diff options
Diffstat (limited to 'nixos')
158 files changed, 1332 insertions, 534 deletions
diff --git a/nixos/doc/manual/README b/nixos/doc/manual/README new file mode 100644 index 00000000000..587f6275197 --- /dev/null +++ b/nixos/doc/manual/README @@ -0,0 +1,12 @@ +To build the manual, you need Nix installed on your system (no need +for NixOS). To install Nix, follow the instructions at + + https://nixos.org/nix/download.html + +When you have Nix on your system, in the root directory of the project +(i.e., `nixpkgs`), run: + + nix-build nixos/release.nix -A manual.x86_64-linux + +When this command successfully finishes, it will tell you where the +manual got generated. diff --git a/nixos/doc/manual/installation.xml b/nixos/doc/manual/installation.xml index fa4b89e6ba8..4cbfcc229fa 100644 --- a/nixos/doc/manual/installation.xml +++ b/nixos/doc/manual/installation.xml @@ -320,7 +320,10 @@ changes: <itemizedlist> <listitem> <para>You should boot the live CD in UEFI mode (consult your - specific hardware's documentation for instructions).</para> + specific hardware's documentation for instructions). You may find + the <link + xlink:href="http://www.rodsbooks.com/refind">rEFInd + boot manager</link> useful.</para> </listitem> <listitem> <para>Instead of <command>fdisk</command>, you should use @@ -336,6 +339,11 @@ changes: UEFI mode.</para> </listitem> <listitem> + <para>After having mounted your installation partition to + <code>/mnt</code>, you must mount the <code>boot</code> partition + to <code>/mnt/boot</code>.</para> + </listitem> + <listitem> <para>You may want to look at the options starting with <option>boot.loader.efi</option> and <option>boot.loader.gummiboot</option> as well.</para> @@ -353,7 +361,7 @@ changes: <title xml:id="sec-booting-from-usb">Booting from a USB stick</title> -<para>For systems withoua CD drive, the NixOS livecd can be booted from +<para>For systems without CD drive, the NixOS livecd can be booted from a usb stick. For non-UEFI installations, <link xlink:href="http://unetbootin.sourceforge.net/">unetbootin</link> will work. For UEFI installations, you should mount the ISO, copy its contents diff --git a/nixos/lib/test-driver/log2html.xsl b/nixos/lib/test-driver/log2html.xsl index 8e907d85ffa..ce8a9c6de2b 100644 --- a/nixos/lib/test-driver/log2html.xsl +++ b/nixos/lib/test-driver/log2html.xsl @@ -9,8 +9,8 @@ <xsl:template match="logfile"> <html> <head> - <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js"></script> - <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.10.3/jquery-ui.min.js"></script> + <script type="text/javascript" src="//ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js"></script> + <script type="text/javascript" src="//ajax.googleapis.com/ajax/libs/jqueryui/1.10.3/jquery-ui.min.js"></script> <script type="text/javascript" src="treebits.js" /> <link rel="stylesheet" href="logfile.css" type="text/css" /> <title>Log File</title> diff --git a/nixos/lib/testing.nix b/nixos/lib/testing.nix index 942a2158b15..063b9bf6c7a 100644 --- a/nixos/lib/testing.nix +++ b/nixos/lib/testing.nix @@ -37,7 +37,7 @@ rec { # `driver' is the script that runs the network. runTests = driver: stdenv.mkDerivation { - name = "vm-test-run"; + name = "vm-test-run-${driver.testName}"; requiredSystemFeatures = [ "kvm" "nixos-test" ]; @@ -68,9 +68,10 @@ rec { makeTest = - { testScript, makeCoverageReport ? false, ... } @ t: + { testScript, makeCoverageReport ? false, name ? "unnamed", ... } @ t: let + testDriverName = "nixos-test-driver-${name}"; nodes = buildVirtualNetwork ( t.nodes or (if t ? machine then { machine = t.machine; } else { })); @@ -88,10 +89,11 @@ rec { # Generate onvenience wrappers for running the test driver # interactively with the specified network, and for starting the # VMs from the command line. - driver = runCommand "nixos-test-driver" + driver = runCommand testDriverName { buildInputs = [ makeWrapper]; testScript = testScript'; preferLocalBuild = true; + testName = name; } '' mkdir -p $out/bin diff --git a/nixos/modules/config/krb5.nix b/nixos/modules/config/krb5.nix index bb5a95ebc84..991b5b16cc6 100644 --- a/nixos/modules/config/krb5.nix +++ b/nixos/modules/config/krb5.nix @@ -32,12 +32,12 @@ in kdc = mkOption { default = "kerberos.mit.edu"; - description = "Kerberos Domain Controller"; + description = "Kerberos Domain Controller."; }; kerberosAdminServer = mkOption { default = "kerberos.mit.edu"; - description = "Kerberos Admin Server"; + description = "Kerberos Admin Server."; }; }; diff --git a/nixos/modules/config/ldap.nix b/nixos/modules/config/ldap.nix index 8171f460385..7fcb1aaf63d 100644 --- a/nixos/modules/config/ldap.nix +++ b/nixos/modules/config/ldap.nix @@ -1,7 +1,7 @@ { config, lib, pkgs, ... }: -with lib; with pkgs; +with lib; let diff --git a/nixos/modules/config/networking.nix b/nixos/modules/config/networking.nix index 43717697ebd..fd1e55f673a 100644 --- a/nixos/modules/config/networking.nix +++ b/nixos/modules/config/networking.nix @@ -14,7 +14,7 @@ in options = { - networking.extraHosts = pkgs.lib.mkOption { + networking.extraHosts = lib.mkOption { type = types.lines; default = ""; example = "192.168.0.1 lanlocalhost"; @@ -23,7 +23,7 @@ in ''; }; - networking.dnsSingleRequest = pkgs.lib.mkOption { + networking.dnsSingleRequest = lib.mkOption { type = types.bool; default = false; description = '' diff --git a/nixos/modules/config/pulseaudio.nix b/nixos/modules/config/pulseaudio.nix index 9802b898a5d..67e536f4fd9 100644 --- a/nixos/modules/config/pulseaudio.nix +++ b/nixos/modules/config/pulseaudio.nix @@ -1,7 +1,7 @@ { config, lib, pkgs, ... }: -with lib; with pkgs; +with lib; let diff --git a/nixos/modules/config/swap.nix b/nixos/modules/config/swap.nix index ac1c32387c5..1dc7ebb96af 100644 --- a/nixos/modules/config/swap.nix +++ b/nixos/modules/config/swap.nix @@ -1,7 +1,7 @@ { config, lib, pkgs, utils, ... }: -with lib; with utils; +with lib; { diff --git a/nixos/modules/config/sysctl.nix b/nixos/modules/config/sysctl.nix index 54236021919..3b6ccd380c7 100644 --- a/nixos/modules/config/sysctl.nix +++ b/nixos/modules/config/sysctl.nix @@ -6,8 +6,12 @@ let sysctlOption = mkOptionType { name = "sysctl option value"; - check = x: isBool x || isString x || isInt x || isNull x; - merge = args: defs: (last defs).value; # FIXME: hacky way to allow overriding in configuration.nix. + check = val: + let + checkType = x: isBool x || isString x || isInt x || isNull x; + in + checkType val || (val._type or "" == "override" && checkType val.content); + merge = loc: defs: mergeOneOption loc (filterOverrides defs); }; in diff --git a/nixos/modules/config/system-path.nix b/nixos/modules/config/system-path.nix index 2ea998bbb63..6b4c38172e9 100644 --- a/nixos/modules/config/system-path.nix +++ b/nixos/modules/config/system-path.nix @@ -110,6 +110,7 @@ in "/man" "/sbin" "/share/emacs" + "/share/vim-plugins" "/share/org" "/share/info" "/share/terminfo" diff --git a/nixos/modules/config/unix-odbc-drivers.nix b/nixos/modules/config/unix-odbc-drivers.nix index b725e6cae73..98929392ace 100644 --- a/nixos/modules/config/unix-odbc-drivers.nix +++ b/nixos/modules/config/unix-odbc-drivers.nix @@ -27,7 +27,7 @@ with lib; environment.etc."odbcinst.ini".text = let inis = config.environment.unixODBCDrivers; - in pkgs.lib.concatStringsSep "\n" inis; + in lib.concatStringsSep "\n" inis; }; diff --git a/nixos/modules/hardware/network/intel-2100bg.nix b/nixos/modules/hardware/network/intel-2100bg.nix index 1e0033eb414..89fdce415dd 100644 --- a/nixos/modules/hardware/network/intel-2100bg.nix +++ b/nixos/modules/hardware/network/intel-2100bg.nix @@ -1,4 +1,4 @@ -{ config, pkgs, ... }: +{ config, pkgs, lib, ... }: { @@ -6,9 +6,9 @@ options = { - networking.enableIntel2100BGFirmware = pkgs.lib.mkOption { + networking.enableIntel2100BGFirmware = lib.mkOption { default = false; - type = pkgs.lib.types.bool; + type = lib.types.bool; description = '' Turn on this option if you want firmware for the Intel PRO/Wireless 2100BG to be loaded automatically. This is @@ -21,7 +21,7 @@ ###### implementation - config = pkgs.lib.mkIf config.networking.enableIntel2100BGFirmware { + config = lib.mkIf config.networking.enableIntel2100BGFirmware { hardware.enableAllFirmware = true; diff --git a/nixos/modules/hardware/network/intel-2200bg.nix b/nixos/modules/hardware/network/intel-2200bg.nix index ae5b69b7981..1b70057d135 100644 --- a/nixos/modules/hardware/network/intel-2200bg.nix +++ b/nixos/modules/hardware/network/intel-2200bg.nix @@ -1,4 +1,4 @@ -{ config, pkgs, ... }: +{ config, pkgs, lib, ... }: { @@ -6,9 +6,9 @@ options = { - networking.enableIntel2200BGFirmware = pkgs.lib.mkOption { + networking.enableIntel2200BGFirmware = lib.mkOption { default = false; - type = pkgs.lib.types.bool; + type = lib.types.bool; description = '' Turn on this option if you want firmware for the Intel PRO/Wireless 2200BG to be loaded automatically. This is @@ -21,7 +21,7 @@ ###### implementation - config = pkgs.lib.mkIf config.networking.enableIntel2200BGFirmware { + config = lib.mkIf config.networking.enableIntel2200BGFirmware { hardware.enableAllFirmware = true; diff --git a/nixos/modules/hardware/network/intel-3945abg.nix b/nixos/modules/hardware/network/intel-3945abg.nix index 80baf260ab9..f4f19d20834 100644 --- a/nixos/modules/hardware/network/intel-3945abg.nix +++ b/nixos/modules/hardware/network/intel-3945abg.nix @@ -1,4 +1,4 @@ -{ config, pkgs, ... }: +{ config, pkgs, lib, ... }: { @@ -6,9 +6,9 @@ options = { - networking.enableIntel3945ABGFirmware = pkgs.lib.mkOption { + networking.enableIntel3945ABGFirmware = lib.mkOption { default = false; - type = pkgs.lib.types.bool; + type = lib.types.bool; description = '' This option enables automatic loading of the firmware for the Intel PRO/Wireless 3945ABG. @@ -20,7 +20,7 @@ ###### implementation - config = pkgs.lib.mkIf config.networking.enableIntel3945ABGFirmware { + config = lib.mkIf config.networking.enableIntel3945ABGFirmware { hardware.enableAllFirmware = true; diff --git a/nixos/modules/hardware/network/ralink.nix b/nixos/modules/hardware/network/ralink.nix index 92f34d8643b..0469ae3a1fb 100644 --- a/nixos/modules/hardware/network/ralink.nix +++ b/nixos/modules/hardware/network/ralink.nix @@ -1,4 +1,4 @@ -{pkgs, config, ...}: +{pkgs, config, lib, ...}: { @@ -6,9 +6,9 @@ options = { - networking.enableRalinkFirmware = pkgs.lib.mkOption { + networking.enableRalinkFirmware = lib.mkOption { default = false; - type = pkgs.lib.types.bool; + type = lib.types.bool; description = '' Turn on this option if you want firmware for the RT73 NIC. ''; @@ -19,7 +19,7 @@ ###### implementation - config = pkgs.lib.mkIf config.networking.enableRalinkFirmware { + config = lib.mkIf config.networking.enableRalinkFirmware { hardware.enableAllFirmware = true; }; diff --git a/nixos/modules/hardware/network/rtl8192c.nix b/nixos/modules/hardware/network/rtl8192c.nix index 3aefb7bdd60..deae6355492 100644 --- a/nixos/modules/hardware/network/rtl8192c.nix +++ b/nixos/modules/hardware/network/rtl8192c.nix @@ -1,4 +1,4 @@ -{pkgs, config, ...}: +{pkgs, config, lib, ...}: { @@ -6,9 +6,9 @@ options = { - networking.enableRTL8192cFirmware = pkgs.lib.mkOption { + networking.enableRTL8192cFirmware = lib.mkOption { default = false; - type = pkgs.lib.types.bool; + type = lib.types.bool; description = '' Turn on this option if you want firmware for the RTL8192c (and related) NICs. ''; @@ -19,7 +19,7 @@ ###### implementation - config = pkgs.lib.mkIf config.networking.enableRTL8192cFirmware { + config = lib.mkIf config.networking.enableRTL8192cFirmware { hardware.enableAllFirmware = true; }; diff --git a/nixos/modules/hardware/network/smc-2632w/default.nix b/nixos/modules/hardware/network/smc-2632w/default.nix index 318131be749..650011aca81 100644 --- a/nixos/modules/hardware/network/smc-2632w/default.nix +++ b/nixos/modules/hardware/network/smc-2632w/default.nix @@ -1,9 +1,9 @@ -{pkgs, config, ...}: +{lib, config, ...}: { hardware = { pcmcia = { - firmware = [ (pkgs.lib.cleanSource ./firmware) ]; + firmware = [ (lib.cleanSource ./firmware) ]; }; }; } diff --git a/nixos/modules/hardware/opengl.nix b/nixos/modules/hardware/opengl.nix index ab5c309bd42..f894c830eb6 100644 --- a/nixos/modules/hardware/opengl.nix +++ b/nixos/modules/hardware/opengl.nix @@ -84,7 +84,7 @@ in config = mkIf cfg.enable { - assertions = pkgs.lib.singleton { + assertions = lib.singleton { assertion = cfg.driSupport32Bit -> pkgs.stdenv.isx86_64; message = "Option driSupport32Bit only makes sense on a 64-bit system."; }; diff --git a/nixos/modules/installer/cd-dvd/installation-cd-new-kernel.nix b/nixos/modules/installer/cd-dvd/installation-cd-graphical-new-kernel.nix index 93bcbf00b25..506b9292b01 100644 --- a/nixos/modules/installer/cd-dvd/installation-cd-new-kernel.nix +++ b/nixos/modules/installer/cd-dvd/installation-cd-graphical-new-kernel.nix @@ -3,6 +3,5 @@ { imports = [ ./installation-cd-graphical.nix ]; - boot.kernelPackages = pkgs.linuxPackages_3_10; - boot.vesa = false; + boot.kernelPackages = pkgs.linuxPackages_latest; } diff --git a/nixos/modules/installer/cd-dvd/installation-cd-minimal-new-kernel.nix b/nixos/modules/installer/cd-dvd/installation-cd-minimal-new-kernel.nix index 38d02ffd162..4363c8e6c93 100644 --- a/nixos/modules/installer/cd-dvd/installation-cd-minimal-new-kernel.nix +++ b/nixos/modules/installer/cd-dvd/installation-cd-minimal-new-kernel.nix @@ -3,6 +3,5 @@ { imports = [ ./installation-cd-minimal.nix ]; - boot.kernelPackages = pkgs.linuxPackages_3_10; - boot.vesa = false; + boot.kernelPackages = pkgs.linuxPackages_latest; } diff --git a/nixos/modules/installer/cd-dvd/system-tarball-fuloong2f.nix b/nixos/modules/installer/cd-dvd/system-tarball-fuloong2f.nix index c274970c553..c2a11a1a8b3 100644 --- a/nixos/modules/installer/cd-dvd/system-tarball-fuloong2f.nix +++ b/nixos/modules/installer/cd-dvd/system-tarball-fuloong2f.nix @@ -152,7 +152,7 @@ in # default root password is empty. services.openssh.enable = true; - jobs.openssh.startOn = pkgs.lib.mkOverride 50 ""; + jobs.openssh.startOn = lib.mkOverride 50 ""; boot.loader.grub.enable = false; boot.loader.generationsDir.enable = false; diff --git a/nixos/modules/installer/cd-dvd/system-tarball-pc.nix b/nixos/modules/installer/cd-dvd/system-tarball-pc.nix index 0357bf80196..1156003d3f4 100644 --- a/nixos/modules/installer/cd-dvd/system-tarball-pc.nix +++ b/nixos/modules/installer/cd-dvd/system-tarball-pc.nix @@ -109,7 +109,7 @@ in # not be started by default on the installation CD because the # default root password is empty. services.openssh.enable = true; - jobs.openssh.startOn = pkgs.lib.mkOverride 50 ""; + jobs.openssh.startOn = lib.mkOverride 50 ""; # To be able to use the systemTarball to catch troubles. boot.crashDump = { diff --git a/nixos/modules/installer/cd-dvd/system-tarball-sheevaplug.nix b/nixos/modules/installer/cd-dvd/system-tarball-sheevaplug.nix index 3626308bff8..2ed70c1daa9 100644 --- a/nixos/modules/installer/cd-dvd/system-tarball-sheevaplug.nix +++ b/nixos/modules/installer/cd-dvd/system-tarball-sheevaplug.nix @@ -165,7 +165,7 @@ in # not be started by default on the installation CD because the # default root password is empty. services.openssh.enable = true; - jobs.openssh.startOn = pkgs.lib.mkOverride 50 ""; + jobs.openssh.startOn = lib.mkOverride 50 ""; # cpufrequtils fails to build on non-pc powerManagement.enable = false; diff --git a/nixos/modules/installer/tools/nixos-rebuild.sh b/nixos/modules/installer/tools/nixos-rebuild.sh index d7b749573fa..be37e61151a 100644 --- a/nixos/modules/installer/tools/nixos-rebuild.sh +++ b/nixos/modules/installer/tools/nixos-rebuild.sh @@ -97,6 +97,16 @@ if [ -n "$upgrade" -a -z "$_NIXOS_REBUILD_REEXEC" ]; then nix-channel --update nixos fi +# Make sure that we use the Nix package we depend on, not something +# else from the PATH for nix-{env,instantiate,build}. This is +# important, because NixOS defaults the architecture of the rebuilt +# system to the architecture of the nix-* binaries used. So if on an +# amd64 system the user has an i686 Nix package in her PATH, then we +# would silently downgrade the whole system to be i686 NixOS on the +# next reboot. +if [ -z "$_NIXOS_REBUILD_REEXEC" ]; then + export PATH=@nix@/bin:$PATH +fi # Re-execute nixos-rebuild from the Nixpkgs tree. if [ -z "$_NIXOS_REBUILD_REEXEC" -a -n "$canRun" ]; then diff --git a/nixos/modules/installer/tools/tools.nix b/nixos/modules/installer/tools/tools.nix index 5ebf05e340f..39da2f1f0be 100644 --- a/nixos/modules/installer/tools/tools.nix +++ b/nixos/modules/installer/tools/tools.nix @@ -1,7 +1,7 @@ # This module generates nixos-install, nixos-rebuild, # nixos-generate-config, etc. -{ config, pkgs, modulesPath, ... }: +{ config, pkgs, modulesPath, lib, ... }: let @@ -32,6 +32,7 @@ let nixos-rebuild = makeProg { name = "nixos-rebuild"; src = ./nixos-rebuild.sh; + nix = config.nix.package; }; nixos-generate-config = makeProg { @@ -64,7 +65,7 @@ let test -e "$out/chrome/content/jquery-1.5.2.js" || cp -f "$jquery" "$out/chrome/content/jquery-1.5.2.js" ''; - gui = pkgs.lib.cleanSource "${modulesPath}/../gui"; + gui = lib.cleanSource "${modulesPath}/../gui"; jquery = pkgs.fetchurl { url = http://code.jquery.com/jquery-1.5.2.min.js; sha256 = "8f0a19ee8c606b35a10904951e0a27da1896eafe33c6e88cb7bcbe455f05a24a"; diff --git a/nixos/modules/misc/ids.nix b/nixos/modules/misc/ids.nix index f1028a479df..a71f5152bd1 100644 --- a/nixos/modules/misc/ids.nix +++ b/nixos/modules/misc/ids.nix @@ -1,19 +1,19 @@ # This module defines the global list of uids and gids. We keep a # central list to prevent id collisions. -{ config, pkgs, ... }: +{ config, pkgs, lib, ... }: { options = { - ids.uids = pkgs.lib.mkOption { + ids.uids = lib.mkOption { internal = true; description = '' The user IDs used in NixOS. ''; }; - ids.gids = pkgs.lib.mkOption { + ids.gids = lib.mkOption { internal = true; description = '' The group IDs used in NixOS. @@ -134,6 +134,9 @@ teamspeak = 124; influxdb = 125; nsd = 126; + gitolite = 127; + znc = 128; + polipo = 129; # When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399! @@ -242,6 +245,9 @@ teamspeak = 124; influxdb = 125; nsd = 126; + firebird = 127; + znc = 128; + polipo = 129; # When adding a gid, make sure it doesn't match an existing uid. And don't use gids above 399! diff --git a/nixos/modules/misc/lib.nix b/nixos/modules/misc/lib.nix index 18fc68a6988..be8000ac029 100644 --- a/nixos/modules/misc/lib.nix +++ b/nixos/modules/misc/lib.nix @@ -1,11 +1,11 @@ -{ config, pkgs, ... }: +{ config, lib, ... }: { options = { - lib = pkgs.lib.mkOption { + lib = lib.mkOption { default = {}; - type = pkgs.lib.types.attrsOf pkgs.lib.types.attrs; + type = lib.types.attrsOf lib.types.attrs; description = '' This option allows modules to define helper functions, constants, etc. diff --git a/nixos/modules/misc/locate.nix b/nixos/modules/misc/locate.nix index 45da0df7967..7de63c60649 100644 --- a/nixos/modules/misc/locate.nix +++ b/nixos/modules/misc/locate.nix @@ -3,12 +3,8 @@ with lib; let - - locatedb = "/var/cache/locatedb"; - -in - -{ + cfg = config.services.locate; +in { ###### interface @@ -35,6 +31,31 @@ in ''; }; + extraFlags = mkOption { + type = types.listOf types.str; + default = [ ]; + description = '' + Extra flags to append to <command>updatedb</command>. + ''; + }; + + output = mkOption { + type = types.path; + default = /var/cache/locatedb; + description = '' + The database file to build. + ''; + }; + + localuser = mkOption { + type = types.str; + default = "nobody"; + description = '' + The user to search non-network directories as, using + <command>su</command>. + ''; + }; + }; }; @@ -48,8 +69,10 @@ in path = [ pkgs.su ]; script = '' - mkdir -m 0755 -p $(dirname ${locatedb}) - exec updatedb --localuser=nobody --output=${locatedb} --prunepaths='/tmp /var/tmp /media /run' + mkdir -m 0755 -p $(dirname ${toString cfg.output}) + exec updatedb \ + --localuser=${cfg.localuser} \ + --output=${toString cfg.output} ${concatStringsSep " " cfg.extraFlags} ''; serviceConfig.Nice = 19; serviceConfig.IOSchedulingClass = "idle"; diff --git a/nixos/modules/misc/passthru.nix b/nixos/modules/misc/passthru.nix index b65f20d62f2..f3c9f6ba651 100644 --- a/nixos/modules/misc/passthru.nix +++ b/nixos/modules/misc/passthru.nix @@ -1,11 +1,11 @@ # This module allows you to export something from configuration # Use case: export kernel source expression for ease of configuring -{ config, pkgs, ... }: +{ config, lib, ... }: { options = { - passthru = pkgs.lib.mkOption { + passthru = lib.mkOption { visible = false; description = '' This attribute set will be exported as a system attribute. diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index f4f1abba4de..68971551d89 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -14,17 +14,17 @@ ./config/power-management.nix ./config/pulseaudio.nix ./config/shells-environment.nix - ./config/system-environment.nix ./config/swap.nix ./config/sysctl.nix + ./config/system-environment.nix ./config/system-path.nix ./config/timezone.nix ./config/unix-odbc-drivers.nix ./config/users-groups.nix ./config/zram.nix ./hardware/all-firmware.nix - ./hardware/cpu/intel-microcode.nix ./hardware/cpu/amd-microcode.nix + ./hardware/cpu/intel-microcode.nix ./hardware/network/b43.nix ./hardware/network/intel-2100bg.nix ./hardware/network/intel-2200bg.nix @@ -52,6 +52,7 @@ ./programs/blcr.nix ./programs/environment.nix ./programs/info.nix + ./programs/screen.nix ./programs/shadow.nix ./programs/shell.nix ./programs/ssh.nix @@ -59,7 +60,6 @@ ./programs/venus.nix ./programs/wvdial.nix ./programs/zsh/zsh.nix - ./programs/screen.nix ./rename.nix ./security/apparmor.nix ./security/apparmor-suid.nix @@ -92,16 +92,16 @@ ./services/databases/4store.nix ./services/databases/couchdb.nix ./services/databases/firebird.nix + ./services/databases/influxdb.nix ./services/databases/memcached.nix + ./services/databases/monetdb.nix ./services/databases/mongodb.nix - ./services/databases/redis.nix ./services/databases/mysql.nix ./services/databases/openldap.nix ./services/databases/postgresql.nix + ./services/databases/redis.nix ./services/databases/virtuoso.nix - ./services/databases/monetdb.nix - ./services/databases/influxdb.nix - ./services/desktops/accountservice.nix + ./services/desktops/accountsservice.nix ./services/desktops/geoclue2.nix ./services/desktops/gnome3/at-spi2-core.nix ./services/desktops/gnome3/evolution-data-server.nix @@ -124,16 +124,16 @@ ./services/hardware/pcscd.nix ./services/hardware/pommed.nix ./services/hardware/sane.nix + ./services/hardware/thinkfan.nix ./services/hardware/udev.nix ./services/hardware/udisks2.nix ./services/hardware/upower.nix - ./services/hardware/thinkfan.nix ./services/logging/klogd.nix ./services/logging/logcheck.nix ./services/logging/logrotate.nix ./services/logging/logstash.nix - ./services/logging/syslogd.nix ./services/logging/rsyslogd.nix + ./services/logging/syslogd.nix ./services/mail/dovecot.nix ./services/mail/freepops.nix ./services/mail/mail.nix @@ -146,11 +146,12 @@ ./services/misc/disnix.nix ./services/misc/felix.nix ./services/misc/folding-at-home.nix + ./services/misc/gitolite.nix ./services/misc/gpsd.nix ./services/misc/nix-daemon.nix ./services/misc/nix-gc.nix - ./services/misc/nix-ssh-serve.nix ./services/misc/nixos-manual.nix + ./services/misc/nix-ssh-serve.nix ./services/misc/rippled.nix ./services/misc/rogue.nix ./services/misc/svnserve.nix @@ -160,7 +161,7 @@ ./services/monitoring/graphite.nix ./services/monitoring/monit.nix ./services/monitoring/munin.nix - ./services/monitoring/nagios/default.nix + ./services/monitoring/nagios.nix ./services/monitoring/smartd.nix ./services/monitoring/statsd.nix ./services/monitoring/systemhealth.nix @@ -178,24 +179,23 @@ ./services/networking/bind.nix ./services/networking/bitlbee.nix ./services/networking/btsync.nix + ./services/networking/chrony.nix ./services/networking/cjdns.nix - ./services/networking/connman.nix ./services/networking/cntlm.nix - ./services/networking/chrony.nix + ./services/networking/connman.nix ./services/networking/ddclient.nix ./services/networking/dhcpcd.nix ./services/networking/dhcpd.nix ./services/networking/dnsmasq.nix ./services/networking/ejabberd.nix ./services/networking/firewall.nix - ./services/networking/haproxy.nix - ./services/networking/tcpcrypt.nix ./services/networking/flashpolicyd.nix ./services/networking/freenet.nix ./services/networking/git-daemon.nix ./services/networking/gnunet.nix ./services/networking/gogoclient.nix ./services/networking/gvpe.nix + ./services/networking/haproxy.nix ./services/networking/hostapd.nix ./services/networking/ifplugd.nix ./services/networking/iodined.nix @@ -213,19 +213,22 @@ ./services/networking/oidentd.nix ./services/networking/openfire.nix ./services/networking/openvpn.nix + ./services/networking/polipo.nix ./services/networking/prayer.nix ./services/networking/privoxy.nix ./services/networking/quassel.nix + ./services/networking/radicale.nix ./services/networking/radvd.nix ./services/networking/rdnssd.nix ./services/networking/rpcbind.nix ./services/networking/sabnzbd.nix ./services/networking/searx.nix ./services/networking/spiped.nix - ./services/networking/supybot.nix - ./services/networking/syncthing.nix ./services/networking/ssh/lshd.nix ./services/networking/ssh/sshd.nix + ./services/networking/supybot.nix + ./services/networking/syncthing.nix + ./services/networking/tcpcrypt.nix ./services/networking/teamspeak3.nix ./services/networking/tftpd.nix ./services/networking/unbound.nix @@ -235,6 +238,7 @@ ./services/networking/wicd.nix ./services/networking/wpa_supplicant.nix ./services/networking/xinetd.nix + ./services/networking/znc.nix ./services/printing/cupsd.nix ./services/scheduling/atd.nix ./services/scheduling/cron.nix @@ -242,11 +246,11 @@ ./services/search/elasticsearch.nix ./services/search/solr.nix ./services/security/clamav.nix - ./services/security/haveged.nix ./services/security/fprot.nix ./services/security/frandom.nix - ./services/security/tor.nix + ./services/security/haveged.nix ./services/security/torify.nix + ./services/security/tor.nix ./services/security/torsocks.nix ./services/system/dbus.nix ./services/system/kerberos.nix @@ -254,14 +258,14 @@ ./services/system/uptimed.nix ./services/torrent/deluge.nix ./services/torrent/transmission.nix - ./services/ttys/gpm.nix ./services/ttys/agetty.nix + ./services/ttys/gpm.nix ./services/ttys/kmscon.nix ./services/web-servers/apache-httpd/default.nix ./services/web-servers/fcgiwrap.nix ./services/web-servers/jboss/default.nix - ./services/web-servers/lighttpd/default.nix ./services/web-servers/lighttpd/cgit.nix + ./services/web-servers/lighttpd/default.nix ./services/web-servers/lighttpd/gitweb.nix ./services/web-servers/nginx/default.nix ./services/web-servers/phpfpm.nix @@ -273,11 +277,12 @@ ./services/x11/display-managers/auto.nix ./services/x11/display-managers/default.nix ./services/x11/display-managers/kdm.nix - ./services/x11/display-managers/slim.nix ./services/x11/display-managers/lightdm.nix + ./services/x11/display-managers/slim.nix ./services/x11/hardware/multitouch.nix ./services/x11/hardware/synaptics.nix ./services/x11/hardware/wacom.nix + ./services/x11/redshift.nix ./services/x11/window-managers/awesome.nix #./services/x11/window-managers/compiz.nix ./services/x11/window-managers/default.nix @@ -287,7 +292,6 @@ ./services/x11/window-managers/twm.nix ./services/x11/window-managers/wmii.nix ./services/x11/window-managers/xmonad.nix - ./services/x11/redshift.nix ./services/x11/xfs.nix ./services/x11/xserver.nix ./system/activation/activation-script.nix @@ -310,17 +314,17 @@ ./system/etc/etc.nix ./system/upstart/upstart.nix ./tasks/cpu-freq.nix - ./tasks/filesystems.nix + ./tasks/encrypted-devices.nix ./tasks/filesystems/btrfs.nix ./tasks/filesystems/ext.nix ./tasks/filesystems/f2fs.nix ./tasks/filesystems/nfs.nix + ./tasks/filesystems.nix ./tasks/filesystems/reiserfs.nix ./tasks/filesystems/unionfs-fuse.nix ./tasks/filesystems/vfat.nix ./tasks/filesystems/xfs.nix ./tasks/filesystems/zfs.nix - ./tasks/encrypted-devices.nix ./tasks/kbd.nix ./tasks/lvm.nix ./tasks/network-interfaces.nix diff --git a/nixos/modules/programs/atop.nix b/nixos/modules/programs/atop.nix index e457db22333..b91bd98047e 100644 --- a/nixos/modules/programs/atop.nix +++ b/nixos/modules/programs/atop.nix @@ -22,7 +22,7 @@ in interval = 5; }; description = '' - Parameters to be written to <filename>/etc/atoprc</filename> + Parameters to be written to <filename>/etc/atoprc</filename>. ''; }; diff --git a/nixos/modules/programs/blcr.nix b/nixos/modules/programs/blcr.nix index e1e31b4a56a..804e1d01f12 100644 --- a/nixos/modules/programs/blcr.nix +++ b/nixos/modules/programs/blcr.nix @@ -1,7 +1,7 @@ -{ config, pkgs, ... }: +{ config, lib, ... }: let - inherit (pkgs.lib) mkOption mkIf; + inherit (lib) mkOption mkIf; cfg = config.environment.blcr; blcrPkg = config.boot.kernelPackages.blcr; in diff --git a/nixos/modules/programs/environment.nix b/nixos/modules/programs/environment.nix index 2ff1db48757..80c3e83fe81 100644 --- a/nixos/modules/programs/environment.nix +++ b/nixos/modules/programs/environment.nix @@ -19,8 +19,8 @@ in environment.variables = { LOCATE_PATH = "/var/cache/locatedb"; NIXPKGS_CONFIG = "/etc/nix/nixpkgs-config.nix"; - PAGER = "less -R"; - EDITOR = "nano"; + PAGER = mkDefault "less -R"; + EDITOR = mkDefault "nano"; }; environment.sessionVariables = diff --git a/nixos/modules/programs/info.nix b/nixos/modules/programs/info.nix index 30c25cf3420..253f9e87769 100644 --- a/nixos/modules/programs/info.nix +++ b/nixos/modules/programs/info.nix @@ -2,6 +2,8 @@ let + texinfo = pkgs.texinfoInteractive; + # Quick hack to make the `info' command work properly. `info' needs # a "dir" file containing all the installed Info files, which we # don't have (it would be impure to have a package installation @@ -22,15 +24,15 @@ let for i in $(IFS=:; echo $INFOPATH); do for j in $i/*.info; do - ${pkgs.texinfo}/bin/install-info --quiet $j $dir/dir + ${texinfo}/bin/install-info --quiet $j $dir/dir done done - INFOPATH=$dir:$INFOPATH ${pkgs.texinfo}/bin/info "$@" + INFOPATH=$dir:$INFOPATH ${texinfo}/bin/info "$@" ''; # */ in { - environment.systemPackages = [ infoWrapper pkgs.texinfo ]; + environment.systemPackages = [ infoWrapper texinfo ]; } diff --git a/nixos/modules/programs/screen.nix b/nixos/modules/programs/screen.nix index 1c63ebe6a11..f82338a69d2 100644 --- a/nixos/modules/programs/screen.nix +++ b/nixos/modules/programs/screen.nix @@ -1,7 +1,7 @@ -{ config, pkgs, ... }: +{ config, lib, ... }: let - inherit (pkgs.lib) mkOption mkIf types; + inherit (lib) mkOption mkIf types; cfg = config.programs.screen; in diff --git a/nixos/modules/programs/shadow.nix b/nixos/modules/programs/shadow.nix index 27a18c726a3..658b08b3d87 100644 --- a/nixos/modules/programs/shadow.nix +++ b/nixos/modules/programs/shadow.nix @@ -40,7 +40,7 @@ in options = { - users.defaultUserShell = pkgs.lib.mkOption { + users.defaultUserShell = lib.mkOption { description = '' This option defines the default shell assigned to user accounts. This must not be a store path, since the path is @@ -48,6 +48,7 @@ in Rather, it should be the path of a symlink that points to the actual shell in the Nix store. ''; + example = "/run/current-system/sw/bin/zsh"; type = types.path; }; @@ -59,7 +60,7 @@ in config = { environment.systemPackages = - pkgs.lib.optional config.users.mutableUsers pkgs.shadow; + lib.optional config.users.mutableUsers pkgs.shadow; environment.etc = [ { # /etc/login.defs: global configuration for pwdutils. You diff --git a/nixos/modules/programs/virtualbox.nix b/nixos/modules/programs/virtualbox.nix index 10e657abd3c..e2dd76219eb 100644 --- a/nixos/modules/programs/virtualbox.nix +++ b/nixos/modules/programs/virtualbox.nix @@ -14,6 +14,7 @@ let virtualbox = config.boot.kernelPackages.virtualbox; in services.udev.extraRules = '' KERNEL=="vboxdrv", OWNER="root", GROUP="vboxusers", MODE="0660", TAG+="systemd" + KERNEL=="vboxdrvu", OWNER="root", GROUP="root", MODE="0666", TAG+="systemd" KERNEL=="vboxnetctl", OWNER="root", GROUP="root", MODE="0600", TAG+="systemd" SUBSYSTEM=="usb_device", ACTION=="add", RUN+="${virtualbox}/libexec/virtualbox/VBoxCreateUSBNode.sh $major $minor $attr{bDeviceClass}" SUBSYSTEM=="usb", ACTION=="add", ENV{DEVTYPE}=="usb_device", RUN+="${virtualbox}/libexec/virtualbox/VBoxCreateUSBNode.sh $major $minor $attr{bDeviceClass}" diff --git a/nixos/modules/security/grsecurity.nix b/nixos/modules/security/grsecurity.nix index f4af04247fe..9e598369137 100644 --- a/nixos/modules/security/grsecurity.nix +++ b/nixos/modules/security/grsecurity.nix @@ -6,12 +6,10 @@ let cfg = config.security.grsecurity; customGrsecPkg = - (import ../../../pkgs/build-support/grsecurity - { - inherit lib pkgs; - grsecOptions = cfg; - } - ).grsecPackage; + (import ../../../pkgs/build-support/grsecurity { + grsecOptions = cfg; + inherit pkgs lib; + }).grsecPackage; in { options = { @@ -36,14 +34,6 @@ in ''; }; - vserver = mkOption { - type = types.bool; - default = false; - description = '' - Enable the stable grsecurity/vserver patches, based on Linux 3.2. - ''; - }; - testing = mkOption { type = types.bool; default = false; @@ -60,7 +50,7 @@ in description = '' grsecurity configuration mode. This specifies whether grsecurity is auto-configured or otherwise completely - manually configured. Can either by + manually configured. Can either be <literal>custom</literal> or <literal>auto</literal>. <literal>auto</literal> is recommended. @@ -74,7 +64,7 @@ in description = '' grsecurity configuration priority. This specifies whether the kernel configuration should emphasize speed or - security. Can either by <literal>security</literal> or + security. Can either be <literal>security</literal> or <literal>performance</literal>. ''; }; @@ -86,7 +76,7 @@ in description = '' grsecurity system configuration. This specifies whether the kernel configuration should be suitable for a Desktop - or a Server. Can either by <literal>server</literal> or + or a Server. Can either be <literal>server</literal> or <literal>desktop</literal>. ''; }; @@ -246,9 +236,6 @@ in both. ''; } - { assertion = (cfg.testing -> !cfg.vserver); - message = "The vserver patches are only supported in the stable kernel."; - } { assertion = (cfg.config.restrictProc -> !cfg.config.restrictProcWithGroup) || (cfg.config.restrictProcWithGroup -> !cfg.config.restrictProc); message = "You cannot enable both restrictProc and restrictProcWithGroup"; diff --git a/nixos/modules/security/pam.nix b/nixos/modules/security/pam.nix index 02340fd78e8..b1b75a0068d 100644 --- a/nixos/modules/security/pam.nix +++ b/nixos/modules/security/pam.nix @@ -189,7 +189,9 @@ let session required pam_env.so envfile=${config.system.build.pamEnvironment} session required pam_unix.so ${optionalString cfg.setLoginUid - "session required pam_loginuid.so"} + "session ${ + if config.boot.isContainer then "optional" else "required" + } pam_loginuid.so"} ${optionalString cfg.updateWtmp "session required ${pkgs.pam}/lib/security/pam_lastlog.so silent"} ${optionalString config.users.ldap.enable diff --git a/nixos/modules/security/sudo.nix b/nixos/modules/security/sudo.nix index e8ed545c8cc..cbd1628caae 100644 --- a/nixos/modules/security/sudo.nix +++ b/nixos/modules/security/sudo.nix @@ -83,7 +83,7 @@ in {src = pkgs.writeText "sudoers-in" cfg.configFile; } # Make sure that the sudoers file is syntactically valid. # (currently disabled - NIXOS-66) - "${pkgs.sudo.override {keepVisudo = true;}}/sbin/visudo -f $src -c && + "${pkgs.sudo}/sbin/visudo -f $src -c && cp $src $out"; target = "sudoers"; mode = "0440"; diff --git a/nixos/modules/services/amqp/activemq/default.nix b/nixos/modules/services/amqp/activemq/default.nix index f1f3d005f30..f731900070e 100644 --- a/nixos/modules/services/amqp/activemq/default.nix +++ b/nixos/modules/services/amqp/activemq/default.nix @@ -1,7 +1,7 @@ { config, lib, pkgs, ... }: -with lib; with pkgs; +with lib; let diff --git a/nixos/modules/services/amqp/rabbitmq.nix b/nixos/modules/services/amqp/rabbitmq.nix index bef15fb64b7..a930098bfee 100644 --- a/nixos/modules/services/amqp/rabbitmq.nix +++ b/nixos/modules/services/amqp/rabbitmq.nix @@ -4,6 +4,8 @@ with lib; let cfg = config.services.rabbitmq; + config_file = pkgs.writeText "rabbitmq.config" cfg.config; + config_file_wo_suffix = builtins.substring 0 ((builtins.stringLength config_file) - 7) config_file; in { ###### interface @@ -31,7 +33,6 @@ in { ''; }; - dataDir = mkOption { type = types.path; default = "/var/lib/rabbitmq"; @@ -40,6 +41,30 @@ in { ''; }; + cookie = mkOption { + default = ""; + type = types.str; + description = '' + Erlang cookie is a string of arbitrary length which must + be the same for several nodes to be allowed to communicate. + Leave empty to generate automatically. + ''; + }; + + config = mkOption { + default = ""; + type = types.str; + description = '' + Verbatim configuration file contents. + See http://www.rabbitmq.com/configure.htm + ''; + }; + + plugins = mkOption { + default = []; + type = types.listOf types.str; + description = "The names of plugins to enable"; + }; }; }; @@ -69,7 +94,10 @@ in { RABBITMQ_NODE_IP_ADDRESS = cfg.listenAddress; RABBITMQ_SERVER_START_ARGS = "-rabbit error_logger tty -rabbit sasl_error_logger false"; SYS_PREFIX = ""; - }; + RABBITMQ_ENABLED_PLUGINS_FILE = pkgs.writeText "enabled_plugins" '' + [ ${concatStringsSep "," cfg.plugins} ]. + ''; + } // optionalAttrs (cfg.config != "") { RABBITMQ_CONFIG_FILE = config_file_wo_suffix; }; serviceConfig = { ExecStart = "${pkgs.rabbitmq_server}/sbin/rabbitmq-server"; @@ -81,6 +109,15 @@ in { preStart = '' mkdir -p ${cfg.dataDir} && chmod 0700 ${cfg.dataDir} if [ "$(id -u)" = 0 ]; then chown rabbitmq:rabbitmq ${cfg.dataDir}; fi + + ${optionalString (cfg.cookie != "") '' + echo -n ${cfg.cookie} > ${cfg.dataDir}/.erlang.cookie + chmod 400 ${cfg.dataDir}/.erlang.cookie + chown rabbitmq:rabbitmq ${cfg.dataDir}/.erlang.cookie + ''} + + mkdir -p /var/log/rabbitmq && chmod 0700 /var/log/rabbitmq + chown rabbitmq:rabbitmq /var/log/rabbitmq ''; }; diff --git a/nixos/modules/services/audio/mpd.nix b/nixos/modules/services/audio/mpd.nix index 1b50f06bf30..53542e34b14 100644 --- a/nixos/modules/services/audio/mpd.nix +++ b/nixos/modules/services/audio/mpd.nix @@ -52,7 +52,7 @@ in { }; dataDir = mkOption { - default = "/var/lib/mpd/"; + default = "/var/lib/mpd"; description = '' The directory where MPD stores its state, tag cache, playlists etc. diff --git a/nixos/modules/services/backup/sitecopy-backup.nix b/nixos/modules/services/backup/sitecopy-backup.nix index 5d3675fa3e9..5f2b4e76aee 100644 --- a/nixos/modules/services/backup/sitecopy-backup.nix +++ b/nixos/modules/services/backup/sitecopy-backup.nix @@ -73,7 +73,7 @@ in touch ${stateDir}/sitecopy.secrets chown root ${stateDir}/sitecopy.secrets - ${pkgs.lib.concatStrings (map ( b: '' + ${lib.concatStrings (map ( b: '' unset secrets unset secret secrets=`grep '^${b.server}' ${stateDir}/sitecopy.secrets | head -1` diff --git a/nixos/modules/services/databases/firebird.nix b/nixos/modules/services/databases/firebird.nix index 83dd4951170..c874b218a5e 100644 --- a/nixos/modules/services/databases/firebird.nix +++ b/nixos/modules/services/databases/firebird.nix @@ -159,5 +159,7 @@ in uid = config.ids.uids.firebird; }; + users.extraGroups.firebird.gid = config.ids.gids.firebird; + }; } diff --git a/nixos/modules/services/databases/openldap.nix b/nixos/modules/services/databases/openldap.nix index c95238b3451..eae4c114fc1 100644 --- a/nixos/modules/services/databases/openldap.nix +++ b/nixos/modules/services/databases/openldap.nix @@ -68,7 +68,7 @@ in users.extraUsers = optionalAttrs (cfg.user == "openldap") (singleton { name = "openldap"; - group = "openldap"; + group = cfg.group; uid = config.ids.uids.openldap; }); diff --git a/nixos/modules/services/databases/postgresql.nix b/nixos/modules/services/databases/postgresql.nix index ad83cb553e1..01c55479b2b 100644 --- a/nixos/modules/services/databases/postgresql.nix +++ b/nixos/modules/services/databases/postgresql.nix @@ -85,7 +85,7 @@ in Defines how users authenticate themselves to the server. By default, "trust" access to local users will always be granted along with any other custom options. If you do not want this, - set this option using "pkgs.lib.mkForce" to override this + set this option using "lib.mkForce" to override this behaviour. ''; }; diff --git a/nixos/modules/services/databases/redis.nix b/nixos/modules/services/databases/redis.nix index 4ef48df9831..b91c389e90a 100644 --- a/nixos/modules/services/databases/redis.nix +++ b/nixos/modules/services/databases/redis.nix @@ -38,91 +38,97 @@ in services.redis = { enable = mkOption { + type = types.bool; default = false; description = "Whether to enable the Redis server."; }; package = mkOption { + type = types.package; default = pkgs.redis; description = "Which Redis derivation to use."; - type = types.package; }; user = mkOption { + type = types.str; default = "redis"; - description = "User account under which Redis runs"; + description = "User account under which Redis runs."; }; pidFile = mkOption { + type = types.path; default = "/var/lib/redis/redis.pid"; description = ""; }; port = mkOption { + type = types.int; default = 6379; - description = "The port for Redis to listen to"; - type = with types; int; + description = "The port for Redis to listen to."; }; bind = mkOption { + type = with types; nullOr str; default = null; # All interfaces - description = "The IP interface to bind to"; + description = "The IP interface to bind to."; example = "127.0.0.1"; }; unixSocket = mkOption { + type = with types; nullOr path; default = null; - description = "The path to the socket to bind to"; + description = "The path to the socket to bind to."; example = "/var/run/redis.sock"; }; logLevel = mkOption { + type = types.str; default = "notice"; # debug, verbose, notice, warning example = "debug"; - description = "Specify the server verbosity level, options: debug, verbose, notice, warning"; - type = with types; string; + description = "Specify the server verbosity level, options: debug, verbose, notice, warning."; }; logfile = mkOption { + type = types.str; default = "/dev/null"; description = "Specify the log file name. Also 'stdout' can be used to force Redis to log on the standard output."; example = "/var/log/redis.log"; - type = with types; string; }; syslog = mkOption { + type = types.bool; default = true; description = "Enable logging to the system logger."; - type = with types; bool; }; databases = mkOption { + type = types.int; default = 16; description = "Set the number of databases."; - type = with types; int; }; save = mkOption { + type = with types; listOf (listOf int); default = [ [900 1] [300 10] [60 10000] ]; description = "The schedule in which data is persisted to disk, represented as a list of lists where the first element represent the amount of seconds and the second the number of changes."; example = [ [900 1] [300 10] [60 10000] ]; }; dbFilename = mkOption { + type = types.str; default = "dump.rdb"; - description = "The filename where to dump the DB"; - type = with types; string; + description = "The filename where to dump the DB."; }; dbpath = mkOption { + type = types.path; default = "/var/lib/redis"; - description = "The DB will be written inside this directory, with the filename specified using the 'dbFilename' configuration"; - type = with types; string; + description = "The DB will be written inside this directory, with the filename specified using the 'dbFilename' configuration."; }; slaveOf = mkOption { default = null; # { ip, port } - description = "An attribute set with two attributes: ip and port to which this redis instance acts as a slave"; + description = "An attribute set with two attributes: ip and port to which this redis instance acts as a slave."; example = { ip = "192.168.1.100"; port = 6379; }; }; @@ -135,46 +141,47 @@ in }; requirePass = mkOption { + type = with types; nullOr str; default = null; description = "Password for database (STORED PLAIN TEXT, WORLD-READABLE IN NIX STORE)"; example = "letmein!"; }; appendOnly = mkOption { + type = types.bool; default = false; description = "By default data is only periodically persisted to disk, enable this option to use an append-only file for improved persistence."; - type = with types; bool; }; appendOnlyFilename = mkOption { + type = types.str; default = "appendonly.aof"; description = "Filename for the append-only file (stored inside of dbpath)"; - type = with types; string; }; appendFsync = mkOption { + type = types.str; default = "everysec"; # no, always, everysec - description = "How often to fsync the append-only log, options: no, always, everysec"; - type = with types; string; + description = "How often to fsync the append-only log, options: no, always, everysec."; }; slowLogLogSlowerThan = mkOption { + type = types.int; default = 10000; - description = "Log queries whose execution take longer than X in milliseconds"; + description = "Log queries whose execution take longer than X in milliseconds."; example = 1000; - type = with types; int; }; slowLogMaxLen = mkOption { + type = types.int; default = 128; - description = "Maximum number of items to keep in slow log"; - type = with types; int; + description = "Maximum number of items to keep in slow log."; }; extraConfig = mkOption { + type = types.lines; default = ""; - description = "Extra configuration options for redis.conf"; - type = with types; string; + description = "Extra configuration options for redis.conf."; }; }; diff --git a/nixos/modules/services/desktops/accountservice.nix b/nixos/modules/services/desktops/accountsservice.nix index 386dfe98bd2..c28c2729576 100644 --- a/nixos/modules/services/desktops/accountservice.nix +++ b/nixos/modules/services/desktops/accountsservice.nix @@ -30,11 +30,11 @@ with lib; config = mkIf config.services.accounts-daemon.enable { - environment.systemPackages = [ pkgs.accountservice ]; + environment.systemPackages = [ pkgs.accountsservice ]; - services.dbus.packages = [ pkgs.accountservice ]; + services.dbus.packages = [ pkgs.accountsservice ]; - systemd.packages = [ pkgs.accountservice ]; + systemd.packages = [ pkgs.accountsservice ]; }; } diff --git a/nixos/modules/services/desktops/gnome3/gnome-documents.nix b/nixos/modules/services/desktops/gnome3/gnome-documents.nix index 2279ef48fb9..88bbdadfcbd 100644 --- a/nixos/modules/services/desktops/gnome3/gnome-documents.nix +++ b/nixos/modules/services/desktops/gnome3/gnome-documents.nix @@ -1,8 +1,8 @@ # GNOME Documents daemon. -{ config, pkgs, ... }: +{ config, pkgs, lib, ... }: -with pkgs.lib; +with lib; let gnome3 = config.environment.gnome3.packageSet; diff --git a/nixos/modules/services/desktops/gnome3/gnome-keyring.nix b/nixos/modules/services/desktops/gnome3/gnome-keyring.nix index be14f1fcbc0..566c8a50e26 100644 --- a/nixos/modules/services/desktops/gnome3/gnome-keyring.nix +++ b/nixos/modules/services/desktops/gnome3/gnome-keyring.nix @@ -1,8 +1,8 @@ # GNOME Keyring daemon. -{ config, pkgs, ... }: +{ config, pkgs, lib, ... }: -with pkgs.lib; +with lib; let gnome3 = config.environment.gnome3.packageSet; diff --git a/nixos/modules/services/desktops/gnome3/gnome-online-accounts.nix b/nixos/modules/services/desktops/gnome3/gnome-online-accounts.nix index a41fb0101f0..82d04c62c70 100644 --- a/nixos/modules/services/desktops/gnome3/gnome-online-accounts.nix +++ b/nixos/modules/services/desktops/gnome3/gnome-online-accounts.nix @@ -1,8 +1,8 @@ # GNOME Online Accounts daemon. -{ config, pkgs, ... }: +{ config, pkgs, lib, ... }: -with pkgs.lib; +with lib; let gnome3 = config.environment.gnome3.packageSet; diff --git a/nixos/modules/services/desktops/gnome3/gnome-online-miners.nix b/nixos/modules/services/desktops/gnome3/gnome-online-miners.nix index 030d4bac6a7..6acd633b62c 100644 --- a/nixos/modules/services/desktops/gnome3/gnome-online-miners.nix +++ b/nixos/modules/services/desktops/gnome3/gnome-online-miners.nix @@ -1,8 +1,8 @@ # GNOME Online Miners daemon. -{ config, pkgs, ... }: +{ config, pkgs, lib, ... }: -with pkgs.lib; +with lib; let gnome3 = config.environment.gnome3.packageSet; diff --git a/nixos/modules/services/desktops/gnome3/gnome-user-share.nix b/nixos/modules/services/desktops/gnome3/gnome-user-share.nix index 3b6c713f7be..e5c94cff7c8 100644 --- a/nixos/modules/services/desktops/gnome3/gnome-user-share.nix +++ b/nixos/modules/services/desktops/gnome3/gnome-user-share.nix @@ -1,8 +1,8 @@ # GNOME User Share daemon. -{ config, pkgs, ... }: +{ config, pkgs, lib, ... }: -with pkgs.lib; +with lib; let gnome3 = config.environment.gnome3.packageSet; diff --git a/nixos/modules/services/desktops/gnome3/gvfs.nix b/nixos/modules/services/desktops/gnome3/gvfs.nix index 1a003ddd1ef..7e1382b161e 100644 --- a/nixos/modules/services/desktops/gnome3/gvfs.nix +++ b/nixos/modules/services/desktops/gnome3/gvfs.nix @@ -1,8 +1,8 @@ # gvfs backends -{ config, pkgs, ... }: +{ config, lib, ... }: -with pkgs.lib; +with lib; let gnome3 = config.environment.gnome3.packageSet; diff --git a/nixos/modules/services/desktops/gnome3/seahorse.nix b/nixos/modules/services/desktops/gnome3/seahorse.nix index 01e4a24f267..45925aaca9b 100644 --- a/nixos/modules/services/desktops/gnome3/seahorse.nix +++ b/nixos/modules/services/desktops/gnome3/seahorse.nix @@ -1,8 +1,8 @@ # Seahorse daemon. -{ config, pkgs, ... }: +{ config, pkgs, lib, ... }: -with pkgs.lib; +with lib; let gnome3 = config.environment.gnome3.packageSet; diff --git a/nixos/modules/services/desktops/gnome3/tracker.nix b/nixos/modules/services/desktops/gnome3/tracker.nix index 670e585c6f5..8c5935a5ee3 100644 --- a/nixos/modules/services/desktops/gnome3/tracker.nix +++ b/nixos/modules/services/desktops/gnome3/tracker.nix @@ -1,8 +1,8 @@ # Tracker daemon. -{ config, pkgs, ... }: +{ config, pkgs, lib, ... }: -with pkgs.lib; +with lib; let gnome3 = config.environment.gnome3.packageSet; diff --git a/nixos/modules/services/hardware/acpid.nix b/nixos/modules/services/hardware/acpid.nix index a710636c140..b87899e4598 100644 --- a/nixos/modules/services/hardware/acpid.nix +++ b/nixos/modules/services/hardware/acpid.nix @@ -16,7 +16,7 @@ let echo "event=${event.event}" > $fn echo "action=${pkgs.writeScript "${event.name}.sh" event.action}" >> $fn ''; - in pkgs.lib.concatMapStrings f events + in lib.concatMapStrings f events } ''; diff --git a/nixos/modules/services/hardware/amd-hybrid-graphics.nix b/nixos/modules/services/hardware/amd-hybrid-graphics.nix index d938867186d..087bd0e0409 100644 --- a/nixos/modules/services/hardware/amd-hybrid-graphics.nix +++ b/nixos/modules/services/hardware/amd-hybrid-graphics.nix @@ -1,4 +1,4 @@ -{ config, pkgs, ... }: +{ config, pkgs, lib, ... }: { @@ -6,9 +6,9 @@ options = { - hardware.amdHybridGraphics.disable = pkgs.lib.mkOption { + hardware.amdHybridGraphics.disable = lib.mkOption { default = false; - type = pkgs.lib.types.bool; + type = lib.types.bool; description = '' Completely disable the AMD graphics card and use the integrated graphics processor instead. @@ -20,7 +20,7 @@ ###### implementation - config = pkgs.lib.mkIf config.hardware.amdHybridGraphics.disable { + config = lib.mkIf config.hardware.amdHybridGraphics.disable { systemd.services."amd-hybrid-graphics" = { path = [ pkgs.bash ]; description = "Disable AMD Card"; diff --git a/nixos/modules/services/hardware/nvidia-optimus.nix b/nixos/modules/services/hardware/nvidia-optimus.nix index 4c0ce794d4f..9fe4021c424 100644 --- a/nixos/modules/services/hardware/nvidia-optimus.nix +++ b/nixos/modules/services/hardware/nvidia-optimus.nix @@ -1,4 +1,4 @@ -{ config, pkgs, ... }: +{ config, pkgs, lib, ... }: let kernel = config.boot.kernelPackages; in @@ -8,9 +8,9 @@ let kernel = config.boot.kernelPackages; in options = { - hardware.nvidiaOptimus.disable = pkgs.lib.mkOption { + hardware.nvidiaOptimus.disable = lib.mkOption { default = false; - type = pkgs.lib.types.bool; + type = lib.types.bool; description = '' Completely disable the NVIDIA graphics card and use the integrated graphics processor instead. @@ -22,7 +22,7 @@ let kernel = config.boot.kernelPackages; in ###### implementation - config = pkgs.lib.mkIf config.hardware.nvidiaOptimus.disable { + config = lib.mkIf config.hardware.nvidiaOptimus.disable { boot.blacklistedKernelModules = ["nouveau" "nvidia" "nvidiafb"]; boot.kernelModules = [ "bbswitch" ]; boot.extraModulePackages = [ kernel.bbswitch ]; diff --git a/nixos/modules/services/hardware/sane.nix b/nixos/modules/services/hardware/sane.nix index f7b25c18787..3bf765c6f99 100644 --- a/nixos/modules/services/hardware/sane.nix +++ b/nixos/modules/services/hardware/sane.nix @@ -34,6 +34,12 @@ in description = "Packages providing extra SANE backends to enable."; }; + hardware.sane.configDir = mkOption { + type = types.string; + default = "${saneConfig}/etc/sane.d"; + description = "The value of SANE_CONFIG_DIR."; + }; + }; @@ -42,8 +48,8 @@ in config = mkIf config.hardware.sane.enable { environment.systemPackages = backends; - environment.variables = { - SANE_CONFIG_DIR = mkDefault "${saneConfig}/etc/sane.d"; + environment.sessionVariables = { + SANE_CONFIG_DIR = config.hardware.sane.configDir; LD_LIBRARY_PATH = [ "${saneConfig}/lib/sane" ]; }; services.udev.packages = backends; diff --git a/nixos/modules/services/logging/logstash.nix b/nixos/modules/services/logging/logstash.nix index 480e35a1156..802dd454878 100644 --- a/nixos/modules/services/logging/logstash.nix +++ b/nixos/modules/services/logging/logstash.nix @@ -17,6 +17,11 @@ in description = "Enable logstash"; }; + enableWeb = mkOption { + default = false; + description = "Enable logstash web interface"; + }; + inputConfig = mkOption { default = ''stdin { type => "example" }''; description = "Logstash input configuration"; @@ -62,11 +67,11 @@ in config = mkIf cfg.enable { systemd.services.logstash = with pkgs; { - description = "Logstash daemon"; + description = "Logstash Daemon"; wantedBy = [ "multi-user.target" ]; - + environment = { JAVA_HOME = jre; }; serviceConfig = { - ExecStart = "${jre}/bin/java -jar ${logstash} agent -f ${writeText "logstash.conf" '' + ExecStart = "${logstash}/bin/logstash agent -f ${writeText "logstash.conf" '' input { ${cfg.inputConfig} } @@ -78,7 +83,7 @@ in output { ${cfg.outputConfig} } - ''}"; + ''} ${optionalString cfg.enableWeb "-- web"}"; }; }; }; diff --git a/nixos/modules/services/misc/gitolite.nix b/nixos/modules/services/misc/gitolite.nix new file mode 100644 index 00000000000..84435f92c11 --- /dev/null +++ b/nixos/modules/services/misc/gitolite.nix @@ -0,0 +1,66 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.services.gitolite; + pubkeyFile = pkgs.writeText "gitolite-admin.pub" cfg.adminPubkey; +in +{ + options = { + services.gitolite = { + enable = mkOption { + type = types.bool; + default = false; + description = '' + Enable gitolite management under the + <literal>gitolite</literal> user. The Gitolite home + directory is <literal>/var/lib/gitolite</literal>. After + switching to a configuration with Gitolite enabled, you can + then run <literal>git clone + gitolite@host:gitolite-admin.git</literal> to manage it further. + ''; + }; + + adminPubkey = mkOption { + type = types.str; + description = '' + Initial administrative public key for Gitolite. This should + be an SSH Public Key. Note that this key will only be used + once, upon the first initialization of the Gitolite user. + ''; + }; + }; + }; + + config = mkIf cfg.enable { + users.extraUsers.gitolite = { + description = "Gitolite user"; + home = "/var/lib/gitolite"; + createHome = true; + uid = config.ids.uids.gitolite; + useDefaultShell = true; + }; + + systemd.services."gitolite-init" = { + description = "Gitolite initialization"; + wantedBy = [ "multi-user.target" ]; + + serviceConfig.User = "gitolite"; + serviceConfig.Type = "oneshot"; + serviceConfig.RemainAfterExit = true; + + path = [ pkgs.gitolite pkgs.git pkgs.perl pkgs.bash pkgs.openssh ]; + script = '' + cd /var/lib/gitolite + mkdir -p .gitolite/logs + if [ ! -d repositories ]; then + gitolite setup -pk ${pubkeyFile} + fi + gitolite setup # Upgrade if needed + ''; + }; + + environment.systemPackages = [ pkgs.gitolite pkgs.git ]; + }; +} diff --git a/nixos/modules/services/misc/nix-ssh-serve.nix b/nixos/modules/services/misc/nix-ssh-serve.nix index 80e7961b1f8..d70bd855c7f 100644 --- a/nixos/modules/services/misc/nix-ssh-serve.nix +++ b/nixos/modules/services/misc/nix-ssh-serve.nix @@ -1,32 +1,35 @@ { config, lib, pkgs, ... }: -let - serveOnly = pkgs.writeScript "nix-store-serve" '' - #!${pkgs.stdenv.shell} - if [ "$SSH_ORIGINAL_COMMAND" != "nix-store --serve" ]; then - echo 'Error: You are only allowed to run `nix-store --serve'\'''!' >&2 - exit 1 - fi - exec /run/current-system/sw/bin/nix-store --serve - ''; - - inherit (lib) mkIf mkOption types; -in { +with lib; + +{ options = { + nix.sshServe = { + enable = mkOption { - description = "Whether to enable serving the nix store over ssh."; - default = false; type = types.bool; + default = false; + description = "Whether to enable serving the Nix store as a binary cache via SSH."; + }; + + keys = mkOption { + type = types.listOf types.str; + default = []; + example = [ "ssh-dss AAAAB3NzaC1k... alice@example.org" ]; + description = "A list of SSH public keys allowed to access the binary cache via SSH."; }; + }; + }; config = mkIf config.nix.sshServe.enable { + users.extraUsers.nix-ssh = { - description = "User for running nix-store --serve."; + description = "Nix SSH substituter user"; uid = config.ids.uids.nix-ssh; - shell = pkgs.stdenv.shell; + useDefaultShell = true; }; services.openssh.enable = true; @@ -38,8 +41,11 @@ in { PermitTTY no PermitTunnel no X11Forwarding no - ForceCommand ${serveOnly} + ForceCommand ${config.nix.package}/bin/nix-store --serve Match All ''; + + users.extraUsers.nix-ssh.openssh.authorizedKeys.keys = config.nix.sshServe.keys; + }; } diff --git a/nixos/modules/services/monitoring/monit.nix b/nixos/modules/services/monitoring/monit.nix index 2acc51c64a6..642fac3b3a0 100644 --- a/nixos/modules/services/monitoring/monit.nix +++ b/nixos/modules/services/monitoring/monit.nix @@ -1,9 +1,9 @@ # Monit system watcher # http://mmonit.org/monit/ -{config, pkgs, ...}: +{config, pkgs, lib, ...}: -let inherit (pkgs.lib) mkOption mkIf; +let inherit (lib) mkOption mkIf; in { diff --git a/nixos/modules/services/monitoring/munin.nix b/nixos/modules/services/monitoring/munin.nix index 966c2eca282..21840bc67e8 100644 --- a/nixos/modules/services/monitoring/munin.nix +++ b/nixos/modules/services/monitoring/munin.nix @@ -189,19 +189,18 @@ in wantedBy = [ "multi-user.target" ]; path = [ pkgs.munin ]; environment.MUNIN_PLUGSTATE = "/var/run/munin"; + preStart = '' + echo "updating munin plugins..." + + mkdir -p /etc/munin/plugins + rm -rf /etc/munin/plugins/* + PATH="/run/current-system/sw/bin:/run/current-system/sw/sbin" ${pkgs.munin}/sbin/munin-node-configure --shell --families contrib,auto,manual --config ${nodeConf} --libdir=${muninPlugins} --servicedir=/etc/munin/plugins 2>/dev/null | ${pkgs.bash}/bin/bash + ''; serviceConfig = { ExecStart = "${pkgs.munin}/sbin/munin-node --config ${nodeConf} --servicedir /etc/munin/plugins/"; }; }; - system.activationScripts.munin-node = '' - echo "updating munin plugins..." - - mkdir -p /etc/munin/plugins - rm -rf /etc/munin/plugins/* - PATH="/run/current-system/sw/bin:/run/current-system/sw/sbin" ${pkgs.munin}/sbin/munin-node-configure --shell --families contrib,auto,manual --config ${nodeConf} --libdir=${muninPlugins} --servicedir=/etc/munin/plugins 2>/dev/null | ${pkgs.bash}/bin/bash - ''; - }) (mkIf cronCfg.enable { services.cron.systemCronJobs = [ diff --git a/nixos/modules/services/monitoring/nagios/default.nix b/nixos/modules/services/monitoring/nagios.nix index 2eeddf78250..97d153153a5 100644 --- a/nixos/modules/services/monitoring/nagios/default.nix +++ b/nixos/modules/services/monitoring/nagios.nix @@ -4,21 +4,12 @@ with lib; let - cfg = config.services.nagios; - nagiosUser = "nagios"; - nagiosGroup = "nogroup"; - nagiosState = "/var/lib/nagios"; nagiosLogDir = "/var/log/nagios"; - nagiosObjectDefs = - [ ./timeperiods.cfg - ./host-templates.cfg - ./service-templates.cfg - ./commands.cfg - ] ++ cfg.objectDefs; + nagiosObjectDefs = cfg.objectDefs; nagiosObjectDefsDir = pkgs.runCommand "nagios-objects" {inherit nagiosObjectDefs;} "ensureDir $out; ln -s $nagiosObjectDefs $out/"; @@ -30,19 +21,20 @@ let log_archive_path=${nagiosLogDir}/archive status_file=${nagiosState}/status.dat object_cache_file=${nagiosState}/objects.cache - comment_file=${nagiosState}/comment.dat - downtime_file=${nagiosState}/downtime.dat temp_file=${nagiosState}/nagios.tmp lock_file=/var/run/nagios.lock # Not used I think. state_retention_file=${nagiosState}/retention.dat + query_socket=${nagiosState}/nagios.qh + check_result_path=${nagiosState} + command_file=${nagiosState}/nagios.cmd # Configuration files. #resource_file=resource.cfg cfg_dir=${nagiosObjectDefsDir} # Uid/gid that the daemon runs under. - nagios_user=${nagiosUser} - nagios_group=${nagiosGroup} + nagios_user=nagios + nagios_group=nogroup # Misc. options. illegal_macro_output_chars=`~$&|'"<> @@ -53,26 +45,24 @@ let # authentication. nagiosCGICfgFile = pkgs.writeText "nagios.cgi.conf" '' - main_config_file=${nagiosCfgFile} + main_config_file=${cfg.mainConfigFile} use_authentication=0 - url_html_path=/nagios + url_html_path=${cfg.urlPath} ''; - urlPath = cfg.urlPath; - extraHttpdConfig = '' - ScriptAlias ${urlPath}/cgi-bin ${pkgs.nagios}/sbin + ScriptAlias ${cfg.urlPath}/cgi-bin ${pkgs.nagios}/sbin <Directory "${pkgs.nagios}/sbin"> Options ExecCGI AllowOverride None Order allow,deny Allow from all - SetEnv NAGIOS_CGI_CONFIG ${nagiosCGICfgFile} + SetEnv NAGIOS_CGI_CONFIG ${cfg.cgiConfigFile} </Directory> - Alias ${urlPath} ${pkgs.nagios}/share + Alias ${cfg.urlPath} ${pkgs.nagios}/share <Directory "${pkgs.nagios}/share"> Options None @@ -83,14 +73,9 @@ let ''; in - { - ###### interface - options = { - services.nagios = { - enable = mkOption { default = false; description = " @@ -116,6 +101,21 @@ in "; }; + mainConfigFile = mkOption { + default = nagiosCfgFile; + description = " + Derivation for the main configuration file of Nagios. + "; + }; + + cgiConfigFile = mkOption { + default = nagiosCGICfgFile; + description = " + Derivation for the configuration file of Nagios CGI scripts + that can be used in web servers for running the Nagios web interface. + "; + }; + enableWebInterface = mkOption { default = false; description = " @@ -132,55 +132,53 @@ in <literal>http://<replaceable>server</replaceable>/<replaceable>urlPath</replaceable></literal>. "; }; - }; - }; - ###### implementation - config = mkIf cfg.enable { - - users.extraUsers = singleton - { name = nagiosUser; - uid = config.ids.uids.nagios; - description = "Nagios monitoring daemon"; - home = nagiosState; - }; + users.extraUsers.nagios = { + description = "Nagios user "; + uid = config.ids.uids.nagios; + home = nagiosState; + createHome = true; + }; # This isn't needed, it's just so that the user can type "nagiostats # -c /etc/nagios.cfg". - environment.etc = singleton - { source = nagiosCfgFile; + environment.etc = [ + { source = cfg.mainConfigFile; target = "nagios.cfg"; - }; + } + ]; environment.systemPackages = [ pkgs.nagios ]; - - jobs.nagios = - { description = "Nagios monitoring daemon"; - - startOn = "started network-interfaces"; - stopOn = "stopping network-interfaces"; - - preStart = - '' - mkdir -m 0755 -p ${nagiosState} ${nagiosLogDir} - chown ${nagiosUser} ${nagiosState} ${nagiosLogDir} - ''; - - script = - '' - for i in ${toString config.services.nagios.plugins}; do - export PATH=$i/bin:$i/sbin:$i/libexec:$PATH - done - exec ${pkgs.nagios}/bin/nagios ${nagiosCfgFile} - ''; + systemd.services.nagios = { + description = "Nagios monitoring daemon"; + path = [ pkgs.nagios ]; + wantedBy = [ "multi-user.target" ]; + after = [ "network-interfaces.target" ]; + + serviceConfig = { + User = "nagios"; + Restart = "always"; + RestartSec = 2; + PermissionsStartOnly = true; }; - services.httpd.extraConfig = optionalString cfg.enableWebInterface extraHttpdConfig; + preStart = '' + mkdir -m 0755 -p ${nagiosState} ${nagiosLogDir} + chown nagios ${nagiosState} ${nagiosLogDir} + ''; + + script = '' + for i in ${toString cfg.plugins}; do + export PATH=$i/bin:$i/sbin:$i/libexec:$PATH + done + exec ${pkgs.nagios}/bin/nagios ${cfg.mainConfigFile} + ''; + }; + services.httpd.extraConfig = optionalString cfg.enableWebInterface extraHttpdConfig; }; - } diff --git a/nixos/modules/services/monitoring/nagios/commands.cfg b/nixos/modules/services/monitoring/nagios/commands.cfg deleted file mode 100644 index 6efdefcd37d..00000000000 --- a/nixos/modules/services/monitoring/nagios/commands.cfg +++ /dev/null @@ -1,34 +0,0 @@ -define command { - command_name host-notify-by-email - command_line printf "%b" "To: $CONTACTEMAIL$\nSubject: [Nagios] Host $HOSTSTATE$ alert for $HOSTNAME$\n\n***** Nagios *****\n\nNotification Type: $NOTIFICATIONTYPE$\nHost: $HOSTNAME$\nState: $HOSTSTATE$\nAddress: $HOSTADDRESS$\nInfo: $HOSTOUTPUT$\n\nDate/Time: $LONGDATETIME$\n" | sendmail $CONTACTEMAIL$ -} - - -define command { - command_name notify-by-email - command_line printf "%b" "To: $CONTACTEMAIL$\nSubject: [Nagios] $NOTIFICATIONTYPE$ alert - $HOSTALIAS$/$SERVICEDESC$ is $SERVICESTATE$\n\n***** Nagios *****\n\nNotification Type: $NOTIFICATIONTYPE$\nService: $SERVICEDESC$\nHost: $HOSTALIAS$\nAddress: $HOSTADDRESS$\nState: $SERVICESTATE$\n\nDate/Time: $LONGDATETIME$\n\nAdditional Info:\n\n$SERVICEOUTPUT$" | sendmail $CONTACTEMAIL$ -} - - -define command { - command_name dummy-ok - command_line true -} - - -define command { - command_name check-host-alive - command_line check_ping -H $HOSTADDRESS$ -w 3000.0,80% -c 5000.0,100% -p 1 -} - - -define command { - command_name check_local_disk - command_line check_disk -w $ARG1$ -c $ARG2$ -p $ARG3$ -} - - -define command { - command_name check_ssh - command_line check_ssh $HOSTADDRESS$ -} diff --git a/nixos/modules/services/monitoring/nagios/host-templates.cfg b/nixos/modules/services/monitoring/nagios/host-templates.cfg deleted file mode 100644 index 3a4c269e257..00000000000 --- a/nixos/modules/services/monitoring/nagios/host-templates.cfg +++ /dev/null @@ -1,27 +0,0 @@ -define host { - name generic-host - notifications_enabled 1 - event_handler_enabled 1 - flap_detection_enabled 1 - failure_prediction_enabled 1 - process_perf_data 1 - retain_status_information 1 - retain_nonstatus_information 1 - notification_period 24x7 - register 0 -} - - -define host { - name generic-server - use generic-host - check_period 24x7 - max_check_attempts 10 - check_command check-host-alive - notification_period 24x7 - notification_interval 120 - notification_options d,u,r - contact_groups admins - register 0 - #check_interval 1 -} diff --git a/nixos/modules/services/monitoring/nagios/service-templates.cfg b/nixos/modules/services/monitoring/nagios/service-templates.cfg deleted file mode 100644 index e729ea77675..00000000000 --- a/nixos/modules/services/monitoring/nagios/service-templates.cfg +++ /dev/null @@ -1,32 +0,0 @@ -define service { - name generic-service - active_checks_enabled 1 - passive_checks_enabled 1 - parallelize_check 1 - obsess_over_service 1 - check_freshness 0 - notifications_enabled 1 - event_handler_enabled 1 - flap_detection_enabled 1 - failure_prediction_enabled 1 - process_perf_data 1 - retain_status_information 1 - retain_nonstatus_information 1 - is_volatile 0 - register 0 -} - - -define service { - name local-service - use generic-service - check_period 24x7 - max_check_attempts 4 - normal_check_interval 5 - retry_check_interval 1 - contact_groups admins - notification_options w,u,c,r - notification_interval 0 # notify only once - notification_period 24x7 - register 0 -} diff --git a/nixos/modules/services/monitoring/nagios/timeperiods.cfg b/nixos/modules/services/monitoring/nagios/timeperiods.cfg deleted file mode 100644 index 2669be54d3d..00000000000 --- a/nixos/modules/services/monitoring/nagios/timeperiods.cfg +++ /dev/null @@ -1,11 +0,0 @@ -define timeperiod { - timeperiod_name 24x7 - alias 24 Hours A Day, 7 Days A Week - sunday 00:00-24:00 - monday 00:00-24:00 - tuesday 00:00-24:00 - wednesday 00:00-24:00 - thursday 00:00-24:00 - friday 00:00-24:00 - saturday 00:00-24:00 -} diff --git a/nixos/modules/services/monitoring/uptime.nix b/nixos/modules/services/monitoring/uptime.nix index 553110d7b80..29616a085c8 100644 --- a/nixos/modules/services/monitoring/uptime.nix +++ b/nixos/modules/services/monitoring/uptime.nix @@ -1,6 +1,6 @@ -{ config, pkgs, ... }: +{ config, pkgs, lib, ... }: let - inherit (pkgs.lib) mkOption mkEnableOption mkIf mkMerge types optionalAttrs optional; + inherit (lib) mkOption mkEnableOption mkIf mkMerge types optionalAttrs optional; cfg = config.services.uptime; diff --git a/nixos/modules/services/network-filesystems/openafs-client/default.nix b/nixos/modules/services/network-filesystems/openafs-client/default.nix index b34ebc3663e..23ab39eb05f 100644 --- a/nixos/modules/services/network-filesystems/openafs-client/default.nix +++ b/nixos/modules/services/network-filesystems/openafs-client/default.nix @@ -1,7 +1,7 @@ -{ config, pkgs, ... }: +{ config, pkgs, lib, ... }: let - inherit (pkgs.lib) mkOption mkIf; + inherit (lib) mkOption mkIf; cfg = config.services.openafsClient; diff --git a/nixos/modules/services/network-filesystems/rsyncd.nix b/nixos/modules/services/network-filesystems/rsyncd.nix index bc17add809b..19aa7efd2ff 100644 --- a/nixos/modules/services/network-filesystems/rsyncd.nix +++ b/nixos/modules/services/network-filesystems/rsyncd.nix @@ -1,6 +1,6 @@ -{ config, pkgs, ... }: +{ config, pkgs, lib, ... }: -with pkgs.lib; +with lib; let @@ -136,4 +136,4 @@ in networking.firewall.allowedTCPPorts = [ cfg.port ]; }; -} \ No newline at end of file +} diff --git a/nixos/modules/services/network-filesystems/samba.nix b/nixos/modules/services/network-filesystems/samba.nix index 51a4d193d50..4218b965cd9 100644 --- a/nixos/modules/services/network-filesystems/samba.nix +++ b/nixos/modules/services/network-filesystems/samba.nix @@ -59,7 +59,7 @@ let daemonService = appName: args: { description = "Samba Service Daemon ${appName}"; - wantedBy = [ "samba.target" ]; + requiredBy = [ "samba.target" ]; partOf = [ "samba.target" ]; environment = { diff --git a/nixos/modules/services/networking/connman.nix b/nixos/modules/services/networking/connman.nix index 7ed1e4805d8..482b61997ae 100644 --- a/nixos/modules/services/networking/connman.nix +++ b/nixos/modules/services/networking/connman.nix @@ -1,7 +1,7 @@ { config, lib, pkgs, ... }: -with lib; with pkgs; +with lib; let cfg = config.networking.connman; diff --git a/nixos/modules/services/networking/ddclient.nix b/nixos/modules/services/networking/ddclient.nix index c53cb68fb75..bb94a8dacfa 100644 --- a/nixos/modules/services/networking/ddclient.nix +++ b/nixos/modules/services/networking/ddclient.nix @@ -1,8 +1,8 @@ -{ config, pkgs, ... }: +{ config, pkgs, lib, ... }: let - inherit (pkgs.lib) mkOption mkIf singleton; + inherit (lib) mkOption mkIf singleton; inherit (pkgs) ddclient; diff --git a/nixos/modules/services/networking/dhcpd.nix b/nixos/modules/services/networking/dhcpd.nix index 89f686c2870..e5e1c103c68 100644 --- a/nixos/modules/services/networking/dhcpd.nix +++ b/nixos/modules/services/networking/dhcpd.nix @@ -18,7 +18,7 @@ let ${cfg.extraConfig} - ${pkgs.lib.concatMapStrings + ${lib.concatMapStrings (machine: '' host ${machine.hostName} { hardware ethernet ${machine.ethernetAddress}; diff --git a/nixos/modules/services/networking/gvpe.nix b/nixos/modules/services/networking/gvpe.nix index 594a2e80f34..c633ffedef4 100644 --- a/nixos/modules/services/networking/gvpe.nix +++ b/nixos/modules/services/networking/gvpe.nix @@ -1,9 +1,9 @@ # GNU Virtual Private Ethernet -{config, pkgs, ...}: +{config, pkgs, lib, ...}: let - inherit (pkgs.lib) mkOption mkIf; + inherit (lib) mkOption mkIf; cfg = config.services.gvpe; diff --git a/nixos/modules/services/networking/networkmanager.nix b/nixos/modules/services/networking/networkmanager.nix index 54bdf19373d..bc1c95d3fd3 100644 --- a/nixos/modules/services/networking/networkmanager.nix +++ b/nixos/modules/services/networking/networkmanager.nix @@ -1,7 +1,7 @@ { config, lib, pkgs, ... }: -with lib; with pkgs; +with lib; let cfg = config.networking.networkmanager; @@ -151,7 +151,7 @@ in { { source = "${networkmanager_pptp}/etc/NetworkManager/VPN/nm-pptp-service.name"; target = "NetworkManager/VPN/nm-pptp-service.name"; } - ] ++ pkgs.lib.optional (cfg.appendNameservers == [] || cfg.insertNameservers == []) + ] ++ optional (cfg.appendNameservers == [] || cfg.insertNameservers == []) { source = overrideNameserversScript; target = "NetworkManager/dispatcher.d/02overridedns"; }; diff --git a/nixos/modules/services/networking/notbit.nix b/nixos/modules/services/networking/notbit.nix index 3e8c956f191..2e1412ff7c8 100644 --- a/nixos/modules/services/networking/notbit.nix +++ b/nixos/modules/services/networking/notbit.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with pkgs.lib; +with lib; let cfg = config.services.notbit; varDir = "/var/lib/notbit"; diff --git a/nixos/modules/services/networking/nsd.nix b/nixos/modules/services/networking/nsd.nix index adfee1caec5..db8cb122871 100644 --- a/nixos/modules/services/networking/nsd.nix +++ b/nixos/modules/services/networking/nsd.nix @@ -1,6 +1,6 @@ -{ config, pkgs, ... }: +{ config, pkgs, lib, ... }: -with pkgs.lib; +with lib; let cfg = config.services.nsd; diff --git a/nixos/modules/services/networking/polipo.nix b/nixos/modules/services/networking/polipo.nix new file mode 100644 index 00000000000..05ded84625d --- /dev/null +++ b/nixos/modules/services/networking/polipo.nix @@ -0,0 +1,118 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + + cfg = config.services.polipo; + + polipoConfig = pkgs.writeText "polipo.conf" '' + proxyAddress = ${cfg.proxyAddress} + proxyPort = ${toString cfg.proxyPort} + allowedClients = ${concatStringsSep ", " cfg.allowedClients} + ${optionalString (cfg.parentProxy != "") "parentProxy = ${cfg.parentProxy}" } + ${optionalString (cfg.socksParentProxy != "") "socksParentProxy = ${cfg.socksParentProxy}" } + ${config.services.polipo.extraConfig} + ''; + +in + +{ + + options = { + + services.polipo = { + + enable = mkOption { + type = types.bool; + default = false; + description = "Whether to run the polipo caching web proxy."; + }; + + proxyAddress = mkOption { + type = types.string; + default = "127.0.0.1"; + description = "IP address on which Polipo will listen."; + }; + + proxyPort = mkOption { + type = types.int; + default = 8123; + description = "TCP port on which Polipo will listen."; + }; + + allowedClients = mkOption { + type = types.listOf types.string; + default = [ "127.0.0.1" "::1" ]; + example = [ "127.0.0.1" "::1" "134.157.168.0/24" "2001:660:116::/48" ]; + description = '' + List of IP addresses or network addresses that may connect to Polipo. + ''; + }; + + parentProxy = mkOption { + type = types.string; + default = ""; + example = "localhost:8124"; + description = '' + Hostname and port number of an HTTP parent proxy; + it should have the form ‘host:port’. + ''; + }; + + socksParentProxy = mkOption { + type = types.string; + default = ""; + example = "localhost:9050"; + description = '' + Hostname and port number of an SOCKS parent proxy; + it should have the form ‘host:port’. + ''; + }; + + extraConfig = mkOption { + type = types.lines; + default = ""; + description = '' + Polio configuration. Contents will be added + verbatim to the configuration file. + ''; + }; + + }; + + }; + + config = mkIf cfg.enable { + + users.extraUsers = singleton + { name = "polipo"; + uid = config.ids.uids.polipo; + description = "Polipo caching proxy user"; + home = "/var/cache/polipo"; + createHome = true; + }; + + users.extraGroups = singleton + { name = "polipo"; + gid = config.ids.gids.polipo; + members = [ "polipo" ]; + }; + + systemd.services.polipo = { + description = "caching web proxy"; + after = [ "network.target" "nss-lookup.target" ]; + wantedBy = [ "multi-user.target"]; + preStart = '' + ${pkgs.coreutils}/bin/chown polipo:polipo /var/cache/polipo -R + ''; + serviceConfig = { + ExecStart = "${pkgs.polipo}/bin/polipo -c ${polipoConfig}"; + ExecReload = "${pkgs.coreutils}/bin/kill -USR1 $MAINPID"; + User = "polipo"; + }; + }; + + }; + +} \ No newline at end of file diff --git a/nixos/modules/services/networking/radicale.nix b/nixos/modules/services/networking/radicale.nix new file mode 100644 index 00000000000..fc9afc70aca --- /dev/null +++ b/nixos/modules/services/networking/radicale.nix @@ -0,0 +1,48 @@ +{config, lib, pkgs, ...}: + +with lib; + +let + + cfg = config.services.radicale; + + confFile = pkgs.writeText "radicale.conf" cfg.config; + +in + +{ + + options = { + + services.radicale.enable = mkOption { + type = types.bool; + default = false; + description = '' + Enable Radicale CalDAV and CardDAV server + ''; + }; + + services.radicale.config = mkOption { + type = types.string; + default = ""; + description = '' + Radicale configuration, this will set the service + configuration file + ''; + }; + }; + + config = mkIf cfg.enable { + + environment.systemPackages = [ pkgs.pythonPackages.radicale ]; + + jobs.radicale = { + description = "A Simple Calendar and Contact Server"; + startOn = "started network-interfaces"; + exec = "${pkgs.pythonPackages.radicale}/bin/radicale -C ${confFile} -d"; + daemonType = "fork"; + }; + + }; + +} diff --git a/nixos/modules/services/networking/teamspeak3.nix b/nixos/modules/services/networking/teamspeak3.nix index 2d3478d52f8..b3656d73dec 100644 --- a/nixos/modules/services/networking/teamspeak3.nix +++ b/nixos/modules/services/networking/teamspeak3.nix @@ -1,6 +1,6 @@ -{ config, pkgs, ... }: +{ config, lib, pkgs, ... }: -with pkgs.lib; +with lib; let ts3 = pkgs.teamspeak_server; diff --git a/nixos/modules/services/networking/znc.nix b/nixos/modules/services/networking/znc.nix new file mode 100644 index 00000000000..56946f37aaf --- /dev/null +++ b/nixos/modules/services/networking/znc.nix @@ -0,0 +1,294 @@ +{ config, lib, pkgs, ...}: + +with lib; + +let + cfg = config.services.znc; + + defaultUser = "znc"; # Default user to own process. + + # Default user and pass: + # un=znc + # pw=nixospass + + defaultUserName = "znc"; + defaultPassBlock = " + <Pass password> + Method = sha256 + Hash = e2ce303c7ea75c571d80d8540a8699b46535be6a085be3414947d638e48d9e93 + Salt = l5Xryew4g*!oa(ECfX2o + </Pass> + "; + + confOptions = { ... }: { + options = { + modules = mkOption { + type = types.listOf types.str; + default = [ "partyline" "webadmin" "adminlog" "log" ]; + example = [ "partyline" "webadmin" "adminlog" "log" ]; + description = '' + A list of modules to include in the `znc.conf` file. + ''; + }; + + userName = mkOption { + default = defaultUserName; + example = "johntron"; + type = types.str; + description = '' + The user name to use when generating the `znc.conf` file. + This is the user name used by the user logging into the ZNC web admin. + ''; + }; + + nick = mkOption { + default = "znc-user"; + example = "john"; + type = types.str; + description = '' + The IRC nick to use when generating the `znc.conf` file. + ''; + }; + + passBlock = mkOption { + default = defaultPassBlock; + example = "Must be the block generated by the `znc --makepass` command."; + type = types.str; + description = '' + The pass block to use when generating the `znc.conf` file. + This is the password used by the user logging into the ZNC web admin. + This is the block generated by the `znc --makepass` command. + !!! If not specified, please change this after starting the service. !!! + ''; + }; + + port = mkOption { + default = 5000; + example = 5000; + type = types.int; + description = '' + Specifies the port on which to listen. + ''; + }; + + useSSL = mkOption { + default = true; + example = true; + type = types.bool; + description = '' + Indicates whether the ZNC server should use SSL when listening on the specified port. + ''; + }; + + }; + }; + + # Keep znc.conf in nix store, then symlink or copy into `dataDir`, depending on `mutable`. + mkZncConf = confOpts: '' + // Also check http://en.znc.in/wiki/Configuration + + AnonIPLimit = 10 + ConnectDelay = 5 + # Add `LoadModule = x` for each module... + ${concatMapStrings (n: "LoadModule = ${n}\n") confOpts.modules} + MaxBufferSize = 500 + ProtectWebSessions = true + SSLCertFile = ${cfg.dataDir}/znc.pem + ServerThrottle = 30 + Skin = dark-clouds + StatusPrefix = * + Version = 1.2 + + <Listener listener0> + AllowIRC = true + AllowWeb = true + IPv4 = true + IPv6 = false + Port = ${if confOpts.useSSL then "+" else ""}${toString confOpts.port} + SSL = ${if confOpts.useSSL then "true" else "false"} + </Listener> + + <User ${confOpts.userName}> + Admin = true + Allow = * + AltNick = ${confOpts.nick}_ + AppendTimestamp = false + AutoClearChanBuffer = false + Buffer = 150 + ChanModes = +stn + DenyLoadMod = false + DenySetBindHost = false + Ident = ident + JoinTries = 10 + MaxJoins = 0 + MaxNetworks = 1 + MultiClients = true + Nick = ${confOpts.nick} + PrependTimestamp = true + QuitMsg = Quit + RealName = ${confOpts.nick} + TimestampFormat = [%H:%M:%S] + + ${confOpts.passBlock} + </User> + ''; + + zncConfFile = pkgs.writeTextFile { + name = "znc.conf"; + text = if cfg.zncConf != "" + then cfg.zncConf + else mkZncConf cfg.confOptions; + }; + +in + +{ + + ###### Interface + + options = { + services.znc = { + enable = mkOption { + default = false; + example = true; + type = types.bool; + description = '' + Enable a ZNC service for a user. + ''; + }; + + user = mkOption { + default = "znc"; + example = "john"; + type = types.str; + description = '' + The name of an existing user account to use to own the ZNC server process. + If not specified, a default user will be created to own the process. + ''; + }; + + dataDir = mkOption { + default = "/home/${cfg.user}/.znc"; + example = "/home/john/.znc"; + type = types.path; + description = '' + The data directory. Used for configuration files and modules. + ''; + }; + + zncConf = mkOption { + default = ""; + example = "See: http://wiki.znc.in/Configuration"; + type = types.lines; + description = '' + The contents of the `znc.conf` file to use when creating it. + If specified, `confOptions` will be ignored, and this value, as-is, will be used. + If left empty, a conf file with default values will be used. + Recommended to generate with `znc --makeconf` command. + ''; + }; + + confOptions = mkOption { + default = {}; + example = { + modules = [ "log" ]; + userName = "john"; + nick = "johntron"; + }; + type = types.optionSet; + description = '' + Values to use when creating a `znc.conf` file. + ''; + options = confOptions; + }; + + mutable = mkOption { + default = false; + example = true; + type = types.bool; + description = '' + Indicates whether to allow the contents of the `dataDir` directory to be changed + by the user at run-time. + If true, modifications to the ZNC configuration after its initial creation are not + overwritten by a NixOS system rebuild. + If false, the ZNC configuration is rebuilt by every system rebuild. + If the user wants to manage the ZNC service using the web admin interface, this value + should be set to true. + ''; + }; + + extraFlags = mkOption { + default = [ ]; + example = [ "--debug" ]; + type = types.listOf types.str; + description = '' + Extra flags to use when executing znc