The continue keyword was previously used to mount the next device, but
the loop in has been removed. (see r17919)
svn path=/nixos/trunk/; revision=17973
with an empty password, rather than with a hashed empty password.
The latter is a security risk, because it allows remote root logins
if a user enables sshd before setting a proper root password.
* Allow empty passwords for login and slim, but nothing else.
svn path=/nixos/trunk/; revision=17833
style of declaring Upstart jobs. While at it, converted them to the
current NixOS module style and improved some option descriptions.
Hopefully I didn't break too much :-)
svn path=/nixos/trunk/; revision=17761
Purpose: Allow overwriding of properties such as:
config.jobAttrs.sshd.startOn = "never";
thanks to Nicolas Pierron for reviewing and
extending nixpkgs to make this possible
I'll convert most of the jobs ASAP so please don't care
about the depreceateion much right now
svn path=/nixos/trunk/; revision=17650
* Renamed some of the new Grub options to more sensible names
(e.g. extraGrubEntries to extraEntries, bootMount to bootDevice,
etc.).
svn path=/nixos/trunk/; revision=17494
fetch definitions of oldest options and to add them inside the new option.
Properties are still valid and will not be affected by the renaming. e.g:
with: rename alias "foo.bar" to "baz.quz"
and with the following module:
{
foo.bar = (mkOverride 10 {}) 42;
baz.quz = 21;
}
the result of baz.quz would be 42 because the priority is still working
after the renaming.
svn path=/nixos/trunk/; revision=17484
needed now that we don't use pam_devperm anymore. When udev is
restarted, it now asks ConsoleKit to get the active users and sets
device ACLs accordingly.
svn path=/nixos/trunk/; revision=17474
grub. Its options are no more inside 'boot', but inside 'boot.loader.grub'.
I added a new bootloader configuration for nixos, generationsDir. It creates
/boot/default/{init,initrd,kernel,system} symlinks, and the same for the generations
in /boot/system-$gen/{init,initrd,kernel,system}.
I can program the u-boot loader to load /boot/default files always, and have
a minimal nixos boot loader installer functionality. Additionally, I can refer
to the other system generations easily, with a simple 'ls' in /boot.
svn path=/nixos/trunk/; revision=17460
* Don't try to remount CIFS filesystems.
* For devices specified by label, use /dev/disk/by-label instead of
LABEL=. The initrd already did this.
* Improved the flagging of pseudo devices.
svn path=/nixos/trunk/; revision=17431
recognise X logins as active sessions (i.e. ck-list-sessions will
show "active = FALSE", and the user doesn't get ownership of
devices). I guess console-kit-daemon (which is started by dbus)
needs some device in /dev to exist.
svn path=/nixos/trunk/; revision=17428
numbers. This also requires kbd and tty-backgrounds to be updated
(and by extension syslogd and rogue). Also updated the style of
those modules.
svn path=/nixos/trunk/; revision=17424
fix creating directories by skipping comments and interpreting quotes,
take input from ${exports} which may be different from /etc/exports
which also restarts the service in this case updating the export list
Also run rpc.statd in forground so that it doesn't get respawned
svn path=/nixos/trunk/; revision=17358
* Change the module syntax of the example to follow Eelco's suggestions.
* Add a section "Building your own NixOS CD", which explain how to replace
configuration.nix by the configuration file of a live CD/DVD.
* Fix "Testing the installer" and "Testing the initrd" to fit the location
of derivations.
svn path=/nixos/trunk/; revision=17105
to directly boot into any of the Grub menu entries. This doesn't
work yet though. Probably Grub needs some messing with the
savedefault option.
svn path=/nixos/trunk/; revision=17091
work for X logins. (The documentation also says so.) Instead just
call ck-launch-session from the xsession script.
svn path=/nixos/trunk/; revision=17090
default session is selected. This is because we always want to run
our own initialisation (like starting ssh-agent).
* ssh-agent: don't start it is a child but have it re-exec the
xsession script. This ensures that ssh-agent quits when we log out.
* In the xsession script, don't redirect output to ~/.xsession-errors
if the display manager is kdm, since kdm already does that. In fact
it uses ~/.xsession-errors<optional number> if there are concurrent
X sessions.
