Commit graph

1397 commits

Author SHA1 Message Date
Pascal Wittmann c4b3b71917 Bitlbee: create homedir; do not use /etc/bitlbee.conf 2013-04-02 00:08:17 +02:00
Shea Levy cf3ef6a1fc Merge branch 'lighttpd' of git://github.com/bjornfor/nixos into upstream-master
Moves config file into the store rather than polluting etc, which has a
number of benefits

Signed-off-by: Shea Levy <shea@shealevy.com>
2013-04-01 13:09:23 -04:00
Shea Levy f7563698df Use the new net.ifnames kernel command line flag to disable persistent interface names
Signed-off-by: Shea Levy <shea@shealevy.com>
2013-04-01 07:03:00 -04:00
Shea Levy 863c6f2490 Fix missed kernel->kernelDev change
Signed-off-by: Shea Levy <shea@shealevy.com>
2013-04-01 06:08:30 -04:00
Domen Kozar 969c577173 fixes #127 2013-03-31 21:18:57 +02:00
Bjørn Forsman 395bc5d05c lighttpd: restart service if config changes
Using /etc/lighttpd.conf "hides" the config file from NixOS so that it
will not automatically restart the service when its config file changes.
So don't do that.
2013-03-31 18:06:43 +02:00
Lluís Batlle i Rossell 86c1e10a43 Setting pam otpw *after* pam_unix, for dovecot failed auth messages.
I think it's nice that it first asks the usual password, and then offers the
otpw one if enabled. That enables dovecot to show the last pam prompt.

I also add the dovecot option for that.
2013-03-30 22:25:19 +01:00
Pascal Wittmann 8d0a7cb6d2 Bitlbee: tabs to spaces 2013-03-29 12:51:47 +01:00
Pascal Wittmann e33af28567 Bitlbee: hardcode username and configdir; homedir == configdir 2013-03-29 12:37:06 +01:00
Pascal Wittmann 4af26d582c Bitlbee: updated for systemd; added more options like AuthMode 2013-03-29 10:28:54 +01:00
Eelco Dolstra c2977f134e nix-gc.timer: Fix the start time 2013-03-28 13:35:07 +01:00
Eelco Dolstra 7ad91f31d6 Add support for systemd timers 2013-03-28 11:54:19 +01:00
Eelco Dolstra 9c3a31ff4c Clear /proc/sys/kernel/hotplug again
Otherwise the kernel will pointlessly try to invoke /sbin/hotplug all
the time.  Another feature lost in the systemd switch.
2013-03-27 23:03:37 +01:00
Eelco Dolstra f3bea050f8 Updates for systemd 198/199 2013-03-27 23:03:37 +01:00
Eelco Dolstra 8b9216fdcb Don't set the firmware path in 3 different places 2013-03-27 23:03:37 +01:00
Domen Kozar c52cb9bb65 add almir service 2013-03-27 11:47:28 +01:00
Eelco Dolstra 991a78dd8b Use nixUnstable 2013-03-26 15:58:38 +01:00
Mathijs Kwik b5e2ff4bed mongodb: v8 is the default javascript engine now 2013-03-25 08:10:36 +01:00
Eelco Dolstra cc6bd6d7bb Fix evaluation if driSupport32Bit is enabled on NVIDIA 2013-03-24 22:08:01 +01:00
Marc Weber bfc290421d When enabling wacom put xsetwacom in PATH.
I know that gnome/kde may have their own way to configure wacom tablets
2013-03-24 18:31:31 +01:00
Nicolas B. Pierron 8b2256686b Merge pull request #123 from MarcWeber/feed-upstream/toList
replace list by listOf using same style as for attrsOf
2013-03-23 16:21:21 -07:00
Domen Kozar b8a1ccd16a Add bacula service 2013-03-23 01:23:59 +01:00
Peter Simons 83e7689d02 Merge pull request #107 from Davorak/fixXorgVMware
Fix Xorg-server on vmware inconjunction with
2013-03-21 03:18:05 -07:00
Rob Vermaas ef28e8e70e Add WorkingDirectory default configuration value for rsyslog. 2013-03-17 21:36:25 +01:00
Rob Vermaas 9a9b53aa9f Add module for rsyslog. Although rsyslog is supposed to be a drop-in
replacement for sysklogd, it lacks some support for certain arguments
used in the default syslog module of NixOS.
2013-03-15 12:55:49 +01:00
Rickard Nilsson be698e93a4 Merge hardware.pulseaudio and services.pulseaudio
More specifically, this removes services.pulseaudio and adds the option
hardware.pulseaudio.systemWide which defaults to false but can be used to turn
on the system-wide PulseAudio server (previously defined in
services.pulseaudio). Since the two PulseAudio modes are mutually exclusive
anyway (maybe not strictly true, but I don't think is a good idea combining
them) its nicer to be able to reuse server and ALSA configuration between them.

Also the system-wide PulseAudio service has been adjusted to systemd, and a few
things has been fixed (there was no alsa.conf before, for example).

The bottomline is that people that was using hardware.pulseaudio before should
be able to keep doing it in exactly the same way, and people that used
services.pulseaudio must switch over to hardware.pulseaudio.systemWide instead.
2013-03-14 23:33:45 +01:00
Marc Weber f3e6b42258 replace list by listOf using same style as for attrsOf 2013-03-14 17:09:21 +01:00
Shea Levy 6e20c697cd alsa-store.service: Avoid unnecessary shell
Signed-off-by: Shea Levy <shea@shealevy.com>
2013-03-13 19:58:35 -04:00
Shea Levy 7bbf034f93 alsa-store.service: Ensure /var/lib/alsa exists
Signed-off-by: Shea Levy <shea@shealevy.com>
2013-03-13 19:48:58 -04:00
Peter Simons 415ff3c39a smartd: change 'devices' option from "list of strings" to "list of attribute sets"
The smartd used to expect a list of devices to monitor. After this patch, it
expects a list of attribute sets, which may have two attributes:

 - device: path to the device (required)
 - options: smartd options to apply to this particular device (optional)

A concrete example configuration would be:

  services.smartd = {
    enable = true;
    devices = [ { device = "/dev/sda"; } { device = "/dev/sdb"; options = "-d sat"; } ];
  };

