Commit Graph

7380 Commits

Author SHA1 Message Date
Jörg Thalheim
6b7c5ba535
display-manager: fix argument handling of sddm
previously session type was not correctly set.

fixes #23264
2017-04-18 01:41:17 +02:00
zraexy
c2b56626f1 grub module: fix efiInstallAsRemovable description 2017-04-17 14:45:56 -08:00
John Ericson
37e5e71fdf Merge pull request #24974 from Ericson2314/mapNullable
Introduce `mapNullable` into lib and use it in a few places
2017-04-17 17:12:14 -04:00
John Ericson
85aa5005af Introduce mapNullable into lib and use it in a few places
Also simply some configure flag logic my grep also alerted me too.
2017-04-17 17:04:04 -04:00
makefu
5a5db609e5
command-not-found: add options
add option to disable command-not-found as well as option to define dbPath.
Disabling this may remove the perl dependency for bash/zsh prompts
2017-04-17 16:48:47 +02:00
Daniel Peebles
e9f1d8693a Merge pull request #23026 from copumpkin/nixos-install-wip
Refactor nixos-install to separate out filesystem build logic
2017-04-17 09:50:35 -04:00
Markus Mueller
5042e9d009
network-interfaces-scripted: Add static parameter for default gateway 2017-04-16 22:59:53 +02:00
Jörg Thalheim
002a2b479a Merge pull request #24486 from srp/master
slock needs suid privileges
2017-04-16 21:40:21 +02:00
Christian Kögler
d2e46b9f70 dhcpcd service: clear exit code of exitHook (#24909)
* dhcpcd: clear exit code of exitHook

* dhcpcd: restart ntp server in oneshot in exit-hook
2017-04-16 20:10:44 +02:00
Jörg Thalheim
16f5bc07f8 Merge pull request #24948 from peterhoeg/m/bluetooth
bluetooth: use upstream's recommendation for enabling interfaces
2017-04-16 18:09:51 +02:00
Dan Peebles
d990aa7163 Refactor nixos-install to separate out filesystem build logic
The key distinction I'm drawing is that there's a component that deals
with the store of the machine being built, and another component for
the store building it. The inner part of it assumes nothing from the
builder (doesn't need chroot or root powers) so it can run comfortably
inside a Nix build, as well as nixos-rebuild. I have some upcoming work
that will use that to significantly speed up and streamline image builds
for NixOS, especially on virtualized hosts like EC2, but it's also a
reasonable speedup on native hosts.
2017-04-16 16:09:41 +00:00
Joachim F
2db0cf0897 Merge pull request #24900 from pjones/pjones/plex-service
plex: Don't overwrite primary database on restart
2017-04-16 13:09:26 +01:00
Peter Hoeg
99d4ed5861 bluetooth: use upstream's recommendation for enabling interfaces
bluez no longer recommends spawning "hciconfig <device> up" from a udev rule as
the main bluez daemon now supports automatically enabling power for all devices.

Reference: http://www.bluez.org/release-of-bluez-5-35/
2017-04-16 16:57:11 +08:00
edef
27e750e29b etcd module: fix extraConf manual link 2017-04-16 00:26:23 +02:00
Jörg Thalheim
b9d9083322
powertop: add module 2017-04-15 15:17:02 +02:00
Jaka Hudoklin
a98c26cdc4 Merge pull request #24921 from peterhoeg/f/k8s
kubernetes: fix interpolation error and move services to own target
2017-04-15 10:43:25 +02:00
Peter Jones
5a50b26662
plex: Don't overwrite primary database on restart
This change fixes two major issues:

  1. If you don't use SIGQUIT to stop Plex it will corrupt its own
     database :(

  2. Newer versions of Plex keep metadata in the
     `com.plexapp.plugins.library.db` database.  This is the file that
     we copy into `/var/lib/plex/.skeleton`.  If we copy the empty
     database on top of this one the user will lose their entire
     library metadata.  This change skips the copy if the file
     already exists.
2017-04-14 11:19:29 -07:00
Vladimír Čunát
2090aa4f65
Merge: fixup a bad merge
For details see:
https://github.com/NixOS/nixpkgs/commit/24444513fb5#commitcomment-21767916
2017-04-14 19:11:17 +02:00
Thomas Tuegel
48b5b77bb7 Merge pull request #24813 from benley/nm-openvpn
nixos: Add nm-openvpn to the networkmanager group
2017-04-14 05:44:01 -05:00
Vladimír Čunát
5b3f807597
Merge #24179: openssh: 7.4p1 -> 7.5p1 2017-04-14 12:16:26 +02:00
Vladimír Čunát
da20d0e488
murmur service: fix typos from #24830 2017-04-14 11:05:42 +02:00
Vladimír Čunát
24444513fb
Merge branch 'staging' 2017-04-14 10:32:13 +02:00
Daniel Peebles
09a9a472ee Merge pull request #24830 from mayflower/refactor/boolToString
treewide: use boolToString function
2017-04-13 09:45:31 -04:00
Jörg Thalheim
73c8797d16 gce/create-gce.sh: rewrite using nix-shell shebang and bash (#24869)
* google-cloud-sdk: 150.0.0 -> 151.0.0

- gce/create-gce.sh: rewrite using nix-shell shebang and bash
- allows to run the script without being the same directory
- nix-shell install google-cloud-sdk
- some shellcheck cleanups and scripting best practice
- gce/create-gce.sh: do not clobber NIX_PATH: this allows NIX_PATH to be overwritten to build a different release
- gce/create-gce.sh: remove legacy hydra option
2017-04-13 13:42:28 +02:00
Peter Hoeg
a3ee3b51d7 k8s: use slice and target for kubernetes 2017-04-13 19:32:10 +08:00
Peter Hoeg
bf4be8f1dd k8s: convert int to string to avoid interpolation error 2017-04-13 19:31:43 +08:00
Jörg Thalheim
5ca7e8a69a
fcron: do not chmod at all
fcron does handle permissions on its own correctly
2017-04-13 12:28:19 +02:00
Jörg Thalheim
9223fde9f3 Merge pull request #24843 from mayflower/smokeping_service
smokeping service: restart on-failure
2017-04-13 11:27:28 +02:00
Domen Kožar
635822da82
nixos: escape brackets in systemd units
One day we should just whitelist instead of blacklist chars.

Fixes https://github.com/NixOS/nixops/issues/614
2017-04-12 15:56:26 +02:00
Tristan Helmich
13e9cc15f1 smokeping service: restart on-failure 2017-04-12 15:23:19 +02:00
Bjørn Forsman
d916ce2ef4 nixos/lighttpd: set $HOME for gitweb sub-service
This allows gitweb to expand '~' in /etc/gitconfig. Without a $HOME
variable, it fails to list any projects and instead show the text
"No such projects found" in the UI.

Setting $HOME to the gitweb project root seems like a sensible value.
2017-04-11 22:54:31 +02:00
edanaher
e3559c23c2 acme: Add "domain" option to separate domain from name
Fixes #24731.
2017-04-11 18:28:05 +02:00
Franz Pletz
3ab45f4b36
treewide: use boolToString function 2017-04-11 18:18:53 +02:00
Jörg Thalheim
c84dd4f09e Merge pull request #24526 from miltador/jetbrains
idea: numerous fixes and improvements
2017-04-11 13:56:20 +02:00
Benjamin Staffin
47a5f9acee
nixos: Add nm-openvpn to the networkmanager group
This is to satisfy the polkit restriction limiting
org.freedesktop.NetworkManager.* dbus messages to members of that
group.

Should help with #24806
2017-04-10 22:41:55 -04:00
aszlig
5d5c0d590f
Revert "sddm: Fix test."
This reverts commit 0a6a06346a.

