From 41f170f439e95f432b5df86db2383c4939f722c9 Mon Sep 17 00:00:00 2001 From: aszlig Date: Mon, 11 Apr 2016 18:29:00 +0200 Subject: nixos/doc: Allow refs from options to the manual My first attempt to do this was to just use a conditional in order to not create exact references in the manpage but create the reference in the HTML manual, as suggested by @edolstra on IRC. Later I went on to use to reference sections of the manual, but in order to do that, we need to overhaul how we generate the manual and manpages. So, that's where we are now: There is a new derivation called "manual-olinkdb", which is the olinkdb for the HTML manual, which in turn creates the olinkdb.xml file and the manual.db. The former contains the targetdoc references and the latter the specific targetptr elements. The reason why I included the olinkdb.xml verbatim is that first of all the DTD is dependent on the Docbook XSL sources and the references within the olinkdb.xml entities are relative to the current directory. So using a store path for that would end up searching for the manual.db directly in /nix/store/manual.db. Unfortunately, the that end up in the output file are relative, so for example if you're clicking on one of these within the PDF, the URL is searched in the current directory. However, the sections from the olink's text are still valid, so we could use an alternative URL for that in the future. The manual doesn't contain any links, so even referencing the relative URL shouldn't do any harm. Signed-off-by: aszlig Cc: @edolstra --- nixos/doc/manual/default.nix | 75 ++++++++++++++++++++++++++++++++++++-------- 1 file changed, 62 insertions(+), 13 deletions(-) (limited to 'nixos') diff --git a/nixos/doc/manual/default.nix b/nixos/doc/manual/default.nix index 69da1f948829..92b76bdb1f01 100644 --- a/nixos/doc/manual/default.nix +++ b/nixos/doc/manual/default.nix @@ -73,6 +73,63 @@ let ''; + manualXsltprocOptions = toString [ + "--param section.autolabel 1" + "--param section.label.includes.component.label 1" + "--stringparam html.stylesheet style.css" + "--param xref.with.number.and.title 1" + "--param toc.section.depth 3" + "--stringparam admon.style ''" + "--stringparam callout.graphics.extension .gif" + "--stringparam current.docid manual" + "--param chunk.section.depth 0" + "--param chunk.first.sections 1" + "--param use.id.as.filename 1" + "--stringparam generate.toc 'book toc appendix toc'" + "--stringparam chunk.toc ${toc}" + ]; + + olinkDB = stdenv.mkDerivation { + name = "manual-olinkdb"; + + inherit sources; + + buildInputs = [ libxml2 libxslt ]; + + buildCommand = '' + ${copySources} + + xsltproc \ + ${manualXsltprocOptions} \ + --stringparam collect.xref.targets only \ + --stringparam targets.filename "$out/manual.db" \ + --nonet --xinclude \ + ${docbook5_xsl}/xml/xsl/docbook/xhtml/chunktoc.xsl \ + ./manual.xml + + # Check the validity of the man pages sources. + xmllint --noout --nonet --xinclude --noxincludenode \ + --relaxng ${docbook5}/xml/rng/docbook/docbook.rng \ + ./man-pages.xml + + cat > "$out/olinkdb.xml" < + + ]> + + + Allows for cross-referencing olinks between the manpages + and the HTML/PDF manuals. + + + &manualtargets; + + EOF + ''; + }; + in rec { # The NixOS options in JSON format. @@ -115,18 +172,8 @@ in rec { dst=$out/share/doc/nixos mkdir -p $dst xsltproc \ - --param section.autolabel 1 \ - --param section.label.includes.component.label 1 \ - --stringparam html.stylesheet style.css \ - --param xref.with.number.and.title 1 \ - --param toc.section.depth 3 \ - --stringparam admon.style "" \ - --stringparam callout.graphics.extension .gif \ - --param chunk.section.depth 0 \ - --param chunk.first.sections 1 \ - --param use.id.as.filename 1 \ - --stringparam generate.toc "book toc appendix toc" \ - --stringparam chunk.toc ${toc} \ + ${manualXsltprocOptions} \ + --stringparam target.database.document "${olinkDB}/olinkdb.xml" \ --nonet --xinclude --output $dst/ \ ${docbook5_xsl}/xml/xsl/docbook/xhtml/chunktoc.xsl ./manual.xml @@ -158,6 +205,7 @@ in rec { dst=$out/share/doc/nixos mkdir -p $dst xmllint --xinclude manual.xml | dblatex -o $dst/manual.pdf - \ + -P target.database.document="${olinkDB}/olinkdb.xml" \ -P doc.collab.show=0 \ -P latex.output.revhistory=0 @@ -177,7 +225,7 @@ in rec { buildCommand = '' ${copySources} - # Check the validity of the manual sources. + # Check the validity of the man pages sources. xmllint --noout --nonet --xinclude --noxincludenode \ --relaxng ${docbook5}/xml/rng/docbook/docbook.rng \ ./man-pages.xml @@ -189,6 +237,7 @@ in rec { --param man.output.base.dir "'$out/share/man/'" \ --param man.endnotes.are.numbered 0 \ --param man.break.after.slash 1 \ + --stringparam target.database.document "${olinkDB}/olinkdb.xml" \ ${docbook5_xsl}/xml/xsl/docbook/manpages/docbook.xsl \ ./man-pages.xml ''; -- cgit 1.4.1 From f270af1acd52e01f76295def42302bb8535f9c58 Mon Sep 17 00:00:00 2001 From: Christoph Ruegge Date: Thu, 14 Apr 2016 11:28:10 +0200 Subject: xsession: Update DBus activation environment `dbus-launch` is executed early in the script, before desktop managers had a chance to setup the environment. If DBus activation is used, applications launched by this may therefore lack necessary environment variables. This patch sends the complete environment to DBus after launching the desktop manager. --- nixos/modules/services/x11/display-managers/default.nix | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'nixos') diff --git a/nixos/modules/services/x11/display-managers/default.nix b/nixos/modules/services/x11/display-managers/default.nix index be634fc259a2..ff78964e5530 100644 --- a/nixos/modules/services/x11/display-managers/default.nix +++ b/nixos/modules/services/x11/display-managers/default.nix @@ -126,6 +126,14 @@ let (*) echo "$0: Desktop manager '$desktopManager' not found.";; esac + ${optionalString cfg.startDbusSession '' + ${pkgs.glib}/bin/gdbus call --session \ + --dest org.freedesktop.DBus --object-path /org/freedesktop/DBus \ + --method org.freedesktop.DBus.UpdateActivationEnvironment \ + "{$(env | ${pkgs.gnused}/bin/sed "s/'/\\\\'/g; s/\([^=]*\)=\(.*\)/'\1':'\2'/" \ + | ${pkgs.coreutils}/bin/paste -sd,)}" + ''} + test -n "$waitPID" && wait "$waitPID" exit 0 ''; -- cgit 1.4.1 From 769a33bedd909dd9f482d9cbb957e400fd3bac88 Mon Sep 17 00:00:00 2001 From: Christoph Ruegge Date: Mon, 25 Apr 2016 23:37:18 +0200 Subject: xsession: make updating DBus environment optional --- nixos/modules/services/x11/desktop-managers/gnome3.nix | 2 ++ nixos/modules/services/x11/desktop-managers/xfce.nix | 5 ++++- nixos/modules/services/x11/display-managers/default.nix | 2 +- nixos/modules/services/x11/xserver.nix | 9 +++++++++ 4 files changed, 16 insertions(+), 2 deletions(-) (limited to 'nixos') diff --git a/nixos/modules/services/x11/desktop-managers/gnome3.nix b/nixos/modules/services/x11/desktop-managers/gnome3.nix index b112fc2422a7..16996b9f96c1 100644 --- a/nixos/modules/services/x11/desktop-managers/gnome3.nix +++ b/nixos/modules/services/x11/desktop-managers/gnome3.nix @@ -165,6 +165,8 @@ in { ''; }; + services.xserver.updateDbusEnvironment = true; + environment.variables.GIO_EXTRA_MODULES = [ "${gnome3.dconf}/lib/gio/modules" "${gnome3.glib_networking.out}/lib/gio/modules" "${gnome3.gvfs}/lib/gio/modules" ]; diff --git a/nixos/modules/services/x11/desktop-managers/xfce.nix b/nixos/modules/services/x11/desktop-managers/xfce.nix index 33b6dd32c193..60934ed5f190 100644 --- a/nixos/modules/services/x11/desktop-managers/xfce.nix +++ b/nixos/modules/services/x11/desktop-managers/xfce.nix @@ -42,10 +42,13 @@ in # Set GTK_DATA_PREFIX so that GTK+ can find the Xfce themes. export GTK_DATA_PREFIX=${config.system.path} - exec ${pkgs.stdenv.shell} ${pkgs.xfce.xinitrc} + ${pkgs.stdenv.shell} ${pkgs.xfce.xinitrc} & + waitPID=$! ''; }; + services.xserver.updateDbusEnvironment = true; + environment.systemPackages = [ pkgs.gtk # To get GTK+'s themes. pkgs.hicolor_icon_theme diff --git a/nixos/modules/services/x11/display-managers/default.nix b/nixos/modules/services/x11/display-managers/default.nix index ff78964e5530..376f9f4b46b5 100644 --- a/nixos/modules/services/x11/display-managers/default.nix +++ b/nixos/modules/services/x11/display-managers/default.nix @@ -126,7 +126,7 @@ let (*) echo "$0: Desktop manager '$desktopManager' not found.";; esac - ${optionalString cfg.startDbusSession '' + ${optionalString (cfg.startDbusSession && cfg.updateDbusEnvironment) '' ${pkgs.glib}/bin/gdbus call --session \ --dest org.freedesktop.DBus --object-path /org/freedesktop/DBus \ --method org.freedesktop.DBus.UpdateActivationEnvironment \ diff --git a/nixos/modules/services/x11/xserver.nix b/nixos/modules/services/x11/xserver.nix index dcf9f820f59c..9cb9c8de31d7 100644 --- a/nixos/modules/services/x11/xserver.nix +++ b/nixos/modules/services/x11/xserver.nix @@ -233,6 +233,15 @@ in ''; }; + updateDbusEnvironment = mkOption { + type = types.bool; + default = false; + description = '' + Whether to update the DBus activation environment after launching the + desktop manager. + ''; + }; + layout = mkOption { type = types.str; default = "us"; -- cgit 1.4.1 From fc941899a356efd76e2390c829c59459bfd0d8e9 Mon Sep 17 00:00:00 2001 From: Alexander Ried Date: Mon, 25 Apr 2016 23:13:03 +0200 Subject: fail2ban: rework service --- nixos/modules/services/security/fail2ban.nix | 28 +++++++++++++--------------- 1 file changed, 13 insertions(+), 15 deletions(-) (limited to 'nixos') diff --git