11 files changed, 107 insertions, 38 deletions
diff --git a/nixos/maintainers/scripts/azure/create-azure.sh b/nixos/maintainers/scripts/azure/create-azure.sh
index f87a88404f67..a834566be8f7 100755
--- a/nixos/maintainers/scripts/azure/create-azure.sh
+++ b/nixos/maintainers/scripts/azure/create-azure.sh
@@ -1,11 +1,8 @@
 #! /bin/sh -e
 
-BUCKET_NAME=${BUCKET_NAME:-nixos}
 export NIX_PATH=nixpkgs=../../../..
 export NIXOS_CONFIG=$(dirname $(readlink -f $0))/../../../modules/virtualisation/azure-image.nix
 export TIMESTAMP=$(date +%Y%m%d%H%M)
 
 nix-build '<nixpkgs/nixos>' \
-   -A config.system.build.azureImage --argstr system x86_64-linux -o azure --option extra-binary-caches http://hydra.nixos.org -j 10
-
-azure vm image create nixos-test --location "West Europe" --md5-skip -v --os Linux azure/disk.vhd
+   -A config.system.build.azureImage --argstr system x86_64-linux -o azure --option extra-binary-caches https://hydra.nixos.org -j 10
diff --git a/nixos/maintainers/scripts/azure/upload-azure.sh b/nixos/maintainers/scripts/azure/upload-azure.sh
new file mode 100755
index 000000000000..2ea35d1d4c33
--- /dev/null
+++ b/nixos/maintainers/scripts/azure/upload-azure.sh
@@ -0,0 +1,22 @@
+#! /bin/sh -e
+
+export STORAGE=${STORAGE:-nixos}
+export THREADS=${THREADS:-8}
+
+azure-vhd-utils-for-go  upload --localvhdpath azure/disk.vhd  --stgaccountname "$STORAGE"  --stgaccountkey "$KEY" \
+   --containername images --blobname nixos-unstable-nixops-updated.vhd --parallelism "$THREADS" --overwrite
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/nixos/modules/rename.nix b/nixos/modules/rename.nix
index 85435884b199..0de6ca758c16 100644
--- a/nixos/modules/rename.nix
+++ b/nixos/modules/rename.nix
@@ -98,6 +98,9 @@ with lib;
 
     (mkRenamedOptionModule [ "services" "hostapd" "extraCfg" ] [ "services" "hostapd" "extraConfig" ])
 
+    # Enlightenment
+    (mkRenamedOptionModule [ "services" "xserver" "desktopManager" "e19" "enable" ] [ "services" "xserver" "desktopManager" "enlightenment" "enable" ])
+
     # Options that are obsolete and have no replacement.
     (mkRemovedOptionModule [ "boot" "initrd" "luks" "enable" ])
     (mkRemovedOptionModule [ "programs" "bash" "enable" ])
diff --git a/nixos/modules/security/grsecurity.nix b/nixos/modules/security/grsecurity.nix
index 3aabbc8fe1bc..236206026c3f 100644
--- a/nixos/modules/security/grsecurity.nix
+++ b/nixos/modules/security/grsecurity.nix
@@ -28,8 +28,7 @@ in
 
       kernelPatch = mkOption {
         type = types.attrs;
-        default = pkgs.kernelPatches.grsecurity_latest;
-        example = pkgs.kernelPatches.grsecurity_4_1;
+        example = lib.literalExample "pkgs.kernelPatches.grsecurity_4_1";
         description = ''
           Grsecurity patch to use.
         '';
@@ -231,6 +230,8 @@ in
         }
       ];
 
+    security.grsecurity.kernelPatch = lib.mkDefault pkgs.kernelPatches.grsecurity_latest;
+
     systemd.services.grsec-lock = mkIf cfg.config.sysctl {
       description     = "grsecurity sysctl-lock Service";
       requires        = [ "systemd-sysctl.service" ];
diff --git a/nixos/modules/services/misc/autofs.nix b/nixos/modules/services/misc/autofs.nix
index 3a95e9228200..8913030e0ea2 100644
--- a/nixos/modules/services/misc/autofs.nix
+++ b/nixos/modules/services/misc/autofs.nix
@@ -79,6 +79,11 @@ in
         wantedBy = [ "multi-user.target" ];
         after = [ "network.target" ];
 