Furthermore, the config option 'deviceOpts' can be used to configure options
that are applied to *every* device.
2013-03-10 01:19:44 +01:00
Vladimír Čunát a3d8e6eeba xfce: update the xinitrc path 2013-03-09 10:55:57 +01:00
Bjørn Forsman d89ba0697f Add Transmission BitTorrent service
Enable it with

  services.transmission.enable = true;

and optionally configure it

  services.transmission.settings =
    {
      download-dir = "/srv/torrents/";
      incomplete-dir = "/srv/torrents/.incomplete/";
      incomplete-dir-enabled = true;
      rpc-whitelist = "127.0.0.1,192.168.*.*";
      # for users in group "transmission" to have access to torrents
      umask = 2;
    };

The above settings are written/merged into settings.json each time the
service is about to start.
2013-03-08 16:47:09 +01:00
Shea Levy 35093b8a28 Silence a harmless warning on kernels without the 'path' parameter for firmware_class. 2013-03-05 20:33:41 -05:00
Lluís Batlle i Rossell a9b3dbf8ea Fixing the vaapiDrivers; it didn't work, with only one driver 2013-03-04 22:35:33 +01:00
Shea Levy 70378ad2b7 Add our firmware path to the in-kernel lookup path
Newer kernels (since torvalds/linux@abb139e75c) try to
read firmware directly from the filesystem before falling back to a
userspace helper (udev) if firmware cannot be found (in even newer
kernels, the fallback path can be disabled altogether). By default, only
certain paths in /lib/firmware* are searched, so this was initially not
helpful for NixOS.

Since torvalds/linux@2760284206 (which,
based on the commit message, was implemented just for NixOS, go us!),
though, an extra path can be dynamically prepended to the search path.
So do that, in three ways:

1. Pass a kernel command line option in case the module is built-in
2. Add a line to modprobe.conf in case the module isn't yet loaded by
activation-time
3. Add an activation script to set the option in /sys in case the module
is already loaded by activation-time.
2013-03-04 09:42:03 -05:00
Rickard Nilsson 5737604b13 xfce: Set GTK_PATH to system.path/lib/gtk-2.0, so xfce can find all theme engines. 2013-03-04 10:51:33 +01:00
Bjørn Forsman 61c07244e8 Add lighttpd web server module 2013-03-03 20:16:44 +01:00
Domen Kozar 854a37aa7e add most basic nginx service 2013-03-03 12:12:17 +01:00
Patrick Wheeler fc7c7ae91a Remove vmware comment 2013-03-01 11:05:00 -06:00
Patrick John Wheeler ea3eb991b7 Fix Xorg-server on vmware inconjunction with fix to
xf86videovmware[1].

Adds "vmware" to list of default options of
services.xerver.videoDrivers.

new default:
 [ "ati" "cirrus" "intel" "vesa" "vmware" ]

old default:
 [ "ati" "cirrus" "intel" "vesa" ]

[1] Pull request for xf86videovmware found at
https://github.com/NixOS/nixpkgs/pull/338.
2013-03-01 02:53:08 +01:00
Rickard Nilsson 568683316b mpd: Start service with exec 2013-02-28 19:26:19 +01:00
Shea Levy 7ac425a22f Merge pull request #102 from iElectric/deluge
Add deluged and deluge.web services
2013-02-27 11:19:08 -08:00
Domen Kozar c50d7cbc8d use ExecStart instead of script, this way we get rid of systemd wrapper scripts 2013-02-27 20:13:14 +01:00
Domen Kozar bb89f2eb99 We don't need an explicit uid/gid. We also don't need web to depend
on deluged, since it can be started before it.
2013-02-27 20:06:10 +01:00
Shea Levy f3d4d24d6b dd-agent: Run as a separate user 2013-02-27 09:25:37 -05:00
Domen Kozar 71f4330d3f use path to deluge script correctly 2013-02-27 10:58:28 +01:00
Domen Kozar 99edd5d575 run deluge under deluge user/group 2013-02-26 22:53:52 +01:00
Eelco Dolstra 85188d19c5 nix-daemon: Restart when nix.conf changes 2013-02-26 03:15:29 +01:00
Domen Kozar 259fd8e34a don't use quotes when setting example to true 2013-02-25 22:39:47 +01:00
Rickard Nilsson cc3549fa34 Add ActiveMQ service 2013-02-25 16:50:10 +01:00
Rickard Nilsson e44021494c mongodb: Add initialisation service
The mongodb service runs as user mongodb, and therefore
the preStart-script has no permissions to set up mongodb
directories. This is solved by adding an initialisation
service that runs as root and just sets up the required
directories.
2013-02-25 09:04:31 +01:00
Domen Kozar a6f0d984fe Add deluge and deluge web services 2013-02-24 17:33:48 +01:00
Jack Cummings d5b6456f40 proper hostapd dependencies 2013-02-24 03:11:45 -08:00
Rickard Nilsson b0f33f2052 Add options for setting theme and setup-script in KDM 2013-02-22 09:34:36 +01:00
Domen Kozar a953ed57c9 mkdir musicDirecotry for mpd before startnig the service 2013-02-21 23:05:40 +01:00
Eelco Dolstra 7b8958b6c5 Fix the boot.hardwareScan option
Fixes #95.
2013-02-21 11:32:51 +01:00
viric f43729298d Merge pull request #93 from aristidb/master
Implementation: services.xserver.driSupport32Bits: Intel support via mesa (#92)
2013-02-20 11:52:22 -08:00
Vladimír Čunát c2a213e559 Merge pull request #70 from cpages/master
Support driSupport32Bit for nvidia legacy 304
2013-02-19 11:29:14 -08:00
Aristid Breitkreuz 37be1c8982 x11/mesa: driSupport32Bit for the mesa implementation 2013-02-19 18:28:25 +01:00
Shea Levy b83be79adf default-websockify: Stop when reconfigured (i.e. new ports added/removed) 2013-02-18 11:55:46 -05:00
Shea Levy 762ea5c578 websockify: Add unit descriptions 2013-02-18 11:55:10 -05:00
Shea Levy 969fe07be6 Websockify: End descriptions with a period. 2013-02-18 11:51:33 -05:00
Peter Simons a5e443295b Merge pull request #90 from iElectric/xbmc
Add xbmc window manager
2013-02-18 01:31:43 -08:00
Domen Kozar 4a66331625 add xbmc window manager 2013-02-16 23:19:09 +01:00
Eelco Dolstra 233cc2fdaa Add a module for MiniDLNA
Now my NixOS machine can serve videos to my Bluray player!
2013-02-16 23:08:53 +01:00
Shea Levy 08fdc234c8 Fix manual build 2013-02-15 14:36:20 -05:00
Shea Levy 59a4df3159 Add websockify service 2013-02-14 21:50:41 -05:00
Eelco Dolstra 46b7ddf402 Add option to disable predictable network interface naming 2013-02-11 16:01:01 +01:00
Evgeny Egorochkin aaffb21f25 bluetooth: add the systemd unit needed for activation by recent bluez versions 2013-02-10 20:30:02 +02:00
Evgeny Egorochkin 06f90c6ffc Tor-privoxy: quick and dirty fix for activation under systemd 2013-02-10 20:29:17 +02:00
Eelco Dolstra 8ef4074811 Use nss_myhostname from systemd 2013-02-04 15:50:37 +01:00
Lluís Batlle i Rossell d1a9ccbaf4 Changing ensureDir -> mkdir -p
(told by shlevy)
2013-01-30 20:58:00 +01:00
Lluís Batlle i Rossell d50b22e882 Adding vaapi drivers to nixos
Enabling nvidia and intel drivers by default. I tried both,
and they work fine with "vlc --ffmpeg-hw".
2013-01-30 20:40:55 +01:00
Rickard Nilsson 45522d0806 mpd: Adjust service definition to systemd 2013-01-27 20:21:04 +01:00
Peter Simons d241240ba4 spamassassin: convert module to systemd 2013-01-24 18:37:25 +01:00
Eelco Dolstra 0930befd58 nix-daemon: Put back the --daemon flag
That flag doesn't do anything, except that it allows setting the
client PID in the process title of the children.
2013-01-24 13:34:47 +01:00
Eelco Dolstra 4ac619f6e5 Turn on nix.readOnlyStore again 2013-01-24 13:09:31 +01:00
Eelco Dolstra 8e1f243b30 xserver.nix: Check whether Polkit is enabled
Our X session script requires Polkit because it calls systemd-inhibit.
2013-01-24 13:06:32 +01:00
Eelco Dolstra bd328680ce Revert "Enable nix.readOnlyStore by default"
This reverts commit 683100666d.

