Bjørn Forsman
824d82fa0f
nixos/geoip-updater: new service
...
The GeoIP databases from MaxMind have no stable URLs and change every
month (or so). Our current method of packaging these database in Nix and
playing catch-up with ever-changing file hashes is a bad idea. For
instance, it makes it impossible to realize old NixOS configurations.
This patch adds a NixOS service that periodically updates the GeoIP
databases in /var/lib/geoip-databases. Moving NixOS modules over can be
done in later patches.
I tried adding MD5 check, but not all databases have them, so i skipped
it. We are downloading over HTTPS though, it should be good. I also
tried adding zip support, but the first zip file I extracted had a
different filename inside than the archive name, which breaks an
assumption in this service, so I skipped that too.
Changes v9 -> v10:
- Pass "--max-time" to curl to set upper bound on downloads (ensures
no indefinite hanging if there's problem with networking).
Timeout for network connectivity check: 60s.
Timeout for geoip database (each): 15m.
Changes v8 -> v9:
- Mention the random timer delay in the documentation for the
'interval' option.
Changes v7 -> v8:
- Add "RemainAfterExit=true" for the setup service, so it won't be
restarted needlessly. (Thanks @danbst!)
Changes v6 -> v7:
- Add --skip-existing flag to geoip-updater, which skips updating
existing database files. Pass that flag when we run the service on
boot (and on any NixOS configuration change).
(IMHO, this is somewhat a workaround for systemd persistent timers
not being triggered immediately when a timer has never expired
before. But it does have the nice side effect of ensuring that the
installed databases always correspond to the configured ones, since
the service is now always run after configuration changes.)
Changes v5 -> v6:
- Update database files atomically (per DB)
- If a database is removed from the configuration, it'll be removed
from /var/lib/geoip-databases too (on next run).
- Add NixOS module assertion so that if user inputs non- .gz or .xz
file there will be a build time error instead of runtime.
- Run updater as user "nobody" instead of "root".
- Rename NixOS service from "geoip-databases" to "geoip-updater".
- Drop RemainAfterExit, or else the timer won't trigger the unit.
- Bring back "curl --fail", or else we won't catch and log curl
failures.
Changes v4 -> v5:
- Add "GeoLite2-City.mmdb.gz" to default database list.
Changes v3 -> v4:
- Remove unneeded geoip-updater-setup.service after adding
'wantedBy = [ "multi-user.target" ]' directly to
geoip-updater.service
- Drop unneeded "Service" name from service descriptions.
Changes v2 -> v3:
- Network may be down when starting from a cold boot, so try a few
times. Possibly, if using systemd-networkd, it'll pass on the first
try. But with default DHCP on NixOS, the service is started before
hostnames can be resolved and thus we need a few extra seconds.
- Add error handling and mark service as failed if fatal error.
- Add proper syslog log levels.
- Add RandomizedDelaySec=3600 to the timer to not put high load on the
MaxMind servers. Suggested by @Mic92 .
- Set RemainAfterExit on geoip-updater.service instead of
geoip-updater-setup.service. (The latter is only a proxy that pulls
in the former service).
Changes v1 -> v2:
From Данило Глинський (Danylo Hlynskyi) <abcz2.uprola@gmail.com>:
nixos/geoip-databases: add `databases` option and fix initial setup
There were two great issues when using this service:
- When you just enable service, databases aren't downloaded, they are
downloaded when timer triggers. Fixed this with automatic download on
first system activation.
- When there is no internet, updater outputs nothing to logs, which is
IMO misbehavior. Fixed this with removing `--fail` option, better be
explicit here.
2017-02-12 15:07:34 +01:00
Tuomas Tynkkynen
9e04b57dde
nixos top-level: Add 'dtbs' symlink when kernel uses device trees
...
Currently e.g. extlinux-conf-builder.sh uses
`readlink -m "$toplevel/kernel/../dtbs"` to figure out the directory.
That is obscenely ugly.
2017-02-12 15:47:49 +02:00
Graham Christensen
4f34e030a5
Merge pull request #22677 from grahamc/drop-kdm-kde4-modules
...
Drop kdm and kde4 modules
2017-02-12 08:36:33 -05:00
Vladimír Čunát
3348905cde
xorg-server: major bump 1.18.4 -> 1.19.1
...
I encountered no problems with it. Nvidia binary drivers are tested,
and AMD ones now both set `abiCompat` to use older server versions.
2017-02-12 13:24:44 +01:00
Ricardo M. Correia
123cbd40c2
raspberryPi boot loader: don't remove xx-initrd files
...
The Raspberry Pi boot loader was deleting all xx-initrd text files
(which simply contain the path to the actual initrd files) just after
having created them. The code was actually trying to delete real,
obsolete initrd files, which are named <hash>-initrd-initrd (after path
cleaning), but the glob was catching the other files as well.
2017-02-12 02:48:57 +02:00
Ricardo M. Correia
c19b17d14f
raspberryPi boot loader: fix booting Raspberry Pi 3
...
The Raspberry Pi 3 seems to need the .DTB file when booting the kernel,
so we must copy it to /boot when installing a new kernel.
2017-02-12 02:48:57 +02:00
Graham Christensen
b1a05a0865
nixos: drop references to kde4
...
Excluding modules/programs/environment.nix for PATHand QT_PLUGIN_PATH to allow the programs to continue running.
2017-02-11 14:01:13 -05:00
Graham Christensen
3cec7d10df
kdm: drop service
2017-02-11 13:55:09 -05:00
Graham Christensen
c09004fba0
Merge pull request #22642 from grahamc/kde4-deprecate
...
kde4, kdm: mark services as deprecated
2017-02-11 10:17:15 -05:00
Vladimír Čunát
d4bf624f96
nixos manual: add grub option to avoid #21830
...
Close #22659 . vcunat edited this slightly.
2017-02-11 12:47:15 +01:00
Tuomas Tynkkynen
607be4d88e
sd-image-*: Copy all RPi firmware files
...