* For consistency with other distros and the xdm manpage, exec the
~/.xsession script instead of sourcing it. Do this for the "custom"
session type provided by kdm.
svn path=/nixos/trunk/; revision=17087
some reason:
Sep 10 17:52:49 dutibo kernel: mtrr: no MTRR for f0000000,400000 found
Sep 10 17:52:50 dutibo kdm[2960]: X server for display :0 terminated unexpectedly
Sep 10 17:52:50 dutibo kdm[2960]: Unable to fire up local display :0; disabling.
svn path=/nixos/trunk/; revision=17013
* Modularised the xorg.conf generation. For instance, the Wacom and
Synaptics support has been moved into separate modules. The
contents of xorg.conf is defined by the option
services.xserver.config, and various other options for specific
sections (e.g. services.xserver.serverLayoutSection).
* displayManager.job.env: made this an attribute set.
* tcpEnable -> enableTCP for naming consistency.
* defaultDepth can be set to 0 to leave it undefined (needed for the
vmware driver).
* Removed some options that seem obsolete or are now the default
(e.g. RenderAccel, AllowGLXWithComposite).
* Removed services.xserver.package. This can now be done using
nixpkgs.config.packageOverrides.
svn path=/nixos/trunk/; revision=17004
- Added rpc.statd service, which prevents messages that tell you that you should use -o nolock
- Create /var/lib/nfs on initialization
- Create /etc/exports, so that exportfs can create /var/lib/nfs/etab. This prevents errors such as: mount.nfs: an incorrect mount option was specified
svn path=/nixos/trunk/; revision=16953
substitute some values, just prepend them to the start of kdmrc.
KDM will merge multiple sections with the same name (even though it
complains a bit). Option definitions that occur first have
precedence.
svn path=/nixos/trunk/; revision=16940
adding an attribute "password" that defines the default password for
an account. The default (null, as opposed to the empty string)
means not to set a password.
svn path=/nixos/trunk/; revision=16937
into one argument "modules".
* release.nix: fixed the manual job.
* ISO generation: break an infinite recursion. Don't know why this
suddenly happens. Probably because of the nixpkgs.config change,
but I don't see why. Maybe the option evaluation is too strict.
svn path=/nixos/trunk/; revision=16878
be set from the NixOS configuration. For instance, you can say
nixpkgs.config.firefox.enableGeckoMediaPlayer = true;
environment.systemPackages = [ pkgs.firefox ];
but the more interesting application is to apply global overrides to
Nixpkgs throughout NixOS, e.g.
nixpkgs.config.packageOverrides = pkgs:
{ glibc = pkgs.glibc27;
gcc = pkgs.gcc42;
};
would build the whole system with Glibc 2.7 and GCC 4.2. (There are
some issues with "useFromStdenv" in all-packages.nix that need to be
fixed for packages in the stdenv bootstrap though.)
The implementation of this option is kind of evil though due to the
need to prevent a circularity between the evaluation of
nixpkgs.config and the "pkgs" module argument.
svn path=/nixos/trunk/; revision=16866
separate module, which just declares a configuration value that
causes the xinetd module to add it to xinetd.conf. Also Nixified
the service declarations to abstract over the inetd implementation.
* Renamed the services.xinetd.tftpd options to services.tftpd. The
fact that the tftpd module uses xinetd is an implementation detail.
* xinetd: use -dontfork to let Upstart monitor it, and use -syslog to
get error messages at startup.
svn path=/nixos/trunk/; revision=16803
* Let ConsoleKit track the current logins instead of pam_console.
Udev now takes care of setting the device permissions to the active
user. This works much better, since pam_console wouldn't apply
permissions to new (hot-plugged) devices. Also, the udev+ConsoleKit
approach supports user switching. (We don't have that for X yet,
but it already works for logins on virtual consoles: if you switch
between different users on differents VCs with Alt+Fn, the device
ownership will be changed automatically.)
svn path=/nixos/trunk/; revision=16743
the bus daemon can start on demand). ConsoleKit and PolicyKit need
this. This requires a setuid wrapper for dbus-daemon-launch-helper,
as well as a "messagebus" group.
svn path=/nixos/trunk/; revision=16736
mkOption argument, because then we lose them if somebody sets
security.setuidPrograms somewhere else. (Shouldn't "default" be
merged as well?)
svn path=/nixos/trunk/; revision=16734
programs require that the mode is 4550 so that execution of the
setuid program can be restricted to members of a group.
