summary refs log tree commit diff
path: root/nixos
diff options
context:
space:
mode:
Diffstat (limited to 'nixos')
-rw-r--r--nixos/lib/make-iso9660-image.nix13
-rw-r--r--nixos/lib/make-iso9660-image.sh48
-rw-r--r--nixos/modules/config/update-users-groups.pl10
-rw-r--r--nixos/modules/installer/cd-dvd/installation-cd-base.nix3
-rw-r--r--nixos/modules/installer/cd-dvd/iso-image.nix132
-rw-r--r--nixos/modules/services/networking/quassel.nix20
-rw-r--r--nixos/modules/virtualisation/docker.nix6
7 files changed, 101 insertions, 131 deletions
diff --git a/nixos/lib/make-iso9660-image.nix b/nixos/lib/make-iso9660-image.nix
index b2409c6006bc..5ad546e9534d 100644
--- a/nixos/lib/make-iso9660-image.nix
+++ b/nixos/lib/make-iso9660-image.nix
@@ -1,4 +1,4 @@
-{ stdenv, perl, pathsFromGraph, xorriso, syslinux
+{ stdenv, perl, cdrkit, pathsFromGraph
 
 , # The file name of the resulting ISO image.
   isoName ? "cd.iso"
@@ -22,18 +22,12 @@
 , # Whether this should be an efi-bootable El-Torito CD.
   efiBootable ? false
 
-, # Wheter this should be an hybrid CD (bootable from USB as well as CD).
-  usbBootable ? false
-
 , # The path (in the ISO file system) of the boot image.
   bootImage ? ""
 
 , # The path (in the ISO file system) of the efi boot image.
   efiBootImage ? ""
 
-, # The path (outside the ISO file system) of the isohybrid-mbr image.
-  isohybridMbrImage ? ""
-
 , # Whether to compress the resulting ISO image with bzip2.
   compressImage ? false
 
@@ -44,14 +38,13 @@
 
 assert bootable -> bootImage != "";
 assert efiBootable -> efiBootImage != "";
-assert usbBootable -> isohybridMbrImage != "";
 
 stdenv.mkDerivation {
   name = "iso9660-image";
   builder = ./make-iso9660-image.sh;
-  buildInputs = [perl xorriso syslinux];
+  buildInputs = [perl cdrkit];
 
-  inherit isoName bootable bootImage compressImage volumeID pathsFromGraph efiBootImage efiBootable isohybridMbrImage usbBootable;
+  inherit isoName bootable bootImage compressImage volumeID pathsFromGraph efiBootImage efiBootable;
 
   # !!! should use XML.
   sources = map (x: x.source) contents;
diff --git a/nixos/lib/make-iso9660-image.sh b/nixos/lib/make-iso9660-image.sh
index c8522513aa23..675b5bb35148 100644
--- a/nixos/lib/make-iso9660-image.sh
+++ b/nixos/lib/make-iso9660-image.sh
@@ -31,20 +31,11 @@ if test -n "$bootable"; then
         fi
     done
 
-    isoBootFlags="-eltorito-boot ${bootImage}
-                  -eltorito-catalog .boot.cat
-                  -no-emul-boot -boot-load-size 4 -boot-info-table"
-fi
-
-if test -n "$usbBootable"; then
-    usbBootFlags="-isohybrid-mbr ${isohybridMbrImage}"
+    bootFlags="-b $bootImage -c .boot.cat -no-emul-boot -boot-load-size 4 -boot-info-table"
 fi
 
 if test -n "$efiBootable"; then
-    efiBootFlags="-eltorito-alt-boot
-                  -e $efiBootImage
-                  -no-emul-boot
-                  -isohybrid-gpt-basdat"
+    bootFlags="$bootFlags -eltorito-alt-boot -e $efiBootImage -no-emul-boot"
 fi
 
 touch pathlist
@@ -83,41 +74,18 @@ for ((n = 0; n < ${#objects[*]}; n++)); do
     fi
 done
 