Seems somebody (systemd? the kernel?) gets confused at power
events and remounts the filesystem containing /nix/store as
read-only.
2013-01-24 10:28:34 +01:00
Eelco Dolstra 683100666d Enable nix.readOnlyStore by default 2013-01-23 23:41:01 +01:00
Eelco Dolstra 75662a45d6 wpa_supplicant: Remove accidentally committed debug flag 2013-01-23 22:07:40 +01:00
Eelco Dolstra d75fa1fdc1 wpa_supplicant: Use the nl80211 and wext drivers by default
This should make wpa_supplicant work out of the box on newer and older
kernels.
2013-01-22 12:33:41 +01:00
Eelco Dolstra 1aaa726e75 Merge remote-tracking branch 'origin/systemd' 2013-01-21 12:45:50 +01:00
Rickard Nilsson 1440e92ae8 Rename NetworkManager-init service to networkmanager-init 2013-01-17 13:37:54 +01:00
Rickard Nilsson c6bb091b5b Rewrite NetworkManager job to systemd service 2013-01-17 12:51:52 +01:00
Carles Pagès 3965f46085 Merge remote-tracking branch 'upstream/master' 2013-01-16 22:53:39 +01:00
Carles Pagès ab29ea3c37 Support driSupport32Bit for nvidia legacy 304.
I need this for steam to work with some older cards.
2013-01-16 22:49:21 +01:00
Eelco Dolstra 4d983d4955 Rename ‘system.build.systemd’ to ‘systemd.package’
This makes it cheaper to test a new systemd and is more consistent
with other modules.
2013-01-16 13:17:57 +01:00
Eelco Dolstra ae4e94d9ac Rename ‘boot.systemd’ to ‘systemd’
Suggested by Mathijs Kwik.  ‘boot.systemd’ is a misnomer because
systemd affects more than just booting.  And it saves some typing.
2013-01-16 12:33:18 +01:00
Evgeny Egorochkin e201da376e torsocks: make 2 wrappers to torify apps with more and less circuit isolation. 2013-01-15 08:59:02 +02:00
Evgeny Egorochkin 123c73caf6 Torify: restore as an alternative to TorSocks due to lack of compatibility with apps like Kopete. 2013-01-15 07:34:53 +02:00
Evgeny Egorochkin 0aad75fe70 Tor: improve circuit isolation. By default apps are isolated better, with extra port available for web browsers to keep
performance as it used to be before this commit.
2013-01-14 07:37:13 +02:00
Evgeny Egorochkin 4e2f9c8679 TOR: replace deprecated option 2013-01-14 06:38:11 +02:00
Eelco Dolstra 5685ee5446 Add/fix systemd unit descriptions 2013-01-10 13:59:41 +01:00
Eelco Dolstra 3bbbd62cbc Start dhcpcd/wpa_supplicant after systemd-udev-settle
This is necessary to prevent a race.  Udev 197 has a new naming scheme
for network devices, so it will rename (say) eth0 to eno0.  This fails
with "error changing net interface name eth0 to eno1: Device or
resource busy" if another process has opened the interface in the
meantime.
2013-01-10 13:46:34 +01:00
aszlig 80a381f521
Revert "xserver: Allow to add extra options ...
This reverts commit 1e741f1572b6793b861e2f9820015475ce339ae0 as it is
unnecessary according to @edolstra, because services.xserver.config from another
module will be merged into the configuration.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2013-01-10 01:43:44 +01:00
aszlig 0129717b17
xserver: Allow to set XRandR multi head layout.
This is currently only a very simple implementation which just recurses a list
of heads that get chained together to the right of the corresponding previous
item of the list.

If I forgot about something in the already existing configuration options,
please let me know or if this commit is useless or a duplicate, feel free to
revert. But by looking at implementation before this commit, I only see zaphod
and/or quirky xinerama-like configuration options.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2013-01-10 00:54:00 +01:00
Eelco Dolstra 0b3d54d3cd Guard against portmap and rpcbind both being enabled 2013-01-09 22:53:44 +01:00
aszlig e4d949ec88
xserver: Allow to add extra options to xorg config.
This is especially useful if you want to supply a default XRandR configuration,
where you need multiple "Monitor" sections in order to set properties for
specific CRTCs (if not running in zaphod mode).

