Some cleanups in the activation script:
* Moved some scriptlets to the appropriate modules. * Put the scriptlet that sets the default path at the start, since it never makes sense not to have it there. It no longer needs to be declared as a dependency. * If a scriptlet has no dependencies, it can be denoted as a plain string (i.e., `noDepEntry' is not needed anymore). svn path=/nixos/trunk/; revision=23762
This commit is contained in:
parent
f99e42cfbc
commit
f729f12e4e
@ -156,7 +156,23 @@ in
|
|||||||
|
|
||||||
config = {
|
config = {
|
||||||
|
|
||||||
system.activationScripts.users = fullDepEntry
|
system.activationScripts.rootPasswd = stringAfter [ "etc" ]
|
||||||
|
''
|
||||||
|
# If there is no password file yet, create a root account with an
|
||||||
|
# empty password.
|
||||||
|
if ! test -e /etc/passwd; then
|
||||||
|
rootHome=/root
|
||||||
|
touch /etc/passwd; chmod 0644 /etc/passwd
|
||||||
|
touch /etc/group; chmod 0644 /etc/group
|
||||||
|
touch /etc/shadow; chmod 0600 /etc/shadow
|
||||||
|
# Can't use useradd, since it complains that it doesn't know us
|
||||||
|
# (bootstrap problem!).
|
||||||
|
echo "root:x:0:0:System administrator:$rootHome:${config.users.defaultUserShell}" >> /etc/passwd
|
||||||
|
echo "root::::::::" >> /etc/shadow
|
||||||
|
fi
|
||||||
|
'';
|
||||||
|
|
||||||
|
system.activationScripts.users = stringAfter [ "groups" ]
|
||||||
''
|
''
|
||||||
echo "updating users..."
|
echo "updating users..."
|
||||||
|
|
||||||
@ -206,9 +222,9 @@ in
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
done
|
done
|
||||||
'' [ "groups" ];
|
'';
|
||||||
|
|
||||||
system.activationScripts.groups = fullDepEntry
|
system.activationScripts.groups = stringAfter [ "rootPasswd" "binsh" "etc" "var" ]
|
||||||
''
|
''
|
||||||
echo "updating groups..."
|
echo "updating groups..."
|
||||||
|
|
||||||
@ -231,7 +247,7 @@ in
|
|||||||
done <<EndOfGroupList
|
done <<EndOfGroupList
|
||||||
${concatStringsSep "\n" (map serializedGroup groups)}
|
${concatStringsSep "\n" (map serializedGroup groups)}
|
||||||
EndOfGroupList
|
EndOfGroupList
|
||||||
'' [ "rootPasswd" "binsh" "etc" "var" ];
|
'';
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -1,19 +1,21 @@
|
|||||||
# This module defines global configuration for the Bash shell, in
|
# This module defines global configuration for the Bash shell, in
|
||||||
# particular /etc/bashrc and /etc/profile.
|
# particular /etc/bashrc and /etc/profile.
|
||||||
|
|
||||||
{config, pkgs, ...}:
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
|
with pkgs.lib;
|
||||||
|
|
||||||
let
|
let
|
||||||
|
|
||||||
options = {
|
options = {
|
||||||
|
|
||||||
environment.shellInit = pkgs.lib.mkOption {
|
environment.shellInit = mkOption {
|
||||||
default = "";
|
default = "";
|
||||||
example = ''export PATH=/godi/bin/:$PATH'';
|
example = ''export PATH=/godi/bin/:$PATH'';
|
||||||
description = "
|
description = "
|
||||||
Script used to initialized user shell environments.
|
Script used to initialized user shell environments.
|
||||||
";
|
";
|
||||||
merge = pkgs.lib.mergeStringOption;
|
merge = mergeStringOption;
|
||||||
};
|
};
|
||||||
|
|
||||||
};
|
};
|
||||||
@ -57,4 +59,13 @@ in
|
|||||||
];
|
];
|
||||||
|
|
||||||
system.build.binsh = pkgs.bashInteractive;
|
system.build.binsh = pkgs.bashInteractive;
|
||||||
|
|
||||||
|
system.activationScripts.binsh = stringAfter [ "stdio" ]
|
||||||
|
''
