diff --git a/doc/functions.xml b/doc/functions.xml
index 39010f8ab14..e2bc751e140 100644
--- a/doc/functions.xml
+++ b/doc/functions.xml
@@ -88,6 +88,13 @@ in ...
<pkg>.overrideDerivation
+
+ Do not use this function in Nixpkgs. Because it breaks
+ package abstraction and doesn’t provide error checking for
+ function arguments, it is only intended for ad-hoc customisation
+ (such as in ~/.nixpkgs/config.nix).
+
+
The function overrideDerivation is usually available for all the
derivations in the nixpkgs expression (pkgs).
diff --git a/doc/language-support.xml b/doc/language-support.xml
index 0a0e24e9abf..9a88ea4fa6f 100644
--- a/doc/language-support.xml
+++ b/doc/language-support.xml
@@ -196,12 +196,12 @@ you need it.
Currently supported interpreters are python26, python27,
- python32, python33, python34
+ python33, python34, python35
and pypy.
- python is an alias of python27 and python3 is an alias of python34.
+ python is an alias to python27 and python3 is an alias to python34.
@@ -231,7 +231,7 @@ are provided with all modules included.
- All packages depending on any Python interpreter get appended $out/${python.libPrefix}/site-packages
+ All packages depending on any Python interpreter get appended $out/${python.sitePackages}
to $PYTHONPATH if such directory exists.
@@ -306,7 +306,7 @@ twisted = buildPythonPackage {
Most of Python packages that use buildPythonPackage are defined
in pkgs/top-level/python-packages.nix
and generated for each python interpreter separately into attribute sets python26Packages,
- python27Packages, python32Packages, python33Packages,
+ python27Packages, python35Packages, python33Packages,
python34Packages and pypyPackages.
@@ -314,20 +314,14 @@ twisted = buildPythonPackage {
buildPythonPackage mainly does four things:
-
- In the configurePhase, it patches
- setup.py to always include setuptools before
- distutils for monkeypatching machinery to take place.
-
-
In the buildPhase, it calls
- ${python.interpreter} setup.py build ...
+ ${python.interpreter} setup.py bdist_wheel to build a wheel binary zipfile.
- In the installPhase, it calls
- ${python.interpreter} setup.py install ...
+ In the installPhase, it installs the wheel file using
+ pip install *.whl.
@@ -336,11 +330,15 @@ twisted = buildPythonPackage {
directory to include $PYTHONPATH and $PATH
environment variables.
+
+
+ In the installCheck phase, ${python.interpreter} setup.py test
+ is ran.
+
- By default doCheck = true is set and tests are run with
- ${python.interpreter} setup.py test command in checkPhase.
+ By default doCheck = true is set
As in Perl, dependencies on other Python packages can be specified in the
@@ -382,17 +380,10 @@ twisted = buildPythonPackage {
-
- setupPyInstallFlags
-
- List of flags passed to setup.py install command.
-
-
-
setupPyBuildFlags
- List of flags passed to setup.py build command.
+ List of flags passed to setup.py build_ext command.
@@ -400,7 +391,7 @@ twisted = buildPythonPackage {
pythonPath
List of packages to be added into $PYTHONPATH.
- Packages in pythonPath are not propagated into user environment
+ Packages in pythonPath are not propagated
(contrary to propagatedBuildInputs).
@@ -419,15 +410,6 @@ twisted = buildPythonPackage {
-
- distutilsExtraCfg
-
- Extra lines passed to [easy_install] section of
- distutils.cfg (acts as global setup.cfg
- configuration).
-
-
-
makeWrapperArgs
@@ -545,7 +527,7 @@ exist in community to help save time. No tool is preferred at the moment.
To develop Python packages buildPythonPackage has
additional logic inside shellPhase to run
- ${python.interpreter} setup.py develop for the package.
+ pip install -e . --prefix $TMPDIR/ for the package.
shellPhase is executed only if setup.py
diff --git a/doc/meta.xml b/doc/meta.xml
index 98031612523..ea8a363f0fd 100644
--- a/doc/meta.xml
+++ b/doc/meta.xml
@@ -33,7 +33,7 @@ the package. The value of a meta-attribute must be a string.
command-line using nix-env:
-$ nix-env -qa hello --meta --json
+$ nix-env -qa hello --json
{
"hello": {
"meta": {
diff --git a/lib/maintainers.nix b/lib/maintainers.nix
index 5a49da4d628..54e10e5cf8c 100644
--- a/lib/maintainers.nix
+++ b/lib/maintainers.nix
@@ -96,6 +96,7 @@
enolan = "Echo Nolan ";
epitrochoid = "Mabry Cervin ";
ericbmerritt = "Eric Merritt ";
+ ericsagnes = "Eric Sagnes ";
erikryb = "Erik Rybakken ";
ertes = "Ertugrul Söylemez ";
exlevan = "Alexey Levan ";
@@ -181,12 +182,14 @@
malyn = "Michael Alyn Miller ";
manveru = "Michael Fellinger ";
marcweber = "Marc Weber ";
+ markWot = "Markus Wotringer fix f
+ # { bar = "bar"; foo = "foo"; foobar = "foobar"; }
+ #
+ # See https://en.wikipedia.org/wiki/Fixed-point_combinator for further
+ # details.
+ fix = f: let x = f x; in x;
+
+ # A variant of `fix` that records the original recursive attribute set in the
+ # result. This is useful in combination with the `extends` function to
+ # implement deep overriding. See pkgs/development/haskell-modules/default.nix
+ # for a concrete example.
+ fix' = f: let x = f x // { __unfix__ = f; }; in x;
+
+ # Modify the contents of an explicitly recursive attribute set in a way that
+ # honors `self`-references. This is accomplished with a function
+ #
+ # g = self: super: { foo = super.foo + " + "; }
+ #
+ # that has access to the unmodified input (`super`) as well as the final
+ # non-recursive representation of the attribute set (`self`). `extends`
+ # differs from the native `//` operator insofar as that it's applied *before*
+ # references to `self` are resolved:
+ #
+ # nix-repl> fix (extends g f)
+ # { bar = "bar"; foo = "foo + "; foobar = "foo + bar"; }
+ #
+ # The name of the function is inspired by object-oriented inheritance, i.e.
+ # think of it as an infix operator `g extends f` that mimics the syntax from
+ # Java. It may seem counter-intuitive to have the "base class" as the second
+ # argument, but it's nice this way if several uses of `extends` are cascaded.
+ extends = f: rattrs: self: let super = rattrs self; in super // f self super;
# Flip the order of the arguments of a binary function.
flip = f: a: b: f b a;
diff --git a/nixos/doc/manual/release-notes/rl-unstable.xml b/nixos/doc/manual/release-notes/rl-unstable.xml
index 65aa36586cb..c9b31afdfcf 100644
--- a/nixos/doc/manual/release-notes/rl-unstable.xml
+++ b/nixos/doc/manual/release-notes/rl-unstable.xml
@@ -26,6 +26,13 @@ nixos.path = ./nixpkgs-unstable-2015-12-06/nixos;
+The following new services were added since the last release:
+
+
+ services/monitoring/longview.nix
+
+
+
When upgrading from a previous release, please be aware of the
following incompatible changes:
@@ -74,6 +81,29 @@ nginx.override {
+
+ s3sync is removed, as it hasn't been
+ developed by upstream for 4 years and only runs with ruby 1.8.
+ For an actively-developer alternative look at
+ tarsnap and others.
+
+
+
+
+ ruby_1_8 has been removed as it's not
+ supported from upstream anymore and probably contains security
+ issues.
+
+
+
+
+ tidy-html5 package is removed.
+ Upstream only provided (lib)tidy5 during development,
+ and now they went back to (lib)tidy to work as a drop-in
+ replacement of the original package that has been unmaintained for years.
+ You can (still) use the html-tidy package, which got updated
+ to a stable release from this new upstream.
+
diff --git a/nixos/lib/make-iso9660-image.sh b/nixos/lib/make-iso9660-image.sh
index c9a37379469..31bfe23d3d4 100644
--- a/nixos/lib/make-iso9660-image.sh
+++ b/nixos/lib/make-iso9660-image.sh
@@ -119,7 +119,11 @@ $xorriso -output $out/iso/$isoName
if test -n "$usbBootable"; then
echo "Making image hybrid..."
