diff options
Diffstat (limited to 'nixos')
112 files changed, 1265 insertions, 998 deletions
diff --git a/nixos/doc/manual/administration/cleaning-store.xml b/nixos/doc/manual/administration/cleaning-store.xml index f078b8c3ba37..526803e429ba 100644 --- a/nixos/doc/manual/administration/cleaning-store.xml +++ b/nixos/doc/manual/administration/cleaning-store.xml @@ -11,12 +11,12 @@ Nix’s <emphasis>garbage collector</emphasis> to remove old, unreferenced packages. This is easy: <screen> -$ nix-collect-garbage +<prompt>$ </prompt>nix-collect-garbage </screen> Alternatively, you can use a systemd unit that does the same in the background: <screen> -# systemctl start nix-gc.service +<prompt># </prompt>systemctl start nix-gc.service </screen> You can tell NixOS in <filename>configuration.nix</filename> to run this unit automatically at certain points in time, for instance, every night at 03:15: @@ -31,11 +31,11 @@ $ nix-collect-garbage configurations. The following command deletes old roots, removing the ability to roll back to them: <screen> -$ nix-collect-garbage -d +<prompt>$ </prompt>nix-collect-garbage -d </screen> You can also do this for specific profiles, e.g. <screen> -$ nix-env -p /nix/var/nix/profiles/per-user/eelco/profile --delete-generations old +<prompt>$ </prompt>nix-env -p /nix/var/nix/profiles/per-user/eelco/profile --delete-generations old </screen> Note that NixOS system configurations are stored in the profile <filename>/nix/var/nix/profiles/system</filename>. @@ -45,7 +45,7 @@ $ nix-env -p /nix/var/nix/profiles/per-user/eelco/profile --delete-generations o Nix store) is to run Nix’s store optimiser, which seeks out identical files in the store and replaces them with hard links to a single copy. <screen> -$ nix-store --optimise +<prompt>$ </prompt>nix-store --optimise </screen> Since this command needs to read the entire Nix store, it can take quite a while to finish. diff --git a/nixos/doc/manual/administration/container-networking.xml b/nixos/doc/manual/administration/container-networking.xml index 2ee8bfdd50f1..42486f01fe8c 100644 --- a/nixos/doc/manual/administration/container-networking.xml +++ b/nixos/doc/manual/administration/container-networking.xml @@ -11,10 +11,10 @@ <literal>10.233.0.0/16</literal>. You can get the container’s IPv4 address as follows: <screen> -# nixos-container show-ip foo +<prompt># </prompt>nixos-container show-ip foo 10.233.4.2 -$ ping -c1 10.233.4.2 +<prompt>$ </prompt>ping -c1 10.233.4.2 64 bytes from 10.233.4.2: icmp_seq=1 ttl=64 time=0.106 ms </screen> </para> diff --git a/nixos/doc/manual/administration/control-groups.xml b/nixos/doc/manual/administration/control-groups.xml index bb8b7f83d9e0..16d03cc0d1ab 100644 --- a/nixos/doc/manual/administration/control-groups.xml +++ b/nixos/doc/manual/administration/control-groups.xml @@ -16,7 +16,7 @@ <literal>systemd</literal> hierarchy, which is what systemd uses to keep track of the processes belonging to each service or user session: <screen> -$ systemd-cgls +<prompt>$ </prompt>systemd-cgls ├─user │ └─eelco │ └─c1 diff --git a/nixos/doc/manual/administration/logging.xml b/nixos/doc/manual/administration/logging.xml index a41936b373d6..da4877fcdf08 100644 --- a/nixos/doc/manual/administration/logging.xml +++ b/nixos/doc/manual/administration/logging.xml @@ -11,14 +11,14 @@ The command <literal>journalctl</literal> allows you to see the contents of the journal. For example, <screen> -$ journalctl -b +<prompt>$ </prompt>journalctl -b </screen> shows all journal entries since the last reboot. (The output of <command>journalctl</command> is piped into <command>less</command> by default.) You can use various options and match operators to restrict output to messages of interest. For instance, to get all messages from PostgreSQL: <screen> -$ journalctl -u postgresql.service +<prompt>$ </prompt>journalctl -u postgresql.service -- Logs begin at Mon, 2013-01-07 13:28:01 CET, end at Tue, 2013-01-08 01:09:57 CET. -- ... Jan 07 15:44:14 hagbard postgres[2681]: [2-1] LOG: database system is shut down @@ -29,7 +29,7 @@ Jan 07 15:45:13 hagbard postgres[2500]: [1-1] LOG: database system is ready to Or to get all messages since the last reboot that have at least a “critical” severity level: <screen> -$ journalctl -b -p crit +<prompt>$ </prompt>journalctl -b -p crit Dec 17 21:08:06 mandark sudo[3673]: pam_unix(sudo:auth): auth could not identify password for [alice] Dec 29 01:30:22 mandark kernel[6131]: [1053513.909444] CPU6: Core temperature above threshold, cpu clock throttled (total events = 1) </screen> diff --git a/nixos/doc/manual/administration/rollback.xml b/nixos/doc/manual/administration/rollback.xml index 07c6acaa469c..fb87810ba461 100644 --- a/nixos/doc/manual/administration/rollback.xml +++ b/nixos/doc/manual/administration/rollback.xml @@ -33,7 +33,7 @@ where <replaceable>N</replaceable> is the number of the NixOS system configuration. To get a list of the available configurations, do: <screen> -$ ls -l /nix/var/nix/profiles/system-*-link +<prompt>$ </prompt>ls -l /nix/var/nix/profiles/system-*-link <replaceable>...</replaceable> lrwxrwxrwx 1 root root 78 Aug 12 13:54 /nix/var/nix/profiles/system-268-link -> /nix/store/202b...-nixos-13.07pre4932_5a676e4-4be1055 </screen> diff --git a/nixos/doc/manual/administration/service-mgmt.xml b/nixos/doc/manual/administration/service-mgmt.xml index 0c2085c81559..1b9c745eb59f 100644 --- a/nixos/doc/manual/administration/service-mgmt.xml +++ b/nixos/doc/manual/administration/service-mgmt.xml @@ -21,7 +21,7 @@ <command>systemd</command>. Without any arguments, it shows the status of active units: <screen> -$ systemctl +<prompt>$ </prompt>systemctl -.mount loaded active mounted / swapfile.swap loaded active active /swapfile sshd.service loaded active running SSH Daemon @@ -33,7 +33,7 @@ graphical.target loaded active active Graphical Interface You can ask for detailed status information about a unit, for instance, the PostgreSQL database service: <screen> -$ systemctl status postgresql.service +<prompt>$ </prompt>systemctl status postgresql.service postgresql.service - PostgreSQL Server Loaded: loaded (/nix/store/pn3q73mvh75gsrl8w7fdlfk3fq5qm5mw-unit/postgresql.service) Active: active (running) since Mon, 2013-01-07 15:55:57 CET; 9h ago diff --git a/nixos/doc/manual/administration/store-corruption.xml b/nixos/doc/manual/administration/store-corruption.xml index a4ca3b651e20..b9d11152d5e1 100644 --- a/nixos/doc/manual/administration/store-corruption.xml +++ b/nixos/doc/manual/administration/store-corruption.xml @@ -18,7 +18,7 @@ If the corruption is in a path in the closure of the NixOS system configuration, you can fix it by doing <screen> -# nixos-rebuild switch --repair +<prompt># </prompt>nixos-rebuild switch --repair </screen> This will cause Nix to check every path in the closure, and if its cryptographic hash differs from the hash recorded in Nix’s database, the @@ -28,7 +28,7 @@ <para> You can also scan the entire Nix store for corrupt paths: <screen> -# nix-store --verify --check-contents --repair +<prompt># </prompt>nix-store --verify --check-contents --repair </screen> Any corrupt paths will be redownloaded if they’re available in a binary cache; otherwise, they cannot be repaired. diff --git a/nixos/doc/manual/administration/user-sessions.xml b/nixos/doc/manual/administration/user-sessions.xml index 1d95cfb22b69..80daf6bdbff0 100644 --- a/nixos/doc/manual/administration/user-sessions.xml +++ b/nixos/doc/manual/administration/user-sessions.xml @@ -10,7 +10,7 @@ allows querying and manipulating user sessions. For instance, to list all user sessions: <screen> -$ loginctl +<prompt>$ </prompt>loginctl SESSION UID USER SEAT c1 500 eelco seat0 c3 0 root seat0 @@ -21,7 +21,7 @@ $ loginctl devices attached to the system; usually, there is only one seat.) To get information about a session: <screen> -$ loginctl session-status c3 +<prompt>$ </prompt>loginctl session-status c3 c3 - root (0) Since: Tue, 2013-01-08 01:17:56 CET; 4min 42s ago Leader: 2536 (login) diff --git a/nixos/doc/manual/configuration/ad-hoc-packages.xml b/nixos/doc/manual/configuration/ad-hoc-packages.xml index 19159d8db5b6..c7e882d846fa 100644 --- a/nixos/doc/manual/configuration/ad-hoc-packages.xml +++ b/nixos/doc/manual/configuration/ad-hoc-packages.xml @@ -9,7 +9,7 @@ With the command <command>nix-env</command>, you can install and uninstall packages from the command line. For instance, to install Mozilla Thunderbird: <screen> -$ nix-env -iA nixos.thunderbird</screen> +<prompt>$ </prompt>nix-env -iA nixos.thunderbird</screen> If you invoke this as root, the package is installed in the Nix profile <filename>/nix/var/nix/profiles/default</filename> and visible to all users of the system; otherwise, the package ends up in @@ -25,7 +25,7 @@ $ nix-env -iA nixos.thunderbird</screen> Packages come from the NixOS channel. You typically upgrade a package by updating to the latest version of the NixOS channel: <screen> -$ nix-channel --update nixos +<prompt>$ </prompt>nix-channel --update nixos </screen> and then running <literal>nix-env -i</literal> again. Other packages in the profile are <emphasis>not</emphasis> affected; this is the crucial difference @@ -34,21 +34,21 @@ $ nix-channel --update nixos their current versions in the NixOS channel. You can however upgrade all packages for which there is a newer version by doing: <screen> -$ nix-env -u '*' +<prompt>$ </prompt>nix-env -u '*' </screen> </para> <para> A package can be uninstalled using the <option>-e</option> flag: <screen> -$ nix-env -e thunderbird +<prompt>$ </prompt>nix-env -e thunderbird </screen> </para> <para> Finally, you can roll back an undesirable <command>nix-env</command> action: <screen> -$ nix-env --rollback +<prompt>$ </prompt>nix-env --rollback </screen> </para> diff --git a/nixos/doc/manual/configuration/adding-custom-packages.xml b/nixos/doc/manual/configuration/adding-custom-packages.xml index cdcfa10b8200..182641055e4d 100644 --- a/nixos/doc/manual/configuration/adding-custom-packages.xml +++ b/nixos/doc/manual/configuration/adding-custom-packages.xml @@ -14,8 +14,8 @@ xlink:href="http://nixos.org/nixpkgs/manual">Nixpkgs manual</link>. In short, you clone Nixpkgs: <screen> -$ git clone https://github.com/NixOS/nixpkgs -$ cd nixpkgs +<prompt>$ </prompt>git clone https://github.com/NixOS/nixpkgs +<prompt>$ </prompt>cd nixpkgs </screen> Then you write and test the package as described in the Nixpkgs manual. Finally, you add it to <literal>environment.systemPackages</literal>, e.g. @@ -65,8 +65,8 @@ stdenv.mkDerivation rec { </programlisting> This allows testing the package easily: <screen> -$ nix-build my-hello.nix -$ ./result/bin/hello +<prompt>$ </prompt>nix-build my-hello.nix +<prompt>$ </prompt>./result/bin/hello Hello, world! </screen> </para> diff --git a/nixos/doc/manual/configuration/declarative-packages.xml b/nixos/doc/manual/configuration/declarative-packages.xml index c9acbefea60e..5fb3bcb9f8f5 100644 --- a/nixos/doc/manual/configuration/declarative-packages.xml +++ b/nixos/doc/manual/configuration/declarative-packages.xml @@ -22,7 +22,7 @@ <para> You can get a list of the available packages as follows: <screen> -$ nix-env -qaP '*' --description +<prompt>$ </prompt>nix-env -qaP '*' --description nixos.firefox firefox-23.0 Mozilla Firefox - the browser, reloaded <replaceable>...</replaceable> </screen> diff --git a/nixos/doc/manual/configuration/matrix.xml b/nixos/doc/manual/configuration/matrix.xml index 66965460a15d..4c559a71e813 100644 --- a/nixos/doc/manual/configuration/matrix.xml +++ b/nixos/doc/manual/configuration/matrix.xml @@ -33,91 +33,91 @@ <link xlink:href="https://github.com/matrix-org/synapse#synapse-installation"> installation instructions of Synapse </link>. <programlisting> +let + fqdn = let - fqdn = - let - join = hostName: domain: hostName + optionalString (domain != null) ".${domain}"; - in join config.networking.hostName config.networking.domain; - in { - networking = { - hostName = "myhostname"; - domain = "example.org"; - }; - networking.firewall.allowedTCPPorts = [ 80 443 ]; + join = hostName: domain: hostName + optionalString (domain != null) ".${domain}"; + in join config.networking.hostName config.networking.domain; +in { + networking = { + hostName = "myhostname"; + domain = "example.org"; + }; + networking.firewall.allowedTCPPorts = [ 80 443 ]; - services.nginx = { - enable = true; - # only recommendedProxySettings and recommendedGzipSettings are strictly required, - # but the rest make sense as well - recommendedTlsSettings = true; - recommendedOptimisation = true; - recommendedGzipSettings = true; - recommendedProxySettings = true; + services.nginx = { + enable = true; + # only recommendedProxySettings and recommendedGzipSettings are strictly required, + # but the rest make sense as well + recommendedTlsSettings = true; + recommendedOptimisation = true; + recommendedGzipSettings = true; + recommendedProxySettings = true; - virtualHosts = { - # This host section can be placed on a different host than the rest, - # i.e. to delegate from the host being accessible as ${config.networking.domain} - # to another host actually running the Matrix homeserver. - "${config.networking.domain}" = { - locations."= /.well-known/matrix/server".extraConfig = - let - # use 443 instead of the default 8448 port to unite - # the client-server and server-server port for simplicity - server = { "m.server" = "${fqdn}:443"; }; - in '' - add_header Content-Type application/json; - return 200 '${builtins.toJSON server}'; - ''; - locations."= /.well-known/matrix/client".extraConfig = - let - client = { - "m.homeserver" = { "base_url" = "https://${fqdn}"; }; - "m.identity_server" = { "base_url" = "https://vector.im"; }; - }; - # ACAO required to allow riot-web on any URL to request this json file - in '' - add_header Content-Type application/json; - add_header Access-Control-Allow-Origin *; - return 200 '${builtins.toJSON client}'; - ''; - }; + virtualHosts = { + # This host section can be placed on a different host than the rest, + # i.e. to delegate from the host being accessible as ${config.networking.domain} + # to another host actually running the Matrix homeserver. + "${config.networking.domain}" = { + locations."= /.well-known/matrix/server".extraConfig = + let + # use 443 instead of the default 8448 port to unite + # the client-server and server-server port for simplicity + server = { "m.server" = "${fqdn}:443"; }; + in '' + add_header Content-Type application/json; + return 200 '${builtins.toJSON server}'; + ''; + locations."= /.well-known/matrix/client".extraConfig = + let + client = { + "m.homeserver" = { "base_url" = "https://${fqdn}"; }; + "m.identity_server" = { "base_url" = "https://vector.im"; }; + }; + # ACAO required to allow riot-web on any URL to request this json file + in '' + add_header Content-Type application/json; + add_header Access-Control-Allow-Origin *; + return 200 '${builtins.toJSON client}'; + ''; + }; - # Reverse proxy for Matrix client-server and server-server communication - ${fqdn} = { - enableACME = true; - forceSSL = true; + # Reverse proxy for Matrix client-server and server-server communication + ${fqdn} = { + enableACME = true; + forceSSL = true; - # Or do a redirect instead of the 404, or whatever is appropriate for you. - # But do not put a Matrix Web client here! See the Riot Web section below. - locations."/".extraConfig = '' - return 404; - ''; + # Or do a redirect instead of the 404, or whatever is appropriate for you. + # But do not put a Matrix Web client here! See the Riot Web section below. + locations."/".extraConfig = '' + return 404; + ''; - # forward all Matrix API calls to the synapse Matrix homeserver - locations."/_matrix" = { - proxyPass = "http://[::1]:8008"; - }; - }; + # forward all Matrix API calls to the synapse Matrix homeserver + locations."/_matrix" = { + proxyPass = "http://[::1]:8008"; }; }; - services.matrix-synapse = { - enable = true; - server_name = config.networking.domain; - listeners = [ - { - port = 8008; - bind_address = "::1"; - type = "http"; - tls = false; - x_forwarded = true; - resources = [ - { names = [ "client" "federation" ]; compress = false; } - ]; - } - ]; - }; }; - </programlisting> + }; + services.matrix-synapse = { + enable = true; + server_name = config.networking.domain; + listeners = [ + { + port = 8008; + bind_address = "::1"; + type = "http"; + tls = false; + x_forwarded = true; + resources = [ + { names = [ "client" "federation" ]; compress = false; } + ]; + } + ]; + }; +}; +</programlisting> </para> <para> @@ -141,15 +141,15 @@ <option>services.matrix-synapse.registration_shared_secret</option>. To create a new user or admin, run the following after you have set the secret and have rebuilt NixOS: -<programlisting> - $ nix run nixpkgs.matrix-synapse - $ register_new_matrix_user -k <your-registration-shared-secret> http://localhost:8008 - New user localpart: <your-username> - Password: - Confirm password: - Make admin [no]: - Success! - </programlisting> +<screen> +<prompt>$ </prompt>nix run nixpkgs.matrix-synapse +<prompt>$ </prompt>register_new_matrix_user -k <replaceable>your-registration-shared-secret</replaceable> http://localhost:8008 +<prompt>New user localpart: </prompt><replaceable>your-username</replaceable> +<prompt>Password:</prompt> +<prompt>Confirm password:</prompt> +<prompt>Make admin [no]:</prompt> +Success! +</screen> In the example, this would create a user with the Matrix Identifier <literal>@your-username:example.org</literal>. Note that the registration secret ends up in the nix store and therefore is world-readable by any user @@ -177,16 +177,16 @@ Matrix Now!</link> for a list of existing clients and their supported featureset. <programlisting> - services.nginx.virtualHosts."riot.${fqdn}" = { - enableACME = true; - forceSSL = true; - serverAliases = [ - "riot.${config.networking.domain}" - ]; +services.nginx.virtualHosts."riot.${fqdn}" = { + enableACME = true; + forceSSL = true; + serverAliases = [ + "riot.${config.networking.domain}" + ]; - root = pkgs.riot-web; - }; - </programlisting> + root = pkgs.riot-web; +}; +</programlisting> </para> <para> diff --git a/nixos/doc/manual/configuration/modularity.xml b/nixos/doc/manual/configuration/modularity.xml index 724abd31ca4e..7ad0ae80a48a 100644 --- a/nixos/doc/manual/configuration/modularity.xml +++ b/nixos/doc/manual/configuration/modularity.xml @@ -106,21 +106,21 @@ The unique option `services.httpd.adminAddr' is defined multiple times, in `/etc configuration option is. The command <option>nixos-option</option> allows you to find out: <screen> -$ nixos-option <xref linkend="opt-services.xserver.enable"/> +<prompt>$ </prompt>nixos-option <xref linkend="opt-services.xserver.enable"/> true -$ nixos-option <xref linkend="opt-boot.kernelModules"/> +<prompt>$ </prompt>nixos-option <xref linkend="opt-boot.kernelModules"/> [ "tun" "ipv6" "loop" <replaceable>...</replaceable> ] </screen> Interactive exploration of the configuration is possible using <command>nix repl</command>, a read-eval-print loop for Nix expressions. A typical use: <screen> -$ nix repl '<nixpkgs/nixos>' +<prompt>$ </prompt>nix repl '<nixpkgs/nixos>' -nix-repl> config.<xref linkend="opt-networking.hostName"/> +<prompt>nix-repl> </prompt>config.<xref linkend="opt-networking.hostName"/> "mandark" -nix-repl> map (x: x.hostName) config.<xref linkend="opt-services.httpd.virtualHosts"/> +<prompt>nix-repl> </prompt>map (x: x.hostName) config.<xref linkend="opt-services.httpd.virtualHosts"/> [ "example.org" "example.gov" ] </screen> </para> @@ -129,17 +129,17 @@ nix-repl> map (x: x.hostName) config.