philipp/nixpkgs
1
0
Fork 0
Code Issues Pull requests Projects Releases Activity
%!d() commits 3 branches 0 tags 1.4 GiB
Commit graph

2588 commits

Author SHA1 Message Date
Peter Simons c7fb0defe6 modules/programs/bash: clean-up variables used in initialization of bash-completion 2012-10-16 18:41:20 +02:00
Peter Simons 4ca0617f4a modules/programs/bash: improve bash completion support 
The new configuration.nix option 'environment.enableBashCompletion'
determines whether bash completion is automatically enabled system-wide
for all interactive shells or not. The default setting is 'off'.
 2012-10-16 18:23:28 +02:00
Eelco Dolstra 8499d7555f Backward compatibility hack for ‘networking.nat.internalIPs’ 2012-10-16 11:28:30 -04:00
Eelco Dolstra 10ac80115b switch-to-configuration: Fix bad Perl 2012-10-14 21:12:11 -04:00
Mathijs Kwik 97a3a99b40 firewall: options to select connection-tracking helpers 
My main reason for adding this is the ability to turn off helpers
altogether. If you are not using any of the special protocols, keeping
them turned off is safest, and in case you do want to use them, it's
best to configure them through the new CT target for your network
topology. Perhaps some sane defaults for nixos can be examined in the
future.

This change has no impact if you don't touch the added options, so no
need to adapt.
 2012-10-13 09:59:31 +02:00
Mathijs Kwik 6c62de6a31 firewall: option to enable the rpfilter netfilter module 
This is meant to replace /proc/sys/net/ipv4/conf/*/rp_filter, which
only works for ipv4. Furthermore, it's nicer to handle this kind of
filtering in the firewall.

There are some more subtle differences, please see:
https://home.regit.org/netfilter-en/secure-use-of-helpers/

I chose to enable this by default (when the firewall is enabled) as
it's a good idea in general. Only people with advanced routing needs
might not want this, but I guess they don't use the nixos firewall
anyway and use a custom solution. Furthermore, the option only becomes
available in kernel 3.3+, so conservative nixos users that just stick
to the default kernel will not need to act now just yet.
 2012-10-13 09:59:31 +02:00
Eelco Dolstra 53f216885f Ignore systemd-modules-load errors 
On NixOS, ‘boot.kernelModules’ has historically contained modules that
may not exist or load everywhere, so don't barf on those.
 2012-10-12 17:39:06 -04:00
Eelco Dolstra 161c837c49 Port automatic filesystem creation to systemd 2012-10-12 17:32:36 -04:00
Eelco Dolstra 12d1cd87ce Systemd unit names can contain Nix-illegal characters, so don't include them 2012-10-12 17:32:05 -04:00
Eelco Dolstra 3f6d53cc97 Move escapeSystemdPath to lib/utils.nix 
The new file ‘utils.nix’ is intended for NixOS-specific library
functions (i.e. stuff that shouldn't go into Nixpkgs' lib/).
 2012-10-12 17:01:49 -04:00
Eelco Dolstra e8de4455ab Update automatic swapfile creation for systemd 2012-10-12 16:47:29 -04:00
Eelco Dolstra 97a2de983b Ensure that swap.target is pulled in by switch-to-configuration even if it failed earlier 2012-10-12 16:38:00 -04:00
Eelco Dolstra fd7dbc99ab switch-to-configuration: Handle multiple swap devices properly 2012-10-12 16:37:14 -04:00
Eelco Dolstra b968244aa1 Move fs.target to filesystems.nix 2012-10-12 15:08:44 -04:00
Peter Simons 7ce9893bef network-interfaces.nix: interfaces that are part of a bridge must be brought 'up' for the bridge to function 2012-10-12 18:14:39 +02:00
Eelco Dolstra e3c1865067 Let the tun services depend on /dev/net/tun 2012-10-11 17:59:41 -04:00
Eelco Dolstra d63da5892c Ensure that systemd-modules-load is restarted when boot.kernelModules changes 2012-10-11 17:58:46 -04:00
Eelco Dolstra 71a541afb6 dhcpcd: Don't depend on network-interfaces.target 
Dhcpcd automatically detects new interfaces, so we can start it right
away.
 2012-10-11 17:57:54 -04:00
Eelco Dolstra b606165bd9 Allow a unit to declare "triggers" that force a restart 
The triggers are just arbitrary strings that are included in the unit
under X-Restart-Triggers.  The idea is that if they change between
reconfigurations, switch-to-configuration will restart the unit
because its store path changed.  This is mostly useful for services
that implicitly depend on generated files in /etc.  Thus you can say

  restartTriggers = [ confFile ];

where ‘confFile’ is the derivation that generated the /etc file in
question.
 2012-10-11 17:54:43 -04:00
Eelco Dolstra 285f587025 Move non-interface specific initialisation to ‘network-setup.service’ 
The unit ‘network-interface.service’ has been replaced by
‘network-interfaces.target’.
 2012-10-11 16:18:48 -04:00
Eelco Dolstra 2cf9bb929b Add a ‘restart’ alias 2012-10-11 16:18:34 -04:00
Eelco Dolstra 1c53b2e299 Don't flush addresses unless necessary 
Flushing is bad if the Nix store is on a remote filesystem accessed
over that interface.

http://hydra.nixos.org/build/3184162

Also added a interface option ‘prefixLength’ as a better alternative
to ‘subnetMask’.
 2012-10-11 15:36:52 -04:00
Eelco Dolstra 4104f60800 Fix accidental commit 2012-10-11 12:43:08 -04:00
Eelco Dolstra bd1071d02b Remove "wants" dependencies on <interface>.service 
Instead it's enough to depend on
sys-subsystem-net-devices-<interface>.device, which in turn has a
"wants" dependency on the service (if any) that creates the interface.
 2012-10-10 22:47:50 -04:00
Eelco Dolstra d7458b5fc2 Split the monolithic network-interface service into multiple units 
For each statically configured interface, we now create a unit
‘<interface>-cfg.service’ which gets started as soon as the network
device comes up.  Similarly, each bridge defined in
‘networking.bridges’ and virtual interface in ‘networking.interfaces’
is created by a service ‘<interface>.service’.

So if we have

  networking.bridges.br0.interfaces = [ "eth0" "eth1" ];
  networking.interfaces =
    [ { name = "br0";
        ipAddress = "192.168.1.1";
      }
    ];

then there will be a unit ‘br0.service’ that depends on
‘sys-subsystem-net-devices-eth0.device’ and
‘sys-subsystem-net-devices-eth1.device’, and a unit ‘br0-cfg.service’
that depends on ‘sys-subsystem-net-devices-br0.device’.
 2012-10-10 17:55:42 -04:00
Eelco Dolstra 62b707de07 Add support for postStop scripts 2012-10-10 17:55:13 -04:00
Eelco Dolstra e9b221c2ff firewall.nix: Don't spam the log 2012-10-10 16:51:05 -04:00
Eelco Dolstra 17a7f48364 Add an option for BindsTo dependencies 2012-10-10 16:50:41 -04:00
Eelco Dolstra 6b185a131f Use config.system.build.systemd in the toplevel derivation 2012-10-10 16:49:59 -04:00
Eelco Dolstra ad94b9e50e Use optionalAttrs 2012-10-10 16:49:47 -04:00
James Cook 5181ca4a3f Change the default value of programs.ssh.forwardX11 to false. 
Forwarding X11 to untrusted servers is extremely insecure; see for example
http://www.hackinglinuxexposed.com/articles/20040705.html
 2012-10-09 23:21:45 -07:00
Jack Cummings 71e6eca567 - fix indention, clarify parameter descriptions, and use 'exec' instead of 'script' in the hostapd job 2012-10-09 12:19:09 -07:00
Eelco Dolstra 6902452901 Whitespace 2012-10-09 15:14:32 -04:00
Eelco Dolstra d71c0bb834 Respect partOf etc. for socket and target units 2012-10-09 15:14:15 -04:00
Jack Cummings e40146de16 nat: enable NAT for multiple networks 2012-10-09 14:00:59 -04:00
Jack Cummings e8d8b6b399 smartd: Add options for each device being monitored 2012-10-09 14:00:59 -04:00
Mathijs Kwik 01b8c48c32 logcheck: add some options to ease setting up ignore-rules 
The special handling for cronjobs should probably move to the cron
module (logcheckIgnore = bool option) in the future, as it's more
natural to just declare a cronjob, and mark it as "log-ignored",
instead of adding cronjobs through logcheck.

