Commit graph

7997 commits

Author SHA1 Message Date
volth
7e5332c868 tinc: allow the daemon to write to files in /etc/tinc/${network}/hosts
Follow up https://github.com/NixOS/nixpkgs/pull/27756: tinc daemon may also create new files in ```/etc/tinc/$network/hosts```
2017-08-10 00:09:45 +02:00
Dan Peebles
b48ffa332b services.fluentd: add plugins option
This allows us to pass in additional ad-hoc fluentd plugins for custom
output formats and other goodness.
2017-08-08 22:02:56 +00:00
Michael Raskin
29c3ea0cf0 Merge pull request #27925 from adisbladis/networkmanager_unbound
networkmanager service: use unbound if enabled
2017-08-08 12:13:42 +02:00
Jörg Thalheim
035e0198c5 Merge pull request #27978 from makefu/module/influxdb/bind-fix
influxdb module: collectd.port is now called bind-address
2017-08-08 07:51:03 +01:00
Wout Mertens
18fa60db30 Merge pull request #28008 from alexandergall/add-cloud-image
nixos/cloud-image: add module
2017-08-08 07:29:08 +02:00
Franz Pletz
bfc78abf2b Merge pull request #28019 from Infinisil/fix-default-text-xmonad
xmonad service: add defaultText to extraPackages to fix rendering in docs
2017-08-08 02:15:45 +02:00
evujumenuk
eaab02b94f wireguard: convert "table" to an interface option
Do the right thing, and use multiple interfaces for policy routing. For example, WireGuard interfaces do not allow multiple routes for the same CIDR range.
2017-08-08 01:45:19 +02:00
Silvan Mosberger
7bc42a8971
xmonad service: add defaultText to extraPackages to fix rendering in docs 2017-08-08 01:14:58 +02:00
davidak
3270aa896b replace "Mac OS X" and "OS X" with "macOS"
as it is the official name since 2016

https://en.wikipedia.org/wiki/Macintosh_operating_systems#Desktop

exception are parts refering to older versions of macOS like

"GUI support for Mac OS X 10.6 - 10.12. Note that Emacs 23 and later [...]"
2017-08-07 21:41:30 +02:00
Bas van Dijk
ca64eaadf8 postage: init at 3.2.17 & add NixOS module 2017-08-07 20:35:23 +02:00
Wout Mertens
339330b322 Merge pull request #27426 from rnhmjoj/nginx
nginx: make enabling SSL port-specific
2017-08-07 16:46:28 +02:00
Frederik Rietdijk
e6808e30ae Merge pull request #27931 from gnidorah/kde
Fix some KDE applications
2017-08-07 13:15:36 +02:00
Alexander Gall
a0a4bea2a6 nixos/cloud-image: add module
The module creates an image for an openstack-based cloud using the
cloud-init package.
2017-08-07 13:03:02 +02:00
Richard Larocque
b27d8c5d0a nixos/mosquitto: Fix instructions for password gen
Fixes https://github.com/NixOS/nixpkgs/issues/27996.

Updates instructions for generating hashes passwords for use in a
Mosquitto password file.  Using `mosquitto_passwd` to generate these
hashes is a little less convenient, but the results are more likely to
be compatible with the mosquitto daemon.

As far as I can tell, the hashes generated with `mkpassd` did not work
as intended.  But this may have been hidden by another bug:
https://github.com/NixOS/nixpkgs/issues/27130.
2017-08-06 15:54:36 -07:00
Joachim F
9f93150ec9 Merge pull request #27820 from dalaing/piwik-install-doc-fix
nixos/piwik: clarifies setup documentation
2017-08-06 22:58:52 +01:00
Nadrieril
a4d07290cb rsync service: allow running as not root 2017-08-06 22:57:53 +01:00
Nadrieril
94fc613cc7 rsync service: restart service on configuration change 2017-08-06 22:57:53 +01:00
Nadrieril
541377e5f0 rsync service: modernize config file generation 2017-08-06 22:57:53 +01:00
Franz Pletz
0f4179aed2
fixup! reword 2017-08-06 15:16:57 +02:00
makefu
c8e96826ae
influxdb module: collectd.port is now called bind-address
with the influxdb release we have packaged (and newer releases)
collectd.port has been streamlined to bind-address which takes a string
instead of a number.

