Commit graph

1203 commits

Author SHA1 Message Date
Lluís Batlle i Rossell 7a4685d28d Openldap needs a directory in /var/run to start, and it seems it's clean at every boot.
svn path=/nixos/trunk/; revision=26840
2011-04-14 09:54:46 +00:00
Lluís Batlle i Rossell 84bea7a351 I change the ldap settings so pam_unix and 'files' always go in front of ldap,
instead of the opposite. Thus, /etc/passwd has priority over ldap.


svn path=/nixos/trunk/; revision=26834
2011-04-13 20:48:50 +00:00
Lluís Batlle i Rossell d8a702f59f Making the samba daemons see the nss modules (needed for ldap-unix-pam integration)
svn path=/nixos/trunk/; revision=26830
2011-04-13 20:06:29 +00:00
Lluís Batlle i Rossell e7c9266a70 Adding a poor openldap server module.
svn path=/nixos/trunk/; revision=26822
2011-04-13 17:35:19 +00:00
Lluís Batlle i Rossell 6824866d6d Adding a dnsmasq simple module.
svn path=/nixos/trunk/; revision=26820
2011-04-13 14:09:02 +00:00
Eelco Dolstra e9b2ebcb99 * Send a TCP RST packet, rather than an ICMP port-unreachable packet,
for (apparently) open TCP connections that connection tracking 
  doesn't know about.  This prevents TCP connections to this machine
  from hanging in CLOSE_WAIT for a long time.

svn path=/nixos/trunk/; revision=26802
2011-04-12 11:25:57 +00:00
Lluís Batlle i Rossell 82a0aa0a8f Fixing a path in the trac ldap part. Too much slashes make things go wrong.
svn path=/nixos/trunk/; revision=26786
2011-04-11 19:43:48 +00:00
Lluís Batlle i Rossell 9c492e34bb Making the trac module ldap-aware (for the authentication) and sqlite aware.
svn path=/nixos/trunk/; revision=26768
2011-04-09 16:05:36 +00:00
Eelco Dolstra 97a37f7c12 * "stage1panic" -> "stage1panic=1" to get rid of a harmless warning.
svn path=/nixos/trunk/; revision=26756
2011-04-08 14:42:35 +00:00
Eelco Dolstra 05ff7baf48 * /var/lib/nova/networks should be readable by the `nobody' user,
because dnsmasq runs as nobody and reads its host list from there.

svn path=/nixos/trunk/; revision=26740
2011-04-07 12:47:20 +00:00
Eelco Dolstra 3836e8eb02 * Properly initialise Nova's state.
svn path=/nixos/trunk/; revision=26735
2011-04-07 09:59:11 +00:00
Eelco Dolstra 4c2a0dc531 * Add multipath-tools (specifically, kpartx) to nova-compute's $PATH
so that it can inject SSH keys into disk images.
* Use the injected key if available.

svn path=/nixos/trunk/; revision=26724
2011-04-06 15:53:03 +00:00
Eelco Dolstra 2e2282bd5e * Added a module to create a disk image for Nova.
svn path=/nixos/trunk/; revision=26721
2011-04-06 15:09:34 +00:00
Eelco Dolstra 84be6235c3 * Get rid of a cyclic symlink to the default theme.
svn path=/nixos/trunk/; revision=26712
2011-04-06 11:58:13 +00:00
Eelco Dolstra d9cf1c2da0 * Install ~/.bashrc as a regular file rather than as a symlink.
svn path=/nixos/trunk/; revision=26690
2011-04-05 11:24:36 +00:00
Shea Levy 2ddda472c4 Put vim on the live cd in place of nvi
svn path=/nixos/trunk/; revision=26679
2011-04-04 13:45:16 +00:00
Eelco Dolstra fcaec58d27 * Add a module for setting up a basic (single-node) OpenStack Compute
(Nova) cloud.

