diff options
| author | Vladimír Čunát <vcunat@gmail.com> | 2016-04-10 11:17:52 +0200 |
|---|---|---|
| committer | Vladimír Čunát <vcunat@gmail.com> | 2016-04-10 11:17:52 +0200 |
| commit | 30f14243c33f1b386273d08a4776aa679c42143d (patch) | |
| tree | bd123d5c2ab4fef012ae7de6a225c092f8d611b8 /nixos | |
| parent | 50fccad5828fb459760fd7578951bb961a18c0fc (diff) | |
| parent | 2463e0917318581da94e7ba92703b63128c40424 (diff) | |
| download | nixpkgs-30f14243c33f1b386273d08a4776aa679c42143d.tar nixpkgs-30f14243c33f1b386273d08a4776aa679c42143d.tar.gz nixpkgs-30f14243c33f1b386273d08a4776aa679c42143d.tar.bz2 nixpkgs-30f14243c33f1b386273d08a4776aa679c42143d.tar.lz nixpkgs-30f14243c33f1b386273d08a4776aa679c42143d.tar.xz nixpkgs-30f14243c33f1b386273d08a4776aa679c42143d.tar.zst nixpkgs-30f14243c33f1b386273d08a4776aa679c42143d.zip | |
Merge branch 'master' into closure-size
Comparison to master evaluations on Hydra: - 1255515 for nixos - 1255502 for nixpkgs
Diffstat (limited to 'nixos')
28 files changed, 771 insertions, 147 deletions
diff --git a/nixos/doc/manual/installation/installing-usb.xml b/nixos/doc/manual/installation/installing-usb.xml index 5def6e8753f..a4b5dafbed1 100644 --- a/nixos/doc/manual/installation/installing-usb.xml +++ b/nixos/doc/manual/installation/installing-usb.xml @@ -7,10 +7,18 @@ <title>Booting from a USB Drive</title> <para>For systems without CD drive, the NixOS live CD can be booted from -a USB stick. For non-UEFI installations, -<link xlink:href="http://unetbootin.sourceforge.net/">unetbootin</link> -will work. For UEFI installations, you should mount the ISO, copy its contents -verbatim to your drive, then either: +a USB stick. You can use the <command>dd</command> utility to write the image: +<command>dd if=<replaceable>path-to-image</replaceable> +of=<replaceable>/dev/sdb</replaceable></command>. Be careful about specifying the +correct drive; you can use the <command>lsblk</command> command to get a list of +block devices.</para> + +<para>The <command>dd</command> utility will write the image verbatim to the drive, +making it the recommended option for both UEFI and non-UEFI installations. For +non-UEFI installations, you can alternatively use +<link xlink:href="http://unetbootin.sourceforge.net/">unetbootin</link>. If you +cannot use <command>dd</command> for a UEFI installation, you can also mount the +ISO, copy its contents verbatim to your drive, then either: <itemizedlist> <listitem> diff --git a/nixos/doc/manual/installation/installing.xml b/nixos/doc/manual/installation/installing.xml index 7e71df28cdb..4a0b3fee7c1 100644 --- a/nixos/doc/manual/installation/installing.xml +++ b/nixos/doc/manual/installation/installing.xml @@ -157,10 +157,6 @@ $ nano /mnt/etc/nixos/configuration.nix <command>nixos-generate-config</command> will figure out the required modules.</para></note> - <para>Examples of real-world NixOS configuration files can be - found at <link - xlink:href="https://nixos.org/repos/nix/configurations/trunk/"/>.</para> - </listitem> <listitem><para>Do the installation: diff --git a/nixos/doc/manual/release-notes/rl-1603.xml b/nixos/doc/manual/release-notes/rl-1603.xml index 8119470385f..1528c8a7246 100644 --- a/nixos/doc/manual/release-notes/rl-1603.xml +++ b/nixos/doc/manual/release-notes/rl-1603.xml @@ -4,7 +4,7 @@ version="5.0" xml:id="sec-release-16.03"> -<title>Release 16.03 (“Emu”, 2016/03/??)</title> +<title>Release 16.03 (“Emu”, 2016/03/31)</title> <para>In addition to numerous new and upgraded packages, this release has the following highlights:</para> @@ -34,6 +34,10 @@ has the following highlights:</para> </listitem> <listitem> + <para>Binutils 2.26 (was 2.23.1). See #909</para> + </listitem> + + <listitem> <para>Improved support for ensuring <link xlink:href="https://reproducible-builds.org/">bitwise reproducible builds</link>. For example, <literal>stdenv</literal> now sets the @@ -58,10 +62,57 @@ has the following highlights:</para> <itemizedlist> <listitem><para><literal>services/monitoring/longview.nix</literal></para></listitem> + <listitem><para><literal>hardware/video/webcam/facetimehd.nix</literal></para></listitem> + <listitem><para><literal>i18n/inputMethod/default.nix</literal></para></listitem> + <listitem><para><literal>i18n/inputMethod/fcitx.nix</literal></para></listitem> + <listitem><para><literal>i18n/inputMethod/ibus.nix</literal></para></listitem> + <listitem><para><literal>i18n/inputMethod/nabi.nix</literal></para></listitem> + <listitem><para><literal>i18n/inputMethod/uim.nix</literal></para></listitem> + <listitem><para><literal>programs/fish.nix</literal></para></listitem> + <listitem><para><literal>security/acme.nix</literal></para></listitem> + <listitem><para><literal>security/audit.nix</literal></para></listitem> + <listitem><para><literal>security/oath.nix</literal></para></listitem> + <listitem><para><literal>services/hardware/irqbalance.nix</literal></para></listitem> + <listitem><para><literal>services/mail/dspam.nix</literal></para></listitem> + <listitem><para><literal>services/mail/opendkim.nix</literal></para></listitem> + <listitem><para><literal>services/mail/postsrsd.nix</literal></para></listitem> + <listitem><para><literal>services/mail/rspamd.nix</literal></para></listitem> + <listitem><para><literal>services/mail/rmilter.nix</literal></para></listitem> + <listitem><para><literal>services/misc/autofs.nix</literal></para></listitem> + <listitem><para><literal>services/misc/bepasty.nix</literal></para></listitem> + <listitem><para><literal>services/misc/calibre-server.nix</literal></para></listitem> + <listitem><para><literal>services/misc/cfdyndns.nix</literal></para></listitem> + <listitem><para><literal>services/misc/gammu-smsd.nix</literal></para></listitem> + <listitem><para><literal>services