Commit Graph

6108 Commits

Author SHA1 Message Date
Renaud 6a5fff3741
Merge pull request from c0bw3b/cleanup/more-https
Treewide: use more HTTPS-enabled sources
2018-11-25 16:22:34 +01:00
Brian Olsen 0d753af661
nixos/rspamd: Allow worker type to be proxy again
When reworking the rspamd workers I disallowed `proxy` as a type and
instead used `rspamd_proxy` which is the correct name for that worker
type. That change breaks peoples existing config and so I have made this
commit which allows `proxy` as a worker type again but makes it behave
as `rspamd_proxy` and prints a warning if you use it.
2018-11-25 16:03:34 +01:00
Franz Pletz c1d760f0bf
Merge pull request from mguentner/mxisd
mxisd: init at 1.2.0 plus service with test
2018-11-25 13:26:05 +00:00
Maximilian Güntner efae5d43ef
modules: add mxisd with test 2018-11-25 14:24:10 +01:00
Craig Younkins eff461c8ef treewide: systemd timeout arguments to use infinity instead of 0 ()
Fixes https://github.com/NixOS/nixpkgs/issues/49700
2018-11-25 13:33:22 +01:00
c0bw3b 5e4ceba7bf nixos/mediawiki: fetch over https 2018-11-24 23:18:26 +01:00
c0bw3b c615b0504b nixos/flashpolicyd: fix url and use https 2018-11-24 23:13:09 +01:00
c0bw3b 434eab9955 nixos/systemhealth: fix url and use https 2018-11-24 23:07:30 +01:00
Joachim F e426613174
Merge pull request from jonasnick/nixos-tor-hiddenservice-version
nixos/tor: add HiddenServiceVersion option
2018-11-24 12:41:37 +00:00
Michael Raskin 5e159d463b
Merge pull request from Ekleog/rss2email-module
rss2email module: init
2018-11-23 22:30:29 +00:00
Jonas Nick 5640aa2814 nixos/tor: add HiddenServiceVersion option 2018-11-23 20:53:02 +00:00
Andreas Rammhold 51c3082119 nixos/prometheus: require one alertmanager configuration parameter
This commit adds an assertion that checks that either `configFile` or
`configuration` is configured for alertmanager. The alertmanager config
can not be an empty attributeset. The check executed with `amtool` fails
before the service even has the chance to start. We should probably not
allow a broken alertmanager configuration anyway.

This also introduces a test for alertmanager configuration that piggy
backs on the existing prometheus tests.
2018-11-23 19:45:17 +01:00
Andreas Rammhold b1032db5a9 nixos/prometheus: check alertmanager configuration 2018-11-23 19:45:17 +01:00
Andreas Rammhold d1ef00ebee nixos/prometheus: add `package` option to alertmanager 2018-11-23 19:45:17 +01:00
Jörg Thalheim d3aeed389c
Merge pull request from blaxill/firewallMerge
nixos/firewall: Always use global firewall.allowed rules
2018-11-23 11:42:16 +00:00
Ben Blaxill 308ab4ea25 Rename back to default and better release notes 2018-11-22 19:24:23 -05:00
Markus Kowalewski 25af518845
nixos/slurm: add extraConfigPaths options 2018-11-22 11:43:05 +01:00
Jörg Thalheim 769735d8a1
netdata: create missing /etc/netdata
Since netdata 1.11.0 updated in https://github.com/NixOS/nixpkgs/pull/50459
it needs to have a /etc/netdata directory, which we did not create by default.
fixes 
2018-11-21 23:00:04 +00:00
Matthew Bauer 75999d4e38
Merge pull request from gmarmstrong/fix/seahorse-update
nixos/seahorse: require gnome3.dconf
2018-11-21 15:15:32 -06:00
Ben Blaxill 32779b4c74 Refactor out the set operations 2018-11-20 21:29:33 -05:00
Markus Kowalewski ae93ed0f0d
nixos/slurm: set slurmd KillMode to process
The default of systemd is to kill the
the whole cgroup of a service. For slurmd
this means that all running jobs get killed
as well whenever the configuration is updated (and activated).

To avoid this behaviour we set "KillMode=process"
to kill only slurmd on reload. This is how
slurm configures the systemd service.

See:
https://bugs.schedmd.com/show_bug.cgi?id=2095#c24
508f866ea1
2018-11-20 22:26:42 +01:00
Samuel Dionne-Riel a041dc8ab7
Merge pull request from delroth/syncthing-relay
syncthing-relay module: init
2018-11-20 01:40:23 +00:00
Richard Marko 3ffda36356 wireguard: don't modprobe if boot.isContainer is set 2018-11-20 01:17:04 +01:00
Linus Heckemann 388d36951c
Merge pull request from pvgoran/mysql-support-mysql57
nixos/mysql: support package=mysql57
2018-11-19 20:49:08 +01:00
Ben Blaxill 551d2f7ed2 nixos/firewall: Always use global firewall.allowed rules
Apply global firewall.allowed* rules separately from the
interface specific rules.
2018-11-18 22:50:01 -05:00
Pierre Bourdon 08f24cadaa syncthing-relay module: init 2018-11-19 01:09:54 +01:00
Renaud 7f84561cc3
Merge pull request from janikrabe/master
oidentd: 2.2.2 -> 2.3.1
2018-11-19 00:31:02 +01:00
Benno Fünfstück 773e8d07bc nixos/accountsservice: set XDG_DATA_DIRS correctly 2018-11-18 17:16:24 +01:00
Pavel Goran 21e9c35f5f nixos/mysql: support package=mysql57 2018-11-18 12:25:36 +07:00
Jörg Thalheim 31d2593ced
netdata: fix python plugins
fixes 
2018-11-17 15:38:15 +00:00
Jörg Thalheim dfd77bc26f
Merge pull request from marsam/feature/netdata-darwin
netdata: 1.10.0 -> 1.11.0
2018-11-17 15:01:06 +00:00
Samuel Dionne-Riel 07eaaf6c8b
Merge pull request from dasJ/mysql-datadir
nixos/mysql: Explicitly set datadir in my.cnf
2018-11-16 19:21:01 +00:00
Jörg Thalheim 348b7b8be9 nixos/netdata: own plugins must the looked up first
Otherwise netdata will not find python modules.
To make sure netdata still pick up our setuid version of apps.plugin
we rename the original executable.
2018-11-16 11:24:27 -05:00
Eelco Dolstra 5835b2796e
Merge pull request from Mic92/nix-cores
nixos/nix-daemon: default to build with all cores available
2018-11-16 09:13:44 +01:00
Jörg Thalheim ced57f7888
nixos/nix-daemon: default to build with all cores available
These days build systems are more robust w.r.t. to concurrency.
Most users will have at least two cores in their machines.
Therefore I suggest to increase the number of cores used for building.

fixes 
2018-11-16 02:05:30 +00:00
Ryan Mulligan 23dfa4e073 nixos/mysql: fix ensureUsers example formatting
closes 
2018-11-15 17:46:09 -08:00
Rafael García Gallego 8bf4fe85f1 selfoss (service): fix port in service config () 2018-11-15 19:22:20 +00:00
Léo Gaspard 0483ce0eee
rss2email module: init
Also adding `system-sendmail` package for sharing the code with other
modules or packages needing it.
2018-11-15 23:44:16 +09:00
Linus Heckemann f73afe6ccf
Merge pull request from mayflower/gitlab-smtp-fix
gitlab: fix smtp setting
2018-11-15 12:13:18 +01:00
Vladimír Čunát e229065842
Merge : xorg: init xf86-video-vboxvideo ...
Based on reports X wouldn't start out of the box and seems OK now.
In case there are still some problems, we can improve later.
I checked that nixos.tests.virtualbox.* still succeed.
2018-11-14 20:34:48 +01:00
Robin Gloster 74df0823f3
gitlab: fix smtp setting
fixes 
2018-11-14 18:58:45 +01:00
Daniel Peebles 9b7c57cdc8
Merge pull request from DzmitrySudnik/exhibitor-service-fix
exhibitor: fix paths for zookeeper shell scripts
2018-11-14 09:32:14 -05:00
Dzmitry Sudnik 5517661935 exhibitor: fix paths for zookeeper shell scripts to point to local folders 2018-11-14 09:30:01 -05:00
Linus Heckemann 231e671758
Merge pull request from nh2/glusterfs-service-simple-unit-no-forking
glusterfs service: Switch to simple unit instead of forking
2018-11-14 12:35:57 +01:00
Samuel Dionne-Riel 58c0c2574c
Merge pull request from markuskowa/fix-pgBackup
nixos/postgresqlBackup: set to umask to 0077
2018-11-14 01:40:38 +00:00
Tobias Happ 4839403dd6 nixos/{lightdm,sddm,xpra}: remove enabling of logToFile 2018-11-13 21:52:37 +01:00
Jörg Thalheim e3ac65f4c1
Merge pull request from dingxiangfei2009/cloud-init-btrfs
Allow cloud-init to support creating btrfs partitions
2018-11-13 14:17:30 +00:00
Jörg Thalheim a5c74762cb
nixos/cloud-init: add enable suffix to ext4/btrfs
Makes the optional more self-describing and allows future extensions
2018-11-13 10:28:40 +00:00
Robert Hensing 9871fe3564
Merge pull request from NixOS/roberth-patch-1
rabbitmq module: Update documentation
2018-11-13 10:03:38 +01:00
Ding Xiang Fei a965921af9 allow cloud-init to support creating btrfs partitions 2018-11-13 13:14:34 +08:00
Vladimír Čunát 9108b24253
xorg: init xf86-video-vboxvideo at 1.0.0
... and switch to it by default in virtualbox guests
2018-11-12 20:29:14 +01:00
Edward Tjörnhammar 888d01da48
nixos/minetest fix: add missing uid/gid for minetest 2018-11-11 12:47:09 +01:00
Silvan Mosberger e888a997d0
Merge pull request from nh2/glusterfs-4.0.0
glusterfs: 3.12.12 -> 4.0.0
2018-11-11 01:42:48 +01:00
Jörg Thalheim 1d261945c7
Merge pull request from ryantm/monit
nixos/monit: change type of 'config' option to lines
2018-11-10 14:47:38 +00:00
Jörg Thalheim 4ec41a9a9e
Merge pull request from Ekleog/nextcloud-pgsql-unix
nextcloud module: document process for using with pgsql unix auth
2018-11-10 14:37:18 +00:00
Silvan Mosberger 9c984b06c4
Merge pull request from disassembler/grafana-reporter
grafana-reporter: init at 2.0.1
2018-11-10 15:15:21 +01:00
Silvan Mosberger e468a1091b
Merge pull request from danielrutz/port-type
Add port type
2018-11-10 15:12:07 +01:00
Léo Gaspard 221e0fae38
nextcloud module: document process for using with pgsql unix auth 2018-11-10 12:30:54 +09:00
Silvan Mosberger 38b2520b96
Merge pull request from proteansec/pkgs/bacula
bacula: 5.2.13 -> 9.2.1
2018-11-10 04:23:28 +01:00
volth 5ea22a5b00 nixos/nix: ignore nix.checkConfig when cross-compiling ()
* nixos/nix: ignore nix.checkConfig when cross-compiling

