Commit graph

1453 commits

Author SHA1 Message Date
Jörg Thalheim
4dba1b99ec
Merge pull request #131102 from helsinki-systems/feat/rework-etc-2
nixos/etc: Replace make-etc.sh with nix and bash
2021-07-31 03:57:59 +01:00
Janne Heß
eb7120dc79
nixos/etc: Replace make-etc.sh with nix and bash
The main goal of this commit is to replace the rather fragile passing of
multiple arrays which could break in cases like #130935.
While I could have just added proper shell escaping to the variables
being passed, I opted for the more painful approach of replacing the
fragile and somewhat strange construct with the 5 bash lists. While
there are currently no more problems present with the current approach
(at least none that I know of), the new approach seems more solid and
might get around problems that could arise in the future stemming from
either the multiple-lists situation or from the absence of proper shell
quoting all over the script.
2021-07-30 21:33:13 +02:00
Florian Klink
7293489288 nixos/systemd: provision a systemd-coredump user
systemd-coredump tries to drop privileges to a systemd-coredump user if
present (and falls back to the root user if it's not available).

Create that user, and recycle uid 151 for it. We don't really care about
the gid.

Fixes https://github.com/NixOS/nixpkgs/issues/120803.
2021-07-29 15:00:24 +02:00
SrTobi
eff8d3bdb1 nixos/grub: implements GRUB_SAVEDEFAULT feature
Grub will remember the configuration that was booted and
select it as default menu entry the next time (#108206).
2021-07-28 18:57:08 +02:00
Ben Siraphob
b63a54f81c
Merge pull request #110742 from siraben/deprecate-fold 2021-07-27 15:13:31 +07:00
Dino A. Dai Zovi
30b97d7cca
nixos/stage1: copy initrd secrets into place after special mounts
This modifies initialRamdiskSecretAppender to stage secrets in
/.initrd-secrets/ and stage-1-init to copy them into place after mounting
special file systems. This allows secrets to be copied into ramfs mounts
like /run/keys for use after stage-1 finishes without copying them to disk
(which would not be very secure).
2021-07-18 18:27:21 +00:00
Jörg Thalheim
ad59e62780 nixos/journald: don't set nogroup 2021-07-18 08:46:54 +02:00
Florian Klink
c1536f5c78 nixos/systemd: fix NSS database ordering
- The order of NSS (host) modules has been brought in line with upstream
  recommendations:

  - The `myhostname` module is placed before the `resolve` (optional) and `dns`
    entries, but after `file` (to allow overriding via `/etc/hosts` /
    `networking.extraHosts`, and prevent ISPs with catchall-DNS resolvers from
    hijacking `.localhost` domains)
  - The `mymachines` module, which provides hostname resolution for local
    containers (registered with `systemd-machined`) is placed to the front, to
    make sure its mappings are preferred over other resolvers.
  - If systemd-networkd is enabled, the `resolve` module is placed before
    `files` and `myhostname`, as it provides the same logic internally, with
    caching.
  - The `mdns(_minimal)` module has been updated to the new priorities.

  If you use your own NSS host modules, make sure to update your priorities
  according to these rules:

  - NSS modules which should be queried before `resolved` DNS resolution should
    use mkBefore.
  - NSS modules which should be queried after `resolved`, `files` and
    `myhostname`, but before `dns` should use the default priority
  - NSS modules which should come after `dns` should use mkAfter.
2021-07-17 23:55:35 +02:00
Kreyren
ca3b4ce3d2
systemd.tmpfiles.rules: Fix false info
As per https://www.freedesktop.org/software/systemd/man/tmpfiles.d.html the current description is missleading as it fails to mention volatile files and creation with deletion
2021-07-08 15:36:30 +02:00
Kazutoshi Noguchi
bf22778585 nixos/binfmt: run binfmt activation script after mounting /run
binfmt activation script creates /run/binfmt before mounting /run
when system activation.

To fix it I added dependency to specialfs to binfmt activation
script.
2021-07-06 17:18:33 +09:00
Markus S. Wamser
8e48b24d76 modules/luksroot: add note about AE to allowDiscards 2021-07-01 23:37:07 +02:00
Jörg Thalheim
f75e2a648c
Merge pull request #128023 from max-privatevoid/patch-1
nixos/systemd-boot: Use os.path.realpath to fully resolve symlinks
2021-07-01 07:17:50 +01:00
Max
2cf6f9e5bd
nixos/systemd-boot: Use os.path.realpath to fully resolve symlinks
os.readlink only resolves one layer of symlinks. This script explicitly relies on the real path of a file for deduplication, hence symlink resolution should recurse.
2021-06-24 17:52:03 +02:00
Dominik Xaver Hörl
436f61c878 nixos/boot: properly override the kernel in boot.kernelPatches
Previously the code took the kernelPatches of the final derivation, which
might or might not be what was passed to the derivation in the original call.
The previous behaviour caused various hacks to become neccessary to avoid duplicates in kernelPatches.
2021-05-31 12:10:19 +02:00
Naïm Favier
a6788be01a
nixos/luksroot: add bypassWorkqueues (#118114)
https://wiki.archlinux.org/index.php/Dm-crypt/Specialties#Disable_workqueue_for_increased_solid_state_drive_(SSD)_performance
2021-05-26 09:43:38 -04:00
Vincent Haupert
faeb9e3233
nixos/networkd: add missing [DHCPServer] options
`systemd.network.networks.*.dhcpServerConfig` did not accept all of
the options which are valid for networkd's [DHCPServer] section. See
systemd.network(5) of systemd 247 for details.
2021-05-17 18:30:37 +02:00
hyperfekt
3e3e763a07 nixos/systemd: enable systemd-pstore.service
As described in issue #81138, the Install section of upstream units is
currently ignored, so we make it part of the sysinit.target manually.
2021-05-09 23:21:51 +02:00
Silvan Mosberger
08d94fd2b0
Merge pull request #114374 from oxalica/lib/platform-support-check
lib.meta: introduce `availableOn` to check package availability on given platform
2021-05-08 03:54:36 +02:00
Luke Granger-Brown
2136e90fa3
Merge pull request #114637 from KaiHa/pr/fix-systemd-boot-builder
systemd-boot-builder.py: ignore profile names with invalid chars
2021-04-25 11:35:00 +01:00
Konrad Borowski
66b2aaf2eb Revert "nixos/systemd: provide libidn2 for systemd-resolved"
This patch is no longer necessary with systemd v247.3.

