Commit Graph

918 Commits

Author SHA1 Message Date
Jörg Thalheim
a5dcde1a6f Revert "networkd: also load builtin modules"
This reverts commit d514dc220e.

breaks unpredicable network interfaces: https://github.com/NixOS/nixpkgs/pull/29768#issuecomment-370172863
2018-03-04 06:29:08 +00:00
Tuomas Tynkkynen
1e107443ad Merge commit '618ac29687a650d854c8bea7efd4490387589ce2' into staging 2018-03-03 22:40:32 +02:00
Vladimír Čunát
b70c93f211
Merge branch 'master' into nix-2.0 2018-03-03 18:02:35 +01:00
Shea Levy
2802101e9f
Merge branch 'dropbear-2018-76-fix' 2018-03-01 21:35:06 -05:00
Shea Levy
f2937b7485
initrd-ssh: Fix for new dropbear version.
For some reason 2018.76 dropped the -m flag.
2018-03-01 21:21:27 -05:00
Shea Levy
95579af5ec
Merge remote-tracking branch 'origin/staging' into cross-nixos 2018-03-01 14:56:58 -05:00
Shea Levy
fec543436d
nixos: Move uses of stdenv.shell to runtimeShell. 2018-03-01 14:38:53 -05:00
Shea Levy
948e290895
stage-2-init: Use the host bash as SHELL 2018-03-01 14:03:41 -05:00
Shea Levy
897b7c7e9b
nixos: Fix initrd dependency detection when cross-compiling. 2018-03-01 13:31:36 -05:00
Jörg Thalheim
12422149a7
Merge pull request #29768 from Mic92/networkd
networkd: also load builtin modules
2018-03-01 09:16:18 +00:00
Shea Levy
cc81202293
nixos: initrd-kmod-blacklist-ubuntu: Fix cross-compilation. 2018-02-28 15:01:32 -05:00
Shea Levy
b28cb72908
nixos: stage-1: Don't try to test binaries when cross-compiling. 2018-02-28 15:01:32 -05:00
Shea Levy
a929301281
nixos: kexec: Disable on non-keexecable systems. 2018-02-28 15:01:31 -05:00
Aristid Breitkreuz
b8f4df9d9e attempt to fix #30940 more robustly 2018-02-26 22:19:12 +01:00
Linus Heckemann
fd77a08b34 grub module: suggest by-id paths for devices
Since they are more stable, their use should be encouraged over that of
potentially volatile identifiers like /dev/[sh]da.
2018-02-24 10:50:23 +00:00
Eelco Dolstra
d12c9911df
Merge remote-tracking branch 'origin/master' into nix-2.0 2018-02-22 17:28:51 +01:00
Tim Steinbach
0500cf79af
plymouth: Fix reference to NixOS version 2018-02-19 11:05:32 -05:00
Michael Raskin
1e23a5a6e9
Merge pull request #34795 from oxij/os/nixosLabel-pt2
nixos: labels part 2
2018-02-19 14:45:17 +00:00
Shea Levy
c64639b54c
nixos/binfmt: Initial binfmt_msc support. 2018-02-18 12:42:17 -05:00
Jan Malakhovski
2e6b796761 nixos: rename config.system.nixos* -> config.system.nixos.* 2018-02-18 12:56:30 +00:00
Jan Malakhovski
e1782e342f nixos: add system.boot.loader.initrdFile option and use it where appropriate 2018-02-18 12:56:29 +00:00
Joachim F
7bf049a54c
Merge pull request #34492 from rnhmjoj/privacy
nixos/networking-interfaces: add preferTempAddress option
2018-02-17 08:41:23 +00:00
Matthieu Coudron
1912870a6e nixos/boot: allow kernel.printk override (#34958)
At one point in my configuration I had:
boot.kernel.sysctl = {
      # https://unix.stackexchange.com/questions/13019/description-of-kernel-printk-values
      "kernel.printk" = "4	4	1	7";
};
which triggered:

error: The unique option `boot.kernel.sysctl.kernel.printk' is defined multiple times, in `/home/teto/dotfiles/nixpkgs/mptcp-unstable.nix' and `/home/teto/nixpkgs/nixos/modules/system/boot/kernel.nix'.
(use ‘--show-trace’ to show detailed location information)
Traceback (most recent call last):
  File "/home/teto/nixops/scripts/nixops", line 984, in <module>
    args.op()
  File "/home/teto/nixops/scripts/nixops", line 406, in op_deploy
    max_concurrent_activate=args.max_concurrent_activate)
  File "/home/teto/nixops/nixops/deployment.py", line 1045, in deploy
    self.run_with_notify('deploy', lambda: self._deploy(**kwargs))
  File "/home/teto/nixops/nixops/deployment.py", line 1034, in run_with_notify
    f()
  File "/home/teto/nixops/nixops/deployment.py", line 1045, in <lambda>
    self.run_with_notify('deploy', lambda: self._deploy(**kwargs))
  File "/home/teto/nixops/nixops/deployment.py", line 985, in _deploy
    self.configs_path = self.build_configs(dry_run=dry_run, repair=repair, include=include, exclude=exclude)
  File "/home/teto/nixops/nixops/deployment.py", line 653, in build_configs
    raise Exception("unable to build all machine configurations")
Exception: unable to build all machine configurations