-# Escape filenames that contain '='.
-# TODO: Handle this properly. This fails for filenames
-#       that contain multiple '=' symbols.
+# !!! what does this do?
 cat pathlist | sed -e 's/=\(.*\)=\(.*\)=/\\=\1=\2\\=/' | tee pathlist.safer
 
 
 mkdir -p $out/iso
-
-xorriso="xorriso
- -as mkisofs
- -iso-level 3
- -volid ${volumeID}
- -appid nixos
- -publisher nixos
- -graft-points
- -full-iso9660-filenames
- ${isoBootFlags}
- ${usbBootFlags}
- ${efiBootFlags}
- -r
- -path-list pathlist.safer
- --sort-weight 0 /
- --sort-weight 1 /isolinux" # Make sure isolinux is near the beginning of the ISO
-
-$xorriso -output $out/iso/$isoName
-
-if test -n "$usbBootable"; then
-    echo "Making image hybrid..."
-    isohybrid --uefi $out/iso/$isoName
+genCommand="genisoimage -iso-level 4 -r -J $bootFlags -hide-rr-moved -graft-points -path-list pathlist.safer ${volumeID:+-V $volumeID}"
+if test -z "$compressImage"; then
+    $genCommand -o $out/iso/$isoName
+else
+    $genCommand | bzip2 > $out/iso/$isoName.bz2
 fi
 
-if test -n "$compressImage"; then
-    echo "Compressing image..."
-    bzip2 $out/iso/$isoName
-fi
 
 mkdir -p $out/nix-support
 echo $system > $out/nix-support/system
diff --git a/nixos/modules/config/update-users-groups.pl b/nixos/modules/config/update-users-groups.pl
index 63e1c82dd6de..d35ecb754bdb 100644
--- a/nixos/modules/config/update-users-groups.pl
+++ b/nixos/modules/config/update-users-groups.pl
@@ -123,7 +123,7 @@ foreach my $g (@{$spec->{groups}}) {
 }
 
 # Update the persistent list of declarative groups.
-write_file($declGroupsFile, join(" ", sort(keys %groupsOut)));
+write_file($declGroupsFile, { binmode => ':utf8' }, join(" ", sort(keys %groupsOut)));
 
 # Merge in the existing /etc/group.
 foreach my $name (keys %groupsCur) {
@@ -140,7 +140,7 @@ foreach my $name (keys %groupsCur) {
 # Rewrite /etc/group. FIXME: acquire lock.
 my @lines = map { join(":", $_->{name}, $_->{password}, $_->{gid}, $_->{members}) . "\n" }
     (sort { $a->{gid} <=> $b->{gid} } values(%groupsOut));
-write_file("/etc/group.tmp", @lines);
+write_file("/etc/group.tmp", { binmode => ':utf8' }, @lines);
 rename("/etc/group.tmp", "/etc/group") or die;
 system("nscd --invalidate group");
 
@@ -198,7 +198,7 @@ foreach my $u (@{$spec->{users}}) {
 }
 
 # Update the persistent list of declarative users.
-write_file($declUsersFile, join(" ", sort(keys %usersOut)));
+write_file($declUsersFile, { binmode => ':utf8' }, join(" ", sort(keys %usersOut)));
 
 # Merge in the existing /etc/passwd.
 foreach my $name (keys %usersCur) {
@@ -214,7 +214,7 @@ foreach my $name (keys %usersCur) {
 # Rewrite /etc/passwd. FIXME: acquire lock.
 @lines = map { join(":", $_->{name}, $_->{fakePassword}, $_->{uid}, $_->{gid}, $_->{description}, $_->{home}, $_->{shell}) . "\n" }
     (sort { $a->{uid} <=> $b->{uid} } (values %usersOut));
-write_file("/etc/passwd.tmp", @lines);
+write_file("/etc/passwd.tmp", { binmode => ':utf8' }, @lines);
 rename("/etc/passwd.tmp", "/etc/passwd") or die;
 system("nscd --invalidate passwd");
 
