Peter Simons
a7700202f2
Rename dovecot2 module to dovecot.
...
We no longer support more than one version.
2012-09-25 11:23:53 +02:00
Peter Simons
c1949c36e9
Merge pull request #31 from peti/master
...
Drop service for dovecot 1.x.
2012-09-24 07:31:04 -07:00
Peter Simons
97c74bf050
alsa.nix: initialize the sound card before restoring previously stored settings
...
The sound card in my ThinkPad won't work unless "init" is run explicitly.
2012-09-23 22:40:19 +02:00
Peter Simons
00e19c91e5
postfix: add option 'extraMasterConf' to extend the default master.cf file
2012-09-23 12:21:48 +02:00
Peter Simons
b8f09be5e0
Remove service for dovecot version 1.x.
2012-09-22 12:51:58 +02:00
Eelco Dolstra
0bd7bdfe0d
Merge branch 'master' of github.com:NixOS/nixos
2012-09-21 11:03:25 -04:00
Eelco Dolstra
600d43ba93
Drop xfce-4.6 compatibility
2012-09-21 11:03:07 -04:00
Peter Simons
4476b875fc
Add services.dovecot2.extraConfig option to configure arbitrary settings for which NixOS has no direct support.
2012-09-21 16:04:46 +02:00
Peter Simons
0573c7fcae
modules/services/mail/dovecot2.nix: update syntax for SSL config options
2012-09-21 12:29:36 +02:00
Peter Simons
155495deb2
modules/services/mail/dovecot2.nix: accept plain text authentication only over secure channels when TLS is available
...
Connects from 'localhost' are always considered secure.
2012-09-21 12:29:36 +02:00
Peter Simons
1da16a5ea1
modules/services/mail/dovecot2.nix: log via syslog instead of writing a separate file
2012-09-21 12:29:36 +02:00
Eelco Dolstra
d4af6edd5e
firewall.nix: Allow specifying trusted network interfaces
...
Trusted network interfaces (such as "lo") will accept any incoming
traffic.
2012-09-20 17:51:44 -04:00
Eelco Dolstra
1e666c10fa
Get rid of the last use of mkThenElse
2012-09-20 16:55:32 -04:00
Rickard Nilsson
0de3a0cff3
nscd-invalidate: Invalidate passwd and group databases also
...
I had some problems with LDAP user lookups not working properly
at boot. I found that invalidating passwd and group on the
ip-up event (when nscd-invalidate starts) helped a bit.
2012-09-19 14:30:55 +02:00
Eelco Dolstra
d12dd340b6
firewall.nix: Respect networking.enableIPv6 = false
...
Reported-by: Pablo Costa <modulistic@gmail.com>
2012-09-18 17:20:46 -04:00
Eelco Dolstra
aac6fe44b6
Merge branch 'master' of github.com:NixOS/nixos into systemd
2012-09-11 10:58:57 -04:00
Ludovic Courtès
f7530dc5ee
avahi: Never set host-name' to the empty string in
avahi-daemon.conf'.
2012-09-07 10:58:53 +02:00
Rob Vermaas
27880ed729
Change logstash job startOn attribute to include networking
2012-09-06 12:31:15 +02:00
Eelco Dolstra
e0e0e57c26
Fix the OpenVPN jobs
2012-08-30 21:11:36 -04:00
Mathijs Kwik
d106a8a296
logcheck: make sure directories are writable during merge phase
2012-08-29 22:59:28 +02:00
Peter Simons
51e58dafca
spamassassin: use a dedicated user for running spamd
2012-08-28 16:27:28 +02:00
Mathijs Kwik
2769f594f3
add logcheck module
2012-08-26 16:04:49 +02:00
Mathijs Kwik
05262ad35d
postfix: allow specifying 'virtual' mappings
...
mainly useful for having a few local addresses (me@host.domain.com ) while the majority of
addresses are on the domain (you@domain.com )
2012-08-24 00:27:07 +02:00
Eelco Dolstra
4c65a5d95c
Don't restart agetty
2012-08-23 11:13:33 -04:00
Eelco Dolstra
b02c488fde
Automatically append ".service" to the name of service units
2012-08-23 10:25:27 -04:00
Eelco Dolstra
c2da812bd0
Enable upower's systemd unit
2012-08-21 11:29:59 -04:00
Eelco Dolstra
08f14b33c1
Merge branch 'master' of github.com:NixOS/nixos into systemd
2012-08-20 11:27:38 -04:00
Eelco Dolstra
39ec043aea
Typo
2012-08-20 11:21:03 -04:00
Eelco Dolstra
cdc3604a7d
kdm: Do a poweroff, not a halt
2012-08-20 11:11:10 -04:00
Eelco Dolstra
ebb1781dfc
Fix KDE/kdm
2012-08-20 11:10:19 -04:00
Eelco Dolstra
1e5a2bca28
Remove HAL
...
It's obsolete and we no longer use it.
2012-08-17 14:45:43 -04:00
Eelco Dolstra
c60d6caee8
Rename xserver.service to display-manager.service
...
The latter is what graphical.target expects.
2012-08-17 14:43:41 -04:00
Eelco Dolstra
490ce3a230
PAM: Rename ownDevices to startSession
...
Logind sessions are more generally useful than for device ownership.
For instances, ssh logins can be put in their own session (and thus
their own cgroup).
