diff options
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/modules/config/networking.nix | 20 | ||||
-rw-r--r-- | nixos/modules/installer/cd-dvd/iso-image.nix | 2 | ||||
-rw-r--r-- | nixos/modules/misc/ids.nix | 2 | ||||
-rw-r--r-- | nixos/modules/module-list.nix | 1 | ||||
-rw-r--r-- | nixos/modules/services/computing/slurm/slurm.nix | 4 | ||||
-rw-r--r-- | nixos/modules/services/networking/syncthing.nix | 4 | ||||
-rw-r--r-- | nixos/modules/services/networking/toxvpn.nix | 54 | ||||
-rw-r--r-- | nixos/modules/system/boot/loader/efi.nix | 7 | ||||
-rw-r--r-- | nixos/modules/system/boot/loader/grub/grub.nix | 2 | ||||
-rw-r--r-- | nixos/modules/system/boot/loader/gummiboot/gummiboot-builder.py | 6 | ||||
-rw-r--r-- | nixos/modules/system/boot/loader/gummiboot/gummiboot.nix | 6 | ||||
-rw-r--r-- | nixos/modules/virtualisation/containers.nix | 4 | ||||
-rw-r--r-- | nixos/tests/installer.nix | 1 |
13 files changed, 90 insertions, 23 deletions
diff --git a/nixos/modules/config/networking.nix b/nixos/modules/config/networking.nix index 0c4f4cbfa5c6..8a2e630a917a 100644 --- a/nixos/modules/config/networking.nix +++ b/nixos/modules/config/networking.nix @@ -11,6 +11,9 @@ let config.services.dnsmasq.resolveLocalQueries; hasLocalResolver = config.services.bind.enable || dnsmasqResolve; + resolvconfOptions = cfg.resolvconfOptions + ++ optional cfg.dnsSingleRequest "single-request" + ++ optional cfg.dnsExtensionMechanism "ends0"; in { @@ -59,6 +62,14 @@ in ''; }; + networking.resolvconfOptions = lib.mkOption { + type = types.listOf types.str; + default = []; + example = [ "ndots:1" "rotate" ]; + description = '' + Set the options in <filename>/etc/resolv.conf</filename>. + ''; + }; networking.proxy = { @@ -171,12 +182,9 @@ in # Invalidate the nscd cache whenever resolv.conf is # regenerated. libc_restart='${pkgs.systemd}/bin/systemctl try-restart --no-block nscd.service 2> /dev/null' - '' + optionalString cfg.dnsSingleRequest '' - # only send one DNS request at a time - resolv_conf_options+=' single-request' - '' + optionalString cfg.dnsExtensionMechanism '' - # enable extension mechanisms for DNS - resolv_conf_options+=' edns0' + '' + optionalString (length resolvconfOptions > 0) '' + # Options as described in resolv.conf(5) + resolv_conf_options='${concatStringsSep " " resolvconfOptions}' '' + optionalString hasLocalResolver '' # This hosts runs a full-blown DNS resolver. name_servers='127.0.0.1' diff --git a/nixos/modules/installer/cd-dvd/iso-image.nix b/nixos/modules/installer/cd-dvd/iso-image.nix index bdb3c227ecc8..4fc8bf5428f8 100644 --- a/nixos/modules/installer/cd-dvd/iso-image.nix +++ b/nixos/modules/installer/cd-dvd/iso-image.nix @@ -64,7 +64,7 @@ let # The EFI boot image. efiDir = pkgs.runCommand "efi-directory" {} '' mkdir -p $out/EFI/boot - cp -v ${pkgs.gummiboot}/lib/gummiboot/gummiboot${targetArch}.efi $out/EFI/boot/boot${targetArch}.efi + cp -v ${pkgs.systemd}/lib/systemd/boot/efi/systemd-boot${targetArch}.efi $out/EFI/boot/boot${targetArch}.efi mkdir -p $out/loader/entries echo "title NixOS Live CD" > $out/loader/entries/nixos-livecd.conf diff --git a/nixos/modules/misc/ids.nix b/nixos/modules/misc/ids.nix index 149062a6b332..d421167c859c 100644 --- a/nixos/modules/misc/ids.nix +++ b/nixos/modules/misc/ids.nix @@ -268,6 +268,7 @@ sniproxy = 244; nzbget = 245; mosquitto = 246; + toxvpn = 247; # When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399! @@ -506,6 +507,7 @@ sniproxy = 244; nzbget = 245; mosquitto = 246; + #toxvpn = 247; # unused # When adding a gid, make sure it doesn't match an existing # uid. Users and groups with the same name should have equal diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 6003b4b2dd6e..3944d7114c0b 