diff options
Diffstat (limited to 'nixos')
30 files changed, 806 insertions, 177 deletions
diff --git a/nixos/doc/manual/development/sources.xml b/nixos/doc/manual/development/sources.xml index 3ac07da19f12..879a31e32c59 100644 --- a/nixos/doc/manual/development/sources.xml +++ b/nixos/doc/manual/development/sources.xml @@ -24,6 +24,9 @@ $ mkdir -p <replaceable>/my/sources</replaceable> $ cd <replaceable>/my/sources</replaceable> $ nix-env -i git $ git clone git://github.com/NixOS/nixpkgs.git +$ cd nixpkgs +$ git remote add channels git://github.com/NixOS/nixpkgs-channels.git +$ git remote update channels </screen> This will check out the latest NixOS sources to @@ -31,7 +34,12 @@ This will check out the latest NixOS sources to and the Nixpkgs sources to <filename><replaceable>/my/sources</replaceable>/nixpkgs</filename>. (The NixOS source tree lives in a subdirectory of the Nixpkgs -repository.)</para> +repository.) The remote <literal>channels</literal> refers to a +read-only repository that tracks the Nixpkgs/NixOS channels (see <xref +linkend="sec-upgrading"/> for more information about channels). Thus, +the Git branch <literal>channels/nixos-14.12</literal> will contain +the latest built and tested version available in the +<literal>nixos-14.12</literal> channel.</para> <para>It’s often inconvenient to develop directly on the master branch, since if somebody has just committed (say) a change to GCC, @@ -40,28 +48,32 @@ rebuild everything from source. So you may want to create a local branch based on your current NixOS version: <screen> -$ <replaceable>/my/sources</replaceable>/nixpkgs/maintainers/scripts/update-channel-branches.sh -Fetching channels from https://nixos.org/channels: - * [new branch] cbe467e -> channels/remotes/nixos-unstable -Fetching channels from nixos-version: - * [new branch] 9ff4738 -> channels/current-system -Fetching channels from ~/.nix-defexpr: - * [new branch] 0d4acad -> channels/root/nixos -$ git checkout -b local channels/current-system +$ nixos-version +14.04.273.ea1952b (Baboon) + +$ git checkout -b local ea1952b </screen> -Or, to base your local branch on the latest version available in the +Or, to base your local branch on the latest version available in a NixOS channel: <screen> -$ <replaceable>/my/sources</replaceable>/nixpkgs/maintainers/scripts/update-channel-branches.sh -$ git checkout -b local channels/remotes/nixos-unstable +$ git remote update channels +$ git checkout -b local channels/nixos-14.12 +</screen> + +(Replace <literal>nixos-14.12</literal> with the name of the channel +you want to use.) You can use <command>git merge</command> or +<command>git rebase</command> to keep your local branch in sync with +the channel, e.g. + +<screen> +$ git remote update channels +$ git merge channels/nixos-14.12 </screen> -You can then use <command>git rebase</command> to sync your local -branch with the upstream branch, and use <command>git -cherry-pick</command> to copy commits from your local branch to the -upstream branch.</para> +You can use <command>git cherry-pick</command> to copy commits from +your local branch to the upstream branch.</para> <para>If you want to rebuild your system using your (modified) sources, you need to tell <command>nixos-rebuild</command> about them diff --git a/nixos/doc/manual/development/writing-nixos-tests.xml b/nixos/doc/manual/development/writing-nixos-tests.xml index bbb655eed2a6..b9da712b86f0 100644 --- a/nixos/doc/manual/development/writing-nixos-tests.xml +++ b/nixos/doc/manual/development/writing-nixos-tests.xml @@ -155,6 +155,15 @@ startAll; </varlistentry> <varlistentry> + <term><methodname>getScreenText</methodname></term> + <listitem><para>Return a textual representation of what is currently + visible on the machine's screen using optical character + recognition.</para> + <note><para>This requires passing <option>enableOCR</option> to the test + attribute set.</para></note></listitem> + </varlistentry> + + <varlistentry> <term><methodname>sendMonitorCommand</methodname></term> <listitem><para>Send a command to the QEMU monitor. This is rarely used, but allows doing stuff such as attaching virtual USB disks @@ -238,6 +247,15 @@ startAll; </varlistentry> <varlistentry> + <term><methodname>waitForText</methodname></term> + <listitem><para>Wait until the supplied regular expressions matches + the textual contents of the screen by using optical character recognition + (see <methodname>getScreenText</methodname>).</para> + <note><para>This requires passing <option>enableOCR</option> to the test + attribute set.</para></note></listitem> + </varlistentry> + + <varlistentry> <term><methodname>waitForWindow</methodname></term> <listitem><para>Wait until an X11 window has appeared whose name matches the given regular expression, e.g., diff --git a/nixos/doc/manual/release-notes/rl-unstable.xml b/nixos/doc/manual/release-notes/rl-unstable.xml index c4691aa663f4..755b4bf41541 100644 --- a/nixos/doc/manual/release-notes/rl-unstable.xml +++ b/nixos/doc/manual/release-notes/rl-unstable.xml @@ -17,6 +17,7 @@ <itemizedlist> <listitem><para><literal>brltty</literal></para></listitem> +<listitem><para><literal>marathon</literal></para></listitem> </itemizedlist> </para> @@ -61,6 +62,15 @@ was accordingly renamed to <literal>bomi</literal> </para> </listitem> +<listitem> + <para> + HPLIP (printer, scanner, and fax drivers for HP devices) has + been updated to version <literal>3.15.4</literal>. This release + adds support for the <literal>arm6l-linux</literal> and + <literal>arm7l-linux</literal> platforms. + </para> +</listitem> + </itemizedlist> </para> diff --git a/nixos/lib/test-driver/Machine.pm b/nixos/lib/test-driver/Machine.pm index e0791692d3ef..db2c1a68692a 100644 --- a/nixos/lib/test-driver/Machine.pm +++ b/nixos/lib/test-driver/Machine.pm @@ -9,6 +9,7 @@ use FileHandle; use Cwd; use File::Basename; use File::Path qw(make_path); +use File::Slurp; my $showGraphics = defined $ENV{'DISPLAY'}; @@ -493,6 +494,44 @@ sub screenshot { } +# Take a screenshot and return the result as text using optical character +# recognition. +sub getScreenText { + my ($self) = @_; + + system("command -v tesseract &> /dev/null") == 0 + or die "getScreenText used but enableOCR is false"; + + my $text; + $self->nest("performing optical character recognition", sub { + my $tmpbase = Cwd::abs_path(".")."