diff options
Diffstat (limited to 'nixos')
61 files changed, 643 insertions, 80 deletions
diff --git a/nixos/doc/manual/administration/cleaning-store.xml b/nixos/doc/manual/administration/cleaning-store.xml index ee201982a40b..f078b8c3ba37 100644 --- a/nixos/doc/manual/administration/cleaning-store.xml +++ b/nixos/doc/manual/administration/cleaning-store.xml @@ -50,4 +50,14 @@ $ nix-store --optimise Since this command needs to read the entire Nix store, it can take quite a while to finish. </para> + <section xml:id="sect-nixos-gc-boot-entries"> + <title>NixOS Boot Entries</title> + + <para> + If your <filename>/boot</filename> partition runs out of space, after + clearing old profiles you must rebuild your system with + <literal>nixos-rebuild</literal> to update the <filename>/boot</filename> + partition and clear space. + </para> + </section> </chapter> diff --git a/nixos/doc/manual/installation/installing-behind-a-proxy.xml b/nixos/doc/manual/installation/installing-behind-a-proxy.xml new file mode 100644 index 000000000000..c59d073c61c7 --- /dev/null +++ b/nixos/doc/manual/installation/installing-behind-a-proxy.xml @@ -0,0 +1,47 @@ +<section xmlns="http://docbook.org/ns/docbook" + xmlns:xlink="http://www.w3.org/1999/xlink" + xmlns:xi="http://www.w3.org/2001/XInclude" + version="5.0" + xml:id="sec-installing-behind-proxy"> + <title>Installing behind a proxy</title> + +<para> + To install NixOS behind a proxy, do the following before running + <literal>nixos-install</literal>. +</para> +<orderedlist numeration="arabic"> + <listitem> + <para> + Update proxy configuration in + <literal>/mnt/etc/nixos/configuration.nix</literal> to keep the + internet accessible after reboot. + </para> + <programlisting> +networking.proxy.default = "http://user:password@proxy:port/"; +networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; +</programlisting> + </listitem> + <listitem> + <para> + Setup the proxy environment variables in the shell where you are + running <literal>nixos-install</literal>. + </para> + <programlisting> +# proxy_url="http://user:password@proxy:port/" +# export http_proxy="$proxy_url" +# export HTTP_PROXY="$proxy_url" +# export https_proxy="$proxy_url" +# export HTTPS_PROXY="$proxy_url" +</programlisting> + </listitem> +</orderedlist> + +<note> +<para> + If you are switching networks with different proxy configurations, use the + <literal>nesting.clone</literal> option in + <literal>configuration.nix</literal> to switch proxies at runtime. + Refer to <xref linkend="ch-options" /> for more information. +</para> +</note> +</section> diff --git a/nixos/doc/manual/installation/installing.xml b/nixos/doc/manual/installation/installing.xml index 6f8e0f613b19..916384559e24 100644 --- a/nixos/doc/manual/installation/installing.xml +++ b/nixos/doc/manual/installation/installing.xml @@ -443,4 +443,5 @@ $ nix-env -i w3m</screen> <xi:include href="installing-pxe.xml" /> <xi:include href="installing-virtualbox-guest.xml" /> <xi:include href="installing-from-other-distro.xml" /> + <xi:include href="installing-behind-a-proxy.xml" /> </chapter> diff --git a/nixos/doc/manual/release-notes/rl-1809.xml b/nixos/doc/manual/release-notes/rl-1809.xml index db9e13da0654..421208ec0f8c 100644 --- a/nixos/doc/manual/release-notes/rl-1809.xml +++ b/nixos/doc/manual/release-notes/rl-1809.xml @@ -141,6 +141,50 @@ $ nix-instantiate -E '(import <nixpkgsunstable> {}).gitFull' </listitem> <listitem> <para> + The minimum version of Nix required to evaluate Nixpkgs is now 2.0. + </para> + <itemizedlist> + <listitem> + <para> + For users of NixOS 18.03, NixOS 18.03 defaulted to Nix 2.0, but + supported using Nix 1.11 by setting <literal>nix.package = + pkgs.nix1;</literal>. If this option is set to a Nix 1.11 package, you + will need to either unset the option or upgrade it to Nix 2.0. + </para> + </listitem> + <listitem> + <para> + For users of NixOS 17.09, you will first need to upgrade Nix by setting + <literal>nix.package = pkgs.nixStable2;</literal> and run + <command>nixos-rebuild switch</command> as the <literal>root</literal> + user. + </para> + </listitem> + <listitem> + <para> + For users of a daemon-less Nix installation on Linux or macOS, you can + upgrade Nix by running <command>curl https://nixos.org/nix/install | + sh</command>, or prior to doing a channel update, running + <command>nix-env -iA nix</command>. + </para> + <para> + If you have already run a channel update and Nix is no longer able to + evaluate Nixpkgs, the error message printed should provide adequate + directions for upgrading Nix. + </para> + </listitem> + <listitem> + <para> + For users of the Nix daemon on macOS, you can upgrade Nix by running + <command>sudo -i sh -c 'nix-channel --update && nix-env -iA + nixpkgs.nix'; sudo launchctl stop org.nixos.nix-daemon; sudo launchctl + start org.nixos.nix-daemon</command>. + </para> + </listitem> + </itemizedlist> + </listitem> + <listitem> + <para> <literal>lib.strict</literal> is removed. Use <literal>builtins.seq</literal> instead. </para> @@ -477,6 +521,13 @@ inherit (pkgs.nixos { all user units for each authenticated user. </para> </listitem> + <listitem> + <para> + The default display manager is now LightDM. + To use SLiM set <literal>services.xserver.displayManager.slim.enable</literal> + to <literal>true</literal>. + </para> + </listitem> </itemizedlist> </section> </section> diff --git a/nixos/lib/make-system-tarball.nix b/nixos/lib/make-system-tarball.nix index 92539235be75..846013b02d14 100644 --- a/nixos/lib/make-system-tarball.nix +++ b/nixos/lib/make-system-tarball.nix @@ -1,7 +1,7 @@ { stdenv, perl, pixz, pathsFromGraph , # The file name of the resulting tarball - fileName ? "nixos-system-${stdenv.system}" + fileName ? "nixos-system-${stdenv.hostPlatform.system}" , # The files and directories to be placed in the tarball. # This is a list of attribute sets {source, target} where `source' diff --git a/nixos/lib/qemu-flags.nix b/nixos/lib/qemu-flags.nix index f115ca5ac000..779f0377a512 100644 --- a/nixos/lib/qemu-flags.nix +++ b/nixos/lib/qemu-flags.nix @@ -14,12 +14,12 @@ in qemuSerialDevice = if pkgs.stdenv.isi686 || pkgs.stdenv.isx86_64 then "ttyS0" else if pkgs.stdenv.isAarch32 || pkgs.stdenv.isAarch64 then "ttyAMA0" - else throw "Unknown QEMU serial device for system '${pkgs.stdenv.system}'"; + else throw "Unknown QEMU serial device for system '${pkgs.stdenv.hostPlatform.system}'"; qemuBinary = qemuPkg: { "x86_64-linux" = "${qemuPkg}/bin/qemu-kvm -cpu kvm64"; "armv7l-linux" = "${qemuPkg}/bin/qemu-system-arm -enable-kvm -machine virt -cpu host"; "aarch64-linux" = "${qemuPkg}/bin/qemu-system-aarch64 -enable-kvm -machine virt,gic-version=host -cpu host"; "x86_64-darwin" = "${qemuPkg}/bin/qemu-kvm -cpu kvm64"; - }.