When installing a fresh NixOS system it occasionally happens that you
encounter issues that are rather hard to track down since
`nixos-install(8)` doesn't provide any debugging flags.
This patch adds `-L` to force `nix build` to display the build-log on
stderr and `-v` to increase the log-level of Nix.
1. This makes aggregates of submodules (including the very important
"nixos-option users.users.<username>" case) behave the same way as any
other you-need-to-keep-typing-to-get-to-an-option-leaf (eg:
"nixos-option environment").
Before e0780c5:
$ nixos-option users.users.root
error: At 'root' in path 'users.users.root': Attribute not found
An error occurred while looking for attribute names. Are you sure that 'users.users.root' exists?
After e0780c5 but before this change, this query just printed out a raw
thing, which is behavior that belongs in "nix eval", "nix-instantiate
--eval", or "nix repl <<<":
$ nixos-option users.users.root
{
_module = {
args = { name = "root"; };
check = true;
};
createHome = false;
cryptHomeLuks = null;
description = "System administrator";
...
After this change:
$ nixos-option users.users.root
This attribute set contains:
createHome
cryptHomeLuks
description
extraGroups
group
hashedPassword
...
2. For aggregates of other types (not submodules), print out the option
that contains them rather than printing an error message.
Before:
$ nixos-option environment.shellAliases.l
error: At 'l' in path 'environment.shellAliases.l': Attribute not found
An error occurred while looking for attribute names. Are you sure that 'environment.shellAliases.l' exists?
After:
$ nixos-option environment.shellAliases.l
Note: showing environment.shellAliases instead of environment.shellAliases.l
Value:
{
l = "ls -alh";
ll = "ls -l";
ls = "ls --color=tty";
}
...
When running e.g. `nixos-option users.users.ma27`, the evaluation breaks
since `ma27` is the attribute name in `attrsOf (submodule {})`, but not
a part of the option tree and therefore breaks with the following
errors:
```
error: At 'ma27' in path 'users.users.ma27': Attribute not found
An error occurred while looking for attribute names. Are you sure that 'users.users.ma27' exists?
```
This happens since the option evaluator expects that either the option
exists or the option is a submodule and the "next" token in the
attribute path points to an option (e.g. `users.users.ma27.createHome`).
This patch checks in the `Attribute not found` condition if the attribute-path
actually exists in the config tree. If that's true, a dummy-attrset is created
which contains `{_type = "__nixos-option-submodule-attr";}`, in that case, the
entire entry of the submodule will be displayed.
When 'grafting' '/nix/store/<hash>-loopback.cfg' from disk onto
'/boot/grub/loopback.cfg' on the iso, the parent 'grub' directory does not
exist yet. In this case it is automatically created and inherits its
attributes, including timestamp, from /nix/store.
This is correct/expected/intentional behavior of xorriso, but has the
undesired result of leaking the timestamps of /nix/store into the iso. For
this reason we put the loopback.cfg in a
'/nix/store/<hash>-loopback.cfg/grub/loopback.cfg' instead, so it will inherit
the attributes from the correctly-timestamped
'/nix/store/<hash>-loopback.cfg/grub' directory.
For the same reason we move '/EFI/boot/efi-background.png' down in the list
so it is grafted after its parent '/EFI/boot' directory is created with
the correct timestamp.
fixes#74944
Add --use-remote-sudo option. When set, remote commands will be prefixed
with 'sudo'. This allows using sudo remotely _without_ having to use
sudo locally (when using --build-host/--taget-host).
Automated consumers can use 'sed 1d' or similar to remove this header.
This probably makes this output *easier* to consume correctly. Having
this header show up in consumers' terminal or log output is probably not
useful, but hiding it without hiding all error messages would have been
more troublesome that just stripping it from stdout.
I.e., previously, unsophisticated use would show undesired output:
$ some-other-tool
This attribute set contains:
This attribute set contains:
This attribute set contains:
This attribute set contains:
<Actual some-other-tool output>
The simplest way to hide this undesired output would have been
nixos-option ... 2>/dev/null, which would hide all error messages.
