nixpkgs/etc/default.nix

# produce a script to generate /etc
{config, pkgs, ...}:

###### interface
let
  inherit (pkgs.lib) mkOption;

  option = {
    environment = {
      etc = mkOption {
        default = [];
        example = [
          { source = "/nix/store/.../etc/dir/file.conf.example";
            target = "dir/file.conf";
            mode = "0440";
          }
        ];
        description = "
          List of files that have to be linked in /etc.
        ";
      };

      # !!! This should be moved outside of /etc/default.nix.
      shellInit = mkOption {
        default = "";
        example = ''export PATH=/godi/bin/:$PATH'';
        description = "
          Script used to initialized user shell environments.
        ";
        merge = pkgs.lib.mergeStringOption;
      };
    };
  };
in

###### implementation
let
  optional = pkgs.lib.optional;


  # !!! ugh, these files shouldn't be created here.
  pamConsoleHandlers = pkgs.writeText "console.handlers" ''
    console consoledevs /dev/tty[0-9][0-9]* :[0-9]\.[0-9] :[0-9]
    ${pkgs.pam_console}/sbin/pam_console_apply lock logfail wait -t tty -s -c ${pamConsolePerms}
    ${pkgs.pam_console}/sbin/pam_console_apply unlock logfail wait -r -t tty -s -c ${pamConsolePerms}
  '';

  pamConsolePerms = ./security/console.perms;

  configFiles = 

  # A bunch of PAM configuration files for various programs.
  (map
    (program:
      let isLDAPEnabled = config.users.ldap.enable; in
      { source = pkgs.substituteAll {
          src = ./pam.d + ("/" + program);
          inherit (pkgs) pam_unix2 pam_console;
          pam_ldap =
            if isLDAPEnabled
            then pkgs.pam_ldap
            else "/no-such-path";
          inherit (pkgs.xorg) xauth;
          inherit pamConsoleHandlers;
          isLDAPEnabled = if isLDAPEnabled then "" else "#";
          syncSambaPasswords = if config.services.samba.syncPasswordsByPam
            then "password   optional     ${pkgs.samba}/lib/security/pam_smbpass.so nullok use_authtok try_first_pass"
            else "# change samba configuration options to make passwd sync the samba auth database as well here..";
        };
        target = "pam.d/" + program;
      }
    )
    [
      "login"
      "su"
      "other"
      "passwd"
      "shadow"
      "sshd"
      "lshd"
      "useradd"
      "chsh"
      "xlock"
      "samba"
      "cups"
      "ftp"
      "ejabberd"
      "common"
      "common-console" # shared stuff for interactive local sessions
    ]
  );

in

let
  inherit (pkgs.stringsWithDeps) noDepEntry fullDepEntry packEntry;

  copyScript = {source, target, mode ? "644", own ? "root.root"}:
    assert target != "nixos";
    ''
      source="${source}"
      target="/etc/${target}"
      mkdir -p $(dirname "$target")
      test -e "$target" && rm -f "$target"
      cp "$source" "$target"
      chown ${own} "$target"
      chmod ${mode} "$target"
    '';

  makeEtc = import ../helpers/make-etc.nix {
    inherit (pkgs) stdenv;
    configFiles = configFiles ++ config.environment.etc;
  };
in

{
  require = [
    option

    # config.system.build
    # ../system/system-options.nix

    # config.system.activationScripts
    # ../system/activate-configuration.nix
  ];

  system = {
    build = {
      etc = makeEtc;
    };

    activationScripts = {
      etc = fullDepEntry ''
        # Set up the statically computed bits of /etc.
        staticEtc=/etc/static
        rm -f $staticEtc
        ln -s ${makeEtc}/etc $staticEtc
        for i in $(cd $staticEtc && find * -type l); do
            mkdir -p /etc/$(dirname $i)
            rm -f /etc/$i
            if test -e "$staticEtc/$i.mode"; then
                # Create a regular file in /etc.
                cp $staticEtc/$i /etc/$i
                chown 0.0 /etc/$i
                chmod "$(cat "$staticEtc/$i.mode")" /etc/$i
            else
                # Create a symlink in /etc.
                ln -s $staticEtc/$i /etc/$i
            fi
        done