<xref linkend="opt-services.httpd.virtualHo While abstracting your configuration, you may find it useful to generate modules using code, instead of writing files. The example below would have the same effect as importing a file which sets those options. -<screen> - { config, pkgs, ... }: +<programlisting> +{ config, pkgs, ... }: - let netConfig = { hostName }: { - networking.hostName = hostName; - networking.useDHCP = false; - }; +let netConfig = { hostName }: { + networking.hostName = hostName; + networking.useDHCP = false; +}; - in +in - { imports = [ (netConfig "nixos.localdomain") ]; } - </screen> +{ imports = [ (netConfig "nixos.localdomain") ]; } +</programlisting> </para> </section> diff --git a/nixos/doc/manual/configuration/profiles.xml b/nixos/doc/manual/configuration/profiles.xml index c0a8f55785fc..9d08f7f7bed2 100644 --- a/nixos/doc/manual/configuration/profiles.xml +++ b/nixos/doc/manual/configuration/profiles.xml @@ -16,7 +16,7 @@ imports = [ <nixpkgs/nixos/modules/profiles/profile-name.nix> ]; - </programlisting> +</programlisting> <para> Even if some of these profiles seem only useful in the context of install media, many are actually intended to be used in real installs. diff --git a/nixos/doc/manual/configuration/user-mgmt.xml b/nixos/doc/manual/configuration/user-mgmt.xml index 66c1c6eb3a11..4b1710f3a2b1 100644 --- a/nixos/doc/manual/configuration/user-mgmt.xml +++ b/nixos/doc/manual/configuration/user-mgmt.xml @@ -44,7 +44,7 @@ A user ID (uid) is assigned automatically. You can also specify a uid manually by adding <programlisting> - uid = 1000; +uid = 1000; </programlisting> to the user specification. </para> diff --git a/nixos/doc/manual/configuration/wireless.xml b/nixos/doc/manual/configuration/wireless.xml index 7c7b3b4a65a5..9c0e3a8d7aa4 100644 --- a/nixos/doc/manual/configuration/wireless.xml +++ b/nixos/doc/manual/configuration/wireless.xml @@ -37,7 +37,7 @@ If you are using WPA2 you can generate pskRaw key using <command>wpa_passphrase</command>: <screen> -$ wpa_passphrase ESSID PSK +<prompt>$ </prompt>wpa_passphrase ESSID PSK network={ ssid="echelon" #psk="abcdefgh" @@ -54,10 +54,10 @@ network={ or you can use it to directly generate the <literal>wpa_supplicant.conf</literal>: <screen> -# wpa_passphrase ESSID PSK > /etc/wpa_supplicant.conf</screen> +<prompt># </prompt>wpa_passphrase ESSID PSK > /etc/wpa_supplicant.conf</screen> After you have edited the <literal>wpa_supplicant.conf</literal>, you need to restart the wpa_supplicant service. <screen> -# systemctl restart wpa_supplicant.service</screen> +<prompt># </prompt>systemctl restart wpa_supplicant.service</screen> </para> </section> diff --git a/nixos/doc/manual/configuration/xfce.xml b/nixos/doc/manual/configuration/xfce.xml index 77d5d9632792..6ac99c6b2bee 100644 --- a/nixos/doc/manual/configuration/xfce.xml +++ b/nixos/doc/manual/configuration/xfce.xml @@ -11,7 +11,7 @@ <link linkend="opt-services.xserver.desktopManager.xfce.enable">xfce.enable</link> = true; <link linkend="opt-services.xserver.desktopManager.default">default</link> = "xfce"; }; - </programlisting> +</programlisting> </para> <para> Optionally, <emphasis>compton</emphasis> can be enabled for nice graphical @@ -24,7 +24,7 @@ <link linkend="opt-services.compton.shadow">shadow</link> = true; <link linkend="opt-services.compton.fadeDelta">fadeDelta</link> = 4; }; - </programlisting> +</programlisting> </para> <para> Some Xfce programs are not installed automatically. To install them manually @@ -37,7 +37,7 @@ To enable <emphasis>Thunar</emphasis> volume support, put <programlisting> <xref linkend="opt-services.xserver.desktopManager.xfce.enable"/> = true; - </programlisting> +</programlisting> into your <emphasis>configuration.nix</emphasis>. </para> </simplesect> @@ -58,14 +58,14 @@ on start (look at <command>journalctl --user -b</command>). <programlisting> Thunar:2410): GVFS-RemoteVolumeMonitor-WARNING **: remote volume monitor with dbus name org.gtk.Private.UDisks2VolumeMonitor is not supported - </programlisting> +</programlisting> This is caused by some needed GNOME services not running. This is all fixed by enabling "Launch GNOME services on startup" in the Advanced tab of the Session and Startup settings panel. Alternatively, you can run this command to do the same thing. <programlisting> -$ xfconf-query -c xfce4-session -p /compat/LaunchGNOME -s true - </programlisting> +<prompt>$ </prompt>xfconf-query -c xfce4-session -p /compat/LaunchGNOME -s true +</programlisting> A log-out and re-log will be needed for this to take effect. </para> </simplesect> diff --git a/nixos/doc/manual/development/building-nixos.xml b/nixos/doc/manual/development/building-nixos.xml index 23d9ddf88a77..56a596baed00 100644 --- a/nixos/doc/manual/development/building-nixos.xml +++ b/nixos/doc/manual/development/building-nixos.xml @@ -14,14 +14,14 @@ Default CD/DVD configurations are available inside <filename>nixos/modules/installer/cd-dvd</filename>. <screen> -$ git clone https://github.com/NixOS/nixpkgs.git -$ cd nixpkgs/nixos -$ nix-build -A config.system.build.isoImage -I nixos-config=modules/installer/cd-dvd/installation-cd-minimal.nix default.nix</screen> +<prompt>$ </prompt>git clone https://github.com/NixOS/nixpkgs.git +<prompt>$ </prompt>cd nixpkgs/nixos +<prompt>$ </prompt>nix-build -A config.system.build.isoImage -I nixos-config=modules/installer/cd-dvd/installation-cd-minimal.nix default.nix</screen> </para> <para> Before burning your CD/DVD, you can check the content of the image by mounting anywhere like suggested by the following command: <screen> -# mount -o loop -t iso9660 ./result/iso/cd.iso /mnt/iso</screen> +<prompt># </prompt>mount -o loop -t iso9660 ./result/iso/cd.iso /mnt/iso</screen> </para> </chapter> diff --git a/nixos/doc/manual/development/building-parts.xml b/nixos/doc/manual/development/building-parts.xml index b4791b72970f..88369fb891b3 100644 --- a/nixos/doc/manual/development/building-parts.xml +++ b/nixos/doc/manual/development/building-parts.xml @@ -8,8 +8,8 @@ With the command <command>nix-build</command>, you can build specific parts of your NixOS configuration. This is done as follows: <screen> -$ cd <replaceable>/path/to/nixpkgs/nixos</replaceable> -$ nix-build -A config.<replaceable>option</replaceable></screen> +<prompt>$ </prompt>cd <replaceable>/path/to/nixpkgs/nixos</replaceable> +<prompt>$ </prompt>nix-build -A config.<replaceable>option</replaceable></screen> where <replaceable>option</replaceable> is a NixOS option with type “derivation” (i.e. something that can be built). Attributes of interest include: @@ -28,7 +28,7 @@ $ nix-build -A config.<replaceable>option</replaceable></screen> <para> A shortcut to build this is: <screen> -$ nix-build -A system</screen> +<prompt>$ </prompt>nix-build -A system</screen> </para> </listitem> </varlistentry> @@ -66,9 +66,9 @@ $ nix-build -A system</screen> test whether the kernel and the initial ramdisk boot correctly, by using QEMU’s <option>-kernel</option> and <option>-initrd</option> options: <screen> -$ nix-build -A config.system.build.initialRamdisk -o initrd -$ nix-build -A config.system.build.kernel -o kernel -$ qemu-system-x86_64 -kernel ./kernel/bzImage -initrd ./initrd/initrd -hda /dev/null +<prompt>$ </prompt>nix-build -A config.system.build.initialRamdisk -o initrd +<prompt>$ </prompt>nix-build -A config.system.build.kernel -o kernel +<prompt>$ </prompt>qemu-system-x86_64 -kernel ./kernel/bzImage -initrd ./initrd/initrd -hda /dev/null </screen> </para> </listitem> @@ -99,15 +99,15 @@ $ qemu-system-x86_64 -kernel ./kernel/bzImage -initrd ./initrd/initrd -hda /dev/ contain dots (e.g. <literal>httpd.service</literal>), you need to put them between quotes, like this: <screen> -$ nix-build -A 'config.systemd.units."httpd.service".unit' +<prompt>$ </prompt>nix-build -A 'config.systemd.units."httpd.service".unit' </screen> You can also test individual units, without rebuilding the whole system, by putting them in <filename>/run/systemd/system</filename>: <screen> -$ cp $(nix-build -A 'config.systemd.units."httpd.service".unit')/httpd.service \ +<prompt>$ </prompt>cp $(nix-build -A 'config.systemd.units."httpd.service".unit')/httpd.service \ /run/systemd/system/tmp-httpd.service -# systemctl daemon-reload -# systemctl start tmp-httpd.service +<prompt># </prompt>systemctl daemon-reload +<prompt># </prompt>systemctl start tmp-httpd.service </screen> Note that the unit must not have the same name as any unit in <filename>/etc/systemd/system</filename> since those take precedence over diff --git a/nixos/doc/manual/development/running-nixos-tests-interactively.xml b/nixos/doc/manual/development/running-nixos-tests-interactively.xml index c15ad448317f..e390d62fde2f 100644 --- a/nixos/doc/manual/development/running-nixos-tests-interactively.xml +++ b/nixos/doc/manual/development/running-nixos-tests-interactively.xml @@ -9,17 +9,17 @@ The test itself can be run interactively. This is particularly useful when developing or debugging a test: <screen> -$ nix-build nixos/tests/login.nix -A driver -$ ./result/bin/nixos-test-driver +<prompt>$ </prompt>nix-build nixos/tests/login.nix -A driver +<prompt>$ </prompt>./result/bin/nixos-test-driver starting VDE switch for network 1 -> +<prompt>></prompt> </screen> You can then take any Perl statement, e.g. <screen> -> startAll -> testScript -> $machine->succeed("touch /tmp/foo") -> print($machine->succeed("pwd")) # Show stdout of command +<prompt>></prompt> startAll +<prompt>></prompt> testScript +<prompt>></prompt> $machine->succeed("touch /tmp/foo") +<prompt>></prompt> print($machine->succeed("pwd")) # Show stdout of command </screen> The function <command>testScript</command> executes the entire test script and drops you back into the test driver command line upon its completion. @@ -30,8 +30,8 @@ starting VDE switch for network 1 <para> To just start and experiment with the VMs, run: <screen> -$ nix-build nixos/tests/login.nix -A driver -$ ./result/bin/nixos-run-vms +<prompt>$ </prompt>nix-build nixos/tests/login.nix -A driver +<prompt>$ </prompt>./result/bin/nixos-run-vms </screen> The script <command>nixos-run-vms</command> starts the virtual machines defined by test. diff --git a/nixos/doc/manual/development/running-nixos-tests.xml b/nixos/doc/manual/development/running-nixos-tests.xml index eadbe1ea4f26..13ae1ed93699 100644 --- a/nixos/doc/manual/development/running-nixos-tests.xml +++ b/nixos/doc/manual/development/running-nixos-tests.xml @@ -12,12 +12,12 @@ xlink:href="https://github.com/NixOS/nixpkgs/blob/master/nixos/tests/login.nix">login.nix</filename>, you just do: <screen> -$ nix-build '<nixpkgs/nixos/tests/login.nix>' +<prompt>$ </prompt>nix-build '<nixpkgs/nixos/tests/login.nix>' </screen> or, if you don’t want to rely on <envar>NIX_PATH</envar>: <screen> -$ cd /my/nixpkgs/nixos/tests -$ nix-build login.nix +<prompt>$ </prompt>cd /my/nixpkgs/nixos/tests +<prompt>$ </prompt>nix-build login.nix … running the VM test script machine: QEMU running (pid 8841) @@ -30,7 +30,7 @@ machine: QEMU running (pid 8841) fast, as no disk image needs to be created. Afterwards, you can view a pretty-printed log of the test: <screen> -$ firefox result/log.html +<prompt>$ </prompt>firefox result/log.html </screen> </para> </section> diff --git a/nixos/doc/manual/development/sources.xml b/nixos/doc/manual/development/sources.xml index eec9b56b1c07..3c30c782746d 100644 --- a/nixos/doc/manual/development/sources.xml +++ b/nixos/doc/manual/development/sources.xml @@ -11,10 +11,10 @@ modify NixOS, however, you should check out the latest sources from Git. This is as follows: <screen> -$ git clone https://github.com/NixOS/nixpkgs -$ cd nixpkgs -$ git remote add channels https://github.com/NixOS/nixpkgs-channels -$ git remote update channels +<prompt>$ </prompt>git clone https://github.com/NixOS/nixpkgs +<prompt>$ </prompt>cd nixpkgs +<prompt>$ </prompt>git remote add channels https://github.com/NixOS/nixpkgs-channels +<prompt>$ </prompt>git remote update channels </screen> This will check out the latest Nixpkgs sources to <filename>./nixpkgs</filename> the NixOS sources to @@ -32,23 +32,23 @@ $ git remote update channels not have caught up yet and you’ll have to rebuild everything from source. So you may want to create a local branch based on your current NixOS version: <screen> -$ nixos-version +<prompt>$ </prompt>nixos-version 17.09pre104379.6e0b727 (Hummingbird) -$ git checkout -b local 6e0b727 +<prompt>$ </prompt>git checkout -b local 6e0b727 </screen> Or, to base your local branch on the latest version available in a NixOS channel: <screen> -$ git remote update channels -$ git checkout -b local channels/nixos-17.03 +<prompt>$ </prompt>git remote update channels +<prompt>$ </prompt>git checkout -b local channels/nixos-17.03 </screen> (Replace <literal>nixos-17.03</literal> with the name of the channel you want to use.) You can use <command>git merge</command> or <command>git rebase</command> to keep your local branch in sync with the channel, e.g. <screen> -$ git remote update channels -$ git merge channels/nixos-17.03 +<prompt>$ </prompt>git remote update channels +<prompt>$ </prompt>git merge channels/nixos-17.03 </screen> You can use <command>git cherry-pick</command> to copy commits from your local branch to the upstream branch. @@ -58,7 +58,7 @@ $ git merge channels/nixos-17.03 tell <command>nixos-rebuild</command> about them using the <option>-I</option> flag: <screen> -# nixos-rebuild switch -I nixpkgs=<replaceable>/my/sources</replaceable>/nixpkgs +<prompt># </prompt>nixos-rebuild switch -I nixpkgs=<replaceable>/my/sources</replaceable>/nixpkgs </screen> </para> <para> @@ -67,7 +67,7 @@ $ git merge channels/nixos-17.03 <replaceable>/my/sources</replaceable>/nixpkgs</command>, or change the default by adding a symlink in <filename>~/.nix-defexpr</filename>: <screen> -$ ln -s <replaceable>/my/sources</replaceable>/nixpkgs ~/.nix-defexpr/nixpkgs +<prompt>$ </prompt>ln -s <replaceable>/my/sources</replaceable>/nixpkgs ~/.nix-defexpr/nixpkgs </screen> You may want to delete the symlink <filename>~/.nix-defexpr/channels_root</filename> to prevent root’s NixOS diff --git a/nixos/doc/manual/development/testing-installer.xml b/nixos/doc/manual/development/testing-installer.xml index 63f5f3de7f4d..902f995fbc1b 100644 --- a/nixos/doc/manual/development/testing-installer.xml +++ b/nixos/doc/manual/development/testing-installer.xml @@ -8,15 +8,15 @@ Building, burning, and booting from an installation CD is rather tedious, so here is a quick way to see if the installer works properly: <screen> -# mount -t tmpfs none /mnt -# nixos-generate-config --root /mnt -$ nix-build '<nixpkgs/nixos>' -A config.system.build.nixos-install -# ./result/bin/nixos-install</screen> +<prompt># </prompt>mount -t tmpfs none /mnt +<prompt># </prompt>nixos-generate-config --root /mnt +<prompt>$ </prompt>nix-build '<nixpkgs/nixos>' -A config.system.build.nixos-install +<prompt># </prompt>./result/bin/nixos-install</screen> To start a login shell in the new NixOS installation in <filename>/mnt</filename>: <screen> -$ nix-build '<nixpkgs/nixos>' -A config.system.build.nixos-enter -# ./result/bin/nixos-enter +<prompt>$ </prompt>nix-build '<nixpkgs/nixos>' -A config.system.build.nixos-enter +<prompt># </prompt>./result/bin/nixos-enter </screen> </para> </chapter> diff --git a/nixos/doc/manual/development/writing-nixos-tests.xml b/nixos/doc/manual/development/writing-nixos-tests.xml index 4a2615c9407b..6be2d0a4d231 100644 --- a/nixos/doc/manual/development/writing-nixos-tests.xml +++ b/nixos/doc/manual/development/writing-nixos-tests.xml @@ -397,9 +397,9 @@ startAll; </para> <para> <programlisting> - $machine->systemctl("list-jobs --no-pager"); // runs `systemctl list-jobs --no-pager` - $machine->systemctl("list-jobs --no-pager", "any-user"); // spawns a shell for `any-user` and runs `systemctl --user list-jobs --no-pager` - </programlisting> +$machine->systemctl("list-jobs --no-pager"); // runs `systemctl list-jobs --no-pager` +$machine->systemctl("list-jobs --no-pager", "any-user"); // spawns a shell for `any-user` and runs `systemctl --user list-jobs --no-pager` +</programlisting> </para> </listitem> </varlistentry> @@ -410,10 +410,10 @@ startAll; To test user units declared by <literal>systemd.user.services</literal> the optional <literal>$user</literal> argument can be used: <programlisting> - $machine->start; - $machine->waitForX; - $machine->waitForUnit("xautolock.service", "x-session-user"); - </programlisting> +$machine->start; +$machine->waitForX; +$machine->waitForUnit("xautolock.service", "x-session-user"); +</programlisting> This applies to <literal>systemctl</literal>, <literal>getUnitInfo</literal>, <literal>waitForUnit</literal>, <literal>startJob</literal> and <literal>stopJob</literal>. diff --git a/nixos/doc/manual/installation/changing-config.xml b/nixos/doc/manual/installation/changing-config.xml index 1a116ec0b655..b77d71389a9d 100644 --- a/nixos/doc/manual/installation/changing-config.xml +++ b/nixos/doc/manual/installation/changing-config.xml @@ -9,7 +9,8 @@ <link linkend="ch-configuration">changed something</link> in that file, you should do <screen> -# nixos-rebuild switch</screen> +<prompt># </prompt>nixos-rebuild switch +</screen> to build the new configuration, make it the default configuration for booting, and try to realise the configuration in the running system (e.g., by restarting system services). @@ -23,7 +24,8 @@ <para> You can also do <screen> -# nixos-rebuild test</screen> +<prompt># </prompt>nixos-rebuild test +</screen> to build the configuration and switch the running system to it, but without making it the boot default. So if (say) the configuration locks up your machine, you can just reboot to get back to a working configuration. @@ -31,7 +33,8 @@ <para> There is also <screen> -# nixos-rebuild boot</screen> +<prompt># </prompt>nixos-rebuild boot +</screen> to build the configuration and make it the boot default, but not switch to it now (so it will only take effect after the next reboot). </para> @@ -39,7 +42,8 @@ You can make your configuration show up in a different submenu of the GRUB 2 boot screen by giving it a different <emphasis>profile name</emphasis>, e.g. <screen> -# nixos-rebuild switch -p test </screen> +<prompt># </prompt>nixos-rebuild switch -p test +</screen> which causes the new configuration (and previous ones created using <literal>-p test</literal>) to show up in the GRUB submenu “NixOS - Profile 'test'”. This can be useful to separate test configurations from @@ -48,7 +52,8 @@ <para> Finally, you can do <screen> -$ nixos-rebuild build</screen> +<prompt>$ </prompt>nixos-rebuild build +</screen> to build the configuration but nothing more. This is useful to see whether everything compiles cleanly. </para> @@ -58,8 +63,8 @@ $ nixos-rebuild build</screen> <emphasis>virtual machine</emphasis> that contains the desired configuration. Just do <screen> -$ nixos-rebuild build-vm -$ ./result/bin/run-*-vm +<prompt>$ </prompt>nixos-rebuild build-vm +<prompt>$ </prompt>./result/bin/run-*-vm </screen> The VM does not have any data from your host system, so your existing user accounts and home directories will not be available unless you have set @@ -74,12 +79,12 @@ $ ./result/bin/run-*-vm guest. For instance, the following will forward host port 2222 to guest port 22 (SSH): <screen> -$ QEMU_NET_OPTS="hostfwd=tcp::2222-:22" ./result/bin/run-*-vm +<prompt>$ </prompt>QEMU_NET_OPTS="hostfwd=tcp::2222-:22" ./result/bin/run-*-vm </screen> allowing you to log in via SSH (assuming you have set the appropriate passwords or SSH authorized keys): <screen> -$ ssh -p 2222 