Commit graph

3031 commits

Author SHA1 Message Date
Eelco Dolstra fc2fc63f4c Use the Debian firmware package instead of the Intel-specific ones
The intel-*.nix modules are obsolete (since you can just say
‘hardware.enableAllFirmware = true’, or equivalently,
‘hardware.firmware = [ pkgs.firmwareLinuxNonfree ]’).  But we'll keep
them around for compatibility.
2013-08-14 02:31:43 +02:00
Evgeny Egorochkin 6246d75654 Unbreak iso_efi by feeding it a kernel that exists. 2013-08-12 21:42:45 +03:00
Jaka Hudoklin b244a47185 Add graphite, scalable realtime graphing service 2013-08-11 12:16:19 +02:00
Evgeny Egorochkin 51c84aadaa Merge pull request #213 from ivan/extraUsers-root
Document that extraUsers options apply to root
2013-08-10 22:14:10 -07:00
Evgeny Egorochkin f29068342a Merge pull request #212 from ivan/nix-conf-header
Describe where /etc/nix/nix.conf settings come from
2013-08-10 22:02:32 -07:00
Evgeny Egorochkin 15d3de2f7b Merge pull request #215 from ivan/nixos-rebuild-vvvvv
nixos-rebuild: support -vv, -vvv, -vvvv, and -vvvvv
2013-08-10 19:42:39 -07:00
Evgeny Egorochkin c5d8db945e Merge pull request #214 from ivan/typo-fix-1
Fix typos, especially those that end up in the NixOS manual
2013-08-10 19:34:38 -07:00
Ivan Kozik 425b0f0507 nixos-rebuild: support -vv, -vvv, -vvvv, and -vvvvv 2013-08-10 21:51:44 +00:00
Ivan Kozik 390fdb3e60 Fix typos, especially those that end up in the NixOS manual 2013-08-10 21:07:13 +00:00
Eelco Dolstra 5a676e463e Don't load nouveau and nvidiafb when using the proprietary nvidia driver 2013-08-09 18:45:45 +02:00
Ivan Kozik 2fc123f148 Document that extraUsers options apply to root 2013-08-09 01:28:21 +00:00
Ivan Kozik d6303b6068 Describe where /etc/nix/nix.conf settings come from 2013-08-09 00:51:45 +00:00
Evgeny Egorochkin 3b3dc83902 Speed up application start 2013-08-08 04:44:53 +03:00
Eelco Dolstra 4a83c97d3d Stage 1: Use modprobe from kmod instead of module-init-tools
The latter is obsolete.

http://hydra.nixos.org/build/5663799
2013-08-07 18:30:30 +02:00
Eelco Dolstra 168d48a5c9 nix-daemon: Run under the default nice level
Running at a low priority is generally bad since it runs the risk of
priority inversions, etc.  It's really the builders that should run
under a different priority (e.g. in their own cgroup).
2013-08-07 14:10:49 +02:00
Eelco Dolstra 5827261bef compiz: Disable
It doesn't currently work.
2013-08-07 14:10:49 +02:00
Evgeny Egorochkin e155187a8e Merge pull request #154 from MarcWeber/submit/x11-wacom-intuos5-fix
fix wacom hotplug and all Intuos 5 issues
2013-08-06 10:55:48 -07:00
Evgeny Egorochkin 35ac2ad9ca nixos-checkout: let it run without args again. 2013-08-06 19:04:21 +03:00
Evgeny Egorochkin 0bcabfa886 nixos-checkout: fix output if ran with no options, -h and --help. Other options will still trigger
mkdir output :(
2013-08-06 18:56:10 +03:00
Evgeny Egorochkin aa150f5aea KDE: fix config build when grub is used to generate boot menu, but isn't used as a loader. 2013-08-06 16:13:20 +03:00
Eelco Dolstra c7ed6322f6 Increase memory for the VirtualBox image generator 2013-08-05 14:52:37 +02:00
Jaka Hudoklin d0cb70cefb Add iodined, ip over dns daemon 2013-08-05 01:20:55 +02:00
Cillian de Róiste 41e04c9aff Merge branch 'supybot'
Conflicts:
	modules/misc/ids.nix
2013-08-04 03:59:18 +02:00
Cillian de Róiste 5b25c5a181 supybot.service: tidy up 2013-08-04 03:56:01 +02:00
Cillian de Róiste 6e093113fe Supybot service: failing to create stateDir in /var/lib 2013-08-04 00:18:44 +02:00
Vladimír Čunát ce54650b51 lightdm: remove unused reference to mesa drivers
I don't need them and llvm at all, for example.
2013-08-02 14:24:42 +02:00
aszlig 6ae87b81cc
qemu-vm: Add new option writableStoreUseTmpfs.
This is to use the VMs own disk image instead of a tmpfs in order to
avoid eating more memory. Of course, by default we still use the tmpfs
in order to not break existing VM tests.

