Commit graph

2938 commits

Author SHA1 Message Date
Joachim Fasting
a88a6bc676 nixos: additional hardening for dnscrypt-proxy
- Run as unprivileged user/group via systemd, obviating the need to
  specify capabilities, etc.
- Run with private tmp and minimal device name space
2015-06-12 15:12:33 +02:00
Joachim Fasting
823bb5dd4d nixos: implement socket-activation for dnscrypt-proxy
The socket definition is derived from upstream with the
exception that it does not depend on network.target, as
this creates a cycle between basic.target and sockets.target.

The apparmor profile has been updated to account for additional
runtime dependencies introduced by enabling systemd support.
2015-06-12 15:12:33 +02:00
Joachim Fasting
dfe20de782 nixos: permit dnscrypt-proxy service to read basic user/group info
If nscd is not running, dnscrypt-proxy crashes without read access
to /etc/{password,group,nsswitch.conf}.
2015-06-12 15:12:30 +02:00
Vladimír Čunát
0b68b92062 nixos i18n.consoleFont: choose a different default
Distros often choose Terminus as the default, and it supports some
non-ASCII characters that we use in config. Fixes #8107.
2015-06-09 20:13:42 +02:00
William A. Kennington III
48381b7621 nixos-artwork: Make into a derivation and use fetchfromgithub 2015-06-08 18:32:32 -07:00
William A. Kennington III
b79a5e812a nixos/quassel: Use qt5 instead of qt4
This really speeds up building quassel daemon since qt5 can be built in
parallel while qt4 cannot.
2015-06-08 15:37:34 -07:00
William A. Kennington III
7464908ae4 Merge pull request #8232 from dezgeg/pr-installer-fix
install-cd: Include nixos-artwork to fix installer tests

With the move from storing grub images in the nixpkgs repo to storing them in the nix store, we broke the installer tests as the iso does not contain the artwork needed for the grub splash. This commit fixes the inclusion of the artwork in the iso.
2015-06-08 14:42:57 -07:00
Tuomas Tynkkynen
16165ddc38 install-cd: Include nixos-artwork to fix installer tests
Should fix at least nixos.tests.installer.simple.x86_64-linux
http://hydra.nixos.org/build/23001712:

machine# error: cannot download Encode-Locale-1.03.tar.gz from any mirror
machine# builder for ‘/nix/store/y8gbx2d2fdcvvjy1z53xksfgq66ydlx0-Encode-Locale-1.03.tar.gz.drv’ failed with exit code 1
machine# cannot build derivation ‘/nix/store/y1knci7rix3asnh2b4kfv8jhl2j99xih-perl-Encode-Locale-1.03.drv’: 1 dependencies couldn't be built
machine# cannot build derivation ‘/nix/store/7xspjwh48kg16drv1jjg5cffaqbxbp8p-perl-libwww-perl-6.05.drv’: 1 dependencies couldn't be built
machine# cannot build derivation ‘/nix/store/8qsmz3bbk1jwhh50c3i9700bkmn8ns5c-nss-cacert-3.19.1.drv’: 1 dependencies couldn't be built
machine# cannot build derivation ‘/nix/store/0rgf2l3mdszs4a989ympwc9gk2k8wq6z-nixos-artwork-e71b684.drv’: 1 dependencies couldn't be built
...
2015-06-08 19:12:59 +03:00
Jaka Hudoklin
b570c644c9 Merge pull request #8223 from offlinehacker/pkgs/rippled/update
rippled: Update to 0.28.1
2015-06-08 16:49:39 +02:00
Jaka Hudoklin
a5d0ac2003 Merge pull request #8227 from offlinehacker/nixos/consul/alerts-fix
nixos/consul: fix consul alerts enable
2015-06-08 14:34:48 +02:00
Jaka Hudoklin
161418537c rippled: Update to 0.28.1 2015-06-08 14:15:07 +02:00
Jaka Hudoklin
2e5dbc4746 Add ripple rest module 2015-06-08 13:48:23 +02:00
Jaka Hudoklin
c9da002a07 nixos/consul: fix consul alerts enable 2015-06-08 13:41:43 +02:00
Jaka Hudoklin
cc96e474d3 Merge pull request #8226 from offlinehacker/kubernetes/skydns
Add skydns module
2015-06-08 13:37:39 +02:00
Jaka Hudoklin
23504e5bf2 Add skydns module 2015-06-08 13:36:05 +02:00
Arseniy Seroka
e24eefedd6 Merge pull request #8217 from ip1981/mwlib
mwlib uses pdftk to create books
2015-06-08 14:28:12 +03:00
Jaka Hudoklin
f7a452c8c1 nixos/kubernetes: skydns integration 2015-06-08 13:15:26 +02:00
Jaka Hudoklin
392fc849e4 Update kubernetes to 0.18.0, fix module 2015-06-08 13:10:32 +02:00
Jaka Hudoklin
8b79a09f78 Merge pull request #7553 from offlinehacker/pkgs/python-packages/graphite-beacon
Add graphite beacon package and module
2015-06-08 12:17:01 +02:00
Jaka Hudoklin
509afe860b Merge pull request #7547 from offlinehacker/nixos/docker-registry/fixes
nixos/docker-registry: docker independant docker registry
2015-06-08 12:15:35 +02:00
Jaka Hudoklin
98d5b81dad nixos: add grafana module 2015-06-08 12:13:15 +02:00
Igor Pashev
d85be1cfa3 mwlib uses pdftk to create books 2015-06-08 08:35:12 +00:00
William A. Kennington III
514a9fdf87 Merge pull request #8173 from dezgeg/pr-kernel-config
kernel-config: Enable framebuffer console for BIOS systems & /proc/config.gz for ARM
2015-06-07 10:14:51 -07:00
Peter Simons
42c65fd1c9 Merge pull request #8206 from bjornfor/postfix-var-mail
nixos/postfix: make symlink /var/mail -> /var/spool/mail
2015-06-07 18:10:11 +02:00
Domen Kožar
46b05f0e08 Merge pull request #8193 from lostdj/patch-1
bittorrentsync: fix storage_path.
2015-06-07 17:53:19 +02:00
Bjørn Forsman
12e84c6378 nixos/postfix: make symlink /var/mail -> /var/spool/mail
This solves the problem of e.g. mutt not finding mail unless the user
sets MAIL=/var/spool/mail/$USER.

The default MAIL variable seems come from bash. Reasons for adding
symlink instead of changing MAIL default in bash:

- No need to rebuild world
- FHS recommends /var/mail over /var/spool/mail anyway[1]. Better fix
  NixOS mail location than change MAIL in bash to something that doesn't
  work on non-NixOS (however unlikely that users run nixpkgs bash on a
  non-NixOS distro...).

[1] http://www.pathname.com/fhs/pub/fhs-2.3.html#VARMAILUSERMAILBOXFILES
2015-06-07 10:38:11 +02:00
William A. Kennington III
ffd0539eba cacert: store ca-bundle.crt in $out/etc/ssl/certs instead of $out 2015-06-05 13:00:52 -07:00
Timofey Lagutin
714377f8dc bittorrentsync: fix storage_path.
If this path is a symlink, btsync won't be able to read it if it's not ending with "/".