* setuid-wrappers: remove a race condition in the creation of the
wrappers if the ownership or mode was different than root:root and
4555.
* setuid-wrappers: allow the full path of the wrapped program to be
specified, rather than looking it up in $PATH.
svn path=/nixos/trunk/; revision=16733
option security.pam.services containing the list of PAM services.
For instance, the SLiM module simply declares:
security.pam.services = [ { name = "slim"; localLogin = true; } ];
svn path=/nixos/trunk/; revision=16729
interface names, use udev's own firmware loader, and dropped the
sndMode option (udev puts all audio devices in the "audio" group, so
users can be added to that group if necessary).
svn path=/nixos/trunk/; revision=16692
util-linux-ng instead of e2fsprogs, blkid is in util-linux-ng, and
we need to manually create /dev/.udev prior to starting udevd for
some reason.
svn path=/nixos/trunk/; revision=16691
machine containing a replica (minus the state) of the system
configuration. This is mostly useful for testing configuration
changes prior to doing an actual "nixos-rebuild switch" (or even
"nixos-rebuild test"). The VM can be started as follows:
$ nixos-rebuild build-vm
$ ./result/bin/run-*-vm
which starts a KVM/QEMU instance. Additional QEMU options can be
passed through the QEMU_OPTS environment variable
(e.g. QEMU_OPTS="-redir tcp:8080::80" to forward a host port to the
guest). The fileSystem attribute of the regular system
configuration is ignored (using mkOverride), because obviously we
can't allow the VM to access the host's block devices. Instead, at
startup the VM creates an empty disk image in ./<hostname>.qcow2 to
store the VM's root filesystem.
Building a VM in this way is efficient because the VM shares its Nix
store with the host (through a CIFS mount). However, because the
Nix store of the host is mounted read-only in the guest, you cannot
run Nix build actions inside the VM. Therefore the VM can only be
reconfigured by re-running "nixos-rebuild build-vm" on the host and
restarting the VM.
svn path=/nixos/trunk/; revision=16662
* Simplified the udev rules generation: merged nixRules into
services.udev.extraRules, and handle services.udev.extraRules using
services.udev.packages.
svn path=/nixos/trunk/; revision=16655
With these modifications, a user can configure a tomcat instance with web applications and web services by writing a service, such as:
...
services = {
tomcat = {
enable = true;
webapps = [ mypkgs.HelloWorldWebApplication ];
axis2 = {
enable = true;
services = [ mypkgs.HelloService mypkgs.HelloWorldService ];
};
};
};
svn path=/nixos/trunk/; revision=16619
(e.g. --install-grub instead of $NIXOS_INSTALL_GRUB). Also support
some nix-build options (e.g. --show-trace and -j).
svn path=/nixos/branches/modular-nixos/; revision=16560
gets rid of endless dhclient log messages such as
Jul 16 19:09:30 dutibo dhclient: DHCPDISCOVER on wmaster0 to 255.255.255.255 port 67 interval 19
Jul 16 19:09:30 dutibo dhclient: send_packet: Network is down
svn path=/nixos/branches/modular-nixos/; revision=16407
* Simplified the pre-start script of the network-interfaces module.
* Removed wireless support from the network-interfaces module. It
only worked for static WEP configurations anyway, and AFAIK nobody
used it.
svn path=/nixos/branches/modular-nixos/; revision=16406
broken httpd.conf to be generated. We should really have a merge
function that appends newlines to every value of options like
services.httpd.extraConfig.
svn path=/nixos/branches/modular-nixos/; revision=16404
jobs, e.g. (from the nscd job)
{ name = "nscd";
description = "Name Service Cache Daemon";
startOn = "startup";
stopOn = "shutdown";
environment = { LD_LIBRARY_PATH = nssModulesPath; };
preStart =
''
mkdir -m 0755 -p /var/run/nscd
mkdir -m 0755 -p /var/db/nscd
'';
exec = "${pkgs.glibc}/sbin/nscd -f ${./nscd.conf} -d 2> /dev/null";
};
The Upstart job is generated from this. The main goal is to provide
some abstraction from the Upstart syntax. For instance, this should
make it easier to upgrade to newer versions of Upstart, to switch to
an entirely different process management system (e.g. initng or
launchd), or to test a job independantly from Upstart. (However the
startOn and stopOn attributes are tied to Upstart's event model.)
svn path=/nixos/branches/modular-nixos/; revision=16376