diff options
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/doc/manual/release-notes/rl-1509.xml | 276 | ||||
-rwxr-xr-x | nixos/maintainers/scripts/ec2/create-amis.sh | 22 | ||||
-rw-r--r-- | nixos/modules/installer/tools/nixos-rebuild.sh | 4 | ||||
-rw-r--r-- | nixos/modules/services/databases/opentsdb.nix | 16 | ||||
-rw-r--r-- | nixos/modules/services/networking/bind.nix | 9 | ||||
-rw-r--r-- | nixos/modules/services/networking/dhcpcd.nix | 1 | ||||
-rw-r--r-- | nixos/modules/system/boot/systemd.nix | 52 | ||||
-rw-r--r-- | nixos/modules/tasks/filesystems/zfs.nix | 16 | ||||
-rw-r--r-- | nixos/modules/tasks/network-interfaces-scripted.nix | 40 | ||||
-rw-r--r-- | nixos/modules/tasks/network-interfaces-systemd.nix | 3 | ||||
-rw-r--r-- | nixos/modules/tasks/network-interfaces.nix | 80 | ||||
-rw-r--r-- | nixos/tests/gnome3.nix | 3 |
12 files changed, 437 insertions, 85 deletions
diff --git a/nixos/doc/manual/release-notes/rl-1509.xml b/nixos/doc/manual/release-notes/rl-1509.xml index a2f38d99b25f..5efd7e594a45 100644 --- a/nixos/doc/manual/release-notes/rl-1509.xml +++ b/nixos/doc/manual/release-notes/rl-1509.xml @@ -4,7 +4,7 @@ version="5.0" xml:id="sec-release-15.09"> -<title>Release 15.09 (“Dingo”, 2015/09/??)</title> +<title>Release 15.09 (“Dingo”, 2015/09/30)</title> <para>In addition to numerous new and upgraded packages, this release has the following highlights:</para> @@ -12,16 +12,25 @@ has the following highlights:</para> <itemizedlist> <listitem> - <para>The Haskell packages infrastructure has been re-designed - from the ground up. NixOS now distributes the latest version of - every single package registered on <link - xlink:href="http://hackage.haskell.org/">Hackage</link>, i.e. well - over 8000 Haskell packages. Further information and usage - instructions for the improved infrastructure are available at - <link - xlink:href="https://nixos.org/wiki/Haskell">https://nixos.org/wiki/Haskell</link>. - Users migrating from an earlier release will also find helpful - information below, in the list of backwards-incompatible changes.</para> + <para>The <link xlink:href="http://haskell.org/">Haskell</link> + packages infrastructure has been re-designed from the ground up + ("Haskell NG"). NixOS now distributes the latest version + of every single package registered on <link + xlink:href="http://hackage.haskell.org/">Hackage</link> -- well in + excess of 8,000 Haskell packages. Detailed instructions on how to + use that infrastructure can be found in the <link + xlink:href="http://nixos.org/nixpkgs/manual/#users-guide-to-the-haskell-infrastructure">User's + Guide to the Haskell Infrastructure</link>. Users migrating from an + earlier release may find helpful information below, in the list of + backwards-incompatible changes. Furthermore, we distribute 51(!) + additional Haskell package sets that provide every single <link + xlink:href="http://www.stackage.org/">LTS Haskell</link> release + since version 0.0 as well as the most recent <link + xlink:href="http://www.stackage.org/">Stackage Nightly</link> + snapshot. The announcement <link + xlink:href="http://lists.science.uu.nl/pipermail/nix-dev/2015-September/018138.html">"Full + Stackage Support in Nixpkgs"</link> gives additional + details.</para> </listitem> <listitem> @@ -47,9 +56,105 @@ system.autoUpgrade.enable = true; 3.18.