Commit graph

14995 commits

Author SHA1 Message Date
worldofpeace
5efe49ce67 nixosTests.fontconfig-default-fonts: port to python 2019-11-05 19:51:48 -05:00
worldofpeace
e73c93d8e6
Merge pull request #72834 from mweinelt/pr/tests/migrate-python
nixos/tests: migrate my tests to python
2019-11-05 21:33:50 +00:00
Jan Hrnko
23340a21b6 nixos/trezord: port test to python 2019-11-05 21:45:12 +01:00
Jan Hrnko
5768950f01 nixos/trac: port test to python 2019-11-05 21:45:02 +01:00
Jan Hrnko
6465a56d38 nixos/metabase: port test to python 2019-11-05 21:44:51 +01:00
Izorkin
9a27acedda nixos/phpfpm: fix apply global phpOptions 2019-11-05 23:22:30 +03:00
Jacek Galowicz
d6b7a9909e nixos/firefox: Port integration test to python 2019-11-05 18:07:05 +01:00
Jacek Galowicz
45b339b736 nixos/tests: Implement python test-driver version of getWindowNames and waitForWindow 2019-11-05 18:07:05 +01:00
Jacek Galowicz
fdb72f68ad nixos/matrix-synapse: Port integration test to python 2019-11-05 18:07:04 +01:00
Jacek Galowicz
9c54658226 nixos/tests: Implement python test-driver version of requireActiveUnit 2019-11-05 18:07:00 +01:00
Florian Klink
5fecc35bb2 nixos/vault: convert test to python 2019-11-05 16:57:08 +01:00
EEva (JPotier)
9b78e5f35d vault: fix config when file backend is used
When the option services.vault.storageBackend is set to "file", a
systemd.tmpfiles.rules was added, with extraneous []. These are not
needed and have been removed.
2019-11-05 16:54:34 +01:00
Martin Weinelt
014970bc17
nixos/knot: add myself as maintainer for test 2019-11-05 16:19:44 +01:00
Martin Weinelt
76df6d67ea
nixos/knot: port test to python 2019-11-05 16:19:40 +01:00
Martin Weinelt
e13f4057e4
nixos/babeld: port test to python 2019-11-05 16:19:35 +01:00
Colin L Rice
c861f8083d sd-image: Add the compressed file path for hydra.
This makes the nixos on arm user instructions work again.
2019-11-05 10:10:51 -05:00
Jan Tojnar
9d36ef765c
gjs: various improvements (#72805)
gjs: various improvements
2019-11-05 16:00:24 +01:00
Eelco Dolstra
50ea99cbc1
nixos/tests/quake3.nix: Remove
This was a demo of the VM testing approach in an old paper but there's
no need to keep it around.
2019-11-05 15:14:30 +01:00
Eelco Dolstra
aa98348f88
jormungandr: Remove
This is a good example of a package/module that should be distributed
externally (e.g. as a flake [1]): it's not stable yet so anybody who
seriously wants to use it will want to use the upstream repo. Also,
it's highly specialized so NixOS is not really the right place at the
moment (every NixOS module slows down NixOS evaluation for everybody).

[1] https://github.com/edolstra/jormungandr/tree/flake
2019-11-05 15:00:58 +01:00
Marijan
7d98a8ba77 nixos/simple: port test to python 2019-11-05 12:00:26 +01:00
Marijan
16d2fccfd9 nixos/nix-generate-config: port test to python 2019-11-05 12:00:26 +01:00
Marijan
1afa50aef1 nixos/fsck: port test to python 2019-11-05 12:00:26 +01:00
Marijan
04f0961627 nixos/transmission: port test to python 2019-11-05 12:00:26 +01:00
Marijan
daa97862b5 nixos/tor: port test to python 2019-11-05 12:00:26 +01:00
Marijan
b786c1be04 nixos/openssh: port test to python 2019-11-05 12:00:19 +01:00
Jan Tojnar
3d89ead7c6
gjs: move to top-level 2019-11-05 00:47:04 +01:00
Julian Stecklina
40396a7e12 nixos/zfs: convert test to python 2019-11-04 23:51:10 +01:00
Jacek Galowicz
48508da01e nixos/automysqlackup: Port test to python 2019-11-04 23:51:10 +01:00
Jacek Galowicz
986a1eb32b nixos/ammonite: Port test to python 2019-11-04 23:51:10 +01:00
Jacek Galowicz
e5ee596263 nixos/acme: Port test to python 2019-11-04 23:51:10 +01:00
Jacek Galowicz
d4a5ea5219 nixos/boot: Port test to python 2019-11-04 23:51:10 +01:00
Jana Traue
cdd4d4fadf nixos/wireguard: convert generated test to python 2019-11-04 23:51:10 +01:00
Jana Traue
baec88a119 nixos/wireguard: convert default test to python 2019-11-04 23:51:09 +01:00
Jana Traue
8b12f0ddcc nixos/quake3: convert test to python 2019-11-04 23:51:09 +01:00
Julian Stecklina
2af2d59fd6 nixos/emacs-daemon: convert test to python 2019-11-04 23:51:09 +01:00
Jana Traue
9b33b5d38c nixos/gitea: convert test to python 2019-11-04 23:51:09 +01:00
Jacek Galowicz
8eead58520 nixos/postgres: Port test to python 2019-11-04 23:51:09 +01:00
Jacek Galowicz
75d3e810d6 nixos/bittorrent: Port test to python 2019-11-04 23:51:09 +01:00
Jacek Galowicz
be48c5c571 nixos/login: Port test to python 2019-11-04 23:51:09 +01:00
Jacek Galowicz
7d19c5aaa7 nixos/test: Pythonify documentation 2019-11-04 23:50:50 +01:00
Florian Klink
ac97edf013 nixos/test: use ptpython as repl 2019-11-04 23:50:27 +01:00
Jacek Galowicz
3a28fefe7d nixos/test: Port test driver to python
Thanks @blitz and @jtraue for help with implementing machine methods
2019-11-04 23:50:27 +01:00
Robin Gloster
db502b034f
Merge pull request #71139 from philandstuff/ssh-agent-pkcs11-whitelist
ssh-agent: add agentPKCS11Whitelist option
2019-11-04 22:16:06 +01:00
Gabriel Ebner
cb8423d19b
Merge pull request #72698 from gebner/digimend-drivers
digimend drivers for graphics tablets
2019-11-04 21:19:06 +01:00
Marek Mahut
e51f707437
Merge pull request #72729 from mmahut/trac
nixos/trac: init
2019-11-04 17:53:49 +01:00
Aaron Andersen
5c3715379d nixos/httpd: allow user to specify a minimal list of apache modules 2019-11-04 11:21:20 -05:00
Max Veytsman
de1cbcc692 nixos/nat: fix typo in comment
This iptables directive is marking packets coming from the internal interfaces so they can later be NATed by the rule in 22378e6996/nixos/modules/services/networking/nat.nix (L38-L42) .

