Commit Graph

4350 Commits

Author SHA1 Message Date
Eelco Dolstra
b786b00023 KDE test: Bump kdm start timeout
Hopefully this will fix random failures like
http://hydra.nixos.org/build/36249079.
2016-05-27 11:22:27 +02:00
Joachim Fasting
b24e58a82b
config.fonts.fontdir: use runCommand instead of builderDefs
The primary motivation here is to get rid of builderDefs, but now the
resulting font directory is also linked into /run/current-system/sw,
which fixes #15194.
2016-05-26 22:39:01 +02:00
Vladimír Čunát
81039713fa Merge branch 'master' into staging
... to get the systemd update (rebuilding ~7k jobs).
2016-05-26 16:50:22 +02:00
Alexander Ried
8fbdb40ef0 services.*ntp*: Add time-sync.target to ntp clients (#15714)
See: https://www.freedesktop.org/software/systemd/man/systemd.special.html#time-sync.target
2016-05-26 16:25:36 +02:00
Eelco Dolstra
b37d6d8996 Fix failure to start old containers
The existence of $root/var/lib/private/host-notify as a socket
prevented a bind mount:

  container foo[8083]: Failed to create mount point /var/lib/containers/foo/var/lib/private/host-notify: No such device or address
2016-05-26 16:19:40 +02:00
rnhmjoj
17ec9368cd
fish: 2.2.0 -> 2.3.0 2016-05-26 00:10:22 +02:00
obadz
331fa2feff xsession: fix variable read before set introduced in c99608c 2016-05-25 17:47:36 +01:00
Eelco Dolstra
a7baec7cb1 nixos-generate-config: Emit LUKS configuration for boot device 2016-05-25 18:04:41 +02:00
Eelco Dolstra
c6ab4ab206 nixos-generate-config: Enable strictness 2016-05-25 18:04:34 +02:00
Eelco Dolstra
845c9b50bf boot.initrd.luks.devices: Change into an attribute set
This allows setting options for the same LUKS device in different
modules. For example, the auto-generated hardware-configuration.nix
can contain

  boot.initrd.luks.devices.crypted.device = "/dev/disk/...";

while configuration.nix can add

  boot.initrd.luks.devices.crypted.allowDiscards = true;

Also updated the examples/docs to use /disk/disk/by-uuid instead of
/dev/sda, since we shouldn't promote the use of the latter.
2016-05-25 18:04:21 +02:00
Eelco Dolstra
32bed83b18 Remove boot.loader.grub.timeout and boot.loader.gummiboot.timeout
There is a generic boot.loader.timeout option.
2016-05-25 11:39:17 +02:00
obadz
47950b5353 modules/misc/version.nix: populate nixosRevision based on <nixpkgs/.git> when possible (#15624)
Example:

$ nixos-option system.nixosLabel
Value:
"16.09.git.4643ca1"
2016-05-24 23:34:28 +01:00
Eelco Dolstra
c726773f26 cpufreq: Fix "sh: modprobe: command not found" 2016-05-24 21:48:42 +02:00
Eelco Dolstra
c99608c638 Add an option to write the X session log to the journal
... rather than ~/.xsession-errors. It might make sense to make this
the default, in order to eliminate ad hoc, uncentralised, poorly
discoverable log files.
2016-05-24 21:46:38 +02:00
Eelco Dolstra
d84741a4bf X server: Log to the journal instead of /var/log/X.0.log
This ensures that "journalctl -u display-manager" does what you would
expect in 2016. However, the main reason is to ensure that our VM
tests show the output of the X server.

A slight problem is that with KDE user switching, messages from the
various X servers end up in the same place. However, that's an
improvement over the previous situation, where the second X server
would overwrite the /var/log/X.0.log of the first. (This was caused by
the fact that we were passing a hard-coded value for -logfile.)
2016-05-24 21:45:26 +02:00
Joachim Fasting
e27e0b3d75 Merge pull request #15620 from Cornu/mosquitto
mosquitto service: init
2016-05-24 13:56:06 +02:00
Joachim Fasting
493cae8756
Revert "Merge pull request #15384 from Shados/fix-preshell-terminfo"
This reverts commit 4e9833d9e8, reversing
changes made to 6194e9d801.

