Commit graph

14602 commits

Author SHA1 Message Date
Silvan Mosberger
fc121e2813
nixos/dovecot: Improve mailboxes type
The previous use of types.either disallowed assigning a list at one
point and an attrset an another.
2020-08-18 14:25:51 +02:00
Martin Weinelt
a153452e54
Merge pull request #95508 from Ma27/nextcloud-nginx
nixos/nextcloud: update nginx config
2020-08-17 13:46:47 +02:00
Florian Klink
bda86eee87
Merge pull request #95222 from eadwu/kresd/runtime-fixes
kresd: runtime fixes
2020-08-16 18:44:27 +02:00
Florian Klink
16fc531784
Merge pull request #95505 from flokli/remove-mathics
mathics: remove package, module and test
2020-08-16 18:42:10 +02:00
Vladimír Čunát
0a3386369c
qemu: fix build with environment.noXlibs = true
In some tests, e.g. -f nixos/release.nix tests.simple.x86_64-linux
we use noXlibs and qemu.ga.  Now that output is tiny but to get it
a full qemu build is done, and some dependencies like gtk3 won't build
with noXlibs due to their dependencies being too stripped down.

Therefore let's reduce qemu features in noXlibs case.
The `sdlSupport = false;` part probably wasn't needed,
but I added it for consistency.
2020-08-16 18:25:31 +02:00
Edmund Wu
68366adf3c
nixos/kresd: ensure /run/knot-resolver exists 2020-08-16 12:20:10 -04:00
Edmund Wu
6c67af2fac
nixos/kresd: ensure /var/lib/knot-resolver exists 2020-08-16 12:20:03 -04:00
Edmund Wu
1a6240bde4
nixos/kresd: fix CacheDirectory permissions as per tmpfiles 2020-08-16 12:18:32 -04:00
Edmund Wu
ed89d043dc
nixos/kresd: remove derivation from systemd.tmpfiles
Using per-unit directives as per https://github.com/NixOS/nixpkgs/pull/95222#issuecomment-674512571
2020-08-16 12:17:14 -04:00
Maximilian Bosch
e8bdadb864
Merge pull request #95109 from Ma27/nextcloud-reverse-proxy
nixos/nextcloud: add documentation for alternative reverse-proxies
2020-08-16 18:09:45 +02:00
Florian Klink
36a162edc3
Merge pull request #95342 from flokli/systemd-initctl
nixos/systemd: don't try to install systemd-initctl.{service,socket}
2020-08-16 17:17:18 +02:00
Ben Wolsieffer
23b4356a5f nixos/nixos-*: use runtimeShell
Fix shebangs and other shell uses in the NixOS tools, allowing them to work
correctly on cross-compiled systems.
2020-08-16 13:08:33 +00:00
Florian Klink
b2f3bbd3fb
Merge pull request #95507 from flokli/remove-mesos
mesos: remove package, module and test (and chronos/marathon which depends on it)
2020-08-16 14:46:24 +02:00
Jörg Thalheim
aeffd67cec
Merge pull request #95493 from Izorkin/nginx-unit 2020-08-16 13:20:31 +01:00
Robert Hensing
cf568e31f8
Merge pull request #95584 from hercules-ci/fix-nixos-test-instrumentation
nixos/test-instrumentation.nix: Fix evaluation error
2020-08-16 13:59:50 +02:00
Robert Hensing
2578557530 nixos/test-instrumentation.nix: Fix evaluation error
Discovered via https://github.com/NixOS/nixpkgs/pull/82743 which
improved option checking, causing an evaluation error that was
hard to understand without running the evaluation manually.
2020-08-16 13:50:53 +02:00
Ben Wolsieffer
8f1de2e7c0 environment.noXlibs: disable X11 support in cairo 2020-08-16 10:33:44 +00:00
Florian Klink
b3909d1cb1
Merge pull request #95565 from vcunat/p/symlinkJoin
nixos/systemd.tmpfiles.packages: fix an edge case
2020-08-16 12:27:19 +02:00
Florian Klink
609eb86db7
Merge pull request #95444 from doronbehar/fix/mount+s
nixos/wrappers: make mount have the +s bit.
2020-08-16 12:23:12 +02:00
paumr
d420369354 nixos/emacs: formatted with nixpkgs-fmt 2020-08-16 10:22:56 +00:00
Vladimír Čunát
3937923f81
nixos/systemd.tmpfiles.packages: fix an edge case
symlinkJoin can break (silently) when the passed paths contain symlinks
to directories.  This should work now.

