diff --git a/modules/services/hardware/bluetooth.nix b/modules/services/hardware/bluetooth.nix new file mode 100644 index 00000000000..4e00f43aee7 --- /dev/null +++ b/modules/services/hardware/bluetooth.nix @@ -0,0 +1,38 @@ +{pkgs, config, ...}: + +with pkgs.lib; + +{ + + ###### interface + + options = { + + }; + + + ###### implementation + + config = { + + jobs = pkgs.lib.singleton + { name = "bluetoothd"; + + startOn = "dbus"; + stopOn = "dbus"; + + preStart = + '' + mkdir -m 0755 -p /var/lib/bluetooth + ''; + + exec = "${pkgs.bluez}/sbin/bluetoothd --nodaemon --debug"; + }; + + environment.systemPackages = [pkgs.bluez pkgs.openobex pkgs.obexftp]; + + services.dbus.enable = true; + services.dbus.packages = [pkgs.bluez]; + }; + +} diff --git a/modules/services/hardware/hal.nix b/modules/services/hardware/hal.nix index 475ba7299d7..972e8b5e3c9 100644 --- a/modules/services/hardware/hal.nix +++ b/modules/services/hardware/hal.nix @@ -1,119 +1,104 @@ # HAL daemon. {pkgs, config, ...}: -###### interface +with pkgs.lib; + let - inherit (pkgs.lib) mkOption; - options = { - services = { - hal = { - enable = mkOption { - default = true; - description = " - Whether to start the HAL daemon. - "; - }; - - extraFdi = mkOption { - default = []; - example = [ "/nix/store/.../fdi" ]; - description = " - Extend HAL daemon configuration with additionnal paths. - "; - }; - }; - }; - }; -in - -###### implementation -let cfg = config.services.hal; - inherit (pkgs.lib) mkIf; inherit (pkgs) hal; - user = { - name = "haldaemon"; - uid = config.ids.uids.haldaemon; - description = "HAL daemon user"; - }; - - group = { - name = "haldaemon"; - gid = config.ids.gids.haldaemon; - }; - fdi = if cfg.extraFdi == [] then - hal + "/share/hal/fdi" + "${hal}/share/hal/fdi" else pkgs.buildEnv { name = "hal-fdi"; pathsToLink = [ "/preprobe" "/information" "/policy" ]; - paths = [ (hal + "/share/hal/fdi") ] ++ cfg.extraFdi; + paths = [ "${hal}/share/hal/fdi" ] ++ cfg.extraFdi; }; - job = { - name = "hal"; - - job = '' - description "HAL daemon" - - # !!! TODO: make sure that HAL starts after acpid, - # otherwise hald-addon-acpi will grab /proc/acpi/event. - start on ${if config.powerManagement.enable then "acpid" else "dbus"} - stop on shutdown - - start script - - mkdir -m 0755 -p /var/cache/hald - - rm -f /var/cache/hald/fdi-cache - - end script - - # HACK ? These environment variables manipulated inside - # 'src'/hald/mmap_cache.c are used for testing the daemon - env HAL_FDI_SOURCE_PREPROBE=${fdi}/preprobe - env HAL_FDI_SOURCE_INFORMATION=${fdi}/information - env HAL_FDI_SOURCE_POLICY=${fdi}/policy - - respawn ${hal}/sbin/hald --daemon=no - ''; - }; in -mkIf cfg.enable { - require = [ - # ../upstart-jobs/default.nix # config.services.extraJobs - # ../system/user.nix # users.* - # ../upstart-jobs/udev.nix # services.udev.* - # ../upstart-jobs/dbus.nix # services.dbus.* - # ? # config.environment.extraPackages - options - ]; +{ - environment = { - extraPackages = [hal]; - }; + ###### interface + + options = { + + services.hal = { + + enable = mkOption { + default = true; + description = " + Whether to start the HAL daemon. + "; + }; - users = { - extraUsers = [user]; - extraGroups = [group]; - }; + extraFdi = mkOption { + default = []; + example = [ "/nix/store/.../fdi" ]; + description = " + Extend HAL daemon configuration with additionnal paths. + "; + }; - services = { - extraJobs = [job]; - - udev = { - addUdevPkgs = [hal]; - }; - - dbus = { - enable = true; - services = [hal]; }; + }; -} + + + ###### implementation + + config = mkIf cfg.enable { + + environment.systemPackages = [hal]; + + users.extraUsers = singleton + { name = "haldaemon"; + uid = config.ids.uids.haldaemon; + description = "HAL daemon user"; + }; + + users.extraGroups = singleton + { name = "haldaemon"; + gid = config.ids.gids.haldaemon; + }; + + jobs = singleton + { name = "hal"; + + description = "HAL daemon"; + + # !!! TODO: make sure that HAL starts after acpid, + # otherwise hald-addon-acpi will grab /proc/acpi/event. + startOn = if config.powerManagement.enable then "acpid" else "dbus"; + stopOn = "shutdown"; + + # !!! HACK? These environment variables manipulated inside + # 'src'/hald/mmap_cache.c are used for testing the daemon + environment = + { HAL_FDI_SOURCE_PREPROBE = "${fdi}/preprobe"; + HAL_FDI_SOURCE_INFORMATION = "${fdi}/information"; + HAL_FDI_SOURCE_POLICY = "${fdi}/policy"; + }; + + preStart = + '' + mkdir -m 0755 -p /var/cache/hald + + rm -f /var/cache/hald/fdi-cache + ''; + + exec = "${hal}/sbin/hald --daemon=no"; + }; + + services.udev.addUdevPkgs = [hal]; + + services.dbus.enable = true; + services.dbus.packages = [hal]; + + }; + +} \ No newline at end of file diff --git a/modules/services/misc/disnix.nix b/modules/services/misc/disnix.nix index 0f80cf6804c..8e96b6f2130 100644 --- a/modules/services/misc/disnix.nix +++ b/modules/services/misc/disnix.nix @@ -58,7 +58,7 @@ mkIf cfg.enable { dbus = { enable = true; - services = [pkgs.disnix]; + packages = [pkgs.disnix]; }; }; } diff --git a/modules/services/networking/avahi-daemon.nix b/modules/services/networking/avahi-daemon.nix index 2a10d8f28d1..d01bf4c3b54 100644 --- a/modules/services/networking/avahi-daemon.nix +++ b/modules/services/networking/avahi-daemon.nix @@ -153,7 +153,7 @@ mkIf cfg.enable { dbus = { enable = true; - services = [avahi]; + packages = [avahi]; }; }; } diff --git a/modules/services/networking/firewall.nix b/modules/services/networking/firewall.nix index ef6b3a94472..85f88330134 100644 --- a/modules/services/networking/firewall.nix +++ b/modules/services/networking/firewall.nix @@ -68,7 +68,12 @@ in ) config.networking.firewall.allowedTCPPorts } - # Drop everything else. + # Accept multicast. Not a big security risk since + # probably nobody is listening anyway. + ${iptables} -A INPUT -d 224.0.0.0/4 -j ACCEPT + + # Drop everything else. + ${iptables} -A INPUT -j LOG --log-level info --log-prefix "firewall: " ${iptables} -A INPUT -j DROP ''; diff --git a/modules/services/system/consolekit.nix b/modules/services/system/consolekit.nix index de3fc8897c0..e5d1f104a80 100644 --- a/modules/services/system/consolekit.nix +++ b/modules/services/system/consolekit.nix @@ -53,7 +53,7 @@ mkIf cfg.enable { dbus = { enable = true; - services = [ConsoleKit]; + packages = [ConsoleKit]; }; }; } diff --git a/modules/services/system/dbus.nix b/modules/services/system/dbus.nix index f3d56e9239c..9dc6bd9d78b 100644 --- a/modules/services/system/dbus.nix +++ b/modules/services/system/dbus.nix @@ -1,116 +1,109 @@ # D-Bus system-wide daemon. {pkgs, config, ...