From 89b306a7ffbd8f1108a4586f1fa55eed56df8a07 Mon Sep 17 00:00:00 2001 From: Nikita Mikhailov Date: Sat, 26 Sep 2015 23:58:49 +0600 Subject: Enable setting extended NetworkManager hooks --- nixos/modules/services/networking/networkmanager.nix | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'nixos') diff --git a/nixos/modules/services/networking/networkmanager.nix b/nixos/modules/services/networking/networkmanager.nix index adbc6099c95a..8370eca21e52 100644 --- a/nixos/modules/services/networking/networkmanager.nix +++ b/nixos/modules/services/networking/networkmanager.nix @@ -71,11 +71,10 @@ let ${coreutils}/bin/rm -f $tmp $tmp.ns ''; - # pre-up and pre-down hooks were added in NM 0.9.10, but we still use 0.9.0 dispatcherTypesSubdirMap = { "basic" = ""; - /*"pre-up" = "pre-up.d/"; - "pre-down" = "pre-down.d/";*/ + "pre-up" = "pre-up.d/"; + "pre-down" = "pre-down.d/"; }; in { -- cgit 1.4.1 From c0248c0c1f46f42ed736386e0d0ee67da5b329a6 Mon Sep 17 00:00:00 2001 From: Thomas Strobel Date: Mon, 28 Sep 2015 18:43:40 +0200 Subject: networking module: init 'wlanInterfaces' option Configuration option for setting up virtual WLAN interfaces. If the hardware NIC supports it, then multiple virtual WLAN interfaces can be configured through the options of the new 'networking.wlanInterfaces' module. For example, the following configuration transforms the device with the persistent udev name 'wlp6s0' into a managed and a ad hoc device with the device names 'wlan-managed0' and 'wlan-adhoc0', respectively: networking.wlanInterfaces = { "wlan-managed0" = { type = "managed"; device = "wlp6s0"; }; "wlan-adhoc0" = { type = "ibss"; device = "wlp6s0"; }; }; Internally, a udev rule is created that matches wlp6s0 and runs a script which adds the missing virtual interfaces and re-configures the wlp6s0 interface accordingly. Once the new interfaces are created by the Linux kernel, the configuration of the interfaces is managed by udev and systemd in the usual way. --- nixos/modules/tasks/network-interfaces.nix | 168 +++++++++++++++++++++++++++++ 1 file changed, 168 insertions(+) (limited to 'nixos') diff --git a/nixos/modules/tasks/network-interfaces.nix b/nixos/modules/tasks/network-interfaces.nix index 7af3160e2d42..f9410d75922f 100644 --- a/nixos/modules/tasks/network-interfaces.nix +++ b/nixos/modules/tasks/network-interfaces.nix @@ -46,6 +46,51 @@ let ''; }); + # Collect all interfaces that are defined for a device + # as device:interface key:value pairs. + wlanDeviceInterfaces = + let + allDevices = unique (mapAttrsToList (_: v: v.device) cfg.wlanInterfaces); + interfacesOfDevice = d: filterAttrs (_: v: v.device == d) cfg.wlanInterfaces; + in + genAttrs allDevices (d: interfacesOfDevice d); + + # Convert device:interface key:value pairs into a list, and if it exists, + # place the interface which is named after the device at the beginning. + wlanListDeviceFirst = device: interfaces: + if hasAttr device interfaces + then [{"${device}"=interfaces.device; _iName=device;}] ++ mapAttrsToList (n: v: v//{_iName=n;}) (filterAttrs (n: _: n!=device) interfaces) + else mapAttrsToList (n: v: v // {_iName = n;}) interfaces; + + # udev script that configures a physical wlan device and adds virtual interfaces + wlanDeviceUdevScript = device: interfaceList: pkgs.writeScript "wlan-${device}-udev-script" '' + #!${pkgs.stdenv.shell} + + # Change the wireless phy device to a predictable name. + if [ -e "/sys/class/net/${device}/phy80211/name" ]; then + ${pkgs.iw}/bin/iw phy `${pkgs.coreutils}/bin/cat /sys/class/net/${device}/phy80211/name` set name ${device} || true + fi + + # Crate new, virtual interfaces and configure them at the same time + ${flip concatMapStrings (drop 1 interfaceList) (i: '' + ${pkgs.iw}/bin/iw dev ${device} interface add ${i._iName} type ${i.type} \ + ${optionalString (i.type == "mesh" && i.meshID != null) "mesh_id ${i.meshID}"} \ + ${optionalString (i.type == "monitor" && i.flags != null) "flags ${i.flags}"} \ + ${optionalString (i.type == "managed" && i.fourAddr != null) "4addr ${if i.fourAddr then "on" else "off"}"} \ + ${optionalString (i.mac != null) "addr ${i.mac}"} + '')} + + # Reconfigure and rename the default interface that already exists + ${flip concatMapStrings (take 1 interfaceList) (i: '' + ${pkgs.iw}/bin/iw dev ${device} set type ${i.type} + ${optionalString (i.type == "mesh" && i.meshID != null) "${pkgs.iw}/bin/iw dev ${device} set meshid ${i.meshID}"} + ${optionalString (i.type == "monitor" && i.flags != null) "${pkgs.iw}/bin/iw dev ${device} set monitor ${i.flags}"} + ${optionalString (i.type == "managed" && i.fourAddr != null) "${pkgs.iw}/bin/iw dev ${device} set 4addr ${if i.fourAddr then "on" else "off"}"} + ${optionalString (i.mac != null) "${pkgs.iproute}/bin/ip link set dev ${device} address ${i.mac}"} + ${optionalString (device != i._iName) "${pkgs.iproute}/bin/ip link set dev ${device} name ${i._iName}"} + '')} + ''; + # We must escape interfaces due to the systemd interpretation subsystemDevice = interface: "sys-subsystem-net-devices-${escapeSystemdPath interface}.device"; @@ -688,6 +733,110 @@ in }; }; + networking.wlanInterfaces = mkOption { + default = { }; + example = { + "wlan-station0" = { + device = "wlp6s0"; + }; + "wlan-adhoc0" = { + type = "ibss"; + device = "wlp6s0"; + mac = "02:00:00:00:00:01"; + }; + "wlan-p2p0" = { + device = "wlp6s0"; + mac = "02:00:00:00:00:02"; + }; + "wlan-ap0" = { + device = "wlp6s0"; + mac = "02:00:00:00:00:03"; + }; + }; + description = + '' + Creating multiple WLAN interfaces on top of one physical WLAN device (NIC). + + The name of the WLAN interface corresponds to the name of the attribute. + A NIC is referenced by the persistent device name of the WLAN interface that + udev assigns to a NIC by default. + If a NIC supports multiple WLAN interfaces, then the one NIC can be used as + device for multiple WLAN interfaces. + If a NIC is used for creating WLAN interfaces, then the default WLAN interface + with a persistent device name form udev is not created. + A WLAN interface with the persistent name assigned from udev + would have to be created explicitly. + ''; + + type = types.attrsOf types.optionSet; + + options = { + + device = mkOption { + type = types.string; + example = "wlp6s0"; + description = "The name of the underlying hardware WLAN device as assigned by udev."; + }; + + type = mkOption { + type = types.string; + default = "managed"; + example = "ibss"; + description = '' + The type of the WLAN interface. The type has to be either managed, + ibss, monitor, mesh or wds. + Also, the type has to be supported by the underlying hardware of the device. + ''; + }; + + meshID = mkOption { + type = types.nullOr types.string; + default = null; + description = "MeshID of interface with type mesh."; + }; + + flags = mkOption { + type = types.nullOr types.string; + default = null; + example = "control"; + description = '' + Flags for interface of type monitor. The valid flags are: + none: no special flags + fcsfail: show frames with FCS errors + control: show control frames + otherbss: show frames from other BSSes + cook: use cooked mode + active: use active mode (ACK incoming unicast packets) + ''; + }; + + fourAddr = mkOption { + type = types.nullOr types.bool; + default = null; + description = "Whether to enable 4-address mode with type managed."; + }; + + mac = mkOption { + type = types.nullOr types.str; + default = null; + example = "02:00:00:00:00:01"; + description = '' + MAC address to use for the device. If null, then the MAC of the + underlying hardware WLAN device is used. + + INFO: Locally administered MAC addresses are of the form: + + x2:xx:xx:xx:xx:xx + x6:xx:xx:xx:xx:xx + xA:xx:xx:xx:xx:xx + xE:xx:xx:xx:xx:xx + + ''; + }; + + }; + }; + networking.useDHCP = mkOption { type = types.bool; default = true; @@ -844,6 +993,25 @@ in virtualisation.vswitch = mkIf (cfg.vswitches != { }) { enable = true; }; + services.udev.packages = mkIf (cfg.wlanInterfaces != {}) [ + (pkgs.writeTextFile { + name = "99-zzz-wlanInterfaces-last.rules"; + destination = "/etc/udev/rules.d/99-zzz-wlanInterfaces-last.rules"; + text = '' + # If persistent udev device name is not used for an interface, then do not + # call systemd for that udev device name and only execute the script that + # modifies or prepares the WLAN interfaces. All other commands that would + # otherwise be executed when the udev device is added, like, e.g., the calling + # of systemd-sysctl or the activation of wpa_supplicant is disabled when the + # persistend udev device name is not usef for an interface. + ${flip (concatMapStringsSep "\n") (attrNames wlanDeviceInterfaces) (device: + let script = wlanDeviceUdevScript device (wlanListDeviceFirst device wlanDeviceInterfaces."${device}"); in + if hasAttr device cfg.wlanInterfaces + then ''ACTION=="add", SUBSYSTEM=="net", NAME=="${device}", ENV{DEVTYPE}=="wlan", RUN+="${script}"'' + else ''ACTION=="add", SUBSYSTEM=="net", NAME=="${device}", ENV{DEVTYPE}=="wlan", NAME="", TAG-="systemd", RUN:="${script}"'')} + ''; + }) ]; + }; } -- cgit 1.4.1 From 6dfb16730bb8348c9466260983fb313477611dec Mon Sep 17 00:00:00 2001 From: Thomas Strobel Date: Thu, 1 Oct 2015 17:48:34 +0200 Subject: networking module: fix DocBook tags --- nixos/modules/tasks/network-interfaces.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'nixos') diff --git a/nixos/modules/tasks/network-interfaces.nix b/nixos/modules/tasks/network-interfaces.nix index f9410d75922f..9ffede48bf52 100644 --- a/nixos/modules/tasks/network-interfaces.nix +++ b/nixos/modules/tasks/network-interfaces.nix @@ -826,10 +826,10 @@ in INFO: Locally administered MAC addresses are of the form: - x2:xx:xx:xx:xx:xx - x6:xx:xx:xx:xx:xx - xA:xx:xx:xx:xx:xx - xE:xx:xx:xx:xx:xx + x2:xx:xx:xx:xx:xx + x6:xx:xx:xx:xx:xx + xA:xx:xx:xx:xx:xx + xE:xx:xx:xx:xx:xx ''; }; -- cgit 1.4.1 From 213bb5875282acb531d8e64737ab399224ec9fe8 Mon Sep 17 00:00:00 2001 From: Thomas Strobel Date: Fri, 2 Oct 2015 12:06:55 +0200 Subject: networking module: fix for wlanInterfaces --- nixos/modules/tasks/network-interfaces.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'nixos') diff --git a/nixos/modules/tasks/network-interfaces.nix b/nixos/modules/tasks/network-interfaces.nix index 9ffede48bf52..03e647b1b1e7 100644 --- a/nixos/modules/tasks/network-interfaces.nix +++ b/nixos/modules/tasks/network-interfaces.nix @@ -59,7 +59,7 @@ let # place the interface which is named after the device at the beginning. wlanListDeviceFirst = device: interfaces: if hasAttr device interfaces - then [{"${device}"=interfaces.device; _iName=device;}] ++ mapAttrsToList (n: v: v//{_iName=n;}) (filterAttrs (n: _: n!=device) interfaces) + then mapAttrsToList (n: v: v//{_iName=n;}) (filterAttrs (n: _: n==device) interfaces) ++ mapAttrsToList (n: v: v//{_iName=n;}) (filterAttrs (n: _: n!=device) interfaces) else mapAttrsToList (n: v: v // {_iName = n;}) interfaces; # udev script that configures a physical wlan device and adds virtual interfaces -- cgit 1.4.1 From 0dfddc5a542f4da76faac77f517ca90f6bf66094 Mon Sep 17 00:00:00 2001 From: Gabriel Ebner Date: Sat, 26 Sep 2015 09:40:44 +0200 Subject: opensmtpd: support filters. --- nixos/modules/services/mail/opensmtpd.nix | 20 +++++++- pkgs/servers/mail/opensmtpd/default.nix | 2 + pkgs/servers/mail/opensmtpd/proc_path.diff | 76 ++++++++++++++++++++++++++++++ 3 files changed, 97 insertions(+), 1 deletion(-) create mode 100644 pkgs/servers/mail/opensmtpd/proc_path.diff (limited to 'nixos') diff --git a/nixos/modules/services/mail/opensmtpd.nix b/nixos/modules/services/mail/opensmtpd.nix index a3e50b422920..a1cfd84365a2 100644 --- a/nixos/modules/services/mail/opensmtpd.nix +++ b/nixos/modules/services/mail/opensmtpd.nix @@ -46,6 +46,17 @@ in { is left empty, the OpenSMTPD server will not start. ''; }; + + procPackages = mkOption { + type = types.listOf types.path; + default = []; + description = '' + Packages to search for filters, tables, queues, and schedulers. + + Add OpenSMTPD-extras here if you want to use the filters, etc. from + that package. + ''; + }; }; }; @@ -72,12 +83,19 @@ in { }; }; - systemd.services.opensmtpd = { + systemd.services.opensmtpd = let + procEnv = pkgs.buildEnv { + name = "opensmtpd-procs"; + paths = [ opensmtpd ] ++ cfg.procPackages; + pathsToLink = [ "/libexec/opensmtpd" ]; + }; + in { wantedBy = [ "multi-user.target" ]; wants = [ "network.target" ]; after = [ "network.target" ]; preStart = "mkdir -p /var/spool"; serviceConfig.ExecStart = "${opensmtpd}/sbin/smtpd -d -f ${conf} ${args}"; + environment.OPENSMTPD_PROC_PATH = "${procEnv}/libexec/opensmtpd"; }; environment.systemPackages = [ (pkgs.runCommand "opensmtpd-sendmail" {} '' diff --git a/pkgs/servers/mail/opensmtpd/default.nix b/pkgs/servers/mail/opensmtpd/default.nix index 59e58811cde8..2fd3f0421b97 100644 --- a/pkgs/servers/mail/opensmtpd/default.nix +++ b/pkgs/servers/mail/opensmtpd/default.nix @@ -14,6 +14,8 @@ stdenv.mkDerivation rec { sha256 = "67e9dd9682ca8c181e84e66c76245a4a8f6205834f915a2c021cdfeb22049e3a"; }; + patches = [ ./proc_path.diff ]; + configureFlags = [ "--sysconfdir=/etc" "--localstatedir=/var" diff --git a/pkgs/servers/mail/opensmtpd/proc_path.diff b/pkgs/servers/mail/opensmtpd/proc_path.diff new file mode 100644 index 000000000000..0e8eac0bb83b --- /dev/null +++ b/pkgs/servers/mail/opensmtpd/proc_path.diff @@ -0,0 +1,76 @@ +diff -Naur opensmtpd-5.7.1p1/smtpd/parse.y opensmtpd-5.7.1p1.patched/smtpd/parse.y +--- opensmtpd-5.7.1p1/smtpd/parse.y 2015-06-30 10:13:34.000000000 +0200 ++++ opensmtpd-5.7.1p1.patched/smtpd/parse.y 2015-09-26 08:41:17.012472516 +0200 +@@ -2519,13 +2519,19 @@ + { + struct filter_conf *f; + char *path; ++ const char *proc_path; + + if (dict_get(&conf->sc_filters, name)) { + yyerror("filter \"%s\" already defined", name); + return (NULL); + } + +- if (asprintf(&path, "%s/filter-%s", PATH_LIBEXEC, prog) == -1) { ++ proc_path = getenv("OPENSMTPD_PROC_PATH"); ++ if (proc_path == NULL) { ++ proc_path = PATH_LIBEXEC; ++ } ++ ++ if (asprintf(&path, "%s/filter-%s", proc_path, prog) == -1) { + yyerror("filter \"%s\" asprintf failed", name); + return (0); + } +diff -Naur opensmtpd-5.7.1p1/smtpd/smtpd.c opensmtpd-5.7.1p1.patched/smtpd/smtpd.c +--- opensmtpd-5.7.1p1/smtpd/smtpd.c 2015-06-30 10:13:34.000000000 +0200 ++++ opensmtpd-5.7.1p1.patched/smtpd/smtpd.c 2015-09-26 08:41:16.998472557 +0200 +@@ -854,6 +854,7 @@ + char path[PATH_MAX]; + char name[PATH_MAX]; + char *arg; ++ char *proc_path; + + if (strlcpy(name, conf, sizeof(name)) >= sizeof(name)) { + log_warnx("warn: %s-proc: conf too long", key); +@@ -864,7 +865,12 @@ + if (arg) + *arg++ = '\0'; + +- if (snprintf(path, sizeof(path), PATH_LIBEXEC "/%s-%s", key, name) >= ++ proc_path = getenv("OPENSMTPD_PROC_PATH"); ++ if (proc_path == NULL) { ++ proc_path = PATH_LIBEXEC; ++ } ++ ++ if (snprintf(path, sizeof(path), "%s/%s-%s", proc_path, key, name) >= + (ssize_t)sizeof(path)) { + log_warn("warn: %s-proc: exec path too long", key); + return (-1); +diff -Naur opensmtpd-5.7.1p1/smtpd/table.c opensmtpd-5.7.1p1.patched/smtpd/table.c +--- opensmtpd-5.7.1p1/smtpd/table.c 2015-06-30 10:13:34.000000000 +0200 ++++ opensmtpd-5.7.1p1.patched/smtpd/table.c 2015-09-26 08:41:17.005472536 +0200 +@@ -201,6 +201,7 @@ + struct table_backend *tb; + char buf[LINE_MAX]; + char path[LINE_MAX]; ++ const char *proc_path; + size_t n; + struct stat sb; + +@@ -215,8 +216,14 @@ + if (name && table_find(name, NULL)) + fatalx("table_create: table \"%s\" already defined", name); + ++ proc_path = getenv("OPENSMTPD_PROC_PATH"); ++ if (proc_path == NULL) { ++ proc_path = PATH_LIBEXEC; ++ } ++ + if ((tb = table_backend_lookup(backend)) == NULL) { +- if ((size_t)snprintf(path, sizeof(path), PATH_LIBEXEC "/table-%s", ++ if ((size_t)snprintf(path, sizeof(path), "%s/table-%s", ++ proc_path, + backend) >= sizeof(path)) { + fatalx("table_create: path too long \"" + PATH_LIBEXEC "/table-%s\"", backend); -- cgit 1.4.1 From 54fe2f8c5c0312fe0d33f1667e80f0d46ea42e79 Mon Sep 17 00:00:00 2001 From: michael bishop Date: Sat, 3 Oct 2015 03:33:13 -0300 Subject: build the crontab localy, there is nothing to gain from building it remotely --- nixos/modules/services/scheduling/cron.