Down-side: when lib/tmpfiles.d doesn't exist for some passed package,
the error message is a little less explicit, because we never get
to the postBuild phase (and symlinkJoin doesn't provide a better way):
/nix/store/HASH-NAME/lib/tmpfiles.d: No such file or directory

Also, it seemed pointless to create symlinks for whole package trees
and using only a part of the result (usually very small part).
2020-08-16 10:23:53 +02:00
Doron Behar
a854b77b08 nixos/wrappers: make (u)mount have the +s bit.
See
https://discourse.nixos.org/t/how-to-make-a-derivations-executables-have-the-s-permission/8555
and:
https://www.linuxquestions.org/questions/slackware-14/must-be-superuser-to-use-mount-fstab-is-correct-however-144932/
2020-08-15 21:57:16 +03:00
Florian Klink
01684d6e9b nixos/mathics: remove module 2020-08-15 20:16:13 +02:00
Florian Klink
b7be00ad5e
Merge pull request #93358 from helsinki-systems/fix/gitlab-customrb
nixos/gitlab: Fix extra-gitlab.rb
2020-08-15 20:13:28 +02:00
Maximilian Bosch
42f6244899
nixos/nextcloud: update nginx config
This patch ensures that latest Nextcloud works flawlessly again on our
`nginx`. The new config is mostly based on upstream recommendations
(again)[1]:

* Trying to access internals now results in a 404.
* All `.php`-routes get properly resolved now.
* Removed 404/403 handling from `nginx` as the app itself takes care of
  this. Also, this breaks the `/ocs`-API.
* `.woff2?`-files expire later than other assets like images.

Closes #95293

[1] https://docs.nextcloud.com/server/latest/admin_manual/installation/nginx.html
2020-08-15 17:12:11 +02:00
Florian Klink
645ea787c9 nixos/marathon: remove module
The corresponding package failed to build for >9 months.
2020-08-15 16:59:58 +02:00
Florian Klink
a90b929020 nixos/chronos: remove module
The chronos package has been broken for > 9 months due to the breakage
of the mesos package.
2020-08-15 16:59:38 +02:00
Florian Klink
34d91a8cba nixos/mesos*: remove
The mesos package has been broken for >9 months.
2020-08-15 16:59:37 +02:00
Izorkin
26898b8518 nixos/unit: update sandboxing options 2020-08-15 11:21:09 +03:00
Jörg Thalheim
7acb961c67
Merge pull request #93395 from hmenke/zfs
ZFS: Request credentials only for selected pools
2020-08-15 09:19:49 +01:00
Martin Weinelt
f1efdd2c0b
Merge pull request #89444 from mweinelt/pinnwand-module
nixos/pinnwand: init; steck: init at 0.5.0; nixos/tests/pinnwand: init
2020-08-14 22:09:33 +02:00
Aaron Andersen
f1f4cc6e1b
Merge pull request #95231 from aanderse/mysql-cleanup
nixos/mysql: run postStart as an unprivileged user
2020-08-13 21:38:44 -04:00
Aaron Andersen
f08049e712 nixos/mysql: move ExecStartPost into postStart 2020-08-13 17:03:22 -04:00
Florian Klink
f3ba51f148
Merge pull request #95353 from flokli/systemd-output-journal
nixos: remove StandardOutput=syslog, StandardError=syslog lines
2020-08-13 21:45:12 +02:00
Jan Tojnar
0a4a62459a
nixos/fontconfig: Reintroduce unversioned fonts.conf
Turns out lot of software (including Chromium) use bundled fontconfig
so we either need to wrap every one of those, or re-introduce the global unversioned config.
The latter is easier but weakens hermetic configs. But perhaps those are not really worth the effort.
2020-08-13 20:56:43 +02:00
Florian Klink
962e15aebc nixos: remove StandardOutput=syslog, StandardError=syslog lines
Since systemd 243, docs were already steering users towards using
`journal`:

eedaf7f322

systemd 246 will go one step further, it shows warnings for these units
during bootup, and will [automatically convert these occurences to
`journal`](f3dc6af20f):

> [    6.955976] systemd[1]: /nix/store/hwyfgbwg804vmr92fxc1vkmqfq2k9s17-unit-display-manager.service/display-manager.service:27: Standard output type syslog is obsolete, automatically updating to journal. Please update│······················
 your unit file, and consider removing the setting altogether.

