From 95ef8b16941c3da6a5144bfd8d7b1345eb0d5e3f Mon Sep 17 00:00:00 2001 From: Nicolas Pierron Date: Sun, 22 Feb 2009 16:06:27 +0000 Subject: [PATCH 01/91] Option for proxy usage in Nix daemon Signed-off-by: Nicolas Pierron svn path=/nixos/branches/fix-style/; revision=14156 --- system/options.nix | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/system/options.nix b/system/options.nix index 7c4b5def367..dfb1019d864 100644 --- a/system/options.nix +++ b/system/options.nix @@ -1933,6 +1933,16 @@ in on the remote machine. "; }; + + proxy = mkOption { + default = ""; + description = " + This option specifies the proxy to use for fetchurl. The real effect + is just exporting http_proxy, https_proxy and ftp_proxy with that + value. + "; + example = "http://127.0.0.1:3128"; + }; # Environment variables for running Nix. envVars = mkOption { @@ -1962,7 +1972,16 @@ in export NIX_REMOTE_SYSTEMS=/etc/nix.machines export NIX_CURRENT_LOAD=/var/run/nix/current-load '' - else "") + conf; + else "") + + + (if config.nix.proxy != "" then + '' + export http_proxy=${config.nix.proxy} + export https_proxy=${config.nix.proxy} + export ftp_proxy=${config.nix.proxy} + '' + else "") + + conf; }; }; From fc6d48ef6387b420a85fbbaf124dec46e73a2ae8 Mon Sep 17 00:00:00 2001 From: Nicolas Pierron Date: Sun, 22 Feb 2009 16:06:32 +0000 Subject: [PATCH 02/91] Allowing direct package use in manual expression svn path=/nixos/branches/fix-style/; revision=14157 --- doc/manual/default.nix | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/doc/manual/default.nix b/doc/manual/default.nix index a7f51adf287..56657aec2e2 100644 --- a/doc/manual/default.nix +++ b/doc/manual/default.nix @@ -1,8 +1,10 @@ -{nixpkgsPath ? ../../../nixpkgs}: +{nixpkgsPath ? ../../../nixpkgs, pkgs ? null}: let - pkgs = import "${nixpkgsPath}/pkgs/top-level/all-packages.nix" {}; + pkgs = if pkgs == null then + import "${nixpkgsPath}/pkgs/top-level/all-packages.nix" {} + else pkgs; options = builtins.toFile "options.xml" (builtins.unsafeDiscardStringContext (builtins.toXML (pkgs.lib.optionAttrSetToDocList "" From b1eabe2b1b14b9b46abc5e2a0e530cf3b4dbf15b Mon Sep 17 00:00:00 2001 From: Nicolas Pierron Date: Sun, 22 Feb 2009 16:06:42 +0000 Subject: [PATCH 03/91] An upstart job to display manual svn path=/nixos/branches/fix-style/; revision=14158 --- doc/manual/default.nix | 6 +-- system/options.nix | 1 + system/system.nix | 5 ++- upstart-jobs/manual.nix | 87 +++++++++++++++++++++++++++++++++++++++++ 4 files changed, 95 insertions(+), 4 deletions(-) create mode 100644 upstart-jobs/manual.nix diff --git a/doc/manual/default.nix b/doc/manual/default.nix index 56657aec2e2..c46e89d0fa1 100644 --- a/doc/manual/default.nix +++ b/doc/manual/default.nix @@ -1,10 +1,10 @@ -{nixpkgsPath ? ../../../nixpkgs, pkgs ? null}: +{nixpkgsPath ? ../../../nixpkgs, nixpkgs ? null}: let - pkgs = if pkgs == null then + pkgs = if nixpkgs == null then import "${nixpkgsPath}/pkgs/top-level/all-packages.nix" {} - else pkgs; + else nixpkgs; options = builtins.toFile "options.xml" (builtins.unsafeDiscardStringContext (builtins.toXML (pkgs.lib.optionAttrSetToDocList "" diff --git a/system/options.nix b/system/options.nix index dfb1019d864..f8f07bb4b2f 100644 --- a/system/options.nix +++ b/system/options.nix @@ -2245,6 +2245,7 @@ in (import ../upstart-jobs/cron.nix) (import ../upstart-jobs/fcron.nix) (import ../upstart-jobs/cron/locate.nix) + (import ../upstart-jobs/manual.nix) # fonts (import ../system/fonts.nix) diff --git a/system/system.nix b/system/system.nix index 78b6a0a6dee..bfa81c5566a 100644 --- a/system/system.nix +++ b/system/system.nix @@ -1,6 +1,7 @@ { platform ? __currentSystem , configuration , nixpkgsPath ? ../../nixpkgs +, nixpkgs ? null }: rec { @@ -24,7 +25,9 @@ rec { pkgs configComponents config; - pkgs = import "${nixpkgsPath}/pkgs/top-level/all-packages.nix" {system = platform;}; + pkgs = if nixpkgs == null then + import "${nixpkgsPath}/pkgs/top-level/all-packages.nix" {system = platform;} + else nixpkgs; manifests = config.installer.manifests; # exported here because nixos-rebuild uses it diff --git a/upstart-jobs/manual.nix b/upstart-jobs/manual.nix new file mode 100644 index 00000000000..5d658ce7681 --- /dev/null +++ b/upstart-jobs/manual.nix @@ -0,0 +1,87 @@ +{pkgs, config}: + +# Show the NixOS manual on tty7 +# Originally used only by installation CD + +let + inherit (pkgs.lib) mkOption; + options = { + services = { + showManual = { + enable = mkOption { + default = false; + description = " + Whether to show the NixOS manual on the tty7 + "; + }; + ttyNumber = mkOption { + default = "7"; + description = " + TTY number name to show the manual on + "; + }; + browserPackage = mkOption { + default = pkgs.w3m; + description = " + Package containing the browser to be used + "; + }; + browserCommand = mkOption { + default = "bin/w3m"; + description = " + Command (command path is relative to browserPackage) to run the browser + "; + }; + manualFile = mkOption { + default = null; + description = " + NixOS manual HTML file + "; + }; + }; + }; + }; + +inherit(pkgs.lib) optional; + +inherit (config.services.showManual) enable ttyNumber browserPackage browserCommand + manualFile; + +realManualFile = if manualFile == null then + (import ../doc/manual {nixpkgs = pkgs;})+"/manual.html" +else manualFile; + +in + +{ + require = [ + options + ]; + + boot = { + extraTTYs = optional enable ttyNumber; + }; + + services = { + extraJobs = optional enable { + name = "showManual"; + + job = '' + description "NixOS manual" + + start on udev + stop on shutdown + respawn ${browserPackage}/${browserCommand} ${realManualFile} < /dev/tty${toString ttyNumber} > /dev/tty${toString ttyNumber} 2>&1 + ''; + }; + ttyBackgrounds = { + specificThemes = optional enable { + tty = ttyNumber; + theme = pkgs.themes "green"; + }; + }; + mingetty = { + helpLine = if enable then "\nPress for NixOS manual." else ""; + }; + }; +} From f824a1e7531d8a8695ae2a45e0e6f609cf2ee8a1 Mon Sep 17 00:00:00 2001 From: Nicolas Pierron Date: Sun, 22 Feb 2009 16:06:47 +0000 Subject: [PATCH 04/91] Added rogue job used by CD svn path=/nixos/branches/fix-style/; revision=14159 --- system/options.nix | 1 + upstart-jobs/rogue.nix | 64 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 65 insertions(+) create mode 100644 upstart-jobs/rogue.nix diff --git a/system/options.nix b/system/options.nix index f8f07bb4b2f..67ed93fb30f 100644 --- a/system/options.nix +++ b/system/options.nix @@ -2246,6 +2246,7 @@ in (import ../upstart-jobs/fcron.nix) (import ../upstart-jobs/cron/locate.nix) (import ../upstart-jobs/manual.nix) + (import ../upstart-jobs/rogue.nix) # fonts (import ../system/fonts.nix) diff --git a/upstart-jobs/rogue.nix b/upstart-jobs/rogue.nix new file mode 100644 index 00000000000..75b1a0a9882 --- /dev/null +++ b/upstart-jobs/rogue.nix @@ -0,0 +1,64 @@ +{pkgs, config}: + +# Show rogue game on tty8 +# Originally used only by installation CD + +let + inherit (pkgs.lib) mkOption; + options = { + services = { + rogue = { + enable = mkOption { + default = false; + description = " + Whether to run rogue + "; + }; + ttyNumber = mkOption { + default = "8"; + description = " + TTY number name to show the manual on + "; + }; + }; + }; + }; + +inherit (pkgs.lib) optional; + +inherit (config.services.rogue) enable ttyNumber; + +in + +{ + require = [ + options + ]; + + boot = { + extraTTYs = optional enable ttyNumber; + }; + + services = { + extraJobs = optional enable { + name = "rogue"; + + job = '' + description "rogue game" + + start on udev + stop on shutdown + respawn ${pkgs.rogue}/bin/rogue < /dev/tty${toString ttyNumber} > /dev/tty${toString ttyNumber} 2>&1 + ''; + }; + ttyBackgrounds = { + specificThemes = optional enable { + tty = ttyNumber; + theme = pkgs.themes "theme-gnu"; + }; + }; + mingetty = { + helpLine = if enable then "\nPress to play rogue." else ""; + }; + }; +} From d5f341850787885b02a960450b3638200bad8fe6 Mon Sep 17 00:00:00 2001 From: Nicolas Pierron Date: Sun, 22 Feb 2009 16:06:52 +0000 Subject: [PATCH 05/91] Added guestUsers job for automatical adding guests svn path=/nixos/branches/fix-style/; revision=14160 --- system/options.nix | 1 + upstart-jobs/guest-users.nix | 76 ++++++++++++++++++++++++++++++++++++ 2 files changed, 77 insertions(+) create mode 100644 upstart-jobs/guest-users.nix diff --git a/system/options.nix b/system/options.nix index 67ed93fb30f..d1748f16f7f 100644 --- a/system/options.nix +++ b/system/options.nix @@ -2247,6 +2247,7 @@ in (import ../upstart-jobs/cron/locate.nix) (import ../upstart-jobs/manual.nix) (import ../upstart-jobs/rogue.nix) + (import ../upstart-jobs/guest-users.nix) # fonts (import ../system/fonts.nix) diff --git a/upstart-jobs/guest-users.nix b/upstart-jobs/guest-users.nix new file mode 100644 index 00000000000..98fc8a39568 --- /dev/null +++ b/upstart-jobs/guest-users.nix @@ -0,0 +1,76 @@ +{pkgs, config}: +let + inherit(pkgs.lib) mkOption; + + options = { + services = { + guestUsers = { + enable = mkOption { + default = false; + description = " + Whether to enable automatic addition of users with empty passwords + "; + }; + users = mkOption { + default = ["guest"]; + description = " + List of usernames to add + "; + }; + includeRoot = mkOption { + default = false; + description = " + LEAVE THAT ALONE; whether to reset root password + "; + }; + extraGroups = mkOption { + default = ["audio"]; + description = " + Extra groups to grant + "; + }; + }; + }; + }; + inherit (pkgs.lib) concatStringsSep optional optionalString; + + inherit (config.services.guestUsers) enable users includeRoot extraGroups; + + userEntry = user: + { + name = user; + description = "NixOS guest user"; + home = "/home/${user}"; + createHome = true; + group = "users"; + extraGroups = extraGroups; + shell = "/bin/sh"; + }; + + nameString = (concatStringsSep " " users) + optionalString includeRoot " root"; + +in + +{ + require = options; + services = { + extraJobs = optional enable { + name = "clear-passwords"; + job = '' + description "Clear guest passwords" + start on startup + script + for i in ${nameString}; do + echo | ${pkgs.pwdutils}/bin/passwd --stdin $i + done + end script + ''; + }; + mingetty = { + helpLine = optionalString enable "\nThis users have empty passwords: ${nameString}"; + }; + }; + users = { + extraUsers = map userEntry users; + }; +} From 2e4c1b138fa05ff2e34891d896307b76857f00be Mon Sep 17 00:00:00 2001 From: Nicolas Pierron Date: Sun, 22 Feb 2009 16:06:57 +0000 Subject: [PATCH 06/91] * Include tune2fs in the initrd. This is useful for (say) converting from ext3 to ext4. svn path=/nixos/branches/fix-style/; revision=14161 --- boot/boot-stage-1.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/boot/boot-stage-1.nix b/boot/boot-stage-1.nix index 8a5b0a76a3a..b1fcbd9d76f 100644 --- a/boot/boot-stage-1.nix +++ b/boot/boot-stage-1.nix @@ -72,7 +72,7 @@ rec { cp $lvm2/sbin/lvm.static $out/bin/lvm fi cp $utillinux/bin/mount $utillinux/bin/umount $utillinux/sbin/pivot_root $out/bin - cp -p $e2fsprogs/sbin/fsck* $e2fsprogs/sbin/e2fsck $out/bin + cp -p $e2fsprogs/sbin/fsck* $e2fsprogs/sbin/e2fsck $e2fsprogs/sbin/tune2fs $out/bin cp $udev/sbin/udevd $udev/sbin/udevadm $out/bin cp $udev/lib/udev/*_id $out/bin nuke-refs $out/bin/* From 46f1cab80f4878c335d5b4db6650cf1374931632 Mon Sep 17 00:00:00 2001 From: Nicolas Pierron Date: Sun, 22 Feb 2009 16:07:01 +0000 Subject: [PATCH 07/91] Added Apache Tomcat proxy to new Apache upstart service svn path=/nixos/branches/fix-style/; revision=14162 --- .../apache-httpd/tomcat-connector.nix | 91 +++++++++++++++++++ 1 file changed, 91 insertions(+) create mode 100644 upstart-jobs/apache-httpd/tomcat-connector.nix diff --git a/upstart-jobs/apache-httpd/tomcat-connector.nix b/upstart-jobs/apache-httpd/tomcat-connector.nix new file mode 100644 index 00000000000..d1186da43fb --- /dev/null +++ b/upstart-jobs/apache-httpd/tomcat-connector.nix @@ -0,0 +1,91 @@ +{config, pkgs, serverInfo}: + +let + workersProperties = pkgs.writeText "workers.properties" '' +# Define list of workers that will be used +# for mapping requests +# The configuration directives are valid +# for the mod_jk version 1.2.18 and later +# +worker.list=loadbalancer,status + +# Define Node1 +# modify the host as your host IP or DNS name. +worker.node1.port=8009 +worker.node1.host=localhost +worker.node1.type=ajp13 +worker.node1.lbfactor=1 + +# Load-balancing behaviour +worker.loadbalancer.type=lb +worker.loadbalancer.balance_workers=node1 + +# Status worker for managing load balancer +worker.status.type=status + ''; +in +{ + extraModules = [ + { name = "jk"; path = "${pkgs.tomcat_connectors}/modules/mod_jk.so"; } + ]; + + extraConfig = '' +# Where to find workers.properties +JkWorkersFile ${workersProperties} + +# Where to put jk logs +JkLogFile ${config.logDir}/mod_jk.log + +# Set the jk log level [debug/error/info] +JkLogLevel info + +# Select the log format +JkLogStampFormat "[%a %b %d %H:%M:%S %Y]" + +# JkOptions indicates to send SSK KEY SIZE +# Note: Changed from +ForwardURICompat. +# See http://tomcat.apache.org/security-jk.html +JkOptions +ForwardKeySize +ForwardURICompatUnparsed -ForwardDirectories + +# JkRequestLogFormat +JkRequestLogFormat "%w %V %T" + +# Mount your applications +JkMount /__application__/* loadbalancer + +# You can use external file for mount points. +# It will be checked for updates each 60 seconds. +# The format of the file is: /url=worker +# /examples/*=loadbalancer +#JkMountFile uriworkermap.properties + +# Add shared memory. +# This directive is present with 1.2.10 and +# later versions of mod_jk, and is needed for +# for load balancing to work properly +# Note: Replaced JkShmFile logs/jk.shm due to SELinux issues. Refer to +# https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=225452 +JkShmFile ${config.stateDir}/jk.shm + +# Static files in all Tomcat webapp context directories are served by apache +JkAutoAlias /var/tomcat/webapps + +# All requests go to worker by default +JkMount /* loadbalancer +# Serve some static files using httpd +JkUnMount /*.html loadbalancer +JkUnMount /*.jpg loadbalancer +JkUnMount /*.gif loadbalancer +JkUnMount /*.css loadbalancer +JkUnMount /*.png loadbalancer +JkUnMount /*.js loadbalancer + +# Add jkstatus for managing runtime data + +JkMount status +Order deny,allow +Deny from all +Allow from 127.0.0.1 + + ''; +} From 33445eb22172545cede0f750ff67fcf081295400 Mon Sep 17 00:00:00 2001 From: Nicolas Pierron Date: Sun, 22 Feb 2009 16:07:05 +0000 Subject: [PATCH 08/91] * CUPS daemon: modprobe usblp so that CUPS can find USB printers. * CUPS daemon: use Ghostscript to support printing on non-Postscript printers. svn path=/nixos/branches/fix-style/; revision=14163 --- upstart-jobs/cupsd.nix | 19 ++++++++++++++++--- upstart-jobs/default.nix | 2 +- 2 files changed, 17 insertions(+), 4 deletions(-) diff --git a/upstart-jobs/cupsd.nix b/upstart-jobs/cupsd.nix index 1afd9aae4c2..d67fc384324 100644 --- a/upstart-jobs/cupsd.nix +++ b/upstart-jobs/cupsd.nix @@ -1,4 +1,4 @@ -{config, pkgs}: +{config, pkgs, modprobe}: let @@ -16,16 +16,24 @@ let bindir = pkgs.runCommand "cups-progs" {} '' ensureDir $out/lib/cups ln -s ${cups}/lib/cups/* $out/lib/cups/ - + + # Provide support for printing via SMB. rm $out/lib/cups/backend ensureDir $out/lib/cups/backend ln -s ${cups}/lib/cups/backend/* $out/lib/cups/backend/ ln -s ${pkgs.samba}/bin/smbspool $out/lib/cups/backend/smb + + # Provide Ghostscript rasterisation, necessary for non-Postscript + # printers. + rm $out/lib/cups/filter + ensureDir $out/lib/cups/filter + ln -s ${cups}/lib/cups/filter/* $out/lib/cups/filter/ + ln -s ${pkgs.ghostscript}/lib/cups/filter/* $out/lib/cups/filter/ ''; # */ cupsdConfig = pkgs.writeText "cupsd.conf" '' - LogLevel info + LogLevel debug SystemGroup root @@ -96,6 +104,8 @@ in extraPath = [ cups ]; + + job = '' description "CUPS printing daemon" @@ -107,6 +117,9 @@ in mkdir -m 0755 -p ${logDir} mkdir -m 0700 -p /var/cache/cups mkdir -m 0700 -p /var/spool/cups + + # Make USB printers show up. + ${modprobe}/sbin/modprobe usblp || true end script respawn ${cups}/sbin/cupsd -c ${cupsdConfig} -F diff --git a/upstart-jobs/default.nix b/upstart-jobs/default.nix index f66d1106622..9fbef07ce5d 100644 --- a/upstart-jobs/default.nix +++ b/upstart-jobs/default.nix @@ -326,7 +326,7 @@ let # CUPS (printing) daemon. ++ optional config.services.printing.enable (import ../upstart-jobs/cupsd.nix { - inherit config pkgs; + inherit config pkgs modprobe; }) # Gateway6 From 41b1b80d9ebebcf21bdd58851af464e6134da9f9 Mon Sep 17 00:00:00 2001 From: Nicolas Pierron Date: Sun, 22 Feb 2009 16:07:10 +0000 Subject: [PATCH 09/91] * Quick hack to make the `info' command work properly by generating a "dir" file on the fly in a wrapper script. svn path=/nixos/branches/fix-style/; revision=14164 --- helpers/info-wrapper.nix | 29 +++++++++++++++++++++++++++++ system/system.nix | 1 + 2 files changed, 30 insertions(+) create mode 100644 helpers/info-wrapper.nix diff --git a/helpers/info-wrapper.nix b/helpers/info-wrapper.nix new file mode 100644 index 00000000000..0f482dd4c27 --- /dev/null +++ b/helpers/info-wrapper.nix @@ -0,0 +1,29 @@ +# Quick hack to make the `info' command work properly. `info' needs a +# "dir" file containing all the installed Info files, which we don't +# have (it would be impure to have a package installation update some +# global "dir" file). So this wrapper script around "info" builds a +# temporary "dir" file on the fly. This is a bit slow (on a cold +# cache) but not unacceptably so. + +{bash, texinfo, writeScriptBin}: + +writeScriptBin "info" + '' + #! ${bash}/bin/sh + + dir=$(mktemp --tmpdir -d "info.dir.XXXXXX") + + if test -z "$dir"; then exit 1; fi + + trap 'rm -rf "$dir"' EXIT + + shopt -s nullglob + + for i in $(IFS=:; echo $INFOPATH); do + for j in $i/*.info; do + ${texinfo}/bin/install-info --quiet $j $dir/dir + done + done + + INFOPATH=$dir:$INFOPATH ${texinfo}/bin/info "$@" + '' diff --git a/system/system.nix b/system/system.nix index bfa81c5566a..570ba91c96f 100644 --- a/system/system.nix +++ b/system/system.nix @@ -153,6 +153,7 @@ rec { pkgs.usbutils pkgs.utillinux pkgs.wirelesstools + (import ../helpers/info-wrapper.nix {inherit (pkgs) bash texinfo writeScriptBin;}) ] ++ pkgs.lib.optional config.services.bitlbee.enable pkgs.bitlbee ++ pkgs.lib.optional config.networking.defaultMailServer.directDelivery pkgs.ssmtp From 6b1307c6f1e21f6b41932f62da01a246d74ce594 Mon Sep 17 00:00:00 2001 From: Nicolas Pierron Date: Sun, 22 Feb 2009 16:07:16 +0000 Subject: [PATCH 10/91] * Remove a stale lock file that may prevent the X server from starting. svn path=/nixos/branches/fix-style/; revision=14165 --- upstart-jobs/xserver/default.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/upstart-jobs/xserver/default.nix b/upstart-jobs/xserver/default.nix index 0a7a70c7175..33f7542ad04 100644 --- a/upstart-jobs/xserver/default.nix +++ b/upstart-jobs/xserver/default.nix @@ -545,7 +545,9 @@ mkIf cfg.enable { } ${cfg.displayManager.job.beforeScript} - + + rm -f /tmp/.X0-lock + end script ${cfg.displayManager.job.env} From 08a18fc8633b0e1dd003e1311c8cb572e1313d30 Mon Sep 17 00:00:00 2001 From: Nicolas Pierron Date: Sun, 22 Feb 2009 16:07:21 +0000 Subject: [PATCH 11/91] Update argument syntax of configuration files. svn path=/nixos/branches/fix-style/; revision=14166 --- upstart-jobs/guest-users.nix | 2 +- upstart-jobs/manual.nix | 2 +- upstart-jobs/rogue.nix | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/upstart-jobs/guest-users.nix b/upstart-jobs/guest-users.nix index 98fc8a39568..bfd83619c0e 100644 --- a/upstart-jobs/guest-users.nix +++ b/upstart-jobs/guest-users.nix @@ -1,4 +1,4 @@ -{pkgs, config}: +{pkgs, config, ...}: let inherit(pkgs.lib) mkOption; diff --git a/upstart-jobs/manual.nix b/upstart-jobs/manual.nix index 5d658ce7681..c515e95d3dd 100644 --- a/upstart-jobs/manual.nix +++ b/upstart-jobs/manual.nix @@ -1,4 +1,4 @@ -{pkgs, config}: +{pkgs, config, ...}: # Show the NixOS manual on tty7 # Originally used only by installation CD diff --git a/upstart-jobs/rogue.nix b/upstart-jobs/rogue.nix index 75b1a0a9882..0306033adc0 100644 --- a/upstart-jobs/rogue.nix +++ b/upstart-jobs/rogue.nix @@ -1,4 +1,4 @@ -{pkgs, config}: +{pkgs, config, ...}: # Show rogue game on tty8 # Originally used only by installation CD From 77db653dfeffe9a2eeb49eab47767188b53468b6 Mon Sep 17 00:00:00 2001 From: Nicolas Pierron Date: Sun, 22 Feb 2009 16:07:25 +0000 Subject: [PATCH 12/91] Some fixes to the Apache Tomcat connector svn path=/nixos/branches/fix-style/; revision=14167 --- upstart-jobs/apache-httpd/tomcat-connector.nix | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/upstart-jobs/apache-httpd/tomcat-connector.nix b/upstart-jobs/apache-httpd/tomcat-connector.nix index d1186da43fb..f7662c9513f 100644 --- a/upstart-jobs/apache-httpd/tomcat-connector.nix +++ b/upstart-jobs/apache-httpd/tomcat-connector.nix @@ -73,12 +73,12 @@ JkAutoAlias /var/tomcat/webapps # All requests go to worker by default JkMount /* loadbalancer # Serve some static files using httpd -JkUnMount /*.html loadbalancer -JkUnMount /*.jpg loadbalancer -JkUnMount /*.gif loadbalancer -JkUnMount /*.css loadbalancer -JkUnMount /*.png loadbalancer -JkUnMount /*.js loadbalancer +#JkUnMount /*.html loadbalancer +#JkUnMount /*.jpg loadbalancer +#JkUnMount /*.gif loadbalancer +#JkUnMount /*.css loadbalancer +#JkUnMount /*.png loadbalancer +#JkUnMount /*.js loadbalancer # Add jkstatus for managing runtime data From 38aac776692ceb59d4a787db3e8d6a813fd66f74 Mon Sep 17 00:00:00 2001 From: Nicolas Pierron Date: Sun, 22 Feb 2009 16:07:29 +0000 Subject: [PATCH 13/91] Increased the sleep hack on the Tomcat service svn path=/nixos/branches/fix-style/; revision=14168 --- upstart-jobs/tomcat.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/upstart-jobs/tomcat.nix b/upstart-jobs/tomcat.nix index ad4736386d9..233da6abe38 100644 --- a/upstart-jobs/tomcat.nix +++ b/upstart-jobs/tomcat.nix @@ -99,7 +99,7 @@ in end script - respawn ${pkgs.su}/bin/su -s ${pkgs.bash}/bin/sh ${cfg.user} -c 'CATALINA_BASE=${cfg.baseDir} JAVA_HOME=${pkgs.jdk} JAVA_OPTS="${cfg.javaOpts}" CATALINA_OPTS="${cfg.catalinaOpts}" ${pkgs.tomcat6}/bin/startup.sh; sleep 1d' + respawn ${pkgs.su}/bin/su -s ${pkgs.bash}/bin/sh ${cfg.user} -c 'CATALINA_BASE=${cfg.baseDir} JAVA_HOME=${pkgs.jdk} JAVA_OPTS="${cfg.javaOpts}" CATALINA_OPTS="${cfg.catalinaOpts}" ${pkgs.tomcat6}/bin/startup.sh; sleep 1000d' stop script echo "Stopping tomcat..." From 0addac3473fe89802dc6acaaab345571f215a754 Mon Sep 17 00:00:00 2001 From: Nicolas Pierron Date: Sun, 22 Feb 2009 16:07:33 +0000 Subject: [PATCH 14/91] * CUPS: use /etc/cups rather than ${cups}/etc/cups as the ServerRoot, because CUPS modifies files in the ServerRoot directory. Most importantly, it stores printer configuration there. Previously the CUPS server modified the files under ${cups}/etc/cups, which is impure and caused all configured printers to disappear any time CUPS was upgraded. svn path=/nixos/branches/fix-style/; revision=14169 --- upstart-jobs/cupsd.nix | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/upstart-jobs/cupsd.nix b/upstart-jobs/cupsd.nix index d67fc384324..ced164a1308 100644 --- a/upstart-jobs/cupsd.nix +++ b/upstart-jobs/cupsd.nix @@ -40,7 +40,10 @@ let Listen localhost:631 Listen /var/run/cups/cups.sock - ServerRoot ${cups}/etc/cups + # Note: we can't use ${cups}/etc/cups as the ServerRoot, since + # CUPS will write in the ServerRoot when e.g. adding new printers + # through the web interface. + ServerRoot /etc/cups ServerBin ${bindir}/lib/cups @@ -101,11 +104,17 @@ in { name = "cupsd"; - extraPath = [ - cups - ]; + extraPath = [cups]; - + extraEtc = [ + # CUPS expects the following files in its ServerRoot. + { source = "${cups}/etc/cups/mime.convs"; + target = "cups/mime.convs"; + } + { source = "${cups}/etc/cups/mime.types"; + target = "cups/mime.types"; + } + ]; job = '' description "CUPS printing daemon" From 6d283c6319990f49ca2d6f0ba754437de21a4c84 Mon Sep 17 00:00:00 2001 From: Nicolas Pierron Date: Sun, 22 Feb 2009 16:07:37 +0000 Subject: [PATCH 15/91] svn path=/nixos/branches/fix-style/; revision=14170 --- boot/boot-stage-1.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/boot/boot-stage-1.nix b/boot/boot-stage-1.nix index b1fcbd9d76f..4f9131cc533 100644 --- a/boot/boot-stage-1.nix +++ b/boot/boot-stage-1.nix @@ -20,7 +20,7 @@ rec { pkgsKlibc = import "${pkgs.path}/top-level/all-packages.nix" { system = pkgs.stdenv.system; - bootStdenv = pkgs.useKlibc pkgs.stdenv kernelPackages.klibc; + bootStdenv = pkgs.useKlibc pkgs.stdenv pkgs.klibc; }; pkgsStatic = import "${pkgs.path}/top-level/all-packages.nix" { @@ -136,7 +136,7 @@ rec { # command provided by klibc (which isn't capable of # auto-detecting FS types). extraUtils - kernelPackages.klibcShrunk + pkgs.klibcShrunk ]; }; From 0c6afe1dd2e0b283c0ecf5962789559a103db785 Mon Sep 17 00:00:00 2001 From: Nicolas Pierron Date: Sun, 22 Feb 2009 16:07:42 +0000 Subject: [PATCH 16/91] Add Upstart job for PulseAudio as a system-wide daemon. svn path=/nixos/branches/fix-style/; revision=14171 --- system/ids.nix | 2 + system/options.nix | 1 + upstart-jobs/pulseaudio.nix | 94 +++++++++++++++++++++++++++++++++++++ 3 files changed, 97 insertions(+) create mode 100644 upstart-jobs/pulseaudio.nix diff --git a/system/ids.nix b/system/ids.nix index 3838f7138f2..a950ec84db1 100644 --- a/system/ids.nix +++ b/system/ids.nix @@ -19,6 +19,7 @@ dovecot = 15; tomcat = 16; gnunetd = 17; + pulseaudio = 22; # must match `pulseaudio' GID nixbld = 30000; # start of range of uids nobody = 65534; @@ -45,6 +46,7 @@ uucp = 19; lp = 20; tomcat = 21; + pulseaudio = 22; # must match `pulseaudio' UID users = 100; nixbld = 30000; diff --git a/system/options.nix b/system/options.nix index d1748f16f7f..6b0f725ab2f 100644 --- a/system/options.nix +++ b/system/options.nix @@ -2248,6 +2248,7 @@ in (import ../upstart-jobs/manual.nix) (import ../upstart-jobs/rogue.nix) (import ../upstart-jobs/guest-users.nix) + (import ../upstart-jobs/pulseaudio.nix) # fonts (import ../system/fonts.nix) diff --git a/upstart-jobs/pulseaudio.nix b/upstart-jobs/pulseaudio.nix new file mode 100644 index 00000000000..b8497ce12e7 --- /dev/null +++ b/upstart-jobs/pulseaudio.nix @@ -0,0 +1,94 @@ +{pkgs, config, ...}: + +###### interface +let + inherit (pkgs.lib) mkOption; + + uid = (import ../system/ids.nix).uids.pulseaudio; + gid = (import ../system/ids.nix).gids.pulseaudio; + + options = { + services = { + pulseaudio = { + enable = mkOption { + default = false; + description = '' + Whether to enable the PulseAudio system-wide audio server. + Note that the documentation recommends running PulseAudio + daemons per-user rather than system-wide on desktop machines. + ''; + }; + + logLevel = mkOption { + default = "notice"; + example = "debug"; + description = '' + A string denoting the log level: one of + error, warn, + notice, info, + or debug. + ''; + }; + }; + }; + }; +in + +###### implementation + +# For some reason, PulseAudio wants UID == GID. +assert uid == gid; + +{ + require = [ + options + ]; + + environment = { + + extraPackages = + pkgs.lib.optional + (!config.environment.cleanStart) + pkgs.pulseaudio; + }; + + users = { + extraUsers = [ + { name = "pulse"; + inherit uid; + group = "pulse"; + description = "PulseAudio system-wide daemon"; + home = "/var/run/pulse"; + } + ]; + + extraGroups = [ + { name = "pulse"; + inherit gid; + } + ]; + }; + + services = { + extraJobs = [{ + name = "pulseaudio"; + + job = '' + description "PulseAudio system-wide server" + + start on startup + stop on shutdown + + start script + test -d /var/run/pulse || \ + ( mkdir -p --mode 755 /var/run/pulse && \ + chown pulse:pulse /var/run/pulse ) + end script + + respawn ${pkgs.pulseaudio}/bin/pulseaudio \ + --system --daemonize \ + --log-level="${config.services.pulseaudio.logLevel}" + ''; + }]; + }; +} From b0aa88e7a3fd26032d0bd84a7822c1f8f1c382ac Mon Sep 17 00:00:00 2001 From: Nicolas Pierron Date: Sun, 22 Feb 2009 16:07:47 +0000 Subject: [PATCH 17/91] Mount `/dev/shm' (shared memory support). svn path=/nixos/branches/fix-style/; revision=14172 --- boot/boot-stage-2-init.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/boot/boot-stage-2-init.sh b/boot/boot-stage-2-init.sh index f5fd818d3c7..3c69265b51d 100644 --- a/boot/boot-stage-2-init.sh +++ b/boot/boot-stage-2-init.sh @@ -69,6 +69,8 @@ mkdir -m 0755 -p /sys mount -t sysfs none /sys mkdir -m 0755 -p /dev mount -t tmpfs -o "mode=0755" none /dev +mkdir -m 0777 /dev/shm +mount -t tmpfs -o "rw,nosuid,nodev" tmpfs /dev/shm mkdir -m 0755 -p /dev/pts mount -t devpts none /dev/pts [ -e /proc/bus/usb ] && mount -t usbfs none /proc/bus/usb # uml doesn't have usb by default From d92d0e98f4981df5139e41c6ca2402f15db87c5d Mon Sep 17 00:00:00 2001 From: Nicolas Pierron Date: Sun, 22 Feb 2009 16:07:52 +0000 Subject: [PATCH 18/91] PulseAudio Upstart job: honor `enable'. svn path=/nixos/branches/fix-style/; revision=14173 --- upstart-jobs/pulseaudio.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/upstart-jobs/pulseaudio.nix b/upstart-jobs/pulseaudio.nix index b8497ce12e7..173f96db7fc 100644 --- a/upstart-jobs/pulseaudio.nix +++ b/upstart-jobs/pulseaudio.nix @@ -2,7 +2,7 @@ ###### interface let - inherit (pkgs.lib) mkOption; + inherit (pkgs.lib) mkOption mkIf; uid = (import ../system/ids.nix).uids.pulseaudio; gid = (import ../system/ids.nix).gids.pulseaudio; @@ -39,7 +39,7 @@ in # For some reason, PulseAudio wants UID == GID. assert uid == gid; -{ +mkIf config.services.pulseaudio.enable { require = [ options ]; From 09bcf1418cbfa8e203fc36f98cbb8a39a5d08516 Mon Sep 17 00:00:00 2001 From: Nicolas Pierron Date: Sun, 22 Feb 2009 16:07:56 +0000 Subject: [PATCH 19/91] * Start mingetty after udev, otherwise /dev/tty* may not exist yet (and you get Upstart messages about the ttyN job being restarted). svn path=/nixos/branches/fix-style/; revision=14174 --- upstart-jobs/mingetty.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/upstart-jobs/mingetty.nix b/upstart-jobs/mingetty.nix index 1d821e789b7..8f50ea5c9db 100644 --- a/upstart-jobs/mingetty.nix +++ b/upstart-jobs/mingetty.nix @@ -3,7 +3,7 @@ { name = "tty" + toString ttyNumber; job = " - start on startup + start on udev stop on shutdown respawn ${mingetty}/sbin/mingetty --loginprog=${loginProgram} --noclear tty${toString ttyNumber} "; From ad36ce1f5b56d30188c7429418a70b68a01182e5 Mon Sep 17 00:00:00 2001 From: Nicolas Pierron Date: Sun, 22 Feb 2009 16:08:00 +0000 Subject: [PATCH 20/91] * Don't run fsck on journalling file systems. Instead assume that the file system driver will replay the journal at mount-time in case of an unclean shutdown. For ext3 at least this is *much* faster. svn path=/nixos/branches/fix-style/; revision=14175 --- boot/boot-stage-1-init.sh | 115 ++++++++++++++++++++------------------ 1 file changed, 62 insertions(+), 53 deletions(-) diff --git a/boot/boot-stage-1-init.sh b/boot/boot-stage-1-init.sh index c6d7214028c..c9930c30bbc 100644 --- a/boot/boot-stage-1-init.sh +++ b/boot/boot-stage-1-init.sh @@ -140,24 +140,69 @@ if test -n "$debug1devices"; then fail; fi # Return true if the machine is on AC power, or if we can't determine # whether it's on AC power. -onACPower () { +onACPower() { if test -d "/proc/acpi/battery"; then - if ls /proc/acpi/battery/BAT[0-9]* > /dev/null 2>&1; then - if cat /proc/acpi/battery/BAT*/state \ - | grep "^charging state" \ - | grep -q "discharg" ; then - false - else - true - fi - else - true - fi + if ls /proc/acpi/battery/BAT[0-9]* > /dev/null 2>&1; then + if cat /proc/acpi/battery/BAT*/state \ + | grep "^charging state" \ + | grep -q "discharg" ; then + false + else + true + fi + else + true + fi else - true + true fi } + +# Check the specified file system, if appropriate. +checkFS() { + # Only check block devices. + if ! test -b "$device"; then return 0; fi + + # For unclean ext3 file systems, fsck.ext3 should just replay the + # journal and exit, but in practice this takes *much* longer than + # letting the kernel recover the FS. So, don't run fsck on + # journalling file systems. + eval $(fstype "$device") + if test "$FSTYPE" = ext3 -o "$FSTYPE" = ext4 -o "$FSTYPE" = reiserfs -o "$FSTYPE" = xfs -o "$FSTYPE" = jfs; then + return 0; + fi + + # Don't run `fsck' if the machine is on battery power. !!! Is + # this a good idea? + if ! onACPower; then + echo "on battery power, so \`fsck' not run on \`$device'" + return 0 + fi + + FSTAB_FILE="/etc/mtab" fsck -V -v -C -a "$device" + fsckResult=$? + + if test $(($fsckResult | 2)) = $fsckResult; then + echo "fsck finished, rebooting..." + sleep 3 + reboot + fi + + if test $(($fsckResult | 4)) = $fsckResult; then + echo "$device has unrepaired errors, please fix them manually." + fail + fi + + if test $fsckResult -ge 8; then + echo "fsck on $device failed." + fail + fi + + return 0 +} + + # Function for mounting a file system. mountFS() { local device="$1" @@ -165,44 +210,8 @@ mountFS() { local options="$3" local fsType="$4" - # Check the root device, if . - mustCheck= - if test -b "$device"; then - mustCheck=1 - else - case $device in - LABEL=*) - mustCheck=1 - ;; - esac - fi - - if test -n "$mustCheck"; then - if onACPower; then - FSTAB_FILE="/etc/mtab" fsck -V -v -C -a "$device" - fsckResult=$? - - if test $(($fsckResult | 2)) = $fsckResult; then - echo "fsck finished, rebooting..." - sleep 3 - reboot - fi - - if test $(($fsckResult | 4)) = $fsckResult; then - echo "$device has unrepaired errors, please fix them manually." - fail - fi - - if test $fsckResult -ge 8; then - echo "fsck on $device failed." - fail - fi - else - # Don't run `fsck' if the machine is on battery power. - echo "on battery power, so \`fsck' not run on \`$device'" - fi - fi - + checkFS "$device" + # Mount read-writable. mount -t "$fsType" -o "$options" "$device" /mnt-root$mountPoint || fail } @@ -224,8 +233,8 @@ for ((n = 0; n < ${#mountPoints[*]}; n++)); do # !!! Really quick hack to support bind mounts, i.e., where the # "device" should be taken relative to /mnt-root, not /. Assume - # that every device that start with / but doesn't start with /dev - # or LABEL= is a bind mount. + # that every device that starts with / but doesn't start with /dev + # is a bind mount. case $device in /dev/*) ;; From 840dac3fec14689395f7597305cad04a4c106ac2 Mon Sep 17 00:00:00 2001 From: Nicolas Pierron Date: Sun, 22 Feb 2009 16:08:05 +0000 Subject: [PATCH 21/91] Making the 'via' video module available in the xserver upstart-job. svn path=/nixos/branches/fix-style/; revision=14176 --- upstart-jobs/xserver/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/upstart-jobs/xserver/default.nix b/upstart-jobs/xserver/default.nix index 33f7542ad04..501597c12f2 100644 --- a/upstart-jobs/xserver/default.nix +++ b/upstart-jobs/xserver/default.nix @@ -297,6 +297,7 @@ let intel = { modules = [xorg.xf86videointel]; }; nv = { modules = [xorg.xf86videonv]; }; ati = { modules = [xorg.xf86videoati]; }; + via = { modules = [xorg.xf86videovia]; }; }; # Get a bunch of user settings. From 6c703347a818a8659381f4c8b2063e36499d9011 Mon Sep 17 00:00:00 2001 From: Nicolas Pierron Date: Sun, 22 Feb 2009 16:08:09 +0000 Subject: [PATCH 22/91] * Symlink fsck.ext[234] to e2fsck. This makes the initrd 600 KB smaller. svn path=/nixos/branches/fix-style/; revision=14177 --- boot/boot-stage-1.nix | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/boot/boot-stage-1.nix b/boot/boot-stage-1.nix index 4f9131cc533..bbf48fd00ff 100644 --- a/boot/boot-stage-1.nix +++ b/boot/boot-stage-1.nix @@ -72,10 +72,13 @@ rec { cp $lvm2/sbin/lvm.static $out/bin/lvm fi cp $utillinux/bin/mount $utillinux/bin/umount $utillinux/sbin/pivot_root $out/bin - cp -p $e2fsprogs/sbin/fsck* $e2fsprogs/sbin/e2fsck $e2fsprogs/sbin/tune2fs $out/bin + cp -pd $e2fsprogs/sbin/fsck $e2fsprogs/sbin/e2fsck $e2fsprogs/sbin/tune2fs $out/bin + ln -s e2fsck $out/bin/fsck.ext2 + ln -s e2fsck $out/bin/fsck.ext3 + ln -s e2fsck $out/bin/fsck.ext4 cp $udev/sbin/udevd $udev/sbin/udevadm $out/bin cp $udev/lib/udev/*_id $out/bin - nuke-refs $out/bin/* + for i in $out/bin/*; do if ! test -L $i; then nuke-refs $i; fi; done ''; # */ From 38e8cf175f05e4cf7305699e2f099b45f9ee09a2 Mon Sep 17 00:00:00 2001 From: Nicolas Pierron Date: Sun, 22 Feb 2009 16:08:13 +0000 Subject: [PATCH 23/91] * Use normal, dynamically linked binaries for e2fsck, lvm etc. in the initrd instead of a mix of dietlibc, klibc and static-glibc based binaries. This works by copying what we need from Glibc into the initrd and using patchelf to set the ELF interpreter and RPATH correctly. The resulting initrd is about 500 KB smaller, but more importantly, it's much easier to maintain - all those dietlibc/klibc/static-glibc builds frequently cause build problems. svn path=/nixos/branches/fix-style/; revision=14178 --- boot/boot-stage-1-init.sh | 15 ++--- boot/boot-stage-1.nix | 123 ++++++++++++++++++++++---------------- 2 files changed, 80 insertions(+), 58 deletions(-) diff --git a/boot/boot-stage-1-init.sh b/boot/boot-stage-1-init.sh index c9930c30bbc..b3b2292beaa 100644 --- a/boot/boot-stage-1-init.sh +++ b/boot/boot-stage-1-init.sh @@ -1,7 +1,9 @@ -#! @staticShell@ +#! @shell@ targetRoot=/mnt/root +export LD_LIBRARY_PATH=@extraUtils@/lib + errorDialog() { timeout=15 @@ -14,13 +16,13 @@ errorDialog() { read -t $timeout reply case $reply in f) - exec @staticShell@;; + exec @shell@;; i) echo echo "Quit interactive shell with exit status of" echo " 0 : to continue" echo " non-zero : to get this dialog again" - @staticShell@ || fail + @shell@ || fail ;; *) echo continuing ignoring error;; @@ -299,7 +301,6 @@ umount /proc exec run-init "$targetRoot" "$stage2Init" echo -echo $1 failed running "$stage2Init" -echo "It's your last chance to fix things manually without rebooting" -echo "finally switching to interactive shell pid 1" -export $stage2Init; exec @staticShell@ +echo "$1: failed running $stage2Init" +echo "Dropping into a root shell..." +export $stage2Init; exec @shell@ diff --git a/boot/boot-stage-1.nix b/boot/boot-stage-1.nix index bbf48fd00ff..7b7f5503d0b 100644 --- a/boot/boot-stage-1.nix +++ b/boot/boot-stage-1.nix @@ -13,26 +13,6 @@ in rec { - pkgsDiet = import "${pkgs.path}/top-level/all-packages.nix" { - system = pkgs.stdenv.system; - bootStdenv = pkgs.useDietLibC pkgs.stdenv; - }; - - pkgsKlibc = import "${pkgs.path}/top-level/all-packages.nix" { - system = pkgs.stdenv.system; - bootStdenv = pkgs.useKlibc pkgs.stdenv pkgs.klibc; - }; - - pkgsStatic = import "${pkgs.path}/top-level/all-packages.nix" { - system = pkgs.stdenv.system; - bootStdenv = pkgs.makeStaticBinaries pkgs.stdenv; - }; - - stdenvLinuxStuff = import "${pkgs.path}/stdenv/linux" { - system = pkgs.stdenv.system; - allPackages = import "${pkgs.path}/top-level/all-packages.nix"; - }; - # Determine the set of modules that we need to mount the root FS. modulesClosure = pkgs.makeModulesClosure { @@ -44,41 +24,82 @@ rec { }; - udev = pkgsKlibc.udev; - - - # Some additional utilities needed in stage 1, notably mount. We - # don't want to bring in all of util-linux, so we just copy what we - # need. + # Some additional utilities needed in stage 1, like mount, lvm, fsck + # etc. We don't want to bring in all of those packages, so we just + # copy what we need. Instead of using statically linked binaries, + # we just copy what we need from Glibc and use patchelf to make it + # work. extraUtils = pkgs.runCommand "extra-utils" { buildInputs = [pkgs.nukeReferences]; - inherit (pkgsStatic) utillinux; - inherit udev; - e2fsprogs = pkgsDiet.e2fsprogs; - devicemapper = - if config.boot.initrd.lvm - then assert pkgs.devicemapper.enableStatic; pkgs.devicemapper - else null; - lvm2 = - if config.boot.initrd.lvm - then assert pkgs.lvm2.enableStatic; pkgs.lvm2 - else null; - allowedReferences = []; # prevent accidents like glibc being included in the initrd + devicemapper = if config.boot.initrd.lvm then pkgs.devicemapper else null; + lvm2 = if config.boot.initrd.lvm then pkgs.lvm2 else null; + allowedReferences = ["out"]; # prevent accidents like glibc being included in the initrd } '' ensureDir $out/bin - if test -n "$devicemapper"; then - cp $devicemapper/sbin/dmsetup.static $out/bin/dmsetup - cp $lvm2/sbin/lvm.static $out/bin/lvm - fi - cp $utillinux/bin/mount $utillinux/bin/umount $utillinux/sbin/pivot_root $out/bin - cp -pd $e2fsprogs/sbin/fsck $e2fsprogs/sbin/e2fsck $e2fsprogs/sbin/tune2fs $out/bin + ensureDir $out/lib + + # Copy what we need from Glibc. + cp -p ${pkgs.glibc}/lib/ld-linux*.so.2 $out/lib + cp -p ${pkgs.glibc}/lib/libc.so.