JakeHillion/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Updating from trunk (to catch cron changes)

Browse Source 
I had some merge problems with the system-tarball; I hope I've resolved them.


svn path=/nixos/branches/stdenv-updates/; revision=24201
This commit is contained in:
Lluís Batlle i Rossell 2010-10-10 11:46:57 +00:00
commit 51d0ccdf3c
83 changed files with 2605 additions and 1194 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
default.nix
View File

@ -11,11 +11,22 @@ let
inherit (eval) config pkgs;
# This is for `nixos-rebuild build-vm'.
vmConfig = (import ./lib/eval-config.nix {
inherit system;
modules = [ configuration ./modules/virtualisation/qemu-vm.nix ];
}).config;
# This is for `nixos-rebuild build-vm-with-bootloader'.
vmWithBootLoaderConfig = (import ./lib/eval-config.nix {
inherit system;
modules =
[ configuration
./modules/virtualisation/qemu-vm.nix
{ virtualisation.useBootLoader = true; }
];
}).config;
in
{
@ -25,6 +36,8 @@ in
vm = vmConfig.system.build.vm;
vmWithBootLoader = vmWithBootLoaderConfig.system.build.vm;
# The following are used by nixos-rebuild.
nixFallback = pkgs.nixUnstable;
manifests = config.installer.manifests;

77
doc/manual/installation.xml
View File

@ -38,24 +38,14 @@ $ nix-channel --update</screen>
xlink:href="https://svn.nixos.org/repos/nix/nixos/trunk"/> as
<literal>nixos</literal>.</para></listitem>
<listitem><para>If you dont already have Nixpkgs checkout, Check
out Nixpkgs from <link
xlink:href="https://svn.nixos.org/repos/nix/nixos/trunk"/> as
<listitem><para>Check out Nixpkgs from
<link xlink:href="https://svn.nixos.org/repos/nix/nixos/trunk"/> as
<literal>nixpkgs</literal>.</para></listitem>
<listitem><para>In the directory <literal>nixos</literal>, make a
symbolic link <literal>pkgs</literal> to the <literal>pkgs</literal>
directory of the Nixpkgs tree, e.g.,
<screen>
$ ln -s nixpkgs/pkgs nixos/</screen>
</para></listitem>
<listitem><para>Build the ISO image:
<screen>
$ nix-build configuration/rescue-cd.nix -A rescueCD</screen>
$ nix-build ./nixos/release.nix -A iso_minimal.iso</screen>
If everything goes well, youll end up with an ISO image in
<filename>./result/iso/nixos-<replaceable>version</replaceable>-<replaceable>platform</replaceable>.iso</filename>
@ -63,7 +53,7 @@ $ nix-build configuration/rescue-cd.nix -A rescueCD</screen>
your favourite virtual machine software.</para></listitem>
</orderedlist>
</para>
</section>
@ -89,8 +79,8 @@ $ nix-build configuration/rescue-cd.nix -A rescueCD</screen>
server on your network. Otherwise configure
manually.</para></listitem>
<listitem><para>The NixOS manual is available on virtual console 7
(press Alt+F7 to access).</para></listitem>
<listitem><para>The NixOS manual is available on virtual console 8
(press Alt+F8 to access).</para></listitem>
<listitem><para>Login as <literal>root</literal>, empty
password.</para></listitem>
@ -138,43 +128,37 @@ $ lvcreate --size 1G --name smalldisk MyVolGroup</screen>
</para></listitem>
<listitem><para>Mount the target file system on
<filename>/mnt</filename>.</para></listitem>
<filename>/mnt</filename> on which NixOS would be installed.</para>
</listitem>
<listitem>
<para>The installation is declarative; you need to write a
description of the configuration that you want to be built and
activated. The configuration is specified in a Nix expression and
must be stored <emphasis>on the target file system</emphasis> in
<filename>/mnt/etc/nixos/configuration.nix</filename>. See
<filename>/etc/nixos/nixos/doc/config-examples</filename> for
example machine configurations. You can copy and edit one of
those (e.g., copy
<filename>/etc/nixos/nixos/doc/config-examples/basic.nix</filename>
to <filename>/mnt/etc/nixos/configuration.nix</filename>). See
<xref linkend="ch-options"/> for a list of the available
configuration options. The text editors <command>nano</command>
and <command>vim</command> are available.</para>
<para>Generate a template configuration for the target system:</para>
<para>In particular you need to specify a root file system in
<option>fileSystems</option> and the target device for the Grub
boot loader in <option>boot.grubDevice</option>.</para>
<para>The command <command>nixos-hardware-scan</command> can
<para>The command <command>nixos-option</command> can
generate an initial configuration file for you, i.e.,
<screen>
$ mkdir -p /mnt/etc/nixos
$ nixos-hardware-scan > /mnt/etc/nixos/configuration.nix</screen>
$ nixos-option --install</screen>
It tries to figure out the modules necessary for mounting the root
device, as well as various other hardware characteristics.
However, it doesnt try to figure out the
However, it doesnt try to figure out the
<option>fileSystems</option> option yet.</para>
<para>More examples of NixOS configurations for some actual
machines can be found at <link
xlink:href="https://svn.nixos.org/repos/nix/configurations/trunk/"/>.</para>
<para>Edit <filename>/mnt/etc/nixos/configuration.nix</filename> to
configure your system. The installation is declarative; you need to
write a description of the configuration that you want to be built and
activated. The configuration is specified in a Nix expression and must
be stored <emphasis>on the target file system</emphasis>. The text
editors <command>nano</command> and <command>vim</command> are
available.</para>
<para>You need to specify a root file system in
<option>fileSystems</option> and the target device for the Grub boot
loader in <option>boot.grubDevice</option>. See
<xref linkend="ch-options"/> for a list of the available configuration
options.</para>
<note><para>It is very important that you specify in the option
<option>boot.initrd.kernelModules</option> all kernel modules that
@ -187,6 +171,11 @@ $ nixos-hardware-scan > /mnt/etc/nixos/configuration.nix</screen>
<command>nixos-hardware-scan</command> should figure out the
required modules in most cases.</para></note>
<para>Examples are available in
<filename>/etc/nixos/nixos/doc/config-examples</filename> and some
actual NixOS configuration can be found at <link
xlink:href="https://svn.nixos.org/repos/nix/configurations/trunk/"/>.</para>
</listitem>
<listitem><para>If your machine has a limited amount of memory, you
@ -268,8 +257,7 @@ $ fdisk /dev/sda <lineannotation>(or whatever device you want to install on)</li
$ mke2fs -j -L nixos /dev/sda1 <lineannotation>(idem)</lineannotation>
$ mkswap -L swap /dev/sda2 <lineannotation>(idem)</lineannotation>
$ mount LABEL=nixos /mnt
$ mkdir -p /mnt/etc/nixos
$ nixos-hardware-scan > /mnt/etc/nixos/configuration.nix
$ nixos-option --install
$ nano /mnt/etc/nixos/configuration.nix
<lineannotation>(in particular, set the fileSystems and swapDevices options)</lineannotation>
$ nixos-install
@ -280,7 +268,8 @@ $ reboot</screen>
<screen>
{
boot.initrd.kernelModules = [ "ata_piix" ];
boot.grubDevice = "/dev/sda";
boot.loader.grub.enable = true;
boot.loader.grub.device = "/dev/sda";
fileSystems = [
{ mountPoint = "/";

186
doc/manual/man-nixos-option.xml Normal file
View File

@ -0,0 +1,186 @@
<refentry xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude">
<refmeta>
<refentrytitle><command>nixos-option</command></refentrytitle>
<manvolnum>8</manvolnum>
<refmiscinfo class="source">NixOS</refmiscinfo>
<!-- <refmiscinfo class="version"><xi:include href="version.txt" parse="text"/></refmiscinfo> -->
</refmeta>
<refnamediv>
<refname><command>nixos-option</command></refname>
<refpurpose>inspect a NixOS configuration</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>nixos-option</command>
<group choice="opt">
<option>-i</option>
<option>v</option>
<option>d</option>
<option>l</option>
</group>
<arg choice='plain'><replaceable>option.name</replaceable></arg>
</cmdsynopsis>
<cmdsynopsis>
<command>nixos-option</command>
<arg choice='plain'><option>--install</option></arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsection><title>Description</title>
<para>This command evaluates the configuration specified in
<filename>/etc/nixos/configuration.nix</filename> and returns the properties
of the option name given as argument. By default, it returns the value of
the option.</para>
<para>When the option name is not an option, the command prints the list of
attributes in contained in the attribute set. This could used to provide
completion in some editors.</para>
<para>When the option <option>--install</option> (or <option>-i</option>) is
used with no option name, this command generates a template configuration
with a scan of the target system. It produces a template configuration
in <filename>/etc/nixos/configuration.nix</filename>, and a scan of the
machine in <filename>/etc/nixos/hardware-configuration.nix</filename>. The
scan of the machine is produced
by <command>nixos-hardware-scan</command>.</para>
</refsection>
<refsection><title>Options</title>
<para>This command accepts the following options:</para>
<variablelist>
<varlistentry>
<term><option>--install</option>, <option>-i</option></term>
<listitem>
<para>Use the installation configuration instead of current system
configuration. Generate a template configuration if no option name is
specified.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>--value</option>, <option>-v</option></term>
<listitem>
<para>Returns the value of the option. This is the default operation
if no other options are defined.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>--description</option>, <option>-d</option></term>
<listitem>
<para>Return the default value, the example and the description of the
option when available.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>--lookup</option>, <option>-l</option></term>
<listitem>
<para>Return the locations where the option is declared and where it
is defined. This is extremely useful to find sources of errors in
your configuration.</para>
</listitem>
</varlistentry>
</variablelist>
</refsection>
<refsection><title>Environment</title>
<variablelist>
<varlistentry>
<term><envar>mountPoint</envar></term>
<listitem>
<para>Location of the target file system. Defaults to
<filename>/mnt</filename>. This environment variable is only used in
combinaison with <option>--install</option> option.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><envar>NIXOS</envar></term>
<listitem>
<para>Path to the NixOS source tree. Defaults to
<filename>/etc/nixos/nixos</filename>.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><envar>NIXPKGS</envar></term>
<listitem>
<para>Path to the Nixpkgs source tree. Defaults to
<filename>/etc/nixos/nixpkgs</filename>.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><envar>NIXOS_CONFIG</envar></term>
<listitem>
<para>Path to the main NixOS configuration module. Defaults to
<filename>/etc/nixos/configuration.nix</filename>.</para>
</listitem>
</varlistentry>
</variablelist>
</refsection>
<refsection><title>Examples</title>
<para>Investigate option values:
<screen>$ nixos-option boot.loader
This attribute set contains:
generationsDir
grub
initScript
$ nixos-option boot.loader.grub.enable
true</screen></para>
<para>Prints option information:
<screen>$ nixos-option -d networking.hostName
Default: "nixos"
Description:
The name of the machine. Leave it empty if you want to obtain
it from a DHCP server (if using DHCP).</screen></para>
<para>Find the locations which are declaring and defining an option:
<screen>$ nixos-option -l hardware.firmware
Declared by:
/mnt/data/nix-sources/nixos/modules/services/hardware/udev.nix
Defined by:
/etc/nixos/nixos/modules/system/boot/kernel.nix
/etc/nixos/nixos/modules/hardware/network/rt73.nix
/etc/nixos/nixos/modules/hardware/network/intel-3945abg.nix
/etc/nixos/nixos/modules/hardware/network/intel-2200bg.nix</screen></para>
</refsection>
<refsection><title>Bugs</title>
<para>The author listed in the following section is wrong. If there is any
other bug, please report to Nicolas Pierron.</para>
</refsection>
</refentry>

31
doc/manual/man-nixos-rebuild.xml
View File

@ -24,6 +24,8 @@
<arg choice='plain'><option>build</option></arg>
<arg choice='plain'><option>dry-run</option></arg>
<arg choice='plain'><option>build-vm</option></arg>
<arg choice='plain'><option>build-vm-with-bootloader</option></arg>
<arg choice='plain'><option>pull</option></arg>
</group>
<sbr />
<arg><option>--install-grub</option></arg>
@ -151,6 +153,35 @@ $ ./result/bin/run-*-vm
</listitem>
</varlistentry>
<varlistentry>
<term><option>build-vm-with-bootloader</option></term>
<listitem>
<para>Like <option>build-vm</option>, but boots using the
regular boot loader of your configuration (e.g., GRUB 1 or 2),
rather than booting directly into the kernel and initial ramdisk
of the system. This allows you to test whether the boot loader
works correctly. However, it does not guarantee that your NixOS
configuration will boot successfully on the host hardware (i.e.,
after running <command>nixos-rebuild switch</command>), because
the hardware and boot loader configuration in the VM are
different. The boot loader is installed on an automatically
generated virtual disk containing a <filename>/boot</filename>
partition, which is mounted read-only in the VM.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>pull</option></term>
<listitem>
<para>This operation merely fetches the latest manifest in the
Nixpkgs channel to speed up subsequent
<command>nix-env</command> operations. This is useful if you
are not using <command>nix-channel</command> but still want to
use pre-built binary packages. It doesnt reconfigure the
system at all.</para>
</listitem>
</varlistentry>
</variablelist>
</para>

1
doc/manual/man-pages.xml
View File

@ -25,5 +25,6 @@
<xi:include href="man-configuration.xml" />
<xi:include href="man-nixos-rebuild.xml" />
<xi:include href="man-nixos-option.xml" />
</reference>

2
modules/config/nsswitch-mdns.conf
View File

@ -4,7 +4,7 @@ passwd: ldap files
group: ldap files
shadow: ldap files
hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4
hosts: files mdns_minimal [NOTFOUND=return] dns mdns
networks: files dns
services: files

24
modules/config/users-groups.nix
View File

@ -156,7 +156,23 @@ in
config = {
system.activationScripts.users = fullDepEntry
system.activationScripts.rootPasswd = stringAfter [ "etc" ]
''
# If there is no password file yet, create a root account with an
# empty password.
if ! test -e /etc/passwd; then
rootHome=/root
touch /etc/passwd; chmod 0644 /etc/passwd
touch /etc/group; chmod 0644 /etc/group
touch /etc/shadow; chmod 0600 /etc/shadow
# Can't use useradd, since it complains that it doesn't know us
# (bootstrap problem!).
echo "root:x:0:0:System administrator:$rootHome:${config.users.defaultUserShell}" >> /etc/passwd
echo "root::::::::" >> /etc/shadow
fi
'';
system.activationScripts.users = stringAfter [ "groups" ]
''
echo "updating users..."
@ -206,9 +222,9 @@ in
fi
done
'' [ "groups" ];
'';
system.activationScripts.groups = fullDepEntry
system.activationScripts.groups = stringAfter [ "rootPasswd" "binsh" "etc" "var" ]
''
echo "updating groups..."
@ -231,7 +247,7 @@ in
done <<EndOfGroupList
${concatStringsSep "\n" (map serializedGroup groups)}
EndOfGroupList
'' [ "rootPasswd" "binsh" "etc" "var" ];
'';
};

200
modules/installer/cd-dvd/installation-cd-base.nix
View File

@ -7,76 +7,6 @@ with pkgs.lib;
let
options = {
system.nixosVersion = mkOption {
default = "${builtins.readFile ../../../VERSION}";
description = ''
NixOS version number.
'';
};
installer.configModule = mkOption {
example = "./nixos/modules/installer/cd-dvd/installation-cd.nix";
description = ''
Filename of the configuration module that builds the CD
configuration. Must be specified to support reconfiguration
in live CDs.
'';
};
installer.basePackages = mkOption {
description = ''
The list of base packages available in the system profile of the
installation CD. Note that modules such as
<literal>installation-cd-graphical.nix</literal> add
packages to this list.
'';
default =
[ pkgs.subversion # for nixos-checkout
pkgs.w3m # needed for the manual anyway
pkgs.testdisk # useful for repairing boot problems
pkgs.mssys # for writing Microsoft boot sectors / MBRs
pkgs.parted
pkgs.ddrescue
pkgs.ccrypt
pkgs.cryptsetup # needed for dm-crypt volumes
# Some networking tools.
pkgs.sshfsFuse
pkgs.socat
pkgs.screen
# Hardware-related tools.
pkgs.sdparm
pkgs.hdparm
pkgs.dmraid
# Tools to create / manipulate filesystems.
pkgs.ntfsprogs # for resizing NTFS partitions
pkgs.btrfsProgs
pkgs.dosfstools
pkgs.xfsprogs
pkgs.jfsutils
pkgs.jfsrec
# Some compression/archiver tools.
pkgs.unrar
pkgs.unzip
pkgs.zip
pkgs.xz
pkgs.dar # disk archiver
# Some editors.
pkgs.nvi
pkgs.bvi # binary editor
pkgs.joe
];
};
};
# We need a copy of the Nix expressions for Nixpkgs and NixOS on the
# CD. We put them in a tarball because accessing that many small
# files from a slow device like a CD-ROM takes too long. !!! Once
@ -95,37 +25,17 @@ let
nixpkgsTarball = makeTarball "nixpkgs.tar.bz2" (cleanSource pkgs.path);
includeSources = true;
# A dummy /etc/nixos/configuration.nix in the booted CD that
# rebuilds the CD's configuration (and allows the configuration to
# be modified, of course, providing a true live CD). Problem is
# that we don't really know how the CD was built - the Nix
# expression language doesn't allow us to query the expression being
# evaluated. So we'll just hope for the best.
dummyConfiguration = pkgs.writeText "configuration.nix"
''
{config, pkgs, ...}:
{
require = [${config.installer.configModule}];
# Add your own options below and run "nixos-rebuild switch".
# E.g.,
# services.openssh.enable = true;
}
'';
in
{
require =
[ options
./memtest.nix
[ ./memtest.nix
./iso-image.nix
../../hardware/network/intel-3945abg.nix
../../hardware/network/rt73.nix
# Profiles of this basic installation CD.
../../profiles/base.nix
../../profiles/installation-device.nix
];
# ISO naming.
@ -133,79 +43,10 @@ in
isoImage.volumeID = "NIXOS_INSTALL_CD_${config.system.nixosVersion}";
# Show the manual.
services.nixosManual.showManual = true;
# Let the user play Rogue on TTY 8 during the installation.
services.rogue.enable = true;
# Disable some other stuff we don't need.
security.sudo.enable = false;
# Include only the en_US locale. This saves 75 MiB or so compared to
# the full glibcLocales package.
i18n.supportedLocales = ["en_US.UTF-8/UTF-8" "en_US/ISO-8859-1"];
# Include some utilities that are useful for installing or repairing
# the system.
environment.systemPackages = config.installer.basePackages;
# The initrd has to contain any module that might be necessary for
# mounting the CD/DVD.
boot.initrd.availableKernelModules =
[ # SATA/PATA support.
"ahci"
"ata_piix"
"sata_inic162x" "sata_nv" "sata_promise" "sata_qstor"
"sata_sil" "sata_sil24" "sata_sis" "sata_svw" "sata_sx4"
"sata_uli" "sata_via" "sata_vsc"
"pata_ali" "pata_amd" "pata_artop" "pata_atiixp"
"pata_cs5520" "pata_cs5530" "pata_cs5535" "pata_efar"
"pata_hpt366" "pata_hpt37x" "pata_hpt3x2n" "pata_hpt3x3"
"pata_it8213" "pata_it821x" "pata_jmicron" "pata_marvell"
"pata_mpiix" "pata_netcell" "pata_ns87410" "pata_oldpiix"
"pata_pcmcia" "pata_pdc2027x" "pata_qdi" "pata_rz1000"
"pata_sc1200" "pata_serverworks" "pata_sil680" "pata_sis"
"pata_sl82c105" "pata_triflex" "pata_via"
"pata_winbond"
# SCSI support (incomplete).
"3w-9xxx" "3w-xxxx" "aic79xx" "aic7xxx" "arcmsr"
# USB support, especially for booting from USB CD-ROM
# drives.
"usb_storage"
# Firewire support. Not tested.
"ohci1394" "sbp2"
# Virtio (QEMU, KVM etc.) support.
"virtio_net" "virtio_pci" "virtio_blk" "virtio_balloon"
# Add vfat to enable people to copy the contents of the CD to a
# bootable USB stick.
"vfat" "nls_cp437" "nls_iso8859-1"
];
boot.initrd.kernelModules =
[ # Wait for SCSI devices to appear.
"scsi_wait_scan"
];
# nixos-install will do a pull from this channel to speed up the
# installation.
installer.nixpkgsURL = http://nixos.org/releases/nixpkgs/channels/nixpkgs-unstable;
boot.postBootCommands =
''
export PATH=${pkgs.gnutar}/bin:${pkgs.bzip2}/bin:$PATH
# Provide a mount point for nixos-install.
mkdir -p /mnt
# Provide the NixOS/Nixpkgs sources in /etc/nixos. This is required
# for nixos-install.
${optionalString includeSources ''
@ -216,40 +57,9 @@ in
tar xjf ${nixpkgsTarball}/nixpkgs.tar.bz2 -C /etc/nixos/nixpkgs
chown -R root.root /etc/nixos
''}
# Provide a configuration for the CD/DVD itself, to allow users
# to run nixos-rebuild to change the configuration of the
# running system on the CD/DVD.
cp ${dummyConfiguration} /etc/nixos/configuration.nix
'';
# Some more help text.
services.mingetty.helpLine =
''
Log in as "root" with an empty password. ${
if config.services.xserver.enable then
"Type `start xserver' to start\nthe graphical user interface."
else ""
}
'';
# Include the firmware for various wireless cards.
networking.enableRT73Firmware = true;
networking.enableIntel2200BGFirmware = true;
networking.enableIntel3945ABGFirmware = true;
# To speed up installation a little bit, include the complete stdenv
# in the Nix store on the CD.
isoImage.storeContents = [ pkgs.stdenv pkgs.klibc pkgs.klibcShrunk ];
# Allow sshd to be started manually through "start sshd". It should
# not be started by default on the installation CD because the
# default root password is empty.
services.openssh.enable = true;
jobs.sshd.startOn = pkgs.lib.mkOverrideTemplate 50 {} "";
# Enable wpa_supplicant, but don't start it by default.
networking.enableWLAN = true;
jobs.wpa_supplicant.startOn = pkgs.lib.mkOverrideTemplate 50 {} "";
}