</para> </listitem> + <listitem> + <para>Gnome has been upgraded to 3.16. + </para> + </listitem> + + <listitem> + <para>Xfce has been upgraded to 4.12. + </para> + </listitem> + + <listitem> + <para>KDE 5 has been upgraded to KDE Frameworks 5.10, + Plasma 5.3.2 and Applications 15.04.3. + KDE 4 has been updated to kdelibs-4.14.10. + </para> + </listitem> + + <listitem> + <para>E19 has been upgraded to 0.16.8.15. + </para> + </listitem> + </itemizedlist> +<para>The following new services were added since the last release: + + <itemizedlist> + <listitem><para><literal>services/mail/exim.nix</literal></para></listitem> + <listitem><para><literal>services/misc/apache-kafka.nix</literal></para></listitem> + <listitem><para><literal>services/misc/canto-daemon.nix</literal></para></listitem> + <listitem><para><literal>services/misc/confd.nix</literal></para></listitem> + <listitem><para><literal>services/misc/devmon.nix</literal></para></listitem> + <listitem><para><literal>services/misc/gitit.nix</literal></para></listitem> + <listitem><para><literal>services/misc/ihaskell.nix</literal></para></listitem> + <listitem><para><literal>services/misc/mbpfan.nix</literal></para></listitem> + <listitem><para><literal>services/misc/mediatomb.nix</literal></para></listitem> + <listitem><para><literal>services/misc/mwlib.nix</literal></para></listitem> + <listitem><para><literal>services/misc/parsoid.nix</literal></para></listitem> + <listitem><para><literal>services/misc/plex.nix</literal></para></listitem> + <listitem><para><literal>services/misc/ripple-rest.nix</literal></para></listitem> + <listitem><para><literal>services/misc/ripple-data-api.nix</literal></para></listitem> + <listitem><para><literal>services/misc/subsonic.nix</literal></para></listitem> + <listitem><para><literal>services/misc/sundtek.nix</literal></para></listitem> + <listitem><para><literal>services/monitoring/cadvisor.nix</literal></para></listitem> + <listitem><para><literal>services/monitoring/das_watchdog.nix</literal></para></listitem> + <listitem><para><literal>services/monitoring/grafana.nix</literal></para></listitem> + <listitem><para><literal>services/monitoring/riemann-tools.nix</literal></para></listitem> + <listitem><para><literal>services/monitoring/teamviewer.nix</literal></para></listitem> + <listitem><para><literal>services/network-filesystems/u9fs.nix</literal></para></listitem> + <listitem><para><literal>services/networking/aiccu.nix</literal></para></listitem> + <listitem><para><literal>services/networking/asterisk.nix</literal></para></listitem> + <listitem><para><literal>services/networking/bird.nix</literal></para></listitem> + <listitem><para><literal>services/networking/charybdis.nix</literal></para></listitem> + <listitem><para><literal>services/networking/docker-registry-server.nix</literal></para></listitem> + <listitem><para><literal>services/networking/fan.nix</literal></para></listitem> + <listitem><para><literal>services/networking/firefox/sync-server.nix</literal></para></listitem> + <listitem><para><literal>services/networking/gateone.nix</literal></para></listitem> + <listitem><para><literal>services/networking/heyefi.nix</literal></para></listitem> + <listitem><para><literal>services/networking/i2p.nix</literal></para></listitem> + <listitem><para><literal>services/networking/lambdabot.nix</literal></para></listitem> + <listitem><para><literal>services/networking/mstpd.nix</literal></para></listitem> + <listitem><para><literal>services/networking/nix-serve.nix</literal></para></listitem> + <listitem><para><literal>services/networking/nylon.nix</literal></para></listitem> + <listitem><para><literal>services/networking/racoon.nix</literal></para></listitem> + <listitem><para><literal>services/networking/skydns.nix</literal></para></listitem> + <listitem><para><literal>services/networking/shout.nix</literal></para></listitem> + <listitem><para><literal>services/networking/softether.nix</literal></para></listitem> + <listitem><para><literal>services/networking/sslh.nix</literal></para></listitem> + <listitem><para><literal>services/networking/tinc.nix</literal></para></listitem> + <listitem><para><literal>services/networking/tlsdated.nix</literal></para></listitem> + <listitem><para><literal>services/networking/tox-bootstrapd.nix</literal></para></listitem> + <listitem><para><literal>services/networking/tvheadend.nix</literal></para></listitem> + <listitem><para><literal>services/networking/zerotierone.nix</literal></para></listitem> + <listitem><para><literal>services/scheduling/marathon.nix</literal></para></listitem> + <listitem><para><literal>services/security/fprintd.nix</literal></para></listitem> + <listitem><para><literal>services/security/hologram.nix</literal></para></listitem> + <listitem><para><literal>services/security/munge.nix</literal></para></listitem> + <listitem><para><literal>services/system/cloud-init.nix</literal></para></listitem> + <listitem><para><literal>services/web-servers/shellinabox.nix</literal></para></listitem> + <listitem><para><literal>services/web-servers/uwsgi.nix</literal></para></listitem> + <listitem><para><literal>services/x11/unclutter.nix</literal></para></listitem> + <listitem><para><literal>services/x11/display-managers/sddm.nix</literal></para></listitem> + <listitem><para><literal>system/boot/coredump.nix</literal></para></listitem> + <listitem><para><literal>system/boot/loader/loader.nix</literal></para></listitem> + <listitem><para><literal>system/boot/loader/generic-extlinux-compatible</literal></para></listitem> + <listitem><para><literal>system/boot/networkd.nix</literal></para></listitem> + <listitem><para><literal>system/boot/resolved.nix</literal></para></listitem> + <listitem><para><literal>system/boot/timesyncd.nix</literal></para></listitem> + <listitem><para><literal>tasks/filesystems/exfat.nix</literal></para></listitem> + <listitem><para><literal>tasks/filesystems/ntfs.nix</literal></para></listitem> + <listitem><para><literal>tasks/filesystems/vboxsf.nix</literal></para></listitem> + <listitem><para><literal>virtualisation/virtualbox-host.nix</literal></para></listitem> + <listitem><para><literal>virtualisation/vmware-guest.nix</literal></para></listitem> + <listitem><para><literal>virtualisation/xen-dom0.nix</literal></para></listitem> + </itemizedlist> +</para> + + <para>When upgrading from a previous release, please be aware of the following incompatible changes: @@ -135,38 +240,44 @@ fileSystems."/shiny" = { <listitem> <para> - Haskell packages can no longer be found by name, except for - <literal>ghc</literal>, <literal>cabal-install</literal>, and - <literal>stack</literal>, even though we do package the whole Hackage. - The reason for this inconvenience is the sheer size of the Haskell - package set: name-based lookups such as these would become much - slower than they are today if we'd add the entire Hackage database - into the top level attribute set. Instead, the list of Haskell - packages can be displayed by + "<literal>nix-env -qa</literal>" no longer discovers + Haskell packages by name. The only packages visible in the global + scope are <literal>ghc</literal>, <literal>cabal-install</literal>, + and <literal>stack</literal>, but all other packages are hidden. The + reason for this inconvenience is the sheer size of the Haskell + package set. Name-based lookups are expensive, and most + <literal>nix-env -qa</literal> operations would become much slower + if we'd add the entire Hackage database into the top level attribute + set. Instead, the list of Haskell packages can be displayed by + running: </para> <programlisting> nix-env -f "<nixpkgs>" -qaP -A haskellPackages </programlisting> <para> - and packages can be installed with: + Executable programs written in Haskell can be installed with: </para> <programlisting> -nix-env -f "<nixpkgs>" -iA haskellPackages.cabal-install +nix-env -f "<nixpkgs>" -iA haskellPackages.pandoc </programlisting> + <para> + Installing Haskell <emphasis>libraries</emphasis> this way, however, is no + longer supported. See the next item for more