From 7b635ee4ed643acba338c38948e1261f6c4831a5 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Fri, 10 Sep 2010 12:25:59 +0000 Subject: [PATCH 001/100] * "ls -d" -> "echo", since "ls" prints the current directory if nothing matches. svn path=/nixos/trunk/; revision=23716 --- modules/installer/grub/grub-menu-builder.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/installer/grub/grub-menu-builder.sh b/modules/installer/grub/grub-menu-builder.sh index fc246847eed3..1b6c6ce5f5dd 100644 --- a/modules/installer/grub/grub-menu-builder.sh +++ b/modules/installer/grub/grub-menu-builder.sh @@ -243,7 +243,7 @@ for link in $((ls -d $defaultConfig/fine-tune/* ) | sort -n); do done for generation in $( - (cd /nix/var/nix/profiles && ls -d system-*-link) \ + (cd /nix/var/nix/profiles && echo system-*-link) \ | sed 's/system-\([0-9]\+\)-link/\1/' \ | sort -n -r); do link=/nix/var/nix/profiles/system-$generation-link From 6258845b618dfca28cf0a04910cf124742abde59 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Fri, 10 Sep 2010 15:25:58 +0000 Subject: [PATCH 002/100] svn path=/nixos/trunk/; revision=23727 --- modules/system/boot/stage-1.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/modules/system/boot/stage-1.nix b/modules/system/boot/stage-1.nix index 7f8287e7e4ba..7a38883af576 100644 --- a/modules/system/boot/stage-1.nix +++ b/modules/system/boot/stage-1.nix @@ -199,7 +199,6 @@ let $out/bin/umount --version | grep "umount " $out/bin/e2fsck -V 2>&1 | grep "e2fsck " $out/bin/tune2fs 2> /dev/null | grep "tune2fs " - $out/bin/fsck -N | grep "fsck from" $out/bin/udevadm --version $out/bin/blkid -v 2>&1 | tee -a $out/log | grep "blkid from util-linux-ng" $out/bin/dmsetup --version 2>&1 | tee -a $out/log | grep "version:" From 8f4139987eb2122f661f905c1d9f02c1ca916a02 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Fri, 10 Sep 2010 15:47:06 +0000 Subject: [PATCH 003/100] * Regex listing the system generations was selecting the number from only the first generation in the list. (From Karn Kallio.) svn path=/nixos/trunk/; revision=23728 --- modules/installer/grub/grub-menu-builder.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/installer/grub/grub-menu-builder.sh b/modules/installer/grub/grub-menu-builder.sh index 1b6c6ce5f5dd..27ad68604039 100644 --- a/modules/installer/grub/grub-menu-builder.sh +++ b/modules/installer/grub/grub-menu-builder.sh @@ -244,7 +244,7 @@ done for generation in $( (cd /nix/var/nix/profiles && echo system-*-link) \ - | sed 's/system-\([0-9]\+\)-link/\1/' \ + | sed 's/system-\([0-9]\+\)-link/\1/g' \ | sort -n -r); do link=/nix/var/nix/profiles/system-$generation-link date=$(stat --printf="%y\n" $link | sed 's/\..*//') From 4ae4b7d47f5e7e67d31535b27da3cf2cee0d17b1 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Fri, 10 Sep 2010 17:15:35 +0000 Subject: [PATCH 004/100] * Support booting Xen in the Grub menu builder. svn path=/nixos/trunk/; revision=23730 --- modules/installer/grub/grub-menu-builder.sh | 21 ++++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) diff --git a/modules/installer/grub/grub-menu-builder.sh b/modules/installer/grub/grub-menu-builder.sh index 27ad68604039..0605df5f52c5 100644 --- a/modules/installer/grub/grub-menu-builder.sh +++ b/modules/installer/grub/grub-menu-builder.sh @@ -52,8 +52,8 @@ default @default@ timeout @timeout@ GRUBEND if test -n "@splashImage@"; then - echo "splashimage $bootRoot/background.xpm.gz" >> "$1" - fi + echo "splashimage $bootRoot/background.xpm.gz" >> "$1" + fi ;; 2) cp -f @grub@/share/grub/unicode.pf2 /boot/grub/unicode.pf2 @@ -154,6 +154,7 @@ addEntry() { local kernel=$(readlink -f $path/kernel) local initrd=$(readlink -f $path/initrd) + local xen=$([ -f $path/xen.gz ] && readlink -f $path/xen.gz) if test "$path" = "$defaultConfig"; then cp "$kernel" /boot/nixos-kernel @@ -181,28 +182,34 @@ EOF if test -n "$copyKernels"; then copyToKernelsDir $kernel; kernel=$result copyToKernelsDir $initrd; initrd=$result + if [ -n "$xen" ]; then copyToKernelsDir $xen; xen=$result; fi fi - + local confName=$(cat $path/configuration-name 2>/dev/null || true) if test -n "$confName"; then name="$confName $3" fi + local kernelArgs="systemConfig=$(readlink -f $path) init=$(readlink -f $path/init) $(cat $path/kernel-params)" + local xenArgs="loglvl=all guest_loglvl=all" + case "$grubVersion" in 1) cat >> "$tmp" << GRUBEND title $name @extraPerEntryConfig@ - kernel $kernel systemConfig=$(readlink -f $path) init=$(readlink -f $path/init) $(cat $path/kernel-params) - initrd $initrd + ${xen:+kernel $xen $xenArgs} + $(if [ -z "$xen" ]; then echo kernel; else echo module; fi) $kernel $kernelArgs + module $initrd GRUBEND ;; 2) cat >> "$tmp" << GRUBEND menuentry "$name" { @extraPerEntryConfig@ - linux $kernel systemConfig=$(readlink -f $path) init=$(readlink -f $path/init) $(cat $path/kernel-params) - initrd $initrd + ${xen:+multiboot $xen $xenArgs} + $(if [ -z "$xen" ]; then echo linux; else echo module; fi) $kernel $kernelArgs + $(if [ -z "$xen" ]; then echo initrd; else echo module; fi) $initrd } GRUBEND ;; From 8edefa2960a48c0e97845b602f95c6366d34010b Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Fri, 10 Sep 2010 17:35:13 +0000 Subject: [PATCH 005/100] * Grrr. Fix the sort order. svn path=/nixos/trunk/; revision=23732 --- modules/installer/grub/grub-menu-builder.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/installer/grub/grub-menu-builder.sh b/modules/installer/grub/grub-menu-builder.sh index 0605df5f52c5..4caafe9da63b 100644 --- a/modules/installer/grub/grub-menu-builder.sh +++ b/modules/installer/grub/grub-menu-builder.sh @@ -250,8 +250,8 @@ for link in $((ls -d $defaultConfig/fine-tune/* ) | sort -n); do done for generation in $( - (cd /nix/var/nix/profiles && echo system-*-link) \ - | sed 's/system-\([0-9]\+\)-link/\1/g' \ + (cd /nix/var/nix/profiles && for i in system-*-link; do echo $i; done) \ + | sed 's/system-\([0-9]\+\)-link/\1/' \ | sort -n -r); do link=/nix/var/nix/profiles/system-$generation-link date=$(stat --printf="%y\n" $link | sed 's/\..*//') From 9f06fb806c3c8a49af84a796f2d1dc38038d4258 Mon Sep 17 00:00:00 2001 From: Evgeny Egorochkin Date: Sat, 11 Sep 2010 11:43:09 +0000 Subject: [PATCH 006/100] Fix TOR option descriptions: kbytes-> bytes svn path=/nixos/trunk/; revision=23735 --- modules/services/security/tor.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/services/security/tor.nix b/modules/services/security/tor.nix index d3fceae3608e..35201775ec74 100644 --- a/modules/services/security/tor.nix +++ b/modules/services/security/tor.nix @@ -155,7 +155,7 @@ in example = 100; description = '' Specify this to limit the bandwidth usage of relayed (server) - traffic. Your own traffic is still unthrottled. Units: kilobytes/second. + traffic. Your own traffic is still unthrottled. Units: bytes/second. ''; }; @@ -165,7 +165,7 @@ in description = '' Specify this to allow bursts of the bandwidth usage of relayed (server) traffic. The average usage will still be as specified in relayBandwidthRate. - Your own traffic is still unthrottled. Units: kilobytes/second. + Your own traffic is still unthrottled. Units: bytes/second. ''; }; From 987dd768113dc1dc727e3fb8c82818759b27cfdf Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Sun, 12 Sep 2010 22:43:45 +0000 Subject: [PATCH 007/100] * Added a module to enable the Xen hypervisor. svn path=/nixos/trunk/; revision=23739 --- modules/installer/grub/grub-menu-builder.sh | 12 ++-- modules/module-list.nix | 1 + modules/system/activation/top-level.nix | 27 +++----- modules/virtualisation/xen.nix | 76 +++++++++++++++++++++ 4 files changed, 92 insertions(+), 24 deletions(-) create mode 100644 modules/virtualisation/xen.nix diff --git a/modules/installer/grub/grub-menu-builder.sh b/modules/installer/grub/grub-menu-builder.sh index 4caafe9da63b..8934c9bd24de 100644 --- a/modules/installer/grub/grub-menu-builder.sh +++ b/modules/installer/grub/grub-menu-builder.sh @@ -190,16 +190,16 @@ EOF name="$confName $3" fi - local kernelArgs="systemConfig=$(readlink -f $path) init=$(readlink -f $path/init) $(cat $path/kernel-params)" - local xenArgs="loglvl=all guest_loglvl=all" + local kernelParams="systemConfig=$(readlink -f $path) init=$(readlink -f $path/init) $(cat $path/kernel-params)" + local xenParams="$([ -n "$xen" ] && cat $path/xen-params)" case "$grubVersion" in 1) cat >> "$tmp" << GRUBEND title $name @extraPerEntryConfig@ - ${xen:+kernel $xen $xenArgs} - $(if [ -z "$xen" ]; then echo kernel; else echo module; fi) $kernel $kernelArgs + ${xen:+kernel $xen $xenParams} + $(if [ -z "$xen" ]; then echo kernel; else echo module; fi) $kernel $kernelParams module $initrd GRUBEND ;; @@ -207,8 +207,8 @@ GRUBEND cat >> "$tmp" << GRUBEND menuentry "$name" { @extraPerEntryConfig@ - ${xen:+multiboot $xen $xenArgs} - $(if [ -z "$xen" ]; then echo linux; else echo module; fi) $kernel $kernelArgs + ${xen:+multiboot $xen $xenParams} + $(if [ -z "$xen" ]; then echo linux; else echo module; fi) $kernel $kernelParams $(if [ -z "$xen" ]; then echo initrd; else echo module; fi) $initrd } GRUBEND diff --git a/modules/module-list.nix b/modules/module-list.nix index 5a1efdabf411..973c3a3e4939 100644 --- a/modules/module-list.nix +++ b/modules/module-list.nix @@ -154,4 +154,5 @@ ./tasks/network-interfaces.nix ./tasks/swraid.nix ./tasks/tty-backgrounds.nix + ./virtualisation/xen.nix ] diff --git a/modules/system/activation/top-level.nix b/modules/system/activation/top-level.nix index cb3c4e8941dc..f2bbbc5ffb0d 100644 --- a/modules/system/activation/top-level.nix +++ b/modules/system/activation/top-level.nix @@ -43,30 +43,19 @@ let system.copySystemConfiguration = pkgs.lib.mkOption { default = false; description = '' - Unless set to false copies the nixos configuration file - $NIXOS_CONFIG defaulting to - /etc/nixos/configuration.nix + If enabled, copies the NixOS configuration file + $NIXOS_CONFIG (usually + /etc/nixos/configuration.nix) to the system store path. - See - if you want to do add more customized info - to your system storepath. ''; }; system.extraSystemBuilderCmds = pkgs.lib.mkOption { default = ""; + internal = true; merge = pkgs.lib.concatStringsSep "\n"; description = '' This code will be added to the builder creating the system store path. - This use case copies your configuration file into the system derivation: - - cp ${pkgs.lib.maybeEnv "NIXOS_CONFIG" "/etc/nixos/configuration.nix"} $out - - Of course you could add code saving a svn diff or svn revision number - of both nixos and nixpkgs repositories as well. Keep in mind that when - you build in chroots that you have do either copy sources to store or - add them to the chroot somehow. - You still should consider putting your configuration into a VCS. ''; }; @@ -107,6 +96,7 @@ let echo "(Expecting ${kernelPath})" false fi + ln -s ${kernelPath} $out/kernel ln -s ${config.system.modulesTree} $out/kernel-modules if [ -n "$grub" ]; then @@ -181,8 +171,9 @@ in { require = [options]; system.extraSystemBuilderCmds = - pkgs.lib.optionalString - config.system.copySystemConfiguration - "cp ${pkgs.lib.maybeEnv "NIXOS_CONFIG" "/etc/nixos/configuration.nix"} $out"; + pkgs.lib.optionalString + config.system.copySystemConfiguration + "cp ${pkgs.lib.maybeEnv "NIXOS_CONFIG" "/etc/nixos/configuration.nix"} $out"; + system.build.toplevel = system; } diff --git a/modules/virtualisation/xen.nix b/modules/virtualisation/xen.nix new file mode 100644 index 000000000000..5e8bb902b2a7 --- /dev/null +++ b/modules/virtualisation/xen.nix @@ -0,0 +1,76 @@ +# Xen hypervisor support. + +{ config, pkgs, ... }: + +with pkgs.lib; + +let cfg = config.virtualisation.xen; in + +{ + ###### interface + + options = { + + virtualisation.xen.enable = + mkOption { + default = false; + description = + '' + Setting this option enables the Xen hypervisor, a + virtualisation technology that allows multiple virtual + machines, known as domains, to run + concurrently on the physical machine. NixOS runs as the + privileged Domain 0. This option + requires a reboot to take effect. + ''; + }; + + virtualisation.xen.bootParams = + mkOption { + default = ""; + description = + '' + Parameters passed to the Xen hypervisor at boot time. + ''; + }; + + virtualisation.xen.domain0MemorySize = + mkOption { + default = 0; + example = 512; + description = + '' + Amount of memory (in MiB) allocated to Domain 0 on boot. + If set to 0, all memory is assigned to Domain 0. + ''; + }; + + }; + + + ###### implementation + + config = mkIf cfg.enable { + + environment.systemPackages = [ pkgs.xen ]; + + # Domain 0 requires a pvops-enabled kernel. + boot.kernelPackages = pkgs.linuxPackages_2_6_32_xen; + + # The radeonfb kernel module causes the screen to go black as soon + # as it's loaded, so don't load it. + boot.blacklistedKernelModules = [ "radeonfb" ]; + + virtualisation.xen.bootParams = + [ "loglvl=all" "guest_loglvl=all" ] ++ + optional (cfg.domain0MemorySize != 0) "dom0_mem=${toString cfg.domain0MemorySize}M"; + + system.extraSystemBuilderCmds = + '' + ln -s ${pkgs.xen}/boot/xen.gz $out/xen.gz + echo "${toString cfg.bootParams}" > $out/xen-params + ''; + + }; + +} From 6b2844c6b241b6f64746c4c42ace7910d247baed Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Sun, 12 Sep 2010 22:56:54 +0000 Subject: [PATCH 008/100] * Mount /proc/xen. svn path=/nixos/trunk/; revision=23741 --- modules/virtualisation/xen.nix | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/modules/virtualisation/xen.nix b/modules/virtualisation/xen.nix index 5e8bb902b2a7..b2218fb3fddd 100644 --- a/modules/virtualisation/xen.nix +++ b/modules/virtualisation/xen.nix @@ -71,6 +71,15 @@ let cfg = config.virtualisation.xen; in echo "${toString cfg.bootParams}" > $out/xen-params ''; + # Mount the /proc/xen pseudo-filesystem. + system.activationScripts.xen = noDepEntry + '' + if [ -d /proc/xen ]; then + ${pkgs.sysvtools}/bin/mountpoint -q /proc/xen || \ + ${pkgs.utillinux}/bin/mount -t xenfs none /proc/xen + fi + ''; + }; } From e871e841598a503c2bf0049f66b3e72bed2b272f Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Mon, 13 Sep 2010 11:33:05 +0000 Subject: [PATCH 009/100] * mkOverrideTemplate -> mkOverride. svn path=/nixos/trunk/; revision=23743 --- modules/virtualisation/qemu-vm.nix | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/modules/virtualisation/qemu-vm.nix b/modules/virtualisation/qemu-vm.nix index cf527391e2c5..fb4779c63a1e 100644 --- a/modules/virtualisation/qemu-vm.nix +++ b/modules/virtualisation/qemu-vm.nix @@ -232,12 +232,12 @@ in virtualisation.pathsInNixDB = [ config.system.build.toplevel ]; # Mount the host filesystem via CIFS, and bind-mount the Nix store - # of the host into our own filesystem. We use mkOverrideTemplate to allow + # of the host into our own filesystem. We use mkOverride to allow # this module to be applied to "normal" NixOS system configuration, # where the regular value for the `fileSystems' attribute should be # disregarded for the purpose of building a VM test image (since # those filesystems don't exist in the VM). - fileSystems = mkOverrideTemplate 50 {} + fileSystems = mkOverride 50 [ { mountPoint = "/"; device = "/dev/vda"; } @@ -259,7 +259,7 @@ in # host filesystem and thus deadlocks the system. networking.useDHCP = false; - networking.defaultGateway = mkOverrideTemplate 200 {} "10.0.2.2"; + networking.defaultGateway = mkOverride 200 "10.0.2.2"; networking.nameservers = [ "10.0.2.3" ]; @@ -287,9 +287,9 @@ in # When building a regular system configuration, override whatever # video driver the host uses. - services.xserver.videoDriver = mkOverrideTemplate 50 {} null; - services.xserver.videoDrivers = mkOverrideTemplate 50 {} [ "cirrus" "vesa" ]; - services.xserver.defaultDepth = mkOverrideTemplate 50 {} 0; + services.xserver.videoDriver = mkOverride 50 null; + services.xserver.videoDrivers = mkOverride 50 [ "cirrus" "vesa" ]; + services.xserver.defaultDepth = mkOverride 50 0; services.xserver.monitorSection = '' # Set a higher refresh rate so that resolutions > 800x600 work. @@ -300,5 +300,5 @@ in services.mingetty.ttys = ttys ++ optional (!cfg.graphics) "ttyS0"; # Wireless won't work in the VM. - networking.enableWLAN = mkOverrideTemplate 50 {} false; + networking.enableWLAN = mkOverride 50 false; } From b756a1ee81071017a90cac1535166f467dff96ee Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Mon, 13 Sep 2010 11:46:35 +0000 Subject: [PATCH 010/100] * Added an option to disable fsck on particular filesystems. svn path=/nixos/trunk/; revision=23744 --- modules/tasks/filesystems.nix | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/modules/tasks/filesystems.nix b/modules/tasks/filesystems.nix index 5735d943c51e..699e9b3c33ca 100644 --- a/modules/tasks/filesystems.nix +++ b/modules/tasks/filesystems.nix @@ -94,9 +94,7 @@ in example = "data=journal"; type = types.string; merge = pkgs.lib.concatStringsSep ","; - description = " - Option used to mount the file system. - "; + description = "Options used to mount the file system."; }; autocreate = mkOption { @@ -107,6 +105,12 @@ in . "; }; + + noCheck = mkOption { + default = false; + type = types.bool; + description = "Disable running fsck on this filesystem."; + }; }; }; @@ -142,7 +146,8 @@ in + " " + fs.fsType + " " + fs.options + " 0" - + " " + (if fs.fsType == "none" then "0" else if fs.mountPoint == "/" then "1" else "2") + + " " + (if fs.fsType == "none" || fs.noCheck then "0" else + if fs.mountPoint == "/" then "1" else "2") + "\n" )} From c1295661c4bc68d9120c834e2a456e8125e9fe18 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Mon, 13 Sep 2010 12:34:58 +0000 Subject: [PATCH 011/100] * Added a command `nixos-rebuild build-vm-with-bootloader'. This is like `build-vm', but boots using the regular boot loader (i.e. GRUB 1 or 2) rather than booting directly from the kernel/initrd. Thus it allows testing of GRUB. svn path=/nixos/trunk/; revision=23747 --- default.nix | 15 ++- doc/manual/man-nixos-rebuild.xml | 31 +++++++ modules/installer/tools/nixos-rebuild.sh | 9 +- .../activation/switch-to-configuration.sh | 2 +- modules/virtualisation/qemu-vm.nix | 92 +++++++++++++++++-- 5 files changed, 137 insertions(+), 12 deletions(-) diff --git a/default.nix b/default.nix index e63a76cd03f3..6b929537ee42 100644 --- a/default.nix +++ b/default.nix @@ -11,11 +11,22 @@ let inherit (eval) config pkgs; + # This is for `nixos-rebuild build-vm'. vmConfig = (import ./lib/eval-config.nix { inherit system; modules = [ configuration ./modules/virtualisation/qemu-vm.nix ]; }).config; - + + # This is for `nixos-rebuild build-vm-with-bootloader'. + vmWithBootLoaderConfig = (import ./lib/eval-config.nix { + inherit system; + modules = + [ configuration + ./modules/virtualisation/qemu-vm.nix + { virtualisation.useBootLoader = true; } + ]; + }).config; + in { @@ -25,6 +36,8 @@ in vm = vmConfig.system.build.vm; + vmWithBootLoader = vmWithBootLoaderConfig.system.build.vm; + # The following are used by nixos-rebuild. nixFallback = pkgs.nixUnstable; manifests = config.installer.manifests; diff --git a/doc/manual/man-nixos-rebuild.xml b/doc/manual/man-nixos-rebuild.xml index 0bdc925efd9e..6f888172d48a 100644 --- a/doc/manual/man-nixos-rebuild.xml +++ b/doc/manual/man-nixos-rebuild.xml @@ -24,6 +24,8 @@ + + @@ -151,6 +153,35 @@ $ ./result/bin/run-*-vm + + + + Like , but boots using the + regular boot loader of your configuration (e.g., GRUB 1 or 2), + rather than booting directly into the kernel and initial ramdisk + of the system. This allows you to test whether the boot loader + works correctly. However, it does not guarantee that your NixOS + configuration will boot successfully on the host hardware (i.e., + after running nixos-rebuild switch), because + the hardware and boot loader configuration in the VM are + different. The boot loader is installed on an automatically + generated virtual disk containing a /boot + partition, which is mounted read-only in the VM. + + + + + + + This operation merely fetches the latest manifest in the + Nixpkgs channel to speed up subsequent + nix-env operations. This is useful if you + are not using nix-channel but still want to + use pre-built binary packages. It doesn’t reconfigure the + system at all. + + + diff --git a/modules/installer/tools/nixos-rebuild.sh b/modules/installer/tools/nixos-rebuild.sh index 4d01ff53f890..41b74494337d 100644 --- a/modules/installer/tools/nixos-rebuild.sh +++ b/modules/installer/tools/nixos-rebuild.sh @@ -22,6 +22,8 @@ The operation is one of the following: activate it build-vm: build a virtual machine containing the configuration (useful for testing) + build-vm-with-bootloader: + like build-vm, but include a boot loader in the VM dry-run: just show what store paths would be built/downloaded pull: just pull the Nixpkgs channel manifest and exit @@ -64,7 +66,7 @@ while test "$#" -gt 0; do --help) showSyntax ;; - switch|boot|test|build|dry-run|build-vm|pull) + switch|boot|test|build|dry-run|build-vm|build-vm-with-bootloader|pull) action="$i" ;; --install-grub) @@ -171,9 +173,12 @@ if test -z "$rollback"; then elif test "$action" = test -o "$action" = build -o "$action" = dry-run; then nix-build $NIXOS -A system -K -k $extraBuildFlags > /dev/null pathToConfig=./result - elif test "$action" = build-vm; then + elif [ "$action" = build-vm ]; then nix-build $NIXOS -A vm -K -k $extraBuildFlags > /dev/null pathToConfig=./result + elif [ "$action" = build-vm-with-bootloader ]; then + nix-build $NIXOS -A vmWithBootLoader -K -k $extraBuildFlags > /dev/null + pathToConfig=./result else showSyntax fi diff --git a/modules/system/activation/switch-to-configuration.sh b/modules/system/activation/switch-to-configuration.sh index 6aec8225fdfc..ffc9845622c0 100644 --- a/modules/system/activation/switch-to-configuration.sh +++ b/modules/system/activation/switch-to-configuration.sh @@ -38,7 +38,7 @@ if [ "$action" = "switch" -o "$action" = "boot" ]; then if [ "$NIXOS_INSTALL_GRUB" = 1 -o "$oldGrubVersion" != "$newGrubVersion" ]; then echo "installing the GRUB bootloader..." - @grub@/sbin/grub-install "@grubDevice@" --no-floppy --recheck + @grub@/sbin/grub-install "@grubDevice@" --no-floppy echo "$newGrubVersion" > /boot/grub/version fi fi diff --git a/modules/virtualisation/qemu-vm.nix b/modules/virtualisation/qemu-vm.nix index fb4779c63a1e..bc36b32a778a 100644 --- a/modules/virtualisation/qemu-vm.nix +++ b/modules/virtualisation/qemu-vm.nix @@ -110,7 +110,24 @@ let example = "-vga std"; description = "Options passed to QEMU."; }; - + + virtualisation.useBootLoader = + mkOption { + default = true; + description = + '' + If enabled, the virtual machine will be booted using the + regular boot loader (i.e., GRUB 1 or 2). This allows + testing of the boot loader. However, it does not + guarantee that your NixOS configuration will boot + successfully on the host hardware, because the hardware + and boot loader configuration in the VM are different. If + disabled (the default), the VM directly boots the NixOS + kernel and initial ramdisk, bypassing the boot loader + altogether. + ''; + }; + }; cfg = config.virtualisation; @@ -146,12 +163,17 @@ let -net nic,vlan=0,model=virtio \ -chardev socket,id=samba,path=./samba \ -net user,vlan=0,guestfwd=tcp:10.0.2.4:139-chardev:samba''${QEMU_NET_OPTS:+,$QEMU_NET_OPTS} \ - -drive file=$NIX_DISK_IMAGE,if=virtio,boot=on,cache=writeback,werror=report \ - -kernel ${config.system.build.toplevel}/kernel \ - -initrd ${config.system.build.toplevel}/initrd \ + ${if cfg.useBootLoader then '' + -drive index=0,file=$NIX_DISK_IMAGE,if=virtio,cache=writeback,werror=report \ + -drive index=1,file=${bootDisk}/disk.img,if=virtio,boot=on \ + '' else '' + -drive file=$NIX_DISK_IMAGE,if=virtio,boot=on,cache=writeback,werror=report \ + -kernel ${config.system.build.toplevel}/kernel \ + -initrd ${config.system.build.toplevel}/initrd \ + -append "$(cat ${config.system.build.toplevel}/kernel-params) init=${config.system.build.bootStage2} systemConfig=${config.system.build.toplevel} regInfo=${regInfo} ${kernelConsole} $QEMU_KERNEL_PARAMS" \ + ''} ${qemuGraphics} \ $QEMU_OPTS \ - -append "$(cat ${config.system.build.toplevel}/kernel-params) init=${config.system.build.bootStage2} systemConfig=${config.system.build.toplevel} regInfo=${regInfo} ${kernelConsole} $QEMU_KERNEL_PARAMS" \ ${config.virtualisation.qemu.options} ''; @@ -165,11 +187,54 @@ let printRegistration=1 perl ${pkgs.pathsFromGraph} closure-* > $out ''; + + # Generate a hard disk image containing a /boot partition and GRUB + # in the MBR. Used when the `useBootLoader' option is set. + bootDisk = + pkgs.vmTools.runInLinuxVM ( + pkgs.runCommand "nixos-boot-disk" + { preVM = + '' + mkdir $out + diskImage=$out/disk.img + ${pkgs.vmTools.kvm}/bin/qemu-img create -f qcow2 $diskImage "32M" + ''; + buildInputs = [ pkgs.utillinux ]; + } + '' + # Create a single /boot partition. + ${pkgs.parted}/sbin/parted /dev/vda mklabel msdos + ${pkgs.parted}/sbin/parted /dev/vda -- mkpart primary ext2 1M -1s + . /sys/class/block/vda1/uevent + mknod /dev/vda1 b $MAJOR $MINOR + . /sys/class/block/vda/uevent + ${pkgs.e2fsprogs}/sbin/mkfs.ext3 -L boot /dev/vda1 + ${pkgs.e2fsprogs}/sbin/tune2fs -c 0 -i 0 /dev/vda1 + + # Mount /boot. + mkdir /boot + mount /dev/vda1 /boot + + # This is needed for GRUB 0.97, which doesn't know about virtio devices. + mkdir /boot/grub + echo '(hd0) /dev/vda' > /boot/grub/device.map + + # Install GRUB and generate the GRUB boot menu. + touch /etc/NIXOS + mkdir -p /nix/var/nix/profiles + ${config.system.build.toplevel}/bin/switch-to-configuration boot + + umount /boot + '' + ); + in { require = options; + boot.loader.grub.device = mkOverride 50 "/dev/vda"; + # All the modules the initrd needs to mount the host filesystem via # CIFS. Also use paravirtualised network and block devices for # performance. @@ -207,6 +272,7 @@ in boot.initrd.postMountCommands = '' + mkdir -p $targetRoot/boot mount -o remount,ro $targetRoot/nix/store ${optionalString cfg.writableStore '' mkdir /mnt-store-tmpfs @@ -225,7 +291,9 @@ in boot.postBootCommands = '' ( source /proc/cmdline - ${config.environment.nix}/bin/nix-store --load-db < $regInfo + if [ -n "$regInfo" ]; then + ${config.environment.nix}/bin/nix-store --load-db < $regInfo + fi ) ''; @@ -237,7 +305,7 @@ in # where the regular value for the `fileSystems' attribute should be # disregarded for the purpose of building a VM test image (since # those filesystems don't exist in the VM). - fileSystems = mkOverride 50 + fileSystems = mkOverride 50 ( [ { mountPoint = "/"; device = "/dev/vda"; } @@ -253,7 +321,15 @@ in options = "bind"; neededForBoot = true; } - ]; + ] ++ optional cfg.useBootLoader + { mountPoint = "/boot"; + device = "/dev/disk/by-label/boot"; + fsType = "ext3"; + options = "ro"; + noCheck = true; # fsck fails on a r/o filesystem + }); + + swapDevices = mkOverride 50 [ ]; # Starting DHCP brings down eth0, which kills the connection to the # host filesystem and thus deadlocks the system. From f99e42cfbc860c37185ca0c4ff7d9578ffec3d9a Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Mon, 13 Sep 2010 13:43:53 +0000 Subject: [PATCH 012/100] * Doh. svn path=/nixos/trunk/; revision=23748 --- modules/virtualisation/qemu-vm.nix | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/modules/virtualisation/qemu-vm.nix b/modules/virtualisation/qemu-vm.nix index bc36b32a778a..9b21fd4c1728 100644 --- a/modules/virtualisation/qemu-vm.nix +++ b/modules/virtualisation/qemu-vm.nix @@ -113,15 +113,12 @@ let virtualisation.useBootLoader = mkOption { - default = true; + default = false; description = '' If enabled, the virtual machine will be booted using the regular boot loader (i.e., GRUB 1 or 2). This allows - testing of the boot loader. However, it does not - guarantee that your NixOS configuration will boot - successfully on the host hardware, because the hardware - and boot loader configuration in the VM are different. If + testing of the boot loader. If disabled (the default), the VM directly boots the NixOS kernel and initial ramdisk, bypassing the boot loader altogether. From f729f12e4e8f03540e33aaf07292934747417787 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Mon, 13 Sep 2010 15:41:38 +0000 Subject: [PATCH 013/100] Some cleanups in the activation script: * Moved some scriptlets to the appropriate modules. * Put the scriptlet that sets the default path at the start, since it never makes sense not to have it there. It no longer needs to be declared as a dependency. * If a scriptlet has no dependencies, it can be denoted as a plain string (i.e., `noDepEntry' is not needed anymore). svn path=/nixos/trunk/; revision=23762 --- modules/config/users-groups.nix | 24 +- modules/programs/bash/bash.nix | 17 +- modules/security/policykit.nix | 4 +- modules/security/polkit.nix | 18 +- modules/security/setuid-wrappers.nix | 4 +- modules/services/backup/mysql-backup.nix | 21 +- modules/services/backup/postgresql-backup.nix | 25 +- modules/services/backup/sitecopy-backup.nix | 75 ++-- modules/services/misc/nix-daemon.nix | 29 +- modules/services/monitoring/systemhealth.nix | 57 +-- .../system/activation/activation-script.nix | 324 +++++++----------- modules/system/boot/modprobe.nix | 9 + modules/system/etc/etc.nix | 81 ++--- modules/tasks/network-interfaces.nix | 15 +- modules/virtualisation/xen.nix | 2 +- 15 files changed, 346 insertions(+), 359 deletions(-) diff --git a/modules/config/users-groups.nix b/modules/config/users-groups.nix index 447dc96f818f..6d57209a4ac8 100644 --- a/modules/config/users-groups.nix +++ b/modules/config/users-groups.nix @@ -156,7 +156,23 @@ in config = { - system.activationScripts.users = fullDepEntry + system.activationScripts.rootPasswd = stringAfter [ "etc" ] + '' + # If there is no password file yet, create a root account with an + # empty password. + if ! test -e /etc/passwd; then + rootHome=/root + touch /etc/passwd; chmod 0644 /etc/passwd + touch /etc/group; chmod 0644 /etc/group + touch /etc/shadow; chmod 0600 /etc/shadow + # Can't use useradd, since it complains that it doesn't know us + # (bootstrap problem!). + echo "root:x:0:0:System administrator:$rootHome:${config.users.defaultUserShell}" >> /etc/passwd + echo "root::::::::" >> /etc/shadow + fi + ''; + + system.activationScripts.users = stringAfter [ "groups" ] '' echo "updating users..." @@ -206,9 +222,9 @@ in fi done - '' [ "groups" ]; + ''; - system.activationScripts.groups = fullDepEntry + system.activationScripts.groups = stringAfter [ "rootPasswd" "binsh" "etc" "var" ] '' echo "updating groups..." @@ -231,7 +247,7 @@ in done < ${location}/${db}.gz - ''; + postgresqlBackupCron = db: + '' + ${config.services.postgresqlBackup.period} root ${postgresql}/bin/pg_dump ${db} | ${gzip}/bin/gzip -c > ${location}/${db}.gz + ''; in @@ -52,14 +54,13 @@ in }; config = mkIf config.services.postgresqlBackup.enable { - services.cron = { - systemCronJobs = map postgresqlBackupCron config.services.postgresqlBackup.databases; - }; + services.cron.systemCronJobs = map postgresqlBackupCron config.services.postgresqlBackup.databases; - system.activationScripts.postgresqlBackup = pkgs.stringsWithDeps.fullDepEntry '' - mkdir -m 0700 -p ${config.services.postgresqlBackup.location} - chown root ${config.services.postgresqlBackup.location} - '' [ "stdio" "defaultPath" "systemConfig" "users" ]; + system.activationScripts.postgresqlBackup = stringAfter [ "stdio" "defaultPath" "systemConfig" "users" ] + '' + mkdir -m 0700 -p ${config.services.postgresqlBackup.location} + chown root ${config.services.postgresqlBackup.location} + ''; }; } diff --git a/modules/services/backup/sitecopy-backup.nix b/modules/services/backup/sitecopy-backup.nix index 310a5e78b080..f30002b6ee86 100644 --- a/modules/services/backup/sitecopy-backup.nix +++ b/modules/services/backup/sitecopy-backup.nix @@ -1,7 +1,8 @@ -{pkgs, config, ...