the check always fails because of architecture mismatch

* typos
2018-11-09 19:18:06 -06:00
Ryan Mulligan 8d0b95dc09 nixos/monit: change type of 'config' option to lines
By using types.lines for 'config', we can specify monit configurations
in lots of modules and they can all be automatically combined together
with newlines. This is desireable because different modules might want
to each specify the small monitoring task specific to their service.

This commit also updates the module to use current idioms.
2018-11-09 16:07:42 -08:00
Franz Pletz 8ba51ef5ec
Merge pull request from griff/rspamd-workers
nixos/rspamd: Multiple workers, extraConfig priority & postfix integration
2018-11-09 02:55:02 +00:00
Brian Olsen e01605be15
nixos/rspamd: Add options for postfix integration
The `rmilter` module has options for configuring `postfix` to use it but
since that module is deprecated because rspamd now has a builtin worker
that supports the milter protocol this commit adds similar `postfix`
integration options directly to the `rspamd` module.
2018-11-09 01:31:27 +01:00
Renaud 6399b103d8
Merge pull request from aanderse/gitea
nixos/gitea: fix mysql issue, add mysql socket auth, and add a nixos test
2018-11-08 23:45:46 +01:00
Aaron Andersen 3ed52c7804 nixos/gitea: add mysql socket authentication as an option 2018-11-08 17:30:58 -05:00
Aaron Andersen 0bbb6f4f2a nixos/gitea: fix systemd after target when mysql is the database of choice 2018-11-08 17:30:36 -05:00
Sander van der Burg 530b4bcadd nixos/alerta: create new module + add kapacitor integration 2018-11-08 22:34:23 +01:00
Janik Rabe 49e97f8f88 oidentd: 2.2.2 -> 2.3.1
* Added license: GPLv2.
* Updated homepage and description.
* CFLAGS are no longer necessary as of version 2.2.0.
* Option '-a ::' is no longer necessary as of version 2.2.0.
2018-11-07 14:51:45 +02:00
Markus Kowalewski a0371d4761
nixos/postgresqlBackup: set to umask to 0077
* Ensure that the backup file is only readable by the owner
* Add file permission test to tests
2018-11-06 21:59:29 +01:00
sveitser 13892da3e7 nixos/jupyter: wait for network.target 2018-11-06 20:40:20 +01:00
Franz Pletz 159a5f31bc
Merge pull request from griff/rspamd-multifile-enable
nixos/rspamd: Fix enable for locals and overrides
2018-11-06 18:25:47 +00:00
Janne Heß c7f5457aa6 nixos/mysql: Explicitly set datadir in my.cnf
While this seems silly at first (it's already given as start parameter
to mysqld), it seems like xtrabackup needs that sometimes.
Without it, a Galera cluster cannot be run using the xtrabackup
replication method.
2018-11-06 18:38:28 +01:00
Peter Simons a7afcff928 nixos: packagekit can no longer use "nix" default back-end
The code in question does not support Nix 2.0 yet.

Closes https://github.com/NixOS/nixpkgs/issues/49793.
2018-11-06 12:13:14 +01:00
Sarah Brofeldt 81de3e39b0
Merge pull request from johanot/kubedns-to-coredns
nixos/kubernetes: KubeDNS -> CoreDNS
2018-11-06 10:30:49 +01:00
Brian Olsen fba69f388b
nixos/rspamd: Put extraConfig in included files
The lines stored in `extraConfig` and `worker.<name?>.extraConfig`
should take precedent over values from included files but in order to do
this in rspamd UCL they need to be stored in a file that then gets
included with a high priority. This commit uses the overrides option to
store the value of the two `extraConfig` options in `extra-config.inc`
and `worker-<name?>.inc` respectively.
2018-11-06 00:34:23 +01:00
Brian Olsen 46ef075e7d
nixos/rspamd: Add defaults for rspamd_proxy worker 2018-11-06 00:32:14 +01:00
Brian Olsen 3a4459a305
nixos/rspamd: Support multiple workers
When the workers option for rspamd was originally implemented it was
based on a flawed understanding of how workers are configured in rspamd.
This meant that while rspamd supports configuring multiple workers of
the same type, so that different controller workers could have different
passwords, the NixOS module did not support this because it would write
an invalid configuration file if you tried.

Specifically a configuration like the one below:

```
workers.controller = {};
workers.controller2 = {
  type = "controller";
};
```

Would result in a rspamd configuration of:

```
worker {
  type = "controller";
  count = 1;
  .include "$CONFDIR/worker-controller.inc"
}
worker "controller2" {
  type = "controller";
  count = 1;
}
```

While to get multiple controller workers it should instead be:

```
worker "controller" {
  type = "controller";
  count = 1;
  .include "$CONFDIR/worker-controller.inc"
}
worker "controller" {
  type = "controller";
  count = 1;
}
```
2018-11-06 00:26:55 +01:00
Brian Olsen c853b34824
nixos/rspamd: Fix enable for locals and overrides
When implementing  I included an enable option for both the
locals and overrides options but the code writing the files didn't
actually look at enable and so would write the file regardless of its
value. I also set the type to loaOf which should have been attrsOf
since the code was not written to handle the options being lists.

This fixes both of those issues.
2018-11-05 17:50:34 +01:00
Michael Raskin 6b8252d367
Merge pull request from pvgoran/tomcat-clean-basedir
nixos/tomcat: add purifyOnStart option
2018-11-04 17:50:38 +00:00
Andreas Rammhold 6795bdd58c nixos/prometheus: check configuration before starting service
With `promtool` we can check the validity of a configuration before
deploying it. This avoids situations where you would end up with a
broken monitoring system without noticing it - since the monitoring
broke down. :-)
2018-11-04 15:08:44 +01:00
Andreas Rammhold 0de150e0f2 nixos/prometheus: add `package` option
With a package option we can let the user decide what package to use for
prometheus without requiring an overlay.
2018-11-04 15:08:44 +01:00
Andreas Rammhold c891dac82f
Merge pull request from aanderse/solr
solr: 4.10.3 -> 7.5.0, refactor service to reflect major changes in version bump
2018-11-04 13:24:15 +01:00
Niklas Hambüchen c3cddfcef1 glusterfs: 3.12.2 -> 4.0.0 2018-11-04 11:18:15 +01:00
Niklas Hambüchen 92f40bab2b glusterfs service: Switch to simple unit instead of forking.
Gluster's pidfile handling is bug-ridden.

I have fixed https://bugzilla.redhat.com/show_bug.cgi?id=1509340
in an attempt to improve it but that is far from enough.

The gluster developers describe another pidfile issue as
"our brick-process management is a total nightmare", see
f1071f17e0/xlators/mgmt/glusterd/src/glusterd-utils.c (L5907-L5924)

I have observed multiple cases where glusterd doesn't start correctly
and systemd doesn't notice because of the erroneous pidfile handling.

To improve the situation, we don't let glusterd daemonize itself any more
and instead use `--no-daemon` and the `Simple` service type.
2018-11-04 11:09:30 +01:00
Robin Gloster eadb998581
gitlab module: fix config handling 2018-11-04 00:26:01 +01:00
Joachim F 9c44eebbbd
Merge pull request from griff/rspamd-multifile
nixos/rspamd: Add support for included files
2018-11-03 19:06:02 +00:00
Robert Hensing 4aa30166d1 rabbitmq module: Update documentation after proofreading
Thanks @c0bw3b, @lsix!
2018-11-03 19:19:04 +01:00
Niklas Hambüchen 2cb7f5fb1e consul: 0.9.3 -> 1.3.0.
Removes the old UI build tooling; it is no longer necessary
because as of 1.2.0 it's bundled into the server binary.
It doesn't even need to have JS built, because it's bundled into
the release commit's source tree (see ).