Fix the comment accordingly.
2019-11-04 17:00:22 +01:00
Linus Heckemann
6f41b1c842
Merge pull request #68193 from chkno/nixos-option-rewrite
nixos-option C++ rewrite with --all
2019-11-04 16:55:04 +01:00
Robin Gloster
754e315fb5 release-notes 20.03: added notice for rewritten nixos-option 2019-11-04 15:14:42 +01:00
Chuck
1e7985942b snake_case -> camelCase 2019-11-04 15:11:45 +01:00
Chuck
445145d5b9 Support aggregate types attrsOf and listOf 2019-11-04 15:11:45 +01:00
Chuck
a3e31df4d7 (clang-format for has_example) 2019-11-04 15:11:45 +01:00
Chuck
57a5752300 Add maintainer 2019-11-04 15:11:45 +01:00
Chuck
5646240870 Only print example when there is one 2019-11-04 15:11:45 +01:00
Chuck
4d17d5b31f snake_case -> camelCase 2019-11-04 15:11:45 +01:00
Chuck
84d55716a9 Don't print header on stderr
Automated consumers can use 'sed 1d' or similar to remove this header.

This probably makes this output *easier* to consume correctly.  Having
this header show up in consumers' terminal or log output is probably not
useful, but hiding it without hiding all error messages would have been
more troublesome that just stripping it from stdout.

I.e., previously, unsophisticated use would show undesired output:
  $ some-other-tool
  This attribute set contains:
  This attribute set contains:
  This attribute set contains:
  This attribute set contains:
  <Actual some-other-tool output>

The simplest way to hide this undesired output would have been
nixos-option ... 2>/dev/null, which would hide all error messages.
We do not wish to encourage that.

Correct use would have been something like:
  nixos-option ... 2> >( grep --line-buffered -v 'This attribute set contains:')

After this change, correct use is simpler:
  nixos-option ... | sed 1d
or
  nixos-option ... | sed '1/This attribute set contains:/d'
if the caller don't know if this invocation of nixos-option will yield
an attribute listing or an option description.
2019-11-04 15:11:45 +01:00
Chuck
2ddd2d0760 Explain why header goes on stderr 2019-11-04 15:11:45 +01:00
Chuck
94a068fe36 Pass values by reference
Switch from convention "appease clang-tidy --checks='*'" to
"References are like non-nullptr pointers".  The clang-tidy check
"google-runtime-references" complains about non-const reference
arguments, but this is not a convention used in Nix.
2019-11-04 15:11:45 +01:00
Chuck
3d3ce8df7f Pass Context by reference
Switch from convention "appease clang-tidy --checks='*'" to
"References are like non-nullptr pointers".  The clang-tidy check
"google-runtime-references" complains about non-const reference
arguments, but this is not a convention used in Nix.
2019-11-04 15:11:45 +01:00
Chuck
c967e3fd3e Hold state and autoArgs by reference
Switch from convention "appease clang-tidy --checks='*'" to
"References are like non-nullptr pointers".  The clang-tidy check
"google-runtime-references" complains about non-const reference
arguments, but this is not a convention used in Nix.
2019-11-04 15:11:45 +01:00
Chuck
c457766a1f Use std::get_if 2019-11-04 15:11:45 +01:00
Chuck
88183eb484 Per reviewer request, cast the other side.
I don't think this matters.  As long as one or the other of these is
a std::string, I get an operator== that looks at content rather than
pointer equality.  I picked casting the constant over casting the dynamic
thing in hopes that the compiler would have a better chance at optimizing
away any runtime cost.

