Commit graph

5066 commits

Author SHA1 Message Date
Domen Kožar
5384b04ead bash: fix broken completion 2013-09-27 01:15:22 +02:00
Eelco Dolstra
df6f5ade40 cupsd: Use Type=forking
http://hydra.nixos.org/build/6291101
2013-09-26 23:56:38 +02:00
Eelco Dolstra
e1318e6026 cupsd: Log to syslog (and thus the journal) 2013-09-26 21:05:20 +02:00
Eelco Dolstra
a26e4a43f3 Add a test for CUPS 2013-09-26 21:05:20 +02:00
Eelco Dolstra
82e1d0c8b1 Remove services.ttyBackgrounds
This hasn't worked in a long time.
2013-09-26 17:33:52 +02:00
Eelco Dolstra
b7b2476499 Remove the portmap module
It's obsoleted by rpcbind.
2013-09-26 17:04:07 +02:00
Eelco Dolstra
f70fbb1791 Fix duplicated environment values
All profileVariables listed each profile twice (e.g. $PATH contained
$HOME/.nix-profile/bin twice).  This is because mergeAttrsWithFunc is
broken (and deprecated):

  nix-repl> :p mergeAttrsWithFunc concat { x = [1]; } { y = [2]; }
  { x = [ 1 ]; y = [ 2 2 ]; }

So use zipAttrsWith instead.
2013-09-25 00:48:28 +02:00
Eelco Dolstra
cfd20debfb Fix bashrc regression
Interactive non-login shells should not source /etc/profile, otherwise
environment variables set by the user will get clobbered.  For
example:

  $ export PERL5LIB=/foo
  $ bash
  $ echo $PERL5LIB
  /home/eelco/.nix-profile/lib/perl5/site_perl:/nix/var/nix/profiles/default/lib/perl5/site_perl:/run/current-system/sw/lib/perl5/site_perl:/home/eelco/.nix-profile/lib/perl5/site_perl:/nix/var/nix/profiles/default/lib/perl5/site_perl:/run/current-system/sw/lib/perl5/site_perl
2013-09-25 00:25:22 +02:00
Rickard Nilsson
78721f57eb nvidia-x11: Put nvidia.icd in /etc/OpenCL/vendors
This makes OpenCL work with Nvidia cards (tested with darktable).
2013-09-24 20:28:52 +02:00
Shea Levy
9667a1ef75 environment.promptInit is now programs.<shell>.promptInit
Signed-off-by: Shea Levy <shea@shealevy.com>
2013-09-24 09:53:47 -04:00
Shea Levy
9ce148e738 Don't break compatibility with pre-1.6 nix
Signed-off-by: Shea Levy <shea@shealevy.com>
2013-09-24 09:40:06 -04:00
Eelco Dolstra
ec2266b2e2 Make environment variables overridable 2013-09-24 11:27:25 +02:00
Eelco Dolstra
b933b15d72 Don't generate /etc/environment
/etc/environment, if it exists, should be a list of NAME=VALUE pairs,
not a shell script.  See the pam_env manpage.
2013-09-24 11:01:55 +02:00
Rickard Nilsson
3a17c2b30b Add option systemd.automounts, for definining automount units 2013-09-23 23:16:45 +02:00
Eelco Dolstra
9df40867b9 In environment.variables, unify "value" and "list" 2013-09-23 23:07:32 +02:00
Mathijs Kwik
3840e96e79 Merge pull request #256 from oxij/shells-environment
I tested the previous "version" and found my environment to be exactly the same.

Let's start discussing possible extensions/improvements somewhere else. For now it's a nice improvement.
2013-09-23 11:23:10 -07:00
Jan Malakhovski
ffa4b28dce Add support for Zsh as an alternative (or not) default (or not) interactive shell. 2013-09-23 17:06:26 +00:00
Jan Malakhovski
b3f4040512 Radically change the way NixOS handles environment variables and make it possible not to use Bash as the default interactive shell.
This change does two things:

* "NixOSizes" environment variables generation. This allows some more
  error-checking and opens possibilities for a modular environment
  configuration. From now on the most of environment variables are
  generated directly by the nix code. Generating sh code that
  generates environment variables is left in a few places where
  nontrivial access to a local environment state is needed.
* By doing the first change this patch untangles bash from the
  environment configuration and makes it trivial to add a support for
  other non bash-compatible shells.

