Commit graph

1133 commits

Author SHA1 Message Date
Peter Simons a7700202f2 Rename dovecot2 module to dovecot.
We no longer support more than one version.
2012-09-25 11:23:53 +02:00
Peter Simons c1949c36e9 Merge pull request #31 from peti/master
Drop service for dovecot 1.x.
2012-09-24 07:31:04 -07:00
Peter Simons 97c74bf050 alsa.nix: initialize the sound card before restoring previously stored settings
The sound card in my ThinkPad won't work unless "init" is run explicitly.
2012-09-23 22:40:19 +02:00
Peter Simons 00e19c91e5 postfix: add option 'extraMasterConf' to extend the default master.cf file 2012-09-23 12:21:48 +02:00
Peter Simons b8f09be5e0 Remove service for dovecot version 1.x. 2012-09-22 12:51:58 +02:00
Eelco Dolstra 0bd7bdfe0d Merge branch 'master' of github.com:NixOS/nixos 2012-09-21 11:03:25 -04:00
Eelco Dolstra 600d43ba93 Drop xfce-4.6 compatibility 2012-09-21 11:03:07 -04:00
Peter Simons 4476b875fc Add services.dovecot2.extraConfig option to configure arbitrary settings for which NixOS has no direct support. 2012-09-21 16:04:46 +02:00
Peter Simons 0573c7fcae modules/services/mail/dovecot2.nix: update syntax for SSL config options 2012-09-21 12:29:36 +02:00
Peter Simons 155495deb2 modules/services/mail/dovecot2.nix: accept plain text authentication only over secure channels when TLS is available
Connects from 'localhost' are always considered secure.
2012-09-21 12:29:36 +02:00
Peter Simons 1da16a5ea1 modules/services/mail/dovecot2.nix: log via syslog instead of writing a separate file 2012-09-21 12:29:36 +02:00
Eelco Dolstra d4af6edd5e firewall.nix: Allow specifying trusted network interfaces
Trusted network interfaces (such as "lo") will accept any incoming
traffic.
2012-09-20 17:51:44 -04:00
Eelco Dolstra 1e666c10fa Get rid of the last use of mkThenElse 2012-09-20 16:55:32 -04:00
Rickard Nilsson 0de3a0cff3 nscd-invalidate: Invalidate passwd and group databases also
I had some problems with LDAP user lookups not working properly
at boot. I found that invalidating passwd and group on the
ip-up event (when nscd-invalidate starts) helped a bit.
2012-09-19 14:30:55 +02:00
Eelco Dolstra d12dd340b6 firewall.nix: Respect networking.enableIPv6 = false
Reported-by: Pablo Costa <modulistic@gmail.com>
2012-09-18 17:20:46 -04:00
Eelco Dolstra aac6fe44b6 Merge branch 'master' of github.com:NixOS/nixos into systemd 2012-09-11 10:58:57 -04:00
Ludovic Courtès f7530dc5ee avahi: Never set host-name' to the empty string in avahi-daemon.conf'. 2012-09-07 10:58:53 +02:00
Rob Vermaas 27880ed729 Change logstash job startOn attribute to include networking 2012-09-06 12:31:15 +02:00
Eelco Dolstra e0e0e57c26 Fix the OpenVPN jobs 2012-08-30 21:11:36 -04:00
Mathijs Kwik d106a8a296 logcheck: make sure directories are writable during merge phase 2012-08-29 22:59:28 +02:00
Peter Simons 51e58dafca spamassassin: use a dedicated user for running spamd 2012-08-28 16:27:28 +02:00
Mathijs Kwik 2769f594f3 add logcheck module 2012-08-26 16:04:49 +02:00
Mathijs Kwik 05262ad35d postfix: allow specifying 'virtual' mappings
mainly useful for having a few local addresses (me@host.domain.com) while the majority of
addresses are on the domain (you@domain.com)
2012-08-24 00:27:07 +02:00
Eelco Dolstra 4c65a5d95c Don't restart agetty 2012-08-23 11:13:33 -04:00
Eelco Dolstra b02c488fde Automatically append ".service" to the name of service units 2012-08-23 10:25:27 -04:00
Eelco Dolstra c2da812bd0 Enable upower's systemd unit 2012-08-21 11:29:59 -04:00
Eelco Dolstra 08f14b33c1 Merge branch 'master' of github.com:NixOS/nixos into systemd 2012-08-20 11:27:38 -04:00
Eelco Dolstra 39ec043aea Typo 2012-08-20 11:21:03 -04:00
Eelco Dolstra cdc3604a7d kdm: Do a poweroff, not a halt 2012-08-20 11:11:10 -04:00
Eelco Dolstra ebb1781dfc Fix KDE/kdm 2012-08-20 11:10:19 -04:00
Eelco Dolstra 1e5a2bca28 Remove HAL
It's obsolete and we no longer use it.
2012-08-17 14:45:43 -04:00
Eelco Dolstra c60d6caee8 Rename xserver.service to display-manager.service
The latter is what graphical.target expects.
2012-08-17 14:43:41 -04:00
Eelco Dolstra 490ce3a230 PAM: Rename ownDevices to startSession
Logind sessions are more generally useful than for device ownership.
For instances, ssh logins can be put in their own session (and thus
their own cgroup).
2012-08-17 13:48:22 -04:00
Eelco Dolstra 676157f1e7 slim.nix: Remove the hideCursor option because it doesn't work 2012-08-17 13:42:52 -04:00
Eelco Dolstra b91aa1599c sshd.nix: Disable password logins for root by default 2012-08-17 13:32:23 -04:00
Eelco Dolstra a44e575196 switch-to-configuration: Respect the ‘restartIfChanged’ attribute 2012-08-17 13:14:42 -04:00
Eelco Dolstra 7d958dcdd1 Drop Upstart references 2012-08-17 11:02:12 -04:00
Eelco Dolstra f903a3dcc8 dhcpcd.nix: Add a reload action for rebinding interfaces 2012-08-17 11:01:07 -04:00
Eelco Dolstra 2ce5abaedf acpid.nix: Fix dependencies 2012-08-17 11:00:33 -04:00
Eelco Dolstra 8e8bad96d4 alsa.nix: Add job description 2012-08-17 11:00:14 -04:00
Eelco Dolstra 0e3f03106f postgresql.nix: Add an option for overriding the PostgreSQL package 2012-08-15 17:02:03 -04:00
Eelco Dolstra d18c2afc6f Add an ip-up target for services that require IP connectivity 2012-08-15 15:38:52 -04:00
Eelco Dolstra c2b2a3369a Fix dependencies of Apache and PostgreSQL 2012-08-14 18:15:37 -04:00
Eelco Dolstra 4475294f57 Fix a hang during shutdown
Subtle: dhcpcd.service would call resolvconf during shutdown, which in
turn would start invalidate-nscd.service, causing the shutdown to be
cancelled.  Instead, give nscd.service a proper reload action, and do
"systemctl reload --no-block nscd.service".  The --no-block is
necessary to prevent that command from waiting until a timeout occurs
(bug in systemd?).
2012-08-14 16:45:50 -04:00
Shea Levy 85997a6692 mingetty: Don't make restartIfChanged optional 2012-08-12 11:44:00 -04:00
aszlig d809a9e6b2 mingetty: Option to not restart on service change.
This especially annoyed me whenver I was doing nixos-rebuild switch and getting
logged out on all consoles. With this there now is services.mingetty.dontRestart
for heavy VT users to deactivate this behaviour.
2012-08-12 13:50:50 +02:00
Eelco Dolstra 21da462ad5 Merge pull request #25 from shlevy/required-kernel-config
Required kernel config
2012-08-08 10:33:41 -07:00
Shea Levy 64d0069be3 udev requires unix sockets and inotify 2012-08-06 17:02:35 -04:00
Eelco Dolstra 23947c26a8 Revert accidental commit 2012-08-06 15:53:04 -04:00
Eelco Dolstra b11c5d5991 nscd: Ensure that invalidate-nscd starts after nscd 2012-08-06 12:26:52 -04:00
Eelco Dolstra 9f9ae7c7e9 Share option definitions between the systemd and Upstart compatibility modules 2012-08-06 11:45:59 -04:00
Peter Simons d13a3c741a spamassassin: call daemon with complete path 2012-08-03 18:07:06 +02:00
Eelco Dolstra d5d8acfacd Assign uid/gid 54 to wwwrun 2012-08-03 11:05:25 -04:00
Eelco Dolstra 0a0c28f812 Revert "Add services.httpd.fixUidAndGid option to assign reliable numeric UID and GID for the Apache user."
This reverts commit 0ef085d58a.
2012-08-03 10:52:53 -04:00
Peter Simons 0ef085d58a Add services.httpd.fixUidAndGid option to assign reliable numeric UID and GID for the Apache user.
The option is disabled by default so that previously existing installations
aren't affected.

