3
0
Fork 0
forked from mirrors/nixpkgs
Commit graph

1096 commits

Author SHA1 Message Date
Linus Heckemann b499c52de5 stage-1: provide meaningful names to initrd and module tree 2019-04-13 23:22:56 +02:00
Samuel Dionne-Riel ef0ca61215
Merge pull request #58027 from DanielFabian/gfxpayload
grub: Add gfxpayload
2019-04-08 10:06:59 -04:00
Daniel Fabian 84ff0956a8 grub: Add support for gfxpayload in grub. Needed for NVIDIA drivers before KMS, afaik 2019-04-08 11:34:39 +01:00
aszlig dcf40f7c24
Merge pull request #57519 (systemd-confinement)
Currently if you want to properly chroot a systemd service, you could do
it using BindReadOnlyPaths=/nix/store or use a separate derivation which
gathers the runtime closure of the service you want to chroot. The
former is the easier method and there is also a method directly offered
by systemd, called ProtectSystem, which still leaves the whole store
accessible. The latter however is a bit more involved, because you need
to bind-mount each store path of the runtime closure of the service you
want to chroot.

This can be achieved using pkgs.closureInfo and a small derivation that
packs everything into a systemd unit, which later can be added to
systemd.packages.

However, this process is a bit tedious, so the changes here implement
this in a more generic way.

Now if you want to chroot a systemd service, all you need to do is:

  {
    systemd.services.myservice = {
      description = "My Shiny Service";
      wantedBy = [ "multi-user.target" ];

      confinement.enable = true;
      serviceConfig.ExecStart = "${pkgs.myservice}/bin/myservice";
    };
  }

If more than the dependencies for the ExecStart* and ExecStop* (which
btw. also includes script and {pre,post}Start) need to be in the chroot,
it can be specified using the confinement.packages option. By default
(which uses the full-apivfs confinement mode), a user namespace is set
up as well and /proc, /sys and /dev are mounted appropriately.

In addition - and by default - a /bin/sh executable is provided, which
is useful for most programs that use the system() C library call to
execute commands via shell.

Unfortunately, there are a few limitations at the moment. The first
being that DynamicUser doesn't work in conjunction with tmpfs, because
systemd seems to ignore the TemporaryFileSystem option if DynamicUser is
enabled. I started implementing a workaround to do this, but I decided
to not include it as part of this pull request, because it needs a lot
more testing to ensure it's consistent with the behaviour without
DynamicUser.

The second limitation/issue is that RootDirectoryStartOnly doesn't work
right now, because it only affects the RootDirectory option and doesn't
include/exclude the individual bind mounts or the tmpfs.

A quirk we do have right now is that systemd tries to create a /usr
directory within the chroot, which subsequently fails. Fortunately, this
is just an ugly error and not a hard failure.

The changes also come with a changelog entry for NixOS 19.03, which is
why I asked for a vote of the NixOS 19.03 stable maintainers whether to
include it (I admit it's a bit late a few days before official release,
sorry for that):

  @samueldr:

    Via pull request comment[1]:

      +1 for backporting as this only enhances the feature set of nixos,
      and does not (at a glance) change existing behaviours.

    Via IRC:

      new feature: -1, tests +1, we're at zero, self-contained, with no
      global effects without actively using it, +1, I think it's good

  @lheckemann:

    Via pull request comment[2]:

      I'm neutral on backporting. On the one hand, as @samueldr says,
      this doesn't change any existing functionality. On the other hand,
      it's a new feature and we're well past the feature freeze, which
      AFAIU is intended so that new, potentially buggy features aren't
      introduced in the "stabilisation period". It is a cool feature
      though? :)

A few other people on IRC didn't have opposition either against late
inclusion into NixOS 19.03:

  @edolstra:  "I'm not against it"
  @Infinisil: "+1 from me as well"
  @grahamc:   "IMO its up to the RMs"

So that makes +1 from @samueldr, 0 from @lheckemann, 0 from @edolstra
and +1 from @Infinisil (even though he's not a release manager) and no
opposition from anyone, which is the reason why I'm merging this right
now.

I also would like to thank @Infinisil, @edolstra and @danbst for their
reviews.

[1]: https://github.com/NixOS/nixpkgs/pull/57519#issuecomment-477322127
[2]: https://github.com/NixOS/nixpkgs/pull/57519#issuecomment-477548395
2019-03-29 04:37:53 +01:00
Matthew Bauer 73be6fba8b
Merge pull request #54625 from FlorianFranzen/efi32
grub: Support 32bit EFI on 64bit platforms
2019-03-21 11:39:45 -04:00
Florian Franzen e51a840259 grub: Support 32bit EFI on 64bit x86 platforms 2019-03-18 10:38:07 +01:00
aszlig ac64ce9945
nixos: Add 'chroot' options to systemd.services
Currently, if you want to properly chroot a systemd service, you could
do it using BindReadOnlyPaths=/nix/store (which is not what I'd call
"properly", because the whole store is still accessible) or use a
separate derivation that gathers the runtime closure of the service you
want to chroot. The former is the easier method and there is also a
method directly offered by systemd, called ProtectSystem, which still
leaves the whole store accessible. The latter however is a bit more
involved, because you need to bind-mount each store path of the runtime
closure of the service you want to chroot.

This can be achieved using pkgs.closureInfo and a small derivation that
packs everything into a systemd unit, which later can be added to
systemd.packages. That's also what I did several times[1][2] in the
past.

However, this process got a bit tedious, so I decided that it would be
generally useful for NixOS, so this very implementation was born.

Now if you want to chroot a systemd service, all you need to do is:

  {
    systemd.services.yourservice = {
      description = "My Shiny Service";
      wantedBy = [ "multi-user.target" ];

      chroot.enable = true;
      serviceConfig.ExecStart = "${pkgs.myservice}/bin/myservice";
    };
  }

If more than the dependencies for the ExecStart* and ExecStop* (which
btw. also includes "script" and {pre,post}Start) need to be in the
chroot, it can be specified using the chroot.packages option. By
default (which uses the "full-apivfs"[3] confinement mode), a user
namespace is set up as well and /proc, /sys and /dev are mounted
appropriately.

In addition - and by default - a /bin/sh executable is provided as well,
which is useful for most programs that use the system() C library call
to execute commands via shell. The shell providing /bin/sh is dash
instead of the default in NixOS (which is bash), because it's way more
lightweight and after all we're chrooting because we want to lower the
attack surface and it should be only used for "/bin/sh -c something".

Prior to submitting this here, I did a first implementation of this
outside[4] of nixpkgs, which duplicated the "pathSafeName" functionality
from systemd-lib.nix, just because it's only a single line.

However, I decided to just re-use the one from systemd here and
subsequently made it available when importing systemd-lib.nix, so that
the systemd-chroot implementation also benefits from fixes to that
functionality (which is now a proper function).

Unfortunately, we do have a few limitations as well. The first being
that DynamicUser doesn't work in conjunction with tmpfs, because it
already sets up a tmpfs in a different path and simply ignores the one
we define. We could probably solve this by detecting it and try to
bind-mount our paths to that different path whenever DynamicUser is
enabled.

The second limitation/issue is that RootDirectoryStartOnly doesn't work
right now, because it only affects the RootDirectory option and not the
individual bind mounts or our tmpfs. It would be helpful if systemd
would have a way to disable specific bind mounts as well or at least
have some way to ignore failures for the bind mounts/tmpfs setup.

Another quirk we do have right now is that systemd tries to create a
/usr directory within the chroot, which subsequently fails. Fortunately,
this is just an ugly error and not a hard failure.

[1]: https://github.com/headcounter/shabitica/blob/3bb01728a0237ad5e7/default.nix#L43-L62
[2]: https://github.com/aszlig/avonc/blob/dedf29e092481a33dc/nextcloud.nix#L103-L124
[3]: The reason this is called "full-apivfs" instead of just "full" is
     to make room for a *real* "full" confinement mode, which is more
     restrictive even.
[4]: https://github.com/aszlig/avonc/blob/92a20bece4df54625e/systemd-chroot.nix

Signed-off-by: aszlig <aszlig@nix.build>
2019-03-14 19:14:01 +01:00
Silvan Mosberger bcda0e37f6
Merge pull request #56012 from matix2267/logind-lid-switch-external-power
nixos/logind: Add defaultText to config option since it's not static value.
2019-02-22 20:55:46 +01:00
Symphorien Gibol a915b33315 nixos: add preferLocalBuild=true; on derivations for config files 2019-02-22 20:11:27 +01:00
Mateusz Gołębiewski ddcf485386 nixos/logind: Add defaultText to config option since it's not static value. 2019-02-18 20:37:02 +01:00
Mateusz Gołębiewski fb9619ca03 nixos/logind: Add option for HandleLidSwitchExternalPower
The default according to `man logind.conf` is to perform the same action as in
HandleLidSwitch.
2019-02-16 23:56:22 +01:00
Sharif Olorin 3755577ba6 nixos/systemd: update max line length in systemd units
The length check was introduced[0] to match systemd's max line
length. This limit has been increased[1][2] to 1MiB, starting with
systemd v235.

