From 93c160fabc0e3b5fb3d997c840ef86a68f4bce00 Mon Sep 17 00:00:00 2001 From: Svein Ove Aas Date: Mon, 6 Jun 2016 11:51:51 +0100 Subject: systemd: Set KillUserProcesses=no in logind.conf Full discussion at https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=825394 NixOS is even more of a server OS than Debian, and I can think of no reason to make users jump through this sort of hoop. --- nixos/modules/system/boot/systemd.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'nixos/modules/system/boot') diff --git a/nixos/modules/system/boot/systemd.nix b/nixos/modules/system/boot/systemd.nix index 076bbca850d9..3d8f29c80f95 100644 --- a/nixos/modules/system/boot/systemd.nix +++ b/nixos/modules/system/boot/systemd.nix @@ -669,6 +669,7 @@ in "systemd/logind.conf".text = '' [Login] + KillUserProcesses=no ${config.services.logind.extraConfig} ''; -- cgit 1.4.1 From a31e07fc112c1c9b00b748a85f76a4c4c203a03d Mon Sep 17 00:00:00 2001 From: Alexander Ried Date: Sun, 26 Jun 2016 22:58:04 +0200 Subject: modules.resolved: Enhance by upstream options (#15897) --- nixos/modules/system/boot/resolved.nix | 67 ++++++++++++++++++++++++++++++++-- 1 file changed, 64 insertions(+), 3 deletions(-) (limited to 'nixos/modules/system/boot') diff --git a/nixos/modules/system/boot/resolved.nix b/nixos/modules/system/boot/resolved.nix index 5a98b9b6d480..4b7c545dcc0d 100644 --- a/nixos/modules/system/boot/resolved.nix +++ b/nixos/modules/system/boot/resolved.nix @@ -1,7 +1,9 @@ { config, lib, pkgs, ... }: with lib; - +let + cfg = config.services.resolved; +in { options = { @@ -14,9 +16,60 @@ with lib; ''; }; + services.resolved.fallbackDns = mkOption { + default = [ ]; + example = [ "8.8.8.8" "2001:4860:4860::8844" ]; + type = types.listOf types.str; + description = '' + A list of IPv4 and IPv6 addresses to use as the fallback DNS servers. + If this option is empty, a compiled-in list of DNS servers is used instead. + ''; + }; + + services.resolved.domains = mkOption { + default = config.networking.search; + example = [ "example.com" ]; + type = types.listOf types.str; + description = '' + A list of domains. These domains are used as search suffixes when resolving single-label host names (domain names which contain no dot), in order to qualify them into fully-qualified domain names (FQDNs). + For compatibility reasons, if this setting is not specified, the search domains listed in /etc/resolv.conf are used instead, if that file exists and any domains are configured in it. + ''; + }; + + services.resolved.llmnr = mkOption { + default = "true"; + example = "false"; + type = types.enum [ "true" "resolve" "false" ]; + description = '' + Controls Link-Local Multicast Name Resolution support (RFC 4794) on the local host. + If true, enables full LLMNR responder and resolver support. + If false, disables both. + If set to "resolve", only resolution support is enabled, but responding is disabled. + ''; + }; + + services.resolved.dnssec = mkOption { + default = "allow-downgrade"; + example = "true"; + type = types.enum [ "true" "allow-downgrade" "false" ]; + description = '' + If true all DNS lookups are DNSSEC-validated locally (excluding LLMNR and Multicast DNS). Note that this mode requires a DNS server that supports DNSSEC. If the DNS server does not properly support DNSSEC all validations will fail. + If set to "allow-downgrade" DNSSEC validation is attempted, but if the server does not support DNSSEC properly, DNSSEC mode is automatically disabled. Note that this mode makes DNSSEC validation vulnerable to "downgrade" attacks, where an attacker might be able to trigger a