diff options
author | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2015-05-22 15:57:36 +0200 |
---|---|---|
committer | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2015-05-22 15:57:36 +0200 |
commit | 09d06f5ffd867afc72d5ca6786f73aed2b80e207 (patch) | |
tree | 0b39699b6fae1ea7f5e6b40b2214c901eb9a578b /nixos/modules | |
parent | f106125f77ba2b3588f95ef58667763042f808c9 (diff) | |
parent | a49afdf1743436ac07c9be9da1d27ea5461af571 (diff) | |
download | nixlib-09d06f5ffd867afc72d5ca6786f73aed2b80e207.tar nixlib-09d06f5ffd867afc72d5ca6786f73aed2b80e207.tar.gz nixlib-09d06f5ffd867afc72d5ca6786f73aed2b80e207.tar.bz2 nixlib-09d06f5ffd867afc72d5ca6786f73aed2b80e207.tar.lz nixlib-09d06f5ffd867afc72d5ca6786f73aed2b80e207.tar.xz nixlib-09d06f5ffd867afc72d5ca6786f73aed2b80e207.tar.zst nixlib-09d06f5ffd867afc72d5ca6786f73aed2b80e207.zip |
Merge remote-tracking branch 'origin/master' into systemd-219
Conflicts: pkgs/development/libraries/libseccomp/default.nix
Diffstat (limited to 'nixos/modules')
18 files changed, 373 insertions, 96 deletions
diff --git a/nixos/modules/installer/tools/nixos-checkout.nix b/nixos/modules/installer/tools/nixos-checkout.nix index 3338e5119acb..9cdd8a74a188 100644 --- a/nixos/modules/installer/tools/nixos-checkout.nix +++ b/nixos/modules/installer/tools/nixos-checkout.nix @@ -1,5 +1,5 @@ -# This module generates the nixos-checkout script, which replaces the -# Nixpkgs source trees in /etc/nixos/nixpkgs with a Git checkout. +# This module generates the nixos-checkout script, which performs a +# checkout of the Nixpkgs Git repository. { config, lib, pkgs, ... }: @@ -37,8 +37,19 @@ let mv nixpkgs nixpkgs-$backupTimestamp fi - # Check out the NixOS and Nixpkgs sources. - git clone git://github.com/NixOS/nixpkgs.git nixpkgs + # Check out the Nixpkgs sources. + if ! [ -e nixpkgs/.git ]; then + echo "Creating repository in $prefix/nixpkgs..." + git init --quiet nixpkgs + else + echo "Updating repository in $prefix/nixpkgs..." + fi + cd nixpkgs + git remote add origin git://github.com/NixOS/nixpkgs.git || true + git remote add channels git://github.com/NixOS/nixpkgs-channels.git || true + git remote set-url origin --push git@github.com:NixOS/nixpkgs.git + git remote update + git checkout master ''; }; diff --git a/nixos/modules/misc/ids.nix b/nixos/modules/misc/ids.nix index 0039ca74ba85..cc1976e236bd 100644 --- a/nixos/modules/misc/ids.nix +++ b/nixos/modules/misc/ids.nix @@ -196,7 +196,6 @@ nylon = 168; apache-kafka = 169; panamax = 170; - marathon = 171; exim = 172; #fleet = 173; # unused #input = 174; # unused @@ -217,6 +216,7 @@ lambdabot = 191; asterisk = 192; plex = 193; + bird = 195; # When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399! @@ -390,7 +390,6 @@ gitlab = 165; nylon = 168; panamax = 170; - #marathon = 171; # unused exim = 172; fleet = 173; input = 174; @@ -412,6 +411,7 @@ #asterisk = 192; # unused plex = 193; sabnzbd = 194; + bird = 195; # When adding a gid, make sure it doesn't match an existing # uid. Users and groups with the same name should have equal diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index e869b350e716..bef3f7f2fe73 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -62,6 +62,7 @@ ./programs/environment.nix ./programs/info.nix ./programs/ibus.nix + ./programs/kbdlight.nix ./programs/light.nix ./programs/nano.nix ./programs/screen.nix @@ -251,6 +252,7 @@ ./services/networking/atftpd.nix ./services/networking/avahi-daemon.nix ./services/networking/bind.nix + ./services/networking/bird.nix ./services/networking/bitlbee.nix ./services/networking/btsync.nix ./services/networking/charybdis.nix @@ -289,6 +291,7 @@ ./services/networking/nat.nix ./services/networking/networkmanager.nix ./services/networking/ngircd.nix + ./services/networking/nix-serve.nix ./services/networking/notbit.nix ./services/networking/nsd.nix ./services/networking/ntopng.nix @@ -461,5 +464,6 @@ ./virtualisation/openvswitch.nix ./virtualisation/parallels-guest.nix ./virtualisation/virtualbox-guest.nix + ./virtualisation/vmware-guest.nix ./virtualisation/xen-dom0.nix ] diff --git a/nixos/modules/programs/kbdlight.nix b/nixos/modules/programs/kbdlight.nix new file mode 100644 index 000000000000..0172368e968f --- /dev/null +++ b/nixos/modules/programs/kbdlight.nix @@ -0,0 +1,16 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.programs.kbdlight; + +in +{ + options.programs.kbdlight.enable = mkEnableOption "kbdlight"; + + config = mkIf cfg.enable { + environment.systemPackages = [ pkgs.kbdlight ]; + security.setuidPrograms = [ "kbdlight" ]; + }; +} diff --git a/nixos/modules/services/backup/postgresql-backup.nix b/nixos/modules/services/backup/postgresql-backup.nix index 1f7b123eca37..4a5ebebc682e 100644 --- a/nixos/modules/services/backup/postgresql-backup.nix +++ b/nixos/modules/services/backup/postgresql-backup.nix @@ -3,13 +3,13 @@ with lib; let - inherit (pkgs) postgresql gzip; + inherit (pkgs) gzip; - location = config.services.postgresqlBackup.location ; + location = config.services.postgresqlBackup.location; postgresqlBackupCron = db: '' - ${config.services.postgresqlBackup.period} root ${postgresql}/bin/pg_dump ${db} | ${gzip}/bin/gzip -c > ${location}/${db}.gz + ${config.services.postgresqlBackup.period} root ${config.services.postgresql.package}/bin/pg_dump ${db} | ${gzip}/bin/gzip -c > ${location}/${db}.gz ''; in diff --git a/nixos/modules/services/networking/bird.nix b/nixos/modules/services/networking/bird.nix new file mode 100644 index 000000000000..e7e1db191529 --- /dev/null +++ b/nixos/modules/services/networking/bird.nix @@ -0,0 +1,76 @@ +{ config, lib, pkgs, ... }: + +let + inherit (lib) mkEnableOption mkIf mkOption singleton types; + inherit (pkgs) bird; + cfg = config.services.bird; + + configFile = pkgs.writeText "bird.conf" '' + ${cfg.config} + ''; +in + +{ + + ###### interface + + options = { + + services.bird = { + + enable = mkEnableOption "BIRD Internet Routing Daemon"; + + config = mkOption { + type = types.string; + description = '' + BIRD Internet Routing Daemon configuration file. + <link xlink:href='http://bird.network.cz/'/> + ''; + }; + + user = mkOption { + type = types.string; + default = "ircd"; + description = '' + BIRD Internet Routing Daemon user. + ''; + }; + + group = mkOption { + type = types.string; + default = "ircd"; + description = '' + BIRD Internet Routing Daemon group. + ''; + }; + + }; + + }; + + + ###### implementation + + config = mkIf cfg.enable { + + users.extraUsers = singleton { + name = cfg.user; + description = "BIRD Internet Routing Daemon user"; + uid = config.ids.uids.bird; + group = cfg.group; + }; + + users.extraGroups = singleton { + name = cfg.group; + gid = config.ids.gids.bird; + }; + + systemd.services.bird = { + description = "BIRD Internet Routing Daemon"; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + ExecStart = "${bird}/bin/bird -d -c ${configFile} -s /var/run/bird.ctl -u ${cfg.user} -g ${cfg.group}"; + }; + }; + }; +} diff --git a/nixos/modules/services/networking/consul.nix b/nixos/modules/services/networking/consul.nix index 5308fd995085..53a9f4626254 100644 --- a/nixos/modules/services/networking/consul.nix +++ b/nixos/modules/services/networking/consul.nix @@ -6,11 +6,9 @@ let dataDir = "/var/lib/consul"; cfg = config.services.consul; - configOptions = { - data_dir = dataDir; - } - // (if cfg.webUi then { ui_dir = "${pkgs.consul.ui}"; } else { }) - // cfg.extraConfig; + configOptions = { data_dir = dataDir; } // + (if cfg.webUi then { ui_dir = "${pkgs.consul.ui}"; } else { }) // + cfg.extraConfig; configFiles = [ "/etc/consul.json" "/etc/consul-addrs.json" ] ++ cfg.extraConfigFiles; @@ -52,23 +50,6 @@ in ''; }; - joinNodes = mkOption { - type = types.listOf types.str; - default = [ ]; - description = '' - A list of addresses of nodes which should be joined at startup if the - current node is in a left state. - ''; - }; - - joinRetries = mkOption { - type = types.int; - default = 10; - description = '' - The number of times to retry connecting to the join nodes. - ''; - }; - interface = { advertise = mkOption { @@ -159,10 +140,14 @@ in users.extraUsers."consul" = { description = "Consul agent daemon user"; uid = config.ids.uids.consul; + # The shell is needed for health checks + shell = "/run/current-system/sw/bin/bash"; }; environment = { etc."consul.json".text = builtins.toJSON configOptions; + # We need consul.d to exist for consul to start + etc."consul.d/dummy.json".text = "{ }"; systemPackages = with pkgs; [ consul ]; }; @@ -170,10 +155,12 @@ in wantedBy = [ "multi-user.target" ]; after = [ "network.target" ] ++ systemdDevices; bindsTo = systemdDevices; - restartTriggers = [ config.environment.etc."consul.json".source ]; + restartTriggers = [ config.environment.etc."consul.json".source ] + ++ mapAttrsToList (_: d: d.source) + (filterAttrs (n: _: hasPrefix "consul.d/" n) config.environment.etc); serviceConfig = { - ExecStart = "@${pkgs.consul}/bin/consul consul agent" + ExecStart = "@${pkgs.consul}/bin/consul consul agent -config-dir /etc/consul.d" + concatMapStrings (n: " -config-file ${n}") configFiles; ExecReload = "${pkgs.consul}/bin/consul reload"; PermissionsStartOnly = true; @@ -219,18 +206,6 @@ in + '' echo "}" >> /etc/consul-addrs.json ''; - postStart = '' - # Issues joins to nodes which we statically connect to - ${flip concatMapStrings cfg.joinNodes (addr: '' - for i in {0..${toString cfg.joinRetries}}; do - # Try to join the other nodes ${toString cfg.joinRetries} times before failing - consul join "${addr}" && break - sleep 1 - done & - '')} - wait - exit 0 - ''; }; systemd.services.consul-alerts = mkIf (cfg.alerts.enable) { diff --git a/nixos/modules/services/networking/nix-serve.nix b/nixos/modules/services/networking/nix-serve.nix new file mode 100644 index 000000000000..c2c579c3177e --- /dev/null +++ b/nixos/modules/services/networking/nix-serve.nix @@ -0,0 +1,56 @@ +{ config, pkgs, lib, ... }: + +with lib; + +let + cfg = config.services.nix-serve; +in +{ + options = { + services.nix-serve = { + enable = mkEnableOption "nix-serve, the standalone Nix binary cache server"; + + port = mkOption { + type = types.int; + default = 5000; + description = '' + Port number where nix-serve will listen on. + ''; + }; + + bindAddress = mkOption { + type = types.string; + default = "0.0.0.0"; + description = '' + IP address where nix-serve will bind its listening socket. + ''; + }; + + extraParams = mkOption { + type = types.string; + default = ""; + description = '' + Extra command line parameters for nix-serve. + ''; + }; + }; + }; + + config = mkIf cfg.enable { + systemd.services.nix-serve = { + description = "nix-serve binary cache server"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + + path = [ config.nix.package pkgs.bzip2 ]; + environment.NIX_REMOTE = "daemon"; + + serviceConfig = { + ExecStart = "${pkgs.nix-serve}/bin/nix-serve " + + "--port ${cfg.bindAddress}:${toString cfg.port} ${cfg.extraParams}"; + User = "nobody"; + Group = "nogroup"; + }; + }; + }; +} diff --git a/nixos/modules/services/networking/ssh/sshd.nix b/nixos/modules/services/networking/ssh/sshd.nix index c25532511a07..6cc86b4e4b5a 100644 --- a/nixos/modules/services/networking/ssh/sshd.nix +++ b/nixos/modules/services/networking/ssh/sshd.nix @@ -282,8 +282,8 @@ in config = mkIf cfg.enable { users.extraUsers.sshd = - { description = "SSH privilege separation user"; - home = "/var/empty"; + { isSystemUser = true; + description = "SSH privilege separation user"; }; environment.etc = authKeysFiles ++ [ diff --git a/nixos/modules/services/networking/tinc.nix b/nixos/modules/services/networking/tinc.nix index f9ca796ea652..2d43c3d962dd 100644 --- a/nixos/modules/services/networking/tinc.nix +++ b/nixos/modules/services/networking/tinc.nix @@ -154,6 +154,7 @@ in users.extraUsers = flip mapAttrs' cfg.networks (network: _: nameValuePair ("tinc.${network}") ({ description = "Tinc daemon user for ${network}"; + isSystemUser = true; }) ); diff --git a/nixos/modules/services/scheduling/marathon.nix b/nixos/modules/services/scheduling/marathon.nix index 8513d1174c38..ab93334f5fc9 100644 --- a/nixos/modules/services/scheduling/marathon.nix +++ b/nixos/modules/services/scheduling/marathon.nix @@ -12,27 +12,56 @@ in { options.services.marathon = { enable = mkOption { - description = "Whether to enable the marathon mesos framework."; - default = false; type = types.uniq types.bool; + default = false; + description = '' + Whether to enable the marathon mesos framework. + ''; }; httpPort = mkOption { - description = "Marathon listening port"; - default = 8080; type = types.int; + default = 8080; + description = '' + Marathon listening port for HTTP connections. + ''; }; master = mkOption { - description = "Marathon mesos master zookeeper address"; - default = "zk://${head cfg.zookeeperHosts}/mesos"; type = types.str; + default = "zk://${concatStringsSep "," cfg.zookeeperHosts}/mesos"; + example = "zk://1.2.3.4:2181,2.3.4.5:2181,3.4.5.6:2181/mesos"; + description = '' + Mesos master address. See <link xlink:href="https://mesosphere.github.io/marathon/docs/"/> for details. + ''; }; zookeeperHosts = mkOption { - description = "Marathon mesos zookepper addresses"; + type = types.listOf types.str; default = [ "localhost:2181" ]; + example = [ "1.2.3.4:2181" "2.3.4.5:2181" "3.4.5.6:2181" ]; + description = '' + ZooKeeper hosts' addresses. + ''; + }; + + extraCmdLineOptions = mkOption { type = types.listOf types.str; + default = [ ]; + example = [ "--https_port=8443" "--zk_timeout=10000" "--marathon_store_timeout=2000" ]; + description = '' + Extra command line options to pass to Marathon. + See <link xlink:href="https://mesosphere.github.io/marathon/docs/command-line-flags.html"/> for all possible flags. + ''; + }; + + environment = mkOption { + default = { }; + type = types.attrs; + example = { JAVA_OPTS = "-Xmx512m"; MESOSPHERE_HTTP_CREDENTIALS = "username:password"; }; + description = '' + Environment variables passed to Marathon. + ''; }; }; @@ -41,17 +70,19 @@ in { config = mkIf cfg.enable { systemd.services.marathon = { description = "Marathon Service"; + environment = cfg.environment; wantedBy = [ "multi-user.target" ]; after = [ "network-interfaces.target" "zookeeper.service" "mesos-master.service" "mesos-slave.service" ]; serviceConfig = { - ExecStart = "${pkgs.marathon}/bin/marathon --master ${cfg.master} --zk