diff options
Diffstat (limited to 'nixos')
| -rw-r--r-- | nixos/doc/manual/configuration/ipv6-config.xml | 20 | ||||
| -rw-r--r-- | nixos/modules/module-list.nix | 3 | ||||
| -rw-r--r-- | nixos/modules/services/editors/emacs.xml | 4 | ||||
| -rw-r--r-- | nixos/modules/services/networking/asterisk.nix | 20 | ||||
| -rw-r--r-- | nixos/modules/services/security/hologram-agent.nix | 57 | ||||
| -rw-r--r-- | nixos/modules/services/security/hologram-server.nix (renamed from nixos/modules/services/security/hologram.nix) | 0 | ||||
| -rw-r--r-- | nixos/modules/services/system/dbus.nix | 24 | ||||
| -rw-r--r-- | nixos/modules/services/web-servers/apache-httpd/wordpress.nix | 4 | ||||
| -rw-r--r-- | nixos/modules/services/x11/desktop-managers/enlightenment.nix | 5 | ||||
| -rw-r--r-- | nixos/modules/services/x11/desktop-managers/kde4.nix | 5 | ||||
| -rw-r--r-- | nixos/modules/services/x11/desktop-managers/kde5.nix | 5 | ||||
| -rw-r--r-- | nixos/modules/services/x11/xserver.nix | 24 | ||||
| -rw-r--r-- | nixos/modules/tasks/network-interfaces-scripted.nix | 16 | ||||
| -rw-r--r-- | nixos/modules/tasks/network-interfaces-systemd.nix | 6 | ||||
| -rw-r--r-- | nixos/modules/tasks/network-interfaces.nix | 42 |
15 files changed, 181 insertions, 54 deletions
diff --git a/nixos/doc/manual/configuration/ipv6-config.xml b/nixos/doc/manual/configuration/ipv6-config.xml index bf86926f9bf5..6d9e0a164e9e 100644 --- a/nixos/doc/manual/configuration/ipv6-config.xml +++ b/nixos/doc/manual/configuration/ipv6-config.xml @@ -22,5 +22,25 @@ boot.kernel.sysctl."net.ipv6.conf.eth0.disable_ipv6" = true; </programlisting> </para> +<para>As with IPv4 networking interfaces are automatically configured via +DHCPv6. You can configure an interface manually: + +<programlisting> +networking.interfaces.eth0.ip6 = [ { address = "fe00:aa:bb:cc::2"; prefixLength = 64; } ]; +</programlisting> +</para> + +<para>For configuring a gateway, optionally with explicitly specified interface: + +<programlisting> +networking.defaultGateway6 = { + address = "fe00::1"; + interface = "enp0s3"; +} +</programlisting> +</para> + +<para>See <xref linkend='sec-ipv4' /> for similar examples and additional information. +</para> </section> diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 23acc11db238..fed75053e567 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -498,7 +498,8 @@ ./services/security/frandom.nix ./services/security/haka.nix ./services/security/haveged.nix - ./services/security/hologram.nix + ./services/security/hologram-server.nix + ./services/security/hologram-agent.nix ./services/security/munge.nix ./services/security/oauth2_proxy.nix ./services/security/physlock.nix diff --git a/nixos/modules/services/editors/emacs.xml b/nixos/modules/services/editors/emacs.xml index e03f6046de8e..89f09ed08449 100644 --- a/nixos/modules/services/editors/emacs.xml +++ b/nixos/modules/services/editors/emacs.xml @@ -316,10 +316,10 @@ https://nixos.org/nixpkgs/manual/#sec-modify-via-packageOverrides <para> If you are not on NixOS or want to install this particular Emacs only for yourself, you can do so by adding it to your - <filename>~/.nixpkgs/config.nix</filename> + <filename>~/.config/nixpkgs/config.nix</filename> (see <link xlink:href="http://nixos.org/nixpkgs/manual/#sec-modify-via-packageOverrides">Nixpkgs manual</link>): <example> - <title>Custom Emacs in <filename>~/.nixpkgs/system.nix</filename></title> + <title>Custom Emacs in <filename>~/.config/nixpkgs/config.nix</filename></title> <programlisting><![CDATA[ { packageOverrides = super: let self = super.pkgs; in { diff --git a/nixos/modules/services/networking/asterisk.nix b/nixos/modules/services/networking/asterisk.nix index 5c71a1d8ddae..514204db33fa 100644 --- a/nixos/modules/services/networking/asterisk.nix +++ b/nixos/modules/services/networking/asterisk.nix @@ -17,7 +17,7 @@ let allConfFiles = cfg.confFiles // builtins.listToAttrs (map (x: { name = x; - value = builtins.readFile (pkgs.asterisk + "/etc/asterisk/" + x); }) + value = builtins.readFile (cfg.package + "/etc/asterisk/" + x); }) defaultConfFiles); asteriskEtc = pkgs.stdenv.mkDerivation @@ -38,7 +38,7 @@ let asteriskConf = '' [directories] astetcdir => /etc/asterisk - astmoddir => ${pkgs.asterisk}/lib/asterisk/modules + astmoddir => ${cfg.package}/lib/asterisk/modules astvarlibdir => /var/lib/asterisk astdbdir => /var/lib/asterisk astkeydir => /var/lib/asterisk @@ -47,7 +47,7 @@ let astspooldir => /var/spool/asterisk astrundir => /var/run/asterisk astlogdir => /var/log/asterisk - astsbindir => ${pkgs.asterisk}/sbin + astsbindir => ${cfg.package}/sbin ''; extraConf = cfg.extraConfig; @@ -197,11 +197,17 @@ in Additional command line arguments to pass to Asterisk. ''; }; + package = mkOption { + type = types.package; + default = pkgs.asterisk; + defaultText = "pkgs.asterisk"; + description = "The Asterisk package to use."; + }; }; }; config = mkIf cfg.enable { - environment.systemPackages = [ pkgs.asterisk ]; + environment.systemPackages = [ cfg.package ]; environment.etc.asterisk.source = asteriskEtc; @@ -234,7 +240,7 @@ in # TODO: Make exceptions for /var directories that likely should be updated if [ ! -e "$d" ]; then mkdir -p "$d" - cp --recursive ${pkgs.asterisk}/"$d"/* "$d"/ + cp --recursive ${cfg.package}/"$d"/* "$d"/ chown --recursive ${asteriskUser}:${asteriskGroup} "$d" find "$d" -type d | xargs chmod 0755 fi @@ -247,8 +253,8 @@ in # FIXME: This doesn't account for arguments with spaces argString = concatStringsSep " " cfg.extraArguments; in - "${pkgs.asterisk}/bin/asterisk -U ${asteriskUser} -C /etc/asterisk/asterisk.conf ${argString} -F"; - ExecReload = ''${pkgs.asterisk}/bin/asterisk -x "core reload" + "${cfg.package}/bin/asterisk -U ${asteriskUser} -C /etc/asterisk/asterisk.conf ${argString} -F"; + ExecReload = ''${cfg.package}/bin/asterisk -x "core reload" ''; Type = "forking"; PIDFile = "/var/run/asterisk/asterisk.pid"; diff --git a/nixos/modules/services/security/hologram-agent.nix b/nixos/modules/services/security/hologram-agent.nix new file mode 100644 index 000000000000..49b5c935267b --- /dev/null +++ b/nixos/modules/services/security/hologram-agent.nix @@ -0,0 +1,57 @@ +{pkgs, config, lib, ...}: + +with lib; + +let + cfg = config.services.hologram-agent; + + cfgFile = pkgs.writeText "hologram-agent.json" (builtins.toJSON { + host = cfg.dialAddress; + }); +in { + options = { + services.hologram-agent = { + enable = mkOption { + type = types.bool; + default = false; + description = "Whether to enable the Hologram agent for AWS instance credentials"; + }; + + dialAddress = mkOption { + type = types.str; + default = "localhost:3100"; + description = "Hologram server and port."; + }; + + httpPort = mkOption { + type = types.str; + default = "80"; + description = "Port for metadata service to listen on."; + }; + + }; + }; + + config = mkIf cfg.enable { + networking.interfaces.dummy0 = { + ipAddress = "169.254.169.254"; + prefixLength = 32; + }; + + systemd.services.hologram-agent = { + description = "Provide EC2 instance credentials to machines outside of