3
0
Fork 0
forked from mirrors/nixpkgs
Commit graph

2412 commits

Author SHA1 Message Date
Eelco Dolstra 2d9258da67 auto.nix: Use SLiM to implement auto-logins 2012-10-24 12:31:02 +02:00
Vladimír Čunát a392468245 Merge pull request #39 from MarcWeber/fixes/ati-proprietary
making ati proprietary drivers work again
2012-10-24 02:59:38 -07:00
Eelco Dolstra 224c825a36 Add option ‘users.motd’ for setting a message of the day shown on login
Note that this uses pam_motd.
2012-10-23 09:10:48 -04:00
Eelco Dolstra c980faebe2 upstart.nix: Set ‘Type’ to ‘oneshot’ for Upstart tasks
This way the service will only reach the "started" state when the task
has finished.
2012-10-23 08:30:50 -04:00
Eelco Dolstra e5fa3f108e Set uniqueness constraint on boot.devShmSize etc. 2012-10-23 07:50:23 -04:00
Eelco Dolstra 7efde0740e Add user option ‘isAlias’ to allow one user account to alias another 2012-10-23 13:35:06 +02:00
Jack Cummings 1cbad692c3 Add an option to add 'option=single-request' to /etc/resolv.conf. 2012-10-21 21:49:21 -07:00
Eelco Dolstra c8628e0293 Don't let interfaces get IPv6 addresses if networking.enableIPv6 is false 2012-10-19 15:41:01 -04:00
Eelco Dolstra ac8db6fd33 firewall.nix: Don't fail if IPv6 is disabled 2012-10-19 15:21:06 -04:00
Eelco Dolstra 06cbe62537 switch-to-configuration: Support services activated by multiple sockets 2012-10-18 13:26:47 -04:00
Eelco Dolstra b4a1893cdd systemd-vconsole-setup: Don't put the X server in non-raw mode
‘systemd-vconsole-setup’ by default operates on /dev/tty0, the
currently active tty.  Since it puts /dev/tty0 in Unicode or ASCII
mode, if the X server is currently active when it runs, keys such as
Alt-F4 won't reach the X server anymore.  So use /dev/tty1 instead.
2012-10-18 11:58:37 -04:00
Eelco Dolstra a4cad32c3d Generate more user-friendly script filenames
This is primarily important in journal entries.
2012-10-18 11:58:37 -04:00
Peter Simons 7d58132c0a Merge pull request #36 from jcumming/hostapd
hostapd module
2012-10-18 03:21:31 -07:00
aszlig f9831a94c9
apache-httpd: Simplify all versionOlder calls.
We now just have a simple attribute called "version24" which replaces all those
pesky versionOlder that were spreading throughout the file and makes things way
more readable.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2012-10-17 17:47:30 +02:00
aszlig 919e6e55a9
apache-httpd: Create runtime dir for version 2.4.
By default the path is determined related to ServerRoot. Unfortunately
ServerRoot is pointing to the Nix store and the web server can't write to it.

We now create a directory called "runtime" withen the stateDir and point
DefaultRuntimeDir to it.

For more information on the DefaultRuntimeDir directive, please see:

http://httpd.apache.org/docs/2.4/mod/core.html#defaultruntimedir

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2012-10-17 17:38:43 +02:00
aszlig 5655ec0efa
apache-httpd: Avoid NameVirtualHost in >= v2.4.
NameVirtualHost no longer has any effect on version 2.4 and just emits ugly
warnings, so let's not use it if we use 2.4.

More information: http://httpd.apache.org/docs/2.4/upgrading.html#misc

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2012-10-17 17:03:50 +02:00
aszlig a88453fbaa
apache-httpd: Properly wrap access directives.
The Order/Deny directives are deprecated in version 2.4, so we're going to
define two wrappers for allDenied and allGranted in order to properly generate
configurations for both version 2.2 and 2.4.

