diff options
author | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2014-04-20 19:31:01 +0200 |
---|---|---|
committer | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2014-04-20 19:31:01 +0200 |
commit | 4e8c2f0ff91c19065f44fd66c9d869b920631557 (patch) | |
tree | fcdb6062bbcb33f4ed4013ed9b4a0020e166d948 /nixos/modules/services | |
parent | cb83796abb3870cf6dc74c4823067bc7b43a9395 (diff) | |
parent | a0c0dfb6471506a1c4b98c8b6ec7a31271025573 (diff) | |
download | nixlib-4e8c2f0ff91c19065f44fd66c9d869b920631557.tar nixlib-4e8c2f0ff91c19065f44fd66c9d869b920631557.tar.gz nixlib-4e8c2f0ff91c19065f44fd66c9d869b920631557.tar.bz2 nixlib-4e8c2f0ff91c19065f44fd66c9d869b920631557.tar.lz nixlib-4e8c2f0ff91c19065f44fd66c9d869b920631557.tar.xz nixlib-4e8c2f0ff91c19065f44fd66c9d869b920631557.tar.zst nixlib-4e8c2f0ff91c19065f44fd66c9d869b920631557.zip |
Merge branch 'systemd-update'
Diffstat (limited to 'nixos/modules/services')
-rw-r--r-- | nixos/modules/services/databases/postgresql.nix | 2 | ||||
-rw-r--r-- | nixos/modules/services/hardware/80-net-name-slot.rules | 13 | ||||
-rw-r--r-- | nixos/modules/services/hardware/udev.nix | 8 | ||||
-rw-r--r-- | nixos/modules/services/hardware/udisks2.nix | 2 | ||||
-rw-r--r-- | nixos/modules/services/misc/nix-daemon.nix | 23 | ||||
-rw-r--r-- | nixos/modules/services/networking/dhcpcd.nix | 5 | ||||
-rw-r--r-- | nixos/modules/services/networking/firewall.nix | 17 | ||||
-rw-r--r-- | nixos/modules/services/networking/ssh/sshd.nix | 1 | ||||
-rw-r--r-- | nixos/modules/services/ttys/agetty.nix | 20 | ||||
-rw-r--r-- | nixos/modules/services/ttys/gpm.nix | 11 | ||||
-rw-r--r-- | nixos/modules/services/web-servers/apache-httpd/default.nix | 2 | ||||
-rw-r--r-- | nixos/modules/services/x11/desktop-managers/kde4.nix | 2 | ||||
-rw-r--r-- | nixos/modules/services/x11/display-managers/default.nix | 11 | ||||
-rw-r--r-- | nixos/modules/services/x11/xserver.nix | 17 |
14 files changed, 64 insertions, 70 deletions
diff --git a/nixos/modules/services/databases/postgresql.nix b/nixos/modules/services/databases/postgresql.nix index 2960ad913629..ad83cb553e1d 100644 --- a/nixos/modules/services/databases/postgresql.nix +++ b/nixos/modules/services/databases/postgresql.nix @@ -215,7 +215,7 @@ in # Shut down Postgres using SIGINT ("Fast Shutdown mode"). See # http://www.postgresql.org/docs/current/static/server-shutdown.html KillSignal = "SIGINT"; - KillMode = "process"; # FIXME: this may cause processes to be left behind in the cgroup even after the final SIGKILL + KillMode = "mixed"; # Give Postgres a decent amount of time to clean up after # receiving systemd's SIGINT. diff --git a/nixos/modules/services/hardware/80-net-name-slot.rules b/nixos/modules/services/hardware/80-net-name-slot.rules new file mode 100644 index 000000000000..18547f170a3f --- /dev/null +++ b/nixos/modules/services/hardware/80-net-name-slot.rules @@ -0,0 +1,13 @@ +# Copied from systemd 203. +ACTION=="remove", GOTO="net_name_slot_end" +SUBSYSTEM!="net", GOTO="net_name_slot_end" +NAME!="", GOTO="net_name_slot_end" + +IMPORT{cmdline}="net.ifnames" +ENV{net.ifnames}=="0", GOTO="net_name_slot_end" + +NAME=="", ENV{ID_NET_NAME_ONBOARD}!="", NAME="$env{ID_NET_NAME_ONBOARD}" +NAME=="", ENV{ID_NET_NAME_SLOT}!="", NAME="$env{ID_NET_NAME_SLOT}" +NAME=="", ENV{ID_NET_NAME_PATH}!="", NAME="$env{ID_NET_NAME_PATH}" + +LABEL="net_name_slot_end" diff --git a/nixos/modules/services/hardware/udev.nix b/nixos/modules/services/hardware/udev.nix index d218aa1e5e16..507752dabcf7 100644 --- a/nixos/modules/services/hardware/udev.nix +++ b/nixos/modules/services/hardware/udev.nix @@ -83,8 +83,8 @@ let grep -l '\(RUN+\|IMPORT{program}\)="\(/usr\)\?