From f26153754a1b6ac0d72adde9c75e1473463b4dbb Mon Sep 17 00:00:00 2001 From: Ambroz Bizjak Date: Sat, 30 Jun 2018 09:33:45 +0200 Subject: nixos/xserver: Implement configuration of NVIDIA Optimus via PRIME This adds configuration options which automate the configuration of NVIDIA Optimus using PRIME. This allows using the NVIDIA proprietary driver on Optimus laptops, in order to render using the NVIDIA GPU while outputting to displays connected only to the integrated Intel GPU. It also adds an option for enabling kernel modesetting for the NVIDIA driver (via a kernel command line flag); this is particularly useful together with Optimus/PRIME because it fixes tearing on PRIME-connected screens. The user still needs to enable the Optimus/PRIME feature and specify the bus IDs of the Intel and NVIDIA GPUs, but this is still much easier for users and more reliable. The implementation handles both the X configuration file as well as getting display managers to run certain necessary `xrandr` commands just after X has started. Configuration of commands run after X startup is done using a new configuration option `services.xserver.displayManager.setupCommands`. Support for this option is implemented for LightDM, GDM and SDDM; all of these have been tested with this feature including logging into a Plasma session. Note: support of `setupCommands` for GDM is implemented by making GDM run the session executable via a wrapper; the wrapper will run the `setupCommands` before execing. This seemed like the simplest and most reliable approach, and solves running these commands both for GDM's X server and user X servers (GDM starts separate X servers for itself and user sessions). An alternative approach would be with autostart files but that seems harder to set up and less reliable. Note that some simple features for X configuration file generation (in `xserver.nix`) are added which are used in the implementation: - `services.xserver.extraConfig`: Allows adding arbitrary new sections. This is used to add the Device section for the Intel GPU. - `deviceSection` and `screenSection` within `services.xserver.drivers`. This allows the nvidia configuration module to add additional contents into the `Device` and `Screen` sections of the "nvidia" driver, and not into such sections for other drivers that may be enabled. --- nixos/modules/hardware/video/nvidia.nix | 120 ++++++++++++++++++++- .../services/x11/display-managers/default.nix | 11 ++ .../modules/services/x11/display-managers/gdm.nix | 12 +++ .../services/x11/display-managers/lightdm.nix | 6 ++ .../modules/services/x11/display-managers/sddm.nix | 4 +- nixos/modules/services/x11/xserver.nix | 10 ++ 6 files changed, 158 insertions(+), 5 deletions(-) (limited to 'nixos') diff --git a/nixos/modules/hardware/video/nvidia.nix b/nixos/modules/hardware/video/nvidia.nix index eb1952280331..6944d1a4f76b 100644 --- a/nixos/modules/hardware/video/nvidia.nix +++ b/nixos/modules/hardware/video/nvidia.nix @@ -26,9 +26,73 @@ let nvidia_libs32 = (nvidiaForKernel pkgs_i686.linuxPackages).override { libsOnly = true; kernel = null; }; enabled = nvidia_x11 != null; + + cfg = config.hardware.nvidia; + optimusCfg = cfg.optimus_prime; in { + options = { + hardware.nvidia.modesetting.enable = lib.mkOption { + type = lib.types.bool; + default = false; + description = '' + Enable kernel modesetting when using the NVIDIA proprietary driver. + + Enabling this fixes screen tearing when using Optimus via PRIME (see + . This is not enabled + by default because it is not officially supported by NVIDIA and would not + work with SLI. + ''; + }; + + hardware.nvidia.optimus_prime.enable = lib.mkOption { + type = lib.types.bool; + default = false; + description = '' + Enable NVIDIA Optimus support using the NVIDIA proprietary driver via PRIME. + If enabled, the NVIDIA GPU will be always on and used for all rendering, + while enabling output to displays attached only to the integrated Intel GPU + without a multiplexer. + + Note that this option only has any effect if the "nvidia" driver is specified + in , and it should preferably + be the only driver there. + + If this is enabled, then the bus IDs of the NVIDIA and Intel GPUs have to be + specified ( and + ). + + If you enable this, you may want to also enable kernel modesetting for the + NVIDIA driver () in order + to prevent tearing. + + Note that this configuration will only be successful when a display manager + for which the + option is supported is used; notably, SLiM is not supported. + ''; + }; + + hardware.nvidia.optimus_prime.nvidiaBusId = lib.mkOption { + type = lib.types.string; + default = ""; + example = "PCI:1:0:0"; + description = '' + Bus ID of the NVIDIA GPU. You can find it using lspci; for example if lspci + shows the NVIDIA GPU at "01:00.0", set this option to "PCI:1:0:0". + ''; + }; + + hardware.nvidia.optimus_prime.intelBusId = lib.mkOption { + type = lib.types.string; + default = ""; + example = "PCI:0:2:0"; + description = '' + Bus ID of the Intel GPU. You can find it using lspci; for example if lspci + shows the Intel GPU at "00:02.0", set this option to "PCI:0:2:0". + ''; + }; + }; config = mkIf enabled { assertions = [ @@ -36,16 +100,62 @@ in assertion = config.services.xserver.displayManager.gdm.wayland; message = "NVidia drivers don't support wayland"; } + { + assertion = !optimusCfg.enable || + (optimusCfg.nvidiaBusId != "" && optimusCfg.intelBusId != ""); + message = '' + When NVIDIA Optimus via PRIME is enabled, the GPU bus IDs must configured. + ''; + } ]; - services.xserver.drivers = singleton - { name = "nvidia"; modules = [ nvidia_x11.bin ]; libPath = [ nvidia_x11 ]; }; + # If Optimus/PRIME is enabled, we: + # - Specify the configured NVIDIA GPU bus ID in the Device section for the + # "nvidia" driver. + # - Add the AllowEmptyInitialConfiguration option to the Screen section for the + # "nvidia" driver, in order to allow the X server to start without any outputs. + # - Add a separate Device section for the Intel GPU, using the "modesetting" + # driver and with the configured BusID. + # - Reference that Device section from the ServerLayout section as an inactive + # device. + # - Configure the display manager to run specific `xrandr` commands which will + # configure/enable displays connected to the Intel GPU. + + services.xserver.drivers = singleton { + name = "nvidia"; + modules = [ nvidia_x11.bin ]; + libPath = [ nvidia_x11 ]; + deviceSection = optionalString optimusCfg.enable + '' + BusID "${optimusCfg.nvidiaBusId}" + ''; + screenSection = + '' + Option "RandRRotation" "on" + ${optionalString optimusCfg.enable "Option \"AllowEmptyInitialConfiguration\""} + ''; + }; - services.xserver.screenSection = + services.xserver.extraConfig = optionalString optimusCfg.enable + '' + Section "Device" + Identifier "nvidia-optimus-intel" + Driver "modesetting" + BusID "${optimusCfg.intelBusId}" + Option "AccelMethod" "none" + EndSection + ''; + services.xserver.serverLayoutSection = optionalString optimusCfg.enable '' - Option "RandRRotation" "on" + Inactive "nvidia-optimus-intel" ''; + services.xserver.displayManager.setupCommands = optionalString optimusCfg.enable '' + # Added by nvidia configuration module for Optimus/PRIME. + ${pkgs.xorg.xrandr}/bin/xrandr --setprovideroutputsource modesetting NVIDIA-0 + ${pkgs.xorg.xrandr}/bin/xrandr --auto + ''; + environment.etc."nvidia/nvidia-application-profiles-rc" = mkIf nvidia_x11.useProfiles { source = "${nvidia_x11.bin}/share/nvidia/nvidia-application-profiles-rc"; }; @@ -62,6 +172,8 @@ in boot.kernelModules = [ "nvidia-uvm" ] ++ lib.optionals config.services.xserver.enable [ "nvidia" "nvidia_modeset" "nvidia_drm" ]; + # If requested enable modesetting via kernel parameter. + boot.kernelParams = optional cfg.modesetting.enable "nvidia-drm.modeset=1"; # Create /dev/nvidia-uvm when the nvidia-uvm module is loaded. services.udev.extraRules = diff --git a/nixos/modules/services/x11/display-managers/default.nix b/nixos/modules/services/x11/display-managers/default.nix index 43ed21c95fee..e337f3af328f 100644 --- a/nixos/modules/services/x11/display-managers/default.nix +++ b/nixos/modules/services/x11/display-managers/default.nix @@ -227,6 +227,17 @@ in description = "List of arguments for the X server."; }; + setupCommands = mkOption { + type = types.lines; + default = ""; + description = '' + Shell commands executed just after the X server has started. + + This option is only effective for display managers for which this feature + is supported; currently these are LightDM, GDM and SDDM. + ''; + }; + sessionCommands = mkOption { type = types.lines; default = ""; diff --git a/nixos/modules/services/x11/display-managers/gdm.nix b/nixos/modules/services/x11/display-managers/gdm.nix index a6a38a21b617..0c6da2d564c6 100644 --- a/nixos/modules/services/x11/display-managers/gdm.nix +++ b/nixos/modules/services/x11/display-managers/gdm.nix @@ -7,6 +7,13 @@ let cfg = config.services.xserver.displayManager; gdm = pkgs.gnome3.gdm; + xSessionWrapper = if (cfg.setupCommands == "") then null else + pkgs.writeScript "gdm-x-session-wrapper" '' + #!${pkgs.bash}/bin/bash + ${cfg.setupCommands} + exec "$@" + ''; + in { @@ -112,6 +119,11 @@ in GDM_SESSIONS_DIR = "${cfg.session.desktops}"; # Find the mouse XCURSOR_PATH = "~/.icons:${pkgs.gnome3.adwaita-icon-theme}/share/icons"; + } // optionalAttrs (xSessionWrapper != null) { + # Make GDM use this wrapper before running the session, which runs the + # configured setupCommands. This relies on a patched GDM which supports + # this environment variable. + GDM_X_SESSION_WRAPPER = "${xSessionWrapper}"; }; execCmd = "exec ${gdm}/bin/gdm"; }; diff --git a/nixos/modules/services/x11/display-managers/lightdm.nix b/nixos/modules/services/x11/display-managers/lightdm.nix index 5beadacdfa93..028d655f8456 100644 --- a/nixos/modules/services/x11/display-managers/lightdm.nix +++ b/nixos/modules/services/x11/display-managers/lightdm.nix @@ -61,6 +61,12 @@ let ${optionalString hasDefaultUserSession '' user-session=${defaultSessionName} ''} + ${optionalString (dmcfg.setupCommands != "") '' + display-setup-script=${pkgs.writeScript "lightdm-display-setup" '' + #!${pkgs.bash}/bin/bash + ${dmcfg.setupCommands} + ''} + ''} ${cfg.extraSeatDefaults} ''; diff --git a/nixos/modules/services/x11/display-managers/sddm.nix b/nixos/modules/services/x11/display-managers/sddm.nix index df782e82ed15..fe97666dc242 100644 --- a/nixos/modules/services/x11/display-managers/sddm.nix +++ b/nixos/modules/services/x11/display-managers/sddm.nix @@ -31,6 +31,7 @@ let rm -fr /var/lib/sddm/.cache/sddm-greeter/qmlcache ${cfg.setupScript} + ${dmcfg.setupCommands} ''; Xstop = pkgs.writeScript "Xstop" '' @@ -148,7 +149,8 @@ in xrandr --auto ''; description = '' - A script to execute when starting the display server. + A script to execute when starting the display server. DEPRECATED, please + use . ''; }; diff --git a/nixos/modules/services/x11/xserver.nix b/nixos/modules/services/x11/xserver.nix index 3048cd02683f..accdf3a5cf8a 100644 --- a/nixos/modules/services/x11/xserver.nix +++ b/nixos/modules/services/x11/xserver.nix @@ -374,6 +374,12 @@ in description = "Contents of the first Monitor section of the X server configuration file."; }; + extraConfig = mkOption { + type = types.lines; + default = ""; + description = "Additional contents (sections) included in the X server configuration file"; + }; + xrandrHeads = mkOption { default = []; example = [ @@ -741,6 +747,7 @@ in Driver "${driver.driverName or driver.name}" ${if cfg.useGlamor then ''Option "AccelMethod" "glamor"'' else ""} ${cfg.deviceSection} + ${driver.deviceSection or ""} ${xrandrDeviceSection} EndSection @@ -752,6 +759,7 @@ in ''} ${cfg.screenSection} + ${driver.screenSection or ""} ${optionalString (cfg.defaultDepth != 0) '' DefaultDepth ${toString cfg.defaultDepth} @@ -781,6 +789,8 @@ in '')} ${xrandrMonitorSections} + + ${cfg.extraConfig} ''; fonts.enableDefaultFonts = mkDefault true; -- cgit 1.4.1 From 3a76bc7a79e18020716ba063dcd1bd8ec11b0790 Mon Sep 17 00:00:00 2001 