[0] https://github.com/nixos/nixpkgs/issues/3403
[1] e6dde451a5
    (relevant systemd commit)
[2] https://github.com/systemd/systemd/issues/3302
    (more context on systemd change)
2019-02-10 00:39:29 +00:00
Jeff Slight c95407b327 boot/raspberrypi: replace deprecated configuration option 2019-02-08 11:36:09 -08:00
danbst 27982b408e types.optionSet: deprecate and remove last usages 2019-01-31 00:41:10 +02:00
Silvan Mosberger 51d2eed83b
Merge pull request #42838 from teto/kernel_autoconf
[RFC] add ability to merge structured configs
2019-01-28 10:38:00 +01:00
Craig Younkins 6f6287fbf9 nixos/systemd: add StartLimitIntervalSec to unit config 2019-01-28 00:29:43 +00:00
Matthieu Coudron 3bb7b3f02e linux: ability to merge structured configs
This should make the composability of kernel configurations more straigthforward.

- now distinguish freeform options from tristate ones
- will look for a structured config in kernelPatches too
one can now access the structuredConfig from a kernel via linux_test.configfile.structuredConfig
in order to reinject it into another kernel, no need to rewrite the config from scratch

The following merge strategies are used in case of conflict:
-- freeform items must be equal or they conflict (mergeEqualOption)
-- for tristate (y/m/n) entries, I use the mergeAnswer strategy which takes the best available value, "best" being defined by the user (by default "y" > "m" > "n", e.g. if one entry is both marked "y" and "n", "y" wins)
-- if one item is both marked optional/mandatory, mandatory wins (mergeFalseByDefault)
2019-01-28 09:06:33 +09:00
Pierre Bourdon 8769d2d58c
nixos kernel.nix: add an option to customize the kernel RANDSTRUCT seed 2019-01-24 01:42:17 +01:00
Jörg Thalheim a6b97bd1bb
Merge pull request #42183 from kisik21/master
nixos/stage-1, nixos/f2fs: added F2FS resizing
2019-01-17 07:42:32 +00:00
Vladimír Čunát 287144e342
Merge branch 'master' into staging-next 2019-01-10 13:07:21 +01:00
Claudio Bley cb0b629894 nixos/luksroot: Fix typo Verifiying -> Verifying 2019-01-08 15:45:02 -05:00
Jörg Thalheim ba9f589180
Merge pull request #53446 from Mic92/systemd-udev-settle
nixos/systemd-udev-settle: don't restart on upgrades
2019-01-08 13:05:25 +01:00
Matthew Bauer 751c03e8fd
Merge pull request #47665 from erikarvstedt/initrd-improvements
Minor initrd improvements
2019-01-06 21:48:26 -06:00
Jörg Thalheim 0a2c8cc1db
nixos/systemd-udev-settle: don't restart on upgrades
The idea is that we only need this target during boot,
however there is no point on restarting it on every upgrade.

This hopefully fixes #21954
2019-01-05 13:57:29 +01:00
Matthew Bauer 921a47bc92 treewide: remove cross assertions
sd-image-raspberrypi, sd-image-aarch64, and
sd-image-armv7l-multiplatform can all be cross compiled now.
2019-01-02 23:02:50 -06:00
Matthew Bauer 35af6e3605 treewide: use buildPackages for config builders 2019-01-02 23:02:50 -06:00
Matthew Bauer 92840ab944
Merge pull request #51600 from eburimu/fix/cross-extlinux-conf-builder
extlinux-conf: fix cross compilation
2018-12-19 11:01:31 -06:00
volth fed7914539
Merge branch 'staging' into make-perl-pathd 2018-12-18 17:13:27 +00:00
volth bb9557eb7c lib.makePerlPath -> perlPackages.makePerlPath 2018-12-15 03:50:31 +00:00
Benjamin Staffin 1181d6153e
logind: make killUserProcesses an option (#51426)
Right now it's not at all obvious that one can override this option
using `services.logind.extraConfig`; we might as well add an option
for `killUserProcesses` directly so it's clear and documented.
2018-12-11 16:51:16 -05:00
Renaud 53218d4a39
nixos/systemd-nspawn: accept all Exec and Files options
See: https://www.freedesktop.org/software/systemd/man/systemd.nspawn.html
Closes #49712
2018-12-08 14:41:37 +01:00
eburimu f17dd04f12 extlinux-conf: fix cross compilation 2018-12-06 03:42:02 +03:00
Jörg Thalheim 50071c4475
Revert "nixos/luksroot: Check whether the device already exists"
This reverts commit 9cd4ce98bf.

This might be broken for some people: https://github.com/NixOS/nixpkgs/pull/50281#issuecomment-443516289
2018-12-02 17:27:35 +00:00
Janne Heß 9cd4ce98bf nixos/luksroot: Check whether the device already exists
The new reuse behaviour is cool and really useful but it breaks one of
my use cases. When using kexec, I have a script which will unlock the
disks in my initrd. However, do_open_passphrase will fail if the disk is
already unlocked.
2018-12-01 23:42:51 +01:00
Arian van Putten 7ce4cd4470 nixos/nspawn: Fix small typo (#51077)
This has slipped through review in my previous PR it seems
2018-11-26 22:05:13 +01:00
hyperfekt 482228919c nixos/bcachefs: remove superfluous fsck from initrd
bcachefs checks the filesystem at mount time, therefore no separate fsck binary is needed in initrd.
2018-11-03 18:07:32 +01:00
Jörg Thalheim 553e0d81ee
Merge pull request #48771 from arianvp/container-tweaks
nixos/containers: Introduce several tweaks to systemd-nspawn from upstream systemd
2018-10-31 16:08:16 +00:00
Linus Heckemann 817369d4c1 nixos stage-1: fix init existence test
The previous version contained a false positive case, where boot would
continue when the stage 2 init did not exist at all, and a false
negative case, where boot would stop if the stage 2 init was a symlink
which cannot be resolved in the initramfs root.

Fixes #49519.

Thanks @michas2 for finding and reporting the issue!
2018-10-31 15:59:18 +01:00
Will Dietz 2d0ec8b288 stage1 boot: use stdenv.cc.libc
(cherry picked from commit d3ae884c9eeb4a6f66ac4e57764c04db16ea7c71)
2018-10-30 19:47:06 -05:00
Silvan Mosberger 04b4ca37bd
Merge pull request #49360 from tadfisher/logind-suspend-then-hibernate
nixos/systemd: support "suspend-then-hibernate" logind option
2018-10-28 22:18:39 +01:00
Tad Fisher 8520839b6a nixos/systemd: support "suspend-then-hibernate" logind option 2018-10-28 13:41:21 -07:00
aanderse 1381019e49 nixos/rsyslogd & nixos/syslog-ng: fix broken module (#47306)
* journald: forward message to syslog by default if a syslog implementation is installed

* added a test to ensure rsyslog is receiving messages when expected

* added rsyslogd tests to release.nix
2018-10-27 19:01:30 +02:00
Arian van Putten 9f72791516 nixos/containers: Introduce several tweaks to systemd-nspawn from upstream systemd
* Lets container@.service  be activated by machines.target instead of
  multi-user.target

  According to the systemd manpages, all containers that are registered
  by machinectl, should be inside machines.target for easy stopping
  and starting container units altogether

* make sure container@.service and container.slice instances are
  actually located in machine.slice

  https://plus.google.com/112206451048767236518/posts/SYAueyXHeEX
  See original commit: https://github.com/NixOS/systemd/commit/45d383a3b8

* Enable Cgroup delegation for nixos-containers

  Delegate=yes should be set for container scopes where a systemd instance
  inside the container shall manage the hierarchies below its own cgroup
  and have access to all controllers.