If you'd like to migrate to the fixed numeric id for Apache, set "fixUidAndGid
= true", edit the file "/etc/groups" and replace the old GID value with 54.
(NixOS can't do that for you because it refuses to change a GID that identifies
the primary group of a user.) Then run

  find / -xdev -uid $oldUID -exec chown 54 {} +
  find / -xdev -gid $oldGID -exec chgrp 54 {} +

to update ownership of all files that are supposed to be owned by Apache.
2012-08-03 16:39:55 +02:00
Eelco Dolstra 29f721ba54 Only create the Apache user/group if it's "wwwrun" 2012-08-03 09:35:06 -04:00
Peter Simons 1b249eaf05 Initial version of a SpamAssassin service.
The configuration is expected to be managed by the user in /etc/spamassassin.
2012-08-03 15:11:28 +02:00
Eelco Dolstra d4fec178fd Merge remote-tracking branch 'origin/master' into systemd 2012-08-02 13:44:16 -04:00
Eelco Dolstra 1fcef0a0e0 Don't use nixUnstable 2012-08-02 13:31:57 -04:00
Mathijs Kwik 52fd5ea6ca gogoclient: setup config and dirs on service start, not on system activation 2012-07-31 20:07:05 +02:00
Eelco Dolstra 2678ff3726 Use /sys/fs/cgroup instead of /dev/cgroup 2012-07-30 13:49:18 -04:00
Eelco Dolstra a559a2a606 mediawiki.nix: Use the right PHP build 2012-07-30 17:19:23 +02:00
Peter Simons e988324534 Use a dedicated user ('named') for BIND instead of running the daemon as super user. 2012-07-27 00:08:41 +02:00
Phreedom cb063afcbf F-Prot virus signaure database updater: package 2012-07-24 10:52:04 +03:00
Peter Simons e8e19bbb1f modules/services/web-servers/apache-httpd: rename 'apacheHttpd' option to 'package' 2012-07-24 01:01:48 +02:00
Peter Simons b3627f6c69 modules/services/web-servers/apache-httpd: add apache user to the apache group 2012-07-23 22:00:35 +02:00
Peter Simons 52c97adaba modules/services/web-servers/apache-httpd: make this module more configurable
- The new option 'apacheHttpd' determines the version of the Apache
   HTTP Server that's being used by this module. The default version
   is Apache 2.2.x, as before.

