Commit Graph

7397 Commits

Author SHA1 Message Date
Peter Hoeg
69d8b81b4b sshguard: make it run 2017-10-14 14:38:04 +08:00
Peter Hoeg
3571163858 display-manager: systemd-udev-settle serves no purpose 2017-10-14 14:38:04 +08:00
Peter Hoeg
8f21e089a8 networkd: only wait for network to be online if configured to do so 2017-10-14 14:38:04 +08:00
Peter Hoeg
8758f476b3 networking: add option to toggle the wait-online service 2017-10-14 14:38:04 +08:00
Peter Hoeg
0944d44f1b hyperv-daemons: add nixos module 2017-10-14 14:38:04 +08:00
Peter Hoeg
41306ca505 smartd: set drive timeout 2017-10-14 14:38:04 +08:00
Peter Hoeg
1917e69b54 dnsmasq nixos: make sure it always runs
By default we only restart if the dnsmasq daemon fails but we introduce an
option to always keep it running.
2017-10-14 14:38:04 +08:00
Peter Hoeg
65b73d71cb ssh: deprecate use of old DSA keys
They are not safe and shouldn't be used.
2017-10-14 14:38:04 +08:00
Jörg Thalheim
b90f50862f Merge pull request #30324 from florianjacob/firewall-clarify-logging
nixos/firewall: Rename misleading rejected to refused in logging
2017-10-13 20:25:21 +01:00
Dan Peebles
56e18c50cc Revert "Simple proof of concept for how to do other types of services"
This reverts commit 7c3253e519.

I included this in another push by accident and never intended for it to
be in mainline. See https://github.com/NixOS/nixpkgs/pull/26075 if you
want more.
2017-10-13 09:17:13 -04:00
Franz Pletz
5ec10da86b Merge pull request #30356 from bflyblue/plex-1.9.5
plex: 1.9.2 -> 1.9.5
2017-10-13 13:10:58 +02:00
Franz Pletz
c6218193dd Merge pull request #30364 from Ma27/compton/opacity-rules-support
services.compton: add `opacityRules` option
2017-10-13 13:09:53 +02:00
Yegor Timoshenko
22505d8df4 connman: do not restart after suspend 2017-10-13 13:05:02 +02:00
Matt McHenry
bbec429f7a djbdns: fix root server list at build time
as suggested by @peterhoeg in
1b7e5eaa79 (commitcomment-24560631)

fixes #30379
2017-10-13 10:29:12 +01:00
Profpatsch
2864bc8fd9 Revert "desktop-managers: do not leak feh to PATH" 2017-10-13 10:48:07 +02:00
Peter Hoeg
f7ba92bfa3 Merge pull request #30286 from yegortimoshenko/patch-2
desktop-managers: do not leak feh to PATH
2017-10-13 11:13:21 +08:00
Peter Hoeg
829730d38f nixos user: reserve kodi 2017-10-13 10:34:27 +08:00
Maximilian Bosch
4b50d543bd
services.compton: add opacityRules option 2017-10-12 21:14:01 +02:00
Shaun Sharples
caee93f3d4 Fix warning about unknown escape sequences
systemd warns about:

Ignoring unknown escape sequences: "/nix/store/8f0l1w9g7iv2gz63xzsxfl66ri1cfbkl-plex-1.9.5.4339/usr/lib/plexmediaserver/Plex\ Media\ Server

From a discussion on the forums it seems the 'sh -c' is not needed:

https://forums.plex.tv/discussion/216757/ubuntu-16-04-executable-path-contains-special-characters-error-with-systemd
2017-10-12 19:44:58 +02:00
Franz Pletz
e13d0c3435 Merge pull request #30172 from mayflower/cleanup/firmware-modules
nixos: clean up wifi firmware & default kernel modules
2017-10-12 16:32:01 +02:00
Patrick Chilton
e3675fedc7 mate-power-manager: init at 1.18.0 2017-10-12 08:22:21 +02:00
Peter Hoeg
c640e790d5 pykms: nixos module 2017-10-12 08:51:34 +08:00
aszlig
829566a23d
nixos/docker-containers: Fix submodule usage
The submodule of the "docker-containers" option isn't recognized as a
proper submodule and thus neither properly type-checks nor are its
options included in the manual.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2017-10-12 02:07:47 +02:00
Thomas Tuegel
d9aa539340
Merge branch 'phonon-backend-qt5' 2017-10-11 18:35:08 -05:00
Thomas Tuegel
b25deccd1a
nixos/plasma5: install phonon backends for each current Qt version
Fixes #27050, where the phonon backend was not found.
2017-10-11 18:29:43 -05:00
Florian Jacob
847beb558f nixos/firewall: Rename misleading rejected to refused in logging
as that's used as general term for rejected or dropped packets
in the rest of the config.
2017-10-11 20:12:58 +02:00
Jörg Thalheim
659c7484d1 Merge pull request #30312 from florianjacob/locatedb-fix-systemd-path-capabilities
locatedb: fix startup fail due to systemd path capabilities
2017-10-11 14:59:13 +01:00
Florian Jacob
70c3f56bdd nixos/locatedb: fix first run when /var/cache doesn't exist
by using systemd-tmpfiles.
Also document what's happening there.
2017-10-11 14:59:18 +02:00
Jörg Thalheim
6b3b708501 Merge pull request #30280 from woffs/speed
nix-daemon: mention speedFactor in example
2017-10-11 11:26:39 +01:00
Florian Jacob
818b161e0a nixos/locatedb: path restriction options were renamed
in systemd 231.
2017-10-11 11:15:29 +02:00
aszlig
f4e742594d
nixos: Fix detection of btrfs root volume
Regression introduced by 801c920e95.

Since then, the btrfsSimple subtest of the installer VM test fails with:

Btrfs did not return a path for the subvolume at /

The reason for this is that the output for "btrfs subvol show" has
changed between version 4.8.2 and 4.13.1.

For example the output of "btrfs subvol show /" in version 4.8.2 was:

/ is toplevel subvolume

In version 4.13.1, the output now is the following and thus the regular
expressions used in nixos-generate-config.pl and install-grub.pl now
match (which results in the error mentioned above):

/
        Name:                   <FS_TREE>
        UUID:                   -
        Parent UUID:            -
        Received UUID:          -
        Creation time:          -
        Subvolume ID:           5
        Generation:             287270
        Gen at creation:        0
        Parent ID:              0
        Top level ID:           0
        Flags:                  -
        Snapshot(s):

In order to fix this I've changed nixos-generate-config.pl and
install-grub.pl, because both use "btrfs subvol show" in a similar vein,
so the regex for parsing the output now doesn't match anymore whenever
the volume path is "/", which should result in the same behaviour as we
had with btrfs-progs version 4.8.2.

Tested against the btrfsSimple, btrfsSubvols and btrfsSubvolDefault
subtests of the installer VM test and they all succeed now.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2017-10-11 04:30:52 +02:00
Yegor Timoshenko
274c9b7587 unbound: fix typo in systemd Before 2017-10-10 20:08:36 +00:00
Bjørn Forsman
d26f8b5e00 nixos/lighttpd: add missing modules to allKnownModules
The output of ./configure shows all modules/plugins, both enabled and
disabled. With this info we can finally build the _complete_ list of
modules. We were missing these:

  mod_authn_gssapi
  mod_authn_ldap
  mod_geoip

(I hit this as I was building lighttpd with ldap support and the NixOS
module said ldap was unsupported, due to these missing entries in
allKnownModules.)
2017-10-10 20:14:38 +02:00
elseym
aeeac71231 mattermost: create role and db with postgres superuser
Recently, the postgres superuser name has changed. Using the configured
and correct username here fixes database initialisation.
2017-10-10 20:08:21 +02:00
WilliButz
5e8d1757ef nixos/xautolock: rewrite and add some options 2017-10-10 19:02:27 +02:00
Yegor Timoshenko
f9415cb621 desktop-managers: do not leak feh to PATH
feh is used to set background image for desktop managers that do not support it directly, however there is no need to include it in PATH.

