Commit Graph

39068 Commits

Author SHA1 Message Date
Rickard Nilsson
eb2f44c18c Generate /etc/passwd and /etc/group at build time
This is a rather large commit that switches user/group creation from using
useradd/groupadd on activation to just generating the contents of /etc/passwd
and /etc/group, and then on activation merging the generated files with the
files that exist in the system. This makes the user activation process much
cleaner, in my opinion.

The users.extraUsers.<user>.uid and users.extraGroups.<group>.gid must all be
properly defined (if <user>.createUser is true, which it is by default). My
pull request adds a lot of uids/gids to config.ids to solve this problem for
existing nixos services, but there might be configurations that break because
this change. However, this will be discovered during the build.

Option changes introduced by this commit:

* Remove the options <user>.isSystemUser and <user>.isAlias since
they don't make sense when generating /etc/passwd statically.

* Add <group>.members as a complement to <user>.extraGroups.

* Add <user>.passwordFile for setting a user's password from an encrypted
(shadow-style) file.

* Add users.mutableUsers which is true by default. This means you can keep
managing your users as previously, by using useradd/groupadd manually. This is
accomplished by merging the generated passwd/group file with the existing files
in /etc on system activation. The merging of the files is simplistic. It just
looks at the user/group names. If a user/group exists both on the system and
in the generated files, the system entry will be kept un-changed and the
generated entries will be ignored. The merging itself is performed with the
help of vipw/vigr to properly lock the account files during edit.
If mutableUsers is set to false, the generated passwd and group files will not
be merged with the system files on activation. Instead they will simply replace
the system files, and overwrite any changes done on the running system. The
same logic holds for user password, if the <user>.password or
<user>.passwordFile options are used. If mutableUsers is false, password will
simply be replaced on activation. If true, the initial user passwords will be
set according to the configuration, but existing passwords will not be touched.

I have tested this on a couple of different systems and it seems to work fine
so far. If you think this is a good idea, please test it. This way of adding
local users has been discussed in issue #103 (and this commit solves that
issue).
2014-02-05 15:56:51 +01:00
Shea Levy
b8e06f3110 Revive old haskell-tls packages
tls-1.2 broke source-compatability

Signed-off-by: Shea Levy <shea@shealevy.com>
2014-02-05 09:56:24 -05:00
Shea Levy
da16a4b631 Add string-conversions haskell package
Signed-off-by: Shea Levy <shea@shealevy.com>
2014-02-05 09:56:24 -05:00
Rob Vermaas
6fe07cb304 Fix IDEA, previously it could not find the jdk. 2014-02-05 15:49:45 +01:00
Domen Kožar
d1d3e841b6 spring 95.0 -> 96.0 2014-02-05 15:36:24 +01:00
Shea Levy
bfc682ea37 Mount a ramfs on /run/keys for safe key storage for nixops
Signed-off-by: Shea Levy <shea@shealevy.com>
2014-02-05 08:00:19 -05:00
Shea Levy
1e0352f801 Fix gummiboot builder
Signed-off-by: Shea Levy <shea@shealevy.com>
2014-02-05 07:54:11 -05:00
Georges Dubus
b9fe0b8fb1 bazaar: updated to 2.6.0 and fixed ssl bug
Fixes #1216
2014-02-05 11:36:48 +01:00
Sander van der Burg
9eaf987e62 nodejs: update packages 2014-02-05 10:19:28 +01:00
Domen Kožar
57d63c0f3e Merge pull request #1679 from thoughtpolice/pysphere
Add pythonPackages.pysphere 0.1.8
2014-02-04 23:29:17 -08:00
Austin Seipp
1920d6854a Add pythonPackages.pysphere 0.1.8
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-02-04 22:13:59 -06:00
Vladimír Čunát
ec985c8ffa fontconfig: stop using xml:space; vital for nixos+2.11
Since fontconfig-2.11 the xml:space attribute makes it reject
/etc/fonts/fonts.conf, so it renders garbage and eats lots of CPU.

To use anything linked to fontconfig-2.11 you need to have this patch
applied to your running NixOS. That's why I'm pushing it to master
before the fontconfig update (as soon as I found and tested the fix).
2014-02-04 21:58:19 +01:00
Evgeny Egorochkin
a598b62474 KDE-4.11: update to 4.11.5 2014-02-04 21:58:25 +02:00
Evgeny Egorochkin
ab9dcd9ad0 gphoto2: update from 2.5.2 to 2.5.3 2014-02-04 21:58:25 +02:00
Evgeny Egorochkin
832324d5eb lm_sensors: update from 3.3.4 to 3.3.5 2014-02-04 21:58:25 +02:00
Evgeny Egorochkin
60f9005fa7 exiv2: update from 0.23 to 0.24 2014-02-04 21:58:25 +02:00
Evgeny Egorochkin
b98014f7e5 openldap: update from 2.4.35 to 2.4.38 2014-02-04 21:58:25 +02:00
Evgeny Egorochkin
4ca25047d6 libassuan: update from 2.0.3 to 2.1.1 2014-02-04 21:58:25 +02:00
Sander van der Burg
ab60acc1aa nodejs: update packages 2014-02-04 19:04:59 +01:00
Pascal Wittmann
e8b0001268 idris-mode: fixed link to homepage (merge #1671) 2014-02-04 18:56:24 +01:00
Sander van der Burg
81408168f2 nodejs: fix the patch to make it build on darwin 2014-02-04 18:03:21 +01:00
Vladimír Čunát
cbba3f90da re-merge #1618: use ubuntu module blacklists by default
I'm sorry, previously I merged an outdated reference,
so only the old version of the PR got into master up to now.
2014-02-04 18:02:19 +01:00
Domen Kožar
e1b206b4a9 clarify rename error messages 2014-02-04 16:33:01 +01:00
Sander van der Burg
77451661d4 Updated node packages 2014-02-04 16:21:22 +01:00
Shea Levy
741cc62f75 Force a rebuild.
Sigh.