/s\?bin' $i/*/udev/rules.d/* || true done - ${optionalString (!config.networking.usePredictableInterfaceNames) '' - ln -s /dev/null $out/80-net-name-slot.rules + ${optionalString config.networking.usePredictableInterfaceNames '' + cp ${./80-net-name-slot.rules} $out/80-net-name-slot.rules ''} # If auto-configuration is disabled, then remove @@ -243,5 +243,9 @@ in fi ''; + systemd.services.systemd-udevd = + { environment.MODULE_DIR = "/run/booted-system/kernel-modules/lib/modules"; + }; + }; } diff --git a/nixos/modules/services/hardware/udisks2.nix b/nixos/modules/services/hardware/udisks2.nix index 0f61f20c33c3..f5b641c7378b 100644 --- a/nixos/modules/services/hardware/udisks2.nix +++ b/nixos/modules/services/hardware/udisks2.nix @@ -14,7 +14,7 @@ with lib; enable = mkOption { type = types.bool; - default = false; + default = true; description = '' Whether to enable Udisks, a DBus service that allows applications to query and manipulate storage devices. diff --git a/nixos/modules/services/misc/nix-daemon.nix b/nixos/modules/services/misc/nix-daemon.nix index 1516736dc2e0..4bfd6268234d 100644 --- a/nixos/modules/services/misc/nix-daemon.nix +++ b/nixos/modules/services/misc/nix-daemon.nix @@ -275,28 +275,18 @@ in ) cfg.buildMachines; }; - systemd.sockets."nix-daemon" = - { description = "Nix Daemon Socket"; - wantedBy = [ "sockets.target" ]; - before = [ "multi-user.target" ]; - unitConfig.ConditionPathIsReadWrite = "/nix/var/nix/daemon-socket/"; - socketConfig.ListenStream = "/nix/var/nix/daemon-socket/socket"; - }; + systemd.packages = [ nix ]; - systemd.services."nix-daemon" = - { description = "Nix Daemon"; + systemd.sockets.nix-daemon.wantedBy = [ "sockets.target" ]; - path = [ nix pkgs.openssl pkgs.utillinux pkgs.openssh ] + systemd.services.nix-daemon = + { path = [ nix pkgs.openssl pkgs.utillinux pkgs.openssh ] ++ optionals cfg.distributedBuilds [ pkgs.gzip ]; environment = cfg.envVars // { CURL_CA_BUNDLE = "/etc/ssl/certs/ca-bundle.crt"; }; - unitConfig.ConditionPathIsReadWrite = "/nix/var/nix/daemon-socket/"; - serviceConfig = - { ExecStart = "@${nix}/bin/nix-daemon nix-daemon --daemon"; - KillMode = "process"; - Nice = cfg.daemonNiceLevel; + { Nice = cfg.daemonNiceLevel; IOSchedulingPriority = cfg.daemonIONiceLevel; LimitNOFILE = 4096; }; @@ -352,8 +342,7 @@ in /nix/var/nix/profiles \ /nix/var/nix/db \ /nix/var/log/nix/drvs \ - /nix/var/nix/channel-cache \ - /nix/var/nix/chroots + /nix/var/nix/channel-cache mkdir -m 1777 -p \ /nix/var/nix/gcroots/per-user \ /nix/var/nix/profiles/per-user \ diff --git a/nixos/modules/services/networking/dhcpcd.nix b/nixos/modules/services/networking/dhcpcd.nix index 8c3f651e434e..35a3cfff8406 100644 --- a/nixos/modules/services/networking/dhcpcd.nix +++ b/nixos/modules/services/networking/dhcpcd.nix @@ -4,7 +4,7 @@ with lib; let - dhcpcd = if !config.boot.isContainer then pkgs.dhcpcd else pkgs.dhcpcd_without_udev; + dhcpcd = if !config.boot.isContainer then pkgs.dhcpcd else pkgs.dhcpcd.override { udev = null; }; # Don't start dhcpcd on explicitly configured interfaces or on # interfaces that are part of a bridge. @@ -80,6 +80,7 @@ in options = { networking.dhcpcd.denyInterfaces = mkOption { + type = types.listOf types.str; default = []; description = '' Disable the DHCP client for any interface whose name matches @@ -90,6 +91,7 @@ in }; networking.dhcpcd.extraConfig = mkOption { + type = types.lines; default = ""; description = '' Literal string to append to the config file generated for dhcpcd. @@ -107,6 +109,7 @@ in { description = "DHCP Client"; wantedBy = [ "network.target" ]; + after = [ "systemd-udev-settle.service" ]; # FIXME # Stopping dhcpcd during a reconfiguration is undesirable # because it brings down the network interfaces