This is to avoid (in some cases) constant restarting of the Zabbix server, which
causes odds bugs and crashes in the exit handler (if it's too early during
startup).
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
If we only need to generate a GRUB boot menu, we don't need GRUB
itself. This cuts 38 MiB from EC2 system closures (in particular
because it gets rid of the need for the 32-bit Glibc).
(cgit is "a hyperfast web frontend for git repositories written in C")
cgit is enabled like this (assuming lighttpd is already enabled):
services.lighttpd.cgit.enable = true;
and configured verbatim like this (contents of the cgitrc file):
services.lighttpd.cgit.configText = ''
cache-size=1000
scan-path=/srv/git
'';
cgit will be available from this URL: http://yourserver/cgit
In lighttpd, I've ensured that the cache dir for cgit is created if cgit
is enabled.
apparmor's systemd service wasn't working when multiple profiles were
defined, due to the ExecStart commands in the service file being
broken into multiple lines, instead of being separated by ';'.
This is what currently happens (from the journal log):
[/nix/store/HASH-unit/transmission.service:27] Executable path is not absolute, ignoring: kill -HUP $MAINPID
Fix it by using absolute path to kill.
1 minute is too short, given that the autovacuum launcher often seems
to require exactly 1 minute to shut down. (This might be a bug
related to autovacuum_naptime.)
Now you can access gitweb at http://yourserver/gitweb by simply adding
this to configuration.nix (assuming services.lighttpd.enable = true);
services.lighttpd.gitweb.enable = true;
The path to all bare repositories served by gitweb can be set with this
option (default value below):
services.lighttpd.gitweb.projectroot = "/srv/git";
Based on patch contributed by Bjørn Forsman.
If true, show server status overview at /server-status, statistics at
/server-statistics and list of loaded modules at /server-config.
Patch contributed by Bjørn Forsman.
If true, requests in the form /~user/page.html are rewritten to take
the file public_html/page.html from the home directory of the user.
Default is off.
Patch contributed by Bjørn Forsman.
Instead of forcing users to configure lighttpd manually, make it an
option. The current services.lighttpd.configText option can still be
used for manual configuration, but if it is left blank (default) we'll
use the new generated config file.
The generated config file ensures that the server drops root priveleges
and runs as the "lighttpd" user. It pulls in some new config params that
can be set in configuration.nix (here with default values):
services.lighttpd.document-root = "/srv/www"
services.lighttpd.port = 80
services.lighttpd.extraConfig = "" # appended to the generated file
And it enables access and error logging to the systemd journal.
Patch contributed by Bjørn Forsman.
After Linux 3.2(?), /proc/bus/usb (and usbfs (or usbdevfs?)) went away,
leaving virtualbox no way to determine what USB devices were connected
to the system. The solution was to add some virtualbox specific udev
rules to populate /dev/vboxusb with what was in /proc/bus/usb before.
Patch contributed by Jack Cummings.
Activation scripts are run before systemd is started, so unless users
are loading firmware in the initrd (which AFAICT we currently have no
support for) the previous /sys-based setting of firmware_class was
ineffective on boot.
Signed-off-by: Shea Levy <shea@shealevy.com>
- drop custom config:
(please wacom using folks review this part and think
about how to get it back if its important to you)
- put default config shipping with xf86_input_wacom
into /etc/X11/xorg.conf.d/
which seems to be interpreted again when
devices are hot plugged
- when starting x11, also provide xinput
.. you never know when you need it
This fixes all problems I had:
- device only worked when plugged in, then xorg was started
(an alternative quick fix is switching to terminal by ctrl-alt-F1 and back)
- I had to disable some devices, because eg myaint switched input
device many times a sec rendering it unusable otherwise, some of those devices
configured did not work.
Details:
http://sourceforge.net/apps/mediawiki/linuxwacom/index.php?title=FAQ#Is_hotplugging_supported_for_my_USB_tablet.3F
See 12 -> HAL or xorg.conf.d
Setting $TZDIR to ${pkgs.tzdata}/share/zoneinfo can cause logged-in
sessions to refer to a garbage-collected zoneinfo directory. So use
/etc/zoneinfo instead.
We don't need to set $TZ, because we have /etc/localtime. In fact,
setting $TZ without $TZDIR doesn't work anymore since Glibc no longer
contains zone info.
If I want to bring down tap0.service (or systemd wants to do this
during a configuration-change which changes the path to tunctl),
openvpn (or other services using tap0) need to be brought down as
well, otherwise tunctl -d is not able to remove the tap0 device,
leaving it in a failed (but "up") state.
"require" is a stronger version of "want",
and just like wantedBy allows you to specify this relation in reverse,
requiredBy does the same.
It may seem pointless to be able to specify these stronger relations in
reverse, because if something is really required, you would expect the
other unit to specify this himself.
However, this is still useful for virtual/automatic units (like
devices) that are created by systemd on demand and hence have no unit
file you can alter.
This reverts commit 7f1e728606.
This would have been nice if we had had it from the start, but now it
just breaks things for existing users. Maybe we can add it conditionally
when new postgres versions come out.
Signed-off-by: Shea Levy <shea@shealevy.com>
This reverts commit 1e543984bc.
This would have been nice if we had had it from the start, but now it
just breaks things for existing users. Maybe we can add it conditionally
when new postgres versions come out.
Signed-off-by: Shea Levy <shea@shealevy.com>
desktop-manager is a bit misleading in this case as there is no
session yet and most apps are still missing. This can eventually
grow further once more e17 apps get packaged for nix.
However, for now, I need to initialize some e17 dbus services to
have the "terminology" terminal emulator provide gfx previews.
