2014-04-14 14:26:48 +00:00
|
|
|
|
{ config, lib, pkgs, utils, ... }:
|
2012-06-02 00:15:07 +00:00
|
|
|
|
|
2013-01-01 13:42:43 +00:00
|
|
|
|
with utils;
|
2021-11-20 17:34:13 +00:00
|
|
|
|
with systemdUtils.unitOptions;
|
2014-05-05 19:52:33 +00:00
|
|
|
|
with lib;
|
2012-06-02 00:15:07 +00:00
|
|
|
|
|
|
|
|
|
let
|
|
|
|
|
|
2013-01-16 11:33:18 +00:00
|
|
|
|
cfg = config.systemd;
|
2012-06-18 03:31:21 +00:00
|
|
|
|
|
2013-01-16 12:17:57 +00:00
|
|
|
|
systemd = cfg.package;
|
2012-06-02 00:15:07 +00:00
|
|
|
|
|
2022-03-13 15:09:36 +00:00
|
|
|
|
inherit (systemdUtils.lib)
|
2022-03-13 15:11:28 +00:00
|
|
|
|
makeUnit
|
|
|
|
|
generateUnits
|
2022-03-13 15:09:36 +00:00
|
|
|
|
makeJobScript
|
|
|
|
|
commonUnitText
|
|
|
|
|
targetToUnit
|
|
|
|
|
serviceToUnit
|
|
|
|
|
socketToUnit
|
|
|
|
|
timerToUnit
|
|
|
|
|
pathToUnit
|
|
|
|
|
mountToUnit
|
|
|
|
|
automountToUnit
|
|
|
|
|
sliceToUnit;
|
|
|
|
|
|
2014-04-17 22:38:40 +00:00
|
|
|
|
upstreamSystemUnits =
|
2012-06-14 22:44:56 +00:00
|
|
|
|
[ # Targets.
|
2012-06-02 00:15:07 +00:00
|
|
|
|
"basic.target"
|
2013-01-08 16:26:51 +00:00
|
|
|
|
"sysinit.target"
|
2012-06-02 00:15:07 +00:00
|
|
|
|
"sockets.target"
|
2017-01-26 00:52:38 +00:00
|
|
|
|
"exit.target"
|
2012-06-14 22:44:56 +00:00
|
|
|
|
"graphical.target"
|
|
|
|
|
"multi-user.target"
|
|
|
|
|
"network.target"
|
2014-12-02 01:19:06 +00:00
|
|
|
|
"network-pre.target"
|
2013-07-16 09:55:12 +00:00
|
|
|
|
"network-online.target"
|
2012-06-14 22:44:56 +00:00
|
|
|
|
"nss-lookup.target"
|
|
|
|
|
"nss-user-lookup.target"
|
|
|
|
|
"time-sync.target"
|
2022-01-23 10:58:30 +00:00
|
|
|
|
] ++ (optionals cfg.package.withCryptsetup [
|
2019-08-19 00:08:46 +00:00
|
|
|
|
"cryptsetup.target"
|
2021-10-22 13:01:55 +00:00
|
|
|
|
"cryptsetup-pre.target"
|
|
|
|
|
"remote-cryptsetup.target"
|
2022-01-23 10:58:30 +00:00
|
|
|
|
]) ++ [
|
2012-08-14 22:14:48 +00:00
|
|
|
|
"sigpwr.target"
|
2013-03-27 12:58:12 +00:00
|
|
|
|
"timers.target"
|
|
|
|
|
"paths.target"
|
2014-04-15 22:59:26 +00:00
|
|
|
|
"rpcbind.target"
|
2012-06-14 22:44:56 +00:00
|
|
|
|
|
2013-01-21 20:01:48 +00:00
|
|
|
|
# Rescue mode.
|
2013-01-08 17:24:06 +00:00
|
|
|
|
"rescue.target"
|
|
|
|
|
"rescue.service"
|
|
|
|
|
|
2012-06-15 17:09:22 +00:00
|
|
|
|
# Udev.
|
2012-07-16 21:47:11 +00:00
|
|
|
|
"systemd-udevd-control.socket"
|
|
|
|
|
"systemd-udevd-kernel.socket"
|
2014-04-17 16:52:31 +00:00
|
|
|
|
"systemd-udevd.service"
|
2012-06-15 17:09:22 +00:00
|
|
|
|
"systemd-udev-settle.service"
|
2021-04-28 01:58:26 +00:00
|
|
|
|
] ++ (optional (!config.boot.isContainer) "systemd-udev-trigger.service") ++ [
|
2017-02-08 18:42:07 +00:00
|
|
|
|
# hwdb.bin is managed by NixOS
|
|
|
|
|
# "systemd-hwdb-update.service"
|
2012-06-15 17:09:22 +00:00
|
|
|
|
|
2014-04-17 16:52:31 +00:00
|
|
|
|
# Consoles.
|
|
|
|
|
"getty.target"
|
2018-02-11 22:43:24 +00:00
|
|
|
|
"getty-pre.target"
|
2014-04-17 16:52:31 +00:00
|
|
|
|
"getty@.service"
|
|
|
|
|
"serial-getty@.service"
|
2017-01-26 00:52:38 +00:00
|
|
|
|
"console-getty.service"
|
2014-04-17 16:52:31 +00:00
|
|
|
|
"container-getty@.service"
|
|
|
|
|
"systemd-vconsole-setup.service"
|
|
|
|
|
|
2012-08-14 22:14:48 +00:00
|
|
|
|
# Hardware (started by udev when a relevant device is plugged in).
|
|
|
|
|
"sound.target"
|
|
|
|
|
"bluetooth.target"
|
|
|
|
|
"printer.target"
|
|
|
|
|
"smartcard.target"
