Merge remote-tracking branch 'upstream/master' into HEAD

NixOS · Sep 5, 2017 · d7ef196 · d7ef196
2 parents 2b928b4 + a9e6068
commit d7ef196
Show file tree

Hide file tree

Showing 113 changed files with 2,896 additions and 15,462 deletions.
diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md
@@ -5,10 +5,7 @@
 
 <!-- Please check what applies. Note that these are not hard requirements but merely serve as information for reviewers. -->
 
-- [ ] Tested using sandboxing
-  ([nix.useSandbox](http://nixos.org/nixos/manual/options.html#opt-nix.useSandbox) on NixOS,
-    or option `build-use-sandbox` in [`nix.conf`](http://nixos.org/nix/manual/#sec-conf-file)
-    on non-NixOS)
+- [ ] Tested using sandboxing ([nix.useSandbox](http://nixos.org/nixos/manual/options.html#opt-nix.useSandbox) on NixOS, or option `build-use-sandbox` in [`nix.conf`](http://nixos.org/nix/manual/#sec-conf-file) on non-NixOS)
 - Built on platform(s)
    - [ ] NixOS
    - [ ] macOS

diff --git a/lib/licenses.nix b/lib/licenses.nix
@@ -198,7 +198,7 @@ lib.mapAttrs (n: v: v // { shortName = n; }) rec {
 
   eupl11 = spdx {
     spdxId = "EUPL-1.1";
-    fullname = "European Union Public License 1.1";
+    fullName = "European Union Public License 1.1";
   };
 
   fdl12 = spdx {
@@ -363,7 +363,7 @@ lib.mapAttrs (n: v: v // { shortName = n; }) rec {
   };
 
   miros = {
-    fullname = "MirOS License";
+    fullName = "MirOS License";
     url = https://opensource.org/licenses/MirOS;
   };
 

diff --git a/lib/maintainers.nix b/lib/maintainers.nix
@@ -252,6 +252,7 @@
   igsha = "Igor Sharonov <igor.sharonov@gmail.com>";
   ikervagyok = "Balázs Lengyel <ikervagyok@gmail.com>";
   infinisil = "Silvan Mosberger <infinisil@icloud.com>";
+  ironpinguin = "Michele Catalano <michele@catalano.de>";
   ivan-tkatchev = "Ivan Tkatchev <tkatchev@gmail.com>";
   j-keck = "Jürgen Keck <jhyphenkeck@gmail.com>";
   jagajaga = "Arseniy Seroka <ars.seroka@gmail.com>";

diff --git a/nixos/doc/manual/release-notes/rl-1709.xml b/nixos/doc/manual/release-notes/rl-1709.xml
@@ -193,6 +193,15 @@ rmdir /var/lib/ipfs/.ipfs
       No complete replacement for grsecurity/PaX is available presently.
     </para>
   </listitem>
+    <listitem>
+    <para>
+      The <literal>gnupg</literal> package used to suffix its programs
+      with <literal>2</literal>, like <command>gpg2</command> and
+      <command>gpgv2</command>. This suffix has since been dropped,
+      and the programs are now simply <command>gpg</command>,
+      <command>gpgv</command>, etc.
+    </para>
+  </listitem>
 </itemizedlist>
 
 <para>Other notable improvements:</para>

diff --git a/nixos/modules/config/i18n.nix b/nixos/modules/config/i18n.nix
@@ -43,7 +43,7 @@ with lib;
           <literal>"all"</literal> means that all locales supported by
           Glibc will be installed.  A full list of supported locales
           can be found at <link
-          xlink:href="http://sourceware.org/cgi-bin/cvsweb.cgi/libc/localedata/SUPPORTED?cvsroot=glibc"/>.
+          xlink:href="https://sourceware.org/git/?p=glibc.git;a=blob;f=localedata/SUPPORTED"/>.
         '';
       };
 

diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix
@@ -204,6 +204,7 @@
   ./services/desktops/gnome3/gnome-online-miners.nix
   ./services/desktops/gnome3/gnome-terminal-server.nix
   ./services/desktops/gnome3/gnome-user-share.nix
+  ./services/desktops/gnome3/gpaste.nix
   ./services/desktops/gnome3/gvfs.nix
   ./services/desktops/gnome3/seahorse.nix
   ./services/desktops/gnome3/sushi.nix
@@ -587,6 +588,7 @@
   ./services/web-apps/frab.nix
   ./services/web-apps/mattermost.nix
   ./services/web-apps/nixbot.nix
+  ./services/web-apps/nexus.nix
   ./services/web-apps/pgpkeyserver-lite.nix
   ./services/web-apps/piwik.nix
   ./services/web-apps/pump.io.nix

