2007-11-15 18:16:16 +01:00
|
|
|
|
{ config, pkgs, upstartJobs, systemPath, wrapperDir
|
2008-12-16 00:54:10 +01:00
|
|
|
|
, defaultShell, extraEtc, nixEnvVars, modulesTree, nssModulesPath, binsh
|
2007-11-15 18:16:16 +01:00
|
|
|
|
}:
|
2006-12-11 16:32:10 +01:00
|
|
|
|
|
2007-01-16 17:09:43 +01:00
|
|
|
|
let
|
|
|
|
|
|
2007-06-10 22:02:07 +02:00
|
|
|
|
|
2007-11-09 19:49:45 +01:00
|
|
|
|
optional = pkgs.lib.optional;
|
2007-01-16 17:09:43 +01:00
|
|
|
|
|
2007-06-10 22:02:07 +02:00
|
|
|
|
|
|
|
|
|
# !!! ugh, these files shouldn't be created here.
|
|
|
|
|
|
|
|
|
|
|
2008-01-04 18:05:48 +01:00
|
|
|
|
pamConsoleHandlers = pkgs.writeText "console.handlers" ''
|
|
|
|
|
console consoledevs /dev/tty[0-9][0-9]* :[0-9]\.[0-9] :[0-9]
|
|
|
|
|
${pkgs.pam_console}/sbin/pam_console_apply lock logfail wait -t tty -s -c ${pamConsolePerms}
|
|
|
|
|
${pkgs.pam_console}/sbin/pam_console_apply unlock logfail wait -r -t tty -s -c ${pamConsolePerms}
|
|
|
|
|
'';
|
2007-06-10 22:02:07 +02:00
|
|
|
|
|
|
|
|
|
pamConsolePerms = ./security/console.perms;
|
|
|
|
|
|
2008-07-16 18:01:09 +02:00
|
|
|
|
|
2007-01-16 17:09:43 +01:00
|
|
|
|
in
|
2007-06-10 22:02:07 +02:00
|
|
|
|
|
2007-01-16 17:09:43 +01:00
|
|
|
|
|
2006-12-11 16:32:10 +01:00
|
|
|
|
import ../helpers/make-etc.nix {
|
|
|
|
|
inherit (pkgs) stdenv;
|
|
|
|
|
|
|
|
|
|
configFiles = [
|
|
|
|
|
{ # TCP/UDP port assignments.
|
|
|
|
|
source = pkgs.iana_etc + "/etc/services";
|
|
|
|
|
target = "services";
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
{ # IP protocol numbers.
|
|
|
|
|
source = pkgs.iana_etc + "/etc/protocols";
|
|
|
|
|
target = "protocols";
|
|
|
|
|
}
|
|
|
|
|
|
2008-03-17 13:33:21 +01:00
|
|
|
|
{ # RPC program numbers.
|
|
|
|
|
source = pkgs.glibc + "/etc/rpc";
|
|
|
|
|
target = "rpc";
|
|
|
|
|
}
|
|
|
|
|
|
2006-12-11 16:32:10 +01:00
|
|
|
|
{ # Hostname-to-IP mappings.
|
2008-01-04 18:05:48 +01:00
|
|
|
|
source = pkgs.substituteAll {
|
|
|
|
|
src = ./hosts;
|
|
|
|
|
extraHosts = config.networking.extraHosts;
|
|
|
|
|
};
|
2006-12-11 16:32:10 +01:00
|
|
|
|
target = "hosts";
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
{ # Name Service Switch configuration file. Required by the C library.
|
2008-03-17 14:58:57 +01:00
|
|
|
|
source = if config.services.avahi.nssmdns
|
|
|
|
|
then (assert config.services.avahi.enable; ./nsswitch-mdns.conf)
|
2008-07-23 16:13:27 +02:00
|
|
|
|
else ./nsswitch.conf;
|
2006-12-11 16:32:10 +01:00
|
|
|
|
target = "nsswitch.conf";
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
{ # Friendly greeting on the virtual consoles.
