Merge branch 'master' of github.com:NixOS/nixos into systemd

Conflicts: modules/config/networking.nix modules/services/networking/ssh/sshd.nix modules/services/ttys/agetty.nix modules/system/boot/stage-2-init.sh modules/system/upstart-events/shutdown.nix
2012-07-16 17:27:11 -04:00 · 2012-07-16 17:27:11 -04:00 · 44d091674b
commit 44d091674b
parent bf15293b1e 1d57489427
38 changed files with 544 additions and 100 deletions
--- a/modules/config/networking.nix
+++ b/modules/config/networking.nix
@ -68,6 +68,9 @@ in
            # Invalidate the nscd cache whenever resolv.conf is
            # regenerated.
            libc_restart='${pkgs.systemd}/bin/systemctl start invalidate-nscd.service'
          '' + optionalString config.services.bind.enable ''
            # This hosts runs a full-blown DNS resolver.
            name_servers='127.0.0.1'
          '' );
        target = "resolvconf.conf";
      }
--- a/modules/config/shells.nix
+++ b/modules/config/shells.nix
@ -13,6 +13,7 @@ with pkgs.lib;
      { target = "shells";
        source = pkgs.writeText "shells"
          ''
            /run/current-system/sw/bin/bash
            /var/run/current-system/sw/bin/bash
            /bin/sh
          '';
--- a/modules/config/system-path.nix
+++ b/modules/config/system-path.nix
@ -1,5 +1,5 @@
 # This module defines the packages that appear in
-# /var/run/current-system/sw.
+# /run/current-system/sw.
 { config, pkgs, ... }:
@ -64,7 +64,7 @@ let
        example = "[ pkgs.icecat3 pkgs.thunderbird ]";
        description = ''
          The set of packages that appear in
-          /var/run/current-system/sw.  These packages are
+          /run/current-system/sw.  These packages are
          automatically available to all users, and are
          automatically updated every time you rebuild the system
          configuration.  (The latter is the main difference with
@ -79,7 +79,7 @@ let
        default = [];
        example = ["/"];
        description = "
-          Lists directories to be symlinked in `/var/run/current-system/sw'.
+          Lists directories to be symlinked in `/run/current-system/sw'.
        ";
      };
    };
--- a/modules/config/timezone.nix
+++ b/modules/config/timezone.nix
@ -5,13 +5,21 @@ with pkgs.lib;
 {
  options = {
-    time.timeZone = mkOption {
+    time = {
      timeZone = mkOption {
        default = "CET";
        type = with types; uniq string;
        example = "America/New_York";
        description = "The time zone used when displaying times and dates.";
      };
      hardwareClockInLocalTime = mkOption {
        default = false;
        description = "If set, keep the hardware clock in local time instead of UTC.";
      };
    };
  };
  config = {
--- a/modules/config/users-groups.nix
+++ b/modules/config/users-groups.nix
@ -48,7 +48,7 @@ let
      shell = mkOption {
        type = with types; uniq string;
-        default = "/var/run/current-system/sw/sbin/nologin";
+        default = "/run/current-system/sw/sbin/nologin";
        description = "The path to the user's shell.";
      };
--- a/modules/hardware/network/b43.nix
+++ b/modules/hardware/network/b43.nix
@ -0,0 +1,30 @@
 {pkgs, config, ...}:
 let kernelVersion = config.boot.kernelPackages.kernel.version; in
 {
  ###### interface
  options = {
    networking.enableB43Firmware = pkgs.lib.mkOption {
      default = false;
      type = pkgs.lib.types.bool;
      description = ''
        Turn on this option if you want firmware for the NICs supported by the b43 module.
      '';
    };
  };
  ###### implementation
  config = pkgs.lib.mkIf config.networking.enableB43Firmware {
    hardware.firmware = if builtins.lessThan (builtins.compareVersions kernelVersion "3.2") 0 then
      throw "b43 firmware for kernels older than 3.2 not packaged yet!" else
      [ pkgs.b43Firmware_5_1_138 ];
  };
 }
--- a/modules/installer/cd-dvd/iso-image.nix
+++ b/modules/installer/cd-dvd/iso-image.nix
@ -122,12 +122,12 @@ let
  efiShell = if pkgs.stdenv.isi686 then
    pkgs.fetchurl {
      url = "https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2/EdkShellBinPkg/FullShell/Ia32/Shell_Full.efi";
-      sha256 = "0ymm3mbbwx9f6cq0bp2nr7ikyagxgsg4sjs5q1s4xbnms27slwjq";
+      sha256 = "1gv6kyaspczdp7x8qnx5x76ilriaygkfs99ay7ihhdi6riclkhfl";
    }
  else
    pkgs.fetchurl {
      url = "https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2/EdkShellBinPkg/FullShell/X64/Shell_Full.efi";
-      sha256 = "1xchy8a05mgqzr82mmahdni0jbxsz6xf6vm2bg1bch9i6l72qgmh";
+      sha256 = "1g18z84rlavxr5gsrh2g942rfr6znv9fs3fqww5m7dhmnysgyv8p";
    };
  # The efi boot image
@ -312,7 +312,7 @@ in
      # nixos-rebuild also requires a "system" profile and an
      # /etc/NIXOS tag.
      touch /etc/NIXOS
-      ${config.environment.nix}/bin/nix-env -p /nix/var/nix/profiles/system --set /var/run/current-system
+      ${config.environment.nix}/bin/nix-env -p /nix/var/nix/profiles/system --set /run/current-system
    '';
