2007-03-30 14:55:09 +02:00
|
|
|
{config, pkgs, upstartJobs, systemPath, wrapperDir, defaultShell, extraEtc}:
|
2006-12-11 16:32:10 +01:00
|
|
|
|
2007-01-16 17:09:43 +01:00
|
|
|
let
|
|
|
|
|
2007-06-10 22:02:07 +02:00
|
|
|
|
2007-01-16 17:09:43 +01:00
|
|
|
optional = option: file:
|
|
|
|
if config.get option then [file] else [];
|
|
|
|
|
2007-06-10 22:02:07 +02:00
|
|
|
|
|
|
|
# !!! ugh, these files shouldn't be created here.
|
|
|
|
|
|
|
|
|
2007-01-30 15:58:04 +01:00
|
|
|
envConf = pkgs.writeText "environment" "
|
2007-02-06 11:17:13 +01:00
|
|
|
PATH=${systemPath}/bin:${systemPath}/sbin:${pkgs.openssh}/bin
|
2007-03-01 16:31:05 +01:00
|
|
|
NIX_REMOTE=daemon
|
2007-06-10 22:02:07 +02:00
|
|
|
" /* ${pkgs.openssh}/bin is a hack to get remote scp to work */;
|
|
|
|
|
|
|
|
|
|
|
|
# Don't indent this file!
|
|
|
|
pamConsoleHandlers = pkgs.writeText "console.handlers" "
|
|
|
|
console consoledevs /dev/tty[0-9][0-9]* :[0-9]\.[0-9] :[0-9]
|
|
|
|
${pkgs.pam_console}/sbin/pam_console_apply lock logfail wait -t tty -s -c ${pamConsolePerms}
|
|
|
|
${pkgs.pam_console}/sbin/pam_console_apply unlock logfail wait -r -t tty -s -c ${pamConsolePerms}
|
|
|
|
";
|
|
|
|
|
|
|
|
pamConsolePerms = ./security/console.perms;
|
|
|
|
|
2007-01-26 16:32:49 +01:00
|
|
|
|
2007-01-16 17:09:43 +01:00
|
|
|
in
|
2007-06-10 22:02:07 +02:00
|
|
|
|
2007-01-16 17:09:43 +01:00
|
|
|
|
2006-12-11 16:32:10 +01:00
|
|
|
import ../helpers/make-etc.nix {
|
|
|
|
inherit (pkgs) stdenv;
|
|
|
|
|
|
|
|
configFiles = [
|
|
|
|
|
|
|
|
{ # TCP/UDP port assignments.
|
|
|
|
source = pkgs.iana_etc + "/etc/services";
|
|
|
|
target = "services";
|
|
|
|
}
|
|
|
|
|
|
|
|
{ # IP protocol numbers.
|
|
|
|
source = pkgs.iana_etc + "/etc/protocols";
|
|
|
|
target = "protocols";
|
|
|
|
}
|
|
|
|
|
|
|
|
{ # Hostname-to-IP mappings.
|
2007-03-30 14:59:43 +02:00
|
|
|
source = ./hosts;
|
2006-12-11 16:32:10 +01:00
|
|
|
target = "hosts";
|
|
|
|
}
|
|
|
|
|
|
|
|
{ # Name Service Switch configuration file. Required by the C library.
|
2007-03-30 14:59:43 +02:00
|
|
|
source = ./nsswitch.conf;
|
2006-12-11 16:32:10 +01:00
|
|
|
target = "nsswitch.conf";
|
|
|
|
}
|
|
|
|
|
|
|
|
{ # Configuration file for the system logging daemon.
|
2007-03-30 14:59:43 +02:00
|
|
|
source = ./syslog.conf;
|
2006-12-11 16:32:10 +01:00
|
|
|
target = "syslog.conf";
|
|
|
|
}
|
|
|
|
|
|
|
|
{ # Friendly greeting on the virtual consoles.
|
2007-03-30 14:59:43 +02:00
|
|
|
source = ./issue;
|
2006-12-11 16:32:10 +01:00
|
|
|
target = "issue";
|
|
|
|
}
|
|
|
|
|
|
|
|
{ # Configuration for pwdutils (login, passwd, useradd, etc.).
