Commit graph

1168 commits

Author SHA1 Message Date
Kirill Elagin
5822d03851 systemd: Simplify unit script names
Current journal output from services started by `script` rather than
`ExexStart` is unreadable because the name of the file (which journalctl
records and outputs) quite literally takes 1/3 of the screen (on smaller
screens).

Make it shorter. In particular:

* Drop the `unit-script` prefix as it is not very useful.
* Use `writeShellScriptBin` to write them because:
  * It has a `checkPhase` which is better than no checkPhase.
  * The script itself ends up having a short name.
2020-04-17 10:17:46 +03:00
Yegor Timoshenko
8262ecd369
Merge pull request #85004 from emilazy/add-initrd-secrets-path-assertion
nixos/stage-1: check secret paths before copying
2020-04-16 17:42:40 +03:00
Jörg Thalheim
4cc7c2e55a
tmpfiles: load user-defined entries first
systemd-tmpfiles will load all files in lexicographic order and ignores rules
for the same path in later files with a warning Since we apply the default rules
provided by systemd, we should load user-defines rules first so users have a
chance to override defaults.
2020-04-16 13:02:24 +01:00
Maximilian Bosch
2d55f9c01a
Merge pull request #84266 from Ma27/nspawn-overrides
nixos/systemd-nspawn: disallow multiple packages with `.nspawn`-units
2020-04-16 00:24:33 +02:00
Rouven Czerwinski
61da203324 boot.initrd.luks: remove x86_64/i586 AES modules
Commit 1d2c3279311e4f03fcf164e1366f2fda9f4bfccf in the upstream kernel
repository removed support for the scalar x86_64 and i586 AES
assembly implementations, since the generic AES implementation generated
by the compiler is faster for both platforms. Remove the modules from
the cryptoModules list. This causes a regression for kernel versions
>=5.4 which include the removal. This should have no negative impact on
AES performance on older kernels since the generic implementation should
be faster there as well since the implementation was hardly touched from
its initial submission.

Fixes #84842
2020-04-12 15:12:38 +02:00
Graham Christensen
35d8514a91
Merge pull request #81848 from grahamc/nested-specialisation
specialisation: replace nesting with named configurations
2020-04-12 08:56:11 -04:00
Graham Christensen
ec2d28e323
specialisation: replace nesting with named configurations
Co-authored-by: worldofpeace <worldofpeace@protonmail.ch>
2020-04-12 08:12:50 -04:00
Emily
91c6809946 nixos/stage-1: check secret paths before copying
Fixes #84976.
2020-04-11 16:42:47 +01:00
Emily
8a37c3dd1a nixos/initrd-ssh: fix typo in docs 2020-04-11 16:19:48 +01:00
Michael Reilly
84cf00f980
treewide: Per RFC45, remove all unquoted URLs 2020-04-10 17:54:53 +01:00
B YI
07bc7b971d
nixos/initrd-ssh: fix typo (#84719) 2020-04-08 17:04:29 +02:00
Maximilian Bosch
a9e3ec1d6e
nixos/systemd-nspawn: disallow multiple packages with .nspawn-units
In contrast to `.service`-units, it's not possible to declare an
`overrides.conf`, however this is done by `generateUnits` for `.nspawn`
units as well. This change breaks the build if you have two derivations
configuring one nspawn unit.

This will happen in a case like this:

``` nix
{ pkgs, ... }: {
  systemd.packages = [
    (pkgs.writeTextDir "etc/systemd/nspawn/container0.nspawn" ''
      [Files]
      Bind=/tmp
    '')
  ];
  systemd.nspawn.container0 = {
    /* ... */
  };
}
```
2020-04-04 21:11:21 +02:00
Matthieu Coudron
b9a4e6953d kernel: fix config generation
Addresses https://github.com/NixOS/nixpkgs/issues/71803:
Kernel options are not merged as described, especially the "optional"
aspects. The error silences legitimate warnings.
2020-04-01 22:25:57 +02:00
Maciej Krüger
948de104de
stage-1-init: add boot.persistence option
This option allows replacing the tmpfs mounted on / by
the live CD's init script with a physical device

Since nixOS symlinks everything there's no trouble
at all.