/misc/mathics.nix</literal></para></listitem> + <listitem><para><literal>services/misc/matrix-synapse.nix</literal></para></listitem> + <listitem><para><literal>services/misc/octoprint.nix</literal></para></listitem> + <listitem><para><literal>services/monitoring/hdaps.nix</literal></para></listitem> + <listitem><para><literal>services/monitoring/heapster.nix</literal></para></listitem> + <listitem><para><literal>services/monitoring/longview.nix</literal></para></listitem> + <listitem><para><literal>services/network-filesystems/netatalk.nix</literal></para></listitem> + <listitem><para><literal>services/network-filesystems/xtreemfs.nix</literal></para></listitem> + <listitem><para><literal>services/networking/autossh.nix</literal></para></listitem> + <listitem><para><literal>services/networking/dnschain.nix</literal></para></listitem> + <listitem><para><literal>services/networking/gale.nix</literal></para></listitem> + <listitem><para><literal>services/networking/miniupnpd.nix</literal></para></listitem> + <listitem><para><literal>services/networking/namecoind.nix</literal></para></listitem> + <listitem><para><literal>services/networking/ostinato.nix</literal></para></listitem> <listitem><para><literal>services/networking/pdnsd.nix</literal></para></listitem> - <listitem><para><literal>services/web-apps/pump.io.nix</literal></para></listitem> + <listitem><para><literal>services/networking/shairport-sync.nix</literal></para></listitem> + <listitem><para><literal>services/networking/supplicant.nix</literal></para></listitem> + <listitem><para><literal>services/search/kibana.nix</literal></para></listitem> <listitem><para><literal>services/security/haka.nix</literal></para></listitem> - <listitem><para><literal>i18n/inputMethod/default.nix</literal></para></listitem> + <listitem><para><literal>services/security/physlock.nix</literal></para></listitem> + <listitem><para><literal>services/web-apps/pump.io.nix</literal></para></listitem> + <listitem><para><literal>services/x11/hardware/libinput.nix</literal></para></listitem> + <listitem><para><literal>services/x11/window-managers/windowlab.nix</literal></para></listitem> + <listitem><para><literal>system/boot/initrd-network.nix</literal></para></listitem> + <listitem><para><literal>system/boot/initrd-ssh.nix</literal></para></listitem> + <listitem><para><literal>system/boot/loader/loader.nix</literal></para></listitem> + <listitem><para><literal>system/boot/networkd.nix</literal></para></listitem> + <listitem><para><literal>system/boot/resolved.nix</literal></para></listitem> + <listitem><para><literal>virtualisation/lxd.nix</literal></para></listitem> + <listitem><para><literal>virtualisation/rkt.nix</literal></para></listitem> </itemizedlist> </para> @@ -114,7 +165,7 @@ following incompatible changes:</para> <programlisting><![CDATA[ { - imports = [ <nixos/modules/services/misc/gitit.nix> ]; + imports = [ <nixpkgs/nixos/modules/services/misc/gitit.nix> ]; } ]]></programlisting> @@ -297,7 +348,7 @@ $TTL 1800 <para> <literal>service.syncthing.dataDir</literal> options now has to point to exact folder where syncthing is writing to. Example configuration should - loook something like: + look something like: </para> <programlisting> services.syncthing = { diff --git a/nixos/maintainers/scripts/ec2/create-amis.sh b/nixos/maintainers/scripts/ec2/create-amis.sh index 8604091dbcd..1bf2a9c5830 100755 --- a/nixos/maintainers/scripts/ec2/create-amis.sh +++ b/nixos/maintainers/scripts/ec2/create-amis.sh @@ -8,14 +8,15 @@ echo "keeping state in $stateDir" mkdir -p $stateDir version=$(nix-instantiate --eval --strict '<nixpkgs>' -A lib.nixpkgsVersion | sed s/'"'//g) -echo "NixOS version is $version" +major=${version:0:5} +echo "NixOS version is $version ($major)" rm -f ec2-amis.nix for type in hvm pv; do link=$stateDir/$type - imageFile=$link/nixos.img + imageFile=$link/nixos.qcow2 system=x86_64-linux arch=x86_64 @@ -61,12 +62,19 @@ for type in hvm pv; do # Bundle the image. imageDir=$stateDir/$type-bundled + # Convert the image to raw format. + rawFile=$stateDir/$type.raw + if ! [ -e $rawFile ]; then + qemu-img convert -f qcow2 -O raw $imageFile $rawFile.tmp + mv $rawFile.tmp $rawFile + fi + if ! [ -d $imageDir ]; then rm -rf $imageDir.tmp mkdir -p $imageDir.tmp ec2-bundle-image \ -d $imageDir.tmp \ - -i $imageFile --arch $arch \ + -i $rawFile --arch $arch \ --user "$AWS_ACCOUNT" -c "$EC2_CERT" -k "$EC2_PRIVATE_KEY" mv $imageDir.tmp $imageDir fi @@ -75,14 +83,14 @@ for type in hvm pv; do if ! [ -e $imageDir/uploaded ]; then echo "uploading bundle to S3..." ec2-upload-bundle \ - -m $imageDir/nixos.img.manifest.xml \ + -m $imageDir/$type.raw.manifest.xml \ -b "$bucket/$bucketDir" \ -a "$EC2_ACCESS_KEY" -s "$EC2_SECRET_KEY" \ --location EU touch $imageDir/uploaded fi - extraFlags="$bucket/$bucketDir/nixos.img.manifest.xml" + extraFlags="$bucket/$bucketDir/$type.raw.manifest.xml" else @@ -90,7 +98,7 @@ for type in hvm pv; do # to upload a huge raw image. vhdFile=$stateDir/$type.vhd if ! [ -e $vhdFile ]; then - qemu-img convert -O vpc $imageFile $vhdFile.tmp + qemu-img convert -f qcow2 -O vpc $imageFile $vhdFile.tmp mv $vhdFile.tmp $vhdFile fi @@ -209,7 +217,7 @@ for type in hvm pv; do prevRegion="$region" fi - echo " \"15.09\".$region.$type-$store = \"$ami\";" >> ec2-amis.nix + echo " \"$major\".$region.