details. + </para> </listitem> <listitem> <para> Previous versions of NixOS came with a feature called - <literal>ghc-wrapper</literal>, a small wrapper script that allows - GHC to transparently pick up on libraries installed in the user's - profile. This feature has been deprecated; - <literal>ghc-wrapper</literal> was removed from the distribution. - The proper way to register Haskell libraries with the compiler now - is the <literal>haskellPackages.ghcWithPackages</literal> - function. - <link xlink:href="https://nixos.org/wiki/Haskell">https://nixos.org/wiki/Haskell</link> - provides much information about this subject. + <literal>ghc-wrapper</literal>, a small script that allowed GHC to + transparently pick up on libraries installed in the user's profile. This + feature has been deprecated; <literal>ghc-wrapper</literal> was removed + from the distribution. The proper way to register Haskell libraries with + the compiler now is the <literal>haskellPackages.ghcWithPackages</literal> + function. The <link + xlink:href="http://nixos.org/nixpkgs/manual/#users-guide-to-the-haskell-infrastructure">User's + Guide to the Haskell Infrastructure</link> provides more information about + this subject. </para> </listitem> @@ -229,6 +340,107 @@ nix-env -f "<nixpkgs>" -iA haskellPackages.cabal-install </para> </listitem> +<listitem> + <para> + Python 2.6 has been marked as broken (as it no longer recieves + security updates from upstream). + </para> +</listitem> + +<listitem> + <para> + Any use of module arguments such as <varname>pkgs</varname> to access + library functions, or to define <literal>imports</literal> attributes + will now lead to an infinite loop at the time of the evaluation. + </para> + + <para> + In case of an infinite loop, use the <command>--show-trace</command> + command line argument and read the line just above the error message. + +<screen> +$ nixos-rebuild build --show-trace +… +while evaluating the module argument `pkgs' in "/etc/nixos/my-module.nix": +infinite recursion encountered +</screen> + </para> + + + <para> + Any use of <literal>pkgs.lib</literal>, should be replaced by + <varname>lib</varname>, after adding it as argument of the module. The + following module + +<programlisting> +{ config, pkgs, ... }: + +with pkgs.lib; + +{ + options = { + foo = mkOption { … }; + }; + config = mkIf config.foo { … }; +} +</programlisting> + + should be modified to look like: + +<programlisting> +{ config, pkgs, lib, ... }: + +with lib; + +{ + options = { + foo = mkOption { <replaceable>option declaration</replaceable> }; + }; + config = mkIf config.foo { <replaceable>option definition</replaceable> }; +} +</programlisting> + </para> + + <para> + When <varname>pkgs</varname> is used to download other projects to + import their modules, and only in such cases, it should be replaced by + <literal>(import <nixpkgs> {})</literal>. The following module + +<programlisting> +{ config, pkgs, ... }: + +let + myProject = pkgs.fetchurl { + src = <replaceable>url</replaceable>; + sha256 = <replaceable>hash</replaceable>; + }; +in + +{ + imports = [ "${myProject}/module.nix" ]; +} +</programlisting> + + should be modified to look like: + +<programlisting> +{ config, pkgs, ... }: + +let + myProject = (import <nixpkgs> {}).fetchurl { + src = <replaceable>url</replaceable>; + sha256 = <replaceable>hash</replaceable>; + }; +in + +{ + imports = [ "${myProject}/module.nix" ]; +} +</programlisting> + </para> + +</listitem> + </itemizedlist> </para> @@ -268,6 +480,10 @@ nix-env -f "<nixpkgs>" -iA haskellPackages.cabal-install until the next release. </para> </listitem> + <listitem><para> + <option>buildEnv.env</option> on all Python interpreters + is now available for nix-shell interoperability. + </para> </listitem> </itemizedlist> </para> diff --git a/nixos/maintainers/scripts/ec2/create-amis.sh