Commit graph

320 commits

Author SHA1 Message Date
William A. Kennington III
38bc05158d network-interfaces: Add the ability to create bond devices
This patch adds support for the creations of new bond devices, aggregate
pipes of physical devices for extra throughput or failover.

Additionally, add better correction at the startup of a bridge
of vlan interface (delete old, stale interfaces).
2013-12-31 09:28:52 -06:00
Mathijs Kwik
3668970f7f Merge pull request #1430 from wkennington/mtu
network-interfaces: Add mtu setting support
2013-12-30 00:53:45 -08:00
William A. Kennington III
c6ab810e37 network-interfaces: Add mtu setting support
Adds a setting to the network interface configuration for changing the
mtu for each specified interface.
2013-12-30 02:52:55 -06:00
Mathijs Kwik
9b056e1e3e Merge pull request #1431 from wkennington/vlan
network-interfaces: Add support for creating vlans
2013-12-30 00:40:02 -08:00
William A. Kennington III
cabc0647d9 network-interfaces: Add support for creating vlans
This patch adds support for vlan creation at machine startup, so that we
can adjust interface settings for vlan devices using nix.
2013-12-29 21:54:24 -06:00
Moritz Ulrich
1f91c749f5 services.redshift: Start after display-manager.service.
Signed-off-by: Moritz Ulrich <moritz@tarn-vedra.de>
2013-12-29 21:19:19 +01:00
Moritz Ulrich
6934145c30 services.redshift: Enable auto-restart.
The redshift service stops working after some time (the program exits
after some hours/days). It looks like these exits are related to calls
to xrandr (for multiple displays) or suspend-to-ram.

Signed-off-by: Moritz Ulrich <moritz@tarn-vedra.de>
2013-12-29 21:19:19 +01:00
Georges Dubus
2ffab7ba6a Fixed a code typo in the documentation 2013-12-29 11:43:59 +01:00
Moritz Ulrich
5890215501 windowManager.xmonad: Make it configurable and extensible.
PR #1366
The previous windowManager.xmonad option only starts xmonad and
doesn't make ghc available. This assumes that the user has GHC with
access to the xmonad package in his PATH when using xmonad.

Xmonad in Nix is now patched to accept the XMONAD_{GHC,XMESSAGE}
environment variables which define the path to either ghc or xmessage.
These are set automatically when using xmonad through
windowManager.xmonad.

My (or specific: @aristidb and my) changes make it possible to use
Xmonad without adding GHC to any profile. This is useful if you want
to add a different GHC to your profile.

This commit introduces some options:

- xmonad.haskellPackages: Controls which Haskell package set & GHC set
  is used to (re)build Xmonad

- xmonad.extraPackages: Function returning a list of additional
  packages to make available to GHC when rebuilding Xmonad

- xmonad.enableContribExtras: Boolean option to build xmonadContrib
  and xmonadExtras.

Signed-off-by: Moritz Ulrich <moritz@tarn-vedra.de>
2013-12-28 09:29:53 +01:00
Vladimír Čunát
b80d1c5923 Merge x-updates 2013-12-25 23:56:41 +01:00
Peter Simons
6bc4007e60 nixos: don't white-list port 8200 in the firewall when minidlna is enabled
If you want minidla to accept connections from the rest of the world, please
add

    networking.firewall.allowedTCPPorts = [ 8200 ];
    networking.firewall.allowedUDPPorts = [ 1900 ];

to /etc/nixos/configuration.nix.

See <http://lists.science.uu.nl/pipermail/nix-dev/2013-November/011997.html>
for the discussion that lead to this.
2013-12-23 21:32:13 +01:00
Peter Simons
7bb7ea52e9 nixos: don't white-list port 5900 in the firewall when x11vnc is enabled
If you want x11vnc to receive TCP connections from the rest of the world,
please add

    networking.firewall.allowedTCPPorts = [ 5900 ];

to /etc/nixos/configuration.nix.

See <http://lists.science.uu.nl/pipermail/nix-dev/2013-November/011997.html>
for the discussion that lead to this.
2013-12-23 21:30:10 +01:00
Peter Simons
19a79fc71d nixos: don't white-list port 631 in the firewall when CUPS is enabled
If you want CUPS to receive UDP printer announcements from the rest of the
world, please add

  networking.firewall.allowedUDPPorts = [ 631 ];

to /etc/nixos/configuration.nix.