Setting TERMINFO prevents ncurses from reading TERMINFO_DIRS.  See
https://github.com/NixOS/nixpkgs/pull/15384#issuecomment-221205596
2016-05-24 11:13:46 +02:00
Hans-Harro Horn
77f2c305b6 mosquitto service: init
Initial Mosquitto MQTT Broker service file.
2016-05-24 10:49:03 +02:00
zimbatm
4d0a421f18 Merge pull request #15646 from vcunat/p/man-db
man-db: make it the default man provider
2016-05-24 09:25:10 +01:00
Markus Mueller
19ee3baa32 ldap module: fix activationScripts declaration 2016-05-23 22:54:15 +02:00
Vladimír Čunát
b9df4311dc man-db: make it the default man provider
For now, leave the old implementation under `man-old` attribute.

Small warning: I had a leftover ~/.nix-profile/man from an old package,
which caused man-db's man prefer it and ignore ~/.nix-profile/share/man.
The PATH->MANPATH code just selects the first match for each PATH item.
2016-05-23 19:53:05 +02:00
Joachim Fasting
0f384e5cf2
dnscrypt-proxy service: update resolver list 2016-05-23 16:44:20 +02:00
Taeradan
77028b1e8d
fail2ban service: add iproute to PATH
iproute is required for blocking via null routes; without it, rules
based on routes.conf will fail.

Closes #15638
2016-05-23 15:57:21 +02:00
Domen Kožar
16535d4a71 setuid-wrappers: remove config.system.path from the closure
The motivation is using sudo in chroot nix builds, a somewhat
special edge case I have and pulling system path into chroot
yields to some very nasty bug like
https://github.com/NixOS/nixpkgs/issues/15581

Previously:

$ cat /var/setuid-wrappers/sudo.real
/nix/store/3sm04dzh0994r86xqxy52jjc0lqnkn65-system-path/bin/sudo

After the change:

$ cat /var/setuid-wrappers/sudo.real
/nix/store/4g9sxbzy8maxf1v217ikp69c0c3q12as-sudo-1.8.15/bin/sudo
2016-05-23 13:47:23 +01:00
Vladimír Čunát
358533dc61 nixos xserver: fix evdev driver with xserver 1.18
... and add its man page.
Now I seem to be running fine with the new server.
2016-05-23 13:02:55 +02:00
Vladimír Čunát
69cc0a7bc5 xf86-input-evdev: split dev output 2016-05-23 13:02:55 +02:00
Eelco Dolstra
0c5ebbd744 Merge pull request #15598 from rnhmjoj/systemd
Remove systemd shell aliases
2016-05-23 10:28:34 +02:00
Vladimír Čunát
05a36304ea nixos ati_unfree: auto-switch xorg to fglrxComat 2016-05-23 10:12:44 +02:00
Vladimír Čunát
0b192a0976 Merge branch 'master' into staging
That's to get mesa rebuild from master, as it's nontrivial.
2016-05-23 09:02:10 +02:00
Joachim Fasting
89d50c4341 Merge pull request #15630 from obadz/opensmtpd
opensmtpd: 5.7.3p2 -> 5.9.2p1
2016-05-23 08:52:42 +02:00
obadz
e69ed2b64b opensmtpd: 5.7.3p2 -> 5.9.2p1 2016-05-23 02:59:20 +01:00
Eelco Dolstra
c7d92f9485 xf86-video-modesetting: Remove
This driver is part of xorg-server now, so we were using an outdated
version.
2016-05-22 23:05:30 +02:00
Joachim Fasting
d6575c96fb
transmission service: robust lib references in apparmor profile 2016-05-22 20:01:29 +02:00
Vladimír Čunát
73f1f5eb39 imagemagick: split dev output to fix #9604
Also fixup references to imagemagick.
2016-05-22 13:41:15 +02:00
Vladimír Čunát
f4eb808554 xf86-input-synaptics: split dev output 2016-05-22 12:10:38 +02:00
Vladimír Čunát
c4661e9643 Merge: make dev output references explicit
This is a rebase of most commits from #14766,
resolving conflicts and a few other evaluation problems.
2016-05-22 12:09:23 +02:00
Arnold Krille
bf0e745597 unbound service: do not initialize root cert
When enableRootTrustAnchor is set to false, there is really no point in
initializing the root key before starting unbound.