As seen in f02d4ec9ed
Broken in 0539ed4771
2015-06-05 18:39:01 +03:00
Eelco Dolstra
f1d465f429 pulseaudio: Revert to regular style
Also, the NixOS module uses pulseaudioLight in order to prevent
excessive dependency bloat.
2015-06-04 14:54:54 +02:00
Eelco Dolstra
18b5bd8dca Add some info about editors 2015-06-04 14:32:10 +02:00
Eelco Dolstra
7318ff0e38 Add option ‘system.extraDependencies’ for including stuff in the system closure
Mostly useful for installer tests that don't have network access. This
generalizes virtualisation.pathsInNixDB and isoImage.storeContents.
2015-06-04 11:06:44 +02:00
Eelco Dolstra
6bf1853387 Don't include 4 editors in the minimal installation CD
Emphasis on "minimal".
2015-06-04 11:06:44 +02:00
Tuomas Tynkkynen
9c2f2bc893 kernel-config: Enable FB_VESA and FRAMEBUFFER_CONSOLE
Commit 159fed47bc (nixos/grub: Fix video display on efi) changed BIOS
systems to start in non-text mode as well. Enable FB_VESA to get a
framebuffer console on BIOS systems. Change FRAMEBUFFER_CONSOLE to 'y'
instead of the default 'm' to so the user doesn't need to manually load
the fbcon module anymore.

Other distros have similar defaults, at least on Arch:
    CONFIG_FB_VESA=y
    CONFIG_FRAMEBUFFER_CONSOLE=y
and on Ubuntu (12.04):
    CONFIG_FB_VESA=m
    CONFIG_FRAMEBUFFER_CONSOLE=y

Fixes #8139
2015-06-04 11:26:20 +03:00
Eelco Dolstra
7c6b935b60 Remove dead code 2015-06-03 16:38:52 +02:00
lethalman
d144ece04e Merge pull request #8127 from ip1981/mwlib
Add more dependencies for mwlib
2015-06-03 12:50:02 +02:00
Wout Mertens
0666ee4739 Merge pull request #6732 from oconnorr/master
Use mktemp to create temporary files to hold ssh host keys and authorized keys
2015-06-02 20:34:43 +02:00
Luca Bruno
c12e1d7278 minimal-iso: enable nixos-manual 2015-06-02 18:14:45 +02:00
Igor Pashev
95c6b835cb mwlib may use pyfribidi 2015-06-02 06:14:34 +00:00
Igor Pashev
58f6da5cc6 mwlib may use imagemagick (convert) 2015-06-02 06:06:02 +00:00
Bjørn Forsman
70cb6e67c0 nixos/apcupsd: don't evaluate event hooks at build time
Better replace the double quotes in 'echo "${commands}"' with single
quotes, to prevent the shell from doing command substitution etc. at
configuration build time.
2015-06-01 22:14:03 +02:00
Eelco Dolstra
64a41b7a90 Use nixUnstable by default 2015-06-01 18:20:28 +02:00
lethalman
3b6dbb1917 Merge pull request #7984 from rushmorem/marathon-module-update
Make it easy to override the marathon framework user
2015-06-01 17:06:50 +02:00
Peter Simons
789f20eba8 nixos release notes: document new services.openssh.moduliFile option 2015-06-01 15:20:18 +02:00
Peter Simons
d4412bf6c4 nixos release notes: document incompatible changes due to Haskell NG 2015-06-01 15:19:53 +02:00
Peter Simons
4f0d8460c0 nixos release notes: add an item about Haskell NG 2015-06-01 14:43:40 +02:00
Eelco Dolstra
7edb27b7af Hide the option fonts.enableCoreFonts
We shouldn't have options that simply enable a package.
2015-06-01 10:43:43 +02:00
William A. Kennington III
3588cd8c4e nixos/pulseaudio: Use libpulseaudio 2015-05-29 20:36:46 -07:00
William A. Kennington III
d6cbb061e3 cacert: Build directly from nss instead of our own tarball 2015-05-29 13:52:07 -07:00
William A. Kennington III
aa5d6922c5 Revert "Set boot.loader.grub.configurationLimit to 1 for gce/azure/amazon images. Setting to 0 results in empty grub config."
The issue was that grub was not building the default entry which would
leave systems unbootable. This can now be safely reverted as the default
entry is being built once again.

This reverts commit fd1fb0403c.
2015-05-29 13:26:51 -07:00
William A. Kennington III
1e98da6d99 nixos/grub: Use nixos artwork 2015-05-29 13:26:32 -07:00