}: +{ config, pkgs, ... }: + +with pkgs.lib; let - inherit (pkgs.lib) mkOption mkIf singleton concatStrings; inherit (pkgs) sitecopy; stateDir = "/var/spool/sitecopy"; @@ -63,45 +64,41 @@ in config = mkIf config.services.sitecopy.enable { environment.systemPackages = [ sitecopy ]; - services.cron = { - systemCronJobs = map sitecopyCron config.services.sitecopy.backups; - }; + services.cron.systemCronJobs = map sitecopyCron config.services.sitecopy.backups; + system.activationScripts.sitecopyBackup = stringAfter [ "stdio" "systemConfig" "users" ] + '' + mkdir -m 0700 -p ${stateDir} + chown root ${stateDir} + touch ${stateDir}/sitecopy.secrets + chown root ${stateDir}/sitecopy.secrets - system.activationScripts.sitecopyBackup = - pkgs.stringsWithDeps.fullDepEntry '' - mkdir -m 0700 -p ${stateDir} - chown root ${stateDir} - touch ${stateDir}/sitecopy.secrets - chown root ${stateDir}/sitecopy.secrets - - ${pkgs.lib.concatStrings (map ( b: '' - unset secrets - unset secret - secrets=`grep '^${b.server}' ${stateDir}/sitecopy.secrets | head -1` - secret=($secrets) - cat > ${stateDir}/${b.name}.conf << EOF - site ${b.name} - server ${b.server} - protocol ${b.protocol} - username ''${secret[1]} - password ''${secret[2]} - local ${b.local} - remote ${b.remote} - symlinks ${b.symlinks} - ${if b.https then "http secure" else ""} - EOF - chmod 0600 ${stateDir}/${b.name}.conf - if ! test -e ${stateDir}/${b.name} ; then - echo " * Initializing sitecopy '${b.name}'" - ${sitecopy}/bin/sitecopy --storepath=${stateDir} --rcfile=${stateDir}/${b.name}.conf --initialize ${b.name} - else - echo " * Sitecopy '${b.name}' already initialized" - fi - '' ) config.services.sitecopy.backups - )} - - '' [ "stdio" "defaultPath" "systemConfig" "users" ] ; + ${pkgs.lib.concatStrings (map ( b: '' + unset secrets + unset secret + secrets=`grep '^${b.server}' ${stateDir}/sitecopy.secrets | head -1` + secret=($secrets) + cat > ${stateDir}/${b.name}.conf << EOF + site ${b.name} + server ${b.server} + protocol ${b.protocol} + username ''${secret[1]} + password ''${secret[2]} + local ${b.local} + remote ${b.remote} + symlinks ${b.symlinks} + ${if b.https then "http secure" else ""} + EOF + chmod 0600 ${stateDir}/${b.name}.conf + if ! test -e ${stateDir}/${b.name} ; then + echo " * Initializing sitecopy '${b.name}'" + ${sitecopy}/bin/sitecopy --storepath=${stateDir} --rcfile=${stateDir}/${b.name}.conf --initialize ${b.name} + else + echo " * Sitecopy '${b.name}' already initialized" + fi + '' ) config.services.sitecopy.backups + )} + ''; }; } diff --git a/modules/services/misc/nix-daemon.nix b/modules/services/misc/nix-daemon.nix index a9a0bc70f1ec..2be7789cc5fa 100644 --- a/modules/services/misc/nix-daemon.nix +++ b/modules/services/misc/nix-daemon.nix @@ -277,7 +277,7 @@ in # do this, mount the remote file system on a subdirectory of # /var/run/nix/remote-stores. export NIX_OTHER_STORES=/var/run/nix/remote-stores/*/nix - '' + '' # */ + optionalString config.nix.distributedBuilds '' export NIX_BUILD_HOOK=${config.environment.nix}/libexec/nix/build-remote.pl export NIX_REMOTE_SYSTEMS=/etc/nix.machines @@ -292,6 +292,33 @@ in users.extraUsers = map makeNixBuildUser (pkgs.lib.range 1 config.nix.nrBuildUsers); + system.activationScripts.nix = stringAfter [ "etc" "users" ] + '' + # Set up Nix. + mkdir -p /nix/etc/nix + ln -sfn /etc/nix.conf /nix/etc/nix/nix.conf + chown root.nixbld /nix/store + chmod 1775 /nix/store + + # Nix initialisation. + mkdir -m 0755 -p \ + /nix/var/nix/gcroots \ + /nix/var/nix/temproots \ + /nix/var/nix/manifests \ + /nix/var/nix/userpool \ + /nix/var/nix/profiles \ + /nix/var/nix/db \ + /nix/var/log/nix/drvs \ + /nix/var/nix/channel-cache \ + /nix/var/nix/chroots + mkdir -m 1777 -p /nix/var/nix/gcroots/per-user + mkdir -m 1777 -p /nix/var/nix/profiles/per-user + mkdir -m 1777 -p /nix/var/nix/gcroots/tmp + + ln -sf /nix/var/nix/profiles /nix/var/nix/gcroots/ + ln -sf /nix/var/nix/manifests /nix/var/nix/gcroots/ + ''; + }; } diff --git a/modules/services/monitoring/systemhealth.nix b/modules/services/monitoring/systemhealth.nix index 8d531b526f3a..85f297cfb71b 100644 --- a/modules/services/monitoring/systemhealth.nix +++ b/modules/services/monitoring/systemhealth.nix @@ -75,43 +75,44 @@ in config = mkIf cfg.enable { services.cron.systemCronJobs = [ cronJob ]; - system.activationScripts.systemhealth = fullDepEntry '' - mkdir -p ${rrdDir} ${htmlDir} - chown wwwrun.wwwrun ${rrdDir} ${htmlDir} + system.activationScripts.systemhealth = stringAfter [ "var" ] + '' + mkdir -p ${rrdDir} ${htmlDir} + chown wwwrun.wwwrun ${rrdDir} ${htmlDir} - cat >${configFile} << EOF - [paths] - rrdtool = ${pkgs.rrdtool}/bin/rrdtool - loadavg_rrd = loadavg - ps = /var/run/current-system/sw/bin/ps - df = /var/run/current-system/sw/bin/df - meminfo_rrd = meminfo - uptime_rrd = uptime - rrd_path = ${rrdDir} - png_path = ${htmlDir} + cat >${configFile} << EOF + [paths] + rrdtool = ${pkgs.rrdtool}/bin/rrdtool + loadavg_rrd = loadavg + ps = /var/run/current-system/sw/bin/ps + df = /var/run/current-system/sw/bin/df + meminfo_rrd = meminfo + uptime_rrd = uptime + rrd_path = ${rrdDir} + png_path = ${htmlDir} - [processes] + [processes] - [interfaces] - ${interfacesSection} + [interfaces] + ${interfacesSection} - [drives] - ${drivesSection} + [drives] + ${drivesSection} - [graphs] - width = 400 - time = ['-3hours', '-32hours', '-8days', '-5weeks', '-13months'] - height = 100 + [graphs] + width = 400 + time = ['-3hours', '-32hours', '-8days', '-5weeks', '-13months'] + height = 100 - [external] + [external] - EOF + EOF - chown wwwrun.wwwrun ${configFile} + chown wwwrun.wwwrun ${configFile} - ${pkgs.su}/bin/su -s "/bin/sh" -c "${command} --check" wwwrun - ${pkgs.su}/bin/su -s "/bin/sh" -c "${command} --html" wwwrun - '' [ "var" ]; + ${pkgs.su}/bin/su -s "/bin/sh" -c "${command} --check" wwwrun + ${pkgs.su}/bin/su -s "/bin/sh" -c "${command} --html" wwwrun + ''; services.httpd.extraSubservices = [ { function = f: { diff --git a/modules/system/activation/activation-script.nix b/modules/system/activation/activation-script.nix index 8924041ae600..222addb58d27 100644 --- a/modules/system/activation/activation-script.nix +++ b/modules/system/activation/activation-script.nix @@ -1,220 +1,140 @@ # generate the script used to activate the configuration. -{pkgs, config, ...}: +{ config, pkgs, ... }: + +with pkgs.lib; let - inherit (pkgs.lib) mkOption mergeTypedOption mergeAttrs - mapAttrs addErrorContext fold id filter textClosureMap noDepEntry - fullDepEntry; - inherit (builtins) attrNames; addAttributeName = mapAttrs (a: v: v // { - text = '' - #### actionScripts snippet ${a} : - # ======================================== - ${v.text} - ''; - }); - - defaultScripts = { - - systemConfig = noDepEntry '' - systemConfig="$1" - if test -z "$systemConfig"; then - systemConfig="/system" # for the installation CD - fi + text = '' + #### Activation script snippet ${a}: + ${v.text} ''; + }); - defaultPath = - let path = [ - pkgs.coreutils pkgs.gnugrep pkgs.findutils - pkgs.glibc # needed for getent - pkgs.shadow - pkgs.nettools # needed for hostname - ]; in noDepEntry '' - export PATH=/empty - for i in ${toString path}; do - PATH=$PATH:$i/bin:$i/sbin; - done - ''; - - stdio = fullDepEntry '' - # Needed by some programs. - ln -sfn /proc/self/fd /dev/fd - ln -sfn /proc/self/fd/0 /dev/stdin - ln -sfn /proc/self/fd/1 /dev/stdout - ln -sfn /proc/self/fd/2 /dev/stderr - '' [ - "defaultPath" # path to ln + path = + [ pkgs.coreutils pkgs.gnugrep pkgs.findutils + pkgs.glibc # needed for getent + pkgs.shadow + pkgs.nettools # needed for hostname ]; - - binsh = fullDepEntry '' - # Create the required /bin/sh symlink; otherwise lots of things - # (notably the system() function) won't work. - mkdir -m 0755 -p $mountPoint/bin - ln -sfn ${config.system.build.binsh}/bin/sh $mountPoint/bin/sh - '' [ - "defaultPath" # path to ln & mkdir - "stdio" # ? - ]; - - modprobe = fullDepEntry '' - # Allow the kernel to find our wrapped modprobe (which searches - # in the right location in the Nix store for kernel modules). - # We need this when the kernel (or some module) auto-loads a - # module. - echo ${config.system.sbin.modprobe}/sbin/modprobe > /proc/sys/kernel/modprobe - '' [ - # ? - ]; - - var = fullDepEntry '' - # Various log/runtime directories. - - touch /var/run/utmp # must exist - chgrp ${toString config.ids.gids.utmp} /var/run/utmp - chmod 664 /var/run/utmp - - mkdir -m 0755 -p /var/run/nix/current-load # for distributed builds - mkdir -m 0700 -p /var/run/nix/remote-stores - - mkdir -m 0755 -p /var/log - mkdir -m 0755 -p /var/log/upstart - - touch /var/log/wtmp # must exist - chmod 644 /var/log/wtmp - - touch /var/log/lastlog - chmod 644 /var/log/lastlog - - mkdir -m 1777 -p /var/tmp - - # Empty, read-only home directory of many system accounts. - mkdir -m 0555 -p /var/empty - '' [ - "defaultPath" # path to mkdir & touch & chmod - ]; - - rootPasswd = fullDepEntry '' - # If there is no password file yet, create a root account with an - # empty password. - if ! test -e /etc/passwd; then - rootHome=/root - touch /etc/passwd; chmod 0644 /etc/passwd - touch /etc/group; chmod 0644 /etc/group - touch /etc/shadow; chmod 0600 /etc/shadow - # Can't use useradd, since it complains that it doesn't know us - # (bootstrap problem!). - echo "root:x:0:0:System administrator:$rootHome:${config.users.defaultUserShell}" >> /etc/passwd - echo "root::::::::" >> /etc/shadow - fi - '' [ - "defaultPath" # path to touch & passwd - "etc" # for /etc - # ? - ]; - - nix = fullDepEntry '' - # Set up Nix. - mkdir -p /nix/etc/nix - ln -sfn /etc/nix.conf /nix/etc/nix/nix.conf - chown root.nixbld /nix/store - chmod 1775 /nix/store - - # Nix initialisation. - mkdir -m 0755 -p \ - /nix/var/nix/gcroots \ - /nix/var/nix/temproots \ - /nix/var/nix/manifests \ - /nix/var/nix/userpool \ - /nix/var/nix/profiles \ - /nix/var/nix/db \ - /nix/var/log/nix/drvs \ - /nix/var/nix/channel-cache \ - /nix/var/nix/chroots - mkdir -m 1777 -p /nix/var/nix/gcroots/per-user - mkdir -m 1777 -p /nix/var/nix/profiles/per-user - mkdir -m 1777 -p /nix/var/nix/gcroots/tmp - - ln -sf /nix/var/nix/profiles /nix/var/nix/gcroots/ - ln -sf /nix/var/nix/manifests /nix/var/nix/gcroots/ - '' [ - "defaultPath" - "etc" # /etc/nix.conf - "users" # nixbld group - ]; - - hostname = fullDepEntry '' - # Set the host name. Don't clear it if it's not configured in the - # NixOS configuration, since it may have been set by dhclient in the - # meantime. - ${if config.networking.hostName != "" then - ''hostname "${config.networking.hostName}"'' - else '' - # dhclient won't do anything if the hostname isn't empty. - if test "$(hostname)" = "(none)"; then - hostname "" - fi - ''} - '' [ "defaultPath" ]; - - # The activation has to be done at the end. This is forced at the apply - # function of activationScripts option - activate = noDepEntry '' - # Make this configuration the current configuration. - # The readlink is there to ensure that when $systemConfig = /system - # (which is a symlink to the store), /var/run/current-system is still - # used as a garbage collection root. - ln -sfn "$(readlink -f "$systemConfig")" /var/run/current-system - - # Prevent the current configuration from being garbage-collected. - ln -sfn /var/run/current-system /nix/var/nix/gcroots/current-system - ''; - - media = noDepEntry '' - mkdir -p /media - ''; - - }; - in { - require = { - system = { - activationScripts = mkOption { - default = []; - example = { - stdio = { - text = " - # Needed by some programs. - ln -sfn /proc/self/fd /dev/fd - ln -sfn /proc/self/fd/0 /dev/stdin - ln -sfn /proc/self/fd/1 /dev/stdout - ln -sfn /proc/self/fd/2 /dev/stderr - "; - deps = []; - }; - }; - description = '' - Activate the new configuration (i.e., update /etc, make accounts, - and so on). - ''; - merge = mergeTypedOption "script" builtins.isAttrs (fold mergeAttrs {}); - apply = set: - let withHeadlines = addAttributeName set; - activateLib = removeAttrs withHeadlines ["activate"]; - activateLibNames = attrNames activateLib; - in { - script = pkgs.writeScript "nixos-activation-script" - ("#! ${pkgs.stdenv.shell}\n" - + textClosureMap id activateLib activateLibNames + "\n" - # make sure that the activate snippet is added last. - + withHeadlines.activate.text); + + ###### interface + + options = { + + system.activationScripts = mkOption { + default = {}; + + example = { + stdio = { + text = '' + # Needed by some programs. + ln -sfn /proc/self/fd /dev/fd + ln -sfn /proc/self/fd/0 /dev/stdin + ln -sfn /proc/self/fd/1 /dev/stdout + ln -sfn /proc/self/fd/2 /dev/stderr + ''; + deps = []; }; }; + + description = '' + Activate the new configuration (i.e., update /etc, make accounts, + and so on). + ''; + + merge = mergeTypedOption "script" builtins.isAttrs (fold mergeAttrs {}); + + apply = set: { + script = pkgs.writeScript "nixos-activation-script" + '' + #! ${pkgs.stdenv.shell} + + export PATH=/empty + for i in ${toString path}; do + PATH=$PATH:$i/bin:$i/sbin; + done + + ${ + let + set' = mapAttrs (n: v: if builtins.isString v then noDepEntry v else v) set; + withHeadlines = addAttributeName set'; + in textClosureMap id (withHeadlines) (attrNames withHeadlines) + } + + # Make this configuration the current configuration. + # The readlink is there to ensure that when $systemConfig = /system + # (which is a symlink to the store), /var/run/current-system is still + # used as a garbage collection root. + ln -sfn "$(readlink -f "$systemConfig")" /var/run/current-system + + # Prevent the current configuration from being garbage-collected. + ln -sfn /var/run/current-system /nix/var/nix/gcroots/current-system + ''; + }; + }; + }; - system.activationScripts = defaultScripts; + + ###### implementation + + config = { + + system.activationScripts.systemConfig = + '' + systemConfig="$1" + if test -z "$systemConfig"; then + systemConfig="/system" # for the installation CD + fi + ''; + + system.activationScripts.stdio = + '' + # Needed by some programs. + ln -sfn /proc/self/fd /dev/fd + ln -sfn /proc/self/fd/0 /dev/stdin + ln -sfn /proc/self/fd/1 /dev/stdout + ln -sfn /proc/self/fd/2 /dev/stderr + ''; + + system.activationScripts.var = + '' + # Various log/runtime directories. + + touch /var/run/utmp # must exist + chgrp ${toString config.ids.gids.utmp} /var/run/utmp + chmod 664 /var/run/utmp + + mkdir -m 0755 -p /var/run/nix/current-load # for distributed builds + mkdir -m 0700 -p /var/run/nix/remote-stores + + mkdir -m 0755 -p /var/log + mkdir -m 0755 -p /var/log/upstart + + touch /var/log/wtmp # must exist + chmod 644 /var/log/wtmp + + touch /var/log/lastlog + chmod 644 /var/log/lastlog + + mkdir -m 1777 -p /var/tmp + + # Empty, read-only home directory of many system accounts. + mkdir -m 0555 -p /var/empty + ''; + + system.activationScripts.media = + '' + mkdir -p /media + ''; + + }; + } diff --git a/modules/system/boot/modprobe.nix b/modules/system/boot/modprobe.nix index 65b3f6fd292a..aa4d023a9f43 100644 --- a/modules/system/boot/modprobe.nix +++ b/modules/system/boot/modprobe.nix @@ -88,6 +88,15 @@ with pkgs.lib; # too? ]; + system.activationScripts.modprobe = + '' + # Allow the kernel to find our wrapped modprobe (which searches + # in the right location in the Nix store for kernel modules). + # We need this when the kernel (or some module) auto-loads a + # module. + echo ${config.system.sbin.modprobe}/sbin/modprobe > /proc/sys/kernel/modprobe + ''; + }; } diff --git a/modules/system/etc/etc.nix b/modules/system/etc/etc.nix index 4ae420017a57..0a2f6665be04 100644 --- a/modules/system/etc/etc.nix +++ b/modules/system/etc/etc.nix @@ -1,9 +1,10 @@ -# produce a script to generate /etc -{config, pkgs, ...}: +# Produce a script to generate /etc. +{ config, pkgs, ... }: + +with pkgs.lib; ###### interface let - inherit (pkgs.lib) mkOption; option = { environment.etc = mkOption { @@ -52,47 +53,39 @@ in { require = [option]; - system = { - build = { - etc = makeEtc; - }; + system.build.etc = makeEtc; - activationScripts = { - etc = pkgs.lib.fullDepEntry '' - # Set up the statically computed bits of /etc. - echo "setting up /etc..." - staticEtc=/etc/static - rm -f $staticEtc - ln -s ${makeEtc}/etc $staticEtc - for i in $(cd $staticEtc && find * -type l); do - mkdir -p /etc/$(dirname $i) - rm -f /etc/$i - if test -e "$staticEtc/$i.mode"; then - # Create a regular file in /etc. - cp $staticEtc/$i /etc/$i - chown 0.0 /etc/$i - chmod "$(cat "$staticEtc/$i.mode")" /etc/$i - else - # Create a symlink in /etc. - ln -s $staticEtc/$i /etc/$i - fi - done + system.activationScripts.etc = stringAfter [ "systemConfig" "stdio" ] + '' + # Set up the statically computed bits of /etc. + echo "setting up /etc..." + staticEtc=/etc/static + rm -f $staticEtc + ln -s ${makeEtc}/etc $staticEtc + for i in $(cd $staticEtc && find * -type l); do + mkdir -p /etc/$(dirname $i) + rm -f /etc/$i + if test -e "$staticEtc/$i.mode"; then + # Create a regular file in /etc. + cp $staticEtc/$i /etc/$i + chown 0.0 /etc/$i + chmod "$(cat "$staticEtc/$i.mode")" /etc/$i + else + # Create a symlink in /etc. + ln -s $staticEtc/$i /etc/$i + fi + done + + # Remove dangling symlinks that point to /etc/static. These are + # configuration files that existed in a previous configuration but not + # in the current one. For efficiency, don't look under /etc/nixos + # (where all the NixOS sources live). + for i in $(find /etc/ \( -path /etc/nixos -prune \) -o -type l); do + target=$(readlink "$i") + if test "''${target:0:''${#staticEtc}}" = "$staticEtc" -a ! -e "$i"; then + rm -f "$i" + fi + done + ''; - # Remove dangling symlinks that point to /etc/static. These are - # configuration files that existed in a previous configuration but not - # in the current one. For efficiency, don't look under /etc/nixos - # (where all the NixOS sources live). - for i in $(find /etc/ \( -path /etc/nixos -prune \) -o -type l); do - target=$(readlink "$i") - if test "''${target:0:''${#staticEtc}}" = "$staticEtc" -a ! -e "$i"; then - rm -f "$i" - fi - done - '' [ - "systemConfig" - "defaultPath" # path to cp, chmod, chown - "stdio" - ]; - }; - }; } diff --git a/modules/tasks/network-interfaces.nix b/modules/tasks/network-interfaces.nix index 8c419810c573..2e1514a82cfd 100644 --- a/modules/tasks/network-interfaces.nix +++ b/modules/tasks/network-interfaces.nix @@ -205,7 +205,20 @@ in # ${nettools}/sbin/ifconfig $i down || true #done ''; - }; + }; + + # Set the host name in the activation script. Don't clear it if + # it's not configured in the NixOS configuration, since it may + # have been set by dhclient in the meantime. + system.activationScripts.hostname = + (if config.networking.hostName != "" then '' + hostname "${config.networking.hostName}" + '' else '' + # dhclient won't do anything if the hostname isn't empty. + if test "$(hostname)" = "(none)"; then + hostname "" + fi + ''); }; diff --git a/modules/virtualisation/xen.nix b/modules/virtualisation/xen.nix index b2218fb3fddd..f0ac5944e42a 100644 --- a/modules/virtualisation/xen.nix +++ b/modules/virtualisation/xen.nix @@ -72,7 +72,7 @@ let cfg = config.virtualisation.xen; in ''; # Mount the /proc/xen pseudo-filesystem. - system.activationScripts.xen = noDepEntry + system.activationScripts.xen = '' if [ -d /proc/xen ]; then ${pkgs.sysvtools}/bin/mountpoint -q /proc/xen || \ From f8f04aa756eb97bd886841f81df262ed381de171 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Mon, 13 Sep 2010 16:02:54 +0000 Subject: [PATCH 014/100] * Fix the tests. svn path=/nixos/trunk/; revision=23764 --- modules/virtualisation/qemu-vm.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/virtualisation/qemu-vm.nix b/modules/virtualisation/qemu-vm.nix index 9b21fd4c1728..cac221d8c226 100644 --- a/modules/virtualisation/qemu-vm.nix +++ b/modules/virtualisation/qemu-vm.nix @@ -168,7 +168,7 @@ let -kernel ${config.system.build.toplevel}/kernel \ -initrd ${config.system.build.toplevel}/initrd \ -append "$(cat ${config.system.build.toplevel}/kernel-params) init=${config.system.build.bootStage2} systemConfig=${config.system.build.toplevel} regInfo=${regInfo} ${kernelConsole} $QEMU_KERNEL_PARAMS" \ - ''} + ''} \ ${qemuGraphics} \ $QEMU_OPTS \ ${config.virtualisation.qemu.options} From 0fccd7bb492fabe8985087f2790ec6d2168978d1 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Mon, 13 Sep 2010 16:06:07 +0000 Subject: [PATCH 015/100] * Add a trivial test that just starts a machine and shuts it down. svn path=/nixos/trunk/; revision=23765 --- tests/default.nix | 1 + tests/simple.nix | 11 +++++++++++ 2 files changed, 12 insertions(+) create mode 100644 tests/simple.nix diff --git a/tests/default.nix b/tests/default.nix index e99bce510ec4..37ca37e0728a 100644 --- a/tests/default.nix +++ b/tests/default.nix @@ -18,6 +18,7 @@ with import ../lib/testing.nix { inherit nixpkgs services system; }; proxy = makeTest (import ./proxy.nix); quake3 = makeTest (import ./quake3.nix); remote_builds = makeTest (import ./remote-builds.nix); + simple = makeTest (import ./simple.nix); subversion = makeTest (import ./subversion.nix); trac = makeTest (import ./trac.nix); } diff --git a/tests/simple.nix b/tests/simple.nix new file mode 100644 index 000000000000..eee13a101334 --- /dev/null +++ b/tests/simple.nix @@ -0,0 +1,11 @@ +{ pkgs, ... }: + +{ + machine = { config, pkgs, ... }: { }; + + testScript = + '' + startAll; + $machine->shutdown; + ''; +} From c8d1774f0977325ffa5bab56487ae48e072b3f2d Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Mon, 13 Sep 2010 17:26:42 +0000 Subject: [PATCH 016/100] * Speed up the initialisation of /etc in the activation script a lot by doing it in Perl instead of in Bash. Forking a zillion times is slow. svn path=/nixos/trunk/; revision=23766 --- modules/system/etc/etc.nix | 32 ++-------------- modules/system/etc/setup-etc.pl | 65 +++++++++++++++++++++++++++++++++ 2 files changed, 68 insertions(+), 29 deletions(-) create mode 100644 modules/system/etc/setup-etc.pl diff --git a/modules/system/etc/etc.nix b/modules/system/etc/etc.nix index 0a2f6665be04..3dec801b407f 100644 --- a/modules/system/etc/etc.nix +++ b/modules/system/etc/etc.nix @@ -37,7 +37,7 @@ let chmod ${mode} "$target" ''; - makeEtc = pkgs.stdenv.mkDerivation { + etc = pkgs.stdenv.mkDerivation { name = "etc"; builder = ./make-etc.sh; @@ -53,39 +53,13 @@ in { require = [option]; - system.build.etc = makeEtc; + system.build.etc = etc; system.activationScripts.etc = stringAfter [ "systemConfig" "stdio" ] '' # Set up the statically computed bits of /etc. echo "setting up /etc..." - staticEtc=/etc/static - rm -f $staticEtc - ln -s ${makeEtc}/etc $staticEtc - for i in $(cd $staticEtc && find * -type l); do - mkdir -p /etc/$(dirname $i) - rm -f /etc/$i - if test -e "$staticEtc/$i.mode"; then - # Create a regular file in /etc. - cp $staticEtc/$i /etc/$i - chown 0.0 /etc/$i - chmod "$(cat "$staticEtc/$i.mode")" /etc/$i - else - # Create a symlink in /etc. - ln -s $staticEtc/$i /etc/$i - fi - done - - # Remove dangling symlinks that point to /etc/static. These are - # configuration files that existed in a previous configuration but not - # in the current one. For efficiency, don't look under /etc/nixos - # (where all the NixOS sources live). - for i in $(find /etc/ \( -path /etc/nixos -prune \) -o -type l); do - target=$(readlink "$i") - if test "''${target:0:''${#staticEtc}}" = "$staticEtc" -a ! -e "$i"; then - rm -f "$i" - fi - done + ${pkgs.perl}/bin/perl ${./setup-etc.pl} ${etc}/etc ''; } diff --git a/modules/system/etc/setup-etc.pl b/modules/system/etc/setup-etc.pl new file mode 100644 index 000000000000..c6b932cf2022 --- /dev/null +++ b/modules/system/etc/setup-etc.pl @@ -0,0 +1,65 @@ +use strict; +use File::Find; +use File::Copy; +use File::Path; +use File::Basename; + +my $etc = $ARGV[0] or die; +my $static = "/etc/static"; + +sub atomicSymlink { + my ($source, $target) = @_; + my $tmp = "$target.tmp"; + unlink $tmp; + symlink $source, $tmp or return 1; + rename $tmp, $target or return 1; + return 1; +} + + +# Atomically update /etc/static to point at the etc files of the +# current configuration. +atomicSymlink $etc, $static or die; + + +# For every file in the etc tree, create a corresponding symlink in +# /etc to /etc/static. The indirection through /etc/static is to make +# switching to a new configuration somewhat more atomic. +sub link { + my $fn = substr $File::Find::name, length($etc) + 1 or next; + my $target = "/etc/$fn"; + File::Path::make_path(dirname $target); + if (-e "$_.mode") { + open MODE, "<$_.mode"; + my $mode = ; chomp $mode; + close MODE; + copy "$static/$fn", "$target.tmp" or warn; + chmod oct($mode), "$target.tmp" or warn; + rename "$target.tmp", $target or warn; + } elsif (-l "$_") { + atomicSymlink "$static/$fn", $target or warn; + } +} + +find(\&link, $etc); + + +# Remove dangling symlinks that point to /etc/static. These are +# configuration files that existed in a previous configuration but not +# in the current one. For efficiency, don't look under /etc/nixos +# (where all the NixOS sources live). +sub cleanup { + if ($File::Find::name eq "/etc/nixos") { + $File::Find::prune = 1; + return; + } + if (-l $_) { + my $target = readlink $_; + if (substr($target, 0, length $static) eq $static) { + my $x = "/etc/static/" . substr($File::Find::name, length "/etc/"); + unlink "$_" unless -e "$x"; + } + } +} + +find(\&cleanup, "/etc"); From d48e2fdb4d01094ae2d8d00c1e505ba21cefec78 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Mon, 13 Sep 2010 17:36:01 +0000 Subject: [PATCH 017/100] * Don't print kernel log messages twice. svn path=/nixos/trunk/; revision=23769 --- modules/testing/test-instrumentation.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/modules/testing/test-instrumentation.nix b/modules/testing/test-instrumentation.nix index 6f47a6a9c39e..5ff7201acd35 100644 --- a/modules/testing/test-instrumentation.nix +++ b/modules/testing/test-instrumentation.nix @@ -77,6 +77,10 @@ in # Send all of /var/log/messages to the serial port. services.syslogd.extraConfig = "*.