For more information an access control changes, see:

http://httpd.apache.org/docs/2.4/upgrading.html#access

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2012-10-17 16:57:18 +02:00
aszlig 3acd98b040
apache-httpd: Add unixd for 2.4, needed by "User".
Beginning with 2.4 mod_unixd is needed to supply Unix usernames and groups for
the web server. For details please have a look at:

http://httpd.apache.org/docs/2.4/upgrading.html#commonproblems

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2012-10-17 15:34:08 +02:00
aszlig 3ad8fac5a2
apache-httpd: Dynamically load MPM module in v2.4.
Now, MPMs can be loaded at runtime and it's no longer required to compile in one
of the MPM modules statically. So, if version is >= 2.4, load the MPM module
corresponding to the multiProcessingModule value of the service module.

For details, please see: http://httpd.apache.org/docs/2.4/mpm.html

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2012-10-17 15:17:48 +02:00
aszlig 18076e001a
apache-httpd: Use authn_core for version >= 2.3.
Beginning with version 2.3, the authn were refactored. As a result, authn_alias
is now part of the new module authn_core, so let's use authn_core instead of
authn_alias.

For details please see: http://httpd.apache.org/docs/2.4/upgrading.html#misc

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2012-10-17 15:11:53 +02:00
Peter Simons 56f90da276 modules/programs/bash: '/run/current-system/sw' is already a part of $NIX_PROFILES 2012-10-16 19:08:10 +02:00
Peter Simons 6a9b855412 modules/programs/bash: '/run/current-system/sw' is already a part of $NIX_PROFILES 2012-10-16 19:07:19 +02:00
Peter Simons 04a8642b4b modules/programs/bash: clean-up variables used in initialization of bash-completion 2012-10-16 18:41:45 +02:00
Peter Simons efc104c4c8 modules/programs/bash: improve bash completion support
The new configuration.nix option 'environment.enableBashCompletion'
determines whether bash completion is automatically enabled system-wide
for all interactive shells or not. The default setting is 'off'.
2012-10-16 18:41:45 +02:00
Peter Simons c7fb0defe6 modules/programs/bash: clean-up variables used in initialization of bash-completion 2012-10-16 18:41:20 +02:00
Peter Simons 4ca0617f4a modules/programs/bash: improve bash completion support
The new configuration.nix option 'environment.enableBashCompletion'
determines whether bash completion is automatically enabled system-wide
for all interactive shells or not. The default setting is 'off'.
2012-10-16 18:23:28 +02:00
Eelco Dolstra 8499d7555f Backward compatibility hack for ‘networking.nat.internalIPs’ 2012-10-16 11:28:30 -04:00
Eelco Dolstra 10ac80115b switch-to-configuration: Fix bad Perl 2012-10-14 21:12:11 -04:00
Mathijs Kwik 97a3a99b40 firewall: options to select connection-tracking helpers
My main reason for adding this is the ability to turn off helpers
altogether. If you are not using any of the special protocols, keeping
them turned off is safest, and in case you do want to use them, it's
best to configure them through the new CT target for your network
topology. Perhaps some sane defaults for nixos can be examined in the
future.

This change has no impact if you don't touch the added options, so no
need to adapt.
2012-10-13 09:59:31 +02:00
Mathijs Kwik 6c62de6a31 firewall: option to enable the rpfilter netfilter module
This is meant to replace /proc/sys/net/ipv4/conf/*/rp_filter, which
only works for ipv4. Furthermore, it's nicer to handle this kind of
filtering in the firewall.

There are some more subtle differences, please see:
https://home.regit.org/netfilter-en/secure-use-of-helpers/

