Skip to content

Commit

Permalink
Merge branch 'master' into gcc-7
Browse files Browse the repository at this point in the history 
... to fix lispPackages.*
  • Loading branch information
@vcunat
vcunat committed Feb 17, 2018
2 parents eea5539 + 0ac5af9 commit a84844d
Show file tree
Hide file tree
Showing 65 changed files with 897 additions and 189 deletions.
8 changes: 6 additions & 2 deletions lib/licenses.nix
View file
Expand Up @@ -2,7 +2,7 @@
let

spdx = lic: lic // {
url = "http://spdx.org/licenses/${lic.spdxId}";
url = "http://spdx.org/licenses/${lic.spdxId}.html";
};

in
Expand Down Expand Up @@ -580,6 +580,11 @@ lib.mapAttrs (n: v: v // { shortName = n; }) rec {
fullName = "Vovida Software License v1.0";
};

watcom = spdx {
spdxId = "Watcom-1.0";
fullName = "Sybase Open Watcom Public License 1.0";
};

w3c = spdx {
spdxId = "W3C";
fullName = "W3C Software Notice and License";
Expand Down Expand Up @@ -614,5 +619,4 @@ lib.mapAttrs (n: v: v // { shortName = n; }) rec {
spdxId = "ZPL-2.1";
fullName = "Zope Public License 2.1";
};

}
3 changes: 3 additions & 0 deletions lib/maintainers.nix
View file
Expand Up @@ -370,6 +370,7 @@
kristoff3r = "Kristoffer Søholm <k.soeholm@gmail.com>";
ktosiek = "Tomasz Kontusz <tomasz.kontusz@gmail.com>";
kuznero = "Roman Kuznetsov <roman@kuznero.com>";
lasandell = "Luke Sandell <lasandell@gmail.com>";
lassulus = "Lassulus <lassulus@gmail.com>";
layus = "Guillaume Maudoux <layus.on@gmail.com>";
ldesgoui = "Lucas Desgouilles <ldesgoui@gmail.com>";
Expand Down Expand Up @@ -479,6 +480,7 @@
mudri = "James Wood <lamudri@gmail.com>";
muflax = "Stefan Dorn <mail@muflax.com>";
myrl = "Myrl Hex <myrl.0xf@gmail.com>";
nadrieril = "Nadrieril Feneanar <nadrieril@gmail.com>";
namore = "Roman Naumann <namor@hemio.de>";
nand0p = "Fernando Jose Pando <nando@hex7.com>";
Nate-Devv = "Nathan Moore <natedevv@gmail.com>";
Expand All @@ -494,6 +496,7 @@
nicknovitski = "Nick Novitski <nixpkgs@nicknovitski.com>";
nico202 = "Nicolò Balzarotti <anothersms@gmail.com>";
NikolaMandic = "Ratko Mladic <nikola@mandic.email>";
ninjatrappeur = "Félix Baylac-Jacqué <felix@alternativebit.fr>";
nipav = "Niko Pavlinek <niko.pavlinek@gmail.com>";
nixy = "Andrew R. M. <nixy@nixy.moe>";
nmattia = "Nicolas Mattia <nicolas@nmattia.com>";
Expand Down
2 changes: 2 additions & 0 deletions nixos/modules/rename.nix
View file
Expand Up @@ -205,6 +205,8 @@ with lib;
"See the 16.09 release notes for more information.")
(mkRemovedOptionModule [ "services" "phpfpm" "phpIni" ] "")
(mkRemovedOptionModule [ "services" "dovecot2" "package" ] "")
(mkRemovedOptionModule [ "services" "firefox" "syncserver" "user" ] "")
(mkRemovedOptionModule [ "services" "firefox" "syncserver" "group" ] "")
(mkRemovedOptionModule [ "fonts" "fontconfig" "hinting" "style" ] "")
(mkRemovedOptionModule [ "services" "xserver" "displayManager" "sddm" "themes" ]
"Set the option `services.xserver.displayManager.sddm.package' instead.")
Expand Down
2 changes: 1 addition & 1 deletion nixos/modules/services/networking/dante.nix
View file
Expand Up @@ -47,7 +47,7 @@ in

