Commit graph

12614 commits

Author SHA1 Message Date
Félix Baylac-Jacqué
a628f5efd9
modules/vsftpd: Add virtual users support
Add a virtual user system based around pam and a Berkeley
user database.

Adding the:

- localRoot
- userDbPath
- allowWriteableChroot
- virtualUseLocalPrivs

Vsftpd options.
2019-11-13 18:17:04 +01:00
Franz Pletz
60f2e4f831
nixos/varnish: fix default package name 2019-11-13 16:39:45 +01:00
tobim
4a9d5493b7 mpd: 0.20.13 -> 0.21.16 (#57608)
* Refactor mpd

* mpd: 0.20.13 -> 0.21.5

Switch to meson based build, following upstream.

* Fix mpd on darwin

* mpd: 0.21.5 -> 0.21.6

* mpd-small: init add 0.21.6

* Update to 0.21.8 & fix ouput path

Also use pname instead of name.

* Update to 0.21.9

* Integrate review suggestions

- Expose run function as mpdWithFeatures.
- Throw on invalid feature requests.
- Drop major/minor version variables.
- Cosmetic improvements.

* Update to 0.21.10

* mpd: 0.21.10 -> 0.21.11

* mpd: 0.21.11 -> 0.21.12

* mpd: log to journal

* mpd: 0.21.12 -> 0.21.14

* mpd: add tobim to maintainers

* mpd: reenable syslog support

* mpd: 0.21.14 -> 0.21.15

* mpd: 0.21.15 -> 0.21.16
2019-11-13 15:38:46 +00:00
Alyssa Ross
7813c249ef
nixos/postfix: add missing setgid wrapper
This is basically an alias for a special case of postqueue, which
already has a setgid wrapper.  Would be silly to allow postqueue -p
but not mailq.
2019-11-13 15:31:32 +00:00
Franz Pletz
cebc13529a
Merge pull request #73211 from c0bw3b/mod/libvirt
nixos/libvirtd: install /etc/ethertypes
2019-11-13 14:14:19 +00:00
Frederik Rietdijk
17b9054320 Revert "nixos/syncthing: simple versioning"
Descriptions are missing for params and type, blocking channels
from advancing.

https://nix-cache.s3.amazonaws.com/log/nkclpxwm91qhw0v1jg5dvzzckb7zh23s-nixpkgs-metrics.drv

This reverts commit 69493cc67a.
2019-11-13 12:25:52 +01:00
markuskowa
6928cb22e9
Merge pull request #73179 from markuskowa/fix-slurm
nixos/slurm: fix test and X11 options
2019-11-12 21:49:29 +01:00
worldofpeace
b252047216
Merge pull request #71390 from hedning/enable-gnome-shell-RT
Enable soft real time for gnome shell
2019-11-12 20:32:05 +00:00
Ingolf Wagner
69493cc67a nixos/syncthing: simple versioning
add simple versioning. I did not add the other versioning
types because I did not understand most of them.
2019-11-12 19:29:18 +01:00
toonn
82fc9ab5c8 nixos/wpa_supplicant: fix unit-start script
Ever since setting up bonding the `wpa_supplicant-unit-start` script has
been failing. This is because the file `bonding_masters` in
`/sys/class/net/` is *not* a directory containing `uevent`.

Adding a test to verify the `uevent` path to be sourced exists resolves
the problem.
2019-11-12 17:53:29 +01:00
Aaron Andersen
1759424fc6 nixos/mailcatcher: add http.path option 2019-11-12 10:11:24 -05:00
Frederik Rietdijk
d688c7cd05 Merge staging-next into staging 2019-11-12 14:32:56 +01:00
adisbladis
cc562268b4
Merge pull request #73232 from etu/disable-systemwide-pulse-iso
profiles/graphical.nix: Drop systemWide pulseaudio in iso
2019-11-12 12:43:41 +00:00
worldofpeace
470254a6da
Merge pull request #72959 from worldofpeace/gnome-flashback-systemd
nixos/gnome3: add gnome-flashback to systemd.packages
2019-11-12 01:53:09 +00:00
worldofpeace
ce26b3eaf0 nixos/slim: remove
The SLIM project is abandoned and their last release was in 2013.
Because of this it poses a security risk to systems, no one is working
on it or picked up maintenance. It also lacks compatibility with systemd
and logind sessions. For users, there liikely isn't anything like slim
that's as lightweight in terms of dependencies.
2019-11-11 17:10:41 -05:00
Jan Tojnar
1569632bf8
Merge branch 'staging-next' into staging 2019-11-11 22:28:32 +01:00
worldofpeace
c9601a67a5
Merge pull request #71622 from worldofpeace/iso-no-slim
installer: use sddm in plasma5
2019-11-11 20:46:32 +00:00
Elis Hirwing
4403cd16f9
profiles/graphical.nix: Drop systemWide pulseaudio in iso
It's not needed since #66338 and should have been done earlier.

