From 2a88417f033cd9ac656a75e1f5734895f8a247d5 Mon Sep 17 00:00:00 2001 From: Joachim Schiele Date: Sat, 28 Feb 2015 15:30:06 +0100 Subject: nixos/doc: fix to: ~/.nix-defexpr wasn't created, fixes #6606 --- nixos/doc/manual/configuration/user-mgmt.xml | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'nixos/doc') diff --git a/nixos/doc/manual/configuration/user-mgmt.xml b/nixos/doc/manual/configuration/user-mgmt.xml index 40362fbbb23f..631742059278 100644 --- a/nixos/doc/manual/configuration/user-mgmt.xml +++ b/nixos/doc/manual/configuration/user-mgmt.xml @@ -65,6 +65,14 @@ account named alice: $ useradd -m alice +To make all nix tools available to this new user use `su - USER` which +opens a login shell (==shell that loads the profile) for given user. +This will create the ~/.nix-defexpr symlink. So run: + + +$ su - alice -c "true" + + The flag causes the creation of a home directory for the new user, which is generally what you want. The user does not have an initial password and therefore cannot log in. A password can -- cgit 1.4.1 From 15ea50733d781faa5035436dc356ddb62d52a840 Mon Sep 17 00:00:00 2001 From: Nikolay Amiantov Date: Thu, 21 Jan 2016 12:41:59 +0300 Subject: nixos changelog: mention ejabberd fixes --- nixos/doc/manual/release-notes/rl-unstable.xml | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'nixos/doc') diff --git a/nixos/doc/manual/release-notes/rl-unstable.xml b/nixos/doc/manual/release-notes/rl-unstable.xml index cd828dfc8887..3c0a4990a815 100644 --- a/nixos/doc/manual/release-notes/rl-unstable.xml +++ b/nixos/doc/manual/release-notes/rl-unstable.xml @@ -158,6 +158,11 @@ nginx.override { nix-shell (without installing anything). + + ejabberd module is brought back and now works on + NixOS. + + -- cgit 1.4.1 From 9fe72b34edc978c3a034419439f7ac0e110e175d Mon Sep 17 00:00:00 2001 From: Nikolay Amiantov Date: Thu, 21 Jan 2016 12:47:16 +0300 Subject: nixos changelog: mention postfix changes --- nixos/doc/manual/release-notes/rl-unstable.xml | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'nixos/doc') diff --git a/nixos/doc/manual/release-notes/rl-unstable.xml b/nixos/doc/manual/release-notes/rl-unstable.xml index 3c0a4990a815..6099b5218714 100644 --- a/nixos/doc/manual/release-notes/rl-unstable.xml +++ b/nixos/doc/manual/release-notes/rl-unstable.xml @@ -145,6 +145,15 @@ nginx.override { from the ELPA, MELPA, and MELPA Stable repositories. + + + Data directory for Postfix MTA server is moved from + /var/postfix to /var/lib/postfix. + Old configurations are migrated automatically. service.postfix + module has also received many improvements, such as correct directories' access + rights, new aliasFiles and mapFiles + options and more. + -- cgit 1.4.1 From 3ade072aade5ba4ce4a09ce286f4229070926f22 Mon Sep 17 00:00:00 2001 From: Nikolay Amiantov Date: Thu, 21 Jan 2016 12:38:03 +0300 Subject: nixos changelog: mention CUPS changes --- nixos/doc/manual/release-notes/rl-unstable.xml | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) (limited to 'nixos/doc') diff --git a/nixos/doc/manual/release-notes/rl-unstable.xml b/nixos/doc/manual/release-notes/rl-unstable.xml index cd828dfc8887..ffe8171171ac 100644 --- a/nixos/doc/manual/release-notes/rl-unstable.xml +++ b/nixos/doc/manual/release-notes/rl-unstable.xml @@ -145,6 +145,26 @@ nginx.override { from the ELPA, MELPA, and MELPA Stable repositories. + + + CUPS, installed by services.printing module, now + has its data directory in /var/lib/cups. Old + configurations from /etc/cups are moved there + automatically, but there might be problems. Also configuration options + services.printing.cupsdConf and + services.printing.cupsdFilesConf were removed + because they had been allowing one to override configuration variables + required for CUPS to work at all on NixOS. For most use cases, + services.printing.extraConf and new option + services.printing.extraFilesConf should be enough; + if you encounter a situation when they are not, please file a bug. + + There are also Gutenprint improvements; in particular, a new option + services.printing.gutenprint is added to enable automatic + updating of Gutenprint PPMs; it's greatly recommended to enable it instead + of adding gutenprint to the drivers list. + + -- cgit 1.4.1 From e6cd147ae7ae05900ec2ab8ad933bfac7428feac Mon Sep 17 00:00:00 2001 From: Ryan Artecona Date: Fri, 22 Jan 2016 14:22:12 -0500 Subject: nixos manual: allow options from nix packages --- nixos/doc/manual/default.nix | 26 +++++++++++++++++--------- 1 file changed, 17 insertions(+), 9 deletions(-) (limited to 'nixos/doc') diff --git a/nixos/doc/manual/default.nix b/nixos/doc/manual/default.nix index bd558dac971d..eb2ceb7fd021 100644 --- a/nixos/doc/manual/default.nix +++ b/nixos/doc/manual/default.nix @@ -1,4 +1,4 @@ -{ pkgs, options, version, revision }: +{ pkgs, options, version, revision, extraSources ? [] }: with pkgs; with pkgs.lib; @@ -17,19 +17,27 @@ let # Clean up declaration sites to not refer to the NixOS source tree. optionsList' = flip map optionsList (opt: opt // { - declarations = map (fn: stripPrefix fn) opt.declarations; + declarations = map (fn: stripAnyPrefixes fn) opt.declarations; } // optionalAttrs (opt ? example) { example = substFunction opt.example; } // optionalAttrs (opt ? default) { default = substFunction opt.default; } // optionalAttrs (opt ? type) { type = substFunction opt.type; }); - prefix = toString ../../..; - - stripPrefix = fn: - if substring 0 (stringLength prefix) fn == prefix then - substring (stringLength prefix + 1) 1000 fn - else - fn; + # We need to strip references to /nix/store/* from options, + # including any `extraSources` if some modules came from elsewhere, + # or else the build will fail. + # + # E.g. if some `options` came from modules in ${pkgs.customModules}/nix, + # you'd need to include `extraSources = [ "#{pkgs.customModules}" ]` + herePrefix = toString ../../..; + prefixesToStrip = [ herePrefix ] ++ extraSources; + + stripAnyPrefixes = fn: + flip (flip fold fn) prefixesToStrip (fn: prefix: + if substring 0 (stringLength prefix) fn == prefix then + substring (stringLength prefix + 1) 1000 fn + else + fn); # Convert the list of options into an XML file. optionsXML = builtins.toFile "options.xml" (builtins.toXML optionsList'); -- cgit 1.4.1 From e409d0fed3b5d50147b61b6d223d9aa272863485 Mon Sep 17 00:00:00 2001 From: Dan Peebles Date: Sat, 23 Jan 2016 20:44:30 +0000 Subject: nixos: update-locatedb - harden via systemd (#7220) Also, use systemd timers. Most of the work is by @thoughtpolice but I changed enough of it to warrant changing commit author. --- nixos/doc/manual/development/writing-modules.xml | 76 +++++++------- nixos/modules/misc/locate.nix | 127 ++++++++++++----------- 2 files changed, 107 insertions(+), 96 deletions(-) (limited to 'nixos/doc') diff --git a/nixos/doc/manual/development/writing-modules.xml b/nixos/doc/manual/development/writing-modules.xml index a699e74e5f62..971e586f20bd 100644 --- a/nixos/doc/manual/development/writing-modules.xml +++ b/nixos/doc/manual/development/writing-modules.xml @@ -107,12 +107,12 @@ the file system. This module declares two options that can be defined by other modules (typically the user’s configuration.nix): (whether the database should -be updated) and (when the +be updated) and (when the update should be done). It implements its functionality by defining two options declared by other modules: (the set of all systemd services) -and (the list of -commands to be executed periodically by cron). +and (the list of commands to be +executed periodically by systemd). NixOS Module for the “locate” Service @@ -120,53 +120,59 @@ commands to be executed periodically by cron). with lib; -let locatedb = "/var/cache/locatedb"; in - -{ - options = { - - services.locate = { - - enable = mkOption { - type = types.bool; - default = false; - description = '' - If enabled, NixOS will periodically update the database of - files used by the locate command. - ''; - }; - - period = mkOption { - type = types.str; - default = "15 02 * * *"; - description = '' - This option defines (in the format used by cron) when the - locate database is updated. The default is to update at - 02:15 at night every day. - ''; - }; +let + cfg = config.services.locate; +in { + options.services.locate = { + enable = mkOption { + type = types.bool; + default = false; + description = '' + If enabled, NixOS will periodically update the database of + files used by the locate command. + ''; + }; + interval = mkOption { + type = types.str; + default = "02:15"; + example = "hourly"; + description = '' + Update the locate database at this interval. Updates by + default at 2:15 AM every day. + + The format is described in + systemd.time + 7. + ''; }; + # Other options omitted for documentation }; config = { - systemd.services.update-locatedb = { description = "Update Locate Database"; path = [ pkgs.su ]; script = '' - mkdir -m 0755 -p $(dirname ${locatedb}) - exec updatedb --localuser=nobody --output=${locatedb} --prunepaths='/tmp /var/tmp /run' + mkdir -m 0755 -p $(dirname ${toString cfg.output}) + exec updatedb \ + --localuser=${cfg.localuser} \ + ${optionalString (!cfg.includeStore) "--prunepaths='/nix/store'"} \ + --output=${toString cfg.output} ${concatStringsSep " " cfg.extraFlags} ''; }; - services.cron.systemCronJobs = optional config.services.locate.enable - "${config.services.locate.period} root ${config.systemd.package}/bin/systemctl start update-locatedb.service"; - + systemd.timers.update-locatedb = mkIf cfg.enable + { description = "Update timer for locate database"; + partOf = [ "update-locatedb.service" ]; + wantedBy = [ "timers.target" ]; + timerConfig.OnCalendar = cfg.interval; + }; }; -} +} + diff --git a/nixos/modules/misc/locate.nix b/nixos/modules/misc/locate.nix index 4f9c8d4e5ba1..318b81ca07c2 100644 --- a/nixos/modules/misc/locate.nix +++ b/nixos/modules/misc/locate.nix @@ -1,76 +1,74 @@ -{ config, lib, pkgs, ... }: +{ config, options, lib, pkgs, ... }: with lib; let cfg = config.services.locate; in { + options.services.locate = { + enable = mkOption { + type = types.bool; + default = false; + description = '' + If enabled, NixOS will periodically update the database of + files used by the locate command. + ''; + }; - ###### interface - - options = { - - services.locate = { - - enable = mkOption { - type = types.bool; - default = false; - description = '' - If enabled, NixOS will periodically update the database of - files used by the locate command. - ''; - }; - - period = mkOption { - type = types.str; - default = "15 02 * * *"; - description = '' - This option defines (in the format used by cron) when the - locate database is updated. - The default is to update at 02:15 at night every day. - ''; - }; - - extraFlags = mkOption { - type = types.listOf types.str; - default = [ ]; - description = '' - Extra flags to pass to updatedb. - ''; - }; + interval = mkOption { + type = types.str; + default = "02:15"; + example = "hourly"; + description = '' + Update the locate database at this interval. Updates by + default at 2:15 AM every day. + + The format is described in + systemd.time + 7. + ''; + }; - output = mkOption { - type = types.path; - default = "/var/cache/locatedb"; - description = '' - The database file to build. - ''; - }; + # This is no longer supported, but we keep it to give a better warning below + period = mkOption { visible = false; }; - localuser = mkOption { - type = types.str; - default = "nobody"; - description = '' - The user to search non-network directories as, using - su. - ''; - }; + extraFlags = mkOption { + type = types.listOf types.str; + default = [ ]; + description = '' + Extra flags to pass to updatedb. + ''; + }; - includeStore = mkOption { - type = types.bool; - default = false; - description = '' - Whether to include /nix/store in the locate database. - ''; - }; + output = mkOption { + type = types.path; + default = "/var/cache/locatedb"; + description = '' + The database file to build. + ''; + }; + localuser = mkOption { + type = types.str; + default = "nobody"; + description = '' + The user to search non-network directories as, using + su. + ''; }; + includeStore = mkOption { + type = types.bool; + default = false; + description = '' + Whether to include /nix/store in the locate database. + ''; + }; }; - ###### implementation - config = { + warnings = let opt = options.services.locate.period; in optional opt.isDefined "The `period` definition in ${showFiles opt.files} has been removed; please replace it with `interval`, using the new systemd.time interval specifier."; + systemd.services.update-locatedb = { description = "Update Locate Database"; path = [ pkgs.su ]; @@ -84,11 +82,18 @@ in { ''; serviceConfig.Nice = 19; serviceConfig.IOSchedulingClass = "idle"; + serviceConfig.PrivateTmp = "yes"; + serviceConfig.PrivateNetwork = "yes"; + serviceConfig.NoNewPrivileges = "yes"; + serviceConfig.ReadOnlyDirectories = "/"; + serviceConfig.ReadWriteDirectories = cfg.output; }; - services.cron.systemCronJobs = optional config.services.locate.enable - "${config.services.locate.period} root ${config.systemd.package}/bin/systemctl start update-locatedb.service"; - + systemd.timers.update-locatedb = mkIf cfg.enable + { description = "Update timer for locate database"; + partOf = [ "update-locatedb.service" ]; + wantedBy = [ "timers.target" ]; + timerConfig.OnCalendar = cfg.interval; + }; }; - } -- cgit 1.4.1 From b52acfdf0178a3bd3cd3b359dc9dbc354992aff3 Mon Sep 17 00:00:00 2001 From: Nikolay Amiantov Date: Mon, 25 Jan 2016 02:57:28 +0300 Subject: nixos xserver: remove vaapiDrivers Use hardware.opengl.extraPackages instead. --- nixos/doc/manual/release-notes/rl-unstable.xml | 6 ++++++ nixos/modules/hardware/opengl.nix | 7 +++++-- nixos/modules/rename.nix | 1 + nixos/modules/services/x11/display-managers/default.nix | 9 --------- nixos/modules/services/x11/xserver.nix | 9 --------- 5 files changed, 12 insertions(+), 20 deletions(-) (limited to 'nixos/doc') diff --git a/nixos/doc/manual/release-notes/rl-unstable.xml b/nixos/doc/manual/release-notes/rl-unstable.xml index 092c2a788ed8..ffde542d4e18 