Now to the sad part. This change is quite large (and I'm not sure it's
possible to split it) and yet is not quite complete, it needs some
changes to nixpkgs to be perfect.
See !!! comments in modules/config/shells-environment.nix.

Main principle behind this change is "change environment generation
and nothing else". In particular, shell configuration principles stay
exactly the same as before.
2013-09-23 16:55:25 +00:00
Rickard Nilsson
bfd86d4e74 Fix bug in NetworkManager name server configuration 2013-09-23 16:01:56 +02:00
Eelco Dolstra
d94aa36f1e Fix saving the ALSA sound card state
This didn't work reliably because it raced with the remounting of /.
So if you were unlucky, then / was read-only by the time we ran
"alsactl store".  Now the sound card state is saved before anything is
unmounted/remounted.
2013-09-22 21:39:05 +02:00
Eelco Dolstra
f19065c283 Fix broken systemd shutdown services
The services systemd-random-seed-save.service and
systemd-update-utmp-shutdown.service from systemd 203 don't work,
because they have a RequiresMountFor dependency on /var/lib and
/var/log.  Such a dependency produces a cycle, causing systemd to drop
those services:

  Fixing conflicting jobs by deleting job poweroff.target/stop
  Deleting job systemd-poweroff.service/stop as dependency of job poweroff.target/stop
  Deleting job umount.target/stop as dependency of job systemd-poweroff.service/stop
  Deleting job -.mount/start as dependency of job umount.target/stop
  Deleting job systemd-random-seed-save.service/start as dependency of job -.mount/start
  Deleting job systemd-update-utmp-shutdown.service/start as dependency of job -.mount/start

Dropping the RequiresMountFor doesn't work either, because then
/var/... may have meen unmounted or remounted read-only.

Upstream systemd fixes this by doing the actual work from an ExecStop
action in an already-running service than conflicts with
shutdown.target.  So I backported that here.  The main consequence is
that wtmp shutdown records now get written properly.

The main lesson: shutdown.target is useless for pulling in services
during shutdown if they need to write anywhere.
2013-09-22 21:39:05 +02:00
Eelco Dolstra
f5c4874b05 Fix service description 2013-09-22 21:39:05 +02:00
Eelco Dolstra
4be5fae2da Log console logins in /var/log/wtmp 2013-09-22 21:39:05 +02:00
Eelco Dolstra
14f55a2f67 Remove unused runlevel targets 2013-09-22 21:39:05 +02:00
Eelco Dolstra
50d942960e Write a reboot record to /var/log/wtmp 2013-09-22 21:39:05 +02:00
Bjørn Forsman
4be44d011b services.cgminer.enable: improve description
So that a search for "bitcoin" in the configuration.nix(5) man page
yields a hit.
2013-09-22 16:44:00 +02:00
Peter Simons
f28dc07d49 Merge pull request #257 from oxij/bind-forwarders
bind: allow forwarders to differ from nameservers
2013-09-18 08:13:49 -07:00
Evgeny Egorochkin
b3d7f2945e manual: fix typo, #254. 2013-09-18 10:26:40 +03:00
Eelco Dolstra
58e40f84e1 Regression test for blkio functionality 2013-09-17 16:17:34 +02:00
Peter Simons
9f94a6ffaa modules/misc/ids.nix: document the fact that the uid for tcpcryptd is hard-coded in the daemon 2013-09-17 11:22:48 +02:00
Jan Malakhovski
af2382606c bind: allow forwarders to differ from nameservers 2013-09-17 01:21:17 +00:00
Rob Vermaas
0408858a8a Set CURL_CA_BUNDLE env variable for nix-daemon to allow pulling from a binary cache on https. Did not add to nix.envVars to avoid being added to shellInit. 2013-09-16 19:02:20 +02:00
Eelco Dolstra
b825169404 Add kexec support
You can now do a fast reboot (bypassing the BIOS, which may take
several minutes on servers) by running ‘systemctl kexec’.

