Merge remote-tracking branch 'upstream/master' into HEAD

NixOS · Oct 27, 2017 · 8634a2e · 8634a2e
2 parents 5541a9c + 7ce8483
commit 8634a2e
Show file tree

Hide file tree

Showing 294 changed files with 3,050 additions and 2,091 deletions.
diff --git a/lib/maintainers.nix b/lib/maintainers.nix
@@ -177,6 +177,7 @@
   dupgit = "Olivier Delhomme <olivier.delhomme@free.fr>";
   dywedir = "Vladyslav M. <dywedir@protonmail.ch>";
   e-user = "Alexander Kahl <nixos@sodosopa.io>";
+  earldouglas = "James Earl Douglas <james@earldouglas.com>";
   ebzzry = "Rommel Martinez <ebzzry@ebzzry.io>";
   edanaher = "Evan Danaher <nixos@edanaher.net>";
   edef = "edef <edef@edef.eu>";
@@ -330,6 +331,7 @@
   kragniz = "Louis Taylor <louis@kragniz.eu>";
   kristoff3r = "Kristoffer Søholm <k.soeholm@gmail.com>";
   ktosiek = "Tomasz Kontusz <tomasz.kontusz@gmail.com>";
+  kuznero = "Roman Kuznetsov <roman@kuznero.com>";
   lassulus = "Lassulus <lassulus@gmail.com>";
   layus = "Guillaume Maudoux <layus.on@gmail.com>";
   ldesgoui = "Lucas Desgouilles <ldesgoui@gmail.com>";
@@ -385,6 +387,7 @@
   mcmtroffaes = "Matthias C. M. Troffaes <matthias.troffaes@gmail.com>";
   mdaiter = "Matthew S. Daiter <mdaiter8121@gmail.com>";
   meditans = "Carlo Nucera <meditans@gmail.com>";
+  mehandes = "Matt Deming <niewskici@gmail.com>";
   meisternu = "Matt Miemiec <meister@krutt.org>";
   metabar = "Celine Mercier <softs@metabarcoding.org>";
   mgdelacroix = "Miguel de la Cruz <mgdelacroix@gmail.com>";
@@ -607,6 +610,7 @@
   teh = "Tom Hunger <tehunger@gmail.com>";
   telotortium = "Robert Irelan <rirelan@gmail.com>";
   teto = "Matthieu Coudron <mcoudron@hotmail.com>";
+  tex = "Milan Svoboda <milan.svoboda@centrum.cz>";
   thall = "Niclas Thall <niclas.thall@gmail.com>";
   thammers = "Tobias Hammerschmidt <jawr@gmx.de>";
   the-kenny = "Moritz Ulrich <moritz@tarn-vedra.de>";
@@ -672,6 +676,7 @@
   xnwdd = "Guillermo NWDD <nwdd+nixos@no.team>";
   xvapx = "Marti Serra <marti.serra.coscollano@gmail.com>";
   xwvvvvwx = "David Terry <davidterry@posteo.de>";
+  xzfc = "Albert Safin <xzfcpw@gmail.com>";
   yarr = "Dmitry V. <savraz@gmail.com>";
   yegortimoshenko = "Yegor Timoshenko <yegortimoshenko@gmail.com>";
   ylwghst = "Burim Augustin Berisa <ylwghst@onionmail.info>";

diff --git a/nixos/modules/installer/cd-dvd/sd-image-aarch64.nix b/nixos/modules/installer/cd-dvd/sd-image-aarch64.nix
@@ -10,6 +10,7 @@ let
 in
 {
   imports = [
+    ../../profiles/base.nix
     ../../profiles/installation-device.nix
     ./sd-image.nix
   ];
@@ -27,9 +28,12 @@ in
   boot.loader.generic-extlinux-compatible.enable = true;
 
   boot.kernelPackages = pkgs.linuxPackages_latest;
-  # Increase the amount of CMA to ensure the virtual console on the RPi3 works.
-  boot.kernelParams = ["cma=32M" "console=ttyS0,115200n8" "console=tty0"];
-  boot.consoleLogLevel = 7;
+
+  # The serial ports listed here are:
+  # - ttyS0: for Tegra (Jetson TX1)
+  # - ttyAMA0: for QEMU's -machine virt
+  # Also increase the amount of CMA to ensure the virtual console on the RPi3 works.
+  boot.kernelParams = ["cma=32M" "console=ttyS0,115200n8" "console=ttyAMA0,115200n8" "console=tty0"];
 
