Commit graph

1571 commits

Author SHA1 Message Date
Eelco Dolstra
bb9ee6a13f Remove some setuid wrappers for non-standard programs 2014-09-05 14:46:36 +02:00
Eelco Dolstra
cd7129a037 Revert "nixos: add setuid wrappers for some networked filesystems' helpers"
This reverts commit 26a4001a98. It
breaks the NFS test:

  http://hydra.nixos.org/build/13943148

Also, having more setuid programs is a bad thing security-wise.
2014-09-05 14:43:11 +02:00
Michael Fellinger
00887dc3f8 diod: fix service 2014-09-05 14:39:55 +02:00
Eelco Dolstra
1f7c775910 Remove unrar from the installation CD since it's unfree 2014-09-05 14:25:17 +02:00
Eelco Dolstra
daebba2c97 Fix container test 2014-09-05 14:08:35 +02:00
Eelco Dolstra
002b067750 Merge pull request #3953 from lethalman/combined
release: don't build broken packages, don't build tested on unsupported systems
2014-09-05 10:46:42 +02:00
aszlig
c9d1c0d8d1
nixos/tests: Add basic test for nsd module.
Currently only tests basic resource record lookup against IPv4 and IPv6.
Nothing special yet, but probably enough for most setups.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-09-05 02:54:39 +02:00
aszlig
e8c4fde22d
nixos/nsd: Improve support for journald/systemd.
Don't fork into the background and just log to stderr.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-09-05 02:54:39 +02:00
aszlig
141cb70d5c
nixos/networking: Fix typo in ipv6prefixLength.
Within the module it's referenced with an uppercase "P" and ipv6Address
also begins with an uppercase "A" after the "6", so let's make it
consistent.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-09-05 02:54:39 +02:00
aszlig
6386df1645
nixos/nsd: Fix indentation/coding style.
For Nix, we indent using two spaces, but in this module somehow 4 spaces
were snuck in. Other than that, remoteControl and ratelimit are just
nested attribute sets, so we don't need to make another submodule type
for no particular reason.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-09-05 02:54:39 +02:00
Michael Fellinger
d62e848cc9 virtualbox: vboxusers may use /dev/vboxnetctl 2014-09-04 22:44:38 +02:00
William A. Kennington III
c6bd6d6d89 nixos/grub: Assert devices should be absolute paths 2014-09-04 10:31:39 -07:00
William A. Kennington III
f73f7ccc6e nixos/install-grub: Read correct mountpoints 2014-09-04 10:31:39 -07:00
Michael Raskin
a3b9bf6c87 Merge pull request #3653 from iyzsong/nixos/xfce4-mixer
nixos: don't set variables for gstreamer-0.10 (fix #3652)
2014-09-04 20:54:57 +04:00
Michael Raskin
1a0d437bf3 Merge pull request #3944 from joshcartwright/gummiboot-timeout-fix
gummiboot/builder: fix timeout setting when unset
2014-09-04 20:17:44 +04:00
Luca Bruno
2ba523df24 nixos nat: add description to forwardPorts 2014-09-04 11:33:08 +02:00
Luca Bruno
e6ab680cbf nixos nat: add type for sourcePort and destination of forwardPorts 2014-09-04 10:26:33 +02:00
William A. Kennington III
2de0cf2549 nixos/utils: Don't remove first character if not a / 2014-09-03 18:40:05 -07:00
Luca Bruno
a1ded5c20e nixos-install: use absolute path when running passwd in chroot 2014-09-03 23:12:40 +02:00
Luca Bruno
59ad713288 nixos-install: set umask 0022 2014-09-03 23:12:40 +02:00
Domen Kožar
2e97c06999 nixos-option: enable all flags by default and make output a bit readable cc @nbp 2014-09-03 22:08:25 +02:00
Jaka Hudoklin
43d9f92c82 nixos: docker, create docker group 2014-09-03 21:23:30 +02:00
Michael Raskin
4155121069 Merge pull request #3926 from lethalman/fwdports
nixos/nat: add forwardPorts for external->internal DNAT
2014-09-03 21:54:37 +04:00
Nathan Bijnens
00ad134284 Mesos: services 2014-09-03 19:21:49 +02:00
Michael Raskin
ab023cc559 Merge pull request #3843 from wkennington/master.iffix
nixos/network-interfaces: Sanitize sys-subsystem device names
2014-09-03 21:15:46 +04:00
Eelco Dolstra
65ef435d7b Merge pull request #3949 from wkennington/master.grub
grub2: Add localizations
2014-09-03 19:06:26 +02:00
William A. Kennington III
eee8fd89b3 nixos/install-grub: Correct store path for search 2014-09-03 10:01:00 -07:00
William A. Kennington III
1b63a1b75e nixos/iso-image: Fix grub-mkimage requiring a prefix 2014-09-03 09:26:44 -07:00
Michael Raskin
3e841ef642 Fixing comment case 2014-09-03 20:03:15 +04:00
Eelco Dolstra
46623bfc15 Remove copy-com.nix from the module list
This is proprietary software, and NixOS is intended as a free software
distribution. We currently don't have a mechanism like allowUnfree for
NixOS modules, so it's better to leave out modules for such
packages. Of couse, they can still be activated by doing:

  imports = [ <nixpkgs/nixos/services/networking/copy-com.nix ];
2014-09-03 17:09:00 +02:00
Michael Raskin
c4d85240e5 Merge pull request #3267 from Mathnerd314/cpufreq_noise
Remove non-cpufreq_* modules since they are loaded by udev
2014-09-03 18:46:01 +04:00
Michael Raskin
94a131b95a Fix forgotten unit entry 2014-09-03 15:47:53 +04:00
Strahinja Popovic
fe3f7716f0 Enabled access to binaries of needed tools, and worker daemons can be enabled for phabricator #3306 2014-09-03 15:46:59 +04:00
Rickard Nilsson
66ee6e03e7 pulseaudio: Use group audio instead of pulse-access 2014-09-03 13:24:47 +02:00
Luca Bruno
e5b7b97a67 nixos tested: only build on supportedSystems 2014-09-03 12:51:10 +02:00
Sergey Mironov
2b72edad9b yandex-disk: fix the url; introduce systemd.service #2228 2014-09-03 12:36:29 +04:00
Rickard Nilsson
56102642fa pulseaudio: Add pulse-access group, controlling access to the system-wide PA daemon 2014-09-03 10:25:36 +02:00
Cray Elliott
4efc03f46f Delete nixos/modules/module-list.nix.orig, extraneous file 2014-09-03 01:20:56 -07:00
Michael Raskin
d1ae15b680 Merge pull request #3804 from ehmry/unbound
unbound: run in chroot
2014-09-03 11:45:20 +04:00
Michael Raskin
7a47d21aec Merge pull request #3943 from wkennington/master.grub
Fix grub zfs build and typo
2014-09-03 11:39:35 +04:00
William A. Kennington III
d48a7a17df nixos/network-interfaces: Sanitize sys-subsystem device names
Currently, nixos will allow for interface names with special characters
such as the hyphen to be used. This presents a problem when using
systemd device names as the namespace paths are separated using hyphens.
Within systemd, if a device name has a hyphen it should be replaced with
the escape sequence \x2d.

This patch sanitizes all interface names before they are used in a
systemd device string.
2014-09-03 00:31:38 -07:00
Michael Raskin
c3e7588367 Merge pull request #3747 from wkennington/master.explicit
nixos/network-interfaces: Allow explicit virtual interface type setting
2014-09-03 11:25:28 +04:00
Nathan Bijnens
33a3f76ee4 Copy.com: client #3617 2014-09-03 11:31:51 +04:00
Michael Raskin
8e968b18e4 Merge pull request #2952 from edwtjo/cups-syswide-clientconf
CUPS system wide client side remote printing.
2014-09-03 10:51:49 +04:00
Michael Raskin
a82c623c26 Merge pull request #3940 from wkennington/master.dnsmasq
nixos/dnsmasq: Fix regressions during the systemd update
2014-09-03 10:06:26 +04:00
Josh Cartwright
626a666da5 gummiboot/builder: fix timeout setting when unset
The gummiboot-builder.py script is expecting the @timeout@ metavar to be
substituted for either an empty string (in the case where a user has
left the timeout unset) or the actual value set in the system
configuration.

However, the config.boot.loader.gummiboot.timeout option defaults to
'null', and due to the way pkgs.substituteAll works, the substitution
for '@timeout@' is _never_ set to the empty string.  This causes the
builder script to put a bogus line into /boot/loader/loader.conf:

   timeout @timeout@

Fix this by explicitly setting 'timeout' to the empty string when it's
unset in the system configuration.