Deferring to reviewer.
2019-11-04 15:11:45 +01:00
Chuck
aa8e1d5f1e Always say which path component had trouble 2019-11-04 15:11:45 +01:00
Chuck
c352bfeaf0 Switch from east const to west const
For consistency with the Nix C++ convention.

:~(
2019-11-04 15:11:45 +01:00
Chuck
b8db81573a Support submodules (Fixes #13121) 2019-11-04 15:11:45 +01:00
Chuck
88349921a4 clang-format 2019-11-04 15:11:45 +01:00
Chuck
6b405f9789 Fix missing "using ThrownError" 2019-11-04 15:11:45 +01:00
Chuck
0adf77e2ee Narrow the «not defined» check to just ThrownError 2019-11-04 15:11:45 +01:00
Chuck
c7c684aaa3 Preserve type of rethrown exceptions 2019-11-04 15:11:45 +01:00
Chuck
d89ccc1554 Correct syntax for license specification 2019-11-04 15:11:45 +01:00
Chuck
2336982957 Add license
This is important because this contains some code copied from nix (as an
interim expediency until that functionality can be exported via nix's
API).  The license specified here must be compatible with this borrowing.
Select the same license that nix is released under: lgpl2Plus.
2019-11-04 15:11:45 +01:00
Chuck
f3eedb6020 Parallel build is the default, so no need to specify 2019-11-04 15:11:45 +01:00
Chuck
e1ecc2b6c1 Remove list sorting 2019-11-04 15:11:45 +01:00
Chuck
36c00c1080 Use format strings, not concatenation, in error messages 2019-11-04 15:11:44 +01:00
Chuck
4af8dbf896 Reformat for 4-space indentation
Specifically, with
  clang-format --style='{ IndentWidth: 4, BreakBeforeBraces: Mozilla, ColumnLimit: 120, PointerAlignment: Middle }'
which was the clang-format invocation that produced the fewest diffs on
the nix source out of ~20 that I tried.
2019-11-04 15:11:44 +01:00
Chuck
74f05df671 nixos/nixos-option: Fix references to old name 2019-11-04 15:11:44 +01:00
Chuck
26c45dfec2 nixos/nixos-option: Show options' types #27920 2019-11-04 15:11:44 +01:00
Chuck
59c5bfc86b nixos/nixos-option: Rewrite in a more suitable language
Also add --all, which shows the value of all options.  Diffing the --all
output on either side of contemplated changes is a lovely way to better
understand what's going on inside nixos.
2019-11-04 15:11:44 +01:00
Aaron Andersen
9c28599bfe nixos/httpd: drop stateDir option, hardcode to /run/httpd 2019-11-04 07:32:28 -05:00
Marek Mahut
794c919765
Merge pull request #68327 from mmilata/moin
nixos/moinmoin: init module
2019-11-03 21:36:12 +01:00
Gabriel Ebner
c2b54c59e8 nixos/digimend: init module 2019-11-03 17:32:46 +01:00
Matthew Bauer
88e69097fa
Merge pull request #72664 from contrun/patch-2
pam_mount: change order of lines in pam_mount.conf
2019-11-03 11:31:39 -05:00
Marek Mahut
e71b1e3363 tests: adding trac 2019-11-03 17:24:22 +01:00
Marek Mahut
f3b8d9bae3 nixos/trac: service init 2019-11-03 17:24:08 +01:00
worldofpeace
4e2161f9ed nixos/xdg/sounds: add sound-theme-freedesktop 2019-11-03 10:19:26 -05:00
worldofpeace
4bdbbc1b33 nixos/gnome3: add sound-theme-freedesktop
I've noticed a similar issue in Pantheon, without this
sound theme installed there's no system sounds.
I believe it's because the gnome theme and the pantheon
theme inherit this one.
2019-11-03 10:19:25 -05:00
Alex Rice
66611546f0 brillo: init at 1.4.8 2019-11-03 14:42:43 +01:00
Renaud
266d3dd7f6
Merge pull request #72187 from Izorkin/netdata-fix
nixos/netdata: add which to path
2019-11-03 14:06:51 +01:00
Renaud
a5807e79c9
Merge pull request #71507 from SRGOM/patch-11
nixos/x11/libinput: Document values for option
2019-11-03 12:30:09 +01:00
Peter Hoeg
8bddbbaf84
Merge pull request #72404 from peterhoeg/u/displaylink
displaylink: make it work!
2019-11-03 14:19:41 +08:00
B YI
f40f98a732
pam_mount: change order of lines in pam_mount.conf
Change order of pam_mount.conf.xml so that users can override the preset configs.

My use case is to mount a gocryptfs (a fuse program) volume. I can not do that in current order.