So there's no point of keeping `syslog` here, and it's probably a better
idea to just not set it, due to:

> This setting defaults to the value set with DefaultStandardOutput= in
> systemd-system.conf(5), which defaults to journal.
2020-08-13 18:49:15 +02:00
Florian Klink
e37941e4e4 nixos/systemd: don't try to install systemd-initctl.{service,socket}
Since systemd 246, these are only installed by systemd if
HAVE_SYSV_COMPAT is true, which only is the case if you set
sysvinit-path and sysvrcnd-path (which we explicitly unset in the
systemd derivation for quite some time)
2020-08-13 17:00:24 +02:00
Jörg Thalheim
28224516e5
Merge pull request #92964 from lopsided98/initrd-secrets-compressor 2020-08-13 07:54:01 +01:00
Jörg Thalheim
0f2ee10cbf
Merge pull request #94270 from jerith666/postfix-dane
postfix: add useDane config option
2020-08-13 06:53:53 +01:00
Matt McHenry
a45f1453eb postfix: add useDane config option 2020-08-12 21:18:36 -04:00
Matthew Bauer
6fffd50623
Merge pull request #95220 from obsidiansystems/ipfs-quic-socket-activated
nixos/ipfs: Allow QUIC connections to socket activate too
2020-08-12 13:47:29 -05:00
Justin Humm
90ed2c01f0
Merge pull request #95266 from Lassulus/gollum-text
nixos/gollum: replace toFile with writeText
2020-08-12 19:28:41 +02:00
lassulus
957da625c5 nixos/gollum: replace toFile with writeText 2020-08-12 19:16:05 +02:00
Florian Klink
22e8ada3b3
Merge pull request #95264 from flokli/nginx-config-reload
nixos/nginx: move configuration testing script into reload command
2020-08-12 18:47:02 +02:00
Maximilian Bosch
fddeb7cb73
Revert "nextcloud: use mkDefault for whole nginx config"
This breaks the Nextcloud vhost declaration when adding e.g. another
vhost as the `services.nginx.virtualHosts` option has `{ nextcloud =
...; }` as *default* value which will be replaced by another
`virtualHosts`-declaration with a higher (e.g. the default) priority.

The following cases are now supported & covered by the module:

* `nginx` is enabled with `nextcloud` enabled and other vhosts can be
  added / other options can be declared without having to care
  about the declaration's priority.

* Settings in the `nextcloud`-vhost in `nginx` have to be altered using
  `mkForce` as this is the only way how we officially support `nginx`
  for `nextcloud` and customizations have to be done explicitly using
  `mkForce`.

* `nginx` will be completely omitted if a user enables nextcloud
  and disables nginx using `services.nginx.enable = false;`. (because
  nginx will be enabled by this module using `mkDefault`).

This reverts commit 128dbb31cc.
Closes #95259
2020-08-12 18:28:45 +02:00
Florian Klink
300049ca51 nixos/nginx: move configuration testing script into reload command
nginx -t not only verifies configuration, but also creates (and chowns)
files. When the `nginx-config-reload` service is used, this can cause
directories to be chowned to `root`, causing nginx to fail.

This moves the nginx -t command into a second ExecReload command, which
runs as nginx's user. While fixing above issue, this will also cause the
configuration to be verified when running `systemctl reload nginx`, not
only when restarting the dummy `nginx-config-reload` unit. The latter is
mostly a workaround for missing features in our activation script
anyways.
2020-08-12 18:13:29 +02:00
Florian Klink
f527651a67 nixos/fontconfig: stop generating fontconfig_210 config and cache
This fontconfig version isn't used anywhere inside nixpkgs anymore.
2020-08-12 13:40:45 +02:00
Jörg Thalheim
dc255dcac0
Merge pull request #94291 from Izorkin/gitea 2020-08-12 12:23:05 +01:00
Aaron Andersen
e3c210dfd1 nixos/mysql: run ExecStartPost as an unprivileged user 2020-08-12 07:21:27 -04:00
Aaron Andersen
31098a03a2 nixos/mysql: cleanup some descriptions 2020-08-12 07:11:00 -04:00