This is based on a follow-up on #56167.
2019-11-11 17:07:42 +01:00
Aaron Andersen
d68d23bb26
Merge pull request #72767 from Izorkin/phpfpm-fix
nixos/phpfpm: fix apply global phpOptions
2019-11-11 07:45:28 -05:00
Florian Klink
60390c81dc
Merge pull request #72603 from flokli/ceph-tmpfiles
nixos/ceph: run unprivileged, use state directories, handle non-initialized clusters without config switch
2019-11-11 13:42:54 +01:00
Frederik Rietdijk
73b88e17dd Merge staging-next into staging 2019-11-11 12:09:26 +01:00
c0bw3b
8d3ef32135 nixos/libvirtd: install /etc/ethertypes
Fix #58200
2019-11-11 11:42:16 +01:00
Florian Klink
848399f448
Merge pull request #72390 from flokli/bump-opensmtpd
opensmtpd: 6.4.2p1 -> 6.6.1p1
2019-11-11 01:56:24 +01:00
Markus Kowalewski
472e165b56
nixos/slurm: add option for external slurmdbd.conf
Slurmdbd requires a password database which is stored in slurmdbd.conf.
A seperate config file avoids that the password ends up in the nix store.

Slurmdbd does 19.5 does not support MySQL socket conections.
Adapated the slurm test to provide username and password.
2019-11-10 21:28:09 +01:00
Samuel Dionne-Riel
40f7a343e1
Merge pull request #72751 from c00w/sd_image_hydra
sd-image: Add the compressed file path for hydra.
2019-11-10 13:44:52 -05:00
Izorkin
d35ba101c5 samba: remove redundant dependency on network.target
This reverts commit 679d5e8bd5.
Services samba-smbd, samba-nmbd and samba-winbind are part of
samba.target, which already has an After=network.target
2019-11-10 20:03:00 +03:00
Markus Kowalewski
8219a3b713
nixos/slurm: fix X11 with spank module
* Fix path in module for slurm to find plugstack.conf
* Fix configure flags so that slurm can be compiled
  without internal X11 support (required for spank-x11).
2019-11-10 14:04:54 +01:00
Aaron Andersen
d2d009f4a6
Merge pull request #73080 from flokli/nixos-samba-python-tmpfiles
nixos/samba: use tmpfiles, port test to python
2019-11-09 21:05:50 -05:00
worldofpeace
488e6b7a23
Merge pull request #73059 from flokli/nixos-test-port-tinydns
nixos/tinydns: port test to python
2019-11-09 21:53:07 +00:00
worldofpeace
6783fdd561
Merge pull request #71416 from worldofpeace/gnome3-sound-theme
nixos/gnome3: add sound-theme-freedesktop
2019-11-09 21:33:49 +00:00
Peter Hoeg
954e234b98 nixos/haproxy: support hot-reload without dropping packets 2019-11-09 10:11:57 -08:00
Florian Klink
ffd0060869 nixos/ceph: use ConditionPathExists to delay ceph daemon start
This prevents services to be started before they're initialized, and
renders the `systemd.targets.ceph.wantedBy = lib.mkForce [];` hack in
the vm tests obsolete - The config now starts up ceph after a reboot,
too.

Let's take advantage of that, crash all VMs, and boot them up again.
2019-11-09 16:13:13 +01:00
Florian Klink
67e0777f62 nixos/ceph: run unprivileged, use StateDirectory and tmpfiles, don't pass extraServiceConfig
Don't pass user and group to ceph, and rely on it to drop ceps, but let
systemd handle running it as the appropriate user.

This also inlines the extraServiceConfig into the makeService function,
as we have conditionals depending on daemonType there anyways.

Use StateDirectory to create directories in
/var/lib/ceph/${daemonType}/${clusterName}-${daemonId}.

There previously was a condition on daemonType being one of mds,mon,rgw
or mgr. We only instantiate makeServices with these types, and "osd" was
special.
In the osd case, test examples suggest it'd be in something like
/var/lib/ceph/osd/ceph-${cfg.osd0.name} - so it's not special at all,
but exactly like the pattern for the others.