- isohybrid --uefi $out/iso/$isoName
+ if test -n "$efiBootable"; then
+ isohybrid --uefi $out/iso/$isoName
+ else
+ isohybrid $out/iso/$isoName
+ fi
fi
if test -n "$compressImage"; then
diff --git a/nixos/modules/misc/ids.nix b/nixos/modules/misc/ids.nix
index b1130c2b124..2b40120641a 100644
--- a/nixos/modules/misc/ids.nix
+++ b/nixos/modules/misc/ids.nix
@@ -236,6 +236,7 @@
xtreemfs = 212;
calibre-server = 213;
heapster = 214;
+ bepasty = 215;
# When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!
@@ -304,7 +305,7 @@
nslcd = 58;
scanner = 59;
nginx = 60;
- #chrony = 61; # unused
+ chrony = 61;
systemd-journal = 62;
smtpd = 63;
smtpq = 64;
@@ -449,6 +450,7 @@
#kibana = 211;
xtreemfs = 212;
calibre-server = 213;
+ bepasty = 215;
# When adding a gid, make sure it doesn't match an existing
# uid. Users and groups with the same name should have equal
diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix
index ecdf2264d69..a8cf38f1c8f 100644
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@@ -190,6 +190,7 @@
./services/mail/spamassassin.nix
./services/misc/apache-kafka.nix
./services/misc/autofs.nix
+ ./services/misc/bepasty.nix
./services/misc/canto-daemon.nix
./services/misc/calibre-server.nix
./services/misc/cpuminer-cryptonight.nix
@@ -240,6 +241,7 @@
./services/monitoring/grafana.nix
./services/monitoring/graphite.nix
./services/monitoring/heapster.nix
+ ./services/monitoring/longview.nix
./services/monitoring/monit.nix
./services/monitoring/munin.nix
./services/monitoring/nagios.nix
diff --git a/nixos/modules/profiles/base.nix b/nixos/modules/profiles/base.nix
index 9aa0034783f..b8057cadce2 100644
--- a/nixos/modules/profiles/base.nix
+++ b/nixos/modules/profiles/base.nix
@@ -1,7 +1,7 @@
# This module defines the software packages included in the "minimal"
# installation CD. It might be useful elsewhere.
-{ config, pkgs, ... }:
+{ config, lib, pkgs, ... }:
{
# Include some utilities that are useful for installing or repairing
@@ -50,5 +50,5 @@
boot.supportedFilesystems = [ "btrfs" "reiserfs" "vfat" "f2fs" "xfs" "zfs" "ntfs" "cifs" ];
# Configure host id for ZFS to work
- networking.hostId = "8425e349";
+ networking.hostId = lib.mkDefault "8425e349";
}
diff --git a/nixos/modules/programs/ibus.nix b/nixos/modules/programs/ibus.nix
index b8702a743d8..a42753a292b 100644
--- a/nixos/modules/programs/ibus.nix
+++ b/nixos/modules/programs/ibus.nix
@@ -27,7 +27,7 @@ in
};
config = mkIf cfg.enable {
- environment.systemPackages = [ pkgs.ibus ];
+ environment.systemPackages = [ pkgs.ibus pkgs.gnome3.dconf ];
gtkPlugins = [ pkgs.ibus ];
qtPlugins = [ pkgs.ibus-qt ];
diff --git a/nixos/modules/programs/zsh/zsh.nix b/nixos/modules/programs/zsh/zsh.nix
index 74dd6af0bdd..dae7e446b4c 100644
--- a/nixos/modules/programs/zsh/zsh.nix
+++ b/nixos/modules/programs/zsh/zsh.nix
@@ -25,7 +25,7 @@ in
enable = mkOption {
default = false;
description = ''
- Whenever to configure Zsh as an interactive shell.
+ Whether to configure zsh as an interactive shell.
'';
type = types.bool;
};
@@ -73,6 +73,14 @@ in
type = types.lines;
};
+ enableCompletion = mkOption {
+ default = true;
+ description = ''
+ Enable zsh completion for all interactive zsh shells.
+ '';
+ type = types.bool;
+ };
+
};
};
@@ -101,6 +109,13 @@ in
export HISTFILE=$HOME/.zsh_history
setopt HIST_IGNORE_DUPS SHARE_HISTORY HIST_FCNTL_LOCK
+
+ # Tell zsh how to find installed completions
+ for p in ''${(z)NIX_PROFILES}; do
+ fpath+=($p/share/zsh/site-functions $p/share/zsh/$ZSH_VERSION/functions)
+ done
+
+ ${if cfg.enableCompletion then "autoload -U compinit && compinit" else ""}
'';
};
@@ -161,7 +176,10 @@ in
environment.etc."zinputrc".source = ./zinputrc;
- environment.systemPackages = [ pkgs.zsh ];
+ environment.systemPackages = [ pkgs.zsh ]
+ ++ optional cfg.enableCompletion pkgs.nix-zsh-completions;
+
+ environment.pathsToLink = optional cfg.enableCompletion "/share/zsh";
#users.defaultUserShell = mkDefault "/run/current-system/sw/bin/zsh";
diff --git a/nixos/modules/security/pam.nix b/nixos/modules/security/pam.nix
index 88760574cbc..2ee8a803d2f 100644
--- a/nixos/modules/security/pam.nix
+++ b/nixos/modules/security/pam.nix
@@ -218,7 +218,7 @@ let
# Samba stuff to the Samba module. This requires that the PAM
# module provides the right hooks.
text = mkDefault
- ''
+ (''
# Account management.
account sufficient pam_unix.so
${optionalString config.users.ldap.enable
@@ -241,12 +241,22 @@ let
"auth sufficient ${pkgs.pam_u2f}/lib/security/pam_u2f.so"}
${optionalString cfg.usbAuth
"auth sufficient ${pkgs.pam_usb}/lib/security/pam_usb.so"}
+ '' +
+ # Modules in this block require having the password set in PAM_AUTHTOK.
+ # pam_unix is marked as 'sufficient' on NixOS which means nothing will run
+ # after it succeeds. Certain modules need to run after pam_unix
+ # prompts the user for password so we run it once with 'required' at an
+ # earlier point and it will run again with 'sufficient' further down.
+ # We use try_first_pass the second time to avoid prompting password twice
+ (optionalString (cfg.unixAuth && (config.security.pam.enableEcryptfs || cfg.pamMount)) ''
+ auth required pam_unix.so ${optionalString cfg.allowNullPassword "nullok"} likeauth
+ ${optionalString config.security.pam.enableEcryptfs
+ "auth optional ${pkgs.ecryptfs}/lib/security/pam_ecryptfs.so unwrap"}
+ ${optionalString cfg.pamMount
+ "auth optional ${pkgs.pam_mount}/lib/security/pam_mount.so"}
+ '') + ''
${optionalString cfg.unixAuth
- "auth ${if (config.security.pam.enableEcryptfs || cfg.pamMount) then "required" else "sufficient"} pam_unix.so ${optionalString cfg.allowNullPassword "nullok"} likeauth"}
- ${optionalString cfg.pamMount
- "auth optional ${pkgs.pam_mount}/lib/security/pam_mount.so"}
- ${optionalString config.security.pam.enableEcryptfs
- "auth required ${pkgs.ecryptfs}/lib/security/pam_ecryptfs.so unwrap"}
+ "auth sufficient pam_unix.so ${optionalString cfg.allowNullPassword "nullok"} likeauth try_first_pass"}
${optionalString cfg.otpwAuth
"auth sufficient ${pkgs.otpw}/lib/security/pam_otpw.so"}
${optionalString cfg.oathAuth
@@ -258,7 +268,7 @@ let
auth [default=die success=done] ${pam_ccreds}/lib/security/pam_ccreds.so action=validate use_first_pass
auth sufficient ${pam_ccreds}/lib/security/pam_ccreds.so action=store use_first_pass
''}
- ${optionalString (!(config.security.pam.enableEcryptfs || cfg.pamMount)) "auth required pam_deny.so"}
