diff --git a/lib/build-vms.nix b/lib/build-vms.nix index 7505f6f49f3..efd1ce3b8d3 100644 --- a/lib/build-vms.nix +++ b/lib/build-vms.nix @@ -1,4 +1,4 @@ -{ nixpkgs, services, system }: +{ nixpkgs, services, system, useBackdoor ? false }: let pkgs = import nixpkgs { config = {}; inherit system; }; in @@ -58,7 +58,7 @@ rec { modules = configurations ++ [ ../modules/virtualisation/qemu-vm.nix ../modules/testing/test-instrumentation.nix # !!! should only get added for automated test runs - { key = "no-manual"; services.nixosManual.enable = false; } + { key = "no-manual"; services.nixosManual.enable = false; virtualisation.useBackdoor = useBackdoor; } ]; extraArgs = { inherit nodes; }; }; diff --git a/modules/installer/tools/nixos-build-vms/build-vms.nix b/modules/installer/tools/nixos-build-vms/build-vms.nix new file mode 100644 index 00000000000..bedabecad2d --- /dev/null +++ b/modules/installer/tools/nixos-build-vms/build-vms.nix @@ -0,0 +1,16 @@ +{ nixos +, nixpkgs +, services ? "/etc/nixos/services" +, system ? builtins.currentSystem +, networkExpr +, useBackdoor ? false +}: + +let nodes = import networkExpr; +in +(import "${nixos}/lib/build-vms.nix" { + inherit nixpkgs services system useBackdoor; +}) +.buildVirtualNetwork { + inherit nodes; +} diff --git a/modules/installer/tools/nixos-build-vms/nixos-build-vms.sh b/modules/installer/tools/nixos-build-vms/nixos-build-vms.sh new file mode 100644 index 00000000000..709b9051fc4 --- /dev/null +++ b/modules/installer/tools/nixos-build-vms/nixos-build-vms.sh @@ -0,0 +1,66 @@ +#! @shell@ -e + +# Shows the usage of this command to the user + +showUsage() +{ + echo "Usage: $0 -n network_expr -i infrastructure_expr" + echo "Options:" + echo + echo "-n,--network Network Nix expression which captures properties of machines in the network" + echo "--use-backdoor Indicates that the backdoor must be enabled so that the VMs can be accessed through a UNIX domain socket" + echo "--show-trace Shows the output trace" + echo "-h,--help Shows the usage of this command" +} + +# Parse valid argument options + +PARAMS=`getopt -n $0 -o n:h -l network:,use-backdoor,show-trace,help -- "$@"` + +if [ $? != 0 ] +then + showUsage + exit 1 +fi + +eval set -- "$PARAMS" + +# Evaluate valid options + +while [ "$1" != "--" ] +do + case "$1" in + -n|--network) + networkExpr=`readlink -f $2` + ;; + --use-backdoor) + useBackdoorArg="--arg useBackdoor true" + ;; + --show-trace) + showTraceArg="--show-trace" + ;; + -h|--help) + showUsage + exit 0 + ;; + esac + + shift +done + +# Validate the given options + +if [ "$networkExpr" = "" ] +then + echo "ERROR: A network expression must be specified!" >&2 + exit 1 +fi + +if [ -z "$NIXOS" ] +then + NIXOS=/etc/nixos/nixos +fi + +# Build a network of VMs + +nix-build $NIXOS/modules/installer/tools/nixos-build-vms/build-vms.nix --argstr networkExpr $networkExpr --argstr nixos $NIXOS --argstr nixpkgs $NIXPKGS_ALL $useBackdoorArg $showTraceArg diff --git a/modules/installer/tools/nixos-deploy-network/nixos-deploy-network.sh b/modules/installer/tools/nixos-deploy-network/nixos-deploy-network.sh index 9b6d716f343..08370a15dc8 100644 --- a/modules/installer/tools/nixos-deploy-network/nixos-deploy-network.sh +++ b/modules/installer/tools/nixos-deploy-network/nixos-deploy-network.sh @@ -9,6 +9,7 @@ showUsage() echo echo "-n,--network Network Nix expression which captures properties of machines in the network" echo "-i,--infrastructure Infrastructure Nix expression which captures properties of machines in the network" + echo "--show-trace Shows an output trace" echo "-h,--help Shows the usage of this command" } diff --git a/modules/installer/tools/tools.nix b/modules/installer/tools/tools.nix index 8dd07c67f91..b735863a34c 100644 --- a/modules/installer/tools/tools.nix +++ b/modules/installer/tools/tools.nix @@ -11,6 +11,11 @@ let isExecutable = true; }); + nixosBuildVMS = makeProg { + name = "nixos-build-vms"; + src = ./nixos-build-vms/nixos-build-vms.sh; + }; + nixosDeployNetwork = makeProg { name = "nixos-deploy-network"; src = ./nixos-deploy-network/nixos-deploy-network.sh; @@ -131,7 +136,8 @@ in config = { environment.systemPackages = - [ nixosDeployNetwork + [ nixosBuildVMS + nixosDeployNetwork nixosInstall nixosRebuild nixosHardwareScan diff --git a/modules/misc/ids.nix b/modules/misc/ids.nix index f69ae2f3b9f..2db841194e3 100644 --- a/modules/misc/ids.nix +++ b/modules/misc/ids.nix @@ -53,10 +53,10 @@ in davfs2 = 31; privoxy = 32; osgi = 34; - sabnzbd = 33; tor = 35; cups = 36; foldingAtHome = 37; + sabnzbd = 38; # When adding a uid, make sure it doesn't match an existing gid. nixbld = 30000; # start of range of uids diff --git a/modules/module-list.nix b/modules/module-list.nix index 5e6ed0095f2..1364b28182d 100644 --- a/modules/module-list.nix +++ b/modules/module-list.nix @@ -146,6 +146,7 @@ ./system/activation/activation-script.nix ./system/activation/top-level.nix ./system/boot/kernel.nix + ./system/boot/luksroot.nix ./system/boot/modprobe.nix ./system/boot/stage-1.nix ./system/boot/stage-2.nix diff --git a/modules/programs/bash/bashrc.sh b/modules/programs/bash/bashrc.sh index 8d1e4833a2d..50768635d36 100644 --- a/modules/programs/bash/bashrc.sh +++ b/modules/programs/bash/bashrc.sh @@ -17,8 +17,8 @@ NIX_USER_PROFILE_DIR=/nix/var/nix/profiles/per-user/$USER NIX_PROFILES="/var/run/current-system/sw /nix/var/nix/profiles/default $HOME/.nix-profile" -unset PATH INFOPATH PKG_CONFIG_PATH PERL5LIB GST_PLUGIN_PATH KDEDIRS -unset XDG_CONFIG_DIRS XDG_DATA_DIRS +unset PATH INFOPATH PKG_CONFIG_PATH PERL5LIB ALSA_PLUGIN_DIRS GST_PLUGIN_PATH KDEDIRS +unset QT_PLUGIN_PATH QTWEBKIT_PLUGIN_PATH STRIGI_PLUGIN_PATH XDG_CONFIG_DIRS XDG_DATA_DIRS for i in $NIX_PROFILES; do # !!! reverse # We have to care not leaving an empty PATH element, because that means '.' to Linux @@ -38,7 +38,9 @@ for i in $NIX_PROFILES; do # !!! reverse # KDE/Gnome stuff. export KDEDIRS=$i${KDEDIRS:+:}$KDEDIRS + export STRIGI_PLUGIN_PATH=$i/lib/strigi/${STRIGI_PLUGIN_PATH:+:}$STRIGI_PLUGIN_PATH export QT_PLUGIN_PATH=$i/lib/qt4/plugins:$i/lib/kde4/plugins${QT_PLUGIN_PATH:+:}$QT_PLUGIN_PATH + export QTWEBKIT_PLUGIN_PATH=$i/lib/mozilla/plugins/${QTWEBKIT_PLUGIN_PATH:+:}$QTWEBKIT_PLUGIN_PATH export XDG_CONFIG_DIRS=$i/etc/xdg${XDG_CONFIG_DIRS:+:}$XDG_CONFIG_DIRS export XDG_DATA_DIRS=$i/share${XDG_DATA_DIRS:+:}$XDG_DATA_DIRS done @@ -58,7 +60,7 @@ PROMPT_COLOR="1;31m" let $UID && PROMPT_COLOR="1;32m" PS1="\n\[\033[$PROMPT_COLOR\][\u@\h:\w]\\$\[\033[0m\] " if test "$TERM" = "xterm"; then - PS1="\033]2;\h:\u:\w\007$PS1" + PS1="\[\033]2;\h:\u:\w\007\]$PS1" fi diff --git a/modules/security/setuid-wrappers.nix b/modules/security/setuid-wrappers.nix index a7238b9add5..027032a7c27 100644 --- a/modules/security/setuid-wrappers.nix +++ b/modules/security/setuid-wrappers.nix @@ -92,7 +92,7 @@ in , group ? "nogroup" , setuid ? false , setgid ? false - , permissions ? "u+rx,g+rx,o+rx" + , permissions ? "u+rx,g+x,o+x" }: '' diff --git a/modules/services/web-servers/apache-httpd/default.nix b/modules/services/web-servers/apache-httpd/default.nix