From 88c9f8b574ead01e32c5ee5228679723343cd52c Mon Sep 17 00:00:00 2001 From: Vladimír Čunát Date: Tue, 15 Sep 2015 11:26:18 +0200 Subject: xlibs: replace occurrences by xorg This seems to have been confusing people, using both xlibs and xorg, etc. - Avoided renaming local (and different) xlibs binding in gcc*. - Fixed cases where both xorg and xlibs were used. Hopefully everything still works as before. --- nixos/modules/services/x11/display-managers/gdm.nix | 2 +- nixos/modules/services/x11/display-managers/kdm.nix | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'nixos') diff --git a/nixos/modules/services/x11/display-managers/gdm.nix b/nixos/modules/services/x11/display-managers/gdm.nix index 887b6f88a741..c9a563768323 100644 --- a/nixos/modules/services/x11/display-managers/gdm.nix +++ b/nixos/modules/services/x11/display-managers/gdm.nix @@ -106,7 +106,7 @@ in systemd.services.display-manager.wants = [ "systemd-machined.service" ]; systemd.services.display-manager.after = [ "systemd-machined.service" ]; - systemd.services.display-manager.path = [ gnome3.gnome_shell gnome3.caribou pkgs.xlibs.xhost pkgs.dbus_tools ]; + systemd.services.display-manager.path = [ gnome3.gnome_shell gnome3.caribou pkgs.xorg.xhost pkgs.dbus_tools ]; services.dbus.packages = [ gdm ]; diff --git a/nixos/modules/services/x11/display-managers/kdm.nix b/nixos/modules/services/x11/display-managers/kdm.nix index d0b69c5452c2..558f5e8cfc7e 100644 --- a/nixos/modules/services/x11/display-managers/kdm.nix +++ b/nixos/modules/services/x11/display-managers/kdm.nix @@ -19,7 +19,7 @@ let ''} [X-*-Core] - Xrdb=${pkgs.xlibs.xrdb}/bin/xrdb + Xrdb=${pkgs.xorg.xrdb}/bin/xrdb SessionsDirs=${dmcfg.session.desktops} Session=${dmcfg.session.script} FailsafeClient=${pkgs.xterm}/bin/xterm -- cgit 1.4.1 From d42fbef595abc9e84a94d8c7f662e31f32ae97f6 Mon Sep 17 00:00:00 2001 From: Bryan Gardiner Date: Fri, 18 Sep 2015 07:03:17 -0700 Subject: xf86-input-synaptics: make use of 50-synaptics.conf The default synaptics functionality (without this file) is limited for clickpads: the right soft button area in the bottom right isn't active by default, so the entire pad generates left-clicks. There is no way to right-drag. This file defines soft button areas and provides some matching rules. These settings don't conflict with the synaptics options that NixOS provides. --- nixos/modules/services/x11/hardware/synaptics.nix | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) (limited to 'nixos') diff --git a/nixos/modules/services/x11/hardware/synaptics.nix b/nixos/modules/services/x11/hardware/synaptics.nix index e967dc911411..e50ed08a218a 100644 --- a/nixos/modules/services/x11/hardware/synaptics.nix +++ b/nixos/modules/services/x11/hardware/synaptics.nix @@ -18,6 +18,8 @@ let cfg = config.services.xserver.synaptics; Option "TapButton2" "0" Option "TapButton3" "0" ''; + pkg = pkgs.xorg.xf86inputsynaptics; + etcFile = "X11/xorg.conf.d/50-synaptics.conf"; in { options = { @@ -146,9 +148,12 @@ in { config = mkIf cfg.enable { - services.xserver.modules = [ pkgs.xorg.xf86inputsynaptics ]; + services.xserver.modules = [ pkg ]; - environment.systemPackages = [ pkgs.xorg.xf86inputsynaptics ]; + environment.etc."${etcFile}".source = + "${pkg}/share/X11/xorg.conf.d/50-synaptics.conf"; + + environment.systemPackages = [ pkg ]; services.xserver.config = '' -- cgit 1.4.1 From 9a39c2e9434b848175a8763c9d5a5f544603e16d Mon Sep 17 00:00:00 2001 From: aszlig Date: Thu, 17 Sep 2015 23:47:33 +0200 Subject: tests/virtualbox: Add a subtest for host USB. Unfortunately, we can't test whether USB is really working, but we can make sure that VirtualBox has access to the USB devices. This is essentially testing #9736, which I haven't yet been able to reproduce though, but it makes sense to test it so it won't happen in future releases. Signed-off-by: aszlig --- nixos/tests/virtualbox.nix | 15 +++++++++++++++ 1 file changed, 15 insertions(+) (limited to 'nixos') diff --git a/nixos/tests/virtualbox.nix b/nixos/tests/virtualbox.nix index 1a5a6f7b5bbc..728d46d446ea 100644 --- a/nixos/tests/virtualbox.nix +++ b/nixos/tests/virtualbox.nix @@ -389,6 +389,21 @@ in { destroyVM_simple; + sub removeUUIDs { + return join("\n", grep { $_ !~ /^UUID:/ } split(/\n/, $_[0]))."\n"; + } + + subtest "host-usb-permissions", sub { + my $userUSB = removeUUIDs vbm("list usbhost"); + print STDERR $userUSB; + my $rootUSB = removeUUIDs $machine->succeed("VBoxManage list usbhost"); + print STDERR $rootUSB; + + die "USB host devices differ for root and normal user" + if $userUSB ne $rootUSB; + die "No USB host devices found" if $userUSB =~ //; + }; + subtest "systemd-detect-virt", sub { createVM_detectvirt; vbm("startvm detectvirt"); -- cgit 1.4.1 From 74209a4ca8baedb7bf1b3e3720a9abf132f8c05e Mon Sep 17 00:00:00 2001 From: Jaka Hudoklin Date: Thu, 20 Aug 2015 00:29:20 +0200 Subject: virtualbox service: add support for vboxsf guest filesystem Closes #9358 Signed-off-by: Jaka Hudoklin Fix reference to bin/mount.vboxsf. Signed-off-by: aszlig --- nixos/modules/module-list.nix | 1 + nixos/modules/tasks/filesystems/vboxsf.nix | 23 +++++++++++++++++++++++ nixos/modules/virtualisation/virtualbox-guest.nix | 3 ++- 3 files changed, 26 insertions(+), 1 deletion(-) create mode 100644 nixos/modules/tasks/filesystems/vboxsf.nix (limited to 'nixos') diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index b03f4494522b..1d6ddcbe9410 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -472,6 +472,7 @@ ./tasks/filesystems/ntfs.nix ./tasks/filesystems/reiserfs.nix ./tasks/filesystems/unionfs-fuse.nix + ./tasks/filesystems/vboxsf.nix ./tasks/filesystems/vfat.nix ./tasks/filesystems/xfs.nix ./tasks/filesystems/zfs.nix diff --git a/nixos/modules/tasks/filesystems/vboxsf.nix b/nixos/modules/tasks/filesystems/vboxsf.nix new file mode 100644 index 000000000000..87f1984f084f --- /dev/null +++ b/nixos/modules/tasks/filesystems/vboxsf.nix @@ -0,0 +1,23 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + + inInitrd = any (fs: fs == "vboxsf") config.boot.initrd.supportedFilesystems; + + package = pkgs.runCommand "mount.vboxsf" {} '' + mkdir -p $out/bin + cp ${pkgs.linuxPackages.virtualboxGuestAdditions}/bin/mount.vboxsf $out/bin + ''; +in + +{ + config = mkIf (any (fs: fs == "vboxsf") config.boot.supportedFilesystems) { + + system.fsPackages = [ package ]; + + boot.initrd.kernelModules = mkIf inInitrd [ "vboxsf" ]; + + }; +} diff --git a/nixos/modules/virtualisation/virtualbox-guest.nix b/nixos/modules/virtualisation/virtualbox-guest.nix index 642ea3154b1b..a025aee7cfeb 100644 --- a/nixos/modules/virtualisation/virtualbox-guest.nix +++ b/nixos/modules/virtualisation/virtualbox-guest.nix @@ -32,7 +32,8 @@ in boot.extraModulePackages = [ kernel.virtualboxGuestAdditions ]; - boot.kernelModules = [ "vboxsf" ]; + boot.supportedFilesystems = [ "vboxsf" ]; + boot.initrd.supportedFilesystems = [ "vboxsf" ]; users.extraGroups.vboxsf.gid = config.ids.gids.vboxsf; -- cgit 1.4.1 From cd4caed35ae8caf4473b2ac80d826f06e6a2e9e9 Mon Sep 17 00:00:00 2001 From: aszlig Date: Mon, 21 Sep 2015 14:34:29 +0200 Subject: nixos/filesystems: Improve vboxsf default options. The default options for all file systems currently are "defaults.relatime", which works well on file systems which support the relatime option. Unfortunately, this is not the case for the VirtualBox shared folder filesystem, so until now, you need to set something like: fileSystems."/foo" = { device = "foo"; fsType = "vboxsf"; options = "defaults"; }; Otherwise mounting the file system would fail. Now, we provide only the "defaults" option to the "vboxsf" file system, so something like this is enough: fileSystems."/foo" = { device = "foo"; fsType = "vboxsf"; }; An alternative to that could be to document that you need to set default options, but we really should do what users expect instead of forcing them to look up the documentation as to why this has failed. Signed-off-by: aszlig --- nixos/modules/tasks/filesystems.nix | 2 ++ 1 file changed, 2 insertions(+) (limited to 'nixos') diff --git a/nixos/modules/tasks/filesystems.nix b/nixos/modules/tasks/filesystems.nix index ce9e3555b6cd..cf6abf52cf65 100644 --- a/nixos/modules/tasks/filesystems.nix +++ b/nixos/modules/tasks/filesystems.nix @@ -69,6 +69,8 @@ let config = { mountPoint = mkDefault name; device = mkIf (config.fsType == "tmpfs") (mkDefault config.fsType); + # The vboxsf filesystem doesn't support the relatime option: + options = mkIf (config.fsType == "vboxsf") (mkDefault "defaults"); }; }; -- cgit 1.4.1 From f9766f885d74ed5f54f38acdde590d1ac977e4c5 Mon Sep 17 00:00:00 2001 From: aszlig Date: Mon, 21 Sep 2015 14:43:05 +0200 Subject: nixos/filesystems: Skip check for vboxsf. We don't even have any means to check a VirtualBox shared folder, so let's not even try to. Signed-off-by: aszlig --- nixos/modules/tasks/filesystems.