Merge branch 'master' into staging

That's to get mesa rebuild from master, as it's nontrivial.
author: Vladimír Čunát <vcunat@gmail.com> 2016-05-23 09:02:10 +0200
committer: Vladimír Čunát <vcunat@gmail.com> 2016-05-23 09:02:10 +0200
commit: 0b192a09767c05b38f3e2838c07e9600318bbbb5 (patch)
tree: 4467053c39ef4bad71527cd5fda5cf92960575e8 /nixos/modules
parent: dc5bbc4700dd95420f87141efcc0e6cb48a710f9 (diff)
parent: 0e54c749114b79f6be78486086f5829b176fcba8 (diff)
download: nixlib-0b192a09767c05b38f3e2838c07e9600318bbbb5.tar
nixlib-0b192a09767c05b38f3e2838c07e9600318bbbb5.tar.gz
nixlib-0b192a09767c05b38f3e2838c07e9600318bbbb5.tar.bz2
nixlib-0b192a09767c05b38f3e2838c07e9600318bbbb5.tar.lz
nixlib-0b192a09767c05b38f3e2838c07e9600318bbbb5.tar.xz
nixlib-0b192a09767c05b38f3e2838c07e9600318bbbb5.tar.zst
nixlib-0b192a09767c05b38f3e2838c07e9600318bbbb5.zip
8 files changed, 53 insertions, 23 deletions
diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix
index bd6552f74a4f..370220d253a5 100644
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@@ -62,7 +62,8 @@
   ./programs/bash/bash.nix
   ./programs/blcr.nix
   ./programs/cdemu.nix
-  ./programs/command-not-found/command-not-found.nix
+  # see https://github.com/NixOS/nixos-channel-scripts/issues/4
+  #./programs/command-not-found/command-not-found.nix
   ./programs/dconf.nix
   ./programs/environment.nix
   ./programs/freetds.nix
diff --git a/nixos/modules/services/databases/redis.nix b/nixos/modules/services/databases/redis.nix
index 6323d2c8ce4e..480e1184ffa3 100644
--- a/nixos/modules/services/databases/redis.nix
+++ b/nixos/modules/services/databases/redis.nix
@@ -68,6 +68,22 @@ in
         description = "The port for Redis to listen to.";
       };
 
+      vmOverCommit = mkOption {
+        type = types.bool;
+        default = false;
+        description = ''
+          Set vm.overcommit_memory to 1 (Suggested for Background Saving: http://redis.io/topics/faq)
+        '';
+      };
+
+      openFirewall = mkOption {
+        type = types.bool;
+        default = false;
+        description = ''
+          Whether to open ports in the firewall for the server.
+        '';
+      };
+
       bind = mkOption {
         type = with types; nullOr str;
         default = null; # All interfaces
@@ -193,6 +209,14 @@ in
 
   config = mkIf config.services.redis.enable {
 
+    boot.kernel.sysctl = mkIf cfg.vmOverCommit {
+      "vm.overcommit_memory" = "1";
+    };
+
+    networking.firewall = mkIf cfg.openFirewall {
+      allowedTCPPorts = [ cfg.port ];
+    };
+
     users.extraUsers.redis =
       { name = cfg.user;
         uid = config.ids.uids.redis;
diff --git a/nixos/modules/services/desktops/gnome3/gnome-keyring.nix b/nixos/modules/services/desktops/gnome3/gnome-keyring.nix
index a8f1bcc28fbe..a36643a1cfb3 100644
--- a/nixos/modules/services/desktops/gnome3/gnome-keyring.nix
+++ b/nixos/modules/services/desktops/gnome3/gnome-keyring.nix
@@ -36,7 +36,7 @@ in
 
     environment.systemPackages = [ gnome3.gnome_keyring ];
 
-    services.dbus.packages = [ gnome3.gnome_keyring ];
+    services.dbus.packages = [ gnome3.gnome_keyring gnome3.gcr ];
 