But as systemCronjobs is not an attrset yet (just simple strings),
this would require adding an attrset for cronjobs or parsing strings
in the nix language to get hold of the cron-user and command.

So for now, I keep the interface within logcheck's module.
 2012-10-09 16:04:17 +02:00
Eelco Dolstra dd3fe9d792 Merge remote-tracking branch 'origin/master' into systemd 
Conflicts:
	modules/services/system/nscd.nix
 2012-10-08 13:47:37 -04:00
Eelco Dolstra f451afea8f Remove ‘services.journald.logKernelMessages’ 
This option no longer exists in systemd.
 2012-10-08 10:51:17 -04:00
Marc Weber 87bb6b1c6d making ati proprietary drivers work again 
However SLIM is still broken and you have to create a
/usr/lib/dri/fglrx_dri.so symlink pointing to
/run/opengl-driver/lib/fglrx_dri.so

At least fgl_glxgears shows 10 times more frames per second now
 2012-10-07 17:24:42 +02:00
Eelco Dolstra 2b2f0067b8 Add an /etc/hosts entry mapping localhost to ::1 2012-10-07 00:46:24 -04:00
Eelco Dolstra 570e523a88 Remove 127.0.0.1 mapping for the system's hostname 
Also remove the <hostname>.<domain> mapping.
 2012-10-07 00:40:00 -04:00
Eelco Dolstra 74295866f5 Don't include NSS modules in $LD_LIBRARY_PATH 
This is broken because it requires restarting applications to see new
NSS modules.  The proper way to handle NSS modules is through nscd.
See commit 554ae9908b.
 2012-10-07 00:37:36 -04:00
Eelco Dolstra 13841d6e47 Use nss-myhostname to ensure that the hostname resolves to something sensible 2012-10-06 21:00:26 -04:00
Eelco Dolstra 757ab7f6d3 Generate nsswitch.conf properly 2012-10-06 20:58:46 -04:00
Jack Cummings 33754edb3e - add a hostapd module 2012-10-05 21:39:56 -07:00
Eelco Dolstra dd1770bf0b Enable klogd on Linux < 3.5 
On Linux >= 3.5, systemd takes care of logging kernel messages.
 2012-10-05 13:44:15 -04:00
Eelco Dolstra a5969634f4 sshd: Do detach into the background 
This is necessary to ensure that jobs that need to start after sshd
work properly.

This reverts 03f13a4939.
 2012-10-04 23:38:27 -04:00
Eelco Dolstra 98c6c5b730 fetch-ec2-data: Update for systemd 2012-10-04 23:26:19 -04:00
Eelco Dolstra 892b3f6ad6 acpid: Skip (rather than fail) if /proc/acpi doesn't exist 
E.g. EC2 instances don't have ACPI.
 2012-10-04 23:26:01 -04:00
Eelco Dolstra 0ddd147cfc headless.nix: Mountall is gone 2012-10-04 23:25:33 -04:00
Eelco Dolstra 5d9b3ed12b scsi-link-pm: Don't fail if there are no matching SCSI hosts 2012-10-04 23:25:11 -04:00
Eelco Dolstra 8f4d8cf620 Enable the power management module by default 
After all, we don't want NixOS machines to contribute to global
warming more than necessary!
 2012-10-04 22:10:35 -04:00
Eelco Dolstra 9b431cb24e upower: Work around the daemon getting stuck after a suspend 2012-10-04 21:58:40 -04:00
Eelco Dolstra 7d26dde69a Oops, systemd-inhibit should be exec'ed 2012-10-04 21:58:20 -04:00
Eelco Dolstra 52483c36bb Lowercase debug output 2012-10-04 21:44:45 -04:00
Eelco Dolstra db2a4d144e xsession: Set a inhibitor to prevent systemd from handling the power button and lid 2012-10-04 21:44:24 -04:00
Eelco Dolstra c6d12257f1 systemd: Run the powerManagement.* hooks on suspend/resume 
Also, drop pm-utils. Systemd now takes care of suspend/resume.
 2012-10-04 17:57:10 -04:00
Eelco Dolstra 38229da940 upower: Add glib to $PATH 
The upower daemon needs the gdbus command (which is weird given that
upower links against dbus_glib, but ah well...).  This fixes suspend
in KDE with systemd.
 2012-10-04 16:38:31 -04:00
Eelco Dolstra fdea3ac3d2 stage-2-init: Don't rely on groups being initialised 2012-10-04 16:15:30 -04:00
Eelco Dolstra 6c6134c2d2 Fix the manual service on the installation CD 2012-10-04 16:15:10 -04:00
Eelco Dolstra 74be2d9707 ISO image: Fix graphical GRUB menu 2012-10-04 16:14:44 -04:00
Eelco Dolstra 8dc4f2c3be Fix the rogue service for systemd 2012-10-04 15:27:31 -04:00
Eelco Dolstra 02624758b1 Use udev to restore ALSA volume settings 
Alsa-utils provides a udev rule to restore volume settings, so use
that instead of restoring them from a systemd service.  The
"alsa-store" service saves the settings on shutdown.
 2012-10-02 11:09:54 -04:00
Eelco Dolstra 666620cdd5 Use ‘mountpoint -q’ 2012-10-02 10:32:56 -04:00
Eelco Dolstra 2044ae785d Use "wants" instead of "requires" 2012-10-02 10:32:29 -04:00
Eelco Dolstra 7932978617 Fix Upstart compatibility jobs that depend on "stopped udevtrigger" 
It's not enough to say "after udev-settle.service" since
udev-settle.service is not wanted/required anywhere - we need to say
"wants udev-settle.service" as well.

This should fix problems with ALSA and X11 initialisation that people
have been seeing.
 2012-10-02 10:31:02 -04:00
Eelco Dolstra 2cf5e3cb66 Add options ‘boot.systemd.targets’ and ‘boot.systemd.sockets’ 2012-10-01 18:58:11 -04:00
Eelco Dolstra ca13a913d9 Oops, lost some code 2012-10-01 18:20:22 -04:00
Eelco Dolstra 990ec8cc4e Decrease PostgreSQL start check interval 2012-10-01 17:32:03 -04:00
Eelco Dolstra 2326c6da2b postgresql.nix: Depend on the filesystem containing the database 2012-10-01 16:53:13 -04:00
Eelco Dolstra 5cf702e1c1 postgresql.nix: Use User/Group instead of su 2012-10-01 16:49:02 -04:00
Eelco Dolstra 13d747c11a Support postStart scripts in service units 2012-10-01 16:45:49 -04:00
Eelco Dolstra 891be375b5 Make unitConfig/serviceConfig attribute sets 
So instead of:

  boot.systemd.services."foo".serviceConfig =
    ''
      StartLimitInterval=10
      CPUShare=500
    '';

you can say:

  boot.systemd.services."foo".serviceConfig.StartLimitInterval = 10;
  boot.systemd.services."foo".serviceConfig.CPUShare = 500;

