diff options
Diffstat (limited to 'nixos/modules/tasks')
-rw-r--r-- | nixos/modules/tasks/filesystems/btrfs.nix | 17 | ||||
-rw-r--r-- | nixos/modules/tasks/filesystems/cifs.nix | 2 | ||||
-rw-r--r-- | nixos/modules/tasks/filesystems/ext.nix | 2 | ||||
-rw-r--r-- | nixos/modules/tasks/filesystems/f2fs.nix | 2 | ||||
-rw-r--r-- | nixos/modules/tasks/filesystems/jfs.nix | 2 | ||||
-rw-r--r-- | nixos/modules/tasks/filesystems/reiserfs.nix | 2 | ||||
-rw-r--r-- | nixos/modules/tasks/filesystems/vfat.nix | 2 | ||||
-rw-r--r-- | nixos/modules/tasks/filesystems/xfs.nix | 2 | ||||
-rw-r--r-- | nixos/modules/tasks/filesystems/zfs.nix | 10 | ||||
-rw-r--r-- | nixos/modules/tasks/network-interfaces-scripted.nix | 2 | ||||
-rw-r--r-- | nixos/modules/tasks/network-interfaces-systemd.nix | 65 | ||||
-rw-r--r-- | nixos/modules/tasks/network-interfaces.nix | 53 |
12 files changed, 87 insertions, 74 deletions
diff --git a/nixos/modules/tasks/filesystems/btrfs.nix b/nixos/modules/tasks/filesystems/btrfs.nix index 82fdd6058710..87fe326c0974 100644 --- a/nixos/modules/tasks/filesystems/btrfs.nix +++ b/nixos/modules/tasks/filesystems/btrfs.nix @@ -52,34 +52,37 @@ in config = mkMerge [ (mkIf enableBtrfs { system.fsPackages = [ pkgs.btrfs-progs ]; + }) - boot.initrd.kernelModules = mkIf inInitrd [ "btrfs" ]; - boot.initrd.availableKernelModules = mkIf inInitrd ( + (mkIf inInitrd { + boot.initrd.kernelModules = [ "btrfs" ]; + boot.initrd.availableKernelModules = [ "crc32c" ] ++ optionals (config.boot.kernelPackages.kernel.kernelAtLeast "5.5") [ # Needed for mounting filesystems with new checksums "xxhash_generic" "blake2b_generic" "sha256_generic" # Should be baked into our kernel, just to be sure - ] - ); + ]; - boot.initrd.extraUtilsCommands = mkIf (inInitrd && !config.boot.initrd.systemd.enable) + boot.initrd.extraUtilsCommands = mkIf (!config.boot.initrd.systemd.enable) '' copy_bin_and_libs ${pkgs.btrfs-progs}/bin/btrfs ln -sv btrfs $out/bin/btrfsck ln -sv btrfsck $out/bin/fsck.btrfs ''; - boot.initrd.extraUtilsCommandsTest = mkIf (inInitrd && !config.boot.initrd.systemd.enable) + boot.initrd.extraUtilsCommandsTest = mkIf (!config.boot.initrd.systemd.enable) '' $out/bin/btrfs --version ''; - boot.initrd.postDeviceCommands = mkIf (inInitrd && !config.boot.initrd.systemd.enable) + boot.initrd.postDeviceCommands = mkIf (!config.boot.initrd.systemd.enable) '' btrfs device scan ''; + + boot.initrd.systemd.initrdBin = [ pkgs.btrfs-progs ]; }) (mkIf enableAutoScrub { diff --git a/nixos/modules/tasks/filesystems/cifs.nix b/nixos/modules/tasks/filesystems/cifs.nix index 0de292a69208..837b9e19bfb9 100644 --- a/nixos/modules/tasks/filesystems/cifs.nix +++ b/nixos/modules/tasks/filesystems/cifs.nix @@ -21,5 +21,7 @@ in copy_bin_and_libs ${pkgs.cifs-utils}/sbin/mount.cifs ''; + boot.initrd.systemd.extraBin."mount.cifs" = mkIf inInitrd "${pkgs.cifs-utils}/sbin/mount.cifs"; + }; } diff --git a/nixos/modules/tasks/filesystems/ext.nix b/nixos/modules/tasks/filesystems/ext.nix index edc0efc55213..1c34ee2c7035 100644 --- a/nixos/modules/tasks/filesystems/ext.nix +++ b/nixos/modules/tasks/filesystems/ext.nix @@ -25,5 +25,7 @@ in ln -sv e2fsck $out/bin/fsck.ext4 ''; + boot.initrd.systemd.initrdBin = lib.mkIf inInitrd [ pkgs.e2fsprogs ]; + }; } diff --git a/nixos/modules/tasks/filesystems/f2fs.nix b/nixos/modules/tasks/filesystems/f2fs.nix index 035784f43df8..4f99f9a57fa6 100644 --- a/nixos/modules/tasks/filesystems/f2fs.nix +++ b/nixos/modules/tasks/filesystems/f2fs.nix @@ -16,5 +16,7 @@ in boot.initrd.extraUtilsCommands = mkIf (inInitrd && !config.boot.initrd.systemd.enable) '' copy_bin_and_libs ${pkgs.f2fs-tools}/sbin/fsck.f2fs ''; + + boot.initrd.systemd.initrdBin = mkIf inInitrd [ pkgs.f2fs-tools ]; }; } diff --git a/nixos/modules/tasks/filesystems/jfs.nix b/nixos/modules/tasks/filesystems/jfs.nix index 6d80c4c657da..b5132b4caa33 100644 --- a/nixos/modules/tasks/filesystems/jfs.nix +++ b/nixos/modules/tasks/filesystems/jfs.nix @@ -15,5 +15,7 @@ in boot.initrd.extraUtilsCommands = mkIf (inInitrd && !config.boot.initrd.systemd.enable) '' copy_bin_and_libs ${pkgs.jfsutils}/sbin/fsck.jfs ''; + + boot.initrd.systemd.initrdBin = mkIf inInitrd [ pkgs.jfsutils ]; }; } diff --git a/nixos/modules/tasks/filesystems/reiserfs.nix b/nixos/modules/tasks/filesystems/reiserfs.nix index 7b017a83db84..3c6a0f0cd917 100644 --- a/nixos/modules/tasks/filesystems/reiserfs.nix +++ b/nixos/modules/tasks/filesystems/reiserfs.nix @@ -21,5 +21,7 @@ in ln -s reiserfsck $out/bin/fsck.reiserfs ''; + boot.initrd.systemd.initrdBin = mkIf inInitrd [ pkgs.reiserfsprogs ]; + }; } diff --git a/nixos/modules/tasks/filesystems/vfat.nix b/nixos/modules/tasks/filesystems/vfat.nix index 5421b617b43b..e535e97759b2 100644 --- a/nixos/modules/tasks/filesystems/vfat.nix +++ b/nixos/modules/tasks/filesystems/vfat.nix @@ -21,5 +21,7 @@ in ln -sv dosfsck $out/bin/fsck.vfat ''; + boot.initrd.systemd.extraBin = mkIf inInitrd [ pkgs.dosfstools ]; + }; } diff --git a/nixos/modules/tasks/filesystems/xfs.nix b/nixos/modules/tasks/filesystems/xfs.nix index f81f58646551..76f31e660ad3 100644 --- a/nixos/modules/tasks/filesystems/xfs.nix +++ b/nixos/modules/tasks/filesystems/xfs.nix @@ -26,5 +26,7 @@ in '' sed -i -e 's,^#!.*,#!'$out/bin/sh, $out/bin/fsck.xfs ''; + + boot.initrd.systemd.initrdBin = mkIf inInitrd [ pkgs.xfsprogs.bin ]; }; } diff --git a/nixos/modules/tasks/filesystems/zfs.nix b/nixos/modules/tasks/filesystems/zfs.nix index 5cf863c87f27..082634ec9d01 100644 --- a/nixos/modules/tasks/filesystems/zfs.nix +++ b/nixos/modules/tasks/filesystems/zfs.nix @@ -90,12 +90,17 @@ let getPoolMounts = prefix: pool: let + poolFSes = getPoolFilesystems pool; + # Remove the "/" suffix because even though most mountpoints # won't have it, the "/" mountpoint will, and we can't have the # trailing slash in "/sysroot/" in stage 1. mountPoint = fs: escapeSystemdPath (prefix + (lib.removeSuffix "/" fs.mountPoint)); + + hasUsr = lib.any (fs: fs.mountPoint == "/usr") poolFSes; in - map (x: "${mountPoint x}.mount") (getPoolFilesystems pool); + map (x: "${mountPoint x}.mount") poolFSes + ++ lib.optional hasUsr "sysusr-usr.mount"; getKeyLocations = pool: if isBool cfgZfs.requestEncryptionCredentials then { hasKeys = cfgZfs.requestEncryptionCredentials; @@ -632,7 +637,8 @@ in targets.zfs-import.wantedBy = [ "zfs.target" ]; targets.zfs.wantedBy = [ "initrd.target" ]; extraBin = { - # zpool and zfs