The commit replaced the text to search for from ALICE to BOB, because
our OCR detection only caught "BOB FOOBAR" but missed "ALICE FOOBAR"
completely.

With the improvements to our OCR system this no longer is the case and
the test passes successfully with this reverted.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @shlevy
2017-04-11 03:21:58 +02:00
aszlig
a443bdc0a6
nixos/testing: Improve quality of OCR
First of all, we're now using ImageMagick to improve the screenshot so
that Tesseract has an esier time to recognize the text. The resulting
image of this post-processing is a scaled up black-and-white version
with the backgrounds almost entirely removed and the text edges a bit
blurred, so the screen shots now more or less resemble an image from a
scanner rather. This is what Tesseract is trained for by default.

As mentioned in the previous commit we now also use Tesseract 4, which
further improves the quality of text recognition.

I've spent countless hours just to test different postprocessing
variants and testing what works best for our tests and this is the one
that worked best so far. It's certainly not perfect and I'd like to
avoid the scaling step but we're way better off than before.

In addition to this, the OCR process is now done without an intermediate
file, solely using pipes.

I've tested this using the following VM tests which have OCR enabled:

 * nixos/tests/chromium.nix -A stable
 * nixos/tests/emacs-daemon.nix
 * nixos/tests/installer.nix -A luksroot
 * nixos/tests/lightdm.nix
 * nixos/tests/plasma5.nix
 * nixos/tests/sddm.nix

All of the tests still succeed and comparing some of the recognition
results to the earlier results it now also detects a lot more text than
before this commit.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2017-04-11 03:21:53 +02:00
aszlig
288a79187c
tesseract: Reintroduce enableLanguages
I've removed that attribute in 68bc260ca2,
because the language files no longer were distributed as seperate files,
but if we for example only want to use the English training data, the
closure size of Tesseract gets quite large (around 1.2 GB), which is a
bit much just to be able to run NixOS VM tests.

For this reason I've also switched the VM tests back to using only the
English language.

Tested using the following VM tests (the ones that have OCR enabled) on
x86_64-linux:

 * nixos/tests/chromium.nix -A stable
 * nixos/tests/emacs-daemon.nix
 * nixos/tests/installer.nix -A luksroot
 * nixos/tests/lightdm.nix
 * nixos/tests/plasma5.nix
 * nixos/tests/sddm.nix

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2017-04-11 03:21:26 +02:00
Aneesh Agrawal
769b991be6 openssh: 7.4p1 -> 7.5p1
Release notes are available at https://www.openssh.com/txt/release-7.5.
Mostly a bugfix release, no major backwards-incompatible changes.