Unfortunately the QEMU test for this is unreliable due to a QEMU bug
(it randomly crashes with a message like ‘Guest moved used index from
8 to 0’), so it's commented out.
2013-09-16 17:42:13 +02:00
Eelco Dolstra
5332480454 nixos-install: Fix copying from the CD
Nix 1.6 doesn't run the copy-from-other-stores substituter by default
anymore, so turn it on explicitly.

http://hydra.nixos.org/build/6144173
2013-09-16 13:30:34 +02:00
Eelco Dolstra
639bb95d0a Test whether the transparent fetchurl cache (tarballs.nixos.org) works
Testing this is useful in any case, but it's necessary now because Nix
1.6 doesn't check the binary cache for fetchurl output anymore.

http://hydra.nixos.org/build/6144188
2013-09-16 13:30:34 +02:00
Eelco Dolstra
fbb40e0389 release.nix: Automatically include all of tests/default.nix 2013-09-16 13:30:33 +02:00
Bjørn Forsman
0192c02720 /etc/profile: try all nix profiles for ASPELL_CONF
Aspell can only handle one dict-dir directive and currently we hardocde
that to
  ASPELL_CONF="dict-dir $HOME/.nix-profile/lib/aspell"

This means that aspell doesn't work if it is installed to the system or
default nix profile -- it only works in the user profile.

With this change, aspell can be installed to any of the nix profiles. If
it is installed in more than one profile, the most "local" profile wins
(i.e. sysadmin can set up a default, users can override it).
2013-09-14 13:05:11 +02:00
Oliver Charles
3a1024478a lightdm: Use xserver.nix environment variables when starting X
This reduces code duplication, but more importantly means that the
DRI modules can be found by X enabling hardware acceleration.

Close #249; the PR also refers to more about DRI modules.
2013-09-12 10:09:53 +02:00
Peter Simons
1103ba84fd modules/misc/ids.nix: patch tcpcrypt to use our uid
The default uid 666 exceeds SYS_UID_MAX (499), so it might not be available
anyway.
2013-09-11 18:58:37 +02:00
Peter Simons
4a7d8a84bc modules/services/networking/tcpcrypt.nix: specify start-up dependencies in systemd style
Thanks, Eelco, for pointing this out.
2013-09-11 18:56:09 +02:00
Peter Simons
b6501c0097 modules/misc/ids.nix: add a comment explaining why tcpcryptd has uid 666. 2013-09-11 11:09:30 +02:00
Peter Simons
0afcc637d7 Add support for opportunistic TCP encryption.
Set "networking.tcpcrypt.enable = true;" to enable opportunistic TCP encryption
based on the user-space tools available from <http://tcpcrypt.org>.

Network attackers come in two varieties: passive and active (man-in-the-middle).
Passive attacks are much simpler to execute because they just require listening
on the network. Active attacks are much harder as they require listening and
modifying network traffic, often requiring very precise timing that can make
some attacks impractical.

Opportunistic encryption cannot protect against active attackers, but it *does*
protect against passive attackers. Furthermore, Tcpcrypt is powerful enough to
stop active attacks, too, if the application using it performs authentication.

A complete description of the protocol extension can be found at
<http://tools.ietf.org/html/draft-bittau-tcp-crypt-00>.
2013-09-10 23:32:55 +02:00
Eelco Dolstra
c4092f2a8d firewall.nix: Less verbosity 2013-09-10 15:17:52 +02:00
Eelco Dolstra
94bb48be78 firewall.nix: Don't make missing rpfilter support a fatal error
This makes upgrading from Linux 3.2 to 3.4 a bit nicer.
2013-09-10 15:17:52 +02:00
Mathijs Kwik
71365b7478 Merge pull request #247 from bjornfor/wins-nsswitch
Add services.samba.nsswins option
2013-09-07 08:18:01 -07:00
Bjørn Forsman
8a01d244b1 Add services.samba.nsswins option
This option allows for seamless WINS/NetBIOS name lookup, using
nsswitch.
2013-09-07 15:09:44 +02:00
Eelco Dolstra
40342e975d types.list -> types.listOf 2013-09-04 15:12:07 +02:00
Eelco Dolstra
25bd880472 Get firmware from lib/firmware 2013-09-04 14:22:52 +02:00
Eelco Dolstra
17457297cb Update all legacy-style modules
I.e., modules that use "require = [options]".  Nowadays that should be
written as

  {
    options = { ... };
    config = { ... };
  };

Also, use "imports" instead of "require" in places where we actually
import another module.
2013-09-04 13:05:09 +02:00
Eelco Dolstra
3a23e6dd31 Remove reference to non-existant config.tests 2013-09-03 15:14:55 +02:00