are already in thanks to fsPackages + zpool = "${cfgZfs.package}/sbin/zpool"; + zfs = "${cfgZfs.package}/sbin/zfs"; awk = "${pkgs.gawk}/bin/awk"; }; }; diff --git a/nixos/modules/tasks/network-interfaces-scripted.nix b/nixos/modules/tasks/network-interfaces-scripted.nix index 67ef152c4b65..da4aa916d655 100644 --- a/nixos/modules/tasks/network-interfaces-scripted.nix +++ b/nixos/modules/tasks/network-interfaces-scripted.nix @@ -61,8 +61,6 @@ let MACAddress = i.macAddress; } // optionalAttrs (i.mtu != null) { MTUBytes = toString i.mtu; - } // optionalAttrs (i.wakeOnLan.enable == true) { - WakeOnLan = concatStringsSep " " i.wakeOnLan.policy; }; }; in listToAttrs (map createNetworkLink interfaces); diff --git a/nixos/modules/tasks/network-interfaces-systemd.nix b/nixos/modules/tasks/network-interfaces-systemd.nix index 86eed4214f89..cee23eb24406 100644 --- a/nixos/modules/tasks/network-interfaces-systemd.nix +++ b/nixos/modules/tasks/network-interfaces-systemd.nix @@ -28,21 +28,20 @@ let # TODO: warn the user that any address configured on those interfaces will be useless ++ concatMap (i: attrNames (filterAttrs (_: config: config.type != "internal") i.interfaces)) (attrValues cfg.vswitches); - domains = cfg.search ++ (optional (cfg.domain != null) cfg.domain); - genericNetwork = override: - let gateway = optional (cfg.defaultGateway != null && (cfg.defaultGateway.address or "") != "") cfg.defaultGateway.address - ++ optional (cfg.defaultGateway6 != null && (cfg.defaultGateway6.address or "") != "") cfg.defaultGateway6.address; - makeGateway = gateway: { + defaultGateways = mkMerge (forEach [ cfg.defaultGateway cfg.defaultGateway6 ] (gateway: + optionalAttrs (gateway != null && gateway.interface != null) { + networks."40-${gateway.interface}" = { + matchConfig.Name = gateway.interface; + routes = [{ routeConfig = { - Gateway = gateway; - GatewayOnLink = false; + Gateway = gateway.address; + } // optionalAttrs (gateway.metric != null) { + Metric = gateway.metric; }; - }; - in optionalAttrs (gateway != [ ]) { - routes = override (map makeGateway gateway); - } // optionalAttrs (domains != [ ]) { - domains = override domains; - }; + }]; + }; + } + )); genericDhcpNetworks = initrd: mkIf cfg.useDHCP { networks."99-ethernet-default-dhcp" = { @@ -89,10 +88,10 @@ let }; }; }); - networks."40-${i.name}" = mkMerge [ (genericNetwork id) { + networks."40-${i.name}" = { name = mkDefault i.name; DHCP = mkForce (dhcpStr - (if i.useDHCP != null then i.useDHCP else false)); + (if i.useDHCP != null then i.useDHCP else (config.networking.useDHCP && i.ipv4.addresses == [ ]))); address = forEach (interfaceIps i) (ip: "${ip.address}/${toString ip.prefixLength}"); routes = forEach (interfaceRoutes i) @@ -161,7 +160,7 @@ let } // optionalAttrs (i.mtu != null) { MTUBytes = toString i.mtu; }; - }]; + }; })); bridgeNetworks = mkMerge (flip mapAttrsToList cfg.bridges (name: bridge: { @@ -172,10 +171,10 @@ let }; }; networks = listToAttrs (forEach bridge.interfaces (bi: - nameValuePair "40-${bi}" (mkMerge [ (genericNetwork (mkOverride 999)) { + nameValuePair "40-${bi}" { DHCP = mkOverride 0 (dhcpStr false); networkConfig.Bridge = name; - } ]))); + })); })); vlanNetworks = mkMerge (flip mapAttrsToList cfg.vlans (name: vlan: { @@ -186,9 +185,9 @@ let }; vlanConfig.Id = vlan.id; }; - networks."40-${vlan.interface}" = (mkMerge [ (genericNetwork (mkOverride 999)) { + networks."40-${vlan.interface}" = { vlan = [ name ]; - } ]); + }; })); in @@ -201,6 +200,7 @@ in # initrd.systemd.network.enable. By setting the latter and not the # former, the user retains full control over the configuration. boot.initrd.systemd.network = mkMerge [ + defaultGateways (genericDhcpNetworks true) interfaceNetworks bridgeNetworks @@ -217,11 +217,11 @@ in assertion = cfg.defaultGatewayWindowSize == null; message = "networking.defaultGatewayWindowSize is not supported by networkd."; } { - assertion = cfg.defaultGateway == null || cfg.defaultGateway.interface == null; - message = "networking.defaultGateway.interface is not supported by networkd."; + assertion = cfg.defaultGateway != null -> cfg.defaultGateway.interface != null; + message = "networking.defaultGateway.interface is not optional when using networkd."; } { - assertion = cfg.defaultGateway6 == null || cfg.defaultGateway6.interface == null; - message = "networking.defaultGateway6.interface is not supported by networkd."; + assertion = cfg.defaultGateway6 != null -> cfg.defaultGateway6.interface != null; + message = "networking.defaultGateway6.interface is not optional when using networkd."; } ] ++ flip mapAttrsToList cfg.bridges (n: { rstp, ... }: { assertion = !rstp; message = "networking.bridges.${n}.rstp is not supported by networkd."; @@ -236,6 +236,7 @@ in mkMerge [ { enable = true; } + defaultGateways (genericDhcpNetworks false) interfaceNetworks bridgeNetworks @@ -305,10 +306,10 @@ in }; networks = listToAttrs (forEach bond.interfaces (bi: - nameValuePair "40-${bi}" (mkMerge [ (genericNetwork (mkOverride 999)) { + nameValuePair "40-${bi}" { DHCP = mkOverride 0 (dhcpStr false); networkConfig.Bond = name; - } ]))); + })); }))) (mkMerge (flip mapAttrsToList cfg.macvlans (name: macvlan: { netdevs."40-${name}" = { @@ -318,9 +319,9 @@ in }; macvlanConfig = optionalAttrs (macvlan.mode != null) { Mode = macvlan.mode; }; }; - networks."40-${macvlan.interface}" = (mkMerge [ (genericNetwork (mkOverride 999)) { + networks."40-${macvlan.interface}" = { macvlan = [ name ]; - } ]); + }; }))) (mkMerge (flip mapAttrsToList cfg.fooOverUDP (name: fou: { netdevs."40-${name}" = { @@ -365,9 +366,9 @@ in }))); }; networks = mkIf (sit.dev != null) { - "40-${sit.dev}" = (mkMerge [ (genericNetwork (mkOverride 999)) { + "40-${sit.dev}" = { tunnel = [ name ]; - } ]); + }; }; }))) (mkMerge (flip mapAttrsToList cfg.greTunnels (name: gre: { @@ -386,9 +387,9 @@ in }); }; networks = mkIf (gre.dev != null) { - "40-${gre.dev}" = (mkMerge [ (genericNetwork (mkOverride 999)) { + "40-${gre.dev}" = { tunnel = [ name ]; - } ]); + }; }; }))) vlanNetworks diff --git a/nixos/modules/tasks/network-interfaces.nix b/nixos/modules/tasks/network-interfaces.nix index fe77a444595a..853a2cb31432 100644 --- a/nixos/modules/tasks/network-interfaces.nix +++ b/nixos/modules/tasks/network-interfaces.nix @@ -190,9 +190,11 @@ let type = types.nullOr types.bool; default = null; description = lib.mdDoc '' - Whether this interface should be configured with dhcp. - Null implies the old behavior which depends on whether ip addresses - are specified or not. + Whether this interface should be configured with DHCP. Overrides the + default set by {option}`networking.useDHCP`. If `null` (the default), + DHCP is enabled if the interface has no IPv4 addresses configured + with {option}`networking.interfaces.