b/nixos/maintainers/scripts/ec2/create-amis.sh index 8ca0ad12b775..8604091dbcdb 100755 --- a/nixos/maintainers/scripts/ec2/create-amis.sh +++ b/nixos/maintainers/scripts/ec2/create-amis.sh @@ -38,8 +38,7 @@ for type in hvm pv; do prevAmi= prevRegion= - #for region in eu-west-1 eu-central-1 us-east-1 us-west-1 us-west-2 ap-southeast-1 ap-southeast-2 ap-northeast-1 sa-east-1; do - for region in eu-west-1 us-east-1; do + for region in eu-west-1 eu-central-1 us-east-1 us-west-1 us-west-2 ap-southeast-1 ap-southeast-2 ap-northeast-1 sa-east-1; do name=nixos-$version-$arch-$type-$store description="NixOS $system $version ($type-$store)" @@ -177,7 +176,6 @@ for type in hvm pv; do extraFlags+=" --virtualization-type hvm" fi - set -x ami=$(ec2-register \ -n "$name" \ -d "$description" \ @@ -193,15 +191,17 @@ for type in hvm pv; do ami=$(cat $amiFile) fi - echo "waiting for AMI..." - while true; do - status=$(ec2-describe-images "$ami" --region "$region" | head -n1 | cut -f 5) - if [ "$status" = available ]; then break; fi - sleep 10 - done + if [ -z "$NO_WAIT" -o -z "$prevAmi" ]; then + echo "waiting for AMI..." + while true; do + status=$(ec2-describe-images "$ami" --region "$region" | head -n1 | cut -f 5) + if [ "$status" = available ]; then break; fi + sleep 10 + done - ec2-modify-image-attribute \ - --region "$region" "$ami" -l -a all + ec2-modify-image-attribute \ + --region "$region" "$ami" -l -a all + fi echo "region = $region, type = $type, store = $store, ami = $ami" if [ -z "$prevAmi" ]; then diff --git a/nixos/modules/installer/tools/nixos-rebuild.sh b/nixos/modules/installer/tools/nixos-rebuild.sh index 7d0e5913cfb1..af19004cbddb 100644 --- a/nixos/modules/installer/tools/nixos-rebuild.sh +++ b/nixos/modules/installer/tools/nixos-rebuild.sh @@ -157,9 +157,9 @@ if [ -n "$buildNix" ]; then if ! nix-build '<nixpkgs>' -A nix -o $tmpDir/nix "${extraBuildFlags[@]}" > /dev/null; then machine="$(uname -m)" if [ "$machine" = x86_64 ]; then - nixStorePath=/nix/store/664kxr14kfgx4dl095crvmr7pbh9xlh5-nix-1.9 + nixStorePath=/nix/store/xryr9g56h8yjddp89d6dw12anyb4ch7c-nix-1.10 elif [[ "$machine" =~ i.86 ]]; then - nixStorePath=/nix/store/p7xdvz72xx3rhm121jclsbdmmcds7xh6-nix-1.9 + nixStorePath=/nix/store/2w92k5wlpspf0q2k9mnf2z42prx3bwmv-nix-1.10 else echo "$0: unsupported platform" exit 1 diff --git a/nixos/modules/services/databases/opentsdb.nix b/nixos/modules/services/databases/opentsdb.nix index 9c9738570e3f..0e73d4aca0e6 100644 --- a/nixos/modules/services/databases/opentsdb.nix +++ b/nixos/modules/services/databases/opentsdb.nix @@ -5,10 +5,7 @@ with lib; let cfg = config.services.opentsdb; - configFile = pkgs.writeText "opentsdb.conf" '' - tsd.core.auto_create_metrics = true - tsd.http.request.enable_chunked = true - ''; + configFile = pkgs.writeText "opentsdb.conf" cfg.config; in { @@ -59,6 +56,17 @@ in { ''; }; + config = mkOption { + type = types.lines; + default = '' + tsd.core.auto_create_metrics = true + tsd.http.request.enable_chunked = true + ''; + description = '' + The contents of OpenTSDB's configuration file + ''; + }; + }; }; diff --git a/nixos/modules/services/networking/bind.nix b/nixos/modules/services/networking/bind.nix index 57547da10067..34e7470dfc6f 100644 --- a/nixos/modules/services/networking/bind.nix +++ b/nixos/modules/services/networking/bind.nix @@ -24,6 +24,8 @@ let pid-file "/var/run/named/named.pid"; }; + ${cfg.extraConfig} + ${ concatMapStrings ({ name, file, master ? true, slaves ? [], masters ? [] }: '' @@ -110,6 +112,13 @@ in }]; }; + extraConfig = mkOption { + default = ""; + description = " + Extra lines to be added verbatim to the generated named configuration file. + "; + }; + configFile = mkOption { default = confFile; description = " diff --git a/nixos/modules/services/networking/dhcpcd.nix