diff options
Diffstat (limited to 'nixos')
33 files changed, 511 insertions, 138 deletions
diff --git a/nixos/doc/manual/release-notes/rl-1709.xml b/nixos/doc/manual/release-notes/rl-1709.xml index 55b39209f0d5..d5ab6ab0c247 100644 --- a/nixos/doc/manual/release-notes/rl-1709.xml +++ b/nixos/doc/manual/release-notes/rl-1709.xml @@ -45,6 +45,33 @@ has the following highlights: </para> even though <literal>HDMI-0</literal> is the first head in the list. </para> </listitem> + <listitem> + <para> + The handling of SSL in the nginx module has been cleaned up, renaming + the misnomed <literal>enableSSL</literal> to <literal>onlySSL</literal> + which reflects its original intention. This is not to be used with the + already existing <literal>forceSSL</literal> which creates a second + non-SSL virtual host redirecting to the SSL virtual host. This by + chance had worked earlier due to specific implementation details. In + case you had specified both please remove the <literal>enableSSL</literal> + option to keep the previous behaviour. + </para> + <para> + Another <literal>addSSL</literal> option has been introduced to configure + both a non-SSL virtual host and an SSL virtual host. + </para> + <para> + Options to configure <literal>resolver</literal>s and + <literal>upstream</literal>s have been introduced. See their information + for further details. + </para> + <para> + The <literal>port</literal> option has been replaced by a more generic + <literal>listen</literal> option which makes it possible to specify + multiple addresses, ports and SSL configs dependant on the new SSL + handling mentioned above. + </para> + </listitem> </itemizedlist> <para>The following new services were added since the last release:</para> @@ -62,12 +89,19 @@ following incompatible changes:</para> <itemizedlist> <listitem> <para> - <literal>aiccu</literal> package was removed. This is due to SixXS + The <literal>aiccu</literal> package was removed. This is due to SixXS <link xlink:href="https://www.sixxs.net/main/"> sunsetting</link> its IPv6 tunnel. </para> </listitem> <listitem> <para> + The <literal>fanctl</literal> package and <literal>fan</literal> module + have been removed due to the developers not upstreaming their iproute2 + patches and lagging with compatibility to recent iproute2 versions. + </para> + </listitem> + <listitem> + <para> Top-level <literal>idea</literal> package collection was renamed. All JetBrains IDEs are now at <literal>jetbrains</literal>. </para> @@ -202,6 +236,59 @@ rmdir /var/lib/ipfs/.ipfs <command>gpgv</command>, etc. </para> </listitem> + <listitem> + <para> + <literal>services.mysql</literal> now has declarative + configuration of databases and users with the <literal>ensureDatabases</literal> and + <literal>ensureUsers</literal> options. + </para> + + <para> + These options will never delete existing databases and users, + especially not when the value of the options are changed. + </para> + + <para> + The MySQL users will be identified using + <link xlink:href="https://mariadb.com/kb/en/library/authentication-plugin-unix-socket/"> + Unix socket authentication</link>. This authenticates the + Unix user with the same name only, and that without the need + for a password. + </para> + + <para> + If you have previously created a MySQL <literal>root</literal> + user <emphasis>with a password</emphasis>, you will need to add + <literal>root</literal> user for unix socket authentication + before using the new options. This can be done by running the + following SQL script: + +<programlisting language="sql"> +CREATE USER 'root'@'%' IDENTIFIED BY ''; +GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' WITH GRANT OPTION; +FLUSH PRIVILEGES; + +-- Optionally, delete the password-authenticated user: +-- DROP USER 'root'@'localhost'; +</programlisting> + </para> + </listitem> + <listitem> + <para> + <literal>sha256</literal> argument value of + <literal>dockerTools.pullImage</literal> expression must be + updated since the mechanism to download the image has been + changed. Skopeo is now used to pull the image instead of the + Docker daemon. + </para> + </listitem> + <listitem> + <para> + Templated systemd services e.g <literal>container@name</literal> are + now handled currectly when switching to a new configuration, resulting + in them being reloaded. + </para> + </listitem> </itemizedlist> <para>Other notable improvements:</para> @@ -257,14 +344,48 @@ rmdir /var/lib/ipfs/.ipfs </listitem> <listitem> <para> - <literal>sha256</literal> argument value of - <literal>dockerTools.pullImage</literal> expression must be - updated since the mechanism to download the image has been - changed. Skopeo is now used to pull the image instead of the - Docker daemon. + Definitions for <filename>/etc/hosts</filename> can now be specified + declaratively with <literal>networking.hosts</literal>. + </para> + </listitem> + <listitem> + <para> + Two new options have been added to the installer loader, in addition + to the default having changed. The kernel log verbosity has been lowered + to the upstream default for the default options, in order to not spam + the console when e.g. joining a network. + </para> + <para> + This therefore leads to adding a new <literal>debug</literal> option + to set the log level to the previous verbose mode, to make debugging + easier, but still accessible easily. + </para> + <para> + Additionally a <literal>copytoram</literal> option has been added, + which makes it possible to remove the install medium after booting. + This allows tethering from your phone