Because even if I change the `<fusermount>` and `<fuserumount>` by add below to extraVolumes
```
<fusemount>${pkgs.fuse}/bin/mount.fuse %(VOLUME) %(MNTPT) "%(before=\"-o \" OPTIONS)"</fusemount>
<fuseumount>${pkgs.fuse}/bin/fusermount -u %(MNTPT)</fuseumount>
```
mount.fuse still does not work because it can not find `fusermount`. pam_mount will told stat /bin/fusermount failed.

Fine, I can add a `<path>` section to extraVolumes
```
<path>${pkgs.fuse}/bin:${pkgs.coreutils}/bin:${pkgs.utillinux}/bin</path>
```
but then the `<path>` section is overridden by the hardcoded `<path>${pkgs.utillinux}/bin</path>` below. So it still does not work.
2019-11-03 12:43:01 +08:00
Maximilian Bosch
e017e96f76
Merge pull request #72612 from danielfullmer/gpg-agent-pinentry-doc-fix
nixos-generate-config: Fix incorrectly named option
2019-11-02 21:43:42 +01:00
Daniel Fullmer
c7b123a81a nixos-generate-config: Fix incorrectly named option
This appears to be a typo from c2576266ba
2019-11-02 15:46:16 -04:00
Florian Klink
bb4bf2fb46
Merge pull request #72094 from lejonet/ceph-tests
nixos/ceph: Rename old ceph test and add new multi-node test
2019-11-02 14:48:42 +01:00
Andreas Rammhold
5d5b1405a7
Merge pull request #68483 from chkno/optional-home-bin-in-path
nixos/shells-environment: Make ~/bin/ in $PATH optional
2019-11-02 14:27:24 +01:00
Jörg Thalheim
b55a7a3a57
ec2-utils: init at 0.5.1, include in amazon-image profile (#67347)
ec2-utils: init at 0.5.1, include in amazon-image profile
2019-11-01 20:57:44 +00:00
Daniel Kuehn
6ac9d1fbdc
nixos/ceph: Rewrite old single-node test with new framework 2019-11-01 21:48:22 +01:00
Marek Mahut
43a0b4b31f
Merge pull request #72415 from 1000101/trickster
nixos/trickster: init
2019-11-01 15:39:50 +01:00
Jan Hrnko
4adb3dd7de nixos/trickster: add test 2019-11-01 14:10:53 +01:00
worldofpeace
a0b037b863
Merge pull request #72391 from urkud/gnupg-pinentry-gnome3
nixos/gnupg: add dbus dependencies for gnome3 pinentry
2019-11-01 13:02:21 +00:00
Yury G. Kudryashov
7240566f74 nixos/gnupg: add dbus dependencies for gnome3 pinentry 2019-11-01 08:58:11 -04:00
Daniel Kuehn
079dab7de1 Merge branch 'ceph-tests' of https://github.com/lejonet/nixpkgs into ceph-tests 2019-11-01 13:42:17 +01:00
Silvan Mosberger
dd0a47e7ae
treewide: Switch to system users (#71055)
treewide: Switch to system users
2019-11-01 13:26:43 +01:00
Daniel Kuehn
5fbf0cf5ce
nixos/ceph: Rename old ceph test and add new multi-node test to all-tests.nix 2019-11-01 13:21:04 +01:00
Jan Hrnko
9b0aefac86 nixos/trickster: init 2019-11-01 10:57:29 +01:00
Renaud
e69fd930ed
Merge pull request #72193 from Ma27/bump-nexus
nexus: 3.18.1-01 -> 3.19.1-01
2019-11-01 08:55:24 +01:00
Peter Hoeg
d936b17d14 nixos/displaylink: write out required xorg.conf fragment
Invoke xrandr to actually connect the device.

Additionally, we let systemd create the logs directory and use our module loader
instead of handling it manually.
2019-11-01 13:06:28 +08:00
ShaRose
9e2308ed80 nixos/dnsdist: Add CAP_NET_BIND_SERVICE to AmbientCapabilities
It seems that dnsdist doesn't actually request CAP_NET_BIND_SERVICE, which is why normally it's executed and root and setuids to another, unprivileged, user. This means that as it is, dnsdist will be unable to bind to any port under 1024 and will fail with access denied.

Removing CAP_SETGID and CAP_SETUID is also related to this as we don't actually change the uid or gid after the fact as we use DynamicUser. (That part isn't strictly NEEDED but there's no reason to have those capabilities if we don't use them).

There are also some additional sandboxing we can remove from the service definition as they are assumed true or strict by DynamicUser: specifically PrivateTmp and ProtectSystem respectively.