This reverts commit c674a51382.
2021-04-12 18:37:18 +02:00
github-actions[bot]
85b57e4446
Merge master into staging-next 2021-04-08 18:14:17 +00:00
ajs124
c6d4dae35d treewide: fix eval without aliases after 9378fdf87e 2021-04-08 13:33:09 +02:00
Jan Tojnar
c04a14edd6 Merge branch 'master' into staging-next 2021-04-06 16:01:14 +02:00
Gabriel Ebner
c709fd42d9 nixos/systemd: increase default numeric PID range 2021-04-03 10:11:52 +02:00
oxalica
354d262db8
lib.meta: introduce availableOn 2021-04-02 19:20:23 +08:00
rnhmjoj
61b7cab481
treewide: use perl.withPackages when possible
Since 03eaa48 added perl.withPackages, there is a canonical way to
create a perl interpreter from a list of libraries, for use in script
shebangs or generic build inputs. This method is declarative (what we
are doing is clear), produces short shebangs[1] and needs not to wrap
existing scripts.

Unfortunately there are a few exceptions that I've found:

  1. Scripts that are calling perl with the -T switch. This makes perl
  ignore PERL5LIB, which is what perl.withPackages is using to inform
  the interpreter of the library paths.

  2. Perl packages that depends on libraries in their own path. This
  is not possible because perl.withPackages works at build time. The
  workaround is to add `-I $out/${perl.libPrefix}` to the shebang.

In all other cases I propose to switch to perl.withPackages.

[1]: https://lwn.net/Articles/779997/
2021-03-31 21:35:37 +02:00
github-actions[bot]
b9456ca263
Merge master into staging-next 2021-03-28 18:14:11 +00:00
Linus Heckemann
4aacd02d33
Merge pull request #115792 from ncfavier/patch-2
nixos/stage-1: make cpio quiet
2021-03-28 14:38:46 +02:00
Jean-Baptiste Giraudeau
1665c5290c
nixos/systemd: add namespaced (templated) journald sockets and service 2021-03-24 16:57:33 +01:00
github-actions[bot]
39e3812215
Merge master into staging-next 2021-03-23 06:18:02 +00:00
Peter Hoeg
6b815bbb99 nixos/systemd: missing a few units for KDE to use systemd 2021-03-23 09:44:34 +08:00
github-actions[bot]
11ee0bf5d7
Merge master into staging-next 2021-03-23 00:40:24 +00:00
Sander van der Burg
8fc9423565
Merge pull request #116455 from svanderburg/systemdunitpath
systemd: allow custom unit folders to be configured with SYSTEMD_UNIT…
2021-03-22 22:58:49 +01:00
Sander van der Burg
5c8ed06fc9 systemd: allow custom unit folders to be configured with SYSTEMD_UNIT_PATH 2021-03-22 20:41:12 +01:00
github-actions[bot]
933682b533
Merge master into staging-next 2021-03-20 18:19:30 +00:00
Jörg Thalheim
1fc14408ae
Merge pull request #108952 from Mic92/systemd-builder
nixos/systemd-boot: add typechecking
2021-03-20 16:05:27 +00:00
github-actions[bot]
29278dcf45
Merge staging-next into staging 2021-03-19 12:26:59 +00:00
Alexander Foremny
297b1ba320 Revert "nixos/systemd: Handle template overrides"
This reverts commit e3b90b6ccc.

This commit broke container tests and thus blocked channels from
advancing.
2021-03-19 09:05:33 +01:00
github-actions[bot]
8c03075f07
Merge staging-next into staging 2021-03-19 00:41:08 +00:00
Florian Klink
68d6ffc8d5
Merge pull request #115549 from adrianparvino/new-nixos-unstable
systemd: Handle template overrides
2021-03-16 23:05:11 +01:00
Adrian Parvin D. Ouano
e3b90b6ccc nixos/systemd: Handle template overrides
Adding template overrides allows for custom behavior for specific
instances of a template. Previously, it was not possible to provide
bind mounts for systemd-nspawn. This change allows it.
2021-03-11 10:21:14 +08:00
Naïm Favier
d4d5fc6bd7
nixos/stage-1: make cpio quiet 2021-03-10 17:46:53 +01:00
Florian Klink
7db55b3aa5
Merge pull request #115584 from grahamc/systemd-modprobe-service
systemd: add the modprobe service
2021-03-09 22:12:25 +01:00
Graham Christensen
0b52c40240
nixos/systemd: bring in modprobe@.service
It is broken: it looks for /sbin/modprobe, but it works anyway??
2021-03-09 12:38:54 -05:00
Linus Heckemann
c762b1eaab
Merge pull request #90065 from wizeman/u/fix-config-merge
linux: make sure all config options have the same value
2021-03-08 21:34:59 +01:00
Ricardo M. Correia
6feb61233b linux: make sure all config options have the same value
Currently, kernel config options whose value is "yes" always override
options whose value is "no".

This is not always desired.

Generally speaking, if someone defines an option to have the value
"no", presumably they are disabling the option for a reason, so it's
not always OK to silently enable it due to another, probably unrelated
reason.

For example, a user may want to reduce the kernel attack surface and
therefore may want to disable features that are being enabled in
common-config.nix.

In fact, common-config.nix was already silently enabling options that
were intended to be disabled in hardened/config.nix for security
reasons, such as INET_DIAG.

By eliminating the custom merge function, these config options will
now use the default module option merge functions which make sure
that all options with the highest priority have the same value.

