Commit graph

4319 commits

Author SHA1 Message Date
Kranium Gikos Mendoza
356f1bdac8 sniproxy service: init 2016-05-11 13:27:28 +08:00
Herwig Hochleitner
2d280840f8 gnome-keyring: add gcr dependency to service
gcr is used to provide the popup dialog, this fixes gnome-keyring for
non-gnome sessions
2016-05-10 19:53:33 +02:00
Joachim Fasting
d4d7bfe07b
grsecurity: add option to disable chroot caps restriction
The chroot caps restriction disallows chroot'ed processes from running
any command that requires `CAP_SYS_ADMIN`, breaking `nixos-rebuild`. See
e.g., https://github.com/NixOS/nixpkgs/issues/15293

This significantly weakens chroot protections, but to break
nixos-rebuild out of the box is too severe.
2016-05-10 16:17:08 +02:00
Joachim Fasting
e38e3dcdb6
dnscrypt-proxy service: allow user to specify their own resolver list 2016-05-10 07:08:37 +02:00
Joachim Fasting
bd448b7139
dnscrypt-proxy service: use up-to-date dnscrypt-resolvers list
The list of public proxies is updated now and again and it's probably a
good idea to always work from the most recent list, rather than the one
that is shipped with the release.  This can be crucial in case of
resolvers that are revealed to have gone rogue or otherwise have been
compromised.
2016-05-10 07:07:58 +02:00
rnhmjoj
e8fff51947
unclutter: prevent service restarting too soon 2016-05-09 23:28:30 +02:00
Vladimír Čunát
65a9fa8cdc Merge branch 'master' into staging 2016-05-08 21:24:48 +02:00
Joachim Fasting
87a28c9385
transmission service: fix libcap lib output reference
After 7382afac40
2016-05-07 21:48:54 +02:00
Joachim Fasting
c5d1bff2b6
apparmor-suid module: fix libcap lib output reference
After 7382afac40
2016-05-07 21:48:29 +02:00
Joachim Fasting
1d2fcde841
dnscrypt-proxy service: fix libcap output reference
After 7382afac40 shared objects are in
`libcap.lib`
2016-05-07 20:18:27 +02:00
Joachim Fasting
5b90702cd6 Merge pull request #15243 from sindikat/patch-1
update docs for services.dictd.* config options
2016-05-07 16:44:41 +02:00
Nikolay Amiantov
17e4803de7 initrd-ssh service: fix build 2016-05-07 15:38:46 +03:00
Nikolay Amiantov
f7c02f8670 ejabberd service: add image thumbnailing support 2016-05-07 14:31:16 +03:00
Nikolay Amiantov
c99b050af0 Merge commit 'refs/pull/14568/head' of git://github.com/NixOS/nixpkgs into staging 2016-05-07 03:44:06 +03:00
aszlig
67223ee205
nixos/stage-1: Don't kill kernel threads
Unfortunately, pkill doesn't distinguish between kernel and user space
processes, so we need to make sure we don't accidentally kill kernel
threads.

Normally, a kernel thread ignores all signals, but there are a few that
do. A quick grep on the kernel source tree (as of kernel 4.6.0) shows
the following source files which use allow_signal():

  drivers/isdn/mISDN/l1oip_core.c
  drivers/md/md.c
  drivers/misc/mic/cosm/cosm_scif_server.c
  drivers/misc/mic/cosm_client/cosm_scif_client.c
  drivers/net/wireless/broadcom/brcm80211/brcmfmac/sdio.c
  drivers/staging/rtl8188eu/core/rtw_cmd.c
  drivers/staging/rtl8712/rtl8712_cmd.c
  drivers/target/iscsi/iscsi_target.c
  drivers/target/iscsi/iscsi_target_login.c
  drivers/target/iscsi/iscsi_target_nego.c
  drivers/usb/atm/usbatm.c
  drivers/usb/gadget/function/f_mass_storage.c
  fs/jffs2/background.c
  fs/lockd/clntlock.c
  fs/lockd/svc.c
  fs/nfs/nfs4state.c
  fs/nfsd/nfssvc.c

While not all of these are necessarily kthreads and some functionality
may still be unimpeded, it's still quite harmful and can cause
unexpected side-effects, especially because some of these kthreads are
storage-related (which we obviously don't want to kill during bootup).