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'nixos') diff --git a/nixos/modules/services/scheduling/cron.nix b/nixos/modules/services/scheduling/cron.nix index 02d80a77da50..1b5e83173e8f 100644 --- a/nixos/modules/services/scheduling/cron.nix +++ b/nixos/modules/services/scheduling/cron.nix @@ -100,7 +100,7 @@ in environment.systemPackages = [ cronNixosPkg ]; environment.etc.crontab = - { source = pkgs.runCommand "crontabs" { inherit allFiles; } + { source = pkgs.runCommand "crontabs" { inherit allFiles; preferLocalBuild = true; } '' touch $out for i in $allFiles; do -- cgit 1.4.1 From f660729e354a3f41cd115e3c5addf54f6d9c4420 Mon Sep 17 00:00:00 2001 From: Jaka Hudoklin Date: Sun, 6 Sep 2015 02:12:01 +0200 Subject: grafana service: fix package option name --- nixos/modules/services/monitoring/grafana.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'nixos') diff --git a/nixos/modules/services/monitoring/grafana.nix b/nixos/modules/services/monitoring/grafana.nix index fa653565a67f..5302728eae91 100644 --- a/nixos/modules/services/monitoring/grafana.nix +++ b/nixos/modules/services/monitoring/grafana.nix @@ -318,7 +318,7 @@ in { wantedBy = ["multi-user.target"]; after = ["networking.target"]; serviceConfig = { - ExecStart = "${cfg.package-backend}/bin/grafana --config ${cfgFile} web"; + ExecStart = "${cfg.package}/bin/grafana --config ${cfgFile} web"; WorkingDirectory = cfg.dataDir; User = "grafana"; }; -- cgit 1.4.1 From d286ac5887fdb240ae7e33f174a7eea7129290cf Mon Sep 17 00:00:00 2001 From: Thomas Strobel Date: Sun, 4 Oct 2015 10:57:16 +0200 Subject: networking module: restructure wlanInterfaces Restructure internals of networking.wlanInterfaces option to generate proper '.device' systemd targets for the WLAN interfaces. --- nixos/modules/tasks/network-interfaces.nix | 128 ++++++++++++++++------------- 1 file changed, 70 insertions(+), 58 deletions(-) (limited to 'nixos') diff --git a/nixos/modules/tasks/network-interfaces.nix b/nixos/modules/tasks/network-interfaces.nix index 03e647b1b1e7..6b5241c2aa59 100644 --- a/nixos/modules/tasks/network-interfaces.nix +++ b/nixos/modules/tasks/network-interfaces.nix @@ -46,51 +46,6 @@ let ''; }); - # Collect all interfaces that are defined for a device - # as device:interface key:value pairs. - wlanDeviceInterfaces = - let - allDevices = unique (mapAttrsToList (_: v: v.device) cfg.wlanInterfaces); - interfacesOfDevice = d: filterAttrs (_: v: v.device == d) cfg.wlanInterfaces; - in - genAttrs allDevices (d: interfacesOfDevice d); - - # Convert device:interface key:value pairs into a list, and if it exists, - # place the interface which is named after the device at the beginning. - wlanListDeviceFirst = device: interfaces: - if hasAttr device interfaces - then mapAttrsToList (n: v: v//{_iName=n;}) (filterAttrs (n: _: n==device) interfaces) ++ mapAttrsToList (n: v: v//{_iName=n;}) (filterAttrs (n: _: n!=device) interfaces) - else mapAttrsToList (n: v: v // {_iName = n;}) interfaces; - - # udev script that configures a physical wlan device and adds virtual interfaces - wlanDeviceUdevScript = device: interfaceList: pkgs.writeScript "wlan-${device}-udev-script" '' - #!${pkgs.stdenv.shell} - - # Change the wireless phy device to a predictable name. - if [ -e "/sys/class/net/${device}/phy80211/name" ]; then - ${pkgs.iw}/bin/iw phy `${pkgs.coreutils}/bin/cat /sys/class/net/${device}/phy80211/name` set name ${device} || true - fi - - # Crate new, virtual interfaces and configure them at the same time - ${flip concatMapStrings (drop 1 interfaceList) (i: '' - ${pkgs.iw}/bin/iw dev ${device} interface add ${i._iName} type ${i.type} \ - ${optionalString (i.type == "mesh" && i.meshID != null) "mesh_id ${i.meshID}"} \ - ${optionalString (i.type == "monitor" && i.flags != null) "flags ${i.flags}"} \ - ${optionalString (i.type == "managed" && i.fourAddr != null) "4addr ${if i.fourAddr then "on" else "off"}"} \ - ${optionalString (i.mac != null) "addr ${i.mac}"} - '')} - - # Reconfigure and rename the default interface that already exists - ${flip concatMapStrings (take 1 interfaceList) (i: '' - ${pkgs.iw}/bin/iw dev ${device} set type ${i.type} - ${optionalString (i.type == "mesh" && i.meshID != null) "${pkgs.iw}/bin/iw dev ${device} set meshid ${i.meshID}"} - ${optionalString (i.type == "monitor" && i.flags != null) "${pkgs.iw}/bin/iw dev ${device} set monitor ${i.flags}"} - ${optionalString (i.type == "managed" && i.fourAddr != null) "${pkgs.iw}/bin/iw dev ${device} set 4addr ${if i.fourAddr then "on" else "off"}"} - ${optionalString (i.mac != null) "${pkgs.iproute}/bin/ip link set dev ${device} address ${i.mac}"} - ${optionalString (device != i._iName) "${pkgs.iproute}/bin/ip link set dev ${device} name ${i._iName}"} - '')} - ''; - # We must escape interfaces due to the systemd interpretation subsystemDevice = interface: "sys-subsystem-net-devices-${escapeSystemdPath interface}.device"; @@ -997,19 +952,76 @@ in (pkgs.writeTextFile { name = "99-zzz-wlanInterfaces-last.rules"; destination = "/etc/udev/rules.d/99-zzz-wlanInterfaces-last.rules"; - text = '' - # If persistent udev device name is not used for an interface, then do not - # call systemd for that udev device name and only execute the script that - # modifies or prepares the WLAN interfaces. All other commands that would - # otherwise be executed when the udev device is added, like, e.g., the calling - # of systemd-sysctl or the activation of wpa_supplicant is disabled when the - # persistend udev device name is not usef for an interface. - ${flip (concatMapStringsSep "\n") (attrNames wlanDeviceInterfaces) (device: - let script = wlanDeviceUdevScript device (wlanListDeviceFirst device wlanDeviceInterfaces."${device}"); in - if hasAttr device cfg.wlanInterfaces - then ''ACTION=="add", SUBSYSTEM=="net", NAME=="${device}", ENV{DEVTYPE}=="wlan", RUN+="${script}"'' - else ''ACTION=="add", SUBSYSTEM=="net", NAME=="${device}", ENV{DEVTYPE}=="wlan", NAME="", TAG-="systemd", RUN:="${script}"'')} - ''; + text = + let + # Collect all interfaces that are defined for a device + # as device:interface key:value pairs. + wlanDeviceInterfaces = + let + allDevices = unique (mapAttrsToList (_: v: v.device) cfg.wlanInterfaces); + interfacesOfDevice = d: filterAttrs (_: v: v.device == d) cfg.wlanInterfaces; + in + genAttrs allDevices (d: interfacesOfDevice d); + + # Convert device:interface key:value pairs into a list, and if it exists, + # place the interface which is named after the device at the beginning. + wlanListDeviceFirst = device: interfaces: + if hasAttr device interfaces + then mapAttrsToList (n: v: v//{_iName=n;}) (filterAttrs (n: _: n==device) interfaces) ++ mapAttrsToList (n: v: v//{_iName=n;}) (filterAttrs (n: _: n!=device) interfaces) + else mapAttrsToList (n: v: v // {_iName = n;}) interfaces; + + # Udev script to execute for the default WLAN interface with the persistend udev name. + # The script creates the required, new WLAN interfaces interfaces and configures the + # existing, default interface. + curInterfaceScript = device: current: new: pkgs.writeScript "udev-run-script-wlan-interfaces-${device}.sh" '' + #!${pkgs.stdenv.shell} + # Change the wireless phy device to a predictable name. + ${pkgs.iw}/bin/iw phy `${pkgs.coreutils}/bin/cat /sys/class/net/$INTERFACE/phy80211/name` set name ${device} + + # Add new WLAN interfaces + ${flip concatMapStrings new (i: '' + ${pkgs.iw}/bin/iw phy ${device} interface add ${i._iName} type managed + '')} + + # Configure the current interface + ${pkgs.iw}/bin/iw dev ${device} set type ${current.type} + ${optionalString (current.type == "mesh" && current.meshID!=null) "${pkgs.iw}/bin/iw dev ${device} set meshid ${current.meshID}"} + ${optionalString (current.type == "monitor" && current.flags!=null) "${pkgs.iw}/bin/iw dev ${device} set monitor ${current.flags}"} + ${optionalString (current.type == "managed" && current.fourAddr!=null) "${pkgs.iw}/bin/iw dev ${device} set 4addr ${if current.fourAddr then "on" else "off"}"} + ${optionalString (current.mac != null) "${pkgs.iproute}/bin/ip link set dev ${device} address ${current.mac}"} + ''; + + # Udev script to execute for a new WLAN interface. The script configures the new WLAN interface. + newInterfaceScript = new: pkgs.writeScript "udev-run-script-wlan-interfaces-${new._iName}.sh" '' + #!${pkgs.stdenv.shell} + # Configure the new interface + ${pkgs.iw}/bin/iw dev ${new._iName} set type ${new.type} + ${optionalString (new.type == "mesh" && new.meshID!=null) "${pkgs.iw}/bin/iw dev ${device} set meshid ${new.meshID}"} + ${optionalString (new.type == "monitor" && new.flags!=null) "${pkgs.iw}/bin/iw dev ${device} set monitor ${new.flags}"} + ${optionalString (new.type == "managed" && new.fourAddr!=null) "${pkgs.iw}/bin/iw dev ${device} set 4addr ${if new.fourAddr then "on" else "off"}"} + ${optionalString (new.mac != null) "${pkgs.iproute}/bin/ip link set dev ${device} address ${new.mac}"} + ''; + + # Udev attributes for systemd to name the device and to create a .device target. + systemdAttrs = n: ''NAME:="${n}", ENV{INTERFACE}:="${n}", ENV{SYSTEMD_ALIAS}:="/sys/subsystem/net/devices/${n}", TAG+="systemd"''; + in + flip (concatMapStringsSep "\n") (attrNames wlanDeviceInterfaces) (device: + let + interfaces = wlanListDeviceFirst device wlanDeviceInterfaces."${device}"; + curInterface = elemAt interfaces 0; + newInterfaces = drop 1 interfaces; + in '' + # It is important to have that rule first as overwriting the NAME attribute also prevents the + # next rules from matching. + ${flip (concatMapStringsSep "\n") (wlanListDeviceFirst device wlanDeviceInterfaces."${device}") (interface: + ''ACTION=="add", SUBSYSTEM=="net", ENV{DEVTYPE}=="wlan", ENV{INTERFACE}=="${interface._iName}", ${systemdAttrs interface._iName}, RUN+="${newInterfaceScript interface}"'')} + + # Add the required, new WLAN interfaces to the default WLAN interface with the + # persistent, default name as assigned by udev. + ACTION=="add", SUBSYSTEM=="net", ENV{DEVTYPE}=="wlan", NAME=="${device}", ${systemdAttrs curInterface._iName}, RUN+="${curInterfaceScript device curInterface newInterfaces}" + # Generate the same systemd events for both 'add' and 'move' udev events. + ACTION=="move", SUBSYSTEM=="net", ENV{DEVTYPE}=="wlan", NAME=="${device}", ${systemdAttrs curInterface._iName} + ''); }) ]; }; -- cgit 1.4.1 From 791b600aac6e230b7d536d404516e92d10b7ca65 Mon Sep 17 00:00:00 2001 From: Casey Ransom Date: Sun, 4 Oct 2015 01:41:57 -0400 Subject: nixos/docker: Include ZFS commands in PATH for ZFS storagedriver MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When using the ZFS storagedriver in docker, it shells out for the ZFS commands. The path configuration for the systemd task does not include ZFS, so if the driver is set to ZFS, add ZFS utilities to the PATH. This will resolve https://github.com/NixOS/nixpkgs/issues/10127 [Bjørn: prefix commit message with "nixos/docker:", remove extra space before ';'] --- nixos/modules/virtualisation/docker.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'nixos') diff --git a/nixos/modules/virtualisation/docker.nix b/nixos/modules/virtualisation/docker.nix index 0115b972e80d..0e1b9206999b 100644 --- a/nixos/modules/virtualisation/docker.nix +++ b/nixos/modules/virtualisation/docker.nix @@ -129,7 +129,8 @@ in LimitNPROC = 1048576; } // proxy_env; - path = [ pkgs.kmod ]; + path = [ pkgs.kmod ] ++ + (if cfg.storageDriver == "zfs" then [ pkgs.zfs ] else []); environment.MODULE_DIR = "/run/current-system/kernel-modules/lib/modules"; postStart = cfg.postStart; -- cgit 1.4.1 From 424e6e501a44dc38c610f6d2039dda1cfafe9490 Mon Sep 17 00:00:00 2001 From: Bjørn Forsman Date: Sun, 4 Oct 2015 14:31:16 +0200 Subject: nixos/modules: simplify pkgs.zfs handling Thanks, @lethalman. --- nixos/modules/virtualisation/docker.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'nixos') diff --git a/nixos/modules/virtualisation/docker.nix b/nixos/modules/virtualisation/docker.nix index 0e1b9206999b..7288cf29875b 100644 --- a/nixos/modules/virtualisation/docker.nix +++ b/nixos/modules/virtualisation/docker.nix @@ -129,8 +129,7 @@ in LimitNPROC = 1048576; } // proxy_env; - path = [ pkgs.kmod ] ++ - (if cfg.storageDriver == "zfs" then [ pkgs.zfs ] else []); + path = [ pkgs.kmod ] ++ (optional (cfg.storageDriver == "zfs") pkgs.zfs); environment.MODULE_DIR = "/run/current-system/kernel-modules/lib/modules"; postStart = cfg.postStart; -- cgit 1.4.1 From 5f17aeb4035057deb1840372f5a0a33098ce1e82 Mon Sep 17 00:00:00 2001 From: Bjørn Forsman Date: Sun, 4 Oct 2015 13:39:52 +0200 Subject: nixos/docker: default storageDriver to "devicemapper" Commit 9bfe92ecee ("docker: Minor improvements, fix failing test") added the services.docker.storageDriver option, made it mandatory but didn't give it a default value. This results in an ugly traceback when users enable docker, if they don't pay enough attention to also set the storageDriver option. (An attempt was made to add an assertion, but it didn't work, possibly because of how "mkMerge" works.) The arguments against a default value were that the optimal value depends on the filesystem on the host. This is, AFAICT, only in part true. (It seems some backends are filesystem agnostic.) Also, docker itself uses a default storage driver, "devicemapper", when no --storage-driver=x options are given. Hence, we use the same value as default. Add a FIXME comment that 'devicemapper' breaks NixOS VM tests (for yet unknown reasons), so we still run those with the 'overlay' driver. Closes #10100 and #10217. --- nixos/modules/virtualisation/docker.nix | 4 +--- nixos/tests/docker.nix | 2 ++ 2 files changed, 3 insertions(+), 3 deletions(-) (limited to 'nixos') diff --git a/nixos/modules/virtualisation/docker.nix b/nixos/modules/virtualisation/docker.nix index 7288cf29875b..0c642bf3b816 100644 --- a/nixos/modules/virtualisation/docker.nix +++ b/nixos/modules/virtualisation/docker.nix @@ -46,12 +46,10 @@ in storageDriver = mkOption { type = types.enum ["aufs" "btrfs" "devicemapper" "overlay" "zfs"]; + default = "devicemapper"; description = '' This option determines which Docker storage driver to use. - It is required but lacks a default value as its most - suitable value will depend the filesystems available on the - host. ''; }; extraOptions = diff --git a/nixos/tests/docker.nix b/nixos/tests/docker.nix index 034dcb04adfd..635a97e2ce09 100644 --- a/nixos/tests/docker.nix +++ b/nixos/tests/docker.nix @@ -11,6 +11,8 @@ import ./make-test.nix ({ pkgs, ...} : { { config, pkgs, ... }: { virtualisation.docker.enable = true; + # FIXME: The default "devicemapper" storageDriver fails in NixOS VM + # tests. virtualisation.docker.storageDriver = "overlay"; }; }; -- cgit 1.4.1 From 67723df930d74ecda8c8a66740df7c5650da8e6a Mon Sep 17 00:00:00 2001 From: Bjørn Forsman Date: Sun, 4 Oct 2015 16:11:28 +0200 Subject: nixos/jenkins: rework environment handling Jenkins gets (by default) an additional environment of { NIX_REMOTE = "daemon"; } This has the following problems: 1. NIX_REMOTE disappears when users specify additional environment variables, because defaults have low merge priority. 2. nix cannot be used without additional NIX_PATH envvar, which is currently missing. 