diff --git a/modules/config/krb5.nix b/modules/config/krb5.nix
new file mode 100644
index 000000000000..960ef8500840
--- /dev/null
+++ b/modules/config/krb5.nix
@@ -0,0 +1,185 @@
+{pkgs, config, ...}:
+
+###### interface
+let
+ inherit (pkgs.lib) mkOption mkIf;
+
+ cfg = config.krb5;
+
+ #myPkgs = import /home/nixer/nix/my-expr.nix { system = "x86_64-linux"; };
+
+ options = {
+ krb5 = {
+
+ enable = mkOption {
+ default = false;
+ description = "Whether to enable Kerberos V.";
+ };
+
+ defaultRealm = mkOption {
+ default = "ATENA.MIT.EDU";
+ description = "Default realm.";
+ };
+
+ kdc = mkOption {
+ default = "kerberos.mit.edu";
+ description = "Kerberos Domain Controller";
+ };
+
+ kerberosAdminServer = mkOption {
+ default = "kerberos.mit.edu";
+ description = "Kerberos Admin Server";
+ };
+
+ };
+ };
+in
+
+###### implementation
+
+mkIf config.krb5.enable {
+ require = [
+ options
+ ];
+
+ environment = {
+ systemPackages = [ pkgs.krb5 ];
+ etc = [
+ { source = pkgs.writeText "krb5.conf"
+ ''
+[libdefaults]
+ default_realm = ${cfg.defaultRealm}
+
+# The following krb5.conf variables are only for MIT Kerberos.
+ krb4_config = /etc/krb.conf
+ krb4_realms = /etc/krb.realms
+ kdc_timesync = 1
+ ccache_type = 4
+ forwardable = true
+ proxiable = true
+
+# The following encryption type specification will be used by MIT Kerberos
+# if uncommented. In general, the defaults in the MIT Kerberos code are
+# correct and overriding these specifications only serves to disable new
+# encryption types as they are added, creating interoperability problems.
+
+# default_tgs_enctypes = aes256-cts arcfour-hmac-md5 des3-hmac-sha1 des-cbc-crc des-cbc-md5
+# default_tkt_enctypes = aes256-cts arcfour-hmac-md5 des3-hmac-sha1 des-cbc-crc des-cbc-md5
+# permitted_enctypes = aes256-cts arcfour-hmac-md5 des3-hmac-sha1 des-cbc-crc des-cbc-md5
+
+# The following libdefaults parameters are only for Heimdal Kerberos.
+ v4_instance_resolve = false
+ v4_name_convert = {
+ host = {
+ rcmd = host
+ ftp = ftp
+ }
+ plain = {
+ something = something-else
+ }
+ }
+ fcc-mit-ticketflags = true
+
+[realms]
+ ${cfg.defaultRealm} = {
+ kdc = ${cfg.kdc}
+ admin_server = ${cfg.kerberosAdminServer}
+ }
+ ATHENA.MIT.EDU = {
+ kdc = kerberos.mit.edu:88
+ kdc = kerberos-1.mit.edu:88
+ kdc = kerberos-2.mit.edu:88
+ admin_server = kerberos.mit.edu
+ default_domain = mit.edu
+ }
+ MEDIA-LAB.MIT.EDU = {
+ kdc = kerberos.media.mit.edu
+ admin_server = kerberos.media.mit.edu
+ }
+ ZONE.MIT.EDU = {
+ kdc = casio.mit.edu
+ kdc = seiko.mit.edu
+ admin_server = casio.mit.edu
+ }
+ MOOF.MIT.EDU = {
+ kdc = three-headed-dogcow.mit.edu:88
+ kdc = three-headed-dogcow-1.mit.edu:88
+ admin_server = three-headed-dogcow.mit.edu
+ }
+ CSAIL.MIT.EDU = {
+ kdc = kerberos-1.csail.mit.edu
+ kdc = kerberos-2.csail.mit.edu
+ admin_server = kerberos.csail.mit.edu
+ default_domain = csail.mit.edu
+ krb524_server = krb524.csail.mit.edu
+ }
+ IHTFP.ORG = {
+ kdc = kerberos.ihtfp.org
+ admin_server = kerberos.ihtfp.org
+ }
+ GNU.ORG = {
+ kdc = kerberos.gnu.org
+ kdc = kerberos-2.gnu.org
+ kdc = kerberos-3.gnu.org
+ admin_server = kerberos.gnu.org