Fixes #17450.
2017-10-10 15:46:33 +00:00
Frank Doepper
08bf000fe2 nix-daemon: mention speedFactor in example 2017-10-10 15:07:35 +02:00
Eelco Dolstra
9df79de1a1
Enable command-not-found
5a5db609e5 disabled it by default, which
may have been unintentional. mkEnableOption considered harmful.
2017-10-10 12:26:24 +02:00
Eelco Dolstra
ee9a15b323
Set $NIX_DEBUG_INFO_DIRS when environment.enableDebugInfo is enabled
This allows it to co-exist with other debug info directories, such as
the one used by dwarffs
(https://github.com/edolstra/dwarffs/blob/master/module.nix).
2017-10-10 12:04:57 +02:00
Jörg Thalheim
a61304e3cb Merge pull request #30261 from Ekleog/fcron-hardlink
fcron module: fix use with hardlink-optimized store
2017-10-09 23:12:40 +01:00
Léo Gaspard
1afd97aa8f
fcron module: fix use with hardlink-optimized store 2017-10-09 23:44:28 +02:00
WilliButz
7002ca7e1c nixos/zsh-syntax-highlighting: refactor 2017-10-09 23:30:10 +02:00
Benjamin Staffin
b3df084c70 nixos: minor X11 option description improvements (#30035) 2017-10-09 12:07:19 -07:00
Sarah Brofeldt
7b81889394 nixos/config/timezone: Disallow spaces 2017-10-09 20:52:25 +02:00
Shea Levy
f6858e55c2
Reserve uid/gids for kanboard 2017-10-09 07:44:32 -04:00
Joerg Thalheim
e34e28e573 nixos/fcron: service needs fcron in PATH
otherwise fcronsighup is not found.
Set PATH to /run/current-system/sw/bin does not seems to be used by service file anyway.
2017-10-09 11:43:24 +01:00
Tim Steinbach
c643759d41
kbfs: Add package in module 2017-10-08 12:49:58 -04:00
Jörg Thalheim
28db3ad7ae Merge pull request #30216 from bachp/minio-exporter
Minio exporter
2017-10-08 15:09:32 +01:00
Joerg Thalheim
e7e4e0c3b6 nixos/prometheus-minio-exporter: only inherit keys from minio if set 2017-10-08 15:05:25 +01:00
Pascal Bach
8e10a4d862 prometheus-minio-exporter service: default to local minio server if enabled 2017-10-08 15:09:25 +02:00
Jörg Thalheim
eefae49f6d Merge pull request #30183 from Mic92/openafs
openafs-client: don't remove kernel module on stop
2017-10-08 12:13:29 +01:00
Pascal Bach
aad88ddf5b prometheus-minio-exporter service: init version 2017-10-08 12:47:00 +02:00
Bas van Dijk
5b8ff5ed49 graphite: 0.9.15 -> 1.0.2
Fixes: #29961

Also added the option:

  services.graphite.web.extraConfig

for configuring graphite_web.
2017-10-08 03:03:22 +02:00
Jörg Thalheim
b256b2778a Merge pull request #30204 from lheckemann/powertop-fix
powertop module: add kmod to path
2017-10-07 22:06:46 +01:00
Linus Heckemann
fadb906b2f powertop module: add kmod to path
powertop attempt to load some kernel modules like msr by calling
modprobe. This is the counterpart to
88e43eb39b which has the powertop
executable search PATH for modprobe rather than hardcoding /sbin, and
actually adds the directory containing modprobe to its PATH for the
systemd service.
2017-10-07 21:48:50 +01:00
Guillaume Maudoux
15b7e102b6 Safer defaults for immutable znc config (#30155)
* Safer defaults for immutable znc config

I just lost all the options I configured in ZNC, because the mutable config was overwritten.
I accept any suggestions on the way to implement this, but overwriting a mutable config by default seems weird. If we want to do this, we should ensure that ZNC does not allow to edit the config via the webmin when cfg.mutable is false.

