diff options
| author | obadz <obadz-git@obadz.com> | 2016-08-22 01:15:13 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2016-08-22 01:15:13 +0100 |
| commit | 3d16af70bf894ce15ec9bdcad3c9ac736dc43630 (patch) | |
| tree | 75f612c7c1128c02334769e63a1e631225531f9a /nixos/modules/system/boot/stage-1.nix | |
| parent | 5120af001f2bb163b58c41c84b11a0c136a207fe (diff) | |
| download | nixlib-3d16af70bf894ce15ec9bdcad3c9ac736dc43630.tar nixlib-3d16af70bf894ce15ec9bdcad3c9ac736dc43630.tar.gz nixlib-3d16af70bf894ce15ec9bdcad3c9ac736dc43630.tar.bz2 nixlib-3d16af70bf894ce15ec9bdcad3c9ac736dc43630.tar.lz nixlib-3d16af70bf894ce15ec9bdcad3c9ac736dc43630.tar.xz nixlib-3d16af70bf894ce15ec9bdcad3c9ac736dc43630.tar.zst nixlib-3d16af70bf894ce15ec9bdcad3c9ac736dc43630.zip | |
nixos/stage-1: add mechanism which lustrates all impurities from / (#17784)
lustrate /ˈlʌstreɪt/ verb.
purify by expiatory sacrifice, ceremonial washing, or some other
ritual action.
- sudo touch /etc/NIXOS_LUSTRATE
⇒ on next reboot, during stage 1, everything but /nix and /boot
is moved to /old-root
- echo "etc/passwd" | sudo tee -a /etc/NIXOS_LUSTRATE
⇒ on next reboot, during stage 1, everything but /nix and /boot
is moved to /old-root; except /etc/passwd is copied back.
Useful for installing NixOS in place on another distro. For instance:
$ nix-env -iE '_: with import <nixpkgs/nixos> { configuration = {}; }; with config.system.build; [ nixos-generate-config manual.manpages ]'
$ sudo mkdir /etc/nixos
$ sudo `which nixos-generate-config`
… edit the configuration files in /etc/nixos using man configuration.nix
if needed
maybe add: users.extraUsers.root.initialHashedPassword = "" ?
… Build the entire NixOS system and link it to the system profile:
$ nix-env -p /nix/var/nix/profiles/system -f '<nixpkgs/nixos>' -A system --set
… If you were using a single user install:
$ sudo chown -R 0.0 /nix
… NixOS is about to take over
$ sudo touch /etc/NIXOS
$ sudo touch /etc/NIXOS_LUSTRATE
… Let's keep the configuration files we just created
$ echo etc/nixos | sudo tee -a /etc/NIXOS_LUSTRATE
$ sudo mv -v /boot /boot.bak &&
sudo /nix/var/nix/profiles/system/bin/switch-to-configuration boot
$ sudo reboot
… NixOS boots, Stage 1 moves all the old distro stuff in /old-root.Diffstat (limited to 'nixos/modules/system/boot/stage-1.nix')
| -rw-r--r-- | nixos/modules/system/boot/stage-1.nix | 13 |
1 files changed, 10 insertions, 3 deletions
diff --git a/nixos/modules/system/boot/stage-1.nix b/nixos/modules/system/boot/stage-1.nix index baeba1d6b31d..9be7ad4ae077 100644 --- a/nixos/modules/system/boot/stage-1.nix +++ b/nixos/modules/system/boot/stage-1.nix @@ -131,9 +131,16 @@ let # The initrd only has to mount / or any FS marked as necessary for # booting (such as the FS containing /nix/store, or an FS needed for # mounting /, like / on a loopback). - fileSystems = filter - (fs: fs.neededForBoot || elem fs.mountPoint [ "/" "/nix" "/nix/store" "/var" "/var/log" "/var/lib" "/etc" ]) - (attrValues config.fileSystems); + # + # We need to guarantee that / is the first filesystem in the list so + # that if and when lustrateRoot is invoked, nothing else is mounted + fileSystems = let + filterNeeded = filter + (fs: fs.mountPoint != "/" && (fs.neededForBoot || elem fs.mountPoint [ "/nix" "/nix/store" "/var" "/var/log" "/var/lib" "/etc" ])); + filterRoot = filter + (fs: fs.mountPoint == "/"); + allFileSystems = attrValues config.fileSystems; + in (filterRoot allFileSystems) ++ (filterNeeded allFileSystems); udevRules = pkgs.stdenv.mkDerivation { |