* $out/lib + cp -p ${pkgs.glibc}/lib/libpthread.so.* $out/lib + cp -p ${pkgs.glibc}/lib/librt.so.* $out/lib + cp -p ${pkgs.glibc}/lib/libdl.so.* $out/lib + + # Copy some utillinux stuff. + cp ${pkgs.utillinux}/bin/mount ${pkgs.utillinux}/bin/umount ${pkgs.utillinux}/sbin/pivot_root $out/bin + + # Copy e2fsck and friends. + cp ${pkgs.e2fsprogs}/sbin/e2fsck $out/bin + cp ${pkgs.e2fsprogs}/sbin/tune2fs $out/bin + cp ${pkgs.e2fsprogs}/sbin/fsck $out/bin ln -s e2fsck $out/bin/fsck.ext2 ln -s e2fsck $out/bin/fsck.ext3 ln -s e2fsck $out/bin/fsck.ext4 - cp $udev/sbin/udevd $udev/sbin/udevadm $out/bin - cp $udev/lib/udev/*_id $out/bin - for i in $out/bin/*; do if ! test -L $i; then nuke-refs $i; fi; done + + cp -pd ${pkgs.e2fsprogs}/lib/lib*.so.* $out/lib + + # Copy devicemapper and lvm, if we need it. + if test -n "$devicemapper"; then + cp $devicemapper/sbin/dmsetup $out/bin/dmsetup + cp $devicemapper/lib/libdevmapper.so.*.* $out/lib + cp $lvm2/sbin/lvm $out/bin/lvm + fi + + # Copy udev. + cp ${pkgs.udev}/sbin/udevd ${pkgs.udev}/sbin/udevadm $out/bin + cp ${pkgs.udev}/lib/udev/*_id $out/bin + cp ${pkgs.udev}/lib/libvolume_id.so.* $out/lib + + # Copy bash. + cp ${pkgs.bash}/bin/bash $out/bin + ln -s bash $out/bin/sh + + # Run patchelf to make the programs refer to the copied libraries. + for i in $out/bin/* $out/lib/*; do if ! test -L $i; then nuke-refs $i; fi; done + + for i in $out/bin/*; do + if ! test -L $i; then + echo "patching $i..." + patchelf --set-interpreter $out/lib/ld-linux*.so.2 --set-rpath $out/lib $i || true + fi + done + + # Make sure that the patchelf'ed binaries still work. + echo "testing patched programs..." + $out/bin/bash --version + export LD_LIBRARY_PATH=$out/lib + $out/bin/mount --version + $out/bin/umount --version + $out/bin/e2fsck -V + $out/bin/tune2fs 2> /dev/null | grep "tune2fs " + $out/bin/fsck -N + $out/bin/udevadm --version + $out/bin/vol_id 2>&1 | grep "no device" + if test -n "$devicemapper"; then + $out/bin/dmsetup --version | grep "version:" + LVM_SYSTEM_DIR=$out $out/bin/lvm 2>&1 | grep "LVM" + fi ''; # */ @@ -94,7 +115,7 @@ rec { name = "udev-rules"; buildCommand = '' ensureDir $out - cp ${udev}/*/udev/rules.d/60-persistent-storage.rules $out/ + cp ${pkgs.udev}/*/udev/rules.d/60-persistent-storage.rules $out/ substituteInPlace $out/60-persistent-storage.rules \ --replace ata_id ${extraUtils}/bin/ata_id \ --replace usb_id ${extraUtils}/bin/usb_id \ @@ -117,11 +138,11 @@ rec { bootStage1 = pkgs.substituteAll { src = ./boot-stage-1-init.sh; + shell = "${extraUtils}/bin/bash"; + isExecutable = true; - staticShell = stdenvLinuxStuff.bootstrapTools.bash; - - inherit modulesClosure udevConf; + inherit modulesClosure udevConf extraUtils; inherit (config.boot) isLiveCD resumeDevice; From f28c8ca553895aeca6ba6bc23e6bec321d39fdd9 Mon Sep 17 00:00:00 2001 From: Nicolas Pierron Date: Sun, 22 Feb 2009 16:08:17 +0000 Subject: [PATCH 24/91] * Remove /var/lock on startup. * Remove /etc/mtab on startup. This fixes the warning on startup when catting /proc/mount to /etc/mtab. svn path=/nixos/branches/fix-style/; revision=14179 --- boot/boot-stage-2-init.sh | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/boot/boot-stage-2-init.sh b/boot/boot-stage-2-init.sh index 3c69265b51d..a5f94bf2ad2 100644 --- a/boot/boot-stage-2-init.sh +++ b/boot/boot-stage-2-init.sh @@ -30,8 +30,9 @@ test -e /etc/fstab || touch /etc/fstab # to shut up mount mkdir -m 0755 -p /proc mount -n -t proc none /proc [ -s /etc/mtab ] && rm /etc/mtab # while installing a symlink is created (see man mount), if it's still there for whateever reason remove it + +rm -f /etc/mtab cat /proc/mounts > /etc/mtab -mkdir -m 0755 -p /etc/nixos # Process the kernel command line. @@ -80,10 +81,12 @@ mkdir -m 0755 -p /nix/var mkdir -m 0700 -p /root mkdir -m 0755 -p /bin # for the /bin/sh symlink mkdir -m 0755 -p /home +mkdir -m 0755 -p /etc/nixos # Miscellaneous boot time cleanup. rm -rf /var/run +rm -rf /var/lock #echo -n "cleaning \`/tmp'..." #rm -rf --one-file-system /tmp/* From 128699688a1fb6812d9a22c7f9f95902a8e03d1d Mon Sep 17 00:00:00 2001 From: Nicolas Pierron Date: Sun, 22 Feb 2009 16:08:22 +0000 Subject: [PATCH 25/91] * Run the ACPI daemon. This allows the system to respond to ACPI events, like pressing the power button. The NVIDIA X11 driver also needs it to respond to the internal/external monitor switch button on laptops. The power actions should of course be made configurable. svn path=/nixos/branches/fix-style/; revision=14180 --- upstart-jobs/acpid.nix | 42 ++++++++++++++++++++++++++++++++++++++++ upstart-jobs/default.nix | 6 ++++++ 2 files changed, 48 insertions(+) create mode 100644 upstart-jobs/acpid.nix diff --git a/upstart-jobs/acpid.nix b/upstart-jobs/acpid.nix new file mode 100644 index 00000000000..5bd1fa63590 --- /dev/null +++ b/upstart-jobs/acpid.nix @@ -0,0 +1,42 @@ +{pkgs, config, ...}: + +let + + acpiConfDir = pkgs.runCommand "acpi-events" {} + '' + ensureDir $out + ln -s ${acpiConfFile} $out/events.conf + ''; + + acpiConfFile = pkgs.writeText "acpi.conf" + '' + event=button/power.* + action=${powerEventHandler} "%e" + ''; + + # Called when the power button is pressed. + powerEventHandler = pkgs.writeScript "acpi-power.sh" + '' + #! ${pkgs.bash}/bin/sh + # Suspend to RAM. + #echo mem > /sys/power/state + exit 0 + ''; + +in + +{ + name = "acpid"; + + extraPath = [pkgs.acpid]; + + job = '' + description "ACPI daemon" + + start on udev + stop on shutdown + + respawn ${pkgs.acpid}/sbin/acpid --foreground --confdir ${acpiConfDir} + ''; + +} diff --git a/upstart-jobs/default.nix b/upstart-jobs/default.nix index 9fbef07ce5d..9fb19188581 100644 --- a/upstart-jobs/default.nix +++ b/upstart-jobs/default.nix @@ -360,6 +360,12 @@ let inherit (config.services.bitlbee) portNumber interface; }) + # ACPI daemon. + ++ optional true /* !!! need some option */ + (import ../upstart-jobs/acpid.nix { + inherit config pkgs; + }) + # Postfix mail server. ++ optional config.services.postfix.enable (import ../upstart-jobs/postfix.nix { From be4a0494b827affffeccef2462ae55d85e2f5dc8 Mon Sep 17 00:00:00 2001 From: Nicolas Pierron Date: Sun, 22 Feb 2009 16:08:28 +0000 Subject: [PATCH 26/91] * Suspend when the laptop lid is closed. svn path=/nixos/branches/fix-style/; revision=14181 --- upstart-jobs/acpid.nix | 19 +++++++++++++++++++ upstart-jobs/hal.nix | 2 ++ 2 files changed, 21 insertions(+) diff --git a/upstart-jobs/acpid.nix b/upstart-jobs/acpid.nix index 5bd1fa63590..efd608e1353 100644 --- a/upstart-jobs/acpid.nix +++ b/upstart-jobs/acpid.nix @@ -12,6 +12,9 @@ let '' event=button/power.* action=${powerEventHandler} "%e" + + event=button/lid.* + action=${lidEventHandler} "%e" ''; # Called when the power button is pressed. @@ -23,6 +26,22 @@ let exit 0 ''; + # Called when the laptop lid is opened/closed. + lidEventHandler = pkgs.writeScript "acpi-lid.sh" + '' + #! ${pkgs.bash}/bin/sh + + # Suspend to RAM if the lid is closed. (We also get this event + # when the lid just opened, in which case we obviously don't + # want to suspend again.) + if grep -q closed /proc/acpi/button/lid/LID/state; then + sync + echo mem > /sys/power/state + fi + + exit 0 + ''; + in { diff --git a/upstart-jobs/hal.nix b/upstart-jobs/hal.nix index 181341fdcf4..96982341080 100644 --- a/upstart-jobs/hal.nix +++ b/upstart-jobs/hal.nix @@ -44,6 +44,8 @@ let job = '' description "HAL daemon" + # !!! TODO: make sure that HAL starts after acpid, + # otherwise hald-addon-acpi will grab /proc/acpi/event. start on dbus stop on shutdown From 094aee7467cf4c9905b7a3e80151ee910b624036 Mon Sep 17 00:00:00 2001 From: Nicolas Pierron Date: Sun, 22 Feb 2009 16:08:33 +0000 Subject: [PATCH 27/91] * acpid: switch to the ondemand CPU scaling governer when on battery power. Disabled acpid by default because it's not configurable enough yet. svn path=/nixos/branches/fix-style/; revision=14182 --- system/options.nix | 14 ++++++++++++++ upstart-jobs/acpid.nix | 16 ++++++++++++++-- upstart-jobs/default.nix | 2 +- 3 files changed, 29 insertions(+), 3 deletions(-) diff --git a/system/options.nix b/system/options.nix index 6b0f725ab2f..6e165c3b00a 100644 --- a/system/options.nix +++ b/system/options.nix @@ -2186,7 +2186,20 @@ in }; }; + + + powerManagement = { + + enable = mkOption { + default = false; + description = " + Whether to enable power management. + "; + }; + + }; + nesting = { children = mkOption { default = []; @@ -2196,6 +2209,7 @@ in }; }; + passthru = mkOption { default = {}; description = " diff --git a/upstart-jobs/acpid.nix b/upstart-jobs/acpid.nix index efd608e1353..3a7df58bbaf 100644 --- a/upstart-jobs/acpid.nix +++ b/upstart-jobs/acpid.nix @@ -15,6 +15,9 @@ let event=button/lid.* action=${lidEventHandler} "%e" + + event=ac_adapter.* + action=${acEventHandler} "%e" ''; # Called when the power button is pressed. @@ -23,7 +26,6 @@ let #! ${pkgs.bash}/bin/sh # Suspend to RAM. #echo mem > /sys/power/state - exit 0 ''; # Called when the laptop lid is opened/closed. @@ -38,8 +40,18 @@ let sync echo mem > /sys/power/state fi + ''; - exit 0 + # Called when the AC power is connected or disconnected. + acEventHandler = pkgs.writeScript "ac-power.sh" + '' + #! ${pkgs.bash}/bin/sh + + if grep -q "state:.*on-line" /proc/acpi/ac_adapter/AC/state; then + echo performance > /sys/devices/system/cpu/cpu0/cpufreq/scaling_governor + elif grep -q "state:.*off-line" /proc/acpi/ac_adapter/AC/state; then + echo ondemand > /sys/devices/system/cpu/cpu0/cpufreq/scaling_governor + fi ''; in diff --git a/upstart-jobs/default.nix b/upstart-jobs/default.nix index 9fb19188581..ea5d8fcdbe0 100644 --- a/upstart-jobs/default.nix +++ b/upstart-jobs/default.nix @@ -361,7 +361,7 @@ let }) # ACPI daemon. - ++ optional true /* !!! need some option */ + ++ optional config.powerManagement.enable (import ../upstart-jobs/acpid.nix { inherit config pkgs; }) From 802d4f02c4f69741026dcef5d97d29e24674481f Mon Sep 17 00:00:00 2001 From: Nicolas Pierron Date: Sun, 22 Feb 2009 16:08:37 +0000 Subject: [PATCH 28/91] * Generate the acpid configuration properly: each config file can only contain one event. svn path=/nixos/branches/fix-style/; revision=14183 --- upstart-jobs/acpid.nix | 86 +++++++++++++++++++++++------------------- 1 file changed, 48 insertions(+), 38 deletions(-) diff --git a/upstart-jobs/acpid.nix b/upstart-jobs/acpid.nix index 3a7df58bbaf..e2eb702bcd4 100644 --- a/upstart-jobs/acpid.nix +++ b/upstart-jobs/acpid.nix @@ -5,54 +5,64 @@ let acpiConfDir = pkgs.runCommand "acpi-events" {} '' ensureDir $out - ln -s ${acpiConfFile} $out/events.conf + ${ + # Generate a .conf file for each event. (You can't have + # multiple events in one config file...) + let f = event: + '' + fn=$out/${event.name}.conf + echo "event=${event.event}" > $fn + echo "action=${pkgs.writeScript "${event.name}.sh" event.action}" >> $fn + ''; + in pkgs.lib.concatMapStrings f events + } ''; - acpiConfFile = pkgs.writeText "acpi.conf" - '' - event=button/power.* - action=${powerEventHandler} "%e" - - event=button/lid.* - action=${lidEventHandler} "%e" - - event=ac_adapter.* - action=${acEventHandler} "%e" - ''; + events = [powerEvent lidEvent acEvent]; # Called when the power button is pressed. - powerEventHandler = pkgs.writeScript "acpi-power.sh" - '' - #! ${pkgs.bash}/bin/sh - # Suspend to RAM. - #echo mem > /sys/power/state - ''; + powerEvent = + { name = "power-button"; + event = "button/power.*"; + action = + '' + #! ${pkgs.bash}/bin/sh + ''; + }; # Called when the laptop lid is opened/closed. - lidEventHandler = pkgs.writeScript "acpi-lid.sh" - '' - #! ${pkgs.bash}/bin/sh + lidEvent = + { name = "lid"; + event = "button/lid.*"; + action = + '' + #! ${pkgs.bash}/bin/sh - # Suspend to RAM if the lid is closed. (We also get this event - # when the lid just opened, in which case we obviously don't - # want to suspend again.) - if grep -q closed /proc/acpi/button/lid/LID/state; then - sync - echo mem > /sys/power/state - fi - ''; + # Suspend to RAM if the lid is closed. (We also get this event + # when the lid just opened, in which case we obviously don't + # want to suspend again.) + if grep -q closed /proc/acpi/button/lid/LID/state; then + sync + echo mem > /sys/power/state + fi + ''; + }; # Called when the AC power is connected or disconnected. - acEventHandler = pkgs.writeScript "ac-power.sh" - '' - #! ${pkgs.bash}/bin/sh + acEvent = + { name = "ac-power"; + event = "ac_adapter.*"; + action = + '' + #! ${pkgs.bash}/bin/sh - if grep -q "state:.*on-line" /proc/acpi/ac_adapter/AC/state; then - echo performance > /sys/devices/system/cpu/cpu0/cpufreq/scaling_governor - elif grep -q "state:.*off-line" /proc/acpi/ac_adapter/AC/state; then - echo ondemand > /sys/devices/system/cpu/cpu0/cpufreq/scaling_governor - fi - ''; + if grep -q "state:.*on-line" /proc/acpi/ac_adapter/AC/state; then + echo performance > /sys/devices/system/cpu/cpu0/cpufreq/scaling_governor + elif grep -q "state:.*off-line" /proc/acpi/ac_adapter/AC/state; then + echo ondemand > /sys/devices/system/cpu/cpu0/cpufreq/scaling_governor + fi + ''; + }; in From 86f5d9dace5cd403c6fbfc4f342e753376c1371a Mon Sep 17 00:00:00 2001 From: Nicolas Pierron Date: Sun, 22 Feb 2009 16:08:41 +0000 Subject: [PATCH 29/91] added hint about how to get the swap partion kernel node numbers svn path=/nixos/branches/fix-style/; revision=14184 --- system/options.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/system/options.nix b/system/options.nix index 6e165c3b00a..babd4cfc162 100644 --- a/system/options.nix +++ b/system/options.nix @@ -34,7 +34,7 @@ in example = "0:0"; description = " Device for manual resume attempt during boot. Looks like - major:minor . + major:minor. ls -l /dev/SWAP_PARTION shows them. "; }; From e79dbaad55766ab8144718fea39775ad0706d1fd Mon Sep 17 00:00:00 2001 From: Nicolas Pierron Date: Sun, 22 Feb 2009 16:08:46 +0000 Subject: [PATCH 30/91] * Support for KDE 4.2. Set services.xserver.desktopManager.kde4.enable to true to enable. It looks great ;-) svn path=/nixos/branches/fix-style/; revision=14185 --- .../xserver/desktopManager/default.nix | 1 + upstart-jobs/xserver/desktopManager/kde4.nix | 69 +++++++++++++++++++ 2 files changed, 70 insertions(+) create mode 100644 upstart-jobs/xserver/desktopManager/kde4.nix diff --git a/upstart-jobs/xserver/desktopManager/default.nix b/upstart-jobs/xserver/desktopManager/default.nix index ab1271e69ae..7ea49571698 100644 --- a/upstart-jobs/xserver/desktopManager/default.nix +++ b/upstart-jobs/xserver/desktopManager/default.nix @@ -10,6 +10,7 @@ in { require = [ (import ./kde.nix) + (import ./kde4.nix) (import ./gnome.nix) (import ./xterm.nix) (import ./none.nix) diff --git a/upstart-jobs/xserver/desktopManager/kde4.nix b/upstart-jobs/xserver/desktopManager/kde4.nix new file mode 100644 index 00000000000..2694057720b --- /dev/null +++ b/upstart-jobs/xserver/desktopManager/kde4.nix @@ -0,0 +1,69 @@ +{pkgs, config, ...}: + +let + inherit (pkgs.lib) mkOption mkIf; + cfg = config.services.xserver.desktopManager.kde; + xorg = config.services.xserver.package; + + options = { services = { xserver = { desktopManager = { + + kde4 = { + enable = mkOption { + default = false; + example = true; + description = "Enable the kde 4 desktop manager."; + }; + }; + + }; }; }; }; +in + +mkIf cfg.enable { + require = options; + + services = { + xserver = { + + desktopManager = { + session = [{ + name = "kde4"; + start = '' + # Start KDE. + export KDEDIRS=$HOME/.nix-profile:/nix/var/nix/profiles/default:${pkgs.kde42.kdelibs}:${pkgs.kde42.kdebase}:${pkgs.kde42.kdebase_runtime}:${pkgs.kde42.kdebase_workspace} + export XDG_CONFIG_DIRS=${pkgs.kde42.kdelibs}/etc/xdg:${pkgs.kde42.kdebase_runtime}/etc/xdg:${pkgs.kde42.kdebase_workspace}/etc/xdg + export XDG_DATA_DIRS=${pkgs.kde42.kdelibs}/share:${pkgs.kde42.kdebase}/share:${pkgs.kde42.kdebase_runtime}/share:${pkgs.kde42.kdebase_workspace}/share:${pkgs.shared_mime_info}/share + exec ${pkgs.kde42.kdebase_workspace}/bin/startkde + ''; + }]; + }; + + }; + }; + + security = { + extraSetuidPrograms = [ + "kcheckpass" + ]; + }; + + environment = { + extraPackages = [ + xorg.xmessage # so that startkde can show error messages + pkgs.qt4 # needed for qdbus + pkgs.kde42.kdelibs + pkgs.kde42.kdebase + pkgs.kde42.kdebase_runtime + pkgs.kde42.kdebase_workspace + xorg.xset # used by startkde, non-essential + ]; + + etc = [ + { source = ../../../etc/pam.d/kde; + target = "pam.d/kde"; + } + { source = "${pkgs.xkeyboard_config}/etc/X11/xkb"; + target = "X11/xkb"; + } + ]; + }; +} From a4fc915634bdc56486575308fbf29c7499086672 Mon Sep 17 00:00:00 2001 From: Nicolas Pierron Date: Sun, 22 Feb 2009 16:08:51 +0000 Subject: [PATCH 31/91] commented out theme because url is broken svn path=/nixos/branches/fix-style/; revision=14186 --- installer/cd-dvd/rescue-cd.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/installer/cd-dvd/rescue-cd.nix b/installer/cd-dvd/rescue-cd.nix index 66c707c77a7..d069c4351f9 100644 --- a/installer/cd-dvd/rescue-cd.nix +++ b/installer/cd-dvd/rescue-cd.nix @@ -148,12 +148,14 @@ rec { sha256 = "0sdykpziij1f3w4braq8r8nqg4lnsd7i7gi1k5d7c31m2q3b9a7r"; }; } + /* url is broken { tty = 8; theme = pkgs.fetchurl { url = http://www.bootsplash.de/files/themes/Theme-GNU.tar.bz2; md5 = "61969309d23c631e57b0a311102ef034"; }; } + */ ]; }; From b1164d8daef76ce702691513648b6775212ad423 Mon Sep 17 00:00:00 2001 From: Nicolas Pierron Date: Sun, 22 Feb 2009 16:08:55 +0000 Subject: [PATCH 32/91] added sshfsFuse and screen to rescue-cd.nix sshsfsFuse so that you can get packages from another machine easily screen so that you can copy paste easily svn path=/nixos/branches/fix-style/; revision=14187 --- installer/cd-dvd/rescue-cd.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/installer/cd-dvd/rescue-cd.nix b/installer/cd-dvd/rescue-cd.nix index d069c4351f9..2b82df15fe3 100644 --- a/installer/cd-dvd/rescue-cd.nix +++ b/installer/cd-dvd/rescue-cd.nix @@ -190,6 +190,9 @@ rec { pkgs.gdb # for debugging Nix pkgs.testdisk # useful for repairing boot problems pkgs.mssys # for writing Microsoft boot sectors / MBRs + + pkgs.sshfsFuse + pkgs.screen ]; }; From e8294555216c86e74d7e251b12c9f5459a8bc6e6 Mon Sep 17 00:00:00 2001 From: Nicolas Pierron Date: Sun, 22 Feb 2009 16:08:59 +0000 Subject: [PATCH 33/91] added possibility make nixos-install not downlooad the manifest do so by export NIXOS_PULL=0 (same as in nixos-rebuild) svn path=/nixos/branches/fix-style/; revision=14188 --- installer/nixos-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/installer/nixos-install.sh b/installer/nixos-install.sh index 1288304cbe0..1784b4357f1 100644 --- a/installer/nixos-install.sh +++ b/installer/nixos-install.sh @@ -131,7 +131,7 @@ export NIX_OTHER_STORES=/mnt/nix:$NIX_OTHER_STORES # Do a nix-pull to speed up building. -if test -n "@nixpkgsURL@"; then +if test -n "@nixpkgsURL@" -a ${NIXOS_PULL:-1} != 0; then chroot $mountPoint @nix@/bin/nix-pull @nixpkgsURL@/MANIFEST || true fi From 51fee9bfbc45e97df1581032272bddbbc36cb5f4 Mon Sep 17 00:00:00 2001 From: Nicolas Pierron Date: Sun, 22 Feb 2009 16:09:03 +0000 Subject: [PATCH 34/91] * Include the SVN revision in the ISO name. svn path=/nixos/branches/fix-style/; revision=14189 --- release.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/release.nix b/release.nix index 4612e94ded9..d291e21b8dd 100644 --- a/release.nix +++ b/release.nix @@ -54,6 +54,7 @@ let platform = system; compressImage = true; nixpkgsPath = nixpkgs.path; + relName = "nixos-${builtins.readFile ./VERSION}${if !officialRelease then "pre${toString nixosSrc.rev}" else ""}"; }).rescueCD; in From fd08470a26a4eedaf5181fea8c6522d25b666804 Mon Sep 17 00:00:00 2001 From: Nicolas Pierron Date: Sun, 22 Feb 2009 16:09:07 +0000 Subject: [PATCH 35/91] * Quick hack to make sure that acpid starts before hal. svn path=/nixos/branches/fix-style/; revision=14190 --- upstart-jobs/hal.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/upstart-jobs/hal.nix b/upstart-jobs/hal.nix index 96982341080..e510120a04d 100644 --- a/upstart-jobs/hal.nix +++ b/upstart-jobs/hal.nix @@ -46,7 +46,7 @@ let # !!! TODO: make sure that HAL starts after acpid, # otherwise hald-addon-acpi will grab /proc/acpi/event. - start on dbus + start on ${if config.powerManagement.enable then "acpid" else "dbus"} stop on shutdown start script From 357ca60ed78854a6f9f550bb493e16a78bdb38ea Mon Sep 17 00:00:00 2001 From: Nicolas Pierron Date: Sun, 22 Feb 2009 16:09:14 +0000 Subject: [PATCH 36/91] * Set KDEDIRS, XDG_CONFIG_DIRS and XDG_DATA_DIRS in bashrc. This has the advantage that KDE applications work when logging in via ssh, and that you don't need to logout to have KDE upgrades take effect. On the downside, since the various KDE packages and shared-mime-info all have their own MIME databases, if we put them in one symlink tree (systemPath), we need to rerun update-mime-database on the symlink tree. Also, systemPath is getting very large. svn path=/nixos/branches/fix-style/; revision=14191 --- etc/bashrc.sh | 11 +++++++++-- system/options.nix | 2 +- system/system-options.nix | 10 ++++++++++ upstart-jobs/xserver/desktopManager/kde4.nix | 5 ++--- 4 files changed, 22 insertions(+), 6 deletions(-) diff --git a/etc/bashrc.sh b/etc/bashrc.sh index 4ec3b4ab415..20b78b21c63 100644 --- a/etc/bashrc.sh +++ b/etc/bashrc.sh @@ -15,7 +15,9 @@ export LANG=@defaultLocale@ export EDITOR=nano export INFOPATH=/var/run/current-system/sw/info:/var/run/current-system/sw/share/info export LOCATE_PATH=/var/cache/locatedb - +export KDEDIRS=/var/run/current-system/sw +export XDG_CONFIG_DIRS=/var/run/current-system/sw/etc/xdg +export XDG_DATA_DIRS=/var/run/current-system/sw/share # Set up secure multi-user builds: non-root users build through the # Nix daemon. @@ -41,7 +43,7 @@ for i in $NIX_PROFILES; do # !!! reverse export PKG_CONFIG_PATH="$i/lib/pkgconfig:$PKG_CONFIG_PATH" # Automake's `aclocal' bails out if it finds non-existent directories - # in its path. + # in its path. !!! We should fix aclocal instead. if [ -d "$i/share/aclocal" ] then export ACLOCAL_PATH="$i/share/aclocal:$ACLOCAL_PATH" @@ -50,6 +52,11 @@ for i in $NIX_PROFILES; do # !!! reverse # GStreamer. export GST_PLUGIN_PATH="$i/lib/gstreamer-0.10:$GST_PLUGIN_PATH" + + # KDE/Gnome stuff. + export KDEDIRS=$i:$KDEDIRS + export XDG_CONFIG_DIRS=$i/etc/xdg:$XDG_CONFIG_DIRS + export XDG_DATA_DIRS=$i/share:$XDG_DATA_DIRS done diff --git a/system/options.nix b/system/options.nix index babd4cfc162..34ae64a3c51 100644 --- a/system/options.nix +++ b/system/options.nix @@ -2127,7 +2127,7 @@ in environment = { pathsToLink = mkOption { - default = ["/bin" "/sbin" "/lib" "/share" "/man" "/info"]; + default = ["/bin" "/sbin" "/lib" "/share" "/man" "/info" "/etc"]; example = ["/"]; description = " Lists directories to be symlinked in `/var/run/current-system/sw'. diff --git a/system/system-options.nix b/system/system-options.nix index b1688cdda80..fdbd57a79f0 100644 --- a/system/system-options.nix +++ b/system/system-options.nix @@ -64,6 +64,16 @@ let inherit (config.environment) pathsToLink; ignoreCollisions = true; + + # TODO: move this to upstart-jobs/xserver/desktopManager/kde4.nix + postBuild = + if config.services.xserver.desktopManager.kde4.enable then + # Rebuild the MIME database. Otherwise KDE won't be able to + # find many MIME types. + '' + ${pkgs.shared_mime_info}/bin/update-mime-database $out/share/mime + '' + else ""; }; }; diff --git a/upstart-jobs/xserver/desktopManager/kde4.nix b/upstart-jobs/xserver/desktopManager/kde4.nix index 2694057720b..d7d91812a5d 100644 --- a/upstart-jobs/xserver/desktopManager/kde4.nix +++ b/upstart-jobs/xserver/desktopManager/kde4.nix @@ -29,9 +29,6 @@ mkIf cfg.enable { name = "kde4"; start = '' # Start KDE. - export KDEDIRS=$HOME/.nix-profile:/nix/var/nix/profiles/default:${pkgs.kde42.kdelibs}:${pkgs.kde42.kdebase}:${pkgs.kde42.kdebase_runtime}:${pkgs.kde42.kdebase_workspace} - export XDG_CONFIG_DIRS=${pkgs.kde42.kdelibs}/etc/xdg:${pkgs.kde42.kdebase_runtime}/etc/xdg:${pkgs.kde42.kdebase_workspace}/etc/xdg - export XDG_DATA_DIRS=${pkgs.kde42.kdelibs}/share:${pkgs.kde42.kdebase}/share:${pkgs.kde42.kdebase_runtime}/share:${pkgs.kde42.kdebase_workspace}/share:${pkgs.shared_mime_info}/share exec ${pkgs.kde42.kdebase_workspace}/bin/startkde ''; }]; @@ -54,6 +51,8 @@ mkIf cfg.enable { pkgs.kde42.kdebase pkgs.kde42.kdebase_runtime pkgs.kde42.kdebase_workspace + pkgs.kde42.kdegames + pkgs.shared_mime_info xorg.xset # used by startkde, non-essential ]; From a3b91410cda70949e609689a66b793575884d0d5 Mon Sep 17 00:00:00 2001 From: Nicolas Pierron Date: Sun, 22 Feb 2009 23:33:53 +0000 Subject: [PATCH 37/91] Fix kde4 configuration. svn path=/nixos/branches/fix-style/; revision=14198 --- upstart-jobs/xserver/desktopManager/kde4.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/upstart-jobs/xserver/desktopManager/kde4.nix b/upstart-jobs/xserver/desktopManager/kde4.nix index d7d91812a5d..d39356f05de 100644 --- a/upstart-jobs/xserver/desktopManager/kde4.nix +++ b/upstart-jobs/xserver/desktopManager/kde4.nix @@ -2,7 +2,7 @@ let inherit (pkgs.lib) mkOption mkIf; - cfg = config.services.xserver.desktopManager.kde; + cfg = config.services.xserver.desktopManager.kde4; xorg = config.services.xserver.package; options = { services = { xserver = { desktopManager = { From 1c66b3e0c0cbf04dd84986ab4251f7799f8f00fc Mon Sep 17 00:00:00 2001 From: Nicolas Pierron Date: Sun, 22 Feb 2009 23:33:58 +0000 Subject: [PATCH 38/91] Fix activation script's merge function. svn path=/nixos/branches/fix-style/; revision=14199 --- system/activate-configuration.nix | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/system/activate-configuration.nix b/system/activate-configuration.nix index 25510aa26bd..72a17d6dfd7 100644 --- a/system/activate-configuration.nix +++ b/system/activate-configuration.nix @@ -3,7 +3,8 @@ let inherit (pkgs.stringsWithDeps) textClosureOverridable noDepEntry; - inherit (pkgs.lib) mkOption mergeTypedOption mergeAttrs mapRecordFlatten mapAttrs; + inherit (pkgs.lib) mkOption mergeTypedOption mergeAttrs mapRecordFlatten + mapAttrs addErrorContext fold; textClosure = steps: textClosureOverridable steps ( @@ -44,8 +45,9 @@ in Activate the new configuration (i.e., update /etc, make accounts, and so on). ''; - merge = mergeTypedOption "script" builtins.isAttrs mergeAttrs; - apply = set: let lib = addAttributeName set; in { + merge = mergeTypedOption "script" builtins.isAttrs (fold mergeAttrs {}); + apply = set: + let lib = addAttributeName set; in { inherit lib; # used to fetch dependencies. script = aggregateScripts "activationScript" lib; }; From 22f49c3cd2a7387fa84499be02194a52df47b927 Mon Sep 17 00:00:00 2001 From: Nicolas Pierron Date: Sun, 22 Feb 2009 23:34:03 +0000 Subject: [PATCH 39/91] * Add a small script to ensure that all configurations in doc/config-examples can be evaluated. * Fix doc/config-examples/svn-server.nix to use the experimental apache configuration. svn path=/nixos/branches/fix-style/; revision=14200 --- doc/config-examples/svn-server.nix | 1 + test/test-config-examples.sh | 14 ++++++++++++++ 2 files changed, 15 insertions(+) create mode 100755 test/test-config-examples.sh diff --git a/doc/config-examples/svn-server.nix b/doc/config-examples/svn-server.nix index 7f2dafe16ad..a3c3b46cf24 100644 --- a/doc/config-examples/svn-server.nix +++ b/doc/config-examples/svn-server.nix @@ -17,6 +17,7 @@ httpd = { enable = true; + experimental = true; adminAddr = "admin@example.org"; subservices = { diff --git a/test/test-config-examples.sh b/test/test-config-examples.sh new file mode 100755 index 00000000000..1ba2f841c41 --- /dev/null +++ b/test/test-config-examples.sh @@ -0,0 +1,14 @@ +#!/bin/sh + +# This script try to evaluate all configurations which are stored in +# doc/config-examples. This script is useful to ensure that examples are +# working with the current system. + +pwd=$(pwd) +set -xe +for i in ../doc/config-examples/*.nix; do + NIXOS_CONFIG="$pwd/$i" nix-instantiate \ + --eval-only --xml --strict > /dev/null 2>&1 \ + ../default.nix -A system +done +set +xe From 8c5f0522e753669b0cec072574820057dcd51642 Mon Sep 17 00:00:00 2001 From: Marc Weber Date: Thu, 5 Mar 2009 17:11:40 +0000 Subject: [PATCH 40/91] removed new proposal jobs the fix-style branch makes them obsolete It was broken anyway. I'll readd synergy (client, server) jobs again later svn path=/nixos/branches/fix-style/; revision=14353 --- system/options.nix | 8 --- upstart-jobs/default.nix | 57 +---------------- upstart-jobs/new-proposal/synergyc.nix | 31 --------- upstart-jobs/new-proposal/synergys.nix | 69 -------------------- upstart-jobs/new-proposal/tightvnc.nix | 89 -------------------------- 5 files changed, 1 insertion(+), 253 deletions(-) delete mode 100644 upstart-jobs/new-proposal/synergyc.nix delete mode 100644 upstart-jobs/new-proposal/synergys.nix delete mode 100644 upstart-jobs/new-proposal/tightvnc.nix diff --git a/system/options.nix b/system/options.nix index 34ae64a3c51..af2801c83d0 100644 --- a/system/options.nix +++ b/system/options.nix @@ -380,14 +380,6 @@ in "; }; - servicesProposal = { - # see upstart-jobs/default.nix - # the option declarations can be found in the upstart-jobs/newProposal/*.nix files - # one way to include the declarations here is adding kind of glob "*.nix" - # file function to builtins to get all jobs - # then the checking in upstart-jobs/default.nix can be removed again (together with passing arg optionDeclarations) - }; - services = { diff --git a/upstart-jobs/default.nix b/upstart-jobs/default.nix index ea5d8fcdbe0..39bc6b3b849 100644 --- a/upstart-jobs/default.nix +++ b/upstart-jobs/default.nix @@ -71,63 +71,8 @@ let ++ config.boot.extraTTYs ++ [config.services.syslogd.tty]; - # looks for a job file foreach attr name found in services from config - # passes { thisConfig, config, pkgs } - # a job must return { options = {}; job =; } - # options is the same format as options.nix, but only contains documentation for this job - # TODO check validation - newProposalJobs = - ( - let - inherit (pkgs.lib) getAttr; - inherit (builtins) attrNames pathExists map; - services = getAttr [ "servicesProposal" ] {} config; - nameToJobs = name : ( - ( - let p = ./new-proposal + "/${name}.nix"; - p2 = ./new-proposal + "/${name}/default.nix"; - thisConfig = getAttr [ name ] {} services; - path = [name]; - args = confgiV : { - inherit config pkgs thisConfig path; - lib = pkgs.lib; - upstartHelpers = { # some useful functions - inherit configV; # the first time a error function is passed to get the option list - # the second time a function is passed getting the option for you automatically, - # either returning the default option or the user supplied value (the function apply is applied when given) - # maybe this is complicated, but easy to use (IMHO) - mkOption = pkgs.lib.mkOption; # the same function used in options.nix - autoGeneratedEtcFile = { name, commentChar ? "#", content } : - { source = pkgs.writeText name - ("${commentChar} nixos autogenerated etc file based on /etc/nixos/configuration.nix\n" + content); - target = name; - }; - }; - }; - jobFunc = if pathExists p - then import p - else if pathExists p2 then import p2 - else abort "service ${name} requested but there is no ${p}.nix or ${p}/default.nix file!"; - options = (jobFunc (args (abort "you can't use configV within options!"))).options; - errorWhere = name : "${name} of service ${builtins.toString path}"; - configV = name : if (__hasAttr name options ) then - let opt = (__getAttr name options ); # this config option description - in if (__hasAttr name thisConfig ) - then let v = (__getAttr name thisConfig); in if opt ? apply then opt.apply v else v - else if opt ? default then opt.default else abort "you need to specify the configuration option ${errorWhere name}" - else abort "unkown option ${errorWhere name}"; - checkConfig = config.environment.checkConfigurationOptions; - in # TODO: pass path to checker so it can show full path in the abort case - pkgs.checker ( (jobFunc (args configV)).jobs ) - checkConfig - options - thisConfig - - )); - in pkgs.lib.concatLists ( map nameToJobs (attrNames services))); - jobs = map makeJob - (newProposalJobs ++ [ + ([ # Syslogd. (import ../upstart-jobs/syslogd.nix { diff --git a/upstart-jobs/new-proposal/synergyc.nix b/upstart-jobs/new-proposal/synergyc.nix deleted file mode 100644 index 57da073cd75..00000000000 --- a/upstart-jobs/new-proposal/synergyc.nix +++ /dev/null @@ -1,31 +0,0 @@ -{ path, thisConfig, config, lib, pkgs, upstartHelpers } : with upstartHelpers; { - options = { - description = "synergy client lets you use a shared keyboard, mouse and clipboard"; - screenName = mkOption { - default = ""; - description = " - use screen-name instead the hostname to identify - ourselfs to the server. - "; - apply = x: "-n '${x}'"; - }; - address = mkOption { - default = ""; - description = "server address to connect to"; - }; - }; - jobs = [ ( rec { - name = "synergyc"; - - # TODO start only when X Server has started as well - job = " -description \"${name}\" - -start on network-interfaces/started -stop on network-interfaces/stop - -exec ${pkgs.synergy}/bin/synergyc -f ${configV "screenName"} ${configV "address"} - "; - -} ) ]; -} diff --git a/upstart-jobs/new-proposal/synergys.nix b/upstart-jobs/new-proposal/synergys.nix deleted file mode 100644 index 8c320a07d6f..00000000000 --- a/upstart-jobs/new-proposal/synergys.nix +++ /dev/null @@ -1,69 +0,0 @@ -{ path, thisConfig, config, lib, pkgs, upstartHelpers } : with upstartHelpers; { - options = { - description = "synergy client lets you use a shared keyboard, mouse and clipboard"; - - configuration = mkOption { - description = " - The synergy server configuration file - "; - }; - screenName = mkOption { - default = ""; - description = " - use screen-name instead the hostname to identify - this screen in the configuration. - "; - apply = x: "-n '${x}'"; - }; - address = mkOption { - default = ""; - description = "listen for clients on the given address"; - apply = x: "-a '${x}'"; - }; - }; - - jobs = - [ ( rec { - name = "synergys"; - - extraEtc = [ (autoGeneratedEtcFile { name = name + ".conf"; content = thisConfig.configuration; }) ]; - - # TODO start only when X Server has started as well - job = " -description \"${name}\" - -start on network-interfaces/started and xserver/started -stop on network-interfaces/stop or xserver/stop - -exec ${pkgs.synergy}/bin/synergys -c /etc/${name}.conf -f ${configV "address"} ${configV "screenName"} - "; - -} ) ]; -} - -/* Example configuration - -section: screens - laptop: - dm: - win: -end -section: aliases - laptop: - 192.168.5.5 - dm: - 192.168.5.78 - win: - 192.168.5.54 -end -section: links - laptop: - left = dm - dm: - right = laptop - left = win - win: - right = dm -end - -*/ diff --git a/upstart-jobs/new-proposal/tightvnc.nix b/upstart-jobs/new-proposal/tightvnc.nix deleted file mode 100644 index 054828a5230..00000000000 --- a/upstart-jobs/new-proposal/tightvnc.nix +++ /dev/null @@ -1,89 +0,0 @@ -{ path, thisConfig, config, lib, pkgs, upstartHelpers } : with upstartHelpers; rec { - options = { - description = "tightvnc vnc server (share virtual desktop over network"; - - geometry = mkOption { - default = "-geometry 800x600"; - example = "800x600"; - description = '' - size of virtual screen - ''; - apply = x : "-geometry '${x}'"; - }; - depth = mkOption { - default = "-depth 24"; - description = '' - use screen-name instead the hostname to identify - this screen in the configuration. - value must be something between 8 and 32 - ''; - apply = x: "-depth '${x}'"; - check = x: (__lessThan x 33) && (7 __lessThan x); # not yet used - }; - display = mkOption { - default = ":8"; - example = 8; - description = "display to use"; - apply = x: ":${builtins.toString x}"; - }; - authFile = mkOption { - default = "-auth /etc/tightvnc-pwd"; - description = '' - The file containing authentication passwords. - Can be created using vncpasswd - ''; - apply = x: "-auth '${x}'"; - check = __pathExists; - }; - httpPort = mkOption { - default = "-httpport 5900"; - example = 5901; - description = "http port to listen to (Java applet remote interface)"; - apply = x: "-httpport '${builtins.toString x}'"; - }; - desktopName = mkOption { - description = '' - Set VNC desktop name ("x11" by default) - ''; - apply = x: "-desktop '${x}'"; - }; - viewOnly = mkOption { - default = ""; - description = '' - Don't accept keboard and pointer events from clients. All clients will be able to see - the desktop but won't be able to control it. - ''; - apply = x: "-viewonly '${x}'"; - }; - interface = mkOption { - default = ""; - description = '' - Listen for client connections only on the network interface with given ipaddr - ''; - apply = x: "-interface '${x}'"; - }; - extras = mkOption { - default = ""; - description = '' - additional params, see man Xvnc - ''; - }; - }; - - jobs = if (lib.getAttr ["services" "xfs" "enable"] false config) != true - then abort "you need to enable xfs services = { xfs = { enable = true; }; } within your nixos/configuration.nix file" - else - [ ( rec { - name = "tightvnc"; - - job = " -description \"${name}\" - -start on network-interfaces/started and xserver/started -stop on network-interfaces/stop or xserver/stop - -exec ${pkgs.tightvnc}/bin/Xvnc -fp unix/:7100 ${lib.concatStringsSep " " (lib.mapIf (x : x != "description") configV (__attrNames options ) ) } - "; -} ) ]; -} -# From 1c43b4946b6c4fd121a5a1c650d81aabaa8340ef Mon Sep 17 00:00:00 2001 From: Marc Weber Date: Fri, 6 Mar 2009 12:25:25 +0000 Subject: [PATCH 41/91] Convert "acpid" svn path=/nixos/branches/fix-style/; revision=14358 --- system/options.nix | 14 ++--------- upstart-jobs/acpid.nix | 56 +++++++++++++++++++++++++++++------------- 2 files changed, 41 insertions(+), 29 deletions(-) diff --git a/system/options.nix b/system/options.nix index af2801c83d0..1b924accb5d 100644 --- a/system/options.nix +++ b/system/options.nix @@ -2180,18 +2180,6 @@ in }; - powerManagement = { - - enable = mkOption { - default = false; - description = " - Whether to enable power management. - "; - }; - - }; - - nesting = { children = mkOption { default = []; @@ -2222,6 +2210,8 @@ in (import ../system/activate-configuration.nix) (import ../upstart-jobs/default.nix) + (import ../upstart-jobs/acpid.nix) # ACPI daemon + # security (import ../system/sudo.nix) diff --git a/upstart-jobs/acpid.nix b/upstart-jobs/acpid.nix index e2eb702bcd4..5ab724b431c 100644 --- a/upstart-jobs/acpid.nix +++ b/upstart-jobs/acpid.nix @@ -1,5 +1,22 @@ {pkgs, config, ...