|
|
|
|
# You cannot login without it!
|
2007-03-30 14:59:43 +02:00
|
|
|
source = ./login.defs;
|
2006-12-11 16:32:10 +01:00
|
|
|
target = "login.defs";
|
|
|
|
}
|
|
|
|
|
|
|
|
{ # The Upstart events defined above.
|
|
|
|
source = upstartJobs + "/etc/event.d";
|
|
|
|
target = "event.d";
|
|
|
|
}
|
|
|
|
|
|
|
|
{ # Configuration for passwd and friends (e.g., hash algorithm
|
|
|
|
# for /etc/passwd).
|
2007-03-30 14:59:43 +02:00
|
|
|
source = ./default/passwd;
|
2006-12-11 16:32:10 +01:00
|
|
|
target = "default/passwd";
|
|
|
|
}
|
|
|
|
|
2007-03-20 14:30:14 +01:00
|
|
|
{ # Configuration for useradd.
|
|
|
|
source = pkgs.substituteAll {
|
2007-03-30 14:59:43 +02:00
|
|
|
src = ./default/useradd;
|
2007-03-20 14:30:14 +01:00
|
|
|
inherit defaultShell;
|
|
|
|
};
|
|
|
|
target = "default/useradd";
|
|
|
|
}
|
|
|
|
|
2006-12-22 18:28:25 +01:00
|
|
|
{ # Dhclient hooks for emitting ip-up/ip-down events.
|
|
|
|
source = pkgs.substituteAll {
|
2007-03-30 14:59:43 +02:00
|
|
|
src = ./dhclient-exit-hooks;
|
2007-01-23 11:22:00 +01:00
|
|
|
inherit (pkgs) upstart glibc;
|
2006-12-22 18:28:25 +01:00
|
|
|
};
|
|
|
|
target = "dhclient-exit-hooks";
|
|
|
|
}
|
2007-01-15 15:43:56 +01:00
|
|
|
|
|
|
|
{ # Script executed when the shell starts.
|
|
|
|
source = pkgs.substituteAll {
|
2007-03-30 14:59:43 +02:00
|
|
|
src = ./profile.sh;
|
2007-01-15 15:43:56 +01:00
|
|
|
inherit systemPath wrapperDir;
|
2007-03-29 19:46:36 +02:00
|
|
|
inherit (pkgs) kernel glibc;
|
2007-01-17 13:33:23 +01:00
|
|
|
timeZone = config.get ["time" "timeZone"];
|
2007-04-04 15:47:54 +02:00
|
|
|
defaultLocale = config.get ["i18n" "defaultLocale"];
|
2007-01-15 15:43:56 +01:00
|
|
|
};
|
|
|
|
target = "profile";
|
|
|
|
}
|
2007-01-16 17:09:43 +01:00
|
|
|
|
2007-05-02 11:55:35 +02:00
|
|
|
{ # Configuration for readline in bash.
|
|
|
|
source = ./inputrc;
|
|
|
|
target = "inputrc";
|
|
|
|
}
|
|
|
|
|
2006-12-11 16:32:10 +01:00
|
|
|
]
|
|
|
|
|
2007-01-22 17:42:29 +01:00
|
|
|
# Configuration file for fontconfig used to locate
|
|
|
|
# (X11) client-rendered fonts.
|
|
|
|
++ (optional ["fonts" "enableFontConfig"] {
|
|
|
|
source = pkgs.runCommand "fonts.conf"
|
|
|
|
{
|
2007-09-25 21:00:20 +02:00
|
|
|
fontDirectories = import ../system/fonts.nix {inherit pkgs config;};
|
2007-01-22 17:42:29 +01:00
|
|
|
buildInputs = [pkgs.libxslt];
|
|
|
|
inherit (pkgs) fontconfig;
|
|
|
|
}
|
|
|
|
"xsltproc --stringparam fontDirectories \"$fontDirectories\" \\
|
2007-03-30 14:59:43 +02:00
|
|
|
${./fonts/make-fonts-conf.xsl} $fontconfig/etc/fonts/fonts.conf \\
|
2007-01-22 17:42:29 +01:00
|
|
|
> $out
|
|
|
|
";
|
|
|
|
target = "fonts/fonts.conf";
|
|
|
|
})