This way all unit options are available and users can set/override
options in configuration.nix.
 2012-10-01 16:27:42 -04:00
Eelco Dolstra 440b793a5b Remove ‘autocreate’ FS option 
Systemd creates missing mountpoints unconditionally.
 2012-10-01 14:34:39 -04:00
Eelco Dolstra 353522ef79 Remove JoinControllers line because upstream reverted joining cpuset 2012-10-01 14:33:01 -04:00
Peter Simons 4b78161e3e dovecot: add options to selectively enable/disable the IMAP and/or POP3 listener 2012-09-30 00:54:03 +02:00
Mathijs Kwik 1b47614c46 invalidate-nscd: use script instead of exec for multiple commands 
otherwise, only the first one line executes
 2012-09-29 10:51:28 +02:00
Eelco Dolstra 0c4c3fc8aa Merge branch 'systemd' of github.com:NixOS/nixos into systemd 2012-09-28 11:41:59 -04:00
Peter Simons 03f13a4939 Tell sshd not to detach into the background. 
This makes it easier for systemd to track it and avoids race conditions such as
this one:

  systemd[1]: PID file /run/sshd.pid not readable (yet?) after start.
  systemd[1]: Failed to start SSH Daemon.
  systemd[1]: Unit sshd.service entered failed state.
  systemd[1]: sshd.service holdoff time over, scheduling restart.
  systemd[1]: Stopping SSH Daemon...
  systemd[1]: Starting SSH Daemon...
  sshd[2315]: Server listening on 0.0.0.0 port 22.
  sshd[2315]: Server listening on :: port 22.
  sshd[2335]: error: Bind to port 22 on 0.0.0.0 failed: Address already in use.
  sshd[2335]: error: Bind to port 22 on :: failed: Address already in use.
  sshd[2335]: fatal: Cannot bind any address.
  systemd[1]: Started SSH Daemon.
 2012-09-28 17:38:24 +02:00
Peter Simons fabe06337e alsa.nix: initialize the sound card before restoring previously stored settings 
The sound card in my ThinkPad won't work unless "init" is run explicitly.
 2012-09-28 17:38:24 +02:00
Eelco Dolstra 3ad370ae0a Merge remote-tracking branch 'origin/master' into systemd 
Conflicts:
	modules/misc/ids.nix
	modules/services/mail/postfix.nix
	modules/services/system/nscd.nix
	modules/services/x11/desktop-managers/xfce.nix
	modules/system/boot/stage-1.nix
 2012-09-28 11:35:27 -04:00
Eelco Dolstra 1084a8e0de Add "adm" group from the systemd branch to prevent constant collisions 2012-09-28 11:14:33 -04:00
Eelco Dolstra 3e6bb7d1de Move setting ownership of /nix/store to stage-2-init 
This is necessary because the store might be bind-mounted read-only.
 2012-09-28 10:59:58 -04:00
Peter Simons 6f052ee62e spamassassin: use virtual user home directories under /var/lib/spamassassin to avoid permission problems 
When spamd isn't running as 'root', it cannot access the usual ~/.spamassassin
path where user-specific files normally reside. Instead, we use the path
/var/lib/spamassassin-<user> to store those home directories.
 2012-09-28 00:06:52 +02:00
Peter Simons bcb8038726 spamassassin: add option for running the spamd daemon in debug mode 2012-09-27 17:12:25 +02:00
Peter Simons 9d83b8897b spamassassin: drop obsolete command line options 2012-09-27 16:51:32 +02:00
Rickard Nilsson 65c1c6525b network-manager: Big overhaul 
* Add group 'networkmanager' and implement polkit configuration
    that allows users in this group to make persistent, system-wide
    changes to NetworkManager settings.

  * Add support for ModemManager. 3G modems should work out of the
    box now (it does for me...). This introduces a dependency on
    pkgs.modemmanager.

  * Write NetworkManger config file to Nix store, and let the
    daemon use it from there.
 2012-09-27 09:26:07 +02:00
Peter Simons af7c192f2a postfix: convert service to systemd 2012-09-25 16:38:09 -04:00
Peter Simons 5ef71c6d22 smartd: convert service to systemd 2012-09-25 16:38:05 -04:00
Eelco Dolstra a139fa14b1 Optionally make the Nix store read-only to enforce immutability 
This will be the default once Nix 1.2 is released.
 2012-09-25 16:33:21 -04:00
Eelco Dolstra fcebb3f3cd Clean up the nscd job 2012-09-25 15:22:55 -04:00
Peter Simons 2d6d678bb9 dovecot.nix: correct bogus reference to dovecot in Nixpkgs 2012-09-25 11:24:35 +02:00
Peter Simons a7700202f2 Rename dovecot2 module to dovecot. 
We no longer support more than one version.
 2012-09-25 11:23:53 +02:00
Shea Levy bf116c7876 busyboxKeymap: Support unicode keymaps 2012-09-24 17:15:26 -04:00
Peter Simons 573b6b710f Merge pull request #26 from aszlig/boottime-keymap 
stage-1: Add option to load keymap during bootup.
 2012-09-24 07:33:03 -07:00
Peter Simons c1949c36e9 Merge pull request #31 from peti/master 
Drop service for dovecot 1.x.
 2012-09-24 07:31:04 -07:00
Lluis Batlle 5ee79c5722 Adding a parameter 'ttyEmergency' 
It specifies what mingetty will be stopped, if a bad filesystem
triggers an emergency shell.

That should be ttyS0 on headless systems, and in that case,
nixos should stop the ttyS0 mingetty from getting in.
 2012-09-24 00:16:52 +02:00
Peter Simons 97c74bf050 alsa.nix: initialize the sound card before restoring previously stored settings 
The sound card in my ThinkPad won't work unless "init" is run explicitly.
 2012-09-23 22:40:19 +02:00
Peter Simons 00e19c91e5 postfix: add option 'extraMasterConf' to extend the default master.cf file 2012-09-23 12:21:48 +02:00
Peter Simons b8f09be5e0 Remove service for dovecot version 1.x. 2012-09-22 12:51:58 +02:00
Eelco Dolstra 1ad655bdcf Don't join the cpuset controller with cpu/cpuacct 
This works around the problem described here:

http://lists.freedesktop.org/archives/systemd-devel/2012-September/006648.html
 2012-09-21 22:56:13 -04:00
Eelco Dolstra 4fa9b4b257 Restart systemd if necessary 2012-09-21 14:58:28 -04:00
Eelco Dolstra 0bd7bdfe0d Merge branch 'master' of github.com:NixOS/nixos 2012-09-21 11:03:25 -04:00
Eelco Dolstra 600d43ba93 Drop xfce-4.6 compatibility 2012-09-21 11:03:07 -04:00
Peter Simons 4476b875fc Add services.dovecot2.extraConfig option to configure arbitrary settings for which NixOS has no direct support. 2012-09-21 16:04:46 +02:00
Peter Simons 0573c7fcae modules/services/mail/dovecot2.nix: update syntax for SSL config options 2012-09-21 12:29:36 +02:00
Peter Simons 155495deb2 modules/services/mail/dovecot2.nix: accept plain text authentication only over secure channels when TLS is available 
Connects from 'localhost' are always considered secure.
 2012-09-21 12:29:36 +02:00
Peter Simons 1da16a5ea1 modules/services/mail/dovecot2.nix: log via syslog instead of writing a separate file 2012-09-21 12:29:36 +02:00
Eelco Dolstra d4af6edd5e firewall.nix: Allow specifying trusted network interfaces 
Trusted network interfaces (such as "lo") will accept any incoming
traffic.
 2012-09-20 17:51:44 -04:00
Eelco Dolstra 1e666c10fa Get rid of the last use of mkThenElse 2012-09-20 16:55:32 -04:00
Rickard Nilsson 0de3a0cff3 nscd-invalidate: Invalidate passwd and group databases also 
I had some problems with LDAP user lookups not working properly
at boot. I found that invalidating passwd and group on the
ip-up event (when nscd-invalidate starts) helped a bit.
 2012-09-19 14:30:55 +02:00
Eelco Dolstra 83c6b1cf3a Set $LOCALE_ARCHIVE in systemd services 
Systemd sets locale variables like $LANG when running services, so
$LOCALE_ARCHIVE should also be set to prevent warnings like "perl:
warning: Setting locale failed.".
 2012-09-18 18:12:39 -04:00
Eelco Dolstra d12dd340b6 firewall.nix: Respect networking.enableIPv6 = false 
Reported-by: Pablo Costa <modulistic@gmail.com>
 2012-09-18 17:20:46 -04:00
Eelco Dolstra b96835f8dd Merge remote-tracking branch 'origin/master' into systemd 2012-09-14 13:24:03 -04:00
Eelco Dolstra 75583c7984 nixos-rebuild: Support --option 2012-09-14 13:23:19 -04:00
Peter Simons ad65e807bd Add new 'hardware.cpu.amd.updateMicrocode' option. 2012-09-11 18:44:37 +02:00
Eelco Dolstra aac6fe44b6 Merge branch 'master' of github.com:NixOS/nixos into systemd 2012-09-11 10:58:57 -04:00
Eelco Dolstra b53842df3e Don't set the passno field for tmpfs and other FSs that have no device 
If passno is set, then systemd will instantiate a systemd-fsck unit,
which in turn will instantiate a <device>.device unit
(e.g. "none.device").  Since no such device exists, mounting will
fail.  So don't set passno.
 2012-09-11 10:55:56 -04:00
Ludovic Courtès f7530dc5ee avahi: Never set host-name' to the empty string in avahi-daemon.conf'. 2012-09-07 10:58:53 +02:00
Rob Vermaas 27880ed729 Change logstash job startOn attribute to include networking 2012-09-06 12:31:15 +02:00
Shea Levy f701e8d420 d'oh 2012-09-03 12:11:07 -04:00
Shea Levy 4be367ec47 Damn NixOS lack of laziness... 2012-09-03 10:35:45 -04:00
Eelco Dolstra e0e0e57c26 Fix the OpenVPN jobs 2012-08-30 21:11:36 -04:00
Mathijs Kwik bce1cdd59c fix kernel 3.4+ early cifs mounting (qemu-vm target) 
kernel 3.4+ needs cifs-utils to mount CIFS filesystems.
the kernel itself (and busybox's cifs mount code) are no longer able
to do this in some/most cases and will error out saying:
"CIFS VFS: connecting to DFS root not implemented yet"

Nixos' qemu-vm target is hurt by this, as it wants to mount /nix/store
via cifs very early in the boot process.

