nixpkgs-suyu/nixos/modules/system/etc/etc.nix

# Management of static files in /etc.

{ config, lib, pkgs, ... }:

with lib;

let

  # if the source is a local file, it should be imported to the store
  localToStore = mapAttrs (name: value: if name == "source" then "${value}" else value);
  etc' = map localToStore (filter (f: f.enable) (attrValues config.environment.etc));

  etc = pkgs.runCommandLocal "etc" {
    # This is needed for the systemd module
    passthru.targets = map (x: x.target) etc';
  } /* sh */ ''
    set -euo pipefail

    makeEtcEntry() {
      src="$1"
      target="$2"
      mode="$3"
      user="$4"
      group="$5"

      if [[ "$src" = *'*'* ]]; then
        # If the source name contains '*', perform globbing.
        mkdir -p "$out/etc/$target"
        for fn in $src; do
            ln -s "$fn" "$out/etc/$target/"
        done
      else

        mkdir -p "$out/etc/$(dirname "$target")"
        if ! [ -e "$out/etc/$target" ]; then
          ln -s "$src" "$out/etc/$target"
        else
          echo "duplicate entry $target -> $src"
          if [ "$(readlink "$out/etc/$target")" != "$src" ]; then
            echo "mismatched duplicate entry $(readlink "$out/etc/$target") <-> $src"
            ret=1

            continue
          fi
        fi

        if [ "$mode" != symlink ]; then
          echo "$mode" > "$out/etc/$target.mode"
          echo "$user" > "$out/etc/$target.uid"
          echo "$group" > "$out/etc/$target.gid"
        fi
      fi
    }

    mkdir -p "$out/etc"
    ${concatMapStringsSep "\n" (etcEntry: escapeShellArgs [
      "makeEtcEntry"
      etcEntry.source
      etcEntry.target
      etcEntry.mode
      etcEntry.user
      etcEntry.group
    ]) etc'}
  '';

in

{

  ###### interface

  options = {

    environment.etc = mkOption {
      default = {};
      example = literalExample ''
        { example-configuration-file =
            { source = "/nix/store/.../etc/dir/file.conf.example";
              mode = "0440";
            };
          "default/useradd".text = "GROUP=100 ...";
        }
      '';
      description = ''
        Set of files that have to be linked in <filename>/etc</filename>.
      '';

      type = with types; attrsOf (submodule (
        { name, config, ... }:
        { options = {

            enable = mkOption {
              type = types.bool;
              default = true;
              description = ''
                Whether this /etc file should be generated.  This
                option allows specific /etc files to be disabled.
              '';
            };

            target = mkOption {
              type = types.str;
              description = ''
                Name of symlink (relative to
                <filename>/etc</filename>).  Defaults to the attribute
                name.
              '';
            };

            text = mkOption {
              default = null;
              type = types.nullOr types.lines;
              description = "Text of the file.";
            };

            source = mkOption {
              type = types.path;
              description = "Path of the source file.";
            };

            mode = mkOption {
              type = types.str;
              default = "symlink";
              example = "0600";
              description = ''
                If set to something else than <literal>symlink</literal>,
                the file is copied instead of symlinked, with the given
                file mode.
              '';
            };

            uid = mkOption {
              default = 0;
              type = types.int;
              description = ''
                UID of created file. Only takes effect when the file is
                copied (that is, the mode is not 'symlink').
                '';
            };

            gid = mkOption {
              default = 0;
              type = types.int;
              description = ''
                GID of created file. Only takes effect when the file is
                copied (that is, the mode is not 'symlink').
              '';
            };

            user = mkOption {
              default = "+${toString config.uid}";
              type = types.str;
              description = ''
                User name of created file.
                Only takes effect when the file is copied (that is, the mode is not 'symlink').
                Changing this option takes precedence over <literal>uid</literal>.
              '';
            };

            group = mkOption {
              default = "+${toString config.gid}";
              type = types.str;
              description = ''
                Group name of created file.
                Only takes effect when the file is copied (that is, the mode is not 'symlink').
                Changing this option takes precedence over <literal>gid</literal>.
              '';
            };

