The smartd used to expect a list of devices to monitor. After this patch, it
expects a list of attribute sets, which may have two attributes:
- device: path to the device (required)
- options: smartd options to apply to this particular device (optional)
A concrete example configuration would be:
services.smartd = {
enable = true;
devices = [ { device = "/dev/sda"; } { device = "/dev/sdb"; options = "-d sat"; } ];
};
Furthermore, the config option 'deviceOpts' can be used to configure options
that are applied to *every* device.
Enable it with
services.transmission.enable = true;
and optionally configure it
services.transmission.settings =
{
download-dir = "/srv/torrents/";
incomplete-dir = "/srv/torrents/.incomplete/";
incomplete-dir-enabled = true;
rpc-whitelist = "127.0.0.1,192.168.*.*";
# for users in group "transmission" to have access to torrents
umask = 2;
};
The above settings are written/merged into settings.json each time the
service is about to start.
In principle this could work, but the current remount logic in nix fails
to remount mountpoints that are root in their own filesystem (as would
be the case with bind-mounting a mountpoint over itself). nixos/nix#98
is aimed at fixing this.
Signed-off-by: Shea Levy <shea@shealevy.com>
Newer kernels (since torvalds/linux@abb139e75c) try to
read firmware directly from the filesystem before falling back to a
userspace helper (udev) if firmware cannot be found (in even newer
kernels, the fallback path can be disabled altogether). By default, only
certain paths in /lib/firmware* are searched, so this was initially not
helpful for NixOS.
Since torvalds/linux@2760284206 (which,
based on the commit message, was implemented just for NixOS, go us!),
though, an extra path can be dynamically prepended to the search path.
So do that, in three ways:
1. Pass a kernel command line option in case the module is built-in
2. Add a line to modprobe.conf in case the module isn't yet loaded by
activation-time
3. Add an activation script to set the option in /sys in case the module
is already loaded by activation-time.
man logind.conf clearly states that the header is [Login] (no 'd').
Without this fix services.logind.extraConfig does not take effect
because logind ignores the invalidly named section.
So that we can customize systemd-logind in configuration.nix.
Example:
services.logind.extraConfig = "HandleLidSwitch=ignore";
See man logind.conf for available options.
xf86videovmware[1].
Adds "vmware" to list of default options of
services.xerver.videoDrivers.
new default:
[ "ati" "cirrus" "intel" "vesa" "vmware" ]
old default:
[ "ati" "cirrus" "intel" "vesa" ]
[1] Pull request for xf86videovmware found at
https://github.com/NixOS/nixpkgs/pull/338.
The mongodb service runs as user mongodb, and therefore
the preStart-script has no permissions to set up mongodb
directories. This is solved by adding an initialisation
service that runs as root and just sets up the required
directories.
This reverts commit 2802538dc2. The idea
was good, but unfortunately $GDFONTPATH has a different format, i.e.
programs that use this variable don't descend into the directories
listed here like fontconfig does, so we cannot use the same values for
both settings.
Set the environment variable GDFONTPATH to the list of directories where fonts
are expected to be installed. This is search path is used by same GD-based
applications, such as Gnuplot.
Alternatively, we could rely on fontconfig to achieve the same thing, i.e. by
running
for n in $(fc-list | sed -r -e 's|^([^:]+):.*$|\1|'); do echo $(dirname "$n"); done | sort | uniq
to get that list at run-time, but the static approach feels more deterministic.
This provides a more convenient syntax and allows easier overriding.
For example,
environment.etc = singleton
{ target = "vconsole.conf";
source = vconsoleConf;
};
can now be written as
environment.etc."vconsole.conf".source = vconsoleConf;
Adding support for the kind of bootloader in raspberrypi. Disable grub,
disable generationsDir, enable boot.loader.raspberrypi.
Usual layout expected: /boot being the first vfat the board reads blobs from.
If the user tries to run a program that doesn't exist from Bash, the
program name is looked up in a database that maps to Nix package
names. If it is found, we print out a message like:
$ pdflatex
The program ‘pdflatex’ is currently not installed. It is provided by
several packages. You can install it by typing one of the following:
nix-env -i tetex
nix-env -i texlive-core
If the environment variable $NIX_AUTO_INSTALL is set, the command is
installed and executed automatically:
$ hello --version
The program ‘hello’ is currently not installed. It is provided by
the package ‘hello’, which I will now install for you.
installing `hello-2.8'
hello (GNU hello) 2.8
Copyright (C) 2011 Free Software Foundation, Inc. ...
To use this, you must currently manually put the SQLite programs
database in /var/lib/nixos/programs.sqlite. In the future, this file
should be provided as part of the NixOS channel so it gets updated
automatically. To get a test version:
$ curl http://nixos.org/~eelco/programs.sqlite.xz | xz -d > /var/lib/nixos/programs.sqlite
This reverts commit 683100666d.
Seems somebody (systemd? the kernel?) gets confused at power
events and remounts the filesystem containing /nix/store as
read-only.
Commit 37b56574e2 revealed that the code
to get regInfo from /proc/cmdline was broken. It only happened to
work because the kernel passes the command line to stage 1 through the
environment, so $regInfo was set anyway.
This is required to create a gschemas.compiled file with content
from all gschemas. Otherwise, gschemas.compiled will be taken
from a random package, and gsettings programs will not find what
they are looking for. I had to add this to get NetworkManager-applet
to work. You'll also have to add share/glib-2.0 to the pathsToLink
list.