}: +###### interface +let + inherit (pkgs.lib) mkOption mkIf; + + options = { + powerManagement = { + + enable = mkOption { + default = false; + description = "Whether to enable power management (ACPI daemon)"; + }; + }; + }; +in + +###### implementation + let acpiConfDir = pkgs.runCommand "acpi-events" {} @@ -17,9 +34,7 @@ let in pkgs.lib.concatMapStrings f events } ''; - - events = [powerEvent lidEvent acEvent]; - + # Called when the power button is pressed. powerEvent = { name = "power-button"; @@ -29,7 +44,7 @@ let #! ${pkgs.bash}/bin/sh ''; }; - + # Called when the laptop lid is opened/closed. lidEvent = { name = "lid"; @@ -47,7 +62,7 @@ let fi ''; }; - + # Called when the AC power is connected or disconnected. acEvent = { name = "ac-power"; @@ -64,20 +79,27 @@ let ''; }; + events = [powerEvent lidEvent acEvent]; + in -{ - name = "acpid"; - - extraPath = [pkgs.acpid]; - - job = '' - description "ACPI daemon" +mkIf config.powerManagement.enable { + require = [ + options + ]; - start on udev - stop on shutdown + services = { + extraJobs = [{ + name = "acpid"; - respawn ${pkgs.acpid}/sbin/acpid --foreground --confdir ${acpiConfDir} - ''; - + job = '' + description "ACPI daemon" + + start on udev + stop on shutdown + + respawn ${pkgs.acpid}/sbin/acpid --foreground --confdir ${acpiConfDir} + ''; + }]; + }; } From e344a2d055e01a2b98d03961b99a8c7c9efaf4bd Mon Sep 17 00:00:00 2001 From: Marc Weber Date: Fri, 6 Mar 2009 12:25:33 +0000 Subject: [PATCH 42/91] Convert "unix-odbc-drivers" svn path=/nixos/branches/fix-style/; revision=14359 --- etc/default.nix | 7 ------ system/options.nix | 9 +++----- system/unix-odbc-drivers.nix | 43 ++++++++++++++++++++++++++++++++++++ upstart-jobs/default.nix | 6 ----- 4 files changed, 46 insertions(+), 19 deletions(-) create mode 100644 system/unix-odbc-drivers.nix diff --git a/etc/default.nix b/etc/default.nix index fc07a39f9be..5e8406d6ffa 100644 --- a/etc/default.nix +++ b/etc/default.nix @@ -241,13 +241,6 @@ let target = "nix.machines"; } - # unixODBC drivers (this solution is not perfect.. Because the user has to - # ask the admin to add a driver.. but it's an easy solution which works) - ++ (let inis = config.environment.unixODBCDrivers pkgs; - in optional (inis != [] ) { - source = pkgs.writeText "odbcinst.ini" (pkgs.lib.concatStringsSep "\n" inis); - target = "odbcinst.ini"; - }) ; in diff --git a/system/options.nix b/system/options.nix index 1b924accb5d..9e30c505345 100644 --- a/system/options.nix +++ b/system/options.nix @@ -2171,12 +2171,6 @@ in "; }; - unixODBCDrivers = mkOption { - default = pkgs : []; - example = "pkgs : map (x : x.ini) (with pkgs.unixODBCDrivers; [ mysql psql psqlng ] )"; - description = "specifies unix odbc drivers to be registered at /etc/odbcinst.ini"; - }; - }; @@ -2212,6 +2206,9 @@ in (import ../upstart-jobs/acpid.nix) # ACPI daemon + (import ../system/unix-odbc-drivers.nix) + + # security (import ../system/sudo.nix) diff --git a/system/unix-odbc-drivers.nix b/system/unix-odbc-drivers.nix new file mode 100644 index 00000000000..7df87db8577 --- /dev/null +++ b/system/unix-odbc-drivers.nix @@ -0,0 +1,43 @@ +{pkgs, config, ...}: + +###### interface +let + inherit (pkgs.lib) mkOption mkIf; + + options = { + environment = { + unixODBCDrivers = mkOption { + default = []; + example = "map (x : x.ini) (with pkgs.unixODBCDrivers; [ mysql psql psqlng ] )"; + description = '' + specifies unix odbc drivers to be registered at /etc/odbcinst.ini. + Maybe you also want to add pkgs.unixODBC to the system path to get a + command line client t connnect to odbc databases. + ''; + }; + }; + }; +in + +###### implementation + + +# unixODBC drivers (this solution is not perfect.. Because the user has to +# ask the admin to add a driver.. but it's simple and works + +mkIf (config.environment.unixODBCDrivers != []) { + + require = [ + options + ]; + + environment = { + etc = [ + { source = + let inis = config.environment.unixODBCDrivers; + in pkgs.writeText "odbcinst.ini" (pkgs.lib.concatStringsSep "\n" inis); + target = "odbcinst.ini"; + } + ]; + }; +} diff --git a/upstart-jobs/default.nix b/upstart-jobs/default.nix index 39bc6b3b849..f96b9cb3084 100644 --- a/upstart-jobs/default.nix +++ b/upstart-jobs/default.nix @@ -305,12 +305,6 @@ let inherit (config.services.bitlbee) portNumber interface; }) - # ACPI daemon. - ++ optional config.powerManagement.enable - (import ../upstart-jobs/acpid.nix { - inherit config pkgs; - }) - # Postfix mail server. ++ optional config.services.postfix.enable (import ../upstart-jobs/postfix.nix { From a86ae923d7c660cba592c58cec38c32faa2f545b Mon Sep 17 00:00:00 2001 From: Marc Weber Date: Fri, 6 Mar 2009 12:25:35 +0000 Subject: [PATCH 43/91] Convert "nixos-environment" in particular: (override) nix, extraPackages, checkConfigurationOptions svn path=/nixos/branches/fix-style/; revision=14360 --- system/nixos-environment.nix | 67 ++++++++++++++++++++++++++++++++++++ system/options.nix | 60 ++------------------------------ 2 files changed, 69 insertions(+), 58 deletions(-) create mode 100644 system/nixos-environment.nix diff --git a/system/nixos-environment.nix b/system/nixos-environment.nix new file mode 100644 index 00000000000..a2e0ae46cdf --- /dev/null +++ b/system/nixos-environment.nix @@ -0,0 +1,67 @@ + +{pkgs, config, ...}: +let + inherit (pkgs.lib) mergeOneOption mkOption mkIf; +in +{ + require = [ + { + + environment = { + checkConfigurationOptions = mkOption { + default = true; + example = false; + description = " + If all configuration options must be checked. Non-existing options fail build. + "; + }; + + nix = mkOption { + default = pkgs.nixUnstable; + example = pkgs.nixCustomFun /root/nix.tar.gz; + merge = mergeOneOption; + description = " + Use non-default Nix easily. Be careful, though, not to break everything. + "; + }; + + extraPackages = mkOption { + default = []; + example = [pkgs.firefox pkgs.thunderbird]; + description = " + This option allows you to add additional packages to the system + path. These packages are automatically available to all users, + and they are automatically updated every time you rebuild the + system configuration. (The latter is the main difference with + installing them in the default profile, + /nix/var/nix/profiles/default. The value + of this option must be a function that returns a list of + packages. The function will be called with the Nix Packages + collection as its argument for convenience. + "; + }; + + + pathsToLink = mkOption { + default = ["/bin" "/sbin" "/lib" "/share" "/man" "/info" "/etc"]; + example = ["/"]; + description = " + Lists directories to be symlinked in `/var/run/current-system/sw'. + "; + }; + + cleanStart = mkOption { + default = false; + example = true; + description = " + There are some times when you want really small system for specific + purpose and do not want default package list. Setting + cleanStart to true allows you + to create a system with empty path - only extraPackages will be + included. + "; + }; + }; + } + ]; +} diff --git a/system/options.nix b/system/options.nix index 9e30c505345..c0e09721259 100644 --- a/system/options.nix +++ b/system/options.nix @@ -2116,64 +2116,6 @@ in }; - environment = { - - pathsToLink = mkOption { - default = ["/bin" "/sbin" "/lib" "/share" "/man" "/info" "/etc"]; - example = ["/"]; - description = " - Lists directories to be symlinked in `/var/run/current-system/sw'. - "; - }; - - cleanStart = mkOption { - default = false; - example = true; - description = " - There are some times when you want really small system for specific - purpose and do not want default package list. Setting - cleanStart to true allows you - to create a system with empty path - only extraPackages will be - included. - "; - }; - - extraPackages = mkOption { - default = []; - example = [pkgs.firefox pkgs.thunderbird]; - description = " - This option allows you to add additional packages to the system - path. These packages are automatically available to all users, - and they are automatically updated every time you rebuild the - system configuration. (The latter is the main difference with - installing them in the default profile, - /nix/var/nix/profiles/default. The value - of this option must be a function that returns a list of - packages. The function will be called with the Nix Packages - collection as its argument for convenience. - "; - }; - - nix = mkOption { - default = pkgs.nixUnstable; - example = pkgs.nixCustomFun /root/nix.tar.gz; - merge = mergeOneOption; - description = " - Use non-default Nix easily. Be careful, though, not to break everything. - "; - }; - - checkConfigurationOptions = mkOption { - default = true; - example = false; - description = " - If all configuration options must be checked. Non-existing options fail build. - "; - }; - - }; - - nesting = { children = mkOption { default = []; @@ -2215,6 +2157,8 @@ in # environment (import ../etc/default.nix) + (import ../system/nixos-environment.nix) + # users (import ../system/users-groups.nix) From bca405ae44113f95d44aeaf2eb77c0412f77feb9 Mon Sep 17 00:00:00 2001 From: Marc Weber Date: Fri, 6 Mar 2009 12:25:38 +0000 Subject: [PATCH 44/91] Convert "kbd" (i18n) svn path=/nixos/branches/fix-style/; revision=14361 --- system/i18n.nix | 47 +++++++++++++++ system/options.nix | 39 ++----------- upstart-jobs/default.nix | 14 +---- upstart-jobs/kbd.nix | 123 ++++++++++++++++++++++++--------------- 4 files changed, 131 insertions(+), 92 deletions(-) create mode 100644 system/i18n.nix diff --git a/system/i18n.nix b/system/i18n.nix new file mode 100644 index 00000000000..836fa2200a2 --- /dev/null +++ b/system/i18n.nix @@ -0,0 +1,47 @@ +{pkgs, config, ...}: + +###### interface +let + inherit (pkgs.lib) mkOption mkIf; + + options = { + i18n = { + defaultLocale = mkOption { + default = "en_US.UTF-8"; + example = "nl_NL.UTF-8"; + description = " + The default locale. It determines the language for program + messages, the format for dates and times, sort order, and so on. + It also determines the character set, such as UTF-8. + "; + }; + + consoleFont = mkOption { + default = "lat9w-16"; + example = "LatArCyrHeb-16"; + description = " + The font used for the virtual consoles. Leave empty to use + whatever the setfont program considers the + default font. + "; + }; + + consoleKeyMap = mkOption { + default = "us"; + example = "fr"; + description = " + The keyboard mapping table for the virtual consoles. + "; + }; + }; + }; +in + +###### implementation + +mkIf config.services.pulseaudio.enable { + require = [ + options + ]; + +} diff --git a/system/options.nix b/system/options.nix index c0e09721259..efa9372fcf4 100644 --- a/system/options.nix +++ b/system/options.nix @@ -2083,39 +2083,6 @@ in }; - i18n = { - - defaultLocale = mkOption { - default = "en_US.UTF-8"; - example = "nl_NL.UTF-8"; - description = " - The default locale. It determines the language for program - messages, the format for dates and times, sort order, and so on. - It also determines the character set, such as UTF-8. - "; - }; - - consoleFont = mkOption { - default = "lat9w-16"; - example = "LatArCyrHeb-16"; - description = " - The font used for the virtual consoles. Leave empty to use - whatever the setfont program considers the - default font. - "; - }; - - consoleKeyMap = mkOption { - default = "us"; - example = "fr"; - description = " - The keyboard mapping table for the virtual consoles. - "; - }; - - }; - - nesting = { children = mkOption { default = []; @@ -2154,6 +2121,9 @@ in # security (import ../system/sudo.nix) + # i18n + (import ../system/i18n.nix) + # environment (import ../etc/default.nix) @@ -2186,6 +2156,9 @@ in (import ../upstart-jobs/rogue.nix) (import ../upstart-jobs/guest-users.nix) (import ../upstart-jobs/pulseaudio.nix) + (import ../upstart-jobs/kbd.nix) + + # fonts (import ../system/fonts.nix) diff --git a/upstart-jobs/default.nix b/upstart-jobs/default.nix index f96b9cb3084..04e4a470b0d 100644 --- a/upstart-jobs/default.nix +++ b/upstart-jobs/default.nix @@ -66,10 +66,7 @@ let optional = cond: service: pkgs.lib.optional cond (makeJob service); - requiredTTYs = - config.services.mingetty.ttys - ++ config.boot.extraTTYs - ++ [config.services.syslogd.tty]; + requiredTTYs = config.requiredTTYs; jobs = map makeJob ([ @@ -138,15 +135,6 @@ let inherit nssModulesPath; }) - # Console font and keyboard maps. - (import ../upstart-jobs/kbd.nix { - inherit (pkgs) glibc kbd gzip; - ttyNumbers = requiredTTYs; - defaultLocale = config.i18n.defaultLocale; - consoleFont = config.i18n.consoleFont; - consoleKeyMap = config.i18n.consoleKeyMap; - }) - # Handles the maintenance/stalled event (single-user shell). (import ../upstart-jobs/maintenance-shell.nix { inherit (pkgs) bash; diff --git a/upstart-jobs/kbd.nix b/upstart-jobs/kbd.nix index 8be001b03d6..504b902bcb1 100644 --- a/upstart-jobs/kbd.nix +++ b/upstart-jobs/kbd.nix @@ -1,78 +1,109 @@ -{glibc, kbd, gzip, ttyNumbers, defaultLocale, consoleFont, consoleKeyMap}: +{pkgs, config, ...}: let + inherit (pkgs.lib) mkOption; + # think about where to put this chunk of code! + # required by other pieces as well + requiredTTYs = config.services.mingetty.ttys + ++ config.boot.extraTTYs + ++ [config.services.syslogd.tty]; + ttyNumbers = requiredTTYs; ttys = map (nr: "/dev/tty" + toString nr) ttyNumbers; + defaultLocale = config.i18n.defaultLocale; + consoleFont = config.i18n.consoleFont; + consoleKeyMap = config.i18n.consoleKeyMap; in +###### implementation + +# most options are defined in i18n.nix + { - name = "kbd"; - extraPath = [ - kbd + inherit requiredTTYs; # pass them to upstart-job/default.nix + + # dummy option so that requiredTTYs can be passed, see above (FIXME) + require = [ + { + requiredTTYs = mkOption { + default = []; + }; + } ]; - - job = " - description \"Keyboard / console initialisation\" - start on udev - - script - - export LANG=${defaultLocale} - export PATH=${gzip}/bin:$PATH # Needed by setfont - - set +e # continue in case of errors + services = { + extraJobs = [{ + name = "kbd"; + extraPath = [ + pkgs.kbd + ]; - # Enable or disable UTF-8 mode. This is based on - # unicode_{start,stop}. - echo 'Enabling or disabling Unicode mode...' + job = " + description \"Keyboard / console initialisation\" - charMap=$(${glibc}/bin/locale charmap) + start on udev - if test \"$charMap\" = UTF-8; then + script - for tty in ${toString ttys}; do + export LANG=${defaultLocale} + export PATH=${pkgs.gzip}/bin:$PATH # Needed by setfont - # Tell the console output driver that the bytes arriving are - # UTF-8 encoded multibyte sequences. - echo -n -e '\\033%G' > $tty + set +e # continue in case of errors - done + + # Enable or disable UTF-8 mode. This is based on + # unicode_{start,stop}. + echo 'Enabling or disabling Unicode mode...' - # Set the keyboard driver in UTF-8 mode. - ${kbd}/bin/kbd_mode -u + charMap=$(${pkgs.glibc}/bin/locale charmap) - else + if test \"$charMap\" = UTF-8; then - for tty in ${toString ttys}; do + for tty in ${toString ttys}; do - # Tell the console output driver that the bytes arriving are - # UTF-8 encoded multibyte sequences. - echo -n -e '\\033%@' > $tty + # Tell the console output driver that the bytes arriving are + # UTF-8 encoded multibyte sequences. + echo -n -e '\\033%G' > $tty - done + done - # Set the keyboard driver in ASCII (or any 8-bit character - # set) mode. - ${kbd}/bin/kbd_mode -a + # Set the keyboard driver in UTF-8 mode. + ${pkgs.kbd}/bin/kbd_mode -u - fi + else + + for tty in ${toString ttys}; do + + # Tell the console output driver that the bytes arriving are + # UTF-8 encoded multibyte sequences. + echo -n -e '\\033%@' > $tty + + done + + # Set the keyboard driver in ASCII (or any 8-bit character + # set) mode. + ${pkgs.kbd}/bin/kbd_mode -a + + fi - # Set the console font. - for tty in ${toString ttys}; do - ${kbd}/bin/setfont -C $tty ${consoleFont} - done + # Set the console font. + for tty in ${toString ttys}; do + ${pkgs.kbd}/bin/setfont -C $tty ${consoleFont} + done - # Set the keymap. - ${kbd}/bin/loadkeys '${consoleKeyMap}' + # Set the keymap. + ${pkgs.kbd}/bin/loadkeys '${consoleKeyMap}' - end script - "; - + end script + "; + + }]; + }; + } From b5a7c767c53fa0cb5cb036cf1c29d470990986f8 Mon Sep 17 00:00:00 2001 From: Marc Weber Date: Fri, 6 Mar 2009 12:25:44 +0000 Subject: [PATCH 45/91] Convert "ldap" (untested) svn path=/nixos/branches/fix-style/; revision=14362 --- etc/default.nix | 9 --- system/options.nix | 43 +------------- upstart-jobs/ldap/default.nix | 76 ++++++++++++++++++++++++ {etc => upstart-jobs/ldap}/ldap.conf.nix | 0 4 files changed, 79 insertions(+), 49 deletions(-) create mode 100644 upstart-jobs/ldap/default.nix rename {etc => upstart-jobs/ldap}/ldap.conf.nix (100%) diff --git a/etc/default.nix b/etc/default.nix index 5e8406d6ffa..ff5b477498f 100644 --- a/etc/default.nix +++ b/etc/default.nix @@ -187,15 +187,6 @@ let target = "ssmtp/ssmtp.conf"; } - # LDAP configuration. - ++ optional config.users.ldap.enable { - source = import ./ldap.conf.nix { - inherit (pkgs) writeText; - inherit config; - }; - target = "ldap.conf"; - } - # A bunch of PAM configuration files for various programs. ++ (map (program: diff --git a/system/options.nix b/system/options.nix index efa9372fcf4..d3caa8ea927 100644 --- a/system/options.nix +++ b/system/options.nix @@ -2043,46 +2043,6 @@ in }; - users = { - - ldap = { - - enable = mkOption { - default = false; - description = " - Whether to enable authentication against an LDAP server. - "; - }; - - server = mkOption { - example = "ldap://ldap.example.org/"; - description = " - The URL of the LDAP server. - "; - }; - - base = mkOption { - example = "dc=example,dc=org"; - description = " - The distinguished name of the search base. - "; - }; - - useTLS = mkOption { - default = false; - description = " - If enabled, use TLS (encryption) over an LDAP (port 389) - connection. The alternative is to specify an LDAPS server (port - 636) in or to forego - security. - "; - }; - - }; - - }; - - nesting = { children = mkOption { default = []; @@ -2158,6 +2118,9 @@ in (import ../upstart-jobs/pulseaudio.nix) (import ../upstart-jobs/kbd.nix) + #users + (import ../upstart-jobs/ldap) + # fonts diff --git a/upstart-jobs/ldap/default.nix b/upstart-jobs/ldap/default.nix new file mode 100644 index 00000000000..4c964cd79f2 --- /dev/null +++ b/upstart-jobs/ldap/default.nix @@ -0,0 +1,76 @@ +{pkgs, config, ...}: + +###### interface +let + inherit (pkgs.lib) mkOption mkIf; + + options = { + users = { + ldap = { + + enable = mkOption { + default = false; + description = " + Whether to enable authentication against an LDAP server. + "; + }; + + server = mkOption { + example = "ldap://ldap.example.org/"; + description = " + The URL of the LDAP server. + "; + }; + + base = mkOption { + example = "dc=example,dc=org"; + description = " + The distinguished name of the search base. + "; + }; + + useTLS = mkOption { + default = false; + description = " + If enabled, use TLS (encryption) over an LDAP (port 389) + connection. The alternative is to specify an LDAPS server (port + 636) in or to forego + security. + "; + }; + + }; + }; + }; +in + +###### implementation + +mkIf config.users.ldap.enable { + require = [ + options + ]; + + # LDAP configuration. + environment = { + etc = [ + + # Careful: OpenLDAP seems to be very picky about the indentation of + # this file. Directives HAVE to start in the first column! + { source = pkgs.writeText "ldap.conf" '' + uri ${config.users.ldap.server} + base ${config.users.ldap.base} + + ${ + if config.users.ldap.useTLS then '' + ssl start_tls + tls_checkpeer no + '' else "" + } + ''; + target = "ldap.conf"; + } + ]; + }; + +} diff --git a/etc/ldap.conf.nix b/upstart-jobs/ldap/ldap.conf.nix similarity index 100% rename from etc/ldap.conf.nix rename to upstart-jobs/ldap/ldap.conf.nix From f889d6215e29375275494f692dc2566c4bcb79fb Mon Sep 17 00:00:00 2001 From: Marc Weber Date: Fri, 6 Mar 2009 12:25:46 +0000 Subject: [PATCH 46/91] Convert "nixos security options" svn path=/nixos/branches/fix-style/; revision=14363 --- system/nixos-security.nix | 49 +++++++++++++++++++++++++++++++++++++++ system/options.nix | 41 +++----------------------------- 2 files changed, 52 insertions(+), 38 deletions(-) create mode 100644 system/nixos-security.nix diff --git a/system/nixos-security.nix b/system/nixos-security.nix new file mode 100644 index 00000000000..10d523ee339 --- /dev/null +++ b/system/nixos-security.nix @@ -0,0 +1,49 @@ +{pkgs, config, ...}: +let + inherit (pkgs.lib) mergeOneOption mkOption mkIf; +in +{ + require = [ + { + security = { + setuidPrograms = mkOption { + default = [ + "passwd" "su" "crontab" "ping" "ping6" + "fusermount" "wodim" "cdrdao" "growisofs" + ]; + description = " + Only the programs from system path listed her will be made setuid root + (through a wrapper program). It's better to set + . + "; + }; + + extraSetuidPrograms = mkOption { + default = []; + example = ["fusermount"]; + description = " + This option lists additional programs that must be made setuid + root. + "; + }; + + setuidOwners = mkOption { + default = []; + example = [{ + program = "sendmail"; + owner = "nodody"; + group = "postdrop"; + setuid = false; + setgid = true; + }]; + description = '' + List of non-trivial setuid programs from system path, like Postfix sendmail. Default + should probably be nobody:nogroup:false:false - if you are bothering + doing anything with a setuid program, "root.root u+s g-s" is not what + you are aiming at.. + ''; + }; + }; + } + ]; +} diff --git a/system/options.nix b/system/options.nix index d3caa8ea927..70555424fa5 100644 --- a/system/options.nix +++ b/system/options.nix @@ -1980,44 +1980,6 @@ in security = { - setuidPrograms = mkOption { - default = [ - "passwd" "su" "crontab" "ping" "ping6" - "fusermount" "wodim" "cdrdao" "growisofs" - ]; - description = " - Only the programs from system path listed her will be made setuid root - (through a wrapper program). It's better to set - . - "; - }; - - extraSetuidPrograms = mkOption { - default = []; - example = ["fusermount"]; - description = " - This option lists additional programs that must be made setuid - root. - "; - }; - - setuidOwners = mkOption { - default = []; - example = [{ - program = "sendmail"; - owner = "nodody"; - group = "postdrop"; - setuid = false; - setgid = true; - }]; - description = '' - List of non-trivial setuid programs from system path, like Postfix sendmail. Default - should probably be nobody:nogroup:false:false - if you are bothering - doing anything with a setuid program, "root.root u+s g-s" is not what - you are aiming at.. - ''; - }; - seccureKeys = { public = mkOption { default = /var/elliptic-keys/public; @@ -2098,6 +2060,9 @@ in # hardware (import ../upstart-jobs/pcmcia.nix) + # security + (import ../system/nixos-security.nix) + # services (import ../upstart-jobs/avahi-daemon.nix) (import ../upstart-jobs/atd.nix) From 028b515a6e7c591f5bd7d77669b81f0930ba48a1 Mon Sep 17 00:00:00 2001 From: Marc Weber Date: Fri, 6 Mar 2009 12:25:48 +0000 Subject: [PATCH 47/91] Convert "gw6c" and its security options (untested) svn path=/nixos/branches/fix-style/; revision=14364 --- system/options.nix | 94 +---------------------------- upstart-jobs/default.nix | 6 -- upstart-jobs/gw6c.nix | 126 ++++++++++++++++++++++++++++++++++++--- 3 files changed, 119 insertions(+), 107 deletions(-) diff --git a/system/options.nix b/system/options.nix index 70555424fa5..3a24c8dd7fc 100644 --- a/system/options.nix +++ b/system/options.nix @@ -1299,72 +1299,6 @@ in }; - gw6c = { - - enable = mkOption { - default = false; - description = " - Whether to enable Gateway6 client (IPv6 tunnel). - "; - }; - - autorun = mkOption { - default = true; - description = " - Switch to false to create upstart-job and configuration, - but not run it automatically - "; - }; - - username = mkOption { - default = ""; - description = " - Your Gateway6 login name, if any. - "; - }; - - password = mkOption { - default = ""; - description = " - Your Gateway6 password, if any. - "; - }; - - server = mkOption { - default = "anon.freenet6.net"; - example = "broker.freenet6.net"; - description = " - Used Gateway6 server. - "; - }; - - keepAlive = mkOption { - default = "30"; - example = "2"; - description = " - Gateway6 keep-alive period. - "; - }; - - everPing = mkOption { - default = "1000000"; - example = "2"; - description = " - Gateway6 manual ping period. - "; - }; - - waitPingableBroker = mkOption { - default = true; - example = false; - description = " - Whether to wait until tunnel broker returns ICMP echo. - "; - }; - - }; - - ircdHybrid = { enable = mkOption { @@ -1978,32 +1912,6 @@ in }; - security = { - - seccureKeys = { - public = mkOption { - default = /var/elliptic-keys/public; - description = " - Public key. Make it path argument, so it is copied into store and - hashed. - - The key is used to encrypt Gateway 6 configuration in store, as it - contains a password for external service. Unfortunately, - derivation file should be protected by other means. For example, - nix-http-export.cgi will happily export any non-derivation path, - but not a derivation. - "; - }; - private = mkOption { - default = "/var/elliptic-keys/private"; - description = " - Private key. Make it string argument, so it is not copied into store. - "; - }; - }; - - }; - nesting = { children = mkOption { @@ -2082,6 +1990,8 @@ in (import ../upstart-jobs/guest-users.nix) (import ../upstart-jobs/pulseaudio.nix) (import ../upstart-jobs/kbd.nix) + (import ../upstart-jobs/gw6c.nix) # Gateway6 + #users (import ../upstart-jobs/ldap) diff --git a/upstart-jobs/default.nix b/upstart-jobs/default.nix index 04e4a470b0d..6d3864f1a6f 100644 --- a/upstart-jobs/default.nix +++ b/upstart-jobs/default.nix @@ -262,12 +262,6 @@ let inherit config pkgs modprobe; }) - # Gateway6 - ++ optional config.services.gw6c.enable - (import ../upstart-jobs/gw6c.nix { - inherit config pkgs; - }) - # VSFTPd server ++ optional config.services.vsftpd.enable (import ../upstart-jobs/vsftpd.nix { diff --git a/upstart-jobs/gw6c.nix b/upstart-jobs/gw6c.nix index f3332f9e8f3..21596c22dfa 100644 --- a/upstart-jobs/gw6c.nix +++ b/upstart-jobs/gw6c.nix @@ -1,8 +1,106 @@ -{config, pkgs}: +{pkgs, config, ...}: + +###### interface +let + inherit (pkgs.lib) mkOption mkIf; + + options = { + services = { + gw6c = { + enable = mkOption { + default = false; + description = " + Whether to enable Gateway6 client (IPv6 tunnel). + "; + }; + + autorun = mkOption { + default = true; + description = " + Switch to false to create upstart-job and configuration, + but not run it automatically + "; + }; + + username = mkOption { + default = ""; + description = " + Your Gateway6 login name, if any. + "; + }; + + password = mkOption { + default = ""; + description = " + Your Gateway6 password, if any. + "; + }; + + server = mkOption { + default = "anon.freenet6.net"; + example = "broker.freenet6.net"; + description = " + Used Gateway6 server. + "; + }; + + keepAlive = mkOption { + default = "30"; + example = "2"; + description = " + Gateway6 keep-alive period. + "; + }; + + everPing = mkOption { + default = "1000000"; + example = "2"; + description = " + Gateway6 manual ping period. + "; + }; + + waitPingableBroker = mkOption { + default = true; + example = false; + description = " + Whether to wait until tunnel broker returns ICMP echo. + "; + }; + }; + }; + security = { + seccureKeys = { + public = mkOption { + default = /var/elliptic-keys/public; + description = " + Public key. Make it path argument, so it is copied into store and + hashed. + + The key is used to encrypt Gateway 6 configuration in store, as it + contains a password for external service. Unfortunately, + derivation file should be protected by other means. For example, + nix-http-export.cgi will happily export any non-derivation path, + but not a derivation. + "; + }; + private = mkOption { + default = "/var/elliptic-keys/private"; + description = " + Private key. Make it string argument, so it is not copied into store. + "; + }; + }; + }; + }; +in + +###### implementation + let cfg = config.services.gw6c; procps = pkgs.procps; - gw6cService = import ../services/gw6c { + gw6cService = import ../../services/gw6c { inherit (pkgs) stdenv gw6c coreutils procps upstart iputils gnused gnugrep seccureUser writeScript; @@ -17,16 +115,26 @@ let waitPingableBroker = cfg.waitPingableBroker; }; in -{ + + +mkIf config.services.gw6c.enable { + require = [ + options + ]; + + services = { + extraJobs = [{ name = "gw6c"; users = []; groups = []; - job = " -description \"Gateway6 client\" + job = '' + description \"Gateway6 client\" -start on ${ if cfg.autorun then "network-interfaces/started" else "never" } -stop on network-interfaces/stop + start on ${ if cfg.autorun then "network-interfaces/started" else "never" } + stop on network-interfaces/stop -respawn ${gw6cService}/bin/control start -"; + respawn ${gw6cService}/bin/control start + ''; + }]; + }; } From 819873d74566c556d94fd88c85d15ac309162b84 Mon Sep 17 00:00:00 2001 From: Marc Weber Date: Fri, 6 Mar 2009 12:25:51 +0000 Subject: [PATCH 48/91] Convert "nix-daemon" and nix options svn path=/nixos/branches/fix-style/; revision=14365 --- etc/default.nix | 26 ----- system/options.nix | 136 +---------------------- upstart-jobs/default.nix | 5 - upstart-jobs/nix.nix | 227 +++++++++++++++++++++++++++++++++++++++ 4 files changed, 229 insertions(+), 165 deletions(-) create mode 100644 upstart-jobs/nix.nix diff --git a/etc/default.nix b/etc/default.nix index ff5b477498f..8579b334e67 100644 --- a/etc/default.nix +++ b/etc/default.nix @@ -129,32 +129,6 @@ let target = "inputrc"; } - { # Nix configuration. - source = - let - # Tricky: if we're using a chroot for builds, then we need - # /bin/sh in the chroot (our own compromise to purity). - # However, since /bin/sh is a symlink to some path in the - # Nix store, which furthermore has runtime dependencies on - # other paths in the store, we need the closure of /bin/sh - # in `build-chroot-dirs' - otherwise any builder that uses - # /bin/sh won't work. - refs = pkgs.writeReferencesToFile binsh; - in - pkgs.runCommand "nix.conf" {} '' - binshDeps=$(for i in $(cat ${refs}); do if test -d $i; then echo $i; fi; done) - cat > $out <), the maximum number of jobs - to be run in parallel on that machine - (maxJobs), and the path to the SSH private - key to be used to connect (sshKey). The - SSH private key should not have a passphrase, and the - corresponding public key should be added to - ~sshUser/authorized_keys - on the remote machine. - "; - }; - - proxy = mkOption { - default = ""; - description = " - This option specifies the proxy to use for fetchurl. The real effect - is just exporting http_proxy, https_proxy and ftp_proxy with that - value. - "; - example = "http://127.0.0.1:3128"; - }; - - # Environment variables for running Nix. - envVars = mkOption { - internal = true; - default = ""; - description = " - Define the environment variables used by nix to - "; - - merge = pkgs.lib.mergeStringOption; - - # other option should be used to define the content instead of using - # the apply function. - apply = conf: '' - export NIX_CONF_DIR=/nix/etc/nix - - # Enable the copy-from-other-stores substituter, which allows builds - # to be sped up by copying build results from remote Nix stores. To - # do this, mount the remote file system on a subdirectory of - # /var/run/nix/remote-stores. - export NIX_OTHER_STORES=/var/run/nix/remote-stores/*/nix - - '' + # */ - (if config.nix.distributedBuilds then - '' - export NIX_BUILD_HOOK=${config.environment.nix}/libexec/nix/build-remote.pl - export NIX_REMOTE_SYSTEMS=/etc/nix.machines - export NIX_CURRENT_LOAD=/var/run/nix/current-load - '' - else "") - + - (if config.nix.proxy != "" then - '' - export http_proxy=${config.nix.proxy} - export https_proxy=${config.nix.proxy} - export ftp_proxy=${config.nix.proxy} - '' - else "") - + conf; - }; - }; - - - nesting = { children = mkOption { default = []; @@ -1992,6 +1858,8 @@ in (import ../upstart-jobs/kbd.nix) (import ../upstart-jobs/gw6c.nix) # Gateway6 + (import ../upstart-jobs/nix.nix) # nix options and daemon + #users (import ../upstart-jobs/ldap) diff --git a/upstart-jobs/default.nix b/upstart-jobs/default.nix index 6d3864f1a6f..7edff43c08c 100644 --- a/upstart-jobs/default.nix +++ b/upstart-jobs/default.nix @@ -124,11 +124,6 @@ let inherit (pkgs) nettools wirelesstools bash writeText; }) - # Nix daemon - required for multi-user Nix. - (import ../upstart-jobs/nix-daemon.nix { - inherit config pkgs nix nixEnvVars; - }) - # Name service cache daemon. (import ../upstart-jobs/nscd.nix { inherit (pkgs) glibc; diff --git a/upstart-jobs/nix.nix b/upstart-jobs/nix.nix new file mode 100644 index 00000000000..c46b721a2a0 --- /dev/null +++ b/upstart-jobs/nix.nix @@ -0,0 +1,227 @@ +{pkgs, config, ...}: + +###### interface +let + inherit (pkgs.lib) mkOption mkIf; + + options = { + + nix = { + + maxJobs = mkOption { + default = 1; + example = 2; + description = " + This option defines the maximum number of jobs that Nix will try + to build in parallel. The default is 1. You should generally + set it to the number of CPUs in your system (e.g., 2 on a Athlon + 64 X2). + "; + }; + + useChroot = mkOption { + default = false; + example = true; + description = " + If set, Nix will perform builds in a chroot-environment that it + will set up automatically for each build. This prevents + impurities in builds by disallowing access to dependencies + outside of the Nix store. + "; + }; + + extraOptions = mkOption { + default = ""; + example = " + gc-keep-outputs = true + gc-keep-derivations = true + "; + description = " + This option allows to append lines to nix.conf. + "; + }; + + distributedBuilds = mkOption { + default = false; + description = " + Whether to distribute builds to the machines listed in + . + "; + }; + + buildMachines = mkOption { + example = [ + { hostName = "voila.labs.cs.uu.nl"; + sshUser = "nix"; + sshKey = "/root/.ssh/id_buildfarm"; + system = "powerpc-darwin"; + maxJobs = 1; + } + { hostName = "linux64.example.org"; + sshUser = "buildfarm"; + sshKey = "/root/.ssh/id_buildfarm"; + system = "x86_64-linux"; + maxJobs = 2; + } + ]; + description = " + This option lists the machines to be used if distributed + builds are enabled (see + ). Nix will perform + derivations on those machines via SSh by copying the inputs to + the Nix store on the remote machine, starting the build, then + copying the output back to the local Nix store. Each element + of the list should be an attribute set containing the + machine's host name (hostname), the user + name to be used for the SSH connection + (sshUser), the Nix system type + (system, e.g., + \"i686-linux\"), the maximum number of jobs + to be run in parallel on that machine + (maxJobs), and the path to the SSH private + key to be used to connect (sshKey). The + SSH private key should not have a passphrase, and the + corresponding public key should be added to + ~sshUser/authorized_keys + on the remote machine. + "; + }; + + proxy = mkOption { + default = ""; + description = " + This option specifies the proxy to use for fetchurl. The real effect + is just exporting http_proxy, https_proxy and ftp_proxy with that + value. + "; + example = "http://127.0.0.1:3128"; + }; + + # Environment variables for running Nix. + envVars = mkOption { + internal = true; + default = ""; + description = " + Define the environment variables used by nix to + "; + + merge = pkgs.lib.mergeStringOption; + + # other option should be used to define the content instead of using + # the apply function. + apply = conf: '' + export NIX_CONF_DIR=/nix/etc/nix + + # Enable the copy-from-other-stores substituter, which allows builds + # to be sped up by copying build results from remote Nix stores. To + # do this, mount the remote file system on a subdirectory of + # /var/run/nix/remote-stores. + export NIX_OTHER_STORES=/var/run/nix/remote-stores/*/nix + + '' + # */ + (if config.nix.distributedBuilds then + '' + export NIX_BUILD_HOOK=${config.environment.nix}/libexec/nix/build-remote.pl + export NIX_REMOTE_SYSTEMS=/etc/nix.machines + export NIX_CURRENT_LOAD=/var/run/nix/current-load + '' + else "") + + + (if config.nix.proxy != "" then + '' + export http_proxy=${config.nix.proxy} + export https_proxy=${config.nix.proxy} + export ftp_proxy=${config.nix.proxy} + '' + else "") + + conf; + }; + + + services = { + pulseaudio = { + enable = mkOption { + default = false; + description = '' + Whether to enable the PulseAudio system-wide audio server. + Note that the documentation recommends running PulseAudio + daemons per-user rather than system-wide on desktop machines. + ''; + }; + + logLevel = mkOption { + default = "notice"; + example = "debug"; + description = '' + A string denoting the log level: one of + error, warn, + notice, info, + or debug. + ''; + }; + }; + }; + }; + }; +in + +###### implementation + +let + binsh = config.system.build.binsh; + nixEnvVars = config.nix.envVars; + inherit (pkgs) nix; +in + +{ + require = [ + options + ]; + + environment = { + etc = [ + { # Nix configuration. + source = + let + # Tricky: if we're using a chroot for builds, then we need + # /bin/sh in the chroot (our own compromise to purity). + # However, since /bin/sh is a symlink to some path in the + # Nix store, which furthermore has runtime dependencies on + # other paths in the store, we need the closure of /bin/sh + # in `build-chroot-dirs' - otherwise any builder that uses + # /bin/sh won't work. + refs = pkgs.writeReferencesToFile binsh; + in + pkgs.runCommand "nix.conf" {} '' + binshDeps=$(for i in $(cat ${refs}); do if test -d $i; then echo $i; fi; done) + cat > $out < /dev/null 2>&1 + end script + ''; + }]; + }; +} From 8a8d387b2215f95c6543f1ee150c0f35d4e3294a Mon Sep 17 00:00:00 2001 From: Marc Weber Date: Fri, 6 Mar 2009 12:25:53 +0000 Subject: [PATCH 49/91] Convert "installer" svn path=/nixos/branches/fix-style/; revision=14366 --- system/nixos-installer.nix | 98 ++++++++++++++++++++++++++++++++++++++ system/options.nix | 83 +------------------------------- 2 files changed, 99 insertions(+), 82 deletions(-) create mode 100644 system/nixos-installer.nix diff --git a/system/nixos-installer.nix b/system/nixos-installer.nix new file mode 100644 index 00000000000..285b3043c30 --- /dev/null +++ b/system/nixos-installer.nix @@ -0,0 +1,98 @@ +{pkgs, config, ...