Commit graph

947 commits

Author SHA1 Message Date
Maximilian Bosch
7297cc5501 nixos/activation: fix systemd-user daemon-reload in auto-upgrade service (#47695)
The autoupgrade service defined in `system.autoUpgrade`
(`nixos/modules/installer/tools/auto-upgrade.nix`) doesn't have `su` in
its path and thus yields a warning during the `daemon-reload`.

Specifying the absolute path fixes the issue.

Fixes #47648
2018-10-03 12:31:08 +02:00
Jörg Thalheim
b12c759f76
Merge pull request #47563 from jameysharp/unscripted
Replace several activation script snippets with declarative configuration
2018-10-02 19:21:34 +01:00
Jamey Sharp
b63f65aea0 nixos/pam: create wtmp/lastlog iff using pam_lastlog
I think pam_lastlog is the only thing that writes to these files in
practice on a modern Linux system, so in a configuration that doesn't
use that module, we don't need to create these files.

I used tmpfiles.d instead of activation snippets to create the logs.
It's good enough for upstream and other distros; it's probably good
enough for us.
2018-09-30 11:08:12 -07:00
Jamey Sharp
dab5c632bd nixos/activation: don't create /run/nix
Nix 2.0 no longer uses these directories.

/run/nix/current-load was moved to /nix/var/nix/current-load in 2017
(Nix commit d7653dfc6dea076ecbe00520c6137977e0fced35). Anyway,
src/build-remote/build-remote.cc will create the current-load directory
if it doesn't exist already.

/run/nix/remote-stores seems to have been deprecated since 2014 (Nix
commit b1af336132cfe8a6e4c54912cc512f8c28d4ebf3) when the documentation
for $NIX_OTHER_STORES was removed, and support for it was dropped
entirely in 2016 (Nix commit 4494000e04122f24558e1436e66d20d89028b4bd).
2018-09-30 11:08:12 -07:00
Jamey Sharp
bbc0f6f005 nixos/systemd: don't create /var/lib/udev
As far as I can tell, systemd has never used this directory, so I think
this is a holdover from before udev merged into systemd.
2018-09-30 11:05:47 -07:00
Jamey Sharp
10e8650515 nixos/systemd: let journald create /var/log/journal
The default value for journald's Storage option is "auto", which
determines whether to log to /var/log/journal based on whether that
directory already exists. So NixOS has been unconditionally creating
that directory in activation scripts.

However, we can get the same behavior by configuring journald.conf to
set Storage to "persistent" instead. In that case, journald will create
the directory itself if necessary.
2018-09-30 11:04:43 -07:00
Jamey Sharp
8d40083690 nixos/stage-2: create empty machine-id at boot
Previously, the activation script was responsible for ensuring that
/etc/machine-id exists. However, the only time it could not already
exist is during stage-2-init, not while switching configurations,
because one of the first things systemd does when starting up as PID 1
is to create this file. So I've moved the initialization to
stage-2-init.

Furthermore, since systemd will do the equivalent of
systemd-machine-id-setup if /etc/machine-id doesn't have valid contents,
we don't need to do that ourselves.

We _do_, however, want to ensure that the file at least exists, because
systemd also uses the non-existence of this file to guess that this is a
first-boot situation. In that case, systemd tries to create some
symlinks in /etc/systemd/system according to its presets, which it can't
do because we've already populated /etc according to the current NixOS
configuration.

This is not necessary for any other activation script snippets, so it's
okay to do it after stage-2-init runs the activation script. None of
them declare a dependency on the "systemd" snippet. Also, most of them
only create files or directories in ways that obviously don't need the
machine-id set.
2018-09-30 10:45:35 -07:00
Jamey Sharp
f449242e83 nixos/systemd: remove activation dependency
As far as I can tell, the systemd snippet hasn't depended on groups
being initialized since 5d02c02a9b in
2015, when a `setfacl` call was removed.
2018-09-29 23:37:38 -07:00
aszlig
fd8bca45c9
nixos/kexec: Fix typo in meta.platforms
Evaluation error introduced in 599c4df46a.

