As @edolstra pointed out, this behavior is not equivalent to what we had
before as the kernel command line parameter won't take effect until the
next boot. Probably it's not likely that someone will make this change
and then add a network card before rebooting, but might as well support
that since we can.
This reverts commit f7563698df.
Signed-off-by: Shea Levy <shea@shealevy.com>
Sometimes nscd starts up before a /etc/resolv.conf file has been written, and
apparently triggering a cache flush (reload) is not good enough to make it
recover from that problem. To remedy the issue, we restart the service instead.
See <https://github.com/NixOS/nixos/issues/34> for further details.
Using /etc/lighttpd.conf "hides" the config file from NixOS so that it
will not automatically restart the service when its config file changes.
So don't do that.
I think it's nice that it first asks the usual password, and then offers the
otpw one if enabled. That enables dovecot to show the last pam prompt.
I also add the dovecot option for that.
Previously we synced just before calling switch-to-configuration.
That prevents corruption of the Nix store, but it can leave the boot
loader configuration and kernel files in /boot corrupted. So do the
sync after installing the boot loader.
Usually timers.target is pulled in by basic.target, but we don't
restart basic.target. So timers.target wouldn't be started when
coming from an older systemd.
Now that nixUnstable supports remounting in the "/nix/store is a
mountpoint" case, this is no longer necessary.
This reverts commit f1d48aec43.
Signed-off-by: Shea Levy <shea@shealevy.com>
More specifically, this removes services.pulseaudio and adds the option
hardware.pulseaudio.systemWide which defaults to false but can be used to turn
on the system-wide PulseAudio server (previously defined in
services.pulseaudio). Since the two PulseAudio modes are mutually exclusive
anyway (maybe not strictly true, but I don't think is a good idea combining
them) its nicer to be able to reuse server and ALSA configuration between them.
Also the system-wide PulseAudio service has been adjusted to systemd, and a few
things has been fixed (there was no alsa.conf before, for example).
The bottomline is that people that was using hardware.pulseaudio before should
be able to keep doing it in exactly the same way, and people that used
services.pulseaudio must switch over to hardware.pulseaudio.systemWide instead.
This makes it so multiple definitions are merged by adding a newline
between each entry, to avoid the need to add a newline to the end of
every definition of extraModprobeConfig. See #119 for an example of an
issue this has caused.
Signed-off-by: Shea Levy <shea@shealevy.com>
The smartd used to expect a list of devices to monitor. After this patch, it
expects a list of attribute sets, which may have two attributes:
- device: path to the device (required)
- options: smartd options to apply to this particular device (optional)
A concrete example configuration would be:
services.smartd = {
enable = true;
devices = [ { device = "/dev/sda"; } { device = "/dev/sdb"; options = "-d sat"; } ];
};
Furthermore, the config option 'deviceOpts' can be used to configure options
that are applied to *every* device.
Enable it with
services.transmission.enable = true;
and optionally configure it
services.transmission.settings =
{
download-dir = "/srv/torrents/";
incomplete-dir = "/srv/torrents/.incomplete/";
incomplete-dir-enabled = true;
rpc-whitelist = "127.0.0.1,192.168.*.*";
# for users in group "transmission" to have access to torrents
umask = 2;
};
The above settings are written/merged into settings.json each time the
service is about to start.
In principle this could work, but the current remount logic in nix fails
to remount mountpoints that are root in their own filesystem (as would
be the case with bind-mounting a mountpoint over itself). nixos/nix#98
is aimed at fixing this.
Signed-off-by: Shea Levy <shea@shealevy.com>
Newer kernels (since torvalds/linux@abb139e75c) try to
read firmware directly from the filesystem before falling back to a
userspace helper (udev) if firmware cannot be found (in even newer
kernels, the fallback path can be disabled altogether). By default, only
certain paths in /lib/firmware* are searched, so this was initially not
helpful for NixOS.