$type-$store = \"$ami\";" >> ec2-amis.nix done done diff --git a/nixos/modules/config/pulseaudio.nix b/nixos/modules/config/pulseaudio.nix index 334fa1f772c..642aedc3f24 100644 --- a/nixos/modules/config/pulseaudio.nix +++ b/nixos/modules/config/pulseaudio.nix @@ -150,6 +150,29 @@ in { target = "pulse/default.pa"; source = cfg.configFile; }; + + systemd.user = { + services.pulseaudio = { + description = "PulseAudio Server"; + # NixOS doesn't support "Also" so we bring it in manually + wantedBy = [ "default.target" ]; + serviceConfig = { + Type = "notify"; + ExecStart = "${cfg.package}/bin/pulseaudio --daemonize=no"; + Restart = "on-failure"; + }; + }; + + sockets.pulseaudio = { + description = "PulseAudio Socket"; + wantedBy = [ "sockets.target" ]; + socketConfig = { + Priority = 6; + Backlog = 5; + ListenStream = "%t/pulse/native"; + }; + }; + }; }) (mkIf systemWide { @@ -171,8 +194,9 @@ in { before = [ "sound.target" ]; environment.PULSE_RUNTIME_PATH = stateDir; serviceConfig = { - ExecStart = "${cfg.package.out}/bin/pulseaudio -D --log-level=${cfg.daemon.logLevel} --system --use-pid-file -n --file=${cfg.configFile}"; - PIDFile = "${stateDir}/pid"; + Type = "notify"; + ExecStart = "${cfg.package.out}/bin/pulseaudio --daemonize=no --log-level=${cfg.daemon.logLevel} --system -n --file=${cfg.configFile}"; + Restart = "on-failure"; }; }; }) diff --git a/nixos/modules/installer/tools/nixos-generate-config.pl b/nixos/modules/installer/tools/nixos-generate-config.pl index ec880e08472..d3005cdfd6f 100644 --- a/nixos/modules/installer/tools/nixos-generate-config.pl +++ b/nixos/modules/installer/tools/nixos-generate-config.pl @@ -165,7 +165,7 @@ sub pciCheck { ) ) { # we need e.g. brcmfmac43602-pcie.bin - push @imports, "<nixos/modules/hardware/network/broadcom-43xx.nix>"; + push @imports, "<nixpkgs/nixos/modules/hardware/network/broadcom-43xx.nix>"; } # Can't rely on $module here, since the module may not be loaded diff --git a/nixos/modules/misc/ids.nix b/nixos/modules/misc/ids.nix index f71d1e3fe20..1e14fe655fc 100644 --- a/nixos/modules/misc/ids.nix +++ b/nixos/modules/misc/ids.nix @@ -257,6 +257,8 @@ radicale = 234; hydra-queue-runner = 235; hydra-www = 236; + syncthing = 237; + mfi = 238; # When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399! @@ -485,6 +487,8 @@ pdnsd = 229; octoprint = 230; radicale = 234; + syncthing = 237; + #mfi = 238; # unused # When adding a gid, make sure it doesn't match an existing # uid. Users and groups with the same name should have equal diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 9462d72996f..7bcc5b84941 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -283,6 +283,7 @@ ./services/network-filesystems/openafs-client/default.nix ./services/network-filesystems/rsyncd.nix ./services/network-filesystems/samba.nix + ./services/network-filesystems/tahoe.nix ./services/network-filesystems/diod.nix ./services/network-filesystems/u9fs.nix ./services/network-filesystems/yandex-disk.nix @@ -327,12 +328,13 @@ ./services/networking/hostapd.nix ./services/networking/i2pd.nix ./services/networking/i2p.nix - ./services/networking/iodined.nix + ./services/networking/iodine.nix ./services/networking/ircd-hybrid/default.nix ./services/networking/kippo.nix ./services/networking/lambdabot.nix ./services/networking/libreswan.nix ./services/networking/mailpile.nix + ./services/networking/mfi.nix ./services/networking/mjpg-streamer.nix ./services/networking/minidlna.nix ./services/networking/miniupnpd.nix diff --git a/nixos/modules/programs/fish.nix b/nixos/modules/programs/fish.nix index b4259f7ec87..7a4b78118ce 100644 --- a/nixos/modules/programs/fish.nix +++ b/nixos/modules/programs/fish.nix @@ -101,6 +101,9 @@ in end ''; + # include programs that bring their own completions + environment.pathsToLink = [ "/share/fish/vendor_completions.d" ]; + environment.systemPackages = [ pkgs.fish ]; environment.shells = [ diff --git a/nixos/modules/programs/ssh.nix b/nixos/modules/programs/ssh.nix index 1ad45f46803..cc835081c9f 100644 --- a/nixos/modules/programs/ssh.nix +++ b/nixos/modules/programs/ssh.nix @@ -189,6 +189,7 @@ in # Allow DSA keys for now. (These were deprecated in OpenSSH 7.0.) PubkeyAcceptedKeyTypes +ssh-dss + HostKeyAlgorithms +ssh-dss ${cfg.extraConfig} ''; diff --git a/nixos/modules/rename.nix b/nixos/modules/rename.nix index c6a781b6f00..84eccfd5129 100644 --- a/nixos/modules/rename.nix +++ b/nixos/modules/rename.nix @@ -101,6 +101,13 @@ with lib; # Enlightenment (mkRenamedOptionModule [ "services" "xserver" "desktopManager" "e19" "enable" ] [ "services" "xserver" "desktopManager" "enlightenment" "enable" ]) + # Iodine + (mkRenamedOptionModule [ "services" "iodined" "enable" ] [ "services" "iodine" "server" "enable" ]) + (mkRenamedOptionModule [ "services" "iodined" "domain" ] [ "services" "iodine" "server" "domain" ]) + (mkRenamedOptionModule [ "services" "iodined" "ip" ] [ "services" "iodine" "server" "ip" ]) + (mkRenamedOptionModule [ "services" "iodined" "extraConfig" ] [ "services" "iodine" "server" "extraConfig" ]) + (mkRemovedOptionModule [ "services" "iodined" "client" ]) + # Options that are obsolete and have no replacement. (mkRemovedOptionModule [ "boot" "initrd" "luks" "enable" ]) (mkRemovedOptionModule [ "programs" "bash" "enable" ]) diff --git a/nixos/modules/services/backup/crashplan.nix b/nixos/modules/services/backup/crashplan.nix index 46d4c5192d9..94aa3b17b66 100644 --- a/nixos/modules/services/backup/crashplan.nix +++ b/nixos/modules/services/backup/crashplan.nix @@ -50,7 +50,7 @@ with lib; ensureDir ${crashplan.vardir}/log 777 cp -avn ${crashplan}/conf.template/* ${crashplan.vardir}/conf for x in app.asar bin EULA.txt install.vars lang lib libjniwrap64.so libjniwrap.so libjtux64.so libjtux.so libmd564.so libmd5.so share skin upgrade; do - if [ -e $x ]; then + if [ -e ${crashplan.vardir}/$x ]; then true; else ln -s ${crashplan}/$x ${crashplan.vardir}/$x; diff --git a/nixos/modules/services/misc/plex.nix b/nixos/modules/services/misc/plex.nix index 875771dfa37..92b352db416 100644 --- a/nixos/modules/services/misc/plex.nix +++ b/nixos/modules/services/misc/plex.nix @@ -128,6 +128,7 @@ in Group = cfg.group; PermissionsStartOnly = "true"; ExecStart = "/bin/sh -c '${cfg.package}/usr/lib/plexmediaserver/Plex\\ Media\\ Server'"; + Restart = "on-failure"; }; environment = { PLEX_MEDIA_SERVER_APPLICATION_SUPPORT_DIR=cfg.dataDir; diff --git a/nixos/modules/services/network-filesystems/tahoe.nix b/nixos/modules/services/network-filesystems/tahoe.nix new file mode 100644 index 00000000000..ab441339a56 --- /dev/null +++ b/nixos/modules/services/network-filesystems/tahoe.nix @@ -0,0 +1,286 @@ +{ config, lib, pkgs, ... }: + +with lib; +let + cfg = config.services.tahoe; +in + { + options.services.tahoe = { + introducers = mkOption { + default = {}; + type = types.loaOf types.optionSet; + description = '' + The Tahoe introducers. + ''; + options = { + nickname = mkOption { + type = types.str; + description = '' + The nickname of this Tahoe introducer. + ''; + }; + tub.port = mkOption { + default = 3458; + type = types.int; + description = '' + The port on which the introducer will listen. + ''; + }; + package = mkOption { + default = pkgs.tahoelafs; + defaultText = "pkgs.tahoelafs"; + type = types.package; + example = literalExample "pkgs.tahoelafs"; + description = '' + The package to use for the Tahoe LAFS daemon. + ''; + }; + }; + }; + nodes = mkOption { + default = {}; + type = types.loaOf types.optionSet; + description = '' + The Tahoe nodes. + ''; + options = { + nickname = mkOption { + type = types.str; + description = '' + The nickname of this Tahoe node. + ''; + }; + tub.port = mkOption { + default = 3457; + type = types.int; + description = '' + The port on which the tub will listen. + + This is the correct setting to tweak if you want Tahoe's storage + system to listen on a different port. + ''; + }; + web.port = mkOption { + default = 3456; + type = types.int; + description = '' + The port on which the Web server will listen. + + This is the correct setting to tweak if you want Tahoe's WUI to + listen on a different port. + ''; + }; + client.introducer = mkOption { + default = null; + type = types.nullOr types.str; + description = '' + The furl for a Tahoe introducer node. + + Like all furls, keep this safe and don't share it. + ''; + }; + client.helper = mkOption { + default = null; + type = types.nullOr types.str; + description = '' + The furl for a Tahoe helper node. + + Like all furls, keep this safe and don't share it. + ''; + }; + client.shares.needed = mkOption { + default = 3; + type = types.int; + description = '' + The number of shares required to reconstitute a file. + ''; + }; + client.shares.happy = mkOption { + default = 7; + type = types.int; + description = '' + The number of distinct storage nodes required to store + a file. + ''; + }; + client.shares.total = mkOption { + default = 10; + type = types.int; + description = '' + The number of shares required to store a file. + ''; + }; + storage.enable = mkEnableOption "storage service"; + storage.reservedSpace = mkOption { + default = "1G"; + type = types.str; + description = '' + The amount of filesystem space to not use for storage. + ''; + }; + helper.enable = mkEnableOption "helper service"; + package = mkOption { + default = pkgs.tahoelafs; + defaultText = "pkgs.tahoelafs"; + type = types.package; + example = literalExample "pkgs.tahoelafs"; + description = '' + The package to use for the Tahoe LAFS daemon. + ''; + }; + }; + }; + }; + config = mkMerge [ + (mkIf (cfg.introducers != {}) { + environment = { + etc = flip mapAttrs' cfg.introducers (node: settings: + nameValuePair "tahoe-lafs/introducer-${node}.cfg" { + mode = "0444"; + text = '' + # This configuration is generated by Nix. Edit at your own + # peril; here be dragons. + + [node] + nickname = ${settings.nickname} + tub.port = ${toString settings.tub.port} + ''; + }); + # Actually require Tahoe, so that we will have it installed. + systemPackages = flip mapAttrsToList cfg.introducers (node: settings: + settings.package + ); + }; + # Open up the firewall. + # networking.firewall.allowedTCPPorts = flip mapAttrsToList cfg.introducers + # (node: settings: settings.tub.port); + systemd.services = flip mapAttrs' cfg.introducers (node: settings: + let + pidfile = "/run/tahoe.introducer-${node}.pid"; + # This is a directory, but it has no trailing slash. Tahoe commands + # get antsy when there's a trailing slash. + nodedir = "/var/db/tahoe-lafs/introducer-${node}"; + in nameValuePair "tahoe.introducer-${node}" { + description = "Tahoe LAFS node ${node}"; + wantedBy = [ "multi-user.target" ]; + path = [ settings.package ]; + restartTriggers = [ + config.environment.etc."tahoe-lafs/introducer-${node}.cfg".source ]; + serviceConfig = { + Type = "simple"; + PIDFile = pidfile; + }; + preStart = '' + if [ \! -d ${nodedir} ]; then + mkdir -p /var/db/tahoe-lafs + tahoe create-introducer ${nodedir} + fi + + # Tahoe has created a predefined tahoe.cfg which we must now + # scribble over. + # XXX I thought that a symlink would work here, but it doesn't, so + # we must do this on every prestart. Fixes welcome. + # rm ${nodedir}/tahoe.cfg + # ln -s /etc/tahoe-lafs/introducer-${node}.cfg ${nodedir}/tahoe.cfg + cp /etc/tahoe-lafs/introducer-${node}.cfg ${nodedir}/tahoe.cfg + ''; + # Believe it or not, Tahoe is very brittle about the order of + # arguments to $(tahoe start). The node directory must come first, + # and arguments which alter Twisted's behavior come afterwards. + script = '' + tahoe start ${nodedir} -n -l- --pidfile=${pidfile} + ''; + }); + users.extraUsers = flip mapAttrs' cfg.introducers (node: _: + nameValuePair "tahoe.introducer-${node}" { + description = "Tahoe node user for introducer ${node}"; + isSystemUser = true; + }); + }) + (mkIf (cfg.nodes != {}) { + environment = { + etc = flip mapAttrs' cfg.nodes (node: settings: + nameValuePair "tahoe-lafs/${node}.cfg" { + mode = "0444"; + text = '' + # This configuration