Commit Graph

579 Commits

Author SHA1 Message Date
Luflosi
1d65c7279c
nixos-generate-config: update microcode only on bare metal
Guest operating systems inside VMs or containers can't update the host CPU's microcode for obvious security reasons, so setting the `hardware.cpu.*.updateMicrocode` options is pointless.
2023-03-13 20:15:13 +01:00
Valentin Gagarin
4e0525a8cd configuration.nix: suggest a command line program
adding two graphical programs makes a strong assmuption that users will
use a graphical environment.

add a command line program as an alternative suggestion that is easy to
comment in as a first-steps measure.
2023-02-28 17:16:03 +01:00
Eelco Dolstra
056b679c35 nix-fallback-paths.nix: Update to 2.13.3 2023-02-27 10:40:18 -08:00
Jason Yundt
b1bb9bb6c8 treewide: fix backwards smart apostrophes
According to the Unicode Standard, you should use U+2019 RIGHT SINGLE
QUOTATION MARK for apostrophes [1]. Before this change, some of the text
in this repo would use U+2018 LEFT SINGLE QUOTATION MARKs instead.

[1]: https://www.unicode.org/versions/Unicode15.0.0/ch06.pdf#G12411
2023-02-06 07:24:42 -05:00
zowoq
b93752ceb0 nixos/nix-fallback-paths: 2.12.0 -> 2.13.2 2023-01-26 22:54:25 +10:00
zowoq
e75ac30903 Revert "nixos/nix-fallback-paths: 2.12.0 -> 2.13.1"
This reverts commit 37a44ff3a0.
2023-01-22 09:48:21 +10:00
zowoq
37a44ff3a0 nixos/nix-fallback-paths: 2.12.0 -> 2.13.1 2023-01-21 06:44:18 +10:00
rnhmjoj
2bc5625877
nixos-install: remove root requirement for bind mount
This moves the creation of the bind mount inside the `nixos-enter`
invocation. The command are executed in an unshared mount namespace, so
they can be run as an unprivileged user.
2023-01-19 20:50:17 +01:00
Naïm Favier
cd4f1a1df5
nixos-install: only mount if root 2023-01-17 11:39:34 +01:00
Michele Guerini Rocco
594b94b4c3
Merge pull request #210812 from rnhmjoj/pr-initrd-secrets
boot.initrd.secrets fixes
2023-01-17 00:48:58 +01:00
Jeff Huffman
96ec8c7623 nixos/documentation.man.mandb: Add skipPackages option, and include nixos-version
prevents unnecessary recreation of man caches

Fixes #209835
2023-01-16 22:24:02 +01:00
rnhmjoj
9fc47e6db3
nixos-install: fix missing initrd.secrets paths
When installing NixOS in the target filesystem /mnt, paths relative to
configuration.nix in `initrd.secrets` are turned by Nix into absolute
paths that reference /mnt. While building the system derivation works,
installing the bootloader fails because the latter process takes place
inside the chroot environment where /mnt does not exist.

Ideally, we would also build the system within chroot, but this greatly
complicates the matter as it requires  manually copying over Nix, its
runtime dependencies and all channels. Possibly, this would also break
several assumptions users have about how nixos-install works.

A simpler and safer (but less neat) solution is to temporarily bind
mount all mount points in /mnt under /mnt/mnt to keep the paths
functional while the bootloader is being installed.
This is essentially the workaround described in issue #73404.
2023-01-16 02:31:01 +01:00
Naïm Favier
7e1cf49870
Merge pull request #161237 from miallo/nixos-version-configuration-revision 2023-01-12 12:31:54 +01:00
Michael Lohmann
3b5456608a nixos-version: print error for missing revision to stderr 2023-01-03 20:40:35 +01:00
Michael Lohmann
c09f6c3db0 nixos-version: output configurationRevision
`nixos-version --configuration-revision` will show the
configurationRevision.
2023-01-03 20:40:35 +01:00
Naïm Favier
a5b7b6e47a
nixos/nixos-enter: hide systemd-tmpfiles errors
Due to missing `/etc/machine-id` in the new root, systemd-tmpfiles
outputs a bunch of scary warnings like "Failed to replace specifiers in
'/run/log/journal/%m'". We only care about /tmp, so hide them.

`-E` is an alias for `--exclude-prefix=/dev --exclude-prefix=/proc
--exclude-prefix=/run --exclude-prefix=/sys`.
2023-01-01 17:18:20 +01:00
Naïm Favier
6a166a5ab1
Merge pull request #199425 from Mikilio/master 2023-01-01 11:15:03 +01:00
K900
2d3cf010fe
Revert "treewide: use nativeBuildInputs with runCommand instead of inlining" 2022-12-26 21:05:35 +03:00
Sandro Jäckel
26f704b545
treewide: use nativeBuildInputs with runCommand instead of inlining 2022-12-18 23:36:40 +01:00
zowoq
1ec69621ef nixos/nix-fallback-paths: 2.11.1 -> 2.12.0 2022-12-07 04:42:28 +10:00
zowoq
34386263f7 nixos/nix-fallback-paths: 2.11.0 -> 2.11.1 2022-12-01 12:32:15 +10:00
Mikilio
b6c367162c nixos/nixos-enter: add full path for systemd-tmpfiles 2022-11-24 18:15:08 +01:00
Maximilian Bosch
3df3bbdc50
nixos/nixos-build-vms: fix eval
Within #193485 (and the previous changes) the internal structure of the
testing driver was changed. Since then, `makeTest` returns the
attributes for the VM test(s) (including `driverInteractive`) inside a
sub-attribute called `test`, so without this change running
`nixos-build-vms` would fail like this:

    error: attribute 'driverInteractive' missing
2022-10-01 20:34:01 +02:00
Robert Hensing
38fb09e427 testing-python.nix: Replace makeTest implementation 2022-09-24 17:38:08 +01:00
Eelco Dolstra
9fc7a29da5
nix-fallback-paths.nix: Update to 2.11.0 2022-08-29 08:24:17 +02:00
olaf
5a6853b3bf use consistently user alice for examples 2022-08-05 13:13:24 +02:00
pennae
a16b25432e
Merge pull request #182685 from pennae/invariant-option-conversions
treewide: invariant option conversions to MD
2022-07-27 15:39:47 +02:00
pennae
4ba72f8615 nixos/installer: invariant option docs MD conversions 2022-07-24 13:01:18 +02:00
Maximilian Bosch
200ce70e63
Merge pull request #180603 from m-bdf/substitute-nix-instantiate
nixos-generate-config: substitute nix-instantiate
2022-07-22 14:22:52 +02:00
Bernardo Meurer
ea8a1ac198 nix-fallback-paths: 2.10.2 -> 2.10.3 2022-07-15 12:00:56 -07:00
Nick Cao
c543c996a9
nix-fallback-paths.nix: Update to 2.10.2 2022-07-14 23:53:44 +08:00
Maëlys Bras de fer
b2224764ee
nixos-generate-config: substitute nix-instantiate 2022-07-07 18:42:44 +02:00
Kirill A. Korinsky
08ddd8a5fc
nixos-generate-config: detect parallels virtualization 2022-06-29 16:01:08 +02:00
Profpatsch
0e444785a1 installer/tools/get-version-suffix: set --git-dir
The `nixos-rebuild` tool calls `get-version-suffix` to figure out the
git revision of the nixpkgs directory if there is a .git.

https://nvd.nist.gov/vuln/detail/CVE-2022-24765 made git throw an
error if the .git search logic is not turned off and a user
tries to access a `.git` directory they don’t own (otherwise a
different user could trick them into setting arbitrary git config).

So from now on we should always explicitely set `--git-dir`, which
turns this search logic (and thus the security check) off.
2022-06-27 14:28:03 +02:00
Robert Hensing
82da0794c2 nixos-generate-config: Make robust against missing newline
The substr solution assumed a newline to be present.
The new solution will not remove the newline if it goes missing in the future.

Apparently this is idiomatic perl.

Thanks pennae for the suggestion!
2022-06-21 14:37:16 +02:00
Robert Hensing
fc0971f436 nixos-generate-config: nixpkgs.system -> nixpkgs.hostPlatform 2022-06-21 14:22:36 +02:00
Robert Hensing
a234fb2a5b nixos-generate-config: Add nixpkgs.system to hardware-config.nix 2022-06-21 14:21:17 +02:00
Eelco Dolstra
0e51dce778 nix-fallback-paths.nix: Update to 2.9.1 2022-06-09 09:00:27 +10:00
Eelco Dolstra
5ce31ec2fd
nix-fallback-paths.nix: Update to 2.8.1 2022-05-14 15:19:14 +02:00
Janne Heß
e6fb1e63d1
Merge pull request #171650 from helsinki-systems/feat/config-systemd-package
treewide: pkgs.systemd -> config.systemd.package
2022-05-09 10:23:04 +02:00
ajs124
e4a1b1aacd
Merge pull request #171588 from mweinelt/tools-userpkgs
nixos/tools: move firefox into user packages
2022-05-08 19:02:47 +01:00
Maximilian Bosch
f4e5bd8064
nixos/nixos-generate-config: update comment for useDHCP 2022-05-06 16:56:47 +02:00
Janne Heß
57cd07f3a9
treewide: pkgs.systemd -> config.systemd.package
This ensures there is only one systemd package when e.g. testing the
next systemd version.
2022-05-05 20:00:31 +02:00
Martin Weinelt
6051f8028d
nixos/tools: move firefox into user packages
Installing Firefox is a good example for a package that could be
installed as a user, since it is a graphical one.

Also use thunderbird as a second example.
2022-05-05 00:41:55 +02:00
Maximilian Bosch
8e42949a24
nixos/nixos-generate-config: use networking.useDHCP by default
Currently we're still using scripted networking by default. A problem
with scripted networking is that having `useDHCP` on potentially
non-existing interfaces (e.g. an ethernet interface for USB tethering)
can cause the boot to hang.

Closes #107908
2022-04-30 00:30:47 +02:00
Linus Heckemann
c85bc19cdf
Merge pull request #169303 from emccorson/fix/add-copy-system-config
nixos/tools: add copySystemConfiguration to configuration file template
2022-04-24 00:01:00 +02:00
Pol Dellaiera
b555b64346
nixVersions.stable: 2.7.0 -> 2.8.0 2022-04-21 19:43:40 +02:00
Eric Corson
0edfd89d6e nixos/tools: add copySystemConfiguration to configuration file template 2022-04-19 10:53:47 +01:00
Robert Hensing
ce5a33e62b
Merge pull request #164660 from ncfavier/tests-restrict-arguments
nixos/testing: restrict arguments to makeTest
2022-03-24 17:01:47 +01:00
Artturi
6134c2f891
Merge pull request #161034 from andr1an/fix/nixos-generate-config-absolute-root-path 2022-03-22 02:35:06 +02:00