systemd.services.dante = {
description = "Dante SOCKS v4 and v5 compatible proxy server";
after = [ "network.target" ];
after = [ "network-online.target" ];
wantedBy = [ "multi-user.target" ];

serviceConfig = {
Expand Down
52 changes: 22 additions & 30 deletions nixos/modules/services/networking/firefox/sync-server.nix
View file
Expand Up @@ -33,6 +33,8 @@ let
in

{
meta.maintainers = with lib.maintainers; [ nadrieril ];

options = {
services.firefox.syncserver = {
enable = mkOption {
Expand Down Expand Up @@ -70,18 +72,6 @@ in
'';
};

user = mkOption {
type = types.str;
default = "syncserver";
description = "User account under which syncserver runs.";
};

group = mkOption {
type = types.str;
default = "syncserver";
description = "Group account under which syncserver runs.";
};

publicUrl = mkOption {
type = types.str;
default = "http://localhost:5000/";
Expand Down Expand Up @@ -137,51 +127,53 @@ in
config = mkIf cfg.enable {

systemd.services.syncserver = let
syncServerEnv = pkgs.python.withPackages(ps: with ps; [ syncserver pasteScript ]);
syncServerEnv = pkgs.python.withPackages(ps: with ps; [ syncserver pasteScript requests ]);
user = "syncserver";
group = "syncserver";
in {
after = [ "network.target" ];
description = "Firefox Sync Server";
wantedBy = [ "multi-user.target" ];
path = [ pkgs.coreutils syncServerEnv ];

serviceConfig = {
User = cfg.user;
Group = cfg.group;
User = user;
Group = group;
PermissionsStartOnly = true;
};

preStart = ''
if ! test -e ${cfg.privateConfig}; then
mkdir -m 700 -p $(dirname ${cfg.privateConfig})
mkdir -p $(dirname ${cfg.privateConfig})
echo > ${cfg.privateConfig} '[syncserver]'
chmod 600 ${cfg.privateConfig}
echo >> ${cfg.privateConfig} "secret = $(head -c 20 /dev/urandom | sha1sum | tr -d ' -')"
fi
chown ${cfg.user}:${cfg.group} ${cfg.privateConfig}
chmod 600 ${cfg.privateConfig}
chmod 755 $(dirname ${cfg.privateConfig})
chown ${user}:${group} ${cfg.privateConfig}
'' + optionalString (cfg.sqlUri == defaultSqlUri) ''
if ! test -e $(dirname ${defaultDbLocation}); then
mkdir -m 700 -p $(dirname ${defaultDbLocation})
chown ${cfg.user}:${cfg.group} $(dirname ${defaultDbLocation})
chown ${user}:${group} $(dirname ${defaultDbLocation})
fi
# Move previous database file if it exists
oldDb="/var/db/firefox-sync-server.db"
if test -f $oldDb; then
mv $oldDb ${defaultDbLocation}
chown ${cfg.user}:${cfg.group} ${defaultDbLocation}
chown ${user}:${group} ${defaultDbLocation}
fi
'';
serviceConfig.ExecStart = "${syncServerEnv}/bin/paster serve ${syncServerIni}";
};

users.extraUsers = optionalAttrs (cfg.user == "syncserver")
(singleton {
name = "syncserver";
group = cfg.group;
isSystemUser = true;
});

users.extraGroups = optionalAttrs (cfg.group == "syncserver")
(singleton {
name = "syncserver";
});
users.users.syncserver = {
group = "syncserver";
isSystemUser = true;
};