command. + ''; + }; + }; + }; + + + ###### Implementation + + config = mkIf cfg.enable { + + systemd.services."znc-${cfg.user}" = { + description = "ZNC Server of ${cfg.user}."; + wantedBy = [ "multi-user.target" ]; + after = [ "network.service" ]; + path = [ pkgs.znc ]; + serviceConfig = { + User = "${cfg.user}"; + Restart = "always"; + ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; + ExecStop = "${pkgs.coreutils}/bin/kill -INT $MAINPID"; + }; + preStart = '' + ${pkgs.coreutils}/bin/mkdir -p ${cfg.dataDir} + ${pkgs.coreutils}/bin/chown ${cfg.user} ${cfg.dataDir} -R + ${pkgs.coreutils}/bin/mkdir -p ${cfg.dataDir}/configs + + # If mutable, regenerate conf file every time. + ${optionalString (!cfg.mutable) '' + ${pkgs.coreutils}/echo "znc-${cfg.user} is set to be system-managed. Now deleting old znc.conf file to be regenerated." + ${pkgs.coreutils}/rm -f ${cfg.dataDir}/configs/znc.conf + ''} + + # Ensure essential files exist. + if [[ ! -f ${cfg.dataDir}/configs/znc.conf ]]; then + ${pkgs.coreutils}/bin/echo "No znc.conf file found in ${cfg.dataDir}. Creating one now." + ${if (!cfg.mutable) + then "${pkgs.coreutils}/bin/ln --force -s ${zncConfFile} ${cfg.dataDir}/configs/znc.conf" + else '' + ${pkgs.coreutils}/bin/cp --no-clobber ${zncConfFile} ${cfg.dataDir}/configs/znc.conf + ${pkgs.coreutils}/bin/chmod u+rw ${cfg.dataDir}/configs/znc.conf + ${pkgs.coreutils}/bin/chown ${cfg.user} ${cfg.dataDir}/configs/znc.conf + ''} + fi + + if [[ ! -f ${cfg.dataDir}/znc.pem ]]; then + ${pkgs.coreutils}/bin/echo "No znc.pem file found in ${cfg.dataDir}. Creating one now." + ${pkgs.znc}/bin/znc --makepem + fi + ''; + script = "${pkgs.znc}/bin/znc --foreground --datadir ${cfg.dataDir} ${toString cfg.extraFlags}"; + }; + + users.extraUsers = optional (cfg.user == defaultUser) + { name = defaultUser; + description = "ZNC server daemon owner"; + group = defaultUser; + uid = config.ids.uids.znc; + createHome = true; + createUser = true; + }; + + users.extraGroups = optional (cfg.user == defaultUser) + { name = defaultUser; + gid = config.ids.gids.znc; + members = [ defaultUser ]; + }; + + }; +} diff --git a/nixos/modules/services/scheduling/cron.nix b/nixos/modules/services/scheduling/cron.nix index 5da71b12dd7..9ce0bcbec7e 100644 --- a/nixos/modules/services/scheduling/cron.nix +++ b/nixos/modules/services/scheduling/cron.nix @@ -15,7 +15,7 @@ let MAILTO="${config.services.cron.mailto}" ''} NIX_CONF_DIR=/etc/nix - ${pkgs.lib.concatStrings (map (job: job + "\n") config.services.cron.systemCronJobs)} + ${lib.concatStrings (map (job: job + "\n") config.services.cron.systemCronJobs)} ''; # Vixie cron requires build-time configuration for the sendmail path. diff --git a/nixos/modules/services/scheduling/fcron.nix b/nixos/modules/services/scheduling/fcron.nix index 346a64f2c3c..ade8c19329c 100644 --- a/nixos/modules/services/scheduling/fcron.nix +++ b/nixos/modules/services/scheduling/fcron.nix @@ -17,7 +17,7 @@ let MAILTO="${config.services.cron.mailto}" ''} NIX_CONF_DIR=/etc/nix - ${pkgs.lib.concatStrings (map (job: job + "\n") config.services.cron.systemCronJobs)} + ${lib.concatStrings (map (job: job + "\n") config.services.cron.systemCronJobs)} ''; allowdeny = target: users: diff --git a/nixos/modules/services/search/elasticsearch.nix b/nixos/modules/services/search/elasticsearch.nix index 0d604850d42..c99d1e22967 100644 --- a/nixos/modules/services/search/elasticsearch.nix +++ b/nixos/modules/services/search/elasticsearch.nix @@ -21,43 +21,48 @@ let ]; }; + esPlugins = pkgs.buildEnv { + name = "elasticsearch-plugins"; + paths = cfg.plugins; + }; + in { ###### interface options.services.elasticsearch = { enable = mkOption { - description = "Whether to enable elasticsearch"; + description = "Whether to enable elasticsearch."; default = false; type = types.uniq types.bool; }; host = mkOption { - description = "Elasticsearch listen address"; + description = "Elasticsearch listen address."; default = "127.0.0.1"; type = types.str; }; port = mkOption { - description = "Elasticsearch port to listen for HTTP traffic"; + description = "Elasticsearch port to listen for HTTP traffic."; default = 9200; type = types.int; }; tcp_port = mkOption { - description = "Elasticsearch port for the node to node communication"; + description = "Elasticsearch port for the node to node communication."; default = 9300; type = types.int; }; cluster_name = mkOption { - description = "Elasticsearch name that identifies your cluster for auto-discovery"; + description = "Elasticsearch name that identifies your cluster for auto-discovery."; default = "elasticsearch"; type = types.str; }; extraConf = mkOption { - description = "Extra configuration for elasticsearch"; + description = "Extra configuration for elasticsearch."; default = ""; type = types.str; example = '' @@ -70,7 +75,7 @@ in { }; logging = mkOption { - description = "Elasticsearch logging configuration"; + description = "Elasticsearch logging configuration."; default = '' rootLogger: INFO, console logger: @@ -93,24 +98,43 @@ in { Data directory for elasticsearch. ''; }; + + extraCmdLineOptions = mkOption { + description = "Extra command line options for the elasticsearch launcher."; + default = []; + type = types.listOf types.string; + example = [ "-Djava.net.preferIPv4Stack=true" ]; + }; + + plugins = mkOption { + description = "Extra elasticsearch plugins"; + default = []; + type = types.listOf types.package; + }; + }; ###### implementation config = mkIf cfg.enable { systemd.services.elasticsearch = { - description = "Elasticsearch daemon"; + description = "Elasticsearch Daemon"; wantedBy = [ "multi-user.target" ]; after = [ "network-interfaces.target" ]; environment = { ES_HOME = cfg.dataDir; }; + path = [ pkgs.elasticsearch ]; serviceConfig = { - ExecStart = "${pkgs.elasticsearch}/bin/elasticsearch -Des.path.conf=${configDir}"; + ExecStart = "elasticsearch -Des.path.conf=${configDir} ${toString cfg.extraCmdLineOptions}"; User = "elasticsearch"; PermissionsStartOnly = true; }; preStart = '' mkdir -m 0700 -p ${cfg.dataDir} if [ "$(id -u)" = 0 ]; then chown -R elasticsearch ${cfg.dataDir}; fi + + # Install plugins + rm ${cfg.dataDir}/plugins || true + ln -s ${esPlugins}/plugins ${cfg.dataDir}/plugins ''; }; diff --git a/nixos/modules/services/security/frandom.nix b/nixos/modules/services/security/frandom.nix index 9aae7b33a43..2d43d12e541 100644 --- a/nixos/modules/services/security/frandom.nix +++ b/nixos/modules/services/security/frandom.nix @@ -1,4 +1,4 @@ -{pkgs, config, ...}: +{lib, config, ...}: let kernel = config.boot.kernelPackages; in @@ -9,9 +9,9 @@ in options = { - services.frandom.enable = pkgs.lib.mkOption { + services.frandom.enable = lib.mkOption { default = false; - type = pkgs.lib.types.bool; + type = lib.types.bool; description = '' enable the /dev/frandom device (a very fast random number generator) ''; @@ -22,7 +22,7 @@ in ###### implementation - config = pkgs.lib.mkIf config.services.frandom.enable { + config = lib.mkIf config.services.frandom.enable { boot.kernelModules = [ "frandom" ]; boot.extraModulePackages = [ kernel.frandom ]; services.udev.packages = [ kernel.frandom ]; diff --git a/nixos/modules/services/system/kerberos.nix b/nixos/modules/services/system/kerberos.nix index 8fb5debd20e..3a0171ca1b9 100644 --- a/nixos/modules/services/system/kerberos.nix +++ b/nixos/modules/services/system/kerberos.nix @@ -1,8 +1,8 @@ -{pkgs, config, ...}: +{pkgs, config, lib, ...}: let - inherit (pkgs.lib) mkOption mkIf singleton; + inherit (lib) mkOption mkIf singleton; inherit (pkgs) heimdal; @@ -36,7 +36,7 @@ in environment.systemPackages = [ heimdal ]; services.xinetd.enable = true; - services.xinetd.services = pkgs.lib.singleton + services.xinetd.services = lib.singleton { name = "kerberos-adm"; flags = "REUSE NAMEINARGS"; protocol = "tcp"; diff --git a/nixos/modules/services/system/nscd.nix b/nixos/modules/services/system/nscd.nix index 1ac82064a1f..5460e962ea2 100644 --- a/nixos/modules/services/system/nscd.nix +++ b/nixos/modules/services/system/nscd.nix @@ -7,7 +7,7 @@ let nssModulesPath = config.system.nssModules.path; cfg = config.services.nscd; - inherit (pkgs.lib) singleton; + inherit (lib) singleton; cfgFile = pkgs.writeText "nscd.conf" cfg.config; diff --git a/nixos/modules/services/system/uptimed.nix b/nixos/modules/services/system/uptimed.nix index 61eecd5c9ba..ab46c508914 100644 --- a/nixos/modules/services/system/uptimed.nix +++ b/nixos/modules/services/system/uptimed.nix @@ -1,8 +1,8 @@ -{pkgs, config, ...}: +{pkgs, config, lib, ...}: let - inherit (pkgs.lib) mkOption mkIf singleton; + inherit (lib) mkOption mkIf singleton; inherit (pkgs) uptimed; diff --git a/nixos/modules/services/ttys/kmscon.nix b/nixos/modules/services/ttys/kmscon.nix index 70555e5d882..7783a1ada71 100644 --- a/nixos/modules/services/ttys/kmscon.nix +++ b/nixos/modules/services/ttys/kmscon.nix @@ -1,6 +1,6 @@ -{ config, pkgs, ... }: +{ config, pkgs, lib, ... }: let - inherit (pkgs.lib) mkOption types mkIf optionalString; + inherit (lib) mkOption types mkIf optionalString; cfg = config.services.kmscon; diff --git a/nixos/modules/services/web-servers/apache-httpd/default.nix b/nixos/modules/services/web-servers/apache-httpd/default.nix index b8359d4756b..6d0416fbb15 100644 --- a/nixos/modules/services/web-servers/apache-httpd/default.nix +++ b/nixos/modules/services/web-servers/apache-httpd/default.nix @@ -594,17 +594,17 @@ in message = "SSL is enabled for HTTPD, but sslServerCert and/or sslServerKey haven't been specified."; } ]; - users.extraUsers = optional (mainCfg.user == "wwwrun") + users.extraUsers = optionalAttrs (mainCfg.user == "wwwrun") (singleton { name = "wwwrun"; - group = "wwwrun"; + group = mainCfg.group; description = "Apache httpd user"; uid = config.ids.uids.wwwrun; - }; + }); - users.extraGroups = optional (mainCfg.group == "wwwrun") + users.extraGroups = optionalAttrs (mainCfg.group == "wwwrun") (singleton { name = "wwwrun"; gid = config.ids.gids.wwwrun; - }; + }); environment.systemPackages = [httpd] ++ concatMap (svc: svc.extraPath) allSubservices; diff --git a/nixos/modules/services/web-servers/apache-httpd/mediawiki-postgresql-fixes.patch b/nixos/modules/services/web-servers/apache-httpd/mediawiki-postgresql-fixes.patch new file mode 100644 index 00000000000..c46d492dc7a --- /dev/null +++ b/nixos/modules/services/web-servers/apache-httpd/mediawiki-postgresql-fixes.patch @@ -0,0 +1,22 @@ +diff --git a/includes/specials/SpecialActiveusers.php b/includes/specials/SpecialActiveusers.php +index f739d3b..fdd8db3 100644 +--- a/includes/specials/SpecialActiveusers.php ++++ b/includes/specials/SpecialActiveusers.php +@@ -112,7 +112,7 @@ class ActiveUsersPager extends UsersPager { + return array( + 'tables' => array( 'querycachetwo', 'user', 'recentchanges' ), + 'fields' => array( 'user_name', 'user_id', 'recentedits' => 'COUNT(*)', 'qcc_title' ), +- 'options' => array( 'GROUP BY' => array( 'qcc_title' ) ), ++ 'options' => array( 'GROUP BY' => array( 'qcc_title', 'user_name', 'user_id' ) ), + 'conds' => $conds + ); + } +@@ -349,7 +349,7 @@ class SpecialActiveUsers extends SpecialPage { + __METHOD__, + array( + 'GROUP BY' => array( 'rc_user_text' ), +- 'ORDER BY' => 'NULL' // avoid filesort ++ 'ORDER BY' => 'lastedittime DESC' + ) + ); + $names = array(); diff --git a/nixos/modules/services/web-servers/apache-httpd/mediawiki.nix b/nixos/modules/services/web-servers/apache-httpd/mediawiki.nix index 7d59c13b957..fa65ec0ef70 100644 --- a/nixos/modules/services/web-servers/apache-httpd/mediawiki.nix +++ b/nixos/modules/services/web-servers/apache-httpd/mediawiki.nix @@ -72,13 +72,15 @@ let # Unpack Mediawiki and put the config file in its root directory. mediawikiRoot = pkgs.stdenv.mkDerivation rec { - name= "mediawiki-1.20.8"; + name= "mediawiki-1.23.1"; src = pkgs.fetchurl { - url = "http://download.wikimedia.org/mediawiki/1.20/${name}.tar.gz"; - sha256 = "0yfmh5vnfbgpvicfqh7nh4hwdk4qbc6gfniv02vchkg5al0nn7ag"; + url = "http://download.wikimedia.org/mediawiki/1.23/${name}.tar.gz"; + sha256 = "07z5j8d988cdg4ml4n0vs9fwmj0p594ibbqdid16faxwqm52dkhl"; }; + patches = [ ./mediawiki-postgresql-fixes.patch ]; + skins = config.skins; buildPhase = @@ -93,9 +95,10 @@ let ensureDir $out cp -r * $out cp ${mediawikiConfig} $out/LocalSettings.php - sed -i 's|/bin/bash|${pkgs.stdenv.shell}|' \ - $out/maintenance/fuzz-tester.php \ - $out/bin/ulimit.sh \ + sed -i \ + -e 's|/bin/bash|${pkgs.bash}/bin/bash|g' \ + -e 's|/usr/bin/timeout|${pkgs.coreutils}/bin/timeout|g' \ + $out/includes/limit.sh \ $out/includes/GlobalFunctions.php ''; }; diff --git a/nixos/modules/services/web-servers/apache-httpd/mercurial.nix b/nixos/modules/services/web-servers/apache-httpd/mercurial.nix index 755b595c783..1d4303b75b3 100644 --- a/nixos/modules/services/web-servers/apache-httpd/mercurial.nix +++ b/nixos/modules/services/web-servers/apache-httpd/mercurial.nix @@ -1,8 +1,8 @@ -{ config, pkgs, serverInfo, ... }: +{ config, pkgs, serverInfo, lib, ... }: let inherit (pkgs) mercurial; - inherit (pkgs.lib) mkOption; + inherit (lib) mkOption; urlPrefix = config.urlPrefix; diff --git a/nixos/modules/services/web-servers/apache-httpd/tomcat-connector.nix b/nixos/modules/services/web-servers/apache-httpd/tomcat-connector.nix index 1b754cf025e..b2cd53ae55c 100644 --- a/nixos/modules/services/web-servers/apache-httpd/tomcat-connector.nix +++ b/nixos/modules/services/web-servers/apache-httpd/tomcat-connector.nix @@ -1,7 +1,7 @@ -{ config, pkgs, serverInfo, ... }: +{ config, pkgs, serverInfo, lib, ... }: let - extraWorkersProperties = pkgs.lib.optionalString (config ? extraWorkersProperties) config.extraWorkersProperties; + extraWorkersProperties = lib.optionalString (config ? extraWorkersProperties) config.extraWorkersProperties; workersProperties = pkgs.writeText "workers.properties" '' # Define list of workers that will be used diff --git a/nixos/modules/services/web-servers/lighttpd/cgit.nix b/nixos/modules/services/web-servers/lighttpd/cgit.nix index dbff565bd8a..d4663781fd8 100644 --- a/nixos/modules/services/web-servers/lighttpd/cgit.nix +++ b/nixos/modules/services/web-servers/lighttpd/cgit.nix @@ -29,7 +29,7 @@ in cache-size=1000 scan-path=/srv/git ''; - type = types.string; + type = types.lines; description = '' Verbatim contents of the cgit runtime configuration file. Documentation (with cgitrc example file) is available in "man cgitrc". Or online: diff --git a/nixos/modules/services/web-servers/lighttpd/default.nix b/nixos/modules/services/web-servers/lighttpd/default.nix index 3ba934c72bf..f0f59a66402 100644 --- a/nixos/modules/services/web-servers/lighttpd/default.nix +++ b/nixos/modules/services/web-servers/lighttpd/default.nix @@ -102,7 +102,7 @@ in document-root = mkOption { default = "/srv/www"; - type = types.str; + type = types.path; description = '' Document-root of the web server. Must be readable by the "lighttpd" user. ''; @@ -128,7 +128,7 @@ in configText = mkOption { default = ""; - type = types.string; + type = types.lines; example = ''...verbatim config file contents...''; description = '' Overridable config file contents to use for lighttpd. By default, use @@ -138,7 +138,7 @@ in extraConfig = mkOption { default = ""; - type = types.string; + type = types.lines; description = '' These configuration lines will be appended to the generated lighttpd config file. Note that this mechanism does not work when the manual diff --git a/nixos/modules/services/web-servers/lighttpd/gitweb.nix b/nixos/modules/services/web-servers/lighttpd/gitweb.nix index d49278be09a..c407a1d8977 100644 --- a/nixos/modules/services/web-servers/lighttpd/gitweb.nix +++ b/nixos/modules/services/web-servers/lighttpd/gitweb.nix @@ -25,7 +25,7 @@ in projectroot = mkOption { default = "/srv/git"; - type = types.str; + type = types.path; description = '' Path to git projects (bare repositories) that should be served by gitweb. Must not end with a slash. @@ -34,7 +34,7 @@ in extraConfig = mkOption { default = ""; - type = types.str; + type = types.lines; description = '' Verbatim configuration text appended to the generated gitweb.conf file. ''; diff --git a/nixos/modules/services/web-servers/nginx/default.nix b/nixos/modules/services/web-servers/nginx/default.nix index ff94ee42d28..7c2d3a42973 100644 --- a/nixos/modules/services/web-servers/nginx/default.nix +++ b/nixos/modules/services/web-servers/nginx/default.nix @@ -84,8 +84,6 @@ in }; config = mkIf cfg.enable { - environment.systemPackages = [ nginx ]; - # TODO: test user supplied config file pases syntax test systemd.services.nginx = { @@ -96,6 +94,7 @@ in preStart = '' mkdir -p ${cfg.stateDir}/logs + chmod 700 ${cfg.stateDir} chown -R ${cfg.user}:${cfg.group} ${cfg.stateDir} ''; serviceConfig = { @@ -105,7 +104,7 @@ in users.extraUsers = optionalAttrs (cfg.user == "nginx") (singleton { name = "nginx"; - group = "nginx"; + group = cfg.group; uid = config.ids.uids.nginx; }); diff --git a/nixos/modules/services/web-servers/phpfpm.nix b/nixos/modules/services/web-servers/phpfpm.nix index 4a14f9b41a4..8551e3ccdeb 100644 --- a/nixos/modules/services/web-servers/phpfpm.nix +++ b/nixos/modules/services/web-servers/phpfpm.nix @@ -42,6 +42,12 @@ in { ''; }; + phpIni = mkOption { + type = types.path; + default = "${cfg.phpPackage}/etc/php-recommended.ini"; + description = "php.ini file to use."; + }; + poolConfigs = mkOption { type = types.attrsOf types.lines; default = {}; @@ -75,7 +81,7 @@ in { mkdir -p "${stateDir}" ''; serviceConfig = { - ExecStart = "${cfg.phpPackage}/sbin/php-fpm -y ${cfgFile}"; + ExecStart = "${cfg.phpPackage}/sbin/php-fpm -y ${cfgFile} -c ${cfg.phpIni}"; PIDFile = pidFile; }; }; diff --git a/nixos/modules/services/x11/desktop-managers/default.nix b/nixos/modules/services/x11/desktop-managers/default.nix index b82398ccf9d..991c68471a6 100644 --- a/nixos/modules/services/x11/desktop-managers/default.nix +++ b/nixos/modules/services/x11/desktop-managers/default.nix @@ -17,7 +17,7 @@ in # Note: the order in which desktop manager modules are imported here # determines the default: later modules (if enabled) are preferred. # E.g., if KDE is enabled, it supersedes xterm. - imports = [ ./none.nix ./xterm.nix ./xfce.nix ./kde4.nix ./e17.nix ./gnome3.nix ./xbmc.nix ]; + imports = [ ./none.nix ./xterm.nix ./xfce.nix ./kde4.nix ./e17.nix ./e18.nix ./gnome3.nix ./xbmc.nix ]; options = { diff --git a/nixos/modules/services/x11/desktop-managers/e18.nix b/nixos/modules/services/x11/desktop-managers/e18.nix new file mode 100644 index 00000000000..cb717eea909 --- /dev/null +++ b/nixos/modules/services/x11/desktop-managers/e18.nix @@ -0,0 +1,43 @@ +{ config, pkgs, ... }: + +with pkgs.lib; + +let + + xcfg = config.services.xserver; + cfg = xcfg.desktopManager.e18; + e18_enlightenment = pkgs.e18.enlightenment.override { set_freqset_setuid = true; }; + +in + +{ + options = { + + services.xserver.desktopManager.e18.enable = mkOption { + default = false; + example = true; + description = "Enable the E18 desktop environment."; + }; + + }; + + config = mkIf (xcfg.enable && cfg.enable) { + + environment.systemPackages = [ + pkgs.e18.efl pkgs.e18.evas pkgs.e18.emotion pkgs.e18.elementary e18_enlightenment + pkgs.e18.terminology pkgs.e18.econnman + ]; + + services.xserver.desktopManager.session = [ + { name = "E18"; + start = '' + ${e18_enlightenment}/bin/enlightenment_start + waitPID=$! + ''; + }]; + + security.setuidPrograms = [ "e18_freqset" ]; + + }; + +} diff --git a/nixos/modules/services/x11/window-managers/openbox.nix b/nixos/modules/services/x11/window-managers/openbox.nix index 46b1945d33e..8fc759dda68 100644 --- a/nixos/modules/services/x11/window-managers/openbox.nix +++ b/nixos/modules/services/x11/window-managers/openbox.nix @@ -1,7 +1,7 @@ -{pkgs, config, ...}: +{lib, pkgs, config, ...}: let - inherit (pkgs.lib) mkOption mkIf; + inherit (lib) mkOption mkIf; cfg = config.services.xserver.windowManager.openbox; in diff --git a/nixos/modules/services/x11/window-managers/xmonad.nix b/nixos/modules/services/x11/window-managers/xmonad.nix index 87eff38a028..74acfc21975 100644 --- a/nixos/modules/services/x11/window-managers/xmonad.nix +++ b/nixos/modules/services/x11/window-managers/xmonad.nix @@ -1,7 +1,7 @@ -{pkgs, config, ...}: +{pkgs, lib, config, ...}: let - inherit (pkgs.lib) mkOption mkIf optionals literalExample; + inherit (lib) mkOption mkIf optionals literalExample; cfg = config.services.xserver.windowManager.xmonad; xmonadEnv = cfg.haskellPackages.ghcWithPackages(self: [ self.xmonad @@ -48,7 +48,7 @@ in enableContribAndExtras = mkOption { default = false; example = true; - type = pkgs.lib.types.bool; + type = lib.types.bool; description = "Enable xmonad-{contrib,extras} in Xmonad."; }; }; diff --git a/nixos/modules/system/boot/systemd.nix b/nixos/modules/system/boot/systemd.nix index ee94c91716c..14caa5d360d 100644 --- a/nixos/modules/system/boot/systemd.nix +++ b/nixos/modules/system/boot/systemd.nix @@ -683,6 +683,13 @@ in description = "Definition of systemd per-user service units."; }; + systemd.user.sockets = mkOption { + default = {}; + type = types.attrsOf types.optionSet; + options = [ socketOptions unitConfig ]; + description = "Definition of systemd per-user socket units."; + }; + }; @@ -767,7 +774,8 @@ in in nameValuePair "${n}.automount" (automountToUnit n v)) cfg.automounts); systemd.user.units = - mapAttrs' (n: v: nameValuePair "${n}.service" (serviceToUnit n v)) cfg.user.services; + mapAttrs' (n: v: nameValuePair "${n}.service" (serviceToUnit n v)) cfg.user.services + // mapAttrs' (n: v: nameValuePair "${n}.socket" (socketToUnit n v)) cfg.user.sockets; system.requiredKernelConfig = map config.lib.kernelConfig.isEnabled [ "DEVTMPFS" "CGROUPS" "INOTIFY_USER" "SIGNALFD" "TIMERFD" "EPOLL" "NET" @@ -816,5 +824,8 @@ in systemd.services."user@".restartIfChanged = false; + systemd.services.systemd-remount-fs.restartIfChanged = false; + systemd.services.systemd-journal-flush.restartIfChanged = false; + }; } diff --git a/nixos/modules/system/etc/etc.nix b/nixos/modules/system/etc/etc.nix index 22d55a9e246..b57b03bcf96 100644 --- a/nixos/modules/system/etc/etc.nix +++ b/nixos/modules/system/etc/etc.nix @@ -132,7 +132,7 @@ in '' # Set up the statically computed bits of /etc. echo "setting up /etc..." - ${pkgs.perl}/bin/perl ${./setup-etc.pl} ${etc}/etc + ${pkgs.perl}/bin/perl -I${pkgs.perlPackages.FileSlurp}/lib/perl5/site_perl ${./setup-etc.pl} ${etc}/etc ''; }; diff --git a/nixos/modules/system/etc/setup-etc.pl b/nixos/modules/system/etc/setup-etc.pl index 8ba9a370b27..d7e15eccefc 100644 --- a/nixos/modules/system/etc/setup-etc.pl +++ b/nixos/modules/system/etc/setup-etc.pl @@ -3,6 +3,7 @@ use File::Find; use File::Copy; use File::Path; use File::Basename; +use File::Slurp; my $etc = $ARGV[0] or die; my $static = "/etc/static"; @@ -46,35 +47,55 @@ sub cleanup { find(\&cleanup, "/etc"); +# Use /etc/.clean to keep track of copied files. +my @oldCopied = read_file("/etc/.clean", chomp => 1, err_mode => 'quiet'); +open CLEAN, ">>/etc/.clean"; + + # For every file in the etc tree, create a corresponding symlink in # /etc to /etc/static. The indirection through /etc/static is to make # switching to a new configuration somewhat more atomic. +my %created; +my @copied; + sub link { my $fn = substr $File::Find::name, length($etc) + 1 or next; my $target = "/etc/$fn"; File::Path::make_path(dirname $target); + $created{$fn} = 1; if (-e "$_.mode") { - open MODE, "<$_.mode"; - my $mode = <MODE>; chomp $mode; - close MODE; + my $mode = read_file("$_.mode"); chomp $mode; if ($mode eq "direct-symlink") { atomicSymlink readlink("$static/$fn"), $target or warn; } else { - open UID, "<$_.uid"; - my $uid = <UID>; chomp $uid; - close UID; - open GID, "<$_.gid"; - my $gid = <GID>; chomp $gid; - close GID; - + my $uid = read_file("$_.uid"); chomp $uid; + my $gid = read_file("$_.gid"); chomp $gid; copy "$static/$fn", "$target.tmp" or warn; chown int($uid), int($gid), "$target.tmp" or warn; chmod oct($mode), "$target.tmp" or warn; rename "$target.tmp", $target or warn; } + push @copied, $fn; + print CLEAN "$fn\n"; } elsif (-l "$_") { atomicSymlink "$static/$fn", $target or warn; } } find(\&link, $etc); + + +# Delete files that were copied in a previous version but not in the +# current. +foreach my $fn (@oldCopied) { + if (!defined $created{$fn}) { + $fn = "/etc/$fn"; + print STDERR "removing obsolete file ‘$fn’...\n"; + unlink "$fn"; + } +} + + +# Rewrite /etc/.clean. +close CLEAN; +write_file("/etc/.clean", map { "$_\n" } @copied); diff --git a/nixos/modules/tasks/encrypted-devices.nix b/nixos/modules/tasks/encrypted-devices.nix index e80762a170c..0370e36fbec 100644 --- a/nixos/modules/tasks/encrypted-devices.nix +++ b/nixos/modules/tasks/encrypted-devices.nix @@ -1,6 +1,6 @@ -{ config, pkgs, modulesPath, ... }: +{ config, lib, ... }: -with pkgs.lib; +with lib; let fileSystems = attrValues config.fileSystems ++ config.swapDevices; @@ -16,28 +16,28 @@ let enable = mkOption { default = false; type = types.bool; - description = "The block device is backed by an encrypted one, adds this device as a initrd luks entry"; + description = "The block device is backed by an encrypted one, adds this device as a initrd luks entry."; }; blkDev = mkOption { default = null; example = "/dev/sda1"; type = types.uniq (types.nullOr types.string); - description = "Location of the backing encrypted device"; + description = "Location of the backing encrypted device."; }; label = mkOption { default = null; example = "rootfs"; type = types.uniq (types.nullOr types.string); - description = "Label of the backing encrypted device"; + description = "Label of the backing encrypted device."; }; keyFile = mkOption { default = null; example = "/root/.swapkey"; type = types.uniq (types.nullOr types.string); - description = "File system location of keyfile"; + description = "File system location of keyfile."; }; }; }; diff --git a/nixos/modules/tasks/filesystems/f2fs.nix b/nixos/modules/tasks/filesystems/f2fs.nix index 8655107360c..1ed7b1b6a62 100644 --- a/nixos/modules/tasks/filesystems/f2fs.nix +++ b/nixos/modules/tasks/filesystems/f2fs.nix @@ -1,6 +1,6 @@ -{ config, pkgs, ... }: +{ config, pkgs, lib, ... }: -with pkgs.lib; +with lib; let inInitrd = any (fs: fs == "f2fs") config.boot.initrd.supportedFilesystems; diff --git a/nixos/modules/tasks/filesystems/unionfs-fuse.nix b/nixos/modules/tasks/filesystems/unionfs-fuse.nix index 177c97f85c7..5b777718056 100644 --- a/nixos/modules/tasks/filesystems/unionfs-fuse.nix +++ b/nixos/modules/tasks/filesystems/unionfs-fuse.nix @@ -1,8 +1,8 @@ -{ config, pkgs, ... }: +{ config, pkgs, lib, ... }: { - config = pkgs.lib.mkMerge [ - (pkgs.lib.mkIf (pkgs.lib.any (fs: fs == "unionfs-fuse") config.boot.initrd.supportedFilesystems) { + config = lib.mkMerge [ + (lib.mkIf (lib.any (fs: fs == "unionfs-fuse") config.boot.initrd.supportedFilesystems) { boot.initrd.kernelModules = [ "fuse" ]; boot.initrd.extraUtilsCommands = '' @@ -17,7 +17,7 @@ ln -s $(which umount) /nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-${pkgs.utillinux.name}/bin ''; }) - (pkgs.lib.mkIf (pkgs.lib.any (fs: fs == "unionfs-fuse") config.boot.supportedFilesystems) { + (lib.mkIf (lib.any (fs: fs == "unionfs-fuse") config.boot.supportedFilesystems) { system.fsPackages = [ pkgs.unionfs-fuse ]; }) ]; diff --git a/nixos/modules/testing/minimal-kernel.nix b/nixos/modules/testing/minimal-kernel.nix index 0cbca71e132..a463cb803ad 100644 --- a/nixos/modules/testing/minimal-kernel.nix +++ b/nixos/modules/testing/minimal-kernel.nix @@ -1,7 +1,7 @@ -{ config, pkgs, ... }: +{ config, pkgs, lib, ... }: let - configfile = builtins.storePath (builtins.toFile "config" (pkgs.lib.concatStringsSep "\n" + configfile = builtins.storePath (builtins.toFile "config" (lib.concatStringsSep "\n" (map (builtins.getAttr "configLine") config.system.requiredKernelConfig)) ); diff --git a/nixos/modules/virtualisation/amazon-image.nix b/nixos/modules/virtualisation/amazon-image.nix index 9e64327c3ab..7d6109f212a 100644 --- a/nixos/modules/virtualisation/amazon-image.nix +++ b/nixos/modules/virtualisation/amazon-image.nix @@ -26,7 +26,7 @@ in '' mkdir $out diskImage=$out/nixos.img - ${pkgs.vmTools.qemu}/bin/qemu-img create -f raw $diskImage "4G" + ${pkgs.vmTools.qemu}/bin/qemu-img create -f raw $diskImage "8G" mv closure xchg/ ''; buildInputs = [ pkgs.utillinux pkgs.perl ]; @@ -34,16 +34,32 @@ in [ "closure" config.system.build.toplevel ]; } '' - # Create an empty filesystem and mount it. - ${pkgs.e2fsprogs}/sbin/mkfs.ext4 -L nixos /dev/vda - ${pkgs.e2fsprogs}/sbin/tune2fs -c 0 -i 0 /dev/vda - mkdir /mnt - mount /dev/vda /mnt + ${if cfg.hvm then '' + # Create a single / partition. + ${pkgs.parted}/sbin/parted /dev/vda mklabel msdos + ${pkgs.parted}/sbin/parted /dev/vda -- mkpart primary ext2 1M -1s + . /sys/class/block/vda1/uevent + mknod /dev/vda1 b $MAJOR $MINOR + + # Create an empty filesystem and mount it. + ${pkgs.e2fsprogs}/sbin/mkfs.ext4 -L nixos /dev/vda1 + ${pkgs.e2fsprogs}/sbin/tune2fs -c 0 -i 0 /dev/vda1 + mkdir /mnt + mount /dev/vda1 /mnt + '' else '' + # Create an empty filesystem and mount it. + ${pkgs.e2fsprogs}/sbin/mkfs.ext4 -L nixos /dev/vda + ${pkgs.e2fsprogs}/sbin/tune2fs -c 0 -i 0 /dev/vda + mkdir /mnt + mount /dev/vda /mnt + ''} # The initrd expects these directories to exist. mkdir /mnt/dev /mnt/proc /mnt/sys mount -o bind /proc /mnt/proc + mount -o bind /dev /mnt/dev + mount -o bind /sys /mnt/sys # Copy all paths in the closure to the filesystem. storePaths=$(perl ${pkgs.pathsFromGraph} /tmp/xchg/closure) @@ -73,9 +89,10 @@ in cp ${./amazon-config.nix} /mnt/etc/nixos/configuration.nix # Generate the GRUB menu. + ln -s vda /dev/xvda chroot /mnt ${config.system.build.toplevel}/bin/switch-to-configuration boot - umount /mnt/proc + umount /mnt/proc /mnt/dev /mnt/sys umount /mnt '' ); @@ -86,7 +103,7 @@ in boot.kernelModules = [ "xen-netfront" ]; # Generate a GRUB menu. Amazon's pv-grub uses this to boot our kernel/initrd. - boot.loader.grub.version = 1; + boot.loader.grub.version = if cfg.hvm then 2 else 1; boot.loader.grub.device = if cfg.hvm then "/dev/xvda" else "nodev"; boot.loader.grub.timeout = 0; boot.loader.grub.extraPerEntryConfig = "root (hd0${lib.optionalString cfg.hvm ",0"})"; diff --git a/nixos/modules/virtualisation/google-compute-image.nix b/nixos/modules/virtualisation/google-compute-image.nix index d55b7420243..9a4d11d550a 100644 --- a/nixos/modules/virtualisation/google-compute-image.nix +++ b/nixos/modules/virtualisation/google-compute-image.nix @@ -119,12 +119,28 @@ in 169.254.169.254 metadata.google.internal metadata ''; - systemd.services.fetch-root-authorized-keys = - { description = "Fetch authorized_keys for root user"; - - wantedBy = [ "multi-user.target" ]; + networking.usePredictableInterfaceNames = false; + + systemd.services.wait-metadata-online = { + description = "Wait for GCE metadata server to become reachable"; + wantedBy = [ "network-online.target" ]; + before = [ "network-online.target" ]; + path = [ pkgs.netcat ]; + script = '' + # wait for the metadata server to become available for up to 60 seconds + for counter in {1..30}; do sleep 2 && nc -vzw 2 metadata 80 && break; done + ''; + serviceConfig.Type = "oneshot"; + serviceConfig.RemainAfterExit = true; + }; + + systemd.services.fetch-ssh-keys = + { description = "Fetch host keys and authorized_keys for root user"; + + wantedBy = [ "sshd.service" ]; before = [ "sshd.service" ]; - after = [ "network.target" ]; + after = [ "network-online.target" ]; + wants = [ "network-online.target" ]; path = [ pkgs.curl ]; script = @@ -144,6 +160,22 @@ in rm -f /root/key.pub /root/authorized-keys-metadata fi fi + + echo "obtaining SSH private host key..." + curl -o /root/ssh_host_ecdsa_key --retry-max-time 60 http://metadata/0.1/meta-data/attributes/ssh_host_ecdsa_key + if [ $? -eq 0 -a -e /root/ssh_host_ecdsa_key ]; then + mv -f /root/ssh_host_ecdsa_key /etc/ssh/ssh_host_ecdsa_key + echo "downloaded ssh_host_ecdsa_key" + chmod 600 /etc/ssh/ssh_host_ecdsa_key + fi + + echo "obtaining SSH public host key..." + curl -o /root/ssh_host_ecdsa_key.pub --retry-max-time 60 http://metadata/0.1/meta-data/attributes/ssh_host_ecdsa_key_pub + if [ $? -eq 0 -a -e /root/ssh_host_ecdsa_key.pub ]; then + mv -f /root/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ecdsa_key.pub + echo "downloaded ssh_host_ecdsa_key.pub" + chmod 644 /etc/ssh/ssh_host_ecdsa_key.pub + fi ''; serviceConfig.Type = "oneshot"; serviceConfig.RemainAfterExit = true; diff --git a/nixos/modules/virtualisation/virtualbox-guest.nix b/nixos/modules/virtualisation/virtualbox-guest.nix index b3847daf12c..a5a4db79787 100644 --- a/nixos/modules/virtualisation/virtualbox-guest.nix +++ b/nixos/modules/virtualisation/virtualbox-guest.nix @@ -11,7 +11,6 @@ let in -optionalAttrs (pkgs.stdenv.isi686 || pkgs.stdenv.isx86_64) # ugly... { ###### interface @@ -33,6 +32,10 @@ optionalAttrs (pkgs.stdenv.isi686 || pkgs.stdenv.isx86_64) # ugly... ###### implementation config = mkIf cfg.enable { + assertions = [ { + assertion = pkgs.stdenv.isi686 || pkgs.stdenv.isx86_64; + message = "Virtualbox not currently supported on ${pkgs.stdenv.system}"; + } ]; environment.systemPackages = [ kernel.virtualboxGuestAdditions ]; diff --git a/nixos/modules/virtualisation/virtualbox-image.nix b/nixos/modules/virtualisation/virtualbox-image.nix index 594b3e93ffe..2e30f4c62f9 100644 --- a/nixos/modules/virtualisation/virtualbox-image.nix +++ b/nixos/modules/virtualisation/virtualbox-image.nix @@ -51,6 +51,9 @@ with lib; set -f cp -prd $storePaths /mnt/nix/store/ + mkdir -p /mnt/etc/nix + echo 'build-users-group = ' > /mnt/etc/nix/nix.conf + # Register the paths in the Nix database. printRegistration=1 perl ${pkgs.pathsFromGraph} /tmp/xchg/closure | \ chroot /mnt ${config.nix.package}/bin/nix-store --load-db diff --git a/nixos/release.nix b/nixos/release.nix index e5eadb57fe6..8a8b77de5a5 100644 --- a/nixos/release.nix +++ b/nixos/release.nix @@ -122,14 +122,6 @@ in rec { inherit system; }); - /* - iso_minimal_new_kernel = forAllSystems (system: makeIso { - module = ./modules/installer/cd-dvd/installation-cd-minimal-new-kernel.nix; - type = "minimal-new-kernel"; - inherit system; - }); - */ - iso_graphical = forAllSystems (system: makeIso { module = ./modules/installer/cd-dvd/installation-cd-graphical.nix; type = "graphical"; @@ -138,13 +130,17 @@ in rec { # A variant with a more recent (but possibly less stable) kernel # that might support more hardware. - /* - iso_new_kernel = forAllSystems (system: makeIso { - module = ./modules/installer/cd-dvd/installation-cd-new-kernel.nix; - type = "new-kernel"; + iso_minimal_new_kernel = forAllSystems (system: makeIso { + module = ./modules/installer/cd-dvd/installation-cd-minimal-new-kernel.nix; + type = "minimal-new-kernel"; + inherit system; + }); + + iso_graphical_new_kernel = forAllSystems (system: makeIso { + module = ./modules/installer/cd-dvd/installation-cd-graphical-new-kernel.nix; + type = "graphical-new-kernel"; inherit system; }); - */ # A bootable VirtualBox virtual appliance as an OVA file (i.e. packaged OVF). diff --git a/nixos/tests/avahi.nix b/nixos/tests/avahi.nix index b6f18087c56..3898ddb4e8e 100644 --- a/nixos/tests/avahi.nix +++ b/nixos/tests/avahi.nix @@ -1,6 +1,7 @@ # Test whether `avahi-daemon' and `libnss-mdns' work as expected. import ./make-test.nix { + name = "avahi"; nodes = { one = diff --git a/nixos/tests/bittorrent.nix b/nixos/tests/bittorrent.nix index b58657a5ecd..002e012f65f 100644 --- a/nixos/tests/bittorrent.nix +++ b/nixos/tests/bittorrent.nix @@ -23,6 +23,7 @@ let in { + name = "bittorrent"; nodes = { tracker = diff --git a/nixos/tests/check-filesystems.nix b/nixos/tests/check-filesystems.nix index 09401f9a3f4..71aa9649840 100644 --- a/nixos/tests/check-filesystems.nix +++ b/nixos/tests/check-filesystems.nix @@ -6,6 +6,8 @@ with import ../lib/build-vms.nix { inherit nixos nixpkgs system; }; rec { + name = "check-filesystems"; + nodes = { share = {pkgs, config, ...