From: Peter Hoeg Date: Fri, 28 Sep 2018 22:10:03 +0800 Subject: nixos on hyperv: load modules and set video mode --- nixos/modules/virtualisation/hyperv-guest.nix | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) (limited to 'nixos') diff --git a/nixos/modules/virtualisation/hyperv-guest.nix b/nixos/modules/virtualisation/hyperv-guest.nix index ecd2a8117710..d86cb9fe1ab9 100644 --- a/nixos/modules/virtualisation/hyperv-guest.nix +++ b/nixos/modules/virtualisation/hyperv-guest.nix @@ -9,10 +9,33 @@ in { options = { virtualisation.hypervGuest = { enable = mkEnableOption "Hyper-V Guest Support"; + + videoMode = mkOption { + type = types.str; + default = "1152x864"; + example = "1024x768"; + description = '' + Resolution at which to initialize the video adapter. + + Supports screen resolution up to Full HD 1920x1080 with 32 bit color + on Windows Server 2012, and 1600x1200 with 16 bit color on Windows + Server 2008 R2 or earlier. + ''; + }; }; }; config = mkIf cfg.enable { + boot = { + initrd.kernelModules = [ + "hv_balloon" "hv_netvsc" "hv_storvsc" "hv_utils" "hv_vmbus" + ]; + + kernelParams = [ + "video=hyperv_fb:${cfg.videoMode}" + ]; + }; + environment.systemPackages = [ config.boot.kernelPackages.hyperv-daemons.bin ]; security.rngd.enable = false; -- cgit 1.4.1 From ca6d41ae654386562ef7f00ae268e6e9070a3f49 Mon Sep 17 00:00:00 2001 From: Peter Hoeg Date: Fri, 28 Sep 2018 22:10:31 +0800 Subject: nixos-installer: use the hyperv module on hyperv --- nixos/modules/installer/tools/nixos-generate-config.pl | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'nixos') diff --git a/nixos/modules/installer/tools/nixos-generate-config.pl b/nixos/modules/installer/tools/nixos-generate-config.pl index 359caad89a72..b70faa380e54 100644 --- a/nixos/modules/installer/tools/nixos-generate-config.pl +++ b/nixos/modules/installer/tools/nixos-generate-config.pl @@ -277,8 +277,7 @@ if ($virt eq "qemu" || $virt eq "kvm" || $virt eq "bochs") { # Also for Hyper-V. if ($virt eq "microsoft") { - push @initrdAvailableKernelModules, "hv_storvsc"; - $videoDriver = "fbdev"; + push @attrs, "virtualisation.hypervGuest.enable = true;" } -- cgit 1.4.1 From 6e3e136f77b3103a0c3b3fe7578c5864932b649c Mon Sep 17 00:00:00 2001 From: Peter Hoeg Date: Fri, 28 Sep 2018 22:27:52 +0800 Subject: nixos on hyperv: hot-add CPU --- nixos/modules/virtualisation/hyperv-guest.nix | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) (limited to 'nixos') diff --git a/nixos/modules/virtualisation/hyperv-guest.nix b/nixos/modules/virtualisation/hyperv-guest.nix index d86cb9fe1ab9..0f1f052880c5 100644 --- a/nixos/modules/virtualisation/hyperv-guest.nix +++ b/nixos/modules/virtualisation/hyperv-guest.nix @@ -40,12 +40,16 @@ in { security.rngd.enable = false; - # enable hotadding memory + # enable hotadding cpu/memory services.udev.packages = lib.singleton (pkgs.writeTextFile { - name = "hyperv-memory-hotadd-udev-rules"; - destination = "/etc/udev/rules.d/99-hyperv-memory-hotadd.rules"; + name = "hyperv-cpu-and-memory-hotadd-udev-rules"; + destination = "/etc/udev/rules.d/99-hyperv-cpu-and-memory-hotadd.rules"; text = '' - ACTION="add", SUBSYSTEM=="memory", ATTR{state}="online" + # Memory hotadd + SUBSYSTEM=="memory", ACTION=="add", DEVPATH=="/devices/system/memory/memory[0-9]*", TEST=="state", ATTR{state}="online" + + # CPU hotadd + SUBSYSTEM=="cpu", ACTION=="add", DEVPATH=="/devices/system/cpu/cpu[0-9]*", TEST=="online", ATTR{online}="1" ''; }); -- cgit 1.4.1 From f449242e83bd441300f009321157dd308326cfcc Mon Sep 17 00:00:00 2001 From: Jamey Sharp Date: Sat, 29 Sep 2018 10:55:46 -0700 Subject: nixos/systemd: remove activation dependency As far as I can tell, the systemd snippet hasn't depended on groups being initialized since 5d02c02a9bfd6912e4e0f700b1b35e76d1d6bd3f in 2015, when a `setfacl` call was removed. --- nixos/modules/system/boot/systemd.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'nixos') diff --git a/nixos/modules/system/boot/systemd.nix b/nixos/modules/system/boot/systemd.nix index 12e029ae57f8..c96a502a892f 100644 --- a/nixos/modules/system/boot/systemd.nix +++ b/nixos/modules/system/boot/systemd.nix @@ -783,7 +783,7 @@ in services.dbus.enable = true; - system.activationScripts.systemd = stringAfter [ "groups" ] + system.activationScripts.systemd = '' mkdir -m 0755 -p /var/lib/udev -- cgit 1.4.1 From da86afba0d610170993eef053f534afc469269a3 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Sun, 30 Sep 2018 10:59:57 +0200 Subject: nixos/steam-hardware: module init --- nixos/modules/hardware/steam-hardware.nix | 25 +++++++++++++++++++++++++ nixos/modules/module-list.nix | 1 + 2 files changed, 26 insertions(+) create mode 100644 nixos/modules/hardware/steam-hardware.nix (limited to 'nixos') diff --git a/nixos/modules/hardware/steam-hardware.nix b/nixos/modules/hardware/steam-hardware.nix new file mode 100644 index 000000000000..378aeffe71b5 --- /dev/null +++ b/nixos/modules/hardware/steam-hardware.nix @@ -0,0 +1,25 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + + cfg = config.hardware.steam-hardware; + +in + +{ + options.hardware.steam-hardware = { + enable = mkOption { + type = types.bool; + default = false; + description = "Enable udev rules for Steam hardware such as the Steam Controller, other supported controllers and the HTC Vive"; + }; + }; + + config = mkIf cfg.enable { + services.udev.packages = [ + pkgs.steamPackages.steam + ]; + }; +} diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 1a8f522a969d..fe2cbb23476d 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -46,6 +46,7 @@ ./hardware/opengl.nix ./hardware/pcmcia.nix ./hardware/raid/hpsa.nix + ./hardware/steam-hardware.nix ./hardware/usb-wwan.nix ./hardware/onlykey.nix ./hardware/video/amdgpu.nix -- cgit 1.4.1 From ebd38185c8f50535b251b487375a671f3943a6be Mon Sep 17 00:00:00 2001 From: Franz Pletz Date: Fri, 29 Jun 2018 19:17:54 +0200 Subject: nixos/nextcloud: init MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Franz Pletz Co-authored-by: Robin Gloster Co-authored-by: Janne Heß Co-authored-by: Florian Klink --- nixos/modules/module-list.nix | 1 + nixos/modules/services/web-apps/nextcloud.nix | 463 +++++++++++++++++++++ .../modules/services/web-servers/nginx/default.nix | 17 +- .../web-servers/nginx/location-options.nix | 10 + nixos/release.nix | 1 + nixos/tests/nextcloud/basic.nix | 56 +++ nixos/tests/nextcloud/default.nix | 6 + nixos/tests/nextcloud/with-mysql-and-memcached.nix | 97 +++++ .../tests/nextcloud/with-postgresql-and-redis.nix | 130 ++++++ 9 files changed, 778 insertions(+), 3 deletions(-) create mode 100644 nixos/modules/services/web-apps/nextcloud.nix create mode 100644 nixos/tests/nextcloud/basic.nix create mode 100644 nixos/tests/nextcloud/default.nix create mode 100644 nixos/tests/nextcloud/with-mysql-and-memcached.nix create mode 100644 nixos/tests/nextcloud/with-postgresql-and-redis.nix (limited to 'nixos') diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index f4c7cf601bf1..11484d159b8c 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -689,6 +689,7 @@ ./services/web-apps/codimd.nix ./services/web-apps/frab.nix ./services/web-apps/mattermost.nix + ./services/web-apps/nextcloud.nix ./services/web-apps/nexus.nix ./services/web-apps/pgpkeyserver-lite.nix ./services/web-apps/matomo.nix diff --git a/nixos/modules/services/web-apps/nextcloud.nix b/nixos/modules/services/web-apps/nextcloud.nix new file mode 100644 index 000000000000..44c3df1d057b --- /dev/null +++ b/nixos/modules/services/web-apps/nextcloud.nix @@ -0,0 +1,463 @@ +{ config, lib, pkgs, ... }@args: + +with lib; + +let + cfg = config.services.nextcloud; + + toKeyValue = generators.toKeyValue { + mkKeyValue = generators.mkKeyValueDefault {} " = "; + }; + + phpOptionsExtensions = '' + ${optionalString cfg.caching.apcu "extension=${cfg.phpPackages.apcu}/lib/php/extensions/apcu.so"} + ${optionalString cfg.caching.redis "extension=${cfg.phpPackages.redis}/lib/php/extensions/redis.so"} + ${optionalString cfg.caching.memcached "extension=${cfg.phpPackages.memcached}/lib/php/extensions/memcached.so"} + zend_extension = opcache.so + opcache.enable = 1 + ''; + phpOptions = { + upload_max_filesize = cfg.maxUploadSize; + post_max_size = cfg.maxUploadSize; + memory_limit = cfg.maxUploadSize; + } // cfg.phpOptions; + phpOptionsStr = phpOptionsExtensions + (toKeyValue phpOptions); + + occ = pkgs.writeScriptBin "nextcloud-occ" '' + #! ${pkgs.stdenv.shell} + cd ${pkgs.nextcloud} + exec /run/wrappers/bin/sudo -u nextcloud \ + NEXTCLOUD_CONFIG_DIR="${cfg.home}/config" \ + ${config.services.phpfpm.phpPackage}/bin/php \ + -c ${pkgs.writeText "php.ini" phpOptionsStr}\ + occ $* + ''; + +in { + options.services.nextcloud = { + enable = mkEnableOption "nextcloud"; + hostName = mkOption { + type = types.str; + description = "FQDN for the nextcloud instance."; + }; + home = mkOption { + type = types.str; + default = "/var/lib/nextcloud"; + description = "Storage path of nextcloud."; + }; + https = mkOption { + type = types.bool; + default = false; + description = "Enable if there is a TLS terminating proxy in front of nextcloud."; + }; + + maxUploadSize = mkOption { + default = "512M"; + type = types.str; + description = '' + Defines the upload limit for files. This changes the relevant options + in php.ini and nginx if enabled. + ''; + }; + + skeletonDirectory = mkOption { + default = ""; + type = types.str; + description = '' + The directory where the skeleton files are located. These files will be + copied to the data directory of new users. Leave empty to not copy any + skeleton files. + ''; + }; + + nginx.enable = mkEnableOption "nginx vhost management"; + + webfinger = mkOption { + type = types.bool; + default = false; + description = '' + Enable this option if you plan on using the webfinger plugin. + The appropriate nginx rewrite rules will be added to your configuration. + ''; + }; + + phpPackages = mkOption { + type = types.attrs; + default = pkgs.php71Packages; + defaultText = "pkgs.php71Packages"; + description = '' + Overridable attribute of the PHP packages set to use. If any caching + module is enabled, it will be taken from here. Therefore it should + match the version of PHP given to + services.phpfpm.phpPackage. + ''; + }; + + phpOptions = mkOption { + type = types.attrsOf types.str; + default = { + "short_open_tag" = "Off"; + "expose_php" = "Off"; + "error_reporting" = "E_ALL & ~E_DEPRECATED & ~E_STRICT"; + "display_errors" = "stderr"; + "opcache.enable_cli" = "1"; + "opcache.interned_strings_buffer" = "8"; + "opcache.max_accelerated_files" = "10000"; + "opcache.memory_consumption" = "128"; + "opcache.revalidate_freq" = "1"; + "opcache.fast_shutdown" = "1"; + "openssl.cafile" = "/etc/ssl/certs/ca-certificates.crt"; + "catch_workers_output" = "yes"; + }; + description = '' + Options for PHP's php.ini file for nextcloud. + ''; + }; + + config = { + dbtype = mkOption { + type = types.enum [ "sqlite" "pgsql" "mysql" ]; + default = "sqlite"; + description = "Database type."; + }; + dbname = mkOption { + type = types.nullOr types.str; + default = "nextcloud"; + description = "Database name."; + }; + dbuser = mkOption { + type = types.nullOr types.str; + default = "nextcloud"; + description = "Database user."; + }; + dbpass = mkOption { + type = types.nullOr types.str; + default = null; + description = '' + Database password. Use dbpassFile to avoid this + being world-readable in the /nix/store. + ''; + }; + dbpassFile = mkOption { + type = types.nullOr types.str; + default = null; + description = '' + The full path to a file that contains the database password. + ''; + }; + dbhost = mkOption { + type = types.nullOr types.str; + default = "localhost"; + description = "Database host."; + }; + dbport = mkOption { + type = with types; nullOr (either int str); + default = null; + description = "Database port."; + }; + dbtableprefix = mkOption { + type = types.nullOr types.str; + default = null; + description = "Table prefix in Nextcloud database."; + }; + adminuser = mkOption { + type = types.str; + default = "root"; + description = "Admin username."; + }; + adminpass = mkOption { + type = types.nullOr types.str; + default = null; + description = '' + Database password. Use adminpassFile to avoid this + being world-readable in the /nix/store. + ''; + }; + adminpassFile = mkOption { + type = types.nullOr types.str; + default = null; + description = '' + The full path to a file that contains the admin's password. + ''; + }; + + extraTrustedDomains = mkOption { + type = types.listOf types.str; + default = []; + description = '' + Trusted domains, from which the nextcloud installation will be + acessible. You don't need to add + services.nextcloud.hostname here. + ''; + }; + }; + + caching = { + apcu = mkOption { + type = types.bool; + default = true; + description = '' + Whether to load the APCu module into PHP. + ''; + }; + redis = mkOption { + type = types.bool; + default = false; + description = '' + Whether to load the Redis module into PHP. + You still need to enable Redis in your config.php. + See https://docs.nextcloud.com/server/14/admin_manual/configuration_server/caching_configuration.html + ''; + }; + memcached = mkOption { + type = types.bool; + default = false; + description = '' + Whether to load the Memcached module into PHP. + You still need to enable Memcached in your config.php. + See https://docs.nextcloud.com/server/14/admin_manual/configuration_server/caching_configuration.html + ''; + }; + }; + }; + + config = mkIf cfg.enable (mkMerge [ + { assertions = let acfg = cfg.config; in [ + { assertion = !