Boot fails when a keyfile is configured for all encrypted filesystems
and no other luks devices are configured. This is because luks support is only
enabled in the initrd, when boot.initrd.luks.devices has entries. When a
fileystem has a keyfile configured though, it is setup by a custom
command, not by boot.initrd.luks.
This commit adds an internal config flag to enable luks support in the
initrd file, even if there are no luks devices configured.
Adds /dev/disk/by-{id,label}/* symlinks for bcache device nodes, in the
final rootfs.
Symlinks will only be created for bcache devices that contain
filesystems. So if you have a blank bcache device or run LVM on top of
bcache you will not get this kind of symlink.
This reduces the time window during which IP addresses are gone during
switch-to-configuration. A complication is that with stopIfChanged =
true, preStop would try to delete the *new* IP addresses rather than
the old one (since the preStop script now runs after the switch to the
new configuration). So we now record the actually configured addresses
in /run/nixos/network/addresses/<interface>. This is more robust in
any case.
Issue https://github.com/NixOS/nixops/issues/640.
And adopt the tests to add an interface and remove it again.
It should work when deactivating rstp, it will not work when activating
rstp for the first bridge as then the userspace daemon is not yet
available. But once one bridge is active with stp, it should work with
the reload for any further bridge.
Fixes#21745. Also see #22547.
After the change of the bonding options, the examples were not quite correct.
The diff is over-the top because the new `let` needs everything indented.
Also add a small docstring to the `networkd` attr in the networking test.
reason: after the upgrade of iputils from 20151218 to 20161105
functionality of ping6 and tracepath6 was merged into ping and tracepath.
Ping is now mostly a drop-in replacment for ping6, except that selecting a
specific interface is done by encoding it into the address (ex.: fe80::1%eth0)
rather then specifing it with the `-I` flag.
Since the bonds interface changed to a lot more possible values we create a
mapping of kernel bond attribute names and values to networkd attributes.
Those match for the most part, but have to transformed slightly.
There is also an assert that unknown options won’t slip through silently.
Until now the four attributes available very selectively provided a small
subset, while copying upstream documentation.
We make driver options an arbitrary key-value set and point to kernel
documentation, which is always up-to-date. This way every option can be set.
The four already existing options are deprecated with a warning.
Previously, netdev units for network interfaces defined in the nixos
configurations would bindTo the systemd device unit of the interface if
not in a container.
In situations where you switch to a new nixos configration with changes
to network-setup.service (like nameservers) and have stacked interfaces
like vlans on a bond, it would fail to propagate restarts to the netdevs
correctly resulting with broken networking. The bond would be present
but no vlan interfaces rendering the machine unreachable.
My fear is that the udev events fail to propagate correctly while a systemd
transaction that is also restarting the triggered netdev service is running.
This commit changes this behaviour so netdev services bindTo other netdev
services if present and otherwise fall back to the previous behaviour.
We also noticed that stacked interfaces would sometimes seemingly be stopped
in the wrong order. For instance in the above example, the bond interface
would be deleted before the vlan interfaces resulting in the vlan interfaces
not being present when their service is being stopped. This would cause the
systemd transaction to fail and thus break networking. Their postStop hooks
are now allowed to fail as we have reached the desired state.
Regression introduced by 0cb487ee04.
This changed the result for defaultGateway to be a submodule instead of
just a plain string, so instead of using just cfg.defaultGateway we need
to pass cfg.defaultGateway.address now.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @abbradar
Until now nixos only delivered the latest zfs release. This release is often not
compatible with the latest mainline kernel. Therefor an unstable variant is
added, which might be based on testing releases or git revisions.
fixes#21359
/etc/hostname is the file used by hostnamectl(1) and the
org.freedesktop.hostname1 dbus service (both provided by systemd) to get
the "static hostname". Better provide it so that users of those
tools/services get a proper hostname.
An example of an issue created by the lack of /etc/hostname is that the
bluetooth stack on NixOS identifies itself to peers as "BlueZ $VERSION"
instead of the hostname.
References:
https://www.freedesktop.org/software/systemd/man/hostname.html
Changes v1 -> v2:
* ensure /etc/hostname ends with a newline
Now the tracking works with aggregated devices on aggregated devices.
So container with physical device where the device is put in a bond
which is the basis for a bridge is now handled correctly.
Test that adding physical devices to containers works, find that network setup
then doesn't work because there is no udev in the container to tell systemd
that the device is present.
Fixed by not depending on the device in the container.
Activate the new container test for release
Bonds, bridges and other network devices need the underlying not as
dependency when used inside the container. Because the device is already
there.
But the address configuration needs the aggregated device itself.
Using types.str doesn't work if you want to mkBefore/mkAfter across
different module definitions, because it only allows for one definition
for the same priority.
This is especially useful if you deploy Hetzner machines via NixOps,
because the physical specification already defines localCommands.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
See #18319 for details. Starting network-online.target manually does not
work as it hangs indefinitely.