downgrade to non-DNSSEC mode by synthesizing a DNS response that suggests DNSSEC was not supported. + If set to false, DNS lookups are not DNSSEC validated. + ''; + }; + + services.resolved.extraConfig = mkOption { + default = ""; + type = types.lines; + description = '' + Extra config to append to resolved.conf. + ''; + }; + }; - config = mkIf config.services.resolved.enable { + config = mkIf cfg.enable { systemd.additionalUpstreamSystemUnits = [ "systemd-resolved.service" ]; @@ -27,7 +80,15 @@ with lib; environment.etc."systemd/resolved.conf".text = '' [Resolve] - DNS=${concatStringsSep " " config.networking.nameservers} + ${optionalString (config.networking.nameservers != []) + "DNS=${concatStringsSep " " config.networking.nameservers}"} + ${optionalString (cfg.fallbackDns != []) + "FallbackDNS=${concatStringsSep " " cfg.fallbackDns}"} + ${optionalString (cfg.domains != []) + "Domains=${concatStringsSep " " cfg.domains}"} + LLMNR=${cfg.llmnr} + DNSSEC=${cfg.dnssec} + ${config.services.resolved.extraConfig} ''; }; -- cgit 1.4.1 From 86dfaafad26cc09d518b7c493f0cb09c98a16b3f Mon Sep 17 00:00:00 2001 From: Guillaume Maudoux Date: Tue, 28 Jun 2016 09:02:44 +0200 Subject: systemd-logind: reload when logind.conf changed --- nixos/modules/system/boot/systemd.nix | 2 ++ 1 file changed, 2 insertions(+) (limited to 'nixos/modules/system/boot') diff --git a/nixos/modules/system/boot/systemd.nix b/nixos/modules/system/boot/systemd.nix index 3d8f29c80f95..b7c09d2e4bfa 100644 --- a/nixos/modules/system/boot/systemd.nix +++ b/nixos/modules/system/boot/systemd.nix @@ -794,6 +794,8 @@ in systemd.services.systemd-remount-fs.restartIfChanged = false; systemd.services.systemd-update-utmp.restartIfChanged = false; systemd.services.systemd-user-sessions.restartIfChanged = false; # Restart kills all active sessions. + systemd.services.systemd-logind.restartTriggers = [ config.environment.etc."systemd/logind.conf".source ]; + systemd.services.systemd-logind.stopIfChanged = false; systemd.targets.local-fs.unitConfig.X-StopOnReconfiguration = true; systemd.targets.remote-fs.unitConfig.X-StopOnReconfiguration = true; systemd.services.systemd-binfmt.wants = [ "proc-sys-fs-binfmt_misc.automount" ]; -- cgit 1.4.1 From aeb516c741a1156a66acafa14322b47c63cfd709 Mon Sep 17 00:00:00 2001 From: Bjørn Forsman Date: Tue, 5 Jul 2016 23:40:35 +0200 Subject: nixos/grub: change state file device separator from ':' to ',' ':' is currently used as separator in /boot/grub/state for the list of devices GRUB should be installed to. The problem is that ':' itself may appear in a device path: /dev/disk/by-id/usb-SanDisk_Cruzer_20043512300546C0B317-0:0 With such a path, NixOS will install GRUB *every* time, because it thinks the configuration differs from the state file (due to the wrong list split). Fix it by using ',' as separator. For existing systems with GRUB installed on multiple devices, this change means that GRUB will be installed one extra time. --- nixos/modules/system/boot/loader/grub/install-grub.pl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'nixos/modules/system/boot') diff --git a/nixos/modules/system/boot/loader/grub/install-grub.pl b/nixos/modules/system/boot/loader/grub/install-grub.pl index b8ef02da4bc2..94d87b436065 100644 --- a/nixos/modules/system/boot/loader/grub/install-grub.pl +++ b/nixos/modules/system/boot/loader/grub/install-grub.pl @@ -501,7 +501,7 @@ sub getEfiTarget { my @deviceTargets = getDeviceTargets(); my $efiTarget = getEfiTarget(); my $prevGrubState = readGrubState(); -my @prevDeviceTargets = split/:/, $prevGrubState->devices; +my @prevDeviceTargets = split/,/, $prevGrubState->devices; my $devicesDiffer = scalar (List::Compare->new( '-u', '-a', \@deviceTargets, \@prevDeviceTargets)->get_symmetric_difference()); my $nameDiffer = get("fullName") ne $prevGrubState->name; @@ -549,7 +549,7 @@ if ($requireNewInstall != 0) { print FILE get("fullName"), "\n" or die; print FILE get("fullVersion"), "\n" or die; print FILE $efiTarget, "\n" or die; - print FILE join( ":", @deviceTargets ), "\n" or die; + print FILE join( ",", @deviceTargets ), "\n" or die; print FILE $efiSysMountPoint, "\n" or die; close FILE or die; } -- cgit 1.4.1 From 931706cdc129dc27a2948114de9f8aaa2c12d33f Mon Sep 17 00:00:00 2001 From: Tuomas Tynkkynen Date: Sun, 10 Jul 2016 03:00:08 +0300 Subject: extlinux-conf-builder: Choose whether to use DTBs on per-generation basis Previously, the value from stdenv.platform.kernelDTB was used. That doesn't work well if both kinds (DTB and non-DTB) of generations exist in the system profile. --- .../loader/generic-extlinux-compatible/extlinux-conf-builder.nix | 1 - .../loader/generic-extlinux-compatible/extlinux-conf-builder.sh | 9 +++++---- 2 files changed, 5 insertions(+), 5 deletions(-) (limited to 'nixos/modules/system/boot') diff --git a/nixos/modules/system/boot/loader/generic-extlinux-compatible/extlinux-conf-builder.nix b/nixos/modules/system/boot/loader/generic-extlinux-compatible/extlinux-conf-builder.nix index c5c250c14cea..576a07c1d272 100644 --- a/nixos/modules/system/boot/loader/generic-extlinux-compatible/extlinux-conf-builder.nix +++ b/nixos/modules/system/boot/loader/generic-extlinux-compatible/extlinux-conf-builder.nix @@ -5,5 +5,4 @@ pkgs.substituteAll { isExecutable = true; path = [pkgs.coreutils pkgs.gnused pkgs.gnugrep]; inherit (pkgs) bash; - kernelDTB = pkgs.stdenv.platform.kernelDTB or false; } diff --git a/nixos/modules/system/boot/loader/generic-extlinux-compatible/extlinux-conf-builder.sh b/nixos/modules/system/boot/loader/generic-extlinux-compatible/extlinux-conf-builder.sh index 78a8e8fd658c..c780a89b102c 100644 --- a/nixos/modules/system/boot/loader/generic-extlinux-compatible/extlinux-conf-builder.sh +++ b/nixos/modules/system/boot/loader/generic-extlinux-compatible/extlinux-conf-builder.sh @@ -75,9 +75,10 @@ addEntry() { copyToKernelsDir "$path/kernel"; kernel=$result copyToKernelsDir "$path/initrd"; initrd=$result - if [ -n "@kernelDTB@" ]; then - # XXX UGLY: maybe the system config should have a top-level "dtbs" entry? - copyToKernelsDir $(readlink -m "$path/kernel/../dtbs"); dtbs=$result + # XXX UGLY: maybe the system config should have a top-level "dtbs" entry? + dtbDir=$(readlink -m "$path/kernel/../dtbs") + if [ -d "$dtbDir" ]; then + copyToKernelsDir "$dtbDir"; dtbs=$result fi timestampEpoch=$(stat -L -c '%Z' $path) @@ -95,7 +96,7 @@ addEntry() { fi echo " LINUX ../nixos/$(basename $kernel)" echo " INITRD ../nixos/$(basename $initrd)" - if [ -n "@kernelDTB@" ]; then + if [ -d "$dtbDir" ]; then echo " FDTDIR ../nixos/$(basename $dtbs)" fi echo " APPEND systemConfig=$path init=$path/init $extraParams" -- cgit 1.4.1 From b187c869f4cf3d8daf052a8d21207a806638ddc4 Mon Sep 17 00:00:00 2001 From: Jookia <166291@gmail.com> Date: Sun, 10 Jul 2016 10:45:18 +1000 Subject: systemd-coredump: Add systemd service and fix sysctl pattern. --- nixos/modules/system/boot/coredump.