|
||||||
|
# Create the required /bin/sh symlink; otherwise lots of things
|
||||||
|
# (notably the system() function) won't work.
|
||||||
|
mkdir -m 0755 -p /bin
|
||||||
|
ln -sfn ${config.system.build.binsh}/bin/sh /bin/sh
|
||||||
|
'';
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -51,7 +51,7 @@ in
|
|||||||
}
|
}
|
||||||
];
|
];
|
||||||
|
|
||||||
system.activationScripts.policyKit = fullDepEntry
|
system.activationScripts.policyKit = stringAfter [ "users" ]
|
||||||
''
|
''
|
||||||
mkdir -m 0770 -p /var/run/PolicyKit
|
mkdir -m 0770 -p /var/run/PolicyKit
|
||||||
chown root.polkituser /var/run/PolicyKit
|
chown root.polkituser /var/run/PolicyKit
|
||||||
@ -63,7 +63,7 @@ in
|
|||||||
touch /var/lib/misc/PolicyKit.reload
|
touch /var/lib/misc/PolicyKit.reload
|
||||||
chmod 0664 /var/lib/misc/PolicyKit.reload
|
chmod 0664 /var/lib/misc/PolicyKit.reload
|
||||||
chown polkituser.polkituser /var/lib/misc/PolicyKit.reload
|
chown polkituser.polkituser /var/lib/misc/PolicyKit.reload
|
||||||
'' [ "users" ];
|
'';
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -27,12 +27,10 @@ in
|
|||||||
environment = {
|
environment = {
|
||||||
systemPackages = [ pkWrapper ];
|
systemPackages = [ pkWrapper ];
|
||||||
pathsToLink = [ "/share/polkit-1" "/etc/polkit-1" ];
|
pathsToLink = [ "/share/polkit-1" "/etc/polkit-1" ];
|
||||||
etc = [
|
etc = singleton
|
||||||
{
|
{ source = "${config.system.path}/etc/polkit-1";
|
||||||
source = "${config.system.path}/etc/polkit-1";
|
|
||||||
target = "polkit-1";
|
target = "polkit-1";
|
||||||
}
|
};
|
||||||
];
|
|
||||||
};
|
};
|
||||||
|
|
||||||
services.dbus.packages = [ pkWrapper ];
|
services.dbus.packages = [ pkWrapper ];
|
||||||
@ -41,18 +39,16 @@ in
|
|||||||
pam.services = [ { name = "polkit-1"; } ];
|
pam.services = [ { name = "polkit-1"; } ];
|
||||||
setuidPrograms = [ "pkexec" ];
|
setuidPrograms = [ "pkexec" ];
|
||||||
|
|
||||||
setuidOwners = [
|
setuidOwners = singleton
|
||||||
{
|
{ program = "polkit-agent-helper-1";
|
||||||
program = "polkit-agent-helper-1";
|
|
||||||
owner = "root";
|
owner = "root";
|
||||||
group = "root";
|
group = "root";
|
||||||
setuid = true;
|
setuid = true;
|
||||||
source = pkgs.polkit + "/" + pkWrapper.helper;
|
source = pkgs.polkit + "/" + pkWrapper.helper;
|
||||||
}
|
};
|
||||||
];
|
|
||||||
};
|
};
|
||||||
|
|
||||||
system.activationScripts.polikit = pkgs.stringsWithDeps.noDepEntry
|
system.activationScripts.polkit =
|
||||||
''
|
''
|
||||||
mkdir -p /var/lib/polkit-1/localauthority
|
mkdir -p /var/lib/polkit-1/localauthority
|
||||||
chmod 700 /var/lib/polkit-1{/localauthority,}
|
chmod 700 /var/lib/polkit-1{/localauthority,}
|
||||||
|
@ -110,7 +110,7 @@ in
|
|||||||
chmod "u${if setuid then "+" else "-"}s,g${if setgid then "+" else "-"}s,${permissions}" ${wrapperDir}/${program}
|
chmod "u${if setuid then "+" else "-"}s,g${if setgid then "+" else "-"}s,${permissions}" ${wrapperDir}/${program}
|
||||||
'';
|
'';
|
||||||
|
|
||||||
in pkgs.stringsWithDeps.fullDepEntry
|
in stringAfter [ "users" ]
|
||||||
''
|
''
|
||||||
# Look in the system path and in the default profile for
|
# Look in the system path and in the default profile for
|
||||||
# programs to be wrapped.
|
# programs to be wrapped.
|
||||||
@ -120,7 +120,7 @@ in
|
|||||||
mkdir -p ${wrapperDir}
|
mkdir -p ${wrapperDir}
|
||||||
|
|
||||||
${concatMapStrings makeSetuidWrapper setuidPrograms}
|
${concatMapStrings makeSetuidWrapper setuidPrograms}
|
||||||
'' [ "defaultPath" "users" ];
|
'';
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -1,7 +1,9 @@
|
|||||||
{pkgs, config, ...}:
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
|
with pkgs.lib;
|
||||||
|
|
||||||
let
|
let
|
||||||
inherit (pkgs.lib) mkOption mkIf singleton concatStrings;
|
|
||||||
inherit (pkgs) mysql gzip;
|
inherit (pkgs) mysql gzip;
|
||||||
|
|
||||||
location = config.services.mysqlBackup.location ;
|
location = config.services.mysqlBackup.location ;
|
||||||
@ -58,14 +60,15 @@ in
|
|||||||
};
|
};
|
||||||
|
|
||||||
config = mkIf config.services.mysqlBackup.enable {
|
config = mkIf config.services.mysqlBackup.enable {
|
||||||
services.cron = {
|
|
||||||
systemCronJobs = map mysqlBackupCron config.services.mysqlBackup.databases;
|
|
||||||
};
|
|
||||||
|
|
||||||
system.activationScripts.mysqlBackup = pkgs.stringsWithDeps.fullDepEntry ''
|
services.cron.systemCronJobs = map mysqlBackupCron config.services.mysqlBackup.databases;
|
||||||
mkdir -m 0700 -p ${config.services.mysqlBackup.location}
|
|
||||||
chown ${config.services.mysqlBackup.user} ${config.services.mysqlBackup.location}
|
system.activationScripts.mysqlBackup = stringAfter [ "stdio" "defaultPath" "systemConfig" "users" ]
|
||||||
'' [ "stdio" "defaultPath" "systemConfig" "users" ];
|
''
|
||||||
|
mkdir -m 0700 -p ${config.services.mysqlBackup.location}
|
||||||
|
chown ${config.services.mysqlBackup.user} ${config.services.mysqlBackup.location}
|
||||||
|
'';
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -1,14 +1,16 @@
|
|||||||
