Commit Graph

234 Commits

Author SHA1 Message Date
Jan Malakhovski
e1782e342f nixos: add system.boot.loader.initrdFile option and use it where appropriate 2018-02-18 12:56:29 +00:00
Eelco Dolstra
16bdaf3d03
Remove creation of /dev/{fd,stdin,stdout,stderr}
This is already provided by devtmpfs.
2018-02-07 17:58:21 +01:00
Gleb Peregud
2f6148c743 nixos/system: make switch-to-configuration script pure.
Fixes #28443

Fixed few invocations to `systemctl` to have an absolute path. Additionally add
LOCALE_ARCHIVE so that perl stops spewing warning messages.
2017-11-19 19:42:54 +01:00
danbst
65ff0d5f9d switch-to-configuration: fix detection of changes between rebuilds for template instances
This makes declarative containers truly reloadable. Current code already declares it:

56904d7c42/nixos/modules/virtualisation/containers.nix (L488)

```
  restartIfChanged = false;
```

56904d7c42/nixos/modules/virtualisation/containers.nix (L540)

```
  reloadIfChanged = true;
```

Original author: @chrisfarms in 6e36619b27
Most of stuff from that commit has already been ported.
2017-08-22 15:04:18 +03:00
Robin Gloster
485a8fef73
modules: specify some types 2017-08-04 02:20:31 +02:00
Shea Levy
59c0977300 Add facility to append secrets to the initrd 2017-04-02 16:33:37 -04:00
Eelco Dolstra
136f77b7b9
nixos-rebuild: Sync /nix/store only
We only care about /nix/store because its contents might be out of
sync with /nix/var/nix/db. Syncing other filesystems might cause
unnecessary delays or hangs (e.g. I encountered a case where an NFS
mount was taking a very long time to sync).
2017-03-03 16:50:25 +01:00
Robin Gloster
4e4161c212
systemd: setup tmpfiles on switching configuration
This fixes systemd.tmpfiles.rules on switching configuration so that
does not only get applied on a fresh boot. This e.g. fixes kubernetes.
2017-02-18 15:04:52 +01:00
Nikolay Amiantov
213356c927 activation-script service: add utillinux to path 2017-02-17 21:54:58 +03:00
Tuomas Tynkkynen
9e04b57dde nixos top-level: Add 'dtbs' symlink when kernel uses device trees
Currently e.g. extlinux-conf-builder.sh uses
`readlink -m "$toplevel/kernel/../dtbs"` to figure out the directory.
That is obscenely ugly.
2017-02-12 15:47:49 +02:00
Nathan Bijnens
4ed85933db Fix #19382 set ownership of /var/empty to root:root 2016-10-09 12:01:47 +02:00
Tuomas Tynkkynen
19225bf5cc Merge remote-tracking branch 'upstream/master' into staging 2016-10-02 10:36:47 +03:00
Nikolay Amiantov
d37458ad06 switch-to-configuration: fix restart of socket activated services
This fixes two bugs:

* When socket activation is detected, the service itself is added to stop-start list instead of its sockets.
* When service is marked to restart instead of stop (`StopIfChanged = no`) we don't need to restart sockets.
2016-09-30 17:49:31 +03:00
Eelco Dolstra
0cb16a6955 Add stdenvNoCC
This is a standard environment that doesn't contain a C/C++
compiler. This is mostly to prevent trivial builders like runCommand
and substituteAll from pulling in gcc for simple configuration changes
on NixOS.
2016-09-29 13:06:41 +02:00
aszlig
cb2f84e4d7
nixos/activation: Rename "tmpfs" to "specialfs"
Using "tmpfs" as a script part for system.activationScripts is a bit
misleading since 6efcfe03ae.

We no longer solely mount tmpfs within this script, so using "specialfs"
fits more nicely in terms of naming.

Tested against the "simple" NixOS installer test.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-09-26 02:04:54 +02:00
aszlig
f94ea04805
nixos/activation: Avoid remounting non-existing FS
Regression introduced by 79d4636d50.