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'nixos/modules/system/boot') diff --git a/nixos/modules/system/boot/coredump.nix b/nixos/modules/system/boot/coredump.nix index 793c7515c761..b27a35b6257d 100644 --- a/nixos/modules/system/boot/coredump.nix +++ b/nixos/modules/system/boot/coredump.nix @@ -36,6 +36,8 @@ with lib; config = mkMerge [ (mkIf config.systemd.coredump.enable { + systemd.additionalUpstreamSystemUnits = [ "systemd-coredump.socket" "systemd-coredump@.service" ]; + environment.etc."systemd/coredump.conf".text = '' [Coredump] @@ -45,7 +47,7 @@ with lib; # Have the kernel pass core dumps to systemd's coredump helper binary. # From systemd's 50-coredump.conf file. See: # - boot.kernel.sysctl."kernel.core_pattern" = "|${pkgs.systemd}/lib/systemd/systemd-coredump %p %u %g %s %t %e"; + boot.kernel.sysctl."kernel.core_pattern" = "|${pkgs.systemd}/lib/systemd/systemd-coredump %P %u %g %s %t %c %e"; }) (mkIf (!config.systemd.coredump.enable) { -- cgit 1.4.1 From 2eb8aab42cf8623704904b41f4ffe9783bad7b07 Mon Sep 17 00:00:00 2001 From: Bjørn Forsman Date: Wed, 6 Jul 2016 18:50:05 +0200 Subject: nixos/systemd: disable timer units with service A disabled systemd service with a "startAt" attribute, like this: systemd.services.foo-service = { enable = false; startAt = "*-*-* 05:15:00"; ... }; will cause the following errors in the system journal: systemd[1]: foo-service.timer: Refusing to start, unit to trigger not loaded. systemd[1]: Failed to start foo-service.timer. Fix it by not generating the corresponding timer unit when the service is disabled. --- nixos/modules/system/boot/systemd.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'nixos/modules/system/boot') diff --git a/nixos/modules/system/boot/systemd.nix b/nixos/modules/system/boot/systemd.nix index b7c09d2e4bfa..5c8cce5066af 100644 --- a/nixos/modules/system/boot/systemd.nix +++ b/nixos/modules/system/boot/systemd.nix @@ -764,7 +764,7 @@ in { wantedBy = [ "timers.target" ]; timerConfig.OnCalendar = service.startAt; }) - (filterAttrs (name: service: service.startAt != "") cfg.services); + (filterAttrs (name: service: service.enable && service.startAt != "") cfg.services); # Generate timer units for all services that have a ‘startAt’ value. systemd.user.timers = -- cgit 1.4.1 From 90ad879753c476154e65667f8dec12cf5a6c89d4 Mon Sep 17 00:00:00 2001 From: Nikolay Amiantov Date: Wed, 6 Jul 2016 22:54:08 +0300 Subject: nixos stage-1: unconditionally mount /dev/pts --- nixos/modules/system/boot/initrd-ssh.nix | 3 --- nixos/modules/system/boot/stage-1-init.sh | 2 ++ 2 files changed, 2 insertions(+), 3 deletions(-) (limited to 'nixos/modules/system/boot') diff --git a/nixos/modules/system/boot/initrd-ssh.nix b/nixos/modules/system/boot/initrd-ssh.nix index 3e2805a8c341..d0a4ce51148f 100644 --- a/nixos/modules/system/boot/initrd-ssh.nix +++ b/nixos/modules/system/boot/initrd-ssh.nix @@ -100,9 +100,6 @@ in ''; boot.initrd.network.postCommands = '' - mkdir /dev/pts - mount -t devpts devpts /dev/pts - echo '${cfg.shell}' > /etc/shells echo 'root:x:0:0:root:/root:${cfg.shell}' > /etc/passwd echo 'passwd: files' > /etc/nsswitch.conf diff --git a/nixos/modules/system/boot/stage-1-init.sh b/nixos/modules/system/boot/stage-1-init.sh index 9bffcd31b9b4..055ad2e3e844 100644 --- a/nixos/modules/system/boot/stage-1-init.sh +++ b/nixos/modules/system/boot/stage-1-init.sh @@ -70,6 +70,8 @@ mount -t sysfs sysfs /sys mount -t devtmpfs -o "size=@devSize@" devtmpfs /dev mkdir -p /run mount -t tmpfs -o "mode=0755,size=@runSize@" tmpfs /run +mkdir /dev/pts +mount -t devpts devpts /dev/pts # Log the script output to /dev/kmsg or /run/log/stage-1-init.log. mkdir -p /tmp -- cgit 1.4.1 From bd0ab027c1c83eb7c26ed50bcf0d77da0c31a1d8 Mon Sep 17 00:00:00 2001 From: Nikolay Amiantov Date: Wed, 6 Jul 2016 22:56:21 +0300 Subject: nixos stage-1: recursively process binaries and libraries --- nixos/modules/system/boot/stage-1.nix | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) (limited to 'nixos/modules/system/boot') diff --git a/nixos/modules/system/boot/stage-1.nix b/nixos/modules/system/boot/stage-1.nix index 5e6554324ca4..d031b8a2751b 100644 --- a/nixos/modules/system/boot/stage-1.nix +++ b/nixos/modules/system/boot/stage-1.nix @@ -81,9 +81,9 @@ let # Copy ld manually since it isn't detected correctly cp -pv ${pkgs.glibc.out}/lib/ld*.so.? $out/lib - # Copy all of the needed libraries for the binaries - for BIN in $(find $out/{bin,sbin} -type f); do - echo "Copying libs for bin $BIN" + # Copy all of the needed libraries + find $out/bin $out/lib -type f | while read BIN; do + echo "Copying libs for executable $BIN" LDD="$(ldd $BIN)" || continue LIBS="$(echo "$LDD" | awk '{print $3}' | sed '/^$/d')" for LIB in $LIBS; do @@ -104,13 +104,17 @@ let stripDirs "lib bin" "-s" # Run patchelf to make the programs refer to the copied libraries. - for i in $out/bin/* $out/lib/*; do if ! test -L $i; then nuke-refs -e $out $i; fi; done + find $out/bin $out/lib -type f | while read i; do + if ! test -L $i; then + nuke-refs -e $out $i + fi + done - for i in $out/bin/*; do - if ! test -L $i; then - echo "patching $i..." - patchelf --set-interpreter $out/lib/ld*.so.? --set-rpath $out/lib $i || true - fi + find $out/bin -type f | while read i; do + if ! test -L $i; then + echo "patching $i..." + patchelf --set-interpreter $out/lib/ld*.so.? --set-rpath $out/lib $i || true + fi done # Make sure that the patchelf'ed binaries still work. -- cgit 1.4.1 From e02b5ace0b70341647ac464c1b19c2da14068147 Mon Sep 17 00:00:00 2001 From: Nikolay Amiantov Date: Wed, 6 Jul 2016 22:56:43 +0300 Subject: nixos stage-1: guard udevRules from extra references --- nixos/modules/system/boot/stage-1.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'nixos/modules/system/boot') diff --git a/nixos/modules/system/boot/stage-1.nix b/nixos/modules/system/boot/stage-1.nix index d031b8a2751b..54c3a50c2e6c 100644 --- a/nixos/modules/system/boot/stage-1.nix +++ b/nixos/modules/system/boot/stage-1.nix @@ -142,6 +142,7 @@ let udevRules = pkgs.stdenv.mkDerivation { name = "udev-rules"; + allowedReferences = [ extraUtils ]; buildCommand = '' mkdir -p $out -- cgit 1.4.1 From 3508918da2e9e18640aa12214a54940f9aa70f49 Mon Sep 17 00:00:00 2001 From: Nikolay Amiantov Date: Wed, 6 Jul 2016 22:56:59 +0300 Subject: nixos stage-1: replace udevadm in udevRules --- nixos/modules/system/boot/stage-1.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'nixos/modules/system/boot') diff --git a/nixos/modules/system/boot/stage-1.nix b/nixos/modules/system/boot/stage-1.nix index 54c3a50c2e6c..56a9c38b8f2b 100644 --- a/nixos/modules/system/boot/stage-1.nix +++ b/nixos/modules/system/boot/stage-1.nix @@ -165,7 +165,8 @@ let --replace /sbin/mdadm ${extraUtils}/bin/mdadm \ --replace /bin/sh ${extraUtils}/bin/sh \ --replace /usr/bin/readlink ${extraUtils}/bin/readlink \ - --replace /usr/bin/basename ${extraUtils}/bin/basename + --replace /usr/bin/basename ${extraUtils}/bin/basename \ + --replace ${udev}/bin/udevadm ${extraUtils}/bin/udevadm done # Work around a bug in QEMU, which doesn't implement the "READ -- cgit 1.4.1 From d3e3e643cbcaf423f9595abd0e791cda51dfdc07 Mon Sep 17 00:00:00 2001 From: Nikolay Amiantov Date: Wed, 6 Jul 2016 22:57:14 +0300 Subject: nixos stage-1: set extraUtils variable --- nixos/modules/system/boot/stage-1-init.sh | 1 + 1 file changed, 1 insertion(+) (limited to 'nixos/modules/system/boot') diff --git a/nixos/modules/system/boot/stage-1-init.sh b/nixos/modules/system/boot/stage-1-init.sh index 