There is only a "platformS" attribute in kexectools.meta, so let's use
this and from the code in the kexec module it operates on a list,
matching the corresponding platforms, so this seems to be the attribute
the original author intended.

Tested by building nixos/tests/kexec.nix on x86_64-linux and while it
evaluates now, the test still fails by timing out shortly after the
kexec:

machine: waiting for the VM to finish booting
machine# Cannot find the ESP partition mount point.

This however seems to be an unrelated issue and was also the case before
the commit mentioned above.

Signed-off-by: aszlig <aszlig@nix.build>
Cc: @edolstra, @dezgeg
2018-09-28 17:44:42 +02:00
Tuomas Tynkkynen
599c4df46a nixos/kexec: Replace meta.available checks
This sort of code breaks config.{allowBroken, allowUnsupportedSystem} =
true by making them do unpredictable things.
2018-09-28 15:01:00 +03:00
Jörg Thalheim
aa69bb5743 systemd: don't restart user-runtime-dir@ on upgrades
Likewise logind we should not try to restart this service after upgrade,
the user's current session depends on it.
2018-09-28 11:37:20 +01:00
aszlig
9bfd864c59
Merge reording asserts in NixOS eval (#47293)
Changes the evaluation order in that it evaluates assertions before
warnings, so that eg. the following would work:

  { config, lib, ... }:

  {
    options.foo = lib.mkOption {
      type = lib.types.bool;
      default = true;
      description = "...";
    };

    options.bar = lib.mkOption {
      type = lib.types.bool;
      default = false;
      description = "...";
    };

    config = lib.mkMerge [
      (lib.mkIf config.bar {
        system.build.bar = "foobar";
      })
      (lib.mkIf config.foo {
        assertions = lib.singleton {
          assertion = config.bar;
          message = "Bar needs to be enabled";
        };
        systemd.services.foo = {
          description = "Foo";
          serviceConfig.ExecStart = config.system.build.bar;
        };
      })
    ];
  }

This is because the systemd module includes definitions for warnings
that would trigger evaluation of the config.system.build.bar definition.

The original pull request references a breakage due to the following:

  {
    services.nixosManual.enable = false;
    services.nixosManual.showManual = true;
  }

However, changing the eval order between asserts and warnings clearly is
a corner case here and it only happens because of the aforementioned
usage of warnings in the systemd module and needs more discussion.

Nevertheless, this is still useful because it lowers the evaluation time
whenever an assertion is hit, which is a hard failure anyway.
2018-09-26 01:18:41 +02:00
Jan Malakhovski
563d5b1c87 nixos: top-level: indent 2018-09-24 19:45:16 +00:00
Jan Malakhovski
fece91537b nixos: top-level: evaluate assertions before warnings
or else at least the following config will fail with an evaluation error
instead of an assert

```
{
  services.nixosManual.enable = false;
  services.nixosManual.showManual = true;
}
```
2018-09-24 19:45:15 +00:00
Edward Tjörnhammar
8ab4cbdac3 nixos: initrd/luks: make uuid specified devices discoverable 2018-09-24 16:35:46 +02:00
Elis Hirwing
5664e64a01 nixos/activation: Switch from bash to sh to avoid reading users bash config (#46851)
This fixes #46750. This should also work with non-POSIX shells like in #46042.
2018-09-18 21:47:14 +02:00
Alexander Shpilkin
ecf73103ab
nixos/networkd: do not require gateway for routes
A route via a tunnel interface does not require a gateway to be
specified, so do not check for the Gateway= field on routes at all.
2018-09-07 02:23:12 +03:00
Alexander Shpilkin
8fdb6fba30
nixos/networkd: fix handling of RequiredForOnline 2018-09-07 02:01:21 +03:00
Alexander Shpilkin
423e46a24f
nixos/networkd: support MULTICAST flag on links
Support Multicast= option in [Link] section of network units,
introduced in systemd/systemd#9118.
2018-09-07 01:56:46 +03:00
Maximilian Bosch
df05618f2a nixos/activation: fix activation script for non-POSIX shells (#46042)
This fixes an issue with shells like fish that are not fully POSIX
compliant. The syntax `ENV=val cmd' doesn't work properly in there.