 - The new option 'configFile' allows users specify their own custom
   config file for the web server instead of being limited to the one
   that this module generates.
2012-07-23 21:48:21 +02:00
Phreedom 4f109c8a3d ClamAV: package virus fingerprint database updater. 2012-07-23 17:19:59 +03:00
Marc Weber 7ddea025e4 dont hardcode apache group name when setting permissions for state dir 2012-07-23 03:28:21 +02:00
Eelco Dolstra 7a98c884f8 dhcpcd.nix: Go into the background and restart ntpd 2012-07-20 18:24:55 -04:00
Eelco Dolstra ee075bdf6b agetty.nix: Add remark 2012-07-20 17:39:05 -04:00
Eelco Dolstra 77510eaa99 dbus.nix: Fix path to dbus-send 2012-07-20 17:38:36 -04:00
Eelco Dolstra 1602f8e162 Typo 2012-07-20 14:58:15 -04:00
Eelco Dolstra 41cb04f793 Implement serial-getty@.service 2012-07-20 11:36:09 -04:00
Eelco Dolstra ae62436697 Random changes 2012-07-19 17:33:22 -04:00
Eelco Dolstra 425ec4cb00 syslogd: Make it work with systemd
Also made syslogd optional (and disabled by default).
2012-07-19 12:48:30 -04:00
Eelco Dolstra 44d091674b Merge branch 'master' of github.com:NixOS/nixos into systemd
Conflicts:
	modules/config/networking.nix
	modules/services/networking/ssh/sshd.nix
	modules/services/ttys/agetty.nix
	modules/system/boot/stage-2-init.sh
	modules/system/upstart-events/shutdown.nix
2012-07-16 17:27:11 -04:00
Eelco Dolstra 1d57489427 Global replace /var/run/opengl-driver -> /run/opengl-driver 2012-07-16 11:34:21 -04:00
Eelco Dolstra 98459eb675 Global replace /var/run/booted-system -> /run/booted-system 2012-07-16 11:34:21 -04:00
Eelco Dolstra 73532c3855 Global replace /var/run/current-system -> /run/current-system 2012-07-16 11:34:21 -04:00
Shea Levy 8c24de13e4 D'oh 2012-07-16 08:11:44 -04:00
Shea Levy cdd8ecf9c7 multitouch: Invert left-right scrolling when invertScroll is enabled 2012-07-16 08:03:47 -04:00
Shea Levy 3d2b83c110 multitouch: Add an option to ignore palm touches 2012-07-14 21:40:49 -04:00
Shea Levy c909ea9208 multitouch: Add option to invert scroll 2012-07-14 18:02:46 -04:00
Eelco Dolstra 57d74e6f4f openssh.authorizedKeys.keyFiles: allow multiple keys
Ugly hack to get around the error "a string that refers to a store
path cannot be appended to a path".  The underlying problem is that
you cannot do

  "${./file1} ${./file2}"

but you can do

  " ${./file1} ${./file2}"