This commit makes sure the initrd for affected kernels is built with
cifs-utils if needed.
 2012-08-30 18:31:45 +02:00
Mathijs Kwik a502ce1128 networking: add proxy_arp / proxy_ndp options. 
proxy_arp (and proxy_ndp for ipv6) can be turned on on a few
interfaces (at least 2).
This is mainly useful for creating pseudo-bridges between a real
interface and a virtual network such as VPN or a virtual machine for
interfaces that don't support real bridging (most wlan interfaces).
As ARP proxying acts slightly above the link-layer, below-ip traffic
isn't bridged, so things like DHCP won't work. The advantage above
using NAT lies in the fact that no IP addresses are shared, so all
hosts are reachable/routeable.
 2012-08-29 22:59:36 +02:00
Mathijs Kwik 0dd46d1335 networking: add options for configuring virtual devices (tun/tap) 
These are mainly useful for network tunnels (vpn/ipv6) and creating
bridges for virtual machines
 2012-08-29 22:59:36 +02:00
Mathijs Kwik d106a8a296 logcheck: make sure directories are writable during merge phase 2012-08-29 22:59:28 +02:00
Peter Simons 51e58dafca spamassassin: use a dedicated user for running spamd 2012-08-28 16:27:28 +02:00
Mathijs Kwik 2769f594f3 add logcheck module 2012-08-26 16:04:49 +02:00
Mathijs Kwik aba9f76105 change permission of /run/lock to allow non-root access to subdirectories 2012-08-26 10:17:22 +02:00
Mathijs Kwik 05262ad35d postfix: allow specifying 'virtual' mappings 
mainly useful for having a few local addresses (me@host.domain.com) while the majority of
addresses are on the domain (you@domain.com)
 2012-08-24 00:27:07 +02:00
Eelco Dolstra 8adc1ee92e switch-to-configuration: Stop sockets corresponding to services 
If a service has a corresponding socket unit, then stop the socket
before stopping the service.  This prevents it from being restarted
behind our backs.  Also, don't restart the service; it will be
restarted on demand via the socket.
 2012-08-23 12:12:58 -04:00
Eelco Dolstra e194d41b9c cpufreq: Don't complain if a CPU doesn't support the desired governor 2012-08-23 12:12:25 -04:00
Eelco Dolstra 4c65a5d95c Don't restart agetty 2012-08-23 11:13:33 -04:00
Eelco Dolstra dfb6e891b9 switch-to-configuration: Don't restart systemd-user-sessions.service 
Restarting it causes all user sessions to be killed.
 2012-08-23 11:11:14 -04:00
Eelco Dolstra af550048e8 switch-to-configuration: Don't restart the suspend/hibernate targets 
Restarting them has the side effect of suspending/hibernating the
system again.
 2012-08-23 11:11:04 -04:00
Eelco Dolstra 9e5bbee2b1 Make cpufreq a service instead of a task 
Otherwise it will be restarted by switch-to-configuration even when it
hasn't changed.
 2012-08-23 11:08:42 -04:00
Eelco Dolstra b02c488fde Automatically append ".service" to the name of service units 2012-08-23 10:25:27 -04:00
Eelco Dolstra cce6e48edf Don't use consolekit anywhere 2012-08-23 10:25:15 -04:00
Eelco Dolstra 0280aa2dc4 Remove the lvm job 
There is a generator in lvm2 that takes care of this.
 2012-08-23 10:23:41 -04:00
Eelco Dolstra c2da812bd0 Enable upower's systemd unit 2012-08-21 11:29:59 -04:00
Eelco Dolstra 223f04b3ca Add option ‘boot.systemd.packages’ to use units from the specified packages 2012-08-21 11:28:47 -04:00
Eelco Dolstra e02b57df9b Fix the dependencies of the vboxnet0 service 2012-08-20 16:19:57 -04:00
Eelco Dolstra f3def8194e switch-to-configuration: Restart all active targets 2012-08-20 16:19:03 -04:00
Eelco Dolstra 3f4ffffed7 Fix a Perl warning 2012-08-20 11:32:50 -04:00
Eelco Dolstra 08f14b33c1 Merge branch 'master' of github.com:NixOS/nixos into systemd 2012-08-20 11:27:38 -04:00
Eelco Dolstra 36e05e8dd2 Add some more backward compatibility hacks 2012-08-20 11:21:11 -04:00
Eelco Dolstra 39ec043aea Typo 2012-08-20 11:21:03 -04:00
Eelco Dolstra 5408f1ebcd Build slim without consolekit 2012-08-20 11:11:25 -04:00
Eelco Dolstra cdc3604a7d kdm: Do a poweroff, not a halt 2012-08-20 11:11:10 -04:00
Eelco Dolstra ebb1781dfc Fix KDE/kdm 2012-08-20 11:10:19 -04:00
Peter Simons 16713db4e2 modules/programs/bash/bashrc.sh: adapt bash completion for version 2.0 of the package 2012-08-20 16:37:14 +02:00
Petr Rockai 5dc8bc5f2a Do not assume that /dev/console can always be written. 2012-08-18 14:29:09 +02:00
Eelco Dolstra 6547ecb72f Remove policykit.nix (old PolicyKit module) 
Only the HAL module needed it.
 2012-08-17 14:47:37 -04:00
Eelco Dolstra 1e5a2bca28 Remove HAL 
It's obsolete and we no longer use it.
 2012-08-17 14:45:43 -04:00
Eelco Dolstra c60d6caee8 Rename xserver.service to display-manager.service 
The latter is what graphical.target expects.
 2012-08-17 14:43:41 -04:00
Eelco Dolstra 490ce3a230 PAM: Rename ownDevices to startSession 
Logind sessions are more generally useful than for device ownership.
For instances, ssh logins can be put in their own session (and thus
their own cgroup).
 2012-08-17 13:48:22 -04:00
Eelco Dolstra 676157f1e7 slim.nix: Remove the hideCursor option because it doesn't work 2012-08-17 13:42:52 -04:00
Eelco Dolstra b91aa1599c sshd.nix: Disable password logins for root by default 2012-08-17 13:32:23 -04:00
Eelco Dolstra a44e575196 switch-to-configuration: Respect the ‘restartIfChanged’ attribute 2012-08-17 13:14:42 -04:00
Eelco Dolstra 7d958dcdd1 Drop Upstart references 2012-08-17 11:02:12 -04:00
Eelco Dolstra f903a3dcc8 dhcpcd.nix: Add a reload action for rebinding interfaces 2012-08-17 11:01:07 -04:00
Eelco Dolstra 2ce5abaedf acpid.nix: Fix dependencies 2012-08-17 11:00:33 -04:00
Eelco Dolstra 8e8bad96d4 alsa.nix: Add job description 2012-08-17 11:00:14 -04:00
Eelco Dolstra 36f5c97b49 Use systemd-udevd instead of udevd 2012-08-16 16:34:49 -04:00
Eelco Dolstra 7e99541afe Fix initrd for the latest lvm2 2012-08-16 15:37:13 -04:00
Eelco Dolstra a025e7e7e2 Provide a common share between VMs to allow easy communication 
Every VM now mounts a common SMB share on /tmp/shared.
 2012-08-16 10:47:33 -04:00
Eelco Dolstra 0e3f03106f postgresql.nix: Add an option for overriding the PostgreSQL package 2012-08-15 17:02:03 -04:00
Eelco Dolstra d18c2afc6f Add an ip-up target for services that require IP connectivity 2012-08-15 15:38:52 -04:00
Eelco Dolstra 981347429a Add support for PartOf dependencies 2012-08-15 15:36:54 -04:00
Eelco Dolstra c2b2a3369a Fix dependencies of Apache and PostgreSQL 2012-08-14 18:15:37 -04:00
Eelco Dolstra a133eb5991 Add some missing targets 
Also make multi-user.target pull in remote-fs.target to mount remote
filesystems.
 2012-08-14 18:14:48 -04:00
Eelco Dolstra 55b2736566 Add a target ‘fs.target’ that waits for all filesystems 2012-08-14 18:14:16 -04:00
Eelco Dolstra 11c3219c1c Remove the ‘networking’ job 
Systemd has ‘network.target’ for this purpose.
 2012-08-14 18:12:16 -04:00
Eelco Dolstra a44a7271a8 Warn about Upstart modules with an unknown startOn condition 2012-08-14 17:30:11 -04:00
Eelco Dolstra 9dce4bd9c5 Provide start/stop/status aliases as a convenience for Upstart users 2012-08-14 17:22:04 -04:00
Eelco Dolstra 7a7d04af8a systemd: Use the kernel modules from /run/booted-system 
This prevents failures in systemd-modules-load.service like "Failed to
lookup alias 'ipv6': Function not implemented".
 2012-08-14 17:09:44 -04:00
Eelco Dolstra 4475294f57 Fix a hang during shutdown 
Subtle: dhcpcd.service would call resolvconf during shutdown, which in
turn would start invalidate-nscd.service, causing the shutdown to be
cancelled.  Instead, give nscd.service a proper reload action, and do
"systemctl reload --no-block nscd.service".  The --no-block is
necessary to prevent that command from waiting until a timeout occurs
(bug in systemd?).
 2012-08-14 16:45:50 -04:00
Eelco Dolstra 88bfdca8e0 stage-1: Use systemd-udevd instead of the old udevd 2012-08-14 15:31:15 -04:00
Peter Simons a025e848e0 modules/security/sudo.nix: added 'wheelNeedsPassword' option (default: true) 
Change this setting to 'false' to allow users in the 'wheel' group to execute
commands as super user without entering a password.
 2012-08-13 14:37:32 +02:00
Shea Levy 85997a6692 mingetty: Don't make restartIfChanged optional 2012-08-12 11:44:00 -04:00
aszlig c9e05f1ed8 stage-1: Load boot-time keymap by default. 
This also removes the configuration option, as suggested by @edolstra.
 2012-08-12 16:54:31 +02:00
aszlig d809a9e6b2 mingetty: Option to not restart on service change. 
This especially annoyed me whenver I was doing nixos-rebuild switch and getting
logged out on all consoles. With this there now is services.mingetty.dontRestart
for heavy VT users to deactivate this behaviour.
 2012-08-12 13:50:50 +02:00
aszlig eb0b2651b8 stage-1: Add option to load keymap during bootup. 
As non-QWERTY keyboards don't feel so warm and cozy if they hug QWERTY LUKS
password prompts, it was on honor for me to serve King Dvorak XV to fight the
glorious keyboard war against... what?! Yes, I'm awake!