That enables the user to easily use a nixOS live CD
as a portable installation.

Note that due to some limitations in how the store is mounted
currently only the non-store things are persisted.
2020-04-01 03:56:32 +02:00
Rouven Czerwinski
d22373b2b1 nixos/systemd: remove one DefaultBlockIOAccounting
DefaultBlockIOAccounting=yes is set twice in the same file, remove one
copy.
2020-03-29 10:56:34 +02:00
Emily
d930466b77 nixos/initrd-ssh: switch from Dropbear to OpenSSH
Dropbear lags behind OpenSSH significantly in both support for modern
key formats like `ssh-ed25519`, let alone the recently-introduced
U2F/FIDO2-based `sk-ssh-ed25519@openssh.com` (as I found when I switched
my `authorizedKeys` over to it and promptly locked myself out of my
server's initrd SSH, breaking reboots), as well as security features
like multiprocess isolation. Using the same SSH daemon for stage-1 and
the main system ensures key formats will always remain compatible, as
well as more conveniently allowing the sharing of configuration and
host keys.

The main reason to use Dropbear over OpenSSH would be initrd space
concerns, but NixOS initrds are already large (17 MiB currently on my
server), and the size difference between the two isn't huge (the test's
initrd goes from 9.7 MiB to 12 MiB with this change). If the size is
still a problem, then it would be easy to shrink sshd down to a few
hundred kilobytes by using an initrd-specific build that uses musl and
disables things like Kerberos support.

This passes the test and works on my server, but more rigorous testing
and review from people who use initrd SSH would be appreciated!
2020-03-25 08:26:50 +00:00
Florian Klink
355c58e485 nixos/networkd: respect systemd.network.links also with disabled systemd-networkd
This mirrors the behaviour of systemd - It's udev that parses `.link`
files, not `systemd-networkd`.

This was originally applied in 36ef112a47,
but was reverted due to 1115959a8d causing
evaluation errors on hydra.
2020-03-19 14:15:32 +01:00
Danylo Hlynskyi
fab05f17d1
Merge pull request #80114 from rnhmjoj/initrd
nixos/boot: add option to disable initrd
2020-03-16 20:04:24 +02:00
Vladimír Čunát
0729b8c55e
Revert Merge #82310: nixos/systemd: apply .link
...even when networkd is disabled

This reverts commit ce78f3ac70, reversing
changes made to dc34da0755.