${pkgs.stdenv.system} or "${qemuPkg}/bin/qemu-kvm"; + }.${pkgs.stdenv.hostPlatform.system} or "${qemuPkg}/bin/qemu-kvm"; } diff --git a/nixos/modules/config/system-path.nix b/nixos/modules/config/system-path.nix index 19c7b7cabfcc..3c24dab85e4d 100644 --- a/nixos/modules/config/system-path.nix +++ b/nixos/modules/config/system-path.nix @@ -81,6 +81,12 @@ in description = "List of additional package outputs to be symlinked into <filename>/run/current-system/sw</filename>."; }; + extraSetup = mkOption { + type = types.lines; + default = ""; + description = "Shell fragments to be run after the system environment has been created. This should only be used for things that need to modify the internals of the environment, e.g. generating MIME caches. The environment being built can be accessed at $out."; + }; + }; system = { @@ -107,12 +113,7 @@ in "/etc/gtk-3.0" "/lib" # FIXME: remove and update debug-info.nix "/sbin" - "/share/applications" - "/share/desktop-directories" "/share/emacs" - "/share/icons" - "/share/menus" - "/share/mime" "/share/nano" "/share/org" "/share/themes" @@ -132,10 +133,6 @@ in # outputs TODO: note that the tools will often not be linked by default postBuild = '' - if [ -x $out/bin/update-mime-database -a -w $out/share/mime ]; then - XDG_DATA_DIRS=$out/share $out/bin/update-mime-database -V $out/share/mime > /dev/null - fi - if [ -x $out/bin/gtk-update-icon-cache -a -f $out/share/icons/hicolor/index.theme ]; then $out/bin/gtk-update-icon-cache $out/share/icons/hicolor fi @@ -143,17 +140,8 @@ in if [ -x $out/bin/glib-compile-schemas -a -w $out/share/glib-2.0/schemas ]; then $out/bin/glib-compile-schemas $out/share/glib-2.0/schemas fi - - if [ -x $out/bin/update-desktop-database -a -w $out/share/applications ]; then - $out/bin/update-desktop-database $out/share/applications - fi - - if [ -x $out/bin/install-info -a -w $out/share/info ]; then - shopt -s nullglob - for i in $out/share/info/*.info $out/share/info/*.info.gz; do - $out/bin/install-info $i $out/share/info/dir - done - fi + + ${config.environment.extraSetup} ''; }; diff --git a/nixos/modules/config/xdg/autostart.nix b/nixos/modules/config/xdg/autostart.nix new file mode 100644 index 000000000000..0ee94fed818b --- /dev/null +++ b/nixos/modules/config/xdg/autostart.nix @@ -0,0 +1,22 @@ +{ config, lib, ... }: + +with lib; +{ + options = { + xdg.autostart.enable = mkOption { + type = types.bool; + default = true; + description = '' + Whether to install files to support the + <link xlink:href="https://specifications.freedesktop.org/autostart-spec/autostart-spec-latest.html">XDG Autostart specification</link>. + ''; + }; + }; + + config = mkIf config.xdg.autostart.enable { + environment.pathsToLink = [ + "/etc/xdg/autostart" + ]; + }; + +} diff --git a/nixos/modules/config/xdg/icons.nix b/nixos/modules/config/xdg/icons.nix new file mode 100644 index 000000000000..8268a3771a0e --- /dev/null +++ b/nixos/modules/config/xdg/icons.nix @@ -0,0 +1,27 @@ +{ config, lib, ... }: + +with lib; +{ + options = { + xdg.icons.enable = mkOption { + type = types.bool; + default = true; + description = '' + Whether to install files to support the + <link xlink:href="https://specifications.freedesktop.org/icon-theme-spec/icon-theme-spec-latest.html">XDG Icon Theme specification</link>. + ''; + }; + }; + + config = mkIf config.xdg.icons.enable { + environment.pathsToLink = [ + "/share/icons" + "/share/pixmaps" + ]; + + environment.profileRelativeEnvVars = { + XCURSOR_PATH = [ "/share/icons" ]; + }; + }; + +} diff --git a/nixos/modules/config/xdg/menus.nix b/nixos/modules/config/xdg/menus.nix new file mode 100644 index 000000000000..c172692df5d7 --- /dev/null +++ b/nixos/modules/config/xdg/menus.nix @@ -0,0 +1,25 @@ +{ config, lib, ... }: + +with lib; +{ + options = { + xdg.menus.enable = mkOption { + type = types.bool; + default = true; + description = '' + Whether to install files to support the + <link xlink:href="https://specifications.freedesktop.org/menu-spec/menu-spec-latest.html">XDG Desktop Menu specification</link>. + ''; + }; + }; + + config = mkIf config.xdg.menus.enable { + environment.pathsToLink = [ + "/share/applications" + "/share/desktop-directories" + "/etc/xdg/menus" + "/etc/xdg/menus/applications-merged" + ]; + }; + +} diff --git a/nixos/modules/config/xdg/mime.nix b/nixos/modules/config/xdg/mime.nix new file mode 100644 index 000000000000..f1b672234a34 --- /dev/null +++ b/nixos/modules/config/xdg/mime.nix @@ -0,0 +1,36 @@ +{ config, lib, pkgs, ... }: + +with lib; +{ + options = { + xdg.mime.enable = mkOption { + type = types.bool; + default = true; + description = '' + Whether to install files to support the + <link xlink:href="https://specifications.freedesktop.org/shared-mime-info-spec/shared-mime-info-spec-latest.html">XDG Shared MIME-info specification</link> and the + <link xlink:href="https://specifications.freedesktop.org/mime-apps-spec/mime-apps-spec-latest.html">XDG MIME Applications specification</link>. + ''; + }; + }; + + config = mkIf config.xdg.mime.enable { + environment.pathsToLink = [ "/share/mime" ]; + + environment.systemPackages = [ + # this package also installs some useful data, as well as its utilities + pkgs.shared-mime-info + ]; + + environment.extraSetup = '' + if [ -w $out/share/mime ]; then + XDG_DATA_DIRS=$out/share ${pkgs.shared-mime-info}/bin/update-mime-database -V $out/share/mime > /dev/null + fi + + if [ -w $out/share/applications ]; then + ${pkgs.desktop-file-utils}/bin/update-desktop-database $out/share/applications + fi + ''; + }; + +} diff --git a/nixos/modules/installer/cd-dvd/installation-cd-base.nix b/nixos/modules/installer/cd-dvd/installation-cd-base.nix index 1453e8082b0d..24070a786945 100644 --- a/nixos/modules/installer/cd-dvd/installation-cd-base.nix +++ b/nixos/modules/installer/cd-dvd/installation-cd-base.nix @@ -16,7 +16,7 @@ with lib; ]; # ISO naming. - isoImage.isoName = "${config.isoImage.isoBaseName}-${config.system.nixos.label}-${pkgs.stdenv.system}.iso"; + isoImage.isoName = "${config.isoImage.isoBaseName}-${config.system.nixos.label}-${pkgs.stdenv.hostPlatform.system}.iso"; isoImage.volumeID = substring 0 11 "NIXOS_ISO"; diff --git a/nixos/modules/installer/cd-dvd/sd-image-aarch64.nix b/nixos/modules/installer/cd-dvd/sd-image-aarch64.nix index bd6cf029967c..86e19f3da562 100644 --- a/nixos/modules/installer/cd-dvd/sd-image-aarch64.nix +++ b/nixos/modules/installer/cd-dvd/sd-image-aarch64.nix @@ -16,7 +16,8 @@ in ]; assertions = lib.singleton { - assertion = pkgs.stdenv.system == "aarch64-linux"; + assertion = pkgs.stdenv.hostPlatform.system == "aarch64-linux" + && pkgs.stdenv.hostPlatform.system == pkgs.stdenv.buildPlatform.system; message = "sd-image-aarch64.nix can be only built natively on Aarch64 / ARM64; " + "it cannot be cross compiled"; }; diff --git a/nixos/modules/installer/cd-dvd/sd-image-armv7l-multiplatform.nix b/nixos/modules/installer/cd-dvd/sd-image-armv7l-multiplatform.nix index 0c89eb533359..695c79ca1707 100644 --- a/nixos/modules/installer/cd-dvd/sd-image-armv7l-multiplatform.nix +++ b/nixos/modules/installer/cd-dvd/sd-image-armv7l-multiplatform.nix @@ -16,7 +16,8 @@ in ]; assertions = lib.singleton { - assertion = pkgs.stdenv.system == "armv7l-linux"; + assertion = pkgs.stdenv.hostPlatform.system == "armv7l-linux" + && pkgs.stdenv.hostPlatform.system == pkgs.stdenv.buildPlatform.system; message = "sd-image-armv7l-multiplatform.nix can be only built natively on ARMv7; " + "it cannot be cross compiled"; }; diff --git a/nixos/modules/installer/cd-dvd/sd-image-raspberrypi.nix b/nixos/modules/installer/cd-dvd/sd-image-raspberrypi.nix index 78ea3f1a205c..e395b265d15e 100644 --- a/nixos/modules/installer/cd-dvd/sd-image-raspberrypi.nix +++ b/nixos/modules/installer/cd-dvd/sd-image-raspberrypi.nix @@ -16,7 +16,8 @@ in ]; assertions = lib.singleton { - assertion = pkgs.stdenv.system == "armv6l-linux"; + assertion = pkgs.stdenv.hostPlatform.system == "armv6l-linux" + && pkgs.stdenv.hostPlatform.system == pkgs.stdenv.buildPlatform.system; message = "sd-image-raspberrypi.nix can be only built natively on ARMv6; " + "it cannot be cross compiled"; }; diff --git a/nixos/modules/installer/cd-dvd/sd-image.nix b/nixos/modules/installer/cd-dvd/sd-image.nix index 2371be9d89a1..b6e1d11c2b54 100644 --- a/nixos/modules/installer/cd-dvd/sd-image.nix +++ b/nixos/modules/installer/cd-dvd/sd-image.nix @@ -22,7 +22,7 @@ in { options.sdImage = { imageName = mkOption { - default = "${config.sdImage.imageBaseName}-${config.system.nixos.label}-${pkgs.stdenv.system}.img"; + default = "${config.sdImage.imageBaseName}-${config.system.nixos.label}-${pkgs.stdenv.hostPlatform.system}.img"; description = '' Name of the generated image file. ''; @@ -102,7 +102,7 @@ in mkdir -p $out/nix-support $out/sd-image export img=$out/sd-image/${config.sdImage.imageName} - echo "${pkgs.stdenv.system}" > $out/nix-support/system + echo "${pkgs.stdenv.buildPlatform.system}" > $out/nix-support/system echo "file sd-image $img" >> $out/nix-support/hydra-build-products # Create the image file sized to fit /boot and /, plus 20M of slack diff --git a/nixos/modules/installer/netboot/netboot.nix b/nixos/modules/installer/netboot/netboot.nix index ea640173c6dd..303d9fce3f9a 100644 --- a/nixos/modules/installer/netboot/netboot.nix +++ b/nixos/modules/installer/netboot/netboot.nix @@ -25,7 +25,7 @@ with lib; # !!! Hack - attributes expected by other modules. environment.systemPackages = [ pkgs.grub2_efi ] - ++ (if pkgs.stdenv.system == "aarch64-linux" + ++ (if pkgs.stdenv.hostPlatform.system == "aarch64-linux" then [] else [ pkgs.grub2 pkgs.syslinux ]); diff --git a/nixos/modules/installer/tools/nixos-generate-config.pl b/nixos/modules/installer/tools/nixos-generate-config.pl index bb201d97ded1..04678c919c22 100644..100755 --- a/nixos/modules/installer/tools/nixos-generate-config.pl +++ b/nixos/modules/installer/tools/nixos-generate-config.pl @@ -574,6 +574,10 @@ $bootLoaderConfig # networking.hostName = "nixos"; # Define your hostname. # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. + # Configure network proxy if necessary + # networking.proxy.default = "http://user:password@proxy:port/"; + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + # Select internationalisation properties. # i18n = { # consoleFont = "Lat2-Terminus16"; diff --git a/nixos/modules/misc/documentation.nix b/nixos/modules/misc/documentation.nix index b482a5a67523..e6ccda5d7f40 100644 --- a/nixos/modules/misc/documentation.nix +++ b/nixos/modules/misc/documentation.nix @@ -82,6 +82,14 @@ let cfg = config.documentation; in environment.systemPackages = [ pkgs.texinfoInteractive ]; environment.pathsToLink = [ "/share/info" ]; environment.extraOutputsToInstall = [ "info" ] ++ optional cfg.dev.enable "devinfo"; + environment.extraSetup = '' + if [ -w $out/share/info ]; then + shopt -s nullglob + for i in $out/share/info/*.info $out/share/info/*.info.gz; do + ${pkgs.texinfo}/bin/install-info $i $out/share/info/dir + done + fi + ''; }) (mkIf cfg.doc.enable { diff --git a/nixos/modules/misc/ids.nix b/nixos/modules/misc/ids.nix index 0928e368d80f..8292cdc995e0 100644 --- a/nixos/modules/misc/ids.nix +++ b/nixos/modules/misc/ids.nix @@ -328,6 +328,7 @@ qemu-libvirtd = 301; # kvm = 302; # unused # render = 303; # unused + zeronet = 304; # When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399! @@ -616,6 +617,7 @@ qemu-libvirtd = 301; kvm = 302; # default udev rules from systemd requires these render = 303; # default udev rules from systemd requires these + zeronet = 304; # When adding a gid, make sure it doesn't match an existing # uid. Users and groups with the same name should have equal diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 12944857af4e..4795922abcfb 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -7,6 +7,10 @@ ./config/fonts/fontdir.nix ./config/fonts/fonts.nix ./config/fonts/ghostscript.nix + ./config/xdg/autostart.nix + ./config/xdg/icons.nix + ./config/xdg/menus.nix + ./config/xdg/mime.nix ./config/gnu.nix ./config/i18n.nix ./config/iproute2.nix @@ -417,6 +421,7 @@ ./services/monitoring/graphite.nix ./services/monitoring/hdaps.nix ./services/monitoring/heapster.nix + ./services/monitoring/incron.nix ./services/monitoring/longview.nix ./services/monitoring/monit.nix ./services/monitoring/munin.nix @@ -615,6 +620,7 @@ ./services/networking/xl2tpd.nix ./services/networking/xrdp.nix ./services/networking/zerobin.nix + ./services/networking/zeronet.nix ./services/networking/zerotierone.nix ./services/networking/znc.nix ./services/printing/cupsd.nix diff --git a/nixos/modules/programs/environment.nix b/nixos/modules/programs/environment.nix index 3bac8d98990a..3c6d356ef998 100644 --- a/nixos/modules/programs/environment.nix +++ b/nixos/modules/programs/environment.nix @@ -40,7 +40,6 @@ in GTK_PATH = [ "/lib/gtk-2.0" "/lib/gtk-3.0" ]; XDG_CONFIG_DIRS = [ "/etc/xdg" ]; XDG_DATA_DIRS = [ "/share" ]; - XCURSOR_PATH = [ "/share/icons" ]; MOZ_PLUGIN_PATH = [ "/lib/mozilla/plugins" ]; LIBEXEC_PATH = [ "/lib/libexec" ]; }; diff --git a/nixos/modules/services/misc/gitea.nix b/nixos/modules/services/misc/gitea.nix index dc63f1a6c052..a222325579fe 100644 --- a/nixos/modules/services/misc/gitea.nix +++ b/nixos/modules/services/misc/gitea.nix @@ -283,7 +283,7 @@ in mkdir -p ${cfg.repositoryRoot} # update all hooks' binary paths - HOOKS=$(find ${cfg.repositoryRoot} -mindepth 4 -maxdepth 5 -type f -wholename "*git/hooks/*") + HOOKS=$(find ${cfg.repositoryRoot} -mindepth 4 -maxdepth 6 -type f -wholename "*git/hooks/*") if [ "$HOOKS" ] then sed -ri 's,/nix/store/[a-z0-9.