From aa46904490cadc55817ec32695c484026ddf3e15 Mon Sep 17 00:00:00 2001 From: Arnold Krille Date: Sat, 30 Jan 2016 23:00:39 +0100 Subject: containers: Add a hostbridge and ipv6 addresses This allows the containers to have their interface in a bridge on the host. Also this adds IPv6 addresses to the containers both with bridged and unbridged network. --- nixos/modules/virtualisation/containers.nix | 100 ++++++++++++++++++++++------ 1 file changed, 81 insertions(+), 19 deletions(-) (limited to 'nixos') diff --git a/nixos/modules/virtualisation/containers.nix b/nixos/modules/virtualisation/containers.nix index 121ecbc9bf2c..4c20ee27de2c 100644 --- a/nixos/modules/virtualisation/containers.nix +++ b/nixos/modules/virtualisation/containers.nix @@ -28,14 +28,23 @@ let # Initialise the container side of the veth pair. if [ "$PRIVATE_NETWORK" = 1 ]; then + ip link set host0 name eth0 ip link set dev eth0 up + + if [ -n "$LOCAL_ADDRESS" ]; then + ip addr add $LOCAL_ADDRESS dev eth0 + fi + if [ -n "$LOCAL_ADDRESS6" ]; then + ip -6 addr add $LOCAL_ADDRESS6 dev eth0 + fi if [ -n "$HOST_ADDRESS" ]; then ip route add $HOST_ADDRESS dev eth0 ip route add default via $HOST_ADDRESS fi - if [ -n "$LOCAL_ADDRESS" ]; then - ip addr add $LOCAL_ADDRESS dev eth0 + if [ -n "$HOST_ADDRESS6" ]; then + ip -6 route add $HOST_ADDRESS6 dev eth0 + ip -6 route add default via $HOST_ADDRESS6 fi fi @@ -48,7 +57,7 @@ let system = config.nixpkgs.system; bindMountOpts = { name, config, ... }: { - + options = { mountPoint = mkOption { example = "/mnt/usb"; @@ -68,13 +77,13 @@ let description = "Determine whether the mounted path will be accessed in read-only mode."; }; }; - + config = { mountPoint = mkDefault name; }; - + }; - + mkBindFlag = d: let flagPrefix = if d.isReadOnly then " --bind-ro=" else " --bind="; mountstr = if d.hostPath != null then "${d.hostPath}:${d.mountPoint}" else "${d.mountPoint}"; @@ -142,12 +151,33 @@ in ''; }; + hostBridge = mkOption { + type = types.nullOr types.string; + default = null; + example = "br0"; + description = '' + Put the host-side of the veth-pair into the named bridge. + Only one of hostAddress* or hostBridge can be given. + ''; + }; + hostAddress = mkOption { type = types.nullOr types.str; default = null; example = "10.231.136.1"; description = '' The IPv4 address assigned to the host interface. + (Not used when hostBridge is set.) + ''; + }; + + hostAddress6 = mkOption { + type = types.nullOr types.string; + default = null; + example = "fc00::1"; + description = '' + The IPv6 address assigned to the host interface. + (Not used when hostBridge is set.) ''; }; @@ -161,6 +191,16 @@ in ''; }; + localAddress6 = mkOption { + type = types.nullOr types.string; + default = null; + example = "fc00::2"; + description = '' + The IPv6 address assigned to eth0 + in the container. + ''; + }; + interfaces = mkOption { type = types.listOf types.string; default = []; @@ -185,7 +225,7 @@ in example = { "/home" = { hostPath = "/home/alice"; isReadOnly = false; }; }; - + description = '' An extra list of directories that is bound to the container. @@ -257,11 +297,7 @@ in if [ "$PRIVATE_NETWORK" = 1 ]; then ip link del dev "ve-$INSTANCE" 2> /dev/null || true - fi - - - if [ "$PRIVATE_NETWORK" = 1 ]; then - ip link del dev "ve-$INSTANCE" 2> /dev/null || true + ip link del dev "vb-$INSTANCE" 2> /dev/null || true fi ''; @@ -281,6 +317,9 @@ in if [ "$PRIVATE_NETWORK" = 1 ]; then extraFlags+=" --network-veth" + if [ -n "$HOST_BRIDGE" ]; then + extraFlags+=" --network-bridge=$HOST_BRIDGE" + fi fi for iface in $INTERFACES; do @@ -315,8 +354,11 @@ in --bind="/nix/var/nix/profiles/per-container/$INSTANCE:/nix/var/nix/profiles" \ --bind="/nix/var/nix/gcroots/per-container/$INSTANCE:/nix/var/nix/gcroots" \ --setenv PRIVATE_NETWORK="$PRIVATE_NETWORK" \ + --setenv HOST_BRIDGE="$HOST_BRIDGE" \ --setenv HOST_ADDRESS="$HOST_ADDRESS" \ --setenv LOCAL_ADDRESS="$LOCAL_ADDRESS" \ + --setenv HOST_ADDRESS6="$HOST_ADDRESS6" \ + --setenv LOCAL_ADDRESS6="$LOCAL_ADDRESS6" \ --setenv PATH="$PATH" \ ${containerInit} "''${SYSTEM_PATH:-/nix/var/nix/profiles/system}/init" ''; @@ -324,13 +366,21 @@ in postStart = '' if [ "$PRIVATE_NETWORK" = 1 ]; then - ifaceHost=ve-$INSTANCE - ip link set dev $ifaceHost up - if [ -n "$HOST_ADDRESS" ]; then - ip addr add $HOST_ADDRESS dev $ifaceHost - fi - if [ -n "$LOCAL_ADDRESS" ]; then - ip route add $LOCAL_ADDRESS dev $ifaceHost + if [ -z "$HOST_BRIDGE" ]; then + ifaceHost=ve-$INSTANCE + ip link set dev $ifaceHost up + if [ -n "$HOST_ADDRESS" ]; then + ip addr add $HOST_ADDRESS dev $ifaceHost + fi + if [ -n "$HOST_ADDRESS6" ]; then + ip -6 addr add $HOST_ADDRESS6 dev $ifaceHost + fi + if [ -n "$LOCAL_ADDRESS" ]; then + ip route add $LOCAL_ADDRESS dev $ifaceHost + fi + if [ -n "$LOCAL_ADDRESS6" ]; then + ip -6 route add $LOCAL_ADDRESS6 dev $ifaceHost + fi fi fi @@ -353,6 +403,9 @@ in restartIfChanged = false; #reloadIfChanged = true; # FIXME + wants = [ "netwprk.target" ]; + after = [ "network.target" ]; + serviceConfig = { ExecReload = pkgs.writeScript "reload-container" '' @@ -396,12 +449,21 @@ in SYSTEM_PATH=${cfg.path} ${optionalString cfg.privateNetwork '' PRIVATE_NETWORK=1 + ${optionalString (cfg.hostBridge != null) '' + HOST_BRIDGE=${cfg.hostBridge} + ''} ${optionalString (cfg.hostAddress != null) '' HOST_ADDRESS=${cfg.hostAddress} ''} + ${optionalString (cfg.hostAddress6 != null) '' + HOST_ADDRESS6=${cfg.hostAddress6} + ''} ${optionalString (cfg.localAddress != null) '' LOCAL_ADDRESS=${cfg.localAddress} ''} + ${optionalString (cfg.localAddress6 != null) '' + LOCAL_ADDRESS6=${cfg.localAddress6} + ''} ''} INTERFACES="${toString cfg.interfaces}" ${optionalString cfg.autoStart '' -- cgit 1.4.1 From 3b31c52d4b2784de33280feb9949f2ab8241ac50 Mon Sep 17 00:00:00 2001 From: Arnold Krille Date: Sun, 31 Jan 2016 21:45:05 +0100 Subject: containers: Add more tests for ipv6 and hostbridge MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit A testcase each for - declarative ipv6-only container Seems odd to define the container IPs with their prefix length attached. There should be a better way… - declarative bridged container Also fix the ping test by waiting for the container to start When the ping was executed, the container might not have finished starting. Or the host-side of the container wasn't finished with config. Waiting for 2 seconds in between fixes this. --- nixos/release.nix | 2 + nixos/tests/containers-bridge.nix | 81 +++++++++++++++++++++++++++++++++++++++ nixos/tests/containers-ipv6.nix | 61 +++++++++++++++++++++++++++++ nixos/tests/containers.nix | 5 ++- 4 files changed, 148 insertions(+), 1 deletion(-) create mode 100644 nixos/tests/containers-bridge.nix create mode 100644 nixos/tests/containers-ipv6.nix (limited to 'nixos') diff --git a/nixos/release.nix b/nixos/release.nix index 8a01b2685a78..2dc1b21daaf7 100644 --- a/nixos/release.nix +++ b/nixos/release.nix @@ -200,6 +200,8 @@ in rec { tests.chromium = callSubTests tests/chromium.nix {}; tests.cjdns = callTest tests/cjdns.nix {}; tests.containers = callTest tests/containers.nix {}; + tests.containers-ipv6 = callTest tests/containers-ipv6.nix {}; + tests.containers-bridge = callTest tests/containers-bridge.nix {}; tests.docker = hydraJob (import tests/docker.nix { system = "x86_64-linux"; }); tests.dockerRegistry = hydraJob (import tests/docker-registry.nix { system = "x86_64-linux"; }); tests.dnscrypt-proxy = callTest tests/dnscrypt-proxy.nix { system = "x86_64-linux"; }; diff --git a/nixos/tests/containers-bridge.nix b/nixos/tests/containers-bridge.nix new file mode 100644 index 000000000000..8c3340b60a7c --- /dev/null +++ b/nixos/tests/containers-bridge.nix @@ -0,0 +1,81 @@ +# Test for NixOS' container support. + +let + hostIp = "192.168.0.1"; + containerIp = "192.168.0.100/24"; + hostIp6 = "fc00::1"; + containerIp6 = "fc00::2/7"; +in + +import ./make-test.nix ({ pkgs, ...} : { + name = "containers-bridge"; + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ aristid aszlig eelco chaoflow ]; + }; + + machine = + { config, pkgs, ... }: + { imports = [ ../modules/installer/cd-dvd/channel.nix ]; + virtualisation.writableStore = true; + virtualisation.memorySize = 768; + + networking.bridges = { + br0 = { + interfaces = []; + }; + }; + networking.interfaces = { + br0 = { + ip4 = [{ address = hostIp; prefixLength = 24; }]; + ip6 = [{ address = hostIp6; prefixLength = 7; }]; + }; + }; + + containers.webserver = + { + autoStart = true; + privateNetwork = true; + hostBridge = "br0"; + localAddress = containerIp; + localAddress6 = containerIp6; + config = + { services.httpd.enable = true; + services.httpd.adminAddr = "foo@example.org"; + networking.firewall.allowedTCPPorts = [ 80 ]; + networking.firewall.allowPing = true; + }; + }; + + virtualisation.pathsInNixDB = [ pkgs.stdenv ]; + }; + + testScript = + '' + $machine->waitForUnit("default.target"); + $machine->succeed("nixos-container list") =~ /webserver/ or die; + + # Start the webserver container. + $machine->succeed("nixos-container status webserver") =~ /up/ or die; + + "${containerIp}" =~ /([^\/]+)\/([0-9+])/; + my $ip = $1; + chomp $ip; + $machine->succeed("ping -n -c 1 $ip"); + $machine->succeed("curl --fail http://$ip/ > /dev/null"); + + "${containerIp6}" =~ /([^\/]+)\/([0-9+])/; + my $ip6 = $1; + chomp $ip6; + $machine->succeed("ping6 -n -c 1 $ip6"); + $machine->succeed("curl --fail http://[$ip6]/ > /dev/null"); + + # Stop the container. + $machine->succeed("nixos-container stop webserver"); + $machine->fail("curl --fail --connect-timeout 2 http://$ip/ > /dev/null"); + $machine->fail("curl --fail --connect-timeout 2 http://[$ip6]/ > /dev/null"); + + # Destroying a declarative container should fail. + $machine->fail("nixos-container destroy webserver"); + ''; + +}) diff --git a/nixos/tests/containers-ipv6.nix b/nixos/tests/containers-ipv6.nix new file mode 100644 index 000000000000..0c1b8e88564d --- /dev/null +++ b/nixos/tests/containers-ipv6.nix @@ -0,0 +1,61 @@ +# Test for NixOS' container support. + +let + hostIp = "fc00::2"; + localIp = "fc00::1"; +in + +import ./make-test.nix ({ pkgs, ...} : { + name = "containers-ipv6"; + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ aristid aszlig eelco chaoflow ]; + }; + + machine = + { config, pkgs, ... }: + { imports = [ ../modules/installer/cd-dvd/channel.nix ]; + virtualisation.writableStore = true; + virtualisation.memorySize = 768; + + containers.webserver = + { privateNetwork = true; + hostAddress6 = hostIp; + localAddress6 = localIp; + config = + { services.httpd.enable = true; + services.httpd.adminAddr = "foo@example.org"; + networking.firewall.allowedTCPPorts = [ 80 ]; + networking.firewall.allowPing = true; + }; + }; + + virtualisation.pathsInNixDB = [ pkgs.stdenv ]; + }; + + testScript = + '' + $machine->waitForUnit("default.target"); + $machine->succeed("nixos-container list") =~ /webserver/ or die; + + # Start the webserver container. + $machine->succeed("nixos-container start webserver"); + + # wait two seconds for the container to start and the network to be up + sleep 2; + + # Since "start" returns after the container has reached + # multi-user.target, we should now be able to access it. + my $ip = "${localIp}"; + chomp $ip; + $machine->succeed("ping6 -n -c 1 $ip"); + $machine->succeed("curl --fail http://[$ip]/ > /dev/null"); + + # Stop the container. + $machine->succeed("nixos-container stop webserver"); + $machine->fail("curl --fail --connect-timeout 2 http://[$ip]/ > /dev/null"); + + # Destroying a declarative container should fail. + $machine->fail("nixos-container destroy webserver"); + ''; + +}) diff --git a/nixos/tests/containers.nix b/nixos/tests/containers.nix index ce36a7e0588f..108feba0891a 100644 --- a/nixos/tests/containers.nix +++ b/nixos/tests/containers.nix @@ -34,11 +34,14 @@ import ./make-test.nix ({ pkgs, ...