@@ -242,5 +242,5 @@ foreach my $u (values %usersOut) {
     push @shadowNew, join(":", $u->{name}, $hashedPassword, "1::::::") . "\n";
 }
 
-write_file("/etc/shadow.tmp", { perms => 0600 }, @shadowNew);
+write_file("/etc/shadow.tmp", { binmode => ':utf8', perms => 0600 }, @shadowNew);
 rename("/etc/shadow.tmp", "/etc/shadow") or die;
diff --git a/nixos/modules/installer/cd-dvd/installation-cd-base.nix b/nixos/modules/installer/cd-dvd/installation-cd-base.nix
index a68581c113fc..3001214f90fb 100644
--- a/nixos/modules/installer/cd-dvd/installation-cd-base.nix
+++ b/nixos/modules/installer/cd-dvd/installation-cd-base.nix
@@ -36,9 +36,6 @@ with lib;
   # EFI booting
   isoImage.makeEfiBootable = true;
 
-  # USB booting
-  isoImage.makeUsbBootable = true;
-
   # Add Memtest86+ to the CD.
   boot.loader.grub.memtest86.enable = true;
 
diff --git a/nixos/modules/installer/cd-dvd/iso-image.nix b/nixos/modules/installer/cd-dvd/iso-image.nix
index f387c64cb9c9..22f31c460802 100644
--- a/nixos/modules/installer/cd-dvd/iso-image.nix
+++ b/nixos/modules/installer/cd-dvd/iso-image.nix
@@ -8,37 +8,45 @@ with lib;
 
 let
 
-  # The configuration file for syslinux.
-  isolinuxCfg =
+  # The Grub image.
+  grubImage = pkgs.runCommand "grub_eltorito" {}
     ''
-    SERIAL 0 38400
-    UI vesamenu.c32
-    MENU TITLE NixOS
-    MENU BACKGROUND /isolinux/background.png
-
-    LABEL boot
-    MENU LABEL Boot NixOS
-    LINUX /boot/bzImage init=${config.system.build.toplevel}/init ${toString config.boot.kernelParams}
-    INITRD /boot/initrd
-
-    LABEL chain
-    MENU LABEL Boot existing OS
-    COM32 chain.c32
-    APPEND hd0 0
-
-    LABEL reboot
-    MENU LABEL Reboot
-    COM32 reboot.c32
-
-    LABEL poweroff
-    MENU LABEL Power Off
-    COM32 poweroff.c32
+      ${pkgs.grub2}/bin/grub-mkimage -p /boot/grub -O i386-pc -o tmp biosdisk iso9660 help linux linux16 chain png jpeg echo gfxmenu reboot
+      cat ${pkgs.grub2}/lib/grub/*/cdboot.img tmp > $out
+    ''; # */
+
+
+  # The configuration file for Grub.
+  grubCfg =
+    ''
+      set default=${builtins.toString config.boot.loader.grub.default}
+      set timeout=${builtins.toString config.boot.loader.grub.timeout}
+
+      if loadfont /boot/grub/unicode.pf2; then
+        set gfxmode=640x480
+        insmod gfxterm
+        insmod vbe
+        terminal_output gfxterm
+
+        insmod png
+        if background_image /boot/grub/splash.png; then
+          set color_normal=white/black
+          set color_highlight=black/white
+        else
+          set menu_color_normal=cyan/blue
+          set menu_color_highlight=white/blue
+        fi
+
+      fi
+
+      ${config.boot.loader.grub.extraEntries}
     '';
 
+
   # The efi boot image
   efiDir = pkgs.runCommand "efi-directory" {} ''
-    mkdir -p $out/EFI/boot
-    cp -v ${pkgs.gummiboot}/lib/gummiboot/gummiboot${targetArch}.efi $out/EFI/boot/boot${targetArch}.efi
+    mkdir -p $out/efi/boot
+    cp -v ${pkgs.gummiboot}/lib/gummiboot/gummiboot${targetArch}.efi $out/efi/boot/boot${targetArch}.efi
     mkdir -p $out/loader/entries
     echo "title NixOS LiveCD" > $out/loader/entries/nixos-livecd.conf
     echo "linux /boot/bzImage" >> $out/loader/entries/nixos-livecd.conf
@@ -144,22 +152,6 @@ in
       '';
     };
 