The UI is enabled by default, so the NixOS service is
updated to directly use `ui = webUi;` now.

Fixes .
Fixes .
Fixes .
Fixes .

Signed-off-by: Niklas Hambüchen <mail@nh2.me>
2018-11-03 18:39:46 +01:00
Aaron Andersen 1b725def23 solr: 4.10.3 -> 7.5.0, refactor service to reflect major changes in version bump, NixOS test included 2018-11-03 13:14:13 -04:00
Robin Gloster ec7cb84bf0
gitlab: refactor and fix test 2018-11-02 22:40:21 +01:00
Austin Seipp 2266f2014b nixos/postgresql: add myself as maintainer
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2018-11-02 13:52:33 -05:00
Austin Seipp 93aa285376 nixos: fix by setting SYSTEMD_TIMEDATED_NTP_SERVICES
Setting this variable in the environment of systemd-timedated allows
'timedatectl' to tell if an NTP service is running.

Closes .

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2018-11-02 09:10:15 -05:00
Joachim F 2dc0fc6516
Merge pull request from rnhmjoj/syncthing
nixos/syncthing: move configuration to condigDir
2018-11-02 12:02:51 +00:00
Brian Olsen 0810d631a4
nixos/rspamd: Add support for included files
By default rspamd will look for multiple files in /etc/rspamd/local.d
and /etc/rspamd/override.d to be included in subsections of the merged
final config for rspamd. Most of the config snippets in the official
rspamd documentation are made to these files and so it makes sense for
NixOS to support them and this is what this commit does.

As part of rspamd 1.8.1 support was added for having custom Lua
rules stored in $LOCAL_CONFDIR/rspamd.local.lua which means that it is
now possible for NixOS to support such rules and so this commit also
adds support for this to the rspamd module.
2018-11-02 01:46:57 +01:00
obadz c8c1ed2c78 nixos/zerotier: binds to network-online.target to avoid the 1m30s timeout before kill on shutdown 2018-11-01 23:00:25 +00:00
Sander van der Burg 60298d1e08 nixos/kapacitor: new service 2018-11-01 21:53:45 +01:00
Dejan Lukan 02a3726a12 bacula: 5.2.13 -> 9.2.1 2018-11-01 21:28:16 +01:00
Peter Hoeg db1a40a882 home-assistant: use SIGINT instead of SIGTERM to shut down ()
hass will ignore the standard SIGTERM sent by systemd during stop/restart and we
then have to wait for the timeout after which systemd will forcefully kill the
process.

If instead if we send SIGINT, hass will shut down nicely.

There are many issues reported upstream about the inability to shut down/restart
and it is *supposed* to work with SIGTERM but doesn't.
2018-11-01 16:39:37 +01:00
Johan Thomsen 2617b6800d nixos/kubernetes: Replace KubeDNS with CoreDNS 2018-10-31 13:41:04 +01:00
Will Dietz 2603e3a5e9 gtk: don't hardcode glibc use
(cherry picked from commit 6e6f839093ad080c3a61810e9720165faf103e81)
2018-10-30 19:52:03 -05:00
xeji 6efd811062
Merge pull request from markuskowa/mod-slurm-upgrade
nixos/slurm: add slurmdbd, run daemons as user
2018-10-31 00:16:11 +01:00
Markus Kowalewski b388beeca3
nixos/slurm: add maintainer to module and test 2018-10-30 19:50:52 +01:00
Markus Kowalewski d2799d1835
nixos/slurm: node/partitionName option -> list
Make the node and partitionname options lists.
There can be more than paratition or set of nodes.

Add changes to release notes
2018-10-30 19:50:52 +01:00
Markus Kowalewski f51f753416
nixos/slurm: fix obselete string type 2018-10-30 19:50:52 +01:00
Markus Kowalewski 79c9dbfb40
nixos/slurm: add slurmdbd to module
* New options "services.slurm.dbdserver.[enable,config]"
* Add slurmdbd to test slurm.nix
2018-10-30 19:50:52 +01:00
Markus Kowalewski 111d4eb090
nixos/slurm: run ctld as user and fix spool dir
* run as user 'slurm' per default instead of root
* add user/group slurm to ids.nix
* fix default location for the state dir of slurmctld:
  (/var/spool -> /var/spool/slurmctld)
* Update release notes with the above changes
2018-10-30 19:50:46 +01:00
Léo Gaspard b9faae955c
redsocks module: add self as maintainer 2018-10-31 01:06:14 +09:00
Léo Gaspard 930bcbda83
dkimproxy-out module: add self as maintainer 2018-10-31 01:06:04 +09:00
Léo Gaspard 9b34f47b7c
clamsmtp module: add self as maintainer 2018-10-31 01:05:49 +09:00
Jörg Thalheim 6c7ec02503
Merge pull request from aneeshusa/restart-salt-on-config-changes
nixos/salt: restart on config changes
2018-10-30 15:40:56 +00:00
xeji 1d9481a127
Merge pull request from dtzWill/update/upower-0.99.9
upower: 0.99.7 -> 0.99.9, lock down service
2018-10-30 15:57:11 +01:00
Lancelot SIX f68cf486d8
Merge pull request from alyssais/postgres11
postgresql_11: init at 11.0
2018-10-30 15:54:42 +01:00
Lassulus 334dd6f964 nixos/bitlbee: use purple-2 as purple_plugin_path () 2018-10-30 15:37:41 +01:00
Alyssa Ross c6c7d55790
postgresql*: use underscores in version numbers 2018-10-30 14:32:21 +00:00
Will Dietz d7e4c49ffc nixos/upower: lockdown service using upstream settings 2018-10-29 08:09:52 -05:00
Pavel Goran a57bbf4e63 nixos/tomcat: add purifyOnStart option
With this option enabled, before creating file/directories/symlinks in baseDir
according to configuration, old occurences of them are removed.

This prevents remainders of an old configuration (libraries, webapps, you name
it) from persisting after activating a new configuration.
2018-10-29 18:26:22 +07:00
Jörg Thalheim eb70af18f4
Merge pull request from Izorkin/nginx-prestart
nginx: add custom options
2018-10-28 23:13:20 +00:00
Samuel Leathers 5b30cd77db
nixos/grafana_reporter: initial service 2018-10-27 05:15:03 -04:00
Bas van Dijk 0b381dd9ca
Merge pull request from LumiGuide/strongswan-swanctl-5.7.1
strongswan-swanctl: adapt options to strongswan-5.7.1
2018-10-27 09:34:53 +01:00
Silvan Mosberger 932e27c53f
Merge pull request from 1000101/master
nixos/trezord: revised and updated udev rules
2018-10-27 01:18:46 +02:00
Silvan Mosberger f374addc10
Merge pull request from c0bw3b/svc/ddclient
nixos/ddclient: make RuntimeDirectory and configFile private
2018-10-27 00:29:18 +02:00
Bas van Dijk ca655e8b14 strongswan-swanctl: adapt options to strongswan-5.7.1
The changes were found by executing the following in the strongswan
repo (https://github.com/strongswan/strongswan):

git diff 5.6.3..5.7.1 src/swanctl/swanctl.opt
2018-10-26 23:46:02 +02:00
Jan Tojnar 82218835c5
Merge pull request from worldofpeace/gsignond
gsignond: init at 1.0.7
2018-10-26 19:29:56 +02:00
Wout Mertens 69936b5655 phpfpm: allow configuring PHP package per-pool
props to @4levels
2018-10-26 16:11:07 +01:00
Ján Hrnko a88e0ef9aa nixos/trezord: revised and updated udev rules 2018-10-26 14:53:31 +02:00
Marwan Aljubeh 8ddefe857d nixos/nextcloud: fix a typo
The NextCloud `adminpass` option sets the admin password, not the database password.
2018-10-25 18:04:36 +02:00
Maximilian Bosch 5dc1748043
Merge pull request from qolii/eternal-terminal-module
nixos/eternal-terminal: init new module.
2018-10-25 14:51:22 +02:00
qolii c0d90b57d6 Address more review feedback. 2018-10-24 17:57:33 -07:00
Izorkin af8ae49395 nginx: add custom options 2018-10-23 21:04:07 +03:00
Rob Vermaas debbed29d1 datadog-agent: add option to enable trace agent 2018-10-23 12:30:06 +02:00
Renaud ab5380ec82
nixos/ddclient: make configFile private
/run/ddclient/ddclient.conf should be installed in mode 660 (readable and writeable only by ddclient.service user and group)
2018-10-23 00:43:41 +02:00
Renaud f76a9eb526
nixos/ddclient: make RuntimeDirectory private
ddclient will raise a warning if /run/ddclient/ is world-readable
2018-10-22 23:58:12 +02:00
Jörg Thalheim 9a7bca27cc
Merge pull request from dhess/dovenull-group-fix
dovecot: dovenull user should have its own group.
2018-10-22 22:46:17 +01:00
Drew Hess fa388534e4
dovecot: dovenull user should have its own group.
Quoting from https://wiki.dovecot.org/UserIds#dovenulluser:

"It should belong to its own private dovenull group where no one else
belongs to..."
2018-10-22 15:01:47 -04:00
Victor SENE 2a164f598c nixos/nextcloud: extend documentation for nginx configuration
Co-authored-by: Robin Gloster <mail@glob.in>
2018-10-22 19:50:37 +02:00
Markus Kowalewski e3a86019d6
nixos/munge: do not create unnecessary log dir
/var/log/munge is not used. All log messages go to syslog
2018-10-21 20:46:09 +02:00
Joachim F ca127588c1
Merge pull request from exarkun/48622.tor-disable-socksport
nixos/tor: better support non-anonymous services
2018-10-21 18:27:02 +00:00
Jörg Thalheim c4a7ebb46b
Merge pull request from Mic92/grafana-improvements
Grafana: secrets outside of the nix store + smtp
2018-10-21 14:21:09 +01:00
Renaud cb9237d16f
Merge pull request from florianjacob/munin-var-run-to-run
nixos/munin: move from /var/run to /run
2018-10-21 10:07:25 +02:00
Michael Raskin 3491dd06a1
Merge pull request from pvgoran/tomcat-virtualhost-aliases
nixos/tomcat: add aliases sub-option for virtual hosts
2018-10-21 07:54:52 +00:00
qolii ee0444576f Address review feedback. 2018-10-20 13:52:43 -07:00
qolii af1a285017 nixos/eternal-terminal: init new module. 2018-10-20 13:52:12 -07:00
Silvan Mosberger 1fa1bcbab0
nixos/znc: Fix confOptions.uriPrefix not being applied
This was overlooked on a rebase of mine on master, when I didn't realize
that in the time of me writing the znc changes this new option got
introduced.
2018-10-20 20:56:30 +02:00
Silvan Mosberger 039fc37f9c
nixos/znc: Fix confOptions.extraZncConf being applied to wrong section
This bug was introduced in https://github.com/NixOS/nixpkgs/pull/41467
2018-10-20 20:36:18 +02:00
Pierre Bourdon cf58856d90 nixos/prometheus: add webExternalUrl option
Similar to the prometheus.alertmanager.webExternalUrl option, but for
Prometheus itself.
2018-10-20 13:45:55 +02:00
Matthew Bauer 5b73b46aec
Merge pull request from Tmplt/fix-compton
nixos/compton: fix corrupt colours with Mesa 18 on AMD
2018-10-19 15:40:43 -05:00
Maximilian Bosch e8fb77a944
Merge pull request from Ma27/fix-setxkbmap-completion
zsh: patch `_setxkbmap` completion script
2018-10-19 14:33:04 +02:00
worldofpeace 4f4e20bc79 nixos/gsignond: init 2018-10-19 06:29:04 -04:00
Tmplt df41d53f9d nixos/compton: fix corrupt colours with Mesa 18 on AMD
On AMD hardware with Mesa 18, compton renders some colours incorrectly
when using the glx backend. This patch sets an environmental variable
for compton so colours are rendered correctly.

Topical bug: <https://bugs.freedesktop.org/show_bug.cgi?id=104597>
2018-10-19 01:10:11 +02:00
Daniel Rutz c98a7bf8f2 nixos/sshd: Use port type instead of int
This change leads to an additional check of the port number at build time, making invalid port values impossible.
2018-10-18 23:42:20 +02:00
Jörg Thalheim 5a1f0f9aa3
tinc: remove unnecessary networking.interfaces
This breaks with networking backends enabled and
also creates large delays on boot when some services depends
on the network target. It is also not really required
because tinc does create those interfaces itself.

fixes 
2018-10-18 21:37:56 +01:00
Jörg Thalheim 2ce94fafcd
Merge pull request from spacefrogg/openafs
Openafs security updates
2018-10-18 16:08:04 +01:00
Michael Raitza 290a7d2ee9 nixos/openafs: Add defaultText to avoid evaluating packages 2018-10-18 13:11:52 +02:00
Maximilian Bosch 13e4110650
Merge pull request from Ma27/weechat-multiuser-support
nixos/weechat: add setuid wrapper for `screen' to ensure true multiuser capabilities
2018-10-17 23:39:30 +02:00
markuskowa ab27adc2dd
Merge pull request from ck3d/fix-nixos-lirc-socket
nixos lircd: fix deletion of lircd socket
2018-10-17 21:52:48 +02:00
Jörg Thalheim f6ded23889
Merge pull request from Mic92/postfix-setuid
postfix: add setgid wrapper for postqueue/postdrop
2018-10-17 14:48:43 +01:00
Jean-Paul Calderone 4a71e2942c nixos/tor: better support non-anonymous services
Tor requires ``SOCKSPort 0`` when non-anonymous hidden services are
enabled.  If the configuration doesn't enable Tor client features,
generate a configuration file that explicitly includes this disabling
to allow such non-anonymous hidden services to be created (note that
doing so still requires additional configuration).  See .
2018-10-17 08:56:59 -04:00
clefru 725fcdef3f Fix hostapd's place in systemd dependency tree. ()
* nat/bind/dhcp.service:
  Remove. Those services have nothing to do with a link-level service.

* sys-subsystem-net-devices-${if}.device:
  Add as BindsTo dependency as this will make hostapd stop when the
  device is unplugged.

* network-link-${if}.service:
  Add hostapd as dependency for this service via requiredBy clause,
  so that the network link is only considered to be established
  only after hostapd has started.

* network.target:
  Remove this from wantedBy clause as this is already implied from
  dependencies stacked above hostapd. And if it's not implied than
  starting hostapd is not required for this particular network
  configuration.
2018-10-17 09:18:52 +02:00
Silvan Mosberger e443bbf6fd
Merge pull request from Infinisil/znc-config
nixos/znc: More flexible module, cleanups
2018-10-17 03:01:30 +02:00
Aaron Andersen 4ed7d822be redmine: add missing 'migrate' command prior to starting the application
required for plugins with a database component
see: http://www.redmine.org/projects/redmine/wiki/Plugins
2018-10-16 15:08:24 -04:00
Aneesh Agrawal a962d53806 salt: Restart on config changes 2018-10-15 19:59:25 -07:00
Aneesh Agrawal 37c9915340 nixos/salt-minion: Fix salt-call without `-c` 2018-10-15 19:59:09 -07:00
Aneesh Agrawal adf8261192 nixos/salt-minion: Remove trailing whitespace 2018-10-15 19:59:00 -07:00
Peter Hoeg 1c30532b6d nixos pykms: run via DynamicUser 2018-10-16 10:38:45 +08:00
rnhmjoj 16f67637ba
nixos/syncthing: move configuration to condigDir
fixes  following the upstream recommended settings:
https://github.com/syncthing/syncthing/issues/3434#issuecomment-235401876
2018-10-15 20:34:50 +02:00
Jörg Thalheim 91ddc9d27f
postfix: add setgid wrapper for postqueue/postdrop
Both postqueue[1] and postdrop[2] implement a subset of administration
task that are supposed to be run unprivileged users
and require the setgid bit to full-fill this task.

[1] http://www.postfix.org/postqueue.1.html
[2] http://www.postfix.org/postdrop.1.html
2018-10-15 13:14:41 +01:00
Joachim F a179d44bd1
Merge pull request from xaverdh/kmscon-autologin
nixos/kmscon: Add autologin option
2018-10-15 11:25:19 +00:00
Silvan Mosberger 81c3ae9492
nixos/znc: add config option
This option represents the ZNC configuration as a Nix value. It will be
converted to a syntactically valid file. This provides:
- Flexibility: Any ZNC option can be used
- Modularity: These values can be set from any NixOS module and will be
merged correctly
- Overridability: Default values can be overridden

