Commit Graph

345 Commits

Author SHA1 Message Date
Eelco Dolstra
18e8724e64 Log the configuration when booting / switching 2013-02-18 15:39:47 +01:00
Shea Levy
59a4df3159 Add websockify service 2013-02-14 21:50:41 -05:00
Shea Levy
b669633d63 gummiboot-builder.py: Handle the case where there's no /etc/machine-id.
Bug hit by add^_ in IRC when installing from the livecd, as there's no /mnt/etc/machine-id
2013-02-12 10:47:52 -05:00
Shea Levy
36088abb39 gummiboot-builder: Only read /etc/machine-id once per invocation 2013-02-02 21:16:12 -05:00
Shea Levy
d57df55566 gummiboot-builder: When NIXOS_INSTALL_GRUB is set and efibootmgr is used, prepend the gummiboot entry to the boot entries list 2013-02-02 21:10:09 -05:00
Shea Levy
3f37031c4f Merge branch 'gummiboot' into upstream-master 2013-02-02 00:04:31 -05:00
Shea Levy
02e209b139 Add gummiboot module.
We should probably eventually get rid of the old direct boot stub approach.
2013-02-02 00:03:45 -05:00
Eelco Dolstra
88e4569147 systemd: Allow whitespace in environment values 2013-02-01 13:40:44 +01:00
Lluís Batlle i Rossell
2c27a41686 Fixing the init= in raspberrypi loader. 2013-01-29 20:08:38 +01:00
Lluís Batlle i Rossell
fe85f4be6c Adding an untested bootloader for raspberrypi 2013-01-28 20:58:46 +00:00
Lluís Batlle i Rossell
39ccd50896 Fixing the doublePatchelf in initrd; it should be for all ARM. 2013-01-27 20:42:45 +00:00
Shea Levy
28cf26d674 Remove unneeded /nix/rw-store creation when using readOnlyStore 2013-01-24 20:50:28 -05:00
Eelco Dolstra
7464d850d3 Start a getty on tty1 again 2013-01-24 14:55:55 +01:00
Eelco Dolstra
6580588230 Set $HOME in stage-2
http://hydra.nixos.org/build/3900294
2013-01-23 20:16:33 +01:00
Eelco Dolstra
37b56574e2 stage-1: Clear environment before calling stage-2
In particular, stage-1's LD_LIBRARY_PATH should not infect stage-2.
Reported by viric.
2013-01-23 11:51:58 +01:00
Eelco Dolstra
2b8cb59399 Fix the fix of the description of the memtest86 option 2013-01-22 19:25:14 +01:00
Eelco Dolstra
ca4f93d3ae stage-1: Don't create a log file in $out 2013-01-22 18:18:05 +01:00
Lluís Batlle i Rossell
64ffca1e06 Fixing the description of memtest86. It's not memtest86+.
Noticed by abogani@freenode
2013-01-22 16:32:51 +01:00
Eelco Dolstra
4068648563 Blacklist the cirrusfb kernel module 2013-01-22 13:30:45 +01:00
Shea Levy
82fb34f409 Upstart -> systemd 2013-01-21 18:14:09 -05:00
Eelco Dolstra
f2c2b7ace9 Don't start emergency mode on EC2 instances
EC2 instances don't have a console, so it's pointless to start
emergency mode if a mount fails.  (This happened to me with an
encrypted filesystem where the key wasn't sent on time using "charon
send-keys".)  Better to cross fingers and continue booting.
2013-01-21 21:01:48 +01:00
Eelco Dolstra
1aaa726e75 Merge remote-tracking branch 'origin/systemd' 2013-01-21 12:45:50 +01:00
Eelco Dolstra
4d983d4955 Rename ‘system.build.systemd’ to ‘systemd.package’
This makes it cheaper to test a new systemd and is more consistent
with other modules.
2013-01-16 13:17:57 +01:00
Eelco Dolstra
ae4e94d9ac Rename ‘boot.systemd’ to ‘systemd’
Suggested by Mathijs Kwik.  ‘boot.systemd’ is a misnomer because
systemd affects more than just booting.  And it saves some typing.
2013-01-16 12:33:18 +01:00
Evgeny Egorochkin
7e82b41220 LuksRoot: fix crypto module list. This one should finally work well. 2013-01-14 06:46:46 +02:00
Evgeny Egorochkin
6ecf2c3a28 LuksRoot: use generic aes module which loads platform-optimized modules automagically. 2013-01-14 05:12:20 +02:00
Evgeny Egorochkin
0f11519d45 LuksRoot: add more modules to load by default and let users add more or override the list. Added every module
mentioned by most popular guides, benchmarks and discussions to make things just work.
2013-01-13 12:44:16 +02:00
Evgeny Egorochkin
8c710b4f23 LuksRoot: mitigate DMA key recovery attacks by default. 2013-01-13 11:04:26 +02:00
Eelco Dolstra
c7b427fbca Give our kernel parameters a common prefix ("boot.*") 2013-01-09 22:53:44 +01:00
Eelco Dolstra
93a7a32bab initrd: Don't enable the root shell by default
Starting an authenticated root shell is a security hole, so don't do
it by default.  The kernel command line parameter
‘initrd.shell_on_fail’ restores the original.  (Of course, this only
improves security if you have a password on GRUB to prevent the kernel
command line from being edited by unauthorized users.)
2013-01-09 22:53:44 +01:00
Peter Simons
91bead9c18 modules/system/boot/loader/grub/memtest.nix: use 'memtest86plus' instead of 'memtest86'
The 'memtest86' package didn't work on any of my machines. 'memtest86plus', on
the other hand, seems to work just fine. Does anyone know why we keep the
seemingly older version around still?
2013-01-09 22:44:50 +01:00
Eelco Dolstra
ac53b25f16 Remove handling of "debug2" and "S|s|single" kernel command line options
The "S|s|single" option is handled by systemd (starting
rescue.target).  And the rescue target basically removes the need for
a special debug shell.  (Also, there is "systemd.crash_shell=1" for
starting a shell if systemd crashes.)
2013-01-08 18:31:46 +01:00
Eelco Dolstra
f4a3bdd6af Install {rescue,emergency}.{target,service}
Also, symlink kbrequest.target to rescue.target as suggested by the
systemd.special manpage.  This way, you can start a sulogin rescue
shell by pressing Alt+Up.
2013-01-08 18:24:06 +01:00
Eelco Dolstra
948dd8dd1a Use the upstream (but patched) sysinit.target 2013-01-08 17:26:51 +01:00
Eelco Dolstra
884f58fa8a Include libsystemd-daemon.so.* in the initrd since dmsetup needs it
Strangely, this is only case after updating systemd to 197, I didn't
change lvm2...
2013-01-08 15:35:21 +01:00
Eelco Dolstra
96ba0ca283 For some units, use "systemctl restart" rather than "systemctl stop/start"
During a configuration switch, changed units are stopped in the old
configuration, then started in the new configuration (i.e. after
running the activation script and running "systemctl daemon-reload").
This ensures that services are stopped using the ExecStop/ExecStopPost
commands from the old configuration.

