diff options
| author | Luca Bruno <lethalman88@gmail.com> | 2015-12-11 18:31:00 +0100 |
|---|---|---|
| committer | Luca Bruno <lethalman88@gmail.com> | 2015-12-11 18:31:00 +0100 |
| commit | 5b0352a6a43fdd924a53cde4b81c15b755fa0a27 (patch) | |
| tree | cf0fcc2be2f6d08c970f0322a63ff0a31d5d5dee /nixos | |
| parent | 2f0fe05543ce594eacf0310966914d6e19a42f88 (diff) | |
| parent | 146784f835a6cadc65812c5adf76533c18e5be61 (diff) | |
| download | nixlib-5b0352a6a43fdd924a53cde4b81c15b755fa0a27.tar nixlib-5b0352a6a43fdd924a53cde4b81c15b755fa0a27.tar.gz nixlib-5b0352a6a43fdd924a53cde4b81c15b755fa0a27.tar.bz2 nixlib-5b0352a6a43fdd924a53cde4b81c15b755fa0a27.tar.lz nixlib-5b0352a6a43fdd924a53cde4b81c15b755fa0a27.tar.xz nixlib-5b0352a6a43fdd924a53cde4b81c15b755fa0a27.tar.zst nixlib-5b0352a6a43fdd924a53cde4b81c15b755fa0a27.zip | |
Merge branch 'master' into closure-size
Diffstat (limited to 'nixos')
63 files changed, 1239 insertions, 280 deletions
diff --git a/nixos/doc/manual/release-notes/rl-unstable.xml b/nixos/doc/manual/release-notes/rl-unstable.xml index c9b31afdfcf8..cf6e4ace4139 100644 --- a/nixos/doc/manual/release-notes/rl-unstable.xml +++ b/nixos/doc/manual/release-notes/rl-unstable.xml @@ -104,6 +104,15 @@ nginx.override { You can (still) use the <literal>html-tidy</literal> package, which got updated to a stable release from this new upstream.</para> </listitem> + + <listitem> + <para><literal>extraDeviceOptions</literal> argument is removed + from <literal>bumblebee</literal> package. Instead there are + now two separate arguments: <literal>extraNvidiaDeviceOptions</literal> + and <literal>extraNouveauDeviceOptions</literal> for setting + extra X11 options for nvidia and nouveau drivers, respectively. + </para> + </listitem> </itemizedlist> </section> diff --git a/nixos/modules/config/networking.nix b/nixos/modules/config/networking.nix index e76f15f23376..cbda34348930 100644 --- a/nixos/modules/config/networking.nix +++ b/nixos/modules/config/networking.nix @@ -96,6 +96,15 @@ in example = "http://127.0.0.1:3128"; }; + allProxy = lib.mkOption { + type = types.nullOr types.str; + default = cfg.proxy.default; + description = '' + This option specifies the all_proxy environment variable. + ''; + example = "http://127.0.0.1:3128"; + }; + noProxy = lib.mkOption { type = types.nullOr types.str; default = null; @@ -183,6 +192,8 @@ in rsync_proxy = cfg.proxy.rsyncProxy; } // optionalAttrs (cfg.proxy.ftpProxy != null) { ftp_proxy = cfg.proxy.ftpProxy; + } // optionalAttrs (cfg.proxy.allProxy != null) { + all_proxy = cfg.proxy.allProxy; } // optionalAttrs (cfg.proxy.noProxy != null) { no_proxy = cfg.proxy.noProxy; }; diff --git a/nixos/modules/hardware/video/bumblebee.nix b/nixos/modules/hardware/video/bumblebee.nix index e2202e1e17df..b10846ac18a1 100644 --- a/nixos/modules/hardware/video/bumblebee.nix +++ b/nixos/modules/hardware/video/bumblebee.nix @@ -2,10 +2,20 @@ with lib; let + cfg = config.hardware.bumblebee; + kernel = config.boot.kernelPackages; - bumblebee = if config.hardware.bumblebee.connectDisplay - then pkgs.bumblebee_display - else pkgs.bumblebee; + + useNvidia = cfg.driver == "nvidia"; + + bumblebee = pkgs.bumblebee.override { + inherit useNvidia; + useDisplayDevice = cfg.connectDisplay; + }; + + primus = pkgs.primus.override { + inherit useNvidia; + }; in @@ -29,6 +39,7 @@ in type = types.str; description = ''Group for bumblebee socket''; }; + hardware.bumblebee.connectDisplay = mkOption { default = false; type = types.bool; @@ -40,26 +51,30 @@ in Only nvidia driver is supported so far. ''; }; + + hardware.bumblebee.driver = mkOption { + default = "nvidia"; + type = types.enum [ "nvidia" "nouveau" ]; + description = '' + Set driver used by bumblebeed. Supported are nouveau and nvidia. + ''; + }; }; config = mkIf config.hardware.bumblebee.enable { boot.blacklistedKernelModules = [ "nouveau" "nvidia" ]; boot.kernelModules = [ "bbswitch" ]; - boot.extraModulePackages = [ kernel.bbswitch kernel.nvidia_x11 ]; + boot.extraModulePackages = [ kernel.bbswitch ] ++ optional useNvidia kernel.nvidia_x11; - environment.systemPackages = [ bumblebee pkgs.primus ]; + environment.systemPackages = [ bumblebee primus ]; systemd.services.bumblebeed = { description = "Bumblebee Hybrid Graphics Switcher"; wantedBy = [ "display-manager.service" ]; path = [ kernel.bbswitch bumblebee ]; serviceConfig = { - ExecStart = "${bumblebee}/bin/bumblebeed --use-syslog -g ${config.hardware.bumblebee.group}"; - Restart = "always"; - RestartSec = 60; - CPUSchedulingPolicy = "idle"; + ExecStart = "${bumblebee}/bin/bumblebeed --use-syslog -g ${cfg.group} --driver ${cfg.driver}"; }; - environment.LD_LIBRARY_PATH="/run/opengl-driver/lib/"; environment.MODULE_DIR="/run/current-system/kernel-modules/lib/modules/"; }; }; diff --git a/nixos/modules/misc/ids.nix b/nixos/modules/misc/ids.nix index 2b40120641a0..6ff95605d4b2 100644 --- a/nixos/modules/misc/ids.nix +++ b/nixos/modules/misc/ids.nix @@ -237,6 +237,7 @@ calibre-server = 213; heapster = 214; bepasty = 215; + pumpio = 216; # When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399! @@ -451,6 +452,7 @@ xtreemfs = 212; calibre-server = 213; bepasty = 215; + pumpio = 216; # When adding a gid, make sure it doesn't match an existing # uid. Users and groups with the same name should have equal diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index a8cf38f1c8fe..963daf721ad3 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -312,6 +312,7 @@ ./services/networking/lambdabot.nix ./services/networking/mailpile.nix ./services/networking/minidlna.nix + ./services/networking/miniupnpd.nix ./services/networking/mstpd.nix ./services/networking/murmur.nix ./services/networking/namecoind.nix @@ -401,6 +402,7 @@ ./services/ttys/agetty.nix ./services/ttys/gpm.nix ./services/ttys/kmscon.nix + ./services/web-apps/pump.io.nix ./services/web-servers/apache-httpd/default.nix ./services/web-servers/fcgiwrap.nix ./services/web-servers/jboss/default.nix @@ -506,6 +508,7 @@ ./virtualisation/amazon-options.nix ./virtualisation/openvswitch.nix ./virtualisation/parallels-guest.nix + ./virtualisation/rkt.nix ./virtualisation/virtualbox-guest.nix ./virtualisation/virtualbox-host.nix ./virtualisation/vmware-guest.nix diff --git a/nixos/modules/services/amqp/rabbitmq.nix b/nixos/modules/services/amqp/rabbitmq.nix index 780d5daded92..61545a5acba8 100644 --- a/nixos/modules/services/amqp/rabbitmq.nix +++ b/nixos/modules/services/amqp/rabbitmq.nix @@ -65,7 +65,7 @@ in { type = types.str; description = '' Verbatim configuration file contents. - See http://www.rabbitmq.com/configure.htm + See http://www.rabbitmq.com/configure.html ''; }; diff --git a/nixos/modules/services/hardware/tlp.nix b/nixos/modules/services/hardware/tlp.nix index 23b6edcefd1a..6427c5be6818 100644 --- a/nixos/modules/services/hardware/tlp.nix +++ b/nixos/modules/services/hardware/tlp.nix @@ -10,7 +10,6 @@ enableRDW = config.networking.networkmanager.enable; tlp = pkgs.tlp.override { inherit enableRDW; - kmod = config.system.sbin.modprobe; }; # XXX: We can't use writeTextFile + readFile here because it triggers @@ -69,6 +68,8 @@ in ExecStart = "${tlp}/bin/tlp init start"; ExecStop = "${tlp}/bin/tlp init stop"; }; + + environment.MODULE_DIR="/run/current-system/kernel-modules/lib/modules/"; }; tlp-sleep = { @@ -87,6 +88,8 @@ in ExecStart = "${tlp}/bin/tlp suspend"; ExecStop = "${tlp}/bin/tlp resume"; }; + + environment.MODULE_DIR="/run/current-system/kernel-modules/lib/modules/"; }; }; diff --git a/nixos/modules/services/misc/gitlab.nix b/nixos/modules/services/misc/gitlab.nix index 4505c5ceb84f..949357ab20f4 100644 --- a/nixos/modules/services/misc/gitlab.nix +++ b/nixos/modules/services/misc/gitlab.nix @@ -27,6 +27,7 @@ let http_settings: self_signed_cert: false repos_path: "${cfg.stateDir}/repositories" + secret_file: "${cfg.stateDir}/config/gitlab_shell_secret" log_file: "${cfg.stateDir}/log/gitlab-shell.log" redis: bin: ${pkgs.redis}/bin/redis-cli @@ -142,7 +143,7 @@ in { config = mkIf cfg.enable { - environment.systemPackages = [ gitlab-runner pkgs.gitlab-shell ]; + environment.systemPackages = [ pkgs.git gitlab-runner pkgs.gitlab-shell ]; assertions = [ { assertion = cfg.databasePassword != ""; @@ -154,7 +155,6 @@ in { services.redis.enable = mkDefault true; # We use postgres as the main data store. services.postgresql.enable = mkDefault true; - services.postgresql.package = mkDefault pkgs.postgresql; # Use postfix to send out mails. services.postfix.enable = mkDefault true; @@ -209,6 +209,23 @@ in { }; }; + systemd.services.gitlab-git-http-server = { + after = [ "network.target" "gitlab.service" ]; + wantedBy = [ "multi-user.target" ]; + environment.HOME = "${cfg.stateDir}/home"; + path = with pkgs; [ + gitAndTools.git + openssh + ]; + serviceConfig = { + Type = "simple"; + User = "gitlab"; + Group = "gitlab"; + TimeoutSec = "300"; + ExecStart = "${pkgs.gitlab-git-http-server}/bin/gitlab-git-http-server -listenUmask 0 -listenNetwork unix -listenAddr ${cfg.stateDir}/tmp/sockets/gitlab-git-http-server.socket -authBackend http://localhost:8080 ${cfg.stateDir}/repositories"; + }; + }; + systemd.services.gitlab = { after = [ "network.target" "postgresql.service" "redis.service" ]; wantedBy = [ "multi-user.target" ]; @@ -219,6 +236,8 @@ in { environment.GITLAB_APPLICATION_LOG_PATH = "${cfg.stateDir}/log/application.log"; environment.GITLAB_SATELLITES_PATH = "${cfg.stateDir}/satellites"; environment.GITLAB_SHELL_PATH = "${pkgs.gitlab-shell}"; + environment.GITLAB_SHELL_CONFIG_PATH = "${cfg.stateDir}/shell/config.yml"; + environment.GITLAB_SHELL_SECRET_PATH = "${cfg.stateDir}/config/gitlab_shell_secret"; environment.GITLAB_REPOSITORIES_PATH = "${cfg.stateDir}/repositories"; environment.GITLAB_SHELL_HOOKS_PATH = "${cfg.stateDir}/shell/hooks"; environment.BUNDLE_GEMFILE = "${pkgs.gitlab}/share/gitlab/Gemfile"; @@ -247,7 +266,7 @@ in { rm -rf ${cfg.stateDir}/config mkdir -p ${cfg.stateDir}/config # TODO: What exactly is gitlab-shell doing with the secret? - head -c 20 /dev/urandom > ${cfg.stateDir}/config/gitlab_shell_secret + tr -dc _A-Z-a-z-0-9 < /dev/urandom | head -c 20 > ${cfg.stateDir}/config/gitlab_shell_secret mkdir -p ${cfg.stateDir}/home/.ssh touch ${cfg.stateDir}/home/.ssh/authorized_keys @@ -272,6 +291,7 @@ in { fi fi + ${bundler}/bin/bundle exec rake -f ${pkgs.gitlab}/share/gitlab/Rakefile db:migrate RAILS_ENV=production # Install the shell required to push repositories ln -fs ${pkgs.writeText "config.yml" gitlabShellYml} ${cfg.stateDir}/shell/config.yml export GITLAB_SHELL_CONFIG_PATH=""${cfg.stateDir}/shell/config.yml @@ -296,5 +316,4 @@ in { }; }; - } diff --git a/nixos/modules/services/misc/nixos-manual.nix b/nixos/modules/services/misc/nixos-manual.nix index 7534eb0ae6a3..3e1f53e79f3e 100644 --- a/nixos/modules/services/misc/nixos-manual.nix +++ b/nixos/modules/services/misc/nixos-manual.nix @@ -117,7 +117,7 @@ in services.mingetty.helpLine = mkIf cfg.showManual "\nPress <Alt-F${toString cfg.ttyNumber}> for the NixOS manual."; - services.nixosManual.browser = mkDefault "${pkgs.w3m}/bin/w3m"; + services.nixosManual.browser = mkDefault "${pkgs.w3m-nox}/bin/w3m"; }; diff --git a/nixos/modules/services/misc/redmine.nix b/nixos/modules/services/misc/redmine.nix index eb6575887d58..7c9483911f21 100644 --- a/nixos/modules/services/misc/redmine.nix +++ b/nixos/modules/services/misc/redmine.nix @@ -124,7 +124,7 @@ in { assertions = [ { assertion = cfg.databasePassword != ""; - message = "databasePassword must be set"; + message = "services.redmine.databasePassword must be set"; } ]; diff --git a/nixos/modules/services/monitoring/teamviewer.nix b/nixos/modules/services/monitoring/teamviewer.nix index 533f1ea6644b..dd98ecab828d 100644 --- a/nixos/modules/services/monitoring/teamviewer.nix +++ b/nixos/modules/services/monitoring/teamviewer.nix @@ -14,7 +14,7 @@ in options = { - services.teamviewer.enable = mkEnableOption "teamviewer daemon"; + services.teamviewer.enable = mkEnableOption "TeamViewer daemon"; }; @@ -27,9 +27,9 @@ in systemd.services.teamviewerd = { description = "TeamViewer remote control daemon"; - wantedBy = [ "graphical.target" ]; + wantedBy = [ "multi-user.target" ]; after = [ "NetworkManager-wait-online.service" "network.target" ]; - preStart = "mkdir -pv /var/tmp/teamviewer10/{logs,config}"; + preStart = "mkdir -pv /var/lib/teamviewer /var/log/teamviewer"; serviceConfig = { Type = "forking"; diff --git a/nixos/modules/services/networking/cntlm.nix b/nixos/modules/services/networking/cntlm.nix index a50aa4d0636b..76c0fd7d0ea3 100644 --- a/nixos/modules/services/networking/cntlm.nix +++ b/nixos/modules/services/networking/cntlm.nix @@ -73,29 +73,28 @@ in ###### implementation config = mkIf config.services.cntlm.enable { - + systemd.services.cntlm = { + description = "CNTLM is an NTLM / NTLM Session Response / NTLMv2 authenticating HTTP proxy"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + Type = "forking"; + User = "cntlm"; + ExecStart = '' + ${pkgs.cntlm}/bin/cntlm -U cntlm \ + -c ${pkgs.writeText "cntlm_config" cfg.extraConfig} + ''; + }; + }; + services.cntlm.netbios_hostname = mkDefault config.networking.hostName; - users.extraUsers = singleton { + users.extraUsers.cntlm = { name = "cntlm"; description = "cntlm system-wide daemon"; home = "/var/empty"; }; - jobs.cntlm = - { description = "CNTLM is an NTLM / NTLM Session Response / NTLMv2 authenticating HTTP proxy"; - - startOn = "started network-interfaces"; - - daemonType = "fork"; - - exec = - '' - ${pkgs.cntlm}/bin/cntlm -U cntlm \ - -c ${pkgs.writeText "cntlm_config" cfg.extraConfig} - ''; - }; - services.cntlm.extraConfig = '' # Cntlm Authentication Proxy Configuration @@ -108,8 +107,7 @@ in ${concatMapStrings (port: '' Listen ${toString port} '') cfg.port} - ''; - + ''; }; } diff --git a/nixos/modules/services/networking/ddclient.nix b/nixos/modules/services/networking/ddclient.nix index 5802d8b95b38..ee06dfbbca3a 100644 --- a/nixos/modules/services/networking/ddclient.nix +++ b/nixos/modules/services/networking/ddclient.nix @@ -18,7 +18,7 @@ let password=${config.services.ddclient.password} protocol=${config.services.ddclient.protocol} server=${config.services.ddclient.server} - ssl=${if config.services.ddclient.ssl then "yes" else "yes"} + ssl=${if config.services.ddclient.ssl then "yes" else "no"} wildcard=YES ${config.services.ddclient.domain} ${config.services.ddclient.extraConfig} diff --git a/nixos/modules/services/networking/hostapd.nix b/nixos/modules/services/networking/hostapd.nix index 2adbb0a5c4e3..5a6ca139ddad 100644 --- a/nixos/modules/services/networking/hostapd.nix +++ b/nixos/modules/services/networking/hostapd.nix @@ -53,11 +53,13 @@ in default = false; description = '' Enable putting a wireless interface into infrastructure mode, - allowing other wireless devices to associate with the wireless interface and do - wireless networking. A simple access point will enable hostapd.wpa, and - hostapd.wpa_passphrase, hostapd.ssid, dhcpd on the wireless interface to - provide IP addresses to the associated stations, and nat (from the wireless - interface to an upstream interface). + allowing other wireless devices to associate with the wireless + interface and do wireless networking. A simple access point will + <option>enable hostapd.wpa</option>, + <option>hostapd.wpaPassphrase</option>, and + <option>hostapd.ssid</option>, as well as DHCP on the wireless + interface to provide IP addresses to the associated stations, and + NAT (from the wireless interface to an upstream interface). ''; }; @@ -73,7 +75,10 @@ in default = "nl80211"; example = "hostapd"; type = types.string; - description = "Which driver hostapd will use. Most things will probably use the default."; + description = '' + Which driver <command>hostapd</command> will use. + Most applications will probably use the default. + ''; }; ssid = mkOption { @@ -87,7 +92,10 @@ in default = "b"; example = "g"; type = types.string; - description = "Operation mode (a = IEEE 802.11a, b = IEEE 802.11b, g = IEEE 802.11g"; + description = '' + Operation mode. + (a = IEEE 802.11a, b = IEEE 802.11b, g = IEEE 802.11g). + ''; }; channel = mkOption { @@ -97,8 +105,9 @@ in description = '' Channel number (IEEE 802.11) - Please note that some drivers do not use this value from hostapd and the - channel will need to be configured separately with iwconfig. + Please note that some drivers do not use this value from + <command>hostapd</command> and the channel will need to be configured + separately with <command>iwconfig</command>. ''; }; @@ -106,12 +115,16 @@ in default = "wheel"; example = "network"; type = types.string; - description = "members of this group can control hostapd"; + description = '' + Members of this group can control <command>hostapd</command>. + ''; }; wpa = mkOption { default = true; - description = "enable WPA (IEEE 802.11i/D3.0) to authenticate to the access point"; + description = '' + Enable WPA (IEEE 802.11i/D3.0) to authenticate with the access point. + ''; }; wpaPassphrase = mkOption { @@ -121,8 +134,9 @@ in description = '' WPA-PSK (pre-shared-key) passphrase. Clients will need this - passphrase to associate with this access point. Warning: This passphrase will - get put into a world-readable file in the nix store. + passphrase to associate with this access point. + Warning: This passphrase will get put into a world-readable file in + the Nix store! ''; }; @@ -134,7 +148,7 @@ in ht_capab=[HT40-][SHORT-GI-40][DSSS_CCK-40] ''; type = types.string; - description = "Extra configuration options to put in the hostapd.conf"; + description = "Extra configuration options to put in hostapd.conf."; }; }; }; diff --git a/nixos/modules/services/networking/miniupnpd.nix b/nixos/modules/services/networking/miniupnpd.nix new file mode 100644 index 000000000000..e654eb80b177 --- /dev/null +++ b/nixos/modules/services/networking/miniupnpd.nix @@ -0,0 +1,70 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.services.miniupnpd; + configFile = pkgs.writeText "miniupnpd.conf" '' + ext_ifname=${cfg.externalInterface} + enable_natpmp=${if cfg.natpmp then "yes" else "no"} + enable_upnp=${if cfg.upnp then "yes" else "no"} + + ${concatMapStrings (range: '' + listening_ip=${range} + '') cfg.internalIPs} + + ${cfg.appendConfig} + ''; +in +{ + options = { + services.miniupnpd = { + enable = mkEnableOption "MiniUPnP daemon"; + + externalInterface = mkOption { + type = types.str; + description = '' + Name of the external interface. + ''; + }; + + internalIPs = mkOption { + type = types.listOf types.str; + example = [ "192.168.1.0/24" ]; + description = '' + The IP address ranges to listen on. + ''; + }; + + natpmp = mkEnableOption "NAT-PMP support"; + + upnp = mkOption { + default = true; + type = types.bool; + description = '' + Whether to enable UPNP support. + ''; + }; + + appendConfig = mkOption { + type = types.lines; + default = ""; + description = '' + Configuration lines appended to the MiniUPnP config. + ''; + }; + }; + }; + + config = mkIf cfg.enable { + systemd.services.miniupnpd = { + description = "MiniUPnP daemon"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + path = [ pkgs.miniupnpd ]; + serviceConfig = { + ExecStart = "${pkgs.miniupnpd}/bin/miniupnpd -d -f ${configFile}"; + }; + }; + }; +} diff --git a/nixos/modules/services/networking/nsd.nix b/nixos/modules/services/networking/nsd.nix index 36d9f5d2f166..e85f26811257 100644 --- a/nixos/modules/services/networking/nsd.nix +++ b/nixos/modules/services/networking/nsd.nix @@ -300,22 +300,8 @@ in options = { services.nsd = { - enable = mkOption { - type = types.bool; - default = false; - description = '' - Whether to enable the NSD authoritative domain name server. - ''; - }; - - bind8Stats = mkOption { - type = types.bool; - default = false; - example = true; - description = '' - Wheter to enable BIND8 like statisics. - ''; - }; + enable = mkEnableOption "NSD authoritative DNS server"; + bind8Stats = mkEnableOption "BIND8 like statistics"; rootServer = mkOption { type = types.bool; @@ -483,13 +469,7 @@ in ratelimit = { - enable = mkOption { - type = types.bool; - default = false; - description = '' - Enable ratelimit capabilities. - ''; - }; + enable = mkEnableOption "ratelimit capabilities"; size = mkOption { type = types.int; @@ -548,13 +528,7 @@ in remoteControl = { - enable = mkOption { - type = types.bool; - default = false; - description = '' - Wheter to enable remote control via nsd-control(8). - ''; - }; + enable = mkEnableOption "remote control via nsd-control"; interfaces = mkOption { type = types.listOf types.str; diff --git a/nixos/modules/services/networking/shout.nix b/nixos/modules/services/networking/shout.nix index f55b87a96140..fe3cba8f1492 100644 --- a/nixos/modules/services/networking/shout.nix +++ b/nixos/modules/services/networking/shout.nix @@ -57,7 +57,7 @@ in { wantedBy = [ "multi-user.target" ]; wants = [ "network-online.target" ]; after = [ "network-online.target" ]; - preStart = if isNull cfg.configFile then null + preStart = if isNull cfg.configFile then "" else '' ln -sf ${pkgs.writeText "config.js" cfg.configFile} \ ${shoutHome}/config.js diff --git a/nixos/modules/services/networking/strongswan.nix b/nixos/modules/services/networking/strongswan.nix index 8778b0364f9a..d6960a5df471 100644 --- a/nixos/modules/services/networking/strongswan.nix +++ b/nixos/modules/services/networking/strongswan.nix @@ -118,7 +118,7 @@ in systemd.services.strongswan = { description = "strongSwan IPSec Service"; wantedBy = [ "multi-user.target" ]; - path = with pkgs; [ kmod iproute iptables utillinux ]; # XXX Linux + path = with pkgs; [ config.system.sbin.modprobe iproute iptables utillinux ]; # XXX Linux wants = [ "keys.target" ]; after = [ "network.target" "keys.target" ]; environment = { diff --git a/nixos/modules/services/torrent/transmission.nix b/nixos/modules/services/torrent/transmission.nix index 5822fb111b82..c4dc6512a0dd 100644 --- a/nixos/modules/services/torrent/transmission.nix +++ b/nixos/modules/services/torrent/transmission.nix @@ -113,21 +113,26 @@ in #include <abstractions/base> #include <abstractions/nameservice> - ${pkgs.glibc.out}/lib/*.so mr, - ${pkgs.libevent.out}/lib/libevent*.so* mr, - ${pkgs.curl.out}/lib/libcurl*.so* mr, - ${pkgs.openssl.out}/lib/libssl*.so* mr, - ${pkgs.openssl.out}/lib/libcrypto*.so* mr, - ${pkgs.zlib.out}/lib/libz*.so* mr, - ${pkgs.libssh2.out}/lib/libssh2*.so* mr, - ${pkgs.systemd}/lib/libsystemd*.so* mr, - ${pkgs.xz.out}/lib/liblzma*.so* mr, - ${pkgs.libgcrypt.out}/lib/libgcrypt*.so* mr, + ${pkgs.glibc.out}/lib/*.so mr, + ${pkgs.libevent.out}/lib/libevent*.so* mr, + ${pkgs.curl.out}/lib/libcurl*.so* mr, + ${pkgs.openssl.out}/lib/libssl*.so* mr, + ${pkgs.openssl.out}/lib/libcrypto*.so* mr, + ${pkgs.zlib.out}/lib/libz*.so* mr, + ${pkgs.libssh2.out}/lib/libssh2*.so* mr, + ${pkgs.systemd}/lib/libsystemd*.so* mr, + ${pkgs.xz.out}/lib/liblzma*.so* mr, + ${pkgs.libgcrypt.out}/lib/libgcrypt*.so* mr, ${pkgs.libgpgerror.out}/lib/libgpg-error*.so* mr, + ${pkgs.libnghttp2.out}/lib/libnghttp2*.so* mr, + ${pkgs.c-ares.out}/lib/libcares*.so* mr, + ${pkgs.libcap.out}/lib/libcap*.so* mr, + ${pkgs.attr.out}/lib/libattr*.so* mr, @{PROC}/sys/kernel/random/uuid r, @{PROC}/sys/vm/overcommit_memory r, + ${pkgs.openssl}/etc/** r, ${pkgs.transmission}/share/transmission/** r, owner ${settingsDir}/** rw, diff --git a/nixos/modules/services/web-apps/pump.io.nix b/nixos/modules/services/web-apps/pump.io.nix new file mode 100644 index 000000000000..b7c64bc6940b --- /dev/null +++ b/nixos/modules/services/web-apps/pump.io.nix @@ -0,0 +1,364 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.services.pumpio; + dataDir = "/var/lib/pump.io"; + user = "pumpio"; + + configOptions = { + driver = if cfg.driver == "disk" then null else cfg.driver; + params = ({ } // + (if cfg.driver == "disk" then { + dir = dataDir; + } else { }) // + (if cfg.driver == "mongodb" || cfg.driver == "redis" then { + host = cfg.dbHost; + port = cfg.dbPort; + dbname = cfg.dbName; + dbuser = cfg.dbUser; + dbpass = cfg.dbPassword; + } else { }) // + (if cfg.driver == "memcached" then { + host = cfg.dbHost; + port = cfg.dbPort; + } else { }) // + cfg.driverParams); + + secret = cfg.secret; + + address = cfg.address; + port = cfg.port; + + noweb = false; + urlPort = cfg.urlPort; + hostname = cfg.hostname; + favicon = cfg.favicon; + + site = cfg.site; + owner = cfg.owner; + ownerURL = cfg.ownerURL; + + key = cfg.sslKey; + cert = cfg.sslCert; + bounce = false; + + spamhost = cfg.spamHost; + spamclientid = cfg.spamClientId; + spamclientsecret = cfg.spamClientSecret; + + requireEmail = cfg.requireEmail; + smtpserver = cfg.smtpHost; + smtpport = cfg.smtpPort; + smtpuser = cfg.smtpUser; + smtppass = cfg.smtpPassword; + smtpusessl = cfg.smtpUseSSL; + smtpfrom = cfg.smtpFrom; + + nologger = false; + uploaddir = "${dataDir}/uploads"; + debugClient = false; + firehose = cfg.firehose; + disableRegistration = cfg.disableRegistration; + } // + (if cfg.port < 1024 then { + serverUser = user; # have pump.io listen then drop privileges + } else { }) // + cfg.extraConfig; + +in + +{ + options = { + + services.pumpio = { + + enable = mkEnableOption "Pump.io social streams server"; + + secret = mkOption { + type = types.str; + example = "my dog has fleas"; + description = '' + A session-generating secret, server-wide password. Warning: + this is stored in cleartext in the Nix store! + ''; + }; + + site = mkOption { + type = types.str; + example = "Awesome Sauce"; + description = "Name of the server"; + }; + + owner = mkOption { + type = types.str; + default = ""; + example = "Awesome Inc."; + description = "Name of owning entity, if you want to link to it."; + }; + + ownerURL = mkOption { + type = types.str; + default = ""; + example = "https://pump.io"; + description = "URL of owning entity, if you want to link to it."; + }; + + address = mkOption { + type = types.str; + default = "localhost"; + description = '' + Web server listen address. + ''; + }; + + port = mkOption { + type = types.int; + default = 31337; + description = '' + Port to listen on. Defaults to 31337, which is suitable for + running behind a reverse proxy. For a standalone server, + use 443. + ''; + }; + + hostname = mkOption { + type = types.nullOr types.str; + default = null; + description = '' + The hostname of the server, used for generating + URLs. Defaults to "localhost" which doesn't do much for you. + ''; + }; + + urlPort = mkOption { + type = types.int; + default = 443; + description = '' + Port to use for generating URLs. This basically has to be + either 80 or 443 because the host-meta and Webfinger + protocols don't make any provision for HTTP/HTTPS servers + running on other ports. + ''; + }; + + favicon = mkOption { + type = types.nullOr types.path; + default = null; + description = '' + Local filesystem path to the favicon.ico file to use. This + will be served as "/favicon.ico" by the server. + ''; + }; + + sslKey = mkOption { + type = types.path; + example = "${dataDir}/myserver.key"; + default = ""; + description = '' + The path to the server certificate private key. The + certificate is required, but it can be self-signed. + ''; + }; + + sslCert = mkOption { + type = types.path; + example = "${dataDir}/myserver.crt"; + default = ""; + description = '' + The path to the server certificate. The certificate is + required, but it can be self-signed. + ''; + }; + + firehose = mkOption { + type = types.str; + default = "ofirehose.com"; + description = '' + Firehose host running the ofirehose software. Defaults to + "ofirehose.com". Public notices will be ping this firehose + server and from there go out to search engines and the + world. If you want to disconnect from the public web, set + this to something falsy. + ''; + }; + + disableRegistration = mkOption { + type = types.bool; + default = false; + description = '' + Disables registering new users on the site through the Web + or the API. + ''; + }; + + requireEmail = mkOption { + type = types.bool; + default = false; + description = "Require an e-mail address to register."; + }; + + extraConfig = mkOption { + default = { }; + description = '' + Extra configuration options which are serialized to json and added + to the pump.io.json config file. + ''; + }; + + driver = mkOption { + type = types.enum [ "mongodb" "disk" "lrucache" "memcached" "redis" ]; + default = "mongodb"; + description = "Type of database. Corresponds to a nodejs databank driver."; + }; + + driverParams = mkOption { + default = { }; + description = "Extra parameters for the driver."; + }; + + dbHost = mkOption { + type = types.str; + default = "localhost"; + description = "The database host to connect to."; + }; + + dbPort = mkOption { + type = types.int; + default = 27017; + description = "The port that the database is listening on."; + }; + + dbName = mkOption { + type = types.str; + default = "pumpio"; + description = "The name of the database to use."; + }; + + dbUser = mkOption { + type = types.nullOr types.str; + default = null; + description = '' + The username. Defaults to null, meaning no authentication. + ''; + }; + + dbPassword = mkOption { + type = types.nullOr types.str; + default = null; + description = '' + The password corresponding to dbUser. Warning: this is + stored in cleartext in the Nix store! + ''; + }; + + smtpHost = mkOption { + type = types.nullOr types.str; + default = null; + example = "localhost"; + description = '' + Server to use for sending transactional email. If it's not + set up, no email is sent and features like password recovery + and email notification won't work. + ''; + }; + + smtpPort = mkOption { + type = types.int; + default = 25; + description = '' + Port to connect to on SMTP server. + ''; + }; + + smtpUser = mkOption { + type = types.nullOr types.str; + default = null; + description = '' + Username to use to connect to SMTP server. Might not be + necessary for some servers. + ''; + }; + + smtpPassword = mkOption { + type = types.nullOr types.str; + default = null; + description = '' + Password to use to connect to SMTP server. Might not be + necessary for some servers. Warning: this is stored in + cleartext in the Nix store! + ''; + }; + + smtpUseSSL = mkOption { + type = types.bool; + default = false; + description = '' + Only use SSL with the SMTP server. By default, a SSL + connection is negotiated using TLS. You may need to change + the smtpPort value if you set this. + ''; + }; + + smtpFrom = mkOption { + type = types.nullOr types.str; + default = null; + description = '' + Email address to use in the "From:" header of outgoing + notifications. Defaults to 'no-reply@' plus the site + hostname. + ''; + }; + + spamHost = mkOption { + type = types.nullOr types.str; + default = null; + description = '' + Host running activityspam software to use to test updates + for spam. + ''; + }; + spamClientId = mkOption { + type = types.nullOr types.str; + default = null; + description = "OAuth pair for spam server."; + }; + spamClientSecret = mkOption { + type = types.nullOr types.str; + default = null; + description = '' + OAuth pair for spam server. Warning: this is + stored in cleartext in the Nix store! + ''; + }; + }; + + }; + + config = mkIf cfg.enable { + systemd.services."pump.io" = + { description = "pump.io social network stream server"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig.ExecStart = "${pkgs.pumpio}/bin/pump -c /etc/pump.io.json"; + serviceConfig.User = if cfg.port < 1024 then "root" else user; + serviceConfig.Group = user; + }; + + environment.etc."pump.io.json" = { + mode = "0440"; + gid = config.ids.gids.pumpio; + text = builtins.toJSON configOptions; + }; + + users.extraGroups.pumpio.gid = config.ids.gids.pumpio; + users.extraUsers.pumpio = { + group = "pumpio"; + uid = config.ids.uids.pumpio; + description = "Pump.io user"; + home = dataDir; + createHome = true; + }; + }; +} diff --git a/nixos/modules/services/web-servers/apache-httpd/owncloud.nix b/nixos/modules/services/web-servers/apache-httpd/owncloud.nix index a5e539bc9ba7..9994de0f9b40 100644 --- a/nixos/modules/services/web-servers/apache-httpd/owncloud.nix +++ b/nixos/modules/services/web-servers/apache-httpd/owncloud.nix @@ -70,7 +70,7 @@ let "proxyuserpwd" => "", /* List of trusted domains, to prevent host header poisoning ownCloud is only using these Host headers */ - 'trusted_domains' => array('${config.trustedDomain}'), + ${if config.trustedDomain != "" then "'trusted_domains' => array('${config.trustedDomain}')," else ""} /* Theme to use for ownCloud */ "theme" => "", @@ -331,7 +331,7 @@ let */ 'share_folder' => '/', - 'version' => '${pkgs.owncloud.version}', + 'version' => '${config.package.version}', 'openssl' => '${pkgs.openssl}/bin/openssl' @@ -345,16 +345,15 @@ rec { extraConfig = '' - ServerName ${config.siteName} - ServerAdmin ${config.adminAddr} - DocumentRoot ${documentRoot} + ${if config.urlPrefix != "" then "Alias ${config.urlPrefix} ${config.package}" else '' - RewriteEngine On - RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} !-f - RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} !-d + RewriteEngine On + RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} !-f + RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} !-d + ''} - <Directory ${pkgs.owncloud}> - ${builtins.readFile "${pkgs.owncloud}/.htaccess"} + <Directory ${config.package}> + ${builtins.readFile "${config.package}/.htaccess"} </Directory> ''; @@ -362,12 +361,29 @@ rec { { name = "OC_CONFIG_PATH"; value = "${config.dataDir}/config/"; } ]; - documentRoot = pkgs.owncloud; + documentRoot = if config.urlPrefix == "" then config.package else null; enablePHP = true; options = { + package = mkOption { + type = types.package; + default = pkgs.owncloud70; + example = literalExample "pkgs.owncloud70"; + description = '' + PostgreSQL package to use. + ''; + }; + + urlPrefix = mkOption { + default = ""; + example = "/owncloud"; + description = '' + The URL prefix under which the owncloud service appears. + ''; + }; + id = mkOption { default = "main"; description = '' @@ -552,7 +568,7 @@ rec { cp ${owncloudConfig} ${config.dataDir}/config/config.php mkdir -p ${config.dataDir}/storage mkdir -p ${config.dataDir}/apps - cp -r ${pkgs.owncloud}/apps/* ${config.dataDir}/apps/ + cp -r ${config.package}/apps/* ${config.dataDir}/apps/ chmod -R ug+rw ${config.dataDir} chmod -R o-rwx ${config.dataDir} chown -R wwwrun:wwwrun ${config.dataDir} @@ -566,7 +582,11 @@ rec { ${pkgs.sudo}/bin/sudo -u postgres ${pkgs.postgresql}/bin/psql -h "/tmp" -U postgres -d ${config.dbName} -Atw -c "$QUERY" || true fi - ${php}/bin/php ${pkgs.owncloud}/occ upgrade || true + if [ -e ${config.package}/config/ca-bundle.crt ]; then + cp -f ${config.package}/config/ca-bundle.crt ${config.dataDir}/config/ + fi + + ${php}/bin/php ${config.package}/occ upgrade >> ${config.dataDir}/upgrade.log || true chown wwwrun:wwwrun ${config.dataDir}/owncloud.log || true diff --git a/nixos/modules/services/web-servers/apache-httpd/wordpress.nix b/nixos/modules/services/web-servers/apache-httpd/wordpress.nix index a28c8567f9ff..937b2698ce9b 100644 --- a/nixos/modules/services/web-servers/apache-httpd/wordpress.nix +++ b/nixos/modules/services/web-servers/apache-httpd/wordpress.nix @@ -5,7 +5,7 @@ with lib; let - version = "4.3"; + version = "4.3.1"; fullversion = "${version}"; # Our bare-bones wp-config.php file using the above settings @@ -74,7 +74,7 @@ let owner = "WordPress"; repo = "WordPress"; rev = "${fullversion}"; - sha256 = "0sz5jjhjpwqis8336gyq9a77cr4sf8zahd1y4pzmpvpzn9cn503y"; + sha256 = "1rk10vcv4z9p04hfzc0wkbilrgx7m9ssyr6c3w6vw3vl1bcgqxza"; }; installPhase = '' mkdir -p $out diff --git a/nixos/modules/services/x11/desktop-managers/kde5.nix b/nixos/modules/services/x11/desktop-managers/kde5.nix index dc6aa137cbd3..0f3cb5735e75 100644 --- a/nixos/modules/services/x11/desktop-managers/kde5.nix +++ b/nixos/modules/services/x11/desktop-managers/kde5.nix @@ -108,16 +108,26 @@ in kdeApps.okular kdeApps.print-manager + # Oxygen icons moved to KDE Frameworks 5.16 and later. (kdeApps.oxygen-icons or kf5.oxygen-icons5) pkgs.hicolor_icon_theme plasma5.kde-gtk-config - pkgs.orion # GTK theme, nearly identical to Breeze ] + + # Plasma 5.5 and later has a Breeze GTK theme. + # If it is not available, Orion is very similar to Breeze. + ++ lib.optional (!