{pkgs, config, ...}:
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
|
with pkgs.lib;
|
||||||
|
|
||||||
let
|
let
|
||||||
inherit (pkgs.lib) mkOption mkIf singleton concatStrings;
|
|
||||||
inherit (pkgs) postgresql gzip;
|
inherit (pkgs) postgresql gzip;
|
||||||
|
|
||||||
location = config.services.postgresqlBackup.location ;
|
location = config.services.postgresqlBackup.location ;
|
||||||
|
|
||||||
postgresqlBackupCron = db : ''
|
postgresqlBackupCron = db:
|
||||||
${config.services.postgresqlBackup.period} root ${postgresql}/bin/pg_dump ${db} | ${gzip}/bin/gzip -c > ${location}/${db}.gz
|
''
|
||||||
'';
|
${config.services.postgresqlBackup.period} root ${postgresql}/bin/pg_dump ${db} | ${gzip}/bin/gzip -c > ${location}/${db}.gz
|
||||||
|
'';
|
||||||
|
|
||||||
in
|
in
|
||||||
|
|
||||||
@ -52,14 +54,13 @@ in
|
|||||||
};
|
};
|
||||||
|
|
||||||
config = mkIf config.services.postgresqlBackup.enable {
|
config = mkIf config.services.postgresqlBackup.enable {
|
||||||
services.cron = {
|
services.cron.systemCronJobs = map postgresqlBackupCron config.services.postgresqlBackup.databases;
|
||||||
systemCronJobs = map postgresqlBackupCron config.services.postgresqlBackup.databases;
|
|
||||||
};
|
|
||||||
|
|
||||||
system.activationScripts.postgresqlBackup = pkgs.stringsWithDeps.fullDepEntry ''
|
system.activationScripts.postgresqlBackup = stringAfter [ "stdio" "defaultPath" "systemConfig" "users" ]
|
||||||
mkdir -m 0700 -p ${config.services.postgresqlBackup.location}
|
''
|
||||||
chown root ${config.services.postgresqlBackup.location}
|
mkdir -m 0700 -p ${config.services.postgresqlBackup.location}
|
||||||
'' [ "stdio" "defaultPath" "systemConfig" "users" ];
|
chown root ${config.services.postgresqlBackup.location}
|
||||||
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -1,7 +1,8 @@
|
|||||||
{pkgs, config, ...}:
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
|
with pkgs.lib;
|
||||||
|
|
||||||
let
|
let
|
||||||
inherit (pkgs.lib) mkOption mkIf singleton concatStrings;
|
|
||||||
inherit (pkgs) sitecopy;
|
inherit (pkgs) sitecopy;
|
||||||
|
|
||||||
stateDir = "/var/spool/sitecopy";
|
stateDir = "/var/spool/sitecopy";
|
||||||
@ -63,45 +64,41 @@ in
|
|||||||
config = mkIf config.services.sitecopy.enable {
|
config = mkIf config.services.sitecopy.enable {
|
||||||
environment.systemPackages = [ sitecopy ];
|
environment.systemPackages = [ sitecopy ];
|
||||||
|
|
||||||
services.cron = {
|
services.cron.systemCronJobs = map sitecopyCron config.services.sitecopy.backups;
|
||||||
systemCronJobs = map sitecopyCron config.services.sitecopy.backups;
|
|
||||||
};
|
|
||||||
|
|
||||||
|
system.activationScripts.sitecopyBackup = stringAfter [ "stdio" "systemConfig" "users" ]
|
||||||
|
''
|
||||||
|
mkdir -m 0700 -p ${stateDir}
|
||||||
|
chown root ${stateDir}
|
||||||
|
touch ${stateDir}/sitecopy.secrets
|
||||||
|
chown root ${stateDir}/sitecopy.secrets
|
||||||
|
|
||||||
system.activationScripts.sitecopyBackup =
|
${pkgs.lib.concatStrings (map ( b: ''
|
||||||
pkgs.stringsWithDeps.fullDepEntry ''
|
unset secrets
|
||||||
mkdir -m 0700 -p ${stateDir}
|
unset secret
|
||||||
chown root ${stateDir}
|
secrets=`grep '^${b.server}' ${stateDir}/sitecopy.secrets | head -1`
|
||||||
touch ${stateDir}/sitecopy.secrets
|
secret=($secrets)
|
||||||
chown root ${stateDir}/sitecopy.secrets
|
cat > ${stateDir}/${b.name}.conf << EOF
|
||||||
|
site ${b.name}
|
||||||
${pkgs.lib.concatStrings (map ( b: ''
|
server ${b.server}
|
||||||
unset secrets
|
protocol ${b.protocol}
|
||||||
unset secret
|
username ''${secret[1]}
|
||||||
secrets=`grep '^${b.server}' ${stateDir}/sitecopy.secrets | head -1`
|
password ''${secret[2]}
|
||||||
secret=($secrets)
|
local ${b.local}
|
||||||
cat > ${stateDir}/${b.name}.conf << EOF
|
remote ${b.remote}
|
||||||
site ${b.name}
|
symlinks ${b.symlinks}
|
||||||
server ${b.server}
|
${if b.https then "http secure" else ""}
|
||||||
protocol ${b.protocol}
|
EOF
|
||||||
username ''${secret[1]}
|
chmod 0600 ${stateDir}/${b.name}.conf
|
||||||
password ''${secret[2]}
|
if ! test -e ${stateDir}/${b.name} ; then
|
||||||
local ${b.local}
|
echo " * Initializing sitecopy '${b.name}'"
|
||||||
remote ${b.remote}
|
${sitecopy}/bin/sitecopy --storepath=${stateDir} --rcfile=${stateDir}/${b.name}.conf --initialize ${b.name}
|
||||||
symlinks ${b.symlinks}
|
else
|
||||||
${if b.https then "http secure" else ""}
|
echo " * Sitecopy '${b.name}' already initialized"
|
||||||
EOF
|
fi
|
||||||
chmod 0600 ${stateDir}/${b.name}.conf
|
'' ) config.services.sitecopy.backups
|
||||||
if ! test -e ${stateDir}/${b.name} ; then
|
)}
|
||||||
echo " * Initializing sitecopy '${b.name}'"
|
'';
|
||||||
${sitecopy}/bin/sitecopy --storepath=${stateDir} --rcfile=${stateDir}/${b.name}.conf --initialize ${b.name}
|
|
||||||
else
|
|
||||||
echo " * Sitecopy '${b.name}' already initialized"
|
|
||||||
fi
|
|
||||||
'' ) config.services.sitecopy.backups
|
|
||||||
)}
|
|
||||||
|
|
||||||
'' [ "stdio" "defaultPath" "systemConfig" "users" ] ;
|
|
||||||
};
|
};
