Commit graph

4443 commits

Author SHA1 Message Date
Eelco Dolstra
074af5906e Use new-style fileSystems 2012-11-15 22:55:00 +01:00
Eelco Dolstra
1f401a0e35 Make install-grub.pl work when $PATH is empty 2012-11-15 22:54:43 +01:00
Eelco Dolstra
f44d27a96c Make the installer work on systemd
Systemd mounts the root filesystem as a shared subtree, which breaks
recursive bind mounts.
2012-11-15 22:53:57 +01:00
Rickard Nilsson
02e0d7dbc3 dnsmasq: Add extraConfig option 2012-11-12 18:16:04 +01:00
Eelco Dolstra
08e6c0cb7c Update channel URLs 2012-11-12 09:19:25 +01:00
Eelco Dolstra
d5aae18587 installer test: Don't wait for getty@tty2 because it's started lazily 2012-11-12 09:19:25 +01:00
Eelco Dolstra
1350816199 test-instrumentation.nix: Don't start agetty on hvc0 2012-11-12 09:19:25 +01:00
Peter Simons
622a652411 Add option "environment.binsh" to configure the shell executable used to create the global /bin/sh symlink. 2012-11-11 21:46:25 +01:00
Peter Simons
04ba5de70a modules/programs/bash/bash.nix: cosmetic indention fix 2012-11-11 21:29:33 +01:00
Shea Levy
2f833bc88d Remove unnecessary toPath that breaks with recent nixUnstable 2012-11-08 13:04:20 -05:00
Eelco Dolstra
e078117c72 firewall.nix: Don't fail if IPv6 is disabled 2012-11-06 22:55:25 +01:00
aszlig
a333f7212e systemd: Fail if kernel features are missing.
This has rendered my system unbootable, because I forgot to enable AUTOFS4 in my
custom kernel. In addition to AUTOFS4, this includes (hopefully) all other
kernel features needed by systemd, as listed in the README:

REQUIREMENTS:
  Linux kernel >= 2.6.39
    with devtmpfs
    with cgroups (but it's OK to disable all controllers)
    optional but strongly recommended: autofs4, ipv6

Autofs4 is not a requirement here, but in our case it turns out that the system
is not able to boot properly with a LUKS-enabled system (or at least not on _my_
system).

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2012-11-06 11:25:43 +01:00
Peter Simons
70e6e19f54 xsession: source /etc/profile at the beginning of the script
The xsession script runs services that depend on a sane environment. Gpg-agent, for
example, runs the program "pinentry-gtk-2" to obtain the password to unlock GnuPG
and SSH keys. That program will display only gibberish unless $FONTCONFIG_FILE is
configured properly. Instead of configuring these variables explicitly one by one,
we just source /etc/profile, which contains the appropriate @shellInit@ code.
2012-11-05 23:07:53 +01:00
aszlig
1c28b86749
pam: Douchebag commit, fix alphabetical order.
Yes, I'm going to get back to school and learn the alphabet. I promise!

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2012-11-05 09:41:24 +01:00
aszlig
6e6ee3278c
pam: Add default configuration for GNU screen.
This is needed in order to properly lock your screen using the C-a C-x
(lockscreen) command _and_ being back to re-login, because the "other" PAM
service/fallback is to deny authentication.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2012-11-05 09:40:15 +01:00
Lluís Batlle i Rossell
64540fb453 Adding quick instructions in system-tarball-pc to use it as chroot.
I also split the readme into a file apart.
2012-11-04 22:13:19 +01:00
Eelco Dolstra
458f36f5f1 Turn fileSystems into an attribute set
So now you can write

  fileSystems =
    [ { mountPoint = "/";
        device = "/dev/sda1";
      }
    ];

as

  fileSystems."/".device = "/dev/sda1";
2012-11-02 18:02:12 +01:00
Eelco Dolstra
97f087cd44 Turn networking.interfaces into an attribute set
Thus

  networking.interfaces = [ { name = "eth0"; ipAddress = "192.168.15.1"; } ];

can now be written as

  networking.interfaces.eth0.ipAddress = "192.168.15.1";

