From 1b47614c4628471fbee4a12c0266a324d1792f5d Mon Sep 17 00:00:00 2001 From: Mathijs Kwik Date: Sat, 29 Sep 2012 08:05:21 +0200 Subject: [PATCH 1/7] invalidate-nscd: use script instead of exec for multiple commands otherwise, only the first one line executes --- modules/services/system/nscd.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/services/system/nscd.nix b/modules/services/system/nscd.nix index ca5ac428a9d..457be266424 100644 --- a/modules/services/system/nscd.nix +++ b/modules/services/system/nscd.nix @@ -65,7 +65,7 @@ in startOn = "ip-up or config-changed"; task = true; path = [ pkgs.glibc ]; - exec = '' + script = '' nscd --invalidate=passwd nscd --invalidate=group nscd --invalidate=hosts From 4b78161e3e68468e858c2618917426a623ef5936 Mon Sep 17 00:00:00 2001 From: Peter Simons Date: Sun, 30 Sep 2012 00:53:50 +0200 Subject: [PATCH 2/7] dovecot: add options to selectively enable/disable the IMAP and/or POP3 listener --- modules/services/mail/dovecot.nix | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/modules/services/mail/dovecot.nix b/modules/services/mail/dovecot.nix index 9a9acf69c51..b4662936b3c 100644 --- a/modules/services/mail/dovecot.nix +++ b/modules/services/mail/dovecot.nix @@ -10,7 +10,7 @@ let '' base_dir = /var/run/dovecot2/ - protocols = imap pop3 + protocols = ${optionalString cfg.enableImap "imap"} ${optionalString cfg.enablePop3 "pop3"} '' + (if cfg.sslServerCert!="" then '' @@ -62,6 +62,16 @@ in description = "Whether to enable the Dovecot 2.x POP3/IMAP server."; }; + enablePop3 = mkOption { + default = true; + description = "Start the POP3 listener (when Dovecot is enabled)."; + }; + + enableImap = mkOption { + default = true; + description = "Start the IMAP listener (when Dovecot is enabled)."; + }; + user = mkOption { default = "dovecot2"; description = "Dovecot user name."; @@ -146,6 +156,9 @@ in environment.systemPackages = [ pkgs.dovecot ]; + assertions = [{ assertion = cfg.enablePop3 || cfg.enableImap; + message = "dovecot needs at least one of the IMAP or POP3 listeners enabled";}]; + }; } From 757ab7f6d3399cae3c76e1b744eae692db6c8559 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Sat, 6 Oct 2012 20:58:46 -0400 Subject: [PATCH 3/7] Generate nsswitch.conf properly --- modules/config/nsswitch-mdns.conf | 11 ----------- modules/config/nsswitch.conf | 10 ---------- modules/config/nsswitch.nix | 33 ++++++++++++++++++++----------- 3 files changed, 22 insertions(+), 32 deletions(-) delete mode 100644 modules/config/nsswitch-mdns.conf delete mode 100644 modules/config/nsswitch.conf diff --git a/modules/config/nsswitch-mdns.conf b/modules/config/nsswitch-mdns.conf deleted file mode 100644 index 61dd436682d..00000000000 --- a/modules/config/nsswitch-mdns.conf +++ /dev/null @@ -1,11 +0,0 @@ -# NSS configuration files with mDNS enabled (requires running Avahi daemon). - -passwd: ldap files -group: ldap files -shadow: ldap files - -hosts: files mdns_minimal [NOTFOUND=return] dns mdns -networks: files dns - -services: files -protocols: files diff --git a/modules/config/nsswitch.conf b/modules/config/nsswitch.conf deleted file mode 100644 index 44beaf5b44c..00000000000 --- a/modules/config/nsswitch.conf +++ /dev/null @@ -1,10 +0,0 @@ -passwd: files ldap -group: files ldap -shadow: files ldap - -hosts: files dns -networks: files dns -ethers: files - -services: files -protocols: files diff --git a/modules/config/nsswitch.nix b/modules/config/nsswitch.nix index cac6ff382a4..7c969320b3d 100644 --- a/modules/config/nsswitch.nix +++ b/modules/config/nsswitch.nix @@ -1,13 +1,15 @@ # Configuration for the Name Service Switch (/etc/nsswitch.conf). -{config, pkgs, ...}: +{ config, pkgs, ... }: + +with pkgs.lib; let options = { # NSS modules. Hacky! - system.nssModules = pkgs.lib.mkOption { + system.nssModules = mkOption { internal = true; default = []; description = " @@ -15,34 +17,43 @@ let several DNS resolution methods to be specified via /etc/nsswitch.conf. "; - merge = pkgs.lib.mergeListOption; + merge = mergeListOption; apply = list: let list2 = list # !!! this should be in the LDAP module - ++ pkgs.lib.optional config.users.ldap.enable pkgs.nss_ldap; + ++ optional config.users.ldap.enable pkgs.nss_ldap; in { list = list2; - path = pkgs.lib.makeLibraryPath list2; + path = makeLibraryPath list2; }; }; }; + inherit (config.services.avahi) nssmdns; + in { - require = [options]; + require = [ options ]; environment.etc = [ # Name Service Switch configuration file. Required by the C library. # !!! Factor out the mdns stuff. The avahi module should define # an option used by this module. - { source = - if config.services.avahi.nssmdns - then ./nsswitch-mdns.conf - else ./nsswitch.conf; + { source = pkgs.writeText "nsswitch.conf" + '' + passwd: files ldap + group: files ldap + shadow: files ldap + hosts: files ${optionalString nssmdns "mdns_minimal [NOTFOUND=return]"} dns ${optionalString nssmdns "mdns"} + networks: files dns + ethers: files + services: files + protocols: files + ''; target = "nsswitch.conf"; } ]; @@ -58,5 +69,5 @@ in # chroot gets to seem them, and (ii) applications can benefit from # changes in the list of NSS modules at run-time, without requiring # a reboot. - environment.systemPackages = [config.system.nssModules.list]; + environment.systemPackages = [ config.system.nssModules.list ]; } From 13841d6e47a54a6ec5c0c501a9d19d23fc081b2d Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Sat, 6 Oct 2012 21:00:26 -0400 Subject: [PATCH 4/7] Use nss-myhostname to ensure that the hostname resolves to something sensible --- modules/config/nsswitch.nix | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/modules/config/nsswitch.nix b/modules/config/nsswitch.nix index 7c969320b3d..4c46e8ec87d 100644 --- a/modules/config/nsswitch.nix +++ b/modules/config/nsswitch.nix @@ -48,7 +48,7 @@ in passwd: files ldap group: files ldap shadow: files ldap - hosts: files ${optionalString nssmdns "mdns_minimal [NOTFOUND=return]"} dns ${optionalString nssmdns "mdns"} + hosts: files ${optionalString nssmdns "mdns_minimal [NOTFOUND=return]"} dns ${optionalString nssmdns "mdns"} myhostname networks: files dns ethers: files services: files @@ -58,6 +58,11 @@ in } ]; + # Use nss-myhostname to ensure that our hostname always resolves to + # a valid IP address. It returns all locally configured IP + # addresses, or ::1 and 127.0.0.2 as fallbacks. + system.nssModules = [ pkgs.nss_myhostname ]; + environment.shellInit = if config.system.nssModules.path != "" then '' From 74295866f511a76199e7ab74aa995403c6f40954 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Sun, 7 Oct 2012 00:37:36 -0400 Subject: [PATCH 5/7] Don't include NSS modules in $LD_LIBRARY_PATH This is broken because it requires restarting applications to see new NSS modules. The proper way to handle NSS modules is through nscd. See commit 554ae9908b4abd45c9769da023470ae2c12ebdfd. --- modules/config/nsswitch.nix | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/modules/config/nsswitch.nix b/modules/config/nsswitch.nix index 4c46e8ec87d..806ff876303 100644 --- a/modules/config/nsswitch.nix +++ b/modules/config/nsswitch.nix @@ -62,17 +62,4 @@ in # a valid IP address. It returns all locally configured IP # addresses, or ::1 and 127.0.0.2 as fallbacks. system.nssModules = [ pkgs.nss_myhostname ]; - - environment.shellInit = - if config.system.nssModules.path != "" then - '' - LD_LIBRARY_PATH=${config.system.nssModules.path}:$LD_LIBRARY_PATH - '' - else ""; - - # NSS modules need to be in `systemPath' so that (i) the builder - # chroot gets to seem them, and (ii) applications can benefit from - # changes in the list of NSS modules at run-time, without requiring - # a reboot. - environment.systemPackages = [ config.system.nssModules.list ]; } From 570e523a88eebf9e20343608a153a41dbfa8375f Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Sun, 7 Oct 2012 00:40:00 -0400 Subject: [PATCH 6/7] Remove 127.0.0.1 mapping for the system's hostname Also remove the . mapping. --- modules/config/networking.nix | 11 +---------- 1 file changed, 1 insertion(+), 10 deletions(-) diff --git a/modules/config/networking.nix b/modules/config/networking.nix index 2b4be69cc51..f0aafc6b404 100644 --- a/modules/config/networking.nix +++ b/modules/config/networking.nix @@ -18,13 +18,6 @@ let }; - localhostWithDomain = optionalString (cfg.domain != "") - "localhost.${cfg.domain}"; - - hostnameWithDomain = optionalString - (cfg.domain != "" && cfg.hostName != "") - "${cfg.hostName}.${cfg.domain}"; - in { @@ -49,9 +42,7 @@ in { # /etc/hosts: Hostname-to-IP mappings. source = pkgs.writeText "hosts" '' - ${optionalString (cfg.hostName != "") - "127.0.0.1 ${hostnameWithDomain} ${cfg.hostName}"} - 127.0.0.1 localhost ${localhostWithDomain} + 127.0.0.1 localhost ${cfg.extraHosts} ''; target = "hosts"; From 2b2f0067b838c3032458f3fafdc1f6190ed9176f Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Sun, 7 Oct 2012 00:46:24 -0400 Subject: [PATCH 7/7] Add an /etc/hosts entry mapping localhost to ::1 --- modules/config/networking.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/config/networking.nix b/modules/config/networking.nix index f0aafc6b404..c6ea171bf3d 100644 --- a/modules/config/networking.nix +++ b/modules/config/networking.nix @@ -43,6 +43,7 @@ in source = pkgs.writeText "hosts" '' 127.0.0.1 localhost + ::1 localhost ${cfg.extraHosts} ''; target = "hosts";