dev/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

Merge branch 'master' of github.com:NixOS/nixos into systemd

Browse Source
This commit is contained in:
Eelco Dolstra 2012-06-14 12:02:17 -04:00
commit fae777c264
19 changed files with 158 additions and 60 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
doc/manual/options-to-docbook.xsl
View File

@ -156,7 +156,10 @@
or to the local filesystem. --> or to the local filesystem. -->
<xsl:choose> <xsl:choose>
<xsl:when test="$revision != 'local' and contains(@value, '/modules/')"> <xsl:when test="$revision != 'local' and contains(@value, '/modules/')">
<xsl:attribute name="xlink:href">https://nixos.org/viewvc/nix/nixos/trunk/modules/<xsl:value-of select="substring-after(@value, '/modules/')"/>?revision=<xsl:value-of select="$revision"/></xsl:attribute> <xsl:attribute name="xlink:href">https://github.com/NixOS/nixos/blob/<xsl:value-of select="$revision"/>/modules/<xsl:value-of select="substring-after(@value, '/modules/')"/></xsl:attribute>
</xsl:when>
<xsl:when test="$revision != 'local' and contains(@value, 'charon') and contains(@value, '/nix/')">
<xsl:attribute name="xlink:href">https://github.com/NixOS/charon/blob/<xsl:value-of select="$revision"/>/nix/<xsl:value-of select="substring-after(@value, '/nix/')"/></xsl:attribute>
</xsl:when> </xsl:when>
<xsl:otherwise> <xsl:otherwise>
<xsl:attribute name="xlink:href">file://<xsl:value-of select="@value"/></xsl:attribute> <xsl:attribute name="xlink:href">file://<xsl:value-of select="@value"/></xsl:attribute>
@ -166,8 +169,11 @@
/nix/store/<hash> prefix by the default location of nixos /nix/store/<hash> prefix by the default location of nixos
sources. --> sources. -->
<xsl:choose> <xsl:choose>
<xsl:when test="starts-with(@value, '/nix/store/')"> <xsl:when test="contains(@value, '/modules/')">
/etc/nixos/nixos/modules/<xsl:value-of select="substring-after(@value, '/modules/')"/> &lt;nixos/modules/<xsl:value-of select="substring-after(@value, '/modules/')"/>&gt;
</xsl:when>
<xsl:when test="contains(@value, 'charon') and contains(@value, '/nix/')">
&lt;charon/<xsl:value-of select="substring-after(@value, '/nix/')"/>&gt;
</xsl:when> </xsl:when>
<xsl:otherwise> <xsl:otherwise>
<xsl:value-of select="@value" /> <xsl:value-of select="@value" />

16
modules/config/swap.nix
View File

@ -33,18 +33,30 @@ with pkgs.lib;
device = mkOption { device = mkOption {
example = "/dev/sda3"; example = "/dev/sda3";
type = types.string; type = types.uniq types.string;
description = "Path of the device."; description = "Path of the device.";
}; };
label = mkOption { label = mkOption {
example = "swap"; example = "swap";
type = types.string; type = types.uniq types.string;
description = '' description = ''
Label of the device. Can be used instead of <varname>device</varname>. Label of the device. Can be used instead of <varname>device</varname>.
''; '';
}; };
size = mkOption {
default = null;
example = 2048;
type = types.nullOr types.int;
description = ''
If this option is set, device is interpreted as the
path of a swapfile that will be created automatically
with the indicated size (in megabytes) if it doesn't
exist.
'';
};
}; };
config = { config = {

3
modules/installer/cd-dvd/system-tarball-sheevaplug.nix
View File

@ -1,5 +1,5 @@
# This module contains the basic configuration for building a NixOS # This module contains the basic configuration for building a NixOS
# installation CD. # tarball for the sheevaplug.
{ config, pkgs, ... }: { config, pkgs, ... }:
@ -87,6 +87,7 @@ in
pkgs.bvi # binary editor pkgs.bvi # binary editor
pkgs.joe pkgs.joe
]; ];
*/
boot.loader.grub.enable = false; boot.loader.grub.enable = false;
boot.loader.generationsDir.enable = false; boot.loader.generationsDir.enable = false;