* Do not backup old config files.

There seems to be little need for backups if mutable becomes a voluntary opt-out.

* fixup
2017-10-07 16:38:14 +01:00
Graham Christensen
30524ca860 Merge pull request #30171 from NeQuissimus/keybase_modules
keybase/kbfs: Fix modules
2017-10-07 09:51:44 -04:00
Joerg Thalheim
912ec467db openafs-client: don't remove kernel module on stop
Otherwise it cannot re-insert the kernel module after a kernel upgrade
when boot kernel != running kernel.
2017-10-07 10:11:30 +01:00
Tuomas Tynkkynen
e86b78363d nixos/filesystems/ext: Don't try to load ext3 module
This module doesn't exist since v4.3, where the ext3 driver was removed
as ext4.ko can mount ext3 filesystems as well.
2017-10-07 11:01:01 +03:00
Franz Pletz
801c920e95
btrfs-progs: 4.8.2 -> 4.13.1 2017-10-07 04:04:20 +02:00
David Johnson
5b530d4568 oauth2_proxy: default address updated
Go will fail to parse this otherwise.
https://github.com/golang/go/issues/19297
2017-10-06 16:52:22 -07:00
Franz Pletz
3855b7977c
nixos: clean up kernel modules
* the keyboard modules in all-hardware.nix are already defaults of
   boot.initrd.availableKernelModules
 * ide modules, hid_lenovo_tpkbd and scsi_wait_scan have been removed
   because they're not available anymore
 * i8042 was a duplicate (see few lines abowe)
2017-10-07 01:48:03 +02:00
Franz Pletz
3df126dbf7
nixos/modules: clean up wireless firmware options
All available options were just enabling
hardware.enableRedistributableFirmware. There were nix files without
modules which weren't referenced anywhere.
2017-10-07 01:48:02 +02:00
Tim Steinbach
8840eaf223
keybase: Fix modules 2017-10-06 18:49:58 -04:00
michael bishop
0ee6f8612e
dd-agent: fix multiple tags in the config file 2017-10-05 19:33:18 -03:00
Orivej Desh
184f80aeb8 Merge pull request #29781 from rick68/softether
softether: 4.18 -> 4.20
2017-10-05 08:26:23 +00:00
Joerg Thalheim
c2c843adf7 nixos/traefik: guard example path 2017-10-04 14:51:20 +01:00
Joerg Thalheim
a3200348b7 nixos/traefik: owner/group should be changed recursivly 2017-10-04 11:59:38 +01:00
Jörg Thalheim
b8288f137f Merge pull request #29865 from hamhut1066/traefik-module
nixos/traefik create service
2017-10-04 11:53:11 +01:00
Joerg Thalheim
3468c9e5cc nixos/traefik: create /var/lib/traefik with correct permissions 2017-10-04 11:49:42 +01:00
Hamish Hutchings
2e5297217d nixos/traefik create service 2017-10-04 11:26:39 +01:00
Franz Pletz
d6f7e2f6f6 Merge pull request #29942 from elitak/ipfs
Ipfs: prepare for autoMigrate fix
2017-10-04 03:07:25 +02:00
Alexander Foremny
03a5d729ef
nixos/gitlab: fix gitlab service
Fix GitLab service and update documentation. Fixes #30059.
2017-10-04 02:40:07 +02:00
Franz Pletz
eb59961855
Revert "pinentry: make GTK3 the default front-end"
This reverts commit 3f7e3db744.

