diff options
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/doc/manual/default.nix | 9 | ||||
-rw-r--r-- | nixos/doc/manual/release-notes/rl-1803.xml | 10 | ||||
-rw-r--r-- | nixos/lib/testing.nix | 2 | ||||
-rw-r--r-- | nixos/modules/services/monitoring/prometheus/alertmanager.nix | 10 | ||||
-rw-r--r-- | nixos/modules/services/networking/bird.nix | 23 | ||||
-rw-r--r-- | nixos/modules/services/networking/kresd.nix | 23 |
6 files changed, 58 insertions, 19 deletions
diff --git a/nixos/doc/manual/default.nix b/nixos/doc/manual/default.nix index 66fa4f0ba43c..bbe82066aa0c 100644 --- a/nixos/doc/manual/default.nix +++ b/nixos/doc/manual/default.nix @@ -63,18 +63,17 @@ let stripAnyPrefixes = lib.flip (lib.fold lib.removePrefix) prefixesToStrip; # Custom "less" that pushes up all the things ending in ".enable*" - # and ".package" - optionListLess = a: b: + # and ".package*" + optionLess = a: b: let - splt = lib.splitString "."; ise = lib.hasPrefix "enable"; isp = lib.hasPrefix "package"; cmp = lib.splitByAndCompare ise lib.compare (lib.splitByAndCompare isp lib.compare lib.compare); - in lib.compareLists cmp (splt a) (splt b) < 0; + in lib.compareLists cmp a.loc b.loc < 0; # Customly sort option list for the man page. - optionsList = lib.sort (a: b: optionListLess a.name b.name) optionsListDesc; + optionsList = lib.sort optionLess optionsListDesc; # Convert the list of options into an XML file. optionsXML = builtins.toFile "options.xml" (builtins.toXML optionsList); diff --git a/nixos/doc/manual/release-notes/rl-1803.xml b/nixos/doc/manual/release-notes/rl-1803.xml index 9121c21a8690..f2a1bde19c76 100644 --- a/nixos/doc/manual/release-notes/rl-1803.xml +++ b/nixos/doc/manual/release-notes/rl-1803.xml @@ -38,6 +38,10 @@ has the following highlights: </para> </itemizedlist> </para> </listitem> + + <listitem> + <para>PHP now defaults to PHP 7.2</para> + </listitem> </itemizedlist> </section> @@ -207,6 +211,12 @@ following incompatible changes:</para> </listitem> </itemizedlist> </listitem> + <listitem> + <para> + The <literal>jid</literal> package has been removed, due to maintenance + overhead of a go package having non-versioned dependencies. + </para> + </listitem> </itemizedlist> </section> diff --git a/nixos/lib/testing.nix b/nixos/lib/testing.nix index cf213d906f58..ddab23cce393 100644 --- a/nixos/lib/testing.nix +++ b/nixos/lib/testing.nix @@ -29,7 +29,7 @@ rec { cp ${./test-driver/Logger.pm} $libDir/Logger.pm wrapProgram $out/bin/nixos-test-driver \ - --prefix PATH : "${lib.makeBinPath [ qemu vde2 netpbm coreutils ]}" \ + --prefix PATH : "${lib.makeBinPath [ qemu_test vde2 netpbm coreutils ]}" \ --prefix PERL5LIB : "${with perlPackages; lib.makePerlPath [ TermReadLineGnu XMLWriter IOTty FileSlurp ]}:$out/lib/perl5/site_perl" ''; }; diff --git a/nixos/modules/services/monitoring/prometheus/alertmanager.nix b/nixos/modules/services/monitoring/prometheus/alertmanager.nix index cf761edad926..8a47c9f1e7d8 100644 --- a/nixos/modules/services/monitoring/prometheus/alertmanager.nix +++ b/nixos/modules/services/monitoring/prometheus/alertmanager.nix @@ -111,11 +111,11 @@ in { after = [ "network.target" ]; script = '' ${pkgs.prometheus-alertmanager.bin}/bin/alertmanager \ - -config.file ${alertmanagerYml} \ - -web.listen-address ${cfg.listenAddress}:${toString cfg.port} \ - -log.level ${cfg.logLevel} \ - ${optionalString (cfg.webExternalUrl != null) ''-web.external-url ${cfg.webExternalUrl} \''} - ${optionalString (cfg.logFormat != null) "-log.format ${cfg.logFormat}"} + --config.file ${alertmanagerYml} \ + --web.listen-address ${cfg.listenAddress}:${toString cfg.port} \ + --log.level ${cfg.logLevel} \ + ${optionalString (cfg.webExternalUrl != null) ''--web.external-url ${cfg.webExternalUrl} \''} + ${optionalString (cfg.logFormat != null) "--log.format ${cfg.logFormat}"} ''; serviceConfig = { diff --git a/nixos/modules/services/networking/bird.nix b/nixos/modules/services/networking/bird.nix index 1a7a1e24b702..c25bd0fdc541 100644 --- a/nixos/modules/services/networking/bird.nix +++ b/nixos/modules/services/networking/bird.nix @@ -7,21 +7,27 @@ let let cfg = config.services.