+ auth required pam_deny.so
# Password management.
password requisite pam_unix.so nullok sha512
@@ -306,7 +316,7 @@ let
"session optional ${pkgs.pam_mount}/lib/security/pam_mount.so"}
${optionalString (cfg.enableAppArmor && config.security.apparmor.enable)
"session optional ${pkgs.apparmor-pam}/lib/security/pam_apparmor.so order=user,group,default debug"}
- '';
+ '');
};
};
diff --git a/nixos/modules/services/misc/bepasty.nix b/nixos/modules/services/misc/bepasty.nix
new file mode 100644
index 00000000000..12671cb1b6c
--- /dev/null
+++ b/nixos/modules/services/misc/bepasty.nix
@@ -0,0 +1,151 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+let
+ gunicorn = pkgs.pythonPackages.gunicorn;
+ bepasty = pkgs.pythonPackages.bepasty-server;
+ gevent = pkgs.pythonPackages.gevent;
+ python = pkgs.pythonPackages.python;
+ cfg = config.services.bepasty;
+ user = "bepasty";
+ group = "bepasty";
+ default_home = "/var/lib/bepasty";
+in
+{
+ options.services.bepasty = {
+ enable = mkEnableOption "Bepasty servers";
+
+ servers = mkOption {
+ default = {};
+ description = ''
+ configure a number of bepasty servers which will be started with
+ gunicorn.
+ '';
+ type = with types ; attrsOf (submodule ({
+
+ options = {
+
+ bind = mkOption {
+ type = types.str;
+ description = ''
+ Bind address to be used for this server.
+ '';
+ example = "0.0.0.0:8000";
+ default = "127.0.0.1:8000";
+ };
+
+
+ dataDir = mkOption {
+ type = types.str;
+ description = ''
+ Path to the directory where the pastes will be saved to
+ '';
+ default = default_home+"/data";
+ };
+
+ defaultPermissions = mkOption {
+ type = types.str;
+ description = ''
+ default permissions for all unauthenticated accesses.
+ '';
+ example = "read,create,delete";
+ default = "read";
+ };
+
+ extraConfig = mkOption {
+ type = types.str;
+ description = ''
+ Extra configuration for bepasty server to be appended on the
+ configuration.
+ see https://bepasty-server.readthedocs.org/en/latest/quickstart.html#configuring-bepasty
+ for all options.
+ '';
+ default = "";
+ example = ''
+ PERMISSIONS = {
+ 'myadminsecret': 'admin,list,create,read,delete',
+ }
+ MAX_ALLOWED_FILE_SIZE = 5 * 1000 * 1000
+ '';
+ };
+
+ secretKey = mkOption {
+ type = types.str;
+ description = ''
+ server secret for safe session cookies, must be set.
+ '';
+ default = "";
+ };
+
+ workDir = mkOption {
+ type = types.str;
+ description = ''
+ Path to the working directory (used for config and pidfile).
+ Defaults to the users home directory.
+ '';
+ default = default_home;
+ };
+
+ };
+ }));
+ };
+ };
+
+ config = mkIf cfg.enable {
+ environment.systemPackages = [ bepasty ];
+
+ # creates gunicorn systemd service for each configured server
+ systemd.services = mapAttrs' (name: server:
+ nameValuePair ("bepasty-server-${name}-gunicorn")
+ ({
+ description = "Bepasty Server ${name}";
+ wantedBy = [ "multi-user.target" ];
+ after = [ "network.target" ];
+ restartIfChanged = true;
+
+ environment = {
+ BEPASTY_CONFIG = "${server.workDir}/bepasty-${name}.conf";
+ PYTHONPATH= "${bepasty}/lib/${python.libPrefix}/site-packages:${gevent}/lib/${python.libPrefix}/site-packages";
+ };
+
+ serviceConfig = {
+ Type = "simple";
+ PrivateTmp = true;
+ ExecStartPre = assert server.secretKey != ""; pkgs.writeScript "bepasty-server.${name}-init" ''
+ #!/bin/sh
+ mkdir -p "${server.workDir}"
+ mkdir -p "${server.dataDir}"
+ chown ${user}:${group} "${server.workDir}" "${server.dataDir}"
+ cat > ${server.workDir}/bepasty-${name}.conf < /etc/systemd-mutable/system/dysnomia.target
+ fi
+ '';
exec = "disnix-service";
};
diff --git a/nixos/modules/services/monitoring/graphite.nix b/nixos/modules/services/monitoring/graphite.nix
index ac0fba597a0..57abb959fdb 100644
--- a/nixos/modules/services/monitoring/graphite.nix
+++ b/nixos/modules/services/monitoring/graphite.nix
@@ -41,8 +41,15 @@ let
};
carbonOpts = name: with config.ids; ''
- --nodaemon --syslog --prefix=${name} --pidfile ${dataDir}/${name}.pid ${name}
+ --nodaemon --syslog --prefix=${name} --pidfile /run/${name}/${name}.pid ${name}
'';
+
+ mkPidFileDir = name: ''
+ mkdir -p /run/${name}
+ chmod 0700 /run/${name}
+ chown -R graphite:graphite /run/${name}
+ '';
+
carbonEnv = {
PYTHONPATH = "${pkgs.python27Packages.carbon}/lib/python2.7/site-packages";
GRAPHITE_ROOT = dataDir;
@@ -370,18 +377,20 @@ in {
config = mkMerge [
(mkIf cfg.carbon.enableCache {
- systemd.services.carbonCache = {
+ systemd.services.carbonCache = let name = "carbon-cache"; in {
description = "Graphite Data Storage Backend";
wantedBy = [ "multi-user.target" ];
after = [ "network-interfaces.target" ];
environment = carbonEnv;
serviceConfig = {
- ExecStart = "${pkgs.twisted}/bin/twistd ${carbonOpts "carbon-cache"}";
+ ExecStart = "${pkgs.twisted}/bin/twistd ${carbonOpts name}";
User = "graphite";
Group = "graphite";
PermissionsStartOnly = true;
+ PIDFile="/run/${name}/${name}.pid";
};
- preStart = ''
+ preStart = mkPidFileDir name + ''
+
mkdir -p ${cfg.dataDir}/whisper
chmod 0700 ${cfg.dataDir}/whisper
chown -R graphite:graphite ${cfg.dataDir}
@@ -390,31 +399,35 @@ in {
})
(mkIf cfg.carbon.enableAggregator {
- systemd.services.carbonAggregator = {
+ systemd.services.carbonAggregator = let name = "carbon-aggregator"; in {
enable = cfg.carbon.enableAggregator;
description = "Carbon Data Aggregator";
wantedBy = [ "multi-user.target" ];
after = [ "network-interfaces.target" ];
environment = carbonEnv;
serviceConfig = {
- ExecStart = "${pkgs.twisted}/bin/twistd ${carbonOpts "carbon-aggregator"}";
+ ExecStart = "${pkgs.twisted}/bin/twistd ${carbonOpts name}";
User = "graphite";
Group = "graphite";
+ PIDFile="/run/${name}/${name}.pid";
};
+ preStart = mkPidFileDir name;
};
})
(mkIf cfg.carbon.enableRelay {
- systemd.services.carbonRelay = {
+ systemd.services.carbonRelay = let name = "carbon-relay"; in {
description = "Carbon Data Relay";
wantedBy = [ "multi-user.target" ];
after = [ "network-interfaces.target" ];
environment = carbonEnv;
serviceConfig = {
- ExecStart = "${pkgs.twisted}/bin/twistd ${carbonOpts "carbon-relay"}";
+ ExecStart = "${pkgs.twisted}/bin/twistd ${carbonOpts name}";
User = "graphite";
Group = "graphite";
+ PIDFile="/run/${name}/${name}.pid";
};
+ preStart = mkPidFileDir name;
};
})
diff --git a/nixos/modules/services/monitoring/longview.nix b/nixos/modules/services/monitoring/longview.nix
new file mode 100644
index 00000000000..770d56e60ef
--- /dev/null
+++ b/nixos/modules/services/monitoring/longview.nix
@@ -0,0 +1,118 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+ cfg = config.services.longview;
+
+ pidFile = "/run/longview.pid";
+
+ apacheConf = optionalString (cfg.apacheStatusUrl != "") ''
+ location ${cfg.apacheStatusUrl}?auto
+ '';
+ mysqlConf = optionalString (cfg.mysqlUser != "") ''
+ username ${cfg.mysqlUser}
+ password ${cfg.mysqlPassword}
+ '';
+ nginxConf = optionalString (cfg.nginxStatusUrl != "") ''
+ location ${cfg.nginxStatusUrl}
+ '';
+
+in
+
+{
+ options = {
+
+ services.longview = {
+
+ enable = mkOption {
+ type = types.bool;
+ default = false;
+ description = ''
+ If enabled, system metrics will be sent to Linode LongView.