During initialization, we also need these folders, before the unit is
started up. Move the mkdir -p commands in the vm tests to the line
immediately before they're required.
2019-11-09 16:02:53 +01:00
Florian Klink
64c9c08302 nixos/ceph: create /etc/ceph and /var/lib/ceph via tmpfiles
We seem to be relying on those being present during runtime anyways.
2019-11-09 15:27:45 +01:00
Thomas Tuegel
8e639f142f
Merge pull request #71986 from mtetreault/mte/plymouth-improvements
plymouth: Add extra config field
2019-11-09 08:17:14 -06:00
Lorenzo Manacorda
412f6a967d wireguard: add creation and destination namespaces
The two new options make it possible to create the interface in one namespace
and move it to a different one, as explained at https://www.wireguard.com/netns/.
2019-11-09 11:59:14 +01:00
Red Davies
62e421fbb2 nixos/httpd: module fixes enableUserDir (attendum to #72789) 2019-11-09 00:53:56 +00:00
Silvan Mosberger
3022fde292
Merge pull request #71576 from ShaRose/patch-1
nixos/dnsdist: Add CAP_NET_BIND_SERVICE to AmbientCapabilities
2019-11-09 00:07:09 +01:00
Florian Klink
18f9cfa1c0 nixos/samba: update module to use tmpfiles, remove samba-setup service 2019-11-08 23:25:55 +01:00
Florian Klink
cced569cac
Merge pull request #73049 from flokli/fix-redis-merge
nixos/redis: fix merging
2019-11-08 22:13:54 +01:00
Florian Klink
cbd9e9e01f nixos/tinydns: order service after network.target
In cases where you boot up really quickly (like in the VM test on a
non-busy host), tinydns might want to bind before the loopback interface
is fully up. Order tinydns after network.target to fix that.
2019-11-08 17:26:34 +01:00
Silvan Mosberger
9fe4e06812 nixos/systemd: Allow unit options to have multiple equal defs (#73024)
E.g. this allows

  systemd.services.<name?>.serviceConfig.DynamicUser =
    mkMerge [ true true ];
2019-11-08 15:45:44 +00:00
Florian Klink
6303131eb9 nixos/redis: fix merging
https://github.com/NixOS/nixpkgs/pull/71584 did merging without mkMerge.

cc @jtojnar
2019-11-08 15:38:06 +01:00
Florian Klink
e349b6e0fe nixos/opensmtpd: refactor to use tmpfiles to set up spool directories 2019-11-08 15:05:18 +01:00
Peter Hoeg
d2f083160f
Merge pull request #65971 from jb55/zoneminder-fix
zoneminder: fix nginx config
2019-11-08 17:05:27 +08:00
worldofpeace
b53e773220
Merge pull request #73004 from philandstuff/patch-1
ssh-agent: fix syntax problem from #71139
2019-11-08 04:13:58 +00:00
Matthew Bauer
c403d66b85
Merge pull request #71825 from AIDEA775/fix/zsh-syntax-highlighting
nixos/zsh-syntax-highlighting: Fix highlighting when ohMyZsh is enabled
2019-11-07 17:29:57 -05:00
Philip Potter
ce7d4e40f0
ssh-agent: fix syntax problem from #71139
Oops, in #71139 a missing `+` broke things quite badly.  Thanks @lzorkin for the
report and @mebubo for diagnosing the problem.
2019-11-07 22:13:18 +00:00
Matthew Bauer
03f8acabc8
Merge pull request #71408 from f--t/fix/x11-services
Fix nixos x11 service logging for ssdm and xmonad
2019-11-07 17:03:52 -05:00
Enno Lohmeier
fc7070d133
nixos/containers: fix handling of cfg.additionalCapabilities 2019-11-07 20:35:17 +01:00
Bjørn Forsman
2c09cfc097 nixos-rebuild: add explicit option to enable (remote) sudo
Add --use-remote-sudo option. When set, remote commands will be prefixed
with 'sudo'. This allows using sudo remotely _without_ having to use
sudo locally (when using --build-host/--taget-host).
2019-11-07 17:03:12 +01:00
worldofpeace
7c716705fd
Merge pull request #72369 from worldofpeace/corefonts-drop
nixos/fontconfig-ultimate: remove
2019-11-07 00:13:14 +00:00
Aaron Andersen
c22e76e450
Merge pull request #71605 from aanderse/redmine-cleanup
redmine: drop 3.4.x package, 4.0.4 -> 4.0.5
2019-11-06 18:02:48 -05:00
Silvan Mosberger
d34194badd
nixos/networkmanager: fix merging options (#72916)
nixos/networkmanager: fix merging options
2019-11-06 23:34:40 +01:00
Aaron Andersen
dec234f986
Merge pull request #72789 from aanderse/httpd-again
nixos/httpd: module cleanup
2019-11-06 16:04:38 -05:00
Jan Tojnar
894fdfaf1f
nixos/networkmanager: fix merging options
Incorrect merging of modules resulted in dhcpcd being enabled causing flaky network connection.

https://github.com/NixOS/nixpkgs/pull/64364

Fixing it uncovered an infinite recursion from the same commit, previously masked by the incorrect merge.