(lib.hasAttr "breeze-gtk" plasma5)) pkgs.orion + + # Install Breeze icons if available + ++ lib.optional (lib.hasAttr "breeze-icons" kf5) kf5.breeze-icons + + # Optional hardware support features ++ lib.optional config.hardware.bluetooth.enable plasma5.bluedevil ++ lib.optional config.networking.networkmanager.enable plasma5.plasma-nm ++ lib.optional config.hardware.pulseaudio.enable plasma5.plasma-pa ++ lib.optional config.powerManagement.enable plasma5.powerdevil + ++ lib.optionals cfg.phonon.gstreamer.enable [ pkgs.phonon_backend_gstreamer @@ -135,6 +145,7 @@ in pkgs.gst_all_1.gst-plugins-bad pkgs.gst_all_1.gst-libav # for mp3 playback ] + ++ lib.optionals cfg.phonon.vlc.enable [ pkgs.phonon_qt5_backend_vlc @@ -166,6 +177,14 @@ in # Extra UDEV rules used by Solid services.udev.packages = [ pkgs.media-player-info ]; + services.xserver.displayManager.sddm = { + theme = "breeze"; + themes = [ + plasma5.plasma-workspace + (kdeApps.oxygen-icons or kf5.oxygen-icons5) + ]; + }; + security.pam.services.kde = { allowNullPassword = true; }; }; diff --git a/nixos/modules/services/x11/display-managers/lightdm-greeters/gtk.nix b/nixos/modules/services/x11/display-managers/lightdm-greeters/gtk.nix new file mode 100644 index 000000000000..4b598ca48b00 --- /dev/null +++ b/nixos/modules/services/x11/display-managers/lightdm-greeters/gtk.nix @@ -0,0 +1,121 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + + dmcfg = config.services.xserver.displayManager; + ldmcfg = dmcfg.lightdm; + cfg = ldmcfg.greeters.gtk; + + inherit (pkgs) stdenv lightdm writeScript writeText; + + theme = cfg.theme.package; + icons = cfg.iconTheme.package; + + # The default greeter provided with this expression is the GTK greeter. + # Again, we need a few things in the environment for the greeter to run with + # fonts/icons. + wrappedGtkGreeter = stdenv.mkDerivation { + name = "lightdm-gtk-greeter"; + buildInputs = [ pkgs.makeWrapper ]; + + buildCommand = '' + # This wrapper ensures that we actually get themes + makeWrapper ${pkgs.lightdm_gtk_greeter}/sbin/lightdm-gtk-greeter \ + $out/greeter \ + --prefix PATH : "${pkgs.glibc.bin}/bin" \ + --set GDK_PIXBUF_MODULE_FILE "${pkgs.gdk_pixbuf.out}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache" \ + --set GTK_PATH "${theme}:${pkgs.gtk3.out}" \ + --set GTK_EXE_PREFIX "${theme}" \ + --set GTK_DATA_PREFIX "${theme}" \ + --set XDG_DATA_DIRS "${theme}/share:${icons}/share" \ + --set XDG_CONFIG_HOME "${theme}/share" + + cat - > $out/lightdm-gtk-greeter.desktop << EOF + [Desktop Entry] + Name=LightDM Greeter + Comment=This runs the LightDM Greeter + Exec=$out/greeter + Type=Application + EOF + ''; + }; + + gtkGreeterConf = writeText "lightdm-gtk-greeter.conf" + '' + [greeter] + theme-name = ${cfg.theme.name} + icon-theme-name = ${cfg.iconTheme.name} + background = ${ldmcfg.background} + ''; + +in +{ + options = { + + services.xserver.displayManager.lightdm.greeters.gtk = { + + enable = mkOption { + type = types.bool; + default = true; + description = '' + Whether to enable lightdm-gtk-greeter as the lightdm greeter. + ''; + }; + + theme = { + + package = mkOption { + type = types.path; + default = pkgs.gnome3.gnome_themes_standard; + description = '' + The package path that contains the theme given in the name option. + ''; + }; + + name = mkOption { + type = types.str; + default = "Adwaita"; + description = '' + Name of the theme to use for the lightdm-gtk-greeter. + ''; + }; + + }; + + iconTheme = { + + package = mkOption { + type = types.path; + default = pkgs.gnome3.defaultIconTheme; + description = '' + The package path that contains the icon theme given in the name option. + ''; + }; + + name = mkOption { + type = types.str; + default = "Adwaita"; + description = '' + Name of the icon theme to use for the lightdm-gtk-greeter. + ''; + }; + + }; + + }; + + }; + + config = mkIf (ldmcfg.enable && cfg.enable) { + + services.xserver.displayManager.lightdm.greeter = mkDefault { + package = wrappedGtkGreeter; + name = "lightdm-gtk-greeter"; + }; + + environment.etc."lightdm/lightdm-gtk-greeter.conf".source = gtkGreeterConf; + + }; +} diff --git a/nixos/modules/services/x11/display-managers/lightdm.nix b/nixos/modules/services/x11/display-managers/lightdm.nix index 48fab0243566..c8ccf43029dc 100644 --- a/nixos/modules/services/x11/display-managers/lightdm.nix +++ b/nixos/modules/services/x11/display-managers/lightdm.nix @@ -18,38 +18,6 @@ let exec ${dmcfg.xserverBin} ${dmcfg.xserverArgs} ''; - theme = pkgs.gnome3.gnome_themes_standard; - icons = pkgs.gnome3.defaultIconTheme; - - # The default greeter provided with this expression is the GTK greeter. - # Again, we need a few things in the environment for the greeter to run with - # fonts/icons. - wrappedGtkGreeter = stdenv.mkDerivation { - name = "lightdm-gtk-greeter"; - buildInputs = [ pkgs.makeWrapper ]; - - buildCommand = '' - # This wrapper ensures that we actually get themes - makeWrapper ${pkgs.lightdm_gtk_greeter}/sbin/lightdm-gtk-greeter \ - $out/greeter \ - --prefix PATH : "${pkgs.glibc.bin}/bin" \ - --set GDK_PIXBUF_MODULE_FILE "${pkgs.gdk_pixbuf.out}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache" \ - --set GTK_PATH "${theme}:${pkgs.gtk3.out}" \ - --set GTK_EXE_PREFIX "${theme}" \ - --set GTK_DATA_PREFIX "${theme}" \ - --set XDG_DATA_DIRS "${theme}/share:${icons}/share" \ - --set XDG_CONFIG_HOME "${theme}/share" - - cat - > $out/lightdm-gtk-greeter.desktop << EOF - [Desktop Entry] - Name=LightDM Greeter - Comment=This runs the LightDM Greeter - Exec=$out/greeter - Type=Application - EOF - ''; - }; - usersConf = writeText "users.conf" '' [UserList] @@ -72,34 +40,42 @@ let ${cfg.extraSeatDefaults} ''; - gtkGreeterConf = writeText "lightdm-gtk-greeter.conf" - '' - [greeter] - theme-name = Adwaita - icon-theme-name = Adwaita - background = ${cfg.background} - ''; - in { + # Note: the order in which lightdm greeter modules are imported + # here determines the default: later modules (if enable) are + # preferred. + imports = [ + ./lightdm-greeters/gtk.nix + ]; + options = { + services.xserver.displayManager.lightdm = { enable = mkOption { + type = types.bool; default = false; description = '' Whether to enable lightdm as the display manager. ''; }; - greeter = mkOption { - description = '' - The LightDM greeter to login via. The package should be a directory - containing a .desktop file matching the name in the 'name' option. - ''; - default = { - name = "lightdm-gtk-greeter"; - package = wrappedGtkGreeter; + greeter = { + package = mkOption { + type = types.path; + description = '' + The LightDM greeter to login via. The package should be a directory + containing a .desktop file matching the name in the 'name' option. + ''; + + }; + name = mkOption { + type = types.string; + description = '' + The name of a .desktop file in the directory specified + in the 'package' option. + ''; }; }; @@ -135,7 +111,6 @@ in ''; }; - environment.etc."lightdm/lightdm-gtk-greeter.conf".source = gtkGreeterConf; environment.etc."lightdm/lightdm.conf".source = lightdmConf; environment.etc."lightdm/users.conf".source = usersConf; diff --git a/nixos/modules/services/x11/display-managers/sddm.nix b/nixos/modules/services/x11/display-managers/sddm.nix index 16a0d1b6d963..ae947a5d2d4b 100644 --- a/nixos/modules/services/x11/display-managers/sddm.nix +++ b/nixos/modules/services/x11/display-managers/sddm.nix @@ -9,6 +9,8 @@ let cfg = dmcfg.sddm; xEnv = config.systemd.services."display-manager".environment; + sddm = pkgs.sddm.override { inherit (cfg) themes; }; + xserverWrapper = pkgs.writeScript "xserver-wrapper" '' #!/bin/sh ${concatMapStrings (n: "export ${n}=\"${getAttr n xEnv}\"\n") (attrNames xEnv)} @@ -22,6 +24,8 @@ let [Theme] Current=${cfg.theme} + ThemeDir=${sddm}/share/sddm/themes + FacesDir=${sddm}/share/sddm/faces [Users] MaximumUid=${toString config.ids.uids.nixbld} @@ -86,6 +90,14 @@ in ''; }; + themes = mkOption { + type = types.listOf types.package; + default = []; + description = '' + Extra packages providing themes. + ''; + }; + autoLogin = mkOption { default = {}; description = '' @@ -146,8 +158,7 @@ in services.xserver.displayManager.job = { logsXsession = true; - #execCmd = "${pkgs.sddm}/bin/sddm"; - execCmd = "exec ${pkgs.sddm}/bin/sddm"; + execCmd = "exec ${sddm}/bin/sddm"; }; security.pam.services = { diff --git a/nixos/modules/services/x11/window-managers/afterstep.nix b/nixos/modules/services/x11/window-managers/afterstep.nix index 395dabb86b5e..ba88a64c702a 100644 --- a/nixos/modules/services/x11/window-managers/afterstep.nix +++ b/nixos/modules/services/x11/window-managers/afterstep.nix @@ -8,10 +8,7 @@ in { ###### interface options = { - services.xserver.windowManager.afterstep.enable = mkOption { - default = false; - description = "Enable the Afterstep window manager."; - }; + services.xserver.windowManager.afterstep.enable = mkEnableOption "afterstep"; }; ###### implementation diff --git a/nixos/modules/services/x11/window-managers/bspwm.nix b/nixos/modules/services/x11/window-managers/bspwm.nix index d234a432e9a9..8b4e91d25aa4 100644 --- a/nixos/modules/services/x11/window-managers/bspwm.nix +++ b/nixos/modules/services/x11/window-managers/bspwm.nix @@ -8,12 +8,7 @@ in { options = { - services.xserver.windowManager.bspwm.enable = mkOption { - type = types.bool; - default = false; - example = true; - description = "Enable the bspwm window manager."; - }; + services.xserver.windowManager.bspwm.enable = mkEnableOption "bspwm"; }; config = mkIf cfg.enable { diff --git a/nixos/modules/services/x11/window-managers/clfswm.nix b/nixos/modules/services/x11/window-managers/clfswm.nix index 9d8eecb56c77..176c1f461271 100644 --- a/nixos/modules/services/x11/window-managers/clfswm.nix +++ b/nixos/modules/services/x11/window-managers/clfswm.nix @@ -8,14 +8,7 @@ in { options = { - services.xserver.windowManager.clfswm = { - enable = mkOption { - type = types.bool; - default = false; - example = true; - description = "Enable the clfswm tiling window manager."; - }; - }; + services.xserver.windowManager.clfswm.enable = mkEnableOption "clfswm"; }; config = mkIf cfg.enable { diff --git a/nixos/modules/services/x11/window-managers/compiz.nix b/nixos/modules/services/x11/window-managers/compiz.nix index ffd71e5f91ec..539a83f99068 100644 --- a/nixos/modules/services/x11/window-managers/compiz.nix +++ b/nixos/modules/services/x11/window-managers/compiz.nix @@ -15,10 +15,7 @@ in services.xserver.windowManager.compiz = { - enable = mkOption { - default = false; - description = "Enable