Remove deprecated `UsePrivilegeSeparation` option,
which is now mandatory.
2017-04-10 19:39:22 -04:00
Nikolay Amiantov
c8c340b05a tlp service: mask systemd-rfkill
Fixes #24737.
2017-04-11 02:09:29 +03:00
Franz Pletz
f1f9020224
crowd service: fix secure sso cookies
Crowd didn't detect a secure connection before.
2017-04-10 15:39:37 +02:00
Franz Pletz
4f0dd2f746
prometheus service: add scrapeConfigs.params option 2017-04-10 14:31:27 +02:00
Jörg Thalheim
fa4eff9b52 Merge pull request #24360 from clefru/gce-image-shrink-on-master
Shrink GCE bootstrap image to minimum size, and auto-expand it to actual size on first boot.
2017-04-10 12:01:53 +02:00
pngwjpgh
773c456ef4 networkmanager: fix dispatcher scripts (#24507)
networkmanager used `source` to mean `text` and wrote dispatcher scripts with the default mode (0666), which means networkmanager wouldn't call them.
2017-04-09 13:14:04 +01:00
Timofei Kushnir
42e1314727 nixos: remove duplicate wrapperDir PATH addition (#24703) 2017-04-09 13:07:33 +01:00
Bas van Dijk
01a8de97eb avahi-daemon: refactored using some abstraction 2017-04-09 11:18:53 +02:00
Jörg Thalheim
b4820d4948 Merge pull request #24645 from Mic92/stage-2
Stage-2 cleanup
2017-04-08 21:52:22 +02:00
Bas van Dijk
ecf03368f8 bepasty: add secretKeyFile option
This gives users the option to store secrets outside the
world-readable Nix store.
2017-04-08 19:32:19 +02:00
Michael Raskin
861726579b Merge pull request #24008 from phile314/slimserver
slimserver: Init at 7.9.0 (pkg + module)
2017-04-08 17:43:41 +02:00
Jörg Thalheim
cb6d1fdfd9 Merge pull request #24331 from LumiGuide/ssmtp-AuthPassFile
ssmtp: use the authPassFile option instead of authPass
2017-04-08 17:22:26 +02:00
Jörg Thalheim
21e3c2a72f
sstmp: document how to specify port/AuthPassFile 2017-04-08 17:20:18 +02:00
Thomas Tuegel
2214b638a7
nixos/fonts: install gyre-fonts by default
gyre-fonts provides high-quality TrueType substitutes for standard PostScript
fonts. Unlike most other distributions, NixOS does not install Ghostscript and
its Type 1 fonts by default, so we must get the standard fonts elsewhere.
2017-04-08 09:33:21 -05:00
Thomas Tuegel
d0954b5494
nixos/fontconfig-ultimate: Restore presets
The `preset` option was accidentally removed.
2017-04-08 08:22:01 -05:00
Aristid Breitkreuz
4ca22140d9 Merge pull request #24669 from gnidorah/master2
autorandr: 53d29f9 -> 855c18b and module
2017-04-08 12:17:57 +02:00
Sorin Iclanzan
b41dd2fae0 nixos/compton: fixup option descriptions (#24724)
* Fix `fadeExclude` description.
* Fix typo in `shadowExclude`.
2017-04-08 05:04:55 +01:00
Peter Simons
67d735e8df Merge pull request #23409 from florianjacob/avahi-point-to-point-interfaces
avahi-daemon service: Add option to enable point-to-point interfaces.
2017-04-07 12:35:05 +02:00
Tomasz Czyż
e57cf5efd1 Merge branch 'master' into postgresql-tests 2017-04-07 10:28:58 +01:00
Jaka Hudoklin
43880af56f Merge pull request #23135 from ljli/earlyoom-service-init
earlyoom service: init
2017-04-06 23:31:28 +02:00
Alexey Shmalko
b8e71f2969 Merge pull request #24651 from edanaher/add-fvwm-window-manager
fvwm module: init; now fvwm can be used as an xserver.windowManager
2017-04-06 16:29:28 +03:00
0xABAB
58fbf4a44e nixos/filesystems: skip filesystem check for bindfs (#24671)
Bindfs (FUSE) provides a pseudo-filesystem and as such does not benefit from a file system check.
2017-04-06 12:35:25 +01:00
gnidorah
ca733de964 autorandr: 53d29f9 -> 855c18b and module 2017-04-06 13:28:40 +03:00
Shea Levy
0a6a06346a sddm: Fix test.
For whatever reason, the OCR code is not detecting ALICE but is BOB.

OCR output from login screen (blank lines omitted):

