Merge branch 'master' into staging

There's been a mass rebuild on master due to python2 update.
NixOS · Dec 26, 2016 · 3829d1c · 3829d1c
2 parents 921bdb7 + da70d3d
commit 3829d1c
Show file tree

Hide file tree

Showing 93 changed files with 1,979 additions and 958 deletions.
diff --git a/lib/maintainers.nix b/lib/maintainers.nix
@@ -206,6 +206,7 @@
   jb55 = "William Casarin <bill@casarin.me>";
   jbedo = "Justin Bedő <cu@cua0.org>";
   jcumming = "Jack Cummings <jack@mudshark.org>";
+  jdagilliland = "Jason Gilliland <jdagilliland@gmail.com>";
   jefdaj = "Jeffrey David Johnson <jefdaj@gmail.com>";
   jerith666 = "Matt McHenry <github@matt.mchenryfamily.org>";
   jfb = "James Felix Black <james@yamtime.com>";

diff --git a/nixos/modules/services/misc/plex.nix b/nixos/modules/services/misc/plex.nix
@@ -19,6 +19,14 @@ in
         description = "The directory where Plex stores its data files.";
       };
 
+      openFirewall = mkOption {
+        type = types.bool;
+        default = false;
+        description = ''
+          Open ports in the firewall for the media server
+        '';
+      };
+
       user = mkOption {
         type = types.str;
         default = "plex";
@@ -127,7 +135,7 @@ in
         User = cfg.user;
         Group = cfg.group;
         PermissionsStartOnly = "true";
-        ExecStart = "/bin/sh -c '${cfg.package}/usr/lib/plexmediaserver/Plex\\ Media\\ Server'";
+        ExecStart = "/bin/sh -c ${cfg.package}/usr/lib/plexmediaserver/Plex\\ Media\\ Server";
         Restart = "on-failure";
       };
       environment = {
@@ -141,6 +149,11 @@ in
       };
     };
 
+    networking.firewall = mkIf cfg.openFirewall {
+      allowedTCPPorts = [ 32400 3005 8324 32469 ];
+      allowedUDPPorts = [ 1900 5353 32410 32412 32413 32414 ];
+    };
+
     users.extraUsers = mkIf (cfg.user == "plex") {
       plex = {
         group = cfg.group;

diff --git a/nixos/modules/services/monitoring/prometheus/default.nix b/nixos/modules/services/monitoring/prometheus/default.nix
@@ -191,6 +191,7 @@ let
       };
       labels = mkOption {
         type = types.attrsOf types.str;
+        default = {};
         description = ''
           Labels assigned to all metrics scraped from the targets.
         '';

diff --git a/nixos/modules/services/web-servers/apache-httpd/default.nix b/nixos/modules/services/web-servers/apache-httpd/default.nix
@@ -16,6 +16,8 @@ let
 
   phpMajorVersion = head (splitString "." php.version);
 
+  mod_perl = pkgs.mod_perl.override { apacheHttpd = httpd; };
+
   defaultListen = cfg: if cfg.enableSSL
     then [{ip = "*"; port = 443;}]
     else [{ip = "*"; port = 80;}];
@@ -76,6 +78,7 @@ let
           robotsEntries = "";
           startupScript = "";
           enablePHP = false;
+          enablePerl = false;
           phpOptions = "";
           options = {};
           documentRoot = null;
@@ -355,6 +358,7 @@ let
           ++ map (name: {inherit name; path = "${httpd}/modules/mod_${name}.so";}) apacheModules
           ++ optional mainCfg.enableMellon { name = "auth_mellon"; path = "${pkgs.apacheHttpdPackages.mod_auth_mellon}/modules/mod_auth_mellon.so"; }
           ++ optional enablePHP { name = "php${phpMajorVersion}"; path = "${php}/modules/libphp${phpMajorVersion}.so"; }
+          ++ optional enablePerl { name = "perl"; path = "${mod_perl}/modules/mod_perl.so"; }
           ++ concatMap (svc: svc.extraModules) allSubservices
           ++ extraForeignModules;
       in concatMapStrings load allModules
@@ -415,6 +419,8 @@ let
 
   enablePHP = mainCfg.enablePHP || any (svc: svc.enablePHP) allSubservices;
 
