8c7859f7fb
and making kcheckpass setuid root. svn path=/nixos/trunk/; revision=12166
401 lines
13 KiB
Nix
401 lines
13 KiB
Nix
{ platform ? __currentSystem
|
|
, stage2Init ? ""
|
|
, configuration
|
|
, nixpkgsPath ? ../../nixpkgs
|
|
}:
|
|
|
|
rec {
|
|
|
|
# Make a configuration object from which we can retrieve option
|
|
# values.
|
|
config = pkgs.lib.addDefaultOptionValues optionDeclarations configuration;
|
|
|
|
optionDeclarations = import ./options.nix {inherit pkgs; inherit (pkgs.lib) mkOption;};
|
|
|
|
|
|
pkgs = import "${nixpkgsPath}/pkgs/top-level/all-packages.nix" {system = platform;};
|
|
|
|
pkgsDiet = import "${nixpkgsPath}/pkgs/top-level/all-packages.nix" {
|
|
system = platform;
|
|
bootStdenv = pkgs.useDietLibC pkgs.stdenv;
|
|
};
|
|
|
|
pkgsStatic = import "${nixpkgsPath}/pkgs/top-level/all-packages.nix" {
|
|
system = platform;
|
|
bootStdenv = pkgs.makeStaticBinaries pkgs.stdenv;
|
|
};
|
|
|
|
stdenvLinuxStuff = import "${nixpkgsPath}/pkgs/stdenv/linux" {
|
|
system = pkgs.stdenv.system;
|
|
allPackages = import "${nixpkgsPath}/pkgs/top-level/all-packages.nix";
|
|
};
|
|
|
|
manifests = config.installer.manifests; # exported here because nixos-rebuild uses it
|
|
|
|
nix = config.environment.nix pkgs;
|
|
|
|
kernelPackages = config.boot.kernelPackages pkgs;
|
|
|
|
kernel = kernelPackages.kernel;
|
|
|
|
rootModules =
|
|
config.boot.initrd.extraKernelModules ++
|
|
config.boot.initrd.kernelModules;
|
|
|
|
|
|
|
|
# Tree of kernel modules. This includes the kernel, plus modules
|
|
# built outside of the kernel. We have to combine these into a
|
|
# single tree of symlinks because modprobe only supports one
|
|
# directory.
|
|
modulesTree = pkgs.aggregateModules (
|
|
[kernel]
|
|
++ pkgs.lib.optional ((config.networking.enableIntel3945ABGFirmware || config.networking.enableIntel4965AGNFirmware) && !kernel.features ? iwlwifi) kernelPackages.iwlwifi
|
|
# !!! this should be declared by the xserver Upstart job.
|
|
++ pkgs.lib.optional (config.services.xserver.enable && config.services.xserver.videoDriver == "nvidia") kernelPackages.nvidiaDrivers
|
|
++ pkgs.lib.optional config.hardware.enableGo7007 kernelPackages.wis_go7007
|
|
++ (config.boot.extraModulePackages pkgs)
|
|
);
|
|
|
|
|
|
# Determine the set of modules that we need to mount the root FS.
|
|
modulesClosure = pkgs.makeModulesClosure {
|
|
inherit rootModules;
|
|
kernel = modulesTree;
|
|
allowMissing = config.boot.initrd.allowMissing;
|
|
};
|
|
|
|
|
|
# Some additional utilities needed in stage 1, notably mount. We
|
|
# don't want to bring in all of util-linux, so we just copy what we
|
|
# need.
|
|
extraUtils = pkgs.runCommand "extra-utils"
|
|
{ buildInputs = [pkgs.nukeReferences];
|
|
inherit (pkgsStatic) utillinux;
|
|
inherit (pkgsDiet) udev;
|
|
e2fsprogs = pkgs.e2fsprogsDiet;
|
|
devicemapper = if config.boot.initrd.lvm then pkgs.devicemapperStatic else null;
|
|
lvm2 = if config.boot.initrd.lvm then pkgs.lvm2Static else null;
|
|
allowedReferences = []; # prevent accidents like glibc being included in the initrd
|
|
}
|
|
''
|
|
ensureDir $out/bin
|
|
if test -n "$devicemapper"; then
|
|
cp $devicemapper/sbin/dmsetup.static $out/bin/dmsetup
|
|
cp $lvm2/sbin/lvm.static $out/bin/lvm
|
|
fi
|
|
cp $utillinux/bin/mount $utillinux/bin/umount $utillinux/sbin/pivot_root $out/bin
