diff options
38 files changed, 544 insertions, 100 deletions
diff --git a/modules/config/networking.nix b/modules/config/networking.nix index 757bb9e85e0c..a91ce9c59e26 100644 --- a/modules/config/networking.nix +++ b/modules/config/networking.nix @@ -68,6 +68,9 @@ in # Invalidate the nscd cache whenever resolv.conf is # regenerated. libc_restart='${pkgs.systemd}/bin/systemctl start invalidate-nscd.service' + '' + optionalString config.services.bind.enable '' + # This hosts runs a full-blown DNS resolver. + name_servers='127.0.0.1' '' ); target = "resolvconf.conf"; } diff --git a/modules/config/shells.nix b/modules/config/shells.nix index 6286223752a9..b0a946a8e6ec 100644 --- a/modules/config/shells.nix +++ b/modules/config/shells.nix @@ -13,6 +13,7 @@ with pkgs.lib; { target = "shells"; source = pkgs.writeText "shells" '' + /run/current-system/sw/bin/bash /var/run/current-system/sw/bin/bash /bin/sh ''; diff --git a/modules/config/system-path.nix b/modules/config/system-path.nix index 7651f4760ca7..3969be680980 100644 --- a/modules/config/system-path.nix +++ b/modules/config/system-path.nix @@ -1,5 +1,5 @@ # This module defines the packages that appear in -# /var/run/current-system/sw. +# /run/current-system/sw. { config, pkgs, ... }: @@ -64,7 +64,7 @@ let example = "[ pkgs.icecat3 pkgs.thunderbird ]"; description = '' The set of packages that appear in - /var/run/current-system/sw. These packages are + /run/current-system/sw. These packages are automatically available to all users, and are automatically updated every time you rebuild the system configuration. (The latter is the main difference with @@ -79,7 +79,7 @@ let default = []; example = ["/"]; description = " - Lists directories to be symlinked in `/var/run/current-system/sw'. + Lists directories to be symlinked in `/run/current-system/sw'. "; }; }; diff --git a/modules/config/timezone.nix b/modules/config/timezone.nix index 5dcf38c462d4..38c698bc21c0 100644 --- a/modules/config/timezone.nix +++ b/modules/config/timezone.nix @@ -5,13 +5,21 @@ with pkgs.lib; { options = { - time.timeZone = mkOption { - default = "CET"; - type = with types; uniq string; - example = "America/New_York"; - description = "The time zone used when displaying times and dates."; - }; + time = { + + timeZone = mkOption { + default = "CET"; + type = with types; uniq string; + example = "America/New_York"; + description = "The time zone used when displaying times and dates."; + }; + hardwareClockInLocalTime = mkOption { + default = false; + description = "If set, keep the hardware clock in local time instead of UTC."; + }; + + }; }; config = { diff --git a/modules/config/users-groups.nix b/modules/config/users-groups.nix index beb217346522..598d68eb91db 100644 --- a/modules/config/users-groups.nix +++ b/modules/config/users-groups.nix @@ -48,7 +48,7 @@ let shell = mkOption { type = with types; uniq string; - default = "/var/run/current-system/sw/sbin/nologin"; + default = "/run/current-system/sw/sbin/nologin"; description = "The path to the user's shell."; }; diff --git a/modules/hardware/network/b43.nix b/modules/hardware/network/b43.nix new file mode 100644 index 000000000000..077e0a1e11ec --- /dev/null +++ b/modules/hardware/network/b43.nix @@ -0,0 +1,30 @@ +{pkgs, config, ...}: + +let kernelVersion = config.boot.kernelPackages.kernel.version; in + +{ + + ###### interface + + options = { + + networking.enableB43Firmware = pkgs.lib.mkOption { + default = false; + type = pkgs.lib.types.bool; + description = '' + Turn on this option if you want firmware for the NICs supported by the b43 module. + ''; + }; + + }; + + + ###### implementation + + config = pkgs.lib.mkIf config.networking.enableB43Firmware { + hardware.firmware = if builtins.lessThan (builtins.compareVersions kernelVersion "3.2") 0 then + throw "b43 firmware for kernels older than 3.2 not packaged yet!" else + [ pkgs.b43Firmware_5_1_138 ]; + }; + +} diff --git a/modules/installer/cd-dvd/iso-image.nix b/modules/installer/cd-dvd/iso-image.nix index cf76151c2ae2..c1094daa49fa 100644 --- a/modules/installer/cd-dvd/iso-image.nix +++ b/modules/installer/cd-dvd/iso-image.nix @@ -122,12 +122,12 @@ let efiShell = if pkgs.stdenv.isi686 then pkgs.fetchurl { url = "https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2/EdkShellBinPkg/FullShell/Ia32/Shell_Full.efi"; - sha256 = "0ymm3mbbwx9f6cq0bp2nr7ikyagxgsg4sjs5q1s4xbnms27slwjq"; + sha256 = "1gv6kyaspczdp7x8qnx5x76ilriaygkfs99ay7ihhdi6riclkhfl"; } else pkgs.fetchurl { url = "https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2/EdkShellBinPkg/FullShell/X64/Shell_Full.efi"; - sha256 = "1xchy8a05mgqzr82mmahdni0jbxsz6xf6vm2bg1bch9i6l72qgmh"; + sha256 = "1g18z84rlavxr5gsrh2g942rfr6znv9fs3fqww5m7dhmnysgyv8p"; }; # The efi boot image @@ -312,7 +312,7 @@ in # nixos-rebuild also requires a "system" profile and an # /etc/NIXOS tag. touch /etc/NIXOS - ${config.environment.nix}/bin/nix-env -p /nix/var/nix/profiles/system --set /var/run/current-system + ${config.environment.nix}/bin/nix-env -p /nix/var/nix/profiles/system --set /run/current-system ''; # Add vfat support to the initrd to enable people to copy the diff --git