Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 9aa57902cc9b
Choose a base ref
...
head repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 23e431387ba3
Choose a head ref
51 contributors

Commits on Dec 16, 2018

  1. duplicacy: init at 2.1.2

    @ffinkdevs
    ffinkdevs committed Dec 16, 2018
    Copy the full SHA
    a21de12 View commit details

Commits on Dec 17, 2018

  1. Apply suggestions from code review 

    Co-Authored-By: ffinkdevs <fink@h0st.space>
    @Mic92 @ffinkdevs
    Mic92 and ffinkdevs authored Dec 17, 2018
    Copy the full SHA
    9e293b3 View commit details

Commits on Feb 15, 2019

  1. rippled-validatior-keys-tool: init at d7774bcc

    Jaka Hudoklin committed Feb 15, 2019
    Copy the full SHA
    2e93908 View commit details

Commits on Feb 19, 2019

  1. td: init at 0.16.4

    @groodt
    groodt committed Feb 19, 2019
    Copy the full SHA
    82f9523 View commit details

Commits on Mar 9, 2019

  1. slurm: 18.08.5.2 -> 18.08.6.2

    @markuskowa
    markuskowa committed Mar 9, 2019
    Copy the full SHA
    a2331a2 View commit details

  2. nixos/tests: make slurm test more reliable

    @markuskowa
    markuskowa committed Mar 9, 2019
    Copy the full SHA
    62ea707 View commit details

Commits on Mar 11, 2019

  1. samsung-unified-linux-driver_1_00_36: init at 1.00.36

    Tomas Hlavaty committed Mar 11, 2019
    Copy the full SHA
    728689a View commit details

Commits on Mar 12, 2019

  1. dockerTools.buildImage.runAsRoot: preserve layers ordering at image u… 

    …npacking

This patch preserves the ordering of layers of a parent image when the
image is unpacked.

Fixes #55290
    @nlewo
    nlewo committed Mar 12, 2019
    Copy the full SHA
    fe68608 View commit details

Commits on Mar 13, 2019

  1. nixos/nginx: add return option to location

    @artemist
    artemist committed Mar 13, 2019
    Copy the full SHA
    fee854e View commit details

  2. terraform-providers: bump versions

    @stephengroat
    stephengroat authored Mar 13, 2019
    Copy the full SHA
    ee910c1 View commit details

Commits on Mar 14, 2019

  1. Merge branch 'master' into staging-next 

    Lots of rebuilds from master, apparently.
Hydra nixpkgs: ?compare=1509577
    @vcunat
    vcunat committed Mar 14, 2019
    Copy the full SHA
    0406640 View commit details

Commits on Mar 16, 2019

  1. filesystems: Add autoResize assertion 

    Assert that autoResize is only used when fsType is explicitly set to a
supported filesystem: if it's set to "auto", the default, the required
resizing tools won't be copied into the initrd even if the actual
filesystem is supported.
    @talyz
    talyz committed Mar 16, 2019
    Copy the full SHA
    0eb6d07 View commit details

  2. flow: 0.94.0 -> 0.95.1

    @marsam
    marsam committed Mar 16, 2019
    Copy the full SHA
    69756b8 View commit details

Commits on Mar 17, 2019

  1. plan9port: 2018-09-20 -> 2019-02-25

    @AndersonTorres
    AndersonTorres committed Mar 17, 2019
    Copy the full SHA
    e71445c View commit details

Commits on Mar 18, 2019

  1. linuxPackages.anbox: init at 2018-09-08 

    Co-authored-by: Luke Adams <luke.adams@belljar.io>
Co-authored-by: Volth <volth@webmaster.ms>
Co-authored-by: Jörg Thalheim <Mic92@users.noreply.github.com>
Co-authored-by: Edward Tjörnhammar <ed@cflags.cc>
Co-authored-by: Gabriel Ebner <gebner@gebner.org>
    @edwtjo @Mic92 @gebner
    5 people committed Mar 18, 2019
    Copy the full SHA
    dfa314c View commit details

  2. properties-cpp: init at 0.0.1 

    Co-authored-by: Luke Adams <luke.adams@belljar.io>
Co-authored-by: Volth <volth@webmaster.ms>
Co-authored-by: Jörg Thalheim <Mic92@users.noreply.github.com>
    @edwtjo @Mic92 @gebner
    4 people authored and gebner committed Mar 18, 2019
    Copy the full SHA
    07632cb View commit details

