diff options
Diffstat (limited to 'nixpkgs/nixos/modules/system')
-rw-r--r-- | nixpkgs/nixos/modules/system/activation/switch-to-configuration.pl | 10 | ||||
-rw-r--r-- | nixpkgs/nixos/modules/system/activation/top-level.nix | 2 | ||||
-rw-r--r-- | nixpkgs/nixos/modules/system/boot/binfmt.nix | 4 | ||||
-rw-r--r-- | nixpkgs/nixos/modules/system/boot/kexec.nix | 6 | ||||
-rw-r--r-- | nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix | 4 | ||||
-rw-r--r-- | nixpkgs/nixos/modules/system/boot/loader/grub/install-grub.pl | 31 | ||||
-rw-r--r-- | nixpkgs/nixos/modules/system/boot/resolved.nix | 3 | ||||
-rw-r--r-- | nixpkgs/nixos/modules/system/boot/stage-1-init.sh | 2 | ||||
-rw-r--r-- | nixpkgs/nixos/modules/system/boot/stage-1.nix | 2 | ||||
-rw-r--r-- | nixpkgs/nixos/modules/system/boot/systemd.nix | 14 | ||||
-rw-r--r-- | nixpkgs/nixos/modules/system/etc/etc.nix | 73 | ||||
-rw-r--r-- | nixpkgs/nixos/modules/system/etc/make-etc.sh | 45 |
12 files changed, 115 insertions, 81 deletions
diff --git a/nixpkgs/nixos/modules/system/activation/switch-to-configuration.pl b/nixpkgs/nixos/modules/system/activation/switch-to-configuration.pl index 8bd85465472f..dd391c8b5d78 100644 --- a/nixpkgs/nixos/modules/system/activation/switch-to-configuration.pl +++ b/nixpkgs/nixos/modules/system/activation/switch-to-configuration.pl @@ -243,9 +243,13 @@ while (my ($unit, $state) = each %{$activePrev}) { foreach my $socket (@sockets) { if (defined $activePrev->{$socket}) { $unitsToStop{$socket} = 1; - $unitsToStart{$socket} = 1; - recordUnit($startListFile, $socket); - $socketActivated = 1; + # Only restart sockets that actually + # exist in new configuration: + if (-e "$out/etc/systemd/system/$socket") { + $unitsToStart{$socket} = 1; + recordUnit($startListFile, $socket); + $socketActivated = 1; + } } } } diff --git a/nixpkgs/nixos/modules/system/activation/top-level.nix b/nixpkgs/nixos/modules/system/activation/top-level.nix index 4e2f25cd27fc..d3e4923a993f 100644 --- a/nixpkgs/nixos/modules/system/activation/top-level.nix +++ b/nixpkgs/nixos/modules/system/activation/top-level.nix @@ -125,7 +125,7 @@ let else showWarnings config.warnings baseSystem; # Replace runtime dependencies - system = fold ({ oldDependency, newDependency }: drv: + system = foldr ({ oldDependency, newDependency }: drv: pkgs.replaceDependency { inherit oldDependency newDependency drv; } ) baseSystemAssertWarn config.system.replaceRuntimeDependencies; diff --git a/nixpkgs/nixos/modules/system/boot/binfmt.nix b/nixpkgs/nixos/modules/system/boot/binfmt.nix index cbdf581d73a7..2408ecc80d22 100644 --- a/nixpkgs/nixos/modules/system/boot/binfmt.nix +++ b/nixpkgs/nixos/modules/system/boot/binfmt.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: let - inherit (lib) mkOption types optionalString; + inherit (lib) mkOption types optionalString stringAfter; cfg = config.boot.binfmt; @@ -270,7 +270,7 @@ in { environment.etc."binfmt.d/nixos.conf".source = builtins.toFile "binfmt_nixos.conf" (lib.concatStringsSep "\n" (lib.mapAttrsToList makeBinfmtLine config.boot.binfmt.registrations)); - system.activationScripts.binfmt = '' + system.activationScripts.binfmt = stringAfter [ "specialfs" ] '' mkdir -p -m 0755 /run/binfmt ${lib.concatStringsSep "\n" (lib.mapAttrsToList activationSnippet config.boot.binfmt.registrations)} ''; diff --git a/nixpkgs/nixos/modules/system/boot/kexec.nix b/nixpkgs/nixos/modules/system/boot/kexec.nix index 03312aa26edc..02c2713ede11 100644 --- a/nixpkgs/nixos/modules/system/boot/kexec.nix +++ b/nixpkgs/nixos/modules/system/boot/kexec.nix @@ -1,8 +1,8 @@ { pkgs, lib, ... }: { - config = lib.mkIf (lib.meta.availableOn pkgs.stdenv.hostPlatform pkgs.kexectools) { - environment.systemPackages = [ pkgs.kexectools ]; + config = lib.mkIf (lib.meta.availableOn pkgs.stdenv.hostPlatform pkgs.kexec-tools) { + environment.systemPackages = [ pkgs.kexec-tools ]; systemd.services.prepare-kexec = { description = "Preparation for kexec"; @@ -10,7 +10,7 @@ before = [ "systemd-kexec.service" ]; unitConfig.DefaultDependencies = false; serviceConfig.Type = "oneshot"; - path = [ pkgs.kexectools ]; + path = [ pkgs.kexec-tools ]; script = '' # Don't load the current system profile if we already have a kernel loaded diff --git a/nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix b/nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix index c6ec9acd54c1..1be663670384 100644 --- a/nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix +++ b/nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix @@ -75,7 +75,7 @@ let else "${convertedFont}"); }); - bootDeviceCounters = fold (device: attr: attr // { ${device} = (attr.${device} or 0) + 1; }) {} + bootDeviceCounters = foldr (device: attr: attr // { ${device} = (attr.${device} or 0) + 1; }) {} (concatMap (args: args.devices) cfg.mirroredBoots); convertedFont = (pkgs.runCommand "grub-font-converted.pf2" {} @@ -553,6 +553,8 @@ in apply = toString; description = '' Index of the default menu item to be booted. + Can also be set to "saved", which will make GRUB select + the menu item that was used at the last boot. ''; }; diff --git a/nixpkgs/nixos/modules/system/boot/loader/grub/install-grub.pl b/nixpkgs/nixos/modules/system/boot/loader/grub/install-grub.pl index e0167654748e..4d8537d4c327 100644 --- a/nixpkgs/nixos/modules/system/boot/loader/grub/install-grub.pl +++ b/nixpkgs/nixos/modules/system/boot/loader/grub/install-grub.pl @@ -85,6 +85,7 @@ my $bootloaderId = get("bootloaderId"); my $forceInstall = get("forceInstall"); my $font = get("font"); my $theme = get("theme"); +my $saveDefault = $defaultEntry eq "saved"; $ENV{'PATH'} = get("path"); die "unsupported GRUB version\n" if $grubVersion != 1 && $grubVersion != 2; @@ -250,6 +251,8 @@ if ($copyKernels == 0) { my $conf .= "# Automatically generated. DO NOT EDIT THIS FILE!\n"; if ($grubVersion == 1) { + # $defaultEntry might be "saved", indicating that we want to use the last selected configuration as default. + # Incidentally this is already the correct value for the grub 1 config to achieve this behaviour. $conf .= " default $defaultEntry timeout $timeout @@ -305,6 +308,10 @@ else { " . $grubStore->search; } # FIXME: should use grub-mkconfig. + my $defaultEntryText = $defaultEntry; + if ($saveDefault) { + $defaultEntryText = "\"\${saved_entry}\""; + } $conf .