diff options
author | Vladimír Čunát <vcunat@gmail.com> | 2016-05-23 09:02:10 +0200 |
---|---|---|
committer | Vladimír Čunát <vcunat@gmail.com> | 2016-05-23 09:02:10 +0200 |
commit | 0b192a09767c05b38f3e2838c07e9600318bbbb5 (patch) | |
tree | 4467053c39ef4bad71527cd5fda5cf92960575e8 /nixos/modules | |
parent | dc5bbc4700dd95420f87141efcc0e6cb48a710f9 (diff) | |
parent | 0e54c749114b79f6be78486086f5829b176fcba8 (diff) | |
download | nixlib-0b192a09767c05b38f3e2838c07e9600318bbbb5.tar nixlib-0b192a09767c05b38f3e2838c07e9600318bbbb5.tar.gz nixlib-0b192a09767c05b38f3e2838c07e9600318bbbb5.tar.bz2 nixlib-0b192a09767c05b38f3e2838c07e9600318bbbb5.tar.lz nixlib-0b192a09767c05b38f3e2838c07e9600318bbbb5.tar.xz nixlib-0b192a09767c05b38f3e2838c07e9600318bbbb5.tar.zst nixlib-0b192a09767c05b38f3e2838c07e9600318bbbb5.zip |
Merge branch 'master' into staging
That's to get mesa rebuild from master, as it's nontrivial.
Diffstat (limited to 'nixos/modules')
-rw-r--r-- | nixos/modules/module-list.nix | 3 | ||||
-rw-r--r-- | nixos/modules/services/databases/redis.nix | 24 | ||||
-rw-r--r-- | nixos/modules/services/desktops/gnome3/gnome-keyring.nix | 2 | ||||
-rw-r--r-- | nixos/modules/services/networking/networkmanager.nix | 8 | ||||
-rw-r--r-- | nixos/modules/services/networking/unbound.nix | 2 | ||||
-rw-r--r-- | nixos/modules/services/torrent/transmission.nix | 32 | ||||
-rw-r--r-- | nixos/modules/services/x11/xserver.nix | 1 | ||||
-rw-r--r-- | nixos/modules/system/boot/initrd-ssh.nix | 4 |
8 files changed, 53 insertions, 23 deletions
diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index bd6552f74a4f..370220d253a5 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -62,7 +62,8 @@ ./programs/bash/bash.nix ./programs/blcr.nix ./programs/cdemu.nix - ./programs/command-not-found/command-not-found.nix + # see https://github.com/NixOS/nixos-channel-scripts/issues/4 + #./programs/command-not-found/command-not-found.nix ./programs/dconf.nix ./programs/environment.nix ./programs/freetds.nix diff --git a/nixos/modules/services/databases/redis.nix b/nixos/modules/services/databases/redis.nix index 6323d2c8ce4e..480e1184ffa3 100644 --- a/nixos/modules/services/databases/redis.nix +++ b/nixos/modules/services/databases/redis.nix @@ -68,6 +68,22 @@ in description = "The port for Redis to listen to."; }; + vmOverCommit = mkOption { + type = types.bool; + default = false; + description = '' + Set vm.overcommit_memory to 1 (Suggested for Background Saving: http://redis.io/topics/faq) + ''; + }; + + openFirewall = mkOption { + type = types.bool; + default = false; + description = '' + Whether to open ports in the firewall for the server. + ''; + }; + bind = mkOption { type = with types; nullOr str; default = null; # All interfaces @@ -193,6 +209,14 @@ in config = mkIf config.services.redis.enable { + boot.kernel.sysctl = mkIf cfg.vmOverCommit { + "vm.overcommit_memory" = "1"; + }; + + networking.firewall = mkIf cfg.openFirewall { + allowedTCPPorts = [ cfg.port ]; + }; + users.extraUsers.redis = { name = cfg.user; uid = config.ids.uids.redis; diff --git a/nixos/modules/services/desktops/gnome3/gnome-keyring.nix b/nixos/modules/services/desktops/gnome3/gnome-keyring.nix index a8f1bcc28fbe..a36643a1cfb3 100644 --- a/nixos/modules/services/desktops/gnome3/gnome-keyring.nix +++ b/nixos/modules/services/desktops/gnome3/gnome-keyring.nix @@ -36,7 +36,7 @@ in environment.systemPackages = [ gnome3.gnome_keyring ]; - services.dbus.packages = [ gnome3.gnome_keyring ]; + services.dbus.packages = [ gnome3.gnome_keyring gnome3.gcr ]; }; diff --git a/nixos/modules/services/networking/networkmanager.nix b/nixos/modules/services/networking/networkmanager.nix index e9eea6a2cae1..9912ad9ae3fc 100644 --- a/nixos/modules/services/networking/networkmanager.nix +++ b/nixos/modules/services/networking/networkmanager.nix @@ -114,12 +114,10 @@ in { # Ugly hack for using the correct gnome3 packageSet basePackages = mkOption { type = types.attrsOf types.package; - default = { inherit modemmanager wpa_supplicant + default = { inherit networkmanager modemmanager wpa_supplicant