This is deliberate because using the taskd binary to configure
Taskserver has a good chance of messing up permissions.
The nixos-taskserver tool now can manage even manual configurations, so
there really is no need anymore to expose the taskd binary.
If people still want to use the taskd binary at their own risk they can
still add taskserver to systemPackages themselves.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Putting an include directive in the configuration file referencing a
store path with the real configuration file has the disavantage that
once we change the real configuration file the store path is also a
different one.
So we would have to replace that include directive with the new
configuration file, which is very much error-prone, because whenever
taskd modifies the configuration file on its own it generates a new one
with *only* the key/value options and without any include directives.
Another problem is that we only added the include directive on the first
initalization, so whenever there is *any* configuration change, it won't
affect anything.
We're now passing all the configuration options via command line,
because taskd treats everything in the form of --<name>=<value> to be a
configuration directive.
This also has the effect that we now no longer have extraConfig, because
configuration isn't a file anymore.
Instead we now have an attribute set that is mapped down to
configuration options.
Unfortunately this isn't so easy with the way taskd is configured,
because there is an option called "server" and also other options like
"server.cert", "server.key" and so on, which do not map very well to
attribute sets.
So we have an exception for the "server" option, which is now called
"server.listen", because it specifies the listening address.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Fixes: #22705
The helper tool so far was only intended for use in automatic PKI
handling, but it also is very useful if you have an existing CA.
One of the main advantages is that you don't need to specify the data
directory anymore and the right permissions are also handled as well.
Another advantage is that we now have an uniform management tool for
both automatic and manual config, so the documentation in the NixOS
manual now applies to the manual PKI config as well.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
The error message displays that a specific user doesn't exist in an
organisation, but uses the User object's name attribute to show which
user it was.
This is basically a very stupid chicken and egg problem and easily fixed
by using the user name provided on the command line.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
reason: after the upgrade of iputils from 20151218 to 20161105
functionality of ping6 and tracepath6 was merged into ping and tracepath.
Ping is now mostly a drop-in replacment for ping6, except that selecting a
specific interface is done by encoding it into the address (ex.: fe80::1%eth0)
rather then specifing it with the `-I` flag.
To be able to use Wireshark as an ordinary user, the 'dumpcap' program
must be installed setuid root. This module module simplifies such a
configuration to simply:
programs.wireshark.enable = true;
The setuid wrapper is available for users in the 'wireshark' group.
Changes v1 -> v2:
- add "defaultText" to the programs.wireshark.package option (AFAIK,
that prevents the manual from being needlessly rebuilt when the
package changes)
Since the bonds interface changed to a lot more possible values we create a
mapping of kernel bond attribute names and values to networkd attributes.
Those match for the most part, but have to transformed slightly.
There is also an assert that unknown options won’t slip through silently.
Until now the four attributes available very selectively provided a small
subset, while copying upstream documentation.
We make driver options an arbitrary key-value set and point to kernel
documentation, which is always up-to-date. This way every option can be set.
The four already existing options are deprecated with a warning.
The initialization code is now a systemd service that explicitly
waits for network-online, so the occasional failure I was seeing
because the `nixos-rebuild` couldn't get anything from the binary
cache should stop. I hope!
* The source attribute is mandatory, not optional
* The program attribute is optional
* Move the info about the mandatory attribute first (most important,
IMHO)
Previously, netdev units for network interfaces defined in the nixos
configurations would bindTo the systemd device unit of the interface if
not in a container.
In situations where you switch to a new nixos configration with changes
to network-setup.service (like nameservers) and have stacked interfaces
like vlans on a bond, it would fail to propagate restarts to the netdevs
correctly resulting with broken networking. The bond would be present
but no vlan interfaces rendering the machine unreachable.
My fear is that the udev events fail to propagate correctly while a systemd
transaction that is also restarting the triggered netdev service is running.
This commit changes this behaviour so netdev services bindTo other netdev
services if present and otherwise fall back to the previous behaviour.
We also noticed that stacked interfaces would sometimes seemingly be stopped
in the wrong order. For instance in the above example, the bond interface
would be deleted before the vlan interfaces resulting in the vlan interfaces
not being present when their service is being stopped. This would cause the
systemd transaction to fail and thus break networking. Their postStop hooks
are now allowed to fail as we have reached the desired state.
fix #22709
Recent pvgrub (from Grub built with “--with-platform=xen”) understands
the Grub2 configuration format. Grub legacy configuration (menu.lst) is
ignored.