We can just drop the `mkDefault` for `networking.wireless.enable` as it is already `false` by default.

Closes: https://github.com/NixOS/nixpkgs/issues/72416
2019-11-06 21:26:03 +01:00
worldofpeace
473cd0d4ba nixos/gnome3: add gnome-flashback to systemd.packages
When we did the revert of adding gnome-flashback to systemd.packages [0]
I forgot to test with other display managers. If we use GDM with gnome-flashback
it appears it doesn't try to fallback to non-systemd startup and always fails and
starts the regular gnome-session. So adding gnome-flashback to systemd.packages
was perfectly fine, but we did forgot one detail. We need systemd targets for the
customSessions which is added using  mkSystemdTargetForWm in the gnome-
flashback package.

[0]: 42f567b30d
2019-11-06 15:15:11 -05:00
Jan Tojnar
3f2a425da3
Merge branch 'staging-next' into staging 2019-11-06 18:10:57 +01:00
worldofpeace
070fbc350c nixos/fontconfig-ultimate: remove
This module has been obsolete for several years now.
2019-11-06 12:02:35 -05:00
Maximilian Bosch
abe853b84c
Merge pull request #70336 from abbradar/synapse-ipv6
matrix-synapse service: blacklist local IPv6 addresses by default
2019-11-06 13:14:04 +01:00
worldofpeace
3485204442 nixos/corefonts: remove
4 years ago in 7edb27b7af the option was made
hidden. We should just remove the module and use mkRemovedOptionModule.
2019-11-06 02:47:00 -05:00
Izorkin
9a27acedda nixos/phpfpm: fix apply global phpOptions 2019-11-05 23:22:30 +03:00
EEva (JPotier)
9b78e5f35d vault: fix config when file backend is used
When the option services.vault.storageBackend is set to "file", a
systemd.tmpfiles.rules was added, with extraneous []. These are not
needed and have been removed.
2019-11-05 16:54:34 +01:00
Colin L Rice
c861f8083d sd-image: Add the compressed file path for hydra.
This makes the nixos on arm user instructions work again.
2019-11-05 10:10:51 -05:00
Florian Klink
c3566c7a4f
Merge pull request #70352 from wucke13/systemd-importd
systemd: add systemd-importd
2019-11-05 15:42:44 +01:00
Eelco Dolstra
aa98348f88
jormungandr: Remove
This is a good example of a package/module that should be distributed
externally (e.g. as a flake [1]): it's not stable yet so anybody who
seriously wants to use it will want to use the upstream repo. Also,
it's highly specialized so NixOS is not really the right place at the
moment (every NixOS module slows down NixOS evaluation for everybody).

[1] https://github.com/edolstra/jormungandr/tree/flake
2019-11-05 15:00:58 +01:00
Robin Gloster
db502b034f
Merge pull request #71139 from philandstuff/ssh-agent-pkcs11-whitelist
ssh-agent: add agentPKCS11Whitelist option
2019-11-04 22:16:06 +01:00
Gabriel Ebner
cb8423d19b
Merge pull request #72698 from gebner/digimend-drivers
digimend drivers for graphics tablets
2019-11-04 21:19:06 +01:00
Marek Mahut
e51f707437
Merge pull request #72729 from mmahut/trac
nixos/trac: init
2019-11-04 17:53:49 +01:00
Aaron Andersen
5c3715379d nixos/httpd: allow user to specify a minimal list of apache modules 2019-11-04 11:21:20 -05:00
Max Veytsman
de1cbcc692 nixos/nat: fix typo in comment
This iptables directive is marking packets coming from the internal interfaces so they can later be NATed by the rule in 22378e6996/nixos/modules/services/networking/nat.nix (L38-L42) .