This simple addition allows to override it.
2018-02-17 06:47:33 +00:00
Vladimír Čunát
b5aaaf87a7
Merge staging and PR #35021
It's the last staging commit (mostly) built on Hydra,
and a minimal fix for Darwin regression in pysqlite.
2018-02-16 09:13:12 +01:00
Nikolay Amiantov
56e0943b08 makeModulesClosure: support firmware
Link it in stage 1.
2018-02-16 00:11:07 +02:00
Herwig Hochleitner
23b5421c46 nixos: make boot.kernel.features internal
This isn't useful as public API. It should be used by options to
activate kernel features for use with specific programs.
2018-02-15 09:10:32 +01:00
Herwig Hochleitner
0b621321cd boot.kernel.features: add nixos option for setting kernel features
this allows setting the features attribute for
pkgs/os-specific/linux/kernel/common-config.nix
2018-02-15 09:10:32 +01:00
Franz Pletz
eb862c48dd
systemd: 234 -> 237
Co-Authored-By: Florian Klink <flokli@flokli.de>
Co-Authored-By: Andreas Rammhold <andreas@rammhold.de>
2018-02-13 01:24:24 +01:00
Eelco Dolstra
16bdaf3d03
Remove creation of /dev/{fd,stdin,stdout,stderr}
This is already provided by devtmpfs.
2018-02-07 17:58:21 +01:00
Eelco Dolstra
cc0caac098
Move creation of /root to the activation script
...so it appears in a new installation before rebooting the system.
2018-02-05 22:12:18 +01:00
Eelco Dolstra
1346923ffa
modprobe activation: Order after specialfs
It requires the existence of /proc.
2018-02-05 21:04:40 +01:00
Vladimír Čunát
84fb5c6a0d
nixos/availableKernelModules: add a keyboard module
Non-working keyboards during boot are quite a problem; see:
https://github.com/NixOS/nixpkgs/pull/33529#issuecomment-361164997
2018-02-03 10:46:53 +01:00
rnhmjoj
1fec496f38
nixos/networking-interfaces: add preferTempAddress option 2018-02-01 13:14:09 +01:00
Tuomas Tynkkynen
95880aaf06 nixos/initrd: Don't include some x86-specific modules unconditionally 2018-01-22 12:53:33 +02:00
Jörg Thalheim
a1e2f2a339 nixos/initrd-network: fix docbook syntax 2018-01-22 00:01:49 +00:00
Svein Ove Aas
5c5259d68d initrd-network: Document the need for modules 2018-01-21 17:43:41 +00:00
Jaakko Luttinen
eeaa82bde1 nixos/availableKernelModules: add logitech hid
This adds support for Logitech (wireless) USB keyboards at boot
2018-01-06 17:11:30 +00:00
zimbatm
eddf30cc93
nixos: introduce boot.growPartition (#33521)
Move it from being a profile
2018-01-06 13:52:51 +00:00
Evgeny Egorochkin
ab623d8467 luksRoot: add the missing ECB dependency to fix XTS support, resolves #30940 2017-12-22 07:50:09 +02:00
Jörg Thalheim
ba007d32c9
Merge pull request #32829 from flokli/input_leds
boot.initrd.luks: add input_leds module
2017-12-19 21:36:51 +00:00
Florian Klink
f2a9f9aeab boot.initrd.luks: add input_leds module
To get working caps lock lights already at stage 1, the input_leds
module needs to be loaded.

Closes #12456.
2017-12-19 01:07:37 +01:00
Jörg Thalheim
4844fbc267
Merge pull request #32268 from volth/patch-74
nixos/initrd-ssh: generate hostkeys if absent
2017-12-17 00:00:04 -08:00
Symphorien Gibol
b8a85fccd9 luksroot.nix: rename fallback to fallbackToPassword 2017-12-14 13:43:14 +01:00
Michael Peyton Jones
638d24950d plymouth: add breeze-plymouth as default theme 2017-12-11 20:42:00 +00:00
volth
af6fc78f5d
initrd-ssh: generate hostkeys if absent 2017-12-03 02:27:29 +00:00
Gleb Peregud
2f6148c743 nixos/system: make switch-to-configuration script pure.
Fixes #28443

Fixed few invocations to `systemctl` to have an absolute path. Additionally add
LOCALE_ARCHIVE so that perl stops spewing warning messages.
2017-11-19 19:42:54 +01:00
Orivej Desh
4435bb8ba8
Merge pull request #30665 from michaelpj/imp/plymouth-themes
plymouth: fix breeze-plymouth (and other themes)
2017-11-06 06:18:38 +00:00
Erlend Pedersen
3f013b806b plymouth service: fix symlink to defaults
Symlink for plymouthd.defaults was pointing to nonexisting target
because of a spelling error.
2017-10-24 20:10:13 +02:00
Symphorien Gibol
601fc20248 nixos/luksroot.nix: add option boot.initrd.luks.devices.<name?>.fallback
This option, if set to true, enables fallbacking to an interactive
passphrase prompt when the specified keyFile is not found.