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'nixos') diff --git a/nixos/modules/tasks/filesystems.nix b/nixos/modules/tasks/filesystems.nix index cf6abf52cf65..4409bd4cc8c3 100644 --- a/nixos/modules/tasks/filesystems.nix +++ b/nixos/modules/tasks/filesystems.nix @@ -143,7 +143,7 @@ in environment.etc.fstab.text = let - fsToSkipCheck = [ "none" "btrfs" "zfs" "tmpfs" "nfs" ]; + fsToSkipCheck = [ "none" "btrfs" "zfs" "tmpfs" "nfs" "vboxsf" ]; skipCheck = fs: fs.noCheck || fs.device == "none" || builtins.elem fs.fsType fsToSkipCheck; in '' # This is a generated file. Do not edit! -- cgit 1.4.1 From 9f191abad14fb10d3ef843e98ab055894248ca2d Mon Sep 17 00:00:00 2001 From: Sergey Mironov Date: Mon, 21 Sep 2015 21:17:38 +0000 Subject: syncthing: update systemd service config according to upstream example The example service config were taken from the syncthing repo: https://github.com/syncthing/syncthing/blob/master/etc/linux-systemd/system/syncthing@.service --- nixos/modules/services/networking/syncthing.nix | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'nixos') diff --git a/nixos/modules/services/networking/syncthing.nix b/nixos/modules/services/networking/syncthing.nix index d5accfef1cb5..4eb32b1cf306 100644 --- a/nixos/modules/services/networking/syncthing.nix +++ b/nixos/modules/services/networking/syncthing.nix @@ -54,12 +54,15 @@ in description = "Syncthing service"; after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; - environment.STNORESTART = "placeholder"; # do not self-restart + environment.STNORESTART = "yes"; # do not self-restart + environment.STNOUPGRADE = "yes"; serviceConfig = { User = "${cfg.user}"; PermissionsStartOnly = true; - Restart = "always"; + Restart = "on-failure"; ExecStart = "${pkgs.syncthing}/bin/syncthing -no-browser -home=${cfg.dataDir}"; + SuccessExitStatus = "2 3 4"; + RestartForceExitStatus="3 4"; }; }; -- cgit 1.4.1 From 70fd4b4b025a5f5aa5d0a0f565aa73e1c684a025 Mon Sep 17 00:00:00 2001 From: "Kovacsics Robert (NixOS)" Date: Mon, 21 Sep 2015 20:02:27 +0100 Subject: encrypted-devices service: Fix keyed mount, clarify descriptions. Not enough arguments were supplied to cryptsetup when a key-file was specified. Also don't try to unlock keyedEncDevs with a password. --- nixos/modules/tasks/encrypted-devices.nix | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) (limited to 'nixos') diff --git a/nixos/modules/tasks/encrypted-devices.nix b/nixos/modules/tasks/encrypted-devices.nix index 8b5dd22fd380..331531cee151 100644 --- a/nixos/modules/tasks/encrypted-devices.nix +++ b/nixos/modules/tasks/encrypted-devices.nix @@ -6,6 +6,7 @@ let fileSystems = attrValues config.fileSystems ++ config.swapDevices; encDevs = filter (dev: dev.encrypted.enable) fileSystems; keyedEncDevs = filter (dev: dev.encrypted.keyFile != null) encDevs; + keylessEncDevs = filter (dev: dev.encrypted.keyFile == null) encDevs; isIn = needle: haystack: filter (p: p == needle) haystack != []; anyEncrypted = fold (j: v: v || j.encrypted.enable) false encDevs; @@ -29,15 +30,15 @@ let label = mkOption { default = null; example = "rootfs"; - type = types.nullOr types.str; - description = "Label of the backing encrypted device."; + type = types.uniq (types.nullOr types.str); + description = "Label of the unlocked encrypted device. Set fileSystems.<name?>.device to /dev/mapper/<label> to mount the unlocked device."; }; keyFile = mkOption { default = null; example = "/root/.swapkey"; type = types.nullOr types.str; - description = "File system location of keyfile."; + description = "File system location of keyfile. This unlocks the drive after the root has been mounted to /mnt-root."; }; }; }; @@ -58,11 +59,11 @@ in boot.initrd = { luks = { devices = - map (dev: { name = dev.encrypted.label; device = dev.encrypted.blkDev; } ) encDevs; + map (dev: { name = dev.encrypted.label; device = dev.encrypted.blkDev; } ) keylessEncDevs; cryptoModules = [ "aes" "sha256" "sha1" "xts" ]; }; postMountCommands = - concatMapStrings (dev: "cryptsetup luksOpen --key-file ${dev.encrypted.keyFile} ${dev.encrypted.label};\n") keyedEncDevs; + concatMapStrings (dev: "cryptsetup luksOpen --key-file ${dev.encrypted.keyFile} ${dev.encrypted.blkDev} ${dev.encrypted.label};\n") keyedEncDevs; }; }; } -- cgit 1.4.1 From d31cc0d19ae058b15095296d435a722d6afd87fa Mon Sep 17 00:00:00 2001 From: Matej Cotman Date: Sun, 13 Sep 2015 14:49:19 +0200 Subject: xtreemfs: add nixos module --- nixos/modules/misc/ids.nix | 2 + nixos/modules/module-list.nix | 1 + .../services/network-filesystems/xtreemfs.nix | 481 +++++++++++++++++++++ 3 files changed, 484 insertions(+) create mode 100644 nixos/modules/services/network-filesystems/xtreemfs.nix (limited to 'nixos') diff --git a/nixos/modules/misc/ids.nix b/nixos/modules/misc/ids.nix index b0e9ceea10b3..0d2700a126f6 100644 --- a/nixos/modules/misc/ids.nix +++ b/nixos/modules/misc/ids.nix @@ -233,6 +233,7 @@ dnschain = 209; #lxd = 210; # unused kibana = 211; + xtreemfs = 212; # When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399! @@ -444,6 +445,7 @@ #dnschain = 209; #unused lxd = 210; # unused #kibana = 211; + xtreemfs = 212; # When adding a gid, make sure it doesn't match an existing # uid. Users and groups with the same name should have equal diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 1d6ddcbe9410..c890eac49910 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -257,6 +257,7 @@ ./services/network-filesystems/diod.nix ./services/network-filesystems/u9fs.nix ./services/network-filesystems/yandex-disk.nix + ./services/network-filesystems/xtreemfs.nix ./services/networking/aiccu.nix ./services/networking/amuled.nix ./services/networking/asterisk.nix diff --git a/nixos/modules/services/network-filesystems/xtreemfs.nix b/nixos/modules/services/network-filesystems/xtreemfs.nix new file mode 100644 index 000000000000..215b76bb4709 --- /dev/null +++ b/nixos/modules/services/network-filesystems/xtreemfs.nix @@ -0,0 +1,481 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + + cfg = config.services.xtreemfs; + + xtreemfs = pkgs.xtreemfs; + + home = cfg.homeDir; + + startupScript = class: configPath: pkgs.writeScript "xtreemfs-osd.sh" '' + #! ${pkgs.stdenv.shell} + JAVA_HOME="${pkgs.jdk}" + JAVADIR="${xtreemfs}/share/java" + JAVA_CALL="$JAVA_HOME/bin/java -ea -cp $JAVADIR/XtreemFS.jar:$JAVADIR/BabuDB.jar:$JAVADIR/Flease.jar:$JAVADIR/protobuf-java-2.5.0.jar:$JAVADIR/Foundation.jar:$JAVADIR/jdmkrt.jar:$JAVADIR/jdmktk.jar:$JAVADIR/commons-codec-1.3.jar" + $JAVA_CALL ${class} ${configPath} + ''; + + dirReplicationConfig = pkgs.writeText "xtreemfs-dir-replication-plugin.properties" '' + babudb.repl.backupDir = ${home}/server-repl-dir + plugin.jar = ${xtreemfs}/share/java/BabuDB_replication_plugin.jar + babudb.repl.dependency.0 = ${xtreemfs}/share/java/Flease.jar + + ${cfg.dir.replication.extraConfig} + ''; + + dirConfig = pkgs.writeText "xtreemfs-dir-config.properties" '' + uuid = ${cfg.dir.uuid} + listen.port = ${toString cfg.dir.port} + ${optionalString (cfg.dir.address != "") "listen.address = ${cfg.dir.address}"} + http_port = ${toString cfg.dir.httpPort} + babudb.baseDir = ${home}/dir/database + babudb.logDir = ${home}/dir/db-log + babudb.sync = ${if cfg.dir.replication.enable then "FDATASYNC" else cfg.dir.syncMode} + + ${optionalString cfg.dir.replication.enable "babudb.plugin.0 = ${dirReplicationConfig}"} + + ${cfg.dir.extraConfig} + ''; + + mrcReplicationConfig = pkgs.writeText "xtreemfs-mrc-replication-plugin.properties" '' + babudb.repl.backupDir = ${home}/server-repl-mrc + plugin.jar = ${xtreemfs}/share/java/BabuDB_replication_plugin.jar + babudb.repl.dependency.0 = ${xtreemfs}/share/java/Flease.jar + + ${cfg.mrc.replication.extraConfig} + ''; + + mrcConfig = pkgs.writeText "xtreemfs-mrc-config.properties" '' + uuid = ${cfg.mrc.uuid} + listen.port = ${toString cfg.mrc.port} + ${optionalString (cfg.mrc.address != "") "listen.address = ${cfg.mrc.address}"} + http_port = ${toString cfg.mrc.httpPort} + babudb.baseDir = ${home}/mrc/database + babudb.logDir = ${home}/mrc/db-log + babudb.sync = ${if cfg.mrc.replication.enable then "FDATASYNC" else cfg.mrc.syncMode} + + ${optionalString cfg.mrc.replication.enable "babudb.plugin.0 = ${mrcReplicationConfig}"} + + ${cfg.mrc.extraConfig} + ''; + + osdConfig = pkgs.writeText "xtreemfs-osd-config.properties" '' + uuid = ${cfg.osd.uuid} + listen.port = ${toString cfg.osd.port} + ${optionalString (cfg.osd.address != "") "listen.address = ${cfg.osd.address}"} + http_port = ${toString cfg.osd.httpPort} + object_dir = ${home}/osd/ + + ${cfg.osd.extraConfig} + ''; + +in + +{ + + ###### interface + + options = { + + services.xtreemfs = { + + enable = mkOption { + default = false; + description = '' + Whether to enable XtreemFS. + ''; + }; + + homeDir = mkOption { + default = "/var/lib/xtreemfs"; + description = '' + XtreemFS home dir for the xtreemfs user. + ''; + }; + + dir = { + enable = mkOption { + default = true; + description = '' + Whether to enable XtreemFS DIR service. + ''; + }; + uuid = mkOption { + example = "eacb6bab-f444-4ebf-a06a-3f72d7465e40"; + description = '' + Must be set to a unique identifier, preferably a UUID according to + RFC 4122. UUIDs can be generated with `uuidgen` command, found in + the `utillinux` package. + ''; + }; + port = mkOption { + default = 32638; + description = '' + The port to listen on for incoming connections (TCP). + ''; + }; + address = mkOption { + example = "127.0.0.1"; + default = ""; + description = '' + If specified, it defines the interface to listen on. If not + specified, the service will listen on all interfaces (any). + ''; + }; + httpPort = mkOption { + default = 30638; + description = '' + Specifies the listen port for the HTTP service that returns the + status page. + ''; + }; + syncMode = mkOption { + default = "FSYNC"; + example = "FDATASYNC"; + description = '' + The sync mode influences how operations are committed to the disk + log before the operation is acknowledged to the caller. + + -ASYNC mode the writes to the disk log are buffered in memory by the operating system. This is the fastest mode but will lead to data loss in case of a crash, kernel panic or power failure. + -SYNC_WRITE_METADATA opens the file with O_SYNC, the system will not buffer