Merge remote-tracking branch 'upstream/master' into HEAD

NixOS · Sep 16, 2017 · 03fa696 · 03fa696 · vcunat · Sep 16, 2017
2 parents a31365d + 6712e01
commit 03fa696
Show file tree

Hide file tree

Showing 175 changed files with 4,621 additions and 2,723 deletions.
diff --git a/lib/licenses.nix b/lib/licenses.nix
@@ -175,6 +175,12 @@ lib.mapAttrs (n: v: v // { shortName = n; }) rec {
     fullName = "DOC License";
   };
 
+  eapl = {
+    fullName = "EPSON AVASYS PUBLIC LICENSE";
+    url = http://avasys.jp/hp/menu000000700/hpg000000603.htm;
+    free = false;
+  };
+
   efl10 = spdx {
     spdxId = "EFL-1.0";
     fullName = "Eiffel Forum License v1.0";
@@ -211,6 +217,11 @@ lib.mapAttrs (n: v: v // { shortName = n; }) rec {
     fullName = "GNU Free Documentation License v1.3";
   };
 
+  ffsl = {
+    fullName = "Floodgap Free Software License";
+    url = http://www.floodgap.com/software/ffsl/license.html;
+  };
+
   free = {
     fullName = "Unspecified free software license";
   };

diff --git a/lib/maintainers.nix b/lib/maintainers.nix
@@ -304,7 +304,7 @@
   kiloreux = "Kiloreux Emperex <kiloreux@gmail.com>";
   kkallio = "Karn Kallio <tierpluspluslists@gmail.com>";
   knedlsepp = "Josef Kemetmüller <josef.kemetmueller@gmail.com>";
-  konimex = "Muhammad Herdiansyah <herdiansyah@openmailbox.org>";
+  konimex = "Muhammad Herdiansyah <herdiansyah@netc.eu>";
   koral = "Koral <koral@mailoo.org>";
   kovirobi = "Kovacsics Robert <kovirobi@gmail.com>";
   kragniz = "Louis Taylor <louis@kragniz.eu>";
@@ -583,6 +583,7 @@
   thammers = "Tobias Hammerschmidt <jawr@gmx.de>";
   the-kenny = "Moritz Ulrich <moritz@tarn-vedra.de>";
   theuni = "Christian Theune <ct@flyingcircus.io>";
+  ThomasMader = "Thomas Mader <thomas.mader@gmail.com>";
   thoughtpolice = "Austin Seipp <aseipp@pobox.com>";
   timbertson = "Tim Cuthbertson <tim@gfxmonk.net>";
   titanous = "Jonathan Rudenberg <jonathan@titanous.com>";
@@ -636,6 +637,7 @@
   wjlroe = "William Roe <willroe@gmail.com>";
   wkennington = "William A. Kennington III <william@wkennington.com>";
   wmertens = "Wout Mertens <Wout.Mertens@gmail.com>";
+  woffs = "Frank Doepper <github@woffs.de>";
   womfoo = "Kranium Gikos Mendoza <kranium@gikos.net>";
   wscott = "Wayne Scott <wsc9tt@gmail.com>";
   wyvie = "Elijah Rum <elijahrum@gmail.com>";

diff --git a/nixos/modules/installer/cd-dvd/sd-image-aarch64.nix b/nixos/modules/installer/cd-dvd/sd-image-aarch64.nix
@@ -27,7 +27,8 @@ in
   boot.loader.generic-extlinux-compatible.enable = true;
 
   boot.kernelPackages = pkgs.linuxPackages_latest;
-  boot.kernelParams = ["console=ttyS0,115200n8" "console=tty0"];
+  # Increase the amount of CMA to ensure the virtual console on the RPi3 works.
+  boot.kernelParams = ["cma=32M" "console=ttyS0,115200n8" "console=tty0"];
   boot.consoleLogLevel = 7;
 