15
modules/installer/cd-dvd/installation-cd-graphical.nix
View File

@ -4,15 +4,8 @@
{config, pkgs, ...}:
{
require = [./installation-cd-base.nix];
installer.configModule = "./nixos/modules/installer/cd-dvd/installation-cd-graphical.nix";
services.xserver = {
enable = true;
autorun = false;
defaultDepth = 16;
desktopManager.default = "kde4";
desktopManager.kde4.enable = true;
};
require = [
./installation-cd-base.nix
../../profiles/graphical.nix
];
}

14
modules/installer/cd-dvd/installation-cd-minimal.nix
View File

@ -4,14 +4,8 @@
{config, pkgs, ...}:
{
require = [./installation-cd-base.nix];
installer.configModule = "./nixos/modules/installer/cd-dvd/installation-cd-minimal.nix";
# Don't include X libraries.
services.openssh.forwardX11 = false;
services.dbus.enable = false; # depends on libX11
services.hal.enable = false; # depends on dbus
fonts.enableFontConfig = false;
fonts.enableCoreFonts = false;
require = [
./installation-cd-base.nix
../../profiles/minimal.nix
];
}

46
modules/installer/cd-dvd/installation-cd-rescue.nix
View File

@ -4,48 +4,8 @@
{config, pkgs, ...}:
{
require = [./installation-cd-base.nix];
installer.configModule = "./nixos/modules/installer/cd-dvd/installation-cd-minimal.nix";
# Don't include X libraries.
services.openssh.forwardX11 = false;
services.dbus.enable = false; # depends on libX11
services.hal.enable = false; # depends on dbus
fonts.enableFontConfig = false;
fonts.enableCoreFonts = false;
# Useful for rescue..
environment.systemPackages = with pkgs; [
utillinuxCurses ddrescue
pciutils sdparm hdparm hddtemp usbutils
btrfsProgs xfsprogs jfsutils jfsrec
iproute
fuse ntfs3g smbfsFuse sshfsFuse
manpages irssi elinks mcabber mutt openssh lftp
openssl ncat socat
gnupg1 gnupg
patch which diffutils gcc binutils bc file
screen
bvi joe nvi
subversion16 monotone git darcs mercurial bazaar cvs
unrar unzip zip lzma cabextract cpio
lsof
require = [
./installation-cd-base.nix
../../profiles/rescue.nix
];
boot.kernelPackages = pkgs.linuxPackages_2_6_32;
boot.initrd.kernelModules = ["evdev" "i8042" "pcips2" "serio"
"sd_mod" "libata" "unix" "usbhid" "uhci_hcd" "atkbd" "xtkbd" "fbdev"
"iso9660" "udf" "loop"];
boot.kernelModules = ["fbcon" "radeonfb" "intelfb" "sisfb" "nvidiafb"
"cirrusfb"];
boot.kernelParams = [
"selinux=0"
"acpi=on"
"apm=off"
"console=tty1"
"splash=verbose"
];
services.ttyBackgrounds.enable = false;
}

10
modules/installer/cd-dvd/iso-image.nix
View File

@ -174,11 +174,9 @@ in
# Closures to be copied to the Nix store on the CD, namely the init
# script and the top-level system configuration directory.
isoImage.storeContents =
[ config.system.build.bootStage2
config.system.build.toplevel
] ++
(optional config.isoImage.includeSystemBuildDependencies
config.system.build.toplevel.drvPath);
[ config.system.build.toplevel ] ++
optional config.isoImage.includeSystemBuildDependencies
config.system.build.toplevel.drvPath;
# Create the squashfs image that contains the Nix store.
system.build.squashfsStore = import ../../../lib/make-squashfs.nix {
@ -220,7 +218,7 @@ in
boot.loader.grub.extraEntries =
''
menuentry "NixOS Installer / Rescue" {
linux /boot/bzImage init=${config.system.build.bootStage2} systemConfig=${config.system.build.toplevel} ${toString config.boot.kernelParams}
linux /boot/bzImage init=${config.system.build.toplevel}/init ${toString config.boot.kernelParams}
initrd /boot/initrd
}

2
modules/installer/cd-dvd/live-dvd.nix
View File

@ -1,7 +1,7 @@
{config, pkgs, ...}:
{
require = [./installation-cd.nix];
require = [./installation-cd-base.nix];
# Build the build-time dependencies of this configuration on the DVD
# to speed up installation.

160
modules/installer/cd-dvd/system-tarball-pc.nix
View File

@ -7,164 +7,18 @@ with pkgs.lib;
let
# A dummy /etc/nixos/configuration.nix in the booted CD that
# rebuilds the CD's configuration (and allows the configuration to
# be modified, of course, providing a true live CD). Problem is
# that we don't really know how the CD was built - the Nix
# expression language doesn't allow us to query the expression being
# evaluated. So we'll just hope for the best.
dummyConfiguration = pkgs.writeText "configuration.nix"
''
{config, pkgs, ...}:
{
require = [ ];
# Add your own options below and run "nixos-rebuild switch".
# E.g.,
# services.openssh.enable = true;
}
'';
pkgs2storeContents = l : map (x: { object = x; symlink = "none"; }) l;
options = {
system.nixosVersion = mkOption {
default = "${builtins.readFile ../../../VERSION}";
description = ''
NixOS version number.
'';
};
};
in
{
require =
[ options
./system-tarball.nix
../../hardware/network/rt73.nix
];
# Disable some other stuff we don't need.
security.sudo.enable = false;
# Include only the en_US locale. This saves 75 MiB or so compared to
# the full glibcLocales package.
i18n.supportedLocales = ["en_US.UTF-8/UTF-8" "en_US/ISO-8859-1"];
# Include some utilities that are useful for installing or repairing
# the system.
environment.systemPackages =
[ pkgs.subversion # for nixos-checkout
pkgs.w3m # needed for the manual anyway
pkgs.testdisk # useful for repairing boot problems
pkgs.mssys # for writing Microsoft boot sectors / MBRs
pkgs.parted
pkgs.ddrescue
pkgs.ccrypt
pkgs.cryptsetup # needed for dm-crypt volumes
# Some networking tools.
pkgs.sshfsFuse
pkgs.socat
pkgs.screen
pkgs.wpa_supplicant # !!! should use the wpa module
# Hardware-related tools.
pkgs.sdparm
pkgs.hdparm
pkgs.dmraid
# Tools to create / manipulate filesystems.
pkgs.ntfsprogs # for resizing NTFS partitions
pkgs.btrfsProgs
pkgs.xfsprogs
pkgs.jfsutils
pkgs.jfsrec
# Some compression/archiver tools.
pkgs.unrar
pkgs.unzip
pkgs.zip
pkgs.xz
pkgs.dar # disk archiver
# Some editors.
pkgs.nvi
pkgs.bvi # binary editor
pkgs.joe
];
# The initrd has to contain any module that might be necessary for
# mounting the CD/DVD.
boot.initrd.availableKernelModules =
[ # SATA/PATA support.
"ahci"
"ata_piix"
"sata_inic162x" "sata_nv" "sata_promise" "sata_qstor"
"sata_sil" "sata_sil24" "sata_sis" "sata_svw" "sata_sx4"
"sata_uli" "sata_via" "sata_vsc"
"pata_ali" "pata_amd" "pata_artop" "pata_atiixp"
"pata_cs5520" "pata_cs5530" "pata_cs5535" "pata_efar"
"pata_hpt366" "pata_hpt37x" "pata_hpt3x2n" "pata_hpt3x3"
"pata_it8213" "pata_it821x" "pata_jmicron" "pata_marvell"
"pata_mpiix" "pata_netcell" "pata_ns87410" "pata_oldpiix"
"pata_pcmcia" "pata_pdc2027x" "pata_qdi" "pata_rz1000"
"pata_sc1200" "pata_serverworks" "pata_sil680" "pata_sis"
"pata_sl82c105" "pata_triflex" "pata_via"
"pata_winbond"
# SCSI support (incomplete).
"3w-9xxx" "3w-xxxx" "aic79xx" "aic7xxx" "arcmsr"
# USB support, especially for booting from USB CD-ROM
# drives.
"usb_storage"
# Firewire support. Not tested.
"ohci1394" "sbp2"
# Virtio (QEMU, KVM etc.) support.
"virtio_net" "virtio_pci" "virtio_blk" "virtio_balloon"
# Add vfat to enable people to copy the contents of the CD to a
# bootable USB stick.
"vfat"
];
boot.initrd.kernelModules =
[ # Wait for SCSI devices to appear.
"scsi_wait_scan"
];
boot.postBootCommands =
''
mkdir -p /mnt
cp ${dummyConfiguration} /etc/nixos/configuration.nix
'';
# Some more help text.
services.mingetty.helpLine =
''
Log in as "root" with an empty password. ${
if config.services.xserver.enable then
"Type `start xserver' to start\nthe graphical user interface."
else ""
}
'';
# Include the firmware for various wireless cards.
networking.enableRT73Firmware = true;
networking.enableIntel2200BGFirmware = true;
require = [
./system-tarball.nix
# Profiles of this basic installation.
../../profiles/base.nix
../../profiles/installation-device.nix
];
# To speed up further installation of packages, include the complete stdenv
# in the Nix store of the tarball.

7
modules/installer/cd-dvd/system-tarball.nix
View File

@ -53,12 +53,7 @@ in
# Closures to be copied to the Nix store on the CD, namely the init
# script and the top-level system configuration directory.
tarball.storeContents =
[ {
object = config.system.build.bootStage2;
symlink = "none";
}
{
object = config.system.build.toplevel;
[ { object = config.system.build.toplevel;
symlink = "/var/run/current-system";
}
];

23
modules/installer/grub/grub-menu-builder.sh
View File

@ -52,8 +52,8 @@ default @default@
timeout @timeout@
GRUBEND
if test -n "@splashImage@"; then
echo "splashimage $bootRoot/background.xpm.gz" >> "$1"
fi
echo "splashimage $bootRoot/background.xpm.gz" >> "$1"
fi
;;
2)
cp -f @grub@/share/grub/unicode.pf2 /boot/grub/unicode.pf2
@ -154,6 +154,7 @@ addEntry() {
local kernel=$(readlink -f $path/kernel)
local initrd=$(readlink -f $path/initrd)
local xen=$([ -f $path/xen.gz ] && readlink -f $path/xen.gz)
if test "$path" = "$defaultConfig"; then
cp "$kernel" /boot/nixos-kernel
@ -181,28 +182,34 @@ EOF
if test -n "$copyKernels"; then
copyToKernelsDir $kernel; kernel=$result
copyToKernelsDir $initrd; initrd=$result
if [ -n "$xen" ]; then copyToKernelsDir $xen; xen=$result; fi
fi
local confName=$(cat $path/configuration-name 2>/dev/null || true)
if test -n "$confName"; then
name="$confName $3"
fi
local kernelParams="systemConfig=$(readlink -f $path) init=$(readlink -f $path/init) $(cat $path/kernel-params)"
local xenParams="$([ -n "$xen" ] && cat $path/xen-params)"
case "$grubVersion" in
1)
cat >> "$tmp" << GRUBEND
title $name
@extraPerEntryConfig@
kernel $kernel systemConfig=$(readlink -f $path) init=$(readlink -f $path/init) $(cat $path/kernel-params)
initrd $initrd
${xen:+kernel $xen $xenParams}
$(if [ -z "$xen" ]; then echo kernel; else echo module; fi) $kernel $kernelParams
$(if [ -z "$xen" ]; then echo initrd; else echo module; fi) $initrd
GRUBEND
;;
2)
cat >> "$tmp" << GRUBEND
menuentry "$name" {
@extraPerEntryConfig@
linux $kernel systemConfig=$(readlink -f $path) init=$(readlink -f $path/init) $(cat $path/kernel-params)
initrd $initrd
${xen:+multiboot $xen $xenParams}
$(if [ -z "$xen" ]; then echo linux; else echo module; fi) $kernel $kernelParams
$(if [ -z "$xen" ]; then echo initrd; else echo module; fi) $initrd
}
GRUBEND
;;
@ -243,7 +250,7 @@ for link in $((ls -d $defaultConfig/fine-tune/* ) | sort -n); do
done
for generation in $(
(cd /nix/var/nix/profiles && ls -d system-*-link) \
(cd /nix/var/nix/profiles && for i in system-*-link; do echo $i; done) \
| sed 's/system-\([0-9]\+\)-link/\1/' \
| sort -n -r); do
link=/nix/var/nix/profiles/system-$generation-link

13
modules/installer/scan/detected.nix Normal file
View File

@ -0,0 +1,13 @@
# List all devices which are detected by nixos-hardware-scan.
# Common devices are enabled by default.
{config, pkgs, ...}:
with pkgs.lib;
{
config = mkDefault {
# Wireless card firmware
networking.enableIntel2200BGFirmware = true;
networking.enableIntel3945ABGFirmware = true;
};
}

12
modules/installer/scan/not-detected.nix Normal file
View File

@ -0,0 +1,12 @@
# List all devices which are _not_ detected by nixos-hardware-scan.
# Common devices are enabled by default.
{config, pkgs, ...}:
with pkgs.lib;
{
config = mkDefault {
# Wireless card firmware
networking.enableRT73Firmware = true;
};
}

61
modules/installer/tools/nixos-deploy-network/deploy.nix Normal file
View File

@ -0,0 +1,61 @@
{ nixos ? /etc/nixos/nixos
, nixpkgs ? /etc/nixos/nixpkgs
, networkExpr
, infrastructureExpr
}:
let
pkgs = import nixpkgs {};
inherit (builtins) attrNames getAttr listToAttrs concatMapStrings;
network = import networkExpr;
infrastructure = import infrastructureExpr;
generateScript = network: infrastructure: configs:
concatMapStrings (configurationName:
let
infrastructureElement = getAttr configurationName infrastructure;
config = getAttr configurationName configs;
in
''
echo "=== upgrading ${infrastructureElement.hostName} ==="
nix-copy-closure --to ${infrastructureElement.hostName} ${config.system.build.toplevel} \
&& ssh $NIX_SSHOPTS ${infrastructureElement.hostName} nix-env -p /nix/var/nix/profiles/system --set ${config.system.build.toplevel} \
&& ssh $NIX_SSHOPTS ${infrastructureElement.hostName} ${config.system.build.toplevel}/bin/switch-to-configuration switch \
&& { succeeded=$((succeeded + 1)); } \
|| { failed=$((failed + 1)); echo 'WARNING: upgrade of ${infrastructureElement.hostName} failed!'; }
''
) (attrNames network)
;
evaluateMachines = network: infrastructure:
listToAttrs (map (configurationName:
let
configuration = getAttr configurationName network;
system = (getAttr configurationName infrastructure).system;
in
{ name = configurationName;
value = (import "${nixos}/lib/eval-config.nix" {
inherit nixpkgs system;
modules = [ configuration ];
extraArgs = evaluateMachines network infrastructure;
}).config; }
) (attrNames (network)))
;
configs = evaluateMachines network infrastructure;
in
pkgs.stdenv.mkDerivation {
name = "deploy-script";
buildCommand = ''
ensureDir $out/bin
cat > $out/bin/deploy-systems << "EOF"
#! ${pkgs.stdenv.shell} -e
failed=0; succeeded=0
${generateScript network infrastructure configs}
echo "Upgrade of $failed machines failed, $succeeded machines succeeded.";
EOF
chmod +x $out/bin/deploy-systems
'';
}

73
modules/installer/tools/nixos-deploy-network/nixos-deploy-network.sh Normal file
View File

@ -0,0 +1,73 @@
#! @shell@ -e
# Shows the usage of this command to the user
showUsage()
{
echo "Usage: $0 -n network_expr -i infrastructure_expr"
echo "Options:"
echo
echo "-n,--network Network Nix expression which captures properties of machines in the network"
echo "-i,--infrastructure Infrastructure Nix expression which captures properties of machines in the network"
echo "-h,--help Shows the usage of this command"
}
# Parse valid argument options
PARAMS=`getopt -n $0 -o n:i:h -l network:,infrastructure:,show-trace,help -- "$@"`
if [ $? != 0 ]
then
showUsage
exit 1
fi
eval set -- "$PARAMS"
# Evaluate valid options
while [ "$1" != "--" ]
do
case "$1" in
-n|--network)
networkExpr=`readlink -f $2`
;;
-i|--infrastructure)
infrastructureExpr=`readlink -f $2`
;;
--show-trace)
showTraceArg="--show-trace"
;;
-h|--help)
showUsage
exit 0
;;
esac
shift
done
# Validate the given options
if [ "$infrastructureExpr" = "" ]
then
echo "ERROR: A infrastructure expression must be specified!" >&2
exit 1
fi
if [ "$networkExpr" = "" ]
then
echo "ERROR: A network expression must be specified!" >&2
exit 1
fi
if [ -z "$NIXOS" ]
then
NIXOS=/etc/nixos/nixos
fi
# Deploy the network
nix-build $NIXOS/deploy.nix --argstr networkExpr $networkExpr --argstr infrastructureExpr $infrastructureExpr $showTraceArg
./result/bin/deploy-systems
rm -f result