  This is equivalent to enabling all accounting options on the systemd
  process inside the system container.  This means that systemd inside
  the container is responsible for managing Cgroup resources for
  unit files that enable accounting options inside.  Without this
  option, units that make use of cgroup features within system
  containers might misbehave

  See original commit: https://github.com/NixOS/systemd/commit/a931ad47a8

  from the manpage:
    Turns on delegation of further resource control partitioning to
    processes of the unit. Units where this is enabled may create and
    manage their own private subhierarchy of control groups below the
    control group of the unit itself. For unprivileged services (i.e.
    those using the User= setting) the unit's control group will be made
    accessible to the relevant user. When enabled the service manager
    will refrain from manipulating control groups or moving processes
    below the unit's control group, so that a clear concept of ownership
    is established: the control group tree above the unit's control
    group (i.e. towards the root control group) is owned and managed by
    the service manager of the host, while the control group tree below
    the unit's control group is owned and managed by the unit itself.
    Takes either a boolean argument or a list of control group
    controller names. If true, delegation is turned on, and all
    supported controllers are enabled for the unit, making them
    available to the unit's processes for management. If false,
    delegation is turned off entirely (and no additional controllers are
    enabled). If set to a list of controllers, delegation is turned on,
    and the specified controllers are enabled for the unit. Note that
    additional controllers than the ones specified might be made
    available as well, depending on configuration of the containing
    slice unit or other units contained in it. Note that assigning the
    empty string will enable delegation, but reset the list of
    controllers, all assignments prior to this will have no effect.
    Defaults to false.

    Note that controller delegation to less privileged code is only safe
    on the unified control group hierarchy. Accordingly, access to the
    specified controllers will not be granted to unprivileged services
    on the legacy hierarchy, even when requested.

    The following controller names may be specified: cpu, cpuacct, io,
    blkio, memory, devices, pids. Not all of these controllers are
    available on all kernels however, and some are specific to the
    unified hierarchy while others are specific to the legacy hierarchy.
    Also note that the kernel might support further controllers, which
    aren't covered here yet as delegation is either not supported at all
    for them or not defined cleanly.
2018-10-22 22:36:08 +02:00
Arian van Putten 3be00fa60c nixos/systemd-nspawn: Remove dependency on bogus "machine.target"
"machine.target" doesn't actually exist, it's misspelled version
of "machines.target".  However, the "systemd-nspawn@.service"
unit already has a default dependency on "machines.target"
2018-10-21 21:51:51 +02:00
Ben Wolsieffer eadb9c822b raspberrypi-bootloader: pass initrd to kernel
NixOS is unable to boot using the RPi bootloader (w/o U-Boot) unless the initrd
is configured.
2018-10-21 17:44:11 +03:00
Ben Wolsieffer e2fbada6f8 raspberrypi-bootloader: uboot: allow specification of target directory 2018-10-21 17:44:11 +03:00
Ben Wolsieffer 1afff7c10b raspberrypi-bootloader: support Raspberry Pi 3 w/o U-Boot and explicitly support
Raspberry Pi Zero
2018-10-21 17:44:11 +03:00
Ben Wolsieffer bcb9e17bba raspberrypi-bootloader: allow specification of target directory 2018-10-21 17:44:11 +03:00
volth b3dff39105
bootStage1: fix cross build (@matthewbauer's solution) 2018-10-12 09:24:00 +00:00
volth 9dd5dc57a7
bootStage1: fix cross build 2018-10-12 00:45:59 +00:00
Ben Wolsieffer 76977590fa nixos: initrd/luks: fix detection of devices by UUID 2018-10-11 16:02:41 -04:00
Ben Wolsieffer 264cb7407c nixos: initrd/luks: make script indentation consistent 2018-10-11 15:53:53 -04:00
Matthew Bauer bd3c840301
Merge pull request #46964 from florianjacob/systemd-assert-value-tostring
nixos/systemd-lib: fix assertValueOneOf
2018-10-05 23:00:41 -05:00
Matthew Bauer 357d32e2b3
Merge pull request #46459 from volth/volth-patch-3
nixos/initrd-network: multiple DHCP fixes
2018-10-05 22:47:45 -05:00
Márton Boros d8a555d819
Fix systemd timer unit documentation
Fixes #36210
2018-10-03 14:39:36 +02:00
Jörg Thalheim b12c759f76
Merge pull request #47563 from jameysharp/unscripted
Replace several activation script snippets with declarative configuration
2018-10-02 19:21:34 +01:00
Erik Arvstedt 215c91d79e nixos/initrd: improve descriptions
The improved lspci command shows all available ethernet controllers and
their kernel modules. Previously, the user had to provide the slot name
of a specific device.
2018-10-02 17:38:06 +02:00
Jamey Sharp bbc0f6f005 nixos/systemd: don't create /var/lib/udev
As far as I can tell, systemd has never used this directory, so I think
this is a holdover from before udev merged into systemd.
2018-09-30 11:05:47 -07:00
Jamey Sharp 10e8650515 nixos/systemd: let journald create /var/log/journal
The default value for journald's Storage option is "auto", which
determines whether to log to /var/log/journal based on whether that
directory already exists. So NixOS has been unconditionally creating
that directory in activation scripts.

However, we can get the same behavior by configuring journald.conf to
set Storage to "persistent" instead. In that case, journald will create
the directory itself if necessary.
2018-09-30 11:04:43 -07:00
Jamey Sharp 8d40083690 nixos/stage-2: create empty machine-id at boot
Previously, the activation script was responsible for ensuring that
/etc/machine-id exists. However, the only time it could not already
exist is during stage-2-init, not while switching configurations,
because one of the first things systemd does when starting up as PID 1
is to create this file. So I've moved the initialization to
stage-2-init.

Furthermore, since systemd will do the equivalent of
systemd-machine-id-setup if /etc/machine-id doesn't have valid contents,
we don't need to do that ourselves.

We _do_, however, want to ensure that the file at least exists, because
systemd also uses the non-existence of this file to guess that this is a
first-boot situation. In that case, systemd tries to create some
symlinks in /etc/systemd/system according to its presets, which it can't
do because we've already populated /etc according to the current NixOS
configuration.

This is not necessary for any other activation script snippets, so it's
okay to do it after stage-2-init runs the activation script. None of
them declare a dependency on the "systemd" snippet. Also, most of them
only create files or directories in ways that obviously don't need the
machine-id set.
2018-09-30 10:45:35 -07:00
Jamey Sharp f449242e83 nixos/systemd: remove activation dependency
As far as I can tell, the systemd snippet hasn't depended on groups
being initialized since 5d02c02a9b in
2015, when a `setfacl` call was removed.
2018-09-29 23:37:38 -07:00
aszlig fd8bca45c9
nixos/kexec: Fix typo in meta.platforms
Evaluation error introduced in 599c4df46a.

There is only a "platformS" attribute in kexectools.meta, so let's use
this and from the code in the kexec module it operates on a list,
matching the corresponding platforms, so this seems to be the attribute
the original author intended.

Tested by building nixos/tests/kexec.nix on x86_64-linux and while it
evaluates now, the test still fails by timing out shortly after the
kexec:

machine: waiting for the VM to finish booting
machine# Cannot find the ESP partition mount point.

This however seems to be an unrelated issue and was also the case before
the commit mentioned above.