I'm sorry; Hydra has been unable to evaluate, always returning
> error: unexpected EOF reading a line
and I've been unable to reproduce the problem locally.  Bisecting
pointed to this merge, but I still can't see what exactly was wrong.
2020-03-13 22:05:33 +01:00
Florian Klink
36ef112a47 nixos/networkd: respect systemd.network.links also with disabled systemd-networkd
This mirrors the behaviour of systemd - It's udev that parses `.link`
files, not `systemd-networkd`.
2020-03-11 10:21:37 +01:00
Maximilian Bosch
7f9131f260
Merge pull request #81405 from NinjaTrappeur/nin-networkd-policy-rules
nixos/networkd: add RoutingPolicyRules-related options
2020-03-04 12:29:29 +01:00
Maximilian Bosch
70325e63d8
Merge pull request #79532 from NixOS/fix-predictable-ifnames-in-initrd
nixos/stage-1: fix predictable interface names in initrd
2020-03-02 17:14:06 +01:00
Félix Baylac-Jacqué
9897d83f58 nixos/networkd: test routingPolicyRules with a nixos vm test 2020-03-02 15:37:40 +01:00
Félix Baylac-Jacqué
611d765b76 nixos/networkd: Add the RoutingPolicyRule-related options 2020-03-01 14:52:36 -08:00
Benjamin Staffin
4c5ea02dc5
grub: Update extraConfig example text (#79406)
This expands the example to something one might actually want to use
to set up a serial console.
2020-02-15 16:45:47 -05:00
rnhmjoj
dea79b56f7
nixos/boot: add option to disable initrd 2020-02-15 12:13:33 +01:00
Marek Mahut
4011c2a2aa
Merge pull request #76481 from fare-patches/vesa
Deprecate the boot.vesa option
2020-02-13 09:47:54 +01:00
worldofpeace
d12524fd51 Merge pull request #78453 from wedens/memtest-efi-grub
nixos/grub: make memtest work with EFI
2020-02-09 16:09:58 -05:00
Franz Pletz
589789997f
nixos/initrd-network: always run postCommands
As outlined in #71447, postCommands should always be run if networking
in initrd is enabled. regardless if the configuration actually
succeeded.
2020-02-08 14:57:49 +01:00
Franz Pletz
d25c1a8fdc
nixos/initrd-network: use ipconfig from klibc
This apparently has features that the version from Arch's
mkinitcpio-nfs-utils does not have. Fixes #75314.
2020-02-08 14:57:49 +01:00
Franz Pletz
ea7d02406b
nixos/initrd-network: flush interfaces before stage 2
Depending on the network management backend being used, if the interface
configuration in stage 1 is not cleared, there might still be some old
addresses or routes from stage 1 present in stage 2 after network
configuration has finished.
2020-02-08 14:04:02 +01:00
Franz Pletz
44e289f93b
nixos/stage-1: fix predictable interfaces names
This makes predictable interfaces names available as soon as possible
with udev by adding the default network link units to initrd which are read
by udev. Also adds some udev rules that are needed but which would normally
loaded from the udev store path which is not included in the initrd.
2020-02-08 14:04:02 +01:00
Silvan Mosberger
5acd168425
Merge pull request #59827 from oxij/nixos/suppress-systemd-units
nixos/systemd: add an option to suppress system units
2020-02-06 18:11:01 +01:00
Frederik Rietdijk
419bc0a4cd Revert "Revert "Merge master into staging-next""
In 87a19e9048 I merged staging-next into master using the GitHub gui as intended.
In ac241fb7a5 I merged master into staging-next for the next staging cycle, however, I accidentally pushed it to master.
Thinking this may cause trouble, I reverted it in 0be87c7979. This was however wrong, as it "removed" master.

This reverts commit 0be87c7979.
2020-02-05 19:41:25 +01:00
Frederik Rietdijk
0be87c7979 Revert "Merge master into staging-next"
I merged master into staging-next but accidentally pushed it to master.
This should get us back to 87a19e9048.