* /dev/ttyS0"; + # Clear the kernel log buffer before starting klogd to prevent it + # from printing messages that we have already seen. + jobs.klogd.preStart = "dmesg -c > /dev/null"; + # Prevent tests from accessing the Internet. networking.defaultGateway = mkOverrideTemplate 150 {} ""; networking.nameservers = mkOverrideTemplate 150 {} [ ]; From 4046056cdc3140871421bcff81a220f2be5a44cd Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Mon, 13 Sep 2010 18:19:15 +0000 Subject: [PATCH 018/100] * In the activation script, don't require the path to the "system" derivation on the command line. svn path=/nixos/trunk/; revision=23770 --- modules/system/activation/activation-script.nix | 14 ++++---------- modules/system/activation/top-level.nix | 11 +++++++++-- modules/system/boot/stage-2-init.sh | 2 +- modules/system/boot/stage-2.nix | 2 +- modules/system/etc/etc.nix | 2 +- modules/testing/test-instrumentation.nix | 4 ++-- 6 files changed, 18 insertions(+), 17 deletions(-) diff --git a/modules/system/activation/activation-script.nix b/modules/system/activation/activation-script.nix index 222addb58d27..1aad1f37c2d5 100644 --- a/modules/system/activation/activation-script.nix +++ b/modules/system/activation/activation-script.nix @@ -51,15 +51,17 @@ in merge = mergeTypedOption "script" builtins.isAttrs (fold mergeAttrs {}); apply = set: { - script = pkgs.writeScript "nixos-activation-script" + script = '' #! ${pkgs.stdenv.shell} + systemConfig=@out@ + export PATH=/empty for i in ${toString path}; do PATH=$PATH:$i/bin:$i/sbin; done - + ${ let set' = mapAttrs (n: v: if builtins.isString v then noDepEntry v else v) set; @@ -87,14 +89,6 @@ in config = { - system.activationScripts.systemConfig = - '' - systemConfig="$1" - if test -z "$systemConfig"; then - systemConfig="/system" # for the installation CD - fi - ''; - system.activationScripts.stdio = '' # Needed by some programs. diff --git a/modules/system/activation/top-level.nix b/modules/system/activation/top-level.nix index f2bbbc5ffb0d..36f8b05c9d26 100644 --- a/modules/system/activation/top-level.nix +++ b/modules/system/activation/top-level.nix @@ -102,9 +102,15 @@ let if [ -n "$grub" ]; then ln -s $grub $out/grub fi + ln -s ${config.system.build.bootStage2} $out/init ln -s ${config.system.build.initialRamdisk}/initrd $out/initrd - ln -s ${config.system.activationScripts.script} $out/activate + + echo "$activationScript" > $out/activate + substituteInPlace $out/activate --subst-var out + chmod u+x $out/activate + unset activationScript + ln -s ${config.system.build.etc}/etc $out/etc ln -s ${config.system.path} $out/sw ln -s ${config.system.build.upstart} $out/upstart @@ -116,7 +122,7 @@ let mkdir $out/fine-tune childCount=0; - for i in $children; do + for i in $children; do childCount=$(( childCount + 1 )); ln -s $i $out/fine-tune/child-$childCount; done @@ -142,6 +148,7 @@ let config.boot.kernelParams ++ config.boot.extraKernelParams; menuBuilder = config.system.build.menuBuilder; initScriptBuilder = config.system.build.initScriptBuilder; + activationScript = config.system.activationScripts.script; # Most of these are needed by grub-install. path = [ pkgs.coreutils diff --git a/modules/system/boot/stage-2-init.sh b/modules/system/boot/stage-2-init.sh index 834ad9548ed3..9a1d49c981cf 100644 --- a/modules/system/boot/stage-2-init.sh +++ b/modules/system/boot/stage-2-init.sh @@ -153,7 +153,7 @@ fi # Run the script that performs all configuration activation that does # not have to be done at boot time. echo "running activation script..." -@activateConfiguration@ "$systemConfig" +"$systemConfig"/activate # Record the boot configuration. diff --git a/modules/system/boot/stage-2.nix b/modules/system/boot/stage-2.nix index 279f454c5db8..8934a33cd04c 100644 --- a/modules/system/boot/stage-2.nix +++ b/modules/system/boot/stage-2.nix @@ -43,7 +43,7 @@ let bootStage2 = substituteAll { src = ./stage-2-init.sh; isExecutable = true; - inherit kernel activateConfiguration; + inherit kernel; inherit (config.boot) devShmSize; ttyGid = config.ids.gids.tty; upstart = config.system.build.upstart; diff --git a/modules/system/etc/etc.nix b/modules/system/etc/etc.nix index 3dec801b407f..7a764a8397b0 100644 --- a/modules/system/etc/etc.nix +++ b/modules/system/etc/etc.nix @@ -55,7 +55,7 @@ in system.build.etc = etc; - system.activationScripts.etc = stringAfter [ "systemConfig" "stdio" ] + system.activationScripts.etc = stringAfter [ "stdio" ] '' # Set up the statically computed bits of /etc. echo "setting up /etc..." diff --git a/modules/testing/test-instrumentation.nix b/modules/testing/test-instrumentation.nix index 5ff7201acd35..610d5fcc8321 100644 --- a/modules/testing/test-instrumentation.nix +++ b/modules/testing/test-instrumentation.nix @@ -82,8 +82,8 @@ in jobs.klogd.preStart = "dmesg -c > /dev/null"; # Prevent tests from accessing the Internet. - networking.defaultGateway = mkOverrideTemplate 150 {} ""; - networking.nameservers = mkOverrideTemplate 150 {} [ ]; + networking.defaultGateway = mkOverride 150 ""; + networking.nameservers = mkOverride 150 [ ]; # Require a patch to the kernel to increase the 15s CIFS timeout. assertions = From c4f910f55015b150bebe3d3ecdea76c1aa8bbcca Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Mon, 13 Sep 2010 22:10:25 +0000 Subject: [PATCH 019/100] * Substitute the path of the system derivation directly in the stage 2 init script. This removes the need for the `systemConfig' boot parameter; `init=' is enough. However, the GRUB menu builder still needs to add `systemConfig' to the kernel command line for compatibility with old configurations. svn path=/nixos/trunk/; revision=23775 --- modules/installer/cd-dvd/iso-image.nix | 10 +++----- modules/installer/cd-dvd/system-tarball.nix | 10 ++------ modules/system/activation/top-level.nix | 4 ++- modules/system/boot/stage-2-init.sh | 28 ++++++--------------- modules/virtualisation/qemu-vm.nix | 2 +- 5 files changed, 17 insertions(+), 37 deletions(-) diff --git a/modules/installer/cd-dvd/iso-image.nix b/modules/installer/cd-dvd/iso-image.nix index 15ac34492075..8117d8631f5b 100644 --- a/modules/installer/cd-dvd/iso-image.nix +++ b/modules/installer/cd-dvd/iso-image.nix @@ -174,11 +174,9 @@ in # Closures to be copied to the Nix store on the CD, namely the init # script and the top-level system configuration directory. isoImage.storeContents = - [ config.system.build.bootStage2 - config.system.build.toplevel - ] ++ - (optional config.isoImage.includeSystemBuildDependencies - config.system.build.toplevel.drvPath); + [ config.system.build.toplevel ] ++ + optional config.isoImage.includeSystemBuildDependencies + config.system.build.toplevel.drvPath; # Create the squashfs image that contains the Nix store. system.build.squashfsStore = import ../../../lib/make-squashfs.nix { @@ -220,7 +218,7 @@ in boot.loader.grub.extraEntries = '' menuentry "NixOS Installer / Rescue" { - linux /boot/bzImage init=${config.system.build.bootStage2} systemConfig=${config.system.build.toplevel} ${toString config.boot.kernelParams} + linux /boot/bzImage init=${config.system.build.toplevel}/init ${toString config.boot.kernelParams} initrd /boot/initrd } diff --git a/modules/installer/cd-dvd/system-tarball.nix b/modules/installer/cd-dvd/system-tarball.nix index 70bb12eac00f..5ca6b0e9fefc 100644 --- a/modules/installer/cd-dvd/system-tarball.nix +++ b/modules/installer/cd-dvd/system-tarball.nix @@ -34,8 +34,7 @@ let # A clue for the uboot loading ubootKernelParams = pkgs.writeText "uboot-kernel-params.txt" '' Kernel Parameters: - init=${config.system.build.bootStage2} - systemConfig=${config.system.build.toplevel} + init=${config.system.build.toplevel}/init ${toString config.boot.kernelParams} ''; @@ -70,12 +69,7 @@ in # Closures to be copied to the Nix store on the CD, namely the init # script and the top-level system configuration directory. tarball.storeContents = - [ { - object = config.system.build.bootStage2; - symlink = "none"; - } - { - object = config.system.build.toplevel; + [ { object = config.system.build.toplevel; symlink = "/var/run/current-system"; } ]; diff --git a/modules/system/activation/top-level.nix b/modules/system/activation/top-level.nix index 36f8b05c9d26..92615c78f32b 100644 --- a/modules/system/activation/top-level.nix +++ b/modules/system/activation/top-level.nix @@ -103,13 +103,15 @@ let ln -s $grub $out/grub fi - ln -s ${config.system.build.bootStage2} $out/init ln -s ${config.system.build.initialRamdisk}/initrd $out/initrd echo "$activationScript" > $out/activate substituteInPlace $out/activate --subst-var out chmod u+x $out/activate unset activationScript + + cp ${config.system.build.bootStage2} $out/init + substituteInPlace $out/init --subst-var-by systemConfig $out ln -s ${config.system.build.etc}/etc $out/etc ln -s ${config.system.path} $out/sw diff --git a/modules/system/boot/stage-2-init.sh b/modules/system/boot/stage-2-init.sh index 9a1d49c981cf..b00baf8a0758 100644 --- a/modules/system/boot/stage-2-init.sh +++ b/modules/system/boot/stage-2-init.sh @@ -1,6 +1,6 @@ #! @shell@ -# !!! copied from stage 1; remove duplication +systemConfig=@systemConfig@ # Print a greeting. @@ -56,11 +56,6 @@ rm -f /etc/mtab* # not that we care about stale locks cat /proc/mounts > /etc/mtab -# If no `systemConfig' parameter is specified on the kernel command -# line, use a fallback. -systemConfig=/nix/var/nix/profiles/system - - # Process the kernel command line. for o in $(cat /proc/cmdline); do case $o in @@ -79,10 +74,6 @@ for o in $(cat /proc/cmdline); do safemode) safeMode=1 ;; - systemConfig=*) - set -- $(IFS==; echo $o) - systemConfig=$2 - ;; resume=*) set -- $(IFS==; echo $o) resumeDevice=$2 @@ -90,8 +81,6 @@ for o in $(cat /proc/cmdline); do esac done -systemConfig="$(readlink -f "$systemConfig")" - # More special file systems, initialise required directories. mkdir -m 0777 /dev/shm @@ -153,19 +142,16 @@ fi # Run the script that performs all configuration activation that does # not have to be done at boot time. echo "running activation script..." -"$systemConfig"/activate +$systemConfig/activate # Record the boot configuration. -if test -n "$systemConfig"; then - ln -sfn "$systemConfig" /var/run/booted-system +ln -sfn "$systemConfig" /var/run/booted-system - # Prevent the booted system form being garbage-collected - # If it weren't a gcroot, if we were running a different kernel, - # switched system, and garbage collected all, we could not load - # kernel modules anymore. - ln -sfn /var/run/booted-system /nix/var/nix/gcroots/booted-system -fi +# Prevent the booted system form being garbage-collected If it weren't +# a gcroot, if we were running a different kernel, switched system, +# and garbage collected all, we could not load kernel modules anymore. +ln -sfn /var/run/booted-system /nix/var/nix/gcroots/booted-system # Ensure that the module tools can find the kernel modules. diff --git a/modules/virtualisation/qemu-vm.nix b/modules/virtualisation/qemu-vm.nix index cac221d8c226..005e4ebfb54b 100644 --- a/modules/virtualisation/qemu-vm.nix +++ b/modules/virtualisation/qemu-vm.nix @@ -167,7 +167,7 @@ let -drive file=$NIX_DISK_IMAGE,if=virtio,boot=on,cache=writeback,werror=report \ -kernel ${config.system.build.toplevel}/kernel \ -initrd ${config.system.build.toplevel}/initrd \ - -append "$(cat ${config.system.build.toplevel}/kernel-params) init=${config.system.build.bootStage2} systemConfig=${config.system.build.toplevel} regInfo=${regInfo} ${kernelConsole} $QEMU_KERNEL_PARAMS" \ + -append "$(cat ${config.system.build.toplevel}/kernel-params) init=${config.system.build.toplevel}/init regInfo=${regInfo} ${kernelConsole} $QEMU_KERNEL_PARAMS" \ ''} \ ${qemuGraphics} \ $QEMU_OPTS \ From ea4d3e2c8c35f2060677c18df45143efd0f9d4df Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Tue, 14 Sep 2010 11:17:48 +0000 Subject: [PATCH 020/100] * Don't run dhclient on Xen's peth* devices. svn path=/nixos/trunk/; revision=23779 --- modules/services/networking/dhclient.nix | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/modules/services/networking/dhclient.nix b/modules/services/networking/dhclient.nix index 7b334a8e51e2..bd3f781c19a5 100644 --- a/modules/services/networking/dhclient.nix +++ b/modules/services/networking/dhclient.nix @@ -78,9 +78,13 @@ in for i in $(cd /sys/class/net && ls -d *); do # Only run dhclient on interfaces of type ARPHRD_ETHER - # (1), i.e. Ethernet. - if [ "$(cat /sys/class/net/$i/type)" = 1 ]; then - if ! for j in ${toString ignoredInterfaces}; do echo $j; done | grep -F -x -q "$i"; then + # (1), i.e. Ethernet. Ignore peth* devices; on Xen, + # they're renamed physical Ethernet cards used for + # bridging. + if [ "$(cat /sys/class/net/$i/type)" = 1 ]; then + if ! for j in ${toString ignoredInterfaces}; do echo $j; done | grep -F -x -q "$i" && + ! echo "$i" | grep -x -q "peth.*"; + then echo "Running dhclient on $i" interfaces="$interfaces $i" fi From 8a6fad83f421bac4c59e1a0d424d1be49ababa35 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Tue, 14 Sep 2010 11:22:17 +0000 Subject: [PATCH 021/100] * Add a job attribute (path) to allow adding packages to the job's $PATH environment variable. svn path=/nixos/trunk/; revision=23780 --- modules/system/upstart/upstart.nix | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/modules/system/upstart/upstart.nix b/modules/system/upstart/upstart.nix index cb3975e694c3..535e612ed32c 100644 --- a/modules/system/upstart/upstart.nix +++ b/modules/system/upstart/upstart.nix @@ -39,7 +39,8 @@ let ${optionalString (job.stopOn != "") "stop on ${job.stopOn}"} - env PATH=${makeSearchPath "bin" upstartPath}:${makeSearchPath "sbin" upstartPath} + env PATH=${makeSearchPath "bin" (job.path ++ upstartPath)}:${makeSearchPath "sbin" (job.path ++ upstartPath)} + ${concatMapStrings (n: "env ${n}=\"${getAttr n job.environment}\"\n") (attrNames job.environment)} ${optionalString (job.preStart != "") '' @@ -271,6 +272,15 @@ let ''; }; + path = mkOption { + default = [ ]; + description = '' + Packages added to the job's PATH environment variable. + Both the bin and sbin + subdirectories of each package are added. + ''; + }; + }; From 72d9235992deb21169a1001f823c93627adc2f96 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Tue, 14 Sep 2010 11:22:50 +0000 Subject: [PATCH 022/100] * Added an Upstart job for the Xen control daemon (xend). svn path=/nixos/trunk/; revision=23781 --- modules/virtualisation/xen.nix | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/modules/virtualisation/xen.nix b/modules/virtualisation/xen.nix index f0ac5944e42a..b4e6a07e6ed5 100644 --- a/modules/virtualisation/xen.nix +++ b/modules/virtualisation/xen.nix @@ -57,6 +57,8 @@ let cfg = config.virtualisation.xen; in # Domain 0 requires a pvops-enabled kernel. boot.kernelPackages = pkgs.linuxPackages_2_6_32_xen; + boot.kernelModules = [ "xen_evtchn" "xen_gntdev" ]; + # The radeonfb kernel module causes the screen to go black as soon # as it's loaded, so don't load it. boot.blacklistedKernelModules = [ "radeonfb" ]; @@ -80,6 +82,21 @@ let cfg = config.virtualisation.xen; in fi ''; + jobs.xend = + { description = "Xen control daemon"; + + startOn = "stopped udevtrigger"; + + path = + [ pkgs.bridge_utils pkgs.gawk pkgs.iproute pkgs.nettools + pkgs.utillinux pkgs.bash pkgs.xen pkgs.pciutils pkgs.procps + ]; + + preStart = "${pkgs.xen}/sbin/xend start"; + + postStop = "${pkgs.xen}/sbin/xend stop"; + }; + }; } From 071b192c9d48984c78aec75c05251eeeaa5e2d1e Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Tue, 14 Sep 2010 11:58:06 +0000 Subject: [PATCH 023/100] * Start dhclient after xend. svn path=/nixos/trunk/; revision=23782 --- modules/virtualisation/xen.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/modules/virtualisation/xen.nix b/modules/virtualisation/xen.nix index b4e6a07e6ed5..095ce6b78df4 100644 --- a/modules/virtualisation/xen.nix +++ b/modules/virtualisation/xen.nix @@ -97,6 +97,11 @@ let cfg = config.virtualisation.xen; in postStop = "${pkgs.xen}/sbin/xend stop"; }; + # To prevent a race between dhclient and xend's bridge setup + # script (which renames eth* to peth* and recreates eth* as a + # virtual device), start dhclient after xend. + jobs.dhclient.startOn = mkOverride 50 "started xend"; + }; } From 5b3fd663ed04f9c6fa87dac755df6c7e0b8520a9 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Tue, 14 Sep 2010 11:58:55 +0000 Subject: [PATCH 024/100] * Don't set hostname to "", dhclient no longer needs it. svn path=/nixos/trunk/; revision=23783 --- modules/tasks/network-interfaces.nix | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/modules/tasks/network-interfaces.nix b/modules/tasks/network-interfaces.nix index 2e1514a82cfd..562a945d832a 100644 --- a/modules/tasks/network-interfaces.nix +++ b/modules/tasks/network-interfaces.nix @@ -211,14 +211,9 @@ in # it's not configured in the NixOS configuration, since it may # have been set by dhclient in the meantime. system.activationScripts.hostname = - (if config.networking.hostName != "" then '' + optionalString (config.networking.hostName != "") '' hostname "${config.networking.hostName}" - '' else '' - # dhclient won't do anything if the hostname isn't empty. - if test "$(hostname)" = "(none)"; then - hostname "" - fi - ''); + ''; }; From dc8eff071aa4cd924a38fb22ed94ee338c3ec135 Mon Sep 17 00:00:00 2001 From: Evgeny Egorochkin Date: Thu, 16 Sep 2010 02:06:44 +0000 Subject: [PATCH 025/100] Added Folding@Home service svn path=/nixos/trunk/; revision=23816 --- modules/misc/ids.nix | 1 + modules/module-list.nix | 1 + modules/services/misc/folding-at-home.nix | 75 +++++++++++++++++++++++ 3 files changed, 77 insertions(+) create mode 100644 modules/services/misc/folding-at-home.nix diff --git a/modules/misc/ids.nix b/modules/misc/ids.nix index 11f41aa08276..f69ae2f3b9fe 100644 --- a/modules/misc/ids.nix +++ b/modules/misc/ids.nix @@ -56,6 +56,7 @@ in sabnzbd = 33; tor = 35; cups = 36; + foldingAtHome = 37; # When adding a uid, make sure it doesn't match an existing gid. nixbld = 30000; # start of range of uids diff --git a/modules/module-list.nix b/modules/module-list.nix index 973c3a3e4939..29c2101b7079 100644 --- a/modules/module-list.nix +++ b/modules/module-list.nix @@ -62,6 +62,7 @@ ./services/misc/autofs.nix ./services/misc/disnix.nix ./services/misc/felix.nix + ./services/misc/folding-at-home.nix ./services/misc/gpsd.nix ./services/misc/nix-daemon.nix ./services/misc/nix-gc.nix diff --git a/modules/services/misc/folding-at-home.nix b/modules/services/misc/folding-at-home.nix new file mode 100644 index 000000000000..691b752c63c1 --- /dev/null +++ b/modules/services/misc/folding-at-home.nix @@ -0,0 +1,75 @@ +{ config, pkgs, ... }: +with pkgs.lib; +let + stateDir = "/var/lib/foldingathome"; + cfg = config.services.foldingAtHome; + fahUser = "foldingathome"; +in { + + ###### interface + + options = { + + services.foldingAtHome = { + + enable = mkOption { + default = false; + description = '' + Whether to enable the Folding@Home to use idle CPU time. + ''; + }; + + nickname = mkOption { + default = "Anonymous"; + description = '' + A unique handle for statistics. + ''; + }; + + config = mkOption { + default = ""; + description = '' + Extra configuration. Contents will be added verbatim to the + configuration file. + ''; + }; + + }; + + }; + + ###### implementation + + config = mkIf cfg.enable { + environment.systemPackages = [ pkgs.foldingathome ]; + + users.extraUsers = singleton + { name = fahUser; + uid = config.ids.uids.foldingAtHome; + description = "Folding@Home user"; + home = stateDir; + }; + + jobs.foldingAtHome = + { name = "foldingathome"; + + startOn = "started network-interfaces"; + stopOn = "stopping network-interfaces"; + + preStart = + '' + mkdir -m 0755 -p ${stateDir} + chown ${fahUser} ${stateDir} + cp -f ${pkgs.writeText "client.cfg" cfg.config} ${stateDir}/client.cfg + ''; + exec = "${pkgs.su}/bin/su -s ${pkgs.stdenv.shell} ${fahUser} -c 'cd ${stateDir}; ${pkgs.foldingathome}/bin/fah6'"; + }; + + services.foldingAtHome.config = '' + [settings] + username=${cfg.nickname} + ''; + + }; + +} \ No newline at end of file From 82f97b5fb2cb05693d549eedb0d10c143f8cf0fb Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Thu, 16 Sep 2010 15:23:12 +0000 Subject: [PATCH 026/100] * Allow modules to add packages to the $PATH seen by programs called from udev rules. This is slightly tricky because udev has a 512-character limit on environment variables, so we create a symlink tree to work around this. svn path=/nixos/trunk/; revision=23822 --- modules/services/hardware/udev.nix | 26 +++++++++++++++++++++++--- 1 file changed, 23 insertions(+), 3 deletions(-) diff --git a/modules/services/hardware/udev.nix b/modules/services/hardware/udev.nix index c3661e0c0b55..e84150d24927 100644 --- a/modules/services/hardware/udev.nix +++ b/modules/services/hardware/udev.nix @@ -38,7 +38,7 @@ let cp -v ${udev}/libexec/rules.d/*.rules $out/ # Set a reasonable $PATH for programs called by udev rules. - echo 'ENV{PATH}="${pkgs.coreutils}/bin:${pkgs.gnused}/bin:${pkgs.utillinux}/bin"' > $out/00-path.rules + echo 'ENV{PATH}="${udevPath}/bin:${udevPath}/sbin"' > $out/00-path.rules # Set the firmware search path so that the firmware.sh helper # called by 50-firmware.rules works properly. @@ -84,6 +84,15 @@ let #udev_log="debug" ''; + # Udev has a 512-character limit for ENV{PATH}, so create a symlink + # tree to work around this. + udevPath = pkgs.buildEnv { + name = "udev-path"; + paths = cfg.path; + pathsToLink = [ "/bin" "/sbin" ]; + ignoreCollisions = true; + }; + in { @@ -118,6 +127,15 @@ in ''; }; + path = mkOption { + default = []; + merge = mergeListOption; + description = '' + Packages added to the PATH environment variable when + executing programs from Udev rules. + ''; + }; + extraRules = mkOption { default = ""; example = '' @@ -159,7 +177,9 @@ in services.udev.extraRules = nixosRules; - services.udev.packages = [extraUdevRules]; + services.udev.packages = [ extraUdevRules ]; + + services.udev.path = [ pkgs.coreutils pkgs.gnused pkgs.gnugrep pkgs.utillinux ]; jobs.udev = { startOn = "startup"; @@ -207,7 +227,7 @@ in initctl emit -n new-devices ''; }; - + }; } From 0442e7e82adbc767afee2601680be47fa1d8f25b Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Thu, 16 Sep 2010 15:24:46 +0000 Subject: [PATCH 027/100] * Add Xen's udev rules. This is necessary to get automatically created block and network devices to work. svn path=/nixos/trunk/; revision=23823 --- modules/virtualisation/xen.nix | 41 ++++++++++++++++++++++++++++------ 1 file changed, 34 insertions(+), 7 deletions(-) diff --git a/modules/virtualisation/xen.nix b/modules/virtualisation/xen.nix index 095ce6b78df4..95c777b17c90 100644 --- a/modules/virtualisation/xen.nix +++ b/modules/virtualisation/xen.nix @@ -4,7 +4,20 @@ with pkgs.lib; -let cfg = config.virtualisation.xen; in +let + + cfg = config.virtualisation.xen; + + xen = pkgs.xen; + + xendConfig = pkgs.writeText "xend-config.sxp" + '' + (loglevel DEBUG) + (network-script network-bridge) + (vif-script vif-bridge) + ''; + +in { ###### interface @@ -52,12 +65,12 @@ let cfg = config.virtualisation.xen; in config = mkIf cfg.enable { - environment.systemPackages = [ pkgs.xen ]; + environment.systemPackages = [ xen ]; # Domain 0 requires a pvops-enabled kernel. boot.kernelPackages = pkgs.linuxPackages_2_6_32_xen; - boot.kernelModules = [ "xen_evtchn" "xen_gntdev" ]; + boot.kernelModules = [ "xen_evtchn" "xen_gntdev" "xen_blkback" "xen_netback" "xen_pciback" "blktap" ]; # The radeonfb kernel module causes the screen to go black as soon # as it's loaded, so don't load it. @@ -69,7 +82,7 @@ let cfg = config.virtualisation.xen; in system.extraSystemBuilderCmds = '' - ln -s ${pkgs.xen}/boot/xen.gz $out/xen.gz + ln -s ${xen}/boot/xen.gz $out/xen.gz echo "${toString cfg.bootParams}" > $out/xen-params ''; @@ -89,12 +102,12 @@ let cfg = config.virtualisation.xen; in path = [ pkgs.bridge_utils pkgs.gawk pkgs.iproute pkgs.nettools - pkgs.utillinux pkgs.bash pkgs.xen pkgs.pciutils pkgs.procps + pkgs.utillinux pkgs.bash xen pkgs.pciutils pkgs.procps ]; - preStart = "${pkgs.xen}/sbin/xend start"; + preStart = "${xen}/sbin/xend start"; - postStop = "${pkgs.xen}/sbin/xend stop"; + postStop = "${xen}/sbin/xend stop"; }; # To prevent a race between dhclient and xend's bridge setup @@ -102,6 +115,20 @@ let cfg = config.virtualisation.xen; in # virtual device), start dhclient after xend. jobs.dhclient.startOn = mkOverride 50 "started xend"; + environment.etc = + [ { source = xendConfig; + target = "xen/xend-config.sxp"; + } + { source = "${xen}/etc/xen/scripts"; + target = "xen/scripts"; + } + ]; + + # Xen provides udev rules. + services.udev.packages = [ xen ]; + + services.udev.path = [ pkgs.bridge_utils pkgs.iproute ]; + }; } From 1b4c811d41dfe359a042ba1adf66eb66949d902a Mon Sep 17 00:00:00 2001 From: Evgeny Egorochkin Date: Sat, 18 Sep 2010 11:30:04 +0000 Subject: [PATCH 028/100] Added AMule daemon service svn path=/nixos/trunk/; revision=23848 --- modules/module-list.nix | 1 + modules/services/networking/amuled.nix | 72 ++++++++++++++++++++++++++ 2 files changed, 73 insertions(+) create mode 100644 modules/services/networking/amuled.nix diff --git a/modules/module-list.nix b/modules/module-list.nix index 29c2101b7079..9113d249ae86 100644 --- a/modules/module-list.nix +++ b/modules/module-list.nix @@ -78,6 +78,7 @@ ./services/network-filesystems/nfs-kernel.nix ./services/network-filesystems/openafs-client/default.nix ./services/network-filesystems/samba.nix + ./services/networking/amuled.nix ./services/networking/avahi-daemon.nix ./services/networking/bind.nix ./services/networking/bitlbee.nix diff --git a/modules/services/networking/amuled.nix b/modules/services/networking/amuled.nix new file mode 100644 index 000000000000..5e60a8246194 --- /dev/null +++ b/modules/services/networking/amuled.nix @@ -0,0 +1,72 @@ +{ config, pkgs, ... }: + +with pkgs.lib; + +let + cfg = config.services.amule; +in + +{ + + ###### interface + + options = { + + services.amule = { + + enable = mkOption { + default = false; + description = '' + Whether to run the AMule daemon. You need to manually run "amuled --ec-config" to configure the service for the first time. + ''; + }; + + dataDir = mkOption { + default = ''/home/${cfg.user}/''; + description = '' + The directory holding configuration, incoming and temporary files. + ''; + }; + + user = mkOption { + default = "amule"; + description = '' + The user the AMule daemon should run as. + ''; + }; + + }; + + }; + + + ###### implementation + + config = mkIf cfg.enable { + + users.extraUsers = singleton + { name = cfg.user; + description = "AMule daemon"; + }; + + jobs.amuled = + { description = "AMule daemon"; + + startOn = "ip-up"; + + preStart = '' + mkdir -p ${cfg.dataDir} + chown ${cfg.user} ${cfg.dataDir} + ''; + + exec = '' + ${pkgs.su}/bin/su -s ${pkgs.stdenv.shell} ${cfg.user} \ + -c 'HOME="${cfg.dataDir}" ${pkgs.amuleDaemon}/bin/amuled' + ''; + }; + + environment.systemPackages = [ pkgs.amuleDaemon ]; + + }; + +} From 259c007f703a11f0333fb426bec64aefdeabf5a9 Mon Sep 17 00:00:00 2001 From: Evgeny Egorochkin Date: Sat, 18 Sep 2010 11:30:09 +0000 Subject: [PATCH 029/100] Quassel: use the convenience daemon package. svn path=/nixos/trunk/; revision=23849 --- modules/services/networking/quassel.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/services/networking/quassel.nix b/modules/services/networking/quassel.nix index d4795f3b57d2..6793ee39a06f 100644 --- a/modules/services/networking/quassel.nix +++ b/modules/services/networking/quassel.nix @@ -3,7 +3,7 @@ with pkgs.lib; let - quassel = pkgs.quassel.override { daemon = true; monolithic = false; client = false; }; + quassel = pkgs.quasselDaemon; cfg = config.services.quassel; in From b2b227c99f364929732324d1bf909022f915c02d Mon Sep 17 00:00:00 2001 From: Evgeny Egorochkin Date: Sat, 18 Sep 2010 11:30:14 +0000 Subject: [PATCH 030/100] TOR service: refactored options to avoid mess svn path=/nixos/trunk/; revision=23850 --- modules/services/security/tor.nix | 346 +++++++++++++++--------------- 1 file changed, 174 insertions(+), 172 deletions(-) diff --git a/modules/services/security/tor.nix b/modules/services/security/tor.nix index 35201775ec74..e5e0ba4e70f8 100644 --- a/modules/services/security/tor.nix +++ b/modules/services/security/tor.nix @@ -27,40 +27,6 @@ in services.tor = { - enable = mkOption { - default = false; - description = '' - Whether to enable the Tor anonymous routing daemon. - ''; - }; - - enableClient = mkOption { - default = true; - description = '' - Whether to enable Tor daemon to route application connections. - You might want to disable this if you plan running a dedicated Tor relay. - ''; - }; - - socksListenAddress = mkOption { - default = "127.0.0.1:9050"; - example = "127.0.0.1:9050, 192.168.0.1:9100"; - description = '' - Bind to this address(es) to listen for connections from Socks-speaking - applications. You can also specify a port. - ''; - }; - - socksPolicy = mkOption { - default = ""; - example = "accept 192.168.0.0/16, reject *"; - description = '' - Entry policies to allow/deny SOCKS requests based on IP address. - First entry that matches wins. If no SocksPolicy is set, we accept - all (and only) requests from SocksListenAddress. - ''; - }; - config = mkOption { default = ""; description = '' @@ -69,141 +35,180 @@ in ''; }; - enablePrivoxy = mkOption { - default = true; - description = '' - Whether to enable a special instance of privoxy dedicated to Tor. - To have anonymity, protocols need to be scrubbed of identifying - information. - Most people using Tor want to anonymize their web traffic, so by - default we enable an special instance of privoxy specifically for - Tor. - However, if you are only going to use Tor only as a relay then you - can disable this option. - ''; - }; - - privoxyListenAddress = mkOption { - default = "127.0.0.1:8118"; - description = '' - Address that Tor's instance of privoxy is listening to. - *This does not configure the standard NixOS instance of privoxy.* - This is for Tor connections only! - See services.privoxy.listenAddress to configure the standard NixOS - instace of privoxy. - ''; + client = { + + enable = mkOption { + default = true; + description = '' + Whether to enable Tor daemon to route application connections. + You might want to disable this if you plan running a dedicated Tor relay. + ''; + }; + + socksListenAddress = mkOption { + default = "127.0.0.1:9050"; + example = "127.0.0.1:9050, 192.168.0.1:9100"; + description = '' + Bind to this address(es) to listen for connections from Socks-speaking + applications. You can also specify a port. + ''; + }; + + socksPolicy = mkOption { + default = ""; + example = "accept 192.168.0.0/16, reject *"; + description = '' + Entry policies to allow/deny SOCKS requests based on IP address. + First entry that matches wins. If no SocksPolicy is set, we accept + all (and only) requests from SocksListenAddress. + ''; + }; + + privoxy = { + + enable = mkOption { + default = true; + description = '' + Whether to enable a special instance of privoxy dedicated to Tor. + To have anonymity, protocols need to be scrubbed of identifying + information. + Most people using Tor want to anonymize their web traffic, so by + default we enable an special instance of privoxy specifically for + Tor. + However, if you are only going to use Tor only for other kinds of + traffic then you can disable this option. + ''; + }; + + listenAddress = mkOption { + default = "127.0.0.1:8118"; + description = '' + Address that Tor's instance of privoxy is listening to. + *This does not configure the standard NixOS instance of privoxy.