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2013-01-09 22:28:09 +01:00
Shea Levy 19127aa416 Add dd-agent module 2013-01-08 16:19:51 -05:00
Eelco Dolstra 81796c5baf Add a command ‘nixos-help’ that opens the NixOS manual in a browser 2013-01-08 02:13:33 +01:00
Eelco Dolstra 74bae63135 smartd: Remove unnecessary PartOf dependency 2013-01-07 16:01:22 +01:00
Eelco Dolstra da32722ade display-manager: Start after local-fs.target
We don't want users trying to log in while /home is still being
fsck'ed...
2013-01-07 16:00:10 +01:00
Alexander Inyukhin 462a9f9fb0 Remove .conf extension from acpid config files
This should fix #51
2013-01-05 20:12:08 +00:00
Jan Malakhovski 4e64755b9d wacom: add USB tablet support
To be honest, it's more like "be less discriminating against USB tablets".
USB tablets usually get autodetected, device name is not necessary and defaulting to a serial touchscreen is a clear discrimination.
Unconditionally remapping buttons is generally not a good idea either.
Old defaults transformed into examples.
2013-01-05 19:38:23 +00:00
Eelco Dolstra 1aea92c4ce Ensure that ‘nix.gc.options’ is subject to shell expansion 2013-01-05 01:35:26 +01:00
Eelco Dolstra 96ba0ca283 For some units, use "systemctl restart" rather than "systemctl stop/start"
During a configuration switch, changed units are stopped in the old
configuration, then started in the new configuration (i.e. after
running the activation script and running "systemctl daemon-reload").
This ensures that services are stopped using the ExecStop/ExecStopPost
commands from the old configuration.

However, for some services it's undesirable to stop them; in
particular dhcpcd, which deconfigures its network interfaces when it
stops.  This is dangerous when doing remote upgrades - usually things
go right (especially because the switch script ignores SIGHUP), but
not always (see 9aa69885f0).  Likewise,
sshd should be kept running for as long as possible to prevent a
lock-out if the switch fails.

So the new option ‘stopIfChanged = false’ causes "systemctl restart"
to be used instead of "systemctl stop" followed by "systemctl start".
This is only proper for services that don't have stop commands.  (And
it might not handle dependencies properly in some cases, but I'm not
sure.)
2013-01-05 01:05:25 +01:00
Eelco Dolstra baac242a1f Run the garbage collector as a systemd service
Running it from systemd rather than cron has several advantages:
systemd ensures that only one instance runs at a time; the GC can be
manually started/stopped; and logging goes to the journal.

We still need cron to start the service at the right time, but
hopefully soon we can get rid of cron entirely (once systemd supports
starting a unit at a specific time).
2013-01-04 14:04:41 +01:00
Eelco Dolstra f701acfac0 nix-daemon: Start "nix-daemon" rather than "nix-worker --daemon" 2013-01-04 13:50:50 +01:00
Rickard Nilsson 19e8ffc43f networkmanager: Use systemctl instead of initctl 2012-12-30 19:30:18 +01:00
Mathijs Kwik 183829cf99 gogoclient: change working dir before starting
otherwise state files are placed in /
2012-12-28 10:22:49 +01:00
Mathijs Kwik 244ed6ae71 nscd: use proper systemd.special(7) targets 2012-12-27 12:23:50 +01:00
Mathijs Kwik 3456f3b232 systemd: convert gogoclient job to service unit 2012-12-27 12:23:50 +01:00
Mathijs Kwik f61f0c139b systemd: convert smartd job to service 2012-12-27 12:23:50 +01:00
Mathijs Kwik dc58c2ea37 systemd: convert samba jobs to systemd services (samba.target) 2012-12-27 12:23:50 +01:00
Mathijs Kwik 90fa68cf32 systemd: convert mongodb job to service 2012-12-27 12:23:50 +01:00
Eelco Dolstra fb8af2f9b6 postgresql: Don't wait for ages in post-start if the service has failed 2012-12-21 00:18:12 +01:00
Eelco Dolstra ab18c03685 mysql55: Port to systemd
Not tested.  Seriously tempted to delete mysql55.  See issue #47.
2012-12-18 13:45:25 +01:00
Eelco Dolstra 75c67b0194 mysql: Port to systemd 2012-12-18 13:45:25 +01:00
Carles Pagès e312df06f0 Add support for nvidia 304.xx drivers in xserver.
Those were already in nixpkgs, but not supported in xserver. Since some time
ago the current 310.xx dropped support for some not so new cards.
2012-12-13 11:36:18 +01:00
Rob Vermaas 859badc966 Zabbix agent: RemainAfterExit=true seems to give more reliable restarts, cannot completely figure out why, as Type=forking should be enough. 2012-12-11 20:54:19 +01:00
Eelco Dolstra 97ae408e83 Merge remote-tracking branch 'origin/master' into systemd 2012-12-11 17:40:39 +01:00
Eelco Dolstra 78bd54ca80 Allow setting additional AuthorizedKeysFiles
Charon needs this to include the dynamically generated
/root/.vbox-charon-client-key.  (We used
users.extraUsers.root.openssh.authorizedKeys.keyFiles for this, but
that no longer works.)
2012-12-11 17:29:34 +01:00
Eelco Dolstra eda051cff5 Remove abuse of "with" 2012-12-11 17:14:52 +01:00
Rickard Nilsson 68872f81cf openssh: Change the way authorized keys are added to the system.
Instead of the somewhat hacky script that inserted public keys
into the users' .ssh/authorized_keys files, use the AuthorizedKeysFile
configuration directive in sshd_config and generate extra key
files for each user (placed in /etc/authorized_keys.d/).
2012-12-11 17:02:39 +01:00
Eelco Dolstra ef3199f782 Add options for specifying binary caches
Cherry-picked a4bcb26b1a.
2012-12-08 18:37:40 +01:00
Evgeny Egorochkin 860cbf7890 scanner support: create scanner group. Users need to be in this group to access scanners. 2012-12-06 02:59:34 +02:00
Evgeny Egorochkin 15a15be2f6 dhcpcd: disable "require dhcp_server_identifier" because of so many non-compliant DHCP servers 2012-12-05 23:55:42 +02:00
Eelco Dolstra b1da38f564 Merge remote-tracking branch 'origin/master' into systemd 2012-11-30 16:12:04 +01:00
Eelco Dolstra 7435db4f89 Get rid of the last uses of mkAlways
mkAlways is an insane function, mkMerge is much saner.
2012-11-30 15:07:39 +01:00
Eelco Dolstra 9eb81d2578 Renamed tcpWrapper -> tcp_wrappers 2012-11-29 15:16:30 +01:00
Peter Simons 6b6b245693 sane: update name of the snapshot version of the backends 2012-11-26 16:21:11 +01:00
Peter Simons 403dc16c51 sane: update name of the snapshot version of the backends 2012-11-26 16:20:29 +01:00
Eelco Dolstra a4bcb26b1a Add options for specifying binary caches 2012-11-22 11:49:47 +01:00
Eelco Dolstra 722a3a7147 Remove unnecessary (AFAICT) call to toPath 2012-11-15 23:07:05 +01:00
Rickard Nilsson 02e0d7dbc3 dnsmasq: Add extraConfig option 2012-11-12 18:16:04 +01:00
Shea Levy 2f833bc88d Remove unnecessary toPath that breaks with recent nixUnstable 2012-11-08 13:04:20 -05:00
Eelco Dolstra e078117c72 firewall.nix: Don't fail if IPv6 is disabled 2012-11-06 22:55:25 +01:00
Peter Simons 70e6e19f54 xsession: source /etc/profile at the beginning of the script
The xsession script runs services that depend on a sane environment. Gpg-agent, for
example, runs the program "pinentry-gtk-2" to obtain the password to unlock GnuPG
and SSH keys. That program will display only gibberish unless $FONTCONFIG_FILE is
configured properly. Instead of configuring these variables explicitly one by one,
we just source /etc/profile, which contains the appropriate @shellInit@ code.
2012-11-05 23:07:53 +01:00
Eelco Dolstra 97f087cd44 Turn networking.interfaces into an attribute set
Thus

