests/networking: fix routes tests
The output format of `ip route` changed, it now explicitly
shows "proto static" for static routes.
2018-08-26 14:15:15 +02:00
Uli Baum
a44469d7b6 nixos/tests/netdata: fix non-deterministic failure
The test sporadically failed on hydra when a request was made
before the service was actually listening on its port.
Explicitly wait for the port to open.
2018-08-26 13:38:58 +02:00
Augustin Borsu
4d3ce5ca36 nixos/jupyter: init service 2018-08-26 12:00:54 +02:00
xeji
3050406388
nixos/tests/matrix-synapse: fix test (#45596)
Since matrix-synapse 0.33.0 underscores in server names are rejected
by server name validation, causing the test to fail:
  valueError: Server name 'server_sqlite' contains invalid characters
Relevant upstream change:
546bc9e28b
2018-08-26 10:38:52 +02:00
Bas van Dijk
a144c798e5
Merge pull request #44340 from shmish111/es-curator
nixos/curator: init elasticsearch curator
2018-08-26 01:33:34 +02:00
xeji
b2dc75cd03
Merge pull request #43736 from volth/patch-208
qemu: 2.12.1 -> 3.0.0
2018-08-26 01:28:12 +02:00
Aaron Andersen
fc03a9f5b7 initial work on incron service 2018-08-25 18:08:24 -04:00
Bas van Dijk
228705fc33 elasticsearch-curator: add note to the NixOS release notes 2018-08-25 18:59:32 +02:00
Bas van Dijk
241377ee76 nixos/tests/elk.nix: make sure the test doesn't wait for too long on elasticsearch-curator 2018-08-25 18:53:10 +02:00
Bas van Dijk
32200033a6 elasticsearch-curator: include the module in the module-list & fix bug 2018-08-25 18:53:10 +02:00
David Smith
842000566b elasticsearch-curator: add test 2018-08-25 18:53:10 +02:00
David Smith
2ec33f527b elasticsearch-curator: don't need to add enable to elasticsearch-curator service 2018-08-25 18:53:10 +02:00
David Smith
3744467589 nixos/curator: init elasticsearch curator
https://www.elastic.co/guide/en/elasticsearch/client/curator/5.5/index.html
2018-08-25 18:53:10 +02:00
Bas van Dijk
7d04961c95
Merge pull request #44389 from Mic92/es6
elasticsearch: use 6.x as default version, remove unsupported releases
2018-08-25 17:04:07 +02:00
Uli Baum
268bb4ea3c nixos/tests/munin: fix non-deterministic failure
- wait for node to listen before starting munin-cron
- increase timeout for munin-cron startup
- disable a failing plugin to remove irrelevant error message
2018-08-25 14:27:41 +02:00
Vladyslav Mykhailichenko
d73fd69952 iwd: 0.4 -> 0.7 2018-08-25 15:26:52 +03:00
adisbladis
dff43f10f6
Merge pull request #45608 from etu/fix-gitea-locale-updates
nixos/gitea: Symlink gitea locales to match running gitea version
2018-08-25 15:25:27 +08:00