Generating this in the activation script (along with gtk icons
etc), is not the nicest solution. But I have no real idea on
how to modularise it.
EC2 instances don't have a console, so it's pointless to start
emergency mode if a mount fails. (This happened to me with an
encrypted filesystem where the key wasn't sent on time using "charon
send-keys".) Better to cross fingers and continue booting.
This is necessary to prevent a race. Udev 197 has a new naming scheme
for network devices, so it will rename (say) eth0 to eno0. This fails
with "error changing net interface name eth0 to eno1: Device or
resource busy" if another process has opened the interface in the
meantime.
This reverts commit 1e741f1572b6793b861e2f9820015475ce339ae0 as it is
unnecessary according to @edolstra, because services.xserver.config from another
module will be merged into the configuration.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
This is currently only a very simple implementation which just recurses a list
of heads that get chained together to the right of the corresponding previous
item of the list.
If I forgot about something in the already existing configuration options,
please let me know or if this commit is useless or a duplicate, feel free to
revert. But by looking at implementation before this commit, I only see zaphod
and/or quirky xinerama-like configuration options.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Starting an authenticated root shell is a security hole, so don't do
it by default. The kernel command line parameter
‘initrd.shell_on_fail’ restores the original. (Of course, this only
improves security if you have a password on GRUB to prevent the kernel
command line from being edited by unauthorized users.)
The 'memtest86' package didn't work on any of my machines. 'memtest86plus', on
the other hand, seems to work just fine. Does anyone know why we keep the
seemingly older version around still?
This is especially useful if you want to supply a default XRandR configuration,
where you need multiple "Monitor" sections in order to set properties for
specific CRTCs (if not running in zaphod mode).
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
The "S|s|single" option is handled by systemd (starting
rescue.target). And the rescue target basically removes the need for
a special debug shell. (Also, there is "systemd.crash_shell=1" for
starting a shell if systemd crashes.)
Also, symlink kbrequest.target to rescue.target as suggested by the
systemd.special manpage. This way, you can start a sulogin rescue
shell by pressing Alt+Up.
Restarting <interface>-cfg.service may cause the interface's IP
addresses to be flushed. If the default gateway goes through that
interface, then the default gateway is deleted. So we need to
restart network-setup.target.
This allows setting the max tcp window size for the route of
the default gateway (usually the internet access).
It works only for non-DHCP configurations by now.
To be honest, it's more like "be less discriminating against USB tablets".
USB tablets usually get autodetected, device name is not necessary and defaulting to a serial touchscreen is a clear discrimination.
Unconditionally remapping buttons is generally not a good idea either.
Old defaults transformed into examples.
During a configuration switch, changed units are stopped in the old
configuration, then started in the new configuration (i.e. after
running the activation script and running "systemctl daemon-reload").
This ensures that services are stopped using the ExecStop/ExecStopPost
commands from the old configuration.
However, for some services it's undesirable to stop them; in
particular dhcpcd, which deconfigures its network interfaces when it
stops. This is dangerous when doing remote upgrades - usually things
go right (especially because the switch script ignores SIGHUP), but
not always (see 9aa69885f0). Likewise,
sshd should be kept running for as long as possible to prevent a
lock-out if the switch fails.
So the new option ‘stopIfChanged = false’ causes "systemctl restart"
to be used instead of "systemctl stop" followed by "systemctl start".
This is only proper for services that don't have stop commands. (And
it might not handle dependencies properly in some cases, but I'm not
sure.)
Running it from systemd rather than cron has several advantages:
systemd ensures that only one instance runs at a time; the GC can be
manually started/stopped; and logging goes to the journal.
We still need cron to start the service at the right time, but
hopefully soon we can get rid of cron entirely (once systemd supports
starting a unit at a specific time).
This is mainly useful for specifying mounts that depend on other
units. For example sshfs or davfs need network (and possibly
nameservices).
While systemd makes a distinction between local and remote
filesystems, this only works for in-kernel filesystems such as
nfs and cifs.
fuse-based filesystems (such as sshfs and davs) are classified as
local, so they fail without networking. By explicitly declaring these
mounts as full systemd units (as opposed to having systemd generate
them automatically from /etc/fstab), dependencies can be specified as
on every other unit.
In the future, we can probably port NixOS' filesystems handling to use
these native systemd.mount units and skip /etc/fstab altogether, but
this probably requires additional changes, such as starting systemd
even earlier during boot (stage 1).
I'm not any good at perl, and I only came up with this after many
slow attempts. Any review welcome.
But until this, memtest was broken, and extraPrepareConfig as well, in grub.
Having all services with DefaultDependencies=yes depend on
local-fs.target is annoying, because some of those services might be
necessary to mount local filesystems. For instance, Charon's
send-keys feature requires sshd to be running in order to receive LUKS
encryption keys, which in turn requires dhcpcd, and so on. So we drop
this dependency (and swap.target as well for consistency). If
services require a specific mount, they should use RequiresMountsFor
in any case.
Charon needs this to include the dynamically generated
/root/.vbox-charon-client-key. (We used
users.extraUsers.root.openssh.authorizedKeys.keyFiles for this, but
that no longer works.)
Instead of the somewhat hacky script that inserted public keys
into the users' .ssh/authorized_keys files, use the AuthorizedKeysFile
configuration directive in sshd_config and generate extra key
files for each user (placed in /etc/authorized_keys.d/).