          };

          config = {
            target = mkDefault name;
            source = mkIf (config.text != null) (
              let name' = "etc-" + baseNameOf name;
              in mkDefault (pkgs.writeText name' config.text));
          };

        }));

    };

  };


  ###### implementation

  config = {

    system.build.etc = etc;

    system.activationScripts.etc = stringAfter [ "users" "groups" ]
      ''
        # Set up the statically computed bits of /etc.
        echo "setting up /etc..."
        ${pkgs.perl.withPackages (p: [ p.FileSlurp ])}/bin/perl ${./setup-etc.pl} ${etc}/etc
      '';

  };

}
etc.nix: Fix style 2013-02-03 10:35:11 +01:00			`# Management of static files in /etc.`

Rewrite ‘with pkgs.lib’ -> ‘with lib’ Using pkgs.lib on the spine of module evaluation is problematic because the pkgs argument depends on the result of module evaluation. To prevent an infinite recursion, pkgs and some of the modules are evaluated twice, which is inefficient. Using ‘with lib’ prevents this problem. 2014-04-14 16:26:48 +02:00			`{ config, lib, pkgs, ... }:`
Some cleanups in the activation script: * Moved some scriptlets to the appropriate modules. * Put the scriptlet that sets the default path at the start, since it never makes sense not to have it there. It no longer needs to be declared as a dependency. * If a scriptlet has no dependencies, it can be denoted as a plain string (i.e., `noDepEntry' is not needed anymore). svn path=/nixos/trunk/; revision=23762 2010-09-13 17:41:38 +02:00
Rewrite ‘with pkgs.lib’ -> ‘with lib’ Using pkgs.lib on the spine of module evaluation is problematic because the pkgs argument depends on the result of module evaluation. To prevent an infinite recursion, pkgs and some of the modules are evaluated twice, which is inefficient. Using ‘with lib’ prevents this problem. 2014-04-14 16:26:48 +02:00			`with lib;`
* Move some stuff out of boot-environment.nix. svn path=/nixos/trunk/; revision=7313 2006-12-11 16:32:10 +01:00
* etc/default.nix is now a configuration file. * the script used to build the etc directory in stored in config.system.build.etc. * The activation script is defined inside etc/Default.nix instead of system/activate-configuration.sh svn path=/nixos/branches/fix-style/; revision=13676 2009-01-02 17:06:52 +01:00			`let`

nixos/etc: make sure local "source" files are imported to the store The treatment of the "source" parameter changed with eb7120dc79966d5ed168321fd213de38de13a2b1, breaking stuff. Before that commit, the source parameter was converted to a string by implicit coercion, which would copy the file to the store and yield an string containing the store path. Now, by the virtue of escapeShellArg, toString is called explicitly on that path, which will yield an string containing the absolute path of the file. This commit restores the old behavior. 2021-09-02 15:43:57 +02:00			`# if the source is a local file, it should be imported to the store`
			`localToStore = mapAttrs (name: value: if name == "source" then "${value}" else value);`
			`etc' = map localToStore (filter (f: f.enable) (attrValues config.environment.etc));`
Turn environment.etc into an attribute set This provides a more convenient syntax and allows easier overriding. For example, environment.etc = singleton { target = "vconsole.conf"; source = vconsoleConf; }; can now be written as environment.etc."vconsole.conf".source = vconsoleConf; 2013-02-03 13:24:22 +01:00
nixos/etc: use runCommandLocal (#133037) Instead of setting preferLocalBuild & allowSubstitutes explicitly, use runCommandLocal which sets the same options. 2021-08-07 20:56:21 +02:00			`etc = pkgs.runCommandLocal "etc" {`
nixos/etc: Replace make-etc.sh with nix and bash The main goal of this commit is to replace the rather fragile passing of multiple arrays which could break in cases like #130935. While I could have just added proper shell escaping to the variables being passed, I opted for the more painful approach of replacing the fragile and somewhat strange construct with the 5 bash lists. While there are currently no more problems present with the current approach (at least none that I know of), the new approach seems more solid and might get around problems that could arise in the future stemming from either the multiple-lists situation or from the absence of proper shell quoting all over the script. 2021-07-22 17:38:31 +02:00			`# This is needed for the systemd module`
			`passthru.targets = map (x: x.target) etc';`
			`} /* sh */ ''`
			`set -euo pipefail`