  # Add vfat support to the initrd to enable people to copy the
--- a/modules/installer/cd-dvd/system-tarball.nix
+++ b/modules/installer/cd-dvd/system-tarball.nix
@ -50,7 +50,7 @@ in
  # script and the top-level system configuration directory.
  tarball.storeContents =
    [ { object = config.system.build.toplevel;
-        symlink = "/var/run/current-system";
+        symlink = "/run/current-system";
      }
    ];
@ -87,6 +87,6 @@ in
      # nixos-rebuild also requires a "system" profile and an
      # /etc/NIXOS tag.
      touch /etc/NIXOS
-      ${config.environment.nix}/bin/nix-env -p /nix/var/nix/profiles/system --set /var/run/current-system
+      ${config.environment.nix}/bin/nix-env -p /nix/var/nix/profiles/system --set /run/current-system
    '';
 }
--- a/modules/installer/efi-boot-stub/efi-boot-stub.nix
+++ b/modules/installer/efi-boot-stub/efi-boot-stub.nix
@ -90,12 +90,12 @@ let
      if pkgs.stdenv.isi686 then
        pkgs.fetchurl {
          url = "https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2/EdkShellBinPkg/FullShell/Ia32/Shell_Full.efi";
-          sha256 = "0ymm3mbbwx9f6cq0bp2nr7ikyagxgsg4sjs5q1s4xbnms27slwjq";
+          sha256 = "1gv6kyaspczdp7x8qnx5x76ilriaygkfs99ay7ihhdi6riclkhfl";
        }
      else
        pkgs.fetchurl {
          url = "https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2/EdkShellBinPkg/FullShell/X64/Shell_Full.efi";
-          sha256 = "1xchy8a05mgqzr82mmahdni0jbxsz6xf6vm2bg1bch9i6l72qgmh";
+          sha256 = "1g18z84rlavxr5gsrh2g942rfr6znv9fs3fqww5m7dhmnysgyv8p";
        }
    else
      null;
--- a/modules/installer/tools/nixos-rebuild.sh
+++ b/modules/installer/tools/nixos-rebuild.sh
@ -128,8 +128,7 @@ if [ -n "$pullManifest" -o "$action" = pull ]; then
    set -o pipefail
    manifests=$(nix-instantiate --eval-only --xml --strict '<nixos>' -A manifests \
        | grep '<string'  | sed 's^.*"\(.*\)".*^\1^g')
-
+    set +o pipefail
    set -o nopipefail
    if [ $? -ne 0 ]; then exit 1; fi
    mkdir -p /nix/var/nix/channel-cache
--- a/modules/misc/crashdump.nix
+++ b/modules/misc/crashdump.nix
@ -48,9 +48,9 @@ in
  config = mkIf crashdump.enable {
    boot = {
      postBootCommands = ''
-        ${pkgs.kexectools}/sbin/kexec -p /var/run/current-system/kernel \
+        ${pkgs.kexectools}/sbin/kexec -p /run/current-system/kernel \
-        --initrd=/var/run/current-system/initrd \
+        --initrd=/run/current-system/initrd \
-        --append="init=$(readlink -f /var/run/current-system/init) system=$(readlink -f /var/run/current-system) irqpoll maxcpus=1 reset_devices ${kernelParams}" --reset-vga --console-vga
+        --append="init=$(readlink -f /run/current-system/init) system=$(readlink -f /run/current-system) irqpoll maxcpus=1 reset_devices ${kernelParams}" --reset-vga --console-vga
      '';
      kernelParams = [
       "crashkernel=64M"
--- a/modules/misc/lib.nix
+++ b/modules/misc/lib.nix
@ -0,0 +1,15 @@
 { config, pkgs, ... }:
 {
  options = {
    lib = pkgs.lib.mkOption {
      default = {};
      type = pkgs.lib.types.attrsOf pkgs.lib.types.attrs;
      description = ''
        This option allows modules to define helper functions, constants, etc.
      '';
    };
  };
