swendel/nixpkgs
1
0
Fork 0
mirror of https://github.com/SebastianWendel/nixpkgs.git synced 2024-09-24 22:20:17 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' of github.com:NixOS/nixos into systemd

Browse source
This commit is contained in:
Eelco Dolstra 2012-06-14 12:02:17 -04:00
parent f21aa7d22c fd9604b319
commit fae777c264
19 changed files with 158 additions and 60 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
doc/manual/options-to-docbook.xsl
View file

@ -156,7 +156,10 @@
or to the local filesystem. -->
<xsl:choose>
<xsl:when test="$revision != 'local' and contains(@value, '/modules/')">
<xsl:attribute name="xlink:href">https://nixos.org/viewvc/nix/nixos/trunk/modules/<xsl:value-of select="substring-after(@value, '/modules/')"/>?revision=<xsl:value-of select="$revision"/></xsl:attribute>
<xsl:attribute name="xlink:href">https://github.com/NixOS/nixos/blob/<xsl:value-of select="$revision"/>/modules/<xsl:value-of select="substring-after(@value, '/modules/')"/></xsl:attribute>
</xsl:when>
<xsl:when test="$revision != 'local' and contains(@value, 'charon') and contains(@value, '/nix/')">
<xsl:attribute name="xlink:href">https://github.com/NixOS/charon/blob/<xsl:value-of select="$revision"/>/nix/<xsl:value-of select="substring-after(@value, '/nix/')"/></xsl:attribute>
</xsl:when>
<xsl:otherwise>
<xsl:attribute name="xlink:href">file://<xsl:value-of select="@value"/></xsl:attribute>
@ -166,8 +169,11 @@
/nix/store/<hash> prefix by the default location of nixos
sources. -->
<xsl:choose>
<xsl:when test="starts-with(@value, '/nix/store/')">
/etc/nixos/nixos/modules/<xsl:value-of select="substring-after(@value, '/modules/')"/>
<xsl:when test="contains(@value, '/modules/')">
&lt;nixos/modules/<xsl:value-of select="substring-after(@value, '/modules/')"/>&gt;
</xsl:when>
<xsl:when test="contains(@value, 'charon') and contains(@value, '/nix/')">
&lt;charon/<xsl:value-of select="substring-after(@value, '/nix/')"/>&gt;
</xsl:when>
<xsl:otherwise>
<xsl:value-of select="@value" />

16
modules/config/swap.nix
View file

@ -33,18 +33,30 @@ with pkgs.lib;
device = mkOption {
example = "/dev/sda3";
type = types.string;
type = types.uniq types.string;
description = "Path of the device.";
};
label = mkOption {
example = "swap";
type = types.string;
type = types.uniq types.string;
description = ''
Label of the device. Can be used instead of <varname>device</varname>.
'';
};
size = mkOption {
default = null;
example = 2048;
type = types.nullOr types.int;
description = ''
If this option is set, device is interpreted as the
path of a swapfile that will be created automatically
with the indicated size (in megabytes) if it doesn't
exist.
'';
};
};
config = {

3
modules/installer/cd-dvd/system-tarball-sheevaplug.nix
View file

@ -1,5 +1,5 @@
# This module contains the basic configuration for building a NixOS
# installation CD.
# tarball for the sheevaplug.
{ config, pkgs, ... }:
@ -87,6 +87,7 @@ in
pkgs.bvi # binary editor
pkgs.joe
];
*/
boot.loader.grub.enable = false;
boot.loader.generationsDir.enable = false;

2
modules/programs/shadow.nix
View file

@ -37,7 +37,7 @@ in
users.defaultUserShell = pkgs.lib.mkOption {
default = "/var/run/current-system/sw/bin/bash";
description = ''
This option defined the default shell assigned to user
This option defines the default shell assigned to user
accounts. This must not be a store path, since the path is
used outside the store (in particular in /etc/passwd).
Rather, it should be the path of a symlink that points to the

