programs require that the mode is 4550 so that execution of the
setuid program can be restricted to members of a group.
* setuid-wrappers: remove a race condition in the creation of the
wrappers if the ownership or mode was different than root:root and
4555.
* setuid-wrappers: allow the full path of the wrapped program to be
specified, rather than looking it up in $PATH.
svn path=/nixos/trunk/; revision=16733
option security.pam.services containing the list of PAM services.
For instance, the SLiM module simply declares:
security.pam.services = [ { name = "slim"; localLogin = true; } ];
svn path=/nixos/trunk/; revision=16729
interface names, use udev's own firmware loader, and dropped the
sndMode option (udev puts all audio devices in the "audio" group, so
users can be added to that group if necessary).
svn path=/nixos/trunk/; revision=16692
util-linux-ng instead of e2fsprogs, blkid is in util-linux-ng, and
we need to manually create /dev/.udev prior to starting udevd for
some reason.
svn path=/nixos/trunk/; revision=16691
machine containing a replica (minus the state) of the system
configuration. This is mostly useful for testing configuration
changes prior to doing an actual "nixos-rebuild switch" (or even
"nixos-rebuild test"). The VM can be started as follows:
$ nixos-rebuild build-vm
$ ./result/bin/run-*-vm
which starts a KVM/QEMU instance. Additional QEMU options can be
passed through the QEMU_OPTS environment variable
(e.g. QEMU_OPTS="-redir tcp:8080::80" to forward a host port to the
guest). The fileSystem attribute of the regular system
configuration is ignored (using mkOverride), because obviously we
can't allow the VM to access the host's block devices. Instead, at
startup the VM creates an empty disk image in ./<hostname>.qcow2 to
store the VM's root filesystem.
Building a VM in this way is efficient because the VM shares its Nix
store with the host (through a CIFS mount). However, because the
Nix store of the host is mounted read-only in the guest, you cannot
run Nix build actions inside the VM. Therefore the VM can only be
reconfigured by re-running "nixos-rebuild build-vm" on the host and
restarting the VM.
svn path=/nixos/trunk/; revision=16662
* Simplified the udev rules generation: merged nixRules into
services.udev.extraRules, and handle services.udev.extraRules using
services.udev.packages.
svn path=/nixos/trunk/; revision=16655
With these modifications, a user can configure a tomcat instance with web applications and web services by writing a service, such as:
...
services = {
tomcat = {
enable = true;
webapps = [ mypkgs.HelloWorldWebApplication ];
axis2 = {
enable = true;
services = [ mypkgs.HelloService mypkgs.HelloWorldService ];
};
};
};
svn path=/nixos/trunk/; revision=16619
(e.g. --install-grub instead of $NIXOS_INSTALL_GRUB). Also support
some nix-build options (e.g. --show-trace and -j).
svn path=/nixos/branches/modular-nixos/; revision=16560
gets rid of endless dhclient log messages such as
Jul 16 19:09:30 dutibo dhclient: DHCPDISCOVER on wmaster0 to 255.255.255.255 port 67 interval 19
Jul 16 19:09:30 dutibo dhclient: send_packet: Network is down
svn path=/nixos/branches/modular-nixos/; revision=16407
* Simplified the pre-start script of the network-interfaces module.
* Removed wireless support from the network-interfaces module. It
only worked for static WEP configurations anyway, and AFAIK nobody
used it.
svn path=/nixos/branches/modular-nixos/; revision=16406
broken httpd.conf to be generated. We should really have a merge
function that appends newlines to every value of options like
services.httpd.extraConfig.
svn path=/nixos/branches/modular-nixos/; revision=16404
jobs, e.g. (from the nscd job)
{ name = "nscd";
description = "Name Service Cache Daemon";
startOn = "startup";
stopOn = "shutdown";
environment = { LD_LIBRARY_PATH = nssModulesPath; };
preStart =
''
mkdir -m 0755 -p /var/run/nscd
mkdir -m 0755 -p /var/db/nscd
'';
exec = "${pkgs.glibc}/sbin/nscd -f ${./nscd.conf} -d 2> /dev/null";
};
The Upstart job is generated from this. The main goal is to provide
some abstraction from the Upstart syntax. For instance, this should
make it easier to upgrade to newer versions of Upstart, to switch to
an entirely different process management system (e.g. initng or
launchd), or to test a job independantly from Upstart. (However the
startOn and stopOn attributes are tied to Upstart's event model.)
svn path=/nixos/branches/modular-nixos/; revision=16376
It allows it to know whether `libnss-mdns' is available, which clients
can ask via the `IsNSSSupportAvailable' D-Bus method.
svn path=/nixos/branches/modular-nixos/; revision=16125
-> No longer install graphical packages if the xserver is disabled.
-> avoid duplication of "mkIf config.services.xserver.enable".
svn path=/nixos/branches/modular-nixos/; revision=16044
ove QEMU (and other NixOS instances that use a remote filesystem like
NFS):
* Don't take down the network interfaces during shutdown.
* Don't try to unmount the Nix store. Usually, this doesn't work
because it's still in use, but on remote filesystems like CIFS the
`-f' umount flag actually works.
svn path=/nixos/branches/modular-nixos/; revision=16036
disabled. Other desktop/display/window manager modules should be
conditional on config.services.xserver.enable as well, but at least
they're disabled by default due to other options.
svn path=/nixos/branches/modular-nixos/; revision=16031
* Make sure that reconfiguration in the live CD works properly by
including the proper configuration module in
/etc/nixos/configuration.nix. Ugly.
svn path=/nixos/branches/modular-nixos/; revision=16016
configuration. No virtual disk image is generated; the VM shares a
Nix store with the host. This makes it very fast to build new VMs.
svn path=/nixos/branches/modular-nixos/; revision=15999
$ nixos-hardware-scan > /etc/nixos/hardware.nix
and import the hardware.nix module in /etc/nixos/configuration.nix.
