Commit Graph

40 Commits

Author SHA1 Message Date
Lin Yinfeng
01543e789c
nixos/utils: support JSON secret files in genJqSecretsReplacementSnippet
genJqReplacementSnippet quotes the content of the secret file in the
output json file, which prevents structured secret, such as a list or
an object, from being used.

This commit adds a `quote = true|false` option to the `{ _secret =
"/path/to/secret"; }` attribute set. `quote = true` treats the
content of /path/to/secret as string, while `quote = false` treats
the content of /path/to/secret as a JSON document.

`quote = true` is the default, maintaining backward compatibility.
2024-07-07 19:22:10 +08:00
r-vdp
9258f57625
systemd: add a name option to all systemd units
This allows us to set things like dependencies in a way that we can
catch typos at eval time.
So instead of
```nix
systemd.services.foo.wants = [ "bar.service" ];
```
we can write
```nix
systemd.services.foo.wants = [ config.systemd.services.bar.name ];
```
which will throw an error if no such service has been defined.

Not all cases can be done like this (eg template services), but in a lot
of cases this will allow to avoid typos.

There is a matching option on the unit option
(`systemd.units."foo.service".name`) as well.
2024-04-15 11:32:45 +02:00
Philip Taron
546fc67242
Avoid top-level with ...; in nixos/lib/utils.nix 2024-03-27 22:04:17 -07:00
Martin Weinelt
a4b6e457b8
nixos/lib: Support derivations in escapeSystemdExecArg
They can be transformed into their outpath string, which is useful for
config generators.
2024-03-23 15:59:50 +01:00
Yureka
c94d63a527
nixos/utils: fix stack overflow in genJqReplacementSnippet (#284027)
When the input contains derivations, don't attempt to recurse into them
2024-01-30 11:00:08 +01:00
Reno Reckling
612035c45f
Fix broken genJqSecretsReplacementSnippet for jq 1.7 (#257932)
jq 1.7 updated it's behaviour and now throws an error
if the first argument is an empty string. It now needs
"." to pass the input through.
2023-09-30 14:00:13 +02:00
mutantmell
d51ebb6173 nixos/networkd: refactor
Reduces size of networkd module by moving unit file generation code into a util.
2023-07-01 17:17:51 -07:00
Artturin
05a2dfd674 lib.replaceChars: warn about being a deprecated alias
replaceStrings has been in nix since 2015(nix 1.10)

so it is safe to remove the fallback

d6d5885c15
2022-12-15 22:25:51 +02:00
Artturi
645b5a2f9f
Revert "nixos/lib: add /home to pathsNeededForBoot" 2022-12-03 15:16:42 +02:00
Lin Jian
0c70035f24
nixos/lib: add /home to pathsNeededForBoot
Before this patch, if we:

  1. add a new user in the config,
  2. mount /home seperately,
  3. not set neededForBoot for /home,
  4. and run `nixos-rebuild boot`,

the newly added user's home will not be created after a reboot. This
is because when nixos/modules/config/update-users-groups.pl is running
in stage 2 to setup users, /home is not mounted.

This patch fixes this issue.
2022-12-01 00:49:46 +08:00
Daniel Olsen
3251123a77 nixos/lib.escapeSystemdPath: Implement the correct algorithm for escaping names in systemd units
Co-authored-by: ajs124 <git@ajs124.de>
2022-10-20 20:12:15 +02:00
talyz
4df4d2a8ea genJqSecretsReplacementSnippet: Allow dots in attribute names...
...and escape quotation marks and backslashes.
2022-10-09 08:12:19 +02:00
Will Fancher
69d8047516 nixos: Fix up systemd shutdown ramfs 2022-04-28 14:12:14 -04:00
Sandro Jäckel
28539842d8
nixos/utils: move removePackagesByName to here from gnome 2022-04-11 15:42:49 +02:00
Will Fancher
52c98fc3e9 nixos: systemd: Split unit types into separate module 2022-03-21 10:25:27 -04:00
pennae
aa7b129708
Merge pull request #154113 from pennae/systemd-escaping
nixos: add functions and documentation for escaping systemd Exec* directives
2022-03-13 19:57:32 +00:00
pennae
40a35299fa nixos: add functions and documentation for escaping systemd Exec* directives
it's really easy to accidentally write the wrong systemd Exec* directive, ones
that works most of the time but fails when users include systemd metacharacters
in arguments that are interpolated into an Exec* directive. add a few functions
analogous to escapeShellArg{,s} and some documentation on how and when to use them.
2022-03-12 00:48:52 +01:00
talyz
b549e7bbb5
genJqSecretsReplacementSnippet: Fix error handling
With the previous change that enabled error propagation through
`inherit_errexit`, the script would fail if `errexit` was set, but
`inherit_errexit` was not. This is due to `shopt -p` exiting with an
error if the option is disabled. To work around this, use the exit
code instead of the text value returned by `shopt -p`.