The mentioned commit moves /run/keys from stage 2 to
boot.specialFileSystems, the latter being remounted during system
activation.

Unfortunately, the specialMount function in the activation script does
this unconditionally and thus will fail if it can't be remounted because
the mount point simply doesn't exist.

We now check the mount point for existance and only remount if it exists
but mkdir + mount it if it doesn't.

Tested against the "simple" NixOS installer test.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-09-26 02:04:54 +02:00
Domen Kožar
80437576f9 /var/empty: silently ignore errors (if on tmpfs) #18781 2016-09-21 10:29:14 +02:00
Domen Kožar
8f95e6f6aa hardcode e2fsprogs, idempotent chmod, remove care condition 2016-09-07 10:49:27 +02:00
Domen Kožar
3877ec5b2f Make /var/empty immutable
Fixes #14910 and #18358

Deployed to an existing server, restarted sshd and polkit to verify
they don't fail.
2016-09-06 20:13:33 +02:00
Nikolay Amiantov
6efcfe03ae nixos filesystems: unify early filesystems handling
A new internal config option `fileSystems.<name>.early` is added to indicate
that the filesystem needs to be loaded very early (i.e. in initrd). They are
transformed to a shell script in `system.build.earlyMountScript` with calls to
an undefined `specialMount` function, which is expected to be caller-specific.
This option is used by stage-1, stage-2 and activation script to set up and
remount those filesystems.  Options for them are updated according to systemd
defaults.
2016-08-27 13:38:20 +03:00
Bjørn Forsman
9050077cff switch-to-configuration: use absolute path to systemd-escape
Fixes issue when upgrading from very old NixOS systems that don't have
systemd-escape in $PATH:

  $ sudo nixos-rebuild switch
  ...
  building the system configuration...
  updating GRUB 2 menu...
  Can't exec "systemd-escape": No such file or directory at /nix/var/nix/profiles/system/bin/switch-to-configuration line 264.
  Unable to escape /!
2016-07-01 08:35:38 +02:00
Nikolay Amiantov
5ff40ddedf add get* helper functions and mass-replace manual outputs search with them 2016-04-25 13:24:39 +03:00
Vladimír Čunát
09af15654f Merge master into closure-size
The kde-5 stuff still didn't merge well.
I hand-fixed what I saw, but there may be more problems.
2016-03-08 09:58:19 +01:00
Vladimír Čunát
f8516a0717 nixos copySystemConfiguration: fix when chrooted
Fixes #7974. Also makes the description more informative.
2016-02-28 10:08:42 +01:00
Leroy Hopson
392ca77d4c nixos/activation-script: fix formatting of example 2016-02-27 22:25:40 +13:00
zimbatm
b73c5ae291 Merge pull request #10546 from aszlig/nixops-issue-350
Fixes for NixOps issue #350
2016-02-26 00:33:49 +00:00
Vladimír Čunát
d039c87984 Merge branch 'master' into closure-size 2016-02-14 08:33:51 +01:00
Vladimír Čunát
ae74c356d9 Merge recent 'staging' into closure-size
Let's get rid of those merge conflicts.
2016-02-03 16:57:19 +01:00
Eelco Dolstra
42709fb4e9 switch-to-configuration: Handle failure to read /proc/1/exe
It's not entirely clear why this happens, but sometimes /proc/1/exe
returns a bogus value, like
/ar3a3j6b9livhy5fcfv69izslhgk4gcz-systemd-217/lib/systemd/systemd. In
any case, we can just conservatively assume that we need to restart
systemd when this happens.