Fixes #15605.
2016-05-21 22:27:27 +02:00
rnhmjoj
1d9651e723
Remove systemd shell aliases 2016-05-21 19:25:21 +02:00
Ben Smith
3a1beb6347
redis service: add firewall and VM overcommit options
- Add vm.over_commit setting for background saving
- Add openFirewall setting

Closes #10193
2016-05-21 18:17:36 +02:00
Bjørn Forsman
c7db50e24f Revert "network-manager: multiple outputs"
This reverts commit c25907d072.

I think this commit broke the NixOS service for NetworkManager. At least
with this, and the two previous reverts, everything is back to normal.
(With multiple-outputs split, it would have reduced the closure size by
3 MiB.)
2016-05-21 13:12:44 +02:00
Bjørn Forsman
167272f01d Revert "networkmanager service: fixup"
This reverts commit 7ac1ef05fa.

One of a few reverts needed to unbreak networkmanager NixOS service
since the multiple-output split (to save 3 MiB of closure size).
2016-05-21 13:12:44 +02:00
Bjørn Forsman
d1463ac750 Revert "nixos/networkmanager: fix syntax error"
This reverts commit 2875293615.

One of a few reverts needed to unbreak networkmanager NixOS service
since the multiple-output split (to save 3 MiB of closure size).
2016-05-21 13:12:44 +02:00
Nikolay Amiantov
53b8852498 initrd-ssh service: add assertions for host keys 2016-05-20 23:34:28 +03:00
Joachim Fasting
d12e9c1a30 Merge pull request #15365 from bendlas/fix-gnome-keyring
gnome-keyring: add gcr dependency to service
2016-05-20 15:18:11 +02:00
Domen Kožar
2a3c0ca3d5 command-not-found: disable module until it's fixed again
See https://github.com/NixOS/nixos-channel-scripts/issues/4
2016-05-19 20:02:06 +01:00
Tuomas Tynkkynen
2a73de6e6c treewide: Make explicit that 'dev' output of openssl is used 2016-05-19 10:02:23 +02:00
Tuomas Tynkkynen
f81af4e6f0 treewide: Make explicit that 'dev' output of glib is used 2016-05-19 10:00:35 +02:00
Tuomas Tynkkynen
2132c86c45 nixos/dbus: Reference correct output of 'dbus' 2016-05-18 22:58:00 +03:00
Peter Hoeg
60025e3524 tmux module: add additional variables for configuring tmux
Also wraps the tmux binary, so that sockets are stored under /run
2016-05-18 19:24:03 +08:00
Joachim Fasting
cf5e07ca5b Merge pull request #15471 from telotortium/subsonic
subsonic: change NixOS home directory config
2016-05-18 04:01:32 +02:00
Robert Irelan
cf14dad167 Add script to move /var/subsonic to cfg.home 2016-05-16 14:42:22 -07:00
Robert Irelan
40d4f6df81 Move from ExecStart{,Pre} to systemd.nix attributes 2016-05-16 14:08:32 -07:00
Ricardo Ardissone
6067eddf83 minetest-server module: fix executable path 2016-05-15 18:46:45 -03:00
Joachim Fasting
3ad0276e7e Merge pull request #15435 from mayflower/nzbget_no_config
nzbget: 16.4 -> 17.0-r1686 and nzbget service
2016-05-15 14:05:31 +02:00
Joachim Fasting
fbdb82cc17 Merge pull request #15473 from romildo/fix.xfce4-screenshooter
xfce4: rename application xfce4screenshooter to xfce4-screenshooter
2016-05-15 12:17:32 +02:00
José Romildo Malaquias
44d347aba5 xfce4: rename application xfce4screenshooter to xfce4-screenshooter 2016-05-15 06:56:46 -03:00
Joachim Fasting
b740e046ab
dnscrypt-proxy service: robust lib references in apparmor profile
Use getLib to avoid future problems caused by re-ordering outputs.
2016-05-15 11:55:17 +02:00
Rok Garbas
03b115f8e0 nixos/i3lock-color: added to pam 2016-05-15 07:47:31 +02:00
Robert Irelan
a712d8ff0b subsonic: change NixOS home directory config
Move Subsonic state directory from `/var/subsonic` to
`/var/lib/subsonic`, since the general convention is for each
application to put its state directory there.