The default is false, which is compatible with previous behavior and
doesn't prevent unattended boot.
2017-10-23 22:22:26 +02:00
Michael Peyton Jones
18d286b6c9 plymouth: try to remove more references in themes 2017-10-21 22:29:45 +01:00
Robert Helgesson
c4088dd0af
nixos/resolved: clean up option descriptions
Also change LLMNR RFC to the correct id 4795.
2017-10-17 10:11:19 +02:00
Symphorien Gibol
8158cd6d5e nixos/luksroot.nix: fallback to interactive password entry when no keyfile found 2017-10-14 18:36:03 +02:00
Peter Hoeg
0f486c46b2 Revert "networkd: only wait for network to be online if configured to do so"
This reverts commit 8f21e089a8.
2017-10-14 14:42:49 +08:00
Peter Hoeg
8f21e089a8 networkd: only wait for network to be online if configured to do so 2017-10-14 14:38:04 +08:00
Franz Pletz
e13d0c3435 Merge pull request #30172 from mayflower/cleanup/firmware-modules
nixos: clean up wifi firmware & default kernel modules
2017-10-12 16:32:01 +02:00
aszlig
f4e742594d
nixos: Fix detection of btrfs root volume
Regression introduced by 801c920e95.

Since then, the btrfsSimple subtest of the installer VM test fails with:

Btrfs did not return a path for the subvolume at /

The reason for this is that the output for "btrfs subvol show" has
changed between version 4.8.2 and 4.13.1.

For example the output of "btrfs subvol show /" in version 4.8.2 was:

/ is toplevel subvolume

In version 4.13.1, the output now is the following and thus the regular
expressions used in nixos-generate-config.pl and install-grub.pl now
match (which results in the error mentioned above):

/
        Name:                   <FS_TREE>
        UUID:                   -
        Parent UUID:            -
        Received UUID:          -
        Creation time:          -
        Subvolume ID:           5
        Generation:             287270
        Gen at creation:        0
        Parent ID:              0
        Top level ID:           0
        Flags:                  -
        Snapshot(s):

In order to fix this I've changed nixos-generate-config.pl and
install-grub.pl, because both use "btrfs subvol show" in a similar vein,
so the regex for parsing the output now doesn't match anymore whenever
the volume path is "/", which should result in the same behaviour as we
had with btrfs-progs version 4.8.2.

Tested against the btrfsSimple, btrfsSubvols and btrfsSubvolDefault
subtests of the installer VM test and they all succeed now.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2017-10-11 04:30:52 +02:00
Franz Pletz
3855b7977c
nixos: clean up kernel modules
* the keyboard modules in all-hardware.nix are already defaults of
   boot.initrd.availableKernelModules
 * ide modules, hid_lenovo_tpkbd and scsi_wait_scan have been removed
   because they're not available anymore
 * i8042 was a duplicate (see few lines abowe)
2017-10-07 01:48:03 +02:00
Joerg Thalheim
23f398012b nixos: skip restarting systemd-logind to not break x11 2017-09-27 22:28:27 +01:00
Joerg Thalheim
d514dc220e networkd: also load builtin modules 2017-09-25 11:27:57 +01:00
Robin Gloster
43404d9acf
systemd-tmpfiles: fix docs
We have been doing this since 4e4161c212
2017-09-24 13:17:46 +02:00
Jörg Thalheim
42be8dbe15 Merge pull request #29344 from Moredread/fix/fileystem-encrypted-keyfile-missing-initrd-support
nixos/fileystems: Fix boot fails with encrypted fs
2017-09-22 12:46:17 +01:00
Matt McHenry
cfbac1beb4 systemd: better document enabled, wantedBy, and requiredBy (#29453)
the systemd.unit(5) discussion of wantedBy and requiredBy is in the
[Install] section, and thus focused on stateful 'systemctl enable'.
so, clarify that in NixOS, wantedBy & requiredBy are still what most
users want, and not to be confused with enabled.
2017-09-16 12:48:16 +02:00
André-Patrick Bubel
2000fba561
nixos/fileystems: Fix boot fails with encrypted fs
Boot fails when a keyfile is configured for all encrypted filesystems
and no other luks devices are configured. This is because luks support is only
enabled in the initrd, when boot.initrd.luks.devices has entries. When a
fileystem has a keyfile configured though, it is setup by a custom
command, not by boot.initrd.luks.