We're fighting with loadkeys to spit out busybox binary keymaps against loadkmap
(loadkeys does have a special target -b for that).

And yep, I'm somewhat abusing preLVMCommands, if someone got issues with that,
feel free to introduce a new substitute in stage-i-init.sh.

Sent from my iPhone
 2012-08-12 13:38:36 +02:00
Shea Levy 15a1efe023 find modules/ -name \*.nix -print0 | xargs -0 sed -i 's/RT73Firmware/RalinkFirmware/g' 2012-08-11 12:34:35 -04:00
Lluís Batlle i Rossell 50350a15f1 Adding a rename line for rt73 -> ralink. 2012-08-11 14:54:43 +02:00
Lluís Batlle i Rossell 9e753f3a46 Removing rt73 module, adding ralink module. 
The rt73 fw were a subset of ralink, and the nixpkgs url
for rt73 didn't work either. Ralink should make any rt73 card work.
 2012-08-11 14:53:34 +02:00
Eelco Dolstra 39030211af Add a unitConfig option to set the [Unit] section of units 2012-08-10 18:56:12 -04:00
Eelco Dolstra e00967a54a stage-2-init: Drop udev from the $PATH 2012-08-10 18:41:20 -04:00
Eelco Dolstra a4a90685ea switch-to-configuration: Handle swap devices 2012-08-10 15:52:47 -04:00
Eelco Dolstra be5486813b Add an "adm" group 
Journald will chown all journal files to the adm group so that users
in that group can run "journalctl".
 2012-08-10 15:25:04 -04:00
Eelco Dolstra a3c75462c1 switch-to-configuration: Handle switching all systemd units 2012-08-10 15:15:59 -04:00
Lluís Batlle i Rossell 746b572ee6 stage2init: fix respecting 'noatime' mount options for / 
We had a "mount -o remount,rw none /" that was setting back 'relatime',
although we had set 'noatime' at initrd mount. Removing the word 'none' fixed
it.

Specifying a device (in this case 'none'), makes mount to forget previous
device options. According to manpage, it says not to read fstab or mtab. But the
effect is that of setting 'relatime', if it was mounted 'noatime.
 2012-08-10 20:51:13 +02:00
Eelco Dolstra ce7ead7bd7 switch-to-configuration: Handle changes to fileSystems 
We now automatically remount filesystems with changed options, mount
new filesystems, and unmount obsolete filesystems.
 2012-08-10 10:56:55 -04:00
Eelco Dolstra f31ab09b85 Set uniq type on boot.loader.kernelFile 2012-08-09 11:00:35 -04:00
Shea Levy 20d4dee426 The efi boot stub code should only be run if it is enabled 2012-08-09 10:37:43 -04:00
Eelco Dolstra 6b2a14d698 Fix NixOS evaluation 2012-08-09 10:04:25 -04:00
Eelco Dolstra 5ae6385175 qemu-vm.nix: Use ext4 instead of ext3 2012-08-09 10:00:49 -04:00
Shea Levy da787e3071 efi-boot-stub: List required kernel config 2012-08-08 23:02:46 -04:00
Eelco Dolstra 21da462ad5 Merge pull request #25 from shlevy/required-kernel-config 
Required kernel config
 2012-08-08 10:33:41 -07:00
Shea Levy c39f493ebb Minor reorganization 2012-08-07 18:09:08 -04:00
Shea Levy d9c03b6447 The kernel needs swap support if swapDevices are enabled 2012-08-07 17:34:10 -04:00
Shea Levy d28876ea70 qemu tests use the virtio console to run commands 2012-08-07 17:04:00 -04:00
Shea Levy 9d8ddd90f9 qemu mounts /nix/store via CIFS 2012-08-07 16:44:15 -04:00
Shea Levy 13d8856a4f qemu requires VIRTIO_NET (and dependencies) for virtio networking 2012-08-07 16:25:11 -04:00
Eelco Dolstra 66ff6a382a stage-1-init: Close temporary file descriptor 
Otherwise this fd will be inherited all the way into the Upstart jobs.
 2012-08-07 10:05:33 -04:00
Shea Levy 805d37db48 qemu-vm creates an ext3 filesystem 2012-08-07 07:02:08 -04:00
Shea Levy 0ea2643c63 The initrd mounts some tmpfses 2012-08-07 06:57:01 -04:00
Shea Levy 11e5207a2d qemu requires VIRTIO_BLK (and dependencies) for virtio drives 2012-08-06 17:10:54 -04:00
Shea Levy 64d0069be3 udev requires unix sockets and inotify 2012-08-06 17:02:35 -04:00
Eelco Dolstra 52b6e10315 Use systemd-modules-load.service to load required kernel modules 2012-08-06 16:52:08 -04:00
Rickard Nilsson e33dfa936f Use busybox mount instead of klibc nfsmount for nfs mounts in initrd. 2012-08-06 16:25:22 -04:00
Eelco Dolstra 23947c26a8 Revert accidental commit 2012-08-06 15:53:04 -04:00
Eelco Dolstra d33fd9a1f8 switch-to-configuration: Assume that services that are auto-restarting are going to fail 2012-08-06 15:48:46 -04:00
Eelco Dolstra 27f496c1ce Make the VirtualBox guest services depend on /dev/vboxguest 
Systemd #ftw
 2012-08-06 14:59:58 -04:00
Eelco Dolstra b11c5d5991 nscd: Ensure that invalidate-nscd starts after nscd 2012-08-06 12:26:52 -04:00
Eelco Dolstra 9f9ae7c7e9 Share option definitions between the systemd and Upstart compatibility modules 2012-08-06 11:45:59 -04:00
Eelco Dolstra f74ffe3550 Remove obsolete Upstart shutdown job 2012-08-06 10:58:27 -04:00
Shea Levy e66bcbd58a The kernel needs SERIAL_8250_CONSOLE when using a real serial port as a console 2012-08-06 08:13:06 -04:00
Shea Levy 1b615f460b Allow overriding all NixOS tests to run with the minimal kernel possible for that test's config(s) (based on requiredKernelConfig) 2012-08-04 09:45:26 -04:00
Eelco Dolstra 2a91bb5282 switch-to-configuration: Print new units 2012-08-03 17:13:34 -04:00
Eelco Dolstra 320682a558 switch-to-configuration: Don't ellipsize log output 2012-08-03 14:39:59 -04:00
Eelco Dolstra 0d6b96a525 switch-to-configuration: Fix the call to install the boot loader 2012-08-03 14:07:43 -04:00
Eelco Dolstra aa6fd9f8a2 switch-to-configuration: Handle unit template instances 2012-08-03 13:47:59 -04:00
Eelco Dolstra bd3c9febc9 switch-to-configuration: Stop units in one call to systemctl 2012-08-03 13:29:56 -04:00
Peter Simons d13a3c741a spamassassin: call daemon with complete path 2012-08-03 18:07:06 +02:00
Eelco Dolstra b6bd0a4f84 switch-to-configuration: Restart services that were manually started 2012-08-03 11:53:14 -04:00
Eelco Dolstra d5d8acfacd Assign uid/gid 54 to wwwrun 2012-08-03 11:05:25 -04:00
Eelco Dolstra 23cb924fbf Don't try to change the uid/gid of existing users 
Unless we search the entire filesystem to do a chown *and* restart
existing processes owned by that user, there is no sensible way that
we can change uids/gids.  So don't try.
 2012-08-03 11:03:56 -04:00
Eelco Dolstra 0a0c28f812 Revert "Add services.httpd.fixUidAndGid option to assign reliable numeric UID and GID for the Apache user." 
This reverts commit 0ef085d58a.
 2012-08-03 10:52:53 -04:00
Eelco Dolstra 56ce5614f9 switch-to-configuration: Print all failed services 2012-08-03 10:40:01 -04:00
Peter Simons 0ef085d58a Add services.httpd.fixUidAndGid option to assign reliable numeric UID and GID for the Apache user. 
The option is disabled by default so that previously existing installations
aren't affected.