* + This is for Tor connections only! + See services.privoxy.listenAddress to configure the standard NixOS + instace of privoxy. + ''; + }; + + config = mkOption { + default = ""; + description = '' + Extra configuration for Tor's instance of privoxy. Contents will be + added verbatim to the configuration file. + *This does not configure the standard NixOS instance of privoxy.* + This is for Tor connections only! + See services.privoxy.extraConfig to configure the standard NixOS + instace of privoxy. + ''; + }; + + }; + }; - privoxyConfig = mkOption { - default = ""; - description = '' - Extra configuration for Tor's instance of privoxy. Contents will be - added verbatim to the configuration file. - *This does not configure the standard NixOS instance of privoxy.* - This is for Tor connections only! - See services.privoxy.extraConfig to configure the standard NixOS - instace of privoxy. - ''; - }; + relay = { - enableRelay = mkOption { - default = false; - description = '' - Whether to enable relaying traffic for others. + enable = mkOption { + default = false; + description = '' + Whether to enable relaying TOR traffic for others. - See https://www.torproject.org/docs/tor-doc-relay for details. - ''; - }; + See https://www.torproject.org/docs/tor-doc-relay for details. + ''; + }; - isBridgeRelay = mkOption { - default = false; - description = '' - Bridge relays (or "bridges" ) are Tor relays that aren't listed in the - main directory. Since there is no complete public list of them, even if an - ISP is filtering connections to all the known Tor relays, they probably - won't be able to block all the bridges. + isBridge = mkOption { + default = false; + description = '' + Bridge relays (or "bridges" ) are Tor relays that aren't listed in the + main directory. Since there is no complete public list of them, even if an + ISP is filtering connections to all the known Tor relays, they probably + won't be able to block all the bridges. - A bridge relay can't be an exit relay. + A bridge relay can't be an exit relay. - You need to set enableRelay to true for this option to take effect. + You need to set enableRelay to true for this option to take effect. - See https://www.torproject.org/bridges.html.en for more info. - ''; - }; + See https://www.torproject.org/bridges.html.en for more info. + ''; + }; - isExitRelay = mkOption { - default = false; - description = '' - An exit relay allows Tor users to access regular Internet services. + isExit = mkOption { + default = false; + description = '' + An exit relay allows Tor users to access regular Internet services. - Unlike running a non-exit relay, running an exit relay may expose - you to abuse complaints. See https://www.torproject.org/faq.html.en#ExitPolicies for more info. + Unlike running a non-exit relay, running an exit relay may expose + you to abuse complaints. See https://www.torproject.org/faq.html.en#ExitPolicies for more info. - You can specify which services Tor users may access via your exit relay using exitPolicy option. - ''; - }; + You can specify which services Tor users may access via your exit relay using exitPolicy option. + ''; + }; - nickname = mkOption { - default = "anonymous"; - description = '' - A unique handle for your TOR relay. - ''; - }; + nickname = mkOption { + default = "anonymous"; + description = '' + A unique handle for your TOR relay. + ''; + }; - relayBandwidthRate = mkOption { - default = 0; - example = 100; - description = '' - Specify this to limit the bandwidth usage of relayed (server) - traffic. Your own traffic is still unthrottled. Units: bytes/second. - ''; - }; + bandwidthRate = mkOption { + default = 0; + example = 100; + description = '' + Specify this to limit the bandwidth usage of relayed (server) + traffic. Your own traffic is still unthrottled. Units: bytes/second. + ''; + }; - relayBandwidthBurst = mkOption { - default = 0; - example = 200; - description = '' - Specify this to allow bursts of the bandwidth usage of relayed (server) - traffic. The average usage will still be as specified in relayBandwidthRate. - Your own traffic is still unthrottled. Units: bytes/second. - ''; - }; + bandwidthBurst = mkOption { + default = 0; + example = 200; + description = '' + Specify this to allow bursts of the bandwidth usage of relayed (server) + traffic. The average usage will still be as specified in relayBandwidthRate. + Your own traffic is still unthrottled. Units: bytes/second. + ''; + }; - relayPort = mkOption { - default = 9001; - description = '' - What port to advertise for Tor connections. - ''; - }; + port = mkOption { + default = 9001; + description = '' + What port to advertise for Tor connections. + ''; + }; - relayListenAddress = mkOption { - default = ""; - example = "0.0.0.0:9090"; - description = '' - Set this if you need to listen on a port other than the one advertised - in relayPort (e.g. to advertise 443 but bind to 9090). You'll need to do - ipchains or other port forwarding yourself to make this work. - ''; - }; + listenAddress = mkOption { + default = ""; + example = "0.0.0.0:9090"; + description = '' + Set this if you need to listen on a port other than the one advertised + in relayPort (e.g. to advertise 443 but bind to 9090). You'll need to do + ipchains or other port forwsarding yourself to make this work. + ''; + }; - exitPolicy = mkOption { - default = ""; - example = "accept *:6660-6667,reject *:*"; - description = '' - A comma-separated list of exit policies. They're considered first - to last, and the first match wins. If you want to _replace_ - the default exit policy, end this with either a reject *:* or an - accept *:*. Otherwise, you're _augmenting_ (prepending to) the - default exit policy. Leave commented to just use the default, which is - available in the man page or at https://www.torproject.org/documentation.html + exitPolicy = mkOption { + default = ""; + example = "accept *:6660-6667,reject *:*"; + description = '' + A comma-separated list of exit policies. They're considered first + to last, and the first match wins. If you want to _replace_ + the default exit policy, end this with either a reject *:* or an + accept *:*. Otherwise, you're _augmenting_ (prepending to) the + default exit policy. Leave commented to just use the default, which is + available in the man page or at https://www.torproject.org/documentation.html - Look at https://www.torproject.org/faq-abuse.html#TypicalAbuses - for issues you might encounter if you use the default exit policy. + Look at https://www.torproject.org/faq-abuse.html#TypicalAbuses + for issues you might encounter if you use the default exit policy. + + If certain IPs and ports are blocked externally, e.g. by your firewall, + you should update your exit policy to reflect this -- otherwise Tor + users will be told that those destinations are down. + ''; + }; - If certain IPs and ports are blocked externally, e.g. by your firewall, - you should update your exit policy to reflect this -- otherwise Tor - users will be told that those destinations are down. - ''; }; }; @@ -213,14 +218,11 @@ in ###### implementation - config = mkIf cfg.enable { + config = mkIf (cfg.client.enable || cfg.relay.enable) { environment.systemPackages = [ tor ]; # provides tor-resolve and torify - assertions = [{ - assertion = cfg.enableRelay || cfg.enableClient; - message = "Need to either enable TOR client or relay functionality"; - } { - assertion = cfg.enableRelay -> !(cfg.isBridgeRelay && cfg.isExitRelay); + assertions = [ { + assertion = cfg.relay.enable -> !(cfg.relay.isBridge && cfg.relay.isExit); message = "Can't be both an exit and a bridge relay at the same time"; } ]; @@ -245,7 +247,7 @@ in exec = "${tor}/bin/tor -f ${pkgs.writeText "torrc" cfg.config}"; }; - jobs.torPrivoxy = mkIf (cfg.enablePrivoxy && cfg.enableClient) + jobs.torPrivoxy = mkIf (cfg.client.privoxy.enable && cfg.client.enable) { name = "tor-privoxy"; startOn = "starting tor"; @@ -259,32 +261,32 @@ in # Needed to run privoxy as an unprivileged user? ${modprobe}/sbin/modprobe capability || true ''; - exec = "${privoxy}/sbin/privoxy --no-daemon --user ${torUser} ${pkgs.writeText "torPrivoxy.conf" cfg.privoxyConfig}"; + exec = "${privoxy}/sbin/privoxy --no-daemon --user ${torUser} ${pkgs.writeText "torPrivoxy.conf" cfg.client.privoxy.config}"; }; services.tor.config = '' DataDirectory ${stateDir} User ${torUser} '' - + optionalString cfg.enableClient '' - SocksListenAddress ${cfg.socksListenAddress} - ${opt "SocksPolicy" cfg.socksPolicy} + + optionalString cfg.client.enable '' + SocksListenAddress ${cfg.client.socksListenAddress} + ${opt "SocksPolicy" cfg.client.socksPolicy} '' - + optionalString cfg.enableRelay '' - ORPort ${toString cfg.relayPort} - ${opt "ORListenAddress" cfg.relayListenAddress } - ${opt "Nickname" cfg.nickname} - ${optint "RelayBandwidthRate" cfg.relayBandwidthRate} - ${optint "RelayBandwidthBurst" cfg.relayBandwidthBurst} - ${if cfg.isExitRelay then opt "ExitPolicy" cfg.exitPolicy else "ExitPolicy reject *:*"} - ${if cfg.isBridgeRelay then "BridgeRelay 1" else ""} + + optionalString cfg.relay.enable '' + ORPort ${toString cfg.relay.port} + ${opt "ORListenAddress" cfg.relay.listenAddress } + ${opt "Nickname" cfg.relay.nickname} + ${optint "RelayBandwidthRate" cfg.relay.bandwidthRate} + ${optint "RelayBandwidthBurst" cfg.relay.bandwidthBurst} + ${if cfg.relay.isExit then opt "ExitPolicy" cfg.relay.exitPolicy else "ExitPolicy reject *:*"} + ${if cfg.relay.isBridge then "BridgeRelay 1" else ""} ''; - services.tor.privoxyConfig = '' + services.tor.client.privoxy.config = '' # Generally, this file goes in /etc/privoxy/config # # Tor listens as a SOCKS4a proxy here: - forward-socks4a / ${cfg.socksListenAddress} . + forward-socks4a / ${cfg.client.socksListenAddress} . confdir ${privoxy}/etc logdir ${privoxyDir} # actionsfile standard # Internal purpose, recommended @@ -300,7 +302,7 @@ in debug 8192 # Errors - *we highly recommended enabling this* user-manual ${privoxy}/doc/privoxy/user-manual - listen-address ${cfg.privoxyListenAddress} + listen-address ${cfg.client.privoxy.listenAddress} toggle 1 enable-remote-toggle 0 enable-edit-actions 0 From 41530c8e7679e7a982a41720d026d7f00b81dc7a Mon Sep 17 00:00:00 2001 From: Evgeny Egorochkin Date: Sat, 18 Sep 2010 12:43:48 +0000 Subject: [PATCH 031/100] TOR service: sane default for burst rate svn path=/nixos/trunk/; revision=23851 --- modules/services/security/tor.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/services/security/tor.nix b/modules/services/security/tor.nix index e5e0ba4e70f8..5607fcbcdd66 100644 --- a/modules/services/security/tor.nix +++ b/modules/services/security/tor.nix @@ -163,7 +163,7 @@ in }; bandwidthBurst = mkOption { - default = 0; + default = cfg.relay.bandwidthRate; example = 200; description = '' Specify this to allow bursts of the bandwidth usage of relayed (server) From 39193fa1e7c2109694f2eec897297e262ee84aee Mon Sep 17 00:00:00 2001 From: Evgeny Egorochkin Date: Sat, 18 Sep 2010 12:44:03 +0000 Subject: [PATCH 032/100] Folding@Home service: don't make binaries visible svn path=/nixos/trunk/; revision=23852 --- modules/services/misc/folding-at-home.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/modules/services/misc/folding-at-home.nix b/modules/services/misc/folding-at-home.nix index 691b752c63c1..06223bc56e03 100644 --- a/modules/services/misc/folding-at-home.nix +++ b/modules/services/misc/folding-at-home.nix @@ -41,7 +41,6 @@ in { ###### implementation config = mkIf cfg.enable { - environment.systemPackages = [ pkgs.foldingathome ]; users.extraUsers = singleton { name = fahUser; From 764f5f34fd513c1826cbb517c4971ea48ecf8d18 Mon Sep 17 00:00:00 2001 From: Evgeny Egorochkin Date: Sat, 18 Sep 2010 12:50:55 +0000 Subject: [PATCH 033/100] Quassel: use the generic logging for jobs instead of rolling your own. svn path=/nixos/trunk/; revision=23854 --- modules/services/networking/quassel.nix | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/modules/services/networking/quassel.nix b/modules/services/networking/quassel.nix index 6793ee39a06f..6c8fd9bbd80f 100644 --- a/modules/services/networking/quassel.nix +++ b/modules/services/networking/quassel.nix @@ -38,11 +38,6 @@ in ''; }; - logFile = mkOption { - default = "/var/log/quassel.log"; - description = "Location of the logfile of the Quassel daemon."; - }; - dataDir = mkOption { default = ''/home/${cfg.user}/.config/quassel-irc.org''; description = '' @@ -86,7 +81,7 @@ in exec = '' ${pkgs.su}/bin/su -s ${pkgs.stdenv.shell} ${cfg.user} \ -c '${quassel}/bin/quasselcore --listen=${cfg.interface}\ - --port=${toString cfg.portNumber} --configdir=${cfg.dataDir} --logfile=${cfg.logFile}' + --port=${toString cfg.portNumber} --configdir=${cfg.dataDir}' ''; }; From 385ec8981797329edc5b989b98e82dc43e7d1a2e Mon Sep 17 00:00:00 2001 From: Evgeny Egorochkin Date: Sat, 18 Sep 2010 16:36:03 +0000 Subject: [PATCH 034/100] TOR: client should be disabled by default svn path=/nixos/trunk/; revision=23860 --- modules/services/security/tor.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/services/security/tor.nix b/modules/services/security/tor.nix index 5607fcbcdd66..72f49f30eb8b 100644 --- a/modules/services/security/tor.nix +++ b/modules/services/security/tor.nix @@ -38,7 +38,7 @@ in client = { enable = mkOption { - default = true; + default = false; description = '' Whether to enable Tor daemon to route application connections. You might want to disable this if you plan running a dedicated Tor relay. From b9aa56969fbf2af1aebbf13b03f21937a86d12ec Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Llu=C3=ADs=20Batlle=20i=20Rossell?= Date: Sun, 19 Sep 2010 00:21:30 +0000 Subject: [PATCH 035/100] Applying patch sent by roconnor about allowing "nix-env -S" in NixOS. I agree with the change. svn path=/nixos/trunk/; revision=23861 --- modules/programs/bash/bashrc.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/programs/bash/bashrc.sh b/modules/programs/bash/bashrc.sh index e43b716a0ce2..6fe59e92b954 100644 --- a/modules/programs/bash/bashrc.sh +++ b/modules/programs/bash/bashrc.sh @@ -15,7 +15,7 @@ export LOCATE_PATH=/var/cache/locatedb # Include the various profiles in the appropriate environment variables. NIX_USER_PROFILE_DIR=/nix/var/nix/profiles/per-user/$USER -NIX_PROFILES="/var/run/current-system/sw /nix/var/nix/profiles/default $NIX_USER_PROFILE_DIR/profile" +NIX_PROFILES="/var/run/current-system/sw /nix/var/nix/profiles/default $HOME/.nix-profile" unset PATH INFOPATH PKG_CONFIG_PATH PERL5LIB GST_PLUGIN_PATH KDEDIRS unset XDG_CONFIG_DIRS XDG_DATA_DIRS @@ -43,7 +43,7 @@ done # Search directory for Aspell dictionaries. -export ASPELL_CONF="dict-dir $NIX_USER_PROFILE_DIR/profile/lib/aspell" +export ASPELL_CONF="dict-dir $HOME/.nix-profile/lib/aspell" # ~/bin and the setuid wrappers override other bin directories. From e5aea56bb53316b1bff8c2c41c6a524740d398f7 Mon Sep 17 00:00:00 2001 From: Evgeny Egorochkin Date: Sun, 19 Sep 2010 15:40:03 +0000 Subject: [PATCH 036/100] TOR: prevent creation of torPrivoxy.conf if Privoxy is disabled. Patch by Russel O'Connor svn path=/nixos/trunk/; revision=23862 --- modules/services/security/tor.nix | 47 +++++++++++++++---------------- 1 file changed, 22 insertions(+), 25 deletions(-) diff --git a/modules/services/security/tor.nix b/modules/services/security/tor.nix index 72f49f30eb8b..943c4c9274e7 100644 --- a/modules/services/security/tor.nix +++ b/modules/services/security/tor.nix @@ -233,36 +233,33 @@ in home = stateDir; }; - jobs.tor = - { name = "tor"; + jobs = { + tor = { name = "tor"; - startOn = "started network-interfaces"; - stopOn = "stopping network-interfaces"; + startOn = "started network-interfaces"; + stopOn = "stopping network-interfaces"; - preStart = - '' - mkdir -m 0755 -p ${stateDir} - chown ${torUser} ${stateDir} - ''; - exec = "${tor}/bin/tor -f ${pkgs.writeText "torrc" cfg.config}"; - }; + preStart = '' + mkdir -m 0755 -p ${stateDir} + chown ${torUser} ${stateDir} + ''; + exec = "${tor}/bin/tor -f ${pkgs.writeText "torrc" cfg.config}"; + }; } + // optionalAttrs (cfg.client.privoxy.enable && cfg.client.enable) { + torPrivoxy = { name = "tor-privoxy"; - jobs.torPrivoxy = mkIf (cfg.client.privoxy.enable && cfg.client.enable) - { name = "tor-privoxy"; + startOn = "starting tor"; + stopOn = "stopping tor"; - startOn = "starting tor"; - stopOn = "stopping tor"; + preStart = '' + mkdir -m 0755 -p ${privoxyDir} + chown ${torUser} ${privoxyDir} - preStart = - '' - mkdir -m 0755 -p ${privoxyDir} - chown ${torUser} ${privoxyDir} - - # Needed to run privoxy as an unprivileged user? - ${modprobe}/sbin/modprobe capability || true - ''; - exec = "${privoxy}/sbin/privoxy --no-daemon --user ${torUser} ${pkgs.writeText "torPrivoxy.conf" cfg.client.privoxy.config}"; - }; + # Needed to run privoxy as an unprivileged user? + ${modprobe}/sbin/modprobe capability || true + ''; + exec = "${privoxy}/sbin/privoxy --no-daemon --user ${torUser} ${pkgs.writeText "torPrivoxy.conf" cfg.client.privoxy.config}"; + }; }; services.tor.config = '' DataDirectory ${stateDir} From 36fe7f69c64625ffcf53f863e2a070fe6422048c Mon Sep 17 00:00:00 2001 From: Evgeny Egorochkin Date: Mon, 20 Sep 2010 01:44:07 +0000 Subject: [PATCH 037/100] Quassel: get rid of custom logging remnants svn path=/nixos/trunk/; revision=23867 --- modules/services/networking/quassel.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/modules/services/networking/quassel.nix b/modules/services/networking/quassel.nix index 6c8fd9bbd80f..5547b237c994 100644 --- a/modules/services/networking/quassel.nix +++ b/modules/services/networking/quassel.nix @@ -75,7 +75,6 @@ in preStart = '' mkdir -p ${cfg.dataDir} chown ${cfg.user} ${cfg.dataDir} - touch ${cfg.logFile} && chown ${cfg.user} ${cfg.logFile} ''; exec = '' From ca4b60d059f9d9a89410d51aa6f0a3ff95ee91fe Mon Sep 17 00:00:00 2001 From: "Yury G. Kudryashov" Date: Mon, 20 Sep 2010 14:10:46 +0000 Subject: [PATCH 038/100] Auto add $prefix/lib/kde4/plugins to QT_PLUGIN_PATH svn path=/nixos/trunk/; revision=23872 --- modules/programs/bash/bashrc.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/programs/bash/bashrc.sh b/modules/programs/bash/bashrc.sh index 6fe59e92b954..7e39e98135ab 100644 --- a/modules/programs/bash/bashrc.sh +++ b/modules/programs/bash/bashrc.sh @@ -35,7 +35,7 @@ for i in $NIX_PROFILES; do # !!! reverse # KDE/Gnome stuff. export KDEDIRS=$i${KDEDIRS:+:}$KDEDIRS - export QT_PLUGIN_PATH=$i/plugins:$i/lib/qt4/plugins${QT_PLUGIN_PATH:+:}$QT_PLUGIN_PATH + export QT_PLUGIN_PATH=$i/lib/qt4/plugins:$i/lib/kde4/plugins${QT_PLUGIN_PATH:+:}$QT_PLUGIN_PATH export XDG_CONFIG_DIRS=$i/etc/xdg${XDG_CONFIG_DIRS:+:}$XDG_CONFIG_DIRS export XDG_DATA_DIRS=$i/share${XDG_DATA_DIRS:+:}$XDG_DATA_DIRS done From 1319531f28ed5795516a7887dfc5f661b3727dc4 Mon Sep 17 00:00:00 2001 From: "Yury G. Kudryashov" Date: Tue, 21 Sep 2010 09:16:47 +0000 Subject: [PATCH 039/100] Add system.path to PATH instead of overriding svn path=/nixos/trunk/; revision=23879 --- modules/services/printing/cupsd.nix | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/modules/services/printing/cupsd.nix b/modules/services/printing/cupsd.nix index 8599512a5f59..ebc0215d06de 100644 --- a/modules/services/printing/cupsd.nix +++ b/modules/services/printing/cupsd.nix @@ -134,10 +134,7 @@ in startOn = "started network-interfaces"; stopOn = "stopping network-interfaces"; - environment = { - # Cups scripts for printing (psto...) require awk, sed, grep, ... - PATH = "${config.system.path}/bin"; - }; + path = [ config.system.path ]; preStart = '' From c0751f83e9e2a3053c52095c9a609b1f456abd1c Mon Sep 17 00:00:00 2001 From: Evgeny Egorochkin Date: Wed, 22 Sep 2010 23:07:52 +0000 Subject: [PATCH 040/100] Quassel: don't pollute profiles with useless files svn path=/nixos/trunk/; revision=23904 --- modules/services/networking/quassel.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/modules/services/networking/quassel.nix b/modules/services/networking/quassel.nix index 5547b237c994..591bd6e6ce22 100644 --- a/modules/services/networking/quassel.nix +++ b/modules/services/networking/quassel.nix @@ -84,8 +84,6 @@ in ''; }; - environment.systemPackages = [ quassel ]; - }; } From 910103246fd2805d083bc78a7a68cb6447c86709 Mon Sep 17 00:00:00 2001 From: Evgeny Egorochkin Date: Wed, 22 Sep 2010 23:07:59 +0000 Subject: [PATCH 041/100] TOR: make torify work(only when enabled as a service. nix-env -i tor replaces it with a broken version.) svn path=/nixos/trunk/; revision=23905 --- modules/module-list.nix | 1 + modules/services/security/tor.nix | 1 - modules/services/security/torify.nix | 69 ++++++++++++++++++++++++++++ 3 files changed, 70 insertions(+), 1 deletion(-) create mode 100644 modules/services/security/torify.nix diff --git a/modules/module-list.nix b/modules/module-list.nix index 9113d249ae86..71ba9d06e24c 100644 --- a/modules/module-list.nix +++ b/modules/module-list.nix @@ -111,6 +111,7 @@ ./services/scheduling/cron.nix ./services/scheduling/fcron.nix ./services/security/tor.nix + ./services/security/torify.nix ./services/system/dbus.nix ./services/system/kerberos.nix ./services/system/nscd.nix diff --git a/modules/services/security/tor.nix b/modules/services/security/tor.nix index 943c4c9274e7..8ddc468aa389 100644 --- a/modules/services/security/tor.nix +++ b/modules/services/security/tor.nix @@ -219,7 +219,6 @@ in ###### implementation config = mkIf (cfg.client.enable || cfg.relay.enable) { - environment.systemPackages = [ tor ]; # provides tor-resolve and torify assertions = [ { assertion = cfg.relay.enable -> !(cfg.relay.isBridge && cfg.relay.isExit); diff --git a/modules/services/security/torify.nix b/modules/services/security/torify.nix new file mode 100644 index 000000000000..b91d7d58505c --- /dev/null +++ b/modules/services/security/torify.nix @@ -0,0 +1,69 @@ +{ config, pkgs, ... }: +with pkgs.lib; +let + + cfg = config.services.tor; + + torify = pkgs.writeTextFile { + name = "torify"; + text = '' + #!${pkgs.stdenv.shell} + TSOCKS_CONF_FILE=${pkgs.writeText "tsocks.conf" cfg.torify.config} LD_PRELOAD="${pkgs.tsocks}/lib/libtsocks.so $LD_PRELOAD" $@ + ''; + executable = true; + destination = "/bin/torify"; + }; + +in + +{ + + ###### interface + + options = { + + services.tor.torify = { + + enable = mkOption { + default = cfg.client.enable; + description = '' + Whether to build torify scipt to relay application traffic via TOR. + ''; + }; + + server = mkOption { + default = "localhost:9050"; + example = "192.168.0.20"; + description = '' + IP address of TOR client to use. + ''; + }; + + config = mkOption { + default = ""; + description = '' + Extra configuration. Contents will be added verbatim to TSocks + configuration file. + ''; + }; + + }; + + }; + + ###### implementation + + config = mkIf cfg.torify.enable { + + environment.systemPackages = [ torify ]; # expose it to the users + + services.tor.torify.config = '' + server = ${toString(head (splitString ":" cfg.torify.server))} + server_port = ${toString(tail (splitString ":" cfg.torify.server))} + + local = 127.0.0.0/255.128.0.0 + local = 127.128.0.0/255.192.0.0 + ''; + }; + +} \ No newline at end of file From 9b7533c2fdeb3eb3fdc383d8690734b74ad5fa24 Mon Sep 17 00:00:00 2001 From: Evgeny Egorochkin Date: Wed, 22 Sep 2010 23:08:05 +0000 Subject: [PATCH 042/100] KDE4: fix suid for kcheckpass, although suid doesn't seem to be needed if you use PAM svn path=/nixos/trunk/; revision=23906 --- modules/services/x11/desktop-managers/kde4.nix | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/modules/services/x11/desktop-managers/kde4.nix b/modules/services/x11/desktop-managers/kde4.nix index cf4faef223f5..5ed501e4b020 100644 --- a/modules/services/x11/desktop-managers/kde4.nix +++ b/modules/services/x11/desktop-managers/kde4.nix @@ -47,7 +47,13 @@ in ''; }; - security.setuidPrograms = [ "kcheckpass" ]; + security.setuidOwners = [ { + program = "kcheckpass"; + source = "${pkgs.kde4.kdebase_workspace}/lib/kde4/libexec/kcheckpass"; + owner = "root"; + group = "root"; + setuid = true; + } ]; environment = { kdePackages = [ From de1ba135ac7abd293a20be10db9279a890971a4c Mon Sep 17 00:00:00 2001 From: Nicolas Pierron Date: Sat, 25 Sep 2010 09:18:42 +0000 Subject: [PATCH 043/100] Fix installer tests. svn path=/nixos/trunk/; revision=23907 --- tests/installer.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/installer.nix b/tests/installer.nix index 62684c48e5a7..aebb7c764a12 100644 --- a/tests/installer.nix +++ b/tests/installer.nix @@ -170,7 +170,7 @@ let $machine->waitUntilSucceeds("cat /proc/swaps | grep -q /dev"); $machine->mustSucceed("nix-env -i coreutils >&2"); - $machine->mustSucceed("type -tP ls") =~ /profiles/ + $machine->mustSucceed("type -tP ls | tee /dev/stderr") =~ /.nix-profile/ or die "nix-env failed"; $machine->mustSucceed("nixos-rebuild switch >&2"); From 1a232545a043bfc527824498f827633d71e6a37b Mon Sep 17 00:00:00 2001 From: Nicolas Pierron Date: Sat, 25 Sep 2010 09:32:22 +0000 Subject: [PATCH 044/100] Test that CD configuration can be rebuild. svn path=/nixos/trunk/; revision=23908 --- tests/installer.nix | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) diff --git a/tests/installer.nix b/tests/installer.nix index aebb7c764a12..c1569b3e50fa 100644 --- a/tests/installer.nix +++ b/tests/installer.nix @@ -296,5 +296,43 @@ in { ''; fileSystems = rootFS + bootFS; }; + + # Rebuild the CD configuration with a little modification. + rebuildCD = + { inherit iso; + nodes = { }; + testScript = + '' + # damn, it's costly to evaluate nixos-rebuild (1G of ram) + my $machine = Machine->new({ cdrom => glob("${iso}/iso/*.iso"), qemuFlags => '${qemuNICFlags 1 1} -m 1024' }); + $machine->start; + # Make sure that we get a login prompt etc. + $machine->mustSucceed("echo hello"); + $machine->waitForJob("tty1"); + $machine->waitForJob("rogue"); + $machine->waitForJob("nixos-manual"); + + # Make sure that we don't try to download anything. + $machine->stopJob("dhclient"); + $machine->mustSucceed("rm /etc/resolv.conf"); + + # Enable sshd service. + $machine->mustSucceed( + "sed -i 's,^}\$,jobs.sshd.startOn = pkgs.lib.mkOverride 0 \"startup\"; },' /etc/nixos/configuration.nix" + ); + + my $cfg = $machine->mustSucceed("cat /etc/nixos/configuration.nix"); + print STDERR "New CD config:\n$cfg\n"; + + # Apply the new CD configuration. + $machine->mustSucceed("nixos-rebuild build --no-pull"); # test / switch make it fails :( + + # Connect to it-self. + #$machine->waitForJob("sshd"); + #$machine->mustSucceed("ssh root@127.0.0.1 echo hello"); + + $machine->shutdown; + ''; + }; } From d304d12f37ee23c570814628b672c054ee3e6afc Mon Sep 17 00:00:00 2001 From: Nicolas Pierron Date: Sat, 25 Sep 2010 09:32:27 +0000 Subject: [PATCH 045/100] Extract a base profile from the basic installation cd. svn path=/nixos/trunk/; revision=23909 --- .../installer/cd-dvd/installation-cd-base.nix | 100 +----------------- modules/profiles/base.nix | 92 ++++++++++++++++ 2 files changed, 93 insertions(+), 99 deletions(-) create mode 100644 modules/profiles/base.nix diff --git a/modules/installer/cd-dvd/installation-cd-base.nix b/modules/installer/cd-dvd/installation-cd-base.nix index c83faa28a042..a6d880fc6ed6 100644 --- a/modules/installer/cd-dvd/installation-cd-base.nix +++ b/modules/installer/cd-dvd/installation-cd-base.nix @@ -24,56 +24,6 @@ let in live CDs. ''; }; - - installer.basePackages = mkOption { - description = '' - The list of base packages available in the system profile of the - installation CD. Note that modules such as - installation-cd-graphical.nix add - packages to this list. - ''; - - default = - [ pkgs.subversion # for nixos-checkout - pkgs.w3m # needed for the manual anyway - pkgs.testdisk # useful for repairing boot problems - pkgs.mssys # for writing Microsoft boot sectors / MBRs - pkgs.parted - pkgs.ddrescue - pkgs.ccrypt - pkgs.cryptsetup # needed for dm-crypt volumes - - # Some networking tools. - pkgs.sshfsFuse - pkgs.socat - pkgs.screen - - # Hardware-related tools. - pkgs.sdparm - pkgs.hdparm - pkgs.dmraid - - # Tools to create / manipulate filesystems. - pkgs.ntfsprogs # for resizing NTFS partitions - pkgs.btrfsProgs - pkgs.dosfstools - pkgs.xfsprogs - pkgs.jfsutils - pkgs.jfsrec - - # Some compression/archiver tools. - pkgs.unrar - pkgs.unzip - pkgs.zip - pkgs.xz - pkgs.dar # disk archiver - - # Some editors. - pkgs.nvi - pkgs.bvi # binary editor - pkgs.joe - ]; - }; }; @@ -126,6 +76,7 @@ in ./iso-image.nix ../../hardware/network/intel-3945abg.nix ../../hardware/network/rt73.nix + ../../profiles/base.nix ]; # ISO naming. @@ -146,55 +97,6 @@ in # the full glibcLocales package. i18n.supportedLocales = ["en_US.UTF-8/UTF-8" "en_US/ISO-8859-1"]; - # Include some utilities that are useful for installing or repairing - # the system. - environment.systemPackages = config.installer.basePackages; - - # The initrd has to contain any module that might be necessary for - # mounting the CD/DVD. - boot.initrd.availableKernelModules = - [ # SATA/PATA support. - "ahci" - - "ata_piix" - - "sata_inic162x" "sata_nv" "sata_promise" "sata_qstor" - "sata_sil" "sata_sil24" "sata_sis" "sata_svw" "sata_sx4" - "sata_uli" "sata_via" "sata_vsc" - - "pata_ali" "pata_amd" "pata_artop" "pata_atiixp" - "pata_cs5520" "pata_cs5530" "pata_cs5535" "pata_efar" - "pata_hpt366" "pata_hpt37x" "pata_hpt3x2n" "pata_hpt3x3" - "pata_it8213" "pata_it821x" "pata_jmicron" "pata_marvell" - "pata_mpiix" "pata_netcell" "pata_ns87410" "pata_oldpiix" - "pata_pcmcia" "pata_pdc2027x" "pata_qdi" "pata_rz1000" - "pata_sc1200" "pata_serverworks" "pata_sil680" "pata_sis" - "pata_sl82c105" "pata_triflex" "pata_via" - "pata_winbond" - - # SCSI support (incomplete). - "3w-9xxx" "3w-xxxx" "aic79xx" "aic7xxx" "arcmsr" - - # USB support, especially for booting from USB CD-ROM - # drives. - "usb_storage" - - # Firewire support. Not tested. - "ohci1394" "sbp2" - - # Virtio (QEMU, KVM etc.) support. - "virtio_net" "virtio_pci" "virtio_blk" "virtio_balloon" - - # Add vfat to enable people to copy the contents of the CD to a - # bootable USB stick. - "vfat" "nls_cp437" "nls_iso8859-1" - ]; - - boot.initrd.kernelModules = - [ # Wait for SCSI devices to appear. - "scsi_wait_scan" - ]; - # nixos-install will do a pull from this channel to speed up the # installation. installer.nixpkgsURL = http://nixos.org/releases/nixpkgs/channels/nixpkgs-unstable; diff --git a/modules/profiles/base.nix b/modules/profiles/base.nix new file mode 100644 index 000000000000..68456e81f546 --- /dev/null +++ b/modules/profiles/base.nix @@ -0,0 +1,92 @@ +{config, pkgs, ...