ProtectHome is still there, despite being assumed read-only as setting it to true means they are seen as empty. I don't think it really matters as I don't know if systemd will ignore it or not, but I didn't see any reason to go hunting for excuses to make it a bigger change.
2019-10-31 13:27:55 -02:30
worldofpeace
d5c639c545
Merge pull request #72281 from peterhoeg/f/geoclue
nixos/geoclue: minor cleanups
2019-10-31 13:58:25 +00:00
Peter Hoeg
0838d6d4cd nixos/geoclue: add worldofpeace as maintainer 2019-10-31 09:57:20 -04:00
Graham Christensen
cda4a36eda
Merge pull request #72186 from AmineChikhaoui/ec2-19-09-amis
ec2-amis.nix: add 19.09 amis
2019-10-31 11:13:11 +01:00
Marek Mahut
392b12f252
Merge pull request #72089 from prusnak/trezor-udev-rules
trezor-udev-rules: init at unstable-2019-07-17
2019-10-31 10:48:48 +01:00
Jörg Thalheim
c91a1be877
nixos/orangefs: init at 2.9.7, add modules and test (#67591)
nixos/orangefs: init at 2.9.7, add modules and test
2019-10-31 09:27:14 +00:00
adisbladis
3af4f88acd
nixos.pulseaudio: Remove bad recommendation to use pulseaudio in system-wide mode
Upstream Pulseaudio has always stated that system-wide is not
recommended and comes with a number of usability and security drawbacks.
2019-10-30 16:00:08 +00:00
Pavol Rusnak
d124858efe
trezor-udev-rules: init at unstable-2019-07-17 2019-10-30 15:15:22 +01:00
worldofpeace
bae09a1c39 nixosTests.fontconfig-default-fonts: re-add twitter-color-emoji 2019-10-30 15:03:26 +01:00
Florian Klink
992035cff0
Merge pull request #72007 from NinjaTrappeur/nin-acme-custom-dir-uri
nixos/acme: Custom ACME endpoint
2019-10-30 12:17:51 +01:00
Robin Gloster
a861855dfb
Merge pull request #72283 from urkud/fix-pinentry-sway
nixos/gnupg: fix pinentry in sway (fix a typo in 3c39093c0d)
2019-10-30 11:15:03 +01:00
Félix Baylac-Jacqué
781f0cf2ec nixos/tests/acme.nix: remove pebble custom endpoint patch
The recent custom endpoint addition allows us to directly point
certbot to the custom Pebble directory endpoint.

Thanks to that, we can ditch the Pebble patch we were using so far;
making this test maintenance easier.
2019-10-30 11:09:40 +01:00
Félix Baylac-Jacqué
5671fa2396 nixos/modules/security/acme.nix: add server option
Add a new option permitting to point certbot to an ACME Directory
Resource URI other than Let's Encrypt production/staging one.

In the meantime, we are deprecating the now useless Let's Encrypt
production flag.
2019-10-30 11:08:12 +01:00
Frederik Rietdijk
91a714000a nixos manual: refer to nix and nixpkgs manuals 2019-10-30 10:25:09 +01:00
Frederik Rietdijk
70bb2e4151 nixos manual: have a toc for each part and chapter
to be inline with the Nixpkgs manual. This makes navigating to
particular sections easier.
2019-10-30 10:25:09 +01:00
Frederik Rietdijk
d727754d9a nixos manual: move preface into own file 2019-10-30 10:25:09 +01:00
Frederik Rietdijk
227dff4e70 nixos manual: reduce toc depth
to reduce the amount of information presented.
2019-10-30 10:25:09 +01:00
Yury G. Kudryashov
1105cec98d gnupg: fix pinentry in sway (fix a typo in 3c39093c0d) 2019-10-30 02:00:39 -04:00
Aaron Andersen
722b99beb9
Merge pull request #69342 from Kiwi/matomo-updates
Matomo (module, package) updates
2019-10-29 23:09:27 -04:00
Peter Hoeg
d7ebe00453 nixos/geoclue: minor cleanups
- spawn the geoclue-agent directly instead of running it via bash
 - document why we cannot use DynamicUser = true
 - have systemd create the home directory instead of using an explicit
   tmpfiles.d fragment
2019-10-30 10:50:52 +08:00
Silvan Mosberger
90e30394f5
go-shadowsocks2: init at 0.0.11 (#67516)
go-shadowsocks2: init at 0.0.11
2019-10-30 01:05:59 +01:00
Martin Milata
605379bc62
nixos/matomo: add test 2019-10-29 21:02:39 +00:00
Robin Gloster
3c39093c0d
gnupg: fix pinentry on sway 2019-10-29 20:30:23 +01:00
Evils-Devils
5a78ce30d4 Fancontrol: add test etc from #70933 (#72065)
* lm_sensors: add fancontrol module + nixos test

fancontrol is a small script that checks temperature sensors and adapts
fan speeds accordingly. It reads a text config file that can be
auto-generated by running the pwmconfig wizard on the live system.
2019-10-29 15:06:32 +01:00
Daniel Kuehn
47604c7026
nixos/ceph: Rewrite test to take all important values from a single attrset 2019-10-29 15:00:28 +01:00
Frederik Rietdijk
980d658fbd nixos.tests.fontconfig-default-fonts: remove twitter-color-emoji 2019-10-29 13:53:04 +01:00
Maximilian Bosch
df7727042f
nexus: 3.18.1-01 -> 3.19.1-01
Relevant release notes:

* https://help.sonatype.com/repomanager3/release-notes/2019-release-notes#id-2019ReleaseNotes-RepositoryManager3.19.1
* https://help.sonatype.com/repomanager3/release-notes/2019-release-notes#id-2019ReleaseNotes-RepositoryManager3.19.0

Also added `preferLocalBuild = true;` to prevent builds on remote
machines as this only means elevated network access (tarball is fetched
locally and uploaded to the builder) and the build is fairly trivial.

