Commit graph

303 commits

Author SHA1 Message Date
Shea Levy
969fe07be6 Websockify: End descriptions with a period. 2013-02-18 11:51:33 -05:00
Eelco Dolstra
233cc2fdaa Add a module for MiniDLNA
Now my NixOS machine can serve videos to my Bluray player!
2013-02-16 23:08:53 +01:00
Shea Levy
08fdc234c8 Fix manual build 2013-02-15 14:36:20 -05:00
Shea Levy
59a4df3159 Add websockify service 2013-02-14 21:50:41 -05:00
Eelco Dolstra
75662a45d6 wpa_supplicant: Remove accidentally committed debug flag 2013-01-23 22:07:40 +01:00
Eelco Dolstra
d75fa1fdc1 wpa_supplicant: Use the nl80211 and wext drivers by default
This should make wpa_supplicant work out of the box on newer and older
kernels.
2013-01-22 12:33:41 +01:00
Rickard Nilsson
1440e92ae8 Rename NetworkManager-init service to networkmanager-init 2013-01-17 13:37:54 +01:00
Rickard Nilsson
c6bb091b5b Rewrite NetworkManager job to systemd service 2013-01-17 12:51:52 +01:00
Eelco Dolstra
4d983d4955 Rename ‘system.build.systemd’ to ‘systemd.package’
This makes it cheaper to test a new systemd and is more consistent
with other modules.
2013-01-16 13:17:57 +01:00
Eelco Dolstra
ae4e94d9ac Rename ‘boot.systemd’ to ‘systemd’
Suggested by Mathijs Kwik.  ‘boot.systemd’ is a misnomer because
systemd affects more than just booting.  And it saves some typing.
2013-01-16 12:33:18 +01:00
Eelco Dolstra
5685ee5446 Add/fix systemd unit descriptions 2013-01-10 13:59:41 +01:00
Eelco Dolstra
3bbbd62cbc Start dhcpcd/wpa_supplicant after systemd-udev-settle
This is necessary to prevent a race.  Udev 197 has a new naming scheme
for network devices, so it will rename (say) eth0 to eno0.  This fails
with "error changing net interface name eth0 to eno1: Device or
resource busy" if another process has opened the interface in the
meantime.
2013-01-10 13:46:34 +01:00
Eelco Dolstra
0b3d54d3cd Guard against portmap and rpcbind both being enabled 2013-01-09 22:53:44 +01:00
Eelco Dolstra
96ba0ca283 For some units, use "systemctl restart" rather than "systemctl stop/start"
During a configuration switch, changed units are stopped in the old
configuration, then started in the new configuration (i.e. after
running the activation script and running "systemctl daemon-reload").
This ensures that services are stopped using the ExecStop/ExecStopPost
commands from the old configuration.

However, for some services it's undesirable to stop them; in
particular dhcpcd, which deconfigures its network interfaces when it
stops.  This is dangerous when doing remote upgrades - usually things
go right (especially because the switch script ignores SIGHUP), but
not always (see 9aa69885f0).  Likewise,
sshd should be kept running for as long as possible to prevent a
lock-out if the switch fails.