  networking.interfaces = [ { name = "eth0"; ipAddress = "192.168.15.1"; } ];

can now be written as

  networking.interfaces.eth0.ipAddress = "192.168.15.1";

The old notation still works though.
2012-11-02 17:08:11 +01:00
Eelco Dolstra 67de234e1c wpa_supplicant.nix: Slightly improve descriptions 2012-11-02 17:05:30 +01:00
Eelco Dolstra 6ae0b3beed dhcpcd: Don't use --background so that fetch-ec2-data can be ordered after it 2012-11-02 14:20:05 +01:00
Eelco Dolstra 48a0ea0513 Make Apache wait for ‘charon send-keys’
(This is a no-op on non-Charon deployments since the ‘keys.target’
unit won't have any dependencies.)
2012-11-01 23:32:12 +01:00
Eelco Dolstra 1860badbeb dhcpcd: Go into the background immediately 2012-10-31 14:24:51 +01:00
Eelco Dolstra f293455474 dhcpcd: Don't duplicate log messages
Dhcpcd writes log messages to both syslog and stderr.  So ignore
stderr.
2012-10-31 14:24:22 +01:00
Rob Vermaas 8caceffae8 Logstash: fix typo, should have tested. 2012-10-30 14:22:14 +01:00
Rob Vermaas 631fce3c6f Logstash: pass TZ, redirect log output to prevent recursion when using syslogd. 2012-10-30 14:18:51 +01:00
Rob Vermaas 2b19856f40 Logstash: do not always log to stdout 2012-10-30 14:09:30 +01:00
Eelco Dolstra 4764848314 Remove some obsolete options 2012-10-29 21:10:00 +01:00
Peter Simons cd372c62ea modules/services/networking/ssh/sshd.nix: configure AddressFamily properly
Explicitly restrict sshd to use of IPv4 addresses if IPv6 support is not enabled.
2012-10-29 12:46:30 +01:00
Eelco Dolstra ae861c8e33 Undo accidental commit 2012-10-29 12:44:38 +01:00
Eelco Dolstra 390f5f7376 Remove the cgroups module
Cgroups are handled by systemd now.  Systemd's cgroup support does not
do all the things that cgrulesengd does, but they're likely to
interact poorly with each other.
2012-10-26 19:36:59 +02:00
Eelco Dolstra 6705358ede Convert Zabbix agent/server to systemd
Note all the crap systemd doesn't need :-)
2012-10-26 16:22:19 +02:00
Lluís Batlle i Rossell c76fc27aff dnsmasq: Setting fixed order in DNS name resolution.
That fits better my setup; if anyone doesn't need this, we can write an option
for the fixed order queries.
2012-10-24 19:29:39 +02:00
Peter Simons b43e219aeb modules/services/networking/ssh/sshd.nix: configure AddressFamily properly
Explicitly restrict sshd to use of IPv4 addresses if IPv6 support is not enabled.
2012-10-24 19:01:38 +02:00
Eelco Dolstra b6f9e05269 Update NFS client/server modules for systemd 2012-10-24 18:10:58 +02:00
Eelco Dolstra 2d9258da67 auto.nix: Use SLiM to implement auto-logins 2012-10-24 12:31:02 +02:00
Vladimír Čunát a392468245 Merge pull request #39 from MarcWeber/fixes/ati-proprietary
making ati proprietary drivers work again
2012-10-24 02:59:38 -07:00
Eelco Dolstra 224c825a36 Add option ‘users.motd’ for setting a message of the day shown on login
Note that this uses pam_motd.
2012-10-23 09:10:48 -04:00
Eelco Dolstra ac8db6fd33 firewall.nix: Don't fail if IPv6 is disabled 2012-10-19 15:21:06 -04:00
Peter Simons 7d58132c0a Merge pull request #36 from jcumming/hostapd
hostapd module
2012-10-18 03:21:31 -07:00
aszlig f9831a94c9
apache-httpd: Simplify all versionOlder calls.
We now just have a simple attribute called "version24" which replaces all those
pesky versionOlder that were spreading throughout the file and makes things way
more readable.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2012-10-17 17:47:30 +02:00
aszlig 919e6e55a9
apache-httpd: Create runtime dir for version 2.4.
By default the path is determined related to ServerRoot. Unfortunately
ServerRoot is pointing to the Nix store and the web server can't write to it.

We now create a directory called "runtime" withen the stateDir and point
DefaultRuntimeDir to it.