Signed-off-by: aszlig <aszlig@nix.build>
Cc: @edolstra, @dezgeg
2018-09-28 17:44:42 +02:00
Tuomas Tynkkynen 599c4df46a nixos/kexec: Replace meta.available checks
This sort of code breaks config.{allowBroken, allowUnsupportedSystem} =
true by making them do unpredictable things.
2018-09-28 15:01:00 +03:00
Jörg Thalheim aa69bb5743 systemd: don't restart user-runtime-dir@ on upgrades
Likewise logind we should not try to restart this service after upgrade,
the user's current session depends on it.
2018-09-28 11:37:20 +01:00
Edward Tjörnhammar 8ab4cbdac3 nixos: initrd/luks: make uuid specified devices discoverable 2018-09-24 16:35:46 +02:00
Florian Jacob 4392ec653c nixos/systemd-lib: fix assertValueOneOf
when value is not a string
2018-09-20 13:40:50 +02:00
volth 16edfb22b8
oops 2018-09-10 02:39:15 +00:00
volth 502b37ae63
nixos/initrd-network: multiple fixes
* acquire DHCP on the interfaces with networking.interface.$name.useDHCP == true or on all interfaces if networking.useDHCP == true (was only only "eth0")
 * respect "mtu" if it was in DHCP answer (it happens in the wild)
 * acquire and set up staticroutes (unlike others clients, udhcpc does not do the query by default); this supersedes https://github.com/NixOS/nixpkgs/pull/41829
2018-09-10 02:10:47 +00:00
Alexander Shpilkin ecf73103ab
nixos/networkd: do not require gateway for routes
A route via a tunnel interface does not require a gateway to be
specified, so do not check for the Gateway= field on routes at all.
2018-09-07 02:23:12 +03:00
Alexander Shpilkin 8fdb6fba30
nixos/networkd: fix handling of RequiredForOnline 2018-09-07 02:01:21 +03:00
Alexander Shpilkin 423e46a24f
nixos/networkd: support MULTICAST flag on links
Support Multicast= option in [Link] section of network units,
introduced in systemd/systemd#9118.
2018-09-07 01:56:46 +03:00
volth a9a8043b9b install-grub.pl: avoid double '/' in menu.lst and grub.conf (#45907)
Although double '/' in paths is not a problem for GRUB supplied with nixpkgs, sometimes NixOS's grub.conf read by external GRUB and there are versions of GRUB which fail
2018-09-02 14:34:55 +02:00
volth 2c072b9ddc stage-1-init.sh: do not check mounted filesystems (#45891)
fsck of a mounted filesystems fails with error code 8 "Operational error" and halts the boot processing
2018-09-01 15:26:16 +02:00
Vladimír Čunát 0473466ba5
Merge #45731: artwork update (replacing old logo) 2018-09-01 10:43:20 +02:00
John Ericson 2c2f1e37d4 reewide: Purge all uses stdenv.system and top-level system
It is deprecated and will be removed after 18.09.
2018-08-30 17:20:32 -04:00
Samuel Dionne-Riel 01259ef98f nixos/grub: Uses the new artwork as the default option.
This also includes a set of defaults *for this option*, where when not
used, other saner defaults are used.
2018-08-29 00:04:58 -04:00
Samuel Dionne-Riel e8406f937e nixos/grub: Adds background color and mode options
The background color option is self-explanatory.

The mode is either `normal` or `stretch`, they are as defined by GRUB,
where normal will put the image in the top-left corner of the menu, and
stretch is the default, where it stretches the image without
consideration for the aspect ratio.

 * https://www.gnu.org/software/grub/manual/grub/grub.html#background_005fimage
2018-08-29 00:04:58 -04:00
Ben Wolsieffer 442681cc2a nixos/networkd: fix range assertions on 32 bit Nix 2018-08-28 19:31:10 -04:00
Matt McHenry 94a906b59a systemd: ensure fsck Requires/After links are created in mount units
systemd-fsck-generator only produces these lines if it can find the
necessary fsck executable in its PATH.

fixes #29139.
2018-08-28 17:12:49 +02:00
Ben Wolsieffer 6897945879 nixos/networkd: replace range with assertRange 2018-08-22 00:11:14 +02:00
John Ericson 7d85ade0cc treewide: Purge stdenv.platform and top-level platform
Progress towards #27069
2018-08-20 15:22:46 -04:00
Vladimír Čunát cbabebcc2e
Merge branch 'master' into staging-next
Hydra: ?compare=1473892
2018-08-17 13:45:21 +02:00
Jörg Thalheim 3d36e7c1fa
Merge pull request #44233 from jfrankenau/networkd-fix-options
nixos/networkd: add missing options
2018-08-16 11:18:18 +02:00
Johannes Frankenau b2f1790070 nixos/networkd: add missing options 2018-08-16 10:27:34 +02:00
Vladimír Čunát 5b0398dc36
Merge branch 'master' into staging-next
Conflicts: gobby and libinfinity - I took the hand-edited versions
instead of those resuting from the mass-replacement.

Hydra: ?compare=1473190
2018-08-13 20:43:59 +02:00
Thibault Polge d470a407eb
nixos/systemd-boot: Add missing newline
This fixes an issue where setting both
`boot.loader.systemd-boot.editor` to `false` and
`boot.loader.systemd-boot.consoleMode` to any value would concatenate
the two configuration lines in the output, resulting in an invalid
`loader.conf`.
2018-08-12 15:12:27 +02:00
Frederik Rietdijk d9fa74ba78 Merge master into staging 2018-08-09 18:28:15 +02:00
Samuel Dionne-Riel 27c6bf0ef3
Merge pull request #29441 from oxij/nixos/luks
nixos: initrd/luks: allow to reuse passphrases, cleanup
2018-08-08 13:16:57 -04:00
Linus Heckemann adba92b5ef systemd: improve unit script drv naming
Also store scripts directly in the nix store rather than having the
superfluous /bin/ tree.
2018-08-08 14:29:41 +02:00
Jan Malakhovski 8c83ba0386 nixos: initrd/luks: disable input echo for the whole stage 2018-08-08 02:47:50 +00:00
Jan Malakhovski c35917e330 nixos: initrd/luks: simplify Yubikey handling code
From reading the source I'm pretty sure it doesn't support multiple Yubikeys, hence
those options are useless.

Also, I'm pretty sure nobody actually uses this feature, because enabling it causes
extra utils' checks to fail (even before applying any patches of this branch).

As I don't have the hardware to test this, I'm too lazy to fix the utils, but
I did test that with extra utils checks commented out and Yubikey
enabled the resulting script still passes the syntax check.
2018-08-08 02:47:49 +00:00
Jan Malakhovski a9d69a74d6 nixos: initrd/luks: change passphrases handling
Also reuse common cryptsetup invocation subexpressions.

- Passphrase reading is done via the shell now, not by cryptsetup.
  This way the same passphrase can be reused between cryptsetup
  invocations, which this module now tries to do by default (can be
  disabled).
- Number of retries is now infinity, it makes no sense to make users
  reboot when they fail to type in their passphrase.
2018-08-08 02:47:47 +00:00
Jan Malakhovski 12e6907f33 nixos: initrd/luks: cleanup and generalize common shell expressions
Also fix Yubikey timeout handling mess.
2018-08-08 02:45:17 +00:00
Jan Malakhovski dc653449c5 nixos: boot/stage-1: check syntax of the generated script 2018-08-08 02:43:17 +00:00
Edmund Wu aea2d822dd luksroot: Add missing quote (#44639) 2018-08-07 23:56:30 +02:00
Janne Heß 690dac11f3 nixos/luksroot: Support keyfile offsets 2018-08-07 17:39:02 +02:00
John Ericson 68d31ddaf5 stage-1: Remove last reference of now-removed stdenv.isCross 2018-08-06 18:07:02 -04:00
Jörg Thalheim 05daf390b3 systemd: 238 -> 239 2018-08-06 11:03:09 +02:00
Silvan Mosberger 31dda068db
Merge pull request #42877 from Infinisil/systemd-boot/consoleMode
nixos/systemd-boot: Add consoleMode option
2018-08-04 23:21:31 +02:00
Jörg Thalheim 81d5e441b2
Merge pull request #44202 from jerith666/journald-rate
journald: set rateLimitInterval and rateLimitBurst to upstream defaults
2018-07-30 13:47:01 +01:00
Matt McHenry a3c1ddda84 journald: set rateLimitInterval and rateLimitBurst to upstream defaults 2018-07-29 12:29:30 -04:00
Matthew Bauer ca0522a842
Merge pull request #41970 from aneeshusa/enable-building-systemd-without-libmicrohttpd
nixos/systemd: Allow building systemd without libmicrohttpd
2018-07-23 11:24:14 -04:00
volth 2e979e8ceb [bot] nixos/*: remove unused arguments in lambdas 2018-07-20 20:56:59 +00:00
volth 87f5930c3f [bot]: remove unreferenced code 2018-07-20 18:48:37 +00:00
Silvan Mosberger 35c069ea02
nixos: systemd.globalEnvironment: fix type
Follow up fix of fb2a8d6669

https://github.com/NixOS/nixpkgs/pull/38356
https://github.com/NixOS/nixpkgs/pull/40416
2018-07-18 22:04:26 +02:00
Matthew Bauer 19fc061a13
Merge pull request #43169 from samueldr/fix/stripDirs
Fixes `stripDirs` use after signature change
2018-07-14 19:07:46 -04:00
Samuel Dionne-Riel 4106de56d0 stage-1: Fixes use of stripDirs. 2018-07-07 22:25:23 -04:00
Silvan Mosberger e08148041f
nixos/systemd-boot: Add consoleMode option 2018-07-02 18:21:51 +02:00
Florian Klink fff5923686 nixos/modules: users.(extraUsers|extraGroup->users|group) 2018-06-30 03:02:58 +02:00
Benjamin Staffin dca7e24a11
networkmanager: Expand dns description, integrate with other services (#41898)
Rather than special-casing the dns options in networkmanager.nix, use
the module system to let unbound and systemd-resolved contribute to
the newtorkmanager config.
2018-06-29 13:41:46 -04:00
Tuomas Tynkkynen f9218b1346 nixos/stage-1: Make find-libs not choke on dynamic linker being in DT_NEEDED
find-libs is currently choking when it finds the dynamic linker
as a DT_NEEDED dependency (from glibc) and bails out like this
(as glibc doesn't have a RPATH):