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -277,7 +277,7 @@ in
|
|||||||
# do this, mount the remote file system on a subdirectory of
|
# do this, mount the remote file system on a subdirectory of
|
||||||
# /var/run/nix/remote-stores.
|
# /var/run/nix/remote-stores.
|
||||||
export NIX_OTHER_STORES=/var/run/nix/remote-stores/*/nix
|
export NIX_OTHER_STORES=/var/run/nix/remote-stores/*/nix
|
||||||
''
|
'' # */
|
||||||
+ optionalString config.nix.distributedBuilds ''
|
+ optionalString config.nix.distributedBuilds ''
|
||||||
export NIX_BUILD_HOOK=${config.environment.nix}/libexec/nix/build-remote.pl
|
export NIX_BUILD_HOOK=${config.environment.nix}/libexec/nix/build-remote.pl
|
||||||
export NIX_REMOTE_SYSTEMS=/etc/nix.machines
|
export NIX_REMOTE_SYSTEMS=/etc/nix.machines
|
||||||
@ -292,6 +292,33 @@ in
|
|||||||
|
|
||||||
users.extraUsers = map makeNixBuildUser (pkgs.lib.range 1 config.nix.nrBuildUsers);
|
users.extraUsers = map makeNixBuildUser (pkgs.lib.range 1 config.nix.nrBuildUsers);
|
||||||
|
|
||||||
|
system.activationScripts.nix = stringAfter [ "etc" "users" ]
|
||||||
|
''
|
||||||
|
# Set up Nix.
|
||||||
|
mkdir -p /nix/etc/nix
|
||||||
|
ln -sfn /etc/nix.conf /nix/etc/nix/nix.conf
|
||||||
|
chown root.nixbld /nix/store
|
||||||
|
chmod 1775 /nix/store
|
||||||
|
|
||||||
|
# Nix initialisation.
|
||||||
|
mkdir -m 0755 -p \
|
||||||
|
/nix/var/nix/gcroots \
|
||||||
|
/nix/var/nix/temproots \
|
||||||
|
/nix/var/nix/manifests \
|
||||||
|
/nix/var/nix/userpool \
|
||||||
|
/nix/var/nix/profiles \
|
||||||
|
/nix/var/nix/db \
|
||||||
|
/nix/var/log/nix/drvs \
|
||||||
|
/nix/var/nix/channel-cache \
|
||||||
|
/nix/var/nix/chroots
|
||||||
|
mkdir -m 1777 -p /nix/var/nix/gcroots/per-user
|
||||||
|
mkdir -m 1777 -p /nix/var/nix/profiles/per-user
|
||||||
|
mkdir -m 1777 -p /nix/var/nix/gcroots/tmp
|
||||||
|
|
||||||
|
ln -sf /nix/var/nix/profiles /nix/var/nix/gcroots/
|
||||||
|
ln -sf /nix/var/nix/manifests /nix/var/nix/gcroots/
|
||||||
|
'';
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -75,43 +75,44 @@ in
|
|||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
services.cron.systemCronJobs = [ cronJob ];
|
services.cron.systemCronJobs = [ cronJob ];
|
||||||
|
|
||||||
system.activationScripts.systemhealth = fullDepEntry ''
|
system.activationScripts.systemhealth = stringAfter [ "var" ]
|
||||||
mkdir -p ${rrdDir} ${htmlDir}
|
''
|
||||||
chown wwwrun.wwwrun ${rrdDir} ${htmlDir}
|
mkdir -p ${rrdDir} ${htmlDir}
|
||||||
|
chown wwwrun.wwwrun ${rrdDir} ${htmlDir}
|
||||||
|
|
||||||
cat >${configFile} << EOF
|
cat >${configFile} << EOF
|
||||||
[paths]
|
[paths]
|
||||||
rrdtool = ${pkgs.rrdtool}/bin/rrdtool
|
rrdtool = ${pkgs.rrdtool}/bin/rrdtool
|
||||||
loadavg_rrd = loadavg
|
loadavg_rrd = loadavg
|
||||||
ps = /var/run/current-system/sw/bin/ps
|
ps = /var/run/current-system/sw/bin/ps
|
||||||
df = /var/run/current-system/sw/bin/df
|
df = /var/run/current-system/sw/bin/df
|
||||||
meminfo_rrd = meminfo
|
meminfo_rrd = meminfo
|
||||||
uptime_rrd = uptime
|
uptime_rrd = uptime
|
||||||
rrd_path = ${rrdDir}
|
rrd_path = ${rrdDir}
|
||||||
png_path = ${htmlDir}
|
png_path = ${htmlDir}
|
||||||
|
|
||||||
[processes]
|
[processes]
|
||||||
|
|
||||||
[interfaces]
|
[interfaces]
|
||||||
${interfacesSection}
|
${interfacesSection}
|
||||||
|
|
||||||
[drives]
|
[drives]
|
||||||
${drivesSection}
|
${drivesSection}
|
||||||
|
|
||||||
[graphs]
|
[graphs]
|
||||||
width = 400
|
width = 400
|
||||||
time = ['-3hours', '-32hours', '-8days', '-5weeks', '-13months']
|
time = ['-3hours', '-32hours', '-8days', '-5weeks', '-13months']
|
||||||
height = 100
|
height = 100
|
||||||
|
|
||||||
[external]
|
[external]
|
||||||
|
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
chown wwwrun.wwwrun ${configFile}
|
chown wwwrun.wwwrun ${configFile}
|
||||||
|
|
||||||
${pkgs.su}/bin/su -s "/bin/sh" -c "${command} --check" wwwrun
|
${pkgs.su}/bin/su -s "/bin/sh" -c "${command} --check" wwwrun
|
||||||
${pkgs.su}/bin/su -s "/bin/sh" -c "${command} --html" wwwrun
|
${pkgs.su}/bin/su -s "/bin/sh" -c "${command} --html" wwwrun
|
||||||
'' [ "var" ];
|
'';