|
2008-01-04 18:05:48 +01:00
|
|
|
|
source = pkgs.writeText "issue" ''
|
|
|
|
|
|
|
|
|
|
[1;32m${config.services.mingetty.greetingLine}[0m
|
|
|
|
|
${config.services.mingetty.helpLine}
|
|
|
|
|
|
|
|
|
|
'';
|
2006-12-11 16:32:10 +01:00
|
|
|
|
target = "issue";
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
{ # Configuration for pwdutils (login, passwd, useradd, etc.).
|
|
|
|
|
# You cannot login without it!
|
2007-03-30 14:59:43 +02:00
|
|
|
|
source = ./login.defs;
|
2006-12-11 16:32:10 +01:00
|
|
|
|
target = "login.defs";
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
{ # The Upstart events defined above.
|
|
|
|
|
source = upstartJobs + "/etc/event.d";
|
|
|
|
|
target = "event.d";
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
{ # Configuration for passwd and friends (e.g., hash algorithm
|
|
|
|
|
# for /etc/passwd).
|
2007-03-30 14:59:43 +02:00
|
|
|
|
source = ./default/passwd;
|
2006-12-11 16:32:10 +01:00
|
|
|
|
target = "default/passwd";
|
|
|
|
|
}
|
|
|
|
|
|
2007-03-20 14:30:14 +01:00
|
|
|
|
{ # Configuration for useradd.
|
|
|
|
|
source = pkgs.substituteAll {
|
2007-03-30 14:59:43 +02:00
|
|
|
|
src = ./default/useradd;
|
2007-03-20 14:30:14 +01:00
|
|
|
|
inherit defaultShell;
|
|
|
|
|
};
|
|
|
|
|
target = "default/useradd";
|
|
|
|
|
}
|
|
|
|
|
|
2006-12-22 18:28:25 +01:00
|
|
|
|
{ # Dhclient hooks for emitting ip-up/ip-down events.
|
|
|
|
|
source = pkgs.substituteAll {
|
2007-03-30 14:59:43 +02:00
|
|
|
|
src = ./dhclient-exit-hooks;
|
2007-01-23 11:22:00 +01:00
|
|
|
|
inherit (pkgs) upstart glibc;
|
2006-12-22 18:28:25 +01:00
|
|
|
|
};
|
|
|
|
|
target = "dhclient-exit-hooks";
|
|
|
|
|
}
|
2007-01-15 15:43:56 +01:00
|
|
|
|
|
2008-03-12 11:18:11 +01:00
|
|
|
|
{ # Script executed when the shell starts as a non-login shell (system-wide version).
|
2007-01-15 15:43:56 +01:00
|
|
|
|
source = pkgs.substituteAll {
|
2008-07-16 18:01:09 +02:00
|
|
|
|
src = ./bashrc.sh;
|
2008-03-17 14:58:57 +01:00
|
|
|
|
inherit systemPath wrapperDir modulesTree nssModulesPath;
|
2008-01-06 19:45:13 +01:00
|
|
|
|
inherit (pkgs) glibc;
|
2007-11-09 19:49:45 +01:00
|
|
|
|
timeZone = config.time.timeZone;
|
|
|
|
|
defaultLocale = config.i18n.defaultLocale;
|
2007-11-15 18:16:16 +01:00
|
|
|
|
inherit nixEnvVars;
|
2007-01-15 15:43:56 +01:00
|
|
|
|
};
|
2008-07-16 18:01:09 +02:00
|
|
|
|
target = "bashrc";
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
{ # Script executed when the shell starts as a login shell.
|
|
|
|
|
source = ./profile.sh;
|
2007-01-15 15:43:56 +01:00
|
|
|
|
target = "profile";
|
|
|
|
|
}
|
2007-01-16 17:09:43 +01:00
|
|
|
|
|
2007-05-02 11:55:35 +02:00
|
|
|
|
{ # Configuration for readline in bash.
|
|
|
|
|
source = ./inputrc;
|
|
|
|
|
target = "inputrc";
|
|
|
|
|
}
|
|
|
|
|
|
2007-11-05 12:19:51 +01:00
|
|
|
|
{ # Nix configuration.