3. If you try to use HTTPS, you'll see that jenkins lacks SSL_CERT_FILE envvar, causing it to fail. This commit adds config.environment.sessionVariables and NIX_REMOTE to the set of variables that are always there for jenkins, making nix and HTTPS work out of the box. services.jenkins.environment is now empty by default. --- .../services/continuous-integration/jenkins/default.nix | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) (limited to 'nixos') diff --git a/nixos/modules/services/continuous-integration/jenkins/default.nix b/nixos/modules/services/continuous-integration/jenkins/default.nix index 95d2aecfac7d..cf13c73ab4df 100644 --- a/nixos/modules/services/continuous-integration/jenkins/default.nix +++ b/nixos/modules/services/continuous-integration/jenkins/default.nix @@ -65,11 +65,14 @@ in { }; environment = mkOption { - default = { NIX_REMOTE = "daemon"; }; + default = { }; type = with types; attrsOf str; description = '' Additional environment variables to be passed to the jenkins process. - The environment will always include JENKINS_HOME. + This setting will merge with everything in + , + JENKINS_HOME and NIX_REMOTE. This option takes precedence and can + override any previously set environment variable. ''; }; @@ -106,9 +109,12 @@ in { after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; - environment = { - JENKINS_HOME = cfg.home; - } // cfg.environment; + environment = + config.environment.sessionVariables // + { JENKINS_HOME = cfg.home; + NIX_REMOTE = "daemon"; + } // + cfg.environment; path = cfg.packages; -- cgit 1.4.1 From e65b8fcebe1bb6a4b25805c5c30ec5f49daf9b30 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Mon, 5 Oct 2015 09:26:30 +0200 Subject: Fix nixos-upgrade --- nixos/modules/installer/tools/auto-upgrade.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'nixos') diff --git a/nixos/modules/installer/tools/auto-upgrade.nix b/nixos/modules/installer/tools/auto-upgrade.nix index b2676b05a02c..e14653dc4eb0 100644 --- a/nixos/modules/installer/tools/auto-upgrade.nix +++ b/nixos/modules/installer/tools/auto-upgrade.nix @@ -70,7 +70,7 @@ let cfg = config.system.autoUpgrade; in path = [ pkgs.gnutar pkgs.xz config.nix.package ]; script = '' - ${config.system.build.nixos-rebuild}/bin/nixos-rebuild test ${toString cfg.flags} + ${config.system.build.nixos-rebuild}/bin/nixos-rebuild switch ${toString cfg.flags} ''; startAt = mkIf cfg.enable "04:40"; -- cgit 1.4.1 From faa82a676bd442b95703647cf4cc6c693d0dca67 Mon Sep 17 00:00:00 2001 From: Mathnerd314 Date: Mon, 5 Oct 2015 22:10:40 -0600 Subject: gnome3 test: increase timeout The gnome3 test has been failing recently ([1](http://hydra.nixos.org/build/26608126/nixlog/1/raw) [2](http://hydra.nixos.org/build/26605926/nixlog/1/raw)); this is due to exit code 124 which is [the command timing out](https://www.gnu.org/software/coreutils/manual/html_node/timeout-invocation.html). This increases the timeout to 900, to align with the similar timeout in https://github.com/NixOS/nixpkgs/blob/master/nixos/lib/test-driver/Machine.pm#L222 --- nixos/tests/gnome3.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'nixos') diff --git a/nixos/tests/gnome3.nix b/nixos/tests/gnome3.nix index 7662efe1b350..714b35503706 100644 --- a/nixos/tests/gnome3.nix +++ b/nixos/tests/gnome3.nix @@ -28,7 +28,7 @@ import ./make-test.nix ({ pkgs, ...} : { $machine->succeed("su - alice -c 'DISPLAY=:0.0 gnome-terminal &'"); $machine->waitForWindow(qr/Terminal/); - $machine->mustSucceed("timeout 60 bash -c 'journalctl -f|grep -m 1 \"GNOME Shell started\"'"); + $machine->mustSucceed("timeout 900 bash -c 'journalctl -f|grep -m 1 \"GNOME Shell started\"'"); $machine->sleep(10); $machine->screenshot("screen"); ''; -- cgit 1.4.1 From eccd68eeb746848009f95968ae58c2b98096af20 Mon Sep 17 00:00:00 2001 From: Luca Bruno Date: Tue, 6 Oct 2015 10:21:38 +0200 Subject: gnome3: add bgSupport=true. Closes #10242 --- nixos/modules/services/x11/desktop-managers/gnome3.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'nixos') diff --git a/nixos/modules/services/x11/desktop-managers/gnome3.nix b/nixos/modules/services/x11/desktop-managers/gnome3.nix index fdee5fbc6c5b..886a6c884013 100644 --- a/nixos/modules/services/x11/desktop-managers/gnome3.nix +++ b/nixos/modules/services/x11/desktop-managers/gnome3.nix @@ -104,6 +104,7 @@ in { services.xserver.desktopManager.session = singleton { name = "gnome3"; + bgSupport = true; start = '' # Set GTK_DATA_PREFIX so that GTK+ can find the themes export GTK_DATA_PREFIX=${config.system.path} -- cgit 1.4.1 From 106738b1962829cf5cdefc321cce00b028f1210d Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Tue, 6 Oct 2015 15:03:26 +0200 Subject: Give more memory for the disk image builder http://hydra.nixos.org/build/26480662 --- nixos/lib/make-disk-image.nix | 1 + pkgs/build-support/vm/default.nix | 8 ++++---- 2 files changed, 5 insertions(+), 4 deletions(-) (limited to 'nixos') diff --git a/nixos/lib/make-disk-image.nix b/nixos/lib/make-disk-image.nix index 79c5199cbec4..01dd9c9ae7f2 100644 --- a/nixos/lib/make-disk-image.nix +++ b/nixos/lib/make-disk-image.nix @@ -39,6 +39,7 @@ pkgs.vmTools.runInLinuxVM ( exportReferencesGraph = [ "closure" config.system.build.toplevel ]; inherit postVM; + memSize = 1024; } '' ${if partitioned then '' diff --git a/pkgs/build-support/vm/default.nix b/pkgs/build-support/vm/default.nix index c4fefe4d5019..95b2c161b82c 100644 --- a/pkgs/build-support/vm/default.nix +++ b/pkgs/build-support/vm/default.nix @@ -302,13 +302,13 @@ rec { `run-vm' will be left behind in the temporary build directory that allows you to boot into the VM and debug it interactively. */ - runInLinuxVM = drv: lib.overrideDerivation drv (attrs: { + runInLinuxVM = drv: lib.overrideDerivation drv ({ memSize ? 512, QEMU_OPTS ? "", args, builder, ... }: { requiredSystemFeatures = [ "kvm" ]; builder = "${bash}/bin/sh"; args = ["-e" (vmRunCommand qemuCommandLinux)]; - origArgs = attrs.args; - origBuilder = attrs.builder; - QEMU_OPTS = "${attrs.QEMU_OPTS or ""} -m ${toString (attrs.memSize or 512)}"; + origArgs = args; + origBuilder = builder; + QEMU_OPTS = "${QEMU_OPTS} -m ${toString memSize}"; }); -- cgit 1.4.1 From 7a8980193d94a15bf4d7267d846e5b69c61fa413 Mon Sep 17 00:00:00 2001 From: Thomas Strobel Date: Mon, 5 Oct 2015 13:45:20 +0200 Subject: nixos grub: trustedBoot: introduce safety check that TPM is available --- nixos/modules/system/boot/loader/grub/grub.nix | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) (limited to 'nixos') diff --git a/nixos/modules/system/boot/loader/grub/grub.nix b/nixos/modules/system/boot/loader/grub/grub.nix index 0b349749244f..ce3efc3cd7cd 100644 --- a/nixos/modules/system/boot/loader/grub/grub.nix +++ b/nixos/modules/system/boot/loader/grub/grub.nix @@ -378,6 +378,17 @@ in ''; }; + systemHasTPM = mkOption { + default = ""; + example = "YES_TPM_is_activated"; + type = types.string; + description = '' + Assertion that the target system has an activated TPM. It is a safety + check before allowing the activation of 'enableTrustedBoot'. TrustedBoot + WILL FAIL TO BOOT YOUR SYSTEM if no TPM is available. + ''; + }; + }; }; @@ -453,8 +464,8 @@ in message = "Trusted GRUB does not have ZFS support"; } { - assertion = !cfg.enableTrustedBoot; - message = "Trusted GRUB can break your system. Remove assertion if you want to test trustedGRUB nevertheless."; + assertion = !cfg.enableTrustedBoot || cfg.systemHasTPM == "YES_TPM_is_activated"; + message = "Trusted GRUB can break the system! Confirm that the system has an activated TPM by setting 'systemHasTPM'."; } ] ++ flip concatMap cfg.mirroredBoots (args: [ { -- cgit 1.4.1 From 881ec1efb840dd1c62b89588d67f6e2822791759 Mon Sep 17 00:00:00 2001 From: Thomas Strobel Date: Mon, 5 Oct 2015 13:23:58 +0200 Subject: networking module: vswitches: re-structure dependencies to systemd units --- nixos/modules/tasks/network-interfaces-scripted.nix | 14 ++++---------- nixos/modules/tasks/network-interfaces.nix | 14 ++------------ 2 files changed, 6 insertions(+), 22 deletions(-) (limited to 'nixos') diff --git a/nixos/modules/tasks/network-interfaces-scripted.nix b/nixos/modules/tasks/network-interfaces-scripted.nix index d8b1592c36bb..80b7f718580e 100644 --- a/nixos/modules/tasks/network-interfaces-scripted.nix +++ b/nixos/modules/tasks/network-interfaces-scripted.nix @@ -222,21 +222,15 @@ in createVswitchDevice = n: v: nameValuePair "${n}-netdev" (let - managedInterfaces = filter (x: hasAttr x cfg.interfaces) v.interfaces; - managedInterfaceServices = concatMap (i: [ "network-addresses-${i}.service" "network-link-${i}.service" ]) managedInterfaces; - virtualInterfaces = filter (x: (hasAttr x cfg.interfaces) && cfg.interfaces.${x}.virtual) v.interfaces; - virtualInterfaceServices = concatMap (i: [ "${i}-netdev.service" ]) virtualInterfaces; deps = map subsystemDevice v.interfaces; ofRules = pkgs.writeText "vswitch-${n}-openFlowRules" v.openFlowRules; in { description = "Open vSwitch Interface ${n}"; - wantedBy = [ "network.target" "vswitchd.service" (subsystemDevice n) ]; - requires = optionals v.bindInterfaces (deps ++ managedInterfaceServices ++ virtualInterfaceServices); - requiredBy = optionals v.bindInterfaces (managedInterfaceServices ++ virtualInterfaceServices); - bindsTo = deps ++ [ "vswitchd.service" ]; + wantedBy = [ "network.target" "vswitchd.service" ] ++ deps; + bindsTo = [ "vswitchd.service" (subsystemDevice n) ] ++ deps; partOf = [ "vswitchd.service" ]; - after = [ "network-pre.target" "vswitchd.service" ] ++ deps ++ managedInterfaceServices ++ virtualInterfaceServices; - before = [ "network-interfaces.target" (subsystemDevice n) ]; + after = [ "network-pre.target" "vswitchd.service" ] ++ deps; + before = [ "network-interfaces.target" ]; serviceConfig.Type = "oneshot"; serviceConfig.RemainAfterExit = true; path = [ pkgs.iproute config.virtualisation.vswitch.package ]; diff --git a/nixos/modules/tasks/network-interfaces.nix b/nixos/modules/tasks/network-interfaces.nix index 6b5241c2aa59..92151b00b06b 100644 --- a/nixos/modules/tasks/network-interfaces.nix +++ b/nixos/modules/tasks/network-interfaces.nix @@ -381,8 +381,8 @@ in description = '' This option allows you to define Open vSwitches that connect - physical networks together. The value of this option is an - attribute set. Each attribute specifies a vswitch, with the + physical networks together. The value of this option is an + attribute set. Each attribute specifies a vswitch, with the attribute name specifying the name of the vswitch's network interface. ''; @@ -398,16 +398,6 @@ in "The physical network interfaces connected by the vSwitch."; }; - bindInterfaces = mkOption { - type = types.bool; - default = false; - description = '' - If true, then the interfaces of the vSwitch are brought 'up' and especially - also 'down' together with the vSwitch. That requires that every interfaces - is configured as a systemd network services. - ''; - }; - controllers = mkOption { type = types.listOf types.str; default = []; -- cgit 1.4.1 From acb1b3cdd006f1396221262325586e6faa724dff Mon Sep 17 00:00:00 2001 From: Thomas Strobel Date: Tue, 6 Oct 2015 18:45:50 +0200 Subject: networking module: wlanInterfaces: fix file name of udev rules --- nixos/modules/tasks/network-interfaces.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'nixos') diff --git a/nixos/modules/tasks/network-interfaces.nix b/nixos/modules/tasks/network-interfaces.nix index 92151b00b06b..2d6522a1bf9d 100644 --- a/nixos/modules/tasks/network-interfaces.nix +++ b/nixos/modules/tasks/network-interfaces.nix @@ -940,8 +940,8 @@ in services.udev.packages = mkIf (cfg.wlanInterfaces != {}) [ (pkgs.writeTextFile { - name = "99-zzz-wlanInterfaces-last.rules"; - destination = "/etc/udev/rules.d/99-zzz-wlanInterfaces-last.rules"; + name = "99-zzz-40-wlanInterfaces.rules"; + destination = "/etc/udev/rules.d/99-zzz-40-wlanInterfaces.rules"; text = let # Collect all interfaces that are defined for a device -- cgit 1.4.1 From d5604f0b22daf8a0ec341c70607f014dfc9bf207 Mon Sep 17 00:00:00 2001 From: Thomas Strobel Date: Tue, 6 Oct 2015 18:47:47 +0200 Subject: power management: restart post-resume.target on resume Trigger a restart of the post-resume.target on resume. That allows other systemd services to receive the restart signal after resume by becoming 'partOf' the post-resume.target. --- nixos/modules/config/power-management.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'nixos') diff --git a/nixos/modules/config/power-management.nix b/nixos/modules/config/power-management.nix index 32a7987617ad..dedc8a3f6793 100644 --- a/nixos/modules/config/power-management.nix +++ b/nixos/modules/config/power-management.nix @@ -98,6 +98,7 @@ in after = [ "suspend.target" "hibernate.target" "hybrid-sleep.target" ]; script = '' + ${config.systemd.package}/bin/systemctl try-restart post-resume.target ${cfg.resumeCommands} ${cfg.powerUpCommands} ''; -- cgit 1.4.1 From c6b2365e9a3f95e2665f8c518781bc007aa055f8 Mon Sep 17 00:00:00 2001 From: Thomas Strobel Date: Tue, 6 Oct 2015 18:51:52 +0200 Subject: supplicant module: extended module for wpa_supplicant Add new configuration options for wpa_supplicant and allow to configure and start one wpa_supplicant per device. --- nixos/modules/module-list.nix | 1 + nixos/modules/services/networking/supplicant.nix | 249 +++++++++++++++++++++++ 2 files changed, 250 insertions(+) create mode 100644 nixos/modules/services/networking/supplicant.nix (limited to 'nixos') diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index c890eac49910..2dafd19e0b47 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -340,6 +340,7 @@ ./services/networking/ssh/lshd.nix ./services/networking/ssh/sshd.nix ./services/networking/strongswan.nix + ./services/networking/supplicant.nix ./services/networking/supybot.nix ./services/networking/syncthing.nix ./services/networking/tcpcrypt.nix diff --git a/nixos/modules/services/networking/supplicant.nix b/nixos/modules/services/networking/supplicant.nix new file mode 100644 index 000000000000..502a0468787f --- /dev/null +++ b/nixos/modules/services/networking/supplicant.nix @@ -0,0 +1,249 @@ +{ config, lib, utils, pkgs, ... }: + +with lib; + +let + + cfg = config.networking.supplicant; + + # We must escape interfaces due to the systemd interpretation + subsystemDevice = interface: + "sys-subsystem-net-devices-${utils.escapeSystemdPath interface}.device"; + + serviceName = iface: "supplicant-${if (iface=="WLAN") then "wlan@" else ( + if (iface=="LAN") then "lan@" else ( + if (iface=="DBUS") then "dbus" + else (replaceChars [" "] ["-"] iface)))}"; + + # TODO: Use proper privilege separation for wpa_supplicant + supplicantService = iface: suppl: + let + deps = (if (iface=="WLAN"||iface=="LAN") then ["sys-subsystem-net-devices-%i.device"] else ( + if (iface=="DBUS") then ["dbus.service"] + else (map subsystemDevice (splitString " " iface)))) + ++ optional (suppl.bridge!="") (subsystemDevice suppl.bridge); + + ifaceArg = concatStringsSep " -N " (map (i: "-i${i}") (splitString " " iface)); + driverArg = optionalString (suppl.driver != null) "-D${suppl.driver}"; + bridgeArg = optionalString (suppl.bridge!="") "-b${suppl.bridge}"; + confFileArg = optionalString (suppl.configFile.path!=null) "-c${suppl.configFile.path}"; + extraConfFile = pkgs.writeText "supplicant-extra-conf-${replaceChars [" "] ["-"] iface}" '' + ${optionalString suppl.userControlled.enable "ctrl_interface=DIR=${suppl.userControlled.socketDir} GROUP=${suppl.userControlled.group}"} + ${optionalString suppl.configFile.writable "update_config=1"} + ${suppl.extraConf} + ''; + in + { description = "Supplicant ${iface}${optionalString (iface=="WLAN"||iface=="LAN") " %I"}"; + wantedBy = [ "network.target" ]; + bindsTo = deps; + after = deps; + before = [ "network.target" ]; + # Receive restart event after resume + partOf = [ "post-resume.target" ]; + + path = [ pkgs.coreutils ]; + + preStart = '' + ${optionalString (suppl.configFile.path!