This reverts commit ac241fb7a5, reversing
changes made to 76a439239e.
2020-02-05 19:18:35 +01:00
Silvan Mosberger
3ab846e34a
Merge pull request #35188 from sorki/overlayfs
use overlayfs by default for netboot and iso
2020-02-05 13:46:04 +01:00
Richard Marko
0c20feb231 use overlayfs by default for netboot and iso 2020-02-05 10:35:59 +01:00
wedens
7b5550a3fc nixos/grub: make memtest work with EFI
Memtest86+ doesn't support EFI, so unfree Memtest86 is used when EFI
support is enabled (systemd-boot currently also uses Memtest86 when
memtest is enabled).
2020-02-05 11:12:55 +07:00
Silvan Mosberger
b4cc413928
Merge pull request #77594 from Frostman/fix-grub-extrafiles-mirroredboots
Fix boot.loader.grub.extraFiles when used with mirroredBoots
2020-02-05 00:22:35 +01:00
Sergey Lukjanov
7144b9ac54 Fix boot.loader.grub.extraFiles when used with mirroredBoots
Substitute @bootPath@ in boot.loader.grub.extraPrepareConfig script
same way as it's done for boot.loader.grub.extraEntries option.
2020-02-03 15:37:00 -08:00
misuzu
f93a9074e4 nixos/systemd: add systemd.sleep.extraConfig config option 2020-02-03 18:33:15 +02:00
Maximilian Bosch
0f10495eb9
Merge pull request #74624 from Ma27/networkd-units-internal
nixos/networkd: mark `units` option as internal
2020-02-02 07:59:57 +01:00
Andreas Rammhold
355b31c98e
Merge pull request #78476 from Ma27/networkd-vrf-options
nixos/networkd: add vrfConfig option for netdevs, add simple test
2020-01-31 13:28:22 +01:00
Jörg Thalheim
43f117537f
Merge pull request #78426 from Mic92/tmpfiles
nixos/systemd: add all systemd tmpfiles files
2020-01-27 09:55:50 +00:00
Maximilian Bosch
bc130855a7
nixos/networkd: add vrfConfig option to netdevs 2020-01-25 17:38:15 +01:00
Jörg Thalheim
3ef5115963
nixos/systemd: add all systemd tmpfiles files
Especially tmp.conf is important to create /tmp and /var/tmp with the correct
permissions.
2020-01-24 17:20:54 +00:00
Marek Mahut
c4d75cbb0c boot.initrd.luks: adding a warning when using FIDO2 with kernel ≤ 5.4 2020-01-22 16:00:40 +01:00
Marek Mahut
dea2fe9f39 boot.initrd.luks: Adding FIDO2 support 2020-01-22 08:38:16 +01:00
Florian Klink
a3d67f417e
Merge pull request #77665 from zaninime/ifxfrm
systemd-networkd: add configuration for XFRM interfaces
2020-01-21 22:14:53 +01:00
Francesco Zanini
9974bb16b0 systemd-networkd: add configuration for XFRM interfaces 2020-01-14 11:33:18 +01:00
worldofpeace
1c2e27e4d5 nixos/systemd-lib: don't fail on systemd.packages duplicates
In some cases like we've noticed in https://github.com/NixOS/nixpkgs/issues/76169,
having duplicate packages in systemd.packages like
```
systemd.packages = [ gnome-shell gnome-shell gnome-session ];
```
breaks.

Here we use an associative array to ensure no
duplicate paths when we symlink all the units listed
in systemd.packages.
2020-01-07 21:42:14 -05:00
Silvan Mosberger
ff16d17b42
nixos/systemd: Explicitly put default path packages after othe… (#77088)
nixos/systemd: Explicitly put default path packages after others
2020-01-06 21:51:04 +01:00
rnhmjoj
1d61efb7f1 treewide: use attrs instead of list for types.loaOf options 2020-01-06 10:39:18 -05:00
Silvan Mosberger
9327e1c6ba
nixos/systemd: Explicitly put default path packages after others
This fixes the dhcpcd issue in https://github.com/NixOS/nixpkgs/issues/76969,
which was exposed by https://github.com/NixOS/nixpkgs/pull/75031
introducing changes in the module ordering and therefore option ordering
too.

The dhcpcd issue would also be fixable by explicitly putting
dhcpcd's paths before others, however it makes more sense for systemd's
default paths to be after all others by default, since they should only
be a fallback, which is how binary finding will work if they come after.
2020-01-06 15:58:06 +01:00
Francois-Rene Rideau
eaffc7d0a5 Deprecate the boot.vesa option 2019-12-24 16:05:30 -05:00
Maximilian Bosch
77d8988b7b
nixos/systemd-nspawn: use config.systemd.package
When using a modified systemd-package (e.g. to test a patch), it's
recommended to use the `systemd.package`-option to avoid rebuilding all packages
that somehow depend on systemd.

With this change, the modified package is also used by `systemd-nspawn@`
units.
2019-12-21 17:19:26 +01:00
Janne Heß
35f7d38a3b nixos/systemd: Use a proper type for unit paths 2019-12-11 15:43:17 +01:00
Silvan Mosberger
4ee3e8b21d
nixos/treewide: Move rename.nix imports to their respective modules
A centralized list for these renames is not good because:
- It breaks disabledModules for modules that have a rename defined
- Adding/removing renames for a module means having to find them in the
central file
- Merge conflicts due to multiple people editing the central file
2019-12-10 02:51:19 +01:00
Maximilian Bosch
4324419f9e
Merge pull request #72888 from fooker/pr-3
nixos/networkd: Add more valid values for RequiredForOnline
2019-12-06 18:04:34 +01:00
Florian Klink
2c1281eb7a nixos/networkd: add missing "Advertise" option
This is in systemd since v240.
2019-12-06 08:43:34 +01:00
Maximilian Bosch
60f2c59471
nixos/networkd: mark units option as internal
The options at `systemd.network` (`links`, `netdevs` and `networks`) are
directly mapped to the three different unit types of `systemd-networkd(8)`.