This issue has been addressed in #45932 and #45945, however it has been
recommended to use a single shell (`stdenv.shell' which is either
`bash' or `sh') to significantly reduce the maintenance overload in the
future.

See https://github.com/NixOS/nixpkgs/issues/45897#issuecomment-417923464

Fixes #45897

/cc @FRidh @xaverdh @etu
2018-09-05 22:48:47 +02:00
Graham Christensen
f14b6cb6ec
Merge pull request #44526 from samueldr/feature/actiavation-failure-identification
nixos/activation: Identifies the snippet that failed
2018-09-02 14:28:10 -04:00
volth
a9a8043b9b install-grub.pl: avoid double '/' in menu.lst and grub.conf (#45907)
Although double '/' in paths is not a problem for GRUB supplied with nixpkgs, sometimes NixOS's grub.conf read by external GRUB and there are versions of GRUB which fail
2018-09-02 14:34:55 +02:00
Venkateswara Rao Mandela
cb1ca42009 nixos/doc: add instructions for installation behind a proxy (#45854)
The instructions to install nixos behind a proxy were not clear. While
one could guess that setting http_proxy variables can get the install
rolling, one could end up with an installed system where the proxy
settings for the nix-daemon are not configured.

This commit updates the documentation with

1. steps to install behind a proxy

2. configure the global proxy settings so that nix-daemon can access
internet.

3. Pointers to use nesting.clone in case one has to use different proxy
settings on different networks.
2018-09-01 16:12:35 +02:00
volth
2c072b9ddc stage-1-init.sh: do not check mounted filesystems (#45891)
fsck of a mounted filesystems fails with error code 8 "Operational error" and halts the boot processing
2018-09-01 15:26:16 +02:00
Vladimír Čunát
0473466ba5
Merge #45731: artwork update (replacing old logo) 2018-09-01 10:43:20 +02:00
John Ericson
2c2f1e37d4 reewide: Purge all uses stdenv.system and top-level system
It is deprecated and will be removed after 18.09.
2018-08-30 17:20:32 -04:00
Samuel Dionne-Riel
01259ef98f nixos/grub: Uses the new artwork as the default option.
This also includes a set of defaults *for this option*, where when not
used, other saner defaults are used.
2018-08-29 00:04:58 -04:00
Samuel Dionne-Riel
e8406f937e nixos/grub: Adds background color and mode options
The background color option is self-explanatory.

The mode is either `normal` or `stretch`, they are as defined by GRUB,
where normal will put the image in the top-left corner of the menu, and
stretch is the default, where it stretches the image without
consideration for the aspect ratio.

 * https://www.gnu.org/software/grub/manual/grub/grub.html#background_005fimage
2018-08-29 00:04:58 -04:00
Ben Wolsieffer
442681cc2a nixos/networkd: fix range assertions on 32 bit Nix 2018-08-28 19:31:10 -04:00
Matt McHenry
94a906b59a systemd: ensure fsck Requires/After links are created in mount units
systemd-fsck-generator only produces these lines if it can find the
necessary fsck executable in its PATH.