svn path=/nixos/trunk/; revision=26664
2011-04-01 18:09:57 +00:00
Eelco Dolstra 2c1084b21b * libvirtd job: wait until libvirtd is accepting connections.
svn path=/nixos/trunk/; revision=26663
2011-04-01 18:08:53 +00:00
Eelco Dolstra 403accc71f * Some hackery to make sure that router solicitations get through
after creating a bridge.
* Ignore errors (set +e) so that we can get rid of all the "|| true"
  clauses.

svn path=/nixos/trunk/; revision=26660
2011-04-01 15:05:42 +00:00
Shea Levy 8dd6f42a91 Fixed formatting
svn path=/nixos/trunk/; revision=26647
2011-03-31 23:06:36 +00:00
Shea Levy f269206972 Update iso-image.nix to work with kernels that use AUFS 2.1 instead of AUFS 2. Older kernels are unaffected.
svn path=/nixos/trunk/; revision=26646
2011-03-31 23:03:54 +00:00
Eelco Dolstra 1e2c0d6284 * Try to hack around libvirt's stateful use of /etc/libvirt. (Routine
operations such as creating VMs modify the contents of
  /etc/libvirt.)

svn path=/nixos/trunk/; revision=26644
2011-03-31 22:10:26 +00:00
Eelco Dolstra ef80abc886 * Remove some dead code.
svn path=/nixos/trunk/; revision=26634
2011-03-31 21:21:55 +00:00
Eelco Dolstra c4a2eeb9f8 * Added a module for the RabbitMQ server.
svn path=/nixos/trunk/; revision=26630
2011-03-31 17:04:05 +00:00
Eelco Dolstra e174562ee1 * Put ebtables in libvirtd's PATH.
svn path=/nixos/trunk/; revision=26629
2011-03-31 15:24:13 +00:00
Nicolas Pierron 96fc9379ba Convert assertion option into mkAssert.
svn path=/nixos/trunk/; revision=26614
2011-03-30 17:52:34 +00:00
Eelco Dolstra 87a2c6d9c5 * Don't enable rdnssd by default for the moment.
svn path=/nixos/trunk/; revision=26505
2011-03-25 09:29:22 +00:00
Eelco Dolstra b2d6dfecbc * Add the rdnss daemon.
* Add the ndisc6 package to the system path if IPv6 is enabled.

svn path=/nixos/trunk/; revision=26496
2011-03-24 16:23:28 +00:00
Eelco Dolstra c430bf5cc3 * Add virtio_console to the CD because the backdoor requires it.
* The booted CD no longer requires "-net user".

svn path=/nixos/trunk/; revision=26427
2011-03-19 08:58:56 +00:00
Eelco Dolstra 6c55079ab0 * nixos-hardware-scan: It's not necessary to detect Intel graphics
cards because the default X config contains the Intel driver.
  Likewise, there is no need for the "vesa" default.
* nixos-hardware-scan: Clean up the output a bit.

svn path=/nixos/trunk/; revision=26423
2011-03-18 13:52:09 +00:00
Eelco Dolstra ef07a945c4 * Don't echo characters on /dev/hvc0, otherwise the stdout of commands
gets screwed up.

svn path=/nixos/trunk/; revision=26422
2011-03-18 13:16:40 +00:00
Eelco Dolstra be0fca5781 * Use QEMU/KVM's paravirtualised console device for the backdoor.
This has the advantage that it doesn't depend on networking being
  up.
* Move common QEMU/KVM guest configuration to profiles/qemu-guest.nix.

svn path=/nixos/trunk/; revision=26421
2011-03-18 12:38:22 +00:00
Eelco Dolstra 6ee609a0a3 * On the installation CD, set the overcommit heuristic to "always
overcommit".  This makes it less likely that the installer fails
  randomly in low memory environments.

svn path=/nixos/trunk/; revision=26369
2011-03-16 15:17:54 +00:00
Eelco Dolstra a19849914a * libvirtd: Remove the pid on startup. If it exists, libvirtd
tends to segfault.