100644 --- a/nixos/doc/manual/release-notes/rl-unstable.xml +++ b/nixos/doc/manual/release-notes/rl-unstable.xml @@ -174,6 +174,12 @@ nginx.override { of adding gutenprint to the drivers list. + + + services.xserver.vaapiDrivers has been removed. Use + services.hardware.opengl.extraPackages{,32} instead. You can + also specify VDPAU drivers there. + diff --git a/nixos/modules/hardware/opengl.nix b/nixos/modules/hardware/opengl.nix index fabdfad869cc..d3b146be6b33 100644 --- a/nixos/modules/hardware/opengl.nix +++ b/nixos/modules/hardware/opengl.nix @@ -93,18 +93,21 @@ in hardware.opengl.extraPackages = mkOption { type = types.listOf types.package; default = []; + example = literalExample "with pkgs; [ vaapiIntel libvdpau-va-gl vaapiVdpau ]"; description = '' - Additional packages to add to OpenGL drivers. + Additional packages to add to OpenGL drivers. This can be used + to add additional VA-API/VDPAU drivers. ''; }; hardware.opengl.extraPackages32 = mkOption { type = types.listOf types.package; default = []; + example = literalExample "with pkgs; [ vaapiIntel libvdpau-va-gl vaapiVdpau ]"; description = '' Additional packages to add to 32-bit OpenGL drivers on 64-bit systems. Used when is - set. + set. This can be used to add additional VA-API/VDPAU drivers. ''; }; diff --git a/nixos/modules/rename.nix b/nixos/modules/rename.nix index cc7557c06eb4..6e10b47f03cc 100644 --- a/nixos/modules/rename.nix +++ b/nixos/modules/rename.nix @@ -77,6 +77,7 @@ with lib; (mkRenamedOptionModule [ "services" "xserver" "driSupport32Bit" ] [ "hardware" "opengl" "driSupport32Bit" ]) (mkRenamedOptionModule [ "services" "xserver" "s3tcSupport" ] [ "hardware" "opengl" "s3tcSupport" ]) (mkRenamedOptionModule [ "hardware" "opengl" "videoDrivers" ] [ "services" "xserver" "videoDrivers" ]) + (mkRenamedOptionModule [ "services" "xserver" "vaapiDrivers" ] [ "hardware" "opengl" "extraPackages" ]) (mkRenamedOptionModule [ "services" "mysql55" ] [ "services" "mysql" ]) diff --git a/nixos/modules/services/x11/display-managers/default.nix b/nixos/modules/services/x11/display-managers/default.nix index bad99ccd8696..d7825400b5ae 100644 --- a/nixos/modules/services/x11/display-managers/default.nix +++ b/nixos/modules/services/x11/display-managers/default.nix @@ -16,13 +16,6 @@ let cfg = config.services.xserver; xorg = pkgs.xorg; - vaapiDrivers = pkgs.buildEnv { - name = "vaapi-drivers"; - paths = cfg.vaapiDrivers; - # We only want /lib/dri, but with a single input path, we need "/" for it to work - pathsToLink = [ "/" ]; - }; - fontconfig = config.fonts.fontconfig; xresourcesXft = pkgs.writeText "Xresources-Xft" '' ${optionalString (fontconfig.dpi != 0) ''Xft.dpi: ${toString fontconfig.dpi}''} @@ -107,8 +100,6 @@ let ${xorg.xrdb}/bin/xrdb -merge ~/.Xdefaults fi - export LIBVA_DRIVERS_PATH=${vaapiDrivers}/lib/dri - # Speed up application start by 50-150ms according to # http://kdemonkey.blogspot.nl/2008/04/magic-trick.html rm -rf $HOME/.compose-cache diff --git a/nixos/modules/services/x11/xserver.nix b/nixos/modules/services/x11/xserver.nix index 68745ba8197a..653c97d7e6fa 100644 --- a/nixos/modules/services/x11/xserver.nix +++ b/nixos/modules/services/x11/xserver.nix @@ -216,15 +216,6 @@ in ''; }; - vaapiDrivers = mkOption { - type = types.listOf types.path; - default = [ ]; - example = literalExample "[ pkgs.vaapiIntel pkgs.vaapiVdpau ]"; - description = '' - Packages providing libva acceleration drivers. - ''; - }; - startGnuPGAgent = mkOption { type = types.bool; default = false; -- cgit 1.4.1