networkmanager_openvpn networkmanager_vpnc networkmanager_openconnect - networkmanager_pptp networkmanager_l2tp; - networkmanager = networkmanager.out; - }; + networkmanager_pptp networkmanager_l2tp; }; internal = true; }; @@ -189,7 +187,7 @@ in { boot.kernelModules = [ "ppp_mppe" ]; # Needed for most (all?) PPTP VPN connections. - environment.etc = with mapAttrs (name: getBin) cfg.basePackages; [ + environment.etc = with cfg.basePackages; [ { source = ipUpScript; target = "NetworkManager/dispatcher.d/01nixos-ip-up"; } diff --git a/nixos/modules/services/networking/unbound.nix b/nixos/modules/services/networking/unbound.nix index 89762fe52488..0dd24478f409 100644 --- a/nixos/modules/services/networking/unbound.nix +++ b/nixos/modules/services/networking/unbound.nix @@ -106,8 +106,10 @@ in preStart = '' mkdir -m 0755 -p ${stateDir}/dev/ cp ${confFile} ${stateDir}/unbound.conf + ${optionalString cfg.enableRootTrustAnchor '' ${pkgs.unbound}/bin/unbound-anchor -a ${rootTrustAnchorFile} chown unbound ${stateDir} ${rootTrustAnchorFile} + ''} touch ${stateDir}/dev/random ${pkgs.utillinux}/bin/mount --bind -n /dev/random ${stateDir}/dev/random ''; diff --git a/nixos/modules/services/torrent/transmission.nix b/nixos/modules/services/torrent/transmission.nix index 32203a522b0c..5154aaca3bc2 100644 --- a/nixos/modules/services/torrent/transmission.nix +++ b/nixos/modules/services/torrent/transmission.nix @@ -113,22 +113,22 @@ in #include <abstractions/base> #include <abstractions/nameservice> - ${pkgs.glibc.out}/lib/*.so mr, - ${pkgs.libevent.out}/lib/libevent*.so* mr, - ${pkgs.curl.out}/lib/libcurl*.so* mr, - ${pkgs.openssl.out}/lib/libssl*.so* mr, - ${pkgs.openssl.out}/lib/libcrypto*.so* mr, - ${pkgs.zlib.out}/lib/libz*.so* mr, - ${pkgs.libssh2.out}/lib/libssh2*.so* mr, - ${pkgs.systemd}/lib/libsystemd*.so* mr, - ${pkgs.xz.out}/lib/liblzma*.so* mr, - ${pkgs.libgcrypt.out}/lib/libgcrypt*.so* mr, - ${pkgs.libgpgerror.out}/lib/libgpg-error*.so* mr, - ${pkgs.nghttp2.lib}/lib/libnghttp2*.so* mr, - ${pkgs.c-ares.out}/lib/libcares*.so* mr, - ${pkgs.libcap.lib}/lib/libcap*.so* mr, - ${pkgs.attr.out}/lib/libattr*.so* mr, - ${pkgs.lz4}/lib/liblz4*.so* mr, + ${getLib pkgs.glibc}/lib/*.so mr, + ${getLib pkgs.libevent}/lib/libevent*.so* mr, + ${getLib pkgs.curl}/lib/libcurl*.so* mr, + ${getLib pkgs.openssl}/lib/libssl*.so* mr, + ${getLib pkgs.openssl}/lib/libcrypto*.so* mr, + ${getLib pkgs.zlib}/lib/libz*.so* mr, + ${getLib pkgs.libssh2}/lib/libssh2*.so* mr, + ${getLib pkgs.systemd}/lib/libsystemd*.so* mr, + ${getLib pkgs.xz}/lib/liblzma*.so* mr, + ${getLib pkgs.libgcrypt}/lib/libgcrypt*.so* mr, + ${getLib pkgs.libgpgerror}/lib/libgpg-error*.so* mr, + ${getLib pkgs.nghttp2}/lib/libnghttp2*.so* mr, + ${getLib pkgs.c-ares}/lib/libcares*.so* mr, + ${getLib pkgs.libcap}/lib/libcap*.so* mr, + ${getLib pkgs.attr}/lib/libattr*.so* mr, + ${getLib pkgs.lz4}/lib/liblz4*.so* mr, @{PROC}/sys/kernel/random/uuid r, @{PROC}/sys/vm/overcommit_memory r, diff --git a/nixos/modules/services/x11/xserver.nix b/nixos/modules/services/x11/xserver.nix index 9cb9c8de31d7..4f65ed72d36e 100644 --- a/nixos/modules/services/x11/xserver.nix +++ b/nixos/modules/services/x11/xserver.nix @@ -16,6 +16,7 @@ let virtualbox = { modules = [ kernelPackages.virtualboxGuestAdditions ]; driverName = "vboxvideo"; }; ati = { modules = with pkgs.xorg; [ xf86videoati glamoregl ]; }; intel = { modules = with pkgs.xorg; [ xf86videointel glamoregl ]; }; + modesetting = { modules = []; }; }; fontsForXServer = diff --git a/nixos/modules/system/boot/initrd-ssh.nix b/nixos/modules/system/boot/initrd-ssh.nix index a881459bed18..3e2805a8c341 100644 --- a/nixos/modules/system/boot/initrd-ssh.nix +++ b/nixos/modules/system/boot/initrd-ssh.nix @@ -85,6 +85,10 @@ in }; config = mkIf (config.boot.initrd.network.enable && cfg.enable) { + assertions = [ { + assertion = cfg.hostRSAKey != null || cfg.hostDSSKey != null || cfg.hostECDSAKey != null; + message = "You should specify at least one host key for initrd SSH"; + } ]; boot.initrd.extraUtilsCommands = '' copy_bin_and_libs ${pkgs.dropbear}/bin/dropbear |