Fix the comment accordingly.
2019-11-04 17:00:22 +01:00
Linus Heckemann
6f41b1c842
Merge pull request #68193 from chkno/nixos-option-rewrite
nixos-option C++ rewrite with --all
2019-11-04 16:55:04 +01:00
Chuck
1e7985942b snake_case -> camelCase 2019-11-04 15:11:45 +01:00
Chuck
445145d5b9 Support aggregate types attrsOf and listOf 2019-11-04 15:11:45 +01:00
Chuck
a3e31df4d7 (clang-format for has_example) 2019-11-04 15:11:45 +01:00
Chuck
57a5752300 Add maintainer 2019-11-04 15:11:45 +01:00
Chuck
5646240870 Only print example when there is one 2019-11-04 15:11:45 +01:00
Chuck
4d17d5b31f snake_case -> camelCase 2019-11-04 15:11:45 +01:00
Chuck
84d55716a9 Don't print header on stderr
Automated consumers can use 'sed 1d' or similar to remove this header.

This probably makes this output *easier* to consume correctly.  Having
this header show up in consumers' terminal or log output is probably not
useful, but hiding it without hiding all error messages would have been
more troublesome that just stripping it from stdout.

I.e., previously, unsophisticated use would show undesired output:
  $ some-other-tool
  This attribute set contains:
  This attribute set contains:
  This attribute set contains:
  This attribute set contains:
  <Actual some-other-tool output>

The simplest way to hide this undesired output would have been
nixos-option ... 2>/dev/null, which would hide all error messages.
We do not wish to encourage that.

Correct use would have been something like:
  nixos-option ... 2> >( grep --line-buffered -v 'This attribute set contains:')

After this change, correct use is simpler:
  nixos-option ... | sed 1d
or
  nixos-option ... | sed '1/This attribute set contains:/d'
if the caller don't know if this invocation of nixos-option will yield
an attribute listing or an option description.
2019-11-04 15:11:45 +01:00
Chuck
2ddd2d0760 Explain why header goes on stderr 2019-11-04 15:11:45 +01:00
Chuck
94a068fe36 Pass values by reference
Switch from convention "appease clang-tidy --checks='*'" to
"References are like non-nullptr pointers".  The clang-tidy check
"google-runtime-references" complains about non-const reference
arguments, but this is not a convention used in Nix.
2019-11-04 15:11:45 +01:00
Chuck
3d3ce8df7f Pass Context by reference
Switch from convention "appease clang-tidy --checks='*'" to
"References are like non-nullptr pointers".  The clang-tidy check
"google-runtime-references" complains about non-const reference
arguments, but this is not a convention used in Nix.
2019-11-04 15:11:45 +01:00
Chuck
c967e3fd3e Hold state and autoArgs by reference
Switch from convention "appease clang-tidy --checks='*'" to
"References are like non-nullptr pointers".  The clang-tidy check
"google-runtime-references" complains about non-const reference
arguments, but this is not a convention used in Nix.
2019-11-04 15:11:45 +01:00
Chuck
c457766a1f Use std::get_if 2019-11-04 15:11:45 +01:00
Chuck
88183eb484 Per reviewer request, cast the other side.
I don't think this matters.  As long as one or the other of these is
a std::string, I get an operator== that looks at content rather than
pointer equality.  I picked casting the constant over casting the dynamic
thing in hopes that the compiler would have a better chance at optimizing
away any runtime cost.

Deferring to reviewer.
2019-11-04 15:11:45 +01:00
Chuck
aa8e1d5f1e Always say which path component had trouble 2019-11-04 15:11:45 +01:00
Chuck
c352bfeaf0 Switch from east const to west const
For consistency with the Nix C++ convention.

