3
0
Fork 0
forked from mirrors/nixpkgs
Commit graph

5065 commits

Author SHA1 Message Date
Eelco Dolstra df6f5ade40 cupsd: Use Type=forking
http://hydra.nixos.org/build/6291101
2013-09-26 23:56:38 +02:00
Eelco Dolstra e1318e6026 cupsd: Log to syslog (and thus the journal) 2013-09-26 21:05:20 +02:00
Eelco Dolstra a26e4a43f3 Add a test for CUPS 2013-09-26 21:05:20 +02:00
Eelco Dolstra 82e1d0c8b1 Remove services.ttyBackgrounds
This hasn't worked in a long time.
2013-09-26 17:33:52 +02:00
Eelco Dolstra b7b2476499 Remove the portmap module
It's obsoleted by rpcbind.
2013-09-26 17:04:07 +02:00
Eelco Dolstra f70fbb1791 Fix duplicated environment values
All profileVariables listed each profile twice (e.g. $PATH contained
$HOME/.nix-profile/bin twice).  This is because mergeAttrsWithFunc is
broken (and deprecated):

  nix-repl> :p mergeAttrsWithFunc concat { x = [1]; } { y = [2]; }
  { x = [ 1 ]; y = [ 2 2 ]; }

So use zipAttrsWith instead.
2013-09-25 00:48:28 +02:00
Eelco Dolstra cfd20debfb Fix bashrc regression
Interactive non-login shells should not source /etc/profile, otherwise
environment variables set by the user will get clobbered.  For
example:

  $ export PERL5LIB=/foo
  $ bash
  $ echo $PERL5LIB
  /home/eelco/.nix-profile/lib/perl5/site_perl:/nix/var/nix/profiles/default/lib/perl5/site_perl:/run/current-system/sw/lib/perl5/site_perl:/home/eelco/.nix-profile/lib/perl5/site_perl:/nix/var/nix/profiles/default/lib/perl5/site_perl:/run/current-system/sw/lib/perl5/site_perl
2013-09-25 00:25:22 +02:00
Rickard Nilsson 78721f57eb nvidia-x11: Put nvidia.icd in /etc/OpenCL/vendors
This makes OpenCL work with Nvidia cards (tested with darktable).
2013-09-24 20:28:52 +02:00
Shea Levy 9667a1ef75 environment.promptInit is now programs.<shell>.promptInit
Signed-off-by: Shea Levy <shea@shealevy.com>
2013-09-24 09:53:47 -04:00
Shea Levy 9ce148e738 Don't break compatibility with pre-1.6 nix
Signed-off-by: Shea Levy <shea@shealevy.com>
2013-09-24 09:40:06 -04:00
Eelco Dolstra ec2266b2e2 Make environment variables overridable 2013-09-24 11:27:25 +02:00
Eelco Dolstra b933b15d72 Don't generate /etc/environment
/etc/environment, if it exists, should be a list of NAME=VALUE pairs,
not a shell script.  See the pam_env manpage.
2013-09-24 11:01:55 +02:00
Rickard Nilsson 3a17c2b30b Add option systemd.automounts, for definining automount units 2013-09-23 23:16:45 +02:00
Eelco Dolstra 9df40867b9 In environment.variables, unify "value" and "list" 2013-09-23 23:07:32 +02:00
Mathijs Kwik 3840e96e79 Merge pull request #256 from oxij/shells-environment
I tested the previous "version" and found my environment to be exactly the same.

Let's start discussing possible extensions/improvements somewhere else. For now it's a nice improvement.
2013-09-23 11:23:10 -07:00
Jan Malakhovski ffa4b28dce Add support for Zsh as an alternative (or not) default (or not) interactive shell. 2013-09-23 17:06:26 +00:00
Jan Malakhovski b3f4040512 Radically change the way NixOS handles environment variables and make it possible not to use Bash as the default interactive shell.
This change does two things:

* "NixOSizes" environment variables generation. This allows some more
  error-checking and opens possibilities for a modular environment
  configuration. From now on the most of environment variables are
  generated directly by the nix code. Generating sh code that
  generates environment variables is left in a few places where
  nontrivial access to a local environment state is needed.
* By doing the first change this patch untangles bash from the
  environment configuration and makes it trivial to add a support for
  other non bash-compatible shells.

Now to the sad part. This change is quite large (and I'm not sure it's
possible to split it) and yet is not quite complete, it needs some
changes to nixpkgs to be perfect.
See !!! comments in modules/config/shells-environment.nix.

