nordic-dev.net/nixpkgs
nordic-dev.net/nixpkgs
2
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-01 07:01:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update all legacy-style modules

Browse Source 
I.e., modules that use "require = [options]".  Nowadays that should be
written as

  {
    options = { ... };
    config = { ... };
  };

Also, use "imports" instead of "require" in places where we actually
import another module.
This commit is contained in:
Eelco Dolstra 2013-09-04 13:05:09 +02:00
parent 3a23e6dd31
commit 17457297cb
54 changed files with 1827 additions and 1934 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
modules/config/i18n.nix
View File

@ -2,11 +2,20 @@
with pkgs.lib;
###### interface
let
glibcLocales = pkgs.glibcLocales.override {
allLocales = any (x: x == "all") config.i18n.supportedLocales;
locales = config.i18n.supportedLocales;
};
in
{
###### interface
options = {
i18n = {
defaultLocale = mkOption {
default = "en_US.UTF-8";
@ -53,31 +62,26 @@ let
};
###### implementation
glibcLocales = pkgs.glibcLocales.override {
allLocales = any (x: x == "all") config.i18n.supportedLocales;
locales = config.i18n.supportedLocales;
###### implementation
config = {
environment.systemPackages = [ glibcLocales ];
environment.shellInit =
''
export LANG=${config.i18n.defaultLocale}
'';
# /etc/locale.conf is used by systemd.
environment.etc = singleton
{ target = "locale.conf";
source = pkgs.writeText "locale.conf"
''
LANG=${config.i18n.defaultLocale}
'';
};
};
in
{
require = options;
environment.systemPackages = [ glibcLocales ];
environment.shellInit =
''
export LANG=${config.i18n.defaultLocale}
'';
# /etc/locale.conf is used by systemd.
environment.etc = singleton
{ target = "locale.conf";
source = pkgs.writeText "locale.conf"
''
LANG=${config.i18n.defaultLocale}
'';
};
}

309
modules/config/krb5.nix
View File

@ -1,12 +1,18 @@
{pkgs, config, ...}:
{ config, pkgs, ... }:
with pkgs.lib;
###### interface
let
inherit (pkgs.lib) mkOption mkIf;
cfg = config.krb5;
in
{
###### interface
options = {
krb5 = {
enable = mkOption {
@ -35,171 +41,164 @@ let
};
};
};
in
###### implementation
###### implementation
mkIf config.krb5.enable {
require = [
options
];
config = mkIf config.krb5.enable {
environment = {
systemPackages = [ pkgs.krb5 ];
etc = [
{ source = pkgs.writeText "krb5.conf"
''
[libdefaults]
default_realm = ${cfg.defaultRealm}
encrypt = true
environment.systemPackages = [ pkgs.krb5 ];
# The following krb5.conf variables are only for MIT Kerberos.
krb4_config = /etc/krb.conf
krb4_realms = /etc/krb.realms
kdc_timesync = 1
ccache_type = 4
forwardable = true
proxiable = true
environment.etc."krb5.conf".text =
''
[libdefaults]
default_realm = ${cfg.defaultRealm}
encrypt = true
# The following encryption type specification will be used by MIT Kerberos
# if uncommented. In general, the defaults in the MIT Kerberos code are
# correct and overriding these specifications only serves to disable new
# encryption types as they are added, creating interoperability problems.
# The following krb5.conf variables are only for MIT Kerberos.
krb4_config = /etc/krb.conf
krb4_realms = /etc/krb.realms
kdc_timesync = 1
ccache_type = 4
forwardable = true
proxiable = true
# default_tgs_enctypes = aes256-cts arcfour-hmac-md5 des3-hmac-sha1 des-cbc-crc des-cbc-md5
# default_tkt_enctypes = aes256-cts arcfour-hmac-md5 des3-hmac-sha1 des-cbc-crc des-cbc-md5
# permitted_enctypes = aes256-cts arcfour-hmac-md5 des3-hmac-sha1 des-cbc-crc des-cbc-md5
# The following encryption type specification will be used by MIT Kerberos
# if uncommented. In general, the defaults in the MIT Kerberos code are
# correct and overriding these specifications only serves to disable new
# encryption types as they are added, creating interoperability problems.
# The following libdefaults parameters are only for Heimdal Kerberos.
v4_instance_resolve = false
v4_name_convert = {
host = {
rcmd = host
ftp = ftp
}
plain = {
something = something-else
}
}
fcc-mit-ticketflags = true
# default_tgs_enctypes = aes256-cts arcfour-hmac-md5 des3-hmac-sha1 des-cbc-crc des-cbc-md5
# default_tkt_enctypes = aes256-cts arcfour-hmac-md5 des3-hmac-sha1 des-cbc-crc des-cbc-md5
# permitted_enctypes = aes256-cts arcfour-hmac-md5 des3-hmac-sha1 des-cbc-crc des-cbc-md5
[realms]
${cfg.defaultRealm} = {
kdc = ${cfg.kdc}
admin_server = ${cfg.kerberosAdminServer}
# kpasswd_server = ${cfg.kerberosAdminServer}
}
ATHENA.MIT.EDU = {
kdc = kerberos.mit.edu:88
kdc = kerberos-1.mit.edu:88
kdc = kerberos-2.mit.edu:88
admin_server = kerberos.mit.edu
default_domain = mit.edu
}
MEDIA-LAB.MIT.EDU = {
kdc = kerberos.media.mit.edu
admin_server = kerberos.media.mit.edu
}
ZONE.MIT.EDU = {
kdc = casio.mit.edu
kdc = seiko.mit.edu
admin_server = casio.mit.edu
}
MOOF.MIT.EDU = {
kdc = three-headed-dogcow.mit.edu:88
kdc = three-headed-dogcow-1.mit.edu:88
admin_server = three-headed-dogcow.mit.edu
}
CSAIL.MIT.EDU = {
kdc = kerberos-1.csail.mit.edu
kdc = kerberos-2.csail.mit.edu
admin_server = kerberos.csail.mit.edu
default_domain = csail.mit.edu
krb524_server = krb524.csail.mit.edu
}
IHTFP.ORG = {
kdc = kerberos.ihtfp.org
admin_server = kerberos.ihtfp.org
}
GNU.ORG = {
kdc = kerberos.gnu.org
kdc = kerberos-2.gnu.org
kdc = kerberos-3.gnu.org
admin_server = kerberos.gnu.org
}
1TS.ORG = {
kdc = kerberos.1ts.org
admin_server = kerberos.1ts.org
}
GRATUITOUS.ORG = {
kdc = kerberos.gratuitous.org
admin_server = kerberos.gratuitous.org
}
DOOMCOM.ORG = {
kdc = kerberos.doomcom.org
admin_server = kerberos.doomcom.org
}
ANDREW.CMU.EDU = {
kdc = vice28.fs.andrew.cmu.edu
kdc = vice2.fs.andrew.cmu.edu
kdc = vice11.fs.andrew.cmu.edu
kdc = vice12.fs.andrew.cmu.edu
admin_server = vice28.fs.andrew.cmu.edu
default_domain = andrew.cmu.edu
}
CS.CMU.EDU = {
kdc = kerberos.cs.cmu.edu
kdc = kerberos-2.srv.cs.cmu.edu
admin_server = kerberos.cs.cmu.edu
}
DEMENTIA.ORG = {
kdc = kerberos.dementia.org
kdc = kerberos2.dementia.org
admin_server = kerberos.dementia.org
}
stanford.edu = {
kdc = krb5auth1.stanford.edu
kdc = krb5auth2.stanford.edu
kdc = krb5auth3.stanford.edu
admin_server = krb5-admin.stanford.edu
default_domain = stanford.edu
}
# The following libdefaults parameters are only for Heimdal Kerberos.
v4_instance_resolve = false
v4_name_convert = {
host = {
rcmd = host
ftp = ftp
}
plain = {
something = something-else
}
}
fcc-mit-ticketflags = true
[domain_realm]
.${cfg.domainRealm} = ${cfg.defaultRealm}
${cfg.domainRealm} = ${cfg.defaultRealm}
.mit.edu = ATHENA.MIT.EDU
mit.edu = ATHENA.MIT.EDU
.media.mit.edu = MEDIA-LAB.MIT.EDU
media.mit.edu = MEDIA-LAB.MIT.EDU
.csail.mit.edu = CSAIL.MIT.EDU
csail.mit.edu = CSAIL.MIT.EDU
.whoi.edu = ATHENA.MIT.EDU
whoi.edu = ATHENA.MIT.EDU
.stanford.edu = stanford.edu
[realms]
${cfg.defaultRealm} = {
kdc = ${cfg.kdc}
admin_server = ${cfg.kerberosAdminServer}
#kpasswd_server = ${cfg.kerberosAdminServer}
}
ATHENA.MIT.EDU = {
kdc = kerberos.mit.edu:88
kdc = kerberos-1.mit.edu:88
kdc = kerberos-2.mit.edu:88
admin_server = kerberos.mit.edu
default_domain = mit.edu
}
MEDIA-LAB.MIT.EDU = {
kdc = kerberos.media.mit.edu
admin_server = kerberos.media.mit.edu
}
ZONE.MIT.EDU = {
kdc = casio.mit.edu
kdc = seiko.mit.edu
admin_server = casio.mit.edu
}
MOOF.MIT.EDU = {
kdc = three-headed-dogcow.mit.edu:88
kdc = three-headed-dogcow-1.mit.edu:88
admin_server = three-headed-dogcow.mit.edu
}
CSAIL.MIT.EDU = {
kdc = kerberos-1.csail.mit.edu
kdc = kerberos-2.csail.mit.edu
admin_server = kerberos.csail.mit.edu
default_domain = csail.mit.edu
krb524_server = krb524.csail.mit.edu
}
IHTFP.ORG = {
kdc = kerberos.ihtfp.org
admin_server = kerberos.ihtfp.org
}
GNU.ORG = {
kdc = kerberos.gnu.org
kdc = kerberos-2.gnu.org
kdc = kerberos-3.gnu.org
admin_server = kerberos.gnu.org
}
1TS.ORG = {
kdc = kerberos.1ts.org
admin_server = kerberos.1ts.org
}
GRATUITOUS.ORG = {
kdc = kerberos.gratuitous.org
admin_server = kerberos.gratuitous.org
}
DOOMCOM.ORG = {
kdc = kerberos.doomcom.org
admin_server = kerberos.doomcom.org
}
ANDREW.CMU.EDU = {
kdc = vice28.fs.andrew.cmu.edu
kdc = vice2.fs.andrew.cmu.edu
kdc = vice11.fs.andrew.cmu.edu
kdc = vice12.fs.andrew.cmu.edu
admin_server = vice28.fs.andrew.cmu.edu
default_domain = andrew.cmu.edu
}
CS.CMU.EDU = {
kdc = kerberos.cs.cmu.edu
kdc = kerberos-2.srv.cs.cmu.edu
admin_server = kerberos.cs.cmu.edu
}
DEMENTIA.ORG = {
kdc = kerberos.dementia.org
kdc = kerberos2.dementia.org
admin_server = kerberos.dementia.org
}
stanford.edu = {
kdc = krb5auth1.stanford.edu
kdc = krb5auth2.stanford.edu
kdc = krb5auth3.stanford.edu
admin_server = krb5-admin.stanford.edu
default_domain = stanford.edu
}
[logging]
kdc = SYSLOG:INFO:DAEMON
admin_server = SYSLOG:INFO:DAEMON
default = SYSLOG:INFO:DAEMON
krb4_convert = true
krb4_get_tickets = false
[domain_realm]
.${cfg.domainRealm} = ${cfg.defaultRealm}
${cfg.domainRealm} = ${cfg.defaultRealm}
.mit.edu = ATHENA.MIT.EDU
mit.edu = ATHENA.MIT.EDU
.media.mit.edu = MEDIA-LAB.MIT.EDU
media.mit.edu = MEDIA-LAB.MIT.EDU
.csail.mit.edu = CSAIL.MIT.EDU
csail.mit.edu = CSAIL.MIT.EDU
.whoi.edu = ATHENA.MIT.EDU
whoi.edu = ATHENA.MIT.EDU
.stanford.edu = stanford.edu
[logging]
kdc = SYSLOG:INFO:DAEMON
admin_server = SYSLOG:INFO:DAEMON
default = SYSLOG:INFO:DAEMON
krb4_convert = true
krb4_get_tickets = false
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
max_timeout = 30
timeout_shift = 2
initial_timeout = 1
}
'';
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
max_timeout = 30
timeout_shift = 2
initial_timeout = 1
}
'';
target = "krb5.conf";
}
];
};
}

366
modules/config/ldap.nix
View File

@ -1,150 +1,12 @@
{pkgs, config, ...}:
{ config, pkgs, ... }:
with pkgs.lib;
with pkgs;
###### interface
let
inherit mkOption mkIf optionalString stringAfter singleton;
cfg = config.users.ldap;
options = {
users = {
ldap = {
enable = mkOption {
default = false;
description = "
Whether to enable authentication against an LDAP server.
";
};
server = mkOption {
example = "ldap://ldap.example.org/";
description = "
The URL of the LDAP server.
";
};
base = mkOption {
example = "dc=example,dc=org";
description = "
The distinguished name of the search base.
";
};
useTLS = mkOption {
default = false;
description = "
If enabled, use TLS (encryption) over an LDAP (port 389)
connection. The alternative is to specify an LDAPS server (port
636) in <option>users.ldap.server</option> or to forego
security.
";
};
timeLimit = mkOption {
default = 0;
type = types.int;
description = "
Specifies the time limit (in seconds) to use when performing
searches. A value of zero (0), which is the default, is to
wait indefinitely for searches to be completed.
";
};
daemon = {
enable = mkOption {
default = false;
description = ''
Whether to let the nslcd daemon (nss-pam-ldapd) handle the
LDAP lookups for NSS and PAM. This can improve performance,
and if you need to bind to the LDAP server with a password,
it increases security, since only the nslcd user needs to
have access to the bindpw file, not everyone that uses NSS
and/or PAM. If this option is enabled, a local nscd user is
created automatically, and the nslcd service is started
automatically when the network get up.
'';
};
extraConfig = mkOption {
default = "";
type = types.string;
description = ''
Extra configuration options that will be added verbatim at
the end of the nslcd configuration file (nslcd.conf).
'' ;
} ;
};
bind = {
distinguishedName = mkOption {
default = "";
example = "cn=admin,dc=example,dc=com";
type = types.string;
description = "
The distinguished name to bind to the LDAP server with. If this
is not specified, an anonymous bind will be done.
";
};
password = mkOption {
default = "/etc/ldap/bind.password";
type = types.string;
description = "
The path to a file containing the credentials to use when binding
to the LDAP server (if not binding anonymously).
";
};
timeLimit = mkOption {
default = 30;
type = types.int;
description = "
Specifies the time limit (in seconds) to use when connecting
to the directory server. This is distinct from the time limit
specified in <literal>users.ldap.timeLimit</literal> and affects
the initial server connection only.
";
};
policy = mkOption {
default = "hard_open";
type = types.string;
description = "
Specifies the policy to use for reconnecting to an unavailable
LDAP server. The default is <literal>hard_open</literal>, which
reconnects if opening the connection to the directory server
failed. By contrast, <literal>hard_init</literal> reconnects if
initializing the connection failed. Initializing may not
actually contact the directory server, and it is possible that
a malformed configuration file will trigger reconnection. If
<literal>soft</literal> is specified, then
<literal>nss_ldap</literal> will return immediately on server
failure. All hard reconnect policies block with exponential
backoff before retrying.
";
};
};
extraConfig = mkOption {
default = "" ;
type = types.string ;
description = ''
Extra configuration options that will be added verbatim at
the end of the ldap configuration file (ldap.conf).
If <literal>users.ldap.daemon</literal> is enabled, this
configuration will not be used. In that case, use
<literal>users.ldap.daemon.extraConfig</literal> instead.
'' ;
};
};
};
};
# Careful: OpenLDAP seems to be very picky about the indentation of
# this file. Directives HAVE to start in the first column!
ldapConfig = {
@ -186,63 +48,199 @@ let
in
###### implementation
mkIf cfg.enable {
require = [
options
];
{
environment.etc = if cfg.daemon.enable then [nslcdConfig] else [ldapConfig];
###### interface
system.activationScripts = mkIf insertLdapPassword {
ldap = stringAfter [ "etc" "groups" "users" ] ''
if test -f "${cfg.bind.password}" ; then
echo "bindpw "$(cat ${cfg.bind.password})"" | cat ${ldapConfig} - > /etc/ldap.conf.bindpw
mv -fT /etc/ldap.conf.bindpw /etc/ldap.conf
chmod 600 /etc/ldap.conf
fi
'';
};
options = {
system.nssModules = singleton (
if cfg.daemon.enable then nss_pam_ldapd else nss_ldap
);
users.ldap = {
enable = mkOption {
default = false;
description = "Whether to enable authentication against an LDAP server.";
};
server = mkOption {
example = "ldap://ldap.example.org/";
description = "The URL of the LDAP server.";
};
base = mkOption {
example = "dc=example,dc=org";
description = "The distinguished name of the search base.";
};
useTLS = mkOption {
default = false;
description = ''
If enabled, use TLS (encryption) over an LDAP (port 389)
connection. The alternative is to specify an LDAPS server (port
636) in <option>users.ldap.server</option> or to forego
security.
'';
};
timeLimit = mkOption {
default = 0;
type = types.int;
description = ''
Specifies the time limit (in seconds) to use when performing
searches. A value of zero (0), which is the default, is to
wait indefinitely for searches to be completed.
'';
};
daemon = {
enable = mkOption {
default = false;
description = ''
Whether to let the nslcd daemon (nss-pam-ldapd) handle the
LDAP lookups for NSS and PAM. This can improve performance,
and if you need to bind to the LDAP server with a password,
it increases security, since only the nslcd user needs to
have access to the bindpw file, not everyone that uses NSS
and/or PAM. If this option is enabled, a local nscd user is
created automatically, and the nslcd service is started
automatically when the network get up.
'';
};
extraConfig = mkOption {
default = "";
type = types.string;
description = ''
Extra configuration options that will be added verbatim at
the end of the nslcd configuration file (nslcd.conf).
'' ;
} ;
};
bind = {
distinguishedName = mkOption {
default = "";
example = "cn=admin,dc=example,dc=com";
type = types.string;
description = ''
The distinguished name to bind to the LDAP server with. If this
is not specified, an anonymous bind will be done.
'';
};
password = mkOption {
default = "/etc/ldap/bind.password";
type = types.string;
description = ''
The path to a file containing the credentials to use when binding
to the LDAP server (if not binding anonymously).
'';
};
timeLimit = mkOption {
default = 30;
type = types.int;
description = ''
Specifies the time limit (in seconds) to use when connecting
to the directory server. This is distinct from the time limit
specified in <literal>users.ldap.timeLimit</literal> and affects
the initial server connection only.
'';
};
policy = mkOption {
default = "hard_open";
type = types.string;
description = ''
Specifies the policy to use for reconnecting to an unavailable
LDAP server. The default is <literal>hard_open</literal>, which
reconnects if opening the connection to the directory server
failed. By contrast, <literal>hard_init</literal> reconnects if
initializing the connection failed. Initializing may not
actually contact the directory server, and it is possible that
a malformed configuration file will trigger reconnection. If
<literal>soft</literal> is specified, then
<literal>nss_ldap</literal> will return immediately on server
failure. All hard reconnect policies block with exponential
backoff before retrying.
'';
};
};
extraConfig = mkOption {
default = "";
type = types.string;
description = ''
Extra configuration options that will be added verbatim at
the end of the ldap configuration file (ldap.conf).
If <literal>users.ldap.daemon</literal> is enabled, this
configuration will not be used. In that case, use
<literal>users.ldap.daemon.extraConfig</literal> instead.
'' ;
};
users = mkIf cfg.daemon.enable {
extraGroups.nslcd = {
gid = config.ids.gids.nslcd;
};
extraUsers.nslcd = {
uid = config.ids.uids.nslcd;
description = "nslcd user.";
group = "nslcd";
};
};
systemd.services = mkIf cfg.daemon.enable {
nslcd = {
wantedBy = [ "nss-user-lookup.target" ];
before = [ "nss-user-lookup.target" ];
after = [ "network.target" ];
###### implementation
preStart = ''
mkdir -p /run/nslcd
rm -f /run/nslcd/nslcd.pid;
chown nslcd.nslcd /run/nslcd
${optionalString (cfg.bind.distinguishedName != "") ''
if test -s "${cfg.bind.password}" ; then
ln -sfT "${cfg.bind.password}" /run/nslcd/bindpw
fi
''}
config = mkIf cfg.enable {
environment.etc = if cfg.daemon.enable then [nslcdConfig] else [ldapConfig];
system.activationScripts = mkIf insertLdapPassword {
ldap = stringAfter [ "etc" "groups" "users" ] ''
if test -f "${cfg.bind.password}" ; then
echo "bindpw "$(cat ${cfg.bind.password})"" | cat ${ldapConfig} - > /etc/ldap.conf.bindpw
mv -fT /etc/ldap.conf.bindpw /etc/ldap.conf
chmod 600 /etc/ldap.conf
fi
'';
};
serviceConfig = {
ExecStart = "${nss_pam_ldapd}/sbin/nslcd";
Type = "forking";
PIDFile = "/run/nslcd/nslcd.pid";
Restart = "always";
system.nssModules = singleton (
if cfg.daemon.enable then nss_pam_ldapd else nss_ldap
);
users = mkIf cfg.daemon.enable {
extraGroups.nslcd = {
gid = config.ids.gids.nslcd;
};
extraUsers.nslcd = {
uid = config.ids.uids.nslcd;
description = "nslcd user.";
group = "nslcd";
};
};
systemd.services = mkIf cfg.daemon.enable {
nslcd = {
wantedBy = [ "nss-user-lookup.target" ];
before = [ "nss-user-lookup.target" ];
after = [ "network.target" ];
preStart = ''
mkdir -p /run/nslcd
rm -f /run/nslcd/nslcd.pid;
chown nslcd.nslcd /run/nslcd
${optionalString (cfg.bind.distinguishedName != "") ''
if test -s "${cfg.bind.password}" ; then
ln -sfT "${cfg.bind.password}" /run/nslcd/bindpw
fi
''}
'';
serviceConfig = {
ExecStart = "${nss_pam_ldapd}/sbin/nslcd";
Type = "forking";
PIDFile = "/run/nslcd/nslcd.pid";
Restart = "always";
};
};
};
};
}

90
modules/config/networking.nix
View File

@ -1,6 +1,6 @@
# /etc files related to networking, such as /etc/services.
{config, pkgs, ...}:
{ config, pkgs, ... }:
with pkgs.lib;
@ -8,6 +8,10 @@ let
cfg = config.networking;
in
{
options = {
networking.extraHosts = pkgs.lib.mkOption {
@ -32,53 +36,53 @@ let
};
in
config = {
{
require = [options];
environment.etc =
{ # /etc/services: TCP/UDP port assignments.
"services".source = pkgs.iana_etc + "/etc/services";
environment.etc =
{ # /etc/services: TCP/UDP port assignments.
"services".source = pkgs.iana_etc + "/etc/services";
# /etc/protocols: IP protocol numbers.
"protocols".source = pkgs.iana_etc + "/etc/protocols";
# /etc/protocols: IP protocol numbers.
"protocols".source = pkgs.iana_etc + "/etc/protocols";
# /etc/rpc: RPC program numbers.
"rpc".source = pkgs.glibc + "/etc/rpc";
# /etc/rpc: RPC program numbers.
"rpc".source = pkgs.glibc + "/etc/rpc";
# /etc/hosts: Hostname-to-IP mappings.
"hosts".text =
''
127.0.0.1 localhost
${optionalString cfg.enableIPv6 ''
::1 localhost
''}
${cfg.extraHosts}
'';
# /etc/resolvconf.conf: Configuration for openresolv.
"resolvconf.conf".text =
# /etc/hosts: Hostname-to-IP mappings.
"hosts".text =
''
# This is the default, but we must set it here to prevent
# a collision with an apparently unrelated environment
# variable with the same name exported by dhcpcd.
interface_order='lo lo[0-9]*'
'' + optionalString config.services.nscd.enable ''
# Invalidate the nscd cache whenever resolv.conf is
# regenerated.
libc_restart='${pkgs.systemd}/bin/systemctl try-restart --no-block nscd.service'
'' + optionalString cfg.dnsSingleRequest ''
# only send one DNS request at a time
resolv_conf_options='single-request'
'' + optionalString config.services.bind.enable ''
# This hosts runs a full-blown DNS resolver.
name_servers='127.0.0.1'
127.0.0.1 localhost
${optionalString cfg.enableIPv6 ''
::1 localhost
''}
${cfg.extraHosts}
'';
};
# The ip-up target is started when we have IP connectivity. So
# services that depend on IP connectivity (like ntpd) should be
# pulled in by this target.
systemd.targets.ip-up.description = "Services Requiring IP Connectivity";
# /etc/resolvconf.conf: Configuration for openresolv.
"resolvconf.conf".text =
''
# This is the default, but we must set it here to prevent
# a collision with an apparently unrelated environment
# variable with the same name exported by dhcpcd.
interface_order='lo lo[0-9]*'
'' + optionalString config.services.nscd.enable ''
# Invalidate the nscd cache whenever resolv.conf is
# regenerated.
libc_restart='${pkgs.systemd}/bin/systemctl try-restart --no-block nscd.service'
'' + optionalString cfg.dnsSingleRequest ''
# only send one DNS request at a time
resolv_conf_options='single-request'
'' + optionalString config.services.bind.enable ''
# This hosts runs a full-blown DNS resolver.
name_servers='127.0.0.1'
'';
};
# The ip-up target is started when we have IP connectivity. So
# services that depend on IP connectivity (like ntpd) should be
# pulled in by this target.
systemd.targets.ip-up.description = "Services Requiring IP Connectivity";
};
}

60
modules/config/nsswitch.nix
View File

@ -6,17 +6,22 @@ with pkgs.lib;
let
inherit (config.services.avahi) nssmdns;
in
{
options = {
# NSS modules. Hacky!
system.nssModules = mkOption {
internal = true;
default = [];
description = "
description = ''
Search path for NSS (Name Service Switch) modules. This allows
several DNS resolution methods to be specified via
<filename>/etc/nsswitch.conf</filename>.
";
'';
merge = mergeListOption;
apply = list:
{
@ -27,34 +32,31 @@ let
};
inherit (config.services.avahi) nssmdns;
config = {
in
environment.etc =
[ # Name Service Switch configuration file. Required by the C library.
# !!! Factor out the mdns stuff. The avahi module should define
# an option used by this module.
{ source = pkgs.writeText "nsswitch.conf"
''
passwd: files ldap
group: files ldap
shadow: files ldap
hosts: files ${optionalString nssmdns "mdns_minimal [NOTFOUND=return]"} dns ${optionalString nssmdns "mdns"} myhostname
networks: files dns
ethers: files
services: files
protocols: files
'';
target = "nsswitch.conf";
}
];
{
require = [ options ];
# Use nss-myhostname to ensure that our hostname always resolves to
# a valid IP address. It returns all locally configured IP
# addresses, or ::1 and 127.0.0.2 as fallbacks.
system.nssModules = [ pkgs.systemd ];
environment.etc =
[ # Name Service Switch configuration file. Required by the C library.
# !!! Factor out the mdns stuff. The avahi module should define
# an option used by this module.
{ source = pkgs.writeText "nsswitch.conf"
''
passwd: files ldap
group: files ldap
shadow: files ldap
hosts: files ${optionalString nssmdns "mdns_minimal [NOTFOUND=return]"} dns ${optionalString nssmdns "mdns"} myhostname
networks: files dns
ethers: files
services: files
protocols: files
'';
target = "nsswitch.conf";
}
];
# Use nss-myhostname to ensure that our hostname always resolves to
# a valid IP address. It returns all locally configured IP
# addresses, or ::1 and 127.0.0.2 as fallbacks.
system.nssModules = [ pkgs.systemd ];
};
}

39
modules/config/system-path.nix
View File

@ -54,7 +54,9 @@ let
extraManpages
];
in
{
options = {
environment = {
@ -78,9 +80,7 @@ let
# to work.
default = [];
example = ["/"];
description = "
Lists directories to be symlinked in `/run/current-system/sw'.
";
description = "List of directories to be symlinked in `/run/current-system/sw'.";
};
};
@ -120,24 +120,23 @@ let
};
config = {
in
environment.systemPackages = requiredPackages;
{
require = [ options ];
environment.pathsToLink =
[ "/bin"
"/etc/xdg"
"/info"
"/lib"
"/man"
"/sbin"
"/share/emacs"
"/share/org"
"/share/info"
"/share/terminfo"
"/share/man"
];
environment.systemPackages = requiredPackages;
environment.pathsToLink = [
"/bin"
"/etc/xdg"
"/info"
"/lib"
"/man"
"/sbin"
"/share/emacs"
"/share/org"
"/share/info"
"/share/terminfo"
"/share/man"
];
};
}

61
modules/config/unix-odbc-drivers.nix
View File

@ -1,43 +1,34 @@
{pkgs, config, ...}:
###### interface
let
inherit (pkgs.lib) mkOption mkIf;
options = {
environment = {
unixODBCDrivers = mkOption {
default = [];
example = "map (x : x.ini) (with pkgs.unixODBCDrivers; [ mysql psql psqlng ] )";
description = ''
specifies unix odbc drivers to be registered at /etc/odbcinst.ini.
Maybe you also want to add pkgs.unixODBC to the system path to get a
command line client t connnect to odbc databases.
'';
};
};
};
in
###### implementation
{ config, pkgs, ... }:
with pkgs.lib;
# unixODBC drivers (this solution is not perfect.. Because the user has to
# ask the admin to add a driver.. but it's simple and works
mkIf (config.environment.unixODBCDrivers != []) {
{
###### interface
require = [
options
];
environment = {
etc = [
{ source =
let inis = config.environment.unixODBCDrivers;
in pkgs.writeText "odbcinst.ini" (pkgs.lib.concatStringsSep "\n" inis);
target = "odbcinst.ini";
}
];
options = {
environment.unixODBCDrivers = mkOption {
default = [];
example = literalExample "map (x : x.ini) (with pkgs.unixODBCDrivers; [ mysql psql psqlng ] )";
description = ''
Specifies Unix ODBC drivers to be registered in
<filename>/etc/odbcinst.ini</filename>. You may also want to
add <literal>pkgs.unixODBC</literal> to the system path to get
a command line client to connnect to ODBC databases.
'';
};
};
###### implementation
config = mkIf (config.environment.unixODBCDrivers != []) {
environment.etc."odbcinst.ini".text =
let inis = config.environment.unixODBCDrivers;
in pkgs.lib.concatStringsSep "\n" inis;
};
}

94
modules/hardware/pcmcia.nix
View File

@ -1,61 +1,59 @@
{pkgs, config, ...}:
{ config, pkgs, ... }:
with pkgs.lib;
###### interface
let
inherit (pkgs.lib) mkOption
mergeEnableOption mergeListOption;
options = {
hardware = {
pcmcia = {
enable = mkOption {
default = false;
merge = mergeEnableOption;
description = ''
Enable this option to support PCMCIA card.
'';
};
firmware = mkOption {
default = [];
merge = mergeListOption;
description = ''
List of firmware used to handle specific PCMCIA card.
'';
};
config = mkOption {
default = null;
description = ''
Path to the configuration file which map the memory, irq
and ports used by the PCMCIA hardware.
'';
};
};
};
};
in
###### implementation
let
inherit (pkgs.lib) mkIf;
pcmciaUtils = pkgs.pcmciaUtils.passthru.function {
inherit (config.hardware.pcmcia) firmware config;
};
in
mkIf config.hardware.pcmcia.enable {
require = [
# ../upstart-jobs/udev.nix
# ? # config.environment.extraPackages
options
];
{
###### interface
boot.kernelModules = [ "pcmcia" ];
options = {
services.udev.packages = [ pcmciaUtils ];
hardware.pcmcia = {
enable = mkOption {
default = false;
merge = mergeEnableOption;
description = ''
Enable this option to support PCMCIA card.
'';
};
firmware = mkOption {
default = [];
merge = mergeListOption;
description = ''
List of firmware used to handle specific PCMCIA card.
'';
};
config = mkOption {
default = null;
description = ''
Path to the configuration file which map the memory, irq
and ports used by the PCMCIA hardware.
'';
};
};
};
###### implementation
config = mkIf config.hardware.pcmcia.enable {
boot.kernelModules = [ "pcmcia" ];
services.udev.packages = [ pcmciaUtils ];
environment.systemPackages = [ pcmciaUtils ];
};
environment.systemPackages = [ pcmciaUtils ];
}

2
modules/installer/cd-dvd/installation-cd-base.nix
View File

@ -6,7 +6,7 @@
with pkgs.lib;
{
require =
imports =
[ ./memtest.nix
./channel.nix
./iso-image.nix

2
modules/installer/cd-dvd/installation-cd-efi.nix
View File

@ -1,7 +1,7 @@
{ config, pkgs, ... }:
{
require = [ ./installation-cd-minimal.nix ];
imports = [ ./installation-cd-minimal.nix ];
boot.kernelPackages = pkgs.linuxPackages_3_9;
boot.vesa = false;

5
modules/installer/cd-dvd/installation-cd-graphical.nix
View File

@ -6,10 +6,7 @@
with pkgs.lib;
{
require = [
./installation-cd-base.nix
../../profiles/graphical.nix
];
imports = [ ./installation-cd-base.nix ../../profiles/graphical.nix ];
# Provide wicd for easy wireless configuration.
#networking.wicd.enable = true;

2
modules/installer/cd-dvd/installation-cd-minimal-new-kernel.nix
View File

@ -1,7 +1,7 @@
{ config, pkgs, ... }:
{
require = [ ./installation-cd-minimal.nix ];
imports = [ ./installation-cd-minimal.nix ];
boot.kernelPackages = pkgs.linuxPackages_3_10;
boot.vesa = false;

2
modules/installer/cd-dvd/installation-cd-minimal.nix
View File

@ -4,7 +4,7 @@
{ config, pkgs, ... }:
{
require =
imports =
[ ./installation-cd-base.nix
../../profiles/minimal.nix
];

2
modules/installer/cd-dvd/installation-cd-new-kernel.nix
View File

@ -1,7 +1,7 @@
{ config, pkgs, ... }:
{
require = [ ./installation-cd-graphical.nix ];
imports = [ ./installation-cd-graphical.nix ];
boot.kernelPackages = pkgs.linuxPackages_3_10;
boot.vesa = false;

400
modules/installer/cd-dvd/iso-image.nix
View File

@ -8,6 +8,79 @@ with pkgs.lib;
let
# The Grub image.
grubImage = pkgs.runCommand "grub_eltorito" {}
''
${pkgs.grub2}/bin/grub-mkimage -O i386-pc -o tmp biosdisk iso9660 help linux linux16 chain png jpeg echo gfxmenu reboot
cat ${pkgs.grub2}/lib/grub/*/cdboot.img tmp > $out
''; # */
# The configuration file for Grub.
grubCfg =
''
set default=${builtins.toString config.boot.loader.grub.default}
set timeout=${builtins.toString config.boot.loader.grub.timeout}
if loadfont /boot/grub/unicode.pf2; then
set gfxmode=640x480
insmod gfxterm
insmod vbe
terminal_output gfxterm
insmod png
if background_image /boot/grub/splash.png; then
set color_normal=white/black
set color_highlight=black/white
else
set menu_color_normal=cyan/blue
set menu_color_highlight=white/blue
fi
fi
${config.boot.loader.grub.extraEntries}
'';
# The efi boot image
efiImg = pkgs.runCommand "efi-image_eltorito" {}
''
#Let's hope 10M is enough
dd bs=2048 count=5120 if=/dev/zero of="$out"
${pkgs.dosfstools}/sbin/mkfs.vfat "$out"
${pkgs.mtools}/bin/mmd -i "$out" efi
${pkgs.mtools}/bin/mmd -i "$out" efi/boot
${pkgs.mtools}/bin/mmd -i "$out" efi/nixos
${pkgs.mtools}/bin/mmd -i "$out" loader
${pkgs.mtools}/bin/mmd -i "$out" loader/entries
${pkgs.mtools}/bin/mcopy -v -i "$out" \
${pkgs.gummiboot}/lib/gummiboot/gummiboot${targetArch}.efi \
::efi/boot/boot${targetArch}.efi
${pkgs.mtools}/bin/mcopy -v -i "$out" \
${config.boot.kernelPackages.kernel + "/bzImage"} ::bzImage
${pkgs.mtools}/bin/mcopy -v -i "$out" \
${config.system.build.initialRamdisk + "/initrd"} ::efi/nixos/initrd
echo "title NixOS LiveCD" > boot-params
echo "linux /bzImage" >> boot-params
echo "initrd /efi/nixos/initrd" >> boot-params
echo "options init=${config.system.build.toplevel}/init ${toString config.boot.kernelParams}" >> boot-params
${pkgs.mtools}/bin/mcopy -v -i "$out" boot-params ::loader/entries/nixos-livecd.conf
echo "default nixos-livecd" > boot-params
echo "timeout 5" >> boot-params
${pkgs.mtools}/bin/mcopy -v -i "$out" boot-params ::loader/loader.conf
'';
targetArch = if pkgs.stdenv.isi686 then
"ia32"
else if pkgs.stdenv.isx86_64 then
"x64"
else
throw "Unsupported architecture";
in
{
options = {
isoImage.isoName = mkOption {
@ -84,228 +157,157 @@ let
};
# The Grub image.
grubImage = pkgs.runCommand "grub_eltorito" {}
''
${pkgs.grub2}/bin/grub-mkimage -O i386-pc -o tmp biosdisk iso9660 help linux linux16 chain png jpeg echo gfxmenu reboot
cat ${pkgs.grub2}/lib/grub/*/cdboot.img tmp > $out
''; # */
config = {
boot.loader.grub.version = 2;
# The configuration file for Grub.
grubCfg =
''
set default=${builtins.toString config.boot.loader.grub.default}
set timeout=${builtins.toString config.boot.loader.grub.timeout}
# Don't build the GRUB menu builder script, since we don't need it
# here and it causes a cyclic dependency.
boot.loader.grub.enable = false;
if loadfont /boot/grub/unicode.pf2; then
set gfxmode=640x480
insmod gfxterm
insmod vbe
terminal_output gfxterm
# !!! Hack - attributes expected by other modules.
system.boot.loader.kernelFile = "bzImage";
environment.systemPackages = [ pkgs.grub2 ];
insmod png
if background_image /boot/grub/splash.png; then
set color_normal=white/black
set color_highlight=black/white
else
set menu_color_normal=cyan/blue
set menu_color_highlight=white/blue
fi
# In stage 1 of the boot, mount the CD as the root FS by label so
# that we don't need to know its device. We pass the label of the
# root filesystem on the kernel command line, rather than in
# `fileSystems' below. This allows CD-to-USB converters such as
# UNetbootin to rewrite the kernel command line to pass the label or
# UUID of the USB stick. It would be nicer to write
# `root=/dev/disk/by-label/...' here, but UNetbootin doesn't
# recognise that.
boot.kernelParams = [ "root=LABEL=${config.isoImage.volumeID}" ];
fi
# Note that /dev/root is a symlink to the actual root device
# specified on the kernel command line, created in the stage 1 init
# script.
fileSystems."/".device = "/dev/root";
${config.boot.loader.grub.extraEntries}
'';
fileSystems."/nix/store" =
{ fsType = "squashfs";
device = "/nix-store.squashfs";
options = "loop";
};
boot.initrd.availableKernelModules = [ "squashfs" "iso9660" ];
# The efi boot image
efiImg = pkgs.runCommand "efi-image_eltorito" {}
''
#Let's hope 10M is enough
dd bs=2048 count=5120 if=/dev/zero of="$out"
${pkgs.dosfstools}/sbin/mkfs.vfat "$out"
${pkgs.mtools}/bin/mmd -i "$out" efi
${pkgs.mtools}/bin/mmd -i "$out" efi/boot
${pkgs.mtools}/bin/mmd -i "$out" efi/nixos
${pkgs.mtools}/bin/mmd -i "$out" loader
${pkgs.mtools}/bin/mmd -i "$out" loader/entries
${pkgs.mtools}/bin/mcopy -v -i "$out" \
${pkgs.gummiboot}/lib/gummiboot/gummiboot${targetArch}.efi \
::efi/boot/boot${targetArch}.efi
${pkgs.mtools}/bin/mcopy -v -i "$out" \
${config.boot.kernelPackages.kernel + "/bzImage"} ::bzImage
${pkgs.mtools}/bin/mcopy -v -i "$out" \
${config.system.build.initialRamdisk + "/initrd"} ::efi/nixos/initrd
echo "title NixOS LiveCD" > boot-params
echo "linux /bzImage" >> boot-params
echo "initrd /efi/nixos/initrd" >> boot-params
echo "options init=${config.system.build.toplevel}/init ${toString config.boot.kernelParams}" >> boot-params
${pkgs.mtools}/bin/mcopy -v -i "$out" boot-params ::loader/entries/nixos-livecd.conf
echo "default nixos-livecd" > boot-params
echo "timeout 5" >> boot-params
${pkgs.mtools}/bin/mcopy -v -i "$out" boot-params ::loader/loader.conf
'';
boot.initrd.kernelModules = [ "loop" ];
targetArch = if pkgs.stdenv.isi686 then
"ia32"
else if pkgs.stdenv.isx86_64 then
"x64"
else
throw "Unsupported architecture";
boot.kernelModules = pkgs.stdenv.lib.optional config.isoImage.makeEfiBootable "efivars";
in
# In stage 1, mount a tmpfs on top of / (the ISO image) and
# /nix/store (the squashfs image) to make this a live CD.
boot.initrd.postMountCommands =
''
mkdir -p /unionfs-chroot/ro-root
mount --rbind $targetRoot /unionfs-chroot/ro-root
{
require = options;
mkdir /unionfs-chroot/rw-root
mount -t tmpfs -o "mode=755" none /unionfs-chroot/rw-root
mkdir /mnt-root-union
unionfs -o allow_other,cow,chroot=/unionfs-chroot,max_files=32768 /rw-root=RW:/ro-root=RO /mnt-root-union
oldTargetRoot=$targetRoot
targetRoot=/mnt-root-union
boot.loader.grub.version = 2;
mkdir /unionfs-chroot/rw-store
mount -t tmpfs -o "mode=755" none /unionfs-chroot/rw-store
mkdir -p $oldTargetRoot/nix/store
unionfs -o allow_other,cow,nonempty,chroot=/unionfs-chroot,max_files=32768 /rw-store=RW:/ro-root/nix/store=RO /mnt-root-union/nix/store
'';
# Don't build the GRUB menu builder script, since we don't need it
# here and it causes a cyclic dependency.
boot.loader.grub.enable = false;
# Closures to be copied to the Nix store on the CD, namely the init
# script and the top-level system configuration directory.
isoImage.storeContents =
[ config.system.build.toplevel ] ++
optional config.isoImage.includeSystemBuildDependencies
config.system.build.toplevel.drvPath;
# !!! Hack - attributes expected by other modules.
system.boot.loader.kernelFile = "bzImage";
environment.systemPackages = [ pkgs.grub2 ];
# In stage 1 of the boot, mount the CD as the root FS by label so
# that we don't need to know its device. We pass the label of the
# root filesystem on the kernel command line, rather than in
# `fileSystems' below. This allows CD-to-USB converters such as
# UNetbootin to rewrite the kernel command line to pass the label or
# UUID of the USB stick. It would be nicer to write
# `root=/dev/disk/by-label/...' here, but UNetbootin doesn't
# recognise that.
boot.kernelParams = [ "root=LABEL=${config.isoImage.volumeID}" ];
# Note that /dev/root is a symlink to the actual root device
# specified on the kernel command line, created in the stage 1 init
# script.
fileSystems."/".device = "/dev/root";
fileSystems."/nix/store" =
{ fsType = "squashfs";
device = "/nix-store.squashfs";
options = "loop";
# Create the squashfs image that contains the Nix store.
system.build.squashfsStore = import ../../../lib/make-squashfs.nix {
inherit (pkgs) stdenv squashfsTools perl pathsFromGraph;
storeContents = config.isoImage.storeContents;
};
boot.initrd.availableKernelModules = [ "squashfs" "iso9660" ];
# Individual files to be included on the CD, outside of the Nix
# store on the CD.
isoImage.contents =
[ { source = grubImage;
target = "/boot/grub/grub_eltorito";
}
{ source = pkgs.writeText "grub.cfg" grubCfg;
target = "/boot/grub/grub.cfg";
}
{ source = config.boot.kernelPackages.kernel + "/bzImage";
target = "/boot/bzImage";
}
{ source = config.system.build.initialRamdisk + "/initrd";
target = "/boot/initrd";
}
{ source = "${pkgs.grub2}/share/grub/unicode.pf2";
target = "/boot/grub/unicode.pf2";
}
{ source = config.boot.loader.grub.splashImage;
target = "/boot/grub/splash.png";
}
{ source = config.system.build.squashfsStore;
target = "/nix-store.squashfs";
}
{ # Quick hack: need a mount point for the store.
source = pkgs.runCommand "empty" {} "ensureDir $out";
target = "/nix/store";
}
] ++ pkgs.stdenv.lib.optionals config.isoImage.makeEfiBootable [
{ source = efiImg;
target = "/boot/efi.img";
}
];
boot.initrd.kernelModules = [ "loop" ];
# The Grub menu.
boot.loader.grub.extraEntries =
''
menuentry "NixOS Installer / Rescue" {
linux /boot/bzImage init=${config.system.build.toplevel}/init ${toString config.boot.kernelParams}
initrd /boot/initrd
}
boot.kernelModules = pkgs.stdenv.lib.optional config.isoImage.makeEfiBootable "efivars";
menuentry "Boot from hard disk" {
set root=(hd0)
chainloader +1
}
'';
# In stage 1, mount a tmpfs on top of / (the ISO image) and
# /nix/store (the squashfs image) to make this a live CD.
boot.initrd.postMountCommands =
''
mkdir -p /unionfs-chroot/ro-root
mount --rbind $targetRoot /unionfs-chroot/ro-root
boot.loader.grub.timeout = 10;
mkdir /unionfs-chroot/rw-root
mount -t tmpfs -o "mode=755" none /unionfs-chroot/rw-root
mkdir /mnt-root-union
unionfs -o allow_other,cow,chroot=/unionfs-chroot,max_files=32768 /rw-root=RW:/ro-root=RO /mnt-root-union
oldTargetRoot=$targetRoot
targetRoot=/mnt-root-union
# Create the ISO image.
system.build.isoImage = import ../../../lib/make-iso9660-image.nix ({
inherit (pkgs) stdenv perl cdrkit pathsFromGraph;
mkdir /unionfs-chroot/rw-store
mount -t tmpfs -o "mode=755" none /unionfs-chroot/rw-store
mkdir -p $oldTargetRoot/nix/store
unionfs -o allow_other,cow,nonempty,chroot=/unionfs-chroot,max_files=32768 /rw-store=RW:/ro-root/nix/store=RO /mnt-root-union/nix/store
'';
inherit (config.isoImage) isoName compressImage volumeID contents;
# Closures to be copied to the Nix store on the CD, namely the init
# script and the top-level system configuration directory.
isoImage.storeContents =
[ config.system.build.toplevel ] ++
optional config.isoImage.includeSystemBuildDependencies
config.system.build.toplevel.drvPath;
bootable = true;
bootImage = "/boot/grub/grub_eltorito";
} // pkgs.stdenv.lib.optionalAttrs config.isoImage.makeEfiBootable {
efiBootable = true;
efiBootImage = "boot/efi.img";
});
boot.postBootCommands =
''
# After booting, register the contents of the Nix store on the
# CD in the Nix database in the tmpfs.
${config.environment.nix}/bin/nix-store --load-db < /nix/store/nix-path-registration
# nixos-rebuild also requires a "system" profile and an
# /etc/NIXOS tag.
touch /etc/NIXOS
${config.environment.nix}/bin/nix-env -p /nix/var/nix/profiles/system --set /run/current-system
'';
# Add vfat support to the initrd to enable people to copy the
# contents of the CD to a bootable USB stick. Need unionfs-fuse for union mounts
boot.initrd.supportedFilesystems = [ "vfat" "unionfs-fuse" ];
# Create the squashfs image that contains the Nix store.
system.build.squashfsStore = import ../../../lib/make-squashfs.nix {
inherit (pkgs) stdenv squashfsTools perl pathsFromGraph;
storeContents = config.isoImage.storeContents;
};
# Individual files to be included on the CD, outside of the Nix
# store on the CD.
isoImage.contents =
[ { source = grubImage;
target = "/boot/grub/grub_eltorito";
}
{ source = pkgs.writeText "grub.cfg" grubCfg;
target = "/boot/grub/grub.cfg";
}
{ source = config.boot.kernelPackages.kernel + "/bzImage";
target = "/boot/bzImage";
}
{ source = config.system.build.initialRamdisk + "/initrd";
target = "/boot/initrd";
}
{ source = "${pkgs.grub2}/share/grub/unicode.pf2";
target = "/boot/grub/unicode.pf2";
}
{ source = config.boot.loader.grub.splashImage;
target = "/boot/grub/splash.png";
}
{ source = config.system.build.squashfsStore;
target = "/nix-store.squashfs";
}
{ # Quick hack: need a mount point for the store.
source = pkgs.runCommand "empty" {} "ensureDir $out";
target = "/nix/store";
}
] ++ pkgs.stdenv.lib.optionals config.isoImage.makeEfiBootable [
{ source = efiImg;
target = "/boot/efi.img";
}
];
# The Grub menu.
boot.loader.grub.extraEntries =
''
menuentry "NixOS Installer / Rescue" {
linux /boot/bzImage init=${config.system.build.toplevel}/init ${toString config.boot.kernelParams}
initrd /boot/initrd
}
menuentry "Boot from hard disk" {
set root=(hd0)
chainloader +1
}
'';
boot.loader.grub.timeout = 10;
# Create the ISO image.
system.build.isoImage = import ../../../lib/make-iso9660-image.nix ({
inherit (pkgs) stdenv perl cdrkit pathsFromGraph;
inherit (config.isoImage) isoName compressImage volumeID contents;
bootable = true;
bootImage = "/boot/grub/grub_eltorito";
} // pkgs.stdenv.lib.optionalAttrs config.isoImage.makeEfiBootable {
efiBootable = true;
efiBootImage = "boot/efi.img";
});
boot.postBootCommands =
''
# After booting, register the contents of the Nix store on the
# CD in the Nix database in the tmpfs.
${config.environment.nix}/bin/nix-store --load-db < /nix/store/nix-path-registration
# nixos-rebuild also requires a "system" profile and an
# /etc/NIXOS tag.
touch /etc/NIXOS
${config.environment.nix}/bin/nix-env -p /nix/var/nix/profiles/system --set /run/current-system
'';
# Add vfat support to the initrd to enable people to copy the
# contents of the CD to a bootable USB stick. Need unionfs-fuse for union mounts
boot.initrd.supportedFilesystems = [ "vfat" "unionfs-fuse" ];
}

6
modules/installer/cd-dvd/live-dvd.nix
View File

@ -1,11 +1,11 @@
{config, pkgs, ...}:
{ config, pkgs, ... }:
{
require = [./installation-cd-base.nix];
imports = [ ./installation-cd-base.nix ];
# Build the build-time dependencies of this configuration on the DVD
# to speed up installation.
isoImage.storeContents = [config.system.build.toplevel.drvPath];
isoImage.storeContents = [ config.system.build.toplevel.drvPath ];
# Include lots of packages.
environment.systemPackages =

15
modules/installer/cd-dvd/system-tarball-fuloong2f.nix
View File

@ -12,15 +12,10 @@ let
# evaluated. So we'll just hope for the best.
dummyConfiguration = pkgs.writeText "configuration.nix"
''
{config, pkgs, ...}:
{ config, pkgs, ... }:
{
require = [ ];
# Add your own options below
# E.g.,
{ # Add your own options below, e.g.:
# services.openssh.enable = true;
nixpkgs.config.platform = pkgs.platforms.fuloong2f_n32;
}
'';
@ -45,11 +40,7 @@ let
in
{
require =
[
./system-tarball.nix
];
imports = [ ./system-tarball.nix ];
# Disable some other stuff we don't need.
security.sudo.enable = false;

2
modules/installer/cd-dvd/system-tarball-pc.nix
View File

@ -65,7 +65,7 @@ let
in
{
require =
imports =
[ ./system-tarball.nix
# Profiles of this basic installation.

9
modules/installer/cd-dvd/system-tarball-sheevaplug.nix
View File

@ -15,11 +15,9 @@ let
# evaluated. So we'll just hope for the best.
dummyConfiguration = pkgs.writeText "configuration.nix"
''
{config, pkgs, ...}:
{ config, pkgs, ... }:
{
require = [ ];
# Add your own options below and run "nixos-rebuild switch".
# E.g.,
# services.openssh.enable = true;
@ -39,10 +37,7 @@ let
in
{
require =
[
./system-tarball.nix
];
imports = [ ./system-tarball.nix ];
# Disable some other stuff we don't need.
security.sudo.enable = false;

91
modules/installer/cd-dvd/system-tarball.nix
View File

@ -8,6 +8,11 @@ with pkgs.lib;
let
versionFile = pkgs.writeText "nixos-version" config.system.nixosVersion;
in
{
options = {
tarball.contents = mkOption {
example =
@ -31,59 +36,57 @@ let
};
versionFile = pkgs.writeText "nixos-version" config.system.nixosVersion;
config = {
in
# In stage 1 of the boot, mount the CD/DVD as the root FS by label
# so that we don't need to know its device.
fileSystems = [ ];
{
require = options;
# boot.initrd.availableKernelModules = [ "mvsdio" "mmc_block" "reiserfs" "ext3" "ext4" ];
# In stage 1 of the boot, mount the CD/DVD as the root FS by label
# so that we don't need to know its device.
fileSystems = [ ];
# boot.initrd.kernelModules = [ "rtc_mv" ];
# boot.initrd.availableKernelModules = [ "mvsdio" "mmc_block" "reiserfs" "ext3" "ext4" ];
# Closures to be copied to the Nix store on the CD, namely the init
# script and the top-level system configuration directory.
tarball.storeContents =
[ { object = config.system.build.toplevel;
symlink = "/run/current-system";
}
];
# boot.initrd.kernelModules = [ "rtc_mv" ];
# Individual files to be included on the CD, outside of the Nix
# store on the CD.
tarball.contents =
[ { source = config.system.build.initialRamdisk + "/initrd";
target = "/boot/initrd";
}
{ source = versionFile;
target = "/nixos-version.txt";
}
];
# Closures to be copied to the Nix store on the CD, namely the init
# script and the top-level system configuration directory.
tarball.storeContents =
[ { object = config.system.build.toplevel;
symlink = "/run/current-system";
}
];
# Create the tarball
system.build.tarball = import ../../../lib/make-system-tarball.nix {
inherit (pkgs) stdenv perl xz pathsFromGraph;
# Individual files to be included on the CD, outside of the Nix
# store on the CD.
tarball.contents =
[ { source = config.system.build.initialRamdisk + "/initrd";
target = "/boot/initrd";
}
{ source = versionFile;
target = "/nixos-version.txt";
}
];
inherit (config.tarball) contents storeContents;
};
# Create the tarball
system.build.tarball = import ../../../lib/make-system-tarball.nix {
inherit (pkgs) stdenv perl xz pathsFromGraph;
boot.postBootCommands =
''
# After booting, register the contents of the Nix store on the
# CD in the Nix database in the tmpfs.
if [ -f /nix-path-registration ]; then
${config.environment.nix}/bin/nix-store --load-db < /nix-path-registration &&
rm /nix-path-registration
fi
# nixos-rebuild also requires a "system" profile and an
# /etc/NIXOS tag.
touch /etc/NIXOS
${config.environment.nix}/bin/nix-env -p /nix/var/nix/profiles/system --set /run/current-system
'';
inherit (config.tarball) contents storeContents;
};
boot.postBootCommands =
''
# After booting, register the contents of the Nix store on the
# CD in the Nix database in the tmpfs.
if [ -f /nix-path-registration ]; then
${config.environment.nix}/bin/nix-store --load-db < /nix-path-registration &&
rm /nix-path-registration
fi
# nixos-rebuild also requires a "system" profile and an
# /etc/NIXOS tag.
touch /etc/NIXOS
${config.environment.nix}/bin/nix-env -p /nix/var/nix/profiles/system --set /run/current-system
'';
}

6
modules/installer/tools/nixos-hardware-scan.pl
View File

@ -8,7 +8,7 @@ my @attrs = ();
my @kernelModules = ();
my @initrdKernelModules = ();
my @modulePackages = ();
my @requires = ("<nixos/modules/installer/scan/not-detected.nix>");
my @imports = ("<nixos/modules/installer/scan/not-detected.nix>");
sub debug {
@ -227,7 +227,7 @@ my $initrdKernelModules = toNixExpr(removeDups @initrdKernelModules);
my $kernelModules = toNixExpr(removeDups @kernelModules);
my $modulePackages = toNixExpr(removeDups @modulePackages);
my $attrs = multiLineList(" ", removeDups @attrs);
my $requires = multiLineList(" ", removeDups @requires);
my $imports = multiLineList(" ", removeDups @imports);
print <<EOF ;
@ -236,7 +236,7 @@ print <<EOF ;
{ config, pkgs, ... }:
{
require = [$requires ];
imports = [$imports ];
boot.initrd.kernelModules = [$initrdKernelModules ];
boot.kernelModules = [$kernelModules ];

2
modules/installer/tools/nixos-option.sh
View File

@ -215,7 +215,7 @@ if $generate; then
{ config, pkgs, ... }:
{
require =
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
];

2
modules/installer/virtualbox-demo.nix
View File

@ -1,7 +1,7 @@
{ config, pkgs, ... }:
{
require =
imports =
[ ../virtualisation/virtualbox-image.nix
../installer/cd-dvd/channel.nix
../profiles/demo.nix

341
modules/misc/ids.nix
View File

@ -1,10 +1,9 @@
# This module defines the global list of uids and gids. We keep a
# central list to prevent id collisions.
{config, pkgs, ...}:
let
{ config, pkgs, ... }:
{
options = {
ids.uids = pkgs.lib.mkOption {
@ -21,181 +20,181 @@ let
};
in
{
require = options;
config = {
ids.uids = {
root = 0;
nscd = 1;
sshd = 2;
ntp = 3;
messagebus = 4; # D-Bus
haldaemon = 5;
nagios = 6;
vsftpd = 7;
ftp = 8;
bitlbee = 9;
avahi = 10;
portmap = 11;
atd = 12;
zabbix = 13;
postfix = 14;
dovecot = 15;
tomcat = 16;
pulseaudio = 22; # must match `pulseaudio' GID
gpsd = 23;
polkituser = 28;
uptimed = 29;
ddclient = 30;
davfs2 = 31;
privoxy = 32;
osgi = 34;
tor = 35;
cups = 36;
foldingAtHome = 37;
sabnzbd = 38;
kdm = 39;
ghostOne = 40;
git = 41;
fourStore = 42;
fourStoreEndpoint = 43;
virtuoso = 44;
rtkit = 45;
dovecot2 = 46;
dovenull2 = 47;
unbound = 48;
prayer = 49;
mpd = 50;
clamav = 51;
fprot = 52;
bind = 53;
wwwrun = 54;
spamd = 56;
nslcd = 58;
nginx = 60;
chrony = 61;
smtpd = 63;
smtpq = 64;
supybot = 65;
iodined = 66;
graphite = 68;
statsd = 69;
transmission = 70;
postgres = 71;
smbguest = 74;
varnish = 75;
dd-agent = 76;
lighttpd = 77;
lightdm = 78;
freenet = 79;
ircd = 80;
bacula = 81;
almir = 82;
deluge = 83;
mysql = 84;
rabbitmq = 85;
activemq = 86;
gnunet = 87;
oidentd = 88;
quassel = 89;
amule = 90;
minidlna = 91;
elasticsearch = 92;
ids.uids = {
root = 0;
nscd = 1;
sshd = 2;
ntp = 3;
messagebus = 4; # D-Bus
haldaemon = 5;
nagios = 6;
vsftpd = 7;
ftp = 8;
bitlbee = 9;
avahi = 10;
portmap = 11;
atd = 12;
zabbix = 13;
postfix = 14;
dovecot = 15;
tomcat = 16;
pulseaudio = 22; # must match `pulseaudio' GID
gpsd = 23;
polkituser = 28;
uptimed = 29;
ddclient = 30;
davfs2 = 31;
privoxy = 32;
osgi = 34;
tor = 35;
cups = 36;
foldingAtHome = 37;
sabnzbd = 38;
kdm = 39;
ghostOne = 40;
git = 41;
fourStore = 42;
fourStoreEndpoint = 43;
virtuoso = 44;
rtkit = 45;
dovecot2 = 46;
dovenull2 = 47;
unbound = 48;
prayer = 49;
mpd = 50;
clamav = 51;
fprot = 52;
bind = 53;
wwwrun = 54;
spamd = 56;
nslcd = 58;
nginx = 60;
chrony = 61;
smtpd = 63;
smtpq = 64;
supybot = 65;
iodined = 66;
graphite = 68;
statsd = 69;
transmission = 70;
postgres = 71;
smbguest = 74;
varnish = 75;
dd-agent = 76;
lighttpd = 77;
lightdm = 78;
freenet = 79;
ircd = 80;
bacula = 81;
almir = 82;
deluge = 83;
mysql = 84;
rabbitmq = 85;
activemq = 86;
gnunet = 87;
oidentd = 88;
quassel = 89;
amule = 90;
minidlna = 91;
elasticsearch = 92;
# When adding a uid, make sure it doesn't match an existing gid.
# When adding a uid, make sure it doesn't match an existing gid.
nixbld = 30000; # start of range of uids
nobody = 65534;
};
nixbld = 30000; # start of range of uids
nobody = 65534;
};
ids.gids = {
root = 0;
wheel = 1;
kmem = 2;
tty = 3;
messagebus = 4; # D-Bus
haldaemon = 5;
disk = 6;
vsftpd = 7;
ftp = 8;
bitlbee = 9;
avahi = 10;
portmap = 11;
atd = 12;
postfix = 13;
postdrop = 14;
dovecot = 15;
audio = 17;
floppy = 18;
uucp = 19;
lp = 20;
tomcat = 21;
pulseaudio = 22; # must match `pulseaudio' UID
gpsd = 23;
cdrom = 24;
tape = 25;
video = 26;
dialout = 27;
polkituser = 28;
utmp = 29;
davfs2 = 31;
privoxy = 32;
disnix = 33;
osgi = 34;
ghostOne = 40;
git = 41;
fourStore = 42;
fourStoreEndpoint = 43;
virtuoso = 44;
dovecot2 = 46;
prayer = 49;
mpd = 50;
clamav = 51;
fprot = 52;
wwwrun = 54;
adm = 55;
spamd = 56;
networkmanager = 57;
nslcd = 58;
scanner = 59;
nginx = 60;
systemd-journal = 62;
smtpd = 63;
smtpq = 64;
supybot = 65;
iodined = 66;
libvirtd = 67;
graphite = 68;
transmission = 70;
postgres = 71;
vboxusers = 72;
vboxsf = 73;
smbguest = 74;
varnish = 75;
dd-agent = 76;
lighttpd = 77;
lightdm = 78;
freenet = 79;
ircd = 80;
bacula = 81;
almir = 82;
deluge = 83;
mysql = 84;
rabbitmq = 85;
activemq = 86;
gnunet = 87;
oidentd = 88;
quassel = 89;
amule = 90;
minidlna = 91;
ids.gids = {
root = 0;
wheel = 1;
kmem = 2;
tty = 3;
messagebus = 4; # D-Bus
haldaemon = 5;
disk = 6;
vsftpd = 7;
ftp = 8;
bitlbee = 9;
avahi = 10;
portmap = 11;
atd = 12;
postfix = 13;
postdrop = 14;
dovecot = 15;
audio = 17;
floppy = 18;
uucp = 19;
lp = 20;
tomcat = 21;
pulseaudio = 22; # must match `pulseaudio' UID
gpsd = 23;
cdrom = 24;
tape = 25;
video = 26;
dialout = 27;
polkituser = 28;
utmp = 29;
davfs2 = 31;
privoxy = 32;
disnix = 33;
osgi = 34;
ghostOne = 40;
git = 41;
fourStore = 42;
fourStoreEndpoint = 43;
virtuoso = 44;
dovecot2 = 46;
prayer = 49;
mpd = 50;
clamav = 51;
fprot = 52;
wwwrun = 54;
adm = 55;
spamd = 56;
networkmanager = 57;
nslcd = 58;
scanner = 59;
nginx = 60;
systemd-journal = 62;
smtpd = 63;
smtpq = 64;
supybot = 65;
iodined = 66;
libvirtd = 67;
graphite = 68;
transmission = 70;
postgres = 71;
vboxusers = 72;
vboxsf = 73;
smbguest = 74;
varnish = 75;
dd-agent = 76;
lighttpd = 77;
lightdm = 78;
freenet = 79;
ircd = 80;
bacula = 81;
almir = 82;
deluge = 83;
mysql = 84;
rabbitmq = 85;
activemq = 86;
gnunet = 87;
oidentd = 88;
quassel = 89;
amule = 90;
minidlna = 91;
# When adding a gid, make sure it doesn't match an existing uid.
# When adding a gid, make sure it doesn't match an existing uid.
users = 100;
nixbld = 30000;
nogroup = 65534;
};
users = 100;
nixbld = 30000;
nogroup = 65534;
};
}

24
modules/misc/passthru.nix
View File

@ -1,21 +1,15 @@
# This module allows you to export something from configuration
# Use case: export kernel source expression for ease of configuring
{config, pkgs, ...}:
let
options = {
passthru = pkgs.lib.mkOption {
description = ''
This attribute set will be exported as a system attribute.
You can put whatever you want here.
'';
};
};
in
{ config, pkgs, ... }:
{
require = options;
options = {
passthru = pkgs.lib.mkOption {
description = ''
This attribute set will be exported as a system attribute.
You can put whatever you want here.
'';
};
};
}

1
modules/module-list.nix
View File

@ -224,7 +224,6 @@
#./services/x11/window-managers/compiz.nix
./services/x11/window-managers/default.nix
./services/x11/window-managers/icewm.nix
./services/x11/window-managers/kwm.nix
./services/x11/window-managers/metacity.nix
./services/x11/window-managers/none.nix
./services/x11/window-managers/twm.nix

2
modules/profiles/all-hardware.nix
View File

@ -49,7 +49,7 @@
# Include lots of firmware.
hardware.enableAllFirmware = true;
require =
imports =
[ ../hardware/network/zydas-zd1211.nix ];
}

2
modules/profiles/clone-config.nix
View File

@ -47,7 +47,7 @@ let
{ config, pkgs, ... }:
{
require = [ ${toString config.installer.cloneConfigIncludes} ];
imports = [ ${toString config.installer.cloneConfigIncludes} ];
}
'';

2
modules/profiles/demo.nix
View File

@ -1,7 +1,7 @@
{ config, pkgs, ... }:
{
require = [ ./graphical.nix ];
imports = [ ./graphical.nix ];
users.extraUsers.demo =
{ description = "Demo user account";

116
modules/programs/bash/bash.nix
View File

@ -31,6 +31,9 @@ let
mapAttrsFlatten (k: v: "alias ${k}='${v}'") cfg.shellAliases
);
in
{
options = {
environment.promptInit = mkOption {
@ -87,70 +90,65 @@ let
};
in
{
require = [options];
config = {
environment.etc =
[ { # Script executed when the shell starts as a login shell.
source = pkgs.substituteAll {
src = ./profile.sh;
wrapperDir = config.security.wrapperDir;
inherit (cfg) shellInit;
};
target = "profile";
}
# Script executed when the shell starts as a login shell.
environment.etc."profile".source =
pkgs.substituteAll {
src = ./profile.sh;
wrapperDir = config.security.wrapperDir;
inherit (cfg) shellInit;
};
{ # /etc/bashrc: executed every time an interactive bash
# starts. Sources /etc/profile to ensure that the system
# environment is configured properly.
source = pkgs.substituteAll {
src = ./bashrc.sh;
inherit (cfg) interactiveShellInit;
};
target = "bashrc";
}
# /etc/bashrc: executed every time an interactive bash
# starts. Sources /etc/profile to ensure that the system
# environment is configured properly.
environment.etc."bashrc".source =
pkgs.substituteAll {
src = ./bashrc.sh;
inherit (cfg) interactiveShellInit;
};
{ # Configuration for readline in bash.
source = ./inputrc;
target = "inputrc";
}
# Configuration for readline in bash.
environment.etc."inputrc".source = ./inputrc;
environment.shellAliases =
{ ls = "ls --color=tty";
ll = "ls -l";
l = "ls -alh";
which = "type -P";
};
environment.interactiveShellInit =
''
# Check the window size after every command.
shopt -s checkwinsize
${cfg.promptInit}
${initBashCompletion}
${shellAliases}
# Disable hashing (i.e. caching) of command lookups.
set +h
'';
system.build.binsh = pkgs.bashInteractive;
system.activationScripts.binsh = stringAfter [ "stdio" ]
''
# Create the required /bin/sh symlink; otherwise lots of things
# (notably the system() function) won't work.
mkdir -m 0755 -p /bin
ln -sfn "${cfg.binsh}" /bin/.sh.tmp
mv /bin/.sh.tmp /bin/sh # atomically replace /bin/sh
'';
environment.pathsToLink = optionals cfg.enableBashCompletion [
"/etc/bash_completion.d"
"/share/bash-completion"
];
environment.shellAliases =
{ ls = "ls --color=tty";
ll = "ls -l";
l = "ls -alh";
which = "type -P";
};
};
environment.interactiveShellInit =
''
# Check the window size after every command.
shopt -s checkwinsize
${cfg.promptInit}
${initBashCompletion}
${shellAliases}
# Disable hashing (i.e. caching) of command lookups.
set +h
'';
system.build.binsh = pkgs.bashInteractive;
system.activationScripts.binsh = stringAfter [ "stdio" ]
''
# Create the required /bin/sh symlink; otherwise lots of things
# (notably the system() function) won't work.
mkdir -m 0755 -p /bin
ln -sfn "${cfg.binsh}" /bin/.sh.tmp
mv /bin/.sh.tmp /bin/sh # atomically replace /bin/sh
'';
environment.pathsToLink = optionals cfg.enableBashCompletion [
"/etc/bash_completion.d"
"/share/bash-completion"
];
}

72
modules/programs/ssmtp.nix
View File

@ -3,12 +3,18 @@
# directly to an SMTP server defined in its configuration file, wihout
# queueing mail locally.
{config, pkgs, ...}:
{ config, pkgs, ... }:
with pkgs.lib;
let
cfg = config.networking.defaultMailServer;
in
{
options = {
networking.defaultMailServer = {
@ -16,94 +22,90 @@ let
directDelivery = mkOption {
default = false;
example = true;
description = "
description = ''
Use the trivial Mail Transfer Agent (MTA)
<command>ssmtp</command> package to allow programs to send
e-mail. If you don't want to run a ``real'' MTA like
e-mail. If you don't want to run a real MTA like
<command>sendmail</command> or <command>postfix</command> on
your machine, set this option to <literal>true</literal>, and
set the option
<option>networking.defaultMailServer.hostName</option> to the
host name of your preferred mail server.
";
'';
};
hostName = mkOption {
example = "mail.example.org";
description = "
description = ''
The host name of the default mail server to use to deliver
e-mail.
";
'';
};
domain = mkOption {
default = "";
example = "example.org";
description = "
description = ''
The domain from which mail will appear to be sent.
";
'';
};
useTLS = mkOption {
default = false;
example = true;
description = "
description = ''
Whether TLS should be used to connect to the default mail
server.
";
'';
};
useSTARTTLS = mkOption {
default = false;
example = true;
description = "
description = ''
Whether the STARTTLS should be used to connect to the default
mail server. (This is needed for TLS-capable mail servers
running on the default SMTP port 25.)
";
'';
};
authUser = mkOption {
default = "";
example = "foo@example.org";
description = "
description = ''
Username used for SMTP auth. Leave blank to disable.
";
'';
};
authPass = mkOption {
default = "";
example = "correctHorseBatteryStaple";
description = "
description = ''
Password used for SMTP auth. (STORED PLAIN TEXT, WORLD-READABLE IN NIX STORE)
";
'';
};
};
};
cfg = config.networking.defaultMailServer;
in
config = mkIf cfg.directDelivery {
mkIf cfg.directDelivery {
require = [options];
environment.etc."ssmtp/ssmtp.conf".text =
''
MailHub=${cfg.hostName}
FromLineOverride=YES
${if cfg.domain != "" then "rewriteDomain=${cfg.domain}" else ""}
UseTLS=${if cfg.useTLS then "YES" else "NO"}
UseSTARTTLS=${if cfg.useSTARTTLS then "YES" else "NO"}
#Debug=YES
${if cfg.authUser != "" then "AuthUser=${cfg.authUser}" else ""}
${if cfg.authPass != "" then "AuthPass=${cfg.authPass}" else ""}
'';
environment.etc =
[ { source = pkgs.writeText "ssmtp.conf" ''
MailHub=${cfg.hostName}
FromLineOverride=YES
${if cfg.domain != "" then "rewriteDomain=${cfg.domain}" else ""}
UseTLS=${if cfg.useTLS then "YES" else "NO"}
UseSTARTTLS=${if cfg.useSTARTTLS then "YES" else "NO"}
#Debug=YES
${if cfg.authUser != "" then "AuthUser=${cfg.authUser}" else ""}
${if cfg.authPass != "" then "AuthPass=${cfg.authPass}" else ""}
'';
target = "ssmtp/ssmtp.conf";
}
];
environment.systemPackages = [pkgs.ssmtp];
};
environment.systemPackages = [pkgs.ssmtp];
}

61
modules/services/x11/desktop-managers/gnome.nix
View File

@ -1,47 +1,42 @@
{pkgs, config, ...}:
{ config, pkgs, ... }:
with pkgs.lib;
let
inherit (pkgs.lib) mkOption mkIf;
cfg = config.services.xserver.desktopManager.gnome;
gnome = pkgs.gnome;
options = { services = { xserver = { desktopManager = {
gnome = {
enable = mkOption {
default = false;
example = true;
description = "Enable a gnome terminal as a desktop manager.";
};
};
}; }; }; };
in
mkIf cfg.enable {
require = options;
{
services = {
xserver = {
options = {
desktopManager = {
session = [{
name = "gnome";
start = ''
${gnome.gnometerminal}/bin/gnome-terminal -ls &
waitPID=$!
'';
}];
services.xserver.desktopManager.gnome.enable = mkOption {
default = false;
example = true;
description = "Enable a gnome terminal as a desktop manager.";
};
};
config = mkIf cfg.enable {
services.xserver.desktopManager.session = singleton
{ name = "gnome";
start = ''
${gnome.gnometerminal}/bin/gnome-terminal -ls &
waitPID=$!
'';
};
};
environment.systemPackages =
[ gnome.gnometerminal
gnome.GConf
gnome.gconfeditor
];
};
environment = {
x11Packages = [
gnome.gnometerminal
gnome.GConf
gnome.gconfeditor
];
};
}

38
modules/services/x11/desktop-managers/xterm.nix
View File

@ -1,10 +1,14 @@
{pkgs, config, ...}:
{ config, pkgs, ... }:
with pkgs.lib;
let
inherit (pkgs.lib) mkOption mkIf;
cfg = config.services.xserver.desktopManager.xterm;
in
{
options = {
services.xserver.desktopManager.xterm.enable = mkOption {
@ -15,30 +19,18 @@ let
};
in
config = mkIf cfg.enable {
mkIf cfg.enable {
require = options;
services = {
xserver = {
desktopManager = {
session = [{
name = "xterm";
start = ''
${pkgs.xterm}/bin/xterm -ls &
waitPID=$!
'';
}];
services.xserver.desktopManager.session = singleton
{ name = "xterm";
start = ''
${pkgs.xterm}/bin/xterm -ls &
waitPID=$!
'';
};
};
environment.systemPackages = [ pkgs.xterm ];
};
environment = {
x11Packages = [
pkgs.xterm
];
};
}

38
modules/services/x11/window-managers/default.nix
View File

@ -1,25 +1,26 @@
{pkgs, config, ...}:
{ config, pkgs, ... }:
with pkgs.lib;
let
inherit (pkgs.lib) mkOption mergeOneOption any;
cfg = config.services.xserver.windowManager;
in
{
imports = [
./compiz.nix
./openbox.nix
./kwm.nix
./metacity.nix
./none.nix
./twm.nix
./wmii.nix
./xmonad.nix
./i3.nix
./xbmc.nix
];
imports =
[ ./compiz.nix
./openbox.nix
./metacity.nix
./none.nix
./twm.nix
./wmii.nix
./xmonad.nix
./i3.nix
./xbmc.nix
];
options = {
services.xserver.windowManager = {
session = mkOption {
@ -28,11 +29,11 @@ in
name = "wmii";
start = "...";
}];
description = "
description = ''
Internal option used to add some common line to window manager
scripts before forwarding the value to the
<varname>displayManager</varname>.
";
'';
apply = map (d: d // {
manage = "window";
});
@ -41,9 +42,7 @@ in
default = mkOption {
default = "none";
example = "wmii";
description = "
Default window manager loaded if none have been chosen.
";
description = "Default window manager loaded if none have been chosen.";
merge = mergeOneOption;
apply = defaultWM:
if any (w: w.name == defaultWM) cfg.session then
@ -53,6 +52,7 @@ in
};
};
};
config = {

46
modules/services/x11/window-managers/kwm.nix
View File

@ -1,46 +0,0 @@
{pkgs, config, ...}:
let
inherit (pkgs.lib) mkOption mkIf;
cfg = config.services.xserver.windowManager.kwm;
option = { services = { xserver = { windowManager = {
kwm = {
enable = mkOption {
default = false;
example = true;
description = "Enable the kwm window manager.";
};
};
}; }; }; };
in
mkIf cfg.enable {
require = option;
services = {
xserver = {
windowManager = {
session = [{
name = "kwm";
start = "
${pkgs.kde3.kdebase}/bin/kwin &
waitPID=$!
";
}];
};
};
};
environment = {
x11Packages = [
pkgs.kde3.kdelibs
pkgs.kde3.kdebase
];
};
}

61
modules/services/x11/window-managers/metacity.nix
View File

@ -1,49 +1,42 @@
{pkgs, config, ...}:
{ config, pkgs, ... }:
with pkgs.lib;
let
inherit (pkgs.lib) mkOption mkIf;
cfg = config.services.xserver.windowManager.metacity;
xorg = config.services.xserver.package;
gnome = pkgs.gnome;
option = { services = { xserver = { windowManager = {
metacity = {
enable = mkOption {
default = false;
example = true;
description = "Enable the metacity window manager.";
};
};
}; }; }; };
in
mkIf cfg.enable {
require = option;
{
options = {
services = {
xserver = {
services.xserver.windowManager.metacity.enable = mkOption {
default = false;
example = true;
description = "Enable the metacity window manager.";
};
windowManager = {
session = [{
name = "metacity";
start = ''
env LD_LIBRARY_PATH=${xorg.libX11}/lib:${xorg.libXext}/lib:/usr/lib/
# !!! Hack: load the schemas for Metacity.
GCONF_CONFIG_SOURCE=xml::~/.gconf ${gnome.GConf}/bin/gconftool-2 \
--makefile-install-rule ${gnome.metacity}/etc/gconf/schemas/*.schemas # */
${gnome.metacity}/bin/metacity &
waitPID=$!
'';
}];
};
config = mkIf cfg.enable {
services.xserver.windowManager.session = singleton
{ name = "metacity";
start = ''
env LD_LIBRARY_PATH=${xorg.libX11}/lib:${xorg.libXext}/lib:/usr/lib/
# !!! Hack: load the schemas for Metacity.
GCONF_CONFIG_SOURCE=xml::~/.gconf ${gnome.GConf}/bin/gconftool-2 \
--makefile-install-rule ${gnome.metacity}/etc/gconf/schemas/*.schemas # */
${gnome.metacity}/bin/metacity &
waitPID=$!
'';
};
};
environment.systemPackages = [ gnome.metacity ];
};
environment = {
x11Packages = [ gnome.metacity ];
};
}

57
modules/services/x11/window-managers/wmii.nix
View File

@ -1,27 +1,27 @@
{pkgs, config, ...}:
{ config, pkgs, ... }:
with pkgs.lib;
let
inherit (pkgs.lib) mkOption mkIf;
cfg = config.services.xserver.windowManager.wmii;
option = { services = { xserver = { windowManager = {
wmii = {
enable = mkOption {
default = false;
example = true;
description = "Enable the wmii window manager.";
};
};
}; }; }; };
in
mkIf cfg.enable {
require = option;
{
options = {
services = {
xserver = {
services.xserver.windowManager.wmii.enable = mkOption {
default = false;
example = true;
description = "Enable the wmii window manager.";
};
};
config = mkIf cfg.enable {
services.xserver.windowManager.session = singleton
# stop wmii by
# $wmiir xwrite /ctl quit
# this will cause wmii exiting with exit code 0
@ -32,23 +32,16 @@ mkIf cfg.enable {
# lost and all applications running on X will terminate.
# Another use case is kill -9 wmii; after rotating screen.
# Note: we don't like kill for that purpose. But it works (-> subject "wmii and xrandr" on mailinglist)
windowManager = {
session = [{
name = "wmii";
start = "
while :; do
${pkgs.wmiiSnap}/bin/wmii && break
done
";
}];
{ name = "wmii";
start = ''
while :; do
${pkgs.wmiiSnap}/bin/wmii && break
done
'';
};
};
environment.systemPackages = [ pkgs.wmiiSnap ];
};
environment = {
x11Packages = [
pkgs.wmiiSnap
];
};
}

140
modules/system/activation/top-level.nix
View File

@ -4,66 +4,6 @@ with pkgs.lib;
let
options = {
system.build = mkOption {
default = {};
description = ''
Attribute set of derivations used to setup the system.
'';
};
nesting.children = mkOption {
default = [];
description = ''
Additional configurations to build.
'';
};
nesting.clone = mkOption {
default = [];
description = ''
Additional configurations to build based on the current
configuration which is has a lower priority.
'';
};
system.boot.loader.id = mkOption {
default = "";
description = ''
Id string of the used bootloader.
'';
};
system.boot.loader.kernelFile = mkOption {
default = pkgs.stdenv.platform.kernelTarget;
type = types.uniq types.string;
description = ''
Name of the kernel file to be passed to the bootloader.
'';
};
system.copySystemConfiguration = mkOption {
default = false;
description = ''
If enabled, copies the NixOS configuration file
<literal>$NIXOS_CONFIG</literal> (usually
<filename>/etc/nixos/configuration.nix</filename>)
to the system store path.
'';
};
system.extraSystemBuilderCmds = mkOption {
default = "";
internal = true;
merge = concatStringsSep "\n";
description = ''
This code will be added to the builder creating the system store path.
'';
};
};
# This attribute is responsible for creating boot entries for
# child configuration. They are only (directly) accessible
@ -176,13 +116,79 @@ let
};
in {
require = [options];
in
system.extraSystemBuilderCmds =
optionalString
config.system.copySystemConfiguration
"cp ${maybeEnv "NIXOS_CONFIG" "/etc/nixos/configuration.nix"} $out";
{
options = {
system.build = mkOption {
default = {};
description = ''
Attribute set of derivations used to setup the system.
'';
};
nesting.children = mkOption {
default = [];
description = ''
Additional configurations to build.
'';
};
nesting.clone = mkOption {
default = [];
description = ''
Additional configurations to build based on the current
configuration which is has a lower priority.
'';
};
system.boot.loader.id = mkOption {
default = "";
description = ''
Id string of the used bootloader.
'';
};
system.boot.loader.kernelFile = mkOption {
default = pkgs.stdenv.platform.kernelTarget;
type = types.uniq types.string;
description = ''
Name of the kernel file to be passed to the bootloader.
'';
};
system.copySystemConfiguration = mkOption {
default = false;
description = ''
If enabled, copies the NixOS configuration file
<literal>$NIXOS_CONFIG</literal> (usually
<filename>/etc/nixos/configuration.nix</filename>)
to the system store path.
'';
};
system.extraSystemBuilderCmds = mkOption {
default = "";
internal = true;
merge = concatStringsSep "\n";
description = ''
This code will be added to the builder creating the system store path.
'';
};
};
config = {
system.extraSystemBuilderCmds =
optionalString
config.system.copySystemConfiguration
"cp ${maybeEnv "NIXOS_CONFIG" "/etc/nixos/configuration.nix"} $out";
system.build.toplevel = system;
};
system.build.toplevel = system;
}

95
modules/system/boot/loader/generations-dir/generations-dir.nix
View File

@ -1,48 +1,9 @@
{pkgs, config, ...}:
{ config, pkgs, ... }:
with pkgs.lib;
###### interface
let
inherit (pkgs.lib) mkOption mkIf;
options = {
boot = {
loader = {
generationsDir = {
enable = mkOption {
default = false;
description = ''
Whether to create symlinks to the system generations under
<literal>/boot</literal>. When enabled,
<literal>/boot/default/kernel</literal>,
<literal>/boot/default/initrd</literal>, etc., are updated to
point to the current generation's kernel image, initial RAM
disk, and other bootstrap files.
This optional is not necessary with boot loaders such as GNU GRUB
for which the menu is updated to point to the latest bootstrap
files. However, it is needed for U-Boot on platforms where the
boot command line is stored in flash memory rather than in a
menu file.
'';
};
copyKernels = mkOption {
default = false;
description = "
Whether copy the necessary boot files into /boot, so
/nix/store is not needed by the boot loader.
";
};
};
};
};
};
in
###### implementation
let
generationsDirBuilder = pkgs.substituteAll {
src = ./generations-dir-builder.sh;
isExecutable = true;
@ -53,18 +14,50 @@ let
# Temporary check, for nixos to cope both with nixpkgs stdenv-updates and trunk
platform = pkgs.stdenv.platform;
in
{
require = [
options
options = {
# config.system.build
# ../system/system-options.nix
];
boot.loader.generationsDir = {
enable = mkOption {
default = false;
description = ''
Whether to create symlinks to the system generations under
<literal>/boot</literal>. When enabled,
<literal>/boot/default/kernel</literal>,
<literal>/boot/default/initrd</literal>, etc., are updated to
point to the current generation's kernel image, initial RAM
disk, and other bootstrap files.
This optional is not necessary with boot loaders such as GNU GRUB
for which the menu is updated to point to the latest bootstrap
files. However, it is needed for U-Boot on platforms where the
boot command line is stored in flash memory rather than in a
menu file.
'';
};
copyKernels = mkOption {
default = false;
description = "
Whether copy the necessary boot files into /boot, so
/nix/store is not needed by the boot loader.
";
};
};
};
config = mkIf config.boot.loader.generationsDir.enable {
system.build.installBootLoader = generationsDirBuilder;
system.boot.loader.id = "generationsDir";
system.boot.loader.kernelFile = platform.kernelTarget;
system = mkIf config.boot.loader.generationsDir.enable {
build.installBootLoader = generationsDirBuilder;
boot.loader.id = "generationsDir";
boot.loader.kernelFile = platform.kernelTarget;
};
}

53
modules/system/boot/loader/raspberrypi/raspberrypi.nix
View File

@ -1,30 +1,9 @@
{pkgs, config, ...}:
{ config, pkgs, ... }:
with pkgs.lib;
###### interface
let
inherit (pkgs.lib) mkOption mkIf;
options = {
boot = {
loader = {
raspberryPi = {
enable = mkOption {
default = false;
description = ''
Whether to create files with the system generations in
<literal>/boot</literal>.
<literal>/boot/old</literal> will hold files from old generations.
'';
};
};
};
};
};
in
###### implementation
let
builder = pkgs.substituteAll {
src = ./builder.sh;
isExecutable = true;
@ -34,18 +13,26 @@ let
};
platform = pkgs.stdenv.platform;
in
{
require = [
options
options = {
# config.system.build
# ../system/system-options.nix
];
boot.loader.raspberryPi.enable = mkOption {
default = false;
description = ''
Whether to create files with the system generations in
<literal>/boot</literal>.
<literal>/boot/old</literal> will hold files from old generations.
'';
};
system = mkIf config.boot.loader.raspberryPi.enable {
build.installBootLoader = builder;
boot.loader.id = "raspberrypi";
boot.loader.kernelFile = platform.kernelTarget;
};
config = mkIf config.boot.loader.raspberryPi.enable {
system.build.installBootLoader = builder;
system.boot.loader.id = "raspberrypi";
system.boot.loader.kernelFile = platform.kernelTarget;
};
}

257
modules/system/boot/stage-1.nix
View File

@ -11,116 +11,6 @@ let
udev = config.systemd.package;
options = {
boot.resumeDevice = mkOption {
default = "";
example = "0:0";
description = "
Device for manual resume attempt during boot. Looks like
major:minor. ls -l /dev/SWAP_PARTION shows them.
";
};
boot.initrd.enableSplashScreen = mkOption {
default = true;
description = "
Whether to show a nice splash screen while booting.
";
};
boot.initrd.checkJournalingFS = mkOption {
default = true;
type = types.bool;
description = ''
Whether to run fsck on journaling filesystems such as ext3.
'';
};
boot.initrd.mdadmConf = mkOption {
default = "";
type = with types; string;
description = ''
Contents of /etc/mdadm.conf at initrd.
'';
};
boot.initrd.preLVMCommands = mkOption {
default = "";
type = with types; string;
description = ''
Shell commands to be executed immediately before lvm discovery.
'';
};
boot.initrd.postDeviceCommands = mkOption {
default = "";
type = with types; string;
description = ''
Shell commands to be executed immediately after stage 1 of the
boot has loaded kernel modules and created device nodes in
/dev.
'';
};
boot.initrd.postMountCommands = mkOption {
default = "";
type = with types; string;
description = ''
Shell commands to be executed immediately after the stage 1
filesystems have been mounted.
'';
};
boot.initrd.extraUtilsCommands = mkOption {
internal = true;
default = "";
type = with types; string;
description = ''
Shell commands to be executed in the builder of the
extra-utils derivation. This can be used to provide
additional utilities in the initial ramdisk.
'';
};
boot.initrd.extraUtilsCommandsTest = mkOption {
internal = true;
default = "";
type = with types; string;
description = ''
Shell commands to be executed in the builder of the
extra-utils derivation after patchelf has done its
job. This can be used to test additional utilities
copied in extraUtilsCommands.
'';
};
boot.initrd.compressor = mkOption {
default = "gzip -9";
type = types.string;
description = "The compressor to use on the initrd";
example = "xz";
};
fileSystems = mkOption {
options.neededForBoot = mkOption {
default = false;
type = types.bool;
description = ''
If set, this file system will be mounted in the initial
ramdisk. By default, this applies to the root file system
and to the file system containing
<filename>/nix/store</filename>.
'';
};
};
};
kernelPackages = config.boot.kernelPackages;
modulesTree = config.system.modulesTree;
@ -141,14 +31,15 @@ let
&& kernelPackages.kernel.features.needsCifsUtils
&& any (fs: fs.fsType == "cifs") fileSystems;
busybox = if needsCifsUtils
then pkgs.busybox.override {
extraConfig = ''
CONFIG_FEATURE_MOUNT_CIFS n
CONFIG_FEATURE_MOUNT_HELPERS y
'';
}
else pkgs.busybox;
busybox =
if needsCifsUtils
then pkgs.busybox.override {
extraConfig = ''
CONFIG_FEATURE_MOUNT_CIFS n
CONFIG_FEATURE_MOUNT_HELPERS y
'';
}
else pkgs.busybox;
# Some additional utilities needed in stage 1, like mount, lvm, fsck
@ -351,16 +242,128 @@ let
];
};
in {
in
require = [options];
{
options = {
system.build.bootStage1 = bootStage1;
system.build.initialRamdisk = initialRamdisk;
system.build.extraUtils = extraUtils;
boot.resumeDevice = mkOption {
default = "";
example = "0:0";
description = "
Device for manual resume attempt during boot. Looks like
major:minor. ls -l /dev/SWAP_PARTION shows them.
";
};
system.requiredKernelConfig = with config.lib.kernelConfig; [
(isYes "TMPFS")
(isYes "BLK_DEV_INITRD")
];
boot.initrd.enableSplashScreen = mkOption {
default = true;
description = "
Whether to show a nice splash screen while booting.
";
};
boot.initrd.checkJournalingFS = mkOption {
default = true;
type = types.bool;
description = ''
Whether to run fsck on journaling filesystems such as ext3.
'';
};
boot.initrd.mdadmConf = mkOption {
default = "";
type = with types; string;
description = ''
Contents of /etc/mdadm.conf at initrd.
'';
};
boot.initrd.preLVMCommands = mkOption {
default = "";
type = with types; string;
description = ''
Shell commands to be executed immediately before lvm discovery.
'';
};
boot.initrd.postDeviceCommands = mkOption {
default = "";
type = with types; string;
description = ''
Shell commands to be executed immediately after stage 1 of the
boot has loaded kernel modules and created device nodes in
/dev.
'';
};
boot.initrd.postMountCommands = mkOption {
default = "";
type = with types; string;
description = ''
Shell commands to be executed immediately after the stage 1
filesystems have been mounted.
'';
};
boot.initrd.extraUtilsCommands = mkOption {
internal = true;
default = "";
type = with types; string;
description = ''
Shell commands to be executed in the builder of the
extra-utils derivation. This can be used to provide
additional utilities in the initial ramdisk.
'';
};
boot.initrd.extraUtilsCommandsTest = mkOption {
internal = true;
default = "";
type = with types; string;
description = ''
Shell commands to be executed in the builder of the
extra-utils derivation after patchelf has done its
job. This can be used to test additional utilities
copied in extraUtilsCommands.
'';
};
boot.initrd.compressor = mkOption {
default = "gzip -9";
type = types.string;
description = "The compressor to use on the initrd";
example = "xz";
};
fileSystems = mkOption {
options.neededForBoot = mkOption {
default = false;
type = types.bool;
description = ''
If set, this file system will be mounted in the initial
ramdisk. By default, this applies to the root file system
and to the file system containing
<filename>/nix/store</filename>.
'';
};
};
};
config = {
system.build.bootStage1 = bootStage1;
system.build.initialRamdisk = initialRamdisk;
system.build.extraUtils = extraUtils;
system.requiredKernelConfig = with config.lib.kernelConfig; [
(isYes "TMPFS")
(isYes "BLK_DEV_INITRD")
];
};
}

67
modules/system/boot/stage-2.nix
View File

@ -4,6 +4,38 @@ with pkgs.lib;
let
kernel = config.boot.kernelPackages.kernel;
activateConfiguration = config.system.activationScripts.script;
readonlyMountpoint = pkgs.runCommand "readonly-mountpoint" {} ''
mkdir -p $out/bin
cc -O3 ${./readonly-mountpoint.c} -o $out/bin/readonly-mountpoint
strip -s $out/bin/readonly-mountpoint
'';
bootStage2 = pkgs.substituteAll {
src = ./stage-2-init.sh;
shellDebug = "${pkgs.bashInteractive}/bin/bash";
isExecutable = true;
inherit (config.boot) devShmSize runSize cleanTmpDir;
inherit (config.nix) readOnlyStore;
ttyGid = config.ids.gids.tty;
path =
[ pkgs.coreutils
pkgs.utillinux
pkgs.sysvtools
] ++ (optional config.boot.cleanTmpDir pkgs.findutils)
++ optional config.nix.readOnlyStore readonlyMountpoint;
postBootCommands = pkgs.writeText "local-cmds"
''
${config.boot.postBootCommands}
${config.powerManagement.powerUpCommands}
'';
};
in
{
options = {
boot = {
@ -59,39 +91,10 @@ let
};
kernel = config.boot.kernelPackages.kernel;
activateConfiguration = config.system.activationScripts.script;
readonlyMountpoint = pkgs.runCommand "readonly-mountpoint" {} ''
mkdir -p $out/bin
cc -O3 ${./readonly-mountpoint.c} -o $out/bin/readonly-mountpoint
strip -s $out/bin/readonly-mountpoint
'';
config = {
system.build.bootStage2 = bootStage2;
bootStage2 = pkgs.substituteAll {
src = ./stage-2-init.sh;
shellDebug = "${pkgs.bashInteractive}/bin/bash";
isExecutable = true;
inherit (config.boot) devShmSize runSize cleanTmpDir;
inherit (config.nix) readOnlyStore;
ttyGid = config.ids.gids.tty;
path =
[ pkgs.coreutils
pkgs.utillinux
pkgs.sysvtools
] ++ (optional config.boot.cleanTmpDir pkgs.findutils)
++ optional config.nix.readOnlyStore readonlyMountpoint;
postBootCommands = pkgs.writeText "local-cmds"
''
${config.boot.postBootCommands}
${config.powerManagement.powerUpCommands}
'';
};
in
{
require = [options];
system.build.bootStage2 = bootStage2;
}

2
modules/virtualisation/amazon-config.nix
View File

@ -1,5 +1,5 @@
{ config, pkgs, modulesPath, ... }:
{
require = [ "${modulesPath}/virtualisation/amazon-image.nix" ];
imports = [ "${modulesPath}/virtualisation/amazon-image.nix" ];
}

4
modules/virtualisation/amazon-image.nix
View File

@ -3,7 +3,7 @@
with pkgs.lib;
{
require = [ ../profiles/headless.nix ./ec2-data.nix ];
imports = [ ../profiles/headless.nix ./ec2-data.nix ];
system.build.amazonImage =
pkgs.vmTools.runInLinuxVM (
@ -83,7 +83,7 @@ with pkgs.lib;
udevadm control --exit || true
kill -9 -1
'';
# Mount all formatted ephemeral disks and activate all swap devices.
# We cannot do this with the fileSystems and swapDevices options
# because the set of devices is dependent on the instance type

139
modules/virtualisation/ec2-data.nix
View File

@ -5,7 +5,8 @@
{ config, pkgs, ... }:
with pkgs.lib;
let
{
options = {
ec2.metadata = mkOption {
type = types.bool;
@ -15,84 +16,84 @@ let
'';
};
};
in
{
require = [options];
systemd.services."fetch-ec2-data" =
{ description = "Fetch EC2 Data";
config = {
wantedBy = [ "multi-user.target" ];
before = [ "sshd.service" ];
after = [ "network.target" ];
systemd.services."fetch-ec2-data" =
{ description = "Fetch EC2 Data";
path = [ pkgs.curl pkgs.iproute ];
wantedBy = [ "multi-user.target" ];
before = [ "sshd.service" ];
after = [ "network.target" ];
script =
''
ip route del blackhole 169.254.169.254/32 || true
path = [ pkgs.curl pkgs.iproute ];
curl="curl --retry 3 --retry-delay 0 --fail"
script =
''
ip route del blackhole 169.254.169.254/32 || true
echo "setting host name..."
${optionalString (config.networking.hostName == "") ''
${pkgs.nettools}/bin/hostname $($curl http://169.254.169.254/1.0/meta-data/hostname)
''}
curl="curl --retry 3 --retry-delay 0 --fail"
# Don't download the SSH key if it has already been injected
# into the image (a Nova feature).
if ! [ -e /root/.ssh/authorized_keys ]; then
echo "obtaining SSH key..."
mkdir -p /root/.ssh
$curl -o /root/key.pub http://169.254.169.254/1.0/meta-data/public-keys/0/openssh-key
if [ $? -eq 0 -a -e /root/key.pub ]; then
if ! grep -q -f /root/key.pub /root/.ssh/authorized_keys; then
cat /root/key.pub >> /root/.ssh/authorized_keys
echo "new key added to authorized_keys"
fi
chmod 600 /root/.ssh/authorized_keys
rm -f /root/key.pub
fi
fi
echo "setting host name..."
${optionalString (config.networking.hostName == "") ''
${pkgs.nettools}/bin/hostname $($curl http://169.254.169.254/1.0/meta-data/hostname)
''}
# Extract the intended SSH host key for this machine from
# the supplied user data, if available. Otherwise sshd will
# generate one normally.
$curl http://169.254.169.254/2011-01-01/user-data > /root/user-data || true
key="$(sed 's/|/\n/g; s/SSH_HOST_DSA_KEY://; t; d' /root/user-data)"
key_pub="$(sed 's/SSH_HOST_DSA_KEY_PUB://; t; d' /root/user-data)"
if [ -n "$key" -a -n "$key_pub" -a ! -e /etc/ssh/ssh_host_dsa_key ]; then
mkdir -m 0755 -p /etc/ssh
(umask 077; echo "$key" > /etc/ssh/ssh_host_dsa_key)
echo "$key_pub" > /etc/ssh/ssh_host_dsa_key.pub
fi
# Don't download the SSH key if it has already been injected
# into the image (a Nova feature).
if ! [ -e /root/.ssh/authorized_keys ]; then
echo "obtaining SSH key..."
mkdir -p /root/.ssh
$curl -o /root/key.pub http://169.254.169.254/1.0/meta-data/public-keys/0/openssh-key
if [ $? -eq 0 -a -e /root/key.pub ]; then
if ! grep -q -f /root/key.pub /root/.ssh/authorized_keys; then
cat /root/key.pub >> /root/.ssh/authorized_keys
echo "new key added to authorized_keys"
fi
chmod 600 /root/.ssh/authorized_keys
rm -f /root/key.pub
fi
fi
${optionalString (! config.ec2.metadata) ''
# Since the user data is sensitive, prevent it from being
# accessed from now on.
ip route add blackhole 169.254.169.254/32
''}
'';
# Extract the intended SSH host key for this machine from
# the supplied user data, if available. Otherwise sshd will
# generate one normally.
$curl http://169.254.169.254/2011-01-01/user-data > /root/user-data || true
key="$(sed 's/|/\n/g; s/SSH_HOST_DSA_KEY://; t; d' /root/user-data)"
key_pub="$(sed 's/SSH_HOST_DSA_KEY_PUB://; t; d' /root/user-data)"
if [ -n "$key" -a -n "$key_pub" -a ! -e /etc/ssh/ssh_host_dsa_key ]; then
mkdir -m 0755 -p /etc/ssh
(umask 077; echo "$key" > /etc/ssh/ssh_host_dsa_key)
echo "$key_pub" > /etc/ssh/ssh_host_dsa_key.pub
fi
serviceConfig.Type = "oneshot";
serviceConfig.RemainAfterExit = true;
};
${optionalString (! config.ec2.metadata) ''
# Since the user data is sensitive, prevent it from being
# accessed from now on.
ip route add blackhole 169.254.169.254/32
''}
'';
systemd.services."print-host-key" =
{ description = "Print SSH Host Key";
wantedBy = [ "multi-user.target" ];
after = [ "sshd.service" ];
script =
''
# Print the host public key on the console so that the user
# can obtain it securely by parsing the output of
# ec2-get-console-output.
echo "-----BEGIN SSH HOST KEY FINGERPRINTS-----" > /dev/console
${pkgs.openssh}/bin/ssh-keygen -l -f /etc/ssh/ssh_host_dsa_key.pub > /dev/console
echo "-----END SSH HOST KEY FINGERPRINTS-----" > /dev/console
'';
serviceConfig.Type = "oneshot";
serviceConfig.RemainAfterExit = true;
};
serviceConfig.Type = "oneshot";
serviceConfig.RemainAfterExit = true;
};
systemd.services."print-host-key" =
{ description = "Print SSH Host Key";
wantedBy = [ "multi-user.target" ];
after = [ "sshd.service" ];
script =
''
# Print the host public key on the console so that the user
# can obtain it securely by parsing the output of
# ec2-get-console-output.
echo "-----BEGIN SSH HOST KEY FINGERPRINTS-----" > /dev/console
${pkgs.openssh}/bin/ssh-keygen -l -f /etc/ssh/ssh_host_dsa_key.pub > /dev/console
echo "-----END SSH HOST KEY FINGERPRINTS-----" > /dev/console
'';
serviceConfig.Type = "oneshot";
serviceConfig.RemainAfterExit = true;
};
};
}

2
modules/virtualisation/nova-config.nix
View File

@ -1,5 +1,5 @@
{ config, pkgs, modulesPath, ... }:
{
require = [ "${modulesPath}/virtualisation/nova-image.nix" ];
imports = [ "${modulesPath}/virtualisation/nova-image.nix" ];
}

2
modules/virtualisation/nova-image.nix
View File

@ -3,7 +3,7 @@
with pkgs.lib;
{
require = [ ../profiles/qemu-guest.nix ../profiles/headless.nix ./ec2-data.nix ];
imports = [ ../profiles/qemu-guest.nix ../profiles/headless.nix ./ec2-data.nix ];
system.build.novaImage =
pkgs.vmTools.runInLinuxVM (

482
modules/virtualisation/qemu-vm.nix
View File

@ -18,6 +18,123 @@ let
then "noname"
else config.networking.hostName;
cfg = config.virtualisation;
qemuGraphics = if cfg.graphics then "" else "-nographic";
kernelConsole = if cfg.graphics then "" else "console=ttyS0";
ttys = [ "tty1" "tty2" "tty3" "tty4" "tty5" "tty6" ];
# Shell script to start the VM.
startVM =
''
#! ${pkgs.stdenv.shell}
NIX_DISK_IMAGE=$(readlink -f ''${NIX_DISK_IMAGE:-${config.virtualisation.diskImage}})
if ! test -e "$NIX_DISK_IMAGE"; then
${pkgs.qemu_kvm}/bin/qemu-img create -f qcow2 "$NIX_DISK_IMAGE" \
${toString config.virtualisation.diskSize}M || exit 1
fi
# Create a directory for exchanging data with the VM.
if [ -z "$TMPDIR" -o -z "$USE_TMPDIR" ]; then
TMPDIR=$(mktemp -d nix-vm.XXXXXXXXXX --tmpdir)
fi
cd $TMPDIR
mkdir -p $TMPDIR/xchg
idx=2
extraDisks=""
${flip concatMapStrings cfg.emptyDiskImages (size: ''
${pkgs.qemu_kvm}/bin/qemu-img create -f raw "empty$idx" "${toString size}M"
extraDisks="$extraDisks -drive index=$idx,file=$(pwd)/empty$idx,if=virtio,werror=report"
idx=$((idx + 1))
'')}
# Start QEMU.
# "-boot menu=on" is there, because I don't know how to make qemu boot from 2nd hd.
exec ${pkgs.qemu_kvm}/bin/qemu-kvm \
-name ${vmName} \
-m ${toString config.virtualisation.memorySize} \
${optionalString (pkgs.stdenv.system == "x86_64-linux") "-cpu kvm64"} \
-net nic,vlan=0,model=virtio \
-net user,vlan=0''${QEMU_NET_OPTS:+,$QEMU_NET_OPTS} \
-virtfs local,path=/nix/store,security_model=none,mount_tag=store \
-virtfs local,path=$TMPDIR/xchg,security_model=none,mount_tag=xchg \
-virtfs local,path=''${SHARED_DIR:-$TMPDIR/xchg},security_model=none,mount_tag=shared \
${if cfg.useBootLoader then ''
-drive index=0,id=drive1,file=$NIX_DISK_IMAGE,if=virtio,cache=writeback,werror=report \
-drive index=1,id=drive2,file=${bootDisk}/disk.img,if=virtio,readonly \
-boot menu=on
'' else ''
-drive file=$NIX_DISK_IMAGE,if=virtio,cache=writeback,werror=report \
-kernel ${config.system.build.toplevel}/kernel \
-initrd ${config.system.build.toplevel}/initrd \
-append "$(cat ${config.system.build.toplevel}/kernel-params) init=${config.system.build.toplevel}/init regInfo=${regInfo} ${kernelConsole} $QEMU_KERNEL_PARAMS" \
''} \
$extraDisks \
${qemuGraphics} \
${toString config.virtualisation.qemu.options} \
$QEMU_OPTS
'';
regInfo = pkgs.runCommand "reginfo"
{ exportReferencesGraph =
map (x: [("closure-" + baseNameOf x) x]) config.virtualisation.pathsInNixDB;
buildInputs = [ pkgs.perl ];
preferLocalBuild = true;
}
''
printRegistration=1 perl ${pkgs.pathsFromGraph} closure-* > $out
'';
# Generate a hard disk image containing a /boot partition and GRUB
# in the MBR. Used when the `useBootLoader' option is set.
bootDisk =
pkgs.vmTools.runInLinuxVM (
pkgs.runCommand "nixos-boot-disk"
{ preVM =
''
mkdir $out
diskImage=$out/disk.img
${pkgs.qemu_kvm}/bin/qemu-img create -f qcow2 $diskImage "32M"
'';
buildInputs = [ pkgs.utillinux ];
}
''
# Create a single /boot partition.
${pkgs.parted}/sbin/parted /dev/vda mklabel msdos
${pkgs.parted}/sbin/parted /dev/vda -- mkpart primary ext2 1M -1s
. /sys/class/block/vda1/uevent
mknod /dev/vda1 b $MAJOR $MINOR
. /sys/class/block/vda/uevent
${pkgs.e2fsprogs}/sbin/mkfs.ext4 -L boot /dev/vda1
${pkgs.e2fsprogs}/sbin/tune2fs -c 0 -i 0 /dev/vda1
# Mount /boot.
mkdir /boot
mount /dev/vda1 /boot
# This is needed for GRUB 0.97, which doesn't know about virtio devices.
mkdir /boot/grub
echo '(hd0) /dev/vda' > /boot/grub/device.map
# Install GRUB and generate the GRUB boot menu.
touch /etc/NIXOS
mkdir -p /nix/var/nix/profiles
${config.system.build.toplevel}/bin/switch-to-configuration boot
umount /boot
''
);
in
{
imports = [ ../profiles/qemu-guest.nix ];
options = {
virtualisation.memorySize =
@ -154,264 +271,151 @@ let
};
cfg = config.virtualisation;
config = {
qemuGraphics = if cfg.graphics then "" else "-nographic";
kernelConsole = if cfg.graphics then "" else "console=ttyS0";
ttys = [ "tty1" "tty2" "tty3" "tty4" "tty5" "tty6" ];
boot.loader.grub.device = mkOverride 50 "/dev/vda";
# Shell script to start the VM.
startVM =
''
#! ${pkgs.stdenv.shell}
boot.initrd.supportedFilesystems = optional cfg.writableStore "unionfs-fuse";
NIX_DISK_IMAGE=$(readlink -f ''${NIX_DISK_IMAGE:-${config.virtualisation.diskImage}})
boot.initrd.extraUtilsCommands =
''
# We need mke2fs in the initrd.
cp ${pkgs.e2fsprogs}/sbin/mke2fs $out/bin
'';
if ! test -e "$NIX_DISK_IMAGE"; then
${pkgs.qemu_kvm}/bin/qemu-img create -f qcow2 "$NIX_DISK_IMAGE" \
${toString config.virtualisation.diskSize}M || exit 1
fi
boot.initrd.postDeviceCommands =
''
# If the disk image appears to be empty, run mke2fs to
# initialise.
FSTYPE=$(blkid -o value -s TYPE /dev/vda || true)
if test -z "$FSTYPE"; then
mke2fs -t ext4 /dev/vda
fi
'';
# Create a directory for exchanging data with the VM.
if [ -z "$TMPDIR" -o -z "$USE_TMPDIR" ]; then
TMPDIR=$(mktemp -d nix-vm.XXXXXXXXXX --tmpdir)
fi
cd $TMPDIR
mkdir -p $TMPDIR/xchg
boot.initrd.postMountCommands =
''
# Mark this as a NixOS machinex.
mkdir -p $targetRoot/etc
echo -n > $targetRoot/etc/NIXOS
idx=2
extraDisks=""
${flip concatMapStrings cfg.emptyDiskImages (size: ''
${pkgs.qemu_kvm}/bin/qemu-img create -f raw "empty$idx" "${toString size}M"
extraDisks="$extraDisks -drive index=$idx,file=$(pwd)/empty$idx,if=virtio,werror=report"
idx=$((idx + 1))
'')}
# Fix the permissions on /tmp.
chmod 1777 $targetRoot/tmp
# Start QEMU.
# "-boot menu=on" is there, because I don't know how to make qemu boot from 2nd hd.
exec ${pkgs.qemu_kvm}/bin/qemu-kvm \
-name ${vmName} \
-m ${toString config.virtualisation.memorySize} \
${optionalString (pkgs.stdenv.system == "x86_64-linux") "-cpu kvm64"} \
-net nic,vlan=0,model=virtio \
-net user,vlan=0''${QEMU_NET_OPTS:+,$QEMU_NET_OPTS} \
-virtfs local,path=/nix/store,security_model=none,mount_tag=store \
-virtfs local,path=$TMPDIR/xchg,security_model=none,mount_tag=xchg \
-virtfs local,path=''${SHARED_DIR:-$TMPDIR/xchg},security_model=none,mount_tag=shared \
${if cfg.useBootLoader then ''
-drive index=0,id=drive1,file=$NIX_DISK_IMAGE,if=virtio,cache=writeback,werror=report \
-drive index=1,id=drive2,file=${bootDisk}/disk.img,if=virtio,readonly \
-boot menu=on
mkdir -p $targetRoot/boot
mount -o remount,ro $targetRoot/nix/store
${optionalString cfg.writableStore ''
mkdir -p /unionfs-chroot/ro-store
mount --rbind $targetRoot/nix/store /unionfs-chroot/ro-store
mkdir /unionfs-chroot/rw-store
${if cfg.writableStoreUseTmpfs then ''
mount -t tmpfs -o "mode=755" none /unionfs-chroot/rw-store
'' else ''
-drive file=$NIX_DISK_IMAGE,if=virtio,cache=writeback,werror=report \
-kernel ${config.system.build.toplevel}/kernel \
-initrd ${config.system.build.toplevel}/initrd \
-append "$(cat ${config.system.build.toplevel}/kernel-params) init=${config.system.build.toplevel}/init regInfo=${regInfo} ${kernelConsole} $QEMU_KERNEL_PARAMS" \
''} \
$extraDisks \
${qemuGraphics} \
${toString config.virtualisation.qemu.options} \
$QEMU_OPTS
'';
mkdir $targetRoot/.nix-rw-store
mount --bind $targetRoot/.nix-rw-store /unionfs-chroot/rw-store
''}
regInfo = pkgs.runCommand "reginfo"
{ exportReferencesGraph =
map (x: [("closure-" + baseNameOf x) x]) config.virtualisation.pathsInNixDB;
buildInputs = [ pkgs.perl ];
preferLocalBuild = true;
}
''
printRegistration=1 perl ${pkgs.pathsFromGraph} closure-* > $out
'';
# Generate a hard disk image containing a /boot partition and GRUB
# in the MBR. Used when the `useBootLoader' option is set.
bootDisk =
pkgs.vmTools.runInLinuxVM (
pkgs.runCommand "nixos-boot-disk"
{ preVM =
''
mkdir $out
diskImage=$out/disk.img
${pkgs.qemu_kvm}/bin/qemu-img create -f qcow2 $diskImage "32M"
'';
buildInputs = [ pkgs.utillinux ];
}
''
# Create a single /boot partition.
${pkgs.parted}/sbin/parted /dev/vda mklabel msdos
${pkgs.parted}/sbin/parted /dev/vda -- mkpart primary ext2 1M -1s
. /sys/class/block/vda1/uevent
mknod /dev/vda1 b $MAJOR $MINOR
. /sys/class/block/vda/uevent
${pkgs.e2fsprogs}/sbin/mkfs.ext4 -L boot /dev/vda1
${pkgs.e2fsprogs}/sbin/tune2fs -c 0 -i 0 /dev/vda1
# Mount /boot.
mkdir /boot
mount /dev/vda1 /boot
# This is needed for GRUB 0.97, which doesn't know about virtio devices.
mkdir /boot/grub
echo '(hd0) /dev/vda' > /boot/grub/device.map
# Install GRUB and generate the GRUB boot menu.
touch /etc/NIXOS
mkdir -p /nix/var/nix/profiles
${config.system.build.toplevel}/bin/switch-to-configuration boot
umount /boot
''
);
in
{
require = [ options ../profiles/qemu-guest.nix ];
boot.loader.grub.device = mkOverride 50 "/dev/vda";
boot.initrd.supportedFilesystems = optional cfg.writableStore "unionfs-fuse";
boot.initrd.extraUtilsCommands =
''
# We need mke2fs in the initrd.
cp ${pkgs.e2fsprogs}/sbin/mke2fs $out/bin
'';
boot.initrd.postDeviceCommands =
''
# If the disk image appears to be empty, run mke2fs to
# initialise.
FSTYPE=$(blkid -o value -s TYPE /dev/vda || true)
if test -z "$FSTYPE"; then
mke2fs -t ext4 /dev/vda
fi
'';
boot.initrd.postMountCommands =
''
# Mark this as a NixOS machinex.
mkdir -p $targetRoot/etc
echo -n > $targetRoot/etc/NIXOS
# Fix the permissions on /tmp.
chmod 1777 $targetRoot/tmp
mkdir -p $targetRoot/boot
mount -o remount,ro $targetRoot/nix/store
${optionalString cfg.writableStore ''
mkdir -p /unionfs-chroot/ro-store
mount --rbind $targetRoot/nix/store /unionfs-chroot/ro-store
mkdir /unionfs-chroot/rw-store
${if cfg.writableStoreUseTmpfs then ''
mount -t tmpfs -o "mode=755" none /unionfs-chroot/rw-store
'' else ''
mkdir $targetRoot/.nix-rw-store
mount --bind $targetRoot/.nix-rw-store /unionfs-chroot/rw-store
unionfs -o allow_other,cow,nonempty,chroot=/unionfs-chroot,max_files=32768,hide_meta_files /rw-store=RW:/ro-store=RO $targetRoot/nix/store
''}
'';
unionfs -o allow_other,cow,nonempty,chroot=/unionfs-chroot,max_files=32768,hide_meta_files /rw-store=RW:/ro-store=RO $targetRoot/nix/store
''}
'';
# After booting, register the closure of the paths in
# `virtualisation.pathsInNixDB' in the Nix database in the VM. This
# allows Nix operations to work in the VM. The path to the
# registration file is passed through the kernel command line to
# allow `system.build.toplevel' to be included. (If we had a direct
# reference to ${regInfo} here, then we would get a cyclic
# dependency.)
boot.postBootCommands =
''
if [[ "$(cat /proc/cmdline)" =~ regInfo=([^ ]*) ]]; then
${config.environment.nix}/bin/nix-store --load-db < ''${BASH_REMATCH[1]}
fi
'';
# After booting, register the closure of the paths in
# `virtualisation.pathsInNixDB' in the Nix database in the VM. This
# allows Nix operations to work in the VM. The path to the
# registration file is passed through the kernel command line to
# allow `system.build.toplevel' to be included. (If we had a direct
# reference to ${regInfo} here, then we would get a cyclic
# dependency.)
boot.postBootCommands =
''
if [[ "$(cat /proc/cmdline)" =~ regInfo=([^ ]*) ]]; then
${config.environment.nix}/bin/nix-store --load-db < ''${BASH_REMATCH[1]}
fi
'';
virtualisation.pathsInNixDB = [ config.system.build.toplevel ];
virtualisation.pathsInNixDB = [ config.system.build.toplevel ];
virtualisation.qemu.options = [ "-vga std" "-usbdevice tablet" ];
virtualisation.qemu.options = [ "-vga std" "-usbdevice tablet" ];
# Mount the host filesystem via 9P, and bind-mount the Nix store of
# the host into our own filesystem. We use mkOverride to allow this
# module to be applied to "normal" NixOS system configuration, where
# the regular value for the `fileSystems' attribute should be
# disregarded for the purpose of building a VM test image (since
# those filesystems don't exist in the VM).
fileSystems = mkOverride 10
{ "/".device = "/dev/vda";
"/nix/store" =
{ device = "store";
fsType = "9p";
options = "trans=virtio,version=9p2000.L,msize=1048576,cache=loose";
};
"/tmp/xchg" =
{ device = "xchg";
fsType = "9p";
options = "trans=virtio,version=9p2000.L,msize=1048576,cache=loose";
neededForBoot = true;
};
"/tmp/shared" =
{ device = "shared";
fsType = "9p";
options = "trans=virtio,version=9p2000.L,msize=1048576";
neededForBoot = true;
};
} // optionalAttrs cfg.useBootLoader
{ "/boot" =
{ device = "/dev/disk/by-label/boot";
fsType = "ext4";
options = "ro";
noCheck = true; # fsck fails on a r/o filesystem
};
};
# Mount the host filesystem via 9P, and bind-mount the Nix store of
# the host into our own filesystem. We use mkOverride to allow this
# module to be applied to "normal" NixOS system configuration, where
# the regular value for the `fileSystems' attribute should be
# disregarded for the purpose of building a VM test image (since
# those filesystems don't exist in the VM).
fileSystems = mkOverride 10
{ "/".device = "/dev/vda";
"/nix/store" =
{ device = "store";
fsType = "9p";
options = "trans=virtio,version=9p2000.L,msize=1048576,cache=loose";
};
"/tmp/xchg" =
{ device = "xchg";
fsType = "9p";
options = "trans=virtio,version=9p2000.L,msize=1048576,cache=loose";
neededForBoot = true;
};
"/tmp/shared" =
{ device = "shared";
fsType = "9p";
options = "trans=virtio,version=9p2000.L,msize=1048576";
neededForBoot = true;
};
} // optionalAttrs cfg.useBootLoader
{ "/boot" =
{ device = "/dev/disk/by-label/boot";
fsType = "ext4";
options = "ro";
noCheck = true; # fsck fails on a r/o filesystem
};
};
swapDevices = mkOverride 50 [ ];
swapDevices = mkOverride 50 [ ];
# Don't run ntpd in the guest. It should get the correct time from KVM.
services.ntp.enable = false;
# Don't run ntpd in the guest. It should get the correct time from KVM.
services.ntp.enable = false;
system.build.vm = pkgs.runCommand "nixos-vm" { preferLocalBuild = true; }
''
ensureDir $out/bin
ln -s ${config.system.build.toplevel} $out/system
ln -s ${pkgs.writeScript "run-nixos-vm" startVM} $out/bin/run-${vmName}-vm
'';
system.build.vm = pkgs.runCommand "nixos-vm" { preferLocalBuild = true; }
''
ensureDir $out/bin
ln -s ${config.system.build.toplevel} $out/system
ln -s ${pkgs.writeScript "run-nixos-vm" startVM} $out/bin/run-${vmName}-vm
'';
# When building a regular system configuration, override whatever
# video driver the host uses.
services.xserver.videoDriver = mkOverride 50 null;
services.xserver.videoDrivers = mkOverride 50 [ "vesa" ];
services.xserver.defaultDepth = mkOverride 50 0;
services.xserver.resolutions = mkOverride 50 [ { x = 1024; y = 768; } ];
services.xserver.monitorSection =
''
# Set a higher refresh rate so that resolutions > 800x600 work.
HorizSync 30-140
VertRefresh 50-160
'';
# When building a regular system configuration, override whatever
# video driver the host uses.
services.xserver.videoDriver = mkOverride 50 null;
services.xserver.videoDrivers = mkOverride 50 [ "vesa" ];
services.xserver.defaultDepth = mkOverride 50 0;
services.xserver.resolutions = mkOverride 50 [ { x = 1024; y = 768; } ];
services.xserver.monitorSection =
''
# Set a higher refresh rate so that resolutions > 800x600 work.
HorizSync 30-140
VertRefresh 50-160
'';
# Wireless won't work in the VM.
networking.wireless.enable = mkOverride 50 false;
# Wireless won't work in the VM.
networking.wireless.enable = mkOverride 50 false;
system.requiredKernelConfig = with config.lib.kernelConfig;
[ (isEnabled "VIRTIO_BLK")
(isEnabled "VIRTIO_PCI")
(isEnabled "VIRTIO_NET")
(isEnabled "EXT4_FS")
(isYes "BLK_DEV")
(isYes "PCI")
(isYes "EXPERIMENTAL")
(isYes "NETDEVICES")
(isYes "NET_CORE")
(isYes "INET")
(isYes "NETWORK_FILESYSTEMS")
] ++ optional (!cfg.graphics) [
(isYes "SERIAL_8250_CONSOLE")
(isYes "SERIAL_8250")
];
system.requiredKernelConfig = with config.lib.kernelConfig;
[ (isEnabled "VIRTIO_BLK")
(isEnabled "VIRTIO_PCI")
(isEnabled "VIRTIO_NET")
(isEnabled "EXT4_FS")
(isYes "BLK_DEV")
(isYes "PCI")
(isYes "EXPERIMENTAL")
(isYes "NETDEVICES")
(isYes "NET_CORE")
(isYes "INET")
(isYes "NETWORK_FILESYSTEMS")
] ++ optional (!cfg.graphics) [
(isYes "SERIAL_8250_CONSOLE")
(isYes "SERIAL_8250")
];
};
}

2
tests/firefox.nix
View File

@ -5,7 +5,7 @@
machine =
{ config, pkgs, ... }:
{ require = [ ./common/x11.nix ];
{ imports = [ ./common/x11.nix ];
environment.systemPackages = [ pkgs.firefox ];
};

2
tests/installer.nix
View File

@ -37,7 +37,7 @@ let
''
{ config, pkgs, modulesPath, ... }:
{ require =
{ imports =
[ ./hardware.nix
"''${modulesPath}/testing/test-instrumentation.nix"
];

2
tests/kde4.nix
View File

@ -5,7 +5,7 @@
machine =
{ config, pkgs, ... }:
{ require = [ ./common/user-account.nix ];
{ imports = [ ./common/user-account.nix ];
virtualisation.memorySize = 768;

2
tests/quake3.nix
View File

@ -17,7 +17,7 @@ rec {
client =
{ config, pkgs, ... }:
{ require = [ ./common/x11.nix ];
{ imports = [ ./common/x11.nix ];
services.xserver.driSupport = true;
services.xserver.defaultDepth = pkgs.lib.mkOverride 0 16;
environment.systemPackages = [ pkgs.quake3demo ];

22
tests/trac.nix
View File

@ -3,9 +3,8 @@
{
nodes = {
storage =
{pkgs, config, ...}:
{
services.nfs.server.enable = true;
{ config, pkgs, ... }:
{ services.nfs.server.enable = true;
services.nfs.server.exports = ''
/repos 192.168.1.0/255.255.255.0(rw,no_root_squash)
'';
@ -13,10 +12,8 @@
};
postgresql =
{config, pkgs, ...}:
{
services.openssh.enable = true;
services.postgresql.enable = true;
{ config, pkgs, ... }:
{ services.postgresql.enable = true;
services.postgresql.package = pkgs.postgresql92;
services.postgresql.enableTCPIP = true;
services.postgresql.authentication = ''
@ -29,15 +26,13 @@
};
webserver =
{config, pkgs, ...}:
{
fileSystems = pkgs.lib.mkOverride 50
{ config, pkgs, ... }:
{ fileSystems = pkgs.lib.mkOverride 50
[ { mountPoint = "/repos";
device = "storage:/repos";
fsType = "nfs";
}
];
services.httpd.enable = true;
services.httpd.adminAddr = "root@localhost";
services.httpd.extraSubservices = [ { serviceType = "trac"; } ];
@ -45,9 +40,8 @@
};
client =
{config, pkgs, ...}:
{
require = [ ./common/x11.nix ];
{ config, pkgs, ... }:
{ imports = [ ./common/x11.nix ];
services.xserver.desktopManager.kde4.enable = true;
};
};

2
tests/xfce.nix
View File

@ -5,7 +5,7 @@
machine =
{ config, pkgs, ... }:
{ require = [ ./common/user-account.nix ];
{ imports = [ ./common/user-account.nix ];
services.xserver.enable = true;