+ }
+ 1TS.ORG = {
+ kdc = kerberos.1ts.org
+ admin_server = kerberos.1ts.org
+ }
+ GRATUITOUS.ORG = {
+ kdc = kerberos.gratuitous.org
+ admin_server = kerberos.gratuitous.org
+ }
+ DOOMCOM.ORG = {
+ kdc = kerberos.doomcom.org
+ admin_server = kerberos.doomcom.org
+ }
+ ANDREW.CMU.EDU = {
+ kdc = vice28.fs.andrew.cmu.edu
+ kdc = vice2.fs.andrew.cmu.edu
+ kdc = vice11.fs.andrew.cmu.edu
+ kdc = vice12.fs.andrew.cmu.edu
+ admin_server = vice28.fs.andrew.cmu.edu
+ default_domain = andrew.cmu.edu
+ }
+ CS.CMU.EDU = {
+ kdc = kerberos.cs.cmu.edu
+ kdc = kerberos-2.srv.cs.cmu.edu
+ admin_server = kerberos.cs.cmu.edu
+ }
+ DEMENTIA.ORG = {
+ kdc = kerberos.dementia.org
+ kdc = kerberos2.dementia.org
+ admin_server = kerberos.dementia.org
+ }
+ stanford.edu = {
+ kdc = krb5auth1.stanford.edu
+ kdc = krb5auth2.stanford.edu
+ kdc = krb5auth3.stanford.edu
+ admin_server = krb5-admin.stanford.edu
+ default_domain = stanford.edu
+ }
+
+[domain_realm]
+ .mit.edu = ATHENA.MIT.EDU
+ mit.edu = ATHENA.MIT.EDU
+ .media.mit.edu = MEDIA-LAB.MIT.EDU
+ media.mit.edu = MEDIA-LAB.MIT.EDU
+ .csail.mit.edu = CSAIL.MIT.EDU
+ csail.mit.edu = CSAIL.MIT.EDU
+ .whoi.edu = ATHENA.MIT.EDU
+ whoi.edu = ATHENA.MIT.EDU
+ .stanford.edu = stanford.edu
+
+[login]
+ krb4_convert = true
+ krb4_get_tickets = false
+
+ '';
+ target = "krb5.conf";
+ }
+ ];
+ };
+
+}
diff --git a/modules/installer/generations-dir/generations-dir-builder.sh b/modules/installer/generations-dir/generations-dir-builder.sh
index 80f2b638e51e..2dbe13567533 100644
--- a/modules/installer/generations-dir/generations-dir-builder.sh
+++ b/modules/installer/generations-dir/generations-dir-builder.sh
@@ -68,18 +68,31 @@ addEntry() {
mkdir -p $outdir
ln -sf $(readlink -f $path) $outdir/system
ln -sf $(readlink -f $path/init) $outdir/init
- ln -sf $(readlink -f $path/initrd) $outdir/initrd
- ln -sf $(readlink -f $path/kernel) $outdir/kernel
+ ln -sf $initrd $outdir/initrd
+ ln -sf $kernel $outdir/kernel
if test $(readlink -f "$path") = "$default"; then
cp "$kernel" /boot/nixos-kernel
cp "$initrd" /boot/nixos-initrd
cp "$(readlink -f "$path/init")" /boot/nixos-init
+
mkdir -p /boot/default
+ if [ -e /boot/default/system ];
+ rm /boot/default/system
+ fi
ln -sf $(readlink -f $path) /boot/default/system
+ if [ -e /boot/default/init ];
+ rm /boot/default/init
+ fi
ln -sf $(readlink -f $path/init) /boot/default/init
- ln -sf $(readlink -f $path/initrd) /boot/default/initrd
- ln -sf $(readlink -f $path/kernel) /boot/default/kernel
+ if [ -e /boot/default/initrd ];
+ rm /boot/default/initrd
+ fi
+ ln -sf $initrd /boot/default/initrd
+ if [ -e /boot/default/kernel ];
+ rm /boot/default/kernel
+ fi
+ ln -sf $kernel /boot/default/kernel
fi
}
diff --git a/modules/installer/generations-dir/generations-dir.nix b/modules/installer/generations-dir/generations-dir.nix
index 7ee7a1828da3..4b999a8d5a4d 100644
--- a/modules/installer/generations-dir/generations-dir.nix
+++ b/modules/installer/generations-dir/generations-dir.nix
@@ -41,6 +41,9 @@ let
inherit (config.boot.loader.generationsDir) copyKernels;
};
+ # Temporary check, for nixos to cope both with nixpkgs stdenv-updates and trunk