This commit adds an internal config flag to enable luks support in the
initrd file, even if there are no luks devices configured.
2017-09-14 05:27:41 +02:00
Graham Christensen
62652be111
Include date and NixOS version in systemd-boot entries
Grub configs include the NixOS version and date they were built, now
systemd can have fun too:

    version Generation 99 NixOS 17.03.1700.51a83266d1, Linux Kernel 4.9.43, Built on 2017-08-30
    version Generation 100 NixOS 17.03.1700.51a83266d1, Linux Kernel 4.9.43, Built on 2017-08-30
    version Generation 101 NixOS 17.03.1700.51a83266d1, Linux Kernel 4.9.43, Built on 2017-08-31
    version Generation 102 NixOS 17.03.1700.51a83266d1, Linux Kernel 4.9.43, Built on 2017-09-01
    version Generation 103 NixOS 17.03.1700.51a83266d1, Linux Kernel 4.9.43, Built on 2017-09-02
    version Generation 104 NixOS 17.09beta41.1b8c7786ee, Linux Kernel 4.9.46, Built on 2017-09-02
    version Generation 105 NixOS 17.09.git.1b8c778, Linux Kernel 4.9.46, Built on 2017-09-02
2017-09-02 14:28:34 -04:00
davidak
8f389f3316 nixos/bcachefs: init module 2017-08-31 05:39:31 -05:00
Symphorien Gibol
90ef2183f7 grub module: assume /nix/store is a bind mount even if it is not read only
Fixes #14999
2017-08-31 10:56:34 +02:00
danbst
65ff0d5f9d switch-to-configuration: fix detection of changes between rebuilds for template instances
This makes declarative containers truly reloadable. Current code already declares it:

56904d7c42/nixos/modules/virtualisation/containers.nix (L488)

```
  restartIfChanged = false;
```

56904d7c42/nixos/modules/virtualisation/containers.nix (L540)

```
  reloadIfChanged = true;
```

Original author: @chrisfarms in 6e36619b27
Most of stuff from that commit has already been ported.
2017-08-22 15:04:18 +03:00
Robin Gloster
485a8fef73
modules: specify some types 2017-08-04 02:20:31 +02:00
Profpatsch
5d62d8775c modules/systemd: improve logind.extraConfig example
Since we have a .handleLidSwitch option now, give an other example.
2017-08-03 03:07:05 +02:00
Volth
faac018630 environment.etc: add user/group option
fixes #27546
2017-07-29 23:56:46 +01:00
Florian Jacob
3e69c650ab nixos/systemd-networkd: allow [Link] section in .network files 2017-07-29 21:25:21 +02:00
Martin Wohlert
c3d5cfdc3c swap: extend randomEncryption to plainOpen and ability to select cipher 2017-07-26 20:57:10 +03:00
Graham Christensen
8df6d351c4 Merge pull request #26912 from knedlsepp/fix-autoResize
nixos: Force check the filesystem before resizing
2017-07-16 16:54:54 -04:00
Jörg Thalheim
b14bcd873a Merge pull request #27142 from florianjacob/resolved-multicastdns-support
networkd: Allow new MulticastDNS setting
2017-07-13 14:35:23 +01:00
Peter Hoeg
5cb11abc9e systemd: paths and slices are supported for user units too 2017-07-13 11:55:48 +08:00
Florian Jacob
cd8a1a7ceb networkd: Allow new MulticastDNS setting
which gained an implementation in systemd v233
2017-07-05 13:48:18 +02:00
Giumo X. Clanjor (哆啦比猫/兰威举)
87cbb86214 systemd.nspawn: fix missing suffix
Fix files placed in `/etc/systemd/nspawn/` missing `.nspawn` suffix
2017-07-04 21:12:47 +08:00
Vladimír Čunát
d1a89ae9d7
Merge branch 'master' into staging 2017-07-03 09:48:58 +02:00
Silvan Mosberger
cf07fc6b16 luksroot: fix typo 2017-07-02 04:37:51 +02:00
Josef Kemetmueller
899e2b5748 Force check the filesystem before resizing
The message buffer of the kernel lists
> Please run 'e2fsck -f /dev/disk/by-label/nixos' first.
as the output of the command `resize2fs "$device"`.
This fixes NixOS/nixpkgs#26910.
2017-06-27 22:13:51 +02:00
Christian Albrecht
3584707638
nixos/boot/stage-1: fix failing nixos-rebuild switch because of blkid output
old version of blkid used to output version information including libblkid version
when invoked with --help parameter

new version does not output libblkid version when invoked with --help parameter

fix is to invoke blkid with -V parameter to output version including libblkid in both cases
2017-06-26 09:15:44 +02:00
Kai
9929e83607 systemd-boot-builder.py: add support for profiles (#26318)
* systemd-boot-builder.py: add support for profiles

This will also list the generations of other profiles than `system` in
the boot menu. See the documentation of the `--profile-name` option of
nixos-rebuild for more information on profiles.

