* Allow packages to be added to the system path like so:

environment = { extraPackages = pkgs: [ pkgs.firefox pkgs.thunderbird ]; }; This approach is often actually nicer than adding to the default profile using nix-env, since it's declarative, and all packages declared here will be updated automatically when you run nixos-rebuild. * Allow additional setuid programs to be specified in security.extraSetuidPrograms. svn path=/nixos/trunk/; revision=8548
2007-04-07 21:44:26 +00:00 · 2007-04-07 21:44:26 +00:00 · 3ab4e0f17f
commit 3ab4e0f17f
parent 6113da3ce1
2 changed files with 36 additions and 3 deletions
--- a/system/options.nix
+++ b/system/options.nix
@ -790,11 +790,23 @@
    default = ["passwd" "su" "crontab" "ping" "ping6"];
    description = "
      Only the programs listed here will be made setuid root (through
-      a wrapper program).
+      a wrapper program).  It's better to set
+      <option>security.extraSetuidPrograms</options>.
    ";
  }

  
+  {
+    name = ["security" "extraSetuidPrograms"];
+    default = [];
+    example = ["fusermount"];
+    description = "
+      This option lists additional programs that must be made setuid
+      root.
+    ";
+  }
+
+
  {
    name = ["users" "ldap" "enable"];
    default = false;
@ -890,4 +902,22 @@
  }


+  {
+    name = ["environment" "extraPackages"];
+    default = pkgs: [];
+    example = pkgs: [pkgs.firefox pkgs.thunderbird];
+    description = "
+      This option allows you to add additional packages to the system
+      path.  These packages are automatically available to all users,
+      and they are automatically updated every time you rebuild the
+      system configuration.  (The latter is the main difference with
+      installing them in the default profile,
+      <filename>/nix/var/nix/profiles/default</filename>.  The value
+      of this option must be a function that returns a list of
+      packages.  The function will be called with the Nix Packages
+      collection as its argument for convenience.
+    ";
+  }
+
+
 ]
--- a/system/system.nix
+++ b/system/system.nix
@ -210,7 +210,8 @@ rec {
    nixosCheckout
    setuidWrapper
  ]
-  ++ pkgs.lib.concatLists (map (job: job.extraPath) upstartJobs.jobs);
+  ++ pkgs.lib.concatLists (map (job: job.extraPath) upstartJobs.jobs)
+  ++ (config.get ["environment" "extraPackages"]) pkgs;


  # We don't want to put all of `startPath' and `path' in $PATH, since
@ -239,7 +240,9 @@ rec {
    inherit (pkgs) kernel;
    readOnlyRoot = config.get ["boot" "readOnlyRoot"];
    hostName = config.get ["networking" "hostName"];
-    setuidPrograms = config.get ["security" "setuidPrograms"];
+    setuidPrograms =
+      config.get ["security" "setuidPrograms"] ++
+      config.get ["security" "extraSetuidPrograms"];
    maxJobs = config.get ["nix" "maxJobs"];

    path = [