2
modules/programs/shadow.nix
View File

@ -37,7 +37,7 @@ in
users.defaultUserShell = pkgs.lib.mkOption { users.defaultUserShell = pkgs.lib.mkOption {
default = "/var/run/current-system/sw/bin/bash"; default = "/var/run/current-system/sw/bin/bash";
description = '' description = ''
This option defined the default shell assigned to user This option defines the default shell assigned to user
accounts. This must not be a store path, since the path is accounts. This must not be a store path, since the path is
used outside the store (in particular in /etc/passwd). used outside the store (in particular in /etc/passwd).
Rather, it should be the path of a symlink that points to the Rather, it should be the path of a symlink that points to the

34
modules/security/pam.nix
View File

@ -7,7 +7,7 @@ with pkgs.lib;
let let
inherit (pkgs) pam_usb pam_ldap pam_krb5 pam_ccreds; inherit (pkgs) pam_ldap pam_krb5 pam_ccreds;
otherService = pkgs.writeText "other.pam" otherService = pkgs.writeText "other.pam"
'' ''
@ -37,6 +37,10 @@ let
, # If set, user listed in /etc/pamusb.conf are able to log in with , # If set, user listed in /etc/pamusb.conf are able to log in with
# the associated usb key. # the associated usb key.
usbAuth ? config.security.pam.usb.enable usbAuth ? config.security.pam.usb.enable
, # If set, the calling user's SSH agent is used to authenticate
# against the keys in the calling user's ~/.ssh/authorized_keys.
# This is useful for "sudo" on password-less remote systems.
sshAgentAuth ? false
, # If set, use ConsoleKit's PAM connector module to claim , # If set, use ConsoleKit's PAM connector module to claim
# ownership of audio devices etc. # ownership of audio devices etc.
ownDevices ? false ownDevices ? false
@ -70,16 +74,17 @@ let
# Authentication management. # Authentication management.
${optionalString rootOK ${optionalString rootOK
"auth sufficient pam_rootok.so"} "auth sufficient pam_rootok.so"}
${optionalString (config.security.pam.enableSSHAgentAuth && sshAgentAuth)
"auth sufficient ${pkgs.pam_ssh_agent_auth}/libexec/pam_ssh_agent_auth.so file=~/.ssh/authorized_keys"}
${optionalString usbAuth ${optionalString usbAuth
"auth sufficient ${pam_usb}/lib/security/pam_usb.so"} "auth sufficient ${pkgs.pam_usb}/lib/security/pam_usb.so"}
auth sufficient pam_unix.so ${ auth sufficient pam_unix.so ${optionalString allowNullPassword "nullok"} likeauth
optionalString allowNullPassword "nullok"} likeauth
${optionalString config.users.ldap.enable ${optionalString config.users.ldap.enable
"auth sufficient ${pam_ldap}/lib/security/pam_ldap.so use_first_pass"} "auth sufficient ${pam_ldap}/lib/security/pam_ldap.so use_first_pass"}
${optionalString config.krb5.enable ${optionalString config.krb5.enable ''
''auth [default=ignore success=1 service_err=reset] ${pam_krb5}/lib/security/pam_krb5.so use_first_pass auth [default=ignore success=1 service_err=reset] ${pam_krb5}/lib/security/pam_krb5.so use_first_pass
auth [default=die success=done] ${pam_ccreds}/lib/security/pam_ccreds.so action=validate use_first_pass auth [default=die success=done] ${pam_ccreds}/lib/security/pam_ccreds.so action=validate use_first_pass
auth sufficient ${pam_ccreds}/lib/security/pam_ccreds.so action=store use_first_pass auth sufficient ${pam_ccreds}/lib/security/pam_ccreds.so action=store use_first_pass
''} ''}
auth required pam_deny.so auth required pam_deny.so
@ -184,6 +189,17 @@ in
''; '';
}; };
security.pam.enableSSHAgentAuth = mkOption {
default = false;
description =
''
Enable sudo logins if the user's SSH agent provides a key
present in <filename>~/.ssh/authorized_keys</filename>.
This allows machines to exclusively use SSH keys instead of
passwords.
'';
};
}; };
@ -216,9 +232,11 @@ in
[ { name = "cups"; } [ { name = "cups"; }
{ name = "ejabberd"; } { name = "ejabberd"; }
{ name = "ftp"; } { name = "ftp"; }
{ name = "i3lock"; }
{ name = "lshd"; } { name = "lshd"; }
{ name = "samba"; } { name = "samba"; }
{ name = "sshd"; } { name = "sshd"; }
{ name = "vlock"; }
{ name = "xlock"; } { name = "xlock"; }
]; ];