2012-08-17 13:48:22 -04:00
Eelco Dolstra
676157f1e7
slim.nix: Remove the hideCursor option because it doesn't work
2012-08-17 13:42:52 -04:00
Eelco Dolstra
b91aa1599c
sshd.nix: Disable password logins for root by default
2012-08-17 13:32:23 -04:00
Eelco Dolstra
a44e575196
switch-to-configuration: Respect the ‘restartIfChanged’ attribute
2012-08-17 13:14:42 -04:00
Eelco Dolstra
7d958dcdd1
Drop Upstart references
2012-08-17 11:02:12 -04:00
Eelco Dolstra
f903a3dcc8
dhcpcd.nix: Add a reload action for rebinding interfaces
2012-08-17 11:01:07 -04:00
Eelco Dolstra
2ce5abaedf
acpid.nix: Fix dependencies
2012-08-17 11:00:33 -04:00
Eelco Dolstra
8e8bad96d4
alsa.nix: Add job description
2012-08-17 11:00:14 -04:00
Eelco Dolstra
0e3f03106f
postgresql.nix: Add an option for overriding the PostgreSQL package
2012-08-15 17:02:03 -04:00
Eelco Dolstra
d18c2afc6f
Add an ip-up target for services that require IP connectivity
2012-08-15 15:38:52 -04:00
Eelco Dolstra
c2b2a3369a
Fix dependencies of Apache and PostgreSQL
2012-08-14 18:15:37 -04:00
Eelco Dolstra
4475294f57
Fix a hang during shutdown
...
Subtle: dhcpcd.service would call resolvconf during shutdown, which in
turn would start invalidate-nscd.service, causing the shutdown to be
cancelled. Instead, give nscd.service a proper reload action, and do
"systemctl reload --no-block nscd.service". The --no-block is
necessary to prevent that command from waiting until a timeout occurs
(bug in systemd?).
2012-08-14 16:45:50 -04:00
Shea Levy
85997a6692
mingetty: Don't make restartIfChanged optional
2012-08-12 11:44:00 -04:00
aszlig
d809a9e6b2
mingetty: Option to not restart on service change.
...
This especially annoyed me whenver I was doing nixos-rebuild switch and getting
logged out on all consoles. With this there now is services.mingetty.dontRestart
for heavy VT users to deactivate this behaviour.
2012-08-12 13:50:50 +02:00
Eelco Dolstra
21da462ad5
Merge pull request #25 from shlevy/required-kernel-config
...
Required kernel config
2012-08-08 10:33:41 -07:00
Shea Levy
64d0069be3
udev requires unix sockets and inotify
2012-08-06 17:02:35 -04:00
Eelco Dolstra
23947c26a8
Revert accidental commit
2012-08-06 15:53:04 -04:00
Eelco Dolstra
b11c5d5991
nscd: Ensure that invalidate-nscd starts after nscd
2012-08-06 12:26:52 -04:00
Eelco Dolstra
9f9ae7c7e9
Share option definitions between the systemd and Upstart compatibility modules
2012-08-06 11:45:59 -04:00
Peter Simons
d13a3c741a
spamassassin: call daemon with complete path
2012-08-03 18:07:06 +02:00
Eelco Dolstra
d5d8acfacd
Assign uid/gid 54 to wwwrun
2012-08-03 11:05:25 -04:00
Eelco Dolstra
0a0c28f812
Revert "Add services.httpd.fixUidAndGid option to assign reliable numeric UID and GID for the Apache user."
...
This reverts commit 0ef085d58a
.
2012-08-03 10:52:53 -04:00
Peter Simons
0ef085d58a
Add services.httpd.fixUidAndGid option to assign reliable numeric UID and GID for the Apache user.
...
The option is disabled by default so that previously existing installations
aren't affected.
If you'd like to migrate to the fixed numeric id for Apache, set "fixUidAndGid
= true", edit the file "/etc/groups" and replace the old GID value with 54.
(NixOS can't do that for you because it refuses to change a GID that identifies
the primary group of a user.) Then run
find / -xdev -uid $oldUID -exec chown 54 {} +
find / -xdev -gid $oldGID -exec chgrp 54 {} +
to update ownership of all files that are supposed to be owned by Apache.
2012-08-03 16:39:55 +02:00
Eelco Dolstra
29f721ba54
Only create the Apache user/group if it's "wwwrun"
2012-08-03 09:35:06 -04:00
Peter Simons
1b249eaf05
Initial version of a SpamAssassin service.
...
The configuration is expected to be managed by the user in /etc/spamassassin.
2012-08-03 15:11:28 +02:00
Eelco Dolstra
d4fec178fd
Merge remote-tracking branch 'origin/master' into systemd
2012-08-02 13:44:16 -04:00
Eelco Dolstra
1fcef0a0e0
Don't use nixUnstable
2012-08-02 13:31:57 -04:00
Mathijs Kwik
52fd5ea6ca
gogoclient: setup config and dirs on service start, not on system activation
2012-07-31 20:07:05 +02:00
Eelco Dolstra
2678ff3726
Use /sys/fs/cgroup instead of /dev/cgroup
2012-07-30 13:49:18 -04:00
Eelco Dolstra
a559a2a606
mediawiki.nix: Use the right PHP build
2012-07-30 17:19:23 +02:00
Peter Simons
e988324534
Use a dedicated user ('named') for BIND instead of running the daemon as super user.
