Merge branch 'master' into staging

Nontrivial rebuilds from master, again :-/

lib/maintainers.nix

@@ -204,6 +204,7 @@
   havvy = "Ryan Scheel <ryan.havvy@gmail.com>";
   hbunke = "Hendrik Bunke <bunke.hendrik@gmail.com>";
   hce = "Hans-Christian Esperer <hc@hcesperer.org>";
+  heel = "Sergii Paryzhskyi <parizhskiy@gmail.com>";
   henrytill = "Henry Till <henrytill@gmail.com>";
   hinton = "Tom Hinton <t@larkery.com>";
   hrdinka = "Christoph Hrdinka <c.nix@hrdinka.at>";

nixos/modules/installer/cd-dvd/iso-image.nix

@@ -172,7 +172,6 @@ in
 
     isoImage.includeSystemBuildDependencies = mkOption {
       default = false;
-      example = true;
       description = ''
         Set this option to include all the needed sources etc in the
         image. It significantly increases image size. Use that when

nixos/modules/module-list.nix

@@ -273,6 +273,7 @@
   ./services/misc/gogs.nix
   ./services/misc/gpsd.nix
   #./services/misc/ihaskell.nix
+  ./services/misc/irkerd.nix
   ./services/misc/leaps.nix
   ./services/misc/mantisbt.nix
   ./services/misc/mathics.nix
@@ -334,6 +335,7 @@
   ./services/monitoring/prometheus/nginx-exporter.nix
   ./services/monitoring/prometheus/node-exporter.nix
   ./services/monitoring/prometheus/snmp-exporter.nix
+  ./services/monitoring/prometheus/unifi-exporter.nix
   ./services/monitoring/prometheus/varnish-exporter.nix
   ./services/monitoring/riemann.nix
   ./services/monitoring/riemann-dash.nix

nixos/modules/programs/adb.nix

@@ -10,7 +10,6 @@ with lib;
     programs.adb = {
       enable = mkOption {
         default = false;
-        example = true;
         type = types.bool;
         description = ''
           Whether to configure system to use Android Debug Bridge (adb).

nixos/modules/programs/gphoto2.nix

@@ -10,7 +10,6 @@ with lib;
     programs.gphoto2 = {
       enable = mkOption {
         default = false;
-        example = true;
         type = types.bool;
         description = ''
           Whether to configure system to use gphoto2.

nixos/modules/programs/mosh.nix

@@ -14,7 +14,6 @@ in
         Whether to enable mosh. Note, this will open ports in your firewall!
       '';
       default = false;
-      example = true;
       type = lib.types.bool;
     };
   };

nixos/modules/programs/ssmtp.nix

@@ -22,7 +22,6 @@ in
       directDelivery = mkOption {
         type = types.bool;
         default = false;
-        example = true;
         description = ''
           Use the trivial Mail Transfer Agent (MTA)
           <command>ssmtp</command> package to allow programs to send
@@ -65,7 +64,6 @@ in
       useTLS = mkOption {
         type = types.bool;
         default = false;
-        example = true;
         description = ''
           Whether TLS should be used to connect to the default mail
           server.
@@ -75,7 +73,6 @@ in
       useSTARTTLS = mkOption {
         type = types.bool;
         default = false;
-        example = true;
         description = ''
           Whether the STARTTLS should be used to connect to the default
           mail server.  (This is needed for TLS-capable mail servers

nixos/modules/programs/tmux.nix

@@ -65,7 +65,6 @@ in {
 
       aggressiveResize = mkOption {
         default = false;
-        example = true;
         type = types.bool;
         description = ''
           Resize the window to the size of the smallest session for which it is the current window.
@@ -81,14 +80,12 @@ in {
 
       clock24 = mkOption {
         default = false;
-        example = true;
         type = types.bool;
         description = "Use 24 hour clock.";
       };
 
       customPaneNavigationAndResize = mkOption {
         default = false;
-        example = true;
         type = types.bool;
         description = "Override the hjkl and HJKL bindings for pane navigation and resizing in VI mode.";
       };
@@ -124,14 +121,12 @@ in {
 
       newSession = mkOption {
         default = false;
-        example = true;
         type = types.bool;
         description = "Automatically spawn a session if trying to attach and none are running.";
       };
 
       reverseSplit = mkOption {
         default = false;
-        example = true;
         type = types.bool;
         description = "Reverse the window split shortcuts.";
       };

nixos/modules/programs/vim.nix

@@ -9,7 +9,6 @@ in {
     defaultEditor = mkOption {
       type = types.bool;
       default = false;
-      example = true;
       description = ''
         When enabled, installs vim and configures vim to be the default editor
         using the EDITOR environment variable.