* Fix errors introduced by previous commit
2017-06-24 20:33:34 +01:00
Joachim F
631ec734eb Merge pull request #26460 from romildo/fix.nixos-artwork
nixos-artwork: add more wallpapers
2017-06-13 23:20:52 +01:00
Bjørn Forsman
581226cfb4 nixos/bcache: /bin/sh -> ${bash}/bin/sh
Or else `services.udev.packages = [ bcache-tools ]` cannot be used.

To not break bcache in the initrd I'm modifying this in stage-1.nix:

  -  --replace /bin/sh ${extraUtils}/bin/sh
  +  --replace ${bash}/bin/sh ${extraUtils}/bin/sh

Reasoning behind that change:

* If not modifying the /bin/sh pattern in any way, it will also match
  ${bash}/bin/sh, creating a broken path like
  /nix/store/HASH-bash/nix/store/HASH-bash/bin/sh in the udev rule file.

* The addition of /bin/sh was done in 775f381a9e
  ("stage-1: add bcache support"). It seems somewhat plausible that
  no new users have appeared since then and we can take this opportunity
  to back out of this change without much fear of regressions.

  If there _are_ regressions, they should be in the form of build time
  errors, not runtime (boot), due to how the udev rule output is checked
  for invalid path references. So low risk, IMHO.

* An alternative approach could be to copy the /bin/sh substitute rule
  over to the non-initrd udev rules implementation in NixOS, but I think
  this way is better:
  - The rules file comes with a working path out of the box.
  - We can use more precise pattern matching when modifying the udev
    rules for the initrd.
2017-06-10 17:10:49 +02:00
Benjamin Staffin
700e22f7bf nixos: Add support for scalable fonts in Grub menus (#26227)
The default font is unreadably small on some hidpi displays. This
makes it possible to specify a TrueType or OpenType font at any point
size, and it will automatically be converted to the format the Grub
uses.
2017-06-10 09:53:24 -04:00
romildo
aa8018103c nixos-artwork: add more wallpapers
Restructure the nixos-artwork to make it easy to selectively
incorporate other components from upstream without needing to download
the full package.

Until now only the Gnome_Dark wallpaper was included. Add other
wallpapers available in the package repository.
2017-06-07 18:00:58 -03:00
Jörg Thalheim
08dd6779f4
systemd-nspawn: relax PrivateUsers check
this options allows two colon-separated number as value, for instances which
is quite difficult to check.
2017-05-27 08:27:47 +01:00
Jörg Thalheim
522c16bd86
systemd-nspawn: fixes evaluation error
fixes #25097
2017-05-27 08:27:39 +01:00
Maximilian Bosch
23d1c7f474
services.logind: add options for lid-switch behavior 2017-05-23 18:57:57 +02:00
Jörg Thalheim
6fae5631b2
systemd-nspawn: add NotifyRead fixup 2017-05-20 20:32:45 +01:00
Jörg Thalheim
4698012c52
systemd-nspawn: add NotifyRead option 2017-05-20 20:31:38 +01:00
Rickard Nilsson
a92bdc54e3 nixos/luks: Silence killall complain about non-existing cryptsetup processes 2017-05-16 09:50:10 +02:00
Jörg Thalheim
e33848568d
systemd-boot: document reasoning behind syncfs(2) 2017-05-10 10:32:26 +01:00
Jörg Thalheim
e3beb07108
systemd-boot: sync efi filesystem after update
Since fat32 provides little recovery facilities after a crash,
it can leave the system in an unbootable state, when a crash/outage
happens shortly after an update. To decrease the likelihood of this
event sync the efi filesystem after each update.
2017-05-09 19:06:27 +01:00
Jörg Thalheim
fa5196e47e Merge pull request #25005 from Lassulus/copytoram
nixos/stage1: add copytoram support
2017-04-30 11:22:45 +02:00
lassulus
87a4615e27 nixos/stage1: add copytoram support 2017-04-28 20:48:09 +02:00
aszlig
72f2b506c7
nixos/grub: Add another example for extraEntries
Someone on IRC wanted to boot Fedora from another disk. While I'm not
too familiar with UEFI booting in conjunction with GRUB2 it took some
time to get it to work.

So in order to safe others from frustration I'm adding this as another
example to the extraEntries option.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2017-04-25 08:50:43 +02:00
aszlig
e662e035f9
nixos/systemd-boot-builder: Don't write .pyc files
This has surfaced since d990aa7163.

The "simpleUefiGummiboot" installer test fails since this commit,
because that commit introduced a small check to verify whether the store
was altered.