b/nixos/modules/services/networking/dhcpcd.nix index 8552395fdb16..b31d479ab4fd 100644 --- a/nixos/modules/services/networking/dhcpcd.nix +++ b/nixos/modules/services/networking/dhcpcd.nix @@ -18,6 +18,7 @@ let map (i: i.name) (filter (i: if i.useDHCP != null then !i.useDHCP else i.ip4 != [ ] || i.ipAddress != null) interfaces) ++ mapAttrsToList (i: _: i) config.networking.sits ++ concatLists (attrValues (mapAttrs (n: v: v.interfaces) config.networking.bridges)) + ++ concatLists (attrValues (mapAttrs (n: v: v.interfaces) config.networking.vswitches)) ++ concatLists (attrValues (mapAttrs (n: v: v.interfaces) config.networking.bonds)) ++ config.networking.dhcpcd.denyInterfaces; diff --git a/nixos/modules/system/boot/systemd.nix b/nixos/modules/system/boot/systemd.nix index 4976dfe8eea4..13c44e0930a3 100644 --- a/nixos/modules/system/boot/systemd.nix +++ b/nixos/modules/system/boot/systemd.nix @@ -445,6 +445,17 @@ in ''; }; + systemd.generators = mkOption { + type = types.attrsOf types.path; + default = {}; + example = { "systemd-gpt-auto-generator" = "/dev/null"; }; + description = '' + Definition of systemd generators. + For each <literal>NAME = VALUE</literal> pair of the attrSet, a link is generated from + <literal>/etc/systemd/system-generators/NAME</literal> to <literal>VALUE</literal>. + ''; + }; + systemd.defaultUnit = mkOption { default = "multi-user.target"; type = types.str; @@ -601,20 +612,17 @@ in environment.systemPackages = [ systemd ]; - environment.etc."systemd/system".source = - generateUnits "system" cfg.units upstreamSystemUnits upstreamSystemWants; + environment.etc = { + "systemd/system".source = generateUnits "system" cfg.units upstreamSystemUnits upstreamSystemWants; - environment.etc."systemd/user".source = - generateUnits "user" cfg.user.units upstreamUserUnits []; + "systemd/user".source = generateUnits "user" cfg.user.units upstreamUserUnits []; - environment.etc."systemd/system.conf".text = - '' + "systemd/system.conf".text = '' [Manager] ${config.systemd.extraConfig} ''; - environment.etc."systemd/journald.conf".text = - '' + "systemd/journald.conf".text = '' [Journal] RateLimitInterval=${config.services.journald.rateLimitInterval} RateLimitBurst=${toString config.services.journald.rateLimitBurst} @@ -625,17 +633,26 @@ in ${config.services.journald.extraConfig} ''; - environment.etc."systemd/logind.conf".text = - '' + "systemd/logind.conf".text = '' [Login] ${config.services.logind.extraConfig} ''; - environment.etc."systemd/sleep.conf".text = - '' + "systemd/sleep.conf".text = '' [Sleep] ''; + "tmpfiles.d/systemd.conf".source = "${systemd}/example/tmpfiles.d/systemd.conf"; + "tmpfiles.d/x11.conf".source = "${systemd}/example/tmpfiles.d/x11.conf"; + + "tmpfiles.d/nixos.conf".text = '' + # This file is created automatically and should not be modified. + # Please change the option ‘systemd.tmpfiles.rules’ instead. + + ${concatStringsSep "\n" cfg.tmpfiles.rules} + ''; + } // mapAttrs' (n: v: nameValuePair "systemd/system-generators/${n}" {"source"=v;}) cfg.generators; + system.activationScripts.systemd = stringAfter [ "groups" ] '' mkdir -m 0755 -p /var/lib/udev @@ -736,17 +753,6 @@ in startSession = true; }; - environment.etc."tmpfiles.d/systemd.conf".source = "${systemd}/example/tmpfiles.d/systemd.conf"; - environment.etc."tmpfiles.d/x11.conf".source = "${systemd}/example/tmpfiles.d/x11.conf"; - - environment.etc."tmpfiles.d/nixos.conf".text = - '' - # This file is created automatically and should not be modified. - # Please change the option ‘systemd.tmpfiles.rules’ instead. - - ${concatStringsSep "\n" cfg.tmpfiles.rules} - ''; - # Some overrides to upstream units. systemd.services."systemd-backlight@".restartIfChanged = false; systemd.services."systemd-rfkill@".restartIfChanged = false; diff --git a/nixos/modules/tasks/filesystems/zfs.nix