}: + +###### interface +let + inherit (pkgs.lib) mkOption mkIf; + + options = { + installer = { + nixpkgsURL = mkOption { + default = ""; + example = http://nixos.org/releases/nix/nixpkgs-0.11pre7577; + description = " + URL of the Nixpkgs distribution to use when building the + installation CD. + "; + }; + + repos = { + nixos = mkOption { + default = [ { type = "svn"; } ]; + example = [ { type = "svn"; url = "https://svn.nixos.org/repos/nix/nixos/branches/stdenv-updates"; target = "/etc/nixos/nixos-stdenv-updates"; } + { type = "git"; initialize = ''git clone git://mawercer.de/nixos $target''; update = "git pull origin"; target = "/etc/nixos/nixos-git"; } + ]; + description = '' + The NixOS repository from which the system will be built. + nixos-checkout will update all working + copies of the given repositories, + nixos-rebuild will use the first item + which has the attribute default = true + falling back to the first item. The type defines the + repository tool added to the path. It also defines a "valid" + repository. If the target directory already exists and it's + not valid it will be moved to the backup location + dir-date. + For svn the default target and repositories are + /etc/nixos/nixos and + https://svn.nixos.org/repos/nix/nixos/trunk. + For git repositories update is called after initialization + when the repo is initialized. The initialize code is run + from working directory dirname + target and should create the + directory + dir. (git + clone url nixos/nixpkgs/services should do) For + the executables used see . + ''; + }; + + nixpkgs = mkOption { + default = [ { type = "svn"; } ]; + description = "same as "; + }; + + services = mkOption { + default = [ { type = "svn"; } ]; + description = "same as "; + }; + }; + + repoTypes = mkOption { + default = { + svn = { valid = "[ -d .svn ]"; env = [ pkgs.coreutils pkgs.subversion ]; }; + git = { valid = "[ -d .git ]"; env = [ pkgs.coreutils pkgs.git pkgs.gnused /* FIXME: use full path to sed in nix-pull */ ]; }; + }; + description = '' + Defines, for each supported version control system + (e.g. git), the dependencies for the + mechanism, as well as a test used to determine whether a + directory is a checkout created by that version control + system. + ''; + }; + + manifests = mkOption { + default = [http://nixos.org/releases/nixpkgs/channels/nixpkgs-unstable/MANIFEST]; + example = + [ http://nixos.org/releases/nixpkgs/channels/nixpkgs-unstable/MANIFEST + http://nixos.org/releases/nixpkgs/channels/nixpkgs-stable/MANIFEST + ]; + description = " + URLs of manifests to be downloaded when you run + nixos-rebuild to speed up builds. + "; + }; + }; + }; + + +in + +###### implementation + +mkIf config.services.pulseaudio.enable { + require = [ + options + ]; + +} diff --git a/system/options.nix b/system/options.nix index df484d47451..4cff3ac9296 100644 --- a/system/options.nix +++ b/system/options.nix @@ -1697,88 +1697,6 @@ in }; - installer = { - - nixpkgsURL = mkOption { - default = ""; - example = http://nixos.org/releases/nix/nixpkgs-0.11pre7577; - description = " - URL of the Nixpkgs distribution to use when building the - installation CD. - "; - }; - - repos = { - nixos = mkOption { - default = [ { type = "svn"; } ]; - example = [ { type = "svn"; url = "https://svn.nixos.org/repos/nix/nixos/branches/stdenv-updates"; target = "/etc/nixos/nixos-stdenv-updates"; } - { type = "git"; initialize = ''git clone git://mawercer.de/nixos $target''; update = "git pull origin"; target = "/etc/nixos/nixos-git"; } - ]; - description = '' - The NixOS repository from which the system will be built. - nixos-checkout will update all working - copies of the given repositories, - nixos-rebuild will use the first item - which has the attribute default = true - falling back to the first item. The type defines the - repository tool added to the path. It also defines a "valid" - repository. If the target directory already exists and it's - not valid it will be moved to the backup location - dir-date. - For svn the default target and repositories are - /etc/nixos/nixos and - https://svn.nixos.org/repos/nix/nixos/trunk. - For git repositories update is called after initialization - when the repo is initialized. The initialize code is run - from working directory dirname - target and should create the - directory - dir. (git - clone url nixos/nixpkgs/services should do) For - the executables used see . - ''; - }; - - nixpkgs = mkOption { - default = [ { type = "svn"; } ]; - description = "same as "; - }; - - services = mkOption { - default = [ { type = "svn"; } ]; - description = "same as "; - }; - }; - - repoTypes = mkOption { - default = { - svn = { valid = "[ -d .svn ]"; env = [ pkgs.coreutils pkgs.subversion ]; }; - git = { valid = "[ -d .git ]"; env = [ pkgs.coreutils pkgs.git pkgs.gnused /* FIXME: use full path to sed in nix-pull */ ]; }; - }; - description = '' - Defines, for each supported version control system - (e.g. git), the dependencies for the - mechanism, as well as a test used to determine whether a - directory is a checkout created by that version control - system. - ''; - }; - - manifests = mkOption { - default = [http://nixos.org/releases/nixpkgs/channels/nixpkgs-unstable/MANIFEST]; - example = - [ http://nixos.org/releases/nixpkgs/channels/nixpkgs-unstable/MANIFEST - http://nixos.org/releases/nixpkgs/channels/nixpkgs-stable/MANIFEST - ]; - description = " - URLs of manifests to be downloaded when you run - nixos-rebuild to speed up builds. - "; - }; - - }; - - nesting = { children = mkOption { default = []; @@ -1859,6 +1777,7 @@ in (import ../upstart-jobs/gw6c.nix) # Gateway6 (import ../upstart-jobs/nix.nix) # nix options and daemon + (import ../system/nixos-installer.nix) #users From 29cca0f34cc7b74d7eea36a8e4e15e816b1caa3b Mon Sep 17 00:00:00 2001 From: Marc Weber Date: Fri, 6 Mar 2009 12:25:57 +0000 Subject: [PATCH 50/91] Convert "syslogd" svn path=/nixos/branches/fix-style/; revision=14367 --- system/options.nix | 14 +--------- upstart-jobs/default.nix | 6 ----- upstart-jobs/syslogd.nix | 58 +++++++++++++++++++++++++++++++--------- 3 files changed, 46 insertions(+), 32 deletions(-) diff --git a/system/options.nix b/system/options.nix index 4cff3ac9296..9d54bc9d838 100644 --- a/system/options.nix +++ b/system/options.nix @@ -383,19 +383,6 @@ in services = { - syslogd = { - - tty = mkOption { - default = 10; - description = " - The tty device on which syslogd will print important log - messages. - "; - }; - - }; - - ttyBackgrounds = { enable = mkOption { @@ -1775,6 +1762,7 @@ in (import ../upstart-jobs/pulseaudio.nix) (import ../upstart-jobs/kbd.nix) (import ../upstart-jobs/gw6c.nix) # Gateway6 + (import ../upstart-jobs/syslogd.nix) (import ../upstart-jobs/nix.nix) # nix options and daemon (import ../system/nixos-installer.nix) diff --git a/upstart-jobs/default.nix b/upstart-jobs/default.nix index 7edff43c08c..6dad24c35b3 100644 --- a/upstart-jobs/default.nix +++ b/upstart-jobs/default.nix @@ -71,12 +71,6 @@ let jobs = map makeJob ([ - # Syslogd. - (import ../upstart-jobs/syslogd.nix { - inherit (pkgs) sysklogd writeText; - inherit config; - }) - # Klogd. (import ../upstart-jobs/klogd.nix { inherit (pkgs) sysklogd writeText; diff --git a/upstart-jobs/syslogd.nix b/upstart-jobs/syslogd.nix index c255eb0d9a8..bc293936982 100644 --- a/upstart-jobs/syslogd.nix +++ b/upstart-jobs/syslogd.nix @@ -1,8 +1,32 @@ -{sysklogd, writeText, config}: +{pkgs, config, ...}: + +###### interface +let + inherit (pkgs.lib) mkOption mkIf; + + options = { + services = { + + syslogd = { + + tty = mkOption { + default = 10; + description = " + The tty device on which syslogd will print important log + messages. + "; + }; + + }; + }; + }; +in + +###### implementation let - syslogConf = writeText "syslog.conf" '' + syslogConf = pkgs.writeText "syslog.conf" '' kern.warning;*.err;authpriv.none /dev/tty10 # Send emergency messages to all users. @@ -22,16 +46,24 @@ let in { - name = "syslogd"; - - job = '' - description "Syslog daemon" - - start on udev - stop on shutdown + require = [ + options + ]; - env TZ=${config.time.timeZone} - - respawn ${sysklogd}/sbin/syslogd -n -f ${syslogConf} - ''; + services = { + extraJobs = [{ + name = "syslogd"; + + job = '' + description "Syslog daemon" + + start on udev + stop on shutdown + + env TZ=${config.time.timeZone} + + respawn ${pkgs.sysklogd}/sbin/syslogd -n -f ${syslogConf} + ''; + }]; + }; } From e52ada51a4afff435ab69d932aaaf0dcc8b5fe02 Mon Sep 17 00:00:00 2001 From: Marc Weber Date: Fri, 6 Mar 2009 12:26:01 +0000 Subject: [PATCH 51/91] commment svn path=/nixos/branches/fix-style/; revision=14368 --- system/options.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/system/options.nix b/system/options.nix index 9d54bc9d838..60c5dd6c3ff 100644 --- a/system/options.nix +++ b/system/options.nix @@ -1764,6 +1764,7 @@ in (import ../upstart-jobs/gw6c.nix) # Gateway6 (import ../upstart-jobs/syslogd.nix) + # nix (import ../upstart-jobs/nix.nix) # nix options and daemon (import ../system/nixos-installer.nix) From 4768fd6488cf87f52114299fdddc90321772c42b Mon Sep 17 00:00:00 2001 From: Marc Weber Date: Fri, 6 Mar 2009 12:26:05 +0000 Subject: [PATCH 52/91] Convert "dhcpd" daemon svn path=/nixos/branches/fix-style/; revision=14369 --- system/options.nix | 66 +--------------------- upstart-jobs/default.nix | 6 -- upstart-jobs/dhcpd.nix | 117 +++++++++++++++++++++++++++++++++------ 3 files changed, 101 insertions(+), 88 deletions(-) diff --git a/system/options.nix b/system/options.nix index 60c5dd6c3ff..97b53917f24 100644 --- a/system/options.nix +++ b/system/options.nix @@ -480,71 +480,6 @@ in }; - dhcpd = { - - enable = mkOption { - default = false; - description = " - Whether to enable the DHCP server. - "; - }; - - extraConfig = mkOption { - default = ""; - example = " - option subnet-mask 255.255.255.0; - option broadcast-address 192.168.1.255; - option routers 192.168.1.5; - option domain-name-servers 130.161.158.4, 130.161.33.17, 130.161.180.1; - option domain-name \"example.org\"; - subnet 192.168.1.0 netmask 255.255.255.0 { - range 192.168.1.100 192.168.1.200; - } - "; - description = " - Extra text to be appended to the DHCP server configuration - file. Currently, you almost certainly need to specify - something here, such as the options specifying the subnet - mask, DNS servers, etc. - "; - }; - - configFile = mkOption { - default = null; - description = " - The path of the DHCP server configuration file. If no file - is specified, a file is generated using the other options. - "; - }; - - interfaces = mkOption { - default = ["eth0"]; - description = " - The interfaces on which the DHCP server should listen. - "; - }; - - machines = mkOption { - default = []; - example = [ - { hostName = "foo"; - ethernetAddress = "00:16:76:9a:32:1d"; - ipAddress = "192.168.1.10"; - } - { hostName = "bar"; - ethernetAddress = "00:19:d1:1d:c4:9a"; - ipAddress = "192.168.1.11"; - } - ]; - description = " - A list mapping ethernet addresses to IP addresses for the - DHCP server. - "; - }; - - }; - - sshd = { enable = mkOption { @@ -1763,6 +1698,7 @@ in (import ../upstart-jobs/kbd.nix) (import ../upstart-jobs/gw6c.nix) # Gateway6 (import ../upstart-jobs/syslogd.nix) + (import ../upstart-jobs/dhcpd.nix) # nix (import ../upstart-jobs/nix.nix) # nix options and daemon diff --git a/upstart-jobs/default.nix b/upstart-jobs/default.nix index 6dad24c35b3..043e82d1c44 100644 --- a/upstart-jobs/default.nix +++ b/upstart-jobs/default.nix @@ -141,12 +141,6 @@ let inherit config; }) - # DHCP server. - ++ optional config.services.dhcpd.enable - (import ../upstart-jobs/dhcpd.nix { - inherit pkgs config; - }) - # SSH daemon. ++ optional config.services.sshd.enable (import ../upstart-jobs/sshd.nix { diff --git a/upstart-jobs/dhcpd.nix b/upstart-jobs/dhcpd.nix index d1f0a9626d5..9604dd965b9 100644 --- a/upstart-jobs/dhcpd.nix +++ b/upstart-jobs/dhcpd.nix @@ -1,4 +1,79 @@ -{pkgs, config}: +{pkgs, config, ...}: + +###### interface +let + inherit (pkgs.lib) mkOption mkIf; + + options = { + services = { + dhcpd = { + + enable = mkOption { + default = false; + description = " + Whether to enable the DHCP server. + "; + }; + + extraConfig = mkOption { + default = ""; + example = " + option subnet-mask 255.255.255.0; + option broadcast-address 192.168.1.255; + option routers 192.168.1.5; + option domain-name-servers 130.161.158.4, 130.161.33.17, 130.161.180.1; + option domain-name \"example.org\"; + subnet 192.168.1.0 netmask 255.255.255.0 { + range 192.168.1.100 192.168.1.200; + } + "; + description = " + Extra text to be appended to the DHCP server configuration + file. Currently, you almost certainly need to specify + something here, such as the options specifying the subnet + mask, DNS servers, etc. + "; + }; + + configFile = mkOption { + default = null; + description = " + The path of the DHCP server configuration file. If no file + is specified, a file is generated using the other options. + "; + }; + + interfaces = mkOption { + default = ["eth0"]; + description = " + The interfaces on which the DHCP server should listen. + "; + }; + + machines = mkOption { + default = []; + example = [ + { hostName = "foo"; + ethernetAddress = "00:16:76:9a:32:1d"; + ipAddress = "192.168.1.10"; + } + { hostName = "bar"; + ethernetAddress = "00:19:d1:1d:c4:9a"; + ipAddress = "192.168.1.11"; + } + ]; + description = " + A list mapping ethernet addresses to IP addresses for the + DHCP server. + "; + }; + + }; + }; + }; +in + +###### implementation let @@ -25,26 +100,34 @@ let in -{ - name = "dhcpd"; - - job = '' - description "DHCP server" - start on network-interfaces/started - stop on network-interfaces/stop +mkIf config.services.dhcpd.enable { + require = [ + options + ]; - script + services = { + extraJobs = [{ + name = "dhcpd"; + + job = '' + description "DHCP server" - mkdir -m 755 -p ${stateDir} + start on network-interfaces/started + stop on network-interfaces/stop - touch ${stateDir}/dhcpd.leases + script - exec ${pkgs.dhcp}/sbin/dhcpd -f -cf ${configFile} \ - -lf ${stateDir}/dhcpd.leases \ - ${toString cfg.interfaces} + mkdir -m 755 -p ${stateDir} - end script - ''; - + touch ${stateDir}/dhcpd.leases + + exec ${pkgs.dhcp}/sbin/dhcpd -f -cf ${configFile} \ + -lf ${stateDir}/dhcpd.leases \ + ${toString cfg.interfaces} + + end script + ''; + }]; + }; } From d285fea2da116a7c7f662d0c15af5b5575fd40c7 Mon Sep 17 00:00:00 2001 From: Marc Weber Date: Fri, 6 Mar 2009 12:26:08 +0000 Subject: [PATCH 53/91] Convert "sshd" daemon Should the client config in etc/default.nix be moved as wel? svn path=/nixos/branches/fix-style/; revision=14370 --- system/options.nix | 45 +------------ upstart-jobs/default.nix | 9 --- upstart-jobs/sshd.nix | 139 ++++++++++++++++++++++++++++----------- 3 files changed, 103 insertions(+), 90 deletions(-) diff --git a/system/options.nix b/system/options.nix index 97b53917f24..6018128459e 100644 --- a/system/options.nix +++ b/system/options.nix @@ -480,50 +480,6 @@ in }; - sshd = { - - enable = mkOption { - default = false; - description = " - Whether to enable the Secure Shell daemon, which allows secure - remote logins. - "; - }; - - forwardX11 = mkOption { - default = true; - description = " - Whether to enable sshd to forward X11 connections. - "; - }; - - allowSFTP = mkOption { - default = true; - description = " - Whether to enable the SFTP subsystem in the SSH daemon. This - enables the use of commands such as sftp and - sshfs. - "; - }; - - permitRootLogin = mkOption { - default = "yes"; - description = " - Whether the root user can login using ssh. Valid options - are yes, without-password, - forced-commands-only or - no - "; - }; - - gatewayPorts = mkOption { - default = "no"; - description = " - Specifies whether remote hosts are allowed to connect to ports forwarded for the client. See man sshd_conf. - "; - }; - }; - lshd = { enable = mkOption { @@ -1699,6 +1655,7 @@ in (import ../upstart-jobs/gw6c.nix) # Gateway6 (import ../upstart-jobs/syslogd.nix) (import ../upstart-jobs/dhcpd.nix) + (import ../upstart-jobs/sshd.nix) # nix (import ../upstart-jobs/nix.nix) # nix options and daemon diff --git a/upstart-jobs/default.nix b/upstart-jobs/default.nix index 043e82d1c44..f2f48d0e282 100644 --- a/upstart-jobs/default.nix +++ b/upstart-jobs/default.nix @@ -141,15 +141,6 @@ let inherit config; }) - # SSH daemon. - ++ optional config.services.sshd.enable - (import ../upstart-jobs/sshd.nix { - inherit (pkgs) writeText openssh glibc; - inherit (pkgs.xorg) xauth; - inherit nssModulesPath; - inherit (config.services.sshd) forwardX11 allowSFTP permitRootLogin gatewayPorts; - }) - # GNU lshd SSH2 deamon. ++ optional config.services.lshd.enable (import ../upstart-jobs/lshd.nix { diff --git a/upstart-jobs/sshd.nix b/upstart-jobs/sshd.nix index e9b916e81d3..a0764d1177c 100644 --- a/upstart-jobs/sshd.nix +++ b/upstart-jobs/sshd.nix @@ -1,14 +1,66 @@ -{ writeText, openssh, glibc, xauth -, nssModulesPath -, forwardX11, allowSFTP, permitRootLogin, gatewayPorts -}: +{pkgs, config, ...}: -assert permitRootLogin == "yes" || - permitRootLogin == "without-password" || - permitRootLogin == "forced-commands-only" || - permitRootLogin == "no"; - +###### interface let + inherit (pkgs.lib) mkOption mkIf; + + options = { + services = { + sshd = { + + enable = mkOption { + default = false; + description = " + Whether to enable the Secure Shell daemon, which allows secure + remote logins. + "; + }; + + forwardX11 = mkOption { + default = true; + description = " + Whether to enable sshd to forward X11 connections. + "; + }; + + allowSFTP = mkOption { + default = true; + description = " + Whether to enable the SFTP subsystem in the SSH daemon. This + enables the use of commands such as sftp and + sshfs. + "; + }; + + permitRootLogin = mkOption { + default = "yes"; + description = " + Whether the root user can login using ssh. Valid options + are yes, without-password, + forced-commands-only or + no + "; + }; + + gatewayPorts = mkOption { + default = "no"; + description = " + Specifies whether remote hosts are allowed to connect to ports forwarded for the client. See man sshd_conf. + "; + }; + }; + }; + }; + +###### implementation + + inherit (pkgs) writeText openssh; + + cfg = (config.services.sshd); + + nssModules = config.system.nssModules.list; + + nssModulesPath = config.system.nssModules.path; sshdConfig = writeText "sshd_config" '' @@ -16,55 +68,68 @@ let UsePAM yes - ${if forwardX11 then " + ${if cfg.forwardX11 then " X11Forwarding yes - XAuthLocation ${xauth}/bin/xauth + XAuthLocation ${pkgs.xlibs.xauth}/bin/xauth " else " X11Forwarding no "} - ${if allowSFTP then " + ${if cfg.allowSFTP then " Subsystem sftp ${openssh}/libexec/sftp-server " else " "} - PermitRootLogin ${permitRootLogin} - GatewayPorts ${gatewayPorts} + PermitRootLogin ${cfg.permitRootLogin} + GatewayPorts ${cfg.gatewayPorts} ''; sshdUid = (import ../system/ids.nix).uids.sshd; + assertion = cfg.permitRootLogin == "yes" || + cfg.permitRootLogin == "without-password" || + cfg.permitRootLogin == "forced-commands-only" || + cfg.permitRootLogin == "no"; + in -{ - name = "sshd"; - users = [ - { name = "sshd"; - uid = (import ../system/ids.nix).uids.sshd; - description = "SSH privilege separation user"; - home = "/var/empty"; - } +mkIf config.services.sshd.enable { + require = [ + options ]; - - job = '' - description "SSH server" - start on network-interfaces/started - stop on network-interfaces/stop + services = { + extraJobs = [{ + name = "sshd"; - env LD_LIBRARY_PATH=${nssModulesPath} + users = [ + { name = "sshd"; + uid = (import ../system/ids.nix).uids.sshd; + description = "SSH privilege separation user"; + home = "/var/empty"; + } + ]; + + job = '' + description "SSH server" - start script - mkdir -m 0755 -p /etc/ssh + start on network-interfaces/started + stop on network-interfaces/stop - if ! test -f /etc/ssh/ssh_host_dsa_key; then - ${openssh}/bin/ssh-keygen -t dsa -b 1024 -f /etc/ssh/ssh_host_dsa_key -N "" - fi - end script + env LD_LIBRARY_PATH=${nssModulesPath} - respawn ${openssh}/sbin/sshd -D -h /etc/ssh/ssh_host_dsa_key -f ${sshdConfig} - ''; - + start script + mkdir -m 0755 -p /etc/ssh + + if ! test -f /etc/ssh/ssh_host_dsa_key; then + ${openssh}/bin/ssh-keygen -t dsa -b 1024 -f /etc/ssh/ssh_host_dsa_key -N "" + fi + end script + + respawn ${openssh}/sbin/sshd -D -h /etc/ssh/ssh_host_dsa_key -f ${sshdConfig} + ''; + }]; + }; } From 7b0071781d830d01b5d89582e88fd25ff5ef3ff1 Mon Sep 17 00:00:00 2001 From: Marc Weber Date: Fri, 6 Mar 2009 12:26:10 +0000 Subject: [PATCH 54/91] Convert "lshd" GNU ssh daemon svn path=/nixos/branches/fix-style/; revision=14371 --- system/options.nix | 93 +---------------- upstart-jobs/default.nix | 10 -- upstart-jobs/lshd.nix | 209 ++++++++++++++++++++++++++++++--------- 3 files changed, 166 insertions(+), 146 deletions(-) diff --git a/system/options.nix b/system/options.nix index 6018128459e..f952be1ddb1 100644 --- a/system/options.nix +++ b/system/options.nix @@ -480,98 +480,6 @@ in }; - lshd = { - - enable = mkOption { - default = false; - description = '' - Whether to enable the GNU lshd SSH2 daemon, which allows - secure remote login. - ''; - }; - - portNumber = mkOption { - default = 22; - description = '' - The port on which to listen for connections. - ''; - }; - - interfaces = mkOption { - default = []; - description = '' - List of network interfaces where listening for connections. - When providing the empty list, `[]', lshd listens on all - network interfaces. - ''; - example = [ "localhost" "1.2.3.4:443" ]; - }; - - hostKey = mkOption { - default = "/etc/lsh/host-key"; - description = '' - Path to the server's private key. Note that this key must - have been created, e.g., using "lsh-keygen --server | - lsh-writekey --server", so that you can run lshd. - ''; - }; - - syslog = mkOption { - default = true; - description = ''Whether to enable syslog output.''; - }; - - passwordAuthentication = mkOption { - default = true; - description = ''Whether to enable password authentication.''; - }; - - publicKeyAuthentication = mkOption { - default = true; - description = ''Whether to enable public key authentication.''; - }; - - rootLogin = mkOption { - default = false; - description = ''Whether to enable remote root login.''; - }; - - loginShell = mkOption { - default = null; - description = '' - If non-null, override the default login shell with the - specified value. - ''; - example = "/nix/store/xyz-bash-10.0/bin/bash10"; - }; - - srpKeyExchange = mkOption { - default = false; - description = '' - Whether to enable SRP key exchange and user authentication. - ''; - }; - - tcpForwarding = mkOption { - default = true; - description = ''Whether to enable TCP/IP forwarding.''; - }; - - x11Forwarding = mkOption { - default = true; - description = ''Whether to enable X11 forwarding.''; - }; - - subsystems = mkOption { - default = [ ["sftp" "${pkgs.lsh}/sbin/sftp-server"] ]; - description = '' - List of subsystem-path pairs, where the head of the pair - denotes the subsystem name, and the tail denotes the path to - an executable implementing it. - ''; - }; - }; - ntp = { enable = mkOption { @@ -1656,6 +1564,7 @@ in (import ../upstart-jobs/syslogd.nix) (import ../upstart-jobs/dhcpd.nix) (import ../upstart-jobs/sshd.nix) + (import ../upstart-jobs/lshd.nix) # GNU lshd SSH2 deamon (TODO: does neither start nor generate seed file ?) # nix (import ../upstart-jobs/nix.nix) # nix options and daemon diff --git a/upstart-jobs/default.nix b/upstart-jobs/default.nix index f2f48d0e282..0d8d2987d2c 100644 --- a/upstart-jobs/default.nix +++ b/upstart-jobs/default.nix @@ -141,16 +141,6 @@ let inherit config; }) - # GNU lshd SSH2 deamon. - ++ optional config.services.lshd.enable - (import ../upstart-jobs/lshd.nix { - inherit (pkgs) lib; - inherit (pkgs) lsh; - inherit (pkgs.xorg) xauth; - inherit nssModulesPath; - lshdConfig = config.services.lshd; - }) - # GNUnet daemon. ++ optional config.services.gnunet.enable (import ../upstart-jobs/gnunet.nix { diff --git a/upstart-jobs/lshd.nix b/upstart-jobs/lshd.nix index 0a13d9ba7ee..9db99bce493 100644 --- a/upstart-jobs/lshd.nix +++ b/upstart-jobs/lshd.nix @@ -1,54 +1,175 @@ -{lsh, xauth, lib, nssModulesPath, lshdConfig}: +{pkgs, config, ...}: -with builtins; -with lib; +###### interface +let + inherit (pkgs.lib) mkOption mkIf; -{ - name = "lshd"; - - job = with lshdConfig; '' -description "GNU lshd SSH2 daemon" + options = { + services = { + lshd = { -start on network-interfaces/started -stop on network-interfaces/stop + enable = mkOption { + default = false; + description = '' + Whether to enable the GNU lshd SSH2 daemon, which allows + secure remote login. + ''; + }; -env LD_LIBRARY_PATH=${nssModulesPath} + portNumber = mkOption { + default = 22; + description = '' + The port on which to listen for connections. + ''; + }; -start script - test -d /etc/lsh || mkdir -m 0755 -p /etc/lsh - test -d /var/spool/lsh || mkdir -m 0755 -p /var/spool/lsh + interfaces = mkOption { + default = []; + description = '' + List of network interfaces where listening for connections. + When providing the empty list, `[]', lshd listens on all + network interfaces. + ''; + example = [ "localhost" "1.2.3.4:443" ]; + }; - if ! test -f /var/spool/lsh/yarrow-seed-file - then - ${lsh}/bin/lsh-make-seed -o /var/spool/lsh/yarrow-seed-file - fi + hostKey = mkOption { + default = "/etc/lsh/host-key"; + description = '' + Path to the server's private key. Note that this key must + have been created, e.g., using "lsh-keygen --server | + lsh-writekey --server", so that you can run lshd. + ''; + }; - if ! test -f "${hostKey}" - then - ${lsh}/bin/lsh-keygen --server | \ - ${lsh}/bin/lsh-writekey --server -o "${hostKey}" - fi -end script + syslog = mkOption { + default = true; + description = ''Whether to enable syslog output.''; + }; -respawn ${lsh}/sbin/lshd --daemonic \ - --password-helper="${lsh}/sbin/lsh-pam-checkpw" \ - -p ${toString portNumber} \ - ${if interfaces == [] then "" - else (concatStrings (map (i: "--interface=\"${i}\"") - interfaces))} \ - -h "${hostKey}" \ - ${if !syslog then "--no-syslog" else ""} \ - ${if passwordAuthentication then "--password" else "--no-password" } \ - ${if publicKeyAuthentication then "--publickey" else "--no-publickey" } \ - ${if rootLogin then "--root-login" else "--no-root-login" } \ - ${if loginShell != null then "--login-shell=\"${loginShell}\"" else "" } \ - ${if srpKeyExchange then "--srp-keyexchange" else "--no-srp-keyexchange" } \ - ${if !tcpForwarding then "--no-tcpip-forward" else "--tcpip-forward"} \ - ${if x11Forwarding then "--x11-forward" else "--no-x11-forward" } \ - --subsystems=${concatStringsSep "," - (map (pair: (head pair) + "=" + - (head (tail pair))) - subsystems)} -''; + passwordAuthentication = mkOption { + default = true; + description = ''Whether to enable password authentication.''; + }; + + publicKeyAuthentication = mkOption { + default = true; + description = ''Whether to enable public key authentication.''; + }; + + rootLogin = mkOption { + default = false; + description = ''Whether to enable remote root login.''; + }; + + loginShell = mkOption { + default = null; + description = '' + If non-null, override the default login shell with the + specified value. + ''; + example = "/nix/store/xyz-bash-10.0/bin/bash10"; + }; + + srpKeyExchange = mkOption { + default = false; + description = '' + Whether to enable SRP key exchange and user authentication. + ''; + }; + + tcpForwarding = mkOption { + default = true; + description = ''Whether to enable TCP/IP forwarding.''; + }; + + x11Forwarding = mkOption { + default = true; + description = ''Whether to enable X11 forwarding.''; + }; + + subsystems = mkOption { + default = [ ["sftp" "${pkgs.lsh}/sbin/sftp-server"] ]; + description = '' + List of subsystem-path pairs, where the head of the pair + denotes the subsystem name, and the tail denotes the path to + an executable implementing it. + ''; + }; + }; + }; + }; +in + +###### implementation + +let + + inherit (pkgs) lsh; + inherit (pkgs.lib) concatStrings concatStringsSep head tail; + + lshdConfig = config.services.lshd; + + nssModules = config.system.nssModules.list; + + nssModulesPath = config.system.nssModules.path; +in + +mkIf config.services.lshd.enable { + require = [ + options + ]; + + services = { + extraJobs = [{ + name = "lshd"; + + job = with lshdConfig; '' + description "GNU lshd SSH2 daemon" + + start on network-interfaces/started + stop on network-interfaces/stop + + env LD_LIBRARY_PATH=${nssModulesPath} + + start script + test -d /etc/lsh || mkdir -m 0755 -p /etc/lsh + test -d /var/spool/lsh || mkdir -m 0755 -p /var/spool/lsh + + if ! test -f /var/spool/lsh/yarrow-seed-file + the + ${lsh}/bin/lsh-make-seed -o /var/spool/lsh/yarrow-seed-file + fi + + if ! test -f "${hostKey}" + then + ${lsh}/bin/lsh-keygen --server | \ + ${lsh}/bin/lsh-writekey --server -o "${hostKey}" + fi + end script + + respawn ${lsh}/sbin/lshd --daemonic \ + --password-helper="${lsh}/sbin/lsh-pam-checkpw" \ + -p ${toString portNumber} \ + ${if interfaces == [] then "" + else (concatStrings (map (i: "--interface=\"${i}\"") + interfaces))} \ + -h "${hostKey}" \ + ${if !syslog then "--no-syslog" else ""} \ + ${if passwordAuthentication then "--password" else "--no-password" } \ + ${if publicKeyAuthentication then "--publickey" else "--no-publickey" } \ + ${if rootLogin then "--root-login" else "--no-root-login" } \ + ${if loginShell != null then "--login-shell=\"${loginShell}\"" else "" } \ + ${if srpKeyExchange then "--srp-keyexchange" else "--no-srp-keyexchange" } \ + ${if !tcpForwarding then "--no-tcpip-forward" else "--tcpip-forward"} \ + ${if x11Forwarding then "--x11-forward" else "--no-x11-forward" } \ + --subsystems=${concatStringsSep "," + (map (pair: (head pair) + "=" + + (head (tail pair))) + subsystems)} + ''; +} + ]; + }; } From 0d48a739876edca5b4e04f8bf4787803c5f110bf Mon Sep 17 00:00:00 2001 From: Marc Weber Date: Fri, 6 Mar 2009 12:26:13 +0000 Subject: [PATCH 55/91] sshd fix (users) svn path=/nixos/branches/fix-style/; revision=14372 --- upstart-jobs/sshd.nix | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/upstart-jobs/sshd.nix b/upstart-jobs/sshd.nix index a0764d1177c..03dc9f47a9c 100644 --- a/upstart-jobs/sshd.nix +++ b/upstart-jobs/sshd.nix @@ -100,18 +100,20 @@ mkIf config.services.sshd.enable { options ]; + users = { + extraUsers = [ + { name = "sshd"; + uid = (import ../system/ids.nix).uids.sshd; + description = "SSH privilege separation user"; + home = "/var/empty"; + } + ]; + }; + services = { extraJobs = [{ name = "sshd"; - users = [ - { name = "sshd"; - uid = (import ../system/ids.nix).uids.sshd; - description = "SSH privilege separation user"; - home = "/var/empty"; - } - ]; - job = '' description "SSH server" From b5f963bb8b4be8a8bd9c5cf22aac4419580cc585 Mon Sep 17 00:00:00 2001 From: Marc Weber Date: Fri, 6 Mar 2009 12:26:16 +0000 Subject: [PATCH 56/91] use cat again to create users instead of << "..." this way '`" doesn't have to be escaped (used by avahi) svn path=/nixos/branches/fix-style/; revision=14373 --- system/users-groups.nix | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/system/users-groups.nix b/system/users-groups.nix index f1bd59a2f36..5dec1f1d1b3 100644 --- a/system/users-groups.nix +++ b/system/users-groups.nix @@ -143,6 +143,9 @@ let inherit (pkgs.stringsWithDeps) FullDepEntry; activateLib = config.system.activationScripts.lib; + + # keep this extra file so that cat can be used to pass special chars such as "`" which is used in the avahi daemon + usersFile = pkgs.writeText "users" (concatStringsSep "\n" (map serializedUser users)); in { @@ -157,7 +160,7 @@ in activationScripts = { users = FullDepEntry '' - while true; do + cat ${usersFile} | while true; do read name || break read description read uid @@ -198,9 +201,7 @@ in ''${home:+--home "$home"} \ --shell "$shell" fi - done < Date: Fri, 6 Mar 2009 12:26:19 +0000 Subject: [PATCH 57/91] Convert "ntp" daemon svn path=/nixos/branches/fix-style/; revision=14374 --- system/options.nix | 24 +-------- upstart-jobs/default.nix | 8 --- upstart-jobs/ntpd.nix | 105 ++++++++++++++++++++++++++++----------- 3 files changed, 78 insertions(+), 59 deletions(-) diff --git a/system/options.nix b/system/options.nix index f952be1ddb1..31dc9c60443 100644 --- a/system/options.nix +++ b/system/options.nix @@ -480,29 +480,6 @@ in }; - ntp = { - - enable = mkOption { - default = true; - description = " - Whether to synchronise your machine's time using the NTP - protocol. - "; - }; - - servers = mkOption { - default = [ - "0.pool.ntp.org" - "1.pool.ntp.org" - "2.pool.ntp.org" - ]; - description = " - The set of NTP servers from which to synchronise. - "; - }; - - }; - portmap = { enable = mkOption { @@ -1565,6 +1542,7 @@ in (import ../upstart-jobs/dhcpd.nix) (import ../upstart-jobs/sshd.nix) (import ../upstart-jobs/lshd.nix) # GNU lshd SSH2 deamon (TODO: does neither start nor generate seed file ?) + (import ../upstart-jobs/ntpd.nix) # nix (import ../upstart-jobs/nix.nix) # nix options and daemon diff --git a/upstart-jobs/default.nix b/upstart-jobs/default.nix index 0d8d2987d2c..b912fbee5a2 100644 --- a/upstart-jobs/default.nix +++ b/upstart-jobs/default.nix @@ -148,14 +148,6 @@ let gnunetConfig = config.services.gnunet; }) - # NTP daemon. - ++ optional config.services.ntp.enable - (import ../upstart-jobs/ntpd.nix { - inherit modprobe; - inherit (pkgs) ntp glibc writeText; - servers = config.services.ntp.servers; - }) - # portmap daemon. ++ optional config.services.portmap.enable (import ../upstart-jobs/portmap.nix { diff --git a/upstart-jobs/ntpd.nix b/upstart-jobs/ntpd.nix index 4bfcfe115cb..9716ce3f308 100644 --- a/upstart-jobs/ntpd.nix +++ b/upstart-jobs/ntpd.nix @@ -1,52 +1,101 @@ -{ntp, modprobe, glibc, writeText, servers}: +{pkgs, config, ...}: + +###### interface +let + inherit (pkgs.lib) mkOption mkIf; + + options = { + services = { + ntp = { + + enable = mkOption { + default = true; + description = " + Whether to synchronise your machine's time using the NTP + protocol. + "; + }; + + servers = mkOption { + default = [ + "0.pool.ntp.org" + "1.pool.ntp.org" + "2.pool.ntp.org" + ]; + description = " + The set of NTP servers from which to synchronise. + "; + }; + + }; + }; + }; +in + +###### implementation let + inherit (pkgs) writeText ntp; + stateDir = "/var/lib/ntp"; ntpUser = "ntp"; - config = writeText "ntp.conf" '' + servers = config.services.ntp.servers; + + modprobe = config.system.sbin.modprobe; + + configFile = writeText "ntp.conf" '' driftfile ${stateDir}/ntp.drift ${toString (map (server: "server " + server + "\n") servers)} ''; - ntpFlags = "-c ${config} -u ${ntpUser}:nogroup -i ${stateDir}"; + ntpFlags = "-c ${configFile} -u ${ntpUser}:nogroup -i ${stateDir}"; in -{ - name = "ntpd"; - - users = [ - { name = ntpUser; - uid = (import ../system/ids.nix).uids.ntp; - description = "NTP daemon user"; - home = stateDir; - } + +mkIf config.services.ntp.enable { + require = [ + options ]; - - job = '' - description "NTP daemon" - start on ip-up - stop on ip-down - stop on shutdown + services = { + extraJobs = [{ - start script + name = "ntpd"; + + users = [ + { name = ntpUser; + uid = (import ../system/ids.nix).uids.ntp; + description = "NTP daemon user"; + home = stateDir; + } + ]; + + job = '' + description "NTP daemon" - mkdir -m 0755 -p ${stateDir} - chown ${ntpUser} ${stateDir} + start on ip-up + stop on ip-down + stop on shutdown - # Needed to run ntpd as an unprivileged user. - ${modprobe}/sbin/modprobe capability || true + start script - ${ntp}/bin/ntpd -q -g ${ntpFlags} + mkdir -m 0755 -p ${stateDir} + chown ${ntpUser} ${stateDir} - end script + # Needed to run ntpd as an unprivileged user. + ${modprobe}/sbin/modprobe capability || true - respawn ${ntp}/bin/ntpd -n ${ntpFlags} - ''; - + ${ntp}/bin/ntpd -q -g ${ntpFlags} + + end script + + respawn ${ntp}/bin/ntpd -n ${ntpFlags} + ''; + }]; + }; } From adafcb8f3299f32d2424984e862c4c67fe391036 Mon Sep 17 00:00:00 2001 From: Marc Weber Date: Fri, 6 Mar 2009 12:26:22 +0000 Subject: [PATCH 58/91] Convert "portmap" svn path=/nixos/branches/fix-style/; revision=14375 --- system/options.nix | 13 +----- upstart-jobs/default.nix | 6 --- upstart-jobs/portmap.nix | 85 ++++++++++++++++++++++++++++------------ 3 files changed, 61 insertions(+), 43 deletions(-) diff --git a/system/options.nix b/system/options.nix index 31dc9c60443..a5fea0b2632 100644 --- a/system/options.nix +++ b/system/options.nix @@ -480,18 +480,6 @@ in }; - portmap = { - - enable = mkOption { - default = false; - description = '' - Whether to enable `portmap', an ONC RPC directory service - notably used by NFS and NIS, and which can be queried - using the rpcinfo(1) command. - ''; - }; - }; - bitlbee = { enable = mkOption { @@ -1543,6 +1531,7 @@ in (import ../upstart-jobs/sshd.nix) (import ../upstart-jobs/lshd.nix) # GNU lshd SSH2 deamon (TODO: does neither start nor generate seed file ?) (import ../upstart-jobs/ntpd.nix) + (import ../upstart-jobs/portmap.nix) # nix (import ../upstart-jobs/nix.nix) # nix options and daemon diff --git a/upstart-jobs/default.nix b/upstart-jobs/default.nix index b912fbee5a2..25426b16566 100644 --- a/upstart-jobs/default.nix +++ b/upstart-jobs/default.nix @@ -148,12 +148,6 @@ let gnunetConfig = config.services.gnunet; }) - # portmap daemon. - ++ optional config.services.portmap.enable - (import ../upstart-jobs/portmap.nix { - inherit (pkgs) makePortmap; - }) - # Apache httpd. ++ optional (config.services.httpd.enable && !config.services.httpd.experimental) (import ../upstart-jobs/httpd.nix { diff --git a/upstart-jobs/portmap.nix b/upstart-jobs/portmap.nix index 18ff06dc1af..0c3368545c2 100644 --- a/upstart-jobs/portmap.nix +++ b/upstart-jobs/portmap.nix @@ -1,35 +1,70 @@ -{ makePortmap }: +{pkgs, config, ...}: + +###### interface +let + inherit (pkgs.lib) mkOption mkIf; + + options = { + services = { + portmap = { + enable = mkOption { + default = false; + description = '' + Whether to enable `portmap', an ONC RPC directory service + notably used by NFS and NIS, and which can be queried + using the rpcinfo(1) command. + ''; + }; + }; + }; + }; +in + +###### implementation let uid = (import ../system/ids.nix).uids.portmap; gid = (import ../system/ids.nix).gids.portmap; in -{ - name = "portmap"; - - users = [ - { name = "portmap"; - inherit uid; - description = "portmap daemon user"; - home = "/var/empty"; - } + +mkIf config.services.portmap.enable { + + require = [ + options ]; - groups = [ - { name = "portmap"; - inherit gid; - } - ]; - job = - let portmap = makePortmap { daemonUID = uid; daemonGID = gid; }; - in - '' -description "ONC RPC portmap" + users = { + extraUsers = [ + { name = "portmap"; + inherit uid; + description = "portmap daemon user"; + home = "/var/empty"; + } + ]; -start on network-interfaces/started -stop on network-interfaces/stop + extraGroups = [ + { name = "portmap"; + inherit gid; + } + ]; + }; -respawn ${portmap}/sbin/portmap -''; - + services = { + extraJobs = [{ + name = "portmap"; + + + job = + let portmap = pkgs.makePortmap { daemonUID = uid; daemonGID = gid; }; + in + '' + description "ONC RPC portmap" + + start on network-interfaces/started + stop on network-interfaces/stop + + respawn ${portmap}/sbin/portmap + ''; + }]; + }; } From f9f61c0a1e3e744807b3323b6d558fb7c960293c Mon Sep 17 00:00:00 2001 From: Marc Weber Date: Fri, 6 Mar 2009 12:26:24 +0000 Subject: [PATCH 59/91] Convert "bitlbee" svn path=/nixos/branches/fix-style/; revision=14376 --- system/options.nix | 30 +---------- upstart-jobs/bitlbee.nix | 109 +++++++++++++++++++++++++++++---------- upstart-jobs/default.nix | 6 --- 3 files changed, 82 insertions(+), 63 deletions(-) diff --git a/system/options.nix b/system/options.nix index a5fea0b2632..2e841e6c7b7 100644 --- a/system/options.nix +++ b/system/options.nix @@ -480,35 +480,6 @@ in }; - bitlbee = { - - enable = mkOption { - default = false; - description = '' - Whether to run the BitlBee IRC to other chat network gateway. - Running it allows you to access the MSN, Jabber, Yahoo! and ICQ chat - networks via an IRC client. - ''; - }; - - interface = mkOption { - default = "127.0.0.1"; - description = '' - The interface the BitlBee deamon will be listening to. If `127.0.0.1', - only clients on the local host can connect to it; if `0.0.0.0', clients - can access it from any network interface. - ''; - }; - - portNumber = mkOption { - default = 6667; - description = '' - Number of the port BitlBee will be listening to. - ''; - }; - - }; - gnunet = { enable = mkOption { @@ -1532,6 +1503,7 @@ in (import ../upstart-jobs/lshd.nix) # GNU lshd SSH2 deamon (TODO: does neither start nor generate seed file ?) (import ../upstart-jobs/ntpd.nix) (import ../upstart-jobs/portmap.nix) + (import ../upstart-jobs/bitlbee.nix) # nix (import ../upstart-jobs/nix.nix) # nix options and daemon diff --git a/upstart-jobs/bitlbee.nix b/upstart-jobs/bitlbee.nix index d9956230aa0..a1cc1a87861 100644 --- a/upstart-jobs/bitlbee.nix +++ b/upstart-jobs/bitlbee.nix @@ -1,40 +1,93 @@ -args: with args; +{pkgs, config, ...