=null) '' + touch -a ${suppl.configFile.path} + chmod 600 ${suppl.configFile.path} + ''} + ${optionalString suppl.userControlled.enable '' + if ! test -e ${suppl.userControlled.socketDir}; then + mkdir -m 0770 -p ${suppl.userControlled.socketDir} + chgrp ${suppl.userControlled.group} ${suppl.userControlled.socketDir} + fi + + if test "$(stat --printf '%G' ${suppl.userControlled.socketDir})" != "${suppl.userControlled.group}"; then + echo "ERROR: bad ownership on ${suppl.userControlled.socketDir}" >&2 + exit 1 + fi + ''} + ''; + + serviceConfig.ExecStart = "${pkgs.wpa_supplicant}/bin/wpa_supplicant -s ${driverArg} ${confFileArg} -I${extraConfFile} ${bridgeArg} ${suppl.extraCmdArgs} ${if (iface=="WLAN"||iface=="LAN") then "-i%I" else (if (iface=="DBUS") then "-u" else ifaceArg)}"; + + }; + + +in + +{ + + ###### interface + + options = { + + networking.supplicant = mkOption { + type = types.attrsOf types.optionSet; + + default = { }; + + example = { + "wlan0 wlan1" = { + configFile = "/etc/wpa_supplicant"; + userControlled.group = "network"; + extraConf = '' + ap_scan=1 + p2p_disabled=1 + ''; + extraCmdArgs = "-u -W"; + bridge = "br0"; + }; + }; + + description = '' + Interfaces for which to start wpa_supplicant. + The supplicant is used to scan for and associate with wireless networks, + or to authenticate with 802.1x capable network switches. + + The value of this option is an attribute set. Each attribute configures a + wpa_supplicant service, where the attribute name specifies + the name of the interface that wpa_supplicant operates on. + The attribute name can be a space separated list of interfaces. + The attribute names WLAN, LAN and DBUS + have a special meaning. WLAN and LAN are + configurations for universal wpa_supplicant service that is + started for each WLAN interface or for each LAN interface, respectively. + DBUS defines a device-unrelated wpa_supplicant + service that can be accessed through D-Bus. + ''; + + options = { + + configFile = { + + path = mkOption { + type = types.path; + example = "/etc/wpa_supplicant.conf"; + description = '' + External wpa_supplicant.conf configuration file. + The configuration options defined declaratively within networking.supplicant have + precedence over options defined in configFile. + ''; + }; + + writable = mkOption { + type = types.bool; + default = false; + description = '' + Whether the configuration file at configFile.path should be written to by + wpa_supplicant. + ''; + }; + + }; + + extraConf = mkOption { + type = types.lines; + default = ""; + example = '' + ap_scan=1 + device_name=My-NixOS-Device + device_type=1-0050F204-1 + driver_param=use_p2p_group_interface=1 + disable_scan_offload=1 + p2p_listen_reg_class=81 + p2p_listen_channel=1 + p2p_oper_reg_class=81 + p2p_oper_channel=1 + manufacturer=NixOS + model_name=NixOS_Unstable + model_number=2015 + ''; + description = '' + Configuration options for wpa_supplicant.conf. + Options defined here have precedence over options in configFile. + NOTE: Do not write sensitive data into extraConf as it will + be world-readable in the nix-store. For sensitive information + use the configFile instead. + ''; + }; + + extraCmdArgs = mkOption { + type = types.str; + default = ""; + example = "-e/var/run/wpa_supplicant/entropy.bin"; + description = + "Command line arguments to add when executing wpa_supplicant."; + }; + + driver = mkOption { + type = types.nullOr types.str; + default = "nl80211,wext"; + description = "Force a specific wpa_supplicant driver."; + }; + + bridge = mkOption { + type = types.str; + default = ""; + description = "Name of the bridge interface that wpa_supplicant should listen at."; + }; + + userControlled = { + + enable = mkOption { + type = types.bool; + default = false; + description = '' + Allow normal users to control wpa_supplicant through wpa_gui or wpa_cli. + This is useful for laptop users that switch networks a lot and don't want + to depend on a large package such as NetworkManager just to pick nearby + access points. + ''; + }; + + socketDir = mkOption { + type = types.str; + default = "/var/run/wpa_supplicant"; + description = "Directory of sockets for controlling wpa_supplicant."; + }; + + group = mkOption { + type = types.str; + default = "wheel"; + example = "network"; + description = "Members of this group can control wpa_supplicant."; + }; + + }; + + }; + + }; + + }; + + + ###### implementation + + config = mkIf (cfg != {}) { + + environment.systemPackages = [ pkgs.wpa_supplicant ]; + + services.dbus.packages = [ pkgs.wpa_supplicant ]; + + systemd.services = mapAttrs' (n: v: nameValuePair (serviceName n) (supplicantService n v)) cfg; + + services.udev.packages = [ + (pkgs.writeTextFile { + name = "99-zzz-60-supplicant.rules"; + destination = "/etc/udev/rules.d/99-zzz-60-supplicant.rules"; + text = '' + ${flip (concatMapStringsSep "\n") (filter (n: n!="WLAN" && n!="LAN" && n!="DBUS") (attrNames cfg)) (iface: + flip (concatMapStringsSep "\n") (splitString " " iface) (i: '' + ACTION=="add", SUBSYSTEM=="net", ENV{INTERFACE}=="${i}", TAG+="systemd", ENV{SYSTEMD_WANTS}+="supplicant-${replaceChars [" "] ["-"] iface}.service", TAG+="SUPPLICANT_ASSIGNED"''))} + + ${optionalString (hasAttr "WLAN" cfg) '' + ACTION=="add", SUBSYSTEM=="net", ENV{DEVTYPE}=="wlan", TAG!="SUPPLICANT_ASSIGNED", TAG+="systemd", PROGRAM="${pkgs.systemd}/bin/systemd-escape -p %E{INTERFACE}", ENV{SYSTEMD_WANTS}+="supplicant-wlan@$result.service" + ''} + ${optionalString (hasAttr "LAN" cfg) '' + ACTION=="add", SUBSYSTEM=="net", ENV{DEVTYPE}=="lan", TAG!="SUPPLICANT_ASSIGNED", TAG+="systemd", PROGRAM="${pkgs.systemd}/bin/systemd-escape -p %E{INTERFACE}", ENV{SYSTEMD_WANTS}+="supplicant-lan@$result.service" + ''} + ''; + })]; + + }; + +} + -- cgit 1.4.1 From 04e748e61fd8613cc35a5966eb51cfaa2a633be2 Mon Sep 17 00:00:00 2001 From: Bjørn Forsman Date: Tue, 6 Oct 2015 21:41:13 +0200 Subject: nixos/jenkins: reduce default environment Don't pull in all of environment.sessionVariables, only add what's needed for nix and HTTPS to work (which was the point of the previous patch). --- .../continuous-integration/jenkins/default.nix | 28 +++++++++++++++------- 1 file changed, 19 insertions(+), 9 deletions(-) (limited to 'nixos') diff --git a/nixos/modules/services/continuous-integration/jenkins/default.nix b/nixos/modules/services/continuous-integration/jenkins/default.nix index cf13c73ab4df..7a118ac72071 100644 --- a/nixos/modules/services/continuous-integration/jenkins/default.nix +++ b/nixos/modules/services/continuous-integration/jenkins/default.nix @@ -69,10 +69,11 @@ in { type = with types; attrsOf str; description = '' Additional environment variables to be passed to the jenkins process. - This setting will merge with everything in - , - JENKINS_HOME and NIX_REMOTE. This option takes precedence and can - override any previously set environment variable. + As a base environment, jenkins receives NIX_PATH, SSL_CERT_FILE and + GIT_SSL_CAINFO from , + NIX_REMOTE is set to "daemon" and JENKINS_HOME is set to + the value of . This option has + precedence and can be used to override those mentioned variables. ''; }; @@ -110,11 +111,20 @@ in { wantedBy = [ "multi-user.target" ]; environment = - config.environment.sessionVariables // - { JENKINS_HOME = cfg.home; - NIX_REMOTE = "daemon"; - } // - cfg.environment; + let + selectedSessionVars = + lib.filterAttrs (n: v: builtins.elem n + [ "NIX_PATH" + "SSL_CERT_FILE" + "GIT_SSL_CAINFO" + ]) + config.environment.sessionVariables; + in + selectedSessionVars // + { JENKINS_HOME = cfg.home; + NIX_REMOTE = "daemon"; + } // + cfg.environment; path = cfg.packages; -- cgit 1.4.1 From 91dced6ba00da6e374349e18e44ab4afb792aceb Mon Sep 17 00:00:00 2001 From: Vladimír Čunát Date: Sun, 11 Oct 2015 13:37:19 +0200 Subject: nixos/manual: installation iso logs in automatically --- nixos/doc/manual/installation/installing.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'nixos') diff --git a/nixos/doc/manual/installation/installing.xml b/nixos/doc/manual/installation/installing.xml index e40c15e8316d..6d734cd8caca 100644 --- a/nixos/doc/manual/installation/installing.xml +++ b/nixos/doc/manual/installation/installing.xml @@ -18,8 +18,8 @@ The NixOS manual is available on virtual console 8 (press Alt+F8 to access). - Login as root and the empty - password. + You get logged in as root + (with empty password). If you downloaded the graphical ISO image, you can run start display-manager to start KDE. -- cgit 1.4.1 From e4caf0fde09146000f4b7b0c29413a059704d9c3 Mon Sep 17 00:00:00 2001 From: aszlig Date: Tue, 13 Oct 2015 02:46:37 +0200 Subject: nixos/synergy: Restart services on failure. Synergy seems to get more and more unstable in recent versions, so we might want to debug this properly. However, it makes sense to restart the service nevertheless, because synergy is about keyboard and mouse sharing and it's quite annoying to either SSH in to restart the service or even needing to unplug the keyboard and plug in into the machine with the failing service. Signed-off-by: aszlig --- nixos/modules/services/misc/synergy.nix | 2 ++ 1 file changed, 2 insertions(+) (limited to 'nixos') diff --git a/nixos/modules/services/misc/synergy.nix b/nixos/modules/services/misc/synergy.nix index 054df965347d..7e8eadbe5f37 100644 --- a/nixos/modules/services/misc/synergy.nix +++ b/nixos/modules/services/misc/synergy.nix @@ -89,6 +89,7 @@ in wantedBy = optional cfgC.autoStart "multi-user.target"; path = [ pkgs.synergy ]; serviceConfig.ExecStart = ''${pkgs.synergy}/bin/synergyc -f ${optionalString (cfgC.screenName != "") "-n ${cfgC.screenName}"} ${cfgC.serverAddress}''; + serviceConfig.Restart = "on-failure"; }; }) (mkIf cfgS.enable { @@ -98,6 +99,7 @@ in wantedBy = optional cfgS.autoStart "multi-user.target"; path = [ pkgs.synergy ]; serviceConfig.ExecStart = ''${pkgs.synergy}/bin/synergys -c ${cfgS.configFile} -f ${optionalString (cfgS.address != "") "-a ${cfgS.address}"} ${optionalString (cfgS.screenName != "") "-n ${cfgS.screenName}" }''; + serviceConfig.Restart = "on-failure"; }; }) ]; -- cgit 1.4.1 From a65cf63f55b0e808f7b5bf9a52ed330b73a01f03 Mon Sep 17 00:00:00 2001 From: Tobias Geerinckx-Rice Date: Tue, 13 Oct 2015 20:56:52 +0200 Subject: copy-com service: order after network-online.target I doubt that ordering non-sysvinit services after network.target ever makes sense. In this case, CopyConsole requires DNS lookups and fails if these are not yet possible. --- nixos/modules/services/networking/copy-com.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'nixos') diff --git a/nixos/modules/services/networking/copy-com.nix b/nixos/modules/services/networking/copy-com.nix index 69a41ab97963..ee0d043d471b 100644 --- a/nixos/modules/services/networking/copy-com.nix +++ b/nixos/modules/services/networking/copy-com.nix @@ -39,7 +39,8 @@ in systemd.services."copy-com-${cfg.user}" = { description = "Copy.com client"; - after = [ "network.target" "local-fs.target" ]; + wants = [ "network-online.target" ]; + after = [ "network-online.target" "local-fs.target" ]; wantedBy = [ "multi-user.target" ]; serviceConfig = { ExecStart = "${pkgs.copy-com}/bin/CopyConsole ${if cfg.debug then "-consoleOutput -debugToConsole=dirwatch,path-watch,csm_path,csm -debug -console" else ""}"; -- cgit 1.4.1 From 528ebb4e5e0d9c42eea8d9b07655dff9c6966b1d Mon Sep 17 00:00:00 2001 From: Robbin C Date: Wed, 14 Oct 2015 08:48:34 +0800 Subject: Fix typo in nixos/modules/tasks/filesystems/nfs.nix. statd should be cfg.statd. --- nixos/modules/tasks/filesystems/nfs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'nixos') diff --git a/nixos/modules/tasks/filesystems/nfs.nix b/nixos/modules/tasks/filesystems/nfs.nix index 79de6556f251..e454eca3a0e5 100644 --- a/nixos/modules/tasks/filesystems/nfs.nix +++ b/nixos/modules/tasks/filesystems/nfs.nix @@ -90,7 +90,7 @@ in serviceConfig.Type = "forking"; serviceConfig.ExecStart = '' @${pkgs.nfs-utils}/sbin/rpc.statd rpc.statd --no-notify \ - ${if cfg.statdPort != null then "-p ${toString statdPort}" else ""} + ${if cfg.statdPort != null then "-p ${toString cfg.statdPort}" else ""} ''; serviceConfig.Restart = "always"; }; -- cgit 1.4.1 From a0d7a458b1bf775f82abbefd68622fd41859545b Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Wed, 14 Oct 2015 13:55:11 +0200 Subject: Don't block releases on nixos.tests.gnome3.i686-linux http://hydra.nixos.org/build/26702440 Issue #10353. --- nixos/release-combined.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'nixos') diff --git a/nixos/release-combined.nix b/nixos/release-combined.nix index a3948401d786..4dc221dba68b 100644 --- a/nixos/release-combined.nix +++ b/nixos/release-combined.nix @@ -51,7 +51,7 @@ in rec { (all nixos.tests.chromium) (all nixos.tests.firefox) (all nixos.tests.firewall) - (all nixos.tests.gnome3) + nixos.tests.gnome3.x86_64-linux # FIXME: i686-linux (all nixos.tests.installer.lvm) (all nixos.tests.installer.luksroot) (all nixos.tests.installer.separateBoot) -- cgit 1.4.1 From 5f077e229625583072ebf63ea48b11170771b0ed Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Wed, 14 Oct 2015 18:05:50 +0200 Subject: Factor out option renaming Option aliases/deprecations can now be declared in any NixOS module, not just in nixos/modules/rename.nix. This is more modular (since it allows for example grub-related aliases to be declared in the grub module), and allows aliases outside of NixOS (e.g. in NixOps modules). The syntax is a bit funky. Ideally we'd have something like: options = { foo.bar.newOption = mkOption { ... }; foo.bar.oldOption = mkAliasOption [ "foo" "bar" "newOption" ]; }; but that's not possible because options cannot define values in *other* options - you need to have a "config" for that. So instead we have functions that return a *module*: mkRemovedOptionModule, mkRenamedOptionModule and mkAliasOptionModule. These can be used via "imports", e.g. imports = [ (mkAliasOptionModule [ "foo" "bar" "oldOption" ] [ "foo" "bar" "newOption" ]); ]; As an added bonus, deprecation warnings now show the file name of the offending module. Fixes #10385. --- lib/modules.nix | 65 +++++++ nixos/modules/config/users-groups.nix | 4 + nixos/modules/rename.nix | 252 +++++++++---------------- nixos/modules/system/boot/loader/grub/grub.nix | 11 ++ nixos/modules/system/boot/systemd.nix | 7 + 5 files changed, 172 insertions(+), 167 deletions(-) (limited to 'nixos') diff --git a/lib/modules.nix b/lib/modules.nix index 3e4d0547ecc5..12ec7004d1ee 100644 --- a/lib/modules.nix +++ b/lib/modules.nix @@ -469,6 +469,7 @@ rec { mkBefore = mkOrder 500; mkAfter = mkOrder 1500; + # Convenient property used to transfer all definitions and their # properties from one option to another. This property is useful for # renaming options, and also for including properties from another module @@ -498,4 +499,68 @@ rec { /* Compatibility. */ fixMergeModules = modules: args: evalModules { inherit modules args; check = false; }; + + /* Return a module that causes a warning to be shown if the + specified option is defined. For example, + + mkRemovedOptionModule [ "boot" "loader" "grub" "bootDevice" ] + + causes a warning if the user defines boot.loader.grub.bootDevice. + */ + mkRemovedOptionModule = optionName: + { options, ... }: + { options = setAttrByPath optionName (mkOption { + visible = false; + }); + config.warnings = + let opt = getAttrFromPath optionName options; in + optional opt.isDefined + "The option definition `${showOption optionName}' in ${showFiles opt.files} no longer has any effect; please remove it."; + }; + + /* Return a module that causes a warning to be shown if the + specified "from" option is defined; the defined value is however + forwarded to the "to" option. This can be used to rename options + while providing backward compatibility. For example, + + mkRenamedOptionModule [ "boot" "copyKernels" ] [ "boot" "loader" "grub" "copyKernels" ] + + forwards any definitions of boot.copyKernels to + boot.loader.grub.copyKernels while printing a