During discussion at #15226, @dezgeg suggested the following
implementation:

for pid in $(pgrep -v -f '@'); do
    if [ "$(cat /proc/$pid/cmdline)" != "" ]; then
        kill -9 "$pid"
    fi
done

This has a few downsides:

 * User space processes which use an empty string in their command line
   won't be killed.
 * It results in errors during bootup because some shell-related
   processes are already terminated (maybe it's pgrep itself, haven't
   checked).
 * The @ is searched within the full command line, not just at the
   beginning of the string. Of course, we already had this until now, so
   it's not a problem of his implementation.

I posted an alternative implementation which doesn't suffer from the
first point, but even that one wasn't sufficient:

for pid in $(pgrep -v -f '^@'); do
    readlink "/proc/$pid/exe" &> /dev/null || continue
    echo "$pid"
done | xargs kill -9

This one spawns a subshell, which would be included in the processes to
kill and actually kills itself during the process.

So what we have now is even checking whether the shell process itself is
in the list to kill and avoids killing it just to be sure.

Also, we don't spawn a subshell anymore and use /proc/$pid/exe to
distinguish between user space and kernel processes like in the comments
of the following StackOverflow answer:

http://stackoverflow.com/a/12231039

We don't need to take care of terminating processes, because what we
actually want IS to terminate the processes.

The only point where this (and any previous) approach falls short if we
have processes that act like fork bombs, because they might spawn
additional processes between the pgrep and the killing. We can only
address this with process/control groups and this still won't save us
because the root user can escape from that as well.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Fixes: #15226
2016-05-06 16:24:42 +02:00
Lluís Batlle i Rossell
9f6afb7d78 Fixing nfsd service, wait on local-fs.
Otherwise, mountd was started exporting directories before local-fs was ready,
and it failed to start nfsd on missing fs.
2016-05-06 15:03:30 +02:00
Peter Simons
d270604117 nixos: remove redundant services.dovecot2.package option
Instead of using this option, please modify the dovecot package by means of an
override. For example:

  nixpkgs.config.packageOverrides = super: {
    dovecot = super.dovecot.override { withPgSQL = true; };
  };

Closes https://github.com/NixOS/nixpkgs/issues/14097.
2016-05-06 10:10:06 +02:00
zimbatm
3ade1e7d3e Merge branch 'pr/14911' 2016-05-05 21:28:27 +01:00
Joaquim Pedro França Simão
133dc10e5a open-vm-tools: fixes host VMware errors 2016-05-05 21:27:54 +01:00
Mirzhan Irkegulov
0d28a8a501 update docs for services.dictd.* config options
added types for both options and an example for services.dictd.DBs
2016-05-05 20:11:16 +01:00
Eric Litak
3531c42e5d
factorio: module fixes 2016-05-05 20:11:52 +02:00
Joachim Fasting
23fd70b719 Merge pull request #15018 from ericsagnes/pkg-fix/php
php: add default php.ini
2016-05-05 19:16:04 +02:00
Joachim Fasting
5f09248ae8 Merge pull request #15228 from rnhmjoj/master
unclutter: switch to user service and add options
2016-05-05 18:37:27 +02:00
Vladimír Čunát
1dc36904d8 Merge #14920: windows improvements, mainly mingw 2016-05-05 08:30:19 +02:00
rnhmjoj
e34814e317
unclutter: switch to user service and add options 2016-05-04 21:15:49 +02:00
Joachim Fasting
0a61ab5845 Merge pull request #15200 from Pleune/fix/bspwm-java-noreparenting
bspwm: add _JAVA_AWT_WM_NONREPARENTING=1
2016-05-04 06:18:38 +02:00
Joachim Fasting
da767356f2
grsecurity: support disabling TCP simultaneous connect
Defaults to OFF because disabling TCP simultaneous connect breaks some
legitimate use cases, notably WebRTC [1], but it's nice to provide the
option for deployments where those features are unneeded anyway.