= " " . $grubBoot->search . " if [ -s \$prefix/grubenv ]; then @@ -318,11 +325,19 @@ else { set next_entry= save_env next_entry set timeout=1 + set boot_once=true else - set default=$defaultEntry + set default=$defaultEntryText set timeout=$timeout fi + function savedefault { + if [ -z \"\${boot_once}\"]; then + saved_entry=\"\${chosen}\" + save_env saved_entry + fi + } + # Setup the graphics stack for bios and efi systems if [ \"\${grub_platform}\" = \"efi\" ]; then insmod efi_gop @@ -468,9 +483,16 @@ sub addEntry { $conf .= " $extraPerEntryConfig\n" if $extraPerEntryConfig; $conf .= " kernel $xen $xenParams\n" if $xen; $conf .= " " . ($xen ? "module" : "kernel") . " $kernel $kernelParams\n"; - $conf .= " " . ($xen ? "module" : "initrd") . " $initrd\n\n"; + $conf .= " " . ($xen ? "module" : "initrd") . " $initrd\n"; + if ($saveDefault) { + $conf .= " savedefault\n"; + } + $conf .= "\n"; } else { $conf .= "menuentry \"$name\" " . ($options||"") . " {\n"; + if ($saveDefault) { + $conf .= " savedefault\n"; + } $conf .= $grubBoot->search . "\n"; if ($copyKernels == 0) { $conf .= $grubStore->search . "\n"; @@ -605,6 +627,11 @@ my $efiTarget = getEfiTarget(); # Append entries detected by os-prober if (get("useOSProber") eq "true") { + if ($saveDefault) { + # os-prober will read this to determine if "savedefault" should be added to generated entries + $ENV{'GRUB_SAVEDEFAULT'} = "true"; + } + my $targetpackage = ($efiTarget eq "no") ? $grub : $grubEfi; system(get("shell"), "-c", "pkgdatadir=$targetpackage/share/grub $targetpackage/etc/grub.d/30_os-prober >> $tmpFile"); } diff --git a/nixpkgs/nixos/modules/system/boot/resolved.nix b/nixpkgs/nixos/modules/system/boot/resolved.nix index 84bc9b78076c..a6fc07da0abb 100644 --- a/nixpkgs/nixos/modules/system/boot/resolved.nix +++ b/nixpkgs/nixos/modules/system/boot/resolved.nix @@ -140,7 +140,8 @@ in # add resolve to nss hosts database if enabled and nscd enabled # system.nssModules is configured in nixos/modules/system/boot/systemd.nix - system.nssDatabases.hosts = optional config.services.nscd.enable "resolve [!UNAVAIL=return]"; + # added with order 501 to allow modules to go before with mkBefore + system.nssDatabases.hosts = (mkOrder 501 ["resolve [!UNAVAIL=return]"]); systemd.additionalUpstreamSystemUnits = [ "systemd-resolved.service" diff --git a/nixpkgs/nixos/modules/system/boot/stage-1-init.sh b/nixpkgs/nixos/modules/system/boot/stage-1-init.sh index ddaf985878e0..3dfcc010b64e 100644 --- a/nixpkgs/nixos/modules/system/boot/stage-1-init.sh +++ b/nixpkgs/nixos/modules/system/boot/stage-1-init.sh @@ -542,7 +542,7 @@ while read -u 3 mountPoint; do # If copytoram is enabled: skip mounting the ISO and copy its content to a tmpfs. if [ -n "$copytoram" ] && [ "$device" = /dev/root ] && [ "$mountPoint" = /iso ]; then fsType=$(blkid -o value -s TYPE "$device") - fsSize=$(blockdev --getsize64 "$device") + fsSize=$(blockdev --getsize64 "$device" || stat -Lc '%s' "$device") mkdir -p /tmp-iso mount -t "$fsType" /dev/root /tmp-iso diff --git a/nixpkgs/nixos/modules/system/boot/stage-1.nix b/nixpkgs/nixos/modules/system/boot/stage-1.nix index d606d473d91e..03133fa1bc43 100644 --- a/nixpkgs/nixos/modules/system/boot/stage-1.nix +++ b/nixpkgs/nixos/modules/system/boot/stage-1.nix @@ -375,7 +375,7 @@ let } trap cleanup EXIT - tmp=$(mktemp -d initrd-secrets.XXXXXXXXXX) + tmp=$(mktemp -d ''${TMPDIR:-/tmp}/initrd-secrets.XXXXXXXXXX) ${lib.concatStringsSep "\n" (mapAttrsToList (dest: source: let source' = if source == null then dest else toString source; in diff --git a/nixpkgs/nixos/modules/system/boot/systemd.nix b/nixpkgs/nixos/modules/system/boot/systemd.nix index adc226d89913..644ee9d2e46a 100644 --- a/nixpkgs/nixos/modules/system/boot/systemd.nix +++ b/nixpkgs/nixos/modules/system/boot/systemd.nix @@ -70,7 +70,10 @@ let # Journal. "systemd-journald.socket" + "systemd-journald@.socket" + "systemd-journald-varlink@.socket" "systemd-journald.service" + "systemd-journald@.service" "systemd-journal-flush.service" "systemd-journal-catalog-update.service" ] ++ (optional (!config.boot.isContainer) "systemd-journald-audit.socket") ++ [ @@ -925,9 +928,8 @@ in system.nssModules = [ systemd.out ]; system.nssDatabases = { hosts = (mkMerge [ - [ "mymachines" ] - (mkOrder 1600 [ "myhostname" ] # 1600 to ensure it's always the last - ) + (mkOrder 400 ["mymachines"]) # 400 to ensure it comes before resolve (which is mkBefore'd) + (mkOrder 999 ["myhostname"]) # after files (which is 998), but before regular nss modules ]); passwd = (mkMerge [ (mkAfter [ "systemd" ]) @@ -1045,7 +1047,7 @@ in done '' + concatMapStrings (name: optionalString (hasPrefix "tmpfiles.d/" name) '' rm -f $out/${removePrefix "tmpfiles.d/" name} - '') config.system.build.etc.targets; + '') config.system.build.etc.passthru.targets; }) + "/*"; "systemd/system-generators" = { source = hooks "generators" cfg.generators; }; @@ -1054,6 +1056,7 @@ in services.dbus.enable = true; + users.users.systemd-coredump.uid = config.ids.uids.systemd-coredump; users.users.systemd-network.uid = config.ids.uids.systemd-network; users.groups.systemd-network.gid = config.ids.gids.systemd-network; users.users.systemd-resolve.uid = config.ids.uids.systemd-resolve; @@ -1130,6 +1133,7 @@ in users.groups.systemd-journal.gid = config.ids.gids.systemd-journal; users.users.systemd-journal-gateway.uid = config.ids.uids.systemd-journal-gateway; + users.users.systemd-journal-gateway.group = "systemd-journal-gateway"; users.groups.systemd-journal-gateway.gid = config.ids.gids.systemd-journal-gateway; # Generate timer units for all services that have a ‘startAt’ value. @@ -1182,6 +1186,8 @@ in systemd.services."user-runtime-dir@".restartIfChanged = false; systemd.services.systemd-journald.restartTriggers = [ config.environment.etc."systemd/journald.conf".source ]; systemd.services.systemd-journald.stopIfChanged = false; + systemd.services."systemd-journald@".restartTriggers = [ config.environment.etc."systemd/journald.conf".source ]; + systemd.services."systemd-journald@".stopIfChanged = false; systemd.targets.local-fs.unitConfig.X-StopOnReconfiguration = true; systemd.targets.remote-fs.unitConfig.X-StopOnReconfiguration = true; systemd.targets.network-online.wantedBy = [ "multi-user.target" ]; diff --git a/nixpkgs/nixos/modules/system/etc/etc.nix b/nixpkgs/nixos/modules/system/etc/etc.nix index