|
2008-12-16 00:54:10 +01:00
|
|
|
|
source =
|
|
|
|
|
let
|
|
|
|
|
# Tricky: if we're using a chroot for builds, then we need
|
|
|
|
|
# /bin/sh in the chroot (our own compromise to purity).
|
|
|
|
|
# However, since /bin/sh is a symlink to some path in the
|
|
|
|
|
# Nix store, which furthermore has runtime dependencies on
|
|
|
|
|
# other paths in the store, we need the closure of /bin/sh
|
|
|
|
|
# in `build-chroot-dirs' - otherwise any builder that uses
|
|
|
|
|
# /bin/sh won't work.
|
2009-02-27 13:03:03 +01:00
|
|
|
|
binshDeps = pkgs.writeReferencesToFile binsh;
|
|
|
|
|
|
|
|
|
|
# Likewise, if chroots are turned on, we need Nix's own
|
|
|
|
|
# closure in the chroot. Otherwise nix-channel and nix-env
|
|
|
|
|
# won't work because the dependencies of its builders (like
|
|
|
|
|
# coreutils and Perl) aren't visible. Sigh.
|
|
|
|
|
nixDeps = pkgs.writeReferencesToFile config.environment.nix;
|
2008-12-16 00:54:10 +01:00
|
|
|
|
in
|
2009-02-27 15:08:38 +01:00
|
|
|
|
pkgs.runCommand "nix.conf" {extraOptions = config.nix.extraOptions; } ''
|
2009-02-27 13:03:03 +01:00
|
|
|
|
extraPaths=$(for i in $(cat ${binshDeps} ${nixDeps}); do if test -d $i; then echo $i; fi; done)
|
2008-12-16 00:54:10 +01:00
|
|
|
|
cat > $out <<END
|
|
|
|
|
# WARNING: this file is generated.
|
|
|
|
|
build-users-group = nixbld
|
|
|
|
|
build-max-jobs = ${toString (config.nix.maxJobs)}
|
|
|
|
|
build-use-chroot = ${if config.nix.useChroot then "true" else "false"}
|
2009-02-27 13:03:03 +01:00
|
|
|
|
build-chroot-dirs = /dev /dev/pts /proc /bin $(echo $extraPaths)
|
2009-02-27 15:08:38 +01:00
|
|
|
|
$extraOptions
|
2008-12-16 00:54:10 +01:00
|
|
|
|
END
|
|
|
|
|
'';
|
2007-11-05 12:19:51 +01:00
|
|
|
|
target = "nix.conf"; # will be symlinked from /nix/etc/nix/nix.conf in activate-configuration.sh.
|
|
|
|
|
}
|
2007-11-08 19:15:12 +01:00
|
|
|
|
|
2008-03-12 11:18:11 +01:00
|
|
|
|
{ # Script executed when the shell starts as a non-login shell (user version).
|
|
|
|
|
source = ./skel/bashrc;
|
|
|
|
|
target = "skel/.bashrc";
|
|
|
|
|
}
|
|
|
|
|
|
2008-01-16 14:59:03 +01:00
|
|
|
|
{ # SSH configuration. Slight duplication of the sshd_config
|
|
|
|
|
# generation in the sshd service.
|
|
|
|
|
source = pkgs.writeText "ssh_config" ''
|
|
|
|
|
${if config.services.sshd.forwardX11 then ''
|
|
|
|
|
ForwardX11 yes
|
|
|
|
|
XAuthLocation ${pkgs.xorg.xauth}/bin/xauth
|
|
|
|
|
'' else ''
|
|
|
|
|
ForwardX11 no
|
|
|
|
|
''}
|
|
|
|
|
'';
|
|
|
|
|
target = "ssh/ssh_config";
|
|
|
|
|
}
|
2006-12-11 16:32:10 +01:00
|
|
|
|
]