the Compiz window manager."; - }; + enable = mkEnableOption "compiz"; renderingFlag = mkOption { default = ""; diff --git a/nixos/modules/services/x11/window-managers/default.nix b/nixos/modules/services/x11/window-managers/default.nix index 31f42f5ffb9f..37d3348b8a32 100644 --- a/nixos/modules/services/x11/window-managers/default.nix +++ b/nixos/modules/services/x11/window-managers/default.nix @@ -12,6 +12,7 @@ in ./bspwm.nix ./clfswm.nix ./compiz.nix + ./dwm.nix ./fluxbox.nix ./herbstluftwm.nix ./i3.nix diff --git a/nixos/modules/services/x11/window-managers/dwm.nix b/nixos/modules/services/x11/window-managers/dwm.nix new file mode 100644 index 000000000000..a74bfce097de --- /dev/null +++ b/nixos/modules/services/x11/window-managers/dwm.nix @@ -0,0 +1,37 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + + cfg = config.services.xserver.windowManager.dwm; + +in + +{ + + ###### interface + + options = { + services.xserver.windowManager.dwm.enable = mkEnableOption "dwm"; + }; + + + ###### implementation + + config = mkIf cfg.enable { + + services.xserver.windowManager.session = singleton + { name = "dwm"; + start = + '' + ${pkgs.dwm}/bin/dwm & + waitPID=$! + ''; + }; + + environment.systemPackages = [ pkgs.dwm ]; + + }; + +} diff --git a/nixos/modules/services/x11/window-managers/fluxbox.nix b/nixos/modules/services/x11/window-managers/fluxbox.nix index 4748ce99ccf2..b409335702af 100644 --- a/nixos/modules/services/x11/window-managers/fluxbox.nix +++ b/nixos/modules/services/x11/window-managers/fluxbox.nix @@ -8,10 +8,7 @@ in { ###### interface options = { - services.xserver.windowManager.fluxbox.enable = mkOption { - default = false; - description = "Enable the Fluxbox window manager."; - }; + services.xserver.windowManager.fluxbox.enable = mkEnableOption "fluxbox"; }; ###### implementation diff --git a/nixos/modules/services/x11/window-managers/herbstluftwm.nix b/nixos/modules/services/x11/window-managers/herbstluftwm.nix index 6cda910b6b33..829935fa432b 100644 --- a/nixos/modules/services/x11/window-managers/herbstluftwm.nix +++ b/nixos/modules/services/x11/window-managers/herbstluftwm.nix @@ -8,12 +8,7 @@ in { options = { - services.xserver.windowManager.herbstluftwm.enable = mkOption { - type = types.bool; - default = false; - example = true; - description = "Enable the herbstluftwm window manager."; - }; + services.xserver.windowManager.herbstluftwm.enable = mkEnableOption "herbstluftwm"; }; config = mkIf cfg.enable { diff --git a/nixos/modules/services/x11/window-managers/i3.nix b/nixos/modules/services/x11/window-managers/i3.nix index e85c3bce591d..0d5816e363d6 100644 --- a/nixos/modules/services/x11/window-managers/i3.nix +++ b/nixos/modules/services/x11/window-managers/i3.nix @@ -9,11 +9,7 @@ in { options = { services.xserver.windowManager.i3 = { - enable = mkOption { - default = false; - example = true; - description = "Enable the i3 tiling window manager."; - }; + enable = mkEnableOption "i3"; configFile = mkOption { default = null; diff --git a/nixos/modules/services/x11/window-managers/icewm.nix b/nixos/modules/services/x11/window-managers/icewm.nix index 9a3e80221890..f4ae9222df67 100644 --- a/nixos/modules/services/x11/window-managers/icewm.nix +++ b/nixos/modules/services/x11/window-managers/icewm.nix @@ -8,7 +8,7 @@ in { ###### interface options = { - services.xserver.windowManager.icewm.enable = mkEnableOption "oroborus"; + services.xserver.windowManager.icewm.enable = mkEnableOption "icewm"; }; ###### implementation diff --git a/nixos/modules/services/x11/window-managers/metacity.nix b/nixos/modules/services/x11/window-managers/metacity.nix index d13cbcfe40e8..3e5229be634f 100644 --- a/nixos/modules/services/x11/window-managers/metacity.nix +++ b/nixos/modules/services/x11/window-managers/metacity.nix @@ -12,13 +12,7 @@ in { options = { - - services.xserver.windowManager.metacity.enable = mkOption { - default = false; - example = true; - description = "Enable the metacity window manager."; - }; - + services.xserver.windowManager.metacity.enable = mkEnableOption "metacity"; }; config = mkIf cfg.enable { diff --git a/nixos/modules/services/x11/window-managers/notion.nix b/nixos/modules/services/x11/window-managers/notion.nix index 1bfc2a86e965..4ece0d241c90 100644 --- a/nixos/modules/services/x11/window-managers/notion.nix +++ b/nixos/modules/services/x11/window-managers/notion.nix @@ -8,13 +8,7 @@ in { options = { - services.xserver.windowManager.notion = { - enable = mkOption { - default = false; - example = true; - description = "Enable the notion tiling window manager."; - }; - }; + services.xserver.windowManager.notion.enable = mkEnableOption "notion"; }; config = mkIf cfg.enable { diff --git a/nixos/modules/services/x11/window-managers/openbox.nix b/nixos/modules/services/x11/window-managers/openbox.nix index 8fc759dda68a..091b533b28be 100644 --- a/nixos/modules/services/x11/window-managers/openbox.nix +++ b/nixos/modules/services/x11/window-managers/openbox.nix @@ -1,5 +1,6 @@ {lib, pkgs, config, ...}: +with lib; let inherit (lib) mkOption mkIf; cfg = config.services.xserver.windowManager.openbox; @@ -7,13 +8,7 @@ in { options = { - services.xserver.windowManager.openbox = { - enable = mkOption { - default = false; - example = true; - description = "Enable the Openbox window manager."; - }; - }; + services.xserver.windowManager.openbox.enable = mkEnableOption "oroborus"; }; config = mkIf cfg.enable { diff --git a/nixos/modules/services/x11/window-managers/ratpoison.nix b/nixos/modules/services/x11/window-managers/ratpoison.nix index c203c35cd1b7..0d58481d4579 100644 --- a/nixos/modules/services/x11/window-managers/ratpoison.nix +++ b/nixos/modules/services/x11/window-managers/ratpoison.nix @@ -8,10 +8,7 @@ in { ###### interface options = { - services.xserver.windowManager.ratpoison.enable = mkOption { - default = false; - description = "Enable the Ratpoison window manager."; - }; + services.xserver.windowManager.ratpoison.enable = mkEnableOption "ratpoison"; }; ###### implementation diff --git a/nixos/modules/services/x11/window-managers/sawfish.nix b/nixos/modules/services/x11/window-managers/sawfish.nix index 74a119260208..b988b5e1829e 100644 --- a/nixos/modules/services/x11/window-managers/sawfish.nix +++ b/nixos/modules/services/x11/window-managers/sawfish.nix @@ -8,10 +8,7 @@ in { ###### interface options = { - services.xserver.windowManager.sawfish.enable = mkOption { - default = false; - description = "Enable the Sawfish window manager."; - }; + services.xserver.windowManager.sawfish.enable = mkEnableOption "sawfish"; }; ###### implementation diff --git a/nixos/modules/services/x11/window-managers/spectrwm.nix b/nixos/modules/services/x11/window-managers/spectrwm.nix index 5db6b41ba8fd..a1dc298d2426 100644 --- a/nixos/modules/services/x11/window-managers/spectrwm.nix +++ b/nixos/modules/services/x11/window-managers/spectrwm.nix @@ -9,13 +9,7 @@ in { options = { - services.xserver.windowManager.spectrwm = { - enable = mkOption { - default = false; - example = true; - description = "Enable the spectrwm window manager."; - }; - }; + services.xserver.windowManager.spectrwm.enable = mkEnableOption "spectrwm"; }; config = mkIf cfg.enable { diff --git a/nixos/modules/services/x11/window-managers/stumpwm.nix b/nixos/modules/services/x11/window-managers/stumpwm.nix index eb7b8665f23c..3d3f2e0028c0 100644 --- a/nixos/modules/services/x11/window-managers/stumpwm.nix +++ b/nixos/modules/services/x11/window-managers/stumpwm.nix @@ -8,14 +8,7 @@ in { options = { - services.xserver.windowManager.stumpwm = { - enable = mkOption { - type = types.bool; - default = false; - example = true; - description = "Enable the stumpwm tiling window manager."; - }; - }; + services.xserver.windowManager.stumpwm.enable = mkEnableOption "stumpwm"; }; config = mkIf cfg.enable { diff --git a/nixos/modules/services/x11/window-managers/twm.nix b/nixos/modules/services/x11/window-managers/twm.nix index 684b34c2f246..fc09901aae3b 100644 --- a/nixos/modules/services/x11/window-managers/twm.nix +++ b/nixos/modules/services/x11/window-managers/twm.nix @@ -13,12 +13,7 @@ in ###### interface options = { - - services.xserver.windowManager.twm.enable = mkOption { - default = false; - description = "Enable the twm window manager."; - }; - + services.xserver.windowManager.twm.enable = mkEnableOption "twm"; }; diff --git a/nixos/modules/services/x11/window-managers/windowmaker.nix b/nixos/modules/services/x11/window-managers/windowmaker.nix index 27cedb7da0ca..b62723758056 100644 --- a/nixos/modules/services/x11/window-managers/windowmaker.nix +++ b/nixos/modules/services/x11/window-managers/windowmaker.nix @@ -8,10 +8,7 @@ in { ###### interface options = { - services.xserver.windowManager.windowmaker.enable = mkOption { - default = false; - description = "Enable the Windowmaker window manager."; - }; + services.xserver.windowManager.windowmaker.enable = mkEnableOption "windowmaker"; }; ###### implementation diff --git a/nixos/modules/services/x11/window-managers/wmii.nix b/nixos/modules/services/x11/window-managers/wmii.nix index e6f534a1be66..30c8df782245 100644 --- a/nixos/modules/services/x11/window-managers/wmii.nix +++ b/nixos/modules/services/x11/window-managers/wmii.nix @@ -1,5 +1,6 @@ -{ config, lib, pkgs, options, modulesPath }: +{ config, lib, pkgs, options, modulesPath, ... }: +with lib; let inherit (lib) mkOption mkIf singleton; cfg = config.services.xserver.windowManager.wmii; @@ -7,11 +8,7 @@ let in { options = { - services.xserver.windowManager.wmii.enable = mkOption { - default = false; - example = true; - description = "Enable the wmii window manager."; - }; + services.xserver.windowManager.wmii.enable = mkEnableOption "wmii"; }; config = mkIf cfg.enable { diff --git a/nixos/modules/services/x11/window-managers/xmonad.nix b/nixos/modules/services/x11/window-managers/xmonad.nix index 288800d514d3..6af88d4f645b 100644 --- a/nixos/modules/services/x11/window-managers/xmonad.nix +++ b/nixos/modules/services/x11/window-managers/xmonad.nix @@ -1,5 +1,6 @@ {pkgs, lib, config, ...