From 172950661f59a16d3af17a41efff0aa33e26d666 Mon Sep 17 00:00:00 2001 From: Symphorien Gibol Date: Sat, 12 Oct 2019 12:00:00 +0000 Subject: nixos/system-config-printer: depends on packagekit --- nixos/modules/services/desktops/system-config-printer.nix | 3 +++ 1 file changed, 3 insertions(+) (limited to 'nixos') diff --git a/nixos/modules/services/desktops/system-config-printer.nix b/nixos/modules/services/desktops/system-config-printer.nix index 8a80be266b20..09c68c587b43 100644 --- a/nixos/modules/services/desktops/system-config-printer.nix +++ b/nixos/modules/services/desktops/system-config-printer.nix @@ -33,6 +33,9 @@ with lib; pkgs.system-config-printer ]; + # for $out/bin/install-printer-driver + services.packagekit.enable = true; + }; } -- cgit 1.4.1 From a68219b79bf9f6cd84d443b0eb94f38287c19cd4 Mon Sep 17 00:00:00 2001 From: edef Date: Tue, 8 Oct 2019 06:53:53 +0000 Subject: nixos/nix-daemon: don't refer to deprecated option aliases The `gc-` prefixed versions of these options have been deprecated since Nix 2.0. --- nixos/modules/services/continuous-integration/hydra/default.nix | 4 ++-- nixos/modules/services/misc/nix-daemon.nix | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) (limited to 'nixos') diff --git a/nixos/modules/services/continuous-integration/hydra/default.nix b/nixos/modules/services/continuous-integration/hydra/default.nix index 2da10a9a5e2a..30c5550f71c5 100644 --- a/nixos/modules/services/continuous-integration/hydra/default.nix +++ b/nixos/modules/services/continuous-integration/hydra/default.nix @@ -242,8 +242,8 @@ in environment.variables = hydraEnv; nix.extraOptions = '' - gc-keep-outputs = true - gc-keep-derivations = true + keep-outputs = true + keep-derivations = true # The default (`true') slows Nix down a lot since the build farm # has so many GC roots. diff --git a/nixos/modules/services/misc/nix-daemon.nix b/nixos/modules/services/misc/nix-daemon.nix index ff4e4f5b97d5..c1754c0e0ecb 100644 --- a/nixos/modules/services/misc/nix-daemon.nix +++ b/nixos/modules/services/misc/nix-daemon.nix @@ -152,8 +152,8 @@ in type = types.lines; default = ""; example = '' - gc-keep-outputs = true - gc-keep-derivations = true + keep-outputs = true + keep-derivations = true ''; description = "Additional text appended to nix.conf."; }; -- cgit 1.4.1 From ed4a09c6f362bdbb1a25d16078dde7580c933663 Mon Sep 17 00:00:00 2001 From: talyz Date: Sat, 19 Oct 2019 16:36:24 +0200 Subject: gitlab: Get rid of most 'already initialized constant'-warnings On start, unicorn, sidekiq and other parts running ruby code emits quite a few warnings similar to /var/gitlab/state/config/application.rb:202: warning: already initialized constant Gitlab::Application::LOOSE_EE_APP_ASSETS /nix/store/ysb0lgbzxp7a9y4yl8d4f9wrrzy9kafc-gitlab-ee-12.3.5/share/gitlab/config/application.rb:202: warning: previous definition of LOOSE_EE_APP_ASSETS was here /var/gitlab/state/lib/gitlab.rb:38: warning: already initialized constant Gitlab::COM_URL /nix/store/ysb0lgbzxp7a9y4yl8d4f9wrrzy9kafc-gitlab-ee-12.3.5/share/gitlab/lib/gitlab.rb:38: warning: previous definition of COM_URL was here This seems to be caused by the same ruby files being evaluated multiple times due to the paths being different - sometimes they're loaded using the direct path and sometimes through a symlink, due to our split between config and package data. To fix this, we make sure that the offending files in the state directory always reference the store path, regardless of that being the real file or a