fixes #29139.
2018-08-28 17:12:49 +02:00
Jörg Thalheim
a6ced42c60
Merge pull request #44990 from Ma27/reload-user-units-during-activation
nixos/switch-to-configuration: reload user units
2018-08-27 11:12:42 +01:00
Ben Wolsieffer
6897945879 nixos/networkd: replace range with assertRange 2018-08-22 00:11:14 +02:00
John Ericson
7d85ade0cc treewide: Purge stdenv.platform and top-level platform
Progress towards #27069
2018-08-20 15:22:46 -04:00
John Ericson
f0d6e22b7f
Merge pull request #45397 from volth/patch-233
$toplevel/system: buildPlatform.system -> hostPlatform.system
2018-08-20 14:36:13 -04:00
volth
72f5078beb
top-level.nix: stdenv.platform -> stdenv.hostPlatform.platform
because stdenv.platform is stdenv.buildPlatform.platform
2018-08-20 18:20:57 +00:00
volth
6efaa88fcc
$toplevel/system: buildPlatform.system -> hostPlatform.system 2018-08-20 18:12:13 +00:00
Vladimír Čunát
cbabebcc2e
Merge branch 'master' into staging-next
Hydra: ?compare=1473892
2018-08-17 13:45:21 +02:00
Jörg Thalheim
3d36e7c1fa
Merge pull request #44233 from jfrankenau/networkd-fix-options
nixos/networkd: add missing options
2018-08-16 11:18:18 +02:00
Johannes Frankenau
b2f1790070 nixos/networkd: add missing options 2018-08-16 10:27:34 +02:00
Maximilian Bosch
fc2bde6d7a
nixos/switch-to-configuration: reload user units
When rebuilding you have to manually run `systemctl --user
daemon-reload`. It gathers all authenticated users using
`loginctl list-user` and runs `daemon-reload` for each of them.

This is a first step towards a `nixos-rebuild` which is able to reload
user units from systemd. The entire task is fairly hard, however I
consider this patch usable as it allows to restart units without running
`daemon-reload` for each authenticated user.
2018-08-14 13:38:18 +02:00
Vladimír Čunát
5b0398dc36
Merge branch 'master' into staging-next
Conflicts: gobby and libinfinity - I took the hand-edited versions
instead of those resuting from the mass-replacement.

Hydra: ?compare=1473190
2018-08-13 20:43:59 +02:00
Thibault Polge
d470a407eb
nixos/systemd-boot: Add missing newline
This fixes an issue where setting both
`boot.loader.systemd-boot.editor` to `false` and
`boot.loader.systemd-boot.consoleMode` to any value would concatenate
the two configuration lines in the output, resulting in an invalid
`loader.conf`.
2018-08-12 15:12:27 +02:00
Frederik Rietdijk
d9fa74ba78 Merge master into staging 2018-08-09 18:28:15 +02:00
Samuel Dionne-Riel
27c6bf0ef3
Merge pull request #29441 from oxij/nixos/luks
nixos: initrd/luks: allow to reuse passphrases, cleanup
2018-08-08 13:16:57 -04:00
Linus Heckemann
adba92b5ef systemd: improve unit script drv naming
Also store scripts directly in the nix store rather than having the
superfluous /bin/ tree.
2018-08-08 14:29:41 +02:00
Jan Malakhovski
8c83ba0386 nixos: initrd/luks: disable input echo for the whole stage 2018-08-08 02:47:50 +00:00
Jan Malakhovski
c35917e330 nixos: initrd/luks: simplify Yubikey handling code
From reading the source I'm pretty sure it doesn't support multiple Yubikeys, hence
those options are useless.

Also, I'm pretty sure nobody actually uses this feature, because enabling it causes
extra utils' checks to fail (even before applying any patches of this branch).

As I don't have the hardware to test this, I'm too lazy to fix the utils, but
I did test that with extra utils checks commented out and Yubikey
enabled the resulting script still passes the syntax check.
2018-08-08 02:47:49 +00:00
Jan Malakhovski
a9d69a74d6 nixos: initrd/luks: change passphrases handling
Also reuse common cryptsetup invocation subexpressions.

- Passphrase reading is done via the shell now, not by cryptsetup.
  This way the same passphrase can be reused between cryptsetup
  invocations, which this module now tries to do by default (can be
  disabled).
- Number of retries is now infinity, it makes no sense to make users
  reboot when they fail to type in their passphrase.
2018-08-08 02:47:47 +00:00
Jan Malakhovski
12e6907f33 nixos: initrd/luks: cleanup and generalize common shell expressions
Also fix Yubikey timeout handling mess.
2018-08-08 02:45:17 +00:00
Jan Malakhovski
dc653449c5 nixos: boot/stage-1: check syntax of the generated script 2018-08-08 02:43:17 +00:00