However there's also the option `systemd.network.units` which is
basically used as a container for generated unit-configs that are linked
to `/etc/systemd/networkd`[1].

This should not be exposed to the user as it's unclear whether or not it
should be used directly which can be pretty confusing which is why I decided to
declare this option as internal (including all sub-options as `internal`
doesn't seem to be propagated to submodules).

[1] 9db75ed88f/nixos/modules/system/boot/networkd.nix (L933-L937)
2019-11-29 12:50:51 +01:00
WilliButz
fc91467b0d
nixos/timesyncd: add user systemd-timesync to group systemd-timesync 2019-11-25 10:46:28 +01:00
WilliButz
2ffb2c0bd1
nixos/resolved: add user systemd-resolve to group systemd-resolve 2019-11-25 10:46:28 +01:00
WilliButz
b79e3e615a
nixos/networkd: add systemd-network user to group systemd-network 2019-11-25 10:46:28 +01:00
John Ericson
d0d5136cce Merge remote-tracking branch 'upstream/master' into wrapper-pname-support 2019-11-24 17:25:07 +00:00
John Ericson
9b090ccbca treewide: Get rid of most parseDrvName without breaking compat
That is because this commit should be merged to both master and
release-19.09.
2019-11-24 17:22:28 +00:00
Maximilian Bosch
b451612bd9
nixos/networkd: add missing dhcpv6 and static options to IPv6PrefixDelegation 2019-11-23 12:51:38 +01:00
Frederik Rietdijk
65edeb8633 Merge master into staging-next 2019-11-20 10:01:49 +01:00
(cdep)illabout
6c019a867c
nixos/timesyncd: add extraConfig option
This adds an `extraConfig` option to timesyncd for setting additional
options in `/etc/systemd/timesyncd.conf`.

This is similar to things like `services.journald.extraConfig` and
`services.logind.extraConfig`.
2019-11-20 14:57:02 +09:00
Dustin Frisch
943508a7fa nixos/networkd: add Name as valid option to Link
This has been there since v209 [1]

```
The interface name to use. This option has lower precedence than NamePolicy=, so for this setting to take effect, NamePolicy= must either be unset, empty, disabled, or all policies configured there must fail. Also see the example below with "Name=dmz0".

Note that specifying a name that the kernel might use for another interface (for example "eth0") is dangerous because the name assignment done by udev will race with the assignment done by the kernel, and only one interface may use the name. Depending on the order of operations, either udev or the kernel will win, making the naming unpredictable. It is best to use some different prefix, for example "internal0"/"external0" or "lan0"/"lan1"/"lan3".
```

[1] 43b3a5ef61
2019-11-19 22:13:17 +01:00
Frederik Rietdijk
73b88e17dd Merge staging-next into staging 2019-11-11 12:09:26 +01:00
Thomas Tuegel
8e639f142f
Merge pull request #71986 from mtetreault/mte/plymouth-improvements
plymouth: Add extra config field
2019-11-09 08:17:14 -06:00
Silvan Mosberger
9fe4e06812 nixos/systemd: Allow unit options to have multiple equal defs (#73024)
E.g. this allows