Also, automatically set the home directory of the `subsonic` user to the
value of `config.services.subsonic.home`, rather than setting it to a
value hardcoded in the module. This keeps the home directory of the
`subsonic` user and the state directory for the Subsonic application in
sync.
2016-05-14 14:13:30 -07:00
Tuomas Tynkkynen
0561e14c3b bind: Split into multiple outputs
A patch is needed to make bind not print its configure flags on
'named -V'.
2016-05-14 22:12:59 +03:00
Joachim Fasting
4e9833d9e8 Merge pull request #15384 from Shados/fix-preshell-terminfo
nixos: ensure TERMINFO is set before user shells are run
2016-05-14 06:21:25 +02:00
Nikolay Amiantov
cd5dd9f82e udev service: fix packages' paths 2016-05-14 05:12:52 +03:00
Nikolay Amiantov
5c39f28a9f Merge pull request #15024 from abbradar/xfce-no-desktop
xfce service: add noDesktop option
2016-05-14 04:55:27 +03:00
Tristan Helmich
36f8b3cad1 nzbget: 16.4 -> 17.0-r1686 and nzbget service 2016-05-13 18:56:39 +02:00
Franz Pletz
939c80c26f jenkins module: Check for 200 & 403 response codes
The new jenkins version shows a setup wizard on first startup that will
throw a 403 HTTP response code instead of 200.
2016-05-13 17:45:39 +02:00
Vladimír Čunát
3e387c3e00 Merge branch 'staging'
Darwin isn't in a perfect state, in particular its bootstrap tools won't
build which will block nixpkgs channel. But on the whole it seems
acceptable.
2016-05-13 10:14:53 +02:00
Franz Pletz
df8958435e grafana: 2.6.0 -> 3.0.1 (#15395)
* grafana: 2.6.0 -> 3.0.1

* grafana module: Fix anonymous auth & add analytics config
2016-05-13 02:28:24 +02:00
Данило Глинський (Danylo Hlynskyi)
bc2fe9f2cd typo in authorizedKeysFiles 2016-05-12 18:01:17 +03:00
Joachim Fasting
639dcffa0b Merge pull request #15403 from Shados/maintain-teamspeak-server
teamspeak-server package & module maintenance
2016-05-12 13:01:38 +02:00
Alexei Robyn
11b0972544 teamspeak-server module: Create data directory by
leveraging users.users.<user>.createHome instead of a preStart script.
preStart script is still required to ensure proper creation of logging
directory.
2016-05-12 20:49:17 +10:00
Domen Kožar
25e3c091a0 Revert "nixos/nat: Allow nat without an externalInterface"
This reverts commit 431a98b12b.

