{ config, pkgs, upstartJobs, systemPath, wrapperDir , defaultShell, extraEtc, nixEnvVars, modulesTree, nssModulesPath, binsh }: let optional = pkgs.lib.optional; # !!! ugh, these files shouldn't be created here. pamConsoleHandlers = pkgs.writeText "console.handlers" '' console consoledevs /dev/tty[0-9][0-9]* :[0-9]\.[0-9] :[0-9] ${pkgs.pam_console}/sbin/pam_console_apply lock logfail wait -t tty -s -c ${pamConsolePerms} ${pkgs.pam_console}/sbin/pam_console_apply unlock logfail wait -r -t tty -s -c ${pamConsolePerms} ''; pamConsolePerms = ./security/console.perms; in import ../helpers/make-etc.nix { inherit (pkgs) stdenv; configFiles = [ { # TCP/UDP port assignments. source = pkgs.iana_etc + "/etc/services"; target = "services"; } { # IP protocol numbers. source = pkgs.iana_etc + "/etc/protocols"; target = "protocols"; } { # RPC program numbers. source = pkgs.glibc + "/etc/rpc"; target = "rpc"; } { # Hostname-to-IP mappings. source = pkgs.substituteAll { src = ./hosts; extraHosts = config.networking.extraHosts; }; target = "hosts"; } { # Name Service Switch configuration file. Required by the C library. source = if config.services.avahi.nssmdns then (assert config.services.avahi.enable; ./nsswitch-mdns.conf) else ./nsswitch.conf; target = "nsswitch.conf"; } { # Friendly greeting on the virtual consoles. source = pkgs.writeText "issue" '' ${config.services.mingetty.greetingLine} ${config.services.mingetty.helpLine} ''; target = "issue"; } { # Configuration for pwdutils (login, passwd, useradd, etc.). # You cannot login without it! source = ./login.defs; target = "login.defs"; } { # The Upstart events defined above. source = upstartJobs + "/etc/event.d"; target = "event.d"; } { # Configuration for passwd and friends (e.g., hash algorithm # for /etc/passwd). source = ./default/passwd; target = "default/passwd"; } { # Configuration for useradd. source = pkgs.substituteAll { src = ./default/useradd; inherit defaultShell; }; target = "default/useradd"; } { # Dhclient hooks for emitting ip-up/ip-down events. source = pkgs.substituteAll { src = ./dhclient-exit-hooks; inherit (pkgs) upstart glibc; }; target = "dhclient-exit-hooks"; } { # Script executed when the shell starts as a non-login shell (system-wide version). source = pkgs.substituteAll { src = ./bashrc.sh; inherit systemPath wrapperDir modulesTree nssModulesPath; inherit (pkgs) glibc; timeZone = config.time.timeZone; defaultLocale = config.i18n.defaultLocale; inherit nixEnvVars; }; target = "bashrc"; } { # Script executed when the shell starts as a login shell. source = ./profile.sh; target = "profile"; } { # Configuration for readline in bash. source = ./inputrc; target = "inputrc"; } { # Nix configuration. source = let # Tricky: if we're using a chroot for builds, then we need # /bin/sh in the chroot (our own compromise to purity). # However, since /bin/sh is a symlink to some path in the # Nix store, which furthermore has runtime dependencies on # other paths in the store, we need the closure of /bin/sh # in `build-chroot-dirs' - otherwise any builder that uses # /bin/sh won't work. binshDeps = pkgs.writeReferencesToFile binsh; # Likewise, if chroots are turned on, we need Nix's own # closure in the chroot. Otherwise nix-channel and nix-env # won't work because the dependencies of its builders (like # coreutils and Perl) aren't visible. Sigh. nixDeps = pkgs.writeReferencesToFile config.environment.nix; in pkgs.runCommand "nix.conf" {extraOptions = config.nix.extraOptions; } '' extraPaths=$(for i in $(cat ${binshDeps} ${nixDeps}); do if test -d $i; then echo $i; fi; done) cat > $out <