7
modules/installer/tools/nixos-hardware-scan.pl
View File

@ -227,7 +227,14 @@ my $attrs = multiLineList(" ", removeDups @attrs);
print <<EOF ;
# This is a generated file. Do not modify!
# Make changes to /etc/nixos/configuration.nix instead.
{modulesPath, ...}:
{
require = [
"\${modulesPath}/profiles/@profile@.nix"
"\${modulesPath}/installer/scan/not-detected.nix"
];
boot.initrd.kernelModules = [ $initrdKernelModules ];
boot.kernelModules = [ $kernelModules ];

207
modules/installer/tools/nixos-option.sh
View File

@ -2,33 +2,41 @@
# Allow the location of NixOS sources and the system configuration
# file to be overridden.
: ${NIXOS_PATH=/etc/nixos/nixos}
: ${mountPoint=/mnt}
: ${NIXOS=/etc/nixos/nixos}
: ${NIXPKGS=/etc/nixos/nixpkgs}
: ${NIXOS_CONFIG=/etc/nixos/configuration.nix}
export NIXOS_PATH
: ${NIXPKGS=/etc/nixos/nixpkgs}
export NIXOS
usage () {
echo 1>&2 "
Usage: $0 OPTION_NAME [-v] [-d] [-l]
Usage: $0 [--install] [-v] [-d] [-l] OPTION_NAME
$0 [--install]
This program is used to explore NixOS options by looking at their values or
by looking at their description. It is helpful for understanding the how
your configuration is working.
by looking at their description. It is helpful for understanding how your
configuration is working.
Options:
-i | --install Use the configuration on
${mountPoint:+$mountPoint/}$NIXOS_CONFIG instead of
the current system configuration. Generate a
template configuration if no option name is
specified.
-v | --value Display the current value, based on your
configuration.
-d | --default Display the default value, the example and the
-d | --description Display the default value, the example and the
description.
-l | --lookup Display where the option is defined and where it
is declared.
--help Show this message.
Environment variables affecting nixos-option:
Environment variables affecting $0:
\$NIXOS_PATH Path where the NixOS repository is located.
\$mountPoint Path to the target file system.
\$NIXOS Path where the NixOS repository is located.
\$NIXOS_CONFIG Path to your configuration file.
\$NIXPKGS Path to Nix packages.
@ -44,6 +52,7 @@ Environment variables affecting nixos-option:
desc=false
defs=false
value=false
install=false
verbose=false
option=""
@ -52,18 +61,39 @@ argfun=""
for arg; do
if test -z "$argfun"; then
case $arg in
-d|--description) desc=true;;
-v|--value) value=true;;
-l|--lookup) defs=true;;
--verbose) verbose=true;;
--help) usage;;
-*) usage;;
*) if test -z "$option"; then
option="$arg"
else
usage
fi;;
-*)
longarg=""
sarg="$arg"
while test "$sarg" != "-"; do
case $sarg in
--*) longarg=$arg;;
-d*) longarg="$longarg --description";;
-v*) longarg="$longarg --value";;
-l*) longarg="$longarg --lookup";;
-i*) longarg="$longarg --install";;
-*) usage;;
esac
sarg="-${sarg#??}"
done
;;
*) longarg=$arg;;
esac
for larg in $longarg; do
case $larg in
--description) desc=true;;
--value) value=true;;
--lookup) defs=true;;
--install) install=true;;
--verbose) verbose=true;;
--help) usage;;
-*) usage;;
*) if test -z "$option"; then
option="$larg"
else
usage
fi;;
esac
done
else
case $argfun in
set_*)
@ -75,6 +105,16 @@ for arg; do
fi
done
# --install cannot be used with -d -v -l without option name.
if $value || $desc || $defs && $install && test -z "$option"; then
usage
fi
generate=false
if ! $defs && ! $desc && ! $value && $install && test -z "$option"; then
generate=true
fi
if ! $defs && ! $desc; then
value=true
fi
@ -93,7 +133,7 @@ evalAttr(){
local prefix=$1
local suffix=$2
local strict=$3
echo "(import $NIXOS_PATH {}).$prefix${option:+.$option}${suffix:+.$suffix}" |
echo "(import $NIXOS {}).$prefix${option:+.$option}${suffix:+.$suffix}" |
nix-instantiate - --eval-only ${strict:+--strict}
}
@ -107,11 +147,134 @@ evalCfg(){
findSources(){
local suffix=$1
echo "builtins.map (f: f.source) (import $NIXOS_PATH {}).eval.options${option:+.$option}.$suffix" |
echo "builtins.map (f: f.source) (import $NIXOS {}).eval.options${option:+.$option}.$suffix" |
nix-instantiate - --eval-only --strict
}
if $install; then
if test -e "$mountPoint$NIXOS"; then
export NIXOS="$mountPoint$NIXOS"
fi
if test -e "$mountPoint$NIXPKGS"; then
export NIXPKGS="$mountPoint$NIXPKGS"
fi
export NIXOS_CONFIG="$mountPoint$NIXOS_CONFIG"
fi
if $generate; then
mkdir -p $(dirname "$NIXOS_CONFIG")
# Scan the hardware and add the result to /etc/nixos/hardware-scan.nix.
hardware_config="${NIXOS_CONFIG%/configuration.nix}/hardware-configuration.nix"
if test -e "$hardware_config"; then
echo "A hardware configuration file exists, generation skipped."
else
echo "Scan your hardware to generate a hardware configuration file."
nixos-hardware-scan > "$hardware_config"
fi
if test -e "$NIXOS_CONFIG"; then
echo 1>&2 "error: Cannot generate a template configuration because a configuration file exists."
exit 1
fi
echo "Generate a template configuration that you should edit."
# Generate a template configuration file where the user has to
# fill the gaps.
echo > "$NIXOS_CONFIG" \
'# Edit this configuration file which defines what would be installed on the
# system. To Help while choosing option value, you can watch at the manual
# page of configuration.nix or at the last chapter of the manual available
# on the virtual console 8 (Alt+F8).
{config, pkgs, ...}:
{
require = [
# Include the configuration for part of your system which have been
# detected automatically. In addition, it includes the same
# configuration as the installation device that you used.
./hardware-configuration.nix
];
boot.initrd.kernelModules = [
# Specify all kernel modules that are necessary for mounting the root
# file system.
#
# "ext4" "ata_piix"
];
boot.loader.grub = {
# Use grub 2 as boot loader.
enable = true;
version = 2;
# Define on which hard drive you want to install Grub.
# device = "/dev/sda";
};
networking = {
# hostName = "nixos"; # Define your hostname.
interfaceMonitor.enable = true; # Watch for plugged cable.
enableWLAN = true; # Enables Wireless.
};
# Add file system entries for each partition that you want to see mounted
# at boot time. You can add filesystems which are not mounted at boot by
# adding the noauto option.
fileSystems = [
# Mount the root file system
#
# { mountPoint = "/";
# device = "/dev/sda2";
# }
# Copy & Paste & Uncomment & Modify to add any other file system.
#
# { mountPoint = "/data"; # where you want to mount the device
# device = "/dev/sdb"; # the device or the label of the device
# # label = "data";
# fsType = "ext3"; # the type of the partition.
# options = "data=journal";
# }
];
swapDevices = [
# List swap partitions that are mounted at boot time.
#
# { device = "/dev/sda1"; }
];
# Select internationalisation properties.
# i18n = {
# consoleFont = "lat9w-16";
# consoleKeyMap = "us";
# defaultLocale = "en_US.UTF-8";
# };
# List services that you want to enable:
# Add an OpenSSH daemon.
# services.openssh.enable = true;
# Add CUPS to print documents.
# services.printing.enable = true;
# Add XServer (default if you have used a graphical iso)
# services.xserver = {
# enable = true;
# layout = "us";
# xkbOptions = "eurosign:e";
# };
# Add the NixOS Manual on virtual console 8
services.nixosManual.showManual = true;
}
'
exit 0
fi;
if test "$(evalOpt "_type" 2> /dev/null)" = '"option"'; then
$value && evalCfg;

9
modules/installer/tools/nixos-rebuild.sh
View File

@ -22,6 +22,8 @@ The operation is one of the following:
activate it
build-vm: build a virtual machine containing the configuration
(useful for testing)
build-vm-with-bootloader:
like build-vm, but include a boot loader in the VM
dry-run: just show what store paths would be built/downloaded
pull: just pull the Nixpkgs channel manifest and exit
@ -64,7 +66,7 @@ while test "$#" -gt 0; do
--help)
showSyntax
;;
switch|boot|test|build|dry-run|build-vm|pull)
switch|boot|test|build|dry-run|build-vm|build-vm-with-bootloader|pull)
action="$i"
;;
--install-grub)
@ -171,9 +173,12 @@ if test -z "$rollback"; then
elif test "$action" = test -o "$action" = build -o "$action" = dry-run; then
nix-build $NIXOS -A system -K -k $extraBuildFlags > /dev/null
pathToConfig=./result
elif test "$action" = build-vm; then
elif [ "$action" = build-vm ]; then
nix-build $NIXOS -A vm -K -k $extraBuildFlags > /dev/null
pathToConfig=./result
elif [ "$action" = build-vm-with-bootloader ]; then
nix-build $NIXOS -A vmWithBootLoader -K -k $extraBuildFlags > /dev/null
pathToConfig=./result
else
showSyntax
fi

19
modules/installer/tools/tools.nix
View File

@ -11,6 +11,11 @@ let
isExecutable = true;
});
nixosDeployNetwork = makeProg {
name = "nixos-deploy-network";
src = ./nixos-deploy-network/nixos-deploy-network.sh;
};
nixosInstall = makeProg {
name = "nixos-install";
src = ./nixos-install.sh;
@ -80,6 +85,7 @@ let
name = "nixos-hardware-scan";
src = ./nixos-hardware-scan.pl;
inherit (pkgs) perl;
profile = config.installer.installProfile;
};
nixosOption = makeProg {
@ -112,12 +118,21 @@ in
<command>nixos-rebuild</command> to speed up builds.
'';
};
installer.installProfile = pkgs.lib.mkOption {
default = "base";
example = "graphical";
description = ''
Name of the profile used when generating the hardware-scan.
'';
};
};
config = {
environment.systemPackages =
[ nixosInstall
[ nixosDeployNetwork
nixosInstall
nixosRebuild
nixosHardwareScan
nixosGenSeccureKeys
@ -128,7 +143,7 @@ in
];
system.build = {
inherit nixosInstall;
inherit nixosInstall nixosHardwareScan nixosOption;
# expose scripts
inherit (installer2) nixosPrepareInstall runInChroot nixosBootstrap minimalInstallArchive;

1
modules/misc/ids.nix
View File

@ -56,6 +56,7 @@ in
sabnzbd = 33;
tor = 35;
cups = 36;
foldingAtHome = 37;
# When adding a uid, make sure it doesn't match an existing gid.
nixbld = 30000; # start of range of uids

7
modules/module-list.nix
View File

@ -14,6 +14,7 @@
./config/users-groups.nix
./hardware/network/intel-2200bg.nix
./hardware/network/intel-3945abg.nix
./hardware/network/rt2870.nix
./hardware/network/rt73.nix
./hardware/pcmcia.nix
./installer/generations-dir/generations-dir.nix
@ -44,6 +45,7 @@
./security/sudo.nix
./services/audio/alsa.nix
./services/audio/pulseaudio.nix
./services/backup/hydra-mirror.nix
./services/backup/mysql-backup.nix
./services/backup/postgresql-backup.nix
./services/backup/sitecopy-backup.nix
@ -58,10 +60,12 @@
./services/logging/logrotate.nix
./services/logging/syslogd.nix
./services/mail/dovecot.nix
./services/mail/mail.nix
./services/mail/postfix.nix
./services/misc/autofs.nix
./services/misc/disnix.nix
./services/misc/felix.nix
./services/misc/folding-at-home.nix
./services/misc/gpsd.nix
./services/misc/nix-daemon.nix
./services/misc/nix-gc.nix
@ -77,6 +81,7 @@
./services/network-filesystems/nfs-kernel.nix
./services/network-filesystems/openafs-client/default.nix
./services/network-filesystems/samba.nix
./services/networking/amuled.nix
./services/networking/avahi-daemon.nix
./services/networking/bind.nix
./services/networking/bitlbee.nix
@ -109,6 +114,7 @@
./services/scheduling/cron.nix
./services/scheduling/fcron.nix
./services/security/tor.nix
./services/security/torsocks.nix
./services/system/dbus.nix
./services/system/kerberos.nix
./services/system/nscd.nix
@ -154,4 +160,5 @@
./tasks/network-interfaces.nix
./tasks/swraid.nix
./tasks/tty-backgrounds.nix
./virtualisation/xen-dom0.nix
]

92
modules/profiles/base.nix Normal file
View File

@ -0,0 +1,92 @@
{config, pkgs, ...}:
{
# The initrd has to contain any module that might be necessary for
# mounting the CD/DVD.
boot.initrd.availableKernelModules =
[ # SATA/PATA support.
"ahci"
"ata_piix"
"sata_inic162x" "sata_nv" "sata_promise" "sata_qstor"
"sata_sil" "sata_sil24" "sata_sis" "sata_svw" "sata_sx4"
"sata_uli" "sata_via" "sata_vsc"
"pata_ali" "pata_amd" "pata_artop" "pata_atiixp"
"pata_cs5520" "pata_cs5530" "pata_cs5535" "pata_efar"
"pata_hpt366" "pata_hpt37x" "pata_hpt3x2n" "pata_hpt3x3"
"pata_it8213" "pata_it821x" "pata_jmicron" "pata_marvell"
"pata_mpiix" "pata_netcell" "pata_ns87410" "pata_oldpiix"
"pata_pcmcia" "pata_pdc2027x" "pata_qdi" "pata_rz1000"
"pata_sc1200" "pata_serverworks" "pata_sil680" "pata_sis"
"pata_sl82c105" "pata_triflex" "pata_via"
"pata_winbond"
# SCSI support (incomplete).
"3w-9xxx" "3w-xxxx" "aic79xx" "aic7xxx" "arcmsr"
# USB support, especially for booting from USB CD-ROM
# drives.
"usb_storage"
# Firewire support. Not tested.
"ohci1394" "sbp2"
# Virtio (QEMU, KVM etc.) support.
"virtio_net" "virtio_pci" "virtio_blk" "virtio_balloon"
# Add vfat to enable people to copy the contents of the CD to a
# bootable USB stick.
"vfat" "nls_cp437" "nls_iso8859-1"
];
boot.initrd.kernelModules =
[ # Wait for SCSI devices to appear.
"scsi_wait_scan"
];
# Include some utilities that are useful for installing or repairing
# the system.
environment.systemPackages = [
pkgs.subversion # for nixos-checkout
pkgs.w3m # needed for the manual anyway
pkgs.testdisk # useful for repairing boot problems
pkgs.mssys # for writing Microsoft boot sectors / MBRs
pkgs.parted
pkgs.ddrescue
pkgs.ccrypt
pkgs.cryptsetup # needed for dm-crypt volumes
# Some networking tools.
pkgs.sshfsFuse
pkgs.socat
pkgs.screen
# Hardware-related tools.
pkgs.sdparm
pkgs.hdparm
pkgs.dmraid
# Tools to create / manipulate filesystems.
pkgs.ntfsprogs # for resizing NTFS partitions
pkgs.btrfsProgs
pkgs.dosfstools
pkgs.xfsprogs
pkgs.jfsutils
pkgs.jfsrec
# Some compression/archiver tools.
pkgs.unrar
pkgs.unzip
pkgs.zip
pkgs.xz
pkgs.dar # disk archiver
# Some editors.
pkgs.nvi
pkgs.bvi # binary editor
pkgs.joe
];
}

8
modules/profiles/empty.nix Normal file
View File

@ -0,0 +1,8 @@
# Empty profiles, used to avoid the case where no profiles are selected for
# nixos-hardware-scan.
{
imports = [];
options = {};
config = {};
}

17
modules/profiles/graphical.nix Normal file
View File

@ -0,0 +1,17 @@
# This module defines a NixOS configuration that contains X11 and
# KDE 4.
{config, pkgs, ...}:
{
require = [
./base.nix
];
services.xserver = {
enable = true;
autorun = true;
defaultDepth = 24;
desktopManager.default = "kde4";
desktopManager.kde4.enable = true;
};
}

166
modules/profiles/installation-device.nix Normal file
View File

@ -0,0 +1,166 @@
# Provide a basic cponfiguration for installation devices like CDs.
{config, pkgs, modules, ...}:
with pkgs.lib;
let
# Location of the repository on the harddrive
nixosPath = toString ../../.;
# Check if the path is from the NixOS repository
isNixOSFile = path:
let s = toString path; in
removePrefix nixosPath s != s;
# Copy modules given as extra configuration files. Unfortunately, we
# cannot serialized attribute set given in the list of modules (that's why
# you should use files).
moduleFiles =
filter isPath modules;
# Partition module files because between NixOS and non-NixOS files. NixOS
# files may change if the repository is updated.
partitionnedModuleFiles =
let p = partition isNixOSFile moduleFiles; in
{ nixos = p.right; others = p.wrong; };
# Path transformed to be valid on the installation device. Thus the
# device configuration could be rebuild.
relocatedModuleFiles =
let
relocateNixOS = path:
"/etc/nixos/nixos" + removePrefix nixosPath (toString path);
relocateOthers = null;
in
{ nixos = map relocateNixOS partitionnedModuleFiles.nixos;
others = []; # TODO: copy the modules to the install-device repository.
};
# A dummy /etc/nixos/configuration.nix in the booted CD that
# rebuilds the CD's configuration (and allows the configuration to
# be modified, of course, providing a true live CD). Problem is
# that we don't really know how the CD was built - the Nix
# expression language doesn't allow us to query the expression being
# evaluated. So we'll just hope for the best.
configClone = pkgs.writeText "configuration.nix"
''
{config, pkgs, ...}:
{
require = [
${toString config.installer.cloneConfigIncludes}
];
# Add your own options below and run "nixos-rebuild switch".
# E.g.,
# services.openssh.enable = true;
}
'';
in
{
imports = [
# Enable devices which are usually scanned, because we don't know the
# target system.
../installer/scan/detected.nix
../installer/scan/not-detected.nix
];
options = {
system.nixosVersion = mkOption {
default = "${builtins.readFile ../../VERSION}";
description = ''
NixOS version number.
'';
};
installer.cloneConfig = mkOption {
default = true;
description = ''
Try to clone the installation-device configuration by re-using it's
profile from the list of imported modules.
'';
};
installer.cloneConfigIncludes = mkOption {
default = [];
example = [ "./nixos/modules/hardware/network/rt73.nix" ];
description = ''
List of modules used to re-build this installation device profile.
'';
};
# Ignored. Kept for Backward compatibiliy.
# you can retrieve the profiles which have been used by looking at the
# list of modules use to configure the installation device.
installer.configModule = mkOption {
example = "./nixos/modules/installer/cd-dvd/installation-cd.nix";
description = ''
Filename of the configuration module that builds the CD
configuration. Must be specified to support reconfiguration
in live CDs.
'';
};
};
config = {
installer.cloneConfigIncludes =
relocatedModuleFiles.nixos ++ relocatedModuleFiles.others;
# Show the manual.
services.nixosManual.showManual = true;
# Let the user play Rogue on TTY 8 during the installation.
services.rogue.enable = true;
# Disable some other stuff we don't need.
security.sudo.enable = false;
# Include only the en_US locale. This saves 75 MiB or so compared to
# the full glibcLocales package.
i18n.supportedLocales = ["en_US.UTF-8/UTF-8" "en_US/ISO-8859-1"];
# nixos-install will do a pull from this channel to speed up the
# installation.
installer.nixpkgsURL = http://nixos.org/releases/nixpkgs/channels/nixpkgs-unstable;
boot.postBootCommands =
''
# Provide a mount point for nixos-install.
mkdir -p /mnt
${optionalString config.installer.cloneConfig ''
# Provide a configuration for the CD/DVD itself, to allow users
# to run nixos-rebuild to change the configuration of the
# running system on the CD/DVD.
cp ${configClone} /etc/nixos/configuration.nix
''}
'';
# Force the xserver autorun to false.
services.xserver.autorun = mkForce false;
services.xserver.defaultDepth = mkForce 16;
# Some more help text.
services.mingetty.helpLine =
''
Log in as "root" with an empty password. ${
if config.services.xserver.enable then
"Type `start xserver' to start\nthe graphical user interface."
else ""
}
'';
# Allow sshd to be started manually through "start sshd". It should
# not be started by default on the installation CD because the
# default root password is empty.
services.openssh.enable = true;
jobs.sshd.startOn = pkgs.lib.mkOverride 50 "";
# Enable wpa_supplicant, but don't start it by default.
networking.enableWLAN = true;
jobs.wpa_supplicant.startOn = pkgs.lib.mkOverride 50 "";
};
}