} : { # Start the webserver container. $machine->succeed("nixos-container start webserver"); + # wait two seconds for the container to start and the network to be up + sleep 2; + # Since "start" returns after the container has reached # multi-user.target, we should now be able to access it. my $ip = $machine->succeed("nixos-container show-ip webserver"); chomp $ip; - #$machine->succeed("ping -c1 $ip"); # FIXME + $machine->succeed("ping -n -c1 $ip"); $machine->succeed("curl --fail http://$ip/ > /dev/null"); # Stop the container. -- cgit 1.4.1 From 2d6a2b41313464ba82297c4f6e86c7026c7d132e Mon Sep 17 00:00:00 2001 From: Arnold Krille Date: Fri, 18 Mar 2016 15:29:45 +0100 Subject: containers tests: Distinguish declarative and imperative containers --- nixos/release.nix | 3 +- nixos/tests/containers-imperative.nix | 87 ++++++++++++++++++++++++ nixos/tests/containers-ipv4.nix | 55 +++++++++++++++ nixos/tests/containers.nix | 122 ---------------------------------- 4 files changed, 144 insertions(+), 123 deletions(-) create mode 100644 nixos/tests/containers-imperative.nix create mode 100644 nixos/tests/containers-ipv4.nix delete mode 100644 nixos/tests/containers.nix (limited to 'nixos') diff --git a/nixos/release.nix b/nixos/release.nix index 2dc1b21daaf7..7ef4ca8f934b 100644 --- a/nixos/release.nix +++ b/nixos/release.nix @@ -199,9 +199,10 @@ in rec { tests.cadvisor = hydraJob (import tests/cadvisor.nix { system = "x86_64-linux"; }); tests.chromium = callSubTests tests/chromium.nix {}; tests.cjdns = callTest tests/cjdns.nix {}; - tests.containers = callTest tests/containers.nix {}; + tests.containers-ipv4 = callTest tests/containers-ipv4.nix {}; tests.containers-ipv6 = callTest tests/containers-ipv6.nix {}; tests.containers-bridge = callTest tests/containers-bridge.nix {}; + tests.containers-imperative = callTest tests/containers-imperative.nix {}; tests.docker = hydraJob (import tests/docker.nix { system = "x86_64-linux"; }); tests.dockerRegistry = hydraJob (import tests/docker-registry.nix { system = "x86_64-linux"; }); tests.dnscrypt-proxy = callTest tests/dnscrypt-proxy.nix { system = "x86_64-linux"; }; diff --git a/nixos/tests/containers-imperative.nix b/nixos/tests/containers-imperative.nix new file mode 100644 index 000000000000..8d100fedf78c --- /dev/null +++ b/nixos/tests/containers-imperative.nix @@ -0,0 +1,87 @@ +# Test for NixOS' container support. + +import ./make-test.nix ({ pkgs, ...} : { + name = "containers-imperative"; + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ aristid aszlig eelco chaoflow ]; + }; + + machine = + { config, pkgs, ... }: + { imports = [ ../modules/installer/cd-dvd/channel.nix ]; + virtualisation.writableStore = true; + virtualisation.memorySize = 768; + virtualisation.pathsInNixDB = [ pkgs.stdenv ]; + }; + + testScript = + '' + # Make sure we have a NixOS tree (required by ‘nixos-container create’). + $machine->succeed("PAGER=cat nix-env -qa -A nixos.hello >&2"); + + # Create some containers imperatively. + my $id1 = $machine->succeed("nixos-container create foo --ensure-unique-name"); + chomp $id1; + $machine->log("created container $id1"); + + my $id2 = $machine->succeed("nixos-container create foo --ensure-unique-name"); + chomp $id2; + $machine->log("created container $id2"); + + die if $id1 eq $id2; + + # Put the root of $id2 into a bind mount. + $machine->succeed( + "mv /var/lib/containers/$id2 /id2-bindmount", + "mount --bind /id2-bindmount /var/lib/containers/$id1" + ); + + my $ip1 = $machine->succeed("nixos-container show-ip $id1"); + chomp $ip1; + my $ip2 = $machine->succeed("nixos-container show-ip $id2"); + chomp $ip2; + die if $ip1 eq $ip2; + + # Create a directory and a file we can later check if it still exists + # after destruction of the container. + $machine->succeed( + "mkdir /nested-bindmount", + "echo important data > /nested-bindmount/dummy", + ); + + # Create a directory with a dummy file and bind-mount it into both + # containers. + foreach ($id1, $id2) { + my $importantPath = "/var/lib/containers/$_/very/important/data"; + $machine->succeed( + "mkdir -p $importantPath", + "mount --bind /nested-bindmount $importantPath" + ); + } + + # Start one of them. + $machine->succeed("nixos-container start $id1"); + + # Execute commands via the root shell. + $machine->succeed("nixos-container run $id1 -- uname") =~ /Linux/ or die; + + # Stop and start (regression test for #4989) + $machine->succeed("nixos-container stop $id1"); + $machine->succeed("nixos-container start $id1"); + + # Execute commands via the root shell. + $machine->succeed("nixos-container run $id1 -- uname") =~ /Linux/ or die; + + # Destroy the containers. + $machine->succeed("nixos-container destroy $id1"); + $machine->succeed("nixos-container destroy $id2"); + + $machine->succeed( + # Check whether destruction of any container has killed important data + "grep -qF 'important data' /nested-bindmount/dummy", + # Ensure that the container path is gone + "test ! -e /var/lib/containers/$id1" + ); + ''; + +}) diff --git a/nixos/tests/containers-ipv4.nix b/nixos/tests/containers-ipv4.nix new file mode 100644 index 000000000000..8f1ab40221a8 --- /dev/null +++ b/nixos/tests/containers-ipv4.nix @@ -0,0 +1,55 @@ +# Test for NixOS' container support. + +import ./make-test.nix ({ pkgs, ...} : { + name = "containers-ipv4"; + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ aristid aszlig eelco chaoflow ]; + }; + + machine = + { config, pkgs, ... }: + { imports = [ ../modules/installer/cd-dvd/channel.nix ]; + virtualisation.writableStore = true; + virtualisation.memorySize = 768; + + containers.webserver = + { privateNetwork = true; + hostAddress = "10.231.136.1"; + localAddress = "10.231.136.2"; + config = + { services.httpd.enable = true; + services.httpd.adminAddr = "foo@example.org"; + networking.firewall.allowedTCPPorts = [ 80 ]; + networking.firewall.allowPing = true; + }; + }; + + virtualisation.pathsInNixDB = [ pkgs.stdenv ]; + }; + + testScript = + '' + $machine->succeed("nixos-container list") =~ /webserver/ or die; + + # Start the webserver container. + $machine->succeed("nixos-container start webserver"); + + # wait two seconds for the container to start and the network to be up + sleep 2; + + # Since "start" returns after the container has reached + # multi-user.target, we should now be able to access it. + my $ip = $machine->succeed("nixos-container show-ip webserver"); + chomp $ip; + $machine->succeed("ping -n -c1 $ip"); + $machine->succeed("curl --fail http://$ip/ > /dev/null"); + + # Stop the container. + $machine->succeed("nixos-container stop webserver"); + $machine->fail("curl --fail --connect-timeout 2 http://$ip/ > /dev/null"); + + # Destroying a declarative container should fail. + $machine->fail("nixos-container destroy webserver"); + ''; + +}) diff --git a/nixos/tests/containers.nix b/nixos/tests/containers.nix deleted file mode 100644 index 108feba0891a..000000000000 --- a/nixos/tests/containers.nix +++ /dev/null @@ -1,122 +0,0 @@ -# Test for NixOS' container support. - -import ./make-test.nix ({ pkgs, ...} : { - name = "containers"; - meta = with pkgs.stdenv.lib.maintainers; { - maintainers = [ aristid aszlig eelco chaoflow ]; - }; - - machine = - { config, pkgs, ... }: - { imports = [ ../modules/installer/cd-dvd/channel.nix ]; - virtualisation.writableStore = true; - virtualisation.memorySize = 768; - - containers.webserver = - { privateNetwork = true; - hostAddress = "10.231.136.1"; - localAddress = "10.231.136.2"; - config = - { services.httpd.enable = true; - services.httpd.adminAddr = "foo@example.org"; - networking.firewall.allowedTCPPorts = [ 80 ]; - networking.firewall.allowPing = true; - }; - }; - - virtualisation.pathsInNixDB = [ pkgs.stdenv ]; - }; - - testScript = - '' - $machine->succeed("nixos-container list") =~ /webserver/ or die; - - # Start the webserver container. - $machine->succeed("nixos-container start webserver"); - - # wait two seconds for the container to start and the network to be up - sleep 2; - - # Since "start" returns after the container has reached - # multi-user.target, we should now be able to access it. - my $ip = $machine->succeed("nixos-container show-ip webserver"); - chomp $ip; - $machine->succeed("ping -n -c1 $ip"); - $machine->succeed("curl --fail http://$ip/ > /dev/null"); - - # Stop the container. - $machine->succeed("nixos-container stop webserver"); - $machine->fail("curl --fail --connect-timeout 2 http://$ip/ > /dev/null"); - - # Make sure we have a NixOS tree (required by ‘nixos-container create’). - $machine->succeed("PAGER=cat nix-env -qa -A nixos.hello >&2"); - - # Create some containers imperatively. - my $id1 = $machine->succeed("nixos-container create foo --ensure-unique-name"); - chomp $id1; - $machine->log("created container $id1"); - - my $id2 = $machine->succeed("nixos-container create foo --ensure-unique-name"); - chomp $id2; - $machine->log("created container $id2"); - - die if $id1 eq $id2; - - # Put the root of $id2 into a bind mount. - $machine->succeed( - "mv /var/lib/containers/$id2 /id2-bindmount", - "mount --bind /id2-bindmount /var/lib/containers/$id1" - ); - - my $ip1 = $machine->succeed("nixos-container show-ip $id1"); - chomp $ip1; - my $ip2 = $machine->succeed("nixos-container show-ip $id2"); - chomp $ip2; - die if $ip1 eq $ip2; - - # Create a directory and a file we can later check if it still exists - # after destruction of the container. - $machine->succeed( - "mkdir /nested-bindmount", - "echo important data > /nested-bindmount/dummy", - ); - - # Create a directory with a dummy file and bind-mount it into both - # containers. - foreach ($id1, $id2) { - my $importantPath = "/var/lib/containers/$_/very/important/data"; - $machine->succeed( - "mkdir -p $importantPath", - "mount --bind /nested-bindmount $importantPath" - ); - } - - # Start one of them. - $machine->succeed("nixos-container start $id1"); - - # Execute commands via the root shell. - $machine->succeed("nixos-container run $id1 -- uname") =~ /Linux/ or die; - - # Stop and start (regression test for #4989) - $machine->succeed("nixos-container stop $id1"); - $machine->succeed("nixos-container start $id1"); - - # Execute commands via the root shell. - $machine->succeed("nixos-container run $id1 -- uname") =~ /Linux/ or die; - - # Destroy the containers. - $machine->succeed("nixos-container destroy $id1"); - $machine->succeed("nixos-container destroy $id2"); - - $machine->succeed( - # Check whether destruction of any container has killed important data - "grep -qF 'important data' /nested-bindmount/dummy", - # Ensure that the container path is gone - "test ! -e /var/lib/containers/$id1" - ); - - # Destroying a declarative container should fail. - $machine->fail("nixos-container destroy webserver"); - ''; - -}) -- cgit 1.4.1 From 3c819f28f57ee1485f15faf917f2fc6a861a6883 Mon Sep 17 00:00:00 2001 From: Arnold Krille Date: Sat, 2 Apr 2016 17:03:30 +0200 Subject: containers: Make declarative containers real systemd services Without the templating (which is still present for imperative containers), it will be possible to set individual dependencies. Like depending on the network only if the hostbridge or hardware interfaces are used. Ported from #3021 --- nixos/modules/virtualisation/containers.nix | 307 +++++++++++++--------------- 1 file changed, 147 insertions(+), 160 deletions(-) (limited to 'nixos') diff --git a/nixos/modules/virtualisation/containers.nix b/nixos/modules/virtualisation/containers.nix index 4c20ee27de2c..fca21a8610be 100644 --- a/nixos/modules/virtualisation/containers.nix +++ b/nixos/modules/virtualisation/containers.nix @@ -278,167 +278,180 @@ in }; - config = mkIf (config.boot.enableContainers) { + config = mkIf (config.boot.enableContainers) (let - systemd.services."container@" = - { description = "Container '%i'"; + unit = { + description = "Container '%i'"; - unitConfig.RequiresMountsFor = [ "/var/lib/containers/%i" ]; + unitConfig.RequiresMountsFor = [ "/var/lib/containers/%i" ]; - path = [ pkgs.iproute ]; + path = [ pkgs.iproute ]; - environment.INSTANCE = "%i"; - environment.root = "/var/lib/containers/%i"; + environment.INSTANCE = "%i"; + environment.root = "/var/lib/containers/%i"; - preStart = - '' - # Clean up existing machined registration and interfaces. - machinectl terminate "$INSTANCE" 2> /dev/null || true + preStart = + '' + # Clean up existing machined registration and interfaces. + machinectl terminate "$INSTANCE" 2> /dev/null || true - if [ "$PRIVATE_NETWORK" = 1 ]; then - ip link del dev "ve-$INSTANCE" 2> /dev/null || true - ip link del dev "vb-$INSTANCE" 2> /dev/null || true - fi - ''; + if [ "$PRIVATE_NETWORK" = 1 ]; then + ip link del dev "ve-$INSTANCE" 2> /dev/null || true + ip link del dev "vb-$INSTANCE" 2> /dev/null || true + fi + ''; - script = - '' - mkdir -p -m 0755 "$root/etc" "$root/var/lib" - mkdir -p -m 0700 "$root/var/lib/private" "$root/root" /run/containers - if ! [ -e "$root/etc/os-release" ]; then - touch "$root/etc/os-release" + script = + '' + mkdir -p -m 0755 "$root/etc" "$root/var/lib" + mkdir -p -m 0700 "$root/var/lib/private" "$root/root" /run/containers + if ! [ -e "$root/etc/os-release" ]; then + touch "$root/etc/os-release" + fi + + mkdir -p -m 0755 \ + "/nix/var/nix/profiles/per-container/$INSTANCE" \ + "/nix/var/nix/gcroots/per-container/$INSTANCE" + + cp --remove-destination /etc/resolv.conf "$root/etc/resolv.conf" + + if [ "$PRIVATE_NETWORK" = 1 ]; then + extraFlags+=" --network-veth" + if [ -n "$HOST_BRIDGE" ]; then + extraFlags+=" --network-bridge=$HOST_BRIDGE" fi + fi - mkdir -p -m 0755 \ - "/nix/var/nix/profiles/per-container/$INSTANCE" \ - "/nix/var/nix/gcroots/per-container/$INSTANCE" + for iface in $INTERFACES; do + extraFlags+=" --network-interface=$iface" + done - cp --remove-destination /etc/resolv.conf "$root/etc/resolv.conf" + for iface in $MACVLANS; do + extraFlags+=" --network-macvlan=$iface" + done - if [ "$PRIVATE_NETWORK" = 1 ]; then - extraFlags+=" --network-veth" - if [ -n "$HOST_BRIDGE" ]; then - extraFlags+=" --network-bridge=$HOST_BRIDGE" - fi + # If the host is 64-bit and the container is 32-bit, add a + # --personality flag. + ${optionalString (config.nixpkgs.system == "x86_64-linux") '' + if [ "$(< ''${SYSTEM_PATH:-/nix/var/nix/profiles/per-container/$INSTANCE/system}/system)" = i686-linux ]; then + extraFlags+=" --personality=x86" fi + ''} + + + + # Run systemd-nspawn without startup notification (we'll + # wait for the container systemd to signal readiness). + EXIT_ON_REBOOT=1 NOTIFY_SOCKET= \ + exec ${config.systemd.package}/bin/systemd-nspawn \ + --keep-unit \ + -M "$INSTANCE" -D "$root" $extraFlags \ + $EXTRA_NSPAWN_FLAGS \ + --bind-ro=/nix/store \ + --bind-ro=/nix/var/nix/db \ + --bind-ro=/nix/var/nix/daemon-socket \ + --bind=/run/systemd/notify:/var/lib/private/host-notify \ + --bind="/nix/var/nix/profiles/per-container/$INSTANCE:/nix/var/nix/profiles" \ + --bind="/nix/var/nix/gcroots/per-container/$INSTANCE:/nix/var/nix/gcroots" \ + --setenv PRIVATE_NETWORK="$PRIVATE_NETWORK" \ + --setenv HOST_BRIDGE="$HOST_BRIDGE" \ + --setenv HOST_ADDRESS="$HOST_ADDRESS" \ + --setenv LOCAL_ADDRESS="$LOCAL_ADDRESS" \ + --setenv HOST_ADDRESS6="$HOST_ADDRESS6" \ + --setenv LOCAL_ADDRESS6="$LOCAL_ADDRESS6" \ + --setenv PATH="$PATH" \ + ${containerInit} "''${SYSTEM_PATH:-/nix/var/nix/profiles/system}/init" + ''; - for iface in $INTERFACES; do - extraFlags+=" --network-interface=$iface" - done - - for iface in $MACVLANS; do - extraFlags+=" --network-macvlan=$iface" - done - - # If the host is 64-bit and the container is 32-bit, add a - # --personality flag. - ${optionalString (config.nixpkgs.system == "x86_64-linux") '' - if [ "$(< ''${SYSTEM_PATH:-/nix/var/nix/profiles/per-container/$INSTANCE/system}/system)" = i686-linux ]; then - extraFlags+=" --personality=x86" + postStart = + '' + if [ "$PRIVATE_NETWORK" = 1 ]; then + if [ -z "$HOST_BRIDGE" ]; then + ifaceHost=ve-$INSTANCE + ip link set dev $ifaceHost up + if [ -n "$HOST_ADDRESS" ]; then + ip addr add $HOST_ADDRESS dev $ifaceHost fi - ''} - - - - # Run systemd-nspawn without startup notification (we'll - # wait for the container systemd to signal readiness). - EXIT_ON_REBOOT=1 NOTIFY_SOCKET= \ - exec ${config.systemd.package}/bin/systemd-nspawn \ - --keep-unit \ - -M "$INSTANCE" -D "$root" $extraFlags \ - $EXTRA_NSPAWN_FLAGS \ - --bind-ro=/nix/store \ - --bind-ro=/nix/var/nix/db \ - --bind-ro=/nix/var/nix/daemon-socket \ - --bind=/run/systemd/notify:/var/lib/private/host-notify \ - --bind="/nix/var/nix/profiles/per-container/$INSTANCE:/nix/var/nix/profiles" \ - --bind="/nix/var/nix/gcroots/per-container/$INSTANCE:/nix/var/nix/gcroots" \ - --setenv PRIVATE_NETWORK="$PRIVATE_NETWORK" \ - --setenv HOST_BRIDGE="$HOST_BRIDGE" \ - --setenv HOST_ADDRESS="$HOST_ADDRESS" \ - --setenv LOCAL_ADDRESS="$LOCAL_ADDRESS" \ - --setenv HOST_ADDRESS6="$HOST_ADDRESS6" \ - --setenv LOCAL_ADDRESS6="$LOCAL_ADDRESS6" \ - --setenv PATH="$PATH" \ - ${containerInit} "''${SYSTEM_PATH:-/nix/var/nix/profiles/system}/init" - ''; - - postStart = - '' - if [ "$PRIVATE_NETWORK" = 1 ]; then - if [ -z "$HOST_BRIDGE" ]; then - ifaceHost=ve-$INSTANCE - ip link set dev $ifaceHost up - if [ -n "$HOST_ADDRESS" ]; then - ip addr add $HOST_ADDRESS dev $ifaceHost - fi - if [ -n "$HOST_ADDRESS6" ]; then - ip -6 addr add $HOST_ADDRESS6 dev $ifaceHost - fi - if [ -n "$LOCAL_ADDRESS" ]; then - ip route add $LOCAL_ADDRESS dev $ifaceHost - fi - if [ -n "$LOCAL_ADDRESS6" ]; then - ip -6 route add $LOCAL_ADDRESS6 dev $ifaceHost - fi + if [ -n "$HOST_ADDRESS6" ]; then + ip -6 addr add $HOST_ADDRESS6 dev $ifaceHost + fi + if [ -n "$LOCAL_ADDRESS" ]; then + ip route add $LOCAL_ADDRESS dev $ifaceHost + fi + if [ -n "$LOCAL_ADDRESS6" ]; then + ip -6 route add $LOCAL_ADDRESS6 dev $ifaceHost fi fi + fi - # Get the leader PID so that we can signal it in - # preStop. We can't use machinectl there because D-Bus - # might be shutting down. FIXME: in systemd 219 we can - # just signal systemd-nspawn to do a clean shutdown. - machinectl show "$INSTANCE" | sed 's/Leader=\(.*\)/\1/;t;d' > "/run/containers/$INSTANCE.pid" - ''; - - preStop = - '' - pid="$(cat /run/containers/$INSTANCE.pid)" - if [ -n "$pid" ]; then - kill -RTMIN+4 "$pid" - fi - rm -f "/run/containers/$INSTANCE.pid" - ''; + # Get the leader PID so that we can signal it in + # preStop. We can't use machinectl there because D-Bus + # might be shutting down. FIXME: in systemd 219 we can + # just signal systemd-nspawn to do a clean shutdown. + machinectl show "$INSTANCE" | sed 's/Leader=\(.*\)/\1/;t;d' > "/run/containers/$INSTANCE.pid" + ''; - restartIfChanged = false; - #reloadIfChanged = true; # FIXME + preStop = + '' + pid="$(cat /run/containers/$INSTANCE.pid)" + if [ -n "$pid" ]; then + kill -RTMIN+4 "$pid" + fi + rm -f "/run/containers/$INSTANCE.pid" + ''; - wants = [ "netwprk.target" ]; - after = [ "network.target" ]; + restartIfChanged = false; - serviceConfig = { - ExecReload = pkgs.writeScript "reload-container" - '' - #! ${pkgs.stdenv.shell} -e - ${nixos-container}/bin/nixos-container run "$INSTANCE" -- \ - bash --login -c "''${SYSTEM_PATH:-/nix/var/nix/profiles/system}/bin/switch-to-configuration test" - ''; + serviceConfig = { + ExecReload = pkgs.writeScript "reload-container" + '' + #! ${pkgs.stdenv.shell} -e + ${nixos-container}/bin/nixos-container run "$INSTANCE" -- \ + bash --login -c "''${SYSTEM_PATH:-/nix/var/nix/profiles/system}/bin/switch-to-configuration test" + ''; - SyslogIdentifier = "container %i"; + SyslogIdentifier = "container %i"; - EnvironmentFile = "-/etc/containers/%i.conf"; + EnvironmentFile = "-/etc/containers/%i.conf"; - Type = "notify"; + Type = "notify"; - NotifyAccess = "all"; + NotifyAccess = "all"; - # Note that on reboot, systemd-nspawn returns 133, so this - # unit will be restarted. On poweroff, it returns 0, so the - # unit won't be restarted. - RestartForceExitStatus = "133"; - SuccessExitStatus = "133"; + # Note that on reboot, systemd-nspawn returns 133, so this + # unit will be restarted. On poweroff, it returns 0, so the + # unit won't be restarted. + RestartForceExitStatus = "133"; + SuccessExitStatus = "133"; - Restart = "on-failure"; + Restart = "on-failure"; - # Hack: we don't want to kill systemd-nspawn, since we call - # "machinectl poweroff" in preStop to shut down the - # container cleanly. But systemd requires sending a signal - # (at least if we want remaining processes to be killed - # after the timeout). So send an ignored signal. - KillMode = "mixed"; - KillSignal = "WINCH"; - }; + # Hack: we don't want to kill systemd-nspawn, since we call + # "machinectl poweroff" in preStop to shut down the + # container cleanly. But systemd requires sending a signal + # (at least if we want remaining processes to be killed + # after the timeout). So send an ignored signal. + KillMode = "mixed"; + KillSignal = "WINCH"; }; + }; + in { + systemd.services = listToAttrs (filter (x: x.value != null) ( + # The generic container template used by imperative containers + [{ name = "container@"; value = unit; }] + # declarative containers + ++ (mapAttrsToList (name: cfg: nameValuePair "container@${name}" ( + if cfg.autoStart then + unit // { + wantedBy = [ "multi-user.target" ]; + wants = [ "network.target" ]; + after = [ "network.target" ]; + restartTriggers = [ cfg.path ]; + reloadIfChanged = true; + } + else null + )) config.containers) + )); # Generate a configuration file in /etc/containers for each # container so that container@.target can get the container @@ -482,31 +495,5 @@ in networking.dhcpcd.denyInterfaces = [ "ve-*" ]; environment.systemPackages = [ nixos-container ]; - - # Start containers at boot time. - systemd.services.all-containers = - { description = "All Containers"; - - wantedBy = [ "multi-user.target" ]; - - unitConfig.ConditionDirectoryNotEmpty = "/etc/containers"; - - serviceConfig.Type = "oneshot"; - - script = - '' - res=0 - shopt -s nullglob - for i in /etc/containers/*.conf; do - AUTO_START= - source "$i" - if [ "$AUTO_START" = 1 ]; then - systemctl start "container@$(basename "$i" .conf).service" || res=1 - fi - done - exit $res - ''; # */ - }; - - }; + }); } -- cgit 1.4.1 From 25387a1bedefb391db9f8585cfa1d160fc3bacfe Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Wed, 20 Apr 2016 20:53:24 +0200 Subject: nixos-checkout: Remove This command was useful when NixOS was spread across multiple repositories, but now it's pretty pointless (and obfuscates what happens, i.e. "git clone git://github.com/NixOS/nixpkgs.git"). --- nixos/doc/manual/development/sources.xml | 32 ++++-------- .../installer/cd-dvd/system-tarball-fuloong2f.nix | 3 +- .../installer/cd-dvd/system-tarball-sheevaplug.nix | 3 +- nixos/modules/installer/tools/nixos-checkout.nix | 60 ---------------------- nixos/modules/module-list.nix | 1 - 5 files changed, 13 insertions(+), 86 deletions(-) delete mode 100644 nixos/modules/installer/tools/nixos-checkout.nix (limited to 'nixos') diff --git a/nixos/doc/manual/development/sources.xml b/nixos/doc/manual/development/sources.xml index 879a31e32c59..fd0b0109b322 100644 --- a/nixos/doc/manual/development/sources.xml +++ b/nixos/doc/manual/development/sources.xml @@ -11,35 +11,25 @@ uses the NixOS and Nixpkgs sources provided by the nixos-unstable channel (kept in /nix/var/nix/profiles/per-user/root/channels/nixos). To modify NixOS, however, you should check out the latest sources from -Git. This is done using the following command: +Git. This is as follows: -$ nixos-checkout /my/sources - - -or - - -$ mkdir -p /my/sources -$ cd /my/sources -$ nix-env -i git $ git clone git://github.com/NixOS/nixpkgs.git $ cd nixpkgs $ git remote add channels git://github.com/NixOS/nixpkgs-channels.git $ git remote update channels -This will check out the latest NixOS sources to -/my/sources/nixpkgs/nixos -and the Nixpkgs sources to -/my/sources/nixpkgs. -(The NixOS source tree lives in a subdirectory of the Nixpkgs -repository.) The remote channels refers to a -read-only repository that tracks the Nixpkgs/NixOS channels (see for more information about channels). Thus, -the Git branch channels/nixos-14.12 will contain -the latest built and tested version available in the -nixos-14.12 channel. +This will check out the latest Nixpkgs sources to +./nixpkgs the NixOS sources to +./nixpkgs/nixos. (The NixOS source tree lives in +a subdirectory of the Nixpkgs repository.) The remote +channels refers to a read-only repository