zk://${head cfg.zookeeperHosts}/marathon"; + ExecStart = "${pkgs.marathon}/bin/marathon --master ${cfg.master} --zk zk://${concatStringsSep "," cfg.zookeeperHosts}/marathon --http_port ${toString cfg.httpPort} ${concatStringsSep " " cfg.extraCmdLineOptions}"; User = "marathon"; + Restart = "always"; + RestartSec = "2"; }; }; users.extraUsers.marathon = { - uid = config.ids.uids.marathon; description = "Marathon mesos framework user"; }; }; diff --git a/nixos/modules/services/system/nscd.nix b/nixos/modules/services/system/nscd.nix index caedc2e42173..3c0d2043ed5d 100644 --- a/nixos/modules/services/system/nscd.nix +++ b/nixos/modules/services/system/nscd.nix @@ -42,7 +42,10 @@ in config = mkIf cfg.enable { - users.extraUsers.nscd.description = "Name service cache daemon user"; + users.extraUsers.nscd = + { isSystemUser = true; + description = "Name service cache daemon user"; + }; systemd.services.nscd = { description = "Name Service Cache Daemon"; diff --git a/nixos/modules/services/x11/desktop-managers/gnome3.nix b/nixos/modules/services/x11/desktop-managers/gnome3.nix index d53f119c9558..cf6d2cab3492 100644 --- a/nixos/modules/services/x11/desktop-managers/gnome3.nix +++ b/nixos/modules/services/x11/desktop-managers/gnome3.nix @@ -45,7 +45,7 @@ in { environment.gnome3.packageSet = mkOption { default = null; - example = literalExample "pkgs.gnome3_12"; + example = literalExample "pkgs.gnome3_16"; description = "Which GNOME 3 package set to use."; apply = p: if p == null then pkgs.gnome3 else p; }; @@ -109,9 +109,6 @@ in { # Override default mimeapps export XDG_DATA_DIRS=$XDG_DATA_DIRS''${XDG_DATA_DIRS:+:}${mimeAppsList}/share - # Let gnome-control-center find gnome-shell search providers. GNOME 3.12 compatibility. - export GNOME_SEARCH_PROVIDERS_DIR=${config.system.path}/share/gnome-shell/search-providers/ - # Let nautilus find extensions export NAUTILUS_EXTENSION_DIR=${config.system.path}/lib/nautilus/extensions-3.0/ diff --git a/nixos/modules/services/x11/display-managers/lightdm.nix b/nixos/modules/services/x11/display-managers/lightdm.nix index 4aeaed8cd324..f6de8c02b186 100644 --- a/nixos/modules/services/x11/display-managers/lightdm.nix +++ b/nixos/modules/services/x11/display-managers/lightdm.nix @@ -65,7 +65,7 @@ let greeters-directory = ${cfg.greeter.package} sessions-directory = ${dmcfg.session.desktops} - [SeatDefaults] + [Seat:*] xserver-command = ${xserverWrapper} session-wrapper = ${dmcfg.session.script} greeter-session = ${cfg.greeter.name} @@ -143,8 +143,26 @@ in services.dbus.enable = true; services.dbus.packages = [ lightdm ]; - security.pam.services.lightdm = { allowNullPassword = true; startSession = true; }; - security.pam.services.lightdm-greeter = { allowNullPassword = true; startSession = true; }; + security.pam.services.lightdm = { + allowNullPassword = true; + startSession = true; + }; + security.pam.services.lightdm-greeter = { + allowNullPassword = true; + startSession = true; + text = '' + auth required pam_env.so + auth required pam_permit.so + + account required pam_permit.so + + password required pam_deny.so + + session required pam_env.so envfile=${config.system.build.pamEnvironment} + session required pam_unix.so + session optional ${pkgs.systemd}/lib/security/pam_systemd.so + ''; + }; users.extraUsers.lightdm = { createHome = true; diff --git a/nixos/modules/virtualisation/azure-common.nix b/nixos/modules/virtualisation/azure-common.nix new file mode 100644 index 000000000000..47022c6887c3 --- /dev/null +++ b/nixos/modules/virtualisation/azure-common.nix @@ -0,0 +1,61 @@ +{ config, lib, pkgs, ... }: + +with lib; +{ + imports = [ ../profiles/headless.nix ]; + + boot.kernelParams = [ "console=ttyS0" "earlyprintk=ttyS0" "rootdelay=300" "panic=1" "boot.panic_on_fail" ]; + boot.initrd.kernelModules = [ "hv_vmbus" "hv_netvsc" "hv_utils" "hv_storvsc" ]; + + # Generate a GRUB menu. + boot.loader.grub.device = "/dev/sda"; + boot.loader.grub.version = 2; + boot.loader.grub.timeout = 0; + + # Don't put old configurations in the GRUB menu. The user has no + # way to select them anyway. + boot.loader.grub.configurationLimit = 0; + + fileSystems."/".device = "/dev/disk/by-label/nixos"; + + # Allow root logins only using the SSH key that the user specified + # at instance creation time, ping client connections to avoid timeouts + services.openssh.enable = true; + services.openssh.permitRootLogin = "without-password"; + services.openssh.extraConfig = '' + ClientAliveInterval 180 + ''; + + # Force getting the hostname from Azure + networking.hostName = mkDefault ""; + + # Always include cryptsetup so that NixOps can use it. + # sg_scan is needed to finalize disk removal on older kernels + environment.systemPackages = [ pkgs.cryptsetup pkgs.sg3_utils ]; + + networking.usePredictableInterfaceNames = false; + + services.udev.extraRules = '' + ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:0", ATTR{removable}=="0", SYMLINK+="disk/by-lun/0", + ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:1", ATTR{removable}=="0", SYMLINK+="disk/by-lun/1", + ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:2", ATTR{removable}=="0", SYMLINK+="disk/by-lun/2" + ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:3", ATTR{removable}=="0", SYMLINK+="disk/by-lun/3" + + ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:4", ATTR{removable}=="0", SYMLINK+="disk/by-lun/4" + ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:5", ATTR{removable}=="0", SYMLINK+="disk/by-lun/5" + ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:6", ATTR{removable}=="0", SYMLINK+="disk/by-lun/6" + ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:7", ATTR{removable}=="0", SYMLINK+="disk/by-lun/7" + + ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:8", ATTR{removable}=="0", SYMLINK+="disk/by-lun/8" + ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:9", ATTR{removable}=="0", SYMLINK+="disk/by-lun/9" + ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:10", ATTR{removable}=="0", SYMLINK+="disk/by-lun/10" + ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:11", ATTR{removable}=="0", SYMLINK+="disk/by-lun/11" + + ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:12", ATTR{removable}=="0", SYMLINK+="disk/by-lun/12" + ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:13", ATTR{removable}=="0", SYMLINK+="disk/by-lun/13" + ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:14", ATTR{removable}=="0", SYMLINK+="disk/by-lun/14" + ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:15", ATTR{removable}=="0", SYMLINK+="disk/by-lun/15" + + ''; + +} diff --git a/nixos/modules/virtualisation/azure-image.nix b/nixos/modules/virtualisation/azure-image.nix index ab5a9c51fa5b..3f554d127c35 100644 --- a/nixos/modules/virtualisation/azure-image.nix +++ b/nixos/modules/virtualisation/azure-image.nix @@ -5,8 +5,6 @@ let diskSize = "4096"; in { - imports = [ ../profiles/headless.nix ]; - system.build.azureImage = pkgs.vmTools.runInLinuxVM ( pkgs.runCommand "azure-image" @@ -24,7 +22,6 @@ in postVM = '' - echo Converting mkdir -p $out ${pkgs.vmTools.qemu}/bin/qemu-img convert -f raw -O vpc $diskImage $out/disk.vhd rm $diskImage @@ -93,34 +90,11 @@ in '' ); - fileSystems."