}: +with lib; let inherit (lib) mkOption mkIf optionals literalExample; cfg = config.services.xserver.windowManager.xmonad; @@ -13,12 +14,7 @@ in { options = { services.xserver.windowManager.xmonad = { - enable = mkOption { - default = false; - example = true; - description = "Enable the xmonad window manager."; - }; - + enable = mkEnableOption "xmonad"; haskellPackages = mkOption { default = pkgs.haskellPackages; defaultText = "pkgs.haskellPackages"; diff --git a/nixos/modules/system/boot/loader/grub/grub.nix b/nixos/modules/system/boot/loader/grub/grub.nix index 5f09e937537f..87dbbd7cd51f 100644 --- a/nixos/modules/system/boot/loader/grub/grub.nix +++ b/nixos/modules/system/boot/loader/grub/grub.nix @@ -470,7 +470,7 @@ in ] ++ flip concatMap cfg.mirroredBoots (args: [ { assertion = args.devices != [ ]; - message = "A boot path cannot have an empty devices string in ${arg.path}"; + message = "A boot path cannot have an empty devices string in ${args.path}"; } { assertion = hasPrefix "/" args.path; diff --git a/nixos/modules/system/boot/systemd.nix b/nixos/modules/system/boot/systemd.nix index d145baeebe93..826368e711ad 100644 --- a/nixos/modules/system/boot/systemd.nix +++ b/nixos/modules/system/boot/systemd.nix @@ -148,6 +148,12 @@ let # Misc. "systemd-sysctl.service" + "dbus-org.freedesktop.timedate1.service" + "dbus-org.freedesktop.locale1.service" + "dbus-org.freedesktop.hostname1.service" + "systemd-timedated.service" + "systemd-localed.service" + "systemd-hostnamed.service" ] ++ cfg.additionalUpstreamSystemUnits; diff --git a/nixos/modules/tasks/kbd.nix b/nixos/modules/tasks/kbd.nix index 5969da7062b6..e36e9f85f1e3 100644 --- a/nixos/modules/tasks/kbd.nix +++ b/nixos/modules/tasks/kbd.nix @@ -56,6 +56,8 @@ in # it has a restart trigger. systemd.services."systemd-vconsole-setup" = { wantedBy = [ "multi-user.target" ]; + before = [ "display-manager.service" ]; + after = [ "systemd-udev-settle.service" ]; restartTriggers = [ vconsoleConf ]; }; diff --git a/nixos/modules/virtualisation/azure-agent.nix b/nixos/modules/virtualisation/azure-agent.nix new file mode 100644 index 000000000000..e657cc519396 --- /dev/null +++ b/nixos/modules/virtualisation/azure-agent.nix @@ -0,0 +1,170 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + + cfg = config.virtualisation.azure.agent; + + waagent = with pkgs; stdenv.mkDerivation rec { + name = "waagent-2.0"; + src = pkgs.fetchgit { + url = https://github.com/Phreedom/WALinuxAgent.git; + rev = "9dba81c7b1239c7971ec96e405e403c7cd224e6b"; + sha256 = "0khxk3ns3z37v26f2qj6m3m698a0vqpc9bxg5p7fyr3xza5gzwhs"; + }; + buildInputs = [ makeWrapper python pythonPackages.wrapPython ]; + runtimeDeps = [ findutils gnugrep gawk coreutils openssl openssh + nettools # for hostname + procps # for pidof + shadow # for useradd, usermod + utillinux # for (u)mount, fdisk, sfdisk, mkswap + parted + ]; + pythonPath = [ pythonPackages.pyasn1 ]; + + configurePhase = false; + buildPhase = false; + + installPhase = '' + substituteInPlace config/99-azure-product-uuid.rules \ + --replace /bin/chmod "${coreutils}/bin/chmod" + mkdir -p $out/lib/udev/rules.d + cp config/*.rules $out/lib/udev/rules.d + + mkdir -p $out/bin + cp waagent $out/bin/ + chmod +x $out/bin/waagent + + wrapProgram "$out/bin/waagent" \ + --prefix PYTHONPATH : $PYTHONPATH \ + --prefix PATH : "${makeSearchPath "bin" runtimeDeps}" + ''; + }; + + provisionedHook = pkgs.writeScript "provisioned-hook" '' + #!${pkgs.stdenv.shell} + ${config.systemd.package}/bin/systemctl start provisioned.target + ''; + +in + +{ + + ###### interface + + options.virtualisation.azure.agent.enable = mkOption { + default = false; + description = "Whether to enable the Windows Azure Linux Agent."; + }; + + ###### implementation + + config = mkIf cfg.enable { + assertions = [ { + assertion = pkgs.stdenv.isi686 || pkgs.stdenv.isx86_64; + message = "Azure not currently supported on ${pkgs.stdenv.system}"; + } { + assertion = config.networking.networkmanager.enable == false; + message = "Windows Azure Linux Agent is not compatible with NetworkManager"; + } ]; + + boot.initrd.kernelModules = [ "ata_piix" ]; + networking.firewall.allowedUDPPorts = [ 68 ]; + + + environment.etc."waagent.conf".text = '' + # + # Windows Azure Linux Agent Configuration + # + + Role.StateConsumer=${provisionedHook} + + # Enable instance creation + Provisioning.Enabled=y + + # Password authentication for root account will be unavailable. + Provisioning.DeleteRootPassword=n + + # Generate fresh host key pair. + Provisioning.RegenerateSshHostKeyPair=y + + # Supported values are "rsa", "dsa" and "ecdsa". + Provisioning.SshHostKeyPairType=ed25519 + + # Monitor host name changes and publish changes via DHCP requests. + Provisioning.MonitorHostName=y + + # Decode CustomData from Base64. + Provisioning.DecodeCustomData=n + + # Execute CustomData after provisioning. + Provisioning.ExecuteCustomData=n + + # Format if unformatted. If 'n', resource disk will not be mounted. + ResourceDisk.Format=y + + # File system on the resource disk + # Typically ext3 or ext4. FreeBSD images should use 'ufs2' here. + ResourceDisk.Filesystem=ext4 + + # Mount point for the resource disk + ResourceDisk.MountPoint=/mnt/resource + + # Respond to load balancer probes if requested by Windows Azure. + LBProbeResponder=y + + # Enable logging to serial console (y|n) + # When stdout is not enough... + # 'y' if not set + Logs.Console=y + + # Enable verbose logging (y|n) + Logs.Verbose=n + + # Root device timeout in seconds. + OS.RootDeviceScsiTimeout=300 + ''; + + services.udev.packages = [ waagent ]; + + networking.dhcpcd.persistent = true; + + services.logrotate = { + enable = true; + config = '' + /var/log/waagent.log { + compress + monthly + rotate 6 + notifempty + missingok + } + ''; + }; + + systemd.targets.provisioned = { + description = "Services Requiring Azure VM provisioning to have finished"; + wantedBy = [ "sshd.service" ]; + before = [ "sshd.service" ]; + }; + + + systemd.services.waagent = { + wantedBy = [ "sshd.service" ]; + before = [ "sshd.service" ]; + after = [ "ip-up.target" ]; + wants = [ "ip-up.target" ]; + + path = [ pkgs.e2fsprogs ]; + description = "Windows Azure Agent Service"; + unitConfig.ConditionPathExists = "/etc/waagent.conf"; + serviceConfig = { + ExecStart = "${waagent}/bin/waagent -daemon"; + Type = "simple"; + }; + }; + + }; + +} diff --git a/nixos/modules/virtualisation/azure-common.nix b/nixos/modules/virtualisation/azure-common.nix index 47022c6887c3..eedf115ee150 100644 --- a/nixos/modules/virtualisation/azure-common.nix +++ b/nixos/modules/virtualisation/azure-common.nix @@ -4,6 +4,9 @@ with lib; { imports = [ ../profiles/headless.nix ]; + require = [ ./azure-agent.nix ]; + virtualisation.azure.agent.enable = true; + boot.kernelParams = [ "console=ttyS0" "earlyprintk=ttyS0" "rootdelay=300" "panic=1" "boot.panic_on_fail" ]; boot.initrd.kernelModules = [ "hv_vmbus" "hv_netvsc" "hv_utils" "hv_storvsc" ]; diff --git a/nixos/modules/virtualisation/azure-image.nix b/nixos/modules/virtualisation/azure-image.nix index 1013396c0498..024be4a51163 100644 --- a/nixos/modules/virtualisation/azure-image.nix +++ b/nixos/modules/virtualisation/azure-image.nix @@ -98,8 +98,8 @@ in systemd.services.fetch-ssh-keys = { description = "Fetch host keys and authorized_keys for root user"; - wantedBy = [ "sshd.service" ]; - before = [ "sshd.service" ]; + wantedBy = [ "sshd.service" "waagent.service" ]; + before = [ "sshd.service" "waagent.service" ]; after = [ "local-fs.target" ]; path = [ pkgs.coreutils ]; @@ -108,14 +108,14 @@ in eval "$(base64 --decode /metadata/CustomData.bin)" if ! [ -z "$ssh_host_ecdsa_key" ]; then echo "downloaded ssh_host_ecdsa_key" - echo "$ssh_host_ecdsa_key" > /etc/ssh/ssh_host_ecdsa_key - chmod 600 /etc/ssh/ssh_host_ecdsa_key + echo "$ssh_host_ecdsa_key" > /etc/ssh/ssh_host_ed25519_key + chmod 600 /etc/ssh/ssh_host_ed25519_key fi if ! [ -z "$ssh_host_ecdsa_key_pub" ]; then echo "downloaded ssh_host_ecdsa_key_pub" - echo "$ssh_host_ecdsa_key_pub" > /etc/ssh/ssh_host_ecdsa_key.pub - chmod 644 /etc/ssh/ssh_host_ecdsa_key.pub + echo "$ssh_host_ecdsa_key_pub" > /etc/ssh/ssh_host_ed25519_key.pub + chmod 644 /etc/ssh/ssh_host_ed25519_key.pub fi if ! [ -z "$ssh_root_auth_key" ]; then diff --git a/nixos/modules/virtualisation/nova-image.nix b/nixos/modules/virtualisation/nova-image.nix index 44c83aee2732..13e36e7888b5 100644 --- a/nixos/modules/virtualisation/nova-image.nix +++ b/nixos/modules/virtualisation/nova-image.nix @@ -21,7 +21,6 @@ with lib; imports = [ ../profiles/qemu-guest.nix ../profiles/headless.nix - ./ec2-data.nix ]; fileSystems."