diff --git a/nixos/modules/services/desktops/gnome3/gpaste.nix b/nixos/modules/services/desktops/gnome3/gpaste.nix
@@ -0,0 +1,30 @@
+# GPaste daemon.
+{ config, lib, ... }:
+
+with lib;
+
+let
+  gnome3 = config.environment.gnome3.packageSet;
+in
+{
+  ###### interface
+  options = {
+    services.gnome3.gpaste = {
+      enable = mkOption {
+        type = types.bool;
+        default = false;
+        description = ''
+          Whether to enable GPaste, a clipboard manager.
+        '';
+      };
+    };
+  };
+
+  ###### implementation
+  config = mkIf config.services.gnome3.gpaste.enable {
+    environment.systemPackages = [ gnome3.gpaste ];
+    services.dbus.packages = [ gnome3.gpaste ];
+    services.xserver.desktopManager.gnome3.sessionPath = [ gnome3.gpaste ];
+    systemd.packages = [ gnome3.gpaste ];
+  };
+}
diff --git a/nixos/modules/services/misc/gitlab.nix b/nixos/modules/services/misc/gitlab.nix
@@ -10,7 +10,7 @@ let
   ruby = cfg.packages.gitlab.ruby;
   bundler = pkgs.bundler;
 
-  gemHome = "${cfg.packages.gitlab.ruby-env}/${ruby.gemPath}";
+  gemHome = "${cfg.packages.gitlab.rubyEnv}/${ruby.gemPath}";
 
   gitlabSocket = "${cfg.statePath}/tmp/sockets/gitlab.socket";
   gitalySocket = "${cfg.statePath}/tmp/sockets/gitaly.socket";
@@ -29,7 +29,13 @@ let
 
   gitalyToml = pkgs.writeText "gitaly.toml" ''
     socket_path = "${lib.escape ["\""] gitalySocket}"
-    # prometheus metrics
+    prometheus_listen_addr = "localhost:9236"
+
+    [gitaly-ruby]
+    dir = "${cfg.packages.gitaly.ruby}"
+
+    [gitlab-shell]
+    dir = "${cfg.packages.gitlab-shell}"
 
     ${concatStringsSep "\n" (attrValues (mapAttrs (k: v: ''
     [[storage]]
@@ -54,6 +60,11 @@ let
       namespace: resque:gitlab
   '';
 
+  redisYml = ''
+    production:
+      url: redis://localhost:6379/
+  '';
+
   secretsYml = ''
     production:
       secret_key_base: ${cfg.secrets.secret}
@@ -101,11 +112,22 @@ let
         upload_pack = true;
         receive_pack = true;
       };
+      workhorse = {
+        secret_file = "${cfg.statePath}/.gitlab_workhorse_secret";
+      };
       git = {
         bin_path = "git";
         max_size = 20971520; # 20MB
         timeout = 10;
       };
+      monitoring = {
+        ip_whitelist = [ "127.0.0.0/8" "::1/128" ];
+        sidekiq_exporter = {
+          enable = true;
+          address = "localhost";
+          port = 3807;
+        };
+      };
       extra = {};
     };
   };
@@ -123,19 +145,21 @@ let
     GITLAB_SHELL_CONFIG_PATH = "${cfg.statePath}/home/config.yml";
     GITLAB_SHELL_SECRET_PATH = "${cfg.statePath}/config/gitlab_shell_secret";
     GITLAB_SHELL_HOOKS_PATH = "${cfg.statePath}/home/hooks";
+    GITLAB_REDIS_CONFIG_FILE = pkgs.writeText "gitlab-redis.yml" redisYml;
+    prometheus_multiproc_dir = "/run/gitlab";
     RAILS_ENV = "production";
   };
 
   unicornConfig = builtins.readFile ./defaultUnicornConfig.rb;
 