-    isoImage.makeUsbBootable = mkOption {
-      default = false;
-      description = ''
-        Whether the ISO image should be bootable from CD as well as USB.
-      '';
-    };
-
-    isoImage.splashImage = mkOption {
-      default = pkgs.fetchurl {
-          url = https://raw.githubusercontent.com/NixOS/nixos-artwork/5729ab16c6a5793c10a2913b5a1b3f59b91c36ee/ideas/grub-splash/grub-nixos-1.png;
-          sha256 = "43fd8ad5decf6c23c87e9026170a13588c2eba249d9013cb9f888da5e2002217";
-        };
-      description = ''
-        The splash image to use in the bootloader.
-      '';
-    };
 
   };
 
@@ -174,7 +166,7 @@ in
 
     # !!! Hack - attributes expected by other modules.
     system.boot.loader.kernelFile = "bzImage";
-    environment.systemPackages = [ pkgs.grub2 pkgs.syslinux ];
+    environment.systemPackages = [ pkgs.grub2 ];
 
     # In stage 1 of the boot, mount the CD as the root FS by label so
     # that we don't need to know its device.  We pass the label of the
@@ -221,7 +213,7 @@ in
         options = "allow_other,cow,nonempty,chroot=/mnt-root,max_files=32768,hide_meta_files,dirs=/nix/.rw-store=rw:/nix/.ro-store=ro";
       };
 
-    boot.initrd.availableKernelModules = [ "squashfs" "iso9660" "usb-storage" ];
+    boot.initrd.availableKernelModules = [ "squashfs" "iso9660" ];
 
     boot.initrd.kernelModules = [ "loop" ];
 
@@ -241,12 +233,15 @@ in
     # Individual files to be included on the CD, outside of the Nix
     # store on the CD.
     isoImage.contents =
-      [ { source = pkgs.substituteAll  {
-            name = "isolinux.cfg";
-            src = pkgs.writeText "isolinux.cfg-in" isolinuxCfg;
+      [ { source = grubImage;
+          target = "/boot/grub/grub_eltorito";
+        }
+        { source = pkgs.substituteAll  {
+            name = "grub.cfg";
+            src = pkgs.writeText "grub.cfg-in" grubCfg;
             bootRoot = "/boot";
           };
-          target = "/isolinux/isolinux.cfg";
+          target = "/boot/grub/grub.cfg";
         }
         { source = config.boot.kernelPackages.kernel + "/bzImage";
           target = "/boot/bzImage";
@@ -254,38 +249,51 @@ in
         { source = config.system.build.initialRamdisk + "/initrd";
           target = "/boot/initrd";
         }
-        { source = config.system.build.squashfsStore;
-          target = "/nix-store.squashfs";
+        { source = "${pkgs.grub2}/share/grub/unicode.pf2";
+          target = "/boot/grub/unicode.pf2";
         }
-        { source = "${pkgs.syslinux}/share/syslinux";
-          target = "/isolinux";
+        { source = config.boot.loader.grub.splashImage;
+          target = "/boot/grub/splash.png";
         }
-        { source = config.isoImage.splashImage;
-          target = "/isolinux/background.png";
+        { source = config.system.build.squashfsStore;
+          target = "/nix-store.squashfs";
         }
       ] ++ optionals config.isoImage.makeEfiBootable [
         { source = efiImg;
           target = "/boot/efi.img";
         }
-        { source = "${efiDir}/EFI";
-          target = "/EFI";
+        { source = "${efiDir}/efi";
+          target = "/efi";
         }
         { source = "${efiDir}/loader";
           target = "/loader";
         }
-      ];
+      ] ++ mapAttrsToList (n: v: { source = v; target = "/boot/${n}"; }) config.boot.loader.grub.extraFiles;
+
+    # The Grub menu.
+    boot.loader.grub.extraEntries =
+      ''
+        menuentry "NixOS ${config.system.nixosVersion} Installer" {
+          linux /boot/bzImage init=${config.system.build.toplevel}/init ${toString config.boot.kernelParams}
+          initrd /boot/initrd
+        }
+
+        menuentry "Boot from hard disk" {
+          set root=(hd0)
+          chainloader +1
+        }
+      '';
+
+    boot.loader.grub.timeout = 10;
 