|
|
cp -p $e2fsprogs/sbin/fsck* $e2fsprogs/sbin/e2fsck $out/bin
|
|
cp $udev/sbin/udevd $udev/sbin/udevtrigger $udev/sbin/udevsettle $out/bin
|
|
nuke-refs $out/bin/*
|
|
''; # */
|
|
|
|
|
|
# The init script of boot stage 1 (loading kernel modules for
|
|
# mounting the root FS).
|
|
bootStage1 = import ../boot/boot-stage-1.nix {
|
|
inherit (pkgs) substituteAll;
|
|
inherit (pkgsDiet) module_init_tools;
|
|
inherit extraUtils;
|
|
inherit (config.boot) autoDetectRootDevice isLiveCD;
|
|
fileSystems =
|
|
pkgs.lib.filter
|
|
(fs: fs.mountPoint == "/" || (fs ? neededForBoot && fs.neededForBoot))
|
|
(config.fileSystems);
|
|
rootLabel = config.boot.rootLabel;
|
|
inherit stage2Init;
|
|
modulesDir = modulesClosure;
|
|
modules = rootModules;
|
|
staticShell = stdenvLinuxStuff.bootstrapTools.bash;
|
|
staticTools = stdenvLinuxStuff.staticTools;
|
|
resumeDevice = config.boot.resumeDevice;
|
|
};
|
|
|
|
|
|
# The closure of the init script of boot stage 1 is what we put in
|
|
# the initial RAM disk.
|
|
initialRamdisk = pkgs.makeInitrd {
|
|
contents = [
|
|
{ object = bootStage1;
|
|
symlink = "/init";
|
|
}
|
|
] ++
|
|
pkgs.lib.optionals
|
|
(config.boot.initrd.enableSplashScreen && kernelPackages.splashutils != null)
|
|
[
|
|
{ object = pkgs.runCommand "splashutils" {allowedReferences = []; buildInputs = [pkgs.nukeReferences];} ''
|
|
ensureDir $out/bin
|
|
cp ${kernelPackages.splashutils}/${kernelPackages.splashutils.helperName} $out/bin/splash_helper
|
|
nuke-refs $out/bin/*
|
|
'';
|
|
suffix = "/bin/splash_helper";
|
|
symlink = "/${kernelPackages.splashutils.helperName}";
|
|
}
|
|
{ object = import ../helpers/unpack-theme.nix {
|
|
inherit (pkgs) stdenv;
|
|
theme = config.services.ttyBackgrounds.defaultTheme;
|
|
};
|
|
symlink = "/etc/splash";
|
|
}
|
|
];
|
|
};
|
|
|
|
|
|
# NixOS installation/updating tools.
|
|
nixosTools = import ../installer {
|
|
inherit pkgs config nix nixpkgsPath;
|
|
};
|
|
|
|
|
|
# NSS modules. Hacky!
|
|
nssModules =
|
|
pkgs.lib.optional config.users.ldap.enable pkgs.nss_ldap
|
|
++ pkgs.lib.optional config.services.avahi.nssmdns pkgs.nssmdns;
|
|
|
|
nssModulesPath = pkgs.lib.concatStrings (pkgs.lib.intersperse ":"
|
|
(map (mod: mod + "/lib") nssModules));
|
|
|
|
|
|
# Wrapper around modprobe to set the path to the modules.
|
|
modprobe = pkgs.substituteAll {
|
|
dir = "sbin";
|
|
src = ./modprobe;
|
|
isExecutable = true;
|
|
inherit (pkgs) module_init_tools;
|
|
inherit modulesTree;
|
|
};
|
|
|
|
|
|
# Environment variables for running Nix.
|
|
nixEnvVars =
|
|
"export NIX_CONF_DIR=/nix/etc/nix\n" +
|
|
(if config.nix.distributedBuilds then
|
|
"export NIX_BUILD_HOOK=${nix}/libexec/nix/build-remote.pl\n" +
|
|
"export NIX_REMOTE_SYSTEMS=/etc/nix.machines\n" +
|
|
"export NIX_CURRENT_LOAD=/var/run/nix/current-load\n"
|
|
else "");
|
|
|
|
|
|
# The services (Upstart) configuration for the system.
|
|
upstartJobs = import ../upstart-jobs/default.nix {
|
|
inherit config pkgs nix modprobe nssModulesPath nixEnvVars
|
|
optionDeclarations kernelPackages;
|
|
};