EC2"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + requires = [ "network-link-dummy0.service" "network-addresses-dummy0.service" ]; + preStart = '' + /run/current-system/sw/bin/rm -fv /var/run/hologram.sock + ''; + serviceConfig = { + ExecStart = "${pkgs.hologram.bin}/bin/hologram-agent -debug -conf ${cfgFile} -port ${cfg.httpPort}"; + }; + }; + + }; + + meta.maintainers = with lib.maintainers; [ nand0p ]; +} diff --git a/nixos/modules/services/security/hologram.nix b/nixos/modules/services/security/hologram-server.nix index e267fed27955..e267fed27955 100644 --- a/nixos/modules/services/security/hologram.nix +++ b/nixos/modules/services/security/hologram-server.nix diff --git a/nixos/modules/services/system/dbus.nix b/nixos/modules/services/system/dbus.nix index bc91d1284a9f..aeb5bf9c7a36 100644 --- a/nixos/modules/services/system/dbus.nix +++ b/nixos/modules/services/system/dbus.nix @@ -20,8 +20,6 @@ let "<includedir>${d}/etc/dbus-1/session.d</includedir>" ])); - daemonArgs = "--address=systemd: --nofork --nopidfile --systemd-activation"; - configDir = pkgs.runCommand "dbus-conf" { preferLocalBuild = true; allowSubstitutes = false; @@ -29,11 +27,6 @@ let '' mkdir -p $out - cp ${pkgs.dbus.out}/share/dbus-1/{system,session}.conf $out - - # include by full path - sed -ri "s@/etc/dbus-1/(system|session)-@$out/\1-@" $out/{system,session}.conf - sed '${./dbus-system-local.conf.in}' \ -e 's,@servicehelper@,${config.security.wrapperDir}/dbus-daemon-launch-helper,g' \ -e 's,@extra@,${systemExtraxml},' \ @@ -95,6 +88,11 @@ in environment.systemPackages = [ pkgs.dbus.daemon pkgs.dbus ]; + environment.etc = singleton + { source = configDir; + target = "dbus-1"; + }; + users.extraUsers.messagebus = { uid = config.ids.uids.messagebus; description = "D-Bus system message bus daemon user"; @@ -125,10 +123,6 @@ in # Don't restart dbus-daemon. Bad things tend to happen if we do. reloadIfChanged = true; restartTriggers = [ configDir ]; - serviceConfig.ExecStart = [ - "" # Default dbus.service has two entries, we need to override both. - "${lib.getBin pkgs.dbus}/bin/dbus-daemon --config-file=/run/current-system/dbus/system.conf ${daemonArgs}" - ]; }; systemd.user = { @@ -136,18 +130,10 @@ in # Don't restart dbus-daemon. Bad things tend to happen if we do. reloadIfChanged = true; restartTriggers = [ configDir ]; - serviceConfig.ExecStart = [ - "" # Default dbus.service has two entries, we need to override both. - "${lib.getBin pkgs.dbus}/bin/dbus-daemon --config-file=/run/current-system/dbus/session.conf ${daemonArgs}" - ]; }; sockets.dbus.wantedBy = mkIf cfg.socketActivated [ "sockets.target" ]; }; environment.pathsToLink = [ "/etc/dbus-1" "/share/dbus-1" ]; - - system.extraSystemBuilderCmds = '' - ln -s ${configDir} $out/dbus - ''; }; } diff --git a/nixos/modules/services/web-servers/apache-httpd/wordpress.nix b/nixos/modules/services/web-servers/apache-httpd/wordpress.nix index 26f0bdec6559..a5b6548d3c53 100644 --- a/nixos/modules/services/web-servers/apache-httpd/wordpress.nix +++ b/nixos/modules/services/web-servers/apache-httpd/wordpress.nix @@ -6,7 +6,7 @@ with lib; let # Upgrading? We have a test! nix-build ./nixos/tests/wordpress.nix - version = "4.7.1"; + version = "4.7.2"; fullversion = "${version}"; # Our bare-bones wp-config.php file using the above settings @@ -75,7 +75,7 @@ let owner = "WordPress"; repo = "WordPress"; rev = "${fullversion}"; - sha256 = "1wb4f4zn55d23qi0whsfpbpcd4sjvzswgmni6f5rzrmlawq9ssgr"; + sha256 = "0vph12708drf8ww0xd05hpdvbyy7n5gj9ca598lhdhy2i1j6wy32"; }; installPhase = '' mkdir -p $out diff --git a/nixos/modules/services/x11/desktop-managers/enlightenment.nix b/nixos/modules/services/x11/desktop-managers/enlightenment.nix index 615504bab15f..7ea8b30d23d1 100644 --- a/nixos/modules/services/x11/desktop-managers/enlightenment.nix +++ b/nixos/modules/services/x11/desktop-managers/enlightenment.nix @@ -64,7 +64,10 @@ in security.setuidPrograms = [ "e_freqset" ]; - services.xserver.exportConfiguration = true; + environment.etc = singleton + { source = "${pkgs.xkeyboard_config}/etc/X11/xkb"; + target = "X11/xkb"; + }; fonts.fonts = [ pkgs.dejavu_fonts pkgs.ubuntu_font_family ]; diff --git a/nixos/modules/services/x11/desktop-managers/kde4.nix b/nixos/modules/services/x11/desktop-managers/kde4.nix index b551432bc27a..3aa4821a0521 100644 --- a/nixos/modules/services/x11/desktop-managers/kde4.nix +++ b/nixos/modules/services/x11/desktop-managers/kde4.nix @@ -183,7 +183,10 @@ in GST_PLUGIN_SYSTEM_PATH = [ "/lib/gstreamer-0.10" ]; }; - services.xserver.exportConfiguration = true; + environment.etc = singleton + { source = "${pkgs.xkeyboard_config}/etc/X11/xkb"; + target = "X11/xkb"; + }; # Enable helpful DBus services. services.udisks2.enable = true; diff --git a/nixos/modules/services/x11/desktop-managers/kde5.nix b/nixos/modules/services/x11/desktop-managers/kde5.nix index ec85cf1d0bdc..8f081a1e9d2a 100644 --- a/nixos/modules/services/x11/desktop-managers/kde5.nix +++ b/nixos/modules/services/x11/desktop-managers/kde5.nix @@ -199,7 +199,10 @@ in environment.pathsToLink = [ "/share" ]; - services.xserver.exportConfiguration = true; + environment.etc = singleton { + source = "${pkgs.xkeyboard_config}/etc/X11/xkb"; + target = "X11/xkb"; + }; environment.variables = { diff --git a/nixos/modules/services/x11/xserver.nix b/nixos/modules/services/x11/xserver.nix index 8617a5fab03f..f5ed52338182 100644 --- a/nixos/modules/services/x11/xserver.nix +++ b/nixos/modules/services/x11/xserver.nix @@ -465,15 +465,23 @@ in } ]; - environment.etc = mkMerge [ - (mkIf cfg.exportConfiguration { - "X11/xorg.conf".source = configFile; - "X11/xkb".source = cfg.xkbDir; - }) + environment.etc = + (optionals cfg.exportConfiguration + [ { source = "${configFile}"; + target = "X11/xorg.conf"; + } + # -xkbdir command line option does not seems to be passed to xkbcomp. + { source = "${cfg.xkbDir}"; + target = "X11/xkb"; + } + ]) # Needed since 1.18; see https://bugs.freedesktop.org/show_bug.cgi?id=89023#c5 - (let cfgPath = "X11/xorg.conf.d/10-evdev.conf"; in - { "${cfgPath}".source = xorg.xf86inputevdev.out + "/share" + cfgPath; }) - ]; + ++ (let cfgPath = "/X11/xorg.conf.d/10-evdev.conf"; in + [{ + source = xorg.xf86inputevdev.out + "/share" + cfgPath; + target = cfgPath; + }] + ); environment.systemPackages = [ xorg.xorgserver.out diff --git a/nixos/modules/tasks/network-interfaces-scripted.nix b/nixos/modules/tasks/network-interfaces-scripted.nix index c50ea5c79643..aa86fc85feb6 100644 --- a/nixos/modules/tasks/network-interfaces-scripted.nix +++ b/nixos/modules/tasks/network-interfaces-scripted.nix @@ -102,17 +102,21 @@ in EOF # Set the default gateway. - ${optionalString (cfg.defaultGateway != null && cfg.defaultGateway != "") '' + ${optionalString (cfg.defaultGateway != null && cfg.defaultGateway.address != "") '' # FIXME: get rid of "|| true" (necessary to make it idempotent). - ip route add default via "${cfg.defaultGateway}" ${ + ip route add default via "${cfg.defaultGateway.address}" ${ optionalString (cfg.defaultGatewayWindowSize != null) - "window ${toString