			`makeEtcEntry() {`
			`src="$1"`
			`target="$2"`
			`mode="$3"`
			`user="$4"`
			`group="$5"`

			`if [[ "$src" = ''* ]]; then`
			`# If the source name contains '*', perform globbing.`
			`mkdir -p "$out/etc/$target"`
			`for fn in $src; do`
			`ln -s "$fn" "$out/etc/$target/"`
			`done`
			`else`

			`mkdir -p "$out/etc/$(dirname "$target")"`
			`if ! [ -e "$out/etc/$target" ]; then`
			`ln -s "$src" "$out/etc/$target"`
			`else`
			`echo "duplicate entry $target -> $src"`
			`if [ "$(readlink "$out/etc/$target")" != "$src" ]; then`
			`echo "mismatched duplicate entry $(readlink "$out/etc/$target") <-> $src"`
			`ret=1`

			`continue`
			`fi`
			`fi`

			`if [ "$mode" != symlink ]; then`
			`echo "$mode" > "$out/etc/$target.mode"`
			`echo "$user" > "$out/etc/$target.uid"`
			`echo "$group" > "$out/etc/$target.gid"`
			`fi`
			`fi`
			`}`

			`mkdir -p "$out/etc"`
			`${concatMapStringsSep "\n" (etcEntry: escapeShellArgs [`
			`"makeEtcEntry"`
			`etcEntry.source`
			`etcEntry.target`
			`etcEntry.mode`
			`etcEntry.user`
			`etcEntry.group`
			`]) etc'}`
			`'';`
etc.nix: Fix style 2013-02-03 10:35:11 +01:00
			`in`

			`{`

			`###### interface`

			`options = {`

* Move the /etc generation to modules/system/etc. svn path=/nixos/branches/modular-nixos/; revision=15767 2009-05-28 15:17:56 +02:00			`environment.etc = mkOption {`
Turn environment.etc into an attribute set This provides a more convenient syntax and allows easier overriding. For example, environment.etc = singleton { target = "vconsole.conf"; source = vconsoleConf; }; can now be written as environment.etc."vconsole.conf".source = vconsoleConf; 2013-02-03 13:24:22 +01:00			`default = {};`
Clean up some option examples 2013-10-30 16:19:07 +01:00			`example = literalExample ''`
Update `etc` example to not use a real config file A user noticed the example for `hosts`, took the `mode` permissions literally, and ended up with surprising behavior on their system. Updating the documentation to not reference a real config file which might have real permissions requirements. 2016-04-27 17:27:52 +02:00			`{ example-configuration-file =`
Turn environment.etc into an attribute set This provides a more convenient syntax and allows easier overriding. For example, environment.etc = singleton { target = "vconsole.conf"; source = vconsoleConf; }; can now be written as environment.etc."vconsole.conf".source = vconsoleConf; 2013-02-03 13:24:22 +01:00			`{ source = "/nix/store/.../etc/dir/file.conf.example";`
			`mode = "0440";`
			`};`
			`"default/useradd".text = "GROUP=100 ...";`
Clean up some option examples 2013-10-30 16:19:07 +01:00			`}`
			`'';`
* Move the /etc generation to modules/system/etc. svn path=/nixos/branches/modular-nixos/; revision=15767 2009-05-28 15:17:56 +02:00			`description = ''`
Turn environment.etc into an attribute set This provides a more convenient syntax and allows easier overriding. For example, environment.etc = singleton { target = "vconsole.conf"; source = vconsoleConf; }; can now be written as environment.etc."vconsole.conf".source = vconsoleConf; 2013-02-03 13:24:22 +01:00			`Set of files that have to be linked in <filename>/etc</filename>.`
* Move the /etc generation to modules/system/etc. svn path=/nixos/branches/modular-nixos/; revision=15767 2009-05-28 15:17:56 +02:00			`'';`
Turn environment.etc into an attribute set This provides a more convenient syntax and allows easier overriding. For example, environment.etc = singleton { target = "vconsole.conf"; source = vconsoleConf; }; can now be written as environment.etc."vconsole.conf".source = vconsoleConf; 2013-02-03 13:24:22 +01:00
treewide: completely remove types.loaOf 2020-08-23 01:28:45 +02:00			`type = with types; attrsOf (submodule (`
etc module: optionSet -> submodule 2016-09-11 12:35:42 +02:00			`{ name, config, ... }:`
Turn environment.etc into an attribute set This provides a more convenient syntax and allows easier overriding. For example, environment.etc = singleton { target = "vconsole.conf"; source = vconsoleConf; }; can now be written as environment.etc."vconsole.conf".source = vconsoleConf; 2013-02-03 13:24:22 +01:00			`{ options = {`