To fix the startup I had to add the JVM parameter `java.endorsed.dirs`
to ensure that all libraries are loaded properly[1].

[1] https://issues.sonatype.org/browse/NEXUS-21603
2019-10-28 21:34:55 +01:00
Maximilian Bosch
47724fc77c
nixos/networkd: add ipv4-fallback and fallback as valid options to LinkLocalAddressing
Both options were introduced in systemd v243[1]. Those options can be
used to ensure that LinkLocalAddressing is only configured for a given
interface if DHCPv4 fails. To quote `systemd.network(5)`:

```
If "fallback" or "ipv4-fallback" is specified, then an IPv4
link-local address is configured only when DHCPv4 fails. If "fallback", an IPv6 link-local
address is always configured, and if "ipv4-fallback", the address is not configured. Note
that, the fallback mechanism works only when DHCPv4 client is enabled, that is, it requires
"DHCP=yes" or "DHCP=ipv4".
```

[1] 8bc17bb3f7
2019-10-28 20:51:17 +01:00
Izorkin
001b3d5764 nixos/netdata: add which to path 2019-10-28 21:20:57 +03:00
AmineChikhaoui
dc13a7f26a
ec2-amis.nix: add 19.09 amis
replace /home/deploy -> $HOME to allow running the script from outside
the bastion.
2019-10-28 14:04:20 -04:00
caadar
028dacdcfb cups: fix misleading comment 2019-10-28 16:48:34 +01:00
talyz
d5db11ccbd nixos/gitlab: Remove the old lib symlink in the state directory
Also, remove the old and unused PermissionsStartOnly definition in the
gitlab-workhorse systemd service.
2019-10-28 14:56:37 +01:00
talyz
041cbd860d nixos/gitlab: Abort on error and use of unset variables
Default behavior is to continue executing the script even when one or
multiple steps fail. We want to abort early if any part of the
initialization fails to not run with a partially initialized state.

Default behavior also allows dereferencing non-existent variables,
potentially resulting in hard-to-find bugs.
2019-10-28 14:56:37 +01:00
Silvan Mosberger
13b893fd9a
Merge pull request #72140 from alunduil/add-zfs-replication-to-module-list
nixos/zfs: add autoReplication to module list
2019-10-28 12:33:15 +01:00
Franz Pletz
5d22f7afe1
nixos/acme: fix staging endpoint url
fixes #72067
2019-10-28 10:12:39 +01:00
Linus Heckemann
e7a6123a07
Merge pull request #72080 from Infinisil/znapzend-improvements
Znapzend improvements
2019-10-28 09:43:49 +01:00
Robert Djubek
6ea626d3e2
nixos/matomo: fix deprecation warnings
Fixes the phpfpm deprecation warnings about listen and extraConfig by
using fpm.socket and settings. Removes phpfpmProcessManagerConfig.
2019-10-28 05:07:27 +00:00
Alex Brandt
a2d83bf8b9 nixos/zfs: add autoReplication to module list 2019-10-27 22:03:21 -07:00
Daniel Kuehn
db0787c87a nixos/ceph: Reduce RAM allocation for the test machines and change the sharing of the admin keyring to the shared directory instead of netcat 2019-10-27 16:56:52 +01:00
Frederik Rietdijk
059a572616 Merge staging-next into staging 2019-10-27 15:28:19 +01:00
Daniel Kuehn
916520151e nixos/ceph: Rename old ceph test and add new multi-node test
Rename the old ceph test to ceph-single-node and add a new test
ceph-multi-node. The ceph-single-node represents a dev cluster whereas
ceph-multi-node is closer to a prod cluster.
2019-10-27 13:46:05 +01:00
Silvan Mosberger
f124b7addc
nixos/znapzend: Increase starting timeout 2019-10-27 12:29:31 +01:00
Silvan Mosberger
698dfed2e6
nixos/znapzend: Add options for features 2019-10-27 12:06:18 +01:00
Silvan Mosberger
de357d5781
Merge pull request #65698 from Infinisil/system-users
Increase the system user id range
2019-10-27 10:41:39 +01:00
Silvan Mosberger
5532065d06
nixos/acme: Fix allowKeysForGroup not applying immediately
Previously setting `allowKeysForGroup = true; group = "foo"` would not
apply the group permission change of the certificates until the service
gets restarted. This commit fixes this by making systemd restart the
service every time it changes.

