Commit graph

2399 commits

Author SHA1 Message Date
Shea Levy 3eb0faf317 qemu-vm: Use unionfs-fuse instead of aufs for writableStore 2012-12-16 11:56:49 -05:00
Shea Levy be4f69519b iso-image: Use unionfs-fuse instead of aufs 2012-12-16 11:31:52 -05:00
Eelco Dolstra bd7ea9be58 sysinit.target: Drop the dependency on local-fs.target and swap.target
Having all services with DefaultDependencies=yes depend on
local-fs.target is annoying, because some of those services might be
necessary to mount local filesystems.  For instance, Charon's
send-keys feature requires sshd to be running in order to receive LUKS
encryption keys, which in turn requires dhcpcd, and so on.  So we drop
this dependency (and swap.target as well for consistency).  If
services require a specific mount, they should use RequiresMountsFor
in any case.
2012-12-14 17:42:54 +01:00
Eelco Dolstra 5437424297 Hackery to build against both the nixpkgs master and systemd branch 2012-12-13 15:04:09 +01:00
Rob Vermaas 859badc966 Zabbix agent: RemainAfterExit=true seems to give more reliable restarts, cannot completely figure out why, as Type=forking should be enough. 2012-12-11 20:54:19 +01:00
Eelco Dolstra 97ae408e83 Merge remote-tracking branch 'origin/master' into systemd 2012-12-11 17:40:39 +01:00
Eelco Dolstra 78bd54ca80 Allow setting additional AuthorizedKeysFiles
Charon needs this to include the dynamically generated
/root/.vbox-charon-client-key.  (We used
users.extraUsers.root.openssh.authorizedKeys.keyFiles for this, but
that no longer works.)
2012-12-11 17:29:34 +01:00
Eelco Dolstra eda051cff5 Remove abuse of "with" 2012-12-11 17:14:52 +01:00
Rickard Nilsson 68872f81cf openssh: Change the way authorized keys are added to the system.
Instead of the somewhat hacky script that inserted public keys
into the users' .ssh/authorized_keys files, use the AuthorizedKeysFile
configuration directive in sshd_config and generate extra key
files for each user (placed in /etc/authorized_keys.d/).
2012-12-11 17:02:39 +01:00
Eelco Dolstra 3224ea8a1e Don't require nixUnstable 2012-12-11 13:14:33 +01:00
Eelco Dolstra 745a201814 Check whether /proc/sys/net/ipv6/conf/all/disable_ipv6 exists 2012-12-11 13:14:17 +01:00
Eelco Dolstra 13617b803b Use the binary cache in the installer
Also remove "nixos-rebuild pull".
2012-12-08 19:00:06 +01:00
Eelco Dolstra ef3199f782 Add options for specifying binary caches
Cherry-picked a4bcb26b1a.
2012-12-08 18:37:40 +01:00
Evgeny Egorochkin 860cbf7890 scanner support: create scanner group. Users need to be in this group to access scanners. 2012-12-06 02:59:34 +02:00
Evgeny Egorochkin 15a15be2f6 dhcpcd: disable "require dhcp_server_identifier" because of so many non-compliant DHCP servers 2012-12-05 23:55:42 +02:00
Eelco Dolstra b1da38f564 Merge remote-tracking branch 'origin/master' into systemd 2012-11-30 16:12:04 +01:00
Eelco Dolstra 7435db4f89 Get rid of the last uses of mkAlways
mkAlways is an insane function, mkMerge is much saner.
2012-11-30 15:07:39 +01:00
Eelco Dolstra 3c6e0fd594 Generate the binary hardware database required by systemd 196 2012-11-29 18:51:44 +01:00
Eelco Dolstra 9eb81d2578 Renamed tcpWrapper -> tcp_wrappers 2012-11-29 15:16:30 +01:00
Lluís Batlle i Rossell 04963cf802 system-tarball-pc: fixing the readme inclusion 2012-11-29 11:29:15 +01:00
Lluís Batlle i Rossell a9e5d1ab50 Changing the kernel parameters for crashump
I think that these enable more checks, and make more NMIs happen.
2012-11-29 11:27:33 +01:00
Peter Simons 6b6b245693 sane: update name of the snapshot version of the backends 2012-11-26 16:21:11 +01:00
Peter Simons 403dc16c51 sane: update name of the snapshot version of the backends 2012-11-26 16:20:29 +01:00