is generated by Nix. Edit at your own + # peril; here be dragons. + + [node] + nickname = ${settings.nickname} + tub.port = ${toString settings.tub.port} + # This is a Twisted endpoint. Twisted Web doesn't work on + # non-TCP. ~ C. + web.port = tcp:${toString settings.web.port} + + [client] + ${optionalString (settings.client.introducer != null) + "introducer.furl = ${settings.client.introducer}"} + ${optionalString (settings.client.helper != null) + "helper.furl = ${settings.client.helper}"} + + shares.needed = ${toString settings.client.shares.needed} + shares.happy = ${toString settings.client.shares.happy} + shares.total = ${toString settings.client.shares.total} + + [storage] + enabled = ${if settings.storage.enable then "true" else "false"} + reserved_space = ${settings.storage.reservedSpace} + + [helper] + enabled = ${if settings.helper.enable then "true" else "false"} + ''; + }); + # Actually require Tahoe, so that we will have it installed. + systemPackages = flip mapAttrsToList cfg.nodes (node: settings: + settings.package + ); + }; + # Open up the firewall. + # networking.firewall.allowedTCPPorts = flip mapAttrsToList cfg.nodes + # (node: settings: settings.tub.port); + systemd.services = flip mapAttrs' cfg.nodes (node: settings: + let + pidfile = "/run/tahoe.${node}.pid"; + # This is a directory, but it has no trailing slash. Tahoe commands + # get antsy when there's a trailing slash. + nodedir = "/var/db/tahoe-lafs/${node}"; + in nameValuePair "tahoe.${node}" { + description = "Tahoe LAFS node ${node}"; + wantedBy = [ "multi-user.target" ]; + path = [ settings.package ]; + restartTriggers = [ + config.environment.etc."tahoe-lafs/${node}.cfg".source ]; + serviceConfig = { + Type = "simple"; + PIDFile = pidfile; + }; + preStart = '' + if [ \! -d ${nodedir} ]; then + mkdir -p /var/db/tahoe-lafs + tahoe create-node ${nodedir} + fi + + # Tahoe has created a predefined tahoe.cfg which we must now + # scribble over. + # XXX I thought that a symlink would work here, but it doesn't, so + # we must do this on every prestart. Fixes welcome. + # rm ${nodedir}/tahoe.cfg + # ln -s /etc/tahoe-lafs/${node}.cfg ${nodedir}/tahoe.cfg + cp /etc/tahoe-lafs/${node}.cfg ${nodedir}/tahoe.cfg + ''; + # Believe it or not, Tahoe is very brittle about the order of + # arguments to $(tahoe start). The node directory must come first, + # and arguments which alter Twisted's behavior come afterwards. + script = '' + tahoe start ${nodedir} -n -l- --pidfile=${pidfile} + ''; + }); + users.extraUsers = flip mapAttrs' cfg.nodes (node: _: + nameValuePair "tahoe.${node}" { + description = "Tahoe node user for node ${node}"; + isSystemUser = true; + }); + }) + ]; + } diff --git a/nixos/modules/services/network-filesystems/u9fs.nix b/nixos/modules/services/network-filesystems/u9fs.nix index 64809727464..8bc37f0f62c 100644 --- a/nixos/modules/services/network-filesystems/u9fs.nix +++ b/nixos/modules/services/network-filesystems/u9fs.nix @@ -27,10 +27,17 @@ in ''; }; + user = mkOption { + type = types.str; + default = "nobody"; + description = + "User to run u9fs under."; + }; + extraArgs = mkOption { type = types.str; default = ""; - example = "-a none -u nobody"; + example = "-a none"; description = '' Extra arguments to pass on invocation, @@ -38,13 +45,6 @@ in ''; }; - fsroot = mkOption { - type = types.path; - default = "/"; - example = "/srv"; - description = "File system root to serve to clients."; - }; - }; }; @@ -63,9 +63,10 @@ in reloadIfChanged = true; requires = [ "u9fs.socket" ]; serviceConfig = - { ExecStart = "-${pkgs.u9fs}/bin/u9fs ${cfg.extraArgs} ${cfg.fsroot}"; + { ExecStart = "-${pkgs.u9fs}/bin/u9fs ${cfg.extraArgs}"; StandardInput = "socket"; StandardError = "journal"; + User = cfg.user; }; }; }; diff --git a/nixos/modules/services/networking/iodine.nix b/nixos/modules/services/networking/iodine.nix new file mode 100644 index 00000000000..1b0d2d9a517 --- /dev/null +++ b/nixos/modules/services/networking/iodine.nix @@ -0,0 +1,136 @@ +# NixOS module for iodine, ip over dns daemon + +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.services.iodine; + + iodinedUser = "iodined"; + +in +{ + + ### configuration + + options = { + + services.iodine = { + clients = mkOption { + default = {}; + description = '' + Each attribute of this option defines a systemd service that + runs iodine. Many or none may be defined. + The name of each service is + <literal>iodine-<replaceable>name</replaceable></literal> + where <replaceable>name</replaceable> is the name of the + corresponding attribute name. + ''; + example = literalExample '' + { + foo = { + server = "tunnel.mdomain.com"; + relay = "8.8.8.8"; + extraConfig = "-P mysecurepassword"; + } + } + ''; + type = types.attrsOf (types.submodule ( + { + options = { + server = mkOption { + type = types.str; + default = ""; + description = "Domain or Subdomain of server running iodined"; + example = "tunnel.mydomain.com"; + }; + + relay = mkOption { + type = types.str; + default = ""; + description = "DNS server to use as a intermediate relay to the iodined server"; + example = "8.8.8.8"; + }; + + extraConfig = mkOption { + type = types.str; + default = ""; + description = "Additional command line parameters"; + example = "-P mysecurepassword -l 192.168.1.10 -p 23"; + }; + }; + })); + }; + + server = { + enable = mkOption { + type = types.bool; + default = false; + description = "enable iodined server"; + }; + + ip = mkOption { + type = types.str; + default = ""; + description = "The assigned ip address or ip range"; + example = "172.16.10.1/24"; + }; + + domain = mkOption { + type = types.str; + default = ""; + description = "Domain or subdomain of which nameservers point to us"; + example = "tunnel.mydomain.com"; + }; + + extraConfig = mkOption { + type = types.str; + default = ""; + description = "Additional command line parameters"; + example = "-P mysecurepassword -l 192.168.1.10 -p 23"; + }; + }; + + }; + }; + + ### implementation + + config = mkIf (cfg.server.enable || cfg.clients != {}) { + environment.systemPackages = [ pkgs.iodine ]; + boot.kernelModules = [ "tun" ]; + + systemd.services = + let + createIodineClientService = name: cfg: + { + description = "iodine client - ${name}"; + wantedBy = [ "ip-up.target" ]; + serviceConfig = { + RestartSec = "30s"; + Restart = "always"; + ExecStart = "${pkgs.iodine}/bin/iodine -f -u ${iodinedUser} ${cfg.extraConfig} ${cfg.relay} ${cfg.server}"; + }; + }; + in + listToAttrs ( + mapAttrsToList + (name: value: nameValuePair "iodine-${name}" (createIodineClientService name value)) + cfg.clients + ) // { + iodined = mkIf (cfg.server.enable) { + description = "iodine, ip over dns server daemon"; + wantedBy = [ "ip-up.target" ]; + serviceConfig.ExecStart = "${pkgs.iodine}/bin/iodined -f -u ${iodinedUser} ${cfg.server.extraConfig} ${cfg.server.ip} ${cfg.server.domain}"; + }; + }; + + users.extraUsers = singleton { + name = iodinedUser; + uid = config.ids.uids.iodined; + description = "Iodine daemon user"; + }; + users.extraGroups.iodined.gid = config.ids.gids.iodined; + }; +} diff --git a/nixos/modules/services/networking/iodined.nix b/nixos/modules/services/networking/iodined.nix deleted file mode 100644 index 20d371c4e2d..00000000000 --- a/nixos/modules/services/networking/iodined.nix +++ /dev/null @@ -1,86 +0,0 @@ -# NixOS module for iodine, ip over dns daemon - -{ config, lib, pkgs, ... }: - -with lib; - -let - cfg = config.services.iodined; - - iodinedUser = "iodined"; - -in - -{ - - ### configuration - - options = { - - services.iodined = { - - enable = mkOption { - type = types.bool; - default = false; - description = "Enable iodine, ip over dns daemon"; - }; - - client = mkOption { - type = types.bool; - default = false; - description = "Start iodine in client mode"; - }; - - ip = mkOption { - type = types.str; - default = ""; - description = "Assigned ip address or ip range"; - example = "172.16.10.1/24"; - }; - - domain = mkOption { - type = types.str; - default = ""; - description = "Domain or subdomain of which nameservers point to us"; - example = "tunnel.mydomain.com"; - }; - - extraConfig = mkOption { - type = types.str; - default = ""; - description = "Additional command line parameters"; - example = "-P mysecurepassword -l 192.168.1.10 -p 23"; - }; - - }; - - }; - - ### implementation - - config = mkIf cfg.enable { - environment.systemPackages = [ pkgs.iodine ]; - boot.kernelModules = [ "tun" ]; - - systemd.services.iodined = { - description = "iodine, ip over dns daemon"; - wantedBy = [ "ip-up.target" ]; - serviceConfig.ExecStart = "${pkgs.iodine}/sbin/iodined -f -u ${iodinedUser} ${cfg.extraConfig} ${cfg.ip} ${cfg.domain}"; - }; - - - users.extraUsers = singleton { - name = iodinedUser; - uid = config.ids.uids.iodined; - description = "Iodine daemon user"; - }; - users.extraGroups.iodined.gid = config.ids.gids.iodined; - - assertions = [{ assertion = if !cfg.client then cfg.ip != "" else true; - message = "cannot start iodined without ip set";} - { assertion = cfg.domain != ""; - message = "cannot start iodined without domain name set";}]; - - }; - -} diff --git a/nixos/modules/services/networking/mfi.nix b/nixos/modules/services/networking/mfi.nix new file mode 100644 index 00000000000..5afb83ed022 --- /dev/null +++ b/nixos/modules/services/networking/mfi.nix @@ -0,0 +1,90 @@ +{ config, lib, pkgs, utils, ... }: +with lib; +let + name = "Ubiquiti mFi Controller"; + cfg = config.services.mfi; + stateDir = "/var/lib/mfi"; + # XXX 2 runtime exceptions using jre8: JSPException on GET / ; can't initialize ./data/keystore on first run. + cmd = "@${pkgs.jre7}/bin/java java -jar ${stateDir}/lib/ace.jar"; + mountPoints = [ + { what = "${pkgs.mfi}/dl"; where = "${stateDir}/dl"; } + { what = "${pkgs.mfi}/lib"; where = "${stateDir}/lib"; } + { what = "${pkgs.mongodb248}/bin"; where = "${stateDir}/bin"; } + ]; + systemdMountPoints = map (m: "${utils.escapeSystemdPath m.where}.mount") mountPoints; + ports = [ 6080 6880 6443 6843 ]; +in +{ + options = { + services.mfi = { + enable = mkEnableOption name; + openPorts = mkOption { + type = types.bool; + default = true; + description = "Whether to open TCP ports ${concatMapStrings (a: "${toString a} ") ports}for the services."; + }; + }; + }; + + config = mkIf cfg.enable { + + networking.firewall.allowedTCPPorts = mkIf config.services.mfi.openPorts ports; + + users.users.mfi = { + uid = config.ids.uids.mfi; + description = "mFi controller daemon user"; + home = "${stateDir}"; + }; + + # We must create the binary directories as bind mounts instead of symlinks + # This is because the controller resolves all symlinks to absolute paths + # to be used as the working directory. + systemd.mounts = map ({ what, where }: { + bindsTo = [ "mfi.service" ]; + partOf = [ "mfi.service" ]; + unitConfig.RequiresMountsFor = stateDir; + options = "bind"; + what = what; + where = where; + }) mountPoints; + + systemd.services.mfi = { + description = "mFi controller daemon"; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ] ++ systemdMountPoints; + partOf = systemdMountPoints; + bindsTo = systemdMountPoints; + unitConfig.RequiresMountsFor = stateDir; + + preStart = '' + # Clear ./webapps each run. + rm -rf "${stateDir}/webapps" + mkdir -p "${stateDir}/webapps" + ln -s "${pkgs.mfi}/webapps/ROOT.war" "${stateDir}/webapps" + + # Copy initial config only once. + test -e "${stateDir}/conf" || cp -ar "${pkgs.mfi}/conf" "${stateDir}/conf" + test -e "${stateDir}/data" || cp -ar "${pkgs.mfi}/data" "${stateDir}/data" + + # Fix Permissions. + # (Bind-mounts cause