index c0505a427aa..ddb8e4f90de 100644 --- a/modules/services/web-servers/apache-httpd/default.nix +++ b/modules/services/web-servers/apache-httpd/default.nix @@ -555,7 +555,7 @@ in description = "Apache HTTPD"; - startOn = "started ${startingDependency}"; + startOn = "started ${startingDependency} and filesystem"; environment = { # !!! This should be added in test-instrumentation.nix. It diff --git a/modules/services/x11/desktop-managers/kde4.nix b/modules/services/x11/desktop-managers/kde4.nix index 2841c9426ff..0d088d8e970 100644 --- a/modules/services/x11/desktop-managers/kde4.nix +++ b/modules/services/x11/desktop-managers/kde4.nix @@ -57,6 +57,10 @@ in environment = { systemPackages = [ + # temporary workarounds + pkgs.shared_desktop_ontologies + pkgs.kde4.strigi + pkgs.kde4.kdelibs pkgs.kde4.kdebase pkgs.kde4.kdebase_runtime @@ -67,6 +71,7 @@ in pkgs.gst_all.gstreamer pkgs.gst_all.gstPluginsBase pkgs.gst_all.gstPluginsGood + pkgs.gst_all.gstFfmpeg # for mp3 playback xorg.xmessage # so that startkde can show error messages xorg.xset # used by startkde, non-essential ] ++ config.environment.kdePackages; diff --git a/modules/services/x11/window-managers/compiz.nix b/modules/services/x11/window-managers/compiz.nix index bf159582663..fd439a3cddc 100644 --- a/modules/services/x11/window-managers/compiz.nix +++ b/modules/services/x11/window-managers/compiz.nix @@ -1,64 +1,63 @@ -{pkgs, config, ...}: +{ config, pkgs, ... }: + +with pkgs.lib; let - inherit (pkgs.lib) mkOption mkIf; + cfg = config.services.xserver.windowManager.compiz; xorg = config.services.xserver.package; - gnome = pkgs.gnome; - options = { services = { xserver = { windowManager = { +in + +{ - compiz = { + options = { + + services.xserver.windowManager.compiz = { + enable = mkOption { default = false; - example = true; - description = "Enable the compiz window manager."; + description = "Enable the Compiz window manager."; }; - renderingFlag = mkOption { default = ""; example = "--indirect-rendering"; - description = " - Possibly pass --indierct-rendering to Compiz. - "; + description = "Pass the flag to Compiz."; }; + }; - }; }; }; }; -in + }; + -mkIf cfg.enable { - require = options; + config = mkIf cfg.enable { + + services.xserver.windowManager.session = singleton + { name = "compiz"; + start = + '' + # Start Compiz using the flat-file configuration backend + # (ccp). + export COMPIZ_PLUGINDIR=${config.system.path}/lib/compiz + export COMPIZ_METADATADIR=${config.system.path}/share/compiz + ${pkgs.compiz}/bin/compiz ccp ${cfg.renderingFlag} & - services = { - xserver = { - - windowManager = { - session = [{ - name = "compiz"; - start = '' - # !!! Hack: load the schemas for Compiz. - GCONF_CONFIG_SOURCE=xml::~/.gconf ${gnome.GConf}/bin/gconftool-2 \ - --makefile-install-rule ${pkgs.compiz}/etc/gconf/schemas/*.schemas # */ - - # !!! Hack: turn on most Compiz modules. - ${gnome.GConf}/bin/gconftool-2 -t list --list-type=string \ - --set /apps/compiz/general/allscreens/options/active_plugins \ - [gconf,png,decoration,wobbly,fade,minimize,move,resize,cube,switcher,rotate,place,scale,water] - - # Start Compiz and the GTK-style window decorator. - env LD_LIBRARY_PATH=${xorg.libX11}/lib:${xorg.libXext}/lib:/usr/lib/ - ${pkgs.compiz}/bin/compiz gconf ${cfg.renderingFlag} & - ${pkgs.compiz}/bin/gtk-window-decorator --sync & + # Start GTK-style window decorator. + ${pkgs.compiz}/bin/gtk-window-decorator & ''; - }]; }; - }; + environment.systemPackages = + [ pkgs.compiz + pkgs.compiz_ccsm + pkgs.compiz_plugins_main + pkgs.compiz_plugins_extra + pkgs.libcompizconfig # for the "ccp" plugin + ]; + + environment.pathsToLink = [ "/lib/compiz" "/share/compiz" ]; + }; - environment = { - x11Packages = [ pkgs.compiz ]; - }; } diff --git a/modules/system/boot/luksroot.nix b/modules/system/boot/luksroot.nix new file mode 100644 index 00000000000..a01395647a3 --- /dev/null +++ b/modules/system/boot/luksroot.nix @@ -0,0 +1,45 @@ +{pkgs, config, ...