2012-07-27 00:08:41 +02:00
Phreedom
cb063afcbf
F-Prot virus signaure database updater: package
2012-07-24 10:52:04 +03:00
Peter Simons
e8e19bbb1f
modules/services/web-servers/apache-httpd: rename 'apacheHttpd' option to 'package'
2012-07-24 01:01:48 +02:00
Peter Simons
b3627f6c69
modules/services/web-servers/apache-httpd: add apache user to the apache group
2012-07-23 22:00:35 +02:00
Peter Simons
52c97adaba
modules/services/web-servers/apache-httpd: make this module more configurable
...
- The new option 'apacheHttpd' determines the version of the Apache
HTTP Server that's being used by this module. The default version
is Apache 2.2.x, as before.
- The new option 'configFile' allows users specify their own custom
config file for the web server instead of being limited to the one
that this module generates.
2012-07-23 21:48:21 +02:00
Phreedom
4f109c8a3d
ClamAV: package virus fingerprint database updater.
2012-07-23 17:19:59 +03:00
Marc Weber
7ddea025e4
dont hardcode apache group name when setting permissions for state dir
2012-07-23 03:28:21 +02:00
Eelco Dolstra
7a98c884f8
dhcpcd.nix: Go into the background and restart ntpd
2012-07-20 18:24:55 -04:00
Eelco Dolstra
ee075bdf6b
agetty.nix: Add remark
2012-07-20 17:39:05 -04:00
Eelco Dolstra
77510eaa99
dbus.nix: Fix path to dbus-send
2012-07-20 17:38:36 -04:00
Eelco Dolstra
1602f8e162
Typo
2012-07-20 14:58:15 -04:00
Eelco Dolstra
41cb04f793
Implement serial-getty@.service
2012-07-20 11:36:09 -04:00
Eelco Dolstra
ae62436697
Random changes
2012-07-19 17:33:22 -04:00
Eelco Dolstra
425ec4cb00
syslogd: Make it work with systemd
...
Also made syslogd optional (and disabled by default).
2012-07-19 12:48:30 -04:00
Eelco Dolstra
44d091674b
Merge branch 'master' of github.com:NixOS/nixos into systemd
...
Conflicts:
modules/config/networking.nix
modules/services/networking/ssh/sshd.nix
modules/services/ttys/agetty.nix
modules/system/boot/stage-2-init.sh
modules/system/upstart-events/shutdown.nix
2012-07-16 17:27:11 -04:00
Eelco Dolstra
1d57489427
Global replace /var/run/opengl-driver -> /run/opengl-driver
2012-07-16 11:34:21 -04:00
Eelco Dolstra
98459eb675
Global replace /var/run/booted-system -> /run/booted-system
2012-07-16 11:34:21 -04:00
Eelco Dolstra
73532c3855
Global replace /var/run/current-system -> /run/current-system
2012-07-16 11:34:21 -04:00
Shea Levy
8c24de13e4
D'oh
2012-07-16 08:11:44 -04:00
Shea Levy
cdd8ecf9c7
multitouch: Invert left-right scrolling when invertScroll is enabled
2012-07-16 08:03:47 -04:00
Shea Levy
3d2b83c110
multitouch: Add an option to ignore palm touches
2012-07-14 21:40:49 -04:00
Shea Levy
c909ea9208
multitouch: Add option to invert scroll
2012-07-14 18:02:46 -04:00
Eelco Dolstra
57d74e6f4f
openssh.authorizedKeys.keyFiles: allow multiple keys
...
Ugly hack to get around the error "a string that refers to a store
path cannot be appended to a path". The underlying problem is that
you cannot do
"${./file1} ${./file2}"
but you can do
" ${./file1} ${./file2}"
Obviously we should allow the first case as well.
2012-07-13 17:59:03 -04:00
Eelco Dolstra
7e77dae458
sshd.nix: Create ~/.ssh/authorized_keys with the right ownership
2012-07-13 11:48:47 -04:00
Shea Levy
8544ba285d
logstash: Fix sloppy description fields
2012-07-12 14:35:06 -04:00
Shea Levy
a2b59f595f
logstash: Export config.lib.logstash.mk{Float,Hash,NameValuePairs}.
...
This allows hiding the implementation details for how to represent logstash
config types that don't directly map to nix expressions, particularly floats,
hashes, and name-value pair sets with repeated names. Instead of setting
__type and value directly, the user now uses these convenience functions to
generate their logstash config.
2012-07-12 14:15:43 -04:00
Peter Simons
0c12e29368
Don't add the i3 window manager to the system if it isn't enabled in configuration.nix.
2012-07-12 11:33:10 +02:00
Shea Levy
5412b1089f
logstash: Start process in /tmp
...
See https://logstash.jira.com/browse/LOGSTASH-107
2012-07-11 13:45:36 -04:00
Shea Levy
315087def1
logstash: use {name=; value='} attrsets for repeated name-value pairs instead of parallel lists
2012-07-11 11:59:00 -04:00
Shea Levy
3039caf5ad
Add logstash module.
...
Since the logstash config file seemed very similar to a nixexpr, I decided
to map directly from nixexprs to logstash configs. I didn't realize until
too far in that this solution was probably way over-engineered, but it
works.
2012-07-11 11:22:16 -04:00
Rok Garbas
b7398794ed
i3 window manager was not installed when enabled
2012-07-10 16:07:53 +02:00
Eelco Dolstra
fbf9ecf78a
Apache: make /var/run/httpd readable to wwwrun, as required by mod_cgid
2012-07-09 16:27:39 +02:00
Eelco Dolstra
d0c9a3ce32
Apache: build PHP against the right httpd
...
