| Commit message (Collapse) | Author | Age |
| |
|
| |
|
|\
| |
| | |
nixos/rspamd: Fix enable for locals and overrides
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When implementing #49620 I included an enable option for both the
locals and overrides options but the code writing the files didn't
actually look at enable and so would write the file regardless of its
value. I also set the type to loaOf which should have been attrsOf
since the code was not written to handle the options being lists.
This fixes both of those issues.
|
| |
| |
| |
| |
| |
| | |
The code in question does not support Nix 2.0 yet.
Closes https://github.com/NixOS/nixpkgs/issues/49793.
|
|\ \
| | |
| | | |
filesystems: escape spaces in fstab with \040
|
| | | |
|
|\ \ \
| |_|/
|/| | |
nixos/kubernetes: KubeDNS -> CoreDNS
|
| | | |
|
| | | |
|
|\ \ \
| | | |
| | | | |
Fix pkgsi686Linux assertion
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This was getting evaluated eagerly causing assertion failures in
aarch64 systems. We can replace usages of pkgs_i686 with
pkgs.pkgsi686Linux.
|
|\ \ \ \
| | | | |
| | | | | |
nixos/tomcat: add purifyOnStart option
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
With this option enabled, before creating file/directories/symlinks in baseDir
according to configuration, old occurences of them are removed.
This prevents remainders of an old configuration (libraries, webapps, you name
it) from persisting after activating a new configuration.
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
With `promtool` we can check the validity of a configuration before
deploying it. This avoids situations where you would end up with a
broken monitoring system without noticing it - since the monitoring
broke down. :-)
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
With a package option we can let the user decide what package to use for
prometheus without requiring an overlay.
|
|\ \ \ \ \
| | | | | |
| | | | | | |
nixos: programs.bash: Fix comment about completion
|
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
`XDG_DATA_DIRS` already includes what is typically the `share` directory.
Adding an extra `share` breaks it.
|
|\ \ \ \ \ \
| |/ / / / /
|/| | | | | |
solr: 4.10.3 -> 7.5.0, refactor service to reflect major changes in version bump
|
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
bump, NixOS test included
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | | |
sway-beta module: add missing pieces
|
| | |_|/ / /
| |/| | | | |
|
| | | | | | |
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | | |
nixos/rspamd: Add support for included files
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
By default rspamd will look for multiple files in /etc/rspamd/local.d
and /etc/rspamd/override.d to be included in subsections of the merged
final config for rspamd. Most of the config snippets in the official
rspamd documentation are made to these files and so it makes sense for
NixOS to support them and this is what this commit does.
As part of rspamd 1.8.1 support was added for having custom Lua
rules stored in $LOCAL_CONFDIR/rspamd.local.lua which means that it is
now possible for NixOS to support such rules and so this commit also
adds support for this to the rspamd module.
|
| |_|/ / / /
|/| | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Removes the old UI build tooling; it is no longer necessary
because as of 1.2.0 it's bundled into the server binary.
It doesn't even need to have JS built, because it's bundled into
the release commit's source tree (see #48714).
The UI is enabled by default, so the NixOS service is
updated to directly use `ui = webUi;` now.
Fixes #48714.
Fixes #44192.
Fixes #41243.
Fixes #35602.
Signed-off-by: Niklas Hambüchen <mail@nh2.me>
|
| | | | | | |
|
|\ \ \ \ \ \
| |_|/ / / /
|/| | | | | |
amazon-image: fix typo in comment
|
| | | | | |
| | | | | |
| | | | | | |
based on https://www.ec2instances.info/
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | | |
gitlab: refactor and fix test
|
| | | | | | | |
|
|/ / / / / /
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
This module permits to preload Docker image in a VM in order to reduce
OIs on file copies. This module has to be only used in testing
environments, when the test requires several Docker images such as in
Kubernetes tests. In this case,
`virtualisation.dockerPreloader.images` can replace the
`services.kubernetes.kubelet.seedDockerImages` options.
The idea is to populate the /var/lib/docker directory by mounting qcow
files (we uses qcow file to avoid permission issues) that contain images.
For each image specified in
config.virtualisation.dockerPreloader.images:
1. The image is loaded by Docker in a VM
2. The resulting /var/lib/docker is written to a QCOW file
This set of QCOW files can then be used to populate the
/var/lib/docker:
1. Each QCOW is mounted in the VM
2. Symlink are created from these mount points to /var/lib/docker
3. A /var/lib/docker/image/overlay2/repositories.json file is generated
4. The docker daemon is started.
|
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Signed-off-by: Austin Seipp <aseipp@pobox.com>
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Setting this variable in the environment of systemd-timedated allows
'timedatectl' to tell if an NTP service is running.