For more information on the DefaultRuntimeDir directive, please see:

http://httpd.apache.org/docs/2.4/mod/core.html#defaultruntimedir

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2012-10-17 17:38:43 +02:00
aszlig 5655ec0efa
apache-httpd: Avoid NameVirtualHost in >= v2.4.
NameVirtualHost no longer has any effect on version 2.4 and just emits ugly
warnings, so let's not use it if we use 2.4.

More information: http://httpd.apache.org/docs/2.4/upgrading.html#misc

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2012-10-17 17:03:50 +02:00
aszlig a88453fbaa
apache-httpd: Properly wrap access directives.
The Order/Deny directives are deprecated in version 2.4, so we're going to
define two wrappers for allDenied and allGranted in order to properly generate
configurations for both version 2.2 and 2.4.

For more information an access control changes, see:

http://httpd.apache.org/docs/2.4/upgrading.html#access

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2012-10-17 16:57:18 +02:00
aszlig 3acd98b040
apache-httpd: Add unixd for 2.4, needed by "User".
Beginning with 2.4 mod_unixd is needed to supply Unix usernames and groups for
the web server. For details please have a look at:

http://httpd.apache.org/docs/2.4/upgrading.html#commonproblems

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2012-10-17 15:34:08 +02:00
aszlig 3ad8fac5a2
apache-httpd: Dynamically load MPM module in v2.4.
Now, MPMs can be loaded at runtime and it's no longer required to compile in one
of the MPM modules statically. So, if version is >= 2.4, load the MPM module
corresponding to the multiProcessingModule value of the service module.

For details, please see: http://httpd.apache.org/docs/2.4/mpm.html

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2012-10-17 15:17:48 +02:00
aszlig 18076e001a
apache-httpd: Use authn_core for version >= 2.3.
Beginning with version 2.3, the authn were refactored. As a result, authn_alias
is now part of the new module authn_core, so let's use authn_core instead of
authn_alias.

For details please see: http://httpd.apache.org/docs/2.4/upgrading.html#misc

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2012-10-17 15:11:53 +02:00
Eelco Dolstra 8499d7555f Backward compatibility hack for ‘networking.nat.internalIPs’ 2012-10-16 11:28:30 -04:00
Mathijs Kwik 97a3a99b40 firewall: options to select connection-tracking helpers
My main reason for adding this is the ability to turn off helpers
altogether. If you are not using any of the special protocols, keeping
them turned off is safest, and in case you do want to use them, it's
best to configure them through the new CT target for your network
topology. Perhaps some sane defaults for nixos can be examined in the
future.

This change has no impact if you don't touch the added options, so no
need to adapt.
2012-10-13 09:59:31 +02:00
Mathijs Kwik 6c62de6a31 firewall: option to enable the rpfilter netfilter module
This is meant to replace /proc/sys/net/ipv4/conf/*/rp_filter, which
only works for ipv4. Furthermore, it's nicer to handle this kind of
filtering in the firewall.

There are some more subtle differences, please see:
https://home.regit.org/netfilter-en/secure-use-of-helpers/

I chose to enable this by default (when the firewall is enabled) as
it's a good idea in general. Only people with advanced routing needs
might not want this, but I guess they don't use the nixos firewall
anyway and use a custom solution. Furthermore, the option only becomes
available in kernel 3.3+, so conservative nixos users that just stick
to the default kernel will not need to act now just yet.
2012-10-13 09:59:31 +02:00
Eelco Dolstra 71a541afb6 dhcpcd: Don't depend on network-interfaces.target
Dhcpcd automatically detects new interfaces, so we can start it right
away.
2012-10-11 17:57:54 -04:00
Eelco Dolstra 285f587025 Move non-interface specific initialisation to ‘network-setup.service’
The unit ‘network-interface.service’ has been replaced by
‘network-interfaces.target’.
2012-10-11 16:18:48 -04:00
Eelco Dolstra d7458b5fc2 Split the monolithic network-interface service into multiple units
For each statically configured interface, we now create a unit
‘<interface>-cfg.service’ which gets started as soon as the network
device comes up.  Similarly, each bridge defined in
‘networking.bridges’ and virtual interface in ‘networking.interfaces’
is created by a service ‘<interface>.service’.

So if we have

  networking.bridges.br0.interfaces = [ "eth0" "eth1" ];
  networking.interfaces =
    [ { name = "br0";
        ipAddress = "192.168.1.1";
      }
    ];

then there will be a unit ‘br0.service’ that depends on
‘sys-subsystem-net-devices-eth0.device’ and
‘sys-subsystem-net-devices-eth1.device’, and a unit ‘br0-cfg.service’
that depends on ‘sys-subsystem-net-devices-br0.device’.
2012-10-10 17:55:42 -04:00
Eelco Dolstra e9b221c2ff firewall.nix: Don't spam the log 2012-10-10 16:51:05 -04:00
Jack Cummings 71e6eca567 - fix indention, clarify parameter descriptions, and use 'exec' instead of 'script' in the hostapd job 2012-10-09 12:19:09 -07:00
Eelco Dolstra 6902452901 Whitespace 2012-10-09 15:14:32 -04:00
Jack Cummings e40146de16 nat: enable NAT for multiple networks 2012-10-09 14:00:59 -04:00
Jack Cummings e8d8b6b399 smartd: Add options for each device being monitored 2012-10-09 14:00:59 -04:00
Mathijs Kwik 01b8c48c32 logcheck: add some options to ease setting up ignore-rules
The special handling for cronjobs should probably move to the cron
module (logcheckIgnore = bool option) in the future, as it's more
natural to just declare a cronjob, and mark it as "log-ignored",
instead of adding cronjobs through logcheck.

But as systemCronjobs is not an attrset yet (just simple strings),
this would require adding an attrset for cronjobs or parsing strings
in the nix language to get hold of the cron-user and command.

So for now, I keep the interface within logcheck's module.
2012-10-09 16:04:17 +02:00
Eelco Dolstra dd3fe9d792 Merge remote-tracking branch 'origin/master' into systemd
Conflicts:
	modules/services/system/nscd.nix
2012-10-08 13:47:37 -04:00
Marc Weber 87bb6b1c6d making ati proprietary drivers work again
However SLIM is still broken and you have to create a
/usr/lib/dri/fglrx_dri.so symlink pointing to
/run/opengl-driver/lib/fglrx_dri.so

At least fgl_glxgears shows 10 times more frames per second now
2012-10-07 17:24:42 +02:00
Jack Cummings 33754edb3e - add a hostapd module 2012-10-05 21:39:56 -07:00
Eelco Dolstra dd1770bf0b Enable klogd on Linux < 3.5
On Linux >= 3.5, systemd takes care of logging kernel messages.
2012-10-05 13:44:15 -04:00
Eelco Dolstra a5969634f4 sshd: Do detach into the background
This is necessary to ensure that jobs that need to start after sshd
work properly.