If you'd like to migrate to the fixed numeric id for Apache, set "fixUidAndGid
= true", edit the file "/etc/groups" and replace the old GID value with 54.
(NixOS can't do that for you because it refuses to change a GID that identifies
the primary group of a user.) Then run

  find / -xdev -uid $oldUID -exec chown 54 {} +
  find / -xdev -gid $oldGID -exec chgrp 54 {} +

to update ownership of all files that are supposed to be owned by Apache.
 2012-08-03 16:39:55 +02:00
Eelco Dolstra 29f721ba54 Only create the Apache user/group if it's "wwwrun" 2012-08-03 09:35:06 -04:00
Peter Simons 1b249eaf05 Initial version of a SpamAssassin service. 
The configuration is expected to be managed by the user in /etc/spamassassin.
 2012-08-03 15:11:28 +02:00
Eelco Dolstra 4d2deff7af Stop obsolete units, restart changed units, start new units 2012-08-02 17:26:23 -04:00
Eelco Dolstra 0fc68a3d1d Rewrite switch-to-configuration in Perl 
This will make it more efficient to do systemd dependency graph
processing (if necessary).
 2012-08-02 15:11:29 -04:00
Eelco Dolstra d4fec178fd Merge remote-tracking branch 'origin/master' into systemd 2012-08-02 13:44:16 -04:00
Eelco Dolstra 1fcef0a0e0 Don't use nixUnstable 2012-08-02 13:31:57 -04:00
Rickard Nilsson a6039e1be2 LUKS root: Fix key file check 
Check for null instead of empty string
 2012-08-02 11:39:31 +02:00
Rickard Nilsson 0958b224ac LUKS root: Add option for using a key file instead of a passphrase. 2012-08-02 11:30:33 +02:00
Rickard Nilsson ecdbc94e05 LUKS root: Add option allowDiscards (for SSD disks) 2012-08-02 11:27:28 +02:00
Shea Levy feb010a366 NixOS kernels should support ELF executables 2012-08-02 00:47:36 -04:00
Shea Levy 3d20a308af tests/minimal-kernel: Add CIFS timeout patch 2012-08-01 23:36:48 -04:00
Shea Levy 9e300052bd Add test to check that a machine with a minimal kernel but all of the requiredKernelConfig options set boots and shuts down 2012-08-01 22:32:16 -04:00
Shea Levy 2a983acaff Enable specifying which kernel config options are needed for a given module 2012-08-01 21:50:43 -04:00
Eelco Dolstra 5f57110e1f install-grub.pl: Fix Xen support 2012-08-01 21:48:29 +02:00
Mathijs Kwik 52fd5ea6ca gogoclient: setup config and dirs on service start, not on system activation 2012-07-31 20:07:05 +02:00
Eelco Dolstra 6576d81ff1 Fix "please: command not found" in switch-to-configuration 2012-07-30 15:19:30 -04:00
Eelco Dolstra 2678ff3726 Use /sys/fs/cgroup instead of /dev/cgroup 2012-07-30 13:49:18 -04:00
Eelco Dolstra 174d6a07e0 Fix whitespace 2012-07-30 13:49:10 -04:00
Eelco Dolstra a559a2a606 mediawiki.nix: Use the right PHP build 2012-07-30 17:19:23 +02:00
Florian Friesdorf 14a8532ee0 add NIX_CONF_DIR to sudo env_keep variables (suggested by Eelco Dolstra) 
this enables nix-collect-garbage under sudo to respect nix.conf, e.g.:

    gc-keep-outputs = true
    gc-keep-derivations = true
 2012-07-27 12:25:11 +02:00
Peter Simons e988324534 Use a dedicated user ('named') for BIND instead of running the daemon as super user. 2012-07-27 00:08:41 +02:00
Shea Levy 51765e6333 Merge pull request #20 from chaoflow/setuid-wrapper-newgrp 
add setuid wrapper for newgrp
 2012-07-26 11:11:10 -07:00
Florian Friesdorf 7c1c4c757c add setuid wrapper for newgrp 2012-07-26 16:52:38 +02:00
Eelco Dolstra 16da4a14f1 amazon-image.nix: Don't put any old configurations in the GRUB menu 2012-07-25 16:38:05 -04:00
Eelco Dolstra 557f39aa0f install-grub.pl: Apply the configuration limit only to old generations 2012-07-25 16:37:29 -04:00
Eelco Dolstra 8cae5e5782 Remove jfsrec from the minimal CD because it pulls in Boost 2012-07-25 11:39:41 -04:00
Eelco Dolstra b52117c34d Treat init-script as a boot loader 2012-07-25 11:30:16 -04:00
Eelco Dolstra 8b91a5f2ff Move boot loader modules to modules/system/boot/loader 2012-07-25 10:59:03 -04:00
Eelco Dolstra b15e1fbb08 Boot loader refactoring 
- Renamed system.build.menuBuilder to system.build.installBootLoader.

- ‘install-grub.pl’ (formerly grub-menu-builder.pl) now generates the
  GRUB menu *and* installs GRUB (if necessary).