While installing NixOS for the first time, the store is usually in
/mnt/nix/store and without the read-only bind mount that's preventing
programs from altering the store.

So after nixos-install is done creating the system closure and setting
it as the active system profile, the bootloader is written from the
closure inside the chroot. The systemd-boot-builder is invoked during
this step, which adds .pyc files for various Python modules of the
Python 3 store path, which in turn invalidates the hash of the Python 3
store path itself.

At the time the system is booted up again, the nix-store is verified and
fails with something like this:

path /nix/store/zvm545rqc4d97caqq9h7344bnd06jhzb-python3-3.5.3 was
modified! expected hash
b2c975f4b8d197443fbb09690fb3f6545e165dd44c9309d7d6df2fce0579ebeb, got
bccca19f39c9d26d857ccf1fb72818b2b817967e6d497a25a1283e36ed0acf01

Running the interpreter with the -B argument prevents Python from
writing those byte code files:

https://docs.python.org/3/using/cmdline.html#cmdoption-B

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2017-04-20 00:37:02 +02:00
Vladimír Čunát
91ad6b3597
Revert "grub module: fix efiInstallAsRemovable description"
This reverts commit c2b56626f1.
It broke creating the manual.  I suspect the descriptions are
auto-wrapped by <para> and </para>.

We've been through this already in 3af715af90.
/cc #24978, @zraexy, @Mic92.
2017-04-18 14:26:36 +02:00
zraexy
c2b56626f1 grub module: fix efiInstallAsRemovable description 2017-04-17 14:45:56 -08:00
Domen Kožar
635822da82
nixos: escape brackets in systemd units
One day we should just whitelist instead of blacklist chars.

Fixes https://github.com/NixOS/nixops/issues/614
2017-04-12 15:56:26 +02:00
Jörg Thalheim
b4820d4948 Merge pull request #24645 from Mic92/stage-2
Stage-2 cleanup
2017-04-08 21:52:22 +02:00
Jörg Thalheim
62c79a1de8
stage-2: shellsheck recommendations 2017-04-05 21:40:57 +02:00
Jörg Thalheim
e3f031b200
stage-2: reduce mkdir commands 2017-04-05 21:40:51 +02:00
Michael Weiss
a6420e13a2 luksroot: Wait for the header (device) to appear
The LUKS header can be on another device (e.g. a USB stick). In my case
it can take up to two seconds until the partition on my USB stick is
available (i.e. the decryption fails without this patch). This will also
remove some redundancy by providing the shell function `wait_target` and
slightly improve the output (one "." per second and a success/failure
indication after 10 seconds instead of always printing "ok").
2017-04-05 20:39:03 +02:00
Jörg Thalheim
a17344c2ad
stage-2: process options as first action
this way `set -x` is set early
2017-04-05 09:05:18 +02:00
Jörg Thalheim
b42af25223
stage-2: replace readonly-mountpoint by findmnt 2017-04-05 09:05:18 +02:00
Jörg Thalheim
a5ad8b4f69
stage-2: simplify exporting path 2017-04-05 09:05:13 +02:00
Eelco Dolstra
e84d5b23e1
Allow systemd-fsck@.service to find fsck.*
Fixes "fsck.ext4 doesn't exist, not checking file system on ...".
2017-04-04 18:17:05 +02:00
Eelco Dolstra
de51ad6cd1
Don't restart systemd-fsck@ units
Restarting them is useless since the filesystem is already
checked. Worse, restarting them causes the filesystem to be unmounted.

Also remove an override for systemd-rkill@.service which no longer
exists.
2017-04-04 16:40:18 +02:00
Shea Levy
3a26d09e15 initrd-ssh: Use initrd secrets for host keys 2017-04-02 16:33:37 -04:00
Shea Levy
b09490a322 systemd-boot: Support initrd secrets 2017-04-02 16:33:37 -04:00
Shea Levy
59c0977300 Add facility to append secrets to the initrd 2017-04-02 16:33:37 -04:00
Symphorien Gibol
a6665adde8 grub module: fix useOSProber when installing grub as EFI 2017-03-23 12:53:44 +01:00
Franz Pletz
fb50cde71e
nixos/treewide: systemd.time is in manvolume 7
cc #23396
2017-03-21 08:28:53 +01:00
Franz Pletz
9536169074
nixos/treewide: remove boolean examples for options
They contain no useful information and increase the length of the
autogenerated options documentation.

See discussion in #18816.
2017-03-17 23:36:19 +01:00
Benjamin Staffin
f474f82860 ykpers: consolidate into yubikey-personalization
Looks like this accidentally got packaged twice.
2017-03-11 16:23:00 -05:00
Eelco Dolstra
136f77b7b9
nixos-rebuild: Sync /nix/store only
We only care about /nix/store because its contents might be out of
sync with /nix/var/nix/db. Syncing other filesystems might cause
unnecessary delays or hangs (e.g. I encountered a case where an NFS
mount was taking a very long time to sync).
2017-03-03 16:50:25 +01:00
Franz Pletz
66f553974b
dhcpcd service: fix network-online.target integration
When dhcpcd instead of networkd is used, the network-online.target behaved
the same as network.target, resulting in broken services that need a working
network connectivity when being started.