The GeoIP databases from MaxMind have no stable URLs and change every
month (or so). Our current method of packaging these database in Nix and
playing catch-up with ever-changing file hashes is a bad idea. For
instance, it makes it impossible to realize old NixOS configurations.
This patch adds a NixOS service that periodically updates the GeoIP
databases in /var/lib/geoip-databases. Moving NixOS modules over can be
done in later patches.
I tried adding MD5 check, but not all databases have them, so i skipped
it. We are downloading over HTTPS though, it should be good. I also
tried adding zip support, but the first zip file I extracted had a
different filename inside than the archive name, which breaks an
assumption in this service, so I skipped that too.
Changes v9 -> v10:
- Pass "--max-time" to curl to set upper bound on downloads (ensures
no indefinite hanging if there's problem with networking).
Timeout for network connectivity check: 60s.
Timeout for geoip database (each): 15m.
Changes v8 -> v9:
- Mention the random timer delay in the documentation for the
'interval' option.
Changes v7 -> v8:
- Add "RemainAfterExit=true" for the setup service, so it won't be
restarted needlessly. (Thanks @danbst!)
Changes v6 -> v7:
- Add --skip-existing flag to geoip-updater, which skips updating
existing database files. Pass that flag when we run the service on
boot (and on any NixOS configuration change).
(IMHO, this is somewhat a workaround for systemd persistent timers
not being triggered immediately when a timer has never expired
before. But it does have the nice side effect of ensuring that the
installed databases always correspond to the configured ones, since
the service is now always run after configuration changes.)
Changes v5 -> v6:
- Update database files atomically (per DB)
- If a database is removed from the configuration, it'll be removed
from /var/lib/geoip-databases too (on next run).
- Add NixOS module assertion so that if user inputs non- .gz or .xz
file there will be a build time error instead of runtime.
- Run updater as user "nobody" instead of "root".
- Rename NixOS service from "geoip-databases" to "geoip-updater".
- Drop RemainAfterExit, or else the timer won't trigger the unit.
- Bring back "curl --fail", or else we won't catch and log curl
failures.
Changes v4 -> v5:
- Add "GeoLite2-City.mmdb.gz" to default database list.
Changes v3 -> v4:
- Remove unneeded geoip-updater-setup.service after adding
'wantedBy = [ "multi-user.target" ]' directly to
geoip-updater.service
- Drop unneeded "Service" name from service descriptions.
Changes v2 -> v3:
- Network may be down when starting from a cold boot, so try a few
times. Possibly, if using systemd-networkd, it'll pass on the first
try. But with default DHCP on NixOS, the service is started before
hostnames can be resolved and thus we need a few extra seconds.
- Add error handling and mark service as failed if fatal error.
- Add proper syslog log levels.
- Add RandomizedDelaySec=3600 to the timer to not put high load on the
MaxMind servers. Suggested by @Mic92.
- Set RemainAfterExit on geoip-updater.service instead of
geoip-updater-setup.service. (The latter is only a proxy that pulls
in the former service).
Changes v1 -> v2:
From Данило Глинський (Danylo Hlynskyi) <abcz2.uprola@gmail.com>:
nixos/geoip-databases: add `databases` option and fix initial setup
There were two great issues when using this service:
- When you just enable service, databases aren't downloaded, they are
downloaded when timer triggers. Fixed this with automatic download on
first system activation.
- When there is no internet, updater outputs nothing to logs, which is
IMO misbehavior. Fixed this with removing `--fail` option, better be
explicit here.
The Raspberry Pi boot loader was deleting all xx-initrd text files
(which simply contain the path to the actual initrd files) just after
having created them. The code was actually trying to delete real,
obsolete initrd files, which are named <hash>-initrd-initrd (after path
cleaning), but the glob was catching the other files as well.
Turns out all variants of start.elf and fixup.dat are needed (depending
on what's in config.txt). I was under the mistaken impression that you
were supposed to rename one of the variants to switch using them, but
nope.
A very simple skeleton for now that doesn't attempt to model any of
the agent configuration, but we can grow it later. Tested and works
on an EC2 instance with ECS.
Recent versions of libreswan seem to omit this file, but it may be added/changed in the future. It is silly to have the service fail because a file is missing that only enriches the environment.