+ '';
+ };
+
+ apiKey = mkOption {
+ type = types.str;
+ example = "01234567-89AB-CDEF-0123456789ABCDEF";
+ description = ''
+ Longview API key. To get this, look in Longview settings which
+ are found at https://manager.linode.com/longview/.
+ '';
+ };
+
+ apacheStatusUrl = mkOption {
+ type = types.str;
+ default = "";
+ example = "http://127.0.0.1/server-status";
+ description = ''
+ The Apache status page URL. If provided, Longview will
+ gather statistics from this location. This requires Apache
+ mod_status to be loaded and enabled.
+ '';
+ };
+
+ nginxStatusUrl = mkOption {
+ type = types.str;
+ default = "";
+ example = "http://127.0.0.1/nginx_status";
+ description = ''
+ The Nginx status page URL. Longview will gather statistics
+ from this URL. This requires the Nginx stub_status module to
+ be enabled and configured at the given location.
+ '';
+ };
+
+ mysqlUser = mkOption {
+ type = types.str;
+ default = "";
+ description = ''
+ The user for connecting to the MySQL database. If provided,
+ Longview will connect to MySQL and collect statistics about
+ queries, etc. This user does not need to have been granted
+ any extra privileges.
+ '';
+ };
+
+ mysqlPassword = mkOption {
+ type = types.str;
+ description = ''
+ The password corresponding to mysqlUser. Warning: this is
+ stored in cleartext in the Nix store!
+ '';
+ };
+ };
+
+ };
+
+ config = mkIf cfg.enable {
+ systemd.services.longview =
+ { description = "Longview Metrics Collection";
+ after = [ "network.target" ];
+ wantedBy = [ "multi-user.target" ];
+ serviceConfig.Type = "forking";
+ serviceConfig.ExecStop = "-${pkgs.coreutils}/bin/kill -TERM $MAINPID";
+ serviceConfig.ExecReload = "-${pkgs.coreutils}/bin/kill -HUP $MAINPID";
+ serviceConfig.PIDFile = pidFile;
+ serviceConfig.ExecStart = "${pkgs.longview}/bin/longview";
+ };
+
+ environment.etc."linode/longview.key" = {
+ mode = "0400";
+ text = cfg.apiKey;
+ };
+ environment.etc."linode/longview.d/Apache.conf" = {
+ mode = "0400";
+ text = apacheConf;
+ };
+ environment.etc."linode/longview.d/MySQL.conf" = {
+ mode = "0400";
+ text = mysqlConf;
+ };
+ environment.etc."linode/longview.d/Nginx.conf" = {
+ mode = "0400";
+ text = nginxConf;
+ };
+ };
+}
diff --git a/nixos/modules/services/monitoring/statsd.nix b/nixos/modules/services/monitoring/statsd.nix
index d9e0b83e238..39fabc27d6c 100644
--- a/nixos/modules/services/monitoring/statsd.nix
+++ b/nixos/modules/services/monitoring/statsd.nix
@@ -6,13 +6,21 @@ let
cfg = config.services.statsd;
+ isBuiltinBackend = name:
+ builtins.elem name [ "graphite" "console" "repeater" ];
+
configFile = pkgs.writeText "statsd.conf" ''
{
address: "${cfg.host}",
port: "${toString cfg.port}",
mgmt_address: "${cfg.mgmt_address}",
mgmt_port: "${toString cfg.mgmt_port}",
- backends: [${concatMapStringsSep "," (el: if (nixType el) == "string" then ''"./backends/${el}"'' else ''"${head el.names}"'') cfg.backends}],
+ backends: [${
+ concatMapStringsSep "," (name:
+ if (isBuiltinBackend name)
+ then ''"./backends/${name}"''
+ else ''"${name}"''
+ ) cfg.backends}],
${optionalString (cfg.graphiteHost!=null) ''graphiteHost: "${cfg.graphiteHost}",''}
${optionalString (cfg.graphitePort!=null) ''graphitePort: "${toString cfg.graphitePort}",''}
console: {
@@ -66,9 +74,16 @@ in
backends = mkOption {
description = "List of backends statsd will use for data persistence";
- default = ["graphite"];
- example = ["graphite" pkgs.nodePackages."statsd-influxdb-backend"];
- type = types.listOf (types.either types.str types.package);
+ default = [];
+ example = [
+ "graphite"
+ "console"
+ "repeater"
+ "statsd-librato-backend"
+ "stackdriver-statsd-backend"
+ "statsd-influxdb-backend"
+ ];
+ type = types.listOf types.str;
};
graphiteHost = mkOption {
@@ -105,15 +120,17 @@ in
description = "Statsd Server";
wantedBy = [ "multi-user.target" ];
environment = {
- NODE_PATH=concatMapStringsSep ":" (el: "${el}/lib/node_modules") (filter (el: (nixType el) != "string") cfg.backends);
+ NODE_PATH=concatMapStringsSep ":"
+ (pkg: "${builtins.getAttr pkg pkgs.statsd.nodePackages}/lib/node_modules")
+ (filter (name: !isBuiltinBackend name) cfg.backends);
};
serviceConfig = {
- ExecStart = "${pkgs.nodePackages.statsd}/bin/statsd ${configFile}";
+ ExecStart = "${pkgs.statsd}/bin/statsd ${configFile}";
User = "statsd";
};
};
- environment.systemPackages = [pkgs.nodePackages.statsd];
+ environment.systemPackages = [ pkgs.statsd ];
};
diff --git a/nixos/modules/services/networking/chrony.nix b/nixos/modules/services/networking/chrony.nix
index fe062b30e4b..1cd678e7c62 100644
--- a/nixos/modules/services/networking/chrony.nix
+++ b/nixos/modules/services/networking/chrony.nix
@@ -8,26 +8,10 @@ let
stateDir = "/var/lib/chrony";
- chronyUser = "chrony";
+ keyFile = "/etc/chrony.keys";
cfg = config.services.chrony;
- configFile = pkgs.writeText "chrony.conf" ''
- ${toString (map (server: "server " + server + "\n") cfg.servers)}
-
- ${optionalString cfg.initstepslew.enabled ''
- initstepslew ${toString cfg.initstepslew.threshold} ${toString (map (server: server + " ") cfg.initstepslew.servers)}
- ''}
-
- driftfile ${stateDir}/chrony.drift
-
- ${optionalString (!config.time.hardwareClockInLocalTime) "rtconutc"}
-
- ${cfg.extraConfig}
- '';
-
- chronyFlags = "-m -f ${configFile} -u ${chronyUser}";
-
in
{
@@ -47,12 +31,7 @@ in
};
servers = mkOption {
- default = [
- "0.nixos.pool.ntp.org"
- "1.nixos.pool.ntp.org"
- "2.nixos.pool.ntp.org"
- "3.nixos.pool.ntp.org"
- ];
+ default = config.services.ntp.servers;
description = ''
The set of NTP servers from which to synchronise.
