Commit Graph

676 Commits

Author SHA1 Message Date
Linus Heckemann
98bd722d1d systemd-boot: allow setting editor security option (#21853) 2017-01-21 14:24:26 +01:00
Franz Pletz
e4fb2bb0c5
Revert "nixos/stage2: Check for each special mount individually and mount missing ones. (#21370)"
This reverts commit 712e62c260.

This commit broke NixOS containers. Systemd wouldn't detect if a container
started successfully and would kill it again after a grace period.

Additionally this prints mount errors due to already mounted filesystems
at boot.
2017-01-10 17:35:38 +01:00
Sebastian Hagen
712e62c260 nixos/stage2: Check for each special mount individually and mount missing ones. (#21370) 2017-01-09 10:32:23 +01:00
Eelco Dolstra
b297af42d2
Fix using ephemeral disks for /tmp etc. in EC2 instances
This code in amazon-image.nix:

  if mountFS "$device" "$mp" "" auto; then
    if [ -z "$diskForUnionfs" ]; then diskForUnionfs="$mp"; fi
  fi

relies on mountFS to return a zero exit status if mounting
succeeds. But the lustrateRoot check in mountFS was causing a non-zero
exit status. As a result /disk0 would be mounted, but not used for
/tmp.

(cherry picked from commit d082ed8c35dec48aee2afd1303b3c8b2a1b242b0)
2017-01-03 17:32:42 +01:00
Markov Dmitry
efd5508b89 systemd: add slice support 2016-12-20 10:49:08 +01:00
Jörg Thalheim
579051fe66 networkd: add extraConfig to all units
networkd options are always correct or up to date. This option allows to by
pass type checking. It is also easier to write because examples can be just copy
and paste from manpages.
2016-12-17 15:23:34 +01:00
Jörg Thalheim
d49e0d5fa5 networkd: allow to supply own unit files
Networkd units can contain secrets. In future also wireguard vpn will be supported by
networkd. To avoid leakage of private keys, those could be then also put outside
of the /nix/store

Having a writeable /etc/systemd/network also allows to quick fix network issues,
when upgrading `nixos-rebuild switch` would require network on its own (due
updates).
2016-12-17 15:23:34 +01:00
Bjørn Forsman
3af715af90 Revert "fix 2 xml errors in the description of boot.loader.grub.efiInstallAsRemovable"
This reverts commit 656cc3acaf because it
causes building the manual to fail:

  $ nixos-rebuild build
  ...
  building path(s) ‘/nix/store/s9y5z78z5pssvmixcmv9ix13gs8xj87f-manual-olinkdb’
  Writing /nix/store/s9y5z78z5pssvmixcmv9ix13gs8xj87f-manual-olinkdb/manual.db for book(book-nixos-manual)
  ./man-pages.xml:625: element para: Relax-NG validity error : Did not expect element para there
  ./man-pages.xml:3: element variablelist: Relax-NG validity error : Element refsection has extra content: variablelist
  ./man-pages.xml:29: element refsection: Relax-NG validity error : Element refentry has extra content: refsection
  ./man-pages.xml:3: element reference: Relax-NG validity error : Element reference failed to validate content
  ./man-pages.xml fails to validate

CC @cleverca22, @Mic92
2016-12-17 11:45:31 +01:00
Jörg Thalheim
1590461887 ntp: make timesyncd the new default
- most nixos user only require time synchronisation,
  while ntpd implements a battery-included ntp server (1,215 LOCs of C-Code vs 64,302)
- timesyncd support ntp server per interface (if configured through dhcp for instance)
- timesyncd is already included in the systemd package, switching to it would
  save a little disk space (1,5M)
2016-12-17 00:00:45 +01:00
michael bishop
656cc3acaf fix 2 xml errors in the description of boot.loader.grub.efiInstallAsRemovable 2016-12-16 20:39:40 +01:00
michael bishop
e5cefadef7 fix indentation in several nixos option descriptions 2016-12-16 18:29:25 +01:00
Joachim Fasting
f9f354faad
nixos/modules: use defaultText where applicable
Primarily to fix rendering of these default values in the manual but
it's also nice to avoid having to eval these things just to build the
manual.
2016-11-21 16:35:15 +01:00
Jörg Thalheim
cb8af0ca51 Merge pull request #19379 from nixy/master
grub bootloader: add forceInstall option
2016-11-21 15:15:45 +01:00
Jörg Thalheim
c54d2860dc Merge pull request #20469 from Mic92/initrd-ssh
initrd-ssh: fix authorized_key generation with multiple keys
2016-11-18 23:16:44 +01:00
Jörg Thalheim
7ad01f5f0c initrd-ssh: fix authorized_key generation with multiple keys
multiple entries should be separated by newline
2016-11-16 14:47:37 +00:00
Eric Sagnes
4a600b0437 raspberrypi module: use enum 2016-11-16 22:37:36 +09:00
Eric Sagnes
80b854739c grub module: use enum 2016-11-04 13:05:13 +09:00
Andrew R. M
a31bf8961a grub bootloader: add forceInstall option
Using the --force option on GRUB isn't recommended, but there are very
specific instances where it makes sense. One example is installing on a
partitionless disk.
2016-11-03 05:50:42 -04:00
aszlig
3d4b6257d6
nixos/stage1: Fix local keyword outside function
Thanks to @NeQuissimus in a5c1985fef for
updating busybox, which since version 1.25 doesn't allow local variables
outside of functions anymore (which is the desired behaviour).