A user that wishes to override an option defined in common-config.nix
can currently use mkForce or mkOverride to do so, e.g.:

BINFMT_MISC = mkForce (option no);

That said, this is not going to be necessary in the future, because
the plan is for kernel config options defined in nixpkgs to use a
lower priority by default, like it currently happens for other module
options.
2021-03-07 18:27:14 +01:00
WORLDofPEACE
583f1a96b1
Merge pull request #114000 from worldofpeace/plymouth-bgrt
nixos/plymouth: use bgrt theme
2021-03-04 18:32:30 -05:00
Kai Harries
e2be5dc1f4 systemd-boot-builder: gracefully ignore errors during entry creation
Catch and ignore errors during writing of the boot entries.  These
errors could stem from profile names that are not valid filenames on
vfat filesystems.

fixes #114552
2021-03-02 20:17:57 +01:00
Linus Heckemann
08fc5e317c
Merge pull request #111802 from twhitehead/init-symlinks
nixos/stage1: chroot stage 2 init exists check so symlink resolve
2021-03-02 13:32:26 +01:00
Florian Klink
aed9171b1a
Merge pull request #111342 from veehaitch/systemd-networkd-options
nixos/networkd: add missing IPv6 options
2021-02-27 00:16:20 +01:00
WORLDofPEACE
9e84dc00b0 nixos/plymouth: use white nixos logo
This looks cohesive with the spinner in the bgrt theme.
2021-02-25 16:46:03 -05:00
WORLDofPEACE
6bd4f9a3c5 nixos/plymouth: use bgrt theme
The BGRT theme is probably a close as to "FlickerFree" we can
get without https://github.com/NixOS/nixpkgs/pull/74842.
It's more agnostic than the Breeze theme.

We also install all of themes provided by the packages, as it's possible
that one theme needs the ImageDir of another, and they're small files
anyways.

Lastly, how plymouth handles logo and header files is
a total mess, so hopefully when they have an actual release
we won't need to do all this symlinking.
2021-02-25 16:46:03 -05:00
WORLDofPEACE
726dd9804e nixos/plymouth: exit on missing theme
Much better to provide a helpful message than to
get an obscure sed message.
2021-02-25 16:46:03 -05:00
Tyson Whitehead
aed7c9a22a
stage-1: accept init symlinks at any level 2021-02-25 15:58:18 -05:00
Edmund Wu
f4208fe9f9 nixos/plymouth: use upstream defaults
https://gitlab.freedesktop.org/plymouth/plymouth/-/issues/101
75204a2517/src/plymouthd.defaults
2021-02-25 15:18:49 -05:00
WORLDofPEACE
0c3514f782
Merge pull request #99011 from andersk/plymouth-label
nixos/plymouth: Add label plugin and a font to the initrd
2021-02-21 15:44:54 -05:00
Anders Kaseorg
9d21f1dfab nixos/plymouth: Add label plugin and a font to the initrd
This allows Plymouth to show the “NixOS 21.03” label under the logo at
startup like it already does at shutdown.

Fixes #59992.

Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2021-02-21 10:27:15 -08:00
Michele Guerini Rocco
19d715c573
Merge pull request #107382 from rnhmjoj/no-udev-settle
nixos/{networkd,dhcpcd}: remove udev-settle hack
2021-02-20 20:49:19 +01:00
Florian Klink
68496cb927
Merge pull request #113570 from xaverdh/remove-systemConfig
Remove system config kernel parameter
2021-02-19 20:43:07 +01:00
Guillaume Girol
56923181e9
Merge pull request #107402 from ctem/fix/luksroot-master
boot.initrd.luks: add reusePassphrases support for YubiKey 2FA
2021-02-19 15:42:45 +00:00
Sandro Jäckel
c75d7d2f8c
nixos/grub: fix editor check 2021-02-18 22:25:57 +01:00
rnhmjoj
65325292da
nixos/stage-1: install networkd link files
Renaming an interface must be done in stage-1: otherwise udev will
report the interface as ready and network daemons (networkd, dhcpcd,
etc.) will bring it up. Once up the interface can't be changed and the
renaming will fail.

Note: link files are read directly by udev, so they can be used even
without networkd enabled.
2021-02-18 22:07:00 +01:00
rnhmjoj
15d6eacb15
nixos/{networkd,dhcpcd}: remove udev-settle hack
systemd-udev-settle is a terrible hack[1] and should never[2] ever[3]
used, seriously it's very bad. It was used as a stop-gap solution for
issue #39069, but thanks to PR #79532 it can be removed now.

[1]: https://github.com/systemd/systemd/issues/7293#issuecomment-592941764
[2]: https://github.com/NixOS/nixpkgs/issues/73095
[3]: https://github.com/NixOS/nixpkgs/issues/107341
2021-02-18 22:07:00 +01:00
Dominik Xaver Hörl
0e8d7f9b3d nixos/install-grub: normalize whitespace 2021-02-18 20:51:34 +01:00
Dominik Xaver Hörl
61d746a7d3 nixos: don't set systemConfig for stage-2
Since c4f910f550, this is no longer
needed, because stage-2 is already generated with the path hard wired anyway.
2021-02-18 12:48:08 +01:00
Arian van Putten
5276ebb5ee nixos: Get rid of systemConfig kernel parameter
It was introduced in c10fe14 but removed in c4f910f.

It remained such that people with older generations in their boot
entries could still boot those. Given that the parameter hasn't had any
use in quite some years, it seems safe to remove now.

Fixes #60184
2021-02-18 12:48:08 +01:00
Jan Beinke
97718a3584
nixos/systemd-lib: allow mkIf in unitOption
`unitOption` is only used inside of `attrsOf` wich is perfectly capable of
handling the attrsets from `mkIf`, though the checkUnitConfig test
forbids it. This commit weakens that restriction to allow the usage of
`mkIf` inside of `systemd.services.<name>.serviceConfig.<something>`
etc.
2021-02-11 22:18:21 +01:00
Ctem
1c9b2f18ce
boot.initrd.luks: fix case Yubikey -> YubiKey 2021-02-08 04:01:47 +09:00
Ctem
9e8781328e
boot.initrd.luks: add reusePassphrases support for YubiKey 2FA 2021-02-08 03:55:17 +09:00
Michele Guerini Rocco
237d5fa67a
Merge pull request #111452 from urbas/linuxPackages_rpi3-missing-ahci-module
system/boot: add includeDefaultModules option
2021-02-07 12:33:51 +01:00
Matej Urbas
2c769d7a6a system/boot: add includeDefaultModules option 2021-02-07 11:14:36 +00:00
Ben Wolsieffer
f413b2bc51 Revert "nixos/kernel.nix: ensure same kernel is used"
This reverts commit 78f915a002.
2021-02-03 20:31:22 -05:00
Dmitry Kalinkin
8468a9878c
Merge pull request #87856 from eadwu/kernel/same-kernel
nixos/kernel.nix: ensure same kernel is used
2021-01-30 22:13:02 -05:00
Vincent Haupert
e6660ffe7f
nixos/networkd: rename ipv6PrefixDelegationConfig option to ipv6SendRAConfig
networkd's [IPv6PrefixDelegation] section and IPv6PrefixDelegation=
options have been renamed as [IPv6SendRA] and IPv6SendRA= in systemd
247.