+  enablePerl = mainCfg.enablePerl || any (svc: svc.enablePerl) allSubservices;
+
 
   # Generate the PHP configuration file.  Should probably be factored
   # out into a separate module.
@@ -579,6 +585,12 @@ in
         '';
       };
 
+      enablePerl = mkOption {
+        type = types.bool;
+        default = false;
+        description = "Whether to enable the Perl module (mod_perl).";
+      };
+
       phpOptions = mkOption {
         type = types.lines;
         default = "";

diff --git a/nixos/modules/services/web-servers/lighttpd/inginious.nix b/nixos/modules/services/web-servers/lighttpd/inginious.nix
@@ -191,9 +191,8 @@ in
         virtualisation.docker = {
           enable = true;
           # We need docker to listen on port 2375.
-          extraOptions = "-H tcp://127.0.0.1:2375 -H unix:///var/run/docker.sock";
+          listenOptions = ["127.0.0.1:2375" "/var/run/docker.sock"];
           storageDriver = mkDefault "overlay";
-          socketActivation = false;
         };
 
         users.extraUsers."lighttpd".extraGroups = [ "docker" ];

diff --git a/nixos/modules/services/web-servers/nginx/default.nix b/nixos/modules/services/web-servers/nginx/default.nix
@@ -10,6 +10,7 @@ let
       sslCertificateKey = "/var/lib/acme/${vhostName}/key.pem";
     })
   ) cfg.virtualHosts;
+  enableIPv6 = config.networking.enableIPv6;
 
   configFile = pkgs.writeText "nginx.conf" ''
     user ${cfg.user} ${cfg.group};
@@ -84,15 +85,15 @@ let
       ${optionalString cfg.statusPage ''
         server {
           listen 80;
-          listen [::]:80;
+          ${optionalString enableIPv6 "listen [::]:80;" }
 
           server_name localhost;
 
           location /nginx_status {
             stub_status on;
             access_log off;
             allow 127.0.0.1;
-            allow ::1;
+            ${optionalString enableIPv6 "allow ::1;"}
             deny all;
           }
         }
@@ -116,7 +117,7 @@ let
         ssl = vhost.enableSSL || vhost.forceSSL;
         port = if vhost.port != null then vhost.port else (if ssl then 443 else 80);
         listenString = toString port + optionalString ssl " ssl http2"
-          + optionalString vhost.default " default";
+          + optionalString vhost.default " default_server";
         acmeLocation = optionalString vhost.enableACME (''
           location /.well-known/acme-challenge {
             ${optionalString (vhost.acmeFallbackHost != null) "try_files $uri @acme-fallback;"}
@@ -132,8 +133,10 @@ let
       in ''
         ${optionalString vhost.forceSSL ''
           server {
-            listen 80 ${optionalString vhost.default "default"};
-            listen [::]:80 ${optionalString vhost.default "default"};
+            listen 80 ${optionalString vhost.default "default_server"};
+            ${optionalString enableIPv6
+              ''listen [::]:80 ${optionalString vhost.default "default_server"};''
+            }
 
             server_name ${serverName} ${concatStringsSep " " vhost.serverAliases};
             ${acmeLocation}
@@ -145,7 +148,7 @@ let
 
         server {
           listen ${listenString};
-          listen [::]:${listenString};
+          ${optionalString enableIPv6 "listen [::]:${listenString};"}
 
           server_name ${serverName} ${concatStringsSep " " vhost.serverAliases};
           ${acmeLocation}