See <http://lists.science.uu.nl/pipermail/nix-dev/2013-November/011997.html>
for the discussion that lead to this.
2013-12-23 21:27:07 +01:00
Vladimír Čunát
50ac037864 Merge master into x-updates 2013-12-23 19:27:14 +01:00
Lluís Batlle i Rossell
152da7671c nixos initrd: load atkbd, not xtkbd
I don't think anyone has a XT keyboard in a computer running nixos.
2013-12-23 09:01:45 +01:00
Vladimír Čunát
2b24f1349a Merge master into x-updates 2013-12-21 10:20:55 +01:00
Michael Raskin
997778c820 Make Ejabberd service work 2013-12-20 18:16:56 +04:00
Eelco Dolstra
f5844f98ac mediawiki: Update to 1.20.8
CVE-2013-4567, CVE-2013-4568
2013-12-20 14:46:57 +01:00
Vladimír Čunát
4c5a71f777 Merge master into x-updates
Conflicts:
	pkgs/desktops/gnome-2/desktop/gvfs/default.nix
	pkgs/development/libraries/cogl/default.nix
	pkgs/development/libraries/libsoup/2.44.nix
2013-12-18 23:21:29 +01:00
Michael Raskin
bdd1fea87b Merge pull request #1373 from offlinehacker/nixos/memcached/user_fix
memcached: set uid to make it work with #1076
2013-12-14 22:55:00 -08:00
Michael Raskin
654627fe4c Merge pull request #1362 from tomberek/ddclient_correction
Correct web-skip value to match behavior of checkip.dyndns.com
2013-12-14 22:51:44 -08:00
Michael Raskin
152f7666af Merge pull request #1340 from bjornfor/ntopng
Add ntopng package and nixos service module
2013-12-14 22:46:49 -08:00
David Virgilio
2f69aaf721 add herbstluftwm enable option 2013-12-14 14:45:33 +01:00
Jaka Hudoklin
24e2ef5126 memcached: set uid to make it work with #1076 2013-12-13 10:09:08 +01:00
Rob Vermaas
61d346eaaf Google Compute image: fix punctuation in description, give disk image proper name with version and revision. 2013-12-12 12:48:09 +01:00
Eelco Dolstra
8c2dd86fe2 Manual: Fix typo
Fixes #1363.
2013-12-12 10:38:13 +01:00
Thomas Bereknyei
6129be5a7a Correct web-skip value to match behavior of checkip.dyndns.com 2013-12-11 23:22:43 -05:00
Eelco Dolstra
14018c2de1 fail2ban: Fix preStart action
Creating /run/fail2ban didn't work since it didn't have write
permission to /run.  Now it does.

Reported by Thomas Bereknyei.
2013-12-11 21:16:58 +01:00
Rob Vermaas
ee8a58a72f Remove a hardcoded SSH public key from the Google Compute image. 2013-12-11 16:18:12 +01:00
Rob Vermaas
f7b256a221 Add initial configuration for Google Compute Engine 2013-12-11 15:32:27 +01:00
Vladimír Čunát
089da3ee5c Merge master into x-updates
Conflicts (simple):
	pkgs/top-level/all-packages.nix
2013-12-10 13:00:02 +01:00
Bjørn Forsman
9474fbae65 nixos: add ntopng service
ntopng is a high-speed web-based traffic analysis and flow collection
tool. Enable it by adding this to configuration.nix:

  services.ntopng.enable = true;

Open a browser at http://localhost:3000 and login with the default
username/password: admin/admin.
2013-12-09 21:35:01 +01:00
Bjørn Forsman
0856500f3e nixos/libvirtd-service: fix fail-to-start when no machines are configured
Don't fail to start the libvirtd service just because there are no files
that match the /etc/libvirt/qemu/*.xml pattern.
2013-12-09 19:41:44 +01:00
Vladimír Čunát
6690c97569 Merge branch 'master' into x-updates
Conflicts (just different styles, same semantics):
	pkgs/development/libraries/libusb1/default.nix
2013-12-07 14:17:16 +01:00
Bjørn Forsman
ca26e75a73 nixos/avahi-service: small documentation update 2013-12-07 12:03:50 +01:00
Eelco Dolstra
7809134e29 postgresql: Fix shutdown
Postgres was taking a long time to shutdown.  This is because we were
sending SIGINT to all processes, apparently confusing the autovacuum
launcher.  Instead it should only be sent to the main process (which
takes care of shutting down the others).