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -399,6 +399,7 @@ ./services/networking/tftpd.nix ./services/networking/tlsdated.nix ./services/networking/tox-bootstrapd.nix + ./services/networking/toxvpn.nix ./services/networking/tvheadend.nix ./services/networking/unbound.nix ./services/networking/unifi.nix diff --git a/nixos/modules/services/computing/slurm/slurm.nix b/nixos/modules/services/computing/slurm/slurm.nix index ad8836f40094..ee38a42199ee 100644 --- a/nixos/modules/services/computing/slurm/slurm.nix +++ b/nixos/modules/services/computing/slurm/slurm.nix @@ -40,7 +40,7 @@ in defaultText = "pkgs.slurm-llnl"; example = literalExample "pkgs.slurm-llnl-full"; description = '' - The packge to use for slurm binaries. + The package to use for slurm binaries. ''; }; @@ -111,7 +111,7 @@ in builder = pkgs.writeText "builder.sh" '' source $stdenv/setup mkdir -p $out/bin - find ${cfg.package}/bin -type f -executable | while read EXE + find ${getBin cfg.package}/bin -type f -executable | while read EXE do exename="$(basename $EXE)" wrappername="$out/bin/$exename" diff --git a/nixos/modules/services/networking/syncthing.nix b/nixos/modules/services/networking/syncthing.nix index 514c17c6e5d2..ef05e71ce076 100644 --- a/nixos/modules/services/networking/syncthing.nix +++ b/nixos/modules/services/networking/syncthing.nix @@ -121,7 +121,7 @@ in User = cfg.user; Group = cfg.group; PermissionsStartOnly = true; - ExecStart = "${pkgs.syncthing}/bin/syncthing -no-browser -home=${cfg.dataDir}"; + ExecStart = "${cfg.package}/bin/syncthing -no-browser -home=${cfg.dataDir}"; }; }; }; @@ -129,7 +129,7 @@ in systemd.user.services = { syncthing = header // { serviceConfig = service // { - ExecStart = "${pkgs.syncthing}/bin/syncthing -no-browser"; + ExecStart = "${cfg.package}/bin/syncthing -no-browser"; }; }; }; diff --git a/nixos/modules/services/networking/toxvpn.nix b/nixos/modules/services/networking/toxvpn.nix new file mode 100644 index 000000000000..c38424c8e273 --- /dev/null +++ b/nixos/modules/services/networking/toxvpn.nix @@ -0,0 +1,54 @@ +{ config, stdenv, pkgs, lib, ... }: + +with lib; + +{ + options = { + services.toxvpn = { + enable = mkEnableOption "enable toxvpn running on startup"; + + localip = mkOption { + type = types.string; + default = "10.123.123.1"; + description = "your ip on the vpn"; + }; + + port = mkOption { + type = types.int; + default = 33445; + description = "udp port for toxcore, port-forward to help with connectivity if you run many nodes behind one NAT"; + }; + }; + }; + + config = mkIf config.services.toxvpn.enable { + systemd.services.toxvpn = { + description = "toxvpn daemon"; + + requires = [ "network-online.target" ]; # consider replacing by NetworkManager-wait-online.service + wantedBy = [ "multi-user.target" ]; + + preStart = '' + mkdir -p /run/toxvpn || true + chown toxvpn /run/toxvpn + ''; + + serviceConfig = { + ExecStart = "${pkgs.toxvpn}/bin/toxvpn -i ${config.services.toxvpn.localip} -l /run/toxvpn/control -u toxvpn -p ${toString config.services.toxvpn.port}"; + KillMode = "process"; + Restart = "on-success"; + Type = "notify"; + }; + + restartIfChanged = false; # Likely to be used for remote admin + }; + + users.extraUsers = { + toxvpn = { + uid = config.ids.uids.toxvpn; + home = "/var/lib/toxvpn"; + createHome = true; + }; + }; + }; +} diff --git a/nixos/modules/system/boot/loader/efi.nix b/nixos/modules/system/boot/loader/efi.nix index 726634e664d7..6043c904c450 100644 --- a/nixos/modules/system/boot/loader/efi.nix +++ b/nixos/modules/system/boot/loader/efi.nix @@ -4,19 +4,16 @@ with lib; { options.boot.loader.efi = { + canTouchEfiVariables = mkOption { default = false; - type = types.bool; - - description = "Whether or not the