34
modules/security/pam.nix
View file

@ -7,7 +7,7 @@ with pkgs.lib;
let
inherit (pkgs) pam_usb pam_ldap pam_krb5 pam_ccreds;
inherit (pkgs) pam_ldap pam_krb5 pam_ccreds;
otherService = pkgs.writeText "other.pam"
''
@ -37,6 +37,10 @@ let
, # If set, user listed in /etc/pamusb.conf are able to log in with
# the associated usb key.
usbAuth ? config.security.pam.usb.enable
, # If set, the calling user's SSH agent is used to authenticate
# against the keys in the calling user's ~/.ssh/authorized_keys.
# This is useful for "sudo" on password-less remote systems.
sshAgentAuth ? false
, # If set, use ConsoleKit's PAM connector module to claim
# ownership of audio devices etc.
ownDevices ? false
@ -70,16 +74,17 @@ let
# Authentication management.
${optionalString rootOK
"auth sufficient pam_rootok.so"}
${optionalString (config.security.pam.enableSSHAgentAuth && sshAgentAuth)
"auth sufficient ${pkgs.pam_ssh_agent_auth}/libexec/pam_ssh_agent_auth.so file=~/.ssh/authorized_keys"}
${optionalString usbAuth
"auth sufficient ${pam_usb}/lib/security/pam_usb.so"}
auth sufficient pam_unix.so ${
optionalString allowNullPassword "nullok"} likeauth
"auth sufficient ${pkgs.pam_usb}/lib/security/pam_usb.so"}
auth sufficient pam_unix.so ${optionalString allowNullPassword "nullok"} likeauth
${optionalString config.users.ldap.enable
"auth sufficient ${pam_ldap}/lib/security/pam_ldap.so use_first_pass"}
${optionalString config.krb5.enable
''auth [default=ignore success=1 service_err=reset] ${pam_krb5}/lib/security/pam_krb5.so use_first_pass
auth [default=die success=done] ${pam_ccreds}/lib/security/pam_ccreds.so action=validate use_first_pass
auth sufficient ${pam_ccreds}/lib/security/pam_ccreds.so action=store use_first_pass
${optionalString config.krb5.enable ''
auth [default=ignore success=1 service_err=reset] ${pam_krb5}/lib/security/pam_krb5.so use_first_pass
auth [default=die success=done] ${pam_ccreds}/lib/security/pam_ccreds.so action=validate use_first_pass
auth sufficient ${pam_ccreds}/lib/security/pam_ccreds.so action=store use_first_pass
''}
auth required pam_deny.so
@ -184,6 +189,17 @@ in
'';
};
security.pam.enableSSHAgentAuth = mkOption {
default = false;
description =
''
Enable sudo logins if the user's SSH agent provides a key
present in <filename>~/.ssh/authorized_keys</filename>.
This allows machines to exclusively use SSH keys instead of
passwords.
'';
};
};
@ -216,9 +232,11 @@ in
[ { name = "cups"; }
{ name = "ejabberd"; }
{ name = "ftp"; }
{ name = "i3lock"; }
{ name = "lshd"; }
{ name = "samba"; }
{ name = "sshd"; }
{ name = "vlock"; }
{ name = "xlock"; }
];

13
modules/security/sudo.nix
View file

@ -30,13 +30,16 @@ in
# configuration will fail to build.
default =
''
# Don't edit this file. Set nixos option security.sudo.configFile instead
# Don't edit this file. Set the NixOS option security.sudo.configFile instead.
# env vars to keep for root and %wheel also if not explicitly set
# Environment variables to keep for root and %wheel.
Defaults:root,%wheel env_keep+=LOCALE_ARCHIVE
Defaults:root,%wheel env_keep+=NIX_PATH
Defaults:root,%wheel env_keep+=TERMINFO_DIRS
# Keep SSH_AUTH_SOCK so that pam_ssh_agent_auth.so can do its magic.
Defaults env_keep+=SSH_AUTH_SOCK
# "root" is allowed to do anything.
root ALL=(ALL) SETENV: ALL
@ -60,15 +63,13 @@ in
environment.systemPackages = [ sudo ];
security.pam.services = [ { name = "sudo"; } ];
security.pam.services = [ { name = "sudo"; sshAgentAuth = true; } ];
environment.etc = singleton
{ source = pkgs.runCommand "sudoers"
{ src = pkgs.writeText "sudoers-in" cfg.configFile; }
{ source = pkgs.writeText "sudoers-in" cfg.configFile;
# Make sure that the sudoers file is syntactically valid.
# (currently disabled - NIXOS-66)
#"${pkgs.sudo}/sbin/visudo -f $src -c && cp $src $out";
"cp $src $out";
target = "sudoers";
mode = "0440";
};

10
modules/services/mail/dovecot2.nix
View file

@ -25,7 +25,7 @@ let
+ ''
default_internal_user = ${cfg.user}
mail_location = maildir:/var/spool/mail/%u
mail_location = ${cfg.mailLocation}
maildir_copy_with_hardlinks = yes
@ -76,6 +76,14 @@ in
description = "Dovecot group name.";
};
mailLocation = mkOption {
default = "maildir:/var/spool/mail/%u"; /* Same as inbox, as postfix */
example = "maildir:~/mail:INBOX=/var/spool/mail/%u";
description = ''
Location that dovecot will use for mail folders. Dovecot mail_location option.
'';
};
sslServerCert = mkOption {
default = "";
description = "Server certificate";

