diff options
Diffstat (limited to 'nixos/modules/config')
| -rw-r--r-- | nixos/modules/config/ldso.nix | 58 | ||||
| -rw-r--r-- | nixos/modules/config/stub-ld.nix | 56 | ||||
| -rw-r--r-- | nixos/modules/config/sysctl.nix | 24 | ||||
| -rw-r--r-- | nixos/modules/config/users-groups.nix | 2 |
4 files changed, 131 insertions, 9 deletions
diff --git a/nixos/modules/config/ldso.nix b/nixos/modules/config/ldso.nix new file mode 100644 index 000000000000..e5ae13a21145 --- /dev/null +++ b/nixos/modules/config/ldso.nix @@ -0,0 +1,58 @@ +{ config, lib, pkgs, ... }: + +let + inherit (lib) last splitString mkOption types mdDoc optionals; + + libDir = pkgs.stdenv.hostPlatform.libDir; + ldsoBasename = last (splitString "/" pkgs.stdenv.cc.bintools.dynamicLinker); + + pkgs32 = pkgs.pkgsi686Linux; + libDir32 = pkgs32.stdenv.hostPlatform.libDir; + ldsoBasename32 = last (splitString "/" pkgs32.stdenv.cc.bintools.dynamicLinker); +in { + options = { + environment.ldso = mkOption { + type = types.nullOr types.path; + default = null; + description = mdDoc '' + The executable to link into the normal FHS location of the ELF loader. + ''; + }; + + environment.ldso32 = mkOption { + type = types.nullOr types.path; + default = null; + description = mdDoc '' + The executable to link into the normal FHS location of the 32-bit ELF loader. + + This currently only works on x86_64 architectures. + ''; + }; + }; + + config = { + assertions = [ + { assertion = isNull config.environment.ldso32 || pkgs.stdenv.isx86_64; + message = "Option environment.ldso32 currently only works on x86_64."; + } + ]; + + systemd.tmpfiles.rules = ( + if isNull config.environment.ldso then [ + "r /${libDir}/${ldsoBasename} - - - - -" + ] else [ + "d /${libDir} 0755 root root - -" + "L+ /${libDir}/${ldsoBasename} - - - - ${config.environment.ldso}" + ] + ) ++ optionals pkgs.stdenv.isx86_64 ( + if isNull config.environment.ldso32 then [ + "r /${libDir32}/${ldsoBasename32} - - - - -" + ] else [ + "d /${libDir32} 0755 root root - -" + "L+ /${libDir32}/${ldsoBasename32} - - - - ${config.environment.ldso32}" + ] + ); + }; + + meta.maintainers = with lib.maintainers; [ tejing ]; +} diff --git a/nixos/modules/config/stub-ld.nix b/nixos/modules/config/stub-ld.nix new file mode 100644 index 000000000000..14c07466d061 --- /dev/null +++ b/nixos/modules/config/stub-ld.nix @@ -0,0 +1,56 @@ +{ config, lib, pkgs, ... }: + +let + inherit (lib) optionalString mkOption types mdDoc mkIf mkDefault; + + cfg = config.environment.stub-ld; + + message = '' + NixOS cannot run dynamically linked executables intended for generic + linux environments out of the box. For more information, see: + https://nix.dev/permalink/stub-ld + ''; + + stub-ld-for = pkgsArg: messageArg: pkgsArg.pkgsStatic.runCommandCC "stub-ld" { + nativeBuildInputs = [ pkgsArg.unixtools.xxd ]; + inherit messageArg; + } '' + printf "%s" "$messageArg" | xxd -i -n message >main.c + cat <<EOF >>main.c + #include <stdio.h> + int main(int argc, char * argv[]) { + fprintf(stderr, "Could not start dynamically linked executable: %s\n", argv[0]); + fwrite(message, sizeof(unsigned char), message_len, stderr); + return 127; // matches behavior of bash and zsh without a loader. fish uses 139 + } + EOF + $CC -Os main.c -o $out + ''; + + pkgs32 = pkgs.pkgsi686Linux; + + stub-ld = stub-ld-for pkgs message; + stub-ld32 = stub-ld-for pkgs32 message; +in { + options = { + environment.stub-ld = { + enable = mkOption { + type = types.bool; + default = true; + example = false; + description = mdDoc '' + Install a stub ELF loader to print an informative error message + in the event that a user attempts to run an ELF binary not + compiled for NixOS. + ''; + }; + }; + }; + + config = mkIf cfg.enable { + environment.ldso = mkDefault stub-ld; + environment.ldso32 = mkIf pkgs.stdenv.isx86_64 (mkDefault stub-ld32); + }; + + meta.maintainers = with lib.maintainers; [ tejing ]; +} diff --git a/nixos/modules/config/sysctl.nix b/nixos/modules/config/sysctl.nix index 452c050b6dda..b779f12aca30 100644 --- a/nixos/modules/config/sysctl.nix +++ b/nixos/modules/config/sysctl.nix @@ -21,19 +21,27 @@ in options = { boot.kernel.sysctl = mkOption { - type = types.submodule { + type = let + highestValueType = types.ints.unsigned // { + merge = loc: defs: + foldl + (a: b: if b.value == null then null else lib.max a b.value) + 0 + (filterOverrides defs); + }; + in types.submodule { freeformType = types.attrsOf sysctlOption; options."net.core.rmem_max" = mkOption { - type = types.nullOr types.ints.unsigned // { - merge = loc: defs: - foldl - (a: b: if b.value == null then null else lib.max a b.value) - 0 - (filterOverrides defs); - }; + type = types.nullOr highestValueType; default = null; description = lib.mdDoc "The maximum socket receive buffer size. In case of conflicting values, the highest will be used."; }; + + options."net.core.wmem_max" = mkOption { + type = types.nullOr highestValueType; + default = null; + description = lib.mdDoc "The maximum socket send buffer size. In case of conflicting values, the highest will be used."; + }; }; default = {}; example = literalExpression '' diff --git a/nixos/modules/config/users-groups.nix b/nixos/modules/config/users-groups.nix index 39aac9fb821b..2aed620eb154 100644 --- a/nixos/modules/config/users-groups.nix +++ b/nixos/modules/config/users-groups.nix @@ -475,7 +475,7 @@ let sdInitrdUidsAreUnique = idsAreUnique (filterAttrs (n: u: u.uid != null) config.boot.initrd.systemd.users) "uid"; sdInitrdGidsAreUnique = idsAreUnique (filterAttrs (n: g: g.gid != null) config.boot.initrd.systemd.groups) "gid"; groupNames = lib.mapAttrsToList (n: g: g.name) cfg.groups; - usersWithoutExistingGroup = lib.filterAttrs (n: u: !lib.elem u.group groupNames) cfg.users; + usersWithoutExistingGroup = lib.filterAttrs (n: u: u.group != "" && !lib.elem u.group groupNames) cfg.users; spec = pkgs.writeText "users-groups.json" (builtins.toJSON { inherit (cfg) mutableUsers; |