| Commit message (Collapse) | Author | Age |
|---|
| |\
| |
| | |
nixos/containers: Introduce several tweaks to systemd-nspawn from upstream systemd
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
systemd
* Lets container@.service be activated by machines.target instead of
multi-user.target
According to the systemd manpages, all containers that are registered
by machinectl, should be inside machines.target for easy stopping
and starting container units altogether
* make sure container@.service and container.slice instances are
actually located in machine.slice
https://plus.google.com/112206451048767236518/posts/SYAueyXHeEX
See original commit: https://github.com/NixOS/systemd/commit/45d383a3b8
* Enable Cgroup delegation for nixos-containers
Delegate=yes should be set for container scopes where a systemd instance
inside the container shall manage the hierarchies below its own cgroup
and have access to all controllers.
This is equivalent to enabling all accounting options on the systemd
process inside the system container. This means that systemd inside
the container is responsible for managing Cgroup resources for
unit files that enable accounting options inside. Without this
option, units that make use of cgroup features within system
containers might misbehave
See original commit: https://github.com/NixOS/systemd/commit/a931ad47a8
from the manpage:
Turns on delegation of further resource control partitioning to
processes of the unit. Units where this is enabled may create and
manage their own private subhierarchy of control groups below the
control group of the unit itself. For unprivileged services (i.e.
those using the User= setting) the unit's control group will be made
accessible to the relevant user. When enabled the service manager
will refrain from manipulating control groups or moving processes
below the unit's control group, so that a clear concept of ownership
is established: the control group tree above the unit's control
group (i.e. towards the root control group) is owned and managed by
the service manager of the host, while the control group tree below
the unit's control group is owned and managed by the unit itself.
Takes either a boolean argument or a list of control group
controller names. If true, delegation is turned on, and all
supported controllers are enabled for the unit, making them
available to the unit's processes for management. If false,
delegation is turned off entirely (and no additional controllers are
enabled). If set to a list of controllers, delegation is turned on,
and the specified controllers are enabled for the unit. Note that
additional controllers than the ones specified might be made
available as well, depending on configuration of the containing
slice unit or other units contained in it. Note that assigning the
empty string will enable delegation, but reset the list of
controllers, all assignments prior to this will have no effect.
Defaults to false.
Note that controller delegation to less privileged code is only safe
on the unified control group hierarchy. Accordingly, access to the
specified controllers will not be granted to unprivileged services
on the legacy hierarchy, even when requested.
The following controller names may be specified: cpu, cpuacct, io,
blkio, memory, devices, pids. Not all of these controllers are
available on all kernels however, and some are specific to the
unified hierarchy while others are specific to the legacy hierarchy.
Also note that the kernel might support further controllers, which
aren't covered here yet as delegation is either not supported at all
for them or not defined cleanly.
|
| | |
| |
| |
| | |
(cherry picked from commit d3ae884c9eeb4a6f66ac4e57764c04db16ea7c71)
|
| |\ \
| | |
| | | |
nixos/systemd: support "suspend-then-hibernate" logind option
|
| | | | |
|
| | |/
|/|
| |
| |
| |
| |
| |
| | |
* journald: forward message to syslog by default if a syslog implementation is installed
* added a test to ensure rsyslog is receiving messages when expected
* added rsyslogd tests to release.nix
|
| | |
| |
| |
| |
| |
| | |
"machine.target" doesn't actually exist, it's misspelled version
of "machines.target". However, the "systemd-nspawn@.service"
unit already has a default dependency on "machines.target"
|
| | |
| |
| |
| |
| | |
NixOS is unable to boot using the RPi bootloader (w/o U-Boot) unless the initrd
is configured.
|
| | | |
|
| | |
| |
| |
| | |
Raspberry Pi Zero
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| |/ |
|
| |\
| |
| | |
nixos/systemd-lib: fix assertValueOneOf
|
| | |
| |
| |
| | |
when value is not a string
|
| |\ \
| | |
| | | |
nixos/initrd-network: multiple DHCP fixes
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | | |
* acquire DHCP on the interfaces with networking.interface.$name.useDHCP == true or on all interfaces if networking.useDHCP == true (was only only "eth0")
* respect "mtu" if it was in DHCP answer (it happens in the wild)
* acquire and set up staticroutes (unlike others clients, udhcpc does not do the query by default); this supersedes https://github.com/NixOS/nixpkgs/pull/41829
|
| | | |
| | |
| | | |
Fixes #36210
|
| |\ \ \
| | | |
| | | | |
Replace several activation script snippets with declarative configuration
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
As far as I can tell, systemd has never used this directory, so I think
this is a holdover from before udev merged into systemd.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The default value for journald's Storage option is "auto", which
determines whether to log to /var/log/journal based on whether that
directory already exists. So NixOS has been unconditionally creating
that directory in activation scripts.