13
modules/security/sudo.nix
View File

@ -30,13 +30,16 @@ in
# configuration will fail to build. # configuration will fail to build.
default = default =
'' ''
# Don't edit this file. Set nixos option security.sudo.configFile instead # Don't edit this file. Set the NixOS option security.sudo.configFile instead.
# env vars to keep for root and %wheel also if not explicitly set # Environment variables to keep for root and %wheel.
Defaults:root,%wheel env_keep+=LOCALE_ARCHIVE Defaults:root,%wheel env_keep+=LOCALE_ARCHIVE
Defaults:root,%wheel env_keep+=NIX_PATH Defaults:root,%wheel env_keep+=NIX_PATH
Defaults:root,%wheel env_keep+=TERMINFO_DIRS Defaults:root,%wheel env_keep+=TERMINFO_DIRS
# Keep SSH_AUTH_SOCK so that pam_ssh_agent_auth.so can do its magic.
Defaults env_keep+=SSH_AUTH_SOCK
# "root" is allowed to do anything. # "root" is allowed to do anything.
root ALL=(ALL) SETENV: ALL root ALL=(ALL) SETENV: ALL
@ -60,15 +63,13 @@ in
environment.systemPackages = [ sudo ]; environment.systemPackages = [ sudo ];
security.pam.services = [ { name = "sudo"; } ]; security.pam.services = [ { name = "sudo"; sshAgentAuth = true; } ];
environment.etc = singleton environment.etc = singleton
{ source = pkgs.runCommand "sudoers" { source = pkgs.writeText "sudoers-in" cfg.configFile;
{ src = pkgs.writeText "sudoers-in" cfg.configFile; }
# Make sure that the sudoers file is syntactically valid. # Make sure that the sudoers file is syntactically valid.
# (currently disabled - NIXOS-66) # (currently disabled - NIXOS-66)
#"${pkgs.sudo}/sbin/visudo -f $src -c && cp $src $out"; #"${pkgs.sudo}/sbin/visudo -f $src -c && cp $src $out";
"cp $src $out";
target = "sudoers"; target = "sudoers";
mode = "0440"; mode = "0440";
}; };

10
modules/services/mail/dovecot2.nix
View File

@ -25,7 +25,7 @@ let
+ '' + ''
default_internal_user = ${cfg.user} default_internal_user = ${cfg.user}
mail_location = maildir:/var/spool/mail/%u mail_location = ${cfg.mailLocation}
maildir_copy_with_hardlinks = yes maildir_copy_with_hardlinks = yes
@ -76,6 +76,14 @@ in
description = "Dovecot group name."; description = "Dovecot group name.";
}; };
mailLocation = mkOption {
default = "maildir:/var/spool/mail/%u"; /* Same as inbox, as postfix */
example = "maildir:~/mail:INBOX=/var/spool/mail/%u";
description = ''
Location that dovecot will use for mail folders. Dovecot mail_location option.
'';
};
sslServerCert = mkOption { sslServerCert = mkOption {
default = ""; default = "";
description = "Server certificate"; description = "Server certificate";

