Merge remote-tracking branch 'upstream/master' into HEAD

NixOS · Sep 28, 2017 · 4e22e88 · 4e22e88
2 parents 95b706f + 82667fe
commit 4e22e88
Show file tree

Hide file tree

Showing 63 changed files with 832 additions and 694 deletions.
diff --git a/lib/licenses.nix b/lib/licenses.nix
@@ -281,6 +281,11 @@ lib.mapAttrs (n: v: v // { shortName = n; }) rec {
     url = https://fedoraproject.org/wiki/Licensing/GPL_Classpath_Exception;
   };
 
+  hpnd = spdx {
+    spdxId = "HPND";
+    fullName = "Historic Permission Notice and Disclaimer";
+  };
+
   # Intel's license, seems free
   iasl = {
     fullName = "iASL";

diff --git a/nixos/doc/manual/release-notes/rl-1709.xml b/nixos/doc/manual/release-notes/rl-1709.xml
@@ -335,6 +335,13 @@ FLUSH PRIVILEGES;
     was removed and should not be needed anymore.</para>
   </listitem>
 
+  <listitem>
+    <para>
+      Redis has been updated to version 4 which mandates a cluster
+      mass-restart, due to changes in the network handling, in order
+      to ensure compatibility with networks NATing traffic.
+    </para>
+  </listitem>
 </itemizedlist>
 
 <para>Other notable improvements:</para>
@@ -432,6 +439,16 @@ FLUSH PRIVILEGES;
       version, kernel version and build date of all bootable generations.
     </para>
   </listitem>
+  <listitem>
+    <para>
+      The dnscrypt-proxy service now defaults to using a random upstream resolver,
+      selected from the list of public non-logging resolvers with DNSSEC support.
+      Existing configurations can be migrated to this mode of operation by
+      omitting the <option>services.dnscrypt-proxy.resolverName</option> option
+      or setting it to <literal>"random"</literal>.
+    </para>
+  </listitem>
+
 </itemizedlist>
 
 </section>
diff --git a/nixos/modules/hardware/video/nvidia.nix b/nixos/modules/hardware/video/nvidia.nix
@@ -40,6 +40,12 @@ in
 {
 
   config = mkIf enabled {
+    assertions = [
+      {
+        assertion = services.xserver.displayManager.gdm.wayland;
+        message = "NVidia drivers don't support wayland";
+      }
+    ];
 
     services.xserver.drivers = singleton
       { name = "nvidia"; modules = [ nvidia_x11.bin ]; libPath = [ nvidia_x11 ]; };
@@ -62,11 +68,16 @@ in
     boot.extraModulePackages = [ nvidia_x11.bin ];
 
     # nvidia-uvm is required by CUDA applications.
-    boot.kernelModules = [ "nvidia-uvm" ];
+    boot.kernelModules = [ "nvidia-uvm" ] ++
+      lib.optionals config.services.xserver.enable [ "nvidia" "nvidia_modeset" "nvidia_drm" ];
+
 
     # Create /dev/nvidia-uvm when the nvidia-uvm module is loaded.
     services.udev.extraRules =
       ''
+        KERNEL=="nvidia", RUN+="${pkgs.stdenv.shell} -c 'mknod -m 666 /dev/nvidiactl c $(grep nvidia-frontend /proc/devices | cut -d \  -f 1) 255'"
+        KERNEL=="nvidia_modeset", RUN+="${pkgs.stdenv.shell} -c 'mknod -m 666 /dev/nvidia-modeset c $(grep nvidia-frontend /proc/devices | cut -d \  -f 1) 254'"
+        KERNEL=="card*", SUBSYSTEM=="drm", DRIVERS=="nvidia", RUN+="${pkgs.stdenv.shell} -c 'mknod -m 666 /dev/nvidia%n c $(grep nvidia-frontend /proc/devices | cut -d \  -f 1) %n'"
         KERNEL=="nvidia_uvm", RUN+="${pkgs.stdenv.shell} -c 'mknod -m 666 /dev/nvidia-uvm c $(grep nvidia-uvm /proc/devices | cut -d \  -f 1) 0'"
       '';
 

diff --git a/nixos/modules/installer/cd-dvd/iso-image.nix b/nixos/modules/installer/cd-dvd/iso-image.nix
@@ -361,6 +361,9 @@ in
         { source = config.isoImage.splashImage;
           target = "/isolinux/background.png";
         }
+        { source = pkgs.writeText "version" config.system.nixosVersion;
+          target = "/version.txt";
+        }
       ] ++ optionals config.isoImage.makeEfiBootable [
         { source = efiImg;
           target = "/boot/efi.img";