  3. anbox: init at 2019-03-07 

    Co-authored-by: Luke Adams <luke.adams@belljar.io>
Co-authored-by: Volth <volth@webmaster.ms>
Co-authored-by: Jörg Thalheim <Mic92@users.noreply.github.com>
Co-authored-by: Edward Tjörnhammar <ed@cflags.cc>
Co-authored-by: Gabriel Ebner <gebner@gebner.org>
    @edwtjo @Mic92 @gebner
    5 people committed Mar 18, 2019
    Copy the full SHA
    e42b5d9 View commit details

  4. nixos/anbox: init module 

    Co-authored-by: Luke Adams <luke.adams@belljar.io>
Co-authored-by: Volth <volth@webmaster.ms>
Co-authored-by: Jörg Thalheim <Mic92@users.noreply.github.com>
Co-authored-by: Edward Tjörnhammar <ed@cflags.cc>
Co-authored-by: Gabriel Ebner <gebner@gebner.org>
    @edwtjo @Mic92 @gebner
    5 people committed Mar 18, 2019
    Copy the full SHA
    0f03f28 View commit details

Commits on Mar 19, 2019

  1. strace: 4.26 -> 5.0 

    https://lists.strace.io/pipermail/strace-devel/2019-March/008672.html
    @dtzWill
    dtzWill committed Mar 19, 2019
    Copy the full SHA
    d0133e6 View commit details

Commits on Mar 20, 2019

  1. dnscrypt-proxy2: 2.0.15 -> 2.0.21

    @carlosdagos
    carlosdagos committed Mar 20, 2019
    Copy the full SHA
    0fd37a2 View commit details

  2. nix-review: 1.0.5 -> 2.0.0

    @Mic92
    Mic92 committed Mar 20, 2019
    Copy the full SHA
    eb5afaf View commit details

  3. doc/reviewing-contributions: nix-review instead of nox-review 

    It is faster, handles more edge cases and allows to test/review the built
packages interactively.
    @Mic92
    Mic92 committed Mar 20, 2019
    Copy the full SHA
    22d083e View commit details

  4. deco: 0.0.1 -> 0.0.2

    Rommel MARTINEZ committed Mar 20, 2019
    Copy the full SHA
    afea6fb View commit details

  5. maintainers: add ggpeti

    @ggPeti
    ggPeti committed Mar 20, 2019
    Copy the full SHA
    9fd4d6c View commit details

  6. musly: init at unstable-2017-04-26

    @ggPeti
    ggPeti committed Mar 20, 2019
    Copy the full SHA
    12e425c View commit details

  7. subversion_1_10: 1.10.3 -> 1.10.4 

    bugfix release for CVE-2018-11803 [0].

[0] https://subversion.apache.org/security/CVE-2018-11803-advisory.txt
    @andir
    andir committed Mar 20, 2019
    Copy the full SHA
    a6bb05b View commit details

  8. ldb: apply patch for CVE-2019-3824

    @andir
    andir committed Mar 20, 2019
    Copy the full SHA
    84c1b2f View commit details

  9. samba4: apply patch for CVE-2019-3824

    @andir
    andir committed Mar 20, 2019
    Copy the full SHA
    5acc543 View commit details

  10. rssh: mark as insecure 

    There seems to be a consensus among many packagers that RSSH is
probably no longer a good idea. There are a few fixes for some of the
issues but people should move on and use other software these days.

Removing it from further (stable) releases is probably a good idea. If
someone really needs it we still have it in the tree and they can
whitelist it again.
    @andir
    andir committed Mar 20, 2019
    Copy the full SHA
    8ff37d9 View commit details

  11. ccemux: 1.1.0 -> 1.1.1

    @CrazedProgrammer
    CrazedProgrammer committed Mar 20, 2019
    Copy the full SHA
    11919c3 View commit details

Commits on Mar 21, 2019

  1. openstackImage: set the / fsType to reenable root FS resizing 

    Since 34234dc, the reisizefs tool is
embeded only if the `fsType` starts with `ext`. The default `fsType`
value is `auto`.
    @nlewo
    nlewo committed Mar 21, 2019
    Copy the full SHA
    f116d04 View commit details

  2. musly: fix platforms 

    Co-Authored-By: ggPeti <ggpeti@gmail.com>
    @jtojnar @ggPeti
    jtojnar and ggPeti authored Mar 21, 2019
    Copy the full SHA
    e3521e9 View commit details

  3. python.pkgs.click: make patch version-agnostic

    Robert Schütz committed Mar 21, 2019
    Copy the full SHA
    0b87a56 View commit details

  4. elasticsearch-curator: add top-level package using older click 

    See #58023 for a discussion
of why this is necessary. The upstream issue can be found at
elastic/curator#1280.
    Robert Schütz committed Mar 21, 2019
    Copy the full SHA
    c0409de View commit details