+        preStart = ''
+          # There should be only one autofs service managed by systemd, so this should be safe.
+          rm -f /tmp/autofs-running
+        '';
+
         serviceConfig = {
           ExecStart = "${pkgs.autofs5}/sbin/automount ${if cfg.debug then "-d" else ""} -f -t ${builtins.toString cfg.timeout} ${autoMaster} ${if cfg.debug then "-l7" else ""}";
           ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
diff --git a/nixos/modules/services/networking/i2pd.nix b/nixos/modules/services/networking/i2pd.nix
index e73316a9b1e8..15ec9be80121 100644
--- a/nixos/modules/services/networking/i2pd.nix
+++ b/nixos/modules/services/networking/i2pd.nix
@@ -10,9 +10,10 @@ let
 
   extip = "EXTIP=\$(${pkgs.curl}/bin/curl -sf \"http://jsonip.com\" | ${pkgs.gawk}/bin/awk -F'\"' '{print $4}')";
 
-  toOneZero = b: if b then "1" else "0";
+  toYesNo = b: if b then "yes" else "no";
 
   mkEndpointOpt = name: addr: port: {
+    enable = mkEnableOption name;
     name = mkOption {
       type = types.str;
       default = name;
@@ -63,9 +64,9 @@ let
   } // mkEndpointOpt name "127.0.0.1" 0;
 
   i2pdConf = pkgs.writeText "i2pd.conf" ''
-      ipv6 = ${toOneZero cfg.enableIPv6}
-      notransit = ${toOneZero cfg.notransit}
-      floodfill = ${toOneZero cfg.floodfill}
+      ipv6 = ${toYesNo cfg.enableIPv6}
+      notransit = ${toYesNo cfg.notransit}
+      floodfill = ${toYesNo cfg.floodfill}
       ${if isNull cfg.port then "" else "port = ${toString cfg.port}"}
       ${flip concatMapStrings
         (collect (proto: proto ? port && proto ? address && proto ? name) cfg.proto)
@@ -73,6 +74,7 @@ let
       [${proto.name}]
       address = ${proto.address}
       port = ${toString proto.port}
+      enabled = ${toYesNo proto.enable}
       '')
       }
   '';
diff --git a/nixos/modules/services/x11/desktop-managers/default.nix b/nixos/modules/services/x11/desktop-managers/default.nix
index 3e91450a39d2..1ea7b5ccf16a 100644
--- a/nixos/modules/services/x11/desktop-managers/default.nix
+++ b/nixos/modules/services/x11/desktop-managers/default.nix
@@ -19,7 +19,7 @@ in
   # E.g., if KDE is enabled, it supersedes xterm.
   imports = [
     ./none.nix ./xterm.nix ./xfce.nix ./kde4.nix ./kde5.nix
-    ./e19.nix ./gnome3.nix ./kodi.nix
+    ./enlightenment.nix ./gnome3.nix ./kodi.nix
   ];
 
   options = {
diff --git a/nixos/modules/services/x11/desktop-managers/e19.nix b/nixos/modules/services/x11/desktop-managers/enlightenment.nix
index 2d5c7b192bc6..c981b40f74a6 100644
--- a/nixos/modules/services/x11/desktop-managers/e19.nix
+++ b/nixos/modules/services/x11/desktop-managers/enlightenment.nix
@@ -4,9 +4,9 @@ with lib;
 
 let
 
+  e = pkgs.enlightenment;
   xcfg = config.services.xserver;
-  cfg = xcfg.desktopManager.e19;
-  e19_enlightenment = pkgs.e19.enlightenment.override { set_freqset_setuid = true; };
+  cfg = xcfg.desktopManager.enlightenment;
   GST_PLUGIN_PATH = lib.makeSearchPath "lib/gstreamer-1.0" [
     pkgs.gst_all_1.gst-plugins-base
     pkgs.gst_all_1.gst-plugins-good
@@ -18,10 +18,10 @@ in
 {
   options = {
 
-    services.xserver.desktopManager.e19.enable = mkOption {
+    services.xserver.desktopManager.enlightenment.enable = mkOption {
       default = false;
       example = true;
-      description = "Enable the E19 desktop environment.";
+      description = "Enable the Enlightenment desktop environment.";
     };
 