Throws if the deprecated option ipv6PrefixDelegationConfig is used.
2021-01-30 14:54:11 +01:00
Vincent Haupert
735111487b
nixos/networkd: add ipv6AcceptRAConfig option
Adds `systemd.network.networks.*.ipv6AcceptRAConfig` for networkd's
[IPv6AcceptRA] section.
2021-01-30 14:06:44 +01:00
Vincent Haupert
38f19af769
nixos/networkd: add dhcpV6PrefixDelegationConfig option
networkd gained a new section [DHCPv6PrefixDelegation] which
controls delegated prefixes assigned by DHCPv6 client. Added in systemd
246.
2021-01-30 14:06:27 +01:00
Vincent Haupert
53033aaf5a
nixos/networkd: add missing dhcpV6Config options 2021-01-30 12:50:22 +01:00
Matthew Bauer
6307346fd9
Merge pull request #98858 from sorki/cross/rpifw
raspberrypi-builder: allow passing firmware package as argument
2021-01-29 10:21:32 -06:00
Anderson Torres
79256619ce
Merge pull request #108294 from GovanifY/silent-boot
boot.initrd: add verbose option
2021-01-29 11:56:20 -03:00
Ben Siraphob
1c2a2b0a08 treewide: fold -> foldr 2021-01-26 10:57:07 +07:00
John Ericson
e34a53c4ea
Merge pull request #110803 from Ericson2314/fix-nixos-misc-linux-config
nixos treewide: Fix references to linux-kernel.target
2021-01-25 13:39:20 -05:00
John Ericson
63b02e55db nixos treewide: Fix references to linux-kernel.target
Thanks @ajs124 in
https://github.com/NixOS/nixpkgs/pull/110544#discussion_r563828722 for
catching this. According to:

    git grep 'inherit.*Platform.*platform'
    git grep ' linux-kernel'

We now don't have any remaining problems of this sort, thankfully.
2021-01-25 13:06:12 -05:00
Matthew Bauer
e8338c9c1d
Merge pull request #110739 from matthewbauer/fix-binfmt-nix-sandbox
nixos/binfmt: add bash to sandboxPaths
2021-01-25 11:53:27 -06:00
Matthew Bauer
35bd8f1153 nixos/binfmt: add bash to sandboxPaths
bash is needed to run the new binfmt shell script.

Fixes #110540
2021-01-24 22:47:59 -06:00
volth
bc0d605cf1 treewide: fix double quoted strings in meta.description
Signed-off-by: Ben Siraphob <bensiraphob@gmail.com>
2021-01-24 19:56:59 +07:00
Gauvain 'GovanifY' Roussel-Tarbouriech
bc1b5fdfe0
boot.initrd: add verbose option 2021-01-24 07:16:21 +01:00
John Ericson
12881a7aa7
Merge pull request #110544 from Ericson2314/no-platform
top-level, lib: Remove platform attribute of platforms
2021-01-23 16:32:36 -05:00
Jörg Thalheim
17da58acca
Merge pull request #108242 from GovanifY/grub-additional
boot.loader.grub: add extraInstallCommands option
2021-01-23 16:18:22 +00:00
John Ericson
9c213398b3 lib: Clean up how linux and gcc config is specified
Second attempt of 8929989614589ee3acd070a6409b2b9700c92d65; see that
commit for details.

This reverts commit 0bc275e634.
2021-01-23 10:01:28 -05:00
Jonathan Ringer
0bc275e634
Revert "lib: Clean up how linux and gcc config is specified"
This is a stdenv-rebuild, and should not be merged
into master

This reverts commit 8929989614.
2021-01-22 14:07:06 -08:00
John Ericson
d95aebbe0e
Merge pull request #107214 from Ericson2314/linux-config-cleanup
lib: Clean up how linux and gcc config is specified
2021-01-22 15:15:58 -05:00
Robert Hensing
bbaff89ceb
Merge pull request #109976 from hercules-ci/systemd-allow-preStart-with-ExecStartPre
nixos/systemd: allow preStart with other ExecStartPre cmdlines
2021-01-22 10:18:11 +01:00
John Ericson
8929989614 lib: Clean up how linux and gcc config is specified
The `platform` field is pointless nesting: it's just stuff that happens
to be defined together, and that should be an implementation detail.

This instead makes `linux-kernel` and `gcc` top level fields in platform
configs. They join `rustc` there [all are optional], which was put there
and not in `platform` in anticipation of a change like this.

`linux-kernel.arch` in particular also becomes `linuxArch`, to match the
other `*Arch`es.

The next step after is this to combine the *specific* machines from
`lib.systems.platforms` with `lib.systems.examples`, keeping just the
"multiplatform" ones for defaulting.
2021-01-21 22:44:09 -05:00
Matthew Bauer
da9fc7b068
Merge pull request #108072 from matthewbauer/fix-binfmt-activation
nixos/binfmt.nix: fix running commands in binfmt
2021-01-20 16:31:53 -06:00
Scriptkiddi
1572940688
networking, chrony, ntpd, timesyncd: add timeServers option type 2021-01-20 10:54:24 +01:00
Robert Hensing
3936d85ec3 nixos/systemd: allow preStart with other ExecStartPre cmdlines
Declaring them as lists enables the concatenation, supporting
lib.mkBefore, lib.mkOrder, etc.

This is useful when you need to extend a service with a pre-start
script that needs to run as root.
2021-01-19 16:29:29 +01:00
github-actions[bot]
9f69dadafd
Merge master into staging-next 2021-01-15 01:16:33 +00:00
Andreas Rammhold
3be09b94fb
Merge pull request #108860 from endocrimes/dani/fix-tmp
modules/boot: Specify the type for tmpfs mounts
2021-01-15 00:31:14 +01:00
Vladimír Čunát
9e2880e5fa
nixos ISO image: revert another part of 8ca33835ba 2021-01-13 15:25:19 +01:00
Vladimír Čunát
8ca33835ba
nixos: fixup build of aarch64 minimal ISO (fixes #109252)
Perhaps it's not pretty nor precise; feel free to improve.
2021-01-13 14:05:45 +01:00
Edmund Wu
78f915a002
nixos/kernel.nix: ensure same kernel is used
Originally, changes to the kernel don't propagate to the other
derivation within the same package set. This commit allows for the
changes in the kernel to be propagated.