2
modules/services/mail/postfix.nix
View File

@ -307,7 +307,7 @@ in
# accurate way is unlikely to be better. # accurate way is unlikely to be better.
{ description = "Postfix mail server"; { description = "Postfix mail server";
startOn = "started networking"; startOn = "started networking and filesystem";
daemonType = "none"; daemonType = "none";

4
modules/services/networking/avahi-daemon.nix
View File

@ -44,7 +44,7 @@ in
}; };
hostName = mkOption { hostName = mkOption {
default = config.networking.hostName; type = types.uniq types.string;
description = ''Host name advertised on the LAN.''; description = ''Host name advertised on the LAN.'';
}; };
@ -93,6 +93,8 @@ in
config = mkIf cfg.enable { config = mkIf cfg.enable {
services.avahi.hostName = mkDefault config.networking.hostName;
users.extraUsers = singleton users.extraUsers = singleton
{ name = "avahi"; { name = "avahi";
uid = config.ids.uids.avahi; uid = config.ids.uids.avahi;

9
modules/services/networking/bind.nix
View File

@ -78,6 +78,13 @@ in
"; ";
}; };
ipv4Only = mkOption {
default = false;
description = "
Only use ipv4, even if the host supports ipv6
";
};
zones = mkOption { zones = mkOption {
default = []; default = [];
description = " description = "
@ -121,7 +128,7 @@ in
${pkgs.coreutils}/bin/mkdir -p /var/run/named ${pkgs.coreutils}/bin/mkdir -p /var/run/named
''; '';
exec = "${pkgs.bind}/sbin/named -c ${cfg.configFile} -f"; exec = "${pkgs.bind}/sbin/named ${optionalString cfg.ipv4Only "-4"} -c ${cfg.configFile} -f";
}; };
}; };

40
modules/services/networking/cntlm.nix
View File

@ -13,7 +13,7 @@ in
options = { options = {
services.cntlm= { services.cntlm = {
enable = mkOption { enable = mkOption {
default = false; default = false;
@ -39,9 +39,9 @@ in
}; };
netbios_hostname = mkOption { netbios_hostname = mkOption {
default = config.networking.hostName; type = types.uniq types.string;
description = '' description = ''
The hostname of your workstation. The hostname of your machine.
''; '';
}; };
@ -73,28 +73,28 @@ in
###### implementation ###### implementation
config = mkIf config.services.cntlm.enable { config = mkIf config.services.cntlm.enable {
services.cntlm.netbios_hostname = mkDefault config.networking.hostName;
users.extraUsers = singleton { users.extraUsers = singleton {
name = "cntlm"; name = "cntlm";
description = "cntlm system-wide daemon"; description = "cntlm system-wide daemon";
home = "/var/empty"; home = "/var/empty";
}; };
jobs.cntlm = { jobs.cntlm =
description = "cntlm is an NTLM / NTLM Session Response / NTLMv2 authenticating HTTP proxy."; { description = "CNTLM is an NTLM / NTLM Session Response / NTLMv2 authenticating HTTP proxy";
startOn = "started network-interfaces"; startOn = "started network-interfaces";
environment = {
};
preStart = '' ''; daemonType = "fork";
daemonType = "fork"; exec =
''
exec = ${pkgs.cntlm}/bin/cntlm -U cntlm \
'' -c ${pkgs.writeText "cntlm_config" cfg.extraConfig}
${pkgs.cntlm}/bin/cntlm -U cntlm \ '';
-c ${pkgs.writeText "cntlm_config" cfg.extraConfig} };
'';
};
services.cntlm.extraConfig = services.cntlm.extraConfig =
'' ''
@ -109,5 +109,7 @@ in
Listen ${toString port} Listen ${toString port}
'') cfg.port} '') cfg.port}
''; '';
}; };
} }

4
modules/services/networking/prayer.nix
View File

@ -26,7 +26,9 @@ let
''; '';
prayerCfg = pkgs.runCommand "prayer.cf" { } '' prayerCfg = pkgs.runCommand "prayer.cf" { } ''
cat ${prayer}/etc/prayer.cf ${prayerExtraCfg} > $out # We have to remove the http_port 80, or it will start a server there
cat ${prayer}/etc/prayer.cf | grep -v http_port > $out
cat ${prayerExtraCfg} >> $out
''; '';
in in