|
|
|
|
|
|
2012-08-06 20:52:08 +00:00
|
|
|
|
# Kernel module loading.
|
2014-04-17 16:52:31 +00:00
|
|
|
|
"systemd-modules-load.service"
|
|
|
|
|
"kmod-static-nodes.service"
|
2021-03-04 20:05:16 +00:00
|
|
|
|
"modprobe@.service"
|
2012-08-06 20:52:08 +00:00
|
|
|
|
|
2012-06-02 00:15:07 +00:00
|
|
|
|
# Filesystems.
|
2012-07-16 21:47:11 +00:00
|
|
|
|
"systemd-fsck@.service"
|
|
|
|
|
"systemd-fsck-root.service"
|
2012-06-14 22:44:56 +00:00
|
|
|
|
"systemd-remount-fs.service"
|
2020-12-01 23:54:35 +00:00
|
|
|
|
"systemd-pstore.service"
|
2012-06-02 00:15:07 +00:00
|
|
|
|
"local-fs.target"
|
|
|
|
|
"local-fs-pre.target"
|
|
|
|
|
"remote-fs.target"
|
|
|
|
|
"remote-fs-pre.target"
|
|
|
|
|
"swap.target"
|
2012-06-14 22:44:56 +00:00
|
|
|
|
"dev-hugepages.mount"
|
2012-06-02 00:15:07 +00:00
|
|
|
|
"dev-mqueue.mount"
|
2014-04-28 07:13:57 +00:00
|
|
|
|
"sys-fs-fuse-connections.mount"
|
2020-08-06 02:12:57 +00:00
|
|
|
|
] ++ (optional (!config.boot.isContainer) "sys-kernel-config.mount") ++ [
|
2012-06-14 22:44:56 +00:00
|
|
|
|
"sys-kernel-debug.mount"
|
|
|
|
|
|
2014-04-15 22:59:26 +00:00
|
|
|
|
# Maintaining state across reboots.
|
|
|
|
|
"systemd-random-seed.service"
|
2014-04-18 17:37:15 +00:00
|
|
|
|
"systemd-backlight@.service"
|
2015-10-07 19:48:30 +00:00
|
|
|
|
"systemd-rfkill.service"
|
2017-01-26 00:52:38 +00:00
|
|
|
|
"systemd-rfkill.socket"
|
2014-04-15 22:59:26 +00:00
|
|
|
|
|
2012-06-14 22:44:56 +00:00
|
|
|
|
# Hibernate / suspend.
|
|
|
|
|
"hibernate.target"
|
|
|
|
|
"suspend.target"
|
2019-08-26 09:04:10 +00:00
|
|
|
|
"suspend-then-hibernate.target"
|
2012-06-14 22:44:56 +00:00
|
|
|
|
"sleep.target"
|
2013-03-27 12:58:12 +00:00
|
|
|
|
"hybrid-sleep.target"
|
2012-07-20 19:40:50 +00:00
|
|
|
|
"systemd-hibernate.service"
|
2013-03-27 12:58:12 +00:00
|
|
|
|
"systemd-hybrid-sleep.service"
|
2017-01-26 00:52:38 +00:00
|
|
|
|
"systemd-suspend.service"
|
2019-08-26 09:04:10 +00:00
|
|
|
|
"systemd-suspend-then-hibernate.service"
|
2012-06-02 00:15:07 +00:00
|
|
|
|
|
|
|
|
|
# Reboot stuff.
|
|
|
|
|
"reboot.target"
|
2012-07-16 21:47:11 +00:00
|
|
|
|
"systemd-reboot.service"
|
2012-06-02 00:15:07 +00:00
|
|
|
|
"poweroff.target"
|
2012-07-16 21:47:11 +00:00
|
|
|
|
"systemd-poweroff.service"
|
2012-06-02 00:15:07 +00:00
|
|
|
|
"halt.target"
|
2012-07-16 21:47:11 +00:00
|
|
|
|
"systemd-halt.service"
|
2012-06-02 00:15:07 +00:00
|
|
|
|
"shutdown.target"
|
|
|
|
|
"umount.target"
|
|
|
|
|
"final.target"
|
2012-08-14 22:14:48 +00:00
|
|
|
|
"kexec.target"
|
2013-09-16 15:15:42 +00:00
|
|
|
|
"systemd-kexec.service"
|
2014-04-15 22:59:26 +00:00
|
|
|
|
"systemd-update-utmp.service"
|
2012-06-14 22:44:56 +00:00
|
|
|
|
|
2012-06-19 21:02:54 +00:00
|
|
|
|
# Password entry.
|
|
|
|
|
"systemd-ask-password-console.path"
|
|
|
|
|
"systemd-ask-password-console.service"
|
|
|
|
|
"systemd-ask-password-wall.path"
|
|
|
|
|
"systemd-ask-password-wall.service"
|
2014-04-15 22:59:26 +00:00
|
|
|
|
|
|
|
|
|
# Slices / containers.
|
|
|
|
|
"slices.target"
|
|
|
|
|
"machine.slice"
|
2017-01-26 00:52:38 +00:00
|
|
|
|
"machines.target"
|
2019-10-03 20:24:15 +00:00
|
|
|
|
"systemd-importd.service"
|
2014-04-15 22:59:26 +00:00
|
|
|
|
"systemd-machined.service"
|
2016-06-09 13:45:55 +00:00
|
|
|
|
"systemd-nspawn@.service"