Turns out all variants of start.elf and fixup.dat are needed (depending
on what's in config.txt). I was under the mistaken impression that you
were supposed to rename one of the variants to switch using them, but
nope.
2017-02-11 12:23:16 +02:00
Franz Pletz
3fd44e2912
network-interfaces service: add metric option for defaultGateways
2017-02-11 04:53:56 +01:00
Graham Christensen
d9ab783f58
nixos manual: correct reference to sddm
2017-02-10 22:52:08 -05:00
davidak
d4766e789b
caddy: set file descriptor limit to 8192, fixes #22454
...
the value is recommended for production use
a warning is produced when not set
2017-02-11 01:44:29 +01:00
Graham Christensen
564e0c120b
kde4, kdm: mark services as deprecated
2017-02-10 17:35:52 -05:00
Profpatsch
ed8a0d8e5e
modules/searx: add package option ( #22636 )
...
The user should be able to specify a patched version of searx.
2017-02-10 22:44:10 +01:00
Eelco Dolstra
1b1138d3e7
Merge pull request #22610 from grahamc/switch-to-kde5-by-default
...
nixos: update default cases from KDM/KDE4 to SDDM/KDE5
2017-02-10 22:06:21 +01:00
Nikolay Amiantov
442b4d65c3
Merge pull request #22304 from abbradar/nvidia
...
Refactor NVidia drivers
2017-02-10 23:53:34 +03:00
Dan Peebles
3809938208
ecs-agent module: remove debug print
...
Whoops :)
2017-02-10 15:16:17 -05:00
Tuomas Tynkkynen
a14ef4ad52
open-vm-tools: 10.0.7 -> 10.1.0
...
Also add an option to disable all the X11 stuff.
2017-02-10 20:12:00 +02:00
Dan Peebles
a0ebb1497f
ecs-agent NixOS module: init
...
A very simple skeleton for now that doesn't attempt to model any of
the agent configuration, but we can grow it later. Tested and works
on an EC2 instance with ECS.
2017-02-10 05:37:38 +00:00
Graham Christensen
b12564cc1b
nixos: update default cases from KDM/KDE4 to SDDM/KDE5
2017-02-09 21:52:00 -05:00
afranchuk
a5e041ac08
libreswan service: make EnvironmentFile optional ( #22591 )
...
Recent versions of libreswan seem to omit this file, but it may be added/changed in the future. It is silly to have the service fail because a file is missing that only enriches the environment.
2017-02-10 00:53:44 +01:00
Joachim F
ca8fb930b1
Merge pull request #22356 from Ekleog/redsocks
...
Redsocks
2017-02-09 22:39:43 +01:00
Edward Tjörnhammar
2f5fdaefec
nixos, doc: dictd dbs move
2017-02-09 22:23:11 +01:00
Edward Tjörnhammar
3c9d73f100
nixos, doc: named nylons
2017-02-09 21:18:57 +01:00
Vladimír Čunát
378662bbba
Merge #22491 : Add documentation for Xfce
2017-02-09 18:39:36 +01:00
Vladimír Čunát
a0505989c9
Xfce docs nitpicks
...
- fix validity
- XFCE -> Xfce, as that seems to be upstream preference
2017-02-09 18:38:01 +01:00
Léo Gaspard
7a32b96697
redsocks module: initialize
...
redsocks module: use separate user for redsocks daemon
2017-02-09 18:01:14 +01:00
Daniel Peebles
7439fe083f
Merge pull request #22297 from nand0p/buildbot-0.9.3
...
buildbot: 0.9.0.post1 -> 0.9.3
2017-02-09 11:15:03 -05:00
Joachim Fasting
28b5cc7dca
grsecurity test: adapt to changes in tinycc outputs
2017-02-09 16:23:04 +01:00
Franz Pletz
65a1762a9b
nginx module: make acme group overrideable easily
2017-02-08 23:50:59 +01:00
Nikolay Amiantov
5ff9a2a2cb
kbd service: don't restart systemd-vconsole-setup
...
Fixes #22470 . Also remove non-relevant comment (we don't deviate from upstream
systemd unit anymore).
2017-02-08 21:50:33 +03:00
Nikolay Amiantov
6f7811143d
systemd service: don't install systemd-hwdb-update
2017-02-08 21:42:07 +03:00
Nikolay Amiantov
504774e223
release notes: mention JRE changes and jre_headless
2017-02-08 21:36:22 +03:00
Andrew Cann
3082647e74
trezord: init at 1.2.0 ( #22054 )
2017-02-08 17:18:22 +01:00
Graham Christensen
7db1f727f3
moodle: Remove due to continued security issues.
2017-02-08 09:10:45 -05:00
Nikolay Amiantov
2fd2fcf54d
linuxPackages.nvidia_x11: refactor, build more from source
...
* Use libglvnd;
* Compile nvidia-settings, nvidia-persistenced from source;
* Generalize builder.
2017-02-08 16:57:46 +03:00
Antoine Eiche
9d30099b7f
nixos/systemd: set r-x group permissions on /var/log/journal
...
This allows services such as systemd-journal-gateway to access the
systemd journal.
Closes #22288
2017-02-08 16:06:14 +03:00
Franz Pletz
626540e32e
Merge pull request #22524 from wizeman/u/chrony-impr
...
nixos.chrony: add extraFlags config option
2017-02-07 21:50:58 +01:00
Vladimír Čunát
ce9d30e734
Merge #22241 : amdgpu-pro: 16.50 -> 16.60
2017-02-07 20:49:58 +01:00
Peter Simons
bfd7fe8ba5
nixos: fix taskserver module to evaluate properly when keys are managed manually
2017-02-07 18:35:41 +01:00
Ricardo M. Correia
9293f86bf2
nixos.chrony: remove generatecommandkey option
...
It's deprecated and no longer used.
