Commit graph

5010 commits

Author SHA1 Message Date
aszlig
b32ef4dbef
test-driver/Machine: Add new allowReboot flag.
This is to actually allow for the target machine to reboot, which could
come in handy for some VM tests in NixOps. Well, actually to be more
specific: We need it for the Hetzner NixOps backend test. :-)

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2013-07-31 23:25:09 +02:00
Domen Kožar
37136e4adf Merge pull request #201 from garbas/networkmanager
openconnect and vpnc NetworkManager plugins added
2013-07-31 12:06:15 -07:00
Eelco Dolstra
39f67d9d38 Hide kernel pointers for unprivileged users via kptr_restrict 2013-07-31 16:11:04 +02:00
Martin Bravenboer
7bd50185ff Support Nix's mandatoryFeatures
Extend the buildMachines option to support specification of
supportedFeatures and mandatoryFeatures in order to support all
configuration options of the nix.machines file.
2013-07-31 15:49:35 +02:00
Eelco Dolstra
24a44c98d2 bash: Disable hashing of command lookups in interactive shells
This just confuses people when (say) using multiple profiles.
Performance benefits for interactive shells are likely to be very
small anyway.
2013-07-31 14:55:24 +02:00
Eelco Dolstra
57c35c94ca Use the qemu-kvm wrapper 2013-07-31 14:53:27 +02:00
Rob Vermaas
7a32f2d15a Fix node_modules references in uptime module. 2013-07-31 13:35:21 +02:00
Rob Vermaas
9cf0a41925 fail2ban: move /var/run/fail2ban creation to activation script to be able to restrict the write locations for the service properly, add configuration files to the restartTriggers. 2013-07-31 11:22:48 +02:00
Rickard Nilsson
3ca7d7b291 Add OpenSMTPD service option 2013-07-30 10:20:56 +02:00
Rob Vermaas
96be2d5a7d Fix ReadWriteDirectories for fail2ban, added /var/tmp. 2013-07-28 18:33:57 +02:00
aszlig
5a2390327d
nixos-rebuild: Allow to use --repair.
Unfortunately, the flag only works directly and without the daemon, so
this adds an extra variable $repair, to avoid the daemon. This is to
avoid to iterate through the $extraBuildFlags just to test whether
"--repair" exists.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2013-07-26 06:23:49 +02:00
Eelco Dolstra
ef5e2be339 venus: Support https 2013-07-25 22:57:09 +02:00
Rob Vermaas
6adfb647ff Limit the capabilities of what fail2ban service can do. Taken from ArchLinux wiki. 2013-07-25 20:03:29 +02:00
Rob Vermaas
7e7392b8ad Limit the location where fail2ban service can write to (only /var/run/fail2ban). 2013-07-25 15:48:00 +02:00
Rob Vermaas
c5f6a08750 Make fail2ban a normal systemd service in nixos module. 2013-07-25 15:40:20 +02:00
Rok Garbas
73284567cc venus service: using systemd timer instead of cronjob 2013-07-24 00:20:37 +02:00
Rok Garbas
f9fbbb5d2f venus service better description 2013-07-23 23:04:55 +02:00
Rok Garbas
589b745fc6 new venus service 2013-07-23 22:42:12 +02:00
Eelco Dolstra
438b057eb3 Lower the default console log level
It used to be set to 7 (debug) so you get lots of crap on the console.
The new value of 4 is also what Ubuntu uses.  Red Hat uses 3.

A nice side effect is that it's more likely that the LUKS passphrase
prompt doesn't get clobbered by kernel log messages.
2013-07-23 22:18:25 +02:00
Eelco Dolstra
8dc09be07b Fix indentation / tabs 2013-07-23 22:18:25 +02:00
Rickard Nilsson
462e4255fa x11 session: Don't start pulseaudio if it already is running system-wide 2013-07-23 19:07:12 +02:00
Rickard Nilsson
cd0da98b03 pulseaudio service: Use the configured pulseaudio package instead of the default. 2013-07-23 19:07:07 +02:00
Rob Vermaas
4a0f707f71 New kernel iso/system_tarball now use 3.10 in stead of 3.7, which had been removed. 2013-07-23 10:09:41 +02:00
Rob Vermaas
2cb25bd65c Revert "Only include /bin/sh (not all of /bin) in the chroot"
This reverts commit 883d310bac.
2013-07-23 10:00:54 +02:00
Rob Vermaas
7163babe84 Revert "Allow specifying packages whose closures should be in the chroot"
This reverts commit be3d498b18.
2013-07-23 10:00:43 +02:00
Bjørn Forsman
8d596006dd Ensure /var/log/journal permission bits are set
Ensure permission bits are (re)set on each system activation with
explicit chmod call.

mkdir -m MODE PATH will only set the permission bits if PATH is
*created*, which means users that have old NixOS versions will continue
to have the old 700 permissions on /var/log/journal until they chmod
manually. With this commit the permissions will be set to 755 on system
activation.
2013-07-22 20:09:50 +02:00
Bjørn Forsman
38a4d6d6d7 apcupsd-service: "UPS daemon" => "APC UPS daemon" description update
Sometimes systemd only prints the service description. Then it is nice
to know which UPS daemon we're dealing with.
2013-07-22 14:58:51 +02:00
Bjørn Forsman
fe9ac2ca1c apcupsd-service: workaround for "A stop job is running for UPS daemon"
When apcupsd has initiated a shutdown, systemd always ends up waiting
for it to stop ("A stop job is running for UPS daemon"). This is weird,
because in the journal one can clearly see that apcupsd has received the
SIGTERM signal and has already quit (or so it seems). This reduces the
wait time from 90 seconds (default) to just 5. Then systemd kills it
with SIGKILL.
2013-07-22 14:57:28 +02:00
Bjørn Forsman
95e2006653 apcupsd-service: put UPS in hibernate mode when shutting down
This adds a special systemd service that calls "apcupsd --killpower"
(put UPS in hibernate mode) just before shutting down the system.
Without this command, the UPS will stay on until the battery is
completely empty.
2013-07-22 14:57:05 +02:00
Bjørn Forsman
d6e5484e2b apcupsd-service: create missing /run/apcupsd/ directory
apcupsd complains about this missing directory when it is starting the
shutdown procedure.
2013-07-22 14:54:27 +02:00
Bjørn Forsman
dc61694d01 apcupsd-service: add services.apcupsd.hooks option
Each attribute in this option should name an apcupsd event and the
string value it contains will be executed in a shell in response to that
event. See "man apccontrol" for the list of events and what they
represent.