-]+/bin/gitea,${gitea.bin}/bin/gitea,g' $HOOKS diff --git a/nixos/modules/services/misc/gitit.nix b/nixos/modules/services/misc/gitit.nix index 0025d96bd37b..1ec030549f98 100644 --- a/nixos/modules/services/misc/gitit.nix +++ b/nixos/modules/services/misc/gitit.nix @@ -10,7 +10,7 @@ let toYesNo = b: if b then "yes" else "no"; - gititShared = with cfg.haskellPackages; gitit + "/share/" + pkgs.stdenv.system + "-" + ghc.name + "/" + gitit.pname + "-" + gitit.version; + gititShared = with cfg.haskellPackages; gitit + "/share/" + pkgs.stdenv.hostPlatform.system + "-" + ghc.name + "/" + gitit.pname + "-" + gitit.version; gititWithPkgs = hsPkgs: extras: hsPkgs.ghcWithPackages (self: with self; [ gitit ] ++ (extras self)); diff --git a/nixos/modules/services/monitoring/incron.nix b/nixos/modules/services/monitoring/incron.nix new file mode 100644 index 000000000000..1789fd9f2051 --- /dev/null +++ b/nixos/modules/services/monitoring/incron.nix @@ -0,0 +1,98 @@ + +{ config, lib, pkgs, ... }: + +with lib; + +let + + cfg = config.services.incron; + +in + +{ + options = { + + services.incron = { + + enable = mkOption { + type = types.bool; + default = false; + description = '' + Whether to enable the incron daemon. + + Note that commands run under incrontab only support common Nix profiles for the <envar>PATH</envar> provided variable. + ''; + }; + + allow = mkOption { + type = types.nullOr (types.listOf types.str); + default = null; + description = '' + Users allowed to use incrontab. + + If empty then no user will be allowed to have their own incrontab. + If <literal>null</literal> then will defer to <option>deny</option>. + If both <option>allow</option> and <option>deny</option> are null + then all users will be allowed to have their own incrontab. + ''; + }; + + deny = mkOption { + type = types.nullOr (types.listOf types.str); + default = null; + description = "Users forbidden from using incrontab."; + }; + + systab = mkOption { + type = types.lines; + default = ""; + description = "The system incrontab contents."; + example = '' + /var/mail IN_CLOSE_WRITE abc $@/$# + /tmp IN_ALL_EVENTS efg $@/$# $& + ''; + }; + + extraPackages = mkOption { + type = types.listOf types.package; + default = []; + example = literalExample "[ pkgs.rsync ]"; + description = "Extra packages available to the system incrontab."; + }; + + }; + + }; + + config = mkIf cfg.enable { + + warnings = optional (cfg.allow != null && cfg.deny != null) + ''If `services.incron.allow` is set then `services.incron.deny` will be ignored.''; + + environment.systemPackages = [ pkgs.incron ]; + + security.wrappers.incrontab.source = "${pkgs.incron}/bin/incrontab"; + + # incron won't read symlinks + environment.etc."incron.d/system" = { + mode = "0444"; + text = cfg.systab; + }; + environment.etc."incron.allow" = mkIf (cfg.allow != null) { + text = concatStringsSep "\n" cfg.allow; + }; + environment.etc."incron.deny" = mkIf (cfg.deny != null) { + text = concatStringsSep "\n" cfg.deny; + }; + + systemd.services.incron = { + description = "File System Events Scheduler"; + wantedBy = [ "multi-user.target" ]; + path = cfg.extraPackages; + serviceConfig.PIDFile = "/run/incrond.pid"; + serviceConfig.ExecStartPre = "${pkgs.coreutils}/bin/mkdir -m 710 -p /var/spool/incron"; + serviceConfig.ExecStart = "${pkgs.incron}/bin/incrond --foreground"; + }; + }; + +} diff --git a/nixos/modules/services/networking/vsftpd.nix b/nixos/modules/services/networking/vsftpd.nix index 1f9107c3ce9c..31e1e65fa9ca 100644 --- a/nixos/modules/services/networking/vsftpd.nix +++ b/nixos/modules/services/networking/vsftpd.nix @@ -99,7 +99,7 @@ let nopriv_user=vsftpd secure_chroot_dir=/var/empty syslog_enable=YES - ${optionalString (pkgs.stdenv.system == "x86_64-linux") '' + ${optionalString (pkgs.stdenv.hostPlatform.system == "x86_64-linux") '' seccomp_sandbox=NO ''} anon_umask=${cfg.anonymousUmask} diff --git a/nixos/modules/services/networking/xrdp.nix b/nixos/modules/services/networking/xrdp.nix index 0e882873b4ba..61f22a366a02 100644 --- a/nixos/modules/services/networking/xrdp.nix +++ b/nixos/modules/services/networking/xrdp.nix @@ -93,10 +93,14 @@ in config = mkIf cfg.enable { - # copied from <nixos/modules/services/x11/xserver.nix> # xrdp can run X11 program even if "services.xserver.enable = false" - environment.pathsToLink = - [ "/etc/xdg" "/share/xdg" "/share/applications" "/share/icons" "/share/pixmaps" ]; + xdg = { + autostart.enable = true; + menus.enable = true; + mime.enable = true; + icons.enable = true; + }; + fonts.enableDefaultFonts = mkDefault true; systemd = { diff --git a/nixos/modules/services/networking/zeronet.nix b/nixos/modules/services/networking/zeronet.nix new file mode 100644 index 000000000000..2377cb2c8f11 --- /dev/null +++ b/nixos/modules/services/networking/zeronet.nix @@ -0,0 +1,102 @@ +{ config, lib, pkgs, ... }: + +let + cfg = config.services.zeronet; + + zConfFile = pkgs.writeTextFile { + name = "zeronet.conf"; + + text = '' + [global] + data_dir = ${cfg.dataDir} + log_dir = ${cfg.logDir} + '' + lib.optionalString (cfg.port != null) '' + ui_port = ${toString cfg.port} + '' + cfg.extraConfig; + }; +in with lib; { + options.services.zeronet = { + enable = mkEnableOption "zeronet"; + + dataDir = mkOption { + type = types.path; + default = "/var/lib/zeronet"; + example = "/home/okina/zeronet"; + description = "Path to the zeronet data directory."; + }; + + logDir = mkOption { + type = types.path; + default = "/var/log/zeronet"; + example = "/home/okina/zeronet/log"; + description = "Path to the zeronet log directory."; + }; + + port = mkOption { + type = types.nullOr types.int; + default = null; + example = 15441; + description = "Optional zeronet port."; + }; + + tor = mkOption { + type = types.bool; + default = false; + description = "Use TOR for all zeronet traffic."; + }; + + extraConfig = mkOption { + type = types.lines; + default = ""; + + description = '' + Extra configuration. Contents will be added verbatim to the + configuration file at the end. + ''; + }; + }; + + config = mkIf cfg.enable { + services.tor = mkIf cfg.tor { + enable = true; + controlPort = 9051; + extraConfig = "CookieAuthentication 1"; + }; + + systemd.services.zeronet = { + description = "zeronet"; + after = [ "network.target" (optionalString cfg.tor "tor.service") ]; + wantedBy = [ "multi-user.target" ]; + + preStart = '' + # Ensure folder exists or create it and permissions are correct + mkdir -p ${escapeShellArg cfg.dataDir} ${escapeShellArg cfg.logDir} + chmod 750 ${escapeShellArg cfg.dataDir} ${escapeShellArg cfg.logDir} + chown zeronet:zeronet ${escapeShellArg cfg.dataDir} ${escapeShellArg cfg.logDir} + ''; + + serviceConfig = { + PermissionsStartOnly = true; + PrivateTmp = "yes"; + User = "zeronet"; + Group = "zeronet"; + ExecStart = "${pkgs.zeronet}/bin/zeronet --config_file ${zConfFile}"; + }; + }; + + users = { + groups.zeronet.gid = config.ids.gids.zeronet; + + users.zeronet = { + description = "zeronet service user"; + home = cfg.dataDir; + createHome = true; + group = "zeronet"; + extraGroups = mkIf cfg.tor [ "tor" ]; + uid = config.ids.uids.zeronet; + }; + }; + }; + + meta.maintainers = with maintainers; [ chiiruno ]; +} diff --git a/nixos/modules/services/security/usbguard.nix b/nixos/modules/services/security/usbguard.nix index 5d469cabe2cb..88d2f69db572 100644 --- a/nixos/modules/services/security/usbguard.nix +++ b/nixos/modules/services/security/usbguard.nix @@ -188,11 +188,14 @@ in { wants = [ "systemd-udevd.service" "local-fs.target" ]; # make sure an empty rule file and required directories exist - preStart = ''mkdir -p $(dirname "${cfg.ruleFile}") "${cfg.IPCAccessControlFiles}" && ([ -f "${cfg.ruleFile}" ] || touch ${cfg.ruleFile})''; + preStart = '' + mkdir -p $(dirname "${cfg.ruleFile}") $(dirname "${cfg.auditFilePath}") "${cfg.IPCAccessControlFiles}" \ + && ([ -f "${cfg.ruleFile}" ] || touch ${cfg.ruleFile}) + ''; serviceConfig = { Type = "simple"; - ExecStart = ''${pkgs.usbguard}/bin/usbguard-daemon -P -d -k -c ${daemonConfFile}''; + ExecStart = ''${pkgs.usbguard}/bin/usbguard-daemon -P -k -c ${daemonConfFile}''; Restart = "on-failure"; }; }; diff --git a/nixos/modules/services/torrent/transmission.nix b/nixos/modules/services/torrent/transmission.nix index 96413d2dd563..719eb76f42c2 100644 --- a/nixos/modules/services/torrent/transmission.nix +++ b/nixos/modules/services/torrent/transmission.nix @@ -142,6 +142,7 @@ in ${getLib pkgs.attr}/lib/libattr*.so* mr, ${getLib pkgs.lz4}/lib/liblz4*.so* mr, ${getLib pkgs.libkrb5}/lib/lib*.so* mr, + ${getLib pkgs.keyutils}/lib/libkeyutils*.so* mr, @{PROC}/sys/kernel/random/uuid r, @{PROC}/sys/vm/overcommit_memory r, diff --git a/nixos/modules/services/web-servers/nginx/default.nix b/nixos/modules/services/web-servers/nginx/default.nix index 17b169f7c696..b231ee5a3f01 100644 --- a/nixos/modules/services/web-servers/nginx/default.nix +++ b/nixos/modules/services/web-servers/nginx/default.nix @@ -16,9 +16,11 @@ let } // (optionalAttrs vhostConfig.enableACME { sslCertificate = "${acmeDirectory}/${serverName}/fullchain.pem"; sslCertificateKey = "${acmeDirectory}/${serverName}/key.pem"; + sslTrustedCertificate = "${acmeDirectory}/${serverName}/full.pem"; }) // (optionalAttrs (vhostConfig.useACMEHost != null) { sslCertificate = "${acmeDirectory}/${vhostConfig.useACMEHost}/fullchain.pem"; sslCertificateKey = "${acmeDirectory}/${vhostConfig.useACMEHost}/key.pem"; + sslTrustedCertificate = "${acmeDirectory}/${vhostConfig.useACMEHost}/full.pem"; }) ) cfg.virtualHosts; enableIPv6 = config.networking.enableIPv6; @@ -228,6 +230,9 @@ let ssl_certificate ${vhost.sslCertificate}; ssl_certificate_key ${vhost.sslCertificateKey}; ''} + ${optionalString (hasSSL && vhost.sslTrustedCertificate != null) '' + ssl_trusted_certificate ${vhost.sslTrustedCertificate}; + ''} ${optionalString (vhost.basicAuthFile != null || vhost.basicAuth != {}) '' auth_basic secured; diff --git a/nixos/modules/services/web-servers/nginx/vhost-options.nix b/nixos/modules/services/web-servers/nginx/vhost-options.nix index 1075b00768fd..6954d932eed4 100644 --- a/nixos/modules/services/web-servers/nginx/vhost-options.nix +++ b/nixos/modules/services/web-servers/nginx/vhost-options.nix @@ -129,6 +129,13 @@ with lib; description = "Path to server SSL certificate key."; }; + sslTrustedCertificate = mkOption { + type = types.path; + default = null; + example = "/var/root.cert"; + description = "Path to root SSL certificate for stapling and client certificates."; + }; + http2 = mkOption { type = types.bool; default = true; diff --git a/nixos/modules/services/x11/desktop-managers/enlightenment.nix b/nixos/modules/services/x11/desktop-managers/enlightenment.nix index da3287aaea6e..6fa3ec3b9255 100644 --- a/nixos/modules/services/x11/desktop-managers/enlightenment.nix +++ b/nixos/modules/services/x11/desktop-managers/enlightenment.nix @@ -33,12 +33,17 @@ in pkgs.xorg.xauth # used by kdesu pkgs.gtk2 # To get GTK+'s themes. pkgs.tango-icon-theme - pkgs.shared-mime-info + pkgs.gnome2.gnomeicontheme pkgs.xorg.xcursorthemes ]; - environment.pathsToLink = [ "/etc/enlightenment" "/etc/xdg" "/share/enlightenment" "/share/elementary" "/share/applications" "/share/locale" "/share/icons" "/share/themes" "/share/mime" "/share/desktop-directories" ]; + environment.pathsToLink = [ + "/etc/enlightenment" + "/share/enlightenment" + "/share/elementary" + "/share/locale" + ]; services.xserver.desktopManager.session = [ { name = "Enlightenment"; diff --git a/nixos/modules/services/x11/desktop-managers/gnome3.nix b/nixos/modules/services/x11/desktop-managers/gnome3.nix index c339d24b098a..faf5214130db 100644 --- a/nixos/modules/services/x11/desktop-managers/gnome3.nix +++ b/nixos/modules/services/x11/desktop-managers/gnome3.nix @@ -33,10 +33,10 @@ let chmod -R a+w $out/share/gsettings-schemas/nixos-gsettings-overrides cat - > $out/share/gsettings-schemas/nixos-gsettings-overrides/glib-2.0/schemas/nixos-defaults.gschema.override <<- EOF [org.gnome.desktop.background] - picture-uri='${pkgs.nixos-artwork.wallpapers.gnome-dark}/share/artwork/gnome/Gnome_Dark.png' + picture-uri='${pkgs.nixos-artwork.wallpapers.simple-dark-gray}/share/artwork/gnome/nix-wallpaper-simple-dark-gray.png' [org.gnome.desktop.screensaver] - picture-uri='${pkgs.nixos-artwork.wallpapers.gnome-dark}/share/artwork/gnome/Gnome_Dark.png' + picture-uri='${pkgs.nixos-artwork.wallpapers.simple-dark-gray-bottom}/share/artwork/gnome/nix-wallpaper-simple-dark-gray_bottom.png' ${cfg.extraGSettingsOverrides} EOF @@ -132,6 +132,7 @@ in { fonts.fonts = [ pkgs.dejavu_fonts pkgs.cantarell-fonts ]; + services.xserver.displayManager.gdm.enable = mkDefault true; services.xserver.displayManager.extraSessionFilePackages = [ pkgs.gnome3.gnome-session ]; services.xserver.displayManager.sessionCommands = '' @@ -161,6 +162,8 @@ in { # TODO: Create nautilus-with-extensions package environment.variables.NAUTILUS_EXTENSION_DIR = "${config.system.path}/lib/nautilus/extensions-3.0"; + services.xserver.updateDbusEnvironment = true; + environment.variables.GIO_EXTRA_MODULES = [ "${lib.getLib pkgs.gnome3.dconf}/lib/gio/modules" "${pkgs.gnome3.glib-networking.out}/lib/gio/modules" "${pkgs.gnome3.gvfs}/lib/gio/modules" ]; diff --git a/nixos/modules/services/x11/desktop-managers/lumina.nix b/nixos/modules/services/x11/desktop-managers/lumina.nix index 5fe84cfb82ec..43fed2572b51 100644 --- a/nixos/modules/services/x11/desktop-managers/lumina.nix +++ b/nixos/modules/services/x11/desktop-managers/lumina.nix @@ -41,9 +41,8 @@ in # Link some extra directories in /run/current-system/software/share environment.pathsToLink = [ - "/share/desktop-directories" - "/share/icons" "/share/lumina" + # FIXME: modules should link subdirs of `/share` rather than relying on this "/share" ]; diff --git a/nixos/modules/services/x11/desktop-managers/plasma5.nix b/nixos/modules/services/x11/desktop-managers/plasma5.nix index 83d1957a646a..d1cb962f6ff8 100644 --- a/nixos/modules/services/x11/desktop-managers/plasma5.nix +++ b/nixos/modules/services/x11/desktop-managers/plasma5.nix @@ -174,7 +174,10 @@ in ++ lib.optional config.services.colord.enable colord-kde ++ lib.optionals config.services.samba.enable [ kdenetwork-filesharing pkgs.samba ]; - environment.pathsToLink = [ "/share" ]; + environment.pathsToLink = [ + # FIXME: modules should link subdirs of `/share` rather than relying on this + "/share" + ]; environment.etc = singleton { source = xcfg.xkbDir; diff --git a/nixos/modules/services/x11/desktop-managers/xfce.nix b/nixos/modules/services/x11/desktop-managers/xfce.nix index ae155470419d..75b9a76e1924 100644 --- a/nixos/modules/services/x11/desktop-managers/xfce.nix +++ b/nixos/modules/services/x11/desktop-managers/xfce.nix @@ -59,9 +59,6 @@ in tango-icon-theme xfce4-icon-theme - desktop-file-utils - shared-mime-info - # Needed by Xfce's xinitrc script # TODO: replace with command -v which @@ -100,8 +97,6 @@ in environment.pathsToLink = [ "/share/xfce4" "/share/themes" - "/share/mime" - "/share/desktop-directories" "/share/gtksourceview-2.0" ]; diff --git a/nixos/modules/services/x11/display-managers/auto.nix b/nixos/modules/services/x11/display-managers/auto.nix index d2aae64bf225..ec419eea0677 100644 --- a/nixos/modules/services/x11/display-managers/auto.nix +++ b/nixos/modules/services/x11/display-managers/auto.nix @@ -41,10 +41,12 @@ in config = mkIf cfg.enable { - services.xserver.displayManager.slim = { + services.xserver.displayManager.lightdm = { enable = true; - autoLogin = true; - defaultUser = cfg.user; + autoLogin = { + enable = true; + user = cfg.user; + }; }; }; diff --git a/nixos/modules/services/x11/display-managers/gdm.nix b/nixos/modules/services/x11/display-managers/gdm.nix index 78dc39f7f62f..a775dd0f0e04 100644 --- a/nixos/modules/services/x11/display-managers/gdm.nix +++ b/nixos/modules/services/x11/display-managers/gdm.nix @@ -87,7 +87,7 @@ in } ]; - services.xserver.displayManager.slim.enable = false; + services.xserver.displayManager.lightdm.enable = false; users.users.gdm = { name = "gdm"; diff --git a/nixos/modules/services/x11/display-managers/lightdm.nix b/nixos/modules/services/x11/display-managers/lightdm.nix index dc82f7086c82..cd9c3d81a0fb 100644 --- a/nixos/modules/services/x11/display-managers/lightdm.nix +++ b/nixos/modules/services/x11/display-managers/lightdm.nix @@ -115,7 +115,7 @@ in background = mkOption { type = types.str; - default = "${pkgs.nixos-artwork.wallpapers.gnome-dark}/share/artwork/gnome/Gnome_Dark.png"; + default = "${pkgs.nixos-artwork.wallpapers.simple-dark-gray-bottom}/share/artwork/gnome/nix-wallpaper-simple-dark-gray_bottom.png"; description = '' The background image or color to use. ''; @@ -191,8 +191,6 @@ in } ]; - services.xserver.displayManager.slim.enable = false; - services.xserver.displayManager.job = { logToFile = true; diff --git a/nixos/modules/services/x11/display-managers/sddm.nix b/nixos/modules/services/x11/display-managers/sddm.nix index 2b03ed81b5ed..1635c0f9acc5 100644 --- a/nixos/modules/services/x11/display-managers/sddm.nix +++ b/nixos/modules/services/x11/display-managers/sddm.nix @@ -206,8 +206,6 @@ in } ]; - services.xserver.displayManager.slim.enable = false; - services.xserver.displayManager.job = { logToFile = true; diff --git a/nixos/modules/services/x11/display-managers/slim.nix b/nixos/modules/services/x11/display-managers/slim.nix index 51ce5f4e2437..4e411c8ceb0b 100644 --- a/nixos/modules/services/x11/display-managers/slim.nix +++ b/nixos/modules/services/x11/display-managers/slim.nix @@ -49,7 +49,7 @@ in enable = mkOption { type = types.bool; - default = config.services.xserver.enable; + default = false; description = '' Whether to enable SLiM as the display manager. ''; diff --git a/nixos/modules/services/x11/xserver.nix b/nixos/modules/services/x11/xserver.nix index b45e510f6b83..75bfeaac1fa3 100644 --- a/nixos/modules/services/x11/xserver.nix +++ b/nixos/modules/services/x11/xserver.nix @@ -535,6 +535,15 @@ in config = mkIf cfg.enable { + services.xserver.displayManager.lightdm.enable = + let dmconf = cfg.displayManager; + default = !( dmconf.auto.enable + || dmconf.gdm.enable + || dmconf.sddm.enable + || dmconf.slim.enable + || dmconf.xpra.enable ); + in mkIf (default) true; + hardware.opengl.enable = mkDefault true; services.xserver.videoDrivers = mkIf (cfg.videoDriver != null) [ cfg.videoDriver ]; @@ -616,8 +625,12 @@ in ] ++ optional (elem "virtualbox" cfg.videoDrivers) xorg.xrefresh; - environment.pathsToLink = - [ "/etc/xdg" "/share/xdg" "/share/applications" "/share/icons" "/share/pixmaps" ]; + xdg = { + autostart.enable = true; + menus.enable = true; + mime.enable = true; + icons.enable = true; + }; # The default max inotify watches is 8192. # Nowadays most apps require a good number of inotify watches, diff --git a/nixos/modules/system/activation/top-level.nix b/nixos/modules/system/activation/top-level.nix index 9d410a8b9ca4..fff88e2c2bf3 100644 --- a/nixos/modules/system/activation/top-level.nix +++ b/nixos/modules/system/activation/top-level.nix @@ -162,6 +162,13 @@ in description = '' Additional configurations to build based on the current configuration which then has a lower priority. + + To switch to a cloned configuration (e.g. <literal>child-1</literal>) + at runtime, run + + <programlisting> + # sudo /run/current-system/fine-tune/child-1/bin/switch-to-configuration test + </programlisting> ''; }; diff --git a/nixos/modules/system/boot/loader/grub/grub.nix b/nixos/modules/system/boot/loader/grub/grub.nix index 42da65857221..3a33b3f65d36 100644 --- a/nixos/modules/system/boot/loader/grub/grub.nix +++ b/nixos/modules/system/boot/loader/grub/grub.nix @@ -38,6 +38,8 @@ let in pkgs.writeText "grub-config.xml" (builtins.toXML { splashImage = f cfg.splashImage; + splashMode = f cfg.splashMode; + backgroundColor = f cfg.backgroundColor; grub = f grub; grubTarget = f (grub.grubTarget or ""); shell = "${pkgs.runtimeShell}"; @@ -80,6 +82,8 @@ let "--output" "$out" ] ++ (optional (cfg.fontSize!