localhost +<prompt>$ </prompt>ssh -p 2222 localhost </screen> </para> </chapter> diff --git a/nixos/doc/manual/installation/installing-from-other-distro.xml b/nixos/doc/manual/installation/installing-from-other-distro.xml index d1e49a2a1597..8ed45899fd7f 100644 --- a/nixos/doc/manual/installation/installing-from-other-distro.xml +++ b/nixos/doc/manual/installation/installing-from-other-distro.xml @@ -47,8 +47,8 @@ Short version: </para> <screen> -$ curl https://nixos.org/nix/install | sh -$ . $HOME/.nix-profile/etc/profile.d/nix.sh # …or open a fresh shell</screen> +<prompt>$ </prompt>curl https://nixos.org/nix/install | sh +<prompt>$ </prompt>. $HOME/.nix-profile/etc/profile.d/nix.sh # …or open a fresh shell</screen> <para> More details in the <link @@ -65,14 +65,14 @@ $ . $HOME/.nix-profile/etc/profile.d/nix.sh # …or open a fresh shell</screen> the <literal>nixpkgs</literal> channel by default. </para> <screen> -$ nix-channel --list +<prompt>$ </prompt>nix-channel --list nixpkgs https://nixos.org/channels/nixpkgs-unstable</screen> <para> As that channel gets released without running the NixOS tests, it will be safer to use the <literal>nixos-*</literal> channels instead: </para> <screen> -$ nix-channel --add https://nixos.org/channels/nixos-<replaceable>version</replaceable> nixpkgs</screen> +<prompt>$ </prompt>nix-channel --add https://nixos.org/channels/nixos-<replaceable>version</replaceable> nixpkgs</screen> <para> You may want to throw in a <literal>nix-channel --update</literal> for good measure. @@ -89,7 +89,7 @@ $ nix-channel --add https://nixos.org/channels/nixos-<replaceable>version</repla NixOS partition. They are installed by default on NixOS, but you don't have NixOS yet.. </para> -<screen>$ nix-env -iE "_: with import <nixpkgs/nixos> { configuration = {}; }; with config.system.build; [ nixos-generate-config nixos-install nixos-enter manual.manpages ]"</screen> +<screen><prompt>$ </prompt>nix-env -iE "_: with import <nixpkgs/nixos> { configuration = {}; }; with config.system.build; [ nixos-generate-config nixos-install nixos-enter manual.manpages ]"</screen> </listitem> <listitem> <note> @@ -116,7 +116,7 @@ $ nix-channel --add https://nixos.org/channels/nixos-<replaceable>version</repla <para> Generate your NixOS configuration: </para> -<screen>$ sudo `which nixos-generate-config` --root /mnt</screen> +<screen><prompt>$ </prompt>sudo `which nixos-generate-config` --root /mnt</screen> <para> You'll probably want to edit the configuration files. Refer to the <literal>nixos-generate-config</literal> step in @@ -148,8 +148,8 @@ $ nix-channel --add https://nixos.org/channels/nixos-<replaceable>version</repla distribution: </para> <screen> -$ sudo groupadd -g 30000 nixbld -$ sudo useradd -u 30000 -g nixbld -G nixbld nixbld</screen> +<prompt>$ </prompt>sudo groupadd -g 30000 nixbld +<prompt>$ </prompt>sudo useradd -u 30000 -g nixbld -G nixbld nixbld</screen> </listitem> <listitem> <para> @@ -161,7 +161,7 @@ $ sudo useradd -u 30000 -g nixbld -G nixbld nixbld</screen> existing systems without the help of a rescue USB drive or similar. </para> </warning> -<screen>$ sudo PATH="$PATH" NIX_PATH="$NIX_PATH" `which nixos-install` --root /mnt</screen> +<screen><prompt>$ </prompt>sudo PATH="$PATH" NIX_PATH="$NIX_PATH" `which nixos-install` --root /mnt</screen> <para> Again, please refer to the <literal>nixos-install</literal> step in <xref linkend="sec-installation" /> for more information. @@ -175,8 +175,8 @@ $ sudo useradd -u 30000 -g nixbld -G nixbld nixbld</screen> Optionally, you may want to clean up your non-NixOS distribution: </para> <screen> -$ sudo userdel nixbld -$ sudo groupdel nixbld</screen> +<prompt>$ </prompt>sudo userdel nixbld +<prompt>$ </prompt>sudo groupdel nixbld</screen> <para> If you do not wish to keep the Nix package manager installed either, run something like <literal>sudo rm -rv ~/.nix-* /nix</literal> and remove the @@ -193,7 +193,7 @@ $ sudo groupdel nixbld</screen> <para> Generate your NixOS configuration: </para> -<screen>$ sudo `which nixos-generate-config` --root /</screen> +<screen><prompt>$ </prompt>sudo `which nixos-generate-config` --root /</screen> <para> Note that this will place the generated configuration files in <literal>/etc/nixos</literal>. You'll probably want to edit the @@ -212,21 +212,21 @@ $ sudo groupdel nixbld</screen> </para> <programlisting> <link linkend="opt-users.users._name__.initialHashedPassword">users.users.root.initialHashedPassword</link> = ""; - </programlisting> +</programlisting> </listitem> <listitem> <para> Build the NixOS closure and install it in the <literal>system</literal> profile: </para> -<screen>$ nix-env -p /nix/var/nix/profiles/system -f '<nixpkgs/nixos>' -I nixos-config=/etc/nixos/configuration.nix -iA system</screen> +<screen><prompt>$ </prompt>nix-env -p /nix/var/nix/profiles/system -f '<nixpkgs/nixos>' -I nixos-config=/etc/nixos/configuration.nix -iA system</screen> </listitem> <listitem> <para> Change ownership of the <literal>/nix</literal> tree to root (since your Nix install was probably single user): </para> -<screen>$ sudo chown -R 0.0 /nix</screen> +<screen><prompt>$ </prompt>sudo chown -R 0.0 /nix</screen> </listitem> <listitem> <para> @@ -284,16 +284,16 @@ $ sudo groupdel nixbld</screen> Let's create the files: </para> <screen> -$ sudo touch /etc/NIXOS -$ sudo touch /etc/NIXOS_LUSTRATE - </screen> +<prompt>$ </prompt>sudo touch /etc/NIXOS +<prompt>$ </prompt>sudo touch /etc/NIXOS_LUSTRATE +</screen> <para> Let's also make sure the NixOS configuration files are kept once we reboot on NixOS: </para> <screen> -$ echo etc/nixos | sudo tee -a /etc/NIXOS_LUSTRATE - </screen> +<prompt>$ </prompt>echo etc/nixos | sudo tee -a /etc/NIXOS_LUSTRATE +</screen> </listitem> <listitem> <para> @@ -312,8 +312,9 @@ $ echo etc/nixos | sudo tee -a /etc/NIXOS_LUSTRATE </para> </warning> <screen> -$ sudo mv -v /boot /boot.bak && - sudo /nix/var/nix/profiles/system/bin/switch-to-configuration boot</screen> +<prompt>$ </prompt>sudo mv -v /boot /boot.bak && +sudo /nix/var/nix/profiles/system/bin/switch-to-configuration boot +</screen> <para> Cross your fingers, reboot, hopefully you should get a NixOS prompt! </para> diff --git a/nixos/doc/manual/installation/installing-usb.xml b/nixos/doc/manual/installation/installing-usb.xml index c0372e8ebd9b..83598635acca 100644 --- a/nixos/doc/manual/installation/installing-usb.xml +++ b/nixos/doc/manual/installation/installing-usb.xml @@ -15,16 +15,16 @@ <note> <title>On macOS</title> <para> -<programlisting> -$ diskutil list +<screen> +<prompt>$ </prompt>diskutil list [..] /dev/diskN (external, physical): #: TYPE NAME SIZE IDENTIFIER [..] -$ diskutil unmountDisk diskN +<prompt>$ </prompt>diskutil unmountDisk diskN Unmount of all volumes on diskN was successful -$ sudo dd if=nix.iso of=/dev/rdiskN -</programlisting> +<prompt>$ </prompt>sudo dd if=nix.iso of=/dev/rdiskN +</screen> Using the 'raw' <command>rdiskN</command> device instead of <command>diskN</command> completes in minutes instead of hours. After <command>dd</command> completes, a GUI dialog "The disk you inserted was diff --git a/nixos/doc/manual/installation/installing.xml b/nixos/doc/manual/installation/installing.xml index 9687c21a01e6..742376378dea 100644 --- a/nixos/doc/manual/installation/installing.xml +++ b/nixos/doc/manual/installation/installing.xml @@ -110,7 +110,7 @@ <listitem> <para> Create a <emphasis>GPT</emphasis> partition table. -<screen language="commands"># parted /dev/sda -- mklabel gpt</screen> +<screen language="commands"><prompt># </prompt>parted /dev/sda -- mklabel gpt</screen> </para> </listitem> <listitem> @@ -118,14 +118,14 @@ Add the <emphasis>root</emphasis> partition. This will fill the disk except for the end part, where the swap will live, and the space left in front (512MiB) which will be used by the boot partition. -<screen language="commands"># parted /dev/sda -- mkpart primary 512MiB -8GiB</screen> +<screen language="commands"><prompt># </prompt>parted /dev/sda -- mkpart primary 512MiB -8GiB</screen> </para> </listitem> <listitem> <para> Next, add a <emphasis>swap</emphasis> partition. The size required will vary according to needs, here a 8GiB one is created. -<screen language="commands"># parted /dev/sda -- mkpart primary linux-swap -8GiB 100%</screen> +<screen language="commands"><prompt># </prompt>parted /dev/sda -- mkpart primary linux-swap -8GiB 100%</screen> <note> <para> The swap partition size rules are no different than for other Linux @@ -140,8 +140,8 @@ the ESP (EFI system partition) as its <emphasis>/boot</emphasis> partition. It uses the initially reserved 512MiB at the start of the disk. -<screen language="commands"># parted /dev/sda -- mkpart ESP fat32 1MiB 512MiB -# parted /dev/sda -- set 3 boot on</screen> +<screen language="commands"><prompt># </prompt>parted /dev/sda -- mkpart ESP fat32 1MiB 512MiB +<prompt># </prompt>parted /dev/sda -- set 3 boot on</screen> </para> </listitem> </orderedlist> @@ -172,21 +172,21 @@ <listitem> <para> Create a <emphasis>MBR</emphasis> partition table. -<screen language="commands"># parted /dev/sda -- mklabel msdos</screen> +<screen language="commands"><prompt># </prompt>parted /dev/sda -- mklabel msdos</screen> </para> </listitem> <listitem> <para> Add the <emphasis>root</emphasis> partition. This will fill the the disk except for the end part, where the swap will live. -<screen language="commands"># parted /dev/sda -- mkpart primary 1MiB -8GiB</screen> +<screen language="commands"><prompt># </prompt>parted /dev/sda -- mkpart primary 1MiB -8GiB</screen> </para> </listitem> <listitem> <para> Finally, add a <emphasis>swap</emphasis> partition. The size required will vary according to needs, here a 8GiB one is created. -<screen language="commands"># parted /dev/sda -- mkpart primary linux-swap -8GiB 100%</screen> +<screen language="commands"><prompt># </prompt>parted /dev/sda -- mkpart primary linux-swap -8GiB 100%</screen> <note> <para> The swap partition size rules are no different than for other Linux @@ -218,7 +218,7 @@ since this makes the file system configuration independent from device changes. For example: <screen> -# mkfs.ext4 -L nixos /dev/sda1</screen> +<prompt># </prompt>mkfs.ext4 -L nixos /dev/sda1</screen> </para> </listitem> <listitem> @@ -227,7 +227,7 @@ recommended to assign a label to the swap partition: <option>-L <replaceable>label</replaceable></option>. For example: <screen> -# mkswap -L swap /dev/sda2</screen> +<prompt># </prompt>mkswap -L swap /dev/sda2</screen> </para> </listitem> <listitem> @@ -242,7 +242,7 @@ it’s recommended to assign a label to the boot partition: <option>-n <replaceable>label</replaceable></option>. For example: <screen> -# mkfs.fat -F 32 -n boot /dev/sda3</screen> +<prompt># </prompt>mkfs.fat -F 32 -n boot /dev/sda3</screen> </para> </listitem> </varlistentry> @@ -273,7 +273,7 @@ Mount the target file system on which NixOS should be installed on <filename>/mnt</filename>, e.g. <screen> -# mount /dev/disk/by-label/nixos /mnt +<prompt># </prompt>mount /dev/disk/by-label/nixos /mnt </screen> </para> </listitem> @@ -287,8 +287,8 @@ <para> Mount the boot file system on <filename>/mnt/boot</filename>, e.g. <screen> -# mkdir -p /mnt/boot -# mount /dev/disk/by-label/boot /mnt/boot +<prompt># </prompt>mkdir -p /mnt/boot +<prompt># </prompt>mount /dev/disk/by-label/boot /mnt/boot </screen> </para> </listitem> @@ -303,7 +303,7 @@ the build actions that it may spawn) may need quite a bit of RAM, depending on your configuration. <screen> -# swapon /dev/sda2</screen> +<prompt># </prompt>swapon /dev/sda2</screen> </para> </listitem> <listitem> @@ -325,11 +325,11 @@ The command <command>nixos-generate-config</command> can generate an initial configuration file for you: <screen> -# nixos-generate-config --root /mnt</screen> +<prompt># </prompt>nixos-generate-config --root /mnt</screen> You should then edit <filename>/mnt/etc/nixos/configuration.nix</filename> to suit your needs: <screen> -# nano /mnt/etc/nixos/configuration.nix +<prompt># </prompt>nano /mnt/etc/nixos/configuration.nix </screen> If you’re using the graphical ISO image, other editors may be available (such as <command>vim</command>). If you have network access, you can also @@ -412,7 +412,7 @@ <para> Do the installation: <screen> -# nixos-install</screen> +<prompt># </prompt>nixos-install</screen> Cross fingers. If this fails due to a temporary problem (such as a network issue while downloading binaries from the NixOS binary cache), you can just re-run <command>nixos-install</command>. Otherwise, fix your @@ -439,7 +439,7 @@ Retype new UNIX password: ***</screen> <para> If everything went well: <screen> -# reboot</screen> +<prompt># </prompt>reboot</screen> </para> </listitem> <listitem> @@ -460,16 +460,16 @@ Retype new UNIX password: ***</screen> You’ll probably want to create some user accounts as well, which can be done with <command>useradd</command>: <screen> -$ useradd -c 'Eelco Dolstra' -m eelco -$ passwd eelco</screen> +<prompt>$ </prompt>useradd -c 'Eelco Dolstra' -m eelco +<prompt>$ </prompt>passwd eelco</screen> </para> <para> You may also want to install some software. For instance, <screen> -$ nix-env -qa \*</screen> +<prompt>$ </prompt>nix-env -qa \*</screen> shows what packages are available, and <screen> -$ nix-env -i w3m</screen> +<prompt>$ </prompt>nix-env -i w3m</screen> install the <literal>w3m</literal> browser. </para> </listitem> @@ -489,19 +489,19 @@ $ nix-env -i w3m</screen> <example xml:id="ex-partition-scheme-MBR"> <title>Example partition schemes for NixOS on <filename>/dev/sda</filename> (MBR)</title> <screen language="commands"> -# parted /dev/sda -- mklabel msdos -# parted /dev/sda -- mkpart primary 1MiB -8GiB -# parted /dev/sda -- mkpart primary linux-swap -8GiB 100%</screen> +<prompt># </prompt>parted /dev/sda -- mklabel msdos +<prompt># </prompt>parted /dev/sda -- mkpart primary 1MiB -8GiB +<prompt># </prompt>parted /dev/sda -- mkpart primary linux-swap -8GiB 100%</screen> </example> <example xml:id="ex-partition-scheme-UEFI"> <title>Example partition schemes for NixOS on <filename>/dev/sda</filename> (UEFI)</title> <screen language="commands"> -# parted /dev/sda -- mklabel gpt -# parted /dev/sda -- mkpart primary 512MiB -8GiB -# parted /dev/sda -- mkpart primary linux-swap -8GiB 100% -# parted /dev/sda -- mkpart ESP fat32 1MiB 512MiB -# parted /dev/sda -- set 3 boot on</screen> +<prompt># </prompt>parted /dev/sda -- mklabel gpt +<prompt># </prompt>parted /dev/sda -- mkpart primary 512MiB -8GiB +<prompt># </prompt>parted /dev/sda -- mkpart primary linux-swap -8GiB 100% +<prompt># </prompt>parted /dev/sda -- mkpart ESP fat32 1MiB 512MiB +<prompt># </prompt>parted /dev/sda -- set 3 boot on</screen> </example> <example xml:id="ex-install-sequence"> @@ -509,23 +509,23 @@ $ nix-env -i w3m</screen> <para> With a partitioned disk. <screen language="commands"> -# mkfs.ext4 -L nixos /dev/sda1 -# mkswap -L swap /dev/sda2 -# swapon /dev/sda2 -# mkfs.fat -F 32 -n boot /dev/sda3 # <lineannotation>(for UEFI systems only)</lineannotation> -# mount /dev/disk/by-label/nixos /mnt -# mkdir -p /mnt/boot # <lineannotation>(for UEFI systems only)</lineannotation> -# mount /dev/disk/by-label/boot /mnt/boot # <lineannotation>(for UEFI systems only)</lineannotation> -# nixos-generate-config --root /mnt -# nano /mnt/etc/nixos/configuration.nix -# nixos-install -# reboot</screen> +<prompt># </prompt>mkfs.ext4 -L nixos /dev/sda1 +<prompt># </prompt>mkswap -L swap /dev/sda2 +<prompt># </prompt>swapon /dev/sda2 +<prompt># </prompt>mkfs.fat -F 32 -n boot /dev/sda3 # <lineannotation>(for UEFI systems only)</lineannotation> +<prompt># </prompt>mount /dev/disk/by-label/nixos /mnt +<prompt># </prompt>mkdir -p /mnt/boot # <lineannotation>(for UEFI systems only)</lineannotation> +<prompt># </prompt>mount /dev/disk/by-label/boot /mnt/boot # <lineannotation>(for UEFI systems only)</lineannotation> +<prompt># </prompt>nixos-generate-config --root /mnt +<prompt># </prompt>nano /mnt/etc/nixos/configuration.nix +<prompt># </prompt>nixos-install +<prompt># </prompt>reboot</screen> </para> </example> <example xml:id='ex-config'> <title>NixOS Configuration</title> -<screen> +<programlisting> { config, pkgs, ... }: { imports = [ # Include the results of the hardware scan. @@ -543,7 +543,7 @@ $ nix-env -i w3m</screen> # Enable the OpenSSH server. services.sshd.enable = true; } - </screen> +</programlisting> </example> </section> <section xml:id="sec-installation-additional-notes"> diff --git a/nixos/doc/manual/man-nixos-generate-config.xml b/nixos/doc/manual/man-nixos-generate-config.xml index 160ada9fff31..61531a8f01ca 100644 --- a/nixos/doc/manual/man-nixos-generate-config.xml +++ b/nixos/doc/manual/man-nixos-generate-config.xml @@ -13,18 +13,18 @@ </refnamediv> <refsynopsisdiv> <cmdsynopsis> - <command>nixos-generate-config</command> + <command>nixos-generate-config</command> <arg> <option>--force</option> </arg> - + <arg> <arg choice='plain'> <option>--root</option> </arg> <replaceable>root</replaceable> </arg> - + <arg> <arg choice='plain'> <option>--dir</option> @@ -154,7 +154,7 @@ file systems on <filename>/mnt</filename> and <filename>/mnt/boot</filename>, you would run: <screen> -$ nixos-generate-config --root /mnt +<prompt>$ </prompt>nixos-generate-config --root /mnt </screen> The resulting file <filename>/mnt/etc/nixos/hardware-configuration.nix</filename> might look @@ -204,7 +204,7 @@ $ nixos-generate-config --root /mnt <para> After installation, if your hardware configuration changes, you can run: <screen> -$ nixos-generate-config +<prompt>$ </prompt>nixos-generate-config </screen> to update <filename>/etc/nixos/hardware-configuration.nix</filename>. Your <filename>/etc/nixos/configuration.nix</filename> will diff --git a/nixos/doc/manual/man-nixos-install.xml b/nixos/doc/manual/man-nixos-install.xml index 25f4f40613ac..4fb94ee7494c 100644 --- a/nixos/doc/manual/man-nixos-install.xml +++ b/nixos/doc/manual/man-nixos-install.xml @@ -13,72 +13,72 @@ </refnamediv> <refsynopsisdiv> <cmdsynopsis> - <command>nixos-install</command> + <command>nixos-install</command> <arg> <arg choice='plain'> <option>-I</option> </arg> <replaceable>path</replaceable> </arg> - + <arg> <arg choice='plain'> <option>--root</option> </arg> <replaceable>root</replaceable> </arg> - + <arg> <arg choice='plain'> <option>--system</option> </arg> <replaceable>path</replaceable> </arg> - + <arg> <arg choice='plain'> <option>--no-channel-copy</option> </arg> </arg> - + <arg> <arg choice='plain'> <option>--no-root-passwd</option> </arg> </arg> - + <arg> <arg choice='plain'> <option>--no-bootloader</option> </arg> </arg> - + <arg> - <group choice='req'> + <group choice='req'> <arg choice='plain'> <option>--max-jobs</option> </arg> - + <arg choice='plain'> <option>-j</option> </arg> </group> <replaceable>number</replaceable> </arg> - + <arg> <option>--cores</option> <replaceable>number</replaceable> </arg> - + <arg> <option>--option</option> <replaceable>name</replaceable> <replaceable>value</replaceable> </arg> - + <arg> <arg choice='plain'> <option>--show-trace</option> </arg> </arg> - + <arg> <arg choice='plain'> <option>--help</option> @@ -255,12 +255,12 @@ on an <literal>ext4</literal> file system created in <filename>/dev/sda1</filename>: <screen> -$ mkfs.ext4 /dev/sda1 -$ mount /dev/sda1 /mnt -$ nixos-generate-config --root /mnt -$ # edit /mnt/etc/nixos/configuration.nix -$ nixos-install -$ reboot +<prompt>$ </prompt>mkfs.ext4 /dev/sda1 +<prompt>$ </prompt>mount /dev/sda1 /mnt +<prompt>$ </prompt>nixos-generate-config --root /mnt +<prompt>$ </prompt># edit /mnt/etc/nixos/configuration.nix +<prompt>$ </prompt>nixos-install +<prompt>$ </prompt>reboot </screen> </para> </refsection> diff --git a/nixos/doc/manual/man-nixos-option.xml b/nixos/doc/manual/man-nixos-option.xml index d436cce742a2..3e316e10d4eb 100644 --- a/nixos/doc/manual/man-nixos-option.xml +++ b/nixos/doc/manual/man-nixos-option.xml @@ -13,19 +13,19 @@ </refnamediv> <refsynopsisdiv> <cmdsynopsis> - <command>nixos-option</command> + <command>nixos-option</command> <arg> <option>-I</option> <replaceable>path</replaceable> </arg> - + <arg> <option>--verbose</option> </arg> - + <arg> <option>--xml</option> </arg> - + <arg choice="plain"> <replaceable>option.name</replaceable> </arg> @@ -103,13 +103,13 @@ <title>Examples</title> <para> Investigate option values: -<screen>$ nixos-option boot.loader +<screen><prompt>$ </prompt>nixos-option boot.loader This attribute set contains: generationsDir grub initScript -$ nixos-option boot.loader.grub.enable +<prompt>$ </prompt>nixos-option boot.loader.grub.enable Value: true diff --git a/nixos/doc/manual/man-nixos-rebuild.xml b/nixos/doc/manual/man-nixos-rebuild.xml index 0b0c0b8f6ea2..9cec83f1e28b 100644 --- a/nixos/doc/manual/man-nixos-rebuild.xml +++ b/nixos/doc/manual/man-nixos-rebuild.xml @@ -13,39 +13,39 @@ </refnamediv> <refsynopsisdiv> <cmdsynopsis> - <command>nixos-rebuild</command><group choice='req'> + <command>nixos-rebuild</command><group choice='req'> <arg choice='plain'> <option>switch</option> </arg> - + <arg choice='plain'> <option>boot</option> </arg> - + <arg choice='plain'> <option>test</option> </arg> - + <arg choice='plain'> <option>build</option> </arg> - + <arg choice='plain'> <option>dry-build</option> </arg> - + <arg choice='plain'> <option>dry-activate</option> </arg> - + <arg choice='plain'> <option>edit</option> </arg> - + <arg choice='plain'> <option>build-vm</option> </arg> - + <arg choice='plain'> <option>build-vm-with-bootloader</option> </arg> @@ -54,33 +54,33 @@ <arg> <option>--upgrade</option> </arg> - + <arg> <option>--install-bootloader</option> </arg> - + <arg> <option>--no-build-nix</option> </arg> - + <arg> <option>--fast</option> </arg> - + <arg> <option>--rollback</option> </arg> - + <arg> <option>--builders</option> <replaceable>builder-spec</replaceable> </arg> <sbr /> <arg> - <group choice='req'> + <group choice='req'> <arg choice='plain'> <option>--profile-name</option> </arg> - + <arg choice='plain'> <option>-p</option> </arg> @@ -160,7 +160,7 @@ the current directory, which points to the output of the top-level “system” derivation. This is essentially the same as doing <screen> -$ nix-build /path/to/nixpkgs/nixos -A system +<prompt>$ </prompt>nix-build /path/to/nixpkgs/nixos -A system </screen> Note that you do not need to be <literal>root</literal> to run <command>nixos-rebuild build</command>. @@ -215,8 +215,8 @@ $ nix-build /path/to/nixpkgs/nixos -A system at the script that starts the VM. Thus, to test a NixOS configuration in a virtual machine, you should do the following: <screen> -$ nixos-rebuild build-vm -$ ./result/bin/run-*-vm +<prompt>$ </prompt>nixos-rebuild build-vm +<prompt>$ </prompt>./result/bin/run-*-vm </screen> </para> <para> @@ -375,7 +375,7 @@ $ ./result/bin/run-*-vm <filename>test.nix</filename> without affecting the default system profile, you would do: <screen> -$ nixos-rebuild switch -p test -I nixos-config=./test.nix +<prompt>$ </prompt>nixos-rebuild switch -p test -I nixos-config=./test.nix </screen> The new configuration will appear in the GRUB 2 submenu “NixOS - Profile 'test'”. diff --git a/nixos/doc/manual/release-notes/rl-1509.xml b/nixos/doc/manual/release-notes/rl-1509.xml index e500c9d63422..5c4d99701785 100644 --- a/nixos/doc/manual/release-notes/rl-1509.xml +++ b/nixos/doc/manual/release-notes/rl-1509.xml @@ -627,7 +627,7 @@ nix-env -f "<nixpkgs>" -iA haskellPackages.pandoc In case of an infinite loop, use the <command>--show-trace</command> command line argument and read the line just above the error message. <screen> -$ nixos-rebuild build --show-trace +<prompt>$ </prompt>nixos-rebuild build --show-trace … while evaluating the module argument `pkgs' in "/etc/nixos/my-module.nix": infinite recursion encountered diff --git a/nixos/doc/manual/release-notes/rl-1703.xml b/nixos/doc/manual/release-notes/rl-1703.xml index 6ca79e2bc00d..86f4a1ccfb78 100644 --- a/nixos/doc/manual/release-notes/rl-1703.xml +++ b/nixos/doc/manual/release-notes/rl-1703.xml @@ -626,17 +626,17 @@ xlink:href="https://nixos.org/nixpkgs/manual/#sec-overlays-install"> overlays</link>. For example, the following code: <programlisting> - let - pkgs = import <nixpkgs> {}; - in - pkgs.overridePackages (self: super: ...) +let + pkgs = import <nixpkgs> {}; +in + pkgs.overridePackages (self: super: ...) </programlisting> should be replaced by: <programlisting> - let - pkgs = import <nixpkgs> {}; - in - import pkgs.path { overlays = [(self: super: ...)]; } +let + pkgs = import <nixpkgs> {}; +in + import pkgs.path { overlays = [(self: super: ...)]; } </programlisting> </para> </listitem> diff --git a/nixos/doc/manual/release-notes/rl-1909.xml b/nixos/doc/manual/release-notes/rl-1909.xml index 51a894269d9b..3c0699b4b539 100644 --- a/nixos/doc/manual/release-notes/rl-1909.xml +++ b/nixos/doc/manual/release-notes/rl-1909.xml @@ -137,6 +137,40 @@ </para> </listitem> <listitem> + <para> + The option <option>systemd.network.networks.<name>.routes.*.routeConfig.GatewayOnlink</option> + was renamed to <option>systemd.network.networks.<name>.routes.*.routeConfig.GatewayOnLink</option> + (capital <literal>L</literal>). This follows + <link xlink:href="https://github.com/systemd/systemd/commit/9cb8c5593443d24c19e40bfd4fc06d672f8c554c"> + upstreams renaming + </link> of the setting. + </para> + </listitem> + <listitem> + <para> + As of this release the NixOps feature <literal>autoLuks</literal> is deprecated. It no longer works + with our systemd version without manual intervention. + </para> + <para> + Whenever the usage of the module is detected the evaluation will fail with a message + explaining why and how to deal with the situation. + </para> + <para> + A new knob named <literal>nixops.enableDeprecatedAutoLuks</literal> + has been introduced to disable the eval failure and to acknowledge the notice was received and read. + If you plan on using the feature please note that it might break with subsequent updates. + </para> + <para> + Make sure you set the <literal>_netdev</literal> option for each of the file systems referring to block + devices provided by the autoLuks module. Not doing this might render the system in a + state where it doesn't boot anymore. + </para> + <para> + If you are actively using the <literal>autoLuks</literal> module please let us know in + <link xlink:href="https://github.com/NixOS/nixpkgs/issues/62211">issue #62211</link>. + </para> + </listitem> + <listitem> <para> The setopt declarations will be evaluated at the end of <literal>/etc/zshrc</literal>, so any code in <xref linkend="opt-programs.zsh.interactiveShellInit" />, <xref linkend="opt-programs.zsh.loginShellInit" /> and <xref linkend="opt-programs.zsh.promptInit" /> may break if it relies on those options being set. @@ -211,8 +245,30 @@ RuntimeDirectory and tmpfiles. </para> </listitem> + <listitem> + <para> + With the upgrade to systemd version 242 the <literal>systemd-timesyncd</literal> + service is no longer using <literal>DynamicUser=yes</literal>. In order for the + upgrade to work we rely on an activation script to move the state from the old + to the new directory. The older directory (prior <literal>19.09</literal>) was + <literal>/var/lib/private/systemd/timesync</literal>. + </para> + <para> + As long as the <literal>system.config.stateVersion</literal> is below + <literal>19.09</literal> the state folder will migrated to its proper location + (<literal>/var/lib/systemd/timesync</literal>), if required. + </para> + </listitem> <listitem> <para> + The package <literal>avahi</literal> is now built to look up service + definitions from <literal>/etc/avahi/services</literal> instead of its + output directory in the nix store. Accordingly the module + <option>avahi</option> now supports custom service definitions via + <option>services.avahi.extraServiceFiles</option>, which are then placed + in the aforementioned directory. See <citerefentry> + <refentrytitle>avahi.service</refentrytitle><manvolnum>5</manvolnum> + </citerefentry> for more information on custom service definitions. Since version 0.1.19, <literal>cargo-vendor</literal> honors package includes that are specified in the <filename>Cargo.toml</filename> file of Rust crates. <literal>rustPlatform.buildRustPackage</literal> uses @@ -221,7 +277,6 @@ vendored files for most Rust packages, the hash that use used to verify the dependencies, <literal>cargoSha256</literal>, also changes. </para> - <para> The <literal>cargoSha256</literal> hashes of all in-tree derivations that use <literal>buildRustPackage</literal> have been updated to reflect this @@ -236,6 +291,12 @@ so you'll need to set <option>hardware.pulseaudio.daemon.config.resample-method</option> back to <literal>speex-float-1</literal>. </para> </listitem> + <listitem> + <para> + The <literal>phabricator</literal> package and associated <literal>httpd.extraSubservice</literal>, as well as the + <literal>phd</literal> service have been removed from nixpkgs due to lack of maintainer. + </para> + </listitem> </itemizedlist> </section> </section> diff --git a/nixos/modules/hardware/video/nvidia.nix b/nixos/modules/hardware/video/nvidia.nix index 9f2360f41c6e..a5740929a310 100644 --- a/nixos/modules/hardware/video/nvidia.nix +++ b/nixos/modules/hardware/video/nvidia.nix @@ -1,6 +1,6 @@ # This module provides the proprietary NVIDIA X11 / OpenGL drivers. -{ stdenv, config, lib, pkgs, ... }: +{ config, lib, pkgs, ... }: with lib; diff --git a/nixos/modules/installer/cd-dvd/installation-cd-graphical-base.nix b/nixos/modules/installer/cd-dvd/installation-cd-graphical-base.nix index 917b3758d384..f65239a5bc0a 100644 --- a/nixos/modules/installer/cd-dvd/installation-cd-graphical-base.nix +++ b/nixos/modules/installer/cd-dvd/installation-cd-graphical-base.nix @@ -1,7 +1,7 @@ # This module contains the basic configuration for building a graphical NixOS # installation CD. -{ config, lib, pkgs, ... }: +{ lib, pkgs, ... }: with lib; diff --git a/nixos/modules/installer/cd-dvd/installation-cd-graphical-gnome.nix b/nixos/modules/installer/cd-dvd/installation-cd-graphical-gnome.nix index 42b5ec882272..0b813bbf37b4 100644 --- a/nixos/modules/installer/cd-dvd/installation-cd-graphical-gnome.nix +++ b/nixos/modules/installer/cd-dvd/installation-cd-graphical-gnome.nix @@ -1,7 +1,7 @@ # This module defines a NixOS installation CD that contains X11 and # GNOME 3. -{ config, lib, pkgs, ... }: +{ lib, ... }: with lib; diff --git a/nixos/modules/installer/tools/nixos-generate-config.pl b/nixos/modules/installer/tools/nixos-generate-config.pl index 0ccdac30d915..c09def1fceae 100644 --- a/nixos/modules/installer/tools/nixos-generate-config.pl +++ b/nixos/modules/installer/tools/nixos-generate-config.pl @@ -264,6 +264,11 @@ if (scalar @bcacheDevices > 0) { push @initrdAvailableKernelModules, "bcache"; } +# Prevent unbootable systems if LVM snapshots are present at boot time. +if (`lsblk -o TYPE` =~ "lvm") { + push @initrdKernelModules, "dm-snapshot"; +} + my $virt = `systemd-detect-virt`; chomp $virt; @@ -324,10 +329,19 @@ my @swapDevices; if (@swaps) { shift @swaps; foreach my $swap (@swaps) { - $swap =~ /^(\S+)\s/; - next unless -e $1; - my $dev = findStableDevPath $1; - push @swapDevices, "{ device = \"$dev\"; }"; + my @fields = split ' ', $swap; + my $swapFilename = $fields[0]; + my $swapType = $fields[1]; + next unless -e $swapFilename; + my $dev = findStableDevPath $swapFilename; + if ($swapType =~ "partition") { + push @swapDevices, "{ device = \"$dev\"; }"; + } elsif ($swapType =~ "file") { + # swap *files* are more likely specified in configuration.nix, so + # ignore them here. + } else { + die "Unsupported swap type: $swapType\n"; + } } } @@ -427,6 +441,10 @@ EOF } } + # Don't emit tmpfs entry for /tmp, because it most likely comes from the + # boot.tmpOnTmpfs option in configuration.nix (managed declaratively). + next if ($mountPoint eq "/tmp" && $fsType eq "tmpfs"); + # Emit the filesystem. $fileSystems .= <<EOF; fileSystems.\"$mountPoint\" = @@ -517,6 +535,7 @@ sub multiLineList { } my $initrdAvailableKernelModules = toNixStringList(uniq @initrdAvailableKernelModules); +my $initrdKernelModules = toNixStringList(uniq @initrdKernelModules); my $kernelModules = toNixStringList(uniq @kernelModules); my $modulePackages = toNixList(uniq @modulePackages); @@ -536,6 +555,7 @@ my $hwConfig = <<EOF; imports =${\multiLineList(" ", @imports)}; boot.initrd.availableKernelModules = [$initrdAvailableKernelModules ]; + boot.initrd.kernelModules = [$initrdKernelModules ]; boot.kernelModules = [$kernelModules ]; boot.extraModulePackages = [$modulePackages ]; $fsAndSwap diff --git a/nixos/modules/misc/documentation.nix b/nixos/modules/misc/documentation.nix index 834ac0de9121..deecb005270f 100644 --- a/nixos/modules/misc/documentation.nix +++ b/nixos/modules/misc/documentation.nix @@ -49,11 +49,7 @@ let if [ -z "$browser" ]; then browser="$(type -P xdg-open || true)" if [ -z "$browser" ]; then - browser="$(type -P w3m || true)" - if [ -z "$browser" ]; then - echo "$0: unable to start a web browser; please set \$BROWSER" - exit 1 - fi + browser="${pkgs.w3m-nographics}/bin/w3m" fi fi exec "$browser" ${manual.manualHTMLIndex} @@ -187,8 +183,6 @@ in }) (mkIf cfg.doc.enable { - # TODO(@oxij): put it here and remove from profiles? - # environment.systemPackages = [ pkgs.w3m ]; # w3m-nox? environment.pathsToLink = [ "/share/doc" ]; environment.extraOutputsToInstall = [ "doc" ] ++ optional cfg.dev.enable "devdoc"; }) diff --git a/nixos/modules/misc/ids.nix b/nixos/modules/misc/ids.nix index f1118f472e44..14ba5a573b18 100644 --- a/nixos/modules/misc/ids.nix +++ b/nixos/modules/misc/ids.nix @@ -44,7 +44,7 @@ vsftpd = 7; ftp = 8; bitlbee = 9; - avahi = 10; + #avahi = 10; # removed 2019-05-22 nagios = 11; atd = 12; postfix = 13; @@ -358,7 +358,7 @@ vsftpd = 7; ftp = 8; bitlbee = 9; - avahi = 10; + #avahi = 10; # removed 2019-05-22 #nagios = 11; # unused atd = 12; postfix = 13; diff --git a/nixos/modules/misc/nixops-autoluks.nix b/nixos/modules/misc/nixops-autoluks.nix new file mode 100644 index 000000000000..20c143286afa --- /dev/null +++ b/nixos/modules/misc/nixops-autoluks.nix @@ -0,0 +1,43 @@ +{ config, options, lib, ... }: +let + path = [ "deployment" "autoLuks" ]; + hasAutoLuksConfig = lib.hasAttrByPath path config && (lib.attrByPath path {} config) != {}; + + inherit (config.nixops) enableDeprecatedAutoLuks; +in { + options.nixops.enableDeprecatedAutoLuks = lib.mkEnableOption "Enable the deprecated NixOps AutoLuks module"; + + config = { + assertions = [ + { + assertion = if hasAutoLuksConfig then hasAutoLuksConfig && enableDeprecatedAutoLuks else true; + message = '' + ⚠️ !!! WARNING !!! ⚠️ + + NixOps autoLuks is deprecated. The feature was never widely used and the maintenance did outgrow the benefit. + If you still want to use the module: + a) Please raise your voice in the issue tracking usage of the module: + https://github.com/NixOS/nixpkgs/issues/62211 + b) make sure you set the `_netdev` option for each of the file + systems referring to block devices provided by the autoLuks module. + + ⚠️ If you do not set the option your system will not boot anymore! ⚠️ + + { + fileSystems."/secret" = { options = [ "_netdev" ]; }; + } + + b) set the option >nixops.enableDeprecatedAutoLuks = true< to remove this error. + + + For more details read through the following resources: + - https://github.com/NixOS/nixops/pull/1156 + - https://github.com/NixOS/nixpkgs/issues/47550 + - https://github.com/NixOS/nixpkgs/issues/62211 + - https://github.com/NixOS/nixpkgs/pull/61321 + ''; + } + ]; + }; + +} diff --git a/nixos/modules/misc/version.nix b/nixos/modules/misc/version.nix index c576cf4cb925..3ae60cb79160 100644 --- a/nixos/modules/misc/version.nix +++ b/nixos/modules/misc/version.nix @@ -1,4 +1,4 @@ -{ options, config, lib, pkgs, ... }: +{ config, lib, pkgs, ... }: with lib; @@ -95,6 +95,7 @@ in PRETTY_NAME="NixOS ${cfg.version} (${cfg.codeName})" LOGO="nix-snowflake" HOME_URL="https://nixos.org/" + DOCUMENTATION_URL="https://nixos.org/nixos/manual/index.html" SUPPORT_URL="https://nixos.org/nixos/support.html" BUG_REPORT_URL="https://github.com/NixOS/nixpkgs/issues" ''; diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index bb2c0a8f180f..6b8c8255c4db 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -50,6 +50,7 @@ ./hardware/logitech.nix ./hardware/mcelog.nix ./hardware/network/b43.nix + ./hardware/network/intel-2200bg.nix ./hardware/nitrokey.nix ./hardware/opengl.nix ./hardware/pcmcia.nix @@ -84,6 +85,7 @@ ./misc/nixpkgs.nix ./misc/passthru.nix ./misc/version.nix + ./misc/nixops-autoluks.nix ./programs/adb.nix ./programs/atop.nix ./programs/autojump.nix @@ -443,7 +445,6 @@ ./services/misc/packagekit.nix ./services/misc/paperless.nix ./services/misc/parsoid.nix - ./services/misc/phd.nix ./services/misc/plex.nix ./services/misc/tautulli.nix ./services/misc/pykms.nix diff --git a/nixos/modules/programs/captive-browser.nix b/nixos/modules/programs/captive-browser.nix index 9765a5fa3df7..55d474e5c9db 100644 --- a/nixos/modules/programs/captive-browser.nix +++ b/nixos/modules/programs/captive-browser.nix @@ -15,6 +15,8 @@ in package = mkOption { type = types.package; default = pkgs.captive-browser; + defaultText = "pkgs.captive-browser"; + description = "Which package to use for captive-browser"; }; interface = mkOption { @@ -35,7 +37,7 @@ in ''http://cache.nixos.org/'' ]; description = '' - the shell (/bin/sh) command executed once the proxy starts. + The shell (/bin/sh) command executed once the proxy starts. When browser exits, the proxy exits. An extra env var PROXY is available. Here, we use a separate Chrome instance in Incognito mode, so that @@ -51,7 +53,7 @@ in dhcp-dns = mkOption { type = types.str; description = '' - the shell (/bin/sh) command executed to obtain the DHCP + The shell (/bin/sh) command executed to obtain the DHCP DNS server address. The first match of an IPv4 regex is used. IPv4 only, because let's be real, it's a captive portal. ''; @@ -62,6 +64,16 @@ in default = "localhost:1666"; description = ''the listen address for the SOCKS5 proxy server''; }; + + bindInterface = mkOption { + default = true; + type = types.bool; + description = '' + Binds <package>captive-browser</package> to the network interface declared in + <literal>cfg.interface</literal>. This can be used to avoid collisions + with private subnets. + ''; + }; }; }; @@ -99,7 +111,9 @@ in browser = """${cfg.browser}""" dhcp-dns = """${cfg.dhcp-dns}""" socks5-addr = """${cfg.socks5-addr}""" - bind-device = """${cfg.interface}""" + ${optionalString cfg.bindInterface '' + bind-device = """${cfg.interface}""" + ''} ''} exec ${cfg.package}/bin/captive-browser ''; diff --git a/nixos/modules/services/audio/snapserver.nix b/nixos/modules/services/audio/snapserver.nix index f709dd7fe16b..b0b9264e8166 100644 --- a/nixos/modules/services/audio/snapserver.nix +++ b/nixos/modules/services/audio/snapserver.nix @@ -4,7 +4,6 @@ with lib; let - package = "snapcast"; name = "snapserver"; cfg = config.services.snapserver; diff --git a/nixos/modules/services/backup/duplicati.nix b/nixos/modules/services/backup/duplicati.nix index 80287f30b813..a3af3d9b5c9f 100644 --- a/nixos/modules/services/backup/duplicati.nix +++ b/nixos/modules/services/backup/duplicati.nix @@ -19,7 +19,7 @@ in }; interface = mkOption { - default = "lo"; + default = "127.0.0.1"; type = types.str; description = '' Listening interface for the web UI diff --git a/nixos/modules/services/cluster/kubernetes/default.nix b/nixos/modules/services/cluster/kubernetes/default.nix index 5e46bfc4240f..143b41f57f6a 100644 --- a/nixos/modules/services/cluster/kubernetes/default.nix +++ b/nixos/modules/services/cluster/kubernetes/default.nix @@ -72,13 +72,6 @@ let default = null; }; }; - - kubeConfigDefaults = { - server = mkDefault cfg.kubeconfig.server; - caFile = mkDefault cfg.kubeconfig.caFile; - certFile = mkDefault cfg.kubeconfig.certFile; - keyFile = mkDefault cfg.kubeconfig.keyFile; - }; in { ###### interface diff --git a/nixos/modules/services/cluster/kubernetes/kubelet.nix b/nixos/modules/services/cluster/kubernetes/kubelet.nix index ccc8a16e788a..4c5df96bcc6a 100644 --- a/nixos/modules/services/cluster/kubernetes/kubelet.nix +++ b/nixos/modules/services/cluster/kubernetes/kubelet.nix @@ -28,13 +28,6 @@ let kubeconfig = top.lib.mkKubeConfig "kubelet" cfg.kubeconfig; - manifests = pkgs.buildEnv { - name = "kubernetes-manifests"; - paths = mapAttrsToList (name: manifest: - pkgs.writeTextDir "${name}.json" (builtins.toJSON manifest) - ) cfg.manifests; - }; - manifestPath = "kubernetes/manifests"; taintOptions = with lib.types; { name, ... }: { diff --git a/nixos/modules/services/cluster/kubernetes/pki.nix b/nixos/modules/services/cluster/kubernetes/pki.nix index e68660e8bdd4..47384ae50a07 100644 --- a/nixos/modules/services/cluster/kubernetes/pki.nix +++ b/nixos/modules/services/cluster/kubernetes/pki.nix @@ -118,7 +118,6 @@ in cfsslCertPathPrefix = "${config.services.cfssl.dataDir}/cfssl"; cfsslCert = "${cfsslCertPathPrefix}.pem"; cfsslKey = "${cfsslCertPathPrefix}-key.pem"; - cfsslPort = toString config.services.cfssl.port; certmgrPaths = [ top.caFile diff --git a/nixos/modules/services/databases/cassandra.nix b/nixos/modules/services/databases/cassandra.nix index 688938868020..e2ea9fcda6b0 100644 --- a/nixos/modules/services/databases/cassandra.nix +++ b/nixos/modules/services/databases/cassandra.nix @@ -8,18 +8,21 @@ let cassandraConfig = flip recursiveUpdate cfg.extraConfig ({ commitlog_sync = "batch"; commitlog_sync_batch_window_in_ms = 2; + start_native_transport = cfg.allowClients; + cluster_name = cfg.clusterName; partitioner = "org.apache.cassandra.dht.Murmur3Partitioner"; endpoint_snitch = "SimpleSnitch"; - seed_provider = - [{ class_name = "org.apache.cassandra.locator.SimpleSeedProvider"; - parameters = [ { seeds = "127.0.0.1"; } ]; - }]; data_file_directories = [ "${cfg.homeDir}/data" ]; commitlog_directory = "${cfg.homeDir}/commitlog"; saved_caches_directory = "${cfg.homeDir}/saved_caches"; - } // (if builtins.compareVersions cfg.package.version "3" >= 0 - then { hints_directory = "${cfg.homeDir}/hints"; } - else {}) + } // (lib.optionalAttrs (cfg.seedAddresses != []) { + seed_provider = [{ + class_name = "org.apache.cassandra.locator.SimpleSeedProvider"; + parameters = [ { seeds = concatStringsSep "," cfg.seedAddresses; } ]; + }]; + }) // (lib.optionalAttrs (lib.versionAtLeast cfg.package.version "3") { + hints_directory = "${cfg.homeDir}/hints"; + }) ); cassandraConfigWithAddresses = cassandraConfig // ( if cfg.listenAddress == null @@ -39,15 +42,42 @@ let mkdir -p "$out" echo "$cassandraYaml" > "$out/cassandra.yaml" - ln -s "$cassandraEnvPkg" "$out/cassandra-env.sh" ln -s "$cassandraLogbackConfig" "$out/logback.xml" + + cp "$cassandraEnvPkg" "$out/cassandra-env.sh" + + # Delete default JMX Port, otherwise we can't set it using env variable + sed -i '/JMX_PORT="7199"/d' "$out/cassandra-env.sh" + + # Delete default password file + sed -i '/-Dcom.sun.management.jmxremote.password.file=\/etc\/cassandra\/jmxremote.password/d' "$out/cassandra-env.sh" ''; }; + defaultJmxRolesFile = builtins.foldl' + (left: right: left + right) "" + (map (role: "${role.username} ${role.password}") cfg.jmxRoles); + fullJvmOptions = cfg.jvmOpts + ++ lib.optionals (cfg.jmxRoles != []) [ + "-Dcom.sun.management.jmxremote.authenticate=true" + "-Dcom.sun.management.jmxremote.password.file=${cfg.jmxRolesFile}" + ] + ++ lib.optionals cfg.remoteJmx [ + "-Djava.rmi.server.hostname=${cfg.rpcAddress}" + ]; in { options.services.cassandra = { enable = mkEnableOption '' Apache Cassandra – Scalable and highly available database. ''; + clusterName = mkOption { + type = types.str; + default = "NixOS Test Cluster"; + description = '' + The name of the cluster. + This setting prevents nodes in one logical cluster from joining + another. All nodes in a cluster must have the same value. + ''; + }; user = mkOption { type = types.str; default = defaultUser; @@ -162,6 +192,28 @@ in { XML logback configuration for cassandra ''; }; + seedAddresses = mkOption { + type = types.listOf types.str; + default = [ "127.0.0.1" ]; + description = '' + The addresses of hosts designated as contact points in the cluster. A + joining node contacts one of the nodes in the seeds list to learn the + topology of the ring. + Set to 127.0.0.1 for a single node cluster. + ''; + }; + allowClients = mkOption { + type = types.bool; + default = true; + description = '' + Enables or disables the native transport server (CQL binary protocol). + This server uses the same address as the <literal>rpcAddress</literal>, + but the port it uses is not <literal>rpc_port</literal> but + <literal>native_transport_port</literal>. See the official Cassandra + docs for more information on these variables and set them using + <literal>extraConfig</literal>. + ''; + }; extraConfig = mkOption { type = types.attrs; default = {}; @@ -178,11 +230,11 @@ in { example = literalExample "null"; description = '' Set the interval how often full repairs are run, i.e. - `nodetool repair --full` is executed. See + <literal>nodetool repair --full</literal> is executed. See https://cassandra.apache.org/doc/latest/operating/repair.html for more information. - Set to `null` to disable full repairs. + Set to <literal>null</literal> to disable full repairs. ''; }; fullRepairOptions = mkOption { @@ -199,11 +251,11 @@ in { example = literalExample "null"; description = '' Set the interval how often incremental repairs are run, i.e. - `nodetool repair` is executed. See + <literal>nodetool repair</literal> is executed. See https://cassandra.apache.org/doc/latest/operating/repair.html for more information. - Set to `null` to disable incremental repairs. + Set to <literal>null</literal> to disable incremental repairs. ''; }; incrementalRepairOptions = mkOption { @@ -214,20 +266,135 @@ in { Options passed through to the incremental repair command. ''; }; + maxHeapSize = mkOption { + type = types.nullOr types.string; + default = null; + example = "4G"; + description = '' + Must be left blank or set together with heapNewSize. + If left blank a sensible value for the available amount of RAM and CPU + cores is calculated. + + Override to set the amount of memory to allocate to the JVM at + start-up. For production use you may wish to adjust this for your + environment. MAX_HEAP_SIZE is the total amount of memory dedicated + to the Java heap. HEAP_NEWSIZE refers to the size of the young + generation. + + The main trade-off for the young generation is that the larger it + is, the longer GC pause times will be. The shorter it is, the more + expensive GC will be (usually). + ''; + }; + heapNewSize = mkOption { + type = types.nullOr types.string; + default = null; + example = "800M"; + description = '' + Must be left blank or set together with heapNewSize. + If left blank a sensible value for the available amount of RAM and CPU + cores is calculated. + + Override to set the amount of memory to allocate to the JVM at + start-up. For production use you may wish to adjust this for your + environment. HEAP_NEWSIZE refers to the size of the young + generation. + + The main trade-off for the young generation is that the larger it + is, the longer GC pause times will be. The shorter it is, the more + expensive GC will be (usually). + + The example HEAP_NEWSIZE assumes a modern 8-core+ machine for decent pause + times. If in doubt, and if you do not particularly want to tweak, go with + 100 MB per physical CPU core. + ''; + }; + mallocArenaMax = mkOption { + type = types.nullOr types.int; + default = null; + example = 4; + description = '' + Set this to control the amount of arenas per-thread in glibc. + ''; + }; + remoteJmx = mkOption { + type = types.bool; + default = false; + description = '' + Cassandra ships with JMX accessible *only* from localhost. + To enable remote JMX connections set to true. + + Be sure to also enable authentication and/or TLS. + See: https://wiki.apache.org/cassandra/JmxSecurity + ''; + }; + jmxPort = mkOption { + type = types.int; + default = 7199; + description = '' + Specifies the default port over which Cassandra will be available for + JMX connections. + For security reasons, you should not expose this port to the internet. + Firewall it if needed. + ''; + }; + jmxRoles = mkOption { + default = []; + description = '' + Roles that are allowed to access the JMX (e.g. nodetool) + BEWARE: The passwords will be stored world readable in the nix-store. + It's recommended to use your own protected file using + <literal>jmxRolesFile</literal> + + Doesn't work in versions older than 3.11 because they don't like that + it's world readable. + ''; + type = types.listOf (types.submodule { + options = { + username = mkOption { + type = types.string; + description = "Username for JMX"; + }; + password = mkOption { + type = types.string; + description = "Password for JMX"; + }; + }; + }); + }; + jmxRolesFile = mkOption { + type = types.nullOr types.path; + default = if (lib.versionAtLeast cfg.package.version "3.11") + then pkgs.writeText "jmx-roles-file" defaultJmxRolesFile + else null; + example = "/var/lib/cassandra/jmx.password"; + description = '' + Specify your own jmx roles file. + + Make sure the permissions forbid "others" from reading the file if + you're using Cassandra below version 3.11. + ''; + }; }; config = mkIf cfg.enable { assertions = - [ { assertion = - (cfg.listenAddress == null || cfg.listenInterface == null) - && !(cfg.listenAddress == null && cfg.listenInterface == null); + [ { assertion = (cfg.listenAddress == null) != (cfg.listenInterface == null); message = "You have to set either listenAddress or listenInterface"; } - { assertion = - (cfg.rpcAddress == null || cfg.rpcInterface == null) - && !(cfg.rpcAddress == null && cfg.rpcInterface == null); + { assertion = (cfg.rpcAddress == null) != (cfg.rpcInterface == null); message = "You have to set either rpcAddress or rpcInterface"; } + { assertion = (cfg.maxHeapSize == null) == (cfg.heapNewSize == null); + message = "If you set either of maxHeapSize or heapNewSize you have to set both"; + } + { assertion = cfg.remoteJmx -> cfg.jmxRolesFile != null; + message = '' + If you want JMX available remotely you need to set a password using + <literal>jmxRoles</literal> or <literal>jmxRolesFile</literal> if + using Cassandra older than v3.11. + ''; + } ]; users = mkIf (cfg.user == defaultUser) { extraUsers."${defaultUser}" = @@ -245,7 +412,12 @@ in { after = [ "network.target" ]; environment = { CASSANDRA_CONF = "${cassandraEtc}"; - JVM_OPTS = builtins.concatStringsSep " " cfg.jvmOpts; + JVM_OPTS = builtins.concatStringsSep " " fullJvmOptions; + MAX_HEAP_SIZE = toString cfg.maxHeapSize; + HEAP_NEWSIZE = toString cfg.heapNewSize; + MALLOC_ARENA_MAX = toString cfg.mallocArenaMax; + LOCAL_JMX = if cfg.remoteJmx then "no" else "yes"; + JMX_PORT = toString cfg.jmxPort; }; wantedBy = [ "multi-user.target" ]; serviceConfig = diff --git a/nixos/modules/services/databases/foundationdb.xml b/nixos/modules/services/databases/foundationdb.xml index bf4b644c9b86..b0b1ebeab45f 100644 --- a/nixos/modules/services/databases/foundationdb.xml +++ b/nixos/modules/services/databases/foundationdb.xml @@ -47,14 +47,14 @@ services.foundationdb.package = pkgs.foundationdb52; # FoundationDB 5.2.x After running <command>nixos-rebuild</command>, you can verify whether FoundationDB is running by executing <command>fdbcli</command> (which is added to <option>environment.systemPackages</option>): -<programlisting> -$ sudo -u foundationdb fdbcli +<screen> +<prompt>$ </prompt>sudo -u foundationdb fdbcli Using cluster file `/etc/foundationdb/fdb.cluster'. The database is available. Welcome to the fdbcli. For help, type `help'. -fdb> status +<prompt>fdb> </prompt>status Using cluster file `/etc/foundationdb/fdb.cluster'. @@ -72,8 +72,8 @@ Cluster: ... -fdb> -</programlisting> +<prompt>fdb></prompt> +</screen> </para> <para> @@ -82,8 +82,8 @@ fdb> cluster status, as a quick example. (This example uses <command>nix-shell</command> shebang support to automatically supply the necessary Python modules). -<programlisting> -a@link> cat fdb-status.py +<screen> +<prompt>a@link> </prompt>cat fdb-status.py #! /usr/bin/env nix-shell #! nix-shell -i python -p python pythonPackages.foundationdb52 @@ -103,11 +103,11 @@ def main(): if __name__ == "__main__": main() -a@link> chmod +x fdb-status.py -a@link> ./fdb-status.py +<prompt>a@link> </prompt>chmod +x fdb-status.py +<prompt>a@link> </prompt>./fdb-status.py FoundationDB available: True -a@link> -</programlisting> +<prompt>a@link></prompt> +</screen> </para> <para> @@ -266,10 +266,10 @@ services.foundationdb.dataDir = "/data/fdb"; <emphasis>every</emphasis> node a coordinator automatically: </para> -<programlisting> -fdbcli> configure double ssd -fdbcli> coordinators auto -</programlisting> +<screen> +<prompt>fdbcli> </prompt>configure double ssd +<prompt>fdbcli> </prompt>coordinators auto +</screen> <para> This will transparently update all the servers within seconds, and @@ -386,10 +386,10 @@ services.foundationdb.extraReadWritePaths = [ "/opt/fdb-backups" ]; You can now perform a backup: </para> -<programlisting> -$ sudo -u foundationdb fdbbackup start -t default -d file:///opt/fdb-backups -$ sudo -u foundationdb fdbbackup status -t default -</programlisting> +<screen> +<prompt>$ </prompt>sudo -u foundationdb fdbbackup start -t default -d file:///opt/fdb-backups +<prompt>$ </prompt>sudo -u foundationdb fdbbackup status -t default +</screen> </section> <section xml:id="module-services-foundationdb-limitations"> <title>Known limitations</title> diff --git a/nixos/modules/services/databases/postgresql.xml b/nixos/modules/services/databases/postgresql.xml index 14f4d4909bc0..00bb02dcc5bf 100644 --- a/nixos/modules/services/databases/postgresql.xml +++ b/nixos/modules/services/databases/postgresql.xml @@ -42,11 +42,11 @@ whether PostgreSQL works by running <command>psql</command>: <screen> -$ psql +<prompt>$ </prompt>psql psql (9.2.9) Type "help" for help. -alice=> +<prompt>alice=></prompt> </screen> --> diff --git a/nixos/modules/services/desktops/flatpak.xml b/nixos/modules/services/desktops/flatpak.xml index 8045d5fa14f8..fb27bd1f62b2 100644 --- a/nixos/modules/services/desktops/flatpak.xml +++ b/nixos/modules/services/desktops/flatpak.xml @@ -21,7 +21,7 @@ <filename>configuration.nix</filename>: <programlisting> <xref linkend="opt-services.flatpak.enable"/> = true; - </programlisting> +</programlisting> </para> <para> For the sandboxed apps to work correctly, desktop integration portals need to @@ -30,27 +30,27 @@ <filename>configuration.nix</filename>: <programlisting> <xref linkend="opt-services.flatpak.extraPortals"/> = [ pkgs.xdg-desktop-portal-gtk ]; - </programlisting> +</programlisting> </para> <para> Then, you will need to add a repository, for example, <link xlink:href="https://github.com/flatpak/flatpak/wiki">Flathub</link>, either using the following commands: -<programlisting> - flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo - flatpak update - </programlisting> +<screen> +<prompt>$ </prompt>flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo +<prompt>$ </prompt>flatpak update +</screen> or by opening the <link xlink:href="https://flathub.org/repo/flathub.flatpakrepo">repository file</link> in GNOME Software. </para> <para> Finally, you can search and install programs: -<programlisting> - flatpak search bustle - flatpak install flathub org.freedesktop.Bustle - flatpak run org.freedesktop.Bustle - </programlisting> +<screen> +<prompt>$ </prompt>flatpak search bustle +<prompt>$ </prompt>flatpak install flathub org.freedesktop.Bustle +<prompt>$ </prompt>flatpak run org.freedesktop.Bustle +</screen> Again, GNOME Software offers graphical interface for these tasks. </para> </chapter> diff --git a/nixos/modules/services/editors/emacs.xml b/nixos/modules/services/editors/emacs.xml index 1ac53c818a7f..88d7c4e1daf0 100644 --- a/nixos/modules/services/editors/emacs.xml +++ b/nixos/modules/services/editors/emacs.xml @@ -238,8 +238,8 @@ in <para> You can check that it works by executing this in a terminal: <screen> -$ nix-build emacs.nix -$ ./result/bin/emacs -q +<prompt>$ </prompt>nix-build emacs.nix +<prompt>$ </prompt>./result/bin/emacs -q </screen> and then typing <literal>M-x package-initialize</literal>. Check that you can use all the packages you want in this Emacs instance. For example, try @@ -403,9 +403,9 @@ in [...] <para> To start the daemon, execute the following: <screen> -$ nixos-rebuild switch # to activate the new configuration.nix -$ systemctl --user daemon-reload # to force systemd reload -$ systemctl --user start emacs.service # to start the Emacs daemon +<prompt>$ </prompt>nixos-rebuild switch # to activate the new configuration.nix +<prompt>$ </prompt>systemctl --user daemon-reload # to force systemd reload +<prompt>$ </prompt>systemctl --user start emacs.service # to start the Emacs daemon </screen> The server should now be ready to serve Emacs clients. </para> diff --git a/nixos/modules/services/hardware/80-net-setup-link.rules b/nixos/modules/services/hardware/80-net-setup-link.rules deleted file mode 100644 index 18547f170a3f..000000000000 --- a/nixos/modules/services/hardware/80-net-setup-link.rules +++ /dev/null @@ -1,13 +0,0 @@ -# Copied from systemd 203. -ACTION=="remove", GOTO="net_name_slot_end" -SUBSYSTEM!="net", GOTO="net_name_slot_end" -NAME!="", GOTO="net_name_slot_end" - -IMPORT{cmdline}="net.ifnames" -ENV{net.ifnames}=="0", GOTO="net_name_slot_end" - -NAME=="", ENV{ID_NET_NAME_ONBOARD}!="", NAME="$env{ID_NET_NAME_ONBOARD}" -NAME=="", ENV{ID_NET_NAME_SLOT}!="", NAME="$env{ID_NET_NAME_SLOT}" -NAME=="", ENV{ID_NET_NAME_PATH}!