I personally don't like the coding style of the option definition, but
in order to stay consistent, I followed the overall style in this file.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2013-08-01 02:10:13 +02:00
Cillian de Róiste 90554a03c7 Supybot/limnoria: add service module 2013-08-01 00:36:15 +02:00
Domen Kožar 37136e4adf Merge pull request #201 from garbas/networkmanager
openconnect and vpnc NetworkManager plugins added
2013-07-31 12:06:15 -07:00
Eelco Dolstra 39f67d9d38 Hide kernel pointers for unprivileged users via kptr_restrict 2013-07-31 16:11:04 +02:00
Martin Bravenboer 7bd50185ff Support Nix's mandatoryFeatures
Extend the buildMachines option to support specification of
supportedFeatures and mandatoryFeatures in order to support all
configuration options of the nix.machines file.
2013-07-31 15:49:35 +02:00
Eelco Dolstra 24a44c98d2 bash: Disable hashing of command lookups in interactive shells
This just confuses people when (say) using multiple profiles.
Performance benefits for interactive shells are likely to be very
small anyway.
2013-07-31 14:55:24 +02:00
Eelco Dolstra 57c35c94ca Use the qemu-kvm wrapper 2013-07-31 14:53:27 +02:00
Rob Vermaas 7a32f2d15a Fix node_modules references in uptime module. 2013-07-31 13:35:21 +02:00
Rob Vermaas 9cf0a41925 fail2ban: move /var/run/fail2ban creation to activation script to be able to restrict the write locations for the service properly, add configuration files to the restartTriggers. 2013-07-31 11:22:48 +02:00
Rickard Nilsson 3ca7d7b291 Add OpenSMTPD service option 2013-07-30 10:20:56 +02:00
Rob Vermaas 96be2d5a7d Fix ReadWriteDirectories for fail2ban, added /var/tmp. 2013-07-28 18:33:57 +02:00
aszlig 5a2390327d
nixos-rebuild: Allow to use --repair.
Unfortunately, the flag only works directly and without the daemon, so
this adds an extra variable $repair, to avoid the daemon. This is to
avoid to iterate through the $extraBuildFlags just to test whether
"--repair" exists.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2013-07-26 06:23:49 +02:00
Eelco Dolstra ef5e2be339 venus: Support https 2013-07-25 22:57:09 +02:00
Rob Vermaas 6adfb647ff Limit the capabilities of what fail2ban service can do. Taken from ArchLinux wiki. 2013-07-25 20:03:29 +02:00
Rob Vermaas 7e7392b8ad Limit the location where fail2ban service can write to (only /var/run/fail2ban). 2013-07-25 15:48:00 +02:00
Rob Vermaas c5f6a08750 Make fail2ban a normal systemd service in nixos module. 2013-07-25 15:40:20 +02:00
Rok Garbas 73284567cc venus service: using systemd timer instead of cronjob 2013-07-24 00:20:37 +02:00
Rok Garbas f9fbbb5d2f venus service better description 2013-07-23 23:04:55 +02:00
Rok Garbas 589b745fc6 new venus service 2013-07-23 22:42:12 +02:00
Eelco Dolstra 438b057eb3 Lower the default console log level
It used to be set to 7 (debug) so you get lots of crap on the console.
The new value of 4 is also what Ubuntu uses.  Red Hat uses 3.

A nice side effect is that it's more likely that the LUKS passphrase
prompt doesn't get clobbered by kernel log messages.
2013-07-23 22:18:25 +02:00
Eelco Dolstra 8dc09be07b Fix indentation / tabs 2013-07-23 22:18:25 +02:00
Rickard Nilsson 462e4255fa x11 session: Don't start pulseaudio if it already is running system-wide 2013-07-23 19:07:12 +02:00
Rickard Nilsson cd0da98b03 pulseaudio service: Use the configured pulseaudio package instead of the default. 2013-07-23 19:07:07 +02:00
Rob Vermaas 4a0f707f71 New kernel iso/system_tarball now use 3.10 in stead of 3.7, which had been removed. 2013-07-23 10:09:41 +02:00
Rob Vermaas 2cb25bd65c Revert "Only include /bin/sh (not all of /bin) in the chroot"
This reverts commit 883d310bac.
2013-07-23 10:00:54 +02:00
Rob Vermaas 7163babe84 Revert "Allow specifying packages whose closures should be in the chroot"
This reverts commit be3d498b18.
2013-07-23 10:00:43 +02:00
Bjørn Forsman 8d596006dd Ensure /var/log/journal permission bits are set
Ensure permission bits are (re)set on each system activation with
explicit chmod call.

mkdir -m MODE PATH will only set the permission bits if PATH is
*created*, which means users that have old NixOS versions will continue
to have the old 700 permissions on /var/log/journal until they chmod
manually. With this commit the permissions will be set to 755 on system
activation.
2013-07-22 20:09:50 +02:00
Bjørn Forsman 38a4d6d6d7 apcupsd-service: "UPS daemon" => "APC UPS daemon" description update
Sometimes systemd only prints the service description. Then it is nice
to know which UPS daemon we're dealing with.
2013-07-22 14:58:51 +02:00
Bjørn Forsman fe9ac2ca1c apcupsd-service: workaround for "A stop job is running for UPS daemon"
When apcupsd has initiated a shutdown, systemd always ends up waiting
for it to stop ("A stop job is running for UPS daemon"). This is weird,
because in the journal one can clearly see that apcupsd has received the
SIGTERM signal and has already quit (or so it seems). This reduces the
wait time from 90 seconds (default) to just 5. Then systemd kills it
with SIGKILL.
2013-07-22 14:57:28 +02:00
Bjørn Forsman 95e2006653 apcupsd-service: put UPS in hibernate mode when shutting down
This adds a special systemd service that calls "apcupsd --killpower"
(put UPS in hibernate mode) just before shutting down the system.
Without this command, the UPS will stay on until the battery is
completely empty.
2013-07-22 14:57:05 +02:00
Bjørn Forsman d6e5484e2b apcupsd-service: create missing /run/apcupsd/ directory
apcupsd complains about this missing directory when it is starting the
shutdown procedure.
2013-07-22 14:54:27 +02:00
Bjørn Forsman dc61694d01 apcupsd-service: add services.apcupsd.hooks option
Each attribute in this option should name an apcupsd event and the
string value it contains will be executed in a shell in response to that
event. See "man apccontrol" for the list of events and what they
represent.

Now it is easy to hook into the apcupsd event system:

  services.apcupsd.hooks = {
    onbattery  = ''# shell commands to run when the onbattery event is emitted'';
    doshutdown = ''# shell commands to notify that the computer is shutting down'';
  };
2013-07-22 14:19:21 +02:00
Peter Simons 6341a12587 modules/services/networking/dhcpcd.nix: add "extraConfig" option
This option allows administrators to add verbatim text to the generated
config file. I use this feature, for instance, to disable the default
route normally added by dhcpcd for certain interfaces.
2013-07-22 14:16:13 +02:00
Eelco Dolstra c52fd85990 Set permissions on /var/log/journal properly
This makes the system journal readable by users in the
systemd-journal, wheel and adm groups.  It also allows users to read
their own journals.

Note that this doesn't change the permissions of existing journals.
2013-07-19 21:18:44 +02:00
Eelco Dolstra bf21bbcf01 Mount /var and some other filesystems automatically in stage 1
Bad things happen if /var is mounted in a late stage.
2013-07-19 17:24:18 +02:00
Shea Levy 272d641f0c Documentation improvement
Signed-off-by: Shea Levy <shea@shealevy.com>
2013-07-19 11:22:46 -04:00
Shea Levy be3d498b18 Allow specifying packages whose closures should be in the chroot
Signed-off-by: Shea Levy <shea@shealevy.com>
2013-07-19 11:21:05 -04:00
Shea Levy 883d310bac Only include /bin/sh (not all of /bin) in the chroot
Signed-off-by: Shea Levy <shea@shealevy.com>
2013-07-19 11:19:07 -04:00
Shea Levy 18de9f64ae Add uptime module
Signed-off-by: Shea Levy <shea@shealevy.com>
2013-07-18 19:25:35 -04:00
mornfall b09a0a49a5 Merge pull request #204 from bjornfor/apcupsd-service
Add apcupsd service
2013-07-18 15:24:50 -07:00
Bjørn Forsman 44f1a8d8c7 Add apcupsd service
apcupsd is a daemon for controlling APC UPSes. It is very simple to
configure. If you have an USB based UPS, the default settings should be
useable without further adjustments:

  services.apcupsd.enable = true;

This will give you autodetection of USB UPSes, network access limited to
localhost (for security) and the shutdown sequence will be started when
the system when the battery level is below 50 percent, or when the UPS
has calculated that it has 5 minutes or less of remaining power-on time.

You can provide your own configuration file contents with this option:

  services.apcupsd.configText = "contents of apcupsd.conf";

Bug/annoyance 1: When apcupsd calls "wall" (on powerfail etc. events),
it prints an error message because stdout is not connected to a tty (it
is connected to the journal):

  wall: cannot get tty name: Inappropriate ioctl for device

The message still gets through though, to ctrl-alt-f[1-6] terminals.

Bug/annoyance 2: apcupsd tries to call "mail" (on powerfail etc.
events), and that fails because I'm not passing in any mail program at
the moment (because that would require more configuration options). A
solution to this would be to simply let the user fully configure the
apcupsd event handling logic in nix.
2013-07-17 21:23:09 +02:00
Eelco Dolstra 76160c6de7 Fix ISO generation
The volume label cannot be longer than 32 characters.
2013-07-17 19:34:06 +02:00
Eelco Dolstra cf8f646f34 Disable the trac test
It hasn't worked in ages.
2013-07-17 15:28:36 +02:00
Eelco Dolstra a6aba08d35 Bump the NixOS version number to 13.07
This is in preparation of making a stable release/branch.  The version
number is <YY>.<MM>, Ubuntu style, denoting the intended release
year/month.  It also has a release codename ("Aardvark").
2013-07-17 13:34:40 +02:00
Eelco Dolstra 6620a0f679 Fix the installer tests
E.g. http://hydra.nixos.org/build/5561399
2013-07-17 13:01:12 +02:00
Eelco Dolstra 90148d6fd1 Work around "Input/output error" opening /dev/ttyS0
E.g. http://hydra.nixos.org/build/5541847

This is a random occurence, maybe due to a race with something else.
So just retry until it works.
2013-07-16 15:04:32 +02:00
Eelco Dolstra 163ed5264b Start sm-notify/statd atfer nfsd
The README of nfs-utils explains that we must not notify clients
before nfsd is running, otherwise they may fail to reclaim their
locks.  OTOH it's allowed but not required to start "rpc.statd
--no-notify" before nfsd.  So for simplicity we do both after starting
nfsd.
2013-07-16 13:48:52 +02:00
Eelco Dolstra 2d57847f16 NFS: Use network-online.target instead of remote-fs-pre.target
Turns out that remote-fs-pre.target is not actually "wanted" anywhere,
so statd is not started before remote filesystems are mounted.  But
remote filesystems do "want" network-online.target, so we can use that
to pull in statd and idmapd.

Not sure if this is really the right thing to do, but it works for
now.  Background:

  https://bugzilla.redhat.com/show_bug.cgi?id=787314

http://hydra.nixos.org/build/5542230
2013-07-16 11:55:12 +02:00
Jack Cummings e0dfb1e4ae calling zfs mount -a again doesn't make sense 2013-07-15 16:23:59 +02:00
Jack Cummings deb7c6d35b don't try to re-import pools on service change
When nixos-rebuild grabs a new kernel, it will build new spl/zfs
modules, which will change the service. On completion nixos will try and
restart the services which will try and import pools again, and
generally will fail.

The pools are already imported, we don't need to do it again..
2013-07-15 16:23:59 +02:00
Eelco Dolstra 002ffea364 wpa_supplicant: Fix wlan interface detection on Linux 3.4
Linux 3.4 apparently doesn't have the "wireless" file.
2013-07-15 13:54:15 +02:00
Eelco Dolstra 986e236068 nixos-rebuild: Support Nix's --repair flag 2013-07-15 13:54:15 +02:00
Eelco Dolstra 69eeb83039 Use "or" 2013-07-15 13:54:15 +02:00
aszlig ab08c8a1bb
postgresql: Allow to specify recoveryConfig.
This is needed for streaming replication in PostgreSQL 9.0 and higher.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2013-07-14 05:23:46 +02:00
aszlig d5f0183153
postgresql: Add initialScript for initial SQL.
Just like in the MySQL service module it really makes sense to provide a
way to inject SQL on the first start of the database cluster.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2013-07-14 05:23:46 +02:00
aszlig ec1f3e7832
postgresql: Log to stderr by default.
Now systemctl status will properly pick up the right logs.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2013-07-14 05:23:46 +02:00
aszlig 916d39f5ce
mysql/mysql55: Log to stderr instead of logfile.
This should integrate the logging more tightly into systemd, so for
example "systemctl status mysql" actually gives an overview about what's
actually going on.

This removes the logError option attribute, so in case you still want to
write into a logfile, I've introduced an option called extraOptions, so
you can use something like:

services.mysql*.extraOptions = ''
  log-error = /var/log/mysql_err.log
'';

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2013-07-14 05:23:46 +02:00
Eelco Dolstra 6d6fb43498 Bump the amount of memory for VirtualBox image generation
http://hydra.nixos.org/build/5509519
2013-07-11 13:18:51 +02:00
Rok Garbas fb5a616b02 openconnect and vpnc NetworkManager plugins added 2013-07-10 16:43:26 +02:00
Eelco Dolstra cc54211069 systemd-vconsole-setup: Add missing wantedBy
Reported by Kirill Elagin.
2013-07-09 17:23:27 +02:00
Eelco Dolstra fd14641ef5 Fix the sshd check in the rebuildCD test
Also reduce the amount of memory.
2013-07-09 16:12:34 +02:00
Eelco Dolstra 5000d99149 Remove outdated comment
Password-based remote root logins are not allowed anyway.
2013-07-09 15:59:57 +02:00
Eelco Dolstra b26f3141db Start httpd synchronously
This ensures that when "start httpd" returns, Apache is actually
listening.

http://hydra.nixos.org/build/5499393
2013-07-09 15:08:48 +02:00
aszlig ff84facca3
grub: Add mdadm to search path.
Grub uses mdadm to find out the device it is on, especially when mdadm itself
resides in a separate boot partition. When bootstrapping from a NixOS
installation CD, it's not a big issue because usually the paths from the Nix
store of the installation CD are matching with the ones in the chrooted
environment.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2013-07-08 14:29:37 +02:00
Mathijs Kwik 769b74c463 nixos-vm: switch to qemu for disk images too :) 2013-07-07 22:25:45 +02:00
Eelco Dolstra c8fca8c8fc NixOS VM tests: Use 9p instead of CIFS 2013-07-05 17:24:49 +02:00
Eelco Dolstra edab9e4976 Ensure that "nixos-rebuild" works in the VirtualBox VM 2013-07-03 14:19:43 +02:00
Eelco Dolstra 6fa447006f Move cloneConfig into a separate module 2013-07-03 14:19:43 +02:00
Eelco Dolstra 5c668542f5 Remove virtualbox-config.nix, it's actually not useful 2013-07-03 14:19:43 +02:00
Sander van der Burg d312695d78 Fixed minor issue with unary operator expected 2013-07-03 11:13:58 +02:00
Eelco Dolstra 84bb988256 Fix VM test booting with kernels <= 3.9 2013-07-02 17:10:22 +02:00
Eelco Dolstra bd99966902 Fix postBootCommands ordering
Should use explicit ordering...
2013-07-02 13:52:43 +02:00
Eelco Dolstra 2572879a62 Don't use substitutes when unpacking the channel sources 2013-07-02 13:43:47 +02:00
Eelco Dolstra 3a9f908c8b Oops 2013-07-02 13:27:25 +02:00