Additionally, don't treat avahi and dhcpcd special and sync their systemd units
with the respective upstream suggestion.
Systemd upstream provides targets for networking. This also includes a target network-online.target.
In this PR I remove / replace most occurrences since some of them were even wrong and could delay startup.
A new internal config option `fileSystems.<name>.early` is added to indicate
that the filesystem needs to be loaded very early (i.e. in initrd). They are
transformed to a shell script in `system.build.earlyMountScript` with calls to
an undefined `specialMount` function, which is expected to be caller-specific.
This option is used by stage-1, stage-2 and activation script to set up and
remount those filesystems. Options for them are updated according to systemd
defaults.
Also add required systemd services for starting/stopping mdmon.
Closes#13447.
abbradar: fixed `mdadmShutdown` service name according to de facto conventions.
Allow usage of list of strings instead of a comma-separated string
for filesystem options. Deprecate the comma-separated string style
with a warning message; convert this to a hard error after 16.09.
15.09 was just released, so this provides a deprecation period during
the 16.03 release.
closes#10518
Signed-off-by: Robin Gloster <mail@glob.in>
- add missing types in module definitions
- add missing 'defaultText' in module definitions
- wrap example with 'literalExample' where necessary in module definitions
The most complex problems were from dealing with switches reverted in
the meantime (gcc5, gmp6, ncurses6).
It's likely that darwin is (still) broken nontrivially.
Configuration option for setting up virtual WLAN interfaces.
If the hardware NIC supports it, then multiple virtual WLAN interfaces can be
configured through the options of the new 'networking.wlanInterfaces' module.
For example, the following configuration transforms the device with the persistent
udev name 'wlp6s0' into a managed and a ad hoc device with the device names
'wlan-managed0' and 'wlan-adhoc0', respectively:
networking.wlanInterfaces = {
"wlan-managed0" = {
type = "managed";
device = "wlp6s0";
};
"wlan-adhoc0" = {
type = "ibss";
device = "wlp6s0";
};
};
Internally, a udev rule is created that matches wlp6s0 and runs a script which adds
the missing virtual interfaces and re-configures the wlp6s0 interface accordingly.
Once the new interfaces are created by the Linux kernel, the configuration of the
interfaces is managed by udev and systemd in the usual way.
The default options for all file systems currently are
"defaults.relatime", which works well on file systems which support the
relatime option.
Unfortunately, this is not the case for the VirtualBox shared folder
filesystem, so until now, you need to set something like:
fileSystems."/foo" = {
device = "foo";
fsType = "vboxsf";
options = "defaults";
};
Otherwise mounting the file system would fail.
Now, we provide only the "defaults" option to the "vboxsf" file system,
so something like this is enough:
fileSystems."/foo" = {
device = "foo";
fsType = "vboxsf";
};
An alternative to that could be to document that you need to set default
options, but we really should do what users expect instead of forcing
them to look up the documentation as to why this has failed.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
If you power off your machine frequently, you could miss the execution
of some snapshots.
This is more troublesome the more infrequently the snapshots are
triggered. For example, monthly snapshots only execute at exactly
midnight on the first day of the month. If you only have your
machine powered on at that time with probability 50%, then half the
snapshots won't be triggered.
This means that if you wanted to keep 3 monthly snapshots, then instead
of keeping 3 months' worth of snapshotted data as you expected, you would
end up with snapshots spanning back 6 months.
Adding the "Persistent = yes" option to auto-snapshot timer units makes
a missed snapshot execute when booting up the machine.
Otherwise, in certain cases, snapshots of infrequently-modified
filesystems can be kept for a much longer time than the user would
normally expect, and cause a large amount of extra disk space to be
consumed.
Also added flag to snapshot filesystems in parallel by default.
I've also added a configuration option for zfs-auto-snapshot flags, so
that the user can override them.
For example, the user may want to append --utc to the list of default
options, so that the snapshot names don't cause name conflicts or
apparent time reversals due to daylight savings or timezone changes.
The old boot.spl.hostid option was not working correctly due to an
upstream bug.
Instead, now we will create the /etc/hostid file so that all applications
(including the ZFS kernel modules, ZFS user-space applications and other
unrelated programs) pick-up the same system-wide host id. Note that glibc
(and by extension, the `hostid` program) also respect the host id configured in
/etc/hostid, if it exists.
The hostid option is now mandatory when using ZFS because otherwise, ZFS will
require you to force-import your ZFS pools if you want to use them, which is
undesirable because it disables some of the checks that ZFS does to make sure it
is safe to import a ZFS pool.
The /etc/hostid file must also exist when booting the initrd, before the SPL
kernel module is loaded, so that ZFS picks up the hostid correctly.
The complexity in creating the /etc/hostid file is due to having to
write the host ID as a 32-bit binary value, taking into account the
endianness of the machine, while using only shell commands and/or simple
utilities (to avoid exploding the size of the initrd).