We do not wish to encourage that.
Correct use would have been something like:
nixos-option ... 2> >( grep --line-buffered -v 'This attribute set contains:')
After this change, correct use is simpler:
nixos-option ... | sed 1d
or
nixos-option ... | sed '1/This attribute set contains:/d'
if the caller don't know if this invocation of nixos-option will yield
an attribute listing or an option description.
Switch from convention "appease clang-tidy --checks='*'" to
"References are like non-nullptr pointers". The clang-tidy check
"google-runtime-references" complains about non-const reference
arguments, but this is not a convention used in Nix.
Switch from convention "appease clang-tidy --checks='*'" to
"References are like non-nullptr pointers". The clang-tidy check
"google-runtime-references" complains about non-const reference
arguments, but this is not a convention used in Nix.
Switch from convention "appease clang-tidy --checks='*'" to
"References are like non-nullptr pointers". The clang-tidy check
"google-runtime-references" complains about non-const reference
arguments, but this is not a convention used in Nix.
I don't think this matters. As long as one or the other of these is
a std::string, I get an operator== that looks at content rather than
pointer equality. I picked casting the constant over casting the dynamic
thing in hopes that the compiler would have a better chance at optimizing
away any runtime cost.
Deferring to reviewer.
This is important because this contains some code copied from nix (as an
interim expediency until that functionality can be exported via nix's
API). The license specified here must be compatible with this borrowing.
Select the same license that nix is released under: lgpl2Plus.
Specifically, with
clang-format --style='{ IndentWidth: 4, BreakBeforeBraces: Mozilla, ColumnLimit: 120, PointerAlignment: Middle }'
which was the clang-format invocation that produced the fewest diffs on
the nix source out of ~20 that I tried.
Also add --all, which shows the value of all options. Diffing the --all
output on either side of contemplated changes is a lovely way to better
understand what's going on inside nixos.
This adds support for deploying to remote hosts without being root:
sudo nixos-rebuild --target-host non-root@host
Without this change, only root@host is able to deploy.
The idea is that if the local command is run with sudo, so should the
remote one, thus there is no need for adding any CLI options.
Slim is abandoned and won't work with wayland.
It's in our best interest to use the display-manager
that makes most sense for Plasma5, sddm.
We've already moved on from it being default in #30890
and the graphical.nix profile, which the virtualbox profile uses,
has sddm anyway.
I have `users.defaultUserShell = pkgs.fish;` set on my server and when I ran `nixos-rebuild switch --target-host …`, the command failed with the following error:
fish: Unsupported use of '='. To run 'nix-store' with a modified environment, please use 'env PATH=… nix-store…'
That is because fish requires env to set environment variables for a program. It should also work on other shells.
This sets networking.useDHCP to false and for all interfaces found the
per-interface useDHCP to true. This replicates the current default
behaviour and prepares for the switch to networkd.
There's many reason why it is and is going to
continue to be difficult to do this:
1. All display-managers (excluding slim) default PAM rules
disallow root auto login.
2. We can't use wayland
3. We have to use system-wide pulseaudio
4. It could break applications in the session.
This happened to dolphin in plasma5
in the past.
This is a growing technical debt, let's just use
passwordless sudo.
This will keep configuration configuring the size of the /boot partition
still build, while showing the deprecation warning.
In 99.9% of cases I assume ignoring the configuration is better, as the
sd-image builder already is pretty opinionated in that matter.
The slack, seemingly, accounted for more than the minimum required for
slack plus the two partitions.
This change makes the gap a somewhat abstracted amount, but is not
configurable within the derivation.
The current FAT32 partition is kept as it is required for the Raspberry
Pi family of hardware. It is where the firmware is kept.
The partition is kept bootable, and the boot files kept in there until
the following commits, to keep all commits of this series individually
bootable.