This commit makes dhcpcd wait for a lease and makes it wanted by
network-online.target. In turn, network-online.target is now wanted by
multi-user.target, so it will be activated at every boot.
2017-02-23 16:07:40 +01:00
Kevin Cox
da33c8a19d
systemd: Properly escape environment options.
Using toJSON on a string value works because the allowed JSON escape
sequences is almost a subset of the systemd allowed escape sequences.
The only exception is `\/` which JSON allows but systemd doesn't.
Luckily this sequence isn't required and toJSON don't produce it making
the result valid for systemd consumption.

Examples of things that this fixes are environment variables with double
quotes or newlines.
2017-02-20 22:20:13 -05:00
Robin Gloster
2f8aaf0c0a Merge pull request #22941 from mayflower/systemd-tmpfiles
systemd: setup tmpfiles on switching configuration
2017-02-20 23:14:31 +01:00
aszlig
dc31a1ea29
systemd-boot: Unlink loader.conf if it exists
Since systemd version 232 the install subcommand of bootctl opens the
loader.conf with fopen() modes "wxe", where the "e" stands for
exclusive, so the call will fail if the file exists.

For installing the boot loader just once this is fine, but if we're
using NIXOS_INSTALL_BOOTLOADER on a systemd where the bootloader is
already present this will fail.

Exactly this is done within the simpleUefiGummiboot installer test,
where nixos-install is called twice and thus the bootloader is also
installed twice, resulting in an error during the fopen call:

Failed to open loader.conf for writing: File exists

Removing the file prior to calling bootctl should fix this.

I've tested this using the installer.simpleUefiGummiboot test and it now
succeeds.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @edolstra, @shlevy, @mic92
Fixes: #22925
2017-02-20 14:54:48 +01:00
aszlig
4daccf208f
systemd-boot: Make sure /etc/machine-id exists
This leads to the following error when trying to install a new machine
where the machine ID wasn't yet initialized during boot:

Failed to get machine did: No such file or directory

In addition this was also detected by the simpleUefiGummiboot installer
test.

So let's generate a fallback machine ID by using
systemd-machine-id-setup before actually running bootctl.

Tested this by running the installer.simpleUefiGummiboot test, it still
fails but not because of the machine ID.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @edolstra, @shlevy, @mic92
Fixes: #22561
2017-02-20 14:54:44 +01:00
Franz Pletz
60555c7c0a Merge pull request #22969 from symphorien/extrainitrd
grub module: add extraInitrd option
2017-02-20 04:32:48 +01:00
Symphorien Gibol
9ed2846e04 grub module: add extraInitrd option 2017-02-19 10:50:22 +01:00
Robin Gloster
4e4161c212
systemd: setup tmpfiles on switching configuration
This fixes systemd.tmpfiles.rules on switching configuration so that
does not only get applied on a fresh boot. This e.g. fixes kubernetes.
2017-02-18 15:04:52 +01:00
Brice Waegeneire
47c214cc2a fix comments about nixos-hardware-scan
It has been renamed to nixos-generate-config in 3ed4173
2017-02-18 13:29:47 +01:00
Nikolay Amiantov
213356c927 activation-script service: add utillinux to path 2017-02-17 21:54:58 +03:00
Profpatsch
bb797c1390 networking.networkd: adjust autmatic mapping of bonds
Since the bonds interface changed to a lot more possible values we create a
mapping of kernel bond attribute names and values to networkd attributes.
Those match for the most part, but have to transformed slightly.

There is also an assert that unknown options won’t slip through silently.
2017-02-16 21:24:40 +01:00
Robin Gloster
af9f44dd57
grub: fix capitalisation
Missed this occurence while renaming the option
2017-02-13 14:55:36 +01:00
symphorien
0b87efacb1 grub: add grub.useOSProber option (#22558) 2017-02-13 14:53:15 +01:00
Tuomas Tynkkynen
9e04b57dde nixos top-level: Add 'dtbs' symlink when kernel uses device trees
Currently e.g. extlinux-conf-builder.sh uses
`readlink -m "$toplevel/kernel/../dtbs"` to figure out the directory.
That is obscenely ugly.
2017-02-12 15:47:49 +02:00
Graham Christensen
4f34e030a5 Merge pull request #22677 from grahamc/drop-kdm-kde4-modules
Drop kdm and kde4 modules
2017-02-12 08:36:33 -05:00
Ricardo M. Correia
123cbd40c2 raspberryPi boot loader: don't remove xx-initrd files
The Raspberry Pi boot loader was deleting all xx-initrd text files
(which simply contain the path to the actual initrd files) just after
having created them. The code was actually trying to delete real,
obsolete initrd files, which are named <hash>-initrd-initrd (after path
cleaning), but the glob was catching the other files as well.
2017-02-12 02:48:57 +02:00
Ricardo M. Correia
c19b17d14f raspberryPi boot loader: fix booting Raspberry Pi 3
The Raspberry Pi 3 seems to need the .DTB file when booting the kernel,
so we must copy it to /boot when installing a new kernel.
2017-02-12 02:48:57 +02:00
Graham Christensen
3cec7d10df
kdm: drop service 2017-02-11 13:55:09 -05:00
Nikolay Amiantov
6f7811143d systemd service: don't install systemd-hwdb-update 2017-02-08 21:42:07 +03:00
Antoine Eiche
9d30099b7f nixos/systemd: set r-x group permissions on /var/log/journal
This allows services such as systemd-journal-gateway to access the
systemd journal.