|
2014-04-17 11:23:06 +00:00
|
|
|
|
|
2014-04-17 16:52:31 +00:00
|
|
|
|
# Misc.
|
|
|
|
|
"systemd-sysctl.service"
|
2015-12-06 13:30:18 +00:00
|
|
|
|
"dbus-org.freedesktop.timedate1.service"
|
|
|
|
|
"dbus-org.freedesktop.locale1.service"
|
|
|
|
|
"dbus-org.freedesktop.hostname1.service"
|
|
|
|
|
"systemd-timedated.service"
|
|
|
|
|
"systemd-localed.service"
|
|
|
|
|
"systemd-hostnamed.service"
|
2017-01-26 00:52:38 +00:00
|
|
|
|
"systemd-exit.service"
|
2018-02-11 22:43:24 +00:00
|
|
|
|
"systemd-update-done.service"
|
2018-05-26 23:49:08 +00:00
|
|
|
|
] ++ cfg.additionalUpstreamSystemUnits;
|
2012-06-02 00:15:07 +00:00
|
|
|
|
|
2014-04-17 22:38:40 +00:00
|
|
|
|
upstreamSystemWants =
|
2017-01-26 00:52:38 +00:00
|
|
|
|
[ "sysinit.target.wants"
|
2012-06-14 22:44:56 +00:00
|
|
|
|
"sockets.target.wants"
|
|
|
|
|
"local-fs.target.wants"
|
|
|
|
|
"multi-user.target.wants"
|
2013-03-27 12:58:12 +00:00
|
|
|
|
"timers.target.wants"
|
2012-06-14 22:44:56 +00:00
|
|
|
|
];
|
|
|
|
|
|
2019-12-11 08:34:35 +00:00
|
|
|
|
proxy_env = config.networking.proxy.envVars;
|
|
|
|
|
|
2012-06-02 00:15:07 +00:00
|
|
|
|
in
|
|
|
|
|
|
|
|
|
|
{
|
2012-06-14 22:44:56 +00:00
|
|
|
|
###### interface
|
|
|
|
|
|
|
|
|
|
options = {
|
|
|
|
|
|
2013-01-16 12:17:57 +00:00
|
|
|
|
systemd.package = mkOption {
|
|
|
|
|
default = pkgs.systemd;
|
2021-10-03 16:06:03 +00:00
|
|
|
|
defaultText = literalExpression "pkgs.systemd";
|
2013-01-16 12:17:57 +00:00
|
|
|
|
type = types.package;
|
|
|
|
|
description = "The systemd package.";
|
|
|
|
|
};
|
|
|
|
|
|
2013-01-16 11:33:18 +00:00
|
|
|
|
systemd.units = mkOption {
|
2012-06-18 19:28:31 +00:00
|
|
|
|
description = "Definition of systemd units.";
|
2012-06-18 03:31:21 +00:00
|
|
|
|
default = {};
|
2022-03-19 08:02:39 +00:00
|
|
|
|
type = systemdUtils.types.units;
|
2012-06-18 19:28:31 +00:00
|
|
|
|
};
|
|
|
|
|
|
2013-01-16 11:33:18 +00:00
|
|
|
|
systemd.packages = mkOption {
|
2012-08-21 15:28:47 +00:00
|
|
|
|
default = [];
|
|
|
|
|
type = types.listOf types.package;
|
2021-10-03 16:06:03 +00:00
|
|
|
|
example = literalExpression "[ pkgs.systemd-cryptsetup-generator ]";
|
2019-07-26 09:11:44 +00:00
|
|
|
|
description = "Packages providing systemd units and hooks.";
|
2012-08-21 15:28:47 +00:00
|
|
|
|
};
|
|
|
|
|
|
2013-01-16 11:33:18 +00:00
|
|
|
|
systemd.targets = mkOption {
|
2012-10-01 22:58:11 +00:00
|
|
|
|
default = {};
|
2022-03-19 08:02:39 +00:00
|
|
|
|
type = systemdUtils.types.targets;
|
2012-10-01 22:58:11 +00:00
|
|
|
|
description = "Definition of systemd target units.";
|
|
|
|
|
};
|
|
|
|
|
|
2013-01-16 11:33:18 +00:00
|
|
|
|
systemd.services = mkOption {
|
2012-06-18 19:28:31 +00:00
|
|
|
|
default = {};
|
2022-03-19 08:02:39 +00:00
|
|
|
|
type = systemdUtils.types.services;
|
2012-10-01 22:58:11 +00:00
|
|
|
|
description = "Definition of systemd service units.";
|
|
|
|
|
};
|
|
|
|
|
|
2013-01-16 11:33:18 +00:00
|
|
|
|
systemd.sockets = mkOption {
|
2012-10-01 22:58:11 +00:00
|
|
|
|
default = {};
|
2022-03-19 08:02:39 +00:00
|
|
|
|
type = systemdUtils.types.sockets;
|
2012-10-01 22:58:11 +00:00
|
|
|
|
description = "Definition of systemd socket units.";
|
2012-06-14 22:44:56 +00:00
|
|
|
|
};
|
|
|
|
|
|
2013-03-02 00:03:13 +00:00
|
|
|
|
systemd.timers = mkOption {
|
|
|
|
|
default = {};
|
2022-03-19 08:02:39 +00:00
|
|
|
|
type = systemdUtils.types.timers;
|
2013-03-02 00:03:13 +00:00
|
|
|
|
description = "Definition of systemd timer units.";
|
|
|
|
|
};
|
|
|
|
|
|
2014-03-31 10:23:27 +00:00
|
|
|
|
systemd.paths = mkOption {
|
|
|
|
|
default = {};
|
2022-03-19 08:02:39 +00:00
|
|
|
|
type = systemdUtils.types.paths;
|
2014-03-31 10:23:27 +00:00
|
|
|
|
description = "Definition of systemd path units.";
|
|
|
|
|
};
|
|
|
|
|
|
2013-01-16 11:33:18 +00:00
|
|
|
|
systemd.mounts = mkOption {
|
2012-12-28 12:29:53 +00:00
|
|
|
|
default = [];
|
2022-03-19 08:02:39 +00:00
|
|
|
|
type = systemdUtils.types.mounts;
|
2012-12-28 12:29:53 +00:00
|
|
|
|
description = ''
|
|
|
|
|
Definition of systemd mount units.