ref: https://github.com/influxdata/influxdb/blob/master/services/collectd/README.md
2017-08-06 14:49:56 +02:00
gnidorah
0e28d3af1d nixos: add pathes for KDE applications 2017-08-06 12:55:10 +03:00
Linus Heckemann
0abf9d2b12 Document timezone changes in release notes 2017-08-05 12:06:31 +01:00
Robin Gloster
2dddc6dcf6 libvirt: don't suspend and resume on change 2017-08-05 11:00:02 +00:00
Jan Tojnar
c9d419a22b gnome: Further fixes for Using the 'memory' GSettings backend issue 2017-08-05 12:21:00 +02:00
Graham Christensen
7d0b001d4a nixos,nixpkgs: only build essentials on i686 2017-08-05 12:06:05 +02:00
evujumenuk
6070d91e93 wireguard: remove "table" option from example
Most users will be served well by the default "table" setting ("main").
2017-08-04 21:00:45 +02:00
John Ericson
a753f2fef7 17.09 release-notes: New breaking change: cc-wrapper exports more env vars 2017-08-04 13:43:38 -04:00
evujumenuk
e355f7044d wireguard: add per-peer routing table option
This adds a convenient per-peer option to set the routing table that associated routes are added to. This functionality is very useful for isolating interfaces from the kernel's global routing and forcing all traffic of a virtual interface (or a group of processes, via e.g. "ip rule add uidrange 10000-10009 lookup 42") through Wireguard.
2017-08-04 18:30:53 +02:00
Robin Gloster
b18b70c74d
nixos.tests.nat: fix 2017-08-04 17:52:42 +02:00
Phil
4f277bd920 nixos/networking/nat: add option for protocol
This commit adds an option to allow udp port forwarding (see #24894).
2017-08-04 17:03:05 +02:00
adisbladis
da7755b75c
networkmanager service: use unbound if enabled 2017-08-04 13:50:06 +08:00
Remy Goldschmidt
7fa034de56 Improved nixos-option manpage 2017-08-04 03:30:35 +02:00
Robin Gloster
dc13376ee2
wvdial: remove 2017-08-04 02:24:07 +02:00
Robin Gloster
a4647bc33f
tlsdate: remove
Dead and does not build with openssl 1.1.
Debian has removed it, too.
2017-08-04 02:24:03 +02:00
Robin Gloster
485a8fef73
modules: specify some types 2017-08-04 02:20:31 +02:00
Robin Gloster
94a2cba8d9
nginx module: add resolver config 2017-08-04 02:15:46 +02:00
Robin Gloster
75bbcd4215
nginx module: include uwsgi_params 2017-08-04 02:15:01 +02:00
Markus Mueller
c678fc385e
confluence: fix optional sso 2017-08-04 02:13:51 +02:00
Franz Pletz
02791ced34
atlassian-{jira,confluence}: add crowd sso support 2017-08-04 02:13:42 +02:00
Simon Lackerbauer
1075919413
unifi: add options to control JVM heap size
Our controller was acting very sluggish at times and increasing
available RAM for the JVM fixes this.
2017-08-04 02:12:31 +02:00
Franz Pletz
3b472d78a8
avahi-daemon service: add cacheEntriesMax option 2017-08-04 02:10:11 +02:00
Franz Pletz
32e7904624
gnupg agent module: fix ssh agent assertion logic 2017-08-04 02:07:49 +02:00
Markus Mueller
1793c96be2
tests/nat: Use switch-to-configuration in test case 2017-08-03 21:16:14 +02:00
Markus Mueller
53d2f0980d
nat: always flush nixos nat rules on firewall start/reload
Fixes #27510
2017-08-03 21:16:14 +02:00
Volth
84a6a3683b libvirt: 3.5.0 -> 3.6.0 2017-08-03 13:53:57 +00:00
Daniel Fullmer
caaa79f246 nixos/pulseaudio: Fix for missing zeroconf module 2017-08-03 14:21:34 +02:00
Peter Hoeg
72a64ea4f1 nsswitch: add systemd module
In order for DynamicUser = true to work in services, we need the
nss-systemd module to be able to resolve the user and group names
generated dynamically.
2017-08-03 10:51:06 +08:00
Profpatsch
5d62d8775c modules/systemd: improve logind.extraConfig example
Since we have a .handleLidSwitch option now, give an other example.
2017-08-03 03:07:05 +02:00
Dave Laing
d690701ff7 nixos/piwik: clarifies setup documentation
The piwki setup documentation as it stands has two issues:
- the `ALTER USER root` line does not work with MariaDB or MySQL 5.5
- the auth plugin details vary between MariaDB and MySQL
2017-08-02 08:38:16 +10:00
Christian Albrecht
93965870a8 nixos/auditd: break ordering cycle (#27577)
auditd creates an ordering cycle by adding wantedBy = [ "basic.target" ],
because of this the job job systemd-update-utmp.service/start is deleted.