This fixes an issue where `nixops deploy` wouldn't restart the chrony
service when the chrony configuration changed, because it wouldn't
detect that `/etc/chrony.conf` was a dependency of the chrony service.
Regression introduced by 0cb487ee04.
This changed the result for defaultGateway to be a submodule instead of
just a plain string, so instead of using just cfg.defaultGateway we need
to pass cfg.defaultGateway.address now.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @abbradar
Overriding ``glibcLocales`` via nixpkgs.overlays not works,
so I added i18n.glibcLocales parameter, defaulted with
old override, using i18n.supportedLocales.
From Postfix documentation:
With this setting, the Postfix SMTP server will not reject mail with "User
unknown in local recipient table". Don't do this on systems that receive mail
directly from the Internet. With today's worms and viruses, Postfix will become
a backscatter source: it accepts mail for non-existent recipients and then
tries to return that mail as "undeliverable" to the often forged sender
address.
20e81f7c0d prevented key generation in
`preStart`, leaving the service broken for the case where the user has
no pre-existing key.
Eventually, we ought to store the state elsewhere so that `/etc` can be
read-only but for now we fix this the easy way.
Pushing to gogs only works if the `gogs` user's shell is `bash`. For error and
solution, refer to [this SO thread](http://stackoverflow.com/a/22315659)
DBus daemon now loads its config from /run/current-system/dbus.
Reloading the daemon makes it re-read that file and catch the updates
after a system upgrade.
Offline mode: When adding a lot of data, start this service.
It will will not flood the DHT since it only exposes the API.
When you are done simply reverse the process.
Allow password login to the installation this allows doing remote installation
via SSH. All that need to be done on the local machine is:
1. Boot from the installation media
2. Set a password with passwd
3. Enable SSH with systemctl start sshd
It is safe as root doesn't have a password by default
and SSH is disabled by default.
Fixes #20718
This allows overriding the `server_name` attribute of virtual
hosts. By doing so it is possible to have multiple virtualHost
definitions that share the same `server_name`. This is useful in
particular when you need a HTTP as well as a HTTPS virtualhost: same
server_name, different port.
A default of 0 means that if you deploy two NixOS boxes with the default
configuration, the second will fail because the brokerId was already in
use. Using -1 instead tells it to pick one automatically at first start.
This provides a default console_cmd for the slim display-manager.
When the user enters "console" as the user name, slim will run this
command.
Having a default is rather important; the virtual terminals don't work
with some display drivers, so having a broken X session can leave you
locked out of your machine.
Without it, the following error is shown in the "Add Printer" window:
Failed to group devices: 'The name org.fedoraproject.Config.Printing was not provided by any .service files'
* Fix the FW names
FW_REFUSE was removed and nixos-fw-input was renamed to nixos-fw.
* Update the comment (documentation) at the top
Order the chains of the main table alphabetically (like in the rest of
the file) and add nixos-fw-rpfilter (from the raw table) and nixos-drop
(used while reloading the firewall).
* Refactor the module (mainly comments)
- Move some attributes to the top for better visibility (that should
hopefully make it easier to read and understand this module without
jumping around too much).
- Add some missing examples and improve some descriptions.
- Reorder the mkOption attributes for consistency.
- Wrap lines at 72 characters.
- Use two spaces between sentences.
This adds pulseaudio.daemon.config, which is a set of keys to values
which are directly translated to keys and values of pulseaudio's
daemon.conf, e. g.
hardware.pulseaudio.daemon.config = { flat-volumes = "no"; }
becomes
flat-volumes=no
in pulse/daemon.conf.
The reason being less mental overhead when reading upstream
documentation. Examples can be pasted right into the configuration
instead of translating to Nix attrset first.
Make sure that the output of the sieve compiler produces files that
have a newer time stamp than the source sieve script. Otherwise you
get errors in the logs about Dovecot not being able to compile do to a
permission issue.
ckb is a driver for Corsair keyboards/mice. It also contains a graphical tool for configuring their LED backlight settings.
The driver is implemented as a userland daemon. A NixOS module is included that runs this as a systemd service.
The content of programs.zsh.interactiveShellInit was
inserted too soon in the generated zshrc
This caused some settings related to autocompletion to be ignored
This reverts commit 712e62c260.
This commit broke NixOS containers. Systemd wouldn't detect if a container
started successfully and would kill it again after a grace period.
Additionally this prints mount errors due to already mounted filesystems
at boot.