        # Remove dangling symlinks that point to /etc/static.  These are
        # configuration files that existed in a previous configuration but not
        # in the current one.  For efficiency, don't look under /etc/nixos
        # (where all the NixOS sources live).
        for i in $(find /etc/ \( -path /etc/nixos -prune \) -o -type l); do
            target=$(readlink "$i")
            if test "''${target:0:''${#staticEtc}}" = "$staticEtc" -a ! -e "$i"; then
                rm -f "$i"
            fi
        done
      '' [
        "systemConfig"
        "defaultPath" # path to cp, chmod, chown
        "stdio"
      ];
    };
  };
}
* etc/default.nix is now a configuration file. * the script used to build the etc directory in stored in config.system.build.etc. * The activation script is defined inside etc/Default.nix instead of system/activate-configuration.sh svn path=/nixos/branches/fix-style/; revision=13676 2009-01-02 16:06:52 +00:00			`# produce a script to generate /etc`
			`{config, pkgs, ...}:`
* Move some stuff out of boot-environment.nix. svn path=/nixos/trunk/; revision=7313 2006-12-11 15:32:10 +00:00
* etc/default.nix is now a configuration file. * the script used to build the etc directory in stored in config.system.build.etc. * The activation script is defined inside etc/Default.nix instead of system/activate-configuration.sh svn path=/nixos/branches/fix-style/; revision=13676 2009-01-02 16:06:52 +00:00			`###### interface`
			`let`
			`inherit (pkgs.lib) mkOption;`

			`option = {`
			`environment = {`
			`etc = mkOption {`
			`default = [];`
			`example = [`
			`{ source = "/nix/store/.../etc/dir/file.conf.example";`
			`target = "dir/file.conf";`
			`mode = "0440";`
			`}`
			`];`
			`description = "`
			`List of files that have to be linked in /etc.`
			`";`
			`};`
* Synced with trunk @ 14905 svn path=/nixos/branches/modular-nixos/; revision=14986 2009-04-11 22:12:02 +00:00
			`# !!! This should be moved outside of /etc/default.nix.`
			`shellInit = mkOption {`
			`default = "";`
			`example = ''export PATH=/godi/bin/:$PATH'';`
			`description = "`
			`Script used to initialized user shell environments.`
			`";`
			`merge = pkgs.lib.mergeStringOption;`
			`};`
* etc/default.nix is now a configuration file. * the script used to build the etc directory in stored in config.system.build.etc. * The activation script is defined inside etc/Default.nix instead of system/activate-configuration.sh svn path=/nixos/branches/fix-style/; revision=13676 2009-01-02 16:06:52 +00:00			`};`
			`};`
			`in`

			`###### implementation`
			`let`
* Eliminate all calls to config.get. svn path=/nixos/trunk/; revision=9619 2007-11-09 18:49:45 +00:00			`optional = pkgs.lib.optional;`
* Generate the LDAP configuration automatically. svn path=/nixos/trunk/; revision=7698 2007-01-16 16:09:43 +00:00
* Use pam_console to change the ownership of various devices (sound, CD-ROM drive, etc.) to the logged in user. Woohoo! Finally, no more chown /dev/snd/. Get rid of spurious error messages about pam_ldap when we're not using LDAP. svn path=/nixos/trunk/; revision=8861 2007-06-10 20:02:07 +00:00
			`# !!! ugh, these files shouldn't be created here.`
* Put some help text in /etc/issue on the CD. svn path=/nixos/trunk/; revision=10076 2008-01-04 17:05:48 +00:00			`pamConsoleHandlers = pkgs.writeText "console.handlers" ''`
			`console consoledevs /dev/tty[0-9][0-9]* :[0-9]\.[0-9] :[0-9]`
			`${pkgs.pam_console}/sbin/pam_console_apply lock logfail wait -t tty -s -c ${pamConsolePerms}`
			`${pkgs.pam_console}/sbin/pam_console_apply unlock logfail wait -r -t tty -s -c ${pamConsolePerms}`
			`'';`
* Use pam_console to change the ownership of various devices (sound, CD-ROM drive, etc.) to the logged in user. Woohoo! Finally, no more chown /dev/snd/. Get rid of spurious error messages about pam_ldap when we're not using LDAP. svn path=/nixos/trunk/; revision=8861 2007-06-10 20:02:07 +00:00
			`pamConsolePerms = ./security/console.perms;`

