From 124096e4183780d78108e23c69b501345f4032ed Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Fri, 6 Nov 2009 09:22:00 +0000 Subject: [PATCH 01/10] * Remember the original symbolic driver name. svn path=/nixos/trunk/; revision=18185 --- modules/services/x11/xserver.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/modules/services/x11/xserver.nix b/modules/services/x11/xserver.nix index 2d432e831f7..d58e75bbad9 100644 --- a/modules/services/x11/xserver.nix +++ b/modules/services/x11/xserver.nix @@ -19,12 +19,12 @@ let intel = { modules = [ xorg.xf86videointel ]; }; nv = { modules = [ xorg.xf86videonv ]; }; nvidia = { modules = [ kernelPackages.nvidia_x11 ]; }; - nvidiaLegacy = { modules = [ kernelPackages.nvidia_x11_legacy ]; name = "nvidia"; }; + nvidiaLegacy = { modules = [ kernelPackages.nvidia_x11_legacy ]; driverName = "nvidia"; }; openchrome = { modules = [ xorg.xf86videoopenchrome ]; }; sis = { modules = [ xorg.xf86videosis ]; }; unichrome = { modules = [ pkgs.xorgVideoUnichrome ]; }; vesa = { modules = [ xorg.xf86videovesa ]; }; - virtualbox = { modules = [ kernelPackages.virtualboxGuestAdditions ]; name = "vboxvideo"; }; + virtualbox = { modules = [ kernelPackages.virtualboxGuestAdditions ]; driverName = "vboxvideo"; }; vmware = { modules = [ xorg.xf86videovmware ]; }; }; @@ -32,7 +32,7 @@ let optional (cfg.videoDriver != null) cfg.videoDriver ++ cfg.videoDrivers; drivers = flip map driverNames - (name: { inherit name; } // + (name: { inherit name; driverName = name; } // attrByPath [name] (throw "unknown video driver `${name}'") knownVideoDrivers); @@ -453,7 +453,7 @@ in Section "Device" Identifier "Device-${driver.name}[0]" - Driver "${driver.name}" + Driver "${driver.driverName}" ${optionalString (driver.name == "nvidiaLegacy") '' # This option allows suspending with a nvidiaLegacy card Option "NvAGP" "1" From ae23b68ee8bed66d29d0ed573e91d9afaaae1a7e Mon Sep 17 00:00:00 2001 From: Marco Maggesi Date: Fri, 6 Nov 2009 12:58:44 +0000 Subject: [PATCH 02/10] Add configurations for MIT kerberos. svn path=/nixos/trunk/; revision=18203 --- modules/config/krb5.nix | 185 ++++++++++++++++++++++++++++++++++++++++ modules/module-list.nix | 1 + 2 files changed, 186 insertions(+) create mode 100644 modules/config/krb5.nix diff --git a/modules/config/krb5.nix b/modules/config/krb5.nix new file mode 100644 index 00000000000..960ef850084 --- /dev/null +++ b/modules/config/krb5.nix @@ -0,0 +1,185 @@ +{pkgs, config, ...}: + +###### interface +let + inherit (pkgs.lib) mkOption mkIf; + + cfg = config.krb5; + + #myPkgs = import /home/nixer/nix/my-expr.nix { system = "x86_64-linux"; }; + + options = { + krb5 = { + + enable = mkOption { + default = false; + description = "Whether to enable Kerberos V."; + }; + + defaultRealm = mkOption { + default = "ATENA.MIT.EDU"; + description = "Default realm."; + }; + + kdc = mkOption { + default = "kerberos.mit.edu"; + description = "Kerberos Domain Controller"; + }; + + kerberosAdminServer = mkOption { + default = "kerberos.mit.edu"; + description = "Kerberos Admin Server"; + }; + + }; + }; +in + +###### implementation + +mkIf config.krb5.enable { + require = [ + options + ]; + + environment = { + systemPackages = [ pkgs.krb5 ]; + etc = [ + { source = pkgs.writeText "krb5.conf" + '' +[libdefaults] + default_realm = ${cfg.defaultRealm} + +# The following krb5.conf variables are only for MIT Kerberos. + krb4_config = /etc/krb.conf + krb4_realms = /etc/krb.realms + kdc_timesync = 1 + ccache_type = 4 + forwardable = true + proxiable = true + +# The following encryption type specification will be used by MIT Kerberos +# if uncommented. In general, the defaults in the MIT Kerberos code are +# correct and overriding these specifications only serves to disable new +# encryption types as they are added, creating interoperability problems. + +# default_tgs_enctypes = aes256-cts arcfour-hmac-md5 des3-hmac-sha1 des-cbc-crc des-cbc-md5 +# default_tkt_enctypes = aes256-cts arcfour-hmac-md5 des3-hmac-sha1 des-cbc-crc des-cbc-md5 +# permitted_enctypes = aes256-cts arcfour-hmac-md5 des3-hmac-sha1 des-cbc-crc des-cbc-md5 + +# The following libdefaults parameters are only for Heimdal Kerberos. + v4_instance_resolve = false + v4_name_convert = { + host = { + rcmd = host + ftp = ftp + } + plain = { + something = something-else + } + } + fcc-mit-ticketflags = true + +[realms] + ${cfg.defaultRealm} = { + kdc = ${cfg.kdc} + admin_server = ${cfg.kerberosAdminServer} + } + ATHENA.MIT.EDU = { + kdc = kerberos.mit.edu:88 + kdc = kerberos-1.mit.edu:88 + kdc = kerberos-2.mit.edu:88 + admin_server = kerberos.mit.edu + default_domain = mit.edu + } + MEDIA-LAB.MIT.EDU = { + kdc = kerberos.media.mit.edu + admin_server = kerberos.media.mit.edu + } + ZONE.MIT.EDU = { + kdc = casio.mit.edu + kdc = seiko.mit.edu + admin_server = casio.mit.edu + } + MOOF.MIT.EDU = { + kdc = three-headed-dogcow.mit.edu:88 + kdc = three-headed-dogcow-1.mit.edu:88 + admin_server = three-headed-dogcow.mit.edu + } + CSAIL.MIT.EDU = { + kdc = kerberos-1.csail.mit.edu + kdc = kerberos-2.csail.mit.edu + admin_server = kerberos.csail.mit.edu + default_domain = csail.mit.edu + krb524_server = krb524.csail.mit.edu + } + IHTFP.ORG = { + kdc = kerberos.ihtfp.org + admin_server = kerberos.ihtfp.org + } + GNU.ORG = { + kdc = kerberos.gnu.org + kdc = kerberos-2.gnu.org + kdc = kerberos-3.gnu.org + admin_server = kerberos.gnu.org + } + 1TS.ORG = { + kdc = kerberos.1ts.org + admin_server = kerberos.1ts.org + } + GRATUITOUS.ORG = { + kdc = kerberos.gratuitous.org + admin_server = kerberos.gratuitous.org + } + DOOMCOM.ORG = { + kdc = kerberos.doomcom.org + admin_server = kerberos.doomcom.org + } + ANDREW.CMU.EDU = { + kdc = vice28.fs.andrew.cmu.edu + kdc = vice2.fs.andrew.cmu.edu + kdc = vice11.fs.andrew.cmu.edu + kdc = vice12.fs.andrew.cmu.edu + admin_server = vice28.fs.andrew.cmu.edu + default_domain = andrew.cmu.edu + } + CS.CMU.EDU = { + kdc = kerberos.cs.cmu.edu + kdc = kerberos-2.srv.cs.cmu.edu + admin_server = kerberos.cs.cmu.edu + } + DEMENTIA.ORG = { + kdc = kerberos.dementia.org + kdc = kerberos2.dementia.org + admin_server = kerberos.dementia.org + } + stanford.edu = { + kdc = krb5auth1.stanford.edu + kdc = krb5auth2.stanford.edu + kdc = krb5auth3.stanford.edu + admin_server = krb5-admin.stanford.edu + default_domain = stanford.edu + } + +[domain_realm] + .mit.edu = ATHENA.MIT.EDU + mit.edu = ATHENA.MIT.EDU + .media.mit.edu = MEDIA-LAB.MIT.EDU + media.mit.edu = MEDIA-LAB.MIT.EDU + .csail.mit.edu = CSAIL.MIT.EDU + csail.mit.edu = CSAIL.MIT.EDU + .whoi.edu = ATHENA.MIT.EDU + whoi.edu = ATHENA.MIT.EDU + .stanford.edu = stanford.edu + +[login] + krb4_convert = true + krb4_get_tickets = false + + ''; + target = "krb5.conf"; + } + ]; + }; + +} diff --git a/modules/module-list.nix b/modules/module-list.nix index 4addbda5760..dc20fa605c4 100644 --- a/modules/module-list.nix +++ b/modules/module-list.nix @@ -1,5 +1,6 @@ [ ./config/fonts.nix ./config/i18n.nix + ./config/krb5.nix ./config/ldap.nix ./config/networking.nix ./config/no-x-libs.nix From e07f1e98db5e4faa20c660b56004271fce702bc1 Mon Sep 17 00:00:00 2001 From: Nicolas Pierron Date: Fri, 6 Nov 2009 16:23:25 +0000 Subject: [PATCH 03/10] * Revert 18115, 18150, 18135, 18112, 18107-18105. Revert modifications done on apache-httpd configurations. svn path=/nixos/trunk/; revision=18215 --- modules/module-list.nix | 2 - .../web-servers/apache-httpd/default.nix | 158 ++++++++- .../apache-httpd/per-server-options.nix | 300 ++++++++---------- .../web-servers/apache-httpd/services.nix | 129 -------- tests/subversion.nix | 8 +- 5 files changed, 276 insertions(+), 321 deletions(-) delete mode 100644 modules/services/web-servers/apache-httpd/services.nix diff --git a/modules/module-list.nix b/modules/module-list.nix index dc20fa605c4..861039d7391 100644 --- a/modules/module-list.nix +++ b/modules/module-list.nix @@ -94,8 +94,6 @@ ./services/ttys/gpm.nix ./services/ttys/mingetty.nix ./services/web-servers/apache-httpd/default.nix - ./services/web-servers/apache-httpd/per-server-options.nix - ./services/web-servers/apache-httpd/services.nix ./services/web-servers/jboss.nix ./services/web-servers/tomcat.nix ./services/x11/desktop-managers/default.nix diff --git a/modules/services/web-servers/apache-httpd/default.nix b/modules/services/web-servers/apache-httpd/default.nix index 7e3067510d3..55902f9e5e0 100644 --- a/modules/services/web-servers/apache-httpd/default.nix +++ b/modules/services/web-servers/apache-httpd/default.nix @@ -10,7 +10,7 @@ let httpd = pkgs.apacheHttpd; - getPort = cfg: cfg.port; + getPort = cfg: if cfg.port != 0 then cfg.port else if cfg.enableSSL then 443 else 80; extraModules = attrByPath ["extraModules"] [] mainCfg; extraForeignModules = filter builtins.isAttrs extraModules; @@ -33,22 +33,45 @@ let fullConfig = config; # machine config }; - vhosts = mainCfg.virtualHosts; + + vhostOptions = import ./per-server-options.nix { + inherit mkOption; + forMainServer = false; + }; + + vhosts = let + makeVirtualHost = cfgIn: + let + # Fill in defaults for missing options. + cfg = addDefaultOptionValues vhostOptions cfgIn; + in cfg; + in map makeVirtualHost mainCfg.virtualHosts; + allHosts = [mainCfg] ++ vhosts; - # !!! This should be replaced by sub-modules to allow non-intrusive - # extensions of NixOS. + callSubservices = serverInfo: defs: let f = svc: - rec { - config = - if res ? options then - addDefaultOptionValues res.options svc.configuration - else - svc.configuration; - res = svc // svc.function {inherit config pkgs serverInfo servicesPath;}; - }.res; + let + svcFunction = + if svc ? function then svc.function + else import "${./.}/${if svc ? serviceType then svc.serviceType else svc.serviceName}.nix"; + config = addDefaultOptionValues res.options + (if svc ? config then svc.config else svc); + defaults = { + extraConfig = ""; + extraModules = []; + extraModulesPre = []; + extraPath = []; + extraServerPath = []; + globalEnvVars = []; + robotsEntries = ""; + startupScript = ""; + options = {}; + }; + res = defaults // svcFunction {inherit config pkgs serverInfo servicesPath;}; + in res; in map f defs; @@ -354,6 +377,13 @@ in "; }; + extraConfig = mkOption { + default = ""; + description = " + These configuration lines will be passed verbatim to the apache config + "; + }; + extraModules = mkOption { default = []; example = [ "proxy_connect" { name = "php5"; path = "${pkgs.php}/modules/libphp5.so"; } ]; @@ -416,7 +446,109 @@ in "; }; - }; + virtualHosts = mkOption { + default = []; + example = [ + { hostName = "foo"; + documentRoot = "/data/webroot-foo"; + } + { hostName = "bar"; + documentRoot = "/data/webroot-bar"; + } + ]; + description = '' + Specification of the virtual hosts served by Apache. Each + element should be an attribute set specifying the + configuration of the virtual host. The available options + are the non-global options permissible for the main host. + ''; + }; + + + subservices = { + + # !!! remove this + subversion = { + + enable = mkOption { + default = false; + description = " + Whether to enable the Subversion subservice in the webserver. + "; + }; + + notificationSender = mkOption { + default = "svn-server@example.org"; + example = "svn-server@example.org"; + description = " + The email address used in the Sender field of commit + notification messages sent by the Subversion subservice. + "; + }; + + userCreationDomain = mkOption { + default = "example.org"; + example = "example.org"; + description = " + The domain from which user creation is allowed. A client can + only create a new user account if its IP address resolves to + this domain. + "; + }; + + autoVersioning = mkOption { + default = false; + description = " + Whether you want the Subversion subservice to support + auto-versioning, which enables Subversion repositories to be + mounted as read/writable file systems on operating systems that + support WebDAV. + "; + }; + + dataDir = mkOption { + default = "/no/such/path/exists"; + description = " + Place to put SVN repository. + "; + }; + + organization = { + + name = mkOption { + default = null; + description = " + Name of the organization hosting the Subversion service. + "; + }; + + url = mkOption { + default = null; + description = " + URL of the website of the organization hosting the Subversion service. + "; + }; + + logo = mkOption { + default = null; + description = " + Logo the organization hosting the Subversion service. + "; + }; + + }; + + }; + + }; + + } + + # Include the options shared between the main server and virtual hosts. + // (import ./per-server-options.nix { + inherit mkOption; + forMainServer = true; + }); }; diff --git a/modules/services/web-servers/apache-httpd/per-server-options.nix b/modules/services/web-servers/apache-httpd/per-server-options.nix index 6e98b8685fa..8a2ee0e849a 100644 --- a/modules/services/web-servers/apache-httpd/per-server-options.nix +++ b/modules/services/web-servers/apache-httpd/per-server-options.nix @@ -3,180 +3,136 @@ # has additional options that affect the web server as a whole, like # the user/group to run under.) -{options, config, pkgs, ...