This is an alternative to https://github.com/NixOS/nixpkgs/pull/4937

[1]: http://article.gmane.org/gmane.linux.documentation/9425
2016-05-04 03:53:24 +02:00
Mitchell Pleune
571e9b5f1f bspwm: add _JAVA_AWT_WM_NONREPARENTING=1
bspwm is not in java's internal list of non-reparrenting
window managers. See https://awesomewm.org/wiki/Problems_with_Java
2016-05-03 17:46:48 -04:00
Bjørn Forsman
78b6e8c319 jenkins service: improve curl call in postStart
* Perform HTTP HEAD request instead of full GET (lighter weight)
* Don't log output of curl to the journal (it's noise/debug)
* Use explicit http:// URL scheme
* Reduce poll interval from 10s to 2s (respond to state changes
  quicker). Probably not relevant on boot (lots of services compete for
  the CPU), but online service restarts/reloads should be quicker.
* Pass --fail to curl (should be more robust against false positives)
* Use 4 space indent for shell code.
2016-05-03 23:12:45 +02:00
Bjørn Forsman
51e5beca42 jenkins service: remove unneeded (and brittle) part of postStart
The current postStart code holds Jenkins off the "started" state until
Jenkins becomes idle. But it should be enough to wait until Jenkins
start handling HTTP requests to consider it "started".

More reasons why the current approach is bad and we should remove it,
from @coreyoconnor in
https://github.com/NixOS/nixpkgs/issues/14991#issuecomment-216572571:

  1. Repeatedly curling for a specific human-readable string to
  determine "Active" is fragile. For instance, what happens when jenkins
  is localized?

  2. The time jenkins takes to initializes is variable. This (at least
  used to) depend on the number of jobs and any plugin upgrades requested.

  3. Jenkins can be requested to restart from the UI. Which will not
  affect the status of the service. This means that the service being
  "active" does not imply jenkins is initialized. Downstream services
  cannot assume jenkins is initialized if the service is active. Might
  as well accept that and remove the initialized test from service
  startup.

Fixes #14991.
2016-05-03 22:24:13 +02:00
Tuomas Tynkkynen
aadaa91379 Merge remote-tracking branch 'upstream/master' into staging
Conflicts:
	pkgs/applications/networking/browsers/vivaldi/default.nix
	pkgs/misc/emulators/wine/base.nix
2016-05-03 23:12:48 +03:00
William A. Kennington III
4dc716115f Add missing files
(cherry picked from commit 5917fc2f50c87bbdd6ba0be339849a030a7eba10)
2016-05-02 13:04:41 -05:00
William A. Kennington III
60b3484928 dbus: Fix for new 1.10 version
(cherry picked from commit 68a4a6df3971d66aa988bba680351a30fbadbed3)
2016-05-02 13:04:20 -05:00
Joachim Fasting
60a27781d6
grsecurity module: fix grsec-lock unit ordering
Requirement without ordering implies parallel execution; it is crucial
that sysctl tunables are finalized before the lock is engaged, however.
2016-05-02 11:28:24 +02:00
Arseniy Seroka
48b739cc25 Merge pull request #15094 from jraygauthier/jrg/brscan4_init_rebased
brscan4: init at 0.4.3-3
2016-05-01 21:48:30 +03:00
Raymond Gauthier
758e8bd1a1 brscan4: init at 0.4.3-3
A sane backend for recent brother scanners.

Depends on the presence of etc files generated by the
nixos module of the same name.

Supports network scanner specification through the
nixos module.
2016-05-01 14:42:25 -04:00
Tobias Geerinckx-Rice
5508687ec2
Remove now useless proprietary Copy.com client and service
<https://techlib.barracuda.com/Copy/FAQ>