- ‘switch-to-configuration.sh’ has no boot loader specific knowledge
  anymore.  It just calls installBootLoader.
 2012-07-25 10:47:32 -04:00
Eelco Dolstra 1b743526bd grub.nix: Handle null values 
http://hydra.nixos.org/build/2894714
 2012-07-25 09:27:51 -04:00
Eelco Dolstra be4c4d79cf grub-menu-builder: GRUB now installs unicode.pf2 automatically 2012-07-24 22:37:16 -04:00
Eelco Dolstra a0721ad2b3 stage-1-init: Use mount --move to move /sys etc. to the target root 
This fixes warnings about /sys/kernel/security during shutdown and
cleans up /proc/mounts.
 2012-07-24 22:04:28 -04:00
Eelco Dolstra fb15b1894e Add missing progress message 2012-07-24 19:27:16 -04:00
Eelco Dolstra f0c82f4543 Pass the ‘--recheck’ flag to grub-install 2012-07-24 19:22:19 -04:00
Eelco Dolstra f07f221f0e Replace grub-menu-builder with a much faster version 
The old GRUB menu builder script is quite slow, typically taking
several seconds.  This is a real annoyance since it's run every time
you switch to a new configuration.  Therefore this patch replaces the
Bash script with a much faster Perl script.  In a VirtualBox test, the
execution time went from 2.7s to 0.1s.  The Perl version is also more
correct because it uses XML to get the GRUB configuration (through
builtins.toXML), so there are no shell escaping issues.

The new script currently lacks support for subconfigurations defined
through "nesting.children".
 2012-07-24 19:16:27 -04:00
Eelco Dolstra b3b6b8ad60 virtualbox-image.nix: VirtualBox disks are /dev/sda, not /dev/vda 2012-07-24 19:07:03 -04:00
Eelco Dolstra e4ed2120fd Create /etc/locale.conf and /etc/vconsole.conf 
Systemd's systemd-vconsole-setup.service reads locale and console
font/keymap settings from these files.  In particular, it sets the
virtual console to UTF-8 mode depending on the LANG setting.

This removed the need for the kbd job.
 2012-07-24 13:53:17 -04:00
Phreedom cb063afcbf F-Prot virus signaure database updater: package 2012-07-24 10:52:04 +03:00
Shea Levy 0f65521df2 Merge pull request #17 from MarcWeber/fix-init-script-builder 
fix init-script-builder
 2012-07-23 17:44:37 -07:00
Peter Simons e8e19bbb1f modules/services/web-servers/apache-httpd: rename 'apacheHttpd' option to 'package' 2012-07-24 01:01:48 +02:00
Peter Simons b3627f6c69 modules/services/web-servers/apache-httpd: add apache user to the apache group 2012-07-23 22:00:35 +02:00
Peter Simons 52c97adaba modules/services/web-servers/apache-httpd: make this module more configurable 
- The new option 'apacheHttpd' determines the version of the Apache
   HTTP Server that's being used by this module. The default version
   is Apache 2.2.x, as before.

 - The new option 'configFile' allows users specify their own custom
   config file for the web server instead of being limited to the one
   that this module generates.
 2012-07-23 21:48:21 +02:00
Eelco Dolstra 5a0cf5e7b6 Use ext4 for VirtualBox images 2012-07-23 14:01:10 -04:00
Phreedom 4f109c8a3d ClamAV: package virus fingerprint database updater. 2012-07-23 17:19:59 +03:00
Marc Weber 7ddea025e4 dont hardcode apache group name when setting permissions for state dir 2012-07-23 03:28:21 +02:00
Your Name 4549bad2f4 AppArmor: packaged 2012-07-22 16:31:49 +03:00
Your Name 8bde72d99c Mount securityfs needed for AppArmor and some TPM drivers. 
Should be harmless.
 2012-07-22 16:31:49 +03:00
Marc Weber 3221159f5f fix init-script-builder 2012-07-21 19:26:36 +02:00
Mathijs Kwik 26bf696350 Revert "allow out-of-tree nixos modules" 
This reverts commit b609ff4fcf.

It turns out this can just be done using "require".
 2012-07-21 18:30:58 +02:00
Mathijs Kwik b609ff4fcf allow out-of-tree nixos modules 
The environment variable "NIXOS_EXTRA_MODULES" is now checked to
contain a path to a file similar to modules/module-list.nix.

This gives the ability to include nixos modules that are not in the
nixos source tree.

This can be useful for modules that are still experimental, or which
aren't useful for other nixos users. Of course, this was already
possible to do this using a forked nixos tree, but with this
functionality, you can just rely on the nixos channel, easing things a
lot.
 2012-07-21 17:35:50 +02:00
Eelco Dolstra 71ca633431 Start agetty on tty1 
‘logind’ automatically starts agetty on all virtual consoles except
tty1.  We have to do that ourselves.
 2012-07-20 18:32:24 -04:00
Eelco Dolstra 0edf138fc7 switch-to-configuration: Initial systemd support 
It reloads the configuration, but doesn't (re)start jobs yet.
 2012-07-20 18:25:36 -04:00
Eelco Dolstra fd2cef50cd Don't pull in Upstart 2012-07-20 18:25:23 -04:00
Eelco Dolstra 7a98c884f8 dhcpcd.nix: Go into the background and restart ntpd 2012-07-20 18:24:55 -04:00
Eelco Dolstra ee075bdf6b agetty.nix: Add remark 2012-07-20 17:39:05 -04:00
Eelco Dolstra 77510eaa99 dbus.nix: Fix path to dbus-send 2012-07-20 17:38:36 -04:00
Eelco Dolstra 0b865edb16 switch-to-configuration: require a reboot going from Upstart to systemd 2012-07-20 16:23:52 -04:00
Eelco Dolstra 5fabcf63a3 Get delayed shutdowns to work 2012-07-20 15:40:50 -04:00
Eelco Dolstra 1602f8e162 Typo 2012-07-20 14:58:15 -04:00
Eelco Dolstra 1375e7951d Enable systemd-journal-flush.service (added by systemd 187) 2012-07-20 12:02:42 -04:00
Eelco Dolstra 41cb04f793 Implement serial-getty@.service 2012-07-20 11:36:09 -04:00
Eelco Dolstra 02e37ba6b0 Shorten filenames of start scripts to make log messages more readable 2012-07-19 17:41:42 -04:00
Eelco Dolstra ae62436697 Random changes 2012-07-19 17:33:22 -04:00
Eelco Dolstra 6419172bc2 journald: enable logging to the console 2012-07-19 17:32:50 -04:00
Eelco Dolstra 425ec4cb00 syslogd: Make it work with systemd 
Also made syslogd optional (and disabled by default).
 2012-07-19 12:48:30 -04:00
Eelco Dolstra 63742a942e Don't create /var/log/upstart/<jobname> unless necessary 2012-07-18 17:09:00 -04:00
Lluís Batlle i Rossell f43033a3f7 crashdump: it required some kernel options for the nmi_watchdog to work. 
Now it says at boot, for every core:
NMI watchdog: enabled, takes one hw-pmu counter.
 2012-07-18 21:50:18 +02:00
Peter Simons 4553a27a92 modules/security/pam.nix: add xscreensaver to the list of services 2012-07-17 13:01:09 +02:00
Eelco Dolstra 917e53a2d2 Update units names for systemd-186 2012-07-16 17:47:11 -04:00
Eelco Dolstra 94daecd90b save-hwclock.service: support time.hardwareClockInLocalTime 2012-07-16 17:32:26 -04:00
Eelco Dolstra 44d091674b Merge branch 'master' of github.com:NixOS/nixos into systemd 
Conflicts:
	modules/config/networking.nix
	modules/services/networking/ssh/sshd.nix
	modules/services/ttys/agetty.nix
	modules/system/boot/stage-2-init.sh
	modules/system/upstart-events/shutdown.nix
 2012-07-16 17:27:11 -04:00
Eelco Dolstra 1d57489427 Global replace /var/run/opengl-driver -> /run/opengl-driver 2012-07-16 11:34:21 -04:00
Eelco Dolstra 98459eb675 Global replace /var/run/booted-system -> /run/booted-system 2012-07-16 11:34:21 -04:00
Eelco Dolstra 73532c3855 Global replace /var/run/current-system -> /run/current-system 2012-07-16 11:34:21 -04:00
Shea Levy 8c24de13e4 D'oh 2012-07-16 08:11:44 -04:00
Shea Levy cdd8ecf9c7 multitouch: Invert left-right scrolling when invertScroll is enabled 2012-07-16 08:03:47 -04:00
Shea Levy 3d2b83c110 multitouch: Add an option to ignore palm touches 2012-07-14 21:40:49 -04:00
Shea Levy c909ea9208 multitouch: Add option to invert scroll 2012-07-14 18:02:46 -04:00
Shea Levy e3337c7f05 Add module for b43 firmware 2012-07-13 23:54:41 -04:00
Eelco Dolstra 57d74e6f4f openssh.authorizedKeys.keyFiles: allow multiple keys 
Ugly hack to get around the error "a string that refers to a store
path cannot be appended to a path".  The underlying problem is that
you cannot do