/ocr"; + my $tmpin = $tmpbase."in.ppm"; + my $tmpout = "$tmpbase.ppm"; + + $self->sendMonitorCommand("screendump $tmpin"); + system("ppmtopgm $tmpin | pamscale 4 -filter=lanczos > $tmpout") == 0 + or die "cannot scale screenshot"; + unlink $tmpin; + system("tesseract $tmpout $tmpbase") == 0 or die "OCR failed"; + unlink $tmpout; + $text = read_file("$tmpbase.txt"); + unlink "$tmpbase.txt"; + }); + return $text; +} + + +# Wait until a specific regexp matches the textual contents of the screen. +sub waitForText { + my ($self, $regexp) = @_; + $self->nest("waiting for $regexp to appear on the screen", sub { + retry sub { + return 1 if $self->getScreenText =~ /$regexp/; + } + }); +} + + # Wait until it is possible to connect to the X server. Note that # testing the existence of /tmp/.X11-unix/X0 is insufficient. sub waitForX { diff --git a/nixos/lib/testing.nix b/nixos/lib/testing.nix index c14f15a1ad5d..ee254ae187fd 100644 --- a/nixos/lib/testing.nix +++ b/nixos/lib/testing.nix @@ -28,7 +28,7 @@ rec { wrapProgram $out/bin/nixos-test-driver \ --prefix PATH : "${qemu_kvm}/bin:${vde2}/bin:${netpbm}/bin:${coreutils}/bin" \ - --prefix PERL5LIB : "${lib.makePerlPath [ perlPackages.TermReadLineGnu perlPackages.XMLWriter perlPackages.IOTty ]}:$out/lib/perl5/site_perl" + --prefix PERL5LIB : "${with perlPackages; lib.makePerlPath [ TermReadLineGnu XMLWriter IOTty FileSlurp ]}:$out/lib/perl5/site_perl" ''; }; @@ -68,7 +68,12 @@ rec { makeTest = - { testScript, makeCoverageReport ? false, name ? "unnamed", ... } @ t: + { testScript + , makeCoverageReport ? false + , enableOCR ? false + , name ? "unnamed" + , ... + } @ t: let testDriverName = "nixos-test-driver-${name}"; @@ -86,6 +91,8 @@ rec { vms = map (m: m.config.system.build.vm) (lib.attrValues nodes); + ocrProg = tesseract.override { enableLanguages = [ "eng" ]; }; + # Generate onvenience wrappers for running the test driver # interactively with the specified network, and for starting the # VMs from the command line. @@ -102,12 +109,14 @@ rec { vms="$(for i in ${toString vms}; do echo $i/bin/run-*-vm; done)" wrapProgram $out/bin/nixos-test-driver \ --add-flags "$vms" \ + ${lib.optionalString enableOCR "--prefix PATH : '${ocrProg}/bin'"} \ --run "testScript=\"\$(cat $out/test-script)\"" \ --set testScript '"$testScript"' \ --set VLANS '"${toString vlans}"' ln -s ${testDriver}/bin/nixos-test-driver $out/bin/nixos-run-vms wrapProgram $out/bin/nixos-run-vms \ --add-flags "$vms" \ + ${lib.optionalString enableOCR "--prefix PATH : '${ocrProg}/bin'"} \ --set tests '"startAll; joinAll;"' \ --set VLANS '"${toString vlans}"' \ ${lib.optionalString (builtins.length vms == 1) "--set USE_SERIAL 1"} diff --git a/nixos/modules/installer/tools/nixos-checkout.nix b/nixos/modules/installer/tools/nixos-checkout.nix index 3338e5119acb..9cdd8a74a188 100644 --- a/nixos/modules/installer/tools/nixos-checkout.nix +++ b/nixos/modules/installer/tools/nixos-checkout.nix @@ -1,5 +1,5 @@ -# This module generates the nixos-checkout script, which replaces the -# Nixpkgs source trees in /etc/nixos/nixpkgs with a Git checkout. +# This module generates the nixos-checkout script, which performs a +# checkout of the Nixpkgs Git repository. { config, lib, pkgs, ... }: @@ -37,8 +37,19 @@ let mv nixpkgs nixpkgs-$backupTimestamp fi - # Check out the NixOS and Nixpkgs sources. - git clone git://github.com/NixOS/nixpkgs.git nixpkgs + # Check out the Nixpkgs sources. + if ! [ -e nixpkgs/.git ]; then + echo "Creating repository in $prefix/nixpkgs..." + git init --quiet nixpkgs + else + echo "Updating repository in $prefix/nixpkgs..." + fi + cd nixpkgs + git remote add origin git://github.com/NixOS/nixpkgs.git || true + git remote add channels git://github.com/NixOS/nixpkgs-channels.git || true + git remote set-url origin --push git@github.com:NixOS/nixpkgs.git + git remote update + git checkout master ''; }; diff --git a/nixos/modules/misc/ids.nix b/nixos/modules/misc/ids.nix index 0039ca74ba85..cc1976e236bd 100644 --- a/nixos/modules/misc/ids.nix +++ b/nixos/modules/misc/ids.nix @@ -196,7 +196,6 @@ nylon = 168; apache-kafka = 169; panamax = 170; - marathon = 171; exim = 172; #fleet = 173; # unused #input = 174; # unused @@ -217,6 +216,7 @@ lambdabot = 191; asterisk = 192; plex = 193; + bird = 195; # When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399! @@ -390,7 +390,6 @@ gitlab = 165; nylon = 168; panamax = 170; - #marathon = 171; # unused exim = 172; fleet = 173; input = 174; @@ -412,6 +411,7 @@ #asterisk = 192; # unused plex = 193; sabnzbd = 194; + bird = 195; # When adding a gid, make sure it doesn't match an existing # uid. Users and groups with the same name should have equal diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 043b0470edf2..cd679f8e93c4 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -252,6 +252,7 @@ ./services/networking/atftpd.nix ./services/networking/avahi-daemon.nix ./services/networking/bind.nix + ./services/networking/bird.nix ./services/networking/bitlbee.nix ./services/networking/btsync.nix ./services/networking/charybdis.nix @@ -405,12 +406,14 @@ ./services/x11/xserver.nix ./system/activation/activation-script.nix ./system/activation/top-level.nix + ./system/boot/coredump.nix ./system/boot/emergency-mode.nix ./system/boot/kernel.nix ./system/boot/kexec.nix ./system/boot/loader/efi.nix ./system/boot/loader/loader.nix ./system/boot/loader/generations-dir/generations-dir.nix + ./system/boot/loader/generic-extlinux-compatible ./system/boot/loader/grub/grub.nix ./system/boot/loader/grub/ipxe.nix ./system/boot/loader/grub/memtest.nix diff --git a/nixos/modules/services/backup/postgresql-backup.nix b/nixos/modules/services/backup/postgresql-backup.nix index c4127543f10d..4a5ebebc682e 100644 --- a/nixos/modules/services/backup/postgresql-backup.nix +++ b/nixos/modules/services/backup/postgresql-backup.nix @@ -3,9 +3,9 @@ with lib; let - inherit (pkgs) postgresql gzip; + inherit (pkgs) gzip; - location = config.services.postgresqlBackup.location ; + location = config.services.postgresqlBackup.location; postgresqlBackupCron = db: '' diff --git a/nixos/modules/services/networking/bird.nix b/nixos/modules/services/networking/bird.nix new file mode 100644 index 000000000000..e7e1db191529 --- /dev/null +++ b/nixos/modules/services/networking/bird.nix @@ -0,0 +1,76 @@ +{ config, lib, pkgs, ... }: + +let + inherit (lib) mkEnableOption mkIf mkOption singleton types; + inherit (pkgs) bird; + cfg = config.services.bird; + + configFile = pkgs.writeText "bird.conf" '' + ${cfg.config} + ''; +in + +{ + + ###### interface + + options = { + + services.bird = { + + enable = mkEnableOption "BIRD Internet Routing Daemon"; + + config = mkOption { + type = types.string; + description = '' + BIRD Internet Routing Daemon configuration file. + <link xlink:href='http://bird.network.cz/'/> + ''; + }; + + user = mkOption { + type = types.string; + default = "ircd"; + description = '' + BIRD Internet Routing Daemon user. + ''; + }; + + group = mkOption { + type = types.string; + default = "ircd"; + description = '' + BIRD Internet Routing Daemon group. + ''; + }; + + }; + + }; + + + ###### implementation + + config = mkIf cfg.enable { + + users.extraUsers = singleton { + name = cfg.user; + description = "BIRD Internet Routing Daemon user"; + uid = config.ids.uids.bird; + group = cfg.group; + }; + + users.extraGroups = singleton { + name = cfg.group; + gid = config.ids.gids.bird; + }; + + systemd.services.bird = { + description = "BIRD Internet Routing Daemon"; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + ExecStart = "${bird}/bin/bird -d -c ${configFile} -s /var/run/bird.ctl -u ${cfg.user} -g ${cfg.group}"; + }; + }; + }; +} diff --git a/nixos/modules/services/networking/ssh/sshd.nix b/nixos/modules/services/networking/ssh/sshd.nix index 6cc86b4e4b5a..14d516ddbb66 100644 --- a/nixos/modules/services/networking/ssh/sshd.nix +++ b/nixos/modules/services/networking/ssh/sshd.nix @@ -268,6 +268,16 @@ in }; }; + moduliFile = mkOption { + example = "services.openssh.moduliFile = /etc/my-local-ssh-moduli;"; + type = types.path; + description = '' + Path to <literal>moduli</literal> file to install in + <literal>/etc/ssh/moduli</literal>. If this option is unset, then + the <literal>moduli</literal> file shipped with OpenSSH will be used. + ''; + }; + }; users.extraUsers = mkOption { @@ -286,8 +296,10 @@ in description = "SSH privilege separation user"; }; + services.openssh.moduliFile = mkDefault "${cfgc.package}/etc/ssh/moduli"; + environment.etc = authKeysFiles ++ [ - { source = "${cfgc.package}/etc/ssh/moduli"; + { source = cfg.moduliFile; target = "ssh/moduli"; } { text = knownHostsText; diff --git a/nixos/modules/services/networking/tinc.nix b/nixos/modules/services/networking/tinc.nix index f9ca796ea652..2d43c3d962dd 100644 --- a/nixos/modules/services/networking/tinc.nix +++ b/nixos/modules/services/networking/tinc.nix @@ -154,6 +154,7 @@ in users.extraUsers = flip mapAttrs' cfg.networks (network: _: nameValuePair ("tinc.