a/modules/installer/cd-dvd/system-tarball.nix b/modules/installer/cd-dvd/system-tarball.nix index daffb94bc532..e0cbfd6e7131 100644 --- a/modules/installer/cd-dvd/system-tarball.nix +++ b/modules/installer/cd-dvd/system-tarball.nix @@ -50,7 +50,7 @@ in # script and the top-level system configuration directory. tarball.storeContents = [ { object = config.system.build.toplevel; - symlink = "/var/run/current-system"; + symlink = "/run/current-system"; } ]; @@ -87,6 +87,6 @@ in # nixos-rebuild also requires a "system" profile and an # /etc/NIXOS tag. touch /etc/NIXOS - ${config.environment.nix}/bin/nix-env -p /nix/var/nix/profiles/system --set /var/run/current-system + ${config.environment.nix}/bin/nix-env -p /nix/var/nix/profiles/system --set /run/current-system ''; } diff --git a/modules/installer/efi-boot-stub/efi-boot-stub.nix b/modules/installer/efi-boot-stub/efi-boot-stub.nix index c12078e2a913..1ca3cb0001eb 100644 --- a/modules/installer/efi-boot-stub/efi-boot-stub.nix +++ b/modules/installer/efi-boot-stub/efi-boot-stub.nix @@ -90,12 +90,12 @@ let if pkgs.stdenv.isi686 then pkgs.fetchurl { url = "https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2/EdkShellBinPkg/FullShell/Ia32/Shell_Full.efi"; - sha256 = "0ymm3mbbwx9f6cq0bp2nr7ikyagxgsg4sjs5q1s4xbnms27slwjq"; + sha256 = "1gv6kyaspczdp7x8qnx5x76ilriaygkfs99ay7ihhdi6riclkhfl"; } else pkgs.fetchurl { url = "https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2/EdkShellBinPkg/FullShell/X64/Shell_Full.efi"; - sha256 = "1xchy8a05mgqzr82mmahdni0jbxsz6xf6vm2bg1bch9i6l72qgmh"; + sha256 = "1g18z84rlavxr5gsrh2g942rfr6znv9fs3fqww5m7dhmnysgyv8p"; } else null; diff --git a/modules/installer/tools/nixos-rebuild.sh b/modules/installer/tools/nixos-rebuild.sh index 22aa847e192e..72661cf47735 100644 --- a/modules/installer/tools/nixos-rebuild.sh +++ b/modules/installer/tools/nixos-rebuild.sh @@ -128,8 +128,7 @@ if [ -n "$pullManifest" -o "$action" = pull ]; then set -o pipefail manifests=$(nix-instantiate --eval-only --xml --strict '<nixos>' -A manifests \ | grep '<string' | sed 's^.*"\(.*\)".*^\1^g') - - set -o nopipefail + set +o pipefail if [ $? -ne 0 ]; then exit 1; fi mkdir -p /nix/var/nix/channel-cache diff --git a/modules/misc/crashdump.nix b/modules/misc/crashdump.nix index fff459c9ab43..973abfd93270 100644 --- a/modules/misc/crashdump.nix +++ b/modules/misc/crashdump.nix @@ -48,9 +48,9 @@ in config = mkIf crashdump.enable { boot = { postBootCommands = '' - ${pkgs.kexectools}/sbin/kexec -p /var/run/current-system/kernel \ - --initrd=/var/run/current-system/initrd \ - --append="init=$(readlink -f /var/run/current-system/init) system=$(readlink -f /var/run/current-system) irqpoll maxcpus=1 reset_devices ${kernelParams}" --reset-vga --console-vga + ${pkgs.kexectools}/sbin/kexec -p /run/current-system/kernel \ + --initrd=/run/current-system/initrd \ + --append="init=$(readlink -f /run/current-system/init) system=$(readlink -f /run/current-system) irqpoll maxcpus=1 reset_devices ${kernelParams}" --reset-vga --console-vga ''; kernelParams = [ "crashkernel=64M" diff --git a/modules/misc/lib.nix b/modules/misc/lib.nix new file mode 100644 index 000000000000..18fc68a69883 --- /dev/null +++ b/modules/misc/lib.nix @@ -0,0 +1,15 @@ +{ config, pkgs, ... }: + +{ + options = { + lib = pkgs.lib.mkOption { + default = {}; + + type = pkgs.lib.types.attrsOf pkgs.lib.types.attrs; + + description = '' + This option allows modules to define helper functions, constants, etc. + ''; + }; + }; +} diff --git a/modules/module-list.nix b/modules/module-list.nix index 7bdc87e6a78f..1046233c9839 100644 --- a/modules/module-list.nix +++ b/modules/module-list.nix @@ -15,6 +15,7 @@ ./config/unix-odbc-drivers.nix ./config/users-groups.nix ./hardware/cpu/intel-microcode.nix + ./hardware/network/b43.nix ./hardware/network/intel-2100bg.nix ./hardware/network/intel-2200bg.nix ./hardware/network/intel-3945abg.nix @@ -34,6 +35,7 @@ ./misc/crashdump.nix ./misc/ids.nix ./misc/locate.nix + ./misc/lib.nix ./misc/nixpkgs.nix ./misc/passthru.nix ./misc/version.nix @@ -82,6 +84,7 @@ ./services/hardware/upower.nix #./services/logging/klogd.nix ./services/logging/logrotate.nix + ./services/logging/logstash.nix ./services/logging/syslogd.nix ./services/mail/dovecot.nix ./services/mail/dovecot2.nix diff --git a/modules/programs/bash/profile.sh b/modules/programs/bash/profile.sh index 3da860388b1f..1eef2a9e84a8 100644 --- a/modules/programs/bash/profile.sh +++ b/modules/programs/bash/profile.sh @@ -12,8 +12,8 @@ __ETC_PROFILE_SOURCED=1 export __ETC_PROFILE_DONE=1 # Initialise a bunch of environment variables. -export LOCALE_ARCHIVE=/var/run/current-system/sw/lib/locale/locale-archive -export LD_LIBRARY_PATH=/var/run/opengl-driver/lib:/var/run/opengl-driver-32/lib # !!! only set if needed +export LOCALE_ARCHIVE=/run/current-system/sw/lib/locale/locale-archive +export LD_LIBRARY_PATH=/run/opengl-driver/lib:/run/opengl-driver-32/lib # !!! only set if needed export NIXPKGS_CONFIG=/etc/nix/nixpkgs-config.nix export NIX_PATH=/nix/var/nix/profiles/per-user/root/channels/nixos:nixpkgs=/etc/nixos/nixpkgs:nixos=/etc/nixos/nixos:nixos-config=/etc/nixos/configuration.nix:services=/etc/nixos/services