That way you can easily rescan for new hardware.
svn path=/nixos/branches/modular-nixos/; revision=15979
exists. $NIXPKGS needs to be set, otherwise NixOS can't find
Nixpkgs (because in the chroot it's in /mnt/etc/nixos/nixpkgs).
Also clear LANG to shut up Perl warnings about the locale.
svn path=/nixos/branches/modular-nixos/; revision=15978
This is because fsck.ext3 takes several minutes to recover the
journal, whereas the ext3 implementation in the kernel only takes a
few seconds. I'd love to know why this is the case...
svn path=/nixos/branches/modular-nixos/; revision=15965
an X server and KDE 4. Thanks to squashfs it's only 466 MiB large.
`installation-cd-small.nix' builds the original, text-only
installation CD.
svn path=/nixos/branches/modular-nixos/; revision=15934
size of the i686-linux ISO image from 463 MiB to 147 MiB. Hopefully
it also speeds up installation due to reduced seek time and larger
block sizes, but I haven't tested that yet (on real hardware).
svn path=/nixos/branches/modular-nixos/; revision=15930
rescue-dvd.nix (not tested though), i.e. it has all its extra
packages and includes the build-time dependencies.
svn path=/nixos/branches/modular-nixos/; revision=15917
iso-image.nix contains the minimal stuff necessary to build a
bootable ISO image containing the given configuration. The idea is
that this can be customised by providing additional modules, e.g. to
add extra packages to the image.
The ISO image is exported in the configuration attribute
system.build.isoImage. So it can be built as follows:
$ nix-build lib/eval-config.nix \
--arg configuration 'import ./modules/installer/cd-dvd/iso-image.nix' \
-A config.system.build.isoImage
svn path=/nixos/branches/modular-nixos/; revision=15871
package) can be overriden by setting environment.systemPackages in
/etc/nixos/configuration.nix: it shouldn't be special-cased.
svn path=/nixos/branches/modular-nixos/; revision=15863
need some devices. In particular this fixes the "Cannot open
virtual console 7" errors in VirtualBox. (There's nothing special
about VirtualBox, but the different timing makes it more likely to
trigger this bug.)
svn path=/nixos/branches/modular-nixos/; revision=15836
previously failed to resolve the NTP server hostnames in its config
file, it will happily sit in a loop forever doing nothing.
svn path=/nixos/branches/modular-nixos/; revision=15830
start script. It's probably not necessary, but more importantly, it
can hang forever if the network is down. (Actually it will sit in a
loop waiting for UDP packets that will never arrive.) This causes
the NixOS reboot to hang, since Upstart can't kill jobs stuck in
their start script.
svn path=/nixos/branches/modular-nixos/; revision=15829
enabled as a session type. Since I'm lazy, provide it
unconditionally. Also have it include "common-console" to set
device ownership when logging in.
svn path=/nixos/branches/modular-nixos/; revision=15800
initialising network interfaces, etc.) to modules/tasks. This
follows the Upstart terminology: a service is a job that doesn't
usually terminate (e.g. a daemon), while a task is a job that does
some work and then exits.
svn path=/nixos/branches/modular-nixos/; revision=15771
passwords is now done in an activation scriptlet rather than an
Upstart job (not tested). BTW, we should get rid of this module and
add support to the users-groups.nix module for creating accounts
with an empty password.
svn path=/nixos/branches/modular-nixos/; revision=15769
modules/programs/pwdutils.
* Renamed config.system.shell to config.users.defaultUserShell and
updated the description to make clear it has to be a non-store
path.
svn path=/nixos/branches/modular-nixos/; revision=15761
configuration for specific programs. For instance, ssh.nix provides
the configuration for the SSH client; ssmtp.nix provides the
configuration for the `ssmtp' MTA.
svn path=/nixos/branches/modular-nixos/; revision=15757
empty now), do more of bashrc.sh declaratively, and moved nsswitch
generation to modules/config/nsswitch.nix.
svn path=/nixos/branches/modular-nixos/; revision=15754
Non-valid modules are commented inside the generated list.
Move module paths which are not the module directory into the legacy.nix file.
svn path=/nixos/branches/modular-nixos/; revision=15751
into a NixOS module (modules/system/activation/top-level.nix -
couldn't think of a better name). The top-level derivation is
returned in config.system.build.system.
* Inlined system.sh in top-level.nix so that we don't have to pass
everything through environment variables.
svn path=/nixos/branches/modular-nixos/; revision=15740
modules/config/system-path.nix. system/system.nix is now almost
empty.
* Removed the cleanStart option - it should be possible to get the
same functionality by overriding config.system.path (or defining
config.system.systemPackages with a higher priority - don't know if
that works though).
svn path=/nixos/branches/modular-nixos/; revision=15727
modules/security/setuid-wrappers.nix.
* Removed the "path" activation scriptlet. The partial ordering was
underspecified (there was nothing ensuring that it came near the end
of the activation script), and it wasn't needed in any case.
svn path=/nixos/branches/modular-nixos/; revision=15726
those that run daemons) to modules/services. This probably broke
some things since there are a few relative paths in modules
(e.g. imports of system/ids.nix).
* Moved some PAM modules out of etc/pam.d to the directories of NixOS
modules that use them.
svn path=/nixos/branches/modular-nixos/; revision=15717