   gitlab-rake = pkgs.stdenv.mkDerivation rec {
     name = "gitlab-rake";
-    buildInputs = [ cfg.packages.gitlab cfg.packages.gitlab.ruby-env pkgs.makeWrapper ];
+    buildInputs = [ cfg.packages.gitlab cfg.packages.gitlab.rubyEnv pkgs.makeWrapper ];
     phases = "installPhase fixupPhase";
     buildPhase = "";
     installPhase = ''
       mkdir -p $out/bin
-      makeWrapper ${cfg.packages.gitlab.ruby-env}/bin/bundle $out/bin/gitlab-bundle \
+      makeWrapper ${cfg.packages.gitlab.rubyEnv}/bin/bundle $out/bin/gitlab-bundle \
           ${concatStrings (mapAttrsToList (name: value: "--set ${name} '${value}' ") gitlabEnv)} \
           --set GITLAB_CONFIG_PATH '${cfg.statePath}/config' \
           --set PATH '${lib.makeBinPath [ pkgs.nodejs pkgs.gzip pkgs.git pkgs.gnutar config.services.postgresql.package ]}:$PATH' \
@@ -455,6 +479,7 @@ in {
         ruby
         openssh
         nodejs
+        gnupg
       ];
       serviceConfig = {
         Type = "simple";
@@ -463,15 +488,15 @@ in {
         TimeoutSec = "300";
         Restart = "on-failure";
         WorkingDirectory = "${cfg.packages.gitlab}/share/gitlab";
-        ExecStart="${cfg.packages.gitlab.ruby-env}/bin/bundle exec \"sidekiq -C \"${cfg.packages.gitlab}/share/gitlab/config/sidekiq_queues.yml\" -e production -P ${cfg.statePath}/tmp/sidekiq.pid\"";
+        ExecStart="${cfg.packages.gitlab.rubyEnv}/bin/bundle exec \"sidekiq -C \"${cfg.packages.gitlab}/share/gitlab/config/sidekiq_queues.yml\" -e production -P ${cfg.statePath}/tmp/sidekiq.pid\"";
       };
     };
 
     systemd.services.gitaly = {
       after = [ "network.target" "gitlab.service" ];
       wantedBy = [ "multi-user.target" ];
       environment.HOME = gitlabEnv.HOME;
-      path = with pkgs; [ gitAndTools.git ];
+      path = with pkgs; [ gitAndTools.git cfg.packages.gitaly.rubyEnv ];
       serviceConfig = {
         #PermissionsStartOnly = true; # preStart must be run as root
         Type = "simple";
@@ -515,7 +540,7 @@ in {
           + "-listenAddr /run/gitlab/gitlab-workhorse.socket "
           + "-authSocket ${gitlabSocket} "
           + "-documentRoot ${cfg.packages.gitlab}/share/gitlab/public "
-          + "-secretPath ${cfg.packages.gitlab}/share/gitlab/.gitlab_workhorse_secret";
+          + "-secretPath ${cfg.statePath}/.gitlab_workhorse_secret";
       };
     };
 
@@ -551,7 +576,8 @@ in {
         # symlinked in the gitlab package to /run/gitlab/uploads to make it
         # configurable
         mkdir -p /run/gitlab
-        mkdir -p ${cfg.statePath}/uploads
+        mkdir -p ${cfg.statePath}/{log,uploads}
+        ln -sf ${cfg.statePath}/log /run/gitlab/log
         ln -sf ${cfg.statePath}/uploads /run/gitlab/uploads
         chown -R ${cfg.user}:${cfg.group} /run/gitlab
 
@@ -599,7 +625,7 @@ in {
         # up the initial database
         if ! test -e "${cfg.statePath}/db-seeded"; then
           ${gitlab-rake}/bin/gitlab-rake db:seed_fu RAILS_ENV=production \
-            GITLAB_ROOT_PASSWORD="${cfg.initialRootPassword}" GITLAB_ROOT_EMAIL="${cfg.initialRootEmail}"
+            GITLAB_ROOT_PASSWORD='${cfg.initialRootPassword}' GITLAB_ROOT_EMAIL='${cfg.initialRootEmail}'
           touch "${cfg.statePath}/db-seeded"
         fi
 
@@ -618,7 +644,7 @@ in {
         TimeoutSec = "300";
         Restart = "on-failure";
         WorkingDirectory = "${cfg.packages.gitlab}/share/gitlab";
-        ExecStart = "${cfg.packages.gitlab.ruby-env}/bin/bundle exec \"unicorn -c ${cfg.statePath}/config/unicorn.rb -E production\"";
+        ExecStart = "${cfg.packages.gitlab.rubyEnv}/bin/bundle exec \"unicorn -c ${cfg.statePath}/config/unicorn.rb -E production\"";
       };
 