  5. python.pkgs.envs: fix build

    Robert Schütz committed Mar 21, 2019
    Copy the full SHA
    76bfc09 View commit details

  6. python.pkgs.python-mapnik: fix build 

    fallout of #54182
    Robert Schütz committed Mar 21, 2019
    Copy the full SHA
    8519983 View commit details

  7. python.pkgs.tilestache: fix build

    Robert Schütz committed Mar 21, 2019
    Copy the full SHA
    48d1219 View commit details

  8. Revert "python-suds-jurko: disable the test suite" 

    This reverts commit c103b5b.
    Robert Schütz committed Mar 21, 2019
    Copy the full SHA
    56d9aff View commit details

  9. python.pkgs.suds-jurko: use pytest_3

    Robert Schütz committed Mar 21, 2019
    Copy the full SHA
    77ab988 View commit details

  10. mautrix-telegram: 0.5.0 -> 0.5.1

    @nyanloutre
    nyanloutre committed Mar 21, 2019
    Copy the full SHA
    2f69e36 View commit details

  11. gpgme: cross compilation

    @illegalprime
    illegalprime committed Mar 21, 2019
    Copy the full SHA
    aefea5f View commit details

  12. libatasmart: add build time cc

    @illegalprime
    illegalprime committed Mar 21, 2019
    Copy the full SHA
    d1f0f10 View commit details

  13. python.pkgs.retry: init at 0.9.2

    Robert Schütz committed Mar 21, 2019
    Copy the full SHA
    d716cad View commit details

  14. python.pkgs.pytest-server-fixtures: fix build

    Robert Schütz committed Mar 21, 2019
    Copy the full SHA
    dc88463 View commit details

  15. zsh: don't export HISTFILE and friends 

    Just set them normally.
Exporting them will propagate them to all executed programs
such as bash (as used by nix-shell or nix run),
and badness ensues when different formats are used.
    @dtzWill
    dtzWill committed Mar 21, 2019
    Copy the full SHA
    173f79f View commit details

  16. vimPlugins.nord-vim: init at 0.10.0

    @liff
    liff committed Mar 21, 2019
    Copy the full SHA
    48f13a3 View commit details

  17. eagle: 9.1.2 -> 9.3.1 

    Semi-automatic update generated by
https://github.com/ryantm/nixpkgs-update tools. This update was made
based on information from
https://repology.org/metapackage/eagle/versions
    @r-ryantm
    r-ryantm committed Mar 21, 2019
    Copy the full SHA
    6c14a2f View commit details

  18. nodePackages.indium: init at 3.4.1

    @terlar
    terlar committed Mar 21, 2019
    Copy the full SHA
    657ed24 View commit details

  19. sssd: 1.16.3 -> 1.16.4 

    https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_4.html

CVE-2019-3811, see notes.
    @dtzWill
    dtzWill committed Mar 21, 2019
    Copy the full SHA
    9595eb1 View commit details