15
modules/profiles/minimal.nix Normal file
View File

@ -0,0 +1,15 @@
# This module defines a small NixOS configuration. It does not
# contain any graphical stuff.
{config, pkgs, ...}:
{
require = [ ./base.nix ];
# Don't include X libraries.
services.openssh.forwardX11 = false;
services.dbus.enable = false; # depends on libX11
services.hal.enable = false; # depends on dbus
fonts.enableFontConfig = false;
fonts.enableCoreFonts = false;
}

52
modules/profiles/rescue.nix Normal file
View File

@ -0,0 +1,52 @@
# This module defines a small NixOS configuration. It does not contain any
# graphical stuff but contains many tools useful for the rescue.
{config, pkgs, ...}:
{
require = [ ./minimal.nix ];
# Useful for rescue..
environment.systemPackages = with pkgs; [
utillinuxCurses ddrescue
pciutils sdparm hdparm hddtemp usbutils
btrfsProgs xfsprogs jfsutils jfsrec
iproute
fuse ntfs3g smbfsFuse sshfsFuse
manpages irssi elinks mcabber mutt openssh lftp
openssl ncat socat
gnupg1 gnupg
patch which diffutils gcc binutils bc file
screen
bvi joe nvi
subversion16 monotone git darcs mercurial bazaar cvs
unrar unzip zip lzma cabextract cpio
lsof
];
boot.kernelPackages = pkgs.linuxPackages_2_6_32;
boot.initrd.kernelModules = [
"evdev" "i8042" "pcips2" "serio" "sd_mod" "libata" "unix" "usbhid"
"uhci_hcd" "atkbd" "xtkbd" "fbdev" "iso9660" "udf" "loop"
];
boot.kernelModules = [
"fbcon"
"radeonfb"
"intelfb"
"sisfb"
"nvidiafb"
"cirrusfb"
];
boot.kernelParams = [
"selinux=0"
"acpi=on"
"apm=off"
"console=tty1"
"splash=verbose"
];
services.ttyBackgrounds.enable = false;
}

17
modules/programs/bash/bash.nix
View File

@ -1,19 +1,21 @@
# This module defines global configuration for the Bash shell, in
# particular /etc/bashrc and /etc/profile.
{config, pkgs, ...}:
{ config, pkgs, ... }:
with pkgs.lib;
let
options = {
environment.shellInit = pkgs.lib.mkOption {
environment.shellInit = mkOption {
default = "";
example = ''export PATH=/godi/bin/:$PATH'';
description = "
Script used to initialized user shell environments.
";
merge = pkgs.lib.mergeStringOption;
merge = mergeStringOption;
};
};
@ -57,4 +59,13 @@ in
];
system.build.binsh = pkgs.bashInteractive;
system.activationScripts.binsh = stringAfter [ "stdio" ]
''
# Create the required /bin/sh symlink; otherwise lots of things
# (notably the system() function) won't work.
mkdir -m 0755 -p /bin
ln -sfn ${config.system.build.binsh}/bin/sh /bin/sh
'';
}

11
modules/programs/bash/bashrc.sh
View File

@ -15,14 +15,14 @@ export LOCATE_PATH=/var/cache/locatedb
# Include the various profiles in the appropriate environment variables.
NIX_USER_PROFILE_DIR=/nix/var/nix/profiles/per-user/$USER
NIX_PROFILES="/var/run/current-system/sw /nix/var/nix/profiles/default $NIX_USER_PROFILE_DIR/profile"
NIX_PROFILES="/var/run/current-system/sw /nix/var/nix/profiles/default $HOME/.nix-profile"
unset PATH INFOPATH PKG_CONFIG_PATH PERL5LIB GST_PLUGIN_PATH KDEDIRS
unset XDG_CONFIG_DIRS XDG_DATA_DIRS
for i in $NIX_PROFILES; do # !!! reverse
# We have to care not leaving an empty PATH element, because that means '.' to Linux
export PATH=$i/bin:$i/sbin${PATH:+:}$PATH
export PATH=$i/bin:$i/sbin:$i/lib/kde4/libexec${PATH:+:}$PATH
export INFOPATH=$i/info:$i/share/info${INFOPATH:+:}$INFOPATH
export PKG_CONFIG_PATH="$i/lib/pkgconfig${PKG_CONFIG_PATH:+:}$PKG_CONFIG_PATH"
@ -30,12 +30,15 @@ for i in $NIX_PROFILES; do # !!! reverse
# from Nixpkgs <= 0.12.
export PERL5LIB="$i/lib/perl5/site_perl:$i/lib/site_perl${PERL5LIB:+:}$PERL5LIB"
# ALSA plugins
export ALSA_PLUGIN_DIRS="$i/lib/alsa-lib${ALSA_PLUGIN_DIRS:+:}$ALSA_PLUGIN_DIRS"
# GStreamer.
export GST_PLUGIN_PATH="$i/lib/gstreamer-0.10${GST_PLUGIN_PATH:+:}$GST_PLUGIN_PATH"
# KDE/Gnome stuff.
export KDEDIRS=$i${KDEDIRS:+:}$KDEDIRS
export QT_PLUGIN_PATH=$i/plugins:$i/lib/qt4/plugins${QT_PLUGIN_PATH:+:}$QT_PLUGIN_PATH
export QT_PLUGIN_PATH=$i/lib/qt4/plugins:$i/lib/kde4/plugins${QT_PLUGIN_PATH:+:}$QT_PLUGIN_PATH
export XDG_CONFIG_DIRS=$i/etc/xdg${XDG_CONFIG_DIRS:+:}$XDG_CONFIG_DIRS
export XDG_DATA_DIRS=$i/share${XDG_DATA_DIRS:+:}$XDG_DATA_DIRS
done
@ -43,7 +46,7 @@ done
# Search directory for Aspell dictionaries.
export ASPELL_CONF="dict-dir $NIX_USER_PROFILE_DIR/profile/lib/aspell"
export ASPELL_CONF="dict-dir $HOME/.nix-profile/lib/aspell"
# ~/bin and the setuid wrappers override other bin directories.

4
modules/security/policykit.nix
View File

@ -51,7 +51,7 @@ in
}
];
system.activationScripts.policyKit = fullDepEntry
system.activationScripts.policyKit = stringAfter [ "users" ]
''
mkdir -m 0770 -p /var/run/PolicyKit
chown root.polkituser /var/run/PolicyKit
@ -63,7 +63,7 @@ in
touch /var/lib/misc/PolicyKit.reload
chmod 0664 /var/lib/misc/PolicyKit.reload
chown polkituser.polkituser /var/lib/misc/PolicyKit.reload
'' [ "users" ];
'';
};

18
modules/security/polkit.nix
View File

@ -27,12 +27,10 @@ in
environment = {
systemPackages = [ pkWrapper ];
pathsToLink = [ "/share/polkit-1" "/etc/polkit-1" ];
etc = [
{
source = "${config.system.path}/etc/polkit-1";
etc = singleton
{ source = "${config.system.path}/etc/polkit-1";
target = "polkit-1";
}
];
};
};
services.dbus.packages = [ pkWrapper ];
@ -41,18 +39,16 @@ in
pam.services = [ { name = "polkit-1"; } ];
setuidPrograms = [ "pkexec" ];
setuidOwners = [
{
program = "polkit-agent-helper-1";
setuidOwners = singleton
{ program = "polkit-agent-helper-1";
owner = "root";
group = "root";
setuid = true;
source = pkgs.polkit + "/" + pkWrapper.helper;
}
];
};
};
system.activationScripts.polikit = pkgs.stringsWithDeps.noDepEntry
system.activationScripts.polkit =
''
mkdir -p /var/lib/polkit-1/localauthority
chmod 700 /var/lib/polkit-1{/localauthority,}

6
modules/security/setuid-wrappers.nix
View File

@ -75,7 +75,7 @@ in
config = {
security.setuidPrograms =
[ "crontab" "fusermount" "wodim" "cdrdao" "growisofs" ];
[ "fusermount" "wodim" "cdrdao" "growisofs" ];
system.activationScripts.setuid =
let
@ -110,7 +110,7 @@ in
chmod "u${if setuid then "+" else "-"}s,g${if setgid then "+" else "-"}s,${permissions}" ${wrapperDir}/${program}
'';
in pkgs.stringsWithDeps.fullDepEntry
in stringAfter [ "users" ]
''
# Look in the system path and in the default profile for
# programs to be wrapped.
@ -120,7 +120,7 @@ in
mkdir -p ${wrapperDir}
${concatMapStrings makeSetuidWrapper setuidPrograms}
'' [ "defaultPath" "users" ];
'';
};

87
modules/services/backup/hydra-mirror.nix Normal file
View File

@ -0,0 +1,87 @@
{ config, pkgs, ... }:
with pkgs.lib;
let
cfg = config.services.hydraChannelMirror ;
mirrorChannel = pkgs.fetchsvn {
url = https://svn.nixos.org/repos/nix/release/trunk/channels/mirror-channel.pl;
rev = 24132;
sha256 = "02xvswbbr2sj9k1wfraa0j9053vf6w88nhk15qwzs8nkm180n820";
};
cronjob = jobset : ''
${cfg.period} root ENABLE_PATCHES=1 PATH=${config.environment.nix}/libexec/nix:$PATH perl -I${config.environment.nix}/libexec/nix ${mirrorChannel} ${cfg.hydraURL}/jobset/${jobset.project}/${jobset.jobset}/channel/latest ${cfg.dataDir}/channels/${jobset.relURL} ${cfg.dataDir}/nars ${cfg.mirrorURL}/nars ${cfg.dataDir}/patches ${cfg.mirrorURL}/patches ${if jobset.nixexprs == "" then "" else "${cfg.hydraURL}/job/${jobset.project}/${jobset.jobset}/${jobset.nixexprs}/latest/download-by-type/file/source-dist"} >> ${cfg.dataDir}/logs/${jobset.name}.log
'';
in
{
options = {
services.hydraChannelMirror = {
enable = mkOption {
default = false;
description = ''
Whether to enable Hydra channel mirroring.
'';
};
period = mkOption {
default = "15 * * * *";
description = ''
This option defines (in the format used by cron) when the
mirroring should occur.
'';
};
jobsets = mkOption {
default = [ rec { name = "nixpkgs-unstable"; project = "nixpkgs"; jobset = "trunk"; nixexprs = "tarball"; relURL = "nixpkgs/channels/${name}"; } ];
description = ''
List of jobsets to mirror.
'';
};
hydraURL = mkOption {
default = "http://hydra.nixos.org";
description = ''
Location (URL) of Hydra instance
'';
};
mirrorURL = mkOption {
default = "http://nixos.org/releases";
description = ''
Location (URL) of Hydra mirror
'';
};
dataDir = mkOption {
default = "/data/hydra-mirror";
description = ''
Location of Hydra mirror data
'';
};
};
};
config = mkIf cfg.enable {
services.cron.systemCronJobs = map cronjob cfg.jobsets ;
system.activationScripts.hydraChannelMirror = stringAfter [ "stdio" "users" ]
''
mkdir -m 0755 -p ${cfg.dataDir}
mkdir -m 0755 -p ${cfg.dataDir}/nars
mkdir -m 0755 -p ${cfg.dataDir}/patches
mkdir -m 0755 -p ${cfg.dataDir}/channels
ln -fs ${cfg.dataDir}/nars ${cfg.dataDir}/channels/nars
ln -fs ${cfg.dataDir}/patches ${cfg.dataDir}/channels/patches
mkdir -m 0755 -p ${cfg.dataDir}/logs
${concatMapStrings (j : ''
mkdir -m 0755 -p ${cfg.dataDir}/channels/${j.relURL}
'') cfg.jobsets}
'';
};
}

21
modules/services/backup/mysql-backup.nix
View File

@ -1,7 +1,9 @@
{pkgs, config, ...}:
{ config, pkgs, ... }:
with pkgs.lib;
let
inherit (pkgs.lib) mkOption mkIf singleton concatStrings;
inherit (pkgs) mysql gzip;
location = config.services.mysqlBackup.location ;
@ -58,14 +60,15 @@ in
};
config = mkIf config.services.mysqlBackup.enable {
services.cron = {
systemCronJobs = map mysqlBackupCron config.services.mysqlBackup.databases;
};
services.cron.systemCronJobs = map mysqlBackupCron config.services.mysqlBackup.databases;
system.activationScripts.mysqlBackup = pkgs.stringsWithDeps.fullDepEntry ''
mkdir -m 0700 -p ${config.services.mysqlBackup.location}
chown ${config.services.mysqlBackup.user} ${config.services.mysqlBackup.location}
'' [ "stdio" "defaultPath" "systemConfig" "users" ];
system.activationScripts.mysqlBackup = stringAfter [ "stdio" "defaultPath" "systemConfig" "users" ]
''
mkdir -m 0700 -p ${config.services.mysqlBackup.location}
chown ${config.services.mysqlBackup.user} ${config.services.mysqlBackup.location}
'';
};
}

25
modules/services/backup/postgresql-backup.nix
View File

@ -1,14 +1,16 @@
{pkgs, config, ...}:
{ config, pkgs, ... }:
with pkgs.lib;
let
inherit (pkgs.lib) mkOption mkIf singleton concatStrings;
inherit (pkgs) postgresql gzip;
location = config.services.postgresqlBackup.location ;
postgresqlBackupCron = db : ''
${config.services.postgresqlBackup.period} root ${postgresql}/bin/pg_dump ${db} | ${gzip}/bin/gzip -c > ${location}/${db}.gz
'';
postgresqlBackupCron = db:
''
${config.services.postgresqlBackup.period} root ${postgresql}/bin/pg_dump ${db} | ${gzip}/bin/gzip -c > ${location}/${db}.gz
'';
in
@ -52,14 +54,13 @@ in
};
config = mkIf config.services.postgresqlBackup.enable {
services.cron = {
systemCronJobs = map postgresqlBackupCron config.services.postgresqlBackup.databases;
};
services.cron.systemCronJobs = map postgresqlBackupCron config.services.postgresqlBackup.databases;
system.activationScripts.postgresqlBackup = pkgs.stringsWithDeps.fullDepEntry ''
mkdir -m 0700 -p ${config.services.postgresqlBackup.location}
chown root ${config.services.postgresqlBackup.location}
'' [ "stdio" "defaultPath" "systemConfig" "users" ];
system.activationScripts.postgresqlBackup = stringAfter [ "stdio" "defaultPath" "systemConfig" "users" ]
''
mkdir -m 0700 -p ${config.services.postgresqlBackup.location}
chown root ${config.services.postgresqlBackup.location}
'';
};
}

75
modules/services/backup/sitecopy-backup.nix
View File

@ -1,7 +1,8 @@
{pkgs, config, ...}:
{ config, pkgs, ... }:
with pkgs.lib;
let
inherit (pkgs.lib) mkOption mkIf singleton concatStrings;
inherit (pkgs) sitecopy;
stateDir = "/var/spool/sitecopy";
@ -63,45 +64,41 @@ in
config = mkIf config.services.sitecopy.enable {
environment.systemPackages = [ sitecopy ];
services.cron = {
systemCronJobs = map sitecopyCron config.services.sitecopy.backups;
};
services.cron.systemCronJobs = map sitecopyCron config.services.sitecopy.backups;
system.activationScripts.sitecopyBackup = stringAfter [ "stdio" "systemConfig" "users" ]
''
mkdir -m 0700 -p ${stateDir}
chown root ${stateDir}
touch ${stateDir}/sitecopy.secrets
chown root ${stateDir}/sitecopy.secrets
system.activationScripts.sitecopyBackup =
pkgs.stringsWithDeps.fullDepEntry ''
mkdir -m 0700 -p ${stateDir}
chown root ${stateDir}
touch ${stateDir}/sitecopy.secrets
chown root ${stateDir}/sitecopy.secrets
${pkgs.lib.concatStrings (map ( b: ''
unset secrets
unset secret
secrets=`grep '^${b.server}' ${stateDir}/sitecopy.secrets | head -1`
secret=($secrets)
cat > ${stateDir}/${b.name}.conf << EOF
site ${b.name}
server ${b.server}
protocol ${b.protocol}
username ''${secret[1]}
password ''${secret[2]}
local ${b.local}
remote ${b.remote}
symlinks ${b.symlinks}
${if b.https then "http secure" else ""}
EOF
chmod 0600 ${stateDir}/${b.name}.conf
if ! test -e ${stateDir}/${b.name} ; then
echo " * Initializing sitecopy '${b.name}'"
${sitecopy}/bin/sitecopy --storepath=${stateDir} --rcfile=${stateDir}/${b.name}.conf --initialize ${b.name}
else
echo " * Sitecopy '${b.name}' already initialized"
fi
'' ) config.services.sitecopy.backups
)}
'' [ "stdio" "defaultPath" "systemConfig" "users" ] ;
${pkgs.lib.concatStrings (map ( b: ''
unset secrets
unset secret
secrets=`grep '^${b.server}' ${stateDir}/sitecopy.secrets | head -1`
secret=($secrets)
cat > ${stateDir}/${b.name}.conf << EOF
site ${b.name}
server ${b.server}
protocol ${b.protocol}
username ''${secret[1]}
password ''${secret[2]}
local ${b.local}
remote ${b.remote}
symlinks ${b.symlinks}
${if b.https then "http secure" else ""}
EOF
chmod 0600 ${stateDir}/${b.name}.conf
if ! test -e ${stateDir}/${b.name} ; then
echo " * Initializing sitecopy '${b.name}'"
${sitecopy}/bin/sitecopy --storepath=${stateDir} --rcfile=${stateDir}/${b.name}.conf --initialize ${b.name}
else
echo " * Sitecopy '${b.name}' already initialized"
fi
'' ) config.services.sitecopy.backups
)}
'';
};
}