any writes. The operation will be acknowledged when data has been safely written to disk. This mode is slow but offers maximum data safety. However, BabuDB cannot influence the disk drive caches, this depends on the OS and hard disk model. + -SYNC_WRITE similar to SYNC_WRITE_METADATA but opens file with O_DSYNC which means that only the data is commit to disk. This can lead to some data loss depending on the implementation of the underlying file system. Linux does not implement this mode. + -FDATASYNC is similar to SYNC_WRITE but opens the file in asynchronous mode and calls fdatasync() after writing the data to disk. + -FSYNC is similar to SYNC_WRITE_METADATA but opens the file in asynchronous mode and calls fsync() after writing the data to disk. + + For best throughput use ASYNC, for maximum data safety use FSYNC. + + (If xtreemfs.dir.replication.enable is true then FDATASYNC is forced) + ''; + }; + extraConfig = mkOption { + default = ""; + example = '' + # specify whether SSL is required + ssl.enabled = true + ssl.service_creds.pw = passphrase + ssl.service_creds.container = pkcs12 + ssl.service_creds = /etc/xos/xtreemfs/truststore/certs/dir.p12 + ssl.trusted_certs = /etc/xos/xtreemfs/truststore/certs/trusted.jks + ssl.trusted_certs.pw = jks_passphrase + ssl.trusted_certs.container = jks + ''; + description = '' + Configuration of XtreemFS DIR service. + WARNING: configuration is saved as plaintext inside nix store. + For more options: http://www.xtreemfs.org/xtfs-guide-1.5.1/index.html + ''; + }; + replication = { + enable = mkOption { + default = false; + description = '' + Whether to enable XtreemFS DIR replication plugin. + ''; + }; + extraConfig = mkOption { + example = '' + # participants of the replication including this replica + babudb.repl.participant.0 = 192.168.0.10 + babudb.repl.participant.0.port = 35676 + babudb.repl.participant.1 = 192.168.0.11 + babudb.repl.participant.1.port = 35676 + babudb.repl.participant.2 = 192.168.0.12 + babudb.repl.participant.2.port = 35676 + + # number of servers that at least have to be up to date + # To have a fault-tolerant system, this value has to be set to the + # majority of nodes i.e., if you have three replicas, set this to 2 + # Please note that a setup with two nodes provides no fault-tolerance. + babudb.repl.sync.n = 2 + + # specify whether SSL is required + babudb.ssl.enabled = true + + babudb.ssl.protocol = tlsv12 + + # server credentials for SSL handshakes + babudb.ssl.service_creds = /etc/xos/xtreemfs/truststore/certs/osd.p12 + babudb.ssl.service_creds.pw = passphrase + babudb.ssl.service_creds.container = pkcs12 + + # trusted certificates for SSL handshakes + babudb.ssl.trusted_certs = /etc/xos/xtreemfs/truststore/certs/trusted.jks + babudb.ssl.trusted_certs.pw = jks_passphrase + babudb.ssl.trusted_certs.container = jks + + babudb.ssl.authenticationWithoutEncryption = false + ''; + description = '' + Configuration of XtreemFS DIR replication plugin. + WARNING: configuration is saved as plaintext inside nix store. + For more options: http://www.xtreemfs.org/xtfs-guide-1.5.1/index.html + ''; + }; + }; + }; + + mrc = { + enable = mkOption { + default = true; + description = '' + Whether to enable XtreemFS MRC service. + ''; + }; + uuid = mkOption { + example = "eacb6bab-f444-4ebf-a06a-3f72d7465e41"; + description = '' + Must be set to a unique identifier, preferably a UUID according to + RFC 4122. UUIDs can be generated with `uuidgen` command, found in + the `utillinux` package. + ''; + }; + port = mkOption { + default = 32636; + description = '' + The port to listen on for incoming connections (TCP). + ''; + }; + address = mkOption { + example = "127.0.0.1"; + default = ""; + description = '' + If specified, it defines the interface to listen on. If not + specified, the service will listen on all interfaces (any). + ''; + }; + httpPort = mkOption { + default = 30636; + description = '' + Specifies the listen port for the HTTP service that returns the + status page. + ''; + }; + syncMode = mkOption { + default = "FSYNC"; + example = "FDATASYNC"; + description = '' + The sync mode influences how operations are committed to the disk + log before the operation is acknowledged to the caller. + + -ASYNC mode the writes to the disk log are buffered in memory by the operating system. This is the fastest mode but will lead to data loss in case of a crash, kernel panic or power failure. + -SYNC_WRITE_METADATA opens the file with O_SYNC, the system will not buffer any writes. The operation will be acknowledged when data has been safely written to disk. This mode is slow but offers maximum data safety. However, BabuDB cannot influence the disk drive caches, this depends on the OS and hard disk model. + -SYNC_WRITE similar to SYNC_WRITE_METADATA but opens file with O_DSYNC which means that only the data is commit to disk. This can lead to some data loss depending on the implementation of the underlying file system. Linux does not implement this mode. + -FDATASYNC is similar to SYNC_WRITE but opens the file in asynchronous mode and calls fdatasync() after writing the data to disk. + -FSYNC is similar to SYNC_WRITE_METADATA but opens the file in asynchronous mode and calls fsync() after writing the data to disk. + + For best throughput use ASYNC, for maximum data safety use FSYNC. + + (If xtreemfs.mrc.replication.enable is true then FDATASYNC is forced) + ''; + }; + extraConfig = mkOption { + example = '' + osd_check_interval = 300 + no_atime = true + local_clock_renewal = 0 + remote_time_sync = 30000 + authentication_provider = org.xtreemfs.common.auth.NullAuthProvider + + # shared secret between the MRC and all OSDs + capability_secret = iNG8UuQJrJ6XVDTe + + dir_service.host = 192.168.0.10 + dir_service.port = 32638 + + # if replication is enabled + dir_service.1.host = 192.168.0.11 + dir_service.1.port = 32638 + dir_service.2.host = 192.168.0.12 + dir_service.2.port = 32638 + + # specify whether SSL is required + ssl.enabled = true + ssl.protocol = tlsv12 + ssl.service_creds.pw = passphrase + ssl.service_creds.container = pkcs12 + ssl.service_creds = /etc/xos/xtreemfs/truststore/certs/mrc.p12 + ssl.trusted_certs = /etc/xos/xtreemfs/truststore/certs/trusted.jks + ssl.trusted_certs.pw = jks_passphrase + ssl.trusted_certs.container = jks + ''; + description = '' + Configuration of XtreemFS MRC service. + WARNING: configuration is saved as plaintext inside nix store. + For more options: http://www.xtreemfs.org/xtfs-guide-1.5.1/index.html + ''; + }; + replication = { + enable = mkOption { + default = false; + description = '' + Whether to enable XtreemFS MRC replication plugin. + ''; + }; + extraConfig = mkOption { + example = '' + # participants of the replication including this replica + babudb.repl.participant.0 = 192.168.0.10 + babudb.repl.participant.0.port = 35678 + babudb.repl.participant.1 = 192.168.0.11 + babudb.repl.participant.1.port = 35678 + babudb.repl.participant.2 = 192.168.0.12 + babudb.repl.participant.2.port = 35678 + + # number of servers that at least have to be up to date + # To have a fault-tolerant system, this value has to be set to the + # majority of nodes i.e., if you have three replicas, set this to 2 + # Please note that a setup with two nodes provides no fault-tolerance. + babudb.repl.sync.n = 2 + + # specify whether SSL is required + babudb.ssl.enabled = true + + babudb.ssl.protocol = tlsv12 + + # server credentials for SSL handshakes + babudb.ssl.service_creds = /etc/xos/xtreemfs/truststore/certs/osd.p12 + babudb.ssl.service_creds.pw = passphrase + babudb.ssl.service_creds.container = pkcs12 + + # trusted certificates for SSL handshakes + babudb.ssl.trusted_certs = /etc/xos/xtreemfs/truststore/certs/trusted.jks + babudb.ssl.trusted_certs.pw = jks_passphrase + babudb.ssl.trusted_certs.container = jks + + babudb.ssl.authenticationWithoutEncryption = false + ''; + description = '' + Configuration of XtreemFS MRC replication plugin. + WARNING: configuration is saved as plaintext inside nix store. + For more options: http://www.xtreemfs.org/xtfs-guide-1.5.1/index.html + ''; + }; + }; + }; + + osd = { + enable = mkOption { + default = true; + description = '' + Whether to enable XtreemFS OSD service. + ''; + }; + uuid = mkOption { + example = "eacb6bab-f444-4ebf-a06a-3f72d7465e42"; + description = '' + Must be set to a unique identifier, preferably a UUID according to + RFC 4122. UUIDs can be generated with `uuidgen` command, found in + the `utillinux` package. + ''; + }; + port = mkOption { + default = 32640; + description = '' + The port to listen on for incoming connections (TCP and UDP). + ''; + }; + address = mkOption { + example = "127.0.0.1"; + default = ""; + description = '' + If specified, it defines the interface to listen on. If not + specified, the service will listen on all interfaces (any). + ''; + }; + httpPort = mkOption { + default = 30640; + description = '' + Specifies the listen port for the HTTP service that returns the + status page. + ''; + }; + extraConfig = mkOption { + example = '' + local_clock_renewal = 0 + remote_time_sync = 30000 + report_free_space = true + capability_secret = iNG8UuQJrJ6XVDTe + + dir_service.host = 192.168.0.10 + dir_service.port = 32638 + + # if replication is used + dir_service.1.host = 192.168.0.11 + dir_service.1.port = 32638 + dir_service.2.host = 192.168.0.12 + dir_service.2.port = 32638 + + # specify whether SSL is required + ssl.enabled = true + ssl.service_creds.pw = passphrase + ssl.service_creds.container = pkcs12 + ssl.service_creds = /etc/xos/xtreemfs/truststore/certs/osd.p12 + ssl.trusted_certs = /etc/xos/xtreemfs/truststore/certs/trusted.jks + ssl.trusted_certs.pw = jks_passphrase + ssl.trusted_certs.container = jks + ''; + description = '' + Configuration of XtreemFS OSD service. + WARNING: configuration is saved as plaintext inside nix store. + For more options: http://www.xtreemfs.org/xtfs-guide-1.5.1/index.html + ''; + }; + }; + }; + + }; + + + ###### implementation + + config = lib.mkIf cfg.enable { + + environment.systemPackages = [ xtreemfs ]; + + users.extraUsers.xtreemfs = + { uid = config.ids.uids.xtreemfs; + description = "XtreemFS user"; + createHome = true; + home = home; + }; + + users.extraGroups.xtreemfs = + { gid = config.ids.gids.xtreemfs; + }; + + systemd.services.xtreemfs-dir = mkIf cfg.dir.enable { + description = "XtreemFS-DIR Server"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + User = "xtreemfs"; + ExecStart = "${startupScript "org.xtreemfs.dir.DIR" dirConfig}"; + }; + }; + + systemd.services.xtreemfs-mrc = mkIf cfg.mrc.enable { + description = "XtreemFS-MRC Server"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + User = "xtreemfs"; + ExecStart = "${startupScript "org.xtreemfs.mrc.MRC" mrcConfig}"; + }; + }; + + systemd.services.xtreemfs-osd = mkIf cfg.osd.enable { + description = "XtreemFS-OSD Server"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + User = "xtreemfs"; + ExecStart = "${startupScript "org.xtreemfs.osd.OSD" osdConfig}"; + }; + }; + + }; + +} -- cgit 1.4.1 From a35cebb3b1789797e4e0102bc8da9d694b55abef Mon Sep 17 00:00:00 2001 From: Matej Cotman Date: Mon, 14 Sep 2015 02:21:10 +0200 Subject: xtreemfs: use mkEnableOption instead of mkOption --- .../services/network-filesystems/xtreemfs.nix | 21 +++------------------ 1 file changed, 3 insertions(+), 18 deletions(-) (limited to 'nixos') diff --git a/nixos/modules/services/network-filesystems/xtreemfs.nix b/nixos/modules/services/network-filesystems/xtreemfs.nix index 215b76bb4709..2d57464ce046 100644 --- a/nixos/modules/services/network-filesystems/xtreemfs.nix +++ b/nixos/modules/services/network-filesystems/xtreemfs.nix @@ -82,12 +82,7 @@ in services.xtreemfs = { - enable = mkOption { - default = false; - description = '' - Whether to enable XtreemFS. - ''; - }; + enable = mkEnableOption "XtreemFS"; homeDir = mkOption { default = "/var/lib/xtreemfs"; @@ -169,12 +164,7 @@ in ''; }; replication = { - enable = mkOption { - default = false; - description = '' - Whether to enable XtreemFS DIR replication plugin. - ''; - }; + enable = mkEnableOption "XtreemFS DIR replication plugin"; extraConfig = mkOption { example = '' # participants of the replication including this replica @@ -308,12 +298,7 @@ in ''; }; replication = { - enable = mkOption { - default = false; - description = '' - Whether to enable XtreemFS MRC replication plugin. - ''; - }; + enable = mkEnableOption "XtreemFS MRC replication plugin"; extraConfig = mkOption { example = '' # participants of the replication including this replica -- cgit 1.4.1 From c666955b7599c0db6d856c2f11f76c28299313cb Mon Sep 17 00:00:00 2001 From: Matej Cotman Date: Tue, 22 Sep 2015 21:10:36 +0200 Subject: xtreemfs: set mrc and osd as dir dependencies --- .../modules/services/network-filesystems/xtreemfs.nix | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) (limited to 'nixos') diff --git a/nixos/modules/services/network-filesystems/xtreemfs.nix b/nixos/modules/services/network-filesystems/xtreemfs.nix index 2d57464ce046..b051214e1d08 100644 --- a/nixos/modules/services/network-filesystems/xtreemfs.nix +++ b/nixos/modules/services/network-filesystems/xtreemfs.nix @@ -72,6 +72,13 @@ let ${cfg.osd.extraConfig} ''; + optionalDir = optionals cfg.dir.enable ["xtreemfs-dir.service"]; + + systemdOptionalDependencies = { + after = [ "network.target" ] ++ optionalDir; + wantedBy = [ "multi-user.target" ] ++ optionalDir; + }; + in { @@ -441,25 +448,21 @@ in }; }; - systemd.services.xtreemfs-mrc = mkIf cfg.mrc.enable { + systemd.services.xtreemfs-mrc = mkIf cfg.mrc.enable ({ description = "XtreemFS-MRC Server"; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; serviceConfig = { User = "xtreemfs"; ExecStart = "${startupScript "org.xtreemfs.mrc.MRC" mrcConfig}"; }; - }; + } // systemdOptionalDependencies); - systemd.services.xtreemfs-osd = mkIf cfg.osd.enable { + systemd.services.xtreemfs-osd = mkIf cfg.osd.enable ({ description = "XtreemFS-OSD Server"; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; serviceConfig = { User = "xtreemfs"; ExecStart = "${startupScript "org.xtreemfs.osd.OSD" osdConfig}"; }; - }; + } // systemdOptionalDependencies); }; -- cgit 1.4.1 From df665ded7e9a5980c6ae51a9df8203706c1150c9 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Wed, 23 Sep 2015 00:03:13 +0200 Subject: ec2-data.nix: Support ed25519 host keys --- nixos/modules/virtualisation/ec2-data.nix | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) (limited to 'nixos') diff --git a/nixos/modules/virtualisation/ec2-data.nix b/nixos/modules/virtualisation/ec2-data.nix index 44a582ba7666..0b0fdda49888 100644 --- a/nixos/modules/virtualisation/ec2-data.nix +++ b/nixos/modules/virtualisation/ec2-data.nix @@ -9,7 +9,7 @@ with lib; { config = { - systemd.services."fetch-ec2-data" = + systemd.services.fetch-ec2-data = { description = "Fetch EC2 Data"; wantedBy = [ "multi-user.target" "sshd.service" ]; @@ -48,13 +48,22 @@ with lib; # the supplied user data, if available. Otherwise sshd will # generate one normally. $wget http://169.254.169.254/2011-01-01/user-data > /root/user-data || true + + mkdir -m 0755 -p /etc/ssh + key="$(sed 's/|/\n/g; s/SSH_HOST_DSA_KEY://; t; d' /root/user-data)" key_pub="$(sed 's/SSH_HOST_DSA_KEY_PUB://; t; d' /root/user-data)" if [ -n "$key" -a -n "$key_pub" -a ! -e /etc/ssh/ssh_host_dsa_key ]; then - mkdir -m 0755 -p /etc/ssh (umask 077; echo "$key" > /etc/ssh/ssh_host_dsa_key) echo "$key_pub" > /etc/ssh/ssh_host_dsa_key.pub fi + + key="$(sed 's/|/\n/g; s/SSH_HOST_ED25519_KEY://; t; d' /root/user-data)" + key_pub="$(sed 's/SSH_HOST_ED25519_KEY_PUB://; t; d' /root/user-data)" + if [ -n "$key" -a -n "$key_pub" -a ! -e /etc/ssh/ssh_host_ed25519_key ]; then + (umask 077; echo "$key" > /etc/ssh/ssh_host_ed25519_key) + echo "$key_pub" > /etc/ssh/ssh_host_ed25519_key.pub + fi ''; serviceConfig.Type = "oneshot"; @@ -72,6 +81,7 @@ with lib; # ec2-get-console-output. echo "-----BEGIN SSH HOST KEY FINGERPRINTS-----" > /dev/console ${config.programs.ssh.package}/bin/ssh-keygen -l -f /etc/ssh/ssh_host_dsa_key.pub > /dev/console + ${config.programs.ssh.package}/bin/ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub > /dev/console echo "-----END SSH HOST KEY FINGERPRINTS-----" > /dev/console ''; serviceConfig.Type = "oneshot"; -- cgit 1.4.1 From 63d1ce6d38c47a8ae9b31c0fcaca79c295f52136 Mon Sep 17 00:00:00 2001 From: Matt McHenry Date: Tue, 22 Sep 2015 21:03:25 -0400 Subject: postfix service: fix recipientDelimiter not to be dependent on sslCert --- nixos/modules/services/mail/postfix.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'nixos') diff --git a/nixos/modules/services/mail/postfix.nix b/nixos/modules/services/mail/postfix.nix index 29e0cf7a8829..e8beba4b3586 100644 --- a/nixos/modules/services/mail/postfix.nix +++ b/nixos/modules/services/mail/postfix.nix @@ -77,7 +77,8 @@ let smtpd_tls_key_file = ${cfg.sslKey} smtpd_use_tls = yes - + '' + + optionalString (cfg.recipientDelimiter != "") '' recipient_delimiter = ${cfg.recipientDelimiter} '' + optionalString (cfg.virtual != "") '' -- cgit 1.4.1 From 9bd0bac3111bc89e8b21bb80c0ca8d26fd601ab3 Mon Sep 17 00:00:00 2001 From: Vladimír Čunát Date: Wed, 23 Sep 2015 20:51:03 +0200 Subject: nixos/manualPDF: use new `texlive` instead of `tetex` This includes updating dblatex and crafting ~100 MB TeX package set to make our manual compile. --- nixos/doc/manual/default.nix | 7 ++---- pkgs/tools/typesetting/tex/dblatex/default.nix | 33 +++++++++++++++++--------- 2 files changed, 24 insertions(+), 16 deletions(-) (limited to 'nixos') diff --git a/nixos/doc/manual/default.nix b/nixos/doc/manual/default.nix index 419df915e6a4..15bd185ccec9 100644 --- a/nixos/doc/manual/default.nix +++ b/nixos/doc/manual/default.nix @@ -146,12 +146,9 @@ in rec { inherit sources; - buildInputs = [ libxml2 libxslt dblatex tetex ]; + buildInputs = [ libxml2 libxslt dblatex dblatex.tex ]; buildCommand = '' - # TeX needs a writable font cache. - export VARTEXFONTS=$TMPDIR/texfonts - ${copySources} dst=$out/share/doc/nixos @@ -162,7 +159,7 @@ in rec { mkdir -p $out/nix-support echo "doc-pdf manual $dst/manual.pdf" >> $out/nix-support/hydra-build-products - ''; # */ + ''; }; # Generate the NixOS manpages. diff --git a/pkgs/tools/typesetting/tex/dblatex/default.nix b/pkgs/tools/typesetting/tex/dblatex/default.nix index a68ab2d01b9e..408ef8ae263c 100644 --- a/pkgs/tools/typesetting/tex/dblatex/default.nix +++ b/pkgs/tools/typesetting/tex/dblatex/default.nix @@ -1,5 +1,14 @@ -{ stdenv, fetchurl, python, libxslt, tetex -, enableAllFeatures ? false, imagemagick ? null, transfig ? null, inkscape ? null, fontconfig ? null, ghostscript ? null }: +{ stdenv, fetchurl, python, libxslt, texlive +, enableAllFeatures ? false, imagemagick ? null, transfig ? null, inkscape ? null, fontconfig ? null, ghostscript ? null + +, tex ? texlive.combine { # satisfy all packages that ./configure mentions + inherit (texlive) scheme-basic epstopdf anysize appendix changebar + fancybox fancyvrb float footmisc listings jknapltx/*for mathrsfs.sty*/ + multirow overpic pdfpages rotating stmaryrd subfigure