Merge master into staging-next

7 files changed, 39 insertions, 44 deletions

diff --git a/nixos/modules/installer/cd-dvd/installation-cd-graphical-kde.nix b/nixos/modules/installer/cd-dvd/installation-cd-graphical-kde.nix
index 2536ba73a1dea..559899b0a3b15 100644
--- a/nixos/modules/installer/cd-dvd/installation-cd-graphical-kde.nix
+++ b/nixos/modules/installer/cd-dvd/installation-cd-graphical-kde.nix
@@ -13,9 +13,6 @@ with lib;
       enable = true;
       enableQt4Support = false;
     };
-
-    # Enable touchpad support for many laptops.
-    synaptics.enable = true;
   };
 
   environment.systemPackages = with pkgs; [
diff --git a/nixos/modules/services/desktops/gnome3/chrome-gnome-shell.nix b/nixos/modules/services/desktops/gnome3/chrome-gnome-shell.nix
index 2740a22c7ca0d..3d2b3ed85e3a3 100644
--- a/nixos/modules/services/desktops/gnome3/chrome-gnome-shell.nix
+++ b/nixos/modules/services/desktops/gnome3/chrome-gnome-shell.nix
@@ -23,5 +23,7 @@ with lib;
     environment.systemPackages = [ pkgs.chrome-gnome-shell ];
 
     services.dbus.packages = [ pkgs.chrome-gnome-shell ];
+
+    nixpkgs.config.firefox.enableGnomeExtensions = true;
   };
 }
diff --git a/nixos/modules/services/networking/iwd.nix b/nixos/modules/services/networking/iwd.nix
index 18ed20e288863..839fa48d9a423 100644
--- a/nixos/modules/services/networking/iwd.nix
+++ b/nixos/modules/services/networking/iwd.nix
@@ -26,6 +26,7 @@ in {
 
     systemd.tmpfiles.rules = [
       "d /var/lib/iwd 0700 root root -"
+      "d /var/lib/ead 0700 root root -"
     ];
   };
 
diff --git a/nixos/modules/services/x11/desktop-managers/gnome3.nix b/nixos/modules/services/x11/desktop-managers/gnome3.nix
index 09095294fb5f8..a21d22261ba30 100644
--- a/nixos/modules/services/x11/desktop-managers/gnome3.nix
+++ b/nixos/modules/services/x11/desktop-managers/gnome3.nix
@@ -227,6 +227,7 @@ in
 
     (mkIf serviceCfg.core-shell.enable {
       services.colord.enable = mkDefault true;
+      services.gnome3.chrome-gnome-shell.enable = mkDefault true;
       services.gnome3.glib-networking.enable = true;
       services.gnome3.gnome-remote-desktop.enable = mkDefault true;
       services.gnome3.gnome-settings-daemon.enable = true;
diff --git a/nixos/modules/services/x11/desktop-managers/plasma5.nix b/nixos/modules/services/x11/desktop-managers/plasma5.nix
index 862f6431b812d..b10755df4dc26 100644
--- a/nixos/modules/services/x11/desktop-managers/plasma5.nix
+++ b/nixos/modules/services/x11/desktop-managers/plasma5.nix
@@ -211,6 +211,7 @@ in
       services.udisks2.enable = true;
       services.upower.enable = config.powerManagement.enable;
       services.system-config-printer.enable = (mkIf config.services.printing.enable (mkDefault true));
+      services.xserver.libinput.enable = mkDefault true;
 
       # Extra UDEV rules used by Solid
       services.udev.packages = [
diff --git a/nixos/modules/services/x11/display-managers/lightdm.nix b/nixos/modules/services/x11/display-managers/lightdm.nix
index 956c95e48220d..c26a5b6153535 100644
--- a/nixos/modules/services/x11/display-managers/lightdm.nix
+++ b/nixos/modules/services/x11/display-managers/lightdm.nix
@@ -232,36 +232,41 @@ in
     # Enable the accounts daemon to find lightdm's dbus interface
     environment.systemPackages = [ lightdm ];
 
-    security.pam.services.lightdm = {
-      allowNullPassword = true;
-      startSession = true;
-    };
-    security.pam.services.lightdm-greeter = {
-      allowNullPassword = true;
-      startSession = true;
-      text = ''
-        auth     required pam_env.so envfile=${config.system.build.pamEnvironment}
-        auth     required pam_permit.so
+    security.pam.services.lightdm.text = ''
+        auth      substack      login
+        account   include       login
+        password  substack      login
+        session   include       login
+    '';
 