export PAGER="less -R" @@ -22,7 +22,7 @@ export LOCATE_PATH=/var/cache/locatedb # Include the various profiles in the appropriate environment variables. export NIX_USER_PROFILE_DIR=/nix/var/nix/profiles/per-user/$USER -export NIX_PROFILES="/var/run/current-system/sw /nix/var/nix/profiles/default $HOME/.nix-profile" +export NIX_PROFILES="/run/current-system/sw /nix/var/nix/profiles/default $HOME/.nix-profile" unset PATH INFOPATH PKG_CONFIG_PATH PERL5LIB ALSA_PLUGIN_DIRS GST_PLUGIN_PATH KDEDIRS unset QT_PLUGIN_PATH QTWEBKIT_PLUGIN_PATH STRIGI_PLUGIN_PATH XDG_CONFIG_DIRS XDG_DATA_DIRS diff --git a/modules/programs/shadow.nix b/modules/programs/shadow.nix index 3a348818a97c..137064bba851 100644 --- a/modules/programs/shadow.nix +++ b/modules/programs/shadow.nix @@ -21,6 +21,9 @@ let TTYGROUP tty TTYPERM 0620 + # Ensure privacy for newly created home directories. + UMASK 077 + # Uncomment this to allow non-root users to change their account #information. This should be made configurable. #CHFN_RESTRICT frwh @@ -35,7 +38,7 @@ in options = { users.defaultUserShell = pkgs.lib.mkOption { - default = "/var/run/current-system/sw/bin/bash"; + default = "/run/current-system/sw/bin/bash"; description = '' This option defines the default shell assigned to user accounts. This must not be a store path, since the path is diff --git a/modules/services/logging/klogd.nix b/modules/services/logging/klogd.nix index af21f9cc9594..907d83c7a6ac 100644 --- a/modules/services/logging/klogd.nix +++ b/modules/services/logging/klogd.nix @@ -13,7 +13,7 @@ exec = "klogd -c 1 -2 -n " + - "-k $(dirname $(readlink -f /var/run/booted-system/kernel))/System.map"; + "-k $(dirname $(readlink -f /run/booted-system/kernel))/System.map"; }; } diff --git a/modules/services/logging/logstash.nix b/modules/services/logging/logstash.nix new file mode 100644 index 000000000000..bb3b83dd230d --- /dev/null +++ b/modules/services/logging/logstash.nix @@ -0,0 +1,162 @@ +{ config, pkgs, ... }: + +with pkgs.lib; + +let + + cfg = config.services.logstash; + + listToConfig = list: "[ " + (concatStringsSep ", " (map exprToConfig list)) + " ]"; + + hashToConfig = attrs: + let + attrNameToConfigList = name: + [ (exprToConfig name) (exprToConfig (getAttr name attrs)) ]; + in + "[ " + + (concatStringsSep ", " (map attrNameToConfigList (attrNames attrs))) + + " ]"; + + valueToConfig = nvpair: let name = nvpair.name; value = nvpair.value; in + if (isAttrs value) && ((!(value ? __type)) || value.__type == "repeated") + then '' + ${name} { + ${exprToConfig value} + } + '' + else "${name} => ${exprToConfig value}"; + + repeatedAttrsToConfig = values: + concatStringsSep "\n" (map valueToConfig values); + + attrsToConfig = attrs: + let + attrToConfig = name: valueToConfig { + inherit name; + value = (getAttr name attrs); + }; + in + concatStringsSep "\n" (map attrToConfig (attrNames attrs)); + + exprToConfig = expr: + let + isCustomType = expr: (isAttrs expr) && (expr ? __type); + + isFloat = expr: (isCustomType expr) && (expr.__type == "float"); + + isHash = expr: (isCustomType expr) && (expr.__type == "hash"); + + isRepeatedAttrs = expr: (isCustomType expr) && (expr.__type == "repeated"); + in + if builtins.isBool expr then (if expr then "true" else "false") else + if builtins.isString expr then ''"${expr}"'' else + if builtins.isInt expr then toString expr else + if isFloat expr then expr.value else + if isList expr then listToConfig expr else + if isHash expr then hashToConfig expr.value else + if isRepeatedAttrs expr then repeatedAttrsToConfig expr.values + else attrsToConfig expr; + + mergeConfigs = configs: + let + op = attrs: newAttrs: + let + isRepeated = newAttrs ? __type && newAttrs.__type == "repeated"; + in { + values = attrs.values ++ (if isRepeated then newAttrs.values else + map (name: { inherit name; value = getAttr name newAttrs; }) + (attrNames newAttrs)); + }; + in (foldl op { values = []; } configs) // { __type = "repeated"; }; + +in + +{ + ###### interface + + options = { + services.logstash = { + enable = mkOption { + default = false; + description = '' + Enable logstash. + ''; + }; + + inputConfig = mkOption { + default = {}; + description = '' + An attribute set (or an expression generated by mkNameValuePairs) + representing a logstash configuration's input section. + Logstash configs are name-value pairs, where values can be bools, + strings, numbers, arrays, hashes, or other name-value pairs, + and names are strings that can be repeated. Name-value pairs with no + repeats are represented by attr sets. Bools, strings, ints, and + arrays are mapped directly. Name-value pairs with repeats can be + generated by the config.lib.logstash.mkNameValuePairs function, which + takes a list of attrsets and combines them while preserving attribute + name duplicates if they occur. Similarly, there are the mkFloat and + mkHash functions, which take a string representation of a float and an + attrset, respectively. + ''; + merge = mergeConfigs; + }; + + filterConfig = mkOption { + default = {}; + description = '' + An attribute set (or an expression generated by mkNameValuePairs) + representing a logstash configuration's