This broke the gpg-agent user service. See #27468.
2017-10-04 02:16:37 +02:00
Eelco Dolstra
9b3aa19a88
Add NixOS 17.09 AMIs
Fixes #29976.
2017-10-03 16:56:59 +02:00
Jörg Thalheim
0b18fa4f09 Merge pull request #30014 from eqyiel/krb5-fixes
nixos/krb5: complete rewrite
2017-10-03 11:04:58 +01:00
Joerg Thalheim
1406e249b3 krb5: add deprecation date for old configuration 2017-10-03 11:01:05 +01:00
Joachim F
cb3d443787 Merge pull request #29452 from jerith666/pfix-srsd-1709
nixos/pfix-srsd: add module
2017-10-03 00:51:59 +00:00
Bob van der Linden
9d841295f3 gogs: avoid creating symlinks each run 2017-10-02 22:11:46 +02:00
Wei-Ming Yang
7e4e2667ae softether: 4.18 -> 4.20 2017-10-03 01:35:20 +08:00
The-M1k3y
0f2b46cdba nixos/gogs: fixed user creation if non-default user 2017-10-02 15:53:30 +02:00
Graham Christensen
5af263c2af Merge pull request #27468 from jtojnar/fix/pinentry-gnome
pinentry: add GNOME frontend
2017-10-02 07:29:23 -04:00
Jörg Thalheim
2354e0f05a cloud-utils: 0.29 -> 0.30 2017-10-02 09:11:20 +01:00
Ruben Maher
06e15e59f9 nixos/krb5: complete rewrite
The `krb5` service was a bit lacking.

Addresses NixOS/nixpkgs#11268, partially addresses NixOS/nixpkgs#29623.
2017-10-02 14:30:19 +10:30
Pascal Bach
2239dc6234 glusterfs service: fix issues with useRpcbind 2017-10-01 19:39:22 +02:00
Jan Tojnar
3f7e3db744
pinentry: make GTK3 the default front-end
See: https://github.com/NixOS/nixpkgs/issues/18559
2017-10-01 01:40:03 +02:00
Joachim F
74db6fabcb Merge pull request #29868 from nh2/nh2-glusterfs-improvements-for-17.09-master
glusterfs service: a few fixes and improvements
2017-09-30 12:19:19 +00:00
Eric Litak
f46616db5a ipfs: disable autoMigrate option for now 2017-09-29 18:07:55 -07:00
Rok Garbas
748ef34f09 assertion should check for encrypted.label of the defined fileSystem 2017-09-29 19:55:28 +02:00
Joerg Thalheim
44b6a1509d nixos/bcc: init module
Looks trival, but it is easy to make the mistake
to add linuxPackages.bcc to systemPackages,
which breaks if the not the default kernel is used.
2017-09-29 15:18:25 +01:00
Joerg Thalheim
5572062674 nixos/sysdig: init module 2017-09-29 15:01:21 +01:00
Peter Hoeg
963435a462 Merge pull request #29748 from fadenb/security.pam.usb_link_fix
security.pam.usb: fix url
2017-09-29 07:49:10 +08:00
Robin Gloster
57ed9e7e1d
gitlab: 9.5.5 -> 10.0.2 2017-09-28 23:14:31 +02:00
Jörg Thalheim
12ac88af1d Merge pull request #29890 from mbrgm/nullmailer-fix
nixos/nullmailer: fixes and `remotesFile` option
2017-09-28 21:29:37 +01:00
Cray Elliott
d4bdf302a3 nvidia-x11: fix eval error from 4ef82339c9 2017-09-28 13:11:16 -07:00
Tristan Helmich
c6761f8578 security.pam.usb: link to wiki on github.com
pamusb.org no longer serves the intended content.
2017-09-28 16:00:28 +02:00
Robin Gloster
4aeb38e5b9
Revert "kubernetes: fix hashes after dockerTools change"
This reverts commit 9ba024f6d8.
2017-09-28 14:09:49 +02:00
Joerg Thalheim
91eb6cf82c nullmailer: simplify config generation 2017-09-28 11:04:39 +01:00
Marius Bergmann
e741cc4881 nullmailer: add remotesFile option
The current `remotes` option is a string option containing nullmailer remote
definitions. However, those definitions may contain secret credentials and
should therefore not be put world-readable in the nix store.

I added a `remotesFile` option, which allows to specify a path to the remotes
definition file instead. This way, the definitions can be kept outside of the
nix store with more secure file permissions.
2017-09-28 08:52:21 +02:00
Marius Bergmann
02e89de71c nullmailer: use proper description for remotes option 2017-09-28 08:52:21 +02:00