|
|
|
|
|
|
2007-11-08 19:15:12 +01:00
|
|
|
|
# Configuration for ssmtp.
|
2007-11-09 19:49:45 +01:00
|
|
|
|
++ optional config.networking.defaultMailServer.directDelivery {
|
2008-01-04 18:05:48 +01:00
|
|
|
|
source = let cfg = config.networking.defaultMailServer; in pkgs.writeText "ssmtp.conf" ''
|
2008-04-24 14:36:50 +02:00
|
|
|
|
MailHub=${cfg.hostName}
|
|
|
|
|
FromLineOverride=YES
|
2008-01-04 18:05:48 +01:00
|
|
|
|
${if cfg.domain != "" then "rewriteDomain=${cfg.domain}" else ""}
|
|
|
|
|
UseTLS=${if cfg.useTLS then "YES" else "NO"}
|
|
|
|
|
UseSTARTTLS=${if cfg.useSTARTTLS then "YES" else "NO"}
|
|
|
|
|
#Debug=YES
|
|
|
|
|
'';
|
2007-11-08 19:15:12 +01:00
|
|
|
|
target = "ssmtp/ssmtp.conf";
|
2007-11-09 19:49:45 +01:00
|
|
|
|
}
|
2007-11-08 19:15:12 +01:00
|
|
|
|
|
2007-01-22 17:42:29 +01:00
|
|
|
|
# Configuration file for fontconfig used to locate
|
|
|
|
|
# (X11) client-rendered fonts.
|
2008-02-14 08:42:52 +01:00
|
|
|
|
++ optional config.fonts.enableFontConfig {
|
2008-07-03 16:35:02 +02:00
|
|
|
|
source = pkgs.makeFontsConf {
|
|
|
|
|
fontDirectories = import ../system/fonts.nix {inherit pkgs config;};
|
|
|
|
|
};
|
2007-01-22 17:42:29 +01:00
|
|
|
|
target = "fonts/fonts.conf";
|
2007-11-09 19:49:45 +01:00
|
|
|
|
}
|
2007-01-22 17:42:29 +01:00
|
|
|
|
|
2007-01-16 17:09:43 +01:00
|
|
|
|
# LDAP configuration.
|
2007-11-09 19:49:45 +01:00
|
|
|
|
++ optional config.users.ldap.enable {
|
2007-04-10 16:10:45 +02:00
|
|
|
|
source = import ./ldap.conf.nix {
|
2007-01-16 17:09:43 +01:00
|
|
|
|
inherit (pkgs) writeText;
|
|
|
|
|
inherit config;
|
|
|
|
|
};
|
|
|
|
|
target = "ldap.conf";
|
2007-11-09 19:49:45 +01:00
|
|
|
|
}
|
2007-01-16 17:09:43 +01:00
|
|
|
|
|
2007-08-16 17:09:06 +02:00
|
|
|
|
# "sudo" configuration.
|
2007-11-09 19:49:45 +01:00
|
|
|
|
++ optional config.security.sudo.enable {
|
2007-08-16 17:09:06 +02:00
|
|
|
|
source = pkgs.runCommand "sudoers"
|
2007-11-09 19:49:45 +01:00
|
|
|
|
{ src = pkgs.writeText "sudoers-in" (config.security.sudo.configFile);
|
2007-08-16 17:09:06 +02:00
|
|
|
|
}
|
|
|
|
|
# Make sure that the sudoers file is syntactically valid.
|
2007-10-10 16:28:40 +02:00
|
|
|
|
# (currently disabled - NIXOS-66)
|
|
|
|
|
#"${pkgs.sudo}/sbin/visudo -f $src -c && cp $src $out";
|
|
|
|
|
"cp $src $out";
|
2007-08-16 17:09:06 +02:00
|
|
|
|
target = "sudoers";
|
|
|
|
|
mode = "0440";