${network}") ({ description = "Tinc daemon user for ${network}"; + isSystemUser = true; }) ); diff --git a/nixos/modules/services/scheduling/marathon.nix b/nixos/modules/services/scheduling/marathon.nix index 8513d1174c38..ab93334f5fc9 100644 --- a/nixos/modules/services/scheduling/marathon.nix +++ b/nixos/modules/services/scheduling/marathon.nix @@ -12,27 +12,56 @@ in { options.services.marathon = { enable = mkOption { - description = "Whether to enable the marathon mesos framework."; - default = false; type = types.uniq types.bool; + default = false; + description = '' + Whether to enable the marathon mesos framework. + ''; }; httpPort = mkOption { - description = "Marathon listening port"; - default = 8080; type = types.int; + default = 8080; + description = '' + Marathon listening port for HTTP connections. + ''; }; master = mkOption { - description = "Marathon mesos master zookeeper address"; - default = "zk://${head cfg.zookeeperHosts}/mesos"; type = types.str; + default = "zk://${concatStringsSep "," cfg.zookeeperHosts}/mesos"; + example = "zk://1.2.3.4:2181,2.3.4.5:2181,3.4.5.6:2181/mesos"; + description = '' + Mesos master address. See <link xlink:href="https://mesosphere.github.io/marathon/docs/"/> for details. + ''; }; zookeeperHosts = mkOption { - description = "Marathon mesos zookepper addresses"; + type = types.listOf types.str; default = [ "localhost:2181" ]; + example = [ "1.2.3.4:2181" "2.3.4.5:2181" "3.4.5.6:2181" ]; + description = '' + ZooKeeper hosts' addresses. + ''; + }; + + extraCmdLineOptions = mkOption { type = types.listOf types.str; + default = [ ]; + example = [ "--https_port=8443" "--zk_timeout=10000" "--marathon_store_timeout=2000" ]; + description = '' + Extra command line options to pass to Marathon. + See <link xlink:href="https://mesosphere.github.io/marathon/docs/command-line-flags.html"/> for all possible flags. + ''; + }; + + environment = mkOption { + default = { }; + type = types.attrs; + example = { JAVA_OPTS = "-Xmx512m"; MESOSPHERE_HTTP_CREDENTIALS = "username:password"; }; + description = '' + Environment variables passed to Marathon. + ''; }; }; @@ -41,17 +70,19 @@ in { config = mkIf cfg.enable { systemd.services.marathon = { description = "Marathon Service"; + environment = cfg.environment; wantedBy = [ "multi-user.target" ]; after = [ "network-interfaces.target" "zookeeper.service" "mesos-master.service" "mesos-slave.service" ]; serviceConfig = { - ExecStart = "${pkgs.marathon}/bin/marathon --master ${cfg.master} --zk zk://${head cfg.zookeeperHosts}/marathon"; + ExecStart = "${pkgs.marathon}/bin/marathon --master ${cfg.master} --zk zk://${concatStringsSep "," cfg.zookeeperHosts}/marathon --http_port ${toString cfg.httpPort} ${concatStringsSep " " cfg.extraCmdLineOptions}"; User = "marathon"; + Restart = "always"; + RestartSec = "2"; }; }; users.extraUsers.marathon = { - uid = config.ids.uids.marathon; description = "Marathon mesos framework user"; }; }; diff --git a/nixos/modules/services/x11/desktop-managers/gnome3.nix b/nixos/modules/services/x11/desktop-managers/gnome3.nix index d53f119c9558..cf6d2cab3492 100644 --- a/nixos/modules/services/x11/desktop-managers/gnome3.nix +++ b/nixos/modules/services/x11/desktop-managers/gnome3.nix @@ -45,7 +45,7 @@ in { environment.gnome3.packageSet = mkOption { default = null; - example = literalExample "pkgs.gnome3_12"; + example = literalExample "pkgs.gnome3_16"; description = "Which GNOME 3 package set to use."; apply = p: if p == null then pkgs.gnome3 else p; }; @@ -109,9 +109,6 @@ in { # Override default mimeapps export XDG_DATA_DIRS=$XDG_DATA_DIRS''${XDG_DATA_DIRS:+:}${mimeAppsList}/share - # Let gnome-control-center find gnome-shell search providers. GNOME 3.12 compatibility. - export GNOME_SEARCH_PROVIDERS_DIR=${config.system.path}/share/gnome-shell/search-providers/ - # Let nautilus find extensions export NAUTILUS_EXTENSION_DIR=${config.system.path}/lib/nautilus/extensions-3.0/ diff --git a/nixos/modules/services/x11/display-managers/lightdm.nix b/nixos/modules/services/x11/display-managers/lightdm.nix index 4aeaed8cd324..f6de8c02b186 100644 --- a/nixos/modules/services/x11/display-managers/lightdm.nix +++ b/nixos/modules/services/x11/display-managers/lightdm.nix @@ -65,7 +65,7 @@ let greeters-directory = ${cfg.greeter.package} sessions-directory = ${dmcfg.session.desktops} - [SeatDefaults] + [Seat:*] xserver-command = ${xserverWrapper} session-wrapper = ${dmcfg.session.script} greeter-session = ${cfg.greeter.name} @@ -143,8 +143,26 @@ in services.dbus.enable = true; services.dbus.packages = [ lightdm ]; - security.pam.services.lightdm = { allowNullPassword = true; startSession = true; }; - security.pam.services.lightdm-greeter = { allowNullPassword = true; startSession = true; }; + security.pam.services.lightdm = { + allowNullPassword = true; + startSession = true; + }; + security.pam.services.lightdm-greeter = { + allowNullPassword = true; + startSession = true; + text = '' + auth required pam_env.so + auth required pam_permit.so + + account required pam_permit.so + + password required pam_deny.so + + session required pam_env.so envfile=${config.system.build.pamEnvironment} + session required pam_unix.so + session optional ${pkgs.systemd}/lib/security/pam_systemd.so + ''; + }; users.extraUsers.lightdm = { createHome = true; diff --git a/nixos/modules/system/boot/coredump.nix b/nixos/modules/system/boot/coredump.nix new file mode 100644 index 000000000000..25b11ed9c8a9 --- /dev/null +++ b/nixos/modules/system/boot/coredump.nix @@ -0,0 +1,51 @@ +{ config, lib, pkgs, ... }: + +with lib; + +{ + + options = { + + systemd.coredump = { + + enable = mkOption { + default = false; + type = types.bool; + description = '' + Enables storing core dumps in systemd. + Note that this alone is not enough to enable core dumps. The maximum + file size for core dumps must be specified in limits.conf as well. See + <option>security.pam.loginLimits</option> as well as the limits.conf(5) + man page. + ''; + }; + + extraConfig = mkOption { + default = ""; + type = types.lines; + example = "Storage=journal"; + description = '' + Extra config options for systemd-coredump. See coredump.conf(5) man page + for available options. + ''; + }; + }; + + }; + + config = mkIf config.systemd.coredump.enable { + + environment.etc."systemd/coredump.conf".text = + '' + [Coredump] + ${config.systemd.coredump.extraConfig} + ''; + + # Have the kernel pass core dumps to systemd's coredump helper binary. + # From systemd's 50-coredump.conf file. See: + # <https://github.com/systemd/systemd/blob/v218/sysctl.d/50-coredump.conf.in> + boot.kernel.sysctl."kernel.core_pattern" = "|${pkgs.systemd}/lib/systemd/systemd-coredump %p %u %g %s %t %e"; + + }; + +} diff --git a/nixos/modules/system/boot/loader/generic-extlinux-compatible/default.nix b/nixos/modules/system/boot/loader/generic-extlinux-compatible/default.nix new file mode 100644 index 000000000000..af39c7bb6841 --- /dev/null +++ b/nixos/modules/system/boot/loader/generic-extlinux-compatible/default.nix @@ -0,0 +1,44 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + blCfg = config.boot.loader; + cfg = blCfg.generic-extlinux-compatible; + + timeoutStr = if blCfg.timeout == null then "-1" else toString blCfg.timeout; + + builder = import ./extlinux-conf-builder.nix { inherit pkgs; }; +in +{ + options = { + boot.loader.generic-extlinux-compatible = { + enable = mkOption { + default = false; + type = types.bool; + description = '' + Whether to generate an extlinux-compatible configuration file + under <literal>/boot/extlinux.conf</literal>. For instance, + U-Boot's generic distro boot support uses this file format. + + See <link xlink:href="http://git.denx.de/?p=u-boot.git;a=blob;f=doc/README.distro;hb=refs/heads/master">U-boot's documentation</link> + for more information. + ''; + }; + + configurationLimit = mkOption { + default = 20; + example = 10; + type = types.int; + description = '' + Maximum number of configurations in the boot menu. + ''; + }; + }; + }; + + config = mkIf cfg.enable { + system.build.installBootLoader = "${builder} -g ${toString cfg.configurationLimit} -t ${timeoutStr} -c"; + system.boot.loader.id = "generic-extlinux-compatible"; + }; +} diff --git a/nixos/modules/system/boot/loader/generic-extlinux-compatible/extlinux-conf-builder.nix b/nixos/modules/system/boot/loader/generic-extlinux-compatible/extlinux-conf-builder.nix new file mode 100644 index 000000000000..261192c6d24e --- /dev/null +++ b/nixos/modules/system/boot/loader/generic-extlinux-compatible/extlinux-conf-builder.nix @@ -0,0 +1,8 @@ +{ pkgs }: + +pkgs.substituteAll { + src = ./extlinux-conf-builder.sh; + isExecutable = true; + inherit (pkgs) bash; + path = [pkgs.coreutils pkgs.gnused pkgs.gnugrep]; +} diff --git a/nixos/modules/system/boot/loader/generic-extlinux-compatible/extlinux-conf-builder.sh b/nixos/modules/system/boot/loader/generic-extlinux-compatible/extlinux-conf-builder.sh new file mode 100644 index 000000000000..8f2a496de8b6 --- /dev/null +++ b/nixos/modules/system/boot/loader/generic-extlinux-compatible/extlinux-conf-builder.sh @@ -0,0 +1,132 @@ +#! @bash@/bin/sh -e + +shopt -s nullglob + +export PATH=/empty +for i in @path@; do PATH=$PATH:$i/bin; done + +usage() { + echo "usage: $0 -t <timeout> -c <path-to-default-configuration> [-d <boot-dir>] [-g <num-generations>]" >&2 + exit 1 +} + +timeout= # Timeout in centiseconds +default= # Default configuration +target=/boot # Target directory +numGenerations=0 # Number of other generations to include in the menu + +while getopts "t:c:d:g:" opt; do + case "$opt" in + t) # U-Boot interprets '0' as infinite and negative as instant boot + if [ "$OPTARG" -lt 0 ]; then + timeout=0 + elif [ "$OPTARG" = 0 ]; then + timeout=-10 + else + timeout=$((OPTARG * 10)) + fi + ;; + c) default="$OPTARG" ;; + d) target="$OPTARG" ;; + g) numGenerations="$OPTARG" ;; + \?) usage ;; + esac +done + +[ "$timeout" = "" -o "$default" = "" ] && usage + +mkdir -p $target/nixos +mkdir -p $target/extlinux + +# Convert a path to a file in the Nix store such as +# /nix/store/<hash>-<name>/file to <hash>-<name>-<file>. +cleanName() { + local path="$1" + echo "$path" | sed 's|^/nix/store/||' | sed 's|/|-|g' +} + +# Copy a file from the Nix store to $target/nixos. +declare -A filesCopied + +copyToKernelsDir() { + local src=$(readlink -f "$1") + local dst="$target/nixos/$(cleanName $src)" + # Don't copy the file if $dst already exists. This means that we + # have to create $dst atomically to prevent partially copied + # kernels or initrd if this script is ever interrupted. + if ! test -e $dst; then + local dstTmp=$dst.tmp.$$ + cp -r $src $dstTmp + mv $dstTmp $dst + fi + filesCopied[$dst]=1 + result=$dst +} + +# Copy its kernel, initrd and dtbs to $target/nixos, and echo out an +# extlinux menu entry +addEntry() { + local path=$(readlink -f "$1") + local tag="$2" # Generation number or 'default' + + if ! test -e $path/kernel -a -e $path/initrd; then + return + fi + + copyToKernelsDir "$path/kernel"; kernel=$result + copyToKernelsDir "$path/initrd"; initrd=$result + # XXX UGLY: maybe the system config should have a top-level "dtbs" entry? + copyToKernelsDir $(readlink -m "$path/kernel/../dtbs"); dtbs=$result + + timestampEpoch=$(stat -L -c '%Z' $path) + + timestamp=$(date "+%Y-%m-%d %H:%M" -d @$timestampEpoch) + nixosVersion="$(cat $path/nixos-version)" + extraParams="$(cat $path/kernel-params)" + + echo + echo "LABEL nixos-$tag" + if [ "$tag" = "default" ]; then + echo " MENU LABEL NixOS - Default" + else + echo " MENU LABEL NixOS - Configuration $tag ($timestamp - $nixosVersion)" + fi + echo " LINUX ../nixos/$(basename $kernel)" + echo " INITRD ../nixos/$(basename $initrd)" + echo " FDTDIR ../nixos/$(basename $dtbs)" + echo " APPEND systemConfig=$path init=$path/init $extraParams" +} + +tmpFile="$target/extlinux/extlinux.conf.tmp.$$" + +cat > $tmpFile <<EOF +# Generated file, all changes will be lost on nixos-rebuild! + +# Change this to e.g. nixos-42 to temporarily boot to an older configuration. +DEFAULT nixos-default + +TIMEOUT $timeout +$(addEntry $default default) +EOF + +# Add up to $numGenerations generations of the system profile to the menu, +# in reverse (most recent to least recent) order. +for generation in $( + (cd /nix/var/nix/profiles && ls -d system-*-link) \ + | sed 's/system-\([0-9]\+\)-link/\1/' \ + | sort -n -r \ + | head -n $numGenerations); do + link=/nix/var/nix/profiles/system-$generation-link + addEntry $link $generation +done >> $tmpFile + +mv -f $tmpFile $target/extlinux/extlinux.conf + +# Remove obsolete files from $target/nixos. +for fn in $target/nixos/*; do + if ! test "${filesCopied[$fn]}" = 1; then + echo "Removing no longer needed boot file: $fn" + chmod +w -- "$fn" + rm -rf -- "$fn" + fi +done diff --git a/nixos/modules/system/boot/loader/grub/grub.nix b/nixos/modules/system/boot/loader/grub/grub.nix index 585c8854feec..c790e05f51bd 100644 --- a/nixos/modules/system/boot/loader/grub/grub.nix +++ b/nixos/modules/system/boot/loader/grub/grub.nix @@ -21,13 +21,13 @@ let grubEfi = # EFI version of Grub v2 - if (cfg.devices != ["nodev"]) && cfg.efiSupport && (cfg.version == 2) + if cfg.efiSupport && (cfg.version == 2) then realGrub.override { efiSupport = cfg.efiSupport; } else null; f = x: if x == null then "" else "" + x; - grubConfig = pkgs.writeText "grub-config.xml" (builtins.toXML + grubConfig = args: pkgs.writeText "grub-config.xml" (builtins.toXML { splashImage = f config.boot.loader.grub.splashImage; grub = f grub; grubTarget = f (grub.grubTarget or ""); @@ -35,11 +35,14 @@ let fullVersion = (builtins.parseDrvName realGrub.name).version; grubEfi = f grubEfi; grubTargetEfi = if cfg.efiSupport && (cfg.version == 2) then f (grubEfi.grubTarget or "") else ""; - inherit (efi) efiSysMountPoint canTouchEfiVariables; + bootPath = args.path; + efiSysMountPoint = if args.efiSysMountPoint == null then args.path else args.efiSysMountPoint; + inherit (args) devices; + inherit (efi) canTouchEfiVariables; inherit (cfg) version extraConfig extraPerEntryConfig extraEntries extraEntriesBeforeNixOS extraPrepareConfig configurationLimit copyKernels timeout - default devices fsIdentifier efiSupport; + default fsIdentifier efiSupport; path = (makeSearchPath "bin" ([ pkgs.coreutils pkgs.gnused pkgs.gnugrep pkgs.findutils pkgs.diffutils pkgs.btrfsProgs pkgs.utillinux ] ++ (if cfg.efiSupport && (cfg.version == 2) then [pkgs.efibootmgr ] else []) @@ -48,6 +51,9 @@ let ]); }); + bootDeviceCounters = fold (device: attr: attr // { "${device}" = (attr."