Adding unitConfig.DefaultDependencies = false; to the auditd service unbreaks the cycle.

See also #11864
2017-08-01 20:45:01 +01:00
Franz Pletz
c217f48c35
searx: 0.11.0 -> 0.12.0 2017-08-01 06:16:03 +02:00
Taeradan
67890f73af postfix service: typo in transport filepath 2017-07-31 21:05:03 +02:00
aszlig
4f901203e8
nixos/timezone: Fix evaluation error
Evaluation error introduced in a0d464033c.

If the value for timeZone is null it shouldn't be even tried to coerce
it into a string.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @lheckemann, @joachifm
2017-07-31 17:15:30 +02:00
Linus Heckemann
a0d464033c nixos/timezone: support imperative timezone configuration (#26608)
Fixes #26469.
2017-07-31 15:55:24 +01:00
Valentin Shirokov
d30b2eb1c0 Removed networking.fqdn option
Adding it was a mistake which can only lead to problems and confusion.
2017-07-31 13:55:41 +02:00
Valentin Shirokov
a74c0c6652 Removed deprecation warning for networking.extraHosts 2017-07-31 10:04:01 +02:00
Frederik Rietdijk
740d76371e Merge commit 'ba68231273bea4cba01413fd2a0e56d68db9234c' into HEAD 2017-07-31 09:12:15 +02:00
Jörg Thalheim
758bf31a22 Merge pull request #27756 from volth/tinc-fix
tinc: allow the daemon to write to files in /etc/tinc/${network}/hosts
2017-07-30 11:15:15 +01:00
Jörg Thalheim
12e8bea477 Merge pull request #27578 from Ma27/bugfix/thefuck/support-for-non-posix-compliant-shells
programs.thefuck: support shells that don't use `/etc/profile`
2017-07-30 11:13:07 +01:00
sshisk
e79d11b623 postfix service: fix extraMasterConf (#27755)
thanks
2017-07-30 11:37:51 +02:00
Vladimír Čunát
8177561e8f
Merge #27105: more correct form of /etc/hosts 2017-07-30 09:57:41 +02:00
Maximilian Bosch
26655f505f
programs.thefuck: support shells that don't use /etc/profile 2017-07-30 08:23:35 +02:00
Frederik Rietdijk
20b8e4b4cf Merge remote-tracking branch 'upstream/master' into HEAD 2017-07-30 08:09:11 +02:00
Volth
3b82d7db82 tinc: allow the daemon to write to files in /etc/tinc/${network}/hosts 2017-07-30 00:25:04 +00:00
Volth
faac018630 environment.etc: add user/group option
fixes #27546
2017-07-29 23:56:46 +01:00
volth
eaa2d27b90 nixos/tinc: remove restartTriggers
```restartTriggers``` pointed to the constant files in ```/nix/store/``` and had to effect.
2017-07-29 21:32:28 +02:00
Florian Jacob
3e69c650ab nixos/systemd-networkd: allow [Link] section in .network files 2017-07-29 21:25:21 +02:00
Tuomas Tynkkynen
1d72474df7 make-ext4-fs: Fix modification timestamps in image
Use '-f' to make timestamp calls to always return the same time. Also
Nix uses the timestamp of '1' instead of epoch directly.
2017-07-29 22:03:43 +03:00
Bjørn Forsman
aff0725a7d nixos/lighttpd: add enableUpstreamMimeTypes option
enableUpstreamMimeTypes controls whether to include the list of mime
types bundled with lighttpd (upstream). This option is enabled by
default and gives a much more complete mime type list than we currently
have. If you disable this, no mime types will be added by NixOS and you
will have to add your own mime types in services.lighttpd.extraConfig.
2017-07-29 14:24:40 +02:00
Bjørn Forsman
b339e6e13f nixos/lighttpd: update list of allowed module names
* mod_dirlisting is auto-loaded by lighttpd and should not be explicitly
  loaded in the configuration file.
* The rest comes from looking at "ls -1 $lighttpd/lib/*.so" when
  lighttpd is built with "enableMagnet" and "enableMysql".