'';
@@ -90,28 +69,60 @@ in
# Make chronyc available in the system path
environment.systemPackages = [ pkgs.chrony ];
+ environment.etc."chrony.conf".text =
+ ''
+ ${concatMapStringsSep "\n" (server: "server " + server) cfg.servers}
+
+ ${optionalString
+ cfg.initstepslew.enabled
+ "initstepslew ${toString cfg.initstepslew.threshold} ${concatStringsSep " " cfg.initstepslew.servers}"
+ }
+
+ driftfile ${stateDir}/chrony.drift
+
+ keyfile ${keyFile}
+ generatecommandkey
+
+ ${optionalString (!config.time.hardwareClockInLocalTime) "rtconutc"}
+
+ ${cfg.extraConfig}
+ '';
+
+ users.extraGroups = singleton
+ { name = "chrony";
+ gid = config.ids.gids.chrony;
+ };
+
users.extraUsers = singleton
- { name = chronyUser;
+ { name = "chrony";
uid = config.ids.uids.chrony;
+ group = "chrony";
description = "chrony daemon user";
home = stateDir;
};
- jobs.chronyd =
- { description = "chrony daemon";
+ systemd.services.ntpd.enable = false;
+
+ systemd.services.chronyd =
+ { description = "chrony NTP daemon";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
+ conflicts = [ "ntpd.service" "systemd-timesyncd.service" ];
- path = [ chrony ];
+ path = [ pkgs.chrony ];
preStart =
''
mkdir -m 0755 -p ${stateDir}
- chown ${chronyUser} ${stateDir}
+ touch ${keyFile}
+ chmod 0640 ${keyFile}
+ chown chrony:chrony ${stateDir} ${keyFile}
'';
- exec = "chronyd -n ${chronyFlags}";
+ serviceConfig =
+ { ExecStart = "${pkgs.chrony}/bin/chronyd -n -m -u chrony";
+ };
};
};
diff --git a/nixos/modules/services/networking/i2pd.nix b/nixos/modules/services/networking/i2pd.nix
index 7ee78f01d49..af9424ecfea 100644
--- a/nixos/modules/services/networking/i2pd.nix
+++ b/nixos/modules/services/networking/i2pd.nix
@@ -10,23 +10,59 @@ let
extip = "EXTIP=\$(${pkgs.curl}/bin/curl -sf \"http://jsonip.com\" | ${pkgs.gawk}/bin/awk -F'\"' '{print $4}')";
- i2pSh = pkgs.writeScriptBin "i2pd" ''
+ toOneZero = b: if b then "1" else "0";
+
+ i2pdConf = pkgs.writeText "i2pd.conf" ''
+ v6 = ${toOneZero cfg.enableIPv6}
+ unreachable = ${toOneZero cfg.unreachable}
+ floodfill = ${toOneZero cfg.floodfill}
+ ${if isNull cfg.port then "" else "port = ${toString cfg.port}"}
+ httpproxyport = ${toString cfg.proxy.httpPort}
+ socksproxyport = ${toString cfg.proxy.socksPort}
+ ircaddress = ${cfg.irc.host}
+ ircport = ${toString cfg.irc.port}
+ ircdest = ${cfg.irc.dest}
+ irckeys = ${cfg.irc.keyFile}
+ eepport = ${toString cfg.eep.port}
+ ${if isNull cfg.sam.port then "" else "--samport=${toString cfg.sam.port}"}
+ eephost = ${cfg.eep.host}
+ eepkeys = ${cfg.eep.keyFile}
+ '';
+
+ i2pdTunnelConf = pkgs.writeText "i2pd-tunnels.conf" ''
+ ${flip concatMapStrings
+ (collect (tun: tun ? port && tun ? destination) cfg.outTunnels)
+ (tun: let portStr = toString tun.port; in ''
+ [${tun.name}]
+ type = client
+ destination = ${tun.destination}
+ keys = ${tun.keys}
+ address = ${tun.address}
+ port = ${toString tun.port}
+ '')
+ }
+ ${flip concatMapStrings
+ (collect (tun: tun ? port && tun ? host) cfg.outTunnels)
+ (tun: let portStr = toString tun.port; in ''
+ [${tun.name}]
+ type = server
+ destination = ${tun.destination}
+ keys = ${tun.keys}
+ host = ${tun.address}
+ port = ${tun.port}
+ inport = ${tun.inPort}
+ accesslist = ${concatStringSep "," tun.accessList}
+ '')
+ }
+ '';
+
+ i2pdSh = pkgs.writeScriptBin "i2pd" ''
#!/bin/sh
${if isNull cfg.extIp then extip else ""}
- ${pkgs.i2pd}/bin/i2p --log=1 --daemon=0 --service=0 \
- --v6=${if cfg.enableIPv6 then "1" else "0"} \
- --unreachable=${if cfg.unreachable then "1" else "0"} \
+ ${pkgs.i2pd}/bin/i2pd --log=1 --daemon=0 --service=0 \
--host=${if isNull cfg.extIp then "$EXTIP" else cfg.extIp} \
- ${if isNull cfg.port then "" else "--port=${toString cfg.port}"} \
- --httpproxyport=${toString cfg.proxy.httpPort} \
- --socksproxyport=${toString cfg.proxy.socksPort} \
- --ircport=${toString cfg.irc.port} \
- --ircdest=${cfg.irc.dest} \
- --irckeys=${cfg.irc.keyFile} \
- --eepport=${toString cfg.eep.port} \
- ${if isNull cfg.sam.port then "" else "--samport=${toString cfg.sam.port}"} \
- --eephost=${cfg.eep.host} \
- --eepkeys=${cfg.eep.keyFile}
+ --conf=${i2pdConf} \
+ --tunnelscfg=${i2pdTunnelConf}
'';
in
@@ -63,11 +99,19 @@ in
'';
};
+ floodfill = mkOption {
+ type = types.bool;
+ default = false;
+ description = ''
+ If the router is declared to be unreachable and needs introduction nodes.
+ '';
+ };
+
port = mkOption {
type = with types; nullOr int;
default = null;
description = ''
- I2P listen port. If no one is given the router will pick between 9111 and 30777.
+ I2P listen port. If no one is given the router will pick between 9111 and 30777.
'';
};
@@ -107,6 +151,13 @@ in
};
irc = {
+ host = mkOption {
+ type = types.str;
+ default = "127.0.0.1";
+ description = ''
+ Address to forward incoming traffic to. 127.0.0.1 by default.
+ '';
+ };
dest = mkOption {
type = types.str;
default = "irc.postman.i2p";
@@ -163,6 +214,94 @@ in
'';
};
};
+
+ outTunnels = mkOption {
+ default = {};
+ type = with types; loaOf optionSet;
+ description = ''
+ '';
+ options = [ ({ name, config, ... }: {
+
+ options = {
+ name = mkOption {
+ type = types.str;
+ description = "The name of the tunnel.";
+ };
+ destination = mkOption {
+ type = types.str;
+ description = "Remote endpoint, I2P hostname or b32.i2p address.";
+ };
+ keys = mkOption {
+ type = types.str;
+ default = name + "-keys.dat";
+ description = "Keyset used for tunnel identity.";
+ };
+ address = mkOption {
+ type = types.str;
+ default = "127.0.0.1";
+ description = "Local bind address for tunnel.";
+ };
+ port = mkOption {
+ type = types.int;
+ default = 0;
+ description = "Local tunnel listen port.";
+ };
+ };
+
+ config = {
+ name = mkDefault name;
+ };
+
+ }) ];
+ };
+
+ inTunnels = mkOption {
+ default = {};
+ type = with types; loaOf optionSet;
+ description = ''
+ '';
+ options = [ ({ name, config, ... }: {
+
+ options = {
+
+ name = mkOption {
+ type = types.str;
+ description = "The name of the tunnel.";
+ };
+ keys = mkOption {
+ type = types.path;
+ default = name + "-keys.dat";
+ description = "Keyset used for tunnel identity.";
+ };
+ address = mkOption {
+ type = types.str;
+ default = "127.0.0.1";
+ description = "Local service IP address.";
+ };
+ port = mkOption {
+ type = types.int;
+ default = 0;
+ description = "Local tunnel listen port.";
+ };
+ inPort = mkOption {
+ type = types.int;
+ default = 0;
+ description = "I2P service port. Default to the tunnel's listen port.";
+ };
+ accessList = mkOption {
+ type = with types; listOf str;
+ default = [];
+ description = "I2P nodes that are allowed to connect to this service.";
+ };
+
+ };
+
+ config = {
+ name = mkDefault name;
+ };
+
+ }) ];
+ };
};
};
@@ -190,9 +329,8 @@ in
User = "i2pd";
WorkingDirectory = homeDir;
Restart = "on-abort";
- ExecStart = "${i2pSh}/bin/i2pd";
+ ExecStart = "${i2pdSh}/bin/i2pd";
};
};
};
}
-#
diff --git a/nixos/modules/services/networking/strongswan.nix b/nixos/modules/services/networking/strongswan.nix
index 8778b0364f9..d6960a5df47 100644
--- a/nixos/modules/services/networking/strongswan.nix
+++ b/nixos/modules/services/networking/strongswan.nix
@@ -118,7 +118,7 @@ in
systemd.services.strongswan = {
description = "strongSwan IPSec Service";
wantedBy = [ "multi-user.target" ];
- path = with pkgs; [ kmod iproute iptables utillinux ]; # XXX Linux
+ path = with pkgs; [ config.system.sbin.modprobe iproute iptables utillinux ]; # XXX Linux
wants = [ "keys.target" ];
after = [ "network.target" "keys.target" ];
environment = {
diff --git a/nixos/modules/services/networking/syncthing.nix b/nixos/modules/services/networking/syncthing.nix
index 4eb32b1cf30..56c384731c6 100644
--- a/nixos/modules/services/networking/syncthing.nix
+++ b/nixos/modules/services/networking/syncthing.nix
@@ -21,7 +21,7 @@ in
description = ''
Whether to enable the Syncthing, self-hosted open-source alternative
to Dropbox and BittorrentSync. Initial interface will be
- available on http://127.0.0.1:8080/.
