You can now set the forwardX11 config option for the ssh client and server separately.
For server, the option means "allow clients to request X11 forwarding".
For client, the option means "request X11 forwarding by default on all connections".
I don't think it made sense to couple them. I might not even run the server on some machines.
Also, I ssh to a lot of machines, and rarely want X11 forwarding. The times I want it,
I use the -X/-Y option, or set it in my ~/.ssh/config.
I also decoupled the 'XAuthLocation' logic from forwardX11.
For my case where ssh client doesn't want forwarding by default, it still wants to set the path for the cases I do need it.
As this flag is the one that pulls in X11 dependencies, I changed the minimal profile and the no-x-libs config to check that instead now.
svn path=/nixos/trunk/; revision=33407
delete routes and addresses when it quits. This causes those routes
and addresses to stick around forever, since dhcpcd won't delete
them when it runs next (even if it acquires a new lease on the same
interface). This is bad; in particular the stale (default) routes
can break networking.
The downside to removing "persistent" is that you should never ever
do "stop dhcpcd" on a remote machine configured by dhcpcd.
svn path=/nixos/trunk/; revision=33388
* Add a slash to the end of $MODULE_DIR, as expected by depmod. (Not
that running depmod from the command line is all that useful, since
you can't use it to update the tree in the Nix store. But at least
commands like "depmod -n" work now.) Reported by Kirill Elagin on
IRC.
svn path=/nixos/trunk/; revision=33312
The VirtualBox build in Nixpkgs is insecure because it uses the
"--disable-hardened" flag, which disables some checks in the
VirtualBox kernel module. Since getting rid of that flag looks like
too much work, it's better to ensure that only explicitly permitted
users have access to VirtualBox.
* Drop the 666 permission on "sonypi" because it's not clear why that
device should be world-writable.
svn path=/nixos/trunk/; revision=33301
USR1 signal before it has forked into the background (because it
will be in the start/running state immediately).
svn path=/nixos/trunk/; revision=33288
monitor the postgres process directly (so that it can be restarted
if necessary), let Upstart send SIGTERM to postgres to shut it down
gracefully. Also drop the Mediawiki references.
svn path=/nixos/trunk/; revision=33262
warning
-bash: warning: setlocale: LC_TIME: cannot change locale (en_GB.UTF8): No such file or directory
when $LC_TIME is set in environment.shellInit.
svn path=/nixos/trunk/; revision=33248
wasn't sourced in a parent shell (as determined by the environment
variable __ETC_PROFILE_DONE). This prevents overriden values of
environment variables such as $PATH from being clobbered in
subshells.
* Move all aliases to /etc/bashrc (since those are for interactive
use).
svn path=/nixos/trunk/; revision=33246
slow: calling basename in a loop somewhere has a noticable impact on
performance. We really shouldn't use bash scripts.
svn path=/nixos/trunk/; revision=33242
were redirecting output to /var/log/upstart/<job>, so it didn't work
properly.
* mountall-ip-up: send the USR1 signal to the mountall process by
looking up its PID, rather than doing "pkill -USR1 mountall". This
prevents a very subtle race condition where USR1 is delivered to a
child process of mountall (such as fsck), if pkill sees the child
just before its execve(). There is actually still a race condition
because mountall installs its USR1 handler *after* daemonising, so
mountall-ip-up could accidentally kill mountall. Should report this
to upstream.
svn path=/nixos/trunk/; revision=33236
The patch is currently being discussed on LKML and hopefully will be included
in mainline in some form in the future. Note that booting from the livecd has
to do a lot of work before anything is output to the console, so if the drive
is still busy don't assume the boot has hanged
svn path=/nixos/trunk/; revision=33235
It needs udevd to be running because the modules may require
firmware. Thanks to Mathijs and Arie for pointing this out.
svn path=/nixos/trunk/; revision=33234
longer compares the current configuration to the previous
configuration, but instead compares the current Upstart state to the
intended state. Thus, if the switch script is interrupted, running
nixos-rebuild again will resume starting/stopping Upstart jobs where
the previous run left off.
We determine if an Upstart job has changed by having the pre-start
script of each Upstart job put a symlink to its .conf file in
/var/run/upstart-jobs. So if this symlink differs from the target
of /etc/init/<job>.conf, then the job has changed. This also
prevents multiple restarts of dependent jobs. E.g., if job B has
"start on started A" and "stop on stopping A", then restarting A
will cause B to be restarted, so B shouldn't B restarted a second
time.
We only start jobs that are not running if 1) they're tasks that
have been previously run (like mountall); or 2) they're jobs that
have a "start on" condition. This seems a reasonable heuristic.
svn path=/nixos/trunk/; revision=33222
running. The user won't see it, and the "console owner" stanza
breaks VT switching and causes the X server to go to 100% CPU time.
svn path=/nixos/trunk/; revision=33221
starts the given job and waits until it's running; "stop_check"
checks that the current job hasn't been asked to stop.
svn path=/nixos/trunk/; revision=33214
modprobe.
* Move the implementation of boot.kernelModules from the udev job to
the activation script. This prevents races with the udev job.
* Drop references to the "capability" kernel module, which no longer
exists.
svn path=/nixos/trunk/; revision=33208
JOB", but it does kill the job's main process. So if the post-start
script if waiting for the job's main process to reach some state, it
may hang forever. Thus, the post-start script should monitor
whether its job has been requested to stop and exit in that case.
svn path=/nixos/trunk/; revision=33176
nfsd, as suggested by the nfs-utils README.
Also, rather than relying on Upstart events (which have all sorts of
problems, especially if you have jobs that have multiple
dependencies), we know just let jobs start their on prerequisites.
That is, nfsd starts mountd in its preStart script; mountd starts
statd; statd starts portmap. Likewise, mountall starts statd to
ensure that it can mount NFS filesystems. This means that doing
something like "start nfsd" from the command line will Do The Right
Thing and start the dependencies of nfsd.
svn path=/nixos/trunk/; revision=33172
actually listening. Otherwise we have a race condition during boot
where statd's start can be delayed, causing NFSv3 mounting to fail.
svn path=/nixos/trunk/; revision=33171
The image passed to genisofs needs to be a FAT image with the right filesystem
layout, not an EFI executable image
svn path=/nixos/trunk/; revision=33162
It works but it doesn't respect ignoredInterfaces etc.
Probably I forgotten to create some directories (all of them exist on my
laptop). Feel free to fix this module.
svn path=/nixos/trunk/; revision=33097
Note: This feature is INCOMPLETE. Moreover, when runEfibootmgr is true it will
MODIFY NVRAM and, on Apple systems, possibly brick your firmware. PLEASE be
careful while further testing is performed
svn path=/nixos/trunk/; revision=33047
This allows setting a fixed device name per array, thus ensuring that at boot,
the arrays will always be mounted with the same names. I think this allows
solving the problem of grub getting confused about softraid device names
(prefix and root), if the devices always get the same naming at initrd.
svn path=/nixos/trunk/; revision=33033
I set it as default because users can benefit of this without having to prepare
their nixos first, and I don't think it will break any nixos for the initrd
size increase.
It can be disabled with 'boot.initrd.withExtraTools = false'.
svn path=/nixos/trunk/; revision=33000
reiserfs now have separate modules that are conditional on
boot.supportedFilesystems and boot.initrd.supportedFilesystems.
By default, these include the filesystems specified in the fsType
attribute in fileSystems. Ext2/3/4 support is currently
unconditional.
Also unbreak the installer test (http://hydra.nixos.org/build/2272302).
svn path=/nixos/trunk/; revision=32954
window in which /bin/sh is missing. This can cause concurrently
running programs to fail (e.g. Hydra jobs =>
http://hydra.nixos.org/build/2267831). You'd think the odds of this
are very low, but they're not.
svn path=/nixos/trunk/; revision=32901
first user job I put in ~/.init caused Upstart to crash with an
assertion failure, taking down the system. Given that Upstart has a
non-trivial attack surface with this feature, it seems best to
disable it.
svn path=/nixos/trunk/; revision=32779
many services depend on other services that bring up network interfaces.
Examples are ipv6 tunneling clients or VPNs.
As there are multiple choices for these network-interface-providing services,
it's not nice to hardcore these deps in every service.
This change sets up a generic config option for this purpose.
providers (gw6c/gogoclient/openvpn) can plug into this to signal they bring up
an important interface.
Daemons that need these interfaces, can then depend on the 'all-interfaces' event,
instead of the individual services.
By default, the event fires when network-interfaces completes.
svn path=/nixos/trunk/; revision=32764
This change allows using extraHosts to specify additional aliases for 127.0.0.1
without overriding the local hostname in the process.
svn path=/nixos/trunk/; revision=32711
As reported by Bryce L Nordgren.
Multi-disk btrfs filesystems need to get assembled first before they become mountable.
Enable this by explicitly assigning fsType = "btrfs" in the filesystems list in configuration.nix
svn path=/nixos/trunk/; revision=32682
well because elements could be paths, e.g.
users.extraUsers.root.openssh.authorizedKeys.keyFiles =
[ ./id_key.pub ];
So disable the type check for now.
svn path=/nixos/trunk/; revision=32558
will use TCP/IP instead of a Unix domain socket.
* Simplify Zabbix's start condition. Zabbix now retries if the
database is down instead of bailing out.
svn path=/nixos/trunk/; revision=32426
yet). It's smaller than dhclient and has more features
(e.g. automatically detects link status changes, supports
openresolv, does IPv4LL, and supports IPv6 Router Advertisements).
svn path=/nixos/trunk/; revision=32413
currently, only support for fully disabling nvidia is provided, which
is helpful for saving power/heat.
In the future, this should be extended so we can choose:
- nvidia only (choose between nouveau/nvidia driver)
- IGP only
- Hybrid (choose between nouveau/nvidia driver, use the "bumblebee" package/daemon)
svn path=/nixos/trunk/; revision=32085
event is emitted by dhclient and by the network-interfaces job in
case of statically configured interfaces. Invalidating the cache is
necessary to get rid of negative queries.
svn path=/nixos/trunk/; revision=31779
Also, removed the firmware-free option because that firmware is already in the kernel package and thus causing collisions otherwise.
svn path=/nixos/trunk/; revision=31527
The CUPS filter has been renamed in GNU Ghostscript 9.x. Fortunately,
Ghostscript ships with a MIME conversions file that informs CUPS about this,
so linking that file into /etc/cups works fine. I'm not sure whether it's a
particularly elegant solution, though.
svn path=/nixos/trunk/; revision=31489
Users who want a user-specific bin directory to override system paths should
configure that in their user-specific ~/.bashrc, not in the system-wide init
file. The global file shouldn't add directories from user homes to $PATH
without knowing whether those actually exist or whether the users even want
them in $PATH. On my system, for example, there is no ~/bin, so I don't want my
$PATH to look for one. Removing an erroneous entry from $PATH is cumbersome,
but adding one is easy, so it feels better to err on the side of caution.
svn path=/nixos/trunk/; revision=31188
xserver is started on start_xserver event, which is emitted by
check_for_xserver_start if there is no "noX11" on the kernel cmdline.
Thanks to viric for the general idea.
svn path=/nixos/trunk/; revision=31166
Upstart won't find a "bash" binary in $PATH when those commands are run, so we
refer to it using an absolute path.
svn path=/nixos/trunk/; revision=31157
pierron recommended the use of types.string over mergeOptionString, as
it is superior but might break things.
For my system the change evaluated to the exactly same.
svn path=/nixos/trunk/; revision=31138
This reverts commit 025f8c40b40fad50086e8761eee61098d8fb2651.
The check was intened for building the initrd of the installer.
svn path=/nixos/trunk/; revision=31137
popt-0.16 and cryptsetup-1.4.1 both generated pkgconfig (in contrast
to older versions). The pkgconfig files (popt.pc and cryptsetup.pc)
contain references into the store that are not removed by patchelf and
stage-1 fails with errors like: "output is not allowed to refer to
path `/nix/store/qccjhn063cfv171rcaxvxh0yk96zf7l2-cryptsetup-1.4.1'".
Now, only the cryptsetup binaries and its dependencies are copied,
determined by ldd. In addition the cryptsetup binary and lvm are
tested after patchelf has adjusted the library paths.
Thanks to Peter Simons and Eelco Dolstra for giving the rights hints.
svn path=/nixos/trunk/; revision=31128
"Permission denied" until I run "restart nfs-kernel-exports". "exportfs -ra" did not help.
I tracked that down to some race condition between loading the module nfsd and
starting the daemons. Therefore, I decided to add nfsd to the boot.kernelModules instead
of using modprove with it.
Now it works for my server. No more Permission denied after reboot.
svn path=/nixos/trunk/; revision=31113
default. See
http://www.codon.org.uk/~mjg59/power/good_practices.html
for the reasoning. (Basically, the ‘performance’ and ‘powersave’
governors don't actually provide extra performance or power savings
in most cases.)
It used to be that desktop environments like KDE were able to set
the governor through HAL (e.g. KDE could be configured to switch to
the powersave governor when the user unplugs his laptop). However,
this is no longer the case with upower — it is now expected that
everybody uses the ondemand governor. See
http://old.nabble.com/-PATCH--powerdevil-remove-cpufreq.patch-td27815354.html
* Rename ‘cpuFreqGovernor’ to ‘powerManagement.cpuFreqGovernor’.
* Include cpufreq-utils in the system path if a governor is set, since
we depend on it anyway.
svn path=/nixos/trunk/; revision=30991
Fix sane-backends to generate udev rules, add a snapshot of sane-backends's unstable repo, and add a SANE nixos module
svn path=/nixos/trunk/; revision=30764
There is room for improvement here. The options in conffile could be broken out into individual options and an extraConfig option added. But I think this looks right.
Patch by mornfall, slightly modified by me
svn path=/nixos/trunk/; revision=30731
For example, I use the following settings to configure T-Mobile Internet
access on my laptop, which is connected to the cell phone by USB:
| environment.wvdial.dialerDefaults = ''
| Init1 = AT+CGDCONT=1,"IP","internet.t-mobile"
| Modem Type = USB Modem
| Phone = *99#
| ISDN = 0
| Username = tm
| Password = tm
| Modem = /dev/ttyACM0
| Baud = 460800
| '';
svn path=/nixos/trunk/; revision=30489
just does what it says (enable a "graphical" configuration).
* Enable KDM in the graphical CD. The "auto" display manager doesn't
properly handle shutdowns etc.
svn path=/nixos/trunk/; revision=30331
all-hardware.nix. This allows base.nix (which should probably be
renamed to something more descriptive) to be reused without getting
the hardware configuration of the installation CD.
svn path=/nixos/trunk/; revision=30327
That's confusing and wrong: nixos-hardware-scan should just enable
support for the detected hardware, not enable lots of software (let
alone KDE).
svn path=/nixos/trunk/; revision=30325