errors; ignore exit codes) + chown -fR mfi: "${stateDir}" || true + chmod -fR u=rwX,go= "${stateDir}" || true + ''; + + postStop = '' + rm -rf "${stateDir}/webapps" + ''; + + serviceConfig = { + Type = "simple"; + ExecStart = "${cmd} start"; + ExecStop = "${cmd} stop"; + User = "mfi"; + PermissionsStartOnly = true; + UMask = "0077"; + WorkingDirectory = "${stateDir}"; + }; + }; + }; +} diff --git a/nixos/modules/services/networking/minidlna.nix b/nixos/modules/services/networking/minidlna.nix index aa28502a12c..61d063dbfe0 100644 --- a/nixos/modules/services/networking/minidlna.nix +++ b/nixos/modules/services/networking/minidlna.nix @@ -58,9 +58,9 @@ in services.minidlna.config = '' port=${toString port} - friendly_name=NixOS Media Server + friendly_name=${config.networking.hostName} MiniDLNA db_dir=/var/cache/minidlna - log_dir=/var/log/minidlna + log_level=warn inotify=yes ${concatMapStrings (dir: '' media_dir=${dir} @@ -83,21 +83,18 @@ in preStart = '' - mkdir -p /var/cache/minidlna /var/log/minidlna /run/minidlna - chown minidlna /var/cache/minidlna /var/log/minidlna /run/minidlna + mkdir -p /var/cache/minidlna + chown -R minidlna:minidlna /var/cache/minidlna ''; - # FIXME: log through the journal rather than - # /var/log/minidlna. The -d flag does that, but also raises - # the log level to debug... serviceConfig = { User = "minidlna"; - Group = "nogroup"; + Group = "minidlna"; PermissionsStartOnly = true; - Type = "forking"; + RuntimeDirectory = "minidlna"; PIDFile = "/run/minidlna/pid"; ExecStart = - "@${pkgs.minidlna}/sbin/minidlnad minidlnad -P /run/minidlna/pid" + + "${pkgs.minidlna}/sbin/minidlnad -S -P /run/minidlna/pid" + " -f ${pkgs.writeText "minidlna.conf" cfg.config}"; }; }; diff --git a/nixos/modules/services/networking/syncthing.nix b/nixos/modules/services/networking/syncthing.nix index 67b90516b99..da9a270f30b 100644 --- a/nixos/modules/services/networking/syncthing.nix +++ b/nixos/modules/services/networking/syncthing.nix @@ -5,6 +5,7 @@ with lib; let cfg = config.services.syncthing; + defaultUser = "syncthing"; in @@ -17,6 +18,7 @@ in services.syncthing = { enable = mkOption { + type = types.bool; default = false; description = '' Whether to enable the Syncthing, self-hosted open-source alternative @@ -26,7 +28,8 @@ in }; user = mkOption { - default = "syncthing"; + type = types.string; + default = defaultUser; description = '' Syncthing will be run under this user (user must exist, this can be your user name). @@ -34,8 +37,8 @@ in }; all_proxy = mkOption { - type = types.string; - default = ""; + type = types.nullOr types.string; + default = null; example = "socks5://address.com:1234"; description = '' Overwrites all_proxy environment variable for the syncthing process to @@ -45,6 +48,7 @@ in }; dataDir = mkOption { + type = types.path; default = "/var/lib/syncthing"; description = '' Path where the settings and keys will exist. @@ -71,20 +75,33 @@ in config = mkIf cfg.enable { + users = mkIf (cfg.user == defaultUser) { + extraUsers."${defaultUser}" = + { group = defaultUser; + home = cfg.dataDir; + createHome = true; + uid = config.ids.uids.syncthing; + description = "Syncthing daemon user"; + }; + + extraGroups."${defaultUser}".gid = + config.ids.gids.syncthing; + }; + systemd.services.syncthing = { description = "Syncthing service"; - after = [ "network.target" ]; + after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; environment = { STNORESTART = "yes"; # do not self-restart STNOUPGRADE = "yes"; - } // - (config.networking.proxy.envVars) // - (if cfg.all_proxy != "" then { all_proxy = cfg.all_proxy; } else {}); + inherit (cfg) all_proxy; + } // config.networking.proxy.envVars; serviceConfig = { - User = "${cfg.user}"; + User = cfg.user; + Group = optionalString (cfg.user == defaultUser) defaultUser; PermissionsStartOnly = true; Restart = "on-failure"; ExecStart = "${pkgs.syncthing}/bin/syncthing -no-browser -home=${cfg.dataDir}"; diff --git a/nixos/modules/services/system/dbus.nix b/nixos/modules/services/system/dbus.nix index 2e29ef6a8f5..32799344304 100644 --- a/nixos/modules/services/system/dbus.nix +++ b/nixos/modules/services/system/dbus.nix @@ -139,6 +139,30 @@ in systemd.services.dbus.restartTriggers = [ configDir ]; + systemd.user = { + services.dbus = { + description = "D-Bus User Message Bus"; + requires = [ "dbus.socket" ]; + # NixOS doesn't support "Also" so we pull it in manually + # As the .service is supposed to come up at the same time as + # the .socket, we use basic.target instead of default.target + wantedBy = [ "basic.target" ]; + serviceConfig = { + ExecStart = "${pkgs.dbus_daemon}/bin/dbus-daemon --session --address=systemd: --nofork --nopidfile --systemd-activation"; + ExecReload = "${pkgs.dbus_daemon}/bin/dbus-send --print-reply --session --type=method_call --dest=org.freedesktop.DBus / org.freedesktop.DBus.ReloadConfig"; + }; + }; + + sockets.dbus = { + description = "D-Bus User Message Bus Socket"; + socketConfig = { + ListenStream = "%t/bus"; + ExecStartPost = "-${config.systemd.package}/bin/systemctl --user set-environment DBUS_SESSION_BUS_ADDRESS=unix:path=%t/bus"; + }; + wantedBy = [ "sockets.target" ]; + }; + }; + environment.pathsToLink = [ "/etc/dbus-1" "/share/dbus-1" ]; }; diff --git a/nixos/modules/services/web-servers/apache-httpd/default.nix b/nixos/modules/services/web-servers/apache-httpd/default.nix index 760d7e147d7..7953729c00c 100644 --- a/nixos/modules/services/web-servers/apache-httpd/default.nix +++ b/nixos/modules/services/web-servers/apache-httpd/default.nix @@ -685,6 +685,7 @@ in serviceConfig.ExecStart = "@${httpd}/bin/httpd httpd -f ${httpdConf}"; serviceConfig.ExecStop = "${httpd}/bin/httpd -f ${httpdConf} -k graceful-stop"; + serviceConfig.ExecReload = "${httpd}/bin/httpd -f ${httpdConf} -k