Commit graph

121 commits

Author SHA1 Message Date
Eelco Dolstra 14018c2de1 fail2ban: Fix preStart action
Creating /run/fail2ban didn't work since it didn't have write
permission to /run.  Now it does.

Reported by Thomas Bereknyei.
2013-12-11 21:16:58 +01:00
Bjørn Forsman ca26e75a73 nixos/avahi-service: small documentation update 2013-12-07 12:03:50 +01:00
Eelco Dolstra 7809134e29 postgresql: Fix shutdown
Postgres was taking a long time to shutdown.  This is because we were
sending SIGINT to all processes, apparently confusing the autovacuum
launcher.  Instead it should only be sent to the main process (which
takes care of shutting down the others).

The downside is that systemd will also send the final SIGKILL only to
the main process, so other processes in the cgroup may be left behind.
There should be an option for this...
2013-12-03 12:04:20 -05:00
Eelco Dolstra 2cb492a847 cups: Allow users in the wheel group to do admin actions 2013-12-01 17:30:12 -05:00
Domen Kožar 4da388351a Merge pull request #1292 from jozko/openldap-fixes
Added openldap user, group and configure service so its not running as root
2013-11-28 13:40:11 -08:00
Jozko Skrablin cb691265b6 Added openldap user, group and configure service so its not running as root. 2013-11-28 22:21:50 +01:00
Eelco Dolstra 9ee30cd9b5 Add support for lightweight NixOS containers
You can now say:

  systemd.containers.foo.config =
    { services.openssh.enable = true;
      services.openssh.ports = [ 2022 ];
      users.extraUsers.root.openssh.authorizedKeys.keys = [ "ssh-dss ..." ];
    };

which defines a NixOS instance with the given configuration running
inside a lightweight container.

You can also manage the configuration of the container independently
from the host:

  systemd.containers.foo.path = "/nix/var/nix/profiles/containers/foo";

where "path" is a NixOS system profile.  It can be created/updated by
doing:

  $ nix-env --set -p /nix/var/nix/profiles/containers/foo \
      -f '<nixos>' -A system -I nixos-config=foo.nix

The container configuration (foo.nix) should define

  boot.isContainer = true;

to optimise away the building of a kernel and initrd.  This is done
automatically when using the "config" route.

On the host, a lightweight container appears as the service
"container-<name>.service".  The container is like a regular NixOS
(virtual) machine, except that it doesn't have its own kernel.  It has
its own root file system (by default /var/lib/containers/<name>), but
shares the Nix store of the host (as a read-only bind mount).  It also
has access to the network devices of the host.

Currently, if the configuration of the container changes, running
"nixos-rebuild switch" on the host will cause the container to be
rebooted.  In the future we may want to send some message to the
container so that it can activate the new container configuration
without rebooting.

Containers are not perfectly isolated yet.  In particular, the host's
/sys/fs/cgroup is mounted (writable!) in the guest.
2013-11-27 17:14:10 +01:00
Eelco Dolstra 57f145a7f8 When setting $NIX_REMOTE, check whether /nix/var/nix/db is writable
In NixOS containers, root doesn't have write permission to
/nix/var/nix/db, so it has to use the daemon.
2013-11-27 17:09:17 +01:00
Eelco Dolstra c6529ac9eb postgresql: Fix the port option
Also clarify the description of the enableTCPIP option.
2013-11-27 17:09:17 +01:00
Eelco Dolstra 2b1f212494 Disable various services when running inside a container 2013-11-26 18:19:45 +01:00
Rob Vermaas a383fe887f Make dd-agent services restart when killed. 2013-11-22 15:23:45 +01:00
William A. Kennington III f48af13c5a Add a nix module for AMD Hybrid Graphics 2013-11-20 11:27:28 -06:00
Eelco Dolstra 886b9e27a6 httpd.nix: Support non-root operation 2013-11-18 18:04:17 +01:00
Eelco Dolstra 2b0aea1793 Allow running NixOS services outside of systemd
The attribute ‘config.systemd.services.<service-name>.runner’
generates a script that runs the service outside of systemd.  This is
useful for testing, and also allows NixOS services to be used outside
of NixOS.  For instance, given a configuration file foo.nix:

  { config, pkgs, ... }:

  { services.postgresql.enable = true;
    services.postgresql.package = pkgs.postgresql92;
    services.postgresql.dataDir = "/tmp/postgres";
  }

you can build and run PostgreSQL as follows:

  $ nix-build -A config.systemd.services.postgresql.runner -I nixos-config=./foo.nix
  $ ./result

This will run the service's ExecStartPre, ExecStart, ExecStartPost and
ExecStopPost commands in an appropriate environment.  It doesn't work
well yet for "forking" services, since it can't track the main
process.  It also doesn't work for services that assume they're always
executed by root.
2013-11-18 18:04:17 +01:00
Sergey Mironov d8b0c942a1 xfce: enable tumbler the thumbnail manager (close #1206) 2013-11-16 16:58:08 +01:00
Eelco Dolstra e815e4026a mediawiki: Update to 1.20.7 2013-11-13 17:33:58 +01:00
Rickard Nilsson 26d7598d46 networkmanager NixOS service: Make it possible to append or insert name servers in /etc/resolv.conf 2013-11-13 01:52:57 +01:00
Eelco Dolstra 785eaf2cea Add some primops to lib 2013-11-12 13:48:30 +01:00
Bjørn Forsman dc352536a8 nixos: capitalize a bunch of service descriptions
(systemd service descriptions that is, not service descriptions in "man
configuration.nix".)

Capitalizing each word in the description seems to be the accepted
standard.