   # FIXME: this probably should be in installation-device.nix

diff --git a/nixos/modules/installer/tools/nix-fallback-paths.nix b/nixos/modules/installer/tools/nix-fallback-paths.nix
@@ -1,5 +1,5 @@
 {
-  x86_64-linux = "/nix/store/xrqssm90gsrnqdn79rpfcs6dwx8597d2-nix-1.11.14";
-  i686-linux = "/nix/store/3vjphivqs2iy6m9yb3bd80nd3518510k-nix-1.11.14";
-  x86_64-darwin = "/nix/store/4j9jacx8mjd4jlj53wvymyhxq7dqyj5d-nix-1.11.14";
+  x86_64-linux = "/nix/store/b4s1gxiis1ryvybnjhdjvgc5sr1nq0ys-nix-1.11.15";
+  i686-linux = "/nix/store/kgb5hs7qw13bvb6icramv1ry9dard3h9-nix-1.11.15";
+  x86_64-darwin = "/nix/store/dgwz3dxdzs2wwd7pg7cdhvl8rv0qpnbj-nix-1.11.15";
 }
diff --git a/nixos/modules/installer/tools/nixos-install.sh b/nixos/modules/installer/tools/nixos-install.sh
@@ -106,8 +106,11 @@ extraBuildFlags+=(--option "build-users-group" "$buildUsersGroup")
 binary_caches="$(@perl@/bin/perl -I @nix@/lib/perl5/site_perl/*/* -e 'use Nix::Config; Nix::Config::readConfig; print $Nix::Config::config{"binary-caches"};')"
 extraBuildFlags+=(--option "binary-caches" "$binary_caches")
 
-nixpkgs="$(readlink -f "$(nix-instantiate --find-file nixpkgs)")"
-export NIX_PATH="nixpkgs=$nixpkgs:nixos-config=$mountPoint/$NIXOS_CONFIG"
+# We only need nixpkgs in the path if we don't already have a system closure to install
+if [[ -z "$closure" ]]; then
+    nixpkgs="$(readlink -f "$(nix-instantiate --find-file nixpkgs)")"
+    export NIX_PATH="nixpkgs=$nixpkgs:nixos-config=$mountPoint/$NIXOS_CONFIG"
+fi
 unset NIXOS_CONFIG
 
 # TODO: do I need to set NIX_SUBSTITUTERS here or is the --option binary-caches above enough?
@@ -123,6 +126,9 @@ function closure() {
 }
 
 system_closure="$tmpdir/system.closure"
+# Use a FIFO for piping nix-store --export into nix-store --import, saving disk
+# I/O and space. nix-store --import is run by nixos-prepare-root.
+mkfifo $system_closure
 
 if [ -z "$closure" ]; then
     expr="(import <nixpkgs/nixos> {}).system"
@@ -132,7 +138,9 @@ else
     system_root=$closure
     # Create a temporary file ending in .closure (so nixos-prepare-root knows to --import it) to transport the store closure
     # to the filesytem we're preparing. Also delete it on exit!
-    nix-store --export $(nix-store -qR $closure) > $system_closure
+    # Run in background to avoid blocking while trying to write to the FIFO
+    # $system_closure refers to
+    nix-store --export $(nix-store -qR $closure) > $system_closure &
 fi
 
 channel_root="$(nix-env -p /nix/var/nix/profiles/per-user/root/channels -q nixos --no-name --out-path 2>/dev/null || echo -n "")"

diff --git a/nixos/modules/programs/mtr.nix b/nixos/modules/programs/mtr.nix
@@ -19,8 +19,9 @@ in {
   };
 
   config = mkIf cfg.enable {
-    security.wrappers.mtr = {
-      source = "${pkgs.mtr}/bin/mtr";
+    environment.systemPackages = with pkgs; [ mtr ];
+    security.wrappers.mtr-packet = {
+      source = "${pkgs.mtr}/bin/mtr-packet";
       capabilities = "cap_net_raw+p";
     };
   };

diff --git a/nixos/modules/rename.nix b/nixos/modules/rename.nix
@@ -192,7 +192,6 @@ with lib;
       "Set the option `services.xserver.displayManager.sddm.package' instead.")
     (mkRemovedOptionModule [ "fonts" "fontconfig" "forceAutohint" ] "")
     (mkRemovedOptionModule [ "fonts" "fontconfig" "renderMonoTTFAsBitmap" ] "")
-    (mkRemovedOptionModule [ "boot" "zfs" "enableUnstable" ] "0.7.0 is now the default")
 
     # ZSH
     (mkRenamedOptionModule [ "programs" "zsh" "enableSyntaxHighlighting" ] [ "programs" "zsh" "syntaxHighlighting" "enable" ])

diff --git a/nixos/modules/services/mail/dovecot.nix b/nixos/modules/services/mail/dovecot.nix
@@ -60,6 +60,39 @@ let
       }
     '')
 
+    ''
+      protocol imap {
+        namespace inbox {
+          inbox=yes
+          ${concatStringsSep "\n" (map mailboxConfig cfg.mailboxes)}
+        }
+      }
+    ''
+
+    (optionalString cfg.enableQuota ''
+      mail_plugins = $mail_plugins quota
+      service quota-status {
+        executable = ${dovecotPkg}/libexec/dovecot/quota-status -p postfix
+        inet_listener {
+          port = ${cfg.quotaPort}
+        }
+        client_limit = 1
+      }
+
+      protocol imap {
+        mail_plugins = $mail_plugins imap_quota
+      }
+
+      plugin {
+        quota_rule = *:storage=${cfg.quotaGlobalPerUser} 
+        quota = maildir:User quota # per virtual mail user quota # BUG/FIXME broken, we couldn't get this working
+        quota_status_success = DUNNO
+        quota_status_nouser = DUNNO
+        quota_status_overquota = "552 5.2.2 Mailbox is full"
+        quota_grace = 10%%
+      }
+    '')
+
     cfg.extraConfig
   ];
 