|
|
|
|
|
This is a list instead of an attrSet, because systemd mandates the names to be derived from
|
|
|
|
|
the 'where' attribute.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
2013-09-23 20:56:05 +00:00
|
|
|
|
systemd.automounts = mkOption {
|
|
|
|
|
default = [];
|
2022-03-19 08:02:39 +00:00
|
|
|
|
type = systemdUtils.types.automounts;
|
2013-09-23 20:56:05 +00:00
|
|
|
|
description = ''
|
|
|
|
|
Definition of systemd automount units.
|
|
|
|
|
This is a list instead of an attrSet, because systemd mandates the names to be derived from
|
|
|
|
|
the 'where' attribute.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
2016-12-20 06:21:52 +00:00
|
|
|
|
systemd.slices = mkOption {
|
|
|
|
|
default = {};
|
2022-03-19 08:02:39 +00:00
|
|
|
|
type = systemdUtils.types.slices;
|
2016-12-20 06:21:52 +00:00
|
|
|
|
description = "Definition of slice configurations.";
|
|
|
|
|
};
|
|
|
|
|
|
2015-09-26 16:34:36 +00:00
|
|
|
|
systemd.generators = mkOption {
|
|
|
|
|
type = types.attrsOf types.path;
|
|
|
|
|
default = {};
|
2019-08-13 21:52:01 +00:00
|
|
|
|
example = { systemd-gpt-auto-generator = "/dev/null"; };
|
2015-09-26 16:34:36 +00:00
|
|
|
|
description = ''
|
|
|
|
|
Definition of systemd generators.
|
|
|
|
|
For each <literal>NAME = VALUE</literal> pair of the attrSet, a link is generated from
|
|
|
|
|
<literal>/etc/systemd/system-generators/NAME</literal> to <literal>VALUE</literal>.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
2019-07-25 13:27:28 +00:00
|
|
|
|
systemd.shutdown = mkOption {
|
|
|
|
|
type = types.attrsOf types.path;
|
|
|
|
|
default = {};
|
|
|
|
|
description = ''
|
|
|
|
|
Definition of systemd shutdown executables.
|
|
|
|
|
For each <literal>NAME = VALUE</literal> pair of the attrSet, a link is generated from
|
|
|
|
|
<literal>/etc/systemd/system-shutdown/NAME</literal> to <literal>VALUE</literal>.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
2013-01-16 11:33:18 +00:00
|
|
|
|
systemd.defaultUnit = mkOption {
|
2012-06-18 03:31:21 +00:00
|
|
|
|
default = "multi-user.target";
|
2013-10-30 10:02:04 +00:00
|
|
|
|
type = types.str;
|
2012-06-18 03:31:21 +00:00
|
|
|
|
description = "Default unit started when the system boots.";
|
|
|
|
|
};
|
2012-07-19 21:32:50 +00:00
|
|
|
|
|
2016-07-19 07:42:53 +00:00
|
|
|
|
systemd.ctrlAltDelUnit = mkOption {
|
|
|
|
|
default = "reboot.target";
|
|
|
|
|
type = types.str;
|
|
|
|
|
example = "poweroff.target";
|
|
|
|
|
description = ''
|
|
|
|
|
Target that should be started when Ctrl-Alt-Delete is pressed.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
2013-01-16 11:33:18 +00:00
|
|
|
|
systemd.globalEnvironment = mkOption {
|
2019-08-08 21:35:52 +00:00
|
|
|
|
type = with types; attrsOf (nullOr (oneOf [ str path package ]));
|
2012-10-30 16:27:14 +00:00
|
|
|
|
default = {};
|
|
|
|
|
example = { TZ = "CET"; };
|
|
|
|
|
description = ''
|
|
|
|
|
Environment variables passed to <emphasis>all</emphasis> systemd units.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
2018-03-10 21:23:42 +00:00
|
|
|
|
systemd.enableCgroupAccounting = mkOption {
|
2019-08-19 15:50:29 +00:00
|
|
|
|
default = true;
|
2018-03-10 21:23:42 +00:00
|
|
|
|
type = types.bool;
|
|
|
|
|
description = ''
|
|
|
|
|
Whether to enable cgroup accounting.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
2020-11-17 20:54:26 +00:00
|
|
|
|
systemd.enableUnifiedCgroupHierarchy = mkOption {
|
|
|
|
|
default = true;
|
|
|
|
|
type = types.bool;
|
|
|
|
|
description = ''
|
|
|
|
|
Whether to enable the unified cgroup hierarchy (cgroupsv2).
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
2013-11-15 18:49:01 +00:00
|
|
|
|
systemd.extraConfig = mkOption {
|
|
|
|
|
default = "";
|
|
|
|
|
type = types.lines;
|
|
|
|
|
example = "DefaultLimitCORE=infinity";
|
|
|
|
|
description = ''
|
|
|
|
|
Extra config options for systemd. See man systemd-system.conf for
|
|
|
|
|
available options.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
2020-02-03 16:31:46 +00:00
|
|
|
|
systemd.sleep.extraConfig = mkOption {
|
|
|
|
|
default = "";
|
|
|
|
|
type = types.lines;
|
|
|
|
|
example = "HibernateDelaySec=1h";
|
|
|
|
|
description = ''
|
|
|
|
|
Extra config options for systemd sleep state logic.