<name>.ipv4.addresses`, and + disabled otherwise. ''; }; @@ -640,9 +642,7 @@ in } ]; }; description = lib.mdDoc '' - The configuration for each network interface. If - {option}`networking.useDHCP` is true, then every - interface not listed here will be configured using DHCP. + The configuration for each network interface. Please note that {option}`systemd.network.netdevs` has more features and is better maintained. When building new things, it is advised to @@ -1304,8 +1304,8 @@ in default = true; description = lib.mdDoc '' Whether to use DHCP to obtain an IP address and other - configuration for all network interfaces that are not manually - configured. + configuration for all network interfaces that do not have any manually + configured IPv4 addresses. ''; }; @@ -1344,7 +1344,10 @@ in config = { - warnings = concatMap (i: i.warnings) interfaces; + warnings = (concatMap (i: i.warnings) interfaces) ++ (lib.optional + (config.systemd.network.enable && cfg.useDHCP && !cfg.useNetworkd) '' + The combination of `systemd.network.enable = true`, `networking.useDHCP = true` and `networking.useNetworkd = false` can cause both networkd and dhcpcd to manage the same interfaces. This can lead to loss of networking. It is recommended you choose only one of networkd (by also enabling `networking.useNetworkd`) or scripting (by disabling `systemd.network.enable`) + ''); assertions = (forEach interfaces (i: { @@ -1403,28 +1406,6 @@ in val = tempaddrValues.${opt}.sysctl; in nameValuePair "net.ipv6.conf.${replaceStrings ["."] ["/"] i.name}.use_tempaddr" val)); - security.wrappers = { - ping = { - owner = "root"; - group = "root"; - capabilities = "cap_net_raw+p"; - source = "${pkgs.iputils.out}/bin/ping"; - }; - }; - security.apparmor.policies."bin.ping".profile = lib.mkIf config.security.apparmor.policies."bin.ping".enable (lib.mkAfter '' - /run/wrappers/bin/ping { - include <abstractions/base> - include <nixos/security.wrappers/ping> - rpx /run/wrappers/wrappers.*/ping, - } - /run/wrappers/wrappers.*/ping { - include <abstractions/base> - include <nixos/security.wrappers/ping> - capability net_raw, - capability setpcap, - } - ''); - # Set the host and domain names in the activation script. Don't # clear it if it's not configured in the NixOS configuration, # since it may have been set by dhcpcd in the meantime. @@ -1460,6 +1441,16 @@ in ] ++ bridgeStp; + # Wake-on-LAN configuration is shared by the scripted and networkd backends. + systemd.network.links = pipe interfaces [ + (filter (i: i.wakeOnLan.enable)) + (map (i: nameValuePair "40-${i.name}" { + matchConfig.OriginalName = i.name; + linkConfig.WakeOnLan = concatStringsSep " " i.wakeOnLan.policy; + })) + listToAttrs + ]; + # The network-interfaces target is kept for backwards compatibility. # New modules must NOT use it. systemd.targets.network-interfaces = |