@@ -68,6 +101,34 @@ let
     paths = map (pkg: "${pkg}/lib/dovecot") ([ dovecotPkg ] ++ map (module: module.override { dovecot = dovecotPkg; }) cfg.modules);
   };
 
+  mailboxConfig = mailbox: ''
+    mailbox ${mailbox.name} {
+      auto = ${toString mailbox.auto}
+  '' + optionalString (mailbox.specialUse != null) ''
+      special_use = \${toString mailbox.specialUse}
+  '' + "}";
+
+  mailboxes = { lib, pkgs, ... }: {
+    options = {
+      name = mkOption {
+        type = types.str;
+        example = "Spam";
+        description = "The name of the mailbox.";
+      };
+      auto = mkOption {
+        type = types.enum [ "no" "create" "subscribe" ];
+        default = "no";
+        example = "subscribe";
+        description = "Whether to automatically create or create and subscribe to the mailbox or not.";
+      };
+      specialUse = mkOption {
+        type = types.nullOr (types.enum [ "All" "Archive" "Drafts" "Flagged" "Junk" "Sent" "Trash" ]);
+        default = null;
+        example = "Junk";
+        description = "Null if no special use flag is set. Other than that every use flag mentioned in the RFC is valid.";
+      };
+    };
+  };
 in
 {
 
@@ -76,7 +137,7 @@ in
 
     enablePop3 = mkOption {
       type = types.bool;
-      default = true;
+      default = false;
       description = "Start the POP3 listener (when Dovecot is enabled).";
     };
 
@@ -145,6 +206,14 @@ in
       description = "Default group to store mail for virtual users.";
     };
 
+    createMailUser = mkOption {
+      type = types.bool;
+      default = true;
+      description = ''Whether to automatically create the user
+        given in <option>services.dovecot.user</option> and the group
+        given in <option>services.dovecot.group</option>.'';
+    };
+
     modules = mkOption {
       type = types.listOf types.package;
       default = [];
@@ -191,6 +260,36 @@ in
       default = false;
       description = "Show the PAM failure message on authentication error (useful for OTPW).";
     };
+
+    mailboxes = mkOption {
+      type = types.listOf (types.submodule mailboxes);
+      default = [];
+      example = [ { name = "Spam"; specialUse = "Junk"; auto = "create"; } ];
+      description = "Configure mailboxes and auto create or subscribe them.";
+    };
+
+    enableQuota = mkOption {
+      type = types.bool;
+      default = false;
+      example = true;
+      description = "Whether to enable the dovecot quota service.";
+    };
+
+    quotaPort = mkOption {
+      type = types.str;
+      default = "12340";
+      description = ''
+        The Port the dovecot quota service binds to.
+        If using postfix, add check_policy_service inet:localhost:12340 to your smtpd_recipient_restrictions in your postfix config.
+      '';
+    };
+    quotaGlobalPerUser = mkOption {
+      type = types.str;
+      default = "100G";
+      example = "10G";
+      description = "Quota limit for the user in bytes. Supports suffixes b, k, M, G, T and %.";
+    };
+
   };
 
 
@@ -214,11 +313,19 @@ in
            uid = config.ids.uids.dovecot2;
            description = "Dovecot user";
            group = cfg.group;
+         }
+      ++ optional cfg.createMailUser
+         { name = cfg.mailUser;
+           description = "Virtual Mail User";
+           group = cfg.mailGroup;
          };
 
     users.extraGroups = optional (cfg.group == "dovecot2")
       { name = "dovecot2";
         gid = config.ids.gids.dovecot2;
+      }
+    ++ optional cfg.createMailUser
+      { name = cfg.mailGroup;
       };
 
     environment.etc."dovecot/modules".source = modulesDir;

diff --git a/nixos/modules/services/misc/geoip-updater.nix b/nixos/modules/services/misc/geoip-updater.nix
@@ -238,15 +238,15 @@ in
 
     assertions = [
       { assertion = (builtins.filter
-          (x: builtins.match ".*\.(gz|xz)$" x == null) cfg.databases) == [];
+          (x: builtins.match ".*\\.(gz|xz)$" x == null) cfg.databases) == [];
         message = ''
           services.geoip-updater.databases supports only .gz and .xz databases.
 