  20. libwhich: init at 2019-03-20

    @dtzWill
    dtzWill committed Mar 21, 2019
    Copy the full SHA
    7fbe20a View commit details
Showing with 4,343 additions and 1,751 deletions.
  1. +1 −2 .github/PULL_REQUEST_TEMPLATE.md
  2. +14 −15 doc/languages-frameworks/python.section.md
  3. +5 −5 doc/reviewing-contributions.xml
  4. +11 −11 doc/submitting-changes.xml
  5. +10 −0 maintainers/maintainer-list.nix
  6. +4 −3 nixos/doc/manual/Makefile
  7. +3 −2 nixos/doc/manual/configuration/config-file.xml
  8. +56 −71 nixos/doc/manual/configuration/kubernetes.xml
  9. +70 −64 nixos/doc/manual/configuration/matrix.xml
  10. +7 −9 nixos/doc/manual/configuration/modularity.xml
  11. +3 −3 nixos/doc/manual/configuration/profiles.xml
  12. +5 −4 nixos/doc/manual/configuration/profiles/all-hardware.xml
  13. +6 −6 nixos/doc/manual/configuration/profiles/base.xml
  14. +5 −5 nixos/doc/manual/configuration/profiles/clone-config.xml
  15. +6 −4 nixos/doc/manual/configuration/profiles/demo.xml
  16. +6 −5 nixos/doc/manual/configuration/profiles/docker-container.xml
  17. +3 −2 nixos/doc/manual/configuration/profiles/graphical.xml
  18. +5 −3 nixos/doc/manual/configuration/profiles/hardened.xml
  19. +4 −3 nixos/doc/manual/configuration/profiles/headless.xml
  20. +12 −9 nixos/doc/manual/configuration/profiles/installation-device.xml
  21. +3 −3 nixos/doc/manual/configuration/profiles/minimal.xml
  22. +2 −0 nixos/doc/manual/configuration/profiles/qemu-guest.xml
  23. +3 −5 nixos/doc/manual/configuration/wireless.xml
  24. +14 −16 nixos/doc/manual/configuration/x-windows.xml
  25. +4 −4 nixos/doc/manual/installation/installing-virtualbox-guest.xml
  26. +3 −3 nixos/doc/manual/man-nixos-generate-config.xml
  27. +35 −37 nixos/doc/manual/man-nixos-rebuild.xml
  28. +2 −1 nixos/doc/manual/release-notes/rl-1809.xml
  29. +343 −300 nixos/doc/manual/release-notes/rl-1903.xml
  30. +11 −8 nixos/doc/manual/release-notes/rl-1909.xml
  31. +1 −0 nixos/modules/module-list.nix
  32. +3 −3 nixos/modules/programs/zsh/oh-my-zsh.xml
  33. +4 −3 nixos/modules/programs/zsh/zsh.nix
  34. +1 −1 nixos/modules/services/search/elasticsearch-curator.nix
  35. +17 −16 nixos/modules/services/web-apps/matomo-doc.xml
  36. +49 −33 nixos/modules/services/web-apps/nextcloud.xml
  37. +2 −1 nixos/modules/services/web-servers/nginx/default.nix
  38. +9 −0 nixos/modules/services/web-servers/nginx/location-options.nix
  39. +6 −1 nixos/modules/services/x11/xserver.nix
  40. +7 −0 nixos/modules/tasks/filesystems.nix
  41. +144 −0 nixos/modules/virtualisation/anbox.nix
  42. +1 −0 nixos/modules/virtualisation/openstack-config.nix
  43. +19 −7 nixos/tests/common/webroot/news-rss.xml
  44. +3 −0 nixos/tests/slurm.nix
  45. +33 −0 pkgs/applications/audio/musly/default.nix
  46. +3 −3 pkgs/applications/misc/deco/default.nix
  47. +2 −2 pkgs/applications/misc/joplin-desktop/default.nix
  48. +9 −9 pkgs/applications/networking/browsers/chromium/upstream-info.nix
  49. +397 −397 pkgs/applications/networking/browsers/firefox-bin/release_sources.nix
  50. +4 −4 pkgs/applications/networking/browsers/firefox/packages.nix
  51. +2 −2 pkgs/applications/networking/cluster/minishift/default.nix
  52. +34 −34 pkgs/applications/networking/cluster/terraform-providers/data.nix
  53. +3 −3 pkgs/applications/networking/gns3/default.nix
  54. +15 −0 pkgs/applications/networking/instant-messengers/riot/riot-desktop-package.json
  55. +1,148 −0 pkgs/applications/networking/instant-messengers/riot/riot-desktop-yarndeps.nix
  56. +77 −0 pkgs/applications/networking/instant-messengers/riot/riot-desktop.nix
  57. +2 −2 pkgs/applications/science/electronics/eagle/eagle.nix
  58. +2 −2 pkgs/applications/science/logic/elan/default.nix
  59. +2 −2 pkgs/applications/version-management/subversion/default.nix
  60. +42 −0 pkgs/applications/window-managers/wmfs/default.nix
  61. +1 −1 pkgs/build-support/docker/default.nix
  62. +66 −66 pkgs/desktops/plasma-5/plasma-workspace/plasma-workspace.patch
  63. +1 −1 pkgs/development/arduino/platformio/chrootenv.nix