Since torvalds/linux@2760284206 (which,
based on the commit message, was implemented just for NixOS, go us!),
though, an extra path can be dynamically prepended to the search path.
So do that, in three ways:
1. Pass a kernel command line option in case the module is built-in
2. Add a line to modprobe.conf in case the module isn't yet loaded by
activation-time
3. Add an activation script to set the option in /sys in case the module
is already loaded by activation-time.
man logind.conf clearly states that the header is [Login] (no 'd').
Without this fix services.logind.extraConfig does not take effect
because logind ignores the invalidly named section.
So that we can customize systemd-logind in configuration.nix.
Example:
services.logind.extraConfig = "HandleLidSwitch=ignore";
See man logind.conf for available options.
xf86videovmware[1].
Adds "vmware" to list of default options of
services.xerver.videoDrivers.
new default:
[ "ati" "cirrus" "intel" "vesa" "vmware" ]
old default:
[ "ati" "cirrus" "intel" "vesa" ]
[1] Pull request for xf86videovmware found at
https://github.com/NixOS/nixpkgs/pull/338.
The mongodb service runs as user mongodb, and therefore
the preStart-script has no permissions to set up mongodb
directories. This is solved by adding an initialisation
service that runs as root and just sets up the required
directories.
This reverts commit 2802538dc2. The idea
was good, but unfortunately $GDFONTPATH has a different format, i.e.
programs that use this variable don't descend into the directories
listed here like fontconfig does, so we cannot use the same values for
both settings.
Set the environment variable GDFONTPATH to the list of directories where fonts
are expected to be installed. This is search path is used by same GD-based
applications, such as Gnuplot.
Alternatively, we could rely on fontconfig to achieve the same thing, i.e. by
running
for n in $(fc-list | sed -r -e 's|^([^:]+):.*$|\1|'); do echo $(dirname "$n"); done | sort | uniq
to get that list at run-time, but the static approach feels more deterministic.
This provides a more convenient syntax and allows easier overriding.
For example,
environment.etc = singleton
{ target = "vconsole.conf";
source = vconsoleConf;
};
can now be written as
environment.etc."vconsole.conf".source = vconsoleConf;
Adding support for the kind of bootloader in raspberrypi. Disable grub,
disable generationsDir, enable boot.loader.raspberrypi.
Usual layout expected: /boot being the first vfat the board reads blobs from.
If the user tries to run a program that doesn't exist from Bash, the
program name is looked up in a database that maps to Nix package
names. If it is found, we print out a message like:
$ pdflatex
The program ‘pdflatex’ is currently not installed. It is provided by
several packages. You can install it by typing one of the following:
nix-env -i tetex
nix-env -i texlive-core
If the environment variable $NIX_AUTO_INSTALL is set, the command is
installed and executed automatically:
$ hello --version
The program ‘hello’ is currently not installed. It is provided by
the package ‘hello’, which I will now install for you.
installing `hello-2.8'
hello (GNU hello) 2.8
Copyright (C) 2011 Free Software Foundation, Inc. ...
To use this, you must currently manually put the SQLite programs
database in /var/lib/nixos/programs.sqlite. In the future, this file
should be provided as part of the NixOS channel so it gets updated
automatically. To get a test version:
$ curl http://nixos.org/~eelco/programs.sqlite.xz | xz -d > /var/lib/nixos/programs.sqlite
This reverts commit 683100666d.
Seems somebody (systemd? the kernel?) gets confused at power
events and remounts the filesystem containing /nix/store as
read-only.
Commit 37b56574e2 revealed that the code
to get regInfo from /proc/cmdline was broken. It only happened to
work because the kernel passes the command line to stage 1 through the
environment, so $regInfo was set anyway.
This is required to create a gschemas.compiled file with content
from all gschemas. Otherwise, gschemas.compiled will be taken
from a random package, and gsettings programs will not find what
they are looking for. I had to add this to get NetworkManager-applet
to work. You'll also have to add share/glib-2.0 to the pathsToLink
list.