6
modules/services/scheduling/fcron.nix
View File

@ -101,7 +101,7 @@ in
jobs.fcron = jobs.fcron =
{ description = "fcron daemon"; { description = "fcron daemon";
startOn = "startup"; startOn = "startup and filesystem";
environment = environment =
{ PATH = "/var/run/current-system/sw/bin"; { PATH = "/var/run/current-system/sw/bin";
@ -114,7 +114,9 @@ in
${pkgs.fcron}/bin/fcrontab -u systab ${pkgs.writeText "systab" cfg.systab} ${pkgs.fcron}/bin/fcrontab -u systab ${pkgs.writeText "systab" cfg.systab}
''; '';
exec = "${pkgs.fcron}/sbin/fcron -f -m ${toString cfg.maxSerialJobs} ${queuelen}"; daemonType = "fork";
exec = "${pkgs.fcron}/sbin/fcron -m ${toString cfg.maxSerialJobs} ${queuelen}";
}; };
}; };

2
modules/services/ttys/mingetty.nix
View File

@ -31,7 +31,7 @@ with pkgs.lib;
}; };
greetingLine = mkOption { greetingLine = mkOption {
default = ''<<< Welcome to NixOS ${config.system.nixosVersion} (\m) - \s \r (\l) >>>''; default = ''<<< Welcome to NixOS ${config.system.nixosVersion} (\m) - \l >>>'';
description = '' description = ''
Welcome line printed by mingetty. Welcome line printed by mingetty.
''; '';

17
modules/system/boot/stage-2-init.sh
View File

@ -46,6 +46,7 @@ if [ ! -e /proc/1 ]; then
mknod -m 0666 /dev/null c 1 3 mknod -m 0666 /dev/null c 1 3
mknod -m 0644 /dev/urandom c 1 9 # needed for passwd mknod -m 0644 /dev/urandom c 1 9 # needed for passwd
mknod -m 0644 /dev/console c 5 1 mknod -m 0644 /dev/console c 5 1
mknod -m 0644 /dev/ptmx c 5 2 # required by upstart
mknod -m 0644 /dev/tty1 c 4 1 mknod -m 0644 /dev/tty1 c 4 1
mknod -m 0644 /dev/ttyS0 c 4 64 mknod -m 0644 /dev/ttyS0 c 4 64
mknod -m 0644 /dev/ttyS1 c 4 65 mknod -m 0644 /dev/ttyS1 c 4 65
@ -101,16 +102,18 @@ mkdir -m 0755 -p /etc/nixos
rm -rf /var/run /var/lock /var/log/upstart rm -rf /var/run /var/lock /var/log/upstart
rm -f /etc/resolv.conf rm -f /etc/resolv.conf
#echo -n "cleaning \`/tmp'..." if test -n "@cleanTmpDir@"; then
#rm -rf --one-file-system /tmp/* echo -n "cleaning \`/tmp'..."
#echo " done" find /tmp -maxdepth 1 -mindepth 1 -print0 | xargs -0r rm -rf --one-file-system
echo " done"
else
# Get rid of ICE locks...
rm -rf /tmp/.ICE-unix
fi
# ... and ensure that it's owned by root.
# Get rid of ICE locks and ensure that it's owned by root.
rm -rf /tmp/.ICE-unix
mkdir -m 1777 /tmp/.ICE-unix mkdir -m 1777 /tmp/.ICE-unix
# This is a good time to clean up /nix/var/nix/chroots. Doing an `rm # This is a good time to clean up /nix/var/nix/chroots. Doing an `rm
# -rf' on it isn't safe in general because it can contain bind mounts # -rf' on it isn't safe in general because it can contain bind mounts
# to /nix/store and other places. But after rebooting these are all # to /nix/store and other places. But after rebooting these are all

