nixos/filesystems: make supportedFilesystems an attrset

this lets us *dis*able filesystem explicitly, as is required by e.g. the
zfs-less installer images. currently that specifically is only easily
possible by adding an overlay that stubs out `zfs`, with the obvious
side-effect of also removing tooling that could run without the kernel
module loaded.
This commit is contained in:
pennae 2024-02-18 23:35:17 +01:00
parent 13e47eaa46
commit 258b935d70
29 changed files with 73 additions and 72 deletions

View File

@ -105,6 +105,8 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
- `nitter` requires a `guest_accounts.jsonl` to be provided as a path or loaded into the default location at `/var/lib/nitter/guest_accounts.jsonl`. See [Guest Account Branch Deployment](https://github.com/zedeus/nitter/wiki/Guest-Account-Branch-Deployment) for details.
- `boot.supportedFilesystems` and `boot.initrd.supportedFilesystems` are now attribute sets instead of lists. Assignment from lists as done previously is still supported, but checking whether a filesystem is enabled must now by done using `supportedFilesystems.fs or false` instead of using `lib.elem "fs" supportedFilesystems` as was done previously.
- `services.aria2.rpcSecret` has been replaced with `services.aria2.rpcSecretFile`.
This was done so that secrets aren't stored in the world-readable nix store.
To migrate, you will have create a file with the same exact string, and change

View File

@ -1,15 +1,7 @@
{ pkgs, ... }:
{ lib, ... }:
{
imports = [ ./installation-cd-minimal-new-kernel.nix ];
# Makes `availableOn` fail for zfs, see <nixos/modules/profiles/base.nix>.
# This is a workaround since we cannot remove the `"zfs"` string from `supportedFilesystems`.
# The proper fix would be to make `supportedFilesystems` an attrset with true/false which we
# could then `lib.mkForce false`
nixpkgs.overlays = [(final: super: {
zfs = super.zfs.overrideAttrs(_: {
meta.platforms = [];
});
})];
boot.supportedFilesystems.zfs = lib.mkForce false;
}

View File

@ -1,15 +1,7 @@
{ pkgs, ... }:
{ lib, ... }:
{
imports = [ ./sd-image-aarch64-new-kernel-installer.nix ];
# Makes `availableOn` fail for zfs, see <nixos/modules/profiles/base.nix>.
# This is a workaround since we cannot remove the `"zfs"` string from `supportedFilesystems`.
# The proper fix would be to make `supportedFilesystems` an attrset with true/false which we
# could then `lib.mkForce false`
nixpkgs.overlays = [(final: super: {
zfs = super.zfs.overrideAttrs(_: {
meta.platforms = [];
});
})];
boot.supportedFilesystems.zfs = lib.mkForce false;
}

View File

@ -3,7 +3,7 @@
# the modules necessary to mount the root file system, then calls the
# init in the root file system to start the second boot stage.
{ config, lib, utils, pkgs, ... }:
{ config, options, lib, utils, pkgs, ... }:
with lib;
@ -636,10 +636,8 @@ in
};
boot.initrd.supportedFilesystems = mkOption {
default = [ ];
example = [ "btrfs" ];
type = types.listOf types.str;
description = lib.mdDoc "Names of supported filesystem types in the initial ramdisk.";
default = { };
inherit (options.boot.supportedFilesystems) example type description;
};
boot.initrd.verbose = mkOption {

View File

@ -246,10 +246,23 @@ in
};
boot.supportedFilesystems = mkOption {
default = [ ];
example = [ "btrfs" ];
type = types.listOf types.str;
description = lib.mdDoc "Names of supported filesystem types.";
default = { };
example = lib.literalExpression ''
{
btrfs = true;
zfs = lib.mkForce false;
}
'';
type = types.coercedTo
(types.listOf types.str)
(enabled: lib.listToAttrs (map (fs: lib.nameValuePair fs true) enabled))
(types.attrsOf types.bool);
description = lib.mdDoc ''
Names of supported filesystem types, or an attribute set of file system types
and their state. The set form may be used together with `lib.mkForce` to
explicitly disable support for specific filesystems, e.g. to disable ZFS
with an unsupported kernel.
'';
};
boot.specialFileSystems = mkOption {