users.groups.syncserver = {};
};
}
72 changes: 72 additions & 0 deletions nixos/modules/services/networking/freeradius.nix
View file
@@ -0,0 +1,72 @@
{ config, lib, pkgs, ... }:

with lib;

let

cfg = config.services.freeradius;

freeradiusService = cfg:
{
description = "FreeRadius server";
wantedBy = ["multi-user.target"];
after = ["network-online.target"];
wants = ["network-online.target"];
preStart = ''
${pkgs.freeradius}/bin/radiusd -C -d ${cfg.configDir} -l stdout
'';

serviceConfig = {
ExecStart = "${pkgs.freeradius}/bin/radiusd -f -d ${cfg.configDir} -l stdout -xx";
ExecReload = [
"${pkgs.freeradius}/bin/radiusd -C -d ${cfg.configDir} -l stdout"
"${pkgs.coreutils}/bin/kill -HUP $MAINPID"
];
User = "radius";
ProtectSystem = "full";
ProtectHome = "on";
Restart = "on-failure";
RestartSec = 2;
};
};

freeradiusConfig = {
enable = mkEnableOption "the freeradius server";

configDir = mkOption {
type = types.path;
default = "/etc/raddb";
description = ''
The path of the freeradius server configuration directory.
'';
};

};

in

{

###### interface

options = {
services.freeradius = freeradiusConfig;
};


###### implementation

config = mkIf (cfg.enable) {

users = {
extraUsers.radius = {
/*uid = config.ids.uids.radius;*/
description = "Radius daemon user";
};
};

systemd.services.freeradius = freeradiusService cfg;

};

}
1 change: 1 addition & 0 deletions nixos/modules/services/web-servers/nginx/default.nix
View file
Expand Up @@ -578,6 +578,7 @@ in
mkdir -p ${cfg.stateDir}/logs
chmod 700 ${cfg.stateDir}
chown -R ${cfg.user}:${cfg.group} ${cfg.stateDir}
${cfg.package}/bin/nginx -c ${configFile} -p ${cfg.stateDir} -t
'';
serviceConfig = {
ExecStart = "${cfg.package}/bin/nginx -c ${configFile} -p ${cfg.stateDir}";
Expand Down
2 changes: 1 addition & 1 deletion nixos/modules/system/boot/kernel.nix
View file
Expand Up @@ -184,7 +184,7 @@ in
[ "loglevel=${toString config.boot.consoleLogLevel}" ] ++
optionals config.boot.vesa [ "vga=0x317" ];

boot.kernel.sysctl."kernel.printk" = config.boot.consoleLogLevel;
boot.kernel.sysctl."kernel.printk" = mkDefault config.boot.consoleLogLevel;

boot.kernelModules = [ "loop" "atkbd" ];

Expand Down
3 changes: 2 additions & 1 deletion nixos/modules/system/boot/networkd.nix
View file
Expand Up @@ -94,7 +94,7 @@ let
checkNetwork = checkUnitConfig "Network" [
(assertOnlyFields [
"Description" "DHCP" "DHCPServer" "IPForward" "IPMasquerade" "IPv4LL" "IPv4LLRoute"
"LLMNR" "MulticastDNS" "Domains" "Bridge" "Bond"
"LLMNR" "MulticastDNS" "Domains" "Bridge" "Bond" "IPv6PrivacyExtensions"
])
(assertValueOneOf "DHCP" ["both" "none" "v4" "v6"])
(assertValueOneOf "DHCPServer" boolValues)
Expand All @@ -104,6 +104,7 @@ let
(assertValueOneOf "IPv4LLRoute" boolValues)
(assertValueOneOf "LLMNR" boolValues)
(assertValueOneOf "MulticastDNS" boolValues)
(assertValueOneOf "IPv6PrivacyExtensions" ["yes" "no" "prefer-public" "kernel"])
];