 }
--- a/modules/module-list.nix
+++ b/modules/module-list.nix
@ -15,6 +15,7 @@
  ./config/unix-odbc-drivers.nix
  ./config/users-groups.nix
  ./hardware/cpu/intel-microcode.nix
  ./hardware/network/b43.nix
  ./hardware/network/intel-2100bg.nix
  ./hardware/network/intel-2200bg.nix
  ./hardware/network/intel-3945abg.nix
@ -34,6 +35,7 @@
  ./misc/crashdump.nix
  ./misc/ids.nix
  ./misc/locate.nix
  ./misc/lib.nix
  ./misc/nixpkgs.nix
  ./misc/passthru.nix
  ./misc/version.nix
@ -82,6 +84,7 @@
  ./services/hardware/upower.nix
  #./services/logging/klogd.nix
  ./services/logging/logrotate.nix
  ./services/logging/logstash.nix
  ./services/logging/syslogd.nix
  ./services/mail/dovecot.nix
  ./services/mail/dovecot2.nix
--- a/modules/programs/bash/profile.sh
+++ b/modules/programs/bash/profile.sh
@ -12,8 +12,8 @@ __ETC_PROFILE_SOURCED=1
 export __ETC_PROFILE_DONE=1
 # Initialise a bunch of environment variables.
-export LOCALE_ARCHIVE=/var/run/current-system/sw/lib/locale/locale-archive
+export LOCALE_ARCHIVE=/run/current-system/sw/lib/locale/locale-archive
-export LD_LIBRARY_PATH=/var/run/opengl-driver/lib:/var/run/opengl-driver-32/lib # !!! only set if needed
+export LD_LIBRARY_PATH=/run/opengl-driver/lib:/run/opengl-driver-32/lib # !!! only set if needed
 export NIXPKGS_CONFIG=/etc/nix/nixpkgs-config.nix
 export NIX_PATH=/nix/var/nix/profiles/per-user/root/channels/nixos:nixpkgs=/etc/nixos/nixpkgs:nixos=/etc/nixos/nixos:nixos-config=/etc/nixos/configuration.nix:services=/etc/nixos/services
 export PAGER="less -R"
@ -22,7 +22,7 @@ export LOCATE_PATH=/var/cache/locatedb
 # Include the various profiles in the appropriate environment variables.
 export NIX_USER_PROFILE_DIR=/nix/var/nix/profiles/per-user/$USER
-export NIX_PROFILES="/var/run/current-system/sw /nix/var/nix/profiles/default $HOME/.nix-profile"
+export NIX_PROFILES="/run/current-system/sw /nix/var/nix/profiles/default $HOME/.nix-profile"
 unset PATH INFOPATH PKG_CONFIG_PATH PERL5LIB ALSA_PLUGIN_DIRS GST_PLUGIN_PATH KDEDIRS
 unset QT_PLUGIN_PATH QTWEBKIT_PLUGIN_PATH STRIGI_PLUGIN_PATH XDG_CONFIG_DIRS XDG_DATA_DIRS
--- a/modules/programs/shadow.nix
+++ b/modules/programs/shadow.nix
@ -21,6 +21,9 @@ let
      TTYGROUP     tty
      TTYPERM      0620
      # Ensure privacy for newly created home directories.
      UMASK        077
      # Uncomment this to allow non-root users to change their account
      #information.  This should be made configurable.
      #CHFN_RESTRICT frwh
@ -35,7 +38,7 @@ in
  options = {
    users.defaultUserShell = pkgs.lib.mkOption {
-      default = "/var/run/current-system/sw/bin/bash";
+      default = "/run/current-system/sw/bin/bash";
      description = ''
        This option defines the default shell assigned to user
        accounts.  This must not be a store path, since the path is
--- a/modules/services/logging/klogd.nix
+++ b/modules/services/logging/klogd.nix
@ -13,7 +13,7 @@
      exec =
        "klogd -c 1 -2 -n " +
-        "-k $(dirname $(readlink -f /var/run/booted-system/kernel))/System.map";
+        "-k $(dirname $(readlink -f /run/booted-system/kernel))/System.map";
    };
 }
--- a/modules/services/logging/logstash.nix
+++ b/modules/services/logging/logstash.nix
@ -0,0 +1,162 @@
 { config, pkgs, ... }:
 with pkgs.lib;
 let
  cfg = config.services.logstash;
  listToConfig = list: "[ " + (concatStringsSep ", " (map exprToConfig list)) + " ]";
  hashToConfig = attrs:
    let
      attrNameToConfigList = name:
        [ (exprToConfig name)  (exprToConfig (getAttr name attrs)) ];
    in
      "[ " +
      (concatStringsSep ", " (map attrNameToConfigList (attrNames attrs))) +
      " ]";
  valueToConfig = nvpair: let name = nvpair.name; value = nvpair.value; in
    if (isAttrs value) && ((!(value ? __type)) || value.__type == "repeated")
      then ''
        ${name} {
          ${exprToConfig value}
        }
      ''
      else "${name} => ${exprToConfig value}";
  repeatedAttrsToConfig = values:
      concatStringsSep "\n" (map valueToConfig values);
  attrsToConfig = attrs:
    let
      attrToConfig = name: valueToConfig {
        inherit name;
        value = (getAttr name attrs);
      };
    in
      concatStringsSep "\n" (map attrToConfig (attrNames attrs));
  exprToConfig = expr:
    let
      isCustomType = expr: (isAttrs expr) && (expr ? __type);
      isFloat = expr: (isCustomType expr) && (expr.__type == "float");
      isHash = expr: (isCustomType expr) && (expr.__type == "hash");
      isRepeatedAttrs = expr: (isCustomType expr) && (expr.__type == "repeated");
    in
      if builtins.isBool expr then (if expr then "true" else "false") else
      if builtins.isString expr then ''"${expr}"'' else
      if builtins.isInt expr then toString expr else
      if isFloat expr then expr.value else
      if isList expr then listToConfig expr else
      if isHash expr then hashToConfig expr.value else
      if isRepeatedAttrs expr then repeatedAttrsToConfig expr.values
      else attrsToConfig expr;
  mergeConfigs = configs:
    let
      op = attrs: newAttrs:
        let
          isRepeated = newAttrs ? __type && newAttrs.__type == "repeated";
        in {
            values = attrs.values ++ (if isRepeated then newAttrs.values else
              map (name: { inherit name; value = getAttr name newAttrs; })
              (attrNames newAttrs));
          };
    in (foldl op { values = []; } configs) // { __type = "repeated"; };
 in
 {
  ###### interface
  options = {
    services.logstash = {
      enable = mkOption {
        default = false;
        description = ''
          Enable logstash.
        '';
      };
      inputConfig = mkOption {
        default = {};
        description = ''
          An attribute set (or an expression generated by mkNameValuePairs)
          representing a logstash configuration's input section.
          Logstash configs are name-value pairs, where values can be bools,
          strings, numbers, arrays, hashes, or other name-value pairs,
          and names are strings that can be repeated. Name-value pairs with no
          repeats are represented by attr sets. Bools, strings, ints, and
          arrays are mapped directly. Name-value pairs with repeats can be
          generated by the config.lib.logstash.mkNameValuePairs function, which
          takes a list of attrsets and combines them while preserving attribute
          name duplicates if they occur. Similarly, there are the mkFloat and
          mkHash functions, which take a string representation of a float and an
          attrset, respectively.
