| Commit message (Collapse) | Author | Age |
... | |
|\ \ \ \ \ \
| |_|_|_|/ /
|/| | | | | |
nixos/stage-1-systemd: fix initrd-fstab generation for bind mounts
|
| | | | | | |
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | | |
nixos/*: more option docs conversions
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
once again using nix-doc-munge (https://github.com/pennae/nix-doc-munge/commit/69d080323ae27c0d8da3967c62b925a9aedb2828)
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
make (almost) all links appear on only a single line, with no
unnecessary whitespace, using double quotes for attributes. this lets us
automatically convert them to markdown easily.
the few remaining links are extremely long link in a gnome module, we'll
come back to those at a later date.
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
we can't embed syntactic annotations of this kind in markdown code
blocks without yet another extension. replaceable is rare enough to make
this not much worth it, so we'll go with «thing» instead. the module
system already uses this format for its placeholder names in attrsOf
paths.
|
| | |_|/ / /
| |/| | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
our xslt already replaces double line breaks with a paragraph close and
reopen. not using explicit para tags lets nix-doc-munge convert more
descriptions losslessly.
only whitespace changes to generated documents, except for two
strongswan options gaining paragraph two breaks they arguably should've
had anyway.
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | | |
nixos/networkd: Fix some invalid examples
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
The example was not valid, and would raise an error.
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
The example was not valid, and would raise an error.
|
|\ \ \ \ \ \ \
| |_|/ / / / /
|/| | | | | | |
|
| |/ / / / / |
|
|\ \ \ \ \ \
| |_|/ / / /
|/| | | | | |
make-initrd-ng: parse ELFs ourselves instead of shelling out to patchelf and friends
|
| |/ / / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Now the tool will only strip binaries if a strip executable is passed
via the STRIP environment variable. This is exposed via the strip
option for makeInitrdNG and the NixOS option boot.initrd.systemd.strip.
|
|\ \ \ \ \
| | | | | |
| | | | | | |
add Promiscuous as valid value for linkConfig
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
configuring a network via
`systemd.network.networks.<name>.linkConfig`
does not allow to set the attr Promiscuous = "true";
This referes to:
https://www.freedesktop.org/software/systemd/man/systemd.network.html#Promiscuous=
Signed-off-by: Philippe Schaaf <philippe.schaaf@secunet.com>
|
|\ \ \ \ \ \ |
|
| |\| | | | | |
|
| |\ \ \ \ \ \
| | | |/ / / /
| | |/| | | | |
|
| |\ \ \ \ \ \ |
|
| |\ \ \ \ \ \ \
| | | |_|_|_|_|/
| | |/| | | | | |
|
| |\ \ \ \ \ \ \ |
|
| |\ \ \ \ \ \ \ \ |
|
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
The ConditionFileNotEmpty override patch wasn't correct for stage1, which
does have the modules in /lib. So, remove the patch and set
the right path with overrides in the final system.
Also, make sure systemd-tmpfiles-setup-dev is pulled in to create
all the necessary symlinks.
|
|\ \ \ \ \ \ \ \ \ \
| |_|_|_|_|_|_|/ / /
|/| | | | | | | | | |
nixos: systemd-coredump: improve disabled state
|
| | |_|_|_|_|/ / /
| |/| | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
The systemd-coredump module required systemd to be built with
withCoredump=true, even if the module was disabled.
- allow systemd to be missing systemd-coredump if the module is disabled
- switch to mkDefault for the sysctl config to allow user overrides when
the module is disabled
- add nixos tests for both the enabled and disabled cases
|
|/ / / / / / / /
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
the conversion procedure is simple:
- find all things that look like options, ie calls to either `mkOption`
or `lib.mkOption` that take an attrset. remember the attrset as the
option
- for all options, find a `description` attribute who's value is not a
call to `mdDoc` or `lib.mdDoc`
- textually convert the entire value of the attribute to MD with a few
simple regexes (the set from mdize-module.sh)
- if the change produced a change in the manual output, discard
- if the change kept the manual unchanged, add some text to the
description to make sure we've actually found an option. if the
manual changes this time, keep the converted description
this procedure converts 80% of nixos options to markdown. around 2000
options remain to be inspected, but most of those fail the "does not
change the manual output check": currently the MD conversion process
does not faithfully convert docbook tags like <code> and <package>, so
any option using such tags will not be converted at all.
|
|\ \ \ \ \ \ \ \
| |_|_|_|_|/ / /
|/| | | | | | | |
treewide: invariant option conversions to MD
|
| |/ / / / / / |
|
| |_|_|/ / /
|/| | | | |
| | | | | |
| | | | | |
| | | | | | |
While writing a configuration, I found a usage for this field and
noticed it was missing when building the configuration.
|
|\ \ \ \ \ \
| |_|_|/ / /
|/| | | | | |
convert some varlists in option docs to MD
|
| |/ / / / |
|
|\ \ \ \ \
| |_|/ / /
|/| | | | |
nixos/pam: refactor pam_mount unmounting fix
|
| |/ / / |
|
|\ \ \ \
| |/ / /
|/| | | |
move passwdEntry type
|
| | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
`boot.initrd.systemd.emergencyAccess` expects passwd(5) formatted
strings, hence `singleLineStr` is too broad.
Use the same type as `users.users.*.hashedPassword` to ensure
consistency across all options where password hashes are used.
From `modules/config/users-groups.nix`:
```
hashedPassword = mkOption {
type = with types; nullOr (passwdEntry str);
...