checkAddress = checkUnitConfig "Address" [
Expand Down
1 change: 1 addition & 0 deletions nixos/modules/tasks/network-interfaces-systemd.nix
View file
Expand Up @@ -91,6 +91,7 @@ in
(if i.useDHCP != null then i.useDHCP else cfg.useDHCP && interfaceIps i == [ ]));
address = flip map (interfaceIps i)
(ip: "${ip.address}/${toString ip.prefixLength}");
networkConfig.IPv6PrivacyExtensions = "kernel";
} ];
})))
(mkMerge (flip mapAttrsToList cfg.bridges (name: bridge: {
Expand Down
22 changes: 19 additions & 3 deletions nixos/modules/tasks/network-interfaces.nix
View file
Expand Up @@ -155,6 +155,16 @@ let
description = "Name of the interface.";
};

preferTempAddress = mkOption {
type = types.bool;
default = cfg.enableIPv6;
defaultText = literalExample "config.networking.enableIpv6";
description = ''
When using SLAAC prefer a temporary (IPv6) address over the EUI-64
address for originating connections. This is used to reduce tracking.
'';
};

useDHCP = mkOption {
type = types.nullOr types.bool;
default = null;
Expand Down Expand Up @@ -941,6 +951,11 @@ in
message = ''
The networking.interfaces."${i.name}" must not have any defined ips when it is a slave.
'';
})) ++ (flip map interfaces (i: {
assertion = i.preferTempAddress -> cfg.enableIPv6;
message = ''
Temporary addresses are only needed when IPv6 is enabled.
'';
})) ++ [
{
assertion = cfg.hostId == null || (stringLength cfg.hostId == 8 && isHexString cfg.hostId);
Expand All @@ -963,9 +978,10 @@ in
"net.ipv6.conf.all.disable_ipv6" = mkDefault (!cfg.enableIPv6);
"net.ipv6.conf.default.disable_ipv6" = mkDefault (!cfg.enableIPv6);
"net.ipv6.conf.all.forwarding" = mkDefault (any (i: i.proxyARP) interfaces);
} // listToAttrs (concatLists (flip map (filter (i: i.proxyARP) interfaces)
(i: flip map [ "4" "6" ] (v: nameValuePair "net.ipv${v}.conf.${i.name}.proxy_arp" true))
));
} // listToAttrs (flip concatMap (filter (i: i.proxyARP) interfaces)
(i: flip map [ "4" "6" ] (v: nameValuePair "net.ipv${v}.conf.${i.name}.proxy_arp" true)))
// listToAttrs (flip map (filter (i: i.preferTempAddress) interfaces)
(i: nameValuePair "net.ipv6.conf.${i.name}.use_tempaddr" 2));

# Capabilities won't work unless we have at-least a 4.3 Linux
# kernel because we need the ambient capability
Expand Down
13 changes: 13 additions & 0 deletions nixos/modules/virtualisation/lxd.nix
View file
Expand Up @@ -38,6 +38,15 @@ in
environment.systemPackages =
[ pkgs.lxd ];

security.apparmor = {
enable = true;
profiles = [
"${pkgs.lxc}/etc/apparmor.d/usr.bin.lxc-start"
"${pkgs.lxc}/etc/apparmor.d/lxc-containers"
];
packages = [ pkgs.lxc ];
};

systemd.services.lxd =
{ description = "LXD Container Management Daemon";

Expand All @@ -47,6 +56,10 @@ in
# TODO(wkennington): Add lvm2 and thin-provisioning-tools
path = with pkgs; [ acl rsync gnutar xz btrfs-progs gzip dnsmasq squashfsTools iproute iptables ];

preStart = ''
mkdir -m 0755 -p /var/lib/lxc/rootfs
'';

serviceConfig.ExecStart = "@${pkgs.lxd.bin}/bin/lxd lxd --syslog --group lxd";
serviceConfig.Type = "simple";
serviceConfig.KillMode = "process"; # when stopping, leave the containers alone
Expand Down

0 comments on commit a84844d

Please sign in to comment.