:~(
2019-11-04 15:11:45 +01:00
Chuck
b8db81573a Support submodules (Fixes #13121) 2019-11-04 15:11:45 +01:00
Chuck
88349921a4 clang-format 2019-11-04 15:11:45 +01:00
Chuck
6b405f9789 Fix missing "using ThrownError" 2019-11-04 15:11:45 +01:00
Chuck
0adf77e2ee Narrow the «not defined» check to just ThrownError 2019-11-04 15:11:45 +01:00
Chuck
c7c684aaa3 Preserve type of rethrown exceptions 2019-11-04 15:11:45 +01:00
Chuck
d89ccc1554 Correct syntax for license specification 2019-11-04 15:11:45 +01:00
Chuck
2336982957 Add license
This is important because this contains some code copied from nix (as an
interim expediency until that functionality can be exported via nix's
API).  The license specified here must be compatible with this borrowing.
Select the same license that nix is released under: lgpl2Plus.
2019-11-04 15:11:45 +01:00
Chuck
f3eedb6020 Parallel build is the default, so no need to specify 2019-11-04 15:11:45 +01:00
Chuck
e1ecc2b6c1 Remove list sorting 2019-11-04 15:11:45 +01:00
Chuck
36c00c1080 Use format strings, not concatenation, in error messages 2019-11-04 15:11:44 +01:00
Chuck
4af8dbf896 Reformat for 4-space indentation
Specifically, with
  clang-format --style='{ IndentWidth: 4, BreakBeforeBraces: Mozilla, ColumnLimit: 120, PointerAlignment: Middle }'
which was the clang-format invocation that produced the fewest diffs on
the nix source out of ~20 that I tried.
2019-11-04 15:11:44 +01:00
Chuck
74f05df671 nixos/nixos-option: Fix references to old name 2019-11-04 15:11:44 +01:00
Chuck
26c45dfec2 nixos/nixos-option: Show options' types #27920 2019-11-04 15:11:44 +01:00
Chuck
59c5bfc86b nixos/nixos-option: Rewrite in a more suitable language
Also add --all, which shows the value of all options.  Diffing the --all
output on either side of contemplated changes is a lovely way to better
understand what's going on inside nixos.
2019-11-04 15:11:44 +01:00
Aaron Andersen
9c28599bfe nixos/httpd: drop stateDir option, hardcode to /run/httpd 2019-11-04 07:32:28 -05:00
Marcello Sylvester Bauer
d6169284c4 nixos/libinput: apply options to all device types
Instead of assign the libinput options to touchpad devices only, it
should be appied by any device using libinput.
Due to the fact that `40-libinput.conf` already defines libinput as
driver for any detected input device, we can use `MatchDriver` to appy
options.
2019-11-04 13:02:08 +01:00
Wout Mertens
59e731b0ac
Merge pull request #55645 from eonpatapon/qemu-vm-drives
nixos/qemu-vm: declarative drives
2019-11-04 08:30:37 +01:00
Marek Mahut
794c919765
Merge pull request #68327 from mmilata/moin
nixos/moinmoin: init module
2019-11-03 21:36:12 +01:00
Gabriel Ebner
c2b54c59e8 nixos/digimend: init module 2019-11-03 17:32:46 +01:00
Matthew Bauer
88e69097fa
Merge pull request #72664 from contrun/patch-2
pam_mount: change order of lines in pam_mount.conf
2019-11-03 11:31:39 -05:00
Marek Mahut
f3b8d9bae3 nixos/trac: service init 2019-11-03 17:24:08 +01:00
Benjamin Hipple
3d73b6db85 nixos/nginx: update comment
It says Apache, but this is for Nginx; looks like a copy-paste error.
2019-11-03 10:22:56 -05:00
worldofpeace
4e2161f9ed nixos/xdg/sounds: add sound-theme-freedesktop 2019-11-03 10:19:26 -05:00
worldofpeace
4bdbbc1b33 nixos/gnome3: add sound-theme-freedesktop
I've noticed a similar issue in Pantheon, without this
sound theme installed there's no system sounds.
I believe it's because the gnome theme and the pantheon
theme inherit this one.
2019-11-03 10:19:25 -05:00
Alex Rice
66611546f0 brillo: init at 1.4.8 2019-11-03 14:42:43 +01:00
Renaud
266d3dd7f6
Merge pull request #72187 from Izorkin/netdata-fix
nixos/netdata: add which to path
2019-11-03 14:06:51 +01:00
Renaud
a5807e79c9
Merge pull request #71507 from SRGOM/patch-11
nixos/x11/libinput: Document values for option
2019-11-03 12:30:09 +01:00
Peter Hoeg
8bddbbaf84
Merge pull request #72404 from peterhoeg/u/displaylink
displaylink: make it work!
2019-11-03 14:19:41 +08:00
B YI
f40f98a732
pam_mount: change order of lines in pam_mount.conf
Change order of pam_mount.conf.xml so that users can override the preset configs.

My use case is to mount a gocryptfs (a fuse program) volume. I can not do that in current order.

Because even if I change the `<fusermount>` and `<fuserumount>` by add below to extraVolumes
```
<fusemount>${pkgs.fuse}/bin/mount.fuse %(VOLUME) %(MNTPT) "%(before=\"-o \" OPTIONS)"</fusemount>
<fuseumount>${pkgs.fuse}/bin/fusermount -u %(MNTPT)</fuseumount>
```
mount.fuse still does not work because it can not find `fusermount`. pam_mount will told stat /bin/fusermount failed.