};
```
|
| | | |
|
|\ \ \
| | | |
| | | | |
raspberrypi-bootloader: Update doc URL for config.txt options
|
| | |/
| |/|
| | |
| | | |
The old URL was redirecting to more generic Rasbperry Pi documentation.
|
|\ \ \
| |/ /
|/| | |
nixos/resolvconf: allow different implementations
|
| |/
| |
| |
| |
| | |
Expose the package that provides the system-wide `resolvconf` command
(either openresolv or systemd) to allow implementation-agnostic modules.
|
|/
|
| |
Seem to be omitted in https://github.com/NixOS/nixpkgs/commit/022b4209a398b0648e4d5e2bead42ad9662ad764#diff-5ea4693beb4bdd8f7efcdd3204ceea67c86f59b3d1c28cde063ddf03e1d20fbfL29.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Handling of the string length condition in should_update
was broken, as evident with the log message
> leaving systemd-boot 246 in place (250.4 is not newer)
Discussion with @mweinelt came to the conclusion
that Python's "<" operator already does what we need,
so the should_update function can be dropped.
Fixes a30de3b849bb29b4d2206e1a652707fba8ea18a4
|
|\
| |
| | |
nixos/stage-1: Fix library path in libraries, fix ZFS mount options
|
| |
| |
| |
| |
| | |
The previous commit properly adjusts all library paths, thus no need to
forcefully adjust the path at runtime any longer.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
`extra-utils` composes the set of programs and libraries needed by
1. copying over all programs
2. copying over all libraries any program directly links against
3. set the runtime path for every program to the library directory
It seems that this approach misses the case where a library itself links
against another library. That is to say, `extra-utils` assumes that
either only progams link against libraries or that every library linked
to by a library is already linked to by a program.
`mount.zfs` linking against `libcrypto`, in turn linking against `libdl`
shows how the current approach falls short:
```
$ objdump -p $(which mount.zfs) | grep NEEDED | grep -e libdl -e libcrypto
NEEDED libcrypto.so.1.1
$ ldd (which mount.zfs) | grep libdl
libdl.so.2 => /nix/store/ybkkrhdwdj227kr20vk8qnzqnmj7a06x-glibc-2.34-115/lib/libdl.so.2 (0x00007f9967a9a000
```
Using `mount.zfs` directly in stage 1 init still works since
`LD_LIBRARY_PATH` overrides this (as intended).
util-linux's `mount` however executes `mount.zfs` with LD_LIBRARY_PATH
removed from its environment as can be seen with strace(1) in an
interactive stage 1 init shell (`boot.shell_on_fail` kernel parameter):
```
# env -i LD_LIBRARY_PATH=$LD_LIBRARY_PATH $(which strace) -ff -e trace=/exec -v -qqq $(which mount) /mnt-root
execve("/nix/store/3gqbb3swgiy749fxd5a4k6kirkr2jr9n-extra-utils/bin/mount", ["/nix/store/3gqbb3swgiy749fxd5a4k"..., "/mnt-root"], ["LD_LIBRARY_PATH=/nix/store/3gqbb"...]) = 0
[pid 1026] execve("/sbin/mount.zfs", ["/sbin/mount.zfs", "<redacted>", "/mnt-root", "-o", "rw,zfsutil"], []) = 0
/sbin/mount.zfs: error while loading shared libraries: libdl.so.2: cannot open shared object file: No such file or directory
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1026, si_uid=0, si_status=127, si_utime=0, si_stime=0} ---
```
env(1) is used for clarity (hence subshells for absoloute paths).
While `mount` uses the right library path, `mount.zfs` is stripped of
it, so ld.so(8) fails resolve `libdl` (as required by `libcrypto`).
To fix this and not rely on `LD_LIBRARY_PATH` to be set, fix the library
path inside libraries as well.
This finally mounts all ZFS filesystems using `zfsutil` with correct and
intended mount options.
|
| |
| |
| |
| |
| | |
find(1)'s test `-type f` already excludes symbolic links, so `test -L`
will never return false for found files.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
At least pkgs/os-specific/linux/util-linux/default.nix uses
```
"--enable-fs-paths-default=/run/wrappers/bin:/run/current-system/sw/bin:/sbin"
```
which does not cover stage 1 init's PATH as all executables are put
under /bin/.
Fix util-linux's `mount` usage by symlinking /sbin to it.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Consider ZFS filesystems meant to be mounted with zfs.mount(8), e.g.
```
config.fileSystems."/media".options = [ "zfsutil" ];
config.fileSystems."/nix".options = [ "zfsutil" ];
```
`zfsutil` uses dataset properties as mount options such that zfsprops(7)
do not have to be duplicated in fstab(5) entries or manual mount(8)
invocations.
Given the example configuation above, /media is correctly mounted with
`setuid=off` translated into `nosuid`:
```
$ zfs get -Ho value setuid /media
off
$ findmnt -t zfs -no options /media
rw,nosuid,nodev,noexec,noatime,xattr,posixacl
```
/nix however was mounted with default mount(8) options:
```
$ zfs get -Ho value setuid /nix
off
$ findmnt -t zfs -no options /nix
rw,relatime,xattr,noacl
```
This holds true for all other ZFS properties/mount options, including
`exec/[no]exec`, `devices/[no]dev`, `atime/[no]atime`, etc.
/nix is mounted using BusyBox's `mount` during stage 1 init while /media
is mounted later using proper systemd and/or util-linux's `mount`.
Tracing stage 1 init showed that BusyBox never tried to execute
mount.zfs(8) as intended by `zfsutil`.
Replacing it with util-linux's `mount` and adding the mount helper
showed attempts to execute mount.zfs(8).
Ensure ZFS filesystems are mounted with correct options iff `zfsutil` is
used.
|