SaaS.
2016-05-01 14:38:08 +02:00
Thomas Tuegel
dbe1bb06d9 Merge pull request #14741 from cruegge/dbus-activation-environment
xsession: Update DBus activation environment
2016-05-01 06:55:35 -05:00
Franz Pletz
02760890f3 Merge pull request #14992 from avnik/rspamd
Rspamd/Rmilter update
2016-05-01 12:49:56 +02:00
Thomas Tuegel
370120bd5f kde5: don't install GStreamer modules system-wide 2016-04-30 12:22:01 -05:00
Thomas Tuegel
2875293615 nixos/networkmanager: fix syntax error 2016-04-30 12:20:06 -05:00
Arseniy Seroka
277154e901 Merge pull request #15078 from phile314/master
elasticsearch: Install elastic search modules properly
2016-04-29 20:31:47 +03:00
Joachim Fasting
4fb9b060c3 Merge pull request #15063 from mayflower/upstream/graylog
Add graylog package and service
2016-04-29 15:32:53 +02:00
Philipp Hausmann
7d7380b011 elasticsearch: Install elastic search modules properly, fixes groovy script support. 2016-04-29 12:59:50 +02:00
Nahum Shalman
83c0aca062 installer: simple PXE bootable NixOS installer
The Nix store squashfs is stored inside the initrd instead of separately

