Commit graph

6314 commits

Author SHA1 Message Date
Joachim Fasting
98935c7103
grsecurity module: remove requiredKernelConfig
Using a custom package set with the NixOS module is no longer
something I wish to support.  It's still *possible* but not
advertised.  Secondly, the requiredKernelConfig didn't really
do anything (setting kernelPackages to a non-grsec kernel would
just silently let the user boot into a non-grsec setup ...).
2016-11-20 23:00:41 +01:00
Joachim Fasting
5ad8a56d16
grsecurity module: remove use of mkEnableOption 2016-11-20 23:00:24 +01:00
goibhniu
322f5e5132 Merge pull request #20319 from NixOS/nm-containers
NixOS Manual: Container Networking with NM
2016-11-20 18:15:03 +01:00
Cillian de Roiste
c9b0e88c0b NixOS Manual: Container Networking with NM
Network Manager calls dhclient on container interfaces and fails
which locks you out of the container after a few seconds, unless
you tell it not to manage these interfaces.
2016-11-20 17:25:33 +01:00
Nikolay Amiantov
15567e6d8e tarsnap service: fix multiple simultaneous archives with a single key 2016-11-20 19:15:52 +03:00
Nikolay Amiantov
6bb292d42b parsoid service: update, use declarative configuration
Old configuration format is disabled now (it can still be used, but with
additional steps). This is a backwards incompatible change.
2016-11-20 19:12:14 +03:00
Nikolay Amiantov
382047a135 sane service: support remote scanners 2016-11-20 19:09:03 +03:00
Nikolay Amiantov
65f9341370 sane service: add saned support 2016-11-20 19:09:02 +03:00
Nikolay Amiantov
4111710b8e bumblebee service: blacklist additional nvidia modules 2016-11-20 19:08:52 +03:00
Joachim F
eca9955b83 Merge pull request #20485 from anoever/master
vmware-guest: fix vmmouse driver
2016-11-20 03:39:28 +01:00
Jörg Thalheim
c54d2860dc Merge pull request #20469 from Mic92/initrd-ssh
initrd-ssh: fix authorized_key generation with multiple keys
2016-11-18 23:16:44 +01:00
Andreas Noever
9a1507f253 vmware-guest: fix vmmouse driver
Fix automatic mouse grabbing/releasing when running as a vmware guest.

1. The xf86inputvmmouse is not loaded by default. Add it.
2. InptutDevice sections for which specify a driver are ignored if
AutoAddDevices is enabled (which it is by default). See [1]. Instead use
an InputClass to load the vmmouse driver.

[1] https://www.x.org/archive/X11R7.7/doc/man/man5/xorg.conf.5.xhtml#heading8
2016-11-18 19:58:44 +01:00
Emery Hemingway
60ded3f363 nixos/cjdns: do not ammend /etc/hosts
Generating IPv6 addresses at eval time required building cjdns.

Fix #20422
2016-11-18 18:41:50 +01:00
Thomas Tuegel
6cd867dd4c Merge pull request #20433 from ttuegel/install-cd-kde-5
Use KDE 5 for the graphical installation DVD
2016-11-18 11:29:47 -06:00
Joachim F
2bb30e5d66 Merge pull request #20467 from ericsagnes/feat/module-enums-2
modules: use enum when relevant
2016-11-17 22:48:26 +01:00
Franz Pletz
6a5ae21c47 Merge pull request #20421 from mayflower/refactor/clamav-service
clamav service: refactor
2016-11-17 19:37:53 +01:00
Joachim F
2c01da3654 Merge pull request #20384 from ericsagnes/feat/bspwm-refactor
bspwm module: refactor
2016-11-17 15:37:07 +01:00
Domen Kožar
2326c8de4d cloud-utils: 0.27 -> 0.29
We keep the existing hacks for growpart to work
inside the initrd