* Move global networking data (/etc/services, /etc/protocols, /etc/rpc, /etc/hosts) to modules/config/networking.nix. svn path=/nixos/branches/modular-nixos/; revision=15764 2009-05-28 12:43:54 +00:00			`configFiles =`
* Move some stuff out of boot-environment.nix. svn path=/nixos/trunk/; revision=7313 2006-12-11 15:32:10 +00:00
			`# A bunch of PAM configuration files for various programs.`
* Move global networking data (/etc/services, /etc/protocols, /etc/rpc, /etc/hosts) to modules/config/networking.nix. svn path=/nixos/branches/modular-nixos/; revision=15764 2009-05-28 12:43:54 +00:00			`(map`
* Move some stuff out of boot-environment.nix. svn path=/nixos/trunk/; revision=7313 2006-12-11 15:32:10 +00:00			`(program:`
* Eliminate all calls to config.get. svn path=/nixos/trunk/; revision=9619 2007-11-09 18:49:45 +00:00			`let isLDAPEnabled = config.users.ldap.enable; in`
* Move some stuff out of boot-environment.nix. svn path=/nixos/trunk/; revision=7313 2006-12-11 15:32:10 +00:00			`{ source = pkgs.substituteAll {`
* Refactoring: move stuff around. svn path=/nixos/trunk/; revision=8506 2007-03-30 12:59:43 +00:00			`src = ./pam.d + ("/" + program);`
* Use pam_console to change the ownership of various devices (sound, CD-ROM drive, etc.) to the logged in user. Woohoo! Finally, no more chown /dev/snd/. Get rid of spurious error messages about pam_ldap when we're not using LDAP. svn path=/nixos/trunk/; revision=8861 2007-06-10 20:02:07 +00:00			`inherit (pkgs) pam_unix2 pam_console;`
* Generate the LDAP configuration automatically. svn path=/nixos/trunk/; revision=7698 2007-01-16 16:09:43 +00:00			`pam_ldap =`
* Use pam_console to change the ownership of various devices (sound, CD-ROM drive, etc.) to the logged in user. Woohoo! Finally, no more chown /dev/snd/. Get rid of spurious error messages about pam_ldap when we're not using LDAP. svn path=/nixos/trunk/; revision=8861 2007-06-10 20:02:07 +00:00			`if isLDAPEnabled`
* Generate the LDAP configuration automatically. svn path=/nixos/trunk/; revision=7698 2007-01-16 16:09:43 +00:00			`then pkgs.pam_ldap`
			`else "/no-such-path";`
* Use pam_xauth in su to pass the X cookies. svn path=/nixos/trunk/; revision=7702 2007-01-16 22:25:28 +00:00			`inherit (pkgs.xorg) xauth;`
* Move most bash initialisation to /etc/bashrc. Now finally ssh commands like "ssh -t host command" initialise the environment properly. svn path=/nixos/trunk/; revision=12366 2008-07-16 16:01:09 +00:00			`inherit pamConsoleHandlers;`
* Use pam_console to change the ownership of various devices (sound, CD-ROM drive, etc.) to the logged in user. Woohoo! Finally, no more chown /dev/snd/. Get rid of spurious error messages about pam_ldap when we're not using LDAP. svn path=/nixos/trunk/; revision=8861 2007-06-10 20:02:07 +00:00			`isLDAPEnabled = if isLDAPEnabled then "" else "#";`
samba job: put each daemon into its own job file use start/stop samba-control to start/stop them all You can enable syncing samba passwords when using passwd as well now. However you still have to add a user to the samba user database once using smbpasswd -a username. svn path=/nixos/branches/modular-nixos/; revision=15218 2009-04-21 16:30:32 +00:00			`syncSambaPasswords = if config.services.samba.syncPasswordsByPam`
			`then "password optional ${pkgs.samba}/lib/security/pam_smbpass.so nullok use_authtok try_first_pass"`
			`else "# change samba configuration options to make passwd sync the samba auth database as well here..";`
* Move some stuff out of boot-environment.nix. svn path=/nixos/trunk/; revision=7313 2006-12-11 15:32:10 +00:00			`};`
			`target = "pam.d/" + program;`
			`}`
			`)`
			`[`
			`"login"`
* Enable setuid su. svn path=/nixos/trunk/; revision=7634 2007-01-11 15:32:48 +00:00			`"su"`
* activate-configuration.sh: make sure that we're running on a NixOS installation to prevent horrible accidents. * Add the kernel parameters to isolinux.cfg. * Use useradd/groupadd to create users/groups; use Glibc's getent to check for existence. * Create the root account properly. svn path=/nixos/trunk/; revision=7357 2006-12-16 21:48:12 +00:00			`"other"`
* Move some stuff out of boot-environment.nix. svn path=/nixos/trunk/; revision=7313 2006-12-11 15:32:10 +00:00			`"passwd"`
* activate-configuration.sh: make sure that we're running on a NixOS installation to prevent horrible accidents. * Add the kernel parameters to isolinux.cfg. * Use useradd/groupadd to create users/groups; use Glibc's getent to check for existence. * Create the root account properly. svn path=/nixos/trunk/; revision=7357 2006-12-16 21:48:12 +00:00			`"shadow"`
			`"sshd"`
Add a PAM config file for lshd (doesn't seem to work, though). svn path=/nixos/trunk/; revision=10988 2008-03-06 14:38:17 +00:00			`"lshd"`
* Move some stuff out of boot-environment.nix. svn path=/nixos/trunk/; revision=7313 2006-12-11 15:32:10 +00:00			`"useradd"`
* PAM file for chsh. svn path=/nixos/trunk/; revision=8057 2007-02-26 21:18:13 +00:00			`"chsh"`
* PAM config for xlock. svn path=/nixos/trunk/; revision=10987 2008-03-06 13:52:10 +00:00			`"xlock"`
Allow samba to use PAM (needs cleartext passwords for now) svn path=/nixos/trunk/; revision=14768 2009-03-29 21:43:40 +00:00			`"samba"`
* CUPS needs a PAM configuration file to allow users to authenticate via the web interface (e.g. when adding printers). svn path=/nixos/trunk/; revision=13214 2008-11-07 11:51:17 +00:00			`"cups"`
Adding the ftp pam service, for vsftpd. svn path=/nixos/trunk/; revision=14287 2009-02-28 20:01:56 +00:00			`"ftp"`
As we do not really generate ejabbred.cfg, allow at least overwriting it manually svn path=/nixos/trunk/; revision=15006 2009-04-13 09:35:03 +00:00			`"ejabberd"`
* Merge the common-* files. svn path=/nixos/trunk/; revision=7818 2007-01-30 15:03:43 +00:00			`"common"`
* Use pam_console to change the ownership of various devices (sound, CD-ROM drive, etc.) to the logged in user. Woohoo! Finally, no more chown /dev/snd/. Get rid of spurious error messages about pam_ldap when we're not using LDAP. svn path=/nixos/trunk/; revision=8861 2007-06-10 20:02:07 +00:00			`"common-console" # shared stuff for interactive local sessions`
* Move some stuff out of boot-environment.nix. svn path=/nixos/trunk/; revision=7313 2006-12-11 15:32:10 +00:00			`]`
* Move the generation of /etc/nix.machines to the nix-daemon module. svn path=/nixos/branches/modular-nixos/; revision=15765 2009-05-28 12:56:56 +00:00			`);`
* Allow Upstart jobs to declare additional /etc files. svn path=/nixos/trunk/; revision=8505 2007-03-30 12:55:09 +00:00
* etc/default.nix is now a configuration file. * the script used to build the etc directory in stored in config.system.build.etc. * The activation script is defined inside etc/Default.nix instead of system/activate-configuration.sh svn path=/nixos/branches/fix-style/; revision=13676 2009-01-02 16:06:52 +00:00			`in`