        '';
        merge = mergeConfigs;
      };
      filterConfig = mkOption {
        default = {};
        description = ''
          An attribute set (or an expression generated by mkNameValuePairs)
          representing a logstash configuration's filter section.
          See inputConfig description for details.
        '';
        merge = mergeConfigs;
      };
      outputConfig = mkOption {
        default = {};
        description = ''
          An attribute set (or an expression generated by mkNameValuePairs)
          representing a logstash configuration's output section.
          See inputConfig description for details.
        '';
        merge = mergeConfigs;
      };
    };
  };
  ###### implementation
  config = mkMerge [ {
    lib.logstash = {
      mkFloat = stringRep: { __type = "float"; value = stringRep; };
      mkHash = attrs: { __type = "hash"; value = attrs; };
      mkNameValuePairs = mergeConfigs;
    };
  } ( mkIf cfg.enable {
    # Always log to stdout
    services.logstash.outputConfig = { stdout = {}; };
    jobs.logstash = with pkgs; {
      description = "Logstash daemon";
      path = [ jre ];
      script = "cd /tmp && exec java -jar ${logstash} agent -f ${writeText "logstash.conf" ''
        input {
          ${exprToConfig cfg.inputConfig}
        }
        filter {
          ${exprToConfig cfg.filterConfig}
        }
        output {
          ${exprToConfig cfg.outputConfig}
        }
      ''}";
    };
  })];
 }
--- a/modules/services/misc/disnix.nix
+++ b/modules/services/misc/disnix.nix
@ -130,7 +130,7 @@ in
          script =
          ''
-            export PATH=/var/run/current-system/sw/bin:/var/run/current-system/sw/sbin
+            export PATH=/run/current-system/sw/bin:/run/current-system/sw/sbin
            export HOME=/root
            ${pkgs.disnix}/bin/disnix-service --activation-modules-dir=${disnix_activation_scripts}/libexec/disnix/activation-scripts
--- a/modules/services/monitoring/systemhealth.nix
+++ b/modules/services/monitoring/systemhealth.nix
@ -86,8 +86,8 @@ in
        [paths]
        rrdtool = ${pkgs.rrdtool}/bin/rrdtool
        loadavg_rrd = loadavg
-        ps = /var/run/current-system/sw/bin/ps
+        ps = /run/current-system/sw/bin/ps
-        df = /var/run/current-system/sw/bin/df
+        df = /run/current-system/sw/bin/df
        meminfo_rrd = meminfo
        uptime_rrd = uptime
        rrd_path = ${rrdDir}
--- a/modules/services/network-filesystems/drbd.nix
+++ b/modules/services/network-filesystems/drbd.nix
@ -44,7 +44,7 @@ let cfg = config.services.drbd; in
    boot.extraModprobeConfig =
      ''
-        options drbd usermode_helper=/var/run/current-system/sw/sbin/drbdadm
+        options drbd usermode_helper=/run/current-system/sw/sbin/drbdadm
      '';
    environment.etc = singleton
--- a/modules/services/network-filesystems/samba.nix
+++ b/modules/services/network-filesystems/samba.nix
@ -70,7 +70,7 @@ let
      environment = {
        LD_LIBRARY_PATH = nssModulesPath;
        TZ = config.time.timeZone;
-        LOCALE_ARCHIVE = "/var/run/current-system/sw/lib/locale/locale-archive";
+        LOCALE_ARCHIVE = "/run/current-system/sw/lib/locale/locale-archive";
      };
      daemonType = "fork";
--- a/modules/services/networking/ssh/sshd.nix
+++ b/modules/services/networking/ssh/sshd.nix
@ -92,7 +92,7 @@ let
      userLoop = flip concatMapStrings usersWithKeys (u:
        let
          authKeys = concatStringsSep "," u.openssh.authorizedKeys.keys;
-          authKeyFiles = concatStringsSep " " u.openssh.authorizedKeys.keyFiles;
+          authKeyFiles = concatStrings (map (x: " ${x}") u.openssh.authorizedKeys.keyFiles);
          preserveExisting = if u.openssh.authorizedKeys.preserveExistingKeys then "true" else "false";
        in ''
          mkAuthKeysFile "${u.name}" "${authKeys}" "${authKeyFiles}" "${preserveExisting}"
@ -105,25 +105,34 @@ let
        local authKeyFiles="$3"
        local preserveExisting="$4"
-        eval authfile=~$userName/.ssh/authorized_keys
+        eval homeDir=~$userName
-        mkdir -p "$(dirname $authfile)"
+        if ! [ -d "$homeDir" ]; then
-        touch "$authfile"
+          echo "User $userName does not exist"
          return
        fi
        if ! [ -d "$homeDir/.ssh" ]; then
          mkdir -v -m 700 "$homeDir/.ssh"
          chown "$userName":users "$homeDir/.ssh"
        fi
        local authKeysFile="$homeDir/.ssh/authorized_keys"
        touch "$authKeysFile"
        if [ "$preserveExisting" == false ]; then
-          rm -f "$authfile"
+          rm -f "$authKeysFile"
-          echo "${marker2}" > "$authfile"
+          echo "${marker2}" > "$authKeysFile"
        else
-          sed -i '/${marker1}/ d' "$authfile"
+          sed -i '/${marker1}/ d' "$authKeysFile"
        fi
        IFS=,
        for f in $authKeys; do
-          echo "$f ${marker1}" >> "$authfile"
+          echo "$f ${marker1}" >> "$authKeysFile"
        done
        unset IFS
        for f in $authKeyFiles; do
          if [ -f "$f" ]; then
-            echo "$(cat "$f") ${marker1}" >> "$authfile"
+            echo "$(cat "$f") ${marker1}" >> "$authKeysFile"
          fi
        done
        chown "$userName" "$authKeysFile"
      }
      ${userLoop}
@ -329,7 +338,7 @@ in
        path = [ pkgs.openssh ];
        environment.LD_LIBRARY_PATH = nssModulesPath;
-        environment.LOCALE_ARCHIVE = "/var/run/current-system/sw/lib/locale/locale-archive";
+        environment.LOCALE_ARCHIVE = "/run/current-system/sw/lib/locale/locale-archive";
        preStart =
          ''
--- a/modules/services/networking/wpa_supplicant.nix
+++ b/modules/services/networking/wpa_supplicant.nix
@ -44,7 +44,9 @@ in
        example = [ "wlan0" "wlan1" ];
        description = ''
          The interfaces <command>wpa_supplicant</command> will use.  If empty, it will
-          automatically use all wireless interfaces.