However, for some services it's undesirable to stop them; in
particular dhcpcd, which deconfigures its network interfaces when it
stops.  This is dangerous when doing remote upgrades - usually things
go right (especially because the switch script ignores SIGHUP), but
not always (see 9aa69885f0).  Likewise,
sshd should be kept running for as long as possible to prevent a
lock-out if the switch fails.

So the new option ‘stopIfChanged = false’ causes "systemctl restart"
to be used instead of "systemctl stop" followed by "systemctl start".
This is only proper for services that don't have stop commands.  (And
it might not handle dependencies properly in some cases, but I'm not
sure.)
2013-01-05 01:05:25 +01:00
Mathijs Kwik
7e70cffc45 systemd mount units: better handling of mandatory options 2013-01-01 14:53:54 +01:00
Mathijs Kwik
ebf4816717 systemd mount units: use 'escapeSystemdPath' from lib/utils 2013-01-01 14:53:54 +01:00
Mathijs Kwik
a3ee9aac98 efi-boot-stub: enable hook for running (fixup) commands after efibootmgr run 2013-01-01 14:05:08 +01:00
Mathijs Kwik
16a9bcfe81 add support for systemd mount units
This is mainly useful for specifying mounts that depend on other
units. For example sshfs or davfs need network (and possibly
nameservices).

While systemd makes a distinction between local and remote
filesystems, this only works for in-kernel filesystems such as
nfs and cifs.

fuse-based filesystems (such as sshfs and davs) are classified as
local, so they fail without networking. By explicitly declaring these
mounts as full systemd units (as opposed to having systemd generate
them automatically from /etc/fstab), dependencies can be specified as
on every other unit.

In the future, we can probably port NixOS' filesystems handling to use
these native systemd.mount units and skip /etc/fstab altogether, but
this probably requires additional changes, such as starting systemd
even earlier during boot (stage 1).
2013-01-01 13:55:48 +01:00
Mathijs Kwik
244ed6ae71 nscd: use proper systemd.special(7) targets 2012-12-27 12:23:50 +01:00
Shea Levy
75ec5c609e Merge remote-tracking branch 'upstream/master' into systemd
Conflicts:
	maintainers/scripts/ec2/create-ebs-amis.py
2012-12-17 13:03:56 -05:00
Shea Levy
835ee30b32 Merge branch 'no-aufs' into systemd 2012-12-17 13:02:35 -05:00
Lluís Batlle i Rossell
358239348a making memtest grub entries work again
I'm not any good at perl, and I only came up with this after many
slow attempts. Any review welcome.

But until this, memtest was broken, and extraPrepareConfig as well, in grub.
2012-12-16 21:41:47 +01:00
Rob Vermaas
39a6143c66 Add options to control rate limiting behaviour of journald. See 'man journald.conf' for more information. 2012-12-16 20:28:45 +01:00
Shea Levy
dfca6b97f1 Remove last mention of aufs for completeness 2012-12-16 13:33:23 -05:00
Shea Levy
be4f69519b iso-image: Use unionfs-fuse instead of aufs 2012-12-16 11:31:52 -05:00
Eelco Dolstra
bd7ea9be58 sysinit.target: Drop the dependency on local-fs.target and swap.target
Having all services with DefaultDependencies=yes depend on
local-fs.target is annoying, because some of those services might be
necessary to mount local filesystems.  For instance, Charon's
send-keys feature requires sshd to be running in order to receive LUKS
encryption keys, which in turn requires dhcpcd, and so on.  So we drop
this dependency (and swap.target as well for consistency).  If
services require a specific mount, they should use RequiresMountsFor
in any case.
2012-12-14 17:42:54 +01:00
Eelco Dolstra
b1da38f564 Merge remote-tracking branch 'origin/master' into systemd 2012-11-30 16:12:04 +01:00
Eelco Dolstra
3c6e0fd594 Generate the binary hardware database required by systemd 196 2012-11-29 18:51:44 +01:00