diff options
| author | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2014-07-14 17:04:55 +0200 |
|---|---|---|
| committer | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2014-07-14 17:04:55 +0200 |
| commit | ff97b7dbe6aef98b105c8af34f19232aa7d49d80 (patch) | |
| tree | b44b52b9a17a84c84d179c1cafd3a3425c62751a /nixos | |
| parent | 0b82b9532229a28758df482218222d90d910c494 (diff) | |
| parent | b57bc220cc04e3d8f931b604e5acc44544b8c1c0 (diff) | |
| download | nixpkgs-ff97b7dbe6aef98b105c8af34f19232aa7d49d80.tar nixpkgs-ff97b7dbe6aef98b105c8af34f19232aa7d49d80.tar.gz nixpkgs-ff97b7dbe6aef98b105c8af34f19232aa7d49d80.tar.bz2 nixpkgs-ff97b7dbe6aef98b105c8af34f19232aa7d49d80.tar.lz nixpkgs-ff97b7dbe6aef98b105c8af34f19232aa7d49d80.tar.xz nixpkgs-ff97b7dbe6aef98b105c8af34f19232aa7d49d80.tar.zst nixpkgs-ff97b7dbe6aef98b105c8af34f19232aa7d49d80.zip | |
Merge remote-tracking branch 'origin/master' into staging
Diffstat (limited to 'nixos')
| -rw-r--r-- | nixos/modules/misc/ids.nix | 1 | ||||
| -rw-r--r-- | nixos/modules/misc/locate.nix | 39 | ||||
| -rw-r--r-- | nixos/modules/programs/info.nix | 8 | ||||
| -rw-r--r-- | nixos/modules/security/grsecurity.nix | 6 | ||||
| -rw-r--r-- | nixos/modules/services/databases/firebird.nix | 2 | ||||
| -rw-r--r-- | nixos/modules/services/web-servers/apache-httpd/mediawiki-postgresql-fixes.patch | 22 | ||||
| -rw-r--r-- | nixos/modules/services/web-servers/apache-httpd/mediawiki.nix | 2 | ||||
| -rw-r--r-- | nixos/modules/system/boot/systemd.nix | 2 | ||||
| -rw-r--r-- | nixos/modules/virtualisation/google-compute-image.nix | 22 |
9 files changed, 88 insertions, 16 deletions
diff --git a/nixos/modules/misc/ids.nix b/nixos/modules/misc/ids.nix index 79c1c1e000c..31de680514e 100644 --- a/nixos/modules/misc/ids.nix +++ b/nixos/modules/misc/ids.nix @@ -244,6 +244,7 @@ teamspeak = 124; influxdb = 125; nsd = 126; + firebird = 127; znc = 128; # When adding a gid, make sure it doesn't match an existing uid. And don't use gids above 399! diff --git a/nixos/modules/misc/locate.nix b/nixos/modules/misc/locate.nix index 45da0df7967..7de63c60649 100644 --- a/nixos/modules/misc/locate.nix +++ b/nixos/modules/misc/locate.nix @@ -3,12 +3,8 @@ with lib; let - - locatedb = "/var/cache/locatedb"; - -in - -{ + cfg = config.services.locate; +in { ###### interface @@ -35,6 +31,31 @@ in ''; }; + extraFlags = mkOption { + type = types.listOf types.str; + default = [ ]; + description = '' + Extra flags to append to <command>updatedb</command>. + ''; + }; + + output = mkOption { + type = types.path; + default = /var/cache/locatedb; + description = '' + The database file to build. + ''; + }; + + localuser = mkOption { + type = types.str; + default = "nobody"; + description = '' + The user to search non-network directories as, using + <command>su</command>. + ''; + }; + }; }; @@ -48,8 +69,10 @@ in path = [ pkgs.su ]; script = '' - mkdir -m 0755 -p $(dirname ${locatedb}) - exec updatedb --localuser=nobody --output=${locatedb} --prunepaths='/tmp /var/tmp /media /run' + mkdir -m 0755 -p $(dirname ${toString cfg.output}) + exec updatedb \ + --localuser=${cfg.localuser} \ + --output=${toString cfg.output} ${concatStringsSep " " cfg.extraFlags} ''; serviceConfig.Nice = 19; serviceConfig.IOSchedulingClass = "idle"; diff --git a/nixos/modules/programs/info.nix b/nixos/modules/programs/info.nix index 30c25cf3420..253f9e87769 100644 --- a/nixos/modules/programs/info.nix +++ b/nixos/modules/programs/info.nix @@ -2,6 +2,8 @@ let + texinfo = pkgs.texinfoInteractive; + # Quick hack to make the `info' command work properly. `info' needs # a "dir" file containing all the installed Info files, which we # don't have (it would be impure to have a package installation @@ -22,15 +24,15 @@ let for i in $(IFS=:; echo $INFOPATH); do for j in $i/*.info; do - ${pkgs.texinfo}/bin/install-info --quiet $j $dir/dir + ${texinfo}/bin/install-info --quiet $j $dir/dir done done - INFOPATH=$dir:$INFOPATH ${pkgs.texinfo}/bin/info "$@" + INFOPATH=$dir:$INFOPATH ${texinfo}/bin/info "$@" ''; # */ in { - environment.systemPackages = [ infoWrapper pkgs.texinfo ]; + environment.systemPackages = [ infoWrapper texinfo ]; } diff --git a/nixos/modules/security/grsecurity.nix b/nixos/modules/security/grsecurity.nix index 3bd58218c99..9e598369137 100644 --- a/nixos/modules/security/grsecurity.nix +++ b/nixos/modules/security/grsecurity.nix @@ -50,7 +50,7 @@ in description = '' grsecurity configuration mode. This specifies whether grsecurity is auto-configured or otherwise completely - manually configured. Can either by + manually configured. Can either be <literal>custom</literal> or <literal>auto</literal>. <literal>auto</literal> is recommended. @@ -64,7 +64,7 @@ in description = '' grsecurity configuration priority. This specifies whether the kernel configuration should emphasize speed or - security. Can either by <literal>security</literal> or + security. Can either be <literal>security</literal> or <literal>performance</literal>. ''; }; @@ -76,7 +76,7 @@ in description = '' grsecurity system configuration. This specifies whether the kernel configuration should be suitable for a Desktop - or a Server. Can either by <literal>server</literal> or + or a Server. Can either be <literal>server</literal> or <literal>desktop</literal>. ''; }; diff --git a/nixos/modules/services/databases/firebird.nix b/nixos/modules/services/databases/firebird.nix index 83dd4951170..c874b218a5e 100644 --- a/nixos/modules/services/databases/firebird.nix +++ b/nixos/modules/services/databases/firebird.nix @@ -159,5 +159,7 @@ in uid = config.ids.uids.firebird; }; + users.extraGroups.firebird.gid = config.ids.gids.firebird; + }; } diff --git a/nixos/modules/services/web-servers/apache-httpd/mediawiki-postgresql-fixes.patch b/nixos/modules/services/web-servers/apache-httpd/mediawiki-postgresql-fixes.patch new file mode 100644 index 00000000000..c46d492dc7a --- /dev/null +++ b/nixos/modules/services/web-servers/apache-httpd/mediawiki-postgresql-fixes.patch @@ -0,0 +1,22 @@ +diff --git a/includes/specials/SpecialActiveusers.php b/includes/specials/SpecialActiveusers.php +index f739d3b..fdd8db3 100644 +--- a/includes/specials/SpecialActiveusers.php ++++ b/includes/specials/SpecialActiveusers.php +@@ -112,7 +112,7 @@ class ActiveUsersPager extends UsersPager { + return array( + 'tables' => array( 'querycachetwo', 'user', 'recentchanges' ), + 'fields' => array( 'user_name', 'user_id', 'recentedits' => 'COUNT(*)', 'qcc_title' ), +- 'options' => array( 'GROUP BY' => array( 'qcc_title' ) ), ++ 'options' => array( 'GROUP BY' => array( 'qcc_title', 'user_name', 'user_id' ) ), + 'conds' => $conds + ); + } +@@ -349,7 +349,7 @@ class SpecialActiveUsers extends SpecialPage { + __METHOD__, + array( + 'GROUP BY' => array( 'rc_user_text' ), +- 'ORDER BY' => 'NULL' // avoid filesort ++ 'ORDER BY' => 'lastedittime DESC' + ) + ); + $names = array(); diff --git a/nixos/modules/services/web-servers/apache-httpd/mediawiki.nix b/nixos/modules/services/web-servers/apache-httpd/mediawiki.nix index d562bc50c82..aa9aec87f0c 100644 --- a/nixos/modules/services/web-servers/apache-httpd/mediawiki.nix +++ b/nixos/modules/services/web-servers/apache-httpd/mediawiki.nix @@ -79,6 +79,8 @@ let sha256 = "07z5j8d988cdg4ml4n0vs9fwmj0p594ibbqdid16faxwqm52dkhl"; }; + patches = [ ./mediawiki-postgresql-fixes.patch ]; + skins = config.skins; buildPhase = diff --git a/nixos/modules/system/boot/systemd.nix b/nixos/modules/system/boot/systemd.nix index 51ebca7dd43..c6c0021ba6d 100644 --- a/nixos/modules/system/boot/systemd.nix +++ b/nixos/modules/system/boot/systemd.nix @@ -824,5 +824,7 @@ in systemd.services."user@".restartIfChanged = false; + systemd.services.systemd-remount-fs.restartIfChanged = false; + }; } diff --git a/nixos/modules/virtualisation/google-compute-image.nix b/nixos/modules/virtualisation/google-compute-image.nix index d55b7420243..215ae146898 100644 --- a/nixos/modules/virtualisation/google-compute-image.nix +++ b/nixos/modules/virtualisation/google-compute-image.nix @@ -119,8 +119,10 @@ in 169.254.169.254 metadata.google.internal metadata ''; - systemd.services.fetch-root-authorized-keys = - { description = "Fetch authorized_keys for root user"; + networking.usePredictableInterfaceNames = false; + + systemd.services.fetch-ssh-keys = + { description = "Fetch host keys and authorized_keys for root user"; wantedBy = [ "multi-user.target" ]; before = [ "sshd.service" ]; @@ -144,6 +146,22 @@ in rm -f /root/key.pub /root/authorized-keys-metadata fi fi + + echo "obtaining SSH private host key..." + curl -o /root/ssh_host_ecdsa_key http://metadata/0.1/meta-data/attributes/ssh_host_ecdsa_key + if [ $? -eq 0 -a -e /root/ssh_host_ecdsa_key ]; then + mv -f /root/ssh_host_ecdsa_key /etc/ssh/ssh_host_ecdsa_key + echo "downloaded ssh_host_ecdsa_key" + chmod 600 /etc/ssh/ssh_host_ecdsa_key + fi + + echo "obtaining SSH public host key..." + curl -o /root/ssh_host_ecdsa_key.pub http://metadata/0.1/meta-data/attributes/ssh_host_ecdsa_key_pub + if [ $? -eq 0 -a -e /root/ssh_host_ecdsa_key.pub ]; then + mv -f /root/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ecdsa_key.pub + echo "downloaded ssh_host_ecdsa_key.pub" + chmod 644 /etc/ssh/ssh_host_ecdsa_key.pub + fi ''; serviceConfig.Type = "oneshot"; serviceConfig.RemainAfterExit = true; |