Eelco Dolstra
074af5906e
Use new-style fileSystems
2012-11-15 22:55:00 +01:00
Eelco Dolstra
1f401a0e35
Make install-grub.pl work when $PATH is empty
2012-11-15 22:54:43 +01:00
Eelco Dolstra
f44d27a96c
Make the installer work on systemd
...
Systemd mounts the root filesystem as a shared subtree, which breaks
recursive bind mounts.
2012-11-15 22:53:57 +01:00
Rickard Nilsson
02e0d7dbc3
dnsmasq: Add extraConfig option
2012-11-12 18:16:04 +01:00
Eelco Dolstra
08e6c0cb7c
Update channel URLs
2012-11-12 09:19:25 +01:00
Eelco Dolstra
d5aae18587
installer test: Don't wait for getty@tty2 because it's started lazily
2012-11-12 09:19:25 +01:00
Eelco Dolstra
1350816199
test-instrumentation.nix: Don't start agetty on hvc0
2012-11-12 09:19:25 +01:00
Peter Simons
622a652411
Add option "environment.binsh" to configure the shell executable used to create the global /bin/sh symlink.
2012-11-11 21:46:25 +01:00
Peter Simons
04ba5de70a
modules/programs/bash/bash.nix: cosmetic indention fix
2012-11-11 21:29:33 +01:00
Shea Levy
2f833bc88d
Remove unnecessary toPath that breaks with recent nixUnstable
2012-11-08 13:04:20 -05:00
Eelco Dolstra
e078117c72
firewall.nix: Don't fail if IPv6 is disabled
2012-11-06 22:55:25 +01:00
aszlig
a333f7212e
systemd: Fail if kernel features are missing.
...
This has rendered my system unbootable, because I forgot to enable AUTOFS4 in my
custom kernel. In addition to AUTOFS4, this includes (hopefully) all other
kernel features needed by systemd, as listed in the README:
REQUIREMENTS:
Linux kernel >= 2.6.39
with devtmpfs
with cgroups (but it's OK to disable all controllers)
optional but strongly recommended: autofs4, ipv6
Autofs4 is not a requirement here, but in our case it turns out that the system
is not able to boot properly with a LUKS-enabled system (or at least not on _my_
system).
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2012-11-06 11:25:43 +01:00
Peter Simons
70e6e19f54
xsession: source /etc/profile at the beginning of the script
...
The xsession script runs services that depend on a sane environment. Gpg-agent, for
example, runs the program "pinentry-gtk-2" to obtain the password to unlock GnuPG
and SSH keys. That program will display only gibberish unless $FONTCONFIG_FILE is
configured properly. Instead of configuring these variables explicitly one by one,
we just source /etc/profile, which contains the appropriate @shellInit@ code.
2012-11-05 23:07:53 +01:00
aszlig
1c28b86749
pam: Douchebag commit, fix alphabetical order.
...
Yes, I'm going to get back to school and learn the alphabet. I promise!
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2012-11-05 09:41:24 +01:00
aszlig
6e6ee3278c
pam: Add default configuration for GNU screen.
...
This is needed in order to properly lock your screen using the C-a C-x
(lockscreen) command _and_ being back to re-login, because the "other" PAM
service/fallback is to deny authentication.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2012-11-05 09:40:15 +01:00
Lluís Batlle i Rossell
64540fb453
Adding quick instructions in system-tarball-pc to use it as chroot.
...
I also split the readme into a file apart.
2012-11-04 22:13:19 +01:00
Eelco Dolstra
458f36f5f1
Turn fileSystems into an attribute set
...
So now you can write
fileSystems =
[ { mountPoint = "/";
device = "/dev/sda1";
}
];
as
fileSystems."/".device = "/dev/sda1";
2012-11-02 18:02:12 +01:00
Eelco Dolstra
97f087cd44
Turn networking.interfaces into an attribute set
...
Thus
networking.interfaces = [ { name = "eth0"; ipAddress = "192.168.15.1"; } ];
can now be written as
networking.interfaces.eth0.ipAddress = "192.168.15.1";
The old notation still works though.
2012-11-02 17:08:11 +01:00
Eelco Dolstra
93f82dfeef
Remove outdated comment about EC2 booting into stage-2 directly
2012-11-02 17:07:53 +01:00
Eelco Dolstra
67de234e1c
wpa_supplicant.nix: Slightly improve descriptions
2012-11-02 17:05:30 +01:00
Eelco Dolstra
6ae0b3beed
dhcpcd: Don't use --background so that fetch-ec2-data can be ordered after it
2012-11-02 14:20:05 +01:00
Eelco Dolstra
af4e176c12
Fix description
2012-11-02 14:10:06 +01:00
Eelco Dolstra
48a0ea0513
Make Apache wait for ‘charon send-keys’
...
(This is a no-op on non-Charon deployments since the ‘keys.target’
unit won't have any dependencies.)