Obviously we should allow the first case as well.
2012-07-13 17:59:03 -04:00
Eelco Dolstra 7e77dae458 sshd.nix: Create ~/.ssh/authorized_keys with the right ownership 2012-07-13 11:48:47 -04:00
Shea Levy 8544ba285d logstash: Fix sloppy description fields 2012-07-12 14:35:06 -04:00
Shea Levy a2b59f595f logstash: Export config.lib.logstash.mk{Float,Hash,NameValuePairs}.
This allows hiding the implementation details for how to represent logstash
config types that don't directly map to nix expressions, particularly floats,
hashes, and name-value pair sets with repeated names. Instead of setting
__type and value directly, the user now uses these convenience functions to
generate their logstash config.
2012-07-12 14:15:43 -04:00
Peter Simons 0c12e29368 Don't add the i3 window manager to the system if it isn't enabled in configuration.nix. 2012-07-12 11:33:10 +02:00
Shea Levy 5412b1089f logstash: Start process in /tmp
See https://logstash.jira.com/browse/LOGSTASH-107
2012-07-11 13:45:36 -04:00
Shea Levy 315087def1 logstash: use {name=; value='} attrsets for repeated name-value pairs instead of parallel lists 2012-07-11 11:59:00 -04:00
Shea Levy 3039caf5ad Add logstash module.
Since the logstash config file seemed very similar to a nixexpr, I decided
to map directly from nixexprs to logstash configs. I didn't realize until
too far in that this solution was probably way over-engineered, but it
works.
2012-07-11 11:22:16 -04:00
Rok Garbas b7398794ed i3 window manager was not installed when enabled 2012-07-10 16:07:53 +02:00
Eelco Dolstra fbf9ecf78a Apache: make /var/run/httpd readable to wwwrun, as required by mod_cgid 2012-07-09 16:27:39 +02:00
Eelco Dolstra d0c9a3ce32 Apache: build PHP against the right httpd
If httpd is built with a threaded MPM, then PHP needs to be built with
thread support as well.
2012-07-06 23:28:46 +02:00
Eelco Dolstra 18031e41bb Apache: Add an option to set the MPM
Supported values are "prefork" (default), "worker" and "event"
(experimental in Apache 2.2 but not 2.4).
2012-07-06 14:23:55 -04:00
Eelco Dolstra a07eb262a0 Apache: don't fork into the background due to Upstart weirdness
If Apache crashes during startup, Upstart for some reason shows the
job in the "start/running" state.  As a workaround, don't fork.
2012-07-06 13:47:42 -04:00
Eelco Dolstra 46dce21bff MediaWiki: Generalise the skins support
The new option ‘skins’ allows specifying a list of directories
providing skins to be added to the MediaWiki installation.  The
‘defaultSkin’ option just sets the default.
2012-07-05 21:04:23 +02:00
Peter Simons f22dbd5e05 modules/services/networking/wpa_supplicant.nix: strip trailing whitespace 2012-06-29 11:53:16 +02:00
Peter Simons 61b8ee9029 modules/services/networking/wpa_supplicant.nix: document that interface auto-detection doesn't work on Linux 3.4.x 2012-06-29 11:53:16 +02:00
Eelco Dolstra bf15293b1e Merge branch 'master' of github.com:NixOS/nixos into systemd
Conflicts:
	modules/services/hardware/udev.nix
2012-06-28 14:19:38 -04:00
David Guibert dbe2325603 fix the grep pattern finding programs called by absolute paths in udev rules. 2012-06-27 20:41:07 +02:00
Eelco Dolstra 872a76b177 Merge branch 'master' of github.com:NixOS/nixos into systemd 2012-06-22 11:11:21 -04:00
Eelco Dolstra 055eae2a58 Merge pull request #1 from aszlig/i3_integration
Add xserver integration of i3 WM.
2012-06-20 20:49:45 -07:00
Eelco Dolstra 2526afb1c7 Don't use ConsoleKit 2012-06-19 16:22:26 -04:00
Eelco Dolstra dab6bbe3a6 Set the default unit to "graphical.target" if X11 is enabled 2012-06-19 14:51:04 -04:00
Eelco Dolstra 2b305d7f29 Remove accidentally committed line 2012-06-19 14:50:23 -04:00
Eelco Dolstra f213c4ca29 Don't run syslogd and klogd
The systemd journal removes the need for running syslogd and klogd, so
don't start them.
2012-06-19 09:28:04 -04:00
Eelco Dolstra 88f94d76bc Use socket-based activation of the Nix daemon 2012-06-18 23:31:07 -04:00
Eelco Dolstra ca2bd17f54 Whitespace 2012-06-18 17:58:31 -04:00
Eelco Dolstra 9f5051b76c Rename mingetty module to agetty 2012-06-18 17:55:27 -04:00
Eelco Dolstra 352510c208 Add an option ‘boot.systemd.services’
This option makes it more convenient to define services because it
automates stuff like setting $PATH, having a pre-start script, and so on.
2012-06-18 15:28:31 -04:00
Eelco Dolstra 42ee3b4209 Add a ‘wantedBy’ attribute to unit definitions
This attribute allows a unit to make itself a dependency of another unit.

Also, add an option to set the default target unit.
2012-06-17 23:31:21 -04:00
Mathijs Kwik bd5b06bf86 synaptics driver: accelleration factor config option
svn path=/nixos/trunk/; revision=34523
2012-06-16 11:13:48 +00:00
Eelco Dolstra 4a95f8996b To ease migration to systemd, generate units from the ‘jobs’ option
Also get rid of the ‘buildHook’ job option because it wasn't very useful.
2012-06-16 00:19:43 -04:00
Eelco Dolstra 164d6e6ab2 Use udev from systemd 2012-06-15 13:09:22 -04:00
Eelco Dolstra a46894b960 Get lots more systemd stuff working
Enabled a bunch of units that ship with systemd.  Also added an option
‘boot.systemd.units’ that can be used to define additional units
(e.g. ‘sshd.service’).
2012-06-14 18:44:56 -04:00
Lluís Batlle i Rossell 3d2ed19067 Making fcron use the daemonType=fork, instead of foreground. This way logrotate
does not have to handle it appart.


svn path=/nixos/trunk/; revision=34422
2012-06-10 15:14:16 +00:00
Lluís Batlle i Rossell 6824f1e082 Making the dovecot2 mail location a nixos option.
svn path=/nixos/trunk/; revision=34421
2012-06-10 15:07:25 +00:00
Lluís Batlle i Rossell 9b833aafb9 Fix prayer so it does not start a server at port 80.
svn path=/nixos/trunk/; revision=34420
2012-06-10 14:51:43 +00:00
Lluís Batlle i Rossell 78333e5d84 Add a 'named' option to run only for ipv4.
I remember the 'named' log was giving annoying messages on systems not ipv6
capable (I can't recall if lacking the kernel ipv6 code or unconfigured ipv6
addresses).


svn path=/nixos/trunk/; revision=34419
2012-06-10 14:50:44 +00:00
Lluís Batlle i Rossell c539224a84 Postfix was started before all filesystems were mounted. I add 'filesystem' to startOn.
svn path=/nixos/trunk/; revision=34416
2012-06-10 14:36:16 +00:00
Eelco Dolstra 87e06b97a3 * Don't include the hostname in option default values. Default values
are included in the manual, so this causes a different manual to be
  built for each machine.
* Clean up indentation of cntlm module.