+ platform = (if pkgs ? platform then pkgs.platform else
+ { name = "pc"; uboot = null; });
in
{
require = [
@@ -55,6 +58,9 @@ in
menuBuilder = generationsDirBuilder;
};
boot.loader.id = "generationsDir";
- boot.loader.kernelFile = "uImage";
+ boot.loader.kernelFile = (
+ if (platform.name == "sheevaplug") then "uImage"
+ else if (platform.name == "versatileARM") then "zImage"
+ else "vmlinuz");
};
}
diff --git a/modules/module-list.nix b/modules/module-list.nix
index 8c5cdcfd9dd4..b69012f07e4b 100644
--- a/modules/module-list.nix
+++ b/modules/module-list.nix
@@ -1,5 +1,6 @@
[ ./config/fonts.nix
./config/i18n.nix
+ ./config/krb5.nix
./config/ldap.nix
./config/networking.nix
./config/no-x-libs.nix
@@ -93,8 +94,6 @@
./services/ttys/gpm.nix
./services/ttys/mingetty.nix
./services/web-servers/apache-httpd/default.nix
- ./services/web-servers/apache-httpd/per-server-options.nix
- ./services/web-servers/apache-httpd/services.nix
./services/web-servers/jboss.nix
./services/web-servers/tomcat.nix
./services/x11/desktop-managers/default.nix
@@ -122,6 +121,7 @@
./system/activation/activation-script.nix
./system/activation/top-level.nix
./system/boot/kernel.nix
+ ./system/boot/modprobe.nix
./system/boot/stage-1.nix
./system/boot/stage-2.nix
./system/etc/etc.nix
diff --git a/modules/services/network-filesystems/samba.nix b/modules/services/network-filesystems/samba.nix
index 6e9cd391597c..814ca7e23164 100644
--- a/modules/services/network-filesystems/samba.nix
+++ b/modules/services/network-filesystems/samba.nix
@@ -28,7 +28,7 @@ let
mkdir -p /var/samba/locks /var/samba/cores/nmbd /var/samba/cores/smbd /var/samba/cores/winbindd
fi
- passwdFile="$(sed -n 's/^.*smb[ ]\+passwd[ ]\+file[ ]\+=[ ]\+\(.*\)/\1/p' /nix/store/nnmrqalldfv2vkwy6qpg340rv7w34lmp-smb.conf)"
+ passwdFile="$(sed -n 's/^.*smb[ ]\+passwd[ ]\+file[ ]\+=[ ]\+\(.*\)/\1/p' ${configFile})"
if [ -n "$passwdFile" ]; then
echo 'INFO: creating directory containing passwd file'
mkdir -p "$(dirname "$passwdFile")"
diff --git a/modules/services/web-servers/apache-httpd/default.nix b/modules/services/web-servers/apache-httpd/default.nix
index 107340c45868..c70d99db9641 100644
--- a/modules/services/web-servers/apache-httpd/default.nix
+++ b/modules/services/web-servers/apache-httpd/default.nix
@@ -10,7 +10,7 @@ let
httpd = pkgs.apacheHttpd;
- getPort = cfg: cfg.port;
+ getPort = cfg: if cfg.port != 0 then cfg.port else if cfg.enableSSL then 443 else 80;
extraModules = attrByPath ["extraModules"] [] mainCfg;
extraForeignModules = filter builtins.isAttrs extraModules;
@@ -33,22 +33,45 @@ let
fullConfig = config; # machine config
};
- vhosts = mainCfg.virtualHosts;
+
+ vhostOptions = import ./per-server-options.nix {
+ inherit mkOption;
+ forMainServer = false;
+ };
+
+ vhosts = let
+ makeVirtualHost = cfgIn:
+ let
+ # Fill in defaults for missing options.
+ cfg = addDefaultOptionValues vhostOptions cfgIn;
+ in cfg;
+ in map makeVirtualHost mainCfg.virtualHosts;
+
allHosts = [mainCfg] ++ vhosts;
- # !!! This should be replaced by sub-modules to allow non-intrusive
- # extensions of NixOS.