I chose to enable this by default (when the firewall is enabled) as
it's a good idea in general. Only people with advanced routing needs
might not want this, but I guess they don't use the nixos firewall
anyway and use a custom solution. Furthermore, the option only becomes
available in kernel 3.3+, so conservative nixos users that just stick
to the default kernel will not need to act now just yet.
2012-10-13 09:59:31 +02:00
Eelco Dolstra 53f216885f Ignore systemd-modules-load errors
On NixOS, ‘boot.kernelModules’ has historically contained modules that
may not exist or load everywhere, so don't barf on those.
2012-10-12 17:39:06 -04:00
Eelco Dolstra 161c837c49 Port automatic filesystem creation to systemd 2012-10-12 17:32:36 -04:00
Eelco Dolstra 12d1cd87ce Systemd unit names can contain Nix-illegal characters, so don't include them 2012-10-12 17:32:05 -04:00
Eelco Dolstra 3f6d53cc97 Move escapeSystemdPath to lib/utils.nix
The new file ‘utils.nix’ is intended for NixOS-specific library
functions (i.e. stuff that shouldn't go into Nixpkgs' lib/).
2012-10-12 17:01:49 -04:00
Eelco Dolstra e8de4455ab Update automatic swapfile creation for systemd 2012-10-12 16:47:29 -04:00
Eelco Dolstra 97a2de983b Ensure that swap.target is pulled in by switch-to-configuration even if it failed earlier 2012-10-12 16:38:00 -04:00
Eelco Dolstra fd7dbc99ab switch-to-configuration: Handle multiple swap devices properly 2012-10-12 16:37:14 -04:00
Eelco Dolstra b968244aa1 Move fs.target to filesystems.nix 2012-10-12 15:08:44 -04:00
Peter Simons 7ce9893bef network-interfaces.nix: interfaces that are part of a bridge must be brought 'up' for the bridge to function 2012-10-12 18:14:39 +02:00
Eelco Dolstra e3c1865067 Let the tun services depend on /dev/net/tun 2012-10-11 17:59:41 -04:00
Eelco Dolstra d63da5892c Ensure that systemd-modules-load is restarted when boot.kernelModules changes 2012-10-11 17:58:46 -04:00
Eelco Dolstra 71a541afb6 dhcpcd: Don't depend on network-interfaces.target
Dhcpcd automatically detects new interfaces, so we can start it right
away.
2012-10-11 17:57:54 -04:00
Eelco Dolstra b606165bd9 Allow a unit to declare "triggers" that force a restart
The triggers are just arbitrary strings that are included in the unit
under X-Restart-Triggers.  The idea is that if they change between
reconfigurations, switch-to-configuration will restart the unit
because its store path changed.  This is mostly useful for services
that implicitly depend on generated files in /etc.  Thus you can say

  restartTriggers = [ confFile ];

where ‘confFile’ is the derivation that generated the /etc file in
question.
2012-10-11 17:54:43 -04:00
Eelco Dolstra 285f587025 Move non-interface specific initialisation to ‘network-setup.service’
The unit ‘network-interface.service’ has been replaced by
‘network-interfaces.target’.
2012-10-11 16:18:48 -04:00
Eelco Dolstra 2cf9bb929b Add a ‘restart’ alias 2012-10-11 16:18:34 -04:00
Eelco Dolstra 1c53b2e299 Don't flush addresses unless necessary
Flushing is bad if the Nix store is on a remote filesystem accessed
over that interface.

http://hydra.nixos.org/build/3184162

Also added a interface option ‘prefixLength’ as a better alternative
to ‘subnetMask’.
2012-10-11 15:36:52 -04:00
Eelco Dolstra 4104f60800 Fix accidental commit 2012-10-11 12:43:08 -04:00
Eelco Dolstra bd1071d02b Remove "wants" dependencies on <interface>.service
Instead it's enough to depend on
sys-subsystem-net-devices-<interface>.device, which in turn has a
"wants" dependency on the service (if any) that creates the interface.
2012-10-10 22:47:50 -04:00
Eelco Dolstra d7458b5fc2 Split the monolithic network-interface service into multiple units
For each statically configured interface, we now create a unit
‘<interface>-cfg.service’ which gets started as soon as the network
device comes up.  Similarly, each bridge defined in
‘networking.bridges’ and virtual interface in ‘networking.interfaces’
is created by a service ‘<interface>.service’.