Also done:
Remove unused/unneeded options, mkRemovedOptionModule unfortunately doesn't work
inside submodules (yet). The options userName and modulePackages were never used
to begin with
2018-10-14 20:39:42 +02:00
Silvan Mosberger 0ea64098dc
Merge pull request from NickHu/psd
profile-sync-daemon: add missing path to systemd service
2018-10-14 14:10:03 +02:00
Nick Hu 9cd21807c8 nixos/profile-sync-daemon: add missing path to systemd service 2018-10-14 13:02:33 +01:00
Peter Hoeg abe0e22e20
Merge pull request from mrVanDalo/update_syncthing
nixos/modules: services.syncthing add guiAddress parameter
2018-10-14 18:47:51 +08:00
Ingolf Wagner d2e1dd7fc7
nixos/modules: services.syncthing use types.str instead of types.string
As Infinisil mentioned in https://github.com/NixOS/nixpkgs/pull/48119#discussion_r224974201
2018-10-14 06:46:42 +02:00
Ingolf Wagner fa6c8ec2a7
nixos/modules: services.syncthing add guiAddress parameter 2018-10-14 00:52:25 +02:00
Yegor Timoshenko 6e4d0c4a8a
Merge pull request from florianjacob/matomo-choose-package
nixos/matomo: introduce services.matomo.package option
2018-10-13 15:27:00 +00:00
Florian Jacob a1825aecfc
nixos/matomo: introduce services.matomo.package option 2018-10-13 15:25:12 +00:00
Alexey Shmalko df2696c430
Merge pull request from delroth/prom-tor
prometheus-tor-exporter: init at 0.3
2018-10-13 17:59:23 +03:00
Silvan Mosberger 4eee2cd0e0
nixos/znc: move to own folder
Move legacy options to separate file
2018-10-13 15:04:53 +02:00
Jörg Thalheim b899df4f3f
Merge pull request from jslight90/gitlab
nixos/gitlab: add custom hooks directory for gitlab-shell
2018-10-13 10:55:42 +01:00
Pierre Bourdon 86d644f8cc prometheus-tor-exporter: init at 0.3
Upstream: https://github.com/atx/prometheus-tor_exporter
2018-10-13 10:10:29 +02:00
Jörg Thalheim 156d2fbf5d
Merge pull request from avnik/fix/rmilter
nixos/rmilter: don't enable by default, if rspamd enabled
2018-10-12 22:34:08 +01:00
Jeff Slight 7bafe25553 add custom hooks directory to gitlab-shell
Add custom_hooks_dir to gitlab-shell yml config file.
2018-10-12 09:33:37 -07:00
Alexander V. Nikolaev b61dd2bcb7 nixos/rmilter: don't enable by default, if rspamd enabled 2018-10-12 17:39:06 +03:00
Jan Tojnar a112f16a75
Merge pull request from ambrop72/gdk-pixbuf-fix
Use a NixOS module for generating the gdk-pixbuf loaders cache.
2018-10-12 15:52:06 +02:00
Ben Wolsieffer 73c523a605 buildbot: add Python 3 support 2018-10-11 21:39:11 -04:00
Silvan Mosberger c81ca5491f
Merge pull request from nh2/issue-46038-nix-daemon-ssh-path
nix-daemon service: Ensure `ssh` is on PATH. Fixes .
2018-10-11 21:51:37 +02:00
Silvan Mosberger c881a04a5d
Merge pull request from pvgoran/correct-mkEnableOption-uses
nixos: correct improper uses of mkEnableOption, clarify service descr…
2018-10-11 21:31:32 +02:00
Michael Raskin a29603344a
Merge pull request from aanderse/redmine
redmine: refactor, cleanup, bug fix, and add functionality
2018-10-11 15:32:43 +00:00
Victor SENE 2dcd512e74 nixos/nextcloud: add poolConfig option () 2018-10-11 14:13:23 +00:00
Franz Pletz 0aabc77a03
Merge pull request from WilliButz/add-exporter-tests
nixos/tests: add test for prometheus exporters
2018-10-11 13:58:14 +00:00
Aaron Andersen 975f476cd2 quoting stateDir path in case it includes spaces 2018-10-11 08:04:47 -04:00
obadz 6fca3c5700 cups-googlecloudprint: init at 20160502 2018-10-11 09:19:58 +01:00
Aaron Andersen 1cb5b509f1 redmine: refactor, cleanup, bug fix, and add functionality
- added package option to specify which version of redmine
- added themes option back in to allow specifying redmine themes
- added plugins option back in to allow specifying redmine plugins
- added database.socket option to allow mysql unix socket authentication
- added port option to allow specifying the port rails runs on

- cleaned up Gemfile so it is much less hacky
- switched to ruby version 2.4 by default as suggested by documentation http://www.redmine.org/projects/redmine/wiki/redmineinstall#Installing-Redmine
- fixed an annoyance (bug) in the service causing recursive symlinks
- fixed ownership bug on log files generated by redmine
- updates reflecting renames in nixos options

- added a nixos test
2018-10-10 21:04:08 -04:00
xeji af6e2464bb
nixos/display-managers/startx: init ()
Dummy display manager that allows running X as a normal user.
The X server is started manually from a vt using `startx`.
Session startup commands must be provided by the user
in ~/.xinitrc, which is NOT automatically generated.
2018-10-10 23:07:44 +02:00
Peter Hoeg 98649aea0f
Merge pull request from peterhoeg/f/opti
nix-optimise: do not run in container
2018-10-10 20:57:10 +08:00
Maximilian Bosch 018573b757
nixos/weechat: add setuid wrapper for `screen' to ensure true multiuser capabilities
Previously you either had to set the setuid bit yourself or workaround
`isSystemUser = true` (for a loginable shell) to access the weechat
screen.

`programs.screen` shouldn't do this by default to avoid taking too much
assumptions about the setup, however `services.weechat` explicitly
requires tihs.

See 
2018-10-10 11:11:34 +02:00
Jörg Thalheim af7c57232b
Merge pull request from Lassulus/gnome-gdm
nixos/gnome3: don't autoenable gdm
2018-10-09 23:22:41 +01:00
Vincent Ambo 5ead27394d journaldriver: 1.0.0 -> 1.1.0 ()
Included changes:

* upstream repository has moved, URLs changed accordingly
* journaldriver bumped to new upstream release

The new release includes an important workaround for an issue that
could cause log-forwarding to fail after service restarts due to
invalid journal cursors being persisted.
2018-10-09 23:45:43 +02:00
Joachim F 5fc62fa49c
Merge pull request from Vskilet/emby
nixos/emby : use the dataDir option
2018-10-09 08:54:07 +00:00
lassulus 5a752ad879 nixos/gnome3: don't autoenable gdm
This seems to cause problems if people have other display-managers
enabled
2018-10-08 23:05:18 +02:00
Timo Kaufmann a88dad2684
Merge pull request from lheckemann/murmur-mention-mumble
murmur: mention mumble in description
2018-10-08 21:46:38 +02:00
Matthew Bauer dd6f6951cf
Merge pull request from jfrankenau/module-triggerhappy
nixos/triggerhappy: add module for triggerhappy hotkey daemon
2018-10-08 14:42:59 -05:00
Matthew Bauer 7432fde1ad
Merge pull request from eadwu/init/lightdm-enso-os-greeter
lightdm-enso-os-greeter: init at 0.2.1
2018-10-08 13:54:31 -05:00
WilliButz fbb7e0c82f
nixos/prometheus-exporters: fix unapplied service config
Prior to this commit, the default values for `Restart`, `PrivateTmp` and
`WorkingDirectory` were falsely ignored.

I also added myself as maintainer.
2018-10-08 17:21:49 +02:00
WilliButz 24320f4a9e
nixos/prometheus-varnish-exporter: avoid crash on restart 2018-10-08 17:21:48 +02:00
Victor SENE 7d43e2a861 nixos/emby : use the dataDir option 2018-10-08 14:49:09 +02:00
Linus Heckemann 68a2fceed5 nixos/murmur: mention mumble in description
This makes the option easier to find with the options search or in the
manpage.
2018-10-08 13:33:36 +02:00
lassulus 99c8dc4a11 charybdis service: bin/charybdis-ircd -> bin/charybdis 2018-10-07 13:10:50 +02:00
Andrew Childs c477d6658c nixos/prometheus-snmp-exporter: fix command line argument format 2018-10-07 11:35:55 +09:00
Matthew Bauer 907afd17f9
Merge pull request from azazel75/alertmanager-flags
Prometheus Alertmanager: Allow the definition of extra options on commandline
2018-10-05 22:52:48 -05:00
Matthew Bauer 91078ee339
Merge pull request from NickHu/psd
profile-sync-daemon: 5.53 -> 6.33
2018-10-05 22:51:59 -05:00
Matthew Bauer 33d24042d4
Merge pull request from bobvanderlinden/pr-test-upnp
Miniupnpd and bittorrent improvements
2018-10-05 22:48:24 -05:00
Matthew Bauer ef7d2215a5
Merge pull request from dasJ/tt_rss_uid
nixos/tt_rss: Give a proper UID
2018-10-05 22:41:27 -05:00
nyanloutre bb06b5b442 nixos/emby: fixes binary name change introduced by 2018-10-05 09:25:39 +02:00
Pavel Goran 858b263bf0 nixos: correct improper uses of mkEnableOption, clarify service descriptions
Several service definitions used `mkEnableOption` with text starting
with "Whether to", which produced funny option descriptions like
"Whether to enable Whether to run the rspamd daemon..".

This commit corrects this, and adds short descriptions of services
to affected service definitions.
2018-10-05 13:14:45 +07:00
Peter Hoeg c81d370bb9
Merge branch 'master' into f/activation 2018-10-05 10:08:56 +08:00
Peter Hoeg 4dada63a17 plasma5: run kbuildsycoca5 in the user context 2018-10-05 10:06:40 +08:00
Pascal Wittmann b9e7935eff
Merge pull request from Mic92/bitlbee
nixos/bitlbee: add pam option
2018-10-04 12:48:09 +02:00
Peter Hoeg 6b4d336651
Merge pull request from peterhoeg/f/plasma
kcheckpass: it is in kscreenlocker, not plasma-workspace
2018-10-04 15:42:46 +08:00
Matthew Bauer 1ffe83caa7
Merge pull request from ambrop72/optimus-prime-config-master
nixos/xserver: Implement configuration of NVIDIA Optimus via PRIME
2018-10-03 22:56:53 -05:00
Peter Hoeg d10a84eb21 kcheckpass: it is in kscreenlocker, not plasma-workspace 2018-10-04 10:17:40 +08:00
Jörg Thalheim 6a995e986a
Merge pull request from eqyiel/nextcloud
nextcloud module: init
2018-10-03 23:42:40 +01:00
Florian Jacob c54aa26a2d nixos/munin: move from /var/run to /run
as using /var/run now emits a warning by systemd's tmpfiles.d.
As /var/run is already a symlink to /run, this can't break anything, and
data does not need to be migrated.
2018-10-03 17:36:37 +02:00
Peter Simons 1af8f3a980 nixos: include system-level dconf resources in GDM's profile
This is necessary when system-wide dconf settings must be configured, i.e. to
disable GDM's auto-suspending of the machine when no user is logged in.