+          automatically use all wireless interfaces. (Note that auto-detection is currently
 	  broken on Linux 3.4.x kernels. See http://github.com/NixOS/nixos/issues/10 for
 	  further details.)
        '';
      };
--- a/modules/services/scheduling/fcron.nix
+++ b/modules/services/scheduling/fcron.nix
@ -87,7 +87,7 @@ in
            fcrondeny   =       /etc/fcron.deny
            shell       =       /bin/sh
            sendmail    =       /var/setuid-wrappers/sendmail
-            editor      =       /var/run/current-system/sw/bin/vi
+            editor      =       /run/current-system/sw/bin/vi
          '';
          target = "fcron.conf";
          mode = "0600"; # max allowed is 644
@ -104,7 +104,7 @@ in
        startOn = "startup and filesystem";
        environment =
-          { PATH = "/var/run/current-system/sw/bin";
+          { PATH = "/run/current-system/sw/bin";
          };
        preStart =
--- a/modules/services/ttys/agetty.nix
+++ b/modules/services/ttys/agetty.nix
@ -72,7 +72,7 @@ with pkgs.lib;
        [Service]
        Environment=TERM=linux
-        Environment=LOCALE_ARCHIVE=/var/run/current-system/sw/lib/locale/locale-archive
+        Environment=LOCALE_ARCHIVE=/run/current-system/sw/lib/locale/locale-archive
        ExecStart=@${pkgs.utillinux}/sbin/agetty agetty --noclear --login-program ${pkgs.shadow}/bin/login %I 38400
        Type=idle
        Restart=always
--- a/modules/services/web-servers/apache-httpd/default.nix
+++ b/modules/services/web-servers/apache-httpd/default.nix
@ -6,7 +6,9 @@ let
  mainCfg = config.services.httpd;
-  httpd = pkgs.apacheHttpd;
+  httpd = pkgs.apacheHttpd.override { mpm = mainCfg.multiProcessingModule; };
  php = pkgs.php.override { apacheHttpd = httpd; };
  getPort = cfg: if cfg.port != 0 then cfg.port else if cfg.enableSSL then 443 else 80;
@ -105,10 +107,11 @@ let
      # Other modules.
      "ext_filter" "include" "log_config" "env" "mime_magic"
      "cern_meta" "expires" "headers" "usertrack" /* "unique_id" */ "setenvif"
-      "mime" "dav" "status" "autoindex" "asis" "info" "cgi" "dav_fs"
+      "mime" "dav" "status" "autoindex" "asis" "info" "dav_fs"
      "vhost_alias" "negotiation" "dir" "imagemap" "actions" "speling"
      "userdir" "alias" "rewrite" "proxy" "proxy_http"
    ]
    ++ (if mainCfg.multiProcessingModule == "prefork" then [ "cgi" ] else [ "cgid" ])
    ++ optional enableSSL "ssl"
    ++ extraApacheModules;
@ -283,6 +286,11 @@ let
    PidFile ${mainCfg.stateDir}/httpd.pid
    ${optionalString (mainCfg.multiProcessingModule != "prefork") ''
      # mod_cgid requires this.
      ScriptSock ${mainCfg.stateDir}/cgisock
    ''}
    <IfModule prefork.c>
        MaxClients           ${toString mainCfg.maxClients}
        MaxRequestsPerChild  ${toString mainCfg.maxRequestsPerChild}
@ -302,7 +310,7 @@ let
        allModules =
          concatMap (svc: svc.extraModulesPre) allSubservices
          ++ map (name: {inherit name; path = "${httpd}/modules/mod_${name}.so";}) apacheModules
-          ++ optional enablePHP { name = "php5"; path = "${pkgs.php}/modules/libphp5.so"; }
+          ++ optional enablePHP { name = "php5"; path = "${php}/modules/libphp5.so"; }
          ++ concatMap (svc: svc.extraModules) allSubservices
          ++ extraForeignModules;
      in concatMapStrings load allModules
@ -373,7 +381,7 @@ let
        ([ mainCfg.phpOptions ] ++ (map (svc: svc.phpOptions) allSubservices));
    }
    ''
-      cat ${pkgs.php}/etc/php-recommended.ini > $out
+      cat ${php}/etc/php-recommended.ini > $out
      echo "$options" >> $out
    '';
@ -404,7 +412,7 @@ in
      extraModules = mkOption {
        default = [];
-        example = [ "proxy_connect" { name = "php5"; path = "${pkgs.php}/modules/libphp5.so"; } ];
+        example = [ "proxy_connect" { name = "php5"; path = "${php}/modules/libphp5.so"; } ];
        description = ''
          Specifies additional Apache modules.  These can be specified
          as a string in the case of modules distributed with Apache,
@ -484,6 +492,23 @@ in
          "Options appended to the PHP configuration file <filename>php.ini</filename>.";
      };
      multiProcessingModule = mkOption {
        default = "prefork";
        example = "worker";
        type = types.uniq types.string;
        description =
          ''
            Multi-processing module to be used by Apache.  Available
            modules are <literal>prefork</literal> (the default;
            handles each request in a separate child process),
            <literal>worker</literal> (hybrid approach that starts a
            number of child processes each running a number of
            threads) and <literal>event</literal> (a recent variant of
            <literal>worker</literal> that handles persistent
            connections more efficiently).