If httpd is built with a threaded MPM, then PHP needs to be built with
thread support as well.
2012-07-06 23:28:46 +02:00
Eelco Dolstra
18031e41bb
Apache: Add an option to set the MPM
...
Supported values are "prefork" (default), "worker" and "event"
(experimental in Apache 2.2 but not 2.4).
2012-07-06 14:23:55 -04:00
Eelco Dolstra
a07eb262a0
Apache: don't fork into the background due to Upstart weirdness
...
If Apache crashes during startup, Upstart for some reason shows the
job in the "start/running" state. As a workaround, don't fork.
2012-07-06 13:47:42 -04:00
Eelco Dolstra
46dce21bff
MediaWiki: Generalise the skins support
...
The new option ‘skins’ allows specifying a list of directories
providing skins to be added to the MediaWiki installation. The
‘defaultSkin’ option just sets the default.
2012-07-05 21:04:23 +02:00
Peter Simons
f22dbd5e05
modules/services/networking/wpa_supplicant.nix: strip trailing whitespace
2012-06-29 11:53:16 +02:00
Peter Simons
61b8ee9029
modules/services/networking/wpa_supplicant.nix: document that interface auto-detection doesn't work on Linux 3.4.x
2012-06-29 11:53:16 +02:00
Eelco Dolstra
bf15293b1e
Merge branch 'master' of github.com:NixOS/nixos into systemd
...
Conflicts:
modules/services/hardware/udev.nix
2012-06-28 14:19:38 -04:00
David Guibert
dbe2325603
fix the grep pattern finding programs called by absolute paths in udev rules.
2012-06-27 20:41:07 +02:00
Eelco Dolstra
872a76b177
Merge branch 'master' of github.com:NixOS/nixos into systemd
2012-06-22 11:11:21 -04:00
Eelco Dolstra
055eae2a58
Merge pull request #1 from aszlig/i3_integration
...
Add xserver integration of i3 WM.
2012-06-20 20:49:45 -07:00
Eelco Dolstra
2526afb1c7
Don't use ConsoleKit
2012-06-19 16:22:26 -04:00
Eelco Dolstra
dab6bbe3a6
Set the default unit to "graphical.target" if X11 is enabled
2012-06-19 14:51:04 -04:00
Eelco Dolstra
2b305d7f29
Remove accidentally committed line
2012-06-19 14:50:23 -04:00
Eelco Dolstra
f213c4ca29
Don't run syslogd and klogd
...
The systemd journal removes the need for running syslogd and klogd, so
don't start them.
2012-06-19 09:28:04 -04:00
Eelco Dolstra
88f94d76bc
Use socket-based activation of the Nix daemon
2012-06-18 23:31:07 -04:00
Eelco Dolstra
ca2bd17f54
Whitespace
2012-06-18 17:58:31 -04:00
Eelco Dolstra
9f5051b76c
Rename mingetty module to agetty
2012-06-18 17:55:27 -04:00
Eelco Dolstra
352510c208
Add an option ‘boot.systemd.services’
...
This option makes it more convenient to define services because it
automates stuff like setting $PATH, having a pre-start script, and so on.
2012-06-18 15:28:31 -04:00
Eelco Dolstra
42ee3b4209
Add a ‘wantedBy’ attribute to unit definitions
...
This attribute allows a unit to make itself a dependency of another unit.
Also, add an option to set the default target unit.
2012-06-17 23:31:21 -04:00
Mathijs Kwik
bd5b06bf86
synaptics driver: accelleration factor config option
...
svn path=/nixos/trunk/; revision=34523
2012-06-16 11:13:48 +00:00
Eelco Dolstra
4a95f8996b
To ease migration to systemd, generate units from the ‘jobs’ option
...
Also get rid of the ‘buildHook’ job option because it wasn't very useful.
2012-06-16 00:19:43 -04:00
Eelco Dolstra
164d6e6ab2
Use udev from systemd
2012-06-15 13:09:22 -04:00
Eelco Dolstra
a46894b960
Get lots more systemd stuff working
...
Enabled a bunch of units that ship with systemd. Also added an option
‘boot.systemd.units’ that can be used to define additional units
(e.g. ‘sshd.service’).
2012-06-14 18:44:56 -04:00
Lluís Batlle i Rossell
3d2ed19067
Making fcron use the daemonType=fork, instead of foreground. This way logrotate
...
does not have to handle it appart.
svn path=/nixos/trunk/; revision=34422
2012-06-10 15:14:16 +00:00
Lluís Batlle i Rossell
6824f1e082
Making the dovecot2 mail location a nixos option.
...
svn path=/nixos/trunk/; revision=34421
2012-06-10 15:07:25 +00:00
Lluís Batlle i Rossell
9b833aafb9
Fix prayer so it does not start a server at port 80.
...
svn path=/nixos/trunk/; revision=34420
2012-06-10 14:51:43 +00:00
Lluís Batlle i Rossell
78333e5d84
Add a 'named' option to run only for ipv4.
...
I remember the 'named' log was giving annoying messages on systems not ipv6
capable (I can't recall if lacking the kernel ipv6 code or unconfigured ipv6
addresses).
svn path=/nixos/trunk/; revision=34419
2012-06-10 14:50:44 +00:00
Lluís Batlle i Rossell
c539224a84
Postfix was started before all filesystems were mounted. I add 'filesystem' to startOn.