diff --git a/nixos/modules/virtualisation/docker.nix b/nixos/modules/virtualisation/docker.nix
@@ -28,16 +28,42 @@ in
             <command>docker</command> command line tool.
           '';
       };
-    socketActivation =
+
+    listenOptions =
+      mkOption {
+        type = types.listOf types.str;
+        default = ["/var/run/docker.sock"];
+        description =
+          ''
+            A list of unix and tcp docker should listen to. The format follows
+            ListenStream as described in systemd.socket(5).
+          '';
+      };
+
+    enableOnBoot =
+      mkOption {
+        type = types.bool;
+        default = true;
+        description =
+          ''
+            When enabled dockerd is started on boot. This is required for
+            container, which are created with the
+            <literal>--restart=always</literal> flag, to work. If this option is
+            disabled, docker might be started on demand by socket activation.
+          '';
+      };
+
+    liveRestore =
       mkOption {
         type = types.bool;
         default = true;
         description =
           ''
-            This option enables docker with socket activation. I.e. docker will
-            start when first called by client.
+            Allow dockerd to be restarted without affecting running container.
+            This option is incompatible with docker swarm.
           '';
       };
+
     storageDriver =
       mkOption {
         type = types.nullOr (types.enum ["aufs" "btrfs" "devicemapper" "overlay" "overlay2" "zfs"]);
@@ -69,69 +95,39 @@ in
             <command>docker</command> daemon.
           '';
       };
-
-    postStart =
-      mkOption {
-        type = types.lines;
-        default = ''
-          while ! [ -e /var/run/docker.sock ]; do
-            sleep 0.1
-          done
-        '';
-        description = ''
-          The postStart phase of the systemd service. You may need to
-          override this if you are passing in flags to docker which
-          don't cause the socket file to be created. This option is ignored
-          if socket activation is used.
-        '';
-      };
-
-
   };
 
   ###### implementation
 
-  config = mkIf cfg.enable (mkMerge [
-    { environment.systemPackages = [ pkgs.docker ];
+  config = mkIf cfg.enable (mkMerge [{
+      environment.systemPackages = [ pkgs.docker ];
       users.extraGroups.docker.gid = config.ids.gids.docker;
+      systemd.packages = [ pkgs.docker ];
+
       systemd.services.docker = {
-        description = "Docker Application Container Engine";
-        wantedBy = optional (!cfg.socketActivation) "multi-user.target";
-        after = [ "network.target" ] ++ (optional cfg.socketActivation "docker.socket") ;
-        requires = optional cfg.socketActivation "docker.socket";
+        wantedBy = optional cfg.enableOnBoot "multi-user.target";
         serviceConfig = {
-          ExecStart = ''${pkgs.docker}/bin/dockerd \
-            --group=docker --log-driver=${cfg.logDriver} \
-            ${optionalString (cfg.storageDriver != null) "--storage-driver=${cfg.storageDriver}"} \
-            ${optionalString cfg.socketActivation "--host=fd://"} \
-            ${cfg.extraOptions}
-          '';
-          #  I'm not sure if that limits aren't too high, but it's what
-          #  goes in config bundled with docker itself
-          LimitNOFILE = 1048576;
-          LimitNPROC = 1048576;
+          ExecStart = [
+            ""
+            ''
+              ${pkgs.docker}/bin/dockerd \
+                --group=docker \
+                --host=fd:// \
+                --log-driver=${cfg.logDriver} \
+                ${optionalString (cfg.storageDriver != null) "--storage-driver=${cfg.storageDriver}"} \
+                ${optionalString cfg.liveRestore "--live-restore" } \
+                ${cfg.extraOptions}
+            ''];
+          ExecReload=[
+            ""
+            "${pkgs.procps}/bin/kill -s HUP $MAINPID"
+          ];
         } // proxy_env;
 
         path = [ pkgs.kmod ] ++ (optional (cfg.storageDriver == "zfs") pkgs.zfs);
-
-        postStart = if cfg.socketActivation then "" else cfg.postStart;
-
-        # Presumably some containers are running we don't want to interrupt
-        restartIfChanged = false;
       };
+      systemd.sockets.docker.socketConfig.ListenStream = cfg.listenOptions;
     }
-    (mkIf cfg.socketActivation {
-      systemd.sockets.docker = {
-        description = "Docker Socket for the API";
-        wantedBy = [ "sockets.target" ];
-        socketConfig = {
-          ListenStream = "/var/run/docker.sock";
-          SocketMode = "0660";
-          SocketUser = "root";
-          SocketGroup = "docker";
-        };
-      };
-    })
   ]);
 