   };
 
diff --git a/nixos/modules/services/networking/networkmanager.nix b/nixos/modules/services/networking/networkmanager.nix
index e9eea6a2cae1..9912ad9ae3fc 100644
--- a/nixos/modules/services/networking/networkmanager.nix
+++ b/nixos/modules/services/networking/networkmanager.nix
@@ -114,12 +114,10 @@ in {
       # Ugly hack for using the correct gnome3 packageSet
       basePackages = mkOption {
         type = types.attrsOf types.package;
-        default = { inherit modemmanager wpa_supplicant
+        default = { inherit networkmanager modemmanager wpa_supplicant
                             networkmanager_openvpn networkmanager_vpnc
                             networkmanager_openconnect
-                            networkmanager_pptp networkmanager_l2tp;
-                    networkmanager = networkmanager.out;
-                  };
+                            networkmanager_pptp networkmanager_l2tp; };
         internal = true;
       };
 
@@ -189,7 +187,7 @@ in {
 
     boot.kernelModules = [ "ppp_mppe" ]; # Needed for most (all?) PPTP VPN connections.
 
-    environment.etc = with mapAttrs (name: getBin) cfg.basePackages; [
+    environment.etc = with cfg.basePackages; [
       { source = ipUpScript;
         target = "NetworkManager/dispatcher.d/01nixos-ip-up";
       }
diff --git a/nixos/modules/services/networking/unbound.nix b/nixos/modules/services/networking/unbound.nix
index 89762fe52488..0dd24478f409 100644
--- a/nixos/modules/services/networking/unbound.nix
+++ b/nixos/modules/services/networking/unbound.nix
@@ -106,8 +106,10 @@ in
       preStart = ''
         mkdir -m 0755 -p ${stateDir}/dev/
         cp ${confFile} ${stateDir}/unbound.conf
+        ${optionalString cfg.enableRootTrustAnchor ''
         ${pkgs.unbound}/bin/unbound-anchor -a ${rootTrustAnchorFile}
         chown unbound ${stateDir} ${rootTrustAnchorFile}
+        ''}
         touch ${stateDir}/dev/random
         ${pkgs.utillinux}/bin/mount --bind -n /dev/random ${stateDir}/dev/random
       '';
diff --git a/nixos/modules/services/torrent/transmission.nix b/nixos/modules/services/torrent/transmission.nix
index 32203a522b0c..5154aaca3bc2 100644
--- a/nixos/modules/services/torrent/transmission.nix
+++ b/nixos/modules/services/torrent/transmission.nix
@@ -113,22 +113,22 @@ in
           #include <abstractions/base>
           #include <abstractions/nameservice>
 
-          ${pkgs.glibc.out}/lib/*.so                    mr,
-          ${pkgs.libevent.out}/lib/libevent*.so*        mr,
-          ${pkgs.curl.out}/lib/libcurl*.so*             mr,
-          ${pkgs.openssl.out}/lib/libssl*.so*           mr,
-          ${pkgs.openssl.out}/lib/libcrypto*.so*        mr,
-          ${pkgs.zlib.out}/lib/libz*.so*                mr,
-          ${pkgs.libssh2.out}/lib/libssh2*.so*          mr,
-          ${pkgs.systemd}/lib/libsystemd*.so*       mr,
-          ${pkgs.xz.out}/lib/liblzma*.so*               mr,
-          ${pkgs.libgcrypt.out}/lib/libgcrypt*.so*      mr,
-          ${pkgs.libgpgerror.out}/lib/libgpg-error*.so* mr,
-          ${pkgs.nghttp2.lib}/lib/libnghttp2*.so*       mr,
-          ${pkgs.c-ares.out}/lib/libcares*.so*          mr,
-          ${pkgs.libcap.lib}/lib/libcap*.so*            mr,
-          ${pkgs.attr.out}/lib/libattr*.so*             mr,
-          ${pkgs.lz4}/lib/liblz4*.so*               mr,
+          ${getLib pkgs.glibc}/lib/*.so                    mr,
+          ${getLib pkgs.libevent}/lib/libevent*.so*        mr,
+          ${getLib pkgs.curl}/lib/libcurl*.so*             mr,
+          ${getLib pkgs.openssl}/lib/libssl*.so*           mr,
+          ${getLib pkgs.openssl}/lib/libcrypto*.so*        mr,
+          ${getLib pkgs.zlib}/lib/libz*.so*                mr,
+          ${getLib pkgs.libssh2}/lib/libssh2*.so*          mr,
+          ${getLib pkgs.systemd}/lib/libsystemd*.so*       mr,
+          ${getLib pkgs.xz}/lib/liblzma*.so*               mr,
+          ${getLib pkgs.libgcrypt}/lib/libgcrypt*.so*      mr,
+          ${getLib pkgs.libgpgerror}/lib/libgpg-error*.so* mr,
+          ${getLib pkgs.nghttp2}/lib/libnghttp2*.so*       mr,
+          ${getLib pkgs.c-ares}/lib/libcares*.so*          mr,
+          ${getLib pkgs.libcap}/lib/libcap*.so*            mr,
+          ${getLib pkgs.attr}/lib/libattr*.so*             mr,
+          ${getLib pkgs.lz4}/lib/liblz4*.so*               mr,
 