...
svn path=/nixos/trunk/; revision=34416
2012-06-10 14:36:16 +00:00
Eelco Dolstra
87e06b97a3
* Don't include the hostname in option default values. Default values
...
are included in the manual, so this causes a different manual to be
built for each machine.
* Clean up indentation of cntlm module.
svn path=/nixos/trunk/; revision=34387
2012-06-08 14:29:31 +00:00
Eelco Dolstra
6aa4120f3a
* Shorten the greeting line to make it fit on a 80-character terminal
...
again by removing the kernel version.
svn path=/nixos/trunk/; revision=34376
2012-06-06 23:14:57 +00:00
aszlig
b78ce79f89
Add xserver integration of i3 WM.
...
This allows to set i3 as the default window manager in the system configuration.
2012-06-04 21:19:12 +02:00
Eelco Dolstra
ca57a8e638
* Add type.
...
svn path=/nixos/trunk/; revision=34345
2012-06-04 14:35:48 +00:00
Eelco Dolstra
9b014c471a
* CUPS: fix printing on a Ricoh Aficio MP C4500 PXL printer (and
...
probably lots of others). The $PATH used to invoke the filter
didn't contain Ghostscript and Perl, so it silently fails. (A nice
property of CUPS is that it will just silently discard the job when
that happens, so you need to set LogLevel to "debug" to see this.)
Fortunately, CUPS now has a "SetEnv" option to set $PATH explicitly.
Also, remove config.system.path from the PATH of CUPS' Upstart job.
It seems to serve no purpose.
svn path=/nixos/trunk/; revision=34244
2012-05-25 15:51:33 +00:00
Eelco Dolstra
801cd7402c
* Don't use ‘chown user.group’ since that syntax is not officially
...
supported (you're supposed to say ‘chown user:group’).
svn path=/nixos/trunk/; revision=34161
2012-05-17 19:43:32 +00:00
Eelco Dolstra
91acb81b11
* Support globbing in the source attribute of environment.etc entries.
...
svn path=/nixos/trunk/; revision=34158
2012-05-17 18:43:45 +00:00
Eelco Dolstra
c10b41ad99
* Make the fail2ban module configurable.
...
svn path=/nixos/trunk/; revision=34157
2012-05-17 18:19:48 +00:00
Eelco Dolstra
3ce8859551
* Basic module for fail2ban. Not configurable yet. It currently
...
blocks IP addresses if they make too many failed login attempts.
svn path=/nixos/trunk/; revision=34149
2012-05-17 02:51:24 +00:00
Eelco Dolstra
dbf5e3229e
* Remove Nix's dependencies from the chroot. Nix 1.0 doesn't need
...
this anymore.
svn path=/nixos/trunk/; revision=34113
2012-05-15 16:12:22 +00:00
Eelco Dolstra
ea3cfc9287
* Add xdg-open to the default X11 configuration so that programs like
...
Chrome can open downloaded files.
svn path=/nixos/trunk/; revision=34097
2012-05-15 02:49:47 +00:00
Eelco Dolstra
ce3941d6e6
* Move logFormat to the per-vhost options.
...
svn path=/nixos/trunk/; revision=34066
2012-05-11 23:14:05 +00:00
Rickard Nilsson
35f9502a27
Added option for specifying the path to the private key file sshd should use.
...
svn path=/nixos/trunk/; revision=34039
2012-05-09 22:13:53 +00:00
Rickard Nilsson
658ea20e7f
Added option for specifying system-wide known hosts file for OpenSSH.
...
svn path=/nixos/trunk/; revision=34038
2012-05-09 22:11:07 +00:00
Eelco Dolstra
e4200d7e61
* Some more trivial builders with lots of dependencies that should be
...
built locally.
svn path=/nixos/trunk/; revision=34034
2012-05-09 21:35:47 +00:00
Peter Simons
7a69733704
Added 'networking.dhcpcd.denyInterfaces' to extend the list of network
...
interfaces black-listed for dhcpcd via configuration.nix. I use this option to
disable DHCP for "veth*" interfaces, which are created by LXC for use inside of
virtual machines.
svn path=/nixos/trunk/; revision=34018
2012-05-08 11:46:01 +00:00
Eelco Dolstra
b603babd0f
* Use PostgreSQL's fast shutdown mode. In the default
...
smart shutdown mode, Postgres waits until all
active connections have closed, which can take an
unbounded amount of time.
svn path=/nixos/trunk/; revision=33959
2012-04-30 18:15:32 +00:00
Eelco Dolstra
be189991e0
* Revert r33928: veth* can also be a bridged interface requiring dhcp.
...
See e.g. https://nixos.org/repos/nix/configurations/trunk/tud/stan.nix
So we need a better solution for this...
svn path=/nixos/trunk/; revision=33957
2012-04-30 17:46:11 +00:00
Peter Simons
8b841505ff
modules/services/networking/{dhclient,dhcpcd}.nix: ignore virtual veth* devices created by LXC/cgroups
...
svn path=/nixos/trunk/; revision=33928
2012-04-26 12:31:33 +00:00
Peter Simons
86ba0c52b3
modules/services/networking/ssh/sshd.nix: stripped trailing whitespace
...
svn path=/nixos/trunk/; revision=33926
2012-04-26 08:13:24 +00:00
Peter Simons
ee2fcb645b
modules/services/networking/ssh/sshd.nix: don't write debug output to /tmp/log
...
svn path=/nixos/trunk/; revision=33925
2012-04-26 08:13:21 +00:00
Eelco Dolstra
e6fd0fa893
* Cleanup.