2017-07-29 14:24:40 +02:00
Frederik Rietdijk
b2608b8910 Merge remote-tracking branch 'upstream/master' into HEAD 2017-07-29 13:08:11 +02:00
Joel Thompson
168fbde17a exhibitor: Fix bug with automatic instance management
Exhibitor tests the auto-manage-instances config value to see if it's a
non-zero integer, rather than a true/false string, which was getting
put into the config before. This now causes autoManageInstances to
behave correctly.
2017-07-28 15:54:48 -04:00
Franz Pletz
b116fa5ff2
Merge branch 'master' into staging 2017-07-28 16:08:30 +02:00
aszlig
6e5d2f8963
nixos/xserver: Properly validate XKB options
Checking the keyboard layout has been a long set of hurdles so far, with
several attempts. Originally, the checking was introduced by @lheckemann
in #23709.

The initial implementation just was trying to check whether the symbols/
directory contained the layout name.

Unfortunately, that wasn't enough and keyboard variants weren't
recognized, so if you set layout to eg. "dvorak" it will fail with an
error (#25526).

So my improvement on that was to use sed to filter rules/base.lst and
match the layout against that. I fucked up twice with this, first
because layout can be a comma-separated list which I didn't account for
and second because I ran into a Nix issue (NixOS/nix#1426).

After fixing this, it still wasn't enough (and this is btw. what
localectl also does), because we were *only* matching rules but not
symbols, so using "eu" as a layout won't work either.

I decided now it's the time to actually use libxkbcommon to try
compiling the keyboard options and see whether it succeeds. This comes
in the form of a helper tool called xkbvalidate.

IMHO this approach is a lot less error-prone and we can be sure that we
don't forget about anything because that's what the X server itself uses
to compile the keymap.

Another advantage of this is that we now validate the full set of XKB
options rather than just the layout.

Tested this against a variety of wrong and correct keyboard
configurations and against the "keymap" NixOS VM tests.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @lheckemann, @peti, @7c6f434c, @tohl, @vcunat, @lluchs
Fixes: #27597
2017-07-28 12:39:55 +02:00
Valentin Shirokov
635ecd802f Deprecation warning for networking.extraHosts 2017-07-28 00:15:17 +03:00
Robin Gloster
2799a94963
zfs, spl: 0.6.5.11 -> 0.7.0 2017-07-27 19:00:54 +02:00
Volth
688dc4e4c3 tinc_pre: avoid infinite loop with EBADFD on network restart 2017-07-27 18:04:33 +02:00
Mateusz Kowalczyk
93d364f4f5 mongodb: we already set quiet in config 2017-07-27 13:26:36 +01:00
Graham Christensen
107d931b44 Merge pull request #27677 from peterhoeg/u/mcelog
mcelog: 148 -> 153
2017-07-27 06:34:10 -04:00
Peter Hoeg
f5c0607f8d mcelog: use .service file from upstream 2017-07-27 13:06:20 +08:00
rnhmjoj
a912a6a291
nginx: make enabling SSL port-specific 2017-07-27 03:45:53 +02:00
Volth
c6128d2feb nixos/varnish: made compatible with varnish 5.2.1, add modules
* nixos/varnish: command line compatible with varnish 5.2.1, fixes
https://github.com/NixOS/nixpkgs/issues/27409
* nixos/varnish: add support for modules (services.varnish.extraModules)
* varnish-modules: init at 0.10.2
* varnish-geoip: init at 1.0.2
* varnish-rtstatus: init at 1.2.0
* varnish-digest: init at 1.0.1
* added services.varnish.extraCommandLine option
2017-07-26 23:32:49 +00:00