I have left in 2 NixOS custom config directives, so the configuration
should be the same with the only change in behaviour being that the
service is not eagerly loaded but in fact only socket activated, which
it should be.
Using outputsToInstall the intended behaviour of including host and dnsutils
when bind is installed can be implemented instead of using symlinks to fix
installing all outputs individually with nix-env.
Fixes #19761.
It hides bugs and do you ever actually want to serve up an empty directory?
It was pretty confusing to me when it tried to write into a read-only store
path because I accidentally pointed it to the wrong store path.
Until now nixos only delivered the latest zfs release. This release is often not
compatible with the latest mainline kernel. Therefor an unstable variant is
added, which might be based on testing releases or git revisions.
fixes #21359
perlPackages.TextWrapI18N: init at 0.06
perlPackages.Po4a: init at 0.47
jade: init at 1.2.1
ding-libs: init at 0.6.0
Switch nscd to no-caching mode if SSSD is enabled.
abbradar: disable jade parallel building.
Closes #21150
This code in amazon-image.nix:
if mountFS "$device" "$mp" "" auto; then
if [ -z "$diskForUnionfs" ]; then diskForUnionfs="$mp"; fi
fi
relies on mountFS to return a zero exit status if mounting
succeeds. But the lustrateRoot check in mountFS was causing a non-zero
exit status. As a result /disk0 would be mounted, but not used for
/tmp.
(cherry picked from commit d082ed8c35dec48aee2afd1303b3c8b2a1b242b0)
/etc/hostname is the file used by hostnamectl(1) and the
org.freedesktop.hostname1 dbus service (both provided by systemd) to get
the "static hostname". Better provide it so that users of those
tools/services get a proper hostname.
An example of an issue created by the lack of /etc/hostname is that the
bluetooth stack on NixOS identifies itself to peers as "BlueZ $VERSION"
instead of the hostname.
References:
https://www.freedesktop.org/software/systemd/man/hostname.html
Changes v1 -> v2:
* ensure /etc/hostname ends with a newline
* cpu-freq: Try powersave if ondemand is not available
* Revert "cpu-freq: Try powersave if ondemand is not available"
This reverts commit 4dc56db37e.
Consult available scaling governors; for freshly generated configs, this provides a better experience than relying on a default that might not work everywhere.
* fix/asterisk-module: use unix-group for asterisk-files
* fix/asterisk-module: add configOption to use some default config-files
* fix/asterisk-module: correction of skel copy
* fix/asterisk-module: use /etc/asterisk as configDir
* fix/asterisk-module: add reload; do not restart unit
* asterisk: 13.6.0 -> 14.1.2
* fix/asterisk: compile with lua, pjsip, format_mp3
* fix/asterisk: fix indentation
* fix/asterisk: remove broken flag
The profile minimal has several drawbacks: no man pages, unusual 'dbus'
lib that makes many X11 pieces to rebuild, etc.
With xz compression in the squashfs, despite these additions, the iso is
smaller than what it was in 16.09.
It seems that it is a GPL violation to distribute zfs in the
installation ISOs.
https://sfconservancy.org/blog/2016/feb/25/zfs-and-linux/
If anyone knows the issue better and has a reason to reenable it
legally, feel free to reenable it. I don't know much about it.
The current default value of listenAddress = null blows up:
$ nixos-rebuild build
error: cannot coerce null to a string, at
.../nixpkgs/nixos/modules/services/monitoring/prometheus/alertmanager.nix:97:16
With listenAddress = "" we use the same default as upstream and there is
no blow up :-)
...by providing a default value of "no labels" (an empty attrset).
Without this change we get
$ nixos-rebuild test -I nixpkgs=.
building Nix...
building the system configuration...
error: The option `services.prometheus.scrapeConfigs.[definition 1-entry 1].static_configs.[definition 1-entry 1].labels' is used but not defined.
which is unneeded, because labels _are_ optional.
All the new options in detail:
Enable docker in multi-user.target make container created with restart=always
to start. We still want socket activation as it decouples dependencies between
the existing of /var/run/docker.sock and the docker daemon. This means that
services can rely on the availability of this socket. Fixes #11478#21303
wantedBy = ["multi-user.target"];
This allows us to remove the postStart hack, as docker reports on its own when
it is ready.
Type=notify
The following will set unset some limits because overhead in kernel's ressource
accounting was observed. Note that these limit only apply to containerd.