...
svn path=/nixos/trunk/; revision=33921
2012-04-25 15:44:47 +00:00
Eelco Dolstra
43215ff80f
* In the implementation of the ‘authorizedKeys’, don't delete all
...
lines below a certain marker. This is undesirable because commands
like "ssh-copy-id" add keys to the end of the file. Instead mark
all automatically added lines individually.
svn path=/nixos/trunk/; revision=33918
2012-04-25 14:14:20 +00:00
Eelco Dolstra
6c1bb54483
* In the installation CD, make the NixOS/Nixpkgs available as if they
...
were obtained from the NixOS channel. "nixos-install" copies this
to the installed system as well.
* In the installation CD, set GC_INITIAL_HEAP_SIZE to a low value for
the benefit of memory-constrained environments.
svn path=/nixos/trunk/; revision=33887
2012-04-23 00:41:37 +00:00
Eelco Dolstra
9195b1125f
* Include the version number in the mingetty greeting line.
...
svn path=/nixos/trunk/; revision=33884
2012-04-22 23:35:34 +00:00
Arie Middelkoop
0cb5673400
Some additional synaptics settings.
...
svn path=/nixos/trunk/; revision=33837
2012-04-19 08:29:22 +00:00
Arie Middelkoop
298e0e1829
Some additional xinetd settings.
...
svn path=/nixos/trunk/; revision=33836
2012-04-19 08:28:54 +00:00
Mathijs Kwik
3bbaa3b60c
slim display manager: enabled auto_login setting
...
useful for demo/kiosk mode
svn path=/nixos/trunk/; revision=33774
2012-04-13 14:52:25 +00:00
Sander van der Burg
a34e20e292
deployment attribute does not exists anymore, will fix this later
...
svn path=/nixos/trunk/; revision=33747
2012-04-11 13:46:49 +00:00
Eelco Dolstra
a7af5588b6
* Drop ugly reference to var/run/current-system/sw/sbin/wpa_cli, and
...
make it conditional.
svn path=/nixos/trunk/; revision=33717
2012-04-10 12:07:30 +00:00
Mathijs Kwik
9a91181be9
damn you shell syntax! :)
...
svn path=/nixos/trunk/; revision=33603
2012-04-05 08:20:43 +00:00
Lluís Batlle i Rossell
56d9e60bb7
Making bind start on started network-interfaces. It wasn't starting ever.
...
svn path=/nixos/trunk/; revision=33542
2012-04-02 18:28:42 +00:00
Mathijs Kwik
a1e86494d0
made challenge-response authentication method configurable for openssh
...
challenge-response is an authentication method that does not need the
plain text password to be emitted over the (encrypted) connection.
This is nice if you don't fully trust the server.
It is enabled (upstream) by default.
To the end user, it still looks like normal password authentication,
but instead of sending it, it is used to hash some challenge.
This means that if you don't want passwords to be used ever at all,
and just stick to public key authentication, you probably want to
disable this option too.
svn path=/nixos/trunk/; revision=33513
2012-04-01 10:54:17 +00:00
Mathijs Kwik
e216ce07df
dhcpcd: ip-up and ip-down emit more info (like wifi access point)
...
useful to only start certain services (like vpn) on certain networks
svn path=/nixos/trunk/; revision=33512
2012-04-01 10:54:15 +00:00
Mathijs Kwik
7d4fd69b5f
dhcpcd: wifi disconnect should also generate ip-down
...
svn path=/nixos/trunk/; revision=33511
2012-04-01 10:54:13 +00:00
Mathijs Kwik
7ba690add6
optionally allow normal users to control wpa_supplicant through
...
wpa_gui or wpa_cli.
Comes with a default wpa_supplicant.conf, which gets updated through
aforementioned utilities.
svn path=/nixos/trunk/; revision=33510
2012-04-01 10:54:10 +00:00
Mathijs Kwik
7f84957ff2
mongodb: allow running as a replicaset member
...
also useful for point-in time backups using mongodump --oplog
svn path=/nixos/trunk/; revision=33509
2012-04-01 10:54:08 +00:00
Mathijs Kwik
de5b437004
assertions '.msg' doesn't exist => .message
...
svn path=/nixos/trunk/; revision=33508
2012-04-01 10:54:06 +00:00
Joachim Schiele
bc6ca7944f
fixed a upstart issue where upsd was never started
...
svn path=/nixos/trunk/; revision=33494
2012-03-31 11:39:30 +00:00
Eelco Dolstra
64241a3e90
* Flush nscd when switching to a new configuration.
...
svn path=/nixos/trunk/; revision=33441
2012-03-27 14:35:45 +00:00
Mathijs Kwik
f31fefdfd9
splitted ssh/sshd X11 forwarding logic. Backward compatible change.
...
You can now set the forwardX11 config option for the ssh client and server separately.
For server, the option means "allow clients to request X11 forwarding".
For client, the option means "request X11 forwarding by default on all connections".
I don't think it made sense to couple them. I might not even run the server on some machines.
Also, I ssh to a lot of machines, and rarely want X11 forwarding. The times I want it,
I use the -X/-Y option, or set it in my ~/.ssh/config.
I also decoupled the 'XAuthLocation' logic from forwardX11.
For my case where ssh client doesn't want forwarding by default, it still wants to set the path for the cases I do need it.