=null) "--size ${toString cfg.fontSize}"))) ); + + defaultSplash = "${pkgs.nixos-artwork.wallpapers.simple-dark-gray-bootloader}/share/artwork/gnome/nix-wallpaper-simple-dark-gray_bootloader.png"; in { @@ -328,6 +332,31 @@ in ''; }; + backgroundColor = mkOption { + type = types.nullOr types.string; + example = "#7EBAE4"; + default = null; + description = '' + Background color to be used for GRUB to fill the areas the image isn't filling. + + <note><para> + This options has no effect for GRUB 1. + </para></note> + ''; + }; + + splashMode = mkOption { + type = types.enum [ "normal" "stretch" ]; + default = "stretch"; + description = '' + Whether to stretch the image or show the image in the top-left corner unstretched. + + <note><para> + This options has no effect for GRUB 1. + </para></note> + ''; + }; + font = mkOption { type = types.nullOr types.path; default = "${realGrub}/share/grub/unicode.pf2"; @@ -531,9 +560,14 @@ in sha256 = "14kqdx2lfqvh40h6fjjzqgff1mwk74dmbjvmqphi6azzra7z8d59"; } # GRUB 1.97 doesn't support gzipped XPMs. - else "${pkgs.nixos-artwork.wallpapers.gnome-dark}/share/artwork/gnome/Gnome_Dark.png"); + else defaultSplash); } + (mkIf (cfg.splashImage == defaultSplash) { + boot.loader.grub.backgroundColor = mkDefault "#2F302F"; + boot.loader.grub.splashMode = mkDefault "normal"; + }) + (mkIf cfg.enable { boot.loader.grub.devices = optional (cfg.device != "") cfg.device; diff --git a/nixos/modules/system/boot/loader/grub/install-grub.pl b/nixos/modules/system/boot/loader/grub/install-grub.pl index d1ff6e6bf525..ea6e56892cb3 100644 --- a/nixos/modules/system/boot/loader/grub/install-grub.pl +++ b/nixos/modules/system/boot/loader/grub/install-grub.pl @@ -51,6 +51,8 @@ my $extraEntries = get("extraEntries"); my $extraEntriesBeforeNixOS = get("extraEntriesBeforeNixOS") eq "true"; my $extraInitrd = get("extraInitrd"); my $splashImage = get("splashImage"); +my $splashMode = get("splashMode"); +my $backgroundColor = get("backgroundColor"); my $configurationLimit = int(get("configurationLimit")); my $copyKernels = get("copyKernels") eq "true"; my $timeout = int(get("timeout")); @@ -307,10 +309,15 @@ else { if ($suffix eq ".jpg") { $suffix = ".jpeg"; } + if ($backgroundColor) { + $conf .= " + background_color '$backgroundColor' + "; + } copy $splashImage, "$bootPath/background$suffix" or die "cannot copy $splashImage to $bootPath\n"; $conf .= " insmod " . substr($suffix, 1) . " - if background_image " . $grubBoot->path . "/background$suffix; then + if background_image --mode '$splashMode' " . $grubBoot->path . "/background$suffix; then set color_normal=white/black set color_highlight=black/white else diff --git a/nixos/modules/system/boot/luksroot.nix b/nixos/modules/system/boot/luksroot.nix index 27c1f891f485..ed8b9f01e275 100644 --- a/nixos/modules/system/boot/luksroot.nix +++ b/nixos/modules/system/boot/luksroot.nix @@ -324,7 +324,7 @@ in [ "aes" "aes_generic" "blowfish" "twofish" "serpent" "cbc" "xts" "lrw" "sha1" "sha256" "sha512" - (if pkgs.stdenv.system == "x86_64-linux" then "aes_x86_64" else "aes_i586") + (if pkgs.stdenv.hostPlatform.system == "x86_64-linux" then "aes_x86_64" else "aes_i586") ]; description = '' A list of cryptographic kernel modules needed to decrypt the root device(s). diff --git a/nixos/modules/system/boot/stage-1-init.sh b/nixos/modules/system/boot/stage-1-init.sh index de8451bbe31b..3bc33a20a09f 100644 --- a/nixos/modules/system/boot/stage-1-init.sh +++ b/nixos/modules/system/boot/stage-1-init.sh @@ -263,6 +263,13 @@ checkFS() { return 0 fi + # Device might be already mounted manually + # e.g. NBD-device or the host filesystem of the file which contains encrypted root fs + if mount | grep -q "^$device on "; then + echo "skip checking already mounted $device" + return 0 + fi + # Optionally, skip fsck on journaling filesystems. This option is # a hack - it's mostly because e2fsck on ext3 takes much longer to # recover the journal than the ext3 implementation in the kernel diff --git a/nixos/modules/virtualisation/azure-agent.nix b/nixos/modules/virtualisation/azure-agent.nix index b7ab54aab7ec..770cefbcd511 100644 --- a/nixos/modules/virtualisation/azure-agent.nix +++ b/nixos/modules/virtualisation/azure-agent.nix @@ -77,7 +77,7 @@ in config = mkIf cfg.enable { assertions = [ { assertion = pkgs.stdenv.isi686 || pkgs.stdenv.isx86_64; - message = "Azure not currently supported on ${pkgs.stdenv.system}"; + message = "Azure not currently supported on ${pkgs.stdenv.hostPlatform.system}"; } { assertion = config.networking.networkmanager.enable == false; message = "Windows Azure Linux Agent is not compatible with NetworkManager"; diff --git a/nixos/modules/virtualisation/brightbox-image.nix b/nixos/modules/virtualisation/brightbox-image.nix index 39a655b4c104..e716982c510a 100644 --- a/nixos/modules/virtualisation/brightbox-image.nix +++ b/nixos/modules/virtualisation/brightbox-image.nix @@ -26,7 +26,7 @@ in rm $diskImageBase popd ''; - diskImageBase = "nixos-image-${config.system.nixos.label}-${pkgs.stdenv.system}.raw"; + diskImageBase = "nixos-image-${config.system.nixos.label}-${pkgs.stdenv.hostPlatform.system}.raw"; buildInputs = [ pkgs.utillinux pkgs.perl ]; exportReferencesGraph = [ "closure" config.system.build.toplevel ]; diff --git a/nixos/modules/virtualisation/google-compute-image.nix b/nixos/modules/virtualisation/google-compute-image.nix index de2c43b8a40a..4c7cffcf4557 100644 --- a/nixos/modules/virtualisation/google-compute-image.nix +++ b/nixos/modules/virtualisation/google-compute-image.nix @@ -14,7 +14,7 @@ in PATH=$PATH:${pkgs.stdenv.lib.makeBinPath [ pkgs.gnutar pkgs.gzip ]} pushd $out mv $diskImage disk.raw - tar -Szcf nixos-image-${config.system.nixos.label}-${pkgs.stdenv.system}.raw.tar.gz disk.raw + tar -Szcf nixos-image-${config.system.nixos.label}-${pkgs.stdenv.hostPlatform.system}.raw.tar.gz disk.raw rm $out/disk.raw popd ''; diff --git a/nixos/modules/virtualisation/virtualbox-guest.nix b/nixos/modules/virtualisation/virtualbox-guest.nix index 78c6f740788e..834b994e92d2 100644 --- a/nixos/modules/virtualisation/virtualbox-guest.nix +++ b/nixos/modules/virtualisation/virtualbox-guest.nix @@ -34,7 +34,7 @@ in config = mkIf cfg.enable (mkMerge [{ assertions = [{ assertion = pkgs.stdenv.isi686 || pkgs.stdenv.isx86_64; - message = "Virtualbox not currently supported on ${pkgs.stdenv.system}"; + message = "Virtualbox not