2017-02-07 18:01:58 +01:00
Ricardo M. Correia
e3fce56047
nixos.chrony: add extraFlags config option
2017-02-07 18:01:57 +01:00
Matthias Beyer
de592483d1
Add xfce documentation
2017-02-07 17:55:40 +01:00
Jörg Thalheim
3aff6c07ab
Merge pull request #22518 from wizeman/u/fix-chrony-conf
...
nixos.chrony: pass config file directly to daemon
2017-02-07 17:17:17 +01:00
Fernando J Pando
34b5c9a4de
buildbot: 0.9.0.post1 -> 0.9.3
...
- Fixes unneeded patching
- Adds worker to build inputs now needed for tests
- Replaces enableworker option with worker configuration module
- Openssh required for tests
- Fixes worker hardcoded paths
- Tested on Nixos Unstable
2017-02-07 11:14:42 -05:00
Svein Ove Aas
e362a3d5c9
nginx: Format the config file
2017-02-07 16:19:11 +01:00
Ricardo M. Correia
af4e6f155e
nixos.chrony: pass config file directly to daemon
...
This fixes an issue where `nixops deploy` wouldn't restart the chrony
service when the chrony configuration changed, because it wouldn't
detect that `/etc/chrony.conf` was a dependency of the chrony service.
2017-02-07 13:48:58 +01:00
aszlig
cd10e3c4ff
nixos/tests/chromium: Run tests as normal user
...
The tests have failed because Chromium has started up displaying the
following error message in a dialog window:
Chromium can not be run as root.
Please start Chromium as a normal user. If you need to run as root for
development, rerun with the --no-sandbox flag.
So let's run as user "alice" and pass all commands using the small
helper function "ru" (to keep it short, it's for "Run as User").
Tested it by running the "stable" test on x86_64-linux.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Reported-by: @globin
2017-02-07 07:36:56 +01:00
aszlig
87cc20eddb
nixos/networkd: Fix eval error for defaultGateway
...
Regression introduced by 0cb487ee04
.
This changed the result for defaultGateway to be a submodule instead of
just a plain string, so instead of using just cfg.defaultGateway we need
to pass cfg.defaultGateway.address now.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @abbradar
2017-02-07 07:05:31 +01:00
David McFarland
905627c7c5
xorg-server: fglrxCompat -> abiCompat
...
Allows it to be used for fglrx (1.17) and amdgpu-pro (1.18)
2017-02-06 23:16:21 -04:00
Shea Levy
714fdb425a
firewall: Fix check for rpfilter on manual-config kernels
2017-02-06 16:43:23 -05:00
Matthias Beyer
bf56d17b2c
fixup! Add documentation for XFCE
2017-02-06 09:17:52 +01:00
Matthias Beyer
4b5a230d1d
Add documentation for XFCE
2017-02-06 09:10:05 +01:00
Nikolay Amiantov
9beeee2717
Merge pull request #22431 from abbradar/postfix-local
...
postfix service: don't empty local_recipient_maps
2017-02-06 03:50:05 +03:00
Joachim Schiele
d491728653
httpd: added serviceExpression which extends the serviceType concept -> allows that httpd services can live outside of nixpkgs ( #22269 )
2017-02-06 01:08:58 +01:00
Nikolay Amiantov
52c7e647ab
postfix service: don't empty local_recipient_maps
...
From Postfix documentation:
With this setting, the Postfix SMTP server will not reject mail with "User
unknown in local recipient table". Don't do this on systems that receive mail
directly from the Internet. With today's worms and viruses, Postfix will become
a backscatter source: it accepts mail for non-existent recipients and then
tries to return that mail as "undeliverable" to the often forged sender
address.
2017-02-06 01:41:27 +03:00
Joachim F
4459f26ad8
Merge pull request #22175 from dancek/illum
...
illum: init at 0.4
2017-02-05 16:41:30 +01:00
Shea Levy
67ef18d01a
supplicant nixos module: Allow not specifying the configFile path
2017-02-05 06:50:20 -05:00
Nikolay Amiantov
90bc1a8595
Merge pull request #22353 from abbradar/bluetooth
...
Bluetooth improvements
2017-02-05 13:18:48 +03:00
Eelco Dolstra
323031f9ed
Merge pull request #22455 from taku0/hyper-v_installation
...
nixos-generate-config.pl, all-hardware.nix: Add support for Hyper-V
2017-02-05 11:05:06 +01:00
Nikolay Amiantov
6812c7001c
nfs tests: fix nfs server unit name
2017-02-05 12:41:21 +03:00
taku0
8dfa60ce73
nixos-generate-config.pl, all-hardware.nix: Add support for Hyper-V
2017-02-05 18:22:26 +09:00
Joachim Fasting
2628597e76
cjdns service: allow daemon to drop privileges
...
The service can run certain components with reduced privileges, but for
that it needs the setuid capability.
2017-02-05 04:54:26 +01:00
Joachim Fasting
a0338afe5f
cjdns service: allow writing keys to /etc
...
20e81f7c0d
prevented key generation in
`preStart`, leaving the service broken for the case where the user has
no pre-existing key.
Eventually, we ought to store the state elsewhere so that `/etc` can be
read-only but for now we fix this the easy way.
2017-02-05 04:54:18 +01:00
Nikolay Amiantov
9a11dda5fd
nfsd service: don't run exportfs
...
It's run by service already.
2017-02-05 03:17:38 +03:00
Nikolay Amiantov
5b043ea361
nfs service: create state directories
2017-02-05 03:17:38 +03:00
Vladimír Čunát
a2c867fd39
Merge branch 'staging'
2017-02-04 21:02:46 +01:00
Hannu Hartikainen
d91b39b3f9
illum: init at 0.4
2017-02-04 20:22:51 +02:00
Joachim F
17cc22a619
Merge pull request #22225 from bachp/glusterfs-service
...
glusterfs: add service
2017-02-04 15:15:39 +01:00
laMudri
7c27554033
xfce: make xfwm optional
2017-02-04 11:55:01 +00:00
Tim Jaeger
83241c091d
gogs: fix error on push
...
