Commit Graph

1280 Commits

Author SHA1 Message Date
Lassulus
e0f07f9b8d
Merge pull request #63165 from CRTified/module/initrd-ovpn
nixos/system/boot/initrd-openvpn: New openvpn options for initrd
2020-07-05 14:32:52 +02:00
Samuel Gräfenstein
850d7d1790
nixos/*: wether -> whether 2020-07-04 15:17:03 +02:00
Graham Christensen
105e63469d
Merge pull request #91344 from ElvishJerricco/zfs-encryption-systemd-ask-password
ZFS: Ask for stage 2 encryption passwords using systemd-ask-password
2020-07-02 14:15:18 -04:00
Will Fancher
c128229dce plymouth: Enable systemd-ask-password-plymouth 2020-07-02 13:50:23 -04:00
Michele Guerini Rocco
dab676b2d7
Merge pull request #65231 from buckley310/grub-password
grub: add support for passwords
2020-07-01 09:04:30 +02:00
CRTified
c684398c6a nixos/system/boot/initrd-openvpn: Add openvpn options for initrd
nixos/tests/initrd-openvpn: Add test for openvpn in the initramfs

The module in this commit adds new options that allows the
integration of an OpenVPN client into the initrd.
This can be used e.g. to remotely unlock LUKS devices.

This commit also adds two tests for `boot.initrd.network.openvpn`.
The first one is a basic test to validate that a failing connection
does not prevent the machine from booting.

The second test validates that this module actually creates a valid
openvpn connection.
For this, it spawns three nodes:

  - The client that uses boot.initrd.network.openvpn
  - An OpenVPN server that acts as gateway and forwards a port
    to the client
  - A node that is external to the OpenVPN network

The client connects to the OpenVPN server and spawns a netcat instance
that echos a value to every client.
Afterwards, the external node checks if it receives this value over the
forwarded port on the OpenVPN gateway.
2020-07-01 00:08:55 +02:00
Fabian Möller
c07a6f8743
nixos/generic-extlinux-compatible: fix docbook syntax 2020-06-23 20:51:02 +02:00
Sean Buckley
37ec7c488a
grub: add support for passwords
This patch adds support for user accounts/passwords in GRUB 2.
When configured, everything but the default option is password-protected.
2020-06-23 19:01:43 +02:00
Florian Klink
387f3b58d2 hardware.deviceTree: add name
This can be used to explicitly specify a specific dtb file, relative to
the dtb base.

Update the generic-extlinux-compatible module to make use of this option.
2020-06-21 13:48:22 +02:00
Florian Klink
bd8137aef1 extlinux-conf-builder.sh: allow a custom FDT to be specified
Some bootloaders might not properly detect the model.
If the specific model is known by configuration, provide a way to
explicitly point to a specific dtb in the extlinux.conf.
2020-06-21 13:48:22 +02:00
Florian Klink
54129e72b4 nixos/generic-extlinux-compatible: introduce boot.loader.generic-extlinux-compatible.populateCmd
This option exposes the builder command used to populate an image,
honoring all options except the -c <path-to-default-configuration>
argument.

Useful to have for sdImage.populateRootCommands.

Special care needs to be taken w.r.t cross - the populate command runs
on the host platform, the activation script on the build platform (so
the builders differ)
2020-06-21 13:41:22 +02:00
Samuel Dionne-Riel
f203b8b277
Merge pull request #90119 from samueldr/feature/rpi4-fixups
Fix some pitfalls from the Raspberry Pi 4 specific sd image
2020-06-20 17:02:51 -04:00
Florian Klink
a84cbb60f0
Merge pull request #91073 from danielfullmer/systemd-string-format
nixos/systemd-boot: fix incorrect string formatting
2020-06-19 02:23:25 +02:00
Daniel Fullmer
1d4dc149df nixos/systemd-boot: fix incorrect string formatting
Currently, this always writes "default nixos-generation-%d.conf" without
replacing the "%d" in the string.
Python .format() is not equivalent to "%"
2020-06-18 19:58:50 -04:00
Florian Klink
1c9e02b911 nixos/systemd: allow str in systemd.services.<name>.path
Turns out, #75510 was too restrictive.