nixos/modules/security/dhparams.nix

@@ -19,6 +19,12 @@ in
             Note: The name of the DH params is taken as being the name of the
             service it serves: the params will be generated before the said
             service is started.
+
+            Warning: If you are removing all dhparams from this list, you have
+            to leave security.dhparams.enable for at least one activation in
+            order to have them be cleaned up. This also means if you rollback to
+            a version without any dhparams the existing ones won't be cleaned
+            up.
           '';
         type = with types; attrsOf int;
         default = {};
@@ -34,57 +40,68 @@ in
         type = types.str;
         default = "/var/lib/dhparams";
       };
+
+      enable = mkOption {
+        description =
+          ''
+            Whether to generate new DH params and clean up old DH params.
+          '';
+        default = false;
+        type = types.bool;
+      };
     };
   };
 
-  config.systemd.services = {
-    dhparams-init = {
-      description = "Cleanup old Diffie-Hellman parameters";
-      wantedBy = [ "multi-user.target" ]; # Clean up even when no DH params is set
-      serviceConfig.Type = "oneshot";
-      script =
-        # Create directory
-        ''
-          if [ ! -d ${cfg.path} ]; then
-            mkdir -p ${cfg.path}
-          fi
-        '' +
-        # Remove old dhparams
-        ''
-          for file in ${cfg.path}/*; do
-            if [ ! -f "$file" ]; then
-              continue
-            fi
-        '' + concatStrings (mapAttrsToList (name: value:
-        ''
-            if [ "$file" == "${cfg.path}/${name}.pem" ] && \
-                ${pkgs.openssl}/bin/openssl dhparam -in "$file" -text | head -n 1 | grep "(${toString value} bit)" > /dev/null; then
-              continue
+  config = mkIf cfg.enable {
+    systemd.services = {
+      dhparams-init = {
+        description = "Cleanup old Diffie-Hellman parameters";
+        wantedBy = [ "multi-user.target" ]; # Clean up even when no DH params is set
+        serviceConfig.Type = "oneshot";
+        script =
+          # Create directory
+          ''
+            if [ ! -d ${cfg.path} ]; then
+              mkdir -p ${cfg.path}
             fi
-        ''
-        ) cfg.params) +
-        ''
-            rm $file
-          done
+          '' +
+          # Remove old dhparams
+          ''
+            for file in ${cfg.path}/*; do
+              if [ ! -f "$file" ]; then
+                continue
+              fi
+          '' + concatStrings (mapAttrsToList (name: value:
+          ''
+              if [ "$file" == "${cfg.path}/${name}.pem" ] && \
+                  ${pkgs.openssl}/bin/openssl dhparam -in "$file" -text | head -n 1 | grep "(${toString value} bit)" > /dev/null; then
+                continue
+              fi
+          ''
+          ) cfg.params) +
+          ''
+              rm $file
+            done
 
-          # TODO: Ideally this would be removing the *former* cfg.path, though this
-          # does not seem really important
-          rmdir -p --ignore-fail-on-non-empty ${cfg.path}
-        '';
-    };
-  } //
-    mapAttrs' (name: value: nameValuePair "dhparams-gen-${name}" {
-      description = "Generate Diffie-Hellman parameters for ${name} if they don't exist yet";
-      after = [ "dhparams-init.service" ];
-      before = [ "${name}.service" ];
-      wantedBy = [ "multi-user.target" ];
-      serviceConfig.Type = "oneshot";
-      script =
-        ''
-          mkdir -p ${cfg.path}
-          if [ ! -f ${cfg.path}/${name}.pem ]; then
-            ${pkgs.openssl}/bin/openssl dhparam -out ${cfg.path}/${name}.pem ${toString value}
-          fi
-        '';
-    }) cfg.params;
+            # TODO: Ideally this would be removing the *former* cfg.path, though this
+            # does not seem really important as changes to it are quite unlikely
+            rmdir --ignore-fail-on-non-empty ${cfg.path}
+          '';
+      };
+    } //
+      mapAttrs' (name: value: nameValuePair "dhparams-gen-${name}" {
+        description = "Generate Diffie-Hellman parameters for ${name} if they don't exist yet";
+        after = [ "dhparams-init.service" ];
+        before = [ "${name}.service" ];
+        wantedBy = [ "multi-user.target" ];
+        serviceConfig.Type = "oneshot";
+        script =
+          ''
+            mkdir -p ${cfg.path}
+            if [ ! -f ${cfg.path}/${name}.pem ]; then
+              ${pkgs.openssl}/bin/openssl dhparam -out ${cfg.path}/${name}.pem ${toString value}
+            fi
+          '';
+      }) cfg.params;
+  };
 }

nixos/modules/security/grsecurity.nix

@@ -21,7 +21,6 @@ in
 
     enable = mkOption {
       type = types.bool;
-      example = true;
       default = false;
       description = ''
         Enable grsecurity/PaX.
@@ -30,7 +29,6 @@ in
 