}: + +with pkgs.lib; + +let + luksRoot = config.boot.initrd.luksRoot; +in +{ + + options = { + + boot.initrd.luksRoot = mkOption { + default = ""; + example = "/dev/sda3"; + description = ''; + The device that should be decrypted using LUKS before trying to mount the + root partition. This works for both LVM-over-LUKS and LUKS-over-LVM setups. + + Make sure that initrd has the crypto modules needed for decryption. + + The decrypted device name is /dev/mapper/luksroot. + ''; + }; + + }; + + + + config = mkIf (luksRoot != "") { + + boot.initrd.extraUtilsCommands = '' + cp -r ${pkgs.cryptsetup}/lib/* $out/lib/ + cp -r ${pkgs.popt}/lib/* $out/lib + cp ${pkgs.cryptsetup}/sbin/* $out/bin + ''; + + boot.initrd.postDeviceCommands = '' + cryptsetup luksOpen ${luksRoot} luksroot + lvm vgscan + lvm vgchange -ay + ''; + + }; + +} \ No newline at end of file diff --git a/modules/virtualisation/qemu-vm.nix b/modules/virtualisation/qemu-vm.nix index 005e4ebfb54..50b07435bda 100644 --- a/modules/virtualisation/qemu-vm.nix +++ b/modules/virtualisation/qemu-vm.nix @@ -111,6 +111,17 @@ let description = "Options passed to QEMU."; }; + virtualisation.useBackdoor = + mkOption { + default = false; + description = + '' + If enabled, the virtual machine makes a connection through TCP port 23 + to a daemon running on the host system acting as a proxy. + This option makes it possible to connect to a VM through a socket file. + ''; + }; + virtualisation.useBootLoader = mkOption { default = false; @@ -145,6 +156,11 @@ let ${toString config.virtualisation.diskSize}M || exit 1 fi + ${pkgs.lib.optionalString cfg.useBackdoor '' + # Remember the current working directory + WORKDIR=$(pwd) + ''} + # Start Samba (which wants to put its socket and config files in TMPDIR). if [ -z "$TMPDIR" -o -z "$USE_TMPDIR" ]; then TMPDIR=$(mktemp -d nix-vm-smbd.XXXXXXXXXX --tmpdir) @@ -153,13 +169,24 @@ let ${pkgs.vmTools.startSamba} + ${pkgs.lib.optionalString cfg.useBackdoor '' + # Create a shell socket file to which the VM can connect and create in the + # current working directory a socket file which can be used to remotely access + # the VM through the shell interface + + ${pkgs.socat}/bin/socat UNIX-LISTEN:./shell UNIX-LISTEN:$WORKDIR/${vmName}.socket,fork & + + while [ ! -e ./shell ]; do sleep 0.1; done # Wait until the socket file is there + ''} + # Start QEMU. exec ${pkgs.qemu_kvm}/bin/qemu-system-x86_64 \ -name ${vmName} \ -m ${toString config.virtualisation.memorySize} \ -net nic,vlan=0,model=virtio \ -chardev socket,id=samba,path=./samba \ - -net user,vlan=0,guestfwd=tcp:10.0.2.4:139-chardev:samba''${QEMU_NET_OPTS:+,$QEMU_NET_OPTS} \ + -net user,vlan=0,guestfwd=tcp:10.0.2.4:139-chardev:samba${if cfg.useBackdoor then ",guestfwd=tcp:10.0.2.6:23-chardev:shell" else ""}''${QEMU_NET_OPTS:+,$QEMU_NET_OPTS} \ + ${if cfg.useBackdoor then "-chardev socket,id=shell,path=./shell" else ""} \ ${if cfg.useBootLoader then '' -drive index=0,file=$NIX_DISK_IMAGE,if=virtio,cache=writeback,werror=report \ -drive index=1,file=${bootDisk}/disk.img,if=virtio,boot=on \