2
modules/services/mail/postfix.nix
View file

@ -307,7 +307,7 @@ in
# accurate way is unlikely to be better.
{ description = "Postfix mail server";
startOn = "started networking";
startOn = "started networking and filesystem";
daemonType = "none";

4
modules/services/networking/avahi-daemon.nix
View file

@ -44,7 +44,7 @@ in
};
hostName = mkOption {
default = config.networking.hostName;
type = types.uniq types.string;
description = ''Host name advertised on the LAN.'';
};
@ -93,6 +93,8 @@ in
config = mkIf cfg.enable {
services.avahi.hostName = mkDefault config.networking.hostName;
users.extraUsers = singleton
{ name = "avahi";
uid = config.ids.uids.avahi;

9
modules/services/networking/bind.nix
View file

@ -78,6 +78,13 @@ in
";
};
ipv4Only = mkOption {
default = false;
description = "
Only use ipv4, even if the host supports ipv6
";
};
zones = mkOption {
default = [];
description = "
@ -121,7 +128,7 @@ in
${pkgs.coreutils}/bin/mkdir -p /var/run/named
'';
exec = "${pkgs.bind}/sbin/named -c ${cfg.configFile} -f";
exec = "${pkgs.bind}/sbin/named ${optionalString cfg.ipv4Only "-4"} -c ${cfg.configFile} -f";
};
};

40
modules/services/networking/cntlm.nix
View file

@ -13,7 +13,7 @@ in
options = {
services.cntlm= {
services.cntlm = {
enable = mkOption {
default = false;
@ -39,9 +39,9 @@ in
};
netbios_hostname = mkOption {
default = config.networking.hostName;
type = types.uniq types.string;
description = ''
The hostname of your workstation.
The hostname of your machine.
'';
};
@ -73,28 +73,28 @@ in
###### implementation
config = mkIf config.services.cntlm.enable {
services.cntlm.netbios_hostname = mkDefault config.networking.hostName;
users.extraUsers = singleton {
name = "cntlm";
description = "cntlm system-wide daemon";
home = "/var/empty";
name = "cntlm";
description = "cntlm system-wide daemon";
home = "/var/empty";
};
jobs.cntlm = {
description = "cntlm is an NTLM / NTLM Session Response / NTLMv2 authenticating HTTP proxy.";
jobs.cntlm =
{ description = "CNTLM is an NTLM / NTLM Session Response / NTLMv2 authenticating HTTP proxy";
startOn = "started network-interfaces";
environment = {
};
preStart = '' '';
daemonType = "fork";
daemonType = "fork";
exec =
''
${pkgs.cntlm}/bin/cntlm -U cntlm \
-c ${pkgs.writeText "cntlm_config" cfg.extraConfig}
'';
};
exec =
''
${pkgs.cntlm}/bin/cntlm -U cntlm \
-c ${pkgs.writeText "cntlm_config" cfg.extraConfig}
'';
};
services.cntlm.extraConfig =
''
@ -109,5 +109,7 @@ in
Listen ${toString port}
'') cfg.port}
'';
};
}

4
modules/services/networking/prayer.nix
View file

@ -26,7 +26,9 @@ let
'';
prayerCfg = pkgs.runCommand "prayer.cf" { } ''
cat ${prayer}/etc/prayer.cf ${prayerExtraCfg} > $out
# We have to remove the http_port 80, or it will start a server there
cat ${prayer}/etc/prayer.cf | grep -v http_port > $out
cat ${prayerExtraCfg} >> $out
'';
in

6
modules/services/scheduling/fcron.nix
View file

@ -101,7 +101,7 @@ in
jobs.fcron =
{ description = "fcron daemon";
startOn = "startup";
startOn = "startup and filesystem";
environment =
{ PATH = "/var/run/current-system/sw/bin";
@ -114,7 +114,9 @@ in
${pkgs.fcron}/bin/fcrontab -u systab ${pkgs.writeText "systab" cfg.systab}
'';
exec = "${pkgs.fcron}/sbin/fcron -f -m ${toString cfg.maxSerialJobs} ${queuelen}";
daemonType = "fork";
exec = "${pkgs.fcron}/sbin/fcron -m ${toString cfg.maxSerialJobs} ${queuelen}";
};
};

2
modules/services/ttys/mingetty.nix
View file

@ -31,7 +31,7 @@ with pkgs.lib;
};
greetingLine = mkOption {
default = ''<<< Welcome to NixOS ${config.system.nixosVersion} (\m) - \s \r (\l) >>>'';
default = ''<<< Welcome to NixOS ${config.system.nixosVersion} (\m) - \l >>>'';
description = ''
Welcome line printed by mingetty.
'';