Containers will have their own limit set.
LimitNPROC=infinity
LimitCORE=infinity
TasksMax=infinity
Upgrades may require schema migrations. This can delay the startup of dockerd.
TimeoutStartSec=0
Allows docker to create its own cgroup subhierarchy to apply ressource limits on
containers.
Delegate=true
When dockerd is killed, container should be not affected to allow
`live restore` to work.
KillMode=process
currently services.nginx does not start up if `networking.enableIPv6 = false`
the commit changes the nginx behavior to handle this case accordingly.
The commit resolves #21308
Overlayfs is quite a bit faster, e.g. with it the KDE 5 test takes ~7m
instead of ~30m on my laptop (which is still not great, since plain
9pfs is ~4m30s).
The structured options are incomplete compared to upstream and I think
it will be a maintenance burden to try to keep up. Instead, provide an
option for the raw config file contents (prometheus.yml).
This works around:
machine: must succeed: nix-store -qR /run/current-system | grep nixos-
machine# error: changing ownership of path ‘/nix/store’: Invalid argument
Probably Nix shouldn't be anal about the ownership of the store unless
it's trying to build/write to the store.
http://hydra.nixos.org/build/45093872/nixlog/17/raw
(cherry picked from commit 57a0f14064)
Previously we were using two or three (qemu_kvm, qemu_test, and
qemu_test with a different dbus when minimal.nix is included).
(cherry picked from commit 8bfa4ce82e)
Otherwise it starts way too early, only to fail and having to restart
until devices are available. It is less wasteful to simply wait until
there's a reasonable chance of success. This is consistent with
upstream.
networkd options are always correct or up to date. This option allows to by
pass type checking. It is also easier to write because examples can be just copy
and paste from manpages.
Networkd units can contain secrets. In future also wireguard vpn will be supported by
networkd. To avoid leakage of private keys, those could be then also put outside
of the /nix/store
Having a writeable /etc/systemd/network also allows to quick fix network issues,
when upgrading `nixos-rebuild switch` would require network on its own (due
updates).
This reverts commit 656cc3acaf because it
causes building the manual to fail:
$ nixos-rebuild build
...
building path(s) ‘/nix/store/s9y5z78z5pssvmixcmv9ix13gs8xj87f-manual-olinkdb’
Writing /nix/store/s9y5z78z5pssvmixcmv9ix13gs8xj87f-manual-olinkdb/manual.db for book(book-nixos-manual)
./man-pages.xml:625: element para: Relax-NG validity error : Did not expect element para there
./man-pages.xml:3: element variablelist: Relax-NG validity error : Element refsection has extra content: variablelist
./man-pages.xml:29: element refsection: Relax-NG validity error : Element refentry has extra content: refsection
./man-pages.xml:3: element reference: Relax-NG validity error : Element reference failed to validate content
./man-pages.xml fails to validate
CC @cleverca22, @Mic92
- most nixos user only require time synchronisation,
while ntpd implements a battery-included ntp server (1,215 LOCs of C-Code vs 64,302)
- timesyncd support ntp server per interface (if configured through dhcp for instance)
- timesyncd is already included in the systemd package, switching to it would
save a little disk space (1,5M)
The collectd service runs as an unprivileged user by default, so it does
not leak more information to its data directory than any user can obtain
elsewhere by other means.
If people are running it as root and are worried about information leak,
we can add collectd group and set perms to 750.
CC @offlinehacker.
Fixes #21198.
A secret can be stored in a file. It is written at runtime in the
configuration file.
Note it is also possible to write them in the nix store for dev
purposes.
This commit introduces a nixos module for the Openstack Keystone
service. It also provides a optional bootstrap step that creates some
basic initial resources (tenants, endpoints,...).
The provided test starts Keystone by enabling bootstrapping and checks
if user creation works well.
This commit is based on initial works made by domenkozar.
Split packages in three categories, all of them going into the system
package list:
- pre-requisite packages
- core packages
- optional packages
Add a new configuration option 'environment.lxqt.excludePackages' to
specify optional LXQt packages that should be excluded from system
packages.
Add 'gvfs' as a pre-requisite package, needed by 'pcmanfm-qt' to
handle virtual places, like "Computer" and "Network".
The boot tests import test-instrumentation.nix directly to create a VM
image that only contains things such as the backdoor and serial console
the same way as used by other NixOS VM tests.