This reverts 03f13a4939.
2012-10-04 23:38:27 -04:00
Eelco Dolstra 892b3f6ad6 acpid: Skip (rather than fail) if /proc/acpi doesn't exist
E.g. EC2 instances don't have ACPI.
2012-10-04 23:26:01 -04:00
Eelco Dolstra 9b431cb24e upower: Work around the daemon getting stuck after a suspend 2012-10-04 21:58:40 -04:00
Eelco Dolstra 7d26dde69a Oops, systemd-inhibit should be exec'ed 2012-10-04 21:58:20 -04:00
Eelco Dolstra db2a4d144e xsession: Set a inhibitor to prevent systemd from handling the power button and lid 2012-10-04 21:44:24 -04:00
Eelco Dolstra 38229da940 upower: Add glib to $PATH
The upower daemon needs the gdbus command (which is weird given that
upower links against dbus_glib, but ah well...).  This fixes suspend
in KDE with systemd.
2012-10-04 16:38:31 -04:00
Eelco Dolstra 6c6134c2d2 Fix the manual service on the installation CD 2012-10-04 16:15:10 -04:00
Eelco Dolstra 8dc4f2c3be Fix the rogue service for systemd 2012-10-04 15:27:31 -04:00
Eelco Dolstra 02624758b1 Use udev to restore ALSA volume settings
Alsa-utils provides a udev rule to restore volume settings, so use
that instead of restoring them from a systemd service.  The
"alsa-store" service saves the settings on shutdown.
2012-10-02 11:09:54 -04:00
Eelco Dolstra 2cf5e3cb66 Add options ‘boot.systemd.targets’ and ‘boot.systemd.sockets’ 2012-10-01 18:58:11 -04:00
Eelco Dolstra 990ec8cc4e Decrease PostgreSQL start check interval 2012-10-01 17:32:03 -04:00
Eelco Dolstra 2326c6da2b postgresql.nix: Depend on the filesystem containing the database 2012-10-01 16:53:13 -04:00
Eelco Dolstra 5cf702e1c1 postgresql.nix: Use User/Group instead of su 2012-10-01 16:49:02 -04:00
Eelco Dolstra 891be375b5 Make unitConfig/serviceConfig attribute sets
So instead of:

  boot.systemd.services."foo".serviceConfig =
    ''
      StartLimitInterval=10
      CPUShare=500
    '';

you can say:

  boot.systemd.services."foo".serviceConfig.StartLimitInterval = 10;
  boot.systemd.services."foo".serviceConfig.CPUShare = 500;

This way all unit options are available and users can set/override
options in configuration.nix.
2012-10-01 16:27:42 -04:00
Peter Simons 4b78161e3e dovecot: add options to selectively enable/disable the IMAP and/or POP3 listener 2012-09-30 00:54:03 +02:00
Mathijs Kwik 1b47614c46 invalidate-nscd: use script instead of exec for multiple commands
otherwise, only the first one line executes
2012-09-29 10:51:28 +02:00
Eelco Dolstra 0c4c3fc8aa Merge branch 'systemd' of github.com:NixOS/nixos into systemd 2012-09-28 11:41:59 -04:00
Peter Simons 03f13a4939 Tell sshd not to detach into the background.
This makes it easier for systemd to track it and avoids race conditions such as
this one:

  systemd[1]: PID file /run/sshd.pid not readable (yet?) after start.
  systemd[1]: Failed to start SSH Daemon.
  systemd[1]: Unit sshd.service entered failed state.
  systemd[1]: sshd.service holdoff time over, scheduling restart.
  systemd[1]: Stopping SSH Daemon...
  systemd[1]: Starting SSH Daemon...
  sshd[2315]: Server listening on 0.0.0.0 port 22.
  sshd[2315]: Server listening on :: port 22.
  sshd[2335]: error: Bind to port 22 on 0.0.0.0 failed: Address already in use.
  sshd[2335]: error: Bind to port 22 on :: failed: Address already in use.
  sshd[2335]: fatal: Cannot bind any address.
  systemd[1]: Started SSH Daemon.
2012-09-28 17:38:24 +02:00
Peter Simons fabe06337e alsa.nix: initialize the sound card before restoring previously stored settings
The sound card in my ThinkPad won't work unless "init" is run explicitly.
2012-09-28 17:38:24 +02:00
Eelco Dolstra 3ad370ae0a Merge remote-tracking branch 'origin/master' into systemd
Conflicts:
	modules/misc/ids.nix
	modules/services/mail/postfix.nix
	modules/services/system/nscd.nix
	modules/services/x11/desktop-managers/xfce.nix
	modules/system/boot/stage-1.nix
2012-09-28 11:35:27 -04:00
Eelco Dolstra 3e6bb7d1de Move setting ownership of /nix/store to stage-2-init
This is necessary because the store might be bind-mounted read-only.
2012-09-28 10:59:58 -04:00
Peter Simons 6f052ee62e spamassassin: use virtual user home directories under /var/lib/spamassassin to avoid permission problems
When spamd isn't running as 'root', it cannot access the usual ~/.spamassassin
path where user-specific files normally reside. Instead, we use the path
/var/lib/spamassassin-<user> to store those home directories.
2012-09-28 00:06:52 +02:00
Peter Simons bcb8038726 spamassassin: add option for running the spamd daemon in debug mode 2012-09-27 17:12:25 +02:00
Peter Simons 9d83b8897b spamassassin: drop obsolete command line options 2012-09-27 16:51:32 +02:00
Rickard Nilsson 65c1c6525b network-manager: Big overhaul
* Add group 'networkmanager' and implement polkit configuration
    that allows users in this group to make persistent, system-wide
    changes to NetworkManager settings.

  * Add support for ModemManager. 3G modems should work out of the
    box now (it does for me...). This introduces a dependency on
    pkgs.modemmanager.