However, we can get the same behavior by configuring journald.conf to
set Storage to "persistent" instead. In that case, journald will create
the directory itself if necessary.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Previously, the activation script was responsible for ensuring that
/etc/machine-id exists. However, the only time it could not already
exist is during stage-2-init, not while switching configurations,
because one of the first things systemd does when starting up as PID 1
is to create this file. So I've moved the initialization to
stage-2-init.
Furthermore, since systemd will do the equivalent of
systemd-machine-id-setup if /etc/machine-id doesn't have valid contents,
we don't need to do that ourselves.
We _do_, however, want to ensure that the file at least exists, because
systemd also uses the non-existence of this file to guess that this is a
first-boot situation. In that case, systemd tries to create some
symlinks in /etc/systemd/system according to its presets, which it can't
do because we've already populated /etc according to the current NixOS
configuration.
This is not necessary for any other activation script snippets, so it's
okay to do it after stage-2-init runs the activation script. None of
them declare a dependency on the "systemd" snippet. Also, most of them
only create files or directories in ways that obviously don't need the
machine-id set.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
As far as I can tell, the systemd snippet hasn't depended on groups
being initialized since 5d02c02a9bfd6912e4e0f700b1b35e76d1d6bd3f in
2015, when a `setfacl` call was removed.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Evaluation error introduced in 599c4df46a90c7415a6cc0689f0b23d22e7fdb67.
There is only a "platformS" attribute in kexectools.meta, so let's use
this and from the code in the kexec module it operates on a list,
matching the corresponding platforms, so this seems to be the attribute
the original author intended.
Tested by building nixos/tests/kexec.nix on x86_64-linux and while it
evaluates now, the test still fails by timing out shortly after the
kexec:
machine: waiting for the VM to finish booting
machine# Cannot find the ESP partition mount point.
This however seems to be an unrelated issue and was also the case before
the commit mentioned above.
Signed-off-by: aszlig <aszlig@nix.build>
Cc: @edolstra, @dezgeg
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
This sort of code breaks config.{allowBroken, allowUnsupportedSystem} =
true by making them do unpredictable things.
|
| |/ / /
| | |
| | |
| | |
| | | |
Likewise logind we should not try to restart this service after upgrade,
the user's current session depends on it.
|
| | |/
|/| |
|
| | |
| |
| |
| |
| | |
A route via a tunnel interface does not require a gateway to be
specified, so do not check for the Gateway= field on routes at all.
|
| | | |
|
| | |
| |
| |
| |
| | |
Support Multicast= option in [Link] section of network units,
introduced in systemd/systemd#9118.
|
| | |
| |
| | |
Although double '/' in paths is not a problem for GRUB supplied with nixpkgs, sometimes NixOS's grub.conf read by external GRUB and there are versions of GRUB which fail
|
| | |
| |
| | |
fsck of a mounted filesystems fails with error code 8 "Operational error" and halts the boot processing
|
| |\ \ |
|
| | | |
| | |
| | |
| | |
| | | |
This also includes a set of defaults *for this option*, where when not
used, other saner defaults are used.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The background color option is self-explanatory.
The mode is either `normal` or `stretch`, they are as defined by GRUB,
where normal will put the image in the top-left corner of the menu, and
stretch is the default, where it stretches the image without
consideration for the aspect ratio.
* https://www.gnu.org/software/grub/manual/grub/grub.html#background_005fimage
|
| | | |
| | |
| | |
| | | |
It is deprecated and will be removed after 18.09.
|
| | | | |
|
| |/ /
| |
| |
| |
| |
| |
| | |
systemd-fsck-generator only produces these lines if it can find the
necessary fsck executable in its PATH.
fixes #29139.
|
| | | |
|
| | |
| |
| |
| | |
Progress towards #27069
|
| |\ \
| | |
| | |
| | | |
Hydra: ?compare=1473892
|
| | |\ \
| | | |
| | | | |
nixos/networkd: add missing options
|
| | | | | |
|
| |\| | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Conflicts: gobby and libinfinity - I took the hand-edited versions
instead of those resuting from the mass-replacement.
Hydra: ?compare=1473190
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This fixes an issue where setting both
`boot.loader.systemd-boot.editor` to `false` and
`boot.loader.systemd-boot.consoleMode` to any value would concatenate
the two configuration lines in the output, resulting in an invalid
`loader.conf`.
|
| |\| | | |
|
| | |\ \ \
| | | | |
| | | | | |
nixos: initrd/luks: allow to reuse passphrases, cleanup
|