Selectively allow /etc files to be disabled For instance, if you don't want NixOS to emit /etc/hosts, you can say: environment.etc.hosts.enable = false; 2013-02-03 14:19:05 +01:00			`enable = mkOption {`
			`type = types.bool;`
			`default = true;`
			`description = ''`
			`Whether this /etc file should be generated. This`
			`option allows specific /etc files to be disabled.`
			`'';`
			`};`

Turn environment.etc into an attribute set This provides a more convenient syntax and allows easier overriding. For example, environment.etc = singleton { target = "vconsole.conf"; source = vconsoleConf; }; can now be written as environment.etc."vconsole.conf".source = vconsoleConf; 2013-02-03 13:24:22 +01:00			`target = mkOption {`
Add lots of missing option types 2013-10-30 17:37:45 +01:00			`type = types.str;`
Turn environment.etc into an attribute set This provides a more convenient syntax and allows easier overriding. For example, environment.etc = singleton { target = "vconsole.conf"; source = vconsoleConf; }; can now be written as environment.etc."vconsole.conf".source = vconsoleConf; 2013-02-03 13:24:22 +01:00			`description = ''`
			`Name of symlink (relative to`
			`<filename>/etc</filename>). Defaults to the attribute`
			`name.`
			`'';`
			`};`

environment.etc: Add convenience option 'text' This allows writing environment.etc.hosts.text = "127.0.0.1 localhost"; instead of environment.etc.hosts.source = pkgs.writeText "hosts" "127.0.0.1 localhost"; 2013-02-03 14:12:49 +01:00			`text = mkOption {`
			`default = null;`
Add lots of missing option types 2013-10-30 17:37:45 +01:00			`type = types.nullOr types.lines;`
environment.etc: Add convenience option 'text' This allows writing environment.etc.hosts.text = "127.0.0.1 localhost"; instead of environment.etc.hosts.source = pkgs.writeText "hosts" "127.0.0.1 localhost"; 2013-02-03 14:12:49 +01:00			`description = "Text of the file.";`
			`};`

			`source = mkOption {`
Fix bogus mkOption types Among others, systemd unit options were not being type-checked because of this. mkOption should really check its arguments better... 2013-10-28 15:12:11 +01:00			`type = types.path;`
environment.etc: Add convenience option 'text' This allows writing environment.etc.hosts.text = "127.0.0.1 localhost"; instead of environment.etc.hosts.source = pkgs.writeText "hosts" "127.0.0.1 localhost"; 2013-02-03 14:12:49 +01:00			`description = "Path of the source file.";`
			`};`