So the new option ‘stopIfChanged = false’ causes "systemctl restart"
to be used instead of "systemctl stop" followed by "systemctl start".
This is only proper for services that don't have stop commands.  (And
it might not handle dependencies properly in some cases, but I'm not
sure.)
2013-01-05 01:05:25 +01:00
Rickard Nilsson
19e8ffc43f networkmanager: Use systemctl instead of initctl 2012-12-30 19:30:18 +01:00
Mathijs Kwik
183829cf99 gogoclient: change working dir before starting
otherwise state files are placed in /
2012-12-28 10:22:49 +01:00
Mathijs Kwik
3456f3b232 systemd: convert gogoclient job to service unit 2012-12-27 12:23:50 +01:00
Eelco Dolstra
97ae408e83 Merge remote-tracking branch 'origin/master' into systemd 2012-12-11 17:40:39 +01:00
Eelco Dolstra
78bd54ca80 Allow setting additional AuthorizedKeysFiles
Charon needs this to include the dynamically generated
/root/.vbox-charon-client-key.  (We used
users.extraUsers.root.openssh.authorizedKeys.keyFiles for this, but
that no longer works.)
2012-12-11 17:29:34 +01:00
Eelco Dolstra
eda051cff5 Remove abuse of "with" 2012-12-11 17:14:52 +01:00
Rickard Nilsson
68872f81cf openssh: Change the way authorized keys are added to the system.
Instead of the somewhat hacky script that inserted public keys
into the users' .ssh/authorized_keys files, use the AuthorizedKeysFile
configuration directive in sshd_config and generate extra key
files for each user (placed in /etc/authorized_keys.d/).
2012-12-11 17:02:39 +01:00
Evgeny Egorochkin
15a15be2f6 dhcpcd: disable "require dhcp_server_identifier" because of so many non-compliant DHCP servers 2012-12-05 23:55:42 +02:00
Eelco Dolstra
b1da38f564 Merge remote-tracking branch 'origin/master' into systemd 2012-11-30 16:12:04 +01:00
Rickard Nilsson
02e0d7dbc3 dnsmasq: Add extraConfig option 2012-11-12 18:16:04 +01:00
Eelco Dolstra
e078117c72 firewall.nix: Don't fail if IPv6 is disabled 2012-11-06 22:55:25 +01:00
Eelco Dolstra
97f087cd44 Turn networking.interfaces into an attribute set
Thus

  networking.interfaces = [ { name = "eth0"; ipAddress = "192.168.15.1"; } ];

can now be written as

  networking.interfaces.eth0.ipAddress = "192.168.15.1";

The old notation still works though.
2012-11-02 17:08:11 +01:00
Eelco Dolstra
67de234e1c wpa_supplicant.nix: Slightly improve descriptions 2012-11-02 17:05:30 +01:00
Eelco Dolstra
6ae0b3beed dhcpcd: Don't use --background so that fetch-ec2-data can be ordered after it 2012-11-02 14:20:05 +01:00
Eelco Dolstra
1860badbeb dhcpcd: Go into the background immediately 2012-10-31 14:24:51 +01:00
Eelco Dolstra
f293455474 dhcpcd: Don't duplicate log messages
Dhcpcd writes log messages to both syslog and stderr.  So ignore
stderr.
2012-10-31 14:24:22 +01:00
Peter Simons
cd372c62ea modules/services/networking/ssh/sshd.nix: configure AddressFamily properly
Explicitly restrict sshd to use of IPv4 addresses if IPv6 support is not enabled.
2012-10-29 12:46:30 +01:00
Lluís Batlle i Rossell
c76fc27aff dnsmasq: Setting fixed order in DNS name resolution.
That fits better my setup; if anyone doesn't need this, we can write an option
for the fixed order queries.
2012-10-24 19:29:39 +02:00
Peter Simons
b43e219aeb modules/services/networking/ssh/sshd.nix: configure AddressFamily properly
Explicitly restrict sshd to use of IPv4 addresses if IPv6 support is not enabled.
2012-10-24 19:01:38 +02:00
Eelco Dolstra
b6f9e05269 Update NFS client/server modules for systemd 2012-10-24 18:10:58 +02:00
Eelco Dolstra
224c825a36 Add option ‘users.motd’ for setting a message of the day shown on login
Note that this uses pam_motd.
2012-10-23 09:10:48 -04:00
Eelco Dolstra
ac8db6fd33 firewall.nix: Don't fail if IPv6 is disabled 2012-10-19 15:21:06 -04:00
Peter Simons
7d58132c0a Merge pull request #36 from jcumming/hostapd
hostapd module
2012-10-18 03:21:31 -07:00
Eelco Dolstra
8499d7555f Backward compatibility hack for ‘networking.nat.internalIPs’ 2012-10-16 11:28:30 -04:00
Mathijs Kwik
97a3a99b40 firewall: options to select connection-tracking helpers
My main reason for adding this is the ability to turn off helpers
altogether. If you are not using any of the special protocols, keeping
them turned off is safest, and in case you do want to use them, it's
best to configure them through the new CT target for your network
topology. Perhaps some sane defaults for nixos can be examined in the
future.