Related to https://github.com/NixOS/nixpkgs/issues/42053.
2018-10-02 13:27:59 +02:00
Alyssa Ross c1dbb90bfd lightdm: add extraConfig option () 2018-10-02 00:35:32 +02:00
Franz Pletz 11ba2f270f
nixos/clamav: fix freshclam service if db up to date 2018-10-02 00:26:38 +02:00
Franz Pletz f8d681a91f
nixos/clamav: fix daemon/updater services toggling 2018-10-02 00:26:38 +02:00
Jörg Thalheim d334c1c1d0 nixos/bitlbee: option to use pam 2018-10-01 18:25:11 +01:00
Franz Pletz ebd38185c8 nixos/nextcloud: init
Co-authored-by: Franz Pletz <fpletz@fnordicwalking.de>
Co-authored-by: Robin Gloster <mail@glob.in>
Co-authored-by: Janne Heß <janne@hess.ooo>
Co-authored-by: Florian Klink <flokli@flokli.de>
2018-10-01 02:07:43 +09:30
Johan Thomsen a91c293aaf kubernetes: 1.11.3 -> 1.12.0
- kubelet CAdvisor port has been removed
2018-09-30 14:49:26 +02:00
Graham Christensen 8413f22bb3
docs: format 2018-09-29 20:51:11 -04:00
Will Dietz 243e28bc96 nix-daemon: only add channels dir to NIX_PATH if exists
Per reviewer comment (thanks!).
2018-09-29 20:29:33 -04:00
Will Dietz f3a114e088 NIX_PATH: don't prepend $HOME-based value in session variable, set later
environment.sessionVariables cannot refer to the values of env vars,
and as a result this has caused problems in a variety of scenarios.

One use for these is that they're injected into /etc/profile,
elewhere these are used to populate an 'envfile' for pam
(`pam 5 pam_env.conf`) which mentions use of HOME being
potentially problematic.

Anyway if the goal is to make things easier for users,
simply do the NIX_PATH modification as extraInit.

This fixes the annoying problems generated by the current approach
( and others) while hopefully serving the original goal.

One way to check if things are borked is to try:

$ sudo env | grep NIX_PATH

Which (before this change) prints NIX_PATH variable with
an unexpanded $HOME in the value.

-------

This does mean the following won't contain user channels for 'will':
$ sudo -u will nix-instantiate --eval -E builtins.nixPath

However AFAICT currently they won't be present either,
due to unescaped $HOME.  Unsure if similar situation for other users
of sessionVariables (not sudo) work with current situation
(if they exist they will regress after this change AFAIK).
2018-09-29 20:29:33 -04:00
Dominik Xaver Hörl 73de073405 nixos/kmscon: Add autologin option 2018-09-29 21:55:14 +02:00
Elis Hirwing aba95986d2
lidarr: init at 0.3.1.471
Fork of sonarr (as radarr) but for music instead of series and movies.
2018-09-29 21:40:29 +02:00
Matthew Bauer 21c26ca390
Merge pull request from rembo10/sickbeard
Sickbeard/Sickgear/Sickrage: Init and module
2018-09-29 13:58:43 -05:00
Brian Olsen 783a58f363
nixos/rspamd: Remove non-working socket activation
The socket activation I added to the rspamd module doesn't actually work
and can't be made to work without changes to rspamd.

See: 
See: 
2018-09-28 19:43:34 +02:00
Jörg Thalheim 2dc1d75eb4
Merge pull request from griff/rspamd-socketruntime
nixos/rspamd: Preserve runtime directory when using socket activation
2018-09-27 14:09:12 +01:00
Robert Hensing 6c568b6644 rabbitmq module: Update documentation
Elaborate on the two config file formats.
2018-09-27 13:13:27 +02:00
Franz Pletz e7ca9af4cc
shairport-sync: fix pulseaudio support & default arguments 2018-09-26 18:12:02 +02:00
Domen Kožar 82feb4b66e
postgresql: give postgres user a shell 2018-09-26 12:11:40 +01:00
aszlig c5bb43188d
nixos: Fix eval error for documentation.nixos
Introduced by 0f3b89bbed.

If services.nixosManual.showManual is enabled and
documentation.nixos.enable is not, there is no
config.system.build.manual available, so evaluation fails. For example
this is the case for the installer tests.

There is however an assertion which should catch exactly this, but it
isn't thrown because the usage of config.system.build.manual is
evaluated earlier than the assertions.

So I split the assertion off into a separate mkIf to make sure it is
shown appropriately and also fixed the installation-device profile to
enable documentation.nixos.

Signed-off-by: aszlig <aszlig@nix.build>
Cc: @oxij
2018-09-25 23:39:44 +02:00
Alexey Lebedeff afa2be4464 rabbitmq module: modernize after package upgrade
- Use socket-activated epmd - that way there won't be any trouble when
  more than one erlang system is used within a single host.
- Use new automation-friendly configuration file format
- Use systemd notifications instead of buggy 'rabbitmqctl wait' for
  confirming successful server startup.
  'wait' bug: https://github.com/rabbitmq/rabbitmq-server/issues/463
- Use 'rabbitmqctl shutdown' instead of 'stop', because it's not
  pid-file based
- Use sane systemd unit defaults from RabbitMQ repo:
  https://github.com/rabbitmq/rabbitmq-server/blob/master/docs/rabbitmq-server.service.example
- Support for external plugins
2018-09-25 11:19:23 +02:00
Michael Raskin 61abf3bbd9
Merge pull request from oxij/nixos/doc-in-installer
nixos: fix fallout from 
2018-09-25 09:00:43 +00:00
WilliButz 78ad8d4a62 nixos/gitlab: rebuild authorized_keys during preStart
This updates the path to the 'gitlab-shell' to the
correct store path when gitlab is restarted.
2018-09-25 03:53:32 +02:00
Robin Gloster dc915565ba gitlab module: workhorse may start before gitlab 2018-09-25 03:53:32 +02:00
Kristoffer Thømt Ravneberg f17f59ca8e nixos/gitlab: avoid creating recursive symlinks, add gitlab-rake deps 2018-09-25 03:53:32 +02:00
Jan Malakhovski 3c0cced272 nixos: doc: nixos-manual: fix assert 2018-09-24 21:07:55 +00:00
Austin Seipp 0ce90d58cc nixos/chrony: clean up, rework to be a little closer to upstream
Most importantly, this sets PrivateTmp, ProtectHome, and ProtectSystem
so that Chrony flaws are mitigated, should they occur.

Moving to ProtectSystem=full however, requires moving the chrony key
files under /var/lib/chrony -- which should be fine, anyway.

This also ensures ConditionCapability=CAP_SYS_TIME is set, ensuring
that chronyd will only be launched in an environment where such a
capability can be granted.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2018-09-24 15:42:44 -05:00
1000101 082bf52e31 nixos/trezord: revised and updated udev rules
nixos/trezord: revised and updated udev rules
2018-09-24 19:55:14 +02:00
Eelco Dolstra 9c53116d49
Revert "nixos: set nixos in nixPath"
This reverts commit 67c8c49177.

'nix run nixos.firefox' is *not* supposed to work - the Nix 2.x
interface attempts to standardize on nixpkgs.*, to get rid of the
nixos/nixpkgs confusion that existed with the channels interface. So
let's not bring that confusion back.
2018-09-24 10:42:01 +02:00
Samuel Dionne-Riel ebf041d4bd
Merge pull request from oxij/nixos/manual-to-doc
nixos: doc: implement 
2018-09-24 00:09:23 -04:00
Jörg Thalheim 5e5cd96189
Merge pull request from avnik/fix/rmilter
Fix rmilter socket path, add deprecation notice
2018-09-24 01:40:13 +01:00
Matthew Bauer cc72143f7d
Merge pull request from matthewbauer/add-nixos-to-nixpath
nixos: set nixos in nixPath
2018-09-23 18:47:44 -05:00
Matthew Bauer 1f0626a789
Merge pull request from matthewbauer/add-kdoctools
kde: add kdoctools to default environment
2018-09-23 18:46:36 -05:00
Jan Malakhovski 0f3b89bbed nixos: doc: move non-service parts of `service.nixosManual` to `documentation.nixos` 2018-09-23 20:50:47 +00:00
Jan Malakhovski fe744d3fb1 nixos: doc: rename `manual` to `manualHTML`, cleanup references
Because when I see "config.system.build.manual.manual" after I forgot
what it means I ask "Why do I need that second `.manual` there again?".
Doesn't happen with `config.system.build.manual.manualHTML`.
2018-09-23 20:47:58 +00:00
Matthew Bauer 611cc31aa4 kde: add kdoctools to default environment
khelpcenter needs meinproc5 to work properly. Hopefully doesn’t effect
closure sizes too much - kdoctools is rather small.