symlink. --- nixos/modules/services/misc/gitlab.nix | 1 - pkgs/applications/version-management/gitlab/default.nix | 9 ++++++++- 2 files changed, 8 insertions(+), 2 deletions(-) (limited to 'nixos') diff --git a/nixos/modules/services/misc/gitlab.nix b/nixos/modules/services/misc/gitlab.nix index 20b87af23a5a..f5d37172a101 100644 --- a/nixos/modules/services/misc/gitlab.nix +++ b/nixos/modules/services/misc/gitlab.nix @@ -666,7 +666,6 @@ in { "d ${gitlabConfig.production.shared.path}/artifacts 0750 ${cfg.user} ${cfg.group} -" "d ${gitlabConfig.production.shared.path}/lfs-objects 0750 ${cfg.user} ${cfg.group} -" "d ${gitlabConfig.production.shared.path}/pages 0750 ${cfg.user} ${cfg.group} -" - "L+ ${cfg.statePath}/lib - - - - ${cfg.packages.gitlab}/share/gitlab/lib" "L+ /run/gitlab/config - - - - ${cfg.statePath}/config" "L+ /run/gitlab/log - - - - ${cfg.statePath}/log" "L+ /run/gitlab/tmp - - - - ${cfg.statePath}/tmp" diff --git a/pkgs/applications/version-management/gitlab/default.nix b/pkgs/applications/version-management/gitlab/default.nix index 99b408bcef32..e6ed0ef53a22 100644 --- a/pkgs/applications/version-management/gitlab/default.nix +++ b/pkgs/applications/version-management/gitlab/default.nix @@ -1,7 +1,7 @@ { stdenv, lib, fetchurl, fetchFromGitLab, bundlerEnv , ruby, tzdata, git, nettools, nixosTests, nodejs , gitlabEnterprise ? false, callPackage, yarn -, yarn2nix-moretea +, yarn2nix-moretea, replace }: let @@ -118,6 +118,13 @@ stdenv.mkDerivation { sed -i '/ask_to_continue/d' lib/tasks/gitlab/two_factor.rake sed -ri -e '/log_level/a config.logger = Logger.new(STDERR)' config/environments/production.rb + + # Always require lib-files and application.rb through their store + # path, not their relative state directory path. This gets rid of + # warnings and means we don't have to link back to lib from the + # state directory. + ${replace}/bin/replace-literal -f -r -e '../lib' "$out/share/gitlab/lib" config + ${replace}/bin/replace-literal -f -r -e "require_relative 'application'" "require_relative '$out/share/gitlab/config/application'" config ''; buildPhase = '' -- cgit 1.4.1 From e2283d95336f5e495c0dec11a9eff6f52380e3a6 Mon Sep 17 00:00:00 2001 From: Astro Date: Thu, 17 Oct 2019 21:40:57 +0200 Subject: nixos/collectd: add plugin config --- nixos/modules/services/monitoring/collectd.nix | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) (limited to 'nixos') diff --git a/nixos/modules/services/monitoring/collectd.nix b/nixos/modules/services/monitoring/collectd.nix index 6a4c678eb21f..3d672613296f 100644 --- a/nixos/modules/services/monitoring/collectd.nix +++ b/nixos/modules/services/monitoring/collectd.nix @@ -16,8 +16,15 @@ let NotifyLevel "OKAY" + ${concatStrings (mapAttrsToList (plugin: pluginConfig: '' + LoadPlugin ${plugin} + + ${pluginConfig} + + '') cfg.plugins)} + ${concatMapStrings (f: '' - Include "${f}" + Include "${f}" '') cfg.include} ${cfg.extraConfig} @@ -68,6 +75,15 @@ in { type = listOf str; }; + plugins = mkOption { + default = {}; + example = { cpu = ""; memory = ""; network = "Server 192.168.1.1 25826"; }; + description = '' + Attribute set of plugin names to plugin config segments + ''; + type = types.attrsOf types.str; + }; + extraConfig = mkOption { default = ""; description = '' -- cgit 1.4.1 From 06abd2488673f4563d5ae157f9167dd13a6ce469 Mon Sep 17 00:00:00 2001 From: Astro Date: Sun, 20 Oct 2019 00:37:15 +0200 Subject: nixos/collectd: add option buildMinimalPackage --- nixos/modules/services/monitoring/collectd.nix | 21 +++++++++++++++++++-- pkgs/tools/system/collectd/plugins.nix | 2 ++ 2 files changed, 21 insertions(+), 2 deletions(-) (limited to 'nixos') diff --git a/nixos/modules/services/monitoring/collectd.nix b/nixos/modules/services/monitoring/collectd.nix index 3d672613296f..b2e44a1e3666 100644 --- a/nixos/modules/services/monitoring/collectd.nix +++ b/nixos/modules/services/monitoring/collectd.nix @@ -30,6 +30,15 @@ let ${cfg.extraConfig} ''; + package = + if cfg.buildMinimalPackage + then minimalPackage + else cfg.package; + + minimalPackage = cfg.package.override { + enabledPlugins = [ "syslog" ] ++ builtins.attrNames cfg.plugins; + }; + in { options.services.collectd = with types; { enable = mkEnableOption "collectd agent"; @@ -40,7 +49,15 @@ in { description = '' Which collectd package to use. ''; - type = package; + type = types.package; + }; + + buildMinimalPackage = mkOption { + default = false; + description = '' + Build a minimal collectd package with only the configured `services.collectd.plugins` + ''; + type = types.bool; }; user = mkOption { @@ -105,7 +122,7 @@ in { wantedBy = [ "multi-user.target" ]; serviceConfig = { - ExecStart = "${cfg.package}/sbin/collectd -C ${conf} -f"; + ExecStart = "${package}/sbin/collectd -C ${conf} -f"; User = cfg.user; Restart = "on-failure"; RestartSec = 3; diff --git a/pkgs/tools/system/collectd/plugins.nix b/pkgs/tools/system/collectd/plugins.nix index 10f850419872..8f0603b7cbdb 100644 --- a/pkgs/tools/system/collectd/plugins.nix +++ b/pkgs/tools/system/collectd/plugins.nix @@ -41,6 +41,8 @@ }: let + # All plugins and their dependencies. + # Please help complete this! plugins = { aggregation = {}; amqp = { -- cgit 1.4.1 From ca6c91e395763b3083b2cca40f733e66696d2506 Mon Sep 17 00:00:00 2001 From: Florian Klink Date: Fri, 18 Oct 2019 14:05:53 +0200 Subject: nixos/networkmanager: remove networking.networkmanager.dynamicHosts This option was removed because allowing (multiple) regular users to override host entries affecting the whole system opens up a huge attack vector. There seem to be very rare cases where this might be useful. Consider setting system-wide host entries using networking.hosts, provide them via the DNS server in your network, or use networking.networkmanager.appendNameservers to point your system to another (local) nameserver to set those entries. --- nixos/doc/manual/release-notes/rl-2003.xml | 14 +++- .../modules/services/networking/networkmanager.nix | 87 +++------------------- 2 files changed, 24 insertions(+), 77 deletions(-) (limited to 'nixos') diff --git a/nixos/doc/manual/release-notes/rl-2003.xml b/nixos/doc/manual/release-notes/rl-2003.xml index ab0951e831ce..33eba8002bab 100644 --- a/nixos/doc/manual/release-notes/rl-2003.xml +++ b/nixos/doc/manual/release-notes/rl-2003.xml @@ -85,7 +85,19 @@ - + + The dynamicHosts option has been removed from the + networkd + module. Allowing (multiple) regular users to override host entries + affecting the whole system opens up a huge attack vector. + There seem to be very rare cases where this might be useful. + Consider setting system-wide host entries using + networking.hosts, provide + them via the DNS server in your network, or use + environment.etc + to add a file into /etc/NetworkManager/dnsmasq.d + reconfiguring hostsdir. + diff --git a/nixos/modules/services/networking/networkmanager.nix b/nixos/modules/services/networking/networkmanager.nix index 3f1d0727d9bc..870a7264d268 100644 --- a/nixos/modules/services/networking/networkmanager.nix +++ b/nixos/modules/services/networking/networkmanager.nix @@ -17,9 +17,6 @@ let networkmanager-vpnc ] ++ optional (!delegateWireless && !enableIwd) wpa_supplicant; - dynamicHostsEnabled = - cfg.dynamicHosts.enable && cfg.dynamicHosts.hostsDirs != {}; - delegateWireless = config.networking.wireless.enable == true && cfg.unmanaged != []; enableIwd = cfg.wifi.backend == "iwd"; @@ -338,55 +335,20 @@ in { so you don't need to to that yourself. ''; }; - - dynamicHosts = { - enable = mkOption { - type = types.bool; - default = false; - description = '' - Enabling this option requires the - option to be - set to dnsmasq. If enabled, the directories - defined by the - - option will be set up when the service starts. The dnsmasq instance - managed by NetworkManager will then watch those directories for - hosts files (see the --hostsdir option of - dnsmasq). This way a non-privileged user can add or override DNS - entries on the local system (depending on what hosts directories - that are configured).. - ''; - }; - hostsDirs = mkOption { - type = with types; attrsOf (submodule { - options = { - user = mkOption { - type = types.str; - default = "root"; - description = '' - The user that will own the hosts directory. - ''; - }; - group = mkOption { - type = types.str; - default = "root"; - description = '' - The group that will own the hosts directory. - ''; - }; - }; - }); - default = {}; - description = '' - Defines a set of directories (relative to - /run/NetworkManager/hostdirs) that dnsmasq will - watch for hosts files. - ''; - }; - }; }; }; + imports = [ + (mkRemovedOptionModule ["networking" "networkmanager" "dynamicHosts"] '' + This option was removed because allowing (multiple) regular users to + override host entries affecting the whole system opens up a huge attack + vector. There seem to be very rare cases where this might be useful. + Consider setting system-wide host entries using networking.hosts, provide + them via the DNS server in your network, or use environment.etc + to add a file into /etc/NetworkManager/dnsmasq.d reconfiguring hostsdir. + '') + ]; + ###### implementation @@ -399,12 +361,6 @@ in { Except if you mark some interfaces as unmanaged by NetworkManager. ''; } - { assertion = !dynamicHostsEnabled || (dynamicHostsEnabled && cfg.dns == "dnsmasq"); - message = '' - To use networking.networkmanager.dynamicHosts you also need to set - `networking.networkmanager.dns = "dnsmasq"` - ''; - } ]; environment.etc = with pkgs; [ @@ -438,12 +394,6 @@ in { target = "NetworkManager/dispatcher.d/${dispatcherTypesSubdirMap.${s.type}}03userscript${lib.fixedWidthNumber 4 i}"; mode = "0544"; }) cfg.dispatcherScripts - ++ optional dynamicHostsEnabled - { target = "NetworkManager/dnsmasq.d/dyndns.conf"; - text = concatMapStrings (n: '' - hostsdir=/run/NetworkManager/hostsdirs/${n} - '') (attrNames cfg.dynamicHosts.hostsDirs); - } ++ optional cfg.enableStrongSwan { source = "${pkgs.networkmanager_strongswan}/lib/NetworkManager/VPN/nm-strongswan-service.name"; target = "NetworkManager/VPN/nm-strongswan-service.name"; @@ -491,21 +441,6 @@ in { systemd.services.ModemManager.aliases = [ "dbus-org.freedesktop.ModemManager1.service" ]; - systemd.services.nm-setup-hostsdirs = mkIf dynamicHostsEnabled { - wantedBy = [ "NetworkManager.service" ]; - before = [ "NetworkManager.service" ]; - partOf = [ "NetworkManager.service" ]; - script = concatStrings (mapAttrsToList (n: d: '' - mkdir -p "/run/NetworkManager/hostsdirs/${n}" - chown "${d.user}:${d.group}" "/run/NetworkManager/hostsdirs/${n}" - chmod 0775 "/run/NetworkManager/hostsdirs/${n}" - '') cfg.dynamicHosts.hostsDirs); - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - }; - }; - systemd.services.NetworkManager-dispatcher = { wantedBy = [ "network.target" ]; restartTriggers = [ configFile ]; -- cgit 1.4.1 From a16de399a169dde964d53e570e936def639ebdc2 Mon Sep 17 00:00:00 2001 From: Dima Date: Sat, 19 Oct 2019 19:26:44 +0200 Subject: release-notes 19.09: removal of non-LTS kernel attrs Even though the release obviously already happened, I think it might still make sense to add a short note about the attributes not being supported any longer (and going forward). (cherry picked from commit 7163d3a9df35904d0c9acc9f643fd70ee3108539) (cherry picked from commit a64b8c3c191af1317cfdc1ea4f4e5f881c4cf503) --- nixos/doc/manual/release-notes/rl-1909.xml | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'nixos') diff --git a/nixos/doc/manual/release-notes/rl-1909.xml b/nixos/doc/manual/release-notes/rl-1909.xml index 1b7ca76c2f05..422b219698eb 100644 --- a/nixos/doc/manual/release-notes/rl-1909.xml +++ b/nixos/doc/manual/release-notes/rl-1909.xml @@ -563,6 +563,18 @@ earlier version of NixOS. + + + Due to the short lifetime of non-LTS kernel releases package attributes like linux_5_1, + linux_5_2 and linux_5_3 have been removed to discourage dependence + on specific non-LTS kernel versions in stable NixOS releases. + + Going forward, versioned attributes like linux_4_9 will exist for LTS versions only. + Please use linux_latest or linux_testing if you depend on non-LTS + releases. Keep in mind that linux_latest and linux_testing will + change versions under the hood during the lifetime of a stable release and might include breaking changes. + + -- cgit 1.4.1 From 18ea428e76f1d127f40aa54c283183719edb523a Mon Sep 17 00:00:00 2001 From: worldofpeace Date: Sun, 20 Oct 2019 00:21:32 -0400 Subject: rl-1909: add note for blueman --- nixos/doc/manual/release-notes/rl-1909.xml | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'nixos') diff --git a/nixos/doc/manual/release-notes/rl-1909.xml b/nixos/doc/manual/release-notes/rl-1909.xml index 422b219698eb..359350953d2f 100644 --- a/nixos/doc/manual/release-notes/rl-1909.xml +++ b/nixos/doc/manual/release-notes/rl-1909.xml @@ -190,6 +190,13 @@ + + + has been added. + If you previously had blueman installed via please + migrate to using the NixOS module, as this would result in an insufficiently configured blueman. + + -- cgit 1.4.1 From 9a54d17799de20328170dedbd0acfc7a6aa4a938 Mon Sep 17 00:00:00 2001 From: Vladimír Čunát Date: Sun, 20 Oct 2019 19:04:03 +0200 Subject: nixos release notes: interfaces might get renamed Fixes #71086. --- nixos/doc/manual/release-notes/rl-1909.xml | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'nixos') diff --git a/nixos/doc/manual/release-notes/rl-1909.xml b/nixos/doc/manual/release-notes/rl-1909.xml index 359350953d2f..8bd353a34304 100644 --- a/nixos/doc/manual/release-notes/rl-1909.xml +++ b/nixos/doc/manual/release-notes/rl-1909.xml @@ -582,6 +582,15 @@ change versions under the hood during the lifetime of a stable release and might include breaking changes. + + + Because of the systemd upgrade, + some network interfaces might change their name. For details see + + upstream docs or + our ticket. + + -- cgit 1.4.1 From 9a91679b7ab5a5df6135c85192ff1f66cb8226f1 Mon Sep 17 00:00:00 2001 From: Aaron Andersen Date: Tue, 17 Sep 2019 21:14:50 -0400 Subject: nixos/httpd: remove deprecated extraSubservices option --- .../services/web-servers/apache-httpd/default.nix | 127 ++++----------------- .../apache-httpd/per-server-options.nix | 6 - 2 files changed, 24 insertions(+), 109 deletions(-) (limited to 'nixos') diff --git a/nixos/modules/services/web-servers/apache-httpd/default.nix b/nixos/modules/services/web-servers/apache-httpd/default.nix index b0374d949fc5..99304d0e48ae 100644 --- a/nixos/modules/services/web-servers/apache-httpd/default.nix +++ b/nixos/modules/services/web-servers/apache-httpd/default.nix @@ -31,70 +31,8 @@ let extraForeignModules = filter isAttrs extraModules; extraApacheModules = filter isString extraModules; - - makeServerInfo = cfg: { - # Canonical name must not include a trailing slash. - canonicalNames = - let defaultPort = (head (defaultListen cfg)).port; in - map (port: - (if cfg.enableSSL then "https" else "http") + "://" + - cfg.hostName + - (if port != defaultPort then ":${toString port}" else "") - ) (map (x: x.port) (getListen cfg)); - - # Admin address: inherit from the main server if not specified for - # a virtual host. - adminAddr = if cfg.adminAddr != null then cfg.adminAddr else mainCfg.adminAddr; - - vhostConfig = cfg; - serverConfig = mainCfg; - fullConfig = config; # machine config - }; - - allHosts = [mainCfg] ++ mainCfg.virtualHosts; - - callSubservices = serverInfo: defs: - let f = svc: - let - svcFunction = - if svc ? function then svc.function - # instead of using serviceType="mediawiki"; you can copy mediawiki.nix to any location outside nixpkgs, modify it at will, and use serviceExpression=./mediawiki.nix; - else if svc ? serviceExpression then import (toString svc.serviceExpression) - else import (toString "${toString ./.}/${if svc ? serviceType then svc.serviceType else svc.serviceName}.nix"); - config = (evalModules - { modules = [ { options = res.options; config = svc.config or svc; } ]; - check = false; - }).config; - defaults = { - extraConfig = ""; - extraModules = []; - extraModulesPre = []; - extraPath = []; - extraServerPath = []; - globalEnvVars = []; - robotsEntries = ""; - startupScript = ""; - enablePHP = false; - enablePerl = false; - phpOptions = ""; - options = {}; - documentRoot = null; - }; - res = defaults // svcFunction { inherit config lib pkgs serverInfo php; }; - in res; - in map f defs; - - - # !!! callSubservices is expensive - subservicesFor = cfg: callSubservices (makeServerInfo cfg) cfg.extraSubservices; - - mainSubservices = subservicesFor mainCfg; - - allSubservices = mainSubservices ++ concatMap subservicesFor mainCfg.virtualHosts; - - enableSSL = any (vhost: vhost.enableSSL) allHosts; @@ -188,13 +126,18 @@ let perServerConf = isMainServer: cfg: let - serverInfo = makeServerInfo cfg; - - subservices = callSubservices serverInfo cfg.extraSubservices; + # Canonical name must not include a trailing slash. + canonicalNames = + let defaultPort = (head (defaultListen cfg)).port; in + map (port: + (if cfg.enableSSL then "https" else "http") + "://" + + cfg.hostName + + (if port != defaultPort then ":${toString port}" else "") + ) (map (x: x.port) (getListen cfg)); maybeDocumentRoot = fold (svc: acc: if acc == null then svc.documentRoot else assert svc.documentRoot == null; acc - ) null ([ cfg ] ++ subservices); + ) null ([ cfg ]); documentRoot = if maybeDocumentRoot != null then maybeDocumentRoot else pkgs.runCommand "empty" { preferLocalBuild = true; } "mkdir -p $out"; @@ -209,15 +152,11 @@ let ''; - robotsTxt = - concatStringsSep "\n" (filter (x: x != "") ( - # If this is a vhost, the include the entries for the main server as well. - (if isMainServer then [] else [mainCfg.robotsEntries] ++ map (svc: svc.robotsEntries) mainSubservices) - ++ [cfg.robotsEntries] - ++ (map (svc: svc.robotsEntries) subservices))); + # If this is a vhost, the include the entries for the main server as well. + robotsTxt = concatStringsSep "\n" (filter (x: x != "") ([ cfg.robotsEntries ] ++ lib.optional (!isMainServer) mainCfg.robotsEntries)); in '' - ${concatStringsSep "\n" (map (n: "ServerName ${n}") serverInfo.canonicalNames)} + ${concatStringsSep "\n" (map (n: "ServerName ${n}") canonicalNames)} ${concatMapStrings (alias: "ServerAlias ${alias}\n") cfg.serverAliases} @@ -292,8 +231,6 @@ let in concatMapStrings makeDirConf cfg.servedDirs } - ${concatMapStrings (svc: svc.extraConfig) subservices} - ${cfg.extraConfig} ''; @@ -328,13 +265,10 @@ let ${let load = {name, path}: "LoadModule ${name}_module ${path}\n"; - allModules = - concatMap (svc: svc.extraModulesPre) allSubservices - ++ map (name: {inherit name; path = "${httpd}/modules/mod_${name}.so";}) apacheModules + allModules = map (name: {inherit name; path = "${httpd}/modules/mod_${name}.so";}) apacheModules ++ optional mainCfg.enableMellon { name = "auth_mellon"; path = "${pkgs.apacheHttpdPackages.mod_auth_mellon}/modules/mod_auth_mellon.so"; } - ++ optional enablePHP { name = "php${phpMajorVersion}"; path = "${php}/modules/libphp${phpMajorVersion}.so"; } - ++ optional enablePerl { name = "perl"; path = "${mod_perl}/modules/mod_perl.so"; } - ++ concatMap (svc: svc.extraModules) allSubservices + ++ optional mainCfg.enablePHP { name = "php${phpMajorVersion}"; path = "${php}/modules/libphp${phpMajorVersion}.so"; } + ++ optional mainCfg.enablePerl { name = "perl"; path = "${mod_perl}/modules/mod_perl.so"; } ++ extraForeignModules; in concatMapStrings load (unique allModules) } @@ -385,17 +319,10 @@ let } ''; - - enablePHP = mainCfg.enablePHP || any (svc: svc.enablePHP) allSubservices; - - enablePerl = mainCfg.enablePerl || any (svc: svc.enablePerl) allSubservices; - - # Generate the PHP configuration file. Should probably be factored # out into a separate module. phpIni = pkgs.runCommand "php.ini" - { options = concatStringsSep "\n" - ([ mainCfg.phpOptions ] ++ (map (svc: svc.phpOptions) allSubservices)); + { options = mainCfg.phpOptions; preferLocalBuild = true; } '' @@ -408,6 +335,10 @@ in { + imports = [ + (mkRemovedOptionModule [ "services" "httpd" "extraSubservices" ] "Most existing subservices have been ported to the NixOS module system. Please update your configuration accordingly.") + ]; + ###### interface options = { @@ -637,8 +568,6 @@ in message = "SSL is enabled for httpd, but sslServerCert and/or sslServerKey haven't been specified."; } ]; - warnings = map (cfg: "apache-httpd's extraSubservices option is deprecated. Most existing subservices have been ported to the NixOS module system. Please update your configuration accordingly.") (lib.filter (cfg: cfg.extraSubservices != []) allHosts); - users.users = optionalAttrs (mainCfg.user == "wwwrun") (singleton { name = "wwwrun"; group = mainCfg.group; @@ -651,7 +580,7 @@ in gid = config.ids.gids.wwwrun; }); - environment.systemPackages = [httpd] ++ concatMap (svc: svc.extraPath) allSubservices; + environment.systemPackages = [httpd]; services.httpd.phpOptions = '' @@ -674,13 +603,11 @@ in path = [ httpd pkgs.coreutils pkgs.gnugrep ] - ++ optional enablePHP pkgs.system-sendmail # Needed for PHP's mail() function. - ++ concatMap (svc: svc.extraServerPath) allSubservices; + ++ optional mainCfg.enablePHP pkgs.system-sendmail; # Needed for PHP's