So if we have

  networking.bridges.br0.interfaces = [ "eth0" "eth1" ];
  networking.interfaces =
    [ { name = "br0";
        ipAddress = "192.168.1.1";
      }
    ];

then there will be a unit ‘br0.service’ that depends on
‘sys-subsystem-net-devices-eth0.device’ and
‘sys-subsystem-net-devices-eth1.device’, and a unit ‘br0-cfg.service’
that depends on ‘sys-subsystem-net-devices-br0.device’.
2012-10-10 17:55:42 -04:00
Eelco Dolstra 62b707de07 Add support for postStop scripts 2012-10-10 17:55:13 -04:00
Eelco Dolstra e9b221c2ff firewall.nix: Don't spam the log 2012-10-10 16:51:05 -04:00
Eelco Dolstra 17a7f48364 Add an option for BindsTo dependencies 2012-10-10 16:50:41 -04:00
Eelco Dolstra 6b185a131f Use config.system.build.systemd in the toplevel derivation 2012-10-10 16:49:59 -04:00
Eelco Dolstra ad94b9e50e Use optionalAttrs 2012-10-10 16:49:47 -04:00
James Cook 5181ca4a3f Change the default value of programs.ssh.forwardX11 to false.
Forwarding X11 to untrusted servers is extremely insecure; see for example
http://www.hackinglinuxexposed.com/articles/20040705.html
2012-10-09 23:21:45 -07:00
Jack Cummings 71e6eca567 - fix indention, clarify parameter descriptions, and use 'exec' instead of 'script' in the hostapd job 2012-10-09 12:19:09 -07:00
Eelco Dolstra 6902452901 Whitespace 2012-10-09 15:14:32 -04:00
Eelco Dolstra d71c0bb834 Respect partOf etc. for socket and target units 2012-10-09 15:14:15 -04:00
Jack Cummings e40146de16 nat: enable NAT for multiple networks 2012-10-09 14:00:59 -04:00
Jack Cummings e8d8b6b399 smartd: Add options for each device being monitored 2012-10-09 14:00:59 -04:00
Mathijs Kwik 01b8c48c32 logcheck: add some options to ease setting up ignore-rules
The special handling for cronjobs should probably move to the cron
module (logcheckIgnore = bool option) in the future, as it's more
natural to just declare a cronjob, and mark it as "log-ignored",
instead of adding cronjobs through logcheck.

But as systemCronjobs is not an attrset yet (just simple strings),
this would require adding an attrset for cronjobs or parsing strings
in the nix language to get hold of the cron-user and command.

So for now, I keep the interface within logcheck's module.
2012-10-09 16:04:17 +02:00
Eelco Dolstra dd3fe9d792 Merge remote-tracking branch 'origin/master' into systemd
Conflicts:
	modules/services/system/nscd.nix
2012-10-08 13:47:37 -04:00
Eelco Dolstra f451afea8f Remove ‘services.journald.logKernelMessages’
This option no longer exists in systemd.
2012-10-08 10:51:17 -04:00
Marc Weber 87bb6b1c6d making ati proprietary drivers work again
However SLIM is still broken and you have to create a
/usr/lib/dri/fglrx_dri.so symlink pointing to
/run/opengl-driver/lib/fglrx_dri.so

At least fgl_glxgears shows 10 times more frames per second now
2012-10-07 17:24:42 +02:00
Eelco Dolstra 2b2f0067b8 Add an /etc/hosts entry mapping localhost to ::1 2012-10-07 00:46:24 -04:00
Eelco Dolstra 570e523a88 Remove 127.0.0.1 mapping for the system's hostname
Also remove the <hostname>.<domain> mapping.
2012-10-07 00:40:00 -04:00
Eelco Dolstra 74295866f5 Don't include NSS modules in $LD_LIBRARY_PATH
This is broken because it requires restarting applications to see new
NSS modules.  The proper way to handle NSS modules is through nscd.
See commit 554ae9908b.
2012-10-07 00:37:36 -04:00
Eelco Dolstra 13841d6e47 Use nss-myhostname to ensure that the hostname resolves to something sensible 2012-10-06 21:00:26 -04:00
Eelco Dolstra 757ab7f6d3 Generate nsswitch.conf properly 2012-10-06 20:58:46 -04:00
Jack Cummings 33754edb3e - add a hostapd module 2012-10-05 21:39:56 -07:00
Eelco Dolstra dd1770bf0b Enable klogd on Linux < 3.5
On Linux >= 3.5, systemd takes care of logging kernel messages.
2012-10-05 13:44:15 -04:00
Eelco Dolstra a5969634f4 sshd: Do detach into the background
This is necessary to ensure that jobs that need to start after sshd
work properly.