     # Create the ISO image.
     system.build.isoImage = import ../../../lib/make-iso9660-image.nix ({
-      inherit (pkgs) stdenv perl pathsFromGraph xorriso syslinux;
+      inherit (pkgs) stdenv perl cdrkit pathsFromGraph;
 
       inherit (config.isoImage) isoName compressImage volumeID contents;
 
       bootable = true;
-      bootImage = "/isolinux/isolinux.bin";
-    } // optionalAttrs config.isoImage.makeUsbBootable {
-      usbBootable = true;
-      isohybridMbrImage = "${pkgs.syslinux}/share/syslinux/isohdpfx.bin";
+      bootImage = "/boot/grub/grub_eltorito";
     } // optionalAttrs config.isoImage.makeEfiBootable {
       efiBootable = true;
       efiBootImage = "boot/efi.img";
diff --git a/nixos/modules/services/networking/quassel.nix b/nixos/modules/services/networking/quassel.nix
index 749e5dcebb61..579d62884c78 100644
--- a/nixos/modules/services/networking/quassel.nix
+++ b/nixos/modules/services/networking/quassel.nix
@@ -74,21 +74,23 @@ in
         gid = config.ids.gids.quassel;
       }];
 
-    jobs.quassel =
+    systemd.services.quassel =
       { description = "Quassel IRC client daemon";
 
-        startOn = "ip-up";
+        wantedBy = [ "multi-user.target" ];
+        after = [ "network.target" ];
 
         preStart = ''
-            mkdir -p ${cfg.dataDir}
-            chown ${user} ${cfg.dataDir}
+          mkdir -p ${cfg.dataDir}
+          chown ${user} ${cfg.dataDir}
         '';
 
-        exec = ''
-            ${pkgs.su}/bin/su -s ${pkgs.stdenv.shell} ${user} \
-                -c '${quassel}/bin/quasselcore --listen=${cfg.interface}\
-                    --port=${toString cfg.portNumber} --configdir=${cfg.dataDir}'
-        '';
+        serviceConfig =
+        {
+          ExecStart = "${quassel}/bin/quasselcore --listen=${cfg.interface} --port=${toString cfg.portNumber} --configdir=${cfg.dataDir}";
+          User = user;
+          PermissionsStartOnly = true;
+        };
       };
 
   };
diff --git a/nixos/modules/virtualisation/docker.nix b/nixos/modules/virtualisation/docker.nix
index 1ce066cdc73d..11d3f576728f 100644
--- a/nixos/modules/virtualisation/docker.nix
+++ b/nixos/modules/virtualisation/docker.nix
@@ -7,6 +7,8 @@ with lib;
 let
 
   cfg = config.virtualisation.docker;
+  pro = config.nix.proxy;
+  proxy_env = optionalAttrs (pro != "") { Environment = "\"http_proxy=${pro}\""; };
 
 in
 
@@ -73,7 +75,7 @@ in
           #  goes in config bundled with docker itself
           LimitNOFILE = 1048576;
           LimitNPROC = 1048576;
-        };
+        } // proxy_env;
       };
 
       systemd.sockets.docker = {
@@ -99,7 +101,7 @@ in
           #  goes in config bundled with docker itself
           LimitNOFILE = 1048576;
           LimitNPROC = 1048576;
-        };
+        } // proxy_env;
 
         # Presumably some containers are running we don't want to interrupt
         restartIfChanged = false;
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-08-08 09:54:22 +0000