View File

@ -4,12 +4,12 @@ with lib;
let
inInitrd = any (fs: fs == "apfs") config.boot.initrd.supportedFilesystems;
inInitrd = config.boot.initrd.supportedFilesystems.apfs or false;
in
{
config = mkIf (any (fs: fs == "apfs") config.boot.supportedFilesystems) {
config = mkIf (config.boot.supportedFilesystems.apfs or false) {
system.fsPackages = [ pkgs.apfsprogs ];

View File

@ -118,7 +118,7 @@ let
in
{
config = lib.mkIf (lib.elem "bcachefs" config.boot.supportedFilesystems) (lib.mkMerge [
config = lib.mkIf (config.boot.supportedFilesystems.bcachefs or false) (lib.mkMerge [
{
inherit assertions;
# needed for systemd-remount-fs
@ -133,7 +133,7 @@ in
};
}
(lib.mkIf ((lib.elem "bcachefs" config.boot.initrd.supportedFilesystems) || (bootFs != {})) {
(lib.mkIf ((config.boot.initrd.supportedFilesystems.bcachefs or false) || (bootFs != {})) {
inherit assertions;
# chacha20 and poly1305 are required only for decryption attempts
boot.initrd.availableKernelModules = [ "bcachefs" "sha256" "chacha20" "poly1305" ];

View File

@ -4,8 +4,8 @@ with lib;
let
inInitrd = any (fs: fs == "btrfs") config.boot.initrd.supportedFilesystems;
inSystem = any (fs: fs == "btrfs") config.boot.supportedFilesystems;
inInitrd = config.boot.initrd.supportedFilesystems.btrfs or false;
inSystem = config.boot.supportedFilesystems.btrfs or false;
cfgScrub = config.services.btrfs.autoScrub;

View File

@ -4,14 +4,14 @@ with lib;
let
inInitrd = any (fs: fs == "cifs") config.boot.initrd.supportedFilesystems;
inInitrd = config.boot.initrd.supportedFilesystems.cifs or false;
in
{
config = {
system.fsPackages = mkIf (any (fs: fs == "cifs") config.boot.supportedFilesystems) [ pkgs.cifs-utils ];
system.fsPackages = mkIf (config.boot.supportedFilesystems.cifs or false) [ pkgs.cifs-utils ];
boot.initrd.availableKernelModules = mkIf inInitrd
[ "cifs" "nls_utf8" "hmac" "md4" "ecb" "des_generic" "sha256" ];

View File

@ -4,7 +4,7 @@
with lib;
{
config = mkIf (any (fs: fs == "ecryptfs") config.boot.supportedFilesystems) {
config = mkIf (config.boot.supportedFilesystems.ecryptfs or false) {
system.fsPackages = [ pkgs.ecryptfs ];
security.wrappers = {
"mount.ecryptfs_private" =

View File

@ -2,8 +2,8 @@
let
inInitrd = lib.any (fs: fs == "erofs") config.boot.initrd.supportedFilesystems;
inSystem = lib.any (fs: fs == "erofs") config.boot.supportedFilesystems;
inInitrd = config.boot.initrd.supportedFilesystems.erofs or false;
inSystem = config.boot.supportedFilesystems.erofs or false;
in

View File

@ -3,7 +3,7 @@
with lib;
{
config = mkIf (any (fs: fs == "exfat") config.boot.supportedFilesystems) {
config = mkIf (config.boot.supportedFilesystems.exfat or false) {
system.fsPackages = if config.boot.kernelPackages.kernelOlder "5.7" then [
pkgs.exfat # FUSE
] else [

View File

@ -2,8 +2,10 @@
let
inInitrd = lib.any (fs: fs == "ext2" || fs == "ext3" || fs == "ext4") config.boot.initrd.supportedFilesystems;
inSystem = lib.any (fs: fs == "ext2" || fs == "ext3" || fs == "ext4") config.boot.supportedFilesystems;
hasExtX = s: s.ext2 or s.ext3 or s.ext4 or false;
inInitrd = hasExtX config.boot.initrd.supportedFilesystems;
inSystem = hasExtX config.boot.supportedFilesystems;
in