Fixes #10261.
2016-02-03 15:01:18 +01:00
Nathan Zadoks
df82096af0 activation-script module: add environment.usrbinenv option 2016-01-19 23:29:48 +01:00
Vladimír Čunát
716aac2519 Merge branch 'staging' into closure-size 2016-01-19 09:55:31 +01:00
Thomas Strobel
a04a7272aa Add missing 'type', 'defaultText' and 'literalExample' in module definitions
- add missing types in module definitions
- add missing 'defaultText' in module definitions
- wrap example with 'literalExample' where necessary in module definitions
2016-01-17 19:41:23 +01:00
Jan Malakhovski
119c8f91e7 nixos: introduce system.nixosLabel option and use it where appropriate
Setting nixosVersion to something custom is useful for meaningful GRUB
menus and /nix/store paths, but actuallly changing it rebulids the
whole system path (because of `nixos-version` script and manual
pages). Also, changing it is not a particularly good idea because you
can then be differentitated from other NixOS users by a lot of
programs that read /etc/os-release.

This patch introduces an alternative option that does all you want
from nixosVersion, but rebuilds only the very top system level and
/etc while using your label in the names of system /nix/store paths,
GRUB and other boot loaders' menus, getty greetings and so on.
2016-01-08 22:26:15 +00:00
aszlig
26963cfc2d
switch-to-configuration: Fix unit name quoting.
Clearly it would be the best if we'd directly generate mount units
instead of converting /etc/fstab. But in order to do that we need to
test it throughly so this approach is for the next stable release.

This fix however is intended for inclusion into release-14.12 and
release-15.09.

Using a simple regular expression unfortunately isn't sufficient for
proper mount unit name quoting/escaping and there is a utility in
systemd called systemd-escape which does nothing less than that.

Of course, using an external program to escape the unit name is way more
expensive and causes us to fork for each mount point.

But given that we already do quite a lot of forks just for unit starting
and stopping, I think it doesn't matter that much. Well, except if you
have a whole bunch of mount points.

However, if the latter is the case and you have thousands of mount
points, you probably have stumbled over this already if your mount point
contains a dash.

As for my motivation to fix this: I've stumbled on this while trying to
fix the "none" backend test for NixOps (see NixOS/nixops#350), where the
target machines use /nix/.ro-store and /nix/.rw-store as mount points.

The implementation we had so far did improperly escape it so those mount
points got the following unit files:

 * nix-.ro-store.mount
 * nix-.rw-store.mount

The correct names for these units are however:

 * nix-.ro\x2dstore.mount
 * nix-.rw\x2dstore.mount

So using systemd-escape now properly generates these names.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2015-10-22 19:40:00 +02:00
Vladimír Čunát
5227fb1dd5 Merge commit staging+systemd into closure-size
Many non-conflict problems weren't (fully) resolved in this commit yet.
2015-10-03 13:33:37 +02:00
Jan Malakhovski
a153de28bb nixos: rename some outputs for better discoverability in /nix/store 2015-09-18 19:00:20 +00:00
Eelco Dolstra
9c61317002 Put all firmware in $out/lib/firmware
This way, hardware.firmware can be a list of packages.
2015-08-25 00:40:34 +02:00
Eelco Dolstra
80d9b42663 Allow units to specify that they shouldn't be stopped when removed 2015-08-07 05:37:23 +02:00
Tuomas Tynkkynen
5d02c02a9b systemd: Use upstream tmpfiles.d rules
This fixes a failing assert in systemd-timesyncd (issue #5913) as it
expects the directory /run/systemd/netif/links/ to exist, and nothing in
NixOS currently creates it.

Also we get a net reduction in our code as rules for /run/utmp and
/var/log/journal are also provided by the same upstream file.

(cherry picked from commit a278a9224a)
2015-07-22 12:27:05 +02:00
Eelco Dolstra
dc62669335 Set ‘allowSubstitutes = false’ on various derivations
This reduces the number of binary cache requests. See
b64988bb35.
2015-07-09 15:10:37 +02:00
Eelco Dolstra
7318ff0e38 Add option ‘system.extraDependencies’ for including stuff in the system closure
Mostly useful for installer tests that don't have network access. This
generalizes virtualisation.pathsInNixDB and isoImage.storeContents.
2015-06-04 11:06:44 +02:00
Vladimír Čunát
d449020d87 nixos: try to fix, choosing correct binary outputs 2015-05-05 11:56:31 +02:00
Eelco Dolstra
4466707ddf switch-to-configuration: Better error checking 2015-04-13 12:28:12 +02:00
Eelco Dolstra
1c39a47ac8 Reload, don't restart, dbus.service
Many bus clients get hopelessly confused when dbus-daemon is
restarted. So let's not do that.

