public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

* Synced with branches/fix-style @ 14408

Browse Source 
svn path=/nixos/branches/modular-nixos/; revision=14949
This commit is contained in:
Nicolas Pierron 2009-04-08 13:46:34 +00:00
commit 57a524368b
60 changed files with 4326 additions and 3852 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
doc/config-examples/svn-server.nix
View File

@ -17,6 +17,7 @@
httpd = { httpd = {
enable = true; enable = true;
experimental = true;
adminAddr = "admin@example.org"; adminAddr = "admin@example.org";
subservices = { subservices = {

42
etc/default.nix
View File

@ -129,32 +129,6 @@ let
target = "inputrc"; target = "inputrc";
} }
{ # Nix configuration.
source =
let
# Tricky: if we're using a chroot for builds, then we need
# /bin/sh in the chroot (our own compromise to purity).
# However, since /bin/sh is a symlink to some path in the
# Nix store, which furthermore has runtime dependencies on
# other paths in the store, we need the closure of /bin/sh
# in `build-chroot-dirs' - otherwise any builder that uses
# /bin/sh won't work.
refs = pkgs.writeReferencesToFile binsh;
in
pkgs.runCommand "nix.conf" {} ''
binshDeps=$(for i in $(cat ${refs}); do if test -d $i; then echo $i; fi; done)
cat > $out <<END
# WARNING: this file is generated.
build-users-group = nixbld
build-max-jobs = ${toString (config.nix.maxJobs)}
build-use-chroot = ${if config.nix.useChroot then "true" else "false"}
build-chroot-dirs = /dev /dev/pts /proc /bin $(echo $binshDeps)
${config.nix.extraOptions}
END
'';
target = "nix.conf"; # will be symlinked from /nix/etc/nix/nix.conf in activate-configuration.sh.
}
{ # Script executed when the shell starts as a non-login shell (user version). { # Script executed when the shell starts as a non-login shell (user version).
source = ./skel/bashrc; source = ./skel/bashrc;
target = "skel/.bashrc"; target = "skel/.bashrc";
@ -187,15 +161,6 @@ let
target = "ssmtp/ssmtp.conf"; target = "ssmtp/ssmtp.conf";
} }
# LDAP configuration.
++ optional config.users.ldap.enable {
source = import ./ldap.conf.nix {
inherit (pkgs) writeText;
inherit config;
};
target = "ldap.conf";
}
# A bunch of PAM configuration files for various programs. # A bunch of PAM configuration files for various programs.
++ (map ++ (map
(program: (program:
@ -241,13 +206,6 @@ let
target = "nix.machines"; target = "nix.machines";
} }
# unixODBC drivers (this solution is not perfect.. Because the user has to
# ask the admin to add a driver.. but it's an easy solution which works)
++ (let inis = config.environment.unixODBCDrivers pkgs;
in optional (inis != [] ) {
source = pkgs.writeText "odbcinst.ini" (pkgs.lib.concatStringsSep "\n" inis);
target = "odbcinst.ini";
})
; ;
in in

8
system/activate-configuration.nix
View File

@ -3,7 +3,8 @@
let let
inherit (pkgs.stringsWithDeps) textClosureOverridable noDepEntry; inherit (pkgs.stringsWithDeps) textClosureOverridable noDepEntry;
inherit (pkgs.lib) mkOption mergeTypedOption mergeAttrs mapRecordFlatten mapAttrs; inherit (pkgs.lib) mkOption mergeTypedOption mergeAttrs mapRecordFlatten
mapAttrs addErrorContext fold;
textClosure = steps: textClosure = steps:
textClosureOverridable steps ( textClosureOverridable steps (
@ -44,8 +45,9 @@ in
Activate the new configuration (i.e., update /etc, make accounts, Activate the new configuration (i.e., update /etc, make accounts,
and so on). and so on).
''; '';
merge = mergeTypedOption "script" builtins.isAttrs mergeAttrs; merge = mergeTypedOption "script" builtins.isAttrs (fold mergeAttrs {});
apply = set: let lib = addAttributeName set; in { apply = set:
let lib = addAttributeName set; in {
inherit lib; # used to fetch dependencies. inherit lib; # used to fetch dependencies.
script = aggregateScripts "activationScript" lib; script = aggregateScripts "activationScript" lib;
}; };

47
system/i18n.nix Normal file
View File

@ -0,0 +1,47 @@
{pkgs, config, ...}:
###### interface
let
inherit (pkgs.lib) mkOption mkIf;
options = {
i18n = {
defaultLocale = mkOption {
default = "en_US.UTF-8";
example = "nl_NL.UTF-8";
description = "
The default locale. It determines the language for program
messages, the format for dates and times, sort order, and so on.
It also determines the character set, such as UTF-8.
";
};
consoleFont = mkOption {
default = "lat9w-16";
example = "LatArCyrHeb-16";
description = "
The font used for the virtual consoles. Leave empty to use
whatever the <command>setfont</command> program considers the
default font.
";
};
consoleKeyMap = mkOption {
default = "us";
example = "fr";
description = "
The keyboard mapping table for the virtual consoles.
";
};
};
};
in
###### implementation
mkIf config.services.pulseaudio.enable {
require = [
options
];
}

67
system/nixos-environment.nix Normal file
View File

@ -0,0 +1,67 @@
{pkgs, config, ...}:
let
inherit (pkgs.lib) mergeOneOption mkOption mkIf;
in
{
require = [
{
environment = {
checkConfigurationOptions = mkOption {
default = true;
example = false;
description = "
If all configuration options must be checked. Non-existing options fail build.
";
};
nix = mkOption {
default = pkgs.nixUnstable;
example = pkgs.nixCustomFun /root/nix.tar.gz;
merge = mergeOneOption;
description = "
Use non-default Nix easily. Be careful, though, not to break everything.
";
};
extraPackages = mkOption {
default = [];
example = [pkgs.firefox pkgs.thunderbird];
description = "
This option allows you to add additional packages to the system
path. These packages are automatically available to all users,
and they are automatically updated every time you rebuild the
system configuration. (The latter is the main difference with
installing them in the default profile,
<filename>/nix/var/nix/profiles/default</filename>. The value
of this option must be a function that returns a list of
packages. The function will be called with the Nix Packages
collection as its argument for convenience.
";
};
pathsToLink = mkOption {
default = ["/bin" "/sbin" "/lib" "/share" "/man" "/info" "/etc"];
example = ["/"];
description = "
Lists directories to be symlinked in `/var/run/current-system/sw'.
";
};
cleanStart = mkOption {
default = false;
example = true;
description = "
There are some times when you want really small system for specific
purpose and do not want default package list. Setting
<varname>cleanStart</varname> to <literal>true</literal> allows you
to create a system with empty path - only extraPackages will be
included.
";
};
};
}
];
}

98
system/nixos-installer.nix Normal file
View File

@ -0,0 +1,98 @@
{pkgs, config, ...}:
###### interface
let
inherit (pkgs.lib) mkOption mkIf;
options = {
installer = {
nixpkgsURL = mkOption {
default = "";
example = http://nixos.org/releases/nix/nixpkgs-0.11pre7577;
description = "
URL of the Nixpkgs distribution to use when building the
installation CD.
";
};
repos = {
nixos = mkOption {
default = [ { type = "svn"; } ];
example = [ { type = "svn"; url = "https://svn.nixos.org/repos/nix/nixos/branches/stdenv-updates"; target = "/etc/nixos/nixos-stdenv-updates"; }
{ type = "git"; initialize = ''git clone git://mawercer.de/nixos $target''; update = "git pull origin"; target = "/etc/nixos/nixos-git"; }
];
description = ''
The NixOS repository from which the system will be built.
<command>nixos-checkout</command> will update all working
copies of the given repositories,
<command>nixos-rebuild</command> will use the first item
which has the attribute <literal>default = true</literal>
falling back to the first item. The type defines the
repository tool added to the path. It also defines a "valid"
repository. If the target directory already exists and it's
not valid it will be moved to the backup location
<filename><replaceable>dir</replaceable>-date</filename>.
For svn the default target and repositories are
<filename>/etc/nixos/nixos</filename> and
<filename>https://svn.nixos.org/repos/nix/nixos/trunk</filename>.
For git repositories update is called after initialization
when the repo is initialized. The initialize code is run
from working directory dirname
<replaceable>target</replaceable> and should create the
directory
<filename><replaceable>dir</replaceable></filename>. (<command>git
clone url nixos/nixpkgs/services</command> should do) For
the executables used see <option>repoTypes</option>.
'';
};
nixpkgs = mkOption {
default = [ { type = "svn"; } ];
description = "same as <option>repos.nixos</option>";
};
services = mkOption {
default = [ { type = "svn"; } ];
description = "same as <option>repos.nixos</option>";
};
};
repoTypes = mkOption {
default = {
svn = { valid = "[ -d .svn ]"; env = [ pkgs.coreutils pkgs.subversion ]; };
git = { valid = "[ -d .git ]"; env = [ pkgs.coreutils pkgs.git pkgs.gnused /* FIXME: use full path to sed in nix-pull */ ]; };
};
description = ''
Defines, for each supported version control system
(e.g. <literal>git</literal>), the dependencies for the
mechanism, as well as a test used to determine whether a
directory is a checkout created by that version control
system.
'';
};
manifests = mkOption {
default = [http://nixos.org/releases/nixpkgs/channels/nixpkgs-unstable/MANIFEST];
example =
[ http://nixos.org/releases/nixpkgs/channels/nixpkgs-unstable/MANIFEST
http://nixos.org/releases/nixpkgs/channels/nixpkgs-stable/MANIFEST
];
description = "
URLs of manifests to be downloaded when you run
<command>nixos-rebuild</command> to speed up builds.
";
};
};
};
in
###### implementation
mkIf config.services.pulseaudio.enable {
require = [
options
];
}

49
system/nixos-security.nix Normal file
View File

@ -0,0 +1,49 @@
{pkgs, config, ...}:
let
inherit (pkgs.lib) mergeOneOption mkOption mkIf;
in
{
require = [
{
security = {
setuidPrograms = mkOption {
default = [
"passwd" "su" "crontab" "ping" "ping6"
"fusermount" "wodim" "cdrdao" "growisofs"
];
description = "
Only the programs from system path listed her will be made setuid root
(through a wrapper program). It's better to set
<option>security.extraSetuidPrograms</option>.
";
};
extraSetuidPrograms = mkOption {
default = [];
example = ["fusermount"];
description = "
This option lists additional programs that must be made setuid
root.
";
};
setuidOwners = mkOption {
default = [];
example = [{
program = "sendmail";
owner = "nodody";
group = "postdrop";
setuid = false;
setgid = true;
}];
description = ''
List of non-trivial setuid programs from system path, like Postfix sendmail. Default
should probably be nobody:nogroup:false:false - if you are bothering
doing anything with a setuid program, "root.root u+s g-s" is not what
you are aiming at..
'';
};
};
}
];
}

1912
system/options.nix
View File

File diff suppressed because it is too large Load Diff

43
system/unix-odbc-drivers.nix Normal file
View File

@ -0,0 +1,43 @@
{pkgs, config, ...}:
###### interface
let
inherit (pkgs.lib) mkOption mkIf;
options = {
environment = {
unixODBCDrivers = mkOption {
default = [];
example = "map (x : x.ini) (with pkgs.unixODBCDrivers; [ mysql psql psqlng ] )";
description = ''
specifies unix odbc drivers to be registered at /etc/odbcinst.ini.
Maybe you also want to add pkgs.unixODBC to the system path to get a
command line client t connnect to odbc databases.
'';
};
};
};
in
###### implementation
# unixODBC drivers (this solution is not perfect.. Because the user has to
# ask the admin to add a driver.. but it's simple and works
mkIf (config.environment.unixODBCDrivers != []) {
require = [
options
];
environment = {
etc = [
{ source =
let inis = config.environment.unixODBCDrivers;
in pkgs.writeText "odbcinst.ini" (pkgs.lib.concatStringsSep "\n" inis);
target = "odbcinst.ini";
}
];
};
}

9
system/users-groups.nix
View File

@ -143,6 +143,9 @@ let
inherit (pkgs.stringsWithDeps) FullDepEntry; inherit (pkgs.stringsWithDeps) FullDepEntry;
activateLib = config.system.activationScripts.lib; activateLib = config.system.activationScripts.lib;
# keep this extra file so that cat can be used to pass special chars such as "`" which is used in the avahi daemon
usersFile = pkgs.writeText "users" (concatStringsSep "\n" (map serializedUser users));
in in
{ {
@ -157,7 +160,7 @@ in
activationScripts = { activationScripts = {
users = FullDepEntry '' users = FullDepEntry ''
while true; do cat ${usersFile} | while true; do
read name || break read name || break
read description read description
read uid read uid
@ -198,9 +201,7 @@ in
''${home:+--home "$home"} \ ''${home:+--home "$home"} \
--shell "$shell" --shell "$shell"
fi fi
done <<EndOfUserList done
${concatStringsSep "\n" (map serializedUser users)}
EndOfUserList
'' [ '' [
activateLib.groups activateLib.groups
]; ];

14
test/test-config-examples.sh Executable file
View File

@ -0,0 +1,14 @@
#!/bin/sh
# This script try to evaluate all configurations which are stored in
# doc/config-examples. This script is useful to ensure that examples are
# working with the current system.
pwd=$(pwd)
set -xe
for i in ../doc/config-examples/*.nix; do
NIXOS_CONFIG="$pwd/$i" nix-instantiate \
--eval-only --xml --strict > /dev/null 2>&1 \
../default.nix -A system
done
set +xe

56
upstart-jobs/acpid.nix
View File

@ -1,5 +1,22 @@
{pkgs, config, ...}: {pkgs, config, ...}:
###### interface
let
inherit (pkgs.lib) mkOption mkIf;
options = {
powerManagement = {
enable = mkOption {
default = false;
description = "Whether to enable power management (ACPI daemon)";
};
};
};
in
###### implementation
let let
acpiConfDir = pkgs.runCommand "acpi-events" {} acpiConfDir = pkgs.runCommand "acpi-events" {}
@ -17,9 +34,7 @@ let
in pkgs.lib.concatMapStrings f events in pkgs.lib.concatMapStrings f events
} }
''; '';
events = [powerEvent lidEvent acEvent];
# Called when the power button is pressed. # Called when the power button is pressed.
powerEvent = powerEvent =
{ name = "power-button"; { name = "power-button";
@ -29,7 +44,7 @@ let
#! ${pkgs.bash}/bin/sh #! ${pkgs.bash}/bin/sh
''; '';
}; };
# Called when the laptop lid is opened/closed. # Called when the laptop lid is opened/closed.
lidEvent = lidEvent =
{ name = "lid"; { name = "lid";
@ -47,7 +62,7 @@ let
fi fi
''; '';
}; };
# Called when the AC power is connected or disconnected. # Called when the AC power is connected or disconnected.
acEvent = acEvent =
{ name = "ac-power"; { name = "ac-power";
@ -64,20 +79,27 @@ let
''; '';
}; };
events = [powerEvent lidEvent acEvent];
in in
{ mkIf config.powerManagement.enable {
name = "acpid"; require = [
options
extraPath = [pkgs.acpid]; ];
job = ''
description "ACPI daemon"
start on udev services = {
stop on shutdown extraJobs = [{
name = "acpid";
respawn ${pkgs.acpid}/sbin/acpid --foreground --confdir ${acpiConfDir} job = ''
''; description "ACPI daemon"
start on udev
stop on shutdown
respawn ${pkgs.acpid}/sbin/acpid --foreground --confdir ${acpiConfDir}
'';
}];
};
} }

309
upstart-jobs/apache-httpd/default.nix
View File

@ -1,6 +1,209 @@
{config, pkgs}: {pkgs, config, ...}:
###### interface
let let
inherit (pkgs.lib) mkOption mkIf;
options = {
services = {
httpd = {
enable = mkOption {
default = false;
description = "
Whether to enable the Apache httpd server.
";
};
experimental = mkOption {
default = false;
description = "
Whether to use the new-style Apache configuration.
";
};
extraConfig = mkOption {
default = "";
description = "
These configuration lines will be passed verbatim to the apache config
";
};
extraModules = mkOption {
default = [];
example = [ "proxy_connect" { name = "php5_module"; path = "${pkgs.php}/modules/libphp5.so"; } ];
description = ''
Specifies additional Apache modules. These can be specified
as a string in the case of modules distributed with Apache,
or as an attribute set specifying the
<varname>name</varname> and <varname>path</varname> of the
module.
'';
};
logPerVirtualHost = mkOption {
default = false;
description = "
If enabled, each virtual host gets its own
<filename>access_log</filename> and
<filename>error_log</filename>, namely suffixed by the
<option>hostName</option> of the virtual host.
";
};
user = mkOption {
default = "wwwrun";
description = "
User account under which httpd runs. The account is created
automatically if it doesn't exist.
";
};
group = mkOption {
default = "wwwrun";
description = "
Group under which httpd runs. The account is created
automatically if it doesn't exist.
";
};
logDir = mkOption {
default = "/var/log/httpd";
description = "
Directory for Apache's log files. It is created automatically.
";
};
stateDir = mkOption {
default = "/var/run/httpd";
description = "
Directory for Apache's transient runtime state (such as PID
files). It is created automatically. Note that the default,
<filename>/var/run/httpd</filename>, is deleted at boot time.
";
};
mod_php = mkOption {
default = false;
description = "Whether to enable the PHP module.";
};
mod_jk = {
enable = mkOption {
default = false;
description = "Whether to enable the Apache Tomcat connector.";
};
applicationMappings = mkOption {
default = [];
description = "List of Java webapplications that should be mapped to the servlet container (Tomcat/JBoss)";
};
};
virtualHosts = mkOption {
default = [];
example = [
{ hostName = "foo";
documentRoot = "/data/webroot-foo";
}
{ hostName = "bar";
documentRoot = "/data/webroot-bar";
}
];
description = ''
Specification of the virtual hosts served by Apache. Each
element should be an attribute set specifying the
configuration of the virtual host. The available options
are the non-global options permissible for the main host.
'';
};
subservices = {
# !!! remove this
subversion = {
enable = mkOption {
default = false;
description = "
Whether to enable the Subversion subservice in the webserver.
";
};
notificationSender = mkOption {
default = "svn-server@example.org";
example = "svn-server@example.org";
description = "
The email address used in the Sender field of commit
notification messages sent by the Subversion subservice.
";
};
userCreationDomain = mkOption {
default = "example.org";
example = "example.org";
description = "
The domain from which user creation is allowed. A client can
only create a new user account if its IP address resolves to
this domain.
";
};
autoVersioning = mkOption {
default = false;
description = "
Whether you want the Subversion subservice to support
auto-versioning, which enables Subversion repositories to be
mounted as read/writable file systems on operating systems that
support WebDAV.
";
};
dataDir = mkOption {
default = "/no/such/path/exists";
description = "
Place to put SVN repository.
";
};
organization = {
name = mkOption {
default = null;
description = "
Name of the organization hosting the Subversion service.
";
};
url = mkOption {
default = null;
description = "
URL of the website of the organization hosting the Subversion service.
";
};
logo = mkOption {
default = null;
description = "
Logo the organization hosting the Subversion service.
";
};
};
};
};
} // # Include the options shared between the main server and virtual hosts.
(import ../../upstart-jobs/apache-httpd/per-server-options.nix {
inherit mkOption;
forMainServer = true;
});
};
};
###### implementation
mainCfg = config.services.httpd; mainCfg = config.services.httpd;
@ -361,65 +564,75 @@ let
in in
{
name = "httpd"; mkIf (config.services.httpd.enable && config.services.httpd.experimental) {
require = [
users = [ options
{ name = mainCfg.user;
description = "Apache httpd user";
}
]; ];
groups = [ users = {
{ name = mainCfg.group; extraUsers = [
} { name = mainCfg.user;
]; description = "Apache httpd user";
}
];
extraGroups = [
{ name = mainCfg.group;
}
];
};
extraPath = [httpd] ++ concatMap (svc: svc.extraPath) allSubservices; services = {
extraJobs = [{
name = "httpd";
# Statically verify the syntactic correctness of the generated extraPath = [httpd] ++ concatMap (svc: svc.extraPath) allSubservices;
# httpd.conf. !!! this is impure! It doesn't just check for
# syntax, but also whether the Apache user/group exist, whether SSL
# keys exist, etc.
buildHook = ''
echo
echo '=== Checking the generated Apache configuration file ==='
${httpd}/bin/httpd -f ${httpdConf} -t || true
'';
job = '' # Statically verify the syntactic correctness of the generated
description "Apache HTTPD" # httpd.conf. !!! this is impure! It doesn't just check for
# syntax, but also whether the Apache user/group exist, whether SSL
# keys exist, etc.
buildHook = ''
echo
echo '=== Checking the generated Apache configuration file ==='
${httpd}/bin/httpd -f ${httpdConf} -t || true
'';
start on ${startingDependency}/started job = ''
stop on shutdown description "Apache HTTPD"
start script start on ${startingDependency}/started
mkdir -m 0700 -p ${mainCfg.stateDir} stop on shutdown
mkdir -m 0700 -p ${mainCfg.logDir}
# Get rid of old semaphores. These tend to accumulate across start script
# server restarts, eventually preventing it from restarting mkdir -m 0700 -p ${mainCfg.stateDir}
# succesfully. mkdir -m 0700 -p ${mainCfg.logDir}
for i in $(${pkgs.utillinux}/bin/ipcs -s | grep ' ${mainCfg.user} ' | cut -f2 -d ' '); do
${pkgs.utillinux}/bin/ipcrm -s $i
done
# Run the startup hooks for the subservices. # Get rid of old semaphores. These tend to accumulate across
for i in ${toString (map (svn: svn.startupScript) allSubservices)}; do # server restarts, eventually preventing it from restarting
echo Running Apache startup hook $i... # succesfully.
$i for i in $(${pkgs.utillinux}/bin/ipcs -s | grep ' ${mainCfg.user} ' | cut -f2 -d ' '); do
done ${pkgs.utillinux}/bin/ipcrm -s $i
end script done
${ # Run the startup hooks for the subservices.
let f = {name, value}: "env ${name}=${value}\n"; for i in ${toString (map (svn: svn.startupScript) allSubservices)}; do
in concatMapStrings f (pkgs.lib.concatMap (svc: svc.globalEnvVars) allSubservices) echo Running Apache startup hook $i...
} $i
done
end script
env PATH=${pkgs.coreutils}/bin:${pkgs.gnugrep}/bin:${pkgs.lib.concatStringsSep ":" (pkgs.lib.concatMap (svc: svc.extraServerPath) allSubservices)} ${
let f = {name, value}: "env ${name}=${value}\n";
in concatMapStrings f (pkgs.lib.concatMap (svc: svc.globalEnvVars) allSubservices)
}
respawn ${httpd}/bin/httpd -f ${httpdConf} -DNO_DETACH env PATH=${pkgs.coreutils}/bin:${pkgs.gnugrep}/bin:${pkgs.lib.concatStringsSep ":" (pkgs.lib.concatMap (svc: svc.extraServerPath) allSubservices)}
'';
respawn ${httpd}/bin/httpd -f ${httpdConf} -DNO_DETACH
'';
}];
};
} }

79
upstart-jobs/bind.nix
View File

@ -1,4 +1,52 @@
{config, pkgs}: {pkgs, config, ...}:
###### interface
let
inherit (pkgs.lib) mkOption mkIf;
options = {
services = {
bind = {
enable = mkOption {
default = false;
description = "
Whether to enable BIND domain name server.
";
};
cacheNetworks = mkOption {
default = ["127.0.0.0/24"];
description = "
What networks are allowed to use us as a resolver.
";
};
blockedNetworks = mkOption {
default = [];
description = "
What networks are just blocked.
";
};
zones = mkOption {
default = [];
description = "
List of zones we claim authority over.
master=false means slave server; slaves means addresses
who may request zone transfer.
";
example = [{
name = "example.com";
master = false;
file = "/var/dns/example.com";
masters = ["192.168.0.1"];
slaves = [];
}];
};
};
};
};
in
###### implementation
let let
startingDependency = if config.services.gw6c.enable then "gw6c" else "network-interfaces"; startingDependency = if config.services.gw6c.enable then "gw6c" else "network-interfaces";
cfg = config.services.bind; cfg = config.services.bind;
@ -52,15 +100,24 @@ let
confFile = pkgs.writeText "named.conf" namedConf; confFile = pkgs.writeText "named.conf" namedConf;
in in
{
name = "bind";
job = ''
description "BIND name server job"
start script mkIf config.services.bind.enable {
${pkgs.coreutils}/bin/mkdir -p /var/run/named require = [
end script options
];
respawn ${pkgs.bind}/sbin/named -c ${confFile} -f services = {
''; extraJobs = [{
} name = "bind";
job = ''
description "BIND name server job"
start script
${pkgs.coreutils}/bin/mkdir -p /var/run/named
end script
respawn ${pkgs.bind}/sbin/named -c ${confFile} -f
'';
}];
};
}

109
upstart-jobs/bitlbee.nix
View File

@ -1,40 +1,93 @@
args: with args; {pkgs, config, ...}:
###### interface
let
inherit (pkgs.lib) mkOption mkIf;
options = {
services = {
bitlbee = {
enable = mkOption {
default = false;
description = ''
Whether to run the BitlBee IRC to other chat network gateway.
Running it allows you to access the MSN, Jabber, Yahoo! and ICQ chat
networks via an IRC client.
'';
};
interface = mkOption {
default = "127.0.0.1";
description = ''
The interface the BitlBee deamon will be listening to. If `127.0.0.1',
only clients on the local host can connect to it; if `0.0.0.0', clients
can access it from any network interface.
'';
};
portNumber = mkOption {
default = 6667;
description = ''
Number of the port BitlBee will be listening to.
'';
};
};
};
};
in
###### implementation
let let
bitlbeeUid = (import ../system/ids.nix).uids.bitlbee; bitlbeeUid = (import ../system/ids.nix).uids.bitlbee;
inherit (config.services.bitlbee) portNumber interface;
in in
{
name = "bitlbee";
users = [ mkIf config.services.bitlbee.enable {
{ name = "bitlbee";
uid = bitlbeeUid; require = [
description = "BitlBee user"; options
home = "/var/empty";
}
];
groups = [
{ name = "bitlbee";
gid = (import ../system/ids.nix).gids.bitlbee;
}
]; ];
job = '' users = {
description "BitlBee IRC to other chat networks gateway" extraUsers = [
{ name = "bitlbee";
uid = bitlbeeUid;
description = "BitlBee user";
home = "/var/empty";
}
];
extraGroups = [
{ name = "bitlbee";
gid = (import ../system/ids.nix).gids.bitlbee;
}
];
};
start on network-interfaces/started services = {
stop on network-interfaces/stop extraJobs = [{
name = "bitlbee";
start script job = ''
if ! test -d /var/lib/bitlbee description "BitlBee IRC to other chat networks gateway"
then
mkdir -p /var/lib/bitlbee
fi
end script
respawn ${bitlbee}/sbin/bitlbee -F -p ${toString portNumber} \ start on network-interfaces/started
-i ${interface} -u bitlbee stop on network-interfaces/stop
'';
start script
if ! test -d /var/lib/bitlbee
then
mkdir -p /var/lib/bitlbee
fi
end script
respawn ${pkgs.bitlbee}/sbin/bitlbee -F -p ${toString portNumber} \
-i ${interface} -u bitlbee
'';
}];
};
} }

28
upstart-jobs/ctrl-alt-delete.nix
View File

@ -1,12 +1,20 @@
{ {pkgs, config, ...}:
name = "ctrl-alt-delete";
job = "
on ctrlaltdel
script ###### implementation
shutdown -r now 'Ctrl-Alt-Delete pressed'
end script {
";
services = {
extraJobs = [{
name = "ctrl-alt-delete";
job = ''
on ctrlaltdel
script
shutdown -r now 'Ctrl-Alt-Delete pressed'
end script
'';
}];
};
} }

88
upstart-jobs/cupsd.nix
View File

@ -1,4 +1,26 @@
{config, pkgs, modprobe}: {pkgs, config, ...}:
###### interface
let
inherit (pkgs.lib) mkOption mkIf;
options = {
services = {
printing = {
enable = mkOption {
default = false;
description = "
Whether to enable printing support through the CUPS daemon.
";
};
};
};
};
in
###### implementation
let let
@ -7,6 +29,8 @@ let
inherit (pkgs) cups; inherit (pkgs) cups;
modprobe = config.system.sbin.modprobe;
# Here we can enable additional backends, filters, etc. that are not # Here we can enable additional backends, filters, etc. that are not
# part of CUPS itself, e.g. the SMB backend is part of Samba. Since # part of CUPS itself, e.g. the SMB backend is part of Samba. Since
@ -101,37 +125,45 @@ let
in in
{
name = "cupsd";
extraPath = [cups]; mkIf config.services.pulseaudio.enable {
require = [
extraEtc = [ options
# CUPS expects the following files in its ServerRoot.
{ source = "${cups}/etc/cups/mime.convs";
target = "cups/mime.convs";
}
{ source = "${cups}/etc/cups/mime.types";
target = "cups/mime.types";
}
]; ];
job = ''
description "CUPS printing daemon"
start on network-interfaces/started services = {
stop on network-interfaces/stop extraJobs = [{
name = "cupsd";
start script extraPath = [cups];
mkdir -m 0755 -p ${logDir}
mkdir -m 0700 -p /var/cache/cups
mkdir -m 0700 -p /var/spool/cups
# Make USB printers show up. extraEtc = [
${modprobe}/sbin/modprobe usblp || true # CUPS expects the following files in its ServerRoot.
end script { source = "${cups}/etc/cups/mime.convs";
target = "cups/mime.convs";
}
{ source = "${cups}/etc/cups/mime.types";
target = "cups/mime.types";
}
];
job = ''
description "CUPS printing daemon"
respawn ${cups}/sbin/cupsd -c ${cupsdConfig} -F start on network-interfaces/started
''; stop on network-interfaces/stop
start script
mkdir -m 0755 -p ${logDir}
mkdir -m 0700 -p /var/cache/cups
mkdir -m 0700 -p /var/spool/cups
# Make USB printers show up.
${modprobe}/sbin/modprobe usblp || true
end script
respawn ${cups}/sbin/cupsd -c ${cupsdConfig} -F
'';
}];
};
} }

370
upstart-jobs/default.nix
View File

@ -19,7 +19,7 @@ let
exec sh -c "echo 'hello world' | ${pkgs.netcat}/bin/nc -l -p 9000" exec sh -c "echo 'hello world' | ${pkgs.netcat}/bin/nc -l -p 9000"
''; '';
} ]; } ];
# should have some checks to everify the syntax # should have some checks to verify the syntax
merge = pkgs.lib.mergeListOption; merge = pkgs.lib.mergeListOption;
description = " description = "
Additional Upstart jobs. Additional Upstart jobs.
@ -66,373 +66,9 @@ let
optional = cond: service: pkgs.lib.optional cond (makeJob service); optional = cond: service: pkgs.lib.optional cond (makeJob service);
requiredTTYs = requiredTTYs = config.requiredTTYs;
config.services.mingetty.ttys
++ config.boot.extraTTYs
++ [config.services.syslogd.tty];
# looks for a job file foreach attr name found in services from config jobs = map makeJob []
# passes { thisConfig, config, pkgs }
# a job must return { options = {}; job =; }
# options is the same format as options.nix, but only contains documentation for this job
# TODO check validation
newProposalJobs =
(
let
inherit (pkgs.lib) getAttr;
inherit (builtins) attrNames pathExists map;
services = getAttr [ "servicesProposal" ] {} config;
nameToJobs = name : (
(
let p = ./new-proposal + "/${name}.nix";
p2 = ./new-proposal + "/${name}/default.nix";
thisConfig = getAttr [ name ] {} services;
path = [name];
args = confgiV : {
inherit config pkgs thisConfig path;
lib = pkgs.lib;
upstartHelpers = { # some useful functions
inherit configV; # the first time a error function is passed to get the option list
# the second time a function is passed getting the option for you automatically,
# either returning the default option or the user supplied value (the function apply is applied when given)
# maybe this is complicated, but easy to use (IMHO)
mkOption = pkgs.lib.mkOption; # the same function used in options.nix
autoGeneratedEtcFile = { name, commentChar ? "#", content } :
{ source = pkgs.writeText name
("${commentChar} nixos autogenerated etc file based on /etc/nixos/configuration.nix\n" + content);
target = name;
};
};
};
jobFunc = if pathExists p
then import p
else if pathExists p2 then import p2
else abort "service ${name} requested but there is no ${p}.nix or ${p}/default.nix file!";
options = (jobFunc (args (abort "you can't use configV within options!"))).options;
errorWhere = name : "${name} of service ${builtins.toString path}";
configV = name : if (__hasAttr name options ) then
let opt = (__getAttr name options ); # this config option description
in if (__hasAttr name thisConfig )
then let v = (__getAttr name thisConfig); in if opt ? apply then opt.apply v else v
else if opt ? default then opt.default else abort "you need to specify the configuration option ${errorWhere name}"
else abort "unkown option ${errorWhere name}";
checkConfig = config.environment.checkConfigurationOptions;
in # TODO: pass path to checker so it can show full path in the abort case
pkgs.checker ( (jobFunc (args configV)).jobs )
checkConfig
options
thisConfig
));
in pkgs.lib.concatLists ( map nameToJobs (attrNames services)));
jobs = map makeJob
(newProposalJobs ++ [
# Syslogd.
(import ../upstart-jobs/syslogd.nix {
inherit (pkgs) sysklogd writeText;
inherit config;
})
# Klogd.
(import ../upstart-jobs/klogd.nix {
inherit (pkgs) sysklogd writeText;
inherit config;
})
# The udev daemon creates devices nodes and runs programs when
# hardware events occur.
(import ../upstart-jobs/udev.nix {
inherit modprobe config;
inherit (pkgs) stdenv writeText substituteAll udev procps;
inherit (pkgs.lib) cleanSource;
firmwareDirs = config.services.udev.addFirmware;
extraUdevPkgs = config.services.udev.addUdevPkgs;
})
# Makes LVM logical volumes available.
(import ../upstart-jobs/lvm.nix {
inherit modprobe;
inherit (pkgs) lvm2 devicemapper;
})
# Activate software RAID arrays.
(import ../upstart-jobs/swraid.nix {
inherit modprobe;
inherit (pkgs) mdadm;
})
# Mount file systems.
(import ../upstart-jobs/filesystems.nix {
inherit mount;
inherit (pkgs) utillinux e2fsprogs;
fileSystems = config.fileSystems;
})
# Swapping.
(import ../upstart-jobs/swap.nix {
inherit (pkgs) utillinux lib;
swapDevices = config.swapDevices;
})
# Network interfaces.
(import ../upstart-jobs/network-interfaces.nix {
inherit modprobe config;
inherit (pkgs) nettools wirelesstools bash writeText;
})
# Nix daemon - required for multi-user Nix.
(import ../upstart-jobs/nix-daemon.nix {
inherit config pkgs nix nixEnvVars;
})
# Name service cache daemon.
(import ../upstart-jobs/nscd.nix {
inherit (pkgs) glibc;
inherit nssModulesPath;
})
# Console font and keyboard maps.
(import ../upstart-jobs/kbd.nix {
inherit (pkgs) glibc kbd gzip;
ttyNumbers = requiredTTYs;
defaultLocale = config.i18n.defaultLocale;
consoleFont = config.i18n.consoleFont;
consoleKeyMap = config.i18n.consoleKeyMap;
})
# Handles the maintenance/stalled event (single-user shell).
(import ../upstart-jobs/maintenance-shell.nix {
inherit (pkgs) bash;
})
# Ctrl-alt-delete action.
(import ../upstart-jobs/ctrl-alt-delete.nix)
])
# ifplugd daemon for monitoring Ethernet cables.
++ optional config.networking.interfaceMonitor.enable
(import ../upstart-jobs/ifplugd.nix {
inherit (pkgs) ifplugd writeScript bash;
inherit config;
})
# DHCP server.
++ optional config.services.dhcpd.enable
(import ../upstart-jobs/dhcpd.nix {
inherit pkgs config;
})
# SSH daemon.
++ optional config.services.sshd.enable
(import ../upstart-jobs/sshd.nix {
inherit (pkgs) writeText openssh glibc;
inherit (pkgs.xorg) xauth;
inherit nssModulesPath;
inherit (config.services.sshd) forwardX11 allowSFTP permitRootLogin gatewayPorts;
})
# GNU lshd SSH2 deamon.
++ optional config.services.lshd.enable
(import ../upstart-jobs/lshd.nix {
inherit (pkgs) lib;
inherit (pkgs) lsh;
inherit (pkgs.xorg) xauth;
inherit nssModulesPath;
lshdConfig = config.services.lshd;
})
# GNUnet daemon.
++ optional config.services.gnunet.enable
(import ../upstart-jobs/gnunet.nix {
inherit (pkgs) gnunet lib writeText;
gnunetConfig = config.services.gnunet;
})
# NTP daemon.
++ optional config.services.ntp.enable
(import ../upstart-jobs/ntpd.nix {
inherit modprobe;
inherit (pkgs) ntp glibc writeText;
servers = config.services.ntp.servers;
})
# portmap daemon.
++ optional config.services.portmap.enable
(import ../upstart-jobs/portmap.nix {
inherit (pkgs) makePortmap;
})
# Apache httpd.
++ optional (config.services.httpd.enable && !config.services.httpd.experimental)
(import ../upstart-jobs/httpd.nix {
inherit config pkgs;
inherit (pkgs) glibc;
extraConfig = pkgs.lib.concatStringsSep "\n"
(map (job: job.extraHttpdConfig) jobs);
})
# Apache httpd (new style).
++ optional (config.services.httpd.enable && config.services.httpd.experimental)
(import ../upstart-jobs/apache-httpd {
inherit config pkgs;
})
# MySQL server
++ optional config.services.mysql.enable
(import ../upstart-jobs/mysql.nix {
inherit config pkgs;
})
# Postgres SQL server
++ optional config.services.postgresql.enable
(import ../upstart-jobs/postgresql.nix {
inherit config pkgs;
})
# EJabberd service
++ optional config.services.ejabberd.enable
(import ../upstart-jobs/ejabberd.nix {
inherit config pkgs;
})
# OpenFire XMPP server
++ optional config.services.openfire.enable
(import ../upstart-jobs/openfire.nix {
inherit config pkgs;
})
# JBoss service
++ optional config.services.jboss.enable
(import ../upstart-jobs/jboss.nix {
inherit config pkgs;
})
# Apache Tomcat service
++ optional config.services.tomcat.enable
(import ../upstart-jobs/tomcat.nix {
inherit config pkgs;
})
# Samba service.
++ optional config.services.samba.enable
(import ../upstart-jobs/samba.nix {
inherit pkgs;
inherit (pkgs) glibc samba;
})
# CUPS (printing) daemon.
++ optional config.services.printing.enable
(import ../upstart-jobs/cupsd.nix {
inherit config pkgs modprobe;
})
# Gateway6
++ optional config.services.gw6c.enable
(import ../upstart-jobs/gw6c.nix {
inherit config pkgs;
})
# VSFTPd server
++ optional config.services.vsftpd.enable
(import ../upstart-jobs/vsftpd.nix {
inherit (pkgs) vsftpd;
inherit (config.services.vsftpd) anonymousUser
writeEnable anonymousUploadEnable anonymousMkdirEnable;
})
# X Font Server
++ optional config.services.xfs.enable
(import ../upstart-jobs/xfs.nix {
inherit config pkgs;
})
++ optional config.services.ircdHybrid.enable
(import ../upstart-jobs/ircd-hybrid.nix {
inherit config pkgs;
})
++ optional config.services.bitlbee.enable
(import ../upstart-jobs/bitlbee.nix {
inherit (pkgs) bitlbee;
inherit (config.services.bitlbee) portNumber interface;
})
# ACPI daemon.
++ optional config.powerManagement.enable
(import ../upstart-jobs/acpid.nix {
inherit config pkgs;
})
# Postfix mail server.
++ optional config.services.postfix.enable
(import ../upstart-jobs/postfix.nix {
inherit config pkgs;
})
# Dovecot POP3/IMAP server.
++ optional config.services.dovecot.enable
(import ../upstart-jobs/dovecot.nix {
inherit config pkgs;
})
# ISC BIND domain name server.
++ optional config.services.bind.enable
(import ../upstart-jobs/bind.nix {
inherit config pkgs;
})
# Handles the reboot/halt events.
++ (map
(event: makeJob (import ../upstart-jobs/halt.nix {
inherit (pkgs) bash utillinux;
inherit event;
}))
["reboot" "halt" "system-halt" "power-off"]
)
# The terminals on ttyX.
++ (map
(ttyNumber: makeJob (import ../upstart-jobs/mingetty.nix {
inherit (pkgs) mingetty;
inherit ttyNumber;
loginProgram = "${pkgs.pam_login}/bin/login";
}))
(config.services.mingetty.ttys)
)
# Transparent TTY backgrounds.
++ optional (config.services.ttyBackgrounds.enable && kernelPackages.splashutils != null)
(import ../upstart-jobs/tty-backgrounds.nix {
inherit (pkgs) stdenv;
inherit (kernelPackages) splashutils;
backgrounds =
let
specificThemes =
config.services.ttyBackgrounds.defaultSpecificThemes
++ config.services.ttyBackgrounds.specificThemes;
overridenTTYs = map (x: x.tty) specificThemes;
# Use the default theme for all the mingetty ttys and for the
# syslog tty, except those for which a specific theme is
# specified.
defaultTTYs =
pkgs.lib.filter (x: !(pkgs.lib.elem x overridenTTYs)) requiredTTYs;
in
(map (ttyNumber: {
tty = ttyNumber;
theme = config.services.ttyBackgrounds.defaultTheme;
}) defaultTTYs)
++ specificThemes;
})
# User-defined events. # User-defined events.
++ (map makeJob (config.services.extraJobs)); ++ (map makeJob (config.services.extraJobs));

117
upstart-jobs/dhcpd.nix
View File

@ -1,4 +1,79 @@
{pkgs, config}: {pkgs, config, ...}:
###### interface
let
inherit (pkgs.lib) mkOption mkIf;
options = {
services = {
dhcpd = {
enable = mkOption {
default = false;
description = "
Whether to enable the DHCP server.
";
};
extraConfig = mkOption {
default = "";
example = "
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.1.255;
option routers 192.168.1.5;
option domain-name-servers 130.161.158.4, 130.161.33.17, 130.161.180.1;
option domain-name \"example.org\";
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.100 192.168.1.200;
}
";
description = "
Extra text to be appended to the DHCP server configuration
file. Currently, you almost certainly need to specify
something here, such as the options specifying the subnet
mask, DNS servers, etc.
";
};
configFile = mkOption {
default = null;
description = "
The path of the DHCP server configuration file. If no file
is specified, a file is generated using the other options.
";
};
interfaces = mkOption {
default = ["eth0"];
description = "
The interfaces on which the DHCP server should listen.
";
};
machines = mkOption {
default = [];
example = [
{ hostName = "foo";
ethernetAddress = "00:16:76:9a:32:1d";
ipAddress = "192.168.1.10";
}
{ hostName = "bar";
ethernetAddress = "00:19:d1:1d:c4:9a";
ipAddress = "192.168.1.11";
}
];
description = "
A list mapping ethernet addresses to IP addresses for the
DHCP server.
";
};
};
};
};
in
###### implementation
let let
@ -25,26 +100,34 @@ let
in in
{
name = "dhcpd";
job = ''
description "DHCP server"
start on network-interfaces/started mkIf config.services.dhcpd.enable {
stop on network-interfaces/stop require = [
options
];
script services = {
extraJobs = [{
name = "dhcpd";
job = ''
description "DHCP server"
mkdir -m 755 -p ${stateDir} start on network-interfaces/started
stop on network-interfaces/stop
touch ${stateDir}/dhcpd.leases script
exec ${pkgs.dhcp}/sbin/dhcpd -f -cf ${configFile} \ mkdir -m 755 -p ${stateDir}
-lf ${stateDir}/dhcpd.leases \
${toString cfg.interfaces}
end script touch ${stateDir}/dhcpd.leases
'';
exec ${pkgs.dhcp}/sbin/dhcpd -f -cf ${configFile} \
-lf ${stateDir}/dhcpd.leases \
${toString cfg.interfaces}
end script
'';
}];
};
} }

112
upstart-jobs/dovecot.nix
View File

@ -1,4 +1,45 @@
{config, pkgs}: {pkgs, config, ...}:
###### interface
let
inherit (pkgs.lib) mkOption mkIf;
options = {
services = {
dovecot = {
enable = mkOption {
default = false;
description = "Whether to enable dovecot POP3/IMAP server.";
};
user = mkOption {
default = "dovecot";
description = "dovecot user name";
};
group = mkOption {
default = "dovecot";
description = "dovecot group name";
};
sslServerCert = mkOption {
default = "";
description = "Server certificate";
};
sslCACert = mkOption {
default = "";
description = "CA certificate used by server certificate";
};
sslServerKey = mkOption {
default = "";
description = "Server key";
};
};
};
};
in
###### implementation
let let
startingDependency = if config.services.gw6c.enable then "gw6c" else "network-interfaces"; startingDependency = if config.services.gw6c.enable then "gw6c" else "network-interfaces";
@ -54,36 +95,51 @@ let
''; '';
in in
{
name = "dovecot";
users = [{
name = cfg.user;
uid = idList.uids.dovecot;
description = "Dovecot user";
group = cfg.group;
}];
groups = [{
name = cfg.group;
gid = idList.gids.dovecot;
}];
job = '' mkIf config.services.dovecot.enable {
description "Dovecot IMAP/POP3 server"
start on ${startingDependency}/started require = [
stop on never options
];
start script environment = {
${pkgs.coreutils}/bin/mkdir -p /var/run/dovecot /var/run/dovecot/login etc = [{
${pkgs.coreutils}/bin/chown -R ${cfg.user}.${cfg.group} /var/run/dovecot source = pamdFile;
end script target = "pam.d/dovecot";
}];
};
respawn ${pkgs.dovecot}/sbin/dovecot -F -c ${confFile} users = {
''; extraUsers = [{
name = cfg.user;
uid = idList.uids.dovecot;
description = "Dovecot user";
group = cfg.group;
}];
extraGroups = [{
name = cfg.group;
gid = idList.gids.dovecot;
}];
};
extraEtc = [{ services = {
source = pamdFile; extraJobs = [{
target = "pam.d/dovecot"; name = "dovecot";
}];
job = ''
description "Dovecot IMAP/POP3 server"
start on ${startingDependency}/started
stop on never
start script
${pkgs.coreutils}/bin/mkdir -p /var/run/dovecot /var/run/dovecot/login
${pkgs.coreutils}/bin/chown -R ${cfg.user}.${cfg.group} /var/run/dovecot
end script
respawn ${pkgs.dovecot}/sbin/dovecot -F -c ${confFile}
'';
}];
};
} }

103
upstart-jobs/ejabberd.nix
View File

@ -1,36 +1,85 @@
args: with args; {pkgs, config, ...}:
###### interface
let
inherit (pkgs.lib) mkOption mkIf;
options = {
services = {
ejabberd = {
enable = mkOption {
default = false;
description = "Whether to enable ejabberd server";
};
spoolDir = mkOption {
default = "/var/lib/ejabberd";
description = "Location of the spooldir of ejabberd";
};
logsDir = mkOption {
default = "/var/log/ejabberd";
description = "Location of the logfile directory of ejabberd";
};
confDir = mkOption {
default = "/var/ejabberd";
description = "Location of the config directory of ejabberd";
};
virtualHosts = mkOption {
default = "\"localhost\"";
description = "Virtualhosts that ejabberd should host. Hostnames are surrounded with doublequotes and separated by commas";
};
};
};
};
in
###### implementation
let let
cfg = config.services.ejabberd; cfg = config.services.ejabberd;
in in
{
name = "ejabberd";
job = ''
description "EJabberd server"
start on network-interface/started mkIf config.services.ejabberd.enable {
stop on network-interfaces/stop
require = [
start script options
# Initialise state data ];
mkdir -p ${cfg.logsDir}
if ! test -d ${cfg.spoolDir} services = {
then extraJobs = [{
cp -av ${pkgs.ejabberd}/var/lib/ejabberd /var/lib name = "ejabberd";
fi
job = ''
mkdir -p ${cfg.confDir} description "EJabberd server"
sed -e 's|{hosts, \["localhost"\]}.|{hosts, \[${cfg.virtualHosts}\]}.|' ${pkgs.ejabberd}/etc/ejabberd/ejabberd.cfg > ${cfg.confDir}/ejabberd.cfg
end script start on network-interface/started
stop on network-interfaces/stop
respawn ${pkgs.bash}/bin/sh -c 'export PATH=$PATH:${pkgs.ejabberd}/sbin; cd ~; ejabberdctl --logs ${cfg.logsDir} --spool ${cfg.spoolDir} --config ${cfg.confDir}/ejabberd.cfg start; sleep 1d' start script
# Initialise state data
stop script mkdir -p ${cfg.logsDir}
${pkgs.ejabberd}/sbin/ejabberdctl stop
end script if ! test -d ${cfg.spoolDir}
''; then
cp -av ${pkgs.ejabberd}/var/lib/ejabberd /var/lib
fi
mkdir -p ${cfg.confDir}
sed -e 's|{hosts, \["localhost"\]}.|{hosts, \[${cfg.virtualHosts}\]}.|' ${pkgs.ejabberd}/etc/ejabberd/ejabberd.cfg > ${cfg.confDir}/ejabberd.cfg
end script
respawn ${pkgs.bash}/bin/sh -c 'export PATH=$PATH:${pkgs.ejabberd}/sbin; cd ~; ejabberdctl --logs ${cfg.logsDir} --spool ${cfg.spoolDir} --config ${cfg.confDir}/ejabberd.cfg start; sleep 1d'
stop script
${pkgs.ejabberd}/sbin/ejabberdctl stop
end script
'';
}];
};
} }

202
upstart-jobs/filesystems.nix
View File

@ -1,120 +1,126 @@
{utillinux, e2fsprogs, fileSystems, mount}: {pkgs, config, ...}:
###### implementation
let let
inherit (pkgs) e2fsprogs;
# !!! use XML
mountPoints = map (fs: fs.mountPoint) fileSystems; mountPoints = map (fs: fs.mountPoint) fileSystems;
fileSystems = config.fileSystems;
devices = map (fs: if fs ? device then fs.device else "LABEL=" + fs.label) fileSystems; devices = map (fs: if fs ? device then fs.device else "LABEL=" + fs.label) fileSystems;
fsTypes = map (fs: if fs ? fsType then fs.fsType else "auto") fileSystems; fsTypes = map (fs: if fs ? fsType then fs.fsType else "auto") fileSystems;
optionss = map (fs: if fs ? options then fs.options else "defaults") fileSystems; optionss = map (fs: if fs ? options then fs.options else "defaults") fileSystems;
autocreates = map (fs: if fs ? autocreate then fs.autocreate else "0") fileSystems; autocreates = map (fs: if fs ? autocreate then fs.autocreate else "0") fileSystems;
mount = config.system.sbin.mount;
in job = ''
start on startup
{ start on new-devices
name = "filesystems"; start on ip-up
job = " script
start on startup
start on new-devices
start on ip-up
script
PATH=${e2fsprogs}/sbin:$PATH PATH=${e2fsprogs}/sbin:$PATH
mountPoints=(${toString mountPoints}) mountPoints=(${toString mountPoints})
devices=(${toString devices}) devices=(${toString devices})
fsTypes=(${toString fsTypes}) fsTypes=(${toString fsTypes})
optionss=(${toString optionss}) optionss=(${toString optionss})
autocreates=(${toString autocreates}) autocreates=(${toString autocreates})
newDevices=1 newDevices=1
# If we mount any file system, we repeat this loop, because new # If we mount any file system, we repeat this loop, because new
# mount opportunities may have become available (such as images # mount opportunities may have become available (such as images
# for loopback mounts). # for loopback mounts).
while test -n \"$newDevices\"; do while test -n "$newDevices"; do
newDevices= newDevices=
for ((n = 0; n < \${#mountPoints[*]}; n++)); do for ((n = 0; n < ''${#mountPoints[*]}; n++)); do
mountPoint=\${mountPoints[$n]} mountPoint=''${mountPoints[$n]}
device=\${devices[$n]} device=''${devices[$n]}
fsType=\${fsTypes[$n]} fsType=''${fsTypes[$n]}
options=\${optionss[$n]} options=''${optionss[$n]}
autocreate=\${autocreates[$n]} autocreate=''${autocreates[$n]}
isLabel= isLabel=
if echo \"$device\" | grep -q '^LABEL='; then isLabel=1; fi if echo "$device" | grep -q '^LABEL='; then isLabel=1; fi
isPseudo= isPseudo=
if test \"$fsType\" = \"nfs\" || test \"$fsType\" = \"tmpfs\" || if test "$fsType" = "nfs" || test "$fsType" = "tmpfs" ||
test \"$fsType\" = \"ext3cow\"; then isPseudo=1; fi test "$fsType" = "ext3cow"; then isPseudo=1; fi
if ! test -n \"$isLabel\" -o -n \"$isPseudo\" -o -e \"$device\"; then if ! test -n "$isLabel" -o -n "$isPseudo" -o -e "$device"; then
echo \"skipping $device, doesn't exist (yet)\" echo "skipping $device, doesn't exist (yet)"
continue continue
fi fi
# !!! quick hack: if mount point already exists, try a # !!! quick hack: if mount point already exists, try a
# remount to change the options but nothing else. # remount to change the options but nothing else.
if cat /proc/mounts | grep -F -q \" $mountPoint \"; then if cat /proc/mounts | grep -F -q " $mountPoint "; then
echo \"remounting $device on $mountPoint\" echo "remounting $device on $mountPoint"
${mount}/bin/mount -t \"$fsType\" \\ ${mount}/bin/mount -t "$fsType" \
-o remount,\"$options\" \\ -o remount,"$options" \
\"$device\" \"$mountPoint\" || true "$device" "$mountPoint" || true
continue continue
fi fi
# If $device is already mounted somewhere else, unmount it first. # If $device is already mounted somewhere else, unmount it first.
# !!! Note: we use /etc/mtab, not /proc/mounts, because mtab # !!! Note: we use /etc/mtab, not /proc/mounts, because mtab
# contains more accurate info when using loop devices. # contains more accurate info when using loop devices.
# !!! not very smart about labels yet; should resolve the label somehow. # !!! not very smart about labels yet; should resolve the label somehow.
if test -z \"$isLabel\" -a -z \"$isPseudo\"; then if test -z "$isLabel" -a -z "$isPseudo"; then
device=$(readlink -f \"$device\") device=$(readlink -f "$device")
prevMountPoint=$( prevMountPoint=$(
cat /etc/mtab \\ cat /etc/mtab \
| grep \"^$device \" \\ | grep "^$device " \
| sed 's|^[^ ]\\+ \\+\\([^ ]\\+\\).*|\\1|' \\ | sed 's|^[^ ]\+ \+\([^ ]\+\).*|\1|' \
) )
if test \"$prevMountPoint\" = \"$mountPoint\"; then if test "$prevMountPoint" = "$mountPoint"; then
echo \"remounting $device on $mountPoint\" echo "remounting $device on $mountPoint"
${mount}/bin/mount -t \"$fsType\" \\ ${mount}/bin/mount -t "$fsType" \
-o remount,\"$options\" \\ -o remount,"$options" \
\"$device\" \"$mountPoint\" || true "$device" "$mountPoint" || true
continue continue
fi fi
if test -n \"$prevMountPoint\"; then if test -n "$prevMountPoint"; then
echo \"unmount $device from $prevMountPoint\" echo "unmount $device from $prevMountPoint"
${mount}/bin/umount \"$prevMountPoint\" || true ${mount}/bin/umount "$prevMountPoint" || true
fi fi
fi fi
echo \"mounting $device on $mountPoint\" echo "mounting $device on $mountPoint"
# !!! should do something with the result; also prevent repeated fscks. # !!! should do something with the result; also prevent repeated fscks.
if test -z \"$isPseudo\"; then if test -z "$isPseudo"; then
fsck -a \"$device\" || true fsck -a "$device" || true
fi fi
if test \"\$autocreate\" = 1; then mkdir -p \"\$mountPoint\"; fi if test "$autocreate" = 1; then mkdir -p "$mountPoint"; fi
if ${mount}/bin/mount -t \"$fsType\" -o \"$options\" \"$device\" \"$mountPoint\"; then if ${mount}/bin/mount -t "$fsType" -o "$options" "$device" "$mountPoint"; then
newDevices=1 newDevices=1
fi fi
done done
done done
end script
'';
in
end script {
"; services = {
extraJobs = [{
name = "filesystems";
inherit job;
}];
};
} }

250
upstart-jobs/gnunet.nix
View File

@ -1,64 +1,218 @@
{ gnunet, gnunetConfig, lib, writeText }: {pkgs, config, ...}:
assert gnunetConfig.enable; ###### interface
let
inherit (pkgs.lib) mkOption mkIf;
{ options = {
name = "gnunetd"; services = {
gnunet = {
enable = mkOption {
default = false;
description = ''
Whether to run the GNUnet daemon. GNUnet is GNU's anonymous
peer-to-peer communication and file sharing framework.
'';
};
users = [ home = mkOption {
{ name = "gnunetd"; default = "/var/lib/gnunet";
uid = (import ../system/ids.nix).uids.gnunetd; description = ''
description = "GNUnet Daemon User"; Directory where the GNUnet daemon will store its data.
home = "/var/empty"; '';
} };
debug = mkOption {
default = false;
description = ''
When true, run in debug mode; gnunetd will not daemonize and
error messages will be written to stderr instead of a
logfile.
'';
};
logLevel = mkOption {
default = "ERROR";
example = "INFO";
description = ''
Log level of the deamon (see `gnunetd(1)' for details).
'';
};
hostLists = mkOption {
default = [
"http://gnunet.org/hostlist.php"
"http://gnunet.mine.nu:8081/hostlist"
"http://vserver1236.vserver-on.de/hostlist-074"
];
description = ''
URLs of host lists.
'';
};
applications = mkOption {
default = [ "advertising" "getoption" "fs" "stats" "traffic" ];
example = [ "chat" "fs" ];
description = ''
List of GNUnet applications supported by the daemon. Note that
`fs', which means "file sharing", is probably the one you want.
'';
};
transports = mkOption {
default = [ "udp" "tcp" "http" "nat" ];
example = [ "smtp" "http" ];
description = ''
List of transport methods used by the server.
'';
};
fileSharing = {
quota = mkOption {
default = 1024;
description = ''
Maximum file system usage (in MiB) for file sharing.
'';
};
activeMigration = mkOption {
default = false;
description = ''
Whether to allow active migration of content originating
from other nodes.
'';
};
};
load = {
maxNetDownBandwidth = mkOption {
default = 50000;
description = ''
Maximum bandwidth usage (in bits per second) for GNUnet
when downloading data.
'';
};
maxNetUpBandwidth = mkOption {
default = 50000;
description = ''
Maximum bandwidth usage (in bits per second) for GNUnet
when downloading data.
'';
};
hardNetUpBandwidth = mkOption {
default = 0;
description = ''
Hard bandwidth limit (in bits per second) when uploading
data.
'';
};
maxCPULoad = mkOption {
default = 100;
description = ''
Maximum CPU load (percentage) authorized for the GNUnet
daemon.
'';
};
interfaces = mkOption {
default = [ "eth0" ];
example = [ "wlan0" "eth1" ];
description = ''
List of network interfaces to use.
'';
};
};
extraOptions = mkOption {
default = "";
example = ''
[NETWORK]
INTERFACE = eth3
'';
description = ''
Additional options that will be copied verbatim in `gnunetd.conf'.
See `gnunetd.conf(5)' for details.
'';
};
};
};
};
in
###### implementation
mkIf config.services.gnunet.enable {
require = [
options
]; ];
job = users = {
with gnunetConfig; extraUsers = [
let configFile = writeText "gnunetd.conf" '' { name = "gnunetd";
[PATHS] uid = (import ../system/ids.nix).uids.gnunetd;
GNUNETD_HOME = ${home} description = "GNUnet Daemon User";
home = "/var/empty";
}
];
};
[GNUNETD] services = {
HOSTLISTURL = ${lib.concatStringsSep " " hostLists} extraJobs = [{
APPLICATIONS = ${lib.concatStringsSep " " applications} name = "gnunetd";
TRANSPORTS = ${lib.concatStringsSep " " transports}
[LOAD] job =
MAXNETDOWNBPSTOTAL = ${toString load.maxNetDownBandwidth} with config.services.gnunet;
MAXNETUPBPSTOTAL = ${toString load.maxNetUpBandwidth} let
HARDUPLIMIT = ${toString load.hardNetUpBandwidth} inherit (pkgs) lib gnunet;
MAXCPULOAD = ${toString load.maxCPULoad} configFile = pkgs.writeText "gnunetd.conf" ''
INTERFACES = ${lib.concatStringsSep " " load.interfaces} [PATHS]
GNUNETD_HOME = ${home}
[FS] [GNUNETD]
QUOTA = ${toString fileSharing.quota} HOSTLISTURL = ${lib.concatStringsSep " " hostLists}
ACTIVEMIGRATION = ${if fileSharing.activeMigration then "YES" else "NO"} APPLICATIONS = ${lib.concatStringsSep " " applications}
TRANSPORTS = ${lib.concatStringsSep " " transports}
[MODULES] [LOAD]
sqstore = sqstore_sqlite MAXNETDOWNBPSTOTAL = ${toString load.maxNetDownBandwidth}
dstore = dstore_sqlite MAXNETUPBPSTOTAL = ${toString load.maxNetUpBandwidth}
topology = topology_default HARDUPLIMIT = ${toString load.hardNetUpBandwidth}
MAXCPULOAD = ${toString load.maxCPULoad}
INTERFACES = ${lib.concatStringsSep " " load.interfaces}
${extraOptions} [FS]
''; QUOTA = ${toString fileSharing.quota}
ACTIVEMIGRATION = ${if fileSharing.activeMigration then "YES" else "NO"}
in '' [MODULES]
description "The GNUnet Daemon" sqstore = sqstore_sqlite
dstore = dstore_sqlite
topology = topology_default
start on network-interfaces/started ${extraOptions}
stop on network-interfaces/stop '';
in ''
description "The GNUnet Daemon"
start script start on network-interfaces/started
test -d "${home}" || \ stop on network-interfaces/stop
( mkdir -m 755 -p "${home}" && chown -R gnunetd:users "${home}")
end script
respawn ${gnunet}/bin/gnunetd \ start script
${if debug then "--debug" else "" } \ test -d "${home}" || \
--user="gnunetd" \ ( mkdir -m 755 -p "${home}" && chown -R gnunetd:users "${home}")
--config="${configFile}" \ end script
--log="${logLevel}"
'';
respawn ${gnunet}/bin/gnunetd \
${if debug then "--debug" else "" } \
--user="gnunetd" \
--config="${configFile}" \
--log="${logLevel}"
'';
}];
};
} }

126
upstart-jobs/gw6c.nix
View File

@ -1,8 +1,106 @@
{config, pkgs}: {pkgs, config, ...}:
###### interface
let
inherit (pkgs.lib) mkOption mkIf;
options = {
services = {
gw6c = {
enable = mkOption {
default = false;
description = "
Whether to enable Gateway6 client (IPv6 tunnel).
";
};
autorun = mkOption {
default = true;
description = "
Switch to false to create upstart-job and configuration,
but not run it automatically
";
};
username = mkOption {
default = "";
description = "
Your Gateway6 login name, if any.
";
};
password = mkOption {
default = "";
description = "
Your Gateway6 password, if any.
";
};
server = mkOption {
default = "anon.freenet6.net";
example = "broker.freenet6.net";
description = "
Used Gateway6 server.
";
};
keepAlive = mkOption {
default = "30";
example = "2";
description = "
Gateway6 keep-alive period.
";
};
everPing = mkOption {
default = "1000000";
example = "2";
description = "
Gateway6 manual ping period.
";
};
waitPingableBroker = mkOption {
default = true;
example = false;
description = "
Whether to wait until tunnel broker returns ICMP echo.
";
};
};
};
security = {
seccureKeys = {
public = mkOption {
default = /var/elliptic-keys/public;
description = "
Public key. Make it path argument, so it is copied into store and
hashed.
The key is used to encrypt Gateway 6 configuration in store, as it
contains a password for external service. Unfortunately,
derivation file should be protected by other means. For example,
nix-http-export.cgi will happily export any non-derivation path,
but not a derivation.
";
};
private = mkOption {
default = "/var/elliptic-keys/private";
description = "
Private key. Make it string argument, so it is not copied into store.
";
};
};
};
};
in
###### implementation
let let
cfg = config.services.gw6c; cfg = config.services.gw6c;
procps = pkgs.procps; procps = pkgs.procps;
gw6cService = import ../services/gw6c { gw6cService = import ../../services/gw6c {
inherit (pkgs) stdenv gw6c coreutils inherit (pkgs) stdenv gw6c coreutils
procps upstart iputils gnused procps upstart iputils gnused
gnugrep seccureUser writeScript; gnugrep seccureUser writeScript;
@ -17,16 +115,26 @@ let
waitPingableBroker = cfg.waitPingableBroker; waitPingableBroker = cfg.waitPingableBroker;
}; };
in in
{
mkIf config.services.gw6c.enable {
require = [
options
];
services = {
extraJobs = [{
name = "gw6c"; name = "gw6c";
users = []; users = [];
groups = []; groups = [];
job = " job = ''
description \"Gateway6 client\" description \"Gateway6 client\"
start on ${ if cfg.autorun then "network-interfaces/started" else "never" } start on ${ if cfg.autorun then "network-interfaces/started" else "never" }
stop on network-interfaces/stop stop on network-interfaces/stop
respawn ${gw6cService}/bin/control start respawn ${gw6cService}/bin/control start
"; '';
}];
};
} }

207
upstart-jobs/halt.nix
View File

@ -1,103 +1,120 @@
{bash, event, utillinux}: {pkgs, config, ...}:
###### implementation
/* FIXME
assert event == "reboot" assert event == "reboot"
|| event == "halt" || event == "halt"
|| event == "system-halt" || event == "system-halt"
|| event == "power-off"; || event == "power-off";
*/
let
inherit (pkgs) bash utillinux;
jobFun = event : {
name = "sys-" + event;
job = ''
start on ${event}
script
set +e # continue in case of errors
exec < /dev/tty1 > /dev/tty1 2>&1
echo ""
echo "<<< SYSTEM SHUTDOWN >>>"
echo ""
export PATH=${utillinux}/bin:${utillinux}/sbin:$PATH
# Set the hardware clock to the system time.
echo "Setting the hardware clock..."
hwclock --systohc --utc || true
# Do an initial sync just in case.
sync || true
# Kill all remaining processes except init and this one.
echo "Sending the TERM signal to all processes..."
kill -TERM -1 || true
sleep 1 # wait briefly
echo "Sending the KILL signal to all processes..."
kill -KILL -1 || true
# Unmount helper functions.
getMountPoints() {
cat /proc/mounts \
| grep -v '^rootfs' \
| sed 's|^[^ ]\+ \+\([^ ]\+\).*|\1|' \
| grep -v '/proc\|/sys\|/dev'
}
getDevice() {
local mountPoint=$1
cat /proc/mounts \
| grep -v '^rootfs' \
| grep "^[^ ]\+ \+$mountPoint \+" \
| sed 's|^\([^ ]\+\).*|\1|'
}
# Unmount file systems. We repeat this until no more file systems
# can be unmounted. This is to handle loopback devices, file
# systems mounted on other file systems and so on.
tryAgain=1
while test -n "$tryAgain"; do
tryAgain=
for mp in $(getMountPoints); do
device=$(getDevice $mp)
echo "unmounting $mp..."
if umount -f -n "$mp"; then
if test "$mp" != /; then tryAgain=1; fi
else
mount -n -o remount,ro "$mp" || true
fi
# Hack: work around a bug in mount (mount -o remount on a
# loop device forgets the loop=/dev/loopN entry in
# /etc/mtab).
if echo "$device" | grep -q '/dev/loop'; then
echo "removing loop device $device..."
losetup -d "$device" || true
fi
done
done
cat /proc/mounts
# Final sync.
sync || true
# Right now all events above power off the system.
if test ${event} = reboot; then
exec reboot -f
else
exec halt -f -p
fi
end script
'';
};
in
{ {
name = "sys-" + event; services = {
extraJobs = map jobFun ["reboot" "halt" "system-halt" "power-off"];
job = " };
start on ${event}
script
set +e # continue in case of errors
exec < /dev/tty1 > /dev/tty1 2>&1
echo \"\"
echo \"<<< SYSTEM SHUTDOWN >>>\"
echo \"\"
export PATH=${utillinux}/bin:${utillinux}/sbin:$PATH
# Set the hardware clock to the system time.
echo \"Setting the hardware clock...\"
hwclock --systohc --utc || true
# Do an initial sync just in case.
sync || true
# Kill all remaining processes except init and this one.
echo \"Sending the TERM signal to all processes...\"
kill -TERM -1 || true
sleep 1 # wait briefly
echo \"Sending the KILL signal to all processes...\"
kill -KILL -1 || true
# Unmount helper functions.
getMountPoints() {
cat /proc/mounts \\
| grep -v '^rootfs' \\
| sed 's|^[^ ]\\+ \\+\\([^ ]\\+\\).*|\\1|' \\
| grep -v '/proc\\|/sys\\|/dev'
}
getDevice() {
local mountPoint=$1
cat /proc/mounts \\
| grep -v '^rootfs' \\
| grep \"^[^ ]\\+ \\+$mountPoint \\+\" \\
| sed 's|^\\([^ ]\\+\\).*|\\1|'
}
# Unmount file systems. We repeat this until no more file systems
# can be unmounted. This is to handle loopback devices, file
# systems mounted on other file systems and so on.
tryAgain=1
while test -n \"$tryAgain\"; do
tryAgain=
for mp in $(getMountPoints); do
device=$(getDevice $mp)
echo \"unmounting $mp...\"
if umount -f -n \"$mp\"; then
if test \"$mp\" != /; then tryAgain=1; fi
else
mount -n -o remount,ro \"$mp\" || true
fi
# Hack: work around a bug in mount (mount -o remount on a
# loop device forgets the loop=/dev/loopN entry in
# /etc/mtab).
if echo \"$device\" | grep -q '/dev/loop'; then
echo \"removing loop device $device...\"
losetup -d \"$device\" || true
fi
done
done
cat /proc/mounts
# Final sync.
sync || true
# Right now all events above power off the system.
if test ${event} = reboot; then
exec reboot -f
else
exec halt -f -p
fi
end script
";
} }

84
upstart-jobs/httpd.nix
View File

@ -1,4 +1,14 @@
{config, pkgs, glibc, extraConfig}: {pkgs, config, ...}:
###### interface
let
inherit (pkgs.lib) mkOption mkIf;
# options have been moved to the apache-httpd/default.nix file
in
###### implementation
let let
@ -21,6 +31,11 @@ let
applicationMappings = cfg.mod_jk.applicationMappings; applicationMappings = cfg.mod_jk.applicationMappings;
startingDependency = if config.services.gw6c.enable && config.services.gw6c.autorun then "gw6c" else "network-interfaces"; startingDependency = if config.services.gw6c.enable && config.services.gw6c.autorun then "gw6c" else "network-interfaces";
extraConfig = pkgs.lib.concatStringsSep "\n"
(pkgs.lib.catAttrs "extraHttpdConfig" config.services.extraJobs);
webServer = import ../../services/apache-httpd { webServer = import ../../services/apache-httpd {
inherit (pkgs) apacheHttpd coreutils; inherit (pkgs) apacheHttpd coreutils;
@ -32,6 +47,7 @@ let
user group adminAddr logDir stateDir user group adminAddr logDir stateDir
applicationMappings; applicationMappings;
noUserDir = !cfg.enableUserDir; noUserDir = !cfg.enableUserDir;
extraDirectories = extraConfig + "\n" + cfg.extraConfig; extraDirectories = extraConfig + "\n" + cfg.extraConfig;
subServices = subServices =
@ -72,41 +88,47 @@ let
) )
) )
) )
) );
/* ++
(optional cfg.extraSubservices.enable
(map (service : service webServer pkgs) cfg.extraSubservices.services)
) */;
}; };
in in
{ mkIf (config.services.httpd.enable && !config.services.httpd.experimental) {
name = "httpd";
require = [
users = [ # options have been moved to the apache-httpd/default.nix file
{ name = user;
description = "Apache httpd user";
}
]; ];
groups = [ users = {
{ name = group; extraUsers = [
} { name = user;
]; description = "Apache httpd user";
}
job = " ];
description \"Apache HTTPD\"
extraGroups = [
start on ${startingDependency}/started { name = group;
stop on ${startingDependency}/stop }
];
start script };
${webServer}/bin/control prepare
end script services = {
extraJobs = [{
respawn ${webServer}/bin/control run name = "httpd";
";
job = ''
description \"Apache HTTPD\"
start on ${startingDependency}/started
stop on ${startingDependency}/stop
start script
${webServer}/bin/control prepare
end script
respawn ${webServer}/bin/control run
'';
}];
};
} }

69
upstart-jobs/ifplugd.nix
View File

@ -1,7 +1,42 @@
{ifplugd, config, writeScript, bash}: {pkgs, config, ...}:
###### interface
let
inherit (pkgs.lib) mkOption mkIf;
options = {
networking = {
interfaceMonitor = {
enable = mkOption {
default = false;
description = "
If <literal>true</literal>, monitor Ethernet interfaces for
cables being plugged in or unplugged. When this occurs, the
<command>dhclient</command> service is restarted to
automatically obtain a new IP address. This is useful for
roaming users (laptops).
";
};
beep = mkOption {
default = false;
description = "
If <literal>true</literal>, beep when an Ethernet cable is
plugged in or unplugged.
";
};
};
};
};
in
###### implementation
let let
inherit (pkgs) ifplugd writeScript bash;
# The ifplugd action script, which is called whenever the link # The ifplugd action script, which is called whenever the link
# status changes (i.e., a cable is plugged in or unplugged). We do # status changes (i.e., a cable is plugged in or unplugged). We do
# nothing when a cable is unplugged. When a cable is plugged in, we # nothing when a cable is unplugged. When a cable is plugged in, we
@ -17,19 +52,27 @@ let
in in
{ mkIf config.networking.interfaceMonitor.enable {
name = "ifplugd"; require = [
options
];
extraPath = [ifplugd]; services = {
extraJobs = [{
job = " name = "ifplugd";
description \"Network interface connectivity monitor\"
start on network-interfaces/started extraPath = [ifplugd];
stop on network-interfaces/stop
job = ''
description "Network interface connectivity monitor"
respawn ${ifplugd}/sbin/ifplugd --no-daemon --no-startup --no-shutdown \\ start on network-interfaces/started
${if config.networking.interfaceMonitor.beep then "" else "--no-beep"} \\ stop on network-interfaces/stop
--run ${plugScript}";
respawn ${ifplugd}/sbin/ifplugd --no-daemon --no-startup --no-shutdown \
${if config.networking.interfaceMonitor.beep then "" else "--no-beep"} \
--run ${plugScript}
'';
}];
};
} }

150
upstart-jobs/ircd-hybrid.nix
View File

@ -1,38 +1,130 @@
{config, pkgs}: {pkgs, config, ...}:
###### interface
let let
cfg = config.services.ircdHybrid; inherit (pkgs.lib) mkOption mkIf;
ircdService = import ../services/ircd-hybrid {
stdenv = pkgs.stdenv; options = {
inherit (pkgs) ircdHybrid coreutils services = {
su iproute gnugrep procps; ircdHybrid = {
serverName = cfg.serverName;
sid = cfg.sid; enable = mkOption {
description = cfg.description; default = false;
rsaKey = cfg.rsaKey; description = "
certificate = cfg.certificate; Enable IRCD.
adminEmail = cfg.adminEmail; ";
extraIPs = cfg.extraIPs;
extraPort = cfg.extraPort;
gw6cEnabled = (config.services.gw6c.enable) &&
(config.services.gw6c.autorun);
}; };
serverName = mkOption {
default = "hades.arpa";
description = "
IRCD server name.
";
};
sid = mkOption {
default = "0NL";
description = "
IRCD server unique ID in a net of servers.
";
};
description = mkOption {
default = "Hybrid-7 IRC server.";
description = "
IRCD server description.
";
};
rsaKey = mkOption {
default = null;
example = /root/certificates/irc.key;
description = "
IRCD server RSA key.
";
};
certificate = mkOption {
default = null;
example = /root/certificates/irc.pem;
description = "
IRCD server SSL certificate. There are some limitations - read manual.
";
};
adminEmail = mkOption {
default = "<bit-bucket@example.com>";
example = "<name@domain.tld>";
description = "
IRCD server administrator e-mail.
";
};
extraIPs = mkOption {
default = [];
example = ["127.0.0.1"];
description = "
Extra IP's to bind.
";
};
extraPort = mkOption {
default = "7117";
description = "
Extra port to avoid filtering.
";
};
};
};
};
in
###### implementation
let
cfg = config.services.ircdHybrid;
ircdService = import ../../services/ircd-hybrid {
stdenv = pkgs.stdenv;
inherit (pkgs) ircdHybrid coreutils
su iproute gnugrep procps;
serverName = cfg.serverName;
sid = cfg.sid;
description = cfg.description;
rsaKey = cfg.rsaKey;
certificate = cfg.certificate;
adminEmail = cfg.adminEmail;
extraIPs = cfg.extraIPs;
extraPort = cfg.extraPort;
gw6cEnabled = (config.services.gw6c.enable) &&
(config.services.gw6c.autorun);
};
startingDependency = if config.services.gw6c.enable then "gw6c" else "network-interfaces"; startingDependency = if config.services.gw6c.enable then "gw6c" else "network-interfaces";
in in
{
name = "ircd-hybrid";
users = [ {
name = "ircd";
description = "IRCD owner.";
} ];
groups = [{name = "ircd";}];
job = "
description = \"IRCD Hybrid server.\"
start on ${startingDependency}/started mkIf config.services.ircdHybrid.enable {
stop on ${startingDependency}/stop require = [
options
];
respawn ${ircdService}/bin/control start services = {
"; extraJobs = [{
name = "ircd-hybrid";
users = [ {
name = "ircd";
description = "IRCD owner.";
} ];
groups = [{name = "ircd";}];
job = ''
description = "IRCD Hybrid server."
start on ${startingDependency}/started
stop on ${startingDependency}/stop
respawn ${ircdService}/bin/control start
'';
}];
};
} }

79
upstart-jobs/jboss.nix
View File

@ -1,21 +1,82 @@
args: with args; {pkgs, config, ...}:
###### interface
let
inherit (pkgs.lib) mkOption mkIf;
options = {
services = {
jboss = {
enable = mkOption {
default = false;
description = "Whether to enable jboss";
};
tempDir = mkOption {
default = "/tmp";
description = "Location where JBoss stores its temp files";
};
logDir = mkOption {
default = "/var/log/jboss";
description = "Location of the logfile directory of JBoss";
};
serverDir = mkOption {
description = "Location of the server instance files";
default = "/var/jboss/server";
};
deployDir = mkOption {
description = "Location of the deployment files";
default = "/nix/var/nix/profiles/default/server/default/deploy/";
};
libUrl = mkOption {
default = "file:///nix/var/nix/profiles/default/server/default/lib";
description = "Location where the shared library JARs are stored";
};
user = mkOption {
default = "nobody";
description = "User account under which jboss runs.";
};
useJK = mkOption {
default = false;
description = "Whether to use to connector to the Apache HTTP server";
};
};
};
};
in
###### implementation
let let
cfg = config.services.jboss; cfg = config.services.jboss;
jbossService = import ../services/jboss { jbossService = import ../../services/jboss {
inherit (pkgs) stdenv jboss su; inherit (pkgs) stdenv jboss su;
inherit (cfg) tempDir logDir libUrl deployDir serverDir user useJK; inherit (cfg) tempDir logDir libUrl deployDir serverDir user useJK;
}; };
in in
{
name = "jboss";
job = "
description \"JBoss server\"
stop on shutdown mkIf config.services.jboss.enable {
require = [
options
];
respawn ${jbossService}/bin/control start services = {
"; extraJobs = [{
name = "jboss";
job = ''
description \"JBoss server\"
stop on shutdown
respawn ${jbossService}/bin/control start
'';
}];
};
} }

123
upstart-jobs/kbd.nix
View File

@ -1,78 +1,109 @@
{glibc, kbd, gzip, ttyNumbers, defaultLocale, consoleFont, consoleKeyMap}: {pkgs, config, ...}:
let let
inherit (pkgs.lib) mkOption;
# think about where to put this chunk of code!
# required by other pieces as well
requiredTTYs = config.services.mingetty.ttys
++ config.boot.extraTTYs
++ [config.services.syslogd.tty];
ttyNumbers = requiredTTYs;
ttys = map (nr: "/dev/tty" + toString nr) ttyNumbers; ttys = map (nr: "/dev/tty" + toString nr) ttyNumbers;
defaultLocale = config.i18n.defaultLocale;
consoleFont = config.i18n.consoleFont;
consoleKeyMap = config.i18n.consoleKeyMap;
in in
###### implementation
# most options are defined in i18n.nix
{ {
name = "kbd";
extraPath = [ inherit requiredTTYs; # pass them to upstart-job/default.nix
kbd
# dummy option so that requiredTTYs can be passed, see above (FIXME)
require = [
{
requiredTTYs = mkOption {
default = [];
};
}
]; ];
job = "
description \"Keyboard / console initialisation\"
start on udev services = {
extraJobs = [{
script name = "kbd";
export LANG=${defaultLocale}
export PATH=${gzip}/bin:$PATH # Needed by setfont
set +e # continue in case of errors
extraPath = [
pkgs.kbd
];
# Enable or disable UTF-8 mode. This is based on job = "
# unicode_{start,stop}. description \"Keyboard / console initialisation\"
echo 'Enabling or disabling Unicode mode...'
charMap=$(${glibc}/bin/locale charmap) start on udev
if test \"$charMap\" = UTF-8; then script
for tty in ${toString ttys}; do export LANG=${defaultLocale}
export PATH=${pkgs.gzip}/bin:$PATH # Needed by setfont
# Tell the console output driver that the bytes arriving are set +e # continue in case of errors
# UTF-8 encoded multibyte sequences.
echo -n -e '\\033%G' > $tty
done
# Enable or disable UTF-8 mode. This is based on
# unicode_{start,stop}.
echo 'Enabling or disabling Unicode mode...'
# Set the keyboard driver in UTF-8 mode. charMap=$(${pkgs.glibc}/bin/locale charmap)
${kbd}/bin/kbd_mode -u
else if test \"$charMap\" = UTF-8; then
for tty in ${toString ttys}; do for tty in ${toString ttys}; do
# Tell the console output driver that the bytes arriving are # Tell the console output driver that the bytes arriving are
# UTF-8 encoded multibyte sequences. # UTF-8 encoded multibyte sequences.
echo -n -e '\\033%@' > $tty echo -n -e '\\033%G' > $tty
done done
# Set the keyboard driver in ASCII (or any 8-bit character # Set the keyboard driver in UTF-8 mode.
# set) mode. ${pkgs.kbd}/bin/kbd_mode -u
${kbd}/bin/kbd_mode -a
fi else
for tty in ${toString ttys}; do
# Tell the console output driver that the bytes arriving are
# UTF-8 encoded multibyte sequences.
echo -n -e '\\033%@' > $tty
done
# Set the keyboard driver in ASCII (or any 8-bit character
# set) mode.
${pkgs.kbd}/bin/kbd_mode -a
fi
# Set the console font. # Set the console font.
for tty in ${toString ttys}; do for tty in ${toString ttys}; do
${kbd}/bin/setfont -C $tty ${consoleFont} ${pkgs.kbd}/bin/setfont -C $tty ${consoleFont}
done done
# Set the keymap. # Set the keymap.
${kbd}/bin/loadkeys '${consoleKeyMap}' ${pkgs.kbd}/bin/loadkeys '${consoleKeyMap}'
end script end script
"; ";
}];
};
} }

39
upstart-jobs/klogd.nix
View File

@ -1,26 +1,33 @@
{sysklogd, writeText, config}: {pkgs, config, ...}:
###### implementation
let let
inherit (pkgs.lib);
klogdCmd = "${sysklogd}/sbin/klogd -c 1 -2 -k $(dirname $(readlink -f /var/run/booted-system/kernel))/System.map"; klogdCmd = "${pkgs.sysklogd}/sbin/klogd -c 1 -2 -k $(dirname $(readlink -f /var/run/booted-system/kernel))/System.map";
in in
{ {
name = "klogd";
job = ''
description "Kernel log daemon"
start on syslogd
stop on shutdown
start script services = {
# !!! this hangs for some reason (it blocks reading from extraJobs = [{
# /proc/kmsg). name = "klogd";
#${klogdCmd} -o
end script job = ''
description "Kernel log daemon"
start on syslogd
stop on shutdown
respawn ${klogdCmd} -n start script
''; # !!! this hangs for some reason (it blocks reading from
# /proc/kmsg).
#${klogdCmd} -o
end script
respawn ${klogdCmd} -n
'';
}];
};
} }

76
upstart-jobs/ldap/default.nix Normal file
View File

@ -0,0 +1,76 @@
{pkgs, config, ...}:
###### interface
let
inherit (pkgs.lib) mkOption mkIf;
options = {
users = {
ldap = {
enable = mkOption {
default = false;
description = "
Whether to enable authentication against an LDAP server.
";
};
server = mkOption {
example = "ldap://ldap.example.org/";
description = "
The URL of the LDAP server.
";
};
base = mkOption {
example = "dc=example,dc=org";
description = "
The distinguished name of the search base.
";
};
useTLS = mkOption {
default = false;
description = "
If enabled, use TLS (encryption) over an LDAP (port 389)
connection. The alternative is to specify an LDAPS server (port
636) in <option>users.ldap.server</option> or to forego
security.
";
};
};
};
};
in
###### implementation
mkIf config.users.ldap.enable {
require = [
options
];
# LDAP configuration.
environment = {
etc = [
# Careful: OpenLDAP seems to be very picky about the indentation of
# this file. Directives HAVE to start in the first column!
{ source = pkgs.writeText "ldap.conf" ''
uri ${config.users.ldap.server}
base ${config.users.ldap.base}
${
if config.users.ldap.useTLS then ''
ssl start_tls
tls_checkpeer no
'' else ""
}
'';
target = "ldap.conf";
}
];
};
}

0
etc/ldap.conf.nix → upstart-jobs/ldap/ldap.conf.nix
View File

209
upstart-jobs/lshd.nix
View File

@ -1,54 +1,175 @@
{lsh, xauth, lib, nssModulesPath, lshdConfig}: {pkgs, config, ...}:
with builtins; ###### interface
with lib; let
inherit (pkgs.lib) mkOption mkIf;
{ options = {
name = "lshd"; services = {
lshd = {
job = with lshdConfig; ''
description "GNU lshd SSH2 daemon"
start on network-interfaces/started enable = mkOption {
stop on network-interfaces/stop default = false;
description = ''
Whether to enable the GNU lshd SSH2 daemon, which allows
secure remote login.
'';
};
env LD_LIBRARY_PATH=${nssModulesPath} portNumber = mkOption {
default = 22;
description = ''
The port on which to listen for connections.
'';
};
start script interfaces = mkOption {
test -d /etc/lsh || mkdir -m 0755 -p /etc/lsh default = [];
test -d /var/spool/lsh || mkdir -m 0755 -p /var/spool/lsh description = ''
List of network interfaces where listening for connections.
When providing the empty list, `[]', lshd listens on all
network interfaces.
'';
example = [ "localhost" "1.2.3.4:443" ];
};
if ! test -f /var/spool/lsh/yarrow-seed-file hostKey = mkOption {
then default = "/etc/lsh/host-key";
${lsh}/bin/lsh-make-seed -o /var/spool/lsh/yarrow-seed-file description = ''
fi Path to the server's private key. Note that this key must
have been created, e.g., using "lsh-keygen --server |
lsh-writekey --server", so that you can run lshd.
'';
};
if ! test -f "${hostKey}" syslog = mkOption {
then default = true;
${lsh}/bin/lsh-keygen --server | \ description = ''Whether to enable syslog output.'';
${lsh}/bin/lsh-writekey --server -o "${hostKey}" };
fi
end script
respawn ${lsh}/sbin/lshd --daemonic \ passwordAuthentication = mkOption {
--password-helper="${lsh}/sbin/lsh-pam-checkpw" \ default = true;
-p ${toString portNumber} \ description = ''Whether to enable password authentication.'';
${if interfaces == [] then "" };
else (concatStrings (map (i: "--interface=\"${i}\"")
interfaces))} \ publicKeyAuthentication = mkOption {
-h "${hostKey}" \ default = true;
${if !syslog then "--no-syslog" else ""} \ description = ''Whether to enable public key authentication.'';
${if passwordAuthentication then "--password" else "--no-password" } \ };
${if publicKeyAuthentication then "--publickey" else "--no-publickey" } \
${if rootLogin then "--root-login" else "--no-root-login" } \ rootLogin = mkOption {
${if loginShell != null then "--login-shell=\"${loginShell}\"" else "" } \ default = false;
${if srpKeyExchange then "--srp-keyexchange" else "--no-srp-keyexchange" } \ description = ''Whether to enable remote root login.'';
${if !tcpForwarding then "--no-tcpip-forward" else "--tcpip-forward"} \ };
${if x11Forwarding then "--x11-forward" else "--no-x11-forward" } \
--subsystems=${concatStringsSep "," loginShell = mkOption {
(map (pair: (head pair) + "=" + default = null;
(head (tail pair))) description = ''
subsystems)} If non-null, override the default login shell with the
''; specified value.
'';
example = "/nix/store/xyz-bash-10.0/bin/bash10";
};
srpKeyExchange = mkOption {
default = false;
description = ''
Whether to enable SRP key exchange and user authentication.
'';
};
tcpForwarding = mkOption {
default = true;
description = ''Whether to enable TCP/IP forwarding.'';
};
x11Forwarding = mkOption {
default = true;
description = ''Whether to enable X11 forwarding.'';
};
subsystems = mkOption {
default = [ ["sftp" "${pkgs.lsh}/sbin/sftp-server"] ];
description = ''
List of subsystem-path pairs, where the head of the pair
denotes the subsystem name, and the tail denotes the path to
an executable implementing it.
'';
};
};
};
};
in
###### implementation
let
inherit (pkgs) lsh;
inherit (pkgs.lib) concatStrings concatStringsSep head tail;
lshdConfig = config.services.lshd;
nssModules = config.system.nssModules.list;
nssModulesPath = config.system.nssModules.path;
in
mkIf config.services.lshd.enable {
require = [
options
];
services = {
extraJobs = [{
name = "lshd";
job = with lshdConfig; ''
description "GNU lshd SSH2 daemon"
start on network-interfaces/started
stop on network-interfaces/stop
env LD_LIBRARY_PATH=${nssModulesPath}
start script
test -d /etc/lsh || mkdir -m 0755 -p /etc/lsh
test -d /var/spool/lsh || mkdir -m 0755 -p /var/spool/lsh
if ! test -f /var/spool/lsh/yarrow-seed-file
the
${lsh}/bin/lsh-make-seed -o /var/spool/lsh/yarrow-seed-file
fi
if ! test -f "${hostKey}"
then
${lsh}/bin/lsh-keygen --server | \
${lsh}/bin/lsh-writekey --server -o "${hostKey}"
fi
end script
respawn ${lsh}/sbin/lshd --daemonic \
--password-helper="${lsh}/sbin/lsh-pam-checkpw" \
-p ${toString portNumber} \
${if interfaces == [] then ""
else (concatStrings (map (i: "--interface=\"${i}\"")
interfaces))} \
-h "${hostKey}" \
${if !syslog then "--no-syslog" else ""} \
${if passwordAuthentication then "--password" else "--no-password" } \
${if publicKeyAuthentication then "--publickey" else "--no-publickey" } \
${if rootLogin then "--root-login" else "--no-root-login" } \
${if loginShell != null then "--login-shell=\"${loginShell}\"" else "" } \
${if srpKeyExchange then "--srp-keyexchange" else "--no-srp-keyexchange" } \
${if !tcpForwarding then "--no-tcpip-forward" else "--tcpip-forward"} \
${if x11Forwarding then "--x11-forward" else "--no-x11-forward" } \
--subsystems=${concatStringsSep ","
(map (pair: (head pair) + "=" +
(head (tail pair)))
subsystems)}
'';
}
];
};
} }

53
upstart-jobs/lvm.nix
View File

@ -1,30 +1,41 @@
{modprobe, lvm2, devicemapper}: {pkgs, config, ...}:
###### implementation
let
modprobe = config.system.sbin.modprobe;
in
{ {
name = "lvm";
job = "
start on udev
#start on new-devices
script services = {
extraJobs = [{
name = "lvm";
job = ''
start on udev
#start on new-devices
# Load the device mapper. script
${modprobe}/sbin/modprobe dm_mod || true
${devicemapper}/sbin/dmsetup mknodes # Load the device mapper.
# Scan for block devices that might contain LVM physical volumes ${modprobe}/sbin/modprobe dm_mod || true
# and volume groups.
${lvm2}/sbin/vgscan --mknodes
# Make all logical volumes on all volume groups available, i.e., ${pkgs.devicemapper}/sbin/dmsetup mknodes
# make them appear in /dev. # Scan for block devices that might contain LVM physical volumes
${lvm2}/sbin/vgchange --available y # and volume groups.
${pkgs.lvm2}/sbin/vgscan --mknodes
initctl emit new-devices # Make all logical volumes on all volume groups available, i.e.,
# make them appear in /dev.
end script ${pkgs.lvm2}/sbin/vgchange --available y
";
initctl emit new-devices
end script
'';
}];
};
} }

37
upstart-jobs/maintenance-shell.nix
View File

@ -1,19 +1,24 @@
{bash}: {pkgs, config, ...}:
###### implementation
{ {
name = "maintenance-shell"; services = {
extraJobs = [{
job = " name = "maintenance-shell";
start on maintenance
start on stalled job = ''
start on maintenance
script start on stalled
exec < /dev/tty1 > /dev/tty1 2>&1
echo \"\" script
echo \"<<< MAINTENANCE SHELL >>>\" exec < /dev/tty1 > /dev/tty1 2>&1
echo \"\" echo \"\"
exec ${bash}/bin/sh echo \"<<< MAINTENANCE SHELL >>>\"
end script echo \"\"
"; exec ${pkgs.bash}/bin/sh
end script
'';
}];
};
} }

78
upstart-jobs/mingetty.nix
View File

@ -1,10 +1,74 @@
{mingetty, ttyNumber, loginProgram}: {pkgs, config, ...}:
###### interface
let
inherit (pkgs.lib) mkOption mkIf;
options = {
services = {
mingetty = {
ttys = mkOption {
default = [1 2 3 4 5 6];
description = "
The list of tty (virtual console) devices on which to start a
login prompt.
";
};
waitOnMounts = mkOption {
default = false;
description = "
Whether the login prompts on the virtual consoles will be
started before or after all file systems have been mounted. By
default we don't wait, but if for example your /home is on a
separate partition, you may want to turn this on.
";
};
greetingLine = mkOption {
default = ''<<< Welcome to NixOS (\m) - Kernel \r (\l) >>>'';
description = "
Welcome line printed by mingetty.
";
};
helpLine = mkOption {
default = "";
description = "
Help line printed by mingetty below the welcome line.
Used by the installation CD to give some hints on
how to proceed.
";
};
};
};
};
in
###### implementation
let
ttyNumbers = config.services.mingetty.ttys;
loginProgram = "${pkgs.pam_login}/bin/login";
inherit (pkgs) mingetty;
in
{ {
name = "tty" + toString ttyNumber; require = [
job = " options
start on udev ];
stop on shutdown
respawn ${mingetty}/sbin/mingetty --loginprog=${loginProgram} --noclear tty${toString ttyNumber} services = {
"; extraJobs = map (ttyNumber : {
name = "tty" + toString ttyNumber;
job = "
start on udev
stop on shutdown
respawn ${mingetty}/sbin/mingetty --loginprog=${loginProgram} --noclear tty${toString ttyNumber}
";
}) ttyNumbers;
};
} }

115
upstart-jobs/mysql.nix
View File

@ -1,4 +1,49 @@
{pkgs, config}: {pkgs, config, ...}:
###### interface
let
inherit (pkgs.lib) mkOption mkIf;
options = {
services = {
mysql = {
enable = mkOption {
default = false;
description = "
Whether to enable the MySQL server.
";
};
port = mkOption {
default = "3306";
description = "Port of MySQL";
};
user = mkOption {
default = "mysql";
description = "User account under which MySQL runs";
};
dataDir = mkOption {
default = "/var/mysql";
description = "Location where MySQL stores its table files";
};
logError = mkOption {
default = "/var/log/mysql_err.log";
description = "Location of the MySQL error logfile";
};
pidDir = mkOption {
default = "/var/run/mysql";
description = "Location of the file which stores the PID of the MySQL server";
};
};
};
};
in
###### implementation
let let
@ -14,39 +59,51 @@ let
in in
{
name = "mysql"; mkIf config.services.mysql.enable {
require = [
users = [ options
{ name = "mysql";
description = "MySQL server user";
}
]; ];
extraPath = [mysql]; users = {
extraUsers = [
job = '' { name = "mysql";
description "MySQL server" description = "MySQL server user";
}
];
};
stop on shutdown services = {
extraJobs = [{
name = "mysql";
start script extraPath = [mysql];
if ! test -e ${cfg.dataDir}; then
mkdir -m 0700 -p ${cfg.dataDir} job = ''
chown -R ${cfg.user} ${cfg.dataDir} description "MySQL server"
${mysql}/bin/mysql_install_db ${mysqldOptions}
fi
mkdir -m 0700 -p ${cfg.pidDir} stop on shutdown
chown -R ${cfg.user} ${cfg.pidDir}
end script
respawn ${mysql}/bin/mysqld ${mysqldOptions} start script
if ! test -e ${cfg.dataDir}; then
mkdir -m 0700 -p ${cfg.dataDir}
chown -R ${cfg.user} ${cfg.dataDir}
${mysql}/bin/mysql_install_db ${mysqldOptions}
fi
stop script mkdir -m 0700 -p ${cfg.pidDir}
pid=$(cat ${pidFile}) chown -R ${cfg.user} ${cfg.pidDir}
kill "$pid" end script
${mysql}/bin/mysql_waitpid "$pid" 1000
end script respawn ${mysql}/bin/mysqld ${mysqldOptions}
'';
stop script
pid=$(cat ${pidFile})
kill "$pid"
${mysql}/bin/mysql_waitpid "$pid" 1000
end script
'';
}];
};
} }

177
upstart-jobs/network-interfaces.nix
View File

@ -1,7 +1,11 @@
{nettools, modprobe, wirelesstools, bash, writeText, config}: {pkgs, config, ...}:
###### implementation
let let
inherit (pkgs) nettools wirelesstools bash writeText;
cfg = config.networking; cfg = config.networking;
# !!! use XML # !!! use XML
@ -10,91 +14,96 @@ let
subnetMasks = map (i: if i ? subnetMask then i.subnetMask else "default") cfg.interfaces; subnetMasks = map (i: if i ? subnetMask then i.subnetMask else "default") cfg.interfaces;
essids = map (i: if i ? essid then i.essid else "default") cfg.interfaces; essids = map (i: if i ? essid then i.essid else "default") cfg.interfaces;
wepKeys = map (i: if i ? wepKey then i.wepKey else "nokey") cfg.interfaces; wepKeys = map (i: if i ? wepKey then i.wepKey else "nokey") cfg.interfaces;
modprobe = config.system.sbin.modprobe;
in in
{ {
name = "network-interfaces"; services = {
extraJobs = [{
job = '' name = "network-interfaces";
start on udev
stop on shutdown job = ''
start on udev
start script stop on shutdown
export PATH=${modprobe}/sbin:$PATH
modprobe af_packet || true start script
export PATH=${modprobe}/sbin:$PATH
for i in $(cd /sys/class/net && ls -d *); do modprobe af_packet || true
echo "Bringing up network device $i..."
${nettools}/sbin/ifconfig $i up || true for i in $(cd /sys/class/net && ls -d *); do
done echo "Bringing up network device $i..."
${nettools}/sbin/ifconfig $i up || true
# Configure the manually specified interfaces. done
names=(${toString names})
ipAddresses=(${toString ipAddresses}) # Configure the manually specified interfaces.
subnetMasks=(${toString subnetMasks}) names=(${toString names})
essids=(${toString essids}) ipAddresses=(${toString ipAddresses})
wepKeys=(${toString wepKeys}) subnetMasks=(${toString subnetMasks})
essids=(${toString essids})
for ((n = 0; n < ''${#names[*]}; n++)); do wepKeys=(${toString wepKeys})
name=''${names[$n]}
ipAddress=''${ipAddresses[$n]} for ((n = 0; n < ''${#names[*]}; n++)); do
subnetMask=''${subnetMasks[$n]} name=''${names[$n]}
essid=''${essids[$n]} ipAddress=''${ipAddresses[$n]}
wepKey=''${wepKeys[$n]} subnetMask=''${subnetMasks[$n]}
essid=''${essids[$n]}
# Set wireless networking stuff. wepKey=''${wepKeys[$n]}
if test "$essid" != default; then
${wirelesstools}/sbin/iwconfig "$name" essid "$essid" || true # Set wireless networking stuff.
fi if test "$essid" != default; then
${wirelesstools}/sbin/iwconfig "$name" essid "$essid" || true
if test "$wepKey" != nokey; then fi
${wirelesstools}/sbin/iwconfig "$name" key "$(cat "$wepKey")" || true
fi if test "$wepKey" != nokey; then
${wirelesstools}/sbin/iwconfig "$name" key "$(cat "$wepKey")" || true
# Set IP address / netmask. fi
if test "$ipAddress" != dhcp; then
echo "Configuring interface $name..." # Set IP address / netmask.
extraFlags= if test "$ipAddress" != dhcp; then
if test "$subnetMask" != default; then echo "Configuring interface $name..."
extraFlags="$extraFlags netmask $subnetMask" extraFlags=
fi if test "$subnetMask" != default; then
${nettools}/sbin/ifconfig "$name" "$ipAddress" $extraFlags || true extraFlags="$extraFlags netmask $subnetMask"
fi fi
${nettools}/sbin/ifconfig "$name" "$ipAddress" $extraFlags || true
done fi
# Set the nameservers. done
if test -n "${toString cfg.nameservers}"; then
rm -f /etc/resolv.conf # Set the nameservers.
if test -n "${cfg.domain}"; then if test -n "${toString cfg.nameservers}"; then
echo "domain ${cfg.domain}" >> /etc/resolv.conf rm -f /etc/resolv.conf
fi if test -n "${cfg.domain}"; then
for i in ${toString cfg.nameservers}; do echo "domain ${cfg.domain}" >> /etc/resolv.conf
echo "nameserver $i" >> /etc/resolv.conf fi
done for i in ${toString cfg.nameservers}; do
fi echo "nameserver $i" >> /etc/resolv.conf
done
# Set the default gateway. fi
if test -n "${cfg.defaultGateway}"; then
${nettools}/sbin/route add default gw "${cfg.defaultGateway}" || true # Set the default gateway.
fi if test -n "${cfg.defaultGateway}"; then
${nettools}/sbin/route add default gw "${cfg.defaultGateway}" || true
# Run any user-specified commands. fi
${bash}/bin/sh ${writeText "local-net-cmds" cfg.localCommands} || true
# Run any user-specified commands.
end script ${bash}/bin/sh ${writeText "local-net-cmds" cfg.localCommands} || true
# Hack: Upstart doesn't yet support what we want: a service that end script
# doesn't have a running process associated with it.
respawn sleep 100000 # Hack: Upstart doesn't yet support what we want: a service that
# doesn't have a running process associated with it.
stop script respawn sleep 100000
for i in $(cd /sys/class/net && ls -d *); do
echo "Taking down network device $i..." stop script
${nettools}/sbin/ifconfig $i down || true for i in $(cd /sys/class/net && ls -d *); do
done echo "Taking down network device $i..."
end script ${nettools}/sbin/ifconfig $i down || true
''; done
end script
'';
}];
};
} }

31
upstart-jobs/new-proposal/synergyc.nix
View File

@ -1,31 +0,0 @@
{ path, thisConfig, config, lib, pkgs, upstartHelpers } : with upstartHelpers; {
options = {
description = "synergy client lets you use a shared keyboard, mouse and clipboard";
screenName = mkOption {
default = "";
description = "
use screen-name instead the hostname to identify
ourselfs to the server.
";
apply = x: "-n '${x}'";
};
address = mkOption {
default = "";
description = "server address to connect to";
};
};
jobs = [ ( rec {
name = "synergyc";
# TODO start only when X Server has started as well
job = "
description \"${name}\"
start on network-interfaces/started
stop on network-interfaces/stop
exec ${pkgs.synergy}/bin/synergyc -f ${configV "screenName"} ${configV "address"}
";
} ) ];
}

69
upstart-jobs/new-proposal/synergys.nix
View File

@ -1,69 +0,0 @@
{ path, thisConfig, config, lib, pkgs, upstartHelpers } : with upstartHelpers; {
options = {
description = "synergy client lets you use a shared keyboard, mouse and clipboard";
configuration = mkOption {
description = "
The synergy server configuration file
";
};
screenName = mkOption {
default = "";
description = "
use screen-name instead the hostname to identify
this screen in the configuration.
";
apply = x: "-n '${x}'";
};
address = mkOption {
default = "";
description = "listen for clients on the given address";
apply = x: "-a '${x}'";
};
};
jobs =
[ ( rec {
name = "synergys";
extraEtc = [ (autoGeneratedEtcFile { name = name + ".conf"; content = thisConfig.configuration; }) ];
# TODO start only when X Server has started as well
job = "
description \"${name}\"
start on network-interfaces/started and xserver/started
stop on network-interfaces/stop or xserver/stop
exec ${pkgs.synergy}/bin/synergys -c /etc/${name}.conf -f ${configV "address"} ${configV "screenName"}
";
} ) ];
}
/* Example configuration
section: screens
laptop:
dm:
win:
end
section: aliases
laptop:
192.168.5.5
dm:
192.168.5.78
win:
192.168.5.54
end
section: links
laptop:
left = dm
dm:
right = laptop
left = win
win:
right = dm
end
*/

89
upstart-jobs/new-proposal/tightvnc.nix
View File

@ -1,89 +0,0 @@
{ path, thisConfig, config, lib, pkgs, upstartHelpers } : with upstartHelpers; rec {
options = {
description = "tightvnc vnc server (share virtual desktop over network";
geometry = mkOption {
default = "-geometry 800x600";
example = "800x600";
description = ''
size of virtual screen
'';
apply = x : "-geometry '${x}'";
};
depth = mkOption {
default = "-depth 24";
description = ''
use screen-name instead the hostname to identify
this screen in the configuration.
value must be something between 8 and 32
'';
apply = x: "-depth '${x}'";
check = x: (__lessThan x 33) && (7 __lessThan x); # not yet used
};
display = mkOption {
default = ":8";
example = 8;
description = "display to use";
apply = x: ":${builtins.toString x}";
};
authFile = mkOption {
default = "-auth /etc/tightvnc-pwd";
description = ''
The file containing authentication passwords.
Can be created using vncpasswd
'';
apply = x: "-auth '${x}'";
check = __pathExists;
};
httpPort = mkOption {
default = "-httpport 5900";
example = 5901;
description = "http port to listen to (Java applet remote interface)";
apply = x: "-httpport '${builtins.toString x}'";
};
desktopName = mkOption {
description = ''
Set VNC desktop name ("x11" by default)
'';
apply = x: "-desktop '${x}'";
};
viewOnly = mkOption {
default = "";
description = ''
Don't accept keboard and pointer events from clients. All clients will be able to see
the desktop but won't be able to control it.
'';
apply = x: "-viewonly '${x}'";
};
interface = mkOption {
default = "";
description = ''
Listen for client connections only on the network interface with given ipaddr
'';
apply = x: "-interface '${x}'";
};
extras = mkOption {
default = "";
description = ''
additional params, see man Xvnc
'';
};
};
jobs = if (lib.getAttr ["services" "xfs" "enable"] false config) != true
then abort "you need to enable xfs services = { xfs = { enable = true; }; } within your nixos/configuration.nix file"
else
[ ( rec {
name = "tightvnc";
job = "
description \"${name}\"
start on network-interfaces/started and xserver/started
stop on network-interfaces/stop or xserver/stop
exec ${pkgs.tightvnc}/bin/Xvnc -fp unix/:7100 ${lib.concatStringsSep " " (lib.mapIf (x : x != "description") configV (__attrNames options ) ) }
";
} ) ];
}
#

227
upstart-jobs/nix.nix Normal file
View File

@ -0,0 +1,227 @@
{pkgs, config, ...}:
###### interface
let
inherit (pkgs.lib) mkOption mkIf;
options = {
nix = {
maxJobs = mkOption {
default = 1;
example = 2;
description = "
This option defines the maximum number of jobs that Nix will try
to build in parallel. The default is 1. You should generally
set it to the number of CPUs in your system (e.g., 2 on a Athlon
64 X2).
";
};
useChroot = mkOption {
default = false;
example = true;
description = "
If set, Nix will perform builds in a chroot-environment that it
will set up automatically for each build. This prevents
impurities in builds by disallowing access to dependencies
outside of the Nix store.
";
};
extraOptions = mkOption {
default = "";
example = "
gc-keep-outputs = true
gc-keep-derivations = true
";
description = "
This option allows to append lines to nix.conf.
";
};
distributedBuilds = mkOption {
default = false;
description = "
Whether to distribute builds to the machines listed in
<option>nix.buildMachines</option>.
";
};
buildMachines = mkOption {
example = [
{ hostName = "voila.labs.cs.uu.nl";
sshUser = "nix";
sshKey = "/root/.ssh/id_buildfarm";
system = "powerpc-darwin";
maxJobs = 1;
}
{ hostName = "linux64.example.org";
sshUser = "buildfarm";
sshKey = "/root/.ssh/id_buildfarm";
system = "x86_64-linux";
maxJobs = 2;
}
];
description = "
This option lists the machines to be used if distributed
builds are enabled (see
<option>nix.distributedBuilds</option>). Nix will perform
derivations on those machines via SSh by copying the inputs to
the Nix store on the remote machine, starting the build, then
copying the output back to the local Nix store. Each element
of the list should be an attribute set containing the
machine's host name (<varname>hostname</varname>), the user
name to be used for the SSH connection
(<varname>sshUser</varname>), the Nix system type
(<varname>system</varname>, e.g.,
<literal>\"i686-linux\"</literal>), the maximum number of jobs
to be run in parallel on that machine
(<varname>maxJobs</varname>), and the path to the SSH private
key to be used to connect (<varname>sshKey</varname>). The
SSH private key should not have a passphrase, and the
corresponding public key should be added to
<filename>~<replaceable>sshUser</replaceable>/authorized_keys</filename>
on the remote machine.
";
};
proxy = mkOption {
default = "";
description = "
This option specifies the proxy to use for fetchurl. The real effect
is just exporting http_proxy, https_proxy and ftp_proxy with that
value.
";
example = "http://127.0.0.1:3128";
};
# Environment variables for running Nix.
envVars = mkOption {
internal = true;
default = "";
description = "
Define the environment variables used by nix to
";
merge = pkgs.lib.mergeStringOption;
# other option should be used to define the content instead of using
# the apply function.
apply = conf: ''
export NIX_CONF_DIR=/nix/etc/nix
# Enable the copy-from-other-stores substituter, which allows builds
# to be sped up by copying build results from remote Nix stores. To
# do this, mount the remote file system on a subdirectory of
# /var/run/nix/remote-stores.
export NIX_OTHER_STORES=/var/run/nix/remote-stores/*/nix
'' + # */
(if config.nix.distributedBuilds then
''
export NIX_BUILD_HOOK=${config.environment.nix}/libexec/nix/build-remote.pl
export NIX_REMOTE_SYSTEMS=/etc/nix.machines
export NIX_CURRENT_LOAD=/var/run/nix/current-load
''
else "")
+
(if config.nix.proxy != "" then
''
export http_proxy=${config.nix.proxy}
export https_proxy=${config.nix.proxy}
export ftp_proxy=${config.nix.proxy}
''
else "")
+ conf;
};
services = {
pulseaudio = {
enable = mkOption {
default = false;
description = ''
Whether to enable the PulseAudio system-wide audio server.
Note that the documentation recommends running PulseAudio
daemons per-user rather than system-wide on desktop machines.
'';
};
logLevel = mkOption {
default = "notice";
example = "debug";
description = ''
A string denoting the log level: one of
<literal>error</literal>, <literal>warn</literal>,
<literal>notice</literal>, <literal>info</literal>,
or <literal>debug</literal>.
'';
};
};
};
};
};
in
###### implementation
let
binsh = config.system.build.binsh;
nixEnvVars = config.nix.envVars;
inherit (pkgs) nix;
in
{
require = [
options
];
environment = {
etc = [
{ # Nix configuration.
source =
let
# Tricky: if we're using a chroot for builds, then we need
# /bin/sh in the chroot (our own compromise to purity).
# However, since /bin/sh is a symlink to some path in the
# Nix store, which furthermore has runtime dependencies on
# other paths in the store, we need the closure of /bin/sh
# in `build-chroot-dirs' - otherwise any builder that uses
# /bin/sh won't work.
refs = pkgs.writeReferencesToFile binsh;
in
pkgs.runCommand "nix.conf" {} ''
binshDeps=$(for i in $(cat ${refs}); do if test -d $i; then echo $i; fi; done)
cat > $out <<END
# WARNING: this file is generated.
build-users-group = nixbld
build-max-jobs = ${toString (config.nix.maxJobs)}
build-use-chroot = ${if config.nix.useChroot then "true" else "false"}
build-chroot-dirs = /dev /dev/pts /proc /bin $(echo $binshDeps)
${config.nix.extraOptions}
END
'';
target = "nix.conf"; # will be symlinked from /nix/etc/nix/nix.conf in activate-configuration.sh.
}
];
};
services = {
extraJobs = [{
name = "nix-daemon";
job = ''
start on startup
stop on shutdown
respawn
script
export PATH=${if config.nix.distributedBuilds then "${pkgs.openssh}/bin:" else ""}${pkgs.openssl}/bin:${nix}/bin:$PATH
${nixEnvVars}
exec ${pkgs.nix}/bin/nix-worker --daemon > /dev/null 2>&1
end script
'';
}];
};
}

73
upstart-jobs/nscd.nix
View File

@ -1,35 +1,44 @@
{glibc, nssModulesPath}: {pkgs, config, ...}:
###### implementation
let
nssModulesPath = config.system.nssModules.path;
in
{ {
name = "nscd"; services = {
extraJobs = [{
users = [ name = "nscd";
{ name = "nscd";
uid = (import ../system/ids.nix).uids.nscd; users = [
description = "Name service cache daemon user"; { name = "nscd";
} uid = (import ../system/ids.nix).uids.nscd;
]; description = "Name service cache daemon user";
}
job = " ];
description \"Name Service Cache Daemon\"
job = ''
start on startup description \"Name Service Cache Daemon\"
stop on shutdown
start on startup
env LD_LIBRARY_PATH=${nssModulesPath} stop on shutdown
start script env LD_LIBRARY_PATH=${nssModulesPath}
mkdir -m 0755 -p /var/run/nscd start script
mkdir -m 0755 -p /var/db/nscd
mkdir -m 0755 -p /var/run/nscd
rm -f /var/db/nscd/* # for testing mkdir -m 0755 -p /var/db/nscd
end script rm -f /var/db/nscd/* # for testing
# !!! -d turns on debug info which probably makes nscd slower end script
# 2>/dev/null is to make it shut up
respawn ${glibc}/sbin/nscd -f ${./nscd.conf} -d 2> /dev/null # !!! -d turns on debug info which probably makes nscd slower
"; # 2>/dev/null is to make it shut up
respawn ${pkgs.glibc}/sbin/nscd -f ${./nscd.conf} -d 2> /dev/null
'';
}];
};
} }

105
upstart-jobs/ntpd.nix
View File

@ -1,52 +1,101 @@
{ntp, modprobe, glibc, writeText, servers}: {pkgs, config, ...}:
###### interface
let
inherit (pkgs.lib) mkOption mkIf;
options = {
services = {
ntp = {
enable = mkOption {
default = true;
description = "
Whether to synchronise your machine's time using the NTP
protocol.
";
};
servers = mkOption {
default = [
"0.pool.ntp.org"
"1.pool.ntp.org"
"2.pool.ntp.org"
];
description = "
The set of NTP servers from which to synchronise.
";
};
};
};
};
in
###### implementation
let let
inherit (pkgs) writeText ntp;
stateDir = "/var/lib/ntp"; stateDir = "/var/lib/ntp";
ntpUser = "ntp"; ntpUser = "ntp";
config = writeText "ntp.conf" '' servers = config.services.ntp.servers;
modprobe = config.system.sbin.modprobe;
configFile = writeText "ntp.conf" ''
driftfile ${stateDir}/ntp.drift driftfile ${stateDir}/ntp.drift
${toString (map (server: "server " + server + "\n") servers)} ${toString (map (server: "server " + server + "\n") servers)}
''; '';
ntpFlags = "-c ${config} -u ${ntpUser}:nogroup -i ${stateDir}"; ntpFlags = "-c ${configFile} -u ${ntpUser}:nogroup -i ${stateDir}";
in in
{
name = "ntpd"; mkIf config.services.ntp.enable {
require = [
users = [ options
{ name = ntpUser;
uid = (import ../system/ids.nix).uids.ntp;
description = "NTP daemon user";
home = stateDir;
}
]; ];
job = ''
description "NTP daemon"
start on ip-up services = {
stop on ip-down extraJobs = [{
stop on shutdown
start script name = "ntpd";
users = [
{ name = ntpUser;
uid = (import ../system/ids.nix).uids.ntp;
description = "NTP daemon user";
home = stateDir;
}
];
job = ''
description "NTP daemon"
mkdir -m 0755 -p ${stateDir} start on ip-up
chown ${ntpUser} ${stateDir} stop on ip-down
stop on shutdown
# Needed to run ntpd as an unprivileged user. start script
${modprobe}/sbin/modprobe capability || true
${ntp}/bin/ntpd -q -g ${ntpFlags} mkdir -m 0755 -p ${stateDir}
chown ${ntpUser} ${stateDir}
end script # Needed to run ntpd as an unprivileged user.
${modprobe}/sbin/modprobe capability || true
respawn ${ntp}/bin/ntpd -n ${ntpFlags} ${ntp}/bin/ntpd -q -g ${ntpFlags}
'';
end script
respawn ${ntp}/bin/ntpd -n ${ntpFlags}
'';
}];
};
} }

82
upstart-jobs/openfire.nix
View File

@ -1,7 +1,36 @@
{pkgs, config}: {pkgs, config, ...}:
assert config.services.openfire.usePostgreSQL -> config.services.postgresql.enable; ###### interface
let let
inherit (pkgs.lib) mkOption mkIf;
options = {
services = {
openfire = {
enable = mkOption {
default = false;
description = "
Whether to enable OpenFire XMPP server.
";
};
usePostgreSQL = mkOption {
default = true;
description = "
Whether you use PostgreSQL service for your storage back-end.
";
};
};
};
};
in
###### implementation
# FIXME (see xfs)
# if (!(config.services.openfire.usePostgreSQL -> config.services.postgresql.enable)) then throw "openfire assertion failed" else
let
inherit (pkgs) jre openfire coreutils which gnugrep gawk gnused;
startDependency = if config.services.openfire.usePostgreSQL then startDependency = if config.services.openfire.usePostgreSQL then
"postgresql" "postgresql"
else else
@ -10,26 +39,35 @@ let
else else
"network-interfaces"; "network-interfaces";
in in
with pkgs;
{
name = "openfire";
job = ''
description "OpenFire XMPP server"
start on ${startDependency}/started mkIf config.services.openfire.enable {
stop on shutdown require = [
options
];
script
export PATH=${jre}/bin:${openfire}/bin:${coreutils}/bin:${which}/bin:${gnugrep}/bin:${gawk}/bin:${gnused}/bin services = {
export HOME=/tmp extraJobs = [{
mkdir /var/log/openfire || true name = "openfire";
mkdir /etc/openfire || true job = ''
for i in ${openfire}/conf.inst/*; do description "OpenFire XMPP server"
if ! test -f /etc/openfire/$(basename $i); then
cp $i /etc/openfire/ start on ${startDependency}/started
fi stop on shutdown
done
openfire start script
end script export PATH=${jre}/bin:${openfire}/bin:${coreutils}/bin:${which}/bin:${gnugrep}/bin:${gawk}/bin:${gnused}/bin
''; export HOME=/tmp
mkdir /var/log/openfire || true
mkdir /etc/openfire || true
for i in ${openfire}/conf.inst/*; do
if ! test -f /etc/openfire/$(basename $i); then
cp $i /etc/openfire/
fi
done
openfire start
end script
'';
}];
};
} }

85
upstart-jobs/portmap.nix
View File

@ -1,35 +1,70 @@
{ makePortmap }: {pkgs, config, ...}:
###### interface
let
inherit (pkgs.lib) mkOption mkIf;
options = {
services = {
portmap = {
enable = mkOption {
default = false;
description = ''
Whether to enable `portmap', an ONC RPC directory service
notably used by NFS and NIS, and which can be queried
using the rpcinfo(1) command.
'';
};
};
};
};
in
###### implementation
let uid = (import ../system/ids.nix).uids.portmap; let uid = (import ../system/ids.nix).uids.portmap;
gid = (import ../system/ids.nix).gids.portmap; gid = (import ../system/ids.nix).gids.portmap;
in in
{
name = "portmap"; mkIf config.services.portmap.enable {
users = [ require = [
{ name = "portmap"; options
inherit uid;
description = "portmap daemon user";
home = "/var/empty";
}
]; ];
groups = [
{ name = "portmap";
inherit gid;
}
];
job = users = {
let portmap = makePortmap { daemonUID = uid; daemonGID = gid; }; extraUsers = [
in { name = "portmap";
'' inherit uid;
description "ONC RPC portmap" description = "portmap daemon user";
home = "/var/empty";
}
];
start on network-interfaces/started extraGroups = [
stop on network-interfaces/stop { name = "portmap";
inherit gid;
}
];
};
respawn ${portmap}/sbin/portmap services = {
''; extraJobs = [{
name = "portmap";
job =
let portmap = pkgs.makePortmap { daemonUID = uid; daemonGID = gid; };
in
''
description "ONC RPC portmap"
start on network-interfaces/started
stop on network-interfaces/stop
respawn ${portmap}/sbin/portmap
'';
}];
};
} }

276
upstart-jobs/postfix.nix
View File

@ -1,4 +1,154 @@
{config, pkgs} : {pkgs, config, ...}:
###### interface
let
inherit (pkgs.lib) mkOption mkIf;
options = {
services = {
postfix = {
enable = mkOption {
default = false;
description ="
Whether to run the Postfix mail server.
";
};
user = mkOption {
default = "postfix";
description = "
How to call postfix user (must be used only for postfix).
";
};
group = mkOption {
default = "postfix";
description = "
How to call postfix group (must be used only for postfix).
";
};
setgidGroup = mkOption {
default = "postdrop";
description = "
How to call postfix setgid group (for postdrop). Should
be uniquely used group.
";
};
networks = mkOption {
default = null;
example = ["192.168.0.1/24"];
description = "
Net masks for trusted - allowed to relay mail to third parties -
hosts. Leave empty to use mynetworks_style configuration or use
default (localhost-only).
";
};
networksStyle = mkOption {
default = "";
description = "
Name of standard way of trusted network specification to use,
leave blank if you specify it explicitly or if you want to use
default (localhost-only).
";
};
hostname = mkOption {
default = "";
description ="
Hostname to use. Leave blank to use just the hostname of machine.
It should be FQDN.
";
};
domain = mkOption {
default = "";
description ="
Domain to use. Leave blank to use hostname minus first component.
";
};
origin = mkOption {
default = "";
description ="
Origin to use in outgoing e-mail. Leave blank to use hostname.
";
};
destination = mkOption {
default = null;
example = ["localhost"];
description = "
Full (!) list of domains we deliver locally. Leave blank for
acceptable Postfix default.
";
};
relayDomains = mkOption {
default = null;
example = ["localdomain"];
description = "
List of domains we agree to relay to. Default is the same as
destination.
";
};
relayHost = mkOption {
default = "";
description = "
Mail relay for outbound mail.
";
};
lookupMX = mkOption {
default = false;
description = "
Whether relay specified is just domain whose MX must be used.
";
};
postmasterAlias = mkOption {
default = "root";
description = "
Who should receive postmaster e-mail.
";
};
rootAlias = mkOption {
default = "";
description = "
Who should receive root e-mail. Blank for no redirection.
";
};
extraAliases = mkOption {
default = "";
description = "
Additional entries to put verbatim into aliases file.
";
};
sslCert = mkOption {
default = "";
description = "
SSL certificate to use.
";
};
sslCACert = mkOption {
default = "";
description = "
SSL certificate of CA.
";
};
sslKey = mkOption {
default = "";
description ="
SSL key to use.
";
};
recipientDelimiter = mkOption {
default = "";
example = "+";
description = "
Delimiter for address extension: so mail to user+test can be handled by ~user/.forward+test
";
};
};
};
};
in
###### implementation
let let
startingDependency = if config.services.gw6c.enable then "gw6c" else "network-interfaces"; startingDependency = if config.services.gw6c.enable then "gw6c" else "network-interfaces";
@ -103,62 +253,76 @@ let
mainCfFile = pkgs.writeText "postfix-main.cf" mainCf; mainCfFile = pkgs.writeText "postfix-main.cf" mainCf;
in in
{
name = "postfix"; mkIf config.services.postfix.enable {
users = [ require = [
{ name = user; options
description = "Postfix mail server user";
uid = idList.uids.postfix;
group = group;
}
]; ];
groups = [ environment = {
{ name = group; etc = [{
gid = idList.gids.postfix; source = "/var/postfix/conf";
}
{ name = setgidGroup;
gid = idList.gids.postdrop;
}
];
# I copy _lots_ of shipped configuration filed
# that can be left as is. I am afraid the exact
# will list slightly change in next Postfix
# release, so listing them all one-by-one in an
# accurate way is unlikely to be better.
job = ''
description "Postfix mail server job"
start on ${startingDependency}/started
stop on never
script
if ! [ -d /var/spool/postfix ]; then
${pkgs.coreutils}/bin/mkdir -p /var/spool/mail /var/postfix/conf /var/postfix/queue
fi
${pkgs.coreutils}/bin/chown -R ${user}.${group} /var/postfix
${pkgs.coreutils}/bin/chown -R ${user}.${setgidGroup} /var/postfix/queue
${pkgs.coreutils}/bin/chmod -R ug+rwX /var/postfix/queue
${pkgs.coreutils}/bin/chown root.root /var/spool/mail
${pkgs.coreutils}/bin/chmod a+rwxt /var/spool/mail
ln -sf ${pkgs.postfix}/share/postfix/conf/* /var/postfix/conf
ln -sf ${aliasesFile} /var/postfix/conf/aliases
ln -sf ${mainCfFile} /var/postfix/conf/main.cf
${pkgs.postfix}/sbin/postalias -c /var/postfix/conf /var/postfix/conf/aliases
${pkgs.postfix}/sbin/postfix -c /var/postfix/conf start
end script
'';
extraEtc = [
{ source = "/var/postfix/conf";
target = "postfix"; target = "postfix";
} }];
]; };
users = {
extraUsers = [
{ name = user;
description = "Postfix mail server user";
uid = idList.uids.postfix;
group = group;
}
];
extraGroups = [
{ name = group;
gid = idList.gids.postfix;
}
{ name = setgidGroup;
gid = idList.gids.postdrop;
}
];
};
services = {
extraJobs = [{
name = "postfix";
# I copy _lots_ of shipped configuration filed
# that can be left as is. I am afraid the exact
# will list slightly change in next Postfix
# release, so listing them all one-by-one in an
# accurate way is unlikely to be better.
job = ''
description "Postfix mail server job"
start on ${startingDependency}/started
stop on never
script
if ! [ -d /var/spool/postfix ]; then
${pkgs.coreutils}/bin/mkdir -p /var/spool/mail /var/postfix/conf /var/postfix/queue
fi
${pkgs.coreutils}/bin/chown -R ${user}.${group} /var/postfix
${pkgs.coreutils}/bin/chown -R ${user}.${setgidGroup} /var/postfix/queue
${pkgs.coreutils}/bin/chmod -R ug+rwX /var/postfix/queue
${pkgs.coreutils}/bin/chown root.root /var/spool/mail
${pkgs.coreutils}/bin/chmod a+rwxt /var/spool/mail
ln -sf ${pkgs.postfix}/share/postfix/conf/* /var/postfix/conf
ln -sf ${aliasesFile} /var/postfix/conf/aliases
ln -sf ${mainCfFile} /var/postfix/conf/main.cf
${pkgs.postfix}/sbin/postalias -c /var/postfix/conf /var/postfix/conf/aliases
${pkgs.postfix}/sbin/postfix -c /var/postfix/conf start
end script
'';
}];
};
} }

133
upstart-jobs/postgresql.nix
View File

@ -1,4 +1,72 @@
{pkgs, config}: {pkgs, config, ...}:
###### interface
let
inherit (pkgs.lib) mkOption mkIf;
options = {
services = {
postgresql = {
enable = mkOption {
default = false;
description = "
Whether to run PostgreSQL.
";
};
port = mkOption {
default = "5432";
description = "
Port for PostgreSQL.
";
};
logDir = mkOption {
default = "/var/log/postgresql";
description = "
Log directory for PostgreSQL.
";
};
dataDir = mkOption {
default = "/var/db/postgresql";
description = "
Data directory for PostgreSQL.
";
};
subServices = mkOption {
default = [];
description = "
Subservices list. As it is already implememnted,
here is an interface...
";
};
authentication = mkOption {
default = ''
# Generated file; do not edit!
local all all ident sameuser
host all all 127.0.0.1/32 md5
host all all ::1/128 md5
'';
description = "
Hosts (except localhost), who you allow to connect.
";
};
allowedHosts = mkOption {
default = [];
description = "
Hosts (except localhost), who you allow to connect.
";
};
authMethod = mkOption {
default = " ident sameuser ";
description = "
How to authorize users.
Note: ident needs absolute trust to all allowed client hosts.";
};
};
};
};
in
###### implementation
let let
@ -13,36 +81,47 @@ let
in in
{ mkIf config.services.postgresql.enable {
name = "postgresql"; require = [
options
users = [
{ name = "postgres";
description = "PostgreSQL server user";
}
]; ];
groups = [
{ name = "postgres"; }
];
extraPath = [postgresql]; users = {
extraUsers = [
{ name = "postgres";
description = "PostgreSQL server user";
}
];
job = '' extraGroups = [
description "PostgreSQL server" { name = "postgres"; }
];
};
start on ${startDependency}/started services = {
stop on shutdown extraJobs = [{
name = "postgresql";
start script
if ! test -e ${cfg.dataDir}; then
mkdir -m 0700 -p ${cfg.dataDir}
chown -R postgres ${cfg.dataDir}
${run} -c '${postgresql}/bin/initdb -D ${cfg.dataDir} -U root'
fi
cp -f ${pkgs.writeText "pg_hba.conf" cfg.authentication} ${cfg.dataDir}/pg_hba.conf
end script
respawn ${run} -c '${postgresql}/bin/postgres -D ${cfg.dataDir}' extraPath = [postgresql];
'';
job = ''
description "PostgreSQL server"
start on ${startDependency}/started
stop on shutdown
start script
if ! test -e ${cfg.dataDir}; then
mkdir -m 0700 -p ${cfg.dataDir}
chown -R postgres ${cfg.dataDir}
${run} -c '${postgresql}/bin/initdb -D ${cfg.dataDir} -U root'
fi
cp -f ${pkgs.writeText "pg_hba.conf" cfg.authentication} ${cfg.dataDir}/pg_hba.conf
end script
respawn ${run} -c '${postgresql}/bin/postgres -D ${cfg.dataDir}'
'';
}];
};
} }

101
upstart-jobs/samba.nix
View File

@ -1,4 +1,26 @@
{pkgs, samba, glibc}: {pkgs, config, ...}:
###### interface
let
inherit (pkgs.lib) mkOption mkIf;
options = {
services = {
samba = {
enable = mkOption {
default = false;
description = "
Whether to enable the samba server. (to communicate with, and provide windows shares)
";
};
};
};
};
in
###### implementation
let let
@ -7,52 +29,65 @@ let
smbConfig = ./smb.conf ; smbConfig = ./smb.conf ;
inherit (pkgs) samba;
in in
{
name = "samba";
users = [
{ name = user;
description = "Samba service user";
group = group;
}
];
groups = [
{ name = group; mkIf config.services.samba.enable {
} require = [
options
]; ];
job = "
description \"Samba Service\" users = {
extraUsers = [
{ name = user;
description = "Samba service user";
group = group;
}
];
extraGroups = [
{ name = group;
}
];
};
start on network-interfaces/started services = {
stop on network-interfaces/stop extraJobs = [{
name = "samba";
job = ''
start script description "Samba Service"
if ! test -d /home/smbd ; then start on network-interfaces/started
mkdir -p /home/smbd stop on network-interfaces/stop
chown ${user} /home/smbd
chmod a+rwx /home/smbd
fi
if ! test -d /var/samba ; then start script
mkdir -p /var/samba/locks /var/samba/cores/nmbd /var/samba/cores/smbd /var/samba/cores/winbindd
fi
${samba}/sbin/nmbd -D -s ${smbConfig} & if ! test -d /home/smbd ; then
${samba}/sbin/smbd -D -s ${smbConfig} & mkdir -p /home/smbd
${samba}/sbin/winbindd -B -s ${smbConfig} & chown ${user} /home/smbd
chmod a+rwx /home/smbd
fi
ln -fs ${smbConfig} /var/samba/config if ! test -d /var/samba ; then
mkdir -p /var/samba/locks /var/samba/cores/nmbd /var/samba/cores/smbd /var/samba/cores/winbindd
fi
end script ${samba}/sbin/nmbd -D -s ${smbConfig} &
${samba}/sbin/smbd -D -s ${smbConfig} &
${samba}/sbin/winbindd -B -s ${smbConfig} &
respawn ${samba}/sbin/nmbd -D -s ${smbConfig} &; ${samba}/sbin/smbd -D -s ${smbConfig} &; ${samba}/sbin/winbindd -B & ln -fs ${smbConfig} /var/samba/config
"; end script
respawn ${samba}/sbin/nmbd -D -s ${smbConfig} &; ${samba}/sbin/smbd -D -s ${smbConfig} &; ${samba}/sbin/winbindd -B &
'';
}];
};
} }

141
upstart-jobs/sshd.nix
View File

@ -1,14 +1,66 @@
{ writeText, openssh, glibc, xauth {pkgs, config, ...}:
, nssModulesPath
, forwardX11, allowSFTP, permitRootLogin, gatewayPorts
}:
assert permitRootLogin == "yes" || ###### interface
permitRootLogin == "without-password" ||
permitRootLogin == "forced-commands-only" ||
permitRootLogin == "no";
let let
inherit (pkgs.lib) mkOption mkIf;
options = {
services = {
sshd = {
enable = mkOption {
default = false;
description = "
Whether to enable the Secure Shell daemon, which allows secure
remote logins.
";
};
forwardX11 = mkOption {
default = true;
description = "
Whether to enable sshd to forward X11 connections.
";
};
allowSFTP = mkOption {
default = true;
description = "
Whether to enable the SFTP subsystem in the SSH daemon. This
enables the use of commands such as <command>sftp</command> and
<command>sshfs</command>.
";
};
permitRootLogin = mkOption {
default = "yes";
description = "
Whether the root user can login using ssh. Valid options
are <command>yes</command>, <command>without-password</command>,
<command>forced-commands-only</command> or
<command>no</command>
";
};
gatewayPorts = mkOption {
default = "no";
description = "
Specifies whether remote hosts are allowed to connect to ports forwarded for the client. See man sshd_conf.
";
};
};
};
};
###### implementation
inherit (pkgs) writeText openssh;
cfg = (config.services.sshd);
nssModules = config.system.nssModules.list;
nssModulesPath = config.system.nssModules.path;
sshdConfig = writeText "sshd_config" '' sshdConfig = writeText "sshd_config" ''
@ -16,55 +68,70 @@ let
UsePAM yes UsePAM yes
${if forwardX11 then " ${if cfg.forwardX11 then "
X11Forwarding yes X11Forwarding yes
XAuthLocation ${xauth}/bin/xauth XAuthLocation ${pkgs.xlibs.xauth}/bin/xauth
" else " " else "
X11Forwarding no X11Forwarding no
"} "}
${if allowSFTP then " ${if cfg.allowSFTP then "
Subsystem sftp ${openssh}/libexec/sftp-server Subsystem sftp ${openssh}/libexec/sftp-server
" else " " else "
"} "}
PermitRootLogin ${permitRootLogin} PermitRootLogin ${cfg.permitRootLogin}
GatewayPorts ${gatewayPorts} GatewayPorts ${cfg.gatewayPorts}
''; '';
sshdUid = (import ../system/ids.nix).uids.sshd; sshdUid = (import ../system/ids.nix).uids.sshd;
assertion = cfg.permitRootLogin == "yes" ||
cfg.permitRootLogin == "without-password" ||
cfg.permitRootLogin == "forced-commands-only" ||
cfg.permitRootLogin == "no";
in in
{
name = "sshd";
users = [ mkIf config.services.sshd.enable {
{ name = "sshd"; require = [
uid = (import ../system/ids.nix).uids.sshd; options
description = "SSH privilege separation user";
home = "/var/empty";
}
]; ];
job = ''
description "SSH server"
start on network-interfaces/started users = {
stop on network-interfaces/stop extraUsers = [
{ name = "sshd";
uid = (import ../system/ids.nix).uids.sshd;
description = "SSH privilege separation user";
home = "/var/empty";
}
];
};
env LD_LIBRARY_PATH=${nssModulesPath} services = {
extraJobs = [{
name = "sshd";
start script job = ''
mkdir -m 0755 -p /etc/ssh description "SSH server"
if ! test -f /etc/ssh/ssh_host_dsa_key; then start on network-interfaces/started
${openssh}/bin/ssh-keygen -t dsa -b 1024 -f /etc/ssh/ssh_host_dsa_key -N "" stop on network-interfaces/stop
fi
end script
respawn ${openssh}/sbin/sshd -D -h /etc/ssh/ssh_host_dsa_key -f ${sshdConfig} env LD_LIBRARY_PATH=${nssModulesPath}
'';
start script
mkdir -m 0755 -p /etc/ssh
if ! test -f /etc/ssh/ssh_host_dsa_key; then
${openssh}/bin/ssh-keygen -t dsa -b 1024 -f /etc/ssh/ssh_host_dsa_key -N ""
fi
end script
respawn ${openssh}/sbin/sshd -D -h /etc/ssh/ssh_host_dsa_key -f ${sshdConfig}
'';
}];
};
} }

72
upstart-jobs/swap.nix
View File

@ -1,7 +1,13 @@
{lib, utillinux, swapDevices}: {pkgs, config, ...}:
###### implementation
let let
inherit (pkgs) utillinux lib;
swapDevices = config.swapDevices;
devicesByPath = devicesByPath =
map (x: x.device) (lib.filter (x: x ? device) swapDevices); map (x: x.device) (lib.filter (x: x ? device) swapDevices);
@ -10,35 +16,39 @@ let
in in
{ {
name = "swap"; services = {
extraJobs = [{
job = " name = "swap";
start on startup
start on new-devices job = "
start on startup
script start on new-devices
for device in ${toString devicesByPath}; do
${utillinux}/sbin/swapon \"$device\" || true script
done for device in ${toString devicesByPath}; do
${utillinux}/sbin/swapon \"$device\" || true
for label in ${toString devicesByLabel}; do done
${utillinux}/sbin/swapon -L \"$label\" || true
done for label in ${toString devicesByLabel}; do
${utillinux}/sbin/swapon -L \"$label\" || true
# Remove swap devices not listed in swapDevices. done
# !!! disabled because it doesn't work with labels
#for used in $(cat /proc/swaps | grep '^/' | sed 's/ .*//'); do # Remove swap devices not listed in swapDevices.
# found= # !!! disabled because it doesn't work with labels
# for device in $ {toString swapDevices}; do #for used in $(cat /proc/swaps | grep '^/' | sed 's/ .*//'); do
# if test \"$used\" = \"$device\"; then found=1; fi # found=
# done # for device in $ {toString swapDevices}; do
# if test -z \"$found\"; then # if test \"$used\" = \"$device\"; then found=1; fi
# ${utillinux}/sbin/swapoff \"$used\" || true # done
# fi # if test -z \"$found\"; then
#done # ${utillinux}/sbin/swapoff \"$used\" || true
# fi
end script #done
";
end script
";
}];
};
} }

60
upstart-jobs/swraid.nix
View File

@ -1,36 +1,44 @@
{modprobe, mdadm}: {pkgs, config, ...}:
###### implementation
let let
tempConf = "/var/run/mdadm.conf"; tempConf = "/var/run/mdadm.conf";
modprobe = config.system.sbin.modprobe;
inherit (pkgs) mdadm;
in in
{ {
name = "swraid";
job = "
start on udev
#start on new-devices
script
# Load the necessary RAID personalities.
# !!! hm, doesn't the kernel load these automatically?
for mod in raid0 raid1 raid5; do
${modprobe}/sbin/modprobe $mod || true
done
# Scan /proc/partitions for RAID devices.
${mdadm}/sbin/mdadm --examine --brief --scan -c partitions > ${tempConf}
# Activate each device found.
${mdadm}/sbin/mdadm --assemble -c ${tempConf} --scan
initctl emit new-devices
end script
";
services = {
extraJobs = [{
name = "swraid";
job = ''
start on udev
#start on new-devices
script
# Load the necessary RAID personalities.
# !!! hm, doesn't the kernel load these automatically?
for mod in raid0 raid1 raid5; do
${modprobe}/sbin/modprobe $mod || true
done
# Scan /proc/partitions for RAID devices.
${mdadm}/sbin/mdadm --examine --brief --scan -c partitions > ${tempConf}
# Activate each device found.
${mdadm}/sbin/mdadm --assemble -c ${tempConf} --scan
initctl emit new-devices
end script
'';
}];
};
} }

58
upstart-jobs/syslogd.nix
View File

@ -1,8 +1,32 @@
{sysklogd, writeText, config}: {pkgs, config, ...}:
###### interface
let
inherit (pkgs.lib) mkOption mkIf;
options = {
services = {
syslogd = {
tty = mkOption {
default = 10;
description = "
The tty device on which syslogd will print important log
messages.
";
};
};
};
};
in
###### implementation
let let
syslogConf = writeText "syslog.conf" '' syslogConf = pkgs.writeText "syslog.conf" ''
kern.warning;*.err;authpriv.none /dev/tty10 kern.warning;*.err;authpriv.none /dev/tty10
# Send emergency messages to all users. # Send emergency messages to all users.
@ -22,16 +46,24 @@ let
in in
{ {
name = "syslogd"; require = [
options
job = '' ];
description "Syslog daemon"
start on udev
stop on shutdown
env TZ=${config.time.timeZone} services = {
extraJobs = [{
respawn ${sysklogd}/sbin/syslogd -n -f ${syslogConf} name = "syslogd";
'';
job = ''
description "Syslog daemon"
start on udev
stop on shutdown
env TZ=${config.time.timeZone}
respawn ${pkgs.sysklogd}/sbin/syslogd -n -f ${syslogConf}
'';
}];
};
} }

256
upstart-jobs/tomcat.nix
View File

@ -1,109 +1,175 @@
args: with args; {pkgs, config, ...}:
###### interface
let
inherit (pkgs.lib) mkOption mkIf;
options = {
services = {
tomcat = {
enable = mkOption {
default = false;
description = "Whether to enable Apache Tomcat";
};
baseDir = mkOption {
default = "/var/tomcat";
description = "Location where Tomcat stores configuration files, webapplications and logfiles";
};
user = mkOption {
default = "tomcat";
description = "User account under which Apache Tomcat runs.";
};
deployFrom = mkOption {
default = "";
description = "Location where webapplications are stored. Leave empty to use the baseDir.";
};
javaOpts = mkOption {
default = "";
description = "Parameters to pass to the Java Virtual Machine which spawns Apache Tomcat";
};
catalinaOpts = mkOption {
default = "";
description = "Parameters to pass to the Java Virtual Machine which spawns the Catalina servlet container";
};
sharedLibFrom = mkOption {
default = "";
description = "Location where shared libraries are stored. Leave empty to use the baseDir.";
};
commonLibFrom = mkOption {
default = "";
description = "Location where common libraries are stored. Leave empty to use the baseDir.";
};
contextXML = mkOption {
default = "";
description = "Location of the context.xml to use. Leave empty to use the default.";
};
};
};
};
in
###### implementation
let let
cfg = config.services.tomcat; cfg = config.services.tomcat;
in in
{ mkIf config.services.tomcat.enable {
name = "tomcat"; require = [
options
groups = [
{ name = "tomcat";
gid = (import ../system/ids.nix).gids.tomcat;
}
]; ];
users = [
{ name = "tomcat";
uid = (import ../system/ids.nix).uids.tomcat;
description = "Tomcat user";
home = "/homeless-shelter";
}
];
job = ''
description "Apache Tomcat server"
start on network-interface/started services = {
stop on network-interfaces/stop extraJobs = [{
name = "tomcat";
start script
# Create initial state data groups = [
{ name = "tomcat";
gid = (import ../system/ids.nix).gids.tomcat;
}
];
users = [
{ name = "tomcat";
uid = (import ../system/ids.nix).uids.tomcat;
description = "Tomcat user";
home = "/homeless-shelter";
}
];
job = ''
description "Apache Tomcat server"
start on network-interface/started
stop on network-interfaces/stop
if ! test -d ${cfg.baseDir} start script
then # Create initial state data
mkdir -p ${cfg.baseDir}/webapps
mkdir -p ${cfg.baseDir}/shared if ! test -d ${cfg.baseDir}
mkdir -p ${cfg.baseDir}/lib then
cp -av ${pkgs.tomcat6}/{conf,temp,logs} ${cfg.baseDir} mkdir -p ${cfg.baseDir}/webapps
fi mkdir -p ${cfg.baseDir}/shared
mkdir -p ${cfg.baseDir}/lib
# Deploy context.xml cp -av ${pkgs.tomcat6}/{conf,temp,logs} ${cfg.baseDir}
fi
if test "${cfg.contextXML}" = ""
then # Deploy context.xml
cp ${pkgs.tomcat6}/conf/context.xml.default ${cfg.baseDir}/conf/context.xml
else if test "${cfg.contextXML}" = ""
cp ${cfg.contextXML} ${cfg.baseDir}/conf/context.xml then
fi cp ${pkgs.tomcat6}/conf/context.xml.default ${cfg.baseDir}/conf/context.xml
else
# Deploy all webapplications cp ${cfg.contextXML} ${cfg.baseDir}/conf/context.xml
fi
if ! test "${cfg.deployFrom}" = ""
then # Deploy all webapplications
rm -rf ${cfg.baseDir}/webapps
mkdir -p ${cfg.baseDir}/webapps if ! test "${cfg.deployFrom}" = ""
for i in ${cfg.deployFrom}/* then
rm -rf ${cfg.baseDir}/webapps
mkdir -p ${cfg.baseDir}/webapps
for i in ${cfg.deployFrom}/*
do
cp -rL $i ${cfg.baseDir}/webapps
done
fi
# Fix permissions
chown -R ${cfg.user} ${cfg.baseDir}
for i in `find ${cfg.baseDir} -type d`
do do
cp -rL $i ${cfg.baseDir}/webapps chmod -v 755 $i
done
for i in `find ${cfg.baseDir} -type f`
do
chmod -v 644 $i
done done
fi
# Fix permissions
chown -R ${cfg.user} ${cfg.baseDir}
for i in `find ${cfg.baseDir} -type d`
do
chmod -v 755 $i
done
for i in `find ${cfg.baseDir} -type f`
do
chmod -v 644 $i
done
# Deploy all common libraries # Deploy all common libraries
rm -rf ${cfg.baseDir}/lib/* rm -rf ${cfg.baseDir}/lib/*
if test "${cfg.commonLibFrom}" = "" if test "${cfg.commonLibFrom}" = ""
then then
commonLibFrom="${pkgs.tomcat6}/lib"; commonLibFrom="${pkgs.tomcat6}/lib";
else else
commonLibFrom="${cfg.commonLibFrom}"; commonLibFrom="${cfg.commonLibFrom}";
fi fi
for i in $commonLibFrom/*.jar for i in $commonLibFrom/*.jar
do do
ln -s $i ${cfg.baseDir}/lib ln -s $i ${cfg.baseDir}/lib
done done
# Deploy all shared libraries # Deploy all shared libraries
if ! test "${cfg.sharedLibFrom}" = ""
then
rm -f ${cfg.baseDir}/shared/lib
ln -s ${cfg.sharedLibFrom} ${cfg.baseDir}/shared/lib
fi
end script
if ! test "${cfg.sharedLibFrom}" = "" respawn ${pkgs.su}/bin/su -s ${pkgs.bash}/bin/sh ${cfg.user} -c 'CATALINA_BASE=${cfg.baseDir} JAVA_HOME=${pkgs.jdk} JAVA_OPTS="${cfg.javaOpts}" CATALINA_OPTS="${cfg.catalinaOpts}" ${pkgs.tomcat6}/bin/startup.sh; sleep 1000d'
then
rm -f ${cfg.baseDir}/shared/lib stop script
ln -s ${cfg.sharedLibFrom} ${cfg.baseDir}/shared/lib echo "Stopping tomcat..."
fi CATALINA_BASE=${cfg.baseDir} JAVA_HOME=${pkgs.jdk} ${pkgs.su}/bin/su -s ${pkgs.bash}/bin/sh ${cfg.user} -c ${pkgs.tomcat6}/bin/shutdown.sh
end script
end script '';
}];
respawn ${pkgs.su}/bin/su -s ${pkgs.bash}/bin/sh ${cfg.user} -c 'CATALINA_BASE=${cfg.baseDir} JAVA_HOME=${pkgs.jdk} JAVA_OPTS="${cfg.javaOpts}" CATALINA_OPTS="${cfg.catalinaOpts}" ${pkgs.tomcat6}/bin/startup.sh; sleep 1000d' };
stop script
echo "Stopping tomcat..."
CATALINA_BASE=${cfg.baseDir} JAVA_HOME=${pkgs.jdk} ${pkgs.su}/bin/su -s ${pkgs.bash}/bin/sh ${cfg.user} -c ${pkgs.tomcat6}/bin/shutdown.sh
end script
'';
} }

190
upstart-jobs/tty-backgrounds.nix
View File

@ -1,11 +1,100 @@
{stdenv, splashutils, backgrounds}: {pkgs, config, ...}:
rec { ###### interface
name = "tty-backgrounds"; let
inherit (pkgs.lib) mkOption mkIf;
unpackTheme = theme: import ../helpers/unpack-theme.nix { options = {
inherit stdenv theme; services = {
ttyBackgrounds = {
enable = mkOption {
default = true;
description = "
Whether to enable graphical backgrounds for the virtual consoles.
";
};
defaultTheme = mkOption {
default = pkgs.fetchurl {
#url = http://www.bootsplash.de/files/themes/Theme-BabyTux.tar.bz2;
url = http://www.mirrorservice.org/sites/www.ibiblio.org/gentoo/distfiles/Theme-BabyTux.tar.bz2;
md5 = "a6d89d1c1cff3b6a08e2f526f2eab4e0";
};
description = "
The default theme for the virtual consoles. Themes can be found
at <link xlink:href='http://www.bootsplash.de/' />.
";
};
defaultSpecificThemes = mkOption {
default = [
/*
{ tty = 6;
theme = pkgs.fetchurl { # Yeah!
url = http://www.bootsplash.de/files/themes/Theme-Pativo.tar.bz2;
md5 = "9e13beaaadf88d43a5293e7ab757d569";
};
}
*/
{ tty = 10;
theme = pkgs.fetchurl {
#url = http://www.bootsplash.de/files/themes/Theme-GNU.tar.bz2;
url = http://www.mirrorservice.org/sites/www.ibiblio.org/gentoo/distfiles/Theme-GNU.tar.bz2;
md5 = "61969309d23c631e57b0a311102ef034";
};
}
];
description = "
This option sets specific themes for virtual consoles. If you
just want to set themes for additional consoles, use
<option>services.ttyBackgrounds.specificThemes</option>.
";
};
specificThemes = mkOption {
default = [
];
description = "
This option allows you to set specific themes for virtual
consoles.
";
};
};
};
}; };
in
###### implementation
let
inherit (pkgs) stdenv;
kernelPackages = config.boot.kernelPackages;
splashutils = kernelPackages.splashutils;
requiredTTYs = config.requiredTTYs;
backgrounds =
let
specificThemes =
config.services.ttyBackgrounds.defaultSpecificThemes
++ config.services.ttyBackgrounds.specificThemes;
overridenTTYs = map (x: x.tty) specificThemes;
# Use the default theme for all the mingetty ttys and for the
# syslog tty, except those for which a specific theme is
# specified.
defaultTTYs =
pkgs.lib.filter (x: !(pkgs.lib.elem x overridenTTYs)) requiredTTYs;
in
(map (ttyNumber: {
tty = ttyNumber;
theme = config.services.ttyBackgrounds.defaultTheme;
}) defaultTTYs)
++ specificThemes;
themesUnpacked = stdenv.mkDerivation { themesUnpacked = stdenv.mkDerivation {
name = "splash-themes"; name = "splash-themes";
@ -15,46 +104,71 @@ rec {
themes = map (x: if x ? theme then (unpackTheme x.theme) else "default") backgrounds; themes = map (x: if x ? theme then (unpackTheme x.theme) else "default") backgrounds;
}; };
extraEtc = [ unpackTheme = theme: import ../helpers/unpack-theme.nix {
{ source = themesUnpacked; inherit stdenv theme;
target = "splash"; };
}
in
# FIXME see xfs
# assert splashutils != null;
mkIf (config.services.ttyBackgrounds.enable && kernelPackages.splashutils != null) {
require = [
options
]; ];
job = ''
start on udev
start script environment = {
etc = [
{ source = themesUnpacked;
target = "splash";
}
];
};
# Critical: tell the kernel where to find splash_helper. It calls
# this program every time we switch between consoles.
helperProcFile=${splashutils.helperProcFile}
if test -e /proc/sys/fbcondecor; then helperProcFile=/proc/sys/fbcondecor; fi
echo ${splashutils}/${splashutils.helperName} > $helperProcFile
# For each console... services = {
for tty in ${toString (map (x: x.tty) backgrounds)}; do extraJobs = [ rec {
# Make sure that the console exists. name = "tty-backgrounds";
echo -n "" > /dev/tty$tty
# Set the theme as determined by tty-backgrounds-combine.sh job = ''
# above. start on udev
theme=$(readlink ${themesUnpacked}/$tty)
${splashutils}/${splashutils.controlName} --tty $tty -c setcfg -t $theme || true
${splashutils}/${splashutils.controlName} --tty $tty -c setpic -t $theme || true
${splashutils}/${splashutils.controlName} --tty $tty -c on || true
done
end script start script
respawn sleep 10000 # !!! Hack # Critical: tell the kernel where to find splash_helper. It calls
# this program every time we switch between consoles.
helperProcFile=${splashutils.helperProcFile}
if test -e /proc/sys/fbcondecor; then helperProcFile=/proc/sys/fbcondecor; fi
echo ${splashutils}/${splashutils.helperName} > $helperProcFile
stop script # For each console...
# Disable the theme on each console. for tty in ${toString (map (x: x.tty) backgrounds)}; do
for tty in ${toString (map (x: x.tty) backgrounds)}; do # Make sure that the console exists.
${splashutils}/${splashutils.controlName} --tty $tty -c off || true echo -n "" > /dev/tty$tty
done
end script # Set the theme as determined by tty-backgrounds-combine.sh
''; # above.
theme=$(readlink ${themesUnpacked}/$tty)
${splashutils}/${splashutils.controlName} --tty $tty -c setcfg -t $theme || true
${splashutils}/${splashutils.controlName} --tty $tty -c setpic -t $theme || true
${splashutils}/${splashutils.controlName} --tty $tty -c on || true
done
end script
respawn sleep 10000 # !!! Hack
stop script
# Disable the theme on each console.
for tty in ${toString (map (x: x.tty) backgrounds)}; do
${splashutils}/${splashutils.controlName} --tty $tty -c off || true
done
end script
'';
}];
};
} }

145
upstart-jobs/udev.nix
View File

@ -1,18 +1,66 @@
{ stdenv, writeText, substituteAll, cleanSource, udev, procps, firmwareDirs, modprobe {pkgs, config, ...}:
, extraUdevPkgs ? []
, config ###### interface
}: let
inherit (pkgs.lib) mkOption mkIf;
options = {
services = {
udev = {
addFirmware = mkOption {
default = [];
example = ["/mnt/big-storage/firmware/"];
description = "
To specify firmware that is not too spread to ensure
a package, or have an interactive process of extraction
and cannot be redistributed.
";
merge = pkgs.lib.mergeListOption;
};
addUdevPkgs = mkOption {
default = [];
description = "
List of packages containing udev rules.
";
merge = pkgs.lib.mergeListOption;
};
sndMode = mkOption {
default = "0600";
example = "0666";
description = "
Permissions for /dev/snd/*, in case you have multiple
logged in users or if the devices belong to root for
some reason.
";
};
};
};
};
in
###### implementation
let let
inherit (pkgs) substituteAll stdenv writeText udev procps;
cfg = config.services.udev; cfg = config.services.udev;
firmwareLoader = substituteAll { firmwareLoader = substituteAll {
src = ./udev-firmware-loader.sh; src = ./udev-firmware-loader.sh;
path = "${stdenv.coreutils}/bin"; path = "${stdenv.coreutils}/bin";
isExecutable = true; isExecutable = true;
inherit firmwareDirs; inherit firmwareDirs;
}; };
firmwareDirs = config.services.udev.addFirmware;
extraUdevPkgs = config.services.udev.addUdevPkgs;
modprobe = config.system.sbin.modprobe;
nixRules = writeText "90-nix.rules" '' nixRules = writeText "90-nix.rules" ''
@ -86,55 +134,64 @@ let
in in
{ {
name = "udev";
job = ''
start on startup
stop on shutdown
env UDEV_CONFIG_FILE=${conf} require = [
options
];
start script services = {
echo "" > /proc/sys/kernel/hotplug extraJobs = [{
name = "udev";
job = ''
start on startup
stop on shutdown
# Get rid of possible old udev processes. env UDEV_CONFIG_FILE=${conf}
${procps}/bin/pkill -u root "^udevd$" || true
# Do the loading of additional stage 2 kernel modules. start script
# Maybe this isn't the best place... echo "" > /proc/sys/kernel/hotplug
for i in ${toString config.boot.kernelModules}; do
echo "Loading kernel module $i..."
${modprobe}/sbin/modprobe $i || true
done
# Start udev. # Get rid of possible old udev processes.
${udev}/sbin/udevd --daemon ${procps}/bin/pkill -u root "^udevd$" || true
# Let udev create device nodes for all modules that have already # Do the loading of additional stage 2 kernel modules.
# been loaded into the kernel (or for which support is built into # Maybe this isn't the best place...
# the kernel). for i in ${toString config.boot.kernelModules}; do
if ! test -e ${devicesCreated}; then echo "Loading kernel module $i..."
${udev}/sbin/udevadm trigger ${modprobe}/sbin/modprobe $i || true
${udev}/sbin/udevadm settle # wait for udev to finish done
touch ${devicesCreated}
fi
# Kill udev, let Upstart restart and monitor it. (This is nasty, # Start udev.
# but we have to run `udevadm trigger' first. Maybe we can use ${udev}/sbin/udevd --daemon
# Upstart's `binary' keyword, but it isn't implemented yet.)
if ! ${procps}/bin/pkill -u root "^udevd$"; then
echo "couldn't stop udevd"
fi
while ${procps}/bin/pgrep -u root "^udevd$"; do # Let udev create device nodes for all modules that have already
sleep 1 # been loaded into the kernel (or for which support is built into
done # the kernel).
if ! test -e ${devicesCreated}; then
${udev}/sbin/udevadm trigger
${udev}/sbin/udevadm settle # wait for udev to finish
touch ${devicesCreated}
fi
initctl emit new-devices # Kill udev, let Upstart restart and monitor it. (This is nasty,
end script # but we have to run `udevadm trigger' first. Maybe we can use
# Upstart's `binary' keyword, but it isn't implemented yet.)
if ! ${procps}/bin/pkill -u root "^udevd$"; then
echo "couldn't stop udevd"
fi
respawn ${udev}/sbin/udevd while ${procps}/bin/pgrep -u root "^udevd$"; do
''; sleep 1
done
passthru = {inherit udevRules;}; initctl emit new-devices
end script
respawn ${udev}/sbin/udevd
'';
passthru = {inherit udevRules;};
}];
};
} }

184
upstart-jobs/vsftpd.nix
View File

@ -1,80 +1,120 @@
{ vsftpd, anonymousUser {pkgs, config, ...}:
, anonymousUploadEnable, anonymousMkdirEnable, writeEnable
}:
{ ###### interface
name = "vsftpd"; let
inherit (pkgs.lib) mkOption mkIf;
groups = [ options = {
{ name = "ftp"; services = {
gid = (import ../system/ids.nix).gids.ftp; vsftpd = {
} enable = mkOption {
default = false;
description = "
Whether to enable the vsftpd FTP server.
";
};
anonymousUser = mkOption {
default = false;
description = "
Whether to enable the anonymous FTP user.
";
};
writeEnable = mkOption {
default = false;
description = "
Whether any write activity is permitted to users.
";
};
anonymousUploadEnable = mkOption {
default = false;
description = "
Whether any uploads are permitted to anonymous users.
";
};
anonymousMkdirEnable = mkOption {
default = false;
description = "
Whether mkdir is permitted to anonymous users.
";
};
};
};
};
in
###### implementation
let
inherit (config.services.vsftpd) anonymousUser writeEnable anonymousUploadEnable anonymousMkdirEnable;
inherit (pkgs) vsftpd;
yesNoOption = p : name :
"${name}=${if p then "YES" else "NO"}";
in
mkIf config.services.vsftpd.enable {
require = [
options
]; ];
users = [
{ name = "vsftpd";
uid = (import ../system/ids.nix).uids.vsftpd;
description = "VSFTPD user";
home = "/homeless-shelter";
}
] ++
(if anonymousUser then [
{ name = "ftp";
uid = (import ../system/ids.nix).uids.ftp;
group = "ftp";
description = "Anonymous ftp user";
home = "/home/ftp";
}
]
else
[]);
job = "
description \"vsftpd server\"
start on network-interfaces/started users = {
stop on network-interfaces/stop extraUsers = [
{ name = "vsftpd";
uid = (import ../system/ids.nix).uids.vsftpd;
description = "VSFTPD user";
home = "/homeless-shelter";
}
] ++ pkgs.lib.optional anonymousUser
{ name = "ftp";
uid = (import ../system/ids.nix).uids.ftp;
group = "ftp";
description = "Anonymous ftp user";
home = "/home/ftp";
};
start script extraGroups = [
cat > /etc/vsftpd.conf <<EOF { name = "ftp";
" + gid = (import ../system/ids.nix).gids.ftp;
(if anonymousUser then }
"anonymous_enable=YES" ];
else
"anonymous_enable=NO") + };
(if writeEnable then
"
write_enable=YES"
else
"
write_enable=NO"
) +
(if anonymousUploadEnable then
"
anon_upload_enable=YES"
else
"
anon_upload_enable=NO"
) +
(if anonymousMkdirEnable then
"
anon_mkdir_write_enable=YES"
else
"
anon_mkdir_write_enable=NO"
) +
"
background=NO
listen=YES
nopriv_user=vsftpd
secure_chroot_dir=/var/ftp/empty
EOF
mkdir -p /home/ftp && services = {
chown -R ftp:ftp /home/ftp extraJobs = [{
end script name = "vsftpd";
respawn ${vsftpd}/sbin/vsftpd /etc/vsftpd.conf job = ''
"; description "vsftpd server"
start on network-interfaces/started
stop on network-interfaces/stop
start script
cat > /etc/vsftpd.conf <<EOF
${yesNoOption anonymousUser "anonymous_enable"}
${yesNoOption writeEnable "write_enable"}
${yesNoOption anonymousUploadEnable "anon_upload_enable"}
${yesNoOption anonymousMkdirEnable "anon_mkdir_write_enable"}
background=NO
listen=YES
nopriv_user=vsftpd
secure_chroot_dir=/var/ftp/empty
EOF
mkdir -p /home/ftp &&
chown -R ftp:ftp /home/ftp
end script
respawn ${vsftpd}/sbin/vsftpd /etc/vsftpd.conf
'';
}];
};
} }

64
upstart-jobs/xfs.nix
View File

@ -1,20 +1,54 @@
{ {pkgs, config, ...}:
pkgs, config
}: ###### interface
if ! config.fonts.enableFontDir then abort "Please enable fontDir (fonts.enableFontDir) to use xfs." else
let let
configFile = ./xfs.conf; inherit (pkgs.lib) mkOption mkIf;
options = {
services = {
xfs = {
enable = mkOption {
default = false;
description = "
Whether to enable the X Font Server.
";
};
};
};
};
in
###### implementation
# FIXME: enable this warning again. It's causing "infinite recursion encountered, why?"
# if ! config.fonts.enableFontDir then throw "Please enable fontDir (fonts.enableFontDir) to use xfs." else
let
configFile = ./xfs.conf;
startingDependency = if config.services.gw6c.enable && config.services.gw6c.autorun then "gw6c" else "network-interfaces"; startingDependency = if config.services.gw6c.enable && config.services.gw6c.autorun then "gw6c" else "network-interfaces";
in in
rec {
name = "xfs";
groups = [];
users = [];
job = "
description \"X Font Server\"
start on ${startingDependency}/started
stop on shutdown
respawn ${pkgs.xorg.xfs}/bin/xfs -config ${configFile} mkIf config.services.xfs.enable {
"; require = [
options
];
services = {
extraJobs = [ (rec {
name = "xfs";
groups = [];
users = [];
job = ''
description "X Font Server"
start on ${startingDependency}/started
stop on shutdown
respawn ${pkgs.xorg.xfs}/bin/xfs -config ${configFile}
'';
})];
};
} }

2
upstart-jobs/xserver/desktopManager/kde4.nix
View File

@ -2,7 +2,7 @@
let let
inherit (pkgs.lib) mkOption mkIf; inherit (pkgs.lib) mkOption mkIf;
cfg = config.services.xserver.desktopManager.kde; cfg = config.services.xserver.desktopManager.kde4;
xorg = config.services.xserver.package; xorg = config.services.xserver.package;
options = { services = { xserver = { desktopManager = { options = { services = { xserver = { desktopManager = {