}: - -let - inherit (pkgs.lib) mkOption addDefaultOptionValues types; - - mainServerArgs = { - config = config.services.httpd; - options = options.services.httpd; - }; - - - perServerOptions = {forMainServer}: {config, ...}: { - - hostName = mkOption { - default = "localhost"; - description = " - Canonical hostname for the server. - "; - }; - - serverAliases = mkOption { - default = []; - example = ["www.example.org" "www.example.org:8080" "example.org"]; - description = " - Additional names of virtual hosts served by this virtual host configuration. - "; - }; - - port = mkOption { - default = if config.enableSSL then 443 else 80; - type = with types; uniq int; - description = " - Port for the server. The default port depends on the - option of this server. (80 for http and - 443 for https). - "; - }; - - enableSSL = mkOption { - default = false; - description = " - Whether to enable SSL (https) support. - "; - }; - - # Note: sslServerCert and sslServerKey can be left empty, but this - # only makes sense for virtual hosts (they will inherit from the - # main server). - - sslServerCert = mkOption { - default = ""; - example = "/var/host.cert"; - description = " - Path to server SSL certificate. - "; - }; - - sslServerKey = mkOption { - default = ""; - example = "/var/host.key"; - description = " - Path to server SSL certificate key. - "; - }; - - adminAddr = mkOption ({ - example = "admin@example.org"; - description = " - E-mail address of the server administrator. - "; - } // (if forMainServer then {} else {default = "";})); - - documentRoot = mkOption { - default = null; - example = "/data/webserver/docs"; - description = " - The path of Apache's document root directory. If left undefined, - an empty directory in the Nix store will be used as root. - "; - }; - - servedDirs = mkOption { - default = []; - example = [ - { urlPath = "/nix"; - dir = "/home/eelco/Dev/nix-homepage"; - } - ]; - description = " - This option provides a simple way to serve static directories. - "; - }; - - servedFiles = mkOption { - default = []; - example = [ - { urlPath = "/foo/bar.png"; - dir = "/home/eelco/some-file.png"; - } - ]; - description = " - This option provides a simple way to serve individual, static files. - "; - }; - - extraConfig = mkOption { - default = ""; - example = '' - - Options FollowSymlinks - AllowOverride All - - ''; - description = " - These lines go to httpd.conf verbatim. They will go after - directories and directory aliases defined by default. - "; - }; - - enableUserDir = mkOption { - default = false; - description = " - Whether to enable serving ~/public_html as - /~username. - "; - }; - - globalRedirect = mkOption { - default = ""; - example = http://newserver.example.org/; - description = " - If set, all requests for this host are redirected permanently to - the given URL. - "; - }; - - }; - - - vhostOptions = perServerOptions { - forMainServer = false; - }; - -in +{forMainServer, mkOption}: { - options = { - services.httpd = { - virtualHosts = mkOption { - default = []; - example = [ - { hostName = "foo"; - documentRoot = "/data/webroot-foo"; - } - { hostName = "bar"; - documentRoot = "/data/webroot-bar"; - } - ]; - type = with types; listOf optionSet; - description = '' - Specification of the virtual hosts served by Apache. Each - element should be an attribute set specifying the - configuration of the virtual host. The available options - are the non-global options permissible for the main host. - ''; - - options = [ - vhostOptions - ]; - }; - - } - // perServerOptions {forMainServer = true;} mainServerArgs - ; + hostName = mkOption { + default = "localhost"; + description = " + Canonical hostname for the server. + "; }; + + serverAliases = mkOption { + default = []; + example = ["www.example.org" "www.example.org:8080" "example.org"]; + description = " + Additional names of virtual hosts served by this virtual host configuration. + "; + }; + + port = mkOption { + default = 0; + description = " + Port for the server. 