="", NAME="$env{ID_NET_NAME_PATH}" - -LABEL="net_name_slot_end" diff --git a/nixos/modules/services/hardware/triggerhappy.nix b/nixos/modules/services/hardware/triggerhappy.nix index bffe7353b10e..a500cb4fc367 100644 --- a/nixos/modules/services/hardware/triggerhappy.nix +++ b/nixos/modules/services/hardware/triggerhappy.nix @@ -17,7 +17,7 @@ let ${cfg.extraConfig} ''; - bindingCfg = { config, ... }: { + bindingCfg = { ... }: { options = { keys = mkOption { diff --git a/nixos/modules/services/hardware/udev.nix b/nixos/modules/services/hardware/udev.nix index 0266286aaacf..83ab93bd7cfc 100644 --- a/nixos/modules/services/hardware/udev.nix +++ b/nixos/modules/services/hardware/udev.nix @@ -85,7 +85,7 @@ let for i in $import_progs $run_progs; do if [[ ! -x $i ]]; then echo "FAIL" - echo "$i is called in udev rules but not installed by udev" + echo "$i is called in udev rules but is not executable or does not exist" exit 1 fi done @@ -116,10 +116,6 @@ let exit 1 fi - ${optionalString config.networking.usePredictableInterfaceNames '' - cp ${./80-net-setup-link.rules} $out/80-net-setup-link.rules - ''} - # If auto-configuration is disabled, then remove # udev's 80-drivers.rules file, which contains rules for # automatically calling modprobe. @@ -282,6 +278,8 @@ in services.udev.path = [ pkgs.coreutils pkgs.gnused pkgs.gnugrep pkgs.utillinux udev ]; + boot.kernelParams = mkIf (!config.networking.usePredictableInterfaceNames) [ "net.ifnames=0" ]; + environment.etc = [ { source = udevRules; target = "udev/rules.d"; diff --git a/nixos/modules/services/mail/rspamd.nix b/nixos/modules/services/mail/rspamd.nix index c9ba86780213..5541b8b79b7e 100644 --- a/nixos/modules/services/mail/rspamd.nix +++ b/nixos/modules/services/mail/rspamd.nix @@ -5,7 +5,6 @@ with lib; let cfg = config.services.rspamd; - opts = options.services.rspamd; postfixCfg = config.services.postfix; bindSocketOpts = {options, config, ... }: { diff --git a/nixos/modules/services/misc/gitea.nix b/nixos/modules/services/misc/gitea.nix index 7daa2dd0d4cc..d1807a906197 100644 --- a/nixos/modules/services/misc/gitea.nix +++ b/nixos/modules/services/misc/gitea.nix @@ -307,6 +307,7 @@ in systemd.tmpfiles.rules = [ "d '${cfg.stateDir}' - ${cfg.user} gitea - -" "d '${cfg.stateDir}/conf' - ${cfg.user} gitea - -" + "d '${cfg.stateDir}/custom' - ${cfg.user} gitea - -" "d '${cfg.stateDir}/custom/conf' - ${cfg.user} gitea - -" "d '${cfg.repositoryRoot}' - ${cfg.user} gitea - -" "Z '${cfg.stateDir}' - ${cfg.user} gitea - -" diff --git a/nixos/modules/services/misc/gitlab.xml b/nixos/modules/services/misc/gitlab.xml index ab99d7bd3a60..5ff570a442f6 100644 --- a/nixos/modules/services/misc/gitlab.xml +++ b/nixos/modules/services/misc/gitlab.xml @@ -138,13 +138,13 @@ services.gitlab = { <para> For example, to backup a Gitlab instance: -<programlisting> -$ sudo -u git -H gitlab-rake gitlab:backup:create -</programlisting> +<screen> +<prompt>$ </prompt>sudo -u git -H gitlab-rake gitlab:backup:create +</screen> A list of all availabe rake tasks can be obtained by running: -<programlisting> -$ sudo -u git -H gitlab-rake -T -</programlisting> +<screen> +<prompt>$ </prompt>sudo -u git -H gitlab-rake -T +</screen> </para> </section> </chapter> diff --git a/nixos/modules/services/misc/phd.nix b/nixos/modules/services/misc/phd.nix deleted file mode 100644 index e605ce5de16e..000000000000 --- a/nixos/modules/services/misc/phd.nix +++ /dev/null @@ -1,52 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; - -let - - cfg = config.services.phd; - -in - -{ - - ###### interface - - options = { - - services.phd = { - - enable = mkOption { - default = false; - description = " - Enable daemons for phabricator. - "; - }; - - }; - - }; - - ###### implementation - - config = mkIf cfg.enable { - - systemd.services.phd = { - path = [ pkgs.phabricator pkgs.php pkgs.mercurial pkgs.git pkgs.subversion ]; - - after = [ "httpd.service" ]; - wantedBy = [ "multi-user.target" ]; - - serviceConfig = { - ExecStart = "${pkgs.phabricator}/phabricator/bin/phd start"; - ExecStop = "${pkgs.phabricator}/phabricator/bin/phd stop"; - User = "wwwrun"; - RestartSec = "30s"; - Restart = "always"; - StartLimitInterval = "1m"; - }; - }; - - }; - -} diff --git a/nixos/modules/services/misc/taskserver/doc.xml b/nixos/modules/services/misc/taskserver/doc.xml index 5eac8d9ef784..5656bb85b373 100644 --- a/nixos/modules/services/misc/taskserver/doc.xml +++ b/nixos/modules/services/misc/taskserver/doc.xml @@ -105,7 +105,7 @@ Now in order to import the <literal>alice</literal> user to another machine <literal>alicebox</literal>, all we need to do is something like this: <screen> -$ ssh server nixos-taskserver user export my-company alice | sh +<prompt>$ </prompt>ssh server nixos-taskserver user export my-company alice | sh </screen> Of course, if no SSH daemon is available on the server you can also copy & paste it directly into a shell. diff --git a/nixos/modules/services/monitoring/alerta.nix b/nixos/modules/services/monitoring/alerta.nix index 8f4258e26ded..d423a91993c7 100644 --- a/nixos/modules/services/monitoring/alerta.nix +++ b/nixos/modules/services/monitoring/alerta.nix @@ -1,4 +1,4 @@ -{ options, config, lib, pkgs, ... }: +{ config, lib, pkgs, ... }: with lib; diff --git a/nixos/modules/services/monitoring/grafana-reporter.nix b/nixos/modules/services/monitoring/grafana-reporter.nix index 827cf6322cfd..b5a78e4583e1 100644 --- a/nixos/modules/services/monitoring/grafana-reporter.nix +++ b/nixos/modules/services/monitoring/grafana-reporter.nix @@ -1,4 +1,4 @@ -{ options, config, lib, pkgs, ... }: +{ config, lib, pkgs, ... }: with lib; diff --git a/nixos/modules/services/monitoring/kapacitor.nix b/nixos/modules/services/monitoring/kapacitor.nix index a4bdfa8f8053..cc4074be111b 100644 --- a/nixos/modules/services/monitoring/kapacitor.nix +++ b/nixos/modules/services/monitoring/kapacitor.nix @@ -1,4 +1,4 @@ -{ options, config, lib, pkgs, ... }: +{ config, lib, pkgs, ... }: with lib; diff --git a/nixos/modules/services/monitoring/prometheus/exporters.xml b/nixos/modules/services/monitoring/prometheus/exporters.xml index 7a0a1bdf2c14..81ac998729be 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters.xml +++ b/nixos/modules/services/monitoring/prometheus/exporters.xml @@ -112,65 +112,65 @@ directory, which will be called postfix.nix and contains all exporter specific options and configuration: <programlisting> - # nixpgs/nixos/modules/services/prometheus/exporters/postfix.nix - { config, lib, pkgs }: +# nixpgs/nixos/modules/services/prometheus/exporters/postfix.nix +{ config, lib, pkgs }: - with lib; +with lib; - let - # for convenience we define cfg here - cfg = config.services.prometheus.exporters.postfix; - in - { - port = 9154; # The postfix exporter listens on this port by default +let + # for convenience we define cfg here + cfg = config.services.prometheus.exporters.postfix; +in +{ + port = 9154; # The postfix exporter listens on this port by default - # `extraOpts` is an attribute set which contains additional options - # (and optional overrides for default options). - # Note that this attribute is optional. - extraOpts = { - telemetryPath = mkOption { - type = types.str; - default = "/metrics"; - description = '' - Path under which to expose metrics. - ''; - }; - logfilePath = mkOption { - type = types.path; - default = /var/log/postfix_exporter_input.log; - example = /var/log/mail.log; - description = '' - Path where Postfix writes log entries. - This file will be truncated by this exporter! - ''; - }; - showqPath = mkOption { - type = types.path; - default = /var/spool/postfix/public/showq; - example = /var/lib/postfix/queue/public/showq; - description = '' - Path at which Postfix places its showq socket. - ''; - }; - }; + # `extraOpts` is an attribute set which contains additional options + # (and optional overrides for default options). + # Note that this attribute is optional. + extraOpts = { + telemetryPath = mkOption { + type = types.str; + default = "/metrics"; + description = '' + Path under which to expose metrics. + ''; + }; + logfilePath = mkOption { + type = types.path; + default = /var/log/postfix_exporter_input.log; + example = /var/log/mail.log; + description = '' + Path where Postfix writes log entries. + This file will be truncated by this exporter! + ''; + }; + showqPath = mkOption { + type = types.path; + default = /var/spool/postfix/public/showq; + example = /var/lib/postfix/queue/public/showq; + description = '' + Path at which Postfix places its showq socket. + ''; + }; + }; - # `serviceOpts` is an attribute set which contains configuration - # for the exporter's systemd service. One of - # `serviceOpts.script` and `serviceOpts.serviceConfig.ExecStart` - # has to be specified here. This will be merged with the default - # service confiuration. - serviceOpts = { - serviceConfig = { - ExecStart = '' - ${pkgs.prometheus-postfix-exporter}/bin/postfix_exporter \ - --web.listen-address ${cfg.listenAddress}:${toString cfg.port} \ - --web.telemetry-path ${cfg.telemetryPath} \ - ${concatStringsSep " \\\n " cfg.extraFlags} - ''; - }; - }; - } - </programlisting> + # `serviceOpts` is an attribute set which contains configuration + # for the exporter's systemd service. One of + # `serviceOpts.script` and `serviceOpts.serviceConfig.ExecStart` + # has to be specified here. This will be merged with the default + # service confiuration. + serviceOpts = { + serviceConfig = { + ExecStart = '' + ${pkgs.prometheus-postfix-exporter}/bin/postfix_exporter \ + --web.listen-address ${cfg.listenAddress}:${toString cfg.port} \ + --web.telemetry-path ${cfg.telemetryPath} \ + ${concatStringsSep " \\\n " cfg.extraFlags} + ''; + }; + }; +} +</programlisting> </para> </listitem> <listitem> diff --git a/nixos/modules/services/monitoring/prometheus/exporters/node.nix b/nixos/modules/services/monitoring/prometheus/exporters/node.nix index ee7bf39f199a..8c4128f9b634 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters/node.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters/node.nix @@ -32,8 +32,7 @@ in ${pkgs.prometheus-node-exporter}/bin/node_exporter \ ${concatMapStringsSep " " (x: "--collector." + x) cfg.enabledCollectors} \ ${concatMapStringsSep " " (x: "--no-collector." + x) cfg.disabledCollectors} \ - --web.listen-address ${cfg.listenAddress}:${toString cfg.port} \ - ${concatStringsSep " \\\n " cfg.extraFlags} + --web.listen-address ${cfg.listenAddress}:${toString cfg.port} ${concatStringsSep " " cfg.extraFlags} ''; }; }; diff --git a/nixos/modules/services/network-filesystems/samba.nix b/nixos/modules/services/network-filesystems/samba.nix index 10dc58311212..69368441c62c 100644 --- a/nixos/modules/services/network-filesystems/samba.nix +++ b/nixos/modules/services/network-filesystems/samba.nix @@ -86,10 +86,10 @@ in <note> <para>If you use the firewall consider adding the following:</para> - <programlisting> - networking.firewall.allowedTCPPorts = [ 139 445 ]; - networking.firewall.allowedUDPPorts = [ 137 138 ]; - </programlisting> + <programlisting> + networking.firewall.allowedTCPPorts = [ 139 445 ]; + networking.firewall.allowedUDPPorts = [ 137 138 ]; + </programlisting> </note> ''; }; diff --git a/nixos/modules/services/networking/avahi-daemon.nix b/nixos/modules/services/networking/avahi-daemon.nix index 4c91a0c415b6..ddcfe3d77e2f 100644 --- a/nixos/modules/services/networking/avahi-daemon.nix +++ b/nixos/modules/services/networking/avahi-daemon.nix @@ -1,10 +1,8 @@ -# Avahi daemon. { config, lib, pkgs, ... }: with lib; let - cfg = config.services.avahi; yesNo = yes : if yes then "yes" else "no"; @@ -39,215 +37,245 @@ let enable-reflector=${yesNo reflector} ${extraConfig} ''; - in - { + options.services.avahi = { + enable = mkOption { + type = types.bool; + default = false; + description = '' + Whether to run the Avahi daemon, which allows Avahi clients + to use Avahi's service discovery facilities and also allows + the local machine to advertise its presence and services + (through the mDNS responder implemented by `avahi-daemon'). + ''; + }; - ###### interface + hostName = mkOption { + type = types.str; + default = config.networking.hostName; + defaultText = literalExample "config.networking.hostName"; + description = '' + Host name advertised on the LAN. If not set, avahi will use the value + of <option>config.networking.hostName</option>. + ''; + }; - options = { + domainName = mkOption { + type = types.str; + default = "local"; + description = '' + Domain name for all advertisements. + ''; + }; - services.avahi = { + browseDomains = mkOption { + type = types.listOf types.str; + default = [ ]; + example = [ "0pointer.de" "zeroconf.org" ]; + description = '' + List of non-local DNS domains to be browsed. + ''; + }; - enable = mkOption { - default = false; - description = '' - Whether to run the Avahi daemon, which allows Avahi clients - to use Avahi's service discovery facilities and also allows - the local machine to advertise its presence and services - (through the mDNS responder implemented by `avahi-daemon'). - ''; - }; + ipv4 = mkOption { + type = types.bool; + default = true; + description = "Whether to use IPv4."; + }; - hostName = mkOption { - type = types.str; - description = '' - Host name advertised on the LAN. If not set, avahi will use the value - of config.networking.hostName. - ''; - }; + ipv6 = mkOption { + type = types.bool; + default = false; + description = "Whether to use IPv6."; + }; - domainName = mkOption { - type = types.str; - default = "local"; - description = '' - Domain name for all advertisements. - ''; - }; + interfaces = mkOption { + type = types.nullOr (types.listOf types.str); + default = null; + description = '' + List of network interfaces that should be used by the <command>avahi-daemon</command>. + Other interfaces will be ignored. If <literal>null</literal>, all local interfaces + except loopback and point-to-point will be used. + ''; + }; - browseDomains = mkOption { - default = [ ]; - example = [ "0pointer.de" "zeroconf.org" ]; - description = '' - List of non-local DNS domains to be browsed. - ''; - }; + openFirewall = mkOption { + type = types.bool; + default = true; + description = '' + Whether to open the firewall for UDP port 5353. + ''; + }; - ipv4 = mkOption { - default = true; - description = ''Whether to use IPv4''; - }; + allowPointToPoint = mkOption { + type = types.bool; + default = false; + description= '' + Whether to use POINTTOPOINT interfaces. Might make mDNS unreliable due to usually large + latencies with such links and opens a potential security hole by allowing mDNS access from Internet + connections. + ''; + }; - ipv6 = mkOption { - default = false; - description = ''Whether to use IPv6''; - }; + wideArea = mkOption { + type = types.bool; + default = true; + description = "Whether to enable wide-area service discovery."; + }; - interfaces = mkOption { - type = types.nullOr (types.listOf types.str); - default = null; - description = '' - List of network interfaces that should be used by the <command>avahi-daemon</command>. - Other interfaces will be ignored. If <literal>null</literal> all local interfaces - except loopback and point-to-point will be used. - ''; - }; + reflector = mkOption { + type = types.bool; + default = false; + description = "Reflect incoming mDNS requests to all allowed network interfaces."; + }; - allowPointToPoint = mkOption { - default = false; - description= '' - Whether to use POINTTOPOINT interfaces. Might make mDNS unreliable due to usually large - latencies with such links and opens a potential security hole by allowing mDNS access from Internet - connections. Use with care and YMMV! - ''; - }; + extraServiceFiles = mkOption { + type = with types; attrsOf (either str path); + default = {}; + example = literalExample '' + { + ssh = "''${pkgs.avahi}/etc/avahi/services/ssh.service"; + smb = ''' + <?xml version="1.0" standalone='no'?><!--*-nxml-*--> + <!DOCTYPE service-group SYSTEM "avahi-service.dtd"> + <service-group> + <name replace-wildcards="yes">%h</name> + <service> + <type>_smb._tcp</type> + <port>445</port> + </service> + </service-group> + '''; + } + ''; + description = '' + Specify custom service definitions which are placed in the avahi service directory. + See the <citerefentry><refentrytitle>avahi.service</refentrytitle> + <manvolnum>5</manvolnum></citerefentry> manpage for detailed information. + ''; + }; - wideArea = mkOption { - default = true; - description = ''Whether to enable wide-area service discovery.''; + publish = { + enable = mkOption { + type = types.bool; + default = false; + description = "Whether to allow publishing in general."; }; - reflector = mkOption { + userServices = mkOption { + type = types.bool; default = false; - description = ''Reflect incoming mDNS requests to all allowed network interfaces.''; + description = "Whether to publish user services. Will set <literal>addresses=true</literal>."; }; - publish = { - enable = mkOption { - default = false; - description = ''Whether to allow publishing in general.''; - }; - - userServices = mkOption { - default = false; - description = ''Whether to publish user services. Will set <literal>addresses=true</literal>.''; - }; - - addresses = mkOption { - default = false; - description = ''Whether to register mDNS address records for all local IP addresses.''; - }; - - hinfo = mkOption { - default = false; - description = '' - Whether to register an mDNS HINFO record which contains information about the - local operating system and CPU. - ''; - }; - - workstation = mkOption { - default = false; - description = ''Whether to register a service of type "_workstation._tcp" on the local LAN.''; - }; - - domain = mkOption { - default = false; - description = ''Whether to announce the locally used domain name for browsing by other hosts.''; - }; - + addresses = mkOption { + type = types.bool; + default = false; + description = "Whether to register mDNS address records for all local IP addresses."; }; - nssmdns = mkOption { + hinfo = mkOption { + type = types.bool; default = false; description = '' - Whether to enable the mDNS NSS (Name Service Switch) plug-in. - Enabling it allows applications to resolve names in the `.local' - domain by transparently querying the Avahi daemon. + Whether to register a mDNS HINFO record which contains information about the + local operating system and CPU. ''; }; - cacheEntriesMax = mkOption { - default = null; - type = types.nullOr types.int; + workstation = mkOption { + type = types.bool; + default = false; description = '' - Number of resource records to be cached per interface. Use 0 to - disable caching. Avahi daemon defaults to 4096 if not set. + Whether to register a service of type "_workstation._tcp" on the local LAN. ''; }; - extraConfig = mkOption { - default = ""; - type = types.lines; - description = '' - Extra config to append to avahi-daemon.conf. - ''; + domain = mkOption { + type = types.bool; + default = false; + description = "Whether to announce the locally used domain name for browsing by other hosts."; }; - }; - }; + nssmdns = mkOption { + type = types.bool; + default = false; + description = '' + Whether to enable the mDNS NSS (Name Service Switch) plug-in. + Enabling it allows applications to resolve names in the `.local' + domain by transparently querying the Avahi daemon. + ''; + }; + cacheEntriesMax = mkOption { + type = types.nullOr types.int; + default = null; + description = '' + Number of resource records to be cached per interface. Use 0 to + disable caching. Avahi daemon defaults to 4096 if not set. + ''; + }; - ###### implementation + extraConfig = mkOption { + type = types.lines; + default = ""; + description = '' + Extra config to append to avahi-daemon.conf. + ''; + }; + }; config = mkIf cfg.enable { + users.users.avahi = { + description = "avahi-daemon privilege separation user"; + home = "/var/empty"; + group = "avahi"; + isSystemUser = true; + }; - services.avahi.hostName = mkDefault config.networking.hostName; - - users.users = singleton - { name = "avahi"; - uid = config.ids.uids.avahi; - description = "`avahi-daemon' privilege separation user"; - home = "/var/empty"; - }; - - users.groups = singleton - { name = "avahi"; - gid = config.ids.gids.avahi; - }; + users.groups.avahi = {}; system.nssModules = optional cfg.nssmdns pkgs.nssmdns; environment.systemPackages = [ pkgs.avahi ]; - systemd.sockets.avahi-daemon = - { description = "Avahi mDNS/DNS-SD Stack Activation Socket"; - listenStreams = [ "/run/avahi-daemon/socket" ]; - wantedBy = [ "sockets.target" ]; - }; + environment.etc = (mapAttrs' (n: v: nameValuePair + "avahi/services/${n}.service" + { ${if types.path.check v then "source" else "text"} = v; } + ) cfg.extraServiceFiles); - systemd.services.avahi-daemon = - { description = "Avahi mDNS/DNS-SD Stack"; - wantedBy = [ "multi-user.target" ]; - requires = [ "avahi-daemon.socket" ]; + systemd.sockets.avahi-daemon = { + description = "Avahi mDNS/DNS-SD Stack Activation Socket"; + listenStreams = [ "/run/avahi-daemon/socket" ]; + wantedBy = [ "sockets.target" ]; + }; - serviceConfig."NotifyAccess" = "main"; - serviceConfig."BusName" = "org.freedesktop.Avahi"; - serviceConfig."Type" = "dbus"; + systemd.tmpfiles.rules = [ "d /run/avahi-daemon - avahi avahi -" ]; - path = [ pkgs.coreutils pkgs.avahi ]; + systemd.services.avahi-daemon = { + description = "Avahi mDNS/DNS-SD Stack"; + wantedBy = [ "multi-user.target" ]; + requires = [ "avahi-daemon.socket" ]; - preStart = "mkdir -p /run/avahi-daemon"; + # Make NSS modules visible so that `avahi_nss_support ()' can + # return a sensible value. + environment.LD_LIBRARY_PATH = config.system.nssModules.path; - script = - '' - # Make NSS modules visible so that `avahi_nss_support ()' can - # return a sensible value. - export LD_LIBRARY_PATH="${config.system.nssModules.path}" + path = [ pkgs.coreutils pkgs.avahi ]; - exec ${pkgs.avahi}/sbin/avahi-daemon --syslog -f "${avahiDaemonConf}" - ''; + serviceConfig = { + NotifyAccess = "main"; + BusName = "org.freedesktop.Avahi"; + Type = "dbus"; + ExecStart = "${pkgs.avahi}/sbin/avahi-daemon --syslog -f ${avahiDaemonConf}"; }; + }; services.dbus.enable = true; services.dbus.packages = [ pkgs.avahi ]; - # Enabling Avahi without exposing it in the firewall doesn't make - # sense. - networking.firewall.allowedUDPPorts = [ 5353 ]; - + networking.firewall.allowedUDPPorts = mkIf cfg.openFirewall [ 5353 ]; }; - } diff --git a/nixos/modules/services/networking/bitcoind.nix b/nixos/modules/services/networking/bitcoind.nix index e94265564595..d3501636b41d 100644 --- a/nixos/modules/services/networking/bitcoind.nix +++ b/nixos/modules/services/networking/bitcoind.nix @@ -28,7 +28,7 @@ let "-datadir=${cfg.dataDir}" "-pid=${pidFile}" ]; - hexStr = types.strMatching "[0-9a-f]+"; + rpcUserOpts = { name, ... }: { options = { name = mkOption { diff --git a/nixos/modules/services/networking/ddclient.nix b/nixos/modules/services/networking/ddclient.nix index 9a2e13e9553c..04ce5ca3a874 100644 --- a/nixos/modules/services/networking/ddclient.nix +++ b/nixos/modules/services/networking/ddclient.nix @@ -20,8 +20,8 @@ let wildcard=YES quiet=${boolToStr cfg.quiet} verbose=${boolToStr cfg.verbose} - ${lib.concatStringsSep "," cfg.domains} ${cfg.extraConfig} + ${lib.concatStringsSep "," cfg.domains} ''; in diff --git a/nixos/modules/services/networking/dnscrypt-proxy.xml b/nixos/modules/services/networking/dnscrypt-proxy.xml index f90eef69848c..afc7880392a1 100644 --- a/nixos/modules/services/networking/dnscrypt-proxy.xml +++ b/nixos/modules/services/networking/dnscrypt-proxy.xml @@ -18,7 +18,7 @@ To enable the client proxy, set <programlisting> <xref linkend="opt-services.dnscrypt-proxy.enable"/> = true; - </programlisting> +</programlisting> </para> <para> @@ -36,7 +36,7 @@ the other client to it: <programlisting> <xref linkend="opt-services.dnscrypt-proxy.localPort"/> = 43; - </programlisting> +</programlisting> </para> <sect2 xml:id="sec-dnscrypt-proxy-forwarder-dsnmasq"> @@ -47,7 +47,7 @@ <xref linkend="opt-services.dnsmasq.enable"/> = true; <xref linkend="opt-services.dnsmasq.servers"/> = [ "127.0.0.1#43" ]; } - </programlisting> +</programlisting> </para> </sect2> @@ -59,7 +59,7 @@ <xref linkend="opt-services.unbound.enable"/> = true; <xref linkend="opt-services.unbound.forwardAddresses"/> = [ "127.0.0.1@43" ]; } - </programlisting> +</programlisting> </para> </sect2> </sect1> diff --git a/nixos/modules/services/networking/smokeping.nix b/nixos/modules/services/networking/smokeping.nix index fab3ed5bb39d..c41d0edaf17f 100644 --- a/nixos/modules/services/networking/smokeping.nix +++ b/nixos/modules/services/networking/smokeping.nix @@ -101,17 +101,17 @@ in ''; example = literalExample '' # near constant pings. - step = 30 - pings = 20 - # consfn mrhb steps total - AVERAGE 0.5 1 10080 - AVERAGE 0.5 12 43200 - MIN 0.5 12 43200 - MAX 0.5 12 43200 - AVERAGE 0.5 144 7200 - MAX 0.5 144 7200 - MIN 0.5 144 7200 - ''; + step = 30 + pings = 20 + # consfn mrhb steps total + AVERAGE 0.5 1 10080 + AVERAGE 0.5 12 43200 + MIN 0.5 12 43200 + MAX 0.5 12 43200 + AVERAGE 0.5 144 7200 + MAX 0.5 144 7200 + MIN 0.5 144 7200 + ''; description = ''Configure the ping frequency and retention of the rrd files. Once set, changing the interval will require deletion or migration of all the collected data.''; diff --git a/nixos/modules/services/networking/ssh/sshd.nix b/nixos/modules/services/networking/ssh/sshd.nix index 89f56a726f46..0f9d2420903b 100644 --- a/nixos/modules/services/networking/ssh/sshd.nix +++ b/nixos/modules/services/networking/ssh/sshd.nix @@ -4,7 +4,15 @@ with lib; let - sshconf = pkgs.runCommand "sshd.conf-validated" { nativeBuildInputs = [ cfgc.package ]; } '' + # The splicing information needed for nativeBuildInputs isn't available + # on the derivations likely to be used as `cfgc.package`. + # This middle-ground solution ensures *an* sshd can do their basic validation + # on the configuration. + validationPackage = if pkgs.stdenv.buildPlatform == pkgs.stdenv.hostPlatform + then [ cfgc.package ] + else [ pkgs.buildPackages.openssh ]; + + sshconf = pkgs.runCommand "sshd.conf-validated" { nativeBuildInputs = [ validationPackage ]; } '' cat >$out <<EOL ${cfg.extraConfig} EOL diff --git a/nixos/modules/services/system/kerberos/default.nix b/nixos/modules/services/system/kerberos/default.nix index 26ac85de402f..c55241c4cff1 100644 --- a/nixos/modules/services/system/kerberos/default.nix +++ b/nixos/modules/services/system/kerberos/default.nix @@ -1,4 +1,4 @@ -{pkgs, config, lib, ...}: +{config, lib, ...}: let inherit (lib) mkOption mkIf types length attrNames; diff --git a/nixos/modules/services/system/kerberos/heimdal.nix b/nixos/modules/services/system/kerberos/heimdal.nix index d0f470f836ed..f0e56c7951a4 100644 --- a/nixos/modules/services/system/kerberos/heimdal.nix +++ b/nixos/modules/services/system/kerberos/heimdal.nix @@ -2,7 +2,7 @@ let inherit (lib) mkIf concatStringsSep concatMapStrings toList mapAttrs - mapAttrsToList attrValues; + mapAttrsToList; cfg = config.services.kerberos_server; kerberos = config.krb5.kerberos; stateDir = "/var/heimdal"; diff --git a/nixos/modules/services/system/kerberos/mit.nix b/nixos/modules/services/system/kerberos/mit.nix index a53d9dd0c6b5..25d7d51e808a 100644 --- a/nixos/modules/services/system/kerberos/mit.nix +++ b/nixos/modules/services/system/kerberos/mit.nix @@ -2,7 +2,7 @@ let inherit (lib) mkIf concatStrings concatStringsSep concatMapStrings toList - mapAttrs mapAttrsToList attrValues; + mapAttrs mapAttrsToList; cfg = config.services.kerberos_server; kerberos = config.krb5.kerberos; stateDir = "/var/lib/krb5kdc"; diff --git a/nixos/modules/services/system/localtime.nix b/nixos/modules/services/system/localtime.nix index 8e9286b94078..04595fc82fbb 100644 --- a/nixos/modules/services/system/localtime.nix +++ b/nixos/modules/services/system/localtime.nix @@ -28,33 +28,16 @@ in { }; }; - # so polkit will pick up the rules - environment.systemPackages = [ pkgs.localtime ]; - - users.users = [{ - name = "localtimed"; - description = "Taskserver user"; - }]; + # We use the 'out' output, since localtime has its 'bin' output + # first, so that is what we get if we use the derivation bare. + # Install the polkit rules. + environment.systemPackages = [ pkgs.localtime.out ]; + # Install the systemd unit. + systemd.packages = [ pkgs.localtime.out ]; systemd.services.localtime = { - description = "localtime service"; wantedBy = [ "multi-user.target" ]; - partOf = [ "geoclue.service "]; - - serviceConfig = { - Restart = "on-failure"; - # TODO: make it work with dbus - #DynamicUser = true; - Nice = 10; - User = "localtimed"; - PrivateTmp = "yes"; - PrivateDevices = true; - PrivateNetwork = "yes"; - NoNewPrivileges = "yes"; - ProtectSystem = "strict"; - ProtectHome = true; - ExecStart = "${pkgs.localtime}/bin/localtimed"; - }; + serviceConfig.Restart = "on-failure"; }; }; } diff --git a/nixos/modules/services/web-apps/limesurvey.nix b/nixos/modules/services/web-apps/limesurvey.nix index f9e12e3642ea..f23b3075574d 100644 --- a/nixos/modules/services/web-apps/limesurvey.nix +++ b/nixos/modules/services/web-apps/limesurvey.nix @@ -2,7 +2,7 @@ let - inherit (lib) mkDefault mkEnableOption mkForce mkIf mkMerge mkOption; + inherit (lib) mkDefault mkEnableOption mkForce mkIf mkOption; inherit (lib) mapAttrs optional optionalString types; cfg = config.services.limesurvey; diff --git a/nixos/modules/services/web-apps/matomo-doc.xml b/nixos/modules/services/web-apps/matomo-doc.xml index 021a89be3f63..8485492c51c7 100644 --- a/nixos/modules/services/web-apps/matomo-doc.xml +++ b/nixos/modules/services/web-apps/matomo-doc.xml @@ -21,18 +21,18 @@ passwordless database authentication via the UNIX_SOCKET authentication plugin with the following SQL commands: <programlisting> - # For MariaDB - INSTALL PLUGIN unix_socket SONAME 'auth_socket'; - CREATE DATABASE matomo; - CREATE USER 'matomo'@'localhost' IDENTIFIED WITH unix_socket; - GRANT ALL PRIVILEGES ON matomo.* TO 'matomo'@'localhost'; +# For MariaDB +INSTALL PLUGIN unix_socket SONAME 'auth_socket'; +CREATE DATABASE matomo; +CREATE USER 'matomo'@'localhost' IDENTIFIED WITH unix_socket; +GRANT ALL PRIVILEGES ON matomo.* TO 'matomo'@'localhost'; - # For MySQL - INSTALL PLUGIN auth_socket SONAME 'auth_socket.so'; - CREATE DATABASE matomo; - CREATE USER 'matomo'@'localhost' IDENTIFIED WITH auth_socket; - GRANT ALL PRIVILEGES ON matomo.* TO 'matomo'@'localhost'; - </programlisting> +# For MySQL +INSTALL PLUGIN auth_socket SONAME 'auth_socket.so'; +CREATE DATABASE matomo; +CREATE USER 'matomo'@'localhost' IDENTIFIED WITH auth_socket; +GRANT ALL PRIVILEGES ON matomo.* TO 'matomo'@'localhost'; +</programlisting> Then fill in <literal>matomo</literal> as database user and database name, and leave the password field blank. This authentication works by allowing only the <literal>matomo</literal> unix user to authenticate as the diff --git a/nixos/modules/services/web-apps/nextcloud.nix b/nixos/modules/services/web-apps/nextcloud.nix index bb39a5d1d714..fa9a36d11892 100644 --- a/nixos/modules/services/web-apps/nextcloud.nix +++ b/nixos/modules/services/web-apps/nextcloud.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }@args: +{ config, lib, pkgs, ... }: with lib; diff --git a/nixos/modules/services/web-apps/tt-rss.nix b/nixos/modules/services/web-apps/tt-rss.nix index 08297c7275a4..b882f6c2ae7e 100644 --- a/nixos/modules/services/web-apps/tt-rss.nix +++ b/nixos/modules/services/web-apps/tt-rss.nix @@ -15,7 +15,6 @@ let else cfg.database.port; poolName = "tt-rss"; - phpfpmSocketName = "/run/phpfpm/${poolName}.sock"; tt-rss-config = pkgs.writeText "config.php" '' <?php diff --git a/nixos/modules/services/web-servers/apache-httpd/phabricator.nix b/nixos/modules/services/web-servers/apache-httpd/phabricator.nix deleted file mode 100644 index efd4a7b5f0fb..000000000000 --- a/nixos/modules/services/web-servers/apache-httpd/phabricator.nix +++ /dev/null @@ -1,50 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; - -let - phabricatorRoot = pkgs.phabricator; -in { - - enablePHP = true; - extraApacheModules = [ "mod_rewrite" ]; - DocumentRoot = "${phabricatorRoot}/phabricator/webroot"; - - options = { - git = mkOption { - default = true; - description = "Enable git repositories."; - }; - mercurial = mkOption { - default = true; - description = "Enable mercurial repositories."; - }; - subversion = mkOption { - default = true; - description = "Enable subversion repositories."; - }; - }; - - extraConfig = '' - DocumentRoot ${phabricatorRoot}/phabricator/webroot - - RewriteEngine on - RewriteRule ^/rsrc/(.*) - [L,QSA] - RewriteRule ^/favicon.ico - [L,QSA] - RewriteRule ^(.*)$ /index.php?__path__=$1 [B,L,QSA] - ''; - - extraServerPath = [ - "${pkgs.which}" - "${pkgs.diffutils}" - ] ++ - (if config.mercurial then ["${pkgs.mercurial}"] else []) ++ - (if config.subversion then ["${pkgs.subversion.out}"] else []) ++ - (if config.git then ["${pkgs.git}"] else []); - - startupScript = pkgs.writeScript "activatePhabricator" '' - mkdir -p /var/repo - chown wwwrun /var/repo - ''; - -} diff --git a/nixos/modules/services/web-servers/nginx/default.nix b/nixos/modules/services/web-servers/nginx/default.nix index d6653a65a95a..2b7fcb314041 100644 --- a/nixos/modules/services/web-servers/nginx/default.nix +++ b/nixos/modules/services/web-servers/nginx/default.nix @@ -269,17 +269,6 @@ let ${optionalString (config.proxyPass != null && cfg.recommendedProxySettings) "include ${recommendedProxyConfig};"} } '') (sortProperties (mapAttrsToList (k: v: v // { location = k; }) locations))); - mkBasicAuth = vhostName: authDef: let - htpasswdFile = pkgs.writeText "${vhostName}.htpasswd" ( - concatStringsSep "\n" (mapAttrsToList (user: password: '' - ${user}:{PLAIN}${password} - '') authDef) - ); - in '' - auth_basic secured; - auth_basic_user_file ${htpasswdFile}; - ''; - mkHtpasswd = vhostName: authDef: pkgs.writeText "${vhostName}.htpasswd" ( concatStringsSep "\n" (mapAttrsToList (user: password: '' ${user}:{PLAIN}${password} diff --git a/nixos/modules/services/x11/desktop-managers/enlightenment.nix b/nixos/modules/services/x11/desktop-managers/enlightenment.nix index 4da146940648..527e4b18045b 100644 --- a/nixos/modules/services/x11/desktop-managers/enlightenment.nix +++ b/nixos/modules/services/x11/desktop-managers/enlightenment.nix @@ -34,7 +34,7 @@ in pkgs.gtk2 # To get GTK+'s themes. pkgs.tango-icon-theme - pkgs.gnome2.gnomeicontheme + pkgs.gnome2.gnome_icon_theme pkgs.xorg.xcursorthemes ]; diff --git a/nixos/modules/services/x11/desktop-managers/pantheon.nix b/nixos/modules/services/x11/desktop-managers/pantheon.nix index 9a0f77a856a7..41903b33fae9 100644 --- a/nixos/modules/services/x11/desktop-managers/pantheon.nix +++ b/nixos/modules/services/x11/desktop-managers/pantheon.nix @@ -195,7 +195,7 @@ in ]); fonts.fonts = with pkgs; [ - opensans-ttf + open-sans roboto-mono pantheon.elementary-redacted-script # needed by screenshot-tool ]; diff --git a/nixos/modules/services/x11/desktop-managers/xterm.nix b/nixos/modules/services/x11/desktop-managers/xterm.nix index f386ebc4d3c1..ea441fbbe715 100644 --- a/nixos/modules/services/x11/desktop-managers/xterm.nix +++ b/nixos/modules/services/x11/desktop-managers/xterm.nix @@ -5,6 +5,7 @@ with lib; let cfg = config.services.xserver.desktopManager.xterm; + xserverEnabled = config.services.xserver.enable; in @@ -13,7 +14,8 @@ in services.xserver.desktopManager.xterm.enable = mkOption { type = types.bool; - default = true; + default = xserverEnabled; + defaultText = "config.services.xserver.enable"; description = "Enable a xterm terminal as a desktop manager."; }; diff --git a/nixos/modules/services/x11/xserver.nix b/nixos/modules/services/x11/xserver.nix index 0f057c4ab730..a1ed2fd1e97b 100644 --- a/nixos/modules/services/x11/xserver.nix +++ b/nixos/modules/services/x11/xserver.nix @@ -4,8 +4,6 @@ with lib; let - kernelPackages = config.boot.kernelPackages; - # Abbreviations. cfg = config.services.xserver; xorg = pkgs.xorg; diff --git a/nixos/modules/system/boot/kernel.nix b/nixos/modules/system/boot/kernel.nix index ab919099d112..ee43fe100238 100644 --- a/nixos/modules/system/boot/kernel.nix +++ b/nixos/modules/system/boot/kernel.nix @@ -196,7 +196,7 @@ in # (so you don't need to reboot to have changes take effect). boot.kernelParams = [ "loglevel=${toString config.boot.consoleLogLevel}" ] ++ - optionals config.boot.vesa [ "vga=0x317" ]; + optionals config.boot.vesa [ "vga=0x317" "nomodeset" ]; boot.kernel.sysctl."kernel.printk" = mkDefault config.boot.consoleLogLevel; diff --git a/nixos/modules/system/boot/kernel_config.nix b/nixos/modules/system/boot/kernel_config.nix index fbbd0982b2c6..a316782dfc57 100644 --- a/nixos/modules/system/boot/kernel_config.nix +++ b/nixos/modules/system/boot/kernel_config.nix @@ -9,7 +9,6 @@ let mergeAnswer = winners: locs: defs: let values = map (x: x.value) defs; - freeformAnswer = intersectLists values winners; inter = intersectLists values winners; winner = head winners; in diff --git a/nixos/modules/system/boot/loader/systemd-boot/systemd-boot-builder.py b/nixos/modules/system/boot/loader/systemd-boot/systemd-boot-builder.py index ebe37ca10a2d..f48a085ce57a 100644 --- a/nixos/modules/system/boot/loader/systemd-boot/systemd-boot-builder.py +++ b/nixos/modules/system/boot/loader/systemd-boot/systemd-boot-builder.py @@ -133,7 +133,9 @@ def get_generations(profile=None): universal_newlines=True) gen_lines = gen_list.split('\n') gen_lines.pop() - return [ (profile, int(line.split()[0])) for line in gen_lines ] + + configurationLimit = @configurationLimit@ + return [ (profile, int(line.split()[0])) for line in gen_lines ][-configurationLimit:] def remove_old_entries(gens): rex_profile = re.compile("^@efiSysMountPoint@/loader/entries/nixos-(.*)-generation-.