           Current value:
           ${toString cfg.databases}
 
           Offending element(s):
-          ${toString (builtins.filter (x: builtins.match ".*\.(gz|xz)$" x == null) cfg.databases)};
+          ${toString (builtins.filter (x: builtins.match ".*\\.(gz|xz)$" x == null) cfg.databases)};
         '';
       }
     ];

diff --git a/nixos/modules/services/networking/namecoind.nix b/nixos/modules/services/networking/namecoind.nix
@@ -173,7 +173,7 @@ in
 
       serviceConfig = {
         User  = "namecoin";
-        Griup = "namecoin";
+        Group = "namecoin";
         ExecStart  = "${pkgs.altcoins.namecoind}/bin/namecoind -conf=${configFile} -datadir=${dataDir} -printtoconsole";
         ExecStop   = "${pkgs.coreutils}/bin/kill -KILL $MAINPID";
         ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";

diff --git a/nixos/modules/services/networking/supplicant.nix b/nixos/modules/services/networking/supplicant.nix
@@ -181,18 +181,19 @@ in
 
       default = { };
 
-      example = {
-        "wlan0 wlan1" = {
-          configFile = "/etc/wpa_supplicant";
-          userControlled.group = "network";
-          extraConf = ''
-            ap_scan=1
-            p2p_disabled=1
-          '';
-          extraCmdArgs = "-u -W";
-          bridge = "br0";
-        };
-      };
+      example = literalExample ''
+        { "wlan0 wlan1" = {
+            configFile = "/etc/wpa_supplicant";
+            userControlled.group = "network";
+            extraConf = '''
+              ap_scan=1
+              p2p_disabled=1
+            ''';
+            extraCmdArgs = "-u -W";
+            bridge = "br0";
+          };
+        }
+      '';
 
       description = ''
         Interfaces for which to start <command>wpa_supplicant</command>.

diff --git a/nixos/modules/services/security/tor.nix b/nixos/modules/services/security/tor.nix
@@ -17,7 +17,7 @@ let
       GeoIPv6File ${pkgs.tor.geoip}/share/tor/geoip6
     ''}
 
-    ${optint "ControlPort" (toString cfg.controlPort)}
+    ${optint "ControlPort" cfg.controlPort}
   ''
   # Client connection config
   + optionalString cfg.client.enable  ''

diff --git a/nixos/modules/tasks/filesystems/zfs.nix b/nixos/modules/tasks/filesystems/zfs.nix
@@ -24,7 +24,11 @@ let
 
   kernel = config.boot.kernelPackages;
 
-  packages = {
+  packages = if config.boot.zfs.enableUnstable then {
+    spl = kernel.splUnstable;
+    zfs = kernel.zfsUnstable;
+    zfsUser = pkgs.zfsUnstable;
+  } else {
     spl = kernel.spl;
     zfs = kernel.zfs;
     zfsUser = pkgs.zfs;
@@ -58,6 +62,19 @@ in
 
   options = {
     boot.zfs = {
+      enableUnstable = mkOption {
+        type = types.bool;
+        default = false;
+        description = ''
+          Use the unstable zfs package. This might be an option, if the latest
+          kernel is not yet supported by a published release of ZFS. Enabling
+          this option will install a development version of ZFS on Linux. The
+          version will have already passed an extensive test suite, but it is
+          more likely to hit an undiscovered bug compared to running a released
+          version of ZFS on Linux.
+          '';
+      };
+
       extraPools = mkOption {
         type = types.listOf types.str;
         default = [];

diff --git a/nixos/modules/virtualisation/google-compute-image.nix b/nixos/modules/virtualisation/google-compute-image.nix
@@ -117,7 +117,7 @@ in
     before = ["sshd.service"];
     wants = ["local-fs.target" "network-online.target" "network.target"];
     wantedBy = [ "sshd.service" "multi-user.target" ];
-    path = with pkgs; [ ethtool ];
+    path = with pkgs; [ ethtool openssh ];
     serviceConfig = {
       ExecStart = "${gce}/bin/google_instance_setup --debug";
       Type = "oneshot";

diff --git a/nixos/release.nix b/nixos/release.nix
@@ -214,6 +214,7 @@ in rec {
   # Run the tests for each platform.  You can run a test by doing
   # e.g. ‘nix-build -A tests.login.x86_64-linux’, or equivalently,
   # ‘nix-build tests/login.nix -A result’.
+  tests.acme = callTest tests/acme.nix {};
   tests.avahi = callTest tests/avahi.nix {};
   tests.bittorrent = callTest tests/bittorrent.nix {};
   tests.blivet = callTest tests/blivet.nix {};