svn path=/nixos/trunk/; revision=34387
2012-06-08 14:29:31 +00:00
Eelco Dolstra 6aa4120f3a * Shorten the greeting line to make it fit on a 80-character terminal
again by removing the kernel version.

svn path=/nixos/trunk/; revision=34376
2012-06-06 23:14:57 +00:00
aszlig b78ce79f89 Add xserver integration of i3 WM.
This allows to set i3 as the default window manager in the system configuration.
2012-06-04 21:19:12 +02:00
Eelco Dolstra ca57a8e638 * Add type.
svn path=/nixos/trunk/; revision=34345
2012-06-04 14:35:48 +00:00
Eelco Dolstra 9b014c471a * CUPS: fix printing on a Ricoh Aficio MP C4500 PXL printer (and
probably lots of others).  The $PATH used to invoke the filter
  didn't contain Ghostscript and Perl, so it silently fails.  (A nice
  property of CUPS is that it will just silently discard the job when
  that happens, so you need to set LogLevel to "debug" to see this.)
  Fortunately, CUPS now has a "SetEnv" option to set $PATH explicitly.

  Also, remove config.system.path from the PATH of CUPS' Upstart job.
  It seems to serve no purpose.

svn path=/nixos/trunk/; revision=34244
2012-05-25 15:51:33 +00:00
Eelco Dolstra 801cd7402c * Don't use ‘chown user.group’ since that syntax is not officially
supported (you're supposed to say ‘chown user:group’).

svn path=/nixos/trunk/; revision=34161
2012-05-17 19:43:32 +00:00
Eelco Dolstra 91acb81b11 * Support globbing in the source attribute of environment.etc entries.
svn path=/nixos/trunk/; revision=34158
2012-05-17 18:43:45 +00:00
Eelco Dolstra c10b41ad99 * Make the fail2ban module configurable.
svn path=/nixos/trunk/; revision=34157
2012-05-17 18:19:48 +00:00
Eelco Dolstra 3ce8859551 * Basic module for fail2ban. Not configurable yet. It currently
blocks IP addresses if they make too many failed login attempts.

svn path=/nixos/trunk/; revision=34149
2012-05-17 02:51:24 +00:00
Eelco Dolstra dbf5e3229e * Remove Nix's dependencies from the chroot. Nix 1.0 doesn't need
this anymore.

svn path=/nixos/trunk/; revision=34113
2012-05-15 16:12:22 +00:00
Eelco Dolstra ea3cfc9287 * Add xdg-open to the default X11 configuration so that programs like
Chrome can open downloaded files.

svn path=/nixos/trunk/; revision=34097
2012-05-15 02:49:47 +00:00
Eelco Dolstra ce3941d6e6 * Move logFormat to the per-vhost options.
svn path=/nixos/trunk/; revision=34066
2012-05-11 23:14:05 +00:00
Rickard Nilsson 35f9502a27 Added option for specifying the path to the private key file sshd should use.
svn path=/nixos/trunk/; revision=34039
2012-05-09 22:13:53 +00:00
Rickard Nilsson 658ea20e7f Added option for specifying system-wide known hosts file for OpenSSH.
svn path=/nixos/trunk/; revision=34038
2012-05-09 22:11:07 +00:00
Eelco Dolstra e4200d7e61 * Some more trivial builders with lots of dependencies that should be
built locally.

svn path=/nixos/trunk/; revision=34034
2012-05-09 21:35:47 +00:00
Peter Simons 7a69733704 Added 'networking.dhcpcd.denyInterfaces' to extend the list of network
interfaces black-listed for dhcpcd via configuration.nix. I use this option to
disable DHCP for "veth*" interfaces, which are created by LXC for use inside of
virtual machines.

svn path=/nixos/trunk/; revision=34018
2012-05-08 11:46:01 +00:00
Eelco Dolstra b603babd0f * Use PostgreSQL's fast shutdown mode. In the default
smart shutdown mode, Postgres waits until all 
  active connections have closed, which can take an
  unbounded amount of time.

svn path=/nixos/trunk/; revision=33959
2012-04-30 18:15:32 +00:00
Eelco Dolstra be189991e0 * Revert r33928: veth* can also be a bridged interface requiring dhcp.
See e.g. https://nixos.org/repos/nix/configurations/trunk/tud/stan.nix

  So we need a better solution for this...

svn path=/nixos/trunk/; revision=33957
2012-04-30 17:46:11 +00:00
Peter Simons 8b841505ff modules/services/networking/{dhclient,dhcpcd}.nix: ignore virtual veth* devices created by LXC/cgroups
svn path=/nixos/trunk/; revision=33928
2012-04-26 12:31:33 +00:00
Peter Simons 86ba0c52b3 modules/services/networking/ssh/sshd.nix: stripped trailing whitespace
svn path=/nixos/trunk/; revision=33926
2012-04-26 08:13:24 +00:00
Peter Simons ee2fcb645b modules/services/networking/ssh/sshd.nix: don't write debug output to /tmp/log
svn path=/nixos/trunk/; revision=33925
2012-04-26 08:13:21 +00:00
Eelco Dolstra e6fd0fa893 * Cleanup.
svn path=/nixos/trunk/; revision=33921
2012-04-25 15:44:47 +00:00
Eelco Dolstra 43215ff80f * In the implementation of the ‘authorizedKeys’, don't delete all
lines below a certain marker.  This is undesirable because commands
  like "ssh-copy-id" add keys to the end of the file.  Instead mark
  all automatically added lines individually.