A distinct example is setting `boot.kernel.randstructSeed` to a non-zero
length string which would result in building 2 kernels, one with the
correct seed and the other with the zero length seed. Then, when using
an out-of-tree kernel driver, it would be built with the zero length
seed which differs from the non-zero length seed used to boot,
contradicting the purpose of the `boot.kernel.randstructSeed`.
2021-01-11 12:57:34 -05:00
Jan Tojnar
2b9372b2ca
Merge branch 'master' into staging-next 2021-01-11 13:36:42 +01:00
Eelco Dolstra
187af93c19
Merge pull request #78430 from puckipedia/fix-initrd-silent
nixos/stage-1: Do not allow missing kernel modules in initrd
2021-01-11 13:18:45 +01:00
Jan Tojnar
88c998fb21
Merge branch 'staging-next' into staging 2021-01-10 23:24:57 +01:00
Jan Tojnar
dd72357155
Merge branch 'master' into staging-next 2021-01-10 23:24:33 +01:00
Jörg Thalheim
ceda1a5eee
nixos/systemd-boot: add typechecking 2021-01-10 21:13:59 +01:00
Dominik Xaver Hörl
25bef2d8f9 treewide: simplify pkgs.stdenv.lib -> pkgs.lib
The library does not depend on stdenv, that `stdenv` exposes `lib` is
an artifact of the ancient origins of nixpkgs.
2021-01-10 20:12:06 +01:00
Frederik Rietdijk
b209617ff0 plasma5Packages: alias to the libsForQt5 used to build the plasma5 desktop
For in NixOS it is beneficial if both plasma5 and pam use the same Qt5
version. Because the plasma5 desktop may use a different version as the
default Qt5 version, we introduce plasma5Packages.
2021-01-10 15:59:45 +01:00
Danielle Lancashire
ca7b35d2d9
modules/boot: Specify the type for tmpfs mounts
https://github.com/NixOS/nixpkgs/pull/107497 broke booting on many systems that
use tmpOnTmpfs due to the lack of specifying the mount type.

This commit explicitly adds the mount type, which should fix booting
such systems.

The original change may want to be revisited however too.
2021-01-09 15:32:17 +01:00
github-actions[bot]
e251591528
Merge master into staging-next 2021-01-09 01:00:25 +00:00
Florian Klink
964c419bc0
Merge pull request #107497 from helsinki-systems/fix/tmp-mount
nixos/tmp: Make /tmp on ramdisk usable again
2021-01-08 23:54:46 +01:00
Gauvain 'GovanifY' Roussel-Tarbouriech
771ba47d56
boot.loader.grub: add extraInstallCommands option 2021-01-03 09:31:51 +01:00
Matthew Bauer
08135a3caa nixos/binfmt.nix: fix running commands in binfmt
To allow arguments in binfmt, we need to put the command in a shell
script. This uses exec to run the binfmt interpreter.

Fixes #90683
2020-12-31 13:28:01 -06:00
Blaž Hrastnik
a6b5693a71 nixos/stage-1: set zstd as the default compressor when supported
Co-authored-by: Atemu <atemu.main@gmail.com>
2020-12-28 14:25:17 +01:00
Janne Heß
56d7e7492c
nixos/tmp: Make /tmp on ramdisk usable again
@poettering decided we only need a limited number of inodes in our /tmp,
so why not limit that for every systemd user? That makes medium-sized nix
builds impossible so this commit restores the old behaviour which is the
kernel default of half the number of physical RAM pages which does not
seem too unreasonable to me.
2020-12-26 13:13:41 +01:00
Florian Klink
c674a51382 nixos/systemd: provide libidn2 for systemd-resolved
systemd started using dlopen() for some of their "optional"
dependencies.

Apparently, `libidn2` isn't so optional, and systemd-resolved doesn't
work without libidn2 present, breaking DNS resolution.

Fixes https://github.com/NixOS/nixpkgs/issues/107537

Upstream bug: https://github.com/systemd/systemd/issues/18078
2020-12-25 13:45:25 +01:00
Linus Heckemann
834cc5d5fa nixos/initrd: docbookise "compressor" description 2020-12-17 23:01:08 +01:00
Dominik Xaver Hörl
d4ef25db5d nixos/initrd: add compressorArgs, make compressor option public 2020-12-17 11:38:10 +01:00
Linus Heckemann
c14f14eeaf
Merge pull request #97505 from mayflower/grub-efi-mirroredboot
nixos/grub: allow multiple "nodev" devices for mirroredBoots
2020-12-04 18:37:50 +01:00
Frederik Rietdijk
0d8491cb2b Merge master into staging-next 2020-11-29 13:51:10 +01:00
Sarah Brofeldt
a7a5f7904c
Merge pull request #99173 from johanot/fix-initrd-ssh-commands-test
nixos/initrd-ssh: set more defensive pemissions on sshd test key
2020-11-29 11:27:03 +01:00
Frederik Rietdijk
b2a3891e12 Merge master into staging-next 2020-11-27 15:09:19 +01:00
Florian Klink
5b3a952e04
Merge pull request #102938 from cruegge/dev-symlinks
nixos/stage-1: create /dev/std{in,out,err} symlinks
2020-11-25 01:57:21 +01:00
Graham Christensen
bc49a0815a
utillinux: rename to util-linux 2020-11-24 12:42:06 -05:00
Florian Klink
d22b3ed4bc systemd: switch to unified cgroup hierarchy by default
See https://www.redhat.com/sysadmin/fedora-31-control-group-v2 for
details on why this is desirable, and how it impacts containers.

Users that need to keep using the old cgroup hierarchy can re-enable it
by setting `systemd.unifiedCgroupHierarchy` to `false`.

Well-known candidates not supporting that hierarchy, like docker and
hidepid=… will disable it automatically.