> Session none + icewm
> 08:41 <
> Thursday, April 6, 2017
> BOB FOOBAR
> Select your user and enter password
2017-04-06 04:44:47 -04:00
Jörg Thalheim
62c79a1de8
stage-2: shellsheck recommendations 2017-04-05 21:40:57 +02:00
Jörg Thalheim
e3f031b200
stage-2: reduce mkdir commands 2017-04-05 21:40:51 +02:00
Michael Weiss
a6420e13a2 luksroot: Wait for the header (device) to appear
The LUKS header can be on another device (e.g. a USB stick). In my case
it can take up to two seconds until the partition on my USB stick is
available (i.e. the decryption fails without this patch). This will also
remove some redundancy by providing the shell function `wait_target` and
slightly improve the output (one "." per second and a success/failure
indication after 10 seconds instead of always printing "ok").
2017-04-05 20:39:03 +02:00
Evan Danaher
7a38b0858f fvwm module: init; now fvwm can be used as an xserver.windowManager 2017-04-05 11:12:46 -04:00
Jörg Thalheim
a17344c2ad
stage-2: process options as first action
this way `set -x` is set early
2017-04-05 09:05:18 +02:00
Jörg Thalheim
b42af25223
stage-2: replace readonly-mountpoint by findmnt 2017-04-05 09:05:18 +02:00
Jörg Thalheim
a5ad8b4f69
stage-2: simplify exporting path 2017-04-05 09:05:13 +02:00
Profpatsch
a1e6176cbf modules/searx: fix configFile type 2017-04-04 20:40:31 +02:00
Eelco Dolstra
e84d5b23e1
Allow systemd-fsck@.service to find fsck.*
Fixes "fsck.ext4 doesn't exist, not checking file system on ...".
2017-04-04 18:17:05 +02:00
Eelco Dolstra
de51ad6cd1
Don't restart systemd-fsck@ units
Restarting them is useless since the filesystem is already
checked. Worse, restarting them causes the filesystem to be unmounted.

Also remove an override for systemd-rkill@.service which no longer
exists.
2017-04-04 16:40:18 +02:00
Eelco Dolstra
01dbf03628
network-link-*.service: Set stopIfChanged = false
This reduces the time window during which IP addresses are gone during
switch-to-configuration. A complication is that with stopIfChanged =
true, preStop would try to delete the *new* IP addresses rather than
the old one (since the preStop script now runs after the switch to the
new configuration). So we now record the actually configured addresses
in /run/nixos/network/addresses/<interface>. This is more robust in
any case.

Issue https://github.com/NixOS/nixops/issues/640.
2017-04-04 15:13:49 +02:00
Eelco Dolstra
35dbcbb296
Fix eval error due to config.ec2.hvm 2017-04-04 13:49:13 +02:00
Eelco Dolstra
279565c3d6
Revert "Revert "EC2: Disable PV support""
This reverts commit 71710fd099.
2017-04-04 13:03:05 +02:00
Jörg Thalheim
847fdaaddc Merge pull request #24502 from Mic92/rtl8192su-firmware
rtl8192su-firmware: init at unstable-2016-10-05
2017-04-04 12:09:13 +02:00
Jörg Thalheim
71710fd099
Revert "EC2: Disable PV support"
This reverts commit fbe6d23624.

this breaks every non-ec2 (non-hvm) system

cc @edolstra
2017-04-04 12:05:21 +02:00
Carles Pagès
d5a623cb39 Update 17.03 release notes 2017-04-03 22:54:34 +02:00
Piotr Bogdan
c91c3209f3 unclutter: Fix default value of $DISPLAY 2017-04-03 18:41:11 +01:00
Eelco Dolstra
8cc3db6b67
Add 17.03 AMIs 2017-04-03 17:46:34 +02:00
Eelco Dolstra
fbe6d23624
EC2: Disable PV support
Unfortunately, somewhere between 16.09 and 17.03, paravirtualized
instances stopped working. They hang at the pv-grub prompt
("grubdom>"). I tried reverting to a 4.4 kernel, reverting kernel
compression from xz to bzip2 (even though pv-grub is supposed to
support xz), and reverting the only change to initrd generation
(5a8147479e). Nothing worked so I'm
giving up.
2017-04-03 17:46:34 +02:00
Eelco Dolstra
e6faf2a4e6
create-amis.sh: Use pv-grub-hd0_1.05 2017-04-03 17:46:34 +02:00
Thomas Tuegel
bd0163fc34
Merge branch 'fontconfig-penultimate' 2017-04-03 09:31:20 -05:00
Thomas Tuegel
89bfa112cf
fontconfig-penultimate: 0.2.1 -> 0.3.2 2017-04-03 09:26:19 -05:00
Eelco Dolstra
b0d07aa894 Merge pull request #24533 from Zimmi48/patch-1
[doc] improve "getting the sources" chapter
2017-04-03 15:33:32 +02:00
Thomas Tuegel
03942659ca
nixos/fontconfig: remove renderMonoTTFAsBitmap 2017-04-03 08:24:32 -05:00
Thomas Tuegel
21c9190a5f
nixos/fontconfig: remove forceAutohint option 2017-04-03 08:23:32 -05:00
Thomas Tuegel
7a78892c47
nixos/fontconfig: disable autohint by default 2017-04-03 08:22:03 -05:00
Graham Christensen
c7453084ef
docker: test for socket permissions 2017-04-03 09:05:41 -04:00
Alexey Shmalko
fa4fe71105
docker: fix socket permissions
Docker socket is world writable. This means any user on the system is
able to invoke docker command. (Which is equal to having a root access
to the machine.)