   };
@@ -29,8 +29,8 @@ in
   config = mkIf (xcfg.enable && cfg.enable) {
 
     environment.systemPackages = [
-      pkgs.e19.efl pkgs.e19.evas pkgs.e19.emotion pkgs.e19.elementary e19_enlightenment
-      pkgs.e19.terminology pkgs.e19.econnman
+      e.efl e.evas e.emotion e.elementary e.enlightenment
+      e.terminology e.econnman
       pkgs.xorg.xauth # used by kdesu
       pkgs.gtk # To get GTK+'s themes.
       pkgs.tango-icon-theme
@@ -42,7 +42,7 @@ in
     environment.pathsToLink = [ "/etc/enlightenment" "/etc/xdg" "/share/enlightenment" "/share/elementary" "/share/applications" "/share/locale" "/share/icons" "/share/themes" "/share/mime" "/share/desktop-directories" ];
 
     services.xserver.desktopManager.session = [
-    { name = "E19";
+    { name = "Enlightenment";
       start = ''
         # Set GTK_DATA_PREFIX so that GTK+ can find the themes
         export GTK_DATA_PREFIX=${config.system.path}
@@ -53,17 +53,16 @@ in
         export GST_PLUGIN_PATH="${GST_PLUGIN_PATH}"
 
         # make available for D-BUS user services
-        #export XDG_DATA_DIRS=$XDG_DATA_DIRS''${XDG_DATA_DIRS:+:}:${config.system.path}/share:${pkgs.e19.efl}/share
+        #export XDG_DATA_DIRS=$XDG_DATA_DIRS''${XDG_DATA_DIRS:+:}:${config.system.path}/share:${e.efl}/share
 
         # Update user dirs as described in http://freedesktop.org/wiki/Software/xdg-user-dirs/
         ${pkgs.xdg-user-dirs}/bin/xdg-user-dirs-update
 
-        ${e19_enlightenment}/bin/enlightenment_start
-        waitPID=$!
+        exec ${e.enlightenment}/bin/enlightenment_start
       '';
     }];
 
-    security.setuidPrograms = [ "e19_freqset" ];
+    security.setuidPrograms = [ "e_freqset" ];
 
     environment.etc = singleton
       { source = "${pkgs.xkeyboard_config}/etc/X11/xkb";
@@ -75,13 +74,13 @@ in
     services.udisks2.enable = true;
     services.upower.enable = config.powerManagement.enable;
 
-    #services.dbus.packages = [ pkgs.efl ]; # dbus-1 folder is not in /etc but in /share, so needs fixing first
+    services.dbus.packages = [ e.efl ];
 
     systemd.user.services.efreet =
       { enable = true;
         description = "org.enlightenment.Efreet";
         serviceConfig =
-          { ExecStart = "${pkgs.e19.efl}/bin/efreetd";
+          { ExecStart = "${e.efl}/bin/efreetd";
             StandardOutput = "null";
           };
       };
@@ -90,7 +89,7 @@ in
       { enable = true;
         description = "org.enlightenment.Ethumb";
         serviceConfig =
-          { ExecStart = "${pkgs.e19.efl}/bin/ethumbd";
+          { ExecStart = "${e.efl}/bin/ethumbd";
             StandardOutput = "null";
           };
       };
diff --git a/nixos/modules/virtualisation/azure-agent-entropy.patch b/nixos/modules/virtualisation/azure-agent-entropy.patch
new file mode 100644
index 000000000000..2a7ad08a4afc
--- /dev/null
+++ b/nixos/modules/virtualisation/azure-agent-entropy.patch
@@ -0,0 +1,17 @@
+--- a/waagent	2016-03-12 09:58:15.728088851 +0200
++++ a/waagent	2016-03-12 09:58:43.572680025 +0200
+@@ -6173,10 +6173,10 @@
+             Log("MAC  address: " + ":".join(["%02X" % Ord(a) for a in mac]))
+         
+         # Consume Entropy in ACPI table provided by Hyper-V
+-        try:
+-            SetFileContents("/dev/random", GetFileContents("/sys/firmware/acpi/tables/OEM0"))
+-        except:
+-            pass
++        #try:
++        #    SetFileContents("/dev/random", GetFileContents("/sys/firmware/acpi/tables/OEM0"))
++        #except:
++        #    pass
+ 
+         Log("Probing for Azure environment.")
+         self.Endpoint = self.DoDhcpWork()
diff --git a/nixos/modules/virtualisation/azure-agent.nix b/nixos/modules/virtualisation/azure-agent.nix
index 640519758c74..da97565fd6de 100644
--- a/nixos/modules/virtualisation/azure-agent.nix
+++ b/nixos/modules/virtualisation/azure-agent.nix
@@ -14,6 +14,9 @@ let
       rev = "1b3a8407a95344d9d12a2a377f64140975f1e8e4";
       sha256 = "10byzvmpgrmr4d5mdn2kq04aapqb3sgr1admk13wjmy5cd6bwd2x";
     };
+
+    patches = [ ./azure-agent-entropy.patch ];
+
     buildInputs = [ makeWrapper python pythonPackages.wrapPython ];
     runtimeDeps = [ findutils gnugrep gawk coreutils openssl openssh
                     nettools # for hostname
@@ -54,9 +57,15 @@ in
 