+ available on http://127.0.0.1:8384/.
'';
};
@@ -40,6 +40,17 @@ in
'';
};
+ package = mkOption {
+ type = types.package;
+ default = pkgs.syncthing;
+ example = literalExample "pkgs.syncthing";
+ description = ''
+ Syncthing package to use.
+ '';
+ };
+
+
+
};
};
@@ -66,7 +77,7 @@ in
};
};
- environment.systemPackages = [ pkgs.syncthing ];
+ environment.systemPackages = [ cfg.package ];
};
diff --git a/nixos/modules/services/torrent/transmission.nix b/nixos/modules/services/torrent/transmission.nix
index cf548bc696c..1c914922404 100644
--- a/nixos/modules/services/torrent/transmission.nix
+++ b/nixos/modules/services/torrent/transmission.nix
@@ -9,7 +9,7 @@ let
homeDir = "/var/lib/transmission";
downloadDir = "${homeDir}/Downloads";
incompleteDir = "${homeDir}/.incomplete";
-
+
settingsDir = "${homeDir}/.config/transmission-daemon";
settingsFile = pkgs.writeText "settings.json" (builtins.toJSON fullSettings);
@@ -21,7 +21,7 @@ let
else toString ''"${x}"'';
# for users in group "transmission" to have access to torrents
- fullSettings = cfg.settings // { umask = 2; };
+ fullSettings = { download-dir = downloadDir; incomplete-dir = incompleteDir; } // cfg.settings // { umask = 2; };
in
{
options = {
@@ -35,7 +35,7 @@ in
Transmission daemon can be controlled via the RPC interface using
transmission-remote or the WebUI (http://localhost:9091/ by default).
- Torrents are downloaded to ${homeDir}/Downloads/ by default and are
+ Torrents are downloaded to ${downloadDir} by default and are
accessible to users in the "transmission" group.
'';
};
@@ -83,7 +83,7 @@ in
# 1) Only the "transmission" user and group have access to torrents.
# 2) Optionally update/force specific fields into the configuration file.
serviceConfig.ExecStartPre = ''
- ${pkgs.stdenv.shell} -c "chmod 770 ${homeDir} && mkdir -p ${settingsDir} ${downloadDir} ${incompleteDir} && rm -f ${settingsDir}/settings.json && cp -f ${settingsFile} ${settingsDir}/settings.json"
+ ${pkgs.stdenv.shell} -c "mkdir -p ${homeDir} ${settingsDir} ${fullSettings.download-dir} ${fullSettings.incomplete-dir} && chmod 770 ${homeDir} ${settingsDir} ${fullSettings.download-dir} ${fullSettings.incomplete-dir} && rm -f ${settingsDir}/settings.json && cp -f ${settingsFile} ${settingsDir}/settings.json"
'';
serviceConfig.ExecStart = "${pkgs.transmission}/bin/transmission-daemon -f --port ${toString config.services.transmission.port}";
serviceConfig.ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
diff --git a/nixos/modules/services/web-servers/apache-httpd/owncloud.nix b/nixos/modules/services/web-servers/apache-httpd/owncloud.nix
index a5e539bc9ba..9994de0f9b4 100644
--- a/nixos/modules/services/web-servers/apache-httpd/owncloud.nix
+++ b/nixos/modules/services/web-servers/apache-httpd/owncloud.nix
@@ -70,7 +70,7 @@ let
"proxyuserpwd" => "",
/* List of trusted domains, to prevent host header poisoning ownCloud is only using these Host headers */
- 'trusted_domains' => array('${config.trustedDomain}'),
+ ${if config.trustedDomain != "" then "'trusted_domains' => array('${config.trustedDomain}')," else ""}
/* Theme to use for ownCloud */
"theme" => "",
@@ -331,7 +331,7 @@ let
*/
'share_folder' => '/',
- 'version' => '${pkgs.owncloud.version}',
+ 'version' => '${config.package.version}',
'openssl' => '${pkgs.openssl}/bin/openssl'
@@ -345,16 +345,15 @@ rec {
extraConfig =
''
- ServerName ${config.siteName}
- ServerAdmin ${config.adminAddr}
- DocumentRoot ${documentRoot}
+ ${if config.urlPrefix != "" then "Alias ${config.urlPrefix} ${config.package}" else ''
- RewriteEngine On
- RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} !-f
- RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} !-d
+ RewriteEngine On
+ RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} !-f
+ RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} !-d
+ ''}
-
- ${builtins.readFile "${pkgs.owncloud}/.htaccess"}
+
+ ${builtins.readFile "${config.package}/.htaccess"}
'';
@@ -362,12 +361,29 @@ rec {
{ name = "OC_CONFIG_PATH"; value = "${config.dataDir}/config/"; }
];
- documentRoot = pkgs.owncloud;
+ documentRoot = if config.urlPrefix == "" then config.package else null;
enablePHP = true;
options = {
+ package = mkOption {
+ type = types.package;
+ default = pkgs.owncloud70;
+ example = literalExample "pkgs.owncloud70";
+ description = ''
+ PostgreSQL package to use.
+ '';
+ };
+
+ urlPrefix = mkOption {
+ default = "";
+ example = "/owncloud";
+ description = ''
+ The URL prefix under which the owncloud service appears.
+ '';
+ };
+
id = mkOption {
default = "main";
description = ''
@@ -552,7 +568,7 @@ rec {
cp ${owncloudConfig} ${config.dataDir}/config/config.php
mkdir -p ${config.dataDir}/storage
mkdir -p ${config.dataDir}/apps
- cp -r ${pkgs.owncloud}/apps/* ${config.dataDir}/apps/
+ cp -r ${config.package}/apps/* ${config.dataDir}/apps/
chmod -R ug+rw ${config.dataDir}
chmod -R o-rwx ${config.dataDir}
chown -R wwwrun:wwwrun ${config.dataDir}
@@ -566,7 +582,11 @@ rec {
${pkgs.sudo}/bin/sudo -u postgres ${pkgs.postgresql}/bin/psql -h "/tmp" -U postgres -d ${config.dbName} -Atw -c "$QUERY" || true
fi
- ${php}/bin/php ${pkgs.owncloud}/occ upgrade || true
+ if [ -e ${config.package}/config/ca-bundle.crt ]; then
+ cp -f ${config.package}/config/ca-bundle.crt ${config.dataDir}/config/
+ fi
+
+ ${php}/bin/php ${config.package}/occ upgrade >> ${config.dataDir}/upgrade.log || true
chown wwwrun:wwwrun ${config.dataDir}/owncloud.log || true
diff --git a/nixos/modules/services/web-servers/apache-httpd/wordpress.nix b/nixos/modules/services/web-servers/apache-httpd/wordpress.nix
index 7a0314027a3..937b2698ce9 100644
--- a/nixos/modules/services/web-servers/apache-httpd/wordpress.nix
+++ b/nixos/modules/services/web-servers/apache-httpd/wordpress.nix
@@ -5,7 +5,7 @@ with lib;
let
- version = "4.3";
+ version = "4.3.1";
fullversion = "${version}";
# Our bare-bones wp-config.php file using the above settings
@@ -74,7 +74,7 @@ let
owner = "WordPress";
repo = "WordPress";
rev = "${fullversion}";
- sha256 = "0sz5jjhjpwqis8336gyq9a77cr4sf8zahd1y4pzmpvpzn9cn503y";
+ sha256 = "1rk10vcv4z9p04hfzc0wkbilrgx7m9ssyr6c3w6vw3vl1bcgqxza";
};
installPhase = ''
mkdir -p $out
@@ -248,7 +248,7 @@ in
if [ ! -d ${serverInfo.fullConfig.services.mysql.dataDir}/${config.dbName} ]; then
echo "Need to create the database '${config.dbName}' and grant permissions to user named '${config.dbUser}'."