26
modules/services/hardware/udev.nix
View File

@ -38,7 +38,7 @@ let
cp -v ${udev}/libexec/rules.d/*.rules $out/
# Set a reasonable $PATH for programs called by udev rules.
echo 'ENV{PATH}="${pkgs.coreutils}/bin:${pkgs.gnused}/bin:${pkgs.utillinux}/bin"' > $out/00-path.rules
echo 'ENV{PATH}="${udevPath}/bin:${udevPath}/sbin"' > $out/00-path.rules
# Set the firmware search path so that the firmware.sh helper
# called by 50-firmware.rules works properly.
@ -84,6 +84,15 @@ let
#udev_log="debug"
'';
# Udev has a 512-character limit for ENV{PATH}, so create a symlink
# tree to work around this.
udevPath = pkgs.buildEnv {
name = "udev-path";
paths = cfg.path;
pathsToLink = [ "/bin" "/sbin" ];
ignoreCollisions = true;
};
in
{
@ -118,6 +127,15 @@ in
'';
};
path = mkOption {
default = [];
merge = mergeListOption;
description = ''
Packages added to the <envar>PATH</envar> environment variable when
executing programs from Udev rules.
'';
};
extraRules = mkOption {
default = "";
example = ''
@ -159,7 +177,9 @@ in
services.udev.extraRules = nixosRules;
services.udev.packages = [extraUdevRules];
services.udev.packages = [ extraUdevRules ];
services.udev.path = [ pkgs.coreutils pkgs.gnused pkgs.gnugrep pkgs.utillinux ];
jobs.udev =
{ startOn = "startup";
@ -207,7 +227,7 @@ in
initctl emit -n new-devices
'';
};
};
}

33
modules/services/mail/mail.nix Normal file
View File

@ -0,0 +1,33 @@
{ config, pkgs, ... }:
with pkgs.lib;
{
###### interface
options = {
services.mail = {
sendmailSetuidWrapper = mkOption {
default = null;
description = ''
Configuration for the sendmail setuid wrwapper (like an element of
security.setuidOwners)";
'';
};
};
};
###### implementation
config = mkIf (config.services.mail.sendmailSetuidWrapper != null) {
security.setuidOwners = [ config.services.mail.sendmailSetuidWrapper ];
};
}

27
modules/services/mail/postfix.nix
View File

@ -111,6 +111,11 @@ in
default = false;
description = "Whether to run the Postfix mail server.";
};
setSendmail = mkOption {
default = true;
description = "Whether to set the system sendmail to postfix's.";
};
user = mkOption {
default = "postfix";
@ -254,10 +259,24 @@ in
config = mkIf config.services.postfix.enable {
environment.etc = singleton
{ source = "/var/postfix/conf";
target = "postfix";
};
environment = {
etc = singleton
{ source = "/var/postfix/conf";
target = "postfix";
};
# This makes comfortable for root to run 'postqueue' for example.
systemPackages = [ pkgs.postfix ];
};
services.mail.sendmailSetuidWrapper = mkIf config.services.postfix.setSendmail {
program = "sendmail";
source = "${pkgs.postfix}/bin/sendmail";
owner = "nobody";
group = "postdrop";
setuid = false;
setgid = true;
};
users.extraUsers = singleton
{ name = user;

74
modules/services/misc/folding-at-home.nix Normal file
View File

@ -0,0 +1,74 @@
{ config, pkgs, ... }:
with pkgs.lib;
let
stateDir = "/var/lib/foldingathome";
cfg = config.services.foldingAtHome;
fahUser = "foldingathome";
in {
###### interface
options = {
services.foldingAtHome = {
enable = mkOption {
default = false;
description = ''
Whether to enable the Folding@Home to use idle CPU time.
'';
};
nickname = mkOption {
default = "Anonymous";
description = ''
A unique handle for statistics.
'';
};
config = mkOption {
default = "";
description = ''
Extra configuration. Contents will be added verbatim to the
configuration file.
'';
};
};
};
###### implementation
config = mkIf cfg.enable {
users.extraUsers = singleton
{ name = fahUser;
uid = config.ids.uids.foldingAtHome;
description = "Folding@Home user";
home = stateDir;
};
jobs.foldingAtHome =
{ name = "foldingathome";
startOn = "started network-interfaces";
stopOn = "stopping network-interfaces";
preStart =
''
mkdir -m 0755 -p ${stateDir}
chown ${fahUser} ${stateDir}
cp -f ${pkgs.writeText "client.cfg" cfg.config} ${stateDir}/client.cfg
'';
exec = "${pkgs.su}/bin/su -s ${pkgs.stdenv.shell} ${fahUser} -c 'cd ${stateDir}; ${pkgs.foldingathome}/bin/fah6'";
};
services.foldingAtHome.config = ''
[settings]
username=${cfg.nickname}
'';
};
}

29
modules/services/misc/nix-daemon.nix
View File

@ -277,7 +277,7 @@ in
# do this, mount the remote file system on a subdirectory of
# /var/run/nix/remote-stores.
export NIX_OTHER_STORES=/var/run/nix/remote-stores/*/nix
''
'' # */
+ optionalString config.nix.distributedBuilds ''
export NIX_BUILD_HOOK=${config.environment.nix}/libexec/nix/build-remote.pl
export NIX_REMOTE_SYSTEMS=/etc/nix.machines
@ -292,6 +292,33 @@ in
users.extraUsers = map makeNixBuildUser (pkgs.lib.range 1 config.nix.nrBuildUsers);
system.activationScripts.nix = stringAfter [ "etc" "users" ]
''
# Set up Nix.
mkdir -p /nix/etc/nix
ln -sfn /etc/nix.conf /nix/etc/nix/nix.conf
chown root.nixbld /nix/store
chmod 1775 /nix/store
# Nix initialisation.
mkdir -m 0755 -p \
/nix/var/nix/gcroots \
/nix/var/nix/temproots \
/nix/var/nix/manifests \
/nix/var/nix/userpool \
/nix/var/nix/profiles \
/nix/var/nix/db \
/nix/var/log/nix/drvs \
/nix/var/nix/channel-cache \
/nix/var/nix/chroots
mkdir -m 1777 -p /nix/var/nix/gcroots/per-user
mkdir -m 1777 -p /nix/var/nix/profiles/per-user
mkdir -m 1777 -p /nix/var/nix/gcroots/tmp
ln -sf /nix/var/nix/profiles /nix/var/nix/gcroots/
ln -sf /nix/var/nix/manifests /nix/var/nix/gcroots/
'';
};
}

57
modules/services/monitoring/systemhealth.nix
View File

@ -75,43 +75,44 @@ in
config = mkIf cfg.enable {
services.cron.systemCronJobs = [ cronJob ];
system.activationScripts.systemhealth = fullDepEntry ''
mkdir -p ${rrdDir} ${htmlDir}
chown wwwrun.wwwrun ${rrdDir} ${htmlDir}
system.activationScripts.systemhealth = stringAfter [ "var" ]
''
mkdir -p ${rrdDir} ${htmlDir}
chown wwwrun.wwwrun ${rrdDir} ${htmlDir}
cat >${configFile} << EOF
[paths]
rrdtool = ${pkgs.rrdtool}/bin/rrdtool
loadavg_rrd = loadavg
ps = /var/run/current-system/sw/bin/ps
df = /var/run/current-system/sw/bin/df
meminfo_rrd = meminfo
uptime_rrd = uptime
rrd_path = ${rrdDir}
png_path = ${htmlDir}
cat >${configFile} << EOF
[paths]
rrdtool = ${pkgs.rrdtool}/bin/rrdtool
loadavg_rrd = loadavg
ps = /var/run/current-system/sw/bin/ps
df = /var/run/current-system/sw/bin/df
meminfo_rrd = meminfo
uptime_rrd = uptime
rrd_path = ${rrdDir}
png_path = ${htmlDir}
[processes]
[processes]
[interfaces]
${interfacesSection}
[interfaces]
${interfacesSection}
[drives]
${drivesSection}
[drives]
${drivesSection}
[graphs]
width = 400
time = ['-3hours', '-32hours', '-8days', '-5weeks', '-13months']
height = 100
[graphs]
width = 400
time = ['-3hours', '-32hours', '-8days', '-5weeks', '-13months']
height = 100
[external]
[external]
EOF
EOF
chown wwwrun.wwwrun ${configFile}
chown wwwrun.wwwrun ${configFile}
${pkgs.su}/bin/su -s "/bin/sh" -c "${command} --check" wwwrun
${pkgs.su}/bin/su -s "/bin/sh" -c "${command} --html" wwwrun
'' [ "var" ];
${pkgs.su}/bin/su -s "/bin/sh" -c "${command} --check" wwwrun
${pkgs.su}/bin/su -s "/bin/sh" -c "${command} --html" wwwrun
'';
services.httpd.extraSubservices = [
{ function = f: {

71
modules/services/networking/amuled.nix Normal file
View File

@ -0,0 +1,71 @@
{ config, pkgs, ... }:
with pkgs.lib;
let
cfg = config.services.amule;
user = if cfg.user != null then cfg.user else "amule";
in
{
###### interface
options = {
services.amule = {
enable = mkOption {
default = false;
description = ''
Whether to run the AMule daemon. You need to manually run "amuled --ec-config" to configure the service for the first time.
'';
};
dataDir = mkOption {
default = ''/home/${user}/'';
description = ''
The directory holding configuration, incoming and temporary files.
'';
};
user = mkOption {
default = null;
description = ''
The user the AMule daemon should run as.
'';
};
};
};
###### implementation
config = mkIf cfg.enable {
users.extraUsers = mkIf (cfg.user == null) [
{ name = "amule";
description = "AMule daemon";
} ];
jobs.amuled =
{ description = "AMule daemon";
startOn = "ip-up";
preStart = ''
mkdir -p ${cfg.dataDir}
chown ${user} ${cfg.dataDir}
'';
exec = ''
${pkgs.su}/bin/su -s ${pkgs.stdenv.shell} ${user} \
-c 'HOME="${cfg.dataDir}" ${pkgs.amuleDaemon}/bin/amuled'
'';
};
};
}

8
modules/services/networking/avahi-daemon.nix
View File

@ -81,12 +81,6 @@ in
Whether to enable the mDNS NSS (Name Service Switch) plug-in.
Enabling it allows applications to resolve names in the `.local'
domain by transparently querying the Avahi daemon.
Warning: Currently, enabling this option breaks DNS lookups after
a `nixos-rebuild'. This is because `/etc/nsswitch.conf' is
updated to use `nss-mdns' but `libnss_mdns' is not in
applications' `LD_LIBRARY_PATH'. The next time `/etc/profile' is
sourced, it will set up an appropriate `LD_LIBRARY_PATH', though.
'';
};
@ -130,7 +124,7 @@ in
mkdir -p /var/run/avahi-daemon
exec ${avahi}/sbin/avahi-daemon --daemonize -f "${avahiDaemonConf}"
exec ${avahi}/sbin/avahi-daemon --syslog -f "${avahiDaemonConf}"
'';
};

10
modules/services/networking/dhclient.nix
View File

@ -78,9 +78,13 @@ in
for i in $(cd /sys/class/net && ls -d *); do
# Only run dhclient on interfaces of type ARPHRD_ETHER
# (1), i.e. Ethernet.
if [ "$(cat /sys/class/net/$i/type)" = 1 ]; then
if ! for j in ${toString ignoredInterfaces}; do echo $j; done | grep -F -x -q "$i"; then
# (1), i.e. Ethernet. Ignore peth* devices; on Xen,
# they're renamed physical Ethernet cards used for
# bridging.
if [ "$(cat /sys/class/net/$i/type)" = 1 ]; then
if ! for j in ${toString ignoredInterfaces}; do echo $j; done | grep -F -x -q "$i" &&
! echo "$i" | grep -x -q "peth.*";
then
echo "Running dhclient on $i"
interfaces="$interfaces $i"
fi

2
modules/services/networking/ntpd.nix
View File

@ -20,7 +20,7 @@ let
# chroot to ${stateDir}, we have to specify it as /ntp.drift.
driftfile /ntp.drift
${toString (map (server: "server " + server + "\n") servers)}
${toString (map (server: "server " + server + " iburst\n") servers)}
'';
ntpFlags = "-c ${configFile} -u ${ntpUser}:nogroup -i ${stateDir}";

29
modules/services/networking/quassel.nix
View File

@ -3,8 +3,9 @@
with pkgs.lib;
let
quassel = pkgs.quassel.override { daemon = true; monolithic = false; client = false; };
quassel = pkgs.quasselDaemon;
cfg = config.services.quassel;
user = if cfg.user != null then cfg.user else "quassel";
in
{
@ -38,22 +39,17 @@ in
'';
};
logFile = mkOption {
default = "/var/log/quassel.log";
description = "Location of the logfile of the Quassel daemon.";
};
dataDir = mkOption {
default = ''/home/${cfg.user}/.config/quassel-irc.org'';
default = ''/home/${user}/.config/quassel-irc.org'';
description = ''
The directory holding configuration files, the SQlite database and the SSL Cert.
'';
};
user = mkOption {
default = "quassel";
default = null;
description = ''
The user the Quassel daemon should run as.
The existing user the Quassel daemon should run as. If left empty, a default "quassel" user will be created.
'';
};
@ -66,10 +62,10 @@ in
config = mkIf cfg.enable {
users.extraUsers = singleton
{ name = cfg.user;
users.extraUsers = mkIf (cfg.user == null) [
{ name = "quassel";
description = "Quassel IRC client daemon";
};
}];
jobs.quassel =
@ -79,19 +75,16 @@ in
preStart = ''
mkdir -p ${cfg.dataDir}
chown ${cfg.user} ${cfg.dataDir}
touch ${cfg.logFile} && chown ${cfg.user} ${cfg.logFile}
chown ${user} ${cfg.dataDir}
'';
exec = ''
${pkgs.su}/bin/su -s ${pkgs.stdenv.shell} ${cfg.user} \
${pkgs.su}/bin/su -s ${pkgs.stdenv.shell} ${user} \
-c '${quassel}/bin/quasselcore --listen=${cfg.interface}\
--port=${toString cfg.portNumber} --configdir=${cfg.dataDir} --logfile=${cfg.logFile}'
--port=${toString cfg.portNumber} --configdir=${cfg.dataDir}'
'';
};
environment.systemPackages = [ quassel ];
};
}

5
modules/services/printing/cupsd.nix
View File

@ -134,10 +134,7 @@ in
startOn = "started network-interfaces";
stopOn = "stopping network-interfaces";
environment = {
# Cups scripts for printing (psto...) require awk, sed, grep, ...
PATH = "${config.system.path}/bin";
};
path = [ config.system.path ];
preStart =
''

6
modules/services/scheduling/atd.nix
View File

@ -66,7 +66,7 @@ in
jobs.atd =
{ description = "at daemon (atd)";
startOn = "started udev";
startOn = "stopped udevtrigger";
preStart =
''
@ -99,7 +99,9 @@ in
fi
'';
exec = "${at}/sbin/atd -f";
exec = "${at}/sbin/atd";
daemonType = "fork";
};
};

24
modules/services/scheduling/cron.nix
View File

@ -15,6 +15,13 @@ let
NIX_CONF_DIR=/nix/etc/nix
${pkgs.lib.concatStrings (map (job: job + "\n") config.services.cron.systemCronJobs)}
'';
# Vixie cron requires build-time configuration for the sendmail path.
cronNixosPkg = pkgs.cron.override {
# The mail.nix nixos module, if there is any local mail system enabled,
# should have sendmail in this path.
sendmailPath = "/var/setuid-wrappers/sendmail";
};
in
@ -26,6 +33,11 @@ in
services.cron = {
enable = mkOption {
default = true;
description = "Whether to enable the `vixie cron' daemon.";
};
mailto = mkOption {
default = "";
description = " The job output will be mailed to this email address. ";
@ -46,6 +58,10 @@ in
If neither /var/cron/cron.deny nor /var/cron/cron.allow exist only root
will is allowed to have its own crontab file. The /var/cron/cron.deny file
is created automatically for you. So every user can use a crontab.
Many nixos modules set systemCronJobs, so if you decide to disable vixie cron
and enable another cron daemon, you may want it to get its system crontab
based on systemCronJobs.
'';
};
@ -56,7 +72,7 @@ in
###### implementation
config = {
config = mkIf config.services.cron.enable {
environment.etc = singleton
# The system-wide crontab.
@ -65,7 +81,9 @@ in
mode = "0600"; # Cron requires this.
};
environment.systemPackages = [pkgs.cron];
security.setuidPrograms = [ "crontab" ];
environment.systemPackages = [ cronNixosPkg ];
jobs.cron =
{ description = "Cron daemon";
@ -86,7 +104,7 @@ in
fi
'';
exec = "${pkgs.cron}/sbin/cron -n";
exec = "${cronNixosPkg}/sbin/cron -n";
};
};

23
modules/services/scheduling/fcron.nix
View File

@ -4,20 +4,17 @@ with pkgs.lib;
let
# Put all the system cronjobs together.
# TODO allow using fcron only..
#systemCronJobs =
# config.services.cron.systemCronJobs;
cfg = config.services.fcron;
queuelen = if cfg.queuelen == "" then "" else "-q ${toString cfg.queuelen}";
# shell is set to /sh in config..
# ${pkgs.lib.concatStrings (map (job: job + "\n") systemCronJobs)}
systemCronJobsFile = pkgs.writeText "fcron-systab"
systemCronJobsFile = pkgs.writeText "system-crontab"
''
SHELL=${pkgs.bash}/bin/sh
PATH=${pkgs.coreutils}/bin:${pkgs.findutils}/bin:${pkgs.gnused}/bin
SHELL=${pkgs.bash}/bin/bash
PATH=${config.system.path}/bin:${config.system.path}/sbin
MAILTO="${config.services.cron.mailto}"
NIX_CONF_DIR=/nix/etc/nix
${pkgs.lib.concatStrings (map (job: job + "\n") config.services.cron.systemCronJobs)}
'';
allowdeny = target: users:
@ -42,7 +39,7 @@ in
};
allow = mkOption {
default = [];
default = [ "all" ];
description = ''
Users allowed to use fcrontab and fcrondyn (one name per line, "all" for everyone).
'';
@ -64,7 +61,7 @@ in
};
systab = mkOption {
default = "";
default = systemCronJobsFile;
description = ''The "system" crontab contents.'';
};
};
@ -77,7 +74,7 @@ in
config = mkIf cfg.enable {
environment.etc =
[ (allowdeny "allow" (["root"] ++ cfg.allow))
[ (allowdeny "allow" (cfg.allow))
(allowdeny "deny" cfg.deny)
# see man 5 fcron.conf
{ source = pkgs.writeText "fcon.conf" ''
@ -97,6 +94,8 @@ in
environment.systemPackages = [ pkgs.fcron ];
security.setuidPrograms = [ "fcrontab" ];
jobs.fcron =
{ description = "fcron daemon";