*\.conf$") diff --git a/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix b/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix index 3e39dc5dd396..910a602c61de 100644 --- a/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix +++ b/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix @@ -22,7 +22,7 @@ let editor = if cfg.editor then "True" else "False"; - inherit (cfg) consoleMode; + inherit (cfg) consoleMode configurationLimit; inherit (efi) efiSysMountPoint canTouchEfiVariables; @@ -57,6 +57,16 @@ in { ''; }; + configurationLimit = mkOption { + default = 100; + example = 120; + type = types.int; + description = '' + Maximum of configurations in boot menu. Otherwise boot partition could + run out of disk space. + ''; + }; + consoleMode = mkOption { default = "keep"; diff --git a/nixos/modules/system/boot/networkd.nix b/nixos/modules/system/boot/networkd.nix index 882db9130ea8..f1aa9064bef4 100644 --- a/nixos/modules/system/boot/networkd.nix +++ b/nixos/modules/system/boot/networkd.nix @@ -203,7 +203,7 @@ let checkRoute = checkUnitConfig "Route" [ (assertOnlyFields [ - "Gateway" "GatewayOnlink" "Destination" "Source" "Metric" + "Gateway" "GatewayOnLink" "Destination" "Source" "Metric" "IPv6Preference" "Scope" "PreferredSource" "Table" "Protocol" "Type" "InitialCongestionWindow" "InitialAdvertisedReceiveWindow" "QuickAck" "MTUBytes" diff --git a/nixos/modules/system/boot/systemd.nix b/nixos/modules/system/boot/systemd.nix index 18ee2ef1b8f5..cf35504e5182 100644 --- a/nixos/modules/system/boot/systemd.nix +++ b/nixos/modules/system/boot/systemd.nix @@ -186,6 +186,9 @@ let "sockets.target" "sound.target" "systemd-exit.service" + "systemd-tmpfiles-clean.service" + "systemd-tmpfiles-clean.timer" + "systemd-tmpfiles-setup.service" "timers.target" ]; @@ -940,7 +943,6 @@ in # Don't bother with certain units in containers. systemd.services.systemd-remount-fs.unitConfig.ConditionVirtualization = "!container"; systemd.services.systemd-random-seed.unitConfig.ConditionVirtualization = "!container"; - }; # FIXME: Remove these eventually. @@ -949,5 +951,4 @@ in (mkRenamedOptionModule [ "boot" "systemd" "targets" ] [ "systemd" "targets" ]) (mkRenamedOptionModule [ "boot" "systemd" "services" ] [ "systemd" "services" ]) ]; - } diff --git a/nixos/modules/system/boot/timesyncd.nix b/nixos/modules/system/boot/timesyncd.nix index 8d8bfe5900a9..8282cdd6f3aa 100644 --- a/nixos/modules/system/boot/timesyncd.nix +++ b/nixos/modules/system/boot/timesyncd.nix @@ -40,6 +40,15 @@ with lib; users.users.systemd-timesync.uid = config.ids.uids.systemd-timesync; users.groups.systemd-timesync.gid = config.ids.gids.systemd-timesync; + system.activationScripts.systemd-timesyncd-migration = mkIf (versionOlder config.system.stateVersion "19.09") '' + # workaround an issue of systemd-timesyncd not starting due to upstream systemd reverting their dynamic users changes + # - https://github.com/NixOS/nixpkgs/pull/61321#issuecomment-492423742 + # - https://github.com/systemd/systemd/issues/12131 + if [ -L /var/lib/systemd/timesync ]; then + rm /var/lib/systemd/timesync + mv /var/lib/private/systemd/timesync /var/lib/systemd/timesync + fi + ''; }; } diff --git a/nixos/modules/tasks/filesystems/zfs.nix b/nixos/modules/tasks/filesystems/zfs.nix index 93bbd141284d..22578b012608 100644 --- a/nixos/modules/tasks/filesystems/zfs.nix +++ b/nixos/modules/tasks/filesystems/zfs.nix @@ -314,10 +314,6 @@ in assertion = !cfgZfs.forceImportAll || cfgZfs.forceImportRoot; message = "If you enable boot.zfs.forceImportAll, you must also enable boot.zfs.forceImportRoot"; } - { - assertion = cfgZfs.requestEncryptionCredentials -> cfgZfs.enableUnstable; - message = "This feature is only available for zfs unstable. Set the NixOS option boot.zfs.enableUnstable."; - } ]; virtualisation.lxd.zfsSupport = true; diff --git a/nixos/modules/tasks/network-interfaces-systemd.nix b/nixos/modules/tasks/network-interfaces-systemd.nix index 2318bdd1d582..857aaf1e6e30 100644 --- a/nixos/modules/tasks/network-interfaces-systemd.nix +++ b/nixos/modules/tasks/network-interfaces-systemd.nix @@ -12,7 +12,7 @@ let i.ipv4.addresses ++ optionals cfg.enableIPv6 i.ipv6.addresses; - dhcpStr = useDHCP: if useDHCP == true || useDHCP == null then "both" else "none"; + dhcpStr = useDHCP: if useDHCP == true || useDHCP == null then "both" else "no"; slaves = concatLists (map (bond: bond.interfaces) (attrValues cfg.bonds)) @@ -59,7 +59,14 @@ in in { DHCP = override (dhcpStr cfg.useDHCP); } // optionalAttrs (gateway != [ ]) { - gateway = override gateway; + routes = override [ + { + routeConfig = { + Gateway = gateway; + GatewayOnLink = false; + }; + } + ]; } // optionalAttrs (domains != [ ]) { domains = override domains; }; diff --git a/nixos/modules/testing/test-instrumentation.nix b/nixos/modules/testing/test-instrumentation.nix index ed4cfa7805e2..1a11d9ce7c26 100644 --- a/nixos/modules/testing/test-instrumentation.nix +++ b/nixos/modules/testing/test-instrumentation.nix @@ -129,9 +129,6 @@ with import ../../lib/qemu-flags.nix { inherit pkgs; }; users.users.root.initialHashedPassword = mkOverride 150 ""; services.xserver.displayManager.job.logToJournal = true; - - # set default stateVersion to avoid warnings during eval - system.stateVersion = mkDefault "18.03"; }; } diff --git a/nixos/modules/virtualisation/anbox.nix b/nixos/modules/virtualisation/anbox.nix index 9cb89e7b2926..c63b971ead02 100644 --- a/nixos/modules/virtualisation/anbox.nix +++ b/nixos/modules/virtualisation/anbox.nix @@ -100,12 +100,7 @@ in wantedBy = [ "multi-user.target" ]; after = [ "systemd-udev-settle.service" ]; preStart = let - initsh = let - ip = cfg.ipv4.container.address; - gw = cfg.ipv4.gateway.address; - dns = cfg.ipv4.dns; - in - pkgs.writeText "nixos-init" ('' + initsh = pkgs.writeText "nixos-init" ('' #!/system/bin/sh setprop nixos.version ${config.system.nixos.version} diff --git a/nixos/modules/virtualisation/cloudstack-config.nix b/nixos/modules/virtualisation/cloudstack-config.nix index 81c545676277..78afebdc5dd3 100644 --- a/nixos/modules/virtualisation/cloudstack-config.nix +++ b/nixos/modules/virtualisation/cloudstack-config.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: +{ lib, pkgs, ... }: with lib; diff --git a/nixos/modules/virtualisation/docker-containers.nix b/nixos/modules/virtualisation/docker-containers.nix index 3e882a1383ff..59b0943f591f 100644 --- a/nixos/modules/virtualisation/docker-containers.nix +++ b/nixos/modules/virtualisation/docker-containers.nix @@ -5,7 +5,7 @@ let cfg = config.docker-containers; dockerContainer = - { name, config, ... }: { + { ... }: { options = { diff --git a/nixos/modules/virtualisation/google-compute-config.nix b/nixos/modules/virtualisation/google-compute-config.nix index 2ee22b80f2f5..5c59188b68b2 100644 --- a/nixos/modules/virtualisation/google-compute-config.nix +++ b/nixos/modules/virtualisation/google-compute-config.nix @@ -2,7 +2,6 @@ with lib; let gce = pkgs.google-compute-engine; - cfg = config.virtualisation.googleComputeImage; in { imports = [ diff --git a/nixos/modules/virtualisation/kvmgt.nix b/nixos/modules/virtualisation/kvmgt.nix index 132815a0ad63..bfcf51d09c45 100644 --- a/nixos/modules/virtualisation/kvmgt.nix +++ b/nixos/modules/virtualisation/kvmgt.nix @@ -46,22 +46,24 @@ in { message = "KVMGT is not properly supported for kernels older than 4.16"; }; boot.kernelParams = [ "i915.enable_gvt=1" ]; + systemd.paths = mapAttrs' (name: value: + nameValuePair "kvmgt-${name}" { + description = "KVMGT VGPU ${name} path"; + wantedBy = [ "multi-user.target" ]; + pathConfig = { + PathExists = "/sys/bus/pci/devices/${cfg.device}/mdev_supported_types/${name}/create"; + }; + } + ) cfg.vgpus; systemd.services = mapAttrs' (name: value: nameValuePair "kvmgt-${name}" { description = "KVMGT VGPU ${name}"; serviceConfig = { - Type = "forking"; + Type = "oneshot"; RemainAfterExit = true; - Restart = "on-failure"; - RestartSec = 5; ExecStart = "${pkgs.runtimeShell} -c 'echo ${value.uuid} > /sys/bus/pci/devices/${cfg.device}/mdev_supported_types/${name}/create'"; ExecStop = "${pkgs.runtimeShell} -c 'echo 1 > /sys/bus/pci/devices/${cfg.device}/${value.uuid}/remove'"; }; - unitConfig = { - StartLimitBurst = 5; - StartLimitIntervalSec = 30; - }; - wantedBy = [ "multi-user.target" ]; } ) cfg.vgpus; }; diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 8b38e802e62e..359f62751b99 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -36,6 +36,7 @@ in borgbackup = handleTest ./borgbackup.nix {}; buildbot = handleTest ./buildbot.nix {}; cadvisor = handleTestOn ["x86_64-linux"] ./cadvisor.nix {}; + cassandra = handleTest ./cassandra.nix {}; ceph = handleTestOn ["x86_64-linux"] ./ceph.nix {}; certmgr = handleTest ./certmgr.nix {}; cfssl = handleTestOn ["x86_64-linux"] ./cfssl.nix {}; @@ -82,6 +83,7 @@ in fish = handleTest ./fish.nix {}; flannel = handleTestOn ["x86_64-linux"] ./flannel.nix {}; flatpak = handleTest ./flatpak.nix {}; + flatpak-builder = handleTest ./flatpak-builder.nix {}; fsck = handleTest ./fsck.nix {}; fwupd = handleTestOn ["x86_64-linux"] ./fwupd.nix {}; # libsmbios is unsupported on aarch64 gdk-pixbuf = handleTest ./gdk-pixbuf.nix {}; @@ -239,6 +241,7 @@ in syncthing-relay = handleTest ./syncthing-relay.nix {}; systemd = handleTest ./systemd.nix {}; systemd-confinement = handleTest ./systemd-confinement.nix {}; + systemd-timesyncd = handleTest ./systemd-timesyncd.nix {}; pdns-recursor = handleTest ./pdns-recursor.nix {}; taskserver = handleTest ./taskserver.nix {}; telegraf = handleTest ./telegraf.nix {}; diff --git a/nixos/tests/avahi.nix b/nixos/tests/avahi.nix index 56b21a401551..ae4f54d5266a 100644 --- a/nixos/tests/avahi.nix +++ b/nixos/tests/avahi.nix @@ -15,6 +15,7 @@ import ./make-test.nix ({ pkgs, ... } : { publish.enable = true; publish.userServices = true; publish.workstation = true; + extraServiceFiles.ssh = "${pkgs.avahi}/etc/avahi/services/ssh.service"; }; }; in { @@ -56,5 +57,11 @@ import ./make-test.nix ({ pkgs, ... } : { $one->succeed("getent hosts two.local >&2"); $two->succeed("getent hosts one.local >&2"); $two->succeed("getent hosts two.local >&2"); + + # extra service definitions + $one->succeed("avahi-browse -r -t _ssh._tcp | tee out >&2"); + $one->succeed("test `wc -l < out` -gt 0"); + $two->succeed("avahi-browse -r -t _ssh._tcp | tee out >&2"); + $two->succeed("test `wc -l < out` -gt 0"); ''; }) diff --git a/nixos/tests/cassandra.nix b/nixos/tests/cassandra.nix index 60d0c6d76068..aea4fa4d1c95 100644 --- a/nixos/tests/cassandra.nix +++ b/nixos/tests/cassandra.nix @@ -1,26 +1,43 @@ -import ./make-test.nix ({ pkgs, ...}: +import ./make-test.nix ({ pkgs, lib, ... }: let # Change this to test a different version of Cassandra: testPackage = pkgs.cassandra; - cassandraCfg = + clusterName = "NixOS Automated-Test Cluster"; + + testRemoteAuth = lib.versionAtLeast testPackage.version "3.11"; + jmxRoles = [{ username = "me"; password = "password"; }]; + jmxRolesFile = ./cassandra-jmx-roles; + jmxAuthArgs = "-u ${(builtins.elemAt jmxRoles 0).username} -pw ${(builtins.elemAt jmxRoles 0).password}"; + + # Would usually be assigned to 512M + numMaxHeapSize = "400"; + getHeapLimitCommand = '' + nodetool info | grep "^Heap Memory" | awk \'{print $NF}\' + ''; + checkHeapLimitCommand = '' + [ 1 -eq "$(echo "$(${getHeapLimitCommand}) < ${numMaxHeapSize}" | ${pkgs.bc}/bin/bc)" ] + ''; + + cassandraCfg = ipAddress: { enable = true; - listenAddress = null; - listenInterface = "eth1"; - rpcAddress = null; - rpcInterface = "eth1"; - extraConfig = - { start_native_transport = true; - seed_provider = - [{ class_name = "org.apache.cassandra.locator.SimpleSeedProvider"; - parameters = [ { seeds = "cass0"; } ]; - }]; - }; + inherit clusterName; + listenAddress = ipAddress; + rpcAddress = ipAddress; + seedAddresses = [ "192.168.1.1" ]; package = testPackage; + maxHeapSize = "${numMaxHeapSize}M"; + heapNewSize = "100M"; }; - nodeCfg = extra: {pkgs, config, ...}: + nodeCfg = ipAddress: extra: {pkgs, config, ...}: { environment.systemPackages = [ testPackage ]; - networking.firewall.enable = false; - services.cassandra = cassandraCfg // extra; + networking = { + firewall.allowedTCPPorts = [ 7000 7199 9042 ]; + useDHCP = false; + interfaces.eth1.ipv4.addresses = pkgs.lib.mkOverride 0 [ + { address = ipAddress; prefixLength = 24; } + ]; + }; + services.cassandra = cassandraCfg ipAddress // extra; virtualisation.memorySize = 1024; }; in @@ -28,40 +45,65 @@ in name = "cassandra-ci"; nodes = { - cass0 = nodeCfg {}; - cass1 = nodeCfg {}; - cass2 = nodeCfg { jvmOpts = [ "-Dcassandra.replace_address=cass1" ]; }; + cass0 = nodeCfg "192.168.1.1" {}; + cass1 = nodeCfg "192.168.1.2" (lib.optionalAttrs testRemoteAuth { inherit jmxRoles; remoteJmx = true; }); + cass2 = nodeCfg "192.168.1.3" { jvmOpts = [ "-Dcassandra.replace_address=cass1" ]; }; }; testScript = '' - subtest "timers exist", sub { + # Check configuration + subtest "Timers exist", sub { $cass0->succeed("systemctl list-timers | grep cassandra-full-repair.timer"); $cass0->succeed("systemctl list-timers | grep cassandra-incremental-repair.timer"); }; - subtest "can connect via cqlsh", sub { + subtest "Can connect via cqlsh", sub { $cass0->waitForUnit("cassandra.service"); $cass0->waitUntilSucceeds("nc -z cass0 9042"); $cass0->succeed("echo 'show version;' | cqlsh cass0"); }; - subtest "nodetool is operational", sub { + subtest "Nodetool is operational", sub { $cass0->waitForUnit("cassandra.service"); $cass0->waitUntilSucceeds("nc -z localhost 7199"); $cass0->succeed("nodetool status --resolve-ip | egrep '^UN[[:space:]]+cass0'"); }; - subtest "bring up cluster", sub { + subtest "Cluster name was set", sub { + $cass0->waitForUnit("cassandra.service"); + $cass0->waitUntilSucceeds("nc -z localhost 7199"); + $cass0->waitUntilSucceeds("nodetool describecluster | grep 'Name: ${clusterName}'"); + }; + subtest "Heap limit set correctly", sub { + # Nodetool takes a while until it can display info + $cass0->waitUntilSucceeds('nodetool info'); + $cass0->succeed('${checkHeapLimitCommand}'); + }; + + # Check cluster interaction + subtest "Bring up cluster", sub { $cass1->waitForUnit("cassandra.service"); - $cass1->waitUntilSucceeds("nodetool status | egrep -c '^UN' | grep 2"); + $cass1->waitUntilSucceeds("nodetool ${jmxAuthArgs} status | egrep -c '^UN' | grep 2"); $cass0->succeed("nodetool status --resolve-ip | egrep '^UN[[:space:]]+cass1'"); }; - subtest "break and fix node", sub { + '' + lib.optionalString testRemoteAuth '' + subtest "Remote authenticated jmx", sub { + # Doesn't work if not enabled + $cass0->waitUntilSucceeds("nc -z localhost 7199"); + $cass1->fail("nc -z 192.168.1.1 7199"); + $cass1->fail("nodetool -h 192.168.1.1 status"); + + # Works if enabled + $cass1->waitUntilSucceeds("nc -z localhost 7199"); + $cass0->succeed("nodetool -h 192.168.1.2 ${jmxAuthArgs} status"); + }; + '' + '' + subtest "Break and fix node", sub { $cass1->block; $cass0->waitUntilSucceeds("nodetool status --resolve-ip | egrep -c '^DN[[:space:]]+cass1'"); $cass0->succeed("nodetool status | egrep -c '^UN' | grep 1"); $cass1->unblock; - $cass1->waitUntilSucceeds("nodetool status | egrep -c '^UN' | grep 2"); + $cass1->waitUntilSucceeds("nodetool ${jmxAuthArgs} status | egrep -c '^UN' | grep 2"); $cass0->succeed("nodetool status | egrep -c '^UN' | grep 2"); }; - subtest "replace crashed node", sub { + subtest "Replace crashed node", sub { $cass1->crash; $cass2->waitForUnit("cassandra.service"); $cass0->waitUntilFails("nodetool status --resolve-ip | egrep '^UN[[:space:]]+cass1'"); diff --git a/nixos/tests/containers-imperative.nix b/nixos/tests/containers-imperative.nix index 0c101037aa7f..2e7e4b2f1d69 100644 --- a/nixos/tests/containers-imperative.nix +++ b/nixos/tests/containers-imperative.nix @@ -35,7 +35,17 @@ import ./make-test.nix ({ pkgs, ...} : { ]; }; - testScript = + testScript = let + tmpfilesContainerConfig = pkgs.writeText "container-config-tmpfiles" '' + { + systemd.tmpfiles.rules = [ "d /foo - - - - -" ]; + systemd.services.foo = { + serviceConfig.Type = "oneshot"; + script = "ls -al /foo"; + wantedBy = [ "multi-user.target" ]; + }; + } + ''; in '' # Make sure we have a NixOS tree (required by ‘nixos-container create’). $machine->succeed("PAGER=cat nix-env -qa -A nixos.hello >&2"); @@ -93,6 +103,15 @@ import ./make-test.nix ({ pkgs, ...} : { $machine->succeed("nixos-container stop $id1"); $machine->succeed("nixos-container start $id1"); + # Ensure tmpfiles are present + $machine->log("creating container tmpfiles"); + $machine->succeed("nixos-container create tmpfiles --config-file ${tmpfilesContainerConfig}"); + $machine->log("created, starting…"); + $machine->succeed("nixos-container start tmpfiles"); + $machine->log("done starting, investigating…"); + $machine->succeed("echo \$(nixos-container run tmpfiles -- systemctl is-active foo.service) | grep -q active;"); + $machine->succeed("nixos-container destroy tmpfiles"); + # Execute commands via the root shell. $machine->succeed("nixos-container run $id1 -- uname") =~ /Linux/ or die; diff --git a/nixos/tests/flatpak-builder.nix b/nixos/tests/flatpak-builder.nix new file mode 100644 index 000000000000..2100631ec7f4 --- /dev/null +++ b/nixos/tests/flatpak-builder.nix @@ -0,0 +1,19 @@ +# run installed tests +import ./make-test.nix ({ pkgs, ... }: + +{ + name = "flatpak-builder"; + meta = { + maintainers = pkgs.flatpak-builder.meta.maintainers; + }; + + machine = { pkgs, ... }: { + services.flatpak.enable = true; + environment.systemPackages = with pkgs; [ gnome-desktop-testing flatpak-builder ] ++ flatpak-builder.installedTestsDependencies; + virtualisation.diskSize = 2048; + }; + + testScript = '' + $machine->succeed("gnome-desktop-testing-runner -d '${pkgs.flatpak-builder.installedTests}/share' --timeout 3600"); + ''; +}) diff --git a/nixos/tests/phabricator.nix b/nixos/tests/phabricator.nix deleted file mode 100644 index db23331842cb..000000000000 --- a/nixos/tests/phabricator.nix +++ /dev/null @@ -1,77 +0,0 @@ -import ./make-test.nix ({ pkgs, ... }: { - name = "phabricator"; - meta = with pkgs.stdenv.lib.maintainers; { - maintainers = [ ]; - }; - - nodes = { - storage = - { ... }: - { services.nfs.server.enable = true; - services.nfs.server.exports = '' - /repos 192.168.1.0/255.255.255.0(rw,no_root_squash) - ''; - services.nfs.server.createMountPoints = true; - }; - - webserver = - { pkgs, ... }: - { fileSystems = pkgs.lib.mkVMOverride - [ { mountPoint = "/repos"; - device = "storage:/repos"; - fsType = "nfs"; - } - ]; - networking.firewall.enable = false; - networking.useDHCP = false; - - services = { - httpd = { - enable = true; - adminAddr = "root@localhost"; - virtualHosts = [{ - hostName = "phabricator.local"; - extraSubservices = [{serviceType = "phabricator";}]; - }]; - }; - - phd = { - enable = true; - }; - - mysql = { - enable = true; - package = pkgs.mysql; - extraOptions = '' - sql_mode=STRICT_ALL_TABLES - ''; - }; - }; - - environment.systemPackages = [ pkgs.php ]; - }; - - client = - { ... }: - { imports = [ ./common/x11.nix ]; - services.xserver.desktopManager.plasma5.enable = true; - }; - }; - - testScript = - '' - startAll; - - $client->waitForX; - - $webserver->waitForUnit("mysql"); - $webserver->waitForUnit("httpd"); - $webserver->execute("cd /nix/store; less >/repos/log1"); - - $client->sleep(30); # loading takes a long time - $client->execute("konqueror http://webserver/ &"); - $client->sleep(90); # loading takes a long time - - $client->screenshot("screen"); - ''; -}) diff --git a/nixos/tests/radicale.nix b/nixos/tests/radicale.nix index bf22fc9291af..607964255640 100644 --- a/nixos/tests/radicale.nix +++ b/nixos/tests/radicale.nix @@ -85,7 +85,7 @@ in $radicale->succeed('mv /tmp/collections-new/collection-root /tmp/collections'); $radicale->succeed('${switchToConfig "radicale2_verify"} >&2'); $radicale->waitUntilFails('systemctl status radicale'); - my ($retcode, $logs) = $radicale->execute('journalctl -u radicale -n 5'); + my ($retcode, $logs) = $radicale->execute('journalctl -u radicale -n 10'); if ($retcode != 0 || index($logs, 'Verifying storage') == -1) { die "Radicale 2 didn't verify storage" } diff --git a/nixos/tests/systemd-timesyncd.nix b/nixos/tests/systemd-timesyncd.nix new file mode 100644 index 000000000000..d12b8eb2bf7e --- /dev/null +++ b/nixos/tests/systemd-timesyncd.nix @@ -0,0 +1,52 @@ +# Regression test for systemd-timesync having moved the state directory without +# upstream providing a migration path. https://github.com/systemd/systemd/issues/12131 + +import ./make-test.nix (let + common = { lib, ... }: { + # override the `false` value from the qemu-vm base profile + services.timesyncd.enable = lib.mkForce true; + }; + mkVM = conf: { imports = [ conf common ]; }; +in { + name = "systemd-timesyncd"; + nodes = { + current = mkVM {}; + pre1909 = mkVM ({lib, ... }: with lib; { + # create the path that should be migrated by our activation script when + # upgrading to a newer nixos version + system.stateVersion = "19.03"; + system.activationScripts.simulate-old-timesync-state-dir = mkBefore '' + rm -f /var/lib/systemd/timesync + mkdir -p /var/lib/systemd /var/lib/private/systemd/timesync + ln -s /var/lib/private/systemd/timesync /var/lib/systemd/timesync + chown systemd-timesync: /var/lib/private/systemd/timesync + ''; + }); + }; + + testScript = '' + startAll; + $current->succeed('systemctl status systemd-timesyncd.service'); + # on a new install with a recent systemd there should not be any + # leftovers from the dynamic user mess + $current->succeed('test -e /var/lib/systemd/timesync'); + $current->succeed('test ! -L /var/lib/systemd/timesync'); + + # timesyncd should be running on the upgrading system since we fixed the + # file bits in the activation script + $pre1909->succeed('systemctl status systemd-timesyncd.service'); + + # the path should be gone after the migration + $pre1909->succeed('test ! -e /var/lib/private/systemd/timesync'); + + # and the new path should no longer be a symlink + $pre1909->succeed('test -e /var/lib/systemd/timesync'); + $pre1909->succeed('test ! -L /var/lib/systemd/timesync'); + + # after a restart things should still work and not fail in the activation + # scripts and cause the boot to fail.. + $pre1909->shutdown; + $pre1909->start; + $pre1909->succeed('systemctl status systemd-timesyncd.service'); + ''; +}) |