}: + +{ + + # The initrd has to contain any module that might be necessary for + # mounting the CD/DVD. + boot.initrd.availableKernelModules = + [ # SATA/PATA support. + "ahci" + + "ata_piix" + + "sata_inic162x" "sata_nv" "sata_promise" "sata_qstor" + "sata_sil" "sata_sil24" "sata_sis" "sata_svw" "sata_sx4" + "sata_uli" "sata_via" "sata_vsc" + + "pata_ali" "pata_amd" "pata_artop" "pata_atiixp" + "pata_cs5520" "pata_cs5530" "pata_cs5535" "pata_efar" + "pata_hpt366" "pata_hpt37x" "pata_hpt3x2n" "pata_hpt3x3" + "pata_it8213" "pata_it821x" "pata_jmicron" "pata_marvell" + "pata_mpiix" "pata_netcell" "pata_ns87410" "pata_oldpiix" + "pata_pcmcia" "pata_pdc2027x" "pata_qdi" "pata_rz1000" + "pata_sc1200" "pata_serverworks" "pata_sil680" "pata_sis" + "pata_sl82c105" "pata_triflex" "pata_via" + "pata_winbond" + + # SCSI support (incomplete). + "3w-9xxx" "3w-xxxx" "aic79xx" "aic7xxx" "arcmsr" + + # USB support, especially for booting from USB CD-ROM + # drives. + "usb_storage" + + # Firewire support. Not tested. + "ohci1394" "sbp2" + + # Virtio (QEMU, KVM etc.) support. + "virtio_net" "virtio_pci" "virtio_blk" "virtio_balloon" + + # Add vfat to enable people to copy the contents of the CD to a + # bootable USB stick. + "vfat" "nls_cp437" "nls_iso8859-1" + ]; + + boot.initrd.kernelModules = + [ # Wait for SCSI devices to appear. + "scsi_wait_scan" + ]; + + # Include some utilities that are useful for installing or repairing + # the system. + environment.systemPackages = [ + pkgs.subversion # for nixos-checkout + pkgs.w3m # needed for the manual anyway + pkgs.testdisk # useful for repairing boot problems + pkgs.mssys # for writing Microsoft boot sectors / MBRs + pkgs.parted + pkgs.ddrescue + pkgs.ccrypt + pkgs.cryptsetup # needed for dm-crypt volumes + + # Some networking tools. + pkgs.sshfsFuse + pkgs.socat + pkgs.screen + + # Hardware-related tools. + pkgs.sdparm + pkgs.hdparm + pkgs.dmraid + + # Tools to create / manipulate filesystems. + pkgs.ntfsprogs # for resizing NTFS partitions + pkgs.btrfsProgs + pkgs.dosfstools + pkgs.xfsprogs + pkgs.jfsutils + pkgs.jfsrec + + # Some compression/archiver tools. + pkgs.unrar + pkgs.unzip + pkgs.zip + pkgs.xz + pkgs.dar # disk archiver + + # Some editors. + pkgs.nvi + pkgs.bvi # binary editor + pkgs.joe + ]; +} From c90a7b9be45e4ea6ab8da01d8024f8fa9b4b7d07 Mon Sep 17 00:00:00 2001 From: Nicolas Pierron Date: Sat, 25 Sep 2010 09:32:32 +0000 Subject: [PATCH 046/100] Remove duplicated (modules-list) includes from the basic installation cd. svn path=/nixos/trunk/; revision=23910 --- modules/installer/cd-dvd/installation-cd-base.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/modules/installer/cd-dvd/installation-cd-base.nix b/modules/installer/cd-dvd/installation-cd-base.nix index a6d880fc6ed6..2f7a44863c60 100644 --- a/modules/installer/cd-dvd/installation-cd-base.nix +++ b/modules/installer/cd-dvd/installation-cd-base.nix @@ -74,8 +74,6 @@ in [ options ./memtest.nix ./iso-image.nix - ../../hardware/network/intel-3945abg.nix - ../../hardware/network/rt73.nix ../../profiles/base.nix ]; From cf103b8d4df4c5f364f8e9bb9682a21c925bc2e6 Mon Sep 17 00:00:00 2001 From: Nicolas Pierron Date: Sat, 25 Sep 2010 09:32:37 +0000 Subject: [PATCH 047/100] Add 2 index file to define the default case for detected and not-detected devices. These are used to replace hand made listings in the basic installation CD. The configuration file, which is generated by nixos-hardware-scan, enables not-detected devices by default. svn path=/nixos/trunk/; revision=23911 --- modules/installer/cd-dvd/installation-cd-base.nix | 10 +++++----- modules/installer/scan/detected.nix | 13 +++++++++++++ modules/installer/scan/not-detected.nix | 12 ++++++++++++ modules/installer/tools/nixos-hardware-scan.pl | 6 ++++++ 4 files changed, 36 insertions(+), 5 deletions(-) create mode 100644 modules/installer/scan/detected.nix create mode 100644 modules/installer/scan/not-detected.nix diff --git a/modules/installer/cd-dvd/installation-cd-base.nix b/modules/installer/cd-dvd/installation-cd-base.nix index 2f7a44863c60..3a4f2965d00f 100644 --- a/modules/installer/cd-dvd/installation-cd-base.nix +++ b/modules/installer/cd-dvd/installation-cd-base.nix @@ -75,6 +75,11 @@ in ./memtest.nix ./iso-image.nix ../../profiles/base.nix + + # Enable devices which are usually scanned, because we don't know the + # target system. + ../scan/detected.nix + ../scan/not-detected.nix ]; # ISO naming. @@ -134,11 +139,6 @@ in } ''; - # Include the firmware for various wireless cards. - networking.enableRT73Firmware = true; - networking.enableIntel2200BGFirmware = true; - networking.enableIntel3945ABGFirmware = true; - # To speed up installation a little bit, include the complete stdenv # in the Nix store on the CD. isoImage.storeContents = [ pkgs.stdenv pkgs.klibc pkgs.klibcShrunk ]; diff --git a/modules/installer/scan/detected.nix b/modules/installer/scan/detected.nix new file mode 100644 index 000000000000..09d04608e685 --- /dev/null +++ b/modules/installer/scan/detected.nix @@ -0,0 +1,13 @@ +# List all devices which are detected by nixos-hardware-scan. +# Common devices are enabled by default. +{config, pkgs, ...}: + +with pkgs.lib; + +{ + config = mkDefault { + # Wireless card firmware + networking.enableIntel2200BGFirmware = true; + networking.enableIntel3945ABGFirmware = true; + }; +} diff --git a/modules/installer/scan/not-detected.nix b/modules/installer/scan/not-detected.nix new file mode 100644 index 000000000000..3a4a7f40fc69 --- /dev/null +++ b/modules/installer/scan/not-detected.nix @@ -0,0 +1,12 @@ +# List all devices which are _not_ detected by nixos-hardware-scan. +# Common devices are enabled by default. +{config, pkgs, ...}: + +with pkgs.lib; + +{ + config = mkDefault { + # Wireless card firmware + networking.enableRT73Firmware = true; + }; +} diff --git a/modules/installer/tools/nixos-hardware-scan.pl b/modules/installer/tools/nixos-hardware-scan.pl index ce1085f8ebc5..25ef0afe67a1 100644 --- a/modules/installer/tools/nixos-hardware-scan.pl +++ b/modules/installer/tools/nixos-hardware-scan.pl @@ -227,7 +227,13 @@ my $attrs = multiLineList(" ", removeDups @attrs); print < Date: Sat, 25 Sep 2010 09:32:43 +0000 Subject: [PATCH 048/100] Add an installation device profile, and use it it the basic installation CD. svn path=/nixos/trunk/; revision=23912 --- .../installer/cd-dvd/installation-cd-base.nix | 34 ++----------- modules/profiles/installation-device.nix | 48 +++++++++++++++++++ 2 files changed, 51 insertions(+), 31 deletions(-) create mode 100644 modules/profiles/installation-device.nix diff --git a/modules/installer/cd-dvd/installation-cd-base.nix b/modules/installer/cd-dvd/installation-cd-base.nix index 3a4f2965d00f..e8d51da090d0 100644 --- a/modules/installer/cd-dvd/installation-cd-base.nix +++ b/modules/installer/cd-dvd/installation-cd-base.nix @@ -74,7 +74,10 @@ in [ options ./memtest.nix ./iso-image.nix + + # Profiles of this basic installation CD. ../../profiles/base.nix + ../../profiles/installation-device.nix # Enable devices which are usually scanned, because we don't know the # target system. @@ -87,30 +90,10 @@ in isoImage.volumeID = "NIXOS_INSTALL_CD_${config.system.nixosVersion}"; - # Show the manual. - services.nixosManual.showManual = true; - - # Let the user play Rogue on TTY 8 during the installation. - services.rogue.enable = true; - - # Disable some other stuff we don't need. - security.sudo.enable = false; - - # Include only the en_US locale. This saves 75 MiB or so compared to - # the full glibcLocales package. - i18n.supportedLocales = ["en_US.UTF-8/UTF-8" "en_US/ISO-8859-1"]; - - # nixos-install will do a pull from this channel to speed up the - # installation. - installer.nixpkgsURL = http://nixos.org/releases/nixpkgs/channels/nixpkgs-unstable; - boot.postBootCommands = '' export PATH=${pkgs.gnutar}/bin:${pkgs.bzip2}/bin:$PATH - # Provide a mount point for nixos-install. - mkdir -p /mnt - # Provide the NixOS/Nixpkgs sources in /etc/nixos. This is required # for nixos-install. ${optionalString includeSources '' @@ -128,17 +111,6 @@ in cp ${dummyConfiguration} /etc/nixos/configuration.nix ''; - # Some more help text. - services.mingetty.helpLine = - '' - - Log in as "root" with an empty password. ${ - if config.services.xserver.enable then - "Type `start xserver' to start\nthe graphical user interface." - else "" - } - ''; - # To speed up installation a little bit, include the complete stdenv # in the Nix store on the CD. isoImage.storeContents = [ pkgs.stdenv pkgs.klibc pkgs.klibcShrunk ]; diff --git a/modules/profiles/installation-device.nix b/modules/profiles/installation-device.nix new file mode 100644 index 000000000000..54ce32eb0e85 --- /dev/null +++ b/modules/profiles/installation-device.nix @@ -0,0 +1,48 @@ +{config, pkgs, ...}: + +{ + # Show the manual. + services.nixosManual.showManual = true; + + # Let the user play Rogue on TTY 8 during the installation. + services.rogue.enable = true; + + # Disable some other stuff we don't need. + security.sudo.enable = false; + + # Include only the en_US locale. This saves 75 MiB or so compared to + # the full glibcLocales package. + i18n.supportedLocales = ["en_US.UTF-8/UTF-8" "en_US/ISO-8859-1"]; + + # nixos-install will do a pull from this channel to speed up the + # installation. + installer.nixpkgsURL = http://nixos.org/releases/nixpkgs/channels/nixpkgs-unstable; + + boot.postBootCommands = + '' + # Provide a mount point for nixos-install. + mkdir -p /mnt + ''; + + # Some more help text. + services.mingetty.helpLine = + '' + + Log in as "root" with an empty password. ${ + if config.services.xserver.enable then + "Type `start xserver' to start\nthe graphical user interface." + else "" + } + ''; + + + # Allow sshd to be started manually through "start sshd". It should + # not be started by default on the installation CD because the + # default root password is empty. + services.openssh.enable = true; + jobs.sshd.startOn = pkgs.lib.mkOverride 50 ""; + + # Enable wpa_supplicant, but don't start it by default. + networking.enableWLAN = true; + jobs.wpa_supplicant.startOn = pkgs.lib.mkOverride 50 ""; +} \ No newline at end of file From d2d139e920f3f50c8479d7be6282582b9ac9e56c Mon Sep 17 00:00:00 2001 From: Nicolas Pierron Date: Sat, 25 Sep 2010 09:32:48 +0000 Subject: [PATCH 049/100] Move the generation of the dummy configuration file into the installation device profile. TODO: The current configuration does not reproduce exactly the CD configuration, fix it. svn path=/nixos/trunk/; revision=23913 --- .../installer/cd-dvd/installation-cd-base.nix | 35 +---- modules/profiles/installation-device.nix | 143 +++++++++++++----- 2 files changed, 110 insertions(+), 68 deletions(-) diff --git a/modules/installer/cd-dvd/installation-cd-base.nix b/modules/installer/cd-dvd/installation-cd-base.nix index e8d51da090d0..23c1e02be435 100644 --- a/modules/installer/cd-dvd/installation-cd-base.nix +++ b/modules/installer/cd-dvd/installation-cd-base.nix @@ -9,13 +9,8 @@ let options = { - system.nixosVersion = mkOption { - default = "${builtins.readFile ../../../VERSION}"; - description = '' - NixOS version number. - ''; - }; - + # you can retrieve the profiles which have been used by looking at the + # list of modules use to configure the installation device. installer.configModule = mkOption { example = "./nixos/modules/installer/cd-dvd/installation-cd.nix"; description = '' @@ -45,27 +40,6 @@ let nixpkgsTarball = makeTarball "nixpkgs.tar.bz2" (cleanSource pkgs.path); includeSources = true; - - - # A dummy /etc/nixos/configuration.nix in the booted CD that - # rebuilds the CD's configuration (and allows the configuration to - # be modified, of course, providing a true live CD). Problem is - # that we don't really know how the CD was built - the Nix - # expression language doesn't allow us to query the expression being - # evaluated. So we'll just hope for the best. - dummyConfiguration = pkgs.writeText "configuration.nix" - '' - {config, pkgs, ...}: - - { - require = [${config.installer.configModule}]; - - # Add your own options below and run "nixos-rebuild switch". - # E.g., - # services.openssh.enable = true; - } - ''; - in @@ -104,11 +78,6 @@ in tar xjf ${nixpkgsTarball}/nixpkgs.tar.bz2 -C /etc/nixos/nixpkgs chown -R root.root /etc/nixos ''} - - # Provide a configuration for the CD/DVD itself, to allow users - # to run nixos-rebuild to change the configuration of the - # running system on the CD/DVD. - cp ${dummyConfiguration} /etc/nixos/configuration.nix ''; # To speed up installation a little bit, include the complete stdenv diff --git a/modules/profiles/installation-device.nix b/modules/profiles/installation-device.nix index 54ce32eb0e85..32f356cdd29b 100644 --- a/modules/profiles/installation-device.nix +++ b/modules/profiles/installation-device.nix @@ -1,48 +1,121 @@ {config, pkgs, ...}: -{ - # Show the manual. - services.nixosManual.showManual = true; +with pkgs.lib; - # Let the user play Rogue on TTY 8 during the installation. - services.rogue.enable = true; +let + # Location of the repository on the harddrive + profilePath = toString ./.; - # Disable some other stuff we don't need. - security.sudo.enable = false; + # Check if the path is from the NixOS repository + isProfile = path: + let s = toString path; in + removePrefix profilePath s != s; - # Include only the en_US locale. This saves 75 MiB or so compared to - # the full glibcLocales package. - i18n.supportedLocales = ["en_US.UTF-8/UTF-8" "en_US/ISO-8859-1"]; + # Rename NixOS modules used to setup the current device to make findable form + # the default location of the configuration.nix file. + getProfileModules = + map (path: "./nixos/modules/profiles" + removePrefix isProfile (toString path)) + filter (m: isPath m && isProfile m) modules; - # nixos-install will do a pull from this channel to speed up the - # installation. - installer.nixpkgsURL = http://nixos.org/releases/nixpkgs/channels/nixpkgs-unstable; - - boot.postBootCommands = + # A dummy /etc/nixos/configuration.nix in the booted CD that + # rebuilds the CD's configuration (and allows the configuration to + # be modified, of course, providing a true live CD). Problem is + # that we don't really know how the CD was built - the Nix + # expression language doesn't allow us to query the expression being + # evaluated. So we'll just hope for the best. + configClone = pkgs.writeText "configuration.nix" '' - # Provide a mount point for nixos-install. - mkdir -p /mnt - ''; + {config, pkgs, ...}: - # Some more help text. - services.mingetty.helpLine = - '' - - Log in as "root" with an empty password. ${ - if config.services.xserver.enable then - "Type `start xserver' to start\nthe graphical user interface." - else "" + { + require = [${toString config.installer.cloneConfigIncludes}]; + + # Add your own options below and run "nixos-rebuild switch". + # E.g., + # services.openssh.enable = true; } ''; +in + +{ + options = { + system.nixosVersion = mkOption { + default = "${builtins.readFile ../../VERSION}"; + description = '' + NixOS version number. + ''; + }; + + installer.cloneConfig = mkOption { + default = true; + description = '' + Try to clone the installation-device configuration by re-using it's + profile from the list of imported modules. + ''; + }; + + installer.cloneConfigIncludes = mkOption { + default = []; + example = [ "./nixos/modules/hardware/network/rt73.nix" ]; + description = '' + List of modules used to re-build this installation device profile. + ''; + }; + }; + + config = { + installer.cloneConfigIncludes = getProfileModules; + + # Show the manual. + services.nixosManual.showManual = true; + + # Let the user play Rogue on TTY 8 during the installation. + services.rogue.enable = true; + + # Disable some other stuff we don't need. + security.sudo.enable = false; + + # Include only the en_US locale. This saves 75 MiB or so compared to + # the full glibcLocales package. + i18n.supportedLocales = ["en_US.UTF-8/UTF-8" "en_US/ISO-8859-1"]; + + # nixos-install will do a pull from this channel to speed up the + # installation. + installer.nixpkgsURL = http://nixos.org/releases/nixpkgs/channels/nixpkgs-unstable; + + boot.postBootCommands = + '' + # Provide a mount point for nixos-install. + mkdir -p /mnt + + ${optionalString config.installer.cloneConfig '' + # Provide a configuration for the CD/DVD itself, to allow users + # to run nixos-rebuild to change the configuration of the + # running system on the CD/DVD. + cp ${configClone} /etc/nixos/configuration.nix + ''} + ''; + + # Some more help text. + services.mingetty.helpLine = + '' + + Log in as "root" with an empty password. ${ + if config.services.xserver.enable then + "Type `start xserver' to start\nthe graphical user interface." + else "" + } + ''; - # Allow sshd to be started manually through "start sshd". It should - # not be started by default on the installation CD because the - # default root password is empty. - services.openssh.enable = true; - jobs.sshd.startOn = pkgs.lib.mkOverride 50 ""; + # Allow sshd to be started manually through "start sshd". It should + # not be started by default on the installation CD because the + # default root password is empty. + services.openssh.enable = true; + jobs.sshd.startOn = pkgs.lib.mkOverride 50 ""; - # Enable wpa_supplicant, but don't start it by default. - networking.enableWLAN = true; - jobs.wpa_supplicant.startOn = pkgs.lib.mkOverride 50 ""; -} \ No newline at end of file + # Enable wpa_supplicant, but don't start it by default. + networking.enableWLAN = true; + jobs.wpa_supplicant.startOn = pkgs.lib.mkOverride 50 ""; + }; +} From 59429aa449cf988a1ea9d4b387f8878436c84b3f Mon Sep 17 00:00:00 2001 From: Nicolas Pierron Date: Sat, 25 Sep 2010 09:32:52 +0000 Subject: [PATCH 050/100] Change the policy used to select files added in the import list of the generated configuration. Use all files listed as modules of eval-config. svn path=/nixos/trunk/; revision=23914 --- .../installer/cd-dvd/installation-cd-base.nix | 18 +----- modules/profiles/installation-device.nix | 56 +++++++++++++++---- 2 files changed, 46 insertions(+), 28 deletions(-) diff --git a/modules/installer/cd-dvd/installation-cd-base.nix b/modules/installer/cd-dvd/installation-cd-base.nix index 23c1e02be435..0df44fac116a 100644 --- a/modules/installer/cd-dvd/installation-cd-base.nix +++ b/modules/installer/cd-dvd/installation-cd-base.nix @@ -7,21 +7,6 @@ with pkgs.lib; let - options = { - - # you can retrieve the profiles which have been used by looking at the - # list of modules use to configure the installation device. - installer.configModule = mkOption { - example = "./nixos/modules/installer/cd-dvd/installation-cd.nix"; - description = '' - Filename of the configuration module that builds the CD - configuration. Must be specified to support reconfiguration - in live CDs. - ''; - }; - }; - - # We need a copy of the Nix expressions for Nixpkgs and NixOS on the # CD. We put them in a tarball because accessing that many small # files from a slow device like a CD-ROM takes too long. !!! Once @@ -45,8 +30,7 @@ in { require = - [ options - ./memtest.nix + [ ./memtest.nix ./iso-image.nix # Profiles of this basic installation CD. diff --git a/modules/profiles/installation-device.nix b/modules/profiles/installation-device.nix index 32f356cdd29b..cea967cc36dd 100644 --- a/modules/profiles/installation-device.nix +++ b/modules/profiles/installation-device.nix @@ -1,21 +1,40 @@ -{config, pkgs, ...}: +# Provide a basic cponfiguration for installation devices like CDs. +{config, pkgs, modules, ...}: with pkgs.lib; let # Location of the repository on the harddrive - profilePath = toString ./.; + nixosPath = toString ../../.; # Check if the path is from the NixOS repository - isProfile = path: + isNixOSFile = path: let s = toString path; in - removePrefix profilePath s != s; + removePrefix nixosPath s != s; - # Rename NixOS modules used to setup the current device to make findable form - # the default location of the configuration.nix file. - getProfileModules = - map (path: "./nixos/modules/profiles" + removePrefix isProfile (toString path)) - filter (m: isPath m && isProfile m) modules; + # Copy modules given as extra configuration files. Unfortunately, we + # cannot serialized attribute set given in the list of modules (that's why + # you should use files). + moduleFiles = + filter isPath modules; + + # Partition module files because between NixOS and non-NixOS files. NixOS + # files may change if the repository is updated. + partitionnedModuleFiles = + let p = partition isNixOSFile moduleFiles; in + { nixos = p.right; others = p.wrong; }; + + # Path transformed to be valid on the installation device. Thus the + # device configuration could be rebuild. + relocatedModuleFiles = + let + relocateNixOS = path: + "/etc/nixos/nixos" + removePrefix nixosPath (toString path); + relocateOthers = null; + in + { nixos = map relocateNixOS partitionnedModuleFiles.nixos; + others = []; # TODO: copy the modules to the install-device repository. + }; # A dummy /etc/nixos/configuration.nix in the booted CD that # rebuilds the CD's configuration (and allows the configuration to @@ -28,7 +47,9 @@ let {config, pkgs, ...}: { - require = [${toString config.installer.cloneConfigIncludes}]; + require = [ + ${toString config.installer.cloneConfigIncludes} + ]; # Add your own options below and run "nixos-rebuild switch". # E.g., @@ -61,10 +82,23 @@ in List of modules used to re-build this installation device profile. ''; }; + + # Ignored. Kept for Backward compatibiliy. + # you can retrieve the profiles which have been used by looking at the + # list of modules use to configure the installation device. + installer.configModule = mkOption { + example = "./nixos/modules/installer/cd-dvd/installation-cd.nix"; + description = '' + Filename of the configuration module that builds the CD + configuration. Must be specified to support reconfiguration + in live CDs. + ''; + }; }; config = { - installer.cloneConfigIncludes = getProfileModules; + installer.cloneConfigIncludes = + relocatedModuleFiles.nixos ++ relocatedModuleFiles.others; # Show the manual. services.nixosManual.showManual = true; From f3cc01bd3bf3cdfbdb342ce20dc90479ffedec28 Mon Sep 17 00:00:00 2001 From: Nicolas Pierron Date: Sat, 25 Sep 2010 09:32:57 +0000 Subject: [PATCH 051/100] Extract graphical and minimal profiles from the installation CDs. svn path=/nixos/trunk/; revision=23915 --- .../cd-dvd/installation-cd-graphical.nix | 15 ++++----------- .../cd-dvd/installation-cd-minimal.nix | 14 ++++---------- modules/profiles/graphical.nix | 17 +++++++++++++++++ modules/profiles/installation-device.nix | 4 ++++ modules/profiles/minimal.nix | 15 +++++++++++++++ 5 files changed, 44 insertions(+), 21 deletions(-) create mode 100644 modules/profiles/graphical.nix create mode 100644 modules/profiles/minimal.nix diff --git a/modules/installer/cd-dvd/installation-cd-graphical.nix b/modules/installer/cd-dvd/installation-cd-graphical.nix index 5f600022dce7..a3c533bb7150 100644 --- a/modules/installer/cd-dvd/installation-cd-graphical.nix +++ b/modules/installer/cd-dvd/installation-cd-graphical.nix @@ -4,15 +4,8 @@ {config, pkgs, ...}: { - require = [./installation-cd-base.nix]; - - installer.configModule = "./nixos/modules/installer/cd-dvd/installation-cd-graphical.nix"; - - services.xserver = { - enable = true; - autorun = false; - defaultDepth = 16; - desktopManager.default = "kde4"; - desktopManager.kde4.enable = true; - }; + require = [ + ./installation-cd-base.nix + ../../profiles/graphical.nix + ]; } diff --git a/modules/installer/cd-dvd/installation-cd-minimal.nix b/modules/installer/cd-dvd/installation-cd-minimal.nix index 4d85b7c8a80c..c166e3f4ad03 100644 --- a/modules/installer/cd-dvd/installation-cd-minimal.nix +++ b/modules/installer/cd-dvd/installation-cd-minimal.nix @@ -4,14 +4,8 @@ {config, pkgs, ...}: { - require = [./installation-cd-base.nix]; - - installer.configModule = "./nixos/modules/installer/cd-dvd/installation-cd-minimal.nix"; - - # Don't include X libraries. - services.openssh.forwardX11 = false; - services.dbus.enable = false; # depends on libX11 - services.hal.enable = false; # depends on dbus - fonts.enableFontConfig = false; - fonts.enableCoreFonts = false; + require = [ + ./installation-cd-base.nix + ../../profiles/minimal.nix + ]; } diff --git a/modules/profiles/graphical.nix b/modules/profiles/graphical.nix new file mode 100644 index 000000000000..58b4ffa7c1a1 --- /dev/null +++ b/modules/profiles/graphical.nix @@ -0,0 +1,17 @@ +# This module defines a NixOS configuration that contains X11 and +# KDE 4. +{config, pkgs, ...}: + +{ + require = [ + ./base.nix + ]; + + services.xserver = { + enable = true; + autorun = true; + defaultDepth = 24; + desktopManager.default = "kde4"; + desktopManager.kde4.enable = true; + }; +} diff --git a/modules/profiles/installation-device.nix b/modules/profiles/installation-device.nix index cea967cc36dd..51072f258254 100644 --- a/modules/profiles/installation-device.nix +++ b/modules/profiles/installation-device.nix @@ -130,6 +130,10 @@ in ''} ''; + # Force the xserver autorun to false. + services.xserver.autorun = mkForce false; + services.xserver.defaultDepth = mkForce 16; + # Some more help text. services.mingetty.helpLine = '' diff --git a/modules/profiles/minimal.nix b/modules/profiles/minimal.nix new file mode 100644 index 000000000000..acc56d94edc1 --- /dev/null +++ b/modules/profiles/minimal.nix @@ -0,0 +1,15 @@ +# This module defines a small NixOS configuration. It does not +# contain any graphical stuff. + +{config, pkgs, ...}: + +{ + require = [ ./base.nix ]; + + # Don't include X libraries. + services.openssh.forwardX11 = false; + services.dbus.enable = false; # depends on libX11 + services.hal.enable = false; # depends on dbus + fonts.enableFontConfig = false; + fonts.enableCoreFonts = false; +} From 9936a6f525e0dbbc9977f4255ce373d4e9951bb9 Mon Sep 17 00:00:00 2001 From: Nicolas Pierron Date: Sat, 25 Sep 2010 09:33:03 +0000 Subject: [PATCH 052/100] Simplify system-tarball-pc.nix. Factor detected / undetected devices into the instalaltion-device profile. svn path=/nixos/trunk/; revision=23916 --- .../installer/cd-dvd/installation-cd-base.nix | 5 - .../installer/cd-dvd/system-tarball-pc.nix | 166 +----------------- modules/profiles/installation-device.nix | 7 + 3 files changed, 14 insertions(+), 164 deletions(-) diff --git a/modules/installer/cd-dvd/installation-cd-base.nix b/modules/installer/cd-dvd/installation-cd-base.nix index 0df44fac116a..85f83b106cbd 100644 --- a/modules/installer/cd-dvd/installation-cd-base.nix +++ b/modules/installer/cd-dvd/installation-cd-base.nix @@ -36,11 +36,6 @@ in # Profiles of this basic installation CD. ../../profiles/base.nix ../../profiles/installation-device.nix - - # Enable devices which are usually scanned, because we don't know the - # target system. - ../scan/detected.nix - ../scan/not-detected.nix ]; # ISO naming. diff --git a/modules/installer/cd-dvd/system-tarball-pc.nix b/modules/installer/cd-dvd/system-tarball-pc.nix index 5a01dec5202f..cb9d5135240d 100644 --- a/modules/installer/cd-dvd/system-tarball-pc.nix +++ b/modules/installer/cd-dvd/system-tarball-pc.nix @@ -7,172 +7,20 @@ with pkgs.lib; let - # A dummy /etc/nixos/configuration.nix in the booted CD that - # rebuilds the CD's configuration (and allows the configuration to - # be modified, of course, providing a true live CD). Problem is - # that we don't really know how the CD was built - the Nix - # expression language doesn't allow us to query the expression being - # evaluated. So we'll just hope for the best. - dummyConfiguration = pkgs.writeText "configuration.nix" - '' - {config, pkgs, ...