+
callSubservices = serverInfo: defs:
let f = svc:
- rec {
- config =
- if res ? options then
- addDefaultOptionValues res.options svc.configuration
- else
- svc.configuration;
- res = svc // svc.function {inherit config pkgs serverInfo servicesPath;};
- }.res;
+ let
+ svcFunction =
+ if svc ? function then svc.function
+ else import "${./.}/${if svc ? serviceType then svc.serviceType else svc.serviceName}.nix";
+ config = addDefaultOptionValues res.options
+ (if svc ? config then svc.config else svc);
+ defaults = {
+ extraConfig = "";
+ extraModules = [];
+ extraModulesPre = [];
+ extraPath = [];
+ extraServerPath = [];
+ globalEnvVars = [];
+ robotsEntries = "";
+ startupScript = "";
+ options = {};
+ };
+ res = defaults // svcFunction {inherit config pkgs serverInfo servicesPath;};
+ in res;
in map f defs;
@@ -354,6 +377,13 @@ in
";
};
+ extraConfig = mkOption {
+ default = "";
+ description = "
+ These configuration lines will be passed verbatim to the apache config
+ ";
+ };
+
extraModules = mkOption {
default = [];
example = [ "proxy_connect" { name = "php5"; path = "${pkgs.php}/modules/libphp5.so"; } ];
@@ -416,7 +446,109 @@ in
";
};
- };
+ virtualHosts = mkOption {
+ default = [];
+ example = [
+ { hostName = "foo";
+ documentRoot = "/data/webroot-foo";
+ }
+ { hostName = "bar";
+ documentRoot = "/data/webroot-bar";
+ }
+ ];
+ description = ''
+ Specification of the virtual hosts served by Apache. Each
+ element should be an attribute set specifying the
+ configuration of the virtual host. The available options
+ are the non-global options permissible for the main host.
+ '';
+ };
+
+
+ subservices = {
+
+ # !!! remove this
+ subversion = {
+
+ enable = mkOption {
+ default = false;
+ description = "
+ Whether to enable the Subversion subservice in the webserver.
+ ";
+ };
+
+ notificationSender = mkOption {
+ default = "svn-server@example.org";
+ example = "svn-server@example.org";
+ description = "
+ The email address used in the Sender field of commit
+ notification messages sent by the Subversion subservice.
+ ";
+ };
+
+ userCreationDomain = mkOption {
+ default = "example.org";
+ example = "example.org";
+ description = "
+ The domain from which user creation is allowed. A client can
+ only create a new user account if its IP address resolves to
+ this domain.
+ ";
+ };
+
+ autoVersioning = mkOption {
+ default = false;
+ description = "
+ Whether you want the Subversion subservice to support
+ auto-versioning, which enables Subversion repositories to be
+ mounted as read/writable file systems on operating systems that
+ support WebDAV.
+ ";
+ };
+
+ dataDir = mkOption {
+ default = "/no/such/path/exists";
+ description = "
+ Place to put SVN repository.
+ ";
+ };
+
+ organization = {
+
+ name = mkOption {
+ default = null;
+ description = "
+ Name of the organization hosting the Subversion service.
+ ";
+ };
+
+ url = mkOption {
+ default = null;
+ description = "
+ URL of the website of the organization hosting the Subversion service.
+ ";
+ };
+
+ logo = mkOption {
+ default = null;
+ description = "
+ Logo the organization hosting the Subversion service.
+ ";
+ };
+
+ };
+
+ };
+
+ };
+
+ }
+
+ # Include the options shared between the main server and virtual hosts.
+ // (import ./per-server-options.nix {
+ inherit mkOption;
+ forMainServer = true;
+ });
};
diff --git a/modules/services/web-servers/apache-httpd/per-server-options.nix b/modules/services/web-servers/apache-httpd/per-server-options.nix
index 6e98b8685fa1..8a2ee0e849a8 100644
--- a/modules/services/web-servers/apache-httpd/per-server-options.nix
+++ b/modules/services/web-servers/apache-httpd/per-server-options.nix
@@ -3,180 +3,136 @@
# has additional options that affect the web server as a whole, like
# the user/group to run under.)
-{options, config, pkgs, ...}:
-
-let
- inherit (pkgs.lib) mkOption addDefaultOptionValues types;
-
- mainServerArgs = {
- config = config.services.httpd;
- options = options.services.httpd;
- };
-
-
- perServerOptions = {forMainServer}: {config, ...}: {
-
- hostName = mkOption {
- default = "localhost";
- description = "
- Canonical hostname for the server.