It turns out that the upstream systemd services that import ZFS pools contain
serious bugs. The first major problem is that importing pools fails if there
are no pools to import. The second major problem is that if a pool ends up in
/etc/zfs/zpool.cache but it disappears from the system (e.g. if you
reboot but during the reboot you unplug your ZFS-formatted USB pen drive),
then the import service will always fail and it will be impossible to get rid
of the pool from the cache (unless you manually delete the cache).
Also, the upstream service would always import all available ZFS pools every
boot, which may not be what is desired in some cases.
This commit will solve these problems in the following ways:
1. Ignore /etc/zfs/zpool.cache. This seems to be a major source of
issues, and also does not play well with NixOS's philosophy of
reproducible configurations. Instead, on every boot NixOS will try to import
the set of pools that are specified in its configuration. This is also the
direction that upstream is moving towards.
2. Instead of trying to import all ZFS pools, only import those that are
actually necessary. NixOS will automatically determine these from the
config.fileSystems.* option. Also, the user can import any additional
pools every boot by adding them to the config.boot.zfs.extraPools
option, but this is only necessary if their filesystems are not
specified in config.fileSystems.*.
3. Added options to configure if ZFS should force-import ZFS pools. This may
currently be necessary, especially if your pools have not been correctly
imported with a proper host id configuration (which is probably true for 99% of
current NixOS ZFS users). Once host id configuration becomes mandatory when
using ZFS in NixOS and we are sure that most users have updated their
configurations and rebooted at least once, we should disable force-import by
default. Probably, this shouldn't be done before the next stable release.
WARNING: This commit may change the order in which your non-ZFS vs ZFS
filesystems are mounted. To avoid this problem (now or in the future)
it is recommended that you set the 'mountpoint' property of your ZFS
filesystems to 'legacy', and that you manage them using
config.fileSystems, just like any other non-ZFS filesystem is usually
managed in NixOS.
Also remove custom zfs services from NixOS. This makes NixOS more aligned with
upstream.
More importantly, it prepares the way for NixOS to use ZED (the ZFS event
daemon). This service will automatically be enabled but it is not possible to
configure it via configuration.nix yet.
I'm not using JFS, but this is to mainly make jfsutils available if you
have defined a JFS filesystem in your configuration.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
3.16.0 introduced a regression where vlan and veth devices could not be
created due to a check in the code for existing devices. This applies
the upstream patch which fixes the issue.
Additionally, this corrects the nixos network-interfaces task which now
needs to specify the name parameter when adding links.
Within the module it's referenced with an uppercase "P" and ipv6Address
also begins with an uppercase "A" after the "6", so let's make it
consistent.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Currently, nixos will allow for interface names with special characters
such as the hyphen to be used. This presents a problem when using
systemd device names as the namespace paths are separated using hyphens.
Within systemd, if a device name has a hyphen it should be replaced with
the escape sequence \x2d.
This patch sanitizes all interface names before they are used in a
systemd device string.
This reverts commit 469f22d717, reversing
changes made to 0078bc5d8f.
Conflicts:
nixos/modules/installer/tools/nixos-generate-config.pl
nixos/modules/system/boot/loader/grub/install-grub.pl
nixos/release.nix
nixos/tests/installer.nix
I tried to keep apparently-safe code in conflicts.
Currently, device units are named directly after the name the user
specifies for the device. A bridge device named lan will be defined
within lan.service. This becomes a problem if you want your interface
named nginx but also want to run the nginx service.
This patch fixes the issue by appending netdev to all virtually created
network device units. Therefore, the lan bridge -> lan-netdev.service.
This naming convention is used for all types of network devices in order
to ensure that all network devices are unique.
Previously, we had no method for creating 6-to-4 tunneled interfaces.
This patch adds the option networking.sits, which allows the user to
create named 6-to-4 sit devices.
Upstream has not been tagging new versions for a long time, but we need
compatibility with newer kernels. The 0.6.2 versions already have a bunch of
backported compatibility patches, but 3.14 kernels need even more.
Also, the git versions have fixed a bunch of crashes and other bugs, so perhaps
we should just bite the bullet and just use recent git versions (as sometimes
upstream recommends, when people run into bugs).
This adds a new "boot.zfs.useGit" boolean option, so that a user can
easily opt into using the git versions.
This used to work with systemd-nspawn 203, because it bind-mounted
/etc/resolv.conf (so openresolv couldn't overwrite it). Now it's just
copied, so we need some special handling.
If you define a unit, and either systemd or a package in
systemd.packages already provides that unit, then we now generate a
file /etc/systemd/system/<unit>.d/overrides.conf. This makes it
possible to use upstream units, while allowing them to be customised
from the NixOS configuration. For instance, the module nix-daemon.nix
now uses the units provided by the Nix package. And all unit
definitions that duplicated upstream systemd units are finally gone.
This makes the baseUnit option unnecessary, so I've removed it.
Using pkgs.lib on the spine of module evaluation is problematic
because the pkgs argument depends on the result of module
evaluation. To prevent an infinite recursion, pkgs and some of the
modules are evaluated twice, which is inefficient. Using ‘with lib’
prevents this problem.