As this flag is the one that pulls in X11 dependencies, I changed the minimal profile and the no-x-libs config to check that instead now.
svn path=/nixos/trunk/; revision=33407
2012-03-25 15:42:05 +00:00
Eelco Dolstra
326891443c
* dhcpcd: Don't use the "persistent" option. With it, dhcpcd won't
...
delete routes and addresses when it quits. This causes those routes
and addresses to stick around forever, since dhcpcd won't delete
them when it runs next (even if it acquires a new lease on the same
interface). This is bad; in particular the stale (default) routes
can break networking.
The downside to removing "persistent" is that you should never ever
do "stop dhcpcd" on a remote machine configured by dhcpcd.
svn path=/nixos/trunk/; revision=33388
2012-03-23 21:00:32 +00:00
Eelco Dolstra
7c75b046ea
* Fix the permissions on /dev/vboxuser in VirtualBox guests.
...
svn path=/nixos/trunk/; revision=33372
2012-03-23 11:52:06 +00:00
Eelco Dolstra
2a135eb4d4
* Remove the ‘services.nfs.client.enable’ flag; use
...
‘boot.supportedFilesystems = [ "nfs" ]’ if needed.
svn path=/nixos/trunk/; revision=33356
2012-03-22 12:24:23 +00:00
Eelco Dolstra
89a21f7a7d
* GIDs are supposed to match UIDs.
...
svn path=/nixos/trunk/; revision=33346
2012-03-22 10:11:15 +00:00
Lluís Batlle i Rossell
5ddae4a83a
Changing portmap by rpcbind on nfs services.
...
That could make rpc.statd work.
Patch by Rickard Nilsson.
I'm not sure we need that netconfig file in etc.
svn path=/nixos/trunk/; revision=33342
2012-03-21 20:37:37 +00:00
Lluís Batlle i Rossell
20edb255bd
Adding idmapd, for NFSv4.
...
Patch by Rickard Nilsson.
This may fix rpc.statd start.
svn path=/nixos/trunk/; revision=33330
2012-03-21 11:58:06 +00:00
Shea Levy
70eb64c025
Pommed: find the 'eject' command in /var/setuid-wrappers:/home/shlevy/.nix-profile/bin:/home/shlevy/.nix-profile/sbin:/home/shlevy/.nix-profile/lib/kde4/libexec:/nix/var/nix/profiles/default/bin:/nix/var/nix/profiles/default/sbin:/nix/var/nix/profiles/default/lib/kde4/libexec:/var/run/current-system/sw/bin:/var/run/current-system/sw/sbin:/var/run/current-system/sw/lib/kde4/libexec
...
svn path=/nixos/trunk/; revision=33302
2012-03-20 18:28:32 +00:00
Eelco Dolstra
010578d8a4
* Restrict VirtualBox to users in the vboxusers group.
...
The VirtualBox build in Nixpkgs is insecure because it uses the
"--disable-hardened" flag, which disables some checks in the
VirtualBox kernel module. Since getting rid of that flag looks like
too much work, it's better to ensure that only explicitly permitted
users have access to VirtualBox.
* Drop the 666 permission on "sonypi" because it's not clear why that
device should be world-writable.
svn path=/nixos/trunk/; revision=33301
2012-03-20 16:30:43 +00:00
Shea Levy
11066067f7
Add nouveau xorg video driver
...
svn path=/nixos/trunk/; revision=33300
2012-03-20 16:29:22 +00:00
Shea Levy
0d67d95f32
Add a module for the pommed tool for Apple laptop keyboards.
...
svn path=/nixos/trunk/; revision=33286
2012-03-20 04:41:13 +00:00
Shea Levy
6435207dd1
Whoops, actually use the mtrack fork
...
svn path=/nixos/trunk/; revision=33285
2012-03-20 01:56:39 +00:00
Shea Levy
724b5abe42
xf86-input-multitouch seems to be abandoned, update it with the mtrack fork
...
svn path=/nixos/trunk/; revision=33283
2012-03-20 01:48:09 +00:00
Shea Levy
14dd95b692
xserver.nix: Automatically support xorg's own video drivers
...
svn path=/nixos/trunk/; revision=33281
2012-03-19 23:57:26 +00:00
Eelco Dolstra
6093b54b73
* Zabbix: use the path attribute.
...
svn path=/nixos/trunk/; revision=33278
2012-03-19 19:43:31 +00:00
Eelco Dolstra
533448ae37
* udev: don't set the STARTUP flag anymore, since LVM no longer uses
...
it.
* Don't call "vgscan" anymore; VG scans are supposed to be automatic.
svn path=/nixos/trunk/; revision=33275
2012-03-19 19:10:27 +00:00
Eelco Dolstra
31c93522d5
* Support PostgreSQL versions >= 8.4, which have a slightly different
...
pg_hba.conf format.
svn path=/nixos/trunk/; revision=33268
2012-03-19 18:06:18 +00:00
Eelco Dolstra
f12950b8e0
* Improve the Postgres Upstart job: don't use pg_ctl, let Upstart
...
monitor the postgres process directly (so that it can be restarted
if necessary), let Upstart send SIGTERM to postgres to shut it down
gracefully. Also drop the Mediawiki references.
svn path=/nixos/trunk/; revision=33262
2012-03-19 16:49:13 +00:00
Eelco Dolstra
ebc6d7f435
* Attempt to fix the random "udevadm settle - timeout of 120 seconds
...
reached, the event queue contains: /sys/devices/virtual/tty/hvc1" VM
failures.
svn path=/nixos/trunk/; revision=33259
2012-03-19 15:10:39 +00:00
Eelco Dolstra
2cc8d0363e
* Move the implementation of boot.kernelModules to udev's postStart.