after booting from it. + </para> + <para> + <literal>services.gitlab-runner.configOptions</literal> has been added + to specify the configuration of gitlab-runners declaratively. + </para> + <para> + <literal>services.jenkins.plugins</literal> has been added + to install plugins easily, this can be generated with jenkinsPlugins2nix. + </para> + <para> + <literal>services.postfix.config</literal> has been added + to specify the main.cf with NixOS options. Additionally other options + have been added to the postfix module and has been improved further. + </para> + <para> + The GitLab package and module have been updated to the latest 9.5 release. + </para> + <para> + The <literal>systemd-boot</literal> boot loader now lists the NixOS + version, kernel version and build date of all bootable generations. </para> </listitem> - </itemizedlist> </section> diff --git a/nixos/maintainers/option-usages.nix b/nixos/maintainers/option-usages.nix index 854ecf7eac51..7be0255b35ac 100644 --- a/nixos/maintainers/option-usages.nix +++ b/nixos/maintainers/option-usages.nix @@ -77,7 +77,6 @@ let excludedOptions = [ "boot.systemd.services" "systemd.services" - "environment.gnome3.packageSet" "kde.extraPackages" ]; excludeOptions = list: diff --git a/nixos/modules/installer/tools/nixos-install.sh b/nixos/modules/installer/tools/nixos-install.sh index 79ed18c923c0..f994d5b4bde1 100644 --- a/nixos/modules/installer/tools/nixos-install.sh +++ b/nixos/modules/installer/tools/nixos-install.sh @@ -102,7 +102,7 @@ fi extraBuildFlags+=(--option "build-users-group" "$buildUsersGroup") # Inherit binary caches from the host -# TODO: will this still work with Nix 1.12 now that it has no perl? Probably not... +# TODO: will this still work with Nix 1.12 now that it has no perl? Probably not... binary_caches="$(@perl@/bin/perl -I @nix@/lib/perl5/site_perl/*/* -e 'use Nix::Config; Nix::Config::readConfig; print $Nix::Config::config{"binary-caches"};')" extraBuildFlags+=(--option "binary-caches" "$binary_caches") @@ -113,8 +113,33 @@ if [[ -z "$closure" ]]; then fi unset NIXOS_CONFIG -# TODO: do I need to set NIX_SUBSTITUTERS here or is the --option binary-caches above enough? - +# These get created in nixos-prepare-root as well, but we want to make sure they're here in case we're +# running with --chroot. TODO: --chroot should just be split into a separate tool. +mkdir -m 0755 -p "$mountPoint/dev" "$mountPoint/proc" "$mountPoint/sys" + +# Set up some bind mounts we'll want regardless of chroot or not +mount --rbind /dev "$mountPoint/dev" +mount --rbind /proc "$mountPoint/proc" +mount --rbind /sys "$mountPoint/sys" + +# If we asked for a chroot, that means we're not actually installing anything (yeah I was confused too) +# and we just want to run a command in the context of a $mountPoint that we're assuming has already been +# set up by a previous nixos-install invocation. In that case we set up some remaining bind mounts and +# exec the requested command, skipping the rest of the installation procedure. +if [ -n "$runChroot" ]; then + mount -t tmpfs -o "mode=0755" none $mountPoint/run + rm -rf $mountPoint/var/run + ln -s /run $mountPoint/var/run + for f in /etc/resolv.conf /etc/hosts; do rm -f $mountPoint/$f; [ -f "$f" ] && cp -Lf $f $mountPoint/etc/; done + for f in /etc/passwd /etc/group; do touch $mountPoint/$f; [ -f "$f" ] && mount --rbind -o ro $f $mountPoint/$f; done + + if ! [ -L $mountPoint/nix/var/nix/profiles/system ]; then + echo "$0: installation not finished; cannot chroot into installation directory" + exit 1 + fi + ln -s /nix/var/nix/profiles/system $mountPoint/run/current-system + exec chroot $mountPoint "${chrootCommand[@]}" +fi # A place to drop temporary closures trap "rm -rf $tmpdir" EXIT @@ -153,9 +178,7 @@ nix-store --export $channel_root > $channel_closure # nixos-prepare-root doesn't currently do anything with file ownership, so we set it up here instead chown @root_uid@:@nixbld_gid@ $mountPoint/nix/store -mount --rbind /dev $mountPoint/dev -mount --rbind /proc $mountPoint/proc -mount --rbind /sys $mountPoint/sys + # Grub needs an mtab. ln -sfn /proc/mounts $mountPoint/etc/mtab diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index d6684ad9511e..b3477fba8ae1 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -355,6 +355,7 @@ ./services/monitoring/collectd.nix ./services/monitoring/das_watchdog.nix ./services/monitoring/dd-agent/dd-agent.nix + ./services/monitoring/fusion-inventory.nix ./services/monitoring/grafana.nix ./services/monitoring/graphite.nix ./services/monitoring/hdaps.nix @@ -426,6 +427,7 @@ ./services/networking/ddclient.nix ./services/networking/dhcpcd.nix ./services/networking/dhcpd.nix + ./services/networking/dnscache.nix ./services/networking/dnschain.nix ./services/networking/dnscrypt-proxy.nix ./services/networking/dnscrypt-wrapper.nix @@ -526,6 +528,7 @@ ./services/networking/tcpcrypt.nix ./services/networking/teamspeak3.nix ./services/networking/tinc.nix + ./services/networking/tinydns.nix ./services/networking/tftpd.nix ./services/networking/tox-bootstrapd.nix ./services/networking/toxvpn.nix diff --git a/nixos/modules/services/databases/influxdb.nix b/nixos/modules/services/databases/influxdb.nix index eeab33309fda..15b711f57b13 100644 --- a/nixos/modules/services/databases/influxdb.nix +++ b/nixos/modules/services/databases/influxdb.nix @@ -170,11 +170,16 @@ in mkdir -m 0770 -p ${cfg.dataDir} if [ "$(id -u)" = 0 ]; then chown -R ${cfg.user}:${cfg.group} ${cfg.dataDir}; fi ''; - postStart = mkBefore '' - until ${pkgs.curl.bin}/bin/curl -s -o /dev/null ${if configOptions.http.https-enabled then "-k https" else "http"}://127.0.0.1${toString configOptions.http.bind-address}/ping; do - sleep 1; - done - ''; + postStart = + let + scheme = if configOptions.http.https-enabled then "-k https" else "http"; + bindAddr = (ba: if hasPrefix ":" ba then "127.0.0.1${ba}" else "${ba}")(toString configOptions.http.bind-address); + in + mkBefore '' + until ${pkgs.curl.bin}/bin/curl -s -o /dev/null ${scheme}://${bindAddr}/ping; do + sleep 1; + done + ''; }; users.extraUsers = optional (cfg.user == "influxdb") { diff --git a/nixos/modules/services/desktops/gnome3/at-spi2-core.nix b/nixos/modules/services/desktops/gnome3/at-spi2-core.nix index 6e4c59f4bb37..55ed2d9ee21b 100644 --- a/nixos/modules/services/desktops/gnome3/at-spi2-core.nix +++ b/nixos/modules/services/desktops/gnome3/at-spi2-core.nix @@ -34,6 +34,8 @@ with lib; services.dbus.packages = [ pkgs.at_spi2_core ]; + systemd.packages = [ pkgs.at_spi2_core ]; + }; } diff --git a/nixos/modules/services/desktops/gnome3/evolution-data-server.nix b/nixos/modules/services/desktops/gnome3/evolution-data-server.nix index 2db2e2fe1c34..86a47488d865 100644 --- a/nixos/modules/services/desktops/gnome3/evolution-data-server.nix +++ b/nixos/modules/services/desktops/gnome3/evolution-data-server.nix @@ -4,9 +4,6 @@ with lib; -let - gnome3 = config.environment.gnome3.packageSet; -in { ###### interface @@ -33,11 +30,11 @@ in config = mkIf config.services.gnome3.evolution-data-server.enable { - environment.systemPackages = [ gnome3.evolution_data_server ]; + environment.systemPackages = [ pkgs.gnome3.evolution_data_server ]; - services.dbus.packages = [ gnome3.evolution_data_server ]; + services.dbus.packages = [ pkgs.gnome3.evolution_data_server ]; - systemd.packages = [ gnome3.evolution_data_server ]; + systemd.packages = [ pkgs.gnome3.evolution_data_server ]; }; diff --git a/nixos/modules/services/desktops/gnome3/gnome-disks.nix b/nixos/modules/services/desktops/gnome3/gnome-disks.nix index 33c4bc49f982..139534cdb892 100644 --- a/nixos/modules/services/desktops/gnome3/gnome-disks.nix +++ b/nixos/modules/services/desktops/gnome3/gnome-disks.nix @@ -4,9 +4,6 @@ with lib; -let - gnome3 = config.environment.gnome3.packageSet; -in { ###### interface @@ -33,9 +30,9 @@ in config = mkIf config.services.gnome3.gnome-disks.enable { - environment.systemPackages = [ gnome3.gnome-disk-utility ]; + environment.systemPackages = [ pkgs.gnome3.gnome-disk-utility ]; - services.dbus.packages = [ gnome3.gnome-disk-utility ]; + services.dbus.packages = [ pkgs.gnome3.gnome-disk-utility ]; }; diff --git a/nixos/modules/services/desktops/gnome3/gnome-documents.nix b/nixos/modules/services/desktops/gnome3/gnome-documents.nix index 88bbdadfcbdd..f6efb6684240 100644 --- a/nixos/modules/services/desktops/gnome3/gnome-documents.nix +++ b/nixos/modules/services/desktops/gnome3/gnome-documents.nix @@ -4,9 +4,6 @@ with lib; -let - gnome3 = config.environment.gnome3.packageSet; -in { ###### interface @@ -33,9 +30,9 @@ in config = mkIf config.services.gnome3.gnome-documents.enable { - environment.systemPackages = [ gnome3.gnome-documents ]; + environment.systemPackages = [ pkgs.gnome3.gnome-documents ]; - services.dbus.packages = [ gnome3.gnome-documents ]; + services.dbus.packages = [ pkgs.gnome3.gnome-documents ]; services.gnome3.gnome-online-accounts.enable = true; diff --git a/nixos/modules/services/desktops/gnome3/gnome-keyring.nix b/nixos/modules/services/desktops/gnome3/gnome-keyring.nix index a36643a1cfb3..2a68af5a7dd8 100644 --- a/nixos/modules/services/desktops/gnome3/gnome-keyring.nix +++ b/nixos/modules/services/desktops/gnome3/gnome-keyring.nix @@ -4,9 +4,6 @@ with lib; -let - gnome3 = config.environment.gnome3.packageSet; -in { ###### interface @@ -34,9 +31,9 @@ in config = mkIf config.services.gnome3.gnome-keyring.enable { - environment.systemPackages = [ gnome3.gnome_keyring ]; + environment.systemPackages = [ pkgs.gnome3.gnome_keyring ]; - services.dbus.packages = [ gnome3.gnome_keyring gnome3.gcr ]; + services.dbus.packages = [ pkgs.gnome3.gnome_keyring pkgs.gnome3.gcr ]; }; diff --git a/nixos/modules/services/desktops/gnome3/gnome-online-accounts.nix b/nixos/modules/services/desktops/gnome3/gnome-online-accounts.nix index 82d04c62c70d..0da4aca73ecb 100644 --- a/nixos/modules/services/desktops/gnome3/gnome-online-accounts.nix +++ b/nixos/modules/services/desktops/gnome3/gnome-online-accounts.nix @@ -4,9 +4,6 @@ with lib; -let - gnome3 = config.environment.gnome3.packageSet; -in { ###### interface @@ -33,9 +30,9 @@ in config = mkIf config.services.gnome3.gnome-online-accounts.enable { - environment.systemPackages = [ gnome3.gnome_online_accounts ]; + environment.systemPackages = [ pkgs.gnome3.gnome_online_accounts ]; - services.dbus.packages = [ gnome3.gnome_online_accounts ]; + services.dbus.packages = [ pkgs.gnome3.gnome_online_accounts ]; }; diff --git a/nixos/modules/services/desktops/gnome3/gnome-online-miners.nix b/nixos/modules/services/desktops/gnome3/gnome-online-miners.nix index 6acd633b62c9..d406bf6f5e39 100644 --- a/nixos/modules/services/desktops/gnome3/gnome-online-miners.nix +++ b/nixos/modules/services/desktops/gnome3/gnome-online-miners.nix @@ -4,9 +4,6 @@ with lib; -let - gnome3 = config.environment.gnome3.packageSet; -in { ###### interface @@ -33,9 +30,9 @@ in config = mkIf config.services.gnome3.gnome-online-miners.enable { - environment.systemPackages = [ gnome3.gnome-online-miners ]; + environment.systemPackages = [ pkgs.gnome3.gnome-online-miners ]; - services.dbus.packages = [ gnome3.gnome-online-miners ]; + services.dbus.packages = [ pkgs.gnome3.gnome-online-miners ]; }; diff --git a/nixos/modules/services/desktops/gnome3/gnome-terminal-server.nix b/nixos/modules/services/desktops/gnome3/gnome-terminal-server.nix index 384cede679c6..3ac767bfa00d 100644 --- a/nixos/modules/services/desktops/gnome3/gnome-terminal-server.nix +++ b/nixos/modules/services/desktops/gnome3/gnome-terminal-server.nix @@ -4,9 +4,6 @@ with lib; -let - gnome3 = config.environment.gnome3.packageSet; -in { ###### interface @@ -33,11 +30,11 @@ in config = mkIf config.services.gnome3.gnome-terminal-server.enable { - environment.systemPackages = [ gnome3.gnome_terminal ]; + environment.systemPackages = [ pkgs.gnome3.gnome_terminal ]; - services.dbus.packages = [ gnome3.gnome_terminal ]; + services.dbus.packages = [ pkgs.gnome3.gnome_terminal ]; - systemd.packages = [ gnome3.gnome_terminal ]; + systemd.packages = [ pkgs.gnome3.gnome_terminal ]; }; diff --git a/nixos/modules/services/desktops/gnome3/gnome-user-share.nix b/nixos/modules/services/desktops/gnome3/gnome-user-share.nix index e5c94cff7c84..1f6ce2ae968e 100644 --- a/nixos/modules/services/desktops/gnome3/gnome-user-share.nix +++ b/nixos/modules/services/desktops/gnome3/gnome-user-share.nix @@ -4,9 +4,6 @@ with lib; -let - gnome3 = config.environment.gnome3.packageSet; -in { ###### interface @@ -33,9 +30,9 @@ in config = mkIf config.services.gnome3.gnome-user-share.enable { - environment.systemPackages = [ gnome3.gnome-user-share ]; + environment.systemPackages = [ pkgs.gnome3.gnome-user-share ]; - services.xserver.displayManager.sessionCommands = with gnome3; '' + services.xserver.displayManager.sessionCommands = with pkgs.gnome3; '' # Don't let gnome-control-center depend upon gnome-user-share export XDG_DATA_DIRS=$XDG_DATA_DIRS''${XDG_DATA_DIRS:+:}${gnome-user-share}/share/gsettings-schemas/${gnome-user-share.name} ''; diff --git a/nixos/modules/services/desktops/gnome3/gpaste.nix b/nixos/modules/services/desktops/gnome3/gpaste.nix index 0954cd2713aa..5a8258775e0a 100644 --- a/nixos/modules/services/desktops/gnome3/gpaste.nix +++ b/nixos/modules/services/desktops/gnome3/gpaste.nix @@ -1,11 +1,8 @@ # GPaste daemon. -{ config, lib, ... }: +{ config, lib, pkgs, ... }: with lib; -let - gnome3 = config.environment.gnome3.packageSet; -in { ###### interface options = { @@ -22,9 +19,9 @@ in ###### implementation config = mkIf config.services.gnome3.gpaste.enable { - environment.systemPackages = [ gnome3.gpaste ]; - services.dbus.packages = [ gnome3.gpaste ]; - services.xserver.desktopManager.gnome3.sessionPath = [ gnome3.gpaste ]; - systemd.packages = [ gnome3.gpaste ]; + environment.systemPackages = [ pkgs.gnome3.gpaste ]; + services.dbus.packages = [ pkgs.gnome3.gpaste ]; + services.xserver.desktopManager.gnome3.sessionPath = [ pkgs.gnome3.gpaste ]; + systemd.packages = [ pkgs.gnome3.gpaste ]; }; } diff --git a/nixos/modules/services/desktops/gnome3/gvfs.nix b/nixos/modules/services/desktops/gnome3/gvfs.nix index 6bbabe8d3c56..4e99d191f18c 100644 --- a/nixos/modules/services/desktops/gnome3/gvfs.nix +++ b/nixos/modules/services/desktops/gnome3/gvfs.nix @@ -4,9 +4,6 @@ with lib; -let - gnome3 = config.environment.gnome3.packageSet; -in { ###### interface @@ -33,11 +30,11 @@ in config = mkIf config.services.gnome3.gvfs.enable { - environment.systemPackages = [ gnome3.gvfs ]; + environment.systemPackages = [ pkgs.gnome3.gvfs ]; - services.dbus.packages = [ gnome3.gvfs ]; + services.dbus.packages = [ pkgs.gnome3.gvfs ]; - systemd.packages = [ gnome3.gvfs ]; + systemd.packages = [ pkgs.gnome3.gvfs ]; services.udev.packages = [ pkgs.libmtp.bin ]; diff --git a/nixos/modules/services/desktops/gnome3/seahorse.nix b/nixos/modules/services/desktops/gnome3/seahorse.nix index 45925aaca9b9..e9ad738269e4 100644 --- a/nixos/modules/services/desktops/gnome3/seahorse.nix +++ b/nixos/modules/services/desktops/gnome3/seahorse.nix @@ -4,9 +4,6 @@ with lib; -let - gnome3 = config.environment.gnome3.packageSet; -in { ###### interface @@ -32,9 +29,9 @@ in config = mkIf config.services.gnome3.seahorse.enable { - environment.systemPackages = [ gnome3.seahorse ]; + environment.systemPackages = [ pkgs.gnome3.seahorse ]; - services.dbus.packages = [ gnome3.seahorse ]; + services.dbus.packages = [ pkgs.gnome3.seahorse ]; }; diff --git a/nixos/modules/services/desktops/gnome3/sushi.nix b/nixos/modules/services/desktops/gnome3/sushi.nix index ff7f484602c7..7a4389038b22 100644 --- a/nixos/modules/services/desktops/gnome3/sushi.nix +++ b/nixos/modules/services/desktops/gnome3/sushi.nix @@ -4,9 +4,6 @@ with lib; -let - gnome3 = config.environment.gnome3.packageSet; -in { ###### interface @@ -32,9 +29,9 @@ in config = mkIf config.services.gnome3.sushi.enable { - environment.systemPackages = [ gnome3.sushi ]; + environment.systemPackages = [ pkgs.gnome3.sushi ]; - services.dbus.packages = [ gnome3.sushi ]; + services.dbus.packages = [ pkgs.gnome3.sushi ]; }; diff --git a/nixos/modules/services/desktops/gnome3/tracker.nix b/nixos/modules/services/desktops/gnome3/tracker.nix index dcaa60103a3b..c061f7890499 100644 --- a/nixos/modules/services/desktops/gnome3/tracker.nix +++ b/nixos/modules/services/desktops/gnome3/tracker.nix @@ -4,9 +4,6 @@ with lib; -let - gnome3 = config.environment.gnome3.packageSet; -in { ###### interface @@ -33,11 +30,11 @@ in config = mkIf config.services.gnome3.tracker.enable { - environment.systemPackages = [ gnome3.tracker ]; + environment.systemPackages = [ pkgs.gnome3.tracker ]; - services.dbus.packages = [ gnome3.tracker ]; + services.dbus.packages = [ pkgs.gnome3.tracker ]; - systemd.packages = [ gnome3.tracker ]; + systemd.packages = [ pkgs.gnome3.tracker ]; }; diff --git a/nixos/modules/services/misc/gitolite.nix b/nixos/modules/services/misc/gitolite.nix index 6bb8adeccf79..f395b9558b5a 100644 --- a/nixos/modules/services/misc/gitolite.nix +++ b/nixos/modules/services/misc/gitolite.nix @@ -41,6 +41,15 @@ in ''; }; + enableGitAnnex = mkOption { + type = types.bool; + default = false; + description = '' + Enable git-annex support. Uses the <literal>extraGitoliteRc</literal> option + to apply the necessary configuration. + ''; + }; + commonHooks = mkOption { type = types.listOf types.path; default = []; @@ -75,6 +84,8 @@ in will need to take any customizations you may have in <literal>~/.gitolite.rc</literal>, convert them to appropriate Perl statements, add them to this option, and remove the file. + + See also the <literal>enableGitAnnex</literal> option. ''; }; @@ -124,6 +135,11 @@ in ''} >>"$out/gitolite.rc" ''; in { + services.gitolite.extraGitoliteRc = optionalString cfg.enableGitAnnex '' + # Enable git-annex support: + push( @{$RC{ENABLE}}, 'git-annex-shell ua'); + ''; + users.extraUsers.${cfg.user} = { description = "Gitolite user"; home = cfg.dataDir; @@ -198,6 +214,7 @@ in ''; }; - environment.systemPackages = [ pkgs.gitolite pkgs.git ]; + environment.systemPackages = [ pkgs.gitolite pkgs.git ] + ++ optional cfg.enableGitAnnex pkgs.gitAndTools.git-annex; }); } diff --git a/nixos/modules/services/monitoring/fusion-inventory.nix b/nixos/modules/services/monitoring/fusion-inventory.nix new file mode 100644 index 000000000000..1c00f3c299e9 --- /dev/null +++ b/nixos/modules/services/monitoring/fusion-inventory.nix @@ -0,0 +1,66 @@ +# Fusion Inventory daemon. +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.services.fusionInventory; + + configFile = pkgs.writeText "fusion_inventory.conf" '' + server = ${concatStringsSep ", " cfg.servers} + + logger = stderr + + ${cfg.extraConfig} + ''; + +in { + + ###### interface + + options = { + + services.fusionInventory = { + + enable = mkEnableOption "Fusion Inventory Agent"; + + servers = mkOption { + type = types.listOf types.str; + description = '' + The urls of the OCS/GLPI servers to connect to. + ''; + }; + + extraConfig = mkOption { + default = ""; + type = types.lines; + description = '' + Configuration that is injected verbatim into the configuration file. + ''; + }; + }; + }; + + + ###### implementation + + config = mkIf cfg.enable { + + users.extraUsers = singleton { + name = "fusion-inventory"; + description = "FusionInventory user"; + }; + + systemd.services."fusion-inventory" = { + description = "Fusion Inventory Agent"; + wantedBy = [ "multi-user.target" ]; + + environment = { + OPTIONS = "--no-category=software"; + }; + serviceConfig = { + ExecStart = "${pkgs.fusionInventory}/bin/fusioninventory-agent --conf-file=${configFile} --daemon --no-fork"; + }; + }; + }; +} diff --git a/nixos/modules/services/network-filesystems/nfsd.nix b/nixos/modules/services/network-filesystems/nfsd.nix index 7d127145101b..1a78f9a76a33 100644 --- a/nixos/modules/services/network-filesystems/nfsd.nix +++ b/nixos/modules/services/network-filesystems/nfsd.nix @@ -27,6 +27,14 @@ in ''; }; + extraNfsdConfig = mkOption { + type = types.str; + default = ""; + description = '' + Extra configuration options for the [nfsd] section of /etc/nfs.conf. + ''; + }; + exports = mkOption { type = types.lines; default = ""; @@ -107,6 +115,7 @@ in [nfsd] threads=${toString cfg.nproc} ${optionalString (cfg.hostName != null) "host=${cfg.hostName}"} + ${cfg.extraNfsdConfig} [mountd] ${optionalString (cfg.mountdPort != null) "port=${toString cfg.mountdPort}"} diff --git a/nixos/modules/services/networking/dnscache.nix b/nixos/modules/services/networking/dnscache.nix new file mode 100644 index 000000000000..f782be97f6fa --- /dev/null +++ b/nixos/modules/services/networking/dnscache.nix @@ -0,0 +1,86 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.services.dnscache; + + dnscache-root = pkgs.runCommand "dnscache-root" {} '' + mkdir -p $out/{servers,ip} + + ${concatMapStrings (ip: '' + echo > "$out/ip/"${lib.escapeShellArg ip} + '') cfg.clientIps} + + ${concatStrings (mapAttrsToList (host: ips: '' + ${concatMapStrings (ip: '' + echo ${lib.escapeShellArg ip} > "$out/servers/"${lib.escapeShellArg host} + '') ips} + '') cfg.domainServers)} + + # djbdns contains an outdated list of root servers; + # if one was not provided in config, provide a current list + if [ ! -e servers/@ ]; then + awk '/^.?.ROOT-SERVERS.NET/ { print $4 }' ${pkgs.dns-root-data}/root.hints > $out/servers/@ + fi + ''; + +in { + + ###### interface + + options = { + services.dnscache = { + enable = mkOption { + default = false; + type = types.bool; + description = "Whether to run the dnscache caching dns server"; + }; + + ip = mkOption { + default = "0.0.0.0"; + type = types.str; + description = "IP address on which to listen for connections"; + }; + + clientIps = mkOption { + default = [ "127.0.0.1" ]; + type = types.listOf types.str; + description = "client IP addresses (or prefixes) from which to accept connections"; + example = ["192.168" "172.23.75.82"]; + }; + + domainServers = mkOption { + default = { }; + type = types.attrsOf (types.listOf types.str); + description = "table of {hostname: server} pairs to use as authoritative servers for hosts (and subhosts)"; + example = { + "example.com" = ["8.8.8.8" "8.8.4.4"]; + }; + }; + }; + }; + + ###### implementation + + config = mkIf config.services.dnscache.enable { + environment.systemPackages = [ pkgs.djbdns ]; + users.extraUsers.dnscache = {}; + + systemd.services.dnscache = { + description = "djbdns dnscache server"; + wantedBy = [ "multi-user.target" ]; + path = with pkgs; [ bash daemontools djbdns ]; + preStart = '' + rm -rf /var/lib/dnscache + dnscache-conf dnscache dnscache /var/lib/dnscache ${config.services.dnscache.ip} + rm -rf /var/lib/dnscache/root + ln -sf ${dnscache-root} /var/lib/dnscache/root + ''; + script = '' + cd /var/lib/dnscache/ + exec ./run + ''; + }; + }; +} diff --git a/nixos/modules/services/networking/radicale.nix b/nixos/modules/services/networking/radicale.nix index 56f2e976cff5..391f4bdebbab 100644 --- a/nixos/modules/services/networking/radicale.nix +++ b/nixos/modules/services/networking/radicale.nix @@ -9,7 +9,7 @@ let confFile = pkgs.writeText "radicale.conf" cfg.config; # This enables us to default to version 2 while still not breaking configurations of people with version 1 - defaultPackage = if versionAtLeast "17.09" config.system.stateVersion then { + defaultPackage = if versionAtLeast config.system.stateVersion "17.09" then { pkg = pkgs.radicale2; text = "pkgs.radicale2"; } else { diff --git a/nixos/modules/services/networking/tinydns.nix b/nixos/modules/services/networking/tinydns.nix new file mode 100644 index 000000000000..184888ef05da --- /dev/null +++ b/nixos/modules/services/networking/tinydns.nix @@ -0,0 +1,54 @@ +{ config, lib, pkgs, ... }: + +with lib; + +{ + ###### interface + + options = { + services.tinydns = { + enable = mkOption { + default = false; + type = types.bool; + description = "Whether to run the tinydns dns server"; + }; + + data = mkOption { + type = types.lines; + default = ""; + description = "The DNS data to serve, in the format described by tinydns-data(8)"; + }; + + ip = mkOption { + default = "0.0.0.0"; + type = types.str; + description = "IP address on which to listen for connections"; + }; + }; + }; + + ###### implementation + + config = mkIf config.services.tinydns.enable { + environment.systemPackages = [ pkgs.djbdns ]; + + users.extraUsers.tinydns = {}; + + systemd.services.tinydns = { + description = "djbdns tinydns server"; + wantedBy = [ "multi-user.target" ]; + path = with pkgs; [ daemontools djbdns ]; + preStart = '' + rm -rf /var/lib/tinydns + tinydns-conf tinydns tinydns /var/lib/tinydns ${config.services.tinydns.ip} + cd /var/lib/tinydns/root/ + ln -sf ${pkgs.writeText "tinydns-data" config.services.tinydns.data} data + tinydns-data + ''; + script = '' + cd /var/lib/tinydns + exec ./run + ''; + }; + }; +} diff --git a/nixos/modules/services/networking/wireguard.nix b/nixos/modules/services/networking/wireguard.nix index 4f54b45639f6..eb08e7f90c0d 100644 --- a/nixos/modules/services/networking/wireguard.nix +++ b/nixos/modules/services/networking/wireguard.nix @@ -95,6 +95,14 @@ let type = with types; listOf (submodule peerOpts); }; + allowedIPsAsRoutes = mkOption { + example = false; + default = true; + type = types.bool; + description = '' + Determines whether to add allowed IPs as routes or not. + ''; + }; }; }; @@ -217,11 +225,11 @@ let "${ipCommand} link set up dev ${name}" - (map (peer: + (optionals (values.allowedIPsAsRoutes != false) (map (peer: (map (allowedIP: "${ipCommand} route replace ${allowedIP} dev ${name} table ${values.table}" ) peer.allowedIPs) - ) values.peers) + ) values.peers)) values.postSetup ]); diff --git a/nixos/modules/services/web-servers/apache-httpd/mediawiki.nix b/nixos/modules/services/web-servers/apache-httpd/mediawiki.nix index aa0fe4f14796..02695c1c43a1 100644 --- a/nixos/modules/services/web-servers/apache-httpd/mediawiki.nix +++ b/nixos/modules/services/web-servers/apache-httpd/mediawiki.nix @@ -83,11 +83,11 @@ let # Unpack Mediawiki and put the config file in its root directory. mediawikiRoot = pkgs.stdenv.mkDerivation rec { - name= "mediawiki-1.27.3"; + name= "mediawiki-1.29.1"; src = pkgs.fetchurl { - url = "http://download.wikimedia.org/mediawiki/1.27/${name}.tar.gz"; - sha256 = "08x8mvc0y1gwq8rg0zm98wc6hc5j8imb6dcpx6s7392j5dc71m0i"; + url = "http://download.wikimedia.org/mediawiki/1.29/${name}.tar.gz"; + sha256 = "03mpazbxvb011s2nmlw5p6dc43yjgl5yrsilmj1imyykm57bwb3m"; }; skins = config.skins; diff --git a/nixos/modules/services/x11/desktop-managers/gnome3.nix b/nixos/modules/services/x11/desktop-managers/gnome3.nix index 0abdc27bbfc6..ecf0abb1efd2 100644 --- a/nixos/modules/services/x11/desktop-managers/gnome3.nix +++ b/nixos/modules/services/x11/desktop-managers/gnome3.nix @@ -4,7 +4,6 @@ with lib; let cfg = config.services.xserver.desktopManager.gnome3; - gnome3 = config.environment.gnome3.packageSet; # Remove packages of ys from xs, based on their names removePackagesByName = xs: ys: @@ -28,7 +27,7 @@ let nixos-gsettings-desktop-schemas = pkgs.runCommand "nixos-gsettings-desktop-schemas" {} '' mkdir -p $out/share/gsettings-schemas/nixos-gsettings-overrides/glib-2.0/schemas - cp -rf ${gnome3.gsettings_desktop_schemas}/share/gsettings-schemas/gsettings-desktop-schemas*/glib-2.0/schemas/*.xml $out/share/gsettings-schemas/nixos-gsettings-overrides/glib-2.0/schemas + cp -rf ${pkgs.gnome3.gsettings_desktop_schemas}/share/gsettings-schemas/gsettings-desktop-schemas*/glib-2.0/schemas/*.xml $out/share/gsettings-schemas/nixos-gsettings-overrides/glib-2.0/schemas ${concatMapStrings (pkg: "cp -rf ${pkg}/share/gsettings-schemas/*/glib-2.0/schemas/*.xml $out/share/gsettings-schemas/nixos-gsettings-overrides/glib-2.0/schemas\n") cfg.extraGSettingsOverridePackages} @@ -61,7 +60,7 @@ in { example = literalExample "[ pkgs.gnome3.gpaste ]"; description = "Additional list of packages to be added to the session search path. Useful for gnome shell extensions or gsettings-conditionated autostart."; - apply = list: list ++ [ gnome3.gnome_shell gnome3.gnome-shell-extensions ]; + apply = list: list ++ [ pkgs.gnome3.gnome_shell pkgs.gnome3.gnome-shell-extensions ]; }; extraGSettingsOverrides = mkOption { @@ -79,13 +78,6 @@ in { debug = mkEnableOption "gnome-session debug messages"; }; - environment.gnome3.packageSet = mkOption { - default = null; - example = literalExample "pkgs.gnome3_22"; - description = "Which GNOME 3 package set to use."; - apply = p: if p == null then pkgs.gnome3 else p; - }; - environment.gnome3.excludePackages = mkOption { default = []; example = literalExample "[ pkgs.gnome3.totem ]"; @@ -169,26 +161,26 @@ in { # Update user dirs as described in http://freedesktop.org/wiki/Software/xdg-user-dirs/ ${pkgs.xdg-user-dirs}/bin/xdg-user-dirs-update - ${gnome3.gnome_session}/bin/gnome-session ${optionalString cfg.debug "--debug"} & + ${pkgs.gnome3.gnome_session}/bin/gnome-session ${optionalString cfg.debug "--debug"} & waitPID=$! ''; }; services.xserver.updateDbusEnvironment = true; - environment.variables.GIO_EXTRA_MODULES = [ "${lib.getLib gnome3.dconf}/lib/gio/modules" - "${gnome3.glib_networking.out}/lib/gio/modules" - "${gnome3.gvfs}/lib/gio/modules" ]; - environment.systemPackages = gnome3.corePackages ++ cfg.sessionPath - ++ (removePackagesByName gnome3.optionalPackages config.environment.gnome3.excludePackages); + environment.variables.GIO_EXTRA_MODULES = [ "${lib.getLib pkgs.gnome3.dconf}/lib/gio/modules" + "${pkgs.gnome3.glib_networking.out}/lib/gio/modules" + "${pkgs.gnome3.gvfs}/lib/gio/modules" ]; + environment.systemPackages = pkgs.gnome3.corePackages ++ cfg.sessionPath + ++ (removePackagesByName pkgs.gnome3.optionalPackages config.environment.gnome3.excludePackages); # Use the correct gnome3 packageSet networking.networkmanager.basePackages = { inherit (pkgs) networkmanager modemmanager wpa_supplicant; - inherit (gnome3) networkmanager_openvpn networkmanager_vpnc - networkmanager_openconnect networkmanager_fortisslvpn - networkmanager_pptp networkmanager_iodine - networkmanager_l2tp; }; + inherit (pkgs.gnome3) networkmanager_openvpn networkmanager_vpnc + networkmanager_openconnect networkmanager_fortisslvpn + networkmanager_pptp networkmanager_iodine + networkmanager_l2tp; }; # Needed for themes and backgrounds environment.pathsToLink = [ "/share" ]; diff --git a/nixos/modules/services/x11/display-managers/gdm.nix b/nixos/modules/services/x11/display-managers/gdm.nix index bd16f2210592..b0a3ff1bb753 100644 --- a/nixos/modules/services/x11/display-managers/gdm.nix +++ b/nixos/modules/services/x11/display-managers/gdm.nix @@ -5,8 +5,7 @@ with lib; let cfg = config.services.xserver.displayManager; - gnome3 = config.environment.gnome3.packageSet; - gdm = gnome3.gdm; + gdm = pkgs.gnome3.gdm; in @@ -103,7 +102,7 @@ in (filter (arg: arg != "-terminate") cfg.xserverArgs); GDM_SESSIONS_DIR = "${cfg.session.desktops}"; # Find the mouse - XCURSOR_PATH = "~/.icons:${gnome3.adwaita-icon-theme}/share/icons"; + XCURSOR_PATH = "~/.icons:${pkgs.gnome3.adwaita-icon-theme}/share/icons"; }; execCmd = "exec ${gdm}/bin/gdm"; }; @@ -127,7 +126,7 @@ in StandardError = "inherit"; }; - systemd.services.display-manager.path = [ gnome3.gnome_session ]; + systemd.services.display-manager.path = [ pkgs.gnome3.gnome_session ]; services.dbus.packages = [ gdm ]; @@ -186,7 +185,7 @@ in auth required pam_env.so envfile=${config.system.build.pamEnvironment} auth required pam_succeed_if.so uid >= 1000 quiet - auth optional ${gnome3.gnome_keyring}/lib/security/pam_gnome_keyring.so + auth optional ${pkgs.gnome3.gnome_keyring}/lib/security/pam_gnome_keyring.so auth ${if config.security.pam.enableEcryptfs then "required" else "sufficient"} pam_unix.so nullok likeauth ${optionalString config.security.pam.enableEcryptfs "auth required ${pkgs.ecryptfs}/lib/security/pam_ecryptfs.so unwrap"} @@ -206,7 +205,7 @@ in "session optional ${pkgs.ecryptfs}/lib/security/pam_ecryptfs.so"} session required pam_loginuid.so session optional ${pkgs.systemd}/lib/security/pam_systemd.so - session optional ${gnome3.gnome_keyring}/lib/security/pam_gnome_keyring.so auto_start + session optional ${pkgs.gnome3.gnome_keyring}/lib/security/pam_gnome_keyring.so auto_start ''; gdm-password.text = '' @@ -214,7 +213,7 @@ in auth required pam_env.so envfile=${config.system.build.pamEnvironment} auth required pam_succeed_if.so uid >= 1000 quiet - auth optional ${gnome3.gnome_keyring}/lib/security/pam_gnome_keyring.so + auth optional ${pkgs.gnome3.gnome_keyring}/lib/security/pam_gnome_keyring.so auth ${if config.security.pam.enableEcryptfs then "required" else "sufficient"} pam_unix.so nullok likeauth ${optionalString config.security.pam.enableEcryptfs "auth required ${pkgs.ecryptfs}/lib/security/pam_ecryptfs.so unwrap"} @@ -233,7 +232,7 @@ in "session optional ${pkgs.ecryptfs}/lib/security/pam_ecryptfs.so"} session required pam_loginuid.so session optional ${pkgs.systemd}/lib/security/pam_systemd.so - session optional ${gnome3.gnome_keyring}/lib/security/pam_gnome_keyring.so auto_start + session optional ${pkgs.gnome3.gnome_keyring}/lib/security/pam_gnome_keyring.so auto_start ''; gdm-autologin.text = '' diff --git a/nixos/modules/system/boot/systemd.nix b/nixos/modules/system/boot/systemd.nix index d12d0a06f444..ed1f5d20afb6 100644 --- a/nixos/modules/system/boot/systemd.nix +++ b/nixos/modules/system/boot/systemd.nix @@ -639,11 +639,7 @@ in Rules for creating and cleaning up temporary files automatically. See <citerefentry><refentrytitle>tmpfiles.d</refentrytitle><manvolnum>5</manvolnum></citerefentry> - for the exact format. You should not use this option to create - files required by systemd services, since there is no - guarantee that <command>systemd-tmpfiles</command> runs when - the system is reconfigured using - <command>nixos-rebuild</command>. + for the exact format. ''; }; diff --git a/nixos/modules/tasks/filesystems/zfs.nix b/nixos/modules/tasks/filesystems/zfs.nix index 145fae432c65..7fee99115329 100644 --- a/nixos/modules/tasks/filesystems/zfs.nix +++ b/nixos/modules/tasks/filesystems/zfs.nix @@ -140,6 +140,17 @@ in this once. ''; }; + + requestEncryptionCredentials = mkOption { + type = types.bool; + default = config.boot.zfs.enableUnstable; + description = '' + Request encryption keys or passwords for all encrypted datasets on import. + + Dataset encryption is only supported in zfsUnstable at the moment. + ''; + }; + }; services.zfs.autoSnapshot = { @@ -263,6 +274,10 @@ in assertion = !cfgZfs.forceImportAll || cfgZfs.forceImportRoot; message = "If you enable boot.zfs.forceImportAll, you must also enable boot.zfs.forceImportRoot"; } + { + assertion = cfgZfs.requestEncryptionCredentials -> cfgZfs.enableUnstable; + message = "This feature is only available for zfs unstable. Set the NixOS option boot.zfs.enableUnstable."; + } ]; boot = { @@ -306,6 +321,9 @@ in done echo if [[ -n "$msg" ]]; then echo "$msg"; fi + ${lib.optionalString cfgZfs.requestEncryptionCredentials '' + zfs load-key -a + ''} '') rootPools)); }; diff --git a/nixos/modules/tasks/network-interfaces-scripted.nix b/nixos/modules/tasks/network-interfaces-scripted.nix index 7ede8752bcc3..3512296dff4a 100644 --- a/nixos/modules/tasks/network-interfaces-scripted.nix +++ b/nixos/modules/tasks/network-interfaces-scripted.nix @@ -9,6 +9,12 @@ let interfaces = attrValues cfg.interfaces; hasVirtuals = any (i: i.virtual) interfaces; + slaves = concatMap (i: i.interfaces) (attrValues cfg.bonds) + ++ concatMap (i: i.interfaces) (attrValues cfg.bridges) + ++ concatMap (i: i.interfaces) (attrValues cfg.vswitches) + ++ concatMap (i: [i.interface]) (attrValues cfg.macvlans) + ++ concatMap (i: [i.interface]) (attrValues cfg.vlans); + # We must escape interfaces due to the systemd interpretation subsystemDevice = interface: "sys-subsystem-net-devices-${escapeSystemdPath interface}.device"; @@ -152,7 +158,11 @@ let in nameValuePair "network-addresses-${i.name}" { description = "Address configuration of ${i.name}"; - wantedBy = [ "network-setup.service" ]; + wantedBy = [ + "network-setup.service" + "network-link-${i.name}.service" + "network.target" + ]; # propagate stop and reload from network-setup partOf = [ "network-setup.service" ]; # order before network-setup because the routes that are configured @@ -206,7 +216,7 @@ let after = [ "dev-net-tun.device" "network-pre.target" ]; wantedBy = [ "network-setup.service" (subsystemDevice i.name) ]; partOf = [ "network-setup.service" ]; - before = [ "network-setup.service" (subsystemDevice i.name) ]; + before = [ "network-setup.service" ]; path = [ pkgs.iproute ]; serviceConfig = { Type = "oneshot"; @@ -232,7 +242,7 @@ let partOf = [ "network-setup.service" ] ++ optional v.rstp "mstpd.service"; after = [ "network-pre.target" ] ++ deps ++ optional v.rstp "mstpd.service" ++ concatMap (i: [ "network-addresses-${i}.service" "network-link-${i}.service" ]) v.interfaces; - before = [ "network-setup.service" (subsystemDevice n) ]; + before = [ "network-setup.service" ]; serviceConfig.Type = "oneshot"; serviceConfig.RemainAfterExit = true; path = [ pkgs.iproute ]; @@ -331,7 +341,7 @@ let partOf = [ "network-setup.service" ]; after = [ "network-pre.target" ] ++ deps ++ concatMap (i: [ "network-addresses-${i}.service" "network-link-${i}.service" ]) v.interfaces; - before = [ "network-setup.service" (subsystemDevice n) ]; + before = [ "network-setup.service" ]; serviceConfig.Type = "oneshot"; serviceConfig.RemainAfterExit = true; path = [ pkgs.iproute pkgs.gawk ]; @@ -369,7 +379,7 @@ let bindsTo = deps; partOf = [ "network-setup.service" ]; after = [ "network-pre.target" ] ++ deps; - before = [ "network-setup.service" (subsystemDevice n) ]; + before = [ "network-setup.service" ]; serviceConfig.Type = "oneshot"; serviceConfig.RemainAfterExit = true; path = [ pkgs.iproute ]; @@ -394,7 +404,7 @@ let bindsTo = deps; partOf = [ "network-setup.service" ]; after = [ "network-pre.target" ] ++ deps; - before = [ "network-setup.service" (subsystemDevice n) ]; + before = [ "network-setup.service" ]; serviceConfig.Type = "oneshot"; serviceConfig.RemainAfterExit = true; path = [ pkgs.iproute ]; @@ -422,7 +432,7 @@ let bindsTo = deps; partOf = [ "network-setup.service" ]; after = [ "network-pre.target" ] ++ deps; - before = [ "network-setup.service" (subsystemDevice n) ]; + before = [ "network-setup.service" ]; serviceConfig.Type = "oneshot"; serviceConfig.RemainAfterExit = true; path = [ pkgs.iproute ]; @@ -465,5 +475,8 @@ in config = mkMerge [ bondWarnings (mkIf (!cfg.useNetworkd) normalConfig) + { # Ensure slave interfaces are brought up + networking.interfaces = genAttrs slaves (i: {}); + } ]; } diff --git a/nixos/tests/radicale.nix b/nixos/tests/radicale.nix index 2c888469d0a4..f694fc75ef77 100644 --- a/nixos/tests/radicale.nix +++ b/nixos/tests/radicale.nix @@ -43,6 +43,7 @@ in }); }) ]; + system.stateVersion = "17.03"; }; radicale1_export = lib.recursiveUpdate radicale1 { services.radicale.extraArgs = [ |