|
||||||
|
|
||||||
services.httpd.extraSubservices = [
|
services.httpd.extraSubservices = [
|
||||||
{ function = f: {
|
{ function = f: {
|
||||||
|
@ -1,220 +1,140 @@
|
|||||||
# generate the script used to activate the configuration.
|
# generate the script used to activate the configuration.
|
||||||
{pkgs, config, ...}:
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
|
with pkgs.lib;
|
||||||
|
|
||||||
let
|
let
|
||||||
inherit (pkgs.lib) mkOption mergeTypedOption mergeAttrs
|
|
||||||
mapAttrs addErrorContext fold id filter textClosureMap noDepEntry
|
|
||||||
fullDepEntry;
|
|
||||||
inherit (builtins) attrNames;
|
|
||||||
|
|
||||||
addAttributeName = mapAttrs (a: v: v // {
|
addAttributeName = mapAttrs (a: v: v // {
|
||||||
text = ''
|
text = ''
|
||||||
#### actionScripts snippet ${a} :
|
#### Activation script snippet ${a}:
|
||||||
# ========================================
|
${v.text}
|
||||||
${v.text}
|
|
||||||
'';
|
|
||||||
});
|
|
||||||
|
|
||||||
defaultScripts = {
|
|
||||||
|
|
||||||
systemConfig = noDepEntry ''
|
|
||||||
systemConfig="$1"
|
|
||||||
if test -z "$systemConfig"; then
|
|
||||||
systemConfig="/system" # for the installation CD
|
|
||||||
fi
|
|
||||||
'';
|
'';
|
||||||
|
});
|
||||||
|
|
||||||
defaultPath =
|
path =
|
||||||
let path = [
|
[ pkgs.coreutils pkgs.gnugrep pkgs.findutils
|
||||||
pkgs.coreutils pkgs.gnugrep pkgs.findutils
|
pkgs.glibc # needed for getent
|
||||||
pkgs.glibc # needed for getent
|
pkgs.shadow
|
||||||
pkgs.shadow
|
pkgs.nettools # needed for hostname
|
||||||
pkgs.nettools # needed for hostname
|
|
||||||
]; in noDepEntry ''
|
|
||||||
export PATH=/empty
|
|
||||||
for i in ${toString path}; do
|
|
||||||
PATH=$PATH:$i/bin:$i/sbin;
|
|
||||||
done
|
|
||||||
'';
|
|
||||||
|
|
||||||
stdio = fullDepEntry ''
|
|
||||||
# Needed by some programs.
|
|
||||||
ln -sfn /proc/self/fd /dev/fd
|
|
||||||
ln -sfn /proc/self/fd/0 /dev/stdin
|
|
||||||
ln -sfn /proc/self/fd/1 /dev/stdout
|
|
||||||
ln -sfn /proc/self/fd/2 /dev/stderr
|
|
||||||
'' [
|
|
||||||
"defaultPath" # path to ln
|
|
||||||
];
|
];
|
||||||
|
|
||||||
binsh = fullDepEntry ''
|
|
||||||
# Create the required /bin/sh symlink; otherwise lots of things
|
|
||||||
# (notably the system() function) won't work.
|
|
||||||
mkdir -m 0755 -p $mountPoint/bin
|
|
||||||
ln -sfn ${config.system.build.binsh}/bin/sh $mountPoint/bin/sh
|
|
||||||
'' [
|
|
||||||
"defaultPath" # path to ln & mkdir
|
|
||||||
"stdio" # ?
|
|
||||||
];
|
|
||||||
|
|
||||||
modprobe = fullDepEntry ''
|
|
||||||
# Allow the kernel to find our wrapped modprobe (which searches
|
|
||||||
# in the right location in the Nix store for kernel modules).
|
|
||||||
# We need this when the kernel (or some module) auto-loads a
|
|
||||||
# module.
|
|
||||||
echo ${config.system.sbin.modprobe}/sbin/modprobe > /proc/sys/kernel/modprobe
|
|
||||||
'' [
|
|
||||||
# ?
|
|
||||||
];
|
|
||||||
|
|
||||||
var = fullDepEntry ''