|
|
|
|
|
See sleep.conf.d(5) man page for available options.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
2014-07-25 18:05:57 +00:00
|
|
|
|
systemd.additionalUpstreamSystemUnits = mkOption {
|
|
|
|
|
default = [ ];
|
|
|
|
|
type = types.listOf types.str;
|
|
|
|
|
example = [ "debug-shell.service" "systemd-quotacheck.service" ];
|
|
|
|
|
description = ''
|
|
|
|
|
Additional units shipped with systemd that shall be enabled.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
2019-04-18 10:40:48 +00:00
|
|
|
|
systemd.suppressedSystemUnits = mkOption {
|
|
|
|
|
default = [ ];
|
|
|
|
|
type = types.listOf types.str;
|
|
|
|
|
example = [ "systemd-backlight@.service" ];
|
|
|
|
|
description = ''
|
|
|
|
|
A list of units to suppress when generating system systemd configuration directory. This has
|
|
|
|
|
priority over upstream units, <option>systemd.units</option>, and
|
|
|
|
|
<option>systemd.additionalUpstreamSystemUnits</option>. The main purpose of this is to
|
|
|
|
|
suppress a upstream systemd unit with any modifications made to it by other NixOS modules.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
2020-07-09 01:43:12 +00:00
|
|
|
|
systemd.watchdog.device = mkOption {
|
2020-07-12 10:14:16 +00:00
|
|
|
|
type = types.nullOr types.path;
|
|
|
|
|
default = null;
|
2020-07-09 01:43:12 +00:00
|
|
|
|
example = "/dev/watchdog";
|
|
|
|
|
description = ''
|
|
|
|
|
The path to a hardware watchdog device which will be managed by systemd.
|
|
|
|
|
If not specified, systemd will default to /dev/watchdog.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
systemd.watchdog.runtimeTime = mkOption {
|
2020-07-12 10:14:16 +00:00
|
|
|
|
type = types.nullOr types.str;
|
|
|
|
|
default = null;
|
2020-07-09 01:43:12 +00:00
|
|
|
|
example = "30s";
|
|
|
|
|
description = ''
|
|
|
|
|
The amount of time which can elapse before a watchdog hardware device
|
|
|
|
|
will automatically reboot the system. Valid time units include "ms",
|
|
|
|
|
"s", "min", "h", "d", and "w".
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
systemd.watchdog.rebootTime = mkOption {
|
2020-07-12 10:14:16 +00:00
|
|
|
|
type = types.nullOr types.str;
|
|
|
|
|
default = null;
|
2020-07-09 01:43:12 +00:00
|
|
|
|
example = "10m";
|
|
|
|
|
description = ''
|
|
|
|
|
The amount of time which can elapse after a reboot has been triggered
|
|
|
|
|
before a watchdog hardware device will automatically reboot the system.
|
|
|
|
|
Valid time units include "ms", "s", "min", "h", "d", and "w".
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
systemd.watchdog.kexecTime = mkOption {
|
2020-07-12 10:14:16 +00:00
|
|
|
|
type = types.nullOr types.str;
|
|
|
|
|
default = null;
|
2020-07-09 01:43:12 +00:00
|
|
|
|
example = "10m";
|
|
|
|
|
description = ''
|
|
|
|
|
The amount of time which can elapse when kexec is being executed before
|
|
|
|
|
a watchdog hardware device will automatically reboot the system. This
|
|
|
|
|
option should only be enabled if reloadTime is also enabled. Valid
|
|
|
|
|
time units include "ms", "s", "min", "h", "d", and "w".
|
|
|
|
|
'';
|
|
|
|
|
};
|
2012-06-14 22:44:56 +00:00
|
|
|
|
};
|
|
|
|
|
|
2012-08-06 15:45:59 +00:00
|
|
|
|
|
2012-06-02 00:15:07 +00:00
|
|
|
|
###### implementation
|
|
|
|
|
|
2015-04-19 19:05:12 +00:00
|
|
|
|
config = {
|
2012-06-02 00:15:07 +00:00
|
|
|
|
|
2020-10-31 15:50:25 +00:00
|
|
|
|
warnings = concatLists (
|
|
|
|
|
mapAttrsToList
|
|
|
|
|
(name: service:
|
|
|
|
|
let
|
|
|
|
|
type = service.serviceConfig.Type or "";
|
|
|
|
|
restart = service.serviceConfig.Restart or "no";
|
2020-10-31 08:25:51 +00:00
|
|
|
|
hasDeprecated = builtins.hasAttr "StartLimitInterval" service.serviceConfig;
|
2020-10-31 15:50:25 +00:00
|
|
|
|
in
|
|
|
|
|
concatLists [
|
|
|
|
|
(optional (type == "oneshot" && (restart == "always" || restart == "on-success"))
|
|
|
|
|
"Service '${name}.service' with 'Type=oneshot' cannot have 'Restart=always' or 'Restart=on-success'"
|
|
|
|
|
)
|
2020-10-31 08:25:51 +00:00
|
|
|
|
(optional hasDeprecated
|
|
|
|
|
"Service '${name}.service' uses the attribute 'StartLimitInterval' in the Service section, which is deprecated. See https://github.com/NixOS/nixpkgs/issues/45786."
|
|
|
|
|
)
|
2022-01-29 22:01:24 +00:00
|
|
|
|
(optional (service.reloadIfChanged && service.reloadTriggers != [])
|
|
|
|
|
"Service '${name}.service' has both 'reloadIfChanged' and 'reloadTriggers' set. This is probably not what you want, because 'reloadTriggers' behave the same whay as 'restartTriggers' if 'reloadIfChanged' is set."
|
|
|
|
|
)
|
2020-10-31 15:50:25 +00:00
|
|
|
|
]
|
|
|
|
|
)
|
|
|
|
|
cfg.services
|
|
|
|
|
);
|
2014-04-10 04:55:17 +00:00
|
|
|
|
|
2014-04-17 22:38:40 +00:00
|
|
|
|
system.build.units = cfg.units;
|
2012-06-16 04:19:43 +00:00
|
|
|
|
|
2020-05-05 22:24:38 +00:00
|
|
|
|
system.nssModules = [ systemd.out ];
|
|
|
|
|
system.nssDatabases = {
|
2020-05-05 13:03:14 +00:00
|
|
|
|
hosts = (mkMerge [
|
nixos/systemd: fix NSS database ordering
- The order of NSS (host) modules has been brought in line with upstream
recommendations:
- The `myhostname` module is placed before the `resolve` (optional) and `dns`
entries, but after `file` (to allow overriding via `/etc/hosts` /
`networking.extraHosts`, and prevent ISPs with catchall-DNS resolvers from
hijacking `.localhost` domains)
- The `mymachines` module, which provides hostname resolution for local
containers (registered with `systemd-machined`) is placed to the front, to
make sure its mappings are preferred over other resolvers.