The old notation still works though.
2012-11-02 17:08:11 +01:00
Eelco Dolstra
93f82dfeef Remove outdated comment about EC2 booting into stage-2 directly 2012-11-02 17:07:53 +01:00
Eelco Dolstra
67de234e1c wpa_supplicant.nix: Slightly improve descriptions 2012-11-02 17:05:30 +01:00
Eelco Dolstra
6ae0b3beed dhcpcd: Don't use --background so that fetch-ec2-data can be ordered after it 2012-11-02 14:20:05 +01:00
Eelco Dolstra
af4e176c12 Fix description 2012-11-02 14:10:06 +01:00
Eelco Dolstra
48a0ea0513 Make Apache wait for ‘charon send-keys’
(This is a no-op on non-Charon deployments since the ‘keys.target’
unit won't have any dependencies.)
2012-11-01 23:32:12 +01:00
Eelco Dolstra
dd7edefb2c Order mkfs services before the corresponding fsck services 2012-10-31 14:49:09 +01:00
Eelco Dolstra
1860badbeb dhcpcd: Go into the background immediately 2012-10-31 14:24:51 +01:00
Eelco Dolstra
f293455474 dhcpcd: Don't duplicate log messages
Dhcpcd writes log messages to both syslog and stderr.  So ignore
stderr.
2012-10-31 14:24:22 +01:00
Eelco Dolstra
1da362b34b Fix coverage data collection
http://hydra.nixos.org/build/3253046
2012-10-30 17:27:14 +01:00
Eelco Dolstra
e5d4524dda Test driver: Don't wait for a reply after issuing "poweroff" 2012-10-30 17:01:21 +01:00
Eelco Dolstra
bcdc71ddae Kill the backdoor more forcefully
Otherwise it hangs until the 90 second timeout expires.

http://hydra.nixos.org/build/3253068
2012-10-30 16:42:05 +01:00
Eelco Dolstra
7a76bcd72a Fix the installer test
http://hydra.nixos.org/build/3253038
2012-10-30 15:00:51 +01:00
Rob Vermaas
8caceffae8 Logstash: fix typo, should have tested. 2012-10-30 14:22:14 +01:00
Rob Vermaas
631fce3c6f Logstash: pass TZ, redirect log output to prevent recursion when using syslogd. 2012-10-30 14:18:51 +01:00
Rob Vermaas
2b19856f40 Logstash: do not always log to stdout 2012-10-30 14:09:30 +01:00
Eelco Dolstra
4143ff2280 In headless deployments, don't start agetty on the console 2012-10-30 13:53:36 +01:00
Rob Vermaas
88a9d7a9ca Added environment.promptInit to allow PS1 overriding. Would be nicer to be able to allow overriding via shellInit, however could not get that to work. For now this is a temporary solution which will not break anything. 2012-10-30 13:33:37 +01:00
Eelco Dolstra
1a82024dd8 In the tests, don't start agetty on /dev/ttyS0
Running agetty on ttyS0 interferes with the backdoor, which uses ttyS0
as its standard error.  After agetty starts, writes to the stderr file
descriptor will return EIO (though doing "exec 2>/proc/self/fd/2" will
miracuously fix this).

http://hydra.nixos.org/build/3252782
2012-10-29 21:10:00 +01:00
Eelco Dolstra
4764848314 Remove some obsolete options 2012-10-29 21:10:00 +01:00
Peter Simons
b1fefb8834 modules/programs/ssh.nix: strip trailing whitespace 2012-10-29 17:10:46 +01:00
Peter Simons
307644e3b0 modules/programs/ssh.nix: simplify expression that generates 'ForwardX11' entry 2012-10-29 17:10:37 +01:00
Peter Simons
9c74f9a51b modules/programs/ssh.nix: configure AddressFamily properly
Explicitly restrict ssh clients to use of IPv4 addresses if IPv6 support is not enabled.
2012-10-29 17:10:17 +01:00
Peter Simons
cd372c62ea modules/services/networking/ssh/sshd.nix: configure AddressFamily properly
Explicitly restrict sshd to use of IPv4 addresses if IPv6 support is not enabled.
2012-10-29 12:46:30 +01:00
Eelco Dolstra
ae861c8e33 Undo accidental commit 2012-10-29 12:44:38 +01:00
Eelco Dolstra
390f5f7376 Remove the cgroups module
Cgroups are handled by systemd now.  Systemd's cgroup support does not
do all the things that cgrulesengd does, but they're likely to
interact poorly with each other.
2012-10-26 19:36:59 +02:00
Eelco Dolstra
65eae4dd34 Update libvirt for systemd 2012-10-26 16:22:19 +02:00
Eelco Dolstra
23390147ea upstart.nix: Treat "daemon" as "forking" 2012-10-26 16:22:19 +02:00
Eelco Dolstra
6705358ede Convert Zabbix agent/server to systemd
Note all the crap systemd doesn't need :-)
2012-10-26 16:22:19 +02:00
Eelco Dolstra
b3c5d42b1d Don't create /var/log/upstart 2012-10-26 16:22:18 +02:00
Lluís Batlle i Rossell
82d39c9ca4 Fixing stage1 about getting a shell with job control in case of error
It's a busybox faq:
http://www.busybox.net/FAQ.html#job_control
2012-10-24 21:49:10 +02:00
Lluís Batlle i Rossell
c76fc27aff dnsmasq: Setting fixed order in DNS name resolution.
That fits better my setup; if anyone doesn't need this, we can write an option
for the fixed order queries.
2012-10-24 19:29:39 +02:00
Peter Simons
b43e219aeb modules/services/networking/ssh/sshd.nix: configure AddressFamily properly
Explicitly restrict sshd to use of IPv4 addresses if IPv6 support is not enabled.
2012-10-24 19:01:38 +02:00