dramatically speeds up my boot time because it was the last
service (for me) that depended on udev-settle.service
udev-settle isn't needed for modern system initialization but some
oldschool services (mdadm/lvm/cryptsetup) depend on it so they can
just enumerate devices instead of having to react to changes
dynamically. In NixOS these things are usually already taken care of
during stage 1 (early ramdisk) if you use them.
The option services.openssh.hostKeys now allows specifying multiple
host keys. The default value enables both a DSA and ECDSA key.
(Clients by default will use the ECDSA key, unless known_hosts already
has a DSA key for that host.) To use only an ECDSA key, you can say:
services.openssh.hostKeys =
[ { path = "/etc/ssh/ssh_host_ecdsa_key";
type = "ecdsa";
bits = 521;
}
];
If the option is enabled, the DNS servers from networking.nameservers
will be inserted in /etc/resolv.conf after the DNS servers that
NetworkManager receieves by DHCP, or that is configured manually
in the connection settings.
NixOS and Fedora uses .../ca-bundle.crt. Ubuntu uses
.../ca-certificates.crt. Add .../ca-certificates.crt symlink to be
compatible with Ubuntu.
Example use case: Bob has a ~/.msmtprc file that he brings over from
Ubuntu. It also works on NixOS.
If the option is enabled, the DNS servers from networking.nameservers
will be inserted in /etc/resolv.con and override any DNS servers that
NetworkManager receieves by DHCP, or that is configured manually
in the connection settings.
Currently only root has access. But with this patch all users in
"libvirtd" group will have access. This is similar to how it's done on
Ubuntu.
Also, add virtualisation.libvirtd.extraConfig option for further
customization of libvirtd.conf.
With this it's now possible to directly embed a configuration file
using `services.xserver.windowManager.i3.configFile = path`, which then
will be used instead of the one in the users home directory.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Note that since the configuration produced by nixos-hardware-scan
includes not-detected.nix, you get all firmware when following the
regular installation procedure.
Issue #87.
The intel-*.nix modules are obsolete (since you can just say
‘hardware.enableAllFirmware = true’, or equivalently,
‘hardware.firmware = [ pkgs.firmwareLinuxNonfree ]’). But we'll keep
them around for compatibility.
Running at a low priority is generally bad since it runs the risk of
priority inversions, etc. It's really the builders that should run
under a different priority (e.g. in their own cgroup).
This is to use the VMs own disk image instead of a tmpfs in order to
avoid eating more memory. Of course, by default we still use the tmpfs
in order to not break existing VM tests.
I personally don't like the coding style of the option definition, but
in order to stay consistent, I followed the overall style in this file.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Extend the buildMachines option to support specification of
supportedFeatures and mandatoryFeatures in order to support all
configuration options of the nix.machines file.
Unfortunately, the flag only works directly and without the daemon, so
this adds an extra variable $repair, to avoid the daemon. This is to
avoid to iterate through the $extraBuildFlags just to test whether
"--repair" exists.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
It used to be set to 7 (debug) so you get lots of crap on the console.
The new value of 4 is also what Ubuntu uses. Red Hat uses 3.
A nice side effect is that it's more likely that the LUKS passphrase
prompt doesn't get clobbered by kernel log messages.
Ensure permission bits are (re)set on each system activation with
explicit chmod call.
mkdir -m MODE PATH will only set the permission bits if PATH is
*created*, which means users that have old NixOS versions will continue
to have the old 700 permissions on /var/log/journal until they chmod
manually. With this commit the permissions will be set to 755 on system
activation.
When apcupsd has initiated a shutdown, systemd always ends up waiting
for it to stop ("A stop job is running for UPS daemon"). This is weird,
because in the journal one can clearly see that apcupsd has received the
SIGTERM signal and has already quit (or so it seems). This reduces the
wait time from 90 seconds (default) to just 5. Then systemd kills it
with SIGKILL.
This adds a special systemd service that calls "apcupsd --killpower"
(put UPS in hibernate mode) just before shutting down the system.
Without this command, the UPS will stay on until the battery is
completely empty.
Each attribute in this option should name an apcupsd event and the
string value it contains will be executed in a shell in response to that
event. See "man apccontrol" for the list of events and what they
represent.
Now it is easy to hook into the apcupsd event system:
services.apcupsd.hooks = {
onbattery = ''# shell commands to run when the onbattery event is emitted'';
doshutdown = ''# shell commands to notify that the computer is shutting down'';
};
This option allows administrators to add verbatim text to the generated
config file. I use this feature, for instance, to disable the default
route normally added by dhcpcd for certain interfaces.
This makes the system journal readable by users in the
systemd-journal, wheel and adm groups. It also allows users to read
their own journals.
Note that this doesn't change the permissions of existing journals.
apcupsd is a daemon for controlling APC UPSes. It is very simple to
configure. If you have an USB based UPS, the default settings should be
useable without further adjustments:
services.apcupsd.enable = true;
This will give you autodetection of USB UPSes, network access limited to
localhost (for security) and the shutdown sequence will be started when
the system when the battery level is below 50 percent, or when the UPS
has calculated that it has 5 minutes or less of remaining power-on time.
You can provide your own configuration file contents with this option:
services.apcupsd.configText = "contents of apcupsd.conf";
Bug/annoyance 1: When apcupsd calls "wall" (on powerfail etc. events),
it prints an error message because stdout is not connected to a tty (it
is connected to the journal):
wall: cannot get tty name: Inappropriate ioctl for device
The message still gets through though, to ctrl-alt-f[1-6] terminals.
Bug/annoyance 2: apcupsd tries to call "mail" (on powerfail etc.
events), and that fails because I'm not passing in any mail program at
the moment (because that would require more configuration options). A
solution to this would be to simply let the user fully configure the
apcupsd event handling logic in nix.
Mathijs Kwik
Lluís Batlle i Rossell
Eelco Dolstra
Evgeny Egorochkin
Rickard Nilsson
Jaka Hudoklin
Rob Vermaas
Domen Kožar
Bjørn Forsman
Marc Weber
aszlig
Ivan Kozik
Cillian de Róiste
Vladimír Čunát
Martin Bravenboer
Rok Garbas
Peter Simons
Shea Levy
mornfall