public
/
nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'master' into x-updates

This commit is contained in:
Vladimír Čunát 2013-05-29 23:32:05 +02:00
parent 40d61bfe36 421fb9d585
commit a5a7c8ad78
20 changed files with 239 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
modules/config/swap.nix
View File

@ -58,6 +58,17 @@ with utils;
''; '';
}; };
priority = mkOption {
default = null;
example = 2048;
type = types.nullOr types.int;
description = ''
Specify the priority of the swap device. Priority is a value between 0 and 32767.
Higher numbers indicate higher priority.
null lets the kernel choose a priority, which will show up as a negative value.
'';
};
}; };
config = { config = {

1
modules/config/system-path.nix
View File

@ -41,7 +41,6 @@ let
pkgs.nano pkgs.nano
pkgs.ncurses pkgs.ncurses
pkgs.netcat pkgs.netcat
pkgs.ntp
pkgs.openssh pkgs.openssh
pkgs.pciutils pkgs.pciutils
pkgs.perl pkgs.perl

1
modules/misc/ids.nix
View File

@ -75,6 +75,7 @@ in
spamd = 56; spamd = 56;
nslcd = 58; nslcd = 58;
nginx = 60; nginx = 60;
chrony = 61;
# When adding a uid, make sure it doesn't match an existing gid. # When adding a uid, make sure it doesn't match an existing gid.

2
modules/module-list.nix
View File

@ -36,6 +36,7 @@
./misc/nixpkgs.nix ./misc/nixpkgs.nix
./misc/passthru.nix ./misc/passthru.nix
./misc/version.nix ./misc/version.nix
./programs/atop.nix
./programs/bash/bash.nix ./programs/bash/bash.nix
./programs/bash/command-not-found.nix ./programs/bash/command-not-found.nix
./programs/blcr.nix ./programs/blcr.nix
@ -125,6 +126,7 @@
./services/networking/bind.nix ./services/networking/bind.nix
./services/networking/bitlbee.nix ./services/networking/bitlbee.nix
./services/networking/cntlm.nix ./services/networking/cntlm.nix
./services/networking/chrony.nix
./services/networking/ddclient.nix ./services/networking/ddclient.nix
#./services/networking/dhclient.nix #./services/networking/dhclient.nix
./services/networking/dhcpcd.nix ./services/networking/dhcpcd.nix

36
modules/programs/atop.nix Normal file
View File

@ -0,0 +1,36 @@
# Global configuration for atop.
{config, pkgs, ...}:
with pkgs.lib;
let cfg = config.programs.atop;
in
{
###### interface
options = {
programs.atop = {
settings = mkOption {
type = types.attrs;
default = {};
example = {
flags = "a1f";
interval = 5;
};
description = ''
Parameters to be written to <filename>/etc/atoprc</filename>
'';
};
};
};
config = mkIf (cfg.settings != {}) {
environment.etc."atoprc".text =
concatStrings (mapAttrsToList (n: v: "${n} ${toString v}\n") cfg.settings);
};
}

8
modules/security/apparmor-suid.nix
View File

@ -29,8 +29,12 @@ with pkgs.lib;
network inet raw, network inet raw,
${pkgs.glibc}/lib/*.so mr, ${pkgs.glibc}/lib/*.so mr,
/var/setuid-wrappers/ping.real mixr, ${pkgs.libcap}/lib/libcap.so* mr,
${pkgs.iputils}/sbin/ping mixr, ${pkgs.attr}/lib/libattr.so* mr,
${pkgs.iputils}/bin/ping mixr,
/var/setuid-wrappers/ping.real r,
#/etc/modules.conf r, #/etc/modules.conf r,
## Site-specific additions and overrides. See local/README for details. ## Site-specific additions and overrides. See local/README for details.

12
modules/security/apparmor.nix
View File

@ -53,12 +53,12 @@ with pkgs.lib;
serviceConfig = { serviceConfig = {
Type = "oneshot"; Type = "oneshot";
RemainAfterExit = "yes"; RemainAfterExit = "yes";
ExecStart = concatMapStrings (profile: '' ExecStart = concatMapStrings (profile:
${pkgs.apparmor}/sbin/apparmor_parser -rKv -I ${pkgs.apparmor}/etc/apparmor.d/ "${profile}" ''${pkgs.apparmor}/sbin/apparmor_parser -rKv -I ${pkgs.apparmor}/etc/apparmor.d/ "${profile}" ; ''
'') cfg.profiles; ) cfg.profiles;
ExecStop = concatMapStrings (profile: '' ExecStop = concatMapStrings (profile:
${pkgs.apparmor}/sbin/apparmor_parser -Rv "${profile}" ''${pkgs.apparmor}/sbin/apparmor_parser -Rv -I ${pkgs.apparmor}/etc/apparmor.d/ "${profile}" ; ''
'') cfg.profiles; ) cfg.profiles;
}; };
}; };

17
modules/services/backup/bacula.nix
View File

@ -7,6 +7,7 @@ with pkgs.lib;
let let
libDir = "/var/lib/bacula"; libDir = "/var/lib/bacula";
fd_cfg = config.services.bacula-fd; fd_cfg = config.services.bacula-fd;
fd_conf = pkgs.writeText "bacula-fd.conf" fd_conf = pkgs.writeText "bacula-fd.conf"
'' ''
@ -96,6 +97,17 @@ let
${dir_cfg.extraConfig} ${dir_cfg.extraConfig}
''; '';
# TODO: by default use this config
bconsole_conf = pkgs.writeText "bconsole.conf"
''
Director {
Name = ${dir_cfg.name};
Address = "localhost";
DirPort = ${toString dir_cfg.port};
Password = "${dir_cfg.password}";
}
'';
directorOptions = {name, config, ...}: directorOptions = {name, config, ...}:
{ {
options = { options = {
@ -342,7 +354,8 @@ in {
description = "Bacula File Daemon"; description = "Bacula File Daemon";
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
path = [ pkgs.bacula ]; path = [ pkgs.bacula ];
serviceConfig.ExecStart = "${pkgs.bacula}/sbin/bacula-fd -f -u bacula -g bacula -c ${fd_conf}"; serviceConfig.ExecStart = "${pkgs.bacula}/sbin/bacula-fd -f -u root -g bacula -c ${fd_conf}";
serviceConfig.ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
}; };
systemd.services.bacula-sd = mkIf sd_cfg.enable { systemd.services.bacula-sd = mkIf sd_cfg.enable {
@ -351,6 +364,7 @@ in {
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
path = [ pkgs.bacula ]; path = [ pkgs.bacula ];
serviceConfig.ExecStart = "${pkgs.bacula}/sbin/bacula-sd -f -u bacula -g bacula -c ${sd_conf}"; serviceConfig.ExecStart = "${pkgs.bacula}/sbin/bacula-sd -f -u bacula -g bacula -c ${sd_conf}";
serviceConfig.ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
}; };
services.postgresql.enable = dir_cfg.enable == true; services.postgresql.enable = dir_cfg.enable == true;
@ -361,6 +375,7 @@ in {
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
path = [ pkgs.bacula ]; path = [ pkgs.bacula ];
serviceConfig.ExecStart = "${pkgs.bacula}/sbin/bacula-dir -f -u bacula -g bacula -c ${dir_conf}"; serviceConfig.ExecStart = "${pkgs.bacula}/sbin/bacula-dir -f -u bacula -g bacula -c ${dir_conf}";
serviceConfig.ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
preStart = '' preStart = ''
if ! test -e "${libDir}/db-created"; then if ! test -e "${libDir}/db-created"; then
${pkgs.postgresql}/bin/createuser --no-superuser --no-createdb --no-createrole bacula ${pkgs.postgresql}/bin/createuser --no-superuser --no-createdb --no-createrole bacula

118
modules/services/networking/chrony.nix Normal file
View File

@ -0,0 +1,118 @@
{ config, pkgs, ... }:
with pkgs.lib;
let
inherit (pkgs) chrony;
stateDir = "/var/lib/chrony";
chronyUser = "chrony";
cfg = config.services.chrony;
configFile = pkgs.writeText "chrony.conf" ''
${toString (map (server: "server " + server + "\n") cfg.servers)}
${optionalString cfg.initstepslew.enabled ''
initstepslew ${toString cfg.initstepslew.threshold} ${toString (map (server: server + " ") cfg.initstepslew.servers)}
''}
driftfile ${stateDir}/chrony.drift
${optionalString (!config.time.hardwareClockInLocalTime) "rtconutc"}
${cfg.extraConfig}
'';
chronyFlags = "-m -f ${configFile} -u ${chronyUser}";
in
{
###### interface
options = {
services.chrony = {
enable = mkOption {
default = false;
description = ''
Whether to synchronise your machine's time using chrony.
Make sure you disable NTP if you enable this service.
'';
};
servers = mkOption {
default = [
"0.pool.ntp.org"
"1.pool.ntp.org"
"2.pool.ntp.org"
];
description = ''
The set of NTP servers from which to synchronise.
'';
};
initstepslew = mkOption {
default = {
enabled = true;
threshold = 1000; # by default, same threshold as 'ntpd -g' (1000s)
servers = cfg.servers;
};
description = ''
Allow chronyd to make a rapid measurement of the system clock error at
boot time, and to correct the system clock by stepping before normal
operation begins.
'';
};
extraConfig = mkOption {
default = "";
description = ''
Extra configuration directives that should be added to
<literal>chrony.conf</literal>
'';
};
};
};
###### implementation
config = mkIf config.services.chrony.enable {
# Make chronyc available in the system path
environment.systemPackages = [ pkgs.chrony ];
users.extraUsers = singleton
{ name = chronyUser;
uid = config.ids.uids.chrony;
description = "chrony daemon user";
home = stateDir;
};
jobs.chronyd =
{ description = "chrony daemon";
wantedBy = [ "ip-up.target" ];
partOf = [ "ip-up.target" ];
path = [ chrony ];
preStart =
''
mkdir -m 0755 -p ${stateDir}
chown ${chronyUser} ${stateDir}
'';
exec = "chronyd -n ${chronyFlags}";
};
};
}

4
modules/services/networking/gnunet.nix
View File

@ -126,6 +126,10 @@ in
createHome = true; createHome = true;
}; };
users.extraGroups = singleton
{ name = "gnunet";
};
# The user tools that talk to `gnunetd' should come from the same source, # The user tools that talk to `gnunetd' should come from the same source,
# so install them globally. # so install them globally.
environment.systemPackages = [ pkgs.gnunet ]; environment.systemPackages = [ pkgs.gnunet ];

2
modules/services/networking/networkmanager.nix
View File

@ -94,7 +94,7 @@ in {
} }
]; ];
environment.systemPackages = cfg.packages; environment.systemPackages = cfg.packages ++ [ networkmanager_openvpn ];
users.extraGroups = singleton { users.extraGroups = singleton {
name = "networkmanager"; name = "networkmanager";

3
modules/services/networking/ntpd.nix
View File

@ -58,6 +58,9 @@ in
config = mkIf config.services.ntp.enable { config = mkIf config.services.ntp.enable {
# Make tools such as ntpq available in the system path
environment.systemPackages = [ pkgs.ntp ];
users.extraUsers = singleton users.extraUsers = singleton
{ name = ntpUser; { name = ntpUser;
uid = config.ids.uids.ntp; uid = config.ids.uids.ntp;

18
modules/services/networking/openvpn.nix
View File

@ -15,7 +15,6 @@ let
upScript = '' upScript = ''
#! /bin/sh #! /bin/sh
exec > /var/log/openvpn-${name}-up 2>&1
export PATH=${path} export PATH=${path}
# For convenience in client scripts, extract the remote domain # For convenience in client scripts, extract the remote domain
@ -34,13 +33,13 @@ let
downScript = '' downScript = ''
#! /bin/sh #! /bin/sh
exec > /var/log/openvpn-${name}-down 2>&1
export PATH=${path} export PATH=${path}
${cfg.down} ${cfg.down}
''; '';
configFile = pkgs.writeText "openvpn-config-${name}" configFile = pkgs.writeText "openvpn-config-${name}"
'' ''
errors-to-stderr
${optionalString (cfg.up != "" || cfg.down != "") "script-security 2"} ${optionalString (cfg.up != "" || cfg.down != "") "script-security 2"}
${cfg.config} ${cfg.config}
${optionalString (cfg.up != "") "up ${pkgs.writeScript "openvpn-${name}-up" upScript}"} ${optionalString (cfg.up != "") "up ${pkgs.writeScript "openvpn-${name}-up" upScript}"}
@ -50,12 +49,13 @@ let
in { in {
description = "OpenVPN instance ${name}"; description = "OpenVPN instance ${name}";
startOn = mkDefault "started network-interfaces"; wantedBy = optional cfg.autoStart [ "multi-user.target" ];
stopOn = mkDefault "stopping network-interfaces"; after = [ "network-interfaces.target" ];
path = [ pkgs.iptables pkgs.iproute pkgs.nettools ]; path = [ pkgs.iptables pkgs.iproute pkgs.nettools ];
exec = "${openvpn}/sbin/openvpn --config ${configFile}"; serviceConfig.ExecStart = "@${openvpn}/sbin/openvpn openvpn --config ${configFile}";
serviceConfig.Restart = "always";
}; };
in in
@ -144,6 +144,12 @@ in
''; '';
}; };
autoStart = mkOption {
default = true;
type = types.bool;
description = "Whether this OpenVPN instance should be started automatically.";
};
}; };
}; };
@ -155,7 +161,7 @@ in
config = mkIf (cfg.servers != {}) { config = mkIf (cfg.servers != {}) {
jobs = listToAttrs (mapAttrsFlatten (name: value: nameValuePair "openvpn-${name}" (makeOpenVPNJob value name)) cfg.servers); systemd.services = listToAttrs (mapAttrsFlatten (name: value: nameValuePair "openvpn-${name}" (makeOpenVPNJob value name)) cfg.servers);
environment.systemPackages = [ openvpn ]; environment.systemPackages = [ openvpn ];

4
modules/services/web-servers/apache-httpd/mediawiki.nix
View File

@ -72,11 +72,11 @@ let
# Unpack Mediawiki and put the config file in its root directory. # Unpack Mediawiki and put the config file in its root directory.
mediawikiRoot = pkgs.stdenv.mkDerivation rec { mediawikiRoot = pkgs.stdenv.mkDerivation rec {
name= "mediawiki-1.20.3"; name= "mediawiki-1.20.5";
src = pkgs.fetchurl { src = pkgs.fetchurl {
url = "http://download.wikimedia.org/mediawiki/1.20/${name}.tar.gz"; url = "http://download.wikimedia.org/mediawiki/1.20/${name}.tar.gz";
sha256 = "046jcq54xla490sx0pn0w169wj74lqj3n87r39s59in6494lwp4a"; sha256 = "0ix6khrilfdncjqnh41xjs0bd49i1q0rywycjaixjfpwj6vjbqbl";
}; };
skins = config.skins; skins = config.skins;

1
modules/services/web-servers/apache-httpd/zabbix.nix
View File

@ -27,7 +27,6 @@ in
'' ''
post_max_size = 32M post_max_size = 32M
max_execution_time = 300 max_execution_time = 300
mbstring.func_overload = 2
''; '';
extraConfig = '' extraConfig = ''

5
modules/services/x11/desktop-managers/kde4.nix
View File

@ -42,6 +42,8 @@ let
phononBackendPackages = flip concatMap cfg.phononBackends phononBackendPackages = flip concatMap cfg.phononBackends
(name: attrByPath [name] (throw "unknown phonon backend `${name}'") phononBackends); (name: attrByPath [name] (throw "unknown phonon backend `${name}'") phononBackends);
wantsUdisks2 = pkgs.kde4.kdelibs.wantsUdisks2 or false;
in in
{ {
@ -155,7 +157,8 @@ in
}; };
# Enable helpful DBus services. # Enable helpful DBus services.
services.udisks.enable = true; services.udisks.enable = ! wantsUdisks2;
services.udisks2.enable = wantsUdisks2;
services.upower.enable = config.powerManagement.enable; services.upower.enable = config.powerManagement.enable;
security.pam.services = [ { name = "kde"; allowNullPassword = true; startSession = true; } ]; security.pam.services = [ { name = "kde"; allowNullPassword = true; startSession = true; } ];

10
modules/system/boot/systemd-unit-options.nix
View File

@ -215,6 +215,16 @@ rec {
socketOptions = unitOptions // { socketOptions = unitOptions // {
listenStreams = mkOption {
default = [];
types = types.listOf types.string;
example = [ "0.0.0.0:993" "/run/my-socket" ];
description = ''
For each item in this list, a <literal>ListenStream</literal>
option in the <literal>[Socket]</literal> section will be created.
'';
};
socketConfig = mkOption { socketConfig = mkOption {
default = {}; default = {};
example = { ListenStream = "/run/my-socket"; }; example = { ListenStream = "/run/my-socket"; };

1
modules/system/boot/systemd.nix
View File

@ -275,6 +275,7 @@ let
[Socket] [Socket]
${attrsToSection def.socketConfig} ${attrsToSection def.socketConfig}
${concatStringsSep "\n" (map (s: "ListenStream=${s}") def.listenStreams)}
''; '';
}; };

4
modules/tasks/filesystems.nix
View File

@ -7,6 +7,8 @@ let
fileSystems = attrValues config.fileSystems; fileSystems = attrValues config.fileSystems;
prioOption = prio: optionalString (prio !=null) " pri=${toString prio}";
fileSystemOpts = { name, ... }: { fileSystemOpts = { name, ... }: {
options = { options = {
@ -167,7 +169,7 @@ in
# Swap devices. # Swap devices.
${flip concatMapStrings config.swapDevices (sw: ${flip concatMapStrings config.swapDevices (sw:
"${sw.device} none swap\n" "${sw.device} none swap${prioOption sw.priority}\n"
)} )}
''; '';

5
modules/tasks/filesystems/btrfs.nix
View File

@ -17,12 +17,13 @@ in
boot.initrd.extraUtilsCommands = mkIf inInitrd boot.initrd.extraUtilsCommands = mkIf inInitrd
'' ''
cp -v ${pkgs.btrfsProgs}/bin/btrfsck $out/bin mkdir -p $out/bin
cp -v ${pkgs.btrfsProgs}/bin/btrfs $out/bin cp -v ${pkgs.btrfsProgs}/bin/btrfs $out/bin
ln -sv btrfs $out/bin/btrfsck
ln -sv btrfsck $out/bin/fsck.btrfs
# !!! Increases uncompressed initrd by 240k # !!! Increases uncompressed initrd by 240k
cp -pv ${pkgs.zlib}/lib/libz.so* $out/lib cp -pv ${pkgs.zlib}/lib/libz.so* $out/lib
cp -pv ${pkgs.lzo}/lib/liblzo2.so* $out/lib cp -pv ${pkgs.lzo}/lib/liblzo2.so* $out/lib
ln -sv btrfsck $out/bin/fsck.btrfs
''; '';
boot.initrd.extraUtilsCommandsTest = mkIf inInitrd boot.initrd.extraUtilsCommandsTest = mkIf inInitrd