We also need to allow str here, as some modules set this to
"/run/wrappers" to bring `/run/wrappers/bin` into $PATH of a unit.
2020-06-19 00:02:51 +02:00
Florian Klink
c1e7366483
Merge pull request #75510 from helsinki-systems/systemd-path-type
nixos/systemd: Use a proper type for unit paths
2020-06-18 23:50:42 +02:00
Florian Klink
d72530162a
Merge pull request #90604 from maralorn/systemd-oneshot-warning
nixos/systemd: Update warning for restarting oneshots
2020-06-16 23:35:22 +02:00
Malte Brandy
0d4134de4a
nixos/systemd: Update warning for restarting oneshots
Restart= can be anything other than on-success and always for onehost units as of
10e72727ee
which is contained in systemd 245.
2020-06-16 22:10:12 +02:00
Florian Klink
42b92250b9 nixos/systemd-boot: fix default boot entry selection
6cd12ebcfe
changed behaviour - now the "default" entry needs to identity an entry
with its full name, including the ".conf".

Reported-In: https://github.com/NixOS/nixpkgs/issues/86422
2020-06-15 20:22:45 -04:00
Daniel Fullmer
7e3519a7cf nixos/systemd-boot: update bootloader if needed 2020-06-15 20:22:45 -04:00
Arian van Putten
71a6d32c18 nixos/timesyncd: Make dbus-activatible
Upstream has this alias too; so that dbus activation works.
What I don't fully understand is why this would ever be useful given
this unit is already started way in early boot; even before dbus is up.
But lets just keep behaviour similar to upstream and then ask these
questions to upstream.
2020-06-13 12:23:45 +02:00
Arian van Putten
cd1dedac67 nixos/networkd: Make activatible through dbus and netlink
With this systemd buffers netlink messages in early boot from the kernel
itself; and passes them on to networkd for processing once it's started.
Makes sure no routing messages are missed.

Also makes an alias so that dbus can activate this unit. Upstream has
this too.
2020-06-13 12:23:45 +02:00
Arian van Putten
0e18e5db99 nixos/resolved: Include dbus alias of resolved unit
This will make dbus socket activation for it work

When `systemd-resolved` is restarted; this would lead to unavailability
of DNS lookups.  You're supposed to use DBUS socket activation to buffer
resolved requests; such that restarts happen without downtime
2020-06-13 12:23:45 +02:00
Samuel Dionne-Riel
37e50ca635 raspberrypi-builder: ensure scripts fails on error
The way this ends up being called with the raspberry pi 4 image builder
ends up not using the `-e` from the shebang.

In turn, the builds fails during cross-compilation. The wrong coreutils
ends up being used, but this is not made apparent.

The issue I faced is already fixed on master, but this ensures no one
ends up with a failed build "succeeding".
2020-06-11 14:41:18 -04:00
Frederik Rietdijk
dc33419285 Merge master into staging-next 2020-06-08 12:06:12 +02:00
worldofpeace
d508591039
Merge pull request #86163 from worldofpeace/wallpaper-refactor
Gnome and Pantheon: install nixos wallpapers
2020-06-07 14:44:59 -04:00
Nadrieril
e4f445008e
boot: fix order of arguments for hasPrefix (#89751) 2020-06-07 18:43:15 +02:00
Frederik Rietdijk
43f71029cc Merge master into staging-next 2020-06-05 19:40:53 +02:00
Ben Wolsieffer
14eceb5991 nixos/grub: support initrd secrets 2020-06-04 18:30:46 -04:00
Ben Wolsieffer
50a5e5597a nixos/stage-1: make boot.initrd.secrets appear in the manual 2020-06-04 17:53:29 -04:00
Florian Klink
cfb4d0dfe3
Merge pull request #84032 from teto/fix_kernel_merge
Fix kernel configuration merge
2020-05-22 13:32:22 +02:00
Florian Klink
4e2715934e nixos/binfmt: move systemd-binfmt.service to binfmt module
Also, remove the dangling systemd.services.systemd-binfmt.wants = [
"proc-sys-fs-binfmt_misc.mount" ]; in systemd.nix.

If boot.binfmt.registrations != {}, systemd will install
proc-sys-fs-binfmt_misc.automount, which will auto-mount
`/proc/sys/fs/binfmt_misc` as soon as systemd-binfmt tries to access it.