(cherry picked from commit 976fd407796877b538c470d3a5253ad3e1f7bc68)
Signed-off-by: Domen Kožar <domen@dev.si>
2016-04-29 10:42:39 +01:00
Eelco Dolstra
ecfc523d32 Update EC2 AMIs to 16.03.659.011ea84
This includes the binutils mass rebuild.
2016-04-29 10:28:35 +02:00
Eric Sagnes
a8bc5b67f8 php: add default php.ini 2016-04-29 15:26:20 +09:00
Joachim Fasting
45c0a63c17 Merge pull request #15014 from groxxda/refactor/fail2ban
fail2ban: rework service
2016-04-29 01:26:55 +02:00
Tristan Helmich
e48580c083 graylog service: Initial graylog service 2016-04-28 23:27:57 +02:00
Nikolay Amiantov
c4440c9c74 Revert "pulseaudio: select correct outputs"
This reverts commit 5e2bb0b31c.
2016-04-28 17:06:09 +03:00
Nikolay Amiantov
5e2bb0b31c pulseaudio: select correct outputs
Original fixes by ttuegel and peterhoeg.
2016-04-28 16:45:42 +03:00
Nikolay Amiantov
d619a75da1 pulseaudio: select correct outputs
Original fixes by ttuegel and peterhoeg.
2016-04-28 16:42:16 +03:00
Alexander V. Nikolaev
36954ee405 rspamd: configurable bindSocket and bindUISocket 2016-04-28 14:21:19 +03:00
Alexander V. Nikolaev
5c260399e1 rmilter: correct paths to sockets 2016-04-28 14:21:18 +03:00
Alexander V. Nikolaev
c84c174eb2 rmilter: socket activation in nixos 2016-04-28 14:21:04 +03:00
Tuomas Tynkkynen
de0847c731 taskserver service: Really check that it is enabled 2016-04-28 01:14:17 +03:00
Tuomas Tynkkynen
4ff8f377af Merge remote-tracking branch 'upstream/master' into staging 2016-04-28 00:13:53 +03:00
Tuomas Tynkkynen
49d1acb50f Merge pull request #14896 from elitak/rtl8723bs
rtl8723bs: improved build and split off firmware
2016-04-28 00:04:44 +03:00
Graham Christensen
56f8206b85 Update etc example to not use a real config file
A user noticed the example for `hosts`, took the `mode` permissions literally, and ended up with surprising behavior on their system. Updating the documentation to not reference a real config file which might have real permissions requirements.
2016-04-27 10:27:52 -05:00
Nikolay Amiantov
e6e7c1e914 logmein-hamachi: init at 2.1.0.139, add nixos service 2016-04-27 16:15:01 +03:00
Nikolay Amiantov
c5fcab987b pulseaudio service: fix service path 2016-04-27 15:51:28 +03:00
Nikolay Amiantov
21f984f590 xfce service: add noDesktop option 2016-04-27 14:59:56 +03:00
Nikolay Amiantov
7ac1ef05fa networkmanager service: fixup 2016-04-27 13:51:43 +03:00
Nikolay Amiantov
16bdef1350 bluetooth service: fix w.r.t. multiple outputs 2016-04-27 13:48:06 +03:00
Nikolay Amiantov
5a40332d70 unix-odbc-drivers module: update for new unixODBCDrivers 2016-04-26 23:58:11 +03:00
Nikolay Amiantov
89dfbd1215 Merge commit 'refs/pull/14936/head' of git://github.com/NixOS/nixpkgs 2016-04-26 23:14:47 +03:00
Alexander Ried
fc941899a3 fail2ban: rework service 2016-04-26 20:34:41 +02:00
Nikolay Amiantov
23a093ebe8 dbus service: fix path to the launch helper 2016-04-26 16:10:30 +03:00
Nikolay Amiantov
dfe608c8a2 symlinkJoin: accept set as an argument with additional options 2016-04-26 15:37:42 +03:00
Thomas Tuegel
c25907d072 network-manager: multiple outputs 2016-04-25 19:04:24 -05:00
Thomas Tuegel
522ed7ce76 nixos/kde5: phonon-backend-gstreamer is not optional 2016-04-25 19:04:24 -05:00
Thomas Tuegel
5896befee0 nixos/kde5: install kactivitymanagerd 2016-04-25 19:04:24 -05:00
Christoph Ruegge
769a33bedd xsession: make updating DBus environment optional 2016-04-25 23:37:18 +02:00
Arseniy Seroka
fd5ed06b0d Merge pull request #14977 from jerith666/crashplan-46-r3
Crashplan: 4.6.0-r2 -> 4.6.0-r3
2016-04-25 20:38:42 +03:00
Franz Pletz
e16851b900 networking module: Add some missing literalExample 2016-04-25 18:15:52 +02:00
Matt McHenry
8262d7bdd4 crashplan: always overwrite binaries in /var/lib/ to ensure that updates are applied fully 2016-04-25 12:11:50 -04:00
Nikolay Amiantov
5f19542581 Merge commit 'refs/pull/14694/head' of git://github.com/NixOS/nixpkgs into staging 2016-04-25 18:02:23 +03:00
Nikolay Amiantov
09f02b918e Merge branch 'master' of git://github.com/NixOS/nixpkgs into staging 2016-04-25 18:02:10 +03:00
Tuomas Tynkkynen
1d4b21ef42 treewide: Use correct output of config.nix.package in non-string contexts 2016-04-25 16:44:38 +02:00
Tuomas Tynkkynen
60f5659dad treewide: Use correct output in ${config.nix.package}/bin 2016-04-25 16:44:37 +02:00
Tuomas Tynkkynen
bee04a37ad amazon-init.nix: Use makeBinPath
This also fixes the incorrect use of 'dev' outputs from
config.nix.package and pkgs.systemd.
2016-04-25 16:44:37 +02:00
Tuomas Tynkkynen
70f5c840af nix-daemon service: Don't have the output in the `nix.package' option
1) It unnecessarily exposes implementation details.
2) It breaks all existing configs that have e.g.
   `nix.package = pkgs.nixUnstable;`.
2016-04-25 16:44:37 +02:00
Théophane Hufschmitt
201590fd97 zerobin service : init 2016-04-25 13:18:58 +02:00
Nikolay Amiantov
5ede7d4d92 octoprint: use makeSearchPathOutput 2016-04-25 13:24:40 +03:00
Nikolay Amiantov
5ff40ddedf add get* helper functions and mass-replace manual outputs search with them 2016-04-25 13:24:39 +03:00
Nikolay Amiantov
ab0a0c004e makeSearchPathOutputs: refactor to makeSearchPathOutput 2016-04-25 13:24:39 +03:00
Vladimír Čunát
7cf8daa2bb nixos: rename chroot* to sandbox*
On Nix side this was done months ago:
https://github.com/NixOS/nix/pull/682
2016-04-25 11:04:08 +02:00
Eric Litak
4c415e59a4 rtl8723bs-firmware: init, split off from rtl8723bs 2016-04-25 00:41:25 -07:00
David Guibert
23e3cbeca4 kerberos_server: fix evaluation (closes #14928) 2016-04-24 22:05:45 +02:00
Franz Pletz
8cca66f774 Merge pull request #14018 from kampfschlaefer/feature/hostbridge_and_ipv6_for_containers
containers: hostbridge and IPv6
2016-04-24 20:33:46 +02:00
Franz Pletz
882391a162 redshift service: run as user service
Fixes #14882.
2016-04-24 19:48:10 +02:00
Al Zohali
fb6ea3dead postgresql service: initialScript fixup 2016-04-23 22:28:12 +03:00
Joachim Fasting
1dde66596f Merge pull request #14915 from elitak/unifi
unifi, mfi: closure-size fix, relocatable data dir
2016-04-23 19:06:51 +02:00
Joachim Fasting
343f444dba Merge pull request #14925 from mayflower/emby-upstream
emby: init at 3.0.5930
2016-04-23 18:09:32 +02:00
Graham Christensen
788122c3c5 facetimehd: Only unload module if it is loaded
The pre-sleep service exits if any command fails. Unloading facetimehd
without it being loaded blocks subsequent commands from running.