12
modules/system/boot/stage-2.nix
View File

@ -40,6 +40,14 @@ let
for the accepted syntax. for the accepted syntax.
''; '';
}; };
cleanTmpDir = pkgs.lib.mkOption {
default = false;
example = true;
description = ''
Delete all files in /tmp/ during boot.
'';
};
}; };
}; };
@ -51,7 +59,7 @@ let
src = ./stage-2-init.sh; src = ./stage-2-init.sh;
shellDebug = "${pkgs.bashInteractive}/bin/bash"; shellDebug = "${pkgs.bashInteractive}/bin/bash";
isExecutable = true; isExecutable = true;
inherit (config.boot) devShmSize runSize; inherit (config.boot) devShmSize runSize cleanTmpDir;
ttyGid = config.ids.gids.tty; ttyGid = config.ids.gids.tty;
upstart = config.system.build.upstart; upstart = config.system.build.upstart;
path = path =
@ -59,7 +67,7 @@ let
pkgs.utillinux pkgs.utillinux
pkgs.udev pkgs.udev
pkgs.sysvtools pkgs.sysvtools
]; ] ++ pkgs.lib.optional config.boot.cleanTmpDir pkgs.findutils;
postBootCommands = pkgs.writeText "local-cmds" postBootCommands = pkgs.writeText "local-cmds"
'' ''
${config.boot.postBootCommands} ${config.boot.postBootCommands}

13
modules/tasks/filesystems.nix
View File

@ -22,7 +22,7 @@ let
# Swap devices. # Swap devices.
${flip concatMapStrings config.swapDevices (sw: ${flip concatMapStrings config.swapDevices (sw:
"${sw.device} none swap\n" "${sw.device} none swap\n"
)} )}
''; '';
@ -213,6 +213,17 @@ in
${flip concatMapStrings config.fileSystems (fs: optionalString fs.autocreate '' ${flip concatMapStrings config.fileSystems (fs: optionalString fs.autocreate ''
mkdir -p -m 0755 '${fs.mountPoint}' mkdir -p -m 0755 '${fs.mountPoint}'
'')} '')}
# Create missing swapfiles.
# FIXME: support changing the size of existing swapfiles.
${flip concatMapStrings config.swapDevices (sw: optionalString (sw.size != null) ''
if [ ! -e "${sw.device}" -a -e "$(dirname "${sw.device}")" ]; then
# FIXME: use fallocate on filesystems that support it.
dd if=/dev/zero of="${sw.device}" bs=1M count=${toString sw.size}
mkswap ${sw.device}
fi
'')}
''; '';
daemonType = "daemon"; daemonType = "daemon";

7
modules/virtualisation/virtualbox-guest.nix
View File

@ -11,6 +11,7 @@ let
in in
if (pkgs.stdenv.isi686 || pkgs.stdenv.isx86_64) then
{ {
###### interface ###### interface
@ -72,7 +73,11 @@ in
# should restrict this to logged-in users. # should restrict this to logged-in users.
KERNEL=="vboxuser", OWNER="root", GROUP="root", MODE="0666" KERNEL=="vboxuser", OWNER="root", GROUP="root", MODE="0666"
''; '';
# Make the ACPI Shutdown command to do the right thing.
services.acpid.enable = true;
services.acpid.powerEventCommands = "poweroff";
}; };
} }
else {}

12
tests/misc.nix
View File

@ -4,7 +4,11 @@
{ {
machine = { config, pkgs, ... }: { }; machine =
{ config, pkgs, ... }:
{ swapDevices = pkgs.lib.mkOverride 0
[ { device = "/root/swapfile"; size = 128; } ];
};
testScript = testScript =
'' ''
@ -23,6 +27,12 @@
subtest "gmp", sub { subtest "gmp", sub {
$machine->succeed("expr 1 + 2"); $machine->succeed("expr 1 + 2");
}; };
# Test that the swap file got created.
subtest "swapfile", sub {
$machine->waitUntilSucceeds("cat /proc/swaps | grep /root/swapfile");
$machine->succeed("ls -l /root/swapfile | grep 134217728");
};
''; '';
} }