This reverts 03f13a4939.
2012-10-04 23:38:27 -04:00
Eelco Dolstra 98c6c5b730 fetch-ec2-data: Update for systemd 2012-10-04 23:26:19 -04:00
Eelco Dolstra 892b3f6ad6 acpid: Skip (rather than fail) if /proc/acpi doesn't exist
E.g. EC2 instances don't have ACPI.
2012-10-04 23:26:01 -04:00
Eelco Dolstra 0ddd147cfc headless.nix: Mountall is gone 2012-10-04 23:25:33 -04:00
Eelco Dolstra 5d9b3ed12b scsi-link-pm: Don't fail if there are no matching SCSI hosts 2012-10-04 23:25:11 -04:00
Eelco Dolstra 8f4d8cf620 Enable the power management module by default
After all, we don't want NixOS machines to contribute to global
warming more than necessary!
2012-10-04 22:10:35 -04:00
Eelco Dolstra 9b431cb24e upower: Work around the daemon getting stuck after a suspend 2012-10-04 21:58:40 -04:00
Eelco Dolstra 7d26dde69a Oops, systemd-inhibit should be exec'ed 2012-10-04 21:58:20 -04:00
Eelco Dolstra 52483c36bb Lowercase debug output 2012-10-04 21:44:45 -04:00
Eelco Dolstra db2a4d144e xsession: Set a inhibitor to prevent systemd from handling the power button and lid 2012-10-04 21:44:24 -04:00
Eelco Dolstra c6d12257f1 systemd: Run the powerManagement.* hooks on suspend/resume
Also, drop pm-utils. Systemd now takes care of suspend/resume.
2012-10-04 17:57:10 -04:00
Eelco Dolstra 38229da940 upower: Add glib to $PATH
The upower daemon needs the gdbus command (which is weird given that
upower links against dbus_glib, but ah well...).  This fixes suspend
in KDE with systemd.
2012-10-04 16:38:31 -04:00
Eelco Dolstra fdea3ac3d2 stage-2-init: Don't rely on groups being initialised 2012-10-04 16:15:30 -04:00
Eelco Dolstra 6c6134c2d2 Fix the manual service on the installation CD 2012-10-04 16:15:10 -04:00
Eelco Dolstra 74be2d9707 ISO image: Fix graphical GRUB menu 2012-10-04 16:14:44 -04:00
Eelco Dolstra 8dc4f2c3be Fix the rogue service for systemd 2012-10-04 15:27:31 -04:00
Eelco Dolstra 02624758b1 Use udev to restore ALSA volume settings
Alsa-utils provides a udev rule to restore volume settings, so use
that instead of restoring them from a systemd service.  The
"alsa-store" service saves the settings on shutdown.
2012-10-02 11:09:54 -04:00
Eelco Dolstra 666620cdd5 Use ‘mountpoint -q’ 2012-10-02 10:32:56 -04:00
Eelco Dolstra 2044ae785d Use "wants" instead of "requires" 2012-10-02 10:32:29 -04:00
Eelco Dolstra 7932978617 Fix Upstart compatibility jobs that depend on "stopped udevtrigger"
It's not enough to say "after udev-settle.service" since
udev-settle.service is not wanted/required anywhere - we need to say
"wants udev-settle.service" as well.