}: - - { - require = [ ]; - - # Add your own options below and run "nixos-rebuild switch". - # E.g., - # services.openssh.enable = true; - } - ''; - - pkgs2storeContents = l : map (x: { object = x; symlink = "none"; }) l; - options = { - - system.nixosVersion = mkOption { - default = "${builtins.readFile ../../../VERSION}"; - description = '' - NixOS version number. - ''; - }; - }; - in { - require = - [ options - ./system-tarball.nix - ../../hardware/network/rt73.nix - ]; - - - # Disable some other stuff we don't need. - security.sudo.enable = false; - - # Include only the en_US locale. This saves 75 MiB or so compared to - # the full glibcLocales package. - i18n.supportedLocales = ["en_US.UTF-8/UTF-8" "en_US/ISO-8859-1"]; - - # Include some utilities that are useful for installing or repairing - # the system. - environment.systemPackages = - [ pkgs.subversion # for nixos-checkout - pkgs.w3m # needed for the manual anyway - pkgs.testdisk # useful for repairing boot problems - pkgs.mssys # for writing Microsoft boot sectors / MBRs - pkgs.parted - pkgs.ddrescue - pkgs.ccrypt - pkgs.cryptsetup # needed for dm-crypt volumes - - # Some networking tools. - pkgs.sshfsFuse - pkgs.socat - pkgs.screen - pkgs.wpa_supplicant # !!! should use the wpa module - - # Hardware-related tools. - pkgs.sdparm - pkgs.hdparm - pkgs.dmraid - - # Tools to create / manipulate filesystems. - pkgs.ntfsprogs # for resizing NTFS partitions - pkgs.btrfsProgs - pkgs.xfsprogs - pkgs.jfsutils - pkgs.jfsrec - - # Some compression/archiver tools. - pkgs.unrar - pkgs.unzip - pkgs.zip - pkgs.xz - pkgs.dar # disk archiver - - # Some editors. - pkgs.nvi - pkgs.bvi # binary editor - pkgs.joe - ]; - - # The initrd has to contain any module that might be necessary for - # mounting the CD/DVD. - boot.initrd.availableKernelModules = - [ # SATA/PATA support. - "ahci" - - "ata_piix" - - "sata_inic162x" "sata_nv" "sata_promise" "sata_qstor" - "sata_sil" "sata_sil24" "sata_sis" "sata_svw" "sata_sx4" - "sata_uli" "sata_via" "sata_vsc" - - "pata_ali" "pata_amd" "pata_artop" "pata_atiixp" - "pata_cs5520" "pata_cs5530" "pata_cs5535" "pata_efar" - "pata_hpt366" "pata_hpt37x" "pata_hpt3x2n" "pata_hpt3x3" - "pata_it8213" "pata_it821x" "pata_jmicron" "pata_marvell" - "pata_mpiix" "pata_netcell" "pata_ns87410" "pata_oldpiix" - "pata_pcmcia" "pata_pdc2027x" "pata_qdi" "pata_rz1000" - "pata_sc1200" "pata_serverworks" "pata_sil680" "pata_sis" - "pata_sl82c105" "pata_triflex" "pata_via" - "pata_winbond" - - # SCSI support (incomplete). - "3w-9xxx" "3w-xxxx" "aic79xx" "aic7xxx" "arcmsr" - - # USB support, especially for booting from USB CD-ROM - # drives. - "usb_storage" - - # Firewire support. Not tested. - "ohci1394" "sbp2" - - # Virtio (QEMU, KVM etc.) support. - "virtio_net" "virtio_pci" "virtio_blk" "virtio_balloon" - - # Add vfat to enable people to copy the contents of the CD to a - # bootable USB stick. - "vfat" - ]; - - boot.initrd.kernelModules = - [ # Wait for SCSI devices to appear. - "scsi_wait_scan" - ]; - - boot.postBootCommands = - '' - mkdir -p /mnt - - cp ${dummyConfiguration} /etc/nixos/configuration.nix - ''; - - # Some more help text. - services.mingetty.helpLine = - '' - - Log in as "root" with an empty password. ${ - if config.services.xserver.enable then - "Type `start xserver' to start\nthe graphical user interface." - else "" - } - ''; - - # Include the firmware for various wireless cards. - networking.enableRT73Firmware = true; - networking.enableIntel2200BGFirmware = true; + require = [ + ./system-tarball.nix + + # Profiles of this basic installation. + ../../profiles/base.nix + ../../profiles/installation-device.nix + ]; # To speed up further installation of packages, include the complete stdenv # in the Nix store of the tarball. tarball.storeContents = pkgs2storeContents [ pkgs.stdenv pkgs.klibc pkgs.klibcShrunk ]; - - # Allow sshd to be started manually through "start sshd". It should - # not be started by default on the installation CD because the - # default root password is empty. - services.openssh.enable = true; - jobs.sshd.startOn = pkgs.lib.mkOverrideTemplate 50 {} ""; } diff --git a/modules/profiles/installation-device.nix b/modules/profiles/installation-device.nix index 51072f258254..ccd982c9ce9f 100644 --- a/modules/profiles/installation-device.nix +++ b/modules/profiles/installation-device.nix @@ -59,6 +59,13 @@ let in { + imports = [ + # Enable devices which are usually scanned, because we don't know the + # target system. + ../installer/scan/detected.nix + ../installer/scan/not-detected.nix + ]; + options = { system.nixosVersion = mkOption { default = "${builtins.readFile ../../VERSION}"; From 5fb80fcc4b5b338ae5e69777449b3429a4051f9b Mon Sep 17 00:00:00 2001 From: Nicolas Pierron Date: Sat, 25 Sep 2010 09:33:09 +0000 Subject: [PATCH 053/100] Extract rescue profile from the the corresponding CD. svn path=/nixos/trunk/; revision=23917 --- .../cd-dvd/installation-cd-rescue.nix | 46 ++-------------- modules/profiles/rescue.nix | 52 +++++++++++++++++++ 2 files changed, 55 insertions(+), 43 deletions(-) create mode 100644 modules/profiles/rescue.nix diff --git a/modules/installer/cd-dvd/installation-cd-rescue.nix b/modules/installer/cd-dvd/installation-cd-rescue.nix index ed5184c69cb3..43b9c9e2b7c1 100644 --- a/modules/installer/cd-dvd/installation-cd-rescue.nix +++ b/modules/installer/cd-dvd/installation-cd-rescue.nix @@ -4,48 +4,8 @@ {config, pkgs, ...}: { - require = [./installation-cd-base.nix]; - - installer.configModule = "./nixos/modules/installer/cd-dvd/installation-cd-minimal.nix"; - - # Don't include X libraries. - services.openssh.forwardX11 = false; - services.dbus.enable = false; # depends on libX11 - services.hal.enable = false; # depends on dbus - fonts.enableFontConfig = false; - fonts.enableCoreFonts = false; - - # Useful for rescue.. - environment.systemPackages = with pkgs; [ - utillinuxCurses ddrescue - pciutils sdparm hdparm hddtemp usbutils - btrfsProgs xfsprogs jfsutils jfsrec - iproute - fuse ntfs3g smbfsFuse sshfsFuse - manpages irssi elinks mcabber mutt openssh lftp - openssl ncat socat - gnupg1 gnupg - patch which diffutils gcc binutils bc file - screen - bvi joe nvi - subversion16 monotone git darcs mercurial bazaar cvs - unrar unzip zip lzma cabextract cpio - lsof + require = [ + ./installation-cd-base.nix + ../../profiles/rescue.nix ]; - - boot.kernelPackages = pkgs.linuxPackages_2_6_32; - boot.initrd.kernelModules = ["evdev" "i8042" "pcips2" "serio" - "sd_mod" "libata" "unix" "usbhid" "uhci_hcd" "atkbd" "xtkbd" "fbdev" - "iso9660" "udf" "loop"]; - boot.kernelModules = ["fbcon" "radeonfb" "intelfb" "sisfb" "nvidiafb" - "cirrusfb"]; - boot.kernelParams = [ - "selinux=0" - "acpi=on" - "apm=off" - "console=tty1" - "splash=verbose" - ]; - - services.ttyBackgrounds.enable = false; } diff --git a/modules/profiles/rescue.nix b/modules/profiles/rescue.nix new file mode 100644 index 000000000000..b3b830e6618f --- /dev/null +++ b/modules/profiles/rescue.nix @@ -0,0 +1,52 @@ +# This module defines a small NixOS configuration. It does not contain any +# graphical stuff but contains many tools useful for the rescue. + +{config, pkgs, ...}: + +{ + require = [ ./minimal.nix ]; + + # Useful for rescue.. + environment.systemPackages = with pkgs; [ + utillinuxCurses ddrescue + pciutils sdparm hdparm hddtemp usbutils + btrfsProgs xfsprogs jfsutils jfsrec + iproute + fuse ntfs3g smbfsFuse sshfsFuse + manpages irssi elinks mcabber mutt openssh lftp + openssl ncat socat + gnupg1 gnupg + patch which diffutils gcc binutils bc file + screen + bvi joe nvi + subversion16 monotone git darcs mercurial bazaar cvs + unrar unzip zip lzma cabextract cpio + lsof + ]; + + boot.kernelPackages = pkgs.linuxPackages_2_6_32; + + boot.initrd.kernelModules = [ + "evdev" "i8042" "pcips2" "serio" "sd_mod" "libata" "unix" "usbhid" + "uhci_hcd" "atkbd" "xtkbd" "fbdev" "iso9660" "udf" "loop" + ]; + + boot.kernelModules = [ + "fbcon" + "radeonfb" + "intelfb" + "sisfb" + "nvidiafb" + "cirrusfb" + ]; + + boot.kernelParams = [ + "selinux=0" + "acpi=on" + "apm=off" + "console=tty1" + "splash=verbose" + ]; + + services.ttyBackgrounds.enable = false; +} From c18fe31160960d4a35753a510d74c6bfb34a921c Mon Sep 17 00:00:00 2001 From: Nicolas Pierron Date: Sat, 25 Sep 2010 09:33:13 +0000 Subject: [PATCH 054/100] Make nixos-hardware-scan adding a profile to the generated configuration file. svn path=/nixos/trunk/; revision=23918 --- modules/installer/tools/nixos-hardware-scan.pl | 1 + modules/installer/tools/tools.nix | 9 +++++++++ 2 files changed, 10 insertions(+) diff --git a/modules/installer/tools/nixos-hardware-scan.pl b/modules/installer/tools/nixos-hardware-scan.pl index 25ef0afe67a1..56549f99235d 100644 --- a/modules/installer/tools/nixos-hardware-scan.pl +++ b/modules/installer/tools/nixos-hardware-scan.pl @@ -231,6 +231,7 @@ print <nixos-rebuild to speed up builds. ''; }; + + installer.installProfile = pkgs.lib.mkOption { + default = "base"; + example = "graphical"; + description = '' + Name of the profile used when generating the hardware-scan. + ''; + }; }; From e20ef7564e6cf4eff9280846b960e3d17a7e8cac Mon Sep 17 00:00:00 2001 From: Nicolas Pierron Date: Sat, 25 Sep 2010 09:33:17 +0000 Subject: [PATCH 055/100] Update live-dvd configuration. svn path=/nixos/trunk/; revision=23919 --- modules/installer/cd-dvd/live-dvd.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/installer/cd-dvd/live-dvd.nix b/modules/installer/cd-dvd/live-dvd.nix index 70fa301ef1fd..4857900389c0 100644 --- a/modules/installer/cd-dvd/live-dvd.nix +++ b/modules/installer/cd-dvd/live-dvd.nix @@ -1,7 +1,7 @@ {config, pkgs, ...}: { - require = [./installation-cd.nix]; + require = [./installation-cd-base.nix]; # Build the build-time dependencies of this configuration on the DVD # to speed up installation. From 6cc0032074fead198f5e46d67633dadcd27bef78 Mon Sep 17 00:00:00 2001 From: Nicolas Pierron Date: Sat, 25 Sep 2010 09:33:21 +0000 Subject: [PATCH 056/100] Installation CD: Check that the current system can be replaced. svn path=/nixos/trunk/; revision=23920 --- tests/installer.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/installer.nix b/tests/installer.nix index c1569b3e50fa..e8337ebe2bb6 100644 --- a/tests/installer.nix +++ b/tests/installer.nix @@ -326,7 +326,7 @@ in { print STDERR "New CD config:\n$cfg\n"; # Apply the new CD configuration. - $machine->mustSucceed("nixos-rebuild build --no-pull"); # test / switch make it fails :( + $machine->mustSucceed("nixos-rebuild test --no-pull"); # Connect to it-self. #$machine->waitForJob("sshd"); From fe7c1eb16bd74c76da8b36f43727ea49c36cbe30 Mon Sep 17 00:00:00 2001 From: Nicolas Pierron Date: Sat, 25 Sep 2010 09:44:48 +0000 Subject: [PATCH 057/100] Remove duplicated definitions. svn path=/nixos/trunk/; revision=23921 --- modules/installer/cd-dvd/installation-cd-base.nix | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/modules/installer/cd-dvd/installation-cd-base.nix b/modules/installer/cd-dvd/installation-cd-base.nix index 85f83b106cbd..f4aa5c5451d1 100644 --- a/modules/installer/cd-dvd/installation-cd-base.nix +++ b/modules/installer/cd-dvd/installation-cd-base.nix @@ -62,14 +62,4 @@ in # To speed up installation a little bit, include the complete stdenv # in the Nix store on the CD. isoImage.storeContents = [ pkgs.stdenv pkgs.klibc pkgs.klibcShrunk ]; - - # Allow sshd to be started manually through "start sshd". It should - # not be started by default on the installation CD because the - # default root password is empty. - services.openssh.enable = true; - jobs.sshd.startOn = pkgs.lib.mkOverrideTemplate 50 {} ""; - - # Enable wpa_supplicant, but don't start it by default. - networking.enableWLAN = true; - jobs.wpa_supplicant.startOn = pkgs.lib.mkOverrideTemplate 50 {} ""; } From 58ce746eb0bfd0f380633d6d02a0a1c719e0b818 Mon Sep 17 00:00:00 2001 From: Nicolas Pierron Date: Sat, 25 Sep 2010 22:29:42 +0000 Subject: [PATCH 058/100] Add empty profile. svn path=/nixos/trunk/; revision=23922 --- modules/profiles/empty.nix | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 modules/profiles/empty.nix diff --git a/modules/profiles/empty.nix b/modules/profiles/empty.nix new file mode 100644 index 000000000000..bb40a31470dd --- /dev/null +++ b/modules/profiles/empty.nix @@ -0,0 +1,8 @@ +# Empty profiles, used to avoid the case where no profiles are selected for +# nixos-hardware-scan. + +{ + imports = []; + options = {}; + config = {}; +} From 7ea957fd3d20a6fb24c1105ba0f12dd126158322 Mon Sep 17 00:00:00 2001 From: Nicolas Pierron Date: Sat, 25 Sep 2010 22:29:50 +0000 Subject: [PATCH 059/100] Add --install option for nixos-option which is used to handle options of the target system (when installing) and also to generate a template configuration file for users. svn path=/nixos/trunk/; revision=23923 --- modules/installer/tools/nixos-option.sh | 193 ++++++++++++++++++++++-- 1 file changed, 178 insertions(+), 15 deletions(-) diff --git a/modules/installer/tools/nixos-option.sh b/modules/installer/tools/nixos-option.sh index 5195ed8cf69b..962546ebb6e6 100644 --- a/modules/installer/tools/nixos-option.sh +++ b/modules/installer/tools/nixos-option.sh @@ -2,15 +2,17 @@ # Allow the location of NixOS sources and the system configuration # file to be overridden. + +: ${mountPoint=/mnt} : ${NIXOS_PATH=/etc/nixos/nixos} -: ${NIXOS=/etc/nixos/nixos} -: ${NIXPKGS=/etc/nixos/nixpkgs} : ${NIXOS_CONFIG=/etc/nixos/configuration.nix} +: ${NIXPKGS=/etc/nixos/nixpkgs} export NIXOS_PATH usage () { echo 1>&2 " -Usage: $0 OPTION_NAME [-v] [-d] [-l] +Usage: $0 [--install] [-v] [-d] [-l] OPTION_NAME + $0 [--install] This program is used to explore NixOS options by looking at their values or by looking at their description. It is helpful for understanding the how @@ -18,6 +20,11 @@ your configuration is working. Options: + -i | --install Use the configuration on + ${mountPoint:+$mountPoint/}$NIXOS_CONFIG instead of + the current system configuration. Generate a + template configuration if no option name is + specified. -v | --value Display the current value, based on your configuration. -d | --default Display the default value, the example and the @@ -26,8 +33,9 @@ Options: is declared. --help Show this message. -Environment variables affecting nixos-option: +Environment variables affecting $0: + \$mountPoint Path to the target file system. \$NIXOS_PATH Path where the NixOS repository is located. \$NIXOS_CONFIG Path to your configuration file. \$NIXPKGS Path to Nix packages. @@ -44,6 +52,7 @@ Environment variables affecting nixos-option: desc=false defs=false value=false +install=false verbose=false option="" @@ -52,18 +61,39 @@ argfun="" for arg; do if test -z "$argfun"; then case $arg in - -d|--description) desc=true;; - -v|--value) value=true;; - -l|--lookup) defs=true;; - --verbose) verbose=true;; - --help) usage;; - -*) usage;; - *) if test -z "$option"; then - option="$arg" - else - usage - fi;; + -*) + longarg="" + sarg="$arg" + while test "$sarg" != "-"; do + case $sarg in + --*) longarg=$arg;; + -d*) longarg="$longarg --description";; + -v*) longarg="$longarg --value";; + -l*) longarg="$longarg --lookup";; + -i*) longarg="$longarg --install";; + -*) usage;; + esac + sarg="-${sarg#??}" + done + ;; + *) longarg=$arg;; esac + for larg in $longarg; do + case $larg in + --description) desc=true;; + --value) value=true;; + --lookup) defs=true;; + --install) install=true;; + --verbose) verbose=true;; + --help) usage;; + -*) usage;; + *) if test -z "$option"; then + option="$larg" + else + usage + fi;; + esac + done else case $argfun in set_*) @@ -75,6 +105,16 @@ for arg; do fi done +# --install cannot be used with -d -v -l without option name. +if $value || $desc || $defs && $install && test -z "$option"; then + usage +fi + +generate=false +if ! $defs && ! $desc && ! $value && $install && test -z "$option"; then + generate=true +fi + if ! $defs && ! $desc; then value=true fi @@ -111,7 +151,130 @@ findSources(){ nix-instantiate - --eval-only --strict } +if $install; then + if test -e "$mountPoint$NIXOS_PATH"; then + export NIXOS_PATH="$mountPoint$NIXOS_PATH" + fi + if test -e "$mountPoint$NIXPKGS"; then + export NIXPKGS="$mountPoint$NIXPKGS" + fi + export NIXOS_CONFIG="$mountPoint$NIXOS_CONFIG" +fi +if $generate; then + mkdir -p $(dirname "$NIXOS_CONFIG") + + # Scan the hardware and add the result to /etc/nixos/hardware-scan.nix. + hardware_config="${NIXOS_CONFIG%/configuration.nix}/hardware-configuration.nix" + if test -e "$hardware_config"; then + echo "A hardware configuration file exists, generation skipped." + else + echo "Scan your hardware to generate a hardware configuration file." + nixos-hardware-scan > "$hardware_config" + fi + + if test -e "$NIXOS_CONFIG"; then + echo 1>&2 "error: Cannot generate a template configuration because a configuration file exists." + exit 1 + fi + + echo "Generate a template configuration that you should edit." + + # Generate a template configuration file where the user has to + # fill the gaps. + echo > "$NIXOS_CONFIG" \ +'# Edit this configuration file which defines what would be installed on the +# system. To Help while choosing option value, you can watch at the manual +# page of configuration.nix or at the last chapter of the manual available +# on the virtual console 8 (Alt+F8). + +{config, pkgs, ...}: + +{ + require = [ + # Include the configuration for part of your system which have been + # detected automatically. In addition, it includes the same + # configuration as the installation device that you used. + ./hardware-configuration.nix + ]; + + boot.initrd.kernelModules = [ + # Specify all kernel modules that are necessary for mounting the root + # file system. + # + # "ext4" "ata_piix" + ]; + + boot.loader.grub = { + # Use grub 2 as boot loader. + enable = true; + version = 2; + + # Define on which hard drive you want to install Grub. + # device = "/dev/sda"; + }; + + networking = { + # hostName = "nixos"; # Define your hostname. + interfaceMonitor.enable = true; # Watch for plugged cable. + enableWLAN = true; # Enables Wireless. + }; + + # Add file system entries for each partition that you want to see mounted + # at boot time. You can add filesystems which are not mounted at boot by + # adding the noauto option. + fileSystems = [ + # Mount the root file system + # + # { mountPoint = "/"; + # device = "/dev/sda2"; + # } + + # Copy & Paste & Uncomment & Modify to add any other file system. + # + # { mountPoint = "/data"; # where you want to mount the device + # device = "/dev/sdb"; # the device or the label of the device + # # label = "data"; + # fsType = "ext3"; # the type of the partition. + # options = "data=journal"; + # } + ]; + + swapDevices = [ + # List swap partitions that are mounted at boot time. + # + # { device = "/dev/sda1"; } + ]; + + # Select internationalisation properties. + # i18n = { + # consoleFont = "lat9w-16"; + # consoleKeyMap = "us"; + # defaultLocale = "en_US.UTF-8"; + # }; + + # List services that you want to enable: + + # Add an OpenSSH daemon. + # services.openssh.enable = true; + + # Add CUPS to print documents. + # services.printing.enable = true; + + # Add XServer (default if you have used a graphical iso) + # service.xserver = { + # enable = true; + # layout = "us"; + # xkbOptions = "eurosign:e"; + # }; + + # Add the NixOS Manual on virtual console 8 + services.nixosManual.showManual = true; +} +' + + exit 0 +fi; if test "$(evalOpt "_type" 2> /dev/null)" = '"option"'; then $value && evalCfg; From 757a0002a208c98aad410e619cb13ae97d4a66cd Mon Sep 17 00:00:00 2001 From: Nicolas Pierron Date: Sat, 25 Sep 2010 22:29:54 +0000 Subject: [PATCH 060/100] Simplify the installation instruction for building a CD. svn path=/nixos/trunk/; revision=23924 --- doc/manual/installation.xml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/doc/manual/installation.xml b/doc/manual/installation.xml index b2efbf2d5d5c..f9b670ef6e69 100644 --- a/doc/manual/installation.xml +++ b/doc/manual/installation.xml @@ -38,9 +38,8 @@ $ nix-channel --update xlink:href="https://svn.nixos.org/repos/nix/nixos/trunk"/> as nixos. - If you don’t already have Nixpkgs checkout, Check - out Nixpkgs from as + Check out Nixpkgs from + as nixpkgs. In the directory nixos, make a @@ -138,7 +137,8 @@ $ lvcreate --size 1G --name smalldisk MyVolGroup Mount the target file system on - /mnt. + /mnt on which NixOS would be installed. + From 93029d3c4f1f410f9e44879aaf107dcc6ac8cf7f Mon Sep 17 00:00:00 2001 From: Nicolas Pierron Date: Sat, 25 Sep 2010 22:29:58 +0000 Subject: [PATCH 061/100] Update installation instructions. svn path=/nixos/trunk/; revision=23925 --- doc/manual/installation.xml | 20 ++++++-------------- 1 file changed, 6 insertions(+), 14 deletions(-) diff --git a/doc/manual/installation.xml b/doc/manual/installation.xml index f9b670ef6e69..09f97b235b70 100644 --- a/doc/manual/installation.xml +++ b/doc/manual/installation.xml @@ -42,19 +42,10 @@ $ nix-channel --update as nixpkgs. - In the directory nixos, make a - symbolic link pkgs to the pkgs - directory of the Nixpkgs tree, e.g., - - -$ ln -s nixpkgs/pkgs nixos/ - - - Build the ISO image: -$ nix-build configuration/rescue-cd.nix -A rescueCD +$ nix-build ./nixos/release.nix -A iso_minimal.iso If everything goes well, you’ll end up with an ISO image in ./result/iso/nixos-version-platform.iso @@ -62,7 +53,7 @@ $ nix-build configuration/rescue-cd.nix -A rescueCD your favourite virtual machine software. - + @@ -88,8 +79,8 @@ $ nix-build configuration/rescue-cd.nix -A rescueCD server on your network. Otherwise configure manually. - The NixOS manual is available on virtual console 7 - (press Alt+F7 to access). + The NixOS manual is available on virtual console 8 + (press Alt+F8 to access). Login as root, empty password. @@ -280,7 +271,8 @@ $ reboot { boot.initrd.kernelModules = [ "ata_piix" ]; - boot.grubDevice = "/dev/sda"; + boot.loader.grub.enable = true; + boot.loader.grub.device = "/dev/sda"; fileSystems = [ { mountPoint = "/"; From 26417566c47f643c3e8e1a5a7793938bb93f04b8 Mon Sep 17 00:00:00 2001 From: Nicolas Pierron Date: Sat, 25 Sep 2010 22:30:02 +0000 Subject: [PATCH 062/100] Re-word installation, and use "nixos-option --install" to generate a template for configuration.nix which uses the result of nixos-hardware-scan. svn path=/nixos/trunk/; revision=23926 --- doc/manual/installation.xml | 49 +++++++++++++++++-------------------- 1 file changed, 23 insertions(+), 26 deletions(-) diff --git a/doc/manual/installation.xml b/doc/manual/installation.xml index 09f97b235b70..330ef14e0fd1 100644 --- a/doc/manual/installation.xml +++ b/doc/manual/installation.xml @@ -133,39 +133,32 @@ $ lvcreate --size 1G --name smalldisk MyVolGroup - The installation is declarative; you need to write a - description of the configuration that you want to be built and - activated. The configuration is specified in a Nix expression and - must be stored on the target file system in - /mnt/etc/nixos/configuration.nix. See - /etc/nixos/nixos/doc/config-examples for - example machine configurations. You can copy and edit one of - those (e.g., copy - /etc/nixos/nixos/doc/config-examples/basic.nix - to /mnt/etc/nixos/configuration.nix). See - for a list of the available - configuration options. The text editors nano - and vim are available. + Generate a template configuration for the target system: - In particular you need to specify a root file system in - and the target device for the Grub - boot loader in . - - The command nixos-hardware-scan can + The command nixos-option can generate an initial configuration file for you, i.e., -$ mkdir -p /mnt/etc/nixos -$ nixos-hardware-scan > /mnt/etc/nixos/configuration.nix +$ nixos-option --install It tries to figure out the modules necessary for mounting the root device, as well as various other hardware characteristics. - However, it doesn’t try to figure out the + However, it doesn’t try to figure out the option yet. - More examples of NixOS configurations for some actual - machines can be found at . + Edit /mnt/etc/nixos/configuration.nix to + configure your system. The installation is declarative; you need to + write a description of the configuration that you want to be built and + activated. The configuration is specified in a Nix expression and must + be stored on the target file system. The text + editors nano and vim are + available. + + You need to specify a root file system in + and the target device for the Grub boot + loader in . See + for a list of the available configuration + options. It is very important that you specify in the option all kernel modules that @@ -178,6 +171,11 @@ $ nixos-hardware-scan > /mnt/etc/nixos/configuration.nix nixos-hardware-scan should figure out the required modules in most cases. + Examples are available in + /etc/nixos/nixos/doc/config-examples and some + actual NixOS configuration can be found at . + If your machine has a limited amount of memory, you @@ -259,8 +257,7 @@ $ fdisk /dev/sda (or whatever device you want to install on)(idem) $ mkswap -L swap /dev/sda2 (idem) $ mount LABEL=nixos /mnt -$ mkdir -p /mnt/etc/nixos -$ nixos-hardware-scan > /mnt/etc/nixos/configuration.nix +$ nixos-option --install $ nano /mnt/etc/nixos/configuration.nix (in particular, set the fileSystems and swapDevices options) $ nixos-install From d8c72719aa82ccdd832aeca31fa43c63c1bca608 Mon Sep 17 00:00:00 2001 From: Evgeny Egorochkin Date: Sun, 26 Sep 2010 01:58:44 +0000 Subject: [PATCH 063/100] Quassel: Create quassel user only if cfg.user is left empty to avoid messing up existing users. This solution is still suboptimal but others are even worse. svn path=/nixos/trunk/; revision=23927 --- modules/services/networking/quassel.nix | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/modules/services/networking/quassel.nix b/modules/services/networking/quassel.nix index 591bd6e6ce22..7e6ad5c8e813 100644 --- a/modules/services/networking/quassel.nix +++ b/modules/services/networking/quassel.nix @@ -5,6 +5,7 @@ with pkgs.lib; let quassel = pkgs.quasselDaemon; cfg = config.services.quassel; + user = if cfg.user != null then cfg.user else "quassel"; in { @@ -39,16 +40,16 @@ in }; dataDir = mkOption { - default = ''/home/${cfg.user}/.config/quassel-irc.org''; + default = ''/home/${user}/.config/quassel-irc.org''; description = '' The directory holding configuration files, the SQlite database and the SSL Cert. ''; }; user = mkOption { - default = "quassel"; + default = null; description = '' - The user the Quassel daemon should run as. + The existing user the Quassel daemon should run as. If left empty, a default "quassel" user will be created. ''; }; @@ -61,10 +62,10 @@ in config = mkIf cfg.enable { - users.extraUsers = singleton + users.extraUsers = mkIf (cfg.user == null) [ { name = cfg.user; description = "Quassel IRC client daemon"; - }; + }]; jobs.quassel = @@ -74,11 +75,11 @@ in preStart = '' mkdir -p ${cfg.dataDir} - chown ${cfg.user} ${cfg.dataDir} + chown ${user} ${cfg.dataDir} ''; exec = '' - ${pkgs.su}/bin/su -s ${pkgs.stdenv.shell} ${cfg.user} \ + ${pkgs.su}/bin/su -s ${pkgs.stdenv.shell} ${user} \ -c '${quassel}/bin/quasselcore --listen=${cfg.interface}\ --port=${toString cfg.portNumber} --configdir=${cfg.dataDir}' ''; From 3bca96e1bd4e465a23b2c883828cf8ba8930cf1c Mon Sep 17 00:00:00 2001 From: Evgeny Egorochkin Date: Sun, 26 Sep 2010 02:04:06 +0000 Subject: [PATCH 064/100] AMule: create the user only if the user option is null, don't pollute the system profile with useless packages. svn path=/nixos/trunk/; revision=23928 --- modules/services/networking/amuled.nix | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/modules/services/networking/amuled.nix b/modules/services/networking/amuled.nix index 5e60a8246194..3531451fd7cd 100644 --- a/modules/services/networking/amuled.nix +++ b/modules/services/networking/amuled.nix @@ -4,6 +4,7 @@ with pkgs.lib; let cfg = config.services.amule; + user = if cfg.user != null then cfg.user else "amule"; in { @@ -22,14 +23,14 @@ in }; dataDir = mkOption { - default = ''/home/${cfg.user}/''; + default = ''/home/${user}/''; description = '' The directory holding configuration, incoming and temporary files. ''; }; user = mkOption { - default = "amule"; + default = null; description = '' The user the AMule daemon should run as. ''; @@ -44,10 +45,10 @@ in config = mkIf cfg.enable { - users.extraUsers = singleton + users.extraUsers = mkIf (cfg.user == null) [ { name = cfg.user; description = "AMule daemon"; - }; + } ]; jobs.amuled = { description = "AMule daemon"; @@ -56,17 +57,15 @@ in preStart = '' mkdir -p ${cfg.dataDir} - chown ${cfg.user} ${cfg.dataDir} + chown ${user} ${cfg.dataDir} ''; exec = '' - ${pkgs.su}/bin/su -s ${pkgs.stdenv.shell} ${cfg.user} \ + ${pkgs.su}/bin/su -s ${pkgs.stdenv.shell} ${user} \ -c 'HOME="${cfg.dataDir}" ${pkgs.amuleDaemon}/bin/amuled' ''; }; - environment.systemPackages = [ pkgs.amuleDaemon ]; - }; } From b766f8ac8d8dc5b598d29dd9712b5267f22e6619 Mon Sep 17 00:00:00 2001 From: Evgeny Egorochkin Date: Sun, 26 Sep 2010 02:09:34 +0000 Subject: [PATCH 065/100] AMule: quick fix svn path=/nixos/trunk/; revision=23929 --- modules/services/networking/amuled.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/services/networking/amuled.nix b/modules/services/networking/amuled.nix index 3531451fd7cd..f499e72c0d2b 100644 --- a/modules/services/networking/amuled.nix +++ b/modules/services/networking/amuled.nix @@ -46,7 +46,7 @@ in config = mkIf cfg.enable { users.extraUsers = mkIf (cfg.user == null) [ - { name = cfg.user; + { name = "amule"; description = "AMule daemon"; } ]; From 88b24ece7fbc5c476cef1e75eff6a7594e37b031 Mon Sep 17 00:00:00 2001 From: Evgeny Egorochkin Date: Sun, 26 Sep 2010 02:10:23 +0000 Subject: [PATCH 066/100] Quassel: quick fix svn path=/nixos/trunk/; revision=23930 --- modules/services/networking/quassel.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/services/networking/quassel.nix b/modules/services/networking/quassel.nix index 7e6ad5c8e813..916694c69109 100644 --- a/modules/services/networking/quassel.nix +++ b/modules/services/networking/quassel.nix @@ -63,7 +63,7 @@ in config = mkIf cfg.enable { users.extraUsers = mkIf (cfg.user == null) [ - { name = cfg.user; + { name = "quassel"; description = "Quassel IRC client daemon"; }]; From bf3a8dfbe47c91e4cda0d7f2c2e8d711e9750a4c Mon Sep 17 00:00:00 2001 From: Evgeny Egorochkin Date: Sun, 26 Sep 2010 03:49:33 +0000 Subject: [PATCH 067/100] bashrc: make ALSA plugins discoverable svn path=/nixos/trunk/; revision=23932 --- modules/programs/bash/bashrc.