Turn environment.etc into an attribute set This provides a more convenient syntax and allows easier overriding. For example, environment.etc = singleton { target = "vconsole.conf"; source = vconsoleConf; }; can now be written as environment.etc."vconsole.conf".source = vconsoleConf; 2013-02-03 13:24:22 +01:00			`mode = mkOption {`
Add lots of missing option types 2013-10-30 17:37:45 +01:00			`type = types.str;`
Turn environment.etc into an attribute set This provides a more convenient syntax and allows easier overriding. For example, environment.etc = singleton { target = "vconsole.conf"; source = vconsoleConf; }; can now be written as environment.etc."vconsole.conf".source = vconsoleConf; 2013-02-03 13:24:22 +01:00			`default = "symlink";`
			`example = "0600";`
			`description = ''`
			`If set to something else than <literal>symlink</literal>,`
			`the file is copied instead of symlinked, with the given`
			`file mode.`
			`'';`
			`};`

etc: uid/gid support for copied files Signed-off-by: Austin Seipp <aseipp@pobox.com> 2014-02-18 09:09:01 +01:00			`uid = mkOption {`
			`default = 0;`
			`type = types.int;`
			`description = ''`
environment.etc: fix typo 2020-03-09 12:01:19 +01:00			`UID of created file. Only takes effect when the file is`
etc: uid/gid support for copied files Signed-off-by: Austin Seipp <aseipp@pobox.com> 2014-02-18 09:09:01 +01:00			`copied (that is, the mode is not 'symlink').`
			`'';`
			`};`

			`gid = mkOption {`
			`default = 0;`
			`type = types.int;`
			`description = ''`
environment.etc: fix typo 2020-03-09 12:01:19 +01:00			`GID of created file. Only takes effect when the file is`
etc: uid/gid support for copied files Signed-off-by: Austin Seipp <aseipp@pobox.com> 2014-02-18 09:09:01 +01:00			`copied (that is, the mode is not 'symlink').`
			`'';`
			`};`

environment.etc: add user/group option fixes #27546 2017-07-21 16:41:19 +02:00			`user = mkOption {`
			`default = "+${toString config.uid}";`
			`type = types.str;`
			`description = ''`
			`User name of created file.`
environment.etc: fix typo 2020-03-09 12:01:19 +01:00			`Only takes effect when the file is copied (that is, the mode is not 'symlink').`
environment.etc: add user/group option fixes #27546 2017-07-21 16:41:19 +02:00			`Changing this option takes precedence over <literal>uid</literal>.`
			`'';`
			`};`

			`group = mkOption {`
			`default = "+${toString config.gid}";`
			`type = types.str;`
			`description = ''`
			`Group name of created file.`
environment.etc: fix typo 2020-03-09 12:01:19 +01:00			`Only takes effect when the file is copied (that is, the mode is not 'symlink').`
environment.etc: add user/group option fixes #27546 2017-07-21 16:41:19 +02:00			`Changing this option takes precedence over <literal>gid</literal>.`
			`'';`
			`};`

Turn environment.etc into an attribute set This provides a more convenient syntax and allows easier overriding. For example, environment.etc = singleton { target = "vconsole.conf"; source = vconsoleConf; }; can now be written as environment.etc."vconsole.conf".source = vconsoleConf; 2013-02-03 13:24:22 +01:00			`};`

			`config = {`
			`target = mkDefault name;`
etc: Use a friendlier name than "etc-file" 2015-12-30 15:13:43 +01:00			`source = mkIf (config.text != null) (`
			`let name' = "etc-" + baseNameOf name;`
			`in mkDefault (pkgs.writeText name' config.text));`
Turn environment.etc into an attribute set This provides a more convenient syntax and allows easier overriding. For example, environment.etc = singleton { target = "vconsole.conf"; source = vconsoleConf; }; can now be written as environment.etc."vconsole.conf".source = vconsoleConf; 2013-02-03 13:24:22 +01:00			`};`