Graham Christensen
d4ef5ac0e9
nixos/tahoe: fixup create-introducer, syntax regression from 90acbe5, improperly patched in 72f85b9e07 2017-07-26 19:13:21 -04:00
Graham Christensen
72f85b9e07
nixos/tahoe: fixup create-introducer, syntax regression from 90acbe5 2017-07-26 19:05:26 -04:00
Martin Wohlert
9be26f81ca change swap.randomEncryption config option to "coercedTo" for backwards compatibility 2017-07-26 20:57:10 +03:00
Martin Wohlert
c3d5cfdc3c swap: extend randomEncryption to plainOpen and ability to select cipher 2017-07-26 20:57:10 +03:00
John Ericson
9be40841ea Merge remote-tracking branch 'upstream/master' into staging-base
Conflicts:
	pkgs/build-support/cc-wrapper/default.nix
	pkgs/build-support/gcc-wrapper-old/builder.sh
	pkgs/build-support/trivial-builders.nix
	pkgs/desktops/kde-4.14/kde-package/default.nix
	pkgs/development/compilers/openjdk-darwin/8.nix
	pkgs/development/compilers/openjdk-darwin/default.nix
	pkgs/development/compilers/openjdk/7.nix
	pkgs/development/compilers/openjdk/8.nix
	pkgs/development/compilers/oraclejdk/jdk-linux-base.nix
	pkgs/development/compilers/zulu/default.nix
	pkgs/development/haskell-modules/generic-builder.nix
	pkgs/misc/misc.nix
	pkgs/stdenv/generic/builder.sh
	pkgs/stdenv/generic/setup.sh
2017-07-26 13:46:04 -04:00
Peter Hoeg
588e3da3f4 Merge pull request #26761 from gnidorah/master3
qt5ct module: expose qtstyleplugins
2017-07-26 22:44:45 +08:00
Nikolay Amiantov
358abce837 autofs service: fix the manual
Fixes #27202.
2017-07-26 15:24:43 +03:00
k0ral
a3e6df6ee2 environment.noXlibs: Disable gnome when noXLibs is set (#27567) 2017-07-26 08:54:42 +02:00
edef
10c6df2e3c nixos/…/swap.nix: don't create a LUKS header for randomEncryption
Creating and then erasing the key relies on the disk erasing data
correctly, and otherwise allows attackers to simply decrypt swap just
using "secretkey". We don't actually need a LUKS header, so we can save
ourselves some pointless disk writes and identifiability.

In addition, I wouldn't have made the awful mistake of backing up my swap partition's LUKS header instead of my zpool's. May my data rest in peace.
2017-07-26 08:45:50 +02:00
0xABAB
90acbe5449
Cleanup tahoe module
- Remove useless escape of question mark
- Fix and quoting
- Add some '&&s' for correctness
- Add escapeShellArg
- Remove &&s in preStart

Edited by grahamc: fixed the ${} typo on line 246
2017-07-25 22:09:43 -04:00
Volth
00512470ec tinc service: add CLI tools to the $PATH
Now user can execute e.g. "sudo tinc.netname dump nodes"
2017-07-25 23:13:58 +02:00
Jörg Thalheim
97544a6c38 Merge pull request #27627 from volth/zookeeper-escape-shell
nixos/zookeeper: escape cfg.extraCmdLineOptions
2017-07-25 07:46:05 +01:00
Charles Strahan
c1fdf3341b Merge pull request #27347 from cstrahan/osquery-new
osquery: init at 2.5.2
2017-07-24 21:51:10 -04:00
Charles Strahan
53426f6cb9
osquery: init at 2.5.2 2017-07-24 21:47:32 -04:00
Volth
f2bfb459c4 nixos/zookeeper: escape cfg.extraCmdLineOptions 2017-07-24 22:27:58 +00:00
Aristid Breitkreuz
63190540a8 wireguard: sometimes module tries to re-add the default route, which fails - use replace to make it succeed 2017-07-23 23:08:39 +02:00
Joachim F
1a768eba2a Merge pull request #26632 from jazmit/nixpkgs
coturn: allow use of ports < 1024
2017-07-23 12:56:05 +01:00
gnidorah
9f61c7f947 qt5ct module: expose qtstyleplugins 2017-07-23 12:56:04 +03:00