philipp/nixpkgs
1
0
Fork 0
Code Issues Pull requests Projects Releases Activity
nixpkgs/etc/default.nix
Eelco Dolstra 2a4417d637 * make-etc / activate-configuration: allow /etc files to be installed 
as regular files instead of symlinks to the store.
* Sudo configuration, enabled through security.sudo.enable (on by
  default).  The contents of the sudoers file is specified in
  security.sudo.configFile.  The default sudoers file allows members
  of the new "wheel" group to run any command.

svn path=/nixos/trunk/; revision=9138
2007-08-16 15:09:06 +00:00

192 lines
4.8 KiB
Nix
Raw Blame History

{config, pkgs, upstartJobs, systemPath, wrapperDir, defaultShell, extraEtc}:
let
optional = option: file:
if config.get option then [file] else [];
# !!! ugh, these files shouldn't be created here.
envConf = pkgs.writeText "environment" "
PATH=${systemPath}/bin:${systemPath}/sbin:${pkgs.openssh}/bin
NIX_REMOTE=daemon
" /* ${pkgs.openssh}/bin is a hack to get remote scp to work */;
# Don't indent this file!
pamConsoleHandlers = pkgs.writeText "console.handlers" "
console consoledevs /dev/tty[0-9][0-9]* :[0-9]\.[0-9] :[0-9]
${pkgs.pam_console}/sbin/pam_console_apply lock logfail wait -t tty -s -c ${pamConsolePerms}
${pkgs.pam_console}/sbin/pam_console_apply unlock logfail wait -r -t tty -s -c ${pamConsolePerms}
";
pamConsolePerms = ./security/console.perms;
in
import ../helpers/make-etc.nix {
inherit (pkgs) stdenv;
configFiles = [
{ # TCP/UDP port assignments.
source = pkgs.iana_etc + "/etc/services";
target = "services";
}
{ # IP protocol numbers.
source = pkgs.iana_etc + "/etc/protocols";
target = "protocols";
}
{ # Hostname-to-IP mappings.
source = ./hosts;
target = "hosts";
}
{ # Name Service Switch configuration file. Required by the C library.
source = ./nsswitch.conf;
target = "nsswitch.conf";
}
{ # Configuration file for the system logging daemon.
source = ./syslog.conf;
target = "syslog.conf";
}
{ # Friendly greeting on the virtual consoles.
source = ./issue;
target = "issue";
}
{ # Configuration for pwdutils (login, passwd, useradd, etc.).
# You cannot login without it!
source = ./login.defs;
target = "login.defs";
}
{ # The Upstart events defined above.
source = upstartJobs + "/etc/event.d";
target = "event.d";
}
{ # Configuration for passwd and friends (e.g., hash algorithm
# for /etc/passwd).
source = ./default/passwd;
target = "default/passwd";
}
{ # Configuration for useradd.
source = pkgs.substituteAll {
src = ./default/useradd;
inherit defaultShell;
};
target = "default/useradd";
}
{ # Dhclient hooks for emitting ip-up/ip-down events.
source = pkgs.substituteAll {
src = ./dhclient-exit-hooks;
inherit (pkgs) upstart glibc;
};
target = "dhclient-exit-hooks";
}
{ # Script executed when the shell starts.
source = pkgs.substituteAll {
src = ./profile.sh;
inherit systemPath wrapperDir;
inherit (pkgs) kernel glibc;
timeZone = config.get ["time" "timeZone"];
defaultLocale = config.get ["i18n" "defaultLocale"];
};
target = "profile";
}
{ # Configuration for readline in bash.
source = ./inputrc;
target = "inputrc";
}
]
# Configuration file for fontconfig used to locate
# (X11) client-rendered fonts.
++ (optional ["fonts" "enableFontConfig"] {
source = pkgs.runCommand "fonts.conf"
{
fontDirectories = import ../system/fonts.nix {inherit pkgs;};
buildInputs = [pkgs.libxslt];
inherit (pkgs) fontconfig;
}
"xsltproc --stringparam fontDirectories \"$fontDirectories\" \\
${./fonts/make-fonts-conf.xsl} $fontconfig/etc/fonts/fonts.conf \\
> $out
";
target = "fonts/fonts.conf";
})
# LDAP configuration.
++ (optional ["users" "ldap" "enable"] {
source = import ./ldap.conf.nix {
inherit (pkgs) writeText;
inherit config;
};
target = "ldap.conf";
})
# "sudo" configuration.
++ (optional ["security" "sudo" "enable"] {
source = pkgs.runCommand "sudoers"
{ src = pkgs.writeText "sudoers-in" (config.get ["security" "sudo" "configFile"]);
}
# Make sure that the sudoers file is syntactically valid.
"${pkgs.sudo}/sbin/visudo -f $src -c && cp $src $out";
target = "sudoers";
mode = "0440";
})
# A bunch of PAM configuration files for various programs.
++ (map
(program:
let isLDAPEnabled = config.get ["users" "ldap" "enable"]; in
{ source = pkgs.substituteAll {
src = ./pam.d + ("/" + program);
inherit (pkgs) pam_unix2 pam_console;
pam_ldap =
if isLDAPEnabled
then pkgs.pam_ldap
else "/no-such-path";
inherit (pkgs.xorg) xauth;
inherit envConf pamConsoleHandlers;
isLDAPEnabled = if isLDAPEnabled then "" else "#";
};
target = "pam.d/" + program;
}
)
[
"login"
"slim"
"su"
"sudo"
"other"
"passwd"
"shadow"
"sshd"
"useradd"
"chsh"
"common"
"common-console" # shared stuff for interactive local sessions
]
)
# Additional /etc files declared by Upstart jobs.
++ extraEtc;
}
Reference in a new issue View git blame Copy permalink