Pushing to gogs only works if the `gogs` user's shell is `bash`. For error and
solution, refer to [this SO thread](http://stackoverflow.com/a/22315659 )
2017-02-04 12:16:37 +01:00
Sarah Brofeldt
ac6606fbf4
bumblebee service: Fix type error when pmMethod = "bbswitch"
2017-02-04 10:44:44 +01:00
rnhmjoj
a3ff62d48c
namecoind: refactor nixos module
2017-02-03 20:06:45 +01:00
rnhmjoj
f7d49037a4
dnschain service: overhaul option interface & implementation
...
Closes https://github.com/NixOS/nixpkgs/pull/22041
2017-02-03 19:49:16 +01:00
Ricardo Ardissone
0bae18fb55
sane service: mention the lp group for printer+scanners
2017-02-03 20:54:04 +03:00
Joachim Fasting
0c31286f75
grsecurity docs: some polish
...
Fix minor formatting issues, excessive punctuation, and also some
improved wording.
2017-02-03 18:47:07 +01:00
Nikolay Amiantov
230c97c944
Merge pull request #22303 from abbradar/nfs4
...
NFS improvements
2017-02-03 20:04:25 +03:00
Guillaume Maudoux
698f178d4e
default nixos config: add firewall options.
...
By showing how to open ports in the firewall and how to disable it, we make users aware that there is a firewall enabled by default.
2017-02-03 16:45:11 +01:00
Vladimír Čunát
2ba076e99c
Merge branch 'master' into staging
...
>11k more build jobs on master, just for Linux :-/
This way staging will never catch up.
2017-02-03 15:32:08 +01:00
Nikolay Amiantov
9eb540b807
qemu-vm module: fix boot.tmpOnTmpfs
...
This option caused systemd to mount /tmp on top of /tmp/{xchg,shared}.
Fixes #21490 .
2017-02-03 15:02:34 +03:00
Vladimír Čunát
adab4cd58b
Merge branch 'master' into staging
2017-02-03 11:47:38 +01:00
Benjamin Staffin
53e6431d61
Merge pull request #22358 from yorickvP/asteriskupd
...
asterisk: add lts version
2017-02-03 02:30:34 -05:00
Nikolay Amiantov
5247140e57
Merge pull request #21875 from abbradar/gateway-interface
...
Allow specifying interface for default gateway
2017-02-03 02:26:31 +03:00
Pascal Bach
ff3f3399ae
filesystems: add support to mount glusterfs
2017-02-02 23:16:52 +01:00
Pascal Bach
19759cfeab
services: add GlusterFS service
...
This service is only limited in configuration options.
But it is sufficient to run glusterd and configure it using the gluster command
2017-02-02 23:16:52 +01:00
Daiderd Jordan
f87fb85259
Merge pull request #22376 from LumiGuide/wordpress-4.7.2
...
wordpress: 4.7.1 -> 4.7.2 (Security fix)
2017-02-02 19:30:36 +01:00
Daniel Peebles
ff8a21e03c
Merge pull request #22348 from nand0p/hologram-module
...
hologram: 8d86e3f -> d20d1c3
2017-02-02 17:42:07 +01:00
Fernando J Pando
1d85e0bbab
hologram: 8d86e3f -> d20d1c3
...
- Updates dependencies
- Adds configuration module
- Tested on Nixos Unstable
2017-02-02 11:31:42 -05:00
Bas van Dijk
5cc75352f8
wordpress: 4.7.1 -> 4.7.2
...
See: https://make.wordpress.org/core/2017/02/01/disclosure-of-additional-security-fix-in-wordpress-4-7-2/
2017-02-02 16:41:32 +01:00
Yorick van Pelt
1b47bc9477
service.asterisk: add package option
2017-02-02 15:16:00 +01:00
Nikolay Amiantov
4feb0a998a
manual: mention needed options for IPv6
2017-02-02 01:53:00 +03:00
Nikolay Amiantov
0cb487ee04
network-interfaces service: add defaultGateway{,6}.interface
2017-02-02 01:53:00 +03:00
Nikolay Amiantov
4abcef2ba1
bluez service: use upstream units
2017-02-02 00:52:54 +03:00
Nikolay Amiantov
8ef14f80e3
systemd service: add aliases option
2017-02-02 00:52:54 +03:00
Tristan Helmich
24f3abdafb
Revert "Make services.xserver.xkbDir conflict free when overriden."
...
This reverts commit 82bcfef109
.
cc @nbp
Fixes #22290 , #22352 .
Signed-off-by: Franz Pletz <fpletz@fnordicwalking.de>
2017-02-01 22:37:04 +01:00
Nikolay Amiantov
c34cfa21d4
Merge pull request #22343 from abbradar/dbus-etc
...
dbus service: use /etc/dbus-1 for configuration
2017-02-01 23:00:07 +03:00
Nikolay Amiantov
e0e9fddf56
nfsd service: use upstream systemd units
...
* Use /etc/nfs.conf as the recommended upstream way to configure services.
* Move server options to nfsd module.
2017-02-01 19:47:33 +03:00
Eelco Dolstra
9d6a55aefd
~/.nixpkgs -> ~/.config/nixpkgs
...
The former is still respected as a fallback for config.nix for
backwards compatibility (but not for overlays because they're a new
feature).
2017-02-01 16:07:55 +01:00
Vladimír Čunát
a2e7770b51
Merge branch 'master' into staging
...
There have been some larger security rebuilds on master.
2017-02-01 15:56:35 +01:00
Nikolay Amiantov
72b3746266
dbus service: remove {system,session}.conf from config dir
...
They are already included by dbus from /run/current-system/sw/share/dbus-1.
2017-02-01 15:37:24 +03:00
Nikolay Amiantov
39344a36d3
dbus service: use /etc/dbus-1 for configuration
...
Also use upstream systemd units.
2017-02-01 15:03:22 +03:00
Franz Pletz
f96c3f1844
Merge pull request #22180 from mguentner/offline_ipfs
...
services: ipfs: separate system units, add offline mode
2017-02-01 03:41:31 +01:00
Nikolay Amiantov
876a6d7f03
rpcbind service: use upstream systemd unit
2017-02-01 02:45:19 +03:00
Peter Simons
10349e72b9
nixos: drop unused 'haskellPackages' option from ihaskell service
...