mail() function. environment = - optionalAttrs enablePHP { PHPRC = phpIni; } - // optionalAttrs mainCfg.enableMellon { LD_LIBRARY_PATH = "${pkgs.xmlsec}/lib"; } - // (listToAttrs (concatMap (svc: svc.globalEnvVars) allSubservices)); + optionalAttrs mainCfg.enablePHP { PHPRC = phpIni; } + // optionalAttrs mainCfg.enableMellon { LD_LIBRARY_PATH = "${pkgs.xmlsec}/lib"; }; preStart = '' @@ -698,12 +625,6 @@ in for i in $(${pkgs.utillinux}/bin/ipcs -s | grep ' ${mainCfg.user} ' | cut -f2 -d ' '); do ${pkgs.utillinux}/bin/ipcrm -s $i done - - # Run the startup hooks for the subservices. - for i in ${toString (map (svn: svn.startupScript) allSubservices)}; do - echo Running Apache startup hook $i... - $i - done ''; serviceConfig.ExecStart = "@${httpd}/bin/httpd httpd -f ${httpdConf}"; diff --git a/nixos/modules/services/web-servers/apache-httpd/per-server-options.nix b/nixos/modules/services/web-servers/apache-httpd/per-server-options.nix index 9d747549c274..c36207d54607 100644 --- a/nixos/modules/services/web-servers/apache-httpd/per-server-options.nix +++ b/nixos/modules/services/web-servers/apache-httpd/per-server-options.nix @@ -133,12 +133,6 @@ with lib; ''; }; - extraSubservices = mkOption { - type = types.listOf types.unspecified; - default = []; - description = "Extra subservices to enable in the webserver."; - }; - enableUserDir = mkOption { type = types.bool; default = false; -- cgit 1.4.1 From aa910d164d478dfb871bc6a8db416ca887cfc8f7 Mon Sep 17 00:00:00 2001 From: Tor Hedin Brønner Date: Mon, 21 Oct 2019 17:01:44 +0200 Subject: nixos/seahorse: use seahorse's askpass by default --- nixos/modules/programs/seahorse.nix | 2 ++ 1 file changed, 2 insertions(+) (limited to 'nixos') diff --git a/nixos/modules/programs/seahorse.nix b/nixos/modules/programs/seahorse.nix index c08b0a85374c..b229d2a2c0db 100644 --- a/nixos/modules/programs/seahorse.nix +++ b/nixos/modules/programs/seahorse.nix @@ -31,6 +31,8 @@ with lib; config = mkIf config.programs.seahorse.enable { + programs.ssh.askPassword = mkDefault "${pkgs.gnome3.seahorse}/libexec/seahorse/ssh-askpass"; + environment.systemPackages = [ pkgs.gnome3.seahorse ]; -- cgit 1.4.1 From fe143bac5b8dbdbdc9332abc3f2acdf839652c9e Mon Sep 17 00:00:00 2001 From: Malte Brandy Date: Mon, 21 Oct 2019 22:36:27 +0200 Subject: nixos/redis: Disable hugepages for redis via sysctl and not via a systemd-oneshot --- nixos/modules/services/databases/redis.nix | 14 +++----------- 1 file changed, 3 insertions(+), 11 deletions(-) (limited to 'nixos') diff --git a/nixos/modules/services/databases/redis.nix b/nixos/modules/services/databases/redis.nix index 9c389d80a6df..5861323e5ea0 100644 --- a/nixos/modules/services/databases/redis.nix +++ b/nixos/modules/services/databases/redis.nix @@ -186,9 +186,9 @@ in config = mkIf config.services.redis.enable { - boot.kernel.sysctl = mkIf cfg.vmOverCommit { - "vm.overcommit_memory" = "1"; - }; + boot.kernel.sysctl = { + "vm.nr_hugepages" = "0"; + } // mkIf cfg.vmOverCommit { "vm.overcommit_memory" = "1"; }; networking.firewall = mkIf cfg.openFirewall { allowedTCPPorts = [ cfg.port ]; @@ -198,14 +198,6 @@ in environment.systemPackages = [ cfg.package ]; - systemd.services.disable-transparent-huge-pages = { - description = "Disable Transparent Huge Pages (required by Redis)"; - before = [ "redis.service" ]; - wantedBy = [ "redis.service" ]; - script = "echo never > /sys/kernel/mm/transparent_hugepage/enabled"; - serviceConfig.Type = "oneshot"; - }; - systemd.services.redis = { description = "Redis Server"; -- cgit 1.4.1