390
modules/services/security/tor.nix
View File

@ -27,40 +27,6 @@ in
services.tor = {
enable = mkOption {
default = false;
description = ''
Whether to enable the Tor anonymous routing daemon.
'';
};
enableClient = mkOption {
default = true;
description = ''
Whether to enable Tor daemon to route application connections.
You might want to disable this if you plan running a dedicated Tor relay.
'';
};
socksListenAddress = mkOption {
default = "127.0.0.1:9050";
example = "127.0.0.1:9050, 192.168.0.1:9100";
description = ''
Bind to this address(es) to listen for connections from Socks-speaking
applications. You can also specify a port.
'';
};
socksPolicy = mkOption {
default = "";
example = "accept 192.168.0.0/16, reject *";
description = ''
Entry policies to allow/deny SOCKS requests based on IP address.
First entry that matches wins. If no SocksPolicy is set, we accept
all (and only) requests from SocksListenAddress.
'';
};
config = mkOption {
default = "";
description = ''
@ -69,141 +35,180 @@ in
'';
};
enablePrivoxy = mkOption {
default = true;
description = ''
Whether to enable a special instance of privoxy dedicated to Tor.
To have anonymity, protocols need to be scrubbed of identifying
information.
Most people using Tor want to anonymize their web traffic, so by
default we enable an special instance of privoxy specifically for
Tor.
However, if you are only going to use Tor only as a relay then you
can disable this option.
'';
};
privoxyListenAddress = mkOption {
default = "127.0.0.1:8118";
description = ''
Address that Tor's instance of privoxy is listening to.
*This does not configure the standard NixOS instance of privoxy.*
This is for Tor connections only!
See services.privoxy.listenAddress to configure the standard NixOS
instace of privoxy.
'';
client = {
enable = mkOption {
default = false;
description = ''
Whether to enable Tor daemon to route application connections.
You might want to disable this if you plan running a dedicated Tor relay.
'';
};
socksListenAddress = mkOption {
default = "127.0.0.1:9050";
example = "192.168.0.1:9100";
description = ''
Bind to this address to listen for connections from Socks-speaking
applications.
'';
};
socksPolicy = mkOption {
default = "";
example = "accept 192.168.0.0/16, reject *";
description = ''
Entry policies to allow/deny SOCKS requests based on IP address.
First entry that matches wins. If no SocksPolicy is set, we accept
all (and only) requests from SocksListenAddress.
'';
};
privoxy = {
enable = mkOption {
default = true;
description = ''
Whether to enable a special instance of privoxy dedicated to Tor.
To have anonymity, protocols need to be scrubbed of identifying
information.
Most people using Tor want to anonymize their web traffic, so by
default we enable an special instance of privoxy specifically for
Tor.
However, if you are only going to use Tor only for other kinds of
traffic then you can disable this option.
'';
};
listenAddress = mkOption {
default = "127.0.0.1:8118";
description = ''
Address that Tor's instance of privoxy is listening to.
*This does not configure the standard NixOS instance of privoxy.*
This is for Tor connections only!
See services.privoxy.listenAddress to configure the standard NixOS
instace of privoxy.
'';
};
config = mkOption {
default = "";
description = ''
Extra configuration for Tor's instance of privoxy. Contents will be
added verbatim to the configuration file.
*This does not configure the standard NixOS instance of privoxy.*
This is for Tor connections only!
See services.privoxy.extraConfig to configure the standard NixOS
instace of privoxy.
'';
};
};
};
privoxyConfig = mkOption {
default = "";
description = ''
Extra configuration for Tor's instance of privoxy. Contents will be
added verbatim to the configuration file.
*This does not configure the standard NixOS instance of privoxy.*
This is for Tor connections only!
See services.privoxy.extraConfig to configure the standard NixOS
instace of privoxy.
'';
};
relay = {
enableRelay = mkOption {
default = false;
description = ''
Whether to enable relaying traffic for others.
enable = mkOption {
default = false;
description = ''
Whether to enable relaying TOR traffic for others.
See https://www.torproject.org/docs/tor-doc-relay for details.
'';
};
See https://www.torproject.org/docs/tor-doc-relay for details.
'';
};
isBridgeRelay = mkOption {
default = false;
description = ''
Bridge relays (or "bridges" ) are Tor relays that aren't listed in the
main directory. Since there is no complete public list of them, even if an
ISP is filtering connections to all the known Tor relays, they probably
won't be able to block all the bridges.
isBridge = mkOption {
default = false;
description = ''
Bridge relays (or "bridges" ) are Tor relays that aren't listed in the
main directory. Since there is no complete public list of them, even if an
ISP is filtering connections to all the known Tor relays, they probably
won't be able to block all the bridges.
A bridge relay can't be an exit relay.
A bridge relay can't be an exit relay.
You need to set enableRelay to true for this option to take effect.
You need to set enableRelay to true for this option to take effect.
See https://www.torproject.org/bridges.html.en for more info.
'';
};
See https://www.torproject.org/bridges.html.en for more info.
'';
};
isExitRelay = mkOption {
default = false;
description = ''
An exit relay allows Tor users to access regular Internet services.
isExit = mkOption {
default = false;
description = ''
An exit relay allows Tor users to access regular Internet services.
Unlike running a non-exit relay, running an exit relay may expose
you to abuse complaints. See https://www.torproject.org/faq.html.en#ExitPolicies for more info.
Unlike running a non-exit relay, running an exit relay may expose
you to abuse complaints. See https://www.torproject.org/faq.html.en#ExitPolicies for more info.
You can specify which services Tor users may access via your exit relay using exitPolicy option.
'';
};
You can specify which services Tor users may access via your exit relay using exitPolicy option.
'';
};
nickname = mkOption {
default = "anonymous";
description = ''
A unique handle for your TOR relay.
'';
};
nickname = mkOption {
default = "anonymous";
description = ''
A unique handle for your TOR relay.
'';
};
relayBandwidthRate = mkOption {
default = 0;
example = 100;
description = ''
Specify this to limit the bandwidth usage of relayed (server)
traffic. Your own traffic is still unthrottled. Units: kilobytes/second.
'';
};
bandwidthRate = mkOption {
default = 0;
example = 100;
description = ''
Specify this to limit the bandwidth usage of relayed (server)
traffic. Your own traffic is still unthrottled. Units: bytes/second.
'';
};
relayBandwidthBurst = mkOption {
default = 0;
example = 200;
description = ''
Specify this to allow bursts of the bandwidth usage of relayed (server)
traffic. The average usage will still be as specified in relayBandwidthRate.
Your own traffic is still unthrottled. Units: kilobytes/second.
'';
};
bandwidthBurst = mkOption {
default = cfg.relay.bandwidthRate;
example = 200;
description = ''
Specify this to allow bursts of the bandwidth usage of relayed (server)
traffic. The average usage will still be as specified in relayBandwidthRate.
Your own traffic is still unthrottled. Units: bytes/second.
'';
};
relayPort = mkOption {
default = 9001;
description = ''
What port to advertise for Tor connections.
'';
};
port = mkOption {
default = 9001;
description = ''
What port to advertise for Tor connections.
'';
};
relayListenAddress = mkOption {
default = "";
example = "0.0.0.0:9090";
description = ''
Set this if you need to listen on a port other than the one advertised
in relayPort (e.g. to advertise 443 but bind to 9090). You'll need to do
ipchains or other port forwarding yourself to make this work.
'';
};
listenAddress = mkOption {
default = "";
example = "0.0.0.0:9090";
description = ''
Set this if you need to listen on a port other than the one advertised
in relayPort (e.g. to advertise 443 but bind to 9090). You'll need to do
ipchains or other port forwsarding yourself to make this work.
'';
};
exitPolicy = mkOption {
default = "";
example = "accept *:6660-6667,reject *:*";
description = ''
A comma-separated list of exit policies. They're considered first
to last, and the first match wins. If you want to _replace_
the default exit policy, end this with either a reject *:* or an
accept *:*. Otherwise, you're _augmenting_ (prepending to) the
default exit policy. Leave commented to just use the default, which is
available in the man page or at https://www.torproject.org/documentation.html
exitPolicy = mkOption {
default = "";
example = "accept *:6660-6667,reject *:*";
description = ''
A comma-separated list of exit policies. They're considered first
to last, and the first match wins. If you want to _replace_
the default exit policy, end this with either a reject *:* or an
accept *:*. Otherwise, you're _augmenting_ (prepending to) the
default exit policy. Leave commented to just use the default, which is
available in the man page or at https://www.torproject.org/documentation.html
Look at https://www.torproject.org/faq-abuse.html#TypicalAbuses
for issues you might encounter if you use the default exit policy.
Look at https://www.torproject.org/faq-abuse.html#TypicalAbuses
for issues you might encounter if you use the default exit policy.
If certain IPs and ports are blocked externally, e.g. by your firewall,
you should update your exit policy to reflect this -- otherwise Tor
users will be told that those destinations are down.
'';
};
If certain IPs and ports are blocked externally, e.g. by your firewall,
you should update your exit policy to reflect this -- otherwise Tor
users will be told that those destinations are down.
'';
};
};
@ -213,14 +218,10 @@ in
###### implementation
config = mkIf cfg.enable {
environment.systemPackages = [ tor ]; # provides tor-resolve and torify
config = mkIf (cfg.client.enable || cfg.relay.enable) {
assertions = [{
assertion = cfg.enableRelay || cfg.enableClient;
message = "Need to either enable TOR client or relay functionality";
} {
assertion = cfg.enableRelay -> !(cfg.isBridgeRelay && cfg.isExitRelay);
assertions = [ {
assertion = cfg.relay.enable -> !(cfg.relay.isBridge && cfg.relay.isExit);
message = "Can't be both an exit and a bridge relay at the same time";
} ];
@ -231,60 +232,57 @@ in
home = stateDir;
};
jobs.tor =
{ name = "tor";
jobs = {
tor = { name = "tor";
startOn = "started network-interfaces";
stopOn = "stopping network-interfaces";
startOn = "started network-interfaces";
stopOn = "stopping network-interfaces";
preStart =
''
mkdir -m 0755 -p ${stateDir}
chown ${torUser} ${stateDir}
'';
exec = "${tor}/bin/tor -f ${pkgs.writeText "torrc" cfg.config}";
};
preStart = ''
mkdir -m 0755 -p ${stateDir}
chown ${torUser} ${stateDir}
'';
exec = "${tor}/bin/tor -f ${pkgs.writeText "torrc" cfg.config}";
}; }
// optionalAttrs (cfg.client.privoxy.enable && cfg.client.enable) {
torPrivoxy = { name = "tor-privoxy";
jobs.torPrivoxy = mkIf (cfg.enablePrivoxy && cfg.enableClient)
{ name = "tor-privoxy";
startOn = "starting tor";
stopOn = "stopping tor";
startOn = "starting tor";
stopOn = "stopping tor";
preStart = ''
mkdir -m 0755 -p ${privoxyDir}
chown ${torUser} ${privoxyDir}
preStart =
''
mkdir -m 0755 -p ${privoxyDir}
chown ${torUser} ${privoxyDir}
# Needed to run privoxy as an unprivileged user?
${modprobe}/sbin/modprobe capability || true
'';
exec = "${privoxy}/sbin/privoxy --no-daemon --user ${torUser} ${pkgs.writeText "torPrivoxy.conf" cfg.privoxyConfig}";
};
# Needed to run privoxy as an unprivileged user?
${modprobe}/sbin/modprobe capability || true
'';
exec = "${privoxy}/sbin/privoxy --no-daemon --user ${torUser} ${pkgs.writeText "torPrivoxy.conf" cfg.client.privoxy.config}";
}; };
services.tor.config = ''
DataDirectory ${stateDir}
User ${torUser}
''
+ optionalString cfg.enableClient ''
SocksListenAddress ${cfg.socksListenAddress}
${opt "SocksPolicy" cfg.socksPolicy}
+ optionalString cfg.client.enable ''
SocksListenAddress ${cfg.client.socksListenAddress}
${opt "SocksPolicy" cfg.client.socksPolicy}
''
+ optionalString cfg.enableRelay ''
ORPort ${toString cfg.relayPort}
${opt "ORListenAddress" cfg.relayListenAddress }
${opt "Nickname" cfg.nickname}
${optint "RelayBandwidthRate" cfg.relayBandwidthRate}
${optint "RelayBandwidthBurst" cfg.relayBandwidthBurst}
${if cfg.isExitRelay then opt "ExitPolicy" cfg.exitPolicy else "ExitPolicy reject *:*"}
${if cfg.isBridgeRelay then "BridgeRelay 1" else ""}
+ optionalString cfg.relay.enable ''
ORPort ${toString cfg.relay.port}
${opt "ORListenAddress" cfg.relay.listenAddress }
${opt "Nickname" cfg.relay.nickname}
${optint "RelayBandwidthRate" cfg.relay.bandwidthRate}
${optint "RelayBandwidthBurst" cfg.relay.bandwidthBurst}
${if cfg.relay.isExit then opt "ExitPolicy" cfg.relay.exitPolicy else "ExitPolicy reject *:*"}
${if cfg.relay.isBridge then "BridgeRelay 1" else ""}
'';
services.tor.privoxyConfig = ''
services.tor.client.privoxy.config = ''
# Generally, this file goes in /etc/privoxy/config
#
# Tor listens as a SOCKS4a proxy here:
forward-socks4a / ${cfg.socksListenAddress} .
forward-socks4a / ${cfg.client.socksListenAddress} .
confdir ${privoxy}/etc
logdir ${privoxyDir}
# actionsfile standard # Internal purpose, recommended
@ -300,7 +298,7 @@ in
debug 8192 # Errors - *we highly recommended enabling this*
user-manual ${privoxy}/doc/privoxy/user-manual
listen-address ${cfg.privoxyListenAddress}
listen-address ${cfg.client.privoxy.listenAddress}
toggle 1
enable-remote-toggle 0
enable-edit-actions 0

72
modules/services/security/torsocks.nix Normal file
View File

@ -0,0 +1,72 @@
{ config, pkgs, ... }:
with pkgs.lib;
let
cfg = config.services.tor;
torsocks = pkgs.writeTextFile {
name = "torsocks";
text = ''
#!${pkgs.stdenv.shell}
TORSOCKS_CONF_FILE=${pkgs.writeText "torsocks.conf" cfg.torsocks.config} LD_PRELOAD="${pkgs.torsocks}/lib/torsocks/libtorsocks.so $LD_PRELOAD" $@
'';
executable = true;
destination = "/bin/torsocks";
};
in
{
###### interface
options = {
services.tor.torsocks = {
enable = mkOption {
default = cfg.client.enable;
description = ''
Whether to build torsocks scipt to relay application traffic via TOR.
'';
};
server = mkOption {
default = cfg.client.socksListenAddress;
example = "192.168.0.20";
description = ''
IP address of TOR client to use.
'';
};
config = mkOption {
default = "";
description = ''
Extra configuration. Contents will be added verbatim to torsocks
configuration file.
'';
};
};
};
###### implementation
config = mkIf cfg.torsocks.enable {
environment.systemPackages = [ torsocks ]; # expose it to the users
services.tor.torsocks.config = ''
server = ${toString(head (splitString ":" cfg.torsocks.server))}
server_port = ${toString(tail (splitString ":" cfg.torsocks.server))}
local = 127.0.0.0/255.128.0.0
local = 127.128.0.0/255.192.0.0
local = 169.254.0.0/255.255.0.0
local = 172.16.0.0/255.240.0.0
local = 192.168.0.0/255.255.0.0
'';
};
}

77
modules/services/web-servers/apache-httpd/mercurial.nix Normal file
View File

@ -0,0 +1,77 @@
{ config, pkgs, serverInfo, servicesPath, ... }:
let
inherit (pkgs) mercurial;
inherit (pkgs.lib) mkOption;
urlPrefix = config.urlPrefix;
cgi = pkgs.stdenv.mkDerivation {
name = "mercurial-cgi";
buildCommand = ''
ensureDir $out
cp -v ${mercurial}/share/cgi-bin/hgweb.cgi $out
sed -i "s|/path/to/repo/or/config|$out/hgweb.config|" $out/hgweb.cgi
echo "
[collections]
${config.dataDir} = ${config.dataDir}
[web]
style = gitweb
allow_push = *
" > $out/hgweb.config
'';
};
in {
extraConfig = ''
RewriteEngine on
RewriteRule /(.*) ${cgi}/hgweb.cgi/$1
<Location "${urlPrefix}">
AuthType Basic
AuthName "Mercurial repositories"
AuthUserFile ${config.dataDir}/hgusers
<LimitExcept GET>
Require valid-user
</LimitExcept>
</Location>
<Directory "${cgi}">
Order allow,deny
Allow from all
AllowOverride All
Options ExecCGI
AddHandler cgi-script .cgi
PassEnv PYTHONPATH
</Directory>
'';
robotsEntries = ''
User-agent: *
Disallow: ${urlPrefix}
'';
extraServerPath = [
(pkgs.python+"/bin")
];
globalEnvVars = [ { name = "PYTHONPATH"; value = "${mercurial}/lib/${pkgs.python.libPrefix}/site-packages"; } ];
options = {
urlPrefix = mkOption {
default = "/hg";
description = "
The URL prefix under which the Mercurial service appears.
Use the empty string to have it appear in the server root.
";
};
dataDir = mkOption {
example = "/data/mercurial";
description = "
Path to the directory that holds the repositories.
";
};
};
}

4
modules/services/web-servers/apache-httpd/twiki.nix
View File

@ -20,7 +20,7 @@ let
defaultUrlHost = "";
# Build the TWiki CGI and configuration files.
twikiRoot = (import /etc/nixos/services/twiki/twiki-instance.nix).twiki {
twikiRoot = (import /etc/nixos/services/twiki/twiki-instance.nix { inherit pkgs; }).twiki {
name = "wiki-instance";
pubdir = pubDir;
datadir = dataDir;
@ -143,4 +143,4 @@ in {
};
}
}

2
modules/services/web-servers/tomcat.nix
View File

@ -282,7 +282,7 @@ in
mkdir -p ${cfg.baseDir}/work
chown ${cfg.user}:${cfg.group} ${cfg.baseDir}/work
${if cfg.axis2.enable == true then
${if cfg.axis2.enable then
''
# Copy the Axis2 web application
cp -av ${pkgs.axis2}/webapps/axis2 ${cfg.baseDir}/webapps

8
modules/services/x11/desktop-managers/kde4.nix
View File

@ -47,7 +47,13 @@ in
'';
};
security.setuidPrograms = [ "kcheckpass" ];
security.setuidOwners = [ {
program = "kcheckpass";
source = "${pkgs.kde4.kdebase_workspace}/lib/kde4/libexec/kcheckpass";
owner = "root";
group = "root";
setuid = true;
} ];
environment = {
kdePackages = [