- If systemd-networkd is enabled, the `resolve` module is placed before
`files` and `myhostname`, as it provides the same logic internally, with
caching.
- The `mdns(_minimal)` module has been updated to the new priorities.
If you use your own NSS host modules, make sure to update your priorities
according to these rules:
- NSS modules which should be queried before `resolved` DNS resolution should
use mkBefore.
- NSS modules which should be queried after `resolved`, `files` and
`myhostname`, but before `dns` should use the default priority
- NSS modules which should come after `dns` should use mkAfter.
2021-07-17 17:41:45 +00:00
|
|
|
|
(mkOrder 400 ["mymachines"]) # 400 to ensure it comes before resolve (which is mkBefore'd)
|
|
|
|
|
(mkOrder 999 ["myhostname"]) # after files (which is 998), but before regular nss modules
|
2020-05-05 13:03:14 +00:00
|
|
|
|
]);
|
|
|
|
|
passwd = (mkMerge [
|
|
|
|
|
(mkAfter [ "systemd" ])
|
|
|
|
|
]);
|
2020-05-05 22:06:40 +00:00
|
|
|
|
group = (mkMerge [
|
|
|
|
|
(mkAfter [ "systemd" ])
|
|
|
|
|
]);
|
2020-05-05 13:03:14 +00:00
|
|
|
|
};
|
|
|
|
|
|
2012-06-02 00:15:07 +00:00
|
|
|
|
environment.systemPackages = [ systemd ];
|
2012-08-06 15:45:59 +00:00
|
|
|
|
|
2016-03-24 14:27:47 +00:00
|
|
|
|
environment.etc = let
|
2019-07-25 13:27:28 +00:00
|
|
|
|
# generate contents for /etc/systemd/system-${type} from attrset of links and packages
|
2019-07-26 09:11:44 +00:00
|
|
|
|
hooks = type: links: pkgs.runCommand "system-${type}" {
|
2018-11-08 10:59:03 +00:00
|
|
|
|
preferLocalBuild = true;
|
2019-07-26 09:11:44 +00:00
|
|
|
|
packages = cfg.packages;
|
2019-07-25 13:27:28 +00:00
|
|
|
|
} ''
|
|
|
|
|
set -e
|
2016-03-25 11:45:54 +00:00
|
|
|
|
mkdir -p $out
|
|
|
|
|
for package in $packages
|
|
|
|
|
do
|
2019-07-25 13:27:28 +00:00
|
|
|
|
for hook in $package/lib/systemd/system-${type}/*
|
|
|
|
|
do
|
|
|
|
|
ln -s $hook $out/
|
|
|
|
|
done
|
|
|
|
|
done
|
|
|
|
|
${concatStrings (mapAttrsToList (exec: target: "ln -s ${target} $out/${exec};\n") links)}
|
2016-03-25 11:45:54 +00:00
|
|
|
|
'';
|
2019-04-18 10:40:48 +00:00
|
|
|
|
|
|
|
|
|
enabledUpstreamSystemUnits = filter (n: ! elem n cfg.suppressedSystemUnits) upstreamSystemUnits;
|
|
|
|
|
enabledUnits = filterAttrs (n: v: ! elem n cfg.suppressedSystemUnits) cfg.units;
|
2016-03-24 14:27:47 +00:00
|
|
|
|
in ({
|
2022-03-20 02:58:38 +00:00
|
|
|
|
"systemd/system".source = generateUnits {
|
|
|
|
|
type = "system";
|
|
|
|
|
units = enabledUnits;
|
|
|
|
|
upstreamUnits = enabledUpstreamSystemUnits;
|
|
|
|
|
upstreamWants = upstreamSystemWants;
|
|
|
|
|
};
|
2014-04-17 22:38:40 +00:00
|
|
|
|
|
2015-09-26 16:34:36 +00:00
|
|
|
|
"systemd/system.conf".text = ''
|
2013-05-09 14:21:42 +00:00
|
|
|
|
[Manager]
|
2018-03-10 21:23:42 +00:00
|
|
|
|
${optionalString config.systemd.enableCgroupAccounting ''
|
|
|
|
|
DefaultCPUAccounting=yes
|
|
|
|
|
DefaultIOAccounting=yes
|
|
|
|
|
DefaultBlockIOAccounting=yes
|
2019-08-19 15:43:57 +00:00
|
|
|
|
DefaultIPAccounting=yes
|
2018-03-10 21:23:42 +00:00
|
|
|
|
''}
|
2019-08-16 09:29:41 +00:00
|
|
|
|
DefaultLimitCORE=infinity
|
2020-07-12 10:14:16 +00:00
|
|
|
|
${optionalString (config.systemd.watchdog.device != null) ''
|
2020-07-09 01:43:12 +00:00
|
|
|
|
WatchdogDevice=${config.systemd.watchdog.device}
|
|
|
|
|
''}
|
2020-07-12 10:14:16 +00:00
|
|
|
|
${optionalString (config.systemd.watchdog.runtimeTime != null) ''
|
2020-07-09 01:43:12 +00:00
|
|
|
|
RuntimeWatchdogSec=${config.systemd.watchdog.runtimeTime}
|
|
|
|
|
''}
|
2020-07-12 10:14:16 +00:00
|
|
|
|
${optionalString (config.systemd.watchdog.rebootTime != null) ''