(acfg.dbpass != null && acfg.dbpassFile != null); + message = "Please specify no more than one of dbpass or dbpassFile"; + } + { assertion = ((acfg.adminpass != null || acfg.adminpassFile != null) + && !(acfg.adminpass != null && acfg.adminpassFile != null)); + message = "Please specify exactly one of adminpass or adminpassFile"; + } + ]; + } + + { systemd.timers."nextcloud-cron" = { + wantedBy = [ "timers.target" ]; + timerConfig.OnBootSec = "5m"; + timerConfig.OnUnitActiveSec = "15m"; + timerConfig.Unit = "nextcloud-cron.service"; + }; + + systemd.services = { + "nextcloud-setup" = let + overrideConfig = pkgs.writeText "nextcloud-config.php" '' + [ + [ 'path' => '${cfg.home}/apps', 'url' => '/apps', 'writable' => false ], + [ 'path' => '${cfg.home}/store-apps', 'url' => '/store-apps', 'writable' => true ], + ], + 'datadirectory' => '${cfg.home}/data', + 'skeletondirectory' => '${cfg.skeletonDirectory}', + ${optionalString cfg.caching.apcu "'memcache.local' => '\\OC\\Memcache\\APCu',"} + 'log_type' => 'syslog', + ]; + ''; + occInstallCmd = let + c = cfg.config; + adminpass = if c.adminpassFile != null + then ''"$(<"${toString c.adminpassFile}")"'' + else ''"${toString c.adminpass}"''; + dbpass = if c.dbpassFile != null + then ''"$(<"${toString c.dbpassFile}")"'' + else if c.dbpass != null + then ''"${toString c.dbpass}"'' + else null; + installFlags = concatStringsSep " \\\n " + (mapAttrsToList (k: v: "${k} ${toString v}") { + "--database" = ''"${c.dbtype}"''; + # The following attributes are optional depending on the type of + # database. Those that evaluate to null on the left hand side + # will be omitted. + ${if c.dbname != null then "--database-name" else null} = ''"${c.dbname}"''; + ${if c.dbhost != null then "--database-host" else null} = ''"${c.dbhost}"''; + ${if c.dbport != null then "--database-port" else null} = ''"${toString c.dbport}"''; + ${if c.dbuser != null then "--database-user" else null} = ''"${c.dbuser}"''; + ${if (any (x: x != null) [c.dbpass c.dbpassFile]) + then "--database-pass" else null} = dbpass; + ${if c.dbtableprefix != null + then "--database-table-prefix" else null} = ''"${toString c.dbtableprefix}"''; + "--admin-user" = ''"${c.adminuser}"''; + "--admin-pass" = adminpass; + "--data-dir" = ''"${cfg.home}/data"''; + }); + in '' + ${occ}/bin/nextcloud-occ maintenance:install \ + ${installFlags} + ''; + occSetTrustedDomainsCmd = concatStringsSep "\n" (imap0 + (i: v: '' + ${occ}/bin/nextcloud-occ config:system:set trusted_domains \ + ${toString i} --value="${toString v}" + '') ([ cfg.hostName ] ++ cfg.config.extraTrustedDomains)); + + in { + wantedBy = [ "multi-user.target" ]; + before = [ "phpfpm-nextcloud.service" ]; + script = '' + chmod og+x ${cfg.home} + ln -sf ${pkgs.nextcloud}/apps ${cfg.home}/ + mkdir -p ${cfg.home}/config ${cfg.home}/data ${cfg.home}/store-apps + ln -sf ${overrideConfig} ${cfg.home}/config/override.config.php + + chown -R nextcloud:nginx ${cfg.home}/config ${cfg.home}/data ${cfg.home}/store-apps + + # Do not install if already installed + if [[ ! -e ${cfg.home}/config/config.php ]]; then + ${occInstallCmd} + fi + + ${occ}/bin/nextcloud-occ upgrade + + ${occ}/bin/nextcloud-occ config:system:delete trusted_domains + ${occSetTrustedDomainsCmd} + ''; + serviceConfig.Type = "oneshot"; + }; + "nextcloud-cron" = { + environment.NEXTCLOUD_CONFIG_DIR = "${cfg.home}/config"; + serviceConfig.Type = "oneshot"; + serviceConfig.User = "nextcloud"; + serviceConfig.ExecStart = "${pkgs.php}/bin/php -f ${pkgs.nextcloud}/cron.php"; + }; + }; + + services.phpfpm = { + phpOptions = phpOptionsExtensions; + phpPackage = pkgs.php71; + pools.nextcloud = let + phpAdminValues = (toKeyValue + (foldr (a: b: a // b) {} + (mapAttrsToList (k: v: { "php_admin_value[${k}]" = v; }) + phpOptions))); + in { + listen = "/run/phpfpm/nextcloud"; + extraConfig = '' + listen.owner = nginx + listen.group = nginx + user = nextcloud + group = nginx + pm = dynamic + pm.max_children = 32 + pm.start_servers = 2 + pm.min_spare_servers = 2 + pm.max_spare_servers = 4 + env[NEXTCLOUD_CONFIG_DIR] = ${cfg.home}/config + env[PATH] = /run/wrappers/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin:/usr/bin:/bin + ${phpAdminValues} + ''; + }; + }; + + users.extraUsers.nextcloud = { + home = "${cfg.home}"; + group = "nginx"; + createHome = true; + }; + + environment.systemPackages = [ occ ]; + } + + (mkIf cfg.nginx.enable { + services.nginx = { + enable = true; + virtualHosts = { + "${cfg.hostName}" = { + root = pkgs.nextcloud; + locations = { + "= /robots.txt" = { + priority = 100; + extraConfig = '' + allow all; + log_not_found off; + access_log off; + ''; + }; + "/" = { + priority = 200; + extraConfig = "rewrite ^ /index.php$uri;"; + }; + "~ ^/store-apps" = { + priority = 201; + extraConfig = "root ${cfg.home};"; + }; + "= /.well-known/carddav" = { + priority = 210; + extraConfig = "return 301 $scheme://$host/remote.php/dav;"; + }; + "= /.well-known/caldav" = { + priority = 210; + extraConfig = "return 301 $scheme://$host/remote.php/dav;"; + }; + "~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/" = { + priority = 300; + extraConfig = "deny all;"; + }; + "~ ^/(?:\\.|autotest|occ|issue|indie|db_|console)" = { + priority = 300; + extraConfig = "deny all;"; + }; + "~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\\.php(?:$|/)" = { + priority = 500; + extraConfig = '' + include ${pkgs.nginxMainline}/conf/fastcgi.conf; + fastcgi_split_path_info ^(.+\.php)(/.*)$; + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_param HTTPS ${if cfg.https then "on" else "off"}; + fastcgi_param modHeadersAvailable true; + fastcgi_param front_controller_active true; + fastcgi_pass unix:/run/phpfpm/nextcloud; + fastcgi_intercept_errors on; + fastcgi_request_buffering off; + fastcgi_read_timeout 120s; + ''; + }; + "~ ^/(?:updater|ocs-provider)(?:$|/)".extraConfig = '' + try_files $uri/ =404; + index index.php; + ''; + "~ \\.(?:css|js|woff|svg|gif)$".extraConfig = '' + try_files $uri /index.php$uri$is_args$args; + add_header Cache-Control "public, max-age=15778463"; + add_header X-Content-Type-Options nosniff; + add_header X-XSS-Protection "1; mode=block"; + add_header X-Robots-Tag none; + add_header X-Download-Options noopen; + add_header X-Permitted-Cross-Domain-Policies none; + access_log off; + ''; + "~ \\.(?:png|html|ttf|ico|jpg|jpeg)$".extraConfig = '' + try_files $uri /index.php$uri$is_args$args; + access_log off; + ''; + }; + extraConfig = '' + add_header X-Content-Type-Options nosniff; + add_header X-XSS-Protection "1; mode=block"; + add_header X-Robots-Tag none; + add_header X-Download-Options noopen; + add_header X-Permitted-Cross-Domain-Policies none; + error_page 403 /core/templates/403.php; + error_page 404 /core/templates/404.php; + client_max_body_size ${cfg.maxUploadSize}; + fastcgi_buffers 64 4K; + gzip on; + gzip_vary on; + gzip_comp_level 4; + gzip_min_length 256; + gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; + gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; + + ${optionalString cfg.webfinger '' + rewrite ^/.well-known/host-meta /public.php?service=host-meta last; + rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; + ''} + ''; + }; + }; + }; + }) + ]); +} diff --git a/nixos/modules/services/web-servers/nginx/default.nix b/nixos/modules/services/web-servers/nginx/default.nix index b231ee5a3f01..508398f03ace 100644 --- a/nixos/modules/services/web-servers/nginx/default.nix +++ b/nixos/modules/services/web-servers/nginx/default.nix @@ -245,8 +245,8 @@ let } '' ) virtualHosts); - mkLocations = locations: concatStringsSep "\n" (mapAttrsToList (location: config: '' - location ${location} { + mkLocations = locations: concatStringsSep "\n" (map (config: '' + location ${config.location} { ${optionalString (config.proxyPass != null && !cfg.proxyResolveWhileRunning) "proxy_pass ${config.proxyPass};" } @@ -266,7 +266,18 @@ let ${config.extraConfig} ${optionalString (config.proxyPass != null && cfg.recommendedProxySettings) "include ${recommendedProxyConfig};"} } - '') locations); + '') (sortProperties (mapAttrsToList (k: v: v // { location = k; }) locations))); + mkBasicAuth = vhostName: authDef: let + htpasswdFile = pkgs.writeText "${vhostName}.htpasswd" ( + concatStringsSep "\n" (mapAttrsToList (user: password: '' + ${user}:{PLAIN}${password} + '') authDef) + ); + in '' + auth_basic secured; + auth_basic_user_file ${htpasswdFile}; + ''; + mkHtpasswd = vhostName: authDef: pkgs.writeText "${vhostName}.htpasswd" ( concatStringsSep "\n" (mapAttrsToList (user: password: '' ${user}:{PLAIN}${password} diff --git a/nixos/modules/services/web-servers/nginx/location-options.nix b/nixos/modules/services/web-servers/nginx/location-options.nix index 4c772734a749..9b44433d3845 100644 --- a/nixos/modules/services/web-servers/nginx/location-options.nix +++ b/nixos/modules/services/web-servers/nginx/location-options.nix @@ -71,6 +71,16 @@ with lib; These lines go to the end of the location verbatim. ''; }; + + priority = mkOption { + type = types.int; + default = 1000; + description = '' + Order of this location block in relation to the others in the vhost. + The semantics are the same as with `lib.mkOrder`. Smaller values have + a greater priority. + ''; + }; }; } diff --git a/nixos/release.nix b/nixos/release.nix index cce2c54f02bf..0c2207c27ad7 100644 --- a/nixos/release.nix +++ b/nixos/release.nix @@ -360,6 +360,7 @@ in rec { tests.netdata = callTest tests/netdata.nix { }; tests.networking.networkd = callSubTests tests/networking.nix { networkd = true; }; tests.networking.scripted = callSubTests tests/networking.nix { networkd = false; }; + tests.nextcloud = callSubTests tests/nextcloud { }; # TODO: put in networking.nix after the test becomes more complete tests.networkingProxy = callTest tests/networking-proxy.nix {}; tests.nexus = callTest tests/nexus.nix { }; diff --git a/nixos/tests/nextcloud/basic.nix b/nixos/tests/nextcloud/basic.nix new file mode 100644 index 000000000000..c3b710f0f904 --- /dev/null +++ b/nixos/tests/nextcloud/basic.nix @@ -0,0 +1,56 @@ +import ../make-test.nix ({ pkgs, ...}: let + adminpass = "notproduction"; + adminuser = "root"; +in { + name = "nextcloud-basic"; + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ globin eqyiel ]; + }; + + nodes = { + # The only thing the client needs to do is download a file. + client = { ... }: {}; + + nextcloud = { config, pkgs, ... }: { + networking.firewall.allowedTCPPorts = [ 80 ]; + + services.nextcloud = { + enable = true; + nginx.enable = true; + hostName = "nextcloud"; + config = { + # Don't inherit adminuser since "root" is supposed to be the default + inherit adminpass; + }; + }; + }; + }; + + testScript = let + withRcloneEnv = pkgs.writeScript "with-rclone-env" '' + #!