  64. +5 −1 pkgs/development/compilers/cudatoolkit/default.nix
  65. +0 −1 pkgs/development/haskell-modules/configuration-hackage2nix.yaml
  66. +2 −2 pkgs/development/interpreters/python/default.nix
  67. +2 −2 pkgs/development/libraries/fstrm/default.nix
  68. +4 −0 pkgs/development/libraries/gpgme/default.nix
  69. +11 −0 pkgs/development/libraries/ldb/default.nix
  70. +27 −0 pkgs/development/libraries/properties-cpp/default.nix
  71. +1 −0 pkgs/development/node-packages/node-packages-v10.json
  72. +375 −196 pkgs/development/node-packages/node-packages-v10.nix
  73. +6 −6 pkgs/development/python-modules/click/default.nix
  74. +0 −13 pkgs/development/python-modules/click/fix-paths.patch
  75. +3 −7 pkgs/development/python-modules/elasticsearch-curator/default.nix
  76. +3 −2 pkgs/development/python-modules/envs/default.nix
  77. +2 −2 pkgs/development/python-modules/fonttools/default.nix
  78. +8 −8 pkgs/development/python-modules/munkres/default.nix
  79. +2 −2 pkgs/development/python-modules/nbxmpp/default.nix
  80. +4 −4 pkgs/development/python-modules/pytest-server-fixtures/default.nix
  81. +29 −20 pkgs/development/python-modules/python-mapnik/default.nix
  82. +43 −0 pkgs/development/python-modules/retry/default.nix
  83. +7 −3 pkgs/development/python-modules/suds-jurko/default.nix
  84. +2 −1 pkgs/development/python-modules/tilestache/default.nix
  85. +2 −2 pkgs/development/tools/analysis/flow/default.nix
  86. +24 −0 pkgs/development/tools/misc/libwhich/default.nix
  87. +2 −2 pkgs/development/tools/misc/strace/default.nix
  88. +4 −4 pkgs/development/tools/skaffold/default.nix
  89. +116 −0 pkgs/misc/cups/drivers/samsung/1.00.36/default.nix
  90. +44 −0 pkgs/misc/cups/drivers/samsung/1.00.36/module.nix
  91. +4 −4 pkgs/misc/emulators/ccemux/default.nix
  92. +11 −0 pkgs/misc/vim-plugins/generated.nix
  93. +1 −0 pkgs/misc/vim-plugins/vim-plugin-names
  94. +127 −0 pkgs/os-specific/linux/anbox/default.nix
  95. +43 −0 pkgs/os-specific/linux/anbox/kmod.nix
  96. +2 −1 pkgs/os-specific/linux/libatasmart/default.nix
  97. +2 −10 pkgs/os-specific/linux/sssd/default.nix
  98. +2 −2 pkgs/servers/computing/slurm/default.nix
  99. +2 −2 pkgs/servers/mautrix-telegram/default.nix
  100. +34 −0 pkgs/servers/rippled/validator-keys-tool.nix
  101. +8 −0 pkgs/servers/samba/4.x.nix
  102. +5 −0 pkgs/shells/rssh/default.nix
  103. +32 −0 pkgs/tools/backup/duplicacy/default.nix
  104. +336 −0 pkgs/tools/backup/duplicacy/deps.nix
  105. +2 −2 pkgs/tools/graphics/gnuplot/default.nix
  106. +2 −2 pkgs/tools/misc/geekbench/default.nix
  107. +3 −0 pkgs/tools/misc/td/Gemfile
  108. +40 −0 pkgs/tools/misc/td/Gemfile.lock
  109. +15 −0 pkgs/tools/misc/td/default.nix
  110. +103 −0 pkgs/tools/misc/td/gemset.nix
  111. +2 −2 pkgs/tools/networking/dnscrypt-proxy/2.x/default.nix
  112. +2 −2 pkgs/tools/networking/fping/default.nix
  113. +2 −2 pkgs/tools/package-management/nix-review/default.nix
  114. +31 −33 pkgs/tools/system/plan9port/default.nix
  115. +0 −215 pkgs/tools/system/plan9port/sam_chord_9front.patch
  116. +37 −0 pkgs/top-level/all-packages.nix
  117. +2 −0 pkgs/top-level/python-packages.nix
3 changes: 1 addition & 2 deletions .github/PULL_REQUEST_TEMPLATE.md
View file
Original file line number Diff line number Diff line change
@@ -11,11 +11,10 @@
- [ ] macOS
- [ ] other Linux distributions
- [ ] Tested via one or more NixOS test(s) if existing and applicable for the change (look inside [nixos/tests](https://github.com/NixOS/nixpkgs/blob/master/nixos/tests))
- [ ] Tested compilation of all pkgs that depend on this change using `nix-shell -p nox --run "nox-review wip"`
- [ ] Tested compilation of all pkgs that depend on this change using `nix-shell -p nix-review --run "nix-review wip"`
- [ ] Tested execution of all binary files (usually in `./result/bin/`)
- [ ] Determined the impact on package closure size (by running `nix path-info -S` before and after)
- [ ] Assured whether relevant documentation is up to date
- [ ] Fits [CONTRIBUTING.md](https://github.com/NixOS/nixpkgs/blob/master/.github/CONTRIBUTING.md).