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/modules/programs/bash/bashrc.sh b/modules/programs/bash/bashrc.sh index 7e39e98135ab..d9e1c82c2533 100644 --- a/modules/programs/bash/bashrc.sh +++ b/modules/programs/bash/bashrc.sh @@ -30,6 +30,9 @@ for i in $NIX_PROFILES; do # !!! reverse # from Nixpkgs <= 0.12. export PERL5LIB="$i/lib/perl5/site_perl:$i/lib/site_perl${PERL5LIB:+:}$PERL5LIB" + # ALSA plugins + export ALSA_PLUGIN_DIRS="$i/lib/alsa-lib${ALSA_PLUGIN_DIRS:+:}$ALSA_PLUGIN_DIRS" + # GStreamer. export GST_PLUGIN_PATH="$i/lib/gstreamer-0.10${GST_PLUGIN_PATH:+:}$GST_PLUGIN_PATH" From 62c9591d0b39ac39815bd8aeb8f2184be9e779d9 Mon Sep 17 00:00:00 2001 From: Nicolas Pierron Date: Sun, 26 Sep 2010 08:43:55 +0000 Subject: [PATCH 068/100] Fix usage message (-description) and honor $NIXOS instead of $NIXOS_PATH. svn path=/nixos/trunk/; revision=23937 --- modules/installer/tools/nixos-option.sh | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/modules/installer/tools/nixos-option.sh b/modules/installer/tools/nixos-option.sh index 962546ebb6e6..e1ddfa5ea077 100644 --- a/modules/installer/tools/nixos-option.sh +++ b/modules/installer/tools/nixos-option.sh @@ -4,10 +4,10 @@ # file to be overridden. : ${mountPoint=/mnt} -: ${NIXOS_PATH=/etc/nixos/nixos} +: ${NIXOS=/etc/nixos/nixos} : ${NIXOS_CONFIG=/etc/nixos/configuration.nix} : ${NIXPKGS=/etc/nixos/nixpkgs} -export NIXOS_PATH +export NIXOS usage () { echo 1>&2 " @@ -15,8 +15,8 @@ Usage: $0 [--install] [-v] [-d] [-l] OPTION_NAME $0 [--install] This program is used to explore NixOS options by looking at their values or -by looking at their description. It is helpful for understanding the how -your configuration is working. +by looking at their description. It is helpful for understanding how your +configuration is working. Options: @@ -27,7 +27,7 @@ Options: specified. -v | --value Display the current value, based on your configuration. - -d | --default Display the default value, the example and the + -d | --description Display the default value, the example and the description. -l | --lookup Display where the option is defined and where it is declared. @@ -36,7 +36,7 @@ Options: Environment variables affecting $0: \$mountPoint Path to the target file system. - \$NIXOS_PATH Path where the NixOS repository is located. + \$NIXOS Path where the NixOS repository is located. \$NIXOS_CONFIG Path to your configuration file. \$NIXPKGS Path to Nix packages. @@ -133,7 +133,7 @@ evalAttr(){ local prefix=$1 local suffix=$2 local strict=$3 - echo "(import $NIXOS_PATH {}).$prefix${option:+.$option}${suffix:+.$suffix}" | + echo "(import $NIXOS {}).$prefix${option:+.$option}${suffix:+.$suffix}" | nix-instantiate - --eval-only ${strict:+--strict} } @@ -147,13 +147,13 @@ evalCfg(){ findSources(){ local suffix=$1 - echo "builtins.map (f: f.source) (import $NIXOS_PATH {}).eval.options${option:+.$option}.$suffix" | + echo "builtins.map (f: f.source) (import $NIXOS {}).eval.options${option:+.$option}.$suffix" | nix-instantiate - --eval-only --strict } if $install; then - if test -e "$mountPoint$NIXOS_PATH"; then - export NIXOS_PATH="$mountPoint$NIXOS_PATH" + if test -e "$mountPoint$NIXOS"; then + export NIXOS="$mountPoint$NIXOS" fi if test -e "$mountPoint$NIXPKGS"; then export NIXPKGS="$mountPoint$NIXPKGS" From 0a9b2f6e442da1cf4dd5b682dfa1f2010f240a2b Mon Sep 17 00:00:00 2001 From: Nicolas Pierron Date: Sun, 26 Sep 2010 08:43:59 +0000 Subject: [PATCH 069/100] Add a man page for nixos-option. svn path=/nixos/trunk/; revision=23938 --- doc/manual/man-nixos-option.xml | 186 ++++++++++++++++++++++++++++++++ doc/manual/man-pages.xml | 1 + 2 files changed, 187 insertions(+) create mode 100644 doc/manual/man-nixos-option.xml diff --git a/doc/manual/man-nixos-option.xml b/doc/manual/man-nixos-option.xml new file mode 100644 index 000000000000..ed31226f536e --- /dev/null +++ b/doc/manual/man-nixos-option.xml @@ -0,0 +1,186 @@ + + + + nixos-option + 8 + NixOS + + + + + nixos-option + inspect a NixOS configuration + + + + + nixos-option + + + + + + + option.name + + + nixos-option + + + + + +Description + +This command evaluates the configuration specified in +/etc/nixos/configuration.nix and returns the properties +of the option name given as argument. By default, it returns the value of +the option. + +When the option name is not an option prints the list of attributes in +case of an attribute set. This could used to provide completion in some +editors. + +When the option (or ) is +used with no option name, this command generates a template configuration +with a scan of the target system. It produces a template configuration +in /etc/nixos/configuration.nix, and a scan of the +machine in /etc/nixos/hardware-configuration.nix. The +scan of the machine is produced +by nixos-hardware-scan. + + + +Options + +This command accepts the following options: + + + + + , + + Use the installation configuration instead of current system + configuration. Generate a template configuration if no option name is + specified. + + + + + , + + Returns the value of the option. This is the default operation + if no other options are defined. + + + + + , + + Return the default value, the example and the description of the + option when available. + + + + + , + + Return the locations where the option is declared and where it + is defined. This is extremely useful to find sources of errors in + your configuration. + + + + + + + + +Environment + + + + + mountPoint + + Location of the target file system. Defaults to + /mnt. This environment variable is only used in + combinaison with option. + + + + + NIXOS + + Path to the NixOS source tree. Defaults to + /etc/nixos/nixos. + + + + + NIXPKGS + + Path to the Nixpkgs source tree. Defaults to + /etc/nixos/nixpkgs. + + + + + NIXOS_CONFIG + + Path to the main NixOS configuration module. Defaults to + /etc/nixos/configuration.nix. + + + + + + + + +Examples + +Investigate option values: + +$ nixos-option boot.loader +This attribute set contains: +generationsDir +grub +initScript + +$ nixos-option boot.loader.grub.enable +true + +Prints option informations: + +$ nixos-option -d networking.hostName +Default: "nixos" +Description: +The name of the machine. Leave it empty if you want to obtain +it from a DHCP server (if using DHCP). + +Find the locations which are declaring and defining an option: + +$ nixos-option -l hardware.firmware +Declared by: + /mnt/data/nix-sources/nixos/modules/services/hardware/udev.nix + +Defined by: + /etc/nixos/nixos/modules/system/boot/kernel.nix + /etc/nixos/nixos/modules/hardware/network/rt73.nix + /etc/nixos/nixos/modules/hardware/network/intel-3945abg.nix + /etc/nixos/nixos/modules/hardware/network/intel-2200bg.nix + + + +Bugs + +The author listed in the following section is wrong. If there is any + other bug, please report to Nicolas Pierron. + + + + + diff --git a/doc/manual/man-pages.xml b/doc/manual/man-pages.xml index e706574d8895..e3b3a5bc2899 100644 --- a/doc/manual/man-pages.xml +++ b/doc/manual/man-pages.xml @@ -25,5 +25,6 @@ + From 567f37f3e45a45a02e262cc8a6fdeaa746fd0533 Mon Sep 17 00:00:00 2001 From: Nicolas Pierron Date: Sun, 26 Sep 2010 13:39:16 +0000 Subject: [PATCH 070/100] Export tools which may be useful for users that want to switch to NixOS without using a live CD. svn path=/nixos/trunk/; revision=23939 --- modules/installer/tools/tools.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/installer/tools/tools.nix b/modules/installer/tools/tools.nix index 4b0a186d6c43..cb4c52f31eff 100644 --- a/modules/installer/tools/tools.nix +++ b/modules/installer/tools/tools.nix @@ -137,7 +137,7 @@ in ]; system.build = { - inherit nixosInstall; + inherit nixosInstall nixosHardwareScan nixosOption; # expose scripts inherit (installer2) nixosPrepareInstall runInChroot nixosBootstrap minimalInstallArchive; From b6f2fde0e0a5b9a0cb3ab04ac482bd2c6901b87f Mon Sep 17 00:00:00 2001 From: Nicolas Pierron Date: Sun, 26 Sep 2010 13:46:44 +0000 Subject: [PATCH 071/100] man nixos-option: Fix typos. svn path=/nixos/trunk/; revision=23940 --- doc/manual/man-nixos-option.xml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/doc/manual/man-nixos-option.xml b/doc/manual/man-nixos-option.xml index ed31226f536e..b88daa51db63 100644 --- a/doc/manual/man-nixos-option.xml +++ b/doc/manual/man-nixos-option.xml @@ -39,9 +39,9 @@ of the option name given as argument. By default, it returns the value of the option. -When the option name is not an option prints the list of attributes in -case of an attribute set. This could used to provide completion in some -editors. +When the option name is not an option, the command prints the list of +attributes in contained in the attribute set. This could used to provide +completion in some editors. When the option (or ) is used with no option name, this command generates a template configuration @@ -153,7 +153,7 @@ initScript $ nixos-option boot.loader.grub.enable true -Prints option informations: +Prints option information: $ nixos-option -d networking.hostName Default: "nixos" From deca72f3cfdba40013e63f0de66e350069fce9de Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Mon, 27 Sep 2010 16:32:42 +0000 Subject: [PATCH 072/100] * Xen (or rather QEMU) needs /dev/net/tun, so load the tap module. svn path=/nixos/trunk/; revision=23970 --- modules/virtualisation/xen.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/modules/virtualisation/xen.nix b/modules/virtualisation/xen.nix index 95c777b17c90..c2973d3a6ab1 100644 --- a/modules/virtualisation/xen.nix +++ b/modules/virtualisation/xen.nix @@ -70,7 +70,10 @@ in # Domain 0 requires a pvops-enabled kernel. boot.kernelPackages = pkgs.linuxPackages_2_6_32_xen; - boot.kernelModules = [ "xen_evtchn" "xen_gntdev" "xen_blkback" "xen_netback" "xen_pciback" "blktap" ]; + boot.kernelModules = + [ "xen_evtchn" "xen_gntdev" "xen_blkback" "xen_netback" "xen_pciback" + "blktap" "tap" + ]; # The radeonfb kernel module causes the screen to go black as soon # as it's loaded, so don't load it. From 8a3750035576265e306b7ef8a23cad46626f6a86 Mon Sep 17 00:00:00 2001 From: Rob Vermaas Date: Wed, 29 Sep 2010 11:31:09 +0000 Subject: [PATCH 073/100] initial try for a nixos module for hydra channel mirroring svn path=/nixos/trunk/; revision=23990 --- modules/module-list.nix | 1 + modules/services/backup/hydra-mirror.nix | 93 ++++++++++++++++++++++++ 2 files changed, 94 insertions(+) create mode 100644 modules/services/backup/hydra-mirror.nix diff --git a/modules/module-list.nix b/modules/module-list.nix index 71ba9d06e24c..ce131b8a55d2 100644 --- a/modules/module-list.nix +++ b/modules/module-list.nix @@ -44,6 +44,7 @@ ./security/sudo.nix ./services/audio/alsa.nix ./services/audio/pulseaudio.nix + ./services/backup/hydra-mirror.nix ./services/backup/mysql-backup.nix ./services/backup/postgresql-backup.nix ./services/backup/sitecopy-backup.nix diff --git a/modules/services/backup/hydra-mirror.nix b/modules/services/backup/hydra-mirror.nix new file mode 100644 index 000000000000..89971095763a --- /dev/null +++ b/modules/services/backup/hydra-mirror.nix @@ -0,0 +1,93 @@ +{ config, pkgs, ... }: + +with pkgs.lib; + +let + cfg = config.services.hydraChannelMirror ; + mirrorChannel = pkgs.fetchsvn { + url = https://svn.nixos.org/repos/nix/release/trunk/channels/mirror-channel.pl; + rev = 23988; + sha256 = "1h06clvhr3zz378d8fblhwynvzk1smq7fipv7caakakfd31cv8i6"; + }; + cronjob = jobset : '' + ${cfg.period} root perl -I${config.environment.nix}/libexec/nix ${mirrorChannel} \ + ${cfg.hydraURL}/jobset/${jobset.project}/${jobset.jobset}/channel/latest \ + ${cfg.dataDir}/channels/${jobset.relURL} \ + ${cfg.dataDir}/nars \ + ${cfg.mirrorURL}/nars \ + ${cfg.dataDir}/patches \ + ${cfg.mirrorURL}/patches \ + ${if jobset.nixexprs == "" then "" else "${cfg.hydraURL}/job/${jobset.project}/${jobset.jobset}/${jobset.nixexprs}/latest/download-by-type/file/source-dist"} \ + >> ${cfg.dataDir}/logs/${jobset.name}.log + ''; +in +{ + options = { + + services.hydraChannelMirror = { + + enable = mkOption { + default = false; + description = '' + Whether to enable Hydra channel mirroring. + ''; + }; + + period = mkOption { + default = "15 * * * *"; + description = '' + This option defines (in the format used by cron) when the + mirroring should occur. + ''; + }; + + jobsets = mkOption { + default = [ rec { name = "nixpkgs-unstable"; project = "nixpkgs"; jobset = "trunk"; nixexprs = "tarball"; relURL = "nixpkgs/channels/${name}"; } ]; + description = '' + List of jobsets to mirror. + ''; + }; + + hydraURL = mkOption { + default = "http://hydra.nixos.org"; + description = '' + Location (URL) of Hydra instance + ''; + }; + + mirrorURL = mkOption { + default = "http://nixos.org/releases"; + description = '' + Location (URL) of Hydra mirror + ''; + }; + + dataDir = mkOption { + default = "/data/hydra-mirror"; + description = '' + Location of Hydra mirror data + ''; + }; + }; + + }; + + config = mkIf cfg.enable { + + services.cron.systemCronJobs = map cronjob cfg.jobsets ; + + system.activationScripts.hydraChannelMirror = stringAfter [ "stdio" "users" ] + '' + mkdir -m 0755 -p ${cfg.dataDir} + mkdir -m 0755 -p ${cfg.dataDir}/nars + mkdir -m 0755 -p ${cfg.dataDir}/patches + mkdir -m 0755 -p ${cfg.dataDir}/channels + mkdir -m 0755 -p ${cfg.dataDir}/logs + ${concatMapStrings (j : '' + mkdir -m 0755 -p ${cfg.dataDir}/channels/${j.relURL} + '') cfg.jobsets} + ''; + + }; + +} From 02f2b1f64011cbcf10bb887b9a3025f971d4cfc3 Mon Sep 17 00:00:00 2001 From: Evgeny Egorochkin Date: Thu, 30 Sep 2010 05:08:33 +0000 Subject: [PATCH 074/100] Fix lots of KDE functionality svn path=/nixos/trunk/; revision=23992 --- modules/programs/bash/bashrc.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/programs/bash/bashrc.sh b/modules/programs/bash/bashrc.sh index d9e1c82c2533..8d1e4833a2de 100644 --- a/modules/programs/bash/bashrc.sh +++ b/modules/programs/bash/bashrc.sh @@ -22,7 +22,7 @@ unset XDG_CONFIG_DIRS XDG_DATA_DIRS for i in $NIX_PROFILES; do # !!! reverse # We have to care not leaving an empty PATH element, because that means '.' to Linux - export PATH=$i/bin:$i/sbin${PATH:+:}$PATH + export PATH=$i/bin:$i/sbin:$i/lib/kde4/libexec${PATH:+:}$PATH export INFOPATH=$i/info:$i/share/info${INFOPATH:+:}$INFOPATH export PKG_CONFIG_PATH="$i/lib/pkgconfig${PKG_CONFIG_PATH:+:}$PKG_CONFIG_PATH" From ab8a6d43c43ae5158af7407462554f3b650ad1b7 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Thu, 30 Sep 2010 13:53:30 +0000 Subject: [PATCH 075/100] svn path=/nixos/trunk/; revision=23998 --- modules/services/web-servers/tomcat.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/services/web-servers/tomcat.nix b/modules/services/web-servers/tomcat.nix index baf05e06a09c..e63abfb15d27 100644 --- a/modules/services/web-servers/tomcat.nix +++ b/modules/services/web-servers/tomcat.nix @@ -282,7 +282,7 @@ in mkdir -p ${cfg.baseDir}/work chown ${cfg.user}:${cfg.group} ${cfg.baseDir}/work - ${if cfg.axis2.enable == true then + ${if cfg.axis2.enable then '' # Copy the Axis2 web application cp -av ${pkgs.axis2}/webapps/axis2 ${cfg.baseDir}/webapps From 2811c7270a25ebbb13fe182d2684836b92603212 Mon Sep 17 00:00:00 2001 From: Russell O'Connor Date: Fri, 1 Oct 2010 03:41:43 +0000 Subject: [PATCH 076/100] Replacing tsocks with torsocks. tsocks leaks DNS requests and is less secure than torsocks. torsocks is a fork of tsocks that is patched specifically for Tor. svn path=/nixos/trunk/; revision=24012 --- modules/module-list.nix | 2 +- modules/services/security/tor.nix | 4 +- modules/services/security/torify.nix | 69 ------------------------ modules/services/security/torsocks.nix | 72 ++++++++++++++++++++++++++ 4 files changed, 75 insertions(+), 72 deletions(-) delete mode 100644 modules/services/security/torify.nix create mode 100644 modules/services/security/torsocks.nix diff --git a/modules/module-list.nix b/modules/module-list.nix index ce131b8a55d2..7433b82e4abc 100644 --- a/modules/module-list.nix +++ b/modules/module-list.nix @@ -112,7 +112,7 @@ ./services/scheduling/cron.nix ./services/scheduling/fcron.nix ./services/security/tor.nix - ./services/security/torify.nix + ./services/security/torsocks.nix ./services/system/dbus.nix ./services/system/kerberos.nix ./services/system/nscd.nix diff --git a/modules/services/security/tor.nix b/modules/services/security/tor.nix index 8ddc468aa389..de96a7638d1b 100644 --- a/modules/services/security/tor.nix +++ b/modules/services/security/tor.nix @@ -47,9 +47,9 @@ in socksListenAddress = mkOption { default = "127.0.0.1:9050"; - example = "127.0.0.1:9050, 192.168.0.1:9100"; + example = "192.168.0.1:9100"; description = '' - Bind to this address(es) to listen for connections from Socks-speaking + Bind to this address to listen for connections from Socks-speaking applications. You can also specify a port. ''; }; diff --git a/modules/services/security/torify.nix b/modules/services/security/torify.nix deleted file mode 100644 index b91d7d58505c..000000000000 --- a/modules/services/security/torify.nix +++ /dev/null @@ -1,69 +0,0 @@ -{ config, pkgs, ... }: -with pkgs.lib; -let - - cfg = config.services.tor; - - torify = pkgs.writeTextFile { - name = "torify"; - text = '' - #!${pkgs.stdenv.shell} - TSOCKS_CONF_FILE=${pkgs.writeText "tsocks.conf" cfg.torify.config} LD_PRELOAD="${pkgs.tsocks}/lib/libtsocks.so $LD_PRELOAD" $@ - ''; - executable = true; - destination = "/bin/torify"; - }; - -in - -{ - - ###### interface - - options = { - - services.tor.torify = { - - enable = mkOption { - default = cfg.client.enable; - description = '' - Whether to build torify scipt to relay application traffic via TOR. - ''; - }; - - server = mkOption { - default = "localhost:9050"; - example = "192.168.0.20"; - description = '' - IP address of TOR client to use. - ''; - }; - - config = mkOption { - default = ""; - description = '' - Extra configuration. Contents will be added verbatim to TSocks - configuration file. - ''; - }; - - }; - - }; - - ###### implementation - - config = mkIf cfg.torify.enable { - - environment.systemPackages = [ torify ]; # expose it to the users - - services.tor.torify.config = '' - server = ${toString(head (splitString ":" cfg.torify.server))} - server_port = ${toString(tail (splitString ":" cfg.torify.server))} - - local = 127.0.0.0/255.128.0.0 - local = 127.128.0.0/255.192.0.0 - ''; - }; - -} \ No newline at end of file diff --git a/modules/services/security/torsocks.nix b/modules/services/security/torsocks.nix new file mode 100644 index 000000000000..5257327b384e --- /dev/null +++ b/modules/services/security/torsocks.nix @@ -0,0 +1,72 @@ +{ config, pkgs, ... }: +with pkgs.lib; +let + + cfg = config.services.tor; + + torsocks = pkgs.writeTextFile { + name = "torsocks"; + text = '' + #!${pkgs.stdenv.shell} + TORSOCKS_CONF_FILE=${pkgs.writeText "torsocks.conf" cfg.torsocks.config} LD_PRELOAD="${pkgs.torsocks}/lib/torsocks/libtorsocks.so $LD_PRELOAD" $@ + ''; + executable = true; + destination = "/bin/torsocks"; + }; + +in + +{ + + ###### interface + + options = { + + services.tor.torsocks = { + + enable = mkOption { + default = cfg.client.enable; + description = '' + Whether to build torsocks scipt to relay application traffic via TOR. + ''; + }; + + server = mkOption { + default = cfg.client.socksListenAddress; + example = "192.168.0.20"; + description = '' + IP address of TOR client to use. + ''; + }; + + config = mkOption { + default = ""; + description = '' + Extra configuration. Contents will be added verbatim to torsocks + configuration file. + ''; + }; + + }; + + }; + + ###### implementation + + config = mkIf cfg.torsocks.enable { + + environment.systemPackages = [ torsocks ]; # expose it to the users + + services.tor.torsocks.config = '' + server = ${toString(head (splitString ":" cfg.torsocks.server))} + server_port = ${toString(tail (splitString ":" cfg.torsocks.server))} + + local = 127.0.0.0/255.128.0.0 + local = 127.128.0.0/255.192.0.0 + local = 169.254.0.0/255.255.0.0 + local = 172.16.0.0/255.240.0.0 + local = 192.168.0.0/255.255.0.0 + ''; + }; + +} From 7468ad50e01ae1ee8909bf70ce13633f8acacf9f Mon Sep 17 00:00:00 2001 From: Rob Vermaas Date: Fri, 1 Oct 2010 06:31:27 +0000 Subject: [PATCH 077/100] nixos-option.sh: fix typo svn path=/nixos/trunk/; revision=24015 --- modules/installer/tools/nixos-option.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/installer/tools/nixos-option.sh b/modules/installer/tools/nixos-option.sh index e1ddfa5ea077..fc4380d00c47 100644 --- a/modules/installer/tools/nixos-option.sh +++ b/modules/installer/tools/nixos-option.sh @@ -262,7 +262,7 @@ if $generate; then # services.printing.enable = true; # Add XServer (default if you have used a graphical iso) - # service.xserver = { + # services.xserver = { # enable = true; # layout = "us"; # xkbOptions = "eurosign:e"; From ac7ef33e4a317d338ff2701862965a93fd40951b Mon Sep 17 00:00:00 2001 From: Evgeny Egorochkin Date: Sat, 2 Oct 2010 02:19:17 +0000 Subject: [PATCH 078/100] Tor: socksListenAddress must always be in ip:port format svn path=/nixos/trunk/; revision=24022 --- modules/services/security/tor.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/services/security/tor.nix b/modules/services/security/tor.nix index de96a7638d1b..65b7abafd6a2 100644 --- a/modules/services/security/tor.nix +++ b/modules/services/security/tor.nix @@ -50,7 +50,7 @@ in example = "192.168.0.1:9100"; description = '' Bind to this address to listen for connections from Socks-speaking - applications. You can also specify a port. + applications. ''; }; From 17213c4f2a4dca5129c39966c808567d2862d6af Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Tue, 5 Oct 2010 13:11:30 +0000 Subject: [PATCH 079/100] * When generating a GRUB 1 menu, don't use the "module" command to load the initrd, because pv-grub doesn't like it. svn path=/nixos/trunk/; revision=24068 --- modules/installer/grub/grub-menu-builder.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/installer/grub/grub-menu-builder.sh b/modules/installer/grub/grub-menu-builder.sh index 8934c9bd24de..cc82665f2eef 100644 --- a/modules/installer/grub/grub-menu-builder.sh +++ b/modules/installer/grub/grub-menu-builder.sh @@ -200,7 +200,7 @@ title $name @extraPerEntryConfig@ ${xen:+kernel $xen $xenParams} $(if [ -z "$xen" ]; then echo kernel; else echo module; fi) $kernel $kernelParams - module $initrd + $(if [ -z "$xen" ]; then echo initrd; else echo module; fi) $initrd GRUBEND ;; 2) From c8fc492acf4cae1bc4924f998f8f3d010c6154d0 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Tue, 5 Oct 2010 14:22:06 +0000 Subject: [PATCH 080/100] * Start atd when udev has finished completely. Hopefully this fixes the random atd failures at boot time, which seem to be caused by a race with the creation of /dev/null or something. svn path=/nixos/trunk/; revision=24077 --- modules/services/scheduling/atd.nix | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/modules/services/scheduling/atd.nix b/modules/services/scheduling/atd.nix index 3c3aca6f5a24..8f6d1667bdb3 100644 --- a/modules/services/scheduling/atd.nix +++ b/modules/services/scheduling/atd.nix @@ -66,7 +66,7 @@ in jobs.atd = { description = "at daemon (atd)"; - startOn = "started udev"; + startOn = "stopped udevtrigger"; preStart = '' @@ -99,7 +99,9 @@ in fi ''; - exec = "${at}/sbin/atd -f"; + exec = "${at}/sbin/atd"; + + daemonType = "fork"; }; }; From c5b39e70ef7c797da5d2017e43aa3aae8e667dae Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Tue, 5 Oct 2010 14:23:12 +0000 Subject: [PATCH 081/100] * Rename the xen module to xen-dom0. svn path=/nixos/trunk/; revision=24078 --- modules/module-list.nix | 2 +- modules/virtualisation/{xen.nix => xen-dom0.nix} | 0 2 files changed, 1 insertion(+), 1 deletion(-) rename modules/virtualisation/{xen.nix => xen-dom0.nix} (100%) diff --git a/modules/module-list.nix b/modules/module-list.nix index 7433b82e4abc..83657d922fee 100644 --- a/modules/module-list.nix +++ b/modules/module-list.nix @@ -158,5 +158,5 @@ ./tasks/network-interfaces.nix ./tasks/swraid.nix ./tasks/tty-backgrounds.nix - ./virtualisation/xen.nix + ./virtualisation/xen-dom0.nix ] diff --git a/modules/virtualisation/xen.nix b/modules/virtualisation/xen-dom0.nix similarity index 100% rename from modules/virtualisation/xen.nix rename to modules/virtualisation/xen-dom0.nix From 35562ea4a3f3557449121e4eae1fe3b4d0471304 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Tue, 5 Oct 2010 15:17:09 +0000 Subject: [PATCH 082/100] * Don't daemonize; otherwise Upstart will respawn it. svn path=/nixos/trunk/; revision=24081 --- modules/services/networking/avahi-daemon.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/services/networking/avahi-daemon.nix b/modules/services/networking/avahi-daemon.nix index 369b6d4f0fca..784ac21e89e0 100644 --- a/modules/services/networking/avahi-daemon.nix +++ b/modules/services/networking/avahi-daemon.nix @@ -130,7 +130,7 @@ in mkdir -p /var/run/avahi-daemon - exec ${avahi}/sbin/avahi-daemon --daemonize -f "${avahiDaemonConf}" + exec ${avahi}/sbin/avahi-daemon --syslog -f "${avahiDaemonConf}" ''; }; From 8b5fba494220b31726a90409db18dbd123224cb5 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Tue, 5 Oct 2010 15:44:40 +0000 Subject: [PATCH 083/100] * Added a module that provides common configuration for DomU machines. svn path=/nixos/trunk/; revision=24084 --- modules/virtualisation/xen-dom0.nix | 2 +- modules/virtualisation/xen-domU.nix | 23 +++++++++++++++++++++++ 2 files changed, 24 insertions(+), 1 deletion(-) create mode 100644 modules/virtualisation/xen-domU.nix diff --git a/modules/virtualisation/xen-dom0.nix b/modules/virtualisation/xen-dom0.nix index c2973d3a6ab1..65158bc5f813 100644 --- a/modules/virtualisation/xen-dom0.nix +++ b/modules/virtualisation/xen-dom0.nix @@ -1,4 +1,4 @@ -# Xen hypervisor support. +# Xen hypervisor (Dom0) support. { config, pkgs, ... }: diff --git a/modules/virtualisation/xen-domU.nix b/modules/virtualisation/xen-domU.nix new file mode 100644 index 000000000000..f4cbaf24c2b2 --- /dev/null +++ b/modules/virtualisation/xen-domU.nix @@ -0,0 +1,23 @@ +# Common configuration for Xen DomU NixOS virtual machines. + +{ config, pkgs, ... }: + +{ + # We're being booted using pv-grub, which means that we need to + # generate a GRUB 1 menu without actually installing GRUB. + boot.loader.grub.version = 1; + boot.loader.grub.device = "nodev"; + boot.loader.grub.extraPerEntryConfig = "root (hd0)"; + + boot.initrd.kernelModules = [ "xen-blkfront" ]; + + # Backgrounds don't work, so don't bother. + services.ttyBackgrounds.enable = false; + + # Send syslog messages to the Xen console. + services.syslogd.tty = "hvc0"; + + # Start a mingetty on the Xen console (so that you can login using + # "xm console" in Dom0). + services.mingetty.ttys = [ "hvc0" "tty1" "tty2" ]; +} From aeb89fc753c6f95c9d143e6f5346f92e4a02fa67 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Tue, 5 Oct 2010 17:58:58 +0000 Subject: [PATCH 084/100] * Set /proc/sys/kernel/poweroff_cmd to Upstart's poweroff command (rather than /sbin/poweroff). Xen's "xm shutdown" needs this to enable the host to cleanly shutdown the guest. svn path=/nixos/trunk/; revision=24094 --- modules/system/upstart-events/control-alt-delete.nix | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/modules/system/upstart-events/control-alt-delete.nix b/modules/system/upstart-events/control-alt-delete.nix index 5fa2bd87eb91..f0f146160e58 100644 --- a/modules/system/upstart-events/control-alt-delete.nix +++ b/modules/system/upstart-events/control-alt-delete.nix @@ -15,4 +15,12 @@ shutdown -r now 'Ctrl-Alt-Delete pressed' ''; }; + + system.activationScripts.poweroff = + '' + # Allow the kernel to find the poweroff command. This is used + # (for instance) by Xen's "xm shutdown" command to signal a + # guest to shut down cleanly. + echo ${config.system.build.upstart}/sbin/poweroff > /proc/sys/kernel/poweroff_cmd + ''; } From 8d60cad42a4dfbab65c74f51baa7011b3c3e3e8d Mon Sep 17 00:00:00 2001 From: Rob Vermaas Date: Wed, 6 Oct 2010 11:21:15 +0000 Subject: [PATCH 085/100] mercurial: initial version for hgweb apache module svn path=/nixos/trunk/; revision=24111 --- .../web-servers/apache-httpd/mercurial.nix | 76 +++++++++++++++++++ 1 file changed, 76 insertions(+) create mode 100644 modules/services/web-servers/apache-httpd/mercurial.nix diff --git a/modules/services/web-servers/apache-httpd/mercurial.nix b/modules/services/web-servers/apache-httpd/mercurial.nix new file mode 100644 index 000000000000..cecc486160be --- /dev/null +++ b/modules/services/web-servers/apache-httpd/mercurial.nix @@ -0,0 +1,76 @@ +{ config, pkgs, serverInfo, servicesPath, ... }: + +let + inherit (pkgs) mercurial; + inherit (pkgs.lib) mkOption; + + urlPrefix = config.urlPrefix; + + cgi = pkgs.stdenv.mkDerivation { + name = "mercurial-cgi"; + buildCommand = '' + ensureDir $out + cp -v ${mercurial}/share/cgi-bin/hgweb.cgi $out + sed -i "s|/path/to/repo/or/config|$out/hgweb.config|" $out/hgweb.cgi + echo " + [collections] + ${config.dataDir} = ${config.dataDir} + [web] + style = gitweb + allow_push = * + " > $out/hgweb.config + ''; + }; + +in { + + extraConfig = '' + RewriteEngine on + RewriteRule /(.*) ${cgi}/hgweb.cgi/$1 + + + AuthType Basic + AuthName "Mercurial repositories" + AuthUserFile ${config.dataDir}/hgusers + + Require valid-user + + + + Order allow,deny + Allow from all + AllowOverride All + Options ExecCGI + AddHandler cgi-script .cgi + SetEnv PYTHONPATH "${mercurial}/lib/${pkgs.python.libPrefix}/site-packages" + PassEnv PYTHONPATH + + ''; + + robotsEntries = '' + User-agent: * + Disallow: ${urlPrefix} + ''; + + extraServerPath = [ + (pkgs.python+"/bin") + ]; + + options = { + urlPrefix = mkOption { + default = "/hg"; + description = " + The URL prefix under which the Mercurial service appears. + Use the empty string to have it appear in the server root. + "; + }; + + dataDir = mkOption { + example = "/data/mercurial"; + description = " + Path to the directory that holds the repositories. + "; + }; + }; + +} From f2f048db4d6ad640dd2e24a671ae682fb0c94b1b Mon Sep 17 00:00:00 2001 From: Rob Vermaas Date: Wed, 6 Oct 2010 12:38:37 +0000 Subject: [PATCH 086/100] mercurial/apache: put PYTHONPATH in globalEnvVars svn path=/nixos/trunk/; revision=24115 --- modules/services/web-servers/apache-httpd/mercurial.