}: { services.nfs.server.enable = true; diff --git a/nixos/tests/containers.nix b/nixos/tests/containers.nix index 8ad9cd6e0d7..f7dc8eb491d 100644 --- a/nixos/tests/containers.nix +++ b/nixos/tests/containers.nix @@ -1,6 +1,7 @@ # Test for NixOS' container support. import ./make-test.nix { + name = "containers"; machine = { config, pkgs, ... }: diff --git a/nixos/tests/firefox.nix b/nixos/tests/firefox.nix index b42d473b802..77a6f6ac9e7 100644 --- a/nixos/tests/firefox.nix +++ b/nixos/tests/firefox.nix @@ -1,4 +1,5 @@ import ./make-test.nix ({ pkgs, ... }: { + name = "firefox"; machine = { config, pkgs, ... }: diff --git a/nixos/tests/firewall.nix b/nixos/tests/firewall.nix index d10e10b1d91..16922508c7c 100644 --- a/nixos/tests/firewall.nix +++ b/nixos/tests/firewall.nix @@ -1,6 +1,7 @@ # Test the firewall module. import ./make-test.nix { + name = "firewall"; nodes = { walled = diff --git a/nixos/tests/gnome3.nix b/nixos/tests/gnome3.nix index f1a6ce63331..44668f57fc1 100644 --- a/nixos/tests/gnome3.nix +++ b/nixos/tests/gnome3.nix @@ -1,4 +1,5 @@ import ./make-test.nix { + name = "gnome3"; machine = { config, pkgs, ... }: diff --git a/nixos/tests/gnome3_12.nix b/nixos/tests/gnome3_12.nix index 92a1919b8cb..439674b69d5 100644 --- a/nixos/tests/gnome3_12.nix +++ b/nixos/tests/gnome3_12.nix @@ -1,4 +1,5 @@ import ./make-test.nix { + name = "gnome3_12"; machine = { config, pkgs, ... }: diff --git a/nixos/tests/influxdb.nix b/nixos/tests/influxdb.nix index 278b264170f..9f8ea061b96 100644 --- a/nixos/tests/influxdb.nix +++ b/nixos/tests/influxdb.nix @@ -1,6 +1,8 @@ # This test runs influxdb and checks if influxdb is up and running import ./make-test.nix { + name = "influxdb"; + nodes = { one = { config, pkgs, ... }: { services.influxdb.enable = true; diff --git a/nixos/tests/installer.nix b/nixos/tests/installer.nix index 98e8142a0df..d3bbe7a8bd5 100644 --- a/nixos/tests/installer.nix +++ b/nixos/tests/installer.nix @@ -215,10 +215,11 @@ let ''; - makeInstallerTest = + makeInstallerTest = name: { createPartitions, testChannel ? false, useEFI ? false, grubVersion ? 2, grubDevice ? "/dev/vda" }: makeTest { inherit iso; + name = "installer-" + name; nodes = if testChannel then { inherit webserver; } else { }; testScript = testScriptFun { inherit createPartitions testChannel useEFI grubVersion grubDevice; @@ -233,7 +234,7 @@ in { # The (almost) simplest partitioning scheme: a swap partition and # one big filesystem partition. - simple = makeInstallerTest + simple = makeInstallerTest "simple" { createPartitions = '' $machine->succeed( @@ -251,7 +252,7 @@ in { }; # Same as the previous, but now with a separate /boot partition. - separateBoot = makeInstallerTest + separateBoot = makeInstallerTest "separateBoot" { createPartitions = '' $machine->succeed( @@ -273,7 +274,7 @@ in { # Create two physical LVM partitions combined into one volume group # that contains the logical swap and root partitions. - lvm = makeInstallerTest + lvm = makeInstallerTest "lvm" { createPartitions = '' $machine->succeed( @@ -295,7 +296,7 @@ in { ''; }; - swraid = makeInstallerTest + swraid = makeInstallerTest "swraid" { createPartitions = '' $machine->succeed( @@ -328,7 +329,7 @@ in { }; # Test a basic install using GRUB 1. - grub1 = makeInstallerTest + grub1 = makeInstallerTest "grub1" { createPartitions = '' $machine->succeed( @@ -348,7 +349,7 @@ in { }; # Test an EFI install. - efi = makeInstallerTest + efi = makeInstallerTest "efi" { createPartitions = '' $machine->succeed( @@ -369,6 +370,7 @@ in { # Rebuild the CD configuration with a little modification. rebuildCD = makeTest { inherit iso; + name = "rebuild-cd"; nodes = { }; testScript = '' diff --git a/nixos/tests/ipv6.nix b/nixos/tests/ipv6.nix index eb15363d3c3..af6fec6bfbf 100644 --- a/nixos/tests/ipv6.nix +++ b/nixos/tests/ipv6.nix @@ -2,6 +2,7 @@ # solicication/advertisement using radvd works. import ./make-test.nix { + name = "ipv6"; nodes = { client = { config, pkgs, ... }: { }; diff --git a/nixos/tests/jenkins.nix b/nixos/tests/jenkins.nix index ad7ea78ac49..28027c294bc 100644 --- a/nixos/tests/jenkins.nix +++ b/nixos/tests/jenkins.nix @@ -4,6 +4,7 @@ # 3. jenkins service not started on slave node import ./make-test.nix { + name = "jenkins"; nodes = { diff --git a/nixos/tests/kde4.nix b/nixos/tests/kde4.nix index 99a82a6b95d..90c37397821 100644 --- a/nixos/tests/kde4.nix +++ b/nixos/tests/kde4.nix @@ -1,4 +1,5 @@ import ./make-test.nix ({ pkgs, ... }: { + name = "kde4"; machine = { config, pkgs, ... }: diff --git a/nixos/tests/kexec.nix b/nixos/tests/kexec.nix index b09287682c0..0f0565a60e9 100644 --- a/nixos/tests/kexec.nix +++ b/nixos/tests/kexec.nix @@ -1,6 +1,7 @@ # Test whether fast reboots via kexec work. import ./make-test.nix { + name = "kexec"; machine = { config, pkgs, ... }: { virtualisation.vlans = [ ]; }; diff --git a/nixos/tests/login.nix b/nixos/tests/login.nix index 44c53c231c8..e8373219ca6 100644 --- a/nixos/tests/login.nix +++ b/nixos/tests/login.nix @@ -1,6 +1,7 @@ import ./make-test.nix ({ pkgs, latestKernel ? false, ... }: { + name = "login"; machine = { config, pkgs, lib, ... }: diff --git a/nixos/tests/logstash.nix b/nixos/tests/logstash.nix index e6aba7a1012..7284cde7a33 100644 --- a/nixos/tests/logstash.nix +++ b/nixos/tests/logstash.nix @@ -2,6 +2,7 @@ # elasticsearch is started. import ./make-test.nix { + name = "logstash"; nodes = { one = diff --git a/nixos/tests/misc.nix b/nixos/tests/misc.nix index 8caef146ec8..c03db6c4335 100644 --- a/nixos/tests/misc.nix +++ b/nixos/tests/misc.nix @@ -1,6 +1,7 @@ # Miscellaneous small tests that don't warrant their own VM run. import ./make-test.nix { + name = "misc"; machine = { config, lib, pkgs, ... }: diff --git a/nixos/tests/mpich.nix b/nixos/tests/mpich.nix index 13cd0960d07..a4ef7b62426 100644 --- a/nixos/tests/mpich.nix +++ b/nixos/tests/mpich.nix @@ -1,6 +1,8 @@ # Simple example to showcase distributed tests using NixOS VMs. import ./make-test.nix { + name = "mpich"; + nodes = { master = { config, pkgs, ... }: { diff --git a/nixos/tests/mumble.nix b/nixos/tests/mumble.nix index 68ab8b642b0..3759d73355d 100644 --- a/nixos/tests/mumble.nix +++ b/nixos/tests/mumble.nix @@ -7,6 +7,8 @@ let }; in { + name = "mumble"; + nodes = { server = { config, pkgs, ... }: { services.murmur.enable = true; @@ -28,21 +30,21 @@ in $client1->execute("mumble mumble://client1\@server/test &"); $client2->execute("mumble mumble://client2\@server/test &"); - $client1->waitForWindow(qr/Mumble/); - $client2->waitForWindow(qr/Mumble/); - $server->sleep(3); # Wait some more for the Mumble UI - # cancel client audio configuration + $client1->waitForWindow(qr/Audio Tuning Wizard/); + $client2->waitForWindow(qr/Audio Tuning Wizard/); $client1->sendKeys("esc"); $client2->sendKeys("esc"); - $server->sleep(1); # cancel client cert configuration + $client1->waitForWindow(qr/Certificate Management/); + $client2->waitForWindow(qr/Certificate Management/); $client1->sendKeys("esc"); $client2->sendKeys("esc"); - $server->sleep(1); # accept server certificate + $client1->waitForWindow(qr/^Mumble$/); + $client2->waitForWindow(qr/^Mumble$/); $client1->sendChars("y"); $client2->sendChars("y"); diff --git a/nixos/tests/munin.nix b/nixos/tests/munin.nix index acc4b949ab5..31676c10df1 100644 --- a/nixos/tests/munin.nix +++ b/nixos/tests/munin.nix @@ -2,6 +2,7 @@ # machine. import ./make-test.nix { + name = "munin"; nodes = { one = diff --git a/nixos/tests/mysql-replication.nix b/nixos/tests/mysql-replication.nix index 7d0cf6d85a1..5786fdbc58c 100644 --- a/nixos/tests/mysql-replication.nix +++ b/nixos/tests/mysql-replication.nix @@ -6,6 +6,8 @@ let in { + name = "mysql-replication"; + nodes = { master = { pkgs, config, ... }: diff --git a/nixos/tests/mysql.nix b/nixos/tests/mysql.nix index 566d03baf36..0a753b9b625 100644 --- a/nixos/tests/mysql.nix +++ b/nixos/tests/mysql.nix @@ -1,4 +1,5 @@ import ./make-test.nix { + name = "mysql"; nodes = { master = diff --git a/nixos/tests/nat.nix b/nixos/tests/nat.nix index 02981469e10..5fdcc0e97ca 100644 --- a/nixos/tests/nat.nix +++ b/nixos/tests/nat.nix @@ -5,6 +5,7 @@ # for the client. import ./make-test.nix { + name = "nat"; nodes = { client = diff --git a/nixos/tests/nfs.nix b/nixos/tests/nfs.nix index 864d05626b6..61b2431c04c 100644 --- a/nixos/tests/nfs.nix +++ b/nixos/tests/nfs.nix @@ -17,6 +17,7 @@ let in { + name = "nfs"; nodes = { client1 = client; diff --git a/nixos/tests/openssh.nix b/nixos/tests/openssh.nix index 0b9714c275d..692618c5a84 100644 --- a/nixos/tests/openssh.nix +++ b/nixos/tests/openssh.nix @@ -1,4 +1,22 @@ -import ./make-test.nix ({ pkgs, ... }: { +import ./make-test.nix ({ pkgs, ... }: + +let + snakeOilPrivateKey = pkgs.writeText "privkey.snakeoil" '' + -----BEGIN EC PRIVATE KEY----- + MHcCAQEEIHQf/khLvYrQ8IOika5yqtWvI0oquHlpRLTZiJy5dRJmoAoGCCqGSM49 + AwEHoUQDQgAEKF0DYGbBwbj06tA3fd/+yP44cvmwmHBWXZCKbS+RQlAKvLXMWkpN + r1lwMyJZoSGgBHoUahoYjTh9/sJL7XLJtA== + -----END EC PRIVATE KEY----- + ''; + + snakeOilPublicKey = pkgs.lib.concatStrings [ + "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHA" + "yNTYAAABBBChdA2BmwcG49OrQN33f/sj+OHL5sJhwVl2Qim0vkUJQCry1zFpKTa" + "9ZcDMiWaEhoAR6FGoaGI04ff7CS+1yybQ= sakeoil" + ]; + +in { + name = "openssh"; nodes = { @@ -9,6 +27,9 @@ import ./make-test.nix ({ pkgs, ... }: { services.openssh.enable = true; security.pam.services.sshd.limits = [ { domain = "*"; item = "memlock"; type = "-"; value = 1024; } ]; + users.extraUsers.root.openssh.authorizedKeys.keys = [ + snakeOilPublicKey + ]; }; client = @@ -23,15 +44,25 @@ import ./make-test.nix ({ pkgs, ... }: { $server->waitForUnit("sshd"); - $server->succeed("mkdir -m 700 /root/.ssh"); - $server->copyFileFromHost("key.pub", "/root/.ssh/authorized_keys"); + subtest "manual-authkey", sub { + $server->succeed("mkdir -m 700 /root/.ssh"); + $server->copyFileFromHost("key.pub", "/root/.ssh/authorized_keys"); + + $client->succeed("mkdir -m 700 /root/.ssh"); + $client->copyFileFromHost("key", "/root/.ssh/id_dsa"); + $client->succeed("chmod 600 /root/.ssh/id_dsa"); - $client->succeed("mkdir -m 700 /root/.ssh"); - $client->copyFileFromHost("key", "/root/.ssh/id_dsa"); - $client->succeed("chmod 600 /root/.ssh/id_dsa"); + $client->waitForUnit("network.target"); + $client->succeed("ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no server 'echo hello world' >&2"); + $client->succeed("ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no server 'ulimit -l' | grep 1024"); + }; - $client->waitForUnit("network.target"); - $client->succeed("ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no server 'echo hello world' >&2"); - $client->succeed("ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no server 'ulimit -l' | grep 1024"); + subtest "configured-authkey", sub { + $client->succeed("cat ${snakeOilPrivateKey} > privkey.snakeoil"); + $client->succeed("chmod 600 privkey.snakeoil"); + $client->succeed("ssh -o UserKnownHostsFile=/dev/null" . + " -o StrictHostKeyChecking=no -i privkey.snakeoil" . + " server true"); + }; ''; }) diff --git a/nixos/tests/partition.nix b/nixos/tests/partition.nix index 120ecaad881..72fd37e041e 100644 --- a/nixos/tests/partition.nix +++ b/nixos/tests/partition.nix @@ -63,6 +63,8 @@ let logvol / --size=1000 --grow --fstype=ext4 --name=root --vgname=nixos ''; in { + name = "partitiion"; + machine = { config, pkgs, ... }: { environment.systemPackages = [ pkgs.pythonPackages.nixpart diff --git a/nixos/tests/phabricator.nix b/nixos/tests/phabricator.nix index 8a8c6cb784c..53038474c91 100644 --- a/nixos/tests/phabricator.nix +++ b/nixos/tests/phabricator.nix @@ -1,4 +1,5 @@ import ./make-test.nix ({ pkgs, ... }: { + name = "phabricator"; nodes = { storage = diff --git a/nixos/tests/printing.nix b/nixos/tests/printing.nix index 16f9812d93b..a55e077c269 100644 --- a/nixos/tests/printing.nix +++ b/nixos/tests/printing.nix @@ -1,6 +1,7 @@ # Test printing via CUPS. import ./make-test.nix ({pkgs, ... }: { + name = "printing"; nodes = { diff --git a/nixos/tests/proxy.nix b/nixos/tests/proxy.nix index 88dbdb2720f..01f0f3fe17a 100644 --- a/nixos/tests/proxy.nix +++ b/nixos/tests/proxy.nix @@ -14,6 +14,7 @@ let in { + name = "proxy"; nodes = { proxy = diff --git a/nixos/tests/quake3.nix b/nixos/tests/quake3.nix index 3ff12fd57c0..b16cb179982 100644 --- a/nixos/tests/quake3.nix +++ b/nixos/tests/quake3.nix @@ -13,6 +13,7 @@ let in rec { + name = "quake3"; makeCoverageReport = true; diff --git a/nixos/tests/rabbitmq.nix b/nixos/tests/rabbitmq.nix index ffcdde9d87f..3ef3f92764c 100644 --- a/nixos/tests/rabbitmq.nix +++ b/nixos/tests/rabbitmq.nix @@ -1,6 +1,7 @@ # This test runs rabbitmq and checks if rabbitmq is up and running. import ./make-test.nix ({ pkgs, ... }: { + name = "rabbitmq"; nodes = { one = { config, pkgs, ... }: { diff --git a/nixos/tests/simple.nix b/nixos/tests/simple.nix index e21b919cdf8..1cd9058f9e5 100644 --- a/nixos/tests/simple.nix +++ b/nixos/tests/simple.nix @@ -1,4 +1,5 @@ import ./make-test.nix { + name = "simple"; machine = { config, pkgs, ... }: { }; diff --git a/nixos/tests/subversion.nix b/nixos/tests/subversion.nix index e6746dc0828..50277edbdd8 100644 --- a/nixos/tests/subversion.nix +++ b/nixos/tests/subversion.nix @@ -32,6 +32,7 @@ let in { + name = "subversion"; nodes = { webserver = diff --git a/nixos/tests/tomcat.nix b/nixos/tests/tomcat.nix index 3b0b1bb7911..f3ee3477b5a 100644 --- a/nixos/tests/tomcat.nix +++ b/nixos/tests/tomcat.nix @@ -1,4 +1,5 @@ import ./make-test.nix { + name = "tomcat"; nodes = { server = diff --git a/nixos/tests/trac.nix b/nixos/tests/trac.nix index 3f17dafaca1..87a2d328b4a 100644 --- a/nixos/tests/trac.nix +++ b/nixos/tests/trac.nix @@ -1,4 +1,5 @@ import ./make-test.nix ({ pkgs, ... }: { + name = "trac"; nodes = { storage = diff --git a/nixos/tests/udisks2.nix b/nixos/tests/udisks2.nix index e0c57d7c34d..1d2f79e4f6c 100644 --- a/nixos/tests/udisks2.nix +++ b/nixos/tests/udisks2.nix @@ -10,6 +10,7 @@ let in { + name = "udisks2"; machine = { config, pkgs, ... }: diff --git a/nixos/tests/xfce.nix b/nixos/tests/xfce.nix index ded37943e51..ced0c6b9826 100644 --- a/nixos/tests/xfce.nix +++ b/nixos/tests/xfce.nix @@ -1,4 +1,5 @@ import ./make-test.nix { + name = "xfce"; machine = { config, pkgs, ... }: |