${variant}; pkg = pkgs.${variant}; + birdBin = if variant == "bird6" then "bird6" else "bird"; birdc = if variant == "bird6" then "birdc6" else "birdc"; + descr = + { bird = "1.9.x with IPv4 suport"; + bird6 = "1.9.x with IPv6 suport"; + bird2 = "2.x"; + }.${variant}; configFile = pkgs.stdenv.mkDerivation { name = "${variant}.conf"; text = cfg.config; preferLocalBuild = true; buildCommand = '' echo -n "$text" > $out - ${pkg}/bin/${variant} -d -p -c $out + ${pkg}/bin/${birdBin} -d -p -c $out ''; }; in { ###### interface options = { services.${variant} = { - enable = mkEnableOption "BIRD Internet Routing Daemon"; + enable = mkEnableOption "BIRD Internet Routing Daemon (${descr})"; config = mkOption { type = types.lines; description = '' @@ -36,12 +42,12 @@ let config = mkIf cfg.enable { environment.systemPackages = [ pkg ]; systemd.services.${variant} = { - description = "BIRD Internet Routing Daemon"; + description = "BIRD Internet Routing Daemon (${descr})"; wantedBy = [ "multi-user.target" ]; serviceConfig = { Type = "forking"; Restart = "on-failure"; - ExecStart = "${pkg}/bin/${variant} -c ${configFile} -u ${variant} -g ${variant}"; + ExecStart = "${pkg}/bin/${birdBin} -c ${configFile} -u ${variant} -g ${variant}"; ExecReload = "${pkg}/bin/${birdc} configure"; ExecStop = "${pkg}/bin/${birdc} down"; CapabilityBoundingSet = [ "CAP_CHOWN" "CAP_FOWNER" "CAP_DAC_OVERRIDE" "CAP_SETUID" "CAP_SETGID" @@ -56,14 +62,15 @@ let users = { extraUsers.${variant} = { description = "BIRD Internet Routing Daemon user"; - group = "${variant}"; + group = variant; }; extraGroups.${variant} = {}; }; }; }; - inherit (config.services) bird bird6; -in { - imports = [(generic "bird") (generic "bird6")]; +in + +{ + imports = map generic [ "bird" "bird6" "bird2" ]; } diff --git a/nixos/modules/services/networking/kresd.nix b/nixos/modules/services/networking/kresd.nix index d0c19c4ecb71..aac02b811d71 100644 --- a/nixos/modules/services/networking/kresd.nix +++ b/nixos/modules/services/networking/kresd.nix @@ -46,6 +46,15 @@ in What addresses the server should listen on. (UDP+TCP 53) ''; }; + listenTLS = mkOption { + type = with types; listOf str; + default = []; + example = [ "198.51.100.1:853" "[2001:db8::1]:853" "853" ]; + description = '' + Addresses on which kresd should provide DNS over TLS (see RFC 7858). + For detailed syntax see ListenStream in man systemd.socket. + ''; + }; # TODO: perhaps options for more common stuff like cache size or forwarding }; @@ -75,6 +84,18 @@ in socketConfig.FreeBind = true; }; + systemd.sockets.kresd-tls = mkIf (cfg.listenTLS != []) rec { + wantedBy = [ "sockets.target" ]; + before = wantedBy; + partOf = [ "kresd.socket" ]; + listenStreams = cfg.listenTLS; + socketConfig = { + FileDescriptorName = "tls"; + FreeBind = true; + Service = "kresd.service"; + }; + }; + systemd.sockets.kresd-control = rec { wantedBy = [ "sockets.target" ]; before = wantedBy; @@ -97,6 +118,8 @@ in Type = "notify"; WorkingDirectory = cfg.cacheDir; Restart = "on-failure"; + Sockets = [ "kresd.socket" "kresd-control.socket" ] + ++ optional (cfg.listenTLS != []) "kresd-tls.socket"; }; # Trust anchor goes from dns-root-data by default. |