-        account  required pam_permit.so
+    security.pam.services.lightdm-greeter.text = ''
+        auth     required       pam_succeed_if.so audit quiet_success user = lightdm
+        auth     optional       pam_permit.so
 
-        password required pam_deny.so
+        account  required       pam_succeed_if.so audit quiet_success user = lightdm
+        account  sufficient     pam_unix.so
+
+        password required       pam_deny.so
+
+        session  required       pam_succeed_if.so audit quiet_success user = lightdm
+        session  required       pam_env.so envfile=${config.system.build.pamEnvironment}
+        session  optional       ${pkgs.systemd}/lib/security/pam_systemd.so
+        session  optional       pam_keyinit.so force revoke
+        session  optional       pam_permit.so
+    '';
 
-        session  required pam_env.so envfile=${config.system.build.pamEnvironment}
-        session  required pam_unix.so
-        session  optional ${pkgs.systemd}/lib/security/pam_systemd.so
-      '';
-    };
     security.pam.services.lightdm-autologin.text = ''
-        auth     requisite pam_nologin.so
-        auth     required  pam_succeed_if.so uid >= 1000 quiet
-        auth     required  pam_permit.so
+        auth      requisite     pam_nologin.so
+
+        auth      required      pam_succeed_if.so uid >= 1000 quiet
+        auth      required      pam_permit.so
 
-        account  include   lightdm
+        account   sufficient    pam_unix.so
 
-        password include   lightdm
+        password  requisite     pam_unix.so nullok sha512
 
-        session  include   lightdm
+        session   optional      pam_keyinit.so revoke
+        session   include       login
     '';
 
     users.users.lightdm = {
diff --git a/nixos/tests/virtualbox.nix b/nixos/tests/virtualbox.nix
index 844ce47d743fd..32637d2c1efe2 100644
--- a/nixos/tests/virtualbox.nix
+++ b/nixos/tests/virtualbox.nix
@@ -10,17 +10,10 @@
   # to run 32-bit guests.
   useKvmNestedVirt ? false,
   # Whether to run 64-bit guests instead of 32-bit. Requires nested KVM.
-  use64bitGuest ? false,
-  # Whether to enable the virtual UART in VirtualBox guests, allowing to see
-  # the guest console. There is currently a bug in VirtualBox where this will
-  # cause a crash if running with SW virtualization
-  # (https://www.virtualbox.org/ticket/18632). If you need to debug the tests
-  # then enable this and nested KVM to work around the crash (see above).
-  enableVBoxUART ? false
+  use64bitGuest ? false
 }:
 
 assert use64bitGuest -> useKvmNestedVirt;
-assert enableVBoxUART -> useKvmNestedVirt; # VirtualBox bug, see above
 
 with import ../lib/testing.nix { inherit system pkgs; };
 with pkgs.lib;
@@ -65,9 +58,6 @@ let
       "init=${pkgs.writeScript "mini-init.sh" miniInit}"
     ];
 
-    # XXX: Remove this once TSS location detection has been fixed in VirtualBox
-    boot.kernelPackages = pkgs.linuxPackages_4_9;
-
     fileSystems."/" = {
       device = "vboxshare";
       fsType = "vboxsf";
@@ -162,11 +152,9 @@ let
       "--register"
     ];
 
-    vmFlags = mkFlags (
-      (optionals enableVBoxUART [
-        "--uart1 0x3F8 4"
-        "--uartmode1 client /run/virtualbox-log-${name}.sock"
-      ]) ++ [
+    vmFlags = mkFlags ([
+      "--uart1 0x3F8 4"
+      "--uartmode1 client /run/virtualbox-log-${name}.sock"
       "--memory 768"
       "--audio none"
     ] ++ (attrs.vmFlags or []));
@@ -199,7 +187,7 @@ let
     ];
   in {
     machine = {
-      systemd.sockets."vboxtestlog-${name}" = mkIf enableVBoxUART {
+      systemd.sockets."vboxtestlog-${name}" = {
         description = "VirtualBox Test Machine Log Socket For ${name}";
         wantedBy = [ "sockets.target" ];
         before = [ "multi-user.target" ];
@@ -207,7 +195,7 @@ let
         socketConfig.Accept = true;
       };
 
-      systemd.services."vboxtestlog-${name}@" = mkIf enableVBoxUART {
+      systemd.services."vboxtestlog-${name}@" = {
         description = "VirtualBox Test Machine Log For ${name}";
         serviceConfig.StandardInput = "socket";
         serviceConfig.StandardOutput = "syslog";