  * Write NetworkManger config file to Nix store, and let the
    daemon use it from there.
2012-09-27 09:26:07 +02:00
Peter Simons af7c192f2a postfix: convert service to systemd 2012-09-25 16:38:09 -04:00
Peter Simons 5ef71c6d22 smartd: convert service to systemd 2012-09-25 16:38:05 -04:00
Eelco Dolstra a139fa14b1 Optionally make the Nix store read-only to enforce immutability
This will be the default once Nix 1.2 is released.
2012-09-25 16:33:21 -04:00
Eelco Dolstra fcebb3f3cd Clean up the nscd job 2012-09-25 15:22:55 -04:00
Peter Simons 2d6d678bb9 dovecot.nix: correct bogus reference to dovecot in Nixpkgs 2012-09-25 11:24:35 +02:00
Peter Simons a7700202f2 Rename dovecot2 module to dovecot.
We no longer support more than one version.
2012-09-25 11:23:53 +02:00
Peter Simons c1949c36e9 Merge pull request #31 from peti/master
Drop service for dovecot 1.x.
2012-09-24 07:31:04 -07:00
Peter Simons 97c74bf050 alsa.nix: initialize the sound card before restoring previously stored settings
The sound card in my ThinkPad won't work unless "init" is run explicitly.
2012-09-23 22:40:19 +02:00
Peter Simons 00e19c91e5 postfix: add option 'extraMasterConf' to extend the default master.cf file 2012-09-23 12:21:48 +02:00
Peter Simons b8f09be5e0 Remove service for dovecot version 1.x. 2012-09-22 12:51:58 +02:00
Eelco Dolstra 0bd7bdfe0d Merge branch 'master' of github.com:NixOS/nixos 2012-09-21 11:03:25 -04:00
Eelco Dolstra 600d43ba93 Drop xfce-4.6 compatibility 2012-09-21 11:03:07 -04:00
Peter Simons 4476b875fc Add services.dovecot2.extraConfig option to configure arbitrary settings for which NixOS has no direct support. 2012-09-21 16:04:46 +02:00
Peter Simons 0573c7fcae modules/services/mail/dovecot2.nix: update syntax for SSL config options 2012-09-21 12:29:36 +02:00
Peter Simons 155495deb2 modules/services/mail/dovecot2.nix: accept plain text authentication only over secure channels when TLS is available
Connects from 'localhost' are always considered secure.
2012-09-21 12:29:36 +02:00
Peter Simons 1da16a5ea1 modules/services/mail/dovecot2.nix: log via syslog instead of writing a separate file 2012-09-21 12:29:36 +02:00
Eelco Dolstra d4af6edd5e firewall.nix: Allow specifying trusted network interfaces
Trusted network interfaces (such as "lo") will accept any incoming
traffic.
2012-09-20 17:51:44 -04:00
Eelco Dolstra 1e666c10fa Get rid of the last use of mkThenElse 2012-09-20 16:55:32 -04:00
Rickard Nilsson 0de3a0cff3 nscd-invalidate: Invalidate passwd and group databases also
I had some problems with LDAP user lookups not working properly
at boot. I found that invalidating passwd and group on the
ip-up event (when nscd-invalidate starts) helped a bit.
2012-09-19 14:30:55 +02:00
Eelco Dolstra d12dd340b6 firewall.nix: Respect networking.enableIPv6 = false
Reported-by: Pablo Costa <modulistic@gmail.com>
2012-09-18 17:20:46 -04:00
Eelco Dolstra aac6fe44b6 Merge branch 'master' of github.com:NixOS/nixos into systemd 2012-09-11 10:58:57 -04:00
Ludovic Courtès f7530dc5ee avahi: Never set host-name' to the empty string in avahi-daemon.conf'. 2012-09-07 10:58:53 +02:00
Rob Vermaas 27880ed729 Change logstash job startOn attribute to include networking 2012-09-06 12:31:15 +02:00
Eelco Dolstra e0e0e57c26 Fix the OpenVPN jobs 2012-08-30 21:11:36 -04:00
Mathijs Kwik d106a8a296 logcheck: make sure directories are writable during merge phase 2012-08-29 22:59:28 +02:00
Peter Simons 51e58dafca spamassassin: use a dedicated user for running spamd 2012-08-28 16:27:28 +02:00
Mathijs Kwik 2769f594f3 add logcheck module 2012-08-26 16:04:49 +02:00
Mathijs Kwik 05262ad35d postfix: allow specifying 'virtual' mappings
mainly useful for having a few local addresses (me@host.domain.com) while the majority of
addresses are on the domain (you@domain.com)
2012-08-24 00:27:07 +02:00
Eelco Dolstra 4c65a5d95c Don't restart agetty 2012-08-23 11:13:33 -04:00
Eelco Dolstra b02c488fde Automatically append ".service" to the name of service units 2012-08-23 10:25:27 -04:00
Eelco Dolstra c2da812bd0 Enable upower's systemd unit 2012-08-21 11:29:59 -04:00
Eelco Dolstra 08f14b33c1 Merge branch 'master' of github.com:NixOS/nixos into systemd 2012-08-20 11:27:38 -04:00
Eelco Dolstra 39ec043aea Typo 2012-08-20 11:21:03 -04:00
Eelco Dolstra cdc3604a7d kdm: Do a poweroff, not a halt 2012-08-20 11:11:10 -04:00
Eelco Dolstra ebb1781dfc Fix KDE/kdm 2012-08-20 11:10:19 -04:00
Eelco Dolstra 1e5a2bca28 Remove HAL
It's obsolete and we no longer use it.
2012-08-17 14:45:43 -04:00
Eelco Dolstra c60d6caee8 Rename xserver.service to display-manager.service
The latter is what graphical.target expects.
2012-08-17 14:43:41 -04:00
Eelco Dolstra 490ce3a230 PAM: Rename ownDevices to startSession
Logind sessions are more generally useful than for device ownership.
For instances, ssh logins can be put in their own session (and thus
their own cgroup).
2012-08-17 13:48:22 -04:00
Eelco Dolstra 676157f1e7 slim.nix: Remove the hideCursor option because it doesn't work 2012-08-17 13:42:52 -04:00
Eelco Dolstra b91aa1599c sshd.nix: Disable password logins for root by default 2012-08-17 13:32:23 -04:00
Eelco Dolstra a44e575196 switch-to-configuration: Respect the ‘restartIfChanged’ attribute 2012-08-17 13:14:42 -04:00