Commit graph

4414 commits

Author SHA1 Message Date
Peter Hoeg
65b73d71cb ssh: deprecate use of old DSA keys
They are not safe and shouldn't be used.
2017-10-14 14:38:04 +08:00
Jörg Thalheim
b90f50862f Merge pull request #30324 from florianjacob/firewall-clarify-logging
nixos/firewall: Rename misleading rejected to refused in logging
2017-10-13 20:25:21 +01:00
Dan Peebles
56e18c50cc Revert "Simple proof of concept for how to do other types of services"
This reverts commit 7c3253e519.

I included this in another push by accident and never intended for it to
be in mainline. See https://github.com/NixOS/nixpkgs/pull/26075 if you
want more.
2017-10-13 09:17:13 -04:00
Franz Pletz
5ec10da86b Merge pull request #30356 from bflyblue/plex-1.9.5
plex: 1.9.2 -> 1.9.5
2017-10-13 13:10:58 +02:00
Franz Pletz
c6218193dd Merge pull request #30364 from Ma27/compton/opacity-rules-support
services.compton: add `opacityRules` option
2017-10-13 13:09:53 +02:00
Yegor Timoshenko
22505d8df4 connman: do not restart after suspend 2017-10-13 13:05:02 +02:00
Matt McHenry
bbec429f7a djbdns: fix root server list at build time
as suggested by @peterhoeg in
1b7e5eaa79 (commitcomment-24560631)

fixes #30379
2017-10-13 10:29:12 +01:00
Profpatsch
2864bc8fd9 Revert "desktop-managers: do not leak feh to PATH" 2017-10-13 10:48:07 +02:00
Peter Hoeg
f7ba92bfa3 Merge pull request #30286 from yegortimoshenko/patch-2
desktop-managers: do not leak feh to PATH
2017-10-13 11:13:21 +08:00
Maximilian Bosch
4b50d543bd
services.compton: add opacityRules option 2017-10-12 21:14:01 +02:00
Shaun Sharples
caee93f3d4 Fix warning about unknown escape sequences
systemd warns about:

Ignoring unknown escape sequences: "/nix/store/8f0l1w9g7iv2gz63xzsxfl66ri1cfbkl-plex-1.9.5.4339/usr/lib/plexmediaserver/Plex\ Media\ Server

From a discussion on the forums it seems the 'sh -c' is not needed:

https://forums.plex.tv/discussion/216757/ubuntu-16-04-executable-path-contains-special-characters-error-with-systemd
2017-10-12 19:44:58 +02:00
Patrick Chilton
e3675fedc7 mate-power-manager: init at 1.18.0 2017-10-12 08:22:21 +02:00
Peter Hoeg
0034f9e52c dnsmasq nixos: make sure it always runs
By default we only restart if the dnsmasq daemon fails but we introduce an
option to always keep it running.
2017-10-12 12:55:12 +08:00
Peter Hoeg
c640e790d5 pykms: nixos module 2017-10-12 08:51:34 +08:00
Thomas Tuegel
d9aa539340
Merge branch 'phonon-backend-qt5' 2017-10-11 18:35:08 -05:00
Thomas Tuegel
b25deccd1a
nixos/plasma5: install phonon backends for each current Qt version
Fixes #27050, where the phonon backend was not found.
2017-10-11 18:29:43 -05:00
Florian Jacob
847beb558f nixos/firewall: Rename misleading rejected to refused in logging
as that's used as general term for rejected or dropped packets
in the rest of the config.
2017-10-11 20:12:58 +02:00
Jörg Thalheim
6b3b708501 Merge pull request #30280 from woffs/speed
nix-daemon: mention speedFactor in example
2017-10-11 11:26:39 +01:00
Yegor Timoshenko
274c9b7587 unbound: fix typo in systemd Before 2017-10-10 20:08:36 +00:00
Bjørn Forsman
d26f8b5e00 nixos/lighttpd: add missing modules to allKnownModules
The output of ./configure shows all modules/plugins, both enabled and
disabled. With this info we can finally build the _complete_ list of
modules. We were missing these:

  mod_authn_gssapi
  mod_authn_ldap
  mod_geoip

(I hit this as I was building lighttpd with ldap support and the NixOS
module said ldap was unsupported, due to these missing entries in
allKnownModules.)
2017-10-10 20:14:38 +02:00
elseym
aeeac71231 mattermost: create role and db with postgres superuser
Recently, the postgres superuser name has changed. Using the configured
and correct username here fixes database initialisation.
2017-10-10 20:08:21 +02:00
WilliButz
5e8d1757ef nixos/xautolock: rewrite and add some options 2017-10-10 19:02:27 +02:00
Yegor Timoshenko
f9415cb621 desktop-managers: do not leak feh to PATH
feh is used to set background image for desktop managers that do not support it directly, however there is no need to include it in PATH.

Fixes #17450.
2017-10-10 15:46:33 +00:00
Frank Doepper
08bf000fe2 nix-daemon: mention speedFactor in example 2017-10-10 15:07:35 +02:00
Jörg Thalheim
a61304e3cb Merge pull request #30261 from Ekleog/fcron-hardlink
fcron module: fix use with hardlink-optimized store
2017-10-09 23:12:40 +01:00
Léo Gaspard
1afd97aa8f
fcron module: fix use with hardlink-optimized store 2017-10-09 23:44:28 +02:00
Benjamin Staffin
b3df084c70 nixos: minor X11 option description improvements (#30035) 2017-10-09 12:07:19 -07:00
Joerg Thalheim
e34e28e573 nixos/fcron: service needs fcron in PATH
otherwise fcronsighup is not found.
Set PATH to /run/current-system/sw/bin does not seems to be used by service file anyway.
2017-10-09 11:43:24 +01:00
Tim Steinbach
c643759d41
kbfs: Add package in module 2017-10-08 12:49:58 -04:00
Jörg Thalheim
28db3ad7ae Merge pull request #30216 from bachp/minio-exporter
Minio exporter
2017-10-08 15:09:32 +01:00
Joerg Thalheim
e7e4e0c3b6 nixos/prometheus-minio-exporter: only inherit keys from minio if set 2017-10-08 15:05:25 +01:00
Pascal Bach
8e10a4d862 prometheus-minio-exporter service: default to local minio server if enabled 2017-10-08 15:09:25 +02:00
Jörg Thalheim
eefae49f6d Merge pull request #30183 from Mic92/openafs
openafs-client: don't remove kernel module on stop
2017-10-08 12:13:29 +01:00
Pascal Bach
aad88ddf5b prometheus-minio-exporter service: init version 2017-10-08 12:47:00 +02:00
Bas van Dijk
5b8ff5ed49 graphite: 0.9.15 -> 1.0.2
Fixes: #29961

Also added the option:

  services.graphite.web.extraConfig

for configuring graphite_web.
2017-10-08 03:03:22 +02:00
Guillaume Maudoux
15b7e102b6 Safer defaults for immutable znc config (#30155)
* Safer defaults for immutable znc config

I just lost all the options I configured in ZNC, because the mutable config was overwritten.
I accept any suggestions on the way to implement this, but overwriting a mutable config by default seems weird. If we want to do this, we should ensure that ZNC does not allow to edit the config via the webmin when cfg.mutable is false.

* Do not backup old config files.

There seems to be little need for backups if mutable becomes a voluntary opt-out.