a450f303572e..84468ea31f74 100644 --- a/nixpkgs/nixos/modules/system/etc/etc.nix +++ b/nixpkgs/nixos/modules/system/etc/etc.nix @@ -6,23 +6,62 @@ with lib; let - etc' = filter (f: f.enable) (attrValues config.environment.etc); - - etc = pkgs.stdenvNoCC.mkDerivation { - name = "etc"; - - builder = ./make-etc.sh; - - preferLocalBuild = true; - allowSubstitutes = false; - - /* !!! Use toXML. */ - sources = map (x: x.source) etc'; - targets = map (x: x.target) etc'; - modes = map (x: x.mode) etc'; - users = map (x: x.user) etc'; - groups = map (x: x.group) etc'; - }; + # if the source is a local file, it should be imported to the store + localToStore = mapAttrs (name: value: if name == "source" then "${value}" else value); + etc' = map localToStore (filter (f: f.enable) (attrValues config.environment.etc)); + + etc = pkgs.runCommandLocal "etc" { + # This is needed for the systemd module + passthru.targets = map (x: x.target) etc'; + } /* sh */ '' + set -euo pipefail + + makeEtcEntry() { + src="$1" + target="$2" + mode="$3" + user="$4" + group="$5" + + if [[ "$src" = *'*'* ]]; then + # If the source name contains '*', perform globbing. + mkdir -p "$out/etc/$target" + for fn in $src; do + ln -s "$fn" "$out/etc/$target/" + done + else + + mkdir -p "$out/etc/$(dirname "$target")" + if ! [ -e "$out/etc/$target" ]; then + ln -s "$src" "$out/etc/$target" + else + echo "duplicate entry $target -> $src" + if [ "$(readlink "$out/etc/$target")" != "$src" ]; then + echo "mismatched duplicate entry $(readlink "$out/etc/$target") <-> $src" + ret=1 + + continue + fi + fi + + if [ "$mode" != symlink ]; then + echo "$mode" > "$out/etc/$target.mode" + echo "$user" > "$out/etc/$target.uid" + echo "$group" > "$out/etc/$target.gid" + fi + fi + } + + mkdir -p "$out/etc" + ${concatMapStringsSep "\n" (etcEntry: escapeShellArgs [ + "makeEtcEntry" + etcEntry.source + etcEntry.target + etcEntry.mode + etcEntry.user + etcEntry.group + ]) etc'} + ''; in diff --git a/nixpkgs/nixos/modules/system/etc/make-etc.sh b/nixpkgs/nixos/modules/system/etc/make-etc.sh deleted file mode 100644 index aabfb5e88a65..000000000000 --- a/nixpkgs/nixos/modules/system/etc/make-etc.sh +++ /dev/null @@ -1,45 +0,0 @@ -source $stdenv/setup - -mkdir -p $out/etc - -set -f -sources_=($sources) -targets_=($targets) -modes_=($modes) -users_=($users) -groups_=($groups) -set +f - -for ((i = 0; i < ${#targets_[@]}; i++)); do - source="${sources_[$i]}" - target="${targets_[$i]}" - - if [[ "$source" =~ '*' ]]; then - - # If the source name contains '*', perform globbing. - mkdir -p $out/etc/$target - for fn in $source; do - ln -s "$fn" $out/etc/$target/ - done - - else - - mkdir -p $out/etc/$(dirname $target) - if ! [ -e $out/etc/$target ]; then - ln -s $source $out/etc/$target - else - echo "duplicate entry $target -> $source" - if test "$(readlink $out/etc/$target)" != "$source"; then - echo "mismatched duplicate entry $(readlink $out/etc/$target) <-> $source" - exit 1 - fi - fi - - if test "${modes_[$i]}" != symlink; then - echo "${modes_[$i]}" > $out/etc/$target.mode - echo "${users_[$i]}" > $out/etc/$target.uid - echo "${groups_[$i]}" > $out/etc/$target.gid - fi - - fi -done |