  "${./file1} ${./file2}"

but you can do

  " ${./file1} ${./file2}"

Obviously we should allow the first case as well.
 2012-07-13 17:59:03 -04:00
Eelco Dolstra 7e77dae458 sshd.nix: Create ~/.ssh/authorized_keys with the right ownership 2012-07-13 11:48:47 -04:00
Eelco Dolstra 7fca8ceaf8 /etc/login.defs: set the mode of new home directories to 700 2012-07-13 10:41:48 -04:00
Shea Levy 8544ba285d logstash: Fix sloppy description fields 2012-07-12 14:35:06 -04:00
Shea Levy a2b59f595f logstash: Export config.lib.logstash.mk{Float,Hash,NameValuePairs}. 
This allows hiding the implementation details for how to represent logstash
config types that don't directly map to nix expressions, particularly floats,
hashes, and name-value pair sets with repeated names. Instead of setting
__type and value directly, the user now uses these convenience functions to
generate their logstash config.
 2012-07-12 14:15:43 -04:00
Shea Levy 8712e1dafc Add lib module for modules to provide helper functions 2012-07-12 13:46:04 -04:00
Peter Simons 0c12e29368 Don't add the i3 window manager to the system if it isn't enabled in configuration.nix. 2012-07-12 11:33:10 +02:00
Eelco Dolstra 7de6a7e8b0 Rename time.clockLocal -> time.hardwareClockInLocalTime. 2012-07-11 15:33:34 -04:00
Carles Pagès 008493f94c Add option to keep hardware clock in local time. 2012-07-11 15:31:46 -04:00
Shea Levy 5412b1089f logstash: Start process in /tmp 
See https://logstash.jira.com/browse/LOGSTASH-107
 2012-07-11 13:45:36 -04:00
Shea Levy 315087def1 logstash: use {name=; value='} attrsets for repeated name-value pairs instead of parallel lists 2012-07-11 11:59:00 -04:00
Shea Levy 3039caf5ad Add logstash module. 
Since the logstash config file seemed very similar to a nixexpr, I decided
to map directly from nixexprs to logstash configs. I didn't realize until
too far in that this solution was probably way over-engineered, but it
works.
 2012-07-11 11:22:16 -04:00
Rok Garbas b7398794ed i3 window manager was not installed when enabled 2012-07-10 16:07:53 +02:00
Eelco Dolstra fbf9ecf78a Apache: make /var/run/httpd readable to wwwrun, as required by mod_cgid 2012-07-09 16:27:39 +02:00
Eelco Dolstra d0c9a3ce32 Apache: build PHP against the right httpd 
If httpd is built with a threaded MPM, then PHP needs to be built with
thread support as well.
 2012-07-06 23:28:46 +02:00
Eelco Dolstra 18031e41bb Apache: Add an option to set the MPM 
Supported values are "prefork" (default), "worker" and "event"
(experimental in Apache 2.2 but not 2.4).
 2012-07-06 14:23:55 -04:00
Eelco Dolstra a07eb262a0 Apache: don't fork into the background due to Upstart weirdness 
If Apache crashes during startup, Upstart for some reason shows the
job in the "start/running" state.  As a workaround, don't fork.
 2012-07-06 13:47:42 -04:00
Eelco Dolstra 46dce21bff MediaWiki: Generalise the skins support 
The new option ‘skins’ allows specifying a list of directories
providing skins to be added to the MediaWiki installation.  The
‘defaultSkin’ option just sets the default.
 2012-07-05 21:04:23 +02:00
Mathijs Kwik a630b1f6f6 EFI shell got updated upstream, reflecting new hash 2012-07-05 08:31:44 +02:00
Eelco Dolstra 348691645d Remove broken "nopipefail" option 
http://hydra.nixos.org/build/2751337
 2012-07-02 10:57:36 -04:00
Peter Simons 56373744b4 modules/config/networking.nix: recognize whether a local DNS resolver is available 
resolvconf prefers a locally running BIND resolver over the forwarders; we just
have to tell it whether we have one or not. We use 'config.services.bind.enable'
to make that decision, assuming that people are not going to configure a local
BIND that won't respond to queries on 127.0.0.1. If we run into such a (weird)
case, then we'll need to introduce another variable for that purpose which can
be set independently from 'config.services.bind.enable'.
 2012-07-02 15:01:02 +02:00
Peter Simons f22dbd5e05 modules/services/networking/wpa_supplicant.nix: strip trailing whitespace 2012-06-29 11:53:16 +02:00
Peter Simons 61b8ee9029 modules/services/networking/wpa_supplicant.nix: document that interface auto-detection doesn't work on Linux 3.4.x 2012-06-29 11:53:16 +02:00
Eelco Dolstra bf15293b1e Merge branch 'master' of github.com:NixOS/nixos into systemd 
Conflicts:
	modules/services/hardware/udev.nix
 2012-06-28 14:19:38 -04:00
Eelco Dolstra 76c74cd7c7 initrd: Detect filesystem type before doing fsck/mount 
BusyBox doesn't handle the "auto" filesystem type very well: fsck will
just ignore such filesystems, and mount will only work properly if the
required kernel module is already loaded.  Therefore, use blkid to
determine the filesystem type.

Also generate an /etc/fstab in the initrd rootfs on the fly.  This is
useful if you're dropped into an emergency shell since it allows you
to say "fsck /dev/sda1" or "mount /dev/sda" and have the right thing
happen.
 2012-06-28 10:55:44 -04:00
viric 7acfd8ec20 Merge pull request #9 from viric/pull-pipefail 
nixos-rebuild: make 'pull' fail in case it did not pull anything.
 2012-06-28 01:20:22 -07:00
Lluís Batlle i Rossell 34e8f68056 system-tarball-pc: not use boot.initrd.extraTools anymore 
Eelco removed the option recently, making the default initrd have the full
busybox.

I saw this evaluation error in the hydra nixos trunk page.
 2012-06-27 22:26:27 +02:00
Lluís Batlle i Rossell de87b07bb3 nixos-rebuild: fail if any case of pull fails. 2012-06-27 21:57:15 +02:00
Lluís Batlle i Rossell 5b7c019e2a nixos-rebuild: make 'pull' fail in case it did not pull anything. 2012-06-27 21:36:46 +02:00
David Guibert dbe2325603 fix the grep pattern finding programs called by absolute paths in udev rules. 2012-06-27 20:41:07 +02:00
Shea Levy bb5d2d53fe try isn't used, so use the more compatct seq 10 2012-06-27 09:43:54 -04:00
Mathijs Kwik 061a998840 luks root: c-style for-loop -> seq 
The ash shell no longer supports this bash-specific syntax.
This left systems that use luksroot unable to boot.
 2012-06-27 09:42:55 -04:00
Eelco Dolstra e64bdda52b Don't use weird 777 permissions on unmounted /dev/shm 2012-06-27 09:35:53 -04:00
Eelco Dolstra cc357c7e64 nixos-rebuild: Add a convenience option ‘--upgrade’ 
This is equivalent to running ‘nix-channel --update nixos’ before
running ‘nixos-rebuild’.
 2012-06-25 16:17:34 -04:00
Eelco Dolstra 7613ae950a Fix booting on EC2 
The kill command in ash doesn't know the "--" syntax, but doesn't need
it either.
 2012-06-24 19:02:34 -04:00
Eelco Dolstra bd0f065c05 Merge branch 'master' of github.com:NixOS/nixos into systemd 2012-06-22 18:20:26 -04:00
Eelco Dolstra 6bd32f0a27 Drop the socat wrapper 2012-06-22 15:37:22 -04:00
Eelco Dolstra 1da7cea223 Add Busybox to the installation CD 
This is mostly to get the automated tests to succeed.
 2012-06-22 14:16:55 -04:00