/".device = "/dev/disk/by-label/nixos"; diff --git a/nixos/modules/virtualisation/rkt.nix b/nixos/modules/virtualisation/rkt.nix new file mode 100644 index 000000000000..7b4d46e0749e --- /dev/null +++ b/nixos/modules/virtualisation/rkt.nix @@ -0,0 +1,62 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.virtualisation.rkt; +in +{ + options.virtualisation.rkt = { + enable = mkEnableOption "rkt metadata service"; + + gc = { + automatic = mkOption { + default = true; + type = types.bool; + description = "Automatically run the garbage collector at a specific time."; + }; + + dates = mkOption { + default = "03:15"; + type = types.str; + description = '' + Specification (in the format described by + <citerefentry><refentrytitle>systemd.time</refentrytitle> + <manvolnum>5</manvolnum></citerefentry>) of the time at + which the garbage collector will run. + ''; + }; + + options = mkOption { + default = "--grace-period=24h"; + type = types.str; + description = '' + Options given to <filename>rkt gc</filename> when the + garbage collector is run automatically. + ''; + }; + }; + }; + + config = mkIf cfg.enable { + environment.systemPackages = [ pkgs.rkt ]; + + systemd.services.rkt = { + description = "rkt metadata service"; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + serviceConfig = { + ExecStart = "${pkgs.rkt}/bin/rkt metadata-service"; + }; + }; + + systemd.services.rkt-gc = { + description = "rkt garbage collection"; + startAt = optionalString cfg.gc.automatic cfg.gc.dates; + serviceConfig = { + Type = "oneshot"; + ExecStart = "${pkgs.rkt}/bin/rkt gc ${cfg.gc.options}"; + }; + }; + }; +} diff --git a/nixos/release-combined.nix b/nixos/release-combined.nix index 4dc221dba68b..9a2a77b31554 100644 --- a/nixos/release-combined.nix +++ b/nixos/release-combined.nix @@ -83,6 +83,7 @@ in rec { (all nixos.tests.openssh) (all nixos.tests.printing) (all nixos.tests.proxy) + (all nixos.tests.sddm) (all nixos.tests.simple) (all nixos.tests.udisks2) (all nixos.tests.xfce) diff --git a/nixos/release.nix b/nixos/release.nix index f0df3fe3e1ef..b5ac97b3b94f 100644 --- a/nixos/release.nix +++ b/nixos/release.nix @@ -283,9 +283,11 @@ in rec { tests.peerflix = callTest tests/peerflix.nix {}; tests.printing = callTest tests/printing.nix {}; tests.proxy = callTest tests/proxy.nix {}; + tests.pumpio = callTest tests/pump.io.nix {}; tests.quake3 = callTest tests/quake3.nix {}; tests.runInMachine = callTest tests/run-in-machine.nix {}; tests.sddm = callTest tests/sddm.nix {}; + tests.sddm-kde5 = callTest tests/sddm-kde5.nix {}; tests.simple = callTest tests/simple.nix {}; tests.tomcat = callTest tests/tomcat.nix {}; tests.udisks2 = callTest tests/udisks2.nix {}; diff --git a/nixos/tests/chromium.nix b/nixos/tests/chromium.nix index 213dd4ca43b3..1d1e12d0ee39 100644 --- a/nixos/tests/chromium.nix +++ b/nixos/tests/chromium.nix @@ -26,8 +26,8 @@ import ./make-test.nix ( </head> <body onload="javascript:document.title='startup done'"> <img src="file://${pkgs.fetchurl { - url = "http://nixos.org/logo/nixos.svg"; - sha256 = "0p2iaqcx2cj24xqycfw1pi4i5461gnn0034lafpi99ph435x6z68"; + url = "http://nixos.org/logo/nixos-hex.svg"; + sha256 = "0wxpp65npdw2cg8m0cxc9qff1sb3b478cxpg1741d8951g948rg8"; }}" /> </body> </html> diff --git a/nixos/tests/cjdns.nix b/nixos/tests/cjdns.nix index 2cae63fdda44..f61c82b916ad 100644 --- a/nixos/tests/cjdns.nix +++ b/nixos/tests/cjdns.nix @@ -25,7 +25,7 @@ in import ./make-test.nix ({ pkgs, ...} : { name = "cjdns"; meta = with pkgs.stdenv.lib.maintainers; { - maintainers = [ emery ]; + maintainers = [ ehmry ]; }; nodes = rec @@ -122,4 +122,4 @@ import ./make-test.nix ({ pkgs, ...} : { $bob->succeed("curl --fail -g http://[$aliceIp6]"); ''; -}) \ No newline at end of file +}) diff --git a/nixos/tests/installer.nix b/nixos/tests/installer.nix index b2e1abc26eec..c59b97a66e4d 100644 --- a/nixos/tests/installer.nix +++ b/nixos/tests/installer.nix @@ -171,7 +171,7 @@ let ]; virtualisation.diskSize = 8 * 1024; - virtualisation.memorySize = 768; + virtualisation.memorySize = 1024; virtualisation.writableStore = true; # Use a small /dev/vdb as the root disk for the diff --git a/nixos/tests/misc.nix b/nixos/tests/misc.nix index ecec89226d66..6297452df95e 100644 --- a/nixos/tests/misc.nix +++ b/nixos/tests/misc.nix @@ -80,6 +80,7 @@ import ./make-test.nix ({ pkgs, ...} : { }; # Test whether systemd-udevd automatically loads modules for our hardware. + $machine->succeed("systemctl start systemd-udev-settle.service"); subtest "udev-auto-load", sub { $machine->waitForUnit('systemd-udev-settle.service'); $machine->succeed('lsmod | grep psmouse'); diff --git a/nixos/tests/pump.io.nix b/nixos/tests/pump.io.nix new file mode 100644 index 000000000000..89fa23c3336e --- /dev/null +++ b/nixos/tests/pump.io.nix @@ -0,0 +1,94 @@ +# This test runs pump.io with mongodb, listing on port 443. + +import ./make-test.nix ({ pkgs, ...} : let + snakeOilKey = '' + -----BEGIN PRIVATE KEY----- + MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCqVemio78R41Tz + MnR2zFD/wFT0iScOpFkuytNmuPf28FLaa9wSBWmuAGbEi7wBIfw8/bUqFBTQp2G1 + m1cmcCKxhmvvOkGs89eM131s1lW/bXU3zYso4e7724kHwU65jRlQs6cFWIlmW7V5 + 3HQobP05dy+zPpujPPSlOQ0qYViR1s+RgZI8r0wS2ZDsliNtQwBLJSIvX6XVnXLo + F/HmF4/ySJ9pL2AxQXCwZE8SfCzHpArs9COIqTaAuwB79kxWSFQJewmab74BXiM6 + 9FMCtHON24Pl7OR9sRJHH8rMEzUumppmUeCNEzABjzQQ7svR18cmbzRWetp0tT9Y + 7rj6URHHAgMBAAECggEAGmbCldDnlrAzxJY3cwpsK5f2EwkHIr/aiuQpLCzTUlUh + onVBYRGxtaSeSSyXcV2BKTrxz5nZOBYZkPqI4Y5T8kwxgpz2/QW2jUABUtNN6yPe + HU4gma+bSTJX5PnTZ/M0z0tpQezdLx5b3I2M+48ZGMUegZvcp8qU6N8U6VK5VbFD + DMTGL4b+Kc9HScRkCJjU3FfQcqf9Ml5w9jzHSeHImYEDrG0nX8N8EImRCBXbgxCl + 5XT1h6LFUGdr+N6n2w56+6l8OZZVmwj1NdF6NJybUQl4Y7b0niA+5czzjRt/YUjZ + HW0fXmx3XlbYGWYdMdS+VaIW6pkUpm8kZkqjngqLwQKBgQDfhbFQmg9lsJQ8/dQZ + WzRNsozHKWkQiZbW5sXBWygJbAB3Hc8gvQkuZe9TVyF99cznRj6ro6pGZjP0rTdY + 3ACTL+ygRArcIR6VsJCIr6nPvBLpOoNb8TQeKPmHC2gnSP9zaT/K2lldYISKNaYQ + 0seB2gvZhIgMgWtZtmb3jdgl9wKBgQDDFdknXgvFgB+y96//9wTu2WWuE5yQ5yB7 + utAcHNO9rx5X1tJqxymYh+iE8HUN25By+96SpNMQFI+0wNGVB00YWNBKtyepimWN + EUCojTy+MIXIjrLcvviEePsI4TPWYf8XtZeiYtcczYrt/wPQUYaDb8LBRfpIfmhr + rCGW93s+sQKBgEDOKTeeQyKPjJsWWL01RTfVsZ04s155FcOeyu0heb0plAT1Ho12 + YUgTg8zc8Tfs4QiYxCjNXdvlW+Dvq6FWv8/s0CUzNRbXf1+U/oKys4AoHi+CqH0q + tJqd9KKjuwHQ10dl13n/znMVPbg4j7pG8lMCnfblxvAhQbeT+8yAUo/HAoGBAL3t + /n4KXNGK3NHDvXEp0H6t3wWsiEi3DPQJO+Wy1x8caCFCv5c/kaqz3tfWt0+njSm1 + N8tzdx13tzVWaHV8Jz3l8dxcFtxEJnxB6L5wy0urOAS7kT3DG3b1xgmuH2a//7fY + jumE60NahcER/2eIh7pdS7IZbAO6NfVmH0m4Zh/xAoGAbquh60sAfLC/1O2/4Xom + PHS7z2+TNpwu4ou3nspxfigNQcTWzzzTVFLnaTPg+HKbLRXSWysjssmmj5u3lCyc + S2M9xuhApa9CrN/udz4gEojRVsTla/gyLifIZ3CtTn2QEQiIJEMxM+59KAlkgUBo + 9BeZ03xTaEZfhVZ9bEN30Ak= + -----END PRIVATE KEY----- + ''; + + snakeOilCert = '' + -----BEGIN CERTIFICATE----- + MIICvjCCAaagAwIBAgIJANhA6+PPhomZMA0GCSqGSIb3DQEBCwUAMBcxFTATBgNV + BAMMDGIwOTM0YWMwYWZkNTAeFw0xNTExMzAxNzQ3MzVaFw0yNTExMjcxNzQ3MzVa + MBcxFTATBgNVBAMMDGIwOTM0YWMwYWZkNTCCASIwDQYJKoZIhvcNAQEBBQADggEP + ADCCAQoCggEBAKpV6aKjvxHjVPMydHbMUP/AVPSJJw6kWS7K02a49/bwUtpr3BIF + aa4AZsSLvAEh/Dz9tSoUFNCnYbWbVyZwIrGGa+86Qazz14zXfWzWVb9tdTfNiyjh + 7vvbiQfBTrmNGVCzpwVYiWZbtXncdChs/Tl3L7M+m6M89KU5DSphWJHWz5GBkjyv + TBLZkOyWI21DAEslIi9fpdWdcugX8eYXj/JIn2kvYDFBcLBkTxJ8LMekCuz0I4ip + NoC7AHv2TFZIVAl7CZpvvgFeIzr0UwK0c43bg+Xs5H2xEkcfyswTNS6ammZR4I0T + MAGPNBDuy9HXxyZvNFZ62nS1P1juuPpREccCAwEAAaMNMAswCQYDVR0TBAIwADAN + BgkqhkiG9w0BAQsFAAOCAQEAd2w9rxi6qF9WV8L3rHnTE7uu0ldtdgJlCASx6ouj + TleOnjfEg+kH8r8UbmRV5vsTDn1Qp5JGDYxfytRUQwLb1zTLde0xotx37E3LY8Wr + sD6Al4t8sHywB/hc5dy29TgG0iyG8LKZrkwytLvDZ814W3OwpN2rpEz6pdizdHNn + jsoDEngZiDHvLjIyE0cDkFXkeYMGXOnBUeOcu4nfu4C5eKs3nXGGAcNDbDRIuLoE + BZExUBY+YSs6JBvh5tvRqLVW0Dz0akEcjb/jhwS2LmDip8Pdoxx4Q1jPKEu38zrr + Vd5WD2HJhLb9u0UxVp9vfWIUDgydopV5ZmWCQ5YvNepb1w== + -----END CERTIFICATE----- + ''; + + makePump = { opts ? { } }: + { + enable = true; + sslCert = pkgs.writeText "snakeoil.cert" snakeOilCert; + sslKey = pkgs.writeText "snakeoil.pem" snakeOilKey; + secret = "test"; + site = "test"; + } // opts; + +in { + name = "pumpio"; + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ rvl ]; + }; + + nodes = { + one = + { config, pkgs, ... }: + { + services = { + pumpio = makePump { opts = { + port = 443; + }; }; + mongodb.enable = true; + mongodb.extraConfig = '' + nojournal = true + ''; + }; + systemd.services.mongodb.unitConfig.Before = "pump.io.service"; + systemd.services.mongodb.unitConfig.RequiredBy = "pump.io.service"; + }; + }; + + testScript = '' + startAll; + + $one->waitForUnit("pump.io.service"); + $one->waitUntilSucceeds("curl -k https://localhost"); + ''; +}) diff --git a/nixos/tests/sddm-kde5.nix b/nixos/tests/sddm-kde5.nix new file mode 100644 index 000000000000..476cb732e252 --- /dev/null +++ b/nixos/tests/sddm-kde5.nix @@ -0,0 +1,29 @@ +import ./make-test.nix ({ pkgs, ...} : { + name = "sddm"; + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ ttuegel ]; + }; + + machine = { lib, ... }: { + imports = [ ./common/user-account.nix ]; + services.xserver.enable = true; + services.xserver.displayManager.sddm = { + enable = true; + autoLogin = { + enable = true; + user = "alice"; + }; + }; + services.xserver.windowManager.default = "icewm"; + services.xserver.windowManager.icewm.enable = true; + services.xserver.desktopManager.default = "none"; + services.xserver.desktopManager.kde5.enable = true; + }; + + enableOCR = true; + + testScript = { nodes, ... }: '' + startAll; + $machine->waitForWindow("^IceWM "); + ''; +}) |