     };

diff --git a/nixos/modules/services/web-apps/nexus.nix b/nixos/modules/services/web-apps/nexus.nix
@@ -0,0 +1,100 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+
+  cfg = config.services.nexus;
+
+in
+
+{
+  options = {
+    services.nexus = {
+      enable = mkEnableOption "SonarType Nexus3 OSS service";
+
+      user = mkOption {
+        type = types.str;
+        default = "nexus";
+        description = "User which runs Nexus3.";
+      };
+
+      group = mkOption {
+        type = types.str;
+        default = "nexus";
+        description = "Group which runs Nexus3.";
+      };
+
+      home = mkOption {
+        type = types.str;
+        default = "/var/lib/sonatype-work";
+        description = "Home directory of the Nexus3 instance.";
+      };
+
+      listenAddress = mkOption {
+        type = types.str;
+        default = "127.0.0.1";
+        description = "Address to listen on.";
+      };
+
+      listenPort = mkOption {
+        type = types.int;
+        default = 8081;
+        description = "Port to listen on.";
+      };
+    };
+  };
+
+  config = mkIf cfg.enable {
+    users.extraUsers."${cfg.user}" = {
+      isSystemUser = true;
+      group = cfg.group;
+    };
+
+    users.extraGroups."${cfg.group}" = {};
+
+    systemd.services.nexus = {
+      description = "SonarType Nexus3";
+
+      wantedBy = [ "multi-user.target" ];
+
+      path = [ cfg.home ];
+
+      environment = {
+        NEXUS_USER = cfg.user;
+        NEXUS_HOME = cfg.home;
+      };
+
+      preStart = ''
+        mkdir -p ${cfg.home}/nexus3/etc
+
+        ln -sf ${cfg.home} /run/sonatype-work
+
+        chown -R ${cfg.user}:${cfg.group} ${cfg.home}
+
+        if [ ! -f ${cfg.home}/nexus3/etc/nexus.properties ]; then
+          echo "# Jetty section" > ${cfg.home}/nexus3/etc/nexus.properties
+          echo "application-port=${toString cfg.listenPort}" >> ${cfg.home}/nexus3/etc/nexus.properties
+          echo "application-host=${toString cfg.listenAddress}" >> ${cfg.home}/nexus3/etc/nexus.properties
+        else
+          sed 's/^application-port=.*/application-port=${toString cfg.listenPort}/' -i ${cfg.home}/nexus3/etc/nexus.properties 
+          sed 's/^# application-port=.*/application-port=${toString cfg.listenPort}/' -i ${cfg.home}/nexus3/etc/nexus.properties 
+          sed 's/^application-host=.*/application-host=${toString cfg.listenAddress}/' -i ${cfg.home}/nexus3/etc/nexus.properties 
+          sed 's/^# application-host=.*/application-host=${toString cfg.listenAddress}/' -i ${cfg.home}/nexus3/etc/nexus.properties 
+        fi
+      '';
+
+      script = "${pkgs.nexus}/bin/nexus run";
+
+      serviceConfig = {
+        User = cfg.user;
+        Group = cfg.group;
+        PrivateTmp = true;
+        PermissionsStartOnly = true;
+        LimitNOFILE = 102642;
+      };
+    };
+  };
+
+  meta.maintainers = with stdenv.lib.maintainers; [ ironpinguin ];
+}
diff --git a/nixos/modules/services/web-servers/nginx/default.nix b/nixos/modules/services/web-servers/nginx/default.nix
@@ -507,7 +507,6 @@ in
         example = literalExample ''
           {
             "hydra.example.com" = {
-              addSSL = true;
               forceSSL = true;
               enableACME = true;
               locations."/" = {

diff --git a/nixos/modules/services/x11/display-managers/xpra.nix b/nixos/modules/services/x11/display-managers/xpra.nix
@@ -34,6 +34,12 @@ in
       };
 
       pulseaudio = mkEnableOption "pulseaudio audio streaming.";
+
+      extraOptions = mkOption {
+        description = "Extra xpra options";
+        default = [];
+        type = types.listOf types.str;
+      };
     };
   };
 
@@ -233,7 +239,8 @@ in
           --socket-dirs=/var/run/xpra \
           --xvfb="xpra_Xdummy ${concatStringsSep " " dmcfg.xserverArgs}" \
           ${optionalString (cfg.bindTcp != null) "--bind-tcp=${cfg.bindTcp}"} \
-          --auth=${cfg.auth}
+          --auth=${cfg.auth} \
+          ${concatStringsSep " " cfg.extraOptions}
       '';
     };