   # FIXME: this probably should be in installation-device.nix
   users.extraUsers.root.initialHashedPassword = "";

diff --git a/nixos/modules/installer/cd-dvd/sd-image-armv7l-multiplatform.nix b/nixos/modules/installer/cd-dvd/sd-image-armv7l-multiplatform.nix
@@ -10,6 +10,7 @@ let
 in
 {
   imports = [
+    ../../profiles/base.nix
     ../../profiles/installation-device.nix
     ./sd-image.nix
   ];
@@ -27,6 +28,12 @@ in
   boot.loader.generic-extlinux-compatible.enable = true;
 
   boot.kernelPackages = pkgs.linuxPackages_latest;
+  # The serial ports listed here are:
+  # - ttyS0: for Tegra (Jetson TK1)
+  # - ttymxc0: for i.MX6 (Wandboard)
+  # - ttyAMA0: for Allwinner (pcDuino3 Nano) and QEMU's -machine virt
+  # - ttyO0: for OMAP (BeagleBone Black)
+  # - ttySAC2: for Exynos (ODROID-XU3)
   boot.kernelParams = ["console=ttyS0,115200n8" "console=ttymxc0,115200n8" "console=ttyAMA0,115200n8" "console=ttyO0,115200n8" "console=ttySAC2,115200n8" "console=tty0"];
 
   # FIXME: this probably should be in installation-device.nix

diff --git a/nixos/modules/installer/cd-dvd/sd-image-raspberrypi.nix b/nixos/modules/installer/cd-dvd/sd-image-raspberrypi.nix
@@ -10,6 +10,7 @@ let
 in
 {
   imports = [
+    ../../profiles/base.nix
     ../../profiles/installation-device.nix
     ./sd-image.nix
   ];

diff --git a/nixos/modules/misc/crashdump.nix b/nixos/modules/misc/crashdump.nix
@@ -18,26 +18,23 @@ in
           default = false;
           description = ''
             If enabled, NixOS will set up a kernel that will
-            boot on crash, and leave the user to a stage1 debug1devices
-            interactive shell to be able to save the crashed kernel dump.
+            boot on crash, and leave the user in systemd rescue
+            to be able to save the crashed kernel dump at
+            /proc/vmcore.
             It also activates the NMI watchdog.
           '';
         };
-        kernelPackages = mkOption {
-          type = types.package;
-          default = pkgs.linuxPackages;
-          # We don't want to evaluate all of linuxPackages for the manual
-          # - some of it might not even evaluate correctly.
-          defaultText = "pkgs.linuxPackages";
-          example = literalExample "pkgs.linuxPackages_2_6_25";
+        reservedMemory = mkOption {
+          default = "128M";
           description = ''
-            This will override the boot.kernelPackages, and will add some
-            kernel configuration parameters for the crash dump to work.
+            The amount of memory reserved for the crashdump kernel.
+            If you choose a too high value, dmesg will mention
+            "crashkernel reservation failed".
           '';
         };
         kernelParams = mkOption {
           type = types.listOf types.str;
-          default = [ "debug1devices" ];
+          default = [ "1" "boot.shell_on_fail" ];
           description = ''
             Parameters that will be passed to the kernel kexec-ed on crash.
           '';
@@ -51,29 +48,29 @@ in
   config = mkIf crashdump.enable {
     boot = {
       postBootCommands = ''
+        echo "loading crashdump kernel...";
         ${pkgs.kexectools}/sbin/kexec -p /run/current-system/kernel \
         --initrd=/run/current-system/initrd \
-        --append="init=$(readlink -f /run/current-system/init) system=$(readlink -f /run/current-system) irqpoll maxcpus=1 reset_devices ${kernelParams}" --reset-vga --console-vga
+        --reset-vga --console-vga \
+        --command-line="systemConfig=$(readlink -f /run/current-system) init=$(readlink -f /run/current-system/init) irqpoll maxcpus=1 reset_devices ${kernelParams}"
       '';
       kernelParams = [
-       "crashkernel=64M"
+       "crashkernel=${crashdump.reservedMemory}"
        "nmi_watchdog=panic"
        "softlockup_panic=1"
        "idle=poll"
       ];
-      kernelPackages = mkOverride 50 (crashdump.kernelPackages // {
-        kernel = crashdump.kernelPackages.kernel.override 
-          (attrs: {
-            extraConfig = (optionalString (attrs ? extraConfig) attrs.extraConfig) +
-              ''
+      kernelPatches = [ {
+        name = "crashdump-config";
+        patch = null;
+        extraConfig = ''
                 CRASH_DUMP y
                 DEBUG_INFO y
                 PROC_VMCORE y
                 LOCKUP_DETECTOR y
                 HARDLOCKUP_DETECTOR y
               '';
-          });
-      });
+        } ];
     };
   };
 }
diff --git a/nixos/modules/programs/sway.nix b/nixos/modules/programs/sway.nix
@@ -1,19 +1,68 @@
 { config, pkgs, lib, ... }:
 