View File

@ -3,11 +3,10 @@
with lib;
let
inInitrd = any (fs: fs == "f2fs") config.boot.initrd.supportedFilesystems;
fileSystems = filter (x: x.fsType == "f2fs") config.system.build.fileSystems;
inInitrd = config.boot.initrd.supportedFilesystems.f2fs or false;
in
{
config = mkIf (any (fs: fs == "f2fs") config.boot.supportedFilesystems) {
config = mkIf (config.boot.supportedFilesystems.f2fs or false) {
system.fsPackages = [ pkgs.f2fs-tools ];

View File

@ -3,7 +3,7 @@
with lib;
{
config = mkIf (any (fs: fs == "glusterfs") config.boot.supportedFilesystems) {
config = mkIf (config.boot.supportedFilesystems.glusterfs or false) {
system.fsPackages = [ pkgs.glusterfs ];

View File

@ -3,10 +3,10 @@
with lib;
let
inInitrd = any (fs: fs == "jfs") config.boot.initrd.supportedFilesystems;
inInitrd = config.boot.initrd.supportedFilesystems.jfs or false;
in
{
config = mkIf (any (fs: fs == "jfs") config.boot.supportedFilesystems) {
config = mkIf (config.boot.supportedFilesystems.jfs or false) {
system.fsPackages = [ pkgs.jfsutils ];

View File

@ -4,7 +4,7 @@ with lib;
let
inInitrd = any (fs: fs == "nfs") config.boot.initrd.supportedFilesystems;
inInitrd = config.boot.initrd.supportedFilesystems.nfs or false;
nfsStateDir = "/var/lib/nfs";
@ -58,7 +58,7 @@ in
###### implementation
config = mkIf (any (fs: fs == "nfs" || fs == "nfs4") config.boot.supportedFilesystems) {
config = mkIf (config.boot.supportedFilesystems.nfs or config.boot.supportedFilesystems.nfs4 or false) {
services.rpcbind.enable = true;

View File

@ -3,7 +3,7 @@
with lib;
{
config = mkIf (any (fs: fs == "ntfs" || fs == "ntfs-3g") config.boot.supportedFilesystems) {
config = mkIf (config.boot.supportedFilesystems.ntfs or config.boot.supportedFilesystems.ntfs-3g or false) {
system.fsPackages = [ pkgs.ntfs3g ];

View File

@ -4,12 +4,12 @@ with lib;
let
inInitrd = any (fs: fs == "reiserfs") config.boot.initrd.supportedFilesystems;
inInitrd = config.boot.initrd.supportedFilesystems.reiserfs or false;
in
{
config = mkIf (any (fs: fs == "reiserfs") config.boot.supportedFilesystems) {
config = mkIf (config.boot.supportedFilesystems.reiserfs or false) {
system.fsPackages = [ pkgs.reiserfsprogs ];

View File

@ -2,7 +2,7 @@
let
inInitrd = lib.any (fs: fs == "squashfs") config.boot.initrd.supportedFilesystems;
inInitrd = config.boot.initrd.supportedFilesystems.squashfs or false;
in

View File

@ -1,7 +1,11 @@
{ config, lib, pkgs, ... }:
{
config = lib.mkIf (lib.any (fs: fs == "sshfs" || fs == "fuse.sshfs") config.boot.supportedFilesystems) {
config = lib.mkIf
(config.boot.supportedFilesystems.sshfs
or config.boot.supportedFilesystems."fuse.sshfs"
or false)
{
system.fsPackages = [ pkgs.sshfs ];
};
}