See the following upstream commit of busybox which is the change that
let's this problem surface:

https://git.busybox.net/busybox/commit/?id=ef2386b80abfb22ccb697ddbdd4047aacc395c50

So this has been an error I've made on my end in
67223ee205, because I originally had a
function for killing the processes but desired to inline it because it's
only used in one place.

This fixes the boot-stage1 NixOS test.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-10-28 22:50:44 +02:00
Eelco Dolstra
e6088f77be initrd: Include i8042 kernel module
For some reason, between Linux 4.4.19 and 4.4.20, the atkbd and libps2
kernel modules lost their dependency on i8042 in modules.dep, causing
i8042 not to be included in the initrd. This breaks keyboard in the
initrd, in turn breaking LUKS.

This only happens on the 16.03 branch; on 16.09, it appears i8042 is
pulled into the initrd anyway (through some other dependency,
presumably). But let's include it explicitly.

http://hydra.nixos.org/build/40468431
2016-10-21 14:27:11 +02:00
Tim Steinbach
99d9d32899 Merge pull request #19668 from groxxda/timers
systemd.timers: automatically convert string to list
2016-10-20 17:37:28 -04:00
Eric Sagnes
87318e9820 nspawn module: optionSet -> submodule 2016-10-21 01:31:54 +09:00
Alexander Ried
8bb4fc1039 systemd.timers: filter timers with empty startAt 2016-10-19 02:22:12 +02:00
Alexander Ried
c9941c4b5e systemd.timers.startOn: automatically convert string to list 2016-10-19 02:22:12 +02:00
Charles Strahan
da36847d92
nixos: make it easy to apply kernel patches
This makes it easy to specify kernel patches:

    boot.kernelPatches = [ pkgs.kernelPatches.ubuntu_fan_4_4 ];

To make the `boot.kernelPatches` option possible, this also makes it
easy to extend and/or modify the kernel packages within a linuxPackages
set. For example:

    pkgs.linuxPackages.extend (self: super: {
      kernel = super.kernel.override {
        kernelPatches = super.kernel.kernelPatches ++ [
          pkgs.kernelPatches.ubuntu_fan_4_4
        ];
      };
    });

Closes #15095
2016-10-11 19:59:00 -04:00
Nathan Bijnens
4ed85933db Fix #19382 set ownership of /var/empty to root:root 2016-10-09 12:01:47 +02:00
Alexander Ried
ce7739a4dd systemd.nspawn: add definition (#18320)
this adds the option to manage systemd.nspawn files via
config.systemd.nspawn. The files are placed in "/etc/systemd/nspawn".
2016-10-08 16:10:56 +02:00
Thomas Tuegel
d067b7bd35
Merge branch 'kde-5' into staging 2016-10-04 21:50:17 -05:00
Jörg Thalheim
e5c6f35a49 Merge pull request #19069 from peterhoeg/targets
systemd: add user target support
2016-10-03 23:10:18 +02:00
Jörg Thalheim
888f6a1280 Merge pull request #19199 from wizeman/u/fix-help2man-hash
help2man: fix hash
2016-10-03 19:26:44 +02:00
Jörg Thalheim
08cb89ae19 Merge pull request #19102 from Mic92/systemd-boot
systemd-boot: port builder to python3
2016-10-03 10:47:18 +02:00
Eric Sagnes
24aacc3b43 networkd module: fix submodule options declaration 2016-10-03 13:02:42 +09:00
Joachim F
0906a0f197 Merge pull request #18491 from groxxda/network-interfaces
Replace Network-interfaces.target
2016-10-02 16:34:37 +02:00
Tuomas Tynkkynen
19225bf5cc Merge remote-tracking branch 'upstream/master' into staging 2016-10-02 10:36:47 +03:00
Joachim F
7e80c42b0e Merge pull request #18511 from ericsagnes/feat/remove-optionSet
modules: optionSet -> submodule
2016-10-01 17:57:45 +02:00
Nikolay Amiantov
d37458ad06 switch-to-configuration: fix restart of socket activated services
This fixes two bugs:

* When socket activation is detected, the service itself is added to stop-start list instead of its sockets.
* When service is marked to restart instead of stop (`StopIfChanged = no`) we don't need to restart sockets.
2016-09-30 17:49:31 +03:00
Nikolay Amiantov
ff0b8b2225 systemd-journald service: restart instead of stop and start
Also restart when configuration is changed.
2016-09-30 17:49:30 +03:00
Jörg Thalheim
8bb4551273
systemd-boot: inline add_entry function 2016-09-30 13:56:19 +02:00
Jörg Thalheim
4e0423467a
systemd-boot: port builder to python3
see #18185
2016-09-30 13:28:42 +02:00
Eelco Dolstra
97bfc2fac9 runCommand: Use stdenvNoCC
This ensures that most "trivial" derivations used to build NixOS
configurations no longer depend on GCC. For commands that do invoke
gcc, there is runCommandCC.
2016-09-29 13:06:43 +02:00
Eelco Dolstra
0cb16a6955 Add stdenvNoCC
This is a standard environment that doesn't contain a C/C++
compiler. This is mostly to prevent trivial builders like runCommand
and substituteAll from pulling in gcc for simple configuration changes
on NixOS.
2016-09-29 13:06:41 +02:00
Eelco Dolstra
75a1ec8a65 NixOS: Use runCommand instead of mkDerivation in a few places 2016-09-29 13:05:28 +02:00
Peter Hoeg
1049fd49ed systemd: add user target support
This allows us to define system user targets in addition to the existing
services, timers and sockets.

Furthermore, we add a top-level configuration keyword:

 - Documentation
2016-09-29 17:02:10 +08:00
aszlig
cb2f84e4d7
nixos/activation: Rename "tmpfs" to "specialfs"
Using "tmpfs" as a script part for system.activationScripts is a bit
misleading since 6efcfe03ae.

We no longer solely mount tmpfs within this script, so using "specialfs"
fits more nicely in terms of naming.

Tested against the "simple" NixOS installer test.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-09-26 02:04:54 +02:00
aszlig
f94ea04805
nixos/activation: Avoid remounting non-existing FS
Regression introduced by 79d4636d50.

The mentioned commit moves /run/keys from stage 2 to
boot.specialFileSystems, the latter being remounted during system
activation.

Unfortunately, the specialMount function in the activation script does
this unconditionally and thus will fail if it can't be remounted because
the mount point simply doesn't exist.

We now check the mount point for existance and only remount if it exists
but mkdir + mount it if it doesn't.

Tested against the "simple" NixOS installer test.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-09-26 02:04:54 +02:00
jokogr
b12debc076 grub: Do not check for duplicated devices in mirroredBoots on UEFI (#18625)
When Grub is to be used with UEFI, it is not going to write to any MBR
of any disk. As such, it is safe to use multiple "nodev" device entries
when mirroring the ESP partition to multiple disks.

E.g.:

```
boot.loader.grub = {
  enable = true;
  version = 2;
  zfsSupport = true;
  efiSupport = true;
  mirroredBoots = [
    { devices = [ "nodev" ]; path = "/boot1"; efiSysMountPoint = "/boot1"; }
    { devices = [ "nodev" ]; path = "/boot2"; efiSysMountPoint = "/boot2"; }
    { devices = [ "nodev" ]; path = "/boot3"; efiSysMountPoint = "/boot3"; }
  ];
};

boot.loader.efi.canTouchEfiVariables = true;
```

Fixes #18584
2016-09-25 07:37:18 +02:00
Nikolay Amiantov
a63ca1bf3d stage-1 module: remove check that swap device has a label
All swap device option sets "have" a label, it's just that sometimes it's
undefined. Because we set a `device` attribute when we have a label anyway it's
ok to just check device prefix.

Fixes #18891.
2016-09-24 13:06:27 +03:00
Nikolay Amiantov
f42e0dc9fd Merge pull request #18691 from abbradar/keys-fs
stage-2 init: move /run/keys mount to boot.specialFileSystems
2016-09-24 13:34:28 +04:00
Domen Kožar
80437576f9 /var/empty: silently ignore errors (if on tmpfs) #18781 2016-09-21 10:29:14 +02:00
Nikolay Amiantov
00f444d0c1 initrd-ssh service: check that authorized keys are added 2016-09-20 12:16:10 +03:00