|
2020-07-09 01:43:12 +00:00
|
|
|
|
RebootWatchdogSec=${config.systemd.watchdog.rebootTime}
|
|
|
|
|
''}
|
2020-07-12 10:14:16 +00:00
|
|
|
|
${optionalString (config.systemd.watchdog.kexecTime != null) ''
|
2020-07-09 01:43:12 +00:00
|
|
|
|
KExecWatchdogSec=${config.systemd.watchdog.kexecTime}
|
|
|
|
|
''}
|
|
|
|
|
|
2013-11-15 18:49:01 +00:00
|
|
|
|
${config.systemd.extraConfig}
|
2013-05-09 14:21:42 +00:00
|
|
|
|
'';
|
|
|
|
|
|
2015-09-26 16:34:36 +00:00
|
|
|
|
"systemd/sleep.conf".text = ''
|
2013-05-09 14:25:24 +00:00
|
|
|
|
[Sleep]
|
2020-02-03 16:31:46 +00:00
|
|
|
|
${config.systemd.sleep.extraConfig}
|
2013-05-09 14:25:24 +00:00
|
|
|
|
'';
|
|
|
|
|
|
2019-07-26 09:11:44 +00:00
|
|
|
|
"systemd/system-generators" = { source = hooks "generators" cfg.generators; };
|
|
|
|
|
"systemd/system-shutdown" = { source = hooks "shutdown" cfg.shutdown; };
|
2016-03-25 11:45:54 +00:00
|
|
|
|
});
|
2015-09-26 16:34:36 +00:00
|
|
|
|
|
2016-03-07 01:38:53 +00:00
|
|
|
|
services.dbus.enable = true;
|
|
|
|
|
|
2021-08-08 12:00:00 +00:00
|
|
|
|
users.users.systemd-network = {
|
|
|
|
|
uid = config.ids.uids.systemd-network;
|
|
|
|
|
group = "systemd-network";
|
|
|
|
|
};
|
2018-06-29 23:58:35 +00:00
|
|
|
|
users.groups.systemd-network.gid = config.ids.gids.systemd-network;
|
2021-08-08 12:00:00 +00:00
|
|
|
|
users.users.systemd-resolve = {
|
|
|
|
|
uid = config.ids.uids.systemd-resolve;
|
|
|
|
|
group = "systemd-resolve";
|
|
|
|
|
};
|
2018-06-29 23:58:35 +00:00
|
|
|
|
users.groups.systemd-resolve.gid = config.ids.gids.systemd-resolve;
|
2015-05-11 13:54:16 +00:00
|
|
|
|
|
2012-11-01 22:32:12 +00:00
|
|
|
|
# Target for ‘charon send-keys’ to hook into.
|
2018-06-29 23:58:35 +00:00
|
|
|
|
users.groups.keys.gid = config.ids.gids.keys;
|
2014-02-11 12:00:10 +00:00
|
|
|
|
|
2013-01-16 11:33:18 +00:00
|
|
|
|
systemd.targets.keys =
|
2012-11-01 22:32:12 +00:00
|
|
|
|
{ description = "Security Keys";
|
2014-02-26 18:35:04 +00:00
|
|
|
|
unitConfig.X-StopOnReconfiguration = true;
|
2012-11-01 22:32:12 +00:00
|
|
|
|
};
|
|
|
|
|
|
2013-01-16 11:33:18 +00:00
|
|
|
|
systemd.units =
|
2017-07-13 01:41:51 +00:00
|
|
|
|
mapAttrs' (n: v: nameValuePair "${n}.path" (pathToUnit n v)) cfg.paths
|
2012-10-01 22:58:11 +00:00
|
|
|
|
// mapAttrs' (n: v: nameValuePair "${n}.service" (serviceToUnit n v)) cfg.services
|
2017-07-13 01:41:51 +00:00
|
|
|
|
// mapAttrs' (n: v: nameValuePair "${n}.slice" (sliceToUnit n v)) cfg.slices
|
|
|
|
|
// mapAttrs' (n: v: nameValuePair "${n}.socket" (socketToUnit n v)) cfg.sockets
|
|
|
|
|
// mapAttrs' (n: v: nameValuePair "${n}.target" (targetToUnit n v)) cfg.targets
|
|
|
|
|
// mapAttrs' (n: v: nameValuePair "${n}.timer" (timerToUnit n v)) cfg.timers
|
2012-12-28 12:29:53 +00:00
|
|
|
|
// listToAttrs (map
|
2013-01-01 13:42:43 +00:00
|
|
|
|
(v: let n = escapeSystemdPath v.where;
|
2013-09-23 20:56:05 +00:00
|
|
|
|
in nameValuePair "${n}.mount" (mountToUnit n v)) cfg.mounts)
|
|
|
|
|
// listToAttrs (map
|
|
|
|
|
(v: let n = escapeSystemdPath v.where;
|
|
|
|
|
in nameValuePair "${n}.automount" (automountToUnit n v)) cfg.automounts);
|
2012-06-14 22:44:56 +00:00
|
|
|
|
|
2014-04-30 11:53:12 +00:00
|
|
|
|
system.requiredKernelConfig = map config.lib.kernelConfig.isEnabled
|
|
|
|
|
[ "DEVTMPFS" "CGROUPS" "INOTIFY_USER" "SIGNALFD" "TIMERFD" "EPOLL" "NET"
|
2018-03-22 19:16:30 +00:00
|
|
|
|
"SYSFS" "PROC_FS" "FHANDLE" "CRYPTO_USER_API_HASH" "CRYPTO_HMAC"
|
|
|
|
|
"CRYPTO_SHA256" "DMIID" "AUTOFS4_FS" "TMPFS_POSIX_ACL"
|
2014-04-30 11:53:12 +00:00
|
|
|
|
"TMPFS_XATTR" "SECCOMP"
|
|
|
|
|
];