|
|
||||||
# Various log/runtime directories.
|
|
||||||
|
|
||||||
touch /var/run/utmp # must exist
|
|
||||||
chgrp ${toString config.ids.gids.utmp} /var/run/utmp
|
|
||||||
chmod 664 /var/run/utmp
|
|
||||||
|
|
||||||
mkdir -m 0755 -p /var/run/nix/current-load # for distributed builds
|
|
||||||
mkdir -m 0700 -p /var/run/nix/remote-stores
|
|
||||||
|
|
||||||
mkdir -m 0755 -p /var/log
|
|
||||||
mkdir -m 0755 -p /var/log/upstart
|
|
||||||
|
|
||||||
touch /var/log/wtmp # must exist
|
|
||||||
chmod 644 /var/log/wtmp
|
|
||||||
|
|
||||||
touch /var/log/lastlog
|
|
||||||
chmod 644 /var/log/lastlog
|
|
||||||
|
|
||||||
mkdir -m 1777 -p /var/tmp
|
|
||||||
|
|
||||||
# Empty, read-only home directory of many system accounts.
|
|
||||||
mkdir -m 0555 -p /var/empty
|
|
||||||
'' [
|
|
||||||
"defaultPath" # path to mkdir & touch & chmod
|
|
||||||
];
|
|
||||||
|
|
||||||
rootPasswd = fullDepEntry ''
|
|
||||||
# If there is no password file yet, create a root account with an
|
|
||||||
# empty password.
|
|
||||||
if ! test -e /etc/passwd; then
|
|
||||||
rootHome=/root
|
|
||||||
touch /etc/passwd; chmod 0644 /etc/passwd
|
|
||||||
touch /etc/group; chmod 0644 /etc/group
|
|
||||||
touch /etc/shadow; chmod 0600 /etc/shadow
|
|
||||||
# Can't use useradd, since it complains that it doesn't know us
|
|
||||||
# (bootstrap problem!).
|
|
||||||
echo "root:x:0:0:System administrator:$rootHome:${config.users.defaultUserShell}" >> /etc/passwd
|
|
||||||
echo "root::::::::" >> /etc/shadow
|
|
||||||
fi
|
|
||||||
'' [
|
|
||||||
"defaultPath" # path to touch & passwd
|
|
||||||
"etc" # for /etc
|
|
||||||
# ?
|
|
||||||
];
|
|
||||||
|
|
||||||
nix = fullDepEntry ''
|
|
||||||
# Set up Nix.
|
|
||||||
mkdir -p /nix/etc/nix
|
|
||||||
ln -sfn /etc/nix.conf /nix/etc/nix/nix.conf
|
|
||||||
chown root.nixbld /nix/store
|
|
||||||
chmod 1775 /nix/store
|
|
||||||
|
|
||||||
# Nix initialisation.
|
|
||||||
mkdir -m 0755 -p \
|
|
||||||
/nix/var/nix/gcroots \
|
|
||||||
/nix/var/nix/temproots \
|
|
||||||
/nix/var/nix/manifests \
|
|
||||||
/nix/var/nix/userpool \
|
|
||||||
/nix/var/nix/profiles \
|
|
||||||
/nix/var/nix/db \
|
|
||||||
/nix/var/log/nix/drvs \
|
|
||||||
/nix/var/nix/channel-cache \
|
|
||||||
/nix/var/nix/chroots
|
|
||||||
mkdir -m 1777 -p /nix/var/nix/gcroots/per-user
|
|
||||||
mkdir -m 1777 -p /nix/var/nix/profiles/per-user
|
|
||||||
mkdir -m 1777 -p /nix/var/nix/gcroots/tmp
|
|
||||||
|
|
||||||
ln -sf /nix/var/nix/profiles /nix/var/nix/gcroots/
|
|
||||||
ln -sf /nix/var/nix/manifests /nix/var/nix/gcroots/
|
|
||||||
'' [
|
|
||||||
"defaultPath"
|
|
||||||
"etc" # /etc/nix.conf
|
|
||||||
"users" # nixbld group
|
|
||||||
];
|
|
||||||
|
|
||||||
hostname = fullDepEntry ''
|
|
||||||
# Set the host name. Don't clear it if it's not configured in the
|
|
||||||
# NixOS configuration, since it may have been set by dhclient in the
|
|
||||||
# meantime.
|
|
||||||
${if config.networking.hostName != "" then
|
|
||||||
''hostname "${config.networking.hostName}"''
|
|
||||||
else ''
|
|
||||||
# dhclient won't do anything if the hostname isn't empty.
|
|
||||||
if test "$(hostname)" = "(none)"; then
|
|
||||||
hostname ""
|
|
||||||
fi
|
|
||||||
''}
|
|
||||||
'' [ "defaultPath" ];
|
|
||||||
|
|
||||||
# The activation has to be done at the end. This is forced at the apply
|
|
||||||
# function of activationScripts option
|
|
||||||
activate = noDepEntry ''
|
|
||||||
# Make this configuration the current configuration.
|
|
||||||
# The readlink is there to ensure that when $systemConfig = /system
|
|
||||||
# (which is a symlink to the store), /var/run/current-system is still
|
|
||||||
# used as a garbage collection root.
|
|
||||||
ln -sfn "$(readlink -f "$systemConfig")" /var/run/current-system
|
|
||||||
|
|
||||||
# Prevent the current configuration from being garbage-collected.
|
|
||||||
ln -sfn /var/run/current-system /nix/var/nix/gcroots/current-system
|
|
||||||
'';
|
|
||||||
|
|
||||||
media = noDepEntry ''
|
|
||||||
mkdir -p /media
|
|
||||||
'';
|
|
||||||
|
|
||||||
};
|
|
||||||
|
|
||||||
|
|
||||||
in
|
in
|
||||||
|
|
||||||
{
|
{
|
||||||
require = {
|
|
||||||
system = {
|
###### interface
|
||||||
activationScripts = mkOption {
|
|
||||||
default = [];
|
options = {
|
||||||
example = {
|
|
||||||
stdio = {
|
system.activationScripts = mkOption {
|
||||||
text = "
|
default = {};
|
||||||
# Needed by some programs.
|
|
||||||
ln -sfn /proc/self/fd /dev/fd
|
example = {
|
||||||
ln -sfn /proc/self/fd/0 /dev/stdin
|
stdio = {
|
||||||
ln -sfn /proc/self/fd/1 /dev/stdout
|
text = ''
|
||||||
ln -sfn /proc/self/fd/2 /dev/stderr
|
# Needed by some programs.
|
||||||
";
|
ln -sfn /proc/self/fd /dev/fd
|
||||||
deps = [];
|
ln -sfn /proc/self/fd/0 /dev/stdin
|
||||||
};
|
ln -sfn /proc/self/fd/1 /dev/stdout
|
||||||
};
|
ln -sfn /proc/self/fd/2 /dev/stderr
|
||||||
description = ''
|
'';
|
||||||
Activate the new configuration (i.e., update /etc, make accounts,
|
deps = [];
|
||||||
and so on).