Also shorten these descriptions:
 * "Munin node, the agent process" => "Munin Node"
 * "Planet Venus, an awesome ‘river of news’ feed reader" => "Planet Venus Feed Reader"
2013-11-09 20:45:50 +01:00
Vladimír Čunát 619a1f5614 changes proposed for 13-10 update
One feature change: polkit update 8d14c7ba
2013-11-09 18:41:42 +01:00
Jaka Hudoklin 673fc81337 nixos/graphite: fix storage dir for carbon 2013-11-09 17:36:05 +01:00
Vladimír Čunát 8d14c7baa6 polkit: major update 0.105 -> 0.112
- It now uses JavaScript for configuration (only),
  so I had to "convert" config for NetworkManager.
- I tested suspend/restart/(un)mount on KDE/Xfce,
  Phreedom tested NetworkManager config conversion.
2013-11-09 16:29:18 +01:00
Domen Kožar b3ea42462c Merge pull request #1182 from offlinehacker/nixos/mongodb/userfix
nixos/mongodb: set static uid to work with #1076
2013-11-08 12:56:00 -08:00
Domen Kožar a623cc96e3 Merge pull request #1066 from offlinehacker/nixos/logstash/update
nixos/logstash: update and simplify to be fully compatible with new version
2013-11-08 11:44:17 -08:00
Eelco Dolstra 065493284f Update the X11 terminal server module for systemd
Yay, we no longer need inetd!
2013-11-08 16:39:22 +01:00
Eelco Dolstra e62e15b2f9 Only run systemd-inhibit for local X11 sessions 2013-11-08 16:39:22 +01:00
Eelco Dolstra cc65b1015d vsftpd: Disable seccomp filtering on 64-bit
It worked on Linux 3.4 but fails with "500 OOPS: priv_sock_get_cmd"
since we updated the default kernel to 3.10.

http://hydra.nixos.org/build/6715359

https://bugzilla.redhat.com/show_bug.cgi?id=845980
https://bugzilla.novell.com/show_bug.cgi?id=786024
2013-11-07 16:38:57 +01:00
Eelco Dolstra 000962c3fb vsftpd: Run in the background and log to syslog (i.e. journal) 2013-11-07 16:38:57 +01:00
Eelco Dolstra 10e31f6de7 Clean up the vsftpd module a bit 2013-11-07 16:38:57 +01:00
Domen Kožar a46c71857d Merge pull request #1172 from zefhemel/patch-1
Removed unnecessary mkIf in elasticserach
2013-11-07 03:11:11 -08:00
Michael Raskin e8b347e6ae Merge pull request #1167 from grwlf/serverflags
Add serverFlagsSection option to the xserver config
2013-11-07 03:00:37 -08:00
Michael Raskin f8ddc0cbd4 Merge pull request #1099 from offlinehacker/nixos/nginx/package_change_support
nixos/nginx: allow to specify which package to use
2013-11-07 02:59:09 -08:00
Michael Raskin 0cfc45c3b9 Merge pull request #1164 from kirelagin/master
Make touchpad button mapping configurable
2013-11-07 02:49:44 -08:00
Jaka Hudoklin 50a2f3fdce nixos/mongodb: set static uid to work with #1076 2013-11-07 11:25:14 +01:00
Sander van der Burg d31b328d0a Updated Disnix service definition to support new development version and mongo databases 2013-11-07 10:54:53 +01:00
Zef Hemel 8063382867 Removed unnecessary mkIf
The whole block is already wrapped in cfg.enable and this breaks some things.
2013-11-05 08:52:23 +01:00
Eelco Dolstra d9c13a73c2 gurobi: Remove
It's proprietary, non-redistributable software.
2013-11-05 00:07:24 +01:00
Domen Kožar a734f32fa1 Remove desktopManager.gnome
Gnome doesn't work at least since I started using NixOS half a year
ago, let's not give wrong impressions to newcomers. Packaging gnome3
is still something on horizon.
2013-11-04 18:12:38 +01:00
Sergey Mironov 99914f8581 Add serverFlagsSection parameter to the xserver config 2013-11-04 18:54:13 +04:00
Moritz Ulrich 882c2b7278
fcron: Fix error when cron.mailto is null.
Signed-off-by: Moritz Ulrich <moritz@tarn-vedra.de>
2013-11-04 11:07:11 +00:00
Kirill Elagin fce38e454b Make touchpad button mapping configurable 2013-11-03 13:00:49 +04:00
Jaka Hudoklin 1453be4740 nixos/logstash: add option examples 2013-11-01 17:15:54 +01:00
Jaka Hudoklin 10e61f53d8 nixos/logstash: update and simplify to be fully compatible with new version 2013-11-01 17:15:53 +01:00
Eelco Dolstra 9ef07d859b Include the NixOS version in the manual
In particular, this will make it clear what version of the manual is
shown at http://nixos.org/nixos/manual/.
2013-11-01 16:47:29 +01:00
Eelco Dolstra 444a4fb793 Loosen the type of SSH key files 2013-11-01 00:34:31 +01:00
Eelco Dolstra c1159edc65 Remove remaining references to Upstart 2013-10-31 13:26:06 +01:00
Eelco Dolstra 456d8ec52b Clean up Synergy option descriptions a bit 2013-10-31 13:18:00 +01:00
Eelco Dolstra 244cf195c8 Use the "assertions" option instead of mkAssert 2013-10-30 18:47:44 +01:00
Eelco Dolstra 7d5152964c Drop environment.x11Packages
It doesn't do anything useful compared to environment.systemPackages.
2013-10-30 18:47:43 +01:00
Eelco Dolstra 408b8b5725 Add lots of missing option types 2013-10-30 18:47:43 +01:00