2012-11-01 23:32:12 +01:00
Eelco Dolstra
dd7edefb2c
Order mkfs services before the corresponding fsck services
2012-10-31 14:49:09 +01:00
Eelco Dolstra
1860badbeb
dhcpcd: Go into the background immediately
2012-10-31 14:24:51 +01:00
Eelco Dolstra
f293455474
dhcpcd: Don't duplicate log messages
...
Dhcpcd writes log messages to both syslog and stderr. So ignore
stderr.
2012-10-31 14:24:22 +01:00
Eelco Dolstra
1da362b34b
Fix coverage data collection
...
http://hydra.nixos.org/build/3253046
2012-10-30 17:27:14 +01:00
Eelco Dolstra
e5d4524dda
Test driver: Don't wait for a reply after issuing "poweroff"
2012-10-30 17:01:21 +01:00
Eelco Dolstra
bcdc71ddae
Kill the backdoor more forcefully
...
Otherwise it hangs until the 90 second timeout expires.
http://hydra.nixos.org/build/3253068
2012-10-30 16:42:05 +01:00
Eelco Dolstra
7a76bcd72a
Fix the installer test
...
http://hydra.nixos.org/build/3253038
2012-10-30 15:00:51 +01:00
Rob Vermaas
8caceffae8
Logstash: fix typo, should have tested.
2012-10-30 14:22:14 +01:00
Rob Vermaas
631fce3c6f
Logstash: pass TZ, redirect log output to prevent recursion when using syslogd.
2012-10-30 14:18:51 +01:00
Rob Vermaas
2b19856f40
Logstash: do not always log to stdout
2012-10-30 14:09:30 +01:00
Eelco Dolstra
4143ff2280
In headless deployments, don't start agetty on the console
2012-10-30 13:53:36 +01:00
Rob Vermaas
88a9d7a9ca
Added environment.promptInit to allow PS1 overriding. Would be nicer to be able to allow overriding via shellInit, however could not get that to work. For now this is a temporary solution which will not break anything.
2012-10-30 13:33:37 +01:00
Eelco Dolstra
1a82024dd8
In the tests, don't start agetty on /dev/ttyS0
...
Running agetty on ttyS0 interferes with the backdoor, which uses ttyS0
as its standard error. After agetty starts, writes to the stderr file
descriptor will return EIO (though doing "exec 2>/proc/self/fd/2" will
miracuously fix this).
http://hydra.nixos.org/build/3252782
2012-10-29 21:10:00 +01:00
Eelco Dolstra
4764848314
Remove some obsolete options
2012-10-29 21:10:00 +01:00
Peter Simons
b1fefb8834
modules/programs/ssh.nix: strip trailing whitespace
2012-10-29 17:10:46 +01:00
Peter Simons
307644e3b0
modules/programs/ssh.nix: simplify expression that generates 'ForwardX11' entry
2012-10-29 17:10:37 +01:00
Peter Simons
9c74f9a51b
modules/programs/ssh.nix: configure AddressFamily properly
...
Explicitly restrict ssh clients to use of IPv4 addresses if IPv6 support is not enabled.
2012-10-29 17:10:17 +01:00
Peter Simons
cd372c62ea
modules/services/networking/ssh/sshd.nix: configure AddressFamily properly
...
Explicitly restrict sshd to use of IPv4 addresses if IPv6 support is not enabled.
2012-10-29 12:46:30 +01:00
Eelco Dolstra
ae861c8e33
Undo accidental commit
2012-10-29 12:44:38 +01:00
Eelco Dolstra
390f5f7376
Remove the cgroups module
...
Cgroups are handled by systemd now. Systemd's cgroup support does not
do all the things that cgrulesengd does, but they're likely to
interact poorly with each other.
2012-10-26 19:36:59 +02:00
Eelco Dolstra
65eae4dd34
Update libvirt for systemd
2012-10-26 16:22:19 +02:00
Eelco Dolstra
23390147ea
upstart.nix: Treat "daemon" as "forking"
2012-10-26 16:22:19 +02:00
Eelco Dolstra
6705358ede
Convert Zabbix agent/server to systemd
...
Note all the crap systemd doesn't need :-)
2012-10-26 16:22:19 +02:00
Eelco Dolstra
b3c5d42b1d
Don't create /var/log/upstart
2012-10-26 16:22:18 +02:00
Lluís Batlle i Rossell
82d39c9ca4
Fixing stage1 about getting a shell with job control in case of error
...
It's a busybox faq:
http://www.busybox.net/FAQ.html#job_control
2012-10-24 21:49:10 +02:00
Lluís Batlle i Rossell
c76fc27aff
dnsmasq: Setting fixed order in DNS name resolution.
...
That fits better my setup; if anyone doesn't need this, we can write an option
for the fixed order queries.
2012-10-24 19:29:39 +02:00
Peter Simons
b43e219aeb
modules/services/networking/ssh/sshd.nix: configure AddressFamily properly
...
Explicitly restrict sshd to use of IPv4 addresses if IPv6 support is not enabled.
2012-10-24 19:01:38 +02:00