Generating this in the activation script (along with gtk icons
etc), is not the nicest solution. But I have no real idea on
how to modularise it.
EC2 instances don't have a console, so it's pointless to start
emergency mode if a mount fails. (This happened to me with an
encrypted filesystem where the key wasn't sent on time using "charon
send-keys".) Better to cross fingers and continue booting.
This is necessary to prevent a race. Udev 197 has a new naming scheme
for network devices, so it will rename (say) eth0 to eno0. This fails
with "error changing net interface name eth0 to eno1: Device or
resource busy" if another process has opened the interface in the
meantime.
This reverts commit 1e741f1572b6793b861e2f9820015475ce339ae0 as it is
unnecessary according to @edolstra, because services.xserver.config from another
module will be merged into the configuration.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
This is currently only a very simple implementation which just recurses a list
of heads that get chained together to the right of the corresponding previous
item of the list.
If I forgot about something in the already existing configuration options,
please let me know or if this commit is useless or a duplicate, feel free to
revert. But by looking at implementation before this commit, I only see zaphod
and/or quirky xinerama-like configuration options.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Starting an authenticated root shell is a security hole, so don't do
it by default. The kernel command line parameter
‘initrd.shell_on_fail’ restores the original. (Of course, this only
improves security if you have a password on GRUB to prevent the kernel
command line from being edited by unauthorized users.)
The 'memtest86' package didn't work on any of my machines. 'memtest86plus', on
the other hand, seems to work just fine. Does anyone know why we keep the
seemingly older version around still?
This is especially useful if you want to supply a default XRandR configuration,
where you need multiple "Monitor" sections in order to set properties for
specific CRTCs (if not running in zaphod mode).
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
The "S|s|single" option is handled by systemd (starting
rescue.target). And the rescue target basically removes the need for
a special debug shell. (Also, there is "systemd.crash_shell=1" for
starting a shell if systemd crashes.)
Also, symlink kbrequest.target to rescue.target as suggested by the
systemd.special manpage. This way, you can start a sulogin rescue
shell by pressing Alt+Up.
Restarting <interface>-cfg.service may cause the interface's IP
addresses to be flushed. If the default gateway goes through that
interface, then the default gateway is deleted. So we need to
restart network-setup.target.
This allows setting the max tcp window size for the route of
the default gateway (usually the internet access).
It works only for non-DHCP configurations by now.
To be honest, it's more like "be less discriminating against USB tablets".
USB tablets usually get autodetected, device name is not necessary and defaulting to a serial touchscreen is a clear discrimination.
Unconditionally remapping buttons is generally not a good idea either.
Old defaults transformed into examples.
During a configuration switch, changed units are stopped in the old
configuration, then started in the new configuration (i.e. after
running the activation script and running "systemctl daemon-reload").
This ensures that services are stopped using the ExecStop/ExecStopPost
commands from the old configuration.
However, for some services it's undesirable to stop them; in
particular dhcpcd, which deconfigures its network interfaces when it
stops. This is dangerous when doing remote upgrades - usually things
go right (especially because the switch script ignores SIGHUP), but
not always (see 9aa69885f0). Likewise,
sshd should be kept running for as long as possible to prevent a
lock-out if the switch fails.
So the new option ‘stopIfChanged = false’ causes "systemctl restart"
to be used instead of "systemctl stop" followed by "systemctl start".
This is only proper for services that don't have stop commands. (And
it might not handle dependencies properly in some cases, but I'm not
sure.)
Running it from systemd rather than cron has several advantages:
systemd ensures that only one instance runs at a time; the GC can be
manually started/stopped; and logging goes to the journal.
We still need cron to start the service at the right time, but
hopefully soon we can get rid of cron entirely (once systemd supports
starting a unit at a specific time).