   ###### interface
 
-  options.virtualisation.azure.agent.enable = mkOption {
-    default = false;
-    description = "Whether to enable the Windows Azure Linux Agent.";
+  options.virtualisation.azure.agent = {
+    enable = mkOption {
+      default = false;
+      description = "Whether to enable the Windows Azure Linux Agent.";
+    };
+    verboseLogging = mkOption {
+      default = false;
+      description = "Whether to enable verbose logging.";
+    };
   };
 
   ###### implementation
@@ -88,7 +97,7 @@ in
         Provisioning.DeleteRootPassword=n
 
         # Generate fresh host key pair.
-        Provisioning.RegenerateSshHostKeyPair=y
+        Provisioning.RegenerateSshHostKeyPair=n
 
         # Supported values are "rsa", "dsa" and "ecdsa".
         Provisioning.SshHostKeyPairType=ed25519
@@ -121,7 +130,7 @@ in
         Logs.Console=y
 
         # Enable verbose logging (y|n)
-        Logs.Verbose=n
+        Logs.Verbose=${if cfg.verboseLogging then "y" else "n"}
 
         # Root device timeout in seconds.
         OS.RootDeviceScsiTimeout=300
@@ -146,16 +155,30 @@ in
 
     systemd.targets.provisioned = {
       description = "Services Requiring Azure VM provisioning to have finished";
-      wantedBy = [ "sshd.service" ];
-      before = [ "sshd.service" ];
     };
 
+  systemd.services.consume-hypervisor-entropy =
+    { description = "Consume entropy in ACPI table provided by Hyper-V";
+
+      wantedBy = [ "sshd.service" "waagent.service" ];
+      before = [ "sshd.service" "waagent.service" ];
+      after = [ "local-fs.target" ];
+
+      path  = [ pkgs.coreutils ];
+      script =
+        ''
+          echo "Fetching entropy..."
+          cat /sys/firmware/acpi/tables/OEM0 > /dev/random
+        '';
+      serviceConfig.Type = "oneshot";
+      serviceConfig.RemainAfterExit = true;
+      serviceConfig.StandardError = "journal+console";
+      serviceConfig.StandardOutput = "journal+console";
+     };
 
     systemd.services.waagent = {
-      wantedBy = [ "sshd.service" ];
-      before = [ "sshd.service" ];
-      after = [ "ip-up.target" ];
-      wants = [ "ip-up.target" ];
+      wantedBy = [ "multi-user.target" ];
+      after = [ "ip-up.target" "sshd.service" ];
 
       path = [ pkgs.e2fsprogs ];
       description = "Windows Azure Agent Service";
diff --git a/nixos/modules/virtualisation/azure-image.nix b/nixos/modules/virtualisation/azure-image.nix
index 79d1f7d7cc43..9dc0ce119929 100644
--- a/nixos/modules/virtualisation/azure-image.nix
+++ b/nixos/modules/virtualisation/azure-image.nix
@@ -2,7 +2,7 @@
 
 with lib;
 let
-  diskSize = "4096";
+  diskSize = "30720";
 in
 {
   system.build.azureImage =
@@ -23,7 +23,7 @@ in
           postVM =
             ''
               mkdir -p $out
-              ${pkgs.vmTools.qemu-220}/bin/qemu-img convert -f raw -O vpc -o subformat=fixed $diskImage $out/disk.vhd
+              ${pkgs.vmTools.qemu-220}/bin/qemu-img convert -f raw -O vpc $diskImage $out/disk.vhd
               rm $diskImage
             '';
           diskImageBase = "nixos-image-${config.system.nixosLabel}-${pkgs.stdenv.system}.raw";