${device}" or 0) + 1; }) {} + (concatMap (args: args.devices) cfg.mirroredBoots); + in { @@ -101,6 +107,53 @@ in ''; }; + mirroredBoots = mkOption { + default = [ ]; + example = [ + { path = "/boot1"; devices = [ "/dev/sda" ]; } + { path = "/boot2"; devices = [ "/dev/sdb" ]; } + ]; + description = '' + Mirror the boot configuration to multiple partitions and install grub + to the respective devices corresponding to those partitions. + ''; + + type = types.listOf types.optionSet; + + options = { + + path = mkOption { + example = "/boot1"; + type = types.str; + description = '' + The path to the boot directory where grub will be written. Generally + this boot parth should double as an efi path. + ''; + }; + + efiSysMountPoint = mkOption { + default = null; + example = "/boot1/efi"; + type = types.nullOr types.str; + description = '' + The path to the efi system mount point. Usually this is the same + partition as the above path and can be left as null. + ''; + }; + + devices = mkOption { + default = [ ]; + example = [ "/dev/sda" "/dev/sdb" ]; + type = types.listOf types.str; + description = '' + The path to the devices which will have the grub mbr written. + Note these are typically device paths and not paths to partitions. + ''; + }; + + }; + }; + configurationName = mkOption { default = ""; example = "Stable 2.6.21"; @@ -291,13 +344,18 @@ in boot.loader.grub.devices = optional (cfg.device != "") cfg.device; - system.build.installBootLoader = - if cfg.devices == [] then - throw "You must set the option ‘boot.loader.grub.device’ to make the system bootable." - else - "PERL5LIB=${makePerlPath (with pkgs.perlPackages; [ FileSlurp XMLLibXML XMLSAX ListCompare ])} " + - (if cfg.enableCryptodisk then "GRUB_ENABLE_CRYPTODISK=y " else "") + - "${pkgs.perl}/bin/perl ${./install-grub.pl} ${grubConfig}"; + boot.loader.grub.mirroredBoots = optionals (cfg.devices != [ ]) [ + { path = "/boot"; inherit (cfg) devices; inherit (efi) efiSysMountPoint; } + ]; + + system.build.installBootLoader = pkgs.writeScript "install-grub.sh" ('' + #!${pkgs.stdenv.shell} + set -e + export PERL5LIB=${makePerlPath (with pkgs.perlPackages; [ FileSlurp XMLLibXML XMLSAX ListCompare ])} + ${optionalString cfg.enableCryptodisk "export GRUB_ENABLE_CRYPTODISK=y"} + '' + flip concatMapStrings cfg.mirroredBoots (args: '' + ${pkgs.perl}/bin/perl ${./install-grub.pl} ${grubConfig args} + '')); system.build.grub = grub; @@ -312,13 +370,37 @@ in ${pkgs.coreutils}/bin/cp -pf "${v}" "/boot/${n}" '') config.boot.loader.grub.extraFiles); - assertions = [{ assertion = !cfg.zfsSupport || cfg.version == 2; - message = "Only grub version 2 provides zfs support";}] - ++ flip map cfg.devices (dev: { - assertion = dev == "nodev" || hasPrefix "/" dev; - message = "Grub devices must be absolute paths, not ${dev}"; - }); - + assertions = [ + { + assertion = !cfg.zfsSupport || cfg.version == 2; + message = "Only grub version 2 provides zfs support"; + } + { + assertion = cfg.mirroredBoots != [ ]; + message = "You must set the option ‘boot.loader.grub.devices’ or " + + "'boot.loader.grub.mirroredBoots' to make the system bootable."; + } + { + assertion = all (c: c < 2) (mapAttrsToList (_: c: c) bootDeviceCounters); + message = "You cannot have duplicated devices in mirroredBoots"; + } + ] ++ flip concatMap cfg.mirroredBoots (args: [ + { + assertion = args.devices != [ ]; + message = "A boot path cannot have an empty devices string in ${arg.path}"; + } + { + assertion = hasPrefix "/" args.path; + message = "Boot paths must be absolute, not ${args.path}"; + } + { + assertion = if args.efiSysMountPoint == null then true else hasPrefix "/" args.efiSysMountPoint; + message = "Efi paths must be absolute, not ${args.efiSysMountPoint}"; + } + ] ++ flip map args.devices (device: { + assertion = device == "nodev" || hasPrefix "/" device; + message = "Grub devices must be absolute paths, not ${dev} in ${args.path}"; + })); }) ]; diff --git a/nixos/modules/system/boot/loader/grub/install-grub.pl b/nixos/modules/system/boot/loader/grub/install-grub.pl index 81009e9fb821..a0384d23f821 100644 --- a/nixos/modules/system/boot/loader/grub/install-grub.pl +++ b/nixos/modules/system/boot/loader/grub/install-grub.pl @@ -11,7 +11,7 @@ require List::Compare; use POSIX; use Cwd; -my $defaultConfig = $ARGV[1] or die; +my $defaultConfig = $ARGV[0] or die; my $dom = XML::LibXML->load_xml(location => $ARGV[0]); @@ -54,6 +54,7 @@ my $defaultEntry = int(get("default")); my $fsIdentifier = get("fsIdentifier"); my $grubEfi = get("grubEfi"); my $grubTargetEfi = get("grubTargetEfi"); +my $bootPath = get("bootPath"); my $canTouchEfiVariables = get("canTouchEfiVariables"); my $efiSysMountPoint = get("efiSysMountPoint"); $ENV{'PATH'} = get("path"); @@ -62,16 +63,16 @@ die "unsupported GRUB version\n" if $grubVersion != 1 && $grubVersion != 2; print STDERR "updating GRUB $grubVersion menu...\n"; -mkpath("/boot/grub", 0, 0700); +mkpath("$bootPath/grub", 0, 0700); -# Discover whether /boot is on the same filesystem as / and +# Discover whether the bootPath is on the same filesystem as / and # /nix/store. If not, then all kernels and initrds must be copied to -# /boot. -if (stat("/boot")->dev != stat("/nix/store")->dev) { +# the bootPath. +if (stat($bootPath)->dev != stat("/nix/store")->dev) { $copyKernels = 1; } -# Discover information about the location of /boot +# Discover information about the location of the bootPath struct(Fs => { device => '$', type => '$', @@ -206,7 +207,7 @@ sub GrubFs { } return Grub->new(path => $path, search => $search); } -my $grubBoot = GrubFs("/boot"); +my $grubBoot = GrubFs($bootPath); my $grubStore; if ($copyKernels == 0) { $grubStore = GrubFs("/nix/store"); @@ -221,7 +222,7 @@ if ($grubVersion == 1) { timeout $timeout "; if ($splashImage) { - copy $splashImage, "/boot/background.xpm.gz" or die "cannot copy $splashImage to /boot\n"; + copy $splashImage, "$bootPath/background.xpm.gz" or die "cannot copy $splashImage to $bootPath\n"; $conf .= "splashimage " . $grubBoot->path . "/background.xpm.gz\n"; } } @@ -264,7 +265,7 @@ else { if ($splashImage) { # FIXME: GRUB 1.97 doesn't resize the background image if it # doesn't match the video resolution. - copy $splashImage, "/boot/background.png" or die "cannot copy $splashImage to /boot\n"; + copy $splashImage, "$bootPath/background.png" or die "cannot copy $splashImage to $bootPath\n"; $conf .