Note that applying this commit to a system with an already running acme
systemd service doesn't fix this immediately and you still need to wait
for the next refresh (or call `systemctl restart acme-<domain>`). Once
everybody's service has restarted once this should be a problem of the
past.
2019-10-27 00:49:32 +02:00
Aaron Andersen
33474166e3
Merge pull request #69436 from tshaynik/fix/nextcloud-nginx-sts
nixos/nextcloud: add Strict-Transport-Security
2019-10-26 12:34:36 -04:00
Aaron Andersen
50e5139893 redmine: drop 3.4.x package 2019-10-26 10:40:16 -04:00
Franz Pletz
a8fccf2172
Merge pull request #72000 from flokli/virtualbox-vboxnet0-systemd-networkd-wait-online-service
nixos/virtualbox: fix systemd-networkd-wait-online.service waiting for vboxnet0
2019-10-26 13:01:47 +00:00
Gemini Lasswell
d6549a2c42 nixos/yggdrasil: remove DynamicUser for systemd 243 2019-10-26 13:51:31 +02:00
Gemini Lasswell
b8cb8c39d6 nixos/yggdrasil: add service 2019-10-26 13:51:31 +02:00
Aaron Andersen
2921e8a82a
Merge pull request #71789 from tomfitzhenry/openarena-server
openarena: add module and test
2019-10-26 07:48:19 -04:00
Elias Probst
8d8c3cadd6 Fix typo in message (vswichtesvswitches) 2019-10-26 13:26:01 +02:00
Florian Klink
32fd88726b nixos/virtualbox: fix systemd-networkd-wait-online.service waiting for vboxnet0
While switching NixOS configurations with both

networking.useNetworkd = true;
virtualisation.virtualbox.host.enable;

You often end up waiting for systemd-networkd-wait-online.service.

This happens because the vboxnet0 device doesn't have a carrier until
virtualbox machines are started, so networkd gets stuck in
"Configuring":

⇒  networkctl list
IDX LINK          TYPE      OPERATIONAL SETUP
  1 lo            loopback  carrier     unmanaged
  2 wlp2s0        wlan      routable    unmanaged
  3 vboxnet0      ether     no-carrier  configuring

This updates the NixOS virtualbox host module to include a
RequiredForOnline=no statement in the generated 40-vboxnet0.network
file, so networkd doesn't consider it necessary for
systemd-networkd-wait-online.service to finish.
2019-10-26 00:45:42 +02:00
WilliButz
509fadd01a
nixos/i18n: use str instead of string for consoleKeyMap 2019-10-26 00:07:55 +02:00
Maximilian Bosch
4a5c0e029d
Merge pull request #71963 from dtzWill/security/nextcloud17-php-and-nginx-config
Address nextcloud "urgent security issue" w/nginx per upstream recs
2019-10-25 19:12:18 +02:00
Martin Milata
ad034104cc nixos/moin: init 2019-10-25 17:51:09 +02:00
Mathieu A.-Tetreault
054ceb826e plymouth: Add extra config field
Signed-off-by: Mathieu A.-Tetreault <alexandretm@amotus.ca>
2019-10-25 11:22:45 -04:00
Maximilian Bosch
6db4ae1f27
Merge pull request #70441 from doronbehar/package-gotify-server
gotify-server: init at 2.0.10
2019-10-25 17:10:14 +02:00
Janne Heß
2abe2b2cda nixos/stunnel: Add maintainers 2019-10-25 16:19:57 +02:00
Janne Heß
4a32dbd1e1 nixos/stunnel: Fix CA files 2019-10-25 16:19:57 +02:00
Maximilian Bosch
3461ec2ffd
nixos/gotify: init module and test 2019-10-25 16:19:41 +02:00
Tom Fitzhenry
6d90d17a96 openarena: add test 2019-10-26 00:57:54 +11:00
Tom Fitzhenry
230fc22e61 openarena: add module for dedicated server 2019-10-26 00:57:54 +11:00
Jörg Thalheim
8e0563e7e6
Merge pull request #71970 from johanot/create-gce-nitpick
scripts/gce: make image name configurable
2019-10-25 14:28:06 +01:00
Will Dietz
f6c45bff6d
nixos/nextcloud: update config for "urgent security issue"
https://nextcloud.com/blog/urgent-security-issue-in-nginx-php-fpm/
2019-10-25 06:50:29 -05:00
Johan Thomsen
b263e57c57 scripts/gce: make image name configurable 2019-10-25 10:10:42 +02:00
Florian Klink
dc84a7d4e3
Merge pull request #71291 from NinjaTrappeur/nin-update-acme
simp_le: 0.9.0 -> 0.16.0
2019-10-24 16:08:02 +02:00
Frederik Rietdijk
32389de159 Merge master into staging-next 2019-10-24 08:27:04 +02:00
Eelco Dolstra
52e739cc58 nix-daemon.nix: Fix checkConfig 2019-10-23 21:30:28 +02:00
Félix Baylac-Jacqué
0c0af28cd5 nixos/tests/letsencrypt: use Pebble instead of Boulder
Let's encrypt bumped ACME to V2. We need to update our nixos test to
be compatible with this new protocol version.

We decided to drop the Boulder ACME server in favor of the more
integration test friendly Pebble.