           @{PROC}/sys/kernel/random/uuid   r,
           @{PROC}/sys/vm/overcommit_memory r,
diff --git a/nixos/modules/services/x11/xserver.nix b/nixos/modules/services/x11/xserver.nix
index 9cb9c8de31d7..4f65ed72d36e 100644
--- a/nixos/modules/services/x11/xserver.nix
+++ b/nixos/modules/services/x11/xserver.nix
@@ -16,6 +16,7 @@ let
     virtualbox = { modules = [ kernelPackages.virtualboxGuestAdditions ]; driverName = "vboxvideo"; };
     ati = { modules = with pkgs.xorg; [ xf86videoati glamoregl ]; };
     intel = { modules = with pkgs.xorg; [ xf86videointel glamoregl ]; };
+    modesetting = { modules = []; };
   };
 
   fontsForXServer =
diff --git a/nixos/modules/system/boot/initrd-ssh.nix b/nixos/modules/system/boot/initrd-ssh.nix
index a881459bed18..3e2805a8c341 100644
--- a/nixos/modules/system/boot/initrd-ssh.nix
+++ b/nixos/modules/system/boot/initrd-ssh.nix
@@ -85,6 +85,10 @@ in
   };
 
   config = mkIf (config.boot.initrd.network.enable && cfg.enable) {
+    assertions = [ {
+      assertion = cfg.hostRSAKey != null || cfg.hostDSSKey != null || cfg.hostECDSAKey != null;
+      message = "You should specify at least one host key for initrd SSH";
+    } ];
 
     boot.initrd.extraUtilsCommands = ''
       copy_bin_and_libs ${pkgs.dropbear}/bin/dropbear
author	Vladimír Čunát <vcunat@gmail.com>	2016-05-23 09:02:10 +0200
committer	Vladimír Čunát <vcunat@gmail.com>	2016-05-23 09:02:10 +0200
commit	0b192a09767c05b38f3e2838c07e9600318bbbb5 (patch)
tree	4467053c39ef4bad71527cd5fda5cf92960575e8 /nixos/modules
parent	dc5bbc4700dd95420f87141efcc0e6cb48a710f9 (diff)
parent	0e54c749114b79f6be78486086f5829b176fcba8 (diff)
download	nixlib-0b192a09767c05b38f3e2838c07e9600318bbbb5.tar nixlib-0b192a09767c05b38f3e2838c07e9600318bbbb5.tar.gz nixlib-0b192a09767c05b38f3e2838c07e9600318bbbb5.tar.bz2 nixlib-0b192a09767c05b38f3e2838c07e9600318bbbb5.tar.lz nixlib-0b192a09767c05b38f3e2838c07e9600318bbbb5.tar.xz nixlib-0b192a09767c05b38f3e2838c07e9600318bbbb5.tar.zst nixlib-0b192a09767c05b38f3e2838c07e9600318bbbb5.zip