= " insmod png if background_image " . $grubBoot->path . "/background.png; then @@ -285,14 +286,14 @@ $conf .= "$extraConfig\n"; $conf .= "\n"; my %copied; -mkpath("/boot/kernels", 0, 0755) if $copyKernels; +mkpath("$bootPath/kernels", 0, 0755) if $copyKernels; sub copyToKernelsDir { my ($path) = @_; return $grubStore->path . substr($path, length("/nix/store")) unless $copyKernels; $path =~ /\/nix\/store\/(.*)/ or die; my $name = $1; $name =~ s/\//-/g; - my $dst = "/boot/kernels/$name"; + my $dst = "$bootPath/kernels/$name"; # Don't copy the file if $dst already exists. This means that we # have to create $dst atomically to prevent partially copied # kernels or initrd if this script is ever interrupted. @@ -396,14 +397,14 @@ if ($extraPrepareConfig ne "") { } # Atomically update the GRUB config. -my $confFile = $grubVersion == 1 ? "/boot/grub/menu.lst" : "/boot/grub/grub.cfg"; +my $confFile = $grubVersion == 1 ? "$bootPath/grub/menu.lst" : "$bootPath/grub/grub.cfg"; my $tmpFile = $confFile . ".tmp"; writeFile($tmpFile, $conf); rename $tmpFile, $confFile or die "cannot rename $tmpFile to $confFile\n"; -# Remove obsolete files from /boot/kernels. -foreach my $fn (glob "/boot/kernels/*") { +# Remove obsolete files from $bootPath/kernels. +foreach my $fn (glob "$bootPath/kernels/*") { next if defined $copied{$fn}; print STDERR "removing obsolete file $fn\n"; unlink $fn; @@ -422,7 +423,7 @@ struct(GrubState => { }); sub readGrubState { my $defaultGrubState = GrubState->new(version => "", efi => "", devices => "", efiMountPoint => "" ); - open FILE, "</boot/grub/state" or return $defaultGrubState; + open FILE, "<$bootPath/grub/state" or return $defaultGrubState; local $/ = "\n"; my $version = <FILE>; chomp($version); @@ -491,10 +492,10 @@ if (($requireNewInstall != 0) && ($efiTarget eq "no" || $efiTarget eq "both")) { next if $dev eq "nodev"; print STDERR "installing the GRUB $grubVersion boot loader on $dev...\n"; if ($grubTarget eq "") { - system("$grub/sbin/grub-install", "--recheck", Cwd::abs_path($dev)) == 0 + system("$grub/sbin/grub-install", "--recheck", "--boot-directory=$bootPath", Cwd::abs_path($dev)) == 0 or die "$0: installation of GRUB on $dev failed\n"; } else { - system("$grub/sbin/grub-install", "--recheck", "--target=$grubTarget", Cwd::abs_path($dev)) == 0 + system("$grub/sbin/grub-install", "--recheck", "--boot-directory=$bootPath", "--target=$grubTarget", Cwd::abs_path($dev)) == 0 or die "$0: installation of GRUB on $dev failed\n"; } } @@ -505,10 +506,10 @@ if (($requireNewInstall != 0) && ($efiTarget eq "no" || $efiTarget eq "both")) { if (($requireNewInstall != 0) && ($efiTarget eq "only" || $efiTarget eq "both")) { print STDERR "installing the GRUB $grubVersion EFI boot loader into $efiSysMountPoint...\n"; if ($canTouchEfiVariables eq "true") { - system("$grubEfi/sbin/grub-install", "--recheck", "--target=$grubTargetEfi", "--efi-directory=$efiSysMountPoint") == 0 + system("$grubEfi/sbin/grub-install", "--recheck", "--target=$grubTargetEfi", "--boot-directory=$bootPath", "--efi-directory=$efiSysMountPoint") == 0 or die "$0: installation of GRUB EFI into $efiSysMountPoint failed\n"; } else { - system("$grubEfi/sbin/grub-install", "--recheck", "--target=$grubTargetEfi", "--efi-directory=$efiSysMountPoint", "--no-nvram") == 0 + system("$grubEfi/sbin/grub-install", "--recheck", "--target=$grubTargetEfi", "--boot-directory=$bootPath", "--efi-directory=$efiSysMountPoint", "--no-nvram") == 0 or die "$0: installation of GRUB EFI into $efiSysMountPoint failed\n"; } } @@ -516,7 +517,7 @@ if (($requireNewInstall != 0) && ($efiTarget eq "only" || $efiTarget eq "both")) # update GRUB state file if ($requireNewInstall != 0) { - open FILE, ">/boot/grub/state" or die "cannot create /boot/grub/state: $!\n"; + open FILE, ">$bootPath/grub/state" or die "cannot create $bootPath/grub/state: $!\n"; print FILE get("fullVersion"), "\n" or die; print FILE $efiTarget, "\n" or die; print FILE join( ":", @deviceTargets ), "\n" or die; diff --git a/nixos/modules/tasks/trackpoint.nix b/nixos/modules/tasks/trackpoint.nix index 778cdc5d30dd..bd340869d69f 100644 --- a/nixos/modules/tasks/trackpoint.nix +++ b/nixos/modules/tasks/trackpoint.nix @@ -45,6 +45,16 @@ with lib; ''; }; + fakeButtons = mkOption { + default = false; + type = types.bool; + description = '' + Switch to "bare" PS/2 mouse support in case Trackpoint buttons are not recognized + properly. This can happen for example on models like the L430, T450, T450s, on + which the Trackpoint buttons are actually a part of the Synaptics touchpad. + ''; + }; + }; }; @@ -52,11 +62,13 @@ with lib; ###### implementation - config = mkMerge [ - (mkIf config.hardware.trackpoint.enable { + config = + let cfg = config.hardware.trackpoint; in + mkMerge [ + (mkIf cfg.enable { services.udev.extraRules = '' - ACTION=="add|change", SUBSYSTEM=="input", ATTR{name}=="TPPS/2 IBM TrackPoint", ATTR{device/speed}="${toString config.hardware.trackpoint.speed}", ATTR{device/sensitivity}="${toString config.hardware.trackpoint.sensitivity}" + ACTION=="add|change", SUBSYSTEM=="input", ATTR{name}=="TPPS/2 IBM TrackPoint", ATTR{device/speed}="${toString cfg.speed}", ATTR{device/sensitivity}="${toString cfg.sensitivity}" ''; system.activationScripts.trackpoint = @@ -65,20 +77,22 @@ with lib; ''; }) - (mkIf config.hardware.trackpoint.emulateWheel { - services.xserver.config = - '' - Section "InputClass" - Identifier "Trackpoint Wheel Emulation" - MatchProduct "Elantech PS/2 TrackPoint|TPPS/2 IBM TrackPoint|DualPoint Stick|Synaptics Inc. Composite TouchPad / TrackPoint|ThinkPad USB Keyboard with TrackPoint|USB Trackpoint pointing device|Composite TouchPad / TrackPoint" - MatchDevicePath "/dev/input/event*" - Option "EmulateWheel" "true" - Option "EmulateWheelButton" "2" - Option "Emulate3Buttons" "false" - Option "XAxisMapping" "6 7" - Option "YAxisMapping" "4 5" - EndSection - ''; + (mkIf (cfg.emulateWheel) { + services.xserver.inputClassSections = + ['' + Identifier "Trackpoint Wheel Emulation" + MatchProduct "${if cfg.fakeButtons then "PS/2 Generic Mouse" else "Elantech PS/2 TrackPoint|TPPS/2 IBM TrackPoint|DualPoint Stick|Synaptics Inc. Composite TouchPad / TrackPoint|ThinkPad USB Keyboard with TrackPoint|USB Trackpoint pointing device|Composite TouchPad / TrackPoint"}" + MatchDevicePath "/dev/input/event*" + Option "EmulateWheel" "true" + Option "EmulateWheelButton" "2" + Option "Emulate3Buttons" "false" + Option "XAxisMapping" "6 7" + Option "YAxisMapping" "4 5" + '']; + }) + + (mkIf cfg.fakeButtons { + boot.extraModprobeConfig = "options psmouse proto=bare"; }) ]; } diff --git a/nixos/modules/virtualisation/azure-common.nix b/nixos/modules/virtualisation/azure-common.nix new file mode 100644 index 000000000000..47022c6887c3 --- /dev/null +++ b/nixos/modules/virtualisation/azure-common.nix @@ -0,0 +1,61 @@ +{ config, lib, pkgs, ... }: + +with lib; +{ + imports = [ ../profiles/headless.nix ]; + + boot.kernelParams = [ "console=ttyS0" "earlyprintk=ttyS0" "rootdelay=300" "panic=1" "boot.panic_on_fail" ]; + boot.initrd.kernelModules = [ "hv_vmbus" "hv_netvsc" "hv_utils" "hv_storvsc" ]; + + # Generate a GRUB menu. + boot.loader.grub.device = "/dev/sda"; + boot.loader.grub.version = 2; + boot.loader.grub.timeout = 0; + + # Don't put old configurations in the GRUB menu. The user has no + # way to select them anyway. + boot.loader.grub.configurationLimit = 0; + + fileSystems."