* fix/asterisk-module: use unix-group for asterisk-files
* fix/asterisk-module: add configOption to use some default config-files
* fix/asterisk-module: correction of skel copy
* fix/asterisk-module: use /etc/asterisk as configDir
* fix/asterisk-module: add reload; do not restart unit
* asterisk: 13.6.0 -> 14.1.2
* fix/asterisk: compile with lua, pjsip, format_mp3
* fix/asterisk: fix indentation
* fix/asterisk: remove broken flag
The profile minimal has several drawbacks: no man pages, unusual 'dbus'
lib that makes many X11 pieces to rebuild, etc.
With xz compression in the squashfs, despite these additions, the iso is
smaller than what it was in 16.09.
It seems that it is a GPL violation to distribute zfs in the
installation ISOs.
https://sfconservancy.org/blog/2016/feb/25/zfs-and-linux/
If anyone knows the issue better and has a reason to reenable it
legally, feel free to reenable it. I don't know much about it.
The current default value of listenAddress = null blows up:
$ nixos-rebuild build
error: cannot coerce null to a string, at
.../nixpkgs/nixos/modules/services/monitoring/prometheus/alertmanager.nix:97:16
With listenAddress = "" we use the same default as upstream and there is
no blow up :-)
...by providing a default value of "no labels" (an empty attrset).
Without this change we get
$ nixos-rebuild test -I nixpkgs=.
building Nix...
building the system configuration...
error: The option `services.prometheus.scrapeConfigs.[definition 1-entry 1].static_configs.[definition 1-entry 1].labels' is used but not defined.
which is unneeded, because labels _are_ optional.
All the new options in detail:
Enable docker in multi-user.target make container created with restart=always
to start. We still want socket activation as it decouples dependencies between
the existing of /var/run/docker.sock and the docker daemon. This means that
services can rely on the availability of this socket. Fixes#11478#21303
wantedBy = ["multi-user.target"];
This allows us to remove the postStart hack, as docker reports on its own when
it is ready.
Type=notify
The following will set unset some limits because overhead in kernel's ressource
accounting was observed. Note that these limit only apply to containerd.
Containers will have their own limit set.
LimitNPROC=infinity
LimitCORE=infinity
TasksMax=infinity
Upgrades may require schema migrations. This can delay the startup of dockerd.
TimeoutStartSec=0
Allows docker to create its own cgroup subhierarchy to apply ressource limits on
containers.
Delegate=true
When dockerd is killed, container should be not affected to allow
`live restore` to work.
KillMode=process
currently services.nginx does not start up if `networking.enableIPv6 = false`
the commit changes the nginx behavior to handle this case accordingly.
The commit resolves#21308
Overlayfs is quite a bit faster, e.g. with it the KDE 5 test takes ~7m
instead of ~30m on my laptop (which is still not great, since plain
9pfs is ~4m30s).
The structured options are incomplete compared to upstream and I think
it will be a maintenance burden to try to keep up. Instead, provide an
option for the raw config file contents (prometheus.yml).
This works around:
machine: must succeed: nix-store -qR /run/current-system | grep nixos-
machine# error: changing ownership of path ‘/nix/store’: Invalid argument
Probably Nix shouldn't be anal about the ownership of the store unless
it's trying to build/write to the store.
http://hydra.nixos.org/build/45093872/nixlog/17/raw
(cherry picked from commit 57a0f140643cde409022e297ed05e05f8d34d778)
Previously we were using two or three (qemu_kvm, qemu_test, and
qemu_test with a different dbus when minimal.nix is included).
(cherry picked from commit 8bfa4ce82ea7d23a1d4c6073bcc044e6bf9c4dbe)
This option is defined in qemu-vm.nix, but that module is not always
imported.
http://hydra.nixos.org/build/44817443
(cherry picked from commit 03c55005dfd6fbcd5cf8e00128a3bb6336b3bc0f)
Otherwise it starts way too early, only to fail and having to restart
until devices are available. It is less wasteful to simply wait until
there's a reasonable chance of success. This is consistent with
upstream.
This reverts commit 4358d3d43938666834d3e1fd5a8ea69b49c08112.
Not having a default was deliberate, see
1ce6fff4e2
Thanks to @ocharles for making me aware of this.
networkd options are always correct or up to date. This option allows to by
pass type checking. It is also easier to write because examples can be just copy
and paste from manpages.
Networkd units can contain secrets. In future also wireguard vpn will be supported by
networkd. To avoid leakage of private keys, those could be then also put outside
of the /nix/store
Having a writeable /etc/systemd/network also allows to quick fix network issues,
when upgrading `nixos-rebuild switch` would require network on its own (due
updates).
This reverts commit 656cc3acafcb30e3503f4d3e39694ca996c66015 because it
causes building the manual to fail:
$ nixos-rebuild build
...
building path(s) ‘/nix/store/s9y5z78z5pssvmixcmv9ix13gs8xj87f-manual-olinkdb’
Writing /nix/store/s9y5z78z5pssvmixcmv9ix13gs8xj87f-manual-olinkdb/manual.db for book(book-nixos-manual)
./man-pages.xml:625: element para: Relax-NG validity error : Did not expect element para there
./man-pages.xml:3: element variablelist: Relax-NG validity error : Element refsection has extra content: variablelist
./man-pages.xml:29: element refsection: Relax-NG validity error : Element refentry has extra content: refsection
./man-pages.xml:3: element reference: Relax-NG validity error : Element reference failed to validate content
./man-pages.xml fails to validate
CC @cleverca22, @Mic92
- most nixos user only require time synchronisation,
while ntpd implements a battery-included ntp server (1,215 LOCs of C-Code vs 64,302)
- timesyncd support ntp server per interface (if configured through dhcp for instance)
- timesyncd is already included in the systemd package, switching to it would
save a little disk space (1,5M)
The collectd service runs as an unprivileged user by default, so it does
not leak more information to its data directory than any user can obtain
elsewhere by other means.
If people are running it as root and are worried about information leak,
we can add collectd group and set perms to 750.
CC @offlinehacker.
Fixes#21198.
A secret can be stored in a file. It is written at runtime in the
configuration file.
Note it is also possible to write them in the nix store for dev
purposes.
This commit introduces a nixos module for the Openstack Keystone
service. It also provides a optional bootstrap step that creates some
basic initial resources (tenants, endpoints,...).
The provided test starts Keystone by enabling bootstrapping and checks
if user creation works well.
This commit is based on initial works made by domenkozar.