cfg.defaultGatewayWindowSize}"} || true + "window ${toString cfg.defaultGatewayWindowSize}"} ${ + optionalString (cfg.defaultGateway.interface != null) + "dev ${cfg.defaultGateway.interface}"}|| true ''} - ${optionalString (cfg.defaultGateway6 != null && cfg.defaultGateway6 != "") '' + ${optionalString (cfg.defaultGateway6 != null && cfg.defaultGateway6.address != "") '' # FIXME: get rid of "|| true" (necessary to make it idempotent). - ip -6 route add ::/0 via "${cfg.defaultGateway6}" ${ + ip -6 route add ::/0 via "${cfg.defaultGateway6.address}" ${ optionalString (cfg.defaultGatewayWindowSize != null) - "window ${toString cfg.defaultGatewayWindowSize}"} || true + "window ${toString cfg.defaultGatewayWindowSize}"} ${ + optionalString (cfg.defaultGateway6.interface != null) + "dev ${cfg.defaultGateway6.interface}"} || true ''} ''; }; diff --git a/nixos/modules/tasks/network-interfaces-systemd.nix b/nixos/modules/tasks/network-interfaces-systemd.nix index 974041d7e1a5..a1212c905560 100644 --- a/nixos/modules/tasks/network-interfaces-systemd.nix +++ b/nixos/modules/tasks/network-interfaces-systemd.nix @@ -38,6 +38,12 @@ in } { assertion = cfg.vswitches == {}; message = "networking.vswichtes are not supported by networkd."; + } { + assertion = cfg.defaultGateway == null || cfg.defaultGateway.interface == null; + message = "networking.defaultGateway.interface is not supported by networkd."; + } { + assertion = cfg.defaultGateway6 == null || cfg.defaultGateway6.interface == null; + message = "networking.defaultGateway6.interface is not supported by networkd."; } ] ++ flip mapAttrsToList cfg.bridges (n: { rstp, ... }: { assertion = !rstp; message = "networking.bridges.${n}.rstp is not supported by networkd."; diff --git a/nixos/modules/tasks/network-interfaces.nix b/nixos/modules/tasks/network-interfaces.nix index 83d9854d3517..3f56419d2a6d 100644 --- a/nixos/modules/tasks/network-interfaces.nix +++ b/nixos/modules/tasks/network-interfaces.nix @@ -116,6 +116,28 @@ let }; }; + gatewayCoerce = address: { inherit address; }; + + gatewayOpts = { ... }: { + + options = { + + address = mkOption { + type = types.str; + description = "The default gateway address."; + }; + + interface = mkOption { + type = types.nullOr types.str; + default = null; + example = "enp0s3"; + description = "The default gateway interface."; + }; + + }; + + }; + interfaceOpts = { name, ... }: { options = { @@ -327,19 +349,27 @@ in networking.defaultGateway = mkOption { default = null; - example = "131.211.84.1"; - type = types.nullOr types.str; + example = { + address = "131.211.84.1"; + device = "enp3s0"; + }; + type = types.nullOr (types.coercedTo types.str gatewayCoerce (types.submodule gatewayOpts)); description = '' - The default gateway. It can be left empty if it is auto-detected through DHCP. + The default gateway. It can be left empty if it is auto-detected through DHCP. + It can be specified as a string or an option set along with a network interface. ''; }; networking.defaultGateway6 = mkOption { default = null; - example = "2001:4d0:1e04:895::1"; - type = types.nullOr types.str; + example = { + address = "2001:4d0:1e04:895::1"; + device = "enp3s0"; + }; + type = types.nullOr (types.coercedTo types.str gatewayCoerce (types.submodule gatewayOpts)); description = '' - The default ipv6 gateway. It can be left empty if it is auto-detected through DHCP. + The default ipv6 gateway. It can be left empty if it is auto-detected through DHCP. + It can be specified as a string or an option set along with a network interface. ''; }; |