- ";
- };
-
- serverAliases = mkOption {
- default = [];
- example = ["www.example.org" "www.example.org:8080" "example.org"];
- description = "
- Additional names of virtual hosts served by this virtual host configuration.
- ";
- };
-
- port = mkOption {
- default = if config.enableSSL then 443 else 80;
- type = with types; uniq int;
- description = "
- Port for the server. The default port depends on the
- option of this server. (80 for http and
- 443 for https).
- ";
- };
-
- enableSSL = mkOption {
- default = false;
- description = "
- Whether to enable SSL (https) support.
- ";
- };
-
- # Note: sslServerCert and sslServerKey can be left empty, but this
- # only makes sense for virtual hosts (they will inherit from the
- # main server).
-
- sslServerCert = mkOption {
- default = "";
- example = "/var/host.cert";
- description = "
- Path to server SSL certificate.
- ";
- };
-
- sslServerKey = mkOption {
- default = "";
- example = "/var/host.key";
- description = "
- Path to server SSL certificate key.
- ";
- };
-
- adminAddr = mkOption ({
- example = "admin@example.org";
- description = "
- E-mail address of the server administrator.
- ";
- } // (if forMainServer then {} else {default = "";}));
-
- documentRoot = mkOption {
- default = null;
- example = "/data/webserver/docs";
- description = "
- The path of Apache's document root directory. If left undefined,
- an empty directory in the Nix store will be used as root.
- ";
- };
-
- servedDirs = mkOption {
- default = [];
- example = [
- { urlPath = "/nix";
- dir = "/home/eelco/Dev/nix-homepage";
- }
- ];
- description = "
- This option provides a simple way to serve static directories.
- ";
- };
-
- servedFiles = mkOption {
- default = [];
- example = [
- { urlPath = "/foo/bar.png";
- dir = "/home/eelco/some-file.png";
- }
- ];
- description = "
- This option provides a simple way to serve individual, static files.
- ";
- };
-
- extraConfig = mkOption {
- default = "";
- example = ''
-
- Options FollowSymlinks
- AllowOverride All
-
- '';
- description = "
- These lines go to httpd.conf verbatim. They will go after
- directories and directory aliases defined by default.
- ";
- };
-
- enableUserDir = mkOption {
- default = false;
- description = "
- Whether to enable serving ~/public_html as
- /~username.
- ";
- };
-
- globalRedirect = mkOption {
- default = "";
- example = http://newserver.example.org/;
- description = "
- If set, all requests for this host are redirected permanently to
- the given URL.
- ";
- };
-
- };
-
-
- vhostOptions = perServerOptions {
- forMainServer = false;
- };
-
-in
+{forMainServer, mkOption}:
{
- options = {
- services.httpd = {
- virtualHosts = mkOption {
- default = [];
- example = [
- { hostName = "foo";
- documentRoot = "/data/webroot-foo";
- }
- { hostName = "bar";
- documentRoot = "/data/webroot-bar";
- }
- ];
- type = with types; listOf optionSet;
- description = ''
- Specification of the virtual hosts served by Apache. Each
- element should be an attribute set specifying the
- configuration of the virtual host. The available options
- are the non-global options permissible for the main host.
- '';
-
- options = [
- vhostOptions
- ];
- };
-
- }
- // perServerOptions {forMainServer = true;} mainServerArgs
- ;
+ hostName = mkOption {
+ default = "localhost";
+ description = "
+ Canonical hostname for the server.
+ ";
};
+
+ serverAliases = mkOption {
+ default = [];
+ example = ["www.example.org" "www.example.org:8080" "example.org"];
+ description = "
+ Additional names of virtual hosts served by this virtual host configuration.
+ ";
+ };
+
+ port = mkOption {
+ default = 0;
+ description = "
+ Port for the server. 0 means use the default port: 80 for http
+ and 443 for https (i.e. when enableSSL is set).
+ ";
+ };
+
+ enableSSL = mkOption {
+ default = false;
+ description = "
+ Whether to enable SSL (https) support.