}: + +###### interface +let + inherit (pkgs.lib) mkOption mkIf; + + options = { + services = { + bitlbee = { + + enable = mkOption { + default = false; + description = '' + Whether to run the BitlBee IRC to other chat network gateway. + Running it allows you to access the MSN, Jabber, Yahoo! and ICQ chat + networks via an IRC client. + ''; + }; + + interface = mkOption { + default = "127.0.0.1"; + description = '' + The interface the BitlBee deamon will be listening to. If `127.0.0.1', + only clients on the local host can connect to it; if `0.0.0.0', clients + can access it from any network interface. + ''; + }; + + portNumber = mkOption { + default = 6667; + description = '' + Number of the port BitlBee will be listening to. + ''; + }; + + }; + }; + }; +in + +###### implementation let bitlbeeUid = (import ../system/ids.nix).uids.bitlbee; + inherit (config.services.bitlbee) portNumber interface; in -{ - name = "bitlbee"; - users = [ - { name = "bitlbee"; - uid = bitlbeeUid; - description = "BitlBee user"; - home = "/var/empty"; - } - ]; - - groups = [ - { name = "bitlbee"; - gid = (import ../system/ids.nix).gids.bitlbee; - } +mkIf config.services.bitlbee.enable { + + require = [ + options ]; - job = '' -description "BitlBee IRC to other chat networks gateway" + users = { + extraUsers = [ + { name = "bitlbee"; + uid = bitlbeeUid; + description = "BitlBee user"; + home = "/var/empty"; + } + ]; + + extraGroups = [ + { name = "bitlbee"; + gid = (import ../system/ids.nix).gids.bitlbee; + } + ]; + }; -start on network-interfaces/started -stop on network-interfaces/stop + services = { + extraJobs = [{ + name = "bitlbee"; -start script - if ! test -d /var/lib/bitlbee - then - mkdir -p /var/lib/bitlbee - fi -end script + job = '' + description "BitlBee IRC to other chat networks gateway" -respawn ${bitlbee}/sbin/bitlbee -F -p ${toString portNumber} \ - -i ${interface} -u bitlbee - ''; + start on network-interfaces/started + stop on network-interfaces/stop + + start script + if ! test -d /var/lib/bitlbee + then + mkdir -p /var/lib/bitlbee + fi + end script + + respawn ${pkgs.bitlbee}/sbin/bitlbee -F -p ${toString portNumber} \ + -i ${interface} -u bitlbee + ''; + }]; + }; } diff --git a/upstart-jobs/default.nix b/upstart-jobs/default.nix index 25426b16566..79338c2c598 100644 --- a/upstart-jobs/default.nix +++ b/upstart-jobs/default.nix @@ -231,12 +231,6 @@ let inherit config pkgs; }) - ++ optional config.services.bitlbee.enable - (import ../upstart-jobs/bitlbee.nix { - inherit (pkgs) bitlbee; - inherit (config.services.bitlbee) portNumber interface; - }) - # Postfix mail server. ++ optional config.services.postfix.enable (import ../upstart-jobs/postfix.nix { From 931f68c924cbeaba418bb9d33229deb744f324cf Mon Sep 17 00:00:00 2001 From: Marc Weber Date: Fri, 6 Mar 2009 12:26:26 +0000 Subject: [PATCH 60/91] Convert "gnunet" svn path=/nixos/branches/fix-style/; revision=14377 --- system/options.nix | 137 +-------------------- upstart-jobs/default.nix | 7 -- upstart-jobs/gnunet.nix | 250 +++++++++++++++++++++++++++++++-------- 3 files changed, 203 insertions(+), 191 deletions(-) diff --git a/system/options.nix b/system/options.nix index 2e841e6c7b7..f33e7cdd805 100644 --- a/system/options.nix +++ b/system/options.nix @@ -480,142 +480,6 @@ in }; - gnunet = { - - enable = mkOption { - default = false; - description = '' - Whether to run the GNUnet daemon. GNUnet is GNU's anonymous - peer-to-peer communication and file sharing framework. - ''; - }; - - home = mkOption { - default = "/var/lib/gnunet"; - description = '' - Directory where the GNUnet daemon will store its data. - ''; - }; - - debug = mkOption { - default = false; - description = '' - When true, run in debug mode; gnunetd will not daemonize and - error messages will be written to stderr instead of a - logfile. - ''; - }; - - logLevel = mkOption { - default = "ERROR"; - example = "INFO"; - description = '' - Log level of the deamon (see `gnunetd(1)' for details). - ''; - }; - - hostLists = mkOption { - default = [ - "http://gnunet.org/hostlist.php" - "http://gnunet.mine.nu:8081/hostlist" - "http://vserver1236.vserver-on.de/hostlist-074" - ]; - description = '' - URLs of host lists. - ''; - }; - - - applications = mkOption { - default = [ "advertising" "getoption" "fs" "stats" "traffic" ]; - example = [ "chat" "fs" ]; - description = '' - List of GNUnet applications supported by the daemon. Note that - `fs', which means "file sharing", is probably the one you want. - ''; - }; - - transports = mkOption { - default = [ "udp" "tcp" "http" "nat" ]; - example = [ "smtp" "http" ]; - description = '' - List of transport methods used by the server. - ''; - }; - - fileSharing = { - quota = mkOption { - default = 1024; - description = '' - Maximum file system usage (in MiB) for file sharing. - ''; - }; - - activeMigration = mkOption { - default = false; - description = '' - Whether to allow active migration of content originating - from other nodes. - ''; - }; - }; - - load = { - maxNetDownBandwidth = mkOption { - default = 50000; - description = '' - Maximum bandwidth usage (in bits per second) for GNUnet - when downloading data. - ''; - }; - - maxNetUpBandwidth = mkOption { - default = 50000; - description = '' - Maximum bandwidth usage (in bits per second) for GNUnet - when downloading data. - ''; - }; - - hardNetUpBandwidth = mkOption { - default = 0; - description = '' - Hard bandwidth limit (in bits per second) when uploading - data. - ''; - }; - - maxCPULoad = mkOption { - default = 100; - description = '' - Maximum CPU load (percentage) authorized for the GNUnet - daemon. - ''; - }; - - interfaces = mkOption { - default = [ "eth0" ]; - example = [ "wlan0" "eth1" ]; - description = '' - List of network interfaces to use. - ''; - }; - }; - - extraOptions = mkOption { - default = ""; - example = '' - [NETWORK] - INTERFACE = eth3 - ''; - description = '' - Additional options that will be copied verbatim in `gnunetd.conf'. - See `gnunetd.conf(5)' for details. - ''; - }; - }; - - ejabberd = { enable = mkOption { default = false; @@ -1504,6 +1368,7 @@ in (import ../upstart-jobs/ntpd.nix) (import ../upstart-jobs/portmap.nix) (import ../upstart-jobs/bitlbee.nix) + (import ../upstart-jobs/gnunet.nix) # nix (import ../upstart-jobs/nix.nix) # nix options and daemon diff --git a/upstart-jobs/default.nix b/upstart-jobs/default.nix index 79338c2c598..03c3fa32822 100644 --- a/upstart-jobs/default.nix +++ b/upstart-jobs/default.nix @@ -141,13 +141,6 @@ let inherit config; }) - # GNUnet daemon. - ++ optional config.services.gnunet.enable - (import ../upstart-jobs/gnunet.nix { - inherit (pkgs) gnunet lib writeText; - gnunetConfig = config.services.gnunet; - }) - # Apache httpd. ++ optional (config.services.httpd.enable && !config.services.httpd.experimental) (import ../upstart-jobs/httpd.nix { diff --git a/upstart-jobs/gnunet.nix b/upstart-jobs/gnunet.nix index 3b3de2d97b3..5fe7579d8fe 100644 --- a/upstart-jobs/gnunet.nix +++ b/upstart-jobs/gnunet.nix @@ -1,64 +1,218 @@ -{ gnunet, gnunetConfig, lib, writeText }: +{pkgs, config, ...}: -assert gnunetConfig.enable; +###### interface +let + inherit (pkgs.lib) mkOption mkIf; -{ - name = "gnunetd"; + options = { + services = { + gnunet = { + + enable = mkOption { + default = false; + description = '' + Whether to run the GNUnet daemon. GNUnet is GNU's anonymous + peer-to-peer communication and file sharing framework. + ''; + }; - users = [ - { name = "gnunetd"; - uid = (import ../system/ids.nix).uids.gnunetd; - description = "GNUnet Daemon User"; - home = "/var/empty"; - } + home = mkOption { + default = "/var/lib/gnunet"; + description = '' + Directory where the GNUnet daemon will store its data. + ''; + }; + + debug = mkOption { + default = false; + description = '' + When true, run in debug mode; gnunetd will not daemonize and + error messages will be written to stderr instead of a + logfile. + ''; + }; + + logLevel = mkOption { + default = "ERROR"; + example = "INFO"; + description = '' + Log level of the deamon (see `gnunetd(1)' for details). + ''; + }; + + hostLists = mkOption { + default = [ + "http://gnunet.org/hostlist.php" + "http://gnunet.mine.nu:8081/hostlist" + "http://vserver1236.vserver-on.de/hostlist-074" + ]; + description = '' + URLs of host lists. + ''; + }; + + + applications = mkOption { + default = [ "advertising" "getoption" "fs" "stats" "traffic" ]; + example = [ "chat" "fs" ]; + description = '' + List of GNUnet applications supported by the daemon. Note that + `fs', which means "file sharing", is probably the one you want. + ''; + }; + + transports = mkOption { + default = [ "udp" "tcp" "http" "nat" ]; + example = [ "smtp" "http" ]; + description = '' + List of transport methods used by the server. + ''; + }; + + fileSharing = { + quota = mkOption { + default = 1024; + description = '' + Maximum file system usage (in MiB) for file sharing. + ''; + }; + + activeMigration = mkOption { + default = false; + description = '' + Whether to allow active migration of content originating + from other nodes. + ''; + }; + }; + + load = { + maxNetDownBandwidth = mkOption { + default = 50000; + description = '' + Maximum bandwidth usage (in bits per second) for GNUnet + when downloading data. + ''; + }; + + maxNetUpBandwidth = mkOption { + default = 50000; + description = '' + Maximum bandwidth usage (in bits per second) for GNUnet + when downloading data. + ''; + }; + + hardNetUpBandwidth = mkOption { + default = 0; + description = '' + Hard bandwidth limit (in bits per second) when uploading + data. + ''; + }; + + maxCPULoad = mkOption { + default = 100; + description = '' + Maximum CPU load (percentage) authorized for the GNUnet + daemon. + ''; + }; + + interfaces = mkOption { + default = [ "eth0" ]; + example = [ "wlan0" "eth1" ]; + description = '' + List of network interfaces to use. + ''; + }; + }; + + extraOptions = mkOption { + default = ""; + example = '' + [NETWORK] + INTERFACE = eth3 + ''; + description = '' + Additional options that will be copied verbatim in `gnunetd.conf'. + See `gnunetd.conf(5)' for details. + ''; + }; + }; + }; + }; +in + +###### implementation + +mkIf config.services.gnunet.enable { + require = [ + options ]; - job = - with gnunetConfig; - let configFile = writeText "gnunetd.conf" '' - [PATHS] - GNUNETD_HOME = ${home} + users = { + extraUsers = [ + { name = "gnunetd"; + uid = (import ../system/ids.nix).uids.gnunetd; + description = "GNUnet Daemon User"; + home = "/var/empty"; + } + ]; + }; - [GNUNETD] - HOSTLISTURL = ${lib.concatStringsSep " " hostLists} - APPLICATIONS = ${lib.concatStringsSep " " applications} - TRANSPORTS = ${lib.concatStringsSep " " transports} + services = { + extraJobs = [{ + name = "gnunetd"; - [LOAD] - MAXNETDOWNBPSTOTAL = ${toString load.maxNetDownBandwidth} - MAXNETUPBPSTOTAL = ${toString load.maxNetUpBandwidth} - HARDUPLIMIT = ${toString load.hardNetUpBandwidth} - MAXCPULOAD = ${toString load.maxCPULoad} - INTERFACES = ${lib.concatStringsSep " " load.interfaces} + job = + with config.services.gnunet; + let + inherit (pkgs) lib gnunet; + configFile = pkgs.writeText "gnunetd.conf" '' + [PATHS] + GNUNETD_HOME = ${home} - [FS] - QUOTA = ${toString fileSharing.quota} - ACTIVEMIGRATION = ${if fileSharing.activeMigration then "YES" else "NO"} + [GNUNETD] + HOSTLISTURL = ${lib.concatStringsSep " " hostLists} + APPLICATIONS = ${lib.concatStringsSep " " applications} + TRANSPORTS = ${lib.concatStringsSep " " transports} - [MODULES] - sqstore = sqstore_sqlite - dstore = dstore_sqlite - topology = topology_default + [LOAD] + MAXNETDOWNBPSTOTAL = ${toString load.maxNetDownBandwidth} + MAXNETUPBPSTOTAL = ${toString load.maxNetUpBandwidth} + HARDUPLIMIT = ${toString load.hardNetUpBandwidth} + MAXCPULOAD = ${toString load.maxCPULoad} + INTERFACES = ${lib.concatStringsSep " " load.interfaces} - ${extraOptions} - ''; + [FS] + QUOTA = ${toString fileSharing.quota} + ACTIVEMIGRATION = ${if fileSharing.activeMigration then "YES" else "NO"} - in '' -description "The GNUnet Daemon" + [MODULES] + sqstore = sqstore_sqlite + dstore = dstore_sqlite + topology = topology_default -start on network-interfaces/started -stop on network-interfaces/stop + ${extraOptions} + ''; + in '' + description "The GNUnet Daemon" -start script - test -d "${home}" || \ - ( mkdir -m 755 -p "${home}" && chown -R gnunetd:users "${home}") -end script + start on network-interfaces/started + stop on network-interfaces/stop -respawn ${gnunet}/bin/gnunetd \ - ${if debug then "--debug" else "" } \ - --user="gnunetd" \ - --config="${configFile}" \ - --log="${logLevel}" -''; + start script + test -d "${home}" || \ + ( mkdir -m 755 -p "${home}" && chown -R gnunetd:users "${home}") + end script + respawn ${gnunet}/bin/gnunetd \ + ${if debug then "--debug" else "" } \ + --user="gnunetd" \ + --config="${configFile}" \ + --log="${logLevel}" + ''; + }]; + }; } From 0c7129316caaef39a42d98ab4f1808a7c8d1441e Mon Sep 17 00:00:00 2001 From: Marc Weber Date: Fri, 6 Mar 2009 12:26:29 +0000 Subject: [PATCH 61/91] Convert "ejabbered" (untested) svn path=/nixos/branches/fix-style/; revision=14378 --- system/options.nix | 28 +---------- upstart-jobs/default.nix | 6 --- upstart-jobs/ejabberd.nix | 103 ++++++++++++++++++++++++++++---------- 3 files changed, 77 insertions(+), 60 deletions(-) diff --git a/system/options.nix b/system/options.nix index f33e7cdd805..5358c206059 100644 --- a/system/options.nix +++ b/system/options.nix @@ -480,33 +480,6 @@ in }; - ejabberd = { - enable = mkOption { - default = false; - description = "Whether to enable ejabberd server"; - }; - - spoolDir = mkOption { - default = "/var/lib/ejabberd"; - description = "Location of the spooldir of ejabberd"; - }; - - logsDir = mkOption { - default = "/var/log/ejabberd"; - description = "Location of the logfile directory of ejabberd"; - }; - - confDir = mkOption { - default = "/var/ejabberd"; - description = "Location of the config directory of ejabberd"; - }; - - virtualHosts = mkOption { - default = "\"localhost\""; - description = "Virtualhosts that ejabberd should host. Hostnames are surrounded with doublequotes and separated by commas"; - }; - }; - jboss = { enable = mkOption { default = false; @@ -1369,6 +1342,7 @@ in (import ../upstart-jobs/portmap.nix) (import ../upstart-jobs/bitlbee.nix) (import ../upstart-jobs/gnunet.nix) + (import ../upstart-jobs/ejabberd.nix) # untested, dosen't compile on x86_64-linux # nix (import ../upstart-jobs/nix.nix) # nix options and daemon diff --git a/upstart-jobs/default.nix b/upstart-jobs/default.nix index 03c3fa32822..4de7e099a4f 100644 --- a/upstart-jobs/default.nix +++ b/upstart-jobs/default.nix @@ -168,12 +168,6 @@ let inherit config pkgs; }) - # EJabberd service - ++ optional config.services.ejabberd.enable - (import ../upstart-jobs/ejabberd.nix { - inherit config pkgs; - }) - # OpenFire XMPP server ++ optional config.services.openfire.enable (import ../upstart-jobs/openfire.nix { diff --git a/upstart-jobs/ejabberd.nix b/upstart-jobs/ejabberd.nix index d2a5084068f..390feda0e09 100644 --- a/upstart-jobs/ejabberd.nix +++ b/upstart-jobs/ejabberd.nix @@ -1,36 +1,85 @@ -args: with args; +{pkgs, config, ...}: + +###### interface +let + inherit (pkgs.lib) mkOption mkIf; + + options = { + services = { + ejabberd = { + enable = mkOption { + default = false; + description = "Whether to enable ejabberd server"; + }; + + spoolDir = mkOption { + default = "/var/lib/ejabberd"; + description = "Location of the spooldir of ejabberd"; + }; + + logsDir = mkOption { + default = "/var/log/ejabberd"; + description = "Location of the logfile directory of ejabberd"; + }; + + confDir = mkOption { + default = "/var/ejabberd"; + description = "Location of the config directory of ejabberd"; + }; + + virtualHosts = mkOption { + default = "\"localhost\""; + description = "Virtualhosts that ejabberd should host. Hostnames are surrounded with doublequotes and separated by commas"; + }; + }; + }; + }; +in + +###### implementation let cfg = config.services.ejabberd; in -{ - name = "ejabberd"; - - job = '' - description "EJabberd server" - start on network-interface/started - stop on network-interfaces/stop - - start script - # Initialise state data - mkdir -p ${cfg.logsDir} - - if ! test -d ${cfg.spoolDir} - then - cp -av ${pkgs.ejabberd}/var/lib/ejabberd /var/lib - fi - - mkdir -p ${cfg.confDir} - sed -e 's|{hosts, \["localhost"\]}.|{hosts, \[${cfg.virtualHosts}\]}.|' ${pkgs.ejabberd}/etc/ejabberd/ejabberd.cfg > ${cfg.confDir}/ejabberd.cfg - end script +mkIf config.services.ejabberd.enable { + + require = [ + options + ]; + + + services = { + extraJobs = [{ + name = "ejabberd"; + + job = '' + description "EJabberd server" + + start on network-interface/started + stop on network-interfaces/stop - respawn ${pkgs.bash}/bin/sh -c 'export PATH=$PATH:${pkgs.ejabberd}/sbin; cd ~; ejabberdctl --logs ${cfg.logsDir} --spool ${cfg.spoolDir} --config ${cfg.confDir}/ejabberd.cfg start; sleep 1d' - - stop script - ${pkgs.ejabberd}/sbin/ejabberdctl stop - end script - ''; + start script + # Initialise state data + mkdir -p ${cfg.logsDir} + + if ! test -d ${cfg.spoolDir} + then + cp -av ${pkgs.ejabberd}/var/lib/ejabberd /var/lib + fi + + mkdir -p ${cfg.confDir} + sed -e 's|{hosts, \["localhost"\]}.|{hosts, \[${cfg.virtualHosts}\]}.|' ${pkgs.ejabberd}/etc/ejabberd/ejabberd.cfg > ${cfg.confDir}/ejabberd.cfg + end script + + respawn ${pkgs.bash}/bin/sh -c 'export PATH=$PATH:${pkgs.ejabberd}/sbin; cd ~; ejabberdctl --logs ${cfg.logsDir} --spool ${cfg.spoolDir} --config ${cfg.confDir}/ejabberd.cfg start; sleep 1d' + + stop script + ${pkgs.ejabberd}/sbin/ejabberdctl stop + end script + ''; + }]; + }; } From b17f9995d5d2bbbf2912ccb7639fbcc55b961b14 Mon Sep 17 00:00:00 2001 From: Marc Weber Date: Fri, 6 Mar 2009 12:26:31 +0000 Subject: [PATCH 62/91] Convert "jboss" (untested) svn path=/nixos/branches/fix-style/; revision=14379 --- system/options.nix | 43 +--------------------- upstart-jobs/default.nix | 6 --- upstart-jobs/jboss.nix | 79 +++++++++++++++++++++++++++++++++++----- 3 files changed, 71 insertions(+), 57 deletions(-) diff --git a/system/options.nix b/system/options.nix index 5358c206059..4c988d0b1bf 100644 --- a/system/options.nix +++ b/system/options.nix @@ -480,48 +480,6 @@ in }; - jboss = { - enable = mkOption { - default = false; - description = "Whether to enable jboss"; - }; - - tempDir = mkOption { - default = "/tmp"; - description = "Location where JBoss stores its temp files"; - }; - - logDir = mkOption { - default = "/var/log/jboss"; - description = "Location of the logfile directory of JBoss"; - }; - - serverDir = mkOption { - description = "Location of the server instance files"; - default = "/var/jboss/server"; - }; - - deployDir = mkOption { - description = "Location of the deployment files"; - default = "/nix/var/nix/profiles/default/server/default/deploy/"; - }; - - libUrl = mkOption { - default = "file:///nix/var/nix/profiles/default/server/default/lib"; - description = "Location where the shared library JARs are stored"; - }; - - user = mkOption { - default = "nobody"; - description = "User account under which jboss runs."; - }; - - useJK = mkOption { - default = false; - description = "Whether to use to connector to the Apache HTTP server"; - }; - }; - tomcat = { enable = mkOption { default = false; @@ -1343,6 +1301,7 @@ in (import ../upstart-jobs/bitlbee.nix) (import ../upstart-jobs/gnunet.nix) (import ../upstart-jobs/ejabberd.nix) # untested, dosen't compile on x86_64-linux + (import ../upstart-jobs/jboss.nix) # nix (import ../upstart-jobs/nix.nix) # nix options and daemon diff --git a/upstart-jobs/default.nix b/upstart-jobs/default.nix index 4de7e099a4f..684eb7dd36d 100644 --- a/upstart-jobs/default.nix +++ b/upstart-jobs/default.nix @@ -174,12 +174,6 @@ let inherit config pkgs; }) - # JBoss service - ++ optional config.services.jboss.enable - (import ../upstart-jobs/jboss.nix { - inherit config pkgs; - }) - # Apache Tomcat service ++ optional config.services.tomcat.enable (import ../upstart-jobs/tomcat.nix { diff --git a/upstart-jobs/jboss.nix b/upstart-jobs/jboss.nix index 6c35fe06436..322ed92b920 100644 --- a/upstart-jobs/jboss.nix +++ b/upstart-jobs/jboss.nix @@ -1,21 +1,82 @@ -args: with args; +{pkgs, config, ...}: +###### interface +let + inherit (pkgs.lib) mkOption mkIf; + + options = { + services = { + jboss = { + enable = mkOption { + default = false; + description = "Whether to enable jboss"; + }; + + tempDir = mkOption { + default = "/tmp"; + description = "Location where JBoss stores its temp files"; + }; + + logDir = mkOption { + default = "/var/log/jboss"; + description = "Location of the logfile directory of JBoss"; + }; + + serverDir = mkOption { + description = "Location of the server instance files"; + default = "/var/jboss/server"; + }; + + deployDir = mkOption { + description = "Location of the deployment files"; + default = "/nix/var/nix/profiles/default/server/default/deploy/"; + }; + + libUrl = mkOption { + default = "file:///nix/var/nix/profiles/default/server/default/lib"; + description = "Location where the shared library JARs are stored"; + }; + + user = mkOption { + default = "nobody"; + description = "User account under which jboss runs."; + }; + + useJK = mkOption { + default = false; + description = "Whether to use to connector to the Apache HTTP server"; + }; + }; + }; + }; +in + +###### implementation let cfg = config.services.jboss; -jbossService = import ../services/jboss { +jbossService = import ../../services/jboss { inherit (pkgs) stdenv jboss su; inherit (cfg) tempDir logDir libUrl deployDir serverDir user useJK; }; in -{ - name = "jboss"; - job = " -description \"JBoss server\" -stop on shutdown +mkIf config.services.jboss.enable { + require = [ + options + ]; -respawn ${jbossService}/bin/control start - "; + services = { + extraJobs = [{ + name = "jboss"; + job = '' + description \"JBoss server\" + + stop on shutdown + + respawn ${jbossService}/bin/control start + ''; + }]; + }; } From eacbb7c38e63e5f9bd77ca876e9013253c35c99f Mon Sep 17 00:00:00 2001 From: Marc Weber Date: Fri, 6 Mar 2009 12:26:34 +0000 Subject: [PATCH 63/91] Convert "tomcat" svn path=/nixos/branches/fix-style/; revision=14380 --- system/options.nix | 48 +------- upstart-jobs/default.nix | 6 - upstart-jobs/tomcat.nix | 256 ++++++++++++++++++++++++--------------- 3 files changed, 162 insertions(+), 148 deletions(-) diff --git a/system/options.nix b/system/options.nix index 4c988d0b1bf..693e8ae777e 100644 --- a/system/options.nix +++ b/system/options.nix @@ -480,53 +480,6 @@ in }; - tomcat = { - enable = mkOption { - default = false; - description = "Whether to enable Apache Tomcat"; - }; - - baseDir = mkOption { - default = "/var/tomcat"; - description = "Location where Tomcat stores configuration files, webapplications and logfiles"; - }; - - user = mkOption { - default = "tomcat"; - description = "User account under which Apache Tomcat runs."; - }; - - deployFrom = mkOption { - default = ""; - description = "Location where webapplications are stored. Leave empty to use the baseDir."; - }; - - javaOpts = mkOption { - default = ""; - description = "Parameters to pass to the Java Virtual Machine which spawns Apache Tomcat"; - }; - - catalinaOpts = mkOption { - default = ""; - description = "Parameters to pass to the Java Virtual Machine which spawns the Catalina servlet container"; - }; - - sharedLibFrom = mkOption { - default = ""; - description = "Location where shared libraries are stored. Leave empty to use the baseDir."; - }; - - commonLibFrom = mkOption { - default = ""; - description = "Location where common libraries are stored. Leave empty to use the baseDir."; - }; - - contextXML = mkOption { - default = ""; - description = "Location of the context.xml to use. Leave empty to use the default."; - }; - }; - httpd = { enable = mkOption { @@ -1302,6 +1255,7 @@ in (import ../upstart-jobs/gnunet.nix) (import ../upstart-jobs/ejabberd.nix) # untested, dosen't compile on x86_64-linux (import ../upstart-jobs/jboss.nix) + (import ../upstart-jobs/tomcat.nix) # untested, too lazy to get that jdk # nix (import ../upstart-jobs/nix.nix) # nix options and daemon diff --git a/upstart-jobs/default.nix b/upstart-jobs/default.nix index 684eb7dd36d..8493fc0b226 100644 --- a/upstart-jobs/default.nix +++ b/upstart-jobs/default.nix @@ -174,12 +174,6 @@ let inherit config pkgs; }) - # Apache Tomcat service - ++ optional config.services.tomcat.enable - (import ../upstart-jobs/tomcat.nix { - inherit config pkgs; - }) - # Samba service. ++ optional config.services.samba.enable (import ../upstart-jobs/samba.nix { diff --git a/upstart-jobs/tomcat.nix b/upstart-jobs/tomcat.nix index 233da6abe38..f714e2387f3 100644 --- a/upstart-jobs/tomcat.nix +++ b/upstart-jobs/tomcat.nix @@ -1,109 +1,175 @@ -args: with args; +{pkgs, config, ...}: + +###### interface +let + inherit (pkgs.lib) mkOption mkIf; + + options = { + services = { + tomcat = { + enable = mkOption { + default = false; + description = "Whether to enable Apache Tomcat"; + }; + + baseDir = mkOption { + default = "/var/tomcat"; + description = "Location where Tomcat stores configuration files, webapplications and logfiles"; + }; + + user = mkOption { + default = "tomcat"; + description = "User account under which Apache Tomcat runs."; + }; + + deployFrom = mkOption { + default = ""; + description = "Location where webapplications are stored. Leave empty to use the baseDir."; + }; + + javaOpts = mkOption { + default = ""; + description = "Parameters to pass to the Java Virtual Machine which spawns Apache Tomcat"; + }; + + catalinaOpts = mkOption { + default = ""; + description = "Parameters to pass to the Java Virtual Machine which spawns the Catalina servlet container"; + }; + + sharedLibFrom = mkOption { + default = ""; + description = "Location where shared libraries are stored. Leave empty to use the baseDir."; + }; + + commonLibFrom = mkOption { + default = ""; + description = "Location where common libraries are stored. Leave empty to use the baseDir."; + }; + + contextXML = mkOption { + default = ""; + description = "Location of the context.xml to use. Leave empty to use the default."; + }; + }; + }; + }; +in + +###### implementation let cfg = config.services.tomcat; in -{ - name = "tomcat"; - - groups = [ - { name = "tomcat"; - gid = (import ../system/ids.nix).gids.tomcat; - } +mkIf config.services.tomcat.enable { + require = [ + options ]; - - users = [ - { name = "tomcat"; - uid = (import ../system/ids.nix).uids.tomcat; - description = "Tomcat user"; - home = "/homeless-shelter"; - } - ]; - - job = '' - description "Apache Tomcat server" - start on network-interface/started - stop on network-interfaces/stop - - start script - # Create initial state data + services = { + extraJobs = [{ + name = "tomcat"; + + groups = [ + { name = "tomcat"; + gid = (import ../system/ids.nix).gids.tomcat; + } + ]; + + users = [ + { name = "tomcat"; + uid = (import ../system/ids.nix).uids.tomcat; + description = "Tomcat user"; + home = "/homeless-shelter"; + } + ]; + + job = '' + description "Apache Tomcat server" + + start on network-interface/started + stop on network-interfaces/stop - if ! test -d ${cfg.baseDir} - then - mkdir -p ${cfg.baseDir}/webapps - mkdir -p ${cfg.baseDir}/shared - mkdir -p ${cfg.baseDir}/lib - cp -av ${pkgs.tomcat6}/{conf,temp,logs} ${cfg.baseDir} - fi - - # Deploy context.xml - - if test "${cfg.contextXML}" = "" - then - cp ${pkgs.tomcat6}/conf/context.xml.default ${cfg.baseDir}/conf/context.xml - else - cp ${cfg.contextXML} ${cfg.baseDir}/conf/context.xml - fi - - # Deploy all webapplications - - if ! test "${cfg.deployFrom}" = "" - then - rm -rf ${cfg.baseDir}/webapps - mkdir -p ${cfg.baseDir}/webapps - for i in ${cfg.deployFrom}/* + start script + # Create initial state data + + if ! test -d ${cfg.baseDir} + then + mkdir -p ${cfg.baseDir}/webapps + mkdir -p ${cfg.baseDir}/shared + mkdir -p ${cfg.baseDir}/lib + cp -av ${pkgs.tomcat6}/{conf,temp,logs} ${cfg.baseDir} + fi + + # Deploy context.xml + + if test "${cfg.contextXML}" = "" + then + cp ${pkgs.tomcat6}/conf/context.xml.default ${cfg.baseDir}/conf/context.xml + else + cp ${cfg.contextXML} ${cfg.baseDir}/conf/context.xml + fi + + # Deploy all webapplications + + if ! test "${cfg.deployFrom}" = "" + then + rm -rf ${cfg.baseDir}/webapps + mkdir -p ${cfg.baseDir}/webapps + for i in ${cfg.deployFrom}/* + do + cp -rL $i ${cfg.baseDir}/webapps + done + fi + + # Fix permissions + + chown -R ${cfg.user} ${cfg.baseDir} + + for i in `find ${cfg.baseDir} -type d` do - cp -rL $i ${cfg.baseDir}/webapps + chmod -v 755 $i + done + + for i in `find ${cfg.baseDir} -type f` + do + chmod -v 644 $i done - fi - - # Fix permissions - - chown -R ${cfg.user} ${cfg.baseDir} - - for i in `find ${cfg.baseDir} -type d` - do - chmod -v 755 $i - done - - for i in `find ${cfg.baseDir} -type f` - do - chmod -v 644 $i - done - # Deploy all common libraries - - rm -rf ${cfg.baseDir}/lib/* - - if test "${cfg.commonLibFrom}" = "" - then - commonLibFrom="${pkgs.tomcat6}/lib"; - else - commonLibFrom="${cfg.commonLibFrom}"; - fi - - for i in $commonLibFrom/*.jar - do - ln -s $i ${cfg.baseDir}/lib - done + # Deploy all common libraries + + rm -rf ${cfg.baseDir}/lib/* + + if test "${cfg.commonLibFrom}" = "" + then + commonLibFrom="${pkgs.tomcat6}/lib"; + else + commonLibFrom="${cfg.commonLibFrom}"; + fi + + for i in $commonLibFrom/*.jar + do + ln -s $i ${cfg.baseDir}/lib + done - # Deploy all shared libraries + # Deploy all shared libraries + + if ! test "${cfg.sharedLibFrom}" = "" + then + rm -f ${cfg.baseDir}/shared/lib + ln -s ${cfg.sharedLibFrom} ${cfg.baseDir}/shared/lib + fi + + end script - if ! test "${cfg.sharedLibFrom}" = "" - then - rm -f ${cfg.baseDir}/shared/lib - ln -s ${cfg.sharedLibFrom} ${cfg.baseDir}/shared/lib - fi - - end script - - respawn ${pkgs.su}/bin/su -s ${pkgs.bash}/bin/sh ${cfg.user} -c 'CATALINA_BASE=${cfg.baseDir} JAVA_HOME=${pkgs.jdk} JAVA_OPTS="${cfg.javaOpts}" CATALINA_OPTS="${cfg.catalinaOpts}" ${pkgs.tomcat6}/bin/startup.sh; sleep 1000d' - - stop script - echo "Stopping tomcat..." - CATALINA_BASE=${cfg.baseDir} JAVA_HOME=${pkgs.jdk} ${pkgs.su}/bin/su -s ${pkgs.bash}/bin/sh ${cfg.user} -c ${pkgs.tomcat6}/bin/shutdown.sh - end script - ''; + respawn ${pkgs.su}/bin/su -s ${pkgs.bash}/bin/sh ${cfg.user} -c 'CATALINA_BASE=${cfg.baseDir} JAVA_HOME=${pkgs.jdk} JAVA_OPTS="${cfg.javaOpts}" CATALINA_OPTS="${cfg.catalinaOpts}" ${pkgs.tomcat6}/bin/startup.sh; sleep 1000d' + + stop script + echo "Stopping tomcat..." + CATALINA_BASE=${cfg.baseDir} JAVA_HOME=${pkgs.jdk} ${pkgs.su}/bin/su -s ${pkgs.bash}/bin/sh ${cfg.user} -c ${pkgs.tomcat6}/bin/shutdown.sh + end script + ''; + }]; + }; } From e95773a38fc13aa7abed4e1048ac9b2aeb48a527 Mon Sep 17 00:00:00 2001 From: Marc Weber Date: Fri, 6 Mar 2009 12:26:36 +0000 Subject: [PATCH 64/91] typo svn path=/nixos/branches/fix-style/; revision=14381 --- upstart-jobs/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/upstart-jobs/default.nix b/upstart-jobs/default.nix index 8493fc0b226..e5a9cd6eba7 100644 --- a/upstart-jobs/default.nix +++ b/upstart-jobs/default.nix @@ -19,7 +19,7 @@ let exec sh -c "echo 'hello world' | ${pkgs.netcat}/bin/nc -l -p 9000" ''; } ]; - # should have some checks to everify the syntax + # should have some checks to verify the syntax merge = pkgs.lib.mergeListOption; description = " Additional Upstart jobs. From e7b7d62777ba701ed676a989ca714c95baad248c Mon Sep 17 00:00:00 2001 From: Marc Weber Date: Fri, 6 Mar 2009 12:26:41 +0000 Subject: [PATCH 65/91] Convert "httpd" and "apache-httpd" svn path=/nixos/branches/fix-style/; revision=14382 --- system/options.nix | 198 +---------------- upstart-jobs/apache-httpd/default.nix | 309 ++++++++++++++++++++++---- upstart-jobs/default.nix | 15 -- upstart-jobs/httpd.nix | 84 ++++--- 4 files changed, 316 insertions(+), 290 deletions(-) diff --git a/system/options.nix b/system/options.nix index 693e8ae777e..ad7f28c5484 100644 --- a/system/options.nix +++ b/system/options.nix @@ -479,202 +479,6 @@ in }; - - httpd = { - - enable = mkOption { - default = false; - description = " - Whether to enable the Apache httpd server. - "; - }; - - experimental = mkOption { - default = false; - description = " - Whether to use the new-style Apache configuration. - "; - }; - - extraConfig = mkOption { - default = ""; - description = " - These configuration lines will be passed verbatim to the apache config - "; - }; - - extraModules = mkOption { - default = []; - example = [ "proxy_connect" { name = "php5_module"; path = "${pkgs.php}/modules/libphp5.so"; } ]; - description = '' - Specifies additional Apache modules. These can be specified - as a string in the case of modules distributed with Apache, - or as an attribute set specifying the - name and path of the - module. - ''; - }; - - logPerVirtualHost = mkOption { - default = false; - description = " - If enabled, each virtual host gets its own - access_log and - error_log, namely suffixed by the - of the virtual host. - "; - }; - - user = mkOption { - default = "wwwrun"; - description = " - User account under which httpd runs. The account is created - automatically if it doesn't exist. - "; - }; - - group = mkOption { - default = "wwwrun"; - description = " - Group under which httpd runs. The account is created - automatically if it doesn't exist. - "; - }; - - logDir = mkOption { - default = "/var/log/httpd"; - description = " - Directory for Apache's log files. It is created automatically. - "; - }; - - stateDir = mkOption { - default = "/var/run/httpd"; - description = " - Directory for Apache's transient runtime state (such as PID - files). It is created automatically. Note that the default, - /var/run/httpd, is deleted at boot time. - "; - }; - - mod_php = mkOption { - default = false; - description = "Whether to enable the PHP module."; - }; - - mod_jk = { - enable = mkOption { - default = false; - description = "Whether to enable the Apache Tomcat connector."; - }; - - applicationMappings = mkOption { - default = []; - description = "List of Java webapplications that should be mapped to the servlet container (Tomcat/JBoss)"; - }; - }; - - virtualHosts = mkOption { - default = []; - example = [ - { hostName = "foo"; - documentRoot = "/data/webroot-foo"; - } - { hostName = "bar"; - documentRoot = "/data/webroot-bar"; - } - ]; - description = '' - Specification of the virtual hosts served by Apache. Each - element should be an attribute set specifying the - configuration of the virtual host. The available options - are the non-global options permissible for the main host. - ''; - }; - - subservices = { - - # !!! remove this - subversion = { - - enable = mkOption { - default = false; - description = " - Whether to enable the Subversion subservice in the webserver. - "; - }; - - notificationSender = mkOption { - default = "svn-server@example.org"; - example = "svn-server@example.org"; - description = " - The email address used in the Sender field of commit - notification messages sent by the Subversion subservice. - "; - }; - - userCreationDomain = mkOption { - default = "example.org"; - example = "example.org"; - description = " - The domain from which user creation is allowed. A client can - only create a new user account if its IP address resolves to - this domain. - "; - }; - - autoVersioning = mkOption { - default = false; - description = " - Whether you want the Subversion subservice to support - auto-versioning, which enables Subversion repositories to be - mounted as read/writable file systems on operating systems that - support WebDAV. - "; - }; - - dataDir = mkOption { - default = "/no/such/path/exists"; - description = " - Place to put SVN repository. - "; - }; - - organization = { - - name = mkOption { - default = null; - description = " - Name of the organization hosting the Subversion service. - "; - }; - - url = mkOption { - default = null; - description = " - URL of the website of the organization hosting the Subversion service. - "; - }; - - logo = mkOption { - default = null; - description = " - Logo the organization hosting the Subversion service. - "; - }; - - }; - - }; - - }; - - } // # Include the options shared between the main server and virtual hosts. - (import ../upstart-jobs/apache-httpd/per-server-options.nix { - inherit mkOption; - forMainServer = true; - }); - vsftpd = { enable = mkOption { default = false; @@ -1256,6 +1060,8 @@ in (import ../upstart-jobs/ejabberd.nix) # untested, dosen't compile on x86_64-linux (import ../upstart-jobs/jboss.nix) (import ../upstart-jobs/tomcat.nix) # untested, too lazy to get that jdk + (import ../upstart-jobs/httpd.nix) # Apache httpd (probably this can be removed ?) + (import ../upstart-jobs/apache-httpd) # Apache httpd (new style). # nix (import ../upstart-jobs/nix.nix) # nix options and daemon diff --git a/upstart-jobs/apache-httpd/default.nix b/upstart-jobs/apache-httpd/default.nix index ee15dc06f01..aab5d331d10 100644 --- a/upstart-jobs/apache-httpd/default.nix +++ b/upstart-jobs/apache-httpd/default.nix @@ -1,6 +1,209 @@ -{config, pkgs}: +{pkgs, config, ...}: +###### interface let + inherit (pkgs.lib) mkOption mkIf; + + options = { + services = { + httpd = { + + enable = mkOption { + default = false; + description = " + Whether to enable the Apache httpd server. + "; + }; + + experimental = mkOption { + default = false; + description = " + Whether to use the new-style Apache configuration. + "; + }; + + extraConfig = mkOption { + default = ""; + description = " + These configuration lines will be passed verbatim to the apache config + "; + }; + + extraModules = mkOption { + default = []; + example = [ "proxy_connect" { name = "php5_module"; path = "${pkgs.php}/modules/libphp5.so"; } ]; + description = '' + Specifies additional Apache modules. These can be specified + as a string in the case of modules distributed with Apache, + or as an attribute set specifying the + name and path of the + module. + ''; + }; + + logPerVirtualHost = mkOption { + default = false; + description = " + If enabled, each virtual host gets its own + access_log and + error_log, namely suffixed by the + of the virtual host. + "; + }; + + user = mkOption { + default = "wwwrun"; + description = " + User account under which httpd runs. The account is created + automatically if it doesn't exist. + "; + }; + + group = mkOption { + default = "wwwrun"; + description = " + Group under which httpd runs. The account is created + automatically if it doesn't exist. + "; + }; + + logDir = mkOption { + default = "/var/log/httpd"; + description = " + Directory for Apache's log files. It is created automatically. + "; + }; + + stateDir = mkOption { + default = "/var/run/httpd"; + description = " + Directory for Apache's transient runtime state (such as PID + files). It is created automatically. Note that the default, + /var/run/httpd, is deleted at boot time. + "; + }; + + mod_php = mkOption { + default = false; + description = "Whether to enable the PHP module."; + }; + + mod_jk = { + enable = mkOption { + default = false; + description = "Whether to enable the Apache Tomcat connector."; + }; + + applicationMappings = mkOption { + default = []; + description = "List of Java webapplications that should be mapped to the servlet container (Tomcat/JBoss)"; + }; + }; + + virtualHosts = mkOption { + default = []; + example = [ + { hostName = "foo"; + documentRoot = "/data/webroot-foo"; + } + { hostName = "bar"; + documentRoot = "/data/webroot-bar"; + } + ]; + description = '' + Specification of the virtual hosts served by Apache. Each + element should be an attribute set specifying the + configuration of the virtual host. The available options + are the non-global options permissible for the main host. + ''; + }; + + subservices = { + + # !!! remove this + subversion = { + + enable = mkOption { + default = false; + description = " + Whether to enable the Subversion subservice in the webserver. + "; + }; + + notificationSender = mkOption { + default = "svn-server@example.org"; + example = "svn-server@example.org"; + description = " + The email address used in the Sender field of commit + notification messages sent by the Subversion subservice. + "; + }; + + userCreationDomain = mkOption { + default = "example.org"; + example = "example.org"; + description = " + The domain from which user creation is allowed. A client can + only create a new user account if its IP address resolves to + this domain. + "; + }; + + autoVersioning = mkOption { + default = false; + description = " + Whether you want the Subversion subservice to support + auto-versioning, which enables Subversion repositories to be + mounted as read/writable file systems on operating systems that + support WebDAV. + "; + }; + + dataDir = mkOption { + default = "/no/such/path/exists"; + description = " + Place to put SVN repository. + "; + }; + + organization = { + + name = mkOption { + default = null; + description = " + Name of the organization hosting the Subversion service. + "; + }; + + url = mkOption { + default = null; + description = " + URL of the website of the organization hosting the Subversion service. + "; + }; + + logo = mkOption { + default = null; + description = " + Logo the organization hosting the Subversion service. + "; + }; + + }; + + }; + + }; + } // # Include the options shared between the main server and virtual hosts. + (import ../../upstart-jobs/apache-httpd/per-server-options.nix { + inherit mkOption; + forMainServer = true; + }); + }; + }; + + +###### implementation mainCfg = config.services.httpd; @@ -361,65 +564,75 @@ let in -{ - name = "httpd"; - - users = [ - { name = mainCfg.user; - description = "Apache httpd user"; - } +mkIf (config.services.httpd.enable && config.services.httpd.experimental) { + require = [ + options ]; - groups = [ - { name = mainCfg.group; - } - ]; + users = { + extraUsers = [ + { name = mainCfg.user; + description = "Apache httpd user"; + } + ]; + extraGroups = [ + { name = mainCfg.group; + } + ]; + }; - extraPath = [httpd] ++ concatMap (svc: svc.extraPath) allSubservices; + services = { + extraJobs = [{ + name = "httpd"; - # Statically verify the syntactic correctness of the generated - # httpd.conf. !!! this is impure! It doesn't just check for - # syntax, but also whether the Apache user/group exist, whether SSL - # keys exist, etc. - buildHook = '' - echo - echo '=== Checking the generated Apache configuration file ===' - ${httpd}/bin/httpd -f ${httpdConf} -t || true - ''; + extraPath = [httpd] ++ concatMap (svc: svc.extraPath) allSubservices; - job = '' - description "Apache HTTPD" + # Statically verify the syntactic correctness of the generated + # httpd.conf. !!! this is impure! It doesn't just check for + # syntax, but also whether the Apache user/group exist, whether SSL + # keys exist, etc. + buildHook = '' + echo + echo '=== Checking the generated Apache configuration file ===' + ${httpd}/bin/httpd -f ${httpdConf} -t || true + ''; - start on ${startingDependency}/started - stop on shutdown + job = '' + description "Apache HTTPD" - start script - mkdir -m 0700 -p ${mainCfg.stateDir} - mkdir -m 0700 -p ${mainCfg.logDir} + start on ${startingDependency}/started + stop on shutdown - # Get rid of old semaphores. These tend to accumulate across - # server restarts, eventually preventing it from restarting - # succesfully. - for i in $(${pkgs.utillinux}/bin/ipcs -s | grep ' ${mainCfg.user} ' | cut -f2 -d ' '); do - ${pkgs.utillinux}/bin/ipcrm -s $i - done + start script + mkdir -m 0700 -p ${mainCfg.stateDir} + mkdir -m 0700 -p ${mainCfg.logDir} - # Run the startup hooks for the subservices. - for i in ${toString (map (svn: svn.startupScript) allSubservices)}; do - echo Running Apache startup hook $i... - $i - done - end script + # Get rid of old semaphores. These tend to accumulate across + # server restarts, eventually preventing it from restarting + # succesfully. + for i in $(${pkgs.utillinux}/bin/ipcs -s | grep ' ${mainCfg.user} ' | cut -f2 -d ' '); do + ${pkgs.utillinux}/bin/ipcrm -s $i + done - ${ - let f = {name, value}: "env ${name}=${value}\n"; - in concatMapStrings f (pkgs.lib.concatMap (svc: svc.globalEnvVars) allSubservices) - } + # Run the startup hooks for the subservices. + for i in ${toString (map (svn: svn.startupScript) allSubservices)}; do + echo Running Apache startup hook $i... + $i + done + end script - env PATH=${pkgs.coreutils}/bin:${pkgs.gnugrep}/bin:${pkgs.lib.concatStringsSep ":" (pkgs.lib.concatMap (svc: svc.extraServerPath) allSubservices)} + ${ + let f = {name, value}: "env ${name}=${value}\n"; + in concatMapStrings f (pkgs.lib.concatMap (svc: svc.globalEnvVars) allSubservices) + } - respawn ${httpd}/bin/httpd -f ${httpdConf} -DNO_DETACH - ''; + env PATH=${pkgs.coreutils}/bin:${pkgs.gnugrep}/bin:${pkgs.lib.concatStringsSep ":" (pkgs.lib.concatMap (svc: svc.extraServerPath) allSubservices)} + respawn ${httpd}/bin/httpd -f ${httpdConf} -DNO_DETACH + ''; + + }]; + }; } + diff --git a/upstart-jobs/default.nix b/upstart-jobs/default.nix index e5a9cd6eba7..347af40204e 100644 --- a/upstart-jobs/default.nix +++ b/upstart-jobs/default.nix @@ -141,21 +141,6 @@ let inherit config; }) - # Apache httpd. - ++ optional (config.services.httpd.enable && !config.services.httpd.experimental) - (import ../upstart-jobs/httpd.nix { - inherit config pkgs; - inherit (pkgs) glibc; - extraConfig = pkgs.lib.concatStringsSep "\n" - (map (job: job.extraHttpdConfig) jobs); - }) - - # Apache httpd (new style). - ++ optional (config.services.httpd.enable && config.services.httpd.experimental) - (import ../upstart-jobs/apache-httpd { - inherit config pkgs; - }) - # MySQL server ++ optional config.services.mysql.enable (import ../upstart-jobs/mysql.nix { diff --git a/upstart-jobs/httpd.nix b/upstart-jobs/httpd.nix index f9613f931ff..1dd25afbf9c 100644 --- a/upstart-jobs/httpd.nix +++ b/upstart-jobs/httpd.nix @@ -1,4 +1,14 @@ -{config, pkgs, glibc, extraConfig}: +{pkgs, config, ...