Closes https://github.com/NixOS/nixpkgs/issues/19039 .
2017-01-31 22:38:01 +01:00
Damien Cassou
58dc8e3024
Remove myself from maintainers
2017-01-31 11:00:14 +01:00
Vladimír Čunát
01751a9447
Merge #22309 : vim: allow building with gtk3
2017-01-31 09:41:24 +01:00
Aneesh Agrawal
68b4a1f669
nixos: Respect nixpkgs.overlays ( #22221 )
2017-01-31 09:38:02 +01:00
Benjamin Staffin
e01c15d433
nixos: if gnome3 is installed, build gvim for gtk3 too
2017-01-31 02:36:35 -05:00
Nikolay Amiantov
8d379ddfef
opengl service: use option for XDG_DATA_DIRS
2017-01-31 04:38:09 +03:00
Nikolay Amiantov
98b0195dde
video services: don't install OpenCL files to /etc
...
They shouldn't be needed now that we search them in /run/opengl-driver.
2017-01-31 03:36:25 +03:00
Edward Tjörnhammar
b08524bf01
nixos: nylon, use named instances
2017-01-30 20:32:06 +01:00
Parnell Springmeyer
128bdac94f
Conditionally logging debug messages based on the WRAPPER_DEBUG env var being set (or not)
2017-01-30 12:59:29 -06:00
Parnell Springmeyer
d8ecd5eb0d
Switching to individually generated derivations
2017-01-30 12:26:56 -06:00
Vladimír Čunát
9cd2dbc569
Merge branch 'master' into staging
...
Hopefully this will fix the mass abortion on Hydra;
restarting the jobs didn't help.
2017-01-30 18:39:36 +01:00
Vaibhav Sagar
63f609b1a4
ihaskell: remove service configuration. ( #22268 )
...
See #22047 . This change should be reverted after IHaskell has been
updated to support GHC 8.
2017-01-30 08:38:42 +01:00
Parnell Springmeyer
264db4e309
Set merge + mkIf always surprises me
2017-01-29 17:10:32 -06:00
Parnell Springmeyer
f2f3f1479e
Derp, wrong path name
2017-01-29 16:54:27 -06:00
Parnell Springmeyer
0f728de67e
More migration cleanup + todos for cleanup
2017-01-29 16:52:23 -06:00
Parnell Springmeyer
4856b42ab6
Gotta provide sane defaults! This is what I get for 5AM coding
2017-01-29 16:47:14 -06:00
Parnell Springmeyer
9abe7528e4
Switching locate over to new wrapper API
2017-01-29 11:27:08 -06:00
Edward Tjörnhammar
e324c02aa5
nixos: i2pd, follow redirect
2017-01-29 18:00:58 +01:00
Parnell Springmeyer
6777e6f812
Merging with upstream
2017-01-29 05:54:01 -06:00
Parnell Springmeyer
c5f1f9a3b5
More mistake fixes
2017-01-29 05:45:43 -06:00
Parnell Springmeyer
9f82c9903d
More fixes
2017-01-29 05:44:29 -06:00
Parnell Springmeyer
cfe4351c33
I'm clearly very tired
2017-01-29 05:39:54 -06:00
Parnell Springmeyer
3215bcf445
Beebooboop
2017-01-29 05:39:18 -06:00
Parnell Springmeyer
a3e9d77640
More derp? It's 5am...
2017-01-29 05:36:47 -06:00
Parnell Springmeyer
1cc500ea8e
Syntax wibble
2017-01-29 05:34:50 -06:00
Parnell Springmeyer
628e6a83d0
More derp
2017-01-29 05:33:56 -06:00
Nicolas B. Pierron
82bcfef109
Make services.xserver.xkbDir conflict free when overriden.
2017-01-29 12:24:31 +01:00
Parnell Springmeyer
70b8167d4a
A few more tweaks
2017-01-29 05:05:30 -06:00
Parnell Springmeyer
4aa0923009
Getting rid of the var indirection and using a bin path instead
2017-01-29 04:11:01 -06:00
Parnell Springmeyer
a8cb2afa98
Fixing a bunch of issues
2017-01-29 01:58:12 -06:00
Parnell Springmeyer
af3b9a3d46
More wibbles?
2017-01-29 01:41:39 -06:00
Parnell Springmeyer
48564d1ae5
Another wibble
2017-01-29 01:31:33 -06:00
Parnell Springmeyer
5077699605
Derp derp
2017-01-29 01:27:11 -06:00
Parnell Springmeyer
0707a3eaa2
Qualify with lib
2017-01-29 01:23:10 -06:00
Parnell Springmeyer
8e159b9d1e
Qualify mkOption with lib
2017-01-29 01:22:47 -06:00
Parnell Springmeyer
70ec24093c
Removing dead code
2017-01-29 01:22:19 -06:00
Parnell Springmeyer
82de4c0fad
setcap-wrapper: Syntax wibble
2017-01-29 01:20:02 -06:00
Parnell Springmeyer
7680a40a37
setcap-wrapper: Syntax wibble
2017-01-29 01:16:04 -06:00
Parnell Springmeyer
2f113ee90a
setcap-wrapper: Minor refactor
2017-01-29 01:08:36 -06:00
Parnell Springmeyer
3fe7b1a4c9
setcap-wrapper: Addressing more PR feedback, unifying drvs, and cleaning up a bit
2017-01-29 01:07:12 -06:00
Parnell Springmeyer
e92b8402b0
Addressing PR feedback
2017-01-28 20:48:03 -08:00
Tuomas Tynkkynen
424cfe7686
Merge remote-tracking branch 'upstream/master' into staging
2017-01-29 02:16:29 +02:00
Joachim F
ac1e65c302
Merge pull request #22230 from michaelpj/services/arbtt-fix-wanted-by
...
arbtt: multi-user.target does not exist in user systemd
2017-01-29 00:37:17 +01:00
Michael Peyton Jones
46c0da1818
arbtt: multi-user.target does not exist in user systemd
2017-01-28 14:29:19 +00:00
Joachim Fasting
6303d2b0ca
nixos: add sysstat to module list
...