This should fix problems with ALSA and X11 initialisation that people
have been seeing.
2012-10-02 10:31:02 -04:00
Eelco Dolstra 2cf5e3cb66 Add options ‘boot.systemd.targets’ and ‘boot.systemd.sockets’ 2012-10-01 18:58:11 -04:00
Eelco Dolstra ca13a913d9 Oops, lost some code 2012-10-01 18:20:22 -04:00
Eelco Dolstra 990ec8cc4e Decrease PostgreSQL start check interval 2012-10-01 17:32:03 -04:00
Eelco Dolstra 2326c6da2b postgresql.nix: Depend on the filesystem containing the database 2012-10-01 16:53:13 -04:00
Eelco Dolstra 5cf702e1c1 postgresql.nix: Use User/Group instead of su 2012-10-01 16:49:02 -04:00
Eelco Dolstra 13d747c11a Support postStart scripts in service units 2012-10-01 16:45:49 -04:00
Eelco Dolstra 891be375b5 Make unitConfig/serviceConfig attribute sets
So instead of:

  boot.systemd.services."foo".serviceConfig =
    ''
      StartLimitInterval=10
      CPUShare=500
    '';

you can say:

  boot.systemd.services."foo".serviceConfig.StartLimitInterval = 10;
  boot.systemd.services."foo".serviceConfig.CPUShare = 500;

This way all unit options are available and users can set/override
options in configuration.nix.
2012-10-01 16:27:42 -04:00
Eelco Dolstra 440b793a5b Remove ‘autocreate’ FS option
Systemd creates missing mountpoints unconditionally.
2012-10-01 14:34:39 -04:00
Eelco Dolstra 353522ef79 Remove JoinControllers line because upstream reverted joining cpuset 2012-10-01 14:33:01 -04:00
Peter Simons 4b78161e3e dovecot: add options to selectively enable/disable the IMAP and/or POP3 listener 2012-09-30 00:54:03 +02:00
Mathijs Kwik 1b47614c46 invalidate-nscd: use script instead of exec for multiple commands
otherwise, only the first one line executes
2012-09-29 10:51:28 +02:00
Eelco Dolstra 0c4c3fc8aa Merge branch 'systemd' of github.com:NixOS/nixos into systemd 2012-09-28 11:41:59 -04:00
Peter Simons 03f13a4939 Tell sshd not to detach into the background.
This makes it easier for systemd to track it and avoids race conditions such as
this one:

  systemd[1]: PID file /run/sshd.pid not readable (yet?) after start.
  systemd[1]: Failed to start SSH Daemon.
  systemd[1]: Unit sshd.service entered failed state.
  systemd[1]: sshd.service holdoff time over, scheduling restart.
  systemd[1]: Stopping SSH Daemon...
  systemd[1]: Starting SSH Daemon...
  sshd[2315]: Server listening on 0.0.0.0 port 22.
  sshd[2315]: Server listening on :: port 22.
  sshd[2335]: error: Bind to port 22 on 0.0.0.0 failed: Address already in use.
  sshd[2335]: error: Bind to port 22 on :: failed: Address already in use.
  sshd[2335]: fatal: Cannot bind any address.
  systemd[1]: Started SSH Daemon.
2012-09-28 17:38:24 +02:00
Peter Simons fabe06337e alsa.nix: initialize the sound card before restoring previously stored settings
The sound card in my ThinkPad won't work unless "init" is run explicitly.
2012-09-28 17:38:24 +02:00
Eelco Dolstra 3ad370ae0a Merge remote-tracking branch 'origin/master' into systemd
Conflicts:
	modules/misc/ids.nix
	modules/services/mail/postfix.nix
	modules/services/system/nscd.nix
	modules/services/x11/desktop-managers/xfce.nix
	modules/system/boot/stage-1.nix
2012-09-28 11:35:27 -04:00
Eelco Dolstra 1084a8e0de Add "adm" group from the systemd branch to prevent constant collisions 2012-09-28 11:14:33 -04:00
Eelco Dolstra 3e6bb7d1de Move setting ownership of /nix/store to stage-2-init
This is necessary because the store might be bind-mounted read-only.
2012-09-28 10:59:58 -04:00
Peter Simons 6f052ee62e spamassassin: use virtual user home directories under /var/lib/spamassassin to avoid permission problems
When spamd isn't running as 'root', it cannot access the usual ~/.spamassassin
path where user-specific files normally reside. Instead, we use the path
/var/lib/spamassassin-<user> to store those home directories.
2012-09-28 00:06:52 +02:00
Peter Simons bcb8038726 spamassassin: add option for running the spamd daemon in debug mode 2012-09-27 17:12:25 +02:00
Peter Simons 9d83b8897b spamassassin: drop obsolete command line options 2012-09-27 16:51:32 +02:00
Rickard Nilsson 65c1c6525b network-manager: Big overhaul
* Add group 'networkmanager' and implement polkit configuration
    that allows users in this group to make persistent, system-wide
    changes to NetworkManager settings.