Of course, this is not ideal either, because we end up stuck with a
possibly outdated dbus-daemon. But that issue will become irrelevant
in the glorious kdbus-based future.

Hopefully this also gets rid of systemd getting stuck after
dbus-daemon is restarted:

Apr 01 15:37:50 mandark systemd[1]: Failed to register match for Disconnected message: Connection timed out
Apr 01 15:37:50 mandark systemd[1]: Looping too fast. Throttling execution a little.
Apr 01 15:37:51 mandark systemd[1]: Looping too fast. Throttling execution a little.
...
2015-04-01 16:57:16 +02:00
Eelco Dolstra
475df1a350 switch-to-configuration: Don't print already active target units
Since we restart all active target units (of which there are many),
it's hard to see the units that actually matter. So don't print that
we're starting target units that are already active.
2015-03-09 16:51:06 +01:00
Eelco Dolstra
a574065a81 nixos-rebuild: Add ‘dry-activate’ command
‘nixos-rebuild dry-activate’ builds the new configuration and then
prints what systemd services would be stopped, restarted etc. if the
configuration were actually activated. This could be extended later to
show other activation actions (like uids being deleted).

To prevent confusion, ‘nixos-rebuild dry-run’ has been renamed to
‘nixos-rebuild dry-build’.
2015-03-09 16:50:59 +01:00
Luca Bruno
2beb43174f nixos-rebuild: use reload-or-restart for dbus. Closes #5767
Now that dbus reload has been moved before restarting units,
the reload may fail if dbus has been stopped before.
The reload-or-restart will reload dbus if it's active,
otherwise start it.
2015-01-14 16:08:47 +01:00
Eelco Dolstra
c812e45292 switch-to-configuration: Ignore slice units 2014-12-18 01:47:36 +01:00
Eelco Dolstra
88412c865d Fix ANSI escape in warning messages
Seems to have been broken by accident in 7d1ddae58e.
2014-12-15 16:19:35 +01:00
Rene Donner
8bd2f6bfc1 some typos 2014-11-14 13:05:55 +01:00
Luca Bruno
510fba95e8 nixos-rebuild: reload dbus before starting other units. Closes #4546 2014-11-08 19:40:28 +01:00
Eelco Dolstra
785ed2b528 Don't silently ignore errors from the activation script 2014-08-15 02:14:34 +02:00
Luca Bruno
66ddb1c322 Add system.replaceRuntimeDependencies to quickly replace system dependencies 2014-06-06 21:17:31 +02:00
Eelco Dolstra
d4ccfe3f6b Don't create /media
It's obsolete - udisks2 uses /run/media/<username>.
2014-05-21 15:55:49 +02:00
Eelco Dolstra
c06786759c /var/run -> /run 2014-05-09 00:52:02 +02:00
Eelco Dolstra
bac68f9747 switch-to-configuration: Honour RefuseManualStop
This prevents spurious errors about systemd-tmpfiles-setup.service.

Backport: 14.04
2014-05-05 16:46:58 +02:00
Eelco Dolstra
56b4b841ae switch-to-configuration: Use old systemctl to stop units
Otherwise, when switching from systemd 203 to 212, you get errors like:

  Failed to stop remote-fs.target: Bad message
  Failed to stop systemd-udevd-control.socket: Bad message
  ...
2014-04-28 08:28:44 +02:00
Eelco Dolstra
37e6e08cde switch-to-configuration: Use systemctl's --no-legend flag 2014-04-25 17:42:09 +02:00
Shea Levy
7d1ddae58e nixos: evaluate assertions at toplevel, not at systemPackages
Fixes #2340
2014-04-22 14:09:02 -04:00
Shea Levy
2a4282c811 Revert "Merge branch 'dbus-switch-to-configuration'"
This seems to have combined badly with the systemd upgrade, we'll revert
for now and revisit after the 14.04 branch.