|
|
||||||
'';
|
|
||||||
merge = mergeTypedOption "script" builtins.isAttrs (fold mergeAttrs {});
|
|
||||||
apply = set:
|
|
||||||
let withHeadlines = addAttributeName set;
|
|
||||||
activateLib = removeAttrs withHeadlines ["activate"];
|
|
||||||
activateLibNames = attrNames activateLib;
|
|
||||||
in {
|
|
||||||
script = pkgs.writeScript "nixos-activation-script"
|
|
||||||
("#! ${pkgs.stdenv.shell}\n"
|
|
||||||
+ textClosureMap id activateLib activateLibNames + "\n"
|
|
||||||
# make sure that the activate snippet is added last.
|
|
||||||
+ withHeadlines.activate.text);
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
description = ''
|
||||||
|
Activate the new configuration (i.e., update /etc, make accounts,
|
||||||
|
and so on).
|
||||||
|
'';
|
||||||
|
|
||||||
|
merge = mergeTypedOption "script" builtins.isAttrs (fold mergeAttrs {});
|
||||||
|
|
||||||
|
apply = set: {
|
||||||
|
script = pkgs.writeScript "nixos-activation-script"
|
||||||
|
''
|
||||||
|
#! ${pkgs.stdenv.shell}
|
||||||
|
|
||||||
|
export PATH=/empty
|
||||||
|
for i in ${toString path}; do
|
||||||
|
PATH=$PATH:$i/bin:$i/sbin;
|
||||||
|
done
|
||||||
|
|
||||||
|
${
|
||||||
|
let
|
||||||
|
set' = mapAttrs (n: v: if builtins.isString v then noDepEntry v else v) set;
|
||||||
|
withHeadlines = addAttributeName set';
|
||||||
|
in textClosureMap id (withHeadlines) (attrNames withHeadlines)
|
||||||
|
}
|
||||||
|
|
||||||
|
# Make this configuration the current configuration.
|
||||||
|
# The readlink is there to ensure that when $systemConfig = /system
|
||||||
|
# (which is a symlink to the store), /var/run/current-system is still
|
||||||
|
# used as a garbage collection root.
|
||||||
|
ln -sfn "$(readlink -f "$systemConfig")" /var/run/current-system
|
||||||
|
|
||||||
|
# Prevent the current configuration from being garbage-collected.
|
||||||
|
ln -sfn /var/run/current-system /nix/var/nix/gcroots/current-system
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
|
###### implementation
|
||||||
|
|
||||||
|
config = {
|
||||||
|
|
||||||
|
system.activationScripts.systemConfig =
|
||||||
|
''
|
||||||
|
systemConfig="$1"
|
||||||
|
if test -z "$systemConfig"; then
|
||||||
|
systemConfig="/system" # for the installation CD
|
||||||
|
fi
|
||||||
|
'';
|
||||||
|
|
||||||
|
system.activationScripts.stdio =
|
||||||
|
''
|
||||||
|
# Needed by some programs.
|
||||||
|
ln -sfn /proc/self/fd /dev/fd
|
||||||
|
ln -sfn /proc/self/fd/0 /dev/stdin
|
||||||
|
ln -sfn /proc/self/fd/1 /dev/stdout
|
||||||
|
ln -sfn /proc/self/fd/2 /dev/stderr
|
||||||
|
'';
|
||||||
|
|
||||||
|
system.activationScripts.var =
|
||||||
|
''
|
||||||
|
# Various log/runtime directories.
|
||||||
|
|
||||||
|
touch /var/run/utmp # must exist
|
||||||
|
chgrp ${toString config.ids.gids.utmp} /var/run/utmp
|
||||||
|
chmod 664 /var/run/utmp
|
||||||
|
|
||||||
|
mkdir -m 0755 -p /var/run/nix/current-load # for distributed builds
|
||||||
|
mkdir -m 0700 -p /var/run/nix/remote-stores
|
||||||
|
|
||||||
|
mkdir -m 0755 -p /var/log
|
||||||
|
mkdir -m 0755 -p /var/log/upstart
|
||||||
|
|
||||||
|
touch /var/log/wtmp # must exist
|
||||||
|
chmod 644 /var/log/wtmp
|
||||||
|
|
||||||
|
touch /var/log/lastlog
|
||||||
|
chmod 644 /var/log/lastlog
|
||||||
|
|
||||||
|
mkdir -m 1777 -p /var/tmp
|
||||||
|
|
||||||
|
# Empty, read-only home directory of many system accounts.
|
||||||
|
mkdir -m 0555 -p /var/empty
|
||||||
|
'';
|
||||||
|
|
||||||
|
system.activationScripts.media =
|
||||||
|
''
|
||||||
|
mkdir -p /media
|
||||||
|
'';
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
system.activationScripts = defaultScripts;
|
|
||||||
}
|
}
|
||||||
|
@ -88,6 +88,15 @@ with pkgs.lib;
|
|||||||
# too?
|
# too?
|
||||||
];
|
];
|
||||||
|
|
||||||
|
system.activationScripts.modprobe =
|
||||||
|
''