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/modules/services/web-servers/apache-httpd/mercurial.nix b/modules/services/web-servers/apache-httpd/mercurial.nix index cecc486160be..d2d9e66d4f84 100644 --- a/modules/services/web-servers/apache-httpd/mercurial.nix +++ b/modules/services/web-servers/apache-httpd/mercurial.nix @@ -42,7 +42,6 @@ in { AllowOverride All Options ExecCGI AddHandler cgi-script .cgi - SetEnv PYTHONPATH "${mercurial}/lib/${pkgs.python.libPrefix}/site-packages" PassEnv PYTHONPATH ''; @@ -56,6 +55,8 @@ in { (pkgs.python+"/bin") ]; + globalEnvVars = [ { name = "PYTHONPATH"; value = "${mercurial}/lib/${pkgs.python.libPrefix}/site-packages"; } ]; + options = { urlPrefix = mkOption { default = "/hg"; From 102a1e15ba050cf9e3440b1671ce9772c31f3aef Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Wed, 6 Oct 2010 16:03:37 +0000 Subject: [PATCH 087/100] * Use the "iburst" flag. This makes ntpd synchronise in a few seconds rather than a few minutes by sending an initial burst of messages to the time servers. svn path=/nixos/trunk/; revision=24119 --- modules/services/networking/ntpd.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/services/networking/ntpd.nix b/modules/services/networking/ntpd.nix index a50229125d19..f0b96951eb17 100644 --- a/modules/services/networking/ntpd.nix +++ b/modules/services/networking/ntpd.nix @@ -20,7 +20,7 @@ let # chroot to ${stateDir}, we have to specify it as /ntp.drift. driftfile /ntp.drift - ${toString (map (server: "server " + server + "\n") servers)} + ${toString (map (server: "server " + server + " iburst\n") servers)} ''; ntpFlags = "-c ${configFile} -u ${ntpUser}:nogroup -i ${stateDir}"; From cda2e41c017f68f0f4a522d8c5b039ec86e05b92 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Wed, 6 Oct 2010 16:07:16 +0000 Subject: [PATCH 088/100] * Added a "xendomains" job to automatically start the domains defined in /etc/xen/auto at boot time, to save all running domains during shutdown, and to restore all saved domains at boot time. svn path=/nixos/trunk/; revision=24121 --- .../activation/switch-to-configuration.sh | 6 +++- modules/virtualisation/xen-dom0.nix | 30 ++++++++++++++++++- 2 files changed, 34 insertions(+), 2 deletions(-) diff --git a/modules/system/activation/switch-to-configuration.sh b/modules/system/activation/switch-to-configuration.sh index ffc9845622c0..3249ee3ea347 100644 --- a/modules/system/activation/switch-to-configuration.sh +++ b/modules/system/activation/switch-to-configuration.sh @@ -110,7 +110,11 @@ EOF # forget about current sessions. # Idem for the emergeny-shell, because its `console owner' # line screws up the X server. - if echo "$job" | grep -q "^shutdown$\|^control-alt-delete$\|^xserver$\|^dbus$\|^disnix$\|^emergency-shell$"; then continue; fi + # Idem for xendomains because we don't want to save/restore + # Xen domains unless we have to. + # TODO: Jobs should be able to declare that they should not be + # auto-restarted. + if echo "$job" | grep -q "^shutdown$\|^control-alt-delete$\|^xserver$\|^dbus$\|^disnix$\|^emergency-shell$\|^xendomains$"; then continue; fi if ! test -e "$oldJobs/$job.conf"; then echo "starting $job..." diff --git a/modules/virtualisation/xen-dom0.nix b/modules/virtualisation/xen-dom0.nix index 65158bc5f813..e10713466f7a 100644 --- a/modules/virtualisation/xen-dom0.nix +++ b/modules/virtualisation/xen-dom0.nix @@ -108,11 +108,39 @@ in pkgs.utillinux pkgs.bash xen pkgs.pciutils pkgs.procps ]; - preStart = "${xen}/sbin/xend start"; + preStart = + '' + ${xen}/sbin/xend start + + # Wait until Xend is running. + for ((i = 0; i < 60; i++)); do echo "waiting for xend..."; ${xen}/sbin/xend status && break; done + + ${xen}/sbin/xend status || exit 1 + ''; postStop = "${xen}/sbin/xend stop"; }; + jobs.xendomains = + { description = "Automatically starts, saves and restores Xen domains on startup/shutdown"; + + startOn = "started xend"; + + stopOn = "starting shutdown and stopping xend"; + + path = [ pkgs.xen ]; + + environment.XENDOM_CONFIG = "${xen}/etc/sysconfig/xendomains"; + + preStart = + '' + mkdir -p /var/lock/subsys -m 755 + ${xen}/etc/init.d/xendomains start + ''; + + postStop = "${xen}/etc/init.d/xendomains stop"; + }; + # To prevent a race between dhclient and xend's bridge setup # script (which renames eth* to peth* and recreates eth* as a # virtual device), start dhclient after xend. From 81dbac4af3026cdc507459832805aa4c8c375ec5 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Wed, 6 Oct 2010 20:22:36 +0000 Subject: [PATCH 089/100] * Don't run ntpd in DomU. svn path=/nixos/trunk/; revision=24125 --- modules/virtualisation/xen-domU.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/modules/virtualisation/xen-domU.nix b/modules/virtualisation/xen-domU.nix index f4cbaf24c2b2..a83e5dc612e1 100644 --- a/modules/virtualisation/xen-domU.nix +++ b/modules/virtualisation/xen-domU.nix @@ -20,4 +20,7 @@ # Start a mingetty on the Xen console (so that you can login using # "xm console" in Dom0). services.mingetty.ttys = [ "hvc0" "tty1" "tty2" ]; + + # Don't run ntpd, since we should get the correct time from Dom0. + services.ntp.enable = false; } From d556b86f752cbc37deac14ee980b159f9e94ad02 Mon Sep 17 00:00:00 2001 From: Rob Vermaas Date: Thu, 7 Oct 2010 12:46:26 +0000 Subject: [PATCH 090/100] hydra-mirror: enable binary patches svn path=/nixos/trunk/; revision=24133 --- modules/services/backup/hydra-mirror.nix | 16 +++++----------- 1 file changed, 5 insertions(+), 11 deletions(-) diff --git a/modules/services/backup/hydra-mirror.nix b/modules/services/backup/hydra-mirror.nix index 89971095763a..a328a9a159a3 100644 --- a/modules/services/backup/hydra-mirror.nix +++ b/modules/services/backup/hydra-mirror.nix @@ -6,19 +6,11 @@ let cfg = config.services.hydraChannelMirror ; mirrorChannel = pkgs.fetchsvn { url = https://svn.nixos.org/repos/nix/release/trunk/channels/mirror-channel.pl; - rev = 23988; - sha256 = "1h06clvhr3zz378d8fblhwynvzk1smq7fipv7caakakfd31cv8i6"; + rev = 24132; + sha256 = "02xvswbbr2sj9k1wfraa0j9053vf6w88nhk15qwzs8nkm180n820"; }; cronjob = jobset : '' - ${cfg.period} root perl -I${config.environment.nix}/libexec/nix ${mirrorChannel} \ - ${cfg.hydraURL}/jobset/${jobset.project}/${jobset.jobset}/channel/latest \ - ${cfg.dataDir}/channels/${jobset.relURL} \ - ${cfg.dataDir}/nars \ - ${cfg.mirrorURL}/nars \ - ${cfg.dataDir}/patches \ - ${cfg.mirrorURL}/patches \ - ${if jobset.nixexprs == "" then "" else "${cfg.hydraURL}/job/${jobset.project}/${jobset.jobset}/${jobset.nixexprs}/latest/download-by-type/file/source-dist"} \ - >> ${cfg.dataDir}/logs/${jobset.name}.log + ${cfg.period} root ENABLE_PATCHES=1 PATH=${config.environment.nix}/libexec/nix:$PATH perl -I${config.environment.nix}/libexec/nix ${mirrorChannel} ${cfg.hydraURL}/jobset/${jobset.project}/${jobset.jobset}/channel/latest ${cfg.dataDir}/channels/${jobset.relURL} ${cfg.dataDir}/nars ${cfg.mirrorURL}/nars ${cfg.dataDir}/patches ${cfg.mirrorURL}/patches ${if jobset.nixexprs == "" then "" else "${cfg.hydraURL}/job/${jobset.project}/${jobset.jobset}/${jobset.nixexprs}/latest/download-by-type/file/source-dist"} >> ${cfg.dataDir}/logs/${jobset.name}.log ''; in { @@ -82,6 +74,8 @@ in mkdir -m 0755 -p ${cfg.dataDir}/nars mkdir -m 0755 -p ${cfg.dataDir}/patches mkdir -m 0755 -p ${cfg.dataDir}/channels + ln -fs ${cfg.dataDir}/nars ${cfg.dataDir}/channels/nars + ln -fs ${cfg.dataDir}/patches ${cfg.dataDir}/channels/patches mkdir -m 0755 -p ${cfg.dataDir}/logs ${concatMapStrings (j : '' mkdir -m 0755 -p ${cfg.dataDir}/channels/${j.relURL} From 122e125d6b75f7e0913e10427bf34529a51fd97e Mon Sep 17 00:00:00 2001 From: Sander van der Burg Date: Thu, 7 Oct 2010 14:30:52 +0000 Subject: [PATCH 091/100] Added the nixos-deploy-network tool. With this tool you can write a network of NixOS configurations, e.g.: { test1 = {pkgs, config, ...}: { # NixOS config of machine test1 ... }; test2 = {pkgs, config, ...}: { # NixOS config of machine test2 ... }; } And an infrastructure expression, e.g: { test1 = { hostName = "test1.example.org"; system = "i686-linux"; }; test2 = { hostName = "test2.example.org"; system = "x86_64-linux"; }; } And by executing: nixos-deploy-network -n network.nix -i infrastructure.nix The system configurations in the network expression are built, transferred to the machines in the network and finally activated. svn path=/nixos/trunk/; revision=24146 --- .../tools/nixos-deploy-network/deploy.nix | 61 ++++++++++++++++ .../nixos-deploy-network.sh | 73 +++++++++++++++++++ modules/installer/tools/tools.nix | 8 +- 3 files changed, 141 insertions(+), 1 deletion(-) create mode 100644 modules/installer/tools/nixos-deploy-network/deploy.nix create mode 100644 modules/installer/tools/nixos-deploy-network/nixos-deploy-network.sh diff --git a/modules/installer/tools/nixos-deploy-network/deploy.nix b/modules/installer/tools/nixos-deploy-network/deploy.nix new file mode 100644 index 000000000000..8d426780b100 --- /dev/null +++ b/modules/installer/tools/nixos-deploy-network/deploy.nix @@ -0,0 +1,61 @@ +{ nixos ? /etc/nixos/nixos +, nixpkgs ? /etc/nixos/nixpkgs +, networkExpr +, infrastructureExpr +}: + +let + pkgs = import nixpkgs {}; + + inherit (builtins) attrNames getAttr listToAttrs concatMapStrings; + + network = import networkExpr; + infrastructure = import infrastructureExpr; + + generateScript = network: infrastructure: configs: + concatMapStrings (configurationName: + let + infrastructureElement = getAttr configurationName infrastructure; + config = getAttr configurationName configs; + in + '' + echo "=== upgrading ${infrastructureElement.hostName} ===" + nix-copy-closure --to ${infrastructureElement.hostName} ${config.system.build.toplevel} \ + && ssh $NIX_SSHOPTS ${infrastructureElement.hostName} nix-env -p /nix/var/nix/profiles/system --set ${config.system.build.toplevel} \ + && ssh $NIX_SSHOPTS ${infrastructureElement.hostName} ${config.system.build.toplevel}/bin/switch-to-configuration switch \ + && { succeeded=$((succeeded + 1)); } \ + || { failed=$((failed + 1)); echo 'WARNING: upgrade of ${infrastructureElement.hostName} failed!'; } + '' + ) (attrNames network) + ; + + evaluateMachines = network: infrastructure: + listToAttrs (map (configurationName: + let + configuration = getAttr configurationName network; + system = (getAttr configurationName infrastructure).system; + in + { name = configurationName; + value = (import "${nixos}/lib/eval-config.nix" { + inherit nixpkgs system; + modules = [ configuration ]; + extraArgs = evaluateMachines network infrastructure; + }).config; } + ) (attrNames (network))) + ; + + configs = evaluateMachines network infrastructure; +in +pkgs.stdenv.mkDerivation { + name = "deploy-script"; + buildCommand = '' + ensureDir $out/bin + cat > $out/bin/deploy-systems << "EOF" + #! ${pkgs.stdenv.shell} -e + failed=0; succeeded=0 + ${generateScript network infrastructure configs} + echo "Upgrade of $failed machines failed, $succeeded machines succeeded."; + EOF + chmod +x $out/bin/deploy-systems + ''; +} diff --git a/modules/installer/tools/nixos-deploy-network/nixos-deploy-network.sh b/modules/installer/tools/nixos-deploy-network/nixos-deploy-network.sh new file mode 100644 index 000000000000..62463285f0fd --- /dev/null +++ b/modules/installer/tools/nixos-deploy-network/nixos-deploy-network.sh @@ -0,0 +1,73 @@ +#! @shell@ -e + +# Shows the usage of this command to the user + +showUsage() +{ + echo "Usage: $0 -n network_expr -i infrastructure_expr" + echo "Options:" + echo + echo "-n,--network Network Nix expression which captures properties of machines in the network" + echo "-i,--infrastructure Infrastructure Nix expression which captures properties of machines in the network" + echo "-h,--help Shows the usage of this command" +} + +# Parse valid argument options + +PARAMS=`getopt -n $0 -o n:i:h -l network:,infrastructure:,show-trace,help -- "$@"` + +if [ $? != 0 ] +then + showUsage + exit 1 +fi + +eval set -- "$PARAMS" + +# Evaluate valid options + +while [ "$1" != "--" ] +do + case "$1" in + -n|--network) + networkExpr=`readlink -f $2` + ;; + -i|--infrastructure) + infrastructureExpr=`readlink -f $2` + ;; + --show-trace) + showTraceArg="--show-trace" + ;; + -h|--help) + showUsage + exit 0 + ;; + esac + + shift +done + +# Validate the given options + +if [ "$infrastructureExpr" = "" ] +then + echo "ERROR: A infrastructure expression must be specified!" >&2 + exit 1 +fi + +if [ "$networkExpr" = "" ] +then + echo "ERROR: A network expression must be specified!" >&2 + exit 1 +fi + +if [ -z "$NIXOS" ] +then + NIXOS=/etc/nixos/nixos +fi + +# Deploy the network + +nix-build $NIXOS/deploy.nix --argstr networkExpr $networkExpr --argstr infrastructureExpr $infrastructureExpr $showTraceArg +./result/bin/deploy-systems +rm -f result diff --git a/modules/installer/tools/tools.nix b/modules/installer/tools/tools.nix index cb4c52f31eff..8dd07c67f916 100644 --- a/modules/installer/tools/tools.nix +++ b/modules/installer/tools/tools.nix @@ -11,6 +11,11 @@ let isExecutable = true; }); + nixosDeployNetwork = makeProg { + name = "nixos-deploy-network"; + src = ./nixos-deploy-network/nixos-deploy-network.sh; + }; + nixosInstall = makeProg { name = "nixos-install"; src = ./nixos-install.sh; @@ -126,7 +131,8 @@ in config = { environment.systemPackages = - [ nixosInstall + [ nixosDeployNetwork + nixosInstall nixosRebuild nixosHardwareScan nixosGenSeccureKeys From 2b2b7820a9fc3c80c8c60e55c86bc357c5edd765 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= Date: Thu, 7 Oct 2010 16:58:07 +0000 Subject: [PATCH 092/100] Add an Avahi (mDNS/DNS-SD) and NSS-mDNS test. svn path=/nixos/trunk/; revision=24148 --- tests/avahi.nix | 60 +++++++++++++++++++++++++++++++++++++++++++++++ tests/default.nix | 1 + 2 files changed, 61 insertions(+) create mode 100644 tests/avahi.nix diff --git a/tests/avahi.nix b/tests/avahi.nix new file mode 100644 index 000000000000..fe50edc28584 --- /dev/null +++ b/tests/avahi.nix @@ -0,0 +1,60 @@ +{ pkgs, ... }: + +with pkgs; + +{ + nodes = { + one = + { config, pkgs, ... }: { + services.avahi.enable = true; + services.avahi.nssmdns = true; + }; + + two = + { config, pkgs, ... }: { + services.avahi.enable = true; + services.avahi.nssmdns = true; + }; + }; + + # Test whether `avahi-daemon' and `libnss-mdns' work as expected. + testScript = + '' startAll; + + # mDNS. + print STDERR + $one->mustSucceed("avahi-resolve-host-name one.local | tee out"); + $one->mustSucceed("test \"`cut -f1 < out`\" = one.local"); + print STDERR + $one->mustSucceed("avahi-resolve-host-name two.local | tee out"); + $one->mustSucceed("test \"`cut -f1 < out`\" = two.local"); + + print STDERR + $two->mustSucceed("avahi-resolve-host-name one.local | tee out"); + $two->mustSucceed("test \"`cut -f1 < out`\" = one.local"); + print STDERR + $two->mustSucceed("avahi-resolve-host-name two.local | tee out"); + $two->mustSucceed("test \"`cut -f1 < out`\" = two.local"); + + # Basic DNS-SD. + print STDERR + $one->mustSucceed("avahi-browse -r -t _workstation._tcp | tee out"); + $one->mustSucceed("test `wc -l < out` -gt 0"); + print STDERR + $two->mustSucceed("avahi-browse -r -t _workstation._tcp | tee out"); + $two->mustSucceed("test `wc -l < out` -gt 0"); + + # More DNS-SD. + $one->execute("avahi-publish -s \"This is a test\" _test._tcp 123 one=1 &"); + sleep 5; + print STDERR + $two->mustSucceed("avahi-browse -r -t _test._tcp | tee out"); + $two->mustSucceed("test `wc -l < out` -gt 0"); + + # NSS-mDNS. + print STDERR $one->mustSucceed("ping -c1 one.local"); + print STDERR $one->mustSucceed("ping -c1 two.local"); + print STDERR $two->mustSucceed("ping -c1 one.local"); + print STDERR $two->mustSucceed("ping -c1 two.local"); + ''; +} diff --git a/tests/default.nix b/tests/default.nix index 37ca37e0728a..12a7244d6e10 100644 --- a/tests/default.nix +++ b/tests/default.nix @@ -6,6 +6,7 @@ with import ../lib/testing.nix { inherit nixpkgs services system; }; { + avahi = makeTest (import ./avahi.nix); bittorrent = makeTest (import ./bittorrent.nix); firefox = makeTest (import ./firefox.nix); installer = makeTests (import ./installer.nix); From dc18e5488a2bb4d04f97f6f0b242630f1a0f07fc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= Date: Thu, 7 Oct 2010 20:10:40 +0000 Subject: [PATCH 093/100] NSS-mDNS: Allow both IPv4 and IPv6 address resolution. svn path=/nixos/trunk/; revision=24150 --- modules/config/nsswitch-mdns.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/config/nsswitch-mdns.conf b/modules/config/nsswitch-mdns.conf index eefbd0c4203e..61dd436682d3 100644 --- a/modules/config/nsswitch-mdns.conf +++ b/modules/config/nsswitch-mdns.conf @@ -4,7 +4,7 @@ passwd: ldap files group: ldap files shadow: ldap files -hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4 +hosts: files mdns_minimal [NOTFOUND=return] dns mdns networks: files dns services: files From 5e6186418ef2bdf253262aa6d1e4e54e356e4c8e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= Date: Thu, 7 Oct 2010 20:10:45 +0000 Subject: [PATCH 094/100] Avahi test: Use `getent hosts' instead of `ping -c1'. svn path=/nixos/trunk/; revision=24151 --- tests/avahi.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/avahi.nix b/tests/avahi.nix index fe50edc28584..2bf811b5cb3c 100644 --- a/tests/avahi.nix +++ b/tests/avahi.nix @@ -52,9 +52,9 @@ with pkgs; $two->mustSucceed("test `wc -l < out` -gt 0"); # NSS-mDNS. - print STDERR $one->mustSucceed("ping -c1 one.local"); - print STDERR $one->mustSucceed("ping -c1 two.local"); - print STDERR $two->mustSucceed("ping -c1 one.local"); - print STDERR $two->mustSucceed("ping -c1 two.local"); + print STDERR $one->mustSucceed("getent hosts one.local"); + print STDERR $one->mustSucceed("getent hosts two.local"); + print STDERR $two->mustSucceed("getent hosts one.local"); + print STDERR $two->mustSucceed("getent hosts two.local"); ''; } From 8d88e37b27318dede6a128f60ec8124648e98bc5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= Date: Thu, 7 Oct 2010 20:10:49 +0000 Subject: [PATCH 095/100] avahi-daemon: Remove outdated and confusing comment. svn path=/nixos/trunk/; revision=24152 --- modules/services/networking/avahi-daemon.nix | 6 ------ 1 file changed, 6 deletions(-) diff --git a/modules/services/networking/avahi-daemon.nix b/modules/services/networking/avahi-daemon.nix index 784ac21e89e0..0ca9869db0b4 100644 --- a/modules/services/networking/avahi-daemon.nix +++ b/modules/services/networking/avahi-daemon.nix @@ -81,12 +81,6 @@ in Whether to enable the mDNS NSS (Name Service Switch) plug-in. Enabling it allows applications to resolve names in the `.local' domain by transparently querying the Avahi daemon. - - Warning: Currently, enabling this option breaks DNS lookups after - a `nixos-rebuild'. This is because `/etc/nsswitch.conf' is - updated to use `nss-mdns' but `libnss_mdns' is not in - applications' `LD_LIBRARY_PATH'. The next time `/etc/profile' is - sourced, it will set up an appropriate `LD_LIBRARY_PATH', though. ''; }; From f9d4df1e04ca14041c15c1b2cf5d9604cc2d30af Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Fri, 8 Oct 2010 12:57:21 +0000 Subject: [PATCH 096/100] svn path=/nixos/trunk/; revision=24185 --- modules/services/web-servers/apache-httpd/twiki.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/services/web-servers/apache-httpd/twiki.nix b/modules/services/web-servers/apache-httpd/twiki.nix index e55197ade67e..dca92062fa8a 100644 --- a/modules/services/web-servers/apache-httpd/twiki.nix +++ b/modules/services/web-servers/apache-httpd/twiki.nix @@ -20,7 +20,7 @@ let defaultUrlHost = ""; # Build the TWiki CGI and configuration files. - twikiRoot = (import /etc/nixos/services/twiki/twiki-instance.nix).twiki { + twikiRoot = (import /etc/nixos/services/twiki/twiki-instance.nix { inherit pkgs; }).twiki { name = "wiki-instance"; pubdir = pubDir; datadir = dataDir; @@ -143,4 +143,4 @@ in { }; -} \ No newline at end of file +} From a069fcffc6022debe23c11f146bacd7ce5a7db5b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Llu=C3=ADs=20Batlle=20i=20Rossell?= Date: Sun, 10 Oct 2010 10:43:28 +0000 Subject: [PATCH 097/100] Making a nixos option about the system 'sendmail', which postfix sets, for example. svn path=/nixos/trunk/; revision=24193 --- modules/module-list.nix | 2 ++ modules/services/mail/mail.nix | 33 +++++++++++++++++++++++++++++++ modules/services/mail/postfix.nix | 27 +++++++++++++++++++++---- 3 files changed, 58 insertions(+), 4 deletions(-) create mode 100644 modules/services/mail/mail.nix diff --git a/modules/module-list.nix b/modules/module-list.nix index 83657d922fee..4bc46544d107 100644 --- a/modules/module-list.nix +++ b/modules/module-list.nix @@ -14,6 +14,7 @@ ./config/users-groups.nix ./hardware/network/intel-2200bg.nix ./hardware/network/intel-3945abg.nix + ./hardware/network/rt2870.nix ./hardware/network/rt73.nix ./hardware/pcmcia.nix ./installer/generations-dir/generations-dir.nix @@ -59,6 +60,7 @@ ./services/logging/logrotate.nix ./services/logging/syslogd.nix ./services/mail/dovecot.nix + ./services/mail/mail.nix ./services/mail/postfix.nix ./services/misc/autofs.nix ./services/misc/disnix.nix diff --git a/modules/services/mail/mail.nix b/modules/services/mail/mail.nix new file mode 100644 index 000000000000..bdf6b28ffbc7 --- /dev/null +++ b/modules/services/mail/mail.nix @@ -0,0 +1,33 @@ +{ config, pkgs, ... }: + +with pkgs.lib; + +{ + + ###### interface + + options = { + + services.mail = { + + sendmailSetuidWrapper = mkOption { + default = null; + description = '' + Configuration for the sendmail setuid wrwapper (like an element of + security.setuidOwners)"; + ''; + }; + + }; + + }; + + ###### implementation + + config = mkIf (config.services.mail.sendmailSetuidWrapper != null) { + + security.setuidOwners = [ config.services.mail.sendmailSetuidWrapper ]; + + }; + +} diff --git a/modules/services/mail/postfix.nix b/modules/services/mail/postfix.nix index 03c77885d069..3eda558f1c50 100644 --- a/modules/services/mail/postfix.nix +++ b/modules/services/mail/postfix.nix @@ -111,6 +111,11 @@ in default = false; description = "Whether to run the Postfix mail server."; }; + + setSendmail = mkOption { + default = true; + description = "Whether to set the system sendmail to postfix's."; + }; user = mkOption { default = "postfix"; @@ -254,10 +259,24 @@ in config = mkIf config.services.postfix.enable { - environment.etc = singleton - { source = "/var/postfix/conf"; - target = "postfix"; - }; + environment = { + etc = singleton + { source = "/var/postfix/conf"; + target = "postfix"; + }; + + # This makes comfortable for root to run 'postqueue' for example. + systemPackages = [ pkgs.postfix ]; + }; + + services.mail.sendmailSetuidWrapper = mkIf config.services.postfix.setSendmail { + program = "sendmail"; + source = "${pkgs.postfix}/bin/sendmail"; + owner = "nobody"; + group = "postdrop"; + setuid = false; + setgid = true; + }; users.extraUsers = singleton { name = user; From 70a2ad789877422ebe7b76fa8be09637ab4c4665 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Llu=C3=ADs=20Batlle=20i=20Rossell?= Date: Sun, 10 Oct 2010 11:08:10 +0000 Subject: [PATCH 098/100] Requiring nixpkgs 24196, I made nixos set the sendmail path to vixie cron, so now vixie cron can send mail properly, for example if a user enabled the 'postfix' service. svn path=/nixos/trunk/; revision=24197 --- modules/services/scheduling/cron.nix | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/modules/services/scheduling/cron.nix b/modules/services/scheduling/cron.nix index e769caefdf59..c6af4995079e 100644 --- a/modules/services/scheduling/cron.nix +++ b/modules/services/scheduling/cron.nix @@ -15,6 +15,13 @@ let NIX_CONF_DIR=/nix/etc/nix ${pkgs.lib.concatStrings (map (job: job + "\n") config.services.cron.systemCronJobs)} ''; + + # Vixie cron requires build-time configuration for the sendmail path. + cronNixosPkg = pkgs.cron.override { + # The mail.nix nixos module, if there is any local mail system enabled, + # should have sendmail in this path. + sendmailPath = "/var/setuid-wrappers/sendmail"; + }; in @@ -65,7 +72,7 @@ in mode = "0600"; # Cron requires this. }; - environment.systemPackages = [pkgs.cron]; + environment.systemPackages = [ cronNixosPkg ]; jobs.cron = { description = "Cron daemon"; @@ -86,7 +93,7 @@ in fi ''; - exec = "${pkgs.cron}/sbin/cron -n"; + exec = "${cronNixosPkg}/sbin/cron -n"; }; }; From dc11ce585f0487da095374edf9e3285b1208089a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Llu=C3=ADs=20Batlle=20i=20Rossell?= Date: Sun, 10 Oct 2010 11:14:02 +0000 Subject: [PATCH 099/100] Making vixie cron have the usual enable/disable nixos service option. svn path=/nixos/trunk/; revision=24198 --- modules/services/scheduling/cron.nix | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/modules/services/scheduling/cron.nix b/modules/services/scheduling/cron.nix index c6af4995079e..04c85eecf747 100644 --- a/modules/services/scheduling/cron.nix +++ b/modules/services/scheduling/cron.nix @@ -33,6 +33,11 @@ in services.cron = { + enable = mkOption { + default = true; + description = "Whether to enable the `vixie cron' daemon."; + }; + mailto = mkOption { default = ""; description = " The job output will be mailed to this email address. "; @@ -63,7 +68,7 @@ in ###### implementation - config = { + config = mkIf config.services.cron.enable { environment.etc = singleton # The system-wide crontab. From 79ded36abfc003550170f6edfec3b3824682986f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Llu=C3=ADs=20Batlle=20i=20Rossell?= Date: Sun, 10 Oct 2010 11:35:15 +0000 Subject: [PATCH 100/100] Making cron/fcron set their setuid wrappers. And made fcron use the nixos systemCrontabJobs by default. It does not look very modular, and the manual may not look very good, but I think it works better than before. And setting cron.enable = false and fcron.enable = true works fine. svn path=/nixos/trunk/; revision=24199 --- modules/security/setuid-wrappers.nix | 2 +- modules/services/scheduling/cron.nix | 8 +++++++- modules/services/scheduling/fcron.nix | 23 +++++++++++------------ 3 files changed, 19 insertions(+), 14 deletions(-) diff --git a/modules/security/setuid-wrappers.nix b/modules/security/setuid-wrappers.nix index edbae5d55c82..a7238b9add5c 100644 --- a/modules/security/setuid-wrappers.nix +++ b/modules/security/setuid-wrappers.nix @@ -75,7 +75,7 @@ in config = { security.setuidPrograms = - [ "crontab" "fusermount" "wodim" "cdrdao" "growisofs" ]; + [ "fusermount" "wodim" "cdrdao" "growisofs" ]; system.activationScripts.setuid = let diff --git a/modules/services/scheduling/cron.nix b/modules/services/scheduling/cron.nix index 04c85eecf747..555cde928760 100644 --- a/modules/services/scheduling/cron.nix +++ b/modules/services/scheduling/cron.nix @@ -58,6 +58,10 @@ in If neither /var/cron/cron.deny nor /var/cron/cron.allow exist only root will is allowed to have its own crontab file. The /var/cron/cron.deny file is created automatically for you. So every user can use a crontab. + + Many nixos modules set systemCronJobs, so if you decide to disable vixie cron + and enable another cron daemon, you may want it to get its system crontab + based on systemCronJobs. ''; }; @@ -68,7 +72,7 @@ in ###### implementation - config = mkIf config.services.cron.enable { + config = mkIf config.services.cron.enable { environment.etc = singleton # The system-wide crontab. @@ -77,6 +81,8 @@ in mode = "0600"; # Cron requires this. }; + security.setuidPrograms = [ "crontab" ]; + environment.systemPackages = [ cronNixosPkg ]; jobs.cron = diff --git a/modules/services/scheduling/fcron.nix b/modules/services/scheduling/fcron.nix index f217449cf0c8..5bff33b3e274 100644 --- a/modules/services/scheduling/fcron.nix +++ b/modules/services/scheduling/fcron.nix @@ -4,20 +4,17 @@ with pkgs.lib; let - # Put all the system cronjobs together. - # TODO allow using fcron only.. - #systemCronJobs = - # config.services.cron.systemCronJobs; cfg = config.services.fcron; queuelen = if cfg.queuelen == "" then "" else "-q ${toString cfg.queuelen}"; - # shell is set to /sh in config.. - # ${pkgs.lib.concatStrings (map (job: job + "\n") systemCronJobs)} - systemCronJobsFile = pkgs.writeText "fcron-systab" + systemCronJobsFile = pkgs.writeText "system-crontab" '' - SHELL=${pkgs.bash}/bin/sh - PATH=${pkgs.coreutils}/bin:${pkgs.findutils}/bin:${pkgs.gnused}/bin + SHELL=${pkgs.bash}/bin/bash + PATH=${config.system.path}/bin:${config.system.path}/sbin + MAILTO="${config.services.cron.mailto}" + NIX_CONF_DIR=/nix/etc/nix + ${pkgs.lib.concatStrings (map (job: job + "\n") config.services.cron.systemCronJobs)} ''; allowdeny = target: users: @@ -42,7 +39,7 @@ in }; allow = mkOption { - default = []; + default = [ "all" ]; description = '' Users allowed to use fcrontab and fcrondyn (one name per line, "all" for everyone). ''; @@ -64,7 +61,7 @@ in }; systab = mkOption { - default = ""; + default = systemCronJobsFile; description = ''The "system" crontab contents.''; }; }; @@ -77,7 +74,7 @@ in config = mkIf cfg.enable { environment.etc = - [ (allowdeny "allow" (["root"] ++ cfg.allow)) + [ (allowdeny "allow" (cfg.allow)) (allowdeny "deny" cfg.deny) # see man 5 fcron.conf { source = pkgs.writeText "fcon.conf" '' @@ -97,6 +94,8 @@ in environment.systemPackages = [ pkgs.fcron ]; + security.setuidPrograms = [ "fcrontab" ]; + jobs.fcron = { description = "fcron daemon";