Signed-off-by: Josh Cartwright <joshc@eso.teric.us>
2014-09-03 05:36:45 +02:00
William A. Kennington III
ccc758f414 nixos/install-grub: Fix typo 2014-09-02 18:56:53 -07:00
Michael Fellinger
e805c78ed3 diod: remove redundant default doc 2014-09-03 02:55:00 +02:00
Michael Fellinger
0bf05a02f4 diod: add systemd service and config 2014-09-03 02:30:04 +02:00
William A. Kennington III
9659d0f4fb nixos/dnsmasq: Fix regressions during the systemd update 2014-09-02 17:23:55 -07:00
William A. Kennington III
961e9867b3 nixos/generate-config: Only add store search path when kernels are not copied 2014-09-02 09:16:13 -07:00
William A. Kennington III
9467937639 nixos/install-grub: Only check for /nix to be the mountPoint for the store 2014-09-02 09:16:13 -07:00
William A. Kennington III
61908bdd80 nixos/install-grub: Always copy kernels for different devices 2014-09-02 09:16:13 -07:00
William A. Kennington III
4eff4afa3c nixos/installer-test: Use nested subvolumes for root to test detection 2014-09-02 09:16:13 -07:00
William A. Kennington III
87b6232f3a nixos/generate-config: Don't interpret btrfs subvols as bind mounts 2014-09-02 09:16:13 -07:00
William A. Kennington III
3944239362 nixos/tests-installer: Add a test for btrfs default volumes and bind mounts 2014-09-02 09:16:13 -07:00
William A. Kennington III
01ab1d57a3 nixos/install-grub: Detect nested btrfs subvolumes 2014-09-02 09:16:13 -07:00
William A. Kennington III
7fae423522 nixos/generate-config: Support detecting nested subvolumes 2014-09-02 09:16:13 -07:00
William A. Kennington III
0b66483c9a nixos/install-grub: Store path should be /nix/store not /nix 2014-09-02 09:16:13 -07:00
William A. Kennington III
36614ff3e2 Revert "Revert "Merge pull request #2449 from wkennington/master.grub""
This reverts commit 94205f5f21.

Conflicts:
	nixos/modules/system/boot/loader/grub/install-grub.pl
2014-09-02 09:16:13 -07:00
Peter Simons
1c0d15b90e Merge branch 'origin/master' into staging.
Conflicts:
	pkgs/development/libraries/ffmpeg/2.x.nix
	pkgs/development/libraries/serf/default.nix
2014-09-02 12:31:03 +02:00
lethalman
a3e91bbfa3 Merge pull request #3901 from vlstill/ssh_ip
Allow binding sshd to specified addresses.
2014-09-02 10:38:16 +02:00
Vladimir Still
13bbce96c3 sshd: Fix typo in assetion. 2014-09-02 10:06:04 +02:00
Michael Raskin
3ad91106f1 Merge pull request #3704 from sfultong/upstream-master
tomcat: update to upstream master
2014-09-02 02:09:18 +04:00
Michael Raskin
fa55a99701 Load EHCI befor OHCI and UHCI; from patch by Mathnerd314 2014-09-02 02:12:46 +04:00
Chris Farmiloe
08534000a4 Ensure libvirtd is started after vswitch and add ability to configure how libvirtd guests are shutdown 2014-09-02 01:48:50 +04:00
Chris Farmiloe
76a4de68c1 formatting/retab 2014-09-02 01:48:50 +04:00
Chris Farmiloe
8ef11bb0ee add openvswitch package + basic nixos module to enable it 2014-09-02 01:48:50 +04:00
Michael Raskin
2a1a814e53 Make console-getty only used inside container by default 2014-09-02 01:36:10 +04:00
Michael Raskin
d140851472 Merge pull request #3779 from offlinehacker/docker
full nixos inside docker
2014-09-02 01:04:05 +04:00
Michael Raskin
419031bcfc Merge pull request #2644 from lethalman/pam_tally
pam: Add logFailures option for adding pam_tally to su
2014-09-02 00:58:30 +04:00
Vladimir Still
a2394f09c7 sshd: Add note about listening on port 22 to listenAddresses. 2014-09-01 22:56:35 +02:00
Vladimir Still
ac39d839c3 sshd: Add note about firewall and listenAddresses. 2014-09-01 22:56:35 +02:00
Vladimir Still
e12337156c sshd: Allow to specify ListenAddress. 2014-09-01 22:56:35 +02:00
Michael Raskin
5bbeba3d97 Merge pull request #3911 from vlstill/nfs-port_pullreq
nfsd: Make it possible to fix rpc.{mountd,statd,lockd} ports.
2014-09-02 00:53:52 +04:00
Michael Raskin
a6dfb4dc28 Merge pull request #3241 from ehmry/cjdns
cjdns declarative configuration
2014-09-02 00:53:18 +04:00
Michael Raskin
8c167b22a5 Merge pull request #3918 from robberer/pkgs/clamav
clamav: update to version 0.98.4 and run freshclam in daemon mode
2014-09-02 00:46:25 +04:00
Luca Bruno
b21ac60290 nixos/nat: add forwardPorts for external->internal DNAT 2014-09-01 22:31:56 +02:00
Luca Bruno
31b7cae018 nixos/znc: fix immutable config.
Fix references to coreutils echo and rm.
Make config writable even if immutable because of
https://github.com/znc/znc/blob/master/src/znc.cpp#L964 .
2014-09-01 16:21:12 +02:00
aszlig
29f4642284
nixos: Add new service for OpenNTPd.
This conflicts with the existing reference NTP daemon, so we're using
services.ntp.enable = mkForce false here to make sure both services
aren't enabled in par.