  systemd.services.<name?>.serviceConfig.DynamicUser =
    mkMerge [ true true ];
2019-11-08 15:45:44 +00:00
Dustin Frisch
0aeaf4dfe0
nixos/networkd: Add more valid values for RequiredForOnline
`RequiredForOnline` allows for a boolean value or operational state.
This adds the values for all valid the operational states.
2019-11-06 13:12:34 +01:00
Florian Klink
c3566c7a4f
Merge pull request #70352 from wucke13/systemd-importd
systemd: add systemd-importd
2019-11-05 15:42:44 +01:00
wucke13
29ac226225 systemd: adding support for systemd-importd
Adding `systemd-importd` to the build, so that `machinectl`s `import-.*`
may actually do anything. Currently they fail with

```
Failed to transfer image: The name org.freedesktop.import1 was not provided by any .service files
```
as `systemd-importd` is not built. Also registers the regarding dbus
api and service in the systemd module.
2019-11-02 21:33:18 +01:00
Maximilian Bosch
47724fc77c
nixos/networkd: add ipv4-fallback and fallback as valid options to LinkLocalAddressing
Both options were introduced in systemd v243[1]. Those options can be
used to ensure that LinkLocalAddressing is only configured for a given
interface if DHCPv4 fails. To quote `systemd.network(5)`:

```
If "fallback" or "ipv4-fallback" is specified, then an IPv4
link-local address is configured only when DHCPv4 fails. If "fallback", an IPv6 link-local
address is always configured, and if "ipv4-fallback", the address is not configured. Note
that, the fallback mechanism works only when DHCPv4 client is enabled, that is, it requires
"DHCP=yes" or "DHCP=ipv4".
```

[1] 8bc17bb3f7
2019-10-28 20:51:17 +01:00
Mathieu A.-Tetreault
054ceb826e plymouth: Add extra config field
Signed-off-by: Mathieu A.-Tetreault <alexandretm@amotus.ca>
2019-10-25 11:22:45 -04:00
Tor Hedin Brønner
5924bab20b nixos/plymouth: do not order plymouth-quit after display-manager
GDM now specifies ordering between `plymouth-quit` and `display-manager`:
9be5321097

This causes an ordering cycle between GDM and plymouth-quit which can result in
systemd breaking GDM:
```
plymouth-quit.service: Job display-manager.service/start deleted to break
                       ordering cycle starting with plymouth-quit.service/start
```

Not sure how often this triggers, as I've run my system with plymouth and
9be5321097 without any issues. But I did catch a VM doing this.

NOTE: I also tried to remove the ordering in GDM to see if plymouth managed to
live longer, but it didn't seem to help. So I opted to stick as close to
upstream (upstream GDM specifies ordering, but plymouth does not).
2019-10-14 13:08:51 +02:00
Florian Klink
e24526d38e
Merge pull request #69422 from arianvp/fix-machinectl
nixos/systemd: Make machinectl work with NixOS
2019-10-12 14:12:44 +02:00
Eelco Dolstra
2c97f0669d
Typo 2019-10-10 16:24:33 +02:00
Fabian Möller
996d846726
nixos/systemd: fix broken tmpfiles.d symlinks 2019-10-09 10:53:01 +02:00
Thomas Tuegel
22b4014900
Merge pull request #69357 from mtetreault/plymouth-custom-logo
breeze-plymouth: allow usage of custom logo
2019-10-08 05:32:07 -05:00
Eelco Dolstra
37c22b9d30
Revive systemd.coredump.enable 2019-10-07 20:28:13 +02:00
Mathieu A.-Tetreault
001b42db7f breeze-plymouth: allow usage of custom logo 2019-10-07 09:43:23 -04:00
lassulus
9d04a64a8f iso-image: add loopback.cfg support to boot iso from grub 2019-10-04 23:24:52 +02:00
Samuel Dionne-Riel
95005c1039
Merge pull request #68265 from tkerber/rpi4
Various: Add support for raspberry pi 4.
2019-09-27 14:35:17 -04:00
Arian van Putten
7058b0ad12 nixos/systemd: Make machinectl work with NixOS
Images generated with nixos-install will be supported by machinectl
problem is that systemd-nspawn's private usersns feature clashes
with DynamicUser and RuntimeDirectory features, which causes NixOS
images to not boot. There is an upstream issue for this
https://github.com/systemd/systemd/issues/13622
2019-09-25 18:27:19 +02:00
Franz Pletz
0dc4fe0a44
nixos/systemd: pick more upstream tmpfiles confs
In #68792 it was discovered that /dev/fuse doesn't have
wordl-read-writeable permissions anymore. The cause of this is that the
tmpfiles examples in systemd were reorganized and split into more files.
We thus lost some of the configuration we were depending on.