diff --git a/nixos/modules/services/monitoring/monit.nix b/nixos/modules/services/monitoring/monit.nix
@@ -17,20 +17,22 @@ in
       };
       config = mkOption {
         default = "";
-        description = "monit.conf content";
+        description = "monitrc content";
       };
     };
   };
 
   config = mkIf config.services.monit.enable {
 
+    environment.systemPackages = [ pkgs.monit ];
+
     environment.etc = [
       {
         source = pkgs.writeTextFile {
-          name = "monit.conf";
+          name = "monitrc";
           text = config.services.monit.config;
         };
-        target = "monit.conf";
+        target = "monitrc";
         mode = "0400";
       }
     ];
@@ -40,9 +42,9 @@ in
       after = [ "network.target" ];
       wantedBy = [ "multi-user.target" ];
       serviceConfig = {
-        ExecStart = "${pkgs.monit}/bin/monit -I -c /etc/monit.conf";
-        ExecStop = "${pkgs.monit}/bin/monit -c /etc/monit.conf quit";
-        ExecReload = "${pkgs.monit}/bin/monit -c /etc/monit.conf reload";
+        ExecStart = "${pkgs.monit}/bin/monit -I -c /etc/monitrc";
+        ExecStop = "${pkgs.monit}/bin/monit -c /etc/monitrc quit";
+        ExecReload = "${pkgs.monit}/bin/monit -c /etc/monitrc reload";
         KillMode = "process";
         Restart = "always";
       };

diff --git a/nixos/modules/services/networking/consul.nix b/nixos/modules/services/networking/consul.nix
@@ -183,6 +183,7 @@ in
           ExecReload = "${cfg.package.bin}/bin/consul reload";
           PermissionsStartOnly = true;
           User = if cfg.dropPrivileges then "consul" else null;
+          Restart = "on-failure";
           TimeoutStartSec = "0";
         } // (optionalAttrs (cfg.leaveOnStop) {
           ExecStop = "${cfg.package.bin}/bin/consul leave";

diff --git a/nixos/modules/services/networking/tinc.nix b/nixos/modules/services/networking/tinc.nix
@@ -163,6 +163,12 @@ in
         wantedBy = [ "multi-user.target" ];
         after = [ "network.target" ];
         path = [ data.package ];
+        restartTriggers =
+          let
+            drvlist = [ config.environment.etc."tinc/${network}/tinc.conf".source ]
+                        ++ mapAttrsToList (host: _: config.environment.etc."tinc/${network}/hosts/${host}".source) data.hosts;
+          in # drvlist might be too long to be used directly
+            [ (builtins.hashString "sha256" (concatMapStrings (d: d.outPath) drvlist)) ];
         serviceConfig = {
           Type = "simple";
           Restart = "always";

diff --git a/nixos/modules/services/networking/wpa_supplicant.nix b/nixos/modules/services/networking/wpa_supplicant.nix
@@ -148,6 +148,7 @@ in {
       wants = [ "network.target" ];
       requires = lib.concatMap deviceUnit ifaces;
       wantedBy = [ "multi-user.target" ];
+      stopIfChanged = false;
 
       path = [ pkgs.wpa_supplicant ];
 

diff --git a/nixos/modules/services/networking/znc.nix b/nixos/modules/services/networking/znc.nix
@@ -212,6 +212,14 @@ in
         '';
       };
 
+      openFirewall = mkOption {
+        type = types.bool;
+        default = false;
+        description = ''
+          Whether to open ports in the firewall for ZNC.
+        '';
+      };
+
       zncConf = mkOption {
         default = "";
         example = "See: http://wiki.znc.in/Configuration";
@@ -276,14 +284,6 @@ in
           '';
         };
 
-        openFirewall = mkOption {
-          type = types.bool;
-          default = false;
-          description = ''
-            Whether to open ports in the firewall for ZNC.
-          '';
-        };
-
         passBlock = mkOption {
           example = defaultPassBlock;
           type = types.string;
@@ -359,7 +359,7 @@ in
   config = mkIf cfg.enable {
 
     networking.firewall = mkIf cfg.openFirewall {
-      allowedTCPPorts = [ cfg.port ];
+      allowedTCPPorts = [ cfg.confOptions.port ];
     };
 
     systemd.services.znc = {

diff --git a/nixos/modules/services/x11/display-managers/gdm.nix b/nixos/modules/services/x11/display-managers/gdm.nix
@@ -64,6 +64,14 @@ in
         };
       };
 