filter section. + See inputConfig description for details. + ''; + merge = mergeConfigs; + }; + + outputConfig = mkOption { + default = {}; + description = '' + An attribute set (or an expression generated by mkNameValuePairs) + representing a logstash configuration's output section. + See inputConfig description for details. + ''; + merge = mergeConfigs; + }; + }; + }; + + + ###### implementation + + config = mkMerge [ { + lib.logstash = { + mkFloat = stringRep: { __type = "float"; value = stringRep; }; + + mkHash = attrs: { __type = "hash"; value = attrs; }; + + mkNameValuePairs = mergeConfigs; + }; + } ( mkIf cfg.enable { + # Always log to stdout + services.logstash.outputConfig = { stdout = {}; }; + + jobs.logstash = with pkgs; { + description = "Logstash daemon"; + + path = [ jre ]; + + script = "cd /tmp && exec java -jar ${logstash} agent -f ${writeText "logstash.conf" '' + input { + ${exprToConfig cfg.inputConfig} + } + + filter { + ${exprToConfig cfg.filterConfig} + } + + output { + ${exprToConfig cfg.outputConfig} + } + ''}"; + }; + })]; +} diff --git a/modules/services/misc/disnix.nix b/modules/services/misc/disnix.nix index 645e92c39df6..8d04c81ad681 100644 --- a/modules/services/misc/disnix.nix +++ b/modules/services/misc/disnix.nix @@ -130,7 +130,7 @@ in script = '' - export PATH=/var/run/current-system/sw/bin:/var/run/current-system/sw/sbin + export PATH=/run/current-system/sw/bin:/run/current-system/sw/sbin export HOME=/root ${pkgs.disnix}/bin/disnix-service --activation-modules-dir=${disnix_activation_scripts}/libexec/disnix/activation-scripts diff --git a/modules/services/monitoring/systemhealth.nix b/modules/services/monitoring/systemhealth.nix index 71389be5b2f0..0a3e666ad4e7 100644 --- a/modules/services/monitoring/systemhealth.nix +++ b/modules/services/monitoring/systemhealth.nix @@ -86,8 +86,8 @@ in [paths] rrdtool = ${pkgs.rrdtool}/bin/rrdtool loadavg_rrd = loadavg - ps = /var/run/current-system/sw/bin/ps - df = /var/run/current-system/sw/bin/df + ps = /run/current-system/sw/bin/ps + df = /run/current-system/sw/bin/df meminfo_rrd = meminfo uptime_rrd = uptime rrd_path = ${rrdDir} diff --git a/modules/services/network-filesystems/drbd.nix b/modules/services/network-filesystems/drbd.nix index 1c70d44f6bad..1a00ccab0a61 100644 --- a/modules/services/network-filesystems/drbd.nix +++ b/modules/services/network-filesystems/drbd.nix @@ -44,7 +44,7 @@ let cfg = config.services.drbd; in boot.extraModprobeConfig = '' - options drbd usermode_helper=/var/run/current-system/sw/sbin/drbdadm + options drbd usermode_helper=/run/current-system/sw/sbin/drbdadm ''; environment.etc = singleton diff --git a/modules/services/network-filesystems/samba.nix b/modules/services/network-filesystems/samba.nix index 7461d12d78b8..2cf4e8c11ff0 100644 --- a/modules/services/network-filesystems/samba.nix +++ b/modules/services/network-filesystems/samba.nix @@ -70,7 +70,7 @@ let environment = { LD_LIBRARY_PATH = nssModulesPath; TZ = config.time.timeZone; - LOCALE_ARCHIVE = "/var/run/current-system/sw/lib/locale/locale-archive"; + LOCALE_ARCHIVE = "/run/current-system/sw/lib/locale/locale-archive"; }; daemonType = "fork"; diff --git a/modules/services/networking/ssh/sshd.nix b/modules/services/networking/ssh/sshd.nix index 3bf4bf642fa5..d89978a852c0 100644 --- a/modules/services/networking/ssh/sshd.nix +++ b/modules/services/networking/ssh/sshd.nix @@ -92,7 +92,7 @@ let userLoop = flip concatMapStrings usersWithKeys (u: let authKeys = concatStringsSep "," u.openssh.authorizedKeys.keys; - authKeyFiles = concatStringsSep " " u.openssh.authorizedKeys.keyFiles; + authKeyFiles = concatStrings (map (x: " ${x}") u.openssh.authorizedKeys.keyFiles); preserveExisting = if u.openssh.authorizedKeys.preserveExistingKeys then "true" else "false"; in '' mkAuthKeysFile "${u.name}" "${authKeys}" "${authKeyFiles}" "${preserveExisting}" @@ -105,25 +105,34 @@ let local authKeyFiles="$3" local preserveExisting="$4" - eval authfile=~$userName/.ssh/authorized_keys - mkdir -p "$(dirname $authfile)" - touch "$authfile" + eval homeDir=~$userName + if ! [ -d "$homeDir" ]; then + echo "User $userName does not exist" + return + fi + if ! [ -d "$homeDir/.ssh" ]; then + mkdir -v -m 700 "$homeDir/.ssh" + chown "$userName":users "$homeDir/.ssh" + fi + local authKeysFile="$homeDir/.ssh/authorized_keys" + touch "$authKeysFile" if [ "$preserveExisting" == false ]; then - rm -f "$authfile" - echo "${marker2}" > "$authfile" + rm -f "$authKeysFile" + echo "${marker2}" > "$authKeysFile" else - sed -i '/${marker1}/ d' "$authfile" + sed -i '/${marker1}/ d' "$authKeysFile" fi IFS=, for f in $authKeys; do - echo "$f ${marker1}" >> "$authfile" + echo "$f ${marker1}" >> "$authKeysFile" done unset IFS for f in $authKeyFiles; do if [ -f "$f" ]; then - echo "$(cat "$f") ${marker1}" >> "$authfile" + echo "$(cat "$f") ${marker1}" >> "$authKeysFile" fi done + chown "$userName" "$authKeysFile" } ${userLoop} @@ -329,7 +338,7 @@ in path = [ pkgs.openssh ]; environment.LD_LIBRARY_PATH = nssModulesPath; - environment.LOCALE_ARCHIVE = "/var/run/current-system/sw/lib/locale/locale-archive"; + environment.LOCALE_ARCHIVE = "/run/current-system/sw/lib/locale/locale-archive"; preStart = '' diff --git a/modules/services/networking/wpa_supplicant.nix b/modules/services/networking/wpa_supplicant.nix index fe4fecaf0baf..5dc203fd177f 100644 --- a/modules/services/networking/wpa_supplicant.nix +++ b/modules/services/networking/wpa_supplicant.nix @@ -18,7 +18,7 @@ in ###### interface options = { - + networking.WLANInterface = mkOption { default = ""; description = "Obsolete. Use <option>networking.wireless.interfaces</option> instead."; @@ -44,7 +44,9 @@ in example = [ "wlan0" "wlan1" ]; description = '' The interfaces <command>wpa_supplicant</command> will use. If empty, it will - automatically use all wireless interfaces. + automatically use all wireless interfaces. (Note that auto-detection is currently + broken on Linux 3.4.x kernels. See http://github.com/NixOS/nixos/issues/10 for + further details.) ''; }; @@ -80,14 +82,14 @@ in ###### implementation - + config = mkIf cfg.enable { environment.systemPackages = [ pkgs.wpa_supplicant ]; services.dbus.packages = [ pkgs.wpa_supplicant ]; - jobs.wpa_supplicant = + jobs.wpa_supplicant = { startOn = "started network-interfaces"; stopOn = "stopping network-interfaces"; @@ -117,13 +119,13 @@ in exec wpa_supplicant -s -u ${optionalString (cfg.driver != "") "-D${cfg.driver}"} -c ${configFile} $ifaces ''; }; - + powerManagement.resumeCommands = '' ${config.system.build.upstart}/sbin/restart wpa_supplicant ''; - assertions = [{ assertion = !cfg.userControlled.enable || cfg.interfaces != []; + assertions = [{ assertion = !cfg.userControlled.enable || cfg.interfaces != []; message = "user controlled wpa_supplicant needs explicit networking.wireless.interfaces";}]; }; diff --git a/modules/services/scheduling/fcron.nix b/modules/services/scheduling/fcron.nix index 6d274bf59732..812af1edfc0d 100644 --- a/modules/services/scheduling/fcron.nix +++ b/modules/services/scheduling/fcron.nix @@ -87,7 +87,7 @@ in fcrondeny = /etc/fcron.deny shell = /bin/sh sendmail = /var/setuid-wrappers/sendmail - editor = /var/run/current-system/sw/bin/vi + editor = /run/current-system/sw/bin/vi ''; target = "fcron.conf"; mode = "0600"; # max allowed is 644 @@ -104,7 +104,7 @@ in startOn = "startup and filesystem"; environment = - { PATH = "/var/run/current-system/sw/bin"; + { PATH = "/run/current-system/sw/bin"; }; preStart = diff --git a/modules/services/ttys/agetty.nix b/modules/services/ttys/agetty.nix index 43ee81481bff..42d276c96664 100644 --- a/modules/services/ttys/agetty.nix +++ b/modules/services/ttys/agetty.nix @@ -72,7 +72,7 @@ with pkgs.lib; [Service] Environment=TERM=linux - Environment=LOCALE_ARCHIVE=/var/run/current-system/sw/lib/locale/locale-archive + Environment=LOCALE_ARCHIVE=/run/current-system/sw/lib/locale/locale-archive ExecStart=@${pkgs.utillinux}/sbin/agetty agetty --noclear --login-program ${pkgs.shadow}/bin/login %I 38400 Type=idle Restart=always diff --git a/modules/services/web-servers/apache-httpd/default.nix b/modules/services/web-servers/apache-httpd/default.nix index 259847d07261..ceb93cd8b016 100644 --- a/modules/services/web-servers/apache-httpd/default.nix +++ b/modules/services/web-servers/apache-httpd/default.nix @@ -6,7 +6,9 @@ let mainCfg = config.services.httpd; - httpd = pkgs.apacheHttpd; + httpd = pkgs.apacheHttpd.override { mpm = mainCfg.multiProcessingModule; }; + + php = pkgs.php.override { apacheHttpd = httpd; }; getPort = cfg: if cfg.port != 0 then cfg.port else if cfg.enableSSL then 443 else 80; @@ -105,10 +107,11 @@ let # Other modules. "ext_filter" "include" "log_config" "env" "mime_magic" "cern_meta" "expires" "headers" "usertrack" /* "unique_id" */ "setenvif" - "mime" "dav" "status" "autoindex" "asis" "info" "cgi" "dav_fs" + "mime" "dav" "status" "autoindex" "asis" "info" "dav_fs" "vhost_alias" "negotiation" "dir" "imagemap" "actions" "speling" "userdir" "alias" "rewrite" "proxy" "proxy_http" ] + ++ (if mainCfg.multiProcessingModule == "prefork" then [ "cgi" ] else [ "cgid" ]) ++ optional enableSSL "ssl" ++ extraApacheModules; @@ -283,6 +286,11 @@ let PidFile ${mainCfg.stateDir}/httpd.pid + ${optionalString (mainCfg.multiProcessingModule != "prefork") '' + # mod_cgid requires this. + ScriptSock ${mainCfg.stateDir}/cgisock + ''} + <IfModule prefork.c> MaxClients ${toString mainCfg.maxClients} MaxRequestsPerChild ${toString mainCfg.maxRequestsPerChild} @@ -302,7 +310,7 @@ let allModules = concatMap (svc: svc.extraModulesPre) allSubservices ++ map (name: {inherit name; path = "${httpd}/modules/mod_${name}.so";}) apacheModules - ++ optional enablePHP { name = "php5"; path = "${pkgs.php}/modules/libphp5.so"; } + ++ optional enablePHP { name = "php5"; path = "${php}/modules/libphp5.so"; } ++ concatMap (svc: svc.extraModules) allSubservices ++ extraForeignModules; in concatMapStrings load allModules @@ -373,7 +381,7 @@ let ([ mainCfg.phpOptions ] ++ (map (svc: svc.phpOptions) allSubservices)); } '' - cat ${pkgs.php}/etc/php-recommended.ini > $out + cat ${php}/etc/php-recommended.ini > $out echo "$options" >> $out ''; @@ -404,7 +412,7 @@ in extraModules = mkOption { default = []; - example = [ "proxy_connect" { name = "php5"; path = "${pkgs.php}/modules/libphp5.so"; } ]; + example = [ "proxy_connect" { name = "php5"; path = "${php}/modules/libphp5.so"; } ]; description = '' Specifies additional Apache modules. These can be specified as a string in the case of modules distributed with Apache, @@ -484,6 +492,23 @@ in "Options appended to the PHP configuration file <filename>php.ini</filename>."; }; + multiProcessingModule = mkOption { + default = "prefork"; + example = "worker"; + type = types.uniq types.string; + description = + '' + Multi-processing module to be used by Apache. Available + modules are <literal>prefork</literal> (the default; + handles each request in a separate child process), + <literal>worker</literal> (hybrid approach that starts a + number of child processes each running a number of + threads) and <literal>event</literal> (a recent variant of + <literal>worker</literal> that handles persistent + connections more efficiently). + ''; + }; + maxClients = mkOption { default = 150; example = 8; @@ -558,7 +583,8 @@ in preStart = '' - mkdir -m 0700 -p ${mainCfg.stateDir} + mkdir -m 0750 -p ${mainCfg.stateDir} + chown root.wwwrun ${mainCfg.stateDir} mkdir -m 0700 -p ${mainCfg.logDir} ${optionalString (mainCfg.documentRoot != null) @@ -582,9 +608,7 @@ in done ''; - daemonType = "fork"; - - exec = "httpd -f ${httpdConf}"; + exec = "httpd -f ${httpdConf} -DNO_DETACH"; preStop = '' diff --git a/modules/services/web-servers/apache-httpd/mediawiki.nix b/modules/services/web-servers/apache-httpd/mediawiki.nix index d45d477b671b..9f321b173d3e 100644 --- a/modules/services/web-servers/apache-httpd/mediawiki.nix +++ b/modules/services/web-servers/apache-httpd/mediawiki.nix @@ -4,16 +4,6 @@ with pkgs.lib; let - src_clean_skin = pkgs.fetchurl { - url = "http://lastlog.de/misc/clean-1.01.tar.gz"; - sha256 = "5fb1736b64b33ca3429d035f1358cf8217da2d02019d8a80b14c7985367f659f"; - }; - - src_nixos_skin = pkgs.fetchurl { - url = "http://lastlog.de/misc/nixos-1.0.tar.gz"; - sha256 = "413b0f451bde81ac2dd0bede17dd088f9abcd0f3cea1722279311ca648a855cf"; - }; - mediawikiConfig = pkgs.writeText "LocalSettings.php" '' <?php @@ -89,15 +79,14 @@ let sha256 = "1d8afbdh3lsg54b69mnh6a47psb3lg978xpp277qs08yz15cjf7q"; }; - skinTarball = if config.defaultSkin == "clean" then src_clean_skin - else if config.defaultSkin == "nixos" then src_nixos_skin - else ""; + skins = config.skins; - buildPhase = " - if [ '${skinTarball}' ]; then - tar xfz ${skinTarball} -C skins/; - fi - "; + buildPhase = + '' + for skin in $skins; do + cp -prvd $skin/* skins/ + done + ''; # */ installPhase = '' @@ -259,6 +248,16 @@ in description = "Set this value to change the default skin used by MediaWiki."; }; + skins = mkOption { + default = []; + type = types.listOf types.path; + description = + '' + List of paths whose content is copied to the ‘skins’ + subdirectory of the MediaWiki installation. + ''; + }; + extraConfig = mkOption { default = ""; example = diff --git a/modules/services/x11/display-managers/kdm.nix b/modules/services/x11/display-managers/kdm.nix index 47d9299fb79f..ec4d033a597f 100644 --- a/modules/services/x11/display-managers/kdm.nix +++ b/modules/services/x11/display-managers/kdm.nix @@ -106,7 +106,7 @@ in mkdir -m 0755 -p /var/lib/kdm chown kdm /var/lib/kdm ${(optionalString (config.system.boot.loader.id == "grub") "PATH=${config.system.build.grub}/sbin:$PATH ") + - "KDEDIRS=/var/run/current-system/sw exec ${kdebase_workspace}/bin/kdm -config ${kdmrc} -nodaemon"} + "KDEDIRS=/run/current-system/sw exec ${kdebase_workspace}/bin/kdm -config ${kdmrc} -nodaemon"} ''; logsXsession = true; }; diff --git a/modules/services/x11/hardware/multitouch.nix b/modules/services/x11/hardware/multitouch.nix index 3aa2760f3f0e..4f9048bfd910 100644 --- a/modules/services/x11/hardware/multitouch.nix +++ b/modules/services/x11/hardware/multitouch.nix @@ -2,6 +2,8 @@ with pkgs.lib; +let cfg = config.services.xserver.multitouch; in + { options = { @@ -14,11 +16,25 @@ with pkgs.lib; description = "Whether to enable multitouch touchpad support."; }; + invertScroll = mkOption { + default = false; + example = true; + type = types.bool; + description = "Whether to invert scrolling direction à la OSX Lion"; + }; + + ignorePalm = mkOption { + default = false; + example = true; + type = types.bool; + description = "Whether to ignore touches detected as being the palm (i.e when typing)"; + }; + }; }; - config = mkIf config.services.xserver.multitouch.enable { + config = mkIf cfg.enable { services.xserver.modules = [ pkgs.xf86_input_mtrack ]; @@ -29,6 +45,13 @@ with pkgs.lib; MatchIsTouchpad "on" Identifier "Touchpads" Driver "mtrack" + Option "IgnorePalm" "${if cfg.ignorePalm then "true" else "false"}" + ${optionalString cfg.invertScroll '' + Option "ScrollUpButton" "5" + Option "ScrollDownButton" "4" + Option "ScrollLeftButton" "7" + Option "ScrollRightButton" "6" + ''} EndSection ''; diff --git a/modules/services/x11/window-managers/i3.nix b/modules/services/x11/window-managers/i3.nix index 7699d064eeff..d688c064c5ac 100644 --- a/modules/services/x11/window-managers/i3.nix +++ b/modules/services/x11/window-managers/i3.nix @@ -16,9 +16,9 @@ in }; }; - config = { + config = mkIf cfg.enable { services.xserver.windowManager = { - session = mkIf cfg.enable [{ + session = [{ name = "i3"; start = " ${pkgs.i3}/bin/i3 & @@ -26,5 +26,6 @@ in "; }]; }; + environment.x11Packages = [ pkgs.i3 ]; }; } diff --git a/modules/services/x11/xfs.conf b/modules/services/x11/xfs.conf index 5352d74faa0c..13dcf803db29 100644 --- a/modules/services/x11/xfs.conf +++ b/modules/services/x11/xfs.conf @@ -12,4 +12,4 @@ default-resolutions = 75,75,100,100 cache-hi-mark = 2048 cache-low-mark = 1433 cache-balance = 70 -catalogue = /var/run/current-system/sw/share/X11-fonts/ +catalogue = /run/current-system/sw/share/X11-fonts/ diff --git a/modules/services/x11/xserver.nix b/modules/services/x11/xserver.nix index 61af0459a6bd..5d795e5d57dc 100644 --- a/modules/services/x11/xserver.nix +++ b/modules/services/x11/xserver.nix @@ -405,21 +405,21 @@ in preStart = '' - rm -f /var/run/opengl-driver - rm -f /var/run/opengl-driver-32 + rm -f /run/opengl-driver + rm -f /run/opengl-driver-32 ${# !!! The OpenGL driver depends on what's detected at runtime. if elem "nvidia" driverNames then '' - ln -sf ${kernelPackages.nvidia_x11} /var/run/opengl-driver + ln -sf ${kernelPackages.nvidia_x11} /run/opengl-driver ${optionalString (pkgs.stdenv.system == "x86_64-linux" && cfg.driSupport32Bit) - "ln -sf ${pkgs_i686.linuxPackages.nvidia_x11.override { libsOnly = true; kernel = null; } } /var/run/opengl-driver-32"} + "ln -sf ${pkgs_i686.linuxPackages.nvidia_x11.override { libsOnly = true; kernel = null; } } /run/opengl-driver-32"} '' else if elem "nvidiaLegacy96" driverNames then - "ln -sf ${kernelPackages.nvidia_x11_legacy96} /var/run/opengl-driver" + "ln -sf ${kernelPackages.nvidia_x11_legacy96} /run/opengl-driver" else if elem "nvidiaLegacy173" driverNames then - "ln -sf ${kernelPackages.nvidia_x11_legacy173} /var/run/opengl-driver" + "ln -sf ${kernelPackages.nvidia_x11_legacy173} /run/opengl-driver" else if cfg.driSupport then - "ln -sf ${pkgs.mesa} /var/run/opengl-driver" + "ln -sf ${pkgs.mesa} /run/opengl-driver" else "" } diff --git a/modules/system/activation/activation-script.nix b/modules/system/activation/activation-script.nix index 083e3767ed81..41c3ced1bc27 100644 --- a/modules/system/activation/activation-script.nix +++ b/modules/system/activation/activation-script.nix @@ -74,12 +74,12 @@ in # Make this configuration the current configuration. # The readlink is there to ensure that when $systemConfig = /system - # (which is a symlink to the store), /var/run/current-system is still + # (which is a symlink to the store), /run/current-system is still # used as a garbage collection root. - ln -sfn "$(readlink -f "$systemConfig")" /var/run/current-system + ln -sfn "$(readlink -f "$systemConfig")" /run/current-system # Prevent the current configuration from being garbage-collected. - ln -sfn /var/run/current-system /nix/var/nix/gcroots/current-system + ln -sfn /run/current-system /nix/var/nix/gcroots/current-system ''; }; diff --git a/modules/system/activation/switch-to-configuration.sh b/modules/system/activation/switch-to-configuration.sh index da1471cf550b..62af63ec39f3 100644 --- a/modules/system/activation/switch-to-configuration.sh +++ b/modules/system/activation/switch-to-configuration.sh @@ -59,7 +59,7 @@ fi # Activate the new configuration. if [ "$action" != switch -a "$action" != test ]; then exit 0; fi -oldVersion=$(cat /var/run/current-system/upstart-interface-version 2> /dev/null || echo 0) +oldVersion=$(cat /run/current-system/upstart-interface-version 2> /dev/null || echo 0) newVersion=$(cat @out@/upstart-interface-version 2> /dev/null || echo 0) if test "$oldVersion" -ne "$newVersion"; then diff --git a/modules/system/boot/modprobe.nix b/modules/system/boot/modprobe.nix index 1b34e78ab78c..03d9222af217 100644 --- a/modules/system/boot/modprobe.nix +++ b/modules/system/boot/modprobe.nix @@ -23,7 +23,7 @@ with pkgs.lib; # modules in the current configuration don't match the # running kernel. if [ ! -d "$MODULE_DIR/$(${pkgs.coreutils}/bin/uname -r)" ]; then - MODULE_DIR=/var/run/booted-system/kernel-modules/lib/modules/ + MODULE_DIR=/run/booted-system/kernel-modules/lib/modules/ fi exec ${pkgs.kmod}/sbin/modprobe "$@" diff --git a/modules/system/boot/stage-2-init.sh b/modules/system/boot/stage-2-init.sh index 5c915db08e09..e8b01788900b 100644 --- a/modules/system/boot/stage-2-init.sh +++ b/modules/system/boot/stage-2-init.sh @@ -143,12 +143,12 @@ $systemConfig/activate # Record the boot configuration. -ln -sfn "$systemConfig" /var/run/booted-system +ln -sfn "$systemConfig" /run/booted-system # Prevent the booted system form being garbage-collected If it weren't # a gcroot, if we were running a different kernel, switched system, # and garbage collected all, we could not load kernel modules anymore. -ln -sfn /var/run/booted-system /nix/var/nix/gcroots/booted-system +ln -sfn /run/booted-system /nix/var/nix/gcroots/booted-system # Run any user-specified commands. @@ -177,6 +177,6 @@ fi # Start systemd. echo "starting systemd..." -PATH=/var/run/current-system/systemd/lib/systemd \ - MODULE_DIR=/var/run/current-system/kernel-modules/lib/modules \ +PATH=/run/current-system/systemd/lib/systemd \ + MODULE_DIR=/run/current-system/kernel-modules/lib/modules \ exec systemd --log-target journal # --log-level debug --crash-shell diff --git a/modules/system/upstart-events/shutdown.nix b/modules/system/upstart-events/shutdown.nix new file mode 100644 index 000000000000..59fbcc0d878b --- /dev/null +++ b/modules/system/upstart-events/shutdown.nix @@ -0,0 +1,162 @@ +{ config, pkgs, ... }: + +with pkgs.lib; + +{ + + jobs.shutdown = + { name = "shutdown"; + + task = true; + + stopOn = ""; # must override the default ("starting shutdown") + + environment = { MODE = "poweroff"; }; + + extraConfig = "console owner"; + + script = + '' + set +e # continue in case of errors + + ${pkgs.kbd}/bin/chvt 1 + + exec < /dev/console > /dev/console 2>&1 + echo "" + if test "$MODE" = maintenance; then + echo "[1;32m<<< Entering maintenance mode >>>[0m" + else + echo "[1;32m<<< System shutdown >>>[0m" + fi + echo "" + + ${config.powerManagement.powerDownCommands} + + export PATH=${pkgs.utillinux}/bin:${pkgs.utillinux}/sbin:$PATH + + + # Do an initial sync just in case. + sync + + + # Kill all remaining processes except init, this one and any + # Upstart jobs that don't stop on the "starting shutdown" + # event, as these are necessary to complete the shutdown. + omittedPids=$(initctl list | sed -e 's/.*process \([0-9]\+\)/-o \1/;t;d') + #echo "saved PIDs: $omittedPids" + + echo "sending the TERM signal to all processes..." + ${pkgs.sysvtools}/bin/killall5 -15 $job $omittedPids + + sleep 1 # wait briefly + + echo "sending the KILL signal to all processes..." + ${pkgs.sysvtools}/bin/killall5 -9 $job $omittedPids + + + # If maintenance mode is requested, start a root shell, and + # afterwards emit the "startup" event to bring everything + # back up. + if test "$MODE" = maintenance; then + echo "" + echo "[1;32m<<< Maintenance shell >>>[0m" + echo "" + ${pkgs.shadow}/bin/login root + initctl emit -n startup + exit 0 + fi + + + # Write a shutdown record to wtmp while /var/log is still writable. + reboot --wtmp-only + + + # Set the hardware clock to the system time. + echo "setting the hardware clock..." + hwclock --systohc ${if config.time.hardwareClockInLocalTime then "--localtime" else "--utc"} + + + # Stop all swap devices. + swapoff -a + + + # Unmount file systems. We repeat this until no more file systems + # can be unmounted. This is to handle loopback devices, file + # systems mounted on other file systems and so on. + tryAgain=1 + while test -n "$tryAgain"; do + tryAgain= + failed= # list of mount points that couldn't be unmounted/remounted + + # Get rid of loopback devices. + loDevices=$(losetup -a | sed 's#^\(/dev/loop[0-9]\+\).*#\1#') + if [ -n "$loDevices" ]; then + echo "removing loopback devices $loDevices..." + losetup -d $loDevices + fi + + cp /proc/mounts /dev/.mounts # don't read /proc/mounts while it's changing + exec 4< /dev/.mounts + while read -u 4 device mp fstype options rest; do + # Skip various special filesystems. Non-existent + # mount points are typically tmpfs/aufs mounts from + # the initrd. + if [ "$mp" = /proc -o "$mp" = /sys -o "$mp" = /dev -o "$device" = "rootfs" -o "$mp" = /run -o "$mp" = /var/run -o "$mp" = /var/lock -o ! -e "$mp" ]; then continue; fi + + echo "unmounting $mp..." + + # We need to remount,ro before attempting any + # umount, or bind mounts may get confused, with + # the fs not being properly flushed at the end. + + # `-i' is to workaround a bug in mount.cifs (it + # doesn't recognise the `remount' option, and + # instead mounts the FS again). + success= + if mount -t "$fstype" -n -i -o remount,ro "device" "$mp"; then success=1; fi + + # Note: don't use `umount -f'; it's very buggy. + # (For instance, when applied to a bind-mount it + # unmounts the target of the bind-mount.) !!! But + # we should use `-f' for NFS. + if [ "$mp" != / -a "$mp" != /nix -a "$mp" != /nix/store ]; then + if umount -n "$mp"; then success=1; tryAgain=1; fi + fi + + if [ -z "$success" ]; then failed="$failed $mp"; fi + done + done + + + # Warn about filesystems that could not be unmounted or + # remounted read-only. + if [ -n "$failed" ]; then + echo "[1;31mwarning:[0m the following filesystems could not be unmounted:" + for mp in $failed; do echo " $mp"; done + echo Enter 'i' to launch a shell, or wait 10 seconds to continue. + read -t 10 A + if [ "$A" == "i" ]; then + ${pkgs.bashInteractive}/bin/bash -i < /dev/console &> /dev/console + fi + sleep 5 + fi + + + # Final sync. + sync + + + # Either reboot or power-off the system. + if test "$MODE" = reboot; then + echo "rebooting..." + sleep 1 + exec reboot -f + else + echo "powering off..." + sleep 1 + exec halt -f -p + fi + ''; + }; + +} diff --git a/modules/tasks/kbd.nix b/modules/tasks/kbd.nix index b563d33dc5b1..dd4b9f382c09 100644 --- a/modules/tasks/kbd.nix +++ b/modules/tasks/kbd.nix @@ -67,7 +67,7 @@ in script = '' export LANG=${defaultLocale} - export LOCALE_ARCHIVE=/var/run/current-system/sw/lib/locale/locale-archive + export LOCALE_ARCHIVE=/run/current-system/sw/lib/locale/locale-archive export PATH=${pkgs.gzip}/bin:$PATH # Needed by setfont set +e # continue in case of errors |