titlesec wasysym + # pkgs below don't seem requested by dblatex, but our manual fails without them + ec zapfding symbol eepic times rsfs cs tex4ht courier helvetic ly1; + } +}: # NOTE: enableAllFeatures just purifies the expression, it doesn't actually # enable any extra features. @@ -12,14 +21,14 @@ assert enableAllFeatures -> ghostscript != null; stdenv.mkDerivation rec { - name = "dblatex-0.3.4"; + name = "dblatex-0.3.7"; src = fetchurl { url = "mirror://sourceforge/dblatex/${name}.tar.bz2"; - sha256 = "120w3wm07qx0k1grgdhjwm2vpwil71icshjvqznskp1f6ggch290"; + sha256 = "0bkjgrn03dy5c7438s429wnv6z5ynxkr4pbhp2z49kynskgkzkjr"; }; - buildInputs = [ python libxslt tetex ] + buildInputs = [ python libxslt tex ] ++ stdenv.lib.optionals enableAllFeatures [ imagemagick transfig ]; # TODO: dblatex tries to execute texindy command, but nixpkgs doesn't have @@ -31,11 +40,11 @@ stdenv.mkDerivation rec { sed -e 's|cmd = \["xsltproc|cmd = \["${libxslt}/bin/xsltproc|g' \ -e 's|Popen(\["xsltproc|Popen(\["${libxslt}/bin/xsltproc|g' \ -e 's|cmd = \["texindy|cmd = ["nixpkgs_is_missing_texindy|g' \ - -e 's|cmd = "epstopdf|cmd = "${tetex}/bin/epstopdf|g' \ - -e 's|cmd = \["makeindex|cmd = ["${tetex}/bin/makeindex|g' \ - -e 's|doc.program = "pdflatex"|doc.program = "${tetex}/bin/pdflatex"|g' \ - -e 's|self.program = "latex"|self.program = "${tetex}/bin/latex"|g' \ - -e 's|Popen("pdflatex|Popen("${tetex}/bin/pdflatex|g' \ + -e 's|cmd = "epstopdf|cmd = "${tex}/bin/epstopdf|g' \ + -e 's|cmd = \["makeindex|cmd = ["${tex}/bin/makeindex|g' \ + -e 's|doc.program = "pdflatex"|doc.program = "${tex}/bin/pdflatex"|g' \ + -e 's|self.program = "latex"|self.program = "${tex}/bin/latex"|g' \ + -e 's|Popen("pdflatex|Popen("${tex}/bin/pdflatex|g' \ -e 's|"fc-match"|"${fontconfig}/bin/fc-match"|g' \ -e 's|"fc-list"|"${fontconfig}/bin/fc-list"|g' \ -e 's|cmd = "inkscape|cmd = "${inkscape}/bin/inkscape|g' \ @@ -47,11 +56,13 @@ stdenv.mkDerivation rec { ''; buildPhase = "true"; - + installPhase = '' python ./setup.py install --prefix="$out" --use-python-path --verbose ''; + passthru = { inherit tex; }; + meta = { description = "A program to convert DocBook to DVI, PostScript or PDF via LaTeX or ConTeXt"; homepage = http://dblatex.sourceforge.net/; -- cgit 1.4.1 From 3e6bb402b18c7b08e85a0468b442c40e4983ab58 Mon Sep 17 00:00:00 2001 From: aszlig Date: Tue, 22 Sep 2015 09:24:10 +0200 Subject: nixos/tests/virtualbox: Give VMs more memory. We previously had 1024 MB of memory to fit a VirtualBox VM with 512 MB plus the memory needed of the VirtualBox host VM. That obviously won't work for two VirtualBox VMs, which are used for testing networking between two VirtualBox guests. Now, we have 2048 MB on the qemu guest (the VirtualBox host) and 768 MB for each VirtualBox guest. That should be enough to fit in two VirtualBox guests (I hope). Signed-off-by: aszlig --- nixos/tests/virtualbox.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'nixos') diff --git a/nixos/tests/virtualbox.nix b/nixos/tests/virtualbox.nix index 728d46d446ea..a2d33fa328b0 100644 --- a/nixos/tests/virtualbox.nix +++ b/nixos/tests/virtualbox.nix @@ -141,6 +141,7 @@ import ./make-test.nix ({ pkgs, ... }: with pkgs.lib; let vmFlags = mkFlags ([ "--uart1 0x3F8 4" "--uartmode1 client /run/virtualbox-log-${name}.sock" + "--memory 768" ] ++ (attrs.vmFlags or [])); controllerFlags = mkFlags [ @@ -324,7 +325,7 @@ in { mkVMConf = name: val: val.machine // { key = "${name}-config"; }; vmConfigs = mapAttrsToList mkVMConf vboxVMs; in [ ./common/user-account.nix ./common/x11.nix ] ++ vmConfigs; - virtualisation.memorySize = 1024; + virtualisation.memorySize = 2048; virtualisation.virtualbox.host.enable = true; users.extraUsers.alice.extraGroups = let inherit (config.virtualisation.virtualbox.host) enableHardening; -- cgit 1.4.1 From 764a767d5f263e97406c07e6341b387643e1c7ac Mon Sep 17 00:00:00 2001 From: aszlig Date: Thu, 24 Sep 2015 09:13:15 +0200 Subject: nixos/tests/virtualbox: Destroy detectvirt VM. I forgot to do this in da0e642. It shouldn't be a big problem but it's more clean to destroy the VM once we're done testing. Signed-off-by: aszlig --- nixos/tests/virtualbox.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'nixos') diff --git a/nixos/tests/virtualbox.nix b/nixos/tests/virtualbox.nix index a2d33fa328b0..2b5b5a180fca 100644 --- a/nixos/tests/virtualbox.nix +++ b/nixos/tests/virtualbox.nix @@ -413,6 +413,7 @@ in { shutdownVM_detectvirt; my $result = $machine->succeed("cat '$detectvirt_sharepath/result'"); chomp $result; + destroyVM_detectvirt; die "systemd-detect-virt returned \"$result\" instead of \"oracle\"" if $result ne "oracle"; }; -- cgit 1.4.1 From fcab752abf94ae36e903097846c752d6b22e0dff Mon Sep 17 00:00:00 2001 From: Thomas Strobel Date: Thu, 24 Sep 2015 10:24:54 +0200 Subject: openvswitch module: do not fork services --- nixos/modules/virtualisation/openvswitch.nix | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) (limited to 'nixos') diff --git a/nixos/modules/virtualisation/openvswitch.nix b/nixos/modules/virtualisation/openvswitch.nix index b5155246fdad..1c77945a6cb5 100644 --- a/nixos/modules/virtualisation/openvswitch.nix +++ b/nixos/modules/virtualisation/openvswitch.nix @@ -92,13 +92,11 @@ in { --bootstrap-ca-cert=db:Open_vSwitch,SSL,ca_cert \ --unixctl=ovsdb.ctl.sock \ --pidfile=/var/run/openvswitch/ovsdb.pid \ - --detach \ /var/db/openvswitch/conf.db ''; Restart = "always"; RestartSec = 3; PIDFile = "/var/run/openvswitch/ovsdb.pid"; - Type = "forking"; }; postStart = '' ${cfg.package}/bin/ovs-vsctl --timeout 3 --retry --no-wait init @@ -114,11 +112,9 @@ in { serviceConfig = { ExecStart = '' ${cfg.package}/bin/ovs-vswitchd \ - --pidfile=/var/run/openvswitch/ovs-vswitchd.pid \ - --detach + --pidfile=/var/run/openvswitch/ovs-vswitchd.pid ''; PIDFile = "/var/run/openvswitch/ovs-vswitchd.pid"; - Type = "forking"; }; }; @@ -143,11 +139,10 @@ in { ${cfg.package}/bin/ovs-monitor-ipsec \ --root-prefix ${runDir}/ipsec \ --pidfile /var/run/openvswitch/ovs-monitor-ipsec.pid \ - --monitor --detach \ + --monitor \ unix:/var/run/openvswitch/db.sock ''; PIDFile = "/var/run/openvswitch/ovs-monitor-ipsec.pid"; - Type = "forking"; }; preStart = '' -- cgit 1.4.1 From e73b19ae4e984f58cebe4dd4f82cda622da552ab Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Thu, 24 Sep 2015 10:36:50 +0200 Subject: ec2-data.nix: Print all SSH host keys Also, don't barf if there is no DSA key. --- nixos/modules/virtualisation/ec2-data.nix | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'nixos') diff --git a/nixos/modules/virtualisation/ec2-data.nix b/nixos/modules/virtualisation/ec2-data.nix index 0b0fdda49888..91f4774cdc26 100644 --- a/nixos/modules/virtualisation/ec2-data.nix +++ b/nixos/modules/virtualisation/ec2-data.nix @@ -80,8 +80,9 @@ with lib; # can obtain it securely by parsing the output of # ec2-get-console-output. echo "-----BEGIN SSH HOST KEY FINGERPRINTS-----" > /dev/console - ${config.programs.ssh.package}/bin/ssh-keygen -l -f /etc/ssh/ssh_host_dsa_key.pub > /dev/console - ${config.programs.ssh.package}/bin/ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub > /dev/console + for i in /etc/ssh/ssh_host_*_key.pub; do + ${config.programs.ssh.package}/bin/ssh-keygen -l -f $i > /dev/console + done echo "-----END SSH HOST KEY FINGERPRINTS-----" > /dev/console ''; serviceConfig.Type = "oneshot"; -- cgit 1.4.1 From 89e983786a4e2cf6dd238af4df6da373cc01e62b Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Thu, 24 Sep 2015 11:42:32 +0200 Subject: Manual: Remove store path references --- nixos/modules/config/shells-environment.nix | 5 +++-- nixos/modules/programs/ssh.nix | 3 ++- nixos/modules/programs/venus.nix | 3 ++- nixos/modules/services/amqp/activemq/default.nix | 3 ++- nixos/modules/services/hardware/sane.nix | 3 ++- nixos/modules/services/logging/logstash.nix | 4 ++-- nixos/modules/services/misc/nixos-manual.nix | 3 ++- nixos/modules/services/misc/subsonic.nix | 4 +++- nixos/modules/services/monitoring/grafana.nix | 6 ++++-- nixos/modules/services/networking/dnscrypt-proxy.nix | 5 +---- nixos/modules/services/networking/seeks.nix | 2 +- nixos/modules/services/web-servers/phpfpm.nix | 5 +++-- nixos/modules/services/x11/display-managers/lightdm.nix | 4 +++- 13 files changed, 30 insertions(+), 20 deletions(-) (limited to 'nixos') diff --git a/nixos/modules/config/shells-environment.nix b/nixos/modules/config/shells-environment.nix index 533280890a70..d0243f9775c5 100644 --- a/nixos/modules/config/shells-environment.nix +++ b/nixos/modules/config/shells-environment.nix @@ -57,8 +57,8 @@ in type = types.attrsOf (types.listOf types.str); example = { PATH = [ "/bin" "/sbin" ]; MANPATH = [ "/man" "/share/man" ]; }; description = '' - Attribute set of environment variable. Each attribute maps to a list - of relative paths. Each relative path is appended to the each profile + Attribute set of environment variable. Each attribute maps to a list + of relative paths. Each relative path is appended to the each profile of to form the content of the corresponding environment variable. ''; @@ -123,6 +123,7 @@ in "''${pkgs.dash}/bin/dash" ''; type = types.path; + visible = false; description = '' The shell executable that is linked system-wide to /bin/sh. Please note that NixOS assumes all diff --git a/nixos/modules/programs/ssh.nix b/nixos/modules/programs/ssh.nix index cf7ef455eb85..87a7bac208b7 100644 --- a/nixos/modules/programs/ssh.nix +++ b/nixos/modules/programs/ssh.nix @@ -36,7 +36,6 @@ in askPassword = mkOption { type = types.str; - default = "${pkgs.x11_ssh_askpass}/libexec/x11-ssh-askpass"; description = ''Program used by SSH to ask for passwords.''; }; @@ -223,5 +222,7 @@ in export SSH_ASKPASS=${askPassword} ''; + programs.ssh.askPassword = mkDefault "${pkgs.x11_ssh_askpass}/libexec/x11-ssh-askpass"; + }; } diff --git a/nixos/modules/programs/venus.nix b/nixos/modules/programs/venus.nix index ca3188b18199..8f85b602fe2c 100644 --- a/nixos/modules/programs/venus.nix +++ b/nixos/modules/programs/venus.nix @@ -99,7 +99,6 @@ in }; outputTheme = mkOption { - default = "${pkgs.venus}/themes/classic_fancy"; type = types.path; description = '' Directory containing a config.ini file which is merged with this one. @@ -170,5 +169,7 @@ in startAt = cfg.dates; }; + services.venus.outputTheme = mkDefault "${pkgs.venus}/themes/classic_fancy"; + }; } diff --git a/nixos/modules/services/amqp/activemq/default.nix b/nixos/modules/services/amqp/activemq/default.nix index 261f97617664..56ff388f8a9e 100644 --- a/nixos/modules/services/amqp/activemq/default.nix +++ b/nixos/modules/services/amqp/activemq/default.nix @@ -32,7 +32,6 @@ in { ''; }; configurationDir = mkOption { - default = "${activemq}/conf"; description = '' The base directory for ActiveMQ's configuration. By default, this directory is searched for a file named activemq.xml, @@ -126,6 +125,8 @@ in { ''; }; + services.activemq.configurationDir = mkDefault "${activemq}/conf"; + }; } diff --git a/nixos/modules/services/hardware/sane.nix b/nixos/modules/services/hardware/sane.nix index 3bf765c6f991..0428602688dd 100644 --- a/nixos/modules/services/hardware/sane.nix +++ b/nixos/modules/services/hardware/sane.nix @@ -36,7 +36,6 @@ in hardware.sane.configDir = mkOption { type = types.string; - default = "${saneConfig}/etc/sane.d"; description = "The value of SANE_CONFIG_DIR."; }; @@ -47,6 +46,8 @@ in config = mkIf config.hardware.sane.enable { + hardware.sane.configDir = mkDefault "${saneConfig}/etc/sane.d"; + environment.systemPackages = backends; environment.sessionVariables = { SANE_CONFIG_DIR = config.hardware.sane.configDir; diff --git a/nixos/modules/services/logging/logstash.nix b/nixos/modules/services/logging/logstash.nix index aec45d9286d8..3a798c6f3724 100644 --- a/nixos/modules/services/logging/logstash.nix +++ b/nixos/modules/services/logging/logstash.nix @@ -84,10 +84,10 @@ in type = types.lines; default = ''stdin { type => "example" }''; description = "Logstash input configuration."; - example = '' + example = literalExample '' # Read from journal pipe { - command => "${pkgs.systemd}/bin/journalctl -f -o json" + command => "''${pkgs.systemd}/bin/journalctl -f -o json" type => "syslog" codec => json {} } ''; diff --git a/nixos/modules/services/misc/nixos-manual.nix b/nixos/modules/services/misc/nixos-manual.nix index c570a01fb3b2..0c9a916ed21a 100644 --- a/nixos/modules/services/misc/nixos-manual.nix +++ b/nixos/modules/services/misc/nixos-manual.nix @@ -80,7 +80,6 @@ in services.nixosManual.browser = mkOption { type = types.path; - default = "${pkgs.w3m}/bin/w3m"; description = '' Browser used to show the manual. ''; @@ -116,6 +115,8 @@ in services.mingetty.helpLine = mkIf cfg.showManual "\nPress for the NixOS manual."; + services.nixosManual.browser = mkDefault "${pkgs.w3m}/bin/w3m"; + }; } diff --git a/nixos/modules/services/misc/subsonic.nix b/nixos/modules/services/misc/subsonic.nix index 3e1a2e8fbb51..4d164ad8d65f 100644 --- a/nixos/modules/services/misc/subsonic.nix +++ b/nixos/modules/services/misc/subsonic.nix @@ -97,7 +97,6 @@ in transcoders = mkOption { type = types.listOf types.path; - default = [ "${pkgs.ffmpeg}/bin/ffmpeg" ]; description = '' List of paths to transcoder executables that should be accessible from Subsonic. Symlinks will be created to each executable inside @@ -153,5 +152,8 @@ in }; users.extraGroups.subsonic.gid = config.ids.gids.subsonic; + + services.subsonic.transcoders = mkDefault [ "${pkgs.ffmpeg}/bin/ffmpeg" ]; + }; } diff --git a/nixos/modules/services/monitoring/grafana.nix b/nixos/modules/services/monitoring/grafana.nix index 0393d01054d1..fa653565a67f 100644 --- a/nixos/modules/services/monitoring/grafana.nix +++ b/nixos/modules/services/monitoring/grafana.nix @@ -200,7 +200,6 @@ in { staticRootPath = mkOption { description = "Root path for static assets."; - default = "${cfg.package.out}/share/go/src/github.com/grafana/grafana/public"; type = types.str; }; @@ -311,7 +310,7 @@ in { config = mkIf cfg.enable { warnings = [ - "Grafana passwords will be stored as plaintext in nix store!" + "Grafana passwords will be stored as plaintext in the Nix store!" ]; systemd.services.grafana = { @@ -331,5 +330,8 @@ in { home = cfg.dataDir; createHome = true; }; + + services.grafana.staticRootPath = mkDefault "${cfg.package.out}/share/go/src/github.com/grafana/grafana/public"; + }; } diff --git a/nixos/modules/services/networking/dnscrypt-proxy.nix b/nixos/modules/services/networking/dnscrypt-proxy.nix index c724ee979c2d..218bce2dbb31 100644 --- a/nixos/modules/services/networking/dnscrypt-proxy.nix +++ b/nixos/modules/services/networking/dnscrypt-proxy.nix @@ -52,10 +52,7 @@ in default = "opendns"; type = types.nullOr types.string; description = '' - The name of the upstream DNSCrypt resolver to use. See - ${resolverListFile} for alternative resolvers - (e.g., if you are concerned about logging and/or server - location). + The name of the upstream DNSCrypt resolver to use. ''; }; customResolver = mkOption { diff --git a/nixos/modules/services/networking/seeks.nix b/nixos/modules/services/networking/seeks.nix index 155ecbb98ef3..f5bc60be3457 100644 --- a/nixos/modules/services/networking/seeks.nix +++ b/nixos/modules/services/networking/seeks.nix @@ -33,7 +33,7 @@ in type = types.str; description = " The Seeks server configuration. If it is not specified, - a default configuration is used (${seeks}/etc/seeks). + a default configuration is used. "; }; diff --git a/nixos/modules/services/web-servers/phpfpm.nix b/nixos/modules/services/web-servers/phpfpm.nix index 41dbfff41cfe..82398948bfaa 100644 --- a/nixos/modules/services/web-servers/phpfpm.nix +++ b/nixos/modules/services/web-servers/phpfpm.nix @@ -44,8 +44,7 @@ in { phpIni = mkOption { type = types.path; - default = "${cfg.phpPackage}/etc/php-recommended.ini"; - description = "php.ini file to use."; + description = "PHP configuration file to use."; }; poolConfigs = mkOption { @@ -86,5 +85,7 @@ in { }; }; + services.phpfpm.phpIni = mkDefault "${cfg.phpPackage}/etc/php-recommended.ini"; + }; } diff --git a/nixos/modules/services/x11/display-managers/lightdm.nix b/nixos/modules/services/x11/display-managers/lightdm.nix index bc8f478c7d83..11e21c9d917f 100644 --- a/nixos/modules/services/x11/display-managers/lightdm.nix +++ b/nixos/modules/services/x11/display-managers/lightdm.nix @@ -104,7 +104,6 @@ in }; background = mkOption { - default = "${pkgs.nixos-artwork}/share/artwork/gnome/Gnome_Dark.png"; description = '' The background image or color to use. ''; @@ -172,5 +171,8 @@ in }; users.extraGroups.lightdm.gid = config.ids.gids.lightdm; + + services.xserver.displayManager.lightdm.background = mkDefault "${pkgs.nixos-artwork}/share/artwork/gnome/Gnome_Dark.png"; + }; } -- cgit 1.4.1 From 5b8dae8ef3870aca16632ff29bf26391898d08f5 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Thu, 24 Sep 2015 11:47:00 +0200 Subject: Prevent future store path references in the manual --- nixos/doc/manual/default.nix | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) (limited to 'nixos') diff --git a/nixos/doc/manual/default.nix b/nixos/doc/manual/default.nix index 15bd185ccec9..87964e27bb9c 100644 --- a/nixos/doc/manual/default.nix +++ b/nixos/doc/manual/default.nix @@ -31,10 +31,8 @@ let else fn; - # Convert the list of options into an XML file. The builtin - # unsafeDiscardStringContext is used to prevent the realisation of - # the store paths which are used in options definitions. - optionsXML = builtins.toFile "options.xml" (builtins.unsafeDiscardStringContext (builtins.toXML optionsList')); + # Convert the list of options into an XML file. + optionsXML = builtins.toFile "options.xml" (builtins.toXML optionsList'); optionsDocBook = runCommand "options-db.xml" {} '' optionsXML=${optionsXML} @@ -139,6 +137,8 @@ in rec { ''; # */ meta.description = "The NixOS manual in HTML format"; + + allowedReferences = ["out"]; }; manualPDF = stdenv.mkDerivation { @@ -187,6 +187,8 @@ in rec { ${docbook5_xsl}/xml/xsl/docbook/manpages/docbook.xsl \ ./man-pages.xml ''; + + allowedReferences = ["out"]; }; } -- cgit 1.4.1 From 9cc7859b2ea2a9f79a17489ba945c0358296c8ed Mon Sep 17 00:00:00 2001 From: Jan Malakhovski Date: Fri, 18 Sep 2015 17:50:31 +0000 Subject: nixos: show the manual in system's /share/doc (close #9928) --- nixos/modules/services/misc/nixos-manual.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'nixos') diff --git a/nixos/modules/services/misc/nixos-manual.nix b/nixos/modules/services/misc/nixos-manual.nix index 0c9a916ed21a..c10d8197686f 100644 --- a/nixos/modules/services/misc/nixos-manual.nix +++ b/nixos/modules/services/misc/nixos-manual.nix @@ -92,7 +92,7 @@ in system.build.manual = manual; - environment.systemPackages = [ manual.manpages help ]; + environment.systemPackages = [ manual.manpages manual.manual help ]; boot.extraTTYs = mkIf cfg.showManual ["tty${cfg.ttyNumber}"]; -- cgit 1.4.1 From 251a00da4cb5073b9e38f40348835a194a68e6ca Mon Sep 17 00:00:00 2001 From: Thomas Strobel Date: Thu, 24 Sep 2015 12:44:07 +0200 Subject: openvswitch module: add option to reset db on start --- nixos/modules/virtualisation/openvswitch.