# Wait until MySQL is up
- while [ ! -e /var/run/mysql/mysqld.pid ]; do
+ while [ ! -e ${serverInfo.fullConfig.services.mysql.pidDir}/mysqld.pid ]; do
sleep 1
done
${pkgs.mysql}/bin/mysql -e 'CREATE DATABASE ${config.dbName};'
diff --git a/nixos/modules/services/x11/desktop-managers/kde5.nix b/nixos/modules/services/x11/desktop-managers/kde5.nix
index 6fdd5b4fa36..dc6aa137cbd 100644
--- a/nixos/modules/services/x11/desktop-managers/kde5.nix
+++ b/nixos/modules/services/x11/desktop-managers/kde5.nix
@@ -108,7 +108,7 @@ in
kdeApps.okular
kdeApps.print-manager
- kdeApps.oxygen-icons
+ (kdeApps.oxygen-icons or kf5.oxygen-icons5)
pkgs.hicolor_icon_theme
plasma5.kde-gtk-config
@@ -155,7 +155,7 @@ in
GST_PLUGIN_SYSTEM_PATH_1_0 = [ "/lib/gstreamer-1.0" ];
};
- fonts.fonts = [ plasma5.oxygen-fonts ];
+ fonts.fonts = [ (plasma5.oxygen-fonts or pkgs.noto-fonts) ];
programs.ssh.askPassword = "${plasma5.ksshaskpass}/bin/ksshaskpass";
diff --git a/nixos/modules/services/x11/desktop-managers/xfce.nix b/nixos/modules/services/x11/desktop-managers/xfce.nix
index 88eefa13de3..33b6dd32c19 100644
--- a/nixos/modules/services/x11/desktop-managers/xfce.nix
+++ b/nixos/modules/services/x11/desktop-managers/xfce.nix
@@ -18,6 +18,14 @@ in
description = "Enable the Xfce desktop environment.";
};
+ services.xserver.desktopManager.xfce.thunarPlugins = mkOption {
+ default = [];
+ type = types.listOf types.package;
+ example = literalExample "[ pkgs.xfce.thunar-archive-plugin ]";
+ description = ''
+ A list of plugin that should be installed with Thunar.
+ '';
+ };
};
@@ -49,7 +57,7 @@ in
pkgs.xfce.mousepad
pkgs.xfce.ristretto
pkgs.xfce.terminal
- pkgs.xfce.thunar
+ (pkgs.xfce.thunar.override { thunarPlugins = cfg.thunarPlugins; })
pkgs.xfce.xfce4icontheme
pkgs.xfce.xfce4panel
pkgs.xfce.xfce4session
diff --git a/nixos/modules/services/x11/display-managers/gdm.nix b/nixos/modules/services/x11/display-managers/gdm.nix
index 58eb6f05013..52847d2f8d2 100644
--- a/nixos/modules/services/x11/display-managers/gdm.nix
+++ b/nixos/modules/services/x11/display-managers/gdm.nix
@@ -162,7 +162,7 @@ in
gdm.text = ''
auth requisite pam_nologin.so
- auth required pam_env.so
+ auth required pam_env.so envfile=${config.system.build.pamEnvironment}
auth required pam_succeed_if.so uid >= 1000 quiet
auth optional ${gnome3.gnome_keyring}/lib/security/pam_gnome_keyring.so
diff --git a/nixos/modules/services/x11/display-managers/lightdm-greeters/gtk.nix b/nixos/modules/services/x11/display-managers/lightdm-greeters/gtk.nix
new file mode 100644
index 00000000000..ebcceabc785
--- /dev/null
+++ b/nixos/modules/services/x11/display-managers/lightdm-greeters/gtk.nix
@@ -0,0 +1,121 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+
+ dmcfg = config.services.xserver.displayManager;
+ ldmcfg = dmcfg.lightdm;
+ cfg = ldmcfg.greeters.gtk;
+
+ inherit (pkgs) stdenv lightdm writeScript writeText;
+
+ theme = cfg.theme.package;
+ icons = cfg.iconTheme.package;
+
+ # The default greeter provided with this expression is the GTK greeter.
+ # Again, we need a few things in the environment for the greeter to run with
+ # fonts/icons.
+ wrappedGtkGreeter = stdenv.mkDerivation {
+ name = "lightdm-gtk-greeter";
+ buildInputs = [ pkgs.makeWrapper ];
+
+ buildCommand = ''
+ # This wrapper ensures that we actually get themes
+ makeWrapper ${pkgs.lightdm_gtk_greeter}/sbin/lightdm-gtk-greeter \
+ $out/greeter \
+ --prefix PATH : "${pkgs.glibc}/bin" \
+ --set GDK_PIXBUF_MODULE_FILE "${pkgs.gdk_pixbuf}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache" \
+ --set GTK_PATH "${theme}:${pkgs.gtk3}" \
+ --set GTK_EXE_PREFIX "${theme}" \
+ --set GTK_DATA_PREFIX "${theme}" \
+ --set XDG_DATA_DIRS "${theme}/share:${icons}/share" \
+ --set XDG_CONFIG_HOME "${theme}/share"
+
+ cat - > $out/lightdm-gtk-greeter.desktop << EOF
+ [Desktop Entry]
+ Name=LightDM Greeter
+ Comment=This runs the LightDM Greeter
+ Exec=$out/greeter
+ Type=Application
+ EOF
+ '';
+ };
+
+ gtkGreeterConf = writeText "lightdm-gtk-greeter.conf"
+ ''
+ [greeter]
+ theme-name = ${cfg.theme.name}
+ icon-theme-name = ${cfg.iconTheme.name}
+ background = ${ldmcfg.background}
+ '';
+
+in
+{
+ options = {
+
+ services.xserver.displayManager.lightdm.greeters.gtk = {
+
+ enable = mkOption {
+ type = types.bool;
+ default = true;
+ description = ''
+ Whether to enable lightdm-gtk-greeter as the lightdm greeter.
+ '';
+ };
+
+ theme = {
+
+ package = mkOption {
+ type = types.path;
+ default = pkgs.gnome3.gnome_themes_standard;
+ description = ''
+ The package path that contains the theme given in the name option.
+ '';
+ };
+
+ name = mkOption {
+ type = types.str;
+ default = "Adwaita";
+ description = ''
+ Name of the theme to use for the lightdm-gtk-greeter.
+ '';
+ };
+
+ };
+
+ iconTheme = {
+
+ package = mkOption {
+ type = types.path;
+ default = pkgs.gnome3.defaultIconTheme;
+ description = ''
+ The package path that contains the icon theme given in the name option.
+ '';
+ };
+
+ name = mkOption {
+ type = types.str;
+ default = "Adwaita";
+ description = ''
+ Name of the icon theme to use for the lightdm-gtk-greeter.