Main principle behind this change is "change environment generation
and nothing else". In particular, shell configuration principles stay
exactly the same as before.
2013-09-23 16:55:25 +00:00
Rickard Nilsson bfd86d4e74 Fix bug in NetworkManager name server configuration 2013-09-23 16:01:56 +02:00
Eelco Dolstra d94aa36f1e Fix saving the ALSA sound card state
This didn't work reliably because it raced with the remounting of /.
So if you were unlucky, then / was read-only by the time we ran
"alsactl store".  Now the sound card state is saved before anything is
unmounted/remounted.
2013-09-22 21:39:05 +02:00
Eelco Dolstra f19065c283 Fix broken systemd shutdown services
The services systemd-random-seed-save.service and
systemd-update-utmp-shutdown.service from systemd 203 don't work,
because they have a RequiresMountFor dependency on /var/lib and
/var/log.  Such a dependency produces a cycle, causing systemd to drop
those services:

  Fixing conflicting jobs by deleting job poweroff.target/stop
  Deleting job systemd-poweroff.service/stop as dependency of job poweroff.target/stop
  Deleting job umount.target/stop as dependency of job systemd-poweroff.service/stop
  Deleting job -.mount/start as dependency of job umount.target/stop
  Deleting job systemd-random-seed-save.service/start as dependency of job -.mount/start
  Deleting job systemd-update-utmp-shutdown.service/start as dependency of job -.mount/start

Dropping the RequiresMountFor doesn't work either, because then
/var/... may have meen unmounted or remounted read-only.

Upstream systemd fixes this by doing the actual work from an ExecStop
action in an already-running service than conflicts with
shutdown.target.  So I backported that here.  The main consequence is
that wtmp shutdown records now get written properly.

The main lesson: shutdown.target is useless for pulling in services
during shutdown if they need to write anywhere.
2013-09-22 21:39:05 +02:00
Eelco Dolstra f5c4874b05 Fix service description 2013-09-22 21:39:05 +02:00
Eelco Dolstra 4be5fae2da Log console logins in /var/log/wtmp 2013-09-22 21:39:05 +02:00
Eelco Dolstra 14f55a2f67 Remove unused runlevel targets 2013-09-22 21:39:05 +02:00
Eelco Dolstra 50d942960e Write a reboot record to /var/log/wtmp 2013-09-22 21:39:05 +02:00
Bjørn Forsman 4be44d011b services.cgminer.enable: improve description
So that a search for "bitcoin" in the configuration.nix(5) man page
yields a hit.
2013-09-22 16:44:00 +02:00
Peter Simons f28dc07d49 Merge pull request #257 from oxij/bind-forwarders
bind: allow forwarders to differ from nameservers
2013-09-18 08:13:49 -07:00
Evgeny Egorochkin b3d7f2945e manual: fix typo, #254. 2013-09-18 10:26:40 +03:00
Eelco Dolstra 58e40f84e1 Regression test for blkio functionality 2013-09-17 16:17:34 +02:00
Peter Simons 9f94a6ffaa modules/misc/ids.nix: document the fact that the uid for tcpcryptd is hard-coded in the daemon 2013-09-17 11:22:48 +02:00
Jan Malakhovski af2382606c bind: allow forwarders to differ from nameservers 2013-09-17 01:21:17 +00:00
Rob Vermaas 0408858a8a Set CURL_CA_BUNDLE env variable for nix-daemon to allow pulling from a binary cache on https. Did not add to nix.envVars to avoid being added to shellInit. 2013-09-16 19:02:20 +02:00
Eelco Dolstra b825169404 Add kexec support
You can now do a fast reboot (bypassing the BIOS, which may take
several minutes on servers) by running ‘systemctl kexec’.

