| Commit message (Collapse) | Author | Age |
|---|
| | |
|
| | |
|
| |\
| |
| | |
Added openldap user, group and configure service so its not running as root
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
libvirtd puts the full path of the emulator binary in the machine config
file. But this path can unfortunately be garbage collected while still
being used by the virtual machine. Then this happens:
Error starting domain: Cannot check QEMU binary /nix/store/z5c2xzk9x0pj6x511w0w4gy9xl5wljxy-qemu-1.5.2-x86-only/bin/qemu-kvm: No such file or directory
Fix by updating the emulator path on each service startup to something
valid (re-scan $PATH).
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
You can now say:
systemd.containers.foo.config =
{ services.openssh.enable = true;
services.openssh.ports = [ 2022 ];
users.extraUsers.root.openssh.authorizedKeys.keys = [ "ssh-dss ..." ];
};
which defines a NixOS instance with the given configuration running
inside a lightweight container.
You can also manage the configuration of the container independently
from the host:
systemd.containers.foo.path = "/nix/var/nix/profiles/containers/foo";
where "path" is a NixOS system profile. It can be created/updated by
doing:
$ nix-env --set -p /nix/var/nix/profiles/containers/foo \
-f '<nixos>' -A system -I nixos-config=foo.nix
The container configuration (foo.nix) should define
boot.isContainer = true;
to optimise away the building of a kernel and initrd. This is done
automatically when using the "config" route.
On the host, a lightweight container appears as the service
"container-<name>.service". The container is like a regular NixOS
(virtual) machine, except that it doesn't have its own kernel. It has
its own root file system (by default /var/lib/containers/<name>), but
shares the Nix store of the host (as a read-only bind mount). It also
has access to the network devices of the host.
Currently, if the configuration of the container changes, running
"nixos-rebuild switch" on the host will cause the container to be
rebooted. In the future we may want to send some message to the
container so that it can activate the new container configuration
without rebooting.
Containers are not perfectly isolated yet. In particular, the host's
/sys/fs/cgroup is mounted (writable!) in the guest.
|
| | |
| |
| |
| |
| | |
In NixOS containers, root doesn't have write permission to
/nix/var/nix/db, so it has to use the daemon.
|
| |/
|
|
| |
Also clarify the description of the enableTCPIP option.
|
| |
|
|
| |
Issue #1248.
|
| |
|
|
|
|
| |
This ensures that nscd can find the NSS modules.
Fixes #1248.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
In Javascript-based PolKit, "unix-user:0;unix-group:wheel" is not
valid; it should be a list "unix-user:0", "unix-group:wheel".
|
| |
|
|
| |
Otherwise it's ignored.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The attribute ‘config.systemd.services.<service-name>.runner’
generates a script that runs the service outside of systemd. This is
useful for testing, and also allows NixOS services to be used outside
of NixOS. For instance, given a configuration file foo.nix:
{ config, pkgs, ... }:
{ services.postgresql.enable = true;
services.postgresql.package = pkgs.postgresql92;
services.postgresql.dataDir = "/tmp/postgres";
}
you can build and run PostgreSQL as follows:
$ nix-build -A config.systemd.services.postgresql.runner -I nixos-config=./foo.nix
$ ./result
This will run the service's ExecStartPre, ExecStart, ExecStartPost and
ExecStopPost commands in an appropriate environment. It doesn't work
well yet for "forking" services, since it can't track the main
process. It also doesn't work for services that assume they're always
executed by root.
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
In particular, complain if two modules define the same systemd option.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
unetbootin
Fixes #248, mostly
Signed-off-by: Shea Levy <shea@shealevy.com>
|
| | |
|
| |
|
|
| |
servers in /etc/resolv.conf
|
| |
|
|
|
| |
We ended up with files in /etc/systemd/system called
"bigx2ddata.mount.wants" rather than "big\x2ddata.mount.wants".
|
| | |
|
| |\
| |
| | |
nixos: capitalize a bunch of service descriptions
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
(systemd service descriptions that is, not service descriptions in "man
configuration.nix".)
Capitalizing each word in the description seems to be the accepted
standard.
Also shorten these descriptions:
* "Munin node, the agent process" => "Munin Node"
* "Planet Venus, an awesome ‘river of news’ feed reader" => "Planet Venus Feed Reader"
|
| | |
| |
| |
| | |
Partial revert of 619a1f561480a300ce28f0f471e73fecda85fd60.
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes this:
Nov 09 16:18:54 nixos-laptop systemd[1]: Starting Libvirt Virtual Machine Management Daemon...
Nov 09 16:18:54 nixos-laptop dnsmasq[15809]: read /etc/hosts - 2 addresses
Nov 09 16:18:54 nixos-laptop dnsmasq[15809]: failed to load names from /var/lib/libvirt/dnsmasq/default.addnhosts: Permission denied
Nov 09 16:18:54 nixos-laptop dnsmasq[15809]: cannot read /var/lib/libvirt/dnsmasq/default.hostsfile: Permission denied
Nov 09 16:18:55 nixos-laptop systemd[1]: Started Libvirt Virtual Machine Management Daemon.
I don't understand the reason for the original 700 permission bits.
Apparently read-access is needed and Ubuntu also use 755 perms.
Use "chmod" instead of "mkdir -m" to set permissions because mkdir doesn't
modify permissions on existing directories.
|
| |\
| |
| |
| | |
One feature change: polkit update 8d14c7ba
|
| | |
| |
| |
| |
| |
| |
| | |
- It now uses JavaScript for configuration (only),
so I had to "convert" config for NetworkManager.
- I tested suspend/restart/(un)mount on KDE/Xfce,
Phreedom tested NetworkManager config conversion.
|
| | | |
|
| | | |
|
| |\ \
| | |
| | | |
nixos/mongodb: set static uid to work with #1076
|
| | | | |
|
| |\ \ \
| | | |
| | | | |
nixos/logstash: update and simplify to be fully compatible with new version
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | |
| | | |
| | | |
| | | | |
Yay, we no longer need inetd!
|
| | | | | |
|