318
modules/system/activation/activation-script.nix
View File

@ -1,220 +1,134 @@
# generate the script used to activate the configuration.
{pkgs, config, ...}:
{ config, pkgs, ... }:
with pkgs.lib;
let
inherit (pkgs.lib) mkOption mergeTypedOption mergeAttrs
mapAttrs addErrorContext fold id filter textClosureMap noDepEntry
fullDepEntry;
inherit (builtins) attrNames;
addAttributeName = mapAttrs (a: v: v // {
text = ''
#### actionScripts snippet ${a} :
# ========================================
${v.text}
'';
});
defaultScripts = {
systemConfig = noDepEntry ''
systemConfig="$1"
if test -z "$systemConfig"; then
systemConfig="/system" # for the installation CD
fi
text = ''
#### Activation script snippet ${a}:
${v.text}
'';
});
defaultPath =
let path = [
pkgs.coreutils pkgs.gnugrep pkgs.findutils
pkgs.glibc # needed for getent
pkgs.shadow
pkgs.nettools # needed for hostname
]; in noDepEntry ''
export PATH=/empty
for i in ${toString path}; do
PATH=$PATH:$i/bin:$i/sbin;
done
'';
stdio = fullDepEntry ''
# Needed by some programs.
ln -sfn /proc/self/fd /dev/fd
ln -sfn /proc/self/fd/0 /dev/stdin
ln -sfn /proc/self/fd/1 /dev/stdout
ln -sfn /proc/self/fd/2 /dev/stderr
'' [
"defaultPath" # path to ln
path =
[ pkgs.coreutils pkgs.gnugrep pkgs.findutils
pkgs.glibc # needed for getent
pkgs.shadow
pkgs.nettools # needed for hostname
];
binsh = fullDepEntry ''
# Create the required /bin/sh symlink; otherwise lots of things
# (notably the system() function) won't work.
mkdir -m 0755 -p $mountPoint/bin
ln -sfn ${config.system.build.binsh}/bin/sh $mountPoint/bin/sh
'' [
"defaultPath" # path to ln & mkdir
"stdio" # ?
];
modprobe = fullDepEntry ''
# Allow the kernel to find our wrapped modprobe (which searches
# in the right location in the Nix store for kernel modules).
# We need this when the kernel (or some module) auto-loads a
# module.
echo ${config.system.sbin.modprobe}/sbin/modprobe > /proc/sys/kernel/modprobe
'' [
# ?
];
var = fullDepEntry ''
# Various log/runtime directories.
touch /var/run/utmp # must exist
chgrp ${toString config.ids.gids.utmp} /var/run/utmp
chmod 664 /var/run/utmp
mkdir -m 0755 -p /var/run/nix/current-load # for distributed builds
mkdir -m 0700 -p /var/run/nix/remote-stores
mkdir -m 0755 -p /var/log
mkdir -m 0755 -p /var/log/upstart
touch /var/log/wtmp # must exist
chmod 644 /var/log/wtmp
touch /var/log/lastlog
chmod 644 /var/log/lastlog
mkdir -m 1777 -p /var/tmp
# Empty, read-only home directory of many system accounts.
mkdir -m 0555 -p /var/empty
'' [
"defaultPath" # path to mkdir & touch & chmod
];
rootPasswd = fullDepEntry ''
# If there is no password file yet, create a root account with an
# empty password.
if ! test -e /etc/passwd; then
rootHome=/root
touch /etc/passwd; chmod 0644 /etc/passwd
touch /etc/group; chmod 0644 /etc/group
touch /etc/shadow; chmod 0600 /etc/shadow
# Can't use useradd, since it complains that it doesn't know us
# (bootstrap problem!).
echo "root:x:0:0:System administrator:$rootHome:${config.users.defaultUserShell}" >> /etc/passwd
echo "root::::::::" >> /etc/shadow
fi
'' [
"defaultPath" # path to touch & passwd
"etc" # for /etc
# ?
];
nix = fullDepEntry ''
# Set up Nix.
mkdir -p /nix/etc/nix
ln -sfn /etc/nix.conf /nix/etc/nix/nix.conf
chown root.nixbld /nix/store
chmod 1775 /nix/store
# Nix initialisation.
mkdir -m 0755 -p \
/nix/var/nix/gcroots \
/nix/var/nix/temproots \
/nix/var/nix/manifests \
/nix/var/nix/userpool \
/nix/var/nix/profiles \
/nix/var/nix/db \
/nix/var/log/nix/drvs \
/nix/var/nix/channel-cache \
/nix/var/nix/chroots
mkdir -m 1777 -p /nix/var/nix/gcroots/per-user
mkdir -m 1777 -p /nix/var/nix/profiles/per-user
mkdir -m 1777 -p /nix/var/nix/gcroots/tmp
ln -sf /nix/var/nix/profiles /nix/var/nix/gcroots/
ln -sf /nix/var/nix/manifests /nix/var/nix/gcroots/
'' [
"defaultPath"
"etc" # /etc/nix.conf
"users" # nixbld group
];
hostname = fullDepEntry ''
# Set the host name. Don't clear it if it's not configured in the
# NixOS configuration, since it may have been set by dhclient in the
# meantime.
${if config.networking.hostName != "" then
''hostname "${config.networking.hostName}"''
else ''
# dhclient won't do anything if the hostname isn't empty.
if test "$(hostname)" = "(none)"; then
hostname ""
fi
''}
'' [ "defaultPath" ];
# The activation has to be done at the end. This is forced at the apply
# function of activationScripts option
activate = noDepEntry ''
# Make this configuration the current configuration.
# The readlink is there to ensure that when $systemConfig = /system
# (which is a symlink to the store), /var/run/current-system is still
# used as a garbage collection root.
ln -sfn "$(readlink -f "$systemConfig")" /var/run/current-system
# Prevent the current configuration from being garbage-collected.
ln -sfn /var/run/current-system /nix/var/nix/gcroots/current-system
'';
media = noDepEntry ''
mkdir -p /media
'';
};
in
{
require = {
system = {
activationScripts = mkOption {
default = [];
example = {
stdio = {
text = "
# Needed by some programs.
ln -sfn /proc/self/fd /dev/fd
ln -sfn /proc/self/fd/0 /dev/stdin
ln -sfn /proc/self/fd/1 /dev/stdout
ln -sfn /proc/self/fd/2 /dev/stderr
";
deps = [];
};
};
description = ''
Activate the new configuration (i.e., update /etc, make accounts,
and so on).
'';
merge = mergeTypedOption "script" builtins.isAttrs (fold mergeAttrs {});
apply = set:
let withHeadlines = addAttributeName set;
activateLib = removeAttrs withHeadlines ["activate"];
activateLibNames = attrNames activateLib;
in {
script = pkgs.writeScript "nixos-activation-script"
("#! ${pkgs.stdenv.shell}\n"
+ textClosureMap id activateLib activateLibNames + "\n"
# make sure that the activate snippet is added last.
+ withHeadlines.activate.text);
###### interface
options = {
system.activationScripts = mkOption {
default = {};
example = {
stdio = {
text = ''
# Needed by some programs.
ln -sfn /proc/self/fd /dev/fd
ln -sfn /proc/self/fd/0 /dev/stdin
ln -sfn /proc/self/fd/1 /dev/stdout
ln -sfn /proc/self/fd/2 /dev/stderr
'';
deps = [];
};
};
description = ''
Activate the new configuration (i.e., update /etc, make accounts,
and so on).
'';
merge = mergeTypedOption "script" builtins.isAttrs (fold mergeAttrs {});
apply = set: {
script =
''
#! ${pkgs.stdenv.shell}
systemConfig=@out@
export PATH=/empty
for i in ${toString path}; do
PATH=$PATH:$i/bin:$i/sbin;
done
${
let
set' = mapAttrs (n: v: if builtins.isString v then noDepEntry v else v) set;
withHeadlines = addAttributeName set';
in textClosureMap id (withHeadlines) (attrNames withHeadlines)
}
# Make this configuration the current configuration.
# The readlink is there to ensure that when $systemConfig = /system
# (which is a symlink to the store), /var/run/current-system is still
# used as a garbage collection root.
ln -sfn "$(readlink -f "$systemConfig")" /var/run/current-system
# Prevent the current configuration from being garbage-collected.
ln -sfn /var/run/current-system /nix/var/nix/gcroots/current-system
'';
};
};
};
system.activationScripts = defaultScripts;
###### implementation
config = {
system.activationScripts.stdio =
''
# Needed by some programs.
ln -sfn /proc/self/fd /dev/fd
ln -sfn /proc/self/fd/0 /dev/stdin
ln -sfn /proc/self/fd/1 /dev/stdout
ln -sfn /proc/self/fd/2 /dev/stderr
'';
system.activationScripts.var =
''
# Various log/runtime directories.
touch /var/run/utmp # must exist
chgrp ${toString config.ids.gids.utmp} /var/run/utmp
chmod 664 /var/run/utmp
mkdir -m 0755 -p /var/run/nix/current-load # for distributed builds
mkdir -m 0700 -p /var/run/nix/remote-stores
mkdir -m 0755 -p /var/log
mkdir -m 0755 -p /var/log/upstart
touch /var/log/wtmp # must exist
chmod 644 /var/log/wtmp
touch /var/log/lastlog
chmod 644 /var/log/lastlog
mkdir -m 1777 -p /var/tmp
# Empty, read-only home directory of many system accounts.
mkdir -m 0555 -p /var/empty
'';
system.activationScripts.media =
''
mkdir -p /media
'';
};
}

8
modules/system/activation/switch-to-configuration.sh
View File

@ -38,7 +38,7 @@ if [ "$action" = "switch" -o "$action" = "boot" ]; then
if [ "$NIXOS_INSTALL_GRUB" = 1 -o "$oldGrubVersion" != "$newGrubVersion" ]; then
echo "installing the GRUB bootloader..."
@grub@/sbin/grub-install "@grubDevice@" --no-floppy --recheck
@grub@/sbin/grub-install "@grubDevice@" --no-floppy
echo "$newGrubVersion" > /boot/grub/version
fi
fi
@ -110,7 +110,11 @@ EOF
# forget about current sessions.
# Idem for the emergeny-shell, because its `console owner'
# line screws up the X server.
if echo "$job" | grep -q "^shutdown$\|^control-alt-delete$\|^xserver$\|^dbus$\|^disnix$\|^emergency-shell$"; then continue; fi
# Idem for xendomains because we don't want to save/restore
# Xen domains unless we have to.
# TODO: Jobs should be able to declare that they should not be
# auto-restarted.
if echo "$job" | grep -q "^shutdown$\|^control-alt-delete$\|^xserver$\|^dbus$\|^disnix$\|^emergency-shell$\|^xendomains$"; then continue; fi
if ! test -e "$oldJobs/$job.conf"; then
echo "starting $job..."

42
modules/system/activation/top-level.nix
View File

@ -43,30 +43,19 @@ let
system.copySystemConfiguration = pkgs.lib.mkOption {
default = false;
description = ''
Unless set to false copies the nixos configuration file
<literal>$NIXOS_CONFIG</literal> defaulting to
<filename>/etc/nixos/configuration.nix</filename>
If enabled, copies the NixOS configuration file
<literal>$NIXOS_CONFIG</literal> (usually
<filename>/etc/nixos/configuration.nix</filename>)
to the system store path.
See <option>extraSystemBuilderCmds</option>
if you want to do add more customized info
to your system storepath.
'';
};
system.extraSystemBuilderCmds = pkgs.lib.mkOption {
default = "";
internal = true;
merge = pkgs.lib.concatStringsSep "\n";
description = ''
This code will be added to the builder creating the system store path.
This use case copies your configuration file into the system derivation:
<command>
cp ${pkgs.lib.maybeEnv "NIXOS_CONFIG" "/etc/nixos/configuration.nix"} $out
</command>
Of course you could add code saving a svn diff or svn revision number
of both nixos and nixpkgs repositories as well. Keep in mind that when
you build in chroots that you have do either copy sources to store or
add them to the chroot somehow.
You still should consider putting your configuration into a VCS.
'';
};
@ -107,14 +96,23 @@ let
echo "(Expecting ${kernelPath})"
false
fi
ln -s ${kernelPath} $out/kernel
ln -s ${config.system.modulesTree} $out/kernel-modules
if [ -n "$grub" ]; then
ln -s $grub $out/grub
fi
ln -s ${config.system.build.bootStage2} $out/init
ln -s ${config.system.build.initialRamdisk}/initrd $out/initrd
ln -s ${config.system.activationScripts.script} $out/activate
echo "$activationScript" > $out/activate
substituteInPlace $out/activate --subst-var out
chmod u+x $out/activate
unset activationScript
cp ${config.system.build.bootStage2} $out/init
substituteInPlace $out/init --subst-var-by systemConfig $out
ln -s ${config.system.build.etc}/etc $out/etc
ln -s ${config.system.path} $out/sw
ln -s ${config.system.build.upstart} $out/upstart
@ -126,7 +124,7 @@ let
mkdir $out/fine-tune
childCount=0;
for i in $children; do
for i in $children; do
childCount=$(( childCount + 1 ));
ln -s $i $out/fine-tune/child-$childCount;
done
@ -152,6 +150,7 @@ let
config.boot.kernelParams ++ config.boot.extraKernelParams;
menuBuilder = config.system.build.menuBuilder;
initScriptBuilder = config.system.build.initScriptBuilder;
activationScript = config.system.activationScripts.script;
# Most of these are needed by grub-install.
path = [
pkgs.coreutils
@ -181,8 +180,9 @@ in {
require = [options];
system.extraSystemBuilderCmds =
pkgs.lib.optionalString
config.system.copySystemConfiguration
"cp ${pkgs.lib.maybeEnv "NIXOS_CONFIG" "/etc/nixos/configuration.nix"} $out";
pkgs.lib.optionalString
config.system.copySystemConfiguration
"cp ${pkgs.lib.maybeEnv "NIXOS_CONFIG" "/etc/nixos/configuration.nix"} $out";
system.build.toplevel = system;
}

9
modules/system/boot/modprobe.nix
View File

@ -88,6 +88,15 @@ with pkgs.lib;
# too?
];
system.activationScripts.modprobe =
''
# Allow the kernel to find our wrapped modprobe (which searches
# in the right location in the Nix store for kernel modules).
# We need this when the kernel (or some module) auto-loads a
# module.
echo ${config.system.sbin.modprobe}/sbin/modprobe > /proc/sys/kernel/modprobe
'';
};
}

1
modules/system/boot/stage-1.nix
View File

@ -199,7 +199,6 @@ let
$out/bin/umount --version | grep "umount "
$out/bin/e2fsck -V 2>&1 | grep "e2fsck "
$out/bin/tune2fs 2> /dev/null | grep "tune2fs "
$out/bin/fsck -N | grep "fsck from"
$out/bin/udevadm --version
$out/bin/blkid -v 2>&1 | tee -a $out/log | grep "blkid from util-linux-ng"
$out/bin/dmsetup --version 2>&1 | tee -a $out/log | grep "version:"

28
modules/system/boot/stage-2-init.sh
View File

@ -1,6 +1,6 @@
#! @shell@
# !!! copied from stage 1; remove duplication
systemConfig=@systemConfig@
# Print a greeting.
@ -56,11 +56,6 @@ rm -f /etc/mtab* # not that we care about stale locks
cat /proc/mounts > /etc/mtab
# If no `systemConfig' parameter is specified on the kernel command
# line, use a fallback.
systemConfig=/nix/var/nix/profiles/system
# Process the kernel command line.
for o in $(cat /proc/cmdline); do
case $o in
@ -79,10 +74,6 @@ for o in $(cat /proc/cmdline); do
safemode)
safeMode=1
;;
systemConfig=*)
set -- $(IFS==; echo $o)
systemConfig=$2
;;
resume=*)
set -- $(IFS==; echo $o)
resumeDevice=$2
@ -90,8 +81,6 @@ for o in $(cat /proc/cmdline); do
esac
done
systemConfig="$(readlink -f "$systemConfig")"
# More special file systems, initialise required directories.
mkdir -m 0777 /dev/shm
@ -153,19 +142,16 @@ fi
# Run the script that performs all configuration activation that does
# not have to be done at boot time.
echo "running activation script..."
@activateConfiguration@ "$systemConfig"
$systemConfig/activate
# Record the boot configuration.
if test -n "$systemConfig"; then
ln -sfn "$systemConfig" /var/run/booted-system
ln -sfn "$systemConfig" /var/run/booted-system
# Prevent the booted system form being garbage-collected
# If it weren't a gcroot, if we were running a different kernel,
# switched system, and garbage collected all, we could not load
# kernel modules anymore.
ln -sfn /var/run/booted-system /nix/var/nix/gcroots/booted-system
fi
# Prevent the booted system form being garbage-collected If it weren't
# a gcroot, if we were running a different kernel, switched system,
# and garbage collected all, we could not load kernel modules anymore.
ln -sfn /var/run/booted-system /nix/var/nix/gcroots/booted-system
# Ensure that the module tools can find the kernel modules.

2
modules/system/boot/stage-2.nix
View File

@ -43,7 +43,7 @@ let
bootStage2 = substituteAll {
src = ./stage-2-init.sh;
isExecutable = true;
inherit kernel activateConfiguration;
inherit kernel;
inherit (config.boot) devShmSize;
ttyGid = config.ids.gids.tty;
upstart = config.system.build.upstart;

57
modules/system/etc/etc.nix
View File

@ -1,9 +1,10 @@
# produce a script to generate /etc
{config, pkgs, ...}:
# Produce a script to generate /etc.
{ config, pkgs, ... }:
with pkgs.lib;
###### interface
let
inherit (pkgs.lib) mkOption;
option = {
environment.etc = mkOption {
@ -36,7 +37,7 @@ let
chmod ${mode} "$target"
'';
makeEtc = pkgs.stdenv.mkDerivation {
etc = pkgs.stdenv.mkDerivation {
name = "etc";
builder = ./make-etc.sh;
@ -52,47 +53,13 @@ in
{
require = [option];
system = {
build = {
etc = makeEtc;
};
system.build.etc = etc;
activationScripts = {
etc = pkgs.lib.fullDepEntry ''
# Set up the statically computed bits of /etc.
echo "setting up /etc..."
staticEtc=/etc/static
rm -f $staticEtc
ln -s ${makeEtc}/etc $staticEtc
for i in $(cd $staticEtc && find * -type l); do
mkdir -p /etc/$(dirname $i)
rm -f /etc/$i
if test -e "$staticEtc/$i.mode"; then
# Create a regular file in /etc.
cp $staticEtc/$i /etc/$i
chown 0.0 /etc/$i
chmod "$(cat "$staticEtc/$i.mode")" /etc/$i
else
# Create a symlink in /etc.
ln -s $staticEtc/$i /etc/$i
fi
done
system.activationScripts.etc = stringAfter [ "stdio" ]
''
# Set up the statically computed bits of /etc.
echo "setting up /etc..."
${pkgs.perl}/bin/perl ${./setup-etc.pl} ${etc}/etc
'';
# Remove dangling symlinks that point to /etc/static. These are
# configuration files that existed in a previous configuration but not
# in the current one. For efficiency, don't look under /etc/nixos
# (where all the NixOS sources live).
for i in $(find /etc/ \( -path /etc/nixos -prune \) -o -type l); do
target=$(readlink "$i")
if test "''${target:0:''${#staticEtc}}" = "$staticEtc" -a ! -e "$i"; then
rm -f "$i"
fi
done
'' [
"systemConfig"
"defaultPath" # path to cp, chmod, chown
"stdio"
];
};
};
}

65
modules/system/etc/setup-etc.pl Normal file
View File

@ -0,0 +1,65 @@
use strict;
use File::Find;
use File::Copy;
use File::Path;
use File::Basename;
my $etc = $ARGV[0] or die;
my $static = "/etc/static";
sub atomicSymlink {
my ($source, $target) = @_;
my $tmp = "$target.tmp";
unlink $tmp;
symlink $source, $tmp or return 1;
rename $tmp, $target or return 1;
return 1;
}
# Atomically update /etc/static to point at the etc files of the
# current configuration.
atomicSymlink $etc, $static or die;
# For every file in the etc tree, create a corresponding symlink in
# /etc to /etc/static. The indirection through /etc/static is to make
# switching to a new configuration somewhat more atomic.
sub link {
my $fn = substr $File::Find::name, length($etc) + 1 or next;
my $target = "/etc/$fn";
File::Path::make_path(dirname $target);
if (-e "$_.mode") {
open MODE, "<$_.mode";
my $mode = <MODE>; chomp $mode;
close MODE;
copy "$static/$fn", "$target.tmp" or warn;
chmod oct($mode), "$target.tmp" or warn;
rename "$target.tmp", $target or warn;
} elsif (-l "$_") {
atomicSymlink "$static/$fn", $target or warn;
}
}
find(\&link, $etc);
# Remove dangling symlinks that point to /etc/static. These are
# configuration files that existed in a previous configuration but not
# in the current one. For efficiency, don't look under /etc/nixos
# (where all the NixOS sources live).
sub cleanup {
if ($File::Find::name eq "/etc/nixos") {
$File::Find::prune = 1;
return;
}
if (-l $_) {
my $target = readlink $_;
if (substr($target, 0, length $static) eq $static) {
my $x = "/etc/static/" . substr($File::Find::name, length "/etc/");
unlink "$_" unless -e "$x";
}
}
}
find(\&cleanup, "/etc");

8
modules/system/upstart-events/control-alt-delete.nix
View File

@ -15,4 +15,12 @@
shutdown -r now 'Ctrl-Alt-Delete pressed'
'';
};
system.activationScripts.poweroff =
''
# Allow the kernel to find the poweroff command. This is used
# (for instance) by Xen's "xm shutdown" command to signal a
# guest to shut down cleanly.
echo ${config.system.build.upstart}/sbin/poweroff > /proc/sys/kernel/poweroff_cmd
'';
}