installation process should modify efi boot variables."; + description = "Whether the installation process is allowed to modify EFI boot variables."; }; efiSysMountPoint = mkOption { default = "/boot"; - type = types.str; - description = "Where the EFI System Partition is mounted."; }; }; diff --git a/nixos/modules/system/boot/loader/grub/grub.nix b/nixos/modules/system/boot/loader/grub/grub.nix index 2e06a684f0cc..0640ec306e18 100644 --- a/nixos/modules/system/boot/loader/grub/grub.nix +++ b/nixos/modules/system/boot/loader/grub/grub.nix @@ -488,7 +488,7 @@ in } { assertion = if args.efiSysMountPoint == null then true else hasPrefix "/" args.efiSysMountPoint; - message = "Efi paths must be absolute, not ${args.efiSysMountPoint}"; + message = "EFI paths must be absolute, not ${args.efiSysMountPoint}"; } ] ++ flip map args.devices (device: { assertion = device == "nodev" || hasPrefix "/" device; diff --git a/nixos/modules/system/boot/loader/gummiboot/gummiboot-builder.py b/nixos/modules/system/boot/loader/gummiboot/gummiboot-builder.py index ef431a7732e1..c38af1b67f17 100644 --- a/nixos/modules/system/boot/loader/gummiboot/gummiboot-builder.py +++ b/nixos/modules/system/boot/loader/gummiboot/gummiboot-builder.py @@ -88,16 +88,16 @@ def remove_old_entries(gens): if not path in known_paths: os.unlink(path) -parser = argparse.ArgumentParser(description='Update NixOS-related gummiboot files') +parser = argparse.ArgumentParser(description='Update NixOS-related systemd-boot files') parser.add_argument('default_config', metavar='DEFAULT-CONFIG', help='The default NixOS config to boot') args = parser.parse_args() # We deserve our own env var! if os.getenv("NIXOS_INSTALL_GRUB") == "1": if "@canTouchEfiVariables@" == "1": - subprocess.check_call(["@gummiboot@/bin/gummiboot", "--path=@efiSysMountPoint@", "install"]) + subprocess.check_call(["@systemd@/bin/bootctl", "--path=@efiSysMountPoint@", "install"]) else: - subprocess.check_call(["@gummiboot@/bin/gummiboot", "--path=@efiSysMountPoint@", "--no-variables", "install"]) + subprocess.check_call(["@systemd@/bin/bootctl", "--path=@efiSysMountPoint@", "--no-variables", "install"]) mkdir_p("@efiSysMountPoint@/efi/nixos") mkdir_p("@efiSysMountPoint@/loader/entries") diff --git a/nixos/modules/system/boot/loader/gummiboot/gummiboot.nix b/nixos/modules/system/boot/loader/gummiboot/gummiboot.nix index aec697da4a1a..2225df348762 100644 --- a/nixos/modules/system/boot/loader/gummiboot/gummiboot.nix +++ b/nixos/modules/system/boot/loader/gummiboot/gummiboot.nix @@ -12,7 +12,9 @@ let isExecutable = true; - inherit (pkgs) python gummiboot; + inherit (pkgs) python; + + systemd = config.systemd.package; nix = config.nix.package.out; @@ -27,7 +29,7 @@ in { type = types.bool; - description = "Whether to enable the gummiboot UEFI boot manager"; + description = "Whether to enable the systemd-boot (formerly gummiboot) EFI boot manager"; }; }; diff --git a/nixos/modules/virtualisation/containers.nix b/nixos/modules/virtualisation/containers.nix index dc65e4940549..13ecb8e25ed5 100644 --- a/nixos/modules/virtualisation/containers.nix +++ b/nixos/modules/virtualisation/containers.nix @@ -309,6 +309,10 @@ in touch "$root/etc/os-release" fi + if ! [ -e "$root/etc/machine-id" ]; then + touch "$root/etc/machine-id" + fi + mkdir -p -m 0755 \ "/nix/var/nix/profiles/per-container/$INSTANCE" \ "/nix/var/nix/gcroots/per-container/$INSTANCE" diff --git a/nixos/tests/installer.nix b/nixos/tests/installer.nix index 3fdf6510953e..44c7c738d555 100644 --- a/nixos/tests/installer.nix +++ b/nixos/tests/installer.nix @@ -208,7 +208,6 @@ let pkgs.unionfs-fuse pkgs.ntp pkgs.nixos-artwork - pkgs.gummiboot pkgs.perlPackages.XMLLibXML pkgs.perlPackages.ListCompare ] |