* fixup
2017-10-07 16:38:14 +01:00
Joerg Thalheim
912ec467db openafs-client: don't remove kernel module on stop
Otherwise it cannot re-insert the kernel module after a kernel upgrade
when boot kernel != running kernel.
2017-10-07 10:11:30 +01:00
David Johnson
5b530d4568 oauth2_proxy: default address updated
Go will fail to parse this otherwise.
https://github.com/golang/go/issues/19297
2017-10-06 16:52:22 -07:00
Tim Steinbach
8840eaf223
keybase: Fix modules 2017-10-06 18:49:58 -04:00
michael bishop
0ee6f8612e
dd-agent: fix multiple tags in the config file 2017-10-05 19:33:18 -03:00
Orivej Desh
184f80aeb8 Merge pull request #29781 from rick68/softether
softether: 4.18 -> 4.20
2017-10-05 08:26:23 +00:00
Joerg Thalheim
c2c843adf7 nixos/traefik: guard example path 2017-10-04 14:51:20 +01:00
Joerg Thalheim
a3200348b7 nixos/traefik: owner/group should be changed recursivly 2017-10-04 11:59:38 +01:00
Jörg Thalheim
b8288f137f Merge pull request #29865 from hamhut1066/traefik-module
nixos/traefik create service
2017-10-04 11:53:11 +01:00
Joerg Thalheim
3468c9e5cc nixos/traefik: create /var/lib/traefik with correct permissions 2017-10-04 11:49:42 +01:00
Hamish Hutchings
2e5297217d nixos/traefik create service 2017-10-04 11:26:39 +01:00
Franz Pletz
d6f7e2f6f6 Merge pull request #29942 from elitak/ipfs
Ipfs: prepare for autoMigrate fix
2017-10-04 03:07:25 +02:00
Alexander Foremny
03a5d729ef
nixos/gitlab: fix gitlab service
Fix GitLab service and update documentation. Fixes #30059.
2017-10-04 02:40:07 +02:00
Joachim F
cb3d443787 Merge pull request #29452 from jerith666/pfix-srsd-1709
nixos/pfix-srsd: add module
2017-10-03 00:51:59 +00:00
Bob van der Linden
9d841295f3 gogs: avoid creating symlinks each run 2017-10-02 22:11:46 +02:00
Wei-Ming Yang
7e4e2667ae softether: 4.18 -> 4.20 2017-10-03 01:35:20 +08:00
The-M1k3y
0f2b46cdba nixos/gogs: fixed user creation if non-default user 2017-10-02 15:53:30 +02:00
Pascal Bach
2239dc6234 glusterfs service: fix issues with useRpcbind 2017-10-01 19:39:22 +02:00
Joachim F
74db6fabcb Merge pull request #29868 from nh2/nh2-glusterfs-improvements-for-17.09-master
glusterfs service: a few fixes and improvements
2017-09-30 12:19:19 +00:00
Eric Litak
f46616db5a ipfs: disable autoMigrate option for now 2017-09-29 18:07:55 -07:00
Robin Gloster
57ed9e7e1d
gitlab: 9.5.5 -> 10.0.2 2017-09-28 23:14:31 +02:00
Jörg Thalheim
12ac88af1d Merge pull request #29890 from mbrgm/nullmailer-fix
nixos/nullmailer: fixes and `remotesFile` option
2017-09-28 21:29:37 +01:00
Robin Gloster
4aeb38e5b9
Revert "kubernetes: fix hashes after dockerTools change"
This reverts commit 9ba024f6d8.
2017-09-28 14:09:49 +02:00
Joerg Thalheim
91eb6cf82c nullmailer: simplify config generation 2017-09-28 11:04:39 +01:00
Marius Bergmann
e741cc4881 nullmailer: add remotesFile option
The current `remotes` option is a string option containing nullmailer remote
definitions. However, those definitions may contain secret credentials and
should therefore not be put world-readable in the nix store.