|
|
|
|
|
2007-01-16 17:09:43 +01:00
|
|
|
# LDAP configuration.
|
|
|
|
++ (optional ["users" "ldap" "enable"] {
|
2007-04-10 16:10:45 +02:00
|
|
|
source = import ./ldap.conf.nix {
|
2007-01-16 17:09:43 +01:00
|
|
|
inherit (pkgs) writeText;
|
|
|
|
inherit config;
|
|
|
|
};
|
|
|
|
target = "ldap.conf";
|
|
|
|
})
|
|
|
|
|
2007-08-16 17:09:06 +02:00
|
|
|
# "sudo" configuration.
|
|
|
|
++ (optional ["security" "sudo" "enable"] {
|
|
|
|
source = pkgs.runCommand "sudoers"
|
|
|
|
{ src = pkgs.writeText "sudoers-in" (config.get ["security" "sudo" "configFile"]);
|
|
|
|
}
|
|
|
|
# Make sure that the sudoers file is syntactically valid.
|
|
|
|
"${pkgs.sudo}/sbin/visudo -f $src -c && cp $src $out";
|
|
|
|
target = "sudoers";
|
|
|
|
mode = "0440";
|
|
|
|
})
|
|
|
|
|
2006-12-11 16:32:10 +01:00
|
|
|
# A bunch of PAM configuration files for various programs.
|
|
|
|
++ (map
|
|
|
|
(program:
|
2007-06-10 22:02:07 +02:00
|
|
|
let isLDAPEnabled = config.get ["users" "ldap" "enable"]; in
|
2006-12-11 16:32:10 +01:00
|
|
|
{ source = pkgs.substituteAll {
|
2007-03-30 14:59:43 +02:00
|
|
|
src = ./pam.d + ("/" + program);
|
2007-06-10 22:02:07 +02:00
|
|
|
inherit (pkgs) pam_unix2 pam_console;
|
2007-01-16 17:09:43 +01:00
|
|
|
pam_ldap =
|
2007-06-10 22:02:07 +02:00
|
|
|
if isLDAPEnabled
|
2007-01-16 17:09:43 +01:00
|
|
|
then pkgs.pam_ldap
|
|
|
|
else "/no-such-path";
|
2007-01-16 23:25:28 +01:00
|
|
|
inherit (pkgs.xorg) xauth;
|
2007-06-10 22:02:07 +02:00
|
|
|
inherit envConf pamConsoleHandlers;
|
|
|
|
isLDAPEnabled = if isLDAPEnabled then "" else "#";
|
2006-12-11 16:32:10 +01:00
|
|
|
};
|
|
|
|
target = "pam.d/" + program;
|
|
|
|
}
|
|
|
|
)
|
|
|
|
[
|
|
|
|
"login"
|
2007-06-05 13:28:18 +02:00
|
|
|
"slim"
|
2007-01-11 16:32:48 +01:00
|
|
|
"su"
|
2007-07-09 13:21:04 +02:00
|
|
|
"sudo"
|
2006-12-16 22:48:12 +01:00
|
|
|
"other"
|
2006-12-11 16:32:10 +01:00
|
|
|
"passwd"
|
2006-12-16 22:48:12 +01:00
|
|
|
"shadow"
|
|
|
|
"sshd"
|
2006-12-11 16:32:10 +01:00
|
|
|
"useradd"
|
2007-02-26 22:18:13 +01:00
|
|
|
"chsh"
|
2007-01-30 16:03:43 +01:00
|
|
|
"common"
|
2007-06-10 22:02:07 +02:00
|
|
|
"common-console" # shared stuff for interactive local sessions
|
2006-12-11 16:32:10 +01:00
|
|
|
]
|
2007-03-30 14:55:09 +02:00
|
|
|
)
|
|
|
|
|
|
|
|
# Additional /etc files declared by Upstart jobs.
|
|
|
|
++ extraEtc;
|
|
|
|
|
2007-02-26 22:18:13 +01:00
|
|
|
}
|