 with lib;
+
+let
+  cfg = config.programs.sway;
+  sway = pkgs.sway;
+
+  swayWrapped = pkgs.writeScriptBin "sway" ''
+    #! ${pkgs.stdenv.shell}
+    ${cfg.extraSessionCommands}
+    PATH="${sway}/bin:$PATH"
+    exec ${pkgs.dbus.dbus-launch} --exit-with-session "${sway}/bin/sway"
+  '';
+  swayJoined = pkgs.symlinkJoin {
+    name = "sway-wrapped";
+    paths = [ swayWrapped sway ];
+  };
+in
 {
-  options.programs.sway.enable = mkEnableOption "sway";
+  options.programs.sway = {
+    enable = mkEnableOption "sway";
+
+    extraSessionCommands = mkOption {
+      default     = "";
+      type        = types.lines;
+      example = ''
+        export XKB_DEFAULT_LAYOUT=us,de
+        export XKB_DEFAULT_VARIANT=,nodeadkeys
+        export XKB_DEFAULT_OPTIONS=grp:alt_shift_toggle,
+      '';
+      description = ''
+        Shell commands executed just before sway is started.
+      '';
+    };
 
-  config = mkIf config.programs.sway.enable {
-    environment.systemPackages = [ pkgs.sway pkgs.xwayland ];
+    extraPackages = mkOption {
+      type = with types; listOf package;
+      default = with pkgs; [
+        i3status xwayland rxvt_unicode dmenu
+      ];
+      example = literalExample ''
+        with pkgs; [
+          i3status xwayland rxvt_unicode dmenu
+        ]
+      '';
+      description = ''
+        Extra packages to be installed system wide.
+      '';
+    };
+  };
+
+  config = mkIf cfg.enable {
+    environment.systemPackages = [ swayJoined ] ++ cfg.extraPackages;
     security.wrappers.sway = {
-      source = "${pkgs.sway}/bin/sway";
+      source = "${swayJoined}/bin/sway";
       capabilities = "cap_sys_ptrace,cap_sys_tty_config=eip";
       owner = "root";
       group = "sway";
       permissions = "u+rx,g+rx";
     };
 
     users.extraGroups.sway = {};
+
+    hardware.opengl.enable = mkDefault true;
+    fonts.enableDefaultFonts = mkDefault true;
   };
 }
diff --git a/nixos/modules/services/continuous-integration/buildkite-agent.nix b/nixos/modules/services/continuous-integration/buildkite-agent.nix
@@ -33,8 +33,8 @@ in
       };
 
       runtimePackages = mkOption {
-        default = [ pkgs.nix ];
-        defaultText = "[ pkgs.nix ]";
+        default = [ pkgs.bash pkgs.nix ];
+        defaultText = "[ pkgs.bash pkgs.nix ]";
         description = "Add programs to the buildkite-agent environment";
         type = types.listOf types.package;
       };

diff --git a/nixos/modules/services/mail/postfix.nix b/nixos/modules/services/mail/postfix.nix
@@ -62,7 +62,9 @@ let
     shlib_directory      = false;
     relayhost            = if cfg.lookupMX || cfg.relayHost == ""
                              then cfg.relayHost
-                             else "[${cfg.relayHost}]";
+                             else
+			       "[${cfg.relayHost}]"
+			       + optionalString (cfg.relayPort != null) ":${toString cfg.relayPort}";
     mail_spool_directory = "/var/spool/mail/";
     setgid_group         = setgidGroup;
   }
@@ -458,6 +460,17 @@ in
         ";
       };
 
+      relayPort = mkOption {
+        type = types.nullOr types.int;
+        default = null;
+        example = 587;
+        description = "
+          Specify an optional port for outbound mail relay. (Note:
+          only used if an explicit <option>relayHost</option> is
+          defined.)
+        ";
+      };
+
       lookupMX = mkOption {
         type = types.bool;
         default = false;

diff --git a/nixos/modules/services/monitoring/prometheus/node-exporter.nix b/nixos/modules/services/monitoring/prometheus/node-exporter.nix
@@ -4,9 +4,6 @@ with lib;
 
 let
   cfg = config.services.prometheus.nodeExporter;
-  cmdlineArgs = cfg.extraFlags ++ [
-    "-web.listen-address=${cfg.listenAddress}"
-  ];
 in {
   options = {
     services.prometheus.nodeExporter = {
@@ -37,6 +34,15 @@ in {
         '';
       };
 