Note: `modprobe -r` works a bit better when unloading unused modules,
and is preferrable to `rmmod`. However, the facetimehd module does not
support suspending. In this case, it seems preferable to forcefully
unload the module. `modprobe` does not support a `--force` flag when
removing, so we are left with `rmmod`.

See:
 - https://github.com/NixOS/nixpkgs/pull/14883
 - https://github.com/patjak/bcwc_pcie/wiki#known-issues
2016-04-23 09:37:01 -05:00
Tristan Helmich
c145f6eaa7 emby service: new service 2016-04-23 16:13:53 +02:00
Tuomas Tynkkynen
bd18cc3cdc Merge pull request #14888 from dezgeg/pr-kill-module-init-tools
Delete all usages of module_init_tools and remove the package
2016-04-23 14:29:41 +03:00
Eric Litak
032f3e721c unifi: relocatable data dir 2016-04-22 22:43:55 -07:00
Eric Litak
86357de0c8 mfi: relocatable data dir 2016-04-22 22:43:45 -07:00
Eric Litak
08546d3a20 unifi: fix for closure-size changes 2016-04-22 22:39:28 -07:00
Vladimír Čunát
e9379f7416 Merge branch 'staging'
This includes a fix to closure-size regression that moved
share/doc/*/ to share/doc/
2016-04-22 16:49:09 +02:00
Thomas Tuegel
b4ff81ffd6 phonon-backend-vlc: init at 0.9.0 2016-04-22 08:11:10 -05:00
Thomas Tuegel
8b585cc9f5 phonon: 4.8.3 -> 4.9.0
- Removed phonon-backend-vlc.
- Moved qt5.phonon to kde5.phonon.
2016-04-22 07:56:02 -05:00
Evgeny Egorochkin
a05ba7375d quassel: use qt4 version of the daemon because as of now qt5 version fails to use proxies(connection refused) 2016-04-22 12:59:26 +03:00
Tuomas Tynkkynen
d0c127487f qemu-img: Fix module paths
They are compressed nowadays.

Not sure if these are really needed since nobody noticed they were
broken, but anyway...
2016-04-22 10:42:31 +03:00
Tuomas Tynkkynen
01854a850a treewide: Replace module_init_tools -> kmod
The former is deprecated and doesn't handle compressed kernel modules,
so all current usages of it are broken.
2016-04-22 10:40:57 +03:00
Joachim Fasting
2e7b0bbd22
hoogle service: fixups
Basic hardening
- Run as nobody:nogroup with a private /tmp, /home & /run/user
- Create working directory under /run (hoogle insists on writing to cwd
  and otherwise returns "something went wrong" to every query)