Couldn't satisfy dependency ld-linux-x86-64.so.2

Actually the caller of find-libs ignores the exit status, so the issue
almost always goes unnoticed and happens to work by chance. But
additionally what happens is that indirect .so dependencies are
left out from the dependency closure calculation, which breaks
latest cryptsetup as libssl.so isn't found anymore.
2018-06-20 17:58:02 +03:00
Victor Shlein 4fa88fcecb nixos/stage-1, nixos/f2fs: moved f2fs resizing tools include in f2fs module 2018-06-19 14:27:36 +03:00
Victor Shlein 34234dcb51 nixos/stage-1: new separate conditionals for ext4 and f2fs resizing tools 2018-06-19 14:23:39 +03:00
Victor Shlein 577483738c nixos/stage-1: implemented separate check for f2fs filesystems in need of resizing 2018-06-19 13:53:34 +03:00
Jörg Thalheim 81eaa7ab1b
Merge pull request #42211 from dje4321/dje4321
Grub: default is signed int. Fixes #42152
2018-06-19 10:55:13 +01:00
Emily Ann Ediger ac0136509c added suggestion to support both str and int 2018-06-19 04:05:50 -05:00
Emily Ann Ediger ae04fb01f8 set default to type.str 2018-06-19 01:59:21 -05:00
Emily Ann Ediger 08691d0515 Grub: default is signed int. Fixes #42152 2018-06-18 23:54:45 -05:00
kisik21 0b9b7be5bf
nixos/stage-1: fixed if-else block 2018-06-19 01:59:08 +03:00
Victor Shlein b44d304542 nixos/stage-1: added f2fs-tools' tools for resizing 2018-06-19 01:36:12 +03:00
Victor Shlein c24e917325 nixos/stage-1: added F2FS resizing
F2FS is used on Raspberry Pi-like devices to enhance SD card performance. Allowing F2FS resizing would help in automatic deploying of SD card images without a Linux box to resize the file system offline.
2018-06-19 01:25:00 +03:00
xeji bb8b1df729
Merge pull request #41511 from vicgc/nilfs2-root-fix
Fixed nilfs2 fsck error at boot because its not needed by the nilfs2 filesystem
2018-06-17 21:52:55 +02:00
Aneesh Agrawal 76c4c7b9de nixos/systemd: Allow building systemd without libmicrohttpd 2018-06-13 22:55:06 -07:00
volth 4c3352896e
nixos/initrd-network: support hetzner 2018-06-11 10:35:02 +00:00
Joachim Fasting 2be28b1df5
Revert "Merge pull request #38263 from lopsided98/grub-initrd-secrets"
This reverts commit c06d7950f1, reversing
changes made to 4c25fbe338.

See https://github.com/NixOS/nixpkgs/issues/41608
2018-06-07 14:24:59 +02:00
Joachim F c06d7950f1
Merge pull request #38263 from lopsided98/grub-initrd-secrets
grub: support initrd secrets
2018-06-06 19:05:54 +00:00
vicgc ee4bb9454e Fixed nilfs2 fsck error at boot because its not needed bu the nilfs2 filesystem 2018-06-06 00:24:04 +02:00
Graham Christensen 5467f0ed7a
Merge pull request #41486 from grahamc/support-null-font
grub: Support when boot.loader.grub.font is null
2018-06-05 13:29:28 -04:00
Graham Christensen ab889c14b5
install-grub: only try to loadfont if font is not null 2018-06-05 13:11:33 -04:00
Graham Christensen 52de38f5f4
grub-config.xml: handle a null font 2018-06-05 13:11:26 -04:00
aszlig 0e7c945e15
nixos/systemd: Allow to override serviceConfig
This has been reported by @qknight in his Stack Overflow question:

https://stackoverflow.com/q/50678639

The correct way to override a single value would be to use something
like this:

systemd.services.nagios.serviceConfig.Restart = lib.mkForce "no";

However, this doesn't work because the check is applied for the attrsOf
type and thus the attribute values might still contain the attribute set
created by mkOverride.

The unitOption type however did already account for this, but at this
stage it's already too late.

So now the actual value is unpacked while checking the values of the
attribute set, which should allow us to override values in
serviceConfig.

Signed-off-by: aszlig <aszlig@nix.build>
Cc: @edolstra, @qknight
2018-06-04 15:34:21 +02:00
Daniel Frank c42cb40291 nixos/systemd-timesyncd: use the correct server list (#40919) 2018-05-24 22:44:04 +00:00
Graham Christensen 290505bf1b
Merge pull request #40462 from samueldr/fix/grub-background
Fixes grub splashImage documentation + implementation
2018-05-23 21:36:06 -04:00
Matthew Justin Bauer 2a3399b3c8
Merge pull request #39978 from hedning/plymouth-quit-wait
Make plymouth work with gdm wayland
2018-05-15 14:28:47 -05:00
Jan Tojnar d5060ac3a7
Merge pull request #33371 from jtojnar/flatpak
Flatpak
2018-05-15 14:19:33 +02:00
Jan Tojnar 17dd7bcd89
nixos/systemd-lib: fix conflict with dbus.service.d directory
When a package contains a directory in one of the systemd directories
(like flatpak does), it is symlinked into the *-units derivation.
Then later, the derivation will try to create the directory, which
will fail:

mkdir: cannot create directory '/nix/store/…-user-units/dbus.service.d': File exists
builder for '/nix/store/…-user-units.drv' failed with exit code 1

Closes: #33233
2018-05-15 13:28:30 +02:00
Samuel Dionne-Riel 0ccfe14e25 nixos/grub: Implements use of file format for splashImage.
GRUB 2.0 supports png, jpeg and tga. This will use the image's suffix to
load the right module.

As jpeg module is named jpeg, jpg is renamed jpeg.

If the user uses wrong image suffix for an image, it wouldn't work anyway.

This will leave up to two additional left-over files in /boot/ if user switches
through all the supported file formats. The module already left the png
image if the user disabled the splash image.
2018-05-13 19:51:50 -04:00
Samuel Dionne-Riel 8f3a541a3d nixos/grub: Updates splashImage description to match reality.
Fixes #4911
2018-05-13 19:48:00 -04:00
xeji 8c78d3a527
Merge pull request #40416 from oxij/os/fix-some-types
nixos: fix some types
2018-05-13 18:15:55 +02:00
Yegor Timoshenko a298167152 stage-1: remove tuxonice handling 2018-05-13 06:28:37 +03:00
Jan Malakhovski fb2a8d6669 nixos: systemd.services.*.environment: fix type 2018-05-13 01:15:37 +00:00
Niklas Hambüchen 7f79a4fe11 manual: Clarify that limits.conf doesn't apply to systemd services. (#40267)
Say how systemd services can be set instead.

Sources:

* https://bugzilla.redhat.com/show_bug.cgi?id=754285
* https://ro-che.info/articles/2017-03-26-increase-open-files-limit

Signed-off-by: Niklas Hambüchen <mail@nh2.me>
2018-05-12 17:44:57 +02:00
Ihor Antonov 08ebd830a5 Fix kernel crash caused by absent root device 2018-05-12 02:55:33 +03:00
Ben Wolsieffer a75aee3923 nixos/grub: support initrd secrets 2018-05-07 10:35:56 -04:00
Florian Klink 5855459f49 modules/system/boot/luksroot: remove comment about input_leds for caps lock
Since f2a9f9aeab, we already load
"input_leds", so this comment isn't useful anymore.
2018-05-07 01:42:37 +02:00
Tor Hedin Brønner 5777272bd2 nixos/plymouth: multi-user.target wants plymouth-quit-wait.service
This is apparent from the service file directory in plymouth:
├── multi-user.target.wants
│   ├── plymouth-quit.service -> ../plymouth-quit.service
│   └── plymouth-quit-wait.service -> ../plymouth-quit-wait.service

Leaving it unspecified caused gdm-wayland to crash on boot, see #39615.