This commit makes socket group-writable and owned by docker group.

Inspired by
https://github.com/docker/docker/blob/master/contrib/init/systemd/docker.socket
2017-04-03 09:05:37 -04:00
Shea Levy
3a26d09e15 initrd-ssh: Use initrd secrets for host keys 2017-04-02 16:33:37 -04:00
Shea Levy
b09490a322 systemd-boot: Support initrd secrets 2017-04-02 16:33:37 -04:00
Shea Levy
59c0977300 Add facility to append secrets to the initrd 2017-04-02 16:33:37 -04:00
Tuomas Tynkkynen
affce1e246 nixos hibernate test: Use waitForOpenPort
There was one confusing recent failure of this:

http://cache.nixos.org/log/myla8bc17j8spmifdxmrz9jswxwsf5w6-vm-test-run-hibernate.drv

I don't have any real ideas on what could cause the problem but there is
at least one theoretical one: the system starts hibernating before the
listener process manages to open the TCP port for listening, and it can't
open it after resuming because not enough pages from the netcat binary
have been paged in (and as the 9p filesystem holding it is now toast,
they can't be loaded anymore).
2017-04-02 02:33:21 +03:00
Théo Zimmermann
72070e6dfc doc: improve "getting the sources" chapter 2017-04-01 17:56:29 +02:00
Niklas Hambüchen
ee0f3e7ad9 acme: Use chown -R for challenges directory. Fixes #24529.
Commit 75f131da02 added
`chown 'nginx:nginx' '/var/lib/acme'` to the pre-start script,
but since it doesn't use `chown -R`, it is possible that there
are older existing subdirs (like `acme-challenge`)
that are owned to `root` from before that commit went it.
2017-04-01 15:22:01 +02:00
Vasiliy Solovey
4fc2a86795 rl-notes 17.09: add note about idea -> jetbrains renaming 2017-04-01 12:46:27 +03:00
Eelco Dolstra
80b40fdf03
sshd.nix: Alternative fix for #19589
AFAICT, this issue only occurs when sshd is socket-activated. It turns
out that the preStart script's stdout and stderr are connected to the
socket, not just the main command's. So explicitly connect stderr to
the journal and redirect stdout to stderr.
2017-03-31 16:18:58 +02:00
Eelco Dolstra
4e79b0b075
Revert "sshd: separate key generation into another service"
This reverts commit 1a74eedd07. It
breaks NixOps, which expects that

  rm -f /etc/ssh/ssh_host_ed25519_key*
  systemctl restart sshd
  cat /etc/ssh/ssh_host_ed25519_key.pub

works.
2017-03-31 16:18:58 +02:00
Robin Gloster
cbd6fb1b3a
Release Notes: tracking UIDs/GIDs is in 17.09 2017-03-31 15:51:37 +02:00