0 means use the default port: 80 for http + and 443 for https (i.e. when enableSSL is set). + "; + }; + + enableSSL = mkOption { + default = false; + description = " + Whether to enable SSL (https) support. + "; + }; + + # Note: sslServerCert and sslServerKey can be left empty, but this + # only makes sense for virtual hosts (they will inherit from the + # main server). + + sslServerCert = mkOption { + default = ""; + example = "/var/host.cert"; + description = " + Path to server SSL certificate. + "; + }; + + sslServerKey = mkOption { + default = ""; + example = "/var/host.key"; + description = " + Path to server SSL certificate key. + "; + }; + + adminAddr = mkOption ({ + example = "admin@example.org"; + description = " + E-mail address of the server administrator. + "; + } // (if forMainServer then {} else {default = "";})); + + documentRoot = mkOption { + default = null; + example = "/data/webserver/docs"; + description = " + The path of Apache's document root directory. If left undefined, + an empty directory in the Nix store will be used as root. + "; + }; + + servedDirs = mkOption { + default = []; + example = [ + { urlPath = "/nix"; + dir = "/home/eelco/Dev/nix-homepage"; + } + ]; + description = " + This option provides a simple way to serve static directories. + "; + }; + + servedFiles = mkOption { + default = []; + example = [ + { urlPath = "/foo/bar.png"; + dir = "/home/eelco/some-file.png"; + } + ]; + description = " + This option provides a simple way to serve individual, static files. + "; + }; + + extraConfig = mkOption { + default = ""; + example = '' + + Options FollowSymlinks + AllowOverride All + + ''; + description = " + These lines go to httpd.conf verbatim. They will go after + directories and directory aliases defined by default. + "; + }; + + extraSubservices = mkOption { + default = []; + description = " + Extra subservices to enable in the webserver. + "; + }; + + enableUserDir = mkOption { + default = false; + description = " + Whether to enable serving ~/public_html as + /~username. + "; + }; + + globalRedirect = mkOption { + default = ""; + example = http://newserver.example.org/; + description = " + If set, all requests for this host are redirected permanently to + the given URL. + "; + }; + } diff --git a/modules/services/web-servers/apache-httpd/services.nix b/modules/services/web-servers/apache-httpd/services.nix deleted file mode 100644 index a8b69be636e..00000000000 --- a/modules/services/web-servers/apache-httpd/services.nix +++ /dev/null @@ -1,129 +0,0 @@ -{options, config, pkgs, ...}: - -let - inherit (pkgs.lib) mkOption addDefaultOptionValues types; - - mainServerArgs = { - config = config.services.httpd; - options = options.services.httpd; - }; - - subServiceOptions = {options, config, ...}: { - options = { - - extraConfig = mkOption { - default = ""; - description = "Not documented yet."; - }; - - extraModules = mkOption { - default = []; - description = "Not documented yet."; - }; - - extraModulesPre = mkOption { - default = []; - description = "Not documented yet."; - }; - - extraPath = mkOption { - default = []; - description = "Not documented yet."; - }; - - extraServerPath = mkOption { - default = []; - description = "Not documented yet."; - }; - - globalEnvVars = mkOption { - default = []; - description = "Not documented yet."; - }; - - robotsEntries = mkOption { - default = ""; - description = "Not documented yet."; - }; - - startupScript = mkOption { - default = ""; - description = "Not documented yet."; - }; - - - serviceType = mkOption { - description = "Obsolete name of ."; - # serviceType is the old name of serviceName. - apply = x: config.serviceName; - }; - - serviceName = mkOption { - example = "trac"; - description = " - (Deprecated) - - Identify a service by the name of the file containing it. The - service expression is contained inside - ./modules/services/web-servers/apache-httpd - directory. - - Due to lack of documentation, this option will be replaced by - enable flags. - "; - - # serviceName is the new name of serviceType. - extraConfigs = map (def: def.value) options.serviceType.definitions; - }; - - function = mkOption { - default = null; - description = " - (Deprecated) Add a function which configure the current sub-service. - "; - apply = f: - if isNull f then - import "${./.}/${config.serviceName}.nix" - else - f; - }; - - configuration = mkOption { - default = {}; - description = " - (Deprecated) Define option values of the current sub-service. - "; - }; - - }; - }; - - - perServerOptions = {config, ...}: { - - extraSubservices = mkOption { - default = []; - type = with types; listOf optionSet; - description = " - Extra subservices to enable in the webserver. - "; - options = [ subServiceOptions ]; - }; - - }; - -in - -{ - options = { - services.httpd = { - - virtualHosts = mkOption { - options = [ perServerOptions ]; - }; - - } - // perServerOptions mainServerArgs - ; - }; -} diff --git a/tests/subversion.nix b/tests/subversion.nix index 5fed5ba77c4..82ada4576eb 100644 --- a/tests/subversion.nix +++ b/tests/subversion.nix @@ -56,11 +56,9 @@ rec { services.httpd.adminAddr = "e.dolstra@tudelft.nl"; services.httpd.extraSubservices = [ { serviceType = "subversion"; - configuration = { - urlPrefix = ""; - dataDir = "/data/subversion"; - userCreationDomain = "192.168.0.0/16"; - }; + urlPrefix = ""; + dataDir = "/data/subversion"; + userCreationDomain = "192.168.0.0/16"; } ]; nixpkgs.config.packageOverrides = overrides; From c0f732f079a5fd98bae3a5b799683e10512bae66 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Fri, 6 Nov 2009 16:30:48 +0000 Subject: [PATCH 04/10] * Work around a lack of laziness in the xserver.nix module. svn path=/nixos/trunk/; revision=18216 --- modules/services/x11/xserver.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/services/x11/xserver.nix b/modules/services/x11/xserver.nix index d58e75bbad9..25b5c4a615f 100644 --- a/modules/services/x11/xserver.nix +++ b/modules/services/x11/xserver.nix @@ -179,6 +179,7 @@ in }; videoDrivers = mkOption { + default = []; example = [ "vesa" ]; description = '' The names of the video drivers that the X server should From b0ba17873cec97c0350c8a8448e2f78ff332ff19 Mon Sep 17 00:00:00 2001 From: Wouter den Breejen Date: Sat, 7 Nov 2009 21:03:57 +0000 Subject: [PATCH 05/10] Fixed hash replace with a variable to the real hash svn path=/nixos/trunk/; revision=18268 --- modules/services/network-filesystems/samba.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/services/network-filesystems/samba.nix b/modules/services/network-filesystems/samba.nix index 98d58e9f7f4..9b7937ac4a1 100644 --- a/modules/services/network-filesystems/samba.nix +++ b/modules/services/network-filesystems/samba.nix @@ -28,7 +28,7 @@ let mkdir -p /var/samba/locks /var/samba/cores/nmbd /var/samba/cores/smbd /var/samba/cores/winbindd fi - passwdFile="$(sed -n 's/^.*smb[ ]\+passwd[ ]\+file[ ]\+=[ ]\+\(.*\)/\1/p' /nix/store/nnmrqalldfv2vkwy6qpg340rv7w34lmp-smb.conf)" + passwdFile="$(sed -n 's/^.*smb[ ]\+passwd[ ]\+file[ ]\+=[ ]\+\(.*\)/\1/p' ${configFile})" if [ -n "$passwdFile" ]; then echo 'INFO: creating directory containing passwd file' mkdir -p "$(dirname "$passwdFile")" From 16c2aa734f8c7b7f7026a8a953f1595741a99a84 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Sun, 8 Nov 2009 09:01:53 +0000 Subject: [PATCH 06/10] * Generate /etc/modprobe.conf to allow the setting of module options and the blacklisting of modules. svn path=/nixos/trunk/; revision=18284 --- modules/module-list.nix | 1 + modules/system/boot/kernel.nix | 26 ++--------- modules/system/boot/modprobe.nix | 80 ++++++++++++++++++++++++++++++++ 3 files changed, 85 insertions(+), 22 deletions(-) create mode 100644 modules/system/boot/modprobe.nix diff --git a/modules/module-list.nix b/modules/module-list.nix index 861039d7391..cb1a19b4dfc 100644 --- a/modules/module-list.nix +++ b/modules/module-list.nix @@ -121,6 +121,7 @@ ./system/activation/activation-script.nix ./system/activation/top-level.nix ./system/boot/kernel.nix + ./system/boot/modprobe.nix ./system/boot/stage-1.nix ./system/boot/stage-2.nix ./system/etc/etc.nix diff --git a/modules/system/boot/kernel.nix b/modules/system/boot/kernel.nix index ea6f2812485..d7facd76519 100644 --- a/modules/system/boot/kernel.nix +++ b/modules/system/boot/kernel.nix @@ -1,8 +1,9 @@ -{pkgs, config, ...}: +{ config, pkgs, ... }: + +with pkgs.lib; ###### interface let - inherit (pkgs.lib) mkOption; options = { boot = { @@ -148,31 +149,12 @@ let built outside of the kernel. Combine these into a single tree of symlinks because modprobe only supports one directory. "; - merge = pkgs.lib.mergeListOption; + merge = mergeListOption; # Convert the list of path to only one path. apply = pkgs.aggregateModules; }; - system.sbin.modprobe = mkOption { - # should be moved in module-init-tools - internal = true; - default = pkgs.writeTextFile { - name = "modprobe"; - destination = "/sbin/modprobe"; - executable = true; - text = - '' - #! ${pkgs.stdenv.shell} - export MODULE_DIR=${config.system.modulesTree}/lib/modules - exec ${pkgs.module_init_tools}/sbin/modprobe "$@" - ''; - }; - description = '' - Wrapper around modprobe that sets the path to the modules - tree. - ''; - }; }; in diff --git a/modules/system/boot/modprobe.nix b/modules/system/boot/modprobe.nix new file mode 100644 index 00000000000..919a08f22ba --- /dev/null +++ b/modules/system/boot/modprobe.nix @@ -0,0 +1,80 @@ +{ config, pkgs, ... }: + +with pkgs.lib; + +# blacklist "cirrusfb" "i2c_piix4" + +{ + + ###### interface + + options = { + + system.sbin.modprobe = mkOption { + # should be moved in module-init-tools + internal = true; + default = pkgs.writeTextFile { + name = "modprobe"; + destination = "/sbin/modprobe"; + executable = true; + text = + '' + #! ${pkgs.stdenv.shell} + export MODULE_DIR=${config.system.modulesTree}/lib/modules + exec ${pkgs.module_init_tools}/sbin/modprobe "$@" + ''; + }; + description = '' + Wrapper around modprobe that sets the path to the modules + tree. + ''; + }; + + boot.blacklistedKernelModules = mkOption { + default = []; + example = [ "cirrusfb" "i2c_piix4" ]; + description = '' + List of names of kernel modules that should not be loaded + automatically by the hardware probing code. + ''; + }; + + boot.extraModprobeConfig = mkOption { + default = ""; + example = + '' + options parport_pc io=0x378 irq=7 dma=1 + ''; + description = '' + Any additional configuration to be appended to the generated + modprobe.conf. This is typically used to + specify module options. See + modprobe.conf + 5 for details. + ''; + }; + + }; + + + ###### implementation + + config = { + + environment.etc = singleton + { source = pkgs.writeText "modprobe.conf" + '' + ${flip concatMapStrings config.boot.blacklistedKernelModules (name: '' + blacklist ${name} + '')} + ${config.boot.extraModprobeConfig} + ''; + target = "modprobe.conf"; + }; + + }; + +} + + + \ No newline at end of file From 37470cccc5d6acc66b14f359d76e0b1c5ed38f93 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Sun, 8 Nov 2009 09:08:50 +0000 Subject: [PATCH 07/10] * Blacklist the "evbug" module. svn path=/nixos/trunk/; revision=18285 --- modules/system/boot/modprobe.nix | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/modules/system/boot/modprobe.nix b/modules/system/boot/modprobe.nix index 919a08f22ba..520a7b19767 100644 --- a/modules/system/boot/modprobe.nix +++ b/modules/system/boot/modprobe.nix @@ -72,9 +72,16 @@ with pkgs.lib; target = "modprobe.conf"; }; + boot.blacklistedKernelModules = + [ # This module is for debugging and generates gigantic amounts + # of log output, so it should never be loaded automatically. + "evbug" + + # !!! Hm, Ubuntu blacklists all framebuffer devices because + # they're "buggy" and cause suspend problems. Maybe we should + # too? + ]; + }; } - - - \ No newline at end of file From 616c844336cfc0a3ab958bbbb4fcab45142f5852 Mon Sep 17 00:00:00 2001 From: Nicolas Pierron Date: Sun, 8 Nov 2009 16:01:22 +0000 Subject: [PATCH 08/10] * Move the default value of videoDrivers into the default field of the option. Otherwise, the system may depends on unused/unsupported softwares and users will be force to use properties in their configuration.nix file to override this default value. (too complex for new users) svn path=/nixos/trunk/; revision=18288 --- modules/services/x11/xserver.nix | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/modules/services/x11/xserver.nix b/modules/services/x11/xserver.nix index 25b5c4a615f..92324de042f 100644 --- a/modules/services/x11/xserver.nix +++ b/modules/services/x11/xserver.nix @@ -179,7 +179,9 @@ in }; videoDrivers = mkOption { - default = []; + # !!! We'd like "nv" here, but it segfaults the X server. Idem for + # "vmware". + default = [ "ati" "cirrus" "intel" "vesa" ]; example = [ "vesa" ]; description = '' The names of the video drivers that the X server should @@ -496,10 +498,6 @@ in '')} ''; - # The default set of supported video drivers. !!! We'd like "nv" - # here, but it segfaults the X server. Idem for "vmware". - services.xserver.videoDrivers = [ "ati" "cirrus" "intel" "vesa" ]; - }; } From 420639a4b17d58c358fdad7272f0acfdd4c1e9d7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Llu=C3=ADs=20Batlle=20i=20Rossell?= Date: Sun, 8 Nov 2009 17:38:35 +0000 Subject: [PATCH 09/10] Making generations-dir consider the pkgs.platform. stdenv-updates stuff. Still to be reviewed, but at least an implementation to have some different armv5tel-linux platforms: qemu versatile and the sheevaplug. svn path=/nixos/trunk/; revision=18290 --- .../generations-dir-builder.sh | 21 +++++++++++++++---- .../generations-dir/generations-dir.nix | 8 ++++++- 2 files changed, 24 insertions(+), 5 deletions(-) diff --git a/modules/installer/generations-dir/generations-dir-builder.sh b/modules/installer/generations-dir/generations-dir-builder.sh index 80f2b638e51..2dbe1356753 100644 --- a/modules/installer/generations-dir/generations-dir-builder.sh +++ b/modules/installer/generations-dir/generations-dir-builder.sh @@ -68,18 +68,31 @@ addEntry() { mkdir -p $outdir ln -sf $(readlink -f $path) $outdir/system ln -sf $(readlink -f $path/init) $outdir/init - ln -sf $(readlink -f $path/initrd) $outdir/initrd - ln -sf $(readlink -f $path/kernel) $outdir/kernel + ln -sf $initrd $outdir/initrd + ln -sf $kernel $outdir/kernel if test $(readlink -f "$path") = "$default"; then cp "$kernel" /boot/nixos-kernel cp "$initrd" /boot/nixos-initrd cp "$(readlink -f "$path/init")" /boot/nixos-init + mkdir -p /boot/default + if [ -e /boot/default/system ]; + rm /boot/default/system + fi ln -sf $(readlink -f $path) /boot/default/system + if [ -e /boot/default/init ]; + rm /boot/default/init + fi ln -sf $(readlink -f $path/init) /boot/default/init - ln -sf $(readlink -f $path/initrd) /boot/default/initrd - ln -sf $(readlink -f $path/kernel) /boot/default/kernel + if [ -e /boot/default/initrd ]; + rm /boot/default/initrd + fi + ln -sf $initrd /boot/default/initrd + if [ -e /boot/default/kernel ]; + rm /boot/default/kernel + fi + ln -sf $kernel /boot/default/kernel fi } diff --git a/modules/installer/generations-dir/generations-dir.nix b/modules/installer/generations-dir/generations-dir.nix index 7ee7a1828da..4b999a8d5a4 100644 --- a/modules/installer/generations-dir/generations-dir.nix +++ b/modules/installer/generations-dir/generations-dir.nix @@ -41,6 +41,9 @@ let inherit (config.boot.loader.generationsDir) copyKernels; }; + # Temporary check, for nixos to cope both with nixpkgs stdenv-updates and trunk + platform = (if pkgs ? platform then pkgs.platform else + { name = "pc"; uboot = null; }); in { require = [ @@ -55,6 +58,9 @@ in menuBuilder = generationsDirBuilder; }; boot.loader.id = "generationsDir"; - boot.loader.kernelFile = "uImage"; + boot.loader.kernelFile = ( + if (platform.name == "sheevaplug") then "uImage" + else if (platform.name == "versatileARM") then "zImage" + else "vmlinuz"); }; } From de1713a24f2f4ed8772d00fe61102e4e24a4a630 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Llu=C3=ADs=20Batlle=20i=20Rossell?= Date: Sun, 8 Nov 2009 18:32:21 +0000 Subject: [PATCH 10/10] Failing when the top level system expression cannot find the kernel image svn path=/nixos/trunk/; revision=18291 --- modules/system/activation/top-level.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/system/activation/top-level.nix b/modules/system/activation/top-level.nix index 1e3f22c37ad..bb1cacfa78a 100644 --- a/modules/system/activation/top-level.nix +++ b/modules/system/activation/top-level.nix @@ -65,6 +65,7 @@ let if [ ! -f ${kernelPath} ]; then echo "The bootloader cannot find the proper kernel image." echo "(Expecting ${kernelPath})" + false fi ln -s ${kernelPath} $out/kernel if [ -n "$grub" ]; then