Option tweaks
- Provide a default for the haskellPackage option
- Set text values for defaults
- Move hoogleEnv to the top-level & simplify it
2016-04-22 03:58:08 +02:00
William Casarin
9c0997a0ef
hoogle service: init 2016-04-22 03:58:07 +02:00
Alexander Ried
1d6990db06 boot.loader.grub: fix variable name (#14855) 2016-04-20 22:27:34 +02:00
Eelco Dolstra
25387a1bed nixos-checkout: Remove
This command was useful when NixOS was spread across multiple
repositories, but now it's pretty pointless (and obfuscates what
happens, i.e. "git clone git://github.com/NixOS/nixpkgs.git").
2016-04-20 20:57:02 +02:00
Thomas Tuegel
b3317a020e nixos/pulseaudio: don't use dev output at runtime 2016-04-20 10:01:06 -05:00
Thomas Tuegel
2780894b1b kde5.startkde: init at 5.5.5 2016-04-20 10:01:06 -05:00
Benjamin Staffin
850ffee9fa Merge pull request #14212 from aneeshusa/add-mosh-service
mosh service: init
2016-04-18 14:31:59 -07:00
Eelco Dolstra
b4bf432709 nghttp2: 1.8.0 -> 1.9.2, unify with libnghttp2, and use multiple outputs
Note: I ignored the C++ libraries, but it appears we're not currently
using them. Once we do, we'll probably want to put them in a separate
output as well (to prevent non-C++ users from depending on Boost).
2016-04-18 21:13:18 +02:00
Eelco Dolstra
21a2f2ba3b nix: Add a "dev" output
This gets rid of boehm-dev in the closure (as well as Nix's own
headers).
2016-04-18 21:13:18 +02:00
Eelco Dolstra
0729f60697 Remove "which" from base.nix 2016-04-18 14:20:49 +02:00
Eelco Dolstra
cd396076ec Revert "Revert "Remove which -> type -P alias.""
This reverts commit ddd480ac30. Gave it
some more thought.
2016-04-18 14:20:49 +02:00
Eelco Dolstra
0c5e837b66 acme.nix: Fix unit descriptions
Unit descriptions should be capitalized, and timer units don't have
to describe that they're timers.
2016-04-18 14:20:49 +02:00
Aneesh Agrawal
77a4bd1a58 mosh program: init 2016-04-18 06:31:11 +00:00
Benjamin Staffin
f06c5d5757 Merge pull request #14728 from Baughn/patch-4
zfs: Update devNodes description
2016-04-16 16:07:50 -07:00
Joachim Fasting
9de93be6cd
cups service: use cups.out everywhere
Seeing as the dev output is the default, we probably want cups.out
everywhere.
2016-04-16 21:26:33 +02:00
Eric Sagnes
cfe062f2b6 input methods: fix gtk cache 2016-04-16 17:51:32 +09:00
Joachim Fasting
47330b1732
cups service: fix missing upstream systemd units caused by output splitting
Need to pass `cups.out` to `systemd.packages`, lest we end up with an invalid
generated unit containing only directives set in the service module.

This patch gives us a valid cups.service unit but, vexingly, does not fix the
test failure at NixOS/nixpkgs#14748
2016-04-16 09:47:17 +02:00
Christoph Ruegge
f270af1acd xsession: Update DBus activation environment
`dbus-launch` is executed early in the script, before desktop managers
had a chance to setup the environment. If DBus activation is used,
applications launched by this may therefore lack necessary environment
variables. This patch sends the complete environment to DBus after
launching the desktop manager.
2016-04-15 21:43:42 +02:00
Svein Ove Aas
f03dc59803 zfs: Update devNodes description 2016-04-15 17:25:32 +01:00
Joachim Fasting
83aae072f8
dnscrypt-proxy service: fix references to libcap & attr 2016-04-15 17:44:10 +02:00
joachifm
8b3c4348ab Merge pull request #14579 from elitak/factorio
factorio: 0.12.29 headless + server module
2016-04-15 16:14:14 +02:00
Domen Kožar
1834e72555 fix eval (explicit is better than implicit) 2016-04-15 10:39:11 +01:00
Eric Litak
13577e8785 factorio: headless server module 2016-04-14 23:03:36 -07:00
Tuomas Tynkkynen
ab428dce14 stage-1: Remove doublePatchelf hack
No longer needed with the new patchelf version.
2016-04-15 01:53:34 +03:00
aszlig
1f46decba7
nixos/taskserver: Fix reference to certtool.
With the merge of the closure-size branch, most packages now have
multiple outputs. One of these packages is gnutls, so previously
everything that we needed was to reference "${gnutls}/bin/..." and now
we need to use "${gnutls.bin}/bin/...".

So it's not a very big issue to fix.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-15 00:28:57 +02:00
aszlig
9ed9e268a2
Merge pull request #14476 (taskserver)
This adds a Taskserver module along with documentation and a small
helper tool which eases managing a custom CA along with Taskserver
organisations, users and groups.

Taskserver is the server component of Taskwarrior, a TODO list
application for the command line.