svn path=/nixos/trunk/; revision=33918
2012-04-25 14:14:20 +00:00
Eelco Dolstra 6c1bb54483 * In the installation CD, make the NixOS/Nixpkgs available as if they
were obtained from the NixOS channel.  "nixos-install" copies this
  to the installed system as well.
* In the installation CD, set GC_INITIAL_HEAP_SIZE to a low value for
  the benefit of memory-constrained environments.

svn path=/nixos/trunk/; revision=33887
2012-04-23 00:41:37 +00:00
Eelco Dolstra 9195b1125f * Include the version number in the mingetty greeting line.
svn path=/nixos/trunk/; revision=33884
2012-04-22 23:35:34 +00:00
Arie Middelkoop 0cb5673400 Some additional synaptics settings.
svn path=/nixos/trunk/; revision=33837
2012-04-19 08:29:22 +00:00
Arie Middelkoop 298e0e1829 Some additional xinetd settings.
svn path=/nixos/trunk/; revision=33836
2012-04-19 08:28:54 +00:00
Mathijs Kwik 3bbaa3b60c slim display manager: enabled auto_login setting
useful for demo/kiosk mode

svn path=/nixos/trunk/; revision=33774
2012-04-13 14:52:25 +00:00
Sander van der Burg a34e20e292 deployment attribute does not exists anymore, will fix this later
svn path=/nixos/trunk/; revision=33747
2012-04-11 13:46:49 +00:00
Eelco Dolstra a7af5588b6 * Drop ugly reference to var/run/current-system/sw/sbin/wpa_cli, and
make it conditional.

svn path=/nixos/trunk/; revision=33717
2012-04-10 12:07:30 +00:00
Mathijs Kwik 9a91181be9 damn you shell syntax! :)
svn path=/nixos/trunk/; revision=33603
2012-04-05 08:20:43 +00:00
Lluís Batlle i Rossell 56d9e60bb7 Making bind start on started network-interfaces. It wasn't starting ever.
svn path=/nixos/trunk/; revision=33542
2012-04-02 18:28:42 +00:00
Mathijs Kwik a1e86494d0 made challenge-response authentication method configurable for openssh
challenge-response is an authentication method that does not need the
plain text password to be emitted over the (encrypted) connection.
This is nice if you don't fully trust the server.

It is enabled (upstream) by default.

To the end user, it still looks like normal password authentication,
but instead of sending it, it is used to hash some challenge.

This means that if you don't want passwords to be used ever at all,
and just stick to public key authentication, you probably want to
disable this option too.

svn path=/nixos/trunk/; revision=33513
2012-04-01 10:54:17 +00:00
Mathijs Kwik e216ce07df dhcpcd: ip-up and ip-down emit more info (like wifi access point)
useful to only start certain services (like vpn) on certain networks

svn path=/nixos/trunk/; revision=33512
2012-04-01 10:54:15 +00:00
Mathijs Kwik 7d4fd69b5f dhcpcd: wifi disconnect should also generate ip-down
svn path=/nixos/trunk/; revision=33511
2012-04-01 10:54:13 +00:00
Mathijs Kwik 7ba690add6 optionally allow normal users to control wpa_supplicant through
wpa_gui or wpa_cli.

Comes with a default wpa_supplicant.conf, which gets updated through
aforementioned utilities.

svn path=/nixos/trunk/; revision=33510
2012-04-01 10:54:10 +00:00
Mathijs Kwik 7f84957ff2 mongodb: allow running as a replicaset member
also useful for point-in time backups using mongodump --oplog

svn path=/nixos/trunk/; revision=33509
2012-04-01 10:54:08 +00:00
Mathijs Kwik de5b437004 assertions '.msg' doesn't exist => .message
svn path=/nixos/trunk/; revision=33508
2012-04-01 10:54:06 +00:00
Joachim Schiele bc6ca7944f fixed a upstart issue where upsd was never started
svn path=/nixos/trunk/; revision=33494
2012-03-31 11:39:30 +00:00
Eelco Dolstra 64241a3e90 * Flush nscd when switching to a new configuration.
svn path=/nixos/trunk/; revision=33441
2012-03-27 14:35:45 +00:00
Mathijs Kwik f31fefdfd9 splitted ssh/sshd X11 forwarding logic. Backward compatible change.
You can now set the forwardX11 config option for the ssh client and server separately.

For server, the option means "allow clients to request X11 forwarding".
For client, the option means "request X11 forwarding by default on all connections".

I don't think it made sense to couple them. I might not even run the server on some machines.
Also, I ssh to a lot of machines, and rarely want X11 forwarding. The times I want it,
I use the -X/-Y option, or set it in my ~/.ssh/config.

I also decoupled the 'XAuthLocation' logic from forwardX11.
For my case where ssh client doesn't want forwarding by default, it still wants to set the path for the cases I do need it.