Fixes 

/cc @ttuegel
2018-09-23 13:38:50 -05:00
Sarah Brofeldt 7ac9e75583
Merge pull request from worldofpeace/emby/correct-permission
nixos/emby: ensure plugins are writeable
2018-09-23 20:33:29 +02:00
Sarah Brofeldt 7fb0194d41
Merge pull request from Gerschtli/update/ts3
teamspeak_server: 3.0.13.6 -> 3.3.0
2018-09-23 20:24:48 +02:00
Alexander V. Nikolaev 868040ee22 rmilter: deprecation notice 2018-09-23 18:51:40 +03:00
Pavel Goran 5e16e671ea nixos/tomcat: add aliases sub-option for virtual hosts 2018-09-23 21:49:17 +07:00
Vladyslav Mykhailichenko 3b7ecaa798 iwd: 0.7 -> 0.8 2018-09-23 15:26:55 +03:00
Frederik Rietdijk 56853dc6d8
Merge pull request from NixOS/staging-next
Staging next
2018-09-23 09:31:28 +02:00
Matthew Bauer 67c8c49177 nixos: set nixos in nixPath
This makes using the nixos channel work out of the box with the new
Nix commands. For example:

$ nix run nixos.firefox -c firefox

Fixes 
2018-09-23 00:14:27 -05:00
Alexander V. Nikolaev 08f266490b rmilter: move rmilter.sock out of /run/rmilter
/run/rmilter is set by systemd, and have root:root ownership, which
prevent pid file to write.

This fix suggested to be promoted to 18.09 branch.
(Although rmilter itself is deprecated, and I plan to remove it, after
18.09 would be released)
2018-09-22 20:57:08 +03:00
Michael Peyton Jones 5b3c8485d6 sddm: link whole sddm directory, not just themes () 2018-09-22 19:23:31 +02:00
Christian Kögler 1ce496bfab nixos lircd: fix deletion of lircd socket 2018-09-21 23:47:26 +02:00
Jan Tojnar 93408aecc4
Merge pull request from mvnetbiz/libratbag
libratbag: init at v0.9.903
2018-09-21 22:49:17 +02:00
Matt Votava 9a859fb7f9 libratbag: init at v0.9.903
Add package libratbag and service module ratbagd
Libratbag contains ratbagd daemon and ratbagctl cli to configure
buttons, dpi, leds, etc. of gaming mice.
Add mvnetbiz to maintainers.
2018-09-21 02:13:49 -07:00
Jörg Thalheim 9046673696 nixos/grafana: option to configure smtp 2018-09-20 23:06:10 +01:00
Jörg Thalheim 7eb9c348fb nixos/grafana: options to store secrets not in nix store 2018-09-20 23:06:10 +01:00
Maximilian Bosch 18d461533b
zsh: patch `_setxkbmap` completion script
Instead of searching `/usr` it should search for the `xkb`,
$XDG_DATA_DIRS will be searched. With this approach we allow compliance
on NixOS and non-NixOS systems to find `symbols` in the `xkb` directory.

The patch has been accepted by upstream, but isn't released yet, so this
is mainly a temporary fix until we can bump ZSH to the next stable version.

The `xserver` module links `/share/X11/xkb` to `/run/current-system` to
make this possible.

The fix can be tested inside the following VM:

```
{
  zshtest = {
    programs.zsh.enable = true;
    users.extraUsers.vm = {
      password = "vm";
      isNormalUser = true;
    };
    services.xserver.enable = true;
  };
}
```

Fixes 
2018-09-20 12:54:34 +02:00
worldofpeace a16c6d85a1 nixos/emby: ensure plugins are writeable 2018-09-20 06:35:51 -04:00
Domen Kožar 5715aa1951
datadog-agent: remove privateTmp=true
This allows postgres integration to connect to socket in /tmp
2018-09-19 18:53:51 +01:00
Edmund Wu 1a15b10ae3 lightdm: fix tmpfiles path () 2018-09-19 16:54:13 +02:00
WilliButz 3961cab52f codimd: remove unneeded defaults 2018-09-18 23:15:34 +02:00
WilliButz fc93264f59 codimd: fix option `configuration.saml.idpCert` 2018-09-18 23:15:34 +02:00
Janne Heß be6e995085 nixos/tt_rss: Give a proper UID 2018-09-18 21:46:52 +02:00
Frederik Rietdijk de419917a3 Merge master into staging-next 2018-09-18 18:44:48 +02:00
Jörg Thalheim f8b2c1318c
Merge pull request from mdorman/airsonic-parameters
airsonic: provide additional jvm configuration
2018-09-18 08:20:53 +01:00
Jean-Paul Calderone 57834da7fc nixos/tor: Correct "transparent" typo 2018-09-17 16:13:11 +02:00
Graham Christensen c8cc8d496d
Merge pull request from erikarvstedt/docs
Improve docs
2018-09-17 09:31:30 -04:00
WilliButz db846a88a8 nixos/codimd: add module 2018-09-17 15:18:52 +02:00
Erik Arvstedt 4c755e1218 nixos display-managers: fix typo in description 2018-09-17 15:03:01 +02:00
worldofpeace 67e9571ba4 nixos/lightdm: use systemd.tmpfiles ()
This also makes logs appear at /var/log/lightdm
2018-09-17 11:02:21 +02:00
Peter Hoeg f456d7f575
Merge pull request from ck3d/nixos-lirc
initial NixOS module for LIRC
2018-09-17 11:35:15 +08:00
Peter Hoeg 3904016a3d
Merge pull request from binarin/epmd-systemd-pr
epmd: Introduce erlang port mapper daemon service
2018-09-17 11:33:09 +08:00
Jörg Thalheim 8ceaf29f3b
Merge pull request from pacien/exim-module-package-opt
exim: parametrise package
2018-09-16 22:53:02 +01:00
Jörg Thalheim fc41ea8c8e
Merge pull request from dasJ/nullidentdmod-module
nixos/nullidentdmod: Init
2018-09-16 22:06:59 +01:00
rembo10 f1c9d5cf23 Add sickbeard module (with SickGear & SickRage) 2018-09-16 21:54:16 +02:00
rembo10 8d1ad4317c headphones: init at 0.5.19 2018-09-16 21:48:18 +02:00
pacien d73ed4264f exim: parametrise package
This allows the definition of a custom derivation of Exim,
which can be used to enable custom features such as LDAP and PAM support.

The default behaviour remains unchanged (defaulting to pkgs.exim).
2018-09-16 15:19:29 +02:00
Bob van der Linden d3eff01076
nixos: miniupnpd: use iptables scripts 2018-09-15 23:10:24 +02:00
Christian Kögler 533efd0cfd initial NixOS module for LIRC 2018-09-14 03:57:51 +02:00
Michael Alan Dorman c76312aea5 airsonic: provide additional jvm configuration
This allows the user, among other things, to configure jukebox output
to go to non-default alsa devices.
2018-09-13 20:05:02 -04:00
Nick Hu 574f4c4069 profile-sync-daemon: 5.53 -> 6.33 2018-09-13 17:15:13 +09:00
Domen Kožar bef541c569 datadog: add live process monitoring 2018-09-13 09:11:06 +01:00
Domen Kožar 049b3a6cc2 nixos: remove unneeded api_key from config 2018-09-13 09:11:06 +01:00
Uli Baum 1df2560dde Merge branch 'master' into staging-next 2018-09-13 10:08:53 +02:00
Robin Gloster 929f71d381
grafana module: allow path for extraConfig vals 2018-09-12 14:21:46 +02:00
Joachim F e02575b906
Merge pull request from Chiiruno/dev/zeronet
nixos/zeronet: Fix TOR permissions, add torAlways option
2018-09-11 10:28:32 +00:00
Jörg Thalheim 1bdba70b71
Merge pull request from Yarny0/hylafaxplus
Hylafaxplus
2018-09-11 10:48:19 +01:00
Jörg Thalheim c8ccc433df
nixos/hylafax: show correct option in warning message. 2018-09-11 10:38:04 +01:00
Edward Tjörnhammar 9dc661aa72
nixos/i2pd: Update options to encompass recent additions to the daemon
Also:
  * switch to flat sysdir
  * remove nixos default reseeds, rely on program defaults
  * refactor config expressions
2018-09-09 18:48:51 +02:00
Markus Kowalewski 0051772890
nixos/slurm: add option clusterName
slurm 18.08 requires ClusterName to be set
(set to default).
2018-09-08 23:14:54 +02:00
Okina Matara 9c97f37761 nixos/zeronet: Fix TOR permissions, add torAlways option 2018-09-08 12:12:11 -05:00
Michael Weiss 53ef5441bb nixos/sks: Make the webroot option optional
That way the built-in web server is usable by default but users can use
$HOME/web directly (instead of having to use a symlink), if they want to
customize the webpage.
2018-09-08 17:01:35 +02:00
Michael Weiss eb0050ca45 nixos/sks: Use a group and don't add sks to systemPackages
Without a group the gid will default to 65534 (2^16 - 2) which maps to
"nogroup". IMO it makes more sense to explicitly set a valid group.