Signed-off-by: Shea Levy <shea@shealevy.com>
2014-02-04 08:43:45 -05:00
Shea Levy
5da2c77fbd telepathy-farstream: Bump.
Hopefully fixes the tested job

Signed-off-by: Shea Levy <shea@shealevy.com>
2014-02-04 07:05:21 -05:00
Nixpkgs Monitor
d2451cbce6 mercurialFull: update from 2.8.2 to 2.9 2014-02-04 10:35:20 +01:00
Lluís Batlle i Rossell
627c82b991 gcc 4.8: no need for the arm eabi patch. 2014-02-04 10:18:27 +01:00
Lluís Batlle i Rossell
2ef5b4ec7c Updating tox/toxic 2014-02-04 10:12:28 +01:00
Lluís Batlle i Rossell
5d8ca218df upx: updating to 3.91. 2014-02-04 10:12:28 +01:00
Shea Levy
bd996abc9c Haskell packages don't mix default.nix and <version>.nix in the same directory
Signed-off-by: Shea Levy <shea@shealevy.com>
2014-02-03 18:56:27 -05:00
Shea Levy
5ac4f3dcf6 llvm: Attempt to fix build on darwin
Signed-off-by: Shea Levy <shea@shealevy.com>
2014-02-03 18:54:25 -05:00
Shea Levy
a2b9ed2eae gummiboot: bump
Signed-off-by: Shea Levy <shea@shealevy.com>
2014-02-03 18:48:05 -05:00
Shea Levy
608cee44cc kmod: bump
Signed-off-by: Shea Levy <shea@shealevy.com>
2014-02-03 18:42:04 -05:00
Shea Levy
bc6aa21b05 nodejs: Bump
Signed-off-by: Shea Levy <shea@shealevy.com>
2014-02-03 18:40:04 -05:00
Shea Levy
41bbe377d3 libspotify: unmaintain
Signed-off-by: Shea Levy <shea@shealevy.com>
2014-02-03 18:38:01 -05:00
Shea Levy
3c9ed5b51a http-parser: Bump
Signed-off-by: Shea Levy <shea@shealevy.com>
2014-02-03 18:37:20 -05:00
Shea Levy
72b5403ee8 edk2/OVMF: Update
Signed-off-by: Shea Levy <shea@shealevy.com>
2014-02-03 18:32:21 -05:00
Shea Levy
dc4c049f3c Remove refind
We never used it in NixOS

Signed-off-by: Shea Levy <shea@shealevy.com>
2014-02-03 18:16:10 -05:00
Shea Levy
eb4e04c24f gcc-4.6: unmaintain
Signed-off-by: Shea Levy <shea@shealevy.com>
2014-02-03 18:14:52 -05:00
Shea Levy
b47609410b ats: unmaintain
Signed-off-by: Shea Levy <shea@shealevy.com>
2014-02-03 18:14:27 -05:00
Shea Levy
9cf29b7039 llvm: Propagate ncurses and zlib
Really shouldn't be needed with shared libs, should patch llvm-config

Fixes #1601

Signed-off-by: Shea Levy <shea@shealevy.com>
2014-02-03 18:11:00 -05:00
Eelco Dolstra
34638ebc1e cleanSource: Support Mercurial 2014-02-03 23:44:11 +01:00
Eelco Dolstra
9e7fe29e41 ntpd: Don't answer status queries
Workaround for CVE-2013-5211:

http://support.ntp.org/bin/view/Main/SecurityNotice#DRDoS_Amplification_Attack_using
2014-02-03 23:44:11 +01:00
Eelco Dolstra
d451d12128 ntp: Update to 4.2.6p5 2014-02-03 23:44:11 +01:00
Shea Levy
5e72e36f95 gummiboot-builder.py: Remove old entries before adding new ones
Fixes #1483

Signed-off-by: Shea Levy <shea@shealevy.com>
2014-02-03 17:41:31 -05:00
Karn Kallio
e1b422d348 Update perl CPAN GraphViz package to work with latest graphviz. 2014-02-03 23:30:18 +01:00
Karn Kallio
1739fcf612 pure: The pure interpreter does not now build with llvm 3.4 on linux. 2014-02-03 23:30:18 +01:00
Karn Kallio
b572051882 mlton: fix build with latest version. 2014-02-03 23:30:18 +01:00
Shea Levy
f2210651eb Revert "Hide nodePackages from nix-env"
Now node packages that aren't just programs have a node- prefix in their
names.

This reverts commit 2f11bc495b50c36c1984f334df6867c1b9200a91.

Signed-off-by: Shea Levy <shea@shealevy.com>
2014-02-03 17:28:38 -05:00