...
It needs udevd to be running because the modules may require
firmware. Thanks to Mathijs and Arie for pointing this out.
svn path=/nixos/trunk/; revision=33234
2012-03-18 14:03:42 +00:00
Eelco Dolstra
83f5d26a85
* Ignore the "No soundcards found" error.
...
svn path=/nixos/trunk/; revision=33224
2012-03-18 02:36:21 +00:00
Eelco Dolstra
86d8d62d16
* Allow Upstart jobs to declare that they shouldn't be restarted by
...
switch-to-configuration. E.g. the X server shouldn't be restarted
because that kills all the X clients.
svn path=/nixos/trunk/; revision=33223
2012-03-18 02:10:39 +00:00
Eelco Dolstra
ed436179e1
* Improve some job names.
...
svn path=/nixos/trunk/; revision=33215
2012-03-17 19:22:22 +00:00
Eelco Dolstra
ee6c9bb998
* Provide two utility functions in Upstart jobs: "ensure JOBNAME"
...
starts the given job and waits until it's running; "stop_check"
checks that the current job hasn't been asked to stop.
svn path=/nixos/trunk/; revision=33214
2012-03-17 19:12:33 +00:00
Eelco Dolstra
07df536c42
* Fix comment.
...
svn path=/nixos/trunk/; revision=33213
2012-03-17 18:01:42 +00:00
Eelco Dolstra
53847ef665
* Don't use the non-existent "never" condition in stopOn.
...
svn path=/nixos/trunk/; revision=33212
2012-03-17 18:00:20 +00:00
Eelco Dolstra
dd693fdc5e
* Revert unintended commit.
...
svn path=/nixos/trunk/; revision=33209
2012-03-17 17:31:08 +00:00
Eelco Dolstra
573877c1ac
* Use boot.kernelModules everywhere instead of explicit calls to
...
modprobe.
* Move the implementation of boot.kernelModules from the udev job to
the activation script. This prevents races with the udev job.
* Drop references to the "capability" kernel module, which no longer
exists.
svn path=/nixos/trunk/; revision=33208
2012-03-17 17:26:17 +00:00
Eelco Dolstra
646d67465c
* Upstart stupidly doesn't kill post-start scripts if we do "stop
...
JOB", but it does kill the job's main process. So if the post-start
script if waiting for the job's main process to reach some state, it
may hang forever. Thus, the post-start script should monitor
whether its job has been requested to stop and exit in that case.
svn path=/nixos/trunk/; revision=33176
2012-03-16 21:24:51 +00:00
Eelco Dolstra
67a90c6d6f
* Renamed services.nfsKernel to services.nfs. Unfortunately
...
rename.nix doesn't allow renaming sets of options...
* Renamed nfs-kernel.nix to nfsd.nix
* Move NFS client stuff from nfsd.nix to filesystems/nfs.nix.
svn path=/nixos/trunk/; revision=33174
2012-03-16 20:41:49 +00:00
Eelco Dolstra
a395e46192
* Fix the NFS Upstart dependencies. Mountd is now started before
...
nfsd, as suggested by the nfs-utils README.
Also, rather than relying on Upstart events (which have all sorts of
problems, especially if you have jobs that have multiple
dependencies), we know just let jobs start their on prerequisites.
That is, nfsd starts mountd in its preStart script; mountd starts
statd; statd starts portmap. Likewise, mountall starts statd to
ensure that it can mount NFS filesystems. This means that doing
something like "start nfsd" from the command line will Do The Right
Thing and start the dependencies of nfsd.
svn path=/nixos/trunk/; revision=33172
2012-03-16 20:10:14 +00:00
Eelco Dolstra
823471a100
* portmap: add a postStart action that ensures that portmap is
...
actually listening. Otherwise we have a race condition during boot
where statd's start can be delayed, causing NFSv3 mounting to fail.
svn path=/nixos/trunk/; revision=33171
2012-03-16 19:49:47 +00:00
Eelco Dolstra
5a36c25e9f
* nfsd and statd do not need to be stopped when portmap stops.
...
svn path=/nixos/trunk/; revision=33167
2012-03-16 17:43:18 +00:00
Eelco Dolstra
c5ca681c06
* Drop the unnecessary "nfs-kernel-" prefix from the job names.
...
svn path=/nixos/trunk/; revision=33159
2012-03-16 13:56:51 +00:00
Eelco Dolstra
0c1ec805fc
* In fact get rid of the whole nfs-kernel-exports job.
...
svn path=/nixos/trunk/; revision=33156
2012-03-16 13:40:02 +00:00
Eelco Dolstra
d2b3c2cda4
* Start fixing the NFS mess. It was completely broken because the
...
exportfs job didn't work at all (so /var/lib/nfs/etab didn't get
initialised).
svn path=/nixos/trunk/; revision=33153
2012-03-16 13:00:27 +00:00
Eelco Dolstra
53bd25c7fa
* Automatically start VBoxClient-all when the X session starts. This
...
allows seamless windows, resizing of the desktop, cut and paster,
etc.
svn path=/nixos/trunk/; revision=33131
2012-03-16 01:29:51 +00:00
Eelco Dolstra
3ddbe0f9fb
* Drop references to activation scriptlets that no longer exist.
...
svn path=/nixos/trunk/; revision=33110
2012-03-15 14:21:17 +00:00