Fixes #73800
2020-11-19 16:56:46 +01:00
Frederik Rietdijk
20f001c01e Merge master into staging-next 2020-11-09 14:33:52 +01:00
Jan Tojnar
8e7fca3a5c
nixos/plymouth: fix eval with aliases disabled
Fallout from https://github.com/NixOS/nixpkgs/pull/101369
2020-11-09 14:00:18 +01:00
Samuel Gräfenstein
88bf1b3e92 nixos/boot: add final newline to pbkdf2-sha512.c 2020-11-09 11:39:28 +00:00
Marek Mahut
e02f6bfa26
Merge pull request #100418 from pltanton/master
fido2luks: 0.2.3 -> 0.2.15
2020-11-09 00:22:09 +01:00
Timo Kaufmann
1fd1c2ad88
Merge pull request #96639 from xfix/support-microsoft-usb-keyboards
nixos/availableKernelModules: add microsoft hid
2020-11-05 20:33:49 +01:00
Peter Hoeg
13ed0cce2f nixos/systemd-resolved: fix incorrect user 2020-11-05 22:41:39 +08:00
Christoph Ruegge
bcc808c68f Create /dev/std{in,out,err} symlinks in stage-1
This used to be done by udev, but that was removed in
systemd/systemd@6b2229c. The links are created by systemd at the end of
stage-2, but activation scripts might need them earlier.
2020-11-05 15:32:19 +01:00
lf-
644079e707 nixos/modules: deprecation warning for StartLimitInterval in [Service]
This implements
https://github.com/NixOS/nixpkgs/issues/45786#issuecomment-440091879
2020-10-31 16:50:35 +01:00
Niklas Hambüchen
c178fe4bbb nixos/modules: Reformat warnings section 2020-10-31 16:50:25 +01:00
lf-
b37bbca521 nixos/modules: fix systemd start rate-limits
These were broken since 2016:
f0367da7d1
since StartLimitIntervalSec got moved into [Unit] from [Service].
StartLimitBurst has also been moved accordingly, so let's fix that one
too.

NixOS systems have been producing logs such as:
/nix/store/wf98r55aszi1bkmln1lvdbp7znsfr70i-unit-caddy.service/caddy.service:31:
Unknown key name 'StartLimitIntervalSec' in section 'Service', ignoring.

I have also removed some unnecessary duplication in units disabling
rate limiting since setting either interval or burst to zero disables it
(ad16158c10/src/basic/ratelimit.c (L16))
2020-10-31 01:35:56 -07:00
Graham Christensen
82578fc725
Merge pull request #102172 from grahamc/stage-1-datestamps
stage-1: add datestamps to logs
2020-10-30 16:13:02 -04:00
Graham Christensen
b34cf366aa
Merge pull request #102171 from grahamc/faster-ext-resize
stage-1: modprobe ext{2,3,4} before resizing (so resizing takes less than 45 minutes)
2020-10-30 16:12:50 -04:00
Graham Christensen
ece5c0f304
stage-1: modprobe ext{2,3,4} before resizing
I noticed booting a system with an ext4 root which expanded to 5T took
quite a long time (12 minutes in some cases, 43(!) in others.)

I changed stage-1 to run `resize2fs -d 62` for extra debug output and
timing information. It revealed the adjust_superblock step taking
almost all of the time:

    [Fri Oct 30 11:10:15 UTC 2020] zero_high_bits_in_metadata: Memory used: 132k/0k (63k/70k), time:  0.00/ 0.00/ 0.00
    [Fri Oct 30 11:21:09 UTC 2020] adjust_superblock: Memory used: 396k/4556k (295k/102k), time: 654.21/ 0.59/ 5.13

but when I ran resize2fs on a disk with the identical content growing
to the identical target size, it would only take about 30 seconds. I
looked at what happened between those two steps in the fast case with
strace and found:

```
   235	getrusage(RUSAGE_SELF, {ru_utime={tv_sec=0, tv_usec=1795}, ru_stime={tv_sec=0, tv_usec=3590}, ...}) = 0
   236	write(1, "zero_high_bits_in_metadata: Memo"..., 84zero_high_bits_in_metadata: Memory used: 132k/0k (72k/61k), time:  0.00/ 0.00/ 0.00
   237	) = 84
   238	gettimeofday({tv_sec=1604061278, tv_usec=480147}, NULL) = 0
   239	getrusage(RUSAGE_SELF, {ru_utime={tv_sec=0, tv_usec=1802}, ru_stime={tv_sec=0, tv_usec=3603}, ...}) = 0
   240	gettimeofday({tv_sec=1604061278, tv_usec=480192}, NULL) = 0
   241	mmap(NULL, 2564096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa3c7355000
   242	access("/sys/fs/ext4/features/lazy_itable_init", F_OK) = 0
   243	brk(0xf85000)                           = 0xf85000
   244	brk(0xfa6000)                           = 0xfa6000
   245	gettimeofday({tv_sec=1604061278, tv_usec=538828}, NULL) = 0
   246	getrusage(RUSAGE_SELF, {ru_utime={tv_sec=0, tv_usec=58720}, ru_stime={tv_sec=0, tv_usec=3603}, ...}) = 0
   247	write(1, "adjust_superblock: Memory used: "..., 79adjust_superblock: Memory used: 396k/2504k (305k/92k), time:  0.06/ 0.06/ 0.00
   248	) = 79
   249	gettimeofday({tv_sec=1604061278, tv_usec=539119}, NULL) = 0
   250	getrusage(RUSAGE_SELF, {ru_utime={tv_sec=0, tv_usec=58812}, ru_stime={tv_sec=0, tv_usec=3603}, ...}) = 0
   251	gettimeofday({tv_sec=1604061279, tv_usec=939}, NULL) = 0
   252	getrusage(RUSAGE_SELF, {ru_utime={tv_sec=0, tv_usec=520411}, ru_stime={tv_sec=0, tv_usec=3603}, ...}) = 0
   253	write(1, "fix_uninit_block_bitmaps 2: Memo"..., 88fix_uninit_block_bitmaps 2: Memory used: 396k/2504k (305k/92k), time:  0.46/ 0.46/ 0.00
   254	) = 88
```

In particular the access to /sys/fs seemed interesting. Looking
at the source of resize2fs:

```
[root@ip-172-31-22-182:~/e2fsprogs-1.45.5]# rg -B2 -A1 /sys/fs/ext4/features/lazy_itable_init .
./resize/resize2fs.c
923-	if (getenv("RESIZE2FS_FORCE_LAZY_ITABLE_INIT") ||
924-	    (!getenv("RESIZE2FS_FORCE_ITABLE_INIT") &&
925:	     access("/sys/fs/ext4/features/lazy_itable_init", F_OK) == 0))
926-		lazy_itable_init = 1;
```