Fixes #15736 #17015
2016-11-17 15:15:42 +01:00
Jaka Hudoklin
5bc7ae7adb kubernetes module: support for kubernetes 1.4 2016-11-17 02:46:31 +01:00
Eelco Dolstra
69bea26ea9 sddm: Enable user switching
It was lacking the dbus configuration to bind to
org.freedesktop.DisplayManager, and it was passing fixed TTY/display
numbers to the X server (see 9be012f0d4).
2016-11-16 23:38:50 +01:00
Domen Kožar
67f3e2853b create-amis.sh: use nix-shell for convenience 2016-11-16 16:49:32 +01:00
Jörg Thalheim
7ad01f5f0c initrd-ssh: fix authorized_key generation with multiple keys
multiple entries should be separated by newline
2016-11-16 14:47:37 +00:00
Eric Sagnes
0ebc5ec7cb network-interfaces: use enum 2016-11-16 22:37:57 +09:00
Eric Sagnes
4a600b0437 raspberrypi module: use enum 2016-11-16 22:37:36 +09:00
Eric Sagnes
15d25df698 nsd module: use enum 2016-11-16 22:37:14 +09:00
Eric Sagnes
5259fb2181 nntp-proxy module: use enum 2016-11-16 22:36:53 +09:00
Eric Sagnes
fb26d561ed hostapd module: use enum 2016-11-16 22:36:26 +09:00
Eric Sagnes
9513ab45aa duosec module: use enum 2016-11-16 22:36:05 +09:00
Eric Sagnes
61efe92e68 fontconfig module: use enum 2016-11-16 22:35:46 +09:00
Joachim F
a105b3aff9 Merge pull request #20392 from jerith666/cp-48
crashplan: 4.7.0r2 -> 4.8.0r1
2016-11-15 22:34:38 +01:00
Thomas Tuegel
66d9772f0b
installation-cd-graphical-kde: put manual link directly on desktop 2016-11-15 07:21:40 -06:00
Thomas Tuegel
8c3aa5a484
kde5: add enableQt4Support option 2016-11-15 07:21:40 -06:00
Thomas Tuegel
c9146d7e5f
kde5: don't install oxygen-icons5 if breeze-icons is present 2016-11-15 07:21:39 -06:00
Thomas Tuegel
456414c519
installation-cd-graphical-kde: use KDE 5 2016-11-15 07:18:46 -06:00
Michael Stapelberg
9cbf8a0652 Fix buildMachines example: use lists, not string (#20361)
Using the example before this commit resulted in the following error:

```
error: value is a string while a list was expected, at /nix/var/nix/profiles/per-user/root/channels/nixos/nixpkgs/nixos/modules/services/misc/nix-daemon.nix:349:37
```
2016-11-15 07:04:32 +01:00
Franz Pletz
45854a02e8 services/tahoe: SFTP support (#20372) 2016-11-15 07:01:04 +01:00
Franz Pletz
9e1e3b2880
clamav service: refactor
* Sync systemd units with upstream. Upstream uses SIGUSR2 instead of SIGHUP
  to reload the clamd service.

* Convert freshclam service to a oneshot service activated by a systemd timer.
  This way we can make clamd wait for freshclam to finish fetching the virus
  database before failing to start if the database doesn't exist yet.

* Fixes console tools to work as expected as they require hardcoded config
  file locations.
2016-11-15 04:47:14 +01:00
Franz Pletz
02e9c88d77
clamav: don't bundle freshclam config with package
Building clamav is expensive due to the bundled llvm.

Closes #20304.
2016-11-15 02:06:02 +01:00
Joachim Fasting
999ac3056d
cjdns test: fix typo
Noticed by @vcunat
daf3ba426b (commitcomment-19820962)
2016-11-15 01:57:30 +01:00
Corbin
2548fd6908 services/tahoe: SFTP support. 2016-11-13 17:13:18 -08:00
Matt McHenry
ee6dfa1e9e crashplan: 4.7.0r2 -> 4.8.0r1 2016-11-13 14:38:14 -05:00
Vladimír Čunát
1ac5869907
Merge #19936: vulkan / amdgpu-pro update 2016-11-13 20:06:40 +01:00
David McFarland
6bf27c2cae vulkan-loader: allow validation layers to be enabled
The loader now uses XDK_DATA_DIRS to find drivers and layers.
2016-11-13 12:44:27 -04:00
David McFarland
e783cc90a0 opengl: add driver paths to XDG_DATA_DIRS 2016-11-13 12:44:27 -04:00
Eric Sagnes
8ea1e93537 i3 module: refactor 2016-11-14 00:58:49 +09:00
Eric Sagnes
293da497c3 bspwm module: refactor 2016-11-14 00:41:05 +09:00
Marc Weber
b51f165334 apache-httpd
* Introduce listen = [ { ip = "*"; port = 443; } ]; configuartion.
* deprecated port = 443 option which is no longer needed
2016-11-12 15:35:38 +01:00
Graham Christensen
cbe7ca77db Merge pull request #20351 from bachp/etcd-new-port
etcd: make all service using etc go to 127.0.0.1:2379 by default
2016-11-12 07:18:18 -05:00
Joachim Fasting
852b365928
Revert "cjdns: Disable tests"
This reverts commit 0ba3d429a7.
2016-11-12 13:09:28 +01:00
Joachim Fasting
f059c7f754
Revert "cjdns test: exercise host builder logic"
This reverts commit daf3ba426b.

This is an alternative to 0ba3d429a7,
which disables the test outright.  Briefly, exercising builders which
rely on import-from-derivation can cause Hydra jobsets to time out.
2016-11-12 13:09:17 +01:00
Alex Ivanov
ccf8566bdd yandex-disk service: add exclude-dirs option 2016-11-12 12:36:33 +03:00
Alex Ivanov
5f8aa15e84 yandex-disk service: correct permissions 2016-11-12 12:02:33 +03:00
Pascal Bach
c1dca9e40b etcd: make all service using etc go to 127.0.0.1:2379 by default
The old etcd port 4001 is no longer enabled by default in etcd 3.
The new port is 2379 and is officially assigned by IANA.

There were still some services left that expect etcd on port 4001 by default.
This changes the default to 2379 everywhere.

It should not cause problems for users as the etcd by nix does listen on the new port only by default anyway.
2016-11-11 23:11:54 +01:00
Joachim F
7edd5ab54f Merge pull request #20340 from romildo/fix.lxqt
lxqt: it is capable of setting a background
2016-11-11 17:19:31 +01:00
Gregor Kleen
54199414e3 nsd service: fix typo
Closes #20343.
2016-11-11 14:06:07 +01:00
romildo
53c3cf3fb9 lxqt: it is capable of setting a background 2016-11-11 08:04:59 -02:00
Joachim F
e76b0fa7d9 Merge pull request #20241 from matthewbauer/patch-1
virtualbox-demo: Add modesetting to drivers
2016-11-10 22:44:17 +01:00
aszlig
c67a7ee731
Merge branch 'chromium-update-with-gn'
This brings in the new stable version 54 which also introduces a lot of
security fixes:

  CVE-2016-5198: Out of bounds memory access in V8
  CVE-2016-5181: Universal XSS in Blink
  CVE-2016-5182: Heap overflow in Blink
  CVE-2016-5183: Use after free in PDFium
  CVE-2016-5184: Use after free in PDFium
  CVE-2016-5185: Use after free in Blink
  CVE-2016-5187: URL spoofing
  CVE-2016-5188: UI spoofing
  CVE-2016-5192: Cross-origin bypass in Blink
  CVE-2016-5189: URL spoofing
  CVE-2016-5186: Out of bounds read in DevTools
  CVE-2016-5191: Universal XSS in Bookmarks
  CVE-2016-5190: Use after free in Internals
  CVE-2016-5193: Scheme bypass

Detailed announcements about these changes can be found here (latest to
oldest):

https://googlechromereleases.blogspot.de/2016/11/stable-channel-update-for-desktop.html
https://googlechromereleases.blogspot.de/2016/10/stable-channel-update-for-desktop_20.html
https://googlechromereleases.blogspot.de/2016/10/stable-channel-update-for-desktop.html

The update process of Chromium has been a bit bumpy on our side, because
version 54 also did the switch from GYP to GN so it wasn't just a matter
of updating the upstream-info file.

I've tested the Flash plugin (which runs fine) and WideVine manually,
although I couldn't get WideVine to work (I was running this within a VM
though).

So if people want to use WideVine they need to use Chrome instead until
we got this sorted out.

VM test results along with builds for all platforms can be found here:

https://headcounter.org/hydra/eval/339328

I'm going to backport these changes to stable as soon as the
tests/builds succeed there as well.

Closes: #19565
Closes: #20120
2016-11-09 09:55:31 +01:00
aszlig
4e7eb75a79
nixos/tests/chromium: Fix popup detection
Sometimes it happens that the "Type to search or enter a URL to
navigate" popup doesn't show, but all we need to know at this time is
whether Chromium has finished starting up.

So checking for the "startup done" page is a better option here.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-11-09 09:41:10 +01:00
Eelco Dolstra
0ba3d429a7 cjdns: Disable tests
Since 8180922d23, the cjdns module
imports from a derivation, which is very bad. It causes all of stdenv
to be built at evaluation time. Since we have a hard 3600 second limit
on Hydra evaluations, this was causing NixOS jobsets to time out.

@joachifm
2016-11-08 20:35:03 +01:00
Robin Gloster
f422afd07d
errbot service: fix import config in plugins 2016-11-08 17:44:52 +01:00
Rob Vermaas
b0dd048cc5 hound: make mercurial indexing work
(cherry picked from commit 990716ce72f64be5da644e5eac73b5f145864e75)
2016-11-08 14:09:07 +00:00
Philipp Hausmann
632282300a nginx service: Add missing port toString conversion (#20252) 2016-11-08 13:34:04 +01:00
Maximilian Güntner
7fa157c558
services: Add Interplanetary File System service
Signed-off-by: Maximilian Güntner <code@klandest.in>
2016-11-07 22:01:38 +01:00
Matthew Justin Bauer
6de20a7fe4 virtualbox-demo: Add modesetting to drivers
This needs to be included for VirtualBox to detect that it needs to start the video driver. "modesetting" is also set in virtualbox-image.nix but this line seems to take precedence over that one (even though the virtualbox-image.nix has a higher override?) This should fix the problems that I and a few others have been having with the .ova files built for nixos.org.

Fixes #20007.
2016-11-07 14:36:41 -06:00
Andres Nötzli
95b5e4c46a NixOS manual: Update link to list of AMIs 2016-11-07 11:24:15 -08:00
Joachim F
858f088007 Merge pull request #20063 from romildo/new.lumina
lumina: init at 1.1.0-p1
2016-11-06 15:29:14 +01:00
Joachim Schiele
47d81ed347 leaps: 0.5.1 + add a service + test 2016-11-06 10:34:42 +01:00
Edward Tjörnhammar
4009dbe543
nixos: i2pd, update config options 2016-11-06 08:13:04 +01:00
Eric Sagnes
e14de56613 module system: extensible option types 2016-11-06 00:05:58 +01:00
Eric Sagnes
1fe1cdecb2 types: loeOf -> listOf 2016-11-05 21:46:42 +01:00
Joachim F
32715b8314 Merge pull request #17445 from joachifm/dnscrypt-proxy-update-list
dnscrypt-proxy service: auto-updated resolver list
2016-11-05 18:23:48 +01:00
Joachim Fasting
806e652e51
dnscrypt-proxy test: simplification 2016-11-05 17:45:02 +01:00
Joachim Fasting
2f912bf0a3
dnscrypt-proxy service: auto-update upstream resolver list
By default, we use the list of public DNSCrypt resolvers provided by
dnscrypt-proxy upstream. The list is updated at regular intervals.
2016-11-05 17:44:51 +01:00
Joachim F
2c567dbd4d Merge pull request #20144 from ericsagnes/feat/module-enums
modules: use enum when relevant
2016-11-05 12:18:04 +01:00
Vladimír Čunát
5d5efcea14
Merge #20001: docs: use overrideAttrs instead of overrideDerivation 2016-11-05 11:03:59 +01:00
Vladimír Čunát
559ddae410
nixos manual: clarify "attributes of function" 2016-11-05 11:02:04 +01:00
Eric Sagnes
986510de45 logcheck module: use enum 2016-11-05 13:24:53 +09:00
Sophie Taylor
20e81f7c0d nixos/cjdns: tightened permissions via systemd, added caps 2016-11-04 17:00:23 +01:00
uwap
d9134ddb5d Add a package option for quassel (#20159) 2016-11-04 16:33:47 +01:00
Joachim Fasting
daf3ba426b
cjdns test: exercise host builder logic 2016-11-04 13:45:04 +01:00
Joachim Fasting
222cfd3233
cjdns module: fix typo 2016-11-04 13:44:48 +01:00
Eric Sagnes
ffc0e2f4fc network-interfaces module: use enum 2016-11-04 13:05:44 +09:00
Eric Sagnes
80b854739c grub module: use enum 2016-11-04 13:05:13 +09:00
Eric Sagnes
797d40767d fcgiwrap module: use enum 2016-11-04 13:04:52 +09:00
Eric Sagnes
8f8184ece1 tinc module: use enum 2016-11-04 13:04:17 +09:00
Eric Sagnes
5a3c2e3db0 bitlbee module: use enum 2016-11-04 13:03:53 +09:00
Eric Sagnes
943f161fc5 ghost-one module: use enum 2016-11-04 13:03:18 +09:00
Joachim F
9f94595485 Merge pull request #20121 from mbrgm/fix/smokeping-setuid-fping
smokeping service: Use setuid-wrapped fping binary
2016-11-04 00:01:23 +01:00
Nikolay Amiantov
5187c28f91 parsoid service: don't run as a superuser 2016-11-03 19:20:19 +03:00
Nikolay Amiantov
0fa07f1b20 parsoid service: fix for new parsoid 2016-11-03 19:20:19 +03:00
Ricardo M. Correia
af01fa71e0 nixos.libvirtd: fix broken VMs due to emulator path changes
This had already been fixed in f52f9bf7cd,
but the problem was reintroduced in
bce59a1a8b because the path to the XML
files changed.
2016-11-03 14:55:44 +01:00
Andrew R. M
a31bf8961a grub bootloader: add forceInstall option
Using the --force option on GRUB isn't recommended, but there are very
specific instances where it makes sense. One example is installing on a
partitionless disk.
2016-11-03 05:50:42 -04:00
Marius Bergmann
51652ac3aa smokeping service: Use setuid-wrapped fping binary
The current default probe config uses the unwrapped fping binary, which
leads to an error because fping must be executed with elevated
permissions.

I fixed this by changing the path to the default binary to the
setuid-wrapped version.
2016-11-03 09:44:21 +01:00
Franz Pletz
8085aff315 Merge pull request #20015 from Mic92/adb
adb: init module
2016-11-03 06:29:28 +01:00
Peter J. Jones
d19967bf48 vsftpd service: add extraConfig option, set anon_root (#20069)
This commit includes two changes:

  1. A new `extraConfig` option to allow administrators to set any
     vsftpd configuration option that isn't directly supported by this
     derivation.

  2. Correctly set the `anon_root` vsftpd option to `anonymousUserHome`
2016-11-03 05:06:47 +01:00
Eric Sagnes
7fd38dc8b3 znc module: optionSet -> submodule (#20096) 2016-11-03 05:02:14 +01:00
Tim Steinbach
08fb099b82 Merge pull request #20085 from mbrgm/fix/smokeping-permissions
smokeping service: Fix permissions in $smokepingHome
2016-11-02 20:26:29 -04:00
Tim Steinbach
04b22dd935 Merge pull request #19982 from sternenseemann/netcat
Make netcat-openbsd the default netcat
2016-11-02 19:44:29 -04:00
Bjørn Forsman
2f8ac21e1b nixos: remove test-config-examples.sh (obsolete)
This file has been non-functional for over two years, since
commit f002a27a80 ("Remove obsolete directory") removed
.../doc/config-examples/.
2016-11-02 22:46:19 +01:00