I was already trying to merge the module with services.ntp, but it would
have been quite a mess with a bunch of conditions on the package name.
They both have a bit in common if it comes to the configuration files,
but differ in handling of the state dir (for example, OpenNTPd doesn't
allow it to be owned by anything other than root).

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-09-01 16:07:28 +02:00
William A. Kennington III
3e834e1783 nixos/tests: Fix usage of head function without pkgs.lib 2014-09-01 04:39:45 -07:00
Longrin Wischnewski
28fd7ea190 clamav: run freshclam in daemon mode 2014-09-01 09:41:19 +02:00
Emery Hemingway
f5b4eacad6 uhub: initial service expression 2014-09-01 10:53:19 +04:00
Michael Raskin
a49caa77e7 Add IDs for uhub service 2014-09-01 10:53:19 +04:00
Michael Raskin
9e3d1b1a8f Merge pull request #3908 from wkennington/master.ip
Reapply the multi-ip code
2014-09-01 10:28:54 +04:00
Jan Malakhovski
26a4001a98 nixos: add setuid wrappers for some networked filesystems' helpers
So that `user` mount option would work allowing normal users to mount
and umount stuff marked with it in `fileSystems.<name>.options`.
2014-09-01 10:33:48 +04:00
Jan Malakhovski
8c9b6d932a nixos: add dhcpcd.persistent option 2014-09-01 10:33:48 +04:00
Jan Malakhovski
99243a5c51 nixos: add atftpd service 2014-09-01 10:33:48 +04:00
Jan Malakhovski
8f50d803ef nixos: add support for mkhomedir in PAM 2014-09-01 10:33:48 +04:00
Emery Hemingway
f60ac82cac cjdns: new declarative service expression
systemd service wants network-interfaces.target rather than network.target
assertion on config.networking.enableIPv6
2014-08-31 18:14:16 -04:00
Vladimir Still
a735c308b6 nfsd: Make it possible to fix rpc.{mountd,statd,lockd} ports. 2014-08-31 22:00:16 +02:00
Vladimir Still
5588ad472b vpnc: Fix building of system config. 2014-08-31 21:39:03 +02:00
Sam Griffin
ec8e4d23f1 cleanup per Lethalman's suggestions 2014-08-31 13:01:20 -04:00
William A. Kennington III
02ecc98e87 nixos/network-interfaces: Fix bug in converting old ipAddresses 2014-08-31 09:47:18 -07:00
William A. Kennington III
9a697d775a Revert "Revert "Fix syntax error in nixos/lib/build-vms.nix, introduced by 86c0f8c""
This reverts commit 2f697bf693.
2014-08-31 09:46:26 -07:00
William A. Kennington III
3d037ebb94 Revert "Revert "Merge pull request #3182 from wkennington/master.ipv6""
This reverts commit ea8910652f.
2014-08-31 09:46:16 -07:00
Sam Griffin
0667d67c95 Adding vpnc configuration module 2014-08-31 12:44:13 -04:00
Longrin Wischnewski
196c6260be grub: fix grub merge error 2014-08-31 12:29:13 +02:00
Rob Vermaas
ea8910652f Revert "Merge pull request #3182 from wkennington/master.ipv6"
This reverts commit b23fd65854, reversing
changes made to 43654cba2c.
2014-08-31 10:58:54 +02:00
Rob Vermaas
2f697bf693 Revert "Fix syntax error in nixos/lib/build-vms.nix, introduced by 86c0f8c"
This reverts commit 704e91bab0.
2014-08-31 10:58:50 +02:00