Breaks nixos tests: http://hydra.nixos.org/build/35538207
2016-05-12 11:04:06 +01:00
Joachim Fasting
1aff127b56 Merge pull request #10988 from Shados/improve-rsnapshot-service
rsnapshot service: Avoid package rebuild, create+use /etc/rsnapshot.conf
2016-05-12 05:24:01 +02:00
Vladimír Čunát
6c2fbfbd77 Merge branch 'master' into staging 2016-05-12 04:53:38 +02:00
Franz Pletz
431a98b12b nixos/nat: Allow nat without an externalInterface 2016-05-12 01:52:13 +02:00
Alexei Robyn
1e2ec5817c rsnapshot module: Enable manual rsnapshot usage with module config. 2016-05-12 09:27:59 +10:00
Alexei Robyn
c90d5eb298 rsnapshot module: Avoid package rebuild, pass config file explicitly. 2016-05-12 09:27:52 +10:00
Nikolay Amiantov
700e2952be Merge pull request #15012 from abbradar/unixodbc
UnixODBC updates
2016-05-11 17:42:33 +03:00
Joachim Fasting
a0e8d542c7 Merge pull request #15377 from womfoo/sniproxy
sniproxy: init at 0.4.0 with dependency udns: init at 0.4
2016-05-11 15:14:33 +02:00
Shea Levy
67d430096f Add kerberos mappings for MIT exchange server 2016-05-11 09:09:24 -04:00
Alexei Robyn
ce7a544b92 nixos: ensure TERMINFO is set before user shells are run 2016-05-11 22:16:38 +10:00
Domen Kožar
ccbcf1b6c2 nixos: require pkgs.which
This properly implements revert in
0729f60697.

We used to have which='type -P' alias, but really it's best to just
rely on which package, only 88K in size.

cc @edolstra
2016-05-11 10:37:46 +01:00
Kranium Gikos Mendoza
356f1bdac8 sniproxy service: init 2016-05-11 13:27:28 +08:00
Herwig Hochleitner
2d280840f8 gnome-keyring: add gcr dependency to service
gcr is used to provide the popup dialog, this fixes gnome-keyring for
non-gnome sessions
2016-05-10 19:53:33 +02:00
Joachim Fasting
d4d7bfe07b
grsecurity: add option to disable chroot caps restriction
The chroot caps restriction disallows chroot'ed processes from running
any command that requires `CAP_SYS_ADMIN`, breaking `nixos-rebuild`. See
e.g., https://github.com/NixOS/nixpkgs/issues/15293

This significantly weakens chroot protections, but to break
nixos-rebuild out of the box is too severe.
2016-05-10 16:17:08 +02:00
Joachim Fasting
e38e3dcdb6
dnscrypt-proxy service: allow user to specify their own resolver list 2016-05-10 07:08:37 +02:00
Joachim Fasting
bd448b7139
dnscrypt-proxy service: use up-to-date dnscrypt-resolvers list
The list of public proxies is updated now and again and it's probably a
good idea to always work from the most recent list, rather than the one
that is shipped with the release.  This can be crucial in case of
resolvers that are revealed to have gone rogue or otherwise have been
compromised.
2016-05-10 07:07:58 +02:00
rnhmjoj
e8fff51947
unclutter: prevent service restarting too soon 2016-05-09 23:28:30 +02:00
Vladimír Čunát
65a9fa8cdc Merge branch 'master' into staging 2016-05-08 21:24:48 +02:00
Joachim Fasting
87a28c9385
transmission service: fix libcap lib output reference
After 7382afac40
2016-05-07 21:48:54 +02:00
Joachim Fasting
c5d1bff2b6
apparmor-suid module: fix libcap lib output reference
After 7382afac40
2016-05-07 21:48:29 +02:00
Joachim Fasting
1d2fcde841
dnscrypt-proxy service: fix libcap output reference
After 7382afac40 shared objects are in
`libcap.lib`
2016-05-07 20:18:27 +02:00
Joachim Fasting
5b90702cd6 Merge pull request #15243 from sindikat/patch-1
update docs for services.dictd.* config options
2016-05-07 16:44:41 +02:00
Nikolay Amiantov
17e4803de7 initrd-ssh service: fix build 2016-05-07 15:38:46 +03:00
Nikolay Amiantov
f7c02f8670 ejabberd service: add image thumbnailing support 2016-05-07 14:31:16 +03:00
Nikolay Amiantov
c99b050af0 Merge commit 'refs/pull/14568/head' of git://github.com/NixOS/nixpkgs into staging 2016-05-07 03:44:06 +03:00
aszlig
67223ee205
nixos/stage-1: Don't kill kernel threads
Unfortunately, pkill doesn't distinguish between kernel and user space
processes, so we need to make sure we don't accidentally kill kernel
threads.