View File

@ -3,7 +3,7 @@
{
config = lib.mkMerge [
(lib.mkIf (lib.any (fs: fs == "unionfs-fuse") config.boot.initrd.supportedFilesystems) {
(lib.mkIf (config.boot.initrd.supportedFilesystems.unionfs-fuse or false) {
boot.initrd.kernelModules = [ "fuse" ];
boot.initrd.extraUtilsCommands = lib.mkIf (!config.boot.initrd.systemd.enable) ''
@ -35,7 +35,7 @@
};
})
(lib.mkIf (lib.any (fs: fs == "unionfs-fuse") config.boot.supportedFilesystems) {
(lib.mkIf (config.boot.supportedFilesystems.unionfs-fuse or false) {
system.fsPackages = [ pkgs.unionfs-fuse ];
})

View File

@ -4,7 +4,7 @@ with lib;
let
inInitrd = any (fs: fs == "vboxsf") config.boot.initrd.supportedFilesystems;
inInitrd = config.boot.initrd.supportedFilesystems.vboxsf or false;
package = pkgs.runCommand "mount.vboxsf" { preferLocalBuild = true; } ''
mkdir -p $out/bin
@ -13,7 +13,7 @@ let
in
{
config = mkIf (any (fs: fs == "vboxsf") config.boot.supportedFilesystems) {
config = mkIf (config.boot.supportedFilesystems.vboxsf or false) {
system.fsPackages = [ package ];

View File

@ -4,12 +4,12 @@ with lib;
let
inInitrd = any (fs: fs == "vfat") config.boot.initrd.supportedFilesystems;
inInitrd = config.boot.initrd.supportedFilesystems.vfat or false;
in
{
config = mkIf (any (fs: fs == "vfat") config.boot.supportedFilesystems) {
config = mkIf (config.boot.supportedFilesystems.vfat or false) {
system.fsPackages = [ pkgs.dosfstools pkgs.mtools ];

View File

@ -4,12 +4,12 @@ with lib;
let
inInitrd = any (fs: fs == "xfs") config.boot.initrd.supportedFilesystems;
inInitrd = config.boot.initrd.supportedFilesystems.xfs or false;
in
{
config = mkIf (any (fs: fs == "xfs") config.boot.supportedFilesystems) {
config = mkIf (config.boot.supportedFilesystems.xfs or false) {
system.fsPackages = [ pkgs.xfsprogs.bin ];

View File

@ -20,8 +20,8 @@ let
clevisDatasets = map (e: e.device) (filter (e: e.device != null && (hasAttr e.device config.boot.initrd.clevis.devices) && e.fsType == "zfs" && (fsNeededForBoot e)) config.system.build.fileSystems);
inInitrd = any (fs: fs == "zfs") config.boot.initrd.supportedFilesystems;
inSystem = any (fs: fs == "zfs") config.boot.supportedFilesystems;
inInitrd = config.boot.initrd.supportedFilesystems.zfs or false;
inSystem = config.boot.supportedFilesystems.zfs or false;
autosnapPkg = pkgs.zfstools.override {
zfs = cfgZfs.package;

View File

@ -6,7 +6,7 @@ let
crioPackage = pkgs.cri-o.override {
extraPackages = cfg.extraPackages
++ lib.optional (builtins.elem "zfs" config.boot.supportedFilesystems) config.boot.zfs.package;
++ lib.optional (config.boot.supportedFilesystems.zfs or false) config.boot.zfs.package;
};
format = pkgs.formats.toml { };

View File

@ -9,7 +9,7 @@ let
extraPackages = cfg.extraPackages
# setuid shadow
++ [ "/run/wrappers" ]
++ lib.optional (builtins.elem "zfs" config.boot.supportedFilesystems) config.boot.zfs.package;
++ lib.optional (config.boot.supportedFilesystems.zfs or false) config.boot.zfs.package;
});
# Provides a fake "docker" binary mapping to podman

View File

@ -526,8 +526,7 @@ let
curl
]
++ optionals (bootLoader == "grub") (let
zfsSupport = lib.any (x: x == "zfs")
(extraInstallerConfig.boot.supportedFilesystems or []);
zfsSupport = extraInstallerConfig.boot.supportedFilesystems.zfs or false;
in [
(pkgs.grub2.override { inherit zfsSupport; })
(pkgs.grub2_efi.override { inherit zfsSupport; })