b/nixos/modules/tasks/filesystems/zfs.nix index d4b10e9ed09e..675bd3d232a6 100644 --- a/nixos/modules/tasks/filesystems/zfs.nix +++ b/nixos/modules/tasks/filesystems/zfs.nix @@ -21,9 +21,9 @@ let kernel = config.boot.kernelPackages; - splKernelPkg = if cfgZfs.useGit then kernel.spl_git else kernel.spl; - zfsKernelPkg = if cfgZfs.useGit then kernel.zfs_git else kernel.zfs; - zfsUserPkg = if cfgZfs.useGit then pkgs.zfs_git else pkgs.zfs; + splKernelPkg = kernel.spl; + zfsKernelPkg = kernel.zfs; + zfsUserPkg = pkgs.zfs; autosnapPkg = pkgs.zfstools.override { zfs = zfsUserPkg; @@ -53,16 +53,6 @@ in options = { boot.zfs = { - useGit = mkOption { - type = types.bool; - default = false; - example = true; - description = '' - Use the git version of the SPL and ZFS packages. - Note that these are unreleased versions, with less testing, and therefore - may be more unstable. - ''; - }; extraPools = mkOption { type = types.listOf types.str; diff --git a/nixos/modules/tasks/network-interfaces-scripted.nix b/nixos/modules/tasks/network-interfaces-scripted.nix index 328d94cbb05c..d8b1592c36bb 100644 --- a/nixos/modules/tasks/network-interfaces-scripted.nix +++ b/nixos/modules/tasks/network-interfaces-scripted.nix @@ -220,6 +220,45 @@ in ''; }); + createVswitchDevice = n: v: nameValuePair "${n}-netdev" + (let + managedInterfaces = filter (x: hasAttr x cfg.interfaces) v.interfaces; + managedInterfaceServices = concatMap (i: [ "network-addresses-${i}.service" "network-link-${i}.service" ]) managedInterfaces; + virtualInterfaces = filter (x: (hasAttr x cfg.interfaces) && cfg.interfaces.${x}.virtual) v.interfaces; + virtualInterfaceServices = concatMap (i: [ "${i}-netdev.service" ]) virtualInterfaces; + deps = map subsystemDevice v.interfaces; + ofRules = pkgs.writeText "vswitch-${n}-openFlowRules" v.openFlowRules; + in + { description = "Open vSwitch Interface ${n}"; + wantedBy = [ "network.target" "vswitchd.service" (subsystemDevice n) ]; + requires = optionals v.bindInterfaces (deps ++ managedInterfaceServices ++ virtualInterfaceServices); + requiredBy = optionals v.bindInterfaces (managedInterfaceServices ++ virtualInterfaceServices); + bindsTo = deps ++ [ "vswitchd.service" ]; + partOf = [ "vswitchd.service" ]; + after = [ "network-pre.target" "vswitchd.service" ] ++ deps ++ managedInterfaceServices ++ virtualInterfaceServices; + before = [ "network-interfaces.target" (subsystemDevice n) ]; + serviceConfig.Type = "oneshot"; + serviceConfig.RemainAfterExit = true; + path = [ pkgs.iproute config.virtualisation.vswitch.package ]; + script = '' + echo "Removing old Open vSwitch ${n}..." + ovs-vsctl --if-exists del-br ${n} + + echo "Adding Open vSwitch ${n}..." + ovs-vsctl -- add-br ${n} ${concatMapStrings (i: " -- add-port ${n} ${i}") v.interfaces} \ + ${concatMapStrings (x: " -- set-controller ${n} " + x) v.controllers} \ + ${concatMapStrings (x: " -- " + x) (splitString "\n" v.extraOvsctlCmds)} + + echo "Adding OpenFlow rules for Open vSwitch ${n}..." + ovs-ofctl add-flows ${n} ${ofRules} + ''; + postStop = '' + ip link set ${n} down || true + ovs-ofctl del-flows ${n} || true + ovs-vsctl --if-exists del-br ${n} + ''; + }); + createBondDevice = n: v: nameValuePair "${n}-netdev" (let deps = map subsystemDevice v.interfaces; @@ -335,6 +374,7 @@ in map configureAddrs interfaces ++ map createTunDevice (filter (i: i.virtual) interfaces)) // mapAttrs' createBridgeDevice cfg.bridges + // mapAttrs' createVswitchDevice cfg.vswitches // mapAttrs' createBondDevice cfg.bonds // mapAttrs' createMacvlanDevice cfg.macvlans // mapAttrs' createSitDevice cfg.sits diff --git a/nixos/modules/tasks/network-interfaces-systemd.nix b/nixos/modules/tasks/network-interfaces-systemd.nix index 8223c5a4941e..301ee43fd0e5 100644 --- a/nixos/modules/tasks/network-interfaces-systemd.nix +++ b/nixos/modules/tasks/network-interfaces-systemd.nix @@ -35,6 +35,9 @@ in assertions = [ { assertion = cfg.defaultGatewayWindowSize == null; message = "networking.defaultGatewayWindowSize is not supported by networkd."; + } { + assertion = cfg.vswitches == {}; + message = "networking.vswichtes are not supported by networkd."; } ] ++ flip mapAttrsToList cfg.bridges (n: { rstp, ... }: { assertion = !rstp; message = "networking.bridges.