Fine, I can add a `<path>` section to extraVolumes
```
<path>${pkgs.fuse}/bin:${pkgs.coreutils}/bin:${pkgs.utillinux}/bin</path>
```
but then the `<path>` section is overridden by the hardcoded `<path>${pkgs.utillinux}/bin</path>` below. So it still does not work.
2019-11-03 12:43:01 +08:00
Maximilian Bosch
e017e96f76
Merge pull request #72612 from danielfullmer/gpg-agent-pinentry-doc-fix
nixos-generate-config: Fix incorrectly named option
2019-11-02 21:43:42 +01:00
wucke13
29ac226225 systemd: adding support for systemd-importd
Adding `systemd-importd` to the build, so that `machinectl`s `import-.*`
may actually do anything. Currently they fail with

```
Failed to transfer image: The name org.freedesktop.import1 was not provided by any .service files
```
as `systemd-importd` is not built. Also registers the regarding dbus
api and service in the systemd module.
2019-11-02 21:33:18 +01:00
Daniel Fullmer
c7b123a81a nixos-generate-config: Fix incorrectly named option
This appears to be a typo from c2576266ba
2019-11-02 15:46:16 -04:00
Andreas Rammhold
5d5b1405a7
Merge pull request #68483 from chkno/optional-home-bin-in-path
nixos/shells-environment: Make ~/bin/ in $PATH optional
2019-11-02 14:27:24 +01:00
Jörg Thalheim
b55a7a3a57
ec2-utils: init at 0.5.1, include in amazon-image profile (#67347)
ec2-utils: init at 0.5.1, include in amazon-image profile
2019-11-01 20:57:44 +00:00
Marek Mahut
43a0b4b31f
Merge pull request #72415 from 1000101/trickster
nixos/trickster: init
2019-11-01 15:39:50 +01:00
worldofpeace
a0b037b863
Merge pull request #72391 from urkud/gnupg-pinentry-gnome3
nixos/gnupg: add dbus dependencies for gnome3 pinentry
2019-11-01 13:02:21 +00:00
Yury G. Kudryashov
7240566f74 nixos/gnupg: add dbus dependencies for gnome3 pinentry 2019-11-01 08:58:11 -04:00
Silvan Mosberger
dd0a47e7ae
treewide: Switch to system users (#71055)
treewide: Switch to system users
2019-11-01 13:26:43 +01:00
Jan Hrnko
9b0aefac86 nixos/trickster: init 2019-11-01 10:57:29 +01:00
Renaud
e69fd930ed
Merge pull request #72193 from Ma27/bump-nexus
nexus: 3.18.1-01 -> 3.19.1-01
2019-11-01 08:55:24 +01:00
Peter Hoeg
d936b17d14 nixos/displaylink: write out required xorg.conf fragment
Invoke xrandr to actually connect the device.

Additionally, we let systemd create the logs directory and use our module loader
instead of handling it manually.
2019-11-01 13:06:28 +08:00
ShaRose
9e2308ed80 nixos/dnsdist: Add CAP_NET_BIND_SERVICE to AmbientCapabilities
It seems that dnsdist doesn't actually request CAP_NET_BIND_SERVICE, which is why normally it's executed and root and setuids to another, unprivileged, user. This means that as it is, dnsdist will be unable to bind to any port under 1024 and will fail with access denied.

Removing CAP_SETGID and CAP_SETUID is also related to this as we don't actually change the uid or gid after the fact as we use DynamicUser. (That part isn't strictly NEEDED but there's no reason to have those capabilities if we don't use them).

There are also some additional sandboxing we can remove from the service definition as they are assumed true or strict by DynamicUser: specifically PrivateTmp and ProtectSystem respectively.

ProtectHome is still there, despite being assumed read-only as setting it to true means they are seen as empty. I don't think it really matters as I don't know if systemd will ignore it or not, but I didn't see any reason to go hunting for excuses to make it a bigger change.
2019-10-31 13:27:55 -02:30
worldofpeace
d5c639c545
Merge pull request #72281 from peterhoeg/f/geoclue
nixos/geoclue: minor cleanups
2019-10-31 13:58:25 +00:00
Peter Hoeg
0838d6d4cd nixos/geoclue: add worldofpeace as maintainer 2019-10-31 09:57:20 -04:00
Graham Christensen
cda4a36eda
Merge pull request #72186 from AmineChikhaoui/ec2-19-09-amis
ec2-amis.nix: add 19.09 amis
2019-10-31 11:13:11 +01:00
Marek Mahut
392b12f252
Merge pull request #72089 from prusnak/trezor-udev-rules
trezor-udev-rules: init at unstable-2019-07-17
2019-10-31 10:48:48 +01:00
Jörg Thalheim
c91a1be877
nixos/orangefs: init at 2.9.7, add modules and test (#67591)
nixos/orangefs: init at 2.9.7, add modules and test
2019-10-31 09:27:14 +00:00
adisbladis
3af4f88acd
nixos.pulseaudio: Remove bad recommendation to use pulseaudio in system-wide mode
Upstream Pulseaudio has always stated that system-wide is not
recommended and comes with a number of usability and security drawbacks.
2019-10-30 16:00:08 +00:00
Pavol Rusnak
d124858efe
trezor-udev-rules: init at unstable-2019-07-17 2019-10-30 15:15:22 +01:00
Florian Klink
992035cff0
Merge pull request #72007 from NinjaTrappeur/nin-acme-custom-dir-uri
nixos/acme: Custom ACME endpoint
2019-10-30 12:17:51 +01:00
Félix Baylac-Jacqué
5671fa2396 nixos/modules/security/acme.nix: add server option
Add a new option permitting to point certbot to an ACME Directory
Resource URI other than Let's Encrypt production/staging one.