}: -###### interface +with pkgs.lib; + let - inherit (pkgs.lib) mkOption; - options = { - services = { - dbus = { - - enable = mkOption { - default = true; - description = " - Whether to start the D-Bus message bus daemon. It is required - by the HAL service. - "; - merge = pkgs.lib.mergeEnableOption; - }; - - services = mkOption { - default = []; - description = ".. fill me .."; - }; - - }; - }; - }; -in - -###### implementation -let cfg = config.services.dbus; - services = cfg.services; - inherit (pkgs.lib) mkIf; - inherit (pkgs) stdenv dbus; + inherit (pkgs) dbus; homeDir = "/var/run/dbus"; - # Take the standard system configuration file, except that we don't - # want to fork (Upstart will monitor the daemon). - configFile = stdenv.mkDerivation { + configFile = pkgs.stdenv.mkDerivation { name = "dbus-conf"; - buildCommand = " + buildCommand = '' ensureDir $out ln -s ${dbus}/etc/dbus-1/system.conf $out/system.conf + # Note: system.conf includes ./system.d (i.e. it has a relative, + # not absolute path). ensureDir $out/system.d - for i in ${toString services}; do + for i in ${toString cfg.packages}; do ln -s $i/etc/dbus-1/system.d/* $out/system.d/ done - "; - }; - - user = { - name = "messagebus"; - uid = config.ids.uids.messagebus; - description = "D-Bus system message bus daemon user"; - home = homeDir; - }; - - job = { - name = "dbus"; - - job = '' - description "D-Bus system message bus daemon" - - start on startup - stop on shutdown - - start script - - mkdir -m 0755 -p ${homeDir} - chown messagebus ${homeDir} - - mkdir -m 0755 -p /var/lib/dbus - ${dbus.tools}/bin/dbus-uuidgen --ensure - - rm -f ${homeDir}/pid - ${dbus}/bin/dbus-daemon --config-file=${configFile}/system.conf - end script - - respawn sleep 1000000 - - stop script - pid=$(cat ${homeDir}/pid) - if test -n "$pid"; then - kill -9 $pid - fi - end script - ''; + ''; # */ }; in -mkIf cfg.enable { - require = [ - # ../upstart-jobs/default.nix # config.services.extraJobs - # ../system/user.nix # users.* - # ? # config.environment.extraPackages - options - ]; +{ - environment = { - extraPackages = [dbus.daemon dbus.tools]; + ###### interface + + options = { + + services.dbus = { + + enable = mkOption { + default = true; + description = '' + Whether to start the D-Bus message bus daemon, which is + required by many other system services and applications. + ''; + merge = pkgs.lib.mergeEnableOption; + }; + + packages = mkOption { + default = []; + description = '' + Packages whose D-Bus configuration files should be included in + the configuration of the D-Bus system-wide message bus. + Specifically, every file in + pkg/etc/dbus-1/system.d + is included. + ''; + }; + + }; + }; - users = { - extraUsers = [user]; - }; - services = { - extraJobs = [job]; + ###### implementation + + config = mkIf cfg.enable { + + environment.systemPackages = [dbus.daemon dbus.tools]; + + users.extraUsers = singleton + { name = "messagebus"; + uid = config.ids.uids.messagebus; + description = "D-Bus system message bus daemon user"; + home = homeDir; + }; + + jobs = singleton + { name = "dbus"; + + startOn = "startup"; + stopOn = "shutdown"; + + preStart = + '' + mkdir -m 0755 -p ${homeDir} + chown messagebus ${homeDir} + + mkdir -m 0755 -p /var/lib/dbus + ${dbus.tools}/bin/dbus-uuidgen --ensure + + rm -f ${homeDir}/pid + # !!! hack - dbus should be running once this job is + # considered "running"; should be fixable once we have + # Upstart 0.6. + ${dbus}/bin/dbus-daemon --config-file=${configFile}/system.conf + ''; + + postStop = + '' + pid=$(cat ${homeDir}/pid) + if test -n "$pid"; then + kill -9 $pid + fi + ''; + }; + }; + }