The user should specify which major version to use
(e.g. "services.postgresql.package = pkgs.postgresql92"). We can't
really provide a sensible default, because such a default would have
to be updated from time to time, and there is no automated upgrade
procedure. So leave upgrading to the user.
Enabling udisks2 allows gvfs (which should be built with udisks support) to
perform mount/unmount operations on removable drives. It affects Thunar and
probably other Gtk-based file managers.
Gvfs doesn't supports earlier versions of udisks.
As @edolstra pointed out, this behavior is not equivalent to what we had
before as the kernel command line parameter won't take effect until the
next boot. Probably it's not likely that someone will make this change
and then add a network card before rebooting, but might as well support
that since we can.
This reverts commit f7563698df.
Signed-off-by: Shea Levy <shea@shealevy.com>
Sometimes nscd starts up before a /etc/resolv.conf file has been written, and
apparently triggering a cache flush (reload) is not good enough to make it
recover from that problem. To remedy the issue, we restart the service instead.
See <https://github.com/NixOS/nixos/issues/34> for further details.
Using /etc/lighttpd.conf "hides" the config file from NixOS so that it
will not automatically restart the service when its config file changes.
So don't do that.
I think it's nice that it first asks the usual password, and then offers the
otpw one if enabled. That enables dovecot to show the last pam prompt.
I also add the dovecot option for that.
Previously we synced just before calling switch-to-configuration.
That prevents corruption of the Nix store, but it can leave the boot
loader configuration and kernel files in /boot corrupted. So do the
sync after installing the boot loader.
Usually timers.target is pulled in by basic.target, but we don't
restart basic.target. So timers.target wouldn't be started when
coming from an older systemd.
Now that nixUnstable supports remounting in the "/nix/store is a
mountpoint" case, this is no longer necessary.
This reverts commit f1d48aec43.
Signed-off-by: Shea Levy <shea@shealevy.com>
More specifically, this removes services.pulseaudio and adds the option
hardware.pulseaudio.systemWide which defaults to false but can be used to turn
on the system-wide PulseAudio server (previously defined in
services.pulseaudio). Since the two PulseAudio modes are mutually exclusive
anyway (maybe not strictly true, but I don't think is a good idea combining
them) its nicer to be able to reuse server and ALSA configuration between them.
Also the system-wide PulseAudio service has been adjusted to systemd, and a few
things has been fixed (there was no alsa.conf before, for example).
The bottomline is that people that was using hardware.pulseaudio before should
be able to keep doing it in exactly the same way, and people that used
services.pulseaudio must switch over to hardware.pulseaudio.systemWide instead.
This makes it so multiple definitions are merged by adding a newline
between each entry, to avoid the need to add a newline to the end of
every definition of extraModprobeConfig. See #119 for an example of an
issue this has caused.
Signed-off-by: Shea Levy <shea@shealevy.com>
The smartd used to expect a list of devices to monitor. After this patch, it
expects a list of attribute sets, which may have two attributes:
- device: path to the device (required)
- options: smartd options to apply to this particular device (optional)
A concrete example configuration would be:
services.smartd = {
enable = true;
devices = [ { device = "/dev/sda"; } { device = "/dev/sdb"; options = "-d sat"; } ];
};
Furthermore, the config option 'deviceOpts' can be used to configure options
that are applied to *every* device.
Enable it with
services.transmission.enable = true;
and optionally configure it
services.transmission.settings =
{
download-dir = "/srv/torrents/";
incomplete-dir = "/srv/torrents/.incomplete/";
incomplete-dir-enabled = true;
rpc-whitelist = "127.0.0.1,192.168.*.*";
# for users in group "transmission" to have access to torrents
umask = 2;
};
The above settings are written/merged into settings.json each time the
service is about to start.
In principle this could work, but the current remount logic in nix fails
to remount mountpoints that are root in their own filesystem (as would
be the case with bind-mounting a mountpoint over itself). nixos/nix#98
is aimed at fixing this.
Signed-off-by: Shea Levy <shea@shealevy.com>
Newer kernels (since torvalds/linux@abb139e75c) try to
read firmware directly from the filesystem before falling back to a
userspace helper (udev) if firmware cannot be found (in even newer
kernels, the fallback path can be disabled altogether). By default, only
certain paths in /lib/firmware* are searched, so this was initially not
helpful for NixOS.
Since torvalds/linux@2760284206 (which,
based on the commit message, was implemented just for NixOS, go us!),
though, an extra path can be dynamically prepended to the search path.
So do that, in three ways:
1. Pass a kernel command line option in case the module is built-in
2. Add a line to modprobe.conf in case the module isn't yet loaded by
activation-time
3. Add an activation script to set the option in /sys in case the module
is already loaded by activation-time.
man logind.conf clearly states that the header is [Login] (no 'd').
Without this fix services.logind.extraConfig does not take effect
because logind ignores the invalidly named section.
So that we can customize systemd-logind in configuration.nix.
Example:
services.logind.extraConfig = "HandleLidSwitch=ignore";
See man logind.conf for available options.
xf86videovmware[1].
Adds "vmware" to list of default options of
services.xerver.videoDrivers.
new default:
[ "ati" "cirrus" "intel" "vesa" "vmware" ]
old default:
[ "ati" "cirrus" "intel" "vesa" ]
[1] Pull request for xf86videovmware found at
https://github.com/NixOS/nixpkgs/pull/338.
The mongodb service runs as user mongodb, and therefore
the preStart-script has no permissions to set up mongodb
directories. This is solved by adding an initialisation
service that runs as root and just sets up the required
directories.