configured by diff --git a/nixos/modules/services/networking/firewall.nix b/nixos/modules/services/networking/firewall.nix index c2941e122614..42914bfe5d62 100644 --- a/nixos/modules/services/networking/firewall.nix +++ b/nixos/modules/services/networking/firewall.nix @@ -18,8 +18,6 @@ */ - - { config, lib, pkgs, ... }: with lib; @@ -266,14 +264,23 @@ in message = "This kernel does not support disabling conntrack helpers"; } ]; - jobs.firewall = + systemd.services.firewall = { description = "Firewall"; - startOn = "started network-interfaces"; + wantedBy = [ "network.target" ]; + after = [ "network-interfaces.target" "systemd-modules-load.service" ]; path = [ pkgs.iptables ]; - preStart = + # FIXME: this module may also try to load kernel modules, but + # containers don't have CAP_SYS_MODULE. So the host system had + # better have all necessary modules already loaded. + unitConfig.ConditionCapability = "CAP_NET_ADMIN"; + + serviceConfig.Type = "oneshot"; + serviceConfig.RemainAfterExit = true; + + script = '' ${helpers} diff --git a/nixos/modules/services/networking/ssh/sshd.nix b/nixos/modules/services/networking/ssh/sshd.nix index 5bc140ca242a..b66ccb87120c 100644 --- a/nixos/modules/services/networking/ssh/sshd.nix +++ b/nixos/modules/services/networking/ssh/sshd.nix @@ -258,7 +258,6 @@ in path = [ pkgs.openssh pkgs.gawk ]; environment.LD_LIBRARY_PATH = nssModulesPath; - environment.LOCALE_ARCHIVE = "/run/current-system/sw/lib/locale/locale-archive"; preStart = '' diff --git a/nixos/modules/services/ttys/agetty.nix b/nixos/modules/services/ttys/agetty.nix index 442774af2512..df21ebbd9743 100644 --- a/nixos/modules/services/ttys/agetty.nix +++ b/nixos/modules/services/ttys/agetty.nix @@ -49,22 +49,20 @@ with lib; config = { systemd.services."getty@" = - { baseUnit = pkgs.runCommand "getty.service" {} - '' - sed '/ExecStart/ d' < ${config.systemd.package}/example/systemd/system/getty@.service > $out - ''; - serviceConfig.ExecStart = "@${pkgs.utillinux}/sbin/agetty agetty --noclear --login-program ${pkgs.shadow}/bin/login %I 38400"; + { serviceConfig.ExecStart = "@${pkgs.utillinux}/sbin/agetty agetty --noclear --login-program ${pkgs.shadow}/bin/login --keep-baud %I 115200,38400,9600 $TERM"; restartIfChanged = false; }; systemd.services."serial-getty@" = - { baseUnit = pkgs.runCommand "serial-getty.service" {} - '' - sed '/ExecStart/ d' < ${config.systemd.package}/example/systemd/system/serial-getty@.service > $out - ''; - serviceConfig.ExecStart = + { serviceConfig.ExecStart = let speeds = concatStringsSep "," (map toString config.services.mingetty.serialSpeed); - in "@${pkgs.utillinux}/sbin/agetty agetty --login-program ${pkgs.shadow}/bin/login %I ${speeds}"; + in "@${pkgs.utillinux}/sbin/agetty agetty --login-program ${pkgs.shadow}/bin/login %I ${speeds} $TERM"; + restartIfChanged = false; + }; + + systemd.services."container-getty@" = + { unitConfig.ConditionPathExists = "/dev/pts/%I"; # Work around being respawned when "machinectl login" exits. + serviceConfig.ExecStart = "@${pkgs.utillinux}/sbin/agetty agetty --noclear --login-program ${pkgs.shadow}/bin/login --keep-baud pts/%I 115200,38400,9600 $TERM"; restartIfChanged = false; }; diff --git a/nixos/modules/services/ttys/gpm.nix b/nixos/modules/services/ttys/gpm.nix index 12fe4e2f84f1..03b0f39824d0 100644 --- a/nixos/modules/services/ttys/gpm.nix +++ b/nixos/modules/services/ttys/gpm.nix @@ -40,12 +40,15 @@ in config = mkIf cfg.enable { - jobs.gpm = - { description = "General purpose mouse"; + systemd.services.gpm = + { description = "Console Mouse Daemon"; - startOn = "started udev"; + wantedBy = [ "multi-user.target" ]; + requires = [ "getty.target" ]; - exec = "${pkgs.gpm}/sbin/gpm -m /dev/input/mice -t ${cfg.protocol} -D &>/dev/null"; + serviceConfig.ExecStart = "@${pkgs.gpm}/sbin/gpm gpm -m /dev/input/mice -t ${cfg.protocol}"; + serviceConfig.Type = "forking"; + serviceConfig.PIDFile = "/run/gpm.pid"; }; }; diff --git a/nixos/modules/services/web-servers/apache-httpd/default.nix b/nixos/modules/services/web-servers/apache-httpd/default.nix index eced13444de2..75ec6671d156 100644 --- a/nixos/modules/services/web-servers/apache-httpd/default.nix +++ b/nixos/modules/services/web-servers/apache-httpd/default.nix @@ -450,7 +450,7 @@ in extraModules = mkOption { type = types.listOf types.unspecified; default = []; - example = literalExample ''[ "proxy_connect" { name = "php5"; path = "''${php}/modules/libphp5.so"; } ]''; + example = literalExample ''[ "proxy_connect" { name = "php5"; path = "''${pkgs.php}/modules/libphp5.so"; } ]''; description = '' Additional Apache modules to be used. These can be specified as a string in the case of modules distributed diff --git a/nixos/modules/services/x11/desktop-managers/kde4.nix b/nixos/modules/services/x11/desktop-managers/kde4.nix index c70dbf3b911d..26b0612671c4 100644 --- a/nixos/modules/services/x11/desktop-managers/kde4.nix +++ b/nixos/modules/services/x11/desktop-managers/kde4.nix @@ -159,7 +159,7 @@ in # Enable helpful DBus services. services.udisks.enable = ! wantsUdisks2; - services.udisks2.enable = wantsUdisks2; + services.udisks2.enable = true; services.upower.enable = config.powerManagement.enable; security.pam.services.kde = { allowNullPassword = true; }; diff --git a/nixos/modules/services/x11/display-managers/default.nix b/nixos/modules/services/x11/display-managers/default.nix index 2deff602982b..3bf18bd58c84 100644 --- a/nixos/modules/services/x11/display-managers/default.nix +++ b/nixos/modules/services/x11/display-managers/default.nix @@ -51,17 +51,6 @@ let ''} - ${optionalString cfg.startOpenSSHAgent '' - if test -z "$SSH_AUTH_SOCK"; then - # Restart this script as a child of the SSH agent. (It is - # also possible to start the agent as a child that prints - # the required environment variabled on stdout, but in - # that mode ssh-agent is not terminated when we log out.) - export SSH_ASKPASS=${pkgs.x11_ssh_askpass}/libexec/x11-ssh-askpass - exec ${pkgs.openssh}/bin/ssh-agent "$0" "$sessionType" - fi - ''} - ${optionalString cfg.startGnuPGAgent '' if test -z "$SSH_AUTH_SOCK"; then # Restart this script as a child of the GnuPG agent. diff --git a/nixos/modules/services/x11/xserver.nix b/nixos/modules/services/x11/xserver.nix index 1f02bfd6ef37..65f93b544996 100644 --- a/nixos/modules/services/x11/xserver.nix +++ b/nixos/modules/services/x11/xserver.nix @@ -201,17 +201,6 @@ in ''; }; - startOpenSSHAgent = mkOption { - type = types.bool; - default = true; - description = '' - Whether to start the OpenSSH agent when you log in. The OpenSSH agent - remembers private keys for you so that you don't have to type in - passphrases every time you make an SSH connection. Use - <command>ssh-add</command> to add a key to the agent. - ''; - }; - startGnuPGAgent = mkOption { type = types.bool; default = false; @@ -400,11 +389,11 @@ in hardware.opengl.videoDrivers = mkIf (cfg.videoDriver != null) [ cfg.videoDriver ]; assertions = - [ { assertion = !(cfg.startOpenSSHAgent && cfg.startGnuPGAgent); + [ { assertion = !(config.programs.ssh.startAgent && cfg.startGnuPGAgent); message = '' - The OpenSSH agent and GnuPG agent cannot be started both. - Choose between `startOpenSSHAgent' and `startGnuPGAgent'. + The OpenSSH agent and GnuPG agent cannot be started both. Please + choose between ‘programs.ssh.startAgent’ and ‘services.xserver.startGnuPGAgent’. ''; } { assertion = config.security.polkit.enable; |