This reverts commit ad80532881, reversing
changes made to 1c5d3c7883.
2014-04-21 18:30:05 -04:00
Oliver Charles
42ae633445 Merge branch 'master' into dbus-switch-to-configuration
Conflicts:
	nixos/modules/system/activation/switch-to-configuration.pl
2014-04-20 19:17:05 +01:00
Eelco Dolstra
82535e0f8f switch-to-configuration: Check overrides.conf for X-* options 2014-04-19 14:28:33 +02:00
Eelco Dolstra
b03a2f9e90 Set personality when running a 32-bit container on a 64-bit host 2014-04-19 13:14:51 +02:00
Eelco Dolstra
313c38d5f1 switch-to-configuration: Handle systemctl output change 2014-04-18 19:04:45 +02:00
Eelco Dolstra
179acfb664 Allow upstream systemd units to be extended
If you define a unit, and either systemd or a package in
systemd.packages already provides that unit, then we now generate a
file /etc/systemd/system/<unit>.d/overrides.conf. This makes it
possible to use upstream units, while allowing them to be customised
from the NixOS configuration. For instance, the module nix-daemon.nix
now uses the units provided by the Nix package. And all unit
definitions that duplicated upstream systemd units are finally gone.

This makes the baseUnit option unnecessary, so I've removed it.
2014-04-17 18:52:31 +02:00
Eelco Dolstra
29027fd1e1 Rewrite ‘with pkgs.lib’ -> ‘with lib’
Using pkgs.lib on the spine of module evaluation is problematic
because the pkgs argument depends on the result of module
evaluation. To prevent an infinite recursion, pkgs and some of the
modules are evaluated twice, which is inefficient. Using ‘with lib’
prevents this problem.
2014-04-14 16:26:48 +02:00
Eelco Dolstra
511b86d22d Add an option to reload rather than restart changed units 2014-03-17 15:02:53 +01:00
Eelco Dolstra
f9e2af1e8b switch-to-configuration: Don't require /etc/NIXOS
Check /etc/os-release if /etc/NIXOS doesn't exist.
2014-03-17 14:16:10 +01:00
Eelco Dolstra
f13bd41384 switch-to-configuration: Restart sockets.target 2014-03-17 14:10:48 +01:00
Eelco Dolstra
09c14cd8aa switch-to-configuration: Don't try to start masked units 2014-03-12 18:52:11 +01:00
Oliver Charles
0d18d39e98 switch-to-configuration.pl: Handle successful auto-restarts
switch-to-configuration.pl is currently hard-coded to assume that if a
unit is in the "auto-restart" state that something has gone wrong, but
this is not strictly true. For example, I run offlineimap as a oneshot
service restarting itself every minute (on success). NixOS currently
thinks that offlineimap has failed to start as it enters the
auto-restart state, because it doesn't consider why the unit failed.

This commit changes switch-to-configuration.pl to inspect the full
status of a unit in auto-restart state, and now only considers it failed
if the ExecMainStatus is non-zero.
2014-02-02 15:56:22 +01:00
Oliver Charles
41775167ac switch-to-configuration.pl: Interact via DBus
Currently switch-to-configuration.pl uses system() calls to interact
with DBus. This can be error prone, especially when we are parsing
output that could change. In this commit, almost all calls to the
systemctl binary have been replaced with equivalent operations via DBus.
2014-02-02 14:41:26 +00:00
Eelco Dolstra
09dd7f9afc Fix passing of kernel parameters
Broken in 9ee30cd9b5.  Reported by Arvin
Moezzi.
2013-12-02 11:56:58 -05:00
Eelco Dolstra
9ee30cd9b5 Add support for lightweight NixOS containers
You can now say:

  systemd.containers.foo.config =
    { services.openssh.enable = true;
      services.openssh.ports = [ 2022 ];
      users.extraUsers.root.openssh.authorizedKeys.keys = [ "ssh-dss ..." ];
    };

which defines a NixOS instance with the given configuration running
inside a lightweight container.