/".device = "/dev/disk/by-label/nixos"; + imports = [ ./azure-common.nix ]; # Azure metadata is available as a CD-ROM drive. fileSystems."/metadata".device = "/dev/sr0"; - boot.kernelParams = [ "console=ttyS0" "earlyprintk=ttyS0" "rootdelay=300" "panic=1" "boot.panic_on_fail" ]; - boot.initrd.kernelModules = [ "hv_vmbus" "hv_netvsc" "hv_utils" "hv_storvsc" ]; - - # Generate a GRUB menu. - boot.loader.grub.device = "/dev/sda"; - boot.loader.grub.version = 2; - boot.loader.grub.timeout = 0; - - # Don't put old configurations in the GRUB menu. The user has no - # way to select them anyway. - boot.loader.grub.configurationLimit = 0; - - # Allow root logins only using the SSH key that the user specified - # at instance creation time. - services.openssh.enable = true; - services.openssh.permitRootLogin = "without-password"; - - # Force getting the hostname from Azure - networking.hostName = mkDefault ""; - - # Always include cryptsetup so that NixOps can use it. - environment.systemPackages = [ pkgs.cryptsetup ]; - systemd.services.fetch-ssh-keys = { description = "Fetch host keys and authorized_keys for root user"; @@ -157,8 +131,4 @@ in serviceConfig.StandardOutput = "journal+console"; }; - networking.usePredictableInterfaceNames = false; - - #users.extraUsers.root.openssh.authorizedKeys.keys = [ (builtins.readFile <ssh-pub-key>) ]; - } diff --git a/nixos/modules/virtualisation/libvirtd.nix b/nixos/modules/virtualisation/libvirtd.nix index 7410609e0642..16aedbbb185d 100644 --- a/nixos/modules/virtualisation/libvirtd.nix +++ b/nixos/modules/virtualisation/libvirtd.nix @@ -57,6 +57,17 @@ in ''; }; + virtualisation.libvirtd.extraOptions = + mkOption { + type = types.listOf types.str; + default = [ ]; + example = [ "--verbose" ]; + description = + '' + Extra command line arguments passed to libvirtd on startup. + ''; + }; + virtualisation.libvirtd.onShutdown = mkOption { type = types.enum ["shutdown" "suspend" ]; @@ -140,7 +151,7 @@ in done ''; # */ - serviceConfig.ExecStart = ''@${pkgs.libvirt}/sbin/libvirtd libvirtd --config "${configFile}" --daemon --verbose''; + serviceConfig.ExecStart = ''@${pkgs.libvirt}/sbin/libvirtd libvirtd --config "${configFile}" --daemon ${concatStringsSep " " cfg.extraOptions}''; serviceConfig.Type = "forking"; serviceConfig.KillMode = "process"; # when stopping, leave the VMs alone diff --git a/nixos/modules/virtualisation/vmware-guest.nix b/nixos/modules/virtualisation/vmware-guest.nix new file mode 100644 index 000000000000..3f19f6a28b2b --- /dev/null +++ b/nixos/modules/virtualisation/vmware-guest.nix @@ -0,0 +1,47 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.services.vmwareGuest; + open-vm-tools = pkgs.open-vm-tools; +in +{ + options = { + services.vmwareGuest.enable = mkEnableOption "Enable VMWare Guest Support"; + }; + + config = mkIf cfg.enable { + assertions = [ { + assertion = pkgs.stdenv.isi686 || pkgs.stdenv.isx86_64; + message = "VMWare guest is not currently supported on ${pkgs.stdenv.system}"; + } ]; + + environment.systemPackages = [ open-vm-tools ]; + + systemd.services.vmware = + { description = "VMWare Guest Service"; + wantedBy = [ "multi-user.target" ]; + serviceConfig.ExecStart = "${open-vm-tools}/bin/vmtoolsd"; + }; + + services.xserver = { + videoDrivers = mkOverride 50 [ "vmware" ]; + + config = '' + Section "InputDevice" + Identifier "VMMouse" + Driver "vmmouse" + EndSection + ''; + + serverLayoutSection = '' + InputDevice "VMMouse" + ''; + + displayManager.sessionCommands = '' + ${open-vm-tools}/bin/vmware-user-suid-wrapper + ''; + }; + }; +} |