${pkgs.stdenv.shell} + export RCLONE_CONFIG_NEXTCLOUD_TYPE=webdav + export RCLONE_CONFIG_NEXTCLOUD_URL="http://nextcloud/remote.php/webdav/" + export RCLONE_CONFIG_NEXTCLOUD_VENDOR="nextcloud" + export RCLONE_CONFIG_NEXTCLOUD_USER="${adminuser}" + export RCLONE_CONFIG_NEXTCLOUD_PASS="$(${pkgs.rclone}/bin/rclone obscure ${adminpass})" + "''${@}" + ''; + copySharedFile = pkgs.writeScript "copy-shared-file" '' + #!${pkgs.stdenv.shell} + echo 'hi' | ${withRcloneEnv} ${pkgs.rclone}/bin/rclone rcat nextcloud:test-shared-file + ''; + + diffSharedFile = pkgs.writeScript "diff-shared-file" '' + #!${pkgs.stdenv.shell} + diff <(echo 'hi') <(${pkgs.rclone}/bin/rclone cat nextcloud:test-shared-file) + ''; + in '' + startAll(); + $nextcloud->waitForUnit("multi-user.target"); + $nextcloud->succeed("curl -sSf http://nextcloud/login"); + $nextcloud->succeed("${withRcloneEnv} ${copySharedFile}"); + $client->waitForUnit("multi-user.target"); + $client->succeed("${withRcloneEnv} ${diffSharedFile}"); + ''; +}) diff --git a/nixos/tests/nextcloud/default.nix b/nixos/tests/nextcloud/default.nix new file mode 100644 index 000000000000..66da6794b961 --- /dev/null +++ b/nixos/tests/nextcloud/default.nix @@ -0,0 +1,6 @@ +{ system ? builtins.currentSystem }: +{ + basic = import ./basic.nix { inherit system; }; + with-postgresql-and-redis = import ./with-postgresql-and-redis.nix { inherit system; }; + with-mysql-and-memcached = import ./with-mysql-and-memcached.nix { inherit system; }; +} diff --git a/nixos/tests/nextcloud/with-mysql-and-memcached.nix b/nixos/tests/nextcloud/with-mysql-and-memcached.nix new file mode 100644 index 000000000000..c0d347238b47 --- /dev/null +++ b/nixos/tests/nextcloud/with-mysql-and-memcached.nix @@ -0,0 +1,97 @@ +import ../make-test.nix ({ pkgs, ...}: let + adminpass = "hunter2"; + adminuser = "root"; +in { + name = "nextcloud-with-mysql-and-memcached"; + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ eqyiel ]; + }; + + nodes = { + # The only thing the client needs to do is download a file. + client = { ... }: {}; + + nextcloud = { config, pkgs, ... }: { + networking.firewall.allowedTCPPorts = [ 80 ]; + + services.nextcloud = { + enable = true; + hostName = "nextcloud"; + nginx.enable = true; + https = true; + caching = { + apcu = true; + redis = false; + memcached = true; + }; + config = { + dbtype = "mysql"; + dbname = "nextcloud"; + dbuser = "nextcloud"; + dbhost = "127.0.0.1"; + dbport = 3306; + dbpass = "hunter2"; + # Don't inherit adminuser since "root" is supposed to be the default + inherit adminpass; + }; + }; + + services.mysql = { + enable = true; + bind = "127.0.0.1"; + package = pkgs.mariadb; + initialScript = pkgs.writeText "mysql-init" '' + CREATE USER 'nextcloud'@'localhost' IDENTIFIED BY 'hunter2'; + CREATE DATABASE IF NOT EXISTS nextcloud; + GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER, + CREATE TEMPORARY TABLES ON nextcloud.* TO 'nextcloud'@'localhost' + IDENTIFIED BY 'hunter2'; + FLUSH privileges; + ''; + }; + + systemd.services."nextcloud-setup"= { + requires = ["mysql.service"]; + after = ["mysql.service"]; + }; + + services.memcached.enable = true; + }; + }; + + testScript = let + configureMemcached = pkgs.writeScript "configure-memcached" '' + #!${pkgs.stdenv.shell} + nextcloud-occ config:system:set memcached_servers 0 0 --value 127.0.0.1 --type string + nextcloud-occ config:system:set memcached_servers 0 1 --value 11211 --type integer + nextcloud-occ config:system:set memcache.local --value '\OC\Memcache\APCu' --type string + nextcloud-occ config:system:set memcache.distributed --value '\OC\Memcache\Memcached' --type string + ''; + withRcloneEnv = pkgs.writeScript "with-rclone-env" '' + #!${pkgs.stdenv.shell} + export RCLONE_CONFIG_NEXTCLOUD_TYPE=webdav + export RCLONE_CONFIG_NEXTCLOUD_URL="http://nextcloud/remote.php/webdav/" + export RCLONE_CONFIG_NEXTCLOUD_VENDOR="nextcloud" + export RCLONE_CONFIG_NEXTCLOUD_USER="${adminuser}" + export RCLONE_CONFIG_NEXTCLOUD_PASS="$(${pkgs.rclone}/bin/rclone obscure ${adminpass})" + ''; + copySharedFile = pkgs.writeScript "copy-shared-file" '' + #!${pkgs.stdenv.shell} + echo 'hi' | ${pkgs.rclone}/bin/rclone rcat nextcloud:test-shared-file + ''; + + diffSharedFile = pkgs.writeScript "diff-shared-file" '' + #!${pkgs.stdenv.shell} + diff <(echo 'hi') <(${pkgs.rclone}/bin/rclone cat nextcloud:test-shared-file) + ''; + in '' + startAll(); + $nextcloud->waitForUnit("multi-user.target"); + $nextcloud->succeed("${configureMemcached}"); + $nextcloud->succeed("curl -sSf http://nextcloud/login"); + $nextcloud->succeed("${withRcloneEnv} ${copySharedFile}"); + $client->waitForUnit("multi-user.target"); + $client->succeed("${withRcloneEnv} ${diffSharedFile}"); + + ''; +}) diff --git a/nixos/tests/nextcloud/with-postgresql-and-redis.nix b/nixos/tests/nextcloud/with-postgresql-and-redis.nix new file mode 100644 index 000000000000..0351d4db69ac --- /dev/null +++ b/nixos/tests/nextcloud/with-postgresql-and-redis.nix @@ -0,0 +1,130 @@ +import ../make-test.nix ({ pkgs, ...}: let + adminpass = "hunter2"; + adminuser = "custom-admin-username"; +in { + name = "nextcloud-with-postgresql-and-redis"; + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ eqyiel ]; + }; + + nodes = { + # The only thing the client needs to do is download a file. + client = { ... }: {}; + + nextcloud = { config, pkgs, ... }: { + networking.firewall.allowedTCPPorts = [ 80 ]; + + services.nextcloud = { + enable = true; + hostName = "nextcloud"; + nginx.enable = true; + caching = { + apcu = false; + redis = true; + memcached = false; + }; + config = { + dbtype = "pgsql"; + dbname = "nextcloud"; + dbuser = "nextcloud"; + dbhost = "localhost"; + dbpassFile = toString (pkgs.writeText "db-pass-file" '' + hunter2 + ''); + inherit adminuser; + adminpassFile = toString (pkgs.writeText "admin-pass-file" '' + ${adminpass} + ''); + }; + }; + + services.redis = { + unixSocket = "/var/run/redis/redis.sock"; + enable = true; + extraConfig = '' + unixsocketperm 770 + ''; + }; + + systemd.services.redis = { + preStart = '' + mkdir -p /var/run/redis + chown ${config.services.redis.user}:${config.services.nginx.group} /var/run/redis + ''; + serviceConfig.PermissionsStartOnly = true; + }; + + systemd.services."nextcloud-setup"= { + requires = ["postgresql.service"]; + after = [ + "postgresql.service" + "chown-redis-socket.service" + ]; + }; + + # At the time of writing, redis creates its socket with the "nobody" + # group. I figure this is slightly less bad than making the socket world + # readable. + systemd.services."chown-redis-socket" = { + enable = true; + script = '' + until ${pkgs.redis}/bin/redis-cli ping; do + echo "waiting for redis..." + sleep 1 + done + chown ${config.services.redis.user}:${config.services.nginx.group} /var/run/redis/redis.sock + ''; + after = [ "redis.service" ]; + requires = [ "redis.service" ]; + wantedBy = [ "redis.service" ]; + serviceConfig = { + Type = "oneshot"; + }; + }; + + services.postgresql = { + enable = true; + initialScript = pkgs.writeText "psql-init" '' + create role nextcloud with login password 'hunter2'; + create database nextcloud with owner nextcloud; + ''; + }; + }; + }; + + testScript = let + configureRedis = pkgs.writeScript "configure-redis" '' + #!${pkgs.stdenv.shell} + nextcloud-occ config:system:set redis 'host' --value '/var/run/redis/redis.sock' --type string + nextcloud-occ config:system:set redis 'port' --value 0 --type integer + nextcloud-occ config:system:set memcache.local --value '\OC\Memcache\Redis' --type string + nextcloud-occ config:system:set memcache.locking --value '\OC\Memcache\Redis' --type string + ''; + withRcloneEnv = pkgs.writeScript "with-rclone-env" '' + #!${pkgs.stdenv.shell} + export RCLONE_CONFIG_NEXTCLOUD_TYPE=webdav + export RCLONE_CONFIG_NEXTCLOUD_URL="http://nextcloud/remote.php/webdav/" + export RCLONE_CONFIG_NEXTCLOUD_VENDOR="nextcloud" + export RCLONE_CONFIG_NEXTCLOUD_USER="${adminuser}" + export RCLONE_CONFIG_NEXTCLOUD_PASS="$(${pkgs.rclone}/bin/rclone obscure ${adminpass})" + "''${@}" + ''; + copySharedFile = pkgs.writeScript "copy-shared-file" '' + #!${pkgs.stdenv.shell} + echo 'hi' | ${pkgs.rclone}/bin/rclone rcat nextcloud:test-shared-file + ''; + + diffSharedFile = pkgs.writeScript "diff-shared-file" '' + #!${pkgs.stdenv.shell} + diff <(echo 'hi') <(${pkgs.rclone}/bin/rclone cat nextcloud:test-shared-file) + ''; + in '' + startAll(); + $nextcloud->waitForUnit("multi-user.target"); + $nextcloud->succeed("${configureRedis}"); + $nextcloud->succeed("curl -sSf http://nextcloud/login"); + $nextcloud->succeed("${withRcloneEnv} ${copySharedFile}"); + $client->waitForUnit("multi-user.target"); + $client->succeed("${withRcloneEnv} ${diffSharedFile}"); + ''; +}) -- cgit 1.4.1 From 8d40083690c2d20d20c32d7d90b9fd7b7f559042 Mon Sep 17 00:00:00 2001 From: Jamey Sharp Date: Sat, 29 Sep 2018 11:35:00 -0700 Subject: nixos/stage-2: create empty machine-id at boot Previously, the activation script was responsible for ensuring that /etc/machine-id exists. However, the only time it could not already exist is during stage-2-init, not while switching configurations, because one of the first things systemd does when starting up as PID 1 is to create this file. So I've moved the initialization to stage-2-init. Furthermore, since systemd will do the equivalent of systemd-machine-id-setup if /etc/machine-id doesn't have valid contents, we don't need to do that ourselves. We _do_, however, want to ensure that the file at least exists, because systemd also uses the non-existence of this file to guess that this is a first-boot situation. In that case, systemd tries to create some symlinks in /etc/systemd/system according to its presets, which it can't do because we've already populated /etc according to the current NixOS configuration. This is not necessary for any other activation script snippets, so it's okay to do it after stage-2-init runs the activation script. None of them declare a dependency on the "systemd" snippet. Also, most of them only create files or directories in ways that obviously don't need the machine-id set. --- nixos/modules/system/boot/stage-2-init.sh | 8 ++++++++ nixos/modules/system/boot/systemd.nix | 4 ---- 2 files changed, 8 insertions(+), 4 deletions(-) (limited to 'nixos') diff --git a/nixos/modules/system/boot/stage-2-init.sh b/nixos/modules/system/boot/stage-2-init.sh index 49764b75a557..03daafa1ce4f 100644 --- a/nixos/modules/system/boot/stage-2-init.sh +++ b/nixos/modules/system/boot/stage-2-init.sh @@ -152,6 +152,14 @@ ln -sfn /run/booted-system /nix/var/nix/gcroots/booted-system @shell@ @postBootCommands@ +# Ensure systemd doesn't try to populate /etc, by forcing its first-boot +# heuristic off. It doesn't matter what's in /etc/machine-id for this purpose, +# and systemd will immediately fill in the file when it starts, so just +# creating it is enough. This `: >>` pattern avoids forking and avoids changing +# the mtime if the file already exists. +: >> /etc/machine-id + + # Reset the logging file descriptors. exec 1>&$logOutFd 2>&$logErrFd exec {logOutFd}>&- {logErrFd}>&- diff --git a/nixos/modules/system/boot/systemd.nix b/nixos/modules/system/boot/systemd.nix index c96a502a892f..94bbd6180a80 100644 --- a/nixos/modules/system/boot/systemd.nix +++ b/nixos/modules/system/boot/systemd.nix @@ -787,10 +787,6 @@ in '' mkdir -m 0755 -p /var/lib/udev - if ! [ -e /etc/machine-id ]; then - ${systemd}/bin/systemd-machine-id-setup - fi - # Keep a persistent journal. Note that systemd-tmpfiles will # set proper ownership/permissions. mkdir -m 0700 -p /var/log/journal -- cgit 1.4.1 From 10e865051548f39e8bff205ea09a648c49304d11 Mon Sep 17 00:00:00 2001 From: Jamey Sharp Date: Sat, 29 Sep 2018 12:16:45 -0700 Subject: nixos/systemd: let journald create /var/log/journal The default value for