+      wayland = mkOption {
+        default = true;
+        description = ''
+          Allow GDM run on Wayland instead of Xserver
+        '';
+        type = types.bool;
+      };
+
     };
 
   };
@@ -94,6 +102,7 @@ in
     # GDM needs different xserverArgs, presumable because using wayland by default.
     services.xserver.tty = null;
     services.xserver.display = null;
+    services.xserver.verbose = null;
 
     services.xserver.displayManager.job =
       {
@@ -139,6 +148,7 @@ in
     # presented and there's a little delay.
     environment.etc."gdm/custom.conf".text = ''
       [daemon]
+      WaylandEnable=${if cfg.gdm.wayland then "true" else "false"}
       ${optionalString cfg.gdm.autoLogin.enable (
         if cfg.gdm.autoLogin.delay > 0 then ''
           TimedLoginEnable=true

diff --git a/nixos/modules/services/x11/xserver.nix b/nixos/modules/services/x11/xserver.nix
@@ -480,6 +480,15 @@ in
         '';
       };
 
+      verbose = mkOption {
+        type = types.nullOr types.int;
+        default = 3;
+        example = 7;
+        description = ''
+          Controls verbosity of X logging.
+        '';
+      };
+
       useGlamor = mkOption {
         type = types.bool;
         default = false;
@@ -631,10 +640,11 @@ in
       [ "-config ${configFile}"
         "-xkbdir" "${cfg.xkbDir}"
         # Log at the default verbosity level to stderr rather than /var/log/X.*.log.
-        "-verbose" "3" "-logfile" "/dev/null"
+         "-logfile" "/dev/null"
       ] ++ optional (cfg.display != null) ":${toString cfg.display}"
         ++ optional (cfg.tty     != null) "vt${toString cfg.tty}"
         ++ optional (cfg.dpi     != null) "-dpi ${toString cfg.dpi}"
+        ++ optional (cfg.verbose != null) "-verbose ${toString cfg.verbose}"
         ++ optional (!cfg.enableTCP) "-nolisten tcp"
         ++ optional (cfg.autoRepeatDelay != null) "-ardelay ${toString cfg.autoRepeatDelay}"
         ++ optional (cfg.autoRepeatInterval != null) "-arinterval ${toString cfg.autoRepeatInterval}"

diff --git a/nixos/modules/system/boot/systemd.nix b/nixos/modules/system/boot/systemd.nix
@@ -875,7 +875,12 @@ in
     systemd.services.systemd-remount-fs.restartIfChanged = false;
     systemd.services.systemd-update-utmp.restartIfChanged = false;
     systemd.services.systemd-user-sessions.restartIfChanged = false; # Restart kills all active sessions.
-    systemd.services.systemd-logind.restartTriggers = [ config.environment.etc."systemd/logind.conf".source ];
+    # Restarting systemd-logind breaks X11
+    # - upstream commit: https://cgit.freedesktop.org/xorg/xserver/commit/?id=dc48bd653c7e101
+    # - systemd announcement: https://github.com/systemd/systemd/blob/22043e4317ecd2bc7834b48a6d364de76bb26d91/NEWS#L103-L112
+    # - this might be addressed in the future by xorg
+    #systemd.services.systemd-logind.restartTriggers = [ config.environment.etc."systemd/logind.conf".source ];
+    systemd.services.systemd-logind.restartIfChanged = false;
     systemd.services.systemd-logind.stopIfChanged = false;
     systemd.services.systemd-journald.restartTriggers = [ config.environment.etc."systemd/journald.conf".source ];
     systemd.services.systemd-journald.stopIfChanged = false;

diff --git a/nixos/modules/tasks/kbd.nix b/nixos/modules/tasks/kbd.nix
@@ -98,22 +98,10 @@ in
           '') config.i18n.consoleColors}
         '';
 
-        /* XXX: systemd-vconsole-setup needs a "main" terminal. By default
-         * /dev/tty0 is used which wouldn't work when the service is restarted
-         * from X11. We set this to /dev/tty1; not ideal because it may also be
-         * owned by X11 or something else.
-         *
-         * See #22470.
-         */
         systemd.services."systemd-vconsole-setup" =
-          { wantedBy = [ "sysinit.target" ];
-            before = [ "display-manager.service" ];
+          { before = [ "display-manager.service" ];
             after = [ "systemd-udev-settle.service" ];
             restartTriggers = [ vconsoleConf kbdEnv ];
-            serviceConfig.ExecStart = [
-              ""
-              "${pkgs.systemd}/lib/systemd/systemd-vconsole-setup /dev/tty1"
-            ];
           };
       }
 

diff --git a/nixos/modules/tasks/network-interfaces-scripted.nix b/nixos/modules/tasks/network-interfaces-scripted.nix
@@ -122,24 +122,32 @@ let
 