currently supported on ${pkgs.stdenv.hostPlatform.system}"; }]; environment.systemPackages = [ kernel.virtualboxGuestAdditions ]; diff --git a/nixos/modules/virtualisation/virtualbox-image.nix b/nixos/modules/virtualisation/virtualbox-image.nix index 475852d1546c..60048911658c 100644 --- a/nixos/modules/virtualisation/virtualbox-image.nix +++ b/nixos/modules/virtualisation/virtualbox-image.nix @@ -26,21 +26,21 @@ in { }; vmDerivationName = mkOption { type = types.str; - default = "nixos-ova-${config.system.nixos.label}-${pkgs.stdenv.system}"; + default = "nixos-ova-${config.system.nixos.label}-${pkgs.stdenv.hostPlatform.system}"; description = '' The name of the derivation for the VirtualBox appliance. ''; }; vmName = mkOption { type = types.str; - default = "NixOS ${config.system.nixos.label} (${pkgs.stdenv.system})"; + default = "NixOS ${config.system.nixos.label} (${pkgs.stdenv.hostPlatform.system})"; description = '' The name of the VirtualBox appliance. ''; }; vmFileName = mkOption { type = types.str; - default = "nixos-${config.system.nixos.label}-${pkgs.stdenv.system}.ova"; + default = "nixos-${config.system.nixos.label}-${pkgs.stdenv.hostPlatform.system}.ova"; description = '' The file name of the VirtualBox appliance. ''; @@ -67,10 +67,10 @@ in { echo "creating VirtualBox VM..." vmName="${cfg.vmName}"; VBoxManage createvm --name "$vmName" --register \ - --ostype ${if pkgs.stdenv.system == "x86_64-linux" then "Linux26_64" else "Linux26"} + --ostype ${if pkgs.stdenv.hostPlatform.system == "x86_64-linux" then "Linux26_64" else "Linux26"} VBoxManage modifyvm "$vmName" \ --memory ${toString cfg.memorySize} --acpi on --vram 32 \ - ${optionalString (pkgs.stdenv.system == "i686-linux") "--pae on"} \ + ${optionalString (pkgs.stdenv.hostPlatform.system == "i686-linux") "--pae on"} \ --nictype1 virtio --nic1 nat \ --audiocontroller ac97 --audio alsa \ --rtcuseutc on \ diff --git a/nixos/modules/virtualisation/vmware-guest.nix b/nixos/modules/virtualisation/vmware-guest.nix index 68930a0e3254..15c78f14c524 100644 --- a/nixos/modules/virtualisation/vmware-guest.nix +++ b/nixos/modules/virtualisation/vmware-guest.nix @@ -22,7 +22,7 @@ in config = mkIf cfg.enable { assertions = [ { assertion = pkgs.stdenv.isi686 || pkgs.stdenv.isx86_64; - message = "VMWare guest is not currently supported on ${pkgs.stdenv.system}"; + message = "VMWare guest is not currently supported on ${pkgs.stdenv.hostPlatform.system}"; } ]; environment.systemPackages = [ open-vm-tools ]; diff --git a/nixos/modules/virtualisation/xen-dom0.nix b/nixos/modules/virtualisation/xen-dom0.nix index cf57868acef9..70e575b6c0d2 100644 --- a/nixos/modules/virtualisation/xen-dom0.nix +++ b/nixos/modules/virtualisation/xen-dom0.nix @@ -146,7 +146,7 @@ in config = mkIf cfg.enable { assertions = [ { assertion = pkgs.stdenv.isx86_64; - message = "Xen currently not supported on ${pkgs.stdenv.system}"; + message = "Xen currently not supported on ${pkgs.stdenv.hostPlatform.system}"; } { assertion = config.boot.loader.grub.enable && (config.boot.loader.grub.efiSupport == false); message = "Xen currently does not support EFI boot"; diff --git a/nixos/release.nix b/nixos/release.nix index b80ab44eced5..a91dda5fa74b 100644 --- a/nixos/release.nix +++ b/nixos/release.nix @@ -422,6 +422,7 @@ in rec { tests.yabar = callTest tests/yabar.nix {}; tests.zookeeper = callTest tests/zookeeper.nix {}; tests.morty = callTest tests/morty.nix { }; + tests.bcachefs = callTest tests/bcachefs.nix { }; /* Build a bunch of typical closures so that Hydra can keep track of the evolution of closure sizes. */ diff --git a/nixos/tests/bcachefs.nix b/nixos/tests/bcachefs.nix new file mode 100644 index 000000000000..658676ef0ab9 --- /dev/null +++ b/nixos/tests/bcachefs.nix @@ -0,0 +1,38 @@ +import ./make-test.nix ({ pkgs, ... }: { + name = "bcachefs"; + meta.maintainers = with pkgs.stdenv.lib.maintainers; [ chiiruno ]; + + machine = { pkgs, ... }: { + virtualisation.emptyDiskImages = [ 4096 ]; + networking.hostId = "deadbeef"; + boot.supportedFilesystems = [ "bcachefs" ]; + environment.systemPackages = with pkgs; [ parted ]; + }; + + testScript = '' + $machine->succeed("modprobe bcachefs"); + $machine->succeed("bcachefs version"); + $machine->succeed("ls /dev"); + + $machine->succeed( + "mkdir /tmp/mnt", + + "udevadm settle", + "parted --script /dev/vdb mklabel msdos", + "parted --script /dev/vdb -- mkpart primary 1024M -1s", + "udevadm settle", + + # Due to #32279, we cannot use encryption for this test yet + # "echo password | bcachefs format --encrypted /dev/vdb1", + # "echo password | bcachefs unlock /dev/vdb1", + "bcachefs format /dev/vdb1", + "mount -t bcachefs /dev/vdb1 /tmp/mnt", + "udevadm settle", + + "bcachefs fs usage /tmp/mnt", + + "umount /tmp/mnt", + "udevadm settle" + ); + ''; +}) diff --git a/nixos/tests/gnome3-gdm.nix b/nixos/tests/gnome3-gdm.nix index 1f590f337fd9..959030d59880 100644 --- a/nixos/tests/gnome3-gdm.nix +++ b/nixos/tests/gnome3-gdm.nix @@ -11,7 +11,6 @@ import ./make-test.nix ({ pkgs, ...} : { services.xserver.enable = true; - services.xserver.displayManager.slim.enable = false; services.xserver.displayManager.gdm = { enable = true; autoLogin = { diff --git a/nixos/tests/gnome3.nix b/nixos/tests/gnome3.nix index af2404bf530c..3f0368592b8d 100644 --- a/nixos/tests/gnome3.nix +++ b/nixos/tests/gnome3.nix @@ -11,6 +11,7 @@ import ./make-test.nix ({ pkgs, ...} : { services.xserver.enable = true; + services.xserver.displayManager.gdm.enable = false; services.xserver.displayManager.lightdm.enable = true; services.xserver.displayManager.lightdm.autoLogin.enable = true; services.xserver.displayManager.lightdm.autoLogin.user = "alice"; diff --git a/nixos/tests/installer.nix b/nixos/tests/installer.nix index 507665190a26..3d31c8dc4457 100644 --- a/nixos/tests/installer.nix +++ b/nixos/tests/installer.nix @@ -233,13 +233,16 @@ let [ sudo libxml2.bin libxslt.bin + desktop-file-utils docbook5 docbook_xsl_ns unionfs-fuse ntp - nixos-artwork.wallpapers.gnome-dark + nixos-artwork.wallpapers.simple-dark-gray-bottom perlPackages.XMLLibXML perlPackages.ListCompare + shared-mime-info + texinfo xorg.lndir # add curl so that rather than seeing the test attempt to download diff --git a/nixos/tests/nfs.nix b/nixos/tests/nfs.nix index 1992f240e7b0..0ef44f1a4890 100644 --- a/nixos/tests/nfs.nix +++ b/nixos/tests/nfs.nix @@ -6,7 +6,8 @@ let { pkgs, ... }: { fileSystems = pkgs.lib.mkVMOverride [ { mountPoint = "/data"; - device = "server:/data"; + # nfs4 exports the export with fsid=0 as a virtual root directory + device = if (version == 4) then "server:/" else "server:/data"; fsType = "nfs"; options = [ "vers=${toString version}" ]; } |