In the meantime, we are deprecating the now useless Let's Encrypt
production flag.
2019-10-30 11:08:12 +01:00
Yury G. Kudryashov
1105cec98d gnupg: fix pinentry in sway (fix a typo in 3c39093c0d) 2019-10-30 02:00:39 -04:00
Aaron Andersen
722b99beb9
Merge pull request #69342 from Kiwi/matomo-updates
Matomo (module, package) updates
2019-10-29 23:09:27 -04:00
Peter Hoeg
d7ebe00453 nixos/geoclue: minor cleanups
- spawn the geoclue-agent directly instead of running it via bash
 - document why we cannot use DynamicUser = true
 - have systemd create the home directory instead of using an explicit
   tmpfiles.d fragment
2019-10-30 10:50:52 +08:00
Silvan Mosberger
90e30394f5
go-shadowsocks2: init at 0.0.11 (#67516)
go-shadowsocks2: init at 0.0.11
2019-10-30 01:05:59 +01:00
Robin Gloster
3c39093c0d
gnupg: fix pinentry on sway 2019-10-29 20:30:23 +01:00
Evils-Devils
5a78ce30d4 Fancontrol: add test etc from #70933 (#72065)
* lm_sensors: add fancontrol module + nixos test

fancontrol is a small script that checks temperature sensors and adapts
fan speeds accordingly. It reads a text config file that can be
auto-generated by running the pwmconfig wizard on the live system.
2019-10-29 15:06:32 +01:00
Maximilian Bosch
df7727042f
nexus: 3.18.1-01 -> 3.19.1-01
Relevant release notes:

* https://help.sonatype.com/repomanager3/release-notes/2019-release-notes#id-2019ReleaseNotes-RepositoryManager3.19.1
* https://help.sonatype.com/repomanager3/release-notes/2019-release-notes#id-2019ReleaseNotes-RepositoryManager3.19.0

Also added `preferLocalBuild = true;` to prevent builds on remote
machines as this only means elevated network access (tarball is fetched
locally and uploaded to the builder) and the build is fairly trivial.

To fix the startup I had to add the JVM parameter `java.endorsed.dirs`
to ensure that all libraries are loaded properly[1].

[1] https://issues.sonatype.org/browse/NEXUS-21603
2019-10-28 21:34:55 +01:00
Maximilian Bosch
47724fc77c
nixos/networkd: add ipv4-fallback and fallback as valid options to LinkLocalAddressing
Both options were introduced in systemd v243[1]. Those options can be
used to ensure that LinkLocalAddressing is only configured for a given
interface if DHCPv4 fails. To quote `systemd.network(5)`:

```
If "fallback" or "ipv4-fallback" is specified, then an IPv4
link-local address is configured only when DHCPv4 fails. If "fallback", an IPv6 link-local
address is always configured, and if "ipv4-fallback", the address is not configured. Note
that, the fallback mechanism works only when DHCPv4 client is enabled, that is, it requires
"DHCP=yes" or "DHCP=ipv4".
```

[1] 8bc17bb3f7
2019-10-28 20:51:17 +01:00
Izorkin
001b3d5764 nixos/netdata: add which to path 2019-10-28 21:20:57 +03:00
AmineChikhaoui
dc13a7f26a
ec2-amis.nix: add 19.09 amis
replace /home/deploy -> $HOME to allow running the script from outside
the bastion.
2019-10-28 14:04:20 -04:00
caadar
028dacdcfb cups: fix misleading comment 2019-10-28 16:48:34 +01:00
talyz
d5db11ccbd nixos/gitlab: Remove the old lib symlink in the state directory
Also, remove the old and unused PermissionsStartOnly definition in the
gitlab-workhorse systemd service.
2019-10-28 14:56:37 +01:00