  * Add support for ModemManager. 3G modems should work out of the
    box now (it does for me...). This introduces a dependency on
    pkgs.modemmanager.

  * Write NetworkManger config file to Nix store, and let the
    daemon use it from there.
2012-09-27 09:26:07 +02:00
Peter Simons af7c192f2a postfix: convert service to systemd 2012-09-25 16:38:09 -04:00
Peter Simons 5ef71c6d22 smartd: convert service to systemd 2012-09-25 16:38:05 -04:00
Eelco Dolstra a139fa14b1 Optionally make the Nix store read-only to enforce immutability
This will be the default once Nix 1.2 is released.
2012-09-25 16:33:21 -04:00
Eelco Dolstra fcebb3f3cd Clean up the nscd job 2012-09-25 15:22:55 -04:00
Peter Simons 2d6d678bb9 dovecot.nix: correct bogus reference to dovecot in Nixpkgs 2012-09-25 11:24:35 +02:00
Peter Simons a7700202f2 Rename dovecot2 module to dovecot.
We no longer support more than one version.
2012-09-25 11:23:53 +02:00
Shea Levy bf116c7876 busyboxKeymap: Support unicode keymaps 2012-09-24 17:15:26 -04:00
Peter Simons 573b6b710f Merge pull request #26 from aszlig/boottime-keymap
stage-1: Add option to load keymap during bootup.
2012-09-24 07:33:03 -07:00
Peter Simons c1949c36e9 Merge pull request #31 from peti/master
Drop service for dovecot 1.x.
2012-09-24 07:31:04 -07:00
Lluis Batlle 5ee79c5722 Adding a parameter 'ttyEmergency'
It specifies what mingetty will be stopped, if a bad filesystem
triggers an emergency shell.

That should be ttyS0 on headless systems, and in that case,
nixos should stop the ttyS0 mingetty from getting in.
2012-09-24 00:16:52 +02:00
Peter Simons 97c74bf050 alsa.nix: initialize the sound card before restoring previously stored settings
The sound card in my ThinkPad won't work unless "init" is run explicitly.
2012-09-23 22:40:19 +02:00
Peter Simons 00e19c91e5 postfix: add option 'extraMasterConf' to extend the default master.cf file 2012-09-23 12:21:48 +02:00
Peter Simons b8f09be5e0 Remove service for dovecot version 1.x. 2012-09-22 12:51:58 +02:00
Eelco Dolstra 1ad655bdcf Don't join the cpuset controller with cpu/cpuacct
This works around the problem described here:

http://lists.freedesktop.org/archives/systemd-devel/2012-September/006648.html
2012-09-21 22:56:13 -04:00
Eelco Dolstra 4fa9b4b257 Restart systemd if necessary 2012-09-21 14:58:28 -04:00
Eelco Dolstra 0bd7bdfe0d Merge branch 'master' of github.com:NixOS/nixos 2012-09-21 11:03:25 -04:00
Eelco Dolstra 600d43ba93 Drop xfce-4.6 compatibility 2012-09-21 11:03:07 -04:00
Peter Simons 4476b875fc Add services.dovecot2.extraConfig option to configure arbitrary settings for which NixOS has no direct support. 2012-09-21 16:04:46 +02:00
Peter Simons 0573c7fcae modules/services/mail/dovecot2.nix: update syntax for SSL config options 2012-09-21 12:29:36 +02:00
Peter Simons 155495deb2 modules/services/mail/dovecot2.nix: accept plain text authentication only over secure channels when TLS is available
Connects from 'localhost' are always considered secure.
2012-09-21 12:29:36 +02:00
Peter Simons 1da16a5ea1 modules/services/mail/dovecot2.nix: log via syslog instead of writing a separate file 2012-09-21 12:29:36 +02:00
Eelco Dolstra d4af6edd5e firewall.nix: Allow specifying trusted network interfaces
Trusted network interfaces (such as "lo") will accept any incoming
traffic.
2012-09-20 17:51:44 -04:00
Eelco Dolstra 1e666c10fa Get rid of the last use of mkThenElse 2012-09-20 16:55:32 -04:00
Rickard Nilsson 0de3a0cff3 nscd-invalidate: Invalidate passwd and group databases also
I had some problems with LDAP user lookups not working properly
at boot. I found that invalidating passwd and group on the
ip-up event (when nscd-invalidate starts) helped a bit.
2012-09-19 14:30:55 +02:00
Eelco Dolstra 83c6b1cf3a Set $LOCALE_ARCHIVE in systemd services
Systemd sets locale variables like $LANG when running services, so
$LOCALE_ARCHIVE should also be set to prevent warnings like "perl:
warning: Setting locale failed.".
2012-09-18 18:12:39 -04:00
Eelco Dolstra d12dd340b6 firewall.nix: Respect networking.enableIPv6 = false
Reported-by: Pablo Costa <modulistic@gmail.com>
2012-09-18 17:20:46 -04:00
Eelco Dolstra b96835f8dd Merge remote-tracking branch 'origin/master' into systemd 2012-09-14 13:24:03 -04:00
Eelco Dolstra 75583c7984 nixos-rebuild: Support --option 2012-09-14 13:23:19 -04:00
Peter Simons ad65e807bd Add new 'hardware.cpu.amd.updateMicrocode' option. 2012-09-11 18:44:37 +02:00
Eelco Dolstra aac6fe44b6 Merge branch 'master' of github.com:NixOS/nixos into systemd 2012-09-11 10:58:57 -04:00
Eelco Dolstra b53842df3e Don't set the passno field for tmpfs and other FSs that have no device
If passno is set, then systemd will instantiate a systemd-fsck unit,
which in turn will instantiate a <device>.device unit
(e.g. "none.device").  Since no such device exists, mounting will
fail.  So don't set passno.
2012-09-11 10:55:56 -04:00
Ludovic Courtès f7530dc5ee avahi: Never set host-name' to the empty string in avahi-daemon.conf'. 2012-09-07 10:58:53 +02:00
Rob Vermaas 27880ed729 Change logstash job startOn attribute to include networking 2012-09-06 12:31:15 +02:00
Shea Levy f701e8d420 d'oh 2012-09-03 12:11:07 -04:00
Shea Levy 4be367ec47 Damn NixOS lack of laziness... 2012-09-03 10:35:45 -04:00
Eelco Dolstra e0e0e57c26 Fix the OpenVPN jobs 2012-08-30 21:11:36 -04:00
Mathijs Kwik bce1cdd59c fix kernel 3.4+ early cifs mounting (qemu-vm target)
kernel 3.4+ needs cifs-utils to mount CIFS filesystems.
the kernel itself (and busybox's cifs mount code) are no longer able
to do this in some/most cases and will error out saying:
"CIFS VFS: connecting to DFS root not implemented yet"

Nixos' qemu-vm target is hurt by this, as it wants to mount /nix/store
via cifs very early in the boot process.

This commit makes sure the initrd for affected kernels is built with
cifs-utils if needed.
2012-08-30 18:31:45 +02:00
Mathijs Kwik a502ce1128 networking: add proxy_arp / proxy_ndp options.
proxy_arp (and proxy_ndp for ipv6) can be turned on on a few
interfaces (at least 2).
This is mainly useful for creating pseudo-bridges between a real
interface and a virtual network such as VPN or a virtual machine for
interfaces that don't support real bridging (most wlan interfaces).
As ARP proxying acts slightly above the link-layer, below-ip traffic
isn't bridged, so things like DHCP won't work. The advantage above
using NAT lies in the fact that no IP addresses are shared, so all
hosts are reachable/routeable.
2012-08-29 22:59:36 +02:00