|
|
|
|
|
|
# The static parts of /etc.
|
|
etc = import ../etc/default.nix {
|
|
inherit config pkgs upstartJobs systemPath wrapperDir
|
|
defaultShell nixEnvVars modulesTree nssModulesPath;
|
|
extraEtc = pkgs.lib.concatLists (map (job: job.extraEtc) upstartJobs.jobs);
|
|
};
|
|
|
|
# Font aggregation
|
|
fontDir = import ./fontdir.nix {
|
|
inherit config pkgs ;
|
|
inherit (pkgs) builderDefs ttmkfdir;
|
|
inherit (pkgs.xorg) mkfontdir mkfontscale fontalias;
|
|
};
|
|
|
|
# The wrapper setuid programs (since we can't have setuid programs
|
|
# in the Nix store).
|
|
wrapperDir = "/var/setuid-wrappers";
|
|
|
|
setuidWrapper = import ../helpers/setuid {
|
|
inherit (pkgs) stdenv;
|
|
inherit wrapperDir;
|
|
};
|
|
|
|
|
|
# The packages you want in the boot environment.
|
|
systemPathList = [
|
|
# Better leave them here - they are small, needed,
|
|
# and hard to refer from anywhere outside.
|
|
modprobe # must take precedence over module_init_tools
|
|
nix
|
|
nixosTools.nixosInstall
|
|
nixosTools.nixosRebuild
|
|
nixosTools.nixosCheckout
|
|
nixosTools.nixosHardwareScan
|
|
nixosTools.nixosGenSeccureKeys
|
|
setuidWrapper
|
|
]
|
|
++ pkgs.lib.optionals (!config.environment.cleanStart) [
|
|
pkgs.bashInteractive # bash with ncurses support
|
|
pkgs.bzip2
|
|
pkgs.coreutils
|
|
pkgs.cpio
|
|
pkgs.cron
|
|
pkgs.curl
|
|
pkgs.e2fsprogs
|
|
pkgs.findutils
|
|
pkgs.glibc # for ldd, getent
|
|
pkgs.gnugrep
|
|
pkgs.gnused
|
|
pkgs.gnutar
|
|
pkgs.grub
|
|
pkgs.gzip
|
|
pkgs.iputils
|
|
pkgs.less
|
|
pkgs.lvm2
|
|
pkgs.man
|
|
pkgs.mdadm
|
|
pkgs.module_init_tools
|
|
pkgs.nano
|
|
pkgs.ncurses
|
|
pkgs.netcat
|
|
pkgs.nettools
|
|
pkgs.ntp
|
|
pkgs.openssh
|
|
pkgs.pciutils
|
|
pkgs.perl
|
|
pkgs.procps
|
|
pkgs.pwdutils
|
|
pkgs.reiserfsprogs
|
|
pkgs.rsync
|
|
pkgs.seccureUser
|
|
pkgs.strace
|
|
pkgs.su
|
|
pkgs.sysklogd
|
|
pkgs.sysvtools
|
|
pkgs.time
|
|
pkgs.udev
|
|
pkgs.upstart
|
|
pkgs.usbutils
|
|
pkgs.utillinux
|
|
pkgs.wirelesstools
|
|
]
|
|
++ pkgs.lib.optional config.security.sudo.enable pkgs.sudo
|
|
++ pkgs.lib.optional config.services.atd.enable pkgs.at
|
|
++ pkgs.lib.optional config.services.bitlbee.enable pkgs.bitlbee
|
|
++ pkgs.lib.optional config.services.avahi.enable pkgs.avahi
|
|
++ pkgs.lib.optional config.networking.defaultMailServer.directDelivery pkgs.ssmtp
|
|
++ pkgs.lib.concatLists (map (job: job.extraPath) upstartJobs.jobs)
|
|
++ config.environment.extraPackages pkgs
|
|
++ pkgs.lib.optional config.fonts.enableFontDir fontDir
|
|
|
|
# NSS modules need to be in `systemPath' so that (i) the builder
|
|
# chroot gets to seem them, and (ii) applications can benefit from
|
|
# changes in the list of NSS modules at run-time, without requiring
|
|
# a reboot.
|
|
++ nssModules;
|
|
|
|
# We don't want to put all of `startPath' and `path' in $PATH, since
|
|
# then we get an embarrassingly long $PATH. So use the user
|
|
# environment builder to make a directory with symlinks to those
|
|
# packages.
|
|
systemPath = pkgs.buildEnv {
|
|
name = "system-path";
|
|
paths = systemPathList;