Normally, a kernel thread ignores all signals, but there are a few that
do. A quick grep on the kernel source tree (as of kernel 4.6.0) shows
the following source files which use allow_signal():

  drivers/isdn/mISDN/l1oip_core.c
  drivers/md/md.c
  drivers/misc/mic/cosm/cosm_scif_server.c
  drivers/misc/mic/cosm_client/cosm_scif_client.c
  drivers/net/wireless/broadcom/brcm80211/brcmfmac/sdio.c
  drivers/staging/rtl8188eu/core/rtw_cmd.c
  drivers/staging/rtl8712/rtl8712_cmd.c
  drivers/target/iscsi/iscsi_target.c
  drivers/target/iscsi/iscsi_target_login.c
  drivers/target/iscsi/iscsi_target_nego.c
  drivers/usb/atm/usbatm.c
  drivers/usb/gadget/function/f_mass_storage.c
  fs/jffs2/background.c
  fs/lockd/clntlock.c
  fs/lockd/svc.c
  fs/nfs/nfs4state.c
  fs/nfsd/nfssvc.c

While not all of these are necessarily kthreads and some functionality
may still be unimpeded, it's still quite harmful and can cause
unexpected side-effects, especially because some of these kthreads are
storage-related (which we obviously don't want to kill during bootup).

During discussion at #15226, @dezgeg suggested the following
implementation:

for pid in $(pgrep -v -f '@'); do
    if [ "$(cat /proc/$pid/cmdline)" != "" ]; then
        kill -9 "$pid"
    fi
done

This has a few downsides:

 * User space processes which use an empty string in their command line
   won't be killed.
 * It results in errors during bootup because some shell-related
   processes are already terminated (maybe it's pgrep itself, haven't
   checked).
 * The @ is searched within the full command line, not just at the
   beginning of the string. Of course, we already had this until now, so
   it's not a problem of his implementation.

I posted an alternative implementation which doesn't suffer from the
first point, but even that one wasn't sufficient:

for pid in $(pgrep -v -f '^@'); do
    readlink "/proc/$pid/exe" &> /dev/null || continue
    echo "$pid"
done | xargs kill -9

This one spawns a subshell, which would be included in the processes to
kill and actually kills itself during the process.

So what we have now is even checking whether the shell process itself is
in the list to kill and avoids killing it just to be sure.

Also, we don't spawn a subshell anymore and use /proc/$pid/exe to
distinguish between user space and kernel processes like in the comments
of the following StackOverflow answer:

http://stackoverflow.com/a/12231039

We don't need to take care of terminating processes, because what we
actually want IS to terminate the processes.

The only point where this (and any previous) approach falls short if we
have processes that act like fork bombs, because they might spawn
additional processes between the pgrep and the killing. We can only
address this with process/control groups and this still won't save us
because the root user can escape from that as well.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Fixes: #15226
2016-05-06 16:24:42 +02:00
Lluís Batlle i Rossell
9f6afb7d78 Fixing nfsd service, wait on local-fs.
Otherwise, mountd was started exporting directories before local-fs was ready,
and it failed to start nfsd on missing fs.
2016-05-06 15:03:30 +02:00
Peter Simons
d270604117 nixos: remove redundant services.dovecot2.package option
Instead of using this option, please modify the dovecot package by means of an
override. For example:

  nixpkgs.config.packageOverrides = super: {
    dovecot = super.dovecot.override { withPgSQL = true; };
  };

Closes https://github.com/NixOS/nixpkgs/issues/14097.
2016-05-06 10:10:06 +02:00
zimbatm
3ade1e7d3e Merge branch 'pr/14911' 2016-05-05 21:28:27 +01:00
Joaquim Pedro França Simão
133dc10e5a open-vm-tools: fixes host VMware errors 2016-05-05 21:27:54 +01:00