As this flag is the one that pulls in X11 dependencies, I changed the minimal profile and the no-x-libs config to check that instead now.

svn path=/nixos/trunk/; revision=33407
2012-03-25 15:42:05 +00:00
Eelco Dolstra 326891443c * dhcpcd: Don't use the "persistent" option. With it, dhcpcd won't
delete routes and addresses when it quits.  This causes those routes
  and addresses to stick around forever, since dhcpcd won't delete
  them when it runs next (even if it acquires a new lease on the same
  interface).  This is bad; in particular the stale (default) routes
  can break networking.

  The downside to removing "persistent" is that you should never ever
  do "stop dhcpcd" on a remote machine configured by dhcpcd.

svn path=/nixos/trunk/; revision=33388
2012-03-23 21:00:32 +00:00
Eelco Dolstra 7c75b046ea * Fix the permissions on /dev/vboxuser in VirtualBox guests.
svn path=/nixos/trunk/; revision=33372
2012-03-23 11:52:06 +00:00
Eelco Dolstra 2a135eb4d4 * Remove the ‘services.nfs.client.enable’ flag; use
‘boot.supportedFilesystems = [ "nfs" ]’ if needed.

svn path=/nixos/trunk/; revision=33356
2012-03-22 12:24:23 +00:00
Eelco Dolstra 89a21f7a7d * GIDs are supposed to match UIDs.
svn path=/nixos/trunk/; revision=33346
2012-03-22 10:11:15 +00:00
Lluís Batlle i Rossell 5ddae4a83a Changing portmap by rpcbind on nfs services.
That could make rpc.statd work.

Patch by Rickard Nilsson.

I'm not sure we need that netconfig file in etc.


svn path=/nixos/trunk/; revision=33342
2012-03-21 20:37:37 +00:00
Lluís Batlle i Rossell 20edb255bd Adding idmapd, for NFSv4.
Patch by Rickard Nilsson.

This may fix rpc.statd start.


svn path=/nixos/trunk/; revision=33330
2012-03-21 11:58:06 +00:00
Shea Levy 70eb64c025 Pommed: find the 'eject' command in /var/setuid-wrappers:/home/shlevy/.nix-profile/bin:/home/shlevy/.nix-profile/sbin:/home/shlevy/.nix-profile/lib/kde4/libexec:/nix/var/nix/profiles/default/bin:/nix/var/nix/profiles/default/sbin:/nix/var/nix/profiles/default/lib/kde4/libexec:/var/run/current-system/sw/bin:/var/run/current-system/sw/sbin:/var/run/current-system/sw/lib/kde4/libexec
svn path=/nixos/trunk/; revision=33302
2012-03-20 18:28:32 +00:00
Eelco Dolstra 010578d8a4 * Restrict VirtualBox to users in the vboxusers group.
The VirtualBox build in Nixpkgs is insecure because it uses the
  "--disable-hardened" flag, which disables some checks in the
  VirtualBox kernel module.  Since getting rid of that flag looks like
  too much work, it's better to ensure that only explicitly permitted
  users have access to VirtualBox.

* Drop the 666 permission on "sonypi" because it's not clear why that
  device should be world-writable.

svn path=/nixos/trunk/; revision=33301
2012-03-20 16:30:43 +00:00
Shea Levy 11066067f7 Add nouveau xorg video driver
svn path=/nixos/trunk/; revision=33300
2012-03-20 16:29:22 +00:00
Shea Levy 0d67d95f32 Add a module for the pommed tool for Apple laptop keyboards.
svn path=/nixos/trunk/; revision=33286
2012-03-20 04:41:13 +00:00
Shea Levy 6435207dd1 Whoops, actually use the mtrack fork
svn path=/nixos/trunk/; revision=33285
2012-03-20 01:56:39 +00:00
Shea Levy 724b5abe42 xf86-input-multitouch seems to be abandoned, update it with the mtrack fork
svn path=/nixos/trunk/; revision=33283
2012-03-20 01:48:09 +00:00
Shea Levy 14dd95b692 xserver.nix: Automatically support xorg's own video drivers
svn path=/nixos/trunk/; revision=33281
2012-03-19 23:57:26 +00:00
Eelco Dolstra 6093b54b73 * Zabbix: use the path attribute.
svn path=/nixos/trunk/; revision=33278
2012-03-19 19:43:31 +00:00
Eelco Dolstra 533448ae37 * udev: don't set the STARTUP flag anymore, since LVM no longer uses
it.
* Don't call "vgscan" anymore; VG scans are supposed to be automatic.

svn path=/nixos/trunk/; revision=33275
2012-03-19 19:10:27 +00:00
Eelco Dolstra 31c93522d5 * Support PostgreSQL versions >= 8.4, which have a slightly different
pg_hba.conf format.

svn path=/nixos/trunk/; revision=33268
2012-03-19 18:06:18 +00:00
Eelco Dolstra f12950b8e0 * Improve the Postgres Upstart job: don't use pg_ctl, let Upstart
monitor the postgres process directly (so that it can be restarted
  if necessary), let Upstart send SIGTERM to postgres to shut it down
  gracefully.  Also drop the Mediawiki references.

svn path=/nixos/trunk/; revision=33262
2012-03-19 16:49:13 +00:00
Eelco Dolstra ebc6d7f435 * Attempt to fix the random "udevadm settle - timeout of 120 seconds
reached, the event queue contains: /sys/devices/virtual/tty/hvc1" VM
  failures.

