{ platform ? __currentSystem , stage2Init ? "" , configuration , nixpkgsPath ? ../../nixpkgs }: rec { # Make a configuration object from which we can retrieve option # values. config = pkgs.lib.addDefaultOptionValues optionDeclarations configuration; optionDeclarations = import ./options.nix {inherit pkgs; inherit (pkgs.lib) mkOption;}; pkgs = import "${nixpkgsPath}/pkgs/top-level/all-packages.nix" {system = platform;}; pkgsDiet = import "${nixpkgsPath}/pkgs/top-level/all-packages.nix" { system = platform; bootStdenv = pkgs.useDietLibC pkgs.stdenv; }; pkgsStatic = import "${nixpkgsPath}/pkgs/top-level/all-packages.nix" { system = platform; bootStdenv = pkgs.makeStaticBinaries pkgs.stdenv; }; stdenvLinuxStuff = import "${nixpkgsPath}/pkgs/stdenv/linux" { system = pkgs.stdenv.system; allPackages = import "${nixpkgsPath}/pkgs/top-level/all-packages.nix"; }; manifests = config.installer.manifests; # exported here because nixos-rebuild uses it nix = config.environment.nix pkgs; kernelPackages = config.boot.kernelPackages pkgs; kernel = kernelPackages.kernel; rootModules = config.boot.initrd.extraKernelModules ++ config.boot.initrd.kernelModules; # Tree of kernel modules. This includes the kernel, plus modules # built outside of the kernel. We have to combine these into a # single tree of symlinks because modprobe only supports one # directory. modulesTree = pkgs.aggregateModules ( [kernel] ++ pkgs.lib.optional ((config.networking.enableIntel3945ABGFirmware || config.networking.enableIntel4965AGNFirmware) && !kernel.features ? iwlwifi) kernelPackages.iwlwifi # !!! this should be declared by the xserver Upstart job. ++ pkgs.lib.optional (config.services.xserver.enable && config.services.xserver.videoDriver == "nvidia") kernelPackages.nvidiaDrivers ++ pkgs.lib.optional config.hardware.enableGo7007 kernelPackages.wis_go7007 ++ config.boot.extraModulePackages pkgs ); # Determine the set of modules that we need to mount the root FS. modulesClosure = pkgs.makeModulesClosure { inherit rootModules; kernel = modulesTree; allowMissing = config.boot.initrd.allowMissing; }; # Some additional utilities needed in stage 1, notably mount. We # don't want to bring in all of util-linux, so we just copy what we # need. extraUtils = pkgs.runCommand "extra-utils" { buildInputs = [pkgs.nukeReferences]; inherit (pkgsStatic) utillinux; inherit (pkgsDiet) udev; e2fsprogs = pkgs.e2fsprogsDiet; devicemapper = if config.boot.initrd.lvm then pkgs.devicemapperStatic else null; lvm2 = if config.boot.initrd.lvm then pkgs.lvm2Static else null; allowedReferences = []; # prevent accidents like glibc being included in the initrd } '' ensureDir $out/bin if test -n "$devicemapper"; then cp $devicemapper/sbin/dmsetup.static $out/bin/dmsetup cp $lvm2/sbin/lvm.static $out/bin/lvm fi cp $utillinux/bin/mount $utillinux/bin/umount $utillinux/sbin/pivot_root $out/bin cp -p $e2fsprogs/sbin/fsck* $e2fsprogs/sbin/e2fsck $out/bin cp $udev/sbin/udevd $udev/sbin/udevadm $out/bin nuke-refs $out/bin/* ''; # */ # The init script of boot stage 1 (loading kernel modules for # mounting the root FS). bootStage1 = import ../boot/boot-stage-1.nix { inherit (pkgs) substituteAll; inherit (pkgsDiet) module_init_tools; inherit extraUtils; inherit (config.boot) autoDetectRootDevice isLiveCD; fileSystems = pkgs.lib.filter (fs: fs.mountPoint == "/" || (fs ? neededForBoot && fs.neededForBoot)) (config.fileSystems); rootLabel = config.boot.rootLabel; inherit stage2Init; modulesDir = modulesClosure; modules = rootModules; staticShell = stdenvLinuxStuff.bootstrapTools.bash; staticTools = stdenvLinuxStuff.staticTools; resumeDevice = config.boot.resumeDevice; }; # The closure of the init script of boot stage 1 is what we put in # the initial RAM disk. initialRamdisk = pkgs.makeInitrd { contents = [ { object = bootStage1; symlink = "/init"; } ] ++ pkgs.lib.optionals (config.boot.initrd.enableSplashScreen && kernelPackages.splashutils != null) [ { object = pkgs.runCommand "splashutils" {allowedReferences = []; buildInputs = [pkgs.nukeReferences];} '' ensureDir $out/bin cp ${kernelPackages.splashutils}/${kernelPackages.splashutils.helperName} $out/bin/splash_helper nuke-refs $out/bin/* ''; suffix = "/bin/splash_helper"; symlink = "/${kernelPackages.splashutils.helperName}"; } # */ { object = import ../helpers/unpack-theme.nix { inherit (pkgs) stdenv; theme = config.services.ttyBackgrounds.defaultTheme; }; symlink = "/etc/splash"; } ]; }; # NixOS installation/updating tools. nixosTools = import ../installer { inherit pkgs config nix nixpkgsPath; }; # NSS modules. Hacky! nssModules = pkgs.lib.optional config.users.ldap.enable pkgs.nss_ldap ++ pkgs.lib.optional config.services.avahi.nssmdns pkgs.nssmdns; nssModulesPath = pkgs.lib.concatStrings (pkgs.lib.intersperse ":" (map (mod: mod + "/lib") nssModules)); # Wrapper around modprobe to set the path to the modules. modprobe = pkgs.substituteAll { dir = "sbin"; src = ./modprobe; isExecutable = true; inherit (pkgs) module_init_tools; inherit modulesTree; }; # Environment variables for running Nix. nixEnvVars = "export NIX_CONF_DIR=/nix/etc/nix\n" + (if config.nix.distributedBuilds then "export NIX_BUILD_HOOK=${nix}/libexec/nix/build-remote.pl\n" + "export NIX_REMOTE_SYSTEMS=/etc/nix.machines\n" + "export NIX_CURRENT_LOAD=/var/run/nix/current-load\n" else ""); # The services (Upstart) configuration for the system. upstartJobs = import ../upstart-jobs/default.nix { inherit config pkgs nix modprobe nssModulesPath nixEnvVars optionDeclarations kernelPackages; }; # The static parts of /etc. etc = import ../etc/default.nix { inherit config pkgs upstartJobs systemPath wrapperDir defaultShell nixEnvVars modulesTree nssModulesPath; extraEtc = pkgs.lib.concatLists (map (job: job.extraEtc) upstartJobs.jobs); }; # Font aggregation fontDir = import ./fontdir.nix { inherit config pkgs ; inherit (pkgs) builderDefs ttmkfdir; inherit (pkgs.xorg) mkfontdir mkfontscale fontalias; }; # The wrapper setuid programs (since we can't have setuid programs # in the Nix store). wrapperDir = "/var/setuid-wrappers"; setuidWrapper = import ../helpers/setuid { inherit (pkgs) stdenv; inherit wrapperDir; }; # The packages you want in the boot environment. systemPathList = [ # Better leave them here - they are small, needed, # and hard to refer from anywhere outside. modprobe # must take precedence over module_init_tools nix nixosTools.nixosInstall nixosTools.nixosRebuild nixosTools.nixosCheckout nixosTools.nixosHardwareScan nixosTools.nixosGenSeccureKeys setuidWrapper ] ++ pkgs.lib.optionals (!config.environment.cleanStart) [ pkgs.bashInteractive # bash with ncurses support pkgs.bzip2 pkgs.coreutils pkgs.cpio pkgs.cron pkgs.curl pkgs.e2fsprogs pkgs.findutils pkgs.glibc # for ldd, getent pkgs.gnugrep pkgs.gnused pkgs.gnutar pkgs.grub pkgs.gzip pkgs.iputils pkgs.less pkgs.lvm2 pkgs.man pkgs.mdadm pkgs.module_init_tools pkgs.nano pkgs.ncurses pkgs.netcat pkgs.nettools pkgs.ntp pkgs.openssh pkgs.pciutils pkgs.perl pkgs.procps pkgs.pwdutils pkgs.reiserfsprogs pkgs.rsync pkgs.seccureUser pkgs.strace pkgs.su pkgs.sysklogd pkgs.sysvtools pkgs.time pkgs.udev pkgs.upstart pkgs.usbutils pkgs.utillinux pkgs.wirelesstools ] ++ pkgs.lib.optional config.security.sudo.enable pkgs.sudo ++ pkgs.lib.optional config.services.atd.enable pkgs.at ++ pkgs.lib.optional config.services.bitlbee.enable pkgs.bitlbee ++ pkgs.lib.optional config.services.avahi.enable pkgs.avahi ++ pkgs.lib.optional config.networking.defaultMailServer.directDelivery pkgs.ssmtp ++ pkgs.lib.concatLists (map (job: job.extraPath) upstartJobs.jobs) ++ config.environment.extraPackages pkgs ++ pkgs.lib.optional config.fonts.enableFontDir fontDir ++ pkgs.lib.optional config.hardware.enableGo7007 kernelPackages.wis_go7007 # NSS modules need to be in `systemPath' so that (i) the builder # chroot gets to seem them, and (ii) applications can benefit from # changes in the list of NSS modules at run-time, without requiring # a reboot. ++ nssModules; # We don't want to put all of `startPath' and `path' in $PATH, since # then we get an embarrassingly long $PATH. So use the user # environment builder to make a directory with symlinks to those # packages. systemPath = pkgs.buildEnv { name = "system-path"; paths = systemPathList; # Note: We need `/lib' to be among `pathsToLink' for NSS modules # to work. inherit (config.environment) pathsToLink; ignoreCollisions = true; }; usersGroups = import ./users-groups.nix { inherit pkgs config upstartJobs defaultShell; }; defaultShell = "/var/run/current-system/sw/bin/bash"; # The script that activates the configuration, i.e., it sets up # /etc, accounts, etc. It doesn't do anything that can only be done # at boot time (such as start `init'). activateConfiguration = pkgs.substituteAll rec { src = ./activate-configuration.sh; isExecutable = true; inherit etc wrapperDir systemPath modprobe defaultShell kernel; hostName = config.networking.hostName; setuidPrograms = config.security.setuidPrograms ++ config.security.extraSetuidPrograms ++ pkgs.lib.optional config.security.sudo.enable "sudo" ++ pkgs.lib.optionals config.services.atd.enable ["at" "atq" "atrm"] ++ pkgs.lib.optional (config.services.xserver.sessionType == "kde") "kcheckpass"; inherit (usersGroups) createUsersGroups usersList groupsList; path = [ pkgs.coreutils pkgs.gnugrep pkgs.findutils pkgs.glibc # needed for getent pkgs.pwdutils ]; bash = pkgs.bashInteractive; adjustSetuidOwner = pkgs.lib.concatStrings (map (_entry:let entry = { owner = "nobody"; group = "nogroup"; setuid = false; setgid = false; } //_entry; in '' chown ${entry.owner}.${entry.group} $wrapperDir/${entry.program} chmod u${if entry.setuid then "+" else "-"}s $wrapperDir/${entry.program} chmod g${if entry.setgid then "+" else "-"}s $wrapperDir/${entry.program} '') config.security.setuidOwners); }; # The init script of boot stage 2, which is supposed to do # everything else to bring up the system. bootStage2 = import ../boot/boot-stage-2.nix { inherit (pkgs) substituteAll writeText coreutils utillinux udev upstart; inherit kernel activateConfiguration; inherit (config.boot) isLiveCD; upstartPath = [ pkgs.coreutils pkgs.findutils pkgs.gnugrep pkgs.gnused pkgs.upstart ]; bootLocal = config.boot.localCommands; }; # Script to build the Grub menu containing the current and previous # system configurations. grubMenuBuilder = pkgs.substituteAll { src = ../installer/grub-menu-builder.sh; isExecutable = true; inherit (pkgs) bash; path = [pkgs.coreutils pkgs.gnused pkgs.gnugrep]; inherit (config.boot) copyKernels extraGrubEntries grubSplashImage bootMount configurationLimit; }; # Putting it all together. This builds a store object containing # symlinks to the various parts of the built configuration (the # kernel, the Upstart services, the init scripts, etc.) as well as a # script `switch-to-configuration' that activates the configuration # and makes it bootable. system = pkgs.checker (pkgs.stdenv.mkDerivation { name = "system"; builder = ./system.sh; switchToConfiguration = ./switch-to-configuration.sh; inherit (pkgs) grub coreutils gnused gnugrep diffutils findutils upstart; grubDevice = config.boot.grubDevice; kernelParams = config.boot.kernelParams ++ config.boot.extraKernelParams; inherit bootStage2; inherit activateConfiguration; inherit grubMenuBuilder; inherit etc; inherit systemPath; kernel = kernel + "/vmlinuz"; initrd = initialRamdisk + "/initrd"; # Most of these are needed by grub-install. path = [ pkgs.coreutils pkgs.gnused pkgs.gnugrep pkgs.findutils pkgs.diffutils pkgs.upstart # for initctl ]; children = map (x: ((import ./system.nix) {inherit platform stage2Init; configuration = x//{boot=((x.boot)//{grubDevice = "";});};}).system) config.nesting.children; configurationName = config.boot.configurationName; }) (pkgs.lib.getAttr ["environment" "checkConfigurationOptions"] optionDeclarations.environment.checkConfigurationOptions.default configuration) optionDeclarations configuration ; }