In this commit some of the new tmpfiles configuration that are
applicable to us are added which also makes wtmp/lastlog in the pam
module not necessary anymore.

Rationale for the new tmpfile configs:

  - `journal-nowcow.conf`: Contains chattr +C for journald logs which
  makes sense on copy-on-write filesystems like Btrfs. Other filesystems
  shouldn't do anything funny when that flag is set.

  - `static-nodes-permissions.conf`: Contains some permission overrides
  for some device nodes like audio, loop, tun, fuse and kvm.

  - `systemd-nspawn.conf`: Makes sure `/var/lib/machines` exists and old
  snapshots are properly removed.

  - `systemd-tmp.conf`: Removes systemd services related private tmp
  folders and temporary coredump files.

  - `var.conf`: Creates some useful directories in `/var` which we would
  create anyway at some point. Also includes
  `/var/log/{wtmp,btmp,lastlog}`.

Fixes #68792.
2019-09-23 15:23:31 +02:00
Peter Simons
be3dae2e3a nixos: improve the example that shows how to include nvidia_x11 in boot.extraModulePackages
Fixes https://github.com/NixOS/nixpkgs/issues/68931.
2019-09-17 08:37:56 +02:00
Thomas Kerber
cc5baf2d86
Various: Add support for raspberry pi 4. 2019-09-17 04:05:16 +01:00
Vladimír Čunát
f21211ebfe
Merge branch 'master' into staging 2019-09-02 23:25:24 +02:00
Silvan Mosberger
478e7184f8
nixos/modules: Remove all usages of types.string
And replace them with a more appropriate type

Also fix up some minor module problems along the way
2019-08-31 18:19:00 +02:00
Frederik Rietdijk
ad1d58c622 Merge staging-next into staging 2019-08-31 10:04:20 +02:00
Peter Hoeg
73701a7a05
Merge pull request #67487 from dasJ/suspend-then-hibernate
nixos/systemd: Add suspend-then-hibernate units
2019-08-28 17:29:17 +08:00
Frederik Rietdijk
5061fe0c2c Merge staging-next into staging 2019-08-28 08:26:42 +02:00
volth
35d68ef143 treewide: remove redundant quotes 2019-08-26 21:40:19 +00:00
Janne Heß
c8e863e25e nixos/systemd: Add suspend-then-hibernate units
Pretty useful for laptops. I use them with:

```
services.logind.lidSwitch = "suspend-then-hibernate";
environment.etc."systemd/sleep.conf".text = "HibernateDelaySec=8h";
```
2019-08-26 11:04:10 +02:00
Florian Klink
0fb17141fb nixos/systemd: enable cgroup accounting by default
If this is the default for OpenShift already, we probably can enable it
as well.

see https://github.com/openshift/machine-config-operator/pull/581
2019-08-25 22:26:12 +02:00
Florian Klink
f3a18d4562 nixos/systemd: add new Default{BlockIO,IP}Accounting settings 2019-08-25 22:25:19 +02:00
Florian Klink
f34f38ef1c nixos/systemd: honor default enableCgroupAccounting settings
systemd defaults DefaultMemoryAccounting and DefaultTasksAccounting to
yes, so no need to enable explicitly
2019-08-25 22:25:19 +02:00
Félix Baylac-Jacqué
0528816570 systemd-networkd: add tests
(cherry picked from commit ec073e41a0dc8273cd81cf61fa37004310120af2)
2019-08-21 11:11:28 +02:00
David Guibert
7fd91a898b systemd-networkd: add support for wireguard netdev. 2019-08-21 11:11:24 +02:00
Matthieu Coudron
3b205ad3a7
Merge pull request #58207 from teto/kernelPackages_check
boot.kernelPackages: check for conflicts
It's currently possible to set conflicting `boot.kernelPackages` several times.
Nixos now warns when this is the case instead of just picking one.
2019-08-20 14:15:51 +09:00
Nikolay Amiantov
fca97dfebc stage-1 init: fix debug menu
* Read one char at a time, so user doesn't have to enter "i<ENTER>"
  contrary to the menu;
* Exec shell inside setsid.
2019-08-19 19:54:00 +03:00
Florian Klink
bafc256915 nixos/systemd: remove separate coredump module 2019-08-18 17:54:26 +02:00
Florian Klink
9be0327a49 nixos/systemd: install sysctl snippets
systemd provides two sysctl snippets, 50-coredump.conf and
50-default.conf.