|
2012-11-29 17:51:44 +00:00
|
|
|
|
|
2013-10-09 12:28:35 +00:00
|
|
|
|
# Generate timer units for all services that have a ‘startAt’ value.
|
|
|
|
|
systemd.timers =
|
|
|
|
|
mapAttrs (name: service:
|
|
|
|
|
{ wantedBy = [ "timers.target" ];
|
|
|
|
|
timerConfig.OnCalendar = service.startAt;
|
|
|
|
|
})
|
2016-10-19 00:10:46 +00:00
|
|
|
|
(filterAttrs (name: service: service.enable && service.startAt != []) cfg.services);
|
2013-10-09 12:28:35 +00:00
|
|
|
|
|
2015-08-21 06:45:13 +00:00
|
|
|
|
# Generate timer units for all services that have a ‘startAt’ value.
|
|
|
|
|
systemd.user.timers =
|
|
|
|
|
mapAttrs (name: service:
|
|
|
|
|
{ wantedBy = [ "timers.target" ];
|
|
|
|
|
timerConfig.OnCalendar = service.startAt;
|
|
|
|
|
})
|
2016-10-19 00:10:46 +00:00
|
|
|
|
(filterAttrs (name: service: service.startAt != []) cfg.user.services);
|
2015-08-21 06:45:13 +00:00
|
|
|
|
|
2015-05-11 10:39:37 +00:00
|
|
|
|
# Some overrides to upstream units.
|
|
|
|
|
systemd.services."systemd-backlight@".restartIfChanged = false;
|
2017-04-04 14:29:24 +00:00
|
|
|
|
systemd.services."systemd-fsck@".restartIfChanged = false;
|
2017-04-04 16:15:40 +00:00
|
|
|
|
systemd.services."systemd-fsck@".path = [ config.system.path ];
|
2015-05-11 10:39:37 +00:00
|
|
|
|
systemd.services.systemd-random-seed.restartIfChanged = false;
|
|
|
|
|
systemd.services.systemd-remount-fs.restartIfChanged = false;
|
|
|
|
|
systemd.services.systemd-update-utmp.restartIfChanged = false;
|
2019-01-05 12:55:27 +00:00
|
|
|
|
systemd.services.systemd-udev-settle.restartIfChanged = false; # Causes long delays in nixos-rebuild
|
2015-05-11 10:39:37 +00:00
|
|
|
|
systemd.targets.local-fs.unitConfig.X-StopOnReconfiguration = true;
|
|
|
|
|
systemd.targets.remote-fs.unitConfig.X-StopOnReconfiguration = true;
|
2020-05-01 15:12:05 +00:00
|
|
|
|
systemd.targets.network-online.wantedBy = [ "multi-user.target" ];
|
2019-12-11 08:34:35 +00:00
|
|
|
|
systemd.services.systemd-importd.environment = proxy_env;
|
2020-12-01 23:54:35 +00:00
|
|
|
|
systemd.services.systemd-pstore.wantedBy = [ "sysinit.target" ]; # see #81138
|
2014-07-11 21:33:40 +00:00
|
|
|
|
|
2015-05-11 13:48:45 +00:00
|
|
|
|
# Don't bother with certain units in containers.
|
|
|
|
|
systemd.services.systemd-remount-fs.unitConfig.ConditionVirtualization = "!container";
|
|
|
|
|
systemd.services.systemd-random-seed.unitConfig.ConditionVirtualization = "!container";
|
2019-10-07 18:24:29 +00:00
|
|
|
|
|
2021-04-03 08:11:52 +00:00
|
|
|
|
# Increase numeric PID range (set directly instead of copying a one-line file from systemd)
|
|
|
|
|
# https://github.com/systemd/systemd/pull/12226
|
|
|
|
|
boot.kernel.sysctl."kernel.pid_max" = mkIf pkgs.stdenv.is64bit (lib.mkDefault 4194304);
|
|
|
|
|
|
2020-11-17 20:54:26 +00:00
|
|
|
|
boot.kernelParams = optional (!cfg.enableUnifiedCgroupHierarchy) "systemd.unified_cgroup_hierarchy=0";
|
2022-02-11 08:09:52 +00:00
|
|
|
|
|
|
|
|
|
services.logrotate.paths = {
|
|
|
|
|
"/var/log/btmp" = mapAttrs (_: mkDefault) {
|
|
|
|
|
frequency = "monthly";
|
|
|
|
|
keep = 1;
|
|
|
|
|
extraConfig = ''
|
|
|
|
|
create 0660 root ${config.users.groups.utmp.name}
|
2022-02-26 22:04:18 +00:00
|
|
|
|
minsize 1M
|
2022-02-11 08:09:52 +00:00
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
"/var/log/wtmp" = mapAttrs (_: mkDefault) {
|
|
|
|
|
frequency = "monthly";
|
|
|
|
|
keep = 1;
|
|
|
|
|
extraConfig = ''
|
|
|
|
|
create 0664 root ${config.users.groups.utmp.name}
|
2022-02-26 22:04:18 +00:00
|
|
|
|
minsize 1M
|
2022-02-11 08:09:52 +00:00
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
};
|
2015-04-19 19:05:12 +00:00
|
|
|
|
};
|
2014-11-19 21:11:30 +00:00
|
|
|
|
|
2015-10-14 16:05:50 +00:00
|
|
|
|
# FIXME: Remove these eventually.
|
|
|
|
|
imports =
|
|
|
|
|
[ (mkRenamedOptionModule [ "boot" "systemd" "sockets" ] [ "systemd" "sockets" ])
|
|
|
|
|
(mkRenamedOptionModule [ "boot" "systemd" "targets" ] [ "systemd" "targets" ])
|
|
|
|
|
(mkRenamedOptionModule [ "boot" "systemd" "services" ] [ "systemd" "services" ])
|
2019-12-10 01:51:19 +00:00
|
|
|
|
(mkRenamedOptionModule [ "jobs" ] [ "systemd" "services" ])
|
|
|
|
|
(mkRemovedOptionModule [ "systemd" "generator-packages" ] "Use systemd.packages instead.")
|
2015-10-14 16:05:50 +00:00
|
|
|
|
];
|
2012-06-02 00:15:07 +00:00
|
|
|
|
}
|