|
||||||
|
# Allow the kernel to find our wrapped modprobe (which searches
|
||||||
|
# in the right location in the Nix store for kernel modules).
|
||||||
|
# We need this when the kernel (or some module) auto-loads a
|
||||||
|
# module.
|
||||||
|
echo ${config.system.sbin.modprobe}/sbin/modprobe > /proc/sys/kernel/modprobe
|
||||||
|
'';
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -1,9 +1,10 @@
|
|||||||
# produce a script to generate /etc
|
# Produce a script to generate /etc.
|
||||||
{config, pkgs, ...}:
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
|
with pkgs.lib;
|
||||||
|
|
||||||
###### interface
|
###### interface
|
||||||
let
|
let
|
||||||
inherit (pkgs.lib) mkOption;
|
|
||||||
|
|
||||||
option = {
|
option = {
|
||||||
environment.etc = mkOption {
|
environment.etc = mkOption {
|
||||||
@ -52,47 +53,39 @@ in
|
|||||||
{
|
{
|
||||||
require = [option];
|
require = [option];
|
||||||
|
|
||||||
system = {
|
system.build.etc = makeEtc;
|
||||||
build = {
|
|
||||||
etc = makeEtc;
|
|
||||||
};
|
|
||||||
|
|
||||||
activationScripts = {
|
system.activationScripts.etc = stringAfter [ "systemConfig" "stdio" ]
|
||||||
etc = pkgs.lib.fullDepEntry ''
|
''
|
||||||
# Set up the statically computed bits of /etc.
|
# Set up the statically computed bits of /etc.
|
||||||
echo "setting up /etc..."
|
echo "setting up /etc..."
|
||||||
staticEtc=/etc/static
|
staticEtc=/etc/static
|
||||||
rm -f $staticEtc
|
rm -f $staticEtc
|
||||||
ln -s ${makeEtc}/etc $staticEtc
|
ln -s ${makeEtc}/etc $staticEtc
|
||||||
for i in $(cd $staticEtc && find * -type l); do
|
for i in $(cd $staticEtc && find * -type l); do
|
||||||
mkdir -p /etc/$(dirname $i)
|
mkdir -p /etc/$(dirname $i)
|
||||||
rm -f /etc/$i
|
rm -f /etc/$i
|
||||||
if test -e "$staticEtc/$i.mode"; then
|
if test -e "$staticEtc/$i.mode"; then
|
||||||
# Create a regular file in /etc.
|
# Create a regular file in /etc.
|
||||||
cp $staticEtc/$i /etc/$i
|
cp $staticEtc/$i /etc/$i
|
||||||
chown 0.0 /etc/$i
|
chown 0.0 /etc/$i
|
||||||
chmod "$(cat "$staticEtc/$i.mode")" /etc/$i
|
chmod "$(cat "$staticEtc/$i.mode")" /etc/$i
|
||||||
else
|
else
|
||||||
# Create a symlink in /etc.
|
# Create a symlink in /etc.
|
||||||
ln -s $staticEtc/$i /etc/$i
|
ln -s $staticEtc/$i /etc/$i
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
|
|
||||||
|
# Remove dangling symlinks that point to /etc/static. These are
|
||||||
|
# configuration files that existed in a previous configuration but not
|
||||||
|
# in the current one. For efficiency, don't look under /etc/nixos
|
||||||
|
# (where all the NixOS sources live).
|
||||||
|
for i in $(find /etc/ \( -path /etc/nixos -prune \) -o -type l); do
|
||||||
|
target=$(readlink "$i")
|
||||||
|
if test "''${target:0:''${#staticEtc}}" = "$staticEtc" -a ! -e "$i"; then
|
||||||
|
rm -f "$i"
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
'';
|
||||||
|
|
||||||
# Remove dangling symlinks that point to /etc/static. These are
|
|
||||||
# configuration files that existed in a previous configuration but not
|
|
||||||
# in the current one. For efficiency, don't look under /etc/nixos
|
|
||||||
# (where all the NixOS sources live).
|
|
||||||
for i in $(find /etc/ \( -path /etc/nixos -prune \) -o -type l); do
|
|
||||||
target=$(readlink "$i")
|
|
||||||
if test "''${target:0:''${#staticEtc}}" = "$staticEtc" -a ! -e "$i"; then
|
|
||||||
rm -f "$i"
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
'' [
|
|
||||||
"systemConfig"
|
|
||||||
"defaultPath" # path to cp, chmod, chown
|
|
||||||
"stdio"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
}
|
||||||
|
@ -205,7 +205,20 @@ in
|
|||||||
# ${nettools}/sbin/ifconfig $i down || true
|
# ${nettools}/sbin/ifconfig $i down || true
|
||||||
#done
|
#done
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# Set the host name in the activation script. Don't clear it if
|
||||||
|
# it's not configured in the NixOS configuration, since it may
|
||||||
|
# have been set by dhclient in the meantime.
|
||||||
|
system.activationScripts.hostname =
|
||||||
|
(if config.networking.hostName != "" then ''
|
||||||
|
hostname "${config.networking.hostName}"
|
||||||
|
'' else ''
|
||||||
|
# dhclient won't do anything if the hostname isn't empty.
|
||||||
|
if test "$(hostname)" = "(none)"; then
|
||||||
|
hostname ""
|
||||||
|
fi
|
||||||
|
'');
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -72,7 +72,7 @@ let cfg = config.virtualisation.xen; in
|
|||||||
'';
|
'';
|
||||||
|
|
||||||
# Mount the /proc/xen pseudo-filesystem.
|
# Mount the /proc/xen pseudo-filesystem.
|
||||||
system.activationScripts.xen = noDepEntry
|
system.activationScripts.xen =
|
||||||
''
|
''
|
||||||
if [ -d /proc/xen ]; then
|
if [ -d /proc/xen ]; then
|
||||||
${pkgs.sysvtools}/bin/mountpoint -q /proc/xen || \
|
${pkgs.sysvtools}/bin/mountpoint -q /proc/xen || \
|
||||||
|
Loading…
Reference in New Issue
Block a user