that +tracks the Nixpkgs/NixOS channels (see +for more information about channels). Thus, the Git branch +channels/nixos-14.12 will contain the latest built +and tested version available in the nixos-14.12 +channel. It’s often inconvenient to develop directly on the master branch, since if somebody has just committed (say) a change to GCC, diff --git a/nixos/modules/installer/cd-dvd/system-tarball-fuloong2f.nix b/nixos/modules/installer/cd-dvd/system-tarball-fuloong2f.nix index 6fe490b02bf4..d984cb307170 100644 --- a/nixos/modules/installer/cd-dvd/system-tarball-fuloong2f.nix +++ b/nixos/modules/installer/cd-dvd/system-tarball-fuloong2f.nix @@ -52,8 +52,7 @@ in # Include some utilities that are useful for installing or repairing # the system. environment.systemPackages = - [ pkgs.subversion # for nixos-checkout - pkgs.w3m # needed for the manual anyway + [ pkgs.w3m # needed for the manual anyway pkgs.testdisk # useful for repairing boot problems pkgs.mssys # for writing Microsoft boot sectors / MBRs pkgs.parted diff --git a/nixos/modules/installer/cd-dvd/system-tarball-sheevaplug.nix b/nixos/modules/installer/cd-dvd/system-tarball-sheevaplug.nix index 7badfcb8df22..9e733241993d 100644 --- a/nixos/modules/installer/cd-dvd/system-tarball-sheevaplug.nix +++ b/nixos/modules/installer/cd-dvd/system-tarball-sheevaplug.nix @@ -49,8 +49,7 @@ in # Include some utilities that are useful for installing or repairing # the system. environment.systemPackages = - [ pkgs.subversion # for nixos-checkout - pkgs.w3m # needed for the manual anyway + [ pkgs.w3m # needed for the manual anyway pkgs.ddrescue pkgs.ccrypt pkgs.cryptsetup # needed for dm-crypt volumes diff --git a/nixos/modules/installer/tools/nixos-checkout.nix b/nixos/modules/installer/tools/nixos-checkout.nix deleted file mode 100644 index 07274e139f7d..000000000000 --- a/nixos/modules/installer/tools/nixos-checkout.nix +++ /dev/null @@ -1,60 +0,0 @@ -# This module generates the nixos-checkout script, which performs a -# checkout of the Nixpkgs Git repository. - -{ config, lib, pkgs, ... }: - -with lib; - -let - - nixosCheckout = pkgs.substituteAll { - name = "nixos-checkout"; - dir = "bin"; - isExecutable = true; - src = pkgs.writeScript "nixos-checkout" - '' - #! ${pkgs.stdenv.shell} -e - - if [ "$1" == "-h" ] || [ "$1" == "--help" ]; then - echo "Usage: `basename $0` [PREFIX]. See NixOS Manual for more info." - exit 0 - fi - - prefix="$1" - if [ -z "$prefix" ]; then prefix=/etc/nixos; fi - mkdir -p "$prefix" - cd "$prefix" - - if [ -z "$(type -P git)" ]; then - echo "installing Git..." - nix-env -iA nixos.git - fi - - # Move any old nixpkgs directories out of the way. - backupTimestamp=$(date "+%Y%m%d%H%M%S") - - if [ -e nixpkgs -a ! -e nixpkgs/.git ]; then - mv nixpkgs nixpkgs-$backupTimestamp - fi - - # Check out the Nixpkgs sources. - if ! [ -e nixpkgs/.git ]; then - echo "Creating repository in $prefix/nixpkgs..." - git init --quiet nixpkgs - else - echo "Updating repository in $prefix/nixpkgs..." - fi - cd nixpkgs - git remote add origin git://github.com/NixOS/nixpkgs.git || true - git remote add channels git://github.com/NixOS/nixpkgs-channels.git || true - git remote set-url origin --push git@github.com:NixOS/nixpkgs.git - git remote update - git checkout master - ''; - }; - -in - -{ - environment.systemPackages = [ nixosCheckout ]; -} diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index bb8fa48105ac..e59ec07b8aa5 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -47,7 +47,6 @@ ./i18n/input-method/nabi.nix ./i18n/input-method/uim.nix ./installer/tools/auto-upgrade.nix - ./installer/tools/nixos-checkout.nix ./installer/tools/tools.nix ./misc/assertions.nix ./misc/crashdump.nix -- cgit 1.4.1 From 1d6990db066f346432f9196ce2b209a52ff64768 Mon Sep 17 00:00:00 2001 From: Alexander Ried Date: Wed, 20 Apr 2016 22:27:34 +0200 Subject: boot.loader.grub: fix variable name (#14855) --- nixos/modules/system/boot/loader/grub/grub.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'nixos') diff --git a/nixos/modules/system/boot/loader/grub/grub.nix b/nixos/modules/system/boot/loader/grub/grub.nix index 05322497a4bf..289405f93195 100644 --- a/nixos/modules/system/boot/loader/grub/grub.nix +++ b/nixos/modules/system/boot/loader/grub/grub.nix @@ -499,7 +499,7 @@ in } ] ++ flip map args.devices (device: { assertion = device == "nodev" || hasPrefix "/" device; - message = "GRUB devices must be absolute paths, not ${dev} in ${args.path}"; + message = "GRUB devices must be absolute paths, not ${device} in ${args.path}"; })); }) -- cgit 1.4.1 From 9c0997a0ef62d178d6bc88aeacc2643481edef9e Mon Sep 17 00:00:00 2001 From: William Casarin Date: Tue, 12 Apr 2016 13:31:47 -0700 Subject: hoogle service: init --- nixos/modules/module-list.nix | 1 + nixos/modules/services/development/hoogle.nix | 68 +++++++++++++++++++++++++++ 2 files changed, 69 insertions(+) create mode 100644 nixos/modules/services/development/hoogle.nix (limited to 'nixos') diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index e59ec07b8aa5..41210e648511 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -158,6 +158,7 @@ ./services/desktops/gnome3/tracker.nix ./services/desktops/profile-sync-daemon.nix ./services/desktops/telepathy.nix + ./services/development/hoogle.nix ./services/games/factorio.nix ./services/games/ghost-one.nix ./services/games/minecraft-server.nix diff --git a/nixos/modules/services/development/hoogle.nix b/nixos/modules/services/development/hoogle.nix new file mode 100644 index 000000000000..27281774b6fc --- /dev/null +++ b/nixos/modules/services/development/hoogle.nix @@ -0,0 +1,68 @@ +{ config, lib, pkgs, ... }: + +# services.hoogle = { +# enable = true; +# packages = hp: with hp; [ text lens ]; +# haskellPackages = pkgs.haskellPackages; +# }; + +with lib; + +let + + cfg = config.services.hoogle; + ghcWithHoogle = pkgs.haskellPackages.ghcWithHoogle; + +in { + + options.services.hoogle = { + enable = mkEnableOption "Hoogle Documentation service"; + + port = mkOption { + type = types.int; + default = 8080; + description = '' + Port number Hoogle will be listening to. + ''; + }; + + packages = mkOption { + default = hp: []; + example = "hp: with hp; [ text lens ]"; + description = '' + A function that returns a list of Haskell packages to generate + documentation for. + + The argument will be a Haskell package set provided by the + haskellPackages config option. + ''; + }; + + haskellPackages = mkOption { + description = "Which haskell package set to use."; + example = "pkgs.haskellPackages"; + type = types.attrs; + }; + + }; + + config = mkIf cfg.enable { + systemd.services.hoogle = { + description = "Hoogle Haskell documentation search"; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + Restart = "always"; + ExecStart = + let env = cfg.haskellPackages.ghcWithHoogle cfg.packages; + hoogleEnv = pkgs.buildEnv { + name = "hoogleServiceEnv"; + paths = [env]; + }; + in '' + ${hoogleEnv}/bin/hoogle server --local -p ${toString cfg.port} + ''; + }; + }; + }; + +} -- cgit 1.4.1 From 2e7b0bbd2244d6314b83cdd4868cc30dfda96575 Mon Sep 17 00:00:00 2001 From: Joachim Fasting Date: Fri, 22 Apr 2016 02:28:29 +0200 Subject: hoogle service: fixups Basic hardening - Run as nobody:nogroup with a private /tmp, /home & /run/user - Create working directory under /run (hoogle insists on writing to cwd and otherwise returns "something went wrong" to every query) Option tweaks - Provide a default for the haskellPackage option - Set text values for defaults - Move hoogleEnv to the top-level & simplify it --- nixos/modules/services/development/hoogle.nix | 50 ++++++++++++++------------- 1 file changed, 26 insertions(+), 24 deletions(-) (limited to 'nixos') diff --git a/nixos/modules/services/development/hoogle.nix b/nixos/modules/services/development/hoogle.nix index 27281774b6fc..90aa04d2762e 100644 --- a/nixos/modules/services/development/hoogle.nix +++ b/nixos/modules/services/development/hoogle.nix @@ -1,22 +1,20 @@ { config, lib, pkgs, ... }: -# services.hoogle = { -# enable = true; -# packages = hp: with hp; [ text lens ]; -# haskellPackages = pkgs.haskellPackages; -# }; - with lib; let cfg = config.services.hoogle; - ghcWithHoogle = pkgs.haskellPackages.ghcWithHoogle; + + hoogleEnv = pkgs.buildEnv { + name = "hoogle"; + paths = [ (cfg.haskellPackages.ghcWithHoogle cfg.packages) ]; + }; in { options.services.hoogle = { - enable = mkEnableOption "Hoogle Documentation service"; + enable = mkEnableOption "Haskell documentation server"; port = mkOption { type = types.int; @@ -28,39 +26,43 @@ in { packages = mkOption { default = hp: []; + defaultText = "hp: []"; example = "hp: with hp; [ text lens ]"; description = '' - A function that returns a list of Haskell packages to generate - documentation for. + The Haskell packages to generate documentation for. - The argument will be a Haskell package set provided by the - haskellPackages config option. + The option value is a function that takes the package set specified in + the haskellPackages option as its sole parameter and + returns a list of packages. ''; }; haskellPackages = mkOption { description = "Which haskell package set to use."; - example = "pkgs.haskellPackages"; - type = types.attrs; + default = pkgs.haskellPackages; + defaultText = "pkgs.haskellPackages"; }; }; config = mkIf cfg.enable { systemd.services.hoogle = { - description = "Hoogle Haskell documentation search"; + description = "Haskell documentation server"; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { Restart = "always"; - ExecStart = - let env = cfg.haskellPackages.ghcWithHoogle cfg.packages; - hoogleEnv = pkgs.buildEnv { - name = "hoogleServiceEnv"; - paths = [env]; - }; - in '' - ${hoogleEnv}/bin/hoogle server --local -p ${toString cfg.port} - ''; + ExecStart = ''${hoogleEnv}/bin/hoogle server --local -p ${toString cfg.port}''; + + User = "nobody"; + Group = "nogroup"; + + PrivateTmp = true; + ProtectHome = true; + + RuntimeDirectory = "hoogle"; + WorkingDirectory = "%t/hoogle"; }; }; }; -- cgit 1.4.1 From 01854a850a7e62c6a4f1de7c4ca0f1c9d89841c8 Mon Sep 17 00:00:00 2001 From: Tuomas Tynkkynen Date: Fri, 22 Apr 2016 10:40:57 +0300 Subject: treewide: Replace module_init_tools -> kmod The former is deprecated and doesn't handle compressed kernel modules, so all current usages of it are broken. --- nixos/modules/hardware/video/webcam/facetimehd.nix | 4 ++-- .../network-filesystems/openafs-client/default.nix | 4 ++-- nixos/modules/virtualisation/qemu-vm.nix | 10 ++++---- pkgs/build-support/vm/default.nix | 28 +++++++++++----------- pkgs/os-specific/linux/pcmciautils/default.nix | 6 ++--- pkgs/os-specific/linux/pm-utils/default.nix | 4 ++-- pkgs/tools/X11/bumblebee/default.nix | 6 ++--- pkgs/tools/misc/tlp/default.nix | 4 ++-- .../networking/network-manager/openconnect.nix | 4 ++-- pkgs/tools/networking/network-manager/openvpn.nix | 4 ++-- pkgs/tools/networking/network-manager/vpnc.nix | 4 ++-- 11 files changed, 39 insertions(+), 39 deletions(-) (limited to 'nixos') diff --git a/nixos/modules/hardware/video/webcam/facetimehd.nix b/nixos/modules/hardware/video/webcam/facetimehd.nix index b35709763b90..309cedca48ba 100644 --- a/nixos/modules/hardware/video/webcam/facetimehd.nix +++ b/nixos/modules/hardware/video/webcam/facetimehd.nix @@ -31,13 +31,13 @@ in # unload module during suspend/hibernate as it crashes the whole system powerManagement.powerDownCommands = '' - ${pkgs.module_init_tools}/bin/rmmod -f facetimehd + ${pkgs.kmod}/bin/rmmod -f facetimehd ''; # and load it back on resume powerManagement.resumeCommands = '' export MODULE_DIR=/run/current-system/kernel-modules/lib/modules - ${pkgs.module_init_tools}/bin/modprobe -v facetimehd + ${pkgs.kmod}/bin/modprobe -v facetimehd ''; }; diff --git a/nixos/modules/services/network-filesystems/openafs-client/default.nix b/nixos/modules/services/network-filesystems/openafs-client/default.nix index 7a44fc1ea5ec..61c66bb88357 100644 --- a/nixos/modules/services/network-filesystems/openafs-client/default.nix +++ b/nixos/modules/services/network-filesystems/openafs-client/default.nix @@ -80,7 +80,7 @@ in preStart = '' mkdir -p -m 0755 /afs mkdir -m 0700 -p ${cfg.cacheDirectory} - ${pkgs.module_init_tools}/sbin/insmod ${openafsPkgs}/lib/openafs/libafs-*.ko || true + ${pkgs.kmod}/sbin/insmod ${openafsPkgs}/lib/openafs/libafs-*.ko || true ${openafsPkgs}/sbin/afsd -confdir ${afsConfig} -cachedir ${cfg.cacheDirectory} ${if cfg.sparse then "-dynroot-sparse" else "-dynroot"} -fakestat -afsdb ${openafsPkgs}/bin/fs setcrypt ${if cfg.crypt then "on" else "off"} ''; @@ -92,7 +92,7 @@ in preStop = '' ${pkgs.utillinux}/bin/umount /afs ${openafsPkgs}/sbin/afsd -shutdown - ${pkgs.module_init_tools}/sbin/rmmod libafs + ${pkgs.kmod}/sbin/rmmod libafs ''; }; }; diff --git a/nixos/modules/virtualisation/qemu-vm.nix b/nixos/modules/virtualisation/qemu-vm.nix index 7dfbc38efee6..7269fae51945 100644 --- a/nixos/modules/virtualisation/qemu-vm.nix +++ b/nixos/modules/virtualisation/qemu-vm.nix @@ -149,11 +149,11 @@ let ${pkgs.mtools}/bin/mlabel -i /dev/vda2 ::boot # Mount /boot; load necessary modules first. - ${pkgs.module_init_tools}/sbin/insmod ${pkgs.linux}/lib/modules/*/kernel/fs/nls/nls_cp437.ko || true - ${pkgs.module_init_tools}/sbin/insmod ${pkgs.linux}/lib/modules/*/kernel/fs/nls/nls_iso8859-1.ko || true - ${pkgs.module_init_tools}/sbin/insmod ${pkgs.linux}/lib/modules/*/kernel/fs/fat/fat.ko || true - ${pkgs.module_init_tools}/sbin/insmod ${pkgs.linux}/lib/modules/*/kernel/fs/fat/vfat.ko || true - ${pkgs.module_init_tools}/sbin/insmod ${pkgs.linux}/lib/modules/*/kernel/fs/efivarfs/efivarfs.ko || true + ${pkgs.kmod}/sbin/insmod ${pkgs.linux}/lib/modules/*/kernel/fs/nls/nls_cp437.ko || true + ${pkgs.kmod}/sbin/insmod ${pkgs.linux}/lib/modules/*/kernel/fs/nls/nls_iso8859-1.ko || true + ${pkgs.kmod}/sbin/insmod ${pkgs.linux}/lib/modules/*/kernel/fs/fat/fat.ko || true + ${pkgs.kmod}/sbin/insmod ${pkgs.linux}/lib/modules/*/kernel/fs/fat/vfat.ko || true + ${pkgs.kmod}/sbin/insmod ${pkgs.linux}/lib/modules/*/kernel/fs/efivarfs/efivarfs.ko || true mkdir /boot mount /dev/vda2 /boot diff --git a/pkgs/build-support/vm/default.nix b/pkgs/build-support/vm/default.nix index e670e1ef2258..2d33a1973469 100644 --- a/pkgs/build-support/vm/default.nix +++ b/pkgs/build-support/vm/default.nix @@ -329,14 +329,14 @@ rec { buildInputs = [ utillinux ]; buildCommand = '' ln -s ${linux}/lib /lib - ${module_init_tools}/bin/modprobe loop - ${module_init_tools}/bin/modprobe ext4 - ${module_init_tools}/bin/modprobe hfs - ${module_init_tools}/bin/modprobe hfsplus - ${module_init_tools}/bin/modprobe squashfs - ${module_init_tools}/bin/modprobe iso9660 - ${module_init_tools}/bin/modprobe ufs - ${module_init_tools}/bin/modprobe cramfs + ${kmod}/bin/modprobe loop + ${kmod}/bin/modprobe ext4 + ${kmod}/bin/modprobe hfs + ${kmod}/bin/modprobe hfsplus + ${kmod}/bin/modprobe squashfs + ${kmod}/bin/modprobe iso9660 + ${kmod}/bin/modprobe ufs + ${kmod}/bin/modprobe cramfs mknod /dev/loop0 b 7 0 mkdir -p $out @@ -355,12 +355,12 @@ rec { buildInputs = [ utillinux mtdutils ]; buildCommand = '' ln -s ${linux}/lib /lib - ${module_init_tools}/bin/modprobe mtd - ${module_init_tools}/bin/modprobe mtdram total_size=131072 - ${module_init_tools}/bin/modprobe mtdchar - ${module_init_tools}/bin/modprobe mtdblock - ${module_init_tools}/bin/modprobe jffs2 - ${module_init_tools}/bin/modprobe zlib + ${kmod}/bin/modprobe mtd + ${kmod}/bin/modprobe mtdram total_size=131072 + ${kmod}/bin/modprobe mtdchar + ${kmod}/bin/modprobe mtdblock + ${kmod}/bin/modprobe jffs2 + ${kmod}/bin/modprobe zlib mknod /dev/mtd0 c 90 0 mknod /dev/mtdblock0 b 31 0 diff --git a/pkgs/os-specific/linux/pcmciautils/default.nix b/pkgs/os-specific/linux/pcmciautils/default.nix index ce5814965efd..3e41df9465f9 100644 --- a/pkgs/os-specific/linux/pcmciautils/default.nix +++ b/pkgs/os-specific/linux/pcmciautils/default.nix @@ -1,6 +1,6 @@ { stdenv, fetchurl , yacc, flex -, sysfsutils, module_init_tools, udev +, sysfsutils, kmod, udev , firmware # Special pcmcia cards. , config # Special hardware (map memory & port & irq) , lib # used to generate postInstall script. @@ -15,11 +15,11 @@ stdenv.mkDerivation rec { sha256 = "5d8e2efad8a7f692129610603da232f2144851753d8d49a70eeb8eb1be6f6bc3"; }; - buildInputs = [udev yacc sysfsutils module_init_tools flex]; + buildInputs = [udev yacc sysfsutils kmod flex]; patchPhase = '' sed -i " - s,/sbin/modprobe,${module_init_tools}&,; + s,/sbin/modprobe,${kmod}&,; s,/lib/udev/,$out/sbin/,; " udev/* # fix-color */ sed -i " diff --git a/pkgs/os-specific/linux/pm-utils/default.nix b/pkgs/os-specific/linux/pm-utils/default.nix index 19315ec2d0ba..cb74dc204a3c 100644 --- a/pkgs/os-specific/linux/pm-utils/default.nix +++ b/pkgs/os-specific/linux/pm-utils/default.nix @@ -1,10 +1,10 @@ -{ stdenv, fetchurl, coreutils, gnugrep, utillinux, module_init_tools +{ stdenv, fetchurl, coreutils, gnugrep, utillinux, kmod , procps, kbd, dbus_tools }: let binPath = stdenv.lib.makeBinPath - [ coreutils gnugrep utillinux module_init_tools procps kbd dbus_tools ]; + [ coreutils gnugrep utillinux kmod procps kbd dbus_tools ]; sbinPath = stdenv.lib.makeSearchPathOutputs "sbin" ["bin"] [ procps ]; diff --git a/pkgs/tools/X11/bumblebee/default.nix b/pkgs/tools/X11/bumblebee/default.nix index d1f2318d6d45..803fd0dd8504 100644 --- a/pkgs/tools/X11/bumblebee/default.nix +++ b/pkgs/tools/X11/bumblebee/default.nix @@ -18,7 +18,7 @@ { stdenv, lib, fetchurl, pkgconfig, help2man, makeWrapper , glib, libbsd -, libX11, libXext, xorgserver, xkbcomp, module_init_tools, xkeyboard_config, xf86videonouveau +, libX11, libXext, xorgserver, xkbcomp, kmod, xkeyboard_config, xf86videonouveau , nvidia_x11, virtualgl, primusLib # The below should only be non-null in a x86_64 system. On a i686 # system the above nvidia_x11 and virtualgl will be the i686 packages. @@ -43,7 +43,7 @@ let nvidiaLibs = lib.makeLibraryPath nvidia_x11s; - bbdPath = lib.makeBinPath [ module_init_tools xorgserver ]; + bbdPath = lib.makeBinPath [ kmod xorgserver ]; bbdLibs = lib.makeLibraryPath [ libX11 libXext ]; xmodules = lib.concatStringsSep "," (map (x: "${x}/lib/xorg/modules") ([ xorgserver ] ++ lib.optional (!useNvidia) xf86videonouveau)); @@ -80,7 +80,7 @@ in stdenv.mkDerivation rec { # be in PATH, and thus no action for them is required. substituteInPlace src/module.c \ - --replace "/sbin/modinfo" "${module_init_tools}/sbin/modinfo" + --replace "/sbin/modinfo" "${kmod}/sbin/modinfo" # Don't use a special group, just reuse wheel. substituteInPlace configure \ diff --git a/pkgs/tools/misc/tlp/default.nix b/pkgs/tools/misc/tlp/default.nix index e20dc850008a..d290c9f9a5a7 100644 --- a/pkgs/tools/misc/tlp/default.nix +++ b/pkgs/tools/misc/tlp/default.nix @@ -1,5 +1,5 @@ { stdenv, lib, fetchFromGitHub, makeWrapper, perl, systemd, iw, rfkill, hdparm, ethtool, inetutils -, module_init_tools, pciutils, smartmontools, x86_energy_perf_policy, gawk, gnugrep, coreutils +, kmod, pciutils, smartmontools, x86_energy_perf_policy, gawk, gnugrep, coreutils , enableRDW ? false, networkmanager }: @@ -27,7 +27,7 @@ in stdenv.mkDerivation { buildInputs = [ perl ]; paths = lib.makeBinPath - ([ iw rfkill hdparm ethtool inetutils systemd module_init_tools pciutils smartmontools + ([ iw rfkill hdparm ethtool inetutils systemd kmod pciutils smartmontools x86_energy_perf_policy gawk gnugrep coreutils ] ++ lib.optional enableRDW networkmanager diff --git a/pkgs/tools/networking/network-manager/openconnect.nix b/pkgs/tools/networking/network-manager/openconnect.nix index 0009aaf6b440..6a93100fa105 100644 --- a/pkgs/tools/networking/network-manager/openconnect.nix +++ b/pkgs/tools/networking/network-manager/openconnect.nix @@ -1,5 +1,5 @@ { stdenv, fetchurl, openconnect, intltool, pkgconfig, networkmanager, libsecret -, withGnome ? true, gnome3, procps, module_init_tools }: +, withGnome ? true, gnome3, procps, kmod }: stdenv.mkDerivation rec { name = "${pname}${if withGnome then "-gnome" else ""}-${version}"; @@ -28,7 +28,7 @@ stdenv.mkDerivation rec { --replace "/sbin/sysctl" "${procps}/sbin/sysctl" substituteInPlace "src/nm-openconnect-service.c" \ --replace "/usr/sbin/openconnect" "${openconnect}/sbin/openconnect" \ - --replace "/sbin/modprobe" "${module_init_tools}/sbin/modprobe" + --replace "/sbin/modprobe" "${kmod}/sbin/modprobe" ''; postConfigure = '' diff --git a/pkgs/tools/networking/network-manager/openvpn.nix b/pkgs/tools/networking/network-manager/openvpn.nix index be0264571953..4b98600611e4 100644 --- a/pkgs/tools/networking/network-manager/openvpn.nix +++ b/pkgs/tools/networking/network-manager/openvpn.nix @@ -1,5 +1,5 @@ { stdenv, fetchurl, openvpn, intltool, pkgconfig, networkmanager, libsecret -, withGnome ? true, gnome3, procps, module_init_tools }: +, withGnome ? true, gnome3, procps, kmod }: stdenv.mkDerivation rec { name = "${pname}${if withGnome then "-gnome" else ""}-${version}"; @@ -28,7 +28,7 @@ stdenv.mkDerivation rec { --replace "/sbin/sysctl" "${procps}/sbin/sysctl" substituteInPlace "src/nm-openvpn-service.c" \ --replace "/sbin/openvpn" "${openvpn}/sbin/openvpn" \ - --replace "/sbin/modprobe" "${module_init_tools}/sbin/modprobe" + --replace "/sbin/modprobe" "${kmod}/sbin/modprobe" substituteInPlace "properties/auth-helpers.c" \ --replace "/sbin/openvpn" "${openvpn}/sbin/openvpn" ''; diff --git a/pkgs/tools/networking/network-manager/vpnc.nix b/pkgs/tools/networking/network-manager/vpnc.nix index 5f3ab00ebc43..64de5408c7e0 100644 --- a/pkgs/tools/networking/network-manager/vpnc.nix +++ b/pkgs/tools/networking/network-manager/vpnc.nix @@ -1,5 +1,5 @@ { stdenv, fetchurl, vpnc, intltool, pkgconfig, networkmanager, libsecret -, withGnome ? true, gnome3, procps, module_init_tools }: +, withGnome ? true, gnome3, procps, kmod }: stdenv.mkDerivation rec { name = "${pname}${if withGnome then "-gnome" else ""}-${version}"; @@ -27,7 +27,7 @@ stdenv.mkDerivation rec { --replace "/sbin/sysctl" "${procps}/sbin/sysctl" substituteInPlace "src/nm-vpnc-service.c" \ --replace "/sbin/vpnc" "${vpnc}/sbin/vpnc" \ - --replace "/sbin/modprobe" "${module_init_tools}/sbin/modprobe" + --replace "/sbin/modprobe" "${kmod}/sbin/modprobe" ''; postConfigure = '' -- cgit 1.4.1 From d0c127487fd607c9c66cb0a1a4d1eb9782632ae1 Mon Sep 17 00:00:00 2001 From: Tuomas Tynkkynen Date: Fri, 22 Apr 2016 10:42:31 +0300 Subject: qemu-img: Fix module paths They are compressed nowadays. Not sure if these are really needed since nobody noticed they were broken, but anyway... --- nixos/modules/virtualisation/qemu-vm.nix | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'nixos') diff --git a/nixos/modules/virtualisation/qemu-vm.nix b/nixos/modules/virtualisation/qemu-vm.nix index 7269fae51945..d9b866d2e55e 100644 --- a/nixos/modules/virtualisation/qemu-vm.nix +++ b/nixos/modules/virtualisation/qemu-vm.nix @@ -149,11 +149,11 @@ let ${pkgs.mtools}/bin/mlabel -i /dev/vda2 ::boot # Mount /boot; load necessary modules first. - ${pkgs.kmod}/sbin/insmod ${pkgs.linux}/lib/modules/*/kernel/fs/nls/nls_cp437.ko || true - ${pkgs.kmod}/sbin/insmod ${pkgs.linux}/lib/modules/*/kernel/fs/nls/nls_iso8859-1.ko || true - ${pkgs.kmod}/sbin/insmod ${pkgs.linux}/lib/modules/*/kernel/fs/fat/fat.ko || true - ${pkgs.kmod}/sbin/insmod ${pkgs.linux}/lib/modules/*/kernel/fs/fat/vfat.ko || true - ${pkgs.kmod}/sbin/insmod ${pkgs.linux}/lib/modules/*/kernel/fs/efivarfs/efivarfs.ko || true + ${pkgs.kmod}/sbin/insmod ${pkgs.linux}/lib/modules/*/kernel/fs/nls/nls_cp437.ko.xz || true + ${pkgs.kmod}/sbin/insmod ${pkgs.linux}/lib/modules/*/kernel/fs/nls/nls_iso8859-1.ko.xz || true + ${pkgs.kmod}/sbin/insmod ${pkgs.linux}/lib/modules/*/kernel/fs/fat/fat.ko.xz || true + ${pkgs.kmod}/sbin/insmod ${pkgs.linux}/lib/modules/*/kernel/fs/fat/vfat.ko.xz || true + ${pkgs.kmod}/sbin/insmod ${pkgs.linux}/lib/modules/*/kernel/fs/efivarfs/efivarfs.ko.xz || true mkdir /boot mount /dev/vda2 /boot -- cgit 1.4.1 From a05ba7375d6b6f31b36d3cf36006bdcdadde06b7 Mon Sep 17 00:00:00 2001 From: Evgeny Egorochkin Date: Tue, 12 Apr 2016 12:05:03 +0300 Subject: quassel: use qt4 version of the daemon because as of now qt5 version fails to use proxies(connection refused) --- nixos/modules/services/networking/quassel.