}: + +###### interface +let + inherit (pkgs.lib) mkOption mkIf; + + # options have been moved to the apache-httpd/default.nix file + +in + +###### implementation let @@ -21,6 +31,11 @@ let applicationMappings = cfg.mod_jk.applicationMappings; startingDependency = if config.services.gw6c.enable && config.services.gw6c.autorun then "gw6c" else "network-interfaces"; + + + extraConfig = pkgs.lib.concatStringsSep "\n" + (pkgs.lib.catAttrs "extraHttpdConfig" config.services.extraJobs); + webServer = import ../../services/apache-httpd { inherit (pkgs) apacheHttpd coreutils; @@ -32,6 +47,7 @@ let user group adminAddr logDir stateDir applicationMappings; noUserDir = !cfg.enableUserDir; + extraDirectories = extraConfig + "\n" + cfg.extraConfig; subServices = @@ -72,41 +88,47 @@ let ) ) ) - ) - /* ++ - - (optional cfg.extraSubservices.enable - (map (service : service webServer pkgs) cfg.extraSubservices.services) - ) */; + ); }; in -{ - name = "httpd"; - - users = [ - { name = user; - description = "Apache httpd user"; - } +mkIf (config.services.httpd.enable && !config.services.httpd.experimental) { + + require = [ + # options have been moved to the apache-httpd/default.nix file ]; - groups = [ - { name = group; - } - ]; - - job = " -description \"Apache HTTPD\" - -start on ${startingDependency}/started -stop on ${startingDependency}/stop - -start script - ${webServer}/bin/control prepare -end script - -respawn ${webServer}/bin/control run - "; + users = { + extraUsers = [ + { name = user; + description = "Apache httpd user"; + } + ]; + + extraGroups = [ + { name = group; + } + ]; + }; + + services = { + extraJobs = [{ + name = "httpd"; + + job = '' + description \"Apache HTTPD\" + + start on ${startingDependency}/started + stop on ${startingDependency}/stop + + start script + ${webServer}/bin/control prepare + end script + + respawn ${webServer}/bin/control run + ''; + }]; + }; } From 4d0761beb22ef28d007ecf21b69eec01fb0568fd Mon Sep 17 00:00:00 2001 From: Marc Weber Date: Fri, 6 Mar 2009 12:26:43 +0000 Subject: [PATCH 66/91] Convert "vsftpd" svn path=/nixos/branches/fix-style/; revision=14383 --- system/options.nix | 38 +------- upstart-jobs/default.nix | 8 -- upstart-jobs/vsftpd.nix | 184 ++++++++++++++++++++++++--------------- 3 files changed, 113 insertions(+), 117 deletions(-) diff --git a/system/options.nix b/system/options.nix index ad7f28c5484..f70abacc359 100644 --- a/system/options.nix +++ b/system/options.nix @@ -479,43 +479,6 @@ in }; - vsftpd = { - enable = mkOption { - default = false; - description = " - Whether to enable the vsftpd FTP server. - "; - }; - - anonymousUser = mkOption { - default = false; - description = " - Whether to enable the anonymous FTP user. - "; - }; - - writeEnable = mkOption { - default = false; - description = " - Whether any write activity is permitted to users. - "; - }; - - anonymousUploadEnable = mkOption { - default = false; - description = " - Whether any uploads are permitted to anonymous users. - "; - }; - - anonymousMkdirEnable = mkOption { - default = false; - description = " - Whether mkdir is permitted to anonymous users. - "; - }; - }; - printing = { enable = mkOption { @@ -1062,6 +1025,7 @@ in (import ../upstart-jobs/tomcat.nix) # untested, too lazy to get that jdk (import ../upstart-jobs/httpd.nix) # Apache httpd (probably this can be removed ?) (import ../upstart-jobs/apache-httpd) # Apache httpd (new style). + (import ../upstart-jobs/vsftpd.nix) # nix (import ../upstart-jobs/nix.nix) # nix options and daemon diff --git a/upstart-jobs/default.nix b/upstart-jobs/default.nix index 347af40204e..1ca038c9221 100644 --- a/upstart-jobs/default.nix +++ b/upstart-jobs/default.nix @@ -172,14 +172,6 @@ let inherit config pkgs modprobe; }) - # VSFTPd server - ++ optional config.services.vsftpd.enable - (import ../upstart-jobs/vsftpd.nix { - inherit (pkgs) vsftpd; - inherit (config.services.vsftpd) anonymousUser - writeEnable anonymousUploadEnable anonymousMkdirEnable; - }) - # X Font Server ++ optional config.services.xfs.enable (import ../upstart-jobs/xfs.nix { diff --git a/upstart-jobs/vsftpd.nix b/upstart-jobs/vsftpd.nix index 01a509ea679..22d11eab51b 100644 --- a/upstart-jobs/vsftpd.nix +++ b/upstart-jobs/vsftpd.nix @@ -1,80 +1,120 @@ -{ vsftpd, anonymousUser -, anonymousUploadEnable, anonymousMkdirEnable, writeEnable -}: +{pkgs, config, ...}: -{ - name = "vsftpd"; +###### interface +let + inherit (pkgs.lib) mkOption mkIf; - groups = [ - { name = "ftp"; - gid = (import ../system/ids.nix).gids.ftp; - } + options = { + services = { + vsftpd = { + enable = mkOption { + default = false; + description = " + Whether to enable the vsftpd FTP server. + "; + }; + + anonymousUser = mkOption { + default = false; + description = " + Whether to enable the anonymous FTP user. + "; + }; + + writeEnable = mkOption { + default = false; + description = " + Whether any write activity is permitted to users. + "; + }; + + anonymousUploadEnable = mkOption { + default = false; + description = " + Whether any uploads are permitted to anonymous users. + "; + }; + + anonymousMkdirEnable = mkOption { + default = false; + description = " + Whether mkdir is permitted to anonymous users. + "; + }; + }; + }; + }; +in + +###### implementation + +let + + inherit (config.services.vsftpd) anonymousUser writeEnable anonymousUploadEnable anonymousMkdirEnable; + inherit (pkgs) vsftpd; + + yesNoOption = p : name : + "${name}=${if p then "YES" else "NO"}"; + +in + +mkIf config.services.vsftpd.enable { + require = [ + options ]; - - users = [ - { name = "vsftpd"; - uid = (import ../system/ids.nix).uids.vsftpd; - description = "VSFTPD user"; - home = "/homeless-shelter"; - } - ] ++ - (if anonymousUser then [ - { name = "ftp"; - uid = (import ../system/ids.nix).uids.ftp; - group = "ftp"; - description = "Anonymous ftp user"; - home = "/home/ftp"; - } - ] - else - []); - - job = " -description \"vsftpd server\" -start on network-interfaces/started -stop on network-interfaces/stop + users = { + extraUsers = [ + { name = "vsftpd"; + uid = (import ../system/ids.nix).uids.vsftpd; + description = "VSFTPD user"; + home = "/homeless-shelter"; + } + ] ++ pkgs.lib.optional anonymousUser + { name = "ftp"; + uid = (import ../system/ids.nix).uids.ftp; + group = "ftp"; + description = "Anonymous ftp user"; + home = "/home/ftp"; + }; -start script - cat > /etc/vsftpd.conf < /etc/vsftpd.conf < Date: Fri, 6 Mar 2009 12:26:46 +0000 Subject: [PATCH 67/91] Convert "printing", CUPS daemon svn path=/nixos/branches/fix-style/; revision=14384 --- system/options.nix | 13 +----- upstart-jobs/cupsd.nix | 88 +++++++++++++++++++++++++++------------- upstart-jobs/default.nix | 6 --- 3 files changed, 61 insertions(+), 46 deletions(-) diff --git a/system/options.nix b/system/options.nix index f70abacc359..91cd0c78a7d 100644 --- a/system/options.nix +++ b/system/options.nix @@ -479,18 +479,6 @@ in }; - printing = { - - enable = mkOption { - default = false; - description = " - Whether to enable printing support through the CUPS daemon. - "; - }; - - }; - - udev = { addFirmware = mkOption { @@ -1026,6 +1014,7 @@ in (import ../upstart-jobs/httpd.nix) # Apache httpd (probably this can be removed ?) (import ../upstart-jobs/apache-httpd) # Apache httpd (new style). (import ../upstart-jobs/vsftpd.nix) + (import ../upstart-jobs/cupsd.nix) # CUPS printing daemon # nix (import ../upstart-jobs/nix.nix) # nix options and daemon diff --git a/upstart-jobs/cupsd.nix b/upstart-jobs/cupsd.nix index ced164a1308..7f5529e6f75 100644 --- a/upstart-jobs/cupsd.nix +++ b/upstart-jobs/cupsd.nix @@ -1,4 +1,26 @@ -{config, pkgs, modprobe}: +{pkgs, config, ...}: + +###### interface +let + inherit (pkgs.lib) mkOption mkIf; + + options = { + services = { + printing = { + + enable = mkOption { + default = false; + description = " + Whether to enable printing support through the CUPS daemon. + "; + }; + + }; + }; + }; +in + +###### implementation let @@ -7,6 +29,8 @@ let inherit (pkgs) cups; + modprobe = config.system.sbin.modprobe; + # Here we can enable additional backends, filters, etc. that are not # part of CUPS itself, e.g. the SMB backend is part of Samba. Since @@ -101,37 +125,45 @@ let in -{ - name = "cupsd"; - extraPath = [cups]; - - extraEtc = [ - # CUPS expects the following files in its ServerRoot. - { source = "${cups}/etc/cups/mime.convs"; - target = "cups/mime.convs"; - } - { source = "${cups}/etc/cups/mime.types"; - target = "cups/mime.types"; - } +mkIf config.services.pulseaudio.enable { + require = [ + options ]; - - job = '' - description "CUPS printing daemon" - start on network-interfaces/started - stop on network-interfaces/stop + services = { + extraJobs = [{ + name = "cupsd"; - start script - mkdir -m 0755 -p ${logDir} - mkdir -m 0700 -p /var/cache/cups - mkdir -m 0700 -p /var/spool/cups + extraPath = [cups]; - # Make USB printers show up. - ${modprobe}/sbin/modprobe usblp || true - end script + extraEtc = [ + # CUPS expects the following files in its ServerRoot. + { source = "${cups}/etc/cups/mime.convs"; + target = "cups/mime.convs"; + } + { source = "${cups}/etc/cups/mime.types"; + target = "cups/mime.types"; + } + ]; + + job = '' + description "CUPS printing daemon" - respawn ${cups}/sbin/cupsd -c ${cupsdConfig} -F - ''; - + start on network-interfaces/started + stop on network-interfaces/stop + + start script + mkdir -m 0755 -p ${logDir} + mkdir -m 0700 -p /var/cache/cups + mkdir -m 0700 -p /var/spool/cups + + # Make USB printers show up. + ${modprobe}/sbin/modprobe usblp || true + end script + + respawn ${cups}/sbin/cupsd -c ${cupsdConfig} -F + ''; + }]; + }; } diff --git a/upstart-jobs/default.nix b/upstart-jobs/default.nix index 1ca038c9221..e185b5a444b 100644 --- a/upstart-jobs/default.nix +++ b/upstart-jobs/default.nix @@ -166,12 +166,6 @@ let inherit (pkgs) glibc samba; }) - # CUPS (printing) daemon. - ++ optional config.services.printing.enable - (import ../upstart-jobs/cupsd.nix { - inherit config pkgs modprobe; - }) - # X Font Server ++ optional config.services.xfs.enable (import ../upstart-jobs/xfs.nix { From e0240ddf3dfce71132f9d479d98dc39e88532a54 Mon Sep 17 00:00:00 2001 From: Marc Weber Date: Fri, 6 Mar 2009 12:26:48 +0000 Subject: [PATCH 68/91] Convert "udev" svn path=/nixos/branches/fix-style/; revision=14385 --- system/options.nix | 34 +-------- upstart-jobs/default.nix | 10 --- upstart-jobs/udev.nix | 145 +++++++++++++++++++++++++++------------ 3 files changed, 102 insertions(+), 87 deletions(-) diff --git a/system/options.nix b/system/options.nix index 91cd0c78a7d..099e99f77e7 100644 --- a/system/options.nix +++ b/system/options.nix @@ -479,39 +479,6 @@ in }; - udev = { - - addFirmware = mkOption { - default = []; - example = ["/mnt/big-storage/firmware/"]; - description = " - To specify firmware that is not too spread to ensure - a package, or have an interactive process of extraction - and cannot be redistributed. - "; - merge = pkgs.lib.mergeListOption; - }; - - addUdevPkgs = mkOption { - default = []; - description = " - List of packages containing udev rules. - "; - merge = pkgs.lib.mergeListOption; - }; - - sndMode = mkOption { - default = "0600"; - example = "0666"; - description = " - Permissions for /dev/snd/*, in case you have multiple - logged in users or if the devices belong to root for - some reason. - "; - }; - }; - - samba = { enable = mkOption { @@ -1015,6 +982,7 @@ in (import ../upstart-jobs/apache-httpd) # Apache httpd (new style). (import ../upstart-jobs/vsftpd.nix) (import ../upstart-jobs/cupsd.nix) # CUPS printing daemon + (import ../upstart-jobs/udev.nix) # The udev daemon creates devices nodes and runs programs when hardware events occur. # nix (import ../upstart-jobs/nix.nix) # nix options and daemon diff --git a/upstart-jobs/default.nix b/upstart-jobs/default.nix index e185b5a444b..43230ec505a 100644 --- a/upstart-jobs/default.nix +++ b/upstart-jobs/default.nix @@ -77,16 +77,6 @@ let inherit config; }) - # The udev daemon creates devices nodes and runs programs when - # hardware events occur. - (import ../upstart-jobs/udev.nix { - inherit modprobe config; - inherit (pkgs) stdenv writeText substituteAll udev procps; - inherit (pkgs.lib) cleanSource; - firmwareDirs = config.services.udev.addFirmware; - extraUdevPkgs = config.services.udev.addUdevPkgs; - }) - # Makes LVM logical volumes available. (import ../upstart-jobs/lvm.nix { inherit modprobe; diff --git a/upstart-jobs/udev.nix b/upstart-jobs/udev.nix index 4662adde222..4765f29176e 100644 --- a/upstart-jobs/udev.nix +++ b/upstart-jobs/udev.nix @@ -1,18 +1,66 @@ -{ stdenv, writeText, substituteAll, cleanSource, udev, procps, firmwareDirs, modprobe -, extraUdevPkgs ? [] -, config -}: +{pkgs, config, ...}: + +###### interface +let + inherit (pkgs.lib) mkOption mkIf; + + options = { + services = { + udev = { + + addFirmware = mkOption { + default = []; + example = ["/mnt/big-storage/firmware/"]; + description = " + To specify firmware that is not too spread to ensure + a package, or have an interactive process of extraction + and cannot be redistributed. + "; + merge = pkgs.lib.mergeListOption; + }; + + addUdevPkgs = mkOption { + default = []; + description = " + List of packages containing udev rules. + "; + merge = pkgs.lib.mergeListOption; + }; + + sndMode = mkOption { + default = "0600"; + example = "0666"; + description = " + Permissions for /dev/snd/*, in case you have multiple + logged in users or if the devices belong to root for + some reason. + "; + }; + }; + }; + }; +in + +###### implementation let + inherit (pkgs) substituteAll stdenv writeText udev procps; + cfg = config.services.udev; + firmwareLoader = substituteAll { src = ./udev-firmware-loader.sh; path = "${stdenv.coreutils}/bin"; isExecutable = true; inherit firmwareDirs; }; + + firmwareDirs = config.services.udev.addFirmware; + extraUdevPkgs = config.services.udev.addUdevPkgs; + + modprobe = config.system.sbin.modprobe; nixRules = writeText "90-nix.rules" '' @@ -86,55 +134,64 @@ let in { - name = "udev"; - - job = '' - start on startup - stop on shutdown - env UDEV_CONFIG_FILE=${conf} + require = [ + options + ]; - start script - echo "" > /proc/sys/kernel/hotplug + services = { + extraJobs = [{ + name = "udev"; + + job = '' + start on startup + stop on shutdown - # Get rid of possible old udev processes. - ${procps}/bin/pkill -u root "^udevd$" || true + env UDEV_CONFIG_FILE=${conf} - # Do the loading of additional stage 2 kernel modules. - # Maybe this isn't the best place... - for i in ${toString config.boot.kernelModules}; do - echo "Loading kernel module $i..." - ${modprobe}/sbin/modprobe $i || true - done + start script + echo "" > /proc/sys/kernel/hotplug - # Start udev. - ${udev}/sbin/udevd --daemon + # Get rid of possible old udev processes. + ${procps}/bin/pkill -u root "^udevd$" || true - # Let udev create device nodes for all modules that have already - # been loaded into the kernel (or for which support is built into - # the kernel). - if ! test -e ${devicesCreated}; then - ${udev}/sbin/udevadm trigger - ${udev}/sbin/udevadm settle # wait for udev to finish - touch ${devicesCreated} - fi + # Do the loading of additional stage 2 kernel modules. + # Maybe this isn't the best place... + for i in ${toString config.boot.kernelModules}; do + echo "Loading kernel module $i..." + ${modprobe}/sbin/modprobe $i || true + done - # Kill udev, let Upstart restart and monitor it. (This is nasty, - # but we have to run `udevadm trigger' first. Maybe we can use - # Upstart's `binary' keyword, but it isn't implemented yet.) - if ! ${procps}/bin/pkill -u root "^udevd$"; then - echo "couldn't stop udevd" - fi + # Start udev. + ${udev}/sbin/udevd --daemon - while ${procps}/bin/pgrep -u root "^udevd$"; do - sleep 1 - done + # Let udev create device nodes for all modules that have already + # been loaded into the kernel (or for which support is built into + # the kernel). + if ! test -e ${devicesCreated}; then + ${udev}/sbin/udevadm trigger + ${udev}/sbin/udevadm settle # wait for udev to finish + touch ${devicesCreated} + fi - initctl emit new-devices - end script + # Kill udev, let Upstart restart and monitor it. (This is nasty, + # but we have to run `udevadm trigger' first. Maybe we can use + # Upstart's `binary' keyword, but it isn't implemented yet.) + if ! ${procps}/bin/pkill -u root "^udevd$"; then + echo "couldn't stop udevd" + fi - respawn ${udev}/sbin/udevd - ''; + while ${procps}/bin/pgrep -u root "^udevd$"; do + sleep 1 + done - passthru = {inherit udevRules;}; + initctl emit new-devices + end script + + respawn ${udev}/sbin/udevd + ''; + + passthru = {inherit udevRules;}; + }]; + }; } From e6144b476332d60d9adc2b61e21bae7f43528d8e Mon Sep 17 00:00:00 2001 From: Marc Weber Date: Fri, 6 Mar 2009 12:26:50 +0000 Subject: [PATCH 69/91] Convert "samba" svn path=/nixos/branches/fix-style/; revision=14386 --- system/options.nix | 13 +---- upstart-jobs/default.nix | 7 --- upstart-jobs/samba.nix | 101 ++++++++++++++++++++++++++------------- 3 files changed, 69 insertions(+), 52 deletions(-) diff --git a/system/options.nix b/system/options.nix index 099e99f77e7..7eb77868e69 100644 --- a/system/options.nix +++ b/system/options.nix @@ -479,18 +479,6 @@ in }; - samba = { - - enable = mkOption { - default = false; - description = " - Whether to enable the samba server. (to communicate with, and provide windows shares) - "; - }; - - }; - - ircdHybrid = { enable = mkOption { @@ -983,6 +971,7 @@ in (import ../upstart-jobs/vsftpd.nix) (import ../upstart-jobs/cupsd.nix) # CUPS printing daemon (import ../upstart-jobs/udev.nix) # The udev daemon creates devices nodes and runs programs when hardware events occur. + (import ../upstart-jobs/samba.nix) # TODO: doesn't start here (?) # nix (import ../upstart-jobs/nix.nix) # nix options and daemon diff --git a/upstart-jobs/default.nix b/upstart-jobs/default.nix index 43230ec505a..6c6b3293f75 100644 --- a/upstart-jobs/default.nix +++ b/upstart-jobs/default.nix @@ -149,13 +149,6 @@ let inherit config pkgs; }) - # Samba service. - ++ optional config.services.samba.enable - (import ../upstart-jobs/samba.nix { - inherit pkgs; - inherit (pkgs) glibc samba; - }) - # X Font Server ++ optional config.services.xfs.enable (import ../upstart-jobs/xfs.nix { diff --git a/upstart-jobs/samba.nix b/upstart-jobs/samba.nix index b1371c6f0f5..90f09a3bdd6 100644 --- a/upstart-jobs/samba.nix +++ b/upstart-jobs/samba.nix @@ -1,4 +1,26 @@ -{pkgs, samba, glibc}: +{pkgs, config, ...}: + +###### interface +let + inherit (pkgs.lib) mkOption mkIf; + + options = { + services = { + samba = { + + enable = mkOption { + default = false; + description = " + Whether to enable the samba server. (to communicate with, and provide windows shares) + "; + }; + + }; + }; + }; +in + +###### implementation let @@ -7,52 +29,65 @@ let smbConfig = ./smb.conf ; + inherit (pkgs) samba; + in -{ - name = "samba"; - users = [ - { name = user; - description = "Samba service user"; - group = group; - } - ]; - groups = [ - { name = group; - } + +mkIf config.services.samba.enable { + require = [ + options ]; - - job = " -description \"Samba Service\" + users = { + extraUsers = [ + { name = user; + description = "Samba service user"; + group = group; + } + ]; + + extraGroups = [ + { name = group; + } + ]; + }; -start on network-interfaces/started -stop on network-interfaces/stop + services = { + extraJobs = [{ + name = "samba"; + job = '' -start script + description "Samba Service" - if ! test -d /home/smbd ; then - mkdir -p /home/smbd - chown ${user} /home/smbd - chmod a+rwx /home/smbd - fi + start on network-interfaces/started + stop on network-interfaces/stop - if ! test -d /var/samba ; then - mkdir -p /var/samba/locks /var/samba/cores/nmbd /var/samba/cores/smbd /var/samba/cores/winbindd - fi + start script - ${samba}/sbin/nmbd -D -s ${smbConfig} & - ${samba}/sbin/smbd -D -s ${smbConfig} & - ${samba}/sbin/winbindd -B -s ${smbConfig} & + if ! test -d /home/smbd ; then + mkdir -p /home/smbd + chown ${user} /home/smbd + chmod a+rwx /home/smbd + fi - ln -fs ${smbConfig} /var/samba/config + if ! test -d /var/samba ; then + mkdir -p /var/samba/locks /var/samba/cores/nmbd /var/samba/cores/smbd /var/samba/cores/winbindd + fi -end script + ${samba}/sbin/nmbd -D -s ${smbConfig} & + ${samba}/sbin/smbd -D -s ${smbConfig} & + ${samba}/sbin/winbindd -B -s ${smbConfig} & -respawn ${samba}/sbin/nmbd -D -s ${smbConfig} &; ${samba}/sbin/smbd -D -s ${smbConfig} &; ${samba}/sbin/winbindd -B & + ln -fs ${smbConfig} /var/samba/config - "; + end script + respawn ${samba}/sbin/nmbd -D -s ${smbConfig} &; ${samba}/sbin/smbd -D -s ${smbConfig} &; ${samba}/sbin/winbindd -B & + + ''; + }]; + }; } From 030a30b4b601ab4736715742eaa502a93d89c1fc Mon Sep 17 00:00:00 2001 From: Marc Weber Date: Fri, 6 Mar 2009 12:26:55 +0000 Subject: [PATCH 70/91] Convert "irc-hybrid" svn path=/nixos/branches/fix-style/; revision=14387 --- system/options.nix | 73 +---------------- upstart-jobs/default.nix | 5 -- upstart-jobs/ircd-hybrid.nix | 150 ++++++++++++++++++++++++++++------- 3 files changed, 122 insertions(+), 106 deletions(-) diff --git a/system/options.nix b/system/options.nix index 7eb77868e69..69ec7553c25 100644 --- a/system/options.nix +++ b/system/options.nix @@ -479,78 +479,6 @@ in }; - ircdHybrid = { - - enable = mkOption { - default = false; - description = " - Enable IRCD. - "; - }; - - serverName = mkOption { - default = "hades.arpa"; - description = " - IRCD server name. - "; - }; - - sid = mkOption { - default = "0NL"; - description = " - IRCD server unique ID in a net of servers. - "; - }; - - description = mkOption { - default = "Hybrid-7 IRC server."; - description = " - IRCD server description. - "; - }; - - rsaKey = mkOption { - default = null; - example = /root/certificates/irc.key; - description = " - IRCD server RSA key. - "; - }; - - certificate = mkOption { - default = null; - example = /root/certificates/irc.pem; - description = " - IRCD server SSL certificate. There are some limitations - read manual. - "; - }; - - adminEmail = mkOption { - default = ""; - example = ""; - description = " - IRCD server administrator e-mail. - "; - }; - - extraIPs = mkOption { - default = []; - example = ["127.0.0.1"]; - description = " - Extra IP's to bind. - "; - }; - - extraPort = mkOption { - default = "7117"; - description = " - Extra port to avoid filtering. - "; - }; - - }; - - xfs = { enable = mkOption { @@ -972,6 +900,7 @@ in (import ../upstart-jobs/cupsd.nix) # CUPS printing daemon (import ../upstart-jobs/udev.nix) # The udev daemon creates devices nodes and runs programs when hardware events occur. (import ../upstart-jobs/samba.nix) # TODO: doesn't start here (?) + (import ../upstart-jobs/ircd-hybrid.nix) # TODO: doesn't compile on x86_64-linux, can't test # nix (import ../upstart-jobs/nix.nix) # nix options and daemon diff --git a/upstart-jobs/default.nix b/upstart-jobs/default.nix index 6c6b3293f75..116f6e1b79a 100644 --- a/upstart-jobs/default.nix +++ b/upstart-jobs/default.nix @@ -155,11 +155,6 @@ let inherit config pkgs; }) - ++ optional config.services.ircdHybrid.enable - (import ../upstart-jobs/ircd-hybrid.nix { - inherit config pkgs; - }) - # Postfix mail server. ++ optional config.services.postfix.enable (import ../upstart-jobs/postfix.nix { diff --git a/upstart-jobs/ircd-hybrid.nix b/upstart-jobs/ircd-hybrid.nix index 4183673cef8..b78c65e96b9 100644 --- a/upstart-jobs/ircd-hybrid.nix +++ b/upstart-jobs/ircd-hybrid.nix @@ -1,38 +1,130 @@ -{config, pkgs}: +{pkgs, config, ...}: + +###### interface let - cfg = config.services.ircdHybrid; - ircdService = import ../services/ircd-hybrid { - stdenv = pkgs.stdenv; - inherit (pkgs) ircdHybrid coreutils - su iproute gnugrep procps; - serverName = cfg.serverName; - sid = cfg.sid; - description = cfg.description; - rsaKey = cfg.rsaKey; - certificate = cfg.certificate; - adminEmail = cfg.adminEmail; - extraIPs = cfg.extraIPs; - extraPort = cfg.extraPort; - gw6cEnabled = (config.services.gw6c.enable) && - (config.services.gw6c.autorun); + inherit (pkgs.lib) mkOption mkIf; + + options = { + services = { + ircdHybrid = { + + enable = mkOption { + default = false; + description = " + Enable IRCD. + "; }; + serverName = mkOption { + default = "hades.arpa"; + description = " + IRCD server name. + "; + }; + + sid = mkOption { + default = "0NL"; + description = " + IRCD server unique ID in a net of servers. + "; + }; + + description = mkOption { + default = "Hybrid-7 IRC server."; + description = " + IRCD server description. + "; + }; + + rsaKey = mkOption { + default = null; + example = /root/certificates/irc.key; + description = " + IRCD server RSA key. + "; + }; + + certificate = mkOption { + default = null; + example = /root/certificates/irc.pem; + description = " + IRCD server SSL certificate. There are some limitations - read manual. + "; + }; + + adminEmail = mkOption { + default = ""; + example = ""; + description = " + IRCD server administrator e-mail. + "; + }; + + extraIPs = mkOption { + default = []; + example = ["127.0.0.1"]; + description = " + Extra IP's to bind. + "; + }; + + extraPort = mkOption { + default = "7117"; + description = " + Extra port to avoid filtering. + "; + }; + + }; + }; + }; +in + +###### implementation + +let + cfg = config.services.ircdHybrid; + ircdService = import ../../services/ircd-hybrid { + stdenv = pkgs.stdenv; + inherit (pkgs) ircdHybrid coreutils + su iproute gnugrep procps; + serverName = cfg.serverName; + sid = cfg.sid; + description = cfg.description; + rsaKey = cfg.rsaKey; + certificate = cfg.certificate; + adminEmail = cfg.adminEmail; + extraIPs = cfg.extraIPs; + extraPort = cfg.extraPort; + gw6cEnabled = (config.services.gw6c.enable) && + (config.services.gw6c.autorun); + }; + startingDependency = if config.services.gw6c.enable then "gw6c" else "network-interfaces"; in -{ - name = "ircd-hybrid"; - users = [ { - name = "ircd"; - description = "IRCD owner."; - } ]; - groups = [{name = "ircd";}]; - job = " -description = \"IRCD Hybrid server.\" -start on ${startingDependency}/started -stop on ${startingDependency}/stop +mkIf config.services.ircdHybrid.enable { + require = [ + options + ]; -respawn ${ircdService}/bin/control start -"; + services = { + extraJobs = [{ + name = "ircd-hybrid"; + users = [ { + name = "ircd"; + description = "IRCD owner."; + } ]; + groups = [{name = "ircd";}]; + job = '' + description = "IRCD Hybrid server." + + start on ${startingDependency}/started + stop on ${startingDependency}/stop + + respawn ${ircdService}/bin/control start + ''; + }]; + }; } From aa786904653d9bcad35fcc67c86dc9ad34ca3bbc Mon Sep 17 00:00:00 2001 From: Marc Weber Date: Fri, 6 Mar 2009 12:26:57 +0000 Subject: [PATCH 71/91] Convert "xfs", problems when enabling warning! svn path=/nixos/branches/fix-style/; revision=14388 --- system/options.nix | 13 +------- upstart-jobs/default.nix | 6 ---- upstart-jobs/xfs.nix | 64 ++++++++++++++++++++++++++++++---------- 3 files changed, 50 insertions(+), 33 deletions(-) diff --git a/system/options.nix b/system/options.nix index 69ec7553c25..5d7c546be27 100644 --- a/system/options.nix +++ b/system/options.nix @@ -479,18 +479,6 @@ in }; - xfs = { - - enable = mkOption { - default = false; - description = " - Whether to enable the X Font Server. - "; - }; - - }; - - mysql = { enable = mkOption { default = false; @@ -901,6 +889,7 @@ in (import ../upstart-jobs/udev.nix) # The udev daemon creates devices nodes and runs programs when hardware events occur. (import ../upstart-jobs/samba.nix) # TODO: doesn't start here (?) (import ../upstart-jobs/ircd-hybrid.nix) # TODO: doesn't compile on x86_64-linux, can't test + (import ../upstart-jobs/xfs.nix) # nix (import ../upstart-jobs/nix.nix) # nix options and daemon diff --git a/upstart-jobs/default.nix b/upstart-jobs/default.nix index 116f6e1b79a..9030af83e4b 100644 --- a/upstart-jobs/default.nix +++ b/upstart-jobs/default.nix @@ -149,12 +149,6 @@ let inherit config pkgs; }) - # X Font Server - ++ optional config.services.xfs.enable - (import ../upstart-jobs/xfs.nix { - inherit config pkgs; - }) - # Postfix mail server. ++ optional config.services.postfix.enable (import ../upstart-jobs/postfix.nix { diff --git a/upstart-jobs/xfs.nix b/upstart-jobs/xfs.nix index 1b36002a348..c7b9d85551d 100644 --- a/upstart-jobs/xfs.nix +++ b/upstart-jobs/xfs.nix @@ -1,20 +1,54 @@ -{ - pkgs, config -}: -if ! config.fonts.enableFontDir then abort "Please enable fontDir (fonts.enableFontDir) to use xfs." else +{pkgs, config, ...}: + +###### interface let - configFile = ./xfs.conf; + inherit (pkgs.lib) mkOption mkIf; + + options = { + services = { + xfs = { + + enable = mkOption { + default = false; + description = " + Whether to enable the X Font Server. + "; + }; + + }; + }; + }; +in + +###### implementation + + +# FIXME: enable this warning again. It's causing "infinite recursion encountered, why?" +# if ! config.fonts.enableFontDir then throw "Please enable fontDir (fonts.enableFontDir) to use xfs." else + +let + configFile = ./xfs.conf; startingDependency = if config.services.gw6c.enable && config.services.gw6c.autorun then "gw6c" else "network-interfaces"; in -rec { - name = "xfs"; - groups = []; - users = []; - job = " - description \"X Font Server\" - start on ${startingDependency}/started - stop on shutdown - respawn ${pkgs.xorg.xfs}/bin/xfs -config ${configFile} - "; +mkIf config.services.xfs.enable { + require = [ + options + ]; + + services = { + + extraJobs = [ (rec { + name = "xfs"; + groups = []; + users = []; + job = '' + description "X Font Server" + start on ${startingDependency}/started + stop on shutdown + + respawn ${pkgs.xorg.xfs}/bin/xfs -config ${configFile} + ''; + })]; + }; } From 72303e9b6c59b3a737cd9776d451be3a314567bc Mon Sep 17 00:00:00 2001 From: Marc Weber Date: Fri, 6 Mar 2009 12:27:00 +0000 Subject: [PATCH 72/91] Convert "mysql" svn path=/nixos/branches/fix-style/; revision=14389 --- system/options.nix | 36 +----------- upstart-jobs/default.nix | 6 -- upstart-jobs/mysql.nix | 115 +++++++++++++++++++++++++++++---------- 3 files changed, 87 insertions(+), 70 deletions(-) diff --git a/system/options.nix b/system/options.nix index 5d7c546be27..5644247d3fa 100644 --- a/system/options.nix +++ b/system/options.nix @@ -479,41 +479,6 @@ in }; - mysql = { - enable = mkOption { - default = false; - description = " - Whether to enable the MySQL server. - "; - }; - - port = mkOption { - default = "3306"; - description = "Port of MySQL"; - }; - - user = mkOption { - default = "mysql"; - description = "User account under which MySQL runs"; - }; - - dataDir = mkOption { - default = "/var/mysql"; - description = "Location where MySQL stores its table files"; - }; - - logError = mkOption { - default = "/var/log/mysql_err.log"; - description = "Location of the MySQL error logfile"; - }; - - pidDir = mkOption { - default = "/var/run/mysql"; - description = "Location of the file which stores the PID of the MySQL server"; - }; - }; - - postgresql = { enable = mkOption { default = false; @@ -890,6 +855,7 @@ in (import ../upstart-jobs/samba.nix) # TODO: doesn't start here (?) (import ../upstart-jobs/ircd-hybrid.nix) # TODO: doesn't compile on x86_64-linux, can't test (import ../upstart-jobs/xfs.nix) + (import ../upstart-jobs/mysql.nix) # nix (import ../upstart-jobs/nix.nix) # nix options and daemon diff --git a/upstart-jobs/default.nix b/upstart-jobs/default.nix index 9030af83e4b..173bb1d4606 100644 --- a/upstart-jobs/default.nix +++ b/upstart-jobs/default.nix @@ -131,12 +131,6 @@ let inherit config; }) - # MySQL server - ++ optional config.services.mysql.enable - (import ../upstart-jobs/mysql.nix { - inherit config pkgs; - }) - # Postgres SQL server ++ optional config.services.postgresql.enable (import ../upstart-jobs/postgresql.nix { diff --git a/upstart-jobs/mysql.nix b/upstart-jobs/mysql.nix index 6756891321b..2ecaa6df4ca 100644 --- a/upstart-jobs/mysql.nix +++ b/upstart-jobs/mysql.nix @@ -1,4 +1,49 @@ -{pkgs, config}: +{pkgs, config, ...}: + +###### interface +let + inherit (pkgs.lib) mkOption mkIf; + + options = { + services = { + mysql = { + enable = mkOption { + default = false; + description = " + Whether to enable the MySQL server. + "; + }; + + port = mkOption { + default = "3306"; + description = "Port of MySQL"; + }; + + user = mkOption { + default = "mysql"; + description = "User account under which MySQL runs"; + }; + + dataDir = mkOption { + default = "/var/mysql"; + description = "Location where MySQL stores its table files"; + }; + + logError = mkOption { + default = "/var/log/mysql_err.log"; + description = "Location of the MySQL error logfile"; + }; + + pidDir = mkOption { + default = "/var/run/mysql"; + description = "Location of the file which stores the PID of the MySQL server"; + }; + }; + }; + }; +in + +###### implementation let @@ -14,39 +59,51 @@ let in -{ - name = "mysql"; - - users = [ - { name = "mysql"; - description = "MySQL server user"; - } + +mkIf config.services.mysql.enable { + require = [ + options ]; - extraPath = [mysql]; - - job = '' - description "MySQL server" + users = { + extraUsers = [ + { name = "mysql"; + description = "MySQL server user"; + } + ]; + }; - stop on shutdown + services = { + extraJobs = [{ + name = "mysql"; + - start script - if ! test -e ${cfg.dataDir}; then - mkdir -m 0700 -p ${cfg.dataDir} - chown -R ${cfg.user} ${cfg.dataDir} - ${mysql}/bin/mysql_install_db ${mysqldOptions} - fi + extraPath = [mysql]; + + job = '' + description "MySQL server" - mkdir -m 0700 -p ${cfg.pidDir} - chown -R ${cfg.user} ${cfg.pidDir} - end script + stop on shutdown - respawn ${mysql}/bin/mysqld ${mysqldOptions} + start script + if ! test -e ${cfg.dataDir}; then + mkdir -m 0700 -p ${cfg.dataDir} + chown -R ${cfg.user} ${cfg.dataDir} + ${mysql}/bin/mysql_install_db ${mysqldOptions} + fi - stop script - pid=$(cat ${pidFile}) - kill "$pid" - ${mysql}/bin/mysql_waitpid "$pid" 1000 - end script - ''; + mkdir -m 0700 -p ${cfg.pidDir} + chown -R ${cfg.user} ${cfg.pidDir} + end script + + respawn ${mysql}/bin/mysqld ${mysqldOptions} + + stop script + pid=$(cat ${pidFile}) + kill "$pid" + ${mysql}/bin/mysql_waitpid "$pid" 1000 + end script + ''; + }]; + }; } From 8e840a7aa4cd99c1d1b100c7a1a8e906f957e80e Mon Sep 17 00:00:00 2001 From: Marc Weber Date: Fri, 6 Mar 2009 12:27:02 +0000 Subject: [PATCH 73/91] Convert "postgresql" svn path=/nixos/branches/fix-style/; revision=14390 --- system/options.nix | 59 +--------------- upstart-jobs/default.nix | 6 -- upstart-jobs/postgresql.nix | 133 ++++++++++++++++++++++++++++-------- 3 files changed, 107 insertions(+), 91 deletions(-) diff --git a/system/options.nix b/system/options.nix index 5644247d3fa..6afc6ee97fa 100644 --- a/system/options.nix +++ b/system/options.nix @@ -479,64 +479,6 @@ in }; - postgresql = { - enable = mkOption { - default = false; - description = " - Whether to run PostgreSQL. - "; - }; - port = mkOption { - default = "5432"; - description = " - Port for PostgreSQL. - "; - }; - logDir = mkOption { - default = "/var/log/postgresql"; - description = " - Log directory for PostgreSQL. - "; - }; - dataDir = mkOption { - default = "/var/db/postgresql"; - description = " - Data directory for PostgreSQL. - "; - }; - subServices = mkOption { - default = []; - description = " - Subservices list. As it is already implememnted, - here is an interface... - "; - }; - authentication = mkOption { - default = '' - # Generated file; do not edit! - local all all ident sameuser - host all all 127.0.0.1/32 md5 - host all all ::1/128 md5 - ''; - description = " - Hosts (except localhost), who you allow to connect. - "; - }; - allowedHosts = mkOption { - default = []; - description = " - Hosts (except localhost), who you allow to connect. - "; - }; - authMethod = mkOption { - default = " ident sameuser "; - description = " - How to authorize users. - Note: ident needs absolute trust to all allowed client hosts."; - }; - }; - - openfire = { enable = mkOption { default = false; @@ -856,6 +798,7 @@ in (import ../upstart-jobs/ircd-hybrid.nix) # TODO: doesn't compile on x86_64-linux, can't test (import ../upstart-jobs/xfs.nix) (import ../upstart-jobs/mysql.nix) + (import ../upstart-jobs/postgresql.nix) # nix (import ../upstart-jobs/nix.nix) # nix options and daemon diff --git a/upstart-jobs/default.nix b/upstart-jobs/default.nix index 173bb1d4606..1075bfd6446 100644 --- a/upstart-jobs/default.nix +++ b/upstart-jobs/default.nix @@ -131,12 +131,6 @@ let inherit config; }) - # Postgres SQL server - ++ optional config.services.postgresql.enable - (import ../upstart-jobs/postgresql.nix { - inherit config pkgs; - }) - # OpenFire XMPP server ++ optional config.services.openfire.enable (import ../upstart-jobs/openfire.nix { diff --git a/upstart-jobs/postgresql.nix b/upstart-jobs/postgresql.nix index a37780678fc..77cf1a582e9 100644 --- a/upstart-jobs/postgresql.nix +++ b/upstart-jobs/postgresql.nix @@ -1,4 +1,72 @@ -{pkgs, config}: +{pkgs, config, ...