|
|
|
|
# Note: We need `/lib' to be among `pathsToLink' for NSS modules
|
|
# to work.
|
|
inherit (config.environment) pathsToLink;
|
|
|
|
ignoreCollisions = true;
|
|
};
|
|
|
|
|
|
usersGroups = import ./users-groups.nix { inherit pkgs config upstartJobs defaultShell; };
|
|
|
|
|
|
defaultShell = "/var/run/current-system/sw/bin/bash";
|
|
|
|
|
|
# The script that activates the configuration, i.e., it sets up
|
|
# /etc, accounts, etc. It doesn't do anything that can only be done
|
|
# at boot time (such as start `init').
|
|
activateConfiguration = pkgs.substituteAll rec {
|
|
src = ./activate-configuration.sh;
|
|
isExecutable = true;
|
|
|
|
inherit etc wrapperDir systemPath modprobe defaultShell kernel;
|
|
hostName = config.networking.hostName;
|
|
setuidPrograms =
|
|
config.security.setuidPrograms ++
|
|
config.security.extraSetuidPrograms ++
|
|
pkgs.lib.optional config.security.sudo.enable "sudo" ++
|
|
pkgs.lib.optionals config.services.atd.enable ["at" "atq" "atrm"] ++
|
|
pkgs.lib.optional (config.services.xserver.sessionType == "kde") "kcheckpass";
|
|
|
|
inherit (usersGroups) createUsersGroups usersList groupsList;
|
|
|
|
path = [
|
|
pkgs.coreutils pkgs.gnugrep pkgs.findutils
|
|
pkgs.glibc # needed for getent
|
|
pkgs.pwdutils
|
|
];
|
|
|
|
bash = pkgs.bashInteractive;
|
|
};
|
|
|
|
|
|
# The init script of boot stage 2, which is supposed to do
|
|
# everything else to bring up the system.
|
|
bootStage2 = import ../boot/boot-stage-2.nix {
|
|
inherit (pkgs) substituteAll writeText coreutils
|
|
utillinux udev upstart;
|
|
inherit kernel activateConfiguration;
|
|
inherit (config.boot) isLiveCD;
|
|
upstartPath = [
|
|
pkgs.coreutils
|
|
pkgs.findutils
|
|
pkgs.gnugrep
|
|
pkgs.gnused
|
|
pkgs.upstart
|
|
];
|
|
bootLocal = config.boot.localCommands;
|
|
};
|
|
|
|
|
|
# Script to build the Grub menu containing the current and previous
|
|
# system configurations.
|
|
grubMenuBuilder = pkgs.substituteAll {
|
|
src = ../installer/grub-menu-builder.sh;
|
|
isExecutable = true;
|
|
inherit (pkgs) bash;
|
|
path = [pkgs.coreutils pkgs.gnused pkgs.gnugrep];
|
|
inherit (config.boot) copyKernels extraGrubEntries
|
|
grubSplashImage bootMount configurationLimit;
|
|
};
|
|
|
|
|
|
# Putting it all together. This builds a store object containing
|
|
# symlinks to the various parts of the built configuration (the
|
|
# kernel, the Upstart services, the init scripts, etc.) as well as a
|
|
# script `switch-to-configuration' that activates the configuration
|
|
# and makes it bootable.
|
|
system = pkgs.checker (pkgs.stdenv.mkDerivation {
|
|
name = "system";
|
|
builder = ./system.sh;
|
|
switchToConfiguration = ./switch-to-configuration.sh;
|
|
inherit (pkgs) grub coreutils gnused gnugrep diffutils findutils upstart;
|
|
grubDevice = config.boot.grubDevice;
|
|
kernelParams =
|
|
config.boot.kernelParams ++ config.boot.extraKernelParams;
|
|
inherit bootStage2;
|
|
inherit activateConfiguration;
|
|
inherit grubMenuBuilder;
|
|
inherit etc;
|
|
inherit systemPath;
|
|
kernel = kernel + "/vmlinuz";
|
|
initrd = initialRamdisk + "/initrd";
|
|
# Most of these are needed by grub-install.
|
|
path = [
|
|
pkgs.coreutils
|
|
pkgs.gnused
|
|
pkgs.gnugrep
|
|
pkgs.findutils
|
|
pkgs.diffutils
|
|
pkgs.upstart # for initctl
|
|
];
|
|
children = map (x: ((import ./system.nix)
|
|
{inherit platform stage2Init;
|
|
configuration = x//{boot=((x.boot)//{grubDevice = "";});};}).system)
|
|
config.nesting.children;
|
|
configurationName = config.boot.configurationName;
|
|
}) (pkgs.lib.getAttr ["environment" "checkConfigurationOptions"]
|
|
optionDeclarations.environment.checkConfigurationOptions.default
|
|
configuration)
|
|
optionDeclarations configuration ;
|
|
}
|