Now it is easy to hook into the apcupsd event system:

  services.apcupsd.hooks = {
    onbattery  = ''# shell commands to run when the onbattery event is emitted'';
    doshutdown = ''# shell commands to notify that the computer is shutting down'';
  };
2013-07-22 14:19:21 +02:00
Peter Simons
6341a12587 modules/services/networking/dhcpcd.nix: add "extraConfig" option
This option allows administrators to add verbatim text to the generated
config file. I use this feature, for instance, to disable the default
route normally added by dhcpcd for certain interfaces.
2013-07-22 14:16:13 +02:00
Eelco Dolstra
c52fd85990 Set permissions on /var/log/journal properly
This makes the system journal readable by users in the
systemd-journal, wheel and adm groups.  It also allows users to read
their own journals.

Note that this doesn't change the permissions of existing journals.
2013-07-19 21:18:44 +02:00
Eelco Dolstra
bf21bbcf01 Mount /var and some other filesystems automatically in stage 1
Bad things happen if /var is mounted in a late stage.
2013-07-19 17:24:18 +02:00
Shea Levy
272d641f0c Documentation improvement
Signed-off-by: Shea Levy <shea@shealevy.com>
2013-07-19 11:22:46 -04:00
Shea Levy
be3d498b18 Allow specifying packages whose closures should be in the chroot
Signed-off-by: Shea Levy <shea@shealevy.com>
2013-07-19 11:21:05 -04:00
Shea Levy
883d310bac Only include /bin/sh (not all of /bin) in the chroot
Signed-off-by: Shea Levy <shea@shealevy.com>
2013-07-19 11:19:07 -04:00
Shea Levy
18de9f64ae Add uptime module
Signed-off-by: Shea Levy <shea@shealevy.com>
2013-07-18 19:25:35 -04:00
mornfall
b09a0a49a5 Merge pull request #204 from bjornfor/apcupsd-service
Add apcupsd service
2013-07-18 15:24:50 -07:00
Bjørn Forsman
44f1a8d8c7 Add apcupsd service
apcupsd is a daemon for controlling APC UPSes. It is very simple to
configure. If you have an USB based UPS, the default settings should be
useable without further adjustments:

  services.apcupsd.enable = true;

This will give you autodetection of USB UPSes, network access limited to
localhost (for security) and the shutdown sequence will be started when
the system when the battery level is below 50 percent, or when the UPS
has calculated that it has 5 minutes or less of remaining power-on time.

You can provide your own configuration file contents with this option:

  services.apcupsd.configText = "contents of apcupsd.conf";

Bug/annoyance 1: When apcupsd calls "wall" (on powerfail etc. events),
it prints an error message because stdout is not connected to a tty (it
is connected to the journal):

  wall: cannot get tty name: Inappropriate ioctl for device

The message still gets through though, to ctrl-alt-f[1-6] terminals.

Bug/annoyance 2: apcupsd tries to call "mail" (on powerfail etc.
events), and that fails because I'm not passing in any mail program at
the moment (because that would require more configuration options). A
solution to this would be to simply let the user fully configure the
apcupsd event handling logic in nix.
2013-07-17 21:23:09 +02:00
Eelco Dolstra
76160c6de7 Fix ISO generation
The volume label cannot be longer than 32 characters.
2013-07-17 19:34:06 +02:00
Eelco Dolstra
34628fe92b Fix the misc test 2013-07-17 19:24:27 +02:00
Eelco Dolstra
cf8f646f34 Disable the trac test
It hasn't worked in ages.
2013-07-17 15:28:36 +02:00
Eelco Dolstra
b83a3987c5 Include all of KDE in the KDE test 2013-07-17 14:54:25 +02:00
Eelco Dolstra
a6aba08d35 Bump the NixOS version number to 13.07
This is in preparation of making a stable release/branch.  The version
number is <YY>.<MM>, Ubuntu style, denoting the intended release
year/month.  It also has a release codename ("Aardvark").
2013-07-17 13:34:40 +02:00
Eelco Dolstra
6620a0f679 Fix the installer tests
E.g. http://hydra.nixos.org/build/5561399
2013-07-17 13:01:12 +02:00
Eelco Dolstra
c044375a0a Disable the mpich test
It hasn't succeeded in a long time.
2013-07-17 12:42:55 +02:00
Eelco Dolstra
90148d6fd1 Work around "Input/output error" opening /dev/ttyS0
E.g. http://hydra.nixos.org/build/5541847

This is a random occurence, maybe due to a race with something else.
So just retry until it works.
2013-07-16 15:04:32 +02:00
Eelco Dolstra
71a197bc6e Disable the installer.swraid test
This fails randomly for unknown reasons,
e.g. http://hydra.nixos.org/build/5542510.
2013-07-16 14:47:12 +02:00
Eelco Dolstra
10626bed8b Add a test for NFSv4
However it currently fails because locking seems to be broken with
NFSv4.
2013-07-16 14:44:13 +02:00