Fixes #160869.
2022-02-23 12:48:51 +01:00
talyz
95069d76d3
genJqSecretsReplacementSnippet: Propagate secret file read errors
If an error occurs while trying to read a secret file, we want that
error to propagate to the main shell context. That means we have to
set the `inherit_errexit` option, which allows errors from subshells
to propagate to the outer shell. Also, the subshell cannot run as part
of another command, such as `export`, since that will simply ignore
the subshell exit status and only respect `export`s exit status; first
assigning the value to a variable and then exporting it solves issue.
2022-01-31 12:44:54 +01:00
Will Fancher
851495a752 Move systemd-lib.nix and systemd-unit-options.nix into utils 2021-11-20 17:52:29 -05:00
Artturin
83f892c511 nixos/lib: add /usr to pathsNeededForBoot
if /usr is split from root then it has to be mounted at boot
See https://github.com/NixOS/nixpkgs/issues/146115
2021-11-15 16:28:22 +02:00
Kim Lindberger
4e97bedf93
Merge pull request #112823 from deviant/nixos-boot-paths
nixos/boot: add /var/lib/nixos to pathsNeededForBoot
2021-10-07 17:38:54 +02:00
Robert Hensing
fbafeb7ad5 treewide: runCommandNoCC -> runCommand
This has been synonymous for ~5y.
2021-08-15 17:36:41 +02:00
jakobrs
7a0c1728ac nixos/lib: Handle null device correctly 2021-06-18 08:32:45 +02:00
jakobrs
b07602a604 nixos/lib, nixos/filesystems: Make fsBefore more stable, and add depends option 2021-06-08 18:51:31 +02:00
V
ededd308a8 nixos/boot: add /var/lib/nixos to pathsNeededForBoot
/var/lib/nixos is used by update-users-groups.pl in the activation
script for storing uid/gid mappings. If this has its own mountpoint
(as is the case in some setups with fine-grained bind mounts pointing
into persistent storage), the mappings are written to /var/lib, /var,
or /. These may be backed by a tmpfs or (otherwise ephemeral storage),
resulting in the mappings not persisting between reboots.
2021-02-11 22:59:05 +01:00
zowoq
008de9ca3c nixos/{containers,cri-o,podman}: move copyFile to nixos/lib/utils 2020-09-24 10:01:47 +10:00
Keshav Kini
5e86bba082 nixos/boot: some documentation improvements
- Give a more accurate description of how fileSystems.<name/>.neededForBoot
  works

- Give a more detailed description of how fileSystems.<name/>.encrypted.keyFile
  works
2020-07-29 14:39:21 -07:00
florianjacob
8b07500163
nixos/lib: use removePrefix in escapeSystemdPath 2020-03-14 03:13:04 +00:00
Sarah Brofeldt
7ca5b39125 nixos/lib/utils: Make the set recursive again, unbreak eval 2019-09-08 13:31:18 +02:00
Florian Klink
2f3b9cd52c
Merge pull request #66274 from talyz/gitlab
nixos/gitlab: Add support for secure secrets and more
2019-09-07 12:52:44 -07:00
talyz
64358cb0e9 nixos/utils: Handle arbitrary secrets in JSON output files
Introduce new functions which allows modules to define options where,
if the input is an attrset and the output is JSON, the user can define
arbitrary secrets.
2019-09-06 16:56:25 +02:00
volth
08f68313a4 treewide: remove redundant rec 2019-08-28 11:07:32 +00:00
msteen
8d217ede58 fix infinite recursion caused by the unnecessary inspection of options + fix is parent of mount point check (#51541) 2018-12-24 14:05:55 +01:00
Jan Malakhovski
b267785c43 nixos: generalize copy-paste from stage-1 and zfs to utils 2016-08-23 18:14:06 +00:00
Jan Malakhovski
65d26c4dc1 nixos: apply toposort to fileSystems to support bind and move mounts
And use new `config.system.build.fileSystems` property everywhere.
2016-08-23 18:14:05 +00:00
zimbatm
6df0bff908 nixos: throw an error on invalid shell package
All shell packages must export the shellPath passthru
2016-07-04 15:12:27 +01:00
zimbatm
2974b6f4c8 Use shell packages to select the user's shell
The string type is still available for backward-compatiblity.
2016-06-12 20:35:34 +01:00
William A. Kennington III
2de0cf2549 nixos/utils: Don't remove first character if not a / 2014-09-03 18:40:05 -07:00
Eelco Dolstra
5c1f8cbc70 Move all of NixOS to nixos/ in preparation of the repository merge 2013-10-10 13:28:20 +02:00