etc module: optionSet -> submodule 2016-09-11 12:35:42 +02:00			`}));`
Turn environment.etc into an attribute set This provides a more convenient syntax and allows easier overriding. For example, environment.etc = singleton { target = "vconsole.conf"; source = vconsoleConf; }; can now be written as environment.etc."vconsole.conf".source = vconsoleConf; 2013-02-03 13:24:22 +01:00
* etc/default.nix is now a configuration file. * the script used to build the etc directory in stored in config.system.build.etc. * The activation script is defined inside etc/Default.nix instead of system/activate-configuration.sh svn path=/nixos/branches/fix-style/; revision=13676 2009-01-02 17:06:52 +01:00			`};`
etc.nix: Fix style 2013-02-03 10:35:11 +01:00
* etc/default.nix is now a configuration file. * the script used to build the etc directory in stored in config.system.build.etc. * The activation script is defined inside etc/Default.nix instead of system/activate-configuration.sh svn path=/nixos/branches/fix-style/; revision=13676 2009-01-02 17:06:52 +01:00			`};`


etc.nix: Fix style 2013-02-03 10:35:11 +01:00			`###### implementation`
* make-etc.sh: fixed the duplicate entry check. * Inlined make-etc.nix since it's a trivial function. svn path=/nixos/trunk/; revision=16728 2009-08-16 15:14:33 +02:00
etc.nix: Fix style 2013-02-03 10:35:11 +01:00			`config = {`
* make-etc.sh: fixed the duplicate entry check. * Inlined make-etc.nix since it's a trivial function. svn path=/nixos/trunk/; revision=16728 2009-08-16 15:14:33 +02:00
etc.nix: Fix style 2013-02-03 10:35:11 +01:00			`system.build.etc = etc;`
* Some more trivial builders with lots of dependencies that should be built locally. svn path=/nixos/trunk/; revision=34034 2012-05-09 23:35:47 +02:00
environment.etc: add user/group option fixes #27546 2017-07-21 16:41:19 +02:00			`system.activationScripts.etc = stringAfter [ "users" "groups" ]`
etc.nix: Fix style 2013-02-03 10:35:11 +01:00			`''`
			`# Set up the statically computed bits of /etc.`
			`echo "setting up /etc..."`
treewide: use perl.withPackages when possible Since 03eaa48 added perl.withPackages, there is a canonical way to create a perl interpreter from a list of libraries, for use in script shebangs or generic build inputs. This method is declarative (what we are doing is clear), produces short shebangs[1] and needs not to wrap existing scripts. Unfortunately there are a few exceptions that I've found: 1. Scripts that are calling perl with the -T switch. This makes perl ignore PERL5LIB, which is what perl.withPackages is using to inform the interpreter of the library paths. 2. Perl packages that depends on libraries in their own path. This is not possible because perl.withPackages works at build time. The workaround is to add `-I $out/${perl.libPrefix}` to the shebang. In all other cases I propose to switch to perl.withPackages. [1]: https://lwn.net/Articles/779997/ 2021-02-24 20:53:45 +01:00			`${pkgs.perl.withPackages (p: [ p.FileSlurp ])}/bin/perl ${./setup-etc.pl} ${etc}/etc`
etc.nix: Fix style 2013-02-03 10:35:11 +01:00			`'';`
* etc/default.nix is now a configuration file. * the script used to build the etc directory in stored in config.system.build.etc. * The activation script is defined inside etc/Default.nix instead of system/activate-configuration.sh svn path=/nixos/branches/fix-style/; revision=13676 2009-01-02 17:06:52 +01:00
etc.nix: Fix style 2013-02-03 10:35:11 +01:00			`};`
* Back out r17946 and 17948 because it doesn't work. I've seen it fail to update /etc twice now. It's also unnecessarily complex IMHO (see nix-dev). svn path=/nixos/trunk/; revision=18045 2009-10-30 09:37:08 +01:00
* PAM file for chsh. svn path=/nixos/trunk/; revision=8057 2007-02-26 22:18:13 +01:00			`}`