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'nixos') diff --git a/nixos/modules/virtualisation/openvswitch.nix b/nixos/modules/virtualisation/openvswitch.nix index 1c77945a6cb5..4d6123e4ce51 100644 --- a/nixos/modules/virtualisation/openvswitch.nix +++ b/nixos/modules/virtualisation/openvswitch.nix @@ -19,6 +19,15 @@ in { ''; }; + resetOnStart = mkOption { + type = types.bool; + default = false; + description = '' + Whether to reset the Open vSwitch configuration database to a default + configuration on every start of the systemd ovsdb.service. + ''; + }; + package = mkOption { type = types.package; default = pkgs.openvswitch; @@ -75,6 +84,7 @@ in { mkdir -p ${runDir} mkdir -p /var/db/openvswitch chmod +w /var/db/openvswitch + ${optionalString cfg.resetOnStart "rm -f /var/db/openvswitch/conf.db"} if [[ ! -e /var/db/openvswitch/conf.db ]]; then ${cfg.package}/bin/ovsdb-tool create \ "/var/db/openvswitch/conf.db" \ -- cgit 1.4.1 From 1f5f472a8a21f9bceed7f50c581007cb9c7ec3d6 Mon Sep 17 00:00:00 2001 From: Thomas Strobel Date: Thu, 24 Sep 2015 14:51:44 +0200 Subject: Revert "openvswitch module: do not fork services" This reverts commit fcab752abf94ae36e903097846c752d6b22e0dff. --- nixos/modules/virtualisation/openvswitch.nix | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) (limited to 'nixos') diff --git a/nixos/modules/virtualisation/openvswitch.nix b/nixos/modules/virtualisation/openvswitch.nix index 4d6123e4ce51..a0231315236c 100644 --- a/nixos/modules/virtualisation/openvswitch.nix +++ b/nixos/modules/virtualisation/openvswitch.nix @@ -102,11 +102,14 @@ in { --bootstrap-ca-cert=db:Open_vSwitch,SSL,ca_cert \ --unixctl=ovsdb.ctl.sock \ --pidfile=/var/run/openvswitch/ovsdb.pid \ + --detach \ /var/db/openvswitch/conf.db ''; Restart = "always"; RestartSec = 3; PIDFile = "/var/run/openvswitch/ovsdb.pid"; + # Use service type 'forking' to correctly determine when ovsdb-server is ready. + Type = "forking"; }; postStart = '' ${cfg.package}/bin/ovs-vsctl --timeout 3 --retry --no-wait init @@ -122,9 +125,12 @@ in { serviceConfig = { ExecStart = '' ${cfg.package}/bin/ovs-vswitchd \ - --pidfile=/var/run/openvswitch/ovs-vswitchd.pid + --pidfile=/var/run/openvswitch/ovs-vswitchd.pid \ + --detach ''; PIDFile = "/var/run/openvswitch/ovs-vswitchd.pid"; + # Use service type 'forking' to correctly determine when vswitchd is ready. + Type = "forking"; }; }; @@ -149,10 +155,12 @@ in { ${cfg.package}/bin/ovs-monitor-ipsec \ --root-prefix ${runDir}/ipsec \ --pidfile /var/run/openvswitch/ovs-monitor-ipsec.pid \ - --monitor \ + --monitor --detach \ unix:/var/run/openvswitch/db.sock ''; PIDFile = "/var/run/openvswitch/ovs-monitor-ipsec.pid"; + # Use service type 'forking' to correctly determine when ovs-monitor-ipsec is ready. + Type = "forking"; }; preStart = '' -- cgit 1.4.1 From f40c7ed1435d9507868337ae7509fe6d0392498b Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Thu, 24 Sep 2015 19:58:41 +0200 Subject: Remove relatime mount option This has been the kernel default for a long time. --- nixos/modules/tasks/filesystems.nix | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) (limited to 'nixos') diff --git a/nixos/modules/tasks/filesystems.nix b/nixos/modules/tasks/filesystems.nix index 4409bd4cc8c3..ab64106f3533 100644 --- a/nixos/modules/tasks/filesystems.nix +++ b/nixos/modules/tasks/filesystems.nix @@ -41,7 +41,7 @@ let }; options = mkOption { - default = "defaults,relatime"; + default = "defaults"; example = "data=journal"; type = types.commas; description = "Options used to mount the file system."; @@ -69,8 +69,6 @@ let config = { mountPoint = mkDefault name; device = mkIf (config.fsType == "tmpfs") (mkDefault config.fsType); - # The vboxsf filesystem doesn't support the relatime option: - options = mkIf (config.fsType == "vboxsf") (mkDefault "defaults"); }; }; -- cgit 1.4.1 From 9d92bd7845a0fcf895a1e7c4ae95c908be673060 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Thu, 24 Sep 2015 18:13:14 +0200 Subject: Add filesystem option to automatically grow to the maximum size This is primarily for EC2 and other cloud environments, where the disk may be bigger than the original image. --- nixos/modules/system/boot/stage-1-init.sh | 15 ++++++++++++- nixos/modules/system/boot/stage-1.nix | 7 +++++- nixos/modules/tasks/filesystems.nix | 16 ++++++++++++-- nixos/tests/make-test.nix | 2 +- nixos/tests/resize-root.nix | 36 +++++++++++++++++++++++++++++++ 5 files changed, 71 insertions(+), 5 deletions(-) create mode 100644 nixos/tests/resize-root.nix (limited to 'nixos') diff --git a/nixos/modules/system/boot/stage-1-init.sh b/nixos/modules/system/boot/stage-1-init.sh index 480bbfa2b07b..516cbb295fa4 100644 --- a/nixos/modules/system/boot/stage-1-init.sh +++ b/nixos/modules/system/boot/stage-1-init.sh @@ -290,10 +290,23 @@ mountFS() { if [ -z "$fsType" ]; then fsType=auto; fi fi - echo "$device /mnt-root$mountPoint $fsType $options" >> /etc/fstab + # Filter out x- options, which busybox doesn't do yet. + local optionsFiltered="$(IFS=,; for i in $options; do if [ "${i:0:2}" != "x-" ]; then echo -n $i,; fi; done)" + + echo "$device /mnt-root$mountPoint $fsType $optionsFiltered" >> /etc/fstab checkFS "$device" "$fsType" + # Optionally resize the filesystem. + case $options in + *x-nixos.autoresize*) + if [ "$fsType" = ext2 -o "$fsType" = ext3 -o "$fsType" = ext4 ]; then + echo "resizing $device..." + resize2fs "$device" + fi + ;; + esac + # Create backing directories for unionfs-fuse. if [ "$fsType" = unionfs-fuse ]; then for i in $(IFS=:; echo ${options##*,dirs=}); do diff --git a/nixos/modules/system/boot/stage-1.nix b/nixos/modules/system/boot/stage-1.nix index f782eca3f647..ace2d10ec9c1 100644 --- a/nixos/modules/system/boot/stage-1.nix +++ b/nixos/modules/system/boot/stage-1.nix @@ -70,6 +70,12 @@ let copy_bin_and_libs ${pkgs.kmod}/bin/kmod ln -sf kmod $out/bin/modprobe + # Copy resize2fs if needed. + ${optionalString (any (fs: fs.autoResize) (attrValues config.fileSystems)) '' + # We need mke2fs in the initrd. + copy_bin_and_libs ${pkgs.e2fsprogs}/sbin/resize2fs + ''} + ${config.boot.initrd.extraUtilsCommands} # Copy ld manually since it isn't detected correctly @@ -393,7 +399,6 @@ in } ]; - system.build.bootStage1 = bootStage1; system.build.initialRamdisk = initialRamdisk; system.build.extraUtils = extraUtils; diff --git a/nixos/modules/tasks/filesystems.nix b/nixos/modules/tasks/filesystems.nix index ab64106f3533..9dd250f140ce 100644 --- a/nixos/modules/tasks/filesystems.nix +++ b/nixos/modules/tasks/filesystems.nix @@ -7,7 +7,7 @@ let fileSystems = attrValues config.fileSystems; - prioOption = prio: optionalString (prio !=null) " pri=${toString prio}"; + prioOption = prio: optionalString (prio != null) " pri=${toString prio}"; fileSystemOpts = { name, config, ... }: { @@ -43,7 +43,7 @@ let options = mkOption { default = "defaults"; example = "data=journal"; - type = types.commas; + type = types.commas; # FIXME: should be a list description = "Options used to mount the file system."; }; @@ -58,6 +58,17 @@ let ''; }; + autoResize = mkOption { + default = false; + type = types.bool; + description = '' + If set, the filesystem is grown to its maximum size before + being mounted. (This is typically the size of the containing + partition.) This is currently only supported for ext2/3/4 + filesystems that are mounted during early boot. + ''; + }; + noCheck = mkOption { default = false; type = types.bool; @@ -69,6 +80,7 @@ let config = { mountPoint = mkDefault name; device = mkIf (config.fsType == "tmpfs") (mkDefault config.fsType); + options = mkIf config.autoResize "x-nixos.autoresize"; }; }; diff --git a/nixos/tests/make-test.nix b/nixos/tests/make-test.nix index 285ca5b71d6e..f3e26aa7e74d 100644 --- a/nixos/tests/make-test.nix +++ b/nixos/tests/make-test.nix @@ -2,4 +2,4 @@ f: { system ? builtins.currentSystem, ... } @ args: with import ../lib/testing.nix { inherit system; }; -makeTest (if builtins.isFunction f then f (args // { inherit pkgs; }) else f) +makeTest (if builtins.isFunction f then f (args // { inherit pkgs; inherit (pkgs) lib; }) else f) diff --git a/nixos/tests/resize-root.nix b/nixos/tests/resize-root.nix new file mode 100644 index 000000000000..c8ccab38ab6f --- /dev/null +++ b/nixos/tests/resize-root.nix @@ -0,0 +1,36 @@ +import ./make-test.nix ({ pkgs, lib, ...} : { + + meta.maintainers = [ lib.maintainers.eelco ]; + + machine = { config, pkgs, ... }: { + virtualisation.diskSize = 512; + fileSystems = lib.mkVMOverride { + "/".autoResize = true; + }; + }; + + testScript = + '' + # Create a VM with a 512 MiB disk. + $machine->start; + $machine->waitForUnit("multi-user.target"); + my $blocks = $machine->succeed("stat -c %b -f /"); + my $bsize = $machine->succeed("stat -c %S -f /"); + my $size = $blocks * $bsize; + die "wrong free space $size" if $size < 480 * 1024 * 1024 || $size > 512 * 1024 * 1024; + $machine->succeed("touch /marker"); + $machine->shutdown; + + # Grow the disk to 1024 MiB. + system("qemu-img resize vm-state-machine/machine.qcow2 1024M") == 0 or die; + + # Start the VM again and check whether the initrd has correctly + # grown the root filesystem. + $machine->start; + $machine->waitForUnit("multi-user.target"); + $machine->succeed("[ -e /marker ]"); + my $blocks = $machine->succeed("stat -c %b -f /"); + my $size = $blocks * $bsize; + die "wrong free space $size" if $size < 980 * 1024 * 1024 || $size > 1024 * 1024 * 1024; + ''; +}) -- cgit 1.4.1 From 59bc47c9ede58f3cdfdfea18297375627ac99c6c Mon Sep 17 00:00:00 2001 From: Thomas Strobel Date: Tue, 22 Sep 2015 15:49:17 +0200 Subject: nixos networking: add vswitch option Add a configuration option for Open vSwitch that is similar to the option for the Linux kernel ethernet bridge. --- nixos/modules/services/networking/dhcpcd.nix | 1 + .../modules/tasks/network-interfaces-scripted.nix | 40 +++++++++++ nixos/modules/tasks/network-interfaces-systemd.nix | 3 + nixos/modules/tasks/network-interfaces.nix | 80 +++++++++++++++++++++- 4 files changed, 123 insertions(+), 1 deletion(-) (limited to 'nixos') diff --git a/nixos/modules/services/networking/dhcpcd.nix b/nixos/modules/services/networking/dhcpcd.nix index 8552395fdb16..b31d479ab4fd 100644 --- a/nixos/modules/services/networking/dhcpcd.nix +++ b/nixos/modules/services/networking/dhcpcd.nix @@ -18,6 +18,7 @@ let map (i: i.name) (filter (i: if i.useDHCP != null then !i.useDHCP else i.ip4 != [ ] || i.ipAddress != null) interfaces) ++ mapAttrsToList (i: _: i) config.networking.sits ++ concatLists (attrValues (mapAttrs (n: v: v.interfaces) config.networking.bridges)) + ++ concatLists (attrValues (mapAttrs (n: v: v.interfaces) config.networking.vswitches)) ++ concatLists (attrValues (mapAttrs (n: v: v.interfaces) config.networking.bonds)) ++ config.networking.dhcpcd.denyInterfaces; diff --git a/nixos/modules/tasks/network-interfaces-scripted.nix b/nixos/modules/tasks/network-interfaces-scripted.nix index 328d94cbb05c..d8b1592c36bb 100644 --- a/nixos/modules/tasks/network-interfaces-scripted.nix +++ b/nixos/modules/tasks/network-interfaces-scripted.nix @@ -220,6 +220,45 @@ in ''; }); + createVswitchDevice = n: v: nameValuePair "${n}-netdev" + (let + managedInterfaces = filter (x: hasAttr x cfg.interfaces) v.interfaces; + managedInterfaceServices = concatMap (i: [ "network-addresses-${i}.service" "network-link-${i}.service" ]) managedInterfaces; + virtualInterfaces = filter (x: (hasAttr x cfg.interfaces) && cfg.interfaces.${x}.virtual) v.interfaces; + virtualInterfaceServices = concatMap (i: [ "${i}-netdev.service" ]) virtualInterfaces; + deps = map subsystemDevice v.interfaces; + ofRules = pkgs.writeText "vswitch-${n}-openFlowRules" v.openFlowRules; + in + { description = "Open vSwitch Interface ${n}"; + wantedBy = [ "network.target" "vswitchd.service" (subsystemDevice n) ]; + requires = optionals v.bindInterfaces (deps ++ managedInterfaceServices ++ virtualInterfaceServices); + requiredBy = optionals v.bindInterfaces (managedInterfaceServices ++ virtualInterfaceServices); + bindsTo = deps ++ [ "vswitchd.service" ]; + partOf = [ "vswitchd.service" ]; + after = [ "network-pre.target" "vswitchd.service" ] ++ deps ++ managedInterfaceServices ++ virtualInterfaceServices; + before = [ "network-interfaces.target" (subsystemDevice n) ]; + serviceConfig.Type = "oneshot"; + serviceConfig.RemainAfterExit = true; + path = [ pkgs.iproute config.virtualisation.vswitch.package ]; + script = '' + echo "Removing old Open vSwitch ${n}..." + ovs-vsctl --if-exists del-br ${n} + + echo "Adding Open vSwitch ${n}..." + ovs-vsctl -- add-br ${n} ${concatMapStrings (i: " -- add-port ${n} ${i}") v.interfaces} \ + ${concatMapStrings (x: " -- set-controller ${n} " + x) v.controllers} \ + ${concatMapStrings (x: " -- " + x) (splitString "\n" v.extraOvsctlCmds)} + + echo "Adding OpenFlow rules for Open vSwitch ${n}..." + ovs-ofctl add-flows ${n} ${ofRules} + ''; + postStop = '' + ip link set ${n} down || true + ovs-ofctl del-flows ${n} || true + ovs-vsctl --if-exists del-br ${n} + ''; + }); + createBondDevice = n: v: nameValuePair "${n}-netdev" (let deps = map subsystemDevice v.interfaces; @@ -335,6 +374,7 @@ in map configureAddrs interfaces ++ map createTunDevice (filter (i: i.virtual) interfaces)) // mapAttrs' createBridgeDevice cfg.bridges + // mapAttrs' createVswitchDevice cfg.vswitches // mapAttrs' createBondDevice cfg.bonds // mapAttrs' createMacvlanDevice cfg.macvlans // mapAttrs' createSitDevice cfg.sits diff --git a/nixos/modules/tasks/network-interfaces-systemd.nix b/nixos/modules/tasks/network-interfaces-systemd.nix index 8223c5a4941e..301ee43fd0e5 100644 --- a/nixos/modules/tasks/network-interfaces-systemd.nix +++ b/nixos/modules/tasks/network-interfaces-systemd.nix @@ -35,6 +35,9 @@ in assertions = [ { assertion = cfg.defaultGatewayWindowSize == null; message = "networking.defaultGatewayWindowSize is not supported by networkd."; + } { + assertion = cfg.vswitches == {}; + message = "networking.vswichtes are not supported by networkd."; } ] ++ flip mapAttrsToList cfg.bridges (n: { rstp, ... }: { assertion = !rstp; message = "networking.bridges.${n}.rstp is not supported by networkd."; diff --git a/nixos/modules/tasks/network-interfaces.nix b/nixos/modules/tasks/network-interfaces.nix index 9931c977e8f0..7af3160e2d42 100644 --- a/nixos/modules/tasks/network-interfaces.nix +++ b/nixos/modules/tasks/network-interfaces.nix @@ -12,7 +12,8 @@ let hasBonds = cfg.bonds != { }; slaves = concatMap (i: i.interfaces) (attrValues cfg.bonds) - ++ concatMap (i: i.interfaces) (attrValues cfg.bridges); + ++ concatMap (i: i.interfaces) (attrValues cfg.bridges) + ++ concatMap (i: i.interfaces) (attrValues cfg.vswitches); slaveIfs = map (i: cfg.interfaces.${i}) (filter (i: cfg.interfaces ? ${i}) slaves); @@ -371,6 +372,81 @@ in options = [ interfaceOpts ]; }; + networking.vswitches = mkOption { + default = { }; + example = + { vs0.interfaces = [ "eth0" "eth1" ]; + vs1.interfaces = [ "eth2" "wlan0" ]; + }; + description = + '' + This option allows you to define Open vSwitches that connect + physical networks together. The value of this option is an + attribute set. Each attribute specifies a vswitch, with the + attribute name specifying the name of the vswitch's network + interface. + ''; + + type = types.attrsOf types.optionSet; + + options = { + + interfaces = mkOption { + example = [ "eth0" "eth1" ]; + type = types.listOf types.str; + description = + "The physical network interfaces connected by the vSwitch."; + }; + + bindInterfaces = mkOption { + type = types.bool; + default = false; + description = '' + If true, then the interfaces of the vSwitch are brought 'up' and especially + also 'down' together with the vSwitch. That requires that every interfaces + is configured as a systemd network services. + ''; + }; + + controllers = mkOption { + type = types.listOf types.str; + default = []; + example = [ "ptcp:6653:[::1]" ]; + description = '' + Specify the controller targets. For the allowed options see man 8 ovs-vsctl. + ''; + }; + + openFlowRules = mkOption { + type = types.lines; + default = ""; + example = '' + actions=normal + ''; + description = '' + OpenFlow rules to insert into the Open vSwitch. All openFlowRules are + loaded with ovs-ofctl within one atomic operation. + ''; + }; + + extraOvsctlCmds = mkOption { + type = types.lines; + default = ""; + example = '' + set-fail-mode secure + set Bridge stp_enable=true + ''; + description = '' + Commands to manipulate the Open vSwitch database. Every line executed with ovs-vsctl. + All commands are bundled together with the operations for adding the interfaces + into one atomic operation. + ''; + }; + + }; + + }; + networking.bridges = mkOption { default = { }; example = @@ -766,6 +842,8 @@ in services.mstpd = mkIf needsMstpd { enable = true; }; + virtualisation.vswitch = mkIf (cfg.vswitches != { }) { enable = true; }; + }; } -- cgit 1.4.1 From baf1d1dcd77a66450adb54e22b5748566b06a8d7 Mon Sep 17 00:00:00 2001 From: aszlig Date: Fri, 25 Sep 2015 12:06:58 +0200 Subject: nixos/tests/virtualbox: Don't parallelize VM boot. I'm not quite sure why the official Hydra gets a kernel panic in one of two VMs using the exact same kernels: https://hydra.nixos.org/build/26339384 Because the kernel panic happens before stage 1, let's wait for the first VM to boot up and after the bootup is done, start the second one in hope that it won't trigger the panic. Oddly enough, whenever I run the test on my own Hydra and on my local machines, I don't get anything like that. Signed-off-by: aszlig --- nixos/tests/virtualbox.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'nixos') diff --git a/nixos/tests/virtualbox.nix b/nixos/tests/virtualbox.nix index 2b5b5a180fca..01fcd15fd8bb 100644 --- a/nixos/tests/virtualbox.nix +++ b/nixos/tests/virtualbox.nix @@ -424,11 +424,10 @@ in { vbm("startvm test1"); waitForStartup_test1; + waitForVMBoot_test1; vbm("startvm test2"); waitForStartup_test2; - - waitForVMBoot_test1; waitForVMBoot_test2; $machine->screenshot("net_booted"); -- cgit 1.4.1 From 48200a96e0063fa25132d1e5907ab1271f3205ad Mon Sep 17 00:00:00 2001 From: Vladimír Čunát Date: Fri, 25 Sep 2015 14:24:47 +0200 Subject: doc/release notes (15.09): mention `texlive` --- nixos/doc/manual/release-notes/rl-1509.xml | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'nixos') diff --git a/nixos/doc/manual/release-notes/rl-1509.xml b/nixos/doc/manual/release-notes/rl-1509.xml index 098613f9685a..93c75aa6269b 100644 --- a/nixos/doc/manual/release-notes/rl-1509.xml +++ b/nixos/doc/manual/release-notes/rl-1509.xml @@ -243,6 +243,18 @@ nix-env -f "<nixpkgs>" -iA haskellPackages.cabal-install + + A newly packaged TeX Live 2015 is provided in pkgs.texlive, + split into 6500 nix packages. For basic user documentation see + the source. + Beware of an issue when installing a too large package set. + + The plan is to deprecate and maybe delete the original TeX packages + until the next release. + + -- cgit 1.4.1 From 02c25001953eaebbdea13fb28a865c958860ce97 Mon Sep 17 00:00:00 2001 From: aszlig Date: Sat, 26 Sep 2015 11:00:02 +0200 Subject: release-notes/15.09: Use