The change made other display managers not quit plymouth properly however. By
removing "multi-user.target" from `plymouth-quit.after` this is resolved.
2018-05-04 16:06:57 +02:00
xeji 1937b810b6
Merge pull request #39340 from xeji/interim-fix-39069
nixos/networkd: wait for udev to settle before starting networkd
2018-04-29 20:45:09 +02:00
Ben Gamari 65c1cfce3f nixos/networkd: Allow RequiredForOnline field in [Link] section
This was previously missing.
2018-04-27 16:41:16 +00:00
xeji 236703f9f3 nixos/systemd-networkd: wait for udev to settle
... to avoid race condition between udevd renaming and
networkd configuring interfaces (39069)
2018-04-22 21:02:57 +02:00
Bastian Köcher 6ed495cf13 raspberrypi-bootloader: Adds firmwareConfig config option
The `firmwareConfig` option will be appended to `/boot/config.txt`.
2018-04-22 18:27:17 +03:00
Bastian Köcher 8bc970bbc7 raspberrypi-bootloader: Adds support for using uboot
Uboot is copied into `/boot` in the installation process.
The boot entries are created by calling the `generic-extlinux-compatible` builder.
2018-04-22 18:27:17 +03:00
Jörg Thalheim fecda3498b
Merge pull request #27117 from cjxgm/fix-nspawn-missing-suffix
systemd.nspawn: fix missing suffix
2018-04-22 15:21:07 +01:00
Daiderd Jordan 58fd592019
Merge pull request #38356 from Infinisil/fix/environment
nixos/systemd: Fix environment type -> allows overriding
2018-04-20 22:22:05 +02:00
Ihor Antonov 3a47c7e8f6 growPartition: fix volume resizing on EC2 NVME instances
The previous code for this accidentally picked up a "p" when computing the partition number.
This logic should be more robust
2018-04-19 13:36:03 -04:00
Graham Christensen f4ff297cd5
Merge pull request #39031 from teto/loglevel
kernel: fix boot.consoleLogLevel description
2018-04-17 08:51:14 -04:00
Matthieu Coudron 9f7eabcc21 kernel: fix boot.consoleLogLevel description
The current description describes the opposite influence of the setting
https://www.kernel.org/doc/Documentation/admin-guide/kernel-parameters.txt
2018-04-17 10:45:30 +09:00
Frederik Rietdijk 23741692fa Merge master into staging 2018-04-04 19:36:39 +02:00
Eelco Dolstra 0236a947d0
mkdir -> install -d
Fixes #38421.
2018-04-04 13:04:35 +02:00
Silvan Mosberger e9fc2558f9
nixos/systemd: Fix environment type -> allows overriding 2018-04-03 00:36:52 +02:00
Shea Levy 05e375d710
Merge remote-tracking branch 'origin/master' into staging 2018-03-28 09:36:47 -04:00
Shea Levy cdf9a78a3e
kexectools: Disable only on RISC-V if Linux.
The isKexecable flag treated Linux without kexec as just a normal
variant, when it really should be treated as a special case incurring
complexity debt to support.
2018-03-27 08:15:07 -04:00
davidak 41676002b2 nixos/systemd: add option for cgroup accounting 2018-03-27 09:15:22 +02:00
Nikolay Amiantov 0ccab4946d systemd: 237 -> 238 2018-03-22 22:37:26 +03:00
Tuomas Tynkkynen ef64208eba Merge commit '3ab2949' from staging into master
Conflicts:
	pkgs/development/compilers/llvm/6/llvm.nix
	pkgs/servers/home-assistant/component-packages.nix
2018-03-15 22:30:56 +02:00
Jan Malakhovski 8bbd48e40f nixos: fix install-grub.pl dependencies
fallback from updates to perl
2018-03-15 04:51:12 +00:00
Tuomas Tynkkynen 2fec9c6e29 Merge remote-tracking branch 'upstream/master' into staging
Conflicts:
	pkgs/development/tools/build-managers/conan/default.nix
2018-03-13 23:04:18 +02:00
Michael Raskin bfbc4951a6
Merge pull request #36850 from teto/virtualisation
Virtualisation
2018-03-13 13:40:33 +00:00
Matthieu Coudron c476d2f592 grub-install.pl: more details on blkid failure 2018-03-12 17:32:59 +09:00
Jan Malakhovski 7079e744d4 Merge branch 'master' into staging
Resolved the following conflicts (by carefully applying patches from the both
branches since the fork point):

   pkgs/development/libraries/epoxy/default.nix
   pkgs/development/libraries/gtk+/3.x.nix
   pkgs/development/python-modules/asgiref/default.nix
   pkgs/development/python-modules/daphne/default.nix
   pkgs/os-specific/linux/systemd/default.nix
2018-03-10 20:38:13 +00:00
Dino Dai Zovi ddf13e6646 nixos/initrd-network: add udhcpc.extraArgs option (#36305)
This can be used to fix issues where udhcpc times out before
acquiring a lease. For example of these issues, see:

https://bugs.alpinelinux.org/issues/3105#note-8

Signed-off-by: Dino A. Dai Zovi <ddz@theta44.org>
2018-03-05 15:53:59 +00:00
Franz Pletz 17ba8bb3e0
Merge pull request #30416 from symphorien/luksnokey
nixos/luksroot.nix: fallback to interactive password entry when no keyfile found
2018-03-05 10:02:39 +00:00
Jörg Thalheim a5dcde1a6f Revert "networkd: also load builtin modules"
This reverts commit d514dc220e.

breaks unpredicable network interfaces: https://github.com/NixOS/nixpkgs/pull/29768#issuecomment-370172863
2018-03-04 06:29:08 +00:00
Tuomas Tynkkynen 1e107443ad Merge commit '618ac29687a650d854c8bea7efd4490387589ce2' into staging 2018-03-03 22:40:32 +02:00
Vladimír Čunát b70c93f211
Merge branch 'master' into nix-2.0 2018-03-03 18:02:35 +01:00
Shea Levy 2802101e9f
Merge branch 'dropbear-2018-76-fix' 2018-03-01 21:35:06 -05:00
Shea Levy f2937b7485
initrd-ssh: Fix for new dropbear version.
For some reason 2018.76 dropped the -m flag.
2018-03-01 21:21:27 -05:00
Shea Levy 95579af5ec
Merge remote-tracking branch 'origin/staging' into cross-nixos 2018-03-01 14:56:58 -05:00
Shea Levy fec543436d
nixos: Move uses of stdenv.shell to runtimeShell. 2018-03-01 14:38:53 -05:00
Shea Levy 948e290895
stage-2-init: Use the host bash as SHELL 2018-03-01 14:03:41 -05:00
Shea Levy 897b7c7e9b
nixos: Fix initrd dependency detection when cross-compiling. 2018-03-01 13:31:36 -05:00
Jörg Thalheim 12422149a7
Merge pull request #29768 from Mic92/networkd
networkd: also load builtin modules
2018-03-01 09:16:18 +00:00
Shea Levy cc81202293
nixos: initrd-kmod-blacklist-ubuntu: Fix cross-compilation. 2018-02-28 15:01:32 -05:00
Shea Levy b28cb72908
nixos: stage-1: Don't try to test binaries when cross-compiling. 2018-02-28 15:01:32 -05:00
Shea Levy a929301281
nixos: kexec: Disable on non-keexecable systems. 2018-02-28 15:01:31 -05:00
Aristid Breitkreuz b8f4df9d9e attempt to fix #30940 more robustly 2018-02-26 22:19:12 +01:00
Linus Heckemann fd77a08b34 grub module: suggest by-id paths for devices
Since they are more stable, their use should be encouraged over that of
potentially volatile identifiers like /dev/[sh]da.
2018-02-24 10:50:23 +00:00
Eelco Dolstra d12c9911df
Merge remote-tracking branch 'origin/master' into nix-2.0 2018-02-22 17:28:51 +01:00
Tim Steinbach 0500cf79af
plymouth: Fix reference to NixOS version 2018-02-19 11:05:32 -05:00
Shea Levy c64639b54c
nixos/binfmt: Initial binfmt_msc support. 2018-02-18 12:42:17 -05:00
Joachim F 7bf049a54c
Merge pull request #34492 from rnhmjoj/privacy
nixos/networking-interfaces: add preferTempAddress option
2018-02-17 08:41:23 +00:00
Matthieu Coudron 1912870a6e nixos/boot: allow kernel.printk override (#34958)
At one point in my configuration I had:
boot.kernel.sysctl = {
      # https://unix.stackexchange.com/questions/13019/description-of-kernel-printk-values
      "kernel.printk" = "4	4	1	7";
};
which triggered:

error: The unique option `boot.kernel.sysctl.kernel.printk' is defined multiple times, in `/home/teto/dotfiles/nixpkgs/mptcp-unstable.nix' and `/home/teto/nixpkgs/nixos/modules/system/boot/kernel.nix'.
(use ‘--show-trace’ to show detailed location information)
Traceback (most recent call last):
  File "/home/teto/nixops/scripts/nixops", line 984, in <module>
    args.op()
  File "/home/teto/nixops/scripts/nixops", line 406, in op_deploy
    max_concurrent_activate=args.max_concurrent_activate)
  File "/home/teto/nixops/nixops/deployment.py", line 1045, in deploy
    self.run_with_notify('deploy', lambda: self._deploy(**kwargs))
  File "/home/teto/nixops/nixops/deployment.py", line 1034, in run_with_notify
    f()
  File "/home/teto/nixops/nixops/deployment.py", line 1045, in <lambda>
    self.run_with_notify('deploy', lambda: self._deploy(**kwargs))
  File "/home/teto/nixops/nixops/deployment.py", line 985, in _deploy
    self.configs_path = self.build_configs(dry_run=dry_run, repair=repair, include=include, exclude=exclude)
  File "/home/teto/nixops/nixops/deployment.py", line 653, in build_configs
    raise Exception("unable to build all machine configurations")
Exception: unable to build all machine configurations

This simple addition allows to override it.
2018-02-17 06:47:33 +00:00
Vladimír Čunát b5aaaf87a7
Merge staging and PR #35021
It's the last staging commit (mostly) built on Hydra,
and a minimal fix for Darwin regression in pysqlite.
2018-02-16 09:13:12 +01:00
Nikolay Amiantov 56e0943b08 makeModulesClosure: support firmware
Link it in stage 1.
2018-02-16 00:11:07 +02:00
Herwig Hochleitner 23b5421c46 nixos: make boot.kernel.features internal
This isn't useful as public API. It should be used by options to
activate kernel features for use with specific programs.
2018-02-15 09:10:32 +01:00
Herwig Hochleitner 0b621321cd boot.kernel.features: add nixos option for setting kernel features
this allows setting the features attribute for
pkgs/os-specific/linux/kernel/common-config.nix
2018-02-15 09:10:32 +01:00
Franz Pletz eb862c48dd
systemd: 234 -> 237
Co-Authored-By: Florian Klink <flokli@flokli.de>
Co-Authored-By: Andreas Rammhold <andreas@rammhold.de>
2018-02-13 01:24:24 +01:00
Eelco Dolstra cc0caac098
Move creation of /root to the activation script
...so it appears in a new installation before rebooting the system.
2018-02-05 22:12:18 +01:00
Eelco Dolstra 1346923ffa
modprobe activation: Order after specialfs
It requires the existence of /proc.
2018-02-05 21:04:40 +01:00
Vladimír Čunát 84fb5c6a0d
nixos/availableKernelModules: add a keyboard module
Non-working keyboards during boot are quite a problem; see:
https://github.com/NixOS/nixpkgs/pull/33529#issuecomment-361164997
2018-02-03 10:46:53 +01:00
rnhmjoj 1fec496f38
nixos/networking-interfaces: add preferTempAddress option 2018-02-01 13:14:09 +01:00
Tuomas Tynkkynen 95880aaf06 nixos/initrd: Don't include some x86-specific modules unconditionally 2018-01-22 12:53:33 +02:00
Jörg Thalheim a1e2f2a339 nixos/initrd-network: fix docbook syntax 2018-01-22 00:01:49 +00:00
Svein Ove Aas 5c5259d68d initrd-network: Document the need for modules 2018-01-21 17:43:41 +00:00
Jaakko Luttinen eeaa82bde1 nixos/availableKernelModules: add logitech hid
This adds support for Logitech (wireless) USB keyboards at boot
2018-01-06 17:11:30 +00:00
zimbatm eddf30cc93
nixos: introduce boot.growPartition (#33521)
Move it from being a profile
2018-01-06 13:52:51 +00:00
Evgeny Egorochkin ab623d8467 luksRoot: add the missing ECB dependency to fix XTS support, resolves #30940 2017-12-22 07:50:09 +02:00
Jörg Thalheim ba007d32c9
Merge pull request #32829 from flokli/input_leds
boot.initrd.luks: add input_leds module
2017-12-19 21:36:51 +00:00
Florian Klink f2a9f9aeab boot.initrd.luks: add input_leds module
To get working caps lock lights already at stage 1, the input_leds
module needs to be loaded.

Closes #12456.
2017-12-19 01:07:37 +01:00
Jörg Thalheim 4844fbc267
Merge pull request #32268 from volth/patch-74
nixos/initrd-ssh: generate hostkeys if absent
2017-12-17 00:00:04 -08:00
Symphorien Gibol b8a85fccd9 luksroot.nix: rename fallback to fallbackToPassword 2017-12-14 13:43:14 +01:00
Michael Peyton Jones 638d24950d plymouth: add breeze-plymouth as default theme 2017-12-11 20:42:00 +00:00
volth af6fc78f5d
initrd-ssh: generate hostkeys if absent 2017-12-03 02:27:29 +00:00
Orivej Desh 4435bb8ba8
Merge pull request #30665 from michaelpj/imp/plymouth-themes
plymouth: fix breeze-plymouth (and other themes)
2017-11-06 06:18:38 +00:00
Erlend Pedersen 3f013b806b plymouth service: fix symlink to defaults
Symlink for plymouthd.defaults was pointing to nonexisting target
because of a spelling error.
2017-10-24 20:10:13 +02:00
Symphorien Gibol 601fc20248 nixos/luksroot.nix: add option boot.initrd.luks.devices.<name?>.fallback
This option, if set to true, enables fallbacking to an interactive
passphrase prompt when the specified keyFile is not found.

The default is false, which is compatible with previous behavior and
doesn't prevent unattended boot.
2017-10-23 22:22:26 +02:00
Michael Peyton Jones 18d286b6c9 plymouth: try to remove more references in themes 2017-10-21 22:29:45 +01:00
Robert Helgesson c4088dd0af
nixos/resolved: clean up option descriptions
Also change LLMNR RFC to the correct id 4795.
2017-10-17 10:11:19 +02:00
Symphorien Gibol 8158cd6d5e nixos/luksroot.nix: fallback to interactive password entry when no keyfile found 2017-10-14 18:36:03 +02:00
Peter Hoeg 0f486c46b2 Revert "networkd: only wait for network to be online if configured to do so"
This reverts commit 8f21e089a8.
2017-10-14 14:42:49 +08:00
Peter Hoeg 8f21e089a8 networkd: only wait for network to be online if configured to do so 2017-10-14 14:38:04 +08:00
Franz Pletz e13d0c3435 Merge pull request #30172 from mayflower/cleanup/firmware-modules
nixos: clean up wifi firmware & default kernel modules
2017-10-12 16:32:01 +02:00
aszlig f4e742594d
nixos: Fix detection of btrfs root volume
Regression introduced by 801c920e95.

Since then, the btrfsSimple subtest of the installer VM test fails with:

Btrfs did not return a path for the subvolume at /

The reason for this is that the output for "btrfs subvol show" has
changed between version 4.8.2 and 4.13.1.

For example the output of "btrfs subvol show /" in version 4.8.2 was:

/ is toplevel subvolume

In version 4.13.1, the output now is the following and thus the regular
expressions used in nixos-generate-config.pl and install-grub.pl now
match (which results in the error mentioned above):

/
        Name:                   <FS_TREE>
        UUID:                   -
        Parent UUID:            -
        Received UUID:          -
        Creation time:          -
        Subvolume ID:           5
        Generation:             287270
        Gen at creation:        0
        Parent ID:              0
        Top level ID:           0
        Flags:                  -
        Snapshot(s):

In order to fix this I've changed nixos-generate-config.pl and
install-grub.pl, because both use "btrfs subvol show" in a similar vein,
so the regex for parsing the output now doesn't match anymore whenever
the volume path is "/", which should result in the same behaviour as we
had with btrfs-progs version 4.8.2.