svn path=/nixos/trunk/; revision=26365
2011-03-16 13:52:52 +00:00
Eelco Dolstra 8add655028 * Add qemu_kvm to the system path.
svn path=/nixos/trunk/; revision=26359
2011-03-16 12:31:06 +00:00
Eelco Dolstra 6646268c95 * This should no longer be needed.
svn path=/nixos/trunk/; revision=26331
2011-03-15 18:47:56 +00:00
Eelco Dolstra f71bd3f93c * dhclient: ignore libvirt's network interfaces.
svn path=/nixos/trunk/; revision=26327
2011-03-15 15:30:12 +00:00
Eelco Dolstra 3cb7a54dba * Added an option `networking.bridges' to allow Ethernet bridges to be
defined.

svn path=/nixos/trunk/; revision=26325
2011-03-15 15:13:48 +00:00
Eelco Dolstra f45866d0e7 * The NAT networking in libvirt requires the "tun" module.
svn path=/nixos/trunk/; revision=26314
2011-03-15 10:52:44 +00:00
Eelco Dolstra f833492c68 * Add dnsmasq to libvirtd's PATH. This is required for networking.
svn path=/nixos/trunk/; revision=26313
2011-03-15 09:42:49 +00:00
Eelco Dolstra cd30b40da7 * Replace ifconfig by ip in the initrd of VM tests.
svn path=/nixos/trunk/; revision=26280
2011-03-11 14:59:36 +00:00
Eelco Dolstra 8ce36ffb3a * Use "ip" instead of "ifconfig" for setting up network interfaces,
since the latter is rather deprecated and has been unmaintained
  since 2001.  Note that "ip" doesn't know about classful addressing,
  so you can no longer get away with not specifying the subnet mask
  for explicitly configured interfaces.  So if you had

    networking.interfaces =
      [ { name = "eth0"; ipAddress = "192.168.1.1"; } ];

  this should be changed to

    networking.interfaces =
      [ { name = "eth0";
          ipAddress = "192.168.1.1";
          subnetMask = "255.255.255.0";
        }
     ];

  otherwise you end up with a subnet mask of 255.255.255.255.

svn path=/nixos/trunk/; revision=26279
2011-03-11 14:50:11 +00:00
Eelco Dolstra 7205c31ea3 * Remove "modprobe af_packet". It's loaded automatically when needed.
svn path=/nixos/trunk/; revision=26277
2011-03-11 13:57:48 +00:00
Eelco Dolstra ee4e004cc4 * Add a test for the firewall.
svn path=/nixos/trunk/; revision=26276
2011-03-11 13:38:52 +00:00
Eelco Dolstra 64d871c0d9 * Enable FTP connection tracking in the firewall.
svn path=/nixos/trunk/; revision=26275
2011-03-11 13:34:17 +00:00
Eelco Dolstra 005ca15f64 * Firewall: add an option to allow extra firewall rules to be added.
* Firewall: change the policy of the INPUT chain back to ACCEPT to
  prevent a lockup when the Nix store is mounted over the network
  (i.e. in our VM tests).  This is because as soon as the policy is
  set to DROP, the iptables modules that enable access to the network
  filesystem cannot be acccessed anymore.

svn path=/nixos/trunk/; revision=26274
2011-03-11 13:04:17 +00:00
Eelco Dolstra 6160100a9a * Don't run klogd in tests to prevent duplicate kernel messages in the
log output.  (It wasn't running anyway because the preStart command
  was broken.)  Note that "dmesg -c" doesn't have an effect on klogd,
  and "klogd -o" is broken.

svn path=/nixos/trunk/; revision=26273
2011-03-11 12:56:04 +00:00
Eelco Dolstra ab0ce6734b * firewall.nix: Only flush/delete the chains created by us.
svn path=/nixos/trunk/; revision=26271
2011-03-11 11:53:18 +00:00
Eelco Dolstra f672aa71bf * RFC 4890 says that local nodes should not filter pretty much any
ICMPv6 messages (including echo requests), so don't do that.

svn path=/nixos/trunk/; revision=26270
2011-03-11 11:08:16 +00:00
Eelco Dolstra 0ea9f6611a * Add some more rules to allow ICMPv6 router/neighbour advertisements
in.  Maybe we're better off accepting all ICMPv6 messages *except*
  echo requests.

svn path=/nixos/trunk/; revision=26260
2011-03-10 16:25:08 +00:00