|
2007-11-09 19:49:45 +01:00
|
|
|
|
}
|
2007-08-16 17:09:06 +02:00
|
|
|
|
|
2006-12-11 16:32:10 +01:00
|
|
|
|
# A bunch of PAM configuration files for various programs.
|
|
|
|
|
++ (map
|
|
|
|
|
(program:
|
2007-11-09 19:49:45 +01:00
|
|
|
|
let isLDAPEnabled = config.users.ldap.enable; in
|
2006-12-11 16:32:10 +01:00
|
|
|
|
{ source = pkgs.substituteAll {
|
2007-03-30 14:59:43 +02:00
|
|
|
|
src = ./pam.d + ("/" + program);
|
2007-06-10 22:02:07 +02:00
|
|
|
|
inherit (pkgs) pam_unix2 pam_console;
|
2007-01-16 17:09:43 +01:00
|
|
|
|
pam_ldap =
|
2007-06-10 22:02:07 +02:00
|
|
|
|
if isLDAPEnabled
|
2007-01-16 17:09:43 +01:00
|
|
|
|
then pkgs.pam_ldap
|
|
|
|
|
else "/no-such-path";
|
2007-01-16 23:25:28 +01:00
|
|
|
|
inherit (pkgs.xorg) xauth;
|
2008-07-16 18:01:09 +02:00
|
|
|
|
inherit pamConsoleHandlers;
|
2007-06-10 22:02:07 +02:00
|
|
|
|
isLDAPEnabled = if isLDAPEnabled then "" else "#";
|
2006-12-11 16:32:10 +01:00
|
|
|
|
};
|
|
|
|
|
target = "pam.d/" + program;
|
|
|
|
|
}
|
|
|
|
|
)
|
|
|
|
|
[
|
2008-04-01 12:16:35 +02:00
|
|
|
|
"atd"
|
2006-12-11 16:32:10 +01:00
|
|
|
|
"login"
|
2007-06-05 13:28:18 +02:00
|
|
|
|
"slim"
|
2007-01-11 16:32:48 +01:00
|
|
|
|
"su"
|
2007-07-09 13:21:04 +02:00
|
|
|
|
"sudo"
|
2006-12-16 22:48:12 +01:00
|
|
|
|
"other"
|
2006-12-11 16:32:10 +01:00
|
|
|
|
"passwd"
|
2006-12-16 22:48:12 +01:00
|
|
|
|
"shadow"
|
|
|
|
|
"sshd"
|
2008-03-06 15:38:17 +01:00
|
|
|
|
"lshd"
|
2006-12-11 16:32:10 +01:00
|
|
|
|
"useradd"
|
2007-02-26 22:18:13 +01:00
|
|
|
|
"chsh"
|
2008-03-06 14:52:10 +01:00
|
|
|
|
"xlock"
|
2008-06-20 15:32:39 +02:00
|
|
|
|
"kde"
|
2008-11-07 12:51:17 +01:00
|
|
|
|
"cups"
|
2009-02-28 21:01:56 +01:00
|
|
|
|
"ftp"
|
2007-01-30 16:03:43 +01:00
|
|
|
|
"common"
|
2007-06-10 22:02:07 +02:00
|
|
|
|
"common-console" # shared stuff for interactive local sessions
|
2006-12-11 16:32:10 +01:00
|
|
|
|
]
|
2007-03-30 14:55:09 +02:00
|
|
|
|
)
|
|
|
|
|
|
2007-11-15 18:16:16 +01:00
|
|
|
|
# List of machines for distributed Nix builds in the format expected
|
|
|
|
|
# by build-remote.pl.
|
|
|
|
|
++ optional config.nix.distributedBuilds {
|
|
|
|
|
source = pkgs.writeText "nix.machines"
|
|
|
|
|
(pkgs.lib.concatStrings (map (machine:
|
|
|
|
|
"${machine.sshUser}@${machine.hostName} ${machine.system} ${machine.sshKey} ${toString machine.maxJobs}\n"
|
|
|
|
|
) config.nix.buildMachines));
|
|
|
|
|
target = "nix.machines";
|
|
|
|
|
}
|
|
|
|
|
|
2008-06-12 01:06:53 +02:00
|
|
|
|
# unixODBC drivers (this solution is not perfect.. Because the user has to
|
|
|
|
|
# ask the admin to add a driver.. but it's an easy solution which works)
|
|
|
|
|
++ (let inis = config.environment.unixODBCDrivers pkgs;
|
2008-06-12 14:19:47 +02:00
|
|
|
|
in optional (inis != [] ) {
|
2008-06-12 01:06:53 +02:00
|
|
|
|
source = pkgs.writeText "odbcinst.ini" (pkgs.lib.concatStringsSep "\n" inis);
|
|
|
|
|
target = "odbcinst.ini";
|
|
|
|
|
})
|
|
|
|
|
|
2007-03-30 14:55:09 +02:00
|
|
|
|
# Additional /etc files declared by Upstart jobs.
|
|
|
|
|
++ extraEtc;
|
2007-02-26 22:18:13 +01:00
|
|
|
|
}
|