${n}.rstp is not supported by networkd."; diff --git a/nixos/modules/tasks/network-interfaces.nix b/nixos/modules/tasks/network-interfaces.nix index 9931c977e8f0..7af3160e2d42 100644 --- a/nixos/modules/tasks/network-interfaces.nix +++ b/nixos/modules/tasks/network-interfaces.nix @@ -12,7 +12,8 @@ let hasBonds = cfg.bonds != { }; slaves = concatMap (i: i.interfaces) (attrValues cfg.bonds) - ++ concatMap (i: i.interfaces) (attrValues cfg.bridges); + ++ concatMap (i: i.interfaces) (attrValues cfg.bridges) + ++ concatMap (i: i.interfaces) (attrValues cfg.vswitches); slaveIfs = map (i: cfg.interfaces.${i}) (filter (i: cfg.interfaces ? ${i}) slaves); @@ -371,6 +372,81 @@ in options = [ interfaceOpts ]; }; + networking.vswitches = mkOption { + default = { }; + example = + { vs0.interfaces = [ "eth0" "eth1" ]; + vs1.interfaces = [ "eth2" "wlan0" ]; + }; + description = + '' + This option allows you to define Open vSwitches that connect + physical networks together. The value of this option is an + attribute set. Each attribute specifies a vswitch, with the + attribute name specifying the name of the vswitch's network + interface. + ''; + + type = types.attrsOf types.optionSet; + + options = { + + interfaces = mkOption { + example = [ "eth0" "eth1" ]; + type = types.listOf types.str; + description = + "The physical network interfaces connected by the vSwitch."; + }; + + bindInterfaces = mkOption { + type = types.bool; + default = false; + description = '' + If true, then the interfaces of the vSwitch are brought 'up' and especially + also 'down' together with the vSwitch. That requires that every interfaces + is configured as a systemd network services. + ''; + }; + + controllers = mkOption { + type = types.listOf types.str; + default = []; + example = [ "ptcp:6653:[::1]" ]; + description = '' + Specify the controller targets. For the allowed options see <literal>man 8 ovs-vsctl</literal>. + ''; + }; + + openFlowRules = mkOption { + type = types.lines; + default = ""; + example = '' + actions=normal + ''; + description = '' + OpenFlow rules to insert into the Open vSwitch. All <literal>openFlowRules</literal> are + loaded with <literal>ovs-ofctl</literal> within one atomic operation. + ''; + }; + + extraOvsctlCmds = mkOption { + type = types.lines; + default = ""; + example = '' + set-fail-mode <switch_name> secure + set Bridge <switch_name> stp_enable=true + ''; + description = '' + Commands to manipulate the Open vSwitch database. Every line executed with <literal>ovs-vsctl</literal>. + All commands are bundled together with the operations for adding the interfaces + into one atomic operation. + ''; + }; + + }; + + }; + networking.bridges = mkOption { default = { }; example = @@ -766,6 +842,8 @@ in services.mstpd = mkIf needsMstpd { enable = true; }; + virtualisation.vswitch = mkIf (cfg.vswitches != { }) { enable = true; }; + }; } diff --git a/nixos/tests/gnome3.nix b/nixos/tests/gnome3.nix index f5e0159f1c7d..7662efe1b350 100644 --- a/nixos/tests/gnome3.nix +++ b/nixos/tests/gnome3.nix @@ -28,7 +28,8 @@ import ./make-test.nix ({ pkgs, ...} : { $machine->succeed("su - alice -c 'DISPLAY=:0.0 gnome-terminal &'"); $machine->waitForWindow(qr/Terminal/); - $machine->sleep(20); + $machine->mustSucceed("timeout 60 bash -c 'journalctl -f|grep -m 1 \"GNOME Shell started\"'"); + $machine->sleep(10); $machine->screenshot("screen"); ''; }) |