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'nixos') diff --git a/nixos/modules/services/networking/quassel.nix b/nixos/modules/services/networking/quassel.nix index 52c7ac8e6893..99269c49e8f1 100644 --- a/nixos/modules/services/networking/quassel.nix +++ b/nixos/modules/services/networking/quassel.nix @@ -3,7 +3,7 @@ with lib; let - quassel = pkgs.quasselDaemon_qt5; + quassel = pkgs.kde4.quasselDaemon; cfg = config.services.quassel; user = if cfg.user != null then cfg.user else "quassel"; in -- cgit 1.4.1 From 08546d3a20c915fb6554d68b3de89a1f2c0a1faa Mon Sep 17 00:00:00 2001 From: Eric Litak Date: Fri, 22 Apr 2016 22:39:28 -0700 Subject: unifi: fix for closure-size changes --- nixos/modules/services/networking/unifi.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'nixos') diff --git a/nixos/modules/services/networking/unifi.nix b/nixos/modules/services/networking/unifi.nix index 4dc0cd96904c..782dced33dfb 100644 --- a/nixos/modules/services/networking/unifi.nix +++ b/nixos/modules/services/networking/unifi.nix @@ -62,7 +62,7 @@ in bindsTo = systemdMountPoints; unitConfig.RequiresMountsFor = stateDir; # This a HACK to fix missing dependencies of dynamic libs extracted from jars - environment.LD_LIBRARY_PATH = with pkgs.stdenv; "${cc.cc}/lib"; + environment.LD_LIBRARY_PATH = with pkgs.stdenv; "${cc.cc.lib}/lib"; preStart = '' # Ensure privacy of state -- cgit 1.4.1 From 86357de0c8d971f968b776abfc9f556b759f0ed2 Mon Sep 17 00:00:00 2001 From: Eric Litak Date: Fri, 22 Apr 2016 22:43:45 -0700 Subject: mfi: relocatable data dir --- nixos/modules/services/networking/mfi.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'nixos') diff --git a/nixos/modules/services/networking/mfi.nix b/nixos/modules/services/networking/mfi.nix index 5afb83ed022f..775564a2c446 100644 --- a/nixos/modules/services/networking/mfi.nix +++ b/nixos/modules/services/networking/mfi.nix @@ -10,6 +10,7 @@ let { what = "${pkgs.mfi}/dl"; where = "${stateDir}/dl"; } { what = "${pkgs.mfi}/lib"; where = "${stateDir}/lib"; } { what = "${pkgs.mongodb248}/bin"; where = "${stateDir}/bin"; } + { what = "${cfg.dataDir}"; where = "${stateDir}/data"; } ]; systemdMountPoints = map (m: "${utils.escapeSystemdPath m.where}.mount") mountPoints; ports = [ 6080 6880 6443 6843 ]; @@ -23,6 +24,15 @@ in default = true; description = "Whether to open TCP ports ${concatMapStrings (a: "${toString a} ") ports}for the services."; }; + dataDir = mkOption { + type = types.str; + default = "${stateDir}/data"; + description = '' + Where to store the database and other data. + + This directory will be bind-mounted to ${stateDir}/data as part of the service startup. + ''; + }; }; }; -- cgit 1.4.1 From 032f3e721c1259b8a65f2bbe9f6c3a4d1994719f Mon Sep 17 00:00:00 2001 From: Eric Litak Date: Fri, 22 Apr 2016 22:43:55 -0700 Subject: unifi: relocatable data dir --- nixos/modules/services/networking/unifi.nix | 14 ++++++++++++++ 1 file changed, 14 insertions(+) (limited to 'nixos') diff --git a/nixos/modules/services/networking/unifi.nix b/nixos/modules/services/networking/unifi.nix index 782dced33dfb..cb5a88e67aae 100644 --- a/nixos/modules/services/networking/unifi.nix +++ b/nixos/modules/services/networking/unifi.nix @@ -17,6 +17,10 @@ let what = "${pkgs.mongodb}/bin"; where = "${stateDir}/bin"; } + { + what = "${cfg.dataDir}"; + where = "${stateDir}/data"; + } ]; systemdMountPoints = map (m: "${utils.escapeSystemdPath m.where}.mount") mountPoints; in @@ -32,6 +36,16 @@ in ''; }; + services.unifi.dataDir = mkOption { + type = types.str; + default = "${stateDir}/data"; + description = '' + Where to store the database and other data. + + This directory will be bind-mounted to ${stateDir}/data as part of the service startup. + ''; + }; + }; config = mkIf cfg.enable { -- cgit 1.4.1 From db179647d62e181a884d6d30460c9ff841808dec Mon Sep 17 00:00:00 2001 From: Domen Kožar Date: Sat, 23 Apr 2016 13:11:32 +0100 Subject: make all boot tests release critical #14902 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit (cherry picked from commit 9d1662c6c90059b63fad01b3f55a0df94af7cde4) Signed-off-by: Domen Kožar --- nixos/release-combined.nix | 3 +++ 1 file changed, 3 insertions(+) (limited to 'nixos') diff --git a/nixos/release-combined.nix b/nixos/release-combined.nix index 53ef4564b5cd..abb69f121da0 100644 --- a/nixos/release-combined.nix +++ b/nixos/release-combined.nix @@ -64,6 +64,9 @@ in rec { (all nixos.tests.installer.btrfsSubvols) (all nixos.tests.installer.btrfsSubvolDefault) (all nixos.tests.boot.biosCdrom) + (all nixos.tests.boot.biosUsb) + (all nixos.tests.boot.uefiCdrom) + (all nixos.tests.boot.uefiUsb) (all nixos.tests.ipv6) (all nixos.tests.kde4) #(all nixos.tests.lightdm) -- cgit 1.4.1 From c145f6eaa75567f87dd2f61832c3e28f067cfe2b Mon Sep 17 00:00:00 2001 From: Tristan Helmich Date: Sat, 23 Apr 2016 15:49:33 +0200 Subject: emby service: new service --- nixos/modules/misc/ids.nix | 2 ++ nixos/modules/module-list.nix | 1 + nixos/modules/services/misc/emby.nix | 64 ++++++++++++++++++++++++++++++++++++ 3 files changed, 67 insertions(+) create mode 100644 nixos/modules/services/misc/emby.nix (limited to 'nixos') diff --git a/nixos/modules/misc/ids.nix b/nixos/modules/misc/ids.nix index 9e6bbc744381..684ca132bc74 100644 --- a/nixos/modules/misc/ids.nix +++ b/nixos/modules/misc/ids.nix @@ -263,6 +263,7 @@ caddy = 239; taskd = 240; factorio = 241; + emby = 242; # When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399! @@ -497,6 +498,7 @@ caddy = 239; taskd = 240; factorio = 241; + emby = 242; # When adding a gid, make sure it doesn't match an existing # uid. Users and groups with the same name should have equal diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 41210e648511..972802b2341f 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -216,6 +216,7 @@ ./services/misc/dictd.nix ./services/misc/disnix.nix ./services/misc/docker-registry.nix + ./services/misc/emby.nix ./services/misc/etcd.nix ./services/misc/felix.nix ./services/misc/folding-at-home.nix diff --git a/nixos/modules/services/misc/emby.nix b/nixos/modules/services/misc/emby.nix new file mode 100644 index 000000000000..fe872349f45e --- /dev/null +++ b/nixos/modules/services/misc/emby.nix @@ -0,0 +1,64 @@ +{ config, pkgs, lib, mono, ... }: + +with lib; + +let + cfg = config.services.emby; + emby = pkgs.emby; +in +{ + options = { + services.emby = { + enable = mkEnableOption "Emby Media Server"; + + user = mkOption { + type = types.str; + default = "emby"; + description = "User account under which Emby runs."; + }; + + group = mkOption { + type = types.str; + default = "emby"; + description = "Group under which emby runs."; + }; + }; + }; + + config = mkIf cfg.enable { + systemd.services.emby = { + description = "Emby Media Server"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + preStart = '' + test -d /var/lib/emby/ProgramData-Server || { + echo "Creating initial Emby data directory in /var/lib/emby/ProgramData-Server" + mkdir -p /var/lib/emby/ProgramData-Server + chown -R ${cfg.user}:${cfg.group} /var/lib/emby/ProgramData-Server + } + ''; + + serviceConfig = { + Type = "simple"; + User = cfg.user; + Group = cfg.group; + PermissionsStartOnly = "true"; + ExecStart = "${pkgs.mono}/bin/mono ${pkgs.emby}/bin/MediaBrowser.Server.Mono.exe"; + Restart = "on-failure"; + }; + }; + + users.extraUsers = mkIf (cfg.user == "emby") { + emby = { + group = cfg.group; + uid = config.ids.uids.emby; + }; + }; + + users.extraGroups = mkIf (cfg.group == "emby") { + emby = { + gid = config.ids.gids.emby; + }; + }; + }; +} -- cgit 1.4.1 From a1b39b9990f2c23f31875a5993441ea686885df3 Mon Sep 17 00:00:00 2001 From: Vladimír Čunát Date: Sat, 23 Apr 2016 16:16:22 +0200 Subject: cups tests: finally fix them Fixes #14748. --- nixos/tests/printing.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'nixos') diff --git a/nixos/tests/printing.nix b/nixos/tests/printing.nix index 10d69b446cd7..c777fd41b780 100644 --- a/nixos/tests/printing.nix +++ b/nixos/tests/printing.nix @@ -62,7 +62,7 @@ import ./make-test.nix ({pkgs, ... }: { # Test printing various file types. foreach my $file ("${pkgs.groff.doc}/share/doc/*/examples/mom/penguin.pdf", "${pkgs.groff.doc}/share/doc/*/meref.ps", - "${pkgs.cups}/share/doc/cups/images/cups.png", + "${pkgs.cups.out}/share/doc/cups/images/cups.png", "${pkgs.pcre.doc}/share/doc/pcre/pcre.txt") { $file =~ /([^\/]*)$/; my $fn = $1; -- cgit 1.4.1 From 788122c3c5dcd146f65fbd587972b22f5ff8481e Mon Sep 17 00:00:00 2001 From: Graham Christensen Date: Thu, 21 Apr 2016 21:35:41 -0500 Subject: facetimehd: Only unload module if it is loaded The pre-sleep service exits if any command fails. Unloading facetimehd without it being loaded blocks subsequent commands from running. Note: `modprobe -r` works a bit better when unloading unused modules, and is preferrable to `rmmod`. However, the facetimehd module does not support suspending. In this case, it seems preferable to forcefully unload the module. `modprobe` does not support a `--force` flag when removing, so we are left with `rmmod`. See: - https://github.com/NixOS/nixpkgs/pull/14883 - https://github.com/patjak/bcwc_pcie/wiki#known-issues --- nixos/modules/hardware/video/webcam/facetimehd.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'nixos') diff --git a/nixos/modules/hardware/video/webcam/facetimehd.nix b/nixos/modules/hardware/video/webcam/facetimehd.nix index 309cedca48ba..2a2fcf3057d4 100644 --- a/nixos/modules/hardware/video/webcam/facetimehd.nix +++ b/nixos/modules/hardware/video/webcam/facetimehd.nix @@ -31,7 +31,7 @@ in # unload module during suspend/hibernate as it crashes the whole system powerManagement.powerDownCommands = '' - ${pkgs.kmod}/bin/rmmod -f facetimehd + ${pkgs.kmod}/bin/lsmod | ${pkgs.gnugrep}/bin/grep -q "^facetimehd" && ${pkgs.kmod}/bin/rmmod -f -v facetimehd ''; # and load it back on resume -- cgit 1.4.1 From 882391a1620f5179eab0f9f4b96f85af875cbb34 Mon Sep 17 00:00:00 2001 From: Franz Pletz Date: Sun, 24 Apr 2016 19:44:01 +0200 Subject: redshift service: run as user service Fixes #14882. --- nixos/modules/services/x11/redshift.nix | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) (limited to 'nixos') diff --git a/nixos/modules/services/x11/redshift.nix b/nixos/modules/services/x11/redshift.nix index 4318a17a4fa5..8f1e317e52b0 100644 --- a/nixos/modules/services/x11/redshift.nix +++ b/nixos/modules/services/x11/redshift.nix @@ -94,11 +94,9 @@ in { }; config = mkIf cfg.enable { - systemd.services.redshift = { + systemd.user.services.redshift = { description = "Redshift colour temperature adjuster"; - requires = [ "display-manager.service" ]; - after = [ "display-manager.service" ]; - wantedBy = [ "graphical.target" ]; + wantedBy = [ "default.target" ]; serviceConfig = { ExecStart = '' ${cfg.package}/bin/redshift \ @@ -107,10 +105,10 @@ in { -b ${toString cfg.brightness.day}:${toString cfg.brightness.night} \ ${lib.strings.concatStringsSep " " cfg.extraOptions} ''; - RestartSec = 3; + RestartSec = 3; + Restart = "always"; }; environment = { DISPLAY = ":0"; }; - serviceConfig.Restart = "always"; }; }; -- cgit 1.4.1 From 23e3cbeca4331507f4c54a4020b6573d89883480 Mon Sep 17 00:00:00 2001 From: David Guibert Date: Sun, 24 Apr 2016 21:56:15 +0200 Subject: kerberos_server: fix evaluation (closes #14928) --- nixos/modules/services/system/kerberos.nix | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'nixos') diff --git a/nixos/modules/services/system/kerberos.nix b/nixos/modules/services/system/kerberos.nix index 347302c6090d..4f2e2fdf662b 100644 --- a/nixos/modules/services/system/kerberos.nix +++ b/nixos/modules/services/system/kerberos.nix @@ -4,7 +4,7 @@ let inherit (lib) mkOption mkIf singleton; - inherit (pkgs) heimdal; + inherit (pkgs) heimdalFull; stateDir = "/var/heimdal"; in @@ -33,7 +33,7 @@ in config = mkIf config.services.kerberos_server.enable { - environment.systemPackages = [ heimdal ]; + environment.systemPackages = [ heimdalFull ]; services.xinetd.enable = true; services.xinetd.services = lib.singleton @@ -42,7 +42,7 @@ in protocol = "tcp"; user = "root"; server = "${pkgs.tcp_wrappers}/sbin/tcpd"; - serverArgs = "${pkgs.heimdal}/sbin/kadmind"; + serverArgs = "${pkgs.heimdalFull}/sbin/kadmind"; }; systemd.services.kdc = { @@ -51,13 +51,13 @@ in preStart = '' mkdir -m 0755 -p ${stateDir} ''; - script = "${heimdal}/sbin/kdc"; + script = "${heimdalFull}/sbin/kdc"; }; systemd.services.kpasswdd = { description = "Kerberos Password Changing daemon"; wantedBy = [ "multi-user.target" ]; - script = "${heimdal}/sbin/kpasswdd"; + script = "${heimdalFull}/sbin/kpasswdd"; }; }; -- cgit 1.4.1 From 7cf8daa2bbf7e9ac1b57305a22547271dca28a6e Mon Sep 17 00:00:00 2001 From: Vladimír Čunát Date: Mon, 25 Apr 2016 11:00:26 +0200 Subject: nixos: rename chroot* to sandbox* On Nix side this was done months ago: https://github.com/NixOS/nix/pull/682 --- .github/PULL_REQUEST_TEMPLATE.md | 2 +- nixos/modules/rename.nix | 4 ++++ nixos/modules/services/misc/nix-daemon.nix | 16 ++++++++-------- 3 files changed, 13 insertions(+), 9 deletions(-) (limited to 'nixos') diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md index ceea615d5d7f..324c5f17f7a4 100644 --- a/.github/PULL_REQUEST_TEMPLATE.md +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -1,6 +1,6 @@ ###### Things done -- [ ] Tested using sandboxing (`nix-build --option build-use-chroot true` or [nix.useChroot](http://nixos.org/nixos/manual/options.html#opt-nix.useChroot) on NixOS) +- [ ] Tested using sandboxing (`nix-build --option build-use-sandbox true` or [nix.useSandbox](http://nixos.org/nixos/manual/options.html#opt-nix.useSandbox) on NixOS) - Built on platform(s) - [ ] NixOS - [ ] OS X diff --git a/nixos/modules/rename.nix b/nixos/modules/rename.nix index 84eccfd51292..6b02446d53b4 100644 --- a/nixos/modules/rename.nix +++ b/nixos/modules/rename.nix @@ -68,6 +68,10 @@ with lib; # proxy (mkRenamedOptionModule [ "nix" "proxy" ] [ "networking" "proxy" "default" ]) + # sandboxing + (mkRenamedOptionModule [ "nix" "useChroot" ] [ "nix" "useSandbox" ]) + (mkRenamedOptionModule [ "nix" "chrootDirs" ] [ "nix" "sandboxPaths" ]) + # KDE (mkRenamedOptionModule [ "kde" "extraPackages" ] [ "environment" "systemPackages" ]) (mkRenamedOptionModule [ "environment" "kdePackages" ] [ "environment" "systemPackages" ]) diff --git a/nixos/modules/services/misc/nix-daemon.nix b/nixos/modules/services/misc/nix-daemon.nix index 10ac6f93cfdb..c84c67ff2872 100644 --- a/nixos/modules/services/misc/nix-daemon.nix +++ b/nixos/modules/services/misc/nix-daemon.nix @@ -24,8 +24,8 @@ let nixConf = let - # If we're using a chroot for builds, then provide /bin/sh in - # the chroot as a bind-mount to bash. This means we also need to + # If we're using sandbox for builds, then provide /bin/sh in + # the sandbox as a bind-mount to bash. This means we also need to # include the entire closure of bash. sh = pkgs.stdenv.shell; binshDeps = pkgs.writeReferencesToFile sh; @@ -39,8 +39,8 @@ let build-users-group = nixbld build-max-jobs = ${toString (cfg.maxJobs)} build-cores = ${toString (cfg.buildCores)} - build-use-chroot = ${if (builtins.isBool cfg.useChroot) then (if cfg.useChroot then "true" else "false") else cfg.useChroot} - build-chroot-dirs = ${toString cfg.chrootDirs} /bin/sh=${sh} $(echo $extraPaths) + build-use-sandbox = ${if (builtins.isBool cfg.useSandbox) then (if cfg.useSandbox then "true" else "false") else cfg.useSandbox} + build-sandbox-paths = ${toString cfg.sandboxPaths} /bin/sh=${sh} $(echo $extraPaths) binary-caches = ${toString cfg.binaryCaches} trusted-binary-caches = ${toString cfg.trustedBinaryCaches} binary-cache-public-keys = ${toString cfg.binaryCachePublicKeys} @@ -98,25 +98,25 @@ in ''; }; - useChroot = mkOption { + useSandbox = mkOption { type = types.either types.bool (types.enum ["relaxed"]); default = false; description = " - If set, Nix will perform builds in a chroot-environment that it + If set, Nix will perform builds in a sandboxed environment that it will set up automatically for each build. This prevents impurities in builds by disallowing access to dependencies outside of the Nix store. "; }; - chrootDirs = mkOption { + sandboxPaths = mkOption { type = types.listOf types.str; default = []; example = [ "/dev" "/proc" ]; description = '' Directories from the host filesystem to be included - in the chroot. + in the sandbox. ''; }; -- cgit 1.4.1 From 201590fd97d44a56ebcc8ac487c6f8899fd3c153 Mon Sep 17 00:00:00 2001 From: Théophane Hufschmitt Date: Wed, 20 Apr 2016 09:32:11 +0200 Subject: zerobin service : init --- nixos/modules/module-list.nix | 1 + nixos/modules/services/networking/zerobin.nix | 102 ++++++++++++++++++++++++++ 2 files changed, 103 insertions(+) create mode 100644 nixos/modules/services/networking/zerobin.nix (limited to 'nixos') diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 972802b2341f..b238003dd0ca 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -401,6 +401,7 @@ ./services/networking/wicd.nix ./services/networking/wpa_supplicant.nix ./services/networking/xinetd.nix + ./services/networking/zerobin.nix ./services/networking/zerotierone.nix ./services/networking/znc.nix ./services/printing/cupsd.nix diff --git a/nixos/modules/services/networking/zerobin.nix b/nixos/modules/services/networking/zerobin.nix new file mode 100644 index 000000000000..1c524602f8e9 --- /dev/null +++ b/nixos/modules/services/networking/zerobin.nix @@ -0,0 +1,102 @@ +{ config, pkgs, lib, nodes, ... }: +with lib; +let + cfg = config.services.zerobin; + + zerobin_config = pkgs.writeText "zerobin-config.py" '' + PASTE_FILES_ROOT = "${cfg.dataDir}" + ${cfg.extraConfig} + ''; + +in + { + options = { + services.zerobin = { + enable = mkEnableOption "0bin"; + + dataDir = mkOption { + type = types.str; + default = "/var/lib/zerobin"; + description = '' + Path to the 0bin data directory + ''; + }; + + user = mkOption { + type = types.str; + default = "zerobin"; + description = '' + The user 0bin should run as + ''; + }; + + group = mkOption { + type = types.str; + default = "zerobin"; + description = '' + The group 0bin should run as + ''; + }; + + listenPort = mkOption { + type = types.int; + default = 8000; + example = 1357; + description = '' + The port zerobin should listen on + ''; + }; + + listenAddress = mkOption { + type = types.str; + default = "localhost"; + example = "127.0.0.1"; + description = '' + The address zerobin should listen to + ''; + }; + + extraConfig = mkOption { + type = types.lines; + default = ""; + example = '' + MENU = ( + ('Home', '/'), + ) + COMPRESSED_STATIC_FILE = True + ''; + description = '' + Extra configuration to be appended to the 0bin config file + (see https://0bin.readthedocs.org/en/latest/en/options.html) + ''; + }; + }; + }; + + config = mkIf (cfg.enable) { + users.users."${cfg.user}" = + if cfg.user == "zerobin" then { + isSystemUser = true; + group = cfg.group; + home = cfg.dataDir; + createHome = true; + } + else {}; + users.groups."${cfg.group}" = {}; + + systemd.services.zerobin = { + enable = true; + after = [ "network-interfaces.target" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig.ExecStart = "${pkgs.pythonPackages.zerobin}/bin/zerobin ${cfg.listenAddress} ${toString cfg.listenPort} false ${cfg.user} ${cfg.group} ${zerobin_config}"; + serviceConfig.PrivateTmp="yes"; + serviceConfig.User = cfg.user; + serviceConfig.Group = cfg.group; + preStart = '' + mkdir -p ${cfg.dataDir} + chown ${cfg.user} ${cfg.dataDir} + ''; + }; + }; + } + -- cgit 1.4.1 From 70f5c840af9ecdb57ec97f6c56e5ce1f3939be1a Mon Sep 17 00:00:00 2001 From: Tuomas Tynkkynen Date: Sun, 24 Apr 2016 14:01:40 +0300 Subject: nix-daemon service: Don't have the output in the `nix.package' option 1) It unnecessarily exposes implementation details. 2) It breaks all existing configs that have e.g. `nix.package = pkgs.nixUnstable;`. --- nixos/modules/services/misc/nix-daemon.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'nixos') diff --git a/nixos/modules/services/misc/nix-daemon.nix b/nixos/modules/services/misc/nix-daemon.nix index c84c67ff2872..5400588d0274 100644 --- a/nixos/modules/services/misc/nix-daemon.nix +++ b/nixos/modules/services/misc/nix-daemon.nix @@ -65,8 +65,8 @@ in package = mkOption { type = types.package; - default = pkgs.nix.out; - defaultText = "pkgs.nix.out"; + default = pkgs.nix; + defaultText = "pkgs.nix"; description = '' This option specifies the Nix package instance to use throughout the system. ''; -- cgit 1.4.1 From bee04a37ad9157fa7992b80df53919759b1ebffd Mon Sep 17 00:00:00 2001 From: Tuomas Tynkkynen Date: Sun, 24 Apr 2016 14:00:31 +0300 Subject: amazon-init.nix: Use makeBinPath This also fixes the incorrect use of 'dev' outputs from config.nix.package and pkgs.systemd. --- nixos/modules/virtualisation/amazon-init.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'nixos') diff --git a/nixos/modules/virtualisation/amazon-init.nix b/nixos/modules/virtualisation/amazon-init.nix index 886552f33c2c..c9356c9b4eaa 100644 --- a/nixos/modules/virtualisation/amazon-init.nix +++ b/nixos/modules/virtualisation/amazon-init.nix @@ -8,7 +8,7 @@ let echo "attempting to fetch configuration from EC2 user data..." - export PATH=${config.nix.package}/bin:${pkgs.systemd}/bin:${pkgs.gnugrep}/bin:${pkgs.gnused}/bin:${config.system.build.nixos-rebuild}/bin:$PATH + export PATH=${pkgs.lib.makeBinPath [ config.nix.package pkgs.systemd pkgs.gnugrep pkgs.gnused config.system.build.nixos-rebuild]}:$PATH export NIX_PATH=/nix/var/nix/profiles/per-user/root/channels/nixos:nixos-config=/etc/nixos/configuration.nix:/nix/var/nix/profiles/per-user/root/channels userData=/etc/ec2-metadata/user-data -- cgit 1.4.1 From 60f5659dad9ee8dc8b55f5ec814cd50cd6a8ca96 Mon Sep 17 00:00:00 2001 From: Tuomas Tynkkynen Date: Sun, 24 Apr 2016 13:57:19 +0300 Subject: treewide: Use correct output in ${config.nix.package}/bin --- nixos/lib/make-disk-image.nix | 6 +++--- nixos/modules/installer/cd-dvd/channel.nix | 2 +- nixos/modules/installer/cd-dvd/iso-image.nix | 4 ++-- nixos/modules/installer/cd-dvd/sd-image.nix | 4 ++-- nixos/modules/installer/cd-dvd/system-tarball.nix | 4 ++-- nixos/modules/profiles/docker-container.nix | 4 ++-- nixos/modules/services/misc/nix-gc.nix | 2 +- nixos/modules/services/misc/nix-ssh-serve.nix | 2 +- nixos/modules/virtualisation/azure-image.nix | 4 ++-- nixos/modules/virtualisation/brightbox-image.nix | 4 ++-- nixos/modules/virtualisation/google-compute-image.nix | 4 ++-- nixos/modules/virtualisation/qemu-vm.nix | 2 +- 12 files changed, 21 insertions(+), 21 deletions(-) (limited to 'nixos') diff --git a/nixos/lib/make-disk-image.nix b/nixos/lib/make-disk-image.nix index caf0ab4c07b5..63666c99b230 100644 --- a/nixos/lib/make-disk-image.nix +++ b/nixos/lib/make-disk-image.nix @@ -81,14 +81,14 @@ pkgs.vmTools.runInLinuxVM ( # Register the paths in the Nix database. printRegistration=1 perl ${pkgs.pathsFromGraph} /tmp/xchg/closure | \ - chroot /mnt ${config.nix.package}/bin/nix-store --load-db --option build-users-group "" + chroot /mnt ${config.nix.package.out}/bin/nix-store --load-db --option build-users-group "" # Add missing size/hash fields to the database. FIXME: # exportReferencesGraph should provide these directly. - chroot /mnt ${config.nix.package}/bin/nix-store --verify --check-contents + chroot /mnt ${config.nix.package.out}/bin/nix-store --verify --check-contents # Create the system profile to allow nixos-rebuild to work. - chroot /mnt ${config.nix.package}/bin/nix-env --option build-users-group "" \ + chroot /mnt ${config.nix.package.out}/bin/nix-env --option build-users-group "" \ -p /nix/var/nix/profiles/system --set ${config.system.build.toplevel} # `nixos-rebuild' requires an /etc/NIXOS. diff --git a/nixos/modules/installer/cd-dvd/channel.nix b/nixos/modules/installer/cd-dvd/channel.nix index 1e5e2b2615c8..cd6e72755dea 100644 --- a/nixos/modules/installer/cd-dvd/channel.nix +++ b/nixos/modules/installer/cd-dvd/channel.nix @@ -34,7 +34,7 @@ in if ! [ -e /var/lib/nixos/did-channel-init ]; then echo "unpacking the NixOS/Nixpkgs sources..." mkdir -p /nix/var/nix/profiles/per-user/root - ${config.nix.package}/bin/nix-env -p /nix/var/nix/profiles/per-user/root/channels \ + ${config.nix.package.out}/bin/nix-env -p /nix/var/nix/profiles/per-user/root/channels \ -i ${channelSources} --quiet --option build-use-substitutes false mkdir -m 0700 -p /root/.nix-defexpr ln -s /nix/var/nix/profiles/per-user/root/channels /root/.nix-defexpr/channels diff --git a/nixos/modules/installer/cd-dvd/iso-image.nix b/nixos/modules/installer/cd-dvd/iso-image.nix index 5702e2d9a1e5..c31ded977e68 100644 --- a/nixos/modules/installer/cd-dvd/iso-image.nix +++ b/nixos/modules/installer/cd-dvd/iso-image.nix @@ -364,12 +364,12 @@ in '' # After booting, register the contents of the Nix store on the # CD in the Nix database in the tmpfs. - ${config.nix.package}/bin/nix-store --load-db < /nix/store/nix-path-registration + ${config.nix.package.out}/bin/nix-store --load-db < /nix/store/nix-path-registration # nixos-rebuild also requires a "system" profile and an # /etc/NIXOS tag. touch /etc/NIXOS - ${config.nix.package}/bin/nix-env -p /nix/var/nix/profiles/system --set /run/current-system + ${config.nix.package.out}/bin/nix-env -p /nix/var/nix/profiles/system --set /run/current-system ''; # Add vfat support to the initrd to enable people to copy the diff --git a/nixos/modules/installer/cd-dvd/sd-image.nix b/nixos/modules/installer/cd-dvd/sd-image.nix index 9eba542d8c91..23312c073d56 100644 --- a/nixos/modules/installer/cd-dvd/sd-image.nix +++ b/nixos/modules/installer/cd-dvd/sd-image.nix @@ -113,11 +113,11 @@ in ${pkgs.e2fsprogs}/bin/resize2fs $rootPart # Register the contents of the initial Nix store - ${config.nix.package}/bin/nix-store --load-db < /nix-path-registration + ${config.nix.package.out}/bin/nix-store --load-db < /nix-path-registration # nixos-rebuild also requires a "system" profile and an /etc/NIXOS tag. touch /etc/NIXOS - ${config.nix.package}/bin/nix-env -p /nix/var/nix/profiles/system --set /run/current-system + ${config.nix.package.out}/bin/nix-env -p /nix/var/nix/profiles/system --set /run/current-system # Prevents this from running on later boots. rm -f /nix-path-registration diff --git a/nixos/modules/installer/cd-dvd/system-tarball.nix b/nixos/modules/installer/cd-dvd/system-tarball.nix index 90e9b98a4575..1962a1959ead 100644 --- a/nixos/modules/installer/cd-dvd/system-tarball.nix +++ b/nixos/modules/installer/cd-dvd/system-tarball.nix @@ -78,14 +78,14 @@ in # After booting, register the contents of the Nix store on the # CD in the Nix database in the tmpfs. if [ -f /nix-path-registration ]; then - ${config.nix.package}/bin/nix-store --load-db < /nix-path-registration && + ${config.nix.package.out}/bin/nix-store --load-db < /nix-path-registration && rm /nix-path-registration fi # nixos-rebuild also requires a "system" profile and an # /etc/NIXOS tag. touch /etc/NIXOS - ${config.nix.package}/bin/nix-env -p /nix/var/nix/profiles/system --set /run/current-system + ${config.nix.package.out}/bin/nix-env -p /nix/var/nix/profiles/system --set /run/current-system ''; }; diff --git a/nixos/modules/profiles/docker-container.nix b/nixos/modules/profiles/docker-container.nix index df762b7ac584..433492b96137 100644 --- a/nixos/modules/profiles/docker-container.nix +++ b/nixos/modules/profiles/docker-container.nix @@ -37,12 +37,12 @@ in { # After booting, register the contents of the Nix store in the Nix # database. if [ -f /nix-path-registration ]; then - ${config.nix.package}/bin/nix-store --load-db < /nix-path-registration && + ${config.nix.package.out}/bin/nix-store --load-db < /nix-path-registration && rm /nix-path-registration fi # nixos-rebuild also requires a "system" profile - ${config.nix.package}/bin/nix-env -p /nix/var/nix/profiles/system --set /run/current-system + ${config.nix.package.out}/bin/nix-env -p /nix/var/nix/profiles/system --set /run/current-system ''; # Install new init script diff --git a/nixos/modules/services/misc/nix-gc.nix b/nixos/modules/services/misc/nix-gc.nix index 6a7a7f4cee72..5c13da6e83dd 100644 --- a/nixos/modules/services/misc/nix-gc.nix +++ b/nixos/modules/services/misc/nix-gc.nix @@ -52,7 +52,7 @@ in systemd.services.nix-gc = { description = "Nix Garbage Collector"; - script = "exec ${config.nix.package}/bin/nix-collect-garbage ${cfg.options}"; + script = "exec ${config.nix.package.out}/bin/nix-collect-garbage ${cfg.options}"; startAt = optionalString cfg.automatic cfg.dates; }; diff --git a/nixos/modules/services/misc/nix-ssh-serve.nix b/nixos/modules/services/misc/nix-ssh-serve.nix index d70bd855c7ff..66148431709f 100644 --- a/nixos/modules/services/misc/nix-ssh-serve.nix +++ b/nixos/modules/services/misc/nix-ssh-serve.nix @@ -41,7 +41,7 @@ with lib; PermitTTY no PermitTunnel no X11Forwarding no - ForceCommand ${config.nix.package}/bin/nix-store --serve + ForceCommand ${config.nix.package.out}/bin/nix-store --serve Match All ''; diff --git a/nixos/modules/virtualisation/azure-image.nix b/nixos/modules/virtualisation/azure-image.nix index 9dc0ce119929..9fac543b03d5 100644 --- a/nixos/modules/virtualisation/azure-image.nix +++ b/nixos/modules/virtualisation/azure-image.nix @@ -62,10 +62,10 @@ in echo Register the paths in the Nix database. printRegistration=1 perl ${pkgs.pathsFromGraph} /tmp/xchg/closure | \ - chroot /mnt ${config.nix.package}/bin/nix-store --load-db --option build-users-group "" + chroot /mnt ${config.nix.package.out}/bin/nix-store --load-db --option build-users-group "" echo Create the system profile to allow nixos-rebuild to work. - chroot /mnt ${config.nix.package}/bin/nix-env \ + chroot /mnt ${config.nix.package.out}/bin/nix-env \ -p /nix/var/nix/profiles/system --set ${config.system.build.toplevel} --option build-users-group "" echo nixos-rebuild requires an /etc/NIXOS. diff --git a/nixos/modules/virtualisation/brightbox-image.nix b/nixos/modules/virtualisation/brightbox-image.nix index b6b2bd4f69be..bcafc06e47c0 100644 --- a/nixos/modules/virtualisation/brightbox-image.nix +++ b/nixos/modules/virtualisation/brightbox-image.nix @@ -62,10 +62,10 @@ in # Register the paths in the Nix database. printRegistration=1 perl ${pkgs.pathsFromGraph} /tmp/xchg/closure | \ - chroot /mnt ${config.nix.package}/bin/nix-store --load-db --option build-users-group "" + chroot /mnt ${config.nix.package.out}/bin/nix-store --load-db --option build-users-group "" # Create the system profile to allow nixos-rebuild to work. - chroot /mnt ${config.nix.package}/bin/nix-env \ + chroot /mnt ${config.nix.package.out}/bin/nix-env \ -p /nix/var/nix/profiles/system --set ${config.system.build.toplevel} \ --option build-users-group "" diff --git a/nixos/modules/virtualisation/google-compute-image.nix b/nixos/modules/virtualisation/google-compute-image.nix index 77074b882468..38417315df5b 100644 --- a/nixos/modules/virtualisation/google-compute-image.nix +++ b/nixos/modules/virtualisation/google-compute-image.nix @@ -66,10 +66,10 @@ in # Register the paths in the Nix database. printRegistration=1 perl ${pkgs.pathsFromGraph} /tmp/xchg/closure | \ - chroot /mnt ${config.nix.package}/bin/nix-store --load-db --option build-users-group "" + chroot /mnt ${config.nix.package.out}/bin/nix-store --load-db --option build-users-group "" # Create the system profile to allow nixos-rebuild to work. - chroot /mnt ${config.nix.package}/bin/nix-env \ + chroot /mnt ${config.nix.package.out}/bin/nix-env \ -p /nix/var/nix/profiles/system --set ${config.system.build.toplevel} \ --option build-users-group "" diff --git a/nixos/modules/virtualisation/qemu-vm.nix b/nixos/modules/virtualisation/qemu-vm.nix index d9b866d2e55e..8aa643687557 100644 --- a/nixos/modules/virtualisation/qemu-vm.nix +++ b/nixos/modules/virtualisation/qemu-vm.nix @@ -403,7 +403,7 @@ in boot.postBootCommands = '' if [[ "$(cat /proc/cmdline)" =~ regInfo=([^ ]*) ]]; then - ${config.nix.package}/bin/nix-store --load-db < ''${BASH_REMATCH[1]} + ${config.nix.package.out}/bin/nix-store --load-db < ''${BASH_REMATCH[1]} fi ''; -- cgit 1.4.1 From 1d4b21ef42a41fcecc254f61f279ad306f41e6b3 Mon Sep 17 00:00:00 2001 From: Tuomas Tynkkynen Date: Sun, 24 Apr 2016 14:06:04 +0300 Subject: treewide: Use correct output of config.nix.package in non-string contexts --- nixos/modules/installer/tools/auto-upgrade.nix | 2 +- nixos/modules/installer/tools/nixos-rebuild.sh | 2 +- nixos/modules/installer/tools/tools.nix | 6 +++--- nixos/modules/services/misc/nix-daemon.nix | 2 +- nixos/modules/services/networking/nix-serve.nix | 2 +- nixos/modules/system/boot/loader/gummiboot/gummiboot.nix | 2 +- 6 files changed, 8 insertions(+), 8 deletions(-) (limited to 'nixos') diff --git a/nixos/modules/installer/tools/auto-upgrade.nix b/nixos/modules/installer/tools/auto-upgrade.nix index 79ccb5c3d18a..b21b80c666aa 100644 --- a/nixos/modules/installer/tools/auto-upgrade.nix +++ b/nixos/modules/installer/tools/auto-upgrade.nix @@ -78,7 +78,7 @@ let cfg = config.system.autoUpgrade; in HOME = "/root"; }; - path = [ pkgs.gnutar pkgs.xz.bin config.nix.package ]; + path = [ pkgs.gnutar pkgs.xz.bin config.nix.package.out ]; script = '' ${config.system.build.nixos-rebuild}/bin/nixos-rebuild switch ${toString cfg.flags} diff --git a/nixos/modules/installer/tools/nixos-rebuild.sh b/nixos/modules/installer/tools/nixos-rebuild.sh index cd30958d9e8a..5ecdcdb3cdb5 100644 --- a/nixos/modules/installer/tools/nixos-rebuild.sh +++ b/nixos/modules/installer/tools/nixos-rebuild.sh @@ -271,7 +271,7 @@ remotePATH= if [ -n "$buildNix" ]; then echo "building Nix..." >&2 nixDrv= - if ! nixDrv="$(nix-instantiate '' --add-root $tmpDir/nix.drv --indirect -A config.nix.package "${extraBuildFlags[@]}")"; then + if ! nixDrv="$(nix-instantiate '' --add-root $tmpDir/nix.drv --indirect -A config.nix.package.out "${extraBuildFlags[@]}")"; then if ! nixDrv="$(nix-instantiate '' --add-root $tmpDir/nix.drv --indirect -A nixFallback "${extraBuildFlags[@]}")"; then if ! nixDrv="$(nix-instantiate '' --add-root $tmpDir/nix.drv --indirect -A nix "${extraBuildFlags[@]}")"; then nixStorePath="$(prebuiltNix "$(uname -m)")" diff --git a/nixos/modules/installer/tools/tools.nix b/nixos/modules/installer/tools/tools.nix index 9ac3b7a5b16f..b8fd9deaf1e4 100644 --- a/nixos/modules/installer/tools/tools.nix +++ b/nixos/modules/installer/tools/tools.nix @@ -22,17 +22,17 @@ let src = ./nixos-install.sh; inherit (pkgs) perl pathsFromGraph; - nix = config.nix.package; + nix = config.nix.package.out; nixClosure = pkgs.runCommand "closure" - { exportReferencesGraph = ["refs" config.nix.package]; } + { exportReferencesGraph = ["refs" config.nix.package.out]; } "cp refs $out"; }; nixos-rebuild = makeProg { name = "nixos-rebuild"; src = ./nixos-rebuild.sh; - nix = config.nix.package; + nix = config.nix.package.out; }; nixos-generate-config = makeProg { diff --git a/nixos/modules/services/misc/nix-daemon.nix b/nixos/modules/services/misc/nix-daemon.nix index 5400588d0274..d71837737ab3 100644 --- a/nixos/modules/services/misc/nix-daemon.nix +++ b/nixos/modules/services/misc/nix-daemon.nix @@ -6,7 +6,7 @@ let cfg = config.nix; - nix = cfg.package; + nix = cfg.package.out; makeNixBuildUser = nr: { name = "nixbld${toString nr}"; diff --git a/nixos/modules/services/networking/nix-serve.nix b/nixos/modules/services/networking/nix-serve.nix index 8f6881441cf7..3e865e3b76a8 100644 --- a/nixos/modules/services/networking/nix-serve.nix +++ b/nixos/modules/services/networking/nix-serve.nix @@ -50,7 +50,7 @@ in after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; - path = [ config.nix.package pkgs.bzip2.bin ]; + path = [ config.nix.package.out pkgs.bzip2.bin ]; environment.NIX_REMOTE = "daemon"; environment.NIX_SECRET_KEY_FILE = cfg.secretKeyFile; diff --git a/nixos/modules/system/boot/loader/gummiboot/gummiboot.nix b/nixos/modules/system/boot/loader/gummiboot/gummiboot.nix index 6c201eb8212f..69ad2c6d44f4 100644 --- a/nixos/modules/system/boot/loader/gummiboot/gummiboot.nix +++ b/nixos/modules/system/boot/loader/gummiboot/gummiboot.nix @@ -14,7 +14,7 @@ let inherit (pkgs) python gummiboot; - nix = config.nix.package; + nix = config.nix.package.out; timeout = if cfg.timeout != null then cfg.timeout else ""; -- cgit 1.4.1