Tested against the btrfsSimple, btrfsSubvols and btrfsSubvolDefault
subtests of the installer VM test and they all succeed now.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2017-10-11 04:30:52 +02:00
Franz Pletz 3855b7977c
nixos: clean up kernel modules
* the keyboard modules in all-hardware.nix are already defaults of
   boot.initrd.availableKernelModules
 * ide modules, hid_lenovo_tpkbd and scsi_wait_scan have been removed
   because they're not available anymore
 * i8042 was a duplicate (see few lines abowe)
2017-10-07 01:48:03 +02:00
Joerg Thalheim 23f398012b nixos: skip restarting systemd-logind to not break x11 2017-09-27 22:28:27 +01:00
Joerg Thalheim d514dc220e networkd: also load builtin modules 2017-09-25 11:27:57 +01:00
Robin Gloster 43404d9acf
systemd-tmpfiles: fix docs
We have been doing this since 4e4161c212
2017-09-24 13:17:46 +02:00
Jörg Thalheim 42be8dbe15 Merge pull request #29344 from Moredread/fix/fileystem-encrypted-keyfile-missing-initrd-support
nixos/fileystems: Fix boot fails with encrypted fs
2017-09-22 12:46:17 +01:00
Matt McHenry cfbac1beb4 systemd: better document enabled, wantedBy, and requiredBy (#29453)
the systemd.unit(5) discussion of wantedBy and requiredBy is in the
[Install] section, and thus focused on stateful 'systemctl enable'.
so, clarify that in NixOS, wantedBy & requiredBy are still what most
users want, and not to be confused with enabled.
2017-09-16 12:48:16 +02:00
André-Patrick Bubel 2000fba561
nixos/fileystems: Fix boot fails with encrypted fs
Boot fails when a keyfile is configured for all encrypted filesystems
and no other luks devices are configured. This is because luks support is only
enabled in the initrd, when boot.initrd.luks.devices has entries. When a
fileystem has a keyfile configured though, it is setup by a custom
command, not by boot.initrd.luks.

This commit adds an internal config flag to enable luks support in the
initrd file, even if there are no luks devices configured.
2017-09-14 05:27:41 +02:00
Graham Christensen 62652be111
Include date and NixOS version in systemd-boot entries
Grub configs include the NixOS version and date they were built, now
systemd can have fun too:

    version Generation 99 NixOS 17.03.1700.51a83266d1, Linux Kernel 4.9.43, Built on 2017-08-30
    version Generation 100 NixOS 17.03.1700.51a83266d1, Linux Kernel 4.9.43, Built on 2017-08-30
    version Generation 101 NixOS 17.03.1700.51a83266d1, Linux Kernel 4.9.43, Built on 2017-08-31
    version Generation 102 NixOS 17.03.1700.51a83266d1, Linux Kernel 4.9.43, Built on 2017-09-01
    version Generation 103 NixOS 17.03.1700.51a83266d1, Linux Kernel 4.9.43, Built on 2017-09-02
    version Generation 104 NixOS 17.09beta41.1b8c7786ee, Linux Kernel 4.9.46, Built on 2017-09-02
    version Generation 105 NixOS 17.09.git.1b8c778, Linux Kernel 4.9.46, Built on 2017-09-02
2017-09-02 14:28:34 -04:00
davidak 8f389f3316 nixos/bcachefs: init module 2017-08-31 05:39:31 -05:00
Symphorien Gibol 90ef2183f7 grub module: assume /nix/store is a bind mount even if it is not read only
Fixes #14999
2017-08-31 10:56:34 +02:00
Jörg Thalheim 2d43c1fa9f Revert "boot.kernelParams: dedup and sort"
This reverts commit 9e00c643d8.

reason: https://github.com/NixOS/nixpkgs/pull/28392#issuecomment-325130848
2017-08-26 15:45:24 +01:00
volth 9e00c643d8 boot.kernelParams: dedup and sort
dedup and sort boot.kernelParams  to avoid restarting services on eval order change
Fixes https://github.com/NixOS/nixpkgs/issues/28277
2017-08-19 06:21:13 +00:00
Profpatsch 5d62d8775c modules/systemd: improve logind.extraConfig example
Since we have a .handleLidSwitch option now, give an other example.
2017-08-03 03:07:05 +02:00
Florian Jacob 3e69c650ab nixos/systemd-networkd: allow [Link] section in .network files 2017-07-29 21:25:21 +02:00
Martin Wohlert c3d5cfdc3c swap: extend randomEncryption to plainOpen and ability to select cipher 2017-07-26 20:57:10 +03:00
Graham Christensen 8df6d351c4 Merge pull request #26912 from knedlsepp/fix-autoResize
nixos: Force check the filesystem before resizing
2017-07-16 16:54:54 -04:00
Jörg Thalheim b14bcd873a Merge pull request #27142 from florianjacob/resolved-multicastdns-support
networkd: Allow new MulticastDNS setting
2017-07-13 14:35:23 +01:00
Peter Hoeg 5cb11abc9e systemd: paths and slices are supported for user units too 2017-07-13 11:55:48 +08:00
Florian Jacob cd8a1a7ceb networkd: Allow new MulticastDNS setting
which gained an implementation in systemd v233
2017-07-05 13:48:18 +02:00
Giumo X. Clanjor (哆啦比猫/兰威举) 87cbb86214 systemd.nspawn: fix missing suffix
Fix files placed in `/etc/systemd/nspawn/` missing `.nspawn` suffix
2017-07-04 21:12:47 +08:00
Vladimír Čunát d1a89ae9d7
Merge branch 'master' into staging 2017-07-03 09:48:58 +02:00
Silvan Mosberger cf07fc6b16 luksroot: fix typo 2017-07-02 04:37:51 +02:00
Josef Kemetmueller 899e2b5748 Force check the filesystem before resizing
The message buffer of the kernel lists
> Please run 'e2fsck -f /dev/disk/by-label/nixos' first.
as the output of the command `resize2fs "$device"`.
This fixes NixOS/nixpkgs#26910.
2017-06-27 22:13:51 +02:00
Christian Albrecht 3584707638
nixos/boot/stage-1: fix failing nixos-rebuild switch because of blkid output
old version of blkid used to output version information including libblkid version
when invoked with --help parameter

new version does not output libblkid version when invoked with --help parameter

fix is to invoke blkid with -V parameter to output version including libblkid in both cases
2017-06-26 09:15:44 +02:00
Kai 9929e83607 systemd-boot-builder.py: add support for profiles (#26318)
* systemd-boot-builder.py: add support for profiles

This will also list the generations of other profiles than `system` in
the boot menu. See the documentation of the `--profile-name` option of
nixos-rebuild for more information on profiles.

* Fix errors introduced by previous commit
2017-06-24 20:33:34 +01:00
Joachim F 631ec734eb Merge pull request #26460 from romildo/fix.nixos-artwork
nixos-artwork: add more wallpapers
2017-06-13 23:20:52 +01:00
Bjørn Forsman 581226cfb4 nixos/bcache: /bin/sh -> ${bash}/bin/sh
Or else `services.udev.packages = [ bcache-tools ]` cannot be used.

To not break bcache in the initrd I'm modifying this in stage-1.nix:

  -  --replace /bin/sh ${extraUtils}/bin/sh
  +  --replace ${bash}/bin/sh ${extraUtils}/bin/sh

Reasoning behind that change:

* If not modifying the /bin/sh pattern in any way, it will also match
  ${bash}/bin/sh, creating a broken path like
  /nix/store/HASH-bash/nix/store/HASH-bash/bin/sh in the udev rule file.

* The addition of /bin/sh was done in 775f381a9e
  ("stage-1: add bcache support"). It seems somewhat plausible that
  no new users have appeared since then and we can take this opportunity
  to back out of this change without much fear of regressions.

  If there _are_ regressions, they should be in the form of build time
  errors, not runtime (boot), due to how the udev rule output is checked
  for invalid path references. So low risk, IMHO.

* An alternative approach could be to copy the /bin/sh substitute rule
  over to the non-initrd udev rules implementation in NixOS, but I think
  this way is better:
  - The rules file comes with a working path out of the box.
  - We can use more precise pattern matching when modifying the udev
    rules for the initrd.
2017-06-10 17:10:49 +02:00
Benjamin Staffin 700e22f7bf nixos: Add support for scalable fonts in Grub menus (#26227)
The default font is unreadably small on some hidpi displays. This
makes it possible to specify a TrueType or OpenType font at any point
size, and it will automatically be converted to the format the Grub
uses.
2017-06-10 09:53:24 -04:00