Closes #22288
2017-02-08 16:06:14 +03:00
Nikolay Amiantov
90bc1a8595 Merge pull request #22353 from abbradar/bluetooth
Bluetooth improvements
2017-02-05 13:18:48 +03:00
Nikolay Amiantov
8ef14f80e3 systemd service: add aliases option 2017-02-02 00:52:54 +03:00
Robin Gloster
a38f1911d3
systemd: 231 -> 232
Includes adding some more upstream units and removing obsolete (-.slice) ones.
2017-01-26 17:52:52 +01:00
Franz Pletz
068dad3a21
systemd-boot: fix evaluation 2017-01-21 14:42:10 +01:00
Linus Heckemann
98bd722d1d systemd-boot: allow setting editor security option (#21853) 2017-01-21 14:24:26 +01:00
Franz Pletz
e4fb2bb0c5
Revert "nixos/stage2: Check for each special mount individually and mount missing ones. (#21370)"
This reverts commit 712e62c260.

This commit broke NixOS containers. Systemd wouldn't detect if a container
started successfully and would kill it again after a grace period.

Additionally this prints mount errors due to already mounted filesystems
at boot.
2017-01-10 17:35:38 +01:00
Sebastian Hagen
712e62c260 nixos/stage2: Check for each special mount individually and mount missing ones. (#21370) 2017-01-09 10:32:23 +01:00
Eelco Dolstra
b297af42d2
Fix using ephemeral disks for /tmp etc. in EC2 instances
This code in amazon-image.nix:

  if mountFS "$device" "$mp" "" auto; then
    if [ -z "$diskForUnionfs" ]; then diskForUnionfs="$mp"; fi
  fi

relies on mountFS to return a zero exit status if mounting
succeeds. But the lustrateRoot check in mountFS was causing a non-zero
exit status. As a result /disk0 would be mounted, but not used for
/tmp.

(cherry picked from commit d082ed8c35dec48aee2afd1303b3c8b2a1b242b0)
2017-01-03 17:32:42 +01:00
Markov Dmitry
efd5508b89 systemd: add slice support 2016-12-20 10:49:08 +01:00
Jörg Thalheim
579051fe66 networkd: add extraConfig to all units
networkd options are always correct or up to date. This option allows to by
pass type checking. It is also easier to write because examples can be just copy
and paste from manpages.
2016-12-17 15:23:34 +01:00
Jörg Thalheim
d49e0d5fa5 networkd: allow to supply own unit files
Networkd units can contain secrets. In future also wireguard vpn will be supported by
networkd. To avoid leakage of private keys, those could be then also put outside
of the /nix/store

Having a writeable /etc/systemd/network also allows to quick fix network issues,
when upgrading `nixos-rebuild switch` would require network on its own (due
updates).
2016-12-17 15:23:34 +01:00
Bjørn Forsman
3af715af90 Revert "fix 2 xml errors in the description of boot.loader.grub.efiInstallAsRemovable"
This reverts commit 656cc3acaf because it
causes building the manual to fail:

  $ nixos-rebuild build
  ...
  building path(s) ‘/nix/store/s9y5z78z5pssvmixcmv9ix13gs8xj87f-manual-olinkdb’
  Writing /nix/store/s9y5z78z5pssvmixcmv9ix13gs8xj87f-manual-olinkdb/manual.db for book(book-nixos-manual)
  ./man-pages.xml:625: element para: Relax-NG validity error : Did not expect element para there
  ./man-pages.xml:3: element variablelist: Relax-NG validity error : Element refsection has extra content: variablelist
  ./man-pages.xml:29: element refsection: Relax-NG validity error : Element refentry has extra content: refsection
  ./man-pages.xml:3: element reference: Relax-NG validity error : Element reference failed to validate content
  ./man-pages.xml fails to validate

CC @cleverca22, @Mic92
2016-12-17 11:45:31 +01:00