The service itself was added in d3d7f43f76
2017-01-28 12:27:34 +01:00
Franz Pletz
ae3fc70ede
Merge pull request #22124 from mayflower/feature/frab
...
frab: init at 2016-12-28 & module
2017-01-27 17:15:05 +01:00
Dan Peebles
ced27b2966
fluentd module: add configurable package option
2017-01-27 15:08:23 +00:00
Robin Gloster
8a104aa085
nixos/release-small.nix: cleanup to use default versions
...
It makes more sense to test the packages, that probably more people are
using.
2017-01-27 15:33:54 +01:00
Robin Gloster
8769ddc823
apacheHttpd_2_2: remove
2017-01-27 15:33:54 +01:00
Guillaume Maudoux
29667f639c
dbus: catch new services without reboot ( #20871 )
...
DBus daemon now loads its config from /run/current-system/dbus.
Reloading the daemon makes it re-read that file and catch the updates
after a system upgrade.
2017-01-27 14:46:13 +01:00
Frederik Rietdijk
46b1ea260a
pythonPackages.ansible2: move 2.2 to separate file, make default
...
`pythonPackages.ansible_2_2` is now the default `ansible`.
2017-01-27 10:15:31 +01:00
Tuomas Tynkkynen
be0e48e48f
Merge remote-tracking branch 'upstream/master' into staging
2017-01-27 02:18:44 +02:00
Maximilian Güntner
123dd9f4e7
services: ipfs: separate system units, add offline mode
...
Offline mode: When adding a lot of data, start this service.
It will will not flood the DHT since it only exposes the API.
When you are done simply reverse the process.
2017-01-27 00:27:50 +01:00
Mike Cooper
18eff26dd9
Fix typo in pulseaudio.nix
2017-01-26 20:52:33 +01:00
Parnell Springmeyer
9de070e620
Setuid wrapper should not be constrained to a specific linux kernel version
2017-01-26 09:39:37 -08:00
Parnell Springmeyer
01e6b82f3f
Removing dead code
2017-01-26 09:20:15 -08:00
Robin Gloster
a38f1911d3
systemd: 231 -> 232
...
Includes adding some more upstream units and removing obsolete (-.slice) ones.
2017-01-26 17:52:52 +01:00
Tuomas Tynkkynen
e2a2f6d595
Merge pull request #22117 from dezgeg/aarch64-for-merge
...
Aarch64 (ARM64) support
2017-01-26 17:52:28 +02:00
Gregor Kleen
06211e700b
locate: build in correct dbpath
2017-01-26 12:57:03 +01:00
Gregor Kleen
cc1ebd1db4
locate: enhance mlocate support
2017-01-26 12:57:02 +01:00
Gregor Kleen
114e738e41
locate: better mlocate support & cleanup
2017-01-26 12:56:53 +01:00
Parnell Springmeyer
189a0c2579
Wrap with quotes as-per GCC's recommendation
2017-01-26 02:07:36 -08:00
Parnell Springmeyer
c30cf645f8
Make setting of the wrapper macros a compile-time error
2017-01-26 02:06:24 -08:00
Parnell Springmeyer
a26a796d5c
Merging against master - updating smokingpig, rebase was going to be messy
2017-01-26 02:00:04 -08:00
Parnell Springmeyer
ad8fde5e5d
Andddd more derp
2017-01-26 01:33:25 -08:00
Parnell Springmeyer
ce36b58e21
Derp
2017-01-26 01:31:49 -08:00
Parnell Springmeyer
f64b06a3e0
Hmmm
2017-01-26 01:13:19 -08:00
Parnell Springmeyer
fd974085bf
It's clearly quite late
2017-01-26 01:04:12 -08:00
Parnell Springmeyer
61fe8de40c
Silly, should just have one activation script
2017-01-26 01:03:18 -08:00
Parnell Springmeyer
48a0c5a3a7
More fixing
2017-01-26 01:00:46 -08:00
Parnell Springmeyer
21368c4c67
Hmm, unnecessary
2017-01-26 00:58:44 -08:00
Parnell Springmeyer
a4f905afc2
Enhhh I think compile time macros are gross
2017-01-26 00:41:00 -08:00
Parnell Springmeyer
785684f6c2
Ahhh, my compile-time macros confused me...of course they did...
2017-01-26 00:39:17 -08:00
Parnell Springmeyer
1ad541171e
Hmm
2017-01-26 00:36:35 -08:00
Parnell Springmeyer
e8bec4c75f
Implicit declared function...
2017-01-26 00:35:01 -08:00
Parnell Springmeyer
a20e65724b
Fixing
2017-01-26 00:32:59 -08:00
Parnell Springmeyer
025555d7f1
More fixes and improvements
2017-01-26 00:05:40 -08:00
Robin Gloster
5de731c853
tests.bittorrent: use a file instead of a directory
...
nixUnstable.src is a directory, which made cp fail without -r
2017-01-26 02:44:05 +01:00
Franz Pletz
fbf762e0b7
frab module: init
2017-01-25 23:58:21 +01:00
Robin Gloster
117e5547d1
Merge pull request #21311 from makefu/services/logstash
...
services.logstash: default options, examples and address update
2017-01-25 22:11:40 +01:00
aszlig
d01b9493c9
nixos/doc/installing: Fix typo in <literal/>
...
The tag wasn't properly closed which caused the manual build to fail.
Tested with: nix-build nixos/release.nix -A manual.x86_64-linux
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2017-01-25 21:40:07 +01:00
Shaun Sharples
462ef74442
factorio: remove autosave-interval from command-line options
2017-01-25 21:39:37 +01:00
Shaun Sharples
7f358917ee
factorio: settings moved from command-line options to server-settings.json
2017-01-25 21:39:37 +01:00
Pascal Bach
a6968ad43c
installing: document how to activate SSH during installation
2017-01-25 21:09:31 +01:00
Pascal Bach
01fd86723c
install-device: correct command to start sshd
2017-01-25 21:09:31 +01:00
Pascal Bach
03ef04f0a4
install-device: permit root login with password
...