journald's Storage option is "auto", which determines whether to log to /var/log/journal based on whether that directory already exists. So NixOS has been unconditionally creating that directory in activation scripts. However, we can get the same behavior by configuring journald.conf to set Storage to "persistent" instead. In that case, journald will create the directory itself if necessary. --- nixos/modules/system/boot/systemd.nix | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) (limited to 'nixos') diff --git a/nixos/modules/system/boot/systemd.nix b/nixos/modules/system/boot/systemd.nix index 94bbd6180a80..c0d1bd750655 100644 --- a/nixos/modules/system/boot/systemd.nix +++ b/nixos/modules/system/boot/systemd.nix @@ -747,6 +747,7 @@ in "systemd/journald.conf".text = '' [Journal] + Storage=persistent RateLimitInterval=${config.services.journald.rateLimitInterval} RateLimitBurst=${toString config.services.journald.rateLimitBurst} ${optionalString (config.services.journald.console != "") '' @@ -786,10 +787,6 @@ in system.activationScripts.systemd = '' mkdir -m 0755 -p /var/lib/udev - - # Keep a persistent journal. Note that systemd-tmpfiles will - # set proper ownership/permissions. - mkdir -m 0700 -p /var/log/journal ''; users.users.systemd-network.uid = config.ids.uids.systemd-network; -- cgit 1.4.1 From bbc0f6f005fa856d914711149838d2f75f9fe41b Mon Sep 17 00:00:00 2001 From: Jamey Sharp Date: Sun, 30 Sep 2018 11:05:47 -0700 Subject: nixos/systemd: don't create /var/lib/udev As far as I can tell, systemd has never used this directory, so I think this is a holdover from before udev merged into systemd. --- nixos/modules/system/boot/systemd.nix | 5 ----- 1 file changed, 5 deletions(-) (limited to 'nixos') diff --git a/nixos/modules/system/boot/systemd.nix b/nixos/modules/system/boot/systemd.nix index c0d1bd750655..f1b8878d04e1 100644 --- a/nixos/modules/system/boot/systemd.nix +++ b/nixos/modules/system/boot/systemd.nix @@ -784,11 +784,6 @@ in services.dbus.enable = true; - system.activationScripts.systemd = - '' - mkdir -m 0755 -p /var/lib/udev - ''; - users.users.systemd-network.uid = config.ids.uids.systemd-network; users.groups.systemd-network.gid = config.ids.gids.systemd-network; users.users.systemd-resolve.uid = config.ids.uids.systemd-resolve; -- cgit 1.4.1 From ae3d3b0fffe4827a7f126368e01fd8c2c8a4c7fe Mon Sep 17 00:00:00 2001 From: Jamey Sharp Date: Sat, 29 Sep 2018 12:28:54 -0700 Subject: nixos/polkit: use tmpfiles to clean old dirs These don't need to get cleaned up during activation; that can wait until systemd-tmpfiles-setup runs. --- nixos/modules/security/polkit.nix | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'nixos') diff --git a/nixos/modules/security/polkit.nix b/nixos/modules/security/polkit.nix index 04685f2c9ea1..7f1de81d5b70 100644 --- a/nixos/modules/security/polkit.nix +++ b/nixos/modules/security/polkit.nix @@ -88,11 +88,11 @@ in "polkit-agent-helper-1".source = "${pkgs.polkit.out}/lib/polkit-1/polkit-agent-helper-1"; }; - system.activationScripts.polkit = - '' - # Probably no more needed, clean up - rm -rf /var/lib/{polkit-1,PolicyKit} - ''; + systemd.tmpfiles.rules = [ + # Probably no more needed, clean up + "R /var/lib/polkit-1" + "R /var/lib/PolicyKit" + ]; users.users.polkituser = { description = "PolKit daemon"; -- cgit 1.4.1 From dab5c632bd2664555292665192cd9f096b5c5bcf Mon Sep 17 00:00:00 2001 From: Jamey Sharp Date: Sat, 29 Sep 2018 18:02:49 -0700 Subject: nixos/activation: don't create /run/nix Nix 2.0 no longer uses these directories. /run/nix/current-load was moved to /nix/var/nix/current-load in 2017 (Nix commit d7653dfc6dea076ecbe00520c6137977e0fced35). Anyway, src/build-remote/build-remote.cc will create the current-load directory if it doesn't exist already. /run/nix/remote-stores seems to have been deprecated since 2014 (Nix commit b1af336132cfe8a6e4c54912cc512f8c28d4ebf3) when the documentation for $NIX_OTHER_STORES was removed, and support for it was dropped entirely in 2016 (Nix commit 4494000e04122f24558e1436e66d20d89028b4bd). --- nixos/modules/system/activation/activation-script.nix | 3 --- 1 file changed, 3 deletions(-) (limited to 'nixos') diff --git a/nixos/modules/system/activation/activation-script.nix b/nixos/modules/system/activation/activation-script.nix index 93a1b13a81dd..b74153885318 100644 --- a/nixos/modules/system/activation/activation-script.nix +++ b/nixos/modules/system/activation/activation-script.nix @@ -128,9 +128,6 @@ in '' # Various log/runtime directories. - mkdir -m 0755 -p /run/nix/current-load # for distributed builds - mkdir -m 0700 -p /run/nix/remote-stores - mkdir -m 0755 -p /var/log touch /var/log/wtmp /var/log/lastlog # must exist -- cgit 1.4.1 From 188bdfb95d7218b931f7d605ad0a5e6961dc3a34 Mon Sep 17 00:00:00 2001 From: Jamey Sharp Date: Sat, 29 Sep 2018 22:52:27 -0700 Subject: nixos/opengl: create /run/opengl-driver using tmpfiles.d Anything that uses OpenGL starts after sysinit.target, so systemd-tmpfiles runs before anything that needs these symlinks. --- nixos/modules/hardware/opengl.nix | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) (limited to 'nixos') diff --git a/nixos/modules/hardware/opengl.nix b/nixos/modules/hardware/opengl.nix index b371af353cf9..46d06d71333a 100644 --- a/nixos/modules/hardware/opengl.nix +++ b/nixos/modules/hardware/opengl.nix @@ -129,17 +129,17 @@ in message = "Option driSupport32Bit only makes sense on a 64-bit system."; }; - system.activationScripts.setup-opengl = - '' - ln -sfn ${package} /run/opengl-driver - ${if pkgs.stdenv.isi686 then '' - ln -sfn opengl-driver /run/opengl-driver-32 - '' else if cfg.driSupport32Bit then '' - ln -sfn ${package32} /run/opengl-driver-32 - '' else '' - rm -f /run/opengl-driver-32 - ''} - ''; + systemd.tmpfiles.rules = [ + "L+ /run/opengl-driver - - - - ${package}" + ( + if pkgs.stdenv.isi686 then + "L+ /run/opengl-driver-32 - - - - opengl-driver" + else if cfg.driSupport32Bit then + "L+ /run/opengl-driver-32 - - - - ${package32}" + else + "r /run/opengl-driver-32" + ) + ]; environment.sessionVariables.LD_LIBRARY_PATH = [ "/run/opengl-driver/lib" ] ++ optional cfg.driSupport32Bit "/run/opengl-driver-32/lib"; -- cgit 1.4.1 From b63f65aea0dea11c20e9299210af1d2ee4299b58 Mon Sep 17 00:00:00 2001 From: Jamey Sharp Date: Sat, 29 Sep 2018 23:30:02 -0700 Subject: nixos/pam: create wtmp/lastlog iff using pam_lastlog I think pam_lastlog is the only thing that writes to these files in practice on a modern Linux system, so in a configuration that doesn't use that module, we don't need to create these files. I used tmpfiles.d instead of activation snippets to create the logs. It's good enough for upstream and other distros; it's probably good enough for us. --- nixos/modules/security/pam.nix | 7 +++++++ nixos/modules/system/activation/activation-script.nix | 5 ----- 2 files changed, 7 insertions(+), 5 deletions(-) (limited to 'nixos') diff --git a/nixos/modules/security/pam.nix b/nixos/modules/security/pam.nix index bef10b4fe614..926c6d77d3bb 100644 --- a/nixos/modules/security/pam.nix +++ b/nixos/modules/security/pam.nix @@ -548,6 +548,13 @@ in environment.etc = mapAttrsToList (n: v: makePAMService v) config.security.pam.services; + systemd.tmpfiles.rules = optionals + (any (s: s.updateWtmp) (attrValues config.security.pam.services)) + [ + "f /var/log/wtmp" + "f /var/log/lastlog" + ]; + security.pam.services = { other.text = '' diff --git a/nixos/modules/system/activation/activation-script.nix b/nixos/modules/system/activation/activation-script.nix index b74153885318..cd6dc1fb8201 100644 --- a/nixos/modules/system/activation/activation-script.nix +++ b/nixos/modules/system/activation/activation-script.nix @@ -128,11 +128,6 @@ in '' # Various log/runtime directories. - mkdir -m 0755 -p /var/log - - touch /var/log/wtmp /var/log/lastlog # must exist - chmod 644 /var/log/wtmp /var/log/lastlog - mkdir -m 1777 -p /var/tmp # Empty, immutable home directory of many system accounts. -- cgit 1.4.1 From d334c1c1d00038801e5c243496105e6f02822eb8 Mon Sep 17 00:00:00 2001 From: Jörg Thalheim Date: Sat, 22 Sep 2018 10:27:49 +0100 Subject: nixos/bitlbee: option to use pam --- nixos/modules/services/networking/bitlbee.nix | 41 +++++++++++++++------- .../instant-messengers/bitlbee/default.nix | 17 ++++++--- 2 files changed, 40 insertions(+), 18 deletions(-) (limited to 'nixos') diff --git a/nixos/modules/services/networking/bitlbee.nix b/nixos/modules/services/networking/bitlbee.nix index 392a8d5c2e7c..46e3b7457610 100644 --- a/nixos/modules/services/networking/bitlbee.nix +++ b/nixos/modules/services/networking/bitlbee.nix @@ -7,9 +7,10 @@ let cfg = config.services.bitlbee; bitlbeeUid = config.ids.uids.bitlbee; - bitlbeePkg = if cfg.libpurple_plugins == [] - then pkgs.bitlbee - else pkgs.bitlbee.override { enableLibPurple = true; }; + bitlbeePkg = pkgs.bitlbee.override { + enableLibPurple = cfg.libpurple_plugins != []; + enablePam = cfg.authBackend == "pam"; + }; bitlbeeConfig = pkgs.writeText "bitlbee.conf" '' @@ -20,6 +21,7 @@ let DaemonInterface = ${cfg.interface} DaemonPort = ${toString cfg.portNumber} AuthMode = ${cfg.authMode} + AuthBackend = ${cfg.authBackend} Plugindir = ${pkgs.bitlbee-plugins cfg.plugins}/lib/bitlbee ${lib.optionalString (cfg.hostName != "") "HostName = ${cfg.hostName}"} ${lib.optionalString (cfg.protocols != "") "Protocols = ${cfg.protocols}"} @@ -70,6 +72,16 @@ in ''; }; + authBackend = mkOption { + default = "storage"; + type = types.enum [ "storage" "pam" ]; + description = '' + How users are authenticated + storage -- save passwords internally + pam -- Linux PAM authentication + ''; + }; + authMode = mkOption { default = "Open"; type = types.enum [ "Open" "Closed" "Registered" ]; @@ -147,23 +159,22 @@ in ###### implementation - config = mkIf config.services.bitlbee.enable { - - users.users = singleton - { name = "bitlbee"; + config = mkMerge [ + (mkIf config.services.bitlbee.enable { + users.users = singleton { + name = "bitlbee"; uid = bitlbeeUid; description = "BitlBee user"; home = "/var/lib/bitlbee"; createHome = true; }; - users.groups = singleton - { name = "bitlbee"; + users.groups = singleton { + name = "bitlbee"; gid = config.ids.gids.bitlbee; }; - systemd.services.bitlbee = - { + systemd.services.bitlbee = { environment.PURPLE_PLUGIN_PATH = purple_plugin_path; description = "BitlBee IRC to other chat networks gateway"; after = [ "network.target" ]; @@ -172,8 +183,12 @@ in serviceConfig.ExecStart = "${bitlbeePkg}/sbin/bitlbee -F -n -c ${bitlbeeConfig}"; }; - environment.systemPackages = [ bitlbeePkg ]; + environment.systemPackages = [ bitlbeePkg ]; - }; + }) + (mkIf (config.services.bitlbee.authBackend == "pam") { + security.pam.services.bitlbee = {}; + }) + ]; } diff --git a/pkgs/applications/networking/instant-messengers/bitlbee/default.nix b/pkgs/applications/networking/instant-messengers/bitlbee/default.nix index 4aa04806e61c..fbd326919f33 100644 --- a/pkgs/applications/networking/instant-messengers/bitlbee/default.nix +++ b/pkgs/applications/networking/instant-messengers/bitlbee/default.nix @@ -1,5 +1,7 @@ -{ fetchurl, stdenv, gnutls, glib, pkgconfig, check, libotr, python, -enableLibPurple ? false, pidgin ? null }: +{ fetchurl, stdenv, gnutls, glib, pkgconfig, check, libotr, python +, enableLibPurple ? false, pidgin ? null +, enablePam ? false, pam ? null +}: with stdenv.lib; stdenv.mkDerivation rec { @@ -13,18 +15,23 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ pkgconfig ] ++ optional doCheck check; buildInputs = [ gnutls glib libotr python ] - ++ optional enableLibPurple pidgin; + ++ optional enableLibPurple pidgin + ++ optional enablePam pam; configureFlags = [ "--otr=1" "--ssl=gnutls" "--pidfile=/var/lib/bitlbee/bitlbee.pid" - ] - ++ optional enableLibPurple "--purple=1"; + ] ++ optional enableLibPurple "--purple=1" + ++ optional enablePam "--pam=1"; installTargets = [ "install" "install-dev" ]; doCheck = !enableLibPurple; # Checks fail with libpurple for some reason + checkPhase = '' + # check flags set VERBOSE=y which breaks the build due overriding a command + make check + ''; enableParallelBuilding = true; -- cgit 1.4.1 From 358a1c8a28902da87ccfe49cec3b5f23bafa3d67 Mon Sep 17 00:00:00 2001 From: Sarah Brofeldt Date: Mon, 1 Oct 2018 23:01:38 +0200 Subject: nixos/tests/nix-ssh-serve.nix: Use stable nix (#47584) --- nixos/tests/nix-ssh-serve.