/".device = "/dev/disk/by-label/nixos"; + + # Allow root logins only using the SSH key that the user specified + # at instance creation time, ping client connections to avoid timeouts + services.openssh.enable = true; + services.openssh.permitRootLogin = "without-password"; + services.openssh.extraConfig = '' + ClientAliveInterval 180 + ''; + + # Force getting the hostname from Azure + networking.hostName = mkDefault ""; + + # Always include cryptsetup so that NixOps can use it. + # sg_scan is needed to finalize disk removal on older kernels + environment.systemPackages = [ pkgs.cryptsetup pkgs.sg3_utils ]; + + networking.usePredictableInterfaceNames = false; + + services.udev.extraRules = '' + ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:0", ATTR{removable}=="0", SYMLINK+="disk/by-lun/0", + ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:1", ATTR{removable}=="0", SYMLINK+="disk/by-lun/1", + ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:2", ATTR{removable}=="0", SYMLINK+="disk/by-lun/2" + ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:3", ATTR{removable}=="0", SYMLINK+="disk/by-lun/3" + + ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:4", ATTR{removable}=="0", SYMLINK+="disk/by-lun/4" + ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:5", ATTR{removable}=="0", SYMLINK+="disk/by-lun/5" + ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:6", ATTR{removable}=="0", SYMLINK+="disk/by-lun/6" + ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:7", ATTR{removable}=="0", SYMLINK+="disk/by-lun/7" + + ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:8", ATTR{removable}=="0", SYMLINK+="disk/by-lun/8" + ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:9", ATTR{removable}=="0", SYMLINK+="disk/by-lun/9" + ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:10", ATTR{removable}=="0", SYMLINK+="disk/by-lun/10" + ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:11", ATTR{removable}=="0", SYMLINK+="disk/by-lun/11" + + ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:12", ATTR{removable}=="0", SYMLINK+="disk/by-lun/12" + ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:13", ATTR{removable}=="0", SYMLINK+="disk/by-lun/13" + ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:14", ATTR{removable}=="0", SYMLINK+="disk/by-lun/14" + ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:15", ATTR{removable}=="0", SYMLINK+="disk/by-lun/15" + + ''; + +} diff --git a/nixos/modules/virtualisation/azure-image.nix b/nixos/modules/virtualisation/azure-image.nix index ab5a9c51fa5b..3f554d127c35 100644 --- a/nixos/modules/virtualisation/azure-image.nix +++ b/nixos/modules/virtualisation/azure-image.nix @@ -5,8 +5,6 @@ let diskSize = "4096"; in { - imports = [ ../profiles/headless.nix ]; - system.build.azureImage = pkgs.vmTools.runInLinuxVM ( pkgs.runCommand "azure-image" @@ -24,7 +22,6 @@ in postVM = '' - echo Converting mkdir -p $out ${pkgs.vmTools.qemu}/bin/qemu-img convert -f raw -O vpc $diskImage $out/disk.vhd rm $diskImage @@ -93,34 +90,11 @@ in '' ); - fileSystems."/".device = "/dev/disk/by-label/nixos"; + imports = [ ./azure-common.nix ]; # Azure metadata is available as a CD-ROM drive. fileSystems."/metadata".device = "/dev/sr0"; - boot.kernelParams = [ "console=ttyS0" "earlyprintk=ttyS0" "rootdelay=300" "panic=1" "boot.panic_on_fail" ]; - boot.initrd.kernelModules = [ "hv_vmbus" "hv_netvsc" "hv_utils" "hv_storvsc" ]; - - # Generate a GRUB menu. - boot.loader.grub.device = "/dev/sda"; - boot.loader.grub.version = 2; - boot.loader.grub.timeout = 0; - - # Don't put old configurations in the GRUB menu. The user has no - # way to select them anyway. - boot.loader.grub.configurationLimit = 0; - - # Allow root logins only using the SSH key that the user specified - # at instance creation time. - services.openssh.enable = true; - services.openssh.permitRootLogin = "without-password"; - - # Force getting the hostname from Azure - networking.hostName = mkDefault ""; - - # Always include cryptsetup so that NixOps can use it. - environment.systemPackages = [ pkgs.cryptsetup ]; - systemd.services.fetch-ssh-keys = { description = "Fetch host keys and authorized_keys for root user"; @@ -157,8 +131,4 @@ in serviceConfig.StandardOutput = "journal+console"; }; - networking.usePredictableInterfaceNames = false; - - #users.extraUsers.root.openssh.authorizedKeys.keys = [ (builtins.readFile <ssh-pub-key>) ]; - } diff --git a/nixos/modules/virtualisation/libvirtd.nix b/nixos/modules/virtualisation/libvirtd.nix index 7410609e0642..16aedbbb185d 100644 --- a/nixos/modules/virtualisation/libvirtd.nix +++ b/nixos/modules/virtualisation/libvirtd.nix @@ -57,6 +57,17 @@ in ''; }; + virtualisation.libvirtd.extraOptions = + mkOption { + type = types.listOf types.str; + default = [ ]; + example = [ "--verbose" ]; + description = + '' + Extra command line arguments passed to libvirtd on startup. + ''; + }; + virtualisation.libvirtd.onShutdown = mkOption { type = types.enum ["shutdown" "suspend" ]; @@ -140,7 +151,7 @@ in done ''; # */ - serviceConfig.ExecStart = ''@${pkgs.libvirt}/sbin/libvirtd libvirtd --config "${configFile}" --daemon --verbose''; + serviceConfig.ExecStart = ''@${pkgs.libvirt}/sbin/libvirtd libvirtd --config "${configFile}" --daemon ${concatStringsSep " " cfg.extraOptions}''; serviceConfig.Type = "forking"; serviceConfig.KillMode = "process"; # when stopping, leave the VMs alone diff --git a/nixos/release-combined.nix b/nixos/release-combined.nix index cb1c200ab475..a79f72823fdf 100644 --- a/nixos/release-combined.nix +++ b/nixos/release-combined.nix @@ -53,6 +53,7 @@ in rec { (all nixos.tests.firewall) (all nixos.tests.gnome3) (all nixos.tests.installer.lvm) + (all nixos.tests.installer.luksroot) (all nixos.tests.installer.separateBoot) (all nixos.tests.installer.simple) (all nixos.tests.installer.simpleLabels) diff --git a/nixos/release.nix b/nixos/release.nix index 375b65d040e6..dfc28173f1a3 100644 --- a/nixos/release.nix +++ b/nixos/release.nix @@ -255,6 +255,7 @@ in rec { tests.i3wm = callTest tests/i3wm.nix {}; tests.installer.grub1 = forAllSystems (system: hydraJob (import tests/installer.nix { inherit system; }).grub1.test); tests.installer.lvm = forAllSystems (system: hydraJob (import tests/installer.nix { inherit system; }).lvm.test); + tests.installer.luksroot = forAllSystems (system: hydraJob (import tests/installer.nix { inherit system; }).luksroot.test); tests.installer.rebuildCD = forAllSystems (system: hydraJob (import tests/installer.nix { inherit system; }).rebuildCD.test); tests.installer.separateBoot = forAllSystems (system: hydraJob (import tests/installer.nix { inherit system; }).separateBoot.test); tests.installer.simple = forAllSystems (system: hydraJob (import tests/installer.nix { inherit system; }).simple.test); diff --git a/nixos/tests/chromium.nix b/nixos/tests/chromium.nix index 026433fc7ee9..2241bc9c3bca 