I added a `remotesFile` option, which allows to specify a path to the remotes
definition file instead. This way, the definitions can be kept outside of the
nix store with more secure file permissions.
2017-09-28 08:52:21 +02:00
Marius Bergmann
02e89de71c nullmailer: use proper description for remotes option 2017-09-28 08:52:21 +02:00
Marius Bergmann
f9d64a068b nullmailer: fix relative -> absolute path in preStart script 2017-09-28 08:52:21 +02:00
Jörg Thalheim
0a6fca15fd Merge pull request #29881 from volth/patch-67
nixos/tinc: add "restartTriggers" back
2017-09-28 00:57:26 +01:00
Ryan Mulligan
c6f513b56a nixos/monit: install monit as system package, use default config file path 2017-09-28 01:20:20 +02:00
volth
ddd13e1375 nixos/tinc: add "restartTriggers" back
Add "restartTriggers" back to restart the Tinc daemon when its peer is removed.
Reverted #27660
2017-09-27 23:16:02 +00:00
Niklas Hambüchen
f4c53f1940 consul service: Restart on failure.
Consul is a service you typically want to have running all the time;
it's not supposed to quit by itself.
2017-09-28 00:41:15 +02:00
Franz Pletz
8237fa43d3 Merge pull request #29697 from zimbatm/gdm-on-nvidia
GDM fixes
2017-09-28 00:20:18 +02:00
Rostislav Beneš
0cad98dde1
nixos/xserver,gdm: let GDM handle X server verbosity. 2017-09-28 00:18:57 +02:00
Rostislav Beneš
4ef82339c9
nixos/gdm,nvidia: new options to enable GDM on Wayland and disabling it for nvidia drivers. 2017-09-28 00:18:57 +02:00
Jörg Thalheim
2b8cba2ff5 Merge pull request #29874 from mbrgm/znc-fix
znc: fix openFirewall option
2017-09-27 23:08:51 +01:00
Franz Pletz
725dee203a
wpa_supplicant service: restart instead of stop & start
We now wait for dhcpcd to acquire a lease but dhcpcd is restarted on
system activation. As wpa_supplicant is stopped while dhcpcd is
restarting a significant delay is introduced on systems with wireless
network connections only. This changes the wpa_supplicant service to
also be restarted together with dhcpcd in case both services were
changed.
2017-09-27 23:38:03 +02:00
Marius Bergmann
dd50575d5a znc: fix openFirewall option
The current version is broken:
- there's no `openFirewall` attribute directly in the `cfg` set
- the `port` option is an attribute of the `confOptions` set

I used the proper attribute for the firewall port and moved the `openFirewall`
option directly up to the `services.znc` set, as it's rather a general option
for the whole service than a znc-specific option (which are located inside the
`confOptions` set).
2017-09-27 22:18:03 +02:00
Niklas Hambüchen
18eecae4b6 glusterfs service: Change default killMode to "control-group".
This is a better default for NixOS because it ensures that config
changes happen fully when NixOS users expect it.
2017-09-27 20:54:13 +02:00
Niklas Hambüchen
08f7e4516c glusterfs service: Ensure log directory exists for glustereventsd.
Prevents glustereventsd failing at startup in case it starts
before glusterd has started (whose `preStart` would also
create the needed directory).
2017-09-27 20:53:42 +02:00
Niklas Hambüchen
e233a518bd glusterfs service: Add killMode and stopKillTimeout options 2017-09-27 20:53:39 +02:00
Niklas Hambüchen
bd54b72676 glusterfs service: Add settings to disable rpcbind and the events daemon.
See also https://github.com/NixOS/nixpkgs/pull/22225#pullrequestreview-26459886
2017-09-27 19:51:42 +02:00
Niklas Hambüchen
5e2815dfb7 glusterfs service: Don't make it a prerequisite of network-online.target.
This introduces dependency cycles.

A network file system to be running is not required for a network
connection to be available.

19759cfeab (commitcomment-22044519)
2017-09-27 19:17:23 +02:00
Rodney Lorrimar
56eba66f77 mysqlBackup service: let it work with default settings
* Grants enough privileges to the configured user so that it can run
  mysqldump.

* Adds a nixos test.

* Use systemd timers instead of a cronjob (by @fadenb).

* Creates a new user for backups by default, instead of using mysql
  user.

* Ensures that backup user has write permissions on backup location.

* Write backup to a temporary file before renaming so that a failed
  backup won't overwrite the previous backup, and so that the backup
  location will never contain a partial backup.

Breaking changes:

 * Renamed period to calendar to reflect the change in how to
   configure the backup time.

 * A failed backup will no longer result in cron sending an e-mail --
   users' monitoring systems must be updated.