warning. + */ + mkRenamedOptionModule = from: to: doRename { + inherit from to; + visible = false; + warn = true; + use = builtins.trace "Obsolete option `${showOption from}' is used. It was renamed to `${showOption to}'."; + }; + + /* Like ‘mkRenamedOptionModule’, but doesn't show a warning. */ + mkAliasOptionModule = from: to: doRename { + inherit from to; + visible = true; + warn = false; + use = id; + }; + + doRename = { from, to, visible, warn, use }: + let + toOf = attrByPath to + (abort "Renaming error: option `${showOption to}' does not exists."); + in + { config, options, ... }: + { options = setAttrByPath from (mkOption { + description = "Alias of ."; + apply = x: use (toOf config); + }); + config = { + /* + warnings = + let opt = getAttrFromPath from options; in + optional (warn && opt.isDefined) + "The option `${showOption from}' defined in ${showFiles opt.files} has been renamed to `${showOption to}'."; + */ + } // setAttrByPath to (mkAliasDefinitions (getAttrFromPath from options)); + }; + } diff --git a/nixos/modules/config/users-groups.nix b/nixos/modules/config/users-groups.nix index adc014eed415..485926fb1dd0 100644 --- a/nixos/modules/config/users-groups.nix +++ b/nixos/modules/config/users-groups.nix @@ -550,4 +550,8 @@ in { }; + imports = + [ (mkAliasOptionModule [ "users" "extraUsers" ] [ "users" "users" ]) + (mkAliasOptionModule [ "users" "extraGroups" ] [ "users" "groups" ]) + ]; } diff --git a/nixos/modules/rename.nix b/nixos/modules/rename.nix index 62be7dc6cae2..28ac1c3e888a 100644 --- a/nixos/modules/rename.nix +++ b/nixos/modules/rename.nix @@ -1,170 +1,88 @@ -{ config, lib, options, ... }: +{ lib, ... }: with lib; -let - - alias = from: to: rename { - inherit from to; - name = "Alias"; - use = id; - define = id; - visible = true; - }; - - # warn option was renamed - obsolete = from: to: rename { - inherit from to; - name = "Obsolete name"; - use = x: builtins.trace "Obsolete option `${showOption from}' is used. It was renamed to `${showOption to}'." x; - define = x: builtins.trace "Obsolete option `${showOption from}' is used. It was renamed to `${showOption to}'." x; - }; - - # abort if deprecated option is used - deprecated = from: to: rename { - inherit from to; - name = "Deprecated name"; - use = x: abort "Deprecated option `${showOption from}' is used. It was renamed to `${showOption to}'."; - define = x: abort "Deprecated option `${showOption from}' is used. It was renamed to `${showOption to}'."; - }; - - showOption = concatStringsSep "."; - - zipModules = list: - zipAttrsWith (n: v: - if tail v != [] then - if all (o: isAttrs o && o ? _type) v then mkMerge v - else if n == "_type" then head v - else if n == "warnings" then concatLists v - else if n == "description" || n == "apply" then - abort "Cannot rename an option to multiple options." - else zipModules v - else head v - ) list; - - rename = { from, to, name, use, define, visible ? false }: - let - setTo = setAttrByPath to; - setFrom = setAttrByPath from; - toOf = attrByPath to - (abort "Renaming error: option `${showOption to}' does not exists."); - fromOf = attrByPath from - (abort "Internal error: option `${showOption from}' should be declared."); - in - [ { options = setFrom (mkOption { - description = "${name} of ."; - apply = x: use (toOf config); - inherit visible; - }); - - config = setTo (mkAliasAndWrapDefinitions define (fromOf options)); - } - ]; - - obsolete' = option: singleton - { options = setAttrByPath option (mkOption { - default = null; - visible = false; - }); - config.warnings = optional (getAttrFromPath option config != null) - "The option `${showOption option}' defined in your configuration no longer has any effect; please remove it."; - }; - -in zipModules ([] - -++ obsolete [ "environment" "x11Packages" ] [ "environment" "systemPackages" ] -++ obsolete [ "environment" "enableBashCompletion" ] [ "programs" "bash" "enableCompletion" ] -++ obsolete [ "environment" "nix" ] [ "nix" "package" ] -++ obsolete [ "fonts" "enableFontConfig" ] [ "fonts" "fontconfig" "enable" ] -++ obsolete [ "fonts" "extraFonts" ] [ "fonts" "fonts" ] -++ alias [ "users" "extraUsers" ] [ "users" "users" ] -++ alias [ "users" "extraGroups" ] [ "users" "groups" ] - -++ obsolete [ "security" "extraSetuidPrograms" ] [ "security" "setuidPrograms" ] -++ obsolete [ "networking" "enableWLAN" ] [ "networking" "wireless" "enable" ] -++ obsolete [ "networking" "enableRT73Firmware" ] [ "networking" "enableRalinkFirmware" ] - -# FIXME: Remove these eventually. -++ obsolete [ "boot" "systemd" "sockets" ] [ "systemd" "sockets" ] -++ obsolete [ "boot" "systemd" "targets" ] [ "systemd" "targets" ] -++ obsolete [ "boot" "systemd" "services" ] [ "systemd" "services" ] - -# Old Grub-related options. -++ obsolete [ "boot" "copyKernels" ] [ "boot" "loader" "grub" "copyKernels" ] -++ obsolete [ "boot" "extraGrubEntries" ] [ "boot" "loader" "grub" "extraEntries" ] -++ obsolete [ "boot" "extraGrubEntriesBeforeNixos" ] [ "boot" "loader" "grub" "extraEntriesBeforeNixOS" ] -++ obsolete [ "boot" "grubDevice" ] [ "boot" "loader" "grub" "device" ] -++ obsolete [ "boot" "bootMount" ] [ "boot" "loader" "grub" "bootDevice" ] -++ obsolete [ "boot" "grubSplashImage" ] [ "boot" "loader" "grub" "splashImage" ] - -++ obsolete [ "boot" "initrd" "extraKernelModules" ] [ "boot" "initrd" "kernelModules" ] -++ obsolete [ "boot" "extraKernelParams" ] [ "boot" "kernelParams" ] - -# smartd -++ obsolete [ "services" "smartd" "deviceOpts" ] [ "services" "smartd" "defaults" "monitored" ] - -# OpenSSH -++ obsolete [ "services" "sshd" "ports" ] [ "services" "openssh" "ports" ] -++ alias [ "services" "sshd" "enable" ] [ "services" "openssh" "enable" ] -++ obsolete [ "services" "sshd" "allowSFTP" ] [ "services" "openssh" "allowSFTP" ] -++ obsolete [ "services" "sshd" "forwardX11" ] [ "services" "openssh" "forwardX11" ] -++ obsolete [ "services" "sshd" "gatewayPorts" ] [ "services" "openssh" "gatewayPorts" ] -++ obsolete [ "services" "sshd" "permitRootLogin" ] [ "services" "openssh" "permitRootLogin" ] -++ obsolete [ "services" "xserver" "startSSHAgent" ] [ "services" "xserver" "startOpenSSHAgent" ] -++ obsolete [ "services" "xserver" "startOpenSSHAgent" ] [ "programs" "ssh" "startAgent" ] -++ alias [ "services" "openssh" "knownHosts" ] [ "programs" "ssh" "knownHosts" ] - -# VirtualBox -++ obsolete [ "services" "virtualbox" "enable" ] [ "virtualisation" "virtualbox" "guest" "enable" ] -++ obsolete [ "services" "virtualboxGuest" "enable" ] [ "virtualisation" "virtualbox" "guest" "enable" ] -++ obsolete [ "programs" "virtualbox" "enable" ] [ "virtualisation" "virtualbox" "host" "enable" ] -++ obsolete [ "programs" "virtualbox" "addNetworkInterface" ] [ "virtualisation" "virtualbox" "host" "addNetworkInterface" ] -++ obsolete [ "programs" "virtualbox" "enableHardening" ] [ "virtualisation" "virtualbox" "host" "enableHardening" ] -++ obsolete [ "services" "virtualboxHost" "enable" ] [ "virtualisation" "virtualbox" "host" "enable" ] -++ obsolete [ "services" "virtualboxHost" "addNetworkInterface" ] [ "virtualisation" "virtualbox" "host" "addNetworkInterface" ] -++ obsolete [ "services" "virtualboxHost" "enableHardening" ] [ "virtualisation" "virtualbox" "host" "enableHardening" ] - -# Tarsnap -++ obsolete [ "services" "tarsnap" "config" ] [ "services" "tarsnap" "archives" ] - -# proxy -++ obsolete [ "nix" "proxy" ] [ "networking" "proxy" "default" ] - -# KDE -++ deprecated [ "kde" "extraPackages" ] [ "environment" "systemPackages" ] -++ obsolete [ "environment" "kdePackages" ] [ "environment" "systemPackages" ] - -# Multiple efi bootloaders now -++ obsolete [ "boot" "loader" "efi" "efibootmgr" "enable" ] [ "boot" "loader" "efi" "canTouchEfiVariables" ] - -# NixOS environment changes -# !!! this hardcodes bash, could we detect from config which shell is actually used? -++ obsolete [ "environment" "promptInit" ] [ "programs" "bash" "promptInit" ] - -++ obsolete [ "services" "xserver" "driSupport" ] [ "hardware" "opengl" "driSupport" ] -++ obsolete [ "services" "xserver" "driSupport32Bit" ] [ "hardware" "opengl" "driSupport32Bit" ] -++ obsolete [ "services" "xserver" "s3tcSupport" ] [ "hardware" "opengl" "s3tcSupport" ] -++ obsolete [ "hardware" "opengl" "videoDrivers" ] [ "services" "xserver" "videoDrivers" ] - -++ obsolete [ "services" "mysql55" ] [ "services" "mysql" ] - -++ alias [ "environment" "checkConfigurationOptions" ] [ "_module" "check" ] - -# XBMC -++ obsolete [ "services" "xserver" "windowManager" "xbmc" ] [ "services" "xserver" "desktopManager" "kodi" ] -++ obsolete [ "services" "xserver" "desktopManager" "xbmc" ] [ "services" "xserver" "desktopManager" "kodi" ] - -# DNSCrypt-proxy -++ obsolete [ "services" "dnscrypt-proxy" "port" ] [ "services" "dnscrypt-proxy" "localPort" ] - -# Options that are obsolete and have no replacement. -++ obsolete' [ "boot" "loader" "grub" "bootDevice" ] -++ obsolete' [ "boot" "initrd" "luks" "enable" ] -++ obsolete' [ "programs" "bash" "enable" ] -++ obsolete' [ "services" "samba" "defaultShare" ] -++ obsolete' [ "services" "syslog-ng" "serviceName" ] -++ obsolete' [ "services" "syslog-ng" "listenToJournal" ] -++ obsolete' [ "ec2" "metadata" ] -++ obsolete' [ "services" "openvpn" "enable" ] - -) +{ + imports = [ + (mkRenamedOptionModule [ "environment" "x11Packages" ] [ "environment" "systemPackages" ]) + (mkRenamedOptionModule [ "environment" "enableBashCompletion" ] [ "programs" "bash" "enableCompletion" ]) + (mkRenamedOptionModule [ "environment" "nix" ] [ "nix" "package" ]) + (mkRenamedOptionModule [ "fonts" "enableFontConfig" ] [ "fonts" "fontconfig" "enable" ]) + (mkRenamedOptionModule [ "fonts" "extraFonts" ] [ "fonts" "fonts" ]) + + (mkRenamedOptionModule [ "security" "extraSetuidPrograms" ] [ "security" "setuidPrograms" ]) + (mkRenamedOptionModule [ "networking" "enableWLAN" ] [ "networking" "wireless" "enable" ]) + (mkRenamedOptionModule [ "networking" "enableRT73Firmware" ] [ "networking" "enableRalinkFirmware" ]) + + # Old Grub-related options. + (mkRenamedOptionModule [ "boot" "initrd" "extraKernelModules" ] [ "boot" "initrd" "kernelModules" ]) + (mkRenamedOptionModule [ "boot" "extraKernelParams" ] [ "boot" "kernelParams" ]) + + # smartd + (mkRenamedOptionModule [ "services" "smartd" "deviceOpts" ] [ "services" "smartd" "defaults" "monitored" ]) + + # OpenSSH + (mkRenamedOptionModule [ "services" "sshd" "ports" ] [ "services" "openssh" "ports" ]) + (mkAliasOptionModule [ "services" "sshd" "enable" ] [ "services" "openssh" "enable" ]) + (mkRenamedOptionModule [ "services" "sshd" "allowSFTP" ] [ "services" "openssh" "allowSFTP" ]) + (mkRenamedOptionModule [ "services" "sshd" "forwardX11" ] [ "services" "openssh" "forwardX11" ]) + (mkRenamedOptionModule [ "services" "sshd" "gatewayPorts" ] [ "services" "openssh" "gatewayPorts" ]) + (mkRenamedOptionModule [ "services" "sshd" "permitRootLogin" ] [ "services" "openssh" "permitRootLogin" ]) + (mkRenamedOptionModule [ "services" "xserver" "startSSHAgent" ] [ "services" "xserver" "startOpenSSHAgent" ]) + (mkRenamedOptionModule [ "services" "xserver" "startOpenSSHAgent" ] [ "programs" "ssh" "startAgent" ]) + (mkAliasOptionModule [ "services" "openssh" "knownHosts" ] [ "programs" "ssh" "knownHosts" ]) + + # VirtualBox + (mkRenamedOptionModule [ "services" "virtualbox" "enable" ] [ "virtualisation" "virtualbox" "guest" "enable" ]) + (mkRenamedOptionModule [ "services" "virtualboxGuest" "enable" ] [ "virtualisation" "virtualbox" "guest" "enable" ]) + (mkRenamedOptionModule [ "programs" "virtualbox" "enable" ] [ "virtualisation" "virtualbox" "host" "enable" ]) + (mkRenamedOptionModule [ "programs" "virtualbox" "addNetworkInterface" ] [ "virtualisation" "virtualbox" "host" "addNetworkInterface" ]) + (mkRenamedOptionModule [ "programs" "virtualbox" "enableHardening" ] [ "virtualisation" "virtualbox" "host" "enableHardening" ]) + (mkRenamedOptionModule [ "services" "virtualboxHost" "enable" ] [ "virtualisation" "virtualbox" "host" "enable" ]) + (mkRenamedOptionModule [ "services" "virtualboxHost" "addNetworkInterface" ] [ "virtualisation" "virtualbox" "host" "addNetworkInterface" ]) + (mkRenamedOptionModule [ "services" "virtualboxHost" "enableHardening" ] [ "virtualisation" "virtualbox" "host" "enableHardening" ]) + + # Tarsnap + (mkRenamedOptionModule [ "services" "tarsnap" "config" ] [ "services" "tarsnap" "archives" ]) + + # proxy + (mkRenamedOptionModule [ "nix" "proxy" ] [ "networking" "proxy" "default" ]) + + # KDE + (mkRenamedOptionModule [ "kde" "extraPackages" ] [ "environment" "systemPackages" ]) + (mkRenamedOptionModule [ "environment" "kdePackages" ] [ "environment" "systemPackages" ]) + + # Multiple efi bootloaders now + (mkRenamedOptionModule [ "boot" "loader" "efi" "efibootmgr" "enable" ] [ "boot" "loader" "efi" "canTouchEfiVariables" ]) + + # NixOS environment changes + # !!! this hardcodes bash, could we detect from config which shell is actually used? + (mkRenamedOptionModule [ "environment" "promptInit" ] [ "programs" "bash" "promptInit" ]) + + (mkRenamedOptionModule [ "services" "xserver" "driSupport" ] [ "hardware" "opengl" "driSupport" ]) + (mkRenamedOptionModule [ "services" "xserver" "driSupport32Bit" ] [ "hardware" "opengl" "driSupport32Bit" ]) + (mkRenamedOptionModule [ "services" "xserver" "s3tcSupport" ] [ "hardware" "opengl" "s3tcSupport" ]) + (mkRenamedOptionModule [ "hardware" "opengl" "videoDrivers" ] [ "services" "xserver" "videoDrivers" ]) + + (mkRenamedOptionModule [ "services" "mysql55" ] [ "services" "mysql" ]) + + (mkAliasOptionModule [ "environment" "checkConfigurationOptions" ] [ "_module" "check" ]) + + # XBMC + (mkRenamedOptionModule [ "services" "xserver" "windowManager" "xbmc" ] [ "services" "xserver" "desktopManager" "kodi" ]) + (mkRenamedOptionModule [ "services" "xserver" "desktopManager" "xbmc" ] [ "services" "xserver" "desktopManager" "kodi" ]) + + # DNSCrypt-proxy + (mkRenamedOptionModule [ "services" "dnscrypt-proxy" "port" ] [ "services" "dnscrypt-proxy" "localPort" ]) + + # Options that are obsolete and have no replacement. + (mkRemovedOptionModule [ "boot" "initrd" "luks" "enable" ]) + (mkRemovedOptionModule [ "programs" "bash" "enable" ]) + (mkRemovedOptionModule [ "services" "samba" "defaultShare" ]) + (mkRemovedOptionModule [ "services" "syslog-ng" "serviceName" ]) + (mkRemovedOptionModule [ "services" "syslog-ng" "listenToJournal" ]) + (mkRemovedOptionModule [ "ec2" "metadata" ]) + (mkRemovedOptionModule [ "services" "openvpn" "enable" ]) + + ]; +} diff --git a/nixos/modules/system/boot/loader/grub/grub.nix b/nixos/modules/system/boot/loader/grub/grub.nix index ce3efc3cd7cd..5f09e937537f 100644 --- a/nixos/modules/system/boot/loader/grub/grub.nix +++ b/nixos/modules/system/boot/loader/grub/grub.nix @@ -488,4 +488,15 @@ in ]; + + imports = + [ (mkRemovedOptionModule [ "boot" "loader" "grub" "bootDevice" ]) + (mkRenamedOptionModule [ "boot" "copyKernels" ] [ "boot" "loader" "grub" "copyKernels" ]) + (mkRenamedOptionModule [ "boot" "extraGrubEntries" ] [ "boot" "loader" "grub" "extraEntries" ]) + (mkRenamedOptionModule [ "boot" "extraGrubEntriesBeforeNixos" ] [ "boot" "loader" "grub" "extraEntriesBeforeNixOS" ]) + (mkRenamedOptionModule [ "boot" "grubDevice" ] [ "boot" "loader" "grub" "device" ]) + (mkRenamedOptionModule [ "boot" "bootMount" ] [ "boot" "loader" "grub" "bootDevice" ]) + (mkRenamedOptionModule [ "boot" "grubSplashImage" ] [ "boot" "loader" "grub" "splashImage" ]) + ]; + } diff --git a/nixos/modules/system/boot/systemd.nix b/nixos/modules/system/boot/systemd.nix index 13c44e0930a3..4704b3981e46 100644 --- a/nixos/modules/system/boot/systemd.nix +++ b/nixos/modules/system/boot/systemd.nix @@ -772,4 +772,11 @@ in }; + # FIXME: Remove these eventually. + imports = + [ (mkRenamedOptionModule [ "boot" "systemd" "sockets" ] [ "systemd" "sockets" ]) + (mkRenamedOptionModule [ "boot" "systemd" "targets" ] [ "systemd" "targets" ]) + (mkRenamedOptionModule [ "boot" "systemd" "services" ] [ "systemd" "services" ]) + ]; + } -- cgit 1.4.1 From cb38f10d12dbe5b6910ed4716c60df3d7becb7af Mon Sep 17 00:00:00 2001 From: Charles Strahan Date: Sun, 20 Sep 2015 18:33:28 -0400 Subject: nixos-generate-config: detect brcmfmac requirement This makes the firmware available (or would, if someone switched off enableAllFirmware). Corresponding kernel module should get auto-loaded. See #9948. Close #9971. --- nixos/modules/installer/tools/nixos-generate-config.pl | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) (limited to 'nixos') diff --git a/nixos/modules/installer/tools/nixos-generate-config.pl b/nixos/modules/installer/tools/nixos-generate-config.pl index 39ef4c51ba10..19656c9b9eae 100644 --- a/nixos/modules/installer/tools/nixos-generate-config.pl +++ b/nixos/modules/installer/tools/nixos-generate-config.pl @@ -152,6 +152,22 @@ sub pciCheck { push @kernelModules, "wl"; } + # broadcom FullMac driver + # list taken from + # https://wireless.wiki.kernel.org/en/users/Drivers/brcm80211#brcmfmac + if ($vendor eq "0x14e4" && + ($device eq "0x43a3" || $device eq "0x43df" || $device eq "0x43ec" || + $device eq "0x43d3" || $device eq "0x43d9" || $device eq "0x43e9" || + $device eq "0x43ba" || $device eq "0x43bb" || $device eq "0x43bc" || + $device eq "0xaa52" || $device eq "0x43ca" || $device eq "0x43cb" || + $device eq "0x43cc" || $device eq "0x43c3" || $device eq "0x43c4" || + $device eq "0x43c5" + ) ) + { + # we need e.g. brcmfmac43602-pcie.bin + push @imports, ""; + } + # Can't rely on $module here, since the module may not be loaded # due to missing firmware. Ideally we would check modules.pcimap # here. -- cgit 1.4.1 From 3ef956eb5077fed94aad2883811cd510449a69c3 Mon Sep 17 00:00:00 2001 From: Brian McKenna Date: Fri, 16 Oct 2015 17:38:41 +1100 Subject: nixos-generate-config: look at mmc_host for device drivers I needed to add sdhci_acpi and mmc_block to my initrd modules in order to boot my Chromebook. Looking under /sys/class/mmc_host/*/device/driver/module will give us the sdhci_acpi dependency. --- nixos/modules/installer/tools/nixos-generate-config.pl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'nixos') diff --git a/nixos/modules/installer/tools/nixos-generate-config.pl b/nixos/modules/installer/tools/nixos-generate-config.pl index 19656c9b9eae..c590c4cde3f0 100644 --- a/nixos/modules/installer/tools/nixos-generate-config.pl +++ b/nixos/modules/installer/tools/nixos-generate-config.pl @@ -233,8 +233,8 @@ foreach my $path (glob "/sys/bus/usb/devices/*") { } -# Add the modules for all block devices. -foreach my $path (glob "/sys/class/block/*") { +# Add the modules for all block and MMC devices. +foreach my $path (glob "/sys/class/{block,mmc_host}/*") { my $module; if (-e "$path/device/driver/module") { $module = basename `readlink -f $path/device/driver/module`; -- cgit 1.4.1 From de9e05153d2c64886246b140e68de8b70b5b7b10 Mon Sep 17 00:00:00 2001 From: Hajo Möller Date: Mon, 19 Oct 2015 19:05:23 +0200 Subject: service.asterisk: fix dir creation --- nixos/modules/services/networking/asterisk.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'nixos') diff --git a/nixos/modules/services/networking/asterisk.nix b/nixos/modules/services/networking/asterisk.nix index b079cb227303..13617a1b6c58 100644 --- a/nixos/modules/services/networking/asterisk.nix +++ b/nixos/modules/services/networking/asterisk.nix @@ -201,6 +201,7 @@ in for d in '${varlibdir}' '${spooldir}' '${logdir}'; do # TODO: Make exceptions for /var directories that likely should be updated if [ ! -e "$d" ]; then + mkdir -p "$d" cp --recursive ${pkgs.asterisk}/"$d" "$d" chown --recursive ${asteriskUser} "$d" find "$d" -type d | xargs chmod 0755 -- cgit 1.4.1 From de8b8b35a41b2f1611be5da4697ab39a6d2fa2e3 Mon Sep 17 00:00:00 2001 From: Nikolay Amiantov Date: Sun, 18 Oct 2015 21:20:46 +0300 Subject: nixos/swap: refactor, add randomEncryption option --- nixos/modules/config/swap.nix | 167 +++++++++++++++++++++------------- nixos/modules/system/boot/stage-1.nix | 2 +- nixos/modules/tasks/filesystems.nix | 2 +- 3 files changed, 104 insertions(+), 67 deletions(-) (limited to 'nixos') diff --git a/nixos/modules/config/swap.nix b/nixos/modules/config/swap.nix index 1dc7ebb96aff..9a5d6a9fc333 100644 --- a/nixos/modules/config/swap.nix +++ b/nixos/modules/config/swap.nix @@ -3,6 +3,84 @@ with utils; with lib; +let + + swapCfg = {config, options, ...}: { + + options = { + + device = mkOption { + example = "/dev/sda3"; + type = types.str; + description = "Path of the device."; + }; + + label = mkOption { + example = "swap"; + type = types.str; + description = '' + Label of the device. Can be used instead of device. + ''; + }; + + size = mkOption { + default = null; + example = 2048; + type = types.nullOr types.int; + description = '' + If this option is set, ‘device’ is interpreted as the + path of a swapfile that will be created automatically + with the indicated size (in megabytes) if it doesn't + exist. + ''; + }; + + priority = mkOption { + default = null; + example = 2048; + type = types.nullOr types.int; + description = '' + Specify the priority of the swap device. Priority is a value between 0 and 32767. + Higher numbers indicate higher priority. + null lets the kernel choose a priority, which will show up as a negative value. + ''; + }; + + randomEncryption = mkOption { + default = false; + type = types.bool; + description = '' + Encrypt swap device with a random key. This way you won't have a persistent swap device. + + WARNING: Don't try to hibernate when you have at least one swap partition with + this option enabled! We have no way to set the partition into which hibernation image + is saved, so if your image ends up on an encrypted one you would lose it! + ''; + }; + + deviceName = mkOption { + type = types.str; + internal = true; + }; + + realDevice = mkOption { + type = types.path; + internal = true; + }; + + }; + + config = rec { + device = mkIf options.label.isDefined + "/dev/disk/by-label/${config.label}"; + deviceName = escapeSystemdPath config.device; + realDevice = if config.randomEncryption then "/dev/mapper/${deviceName}" else config.device; + }; + + }; + +in + { ###### interface @@ -26,58 +104,7 @@ with lib; recommended. ''; - type = types.listOf types.optionSet; - - options = {config, options, ...}: { - - options = { - - device = mkOption { - example = "/dev/sda3"; - type = types.str; - description = "Path of the device."; - }; - - label = mkOption { - example = "swap"; - type = types.str; - description = '' - Label of the device. Can be used instead of device. - ''; - }; - - size = mkOption { - default = null; - example = 2048; - type = types.nullOr types.int; - description = '' - If this option is set, ‘device’ is interpreted as the - path of a swapfile that will be created automatically - with the indicated size (in megabytes) if it doesn't - exist. - ''; - }; - - priority = mkOption { - default = null; - example = 2048; - type = types.nullOr types.int; - description = '' - Specify the priority of the swap device. Priority is a value between 0 and 32767. - Higher numbers indicate higher priority. - null lets the kernel choose a priority, which will show up as a negative value. - ''; - }; - - }; - - config = { - device = mkIf options.label.isDefined - "/dev/disk/by-label/${config.label}"; - }; - - }; - + type = types.listOf (types.submodule swapCfg); }; }; @@ -95,27 +122,37 @@ with lib; createSwapDevice = sw: assert sw.device != ""; - let device' = escapeSystemdPath sw.device; in - nameValuePair "mkswap-${escapeSystemdPath sw.device}" - { description = "Initialisation of Swapfile ${sw.device}"; - wantedBy = [ "${device'}.swap" ]; - before = [ "${device'}.swap" ]; - path = [ pkgs.utillinux ]; + let realDevice' = escapeSystemdPath sw.realDevice; + in nameValuePair "mkswap-${sw.deviceName}" + { description = "Initialisation of swap device ${sw.device}"; + wantedBy = [ "${realDevice'}.swap" ]; + before = [ "${realDevice'}.swap" ]; + path = [ pkgs.utillinux ] ++ optional sw.randomEncryption pkgs.cryptsetup; script = '' - if [ ! -e "${sw.device}" ]; then - fallocate -l ${toString sw.size}M "${sw.device}" || - dd if=/dev/zero of="${sw.device}" bs=1M count=${toString sw.size} - chmod 0600 ${sw.device} - mkswap ${sw.device} - fi + ${optionalString (sw.size != null) '' + if [ ! -e "${sw.device}" ]; then + fallocate -l ${toString sw.size}M "${sw.device}" || + dd if=/dev/zero of="${sw.device}" bs=1M count=${toString sw.size} + chmod 0600 ${sw.device} + ${optionalString (!sw.randomEncryption) "mkswap ${sw.realDevice}"} + fi + ''} + ${optionalString sw.randomEncryption '' + echo "secretkey" | cryptsetup luksFormat --batch-mode ${sw.device} + echo "secretkey" | cryptsetup luksOpen ${sw.device} ${sw.deviceName} + cryptsetup luksErase --batch-mode ${sw.device} + mkswap ${sw.realDevice} + ''} ''; unitConfig.RequiresMountsFor = [ "${dirOf sw.device}" ]; unitConfig.DefaultDependencies = false; # needed to prevent a cycle serviceConfig.Type = "oneshot"; + serviceConfig.RemainAfterExit = sw.randomEncryption; + serviceConfig.ExecStop = optionalString sw.randomEncryption "cryptsetup luksClose ${sw.deviceName}"; }; - in listToAttrs (map createSwapDevice (filter (sw: sw.size != null) config.swapDevices)); + in listToAttrs (map createSwapDevice (filter (sw: sw.size != null || sw.randomEncryption) config.swapDevices)); }; diff --git a/nixos/modules/system/boot/stage-1.nix b/nixos/modules/system/boot/stage-1.nix index ace2d10ec9c1..fe34e8227289 100644 --- a/nixos/modules/system/boot/stage-1.nix +++ b/nixos/modules/system/boot/stage-1.nix @@ -206,7 +206,7 @@ let preLVMCommands postDeviceCommands postMountCommands kernelModules; resumeDevices = map (sd: if sd ? device then sd.device else "/dev/disk/by-label/${sd.label}") - (filter (sd: sd ? label || hasPrefix "/dev/" sd.device) config.swapDevices); + (filter (sd: (sd ? label || hasPrefix "/dev/" sd.device) && !sd.randomEncryption) config.swapDevices); fsInfo = let f = fs: [ fs.mountPoint (if fs.device != null then fs.device else "/dev/disk/by-label/${fs.label}") fs.fsType fs.options ]; diff --git a/nixos/modules/tasks/filesystems.nix b/nixos/modules/tasks/filesystems.nix index 9dd250f140ce..dbe0c9c6e03a 100644 --- a/nixos/modules/tasks/filesystems.nix +++ b/nixos/modules/tasks/filesystems.nix @@ -174,7 +174,7 @@ in # Swap devices. ${flip concatMapStrings config.swapDevices (sw: - "${sw.device} none swap${prioOption sw.priority}\n" + "${sw.realDevice} none swap${prioOption sw.priority}\n" )} ''; -- cgit 1.4.1 From 7a9982d4651c0ef7251128e8bbd8f99fa4b70e2e Mon Sep 17 00:00:00 2001 From: Nikolay Amiantov Date: Wed, 14 Oct 2015 18:15:11 +0300 Subject: nixos/bash: use simple prompt for dumb terminals --- nixos/modules/programs/bash/bash.nix | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) (limited to 'nixos') diff --git a/nixos/modules/programs/bash/bash.nix b/nixos/modules/programs/bash/bash.nix index c5c0f9d01215..75efd5e29039 100644 --- a/nixos/modules/programs/bash/bash.nix +++ b/nixos/modules/programs/bash/bash.nix @@ -90,12 +90,14 @@ in promptInit = mkOption { default = '' - # Provide a nice prompt. - PROMPT_COLOR="1;31m" - let $UID && PROMPT_COLOR="1;32m" - PS1="\n\[\033[$PROMPT_COLOR\][\u@\h:\w]\\$\[\033[0m\] " - if test "$TERM" = "xterm"; then - PS1="\[\033]2;\h:\u:\w\007\]$PS1" + if test "$TERM" != "dumb"; then + # Provide a nice prompt. + PROMPT_COLOR="1;31m" + let $UID && PROMPT_COLOR="1;32m" + PS1="\n\[\033[$PROMPT_COLOR\][\u@\h:\w]\\$\[\033[0m\] " + if test "$TERM" = "xterm"; then + PS1="\[\033]2;\h:\u:\w\007\]$PS1" + fi fi ''; description = '' -- cgit 1.4.1 From 763ad3372a9719f1187d800edbbb21a82180b143 Mon Sep 17 00:00:00 2001 From: Nikolay Amiantov Date: Thu, 22 Oct 2015 14:02:44 +0300 Subject: nixos/parsoid: use nodejs 0.10 --- nixos/modules/services/misc/parsoid.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'nixos') diff --git a/nixos/modules/services/misc/parsoid.nix b/nixos/modules/services/misc/parsoid.nix index 0844190a5490..ea97d6e30e83 100644 --- a/nixos/modules/services/misc/parsoid.nix +++ b/nixos/modules/services/misc/parsoid.nix @@ -91,7 +91,7 @@ in wantedBy = [ "multi-user.target" ]; after = [ "network.target" ]; serviceConfig = { - ExecStart = "${pkgs.nodePackages.parsoid}/lib/node_modules/parsoid/api/server.js -c ${confFile} -n ${toString cfg.workers}"; + ExecStart = "${pkgs.nodePackages_0_10.parsoid}/lib/node_modules/parsoid/api/server.js -c ${confFile} -n ${toString cfg.workers}"; }; }; -- cgit 1.4.1 From 6fb7b9b664daf9d1f6b52b2196d5807074e128cd Mon Sep 17 00:00:00 2001 From: Domen Kožar Date: Fri, 23 Oct 2015 20:15:31 +0200 Subject: networkmanager: don't check if subject is active (false in my X session) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit (cherry picked from commit 4c2bbb248cf22ad3c3541ba7d38bbc3abb40c706) Signed-off-by: Domen Kožar --- nixos/modules/services/networking/networkmanager.nix | 1 - 1 file changed, 1 deletion(-) (limited to 'nixos') diff --git a/nixos/modules/services/networking/networkmanager.nix b/nixos/modules/services/networking/networkmanager.nix index 8370eca21e52..d0c4be1324a5 100644 --- a/nixos/modules/services/networking/networkmanager.nix +++ b/nixos/modules/services/networking/networkmanager.nix @@ -40,7 +40,6 @@ let polkit.addRule(function(action, subject) { if ( subject.isInGroup("networkmanager") - && subject.active && (action.id.indexOf("org.freedesktop.NetworkManager.") == 0 || action.id.indexOf("org.freedesktop.ModemManager") == 0 )) -- cgit 1.4.1 From 63c3aed44258988f02639db261e8e0d9692ae033 Mon Sep 17 00:00:00 2001 From: Tuomas Tynkkynen Date: Sat, 24 Oct 2015 17:18:18 +0300 Subject: ARM: Don't disable manual in installation images Since commits 89e9837 and 5b8dae8 the manual no longer depends on evaluation of any packages from nixpkgs, so all errors of the form "Package 'foo' is not supported on 'armv7l-linux'" are gone. --- nixos/modules/installer/cd-dvd/sd-image-armv7l-multiplatform.nix | 3 --- nixos/modules/installer/cd-dvd/sd-image-raspberrypi.nix | 3 --- 2 files changed, 6 deletions(-) (limited to 'nixos') diff --git a/nixos/modules/installer/cd-dvd/sd-image-armv7l-multiplatform.nix b/nixos/modules/installer/cd-dvd/sd-image-armv7l-multiplatform.nix index 0ca57a4635f4..6be79b587c72 100644 --- a/nixos/modules/installer/cd-dvd/sd-image-armv7l-multiplatform.nix +++ b/nixos/modules/installer/cd-dvd/sd-image-armv7l-multiplatform.nix @@ -26,9 +26,6 @@ in boot.kernelPackages = pkgs.linuxPackages_testing; boot.kernelParams = ["console=ttyS0,115200n8" "console=ttyAMA0,115200n8" "console=tty0"]; - # FIXME: fix manual evaluation on ARM - services.nixosManual.enable = lib.mkOverride 0 false; - # FIXME: this probably should be in installation-device.nix users.extraUsers.root.initialHashedPassword = ""; diff --git a/nixos/modules/installer/cd-dvd/sd-image-raspberrypi.nix b/nixos/modules/installer/cd-dvd/sd-image-raspberrypi.nix index 199a252ad2b5..e7163f10a3c3 100644 --- a/nixos/modules/installer/cd-dvd/sd-image-raspberrypi.nix +++ b/nixos/modules/installer/cd-dvd/sd-image-raspberrypi.nix @@ -27,9 +27,6 @@ in boot.kernelPackages = pkgs.linuxPackages_rpi; - # FIXME: fix manual evaluation on ARM - services.nixosManual.enable = lib.mkOverride 0 false; - # FIXME: this probably should be in installation-device.nix users.extraUsers.root.initialHashedPassword = ""; -- cgit 1.4.1 From 7671f920f88421d50f5edb34ddd67f48145283a6 Mon Sep 17 00:00:00 2001 From: Tuomas Tynkkynen Date: Sat, 24 Oct 2015 17:32:21 +0300 Subject: ARM: Use linuxPackages_latest in ARMv7 image 4.2 is out now, which includes the pcDuino3 Nano DTB. --- nixos/modules/installer/cd-dvd/sd-image-armv7l-multiplatform.