Shea Levy a5ef0ffe12 rngd: Require /dev/random, only start when a hardware randomness source becomes available 2012-11-26 08:45:23 -05:00
Eelco Dolstra f3c9c83e04 Make it easier to append to the default sudo configuration 2012-11-23 15:14:16 +01:00
Shea Levy e76eb7f1a7 Disable rngd by default while I work on some patches to make it more systemd-friendly 2012-11-22 10:14:41 -05:00
Eelco Dolstra 994a15bc25 nixos-rebuild: Handle options with spaces in them
Like ‘--option binary-caches "http://foo http://bar"’
2012-11-22 12:04:00 +01:00
Eelco Dolstra a4bcb26b1a Add options for specifying binary caches 2012-11-22 11:49:47 +01:00
Eelco Dolstra 77891f8d59 Typo 2012-11-22 10:41:54 +01:00
Shea Levy cd513482d4 Add rngd service.
Inspired by http://pkgs.fedoraproject.org/cgit/rng-tools.git/tree/rngd.service?id=27b1912b2d9659b6934fd4c887e46c13958e7e3c
2012-11-22 02:07:25 -05:00
Rob Vermaas f0a6911929 Add ec2.metadata (default false) option whether to allow access to EC2 metadata API. 2012-11-21 12:19:38 -05:00
Peter Simons 0f15d75017 Merge pull request #29 from rickynils/shellaliases
Generate shell aliases programatically
2012-11-20 12:35:03 -08:00
Rickard Nilsson 6099451662 Add support for nslcd (nss-pam-ldapd) as users.ldap.daemon option 2012-11-20 16:39:45 +01:00
Rickard Nilsson 611ebeb1d0 Add nslcd (nss-pam-ldapd) uid and gid 2012-11-20 16:39:45 +01:00
Rickard Nilsson a22c362155 Add option for specifying shell aliases, environment.shellAliases. 2012-11-20 16:33:29 +01:00
James Cook 3afa5f86c1 Fixed the documentation for programs.ssh.forwardX11 to account for the X11 SECURITY extension. 2012-11-18 11:05:18 -08:00
James Cook 63dc873b85 Merge master. 2012-11-18 10:49:55 -08:00
Eelco Dolstra 60bf4c3cd7 Add a GRUB 1 dependency
http://hydra.nixos.org/build/3331139
2012-11-16 16:42:45 +01:00
Eelco Dolstra 722a3a7147 Remove unnecessary (AFAICT) call to toPath 2012-11-15 23:07:05 +01:00
Eelco Dolstra 35922e61d9 Systemd requires the latest Nix 2012-11-15 22:55:36 +01:00
Eelco Dolstra 1f401a0e35 Make install-grub.pl work when $PATH is empty 2012-11-15 22:54:43 +01:00
Eelco Dolstra f44d27a96c Make the installer work on systemd
Systemd mounts the root filesystem as a shared subtree, which breaks
recursive bind mounts.
2012-11-15 22:53:57 +01:00
Rickard Nilsson 02e0d7dbc3 dnsmasq: Add extraConfig option 2012-11-12 18:16:04 +01:00
Eelco Dolstra 08e6c0cb7c Update channel URLs 2012-11-12 09:19:25 +01:00
Eelco Dolstra 1350816199 test-instrumentation.nix: Don't start agetty on hvc0 2012-11-12 09:19:25 +01:00
Peter Simons 622a652411 Add option "environment.binsh" to configure the shell executable used to create the global /bin/sh symlink. 2012-11-11 21:46:25 +01:00
Peter Simons 04ba5de70a modules/programs/bash/bash.nix: cosmetic indention fix 2012-11-11 21:29:33 +01:00
Shea Levy 2f833bc88d Remove unnecessary toPath that breaks with recent nixUnstable 2012-11-08 13:04:20 -05:00
Eelco Dolstra e078117c72 firewall.nix: Don't fail if IPv6 is disabled 2012-11-06 22:55:25 +01:00
aszlig a333f7212e systemd: Fail if kernel features are missing.
This has rendered my system unbootable, because I forgot to enable AUTOFS4 in my
custom kernel. In addition to AUTOFS4, this includes (hopefully) all other
kernel features needed by systemd, as listed in the README:

REQUIREMENTS:
  Linux kernel >= 2.6.39
    with devtmpfs
    with cgroups (but it's OK to disable all controllers)
    optional but strongly recommended: autofs4, ipv6

Autofs4 is not a requirement here, but in our case it turns out that the system
is not able to boot properly with a LUKS-enabled system (or at least not on _my_
system).

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2012-11-06 11:25:43 +01:00