055ad2e3e844..d4277ebd80cf 100644 --- a/nixos/modules/system/boot/stage-1-init.sh +++ b/nixos/modules/system/boot/stage-1-init.sh @@ -3,6 +3,7 @@ targetRoot=/mnt-root console=tty1 +extraUtils="@extraUtils@" export LD_LIBRARY_PATH=@extraUtils@/lib export PATH=@extraUtils@/bin ln -s @extraUtils@/bin /bin -- cgit 1.4.1 From a2d4235fe13292c7dce2e71963d0ed0f9c204436 Mon Sep 17 00:00:00 2001 From: Nikolay Amiantov Date: Wed, 6 Jul 2016 23:00:44 +0300 Subject: plymouth service: init --- nixos/modules/module-list.nix | 1 + nixos/modules/system/boot/plymouth.nix | 129 +++++++++++++++++++++++++++++++++ 2 files changed, 130 insertions(+) create mode 100644 nixos/modules/system/boot/plymouth.nix (limited to 'nixos/modules/system/boot') diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index be72c0ef29c0..33ce19dd6528 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -522,6 +522,7 @@ ./system/boot/luksroot.nix ./system/boot/modprobe.nix ./system/boot/networkd.nix + ./system/boot/plymouth.nix ./system/boot/resolved.nix ./system/boot/shutdown.nix ./system/boot/stage-1.nix diff --git a/nixos/modules/system/boot/plymouth.nix b/nixos/modules/system/boot/plymouth.nix new file mode 100644 index 000000000000..82c1032937c6 --- /dev/null +++ b/nixos/modules/system/boot/plymouth.nix @@ -0,0 +1,129 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + + inherit (pkgs) plymouth; + + cfg = config.boot.plymouth; + + themesEnv = pkgs.buildEnv { + name = "plymouth-themes"; + paths = [ plymouth ] ++ cfg.themePackages; + }; + + configFile = pkgs.writeText "plymouthd.conf" '' + [Daemon] + ShowDelay=0 + Theme=${cfg.theme} + ''; + +in + +{ + + options = { + + boot.plymouth = { + + enable = mkEnableOption "Plymouth boot splash screen"; + + themePackages = mkOption { + default = []; + type = types.listOf types.package; + description = '' + Extra theme packages for plymouth. + ''; + }; + + theme = mkOption { + default = "fade-in"; + type = types.str; + description = '' + Splash screen theme. + ''; + }; + + logo = mkOption { + type = types.path; + default = pkgs.fetchurl { + url = "https://nixos.org/logo/nixos-hires.png"; + sha256 = "1ivzgd7iz0i06y36p8m5w48fd8pjqwxhdaavc0pxs7w1g7mcy5si"; + }; + description = '' + Logo which is displayed on the splash screen. + ''; + }; + + }; + + }; + + config = mkIf cfg.enable { + + boot.kernelParams = [ "splash" ]; + + # To be discoverable by systemd. + environment.systemPackages = [ plymouth ]; + + environment.etc."plymouth/plymouthd.conf".source = configFile; + environment.etc."plymouth/plymouthd.defaults".source = "${plymouth}/share/plymouth/plymouth.defaults"; + environment.etc."plymouth/logo.png".source = cfg.logo; + environment.etc."plymouth/themes".source = "${themesEnv}/share/plymouth/themes"; + # XXX: Needed because we supply a different set of plugins in initrd. + environment.etc."plymouth/plugins".source = "${plymouth}/lib/plymouth"; + + systemd.packages = [ plymouth ]; + + systemd.services.plymouth-kexec.wantedBy = [ "kexec.target" ]; + systemd.services.plymouth-halt.wantedBy = [ "halt.target" ]; + systemd.services.plymouth-quit = { + wantedBy = [ "multi-user.target" ]; + after = [ "display-manager.service" "multi-user.target" ]; + }; + systemd.services.plymouth-poweroff.wantedBy = [ "poweroff.target" ]; + systemd.services.plymouth-reboot.wantedBy = [ "reboot.target" ]; + systemd.services.plymouth-read-write.wantedBy = [ "sysinit.target" ]; + + boot.initrd.extraUtilsCommands = '' + copy_bin_and_libs ${pkgs.plymouth}/bin/plymouthd + copy_bin_and_libs ${pkgs.plymouth}/bin/plymouth + + moduleName="$(sed -n 's,ModuleName *= *,,p' ${themesEnv}/share/plymouth/themes/${cfg.theme}/${cfg.theme}.plymouth)" + + mkdir -p $out/lib/plymouth/renderers + cp ${plymouth}/lib/plymouth/{text,details,$moduleName}.so $out/lib/plymouth + cp ${plymouth}/lib/plymouth/renderers/{drm,frame-buffer}.so $out/lib/plymouth/renderers + + mkdir -p $out/share/plymouth/themes + cp ${plymouth}/share/plymouth/plymouthd.defaults $out/share/plymouth + cp -r ${themesEnv}/share/plymouth/themes/{text,details,${cfg.theme}} $out/share/plymouth/themes + cp ${cfg.logo} $out/share/plymouth/logo.png + ''; + + boot.initrd.extraUtilsCommandsTest = '' + $out/bin/plymouthd --help >/dev/null + $out/bin/plymouth --help >/dev/null + ''; + + boot.initrd.extraUdevRulesCommands = '' + cp ${config.systemd.package}/lib/udev/rules.d/{70-uaccess,71-seat}.rules $out + sed -i '/loginctl/d' $out/71-seat.rules + ''; + + boot.initrd.preLVMCommands = mkAfter '' + mkdir -p /etc/plymouth + ln -s ${configFile} /etc/plymouth/plymouthd.conf + ln -s $extraUtils/share/plymouth/plymouthd.defaults /etc/plymouth/plymouthd.defaults + ln -s $extraUtils/share/plymouth/logo.png /etc/plymouth/logo.png + ln -s $extraUtils/share/plymouth/themes /etc/plymouth/themes + ln -s $extraUtils/lib/plymouth /etc/plymouth/plugins + + plymouthd --mode=boot --pid-file=/run/plymouth/pid --attach-to-session + plymouth --show-splash + ''; + + }; + +} -- cgit 1.4.1 From c69c76ca7efecba24aba555c2a03f933997d1fd5 Mon Sep 17 00:00:00 2001 From: Nikolay Amiantov Date: Thu, 7 Jul 2016 00:44:02 +0300 Subject: nixos stage-1: try to quit plymouth if started on failure --- nixos/modules/system/boot/luksroot.nix | 26 ++++++++++++++++++++++---- nixos/modules/system/boot/stage-1-init.sh | 3 +++ 2 files changed, 25 insertions(+), 4 deletions(-) (limited to 'nixos/modules/system/boot') diff --git a/nixos/modules/system/boot/luksroot.nix b/nixos/modules/system/boot/luksroot.nix index 8dad09c89207..15881b6d3714 100644 --- a/nixos/modules/system/boot/luksroot.nix +++ b/nixos/modules/system/boot/luksroot.nix @@ -36,7 +36,7 @@ let ${optionalString (header != null) "--header=${header}"} \ ${optionalString (keyFile != null) "--key-file=${keyFile} ${optionalString (keyFileSize != null) "--keyfile-size=${toString keyFileSize}"}"} \ > /.luksopen_args - cryptsetup-askpass + get_password "Enter LUKS Passphrase" cryptsetup-askpass rm /.luksopen_args } @@ -78,9 +78,7 @@ let for try in $(seq 3); do ${optionalString yubikey.twoFactor '' - echo -n "Enter two-factor passphrase: " - read -s k_user - echo + k_user="$(get_password "Enter two-factor passphrase" cat)" ''} if [ ! -z "$k_user" ]; then @@ -463,6 +461,26 @@ in ''} ''; + boot.initrd.preDeviceCommands = '' + get_password() { + local ret + local reply + local tty_stat + + tty_stat="$(stty -g)" + stty -echo + for i in `seq 1 3`; do + echo -n "$1: " + read reply + echo "$reply" | "$2" + if [ "$?" = "0" ]; then + break + fi + done + stty "$tty_stat" + } + ''; + boot.initrd.preLVMCommands = concatStrings (mapAttrsToList openCommand preLVM); boot.initrd.postDeviceCommands = concatStrings (mapAttrsToList openCommand postLVM); diff --git a/nixos/modules/system/boot/stage-1-init.sh b/nixos/modules/system/boot/stage-1-init.sh index d4277ebd80cf..6b1bf0b3e028 100644 --- a/nixos/modules/system/boot/stage-1-init.sh +++ b/nixos/modules/system/boot/stage-1-init.sh @@ -14,6 +14,9 @@ export LVM_SUPPRESS_FD_WARNINGS=true fail() { if [ -n "$panicOnFail" ]; then exit 1; fi + # If we have a splash screen started, quit it. + command -v plymouth >/dev/null 2>&1 && plymouth quit + # If starting stage 2 failed, allow the user to repair the problem # in an interactive shell. cat <