a/nixos/modules/services/security/fail2ban.nix b/nixos/modules/services/security/fail2ban.nix index afbd81be91f2..33c4910fc0ce 100644 --- a/nixos/modules/services/security/fail2ban.nix +++ b/nixos/modules/services/security/fail2ban.nix @@ -99,34 +99,32 @@ in wantedBy = [ "multi-user.target" ]; after = [ "network.target" ]; + partOf = optional config.networking.firewall.enable "firewall.service"; restartTriggers = [ fail2banConf jailConf ]; path = [ pkgs.fail2ban pkgs.iptables ]; preStart = '' - mkdir -p /run/fail2ban -m 0755 mkdir -p /var/lib/fail2ban ''; + unitConfig.Documentation = "man:fail2ban(1)"; + serviceConfig = - { ExecStart = "${pkgs.fail2ban}/bin/fail2ban-server -f"; + { Type = "forking"; + ExecStart = "${pkgs.fail2ban}/bin/fail2ban-client -x start"; + ExecStop = "${pkgs.fail2ban}/bin/fail2ban-client stop"; + ExecReload = "${pkgs.fail2ban}/bin/fail2ban-client reload"; + PIDFile = "/run/fail2ban/fail2ban.pid"; + Restart = "always"; + ReadOnlyDirectories = "/"; - ReadWriteDirectories = "/run /var/tmp /var/lib"; + ReadWriteDirectories = "/run/fail2ban /var/tmp /var/lib"; + PrivateTmp = "true"; + RuntimeDirectory = "fail2ban"; CapabilityBoundingSet = "CAP_DAC_READ_SEARCH CAP_NET_ADMIN CAP_NET_RAW"; }; - - postStart = - '' - # Wait for the server to start listening. - for ((n = 0; n < 20; n++)); do - if fail2ban-client ping; then break; fi - sleep 0.5 - done - - # Reload its configuration. - fail2ban-client reload - ''; }; # Add some reasonable default jails. The special "DEFAULT" jail -- cgit 1.4.1 From de0847c7310c88a68ee6a19012a296db9f66b986 Mon Sep 17 00:00:00 2001 From: Tuomas Tynkkynen Date: Thu, 28 Apr 2016 01:14:17 +0300 Subject: taskserver service: Really check that it is enabled --- nixos/modules/services/misc/taskserver/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'nixos') diff --git a/nixos/modules/services/misc/taskserver/default.nix b/nixos/modules/services/misc/taskserver/default.nix index 8459aafeee73..b7d14e90a2b7 100644 --- a/nixos/modules/services/misc/taskserver/default.nix +++ b/nixos/modules/services/misc/taskserver/default.nix @@ -449,7 +449,7 @@ in { }; }; }) - (mkIf needToCreateCA { + (mkIf (cfg.enable && needToCreateCA) { systemd.services.taskserver-ca = { wantedBy = [ "taskserver.service" ]; after = [ "taskserver-init.service" ]; @@ -533,7 +533,7 @@ in { ''; }; }) - (mkIf (cfg.listenHost != "localhost") { + (mkIf (cfg.enable && cfg.listenHost != "localhost") { networking.firewall.allowedTCPPorts = [ cfg.listenPort ]; }) { meta.doc = ./taskserver.xml; } -- cgit 1.4.1 From c84c174eb2440355ab4ad7e0de8889c58f7ef903 Mon Sep 17 00:00:00 2001 From: "Alexander V. Nikolaev" Date: Fri, 12 Feb 2016 18:11:40 +0200 Subject: rmilter: socket activation in nixos --- nixos/modules/services/mail/rmilter.nix | 65 ++++++++++++++++++++++++++------- 1 file changed, 51 insertions(+), 14 deletions(-) (limited to 'nixos') diff --git a/nixos/modules/services/mail/rmilter.nix b/nixos/modules/services/mail/rmilter.nix index a6e2a9fc7808..f748e7a172ea 100644 --- a/nixos/modules/services/mail/rmilter.nix +++ b/nixos/modules/services/mail/rmilter.nix @@ -7,9 +7,14 @@ let rspamdCfg = config.services.rspamd; cfg = config.services.rmilter; + inetSockets = map (sock: let s = stringSplit ":" sock; in "inet:${last s}:${head s}") cfg.bindInetSockets; + unixSockets = map (sock: "unix:${sock}") cfg.bindUnixSockets; + + allSockets = unixSockets ++ inetSockets; + rmilterConf = '' pidfile = /run/rmilter/rmilter.pid; -bind_socket = ${cfg.bindSocket}; +bind_socket = ${if cfg.socketActivation then "fd:3" else concatStringsSep ", " allSockets}; tempdir = /tmp; '' + (with cfg.rspamd; if enable then '' @@ -68,14 +73,37 @@ in ''; }; - bindSocket = mkOption { - type = types.string; - default = "unix:/run/rmilter/rmilter.sock"; - description = "Socket to listed for MTA requests"; + bindUnixSockets = mkOption { + type = types.listOf types.str; + default = ["/run/rmilter/rmilter.sock"]; + description = '' + Unix domain sockets to listen for MTA requests. + ''; example = '' - "unix:/run/rmilter/rmilter.sock" or - "inet:11990@127.0.0.1" - ''; + [ "/run/rmilter/rmilter.sock"] + ''; + }; + + bindInetSockets = mkOption { + type = types.listOf types.str; + default = []; + description = '' + Inet addresses to listen (in format accepted by systemd.socket) + ''; + example = '' + ["127.0.0.1:11990"] + ''; + }; + + socketActivation = mkOption { + type = types.bool; + default = true; + description = '' + Enable systemd socket activation for rmilter. + (disabling socket activation not recommended + when unix socket used, and follow to wrong + permissions on unix domain socket.) + ''; }; rspamd = { @@ -86,7 +114,7 @@ in servers = mkOption { type = types.listOf types.str; - default = ["r:0.0.0.0:11333"]; + default = ["r:/run/rspamd/rspamd.sock"]; description = '' Spamd socket definitions. Is server name is prefixed with r: it is rspamd server. @@ -129,7 +157,7 @@ in type = types.str; description = "Addon to postfix configuration"; default = '' -smtpd_milters = ${cfg.bindSocket} +smtpd_milters = ${head allSockets} # or for TCP socket # # smtpd_milters = inet:localhost:9900 milter_protocol = 6 @@ -169,17 +197,26 @@ milter_default_action = accept serviceConfig = { ExecStart = "${pkgs.rmilter}/bin/rmilter ${optionalString cfg.debug "-d"} -n -c ${rmilterConfigFile}"; + ExecReload = "/bin/kill -USR1 $MAINPID"; User = cfg.user; Group = cfg.group; PermissionsStartOnly = true; Restart = "always"; + RuntimeDirectory = "rmilter"; + RuntimeDirectoryPermissions="0755"; }; - preStart = '' - ${pkgs.coreutils}/bin/mkdir -p /run/rmilter - ${pkgs.coreutils}/bin/chown ${cfg.user}:${cfg.group} /run/rmilter - ''; + }; + systemd.sockets.rmilter = mkIf cfg.socketActivation { + description = "Rmilter service socket"; + wantedBy = [ "sockets.target" ]; + socketConfig = { + ListenStream = cfg.bindUnixSockets ++ cfg.bindInetSockets; + SocketUser = cfg.user; + SocketGroup = config.ids.gids.adm; + SocketMode = "0660"; + }; }; services.postfix.extraConfig = optionalString cfg.postfix.enable cfg.postfix.configFragment; -- cgit 1.4.1 From 5c260399e136631e026c17b9c08315660f9eaefc Mon Sep 17 00:00:00 2001 From: "Alexander V. Nikolaev" Date: Fri, 25 Mar 2016 16:12:16 +0200 Subject: rmilter: correct paths to sockets --- nixos/modules/services/mail/rmilter.nix | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'nixos') diff --git a/nixos/modules/services/mail/rmilter.nix b/nixos/modules/services/mail/rmilter.nix index f748e7a172ea..d1f7cd2e173e 100644 --- a/nixos/modules/services/mail/rmilter.nix +++ b/nixos/modules/services/mail/rmilter.nix @@ -75,12 +75,12 @@ in bindUnixSockets = mkOption { type = types.listOf types.str; - default = ["/run/rmilter/rmilter.sock"]; + default = ["/run/rmilter.sock"]; description = '' Unix domain sockets to listen for MTA requests. ''; example = '' - [ "/run/rmilter/rmilter.sock"] + [ "/run/rmilter.sock"] ''; }; @@ -114,7 +114,7 @@ in servers = mkOption { type = types.listOf types.str; - default = ["r:/run/rspamd/rspamd.sock"]; + default = ["r:/run/rspamd.sock"]; description = '' Spamd socket definitions. Is server name is prefixed with r: it is rspamd server. @@ -214,13 +214,13 @@ milter_default_action = accept socketConfig = { ListenStream = cfg.bindUnixSockets ++ cfg.bindInetSockets; SocketUser = cfg.user; - SocketGroup = config.ids.gids.adm; + SocketGroup = cfg.group; SocketMode = "0660"; }; }; services.postfix.extraConfig = optionalString cfg.postfix.enable cfg.postfix.configFragment; - + users.users.postfix.extraGroups = [ cfg.group ]; }; } -- cgit 1.4.1 From 36954ee405ce515895c90fd6543bac2a9bd0bddb Mon Sep 17 00:00:00 2001 From: "Alexander V. Nikolaev" Date: Fri, 25 Mar 2016 16:12:59 +0200 Subject: rspamd: configurable bindSocket and bindUISocket --- nixos/modules/services/mail/rspamd.nix | 59 ++++++++++++++++++++++++++++++++-- 1 file changed, 57 insertions(+), 2 deletions(-) (limited to 'nixos') diff --git a/nixos/modules/services/mail/rspamd.nix b/nixos/modules/services/mail/rspamd.nix index a083f8293243..412b99ccc570 100644 --- a/nixos/modules/services/mail/rspamd.nix +++ b/nixos/modules/services/mail/rspamd.nix @@ -6,6 +6,35 @@ let cfg = config.services.rspamd; + mkBindSockets = socks: concatStringsSep "\n" (map (each: " bind_socket = \"${each}\"") socks); + + rspamdConf = + '' + .include "$CONFDIR/common.conf" + + options { + pidfile = "$RUNDIR/rspamd.pid"; + .include "$CONFDIR/options.inc" + } + + logging { + type = "file"; + filename = "$LOGDIR/rspamd.log"; + .include "$CONFDIR/logging.inc" + } + + worker { + ${mkBindSockets cfg.bindSocket} + .include "$CONFDIR/worker-normal.inc" + } + + worker { + ${mkBindSockets cfg.bindUISocket} + .include "$CONFDIR/worker-controller.inc" + } + ''; + rspamdConfFile = pkgs.writeText "rspamd.conf" rspamdConf; + in { @@ -26,6 +55,32 @@ in description = "Whether to run the rspamd daemon in debug mode."; }; + bindSocket = mkOption { + type = types.listOf types.str; + default = [ + "/run/rspamd.sock mode=0666 owner=${cfg.user}" + ]; + description = '' + List of sockets to listen, in format acceptable by rspamd + ''; + example = '' + bindSocket = [ + "/run/rspamd.sock mode=0666 owner=rspamd" + "*:11333" + ]; + ''; + }; + + bindUISocket = mkOption { + type = types.listOf types.str; + default = [ + "localhost:11334" + ]; + description = '' + List of sockets for web interface, in format acceptable by rspamd + ''; + }; + user = mkOption { type = types.string; default = "rspamd"; @@ -62,7 +117,7 @@ in users.extraGroups = singleton { name = cfg.group; - gid = config.ids.gids.spamd; + gid = config.ids.gids.rspamd; }; systemd.services.rspamd = { @@ -72,7 +127,7 @@ in after = [ "network.target" ]; serviceConfig = { - ExecStart = "${pkgs.rspamd}/bin/rspamd ${optionalString cfg.debug "-d"} --user=${cfg.user} --group=${cfg.group} --pid=/run/rspamd.pid -f"; + ExecStart = "${pkgs.rspamd}/bin/rspamd ${optionalString cfg.debug "-d"} --user=${cfg.user} --group=${cfg.group} --pid=/run/rspamd.pid -c ${rspamdConfFile} -f"; RuntimeDirectory = "/var/lib/rspamd"; PermissionsStartOnly = true; Restart = "always"; -- cgit 1.4.1 From 5e2bb0b31c892fed5024eaf7e93faf470a6ceb38 Mon Sep 17 00:00:00 2001 From: Nikolay Amiantov Date: Thu, 28 Apr 2016 16:42:16 +0300 Subject: pulseaudio: select correct outputs Original fixes by ttuegel and peterhoeg. --- nixos/modules/config/pulseaudio.nix | 12 ++++++------ nixos/modules/services/x11/desktop-managers/kde4.nix | 2 +- nixos/modules/services/x11/desktop-managers/kde5.nix | 2 +- 3 files changed, 8 insertions(+), 8 deletions(-) (limited to 'nixos') diff --git a/nixos/modules/config/pulseaudio.nix b/nixos/modules/config/pulseaudio.nix index f2db428a4441..a964e04531c1 100644 --- a/nixos/modules/config/pulseaudio.nix +++ b/nixos/modules/config/pulseaudio.nix @@ -98,9 +98,9 @@ in { package = mkOption { type = types.package; - default = pulseaudioLight.out; - defaultText = "pkgs.pulseaudioLight.out"; - example = literalExample "pkgs.pulseaudioFull.out"; + default = pulseaudioLight; + defaultText = "pkgs.pulseaudioLight"; + example = literalExample "pkgs.pulseaudioFull"; description = '' The PulseAudio derivation to use. This can be used to enable features (such as JACK support, Bluetooth) via the @@ -130,7 +130,7 @@ in { source = clientConf; }; - hardware.pulseaudio.configFile = mkDefault "${cfg.package.out}/etc/pulse/default.pa"; + hardware.pulseaudio.configFile = mkDefault "${getBin cfg.package}/etc/pulse/default.pa"; } (mkIf cfg.enable { @@ -158,7 +158,7 @@ in { wantedBy = [ "default.target" ]; serviceConfig = { Type = "notify"; - ExecStart = "${cfg.package.out}/bin/pulseaudio --daemonize=no"; + ExecStart = "${getBin cfg.package}/bin/pulseaudio --daemonize=no"; Restart = "on-failure"; }; }; @@ -195,7 +195,7 @@ in { environment.PULSE_RUNTIME_PATH = stateDir; serviceConfig = { Type = "notify"; - ExecStart = "${cfg.package.out}/bin/pulseaudio --daemonize=no --log-level=${cfg.daemon.logLevel} --system -n --file=${cfg.configFile}"; + ExecStart = "${getBin cfg.package}/bin/pulseaudio --daemonize=no --log-level=${cfg.daemon.logLevel} --system -n --file=${cfg.configFile}"; Restart = "on-failure"; }; }; diff --git a/nixos/modules/services/x11/desktop-managers/kde4.nix b/nixos/modules/services/x11/desktop-managers/kde4.nix index 80e408be4923..79b4413a6e70 100644 --- a/nixos/modules/services/x11/desktop-managers/kde4.nix +++ b/nixos/modules/services/x11/desktop-managers/kde4.nix @@ -111,7 +111,7 @@ in # Load PulseAudio module for routing support. # See http://colin.guthr.ie/2009/10/so-how-does-the-kde-pulseaudio-support-work-anyway/ ${optionalString config.hardware.pulseaudio.enable '' - ${config.hardware.pulseaudio.package}/bin/pactl load-module module-device-manager "do_routing=1" + ${getBin config.hardware.pulseaudio.package}/bin/pactl load-module module-device-manager "do_routing=1" ''} # Start KDE. diff --git a/nixos/modules/services/x11/desktop-managers/kde5.nix b/nixos/modules/services/x11/desktop-managers/kde5.nix index 70dc1ac2a26a..584a0d4012d5 100644 --- a/nixos/modules/services/x11/desktop-managers/kde5.nix +++ b/nixos/modules/services/x11/desktop-managers/kde5.nix @@ -59,7 +59,7 @@ in # Load PulseAudio module for routing support. # See http://colin.guthr.ie/2009/10/so-how-does-the-kde-pulseaudio-support-work-anyway/ ${optionalString config.hardware.pulseaudio.enable '' - ${config.hardware.pulseaudio.package}/bin/pactl load-module module-device-manager "do_routing=1" + ${getBin config.hardware.pulseaudio.package}/bin/pactl load-module module-device-manager "do_routing=1" ''} exec "${kde5.startkde}" -- cgit 1.4.1 From c4440c9c744744198f423dfa69cf4d19399ced4c Mon Sep 17 00:00:00 2001 From: Nikolay Amiantov Date: Thu, 28 Apr 2016 17:06:09 +0300 Subject: Revert "pulseaudio: select correct outputs" This reverts commit 5e2bb0b31c892fed5024eaf7e93faf470a6ceb38. --- nixos/modules/config/pulseaudio.nix | 12 ++++++------ nixos/modules/services/x11/desktop-managers/kde4.nix | 2 +- nixos/modules/services/x11/desktop-managers/kde5.nix | 2 +- 3 files changed, 8 insertions(+), 8 deletions(-) (limited to 'nixos') diff --git a/nixos/modules/config/pulseaudio.nix b/nixos/modules/config/pulseaudio.nix index a964e04531c1..f2db428a4441 100644 --- a/nixos/modules/config/pulseaudio.nix +++ b/nixos/modules/config/pulseaudio.nix @@ -98,9 +98,9 @@ in { package = mkOption { type = types.package; - default = pulseaudioLight; - defaultText = "pkgs.pulseaudioLight"; - example = literalExample "pkgs.pulseaudioFull"; + default = pulseaudioLight.out; + defaultText = "pkgs.pulseaudioLight.out"; + example = literalExample "pkgs.pulseaudioFull.out"; description = '' The PulseAudio derivation to use. This can be used to enable features (such as JACK support, Bluetooth) via the @@ -130,7 +130,7 @@ in { source = clientConf; }; - hardware.pulseaudio.configFile = mkDefault "${getBin cfg.package}/etc/pulse/default.pa"; + hardware.pulseaudio.configFile = mkDefault "${cfg.package.out}/etc/pulse/default.pa"; } (mkIf cfg.enable { @@ -158,7 +158,7 @@ in { wantedBy = [ "default.target" ]; serviceConfig = { Type = "notify"; - ExecStart = "${getBin cfg.package}/bin/pulseaudio --daemonize=no"; + ExecStart = "${cfg.package.out}/bin/pulseaudio --daemonize=no"; Restart = "on-failure"; }; }; @@ -195,7 +195,7 @@ in { environment.PULSE_RUNTIME_PATH = stateDir; serviceConfig = { Type = "notify"; - ExecStart = "${getBin cfg.package}/bin/pulseaudio --daemonize=no --log-level=${cfg.daemon.logLevel} --system -n --file=${cfg.configFile}"; + ExecStart = "${cfg.package.out}/bin/pulseaudio --daemonize=no --log-level=${cfg.daemon.logLevel} --system -n --file=${cfg.configFile}"; Restart = "on-failure"; }; }; diff --git a/nixos/modules/services/x11/desktop-managers/kde4.nix b/nixos/modules/services/x11/desktop-managers/kde4.nix index 79b4413a6e70..80e408be4923 100644 --- a/nixos/modules/services/x11/desktop-managers/kde4.nix +++ b/nixos/modules/services/x11/desktop-managers/kde4.nix @@ -111,7 +111,7 @@ in # Load PulseAudio module for routing support. # See http://colin.guthr.ie/2009/10/so-how-does-the-kde-pulseaudio-support-work-anyway/ ${optionalString config.hardware.pulseaudio.enable '' - ${getBin config.hardware.pulseaudio.package}/bin/pactl load-module module-device-manager "do_routing=1" + ${config.hardware.pulseaudio.package}/bin/pactl load-module module-device-manager "do_routing=1" ''} # Start KDE. diff --git a/nixos/modules/services/x11/desktop-managers/kde5.nix b/nixos/modules/services/x11/desktop-managers/kde5.nix index 584a0d4012d5..70dc1ac2a26a 100644 --- a/nixos/modules/services/x11/desktop-managers/kde5.nix +++ b/nixos/modules/services/x11/desktop-managers/kde5.nix @@ -59,7 +59,7 @@ in # Load PulseAudio module for routing support. # See http://colin.guthr.ie/2009/10/so-how-does-the-kde-pulseaudio-support-work-anyway/ ${optionalString config.hardware.pulseaudio.enable '' - ${getBin config.hardware.pulseaudio.package}/bin/pactl load-module module-device-manager "do_routing=1" + ${config.hardware.pulseaudio.package}/bin/pactl load-module module-device-manager "do_routing=1" ''} exec "${kde5.startkde}" -- cgit 1.4.1 From e48580c0831420bd0446c1db3d174bb618cc998f Mon Sep 17 00:00:00 2001 From: Tristan Helmich Date: Wed, 30 Mar 2016 20:49:16 +0200 Subject: graylog service: Initial graylog service --- nixos/modules/misc/ids.nix | 1 + nixos/modules/module-list.nix | 1 + nixos/modules/services/logging/graylog.nix | 161 +++++++++++++++++++++++++++++ 3 files changed, 163 insertions(+) create mode 100644 nixos/modules/services/logging/graylog.nix (limited to 'nixos') diff --git a/nixos/modules/misc/ids.nix b/nixos/modules/misc/ids.nix index 684ca132bc74..7e40c1366677 100644 --- a/nixos/modules/misc/ids.nix +++ b/nixos/modules/misc/ids.nix @@ -264,6 +264,7 @@ taskd = 240; factorio = 241; emby = 242; + graylog = 243; # When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399! diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index ec14fd2e3631..b92361f628be 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -183,6 +183,7 @@ ./services/hardware/thermald.nix ./services/logging/awstats.nix ./services/logging/fluentd.nix + ./services/logging/graylog.nix ./services/logging/klogd.nix ./services/logging/logcheck.nix ./services/logging/logrotate.nix diff --git a/nixos/modules/services/logging/graylog.nix b/nixos/modules/services/logging/graylog.nix new file mode 100644 index 000000000000..a7785decd19a --- /dev/null +++ b/nixos/modules/services/logging/graylog.nix @@ -0,0 +1,161 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.services.graylog; + configBool = b: if b then "true" else "false"; + + confFile = pkgs.writeText "graylog.conf" '' + is_master = ${configBool cfg.isMaster} + node_id_file = ${cfg.nodeIdFile} + password_secret = ${cfg.passwordSecret} + root_username = ${cfg.rootUsername} + root_password_sha2 = ${cfg.rootPasswordSha2} + elasticsearch_cluster_name = ${cfg.elasticsearchClusterName} + elasticsearch_discovery_zen_ping_multicast_enabled = ${configBool cfg.elasticsearchDiscoveryZenPingMulticastEnabled} + elasticsearch_discovery_zen_ping_unicast_hosts = ${cfg.elasticsearchDiscoveryZenPingUnicastHosts} + message_journal_dir = ${cfg.messageJournalDir} + mongodb_uri = ${cfg.mongodbUri} + + ${cfg.extraConfig} + ''; +in + +{ + ###### interface + + options = { + + services.graylog = { + + enable = mkEnableOption "Graylog"; + + package = mkOption { + type = types.package; + default = pkgs.graylog; + defaultText = "pkgs.graylog"; + example = literalExample "pkgs.graylog"; + description = "Graylog package to use."; + }; + + user = mkOption { + type = types.str; + default = "graylog"; + example = literalExample "graylog"; + description = "User account under which graylog runs"; + }; + + isMaster = mkOption { + type = types.bool; + default = true; + description = "Whether this is the master instance of your Graylog cluster"; + }; + + nodeIdFile = mkOption { + type = types.str; + default = "/var/lib/graylog/server/node-id"; + description = "Path of the file containing the graylog node-id"; + }; + + passwordSecret = mkOption { + type = types.str; + description = '' + You MUST set a secret to secure/pepper the stored user passwords here. Use at least 64 characters. + Generate one by using for example: pwgen -N 1 -s 96 + ''; + }; + + rootUsername = mkOption { + type = types.str; + default = "admin"; + description = "Name of the default administrator user"; + }; + + rootPasswordSha2 = mkOption { + type = types.str; + example = "e3c652f0ba0b4801205814f8b6bc49672c4c74e25b497770bb89b22cdeb4e952"; + description = '' + You MUST specify a hash password for the root user (which you only need to initially set up the + system and in case you lose connectivity to your authentication backend) + This password cannot be changed using the API or via the web interface. If you need to change it, + modify it here. + Create one by using for example: echo -n yourpassword | shasum -a 256 + and use the resulting hash value as string for the option + ''; + }; + + elasticsearchClusterName = mkOption { + type = types.str; + example = "graylog"; + description = "This must be the same as for your Elasticsearch cluster"; + }; + + elasticsearchDiscoveryZenPingMulticastEnabled = mkOption { + type = types.bool; + default = false; + description = "Whether to use elasticsearch multicast discovery"; + }; + + elasticsearchDiscoveryZenPingUnicastHosts = mkOption { + type = types.str; + default = "127.0.0.1:9300"; + description = "Tells Graylogs Elasticsearch client how to find other cluster members. See Elasticsearch documentation for details"; + }; + + messageJournalDir = mkOption { + type = types.str; + default = "/var/lib/graylog/data/journal"; + description = "The directory which will be used to store the message journal. The directory must be exclusively used by Graylog and must not contain any other files than the ones created by Graylog itself"; + }; + + mongodbUri = mkOption { + type = types.str; + default = "mongodb://localhost/graylog"; + description = "MongoDB connection string. See http://docs.mongodb.org/manual/reference/connection-string/ for details"; + }; + + extraConfig = mkOption { + type = types.str; + default = ""; + description = "Any other configuration options you might want to add"; + }; + + }; + }; + + + ###### implementation + + config = mkIf cfg.enable { + + users.extraUsers = mkIf (cfg.user == "graylog") { + graylog = { + uid = config.ids.uids.graylog; + description = "Graylog server daemon user"; + }; + }; + + systemd.services.graylog = with pkgs; { + description = "Graylog Server"; + wantedBy = [ "multi-user.target" ]; + environment = { + JAVA_HOME = jre; + GRAYLOG_CONF = "${confFile}"; + }; + path = [ pkgs.openjdk8 pkgs.which pkgs.procps ]; + preStart = '' + mkdir -p /var/lib/graylog -m 755 + chown -R ${cfg.user} /var/lib/graylog + + mkdir -p ${cfg.messageJournalDir} -m 755 + chown -R ${cfg.user} ${cfg.messageJournalDir} + ''; + serviceConfig = { + User="${cfg.user}"; + PermissionsStartOnly=true; + ExecStart = "${cfg.package}/bin/graylogctl run"; + }; + }; + }; +} -- cgit 1.4.1 From ecfc523d32b6969fbb0c5641fb2d155812e2b9f8 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Fri, 29 Apr 2016 10:28:35 +0200 Subject: Update EC2 AMIs to 16.03.659.011ea84 This includes the binutils mass rebuild. --- nixos/modules/virtualisation/ec2-amis.nix | 72 +++++++++++++++---------------- 1 file changed, 36 insertions(+), 36 deletions(-) (limited to 'nixos') diff --git a/nixos/modules/virtualisation/ec2-amis.nix b/nixos/modules/virtualisation/ec2-amis.nix index e0aad5e42f20..5257aaf62025 100644 --- a/nixos/modules/virtualisation/ec2-amis.nix +++ b/nixos/modules/virtualisation/ec2-amis.nix @@ -90,40 +90,40 @@ "15.09".us-west-2.pv-ebs = "ami-005fb160"; "15.09".us-west-2.pv-s3 = "ami-cd55bbad"; - "16.03".ap-northeast-1.hvm-ebs = "ami-885040e6"; - "16.03".ap-northeast-1.hvm-s3 = "ami-d15a4abf"; - "16.03".ap-northeast-1.pv-ebs = "ami-7f455511"; - "16.03".ap-northeast-1.pv-s3 = "ami-6d7d6d03"; - "16.03".ap-southeast-1.hvm-ebs = "ami-478a5f24"; - "16.03".ap-southeast-1.hvm-s3 = "ami-b2885dd1"; - "16.03".ap-southeast-1.pv-ebs = "ami-55b46136"; - "16.03".ap-southeast-1.pv-s3 = "ami-92b762f1"; - "16.03".ap-southeast-2.hvm-ebs = "ami-26b09345"; - "16.03".ap-southeast-2.hvm-s3 = "ami-52ac8f31"; - "16.03".ap-southeast-2.pv-ebs = "ami-1fb3907c"; - "16.03".ap-southeast-2.pv-s3 = "ami-49b1922a"; - "16.03".eu-central-1.hvm-ebs = "ami-2bd63744"; - "16.03".eu-central-1.hvm-s3 = "ami-82d435ed"; - "16.03".eu-central-1.pv-ebs = "ami-b729c8d8"; - "16.03".eu-central-1.pv-s3 = "ami-a12dccce"; - "16.03".eu-west-1.hvm-ebs = "ami-87c242f4"; - "16.03".eu-west-1.hvm-s3 = "ami-b6c343c5"; - "16.03".eu-west-1.pv-ebs = "ami-6bc94918"; - "16.03".eu-west-1.pv-s3 = "ami-00cb4b73"; - "16.03".sa-east-1.hvm-ebs = "ami-845cd3e8"; - "16.03".sa-east-1.hvm-s3 = "ami-8142cded"; - "16.03".sa-east-1.pv-ebs = "ami-1643cc7a"; - "16.03".sa-east-1.pv-s3 = "ami-1646c97a"; - "16.03".us-east-1.hvm-ebs = "ami-2cc4d046"; - "16.03".us-east-1.hvm-s3 = "ami-9bc9ddf1"; - "16.03".us-east-1.pv-ebs = "ami-7df4e017"; - "16.03".us-east-1.pv-s3 = "ami-90f2e6fa"; - "16.03".us-west-1.hvm-ebs = "ami-d8116db8"; - "16.03".us-west-1.hvm-s3 = "ami-a7166ac7"; - "16.03".us-west-1.pv-ebs = "ami-e90c7089"; - "16.03".us-west-1.pv-s3 = "ami-5b0c703b"; - "16.03".us-west-2.hvm-ebs = "ami-b339ccd3"; - "16.03".us-west-2.hvm-s3 = "ami-2c3bce4c"; - "16.03".us-west-2.pv-ebs = "ami-0625d066"; - "16.03".us-west-2.pv-s3 = "ami-7414e114"; + "16.03".ap-northeast-1.hvm-ebs = "ami-b6edf5d8"; + "16.03".ap-northeast-1.hvm-s3 = "ami-b1e3fbdf"; + "16.03".ap-northeast-1.pv-ebs = "ami-6190880f"; + "16.03".ap-northeast-1.pv-s3 = "ami-908d95fe"; + "16.03".ap-southeast-1.hvm-ebs = "ami-35b16656"; + "16.03".ap-southeast-1.hvm-s3 = "ami-41be6922"; + "16.03".ap-southeast-1.pv-ebs = "ami-4cb96e2f"; + "16.03".ap-southeast-1.pv-s3 = "ami-3bb96e58"; + "16.03".ap-southeast-2.hvm-ebs = "ami-debc91bd"; + "16.03".ap-southeast-2.hvm-s3 = "ami-55bc9136"; + "16.03".ap-southeast-2.pv-ebs = "ami-b38ba6d0"; + "16.03".ap-southeast-2.pv-s3 = "ami-9e8ba6fd"; + "16.03".eu-central-1.hvm-ebs = "ami-7c967413"; + "16.03".eu-central-1.hvm-s3 = "ami-b29072dd"; + "16.03".eu-central-1.pv-ebs = "ami-7a947615"; + "16.03".eu-central-1.pv-s3 = "ami-729b791d"; + "16.03".eu-west-1.hvm-ebs = "ami-ff27a98c"; + "16.03".eu-west-1.hvm-s3 = "ami-6c21af1f"; + "16.03".eu-west-1.pv-ebs = "ami-a33cb2d0"; + "16.03".eu-west-1.pv-s3 = "ami-ec38b69f"; + "16.03".sa-east-1.hvm-ebs = "ami-5bef6637"; + "16.03".sa-east-1.hvm-s3 = "ami-55f87139"; + "16.03".sa-east-1.pv-ebs = "ami-76e56c1a"; + "16.03".sa-east-1.pv-s3 = "ami-e1f8718d"; + "16.03".us-east-1.hvm-ebs = "ami-4bfd1926"; + "16.03".us-east-1.hvm-s3 = "ami-60c5210d"; + "16.03".us-east-1.pv-ebs = "ami-c0c92dad"; + "16.03".us-east-1.pv-s3 = "ami-f9d63294"; + "16.03".us-west-1.hvm-ebs = "ami-13aad473"; + "16.03".us-west-1.hvm-s3 = "ami-e1a8d681"; + "16.03".us-west-1.pv-ebs = "ami-c0a6d8a0"; + "16.03".us-west-1.pv-s3 = "ami-6aa9d70a"; + "16.03".us-west-2.hvm-ebs = "ami-265dad46"; + "16.03".us-west-2.hvm-s3 = "ami-cd40b0ad"; + "16.03".us-west-2.pv-ebs = "ami-7b4aba1b"; + "16.03".us-west-2.pv-s3 = "ami-0849b968"; } -- cgit 1.4.1 From 83c0aca062369aa43d5e692f22ff22e8d2e787a1 Mon Sep 17 00:00:00 2001 From: Nahum Shalman Date: Fri, 8 Apr 2016 13:53:27 +0000 Subject: installer: simple PXE bootable NixOS installer MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The Nix store squashfs is stored inside the initrd instead of separately (cherry picked from commit 976fd407796877b538c470d3a5253ad3e1f7bc68) Signed-off-by: Domen Kožar --- nixos/modules/installer/netboot/netboot-base.nix | 20 +++++ .../modules/installer/netboot/netboot-minimal.nix | 10 +++ nixos/modules/installer/netboot/netboot.nix | 91 ++++++++++++++++++++++ nixos/release.nix | 14 ++++ nixos/tests/boot.nix | 40 +++++++++- 5 files changed, 173 insertions(+), 2 deletions(-) create mode 100644 nixos/modules/installer/netboot/netboot-base.nix create mode 100644 nixos/modules/installer/netboot/netboot-minimal.nix create mode 100644 nixos/modules/installer/netboot/netboot.nix (limited to 'nixos') diff --git a/nixos/modules/installer/netboot/netboot-base.nix b/nixos/modules/installer/netboot/netboot-base.nix new file mode 100644 index 000000000000..b12eaccf8707 --- /dev/null +++ b/nixos/modules/installer/netboot/netboot-base.nix @@ -0,0 +1,20 @@ +# This module contains the basic configuration for building netboot +# images + +{ config, lib, pkgs, ... }: + +with lib; + +{ + imports = + [ ./netboot.nix + + # Profiles of this basic netboot media + ../../profiles/all-hardware.nix + ../../profiles/base.nix + ../../profiles/installation-device.nix + ]; + + # Allow the user to log in as root without a password. + users.extraUsers.root.initialHashedPassword = ""; +} diff --git a/nixos/modules/installer/netboot/netboot-minimal.nix b/nixos/modules/installer/netboot/netboot-minimal.nix new file mode 100644 index 000000000000..8ad6234edc77 --- /dev/null +++ b/nixos/modules/installer/netboot/netboot-minimal.nix @@ -0,0 +1,10 @@ +# This module defines a small netboot environment. + +{ config, lib, ... }: + +{ + imports = + [ ./netboot-base.nix + ../../profiles/minimal.nix + ]; +} diff --git a/nixos/modules/installer/netboot/netboot.nix b/nixos/modules/installer/netboot/netboot.nix new file mode 100644 index 000000000000..366591a81148 --- /dev/null +++ b/nixos/modules/installer/netboot/netboot.nix @@ -0,0 +1,91 @@ +# This module creates netboot media containing the given NixOS +# configuration. + +{ config, lib, pkgs, ... }: + +with lib; + +{ + options = { + + netboot.storeContents = mkOption { + example = literalExample "[ pkgs.stdenv ]"; + description = '' + This option lists additional derivations to be included in the + Nix store in the generated netboot image. + ''; + }; + + }; + + config = { + + boot.loader.grub.version = 2; + + # Don't build the GRUB menu builder script, since we don't need it + # here and it causes a cyclic dependency. + boot.loader.grub.enable = false; + + boot.initrd.postMountCommands = '' + mkdir -p /mnt-root/nix/store + mount -t squashfs /nix-store.squashfs /mnt-root/nix/store + ''; + + # !!! Hack - attributes expected by other modules. + system.boot.loader.kernelFile = "bzImage"; + environment.systemPackages = [ pkgs.grub2 pkgs.grub2_efi pkgs.syslinux ]; + + boot.consoleLogLevel = mkDefault 7; + + fileSystems."/" = + { fsType = "tmpfs"; + options = [ "mode=0755" ]; + }; + + boot.initrd.availableKernelModules = [ "squashfs" ]; + + boot.initrd.kernelModules = [ "loop" ]; + + # Closures to be copied to the Nix store, namely the init + # script and the top-level system configuration directory. + netboot.storeContents = + [ config.system.build.toplevel ]; + + # Create the squashfs image that contains the Nix store. + system.build.squashfsStore = import ../../../lib/make-squashfs.nix { + inherit (pkgs) stdenv squashfsTools perl pathsFromGraph; + storeContents = config.netboot.storeContents; + }; + + + # Create the initrd + system.build.netbootRamdisk = pkgs.makeInitrd { + inherit (config.boot.initrd) compressor; + prepend = [ "${config.system.build.initialRamdisk}/initrd" ]; + + contents = + [ { object = config.system.build.squashfsStore; + symlink = "/nix-store.squashfs"; + } + ]; + }; + + system.build.netbootIpxeScript = pkgs.writeTextDir "netboot.ipxe" "#!ipxe\nkernel bzImage init=${config.system.build.toplevel}/init ${toString config.boot.kernelParams}\ninitrd initrd\nboot"; + + boot.loader.timeout = 10; + + boot.postBootCommands = + '' + # After booting, register the contents of the Nix store + # in the Nix database in the tmpfs. + ${config.nix.package}/bin/nix-store --load-db < /nix/store/nix-path-registration + + # nixos-rebuild also requires a "system" profile and an + # /etc/NIXOS tag. + touch /etc/NIXOS + ${config.nix.package}/bin/nix-env -p /nix/var/nix/profiles/system --set /run/current-system + ''; + + }; + +} diff --git a/nixos/release.nix b/nixos/release.nix index d78c1bb1c150..fa4a98601509 100644 --- a/nixos/release.nix +++ b/nixos/release.nix @@ -104,6 +104,20 @@ in rec { initialRamdisk = buildFromConfig ({ pkgs, ... }: { }) (config: config.system.build.initialRamdisk); + netboot = let build = (import lib/eval-config.nix { + system = "x86_64-linux"; + modules = [ + ./modules/installer/netboot/netboot-minimal.nix + versionModule + ]; + }).config.system.build; + in + pkgs.symlinkJoin "netboot" [ + build.netbootRamdisk + build.kernel + build.netbootIpxeScript + ]; + iso_minimal = forAllSystems (system: makeIso { module = ./modules/installer/cd-dvd/installation-cd-minimal.nix; type = "minimal"; diff --git a/nixos/tests/boot.nix b/nixos/tests/boot.nix index 905d16458825..a138ba4bcf08 100644 --- a/nixos/tests/boot.nix +++ b/nixos/tests/boot.nix @@ -44,5 +44,41 @@ in { usb => glob("${iso}/iso/*.iso"), bios => '${pkgs.OVMF}/FV/OVMF.fd' ''; - } - + netboot = let + config = (import ../lib/eval-config.nix { + inherit system; + modules = + [ ../modules/installer/netboot/netboot.nix + ../modules/testing/test-instrumentation.nix + { key = "serial"; } + ]; + }).config; + ipxeScriptDir = pkgs.writeTextFile { + name = "ipxeScriptDir"; + text = '' + #!ipxe + dhcp + kernel bzImage init=${config.system.build.toplevel}/init ${toString config.boot.kernelParams} console=ttyS0 + initrd initrd + boot + ''; + destination = "/boot.ipxe"; + }; + ipxeBootDir = pkgs.symlinkJoin "ipxeBootDir" [ + config.system.build.netbootRamdisk + config.system.build.kernel + ipxeScriptDir + ]; + in + makeTest { + name = "boot-netboot"; + nodes = { }; + testScript = + '' + my $machine = createMachine({ qemuFlags => '-boot order=n -net nic,model=e1000 -net user,tftp=${ipxeBootDir}/,bootfile=boot.ipxe -m 2000M' }); + $machine->start; + $machine->waitForUnit("multi-user.target"); + $machine->shutdown; + ''; + }; +} \ No newline at end of file -- cgit 1.4.1 From 90d7041ce4d270bbcf0efefd1d1e42c097c1335d Mon Sep 17 00:00:00 2001 From: Domen Kožar Date: Fri, 29 Apr 2016 10:41:13 +0100 Subject: PXE boot: add manual section and note in changelog --- nixos/doc/manual/installation/installing-pxe.xml | 48 ++++++++++++++++++++++++ nixos/doc/manual/installation/installing.xml | 1 + nixos/doc/manual/release-notes/release-notes.xml | 1 + nixos/doc/manual/release-notes/rl-1609.xml | 48 ++++++++++++++++++++++++ 4 files changed, 98 insertions(+) create mode 100644 nixos/doc/manual/installation/installing-pxe.xml create mode 100644 nixos/doc/manual/release-notes/rl-1609.xml (limited to 'nixos') diff --git a/nixos/doc/manual/installation/installing-pxe.xml b/nixos/doc/manual/installation/installing-pxe.xml new file mode 100644 index 000000000000..7b7597c91626 --- /dev/null +++ b/nixos/doc/manual/installation/installing-pxe.xml @@ -0,0 +1,48 @@ +
+ +Booting from the <quote>netboot</quote> media (PXE) + + Advanced users may wish to install NixOS using an existing PXE or + iPXE setup. + + + These instructions assume that you have an existing PXE or iPXE + infrastructure and simply want to add the NixOS installer as another + option. To build the necessary files from a recent version of + nixpkgs, you can run: + + +nix-build -A netboot nixos/release.nix + + + This will create a result directory containing: * + bzImage – the Linux kernel * + initrd – the initrd file * + netboot.ipxe – an example ipxe script + demonstrating the appropriate kernel command line arguments for this + image + + + If you’re using plain PXE, configure your boot loader to use the + bzImage and initrd files and + have it provide the same kernel command line arguments found in + netboot.ipxe. + + + If you’re using iPXE, depending on how your HTTP/FTP/etc. server is + configured you may be able to use netboot.ipxe + unmodified, or you may need to update the paths to the files to + match your server’s directory layout + + + In the future we may begin making these files available as build + products from hydra at which point we will update this documentation + with instructions on how to obtain them either for placing on a + dedicated TFTP server or to boot them directly over the internet. + + +
diff --git a/nixos/doc/manual/installation/installing.xml b/nixos/doc/manual/installation/installing.xml index 4a0b3fee7c18..3e53062c3e84 100644 --- a/nixos/doc/manual/installation/installing.xml +++ b/nixos/doc/manual/installation/installing.xml @@ -270,5 +270,6 @@ $ reboot + diff --git a/nixos/doc/manual/release-notes/release-notes.xml b/nixos/doc/manual/release-notes/release-notes.xml index 2beaab00800d..31a7ae04a4f5 100644 --- a/nixos/doc/manual/release-notes/release-notes.xml +++ b/nixos/doc/manual/release-notes/release-notes.xml @@ -9,6 +9,7 @@ This section lists the release notes for each stable version of NixOS and current unstable revision. + diff --git a/nixos/doc/manual/release-notes/rl-1609.xml b/nixos/doc/manual/release-notes/rl-1609.xml new file mode 100644 index 000000000000..22dea8029242 --- /dev/null +++ b/nixos/doc/manual/release-notes/rl-1609.xml @@ -0,0 +1,48 @@ +
+ +Release 16.09 (“Flounder”, 2016/09/??) + +In addition to numerous new and upgraded packages, this release +has the following highlights: + + + + + PXE "netboot" media has landed in . + See for documentation. + + + + +The following new services were added since the last release: + + + (this will get automatically generated at release time) + + + +When upgrading from a previous release, please be aware of the +following incompatible changes: + + + + todo + + + + +Other notable improvements: + + + + todo + + + + + +