+ '';
+ };
+
+ };
+
+ };
+
+ };
+
+ config = mkIf (ldmcfg.enable && cfg.enable) {
+
+ services.xserver.displayManager.lightdm.greeter = mkDefault {
+ package = wrappedGtkGreeter;
+ name = "lightdm-gtk-greeter";
+ };
+
+ environment.etc."lightdm/lightdm-gtk-greeter.conf".source = gtkGreeterConf;
+
+ };
+}
diff --git a/nixos/modules/services/x11/display-managers/lightdm.nix b/nixos/modules/services/x11/display-managers/lightdm.nix
index 11e21c9d917..c8ccf43029d 100644
--- a/nixos/modules/services/x11/display-managers/lightdm.nix
+++ b/nixos/modules/services/x11/display-managers/lightdm.nix
@@ -18,38 +18,6 @@ let
exec ${dmcfg.xserverBin} ${dmcfg.xserverArgs}
'';
- theme = pkgs.gnome3.gnome_themes_standard;
- icons = pkgs.gnome3.defaultIconTheme;
-
- # The default greeter provided with this expression is the GTK greeter.
- # Again, we need a few things in the environment for the greeter to run with
- # fonts/icons.
- wrappedGtkGreeter = stdenv.mkDerivation {
- name = "lightdm-gtk-greeter";
- buildInputs = [ pkgs.makeWrapper ];
-
- buildCommand = ''
- # This wrapper ensures that we actually get themes
- makeWrapper ${pkgs.lightdm_gtk_greeter}/sbin/lightdm-gtk-greeter \
- $out/greeter \
- --prefix PATH : "${pkgs.glibc}/bin" \
- --set GDK_PIXBUF_MODULE_FILE "${pkgs.gdk_pixbuf}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache" \
- --set GTK_PATH "${theme}:${pkgs.gtk3}" \
- --set GTK_EXE_PREFIX "${theme}" \
- --set GTK_DATA_PREFIX "${theme}" \
- --set XDG_DATA_DIRS "${theme}/share:${icons}/share" \
- --set XDG_CONFIG_HOME "${theme}/share"
-
- cat - > $out/lightdm-gtk-greeter.desktop << EOF
- [Desktop Entry]
- Name=LightDM Greeter
- Comment=This runs the LightDM Greeter
- Exec=$out/greeter
- Type=Application
- EOF
- '';
- };
-
usersConf = writeText "users.conf"
''
[UserList]
@@ -72,34 +40,42 @@ let
${cfg.extraSeatDefaults}
'';
- gtkGreeterConf = writeText "lightdm-gtk-greeter.conf"
- ''
- [greeter]
- theme-name = Adwaita
- icon-theme-name = Adwaita
- background = ${cfg.background}
- '';
-
in
{
+ # Note: the order in which lightdm greeter modules are imported
+ # here determines the default: later modules (if enable) are
+ # preferred.
+ imports = [
+ ./lightdm-greeters/gtk.nix
+ ];
+
options = {
+
services.xserver.displayManager.lightdm = {
enable = mkOption {
+ type = types.bool;
default = false;
description = ''
Whether to enable lightdm as the display manager.
'';
};
- greeter = mkOption {
- description = ''
- The LightDM greeter to login via. The package should be a directory
- containing a .desktop file matching the name in the 'name' option.
- '';
- default = {
- name = "lightdm-gtk-greeter";
- package = wrappedGtkGreeter;
+ greeter = {
+ package = mkOption {
+ type = types.path;
+ description = ''
+ The LightDM greeter to login via. The package should be a directory
+ containing a .desktop file matching the name in the 'name' option.
+ '';
+
+ };
+ name = mkOption {
+ type = types.string;
+ description = ''
+ The name of a .desktop file in the directory specified
+ in the 'package' option.
+ '';
};
};
@@ -135,7 +111,6 @@ in
'';
};
- environment.etc."lightdm/lightdm-gtk-greeter.conf".source = gtkGreeterConf;
environment.etc."lightdm/lightdm.conf".source = lightdmConf;
environment.etc."lightdm/users.conf".source = usersConf;
@@ -150,7 +125,7 @@ in
allowNullPassword = true;
startSession = true;
text = ''
- auth required pam_env.so
+ auth required pam_env.so envfile=${config.system.build.pamEnvironment}
auth required pam_permit.so
account required pam_permit.so
diff --git a/nixos/modules/tasks/encrypted-devices.nix b/nixos/modules/tasks/encrypted-devices.nix
index 331531cee15..457b86e95ab 100644
--- a/nixos/modules/tasks/encrypted-devices.nix
+++ b/nixos/modules/tasks/encrypted-devices.nix
@@ -30,7 +30,7 @@ let
label = mkOption {
default = null;
example = "rootfs";
- type = types.uniq (types.nullOr types.str);
+ type = types.nullOr types.str;
description = "Label of the unlocked encrypted device. Set fileSystems.<name?>.device to /dev/mapper/<label> to mount the unlocked device.";
};
diff --git a/nixos/modules/virtualisation/containers.nix b/nixos/modules/virtualisation/containers.nix
index 02cf1fe46a5..121ecbc9bf2 100644
--- a/nixos/modules/virtualisation/containers.nix
+++ b/nixos/modules/virtualisation/containers.nix
@@ -47,6 +47,41 @@ let
system = config.nixpkgs.system;
+ bindMountOpts = { name, config, ... }: {
+
+ options = {
+ mountPoint = mkOption {
+ example = "/mnt/usb";
+ type = types.str;
+ description = "Mount point on the container file system.";
+ };
+ hostPath = mkOption {
+ default = null;
+ example = "/home/alice";
+ type = types.nullOr types.str;
+ description = "Location of the host path to be mounted.";
+ };
+ isReadOnly = mkOption {
+ default = true;
+ example = true;
+ type = types.bool;
+ description = "Determine whether the mounted path will be accessed in read-only mode.";
+ };
+ };
+
+ config = {
+ mountPoint = mkDefault name;
+ };
+
+ };
+
+ mkBindFlag = d:
+ let flagPrefix = if d.isReadOnly then " --bind-ro=" else " --bind=";
+ mountstr = if d.hostPath != null then "${d.hostPath}:${d.mountPoint}" else "${d.mountPoint}";
+ in flagPrefix + mountstr ;
+
+ mkBindFlags = bs: concatMapStrings mkBindFlag (lib.attrValues bs);
+
in
{
@@ -142,6 +177,21 @@ in
Wether the container is automatically started at boot-time.
'';
};
+
+ bindMounts = mkOption {
+ type = types.loaOf types.optionSet;
+ options = [ bindMountOpts ];
+ default = {};
+ example = { "/home" = { hostPath = "/home/alice";
+ isReadOnly = false; };
+ };
+
+ description =
+ ''
+ An extra list of directories that is bound to the container.
+ '';
+ };
+
};
config = mkMerge
@@ -249,12 +299,15 @@ in
fi
''}
+
+
# Run systemd-nspawn without startup notification (we'll
# wait for the container systemd to signal readiness).
EXIT_ON_REBOOT=1 NOTIFY_SOCKET= \
exec ${config.systemd.package}/bin/systemd-nspawn \
--keep-unit \
-M "$INSTANCE" -D "$root" $extraFlags \
+ $EXTRA_NSPAWN_FLAGS \
--bind-ro=/nix/store \
--bind-ro=/nix/var/nix/db \
--bind-ro=/nix/var/nix/daemon-socket \
@@ -354,6 +407,7 @@ in
${optionalString cfg.autoStart ''
AUTO_START=1
''}
+ EXTRA_NSPAWN_FLAGS="${mkBindFlags cfg.bindMounts}"
'';
}) config.containers;
diff --git a/nixos/release.nix b/nixos/release.nix
index e48954ceaf5..f0df3fe3e1e 100644
--- a/nixos/release.nix
+++ b/nixos/release.nix
@@ -285,6 +285,7 @@ in rec {
tests.proxy = callTest tests/proxy.nix {};
tests.quake3 = callTest tests/quake3.nix {};
tests.runInMachine = callTest tests/run-in-machine.nix {};
+ tests.sddm = callTest tests/sddm.nix {};
tests.simple = callTest tests/simple.nix {};
tests.tomcat = callTest tests/tomcat.nix {};
tests.udisks2 = callTest tests/udisks2.nix {};
diff --git a/nixos/tests/chromium.nix b/nixos/tests/chromium.nix
index 213dd4ca43b..1d1e12d0ee3 100644
--- a/nixos/tests/chromium.nix
+++ b/nixos/tests/chromium.nix
@@ -26,8 +26,8 @@ import ./make-test.nix (