This change has no impact if you don't touch the added options, so no
need to adapt.
2012-10-13 09:59:31 +02:00
Mathijs Kwik
6c62de6a31 firewall: option to enable the rpfilter netfilter module
This is meant to replace /proc/sys/net/ipv4/conf/*/rp_filter, which
only works for ipv4. Furthermore, it's nicer to handle this kind of
filtering in the firewall.

There are some more subtle differences, please see:
https://home.regit.org/netfilter-en/secure-use-of-helpers/

I chose to enable this by default (when the firewall is enabled) as
it's a good idea in general. Only people with advanced routing needs
might not want this, but I guess they don't use the nixos firewall
anyway and use a custom solution. Furthermore, the option only becomes
available in kernel 3.3+, so conservative nixos users that just stick
to the default kernel will not need to act now just yet.
2012-10-13 09:59:31 +02:00
Eelco Dolstra
71a541afb6 dhcpcd: Don't depend on network-interfaces.target
Dhcpcd automatically detects new interfaces, so we can start it right
away.
2012-10-11 17:57:54 -04:00
Eelco Dolstra
285f587025 Move non-interface specific initialisation to ‘network-setup.service’
The unit ‘network-interface.service’ has been replaced by
‘network-interfaces.target’.
2012-10-11 16:18:48 -04:00
Eelco Dolstra
e9b221c2ff firewall.nix: Don't spam the log 2012-10-10 16:51:05 -04:00
Jack Cummings
71e6eca567 - fix indention, clarify parameter descriptions, and use 'exec' instead of 'script' in the hostapd job 2012-10-09 12:19:09 -07:00
Jack Cummings
e40146de16 nat: enable NAT for multiple networks 2012-10-09 14:00:59 -04:00
Jack Cummings
33754edb3e - add a hostapd module 2012-10-05 21:39:56 -07:00
Eelco Dolstra
a5969634f4 sshd: Do detach into the background
This is necessary to ensure that jobs that need to start after sshd
work properly.

This reverts 03f13a4939.
2012-10-04 23:38:27 -04:00
Eelco Dolstra
891be375b5 Make unitConfig/serviceConfig attribute sets
So instead of:

  boot.systemd.services."foo".serviceConfig =
    ''
      StartLimitInterval=10
      CPUShare=500
    '';

you can say:

  boot.systemd.services."foo".serviceConfig.StartLimitInterval = 10;
  boot.systemd.services."foo".serviceConfig.CPUShare = 500;

This way all unit options are available and users can set/override
options in configuration.nix.
2012-10-01 16:27:42 -04:00
Eelco Dolstra
0c4c3fc8aa Merge branch 'systemd' of github.com:NixOS/nixos into systemd 2012-09-28 11:41:59 -04:00
Peter Simons
03f13a4939 Tell sshd not to detach into the background.
This makes it easier for systemd to track it and avoids race conditions such as
this one:

  systemd[1]: PID file /run/sshd.pid not readable (yet?) after start.
  systemd[1]: Failed to start SSH Daemon.
  systemd[1]: Unit sshd.service entered failed state.
  systemd[1]: sshd.service holdoff time over, scheduling restart.
  systemd[1]: Stopping SSH Daemon...
  systemd[1]: Starting SSH Daemon...
  sshd[2315]: Server listening on 0.0.0.0 port 22.
  sshd[2315]: Server listening on :: port 22.
  sshd[2335]: error: Bind to port 22 on 0.0.0.0 failed: Address already in use.
  sshd[2335]: error: Bind to port 22 on :: failed: Address already in use.
  sshd[2335]: fatal: Cannot bind any address.
  systemd[1]: Started SSH Daemon.
2012-09-28 17:38:24 +02:00