 }
diff --git a/nixos/tests/docker-registry.nix b/nixos/tests/docker-registry.nix
@@ -16,13 +16,11 @@ import ./make-test.nix ({ pkgs, ...} : {
 
     client1 = { config, pkgs, ...}: {
       virtualisation.docker.enable = true;
-      virtualisation.docker.socketActivation = false;
       virtualisation.docker.extraOptions = "--insecure-registry registry:8080";
     };
 
     client2 = { config, pkgs, ...}: {
       virtualisation.docker.enable = true;
-      virtualisation.docker.socketActivation = false;
       virtualisation.docker.extraOptions = "--insecure-registry registry:8080";
     };
   };

diff --git a/pkgs/applications/audio/qmmp/default.nix b/pkgs/applications/audio/qmmp/default.nix
@@ -29,11 +29,11 @@
 # handle that.
 
 stdenv.mkDerivation rec {
-  name = "qmmp-1.1.2";
+  name = "qmmp-1.1.5";
 
   src = fetchurl {
     url = "http://qmmp.ylsoftware.com/files/${name}.tar.bz2";
-    sha256 = "023gvgchk6ybkz3miy0z08j9n5awz5cjvav7fqjdmpix4sivhn5q";
+    sha256 = "1gfx6nm9v6qrx58gxib6grfhb45mnib1n4wdsnjq16br6bs8h4lv";
   };
 
   buildInputs =

diff --git a/pkgs/applications/editors/rstudio/default.nix b/pkgs/applications/editors/rstudio/default.nix
@@ -1,11 +1,11 @@
-{ stdenv, fetchurl, cmake, boost155, zlib, openssl, R, qt4, libuuid, hunspellDicts, unzip, ant, jdk, gnumake, makeWrapper }:
+{ stdenv, fetchurl, makeDesktopItem, cmake, boost155, zlib, openssl, R, qt4, libuuid, hunspellDicts, unzip, ant, jdk, gnumake, makeWrapper }:
 
 let
   version = "0.98.110";
   ginVer = "1.5";
   gwtVer = "2.5.1";
 in
-stdenv.mkDerivation {
+stdenv.mkDerivation rec {
   name = "RStudio-${version}";
 
   buildInputs = [ cmake boost155 zlib openssl R qt4 libuuid unzip ant jdk makeWrapper ];
@@ -31,7 +31,7 @@ stdenv.mkDerivation {
     sha256 = "0fjr2rcr8lnywj54mzhg9i4xz1b6fh8yv12p5i2q5mgfld2xymy4";
   };
 
-  hunspellDicts = builtins.attrValues hunspellDicts;
+  hunspellDictionaries = builtins.attrValues hunspellDicts;
 
   mathJaxSrc = fetchurl {
     url = https://s3.amazonaws.com/rstudio-buildtools/mathjax-20.zip;
@@ -50,7 +50,7 @@ stdenv.mkDerivation {
       mv gwt-$gwtVer $GWT_LIB_DIR/gwt/$gwtVer
 
       mkdir dependencies/common/dictionaries
-      for dict in $hunspellDicts; do
+      for dict in $hunspellDictionaries; do
           for i in "$dict/share/hunspell/"*
 	  do ln -sv $i dependencies/common/dictionaries/
 	  done
@@ -61,8 +61,23 @@ stdenv.mkDerivation {
 
   cmakeFlags = [ "-DRSTUDIO_TARGET=Desktop" ];
 
+  desktopItem = makeDesktopItem {
+    name = name;
+    exec = "rstudio %F";
+    icon = "rstudio";
+    desktopName = "RStudio";
+    genericName = "IDE";
+    comment = meta.description;
+    categories = "Development;";
+    mimeType = "text/x-r-source;text/x-r;text/x-R;text/x-r-doc;text/x-r-sweave;text/x-r-markdown;text/x-r-html;text/x-r-presentation;application/x-r-data;application/x-r-project;text/x-r-history;text/x-r-profile;text/x-tex;text/x-markdown;text/html;text/css;text/javascript;text/x-chdr;text/x-csrc;text/x-c++hdr;text/x-c++src;";
+  };
+
   postInstall = ''
       wrapProgram $out/bin/rstudio --suffix PATH : ${gnumake}/bin
+      mkdir $out/share
+      cp -r ${desktopItem}/share/applications $out/share
+      mkdir $out/share/icons
+      ln $out/rstudio.png $out/share/icons
   '';
 
   meta = with stdenv.lib;