          '';
      };
      maxClients = mkOption {
        default = 150;
        example = 8;
@ -558,7 +583,8 @@ in
        preStart =
          ''
-            mkdir -m 0700 -p ${mainCfg.stateDir}
+            mkdir -m 0750 -p ${mainCfg.stateDir}
            chown root.wwwrun ${mainCfg.stateDir}
            mkdir -m 0700 -p ${mainCfg.logDir}
            ${optionalString (mainCfg.documentRoot != null)
@ -582,9 +608,7 @@ in
            done
          '';
-        daemonType = "fork";
+        exec = "httpd -f ${httpdConf} -DNO_DETACH";
        exec = "httpd -f ${httpdConf}";
        preStop =
          ''
--- a/modules/services/web-servers/apache-httpd/mediawiki.nix
+++ b/modules/services/web-servers/apache-httpd/mediawiki.nix
@ -4,16 +4,6 @@ with pkgs.lib;
 let
  src_clean_skin = pkgs.fetchurl {
    url = "http://lastlog.de/misc/clean-1.01.tar.gz";
    sha256 = "5fb1736b64b33ca3429d035f1358cf8217da2d02019d8a80b14c7985367f659f";
  };
  src_nixos_skin = pkgs.fetchurl {
    url = "http://lastlog.de/misc/nixos-1.0.tar.gz";
    sha256 = "413b0f451bde81ac2dd0bede17dd088f9abcd0f3cea1722279311ca648a855cf";
  };
  mediawikiConfig = pkgs.writeText "LocalSettings.php"
    ''
      <?php
@ -89,15 +79,14 @@ let
      sha256 = "1d8afbdh3lsg54b69mnh6a47psb3lg978xpp277qs08yz15cjf7q";
    };
-    skinTarball = if config.defaultSkin == "clean" then src_clean_skin
+    skins = config.skins;
             else if config.defaultSkin == "nixos" then src_nixos_skin
             else "";
-    buildPhase = "
+    buildPhase =
-      if [ '${skinTarball}' ]; then
+      ''
-         tar xfz ${skinTarball} -C skins/;
+        for skin in $skins; do
-      fi
+          cp -prvd $skin/* skins/
-    ";
+        done
      ''; # */
    installPhase =
      ''
@ -259,6 +248,16 @@ in
      description = "Set this value to change the default skin used by MediaWiki.";
    };
    skins = mkOption {
      default = [];
      type = types.listOf types.path;
      description =
        ''
          List of paths whose content is copied to the ‘skins’
          subdirectory of the MediaWiki installation.
        '';
    };
    extraConfig = mkOption {
      default = "";
      example =
--- a/modules/services/x11/display-managers/kdm.nix
+++ b/modules/services/x11/display-managers/kdm.nix
@ -106,7 +106,7 @@ in
            mkdir -m 0755 -p /var/lib/kdm
            chown kdm /var/lib/kdm
            ${(optionalString (config.system.boot.loader.id == "grub") "PATH=${config.system.build.grub}/sbin:$PATH ") +
-              "KDEDIRS=/var/run/current-system/sw exec ${kdebase_workspace}/bin/kdm -config ${kdmrc} -nodaemon"}
+              "KDEDIRS=/run/current-system/sw exec ${kdebase_workspace}/bin/kdm -config ${kdmrc} -nodaemon"}
          '';
        logsXsession = true;
      };
--- a/modules/services/x11/hardware/multitouch.nix
+++ b/modules/services/x11/hardware/multitouch.nix
@ -2,6 +2,8 @@
 with pkgs.lib;
 let cfg = config.services.xserver.multitouch; in
 {
  options = {
@ -14,11 +16,25 @@ with pkgs.lib;
        description = "Whether to enable multitouch touchpad support.";
      };
      invertScroll = mkOption {
        default = false;
        example = true;
        type = types.bool;
        description = "Whether to invert scrolling direction à la OSX Lion";
      };
      ignorePalm = mkOption {
        default = false;
        example = true;
        type = types.bool;
        description = "Whether to ignore touches detected as being the palm (i.e when typing)";
      };
    };
-  config = mkIf config.services.xserver.multitouch.enable {
+  };
  config = mkIf cfg.enable {
    services.xserver.modules = [ pkgs.xf86_input_mtrack ];
@ -29,6 +45,13 @@ with pkgs.lib;
          MatchIsTouchpad "on"
          Identifier "Touchpads"
          Driver "mtrack"
          Option "IgnorePalm" "${if cfg.ignorePalm then "true" else "false"}"
          ${optionalString cfg.invertScroll ''
            Option "ScrollUpButton" "5"
            Option "ScrollDownButton" "4"
            Option "ScrollLeftButton" "7"
            Option "ScrollRightButton" "6"
          ''}
        EndSection
      '';
--- a/modules/services/x11/window-managers/i3.nix
+++ b/modules/services/x11/window-managers/i3.nix
@ -16,9 +16,9 @@ in
    };
  };
-  config = {
+  config = mkIf cfg.enable {
    services.xserver.windowManager = {
-      session = mkIf cfg.enable [{
+      session = [{
        name = "i3";
        start = "
          ${pkgs.i3}/bin/i3 &
@ -26,5 +26,6 @@ in
        ";
      }];
    };
    environment.x11Packages = [ pkgs.i3 ];
  };
 }
--- a/modules/services/x11/xfs.conf
+++ b/modules/services/x11/xfs.conf
@ -12,4 +12,4 @@ default-resolutions = 75,75,100,100
 cache-hi-mark = 2048
 cache-low-mark = 1433
 cache-balance = 70
-catalogue = /var/run/current-system/sw/share/X11-fonts/
+catalogue = /run/current-system/sw/share/X11-fonts/
--- a/modules/services/x11/xserver.nix
+++ b/modules/services/x11/xserver.nix
@ -405,21 +405,21 @@ in
        preStart =
          ''
-            rm -f /var/run/opengl-driver
+            rm -f /run/opengl-driver
-            rm -f /var/run/opengl-driver-32
+            rm -f /run/opengl-driver-32
            ${# !!! The OpenGL driver depends on what's detected at runtime.