}: + +###### interface +let + inherit (pkgs.lib) mkOption mkIf; + + options = { + services = { + postgresql = { + enable = mkOption { + default = false; + description = " + Whether to run PostgreSQL. + "; + }; + port = mkOption { + default = "5432"; + description = " + Port for PostgreSQL. + "; + }; + logDir = mkOption { + default = "/var/log/postgresql"; + description = " + Log directory for PostgreSQL. + "; + }; + dataDir = mkOption { + default = "/var/db/postgresql"; + description = " + Data directory for PostgreSQL. + "; + }; + subServices = mkOption { + default = []; + description = " + Subservices list. As it is already implememnted, + here is an interface... + "; + }; + authentication = mkOption { + default = '' + # Generated file; do not edit! + local all all ident sameuser + host all all 127.0.0.1/32 md5 + host all all ::1/128 md5 + ''; + description = " + Hosts (except localhost), who you allow to connect. + "; + }; + allowedHosts = mkOption { + default = []; + description = " + Hosts (except localhost), who you allow to connect. + "; + }; + authMethod = mkOption { + default = " ident sameuser "; + description = " + How to authorize users. + Note: ident needs absolute trust to all allowed client hosts."; + }; + }; + }; + }; +in + +###### implementation let @@ -13,36 +81,47 @@ let in -{ - name = "postgresql"; - - users = [ - { name = "postgres"; - description = "PostgreSQL server user"; - } +mkIf config.services.postgresql.enable { + require = [ + options ]; - groups = [ - { name = "postgres"; } - ]; - extraPath = [postgresql]; + users = { + extraUsers = [ + { name = "postgres"; + description = "PostgreSQL server user"; + } + ]; - job = '' - description "PostgreSQL server" + extraGroups = [ + { name = "postgres"; } + ]; + }; - start on ${startDependency}/started - stop on shutdown - - start script - if ! test -e ${cfg.dataDir}; then - mkdir -m 0700 -p ${cfg.dataDir} - chown -R postgres ${cfg.dataDir} - ${run} -c '${postgresql}/bin/initdb -D ${cfg.dataDir} -U root' - fi - cp -f ${pkgs.writeText "pg_hba.conf" cfg.authentication} ${cfg.dataDir}/pg_hba.conf - end script + services = { + extraJobs = [{ + name = "postgresql"; - respawn ${run} -c '${postgresql}/bin/postgres -D ${cfg.dataDir}' - ''; + extraPath = [postgresql]; + + job = '' + description "PostgreSQL server" + + start on ${startDependency}/started + stop on shutdown + + start script + if ! test -e ${cfg.dataDir}; then + mkdir -m 0700 -p ${cfg.dataDir} + chown -R postgres ${cfg.dataDir} + ${run} -c '${postgresql}/bin/initdb -D ${cfg.dataDir} -U root' + fi + cp -f ${pkgs.writeText "pg_hba.conf" cfg.authentication} ${cfg.dataDir}/pg_hba.conf + end script + + respawn ${run} -c '${postgresql}/bin/postgres -D ${cfg.dataDir}' + ''; + }]; + }; } From e5fd3f271e83c1ab35a57310299ddb410b1e22c8 Mon Sep 17 00:00:00 2001 From: Marc Weber Date: Fri, 6 Mar 2009 12:27:05 +0000 Subject: [PATCH 74/91] Convert "openfire" (problem with assertion) svn path=/nixos/branches/fix-style/; revision=14391 --- system/options.nix | 17 +------- upstart-jobs/default.nix | 6 --- upstart-jobs/openfire.nix | 82 ++++++++++++++++++++++++++++----------- 3 files changed, 61 insertions(+), 44 deletions(-) diff --git a/system/options.nix b/system/options.nix index 6afc6ee97fa..da404602880 100644 --- a/system/options.nix +++ b/system/options.nix @@ -479,22 +479,6 @@ in }; - openfire = { - enable = mkOption { - default = false; - description = " - Whether to enable OpenFire XMPP server. - "; - }; - usePostgreSQL = mkOption { - default = true; - description = " - Whether you use PostgreSQL service for your storage back-end. - "; - }; - }; - - postfix = { enable = mkOption { default = false; @@ -799,6 +783,7 @@ in (import ../upstart-jobs/xfs.nix) (import ../upstart-jobs/mysql.nix) (import ../upstart-jobs/postgresql.nix) + (import ../upstart-jobs/openfire.nix) # nix (import ../upstart-jobs/nix.nix) # nix options and daemon diff --git a/upstart-jobs/default.nix b/upstart-jobs/default.nix index 1075bfd6446..f658e88b90a 100644 --- a/upstart-jobs/default.nix +++ b/upstart-jobs/default.nix @@ -131,12 +131,6 @@ let inherit config; }) - # OpenFire XMPP server - ++ optional config.services.openfire.enable - (import ../upstart-jobs/openfire.nix { - inherit config pkgs; - }) - # Postfix mail server. ++ optional config.services.postfix.enable (import ../upstart-jobs/postfix.nix { diff --git a/upstart-jobs/openfire.nix b/upstart-jobs/openfire.nix index 45338c793e7..365d34a5b26 100644 --- a/upstart-jobs/openfire.nix +++ b/upstart-jobs/openfire.nix @@ -1,7 +1,36 @@ -{pkgs, config}: +{pkgs, config, ...}: -assert config.services.openfire.usePostgreSQL -> config.services.postgresql.enable; +###### interface let + inherit (pkgs.lib) mkOption mkIf; + + options = { + services = { + openfire = { + enable = mkOption { + default = false; + description = " + Whether to enable OpenFire XMPP server. + "; + }; + usePostgreSQL = mkOption { + default = true; + description = " + Whether you use PostgreSQL service for your storage back-end. + "; + }; + }; + }; + }; +in + +###### implementation + +# FIXME (see xfs) +# if (!(config.services.openfire.usePostgreSQL -> config.services.postgresql.enable)) then throw "openfire assertion failed" else +let + inherit (pkgs) jre openfire coreutils which gnugrep gawk gnused; + startDependency = if config.services.openfire.usePostgreSQL then "postgresql" else @@ -10,26 +39,35 @@ let else "network-interfaces"; in -with pkgs; -{ - name = "openfire"; - job = '' - description "OpenFire XMPP server" - start on ${startDependency}/started - stop on shutdown +mkIf config.services.openfire.enable { + require = [ + options + ]; - script - export PATH=${jre}/bin:${openfire}/bin:${coreutils}/bin:${which}/bin:${gnugrep}/bin:${gawk}/bin:${gnused}/bin - export HOME=/tmp - mkdir /var/log/openfire || true - mkdir /etc/openfire || true - for i in ${openfire}/conf.inst/*; do - if ! test -f /etc/openfire/$(basename $i); then - cp $i /etc/openfire/ - fi - done - openfire start - end script - ''; + + services = { + extraJobs = [{ + name = "openfire"; + job = '' + description "OpenFire XMPP server" + + start on ${startDependency}/started + stop on shutdown + + script + export PATH=${jre}/bin:${openfire}/bin:${coreutils}/bin:${which}/bin:${gnugrep}/bin:${gawk}/bin:${gnused}/bin + export HOME=/tmp + mkdir /var/log/openfire || true + mkdir /etc/openfire || true + for i in ${openfire}/conf.inst/*; do + if ! test -f /etc/openfire/$(basename $i); then + cp $i /etc/openfire/ + fi + done + openfire start + end script + ''; + }]; + }; } From 32ec389b157bc40aafe2cc3ca89cdd5a686e47ae Mon Sep 17 00:00:00 2001 From: Marc Weber Date: Fri, 6 Mar 2009 12:27:07 +0000 Subject: [PATCH 75/91] Convert "postfix" svn path=/nixos/branches/fix-style/; revision=14392 --- system/options.nix | 139 +------------------- upstart-jobs/default.nix | 6 - upstart-jobs/postfix.nix | 276 +++++++++++++++++++++++++++++++-------- 3 files changed, 221 insertions(+), 200 deletions(-) diff --git a/system/options.nix b/system/options.nix index da404602880..d2e1197330a 100644 --- a/system/options.nix +++ b/system/options.nix @@ -479,144 +479,6 @@ in }; - postfix = { - enable = mkOption { - default = false; - description =" - Whether to run the Postfix mail server. - "; - }; - user = mkOption { - default = "postfix"; - description = " - How to call postfix user (must be used only for postfix). - "; - }; - group = mkOption { - default = "postfix"; - description = " - How to call postfix group (must be used only for postfix). - "; - }; - setgidGroup = mkOption { - default = "postdrop"; - description = " - How to call postfix setgid group (for postdrop). Should - be uniquely used group. - "; - }; - networks = mkOption { - default = null; - example = ["192.168.0.1/24"]; - description = " - Net masks for trusted - allowed to relay mail to third parties - - hosts. Leave empty to use mynetworks_style configuration or use - default (localhost-only). - "; - }; - networksStyle = mkOption { - default = ""; - description = " - Name of standard way of trusted network specification to use, - leave blank if you specify it explicitly or if you want to use - default (localhost-only). - "; - }; - hostname = mkOption { - default = ""; - description =" - Hostname to use. Leave blank to use just the hostname of machine. - It should be FQDN. - "; - }; - domain = mkOption { - default = ""; - description =" - Domain to use. Leave blank to use hostname minus first component. - "; - }; - origin = mkOption { - default = ""; - description =" - Origin to use in outgoing e-mail. Leave blank to use hostname. - "; - }; - destination = mkOption { - default = null; - example = ["localhost"]; - description = " - Full (!) list of domains we deliver locally. Leave blank for - acceptable Postfix default. - "; - }; - relayDomains = mkOption { - default = null; - example = ["localdomain"]; - description = " - List of domains we agree to relay to. Default is the same as - destination. - "; - }; - relayHost = mkOption { - default = ""; - description = " - Mail relay for outbound mail. - "; - }; - lookupMX = mkOption { - default = false; - description = " - Whether relay specified is just domain whose MX must be used. - "; - }; - postmasterAlias = mkOption { - default = "root"; - description = " - Who should receive postmaster e-mail. - "; - }; - rootAlias = mkOption { - default = ""; - description = " - Who should receive root e-mail. Blank for no redirection. - "; - }; - extraAliases = mkOption { - default = ""; - description = " - Additional entries to put verbatim into aliases file. - "; - }; - - sslCert = mkOption { - default = ""; - description = " - SSL certificate to use. - "; - }; - sslCACert = mkOption { - default = ""; - description = " - SSL certificate of CA. - "; - }; - sslKey = mkOption { - default = ""; - description =" - SSL key to use. - "; - }; - - recipientDelimiter = mkOption { - default = ""; - example = "+"; - description = " - Delimiter for address extension: so mail to user+test can be handled by ~user/.forward+test - "; - }; - - }; - dovecot = { enable = mkOption { default = false; @@ -784,6 +646,7 @@ in (import ../upstart-jobs/mysql.nix) (import ../upstart-jobs/postgresql.nix) (import ../upstart-jobs/openfire.nix) + (import ../upstart-jobs/postfix.nix) # nix (import ../upstart-jobs/nix.nix) # nix options and daemon diff --git a/upstart-jobs/default.nix b/upstart-jobs/default.nix index f658e88b90a..ff8b8a9e9ba 100644 --- a/upstart-jobs/default.nix +++ b/upstart-jobs/default.nix @@ -131,12 +131,6 @@ let inherit config; }) - # Postfix mail server. - ++ optional config.services.postfix.enable - (import ../upstart-jobs/postfix.nix { - inherit config pkgs; - }) - # Dovecot POP3/IMAP server. ++ optional config.services.dovecot.enable (import ../upstart-jobs/dovecot.nix { diff --git a/upstart-jobs/postfix.nix b/upstart-jobs/postfix.nix index e72f12ea842..8db43693b94 100644 --- a/upstart-jobs/postfix.nix +++ b/upstart-jobs/postfix.nix @@ -1,4 +1,154 @@ -{config, pkgs} : +{pkgs, config, ...}: + +###### interface +let + inherit (pkgs.lib) mkOption mkIf; + + options = { + services = { + postfix = { + enable = mkOption { + default = false; + description =" + Whether to run the Postfix mail server. + "; + }; + user = mkOption { + default = "postfix"; + description = " + How to call postfix user (must be used only for postfix). + "; + }; + group = mkOption { + default = "postfix"; + description = " + How to call postfix group (must be used only for postfix). + "; + }; + setgidGroup = mkOption { + default = "postdrop"; + description = " + How to call postfix setgid group (for postdrop). Should + be uniquely used group. + "; + }; + networks = mkOption { + default = null; + example = ["192.168.0.1/24"]; + description = " + Net masks for trusted - allowed to relay mail to third parties - + hosts. Leave empty to use mynetworks_style configuration or use + default (localhost-only). + "; + }; + networksStyle = mkOption { + default = ""; + description = " + Name of standard way of trusted network specification to use, + leave blank if you specify it explicitly or if you want to use + default (localhost-only). + "; + }; + hostname = mkOption { + default = ""; + description =" + Hostname to use. Leave blank to use just the hostname of machine. + It should be FQDN. + "; + }; + domain = mkOption { + default = ""; + description =" + Domain to use. Leave blank to use hostname minus first component. + "; + }; + origin = mkOption { + default = ""; + description =" + Origin to use in outgoing e-mail. Leave blank to use hostname. + "; + }; + destination = mkOption { + default = null; + example = ["localhost"]; + description = " + Full (!) list of domains we deliver locally. Leave blank for + acceptable Postfix default. + "; + }; + relayDomains = mkOption { + default = null; + example = ["localdomain"]; + description = " + List of domains we agree to relay to. Default is the same as + destination. + "; + }; + relayHost = mkOption { + default = ""; + description = " + Mail relay for outbound mail. + "; + }; + lookupMX = mkOption { + default = false; + description = " + Whether relay specified is just domain whose MX must be used. + "; + }; + postmasterAlias = mkOption { + default = "root"; + description = " + Who should receive postmaster e-mail. + "; + }; + rootAlias = mkOption { + default = ""; + description = " + Who should receive root e-mail. Blank for no redirection. + "; + }; + extraAliases = mkOption { + default = ""; + description = " + Additional entries to put verbatim into aliases file. + "; + }; + + sslCert = mkOption { + default = ""; + description = " + SSL certificate to use. + "; + }; + sslCACert = mkOption { + default = ""; + description = " + SSL certificate of CA. + "; + }; + sslKey = mkOption { + default = ""; + description =" + SSL key to use. + "; + }; + + recipientDelimiter = mkOption { + default = ""; + example = "+"; + description = " + Delimiter for address extension: so mail to user+test can be handled by ~user/.forward+test + "; + }; + + }; + }; + }; +in + +###### implementation + let startingDependency = if config.services.gw6c.enable then "gw6c" else "network-interfaces"; @@ -103,62 +253,76 @@ let mainCfFile = pkgs.writeText "postfix-main.cf" mainCf; in -{ - name = "postfix"; - users = [ - { name = user; - description = "Postfix mail server user"; - uid = idList.uids.postfix; - group = group; - } + +mkIf config.services.postfix.enable { + require = [ + options ]; - groups = [ - { name = group; - gid = idList.gids.postfix; - } - { name = setgidGroup; - gid = idList.gids.postdrop; - } - ]; - - - # I copy _lots_ of shipped configuration filed - # that can be left as is. I am afraid the exact - # will list slightly change in next Postfix - # release, so listing them all one-by-one in an - # accurate way is unlikely to be better. - job = '' - description "Postfix mail server job" - - start on ${startingDependency}/started - stop on never - - script - if ! [ -d /var/spool/postfix ]; then - ${pkgs.coreutils}/bin/mkdir -p /var/spool/mail /var/postfix/conf /var/postfix/queue - fi - - ${pkgs.coreutils}/bin/chown -R ${user}.${group} /var/postfix - ${pkgs.coreutils}/bin/chown -R ${user}.${setgidGroup} /var/postfix/queue - ${pkgs.coreutils}/bin/chmod -R ug+rwX /var/postfix/queue - ${pkgs.coreutils}/bin/chown root.root /var/spool/mail - ${pkgs.coreutils}/bin/chmod a+rwxt /var/spool/mail - - ln -sf ${pkgs.postfix}/share/postfix/conf/* /var/postfix/conf - - ln -sf ${aliasesFile} /var/postfix/conf/aliases - ln -sf ${mainCfFile} /var/postfix/conf/main.cf - - ${pkgs.postfix}/sbin/postalias -c /var/postfix/conf /var/postfix/conf/aliases - - ${pkgs.postfix}/sbin/postfix -c /var/postfix/conf start - end script - ''; - - extraEtc = [ - { source = "/var/postfix/conf"; + environment = { + etc = [{ + source = "/var/postfix/conf"; target = "postfix"; - } - ]; + }]; + }; + + users = { + extraUsers = [ + { name = user; + description = "Postfix mail server user"; + uid = idList.uids.postfix; + group = group; + } + ]; + + extraGroups = [ + { name = group; + gid = idList.gids.postfix; + } + { name = setgidGroup; + gid = idList.gids.postdrop; + } + ]; + }; + + services = { + extraJobs = [{ + name = "postfix"; + + + # I copy _lots_ of shipped configuration filed + # that can be left as is. I am afraid the exact + # will list slightly change in next Postfix + # release, so listing them all one-by-one in an + # accurate way is unlikely to be better. + job = '' + description "Postfix mail server job" + + start on ${startingDependency}/started + stop on never + + script + if ! [ -d /var/spool/postfix ]; then + ${pkgs.coreutils}/bin/mkdir -p /var/spool/mail /var/postfix/conf /var/postfix/queue + fi + + ${pkgs.coreutils}/bin/chown -R ${user}.${group} /var/postfix + ${pkgs.coreutils}/bin/chown -R ${user}.${setgidGroup} /var/postfix/queue + ${pkgs.coreutils}/bin/chmod -R ug+rwX /var/postfix/queue + ${pkgs.coreutils}/bin/chown root.root /var/spool/mail + ${pkgs.coreutils}/bin/chmod a+rwxt /var/spool/mail + + ln -sf ${pkgs.postfix}/share/postfix/conf/* /var/postfix/conf + + ln -sf ${aliasesFile} /var/postfix/conf/aliases + ln -sf ${mainCfFile} /var/postfix/conf/main.cf + + ${pkgs.postfix}/sbin/postalias -c /var/postfix/conf /var/postfix/conf/aliases + + ${pkgs.postfix}/sbin/postfix -c /var/postfix/conf start + end script + ''; + + }]; + }; } From a0b0bba7626a28ebc23cd3158aff65d19b37c096 Mon Sep 17 00:00:00 2001 From: Marc Weber Date: Fri, 6 Mar 2009 12:27:10 +0000 Subject: [PATCH 76/91] Convert "dovecot" svn path=/nixos/branches/fix-style/; revision=14393 --- system/options.nix | 30 +---------- upstart-jobs/default.nix | 6 --- upstart-jobs/dovecot.nix | 112 +++++++++++++++++++++++++++++---------- 3 files changed, 85 insertions(+), 63 deletions(-) diff --git a/system/options.nix b/system/options.nix index d2e1197330a..99904c7b7a0 100644 --- a/system/options.nix +++ b/system/options.nix @@ -479,35 +479,6 @@ in }; - dovecot = { - enable = mkOption { - default = false; - description = "Whether to enable dovecot POP3/IMAP server."; - }; - - user = mkOption { - default = "dovecot"; - description = "dovecot user name"; - }; - group = mkOption { - default = "dovecot"; - description = "dovecot group name"; - }; - - sslServerCert = mkOption { - default = ""; - description = "Server certificate"; - }; - sslCACert = mkOption { - default = ""; - description = "CA certificate used by server certificate"; - }; - sslServerKey = mkOption { - default = ""; - description = "Server key"; - }; - }; - bind = { enable = mkOption { default = false; @@ -647,6 +618,7 @@ in (import ../upstart-jobs/postgresql.nix) (import ../upstart-jobs/openfire.nix) (import ../upstart-jobs/postfix.nix) + (import ../upstart-jobs/dovecot.nix) # nix (import ../upstart-jobs/nix.nix) # nix options and daemon diff --git a/upstart-jobs/default.nix b/upstart-jobs/default.nix index ff8b8a9e9ba..a11ec89acb8 100644 --- a/upstart-jobs/default.nix +++ b/upstart-jobs/default.nix @@ -131,12 +131,6 @@ let inherit config; }) - # Dovecot POP3/IMAP server. - ++ optional config.services.dovecot.enable - (import ../upstart-jobs/dovecot.nix { - inherit config pkgs; - }) - # ISC BIND domain name server. ++ optional config.services.bind.enable (import ../upstart-jobs/bind.nix { diff --git a/upstart-jobs/dovecot.nix b/upstart-jobs/dovecot.nix index d7d74261e13..8a70a5462d1 100644 --- a/upstart-jobs/dovecot.nix +++ b/upstart-jobs/dovecot.nix @@ -1,4 +1,45 @@ -{config, pkgs}: +{pkgs, config, ...}: + +###### interface +let + inherit (pkgs.lib) mkOption mkIf; + + options = { + services = { + dovecot = { + enable = mkOption { + default = false; + description = "Whether to enable dovecot POP3/IMAP server."; + }; + + user = mkOption { + default = "dovecot"; + description = "dovecot user name"; + }; + group = mkOption { + default = "dovecot"; + description = "dovecot group name"; + }; + + sslServerCert = mkOption { + default = ""; + description = "Server certificate"; + }; + sslCACert = mkOption { + default = ""; + description = "CA certificate used by server certificate"; + }; + sslServerKey = mkOption { + default = ""; + description = "Server key"; + }; + }; + }; + }; +in + +###### implementation + let startingDependency = if config.services.gw6c.enable then "gw6c" else "network-interfaces"; @@ -54,36 +95,51 @@ let ''; in -{ - name = "dovecot"; - users = [{ - name = cfg.user; - uid = idList.uids.dovecot; - description = "Dovecot user"; - group = cfg.group; - }]; - groups = [{ - name = cfg.group; - gid = idList.gids.dovecot; - }]; - job = '' - description "Dovecot IMAP/POP3 server" +mkIf config.services.dovecot.enable { - start on ${startingDependency}/started - stop on never + require = [ + options + ]; - start script - ${pkgs.coreutils}/bin/mkdir -p /var/run/dovecot /var/run/dovecot/login - ${pkgs.coreutils}/bin/chown -R ${cfg.user}.${cfg.group} /var/run/dovecot - end script + environment = { + etc = [{ + source = pamdFile; + target = "pam.d/dovecot"; + }]; + }; - respawn ${pkgs.dovecot}/sbin/dovecot -F -c ${confFile} - ''; + users = { + extraUsers = [{ + name = cfg.user; + uid = idList.uids.dovecot; + description = "Dovecot user"; + group = cfg.group; + }]; + extraGroups = [{ + name = cfg.group; + gid = idList.gids.dovecot; + }]; + }; - extraEtc = [{ - source = pamdFile; - target = "pam.d/dovecot"; - }]; + services = { + extraJobs = [{ + name = "dovecot"; + + job = '' + description "Dovecot IMAP/POP3 server" + + start on ${startingDependency}/started + stop on never + + start script + ${pkgs.coreutils}/bin/mkdir -p /var/run/dovecot /var/run/dovecot/login + ${pkgs.coreutils}/bin/chown -R ${cfg.user}.${cfg.group} /var/run/dovecot + end script + + respawn ${pkgs.dovecot}/sbin/dovecot -F -c ${confFile} + ''; + + }]; + }; } - From c0ed553c87803ac5b8d88ff4ec4137fc2eb12c99 Mon Sep 17 00:00:00 2001 From: Marc Weber Date: Fri, 6 Mar 2009 12:27:13 +0000 Subject: [PATCH 77/91] Convert "bind" svn path=/nixos/branches/fix-style/; revision=14394 --- system/options.nix | 37 +------------------ upstart-jobs/bind.nix | 79 ++++++++++++++++++++++++++++++++++------ upstart-jobs/default.nix | 6 --- 3 files changed, 69 insertions(+), 53 deletions(-) diff --git a/system/options.nix b/system/options.nix index 99904c7b7a0..6b9e58824a7 100644 --- a/system/options.nix +++ b/system/options.nix @@ -479,42 +479,6 @@ in }; - bind = { - enable = mkOption { - default = false; - description = " - Whether to enable BIND domain name server. - "; - }; - cacheNetworks = mkOption { - default = ["127.0.0.0/24"]; - description = " - What networks are allowed to use us as a resolver. - "; - }; - blockedNetworks = mkOption { - default = []; - description = " - What networks are just blocked. - "; - }; - zones = mkOption { - default = []; - description = " - List of zones we claim authority over. - master=false means slave server; slaves means addresses - who may request zone transfer. - "; - example = [{ - name = "example.com"; - master = false; - file = "/var/dns/example.com"; - masters = ["192.168.0.1"]; - slaves = []; - }]; - }; - }; - }; nesting = { @@ -619,6 +583,7 @@ in (import ../upstart-jobs/openfire.nix) (import ../upstart-jobs/postfix.nix) (import ../upstart-jobs/dovecot.nix) + (import ../upstart-jobs/bind.nix) # nix (import ../upstart-jobs/nix.nix) # nix options and daemon diff --git a/upstart-jobs/bind.nix b/upstart-jobs/bind.nix index f645abc9340..d216987e573 100644 --- a/upstart-jobs/bind.nix +++ b/upstart-jobs/bind.nix @@ -1,4 +1,52 @@ -{config, pkgs}: +{pkgs, config, ...}: + +###### interface +let + inherit (pkgs.lib) mkOption mkIf; + + options = { + services = { + bind = { + enable = mkOption { + default = false; + description = " + Whether to enable BIND domain name server. + "; + }; + cacheNetworks = mkOption { + default = ["127.0.0.0/24"]; + description = " + What networks are allowed to use us as a resolver. + "; + }; + blockedNetworks = mkOption { + default = []; + description = " + What networks are just blocked. + "; + }; + zones = mkOption { + default = []; + description = " + List of zones we claim authority over. + master=false means slave server; slaves means addresses + who may request zone transfer. + "; + example = [{ + name = "example.com"; + master = false; + file = "/var/dns/example.com"; + masters = ["192.168.0.1"]; + slaves = []; + }]; + }; + }; + }; + }; +in + +###### implementation + let startingDependency = if config.services.gw6c.enable then "gw6c" else "network-interfaces"; cfg = config.services.bind; @@ -52,15 +100,24 @@ let confFile = pkgs.writeText "named.conf" namedConf; in -{ - name = "bind"; - job = '' - description "BIND name server job" - start script - ${pkgs.coreutils}/bin/mkdir -p /var/run/named - end script +mkIf config.services.bind.enable { + require = [ + options + ]; - respawn ${pkgs.bind}/sbin/named -c ${confFile} -f - ''; -} + services = { + extraJobs = [{ + name = "bind"; + job = '' + description "BIND name server job" + + start script + ${pkgs.coreutils}/bin/mkdir -p /var/run/named + end script + + respawn ${pkgs.bind}/sbin/named -c ${confFile} -f + ''; + }]; + }; +} diff --git a/upstart-jobs/default.nix b/upstart-jobs/default.nix index a11ec89acb8..3999f8c4e9d 100644 --- a/upstart-jobs/default.nix +++ b/upstart-jobs/default.nix @@ -131,12 +131,6 @@ let inherit config; }) - # ISC BIND domain name server. - ++ optional config.services.bind.enable - (import ../upstart-jobs/bind.nix { - inherit config pkgs; - }) - # Handles the reboot/halt events. ++ (map (event: makeJob (import ../upstart-jobs/halt.nix { From 3679813f37f442d290d64c7887f7443bf99f4531 Mon Sep 17 00:00:00 2001 From: Marc Weber Date: Fri, 6 Mar 2009 12:27:15 +0000 Subject: [PATCH 78/91] Convert "mingetty" svn path=/nixos/branches/fix-style/; revision=14395 --- system/options.nix | 39 +------------------- upstart-jobs/default.nix | 10 ----- upstart-jobs/mingetty.nix | 78 +++++++++++++++++++++++++++++++++++---- 3 files changed, 72 insertions(+), 55 deletions(-) diff --git a/system/options.nix b/system/options.nix index 6b9e58824a7..f08f31867e4 100644 --- a/system/options.nix +++ b/system/options.nix @@ -441,44 +441,6 @@ in }; - mingetty = { - - ttys = mkOption { - default = [1 2 3 4 5 6]; - description = " - The list of tty (virtual console) devices on which to start a - login prompt. - "; - }; - - waitOnMounts = mkOption { - default = false; - description = " - Whether the login prompts on the virtual consoles will be - started before or after all file systems have been mounted. By - default we don't wait, but if for example your /home is on a - separate partition, you may want to turn this on. - "; - }; - - greetingLine = mkOption { - default = ''<<< Welcome to NixOS (\m) - Kernel \r (\l) >>>''; - description = " - Welcome line printed by mingetty. - "; - }; - - helpLine = mkOption { - default = ""; - description = " - Help line printed by mingetty below the welcome line. - Used by the installation CD to give some hints on - how to proceed. - "; - }; - - }; - }; nesting = { @@ -584,6 +546,7 @@ in (import ../upstart-jobs/postfix.nix) (import ../upstart-jobs/dovecot.nix) (import ../upstart-jobs/bind.nix) + (import ../upstart-jobs/mingetty.nix) # The terminals on ttyX. # nix (import ../upstart-jobs/nix.nix) # nix options and daemon diff --git a/upstart-jobs/default.nix b/upstart-jobs/default.nix index 3999f8c4e9d..740b6785245 100644 --- a/upstart-jobs/default.nix +++ b/upstart-jobs/default.nix @@ -140,16 +140,6 @@ let ["reboot" "halt" "system-halt" "power-off"] ) - # The terminals on ttyX. - ++ (map - (ttyNumber: makeJob (import ../upstart-jobs/mingetty.nix { - inherit (pkgs) mingetty; - inherit ttyNumber; - loginProgram = "${pkgs.pam_login}/bin/login"; - })) - (config.services.mingetty.ttys) - ) - # Transparent TTY backgrounds. ++ optional (config.services.ttyBackgrounds.enable && kernelPackages.splashutils != null) (import ../upstart-jobs/tty-backgrounds.nix { diff --git a/upstart-jobs/mingetty.nix b/upstart-jobs/mingetty.nix index 8f50ea5c9db..c04d47061e9 100644 --- a/upstart-jobs/mingetty.nix +++ b/upstart-jobs/mingetty.nix @@ -1,10 +1,74 @@ -{mingetty, ttyNumber, loginProgram}: +{pkgs, config, ...}: + +###### interface +let + inherit (pkgs.lib) mkOption mkIf; + + options = { + services = { + mingetty = { + + ttys = mkOption { + default = [1 2 3 4 5 6]; + description = " + The list of tty (virtual console) devices on which to start a + login prompt. + "; + }; + + waitOnMounts = mkOption { + default = false; + description = " + Whether the login prompts on the virtual consoles will be + started before or after all file systems have been mounted. By + default we don't wait, but if for example your /home is on a + separate partition, you may want to turn this on. + "; + }; + + greetingLine = mkOption { + default = ''<<< Welcome to NixOS (\m) - Kernel \r (\l) >>>''; + description = " + Welcome line printed by mingetty. + "; + }; + + helpLine = mkOption { + default = ""; + description = " + Help line printed by mingetty below the welcome line. + Used by the installation CD to give some hints on + how to proceed. + "; + }; + + }; + }; + }; +in + +###### implementation + +let + ttyNumbers = config.services.mingetty.ttys; + loginProgram = "${pkgs.pam_login}/bin/login"; + inherit (pkgs) mingetty; + +in { - name = "tty" + toString ttyNumber; - job = " - start on udev - stop on shutdown - respawn ${mingetty}/sbin/mingetty --loginprog=${loginProgram} --noclear tty${toString ttyNumber} - "; + require = [ + options + ]; + + services = { + extraJobs = map (ttyNumber : { + name = "tty" + toString ttyNumber; + job = " + start on udev + stop on shutdown + respawn ${mingetty}/sbin/mingetty --loginprog=${loginProgram} --noclear tty${toString ttyNumber} + "; + }) ttyNumbers; + }; } From 98ea167131a8fbfa81d79bb078c1b941979bae4c Mon Sep 17 00:00:00 2001 From: Marc Weber Date: Fri, 6 Mar 2009 12:27:18 +0000 Subject: [PATCH 79/91] Convert "tty-backgrounds" svn path=/nixos/branches/fix-style/; revision=14396 --- system/options.nix | 64 +---------- upstart-jobs/default.nix | 31 ----- upstart-jobs/tty-backgrounds.nix | 190 ++++++++++++++++++++++++------- 3 files changed, 153 insertions(+), 132 deletions(-) diff --git a/system/options.nix b/system/options.nix index f08f31867e4..36b72157d15 100644 --- a/system/options.nix +++ b/system/options.nix @@ -380,69 +380,6 @@ in "; }; - services = { - - - ttyBackgrounds = { - - enable = mkOption { - default = true; - description = " - Whether to enable graphical backgrounds for the virtual consoles. - "; - }; - - defaultTheme = mkOption { - default = pkgs.fetchurl { - #url = http://www.bootsplash.de/files/themes/Theme-BabyTux.tar.bz2; - url = http://www.mirrorservice.org/sites/www.ibiblio.org/gentoo/distfiles/Theme-BabyTux.tar.bz2; - md5 = "a6d89d1c1cff3b6a08e2f526f2eab4e0"; - }; - description = " - The default theme for the virtual consoles. Themes can be found - at . - "; - }; - - defaultSpecificThemes = mkOption { - default = [ - /* - { tty = 6; - theme = pkgs.fetchurl { # Yeah! - url = http://www.bootsplash.de/files/themes/Theme-Pativo.tar.bz2; - md5 = "9e13beaaadf88d43a5293e7ab757d569"; - }; - } - */ - { tty = 10; - theme = pkgs.fetchurl { - #url = http://www.bootsplash.de/files/themes/Theme-GNU.tar.bz2; - url = http://www.mirrorservice.org/sites/www.ibiblio.org/gentoo/distfiles/Theme-GNU.tar.bz2; - md5 = "61969309d23c631e57b0a311102ef034"; - }; - } - ]; - description = " - This option sets specific themes for virtual consoles. If you - just want to set themes for additional consoles, use - . - "; - }; - - specificThemes = mkOption { - default = [ - ]; - description = " - This option allows you to set specific themes for virtual - consoles. - "; - }; - - }; - - - }; - nesting = { children = mkOption { default = []; @@ -547,6 +484,7 @@ in (import ../upstart-jobs/dovecot.nix) (import ../upstart-jobs/bind.nix) (import ../upstart-jobs/mingetty.nix) # The terminals on ttyX. + (import ../upstart-jobs/tty-backgrounds.nix) # nix (import ../upstart-jobs/nix.nix) # nix options and daemon diff --git a/upstart-jobs/default.nix b/upstart-jobs/default.nix index 740b6785245..1a3cf76740b 100644 --- a/upstart-jobs/default.nix +++ b/upstart-jobs/default.nix @@ -140,37 +140,6 @@ let ["reboot" "halt" "system-halt" "power-off"] ) - # Transparent TTY backgrounds. - ++ optional (config.services.ttyBackgrounds.enable && kernelPackages.splashutils != null) - (import ../upstart-jobs/tty-backgrounds.nix { - inherit (pkgs) stdenv; - inherit (kernelPackages) splashutils; - - backgrounds = - - let - - specificThemes = - config.services.ttyBackgrounds.defaultSpecificThemes - ++ config.services.ttyBackgrounds.specificThemes; - - overridenTTYs = map (x: x.tty) specificThemes; - - # Use the default theme for all the mingetty ttys and for the - # syslog tty, except those for which a specific theme is - # specified. - defaultTTYs = - pkgs.lib.filter (x: !(pkgs.lib.elem x overridenTTYs)) requiredTTYs; - - in - (map (ttyNumber: { - tty = ttyNumber; - theme = config.services.ttyBackgrounds.defaultTheme; - }) defaultTTYs) - ++ specificThemes; - - }) - # User-defined events. ++ (map makeJob (config.services.extraJobs)); diff --git a/upstart-jobs/tty-backgrounds.nix b/upstart-jobs/tty-backgrounds.nix index 60408530870..825874aaeed 100644 --- a/upstart-jobs/tty-backgrounds.nix +++ b/upstart-jobs/tty-backgrounds.nix @@ -1,11 +1,100 @@ -{stdenv, splashutils, backgrounds}: +{pkgs, config, ...}: -rec { - name = "tty-backgrounds"; +###### interface +let + inherit (pkgs.lib) mkOption mkIf; - unpackTheme = theme: import ../helpers/unpack-theme.nix { - inherit stdenv theme; + options = { + services = { + ttyBackgrounds = { + + enable = mkOption { + default = true; + description = " + Whether to enable graphical backgrounds for the virtual consoles. + "; + }; + + defaultTheme = mkOption { + default = pkgs.fetchurl { + #url = http://www.bootsplash.de/files/themes/Theme-BabyTux.tar.bz2; + url = http://www.mirrorservice.org/sites/www.ibiblio.org/gentoo/distfiles/Theme-BabyTux.tar.bz2; + md5 = "a6d89d1c1cff3b6a08e2f526f2eab4e0"; + }; + description = " + The default theme for the virtual consoles. Themes can be found + at . + "; + }; + + defaultSpecificThemes = mkOption { + default = [ + /* + { tty = 6; + theme = pkgs.fetchurl { # Yeah! + url = http://www.bootsplash.de/files/themes/Theme-Pativo.tar.bz2; + md5 = "9e13beaaadf88d43a5293e7ab757d569"; + }; + } + */ + { tty = 10; + theme = pkgs.fetchurl { + #url = http://www.bootsplash.de/files/themes/Theme-GNU.tar.bz2; + url = http://www.mirrorservice.org/sites/www.ibiblio.org/gentoo/distfiles/Theme-GNU.tar.bz2; + md5 = "61969309d23c631e57b0a311102ef034"; + }; + } + ]; + description = " + This option sets specific themes for virtual consoles. If you + just want to set themes for additional consoles, use + . + "; + }; + + specificThemes = mkOption { + default = [ + ]; + description = " + This option allows you to set specific themes for virtual + consoles. + "; + }; + }; + }; }; +in + +###### implementation + +let + inherit (pkgs) stdenv; + kernelPackages = config.boot.kernelPackages; + splashutils = kernelPackages.splashutils; + requiredTTYs = config.requiredTTYs; + backgrounds = + + let + + specificThemes = + config.services.ttyBackgrounds.defaultSpecificThemes + ++ config.services.ttyBackgrounds.specificThemes; + + overridenTTYs = map (x: x.tty) specificThemes; + + # Use the default theme for all the mingetty ttys and for the + # syslog tty, except those for which a specific theme is + # specified. + defaultTTYs = + pkgs.lib.filter (x: !(pkgs.lib.elem x overridenTTYs)) requiredTTYs; + + in + (map (ttyNumber: { + tty = ttyNumber; + theme = config.services.ttyBackgrounds.defaultTheme; + }) defaultTTYs) + ++ specificThemes; + themesUnpacked = stdenv.mkDerivation { name = "splash-themes"; @@ -15,46 +104,71 @@ rec { themes = map (x: if x ? theme then (unpackTheme x.theme) else "default") backgrounds; }; - extraEtc = [ - { source = themesUnpacked; - target = "splash"; - } + unpackTheme = theme: import ../helpers/unpack-theme.nix { + inherit stdenv theme; + }; + + + +in + +# FIXME see xfs +# assert splashutils != null; + +mkIf (config.services.ttyBackgrounds.enable && kernelPackages.splashutils != null) { + require = [ + options ]; - job = '' - start on udev - start script + environment = { + etc = [ + { source = themesUnpacked; + target = "splash"; + } + ]; + }; - # Critical: tell the kernel where to find splash_helper. It calls - # this program every time we switch between consoles. - helperProcFile=${splashutils.helperProcFile} - if test -e /proc/sys/fbcondecor; then helperProcFile=/proc/sys/fbcondecor; fi - echo ${splashutils}/${splashutils.helperName} > $helperProcFile - # For each console... - for tty in ${toString (map (x: x.tty) backgrounds)}; do - # Make sure that the console exists. - echo -n "" > /dev/tty$tty + services = { + extraJobs = [ rec { + name = "tty-backgrounds"; - # Set the theme as determined by tty-backgrounds-combine.sh - # above. - theme=$(readlink ${themesUnpacked}/$tty) - ${splashutils}/${splashutils.controlName} --tty $tty -c setcfg -t $theme || true - ${splashutils}/${splashutils.controlName} --tty $tty -c setpic -t $theme || true - ${splashutils}/${splashutils.controlName} --tty $tty -c on || true - done + job = '' + start on udev - end script + start script - respawn sleep 10000 # !!! Hack + # Critical: tell the kernel where to find splash_helper. It calls + # this program every time we switch between consoles. + helperProcFile=${splashutils.helperProcFile} + if test -e /proc/sys/fbcondecor; then helperProcFile=/proc/sys/fbcondecor; fi + echo ${splashutils}/${splashutils.helperName} > $helperProcFile - stop script - # Disable the theme on each console. - for tty in ${toString (map (x: x.tty) backgrounds)}; do - ${splashutils}/${splashutils.controlName} --tty $tty -c off || true - done - end script - ''; - + # For each console... + for tty in ${toString (map (x: x.tty) backgrounds)}; do + # Make sure that the console exists. + echo -n "" > /dev/tty$tty + + # Set the theme as determined by tty-backgrounds-combine.sh + # above. + theme=$(readlink ${themesUnpacked}/$tty) + ${splashutils}/${splashutils.controlName} --tty $tty -c setcfg -t $theme || true + ${splashutils}/${splashutils.controlName} --tty $tty -c setpic -t $theme || true + ${splashutils}/${splashutils.controlName} --tty $tty -c on || true + done + + end script + + respawn sleep 10000 # !!! Hack + + stop script + # Disable the theme on each console. + for tty in ${toString (map (x: x.tty) backgrounds)}; do + ${splashutils}/${splashutils.controlName} --tty $tty -c off || true + done + end script + ''; + }]; + }; } From dd0f98fe22d0671a4db9c4fae923d1eba69ea1b3 Mon Sep 17 00:00:00 2001 From: Marc Weber Date: Fri, 6 Mar 2009 12:27:20 +0000 Subject: [PATCH 80/91] added FIXME notes svn path=/nixos/branches/fix-style/; revision=14397 --- system/options.nix | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/system/options.nix b/system/options.nix index 36b72157d15..baeb96853d3 100644 --- a/system/options.nix +++ b/system/options.nix @@ -476,15 +476,16 @@ in (import ../upstart-jobs/udev.nix) # The udev daemon creates devices nodes and runs programs when hardware events occur. (import ../upstart-jobs/samba.nix) # TODO: doesn't start here (?) (import ../upstart-jobs/ircd-hybrid.nix) # TODO: doesn't compile on x86_64-linux, can't test - (import ../upstart-jobs/xfs.nix) + (import ../upstart-jobs/xfs.nix) # FIXME (assertion) (import ../upstart-jobs/mysql.nix) (import ../upstart-jobs/postgresql.nix) - (import ../upstart-jobs/openfire.nix) + (import ../upstart-jobs/openfire.nix) # FIXME (assertion) (import ../upstart-jobs/postfix.nix) (import ../upstart-jobs/dovecot.nix) (import ../upstart-jobs/bind.nix) + (import ../upstart-jobs/mingetty.nix) # The terminals on ttyX. - (import ../upstart-jobs/tty-backgrounds.nix) + (import ../upstart-jobs/tty-backgrounds.nix) #FIXME (assertion) # nix (import ../upstart-jobs/nix.nix) # nix options and daemon From bfc722e83d7edd2e44242458587b6eb72d969a28 Mon Sep 17 00:00:00 2001 From: Marc Weber Date: Fri, 6 Mar 2009 12:27:23 +0000 Subject: [PATCH 81/91] Convert "klogd" svn path=/nixos/branches/fix-style/; revision=14398 --- system/options.nix | 3 +++ upstart-jobs/default.nix | 6 ------ upstart-jobs/klogd.nix | 39 +++++++++++++++++++++++---------------- 3 files changed, 26 insertions(+), 22 deletions(-) diff --git a/system/options.nix b/system/options.nix index baeb96853d3..32e3a5b7b8e 100644 --- a/system/options.nix +++ b/system/options.nix @@ -414,6 +414,9 @@ in (import ../system/unix-odbc-drivers.nix) + (import ../upstart-jobs/klogd.nix) + + # security (import ../system/sudo.nix) diff --git a/upstart-jobs/default.nix b/upstart-jobs/default.nix index 1a3cf76740b..69289bcf99d 100644 --- a/upstart-jobs/default.nix +++ b/upstart-jobs/default.nix @@ -71,12 +71,6 @@ let jobs = map makeJob ([ - # Klogd. - (import ../upstart-jobs/klogd.nix { - inherit (pkgs) sysklogd writeText; - inherit config; - }) - # Makes LVM logical volumes available. (import ../upstart-jobs/lvm.nix { inherit modprobe; diff --git a/upstart-jobs/klogd.nix b/upstart-jobs/klogd.nix index 35207b339bd..59ab51fea92 100644 --- a/upstart-jobs/klogd.nix +++ b/upstart-jobs/klogd.nix @@ -1,26 +1,33 @@ -{sysklogd, writeText, config}: +{pkgs, config, ...