---

29 changes: 14 additions & 15 deletions doc/languages-frameworks/python.section.md
View file
Original file line number Diff line number Diff line change
@@ -188,25 +188,24 @@ building Python libraries is `buildPythonPackage`. Let's see how we can build th
```nix
{ lib, buildPythonPackage, fetchPypi }:
toolz = buildPythonPackage rec {
pname = "toolz";
version = "0.7.4";
buildPythonPackage rec {
pname = "toolz";
version = "0.7.4";
src = fetchPypi {
inherit pname version;
sha256 = "43c2c9e5e7a16b6c88ba3088a9bfc82f7db8e13378be7c78d6c14a5f8ed05afd";
};
src = fetchPypi {
inherit pname version;
sha256 = "43c2c9e5e7a16b6c88ba3088a9bfc82f7db8e13378be7c78d6c14a5f8ed05afd";
};
doCheck = false;
doCheck = false;
meta = with lib; {
homepage = https://github.com/pytoolz/toolz;
description = "List processing tools and functional utilities";
license = licenses.bsd3;
maintainers = with maintainers; [ fridh ];
};
meta = with lib; {
homepage = https://github.com/pytoolz/toolz;
description = "List processing tools and functional utilities";
license = licenses.bsd3;
maintainers = with maintainers; [ fridh ];
};
}
};
```

What happens here? The function `buildPythonPackage` is called and as argument
10 changes: 5 additions & 5 deletions doc/reviewing-contributions.xml
View file
Original file line number Diff line number Diff line change
@@ -189,14 +189,14 @@ $ git rebase --onto nixos-unstable BASEBRANCH FETCH_HEAD <co
</listitem>
<listitem>
<para>
The <link xlink:href="https://github.com/madjar/nox">nox</link> tool can
be used to review a pull request content in a single command. It doesn't
rebase on a channel branch so it might trigger multiple source builds.
The <link xlink:href="https://github.com/Mic92/nix-review">nix-review</link>
tool can be used to review a pull request content in a single command.
<varname>PRNUMBER</varname> should be replaced by the number at the end
of the pull request title.
of the pull request title. You can also provide the full github pull
request url.
</para>
<screen>
$ nix-shell -p nox --run "nox-review -k pr PRNUMBER"
$ nix-shell -p nix-review --run "nix-review pr PRNUMBER"
</screen>
</listitem>
</itemizedlist>
22 changes: 11 additions & 11 deletions doc/submitting-changes.xml
View file
Original file line number Diff line number Diff line change
@@ -351,26 +351,26 @@ Additional information.
</section>

<section xml:id="submitting-changes-tested-compilation">
<title>Tested compilation of all pkgs that depend on this change using <command>nox-review</command></title>
<title>Tested compilation of all pkgs that depend on this change using <command>nix-review</command></title>

<para>
If you are updating a package's version, you can use nox to make sure all
packages that depend on the updated package still compile correctly. This
can be done using the nox utility. The <command>nox-review</command>
utility can look for and build all dependencies either based on uncommited
changes with the <literal>wip</literal> option or specifying a github pull
request number.
If you are updating a package's version, you can use nix-review to make sure all
packages that depend on the updated package still compile correctly.
The <command>nix-review</command> utility can look for and build all dependencies
either based on uncommited changes with the <literal>wip</literal> option or
specifying a github pull request number.
</para>

<para>
review uncommitted changes:
<screen>nix-shell -p nox --run "nox-review wip"</screen>
review changes from pull request number 12345:
<screen>nix-shell -p nix-review --run "nix-review pr 12345"</screen>
</para>

<para>
review changes from pull request number 12345:
<screen>nix-shell -p nox --run "nox-review pr 12345"</screen>
review uncommitted changes:
<screen>nix-shell -p nix-review --run "nix-review wip"</screen>
</para>

</section>

<section xml:id="submitting-changes-tested-execution">
10 changes: 10 additions & 0 deletions maintainers/maintainer-list.nix
View file
Original file line number Diff line number Diff line change
@@ -1588,6 +1588,11 @@
github = "fdns";
name = "Felipe Espinoza";
};
ffinkdevs = {
email = "fink@h0st.space";
github = "ffinkdevs";
name = "Fabian Fink";
};
fgaz = {
email = "fgaz@fgaz.me";
github = "fgaz";
@@ -1770,6 +1775,11 @@
github = "Gerschtli";
name = "Tobias Happ";
};
ggpeti = {
email = "ggpeti@gmail.com";
github = "ggpeti";
name = "Peter Ferenczy";
};
gilligan = {
email = "tobias.pflug@gmail.com";
github = "gilligan";
7 changes: 4 additions & 3 deletions nixos/doc/manual/Makefile
View file
Original file line number Diff line number Diff line change
@@ -6,13 +6,14 @@ debug: generated manual-combined.xml

manual-combined.xml: generated *.xml **/*.xml
rm -f ./manual-combined.xml
nix-shell --packages xmloscopy \
nix-shell --pure -Q --packages xmloscopy \
--run "xmloscopy --docbook5 ./manual.xml ./manual-combined.xml"