Adding pkgs.sks to environment.systemPackages is not required (IIRC we
want to avoid bloating environment.systemPackages). Instead it seems
like a better idea to make the relevant binaries available to the user
sks and enable useDefaultShell so that "su -l sks" can be used for
manual interaction (that way the files will always have the correct
owner).
2018-09-08 16:24:05 +02:00
Michael Weiss a0d3d098ff nixos/sks: Add a webroot option
The module will now, by default, serve a simple webpage via the built-in
web server (instead of displaying an error message).
2018-09-08 16:24:05 +02:00
Yarny0 12fa95f2d6 modules: HylaFAX server configuration
This commit adds the following
* the uucp user
* options for HylaFAX server to control startup and modems
* systemd services for HylaFAX server processes
  including faxgettys for modems
* systemd services to maintain the HylaFAX spool area,
  including cleanup with faxcron and faxqclean
* default configuration for all server processes
  for a minimal working configuration

Some notes:

* HylaFAX configuration cannot be initialized with faxsetup
  (as it would be common on other Linux distributions).
  The hylafaxplus package contains a template spool area.
* Modems are controlled by faxgetty.
  Send-only configuration (modems controlled by faxq)
  is not supported by this configuration setup.
* To enable the service, one or more modems must be defined with
  config.services.hylafax.modems .
* Sending mail *should* work:
  HylaFAX will use whatever is in
  config.services.mail.sendmailSetuidWrapper.program
  unless overridden with the sendmailPath option.
* The admin has to create a hosts.hfaxd file somewhere
  (e.g. in /etc) before enabling HylaFAX.
  This file controls access to the server (see hosts.hfaxd(5) ).
  Sadly, HylaFAX does not permit account-based access
  control as is accepts connections via TCP only.
* Active fax polling should work; I can't test it.
* Passive fax polling is not supported by HylaFAX.
* Pager transmissions (with sendpage) are disabled by default.
  I have never tested or used these.
* Incoming data/voice/"extern"al calls
  won't be handled by default.
  I have never tested or used these.
2018-09-08 14:21:40 +02:00
Michael Weiss 28a46c2c6f
Merge pull request from primeos/nixos-sks
nixos/sks: Minor improvements
2018-09-08 14:16:55 +02:00
Tad Fisher 56b3c5b2dd nixos/networkmanager: fix VPN plugin service definition targets () 2018-09-08 14:10:51 +02:00
Michael Weiss 6764d41ecc nixos/sks: Update the descriptions and add meta.maintainers
TODO: Merge this module with https://github.com/NixOS/nixpkgs/pull/24516
2018-09-08 13:44:11 +02:00
Michael Weiss a0d7b88911 nixos/sks: Add a dataDir option 2018-09-08 13:44:08 +02:00
Jan Tojnar 667e54bdb0
Merge pull request from jtojnar/rygel
Rygel
2018-09-08 06:22:37 +01:00
Jan Tojnar 60ae12f5de
nixos/rygel: init 2018-09-08 06:57:14 +02:00
Timo Kaufmann e326c0156d
Merge pull request from Ma27/nixos/weechat-module
nixos/weechat: add module
2018-09-07 17:19:46 +02:00
Maximilian Bosch 18d419141d
nixos/weechat: cleanup module, add module documentation
This adds several improvements the previously introduced
`services.weechat` module:

* Dropped `services.weechat.init` as the initialization script can now
  be done on package-level since 2af41719bc using the `configure`
  function.

* Added `sessionName` option to explicitly configure a name for the
  `screen` session (by default: weechat-screen).

* Added `binary` option to configure the binary name (e.g.
  `weechat-headless`).

* Added docs regarding `screen` session and `weechat.service`.
2018-09-07 13:45:13 +02:00
Yegor Timoshenko b54987715b
weechat: add NixOS module 2018-09-07 13:09:08 +02:00
David Smith 1d497bbff1 nixos/riemann: refactor config
Previously it was only possible to use very simple Riemann config.
For more complicated scenarios you need a directory of clojure
files and the config file that riemann starts with should be in this
directory.
2018-09-07 09:46:46 +01:00
Silvan Mosberger aed92ec2e9
Merge pull request from dasJ/iperf
nixos/iperf: Init the module
2018-09-06 18:52:30 +02:00
Janne Heß 32a2d08b23 nixos/nullidentdmod: Init 2018-09-06 16:31:20 +02:00
Shea Levy 18337f3ece
Merge branch 'no-toPath' 2018-09-06 08:09:53 -04:00
Janne Heß 9e25ebc03a nixos/iperf: Init the module 2018-09-06 12:38:30 +02:00
Matthew Bauer 4120a9dda7
Merge pull request from avnik/libprefixed-to-multioutput/heimdal
Libprefixed to multioutput/heimdal
2018-09-05 13:50:13 -05:00
Alberto Berti 69e4e4934d Allow the definition of extra options on commandline
I stumbled upon an issue with the Alertmanager that required
an additional comand line option. See https://groups.google.com/forum/#!msg/prometheus-users/-5wd-P13xCI/lGLBHHgnBgAJ
2018-09-04 23:19:26 +02:00
Niklas Hambüchen 31919bce6b nix-daemon service: Ensure `ssh` is on PATH. Fixes .
This fixes a regression introduced in commit
  700e21d6da

nix needs ssh on path for the SSH substituter functionality,
not only the distributed builds functionality.

Signed-off-by: Niklas Hambüchen <mail@nh2.me>
2018-09-04 16:19:35 +02:00
Vladimír Čunát 1428d00aa4
Merge branch 'master' into staging-next
Hydra: ?compare=1477053
2018-09-04 13:06:45 +02:00
Graham Christensen 61deecdc34
nixos docs: more IDs 2018-09-02 15:56:24 -04:00
Graham Christensen 146f8bac7e
Merge pull request from samueldr/fix/nixos-help-browser
nixos/manual: nixos-help knows about colon-separated BROWSER
2018-09-02 14:30:22 -04:00
Yorick 1ee3ad6732 wireguard: change preStop to postStop, require network.target ()
* wireguard: change preStop to postStop, require network.target

* wireguard service: network.target -> network-online.target
2018-09-02 17:07:55 +02:00
Frederik Rietdijk b910b697f6 Merge master into staging 2018-09-02 12:10:33 +02:00
Uli Baum 5f72169b03 nixos/displayManagers/auto: allow root auto-login
The switch from slim to lightdm in  broke some nixos tests
because lightdm by default doesn't permit auto-login for root.
Override /etc/pam.d/lightdm-autologin to allow it.
2018-09-02 08:18:10 +02:00
Florian Klink 953b77f07b bird: set reloadIfChanged to true ()
This will trigger the reload instead of restart command if a definition
changes, which is much more desireable for a routing daemon.
2018-09-02 06:51:32 +02:00
Samuel Dionne-Riel ca47cc90c2
Merge pull request from teto/nm_dispatchers
[RDY] networkmanager: enrich dispatcher PATH
2018-09-01 23:26:36 -04:00
Uli Baum 15e6e1ff6f nixos/nginx: fix type of sslTrustedCertificate option
The option was added in 1251b34b5b
with type `types.path` but default `null`, so eval failed with
the default setting. This broke the acme and certmgr tests.

cc: @vincentbernat @fpletz
2018-09-02 01:35:59 +02:00
Graham Christensen 34d2ec7c09
nixos docs: give IDs to things 2018-09-01 16:20:49 -04:00
volth 2413fcdfeb services.xserver.windowManager.session: handle duplicate names () 2018-09-01 21:27:17 +02:00
Samuel Dionne-Riel 4ff5f304b9 nixos/manual: nixos-help knows about colon-separated BROWSER
This is the semantics as understood by `xdg-open`. Using these semantics
on a non-colon-separated variable works because it acts as if it was a
one element long list.

This fixes an issue where it would try to exec
`google-chrome-beta:google-chrome:chromium:firefox` on a system
configured with these semantics in mind.
2018-09-01 13:48:49 -04:00
Vladimír Čunát 2d6179d1e8
Merge branch 'master' into staging
A few trivial conflicts due to *Platforms mass replace.
2018-09-01 17:38:18 +02:00
xeji ff679f86a2
Merge pull request from Lassulus/slim-lightdm
display-managers: make lightdm the default
2018-09-01 16:11:38 +02:00
Jörg Thalheim 58c29e9e75
Merge pull request from wizeman/u/fix-transmission-mod2
nixos/transmission: fix AppArmor profile to include keyutils
2018-09-01 12:13:22 +01:00
Vladimír Čunát 0473466ba5
Merge : artwork update (replacing old logo) 2018-09-01 10:43:20 +02:00
lassulus fc035da4a4 xserver.displayManager: change default
Switch from slim to lightdm as the display-manager.
    If plasma5 is used as desktop-manager use sdddm.
    If gnome3 is used as desktop-manager use gdm.

    Based on 
2018-08-31 17:57:39 +02:00
Ricardo M. Correia 6376c5df87 nixos/transmission: fix AppArmor profile to include keyutils 2018-08-31 17:19:29 +02:00
Tobias Happ 8f0bafcaff nixos/gitea: fix pre start script ()
The gitea path is hardcoded in hooks directory in files of paths like:
    repositories/<user>/<repo>.git/hooks/update.d/gitea
2018-08-31 16:39:58 +02:00
John Ericson 2c4a75e9ef
Merge pull request from obsidiansystems/dont-use-obsolete-platform-aliases
treewide: Dont use obsolete platform aliases
2018-08-31 09:56:10 -04:00
チルノ 17564e0ed9 nixos/zeronet: init () 2018-08-31 11:40:23 +01:00
Sarah Brofeldt bb321a2624
Merge pull request from Nadrieril/fix-usbguard-auditfile
nixos/usbguard: ensure the audit log file can be created 
nixos/usbguard: disable debug output
2018-08-31 11:40:13 +02:00
Franz Pletz 1cc916b5b2
Merge pull request from vincentbernat/fix/nginx-stapling
nixos/nginx: ensure TLS OCSP stapling works out of the box with LE
2018-08-31 07:18:40 +00:00