}: +###### implementation let + inherit (pkgs.lib); - klogdCmd = "${sysklogd}/sbin/klogd -c 1 -2 -k $(dirname $(readlink -f /var/run/booted-system/kernel))/System.map"; + klogdCmd = "${pkgs.sysklogd}/sbin/klogd -c 1 -2 -k $(dirname $(readlink -f /var/run/booted-system/kernel))/System.map"; in { - name = "klogd"; - - job = '' - description "Kernel log daemon" - - start on syslogd - stop on shutdown - start script - # !!! this hangs for some reason (it blocks reading from - # /proc/kmsg). - #${klogdCmd} -o - end script + services = { + extraJobs = [{ + name = "klogd"; + + job = '' + description "Kernel log daemon" + + start on syslogd + stop on shutdown - respawn ${klogdCmd} -n - ''; + start script + # !!! this hangs for some reason (it blocks reading from + # /proc/kmsg). + #${klogdCmd} -o + end script + + respawn ${klogdCmd} -n + ''; + }]; + }; } From f05cccbc66d6123fbd076c4a1cbd5d4cfe18c6d7 Mon Sep 17 00:00:00 2001 From: Marc Weber Date: Fri, 6 Mar 2009 12:27:28 +0000 Subject: [PATCH 82/91] Convert "lvm" svn path=/nixos/branches/fix-style/; revision=14399 --- system/options.nix | 2 ++ upstart-jobs/default.nix | 6 ----- upstart-jobs/lvm.nix | 53 ++++++++++++++++++++++++---------------- 3 files changed, 34 insertions(+), 27 deletions(-) diff --git a/system/options.nix b/system/options.nix index 32e3a5b7b8e..2444edaeb59 100644 --- a/system/options.nix +++ b/system/options.nix @@ -416,6 +416,8 @@ in (import ../upstart-jobs/klogd.nix) + (import ../upstart-jobs/lvm.nix) # Makes LVM logical volumes available. + # security diff --git a/upstart-jobs/default.nix b/upstart-jobs/default.nix index 69289bcf99d..5b455eeaa78 100644 --- a/upstart-jobs/default.nix +++ b/upstart-jobs/default.nix @@ -71,12 +71,6 @@ let jobs = map makeJob ([ - # Makes LVM logical volumes available. - (import ../upstart-jobs/lvm.nix { - inherit modprobe; - inherit (pkgs) lvm2 devicemapper; - }) - # Activate software RAID arrays. (import ../upstart-jobs/swraid.nix { inherit modprobe; diff --git a/upstart-jobs/lvm.nix b/upstart-jobs/lvm.nix index d860224685e..1d16da59bef 100644 --- a/upstart-jobs/lvm.nix +++ b/upstart-jobs/lvm.nix @@ -1,30 +1,41 @@ -{modprobe, lvm2, devicemapper}: +{pkgs, config, ...}: + +###### implementation + +let + modprobe = config.system.sbin.modprobe; + +in + { - name = "lvm"; - - job = " -start on udev -#start on new-devices -script + services = { + extraJobs = [{ + name = "lvm"; + + job = '' + start on udev + #start on new-devices - # Load the device mapper. - ${modprobe}/sbin/modprobe dm_mod || true + script - ${devicemapper}/sbin/dmsetup mknodes - # Scan for block devices that might contain LVM physical volumes - # and volume groups. - ${lvm2}/sbin/vgscan --mknodes + # Load the device mapper. + ${modprobe}/sbin/modprobe dm_mod || true - # Make all logical volumes on all volume groups available, i.e., - # make them appear in /dev. - ${lvm2}/sbin/vgchange --available y + ${pkgs.devicemapper}/sbin/dmsetup mknodes + # Scan for block devices that might contain LVM physical volumes + # and volume groups. + ${pkgs.lvm2}/sbin/vgscan --mknodes - initctl emit new-devices - -end script - - "; + # Make all logical volumes on all volume groups available, i.e., + # make them appear in /dev. + ${pkgs.lvm2}/sbin/vgchange --available y + initctl emit new-devices + + end script + ''; + }]; + }; } From ea60090213ef5d98ba3071ef58fc5ba29e44f7ef Mon Sep 17 00:00:00 2001 From: Marc Weber Date: Fri, 6 Mar 2009 12:27:30 +0000 Subject: [PATCH 83/91] Convert "swraid" svn path=/nixos/branches/fix-style/; revision=14400 --- system/options.nix | 1 + upstart-jobs/default.nix | 6 ---- upstart-jobs/swraid.nix | 60 +++++++++++++++++++++++----------------- 3 files changed, 35 insertions(+), 32 deletions(-) diff --git a/system/options.nix b/system/options.nix index 2444edaeb59..6b167d82c1a 100644 --- a/system/options.nix +++ b/system/options.nix @@ -418,6 +418,7 @@ in (import ../upstart-jobs/lvm.nix) # Makes LVM logical volumes available. + (import ../upstart-jobs/swraid.nix) # Activate software RAID arrays. # security diff --git a/upstart-jobs/default.nix b/upstart-jobs/default.nix index 5b455eeaa78..6f14800d296 100644 --- a/upstart-jobs/default.nix +++ b/upstart-jobs/default.nix @@ -71,12 +71,6 @@ let jobs = map makeJob ([ - # Activate software RAID arrays. - (import ../upstart-jobs/swraid.nix { - inherit modprobe; - inherit (pkgs) mdadm; - }) - # Mount file systems. (import ../upstart-jobs/filesystems.nix { inherit mount; diff --git a/upstart-jobs/swraid.nix b/upstart-jobs/swraid.nix index 5cf7d82e383..a0a25efa354 100644 --- a/upstart-jobs/swraid.nix +++ b/upstart-jobs/swraid.nix @@ -1,36 +1,44 @@ -{modprobe, mdadm}: +{pkgs, config, ...}: + +###### implementation let tempConf = "/var/run/mdadm.conf"; + modprobe = config.system.sbin.modprobe; + inherit (pkgs) mdadm; in { - name = "swraid"; - - job = " -start on udev -#start on new-devices - -script - - # Load the necessary RAID personalities. - # !!! hm, doesn't the kernel load these automatically? - for mod in raid0 raid1 raid5; do - ${modprobe}/sbin/modprobe $mod || true - done - - # Scan /proc/partitions for RAID devices. - ${mdadm}/sbin/mdadm --examine --brief --scan -c partitions > ${tempConf} - - # Activate each device found. - ${mdadm}/sbin/mdadm --assemble -c ${tempConf} --scan - - initctl emit new-devices - -end script - - "; + services = { + extraJobs = [{ + name = "swraid"; + + job = '' + start on udev + #start on new-devices + + script + + # Load the necessary RAID personalities. + # !!! hm, doesn't the kernel load these automatically? + for mod in raid0 raid1 raid5; do + ${modprobe}/sbin/modprobe $mod || true + done + + # Scan /proc/partitions for RAID devices. + ${mdadm}/sbin/mdadm --examine --brief --scan -c partitions > ${tempConf} + + # Activate each device found. + ${mdadm}/sbin/mdadm --assemble -c ${tempConf} --scan + + initctl emit new-devices + + end script + + ''; + }]; + }; } From d964466c1af91b1c91264a083d18803e402bbf7b Mon Sep 17 00:00:00 2001 From: Marc Weber Date: Fri, 6 Mar 2009 12:27:33 +0000 Subject: [PATCH 84/91] Convert "filesystems" svn path=/nixos/branches/fix-style/; revision=14401 --- system/options.nix | 2 + upstart-jobs/default.nix | 7 -- upstart-jobs/filesystems.nix | 202 ++++++++++++++++++----------------- 3 files changed, 106 insertions(+), 105 deletions(-) diff --git a/system/options.nix b/system/options.nix index 6b167d82c1a..039f8b72403 100644 --- a/system/options.nix +++ b/system/options.nix @@ -420,6 +420,8 @@ in (import ../upstart-jobs/swraid.nix) # Activate software RAID arrays. + (import ../upstart-jobs/filesystems.nix) # Mount file systems. + # security (import ../system/sudo.nix) diff --git a/upstart-jobs/default.nix b/upstart-jobs/default.nix index 6f14800d296..ca90d8bb8d3 100644 --- a/upstart-jobs/default.nix +++ b/upstart-jobs/default.nix @@ -71,13 +71,6 @@ let jobs = map makeJob ([ - # Mount file systems. - (import ../upstart-jobs/filesystems.nix { - inherit mount; - inherit (pkgs) utillinux e2fsprogs; - fileSystems = config.fileSystems; - }) - # Swapping. (import ../upstart-jobs/swap.nix { inherit (pkgs) utillinux lib; diff --git a/upstart-jobs/filesystems.nix b/upstart-jobs/filesystems.nix index 24569db11b4..10673cce5f3 100644 --- a/upstart-jobs/filesystems.nix +++ b/upstart-jobs/filesystems.nix @@ -1,120 +1,126 @@ -{utillinux, e2fsprogs, fileSystems, mount}: +{pkgs, config, ...}: + +###### implementation let - - # !!! use XML + inherit (pkgs) e2fsprogs; mountPoints = map (fs: fs.mountPoint) fileSystems; + fileSystems = config.fileSystems; devices = map (fs: if fs ? device then fs.device else "LABEL=" + fs.label) fileSystems; fsTypes = map (fs: if fs ? fsType then fs.fsType else "auto") fileSystems; optionss = map (fs: if fs ? options then fs.options else "defaults") fileSystems; autocreates = map (fs: if fs ? autocreate then fs.autocreate else "0") fileSystems; + mount = config.system.sbin.mount; -in - -{ - name = "filesystems"; + job = '' + start on startup + start on new-devices + start on ip-up - job = " -start on startup -start on new-devices -start on ip-up - -script + script PATH=${e2fsprogs}/sbin:$PATH - + mountPoints=(${toString mountPoints}) devices=(${toString devices}) fsTypes=(${toString fsTypes}) optionss=(${toString optionss}) autocreates=(${toString autocreates}) - + newDevices=1 - + # If we mount any file system, we repeat this loop, because new # mount opportunities may have become available (such as images # for loopback mounts). - - while test -n \"$newDevices\"; do - - newDevices= - - for ((n = 0; n < \${#mountPoints[*]}; n++)); do - mountPoint=\${mountPoints[$n]} - device=\${devices[$n]} - fsType=\${fsTypes[$n]} - options=\${optionss[$n]} - autocreate=\${autocreates[$n]} - - isLabel= - if echo \"$device\" | grep -q '^LABEL='; then isLabel=1; fi - - isPseudo= - if test \"$fsType\" = \"nfs\" || test \"$fsType\" = \"tmpfs\" || - test \"$fsType\" = \"ext3cow\"; then isPseudo=1; fi - - if ! test -n \"$isLabel\" -o -n \"$isPseudo\" -o -e \"$device\"; then - echo \"skipping $device, doesn't exist (yet)\" - continue - fi - - # !!! quick hack: if mount point already exists, try a - # remount to change the options but nothing else. - if cat /proc/mounts | grep -F -q \" $mountPoint \"; then - echo \"remounting $device on $mountPoint\" - ${mount}/bin/mount -t \"$fsType\" \\ - -o remount,\"$options\" \\ - \"$device\" \"$mountPoint\" || true - continue - fi - - # If $device is already mounted somewhere else, unmount it first. - # !!! Note: we use /etc/mtab, not /proc/mounts, because mtab - # contains more accurate info when using loop devices. - - # !!! not very smart about labels yet; should resolve the label somehow. - if test -z \"$isLabel\" -a -z \"$isPseudo\"; then - - device=$(readlink -f \"$device\") - - prevMountPoint=$( - cat /etc/mtab \\ - | grep \"^$device \" \\ - | sed 's|^[^ ]\\+ \\+\\([^ ]\\+\\).*|\\1|' \\ - ) - - if test \"$prevMountPoint\" = \"$mountPoint\"; then - echo \"remounting $device on $mountPoint\" - ${mount}/bin/mount -t \"$fsType\" \\ - -o remount,\"$options\" \\ - \"$device\" \"$mountPoint\" || true - continue - fi - - if test -n \"$prevMountPoint\"; then - echo \"unmount $device from $prevMountPoint\" - ${mount}/bin/umount \"$prevMountPoint\" || true - fi - - fi - - echo \"mounting $device on $mountPoint\" - - # !!! should do something with the result; also prevent repeated fscks. - if test -z \"$isPseudo\"; then - fsck -a \"$device\" || true - fi - - if test \"\$autocreate\" = 1; then mkdir -p \"\$mountPoint\"; fi - - if ${mount}/bin/mount -t \"$fsType\" -o \"$options\" \"$device\" \"$mountPoint\"; then - newDevices=1 - fi - - done - + + while test -n "$newDevices"; do + + newDevices= + + for ((n = 0; n < ''${#mountPoints[*]}; n++)); do + mountPoint=''${mountPoints[$n]} + device=''${devices[$n]} + fsType=''${fsTypes[$n]} + options=''${optionss[$n]} + autocreate=''${autocreates[$n]} + + isLabel= + if echo "$device" | grep -q '^LABEL='; then isLabel=1; fi + + isPseudo= + if test "$fsType" = "nfs" || test "$fsType" = "tmpfs" || + test "$fsType" = "ext3cow"; then isPseudo=1; fi + + if ! test -n "$isLabel" -o -n "$isPseudo" -o -e "$device"; then + echo "skipping $device, doesn't exist (yet)" + continue + fi + + # !!! quick hack: if mount point already exists, try a + # remount to change the options but nothing else. + if cat /proc/mounts | grep -F -q " $mountPoint "; then + echo "remounting $device on $mountPoint" + ${mount}/bin/mount -t "$fsType" \ + -o remount,"$options" \ + "$device" "$mountPoint" || true + continue + fi + + # If $device is already mounted somewhere else, unmount it first. + # !!! Note: we use /etc/mtab, not /proc/mounts, because mtab + # contains more accurate info when using loop devices. + + # !!! not very smart about labels yet; should resolve the label somehow. + if test -z "$isLabel" -a -z "$isPseudo"; then + + device=$(readlink -f "$device") + + prevMountPoint=$( + cat /etc/mtab \ + | grep "^$device " \ + | sed 's|^[^ ]\+ \+\([^ ]\+\).*|\1|' \ + ) + + if test "$prevMountPoint" = "$mountPoint"; then + echo "remounting $device on $mountPoint" + ${mount}/bin/mount -t "$fsType" \ + -o remount,"$options" \ + "$device" "$mountPoint" || true + continue + fi + + if test -n "$prevMountPoint"; then + echo "unmount $device from $prevMountPoint" + ${mount}/bin/umount "$prevMountPoint" || true + fi + + fi + + echo "mounting $device on $mountPoint" + + # !!! should do something with the result; also prevent repeated fscks. + if test -z "$isPseudo"; then + fsck -a "$device" || true + fi + + if test "$autocreate" = 1; then mkdir -p "$mountPoint"; fi + + if ${mount}/bin/mount -t "$fsType" -o "$options" "$device" "$mountPoint"; then + newDevices=1 + fi + + done + done + + end script + ''; +in -end script - "; - +{ + services = { + extraJobs = [{ + name = "filesystems"; + inherit job; + }]; + }; } From ed8bfc1c78133d9e9438271bd34bf3325f21f2f8 Mon Sep 17 00:00:00 2001 From: Marc Weber Date: Fri, 6 Mar 2009 12:27:35 +0000 Subject: [PATCH 85/91] Convert "swap" svn path=/nixos/branches/fix-style/; revision=14402 --- system/options.nix | 2 ++ upstart-jobs/default.nix | 6 ---- upstart-jobs/swap.nix | 72 +++++++++++++++++++++++----------------- 3 files changed, 43 insertions(+), 37 deletions(-) diff --git a/system/options.nix b/system/options.nix index 039f8b72403..9a502d9502e 100644 --- a/system/options.nix +++ b/system/options.nix @@ -422,6 +422,8 @@ in (import ../upstart-jobs/filesystems.nix) # Mount file systems. + (import ../upstart-jobs/swap.nix) + # security (import ../system/sudo.nix) diff --git a/upstart-jobs/default.nix b/upstart-jobs/default.nix index ca90d8bb8d3..2de4ba70760 100644 --- a/upstart-jobs/default.nix +++ b/upstart-jobs/default.nix @@ -71,12 +71,6 @@ let jobs = map makeJob ([ - # Swapping. - (import ../upstart-jobs/swap.nix { - inherit (pkgs) utillinux lib; - swapDevices = config.swapDevices; - }) - # Network interfaces. (import ../upstart-jobs/network-interfaces.nix { inherit modprobe config; diff --git a/upstart-jobs/swap.nix b/upstart-jobs/swap.nix index cd640b5060e..5b6b70e362f 100644 --- a/upstart-jobs/swap.nix +++ b/upstart-jobs/swap.nix @@ -1,7 +1,13 @@ -{lib, utillinux, swapDevices}: +{pkgs, config, ...}: + +###### implementation let + inherit (pkgs) utillinux lib; + + swapDevices = config.swapDevices; + devicesByPath = map (x: x.device) (lib.filter (x: x ? device) swapDevices); @@ -10,35 +16,39 @@ let in + { - name = "swap"; - - job = " -start on startup -start on new-devices - -script - for device in ${toString devicesByPath}; do - ${utillinux}/sbin/swapon \"$device\" || true - done - - for label in ${toString devicesByLabel}; do - ${utillinux}/sbin/swapon -L \"$label\" || true - done - - # Remove swap devices not listed in swapDevices. - # !!! disabled because it doesn't work with labels - #for used in $(cat /proc/swaps | grep '^/' | sed 's/ .*//'); do - # found= - # for device in $ {toString swapDevices}; do - # if test \"$used\" = \"$device\"; then found=1; fi - # done - # if test -z \"$found\"; then - # ${utillinux}/sbin/swapoff \"$used\" || true - # fi - #done - -end script - "; - + services = { + extraJobs = [{ + name = "swap"; + + job = " + start on startup + start on new-devices + + script + for device in ${toString devicesByPath}; do + ${utillinux}/sbin/swapon \"$device\" || true + done + + for label in ${toString devicesByLabel}; do + ${utillinux}/sbin/swapon -L \"$label\" || true + done + + # Remove swap devices not listed in swapDevices. + # !!! disabled because it doesn't work with labels + #for used in $(cat /proc/swaps | grep '^/' | sed 's/ .*//'); do + # found= + # for device in $ {toString swapDevices}; do + # if test \"$used\" = \"$device\"; then found=1; fi + # done + # if test -z \"$found\"; then + # ${utillinux}/sbin/swapoff \"$used\" || true + # fi + #done + + end script + "; + }]; + }; } From 4963abf63e3d1a3f759459ec096c1faa7f40ef81 Mon Sep 17 00:00:00 2001 From: Marc Weber Date: Fri, 6 Mar 2009 12:27:38 +0000 Subject: [PATCH 86/91] Convert "nework-interfaces" svn path=/nixos/branches/fix-style/; revision=14403 --- system/options.nix | 1 + upstart-jobs/default.nix | 6 - upstart-jobs/network-interfaces.nix | 177 +++++++++++++++------------- 3 files changed, 94 insertions(+), 90 deletions(-) diff --git a/system/options.nix b/system/options.nix index 9a502d9502e..0a57304ab2b 100644 --- a/system/options.nix +++ b/system/options.nix @@ -423,6 +423,7 @@ in (import ../upstart-jobs/filesystems.nix) # Mount file systems. (import ../upstart-jobs/swap.nix) + (import ../upstart-jobs/network-interfaces.nix) # security diff --git a/upstart-jobs/default.nix b/upstart-jobs/default.nix index 2de4ba70760..18c4d7f9e86 100644 --- a/upstart-jobs/default.nix +++ b/upstart-jobs/default.nix @@ -71,12 +71,6 @@ let jobs = map makeJob ([ - # Network interfaces. - (import ../upstart-jobs/network-interfaces.nix { - inherit modprobe config; - inherit (pkgs) nettools wirelesstools bash writeText; - }) - # Name service cache daemon. (import ../upstart-jobs/nscd.nix { inherit (pkgs) glibc; diff --git a/upstart-jobs/network-interfaces.nix b/upstart-jobs/network-interfaces.nix index 61469fffbd6..40803639331 100644 --- a/upstart-jobs/network-interfaces.nix +++ b/upstart-jobs/network-interfaces.nix @@ -1,7 +1,11 @@ -{nettools, modprobe, wirelesstools, bash, writeText, config}: +{pkgs, config, ...}: + +###### implementation let + inherit (pkgs) nettools wirelesstools bash writeText; + cfg = config.networking; # !!! use XML @@ -10,91 +14,96 @@ let subnetMasks = map (i: if i ? subnetMask then i.subnetMask else "default") cfg.interfaces; essids = map (i: if i ? essid then i.essid else "default") cfg.interfaces; wepKeys = map (i: if i ? wepKey then i.wepKey else "nokey") cfg.interfaces; + modprobe = config.system.sbin.modprobe; in + { - name = "network-interfaces"; - - job = '' - start on udev - stop on shutdown - - start script - export PATH=${modprobe}/sbin:$PATH - modprobe af_packet || true - - for i in $(cd /sys/class/net && ls -d *); do - echo "Bringing up network device $i..." - ${nettools}/sbin/ifconfig $i up || true - done - - # Configure the manually specified interfaces. - names=(${toString names}) - ipAddresses=(${toString ipAddresses}) - subnetMasks=(${toString subnetMasks}) - essids=(${toString essids}) - wepKeys=(${toString wepKeys}) - - for ((n = 0; n < ''${#names[*]}; n++)); do - name=''${names[$n]} - ipAddress=''${ipAddresses[$n]} - subnetMask=''${subnetMasks[$n]} - essid=''${essids[$n]} - wepKey=''${wepKeys[$n]} - - # Set wireless networking stuff. - if test "$essid" != default; then - ${wirelesstools}/sbin/iwconfig "$name" essid "$essid" || true - fi - - if test "$wepKey" != nokey; then - ${wirelesstools}/sbin/iwconfig "$name" key "$(cat "$wepKey")" || true - fi - - # Set IP address / netmask. - if test "$ipAddress" != dhcp; then - echo "Configuring interface $name..." - extraFlags= - if test "$subnetMask" != default; then - extraFlags="$extraFlags netmask $subnetMask" - fi - ${nettools}/sbin/ifconfig "$name" "$ipAddress" $extraFlags || true - fi - - done - - # Set the nameservers. - if test -n "${toString cfg.nameservers}"; then - rm -f /etc/resolv.conf - if test -n "${cfg.domain}"; then - echo "domain ${cfg.domain}" >> /etc/resolv.conf - fi - for i in ${toString cfg.nameservers}; do - echo "nameserver $i" >> /etc/resolv.conf - done - fi - - # Set the default gateway. - if test -n "${cfg.defaultGateway}"; then - ${nettools}/sbin/route add default gw "${cfg.defaultGateway}" || true - fi - - # Run any user-specified commands. - ${bash}/bin/sh ${writeText "local-net-cmds" cfg.localCommands} || true - - end script - - # Hack: Upstart doesn't yet support what we want: a service that - # doesn't have a running process associated with it. - respawn sleep 100000 - - stop script - for i in $(cd /sys/class/net && ls -d *); do - echo "Taking down network device $i..." - ${nettools}/sbin/ifconfig $i down || true - done - end script - ''; - + services = { + extraJobs = [{ + name = "network-interfaces"; + + job = '' + start on udev + stop on shutdown + + start script + export PATH=${modprobe}/sbin:$PATH + modprobe af_packet || true + + for i in $(cd /sys/class/net && ls -d *); do + echo "Bringing up network device $i..." + ${nettools}/sbin/ifconfig $i up || true + done + + # Configure the manually specified interfaces. + names=(${toString names}) + ipAddresses=(${toString ipAddresses}) + subnetMasks=(${toString subnetMasks}) + essids=(${toString essids}) + wepKeys=(${toString wepKeys}) + + for ((n = 0; n < ''${#names[*]}; n++)); do + name=''${names[$n]} + ipAddress=''${ipAddresses[$n]} + subnetMask=''${subnetMasks[$n]} + essid=''${essids[$n]} + wepKey=''${wepKeys[$n]} + + # Set wireless networking stuff. + if test "$essid" != default; then + ${wirelesstools}/sbin/iwconfig "$name" essid "$essid" || true + fi + + if test "$wepKey" != nokey; then + ${wirelesstools}/sbin/iwconfig "$name" key "$(cat "$wepKey")" || true + fi + + # Set IP address / netmask. + if test "$ipAddress" != dhcp; then + echo "Configuring interface $name..." + extraFlags= + if test "$subnetMask" != default; then + extraFlags="$extraFlags netmask $subnetMask" + fi + ${nettools}/sbin/ifconfig "$name" "$ipAddress" $extraFlags || true + fi + + done + + # Set the nameservers. + if test -n "${toString cfg.nameservers}"; then + rm -f /etc/resolv.conf + if test -n "${cfg.domain}"; then + echo "domain ${cfg.domain}" >> /etc/resolv.conf + fi + for i in ${toString cfg.nameservers}; do + echo "nameserver $i" >> /etc/resolv.conf + done + fi + + # Set the default gateway. + if test -n "${cfg.defaultGateway}"; then + ${nettools}/sbin/route add default gw "${cfg.defaultGateway}" || true + fi + + # Run any user-specified commands. + ${bash}/bin/sh ${writeText "local-net-cmds" cfg.localCommands} || true + + end script + + # Hack: Upstart doesn't yet support what we want: a service that + # doesn't have a running process associated with it. + respawn sleep 100000 + + stop script + for i in $(cd /sys/class/net && ls -d *); do + echo "Taking down network device $i..." + ${nettools}/sbin/ifconfig $i down || true + done + end script + ''; + }]; + }; } From 4a01e5afc8e83e35faf7c8aa96e541d36de1be85 Mon Sep 17 00:00:00 2001 From: Marc Weber Date: Fri, 6 Mar 2009 12:27:40 +0000 Subject: [PATCH 87/91] Convert "sncd" svn path=/nixos/branches/fix-style/; revision=14404 --- system/options.nix | 2 +- upstart-jobs/default.nix | 6 ---- upstart-jobs/nscd.nix | 73 ++++++++++++++++++++++------------------ 3 files changed, 42 insertions(+), 39 deletions(-) diff --git a/system/options.nix b/system/options.nix index 0a57304ab2b..5e0c6add507 100644 --- a/system/options.nix +++ b/system/options.nix @@ -424,7 +424,7 @@ in (import ../upstart-jobs/swap.nix) (import ../upstart-jobs/network-interfaces.nix) - + (import ../upstart-jobs/nscd.nix) # Name service cache daemon. # security (import ../system/sudo.nix) diff --git a/upstart-jobs/default.nix b/upstart-jobs/default.nix index 18c4d7f9e86..d7b6317b91b 100644 --- a/upstart-jobs/default.nix +++ b/upstart-jobs/default.nix @@ -71,12 +71,6 @@ let jobs = map makeJob ([ - # Name service cache daemon. - (import ../upstart-jobs/nscd.nix { - inherit (pkgs) glibc; - inherit nssModulesPath; - }) - # Handles the maintenance/stalled event (single-user shell). (import ../upstart-jobs/maintenance-shell.nix { inherit (pkgs) bash; diff --git a/upstart-jobs/nscd.nix b/upstart-jobs/nscd.nix index c88c219c63b..fe89cdc5646 100644 --- a/upstart-jobs/nscd.nix +++ b/upstart-jobs/nscd.nix @@ -1,35 +1,44 @@ -{glibc, nssModulesPath}: +{pkgs, config, ...}: + +###### implementation + +let + nssModulesPath = config.system.nssModules.path; +in { - name = "nscd"; - - users = [ - { name = "nscd"; - uid = (import ../system/ids.nix).uids.nscd; - description = "Name service cache daemon user"; - } - ]; - - job = " -description \"Name Service Cache Daemon\" - -start on startup -stop on shutdown - -env LD_LIBRARY_PATH=${nssModulesPath} - -start script - - mkdir -m 0755 -p /var/run/nscd - mkdir -m 0755 -p /var/db/nscd - - rm -f /var/db/nscd/* # for testing - -end script - -# !!! -d turns on debug info which probably makes nscd slower -# 2>/dev/null is to make it shut up -respawn ${glibc}/sbin/nscd -f ${./nscd.conf} -d 2> /dev/null - "; - + services = { + extraJobs = [{ + name = "nscd"; + + users = [ + { name = "nscd"; + uid = (import ../system/ids.nix).uids.nscd; + description = "Name service cache daemon user"; + } + ]; + + job = '' + description \"Name Service Cache Daemon\" + + start on startup + stop on shutdown + + env LD_LIBRARY_PATH=${nssModulesPath} + + start script + + mkdir -m 0755 -p /var/run/nscd + mkdir -m 0755 -p /var/db/nscd + + rm -f /var/db/nscd/* # for testing + + end script + + # !!! -d turns on debug info which probably makes nscd slower + # 2>/dev/null is to make it shut up + respawn ${pkgs.glibc}/sbin/nscd -f ${./nscd.conf} -d 2> /dev/null + ''; + }]; + }; } From f76096bdf9cce5b5104890da391623f0559a48e7 Mon Sep 17 00:00:00 2001 From: Marc Weber Date: Fri, 6 Mar 2009 12:27:42 +0000 Subject: [PATCH 88/91] Convert "maintenance-shell" svn path=/nixos/branches/fix-style/; revision=14405 --- system/options.nix | 1 + upstart-jobs/default.nix | 5 ---- upstart-jobs/maintenance-shell.nix | 37 +++++++++++++++++------------- 3 files changed, 22 insertions(+), 21 deletions(-) diff --git a/system/options.nix b/system/options.nix index 5e0c6add507..df77eeb1a34 100644 --- a/system/options.nix +++ b/system/options.nix @@ -425,6 +425,7 @@ in (import ../upstart-jobs/swap.nix) (import ../upstart-jobs/network-interfaces.nix) (import ../upstart-jobs/nscd.nix) # Name service cache daemon. + (import ../upstart-jobs/maintenance-shell.nix) # Handles the maintenance/stalled event (single-user shell). # security (import ../system/sudo.nix) diff --git a/upstart-jobs/default.nix b/upstart-jobs/default.nix index d7b6317b91b..9aaa3e38f82 100644 --- a/upstart-jobs/default.nix +++ b/upstart-jobs/default.nix @@ -71,11 +71,6 @@ let jobs = map makeJob ([ - # Handles the maintenance/stalled event (single-user shell). - (import ../upstart-jobs/maintenance-shell.nix { - inherit (pkgs) bash; - }) - # Ctrl-alt-delete action. (import ../upstart-jobs/ctrl-alt-delete.nix) diff --git a/upstart-jobs/maintenance-shell.nix b/upstart-jobs/maintenance-shell.nix index 9e2acdaa0f5..8481f4283f5 100644 --- a/upstart-jobs/maintenance-shell.nix +++ b/upstart-jobs/maintenance-shell.nix @@ -1,19 +1,24 @@ -{bash}: +{pkgs, config, ...}: + +###### implementation { - name = "maintenance-shell"; - - job = " -start on maintenance -start on stalled - -script - exec < /dev/tty1 > /dev/tty1 2>&1 - echo \"\" - echo \"<<< MAINTENANCE SHELL >>>\" - echo \"\" - exec ${bash}/bin/sh -end script - "; - + services = { + extraJobs = [{ + name = "maintenance-shell"; + + job = '' + start on maintenance + start on stalled + + script + exec < /dev/tty1 > /dev/tty1 2>&1 + echo \"\" + echo \"<<< MAINTENANCE SHELL >>>\" + echo \"\" + exec ${pkgs.bash}/bin/sh + end script + ''; + }]; + }; } From 76f7978cc60cfa592a4ae3b12ce01cc0d2582122 Mon Sep 17 00:00:00 2001 From: Marc Weber Date: Fri, 6 Mar 2009 12:27:45 +0000 Subject: [PATCH 89/91] Convert "ctrl-alt-delete" svn path=/nixos/branches/fix-style/; revision=14406 --- system/options.nix | 2 ++ upstart-jobs/ctrl-alt-delete.nix | 28 ++++++++++++++++++---------- upstart-jobs/default.nix | 8 +------- 3 files changed, 21 insertions(+), 17 deletions(-) diff --git a/system/options.nix b/system/options.nix index df77eeb1a34..6b24af8309f 100644 --- a/system/options.nix +++ b/system/options.nix @@ -426,6 +426,8 @@ in (import ../upstart-jobs/network-interfaces.nix) (import ../upstart-jobs/nscd.nix) # Name service cache daemon. (import ../upstart-jobs/maintenance-shell.nix) # Handles the maintenance/stalled event (single-user shell). + (import ../upstart-jobs/ctrl-alt-delete.nix) # Ctrl-alt-delete action. + # security (import ../system/sudo.nix) diff --git a/upstart-jobs/ctrl-alt-delete.nix b/upstart-jobs/ctrl-alt-delete.nix index 126154bae73..6f58606b5cd 100644 --- a/upstart-jobs/ctrl-alt-delete.nix +++ b/upstart-jobs/ctrl-alt-delete.nix @@ -1,12 +1,20 @@ -{ - name = "ctrl-alt-delete"; - - job = " -on ctrlaltdel +{pkgs, config, ...}: -script - shutdown -r now 'Ctrl-Alt-Delete pressed' -end script - "; - +###### implementation + +{ + + services = { + extraJobs = [{ + name = "ctrl-alt-delete"; + + job = '' + on ctrlaltdel + + script + shutdown -r now 'Ctrl-Alt-Delete pressed' + end script + ''; + }]; + }; } diff --git a/upstart-jobs/default.nix b/upstart-jobs/default.nix index 9aaa3e38f82..5db0ccdd5a5 100644 --- a/upstart-jobs/default.nix +++ b/upstart-jobs/default.nix @@ -68,13 +68,7 @@ let requiredTTYs = config.requiredTTYs; - jobs = map makeJob - ([ - - # Ctrl-alt-delete action. - (import ../upstart-jobs/ctrl-alt-delete.nix) - - ]) + jobs = map makeJob [] # ifplugd daemon for monitoring Ethernet cables. ++ optional config.networking.interfaceMonitor.enable From 8cad533a762e777cd32783c4dd09b43ef072e04d Mon Sep 17 00:00:00 2001 From: Marc Weber Date: Fri, 6 Mar 2009 12:27:47 +0000 Subject: [PATCH 90/91] Convert "reboot/halt" events svn path=/nixos/branches/fix-style/; revision=14407 --- system/options.nix | 1 + upstart-jobs/default.nix | 9 -- upstart-jobs/halt.nix | 207 +++++++++++++++++++++------------------ 3 files changed, 113 insertions(+), 104 deletions(-) diff --git a/system/options.nix b/system/options.nix index 6b24af8309f..fdb224b6788 100644 --- a/system/options.nix +++ b/system/options.nix @@ -427,6 +427,7 @@ in (import ../upstart-jobs/nscd.nix) # Name service cache daemon. (import ../upstart-jobs/maintenance-shell.nix) # Handles the maintenance/stalled event (single-user shell). (import ../upstart-jobs/ctrl-alt-delete.nix) # Ctrl-alt-delete action. + (import ../upstart-jobs/halt.nix) # FIXME (assertion) # Handles the reboot/halt events. # security diff --git a/upstart-jobs/default.nix b/upstart-jobs/default.nix index 5db0ccdd5a5..85c5622bf4d 100644 --- a/upstart-jobs/default.nix +++ b/upstart-jobs/default.nix @@ -77,15 +77,6 @@ let inherit config; }) - # Handles the reboot/halt events. - ++ (map - (event: makeJob (import ../upstart-jobs/halt.nix { - inherit (pkgs) bash utillinux; - inherit event; - })) - ["reboot" "halt" "system-halt" "power-off"] - ) - # User-defined events. ++ (map makeJob (config.services.extraJobs)); diff --git a/upstart-jobs/halt.nix b/upstart-jobs/halt.nix index 9e6c798ea86..d98a3b5eea4 100644 --- a/upstart-jobs/halt.nix +++ b/upstart-jobs/halt.nix @@ -1,103 +1,120 @@ -{bash, event, utillinux}: +{pkgs, config, ...}: +###### implementation + + +/* FIXME assert event == "reboot" || event == "halt" || event == "system-halt" || event == "power-off"; +*/ + +let + + inherit (pkgs) bash utillinux; + + jobFun = event : { + name = "sys-" + event; + + job = '' + start on ${event} + + script + set +e # continue in case of errors + + exec < /dev/tty1 > /dev/tty1 2>&1 + echo "" + echo "<<< SYSTEM SHUTDOWN >>>" + echo "" + + export PATH=${utillinux}/bin:${utillinux}/sbin:$PATH + + + # Set the hardware clock to the system time. + echo "Setting the hardware clock..." + hwclock --systohc --utc || true + + + # Do an initial sync just in case. + sync || true + + + # Kill all remaining processes except init and this one. + echo "Sending the TERM signal to all processes..." + kill -TERM -1 || true + + sleep 1 # wait briefly + + echo "Sending the KILL signal to all processes..." + kill -KILL -1 || true + + + # Unmount helper functions. + getMountPoints() { + cat /proc/mounts \ + | grep -v '^rootfs' \ + | sed 's|^[^ ]\+ \+\([^ ]\+\).*|\1|' \ + | grep -v '/proc\|/sys\|/dev' + } + + getDevice() { + local mountPoint=$1 + cat /proc/mounts \ + | grep -v '^rootfs' \ + | grep "^[^ ]\+ \+$mountPoint \+" \ + | sed 's|^\([^ ]\+\).*|\1|' + } + + # Unmount file systems. We repeat this until no more file systems + # can be unmounted. This is to handle loopback devices, file + # systems mounted on other file systems and so on. + tryAgain=1 + while test -n "$tryAgain"; do + tryAgain= + + for mp in $(getMountPoints); do + device=$(getDevice $mp) + echo "unmounting $mp..." + if umount -f -n "$mp"; then + if test "$mp" != /; then tryAgain=1; fi + else + mount -n -o remount,ro "$mp" || true + fi + + # Hack: work around a bug in mount (mount -o remount on a + # loop device forgets the loop=/dev/loopN entry in + # /etc/mtab). + if echo "$device" | grep -q '/dev/loop'; then + echo "removing loop device $device..." + losetup -d "$device" || true + fi + done + done + + cat /proc/mounts + + + # Final sync. + sync || true + + + # Right now all events above power off the system. + if test ${event} = reboot; then + exec reboot -f + else + exec halt -f -p + fi + + end script + ''; + }; + +in + { - name = "sys-" + event; - - job = " -start on ${event} - -script - set +e # continue in case of errors - - exec < /dev/tty1 > /dev/tty1 2>&1 - echo \"\" - echo \"<<< SYSTEM SHUTDOWN >>>\" - echo \"\" - - export PATH=${utillinux}/bin:${utillinux}/sbin:$PATH - - - # Set the hardware clock to the system time. - echo \"Setting the hardware clock...\" - hwclock --systohc --utc || true - - - # Do an initial sync just in case. - sync || true - - - # Kill all remaining processes except init and this one. - echo \"Sending the TERM signal to all processes...\" - kill -TERM -1 || true - - sleep 1 # wait briefly - - echo \"Sending the KILL signal to all processes...\" - kill -KILL -1 || true - - - # Unmount helper functions. - getMountPoints() { - cat /proc/mounts \\ - | grep -v '^rootfs' \\ - | sed 's|^[^ ]\\+ \\+\\([^ ]\\+\\).*|\\1|' \\ - | grep -v '/proc\\|/sys\\|/dev' - } - - getDevice() { - local mountPoint=$1 - cat /proc/mounts \\ - | grep -v '^rootfs' \\ - | grep \"^[^ ]\\+ \\+$mountPoint \\+\" \\ - | sed 's|^\\([^ ]\\+\\).*|\\1|' - } - - # Unmount file systems. We repeat this until no more file systems - # can be unmounted. This is to handle loopback devices, file - # systems mounted on other file systems and so on. - tryAgain=1 - while test -n \"$tryAgain\"; do - tryAgain= - - for mp in $(getMountPoints); do - device=$(getDevice $mp) - echo \"unmounting $mp...\" - if umount -f -n \"$mp\"; then - if test \"$mp\" != /; then tryAgain=1; fi - else - mount -n -o remount,ro \"$mp\" || true - fi - - # Hack: work around a bug in mount (mount -o remount on a - # loop device forgets the loop=/dev/loopN entry in - # /etc/mtab). - if echo \"$device\" | grep -q '/dev/loop'; then - echo \"removing loop device $device...\" - losetup -d \"$device\" || true - fi - done - done - - cat /proc/mounts - - - # Final sync. - sync || true - - - # Right now all events above power off the system. - if test ${event} = reboot; then - exec reboot -f - else - exec halt -f -p - fi - -end script - "; - + services = { + extraJobs = map jobFun ["reboot" "halt" "system-halt" "power-off"]; + }; } From 321763dd84a8e701e384383428e26db6d9beb31f Mon Sep 17 00:00:00 2001 From: Marc Weber Date: Fri, 6 Mar 2009 12:27:50 +0000 Subject: [PATCH 91/91] Convert "ifplugd" (interfaceMonitor) svn path=/nixos/branches/fix-style/; revision=14408 --- system/options.nix | 24 +------------- upstart-jobs/default.nix | 7 ---- upstart-jobs/ifplugd.nix | 69 ++++++++++++++++++++++++++++++++-------- 3 files changed, 57 insertions(+), 43 deletions(-) diff --git a/system/options.nix b/system/options.nix index fdb224b6788..53a3d11d7f6 100644 --- a/system/options.nix +++ b/system/options.nix @@ -245,29 +245,6 @@ in "; }; - interfaceMonitor = { - - enable = mkOption { - default = false; - description = " - If true, monitor Ethernet interfaces for - cables being plugged in or unplugged. When this occurs, the - dhclient service is restarted to - automatically obtain a new IP address. This is useful for - roaming users (laptops). - "; - }; - - beep = mkOption { - default = false; - description = " - If true, beep when an Ethernet cable is - plugged in or unplugged. - "; - }; - - }; - defaultMailServer = { directDelivery = mkOption { @@ -428,6 +405,7 @@ in (import ../upstart-jobs/maintenance-shell.nix) # Handles the maintenance/stalled event (single-user shell). (import ../upstart-jobs/ctrl-alt-delete.nix) # Ctrl-alt-delete action. (import ../upstart-jobs/halt.nix) # FIXME (assertion) # Handles the reboot/halt events. + (import ../upstart-jobs/ifplugd.nix) # ifplugd daemon for monitoring Ethernet cables. # security diff --git a/upstart-jobs/default.nix b/upstart-jobs/default.nix index 85c5622bf4d..57f0006eb8a 100644 --- a/upstart-jobs/default.nix +++ b/upstart-jobs/default.nix @@ -70,13 +70,6 @@ let jobs = map makeJob [] - # ifplugd daemon for monitoring Ethernet cables. - ++ optional config.networking.interfaceMonitor.enable - (import ../upstart-jobs/ifplugd.nix { - inherit (pkgs) ifplugd writeScript bash; - inherit config; - }) - # User-defined events. ++ (map makeJob (config.services.extraJobs)); diff --git a/upstart-jobs/ifplugd.nix b/upstart-jobs/ifplugd.nix index 4536ee8b41e..c1b9c4e5620 100644 --- a/upstart-jobs/ifplugd.nix +++ b/upstart-jobs/ifplugd.nix @@ -1,7 +1,42 @@ -{ifplugd, config, writeScript, bash}: +{pkgs, config, ...}: + +###### interface +let + inherit (pkgs.lib) mkOption mkIf; + + options = { + networking = { + interfaceMonitor = { + + enable = mkOption { + default = false; + description = " + If true, monitor Ethernet interfaces for + cables being plugged in or unplugged. When this occurs, the + dhclient service is restarted to + automatically obtain a new IP address. This is useful for + roaming users (laptops). + "; + }; + + beep = mkOption { + default = false; + description = " + If true, beep when an Ethernet cable is + plugged in or unplugged. + "; + }; + }; + }; + }; +in + +###### implementation let + inherit (pkgs) ifplugd writeScript bash; + # The ifplugd action script, which is called whenever the link # status changes (i.e., a cable is plugged in or unplugged). We do # nothing when a cable is unplugged. When a cable is plugged in, we @@ -17,19 +52,27 @@ let in -{ - name = "ifplugd"; +mkIf config.networking.interfaceMonitor.enable { + require = [ + options + ]; - extraPath = [ifplugd]; - - job = " -description \"Network interface connectivity monitor\" + services = { + extraJobs = [{ + name = "ifplugd"; -start on network-interfaces/started -stop on network-interfaces/stop + extraPath = [ifplugd]; + + job = '' + description "Network interface connectivity monitor" -respawn ${ifplugd}/sbin/ifplugd --no-daemon --no-startup --no-shutdown \\ - ${if config.networking.interfaceMonitor.beep then "" else "--no-beep"} \\ - --run ${plugScript}"; - + start on network-interfaces/started + stop on network-interfaces/stop + + respawn ${ifplugd}/sbin/ifplugd --no-daemon --no-startup --no-shutdown \ + ${if config.networking.interfaceMonitor.beep then "" else "--no-beep"} \ + --run ${plugScript} + ''; + }]; + }; }