Commit graph

3031 commits

Author SHA1 Message Date
Rob Vermaas 2cb25bd65c Revert "Only include /bin/sh (not all of /bin) in the chroot"
This reverts commit 883d310bac.
2013-07-23 10:00:54 +02:00
Rob Vermaas 7163babe84 Revert "Allow specifying packages whose closures should be in the chroot"
This reverts commit be3d498b18.
2013-07-23 10:00:43 +02:00
Bjørn Forsman 8d596006dd Ensure /var/log/journal permission bits are set
Ensure permission bits are (re)set on each system activation with
explicit chmod call.

mkdir -m MODE PATH will only set the permission bits if PATH is
*created*, which means users that have old NixOS versions will continue
to have the old 700 permissions on /var/log/journal until they chmod
manually. With this commit the permissions will be set to 755 on system
activation.
2013-07-22 20:09:50 +02:00
Bjørn Forsman 38a4d6d6d7 apcupsd-service: "UPS daemon" => "APC UPS daemon" description update
Sometimes systemd only prints the service description. Then it is nice
to know which UPS daemon we're dealing with.
2013-07-22 14:58:51 +02:00
Bjørn Forsman fe9ac2ca1c apcupsd-service: workaround for "A stop job is running for UPS daemon"
When apcupsd has initiated a shutdown, systemd always ends up waiting
for it to stop ("A stop job is running for UPS daemon"). This is weird,
because in the journal one can clearly see that apcupsd has received the
SIGTERM signal and has already quit (or so it seems). This reduces the
wait time from 90 seconds (default) to just 5. Then systemd kills it
with SIGKILL.
2013-07-22 14:57:28 +02:00
Bjørn Forsman 95e2006653 apcupsd-service: put UPS in hibernate mode when shutting down
This adds a special systemd service that calls "apcupsd --killpower"
(put UPS in hibernate mode) just before shutting down the system.
Without this command, the UPS will stay on until the battery is
completely empty.
2013-07-22 14:57:05 +02:00
Bjørn Forsman d6e5484e2b apcupsd-service: create missing /run/apcupsd/ directory
apcupsd complains about this missing directory when it is starting the
shutdown procedure.
2013-07-22 14:54:27 +02:00
Bjørn Forsman dc61694d01 apcupsd-service: add services.apcupsd.hooks option
Each attribute in this option should name an apcupsd event and the
string value it contains will be executed in a shell in response to that
event. See "man apccontrol" for the list of events and what they
represent.

Now it is easy to hook into the apcupsd event system:

  services.apcupsd.hooks = {
    onbattery  = ''# shell commands to run when the onbattery event is emitted'';
    doshutdown = ''# shell commands to notify that the computer is shutting down'';
  };
2013-07-22 14:19:21 +02:00
Peter Simons 6341a12587 modules/services/networking/dhcpcd.nix: add "extraConfig" option
This option allows administrators to add verbatim text to the generated
config file. I use this feature, for instance, to disable the default
route normally added by dhcpcd for certain interfaces.
2013-07-22 14:16:13 +02:00
Eelco Dolstra c52fd85990 Set permissions on /var/log/journal properly
This makes the system journal readable by users in the
systemd-journal, wheel and adm groups.  It also allows users to read
their own journals.

Note that this doesn't change the permissions of existing journals.
2013-07-19 21:18:44 +02:00
Eelco Dolstra bf21bbcf01 Mount /var and some other filesystems automatically in stage 1
Bad things happen if /var is mounted in a late stage.
2013-07-19 17:24:18 +02:00
Shea Levy 272d641f0c Documentation improvement
Signed-off-by: Shea Levy <shea@shealevy.com>
2013-07-19 11:22:46 -04:00
Shea Levy be3d498b18 Allow specifying packages whose closures should be in the chroot
Signed-off-by: Shea Levy <shea@shealevy.com>
2013-07-19 11:21:05 -04:00
Shea Levy 883d310bac Only include /bin/sh (not all of /bin) in the chroot
Signed-off-by: Shea Levy <shea@shealevy.com>
2013-07-19 11:19:07 -04:00
Shea Levy 18de9f64ae Add uptime module
Signed-off-by: Shea Levy <shea@shealevy.com>
2013-07-18 19:25:35 -04:00
mornfall b09a0a49a5 Merge pull request #204 from bjornfor/apcupsd-service
Add apcupsd service
2013-07-18 15:24:50 -07:00
Bjørn Forsman 44f1a8d8c7 Add apcupsd service
apcupsd is a daemon for controlling APC UPSes. It is very simple to
configure. If you have an USB based UPS, the default settings should be
useable without further adjustments:

  services.apcupsd.enable = true;

This will give you autodetection of USB UPSes, network access limited to
localhost (for security) and the shutdown sequence will be started when
the system when the battery level is below 50 percent, or when the UPS
has calculated that it has 5 minutes or less of remaining power-on time.

You can provide your own configuration file contents with this option:

  services.apcupsd.configText = "contents of apcupsd.conf";

Bug/annoyance 1: When apcupsd calls "wall" (on powerfail etc. events),
it prints an error message because stdout is not connected to a tty (it
is connected to the journal):

  wall: cannot get tty name: Inappropriate ioctl for device

The message still gets through though, to ctrl-alt-f[1-6] terminals.

Bug/annoyance 2: apcupsd tries to call "mail" (on powerfail etc.
events), and that fails because I'm not passing in any mail program at
the moment (because that would require more configuration options). A
solution to this would be to simply let the user fully configure the
apcupsd event handling logic in nix.
2013-07-17 21:23:09 +02:00
Eelco Dolstra 76160c6de7 Fix ISO generation
The volume label cannot be longer than 32 characters.
2013-07-17 19:34:06 +02:00
Eelco Dolstra cf8f646f34 Disable the trac test
It hasn't worked in ages.
2013-07-17 15:28:36 +02:00
Eelco Dolstra a6aba08d35 Bump the NixOS version number to 13.07
This is in preparation of making a stable release/branch.  The version
number is <YY>.<MM>, Ubuntu style, denoting the intended release
year/month.  It also has a release codename ("Aardvark").
2013-07-17 13:34:40 +02:00
Eelco Dolstra 6620a0f679 Fix the installer tests
E.g. http://hydra.nixos.org/build/5561399
2013-07-17 13:01:12 +02:00
Eelco Dolstra 90148d6fd1 Work around "Input/output error" opening /dev/ttyS0
E.g. http://hydra.nixos.org/build/5541847

This is a random occurence, maybe due to a race with something else.
So just retry until it works.
2013-07-16 15:04:32 +02:00
Eelco Dolstra 163ed5264b Start sm-notify/statd atfer nfsd
The README of nfs-utils explains that we must not notify clients
before nfsd is running, otherwise they may fail to reclaim their
locks.  OTOH it's allowed but not required to start "rpc.statd
--no-notify" before nfsd.  So for simplicity we do both after starting
nfsd.
2013-07-16 13:48:52 +02:00
Eelco Dolstra 2d57847f16 NFS: Use network-online.target instead of remote-fs-pre.target
Turns out that remote-fs-pre.target is not actually "wanted" anywhere,
so statd is not started before remote filesystems are mounted.  But
remote filesystems do "want" network-online.target, so we can use that
to pull in statd and idmapd.

Not sure if this is really the right thing to do, but it works for
now.  Background:

  https://bugzilla.redhat.com/show_bug.cgi?id=787314

http://hydra.nixos.org/build/5542230
2013-07-16 11:55:12 +02:00
Jack Cummings e0dfb1e4ae calling zfs mount -a again doesn't make sense 2013-07-15 16:23:59 +02:00
Jack Cummings deb7c6d35b don't try to re-import pools on service change
When nixos-rebuild grabs a new kernel, it will build new spl/zfs
modules, which will change the service. On completion nixos will try and
restart the services which will try and import pools again, and
generally will fail.

The pools are already imported, we don't need to do it again..
2013-07-15 16:23:59 +02:00
Eelco Dolstra 002ffea364 wpa_supplicant: Fix wlan interface detection on Linux 3.4
Linux 3.4 apparently doesn't have the "wireless" file.
2013-07-15 13:54:15 +02:00
Eelco Dolstra 986e236068 nixos-rebuild: Support Nix's --repair flag 2013-07-15 13:54:15 +02:00
Eelco Dolstra 69eeb83039 Use "or" 2013-07-15 13:54:15 +02:00
aszlig ab08c8a1bb
postgresql: Allow to specify recoveryConfig.
This is needed for streaming replication in PostgreSQL 9.0 and higher.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2013-07-14 05:23:46 +02:00
aszlig d5f0183153
postgresql: Add initialScript for initial SQL.
Just like in the MySQL service module it really makes sense to provide a
way to inject SQL on the first start of the database cluster.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2013-07-14 05:23:46 +02:00
aszlig ec1f3e7832
postgresql: Log to stderr by default.
Now systemctl status will properly pick up the right logs.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2013-07-14 05:23:46 +02:00
aszlig 916d39f5ce
mysql/mysql55: Log to stderr instead of logfile.
This should integrate the logging more tightly into systemd, so for
example "systemctl status mysql" actually gives an overview about what's
actually going on.

This removes the logError option attribute, so in case you still want to
write into a logfile, I've introduced an option called extraOptions, so
you can use something like:

services.mysql*.extraOptions = ''
  log-error = /var/log/mysql_err.log
'';

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2013-07-14 05:23:46 +02:00
Eelco Dolstra 6d6fb43498 Bump the amount of memory for VirtualBox image generation
http://hydra.nixos.org/build/5509519
2013-07-11 13:18:51 +02:00
Rok Garbas fb5a616b02 openconnect and vpnc NetworkManager plugins added 2013-07-10 16:43:26 +02:00
Eelco Dolstra cc54211069 systemd-vconsole-setup: Add missing wantedBy
Reported by Kirill Elagin.
2013-07-09 17:23:27 +02:00
Eelco Dolstra fd14641ef5 Fix the sshd check in the rebuildCD test
Also reduce the amount of memory.
2013-07-09 16:12:34 +02:00
Eelco Dolstra 5000d99149 Remove outdated comment
Password-based remote root logins are not allowed anyway.
2013-07-09 15:59:57 +02:00
Eelco Dolstra b26f3141db Start httpd synchronously
This ensures that when "start httpd" returns, Apache is actually
listening.

http://hydra.nixos.org/build/5499393
2013-07-09 15:08:48 +02:00
aszlig ff84facca3
grub: Add mdadm to search path.
Grub uses mdadm to find out the device it is on, especially when mdadm itself
resides in a separate boot partition. When bootstrapping from a NixOS
installation CD, it's not a big issue because usually the paths from the Nix
store of the installation CD are matching with the ones in the chrooted
environment.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2013-07-08 14:29:37 +02:00
Mathijs Kwik 769b74c463 nixos-vm: switch to qemu for disk images too :) 2013-07-07 22:25:45 +02:00
Eelco Dolstra c8fca8c8fc NixOS VM tests: Use 9p instead of CIFS 2013-07-05 17:24:49 +02:00
Eelco Dolstra edab9e4976 Ensure that "nixos-rebuild" works in the VirtualBox VM 2013-07-03 14:19:43 +02:00
Eelco Dolstra 6fa447006f Move cloneConfig into a separate module 2013-07-03 14:19:43 +02:00
Eelco Dolstra 5c668542f5 Remove virtualbox-config.nix, it's actually not useful 2013-07-03 14:19:43 +02:00
Sander van der Burg d312695d78 Fixed minor issue with unary operator expected 2013-07-03 11:13:58 +02:00
Eelco Dolstra 84bb988256 Fix VM test booting with kernels <= 3.9 2013-07-02 17:10:22 +02:00
Eelco Dolstra bd99966902 Fix postBootCommands ordering
Should use explicit ordering...
2013-07-02 13:52:43 +02:00
Eelco Dolstra 2572879a62 Don't use substitutes when unpacking the channel sources 2013-07-02 13:43:47 +02:00
Eelco Dolstra 3a9f908c8b Oops 2013-07-02 13:27:25 +02:00
Eelco Dolstra 725da34c8e Add a demo account to the VirtualBox image 2013-07-02 11:04:31 +02:00
Eelco Dolstra 1a2e4f37d0 release.nix: Generate a VirtualBox image 2013-07-02 11:04:31 +02:00
Eelco Dolstra db17b68d81 Unpack the initial channel only once 2013-07-02 11:04:31 +02:00
Eelco Dolstra 59bab9048a Move initial channel generation into a separate module 2013-07-02 11:04:31 +02:00
Mathijs Kwik a099f7008b provide a warning on password options that do not follow the read-from-file convention. 2013-07-02 06:04:34 +02:00
Peter Simons ff8a01b145 Merge pull request #185 from ocharles/memcached
memcached: Add NixOS support
2013-07-01 03:00:45 -07:00
Domen Kozar 36f2ec84a9 dd-agent: cleanup, add dogstatsd systemd service 2013-06-29 19:33:44 +02:00
Domen Kozar a20630476f cleanup dd-agent 2013-06-29 18:45:57 +02:00
Rickard Nilsson 279248f6c5 time.timeZone: Set the TZ environment variable, which is used by Java. 2013-06-29 18:43:38 +02:00
Domen Kozar d28b42658c ssmtp: fix eval 2013-06-29 16:02:37 +02:00
Domen Kožar 1b7108952e Merge pull request #182 from zefhemel/redis
Added redis service module with bunch of documentation.
2013-06-29 04:11:33 -07:00
Domen Kožar 934b3b411c Merge pull request #144 from the-kenny/ssmtp-user-pass
ssmtp: Add AuthUser and AuthPass options.
2013-06-29 04:04:43 -07:00
aszlig aba54edf48
qemu-vm: Add option to create empty disk images.
This allows to add additional raw disk images to the VM, which therein are
available as /dev/vdb, /dev/vdc, /dev/vde and so on. Especially when testing
partitioning, this could be useful.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2013-06-28 04:24:23 +02:00
Sander van der Burg 5dd0ce8c15 Updated disnix to latest 0.3 release 2013-06-27 15:32:49 +02:00
Eelco Dolstra eb110fd3ce fontconfig: Set the default hinting style to "slight"
This works around a bug in infinality that causes broken rendering in
some cases.  Issue NixOS/nixpkgs#663.

Upstream suggests that "slight" is a better/safer default in any case.
It also looks better, IMHO, YMMV.
2013-06-27 13:28:22 +02:00
Eelco Dolstra 0cbf0605d2 Refactoring: Split fonts.nix into smaller modules 2013-06-27 13:12:45 +02:00
Domen Kozar 85d5366c10 synergy: port to systemd and add autoStart option 2013-06-26 22:14:08 +02:00
Shea Levy ed6137109d Fix filesystem initialization systemd units
Signed-off-by: Shea Levy <shea@shealevy.com>
2013-06-25 10:46:23 -04:00
Evgeny Egorochkin 8622bd81c8 Merge pull request #189 from bjornfor/lighttpd-fix-module-handling
lighttpd: improve module handling
2013-06-24 16:31:21 -07:00
Oliver Charles df6312e2cb memcached: Add more options and extraOptions support 2013-06-23 19:19:51 +01:00
Oliver Charles c7f61ee921 memcached: Add NixOS support 2013-06-23 18:49:49 +01:00
Eelco Dolstra 7810f7f61a Build unit files locally 2013-06-20 19:39:09 +02:00
Peter Simons 8dad56384e Merge pull request #193 from offlinehacker/cgminer
Add cgminer crypto currency miner
2013-06-20 03:10:54 -07:00
Jaka Hudoklin aa548ef803 Add cgminer crypto currency miner 2013-06-20 09:01:11 +00:00
Eelco Dolstra 0f6e9ba946 Unconditionally add ~/bin to $PATH 2013-06-19 13:56:05 +02:00
Vladimír Čunát c4929aaf78 Merge branch 'master' into x-updates 2013-06-17 22:27:53 +02:00
Zef Hemel a1c159bc4c Removed options that are not vital, added an extraConfig for any
additional configuration options for flexibility.
2013-06-17 14:06:02 -04:00
Jaka Hudoklin 84b5363090 Tarball should get ip from dhcp even if booting from nfs 2013-06-16 16:22:45 +00:00
Bjørn Forsman 8c3264466a lighttpd: improve module handling
lighttpd doesn't support loading a module more than once. If you attempt
to load a module again, lighttpd prints an error message:

  (plugin.c.131) Cannot load plugin mod_cgi more than once, please fix your config (we may not accept such configs in future releases

And it's not just the error message. The module isn't loaded (or is
messed up somehow) so that neither sub-service will work properly after
this.

This is bad news for the current approach to sub-services, where each
sub-service lists the needed modules in a server.modules += (...) block.
When two sub-services need the same module we get the above issue. (And,
AFAIK, there is no way to check if a module is already loaded either.)

First I thought about an approach where each sub-service specifies the
list of plugins it needs, and that a common server.modules = (...) list
is built from the union of those lists. That would loosly couple the
sub-services with the main lighttpd nixos module expression. But I think
this is a bad idea because lighttpd module loading order matters[1], and
the module order in the global server.modules = (...) list would be
somewhat cumbersome to control.

Here is an example:

Sub-service A needs mod_fastcgi. Sub-service B needs mod_auth and
mod_fastcgi. Note that mod_auth must be loaded *before* mod_fastcgi to
take effect. The union of those modules may either be ["mod_auth"
"mod_fastcgi"] or ["mod_fastcgi" "mod_auth"] depending on the evaluation
order. The first order will work, the latter will not.

So instead of the above, this commit moves the modules from
service.modules += (...) snippets in each sub-service to a global
server.modules = (...) list in the main lighttpd module expression. The
module loading order is fixed and each module is included only if any of
the sub-services that needs it is enabled.

The downside to this approach is that sub-services need a (tiny) bit of
change to the main lighttpd nixos module expression. But I think it is
the only sane way to do it (as long as lighttpd is written the way it
is).

References:
  [1] http://redmine.lighttpd.net/projects/1/wiki/Server_modulesDetails
  [2] http://redmine.lighttpd.net/issues/2337
2013-06-16 13:15:29 +02:00
Vladimír Čunát d85ec960d1 Merge branch 'master' of git://github.com/NixOS/nixos into x-updates 2013-06-15 08:43:45 +02:00
aszlig 2fa7f63bd0
agetty: Add 57600 to the baud rate list.
This is because it's quite commonly used in the wild. Especially at some "weird"
server hosters (no names here) which doesn't allow to change the baudrate for
their serial consoles.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2013-06-14 17:55:37 +02:00
aszlig 3bf1210635
zabbix-server: Swap order of database population.
Starting with Zabbix 2.0 the order of data imports is important[*] and will lead
to errors if not done in the right order. Zabbix 1.8 works fine with the swapped
order as well, so this change shouldn't affect any pre-2.0 users.

[*] https://www.zabbix.com/documentation/2.0/manual/appendix/install/db_scripts

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2013-06-13 03:34:29 +02:00
aszlig 62d5282602
zabbix-server: Make it easier to use peer auth.
Quoting from the manual about DBHost:

```
In case of MySQL localhost or empty string results in using a socket. In case of
PostgreSQL only empty string results in attempt to use socket.
```
https://www.zabbix.com/documentation/2.0/manual/appendix/config/zabbix_server

With this commit we should avoid some race conditions in systemd, because if the
host is set to "", there is no condition that postgresql has to be started prior
to the Zabbix server.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2013-06-13 03:34:28 +02:00
aszlig a5c6a36466
apache-httpd/zabbix: Set max_input_time.
At least the Zabbix 2.x web installer requires max_input_time to be set to 300
seconds. As it doesn't hurt to set it for the 1.x versions, I'm including it
here.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2013-06-13 02:31:35 +02:00
aszlig 8990470951
apache-httpd/zabbix: Allow custom configFile.
If option is left by its default value, behaviour is the same as before, using
the configuration file created by the web interface.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2013-06-13 02:28:23 +02:00
aszlig bf28d5c109
zabbix-server: Add PID file to systemd config.
This is to avoid (in some cases) constant restarting of the Zabbix server, which
causes odds bugs and crashes in the exit handler (if it's too early during
startup).

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2013-06-13 01:56:09 +02:00
Eelco Dolstra 7cf23a740d Update the default binary cache URL to cache.nixos.org 2013-06-12 14:23:33 +02:00
Eelco Dolstra 4b0d6a0759 nscd: Restart if /etc/hosts changes 2013-06-11 16:15:24 +02:00
Eelco Dolstra b3f04718cf Use stable Nix by default 2013-06-11 12:10:58 +02:00
Zef Hemel bcf3a7bbf6 Fixed: now using the configured redis package. 2013-06-07 11:37:58 +02:00
Zef Hemel 6b4d76c2c2 Added redis service with bunch of documentation. 2013-06-07 11:34:05 +02:00
Vladimír Čunát 2451d1794b Merge branch 'master' into x-updates 2013-06-05 17:22:35 +02:00
Eelco Dolstra 365307ada1 nixos-rebuild: Handle .version-suffix not being writable
Reported by @vcunat.
2013-06-05 17:10:46 +02:00
Eelco Dolstra d210f30fa7 Omit GRUB if boot.loader.grub.device is set to "nodev"
If we only need to generate a GRUB boot menu, we don't need GRUB
itself.  This cuts 38 MiB from EC2 system closures (in particular
because it gets rid of the need for the 32-bit Glibc).
2013-06-04 14:07:25 +02:00
Evgeny Egorochkin 2b63b67aa4 Merge pull request #174 from wizeman/apparmor-transmission
transmission: Add apparmor profile
2013-06-04 03:20:49 -07:00
Evgeny Egorochkin 6e6061e6b3 TOR: add obfsproxy support by default for TOR bridges 2013-06-04 13:03:37 +03:00
Mathijs Kwik 824b5b645a openvpn: fix type error
either use
- optional cond "target"
or
- optionals cond ["target1" "target2"]
2013-06-04 07:45:58 +02:00
Sander van der Burg e776c0623d Fixed disnix service to use systemd's dependency facilities 2013-06-03 01:34:22 +02:00
Evgeny Egorochkin e3bbf38ec9 Merge pull request #178 from bjornfor/lighttpd-cgit-subservice
lighttpd: add cgit sub-service
2013-06-02 14:18:21 -07:00
Evgeny Egorochkin 6ab6eeceb7 Merge pull request #179 from bjornfor/lighttpd-gitweb-improvements
lighttpd: gitweb: add extraConfig option
2013-06-02 14:09:23 -07:00
Bjørn Forsman 3d48da72a9 lighttpd: gitweb: add extraConfig option
So that we can append custom configuration text to the end of the
generated gitweb.conf file.
2013-06-02 19:26:55 +02:00
Bjørn Forsman b1f82e428a lighttpd: add cgit sub-service
(cgit is "a hyperfast web frontend for git repositories written in C")

cgit is enabled like this (assuming lighttpd is already enabled):

  services.lighttpd.cgit.enable = true;

and configured verbatim like this (contents of the cgitrc file):

  services.lighttpd.cgit.configText = ''
    cache-size=1000
    scan-path=/srv/git
  '';

cgit will be available from this URL: http://yourserver/cgit

In lighttpd, I've ensured that the cache dir for cgit is created if cgit
is enabled.
2013-06-02 18:41:18 +02:00
Lluís Batlle i Rossell 70fd5422a7 Adding iw to systemPackages. 2013-06-02 14:27:39 +02:00
Peter Simons 08eba4c114 atd: don't enable at daemon by default
The at daemon doesn't work on NixOS [1], so enabling it by default
doesn't seem useful. I'd argue that it shouldn't be enabled by default
even if it worked, actually.

[1] http://lists.science.uu.nl/pipermail/nix-dev/2013-April/011048.html
2013-06-01 11:39:09 +02:00
Evgeny Egorochkin 3bb97667b8 Merge pull request #167 from wizeman/domain
Set the domain name of the machine
2013-05-30 09:14:25 -07:00
Vladimír Čunát a5a7c8ad78 Merge branch 'master' into x-updates 2013-05-29 23:32:05 +02:00
Vladimír Čunát 40d61bfe36 Revert "networkmanager: clean some attrs missing in nixpkgs x-updates"
This reverts commit a649bbea4e.
2013-05-29 23:31:47 +02:00
Evgeny Egorochkin 421fb9d585 Merge pull request #173 from wizeman/apparmor-service
Apparmor service fixes
2013-05-28 16:46:30 -07:00
Evgeny Egorochkin a518e09ec3 Merge pull request #172 from wizeman/apparmor-ping
apparmor: Fix broken iputils/ping profile
2013-05-28 16:37:11 -07:00
Domen Kozar 53390a2da9 add networkmanager_openvpn to systemPackages 2013-05-29 00:38:50 +02:00
Ricardo M. Correia 0a0beadecd transmission: Add apparmor service dependency 2013-05-28 18:00:21 +00:00
Ricardo M. Correia 531b581636 apparmor: Fix service stop
When stopping the apparmor service, the profile removal failed with
parsing errors due to not including the
${pkgs.apparmor}/etc/apparmor.d directory.
2013-05-28 17:49:52 +00:00
Ricardo M. Correia 84c0af80d7 apparmor: Fix loading multiple profiles
apparmor's systemd service wasn't working when multiple profiles were
defined, due to the ExecStart commands in the service file being
broken into multiple lines, instead of being separated by ';'.
2013-05-28 17:21:22 +00:00
Ricardo M. Correia 2e61811284 transmission: Add apparmor profile 2013-05-28 17:19:15 +00:00
Ricardo M. Correia eb01d87b31 apparmor: Fix broken iputils/ping profile 2013-05-28 14:17:29 +00:00
Eelco Dolstra 2ec6759f5f openvpn.nix: Use systemd.*
Also add an option ‘autoStart’ to configure whether an OpenVPN
instance should be started automatically.  And don't log to
/var/log/openvpn-* anymore.
2013-05-28 14:39:48 +02:00
Ricardo M. Correia 7f9fc8d817 Set the domain name of the machine
The domain name was not being set before, even if the administrator
properly configured the networking.domain option in
/etc/nixos/configuration.nix.
2013-05-28 08:49:14 +00:00
Lluís Batlle i Rossell f60393975f gnunet: it was missing extraGroups 2013-05-28 10:19:59 +02:00
Peter Simons 717dc3b858 Merge pull request #169 from wizeman/chrony
Add chrony service
2013-05-25 02:25:57 -07:00
Ricardo M. Correia 76046850fe atop: Add basic config option for /etc/atoprc 2013-05-23 11:14:24 +00:00
Ricardo M. Correia 6336048c58 chrony: properly set rtconutc option, and add a few more options 2013-05-23 03:00:09 +00:00
Ricardo M. Correia 02d9a8066a Add chrony service
Also, do not build and add ntp to the system unless it is enabled.
2013-05-23 02:07:49 +00:00
Rickard Nilsson 70586f03fe systemd.sockets: Add listenStreams option for specifying several sockets 2013-05-20 16:26:24 +02:00
Domen Kozar a29c306958 bacula: add ExecReload 2013-05-18 13:29:54 +02:00
Domen Kozar 000d5a62aa bacula: file daemon needs to run as root 2013-05-18 12:29:14 +02:00
Eelco Dolstra 07406231e3 zabbix: Don't set the mbstring.func_overload option
This breaks MediaWiki running in the same web server.  Zabbix no
longer seems to need it anyway.
2013-05-17 15:34:26 +02:00
Eelco Dolstra 97689f9062 mediawiki: Update to 1.20.5 2013-05-17 13:38:20 +02:00
Mathijs Kwik 0e9a963b42 kde4: use udisks2 for kde versions that support it.
Currently, none do, although kde 4.10 is supposed to be able to use it.
2013-05-17 09:33:00 +02:00
Mathijs Kwik 4630ad4d26 filesystems: add priority option for swap devices.
Useful for setting up raid0-like load balancing for swap.
By giving multiple swap devices the same prio.
2013-05-17 09:22:07 +02:00
Mathijs Kwik 085ccc8199 btrfs: btrfsck is now actually the same binary as "btrfs"
symlinked to save space.
2013-05-17 09:22:07 +02:00
Vladimír Čunát a13d1c3363 mesa WIP: fix bad symlinking, thanks to jack_c on IRC 2013-05-16 23:52:17 +02:00
Domen Kozar 40fb90a295 bacula: generate bconsole config 2013-05-16 21:58:24 +02:00
Vladimír Čunát a649bbea4e networkmanager: clean some attrs missing in nixpkgs x-updates
Just temporary hack.
2013-05-16 17:24:26 +02:00
Vladimír Čunát 0ad87ab46e WARNING: history will change from now on (mesa updates)
Fix some paths set, drivers in mesa_drivers now, WIP.
2013-05-16 17:23:31 +02:00
Evgeny Egorochkin da7d6a4cce Merge pull request #125 from MarcWeber/submit/when-enabling-wacom-add-xsetwacom-to-path
When enabling wacom put xsetwacom in PATH.
2013-05-15 09:51:17 -07:00
Rob Vermaas 3b00eca8e9 Add varnish to module-list.nix 2013-05-15 14:36:17 +02:00
Eelco Dolstra 0277126699 Return exit code 127 if a command is not found 2013-05-15 12:52:15 +02:00
Eelco Dolstra 95d02c0c40 initrd: Remove serio and atkbd
These modules don't exist as far as I can tell.
2013-05-15 12:52:15 +02:00
Eelco Dolstra b3ae70ddb6 initrd: Add ehci_pci and hid_generic
These are required to get some (all?) USB keyboards to work in recent
kernels.
2013-05-15 12:52:14 +02:00
Eelco Dolstra f5233bbf82 Remove tabs 2013-05-15 12:52:14 +02:00
Shea Levy 2c4db1a6cf Don't copy libz and liblzo2 twice to the initrd
Signed-off-by: Shea Levy <shea@shealevy.com>
2013-05-14 23:35:10 -04:00
Shea Levy 51bc82960a btrfsck doesn't respect any flags
Signed-off-by: Shea Levy <shea@shealevy.com>
2013-05-13 14:25:48 -04:00
Shea Levy 9b4991d3f4 Fix btrfs in the initrd.
With NixOS/nixpkgs@7761952d06 , btrfs requires libz and liblzo2

Signed-off-by: Shea Levy <shea@shealevy.com>
2013-05-13 14:16:53 -04:00
Shea Levy 7f7ada53cf Add a basic (currently failing) sanity check for btrfsProgs-in-initrd
Signed-off-by: Shea Levy <shea@shealevy.com>
2013-05-13 14:07:38 -04:00
Domen Kozar edd77af3fe add openvpn config file to networkmanager service 2013-05-13 17:52:26 +02:00
Eelco Dolstra 4e6f6d0215 Use pam_loginuid
This set the loginuid property of processes for auditing.
2013-05-13 11:27:21 +02:00
roconnor aa1289dd91 Merge pull request #159 from NixOS/nginx-fullWebDAV
Add options for user and group to run nginx as.
2013-05-12 15:32:59 -07:00
Rob Vermaas 0f930a00f8 Add varnish module 2013-05-12 20:32:25 +02:00
Jaka Hudoklin b345417bc5 Fix pxe network boot 2013-05-11 19:42:19 +00:00
Domen Kozar 078130767d add openvpn plugin to networkmanager 2013-05-11 19:25:14 +02:00