17
modules/system/boot/stage-2-init.sh
View file

@ -46,6 +46,7 @@ if [ ! -e /proc/1 ]; then
mknod -m 0666 /dev/null c 1 3
mknod -m 0644 /dev/urandom c 1 9 # needed for passwd
mknod -m 0644 /dev/console c 5 1
mknod -m 0644 /dev/ptmx c 5 2 # required by upstart
mknod -m 0644 /dev/tty1 c 4 1
mknod -m 0644 /dev/ttyS0 c 4 64
mknod -m 0644 /dev/ttyS1 c 4 65
@ -101,16 +102,18 @@ mkdir -m 0755 -p /etc/nixos
rm -rf /var/run /var/lock /var/log/upstart
rm -f /etc/resolv.conf
#echo -n "cleaning \`/tmp'..."
#rm -rf --one-file-system /tmp/*
#echo " done"
if test -n "@cleanTmpDir@"; then
echo -n "cleaning \`/tmp'..."
find /tmp -maxdepth 1 -mindepth 1 -print0 | xargs -0r rm -rf --one-file-system
echo " done"
else
# Get rid of ICE locks...
rm -rf /tmp/.ICE-unix
fi
# Get rid of ICE locks and ensure that it's owned by root.
rm -rf /tmp/.ICE-unix
# ... and ensure that it's owned by root.
mkdir -m 1777 /tmp/.ICE-unix
# This is a good time to clean up /nix/var/nix/chroots. Doing an `rm
# -rf' on it isn't safe in general because it can contain bind mounts
# to /nix/store and other places. But after rebooting these are all

12
modules/system/boot/stage-2.nix
View file

@ -40,6 +40,14 @@ let
for the accepted syntax.
'';
};
cleanTmpDir = pkgs.lib.mkOption {
default = false;
example = true;
description = ''
Delete all files in /tmp/ during boot.
'';
};
};
};
@ -51,7 +59,7 @@ let
src = ./stage-2-init.sh;
shellDebug = "${pkgs.bashInteractive}/bin/bash";
isExecutable = true;
inherit (config.boot) devShmSize runSize;
inherit (config.boot) devShmSize runSize cleanTmpDir;
ttyGid = config.ids.gids.tty;
upstart = config.system.build.upstart;
path =
@ -59,7 +67,7 @@ let
pkgs.utillinux
pkgs.udev
pkgs.sysvtools
];
] ++ pkgs.lib.optional config.boot.cleanTmpDir pkgs.findutils;
postBootCommands = pkgs.writeText "local-cmds"
''
${config.boot.postBootCommands}

13
modules/tasks/filesystems.nix
View file

@ -22,7 +22,7 @@ let
# Swap devices.
${flip concatMapStrings config.swapDevices (sw:
"${sw.device} none swap\n"
"${sw.device} none swap\n"
)}
'';
@ -213,6 +213,17 @@ in
${flip concatMapStrings config.fileSystems (fs: optionalString fs.autocreate ''
mkdir -p -m 0755 '${fs.mountPoint}'
'')}
# Create missing swapfiles.
# FIXME: support changing the size of existing swapfiles.
${flip concatMapStrings config.swapDevices (sw: optionalString (sw.size != null) ''
if [ ! -e "${sw.device}" -a -e "$(dirname "${sw.device}")" ]; then
# FIXME: use fallocate on filesystems that support it.
dd if=/dev/zero of="${sw.device}" bs=1M count=${toString sw.size}
mkswap ${sw.device}
fi
'')}
'';
daemonType = "daemon";

7
modules/virtualisation/virtualbox-guest.nix
View file

@ -11,6 +11,7 @@ let
in
if (pkgs.stdenv.isi686 || pkgs.stdenv.isx86_64) then
{
###### interface
@ -72,7 +73,11 @@ in
# should restrict this to logged-in users.
KERNEL=="vboxuser", OWNER="root", GROUP="root", MODE="0666"
'';
# Make the ACPI Shutdown command to do the right thing.
services.acpid.enable = true;
services.acpid.powerEventCommands = "poweroff";
};
}
else {}

12
tests/misc.nix
View file

@ -4,7 +4,11 @@
{
machine = { config, pkgs, ... }: { };
machine =
{ config, pkgs, ... }:
{ swapDevices = pkgs.lib.mkOverride 0
[ { device = "/root/swapfile"; size = 128; } ];
};
testScript =
''
@ -23,6 +27,12 @@
subtest "gmp", sub {
$machine->succeed("expr 1 + 2");
};
# Test that the swap file got created.
subtest "swapfile", sub {
$machine->waitUntilSucceeds("cat /proc/swaps | grep /root/swapfile");
$machine->succeed("ls -l /root/swapfile | grep 134217728");
};
'';
}