Closes #48917.
Signed-off-by: Austin Seipp <aseipp@pobox.com>
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | | |
nixos/syncthing: move configuration to condigDir
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
fixes #47513 following the upstream recommended settings:
https://github.com/syncthing/syncthing/issues/3434#issuecomment-235401876
|
|\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | | |
activation-script: add libc to path to provide nscd when needed
|
| | |_|_|_|/ /
| |/| | | | | |
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
before kill on shutdown
|
| |_|_|/ / /
|/| | | | | |
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
hass will ignore the standard SIGTERM sent by systemd during stop/restart and we
then have to wait for the timeout after which systemd will forcefully kill the
process.
If instead if we send SIGINT, hass will shut down nicely.
There are many issues reported upstream about the inability to shut down/restart
and it is *supposed* to work with SIGTERM but doesn't.
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | | |
improve shell.nix warning messages
|
| | | | | | | |
|
|\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | | |
nixos/ddclient: Fix #49258
|
| | |_|_|_|/ /
| |/| | | | | |
|
|\ \ \ \ \ \ \
| |_|_|/ / / /
|/| | | | | | |
nixos/containers: Introduce several tweaks to systemd-nspawn from upstream systemd
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
systemd
* Lets container@.service be activated by machines.target instead of
multi-user.target
According to the systemd manpages, all containers that are registered
by machinectl, should be inside machines.target for easy stopping
and starting container units altogether
* make sure container@.service and container.slice instances are
actually located in machine.slice
https://plus.google.com/112206451048767236518/posts/SYAueyXHeEX
See original commit: https://github.com/NixOS/systemd/commit/45d383a3b8
* Enable Cgroup delegation for nixos-containers
Delegate=yes should be set for container scopes where a systemd instance
inside the container shall manage the hierarchies below its own cgroup
and have access to all controllers.
This is equivalent to enabling all accounting options on the systemd
process inside the system container. This means that systemd inside
the container is responsible for managing Cgroup resources for
unit files that enable accounting options inside. Without this
option, units that make use of cgroup features within system
containers might misbehave
See original commit: https://github.com/NixOS/systemd/commit/a931ad47a8
from the manpage:
Turns on delegation of further resource control partitioning to
processes of the unit. Units where this is enabled may create and
manage their own private subhierarchy of control groups below the
control group of the unit itself. For unprivileged services (i.e.
those using the User= setting) the unit's control group will be made
accessible to the relevant user. When enabled the service manager
will refrain from manipulating control groups or moving processes
below the unit's control group, so that a clear concept of ownership
is established: the control group tree above the unit's control
group (i.e. towards the root control group) is owned and managed by
the service manager of the host, while the control group tree below
the unit's control group is owned and managed by the unit itself.
Takes either a boolean argument or a list of control group
controller names. If true, delegation is turned on, and all
supported controllers are enabled for the unit, making them
available to the unit's processes for management. If false,
delegation is turned off entirely (and no additional controllers are
enabled). If set to a list of controllers, delegation is turned on,
and the specified controllers are enabled for the unit. Note that
additional controllers than the ones specified might be made
available as well, depending on configuration of the containing
slice unit or other units contained in it. Note that assigning the
empty string will enable delegation, but reset the list of
controllers, all assignments prior to this will have no effect.
Defaults to false.
Note that controller delegation to less privileged code is only safe
on the unified control group hierarchy. Accordingly, access to the
specified controllers will not be granted to unprivileged services
on the legacy hierarchy, even when requested.
The following controller names may be specified: cpu, cpuacct, io,
blkio, memory, devices, pids. Not all of these controllers are
available on all kernels however, and some are specific to the
unified hierarchy while others are specific to the legacy hierarchy.
Also note that the kernel might support further controllers, which
aren't covered here yet as delegation is either not supported at all
for them or not defined cleanly.
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
(cherry picked from commit 4177dc3f774523fea7d181601d7c3301fda13790)
and
(cherry picked from commit a2f0c95baf57fb735dd47b5db73274f7e75df7c9)
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
(cherry picked from commit 6e6f839093ad080c3a61810e9720165faf103e81)
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
(cherry picked from commit 131131e58fc66365854f37f4fe2bf6ca01c8aed6)
|