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'nixos') diff --git a/nixos/tests/nix-ssh-serve.nix b/nixos/tests/nix-ssh-serve.nix index aa366d8612d7..494d55121eb1 100644 --- a/nixos/tests/nix-ssh-serve.nix +++ b/nixos/tests/nix-ssh-serve.nix @@ -14,8 +14,8 @@ in keys = [ snakeOilPublicKey ]; protocol = "ssh-ng"; }; - server.nix.package = pkgs.nixUnstable; - client.nix.package = pkgs.nixUnstable; + server.nix.package = pkgs.nix; + client.nix.package = pkgs.nix; }; testScript = '' startAll; -- cgit 1.4.1 From f8d681a91f77a5bc40e65358137f83dcb02759be Mon Sep 17 00:00:00 2001 From: Franz Pletz Date: Tue, 2 Oct 2018 00:07:25 +0200 Subject: nixos/clamav: fix daemon/updater services toggling --- nixos/modules/services/security/clamav.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'nixos') diff --git a/nixos/modules/services/security/clamav.nix b/nixos/modules/services/security/clamav.nix index 9ad0095252de..b3af4d85cc4b 100644 --- a/nixos/modules/services/security/clamav.nix +++ b/nixos/modules/services/security/clamav.nix @@ -95,7 +95,7 @@ in environment.etc."clamav/freshclam.conf".source = freshclamConfigFile; environment.etc."clamav/clamd.conf".source = clamdConfigFile; - systemd.services.clamav-daemon = optionalAttrs cfg.daemon.enable { + systemd.services.clamav-daemon = mkIf cfg.daemon.enable { description = "ClamAV daemon (clamd)"; after = optional cfg.updater.enable "clamav-freshclam.service"; requires = optional cfg.updater.enable "clamav-freshclam.service"; @@ -116,7 +116,7 @@ in }; }; - systemd.timers.clamav-freshclam = optionalAttrs cfg.updater.enable { + systemd.timers.clamav-freshclam = mkIf cfg.updater.enable { description = "Timer for ClamAV virus database updater (freshclam)"; wantedBy = [ "timers.target" ]; timerConfig = { @@ -125,7 +125,7 @@ in }; }; - systemd.services.clamav-freshclam = optionalAttrs cfg.updater.enable { + systemd.services.clamav-freshclam = mkIf cfg.updater.enable { description = "ClamAV virus database updater (freshclam)"; restartTriggers = [ freshclamConfigFile ]; -- cgit 1.4.1 From 11ba2f270f2733d933ff5a70ddbc617512cecd1d Mon Sep 17 00:00:00 2001 From: Franz Pletz Date: Mon, 1 Oct 2018 23:34:06 +0200 Subject: nixos/clamav: fix freshclam service if db up to date --- nixos/modules/services/security/clamav.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'nixos') diff --git a/nixos/modules/services/security/clamav.nix b/nixos/modules/services/security/clamav.nix index b3af4d85cc4b..04b433f8f2bf 100644 --- a/nixos/modules/services/security/clamav.nix +++ b/nixos/modules/services/security/clamav.nix @@ -137,6 +137,7 @@ in serviceConfig = { Type = "oneshot"; ExecStart = "${pkg}/bin/freshclam"; + SuccessExitStatus = "1"; # if databases are up to date PrivateTmp = "yes"; PrivateDevices = "yes"; }; -- cgit 1.4.1 From c1dbb90bfdc3b13aa5976973a621fc104a0e55fb Mon Sep 17 00:00:00 2001 From: Alyssa Ross Date: Tue, 2 Oct 2018 00:35:32 +0200 Subject: lightdm: add extraConfig option (#47630) --- nixos/modules/services/x11/display-managers/lightdm.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'nixos') diff --git a/nixos/modules/services/x11/display-managers/lightdm.nix b/nixos/modules/services/x11/display-managers/lightdm.nix index 8078b93a7574..a34f2370649f 100644 --- a/nixos/modules/services/x11/display-managers/lightdm.nix +++ b/nixos/modules/services/x11/display-managers/lightdm.nix @@ -46,6 +46,7 @@ let greeters-directory = ${cfg.greeter.package} ''} sessions-directory = ${dmcfg.session.desktops}/share/xsessions + ${cfg.extraConfig} [Seat:*] xserver-command = ${xserverWrapper} @@ -113,6 +114,15 @@ in }; }; + extraConfig = mkOption { + type = types.lines; + default = ""; + example = '' + user-authority-in-system-dir = true + ''; + description = "Extra lines to append to LightDM section."; + }; + background = mkOption { type = types.str; default = "${pkgs.nixos-artwork.wallpapers.simple-dark-gray-bottom}/share/artwork/gnome/nix-wallpaper-simple-dark-gray_bottom.png"; -- cgit 1.4.1 From 2c9265c95075170ad210ed5635ecffcd36db6b84 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Tue, 2 Oct 2018 11:07:48 +0200 Subject: nix: 2.1.2 -> 2.1.3 --- nixos/modules/installer/tools/nix-fallback-paths.nix | 8 ++++---- pkgs/tools/package-management/nix/default.nix | 4 ++-- 2 files changed, 6 insertions(+), 6 deletions(-) (limited to 'nixos') diff --git a/nixos/modules/installer/tools/nix-fallback-paths.nix b/nixos/modules/installer/tools/nix-fallback-paths.nix index adde237c07c9..1cfc8ff8612e 100644 --- a/nixos/modules/installer/tools/nix-fallback-paths.nix +++ b/nixos/modules/installer/tools/nix-fallback-paths.nix @@ -1,6 +1,6 @@ { - x86_64-linux = "/nix/store/mxg4bbblxfns96yrz0nalxyiyjl7gj98-nix-2.1.2"; - i686-linux = "/nix/store/bgjgmbwirx63mwwychpikd7yc4k4lbjv-nix-2.1.2"; - aarch64-linux = "/nix/store/yi18azn4nwrcwvaiag04jnxc1qs38fy5-nix-2.1.2"; - x86_64-darwin = "/nix/store/fpivmcck2qpw5plrp599iraw2x9jp18k-nix-2.1.2"; + x86_64-linux = "/nix/store/cdcia67siabmj6li7vyffgv2cry86fq8-nix-2.1.3"; + i686-linux = "/nix/store/6q3xi6y5qnsv7d62b8n00hqfxi8rs2xs-nix-2.1.3"; + aarch64-linux = "/nix/store/2v93d0vimlm28jg0ms6v1i6lc0fq13pn-nix-2.1.3"; + x86_64-darwin = "/nix/store/dkjlfkrknmxbjmpfk3dg4q3nmb7m3zvk-nix-2.1.3"; } diff --git a/pkgs/tools/package-management/nix/default.nix b/pkgs/tools/package-management/nix/default.nix index 71c5bd53909f..975d36ddf190 100644 --- a/pkgs/tools/package-management/nix/default.nix +++ b/pkgs/tools/package-management/nix/default.nix @@ -148,10 +148,10 @@ in rec { }) // { perl-bindings = nix1; }; nixStable = (common rec { - name = "nix-2.1.2"; + name = "nix-2.1.3"; src = fetchurl { url = "http://nixos.org/releases/nix/${name}/${name}.tar.xz"; - sha256 = "68e55382dac9e66f84ead69b3c786a4ea85d4a6611a7a740aa0b78fcc85db3ec"; + sha256 = "5d22dad058d5c800d65a115f919da22938c50dd6ba98c5e3a183172d149840a4"; }; }) // { perl-bindings = perl-bindings { nix = nixStable; -- cgit 1.4.1 From 1af8f3a980bb8ac92f5c09ac23cca4781571bcd1 Mon Sep 17 00:00:00 2001 From: Peter Simons Date: Tue, 2 Oct 2018 12:41:25 +0200 Subject: nixos: include system-level dconf resources in GDM's profile This is necessary when system-wide dconf settings must be configured, i.e. to disable GDM's auto-suspending of the machine when no user is logged in. Related to https://github.com/NixOS/nixpkgs/issues/42053. --- nixos/modules/services/x11/display-managers/gdm.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'nixos') diff --git a/nixos/modules/services/x11/display-managers/gdm.nix b/nixos/modules/services/x11/display-managers/gdm.nix index a775dd0f0e04..a16cbee3bb39 100644 --- a/nixos/modules/services/x11/display-managers/gdm.nix +++ b/nixos/modules/services/x11/display-managers/gdm.nix @@ -142,7 +142,10 @@ in systemd.user.services.dbus.wantedBy = [ "default.target" ]; - programs.dconf.profiles.gdm = "${gdm}/share/dconf/profile/gdm"; + programs.dconf.profiles.gdm = pkgs.writeText "dconf-gdm-profile" '' + system-db:local + ${gdm}/share/dconf/profile/gdm + ''; # Use AutomaticLogin if delay is zero, because it's immediate. # Otherwise with TimedLogin with zero seconds the prompt is still -- cgit 1.4.1 From 5e7bf8c5e9da260c912e8abda5fb8a407ee3da7e Mon Sep 17 00:00:00 2001 From: aszlig Date: Wed, 3 Oct 2018 03:48:04 +0200 Subject: nixos/tests/misc: Fix reboot-wtmp subtest From commit b63f65aea0dea11c20e9299210af1d2ee4299b58: I used tmpfiles.d instead of activation snippets to create the logs. It's good enough for upstream and other distros; it's probably good enough for us. The "reboot-wtmp" subtest fails because it it assumes that there is a reboot record even on the initial boot. This is only the case if wtmp is created within the activation script, but the implementation now uses tmpfiles.d, so the creation of the file is done at a much later stage. Apart from that, if you think about the state after the installation as "first boot", using the term "reboot" wouldn't probably make sense either. So in our subtest, we now reboot the machine and check the wtmp record afterwards as we did before. Signed-off-by: aszlig Cc: @edolstra, @jameysharp, @Mic92 --- nixos/tests/misc.nix | 2 ++ 1 file changed, 2 insertions(+) (limited to 'nixos') diff --git a/nixos/tests/misc.nix b/nixos/tests/misc.nix index 6d72ac997f8d..3ad55651b112 100644 --- a/nixos/tests/misc.nix +++ b/nixos/tests/misc.nix @@ -78,6 +78,8 @@ import ./make-test.nix ({ pkgs, ...} : rec { # Test whether we have a reboot record in wtmp. subtest "reboot-wtmp", sub { + $machine->shutdown; + $machine->waitForUnit('multi-user.target'); $machine->succeed("last | grep reboot >&2"); }; -- cgit 1.4.1 From 7297cc550165a7cd10f6a9946c70c3a7198fcc78 Mon Sep 17 00:00:00 2001 From: Maximilian Bosch Date: Wed, 3 Oct 2018 12:31:08 +0200 Subject: nixos/activation: fix systemd-user daemon-reload in auto-upgrade service (#47695) The autoupgrade service defined in `system.autoUpgrade` (`nixos/modules/installer/tools/auto-upgrade.nix`) doesn't have `su` in its path and thus yields a warning during the `daemon-reload`. Specifying the absolute path fixes the issue. Fixes #47648 --- nixos/modules/system/activation/switch-to-configuration.pl | 2 +- nixos/modules/system/activation/top-level.nix | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) (limited to 'nixos') diff --git a/nixos/modules/system/activation/switch-to-configuration.pl b/nixos/modules/system/activation/switch-to-configuration.pl index c3e469e4b8a1..daaf8e542147 100644 --- a/nixos/modules/system/activation/switch-to-configuration.pl +++ b/nixos/modules/system/activation/switch-to-configuration.pl @@ -419,7 +419,7 @@ while (my $f = <$listActiveUsers>) { my ($uid, $name) = ($+{uid}, $+{user}); print STDERR "reloading user units for $name...\n"; - system("su", "-s", "@shell@", "-l", $name, "-c", "XDG_RUNTIME_DIR=/run/user/$uid @systemd@/bin/systemctl --user daemon-reload"); + system("@su@", "-s", "@shell@", "-l", $name, "-c", "XDG_RUNTIME_DIR=/run/user/$uid @systemd@/bin/systemctl --user daemon-reload"); } close $listActiveUsers; diff --git a/nixos/modules/system/activation/top-level.nix b/nixos/modules/system/activation/top-level.nix index 413543df88c6..a560af5ce96d 100644 --- a/nixos/modules/system/activation/top-level.nix +++ b/nixos/modules/system/activation/top-level.nix @@ -109,6 +109,7 @@ let inherit (pkgs) utillinux coreutils; systemd = config.systemd.package; shell = "${pkgs.bash}/bin/sh"; + su = "${pkgs.shadow.su}/bin/su"; inherit children; kernelParams = config.boot.kernelParams; -- cgit 1.4.1 From d8a555d81904b6c92c5ac0502235260111ff0e7a Mon Sep 17 00:00:00 2001 From: Márton Boros Date: Wed, 3 Oct 2018 14:39:36 +0200 Subject: Fix systemd timer unit documentation Fixes #36210 --- nixos/modules/system/boot/systemd-unit-options.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'nixos') diff --git a/nixos/modules/system/boot/systemd-unit-options.nix b/nixos/modules/system/boot/systemd-unit-options.nix index 2cff25a8c854..5f2bec5c34ae 100644 --- a/nixos/modules/system/boot/systemd-unit-options.nix +++ b/nixos/modules/system/boot/systemd-unit-options.nix @@ -394,7 +394,7 @@ in rec { Each attribute in this set specifies an option in the [Timer] section of the unit. See systemd.timer - 7 and + 5 and systemd.time 7 for details. ''; -- cgit 1.4.1 From d10a84eb21a52343041ccb5afa07992845b2b1e2 Mon Sep 17 00:00:00 2001 From: Peter Hoeg Date: Thu, 4 Oct 2018 10:17:40 +0800 Subject: kcheckpass: it is in kscreenlocker, not plasma-workspace --- nixos/modules/services/x11/desktop-managers/plasma5.