100644 --- a/nixos/tests/chromium.nix +++ b/nixos/tests/chromium.nix @@ -9,6 +9,8 @@ import ./make-test.nix ( }: rec { name = "chromium"; + enableOCR = true; + machine.imports = [ ./common/x11.nix ]; machine.virtualisation.memorySize = 1024; @@ -106,15 +108,11 @@ import ./make-test.nix ( "ulimit -c unlimited; ". "$pkg/bin/chromium $args \"$url\" & disown" ); + $machine->waitForText(qr/Type to search or enter a URL to navigate/); $machine->waitUntilSucceeds("${xdo "check-startup" '' search --sync --onlyvisible --name "startup done" # close first start help popup key -delay 1000 Escape - # XXX: This is to make sure the popup is closed, but we better do - # screenshots to detect visual changes. - key -delay 2000 Escape - key -delay 3000 Escape - key -delay 4000 Escape windowfocus --sync windowactivate --sync ''}"); diff --git a/nixos/tests/gnome3_16.nix b/nixos/tests/gnome3_16.nix deleted file mode 100644 index 23a66aba50c5..000000000000 --- a/nixos/tests/gnome3_16.nix +++ /dev/null @@ -1,34 +0,0 @@ -import ./make-test.nix { - name = "gnome3"; - - machine = - { config, pkgs, ... }: - - { imports = [ ./common/user-account.nix ]; - - services.xserver.enable = true; - - services.xserver.displayManager.auto.enable = true; - services.xserver.displayManager.auto.user = "alice"; - services.xserver.desktopManager.gnome3.enable = true; - - environment.gnome3.packageSet = pkgs.gnome3_16; - - virtualisation.memorySize = 512; - }; - - testScript = - '' - $machine->waitForX; - $machine->sleep(15); - - # Check that logging in has given the user ownership of devices. - $machine->succeed("getfacl /dev/snd/timer | grep -q alice"); - - $machine->succeed("su - alice -c 'DISPLAY=:0.0 gnome-terminal &'"); - $machine->waitForWindow(qr/Terminal/); - $machine->sleep(20); - $machine->screenshot("screen"); - ''; - -} diff --git a/nixos/tests/installer.nix b/nixos/tests/installer.nix index af87705b9279..603dfbe224f9 100644 --- a/nixos/tests/installer.nix +++ b/nixos/tests/installer.nix @@ -45,7 +45,8 @@ let # The configuration to install. makeConfig = { testChannel, grubVersion, grubDevice, grubIdentifier - , readOnly ? true, forceGrubReinstallCount ? 0 }: + , extraConfig, readOnly ? true, forceGrubReinstallCount ? 0 + }: pkgs.writeText "configuration.nix" '' { config, lib, pkgs, modulesPath, ... }: @@ -70,6 +71,7 @@ let environment.systemPackages = [ ${optionalString testChannel "pkgs.rlwrap"} ]; nix.binaryCaches = [ http://cache.nixos.org/ ]; + ${replaceChars ["\n"] ["\n "] extraConfig} } ''; @@ -106,7 +108,9 @@ let # disk, and then reboot from the hard disk. It's parameterized with # a test script fragment `createPartitions', which must create # partitions and filesystems. - testScriptFun = { createPartitions, testChannel, grubVersion, grubDevice, grubIdentifier }: + testScriptFun = { createPartitions, testChannel, grubVersion, grubDevice + , grubIdentifier, preBootCommands, extraConfig + }: let # FIXME: OVMF doesn't boot from virtio http://www.mail-archive.com/edk2-devel@lists.sourceforge.net/msg01501.html iface = if grubVersion == 1 then "scsi" else "virtio"; @@ -116,7 +120,7 @@ let hdFlags =''hda => "harddisk", hdaInterface => "${iface}", ''; in '' - createDisk("harddisk", 4 * 1024); + createDisk("harddisk", 8 * 1024); my $machine = createMachine({ ${hdFlags} cdrom => glob("${iso}/iso/*.iso"), @@ -172,7 +176,7 @@ let $machine->succeed("cat /mnt/etc/nixos/hardware-configuration.nix >&2"); $machine->copyFileFromHost( - "${ makeConfig { inherit testChannel grubVersion grubDevice grubIdentifier; } }", + "${ makeConfig { inherit testChannel grubVersion grubDevice grubIdentifier extraConfig; } }", "/mnt/etc/nixos/configuration.nix"); # Perform the installation. @@ -190,6 +194,9 @@ let # Now see if we can boot the installation. $machine = createMachine({ ${hdFlags} qemuFlags => "${qemuFlags}" }); + # For example to enter LUKS passphrase + ${preBootCommands} + # Did /boot get mounted? $machine->waitForUnit("local-fs.target"); @@ -210,7 +217,7 @@ let # We need to a writable nix-store on next boot $machine->copyFileFromHost( - "${ makeConfig { inherit testChannel grubVersion grubDevice grubIdentifier; readOnly = false; forceGrubReinstallCount = 1; } }", + "${ makeConfig { inherit testChannel grubVersion grubDevice grubIdentifier extraConfig; readOnly = false; forceGrubReinstallCount = 1; } }", "/etc/nixos/configuration.nix"); # Check whether nixos-rebuild works. @@ -225,9 +232,10 @@ let # Check whether a writable store build works $machine = createMachine({ ${hdFlags} qemuFlags => "${qemuFlags}" }); + ${preBootCommands} $machine->waitForUnit("multi-user.target"); $machine->copyFileFromHost( - "${ makeConfig { inherit testChannel grubVersion grubDevice grubIdentifier; readOnly = false; forceGrubReinstallCount = 2; } }", + "${ makeConfig { inherit testChannel grubVersion grubDevice grubIdentifier extraConfig; readOnly = false; forceGrubReinstallCount = 2; } }", "/etc/nixos/configuration.nix"); $machine->succeed("nixos-rebuild boot >&2"); $machine->shutdown; @@ -235,19 +243,25 @@ let # And just to be sure, check that the machine still boots after # "nixos-rebuild switch". $machine = createMachine({ ${hdFlags} qemuFlags => "${qemuFlags}" }); + ${preBootCommands} $machine->waitForUnit("network.target"); $machine->shutdown; ''; makeInstallerTest = name: - { createPartitions, testChannel ? false, grubVersion ? 2, grubDevice ? "/dev/vda", grubIdentifier ? "uuid" }: + { createPartitions, preBootCommands ? "", extraConfig ? "" + , testChannel ? false, grubVersion ? 2, grubDevice ? "/dev/vda" + , grubIdentifier ? "uuid", enableOCR ? false + }: makeTest { inherit iso; name = "installer-" + name; nodes = if testChannel then { inherit webserver; } else { }; + inherit enableOCR; testScript = testScriptFun { - inherit createPartitions testChannel grubVersion grubDevice grubIdentifier; + inherit createPartitions preBootCommands testChannel grubVersion + grubDevice grubIdentifier extraConfig; }; }; @@ -321,6 +335,44 @@ in { ''; }; + # Boot off an encrypted root partition + luksroot = makeInstallerTest "luksroot" + { createPartitions = '' + $machine->succeed( + "parted /dev/vda mklabel msdos", + "parted /dev/vda -- mkpart primary ext2 1M 50MB", # /boot + "parted /dev/vda -- mkpart primary linux-swap 50M 1024M", + "parted /dev/vda -- mkpart primary 1024M -1s", # LUKS + "udevadm settle", + "mkswap /dev/vda2 -L swap", + "swapon -L swap", + "modprobe dm_mod dm_crypt", + "echo -n supersecret | cryptsetup luksFormat -q /dev/vda3 -", + "echo -n supersecret | cryptsetup luksOpen --key-file - /dev/vda3 cryptroot", + "mkfs.ext3 -L nixos /dev/mapper/cryptroot", + "mount LABEL=nixos /mnt", + "mkfs.ext3 -L boot /dev/vda1", + "mkdir -p /mnt/boot", + "mount LABEL=boot /mnt/boot", + ); + ''; + # XXX: Currently, generate-config doesn't detect LUKS yet. + extraConfig = '' + boot.kernelParams = lib.mkAfter [ "console=tty0" ]; + boot.initrd.luks.devices = lib.singleton { + name = "cryptroot"; + device = "/dev/vda3"; + preLVM = true; + }; + ''; + enableOCR = true; + preBootCommands = '' + $machine->start; + $machine->waitForText(qr/Enter passphrase/); + $machine->sendChars("supersecret\n"); + ''; + }; + swraid = makeInstallerTest "swraid" { createPartitions = '' |