Allow password login to the installation this allows doing remote installation
via SSH. All that need to be done on the local machine is:
1. Boot from the installation media
2. Set a password with passwd
3. Enable SSH with systemctl start sshd
It is safe as root doesn't have a password by default
and SSH is disabled by default.
Fixes #20718
2017-01-25 21:09:31 +01:00
Parnell Springmeyer
bae00e8aa8
setcap-wrapper: Merging with upstream master and resolving conflicts
2017-01-25 11:08:05 -08:00
Franz Pletz
516760a6fb
nixos/acme: add random delay to timer
...
This way we behave like good citizens and won't overload Let's Encrypt
with lots of cert renewal requests at the same time.
2017-01-25 19:15:04 +01:00
Vladimír Čunát
278bbe3b33
add kresd service with basic options
...
Still celebrating today's 1.2.0 release!
2017-01-25 18:46:28 +01:00
Robin Gloster
b79fa22b7a
tests.installer: rely on swap.target in tests
...
fixes #5258
2017-01-25 17:00:13 +01:00
Bob van der Linden
d9987f360a
nginx: added serverName option for virtualHosts
...
This allows overriding the `server_name` attribute of virtual
hosts. By doing so it is possible to have multiple virtualHost
definitions that share the same `server_name`. This is useful in
particular when you need a HTTP as well as a HTTPS virtualhost: same
server_name, different port.
2017-01-25 14:55:55 +01:00
Franz Pletz
b9b95aa4d4
Merge pull request #22034 from mayflower/conntrack-helpers
...
Disable conntrack helper autoloading by default
2017-01-25 14:18:41 +01:00
Tuomas Tynkkynen
32643dc07d
installer: sd-image-*.nix: Document how to build them
2017-01-25 15:07:37 +02:00
Daniel Peebles
95add2c2f7
Merge pull request #22103 from copumpkin/automatic-kafka-broker-id
...
apache-kafka service: change default brokerId to -1
2017-01-24 22:17:03 -05:00
Tuomas Tynkkynen
0e4c1bfb43
installer: Add SD image expression for Aarch64
...
This one works on the Raspberry Pi 3 so far.
2017-01-25 02:14:47 +02:00
Tuomas Tynkkynen
b29ee6c8ff
U-Boot: Add 64-bit Raspberry Pi 3 build
...
And rename the old ubootRaspberryPi3 to ubootRaspberryPi3_32bit.
2017-01-25 02:14:47 +02:00
Franz Pletz
8d5a4c53b8
nixos/release-notes: document conntrack helper changes
2017-01-25 01:14:05 +01:00
Franz Pletz
2d9152d509
nixos/tests/nat: add test for conntrack helper autoloading
2017-01-25 01:14:05 +01:00
Franz Pletz
8322a12ef2
firewall: disable conntrack helper autoloading by default
...
This was disabled in the Linux kernel since 4.7 and poses a security risk
if not configured properly.
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=486dcf43da7815baa615822f3e46883ccca5400f
2017-01-25 01:14:04 +01:00
Franz Pletz
403fdd737e
linux: remove canDisableNetfilterConntrackHelpers feature
...
This feature is available in all kernels in nixpkgs.
2017-01-25 00:28:55 +01:00
John Ericson
5ad696b067
Merge pull request #22107 from Ericson2314/cross-tepid
...
Somewhat saner cross-compiling through bootstrapping
2017-01-24 15:09:56 -05:00
Thomas Tuegel
54df142672
nixos/kde5: use kimpanel with IBus by default
2017-01-24 12:55:06 -06:00
Thomas Tuegel
e38970c60b
nixos/ibus: fix custom panel example
...
The example was missing a `''`, so it did not appear correctly in the
manual. This also caused the manual to retain references inappropriately.
2017-01-24 12:52:39 -06:00
Michael Raskin
ae4f2fd145
Merge pull request #22066 from mbrgm/journalbeat
...
journalbeat service: init at 5.1.2
2017-01-24 17:56:48 +00:00
Michael Raskin
7516dbe35e
Merge pull request #22045 from rnhmjoj/recursor
...
PowerDNS Recursor: add package and service
2017-01-24 17:54:47 +00:00
Michael Raskin
47661c831e
Merge pull request #22028 from MostAwesomeDude/tahoe
...
Tahoe-LAFS version bump
2017-01-24 17:49:00 +00:00
Dan Peebles
eebee95176
apache-kafka service: change default brokerId to -1
...
A default of 0 means that if you deploy two NixOS boxes with the default
configuration, the second will fail because the brokerId was already in
use. Using -1 instead tells it to pick one automatically at first start.
2017-01-24 12:32:22 -05:00
John Ericson
7dc4e43837
nixos doc: Mention cross overhaul in 17.03 release notes
2017-01-24 11:37:56 -05:00
Kai
25d86bdd10
vnstat service: init ( #19809 )
2017-01-24 14:45:01 +01:00
Tristan Helmich
b3b300b6ff
smokeping: setuid for fping6
2017-01-24 12:40:21 +01:00
Vladimír Čunát
fd26ad6f76
nixos programs.man.enable: improve description
2017-01-24 09:59:54 +01:00
Corbin
de4c9e0d15
nixos/services/tahoe: Work around awkward command.
2017-01-23 17:55:41 -08:00
Tuomas Tynkkynen
b63f97c6e6
installer: Include stdenvNoCC
...
And don't include ArchiveCpio as that one is no longer needed after
5a8147479
("make-initrd: create reproducible initrds").
2017-01-23 23:49:18 +02:00
Marius Bergmann
00444cbf25
journalbeat service: init at 5.1.2
...
Journalbeat is a log shipper from systemd/journald to
Logstash/Elasticsearch. I added a package as well as a NixOS service
module for it.