     lockTunables = mkOption {
       type = types.bool;
-      example = false;
       default = true;
       description = ''
         Whether to automatically lock grsecurity tunables
@@ -43,7 +41,6 @@ in
 
     disableEfiRuntimeServices = mkOption {
       type = types.bool;
-      example = false;
       default = true;
       description = ''
         Whether to disable access to EFI runtime services.  Enabling EFI runtime

nixos/modules/services/backup/rsnapshot.nix

@@ -26,7 +26,6 @@ in
       enableManualRsnapshot = mkOption {
         description = "Whether to enable manual usage of the rsnapshot command with this module.";
         default = true;
-        example = false;
         type = types.bool;
       };
 

nixos/modules/services/computing/boinc/client.nix

@@ -12,7 +12,6 @@ in
       enable = mkOption {
         type = types.bool;
         default = false;
-        example = true;
         description = ''
           Whether to enable the BOINC distributed computing client. If this
           option is set to true, the boinc_client daemon will be run as a
@@ -41,7 +40,6 @@ in
       allowRemoteGuiRpc = mkOption {
         type = types.bool;
         default = false;
-        example = true;
         description = ''
           If set to true, any remote host can connect to and control this BOINC
           client (subject to password authentication). If instead set to false,

nixos/modules/services/databases/cassandra.nix

@@ -310,7 +310,6 @@ in {
     autoBootstrap = mkOption {
       description = "It makes new (non-seed) nodes automatically migrate the right data to themselves.";
       default = true;
-      example = true;
       type = types.bool;
     };
     streamingSocketTimoutInMS = mkOption {

nixos/modules/services/databases/couchdb.nix

@@ -4,20 +4,29 @@ with lib;
 
 let
   cfg = config.services.couchdb;
-  configFile = pkgs.writeText "couchdb.ini"
+  useVersion2 = strings.versionAtLeast (strings.getVersion cfg.package) "2.0";
+  configFile = pkgs.writeText "couchdb.ini" (
     ''
       [couchdb]
       database_dir = ${cfg.databaseDir}
       uri_file = ${cfg.uriFile}
       view_index_dir = ${cfg.viewIndexDir}
-
+    '' + (if useVersion2 then
+    ''
+      [chttpd]
+    '' else
+    ''
       [httpd]
+    '') +
+    ''
       port = ${toString cfg.port}
       bind_address = ${cfg.bindAddress}
 
       [log]
       file = ${cfg.logFile}
-    '';
+    '');
+  executable = if useVersion2 then "${cfg.package}/bin/couchdb"
+    else ''${cfg.package}/bin/couchdb -a ${configFile} -a ${pkgs.writeText "couchdb-extra.ini" cfg.extraConfig} -a ${cfg.configFile}'';
 
 in {
 
@@ -130,7 +139,6 @@ in {
 
       configFile = mkOption {
         type = types.string;
-        default = "/var/lib/couchdb/couchdb.ini";
         description = ''
           Configuration file for persisting runtime changes. File
           needs to be readable and writable from couchdb user/group.
@@ -147,6 +155,9 @@ in {
 
     environment.systemPackages = [ cfg.package ];
 
+    services.couchdb.configFile = mkDefault
+      (if useVersion2 then "/var/lib/couchdb/local.ini" else "/var/lib/couchdb/couchdb.ini");
+
     systemd.services.couchdb = {
       description = "CouchDB Server";
       wantedBy = [ "multi-user.target" ];
@@ -170,11 +181,20 @@ in {
         fi
         '';
 
+      environment = mkIf useVersion2 {
+        # we are actually specifying 4 configuration files:
+        # 1. the preinstalled default.ini
+        # 2. the module configuration
+        # 3. the extraConfig from the module options
+        # 4. the locally writable config file, which couchdb itself writes to
+        ERL_FLAGS= ''-couch_ini ${cfg.package}/etc/default.ini ${configFile} ${pkgs.writeText "couchdb-extra.ini" cfg.extraConfig} ${cfg.configFile}'';
+      };
+
       serviceConfig = {
         PermissionsStartOnly = true;
         User = cfg.user;
         Group = cfg.group;
-        ExecStart = "${cfg.package}/bin/couchdb -a ${configFile} -a ${pkgs.writeText "couchdb-extra.ini" cfg.extraConfig} -a ${cfg.configFile}";
+        ExecStart = executable;
       };
     };
 

nixos/modules/services/databases/neo4j.nix

@@ -130,6 +130,7 @@ in {
         ExecStart = "${cfg.package}/bin/neo4j console";
         User = "neo4j";
         PermissionsStartOnly = true;
+        LimitNOFILE = 40000;
       };
       preStart = ''
         mkdir -m 0700 -p ${cfg.dataDir}/{data/graph.db,conf,logs}