.PHONY: format
format:
find ../../ -iname '*.xml' -type f -print0 | xargs -0 -I{} -n1 \
xmlformat --config-file "../xmlformat.conf" -i {}
nix-shell --pure -Q --packages xmlformat \
--run "find ../../ -iname '*.xml' -type f -print0 | xargs -0 -I{} -n1 \
xmlformat --config-file '../xmlformat.conf' -i {}"

.PHONY: fix-misc-xml
fix-misc-xml:
5 changes: 3 additions & 2 deletions nixos/doc/manual/configuration/config-file.xml
View file
Original file line number Diff line number Diff line change
@@ -200,8 +200,9 @@ swapDevices = [ { device = "/dev/disk/by-label/swap"; } ];
<xref linkend="opt-services.postgresql.package"/> = pkgs.postgresql_10;
</programlisting>
The latter option definition changes the default PostgreSQL package used
by NixOS’s PostgreSQL service to 10.x. For more information on packages,
including how to add new ones, see <xref linkend="sec-custom-packages"/>.
by NixOS’s PostgreSQL service to 10.x. For more information on
packages, including how to add new ones, see
<xref linkend="sec-custom-packages"/>.
</para>
</listitem>
</varlistentry>
127 changes: 56 additions & 71 deletions nixos/doc/manual/configuration/kubernetes.xml
View file
Original file line number Diff line number Diff line change
@@ -4,15 +4,13 @@
version="5.0"
xml:id="sec-kubernetes">
<title>Kubernetes</title>

<para>
The NixOS Kubernetes module is a collective term for a handful of
individual submodules implementing the Kubernetes cluster components.
The NixOS Kubernetes module is a collective term for a handful of individual
submodules implementing the Kubernetes cluster components.
</para>

<para>
There are generally two ways of enabling Kubernetes on NixOS.
One way is to enable and configure cluster components appropriately by hand:
There are generally two ways of enabling Kubernetes on NixOS. One way is to
enable and configure cluster components appropriately by hand:
<programlisting>
services.kubernetes = {
apiserver.enable = true;
@@ -33,95 +31,82 @@ services.kubernetes = {
<programlisting>
<xref linkend="opt-services.kubernetes.roles"/> = [ "node" ];
</programlisting>
Assigning both the master and node roles is usable if you want a single
node Kubernetes cluster for dev or testing purposes:
Assigning both the master and node roles is usable if you want a single node
Kubernetes cluster for dev or testing purposes:
<programlisting>
<xref linkend="opt-services.kubernetes.roles"/> = [ "master" "node" ];
</programlisting>
Note: Assigning either role will also default both
<xref linkend="opt-services.kubernetes.flannel.enable"/> and
<xref linkend="opt-services.kubernetes.easyCerts"/> to true.
This sets up flannel as CNI and activates automatic PKI bootstrapping.
<xref linkend="opt-services.kubernetes.easyCerts"/> to true. This sets up
flannel as CNI and activates automatic PKI bootstrapping.
</para>

<para>
As of kubernetes 1.10.X it has been deprecated to open
non-tls-enabled ports on kubernetes components. Thus, from NixOS 19.03 all
plain HTTP ports have been disabled by default.
While opening insecure ports is still possible, it is recommended not to
bind these to other interfaces than loopback.

To re-enable the insecure port on the apiserver, see options:
<xref linkend="opt-services.kubernetes.apiserver.insecurePort"/>
and
<xref linkend="opt-services.kubernetes.apiserver.insecureBindAddress"/>
As of kubernetes 1.10.X it has been deprecated to open non-tls-enabled ports
on kubernetes components. Thus, from NixOS 19.03 all plain HTTP ports have
been disabled by default. While opening insecure ports is still possible, it
is recommended not to bind these to other interfaces than loopback. To
re-enable the insecure port on the apiserver, see options:
<xref linkend="opt-services.kubernetes.apiserver.insecurePort"/> and
<xref linkend="opt-services.kubernetes.apiserver.insecureBindAddress"/>
</para>

<note>
<para>
As of NixOS 19.03, it is mandatory to configure:
<xref linkend="opt-services.kubernetes.masterAddress"/>.
The masterAddress must be resolveable and routeable by all cluster nodes.
In single node clusters, this can be set to <literal>localhost</literal>.
<xref linkend="opt-services.kubernetes.masterAddress"/>. The masterAddress
must be resolveable and routeable by all cluster nodes. In single node
clusters, this can be set to <literal>localhost</literal>.
</para>
</note>