svn path=/nixos/trunk/; revision=33259
2012-03-19 15:10:39 +00:00
Eelco Dolstra 2cc8d0363e * Move the implementation of boot.kernelModules to udev's postStart.
It needs udevd to be running because the modules may require
  firmware.  Thanks to Mathijs and Arie for pointing this out.

svn path=/nixos/trunk/; revision=33234
2012-03-18 14:03:42 +00:00
Eelco Dolstra 83f5d26a85 * Ignore the "No soundcards found" error.
svn path=/nixos/trunk/; revision=33224
2012-03-18 02:36:21 +00:00
Eelco Dolstra 86d8d62d16 * Allow Upstart jobs to declare that they shouldn't be restarted by
switch-to-configuration.  E.g. the X server shouldn't be restarted
  because that kills all the X clients.

svn path=/nixos/trunk/; revision=33223
2012-03-18 02:10:39 +00:00
Eelco Dolstra ed436179e1 * Improve some job names.
svn path=/nixos/trunk/; revision=33215
2012-03-17 19:22:22 +00:00
Eelco Dolstra ee6c9bb998 * Provide two utility functions in Upstart jobs: "ensure JOBNAME"
starts the given job and waits until it's running; "stop_check"
  checks that the current job hasn't been asked to stop.

svn path=/nixos/trunk/; revision=33214
2012-03-17 19:12:33 +00:00
Eelco Dolstra 07df536c42 * Fix comment.
svn path=/nixos/trunk/; revision=33213
2012-03-17 18:01:42 +00:00
Eelco Dolstra 53847ef665 * Don't use the non-existent "never" condition in stopOn.
svn path=/nixos/trunk/; revision=33212
2012-03-17 18:00:20 +00:00
Eelco Dolstra dd693fdc5e * Revert unintended commit.
svn path=/nixos/trunk/; revision=33209
2012-03-17 17:31:08 +00:00
Eelco Dolstra 573877c1ac * Use boot.kernelModules everywhere instead of explicit calls to
modprobe.
* Move the implementation of boot.kernelModules from the udev job to
  the activation script.  This prevents races with the udev job.
* Drop references to the "capability" kernel module, which no longer
  exists.

svn path=/nixos/trunk/; revision=33208
2012-03-17 17:26:17 +00:00
Eelco Dolstra 646d67465c * Upstart stupidly doesn't kill post-start scripts if we do "stop
JOB", but it does kill the job's main process.  So if the post-start
  script if waiting for the job's main process to reach some state, it
  may hang forever.  Thus, the post-start script should monitor
  whether its job has been requested to stop and exit in that case.

svn path=/nixos/trunk/; revision=33176
2012-03-16 21:24:51 +00:00
Eelco Dolstra 67a90c6d6f * Renamed services.nfsKernel to services.nfs. Unfortunately
rename.nix doesn't allow renaming sets of options...
* Renamed nfs-kernel.nix to nfsd.nix
* Move NFS client stuff from nfsd.nix to filesystems/nfs.nix.

svn path=/nixos/trunk/; revision=33174
2012-03-16 20:41:49 +00:00
Eelco Dolstra a395e46192 * Fix the NFS Upstart dependencies. Mountd is now started before
nfsd, as suggested by the nfs-utils README.

  Also, rather than relying on Upstart events (which have all sorts of
  problems, especially if you have jobs that have multiple
  dependencies), we know just let jobs start their on prerequisites.
  That is, nfsd starts mountd in its preStart script; mountd starts
  statd; statd starts portmap.  Likewise, mountall starts statd to
  ensure that it can mount NFS filesystems.  This means that doing
  something like "start nfsd" from the command line will Do The Right
  Thing and start the dependencies of nfsd.

svn path=/nixos/trunk/; revision=33172
2012-03-16 20:10:14 +00:00
Eelco Dolstra 823471a100 * portmap: add a postStart action that ensures that portmap is
actually listening.  Otherwise we have a race condition during boot
  where statd's start can be delayed, causing NFSv3 mounting to fail.

svn path=/nixos/trunk/; revision=33171
2012-03-16 19:49:47 +00:00
Eelco Dolstra 5a36c25e9f * nfsd and statd do not need to be stopped when portmap stops.
svn path=/nixos/trunk/; revision=33167
2012-03-16 17:43:18 +00:00
Eelco Dolstra c5ca681c06 * Drop the unnecessary "nfs-kernel-" prefix from the job names.
svn path=/nixos/trunk/; revision=33159
2012-03-16 13:56:51 +00:00
Eelco Dolstra 0c1ec805fc * In fact get rid of the whole nfs-kernel-exports job.
svn path=/nixos/trunk/; revision=33156
2012-03-16 13:40:02 +00:00
Eelco Dolstra d2b3c2cda4 * Start fixing the NFS mess. It was completely broken because the
exportfs job didn't work at all (so /var/lib/nfs/etab didn't get
  initialised).

svn path=/nixos/trunk/; revision=33153
2012-03-16 13:00:27 +00:00
Eelco Dolstra 53bd25c7fa * Automatically start VBoxClient-all when the X session starts. This
allows seamless windows, resizing of the desktop, cut and paster,
  etc.

svn path=/nixos/trunk/; revision=33131
2012-03-16 01:29:51 +00:00
Eelco Dolstra 3ddbe0f9fb * Drop references to activation scriptlets that no longer exist.
svn path=/nixos/trunk/; revision=33110
2012-03-15 14:21:17 +00:00