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'nixos') diff --git a/nixos/modules/services/x11/desktop-managers/plasma5.nix b/nixos/modules/services/x11/desktop-managers/plasma5.nix index e759f69db897..f29a838facdc 100644 --- a/nixos/modules/services/x11/desktop-managers/plasma5.nix +++ b/nixos/modules/services/x11/desktop-managers/plasma5.nix @@ -64,7 +64,7 @@ in }; security.wrappers = { - kcheckpass.source = "${lib.getBin plasma5.plasma-workspace}/lib/libexec/kcheckpass"; + kcheckpass.source = "${lib.getBin plasma5.kscreenlocker}/lib/libexec/kcheckpass"; "start_kdeinit".source = "${lib.getBin pkgs.kinit}/lib/libexec/kf5/start_kdeinit"; kwin_wayland = { source = "${lib.getBin plasma5.kwin}/bin/kwin_wayland"; -- cgit 1.4.1 From 2c0d56f00719f27533a3a1a89d2bd48710735a1e Mon Sep 17 00:00:00 2001 From: Samuel Dionne-Riel Date: Wed, 3 Oct 2018 22:33:03 -0400 Subject: nixos/doc: Adds sub-folder to input files. --- nixos/doc/manual/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'nixos') diff --git a/nixos/doc/manual/Makefile b/nixos/doc/manual/Makefile index 2e9adf70c396..b251a1f5e2c3 100644 --- a/nixos/doc/manual/Makefile +++ b/nixos/doc/manual/Makefile @@ -4,7 +4,7 @@ all: manual-combined.xml format .PHONY: debug debug: generated manual-combined.xml -manual-combined.xml: generated *.xml +manual-combined.xml: generated *.xml **/*.xml rm -f ./manual-combined.xml nix-shell --packages xmloscopy \ --run "xmloscopy --docbook5 ./manual.xml ./manual-combined.xml" -- cgit 1.4.1 From 8192fcd0fdac8d17c5719994a0c60ae0bd1109ed Mon Sep 17 00:00:00 2001 From: Samuel Dionne-Riel Date: Tue, 2 Oct 2018 20:13:18 -0400 Subject: doc: installing-usb make macOS note a note. While it seemingly brings more attention to the macOS notes with the default docbook template, it better represents which parts of the section are about macOS, and which parts are simply in the flow of the text; otherwise the last paragraph may be lost into the details for macOS. --- nixos/doc/manual/installation/installing-usb.xml | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) (limited to 'nixos') diff --git a/nixos/doc/manual/installation/installing-usb.xml b/nixos/doc/manual/installation/installing-usb.xml index c5934111749c..4315eb5942b9 100644 --- a/nixos/doc/manual/installation/installing-usb.xml +++ b/nixos/doc/manual/installation/installing-usb.xml @@ -9,13 +9,12 @@ For systems without CD drive, the NixOS live CD can be booted from a USB stick. You can use the dd utility to write the image: dd if=path-to-image - of=/dev/sdb. Be careful about specifying + of=/dev/sdX. Be careful about specifying the correct drive; you can use the lsblk command to get a list of block devices. - - - - On macOS: + + On macOS + $ diskutil list [..] @@ -26,10 +25,12 @@ $ diskutil unmountDisk diskN Unmount of all volumes on diskN was successful $ sudo dd bs=1m if=nix.iso of=/dev/rdiskN - Using the 'raw' rdiskN device instead of - diskN completes in minutes instead of hours. After - dd completes, a GUI dialog "The disk you inserted was not - readable by this computer" will pop up, which can be ignored. + Using the 'raw' rdiskN device instead of + diskN completes in minutes instead of hours. After + dd completes, a GUI dialog "The disk you inserted was + not readable by this computer" will pop up, which can be ignored. + + -- cgit 1.4.1 From 8467dc857bd1cc9c54a15cd36c062554b61234cf Mon Sep 17 00:00:00 2001 From: Samuel Dionne-Riel Date: Tue, 2 Oct 2018 20:14:45 -0400 Subject: doc: installing-usb: removes notes about unetbootin. They are known to cause more issues than solving issues; futhermore using `dd` should work everywhere without fail. --- nixos/doc/manual/installation/installing-usb.xml | 29 ------------------------ 1 file changed, 29 deletions(-) (limited to 'nixos') diff --git a/nixos/doc/manual/installation/installing-usb.xml b/nixos/doc/manual/installation/installing-usb.xml index 4315eb5942b9..0b311189430c 100644 --- a/nixos/doc/manual/installation/installing-usb.xml +++ b/nixos/doc/manual/installation/installing-usb.xml @@ -36,34 +36,5 @@ $ sudo dd bs=1m if=nix.iso of=/dev/rdiskN The dd utility will write the image verbatim to the drive, making it the recommended option for both UEFI and non-UEFI installations. - For non-UEFI installations, you can alternatively use - unetbootin. If - you cannot use dd for a UEFI installation, you can also - mount the ISO, copy its contents verbatim to your drive, then either: - - - - Change the label of the disk partition to the label of the ISO (visible - with the blkid command), or - - - - - Edit loader/entries/nixos-livecd.conf on the drive - and change the root= field in the - options line to point to your drive (see the - documentation on root= in - - the kernel documentation for more details). - - - - - If you want to load the contents of the ISO to ram after bootin (So you - can remove the stick after bootup) you can append the parameter - copytoram to the options field. - - - -- cgit 1.4.1 From 6cfbf403ca327017257ddbd742e312f3304b64cc Mon Sep 17 00:00:00 2001 From: Samuel Dionne-Riel Date: Mon, 1 Oct 2018 23:57:10 -0400 Subject: doc: Reviews partitioning instructions to use parted. The tests in are using `parted`, so they are bound to be better tested than `fdisk`. This is brought on by a couple issues, plus reports on IRC that the `fdisk` instructions didn't work as expected. * #39354 * #46309 * #39942 * #45478 Care was taken so that the other documented steps did not need changes. In all this kerfufle, a slight re-organization of the Chapter has been made, allowing better deep linking. --- nixos/doc/manual/installation/installing.xml | 707 ++++++++++++++++----------- 1 file changed, 409 insertions(+), 298 deletions(-) (limited to 'nixos') diff --git a/nixos/doc/manual/installation/installing.xml b/nixos/doc/manual/installation/installing.xml index 1366e8f93596..2b68def95b70 100644 --- a/nixos/doc/manual/installation/installing.xml +++ b/nixos/doc/manual/installation/installing.xml @@ -4,60 +4,46 @@ version="5.0" xml:id="sec-installation"> Installing NixOS - - NixOS can be installed on BIOS or UEFI systems. The procedure for a UEFI - installation is by and large the same as a BIOS installation. The differences - are mentioned in the steps that follow. - - - - - Boot from the CD. - - - - - UEFI systems - - - - You should boot the live CD in UEFI mode (consult your specific - hardware's documentation for instructions). You may find the - rEFInd boot - manager useful. - - - - - - - - The CD contains a basic NixOS installation. (It also contains Memtest86+, - useful if you want to test new hardware). When it’s finished booting, it - should have detected most of your hardware. - - - - - The NixOS manual is available on virtual console 8 (press Alt+F8 to access) - or by running nixos-help. - - - - - You get logged in as root (with empty password). - - - - - If you downloaded the graphical ISO image, you can run systemctl - start display-manager to start KDE. If you want to continue on - the terminal, you can use loadkeys to switch to your - preferred keyboard layout. (We even provide neo2 via loadkeys de - neo!) - - - +
+ Booting the system + + + NixOS can be installed on BIOS or UEFI systems. The procedure for a UEFI + installation is by and large the same as a BIOS installation. The + differences are mentioned in the steps that follow. + + + + The installation media can be burned to a CD, or now more commonly, "burned" + to a USB drive (see ). + + + + The installation media contains a basic NixOS installation. When it’s + finished booting, it should have detected most of your hardware. + + + + The NixOS manual is available on virtual console 8 (press Alt+F8 to access) + or by running nixos-help. + + + + You are logged-in automatically as root. (The + root user account has an empty password.) + + + + If you downloaded the graphical ISO image, you can run systemctl + start display-manager to start KDE. If you want to continue on the + terminal, you can use loadkeys to switch to your + preferred keyboard layout. (We even provide neo2 via loadkeys de + neo!) + + +
+ Networking in the installer + The boot process should have brought up networking (check ip a). Networking is necessary for the installer, since it will @@ -65,58 +51,165 @@ binaries). It’s best if you have a DHCP server on your network. Otherwise configure networking manually using ifconfig. + To manually configure the network on the graphical installer, first disable network-manager with systemctl stop network-manager. + To manually configure the wifi on the minimal installer, run wpa_supplicant -B -i interface -c <(wpa_passphrase 'SSID' 'key'). - - + If you would like to continue the installation from a different machine you need to activate the SSH daemon via systemctl start sshd. In order to be able to login you also need to set a password for root using passwd. - - +
+
+
+ Partitioning and formatting + + + The NixOS installer doesn’t do any partitioning or formatting, so you need + to do that yourself. + + + + The NixOS installer ships with multiple partitioning tools. The examples + below use parted, but also provides + fdisk, gdisk, + cfdisk, and cgdisk. + + + + The recommended partition scheme differs depending if the computer uses + Legacy Boot or UEFI. + + +
+ UEFI (GPT) + - The NixOS installer doesn’t do any partitioning or formatting yet, so you - need to do that yourself. Use the following commands: - + Here's an example partition scheme for UEFI, using + /dev/sda as the device. + + + You can safely ignore parted's informational message + about needing to update /etc/fstab. + + + + + + - For partitioning: fdisk. - -# fdisk /dev/sda # (or whatever device you want to install on) --- for UEFI systems only -> n # (create a new partition for /boot) -> 3 # (make it a partition number 3) -> # (press enter to accept the default) -> +512M # (the size of the UEFI boot partition) -> t # (change the partition type ...) -> 3 # (... of the boot partition ...) -> 1 # (... to 'UEFI System') --- for BIOS or UEFI systems -> n # (create a new partition for /swap) -> 2 # (make it a partition number 2) -> # (press enter to accept the default) -> +8G # (the size of the swap partition, set to whatever you like) -> n # (create a new partition for /) -> 1 # (make it a partition number 1) -> # (press enter to accept the default) -> # (press enter to accept the default and use the rest of the remaining space) -> a # (make the partition bootable) -> x # (enter expert mode) -> f # (fix up the partition ordering) -> r # (exit expert mode) -> w # (write the partition table to disk and exit) + Create a GPT partition table. +# parted /dev/sda -- mklabel gpt + + + Add a swap partition. The size required will vary + according to needs, here a 8GiB one is created. The space left in front + (512MiB) will be used by the boot partition. +# parted /dev/sda -- mkpart primary linux-swap 512MiB 8.5GiB + + + The swap partition size rules are no different than for other Linux + distributions. + + + + + + + Next, add the root partition. This will fill the + remainder ending part of the disk. +# parted /dev/sda -- mkpart primary 8.5GiB -1MiB + + + + + Finally, the boot partition. NixOS by default uses + the ESP (EFI system partition) as its /boot + partition. It uses the initially reserved 512MiB at the start of the + disk. +# parted /dev/sda -- mkpart ESP fat32 1M 512MiB +# parted /dev/sda -- set 3 boot on + + + + + + + Once complete, you can follow with + . + +
+ +
+ Legacy Boot (MBR) + + + Here's an example partition scheme for Legacy Boot, using + /dev/sda as the device. + + + You can safely ignore parted's informational message + about needing to update /etc/fstab. + + + + + + + + + Create a MBR partition table. +# parted /dev/sda -- mklabel msdos + + + + + Add a swap partition. The size required will vary + according to needs, here a 8GiB one is created. +# parted /dev/sda -- mkpart primary linux-swap 1M 8GiB + + + The swap partition size rules are no different than for other Linux + distributions. + + + + + + + Finally, add the root partition. This will fill the + remainder of the disk. +# parted /dev/sda -- mkpart primary 8GiB -1s + + + + + + + Once complete, you can follow with + . + +
+ +