graceful"; serviceConfig.Type = "forking"; serviceConfig.PIDFile = "${mainCfg.stateDir}/httpd.pid"; serviceConfig.Restart = "always"; diff --git a/nixos/modules/services/web-servers/apache-httpd/trac.nix b/nixos/modules/services/web-servers/apache-httpd/trac.nix index 8fe8b90d823..c5c11029010 100644 --- a/nixos/modules/services/web-servers/apache-httpd/trac.nix +++ b/nixos/modules/services/web-servers/apache-httpd/trac.nix @@ -5,14 +5,19 @@ with lib; let # Build a Subversion instance with Apache modules and Swig/Python bindings. - subversion = pkgs.subversion.override (origArgs: { + subversion = pkgs.subversion.override { bdbSupport = true; httpServer = true; pythonBindings = true; - }); + apacheHttpd = httpd; + }; pythonLib = p: "${p}/"; + httpd = serverInfo.serverConfig.package; + + versionPre24 = versionOlder httpd.version "2.4"; + in { @@ -82,7 +87,7 @@ in AuthName "${config.ldapAuthentication.name}" AuthBasicProvider "ldap" AuthLDAPURL "${config.ldapAuthentication.url}" - authzldapauthoritative Off + ${if versionPre24 then "authzldapauthoritative Off" else ""} require valid-user </LocationMatch> '' else ""} diff --git a/nixos/modules/services/x11/desktop-managers/kde5.nix b/nixos/modules/services/x11/desktop-managers/kde5.nix index 1d60637c4ca..4f74d5732af 100644 --- a/nixos/modules/services/x11/desktop-managers/kde5.nix +++ b/nixos/modules/services/x11/desktop-managers/kde5.nix @@ -183,7 +183,10 @@ in services.upower.enable = config.powerManagement.enable; # Extra UDEV rules used by Solid - services.udev.packages = [ pkgs.media-player-info ]; + services.udev.packages = [ + pkgs.libmtp + pkgs.media-player-info + ]; services.xserver.displayManager.sddm = { theme = "breeze"; diff --git a/nixos/modules/services/x11/xserver.nix b/nixos/modules/services/x11/xserver.nix index d5babd5012f..d03e8ec8b1b 100644 --- a/nixos/modules/services/x11/xserver.nix +++ b/nixos/modules/services/x11/xserver.nix @@ -219,6 +219,12 @@ in ''; }; + dpi = mkOption { + type = types.nullOr types.int; + default = 0; + description = "DPI resolution to use for X server."; + }; + startDbusSession = mkOption { type = types.bool; default = true; @@ -513,6 +519,7 @@ in "-xkbdir" "${cfg.xkbDir}" ] ++ optional (cfg.display != null) ":${toString cfg.display}" ++ optional (cfg.tty != null) "vt${toString cfg.tty}" + ++ optional (cfg.dpi != null) "-dpi ${toString cfg.dpi}" ++ optionals (cfg.display != null) [ "-logfile" "/var/log/X.${toString cfg.display}.log" ] ++ optional (!cfg.enableTCP) "-nolisten tcp"; diff --git a/nixos/modules/system/boot/stage-1-init.sh b/nixos/modules/system/boot/stage-1-init.sh index c0c2b6a9416..1f8779abf0c 100644 --- a/nixos/modules/system/boot/stage-1-init.sh +++ b/nixos/modules/system/boot/stage-1-init.sh @@ -434,11 +434,8 @@ udevadm control --exit # Reset the logging file descriptors. # Do this just before pkill, which will kill the tee process. -if test -n "@logCommands@" -then - exec 1>&$logOutFd 2>&$logErrFd - eval "exec $logOutFd>&- $logErrFd>&-" -fi +exec 1>&$logOutFd 2>&$logErrFd +eval "exec $logOutFd>&- $logErrFd>&-" # Kill any remaining processes, just to be sure we're not taking any # with us into stage 2. But keep storage daemons like unionfs-fuse. diff --git a/nixos/modules/system/boot/stage-1.nix b/nixos/modules/system/boot/stage-1.nix index 49a1c978153..7e84dd20477 100644 --- a/nixos/modules/system/boot/stage-1.nix +++ b/nixos/modules/system/boot/stage-1.nix @@ -67,6 +67,10 @@ let copy_bin_and_libs $BIN done + # Copy modprobe. + copy_bin_and_libs ${pkgs.kmod}/bin/kmod + ln -sf kmod $out/bin/modprobe + # Copy resize2fs if needed. ${optionalString (any (fs: fs.autoResize) (attrValues config.fileSystems)) '' # We need mke2fs in the initrd. diff --git a/nixos/modules/virtualisation/ec2-amis.nix b/nixos/modules/virtualisation/ec2-amis.nix index 15ea7bb1944..e0aad5e42f2 100644 --- a/nixos/modules/virtualisation/ec2-amis.nix +++ b/nixos/modules/virtualisation/ec2-amis.nix @@ -89,4 +89,41 @@ "15.09".us-west-2.hvm-s3 = "ami-2956b849"; "15.09".us-west-2.pv-ebs = "ami-005fb160"; "15.09".us-west-2.pv-s3 = "ami-cd55bbad"; + + "16.03".ap-northeast-1.hvm-ebs = "ami-885040e6"; + "16.03".ap-northeast-1.hvm-s3 = "ami-d15a4abf"; + "16.03".ap-northeast-1.pv-ebs = "ami-7f455511"; + "16.03".ap-northeast-1.pv-s3 = "ami-6d7d6d03"; + "16.03".ap-southeast-1.hvm-ebs = "ami-478a5f24"; + "16.03".ap-southeast-1.hvm-s3 = "ami-b2885dd1"; + "16.03".ap-southeast-1.pv-ebs = "ami-55b46136"; + "16.03".ap-southeast-1.pv-s3 = "ami-92b762f1"; + "16.03".ap-southeast-2.hvm-ebs = "ami-26b09345"; + "16.03".ap-southeast-2.hvm-s3 = "ami-52ac8f31"; + "16.03".ap-southeast-2.pv-ebs = "ami-1fb3907c"; + "16.03".ap-southeast-2.pv-s3 = "ami-49b1922a"; + "16.03".eu-central-1.hvm-ebs = "ami-2bd63744"; + "16.03".eu-central-1.hvm-s3 = "ami-82d435ed"; + "16.03".eu-central-1.pv-ebs = "ami-b729c8d8"; + "16.03".eu-central-1.pv-s3 = "ami-a12dccce"; + "16.03".eu-west-1.hvm-ebs = "ami-87c242f4"; + "16.03".eu-west-1.hvm-s3 = "ami-b6c343c5"; + "16.03".eu-west-1.pv-ebs = "ami-6bc94918"; + "16.03".eu-west-1.pv-s3 = "ami-00cb4b73"; + "16.03".sa-east-1.hvm-ebs = "ami-845cd3e8"; + "16.03".sa-east-1.hvm-s3 = "ami-8142cded"; + "16.03".sa-east-1.pv-ebs = "ami-1643cc7a"; + "16.03".sa-east-1.pv-s3 = "ami-1646c97a"; + "16.03".us-east-1.hvm-ebs = "ami-2cc4d046"; + "16.03".us-east-1.hvm-s3 = "ami-9bc9ddf1"; + "16.03".us-east-1.pv-ebs = "ami-7df4e017"; + "16.03".us-east-1.pv-s3 = "ami-90f2e6fa"; + "16.03".us-west-1.hvm-ebs = "ami-d8116db8"; + "16.03".us-west-1.hvm-s3 = "ami-a7166ac7"; + "16.03".us-west-1.pv-ebs = "ami-e90c7089"; + "16.03".us-west-1.pv-s3 = "ami-5b0c703b"; + "16.03".us-west-2.hvm-ebs = "ami-b339ccd3"; + "16.03".us-west-2.hvm-s3 = "ami-2c3bce4c"; + "16.03".us-west-2.pv-ebs = "ami-0625d066"; + "16.03".us-west-2.pv-s3 = "ami-7414e114"; } |