12
modules/system/upstart/upstart.nix
View File

@ -39,7 +39,8 @@ let
${optionalString (job.stopOn != "") "stop on ${job.stopOn}"}
env PATH=${makeSearchPath "bin" upstartPath}:${makeSearchPath "sbin" upstartPath}
env PATH=${makeSearchPath "bin" (job.path ++ upstartPath)}:${makeSearchPath "sbin" (job.path ++ upstartPath)}
${concatMapStrings (n: "env ${n}=\"${getAttr n job.environment}\"\n") (attrNames job.environment)}
${optionalString (job.preStart != "") ''
@ -271,6 +272,15 @@ let
'';
};
path = mkOption {
default = [ ];
description = ''
Packages added to the job's <envar>PATH</envar> environment variable.
Both the <filename>bin</filename> and <filename>sbin</filename>
subdirectories of each package are added.
'';
};
};

13
modules/tasks/filesystems.nix
View File

@ -94,9 +94,7 @@ in
example = "data=journal";
type = types.string;
merge = pkgs.lib.concatStringsSep ",";
description = "
Option used to mount the file system.
";
description = "Options used to mount the file system.";
};
autocreate = mkOption {
@ -107,6 +105,12 @@ in
<option>fileSystems.*.mountPoint</option>.
";
};
noCheck = mkOption {
default = false;
type = types.bool;
description = "Disable running fsck on this filesystem.";
};
};
};
@ -142,7 +146,8 @@ in
+ " " + fs.fsType
+ " " + fs.options
+ " 0"
+ " " + (if fs.fsType == "none" then "0" else if fs.mountPoint == "/" then "1" else "2")
+ " " + (if fs.fsType == "none" || fs.noCheck then "0" else
if fs.mountPoint == "/" then "1" else "2")
+ "\n"
)}

10
modules/tasks/network-interfaces.nix
View File

@ -205,7 +205,15 @@ in
# ${nettools}/sbin/ifconfig $i down || true
#done
'';
};
};
# Set the host name in the activation script. Don't clear it if
# it's not configured in the NixOS configuration, since it may
# have been set by dhclient in the meantime.
system.activationScripts.hostname =
optionalString (config.networking.hostName != "") ''
hostname "${config.networking.hostName}"
'';
};

8
modules/testing/test-instrumentation.nix
View File

@ -77,9 +77,13 @@ in
# Send all of /var/log/messages to the serial port.
services.syslogd.extraConfig = "*.* /dev/ttyS0";
# Clear the kernel log buffer before starting klogd to prevent it
# from printing messages that we have already seen.
jobs.klogd.preStart = "dmesg -c > /dev/null";
# Prevent tests from accessing the Internet.
networking.defaultGateway = mkOverrideTemplate 150 {} "";
networking.nameservers = mkOverrideTemplate 150 {} [ ];
networking.defaultGateway = mkOverride 150 "";
networking.nameservers = mkOverride 150 [ ];
# Require a patch to the kernel to increase the 15s CIFS timeout.
assertions =

101
modules/virtualisation/qemu-vm.nix
View File

@ -110,7 +110,21 @@ let
example = "-vga std";
description = "Options passed to QEMU.";
};
virtualisation.useBootLoader =
mkOption {
default = false;
description =
''
If enabled, the virtual machine will be booted using the
regular boot loader (i.e., GRUB 1 or 2). This allows
testing of the boot loader. If
disabled (the default), the VM directly boots the NixOS
kernel and initial ramdisk, bypassing the boot loader
altogether.
'';
};
};
cfg = config.virtualisation;
@ -146,12 +160,17 @@ let
-net nic,vlan=0,model=virtio \
-chardev socket,id=samba,path=./samba \
-net user,vlan=0,guestfwd=tcp:10.0.2.4:139-chardev:samba''${QEMU_NET_OPTS:+,$QEMU_NET_OPTS} \
-drive file=$NIX_DISK_IMAGE,if=virtio,boot=on,cache=writeback,werror=report \
-kernel ${config.system.build.toplevel}/kernel \
-initrd ${config.system.build.toplevel}/initrd \
${if cfg.useBootLoader then ''
-drive index=0,file=$NIX_DISK_IMAGE,if=virtio,cache=writeback,werror=report \
-drive index=1,file=${bootDisk}/disk.img,if=virtio,boot=on \
'' else ''
-drive file=$NIX_DISK_IMAGE,if=virtio,boot=on,cache=writeback,werror=report \
-kernel ${config.system.build.toplevel}/kernel \
-initrd ${config.system.build.toplevel}/initrd \
-append "$(cat ${config.system.build.toplevel}/kernel-params) init=${config.system.build.toplevel}/init regInfo=${regInfo} ${kernelConsole} $QEMU_KERNEL_PARAMS" \
''} \
${qemuGraphics} \
$QEMU_OPTS \
-append "$(cat ${config.system.build.toplevel}/kernel-params) init=${config.system.build.bootStage2} systemConfig=${config.system.build.toplevel} regInfo=${regInfo} ${kernelConsole} $QEMU_KERNEL_PARAMS" \
${config.virtualisation.qemu.options}
'';
@ -165,11 +184,54 @@ let
printRegistration=1 perl ${pkgs.pathsFromGraph} closure-* > $out
'';
# Generate a hard disk image containing a /boot partition and GRUB
# in the MBR. Used when the `useBootLoader' option is set.
bootDisk =
pkgs.vmTools.runInLinuxVM (
pkgs.runCommand "nixos-boot-disk"
{ preVM =
''
mkdir $out
diskImage=$out/disk.img
${pkgs.vmTools.kvm}/bin/qemu-img create -f qcow2 $diskImage "32M"
'';
buildInputs = [ pkgs.utillinux ];
}
''
# Create a single /boot partition.
${pkgs.parted}/sbin/parted /dev/vda mklabel msdos
${pkgs.parted}/sbin/parted /dev/vda -- mkpart primary ext2 1M -1s
. /sys/class/block/vda1/uevent
mknod /dev/vda1 b $MAJOR $MINOR
. /sys/class/block/vda/uevent
${pkgs.e2fsprogs}/sbin/mkfs.ext3 -L boot /dev/vda1
${pkgs.e2fsprogs}/sbin/tune2fs -c 0 -i 0 /dev/vda1
# Mount /boot.
mkdir /boot
mount /dev/vda1 /boot
# This is needed for GRUB 0.97, which doesn't know about virtio devices.
mkdir /boot/grub
echo '(hd0) /dev/vda' > /boot/grub/device.map
# Install GRUB and generate the GRUB boot menu.
touch /etc/NIXOS
mkdir -p /nix/var/nix/profiles
${config.system.build.toplevel}/bin/switch-to-configuration boot
umount /boot
''
);
in
{
require = options;
boot.loader.grub.device = mkOverride 50 "/dev/vda";
# All the modules the initrd needs to mount the host filesystem via
# CIFS. Also use paravirtualised network and block devices for
# performance.
@ -207,6 +269,7 @@ in
boot.initrd.postMountCommands =
''
mkdir -p $targetRoot/boot
mount -o remount,ro $targetRoot/nix/store
${optionalString cfg.writableStore ''
mkdir /mnt-store-tmpfs
@ -225,19 +288,21 @@ in
boot.postBootCommands =
''
( source /proc/cmdline
${config.environment.nix}/bin/nix-store --load-db < $regInfo
if [ -n "$regInfo" ]; then
${config.environment.nix}/bin/nix-store --load-db < $regInfo
fi
)
'';
virtualisation.pathsInNixDB = [ config.system.build.toplevel ];
# Mount the host filesystem via CIFS, and bind-mount the Nix store
# of the host into our own filesystem. We use mkOverrideTemplate to allow
# of the host into our own filesystem. We use mkOverride to allow
# this module to be applied to "normal" NixOS system configuration,
# where the regular value for the `fileSystems' attribute should be
# disregarded for the purpose of building a VM test image (since
# those filesystems don't exist in the VM).
fileSystems = mkOverrideTemplate 50 {}
fileSystems = mkOverride 50 (
[ { mountPoint = "/";
device = "/dev/vda";
}
@ -253,13 +318,21 @@ in
options = "bind";
neededForBoot = true;
}
];
] ++ optional cfg.useBootLoader
{ mountPoint = "/boot";
device = "/dev/disk/by-label/boot";
fsType = "ext3";
options = "ro";
noCheck = true; # fsck fails on a r/o filesystem
});
swapDevices = mkOverride 50 [ ];
# Starting DHCP brings down eth0, which kills the connection to the
# host filesystem and thus deadlocks the system.
networking.useDHCP = false;
networking.defaultGateway = mkOverrideTemplate 200 {} "10.0.2.2";
networking.defaultGateway = mkOverride 200 "10.0.2.2";
networking.nameservers = [ "10.0.2.3" ];
@ -287,9 +360,9 @@ in
# When building a regular system configuration, override whatever
# video driver the host uses.
services.xserver.videoDriver = mkOverrideTemplate 50 {} null;
services.xserver.videoDrivers = mkOverrideTemplate 50 {} [ "cirrus" "vesa" ];
services.xserver.defaultDepth = mkOverrideTemplate 50 {} 0;
services.xserver.videoDriver = mkOverride 50 null;
services.xserver.videoDrivers = mkOverride 50 [ "cirrus" "vesa" ];
services.xserver.defaultDepth = mkOverride 50 0;
services.xserver.monitorSection =
''
# Set a higher refresh rate so that resolutions > 800x600 work.
@ -300,5 +373,5 @@ in
services.mingetty.ttys = ttys ++ optional (!cfg.graphics) "ttyS0";
# Wireless won't work in the VM.
networking.enableWLAN = mkOverrideTemplate 50 {} false;
networking.enableWLAN = mkOverride 50 false;
}

165
modules/virtualisation/xen-dom0.nix Normal file
View File

@ -0,0 +1,165 @@
# Xen hypervisor (Dom0) support.
{ config, pkgs, ... }:
with pkgs.lib;
let
cfg = config.virtualisation.xen;
xen = pkgs.xen;
xendConfig = pkgs.writeText "xend-config.sxp"
''
(loglevel DEBUG)
(network-script network-bridge)
(vif-script vif-bridge)
'';
in
{
###### interface
options = {
virtualisation.xen.enable =
mkOption {
default = false;
description =
''
Setting this option enables the Xen hypervisor, a
virtualisation technology that allows multiple virtual
machines, known as <emphasis>domains</emphasis>, to run
concurrently on the physical machine. NixOS runs as the
privileged <emphasis>Domain 0</emphasis>. This option
requires a reboot to take effect.
'';
};
virtualisation.xen.bootParams =
mkOption {
default = "";
description =
''
Parameters passed to the Xen hypervisor at boot time.
'';
};
virtualisation.xen.domain0MemorySize =
mkOption {
default = 0;
example = 512;
description =
''
Amount of memory (in MiB) allocated to Domain 0 on boot.
If set to 0, all memory is assigned to Domain 0.
'';
};
};
###### implementation
config = mkIf cfg.enable {
environment.systemPackages = [ xen ];
# Domain 0 requires a pvops-enabled kernel.
boot.kernelPackages = pkgs.linuxPackages_2_6_32_xen;
boot.kernelModules =
[ "xen_evtchn" "xen_gntdev" "xen_blkback" "xen_netback" "xen_pciback"
"blktap" "tap"
];
# The radeonfb kernel module causes the screen to go black as soon
# as it's loaded, so don't load it.
boot.blacklistedKernelModules = [ "radeonfb" ];
virtualisation.xen.bootParams =
[ "loglvl=all" "guest_loglvl=all" ] ++
optional (cfg.domain0MemorySize != 0) "dom0_mem=${toString cfg.domain0MemorySize}M";
system.extraSystemBuilderCmds =
''
ln -s ${xen}/boot/xen.gz $out/xen.gz
echo "${toString cfg.bootParams}" > $out/xen-params
'';
# Mount the /proc/xen pseudo-filesystem.
system.activationScripts.xen =
''
if [ -d /proc/xen ]; then
${pkgs.sysvtools}/bin/mountpoint -q /proc/xen || \
${pkgs.utillinux}/bin/mount -t xenfs none /proc/xen
fi
'';
jobs.xend =
{ description = "Xen control daemon";
startOn = "stopped udevtrigger";
path =
[ pkgs.bridge_utils pkgs.gawk pkgs.iproute pkgs.nettools
pkgs.utillinux pkgs.bash xen pkgs.pciutils pkgs.procps
];
preStart =
''
${xen}/sbin/xend start
# Wait until Xend is running.
for ((i = 0; i < 60; i++)); do echo "waiting for xend..."; ${xen}/sbin/xend status && break; done
${xen}/sbin/xend status || exit 1
'';
postStop = "${xen}/sbin/xend stop";
};
jobs.xendomains =
{ description = "Automatically starts, saves and restores Xen domains on startup/shutdown";
startOn = "started xend";
stopOn = "starting shutdown and stopping xend";
path = [ pkgs.xen ];
environment.XENDOM_CONFIG = "${xen}/etc/sysconfig/xendomains";
preStart =
''
mkdir -p /var/lock/subsys -m 755
${xen}/etc/init.d/xendomains start
'';
postStop = "${xen}/etc/init.d/xendomains stop";
};
# To prevent a race between dhclient and xend's bridge setup
# script (which renames eth* to peth* and recreates eth* as a
# virtual device), start dhclient after xend.
jobs.dhclient.startOn = mkOverride 50 "started xend";
environment.etc =
[ { source = xendConfig;
target = "xen/xend-config.sxp";
}
{ source = "${xen}/etc/xen/scripts";
target = "xen/scripts";
}
];
# Xen provides udev rules.
services.udev.packages = [ xen ];
services.udev.path = [ pkgs.bridge_utils pkgs.iproute ];
};
}

26
modules/virtualisation/xen-domU.nix Normal file
View File

@ -0,0 +1,26 @@
# Common configuration for Xen DomU NixOS virtual machines.
{ config, pkgs, ... }:
{
# We're being booted using pv-grub, which means that we need to
# generate a GRUB 1 menu without actually installing GRUB.
boot.loader.grub.version = 1;
boot.loader.grub.device = "nodev";
boot.loader.grub.extraPerEntryConfig = "root (hd0)";
boot.initrd.kernelModules = [ "xen-blkfront" ];
# Backgrounds don't work, so don't bother.
services.ttyBackgrounds.enable = false;
# Send syslog messages to the Xen console.
services.syslogd.tty = "hvc0";
# Start a mingetty on the Xen console (so that you can login using
# "xm console" in Dom0).
services.mingetty.ttys = [ "hvc0" "tty1" "tty2" ];
# Don't run ntpd, since we should get the correct time from Dom0.
services.ntp.enable = false;
}

60
tests/avahi.nix Normal file
View File

@ -0,0 +1,60 @@
{ pkgs, ... }:
with pkgs;
{
nodes = {
one =
{ config, pkgs, ... }: {
services.avahi.enable = true;
services.avahi.nssmdns = true;
};
two =
{ config, pkgs, ... }: {
services.avahi.enable = true;
services.avahi.nssmdns = true;
};
};
# Test whether `avahi-daemon' and `libnss-mdns' work as expected.
testScript =
'' startAll;
# mDNS.
print STDERR
$one->mustSucceed("avahi-resolve-host-name one.local | tee out");
$one->mustSucceed("test \"`cut -f1 < out`\" = one.local");
print STDERR
$one->mustSucceed("avahi-resolve-host-name two.local | tee out");
$one->mustSucceed("test \"`cut -f1 < out`\" = two.local");
print STDERR
$two->mustSucceed("avahi-resolve-host-name one.local | tee out");
$two->mustSucceed("test \"`cut -f1 < out`\" = one.local");
print STDERR
$two->mustSucceed("avahi-resolve-host-name two.local | tee out");
$two->mustSucceed("test \"`cut -f1 < out`\" = two.local");
# Basic DNS-SD.
print STDERR
$one->mustSucceed("avahi-browse -r -t _workstation._tcp | tee out");
$one->mustSucceed("test `wc -l < out` -gt 0");
print STDERR
$two->mustSucceed("avahi-browse -r -t _workstation._tcp | tee out");
$two->mustSucceed("test `wc -l < out` -gt 0");
# More DNS-SD.
$one->execute("avahi-publish -s \"This is a test\" _test._tcp 123 one=1 &");
sleep 5;
print STDERR
$two->mustSucceed("avahi-browse -r -t _test._tcp | tee out");
$two->mustSucceed("test `wc -l < out` -gt 0");
# NSS-mDNS.
print STDERR $one->mustSucceed("getent hosts one.local");
print STDERR $one->mustSucceed("getent hosts two.local");
print STDERR $two->mustSucceed("getent hosts one.local");
print STDERR $two->mustSucceed("getent hosts two.local");
'';
}

2
tests/default.nix
View File

@ -6,6 +6,7 @@
with import ../lib/testing.nix { inherit nixpkgs services system; };
{
avahi = makeTest (import ./avahi.nix);
bittorrent = makeTest (import ./bittorrent.nix);
firefox = makeTest (import ./firefox.nix);
installer = makeTests (import ./installer.nix);
@ -18,6 +19,7 @@ with import ../lib/testing.nix { inherit nixpkgs services system; };
proxy = makeTest (import ./proxy.nix);
quake3 = makeTest (import ./quake3.nix);
remote_builds = makeTest (import ./remote-builds.nix);
simple = makeTest (import ./simple.nix);
subversion = makeTest (import ./subversion.nix);
trac = makeTest (import ./trac.nix);
}

40
tests/installer.nix
View File

@ -170,7 +170,7 @@ let
$machine->waitUntilSucceeds("cat /proc/swaps | grep -q /dev");
$machine->mustSucceed("nix-env -i coreutils >&2");
$machine->mustSucceed("type -tP ls") =~ /profiles/
$machine->mustSucceed("type -tP ls | tee /dev/stderr") =~ /.nix-profile/
or die "nix-env failed";
$machine->mustSucceed("nixos-rebuild switch >&2");
@ -296,5 +296,43 @@ in {
'';
fileSystems = rootFS + bootFS;
};
# Rebuild the CD configuration with a little modification.
rebuildCD =
{ inherit iso;
nodes = { };
testScript =
''
# damn, it's costly to evaluate nixos-rebuild (1G of ram)
my $machine = Machine->new({ cdrom => glob("${iso}/iso/*.iso"), qemuFlags => '${qemuNICFlags 1 1} -m 1024' });
$machine->start;
# Make sure that we get a login prompt etc.
$machine->mustSucceed("echo hello");
$machine->waitForJob("tty1");
$machine->waitForJob("rogue");
$machine->waitForJob("nixos-manual");
# Make sure that we don't try to download anything.
$machine->stopJob("dhclient");
$machine->mustSucceed("rm /etc/resolv.conf");
# Enable sshd service.
$machine->mustSucceed(
"sed -i 's,^}\$,jobs.sshd.startOn = pkgs.lib.mkOverride 0 \"startup\"; },' /etc/nixos/configuration.nix"
);
my $cfg = $machine->mustSucceed("cat /etc/nixos/configuration.nix");
print STDERR "New CD config:\n$cfg\n";
# Apply the new CD configuration.
$machine->mustSucceed("nixos-rebuild test --no-pull");
# Connect to it-self.
#$machine->waitForJob("sshd");
#$machine->mustSucceed("ssh root@127.0.0.1 echo hello");
$machine->shutdown;
'';
};
}

11
tests/simple.nix Normal file
View File

@ -0,0 +1,11 @@
{ pkgs, ... }:
{
machine = { config, pkgs, ... }: { };
testScript =
''
startAll;
$machine->shutdown;
'';
}