With one difference though: It doesn't need nor want to have 9p
filesystems mounted, because we actually want to test an image rather
than re-using most stuff from the host's store.
Change tested against the boot.uefiUsb and ipv6 tests, just that it
becomes clear we don't break either the tests with 9p nor the boot
tests (which were already broken but now succeed).
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
even if cups rewrites its config file due to config changes made through
its web-based management UI, we need to keep the PATH pointing to
currently-live nix store directories. fixes #20806.
`systemd.hideProcessInformation = true`, would break interactions
requiring polkit arbitration such as initating poweroff/reboot as a
normal user; the polkit daemon cannot be expected to make decisions
about processes that don't exist as far as it is concerned.
systemd-logind lacks the `sys_ptrace` capability and so needs to be part
of the designated proc gid, even though it runs as root.
Fixes https://github.com/NixOS/nixpkgs/issues/20948
Fairly severe, but can be disabled at bootup via
grsec_sysfs_restrict=0. For the NixOS module we ensure that it is
disabled, for systemd compatibility.
- As noted on github, GDM needs different parameters for X.
- Making xserverArgs a true list instead of concat-string helps to
filter it and it feels more correct anyway.
- Tested: gdm+gnome, lightdm+gnome. There seems to be no logout option
in gnome, and gdm doesn't offer other sessions, but maybe these are normal.
It was deprecated and removed from all modules in the tree by #18319.
The wireguard module PR (#17933) was still in the review at the time and
the deprecated usage managed to slip inside.
Previously, we would only set a default value, on the theory that
`boot.kernelPackages` could be used to sanely configure a custom grsec
kernel. Regrettably, this is not the case and users who expect e.g.,
`boot.kernelPackages = pkgs.linuxPackages_latest` to work will end up
with a non-grsec kernel (this problem has come up twice on the bug
tracker recently).
With this patch, `security.grsecurity.enable = true` implies
`boot.kernelPackages = linuxPackages_grsec_nixos` and any customization
must be done via package override or by eschewing the module.
Fixes #20713, though I'm certain nixpkgs contains loads of places
without proper quoting, as (ba)sh unfortunately encourages that.
The only plus side is that most of such problems in nixpkgs aren't
actually security problems but mere annoyance to those who are foolish
enough to use "weird" characters in critical names.
Allows one or more directories to be mounted as a read-only file system.
This makes it convenient to run volatile containers that do not retain
application state.
The configuration { services.openssh.enable = true;
services.openssh.forwardX11 = false; } caused
programs.ssh.setXAuthLocation to be set to false, which was not the
intent. The intent is that programs.ssh.setXAuthLocation should be
automatically enabled if needed or if xauth is already available.
riak-cs: added to all-packages
Added Riak CS nix file to pkgs
Added service file for Riak CS
Removed Erlang_basho specific bindings from the Riak CS repo
riak-cs: changed description
riak-cs: added license
riak-cs: added maintainer
riak_cs: chgned indentations
riak-cs: removed overly complex srcs mechanism
riak-cs: added systemd module
riak-cs: changed Erlang module to Basho-specific version
riak-cs: made modular form
riak-cs: Added a default package in service options
riak-cs: Fixed default package in service options
riak-cs: Patched Makefile
riak_cs: added to module-list
riak_cs: changed from string to actual package in modules
riak-cs: changed example
riak-cs: removed default
riak-cs: changed to defaultText
stanchion: changed default option to defaultText
riak-cs: added defaults; changed types to str
riak-cs: added to all-packages
Added Riak CS nix file to pkgs
Added service file for Riak CS
Removed Erlang_basho specific bindings from the Riak CS repo
riak-cs: changed description
riak-cs: added license
riak-cs: added maintainer
riak_cs: chgned indentations
riak-cs: removed overly complex srcs mechanism
riak-cs: added systemd module
riak-cs: changed Erlang module to Basho-specific version
riak-cs: made modular form
riak-cs: Added a default package in service options
riak-cs: Fixed default package in service options
riak-cs: Patched Makefile
riak_cs: added to module-list
riak_cs: changed from string to actual package in modules
Using a custom package set with the NixOS module is no longer
something I wish to support. It's still *possible* but not
advertised. Secondly, the requiredKernelConfig didn't really
do anything (setting kernelPackages to a non-grsec kernel would
just silently let the user boot into a non-grsec setup ...).