The downside is that systemd will also send the final SIGKILL only to
the main process, so other processes in the cgroup may be left behind.
There should be an option for this...
2013-12-03 12:04:20 -05:00
Vladimír Čunát
d09b722f77 Merge master into x-updates 2013-12-02 21:41:16 +01:00
Eelco Dolstra
09dd7f9afc Fix passing of kernel parameters
Broken in 9ee30cd9b5.  Reported by Arvin
Moezzi.
2013-12-02 11:56:58 -05:00
Eelco Dolstra
2cb492a847 cups: Allow users in the wheel group to do admin actions 2013-12-01 17:30:12 -05:00
Song Wenwu
c4885173b6 systemd: add services.journald.extraConfig option 2013-11-30 22:42:01 +01:00
Domen Kožar
4da388351a Merge pull request #1292 from jozko/openldap-fixes
Added openldap user, group and configure service so its not running as root
2013-11-28 13:40:11 -08:00
Jozko Skrablin
cb691265b6 Added openldap user, group and configure service so its not running as root. 2013-11-28 22:21:50 +01:00
Bjørn Forsman
f52f9bf7cd nixos/libvirtd-service: fix for garbage collected emulator paths
libvirtd puts the full path of the emulator binary in the machine config
file. But this path can unfortunately be garbage collected while still
being used by the virtual machine. Then this happens:

Error starting domain: Cannot check QEMU binary /nix/store/z5c2xzk9x0pj6x511w0w4gy9xl5wljxy-qemu-1.5.2-x86-only/bin/qemu-kvm: No such file or directory

Fix by updating the emulator path on each service startup to something
valid (re-scan $PATH).
2013-11-27 23:09:57 +01:00
Eelco Dolstra
9ee30cd9b5 Add support for lightweight NixOS containers
You can now say:

  systemd.containers.foo.config =
    { services.openssh.enable = true;
      services.openssh.ports = [ 2022 ];
      users.extraUsers.root.openssh.authorizedKeys.keys = [ "ssh-dss ..." ];
    };

which defines a NixOS instance with the given configuration running
inside a lightweight container.

You can also manage the configuration of the container independently
from the host:

  systemd.containers.foo.path = "/nix/var/nix/profiles/containers/foo";

where "path" is a NixOS system profile.  It can be created/updated by
doing:

  $ nix-env --set -p /nix/var/nix/profiles/containers/foo \
      -f '<nixos>' -A system -I nixos-config=foo.nix

The container configuration (foo.nix) should define

  boot.isContainer = true;

to optimise away the building of a kernel and initrd.  This is done
automatically when using the "config" route.

On the host, a lightweight container appears as the service
"container-<name>.service".  The container is like a regular NixOS
(virtual) machine, except that it doesn't have its own kernel.  It has
its own root file system (by default /var/lib/containers/<name>), but
shares the Nix store of the host (as a read-only bind mount).  It also
has access to the network devices of the host.

Currently, if the configuration of the container changes, running
"nixos-rebuild switch" on the host will cause the container to be
rebooted.  In the future we may want to send some message to the
container so that it can activate the new container configuration
without rebooting.

Containers are not perfectly isolated yet.  In particular, the host's
/sys/fs/cgroup is mounted (writable!) in the guest.
2013-11-27 17:14:10 +01:00
Eelco Dolstra
57f145a7f8 When setting $NIX_REMOTE, check whether /nix/var/nix/db is writable
In NixOS containers, root doesn't have write permission to
/nix/var/nix/db, so it has to use the daemon.
2013-11-27 17:09:17 +01:00
Eelco Dolstra
c6529ac9eb postgresql: Fix the port option
Also clarify the description of the enableTCPIP option.
2013-11-27 17:09:17 +01:00
Eelco Dolstra
e8baaba044 Add a regression test for hostname / nss_myhostname
Issue #1248.
2013-11-26 18:52:34 +01:00
Eelco Dolstra
953f12995b nscd: Fix LD_LIBRARY_PATH
This ensures that nscd can find the NSS modules.

Fixes #1248.
2013-11-26 18:38:22 +01:00
Eelco Dolstra
14cd8bc248 Allow services to specify a pre-stop script 2013-11-26 18:24:55 +01:00
Eelco Dolstra
2b1f212494 Disable various services when running inside a container 2013-11-26 18:19:45 +01:00