I confirmed /sys is mounted, and then found a bug suggesting the
ext4 module is maybe not loaded:
https://bugzilla.redhat.com/show_bug.cgi?id=1071909

My home server doesn't have ext4 loaded and had 3T to play with, so
I tried (and succeeded with) replicating the issue locally:

```
[root@kif:/scratch]# lsmod | grep -i ext

[root@kif:/scratch]# zfs create -V 3G rpool/scratch/ext4

[root@kif:/scratch]# time mkfs.ext4 /dev/zvol/rpool/scratch/ext4
mke2fs 1.45.5 (07-Jan-2020)
Discarding device blocks: done
Creating filesystem with 786432 4k blocks and 196608 inodes
Filesystem UUID: 560a4a8f-93dc-40cc-97a5-f10049bf801f
Superblock backups stored on blocks:
	32768, 98304, 163840, 229376, 294912

Allocating group tables: done
Writing inode tables: done
Creating journal (16384 blocks): done
Writing superblocks and filesystem accounting information: done

real	0m2.261s
user	0m0.000s
sys	0m0.025s

[root@kif:/scratch]# zfs set volsize=3T rpool/scratch/ext4

[root@kif:/scratch]# time resize2fs -d 62 /dev/zvol/rpool/scratch/ext4
resize2fs 1.45.5 (07-Jan-2020)
fs has 11 inodes, 1 groups required.
fs requires 16390 data blocks.
With 1 group(s), we have 22234 blocks available.
Last group's overhead is 10534
Need 16390 data blocks in last group
Final size of last group is 26924
Estimated blocks needed: 26924
Extents safety margin: 49
Resizing the filesystem on /dev/zvol/rpool/scratch/ext4 to 805306368 (4k) blocks.
read_bitmaps: Memory used: 132k/0k (63k/70k), time:  0.00/ 0.00/ 0.00
read_bitmaps: I/O read: 1MB, write: 0MB, rate: 3802.28MB/s
fix_uninit_block_bitmaps 1: Memory used: 132k/0k (63k/70k), time:  0.00/ 0.00/ 0.00
resize_group_descriptors: Memory used: 132k/0k (68k/65k), time:  0.00/ 0.00/ 0.00
move_bg_metadata: Memory used: 132k/0k (68k/65k), time:  0.00/ 0.00/ 0.00
zero_high_bits_in_metadata: Memory used: 132k/0k (68k/65k), time:  0.00/ 0.00/ 0.00
```

here it got stuck for quite some time ... straceing this 20 minutes in revealed this in a tight loop:

```
getuid()                                = 0
geteuid()                               = 0
getgid()                                = 0
getegid()                               = 0
prctl(PR_GET_DUMPABLE)                  = 1 (SUID_DUMP_USER)
fallocate(3, FALLOC_FL_ZERO_RANGE, 2222649901056, 2097152) = 0
fsync(3)                                = 0
```

it finally ended 43(!) minutes later:

```
adjust_superblock: Memory used: 264k/3592k (210k/55k), time: 2554.03/ 0.16/15.07
fix_uninit_block_bitmaps 2: Memory used: 264k/3592k (210k/55k), time:  0.16/ 0.16/ 0.00
blocks_to_move: Memory used: 264k/3592k (211k/54k), time:  0.00/ 0.00/ 0.00
Number of free blocks: 755396/780023556, Needed: 0
block_mover: Memory used: 264k/3592k (216k/49k), time:  0.05/ 0.01/ 0.00
block_mover: I/O read: 1MB, write: 0MB, rate: 18.68MB/s
inode_scan_and_fix: Memory used: 264k/3592k (216k/49k), time:  0.00/ 0.00/ 0.00
inode_ref_fix: Memory used: 264k/3592k (216k/49k), time:  0.00/ 0.00/ 0.00
move_itables: Memory used: 264k/3592k (216k/49k), time:  0.00/ 0.00/ 0.00
calculate_summary_stats: Memory used: 264k/3592k (216k/49k), time: 16.35/16.35/ 0.00
fix_resize_inode: Memory used: 264k/3592k (222k/43k), time:  0.04/ 0.00/ 0.00
fix_resize_inode: I/O read: 1MB, write: 0MB, rate: 22.80MB/s
fix_sb_journal_backup: Memory used: 264k/3592k (222k/43k), time:  0.00/ 0.00/ 0.00
overall resize2fs: Memory used: 264k/3592k (222k/43k), time: 2570.90/16.68/15.07
overall resize2fs: I/O read: 1MB, write: 1MB, rate: 0.00MB/s
The filesystem on /dev/zvol/rpool/scratch/ext4 is now 805306368 (4k) blocks long.

real	43m1.943s
user	0m16.761s
sys	0m15.069s
```