+ Formatting + + + Use the following commands: + For initialising Ext4 partitions: mkfs.ext4. It is @@ -169,242 +262,249 @@ - - - - Mount the target file system on which NixOS should be installed on - /mnt, e.g. +
+
+
+ Installing + + + + + Mount the target file system on which NixOS should be installed on + /mnt, e.g. # mount /dev/disk/by-label/nixos /mnt - - - - - - - UEFI systems - - - - Mount the boot file system on /mnt/boot, e.g. + + + + + + + UEFI systems + + + + Mount the boot file system on /mnt/boot, e.g. # mkdir -p /mnt/boot # mount /dev/disk/by-label/boot /mnt/boot - - - - - - - - If your machine has a limited amount of memory, you may want to activate - swap devices now (swapon - device). The installer (or rather, the - build actions that it may spawn) may need quite a bit of RAM, depending on - your configuration. + + + + + + + + If your machine has a limited amount of memory, you may want to activate + swap devices now (swapon + device). The installer (or rather, + the build actions that it may spawn) may need quite a bit of RAM, + depending on your configuration. # swapon /dev/sda2 - - - - - You now need to create a file - /mnt/etc/nixos/configuration.nix that specifies the - intended configuration of the system. This is because NixOS has a - declarative configuration model: you create or edit a - description of the desired configuration of your system, and then NixOS - takes care of making it happen. The syntax of the NixOS configuration file - is described in , while a list of - available configuration options appears in - + + + + You now need to create a file + /mnt/etc/nixos/configuration.nix that specifies the + intended configuration of the system. This is because NixOS has a + declarative configuration model: you create or edit a + description of the desired configuration of your system, and then NixOS + takes care of making it happen. The syntax of the NixOS configuration file + is described in , while a list + of available configuration options appears in + . A minimal example is shown in - . - - - The command nixos-generate-config can generate an - initial configuration file for you: + + + The command nixos-generate-config can generate an + initial configuration file for you: # nixos-generate-config --root /mnt - You should then edit /mnt/etc/nixos/configuration.nix - to suit your needs: + You should then edit /mnt/etc/nixos/configuration.nix + to suit your needs: # nano /mnt/etc/nixos/configuration.nix - If you’re using the graphical ISO image, other editors may be available - (such as vim). If you have network access, you can also - install other editors — for instance, you can install Emacs by running - nix-env -i emacs. - - - - - BIOS systems - - - - You must set the option - to specify on which disk - the GRUB boot loader is to be installed. Without it, NixOS cannot boot. - - - - - - UEFI systems - - - - You must set the option - to - true. nixos-generate-config should - do this automatically for new configurations when booted in UEFI mode. - - - You may want to look at the options starting with - - and - - as well. - - - - - - If there are other operating systems running on the machine before - installing NixOS, the - option can be set to true to automatically add them to - the grub menu. - - - Another critical option is , specifying the - file systems that need to be mounted by NixOS. However, you typically - don’t need to set it yourself, because - nixos-generate-config sets it automatically in - /mnt/etc/nixos/hardware-configuration.nix from your - currently mounted file systems. (The configuration file - hardware-configuration.nix is included from - configuration.nix and will be overwritten by future - invocations of nixos-generate-config; thus, you - generally should not modify it.) - - + If you’re using the graphical ISO image, other editors may be available + (such as vim). If you have network access, you can also + install other editors — for instance, you can install Emacs by running + nix-env -i emacs. + + + + + BIOS systems + + + + You must set the option + to specify on which disk + the GRUB boot loader is to be installed. Without it, NixOS cannot boot. + + + + + + UEFI systems + + + + You must set the option + to + true. nixos-generate-config + should do this automatically for new configurations when booted in UEFI + mode. + + + You may want to look at the options starting with + + and + + as well. + + + + - Depending on your hardware configuration or type of file system, you may - need to set the option to - include the kernel modules that are necessary for mounting the root file - system, otherwise the installed system will not be able to boot. (If this - happens, boot from the CD again, mount the target file system on - /mnt, fix - /mnt/etc/nixos/configuration.nix and rerun - nixos-install.) In most cases, - nixos-generate-config will figure out the required - modules. + If there are other operating systems running on the machine before + installing NixOS, the + option can be set to true to automatically add them to + the grub menu. - - - - - Do the installation: + + Another critical option is , specifying the + file systems that need to be mounted by NixOS. However, you typically + don’t need to set it yourself, because + nixos-generate-config sets it automatically in + /mnt/etc/nixos/hardware-configuration.nix from your + currently mounted file systems. (The configuration file + hardware-configuration.nix is included from + configuration.nix and will be overwritten by future + invocations of nixos-generate-config; thus, you + generally should not modify it.) + + + + Depending on your hardware configuration or type of file system, you may + need to set the option to + include the kernel modules that are necessary for mounting the root file + system, otherwise the installed system will not be able to boot. (If this + happens, boot from the installation media again, mount the target file + system on /mnt, fix + /mnt/etc/nixos/configuration.nix and rerun + nixos-install.) In most cases, + nixos-generate-config will figure out the required + modules. + + + + + + Do the installation: # nixos-install - Cross fingers. If this fails due to a temporary problem (such as a network - issue while downloading binaries from the NixOS binary cache), you can just - re-run nixos-install. Otherwise, fix your - configuration.nix and then re-run - nixos-install. - - - As the last step, nixos-install will ask you to set the - password for the root user, e.g. + Cross fingers. If this fails due to a temporary problem (such as a network + issue while downloading binaries from the NixOS binary cache), you can + just re-run nixos-install. Otherwise, fix your + configuration.nix and then re-run + nixos-install. + + + As the last step, nixos-install will ask you to set the + password for the root user, e.g. setting root password... Enter new UNIX password: *** -Retype new UNIX password: *** - - - - For unattended installations, it is possible to use - nixos-install --no-root-passwd in order to disable the - password prompt entirely. - - - - - - - If everything went well: +Retype new UNIX password: *** + + + For unattended installations, it is possible to use + nixos-install --no-root-passwd in order to disable + the password prompt entirely. + + + + + + + If everything went well: - # reboot - - - - - You should now be able to boot into the installed NixOS. The GRUB boot menu - shows a list of available configurations (initially - just one). Every time you change the NixOS configuration (see - + + + + + You should now be able to boot into the installed NixOS. The GRUB boot + menu shows a list of available configurations + (initially just one). Every time you change the NixOS configuration (see + Changing Configuration - ), a new item is added to the menu. This allows you to easily roll back to - a previous configuration if something goes wrong. - - - You should log in and change the root password with - passwd. - - - You’ll probably want to create some user accounts as well, which can be - done with useradd: + ), a new item is added to the menu. This allows you to easily roll back to + a previous configuration if something goes wrong. + + + You should log in and change the root password with + passwd. + + + You’ll probably want to create some user accounts as well, which can be + done with useradd: $ useradd -c 'Eelco Dolstra' -m eelco $ passwd eelco - - - You may also want to install some software. For instance, + + + You may also want to install some software. For instance, $ nix-env -qa \* - shows what packages are available, and + shows what packages are available, and $ nix-env -i w3m - install the w3m browser. - - - - - To summarise, shows a typical sequence - of commands for installing NixOS on an empty hard drive (here - /dev/sda). w3m browser. + + + +
+
+ Installation summary + + + To summarise, shows a typical + sequence of commands for installing NixOS on an empty hard drive (here + /dev/sda). shows a - corresponding configuration Nix expression. - - - Commands for Installing NixOS on <filename>/dev/sda</filename> - -# fdisk /dev/sda # (or whatever device you want to install on) --- for UEFI systems only -> n # (create a new partition for /boot) -> 3 # (make it a partition number 3) -> # (press enter to accept the default) -> +512M # (the size of the UEFI boot partition) -> t # (change the partition type ...) -> 3 # (... of the boot partition ...) -> 1 # (... to 'UEFI System') --- for BIOS or UEFI systems -> n # (create a new partition for /swap) -> 2 # (make it a partition number 2) -> # (press enter to accept the default) -> +8G # (the size of the swap partition) -> n # (create a new partition for /) -> 1 # (make it a partition number 1) -> # (press enter to accept the default) -> # (press enter to accept the default and use the rest of the remaining space) -> a # (make the partition bootable) -> x # (enter expert mode) -> f # (fix up the partition ordering) -> r # (exit expert mode) -> w # (write the partition table to disk and exit) + corresponding configuration Nix expression. + + + + Example partition schemes for NixOS on <filename>/dev/sda</filename> (MBR) + +# parted /dev/sda -- mklabel msdos +# parted /dev/sda -- mkpart primary linux-swap 1M 8GiB +# parted /dev/sda -- mkpart primary 8GiB -1s + + + + Example partition schemes for NixOS on <filename>/dev/sda</filename> (UEFI) + +# parted /dev/sda -- mklabel gpt +# parted /dev/sda -- mkpart primary linux-swap 512MiB 8.5GiB +# parted /dev/sda -- mkpart primary 8.5GiB -1MiB +# parted /dev/sda -- mkpart ESP fat32 1M 512MiB +# parted /dev/sda -- set 3 boot on + + + + Commands for Installing NixOS on <filename>/dev/sda</filename> + + With a partitioned disk. + # mkfs.ext4 -L nixos /dev/sda1 # mkswap -L swap /dev/sda2 # swapon /dev/sda2 @@ -416,9 +516,11 @@ $ nix-env -i w3m # nano /mnt/etc/nixos/configuration.nix # nixos-install # reboot - - - NixOS Configuration + + + + + NixOS Configuration { config, pkgs, ... }: { imports = [ @@ -438,10 +540,19 @@ $ nix-env -i w3m services.sshd.enable = true; } - - - - - - + +
+
+ Additional installation notes + + + + + + + + + + +
-- cgit 1.4.1 From de93b32f902fef6243af2edcf9b2d1c28763f9d0 Mon Sep 17 00:00:00 2001 From: Vladimír Čunát Date: Thu, 4 Oct 2018 16:52:17 +0200 Subject: nixos-option: fix #47722 when missing ~/.nix-defexpr/channels The problem was that the non-fatal warning was not omitted from the output when constructing a nix expression. Now it seems OK for me. When return code is OK, the warnings don't get passed anywhere, but I expect that won't matter for this utility. Fatal errors are still shown. --- nixos/modules/installer/tools/nixos-option.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'nixos') diff --git a/nixos/modules/installer/tools/nixos-option.sh b/nixos/modules/installer/tools/nixos-option.sh index 3f1e591b97b0..327e3e6989f7 100644 --- a/nixos/modules/installer/tools/nixos-option.sh +++ b/nixos/modules/installer/tools/nixos-option.sh @@ -82,7 +82,7 @@ evalNix(){ set -e if test $exit_code -eq 0; then - cat <&2 <