-- cgit 1.4.1 From 7d7380b0110d21ff208a06fe7c930783f90c6944 Mon Sep 17 00:00:00 2001 From: Philipp Hausmann Date: Fri, 29 Apr 2016 12:01:13 +0200 Subject: elasticsearch: Install elastic search modules properly, fixes groovy script support. --- nixos/modules/services/search/elasticsearch.nix | 1 + pkgs/servers/search/elasticsearch/2.x.nix | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) (limited to 'nixos') diff --git a/nixos/modules/services/search/elasticsearch.nix b/nixos/modules/services/search/elasticsearch.nix index c51a42b8e9c1..17ac8fe7e245 100644 --- a/nixos/modules/services/search/elasticsearch.nix +++ b/nixos/modules/services/search/elasticsearch.nix @@ -145,6 +145,7 @@ in { # Install plugins ln -sfT ${esPlugins}/plugins ${cfg.dataDir}/plugins ln -sfT ${cfg.package}/lib ${cfg.dataDir}/lib + ln -sfT ${cfg.package}/modules ${cfg.dataDir}/modules if [ "$(id -u)" = 0 ]; then chown -R elasticsearch ${cfg.dataDir}; fi ''; postStart = mkBefore '' diff --git a/pkgs/servers/search/elasticsearch/2.x.nix b/pkgs/servers/search/elasticsearch/2.x.nix index 33a052673958..9495106ea00a 100644 --- a/pkgs/servers/search/elasticsearch/2.x.nix +++ b/pkgs/servers/search/elasticsearch/2.x.nix @@ -18,7 +18,7 @@ stdenv.mkDerivation rec { installPhase = '' mkdir -p $out - cp -R bin config lib $out + cp -R bin config lib modules $out # don't want to have binary with name plugin mv $out/bin/plugin $out/bin/elasticsearch-plugin -- cgit 1.4.1 From 928cf63a9214e4ceb802d9126c8b824d374dea8f Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Fri, 29 Apr 2016 20:46:36 +0200 Subject: netboot -> netboot.x86_64-linux For consistency, and in case we ever want to support another architecture. --- nixos/release.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'nixos') diff --git a/nixos/release.nix b/nixos/release.nix index fa4a98601509..ab4e1aaf7d4d 100644 --- a/nixos/release.nix +++ b/nixos/release.nix @@ -103,8 +103,7 @@ in rec { # Build the initial ramdisk so Hydra can keep track of its size over time. initialRamdisk = buildFromConfig ({ pkgs, ... }: { }) (config: config.system.build.initialRamdisk); - - netboot = let build = (import lib/eval-config.nix { + netboot.x86_64-linux = let build = (import lib/eval-config.nix { system = "x86_64-linux"; modules = [ ./modules/installer/netboot/netboot-minimal.nix -- cgit 1.4.1 From e704c90b50ff7638d2bdfec5ea50903e6c43e5a7 Mon Sep 17 00:00:00 2001 From: NotaseCretagen Date: Sat, 30 Apr 2016 14:14:06 +0300 Subject: Manual: rephrase definition for indented strings (#15086) Closes #15076 --- nixos/doc/manual/configuration/config-file.xml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'nixos') diff --git a/nixos/doc/manual/configuration/config-file.xml b/nixos/doc/manual/configuration/config-file.xml index 9b240979273d..645257687fd6 100644 --- a/nixos/doc/manual/configuration/config-file.xml +++ b/nixos/doc/manual/configuration/config-file.xml @@ -106,11 +106,15 @@ networking.extraHosts = ''; - The main difference is that preceding whitespace is - automatically stripped from each line, and that characters like + The main difference is that it strips from each line + a number of spaces equal to the minimal indentation of + the string as a whole (disregarding the indentation of + empty lines), and that characters like " and \ are not special (making it more convenient for including things like shell code). + See more info about this in the Nix manual here. -- cgit 1.4.1 From d2dcbd3c00cc55e71a7b816db51cb76dbd9ca16f Mon Sep 17 00:00:00 2001 From: Domen Kožar Date: Sat, 30 Apr 2016 14:29:09 +0100 Subject: Revert "Manual: rephrase definition for indented strings" (#15103) --- nixos/doc/manual/configuration/config-file.xml | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) (limited to 'nixos') diff --git a/nixos/doc/manual/configuration/config-file.xml b/nixos/doc/manual/configuration/config-file.xml index 645257687fd6..9b240979273d 100644 --- a/nixos/doc/manual/configuration/config-file.xml +++ b/nixos/doc/manual/configuration/config-file.xml @@ -106,15 +106,11 @@ networking.extraHosts = ''; - The main difference is that it strips from each line - a number of spaces equal to the minimal indentation of - the string as a whole (disregarding the indentation of - empty lines), and that characters like + The main difference is that preceding whitespace is + automatically stripped from each line, and that characters like " and \ are not special (making it more convenient for including things like shell code). - See more info about this in the Nix manual here. -- cgit 1.4.1 From 7e32b83d779fec08fa055ece6bd936f9efa929a4 Mon Sep 17 00:00:00 2001 From: iarizc Leuname Date: Fri, 29 Apr 2016 20:49:56 +0300 Subject: Manual: rephrase definition for indented strings Closes #15076 --- nixos/doc/manual/configuration/config-file.xml | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) (limited to 'nixos') diff --git a/nixos/doc/manual/configuration/config-file.xml b/nixos/doc/manual/configuration/config-file.xml index 9b240979273d..3d1cdaf4c4ab 100644 --- a/nixos/doc/manual/configuration/config-file.xml +++ b/nixos/doc/manual/configuration/config-file.xml @@ -106,11 +106,15 @@ networking.extraHosts = ''; - The main difference is that preceding whitespace is - automatically stripped from each line, and that characters like + The main difference is that it strips from each line + a number of spaces equal to the minimal indentation of + the string as a whole (disregarding the indentation of + empty lines), and that characters like " and \ are not special (making it more convenient for including things like shell - code). + code). + See more info about this in the Nix manual here. -- cgit 1.4.1 From 640ec5f6491ad9b6c37d12db0450745d9c7c59c7 Mon Sep 17 00:00:00 2001 From: Domen Kožar Date: Sun, 1 May 2016 10:00:31 +0100 Subject: netboot: fix eval --- nixos/release.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'nixos') diff --git a/nixos/release.nix b/nixos/release.nix index ab4e1aaf7d4d..8409191200c8 100644 --- a/nixos/release.nix +++ b/nixos/release.nix @@ -111,11 +111,11 @@ in rec { ]; }).config.system.build; in - pkgs.symlinkJoin "netboot" [ + pkgs.symlinkJoin {name="netboot"; paths=[ build.netbootRamdisk build.kernel build.netbootIpxeScript - ]; + ];}; iso_minimal = forAllSystems (system: makeIso { module = ./modules/installer/cd-dvd/installation-cd-minimal.nix; -- cgit 1.4.1 From 5508687ec21ad43baac96443728ccce527954ee7 Mon Sep 17 00:00:00 2001 From: Tobias Geerinckx-Rice Date: Sun, 1 May 2016 14:38:08 +0200 Subject: Remove now useless proprietary Copy.com client and service SaaS. --- nixos/modules/services/networking/copy-com.nix | 54 -------------------- pkgs/applications/networking/copy-com/default.nix | 62 ----------------------- pkgs/top-level/all-packages.nix | 2 - 3 files changed, 118 deletions(-) delete mode 100644 nixos/modules/services/networking/copy-com.nix delete mode 100644 pkgs/applications/networking/copy-com/default.nix (limited to 'nixos') diff --git a/nixos/modules/services/networking/copy-com.nix b/nixos/modules/services/networking/copy-com.nix deleted file mode 100644 index ee0d043d471b..000000000000 --- a/nixos/modules/services/networking/copy-com.nix +++ /dev/null @@ -1,54 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; - -let - - cfg = config.services.copy-com; - -in - -{ - options = { - - services.copy-com = { - - enable = mkOption { - default = false; - description = " - Enable the Copy.com client. - NOTE: before enabling the client for the first time, it must be - configured by first running CopyConsole (command line) or CopyAgent - (graphical) as the appropriate user. - "; - }; - - user = mkOption { - description = "The user for which the Copy.com client should be run."; - }; - - debug = mkOption { - default = false; - description = "Output more (debugging) messages to the console."; - }; - }; - }; - - config = mkIf cfg.enable { - environment.systemPackages = [ pkgs.postfix ]; - - systemd.services."copy-com-${cfg.user}" = { - description = "Copy.com client"; - wants = [ "network-online.target" ]; - after = [ "network-online.target" "local-fs.target" ]; - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - ExecStart = "${pkgs.copy-com}/bin/CopyConsole ${if cfg.debug then "-consoleOutput -debugToConsole=dirwatch,path-watch,csm_path,csm -debug -console" else ""}"; - User = "${cfg.user}"; - }; - - }; - }; - -} - diff --git a/pkgs/applications/networking/copy-com/default.nix b/pkgs/applications/networking/copy-com/default.nix deleted file mode 100644 index 21dc23739775..000000000000 --- a/pkgs/applications/networking/copy-com/default.nix +++ /dev/null @@ -1,62 +0,0 @@ -{ stdenv, fetchurl, patchelf, fontconfig, freetype -, gcc, glib, libICE, libSM, libX11, libXext, libXrender }: - -let - arch = if stdenv.system == "x86_64-linux" then "x86_64" - else if stdenv.system == "i686-linux" then "x86" - else if stdenv.system == "armv6-linux" then "armv6h" - else throw "Copy.com client for: ${stdenv.system} not supported!"; - - interpreter = if stdenv.system == "x86_64-linux" then "ld-linux-x86-64.so.2" - else if stdenv.system == "i686-linux" then "ld-linux.so.2" - else if stdenv.system == "armv6-linux" then "ld-linux.so.2" - else throw "Copy.com client for: ${stdenv.system} not supported!"; - - appdir = "opt/copy"; - - libPackages = [ fontconfig freetype gcc.cc glib libICE libSM libX11 libXext - libXrender ]; - libPaths = stdenv.lib.concatStringsSep ":" - (map (path: "${path}/lib") libPackages); - -in stdenv.mkDerivation { - - name = "copy-com-3.2.01.0481"; - - src = fetchurl { - # Note: copy.com doesn't version this file. Annoying. - url = "https://copy.com/install/linux/Copy.tgz"; - sha256 = "0bpphm71mqpaiygs57kwa23nli0qm64fvgl1qh7fkxyqqabh4g7k"; - }; - - nativeBuildInputs = [ patchelf ]; - - phases = "unpackPhase installPhase"; - - installPhase = '' - mkdir -p $out/opt - cp -r ${arch} "$out/${appdir}" - - mkdir -p "$out/bin" - for binary in Copy{Agent,Console,Cmd}; do - binary="$out/${appdir}/$binary" - ln -sv "$binary" "$out/bin" - patchelf --set-interpreter ${stdenv.glibc.out}/lib/${interpreter} "$binary" - done - - RPATH=${libPaths}:$out/${appdir} - echo "Updating rpaths to $RPATH in:" - find "$out/${appdir}" -type f -a -perm -0100 \ - -print -exec patchelf --force-rpath --set-rpath "$RPATH" {} \; - ''; - - meta = with stdenv.lib; { - homepage = http://copy.com; - description = "Copy.com graphical & command-line clients"; - # Closed Source unfortunately. - license = licenses.unfree; - maintainers = with maintainers; [ nathan-gs nckx ]; - # NOTE: Copy.com itself only works on linux, so this is ok. - platforms = platforms.linux; - }; -} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 5b391263b1fa..0ebaa28cdfe6 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -13899,8 +13899,6 @@ in bittorrentSync14 = callPackage ../applications/networking/bittorrentsync/1.4.x.nix { }; bittorrentSync20 = callPackage ../applications/networking/bittorrentsync/2.0.x.nix { }; - copy-com = callPackage ../applications/networking/copy-com { }; - dropbox = qt55.callPackage ../applications/networking/dropbox { }; dropbox-cli = callPackage ../applications/networking/dropbox-cli { }; -- cgit 1.4.1 From 758e8bd1a1ae9a77a33f4168a778158446179e93 Mon Sep 17 00:00:00 2001 From: Raymond Gauthier Date: Fri, 29 Apr 2016 21:45:21 -0400 Subject: brscan4: init at 0.4.3-3 A sane backend for recent brother scanners. Depends on the presence of etc files generated by the nixos module of the same name. Supports network scanner specification through the nixos module. --- .../hardware/sane_extra_backends/brscan4.nix | 116 ++++++++++++++ .../sane_extra_backends/brscan4_etc_files.nix | 71 +++++++++ .../graphics/sane/backends/brscan4/default.nix | 97 ++++++++++++ .../graphics/sane/backends/brscan4/preload.c | 170 +++++++++++++++++++++ .../sane/backends/brscan4/udev_rules_type1.nix | 60 ++++++++ pkgs/top-level/all-packages.nix | 2 + 6 files changed, 516 insertions(+) create mode 100644 nixos/modules/services/hardware/sane_extra_backends/brscan4.nix create mode 100644 nixos/modules/services/hardware/sane_extra_backends/brscan4_etc_files.nix create mode 100644 pkgs/applications/graphics/sane/backends/brscan4/default.nix create mode 100644 pkgs/applications/graphics/sane/backends/brscan4/preload.c create mode 100644 pkgs/applications/graphics/sane/backends/brscan4/udev_rules_type1.nix (limited to 'nixos') diff --git a/nixos/modules/services/hardware/sane_extra_backends/brscan4.nix b/nixos/modules/services/hardware/sane_extra_backends/brscan4.nix new file mode 100644 index 000000000000..3ec74458cd29 --- /dev/null +++ b/nixos/modules/services/hardware/sane_extra_backends/brscan4.nix @@ -0,0 +1,116 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.hardware.sane.brscan4; + + netDeviceList = attrValues cfg.netDevices; + + etcFiles = pkgs.callPackage ./brscan4_etc_files.nix { netDevices = netDeviceList; }; + + netDeviceOpts = { name, config, ... }: { + + options = { + + name = mkOption { + type = types.str; + description = '' + The friendly name you give to the network device. If undefined, + the name of attribute will be used. + ''; + + example = literalExample "office1"; + }; + + model = mkOption { + type = types.str; + description = '' + The model of the network device. + ''; + + example = literalExample "MFC-7860DW"; + }; + + ip = mkOption { + type = with types; nullOr str; + default = null; + description = '' + The ip address of the device. If undefined, you will have to + provide a nodename. + ''; + + example = literalExample "192.168.1.2"; + }; + + nodename = mkOption { + type = with types; nullOr str; + default = null; + description = '' + The node name of the device. If undefined, you will have to + provide an ip. + ''; + + example = literalExample "BRW0080927AFBCE"; + }; + + }; + + + config = + { name = mkDefault name; + }; + }; + +in + +{ + options = { + + hardware.sane.brscan4.enable = + mkEnableOption "Brother's brscan4 scan backend" // { + description = '' + When enabled, will automatically register the "brscan4" sane + backend and bring configuration files to their expected location. + ''; + }; + + hardware.sane.brscan4.netDevices = mkOption { + default = {}; + example = + { office1 = { model = "MFC-7860DW"; ip = "192.168.1.2"; }; + office2 = { model = "MFC-7860DW"; nodename = "BRW0080927AFBCE"; }; + }; + type = types.loaOf types.optionSet; + description = '' + The list of network devices that will be registered against the brscan4 + sane backend. + ''; + options = [ netDeviceOpts ]; + }; + }; + + config = mkIf (config.hardware.sane.enable && cfg.enable) { + + hardware.sane.extraBackends = [ + pkgs.brscan4 + ]; + + environment.etc = singleton { + target = "opt/brother/scanner/brscan4"; + source = "${etcFiles}/etc/opt/brother/scanner/brscan4"; + }; + + assertions = [ + { assertion = all (x: !(null != x.ip && null != x.nodename)) netDeviceList; + + message = '' + When describing a network device as part of the attribute list + `hardware.sane.brscan4.netDevices`, only one of its `ip` or `nodename` + attribute should be specified, not both! + ''; + } + ]; + + }; +} \ No newline at end of file diff --git a/nixos/modules/services/hardware/sane_extra_backends/brscan4_etc_files.nix b/nixos/modules/services/hardware/sane_extra_backends/brscan4_etc_files.nix new file mode 100644 index 000000000000..bd114f0d2cca --- /dev/null +++ b/nixos/modules/services/hardware/sane_extra_backends/brscan4_etc_files.nix @@ -0,0 +1,71 @@ +{ stdenv, lib, brscan4, netDevices ? [] }: + +/* + +Testing +------- + +No net devices: + +~~~ +nix-shell -E 'with import { }; brscan4-etc-files' +~~~ + +Two net devices: + +~~~ +nix-shell -E 'with import { }; brscan4-etc-files.override{netDevices=[{name="a"; model="MFC-7860DW"; nodename="BRW0080927AFBCE";} {name="b"; model="MFC-7860DW"; ip="192.168.1.2";}];}' +~~~ + +*/ + +with lib; + +let + + addNetDev = nd: '' + brsaneconfig4 -a \ + name="${nd.name}" \ + model="${nd.model}" \ + ${if (hasAttr "nodename" nd && nd.nodename != null) then + ''nodename="${nd.nodename}"'' else + ''ip="${nd.ip}"''}''; + addAllNetDev = xs: concatStringsSep "\n" (map addNetDev xs); +in + +stdenv.mkDerivation rec { + + name = "brscan4-etc-files-0.4.3-3"; + src = "${brscan4}/opt/brother/scanner/brscan4"; + + nativeBuildInputs = [ brscan4 ]; + + configurePhase = ":"; + + buildPhase = '' + TARGET_DIR="$out/etc/opt/brother/scanner/brscan4" + mkdir -p "$TARGET_DIR" + cp -rp "./models4" "$TARGET_DIR" + cp -rp "./Brsane4.ini" "$TARGET_DIR" + cp -rp "./brsanenetdevice4.cfg" "$TARGET_DIR" + + export BRSANENETDEVICE4_CFG_FILENAME="$TARGET_DIR/brsanenetdevice4.cfg" + + printf '${addAllNetDev netDevices}\n' + + ${addAllNetDev netDevices} + ''; + + installPhase = ":"; + + dontStrip = true; + dontPatchELF = true; + + meta = { + description = "Brother brscan4 sane backend driver etc files"; + homepage = http://www.brother.com; + platforms = stdenv.lib.platforms.linux; + license = stdenv.lib.licenses.unfree; + maintainers = with stdenv.lib.maintainers; [ jraygauthier ]; + }; +} diff --git a/pkgs/applications/graphics/sane/backends/brscan4/default.nix b/pkgs/applications/graphics/sane/backends/brscan4/default.nix new file mode 100644 index 000000000000..7b22e88bb840 --- /dev/null +++ b/pkgs/applications/graphics/sane/backends/brscan4/default.nix @@ -0,0 +1,97 @@ +{ stdenv, fetchurl, callPackage, patchelf, makeWrapper, coreutils, libusb }: + +/* + + +*/ + +let + + myPatchElf = file: with stdenv.lib; '' + patchelf --set-interpreter \ + ${stdenv.glibc}/lib/ld-linux${optionalString stdenv.is64bit "-x86-64"}.so.2 \ + ${file} + ''; + + udevRules = callPackage ./udev_rules_type1.nix {}; + +in + +stdenv.mkDerivation rec { + + name = "brscan4-0.4.3-3"; + src = fetchurl { + url = "http://download.brother.com/welcome/dlf006645/${name}.amd64.deb"; + sha256 = "1nccyjl0b195pn6ya4q0zijb075q8r31v9z9a0hfzipfyvcj57n2"; + }; + + unpackPhase = '' + ar x $src + tar xfvz data.tar.gz + ''; + + nativeBuildInputs = [ makeWrapper patchelf coreutils udevRules ]; + buildInputs = [ libusb ]; + buildPhase = ":"; + + + patchPhase = '' + ${myPatchElf "opt/brother/scanner/brscan4/brsaneconfig4"} + + RPATH=${libusb}/lib + for a in usr/lib64/sane/*.so*; do + if ! test -L $a; then + patchelf --set-rpath $RPATH $a + fi + done + ''; + + installPhase = '' + + PATH_TO_BRSCAN4="opt/brother/scanner/brscan4" + mkdir -p $out/$PATH_TO_BRSCAN4 + cp -rp $PATH_TO_BRSCAN4/* $out/$PATH_TO_BRSCAN4 + mkdir -p $out/lib/sane + cp -rp usr/lib64/sane/* $out/lib/sane + + # Symbolic links were absolute. Fix them so that they point to $out. + pushd "$out/lib/sane" > /dev/null + for a in *.so*; do + if test -L $a; then + fixedTargetFileName="$(basename $(readlink $a))" + unlink "$a" + ln -s -T "$fixedTargetFileName" "$a" + fi + done + popd > /dev/null + + # Generate an LD_PRELOAD wrapper to redirect execvp(), open() and open64() + # calls to `/opt/brother/scanner/brscan4`. + preload=$out/libexec/brother/scanner/brscan4/libpreload.so + mkdir -p $(dirname $preload) + gcc -shared ${./preload.c} -o $preload -ldl -DOUT=\"$out\" -fPIC + + makeWrapper \ + "$out/$PATH_TO_BRSCAN4/brsaneconfig4" \ + "$out/bin/brsaneconfig4" \ + --set LD_PRELOAD $preload + + mkdir -p $out/etc/sane.d + echo "brother4" > $out/etc/sane.d/dll.conf + + mkdir -p $out/etc/udev/rules.d + cp -p ${udevRules}/etc/udev/rules.d/*.rules \ + $out/etc/udev/rules.d + ''; + + dontStrip = true; + dontPatchELF = true; + + meta = { + description = "Brother brscan4 sane backend driver"; + homepage = http://www.brother.com; + platforms = stdenv.lib.platforms.linux; + license = stdenv.lib.licenses.unfree; + maintainers = with stdenv.lib.maintainers; [ jraygauthier ]; + }; +} diff --git a/pkgs/applications/graphics/sane/backends/brscan4/preload.c b/pkgs/applications/graphics/sane/backends/brscan4/preload.c new file mode 100644 index 000000000000..016162770934 --- /dev/null +++ b/pkgs/applications/graphics/sane/backends/brscan4/preload.c @@ -0,0 +1,170 @@ +/* Brgen4 search for configuration under `/etc/opt/brother/scanner/brscan4`. This + LD_PRELOAD library intercepts execvp(), open and open64 calls to redirect them to + the corresponding location in $out. Also support specifying an alternate + file name for `brsanenetdevice4.cfg` which otherwise is invariable + created at `/etc/opt/brother/scanner/brscan4`*/ + +#define _GNU_SOURCE +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +char origDir [] = "/etc/opt/brother/scanner/brscan4"; +char realDir [] = OUT "/opt/brother/scanner/brscan4"; + +char devCfgFileNameEnvVar [] = "BRSANENETDEVICE4_CFG_FILENAME"; +char devCfgFileName [] = "/etc/opt/brother/scanner/brscan4//brsanenetdevice4.cfg"; + +const char * rewrite(const char * path, char * buf) +{ + if (strncmp(path, devCfgFileName, sizeof(devCfgFileName)) == 0) { + + const char* newCfgFileName = getenv(devCfgFileNameEnvVar); + if (!newCfgFileName) return path; + + if (snprintf(buf, PATH_MAX, "%s", newCfgFileName) >= PATH_MAX) + abort(); + return buf; + } + + if (strncmp(path, origDir, sizeof(origDir) - 1) != 0) return path; + if (snprintf(buf, PATH_MAX, "%s%s", realDir, path + sizeof(origDir) - 1) >= PATH_MAX) + abort(); + return buf; +} + +const char* findAndReplaceFirstOccurence(const char* inStr, const char* subStr, + const char* replaceStr, + char* buf, unsigned maxBuf) +{ + const char* foundStr = strstr(inStr, subStr); + if (!foundStr) + return inStr; + + const unsigned inStrLen = strlen(inStr); + const unsigned subStrLen = strlen(subStr); + const unsigned replaceStrLen = strlen(replaceStr); + + const unsigned precedingStrLen = foundStr - inStr; + if (precedingStrLen + 1 > maxBuf) + return NULL; + + const unsigned followingStrPos = precedingStrLen + subStrLen; + const unsigned followingStrLen = inStrLen - followingStrPos; + + strncpy(buf, inStr, precedingStrLen); + unsigned outLength = precedingStrLen; + + if (outLength + replaceStrLen + 1 > maxBuf) + return NULL; + + strncpy(buf + outLength, replaceStr, replaceStrLen); + outLength += replaceStrLen; + + if (outLength + followingStrLen + 1 > maxBuf) + return NULL; + + strncpy(buf + outLength, inStr + followingStrPos, followingStrLen); + outLength += followingStrLen; + + buf[outLength] = '\0'; + + return buf; +} + +const char* rewriteSystemCall(const char* command, char* buf, unsigned maxBuf) +{ + + const char* foundStr = strstr(command, devCfgFileName); + if (!foundStr) + return command; + + const char* replaceStr = getenv(devCfgFileNameEnvVar); + if (!replaceStr) return command; + + const char* result = + findAndReplaceFirstOccurence(command, devCfgFileName, replaceStr, buf, maxBuf); + + if (!result) + abort(); + + return result; +} + +int execvp(const char * path, char * const argv[]) +{ + int (*_execvp) (const char *, char * const argv[]) = dlsym(RTLD_NEXT, "execvp"); + char buf[PATH_MAX]; + return _execvp(rewrite(path, buf), argv); +} + + +int open(const char *path, int flags, ...) +{ + char buf[PATH_MAX]; + int (*_open) (const char *, int, mode_t) = dlsym(RTLD_NEXT, "open"); + mode_t mode = 0; + if (flags & O_CREAT) { + va_list ap; + va_start(ap, flags); + mode = va_arg(ap, mode_t); + va_end(ap); + } + return _open(rewrite(path, buf), flags, mode); +} + +int open64(const char *path, int flags, ...) +{ + char buf[PATH_MAX]; + int (*_open64) (const char *, int, mode_t) = dlsym(RTLD_NEXT, "open64"); + mode_t mode = 0; + if (flags & O_CREAT) { + va_list ap; + va_start(ap, flags); + mode = va_arg(ap, mode_t); + va_end(ap); + } + return _open64(rewrite(path, buf), flags, mode); +} + +FILE* fopen(const char* path, const char* mode) +{ + char buf[PATH_MAX]; + FILE* (*_fopen) (const char*, const char*) = dlsym(RTLD_NEXT, "fopen"); + + return _fopen(rewrite(path, buf), mode); +} + +FILE *fopen64(const char *path, const char *mode) +{ + char buf[PATH_MAX]; + FILE* (*_fopen64) (const char*, const char*) = dlsym(RTLD_NEXT, "fopen64"); + + return _fopen64(rewrite(path, buf), mode); +} + +DIR* opendir(const char* path) +{ + char buf[PATH_MAX]; + DIR* (*_opendir) (const char*) = dlsym(RTLD_NEXT, "opendir"); + + return _opendir(rewrite(path, buf)); +} + +#define SYSTEM_CMD_MAX 512 + +int system(const char *command) +{ + char buf[SYSTEM_CMD_MAX]; + int (*_system) (const char*) = dlsym(RTLD_NEXT, "system"); + + const char* newCommand = rewriteSystemCall(command, buf, SYSTEM_CMD_MAX); + return _system(newCommand); +} diff --git a/pkgs/applications/graphics/sane/backends/brscan4/udev_rules_type1.nix b/pkgs/applications/graphics/sane/backends/brscan4/udev_rules_type1.nix new file mode 100644 index 000000000000..873240e81fca --- /dev/null +++ b/pkgs/applications/graphics/sane/backends/brscan4/udev_rules_type1.nix @@ -0,0 +1,60 @@ +{ stdenv, fetchurl, libsaneUDevRuleNumber ? "49"}: + + +stdenv.mkDerivation rec { + + name = "brother-udev-rule-type1-1.0.0-1"; + + src = fetchurl { + url = "http://download.brother.com/welcome/dlf006654/${name}.all.deb"; + sha256 = "0i0x5jw135pli4jl9mgnr5n2rrdvml57nw84yq2999r4frza53xi"; + }; + + buildInputs = [ ]; + + unpackPhase = '' + ar x $src + tar xfvz data.tar.gz + ''; + + /* + Fix the following error: + + ~~~ + invalid rule 49-brother-libsane-type1.rules + unknown key 'SYSFS{idVendor}' + ~~~ + + Apparently the udev rules syntax has change and the SYSFS key has to + be changed to ATTR. + + See: + + - + - + */ + patchPhase = '' + sed -i -e s/SYSFS/ATTR/g opt/brother/scanner/udev-rules/type1/*.rules + ''; + + + buildPhase = ":"; + + installPhase = '' + mkdir -p $out/etc/udev/rules.d + cp opt/brother/scanner/udev-rules/type1/NN-brother-mfp-type1.rules \ + $out/etc/udev/rules.d/${libsaneUDevRuleNumber}-brother-libsane-type1.rules + chmod 644 $out/etc/udev/rules.d/${libsaneUDevRuleNumber}-brother-libsane-type1.rules + ''; + + dontStrip = true; + dontPatchELF = true; + + meta = { + description = "Brother type1 scanners udev rules"; + homepage = http://www.brother.com; + platforms = stdenv.lib.platforms.linux; + license = stdenv.lib.licenses.unfree; + maintainers = with stdenv.lib.maintainers; [ jraygauthier ]; + }; +} \ No newline at end of file diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 586248d04ee7..2b922f330bd3 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -16436,6 +16436,8 @@ in snapscanFirmware = config.sane.snapscanFirmware or null; }; + brscan4 = callPackage ../applications/graphics/sane/backends/brscan4 { }; + mkSaneConfig = callPackage ../applications/graphics/sane/config.nix { }; sane-frontends = callPackage ../applications/graphics/sane/frontends.nix { }; -- cgit 1.4.1 From 60a27781d6d358e0c5cd144c7c90642761c1a31f Mon Sep 17 00:00:00 2001 From: Joachim Fasting Date: Mon, 2 May 2016 07:30:44 +0200 Subject: grsecurity module: fix grsec-lock unit ordering Requirement without ordering implies parallel execution; it is crucial that sysctl tunables are finalized before the lock is engaged, however. --- nixos/modules/security/grsecurity.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'nixos') diff --git a/nixos/modules/security/grsecurity.nix b/nixos/modules/security/grsecurity.nix index 236206026c3f..11668162808f 100644 --- a/nixos/modules/security/grsecurity.nix +++ b/nixos/modules/security/grsecurity.nix @@ -234,7 +234,8 @@ in systemd.services.grsec-lock = mkIf cfg.config.sysctl { description = "grsecurity sysctl-lock Service"; - requires = [ "systemd-sysctl.service" ]; + wants = [ "systemd-sysctl.service" ]; + after = [ "systemd-sysctl.service" ]; wantedBy = [ "multi-user.target" ]; serviceConfig.Type = "oneshot"; serviceConfig.RemainAfterExit = "yes"; -- cgit 1.4.1 From e7d3166656af0d98da9f59c78e2213cec842d743 Mon Sep 17 00:00:00 2001 From: aszlig Date: Tue, 3 May 2016 22:05:11 +0200 Subject: nixos/tests/netboot: Fix evaluation error Regression introduced by dfe608c8a2ecfdf0ab2838a967440207250a0b95. The commit turns the two arguments into one attrset argument so we need to adapt that to use the new calling convention. Signed-off-by: aszlig --- nixos/tests/boot.nix | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) (limited to 'nixos') diff --git a/nixos/tests/boot.nix b/nixos/tests/boot.nix index a138ba4bcf08..af7db5aa8164 100644 --- a/nixos/tests/boot.nix +++ b/nixos/tests/boot.nix @@ -64,11 +64,14 @@ in { ''; destination = "/boot.ipxe"; }; - ipxeBootDir = pkgs.symlinkJoin "ipxeBootDir" [ - config.system.build.netbootRamdisk - config.system.build.kernel - ipxeScriptDir - ]; + ipxeBootDir = pkgs.symlinkJoin { + name = "ipxeBootDir"; + paths = [ + config.system.build.netbootRamdisk + config.system.build.kernel + ipxeScriptDir + ]; + }; in makeTest { name = "boot-netboot"; @@ -81,4 +84,4 @@ in { $machine->shutdown; ''; }; -} \ No newline at end of file +} -- cgit 1.4.1