2017-01-23 18:28:55 +01:00
rnhmjoj
6bcf89f217
pdns-recursor: add service
2017-01-23 17:57:48 +01:00
Jaka Hudoklin
90e0ed32ef
Merge pull request #22043 from rnhmjoj/dnscrypt-wrapper
...
dnscrypt-wrapper: add service
2017-01-23 11:23:28 +01:00
rnhmjoj
9f2bb2ed42
dnscrypt-wrapper: add service
2017-01-23 07:06:07 +01:00
Robert Helgesson
cd9f709582
flannel service: fix enable expression
...
Need to surround the equality check in parentheses.
2017-01-22 21:58:39 +01:00
Franz Pletz
df0301f59b
nixos/networkmanager: trigger assertion instead of error
2017-01-22 20:32:24 +01:00
Charles Strahan
d298a961f1
Merge pull request #21416 from cstrahan/mesos-1.1.0
...
mesos: 1.0.1 -> 1.1.0
2017-01-21 19:05:18 -05:00
Charles Strahan
5b1b089de3
Merge pull request #8642 from cstrahan/slim-console-cmd
...
nixos: provide default console_cmd for slim
2017-01-21 19:01:02 -05:00
Charles Strahan
71f92bc8a3
nixos: provide default console_cmd for slim
...
This provides a default console_cmd for the slim display-manager.
When the user enters "console" as the user name, slim will run this
command.
Having a default is rather important; the virtual terminals don't work
with some display drivers, so having a broken X session can leave you
locked out of your machine.
2017-01-21 18:59:28 -05:00
Franz Pletz
ab90eac835
networking: fix typo in resolvconf option edns0
2017-01-21 20:41:11 +01:00
Daiderd Jordan
1aa77d0519
Merge pull request #19363 from schneefux/gogs-module
...
gogs: init module
2017-01-21 16:25:16 +01:00
Franz Pletz
068dad3a21
systemd-boot: fix evaluation
2017-01-21 14:42:10 +01:00
Linus Heckemann
98bd722d1d
systemd-boot: allow setting editor security option ( #21853 )
2017-01-21 14:24:26 +01:00
schneefux
67c4512060
gogs service: init
2017-01-21 13:38:24 +01:00
Thomas Tuegel
1e266dac0d
ibus: make panel configurable
2017-01-20 18:51:29 -06:00
Daiderd Jordan
2b2b0b566d
Merge pull request #20183 from womfoo/init/netdata-service
...
netdata service: init
2017-01-20 21:05:10 +01:00
Nikolay Amiantov
d75a3cfb29
Merge pull request #21995 from abbradar/opencl
...
Fix OpenCL support
2017-01-20 12:09:17 +03:00
Graham Christensen
c0f3b8d629
wordpress: 4.6.1 -> 4.7.1 for multiple CVEs
...
CVE-2017-5487 CVE-2017-5488 CVE-2017-5489 CVE-2017-5490 CVE-2017-5491 CVE-2017-5492 CVE-2017-5493
2017-01-19 22:53:49 -05:00
Nikolay Amiantov
221685aee9
opengl service: mention that you can add OpenCL drivers
2017-01-20 03:37:51 +03:00
Bjørn Forsman
6a52a130de
nixos/kde5: enable system-config-printer dbus service
...
Without it, the following error is shown in the "Add Printer" window:
Failed to group devices: 'The name org.fedoraproject.Config.Printing was not provided by any .service files'
2017-01-18 20:39:17 +01:00
Robin Gloster
f4f4200d9a
install-devices: add vim
...
This moves vim to the install-device profile to add vim to netboot, too.
Fixes #20013 (see discussion there for further information)
2017-01-18 17:57:31 +01:00
Michael Weiss
460b43dbfe
firewall: Improve the comments (documentation) ( #21862 )
...
* Fix the FW names
FW_REFUSE was removed and nixos-fw-input was renamed to nixos-fw.
* Update the comment (documentation) at the top
Order the chains of the main table alphabetically (like in the rest of
the file) and add nixos-fw-rpfilter (from the raw table) and nixos-drop
(used while reloading the firewall).
* Refactor the module (mainly comments)
- Move some attributes to the top for better visibility (that should
hopefully make it easier to read and understand this module without
jumping around too much).
- Add some missing examples and improve some descriptions.
- Reorder the mkOption attributes for consistency.
- Wrap lines at 72 characters.
- Use two spaces between sentences.
2017-01-18 17:18:11 +01:00
Eelco Dolstra
42a7d906d9
EC2 AMIs: 16.09.666.3738950 -> 16.09.1508.3909827
...
In particular, this includes a fix for using ephemeral disks for /tmp,
and adds AMIs for the new eu-west-2 (London) and us-east-2 (Ohio)
regions.
2017-01-18 12:42:39 +01:00
gnidorah
4a662e5206
nano: add nix syntax hightlight, nano module: provide default ( #21912 )
...
this is awesome! thanks.
2017-01-18 12:05:30 +01:00
Jörg Thalheim
8fa8e4ada9
Merge pull request #21961 from kierdavis/ckb
...
ckb: add to module list
2017-01-18 08:32:02 +01:00
Kier Davis
3aa218edbf
ckb: add to module list
...
Not the first time I've forgotten to do this.
2017-01-17 23:12:21 +00:00
Nicolas B. Pierron
0214d94b24
Remove extra "in" keyword from the release notes about overlays.
...
Thanks to @teh for reporting this issue on the pull request.
2017-01-17 21:24:44 +00:00
Eelco Dolstra
4e516363a8
Create AMIs for eu-west-2 (London)
2017-01-17 21:44:01 +01:00
Svein Ove Aas
fec95a40f1
ddclient: Don't include blank server= lines.
2017-01-16 18:54:49 +01:00
Tristan Helmich
e5f353d5cd
couchpotato module: init
2017-01-16 12:54:43 +01:00
Jörg Thalheim
28093e42ec
Merge pull request #21864 from pjones/pjones/dovecot
...
dovecot: Fix sieve scripts
2017-01-16 12:42:06 +01:00
Nicolas B. Pierron
8366525cbf
Fix release-notes compilation.
2017-01-16 01:17:33 +01:00