- overriding cacert not necessary
- this avoids rebuilding lots of packages needlessly
- nixos/tests/acme: use pebble's ca for client tests
- pebble always generates its own ca which has to be fetched

TODO: write proper commit msg :)
2019-10-23 21:17:17 +02:00
Drew
6445a7cf7d users-groups: fix typo
Fix typo in the ``users.users.<name>.packages`` option description.
2019-10-23 20:49:15 +02:00
Ricardo M. Correia
4cd2cb43fb
Merge pull request #71137 from erictapen/smokeping-fix-permission
nixos/smokeping: replace smokeping.fcgi with a symlink
2019-10-23 18:19:15 +00:00
Silva Alejandro Ismael
35ae47e44b nixos/zsh-syntax-highlighting: Fix highlighting when ohMyZsh is enabled
From https://github.com/zsh-users/zsh-syntax-highlighting#faq:

"It must be sourced after all custom widgets have been created
(i.e., after all zle -N calls and after running compinit)."

zsh-syntax-highlighting must be sourced to the end.
2019-10-23 11:54:52 -03:00
Frederik Rietdijk
09c9a2de7e Merge master into staging-next 2019-10-23 16:50:09 +02:00
Félix Baylac-Jacqué
38e84151e0 certbot: 0.31.0 -> 0.39.0
Updating:

- nixos module to use the new `account_reg.json` file.
- use nixpkgs pebble for integration tests.

Co-authored-by: Florian Klink <flokli@flokli.de>

Replace certbot-embedded pebble
2019-10-23 13:12:11 +02:00
Florian Klink
c3098d182d nixos/network: remove 99-main.network
Just maching all network interfaces caused many breakages, see #18962
and #71106.

We already don't support the global networking.useDHCP,
networking.defaultGateway(6) options if networking.useNetworkd is
enabled, but direct users to configure the per-device
networking.interfaces.<name?>.… options.
2019-10-23 11:39:27 +02:00
Frederik Rietdijk
a85e58ac13 Merge master into staging-next 2019-10-23 09:38:37 +02:00
Bjørn Forsman
263a81e285 nixos-rebuild: support sudo + --target-host
This adds support for deploying to remote hosts without being root:

  sudo nixos-rebuild --target-host non-root@host

Without this change, only root@host is able to deploy.

The idea is that if the local command is run with sudo, so should the
remote one, thus there is no need for adding any CLI options.
2019-10-22 20:44:25 +02:00
Matthias Beyer
4e3aa7b7b8 mpd: restart always
Signed-off-by: Matthias Beyer <mail@beyermatthias.de>
2019-10-22 16:30:14 +02:00
Wout Mertens
59e731b0ac
Merge pull request #55645 from eonpatapon/qemu-vm-drives
nixos/qemu-vm: declarative drives
2019-11-04 08:30:37 +01:00
Aaron Andersen
43a3d8dc29
Merge pull request #71461 from etu/lidarr-specify-datadir-option
nixos/lidarr: Add dataDir option
2019-10-22 05:07:49 -04:00
Frederik Rietdijk
a456fbfeed Merge staging-next into staging 2019-10-22 09:20:03 +02:00
worldofpeace
7dc84e1824 installer: use sddm in plasma5
Slim is abandoned and won't work with wayland.
It's in our best interest to use the display-manager
that makes most sense for Plasma5, sddm.

We've already moved on from it being default in #30890
and the graphical.nix profile, which the virtualbox profile uses,
has sddm anyway.
2019-10-22 00:28:47 -04:00
worldofpeace
4f890f86fe
Merge pull request #71547 from hedning/seahorse-ssh-askpass
nixos/seahorse: Use seahorse's askpass by default
2019-10-21 21:43:52 +00:00
Malte Brandy
fe143bac5b nixos/redis: Disable hugepages for redis via sysctl and not via a systemd-oneshot 2019-10-21 22:38:16 +02:00
Florian Klink
1125fb02cc
Merge pull request #71428 from talyz/gitlab-already-initialized-constant
gitlab: Get rid of most 'already initialized constant'-warnings
2019-10-21 20:52:54 +02:00
Tor Hedin Brønner
aa910d164d nixos/seahorse: use seahorse's askpass by default 2019-10-21 18:01:15 +02:00
Franz Pletz
cc9b18f223
Merge pull request #71406 from astro/collectd
collectd: plugins configuration, buildMinimalPackage
2019-10-21 10:34:34 +00:00
edef
0599c89d58
Merge pull request #71338 from edef1c/nix-daemon-opt-aliases
nixos/nix-daemon: don't refer to deprecated option aliases
2019-10-21 09:59:13 +00:00
SRGOM
fe26d4c0df
nixos/x11/libinput: Document values for option
For option `scrollMethod`, document that there is an available value of `button`.
2019-10-21 12:46:01 +05:30
Aaron Andersen
1c4b13bb5b
Merge pull request #71067 from aanderse/httpd
nixos/httpd: remove deprecated extraSubservices option
2019-10-20 20:36:33 -04:00
Florian Klink
f24b4fb411
nixos/networkmanager: remove networking.networkmanager.dynamic… (#71337)
nixos/networkmanager: remove networking.networkmanager.dynamicHosts
2019-10-21 02:33:28 +02:00
Aaron Andersen
9a91679b7a nixos/httpd: remove deprecated extraSubservices option 2019-10-20 20:16:45 -04:00