<para>
Role-based access control (RBAC) authorization mode is enabled by default.
This means that anonymous requests to the apiserver secure port will
expectedly cause a permission denied error. All cluster components must
therefore be configured with x509 certificates for two-way tls communication.
The x509 certificate subject section determines the roles and permissions
granted by the apiserver to perform clusterwide or namespaced operations.
See also:
<link
Role-based access control (RBAC) authorization mode is enabled by default.
This means that anonymous requests to the apiserver secure port will
expectedly cause a permission denied error. All cluster components must
therefore be configured with x509 certificates for two-way tls communication.
The x509 certificate subject section determines the roles and permissions
granted by the apiserver to perform clusterwide or namespaced operations. See
also:
<link
xlink:href="https://kubernetes.io/docs/reference/access-authn-authz/rbac/">
Using RBAC Authorization</link>.
Using RBAC Authorization</link>.
</para>

<para>
The NixOS kubernetes module provides an option for automatic certificate
bootstrapping and configuration,
<xref linkend="opt-services.kubernetes.easyCerts"/>.
The PKI bootstrapping process involves setting up a certificate authority
(CA) daemon (cfssl) on the kubernetes master node. cfssl generates a CA-cert
for the cluster, and uses the CA-cert for signing subordinate certs issued to
each of the cluster components. Subsequently, the certmgr daemon monitors
active certificates and renews them when needed. For single node Kubernetes
clusters, setting <xref linkend="opt-services.kubernetes.easyCerts"/> = true
is sufficient and no further action is required. For joining extra node
machines to an existing cluster on the other hand, establishing initial trust
is mandatory.
<para>
The NixOS kubernetes module provides an option for automatic certificate
bootstrapping and configuration,
<xref linkend="opt-services.kubernetes.easyCerts"/>. The PKI bootstrapping
process involves setting up a certificate authority (CA) daemon (cfssl) on
the kubernetes master node. cfssl generates a CA-cert for the cluster, and
uses the CA-cert for signing subordinate certs issued to each of the cluster
components. Subsequently, the certmgr daemon monitors active certificates and
renews them when needed. For single node Kubernetes clusters, setting
<xref linkend="opt-services.kubernetes.easyCerts"/> = true is sufficient and
no further action is required. For joining extra node machines to an existing
cluster on the other hand, establishing initial trust is mandatory.
</para>

<para>
To add new nodes to the cluster:
On any (non-master) cluster node where
<xref linkend="opt-services.kubernetes.easyCerts"/> is enabled, the helper
script <literal>nixos-kubernetes-node-join</literal> is available on PATH.
Given a token on stdin, it will copy the token to the kubernetes
secrets directory and restart the certmgr service. As requested
certificates are issued, the script will restart kubernetes cluster
components as needed for them to pick up new keypairs.
To add new nodes to the cluster: On any (non-master) cluster node where
<xref linkend="opt-services.kubernetes.easyCerts"/> is enabled, the helper
script <literal>nixos-kubernetes-node-join</literal> is available on PATH.
Given a token on stdin, it will copy the token to the kubernetes secrets
directory and restart the certmgr service. As requested certificates are
issued, the script will restart kubernetes cluster components as needed for
them to pick up new keypairs.
</para>

<note>
<para>
Multi-master (HA) clusters are not supported by the easyCerts module.
</para>
</note>

<para>
In order to interact with an RBAC-enabled cluster as an administrator, one
needs to have cluster-admin privileges. By default, when easyCerts is
enabled, a cluster-admin kubeconfig file is generated and linked into
<literal>/etc/kubernetes/cluster-admin.kubeconfig</literal> as determined by
<xref linkend="opt-services.kubernetes.pki.etcClusterAdminKubeconfig"/>.
<literal>export KUBECONFIG=/etc/kubernetes/cluster-admin.kubeconfig</literal>
will make kubectl use this kubeconfig to access and authenticate the cluster.
The cluster-admin kubeconfig references an auto-generated keypair owned by
root. Thus, only root on the kubernetes master may obtain cluster-admin
rights by means of this file.
In order to interact with an RBAC-enabled cluster as an administrator, one
needs to have cluster-admin privileges. By default, when easyCerts is
enabled, a cluster-admin kubeconfig file is generated and linked into
<literal>/etc/kubernetes/cluster-admin.kubeconfig</literal> as determined by
<xref linkend="opt-services.kubernetes.pki.etcClusterAdminKubeconfig"/>.
<literal>export KUBECONFIG=/etc/kubernetes/cluster-admin.kubeconfig</literal>
will make kubectl use this kubeconfig to access and authenticate the cluster.
The cluster-admin kubeconfig references an auto-generated keypair owned by
root. Thus, only root on the kubernetes master may obtain cluster-admin
rights by means of this file.
</para>

</chapter>
Loading