+      disabledCollectors = mkOption {
+        type = types.listOf types.str;
+        default = [];
+        example = ''[ "timex" ]'';
+        description = ''
+          Collectors to disable which are enabled by default.
+        '';
+      };
+
       extraFlags = mkOption {
         type = types.listOf types.str;
         default = [];
@@ -64,13 +70,14 @@ in {
       wantedBy = [ "multi-user.target" ];
       script = ''
         exec ${pkgs.prometheus-node-exporter}/bin/node_exporter \
-          ${concatMapStrings (x: "--collector." + x + " ") cfg.enabledCollectors} \
+          ${concatMapStringsSep " " (x: "--collector." + x) cfg.enabledCollectors} \
+          ${concatMapStringsSep " " (x: "--no-collector." + x) cfg.disabledCollectors} \
           --web.listen-address ${cfg.listenAddress}:${toString cfg.port} \
           ${concatStringsSep " \\\n  " cfg.extraFlags}
       '';
       serviceConfig = {
-        DynamicUser = true;
-        Restart  = "always";
+        User = "nobody";
+        Restart = "always";
         PrivateTmp = true;
         WorkingDirectory = /tmp;
         ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";

diff --git a/nixos/modules/services/networking/dnsmasq.nix b/nixos/modules/services/networking/dnsmasq.nix
@@ -55,6 +55,14 @@ in
         '';
       };
 
+      alwaysKeepRunning = mkOption {
+        type = types.bool;
+        default = false;
+        description = ''
+          If enabled, systemd will always respawn dnsmasq even if shut down manually. The default, disabled, will only restart it on error.
+        '';
+      };
+
       extraConfig = mkOption {
         type = types.lines;
         default = "";
@@ -101,10 +109,12 @@ in
           BusName = "uk.org.thekelleys.dnsmasq";
           ExecStart = "${dnsmasq}/bin/dnsmasq -k --enable-dbus --user=dnsmasq -C ${dnsmasqConf}";
           ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
+          PrivateTmp = true;
+          ProtectSystem = true;
+          ProtectHome = true;
+          Restart = if cfg.alwaysKeepRunning then "always" else "on-failure";
         };
         restartTriggers = [ config.environment.etc.hosts.source ];
     };
-
   };
-
 }
diff --git a/nixos/modules/services/search/elasticsearch.nix b/nixos/modules/services/search/elasticsearch.nix
@@ -174,11 +174,13 @@ in {
         LimitNOFILE = "1024000";
       };
       preStart = ''
-        # Only set vm.max_map_count if lower than ES required minimum
-        # This avoids conflict if configured via boot.kernel.sysctl
-        if [ `${pkgs.procps}/bin/sysctl -n vm.max_map_count` -lt 262144 ]; then
-          ${pkgs.procps}/bin/sysctl -w vm.max_map_count=262144
-        fi
+        ${optionalString (!config.boot.isContainer) ''
+          # Only set vm.max_map_count if lower than ES required minimum
+          # This avoids conflict if configured via boot.kernel.sysctl
+          if [ `${pkgs.procps}/bin/sysctl -n vm.max_map_count` -lt 262144 ]; then
+            ${pkgs.procps}/bin/sysctl -w vm.max_map_count=262144
+          fi
+        ''}
 
         mkdir -m 0700 -p ${cfg.dataDir}
 

diff --git a/nixos/modules/system/boot/plymouth.nix b/nixos/modules/system/boot/plymouth.nix
@@ -72,7 +72,7 @@ in
     environment.systemPackages = [ plymouth ];
 
     environment.etc."plymouth/plymouthd.conf".source = configFile;
-    environment.etc."plymouth/plymouthd.defaults".source = "${plymouth}/share/plymouth/plymouth.defaults";
+    environment.etc."plymouth/plymouthd.defaults".source = "${plymouth}/share/plymouth/plymouthd.defaults";
     environment.etc."plymouth/logo.png".source = cfg.logo;
     environment.etc."plymouth/themes".source = "${themesEnv}/share/plymouth/themes";
     # XXX: Needed because we supply a different set of plugins in initrd.