			`let`
Synced with trunk @ 15661 svn path=/nixos/branches/modular-nixos/; revision=15667 2009-05-19 23:51:13 +00:00			`inherit (pkgs.stringsWithDeps) noDepEntry fullDepEntry packEntry;`
* etc/default.nix is now a configuration file. * the script used to build the etc directory in stored in config.system.build.etc. * The activation script is defined inside etc/Default.nix instead of system/activate-configuration.sh svn path=/nixos/branches/fix-style/; revision=13676 2009-01-02 16:06:52 +00:00
			`copyScript = {source, target, mode ? "644", own ? "root.root"}:`
* Moved the Bash configuration to modules/programs/bash. svn path=/nixos/branches/modular-nixos/; revision=15759 2009-05-28 12:06:54 +00:00			`assert target != "nixos";`
			`''`
			`source="${source}"`
			`target="/etc/${target}"`
			`mkdir -p $(dirname "$target")`
			`test -e "$target" && rm -f "$target"`
			`cp "$source" "$target"`
			`chown ${own} "$target"`
			`chmod ${mode} "$target"`
			`'';`
* etc/default.nix is now a configuration file. * the script used to build the etc directory in stored in config.system.build.etc. * The activation script is defined inside etc/Default.nix instead of system/activate-configuration.sh svn path=/nixos/branches/fix-style/; revision=13676 2009-01-02 16:06:52 +00:00
			`makeEtc = import ../helpers/make-etc.nix {`
			`inherit (pkgs) stdenv;`
			`configFiles = configFiles ++ config.environment.etc;`
			`};`
			`in`
added support for unixODBC in configuration.nix writing /etc/odbcinst.ini svn path=/nixos/trunk/; revision=12045 2008-06-11 23:06:53 +00:00
* etc/default.nix is now a configuration file. * the script used to build the etc directory in stored in config.system.build.etc. * The activation script is defined inside etc/Default.nix instead of system/activate-configuration.sh svn path=/nixos/branches/fix-style/; revision=13676 2009-01-02 16:06:52 +00:00			`{`
			`require = [`
			`option`