You can also manage the configuration of the container independently
from the host:

  systemd.containers.foo.path = "/nix/var/nix/profiles/containers/foo";

where "path" is a NixOS system profile.  It can be created/updated by
doing:

  $ nix-env --set -p /nix/var/nix/profiles/containers/foo \
      -f '<nixos>' -A system -I nixos-config=foo.nix

The container configuration (foo.nix) should define

  boot.isContainer = true;

to optimise away the building of a kernel and initrd.  This is done
automatically when using the "config" route.

On the host, a lightweight container appears as the service
"container-<name>.service".  The container is like a regular NixOS
(virtual) machine, except that it doesn't have its own kernel.  It has
its own root file system (by default /var/lib/containers/<name>), but
shares the Nix store of the host (as a read-only bind mount).  It also
has access to the network devices of the host.

Currently, if the configuration of the container changes, running
"nixos-rebuild switch" on the host will cause the container to be
rebooted.  In the future we may want to send some message to the
container so that it can activate the new container configuration
without rebooting.

Containers are not perfectly isolated yet.  In particular, the host's
/sys/fs/cgroup is mounted (writable!) in the guest.
2013-11-27 17:14:10 +01:00
Eelco Dolstra
785eaf2cea Add some primops to lib 2013-11-12 13:48:30 +01:00
Eelco Dolstra
c1159edc65 Remove remaining references to Upstart 2013-10-31 13:26:06 +01:00
Eelco Dolstra
408b8b5725 Add lots of missing option types 2013-10-30 18:47:43 +01:00
Eelco Dolstra
862e3dd977 Substitute "types.uniq types.string" -> "types.str" 2013-10-30 14:57:42 +01:00
Eelco Dolstra
30a36f9a80 Remove remaining uses of mkOverrideTemplate 2013-10-28 22:45:58 +01:00
Eelco Dolstra
d5047faede Remove uses of the "merge" option attribute
It's redundant because you can (and should) specify an option type, or
an apply function.
2013-10-28 22:45:56 +01:00
Eelco Dolstra
0e333688ce Big cleanup of the NixOS module system
The major changes are:

* The evaluation is now driven by the declared options.  In
  particular, this fixes the long-standing problem with lack of
  laziness of disabled option definitions.  Thus, a configuration like

    config = mkIf false {
      environment.systemPackages = throw "bla";
    };

  will now evaluate without throwing an error.  This also improves
  performance since we're not evaluating unused option definitions.

* The implementation of properties is greatly simplified.

* There is a new type constructor "submodule" that replaces
  "optionSet".  Unlike "optionSet", "submodule" gets its option
  declarations as an argument, making it more like "listOf" and other
  type constructors.  A typical use is:

    foo = mkOption {
      type = type.attrsOf (type.submodule (
        { config, ... }:
        { bar = mkOption { ... };
          xyzzy = mkOption { ... };
        }));
    };

  Existing uses of "optionSet" are automatically mapped to
  "submodule".

* Modules are now checked for unsupported attributes: you get an error
  if a module contains an attribute other than "config", "options" or
  "imports".

* The new implementation is faster and uses much less memory.
2013-10-28 22:45:55 +01:00
Eelco Dolstra
29014a47fb Allow options to be marked as "internal"
This means they're not for end users.  Currently they're filtered from
the manual, but we could include them in a separate section.
2013-10-23 20:08:21 +02:00
Eelco Dolstra
e29b51bfb1 Improve option description 2013-10-23 20:08:21 +02:00
Eelco Dolstra
5c1f8cbc70 Move all of NixOS to nixos/ in preparation of the repository merge 2013-10-10 13:28:20 +02:00