Unfortunately the QEMU test for this is unreliable due to a QEMU bug
(it randomly crashes with a message like ‘Guest moved used index from
8 to 0’), so it's commented out.
2013-09-16 17:42:13 +02:00
Eelco Dolstra 5332480454 nixos-install: Fix copying from the CD
Nix 1.6 doesn't run the copy-from-other-stores substituter by default
anymore, so turn it on explicitly.

http://hydra.nixos.org/build/6144173
2013-09-16 13:30:34 +02:00
Eelco Dolstra 639bb95d0a Test whether the transparent fetchurl cache (tarballs.nixos.org) works
Testing this is useful in any case, but it's necessary now because Nix
1.6 doesn't check the binary cache for fetchurl output anymore.

http://hydra.nixos.org/build/6144188
2013-09-16 13:30:34 +02:00
Eelco Dolstra fbb40e0389 release.nix: Automatically include all of tests/default.nix 2013-09-16 13:30:33 +02:00
Bjørn Forsman 0192c02720 /etc/profile: try all nix profiles for ASPELL_CONF
Aspell can only handle one dict-dir directive and currently we hardocde
that to
  ASPELL_CONF="dict-dir $HOME/.nix-profile/lib/aspell"

This means that aspell doesn't work if it is installed to the system or
default nix profile -- it only works in the user profile.

With this change, aspell can be installed to any of the nix profiles. If
it is installed in more than one profile, the most "local" profile wins
(i.e. sysadmin can set up a default, users can override it).
2013-09-14 13:05:11 +02:00
Oliver Charles 3a1024478a lightdm: Use xserver.nix environment variables when starting X
This reduces code duplication, but more importantly means that the
DRI modules can be found by X enabling hardware acceleration.

Close #249; the PR also refers to more about DRI modules.
2013-09-12 10:09:53 +02:00
Peter Simons 1103ba84fd modules/misc/ids.nix: patch tcpcrypt to use our uid
The default uid 666 exceeds SYS_UID_MAX (499), so it might not be available
anyway.
2013-09-11 18:58:37 +02:00
Peter Simons 4a7d8a84bc modules/services/networking/tcpcrypt.nix: specify start-up dependencies in systemd style
Thanks, Eelco, for pointing this out.
2013-09-11 18:56:09 +02:00
Peter Simons b6501c0097 modules/misc/ids.nix: add a comment explaining why tcpcryptd has uid 666. 2013-09-11 11:09:30 +02:00
Peter Simons 0afcc637d7 Add support for opportunistic TCP encryption.
Set "networking.tcpcrypt.enable = true;" to enable opportunistic TCP encryption
based on the user-space tools available from <http://tcpcrypt.org>.

Network attackers come in two varieties: passive and active (man-in-the-middle).
Passive attacks are much simpler to execute because they just require listening
on the network. Active attacks are much harder as they require listening and
modifying network traffic, often requiring very precise timing that can make
some attacks impractical.

Opportunistic encryption cannot protect against active attackers, but it *does*
protect against passive attackers. Furthermore, Tcpcrypt is powerful enough to
stop active attacks, too, if the application using it performs authentication.

A complete description of the protocol extension can be found at
<http://tools.ietf.org/html/draft-bittau-tcp-crypt-00>.
2013-09-10 23:32:55 +02:00
Eelco Dolstra c4092f2a8d firewall.nix: Less verbosity 2013-09-10 15:17:52 +02:00
Eelco Dolstra 94bb48be78 firewall.nix: Don't make missing rpfilter support a fatal error
This makes upgrading from Linux 3.2 to 3.4 a bit nicer.
2013-09-10 15:17:52 +02:00
Mathijs Kwik 71365b7478 Merge pull request #247 from bjornfor/wins-nsswitch
Add services.samba.nsswins option
2013-09-07 08:18:01 -07:00
Bjørn Forsman 8a01d244b1 Add services.samba.nsswins option
This option allows for seamless WINS/NetBIOS name lookup, using
nsswitch.
2013-09-07 15:09:44 +02:00
Eelco Dolstra 40342e975d types.list -> types.listOf 2013-09-04 15:12:07 +02:00
Eelco Dolstra 25bd880472 Get firmware from lib/firmware 2013-09-04 14:22:52 +02:00
Eelco Dolstra 17457297cb Update all legacy-style modules
I.e., modules that use "require = [options]".  Nowadays that should be
written as

  {
    options = { ... };
    config = { ... };
  };

Also, use "imports" instead of "require" in places where we actually
import another module.
2013-09-04 13:05:09 +02:00
Eelco Dolstra 3a23e6dd31 Remove reference to non-existant config.tests 2013-09-03 15:14:55 +02:00
Jack Cummings f2523c08e4 fixiup zfs binaries in initrd
Previously, the zfs binaries were put in $out/sbin where the stage-1
patchelf wouldn't fix them up. This would fail the allowedReferences
test.

Move the zfs binaries to $out/bin.
2013-09-02 13:53:28 +03:00