              if elem "nvidia" driverNames then
                ''
-                  ln -sf ${kernelPackages.nvidia_x11} /var/run/opengl-driver
+                  ln -sf ${kernelPackages.nvidia_x11} /run/opengl-driver
                  ${optionalString (pkgs.stdenv.system == "x86_64-linux" && cfg.driSupport32Bit)
-                    "ln -sf ${pkgs_i686.linuxPackages.nvidia_x11.override { libsOnly = true; kernel = null; } } /var/run/opengl-driver-32"}
+                    "ln -sf ${pkgs_i686.linuxPackages.nvidia_x11.override { libsOnly = true; kernel = null; } } /run/opengl-driver-32"}
                ''
              else if elem "nvidiaLegacy96" driverNames then
-                "ln -sf ${kernelPackages.nvidia_x11_legacy96} /var/run/opengl-driver"
+                "ln -sf ${kernelPackages.nvidia_x11_legacy96} /run/opengl-driver"
              else if elem "nvidiaLegacy173" driverNames then
-                "ln -sf ${kernelPackages.nvidia_x11_legacy173} /var/run/opengl-driver"
+                "ln -sf ${kernelPackages.nvidia_x11_legacy173} /run/opengl-driver"
              else if cfg.driSupport then
-                "ln -sf ${pkgs.mesa} /var/run/opengl-driver"
+                "ln -sf ${pkgs.mesa} /run/opengl-driver"
              else ""
            }
--- a/modules/system/activation/activation-script.nix
+++ b/modules/system/activation/activation-script.nix
@ -74,12 +74,12 @@ in
            # Make this configuration the current configuration.
            # The readlink is there to ensure that when $systemConfig = /system
-            # (which is a symlink to the store), /var/run/current-system is still
+            # (which is a symlink to the store), /run/current-system is still
            # used as a garbage collection root.
-            ln -sfn "$(readlink -f "$systemConfig")" /var/run/current-system
+            ln -sfn "$(readlink -f "$systemConfig")" /run/current-system
            # Prevent the current configuration from being garbage-collected.
-            ln -sfn /var/run/current-system /nix/var/nix/gcroots/current-system
+            ln -sfn /run/current-system /nix/var/nix/gcroots/current-system
          '';
      };
--- a/modules/system/activation/switch-to-configuration.sh
+++ b/modules/system/activation/switch-to-configuration.sh
@ -59,7 +59,7 @@ fi
 # Activate the new configuration.
 if [ "$action" != switch -a "$action" != test ]; then exit 0; fi
-oldVersion=$(cat /var/run/current-system/upstart-interface-version 2> /dev/null || echo 0)
+oldVersion=$(cat /run/current-system/upstart-interface-version 2> /dev/null || echo 0)
 newVersion=$(cat @out@/upstart-interface-version 2> /dev/null || echo 0)
 if test "$oldVersion" -ne "$newVersion"; then
--- a/modules/system/boot/modprobe.nix
+++ b/modules/system/boot/modprobe.nix
@ -23,7 +23,7 @@ with pkgs.lib;
            # modules in the current configuration don't match the
            # running kernel.
            if [ ! -d "$MODULE_DIR/$(${pkgs.coreutils}/bin/uname -r)" ]; then
-                MODULE_DIR=/var/run/booted-system/kernel-modules/lib/modules/
+                MODULE_DIR=/run/booted-system/kernel-modules/lib/modules/
            fi
            exec ${pkgs.kmod}/sbin/modprobe "$@"
--- a/modules/system/boot/stage-2-init.sh
+++ b/modules/system/boot/stage-2-init.sh
@ -143,12 +143,12 @@ $systemConfig/activate
 # Record the boot configuration.
-ln -sfn "$systemConfig" /var/run/booted-system
+ln -sfn "$systemConfig" /run/booted-system
 # Prevent the booted system form being garbage-collected If it weren't
 # a gcroot, if we were running a different kernel, switched system,
 # and garbage collected all, we could not load kernel modules anymore.
-ln -sfn /var/run/booted-system /nix/var/nix/gcroots/booted-system
+ln -sfn /run/booted-system /nix/var/nix/gcroots/booted-system
 # Run any user-specified commands.
@ -177,6 +177,6 @@ fi
 # Start systemd.
 echo "starting systemd..."