The work has been started by @matthiasbeyer back in mid 2015 and I have
continued to work on it recently, so this merge contains commits from
both of us.

Thanks particularly to @nbp and @matthiasbeyer for reviewing and
suggesting improvements.

I've tested this with the new test (nixos/tests/taskserver.nix) this
branch adds and it fails because of the changes introduced by the
closure-size branch, so we need to do additional work on base of this.
2016-04-15 00:21:49 +02:00
aszlig
940120a711
nixos/taskserver/doc: Improve example org name
Suggested by @nbp:

"Choose a better organization name in this example, such that it is less
confusing. Maybe something like my-company"

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-14 21:16:14 +02:00
Nikolay Amiantov
cb0b0190cb syncthing service: fix mkEnableOption call 2016-04-14 17:44:02 +03:00
Nikolay Amiantov
c9f2753c7b syncthing service: fix invalid conflict resolution 2016-04-14 17:38:25 +03:00
Peter Hoeg
32bc5cfa24 syncthing service: support running from systemd --user instance 2016-04-14 21:22:31 +08:00
Peter Simons
acaf255687 Merge pull request #14686 from wizeman/u/fix-updatedb
nixos.locate: fix update-locatedb service failure
2016-04-14 15:17:06 +02:00
joachifm
ca2e555793 Merge pull request #14646 from peterhoeg/flexget
flexget nixos module: run the service and specify configuration
2016-04-14 14:16:04 +02:00
Ricardo M. Correia
f5951c55f7 nixos.locate: fix update-locatedb service failure
It was failing with a `Read-only filesystem` failure due to the systemd
service option `ReadWriteDirectories` not being correctly configured.

Fixes #14132
2016-04-14 13:51:17 +02:00
obadz
079e1c76cf Revert "dbus nixos module: add units for systemd user session"
This reverts commit 83cb6ec399.

Was breaking: nix-build '<nixos/release.nix>' -A tests.xfce.x86_64-linux
2016-04-14 12:38:36 +01:00
Eelco Dolstra
840f3230a2 Restore default core limit of 0:infinity
Continuation of 79c3c16dcbb3b45c0f108550cb89ccd4fc855e3b. Systemd 229
sets the default RLIMIT_CORE to infinity, causing systems to be
littered with core dumps when systemd.coredump.enable is disabled.

This restores the 15.09 soft limit of 0 and hard limit of infinity.
2016-04-14 13:18:09 +02:00
Tuomas Tynkkynen
b3df6530f7 treewide: Mass replace 'sqlite}/bin' to refer to the correct outputs 2016-04-14 08:32:20 +03:00
Tuomas Tynkkynen
897e0d1224 treewide: Mass replace 'openssl}/bin' to refer to the correct outputs 2016-04-14 08:32:20 +03:00
Tuomas Tynkkynen
4d90f2d73d treewide: Mass replace 'ffmpeg}/bin' to refer to the correct outputs 2016-04-14 08:32:20 +03:00
Tuomas Tynkkynen
b9eb944990 treewide: Mass replace 'dbus_daemon}/bin' to refer to the correct outputs 2016-04-14 08:32:20 +03:00
Nikolay Amiantov
8b7ebaffeb replace makeSearchPath tree-wise to take care of possible multiple outputs 2016-04-13 22:09:41 +03:00
zimbatm
04267ed630 Merge pull request #14647 from MostAwesomeDude/tahoe
Tahoe-LAFS improvements
2016-04-13 16:39:53 +01:00
Vladimír Čunát
39ebb01d6e Merge branch 'staging', containing closure-size #7701 2016-04-13 09:25:28 +02:00
Peter Hoeg
34afbea236 flexget nixos module: run the service and specify configuration
This module adds support for defining a flexget service.

Due to flexget insisting on being able to write all over where it finds
its configuration file, we use a ExecStartPre hook to copy the generated
configuration file into place under the user's home. It's fairly ugly
and I'm very open to suggestions
2016-04-13 12:08:02 +08:00
Corbin
d5c9a80ccd services/tahoe: Add tub.location for specifying external IPs.
Invaluable for wiring up clouds.
2016-04-12 18:44:25 -07:00