+ ";
+ };
+
+ # Note: sslServerCert and sslServerKey can be left empty, but this
+ # only makes sense for virtual hosts (they will inherit from the
+ # main server).
+
+ sslServerCert = mkOption {
+ default = "";
+ example = "/var/host.cert";
+ description = "
+ Path to server SSL certificate.
+ ";
+ };
+
+ sslServerKey = mkOption {
+ default = "";
+ example = "/var/host.key";
+ description = "
+ Path to server SSL certificate key.
+ ";
+ };
+
+ adminAddr = mkOption ({
+ example = "admin@example.org";
+ description = "
+ E-mail address of the server administrator.
+ ";
+ } // (if forMainServer then {} else {default = "";}));
+
+ documentRoot = mkOption {
+ default = null;
+ example = "/data/webserver/docs";
+ description = "
+ The path of Apache's document root directory. If left undefined,
+ an empty directory in the Nix store will be used as root.
+ ";
+ };
+
+ servedDirs = mkOption {
+ default = [];
+ example = [
+ { urlPath = "/nix";
+ dir = "/home/eelco/Dev/nix-homepage";
+ }
+ ];
+ description = "
+ This option provides a simple way to serve static directories.
+ ";
+ };
+
+ servedFiles = mkOption {
+ default = [];
+ example = [
+ { urlPath = "/foo/bar.png";
+ dir = "/home/eelco/some-file.png";
+ }
+ ];
+ description = "
+ This option provides a simple way to serve individual, static files.
+ ";
+ };
+
+ extraConfig = mkOption {
+ default = "";
+ example = ''
+
+ Options FollowSymlinks
+ AllowOverride All
+
+ '';
+ description = "
+ These lines go to httpd.conf verbatim. They will go after
+ directories and directory aliases defined by default.
+ ";
+ };
+
+ extraSubservices = mkOption {
+ default = [];
+ description = "
+ Extra subservices to enable in the webserver.
+ ";
+ };
+
+ enableUserDir = mkOption {
+ default = false;
+ description = "
+ Whether to enable serving ~/public_html as
+ /~username.
+ ";
+ };
+
+ globalRedirect = mkOption {
+ default = "";
+ example = http://newserver.example.org/;
+ description = "
+ If set, all requests for this host are redirected permanently to
+ the given URL.
+ ";
+ };
+
}
diff --git a/modules/services/web-servers/apache-httpd/services.nix b/modules/services/web-servers/apache-httpd/services.nix
deleted file mode 100644
index a8b69be636ea..000000000000
--- a/modules/services/web-servers/apache-httpd/services.nix
+++ /dev/null
@@ -1,129 +0,0 @@
-{options, config, pkgs, ...}:
-
-let
- inherit (pkgs.lib) mkOption addDefaultOptionValues types;
-
- mainServerArgs = {
- config = config.services.httpd;
- options = options.services.httpd;
- };
-
- subServiceOptions = {options, config, ...}: {
- options = {
-
- extraConfig = mkOption {
- default = "";
- description = "Not documented yet.";
- };
-
- extraModules = mkOption {
- default = [];
- description = "Not documented yet.";
- };
-
- extraModulesPre = mkOption {
- default = [];
- description = "Not documented yet.";
- };
-
- extraPath = mkOption {
- default = [];
- description = "Not documented yet.";
- };
-
- extraServerPath = mkOption {
- default = [];
- description = "Not documented yet.";
- };
-
- globalEnvVars = mkOption {
- default = [];
- description = "Not documented yet.";
- };
-
- robotsEntries = mkOption {
- default = "";
- description = "Not documented yet.";
- };
-
- startupScript = mkOption {
- default = "";
- description = "Not documented yet.";
- };
-
-
- serviceType = mkOption {
- description = "Obsolete name of .";
- # serviceType is the old name of serviceName.
- apply = x: config.serviceName;
- };
-
- serviceName = mkOption {
- example = "trac";
- description = "
- (Deprecated)
-
- Identify a service by the name of the file containing it. The
- service expression is contained inside
- ./modules/services/web-servers/apache-httpd
- directory.
-
- Due to lack of documentation, this option will be replaced by
- enable flags.
- ";
-
- # serviceName is the new name of serviceType.
- extraConfigs = map (def: def.value) options.serviceType.definitions;
- };
-
- function = mkOption {
- default = null;
- description = "
- (Deprecated) Add a function which configure the current sub-service.
- ";
- apply = f:
- if isNull f then
- import "${./.}/${config.serviceName}.nix"
- else
- f;
- };
-
- configuration = mkOption {
- default = {};
- description = "
- (Deprecated) Define option values of the current sub-service.
- ";
- };
-
- };
- };
-
-
- perServerOptions = {config, ...}: {
-
- extraSubservices = mkOption {
- default = [];
- type = with types; listOf optionSet;
- description = "
- Extra subservices to enable in the webserver.
- ";
- options = [ subServiceOptions ];
- };
-
- };
-
-in
-
-{
- options = {
- services.httpd = {
-
- virtualHosts = mkOption {
- options = [ perServerOptions ];
- };
-
- }
- // perServerOptions mainServerArgs
- ;
- };
-}
diff --git a/modules/services/x11/xserver.nix b/modules/services/x11/xserver.nix
index ff288f3b1b0b..be0fb3bcecff 100644
--- a/modules/services/x11/xserver.nix
+++ b/modules/services/x11/xserver.nix
@@ -19,12 +19,12 @@ let
intel = { modules = [ xorg.xf86videointel ]; };
nv = { modules = [ xorg.xf86videonv ]; };
nvidia = { modules = [ kernelPackages.nvidia_x11 ]; };
- nvidiaLegacy = { modules = [ kernelPackages.nvidia_x11_legacy ]; name = "nvidia"; };
+ nvidiaLegacy = { modules = [ kernelPackages.nvidia_x11_legacy ]; driverName = "nvidia"; };
openchrome = { modules = [ xorg.xf86videoopenchrome ]; };
sis = { modules = [ xorg.xf86videosis ]; };
unichrome = { modules = [ pkgs.xorgVideoUnichrome ]; };
vesa = { modules = [ xorg.xf86videovesa ]; };
- virtualbox = { modules = [ kernelPackages.virtualboxGuestAdditions ]; name = "vboxvideo"; };
+ virtualbox = { modules = [ kernelPackages.virtualboxGuestAdditions ]; driverName = "vboxvideo"; };
vmware = { modules = [ xorg.xf86videovmware ]; };
};
@@ -32,7 +32,7 @@ let
optional (cfg.videoDriver != null) cfg.videoDriver ++ cfg.videoDrivers;
drivers = flip map driverNames
- (name: { inherit name; } //
+ (name: { inherit name; driverName = name; } //
attrByPath [name] (throw "unknown video driver `${name}'") knownVideoDrivers);
@@ -179,6 +179,9 @@ in
};
videoDrivers = mkOption {
+ # !!! We'd like "nv" here, but it segfaults the X server. Idem for
+ # "vmware".
+ default = [ "ati" "cirrus" "intel" "vesa" ];
example = [ "vesa" ];
description = ''
The names of the video drivers that the X server should
@@ -453,7 +456,7 @@ in
Section "Device"
Identifier "Device-${driver.name}[0]"
- Driver "${driver.name}"
+ Driver "${driver.driverName}"
${optionalString (driver.name == "nvidiaLegacy") ''
# This option allows suspending with a nvidiaLegacy card
Option "NvAGP" "1"
@@ -495,10 +498,6 @@ in
'')}
'';
- # The default set of supported video drivers. !!! We'd like "nv"
- # here, but it segfaults the X server. Idem for "vmware".
- services.xserver.videoDrivers = [ "ati" "cirrus" "intel" "vesa" ];
-
};
}
diff --git a/modules/system/activation/top-level.nix b/modules/system/activation/top-level.nix
index 1f17702b408d..1d1fef299021 100644
--- a/modules/system/activation/top-level.nix
+++ b/modules/system/activation/top-level.nix
@@ -65,6 +65,7 @@ let
if [ ! -f ${kernelPath} ]; then
echo "The bootloader cannot find the proper kernel image."
echo "(Expecting ${kernelPath})"
+ false
fi
ln -s ${kernelPath} $out/kernel
if [ -n "$grub" ]; then
diff --git a/modules/system/boot/kernel.nix b/modules/system/boot/kernel.nix
index ea6f28124859..d7facd765195 100644
--- a/modules/system/boot/kernel.nix
+++ b/modules/system/boot/kernel.nix
@@ -1,8 +1,9 @@
-{pkgs, config, ...}:
+{ config, pkgs, ... }:
+
+with pkgs.lib;
###### interface
let
- inherit (pkgs.lib) mkOption;
options = {
boot = {
@@ -148,31 +149,12 @@ let
built outside of the kernel. Combine these into a single tree of
symlinks because modprobe only supports one directory.
";
- merge = pkgs.lib.mergeListOption;
+ merge = mergeListOption;
# Convert the list of path to only one path.
apply = pkgs.aggregateModules;
};
- system.sbin.modprobe = mkOption {
- # should be moved in module-init-tools
- internal = true;
- default = pkgs.writeTextFile {
- name = "modprobe";
- destination = "/sbin/modprobe";
- executable = true;
- text =
- ''
- #! ${pkgs.stdenv.shell}
- export MODULE_DIR=${config.system.modulesTree}/lib/modules
- exec ${pkgs.module_init_tools}/sbin/modprobe "$@"
- '';
- };
- description = ''
- Wrapper around modprobe that sets the path to the modules
- tree.
- '';
- };
};
in
diff --git a/modules/system/boot/modprobe.nix b/modules/system/boot/modprobe.nix
new file mode 100644
index 000000000000..520a7b197679
--- /dev/null
+++ b/modules/system/boot/modprobe.nix
@@ -0,0 +1,87 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+# blacklist "cirrusfb" "i2c_piix4"
+
+{
+
+ ###### interface
+
+ options = {
+
+ system.sbin.modprobe = mkOption {
+ # should be moved in module-init-tools
+ internal = true;
+ default = pkgs.writeTextFile {
+ name = "modprobe";
+ destination = "/sbin/modprobe";
+ executable = true;
+ text =
+ ''
+ #! ${pkgs.stdenv.shell}
+ export MODULE_DIR=${config.system.modulesTree}/lib/modules
+ exec ${pkgs.module_init_tools}/sbin/modprobe "$@"
+ '';
+ };
+ description = ''
+ Wrapper around modprobe that sets the path to the modules
+ tree.
+ '';
+ };
+
+ boot.blacklistedKernelModules = mkOption {
+ default = [];
+ example = [ "cirrusfb" "i2c_piix4" ];
+ description = ''
+ List of names of kernel modules that should not be loaded
+ automatically by the hardware probing code.
+ '';
+ };
+
+ boot.extraModprobeConfig = mkOption {
+ default = "";
+ example =
+ ''
+ options parport_pc io=0x378 irq=7 dma=1
+ '';
+ description = ''
+ Any additional configuration to be appended to the generated
+ modprobe.conf. This is typically used to
+ specify module options. See
+ modprobe.conf
+ 5 for details.
+ '';
+ };
+
+ };
+
+
+ ###### implementation
+
+ config = {
+
+ environment.etc = singleton
+ { source = pkgs.writeText "modprobe.conf"
+ ''
+ ${flip concatMapStrings config.boot.blacklistedKernelModules (name: ''
+ blacklist ${name}
+ '')}
+ ${config.boot.extraModprobeConfig}
+ '';
+ target = "modprobe.conf";
+ };
+
+ boot.blacklistedKernelModules =
+ [ # This module is for debugging and generates gigantic amounts
+ # of log output, so it should never be loaded automatically.
+ "evbug"
+
+ # !!! Hm, Ubuntu blacklists all framebuffer devices because
+ # they're "buggy" and cause suspend problems. Maybe we should
+ # too?
+ ];
+
+ };
+
+}
diff --git a/tests/subversion.nix b/tests/subversion.nix
index 5fed5ba77c42..82ada4576ebd 100644
--- a/tests/subversion.nix
+++ b/tests/subversion.nix
@@ -56,11 +56,9 @@ rec {
services.httpd.adminAddr = "e.dolstra@tudelft.nl";
services.httpd.extraSubservices =
[ { serviceType = "subversion";
- configuration = {
- urlPrefix = "";
- dataDir = "/data/subversion";
- userCreationDomain = "192.168.0.0/16";
- };
+ urlPrefix = "";
+ dataDir = "/data/subversion";
+ userCreationDomain = "192.168.0.0/16";
}
];
nixpkgs.config.packageOverrides = overrides;