These enable:
 - Loose reverse path filtering
 - Source route filtering
 - `fq_codel` as a packet scheduler (this helps to fight bufferbloat)

This also configures the kernel to pass coredumps to `systemd-coredump`.
These sysctl snippets can be found in `/etc/sysctl.d/50-*.conf`,
and overridden via `boot.kernel.sysctl`
(which will place the parameters in `/etc/sysctl.d/60-nixos.conf`.

Let's start using these, like other distros already do for quite some
time, and remove those duplicate `boot.kernel.sysctl` options we
previously did set.

In the case of rp_filter (which systemd would set to 2 (loose)), make
our overrides to "1" more explicit.
2019-08-18 17:54:26 +02:00
danbst
d80cd26ff9 Merge branch 'master' into flip-map-foreach 2019-08-18 18:00:25 +03:00
Frederik Rietdijk
c68f58d95c Merge master into staging-next 2019-08-17 09:30:16 +02:00
Samuel Dionne-Riel
b750ebf1b3
Merge pull request #60422 from kwohlfahrt/device-tree
nixos/hardware.deviceTree: new module
2019-08-16 13:26:48 -04:00
Edmund Wu
aa251bbc3e
systemd-networkd: link: Name -> OriginalName 2019-08-15 21:58:24 -04:00
Frederik Rietdijk
8d56f2472e Merge master into staging-next 2019-08-14 13:45:54 +02:00
Aaron Andersen
6f6468bef3
Merge pull request #65728 from Infinisil/types-eithers
lib/types: Add oneOf, extension of either to a list of types
2019-08-13 11:48:42 -04:00
Matthew Bauer
ddf38a8241
Merge pull request #65002 from matthewbauer/binfmt-wasm
Add binfmt interpreter for wasm
2019-08-09 14:04:21 -04:00
Matthieu Coudron
2da1ad60a8 boot.kernelPackages: check for conflicts
It's currently possible to set conflicting `boot.kernelPackages` several times
which can prove confusing.
This is an attempt to warn for this.
2019-08-10 02:27:52 +09:00
Silvan Mosberger
88bb9fa403
nixos/modules: Replace all nested types.either's with types.oneOf's 2019-08-08 23:35:52 +02:00
Kai Wohlfahrt
dd0a951279 nixos/hardware.deviceTree: new module
Add support for custom device-tree files, and applying overlays to them.
This is useful for supporting non-discoverable hardware, such as sensors
attached to GPIO pins on a Raspberry Pi.
2019-08-07 13:51:22 +01:00
Danylo Hlynskyi
7585496eff
Merge branch 'master' into flip-map-foreach 2019-08-05 14:09:28 +03:00
danbst
0f8596ab3f mass replace "flip map -> forEach"
See `forEach`-introduction commit.
```
rg 'flip map ' --files-with-matches | xargs sed -i 's/flip map /forEach /g'
```
2019-08-05 14:03:38 +03:00
danbst
91bb646e98 Revert "mass replace "flip map -> foreach""
This reverts commit 3b0534310c.
2019-08-05 14:01:45 +03:00
Nikolay Amiantov
717b8b3219 systemd service: remove generator-packages option
Use systemd.packages instead, it's less error prone and more in line with
what's expected.
2019-08-01 00:55:35 +03:00
Nikolay Amiantov
b458121105 stage-1 initrd: replace absolute paths for mdadm
We don't patch basename and readlink now too as they were added for
mdadm in 8ecