Commit graph

2257 commits

Author SHA1 Message Date
Eelco Dolstra 3ad370ae0a Merge remote-tracking branch 'origin/master' into systemd
Conflicts:
	modules/misc/ids.nix
	modules/services/mail/postfix.nix
	modules/services/system/nscd.nix
	modules/services/x11/desktop-managers/xfce.nix
	modules/system/boot/stage-1.nix
2012-09-28 11:35:27 -04:00
Eelco Dolstra 1084a8e0de Add "adm" group from the systemd branch to prevent constant collisions 2012-09-28 11:14:33 -04:00
Eelco Dolstra 3e6bb7d1de Move setting ownership of /nix/store to stage-2-init
This is necessary because the store might be bind-mounted read-only.
2012-09-28 10:59:58 -04:00
Peter Simons 6f052ee62e spamassassin: use virtual user home directories under /var/lib/spamassassin to avoid permission problems
When spamd isn't running as 'root', it cannot access the usual ~/.spamassassin
path where user-specific files normally reside. Instead, we use the path
/var/lib/spamassassin-<user> to store those home directories.
2012-09-28 00:06:52 +02:00
Peter Simons bcb8038726 spamassassin: add option for running the spamd daemon in debug mode 2012-09-27 17:12:25 +02:00
Peter Simons 9d83b8897b spamassassin: drop obsolete command line options 2012-09-27 16:51:32 +02:00
Rickard Nilsson 65c1c6525b network-manager: Big overhaul
* Add group 'networkmanager' and implement polkit configuration
    that allows users in this group to make persistent, system-wide
    changes to NetworkManager settings.

  * Add support for ModemManager. 3G modems should work out of the
    box now (it does for me...). This introduces a dependency on
    pkgs.modemmanager.

  * Write NetworkManger config file to Nix store, and let the
    daemon use it from there.
2012-09-27 09:26:07 +02:00
Peter Simons af7c192f2a postfix: convert service to systemd 2012-09-25 16:38:09 -04:00
Peter Simons 5ef71c6d22 smartd: convert service to systemd 2012-09-25 16:38:05 -04:00
Eelco Dolstra a139fa14b1 Optionally make the Nix store read-only to enforce immutability
This will be the default once Nix 1.2 is released.
2012-09-25 16:33:21 -04:00
Eelco Dolstra fcebb3f3cd Clean up the nscd job 2012-09-25 15:22:55 -04:00
Peter Simons 2d6d678bb9 dovecot.nix: correct bogus reference to dovecot in Nixpkgs 2012-09-25 11:24:35 +02:00
Peter Simons a7700202f2 Rename dovecot2 module to dovecot.
We no longer support more than one version.
2012-09-25 11:23:53 +02:00
Shea Levy bf116c7876 busyboxKeymap: Support unicode keymaps 2012-09-24 17:15:26 -04:00
Peter Simons 573b6b710f Merge pull request #26 from aszlig/boottime-keymap
stage-1: Add option to load keymap during bootup.
2012-09-24 07:33:03 -07:00
Peter Simons c1949c36e9 Merge pull request #31 from peti/master
Drop service for dovecot 1.x.
2012-09-24 07:31:04 -07:00
Lluis Batlle 5ee79c5722 Adding a parameter 'ttyEmergency'
It specifies what mingetty will be stopped, if a bad filesystem
triggers an emergency shell.

That should be ttyS0 on headless systems, and in that case,
nixos should stop the ttyS0 mingetty from getting in.
2012-09-24 00:16:52 +02:00
Peter Simons 97c74bf050 alsa.nix: initialize the sound card before restoring previously stored settings
The sound card in my ThinkPad won't work unless "init" is run explicitly.
2012-09-23 22:40:19 +02:00
Peter Simons 00e19c91e5 postfix: add option 'extraMasterConf' to extend the default master.cf file 2012-09-23 12:21:48 +02:00
Peter Simons b8f09be5e0 Remove service for dovecot version 1.x. 2012-09-22 12:51:58 +02:00
Eelco Dolstra 1ad655bdcf Don't join the cpuset controller with cpu/cpuacct
This works around the problem described here:

http://lists.freedesktop.org/archives/systemd-devel/2012-September/006648.html
2012-09-21 22:56:13 -04:00
Eelco Dolstra 4fa9b4b257 Restart systemd if necessary 2012-09-21 14:58:28 -04:00
Eelco Dolstra 0bd7bdfe0d Merge branch 'master' of github.com:NixOS/nixos 2012-09-21 11:03:25 -04:00
Eelco Dolstra 600d43ba93 Drop xfce-4.6 compatibility 2012-09-21 11:03:07 -04:00
Peter Simons 4476b875fc Add services.dovecot2.extraConfig option to configure arbitrary settings for which NixOS has no direct support. 2012-09-21 16:04:46 +02:00
Peter Simons 0573c7fcae modules/services/mail/dovecot2.nix: update syntax for SSL config options 2012-09-21 12:29:36 +02:00
Peter Simons 155495deb2 modules/services/mail/dovecot2.nix: accept plain text authentication only over secure channels when TLS is available
Connects from 'localhost' are always considered secure.
2012-09-21 12:29:36 +02:00
Peter Simons 1da16a5ea1 modules/services/mail/dovecot2.nix: log via syslog instead of writing a separate file 2012-09-21 12:29:36 +02:00
Eelco Dolstra d4af6edd5e firewall.nix: Allow specifying trusted network interfaces
Trusted network interfaces (such as "lo") will accept any incoming
traffic.
2012-09-20 17:51:44 -04:00
Eelco Dolstra 1e666c10fa Get rid of the last use of mkThenElse 2012-09-20 16:55:32 -04:00
Rickard Nilsson 0de3a0cff3 nscd-invalidate: Invalidate passwd and group databases also
I had some problems with LDAP user lookups not working properly
at boot. I found that invalidating passwd and group on the
ip-up event (when nscd-invalidate starts) helped a bit.
2012-09-19 14:30:55 +02:00
Eelco Dolstra 83c6b1cf3a Set $LOCALE_ARCHIVE in systemd services
Systemd sets locale variables like $LANG when running services, so
$LOCALE_ARCHIVE should also be set to prevent warnings like "perl:
warning: Setting locale failed.".
2012-09-18 18:12:39 -04:00
Eelco Dolstra d12dd340b6 firewall.nix: Respect networking.enableIPv6 = false
Reported-by: Pablo Costa <modulistic@gmail.com>
2012-09-18 17:20:46 -04:00
Eelco Dolstra b96835f8dd Merge remote-tracking branch 'origin/master' into systemd 2012-09-14 13:24:03 -04:00
Eelco Dolstra 75583c7984 nixos-rebuild: Support --option 2012-09-14 13:23:19 -04:00
Peter Simons ad65e807bd Add new 'hardware.cpu.amd.updateMicrocode' option. 2012-09-11 18:44:37 +02:00
Eelco Dolstra aac6fe44b6 Merge branch 'master' of github.com:NixOS/nixos into systemd 2012-09-11 10:58:57 -04:00
Eelco Dolstra b53842df3e Don't set the passno field for tmpfs and other FSs that have no device
If passno is set, then systemd will instantiate a systemd-fsck unit,
which in turn will instantiate a <device>.device unit
(e.g. "none.device").  Since no such device exists, mounting will
fail.  So don't set passno.
2012-09-11 10:55:56 -04:00
Ludovic Courtès f7530dc5ee avahi: Never set host-name' to the empty string in avahi-daemon.conf'. 2012-09-07 10:58:53 +02:00
Rob Vermaas 27880ed729 Change logstash job startOn attribute to include networking 2012-09-06 12:31:15 +02:00
Shea Levy f701e8d420 d'oh 2012-09-03 12:11:07 -04:00
Shea Levy 4be367ec47 Damn NixOS lack of laziness... 2012-09-03 10:35:45 -04:00
Eelco Dolstra e0e0e57c26 Fix the OpenVPN jobs 2012-08-30 21:11:36 -04:00
Mathijs Kwik bce1cdd59c fix kernel 3.4+ early cifs mounting (qemu-vm target)
kernel 3.4+ needs cifs-utils to mount CIFS filesystems.
the kernel itself (and busybox's cifs mount code) are no longer able
to do this in some/most cases and will error out saying:
"CIFS VFS: connecting to DFS root not implemented yet"

Nixos' qemu-vm target is hurt by this, as it wants to mount /nix/store
via cifs very early in the boot process.

This commit makes sure the initrd for affected kernels is built with
cifs-utils if needed.
2012-08-30 18:31:45 +02:00
Mathijs Kwik a502ce1128 networking: add proxy_arp / proxy_ndp options.
proxy_arp (and proxy_ndp for ipv6) can be turned on on a few
interfaces (at least 2).
This is mainly useful for creating pseudo-bridges between a real
interface and a virtual network such as VPN or a virtual machine for
interfaces that don't support real bridging (most wlan interfaces).
As ARP proxying acts slightly above the link-layer, below-ip traffic
isn't bridged, so things like DHCP won't work. The advantage above
using NAT lies in the fact that no IP addresses are shared, so all
hosts are reachable/routeable.
2012-08-29 22:59:36 +02:00
Mathijs Kwik 0dd46d1335 networking: add options for configuring virtual devices (tun/tap)
These are mainly useful for network tunnels (vpn/ipv6) and creating
bridges for virtual machines
2012-08-29 22:59:36 +02:00
Mathijs Kwik d106a8a296 logcheck: make sure directories are writable during merge phase 2012-08-29 22:59:28 +02:00
Peter Simons 51e58dafca spamassassin: use a dedicated user for running spamd 2012-08-28 16:27:28 +02:00
Mathijs Kwik 2769f594f3 add logcheck module 2012-08-26 16:04:49 +02:00
Mathijs Kwik aba9f76105 change permission of /run/lock to allow non-root access to subdirectories 2012-08-26 10:17:22 +02:00
Mathijs Kwik 05262ad35d postfix: allow specifying 'virtual' mappings
mainly useful for having a few local addresses (me@host.domain.com) while the majority of
addresses are on the domain (you@domain.com)
2012-08-24 00:27:07 +02:00
Eelco Dolstra 8adc1ee92e switch-to-configuration: Stop sockets corresponding to services
If a service has a corresponding socket unit, then stop the socket
before stopping the service.  This prevents it from being restarted
behind our backs.  Also, don't restart the service; it will be
restarted on demand via the socket.
2012-08-23 12:12:58 -04:00
Eelco Dolstra e194d41b9c cpufreq: Don't complain if a CPU doesn't support the desired governor 2012-08-23 12:12:25 -04:00
Eelco Dolstra 4c65a5d95c Don't restart agetty 2012-08-23 11:13:33 -04:00
Eelco Dolstra dfb6e891b9 switch-to-configuration: Don't restart systemd-user-sessions.service
Restarting it causes all user sessions to be killed.
2012-08-23 11:11:14 -04:00
Eelco Dolstra af550048e8 switch-to-configuration: Don't restart the suspend/hibernate targets
Restarting them has the side effect of suspending/hibernating the
system again.
2012-08-23 11:11:04 -04:00
Eelco Dolstra 9e5bbee2b1 Make cpufreq a service instead of a task
Otherwise it will be restarted by switch-to-configuration even when it
hasn't changed.
2012-08-23 11:08:42 -04:00
Eelco Dolstra b02c488fde Automatically append ".service" to the name of service units 2012-08-23 10:25:27 -04:00
Eelco Dolstra cce6e48edf Don't use consolekit anywhere 2012-08-23 10:25:15 -04:00
Eelco Dolstra 0280aa2dc4 Remove the lvm job
There is a generator in lvm2 that takes care of this.
2012-08-23 10:23:41 -04:00
Eelco Dolstra c2da812bd0 Enable upower's systemd unit 2012-08-21 11:29:59 -04:00
Eelco Dolstra 223f04b3ca Add option ‘boot.systemd.packages’ to use units from the specified packages 2012-08-21 11:28:47 -04:00
Eelco Dolstra e02b57df9b Fix the dependencies of the vboxnet0 service 2012-08-20 16:19:57 -04:00
Eelco Dolstra f3def8194e switch-to-configuration: Restart all active targets 2012-08-20 16:19:03 -04:00
Eelco Dolstra 3f4ffffed7 Fix a Perl warning 2012-08-20 11:32:50 -04:00
Eelco Dolstra 08f14b33c1 Merge branch 'master' of github.com:NixOS/nixos into systemd 2012-08-20 11:27:38 -04:00
Eelco Dolstra 36e05e8dd2 Add some more backward compatibility hacks 2012-08-20 11:21:11 -04:00
Eelco Dolstra 39ec043aea Typo 2012-08-20 11:21:03 -04:00
Eelco Dolstra 5408f1ebcd Build slim without consolekit 2012-08-20 11:11:25 -04:00
Eelco Dolstra cdc3604a7d kdm: Do a poweroff, not a halt 2012-08-20 11:11:10 -04:00
Eelco Dolstra ebb1781dfc Fix KDE/kdm 2012-08-20 11:10:19 -04:00
Peter Simons 16713db4e2 modules/programs/bash/bashrc.sh: adapt bash completion for version 2.0 of the package 2012-08-20 16:37:14 +02:00
Petr Rockai 5dc8bc5f2a Do not assume that /dev/console can always be written. 2012-08-18 14:29:09 +02:00
Eelco Dolstra 6547ecb72f Remove policykit.nix (old PolicyKit module)
Only the HAL module needed it.
2012-08-17 14:47:37 -04:00
Eelco Dolstra 1e5a2bca28 Remove HAL
It's obsolete and we no longer use it.
2012-08-17 14:45:43 -04:00
Eelco Dolstra c60d6caee8 Rename xserver.service to display-manager.service
The latter is what graphical.target expects.
2012-08-17 14:43:41 -04:00
Eelco Dolstra 490ce3a230 PAM: Rename ownDevices to startSession
Logind sessions are more generally useful than for device ownership.
For instances, ssh logins can be put in their own session (and thus
their own cgroup).
2012-08-17 13:48:22 -04:00
Eelco Dolstra 676157f1e7 slim.nix: Remove the hideCursor option because it doesn't work 2012-08-17 13:42:52 -04:00
Eelco Dolstra b91aa1599c sshd.nix: Disable password logins for root by default 2012-08-17 13:32:23 -04:00
Eelco Dolstra a44e575196 switch-to-configuration: Respect the ‘restartIfChanged’ attribute 2012-08-17 13:14:42 -04:00
Eelco Dolstra 7d958dcdd1 Drop Upstart references 2012-08-17 11:02:12 -04:00
Eelco Dolstra f903a3dcc8 dhcpcd.nix: Add a reload action for rebinding interfaces 2012-08-17 11:01:07 -04:00
Eelco Dolstra 2ce5abaedf acpid.nix: Fix dependencies 2012-08-17 11:00:33 -04:00
Eelco Dolstra 8e8bad96d4 alsa.nix: Add job description 2012-08-17 11:00:14 -04:00
Eelco Dolstra 36f5c97b49 Use systemd-udevd instead of udevd 2012-08-16 16:34:49 -04:00
Eelco Dolstra 7e99541afe Fix initrd for the latest lvm2 2012-08-16 15:37:13 -04:00
Eelco Dolstra a025e7e7e2 Provide a common share between VMs to allow easy communication
Every VM now mounts a common SMB share on /tmp/shared.
2012-08-16 10:47:33 -04:00
Eelco Dolstra 0e3f03106f postgresql.nix: Add an option for overriding the PostgreSQL package 2012-08-15 17:02:03 -04:00
Eelco Dolstra d18c2afc6f Add an ip-up target for services that require IP connectivity 2012-08-15 15:38:52 -04:00
Eelco Dolstra 981347429a Add support for PartOf dependencies 2012-08-15 15:36:54 -04:00
Eelco Dolstra c2b2a3369a Fix dependencies of Apache and PostgreSQL 2012-08-14 18:15:37 -04:00
Eelco Dolstra a133eb5991 Add some missing targets
Also make multi-user.target pull in remote-fs.target to mount remote
filesystems.
2012-08-14 18:14:48 -04:00
Eelco Dolstra 55b2736566 Add a target ‘fs.target’ that waits for all filesystems 2012-08-14 18:14:16 -04:00
Eelco Dolstra 11c3219c1c Remove the ‘networking’ job
Systemd has ‘network.target’ for this purpose.
2012-08-14 18:12:16 -04:00
Eelco Dolstra a44a7271a8 Warn about Upstart modules with an unknown startOn condition 2012-08-14 17:30:11 -04:00
Eelco Dolstra 9dce4bd9c5 Provide start/stop/status aliases as a convenience for Upstart users 2012-08-14 17:22:04 -04:00
Eelco Dolstra 7a7d04af8a systemd: Use the kernel modules from /run/booted-system
This prevents failures in systemd-modules-load.service like "Failed to
lookup alias 'ipv6': Function not implemented".
2012-08-14 17:09:44 -04:00
Eelco Dolstra 4475294f57 Fix a hang during shutdown
Subtle: dhcpcd.service would call resolvconf during shutdown, which in
turn would start invalidate-nscd.service, causing the shutdown to be
cancelled.  Instead, give nscd.service a proper reload action, and do
"systemctl reload --no-block nscd.service".  The --no-block is
necessary to prevent that command from waiting until a timeout occurs
(bug in systemd?).
2012-08-14 16:45:50 -04:00
Eelco Dolstra 88bfdca8e0 stage-1: Use systemd-udevd instead of the old udevd 2012-08-14 15:31:15 -04:00
Peter Simons a025e848e0 modules/security/sudo.nix: added 'wheelNeedsPassword' option (default: true)
Change this setting to 'false' to allow users in the 'wheel' group to execute
commands as super user without entering a password.
2012-08-13 14:37:32 +02:00