Fixes https://github.com/NixOS/nixpkgs/issues/87687
Fixes https://github.com/NixOS/nixops/issues/574
2020-05-18 11:18:44 +02:00
Florian Klink
4a85559ffc
Merge pull request #87016 from flokli/nsswitch-cleanup
nixos/nsswitch cleanup nss modules
2020-05-14 14:55:43 +02:00
Linus Heckemann
90c0191735
Merge pull request #85428 from serokell/kirelagin/unit-script-name
systemd: Simplify unit script names
2020-05-12 09:35:26 +02:00
Florian Klink
4a69bf2a1e nixos/systemd: enable systemd-provided nss modules unconditionally
A disabled nscd breaks nss module loading on NixOS, and systemd without
its nss modules doesn't really work either - instead of silently
disabling its nss modules if nscd is disabled, let the assertion in
nsswitch handle this.
2020-05-11 16:14:51 +02:00
Florian Klink
36b6e26d40 nixos/systemd: add to system.nssDatabases.group too
nixos/modules/config/nsswitch.nix uses `passwdArray` for both `passwd`
and `group`, but when moving this into the systemd module in
c0995d22ee, it didn't get split
appropriately.
2020-05-11 16:14:50 +02:00
Richard Marko
a6ac6d00f9 nixos/raspberrypi-builder: fix cross using buildPackages 2020-05-10 16:03:31 +02:00
Richard Marko
03ae0c0fe2 nixos/uboot-builder: fix cross using buildPackages 2020-05-10 16:03:31 +02:00
Florian Klink
8325e0db11 Revert "nixos/resolved: Include dbus alias of resolved unit"
This reverts commit 7fe539f799.
2020-05-09 20:05:01 +02:00
Arian van Putten
7fe539f799 nixos/resolved: Include dbus alias of resolved unit
This will make dbus socket activation for it work

When `systemd-resolved` is restarted; this would lead to unavailability
of DNS lookups.  You're supposed to use DBUS socket activation to buffer
resolved requests; such that restarts happen without downtime
2020-05-08 14:21:25 +02:00
Michael Adler
7915dc737c nixos/systemd: use global proxy config in systemd-importd 2020-05-06 11:32:17 +02:00
Florian Klink
c0995d22ee nixos/systemd: move NSS module logic to systemd module
We keep the conditional on only adding if nscd is enabled for now.
2020-05-05 15:59:30 +02:00
Florian Klink
7426bec45e nixos/systemd/resolved: add resolve to nss hosts database if enabled
We keep the "only add the nss module if nscd is enabled" logic for now.

The assertion never was triggered, so it can be removed.
2020-05-05 15:59:30 +02:00
Finn Behrens
daa0dfe4f4 nixos/initrd-ssh: add extraConfig Options 2020-05-03 20:11:52 +02:00
Florian Klink
15d761a525 Revert "nixos/systemd.nix: don’t require online for multi-user.target"
This reverts commit 764c8203b8.

While this is desireable in principle, some of our modules and services
fail during service startup if no network is available don't currently
properly set Wants=network-online.target.

If nothing pulls in this target anymore, systemd won't try to reach it.

We have many VM tests waiting for `network-online.target`, and after
764c8203b8 fail with the following error
message:

```
error: unit "network-online.target" is inactive and there are no pending jobs
```

Most likely, test scripts shouldn't wait for `network-online.target` in
first place (as `network-online.target` says nothing about whether a
service has been started), but instead, the script should wait for the
network ports of the corresponding service to be open.

Let's revert this for now, and re-apply in a draft PR, fixing the tests
before merging it back in.
2020-05-01 17:12:05 +02:00
Florian Klink
0a98d10850
Merge pull request #82026 from andir/systemd-update-networkd-options
nixos/networkd: update configuration options
2020-05-01 13:49:24 +02:00
Andreas Rammhold
00215e5bc0
nixos/networkd: support PrefixDelegationHint in DHCPv6 section
With sytemd v244 we will have support for this option.
2020-05-01 13:33:55 +02:00
Andreas Rammhold
10ad353d8b
nixos/networkd: add ipv6Prefix 2020-05-01 13:33:55 +02:00
Andreas Rammhold
5abd9a74fc
nixos/networkd: add ipv6PrefixDelegationConfig to networkd 2020-05-01 13:33:54 +02:00
Andreas Rammhold
819e8bb35f
nixos/networkd: rename the networkd dhcpConfig option to dhcpV4Config
This follows upstreams change in documentation. While the `[DHCP]`
section might still work it is undocumented and we should probably not
be using it anymore. Users can just upgrade to the new option without
much hassle.

I had to create a bit of custom module deprecation code since the usual
approach doesn't support wildcards in the path.
2020-05-01 13:33:54 +02:00