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'nixos') diff --git a/nixos/modules/installer/cd-dvd/sd-image-armv7l-multiplatform.nix b/nixos/modules/installer/cd-dvd/sd-image-armv7l-multiplatform.nix index 6be79b587c72..15e22fb50d48 100644 --- a/nixos/modules/installer/cd-dvd/sd-image-armv7l-multiplatform.nix +++ b/nixos/modules/installer/cd-dvd/sd-image-armv7l-multiplatform.nix @@ -22,8 +22,7 @@ in boot.loader.grub.enable = false; boot.loader.generic-extlinux-compatible.enable = true; - # FIXME: change this to linuxPackages_latest once v4.2 is out - boot.kernelPackages = pkgs.linuxPackages_testing; + boot.kernelPackages = pkgs.linuxPackages_latest; boot.kernelParams = ["console=ttyS0,115200n8" "console=ttyAMA0,115200n8" "console=tty0"]; # FIXME: this probably should be in installation-device.nix -- cgit 1.4.1 From 61910861dcb42332560864dafa94dc61476ae476 Mon Sep 17 00:00:00 2001 From: Arseniy Seroka Date: Sun, 25 Oct 2015 04:26:49 +0300 Subject: fix spelling --- maintainers/scripts/dep-licenses.sh | 2 +- nixos/modules/installer/tools/nixos-rebuild.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'nixos') diff --git a/maintainers/scripts/dep-licenses.sh b/maintainers/scripts/dep-licenses.sh index 48c1efdeebc5..28ad22c334fc 100755 --- a/maintainers/scripts/dep-licenses.sh +++ b/maintainers/scripts/dep-licenses.sh @@ -17,7 +17,7 @@ trap "exitHandler" EXIT # fetch the trace and the drvPath of the attribute. nix-instantiate $NIXPKGS -A $attr --show-trace > "$tmp/drvPath" 2> "$tmp/trace" || { cat 1>&2 - "$tmp/trace" <&2 + echo "warning: error(s) occurred while switching to the new configuration" >&2 exit 1 fi fi -- cgit 1.4.1 From 60d407b2094cd718b86de1360c9a44d92638d182 Mon Sep 17 00:00:00 2001 From: aszlig Date: Sun, 25 Oct 2015 16:02:11 +0100 Subject: nixos/postgresql: Fix execution of initialScript. Regression introduced by b21fd5d066baadb06ca8e9a2accfcb4e94c60a09. The initialScript is only executed whenever there is a .first-startup in the dataDir, so silently dropping the file essentially breaks initialScript functionality. Signed-off-by: aszlig --- nixos/modules/services/databases/postgresql.nix | 2 ++ 1 file changed, 2 insertions(+) (limited to 'nixos') diff --git a/nixos/modules/services/databases/postgresql.nix b/nixos/modules/services/databases/postgresql.nix index bae088c6610e..06b9c3fbf4ca 100644 --- a/nixos/modules/services/databases/postgresql.nix +++ b/nixos/modules/services/databases/postgresql.nix @@ -202,6 +202,8 @@ in # For non-root operation. initdb fi + # See postStart! + touch "${cfg.dataDir}/.first_startup" fi ln -sfn "${configFile}" "${cfg.dataDir}/postgresql.conf" -- cgit 1.4.1 From f1508b3a23cd10a6a174580c4c8e98569beaccb8 Mon Sep 17 00:00:00 2001 From: Domen Kožar Date: Mon, 26 Oct 2015 16:16:15 +0100 Subject: nova-image: use make-disk-image.nix --- nixos/lib/make-disk-image.nix | 2 +- nixos/modules/virtualisation/nova-config.nix | 5 -- nixos/modules/virtualisation/nova-image.nix | 97 +++++++--------------------- 3 files changed, 25 insertions(+), 79 deletions(-) delete mode 100644 nixos/modules/virtualisation/nova-config.nix (limited to 'nixos') diff --git a/nixos/lib/make-disk-image.nix b/nixos/lib/make-disk-image.nix index 01dd9c9ae7f2..62728c8ac761 100644 --- a/nixos/lib/make-disk-image.nix +++ b/nixos/lib/make-disk-image.nix @@ -110,7 +110,7 @@ pkgs.vmTools.runInLinuxVM ( umount /mnt/proc /mnt/dev /mnt/sys umount /mnt - # Do an fsck to make sure resize2fs works. + # Do a fsck to make sure resize2fs works. fsck.${fsType} -f -y $rootDisk '' ) diff --git a/nixos/modules/virtualisation/nova-config.nix b/nixos/modules/virtualisation/nova-config.nix deleted file mode 100644 index f8239cdec519..000000000000 --- a/nixos/modules/virtualisation/nova-config.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ config, pkgs, modulesPath, ... }: - -{ - imports = [ "${modulesPath}/virtualisation/nova-image.nix" ]; -} diff --git a/nixos/modules/virtualisation/nova-image.nix b/nixos/modules/virtualisation/nova-image.nix index 20ec6b024e91..44c83aee2732 100644 --- a/nixos/modules/virtualisation/nova-image.nix +++ b/nixos/modules/virtualisation/nova-image.nix @@ -1,90 +1,45 @@ +# Usage: +# $ NIXOS_CONFIG=`pwd`/nixos/modules/virtualisation/nova-image.nix nix-build '' -A config.system.build.novaImage + { config, lib, pkgs, ... }: with lib; { - imports = [ ../profiles/qemu-guest.nix ../profiles/headless.nix ./ec2-data.nix ]; - - system.build.novaImage = - pkgs.vmTools.runInLinuxVM ( - pkgs.runCommand "nova-image" - { preVM = - '' - mkdir $out - diskImage=$out/image - ${pkgs.vmTools.qemu}/bin/qemu-img create -f raw $diskImage "4G" - mv closure xchg/ - ''; - buildInputs = [ pkgs.utillinux pkgs.perl ]; - exportReferencesGraph = - [ "closure" config.system.build.toplevel ]; + system.build.novaImage = import ../../lib/make-disk-image.nix { + inherit pkgs lib config; + partitioned = true; + diskSize = 1 * 1024; + configFile = pkgs.writeText "configuration.nix" + '' + { + imports = [ ]; } - '' - # Create a single / partition. - ${pkgs.parted}/sbin/parted /dev/vda mklabel msdos - ${pkgs.parted}/sbin/parted /dev/vda -- mkpart primary ext2 1M -1s - . /sys/class/block/vda1/uevent - mknod /dev/vda1 b $MAJOR $MINOR - - # Create an empty filesystem and mount it. - ${pkgs.e2fsprogs}/sbin/mkfs.ext3 -L nixos /dev/vda1 - ${pkgs.e2fsprogs}/sbin/tune2fs -c 0 -i 0 /dev/vda1 - mkdir /mnt - mount /dev/vda1 /mnt - - # The initrd expects these directories to exist. - mkdir /mnt/dev /mnt/proc /mnt/sys - mount --bind /proc /mnt/proc - mount --bind /dev /mnt/dev - mount --bind /sys /mnt/sys - - # Copy all paths in the closure to the filesystem. - storePaths=$(perl ${pkgs.pathsFromGraph} /tmp/xchg/closure) - - mkdir -p /mnt/nix/store - ${pkgs.rsync}/bin/rsync -av $storePaths /mnt/nix/store/ - - # Register the paths in the Nix database. - printRegistration=1 perl ${pkgs.pathsFromGraph} /tmp/xchg/closure | \ - chroot /mnt ${config.nix.package}/bin/nix-store --load-db --option build-users-group "" - - # Create the system profile to allow nixos-rebuild to work. - chroot /mnt ${config.nix.package}/bin/nix-env --option build-users-group "" \ - -p /nix/var/nix/profiles/system --set ${config.system.build.toplevel} - - # `nixos-rebuild' requires an /etc/NIXOS. - mkdir -p /mnt/etc - touch /mnt/etc/NIXOS - - # `switch-to-configuration' requires a /bin/sh - mkdir -p /mnt/bin - ln -s ${config.system.build.binsh}/bin/sh /mnt/bin/sh + ''; + }; - # Install a configuration.nix. - mkdir -p /mnt/etc/nixos - cp ${./nova-config.nix} /mnt/etc/nixos/configuration.nix - - # Generate the GRUB menu. - chroot /mnt ${config.system.build.toplevel}/bin/switch-to-configuration boot - - umount /mnt/proc /mnt/dev /mnt/sys - umount /mnt - '' - ); + imports = [ + ../profiles/qemu-guest.nix + ../profiles/headless.nix + ./ec2-data.nix + ]; fileSystems."/".device = "/dev/disk/by-label/nixos"; boot.kernelParams = [ "console=ttyS0" ]; - - boot.loader.grub.version = 2; boot.loader.grub.device = "/dev/vda"; boot.loader.grub.timeout = 0; + # Allow root logins + services.openssh.enable = true; + services.openssh.permitRootLogin = "without-password"; + # Put /tmp and /var on /ephemeral0, which has a lot more space. # Unfortunately we can't do this with the `fileSystems' option # because it has no support for creating the source of a bind # mount. Also, "move" /nix to /ephemeral0 by layering a unionfs-fuse # mount on top of it so we have a lot more space for Nix operations. + /* boot.initrd.postMountCommands = '' @@ -106,10 +61,6 @@ with lib; ''; boot.initrd.supportedFilesystems = [ "unionfs-fuse" ]; - */ + */ - # Allow root logins only using the SSH key that the user specified - # at instance creation time. - services.openssh.enable = true; - services.openssh.permitRootLogin = "without-password"; } -- cgit 1.4.1 From b81f51cecf8ea4da99b837f18eef4164b1d10519 Mon Sep 17 00:00:00 2001 From: michael bishop Date: Mon, 26 Oct 2015 15:13:25 -0300 Subject: teamviewer: fix the expressions --- nixos/modules/services/monitoring/teamviewer.nix | 1 + .../networking/remote/teamviewer/10.nix | 22 +++++++++++----------- 2 files changed, 12 insertions(+), 11 deletions(-) (limited to 'nixos') diff --git a/nixos/modules/services/monitoring/teamviewer.nix b/nixos/modules/services/monitoring/teamviewer.nix index beba5dcd1b06..533f1ea6644b 100644 --- a/nixos/modules/services/monitoring/teamviewer.nix +++ b/nixos/modules/services/monitoring/teamviewer.nix @@ -29,6 +29,7 @@ in wantedBy = [ "graphical.target" ]; after = [ "NetworkManager-wait-online.service" "network.target" ]; + preStart = "mkdir -pv /var/tmp/teamviewer10/{logs,config}"; serviceConfig = { Type = "forking"; diff --git a/pkgs/applications/networking/remote/teamviewer/10.nix b/pkgs/applications/networking/remote/teamviewer/10.nix index 7e97a31c3a92..5de60180c69d 100644 --- a/pkgs/applications/networking/remote/teamviewer/10.nix +++ b/pkgs/applications/networking/remote/teamviewer/10.nix @@ -1,6 +1,5 @@ { stdenv, fetchurl, libX11, libXtst, libXext, libXdamage, libXfixes, -wineUnstable, makeWrapper, libXau , bash, patchelf, config, -acceptLicense ? false }: +wineUnstable, makeWrapper, libXau , patchelf, config }: with stdenv.lib; @@ -30,22 +29,23 @@ stdenv.mkDerivation { rm -R $out/share/teamviewer/tv_bin/wine/{bin,lib,share} cat > $out/bin/teamviewer << EOF - #!${bash}/bin/sh + #!${stdenv.shell} export LD_LIBRARY_PATH=${toldpath}\''${LD_LIBRARY_PATH:+:\$LD_LIBRARY_PATH} export PATH=${topath}\''${PATH:+:\$PATH} $out/share/teamviewer/tv_bin/script/teamviewer "\$@" EOF chmod +x $out/bin/teamviewer - patchelf --set-rpath "${stdenv.cc.cc}/lib64:${stdenv.cc.cc}/lib:${libX11}/lib:${libXext}/lib:${libXau}/lib:${libXdamage}/lib:${libXfixes}/lib" $out/share/teamviewer/tv_bin/teamviewerd - patchelf --set-interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" $out/share/teamviewer/tv_bin/teamviewerd ln -s $out/share/teamviewer/tv_bin/teamviewerd $out/bin/ - ${optionalString acceptLicense " - cat > $out/share/teamviewer/config/global.conf << EOF - [int32] EulaAccepted = 1 - [int32] EulaAcceptedRevision = 6 - EOF - "} + rm -rf $out/share/teamviewer/logfiles $out/share/teamviewer/config + ln -sv /var/tmp/teamviewer10/logs/ $out/share/teamviewer/logfiles + ln -sv /var/tmp/teamviewer10/config/ $out/share/teamviewer/config + ''; + + # the fixupPhase undoes the rpath patch + postFixup = '' + patchelf --set-interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" $out/share/teamviewer/tv_bin/teamviewerd + patchelf --set-rpath "${stdenv.cc.cc}/lib64:${stdenv.cc.cc}/lib:${libX11}/lib:${libXext}/lib:${libXau}/lib:${libXdamage}/lib:${libXfixes}/lib" $out/share/teamviewer/tv_bin/teamviewerd ''; meta = { -- cgit 1.4.1 From eb46e0fc7249e304dd6d4b3bdec2d7a07c7a9b84 Mon Sep 17 00:00:00 2001 From: Guillaume Maudoux Date: Mon, 26 Oct 2015 22:30:59 +0100 Subject: i3wm: Add debug & logging options --- nixos/modules/services/x11/window-managers/i3.nix | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) (limited to 'nixos') diff --git a/nixos/modules/services/x11/window-managers/i3.nix b/nixos/modules/services/x11/window-managers/i3.nix index e85c3bce591d..510997e76af8 100644 --- a/nixos/modules/services/x11/window-managers/i3.nix +++ b/nixos/modules/services/x11/window-managers/i3.nix @@ -23,6 +23,23 @@ in If left at the default value, $HOME/.i3/config will be used. ''; }; + + debug = mkOption { + default = false; + example = true; + type = types.bool; + description = "Enable debug/verbose logging (see -V option)"; + }; + + logFile = mkOption { + default = null; + example = "$HOME/.i3/i3log"; + type = types.string; + description = '' + Path to a logfile for i3. + If left at the default value, logs will appear in display-manager.service's logs. + ''; + }; }; }; @@ -32,7 +49,11 @@ in name = "i3"; start = '' ${pkgs.i3}/bin/i3 ${optionalString (cfg.configFile != null) - "-c \"${cfg.configFile}\"" + ''-c "${cfg.configFile}"'' + } ${optionalString cfg.debug + ''-V'' + } ${optionalString (cfg.logFile != null) + ''>> "${cfg.logFile}"'' } & waitPID=$! ''; -- cgit 1.4.1 From 42eabf1c4aed3dff04a4621a042fead823835858 Mon Sep 17 00:00:00 2001 From: Arseniy Seroka Date: Tue, 27 Oct 2015 13:40:04 +0300 Subject: Revert "i3wm: Add debug & logging options" --- nixos/modules/services/x11/window-managers/i3.nix | 23 +---------------------- 1 file changed, 1 insertion(+), 22 deletions(-) (limited to 'nixos') diff --git a/nixos/modules/services/x11/window-managers/i3.nix b/nixos/modules/services/x11/window-managers/i3.nix index 510997e76af8..e85c3bce591d 100644 --- a/nixos/modules/services/x11/window-managers/i3.nix +++ b/nixos/modules/services/x11/window-managers/i3.nix @@ -23,23 +23,6 @@ in If left at the default value, $HOME/.i3/config will be used. ''; }; - - debug = mkOption { - default = false; - example = true; - type = types.bool; - description = "Enable debug/verbose logging (see -V option)"; - }; - - logFile = mkOption { - default = null; - example = "$HOME/.i3/i3log"; - type = types.string; - description = '' - Path to a logfile for i3. - If left at the default value, logs will appear in display-manager.service's logs. - ''; - }; }; }; @@ -49,11 +32,7 @@ in name = "i3"; start = '' ${pkgs.i3}/bin/i3 ${optionalString (cfg.configFile != null) - ''-c "${cfg.configFile}"'' - } ${optionalString cfg.debug - ''-V'' - } ${optionalString (cfg.logFile != null) - ''>> "${cfg.logFile}"'' + "-c \"${cfg.configFile}\"" } & waitPID=$! ''; -- cgit 1.4.1 From d355ed81cbacb7fa542236d5cf9340fa155aa0cc Mon Sep 17 00:00:00 2001 From: Sergey Mironov Date: Tue, 27 Oct 2015 20:35:58 +0300 Subject: autossh.nix: add the module, which run autossh sessions as systemd services --- nixos/modules/module-list.nix | 1 + nixos/modules/services/networking/autossh.nix | 124 ++++++++++++++++++++++++++ 2 files changed, 125 insertions(+) create mode 100644 nixos/modules/services/networking/autossh.nix (limited to 'nixos') diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index f1494c3b4afb..c0d53ea316f9 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -263,6 +263,7 @@ ./services/networking/atftpd.nix ./services/networking/avahi-daemon.nix ./services/networking/bind.nix + ./services/networking/autossh.nix ./services/networking/bird.nix ./services/networking/bitlbee.nix ./services/networking/btsync.nix diff --git a/nixos/modules/services/networking/autossh.nix b/nixos/modules/services/networking/autossh.nix new file mode 100644 index 000000000000..0294abc12487 --- /dev/null +++ b/nixos/modules/services/networking/autossh.nix @@ -0,0 +1,124 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + + cfg = config.services.autossh; + +in + +{ + + ###### interface + + options = { + + services.autossh = { + + enable = mkOption { + type = types.bool; + default = false; + description = '' + Whether to enable the AutoSSH, the SSH sessions manager + ''; + }; + + sessions = mkOption { + type = types.listOf (types.submodule { + options = { + name = mkOption { + type = types.string; + example = "socks-peer"; + description = "Name of the local AutoSSH session"; + }; + user = mkOption { + type = types.string; + example = "bill"; + description = "Name of the user the AutoSSH session should run as"; + }; + monitoringPort = mkOption { + type = types.int; + default = 0; + example = 20000; + description = '' + Port to be used by AutoSSH for peer monitoring. Note, that + AutoSSH also uses mport+1. Value of 0 disables the keep-alive + style monitoring + ''; + }; + extraArguments = mkOption { + type = types.string; + example = "-N -D4343 bill@socks.host.net"; + description = '' + Arguments to be passed to AutoSSH and retransmitted to SSH + process. Some meaningful options include -N (don't run remote + command), -D (open SOCKS proxy on local port), -R (forward + remote port), -L (forward local port), -v (Enable debug). Check + ssh manual for the complete list. + ''; + }; + }; + }); + + default = []; + description = '' + List of AutoSSH sessions to start as systemd services. Each service is + named 'autossh-{session.name}'. + ''; + + example = [ + { + name="socks-peer"; + user="bill"; + monitoringPort = 20000; + extraArguments="-N -D4343 billremote@socks.host.net"; + } + ]; + + }; + }; + + }; + + ###### implementation + + config = mkIf cfg.enable { + + systemd.services = + + lib.fold ( s : acc : acc // + { + "autossh-${s.name}" = + let + mport = if s ? monitoringPort then s.monitoringPort else 0; + in + { + description = "AutoSSH session (" + s.name + ")"; + + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + + # To be able to start the service with no network connection + environment.AUTOSSH_GATETIME="0"; + + # How often AutoSSH checks the network, in seconds + environment.AUTOSSH_POLL="30"; + + serviceConfig = { + User = "${s.user}"; + PermissionsStartOnly = true; + # AutoSSH may exit with 0 code if the SSH session was + # gracefully terminated by either local or remote side. + Restart = "on-success"; + ExecStart = "${pkgs.autossh}/bin/autossh -M ${toString mport} ${s.extraArguments}"; + }; + }; + }) {} cfg.sessions; + + environment.systemPackages = [ pkgs.autossh ]; + + }; +} + + -- cgit 1.4.1 From b8dd60aaa633a52dcc60b766176810f49d7a62a3 Mon Sep 17 00:00:00 2001 From: Peter Simons Date: Wed, 28 Oct 2015 19:44:55 +0100 Subject: nixos: remove redundant services.autossh.enable option The service is enabled automatically when 'session' is non-empty. --- nixos/modules/services/networking/autossh.nix | 12 +----------- 1 file changed, 1 insertion(+), 11 deletions(-) (limited to 'nixos') diff --git a/nixos/modules/services/networking/autossh.nix b/nixos/modules/services/networking/autossh.nix index 0294abc12487..6ae454be9662 100644 --- a/nixos/modules/services/networking/autossh.nix +++ b/nixos/modules/services/networking/autossh.nix @@ -16,14 +16,6 @@ in services.autossh = { - enable = mkOption { - type = types.bool; - default = false; - description = '' - Whether to enable the AutoSSH, the SSH sessions manager - ''; - }; - sessions = mkOption { type = types.listOf (types.submodule { options = { @@ -83,7 +75,7 @@ in ###### implementation - config = mkIf cfg.enable { + config = mkIf (cfg.sessions != []) { systemd.services = @@ -120,5 +112,3 @@ in }; } - - -- cgit 1.4.1 From 84903a4846a6bac7ae1264d105bcd1658b24b148 Mon Sep 17 00:00:00 2001 From: Peter Simons Date: Wed, 28 Oct 2015 20:04:36 +0100 Subject: nixos: use "example.net" host name in autossh documentation --- nixos/modules/services/networking/autossh.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'nixos') diff --git a/nixos/modules/services/networking/autossh.nix b/nixos/modules/services/networking/autossh.nix index 6ae454be9662..9ea17469870d 100644 --- a/nixos/modules/services/networking/autossh.nix +++ b/nixos/modules/services/networking/autossh.nix @@ -41,7 +41,7 @@ in }; extraArguments = mkOption { type = types.string; - example = "-N -D4343 bill@socks.host.net"; + example = "-N -D4343 bill@socks.example.net"; description = '' Arguments to be passed to AutoSSH and retransmitted to SSH process. Some meaningful options include -N (don't run remote -- cgit 1.4.1 From a92c024c7f86248e1e5f27e87da6c433d217069c Mon Sep 17 00:00:00 2001 From: Benno Fünfstück Date: Sat, 17 Oct 2015 19:11:22 +0200 Subject: sddm: allow extra config options --- nixos/modules/services/x11/display-managers/sddm.nix | 15 +++++++++++++++ 1 file changed, 15 insertions(+) (limited to 'nixos') diff --git a/nixos/modules/services/x11/display-managers/sddm.nix b/nixos/modules/services/x11/display-managers/sddm.nix index c44383cc6117..4594155ea134 100644 --- a/nixos/modules/services/x11/display-managers/sddm.nix +++ b/nixos/modules/services/x11/display-managers/sddm.nix @@ -35,6 +35,8 @@ let SessionCommand=${dmcfg.session.script} SessionDir=${dmcfg.session.desktops} XauthPath=${pkgs.xorg.xauth}/bin/xauth + + ${cfg.extraConfig} ''; in @@ -50,6 +52,19 @@ in ''; }; + extraConfig = mkOption { + type = types.str; + default = ""; + example = '' + [Autologin] + User=john + Session=plasma.desktop + ''; + description = '' + Extra lines appended to the configuration of SDDM. + ''; + }; + theme = mkOption { type = types.str; default = "maui"; -- cgit 1.4.1 From 01b0355140f78fb03f38fbdfe9d8d8da800770c5 Mon Sep 17 00:00:00 2001 From: Domen Kožar Date: Thu, 29 Oct 2015 09:58:38 +0100 Subject: nm-openvpn: add user/group, closes #10689 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit (cherry picked from commit 551dad3ffd055d5df5de6878a74432d85ecbd114) Signed-off-by: Domen Kožar --- nixos/modules/services/networking/networkmanager.nix | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) (limited to 'nixos') diff --git a/nixos/modules/services/networking/networkmanager.nix b/nixos/modules/services/networking/networkmanager.nix index d0c4be1324a5..1c824b6bbfc3 100644 --- a/nixos/modules/services/networking/networkmanager.nix +++ b/nixos/modules/services/networking/networkmanager.nix @@ -205,10 +205,16 @@ in { environment.systemPackages = cfg.packages; - users.extraGroups = singleton { + users.extraGroups = [{ name = "networkmanager"; gid = config.ids.gids.networkmanager; - }; + } + { + name = "nm-openvpn"; + }]; + users.extraUsers = [{ + name = "nm-openvpn"; + }]; systemd.packages = cfg.packages; -- cgit 1.4.1 From 3e732f65cbb10746d8fd84f54c750045a7ef8bbe Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Fri, 30 Oct 2015 13:51:07 +0100 Subject: Remove gnutar man page hack It's no longer needed since the gnutar package contains a (much more extensive) man page. --- nixos/modules/config/system-path.nix | 7 ------- 1 file changed, 7 deletions(-) (limited to 'nixos') diff --git a/nixos/modules/config/system-path.nix b/nixos/modules/config/system-path.nix index 748ada99be69..c6c20903a2cf 100644 --- a/nixos/modules/config/system-path.nix +++ b/nixos/modules/config/system-path.nix @@ -7,12 +7,6 @@ with lib; let - extraManpages = pkgs.runCommand "extra-manpages" { buildInputs = [ pkgs.help2man ]; } - '' - mkdir -p $out/share/man/man1 - help2man ${pkgs.gnutar}/bin/tar > $out/share/man/man1/tar.1 - ''; - requiredPackages = [ config.nix.package pkgs.acl @@ -47,7 +41,6 @@ let pkgs.time pkgs.texinfoInteractive pkgs.utillinux - extraManpages ]; in -- cgit 1.4.1 From 58e9440b8983c2e0dbab667dc7944e8af9955a35 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Fri, 30 Oct 2015 14:13:47 +0100 Subject: Add option to link additional package outputs into system.path This is necessary to get stuff like separate manpages, info files, debug symbols, etc. --- nixos/modules/config/system-path.nix | 12 ++++++++++-- pkgs/build-support/buildenv/default.nix | 10 ++++++++-- pkgs/top-level/all-packages.nix | 2 +- 3 files changed, 19 insertions(+), 5 deletions(-) (limited to 'nixos') diff --git a/nixos/modules/config/system-path.nix b/nixos/modules/config/system-path.nix index c6c20903a2cf..8701b714eeca 100644 --- a/nixos/modules/config/system-path.nix +++ b/nixos/modules/config/system-path.nix @@ -71,8 +71,16 @@ in # to work. default = []; example = ["/"]; - description = "List of directories to be symlinked in `/run/current-system/sw'."; + description = "List of directories to be symlinked in /run/current-system/sw."; }; + + outputsToLink = mkOption { + type = types.listOf types.str; + default = []; + example = [ "doc" ]; + description = "List of package outputs to be symlinked into /run/current-system/sw."; + }; + }; system = { @@ -119,7 +127,7 @@ in system.path = pkgs.buildEnv { name = "system-path"; paths = config.environment.systemPackages; - inherit (config.environment) pathsToLink; + inherit (config.environment) pathsToLink outputsToLink; ignoreCollisions = true; # !!! Hacky, should modularise. postBuild = diff --git a/pkgs/build-support/buildenv/default.nix b/pkgs/build-support/buildenv/default.nix index 8cbf0dc6c8e4..bbfc572f55f7 100644 --- a/pkgs/build-support/buildenv/default.nix +++ b/pkgs/build-support/buildenv/default.nix @@ -2,7 +2,7 @@ # a fork of the buildEnv in the Nix distribution. Most changes should # eventually be merged back into the Nix distribution. -{ perl, runCommand }: +{ perl, runCommand, lib }: { name @@ -21,6 +21,10 @@ # directories in the list is not symlinked. pathsToLink ? ["/"] +, # The package outputs to include. By default, only the default + # output is included. + outputsToLink ? [] + , # Root the result in directory "$out${extraPrefix}", e.g. "/share". extraPrefix ? "" @@ -36,7 +40,9 @@ runCommand name { inherit manifest ignoreCollisions passthru pathsToLink extraPrefix postBuild buildInputs; pkgs = builtins.toJSON (map (drv: { - paths = [ drv ]; # FIXME: handle multiple outputs + paths = + [ drv ] + ++ lib.concatMap (outputName: lib.optional (drv.${outputName}.outPath or null != null) drv.${outputName}) outputsToLink; priority = drv.meta.priority or 5; }) paths); preferLocalBuild = true; diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index df72eafdfcb7..6956af9085f5 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -261,7 +261,7 @@ let { substitutions = { inherit autoconf automake gettext libtool; }; } ../build-support/setup-hooks/autoreconf.sh; - buildEnv = callPackage ../build-support/buildenv {}; + buildEnv = callPackage ../build-support/buildenv { }; # not actually a package buildFHSEnv = callPackage ../build-support/build-fhs-chrootenv/env.nix { nixpkgs = pkgs; -- cgit 1.4.1 From c20403631da45ab4eff6dc803d4701da421ad05a Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Fri, 30 Oct 2015 14:15:18 +0100 Subject: Factor out "man" into a separate module and add "man" outputs to system.path Fixes #10270. --- nixos/modules/config/system-path.nix | 3 --- nixos/modules/module-list.nix | 3 ++- nixos/modules/programs/man.nix | 30 ++++++++++++++++++++++++++++ nixos/modules/services/misc/nixos-manual.nix | 4 +++- 4 files changed, 35 insertions(+), 5 deletions(-) create mode 100644 nixos/modules/programs/man.nix (limited to 'nixos') diff --git a/nixos/modules/config/system-path.nix b/nixos/modules/config/system-path.nix index 8701b714eeca..f9257f578bf7 100644 --- a/nixos/modules/config/system-path.nix +++ b/nixos/modules/config/system-path.nix @@ -28,7 +28,6 @@ let pkgs.xz pkgs.less pkgs.libcap - pkgs.man pkgs.nano pkgs.ncurses pkgs.netcat @@ -106,7 +105,6 @@ in "/info" "/lib" # FIXME: remove #"/lib/debug/.build-id" # enables GDB to find separated debug info - "/man" "/sbin" "/share/applications" "/share/desktop-directories" @@ -114,7 +112,6 @@ in "/share/emacs" "/share/icons" "/share/info" - "/share/man" "/share/menus" "/share/mime" "/share/nano" diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index d204b31c9e8d..3a5fb41dc795 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -61,9 +61,11 @@ ./programs/command-not-found/command-not-found.nix ./programs/dconf.nix ./programs/environment.nix + ./programs/freetds.nix ./programs/ibus.nix ./programs/kbdlight.nix ./programs/light.nix + ./programs/man.nix ./programs/nano.nix ./programs/screen.nix ./programs/shadow.nix @@ -73,7 +75,6 @@ ./programs/uim.nix ./programs/venus.nix ./programs/wvdial.nix - ./programs/freetds.nix ./programs/xfs_quota.nix ./programs/zsh/zsh.nix ./rename.nix diff --git a/nixos/modules/programs/man.nix b/nixos/modules/programs/man.nix new file mode 100644 index 000000000000..b28506538049 --- /dev/null +++ b/nixos/modules/programs/man.nix @@ -0,0 +1,30 @@ +{ config, lib, pkgs, ... }: + +with lib; + +{ + + options = { + + programs.man.enable = mkOption { + type = types.bool; + default = true; + description = '' + Whether to enable manual pages and the man command. + ''; + }; + + }; + + + config = mkIf config.programs.man.enable { + + environment.systemPackages = [ pkgs.man ]; + + environment.pathsToLink = [ "/share/man" ]; + + environment.outputsToLink = [ "man" ]; + + }; + +} diff --git a/nixos/modules/services/misc/nixos-manual.nix b/nixos/modules/services/misc/nixos-manual.nix index c10d8197686f..7534eb0ae6a3 100644 --- a/nixos/modules/services/misc/nixos-manual.nix +++ b/nixos/modules/services/misc/nixos-manual.nix @@ -92,7 +92,9 @@ in system.build.manual = manual; - environment.systemPackages = [ manual.manpages manual.manual help ]; + environment.systemPackages = + [ manual.manual help ] + ++ optional config.programs.man.enable manual.manpages; boot.extraTTYs = mkIf cfg.showManual ["tty${cfg.ttyNumber}"]; -- cgit 1.4.1 From d9d5c98c56809d2941404751b2304beab4e00c3e Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Fri, 30 Oct 2015 15:16:48 +0100 Subject: Add option environment.enableDebugInfo This makes the debug outputs of packages that have them available to programs like gdb. --- nixos/modules/config/debug-info.nix | 46 +++++++++++++++++++++++++++ nixos/modules/config/system-path.nix | 3 +- nixos/modules/module-list.nix | 5 +-- pkgs/tools/package-management/nix/default.nix | 2 ++ 4 files changed, 52 insertions(+), 4 deletions(-) create mode 100644 nixos/modules/config/debug-info.nix (limited to 'nixos') diff --git a/nixos/modules/config/debug-info.nix b/nixos/modules/config/debug-info.nix new file mode 100644 index 000000000000..a096a9809cee --- /dev/null +++ b/nixos/modules/config/debug-info.nix @@ -0,0 +1,46 @@ +{ config, lib, ... }: + +with lib; + +{ + + options = { + + environment.enableDebugInfo = mkOption { + type = types.bool; + default = false; + description = '' + Some NixOS packages provide debug symbols. However, these are + not included in the system closure by default to save disk + space. Enabling this option causes the debug symbols to appear + in /run/current-system/sw/lib/debug/.build-id, + where tools such as gdb can find them. + If you need debug symbols for a package that doesn't + provide them by default, you can enable them as follows: + + + nixpkgs.config.packageOverrides = pkgs: { + hello = overrideDerivation pkgs.hello (attrs: { + outputs = attrs.outputs or ["out"] ++ ["debug"]; + buildInputs = attrs.buildInputs ++ [<nixpkgs/pkgs/build-support/setup-hooks/separate-debug-info.sh>]; + }); + }; + + ''; + }; + + }; + + + config = { + + # FIXME: currently disabled because /lib is already in + # environment.pathsToLink, and we can't have both. + #environment.pathsToLink = [ "/lib/debug/.build-id" ]; + + environment.outputsToLink = + optional config.environment.enableDebugInfo "debug"; + + }; + +} diff --git a/nixos/modules/config/system-path.nix b/nixos/modules/config/system-path.nix index f9257f578bf7..e14e4cf13147 100644 --- a/nixos/modules/config/system-path.nix +++ b/nixos/modules/config/system-path.nix @@ -103,8 +103,7 @@ in [ "/bin" "/etc/xdg" "/info" - "/lib" # FIXME: remove - #"/lib/debug/.build-id" # enables GDB to find separated debug info + "/lib" # FIXME: remove and update debug-info.nix "/sbin" "/share/applications" "/share/desktop-directories" diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 3a5fb41dc795..77575867f873 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -1,7 +1,8 @@ [ + ./config/debug-info.nix ./config/fonts/corefonts.nix - ./config/fonts/fontconfig.nix ./config/fonts/fontconfig-ultimate.nix + ./config/fonts/fontconfig.nix ./config/fonts/fontdir.nix ./config/fonts/fonts.nix ./config/fonts/ghostscript.nix @@ -22,9 +23,9 @@ ./config/system-environment.nix ./config/system-path.nix ./config/timezone.nix - ./config/vpnc.nix ./config/unix-odbc-drivers.nix ./config/users-groups.nix + ./config/vpnc.nix ./config/zram.nix ./hardware/all-firmware.nix ./hardware/cpu/amd-microcode.nix diff --git a/pkgs/tools/package-management/nix/default.nix b/pkgs/tools/package-management/nix/default.nix index e74daade3b8d..e76e2e811f5e 100644 --- a/pkgs/tools/package-management/nix/default.nix +++ b/pkgs/tools/package-management/nix/default.nix @@ -43,6 +43,8 @@ let doInstallCheck = false; + separateDebugInfo = stdenv.isLinux; + crossAttrs = { postUnpack = '' export CPATH="${bzip2.crossDrv}/include" -- cgit 1.4.1