                 # Set the default gateway.
                 ${optionalString (cfg.defaultGateway != null && cfg.defaultGateway.address != "") ''
-                  # FIXME: get rid of "|| true" (necessary to make it idempotent).
-                  ip route add default ${optionalString (cfg.defaultGateway.metric != null)
+                  ${optionalString (cfg.defaultGateway.interface != null) ''
+                    ip route replace ${cfg.defaultGateway.address} dev ${cfg.defaultGateway.interface} ${optionalString (cfg.defaultGateway.metric != null)
+                      "metric ${toString cfg.defaultGateway.metric}"
+                    } proto static
+                  ''}
+                  ip route replace default ${optionalString (cfg.defaultGateway.metric != null)
                       "metric ${toString cfg.defaultGateway.metric}"
                     } via "${cfg.defaultGateway.address}" ${
                     optionalString (cfg.defaultGatewayWindowSize != null)
                       "window ${toString cfg.defaultGatewayWindowSize}"} ${
                     optionalString (cfg.defaultGateway.interface != null)
-                      "dev ${cfg.defaultGateway.interface}"} proto static || true
+                      "dev ${cfg.defaultGateway.interface}"} proto static
                 ''}
                 ${optionalString (cfg.defaultGateway6 != null && cfg.defaultGateway6.address != "") ''
-                  # FIXME: get rid of "|| true" (necessary to make it idempotent).
-                  ip -6 route add ::/0 ${optionalString (cfg.defaultGateway6.metric != null)
+                  ${optionalString (cfg.defaultGateway6.interface != null) ''
+                    ip -6 route replace ${cfg.defaultGateway6.address} dev ${cfg.defaultGateway6.interface} ${optionalString (cfg.defaultGateway6.metric != null)
+                      "metric ${toString cfg.defaultGateway6.metric}"
+                    } proto static
+                  ''}
+                  ip -6 route replace default ${optionalString (cfg.defaultGateway6.metric != null)
                       "metric ${toString cfg.defaultGateway6.metric}"
                     } via "${cfg.defaultGateway6.address}" ${
                     optionalString (cfg.defaultGatewayWindowSize != null)
                       "window ${toString cfg.defaultGatewayWindowSize}"} ${
                     optionalString (cfg.defaultGateway6.interface != null)
-                      "dev ${cfg.defaultGateway6.interface}"} proto static || true
+                      "dev ${cfg.defaultGateway6.interface}"} proto static
                 ''}
               '';
           };

diff --git a/nixos/tests/mesos.nix b/nixos/tests/mesos.nix
@@ -56,9 +56,7 @@ import ./make-test.nix ({ pkgs, ...} : rec {
     src = ./mesos_test.py;
     phases = [ "installPhase" "fixupPhase" ];
     installPhase = ''
-      mkdir $out
-      cp $src $out/mesos_test.py
-      chmod +x $out/mesos_test.py
+      install -Dvm 0755 $src $out/bin/mesos_test.py
 
       echo "done" > test.result
       tar czf $out/test.tar.gz test.result
@@ -74,18 +72,18 @@ import ./make-test.nix ({ pkgs, ...} : rec {
       $master->waitForOpenPort(5050);
       $slave->waitForOpenPort(5051);
 
-      # is slave registred? 
+      # is slave registered?
       $master->waitUntilSucceeds("curl -s --fail http://master:5050/master/slaves".
                                  " | grep -q \"\\\"hostname\\\":\\\"slave\\\"\"");
 
-      # try to run docker image 
+      # try to run docker image
       $master->succeed("${pkgs.mesos}/bin/mesos-execute --master=master:5050".
                        " --resources=\"cpus:0.1;mem:32\" --name=simple-docker".
                        " --containerizer=mesos --docker_image=echo:latest".
                        " --shell=true --command=\"echo done\" | grep -q TASK_FINISHED");
 
       # simple command with .tar.gz uri
-      $master->succeed("${testFramework}/mesos_test.py master ".
+      $master->succeed("${testFramework}/bin/mesos_test.py master ".
                        "${testFramework}/test.tar.gz");
     '';
 })