Resolves #24728
2017-09-27 18:44:49 +02:00
Joerg Thalheim
75ba415fbc nixos/tinc: remove useless script argument
ExecStart is sufficient and more transparent to the user.
2017-09-27 17:57:39 +02:00
Joerg Thalheim
ad8cb0917f nixos/tinc: do not add Device= by default
tinc can figure this out based on DeviceType.
I also got `/dev/net/tun FD in bad state` after a particular upgrade.
2017-09-27 17:57:39 +02:00
Eelco Dolstra
79d547b4bb
nix-daemon: Bump the default number of build users
While it's annoying to pollute the user database with a lot of nixbld*
users, 10 users is really too low for many modern systems.
2017-09-27 17:13:16 +02:00
Peter Simons
99e24590cb nixos(spamassassin): fix trailing whitespace 2017-09-27 14:50:52 +02:00
Peter Simons
bfab392e6e nixos(spamassassin): provide /etc/spamassassin to fix sa-learn et al
Spamassassin expects its system-wide configuration at /etc/spamassassin, and
some user tools (like sa-learn) need to read those configuration files.
Therefore, we provide a symlink from /etc/spamassassin to the appropriate Nix
store path to make sure those tools work without the user having to pass an
elaborate --siteconfig path that, potentially, changes every time the system
updates.

Fixes https://github.com/NixOS/nixpkgs/issues/29414.
2017-09-27 14:50:52 +02:00
Jörg Thalheim
b303aa0155 Merge pull request #29762 from samueldr/pr/update-mediawiki
mediawiki: 1.27.3 -> 1.29.1
2017-09-26 08:04:08 +01:00
Jörg Thalheim
bda2d25a50 Merge pull request #28856 from jtojnar/at-spi2-core
gnome3.at-spi2-core: fix service not found error
2017-09-26 00:39:49 +01:00
Pavel Goran
cee657f9a3 nixos/gitolite: add enableGitAnnex option 2017-09-25 22:03:00 +02:00
Joerg Thalheim
194c4002b6 wireguard: fix function for adding routes 2017-09-25 20:42:03 +01:00
Jörg Thalheim
08b827ae8e Merge pull request #29753 from andir/wireguard-allowed-ips-as-route-optional
networking.wireguard: added `allowedIpsAsRoutes` boolean to control p…
2017-09-25 20:32:11 +01:00
Andreas Rammhold
846070e028
networking.wireguard: added allowedIpsAsRoutes boolean to control peer routes
Sometimes (especially in the default route case) it is required to NOT
add routes for all allowed IP ranges. One might run it's own custom
routing on-top of wireguard and only use the wireguard addresses to
exchange prefixes with the remote host.
2017-09-25 21:30:52 +02:00
Joachim F
ffd6cbe3d1 Merge pull request #28503 from phile314/fusion-inventory
Fusion inventory: Init at 2.3.18
2017-09-25 12:58:44 +00:00
Silvan Mosberger
a8c97ad23e nixos/radicale: fix default version (#29743) 2017-09-25 10:18:42 +00:00
Philipp Hausmann
1a23ff8a13 FusionInventory: Code cleanup 2017-09-25 10:39:11 +02:00
Philipp Hausmann
6b788e36df FusionInventory: Add NixOS module. 2017-09-25 10:39:11 +02:00
Samuel Dionne-Riel
0b1c73f4da mediawiki: 1.27.3 -> 1.29.1 2017-09-24 22:49:22 -04:00
Jörg Thalheim
975c7b2204 Merge pull request #29450 from jerith666/djb-1709
Add modules for tinydns and dnscache from djbdns
2017-09-24 15:39:29 +01:00
Joerg Thalheim
735b41c34f nixos/tinydns: default data to empty string
(not strictly required to start the service)
2017-09-24 15:38:25 +01:00
Kranium Gikos
412fa16bff influxdb sevice: make postStart test work with non-localhost configurations (#29734)
make postStart test work with non-localhost configurations
2017-09-24 15:37:17 +01:00
Jörg Thalheim
d20bd77c93 Merge pull request #29717 from fare-patches/nfsd
nfsd: add extraNfsdConfig
2017-09-24 15:13:42 +01:00
Jan Tojnar
69698ec11c gnome3: only maintain single GNOME 3 package set (#29397)
* gnome3: only maintain single GNOME 3 package set

GNOME 3 was split into 3.10 and 3.12 in #2694. Unfortunately, we barely have the resources
to update a single version of GNOME. Maintaining multiple versions just does not make sense.
Additionally, it makes viewing history using most Git tools bothersome.

This commit renames `pkgs/desktops/gnome-3/3.24` to `pkgs/desktops/gnome-3`, removes
the config variable for choosing packageset (`environment.gnome3.packageSet`), updates
the hint in maintainer script, and removes the `gnome3_24` derivation from `all-packages.nix`.

Closes: #29329

* maintainers/scripts/gnome: Use fixed GNOME 3 directory

Since we now allow only a single GNOME 3 package set, specifying
the working directory is not necessary.

This commit sets the directory to `pkgs/desktops/gnome-3`.
2017-09-24 12:15:50 +01:00
Robin Gloster
9ba024f6d8
kubernetes: fix hashes after dockerTools change 2017-09-24 12:09:07 +02:00
Matej Cotman
6ea272ced4 kubernetes: fix dns addon hashes, fix clusterDns, enable proxy on master 2017-09-24 11:44:25 +02:00
Jaka Hudoklin
ddf5de5de0 kubernetes module: refactor module system, kube-dns as module 2017-09-24 11:44:25 +02:00
Jaka Hudoklin
2beadcf181 kubernetes module: seedDockerImages option for seeding docker images built with nix 2017-09-24 11:44:25 +02:00
Jaka Hudoklin
9d97c92d68 kubernetes module: webhook authorization for kubelet 2017-09-24 11:44:25 +02:00
Jaka Hudoklin
7c893623d4 kubernetes module: fix documentation links 2017-09-24 11:44:25 +02:00
Jaka Hudoklin
74f99525e0 kubernetes module: add featureGates option 2017-09-24 11:44:25 +02:00
Jaka Hudoklin
55dbbfd899 kubernetes module: kubelet, add socat to path for kubectl portforward 2017-09-24 11:44:25 +02:00
Jaka Hudoklin
8e48fff268 kubernetes module: enable leader elect by default 2017-09-24 11:44:25 +02:00
Jaka Hudoklin
856ca7347f kubernetes module: add storage and tolerations addmission controllers 2017-09-24 11:44:25 +02:00
Jaka Hudoklin
d842d539d9 kubernetes module: fix cidr ranges 2017-09-24 11:44:25 +02:00
Jaka Hudoklin
b25d155976 kubernetes module: default auth mode to only RBAC 2017-09-24 11:44:25 +02:00
Jaka Hudoklin
c2622910ab kubernetes module: add support for common CA file 2017-09-24 11:44:25 +02:00
Jaka Hudoklin
c96ca5f3bd kubernetes module: per service kubeconfig support 2017-09-24 11:44:25 +02:00
Jaka Hudoklin
7dfeac88ac kubernetes module: flannel support, minor fixes
- add flannel support
- remove deprecated authorizationRBACSuperAdmin option
- rename from deprecated poratalNet to serviceClusterIpRange
- add nodeIp option for kubelet
- kubelet, add br_netfilter to kernelModules
- enable firewall by default
- enable dns by default on node and on master
- disable iptables for docker by default on nodes
- dns, restart on failure
- update tests

and other minor changes
2017-09-24 11:44:25 +02:00
Matej Cotman
8e14e978c8 kubernetes: fix minor issues 2017-09-24 11:44:25 +02:00
Matej Cotman
ed322f4235 kubernetes: update service 2017-09-24 11:44:25 +02:00
Jaka Hudoklin
90d5468ad6 kubernetes module: authorization improvements 2017-09-24 11:44:25 +02:00
Matej Cotman
c3cfd92d24 kubernetes: 1.5.6 -> 1.6.4 2017-09-24 11:44:25 +02:00
Graham Christensen
f3b9ac73e2
nixos/rabbitmq: fix restarts and sasl logs
1. The chmod 400 with the preset cookie prevented restarts, as
on the second boot it would fail to write to the cookie. Oops.

2. As far as I can tell, sasl logs were disabled because of the
following error:

{error,{cannot_log_to_tty,sasl_report_tty_h,not_installed}}

Not because we actually wanted to disable them. This meant the
management plugin wasn't usable due to a bug set to be fixed in
3.7.0.
2017-09-23 17:58:43 -04:00
Francois-Rene Rideau
62983f5cae nfsd: add extraNfsdConfig 2017-09-23 16:22:27 -04:00
Robin Gloster
08b09fdc5c
fanctl, fan module: remove
This has been broken nearly all the time due to the patches needed to
iproute2 not being compatible with the newer versions we have been
shipping. As long as Ubuntu does not manage to upstream these changes
so they are maintained with iproute2 and we don't have a maintainer
updating these patches to new iproute2 versions it is not feasible to
have this available.
2017-09-23 17:55:33 +02:00
Peter Simons
99f759de1c Revert "nixos: add option for bind to not resolve local queries (#29503)"
This reverts commit 670b4e29adc16e0a29aa5b4c126703dcca56aeb6. The change
added in this commit was controversial when it was originally suggested
in https://github.com/NixOS/nixpkgs/pull/29205. Then that PR was closed
and a new one opened, https://github.com/NixOS/nixpkgs/pull/29503,
effectively circumventing the review process. I don't agree with this
modification. Adding an option 'resolveLocalQueries' to tell the locally
running name server that it should resolve local DNS queries feels
outright nuts. I agree that the current state is unsatisfactory and that
it should be improved, but this is not the right way.

(cherry picked from commit 23a021d12e8f939cd0bfddb1c7adeb125028c1e3)
2017-09-23 16:41:34 +02:00
Bjørn Forsman
3a58e41e43 nixos/gitolite: use group 'gitolite' instead of 'nogroup'
Having files (git repositories) owned by 'nogroup' is a bad idea.
2017-09-23 16:33:52 +02:00
Pavel Goran
c73a3813fa nixos/gitolite: customize .gitolite.rc declaratively
Add the `extraGitoliteRc` option to customize the `.gitolite.rc`
configuration file declaratively.

Resolves #29249.
2017-09-22 18:29:35 +02:00
Matt McHenry
0ece5fc509 nixos/pfix-srsd: add module 2017-09-21 21:44:55 -04:00
Joachim F
c913f7155f Merge pull request #27340 from bachp/glusterfs-tls
glusterfs service: add support for TLS communication
2017-09-21 20:27:25 +00:00
Jörg Thalheim
ba174fc5a7 Merge pull request #29285 from bachp/node-exporter-docs
node-exporter service: fix documentation for enabledCollectors
2017-09-21 21:04:09 +01:00
Pascal Bach
8ed758696c gluster service: use str instead of path for private key
This pervents the user from accidently commiting the key to the nix store.
If providing a path instead of a string.
2017-09-21 20:35:35 +02:00
Robin Gloster
e2822f6384
gitlab: 9.5.2 -> 9.5.5 2017-09-21 20:26:12 +02:00
Peter Hoeg
6558f81bc9 kmscon: reset ExecStart to allow override
The getty@.service unit already has an ExecStart so we cannot simply set a new
one in order to override it or we will get this error:

systemd[1]: getty@tty1.service: Service has more than one ExecStart= setting, which is only allowed for Type=oneshot services. Refusing.

Instead "reset" ExecStart by setting it to empty which is the systemd way of
doing it.
2017-09-21 10:02:03 +08:00
Robin Gloster
370ac6275e
gitlab module: fix shell hook path 2017-09-20 23:51:26 +02:00
Rob Vermaas
1b71376cf2
Make sure dummy kernel module is loaded for hologram-agent.
(cherry picked from commit eb873f6c78e1c5306956b4c9fd651b25a6b9c40c)
2017-09-20 10:58:24 +00:00
Matt McHenry
1b7e5eaa79 nixos/dnscache: add module
with improvements suggested by Jörg Thalheim <joerg@thalheim.io>
2017-09-19 21:24:58 -04:00
Matt McHenry
ab851b63da nixos/tinydns: add module
with improvements suggested by Jörg Thalheim <joerg@thalheim.io>
2017-09-19 20:57:41 -04:00
Franz Pletz
406c7a0731 Merge pull request #29521 from aneeshusa/ease-radicale-upgrade
Ease radicale upgrade
2017-09-18 23:13:53 +02:00
gwitmond
bd52618c9d
nixos: add option for bind to not resolve local queries (#29503)
When the user specifies the networking.nameservers setting in the
configuration file, it must take precedence over automatically
derived settings.

The culprit was services.bind that made the resolver set to
127.0.0.1 and ignore the nameserver setting.

This patch adds a flag to services.bind to override the nameserver
to localhost. It defaults to true. Setting this to false prevents the
service.bind and dnsmasq.resolveLocalQueries settings from
overriding the users' settings.

Also, when the user specifies a domain to search, it must be set in
the resolver configuration, even if the user does not specify any
nameservers.

(cherry picked from commit 670b4e29adc16e0a29aa5b4c126703dcca56aeb6)

This commit was accidentally merged to 17.09 but was intended for
master. This is the cherry-pick to master.
2017-09-18 22:54:29 +02:00
Franz Pletz
dc08dcf6e7
ssh service: add sftpFlags option 2017-09-18 21:52:07 +02:00
Robert Klotzner
a9f60224f8 coturn service: Fix coturn to properly come up (#29415)
properly also in case dhcpcd being used.

Without network-online.target, coturn will fail to listen on addresses that
come up with dhcpcd.
2017-09-18 14:54:32 +02:00
Franz Pletz
b179908414
nixos/networking: network is online if default gw set
Previously services depending on network-online.target would wait until
dhcpcd times out if it was enabled and a static network address
configuration was used. Setting the default gateway statically is enough
for the networking to be considered online.

This also adjusts the relevant networking tests to wait for
network-online.target instead of just network.target.
2017-09-18 14:51:38 +02:00
Franz Pletz
decaa2e7bf Merge pull request #29133 from elitak/ipfs
ipfs: workaround for upstream bug; other small fixes
2017-09-18 13:26:39 +02:00
Florian Jacob
839e3c7666 nixos/mysql: declarative users & databases
using Unix socket authentication, ensured on every rebuild.
2017-09-18 13:10:26 +02:00
Kranium Gikos
662b409b72 influxdb service: fixup postStart script to handle TLS 2017-09-18 11:56:30 +02:00
Justin Humm
b5a5d0ba84 gollum service: init 2017-09-18 11:55:00 +02:00
Aneesh Agrawal
fcd590d116 radicale: Add extraArgs option to assist in data migration 2017-09-18 00:29:01 -07:00
Eric Litak
1a15c5d8c6 ipfs: autoMount working without root 2017-09-17 23:57:25 -07:00
Eric Litak
6324317c76 ipfs: workaround for upstream bug; doc fixes 2017-09-17 23:57:25 -07:00
Pascal Bach
c68118ce65 glusterfs service: add support for TLS communication
TLS settings are implemented as submodule.
2017-09-17 18:53:14 +02:00
Franz Pletz
275914323b Merge pull request #27256 from bachp/squid-service
squid service: initial service based on default config
2017-09-17 18:52:53 +02:00
Rodney Lorrimar
6460e459de nixos/gogs: Fix module when no passwords provided
If neither database.password or database.passwordFile were provided,
it would try and fail to coerce null to a string.

This fixes the situation where there is no password for the database.

Resolves #27950
2017-09-17 18:41:53 +02:00
Joachim F
149307476e Merge pull request #29479 from florianjacob/fix-tinc-stable
nixos/tinc: Fix tinc cli wrapper for tinc 1.0
2017-09-17 13:40:20 +00:00