I then cleaned up and recreated the zvol, loaded the ext4 module, created the ext4 fs,
resized the volume, and resize2fs'd and it went quite quickly:

```
[root@kif:/scratch]# zfs destroy rpool/scratch/ext4

[root@kif:/scratch]# zfs create -V 3G rpool/scratch/ext4

[root@kif:/scratch]# modprobe ext4

[root@kif:/scratch]# time resize2fs -d 62 /dev/zvol/rpool/scratch/ext4

[root@kif:/scratch]# time mkfs.ext4 /dev/zvol/rpool/scratch/ext4
mke2fs 1.45.5 (07-Jan-2020)
Discarding device blocks: done
Creating filesystem with 786432 4k blocks and 196608 inodes
Filesystem UUID: 5b415f2f-a8c4-4ba0-ac1d-78860de77610
Superblock backups stored on blocks:
	32768, 98304, 163840, 229376, 294912

Allocating group tables: done
Writing inode tables: done
Creating journal (16384 blocks): done
Writing superblocks and filesystem accounting information: done

real	0m1.013s
user	0m0.001s
sys	0m0.023s

[root@kif:/scratch]# zfs set volsize=3T rpool/scratch/ext4

[root@kif:/scratch]# time resize2fs -d 62 /dev/zvol/rpool/scratch/ext4
resize2fs 1.45.5 (07-Jan-2020)
fs has 11 inodes, 1 groups required.
fs requires 16390 data blocks.
With 1 group(s), we have 22234 blocks available.
Last group's overhead is 10534
Need 16390 data blocks in last group
Final size of last group is 26924
Estimated blocks needed: 26924
Extents safety margin: 49
Resizing the filesystem on /dev/zvol/rpool/scratch/ext4 to 805306368 (4k) blocks.
read_bitmaps: Memory used: 132k/0k (63k/70k), time:  0.00/ 0.00/ 0.00
read_bitmaps: I/O read: 1MB, write: 0MB, rate: 3389.83MB/s
fix_uninit_block_bitmaps 1: Memory used: 132k/0k (63k/70k), time:  0.00/ 0.00/ 0.00
resize_group_descriptors: Memory used: 132k/0k (68k/65k), time:  0.00/ 0.00/ 0.00
move_bg_metadata: Memory used: 132k/0k (68k/65k), time:  0.00/ 0.00/ 0.00
zero_high_bits_in_metadata: Memory used: 132k/0k (68k/65k), time:  0.00/ 0.00/ 0.00
adjust_superblock: Memory used: 264k/1540k (210k/55k), time:  0.02/ 0.02/ 0.00
fix_uninit_block_bitmaps 2: Memory used: 264k/1540k (210k/55k), time:  0.15/ 0.15/ 0.00
blocks_to_move: Memory used: 264k/1540k (211k/54k), time:  0.00/ 0.00/ 0.00
Number of free blocks: 755396/780023556, Needed: 0
block_mover: Memory used: 264k/3592k (216k/49k), time:  0.01/ 0.01/ 0.00
block_mover: I/O read: 1MB, write: 0MB, rate: 157.11MB/s
inode_scan_and_fix: Memory used: 264k/3592k (216k/49k), time:  0.00/ 0.00/ 0.00
inode_ref_fix: Memory used: 264k/3592k (216k/49k), time:  0.00/ 0.00/ 0.00
move_itables: Memory used: 264k/3592k (216k/49k), time:  0.00/ 0.00/ 0.00

calculate_summary_stats: Memory used: 264k/3592k (216k/49k), time: 16.20/16.20/ 0.00
fix_resize_inode: Memory used: 264k/3592k (222k/43k), time:  0.00/ 0.00/ 0.00
fix_resize_inode: I/O read: 1MB, write: 0MB, rate: 5319.15MB/s
fix_sb_journal_backup: Memory used: 264k/3592k (222k/43k), time:  0.00/ 0.00/ 0.00
overall resize2fs: Memory used: 264k/3592k (222k/43k), time: 16.45/16.38/ 0.00
overall resize2fs: I/O read: 1MB, write: 1MB, rate: 0.06MB/s
The filesystem on /dev/zvol/rpool/scratch/ext4 is now 805306368 (4k) blocks long.

real	0m17.908s
user	0m16.386s
sys	0m0.079s
```

Success!
2020-10-30 12:18:23 -04:00
Graham Christensen
a179781696
stage-1: add datestamps to logs
When the stage-1 logs get imported in to the journal, they all get
loaded with the same timestamp. This makes it difficult to identify
what might be taking a long time in early boot.
2020-10-30 12:16:35 -04:00
Florian Klink
b8d59e93c8 nixos/networkd: allow RouteMetric= in [DHCPv6] section 2020-10-29 19:47:42 +01:00
Anton Plotnikov
1321ae850c
fido2luks: 0.2.3 -> 0.2.15
Also remove interactive flag from initrd, because of broken io.
2020-10-23 11:03:31 +03:00
Marc 'risson' Schmitt
9e6bede5ab nixos/initrd-network: fix /etc/resolv.conf when multiple dns servers from DHCP
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
2020-10-19 21:32:58 -07:00
Florian Klink
9d0d99f05b
Merge pull request #95746 from Mic92/cloud-init
cloud-init: 0.7.9 -> 20.2 (python3!)
2020-10-15 22:57:46 +02:00
Johan Thomsen
8f5949fd46 nixos/initrd-ssh: set more defensive pemissions on sshd test key
It looks like the test sshd key can never be used, because of too open
permissions. My guess is that the current test script works fine once
the user defined ssh-key has been copied into initrd.

At "nixos-install" however, the user specified host key is not present
in initrd yet and validation fails.

fixes #91486
2020-09-30 15:47:49 +02:00
Florian Klink
30ddfe6b95 Revert "nixos/systemd-boot: Temporarily ignore errors"
This reverts commit b32701bc54.

That fix has been included upstream in 246.5.
2020-09-27 16:45:27 +02:00
Richard Marko
9b06e9856b raspberrypi-builder: allow passing firmware package as argument 2020-09-26 14:26:16 +02:00
Cole Helbling
4586810487
nixos/stage-1: set up /dev/fd
Otherwise, stage-2-init.sh will complain about not having access to
/dev/fd/62 as of systemd v246.

On IRC, flokli said:

    15:14 <flokli> cole-h: hmmm... I could imagine some of the setup inside /dev has been moved into other parts of systemd
    15:14 <flokli> And given we run systemd much later (outside initramfs only) it doesn't work properly here
    15:17 <flokli> We probably don't invoke udev correctly
2020-09-22 15:33:21 -07:00
Tethys Svensson
b32701bc54 nixos/systemd-boot: Temporarily ignore errors
This is a temporary fix for #97433. A more proper fix has been
implemented upstream in systemd/systemd#17001, however until it gets
backported, we are stuck with ignoring the error.

After the backport lands, this commit should be reverted.
2020-09-10 20:56:04 +02:00
Linus Heckemann
fdd944526c nixos/grub: allow multiple "nodev" devices for mirroredBoots
For UEFI setups, "device" will generally be the special value "nodev"
which represents not running grub-install at all. Using "nodev" for
boot mirrors should therefore be allowed.
2020-09-09 07:40:08 +02:00
Christian Kampka
2c6753f9d0
Revert "nixos/raspberrypi-builder: fix cross using buildPackages"
The commit enforces buildPackages in the builder but neglects
the fact that the builder is intended to run on the target system.
Because of that, the builder will fail when remotely building a
configuration eg. with nixops or nix-copy-closure.

This reverts commit a6ac6d00f9.
2020-09-08 20:14:13 +02:00