-PATH=/var/run/current-system/systemd/lib/systemd \
+PATH=/run/current-system/systemd/lib/systemd \
-    MODULE_DIR=/var/run/current-system/kernel-modules/lib/modules \
+    MODULE_DIR=/run/current-system/kernel-modules/lib/modules \
    exec systemd --log-target journal # --log-level debug --crash-shell
--- a/modules/system/upstart-events/shutdown.nix
+++ b/modules/system/upstart-events/shutdown.nix
@ -0,0 +1,162 @@
 { config, pkgs, ... }:
 with pkgs.lib;
 {
  jobs.shutdown =
    { name = "shutdown";
      task = true;
      stopOn = ""; # must override the default ("starting shutdown")
      environment = { MODE = "poweroff"; };
      extraConfig = "console owner";
      script =
        ''
          set +e # continue in case of errors
          ${pkgs.kbd}/bin/chvt 1
          exec < /dev/console > /dev/console 2>&1
          echo ""
          if test "$MODE" = maintenance; then
              echo "[1;32m<<< Entering maintenance mode >>>[0m"
          else
              echo "[1;32m<<< System shutdown >>>[0m"
          fi
          echo ""
          ${config.powerManagement.powerDownCommands}
          export PATH=${pkgs.utillinux}/bin:${pkgs.utillinux}/sbin:$PATH
          # Do an initial sync just in case.
          sync
          # Kill all remaining processes except init, this one and any
          # Upstart jobs that don't stop on the "starting shutdown"
          # event, as these are necessary to complete the shutdown.
          omittedPids=$(initctl list | sed -e 's/.*process \([0-9]\+\)/-o \1/;t;d')
          #echo "saved PIDs: $omittedPids"
          echo "sending the TERM signal to all processes..."
          ${pkgs.sysvtools}/bin/killall5 -15 $job $omittedPids
          sleep 1 # wait briefly
          echo "sending the KILL signal to all processes..."
          ${pkgs.sysvtools}/bin/killall5 -9 $job $omittedPids
          # If maintenance mode is requested, start a root shell, and
          # afterwards emit the "startup" event to bring everything
          # back up.
          if test "$MODE" = maintenance; then
              echo ""
              echo "[1;32m<<< Maintenance shell >>>[0m"
              echo ""
              ${pkgs.shadow}/bin/login root
              initctl emit -n startup
              exit 0
          fi
          # Write a shutdown record to wtmp while /var/log is still writable.
          reboot --wtmp-only
          # Set the hardware clock to the system time.
          echo "setting the hardware clock..."
          hwclock --systohc ${if config.time.hardwareClockInLocalTime then "--localtime" else "--utc"}
          # Stop all swap devices.
          swapoff -a
          # Unmount file systems.  We repeat this until no more file systems
          # can be unmounted.  This is to handle loopback devices, file
          # systems mounted on other file systems and so on.
          tryAgain=1
          while test -n "$tryAgain"; do
              tryAgain=
              failed= # list of mount points that couldn't be unmounted/remounted
              # Get rid of loopback devices.
              loDevices=$(losetup -a | sed 's#^\(/dev/loop[0-9]\+\).*#\1#')
              if [ -n "$loDevices" ]; then
                  echo "removing loopback devices $loDevices..."
                  losetup -d $loDevices
              fi
              cp /proc/mounts /dev/.mounts # don't read /proc/mounts while it's changing
              exec 4< /dev/.mounts
              while read -u 4 device mp fstype options rest; do
                  # Skip various special filesystems.  Non-existent
                  # mount points are typically tmpfs/aufs mounts from
                  # the initrd.
                  if [ "$mp" = /proc -o "$mp" = /sys -o "$mp" = /dev -o "$device" = "rootfs" -o "$mp" = /run -o "$mp" = /var/run -o "$mp" = /var/lock -o ! -e "$mp" ]; then continue; fi
                  echo "unmounting $mp..."
                  # We need to remount,ro before attempting any
                  # umount, or bind mounts may get confused, with
                  # the fs not being properly flushed at the end.
                  # `-i' is to workaround a bug in mount.cifs (it
                  # doesn't recognise the `remount' option, and
                  # instead mounts the FS again).
                  success=
                  if mount -t "$fstype" -n -i -o remount,ro "device" "$mp"; then success=1; fi
                  # Note: don't use `umount -f'; it's very buggy.
                  # (For instance, when applied to a bind-mount it
                  # unmounts the target of the bind-mount.)  !!! But
                  # we should use `-f' for NFS.
                  if [ "$mp" != / -a "$mp" != /nix -a "$mp" != /nix/store ]; then
                      if umount -n "$mp"; then success=1; tryAgain=1; fi
                  fi
                  if [ -z "$success" ]; then failed="$failed $mp"; fi
              done
          done
          # Warn about filesystems that could not be unmounted or
          # remounted read-only.
          if [ -n "$failed" ]; then
              echo "[1;31mwarning:[0m the following filesystems could not be unmounted:"
              for mp in $failed; do echo "  $mp"; done
              echo Enter 'i' to launch a shell, or wait 10 seconds to continue.
              read -t 10 A
              if [ "$A" == "i" ]; then
                ${pkgs.bashInteractive}/bin/bash -i < /dev/console &> /dev/console
              fi
              sleep 5
          fi
          # Final sync.
          sync
          # Either reboot or power-off the system.
          if test "$MODE" = reboot; then
              echo "rebooting..."
              sleep 1
              exec reboot -f
          else
              echo "powering off..."
              sleep 1
              exec halt -f -p
          fi
        '';
    };
 }
--- a/modules/tasks/kbd.nix
+++ b/modules/tasks/kbd.nix
@ -67,7 +67,7 @@ in
        script = ''
          export LANG=${defaultLocale}
-          export LOCALE_ARCHIVE=/var/run/current-system/sw/lib/locale/locale-archive
+          export LOCALE_ARCHIVE=/run/current-system/sw/lib/locale/locale-archive
          export PATH=${pkgs.gzip}/bin:$PATH # Needed by setfont
          set +e # continue in case of errors