			`# config.system.build`
* More moving. svn path=/nixos/branches/modular-nixos/; revision=15725 2009-05-25 14:19:33 +00:00			`# ../system/system-options.nix`
* etc/default.nix is now a configuration file. * the script used to build the etc directory in stored in config.system.build.etc. * The activation script is defined inside etc/Default.nix instead of system/activate-configuration.sh svn path=/nixos/branches/fix-style/; revision=13676 2009-01-02 16:06:52 +00:00
			`# config.system.activationScripts`
* More moving. svn path=/nixos/branches/modular-nixos/; revision=15725 2009-05-25 14:19:33 +00:00			`# ../system/activate-configuration.nix`
* etc/default.nix is now a configuration file. * the script used to build the etc directory in stored in config.system.build.etc. * The activation script is defined inside etc/Default.nix instead of system/activate-configuration.sh svn path=/nixos/branches/fix-style/; revision=13676 2009-01-02 16:06:52 +00:00			`];`

			`system = {`
			`build = {`
			`etc = makeEtc;`
			`};`

			`activationScripts = {`
Synced with trunk @ 15661 svn path=/nixos/branches/modular-nixos/; revision=15667 2009-05-19 23:51:13 +00:00			`etc = fullDepEntry ''`
* etc/default.nix is now a configuration file. * the script used to build the etc directory in stored in config.system.build.etc. * The activation script is defined inside etc/Default.nix instead of system/activate-configuration.sh svn path=/nixos/branches/fix-style/; revision=13676 2009-01-02 16:06:52 +00:00			`# Set up the statically computed bits of /etc.`
			`staticEtc=/etc/static`
			`rm -f $staticEtc`
			`ln -s ${makeEtc}/etc $staticEtc`
			`for i in $(cd $staticEtc && find * -type l); do`
			`mkdir -p /etc/$(dirname $i)`
			`rm -f /etc/$i`
			`if test -e "$staticEtc/$i.mode"; then`
			`# Create a regular file in /etc.`
			`cp $staticEtc/$i /etc/$i`
			`chown 0.0 /etc/$i`
			`chmod "$(cat "$staticEtc/$i.mode")" /etc/$i`
			`else`
			`# Create a symlink in /etc.`
			`ln -s $staticEtc/$i /etc/$i`
			`fi`
			`done`

			`# Remove dangling symlinks that point to /etc/static. These are`
			`# configuration files that existed in a previous configuration but not`
			`# in the current one. For efficiency, don't look under /etc/nixos`
			`# (where all the NixOS sources live).`
			`for i in $(find /etc/ \( -path /etc/nixos -prune \) -o -type l); do`
			`target=$(readlink "$i")`
			`if test "''${target:0:''${#staticEtc}}" = "$staticEtc" -a ! -e "$i"; then`
			`rm -f "$i"`
			`fi`
			`done`
			`'' [`
adoptadopt modular-nixos to stringsWithDeps changes in nixpkgs. You can boot again. Also simplified some small code pieces svn path=/nixos/branches/modular-nixos/; revision=15668 2009-05-20 01:35:46 +00:00			`"systemConfig"`
			`"defaultPath" # path to cp, chmod, chown`
			`"stdio"`
* etc/default.nix is now a configuration file. * the script used to build the etc directory in stored in config.system.build.etc. * The activation script is defined inside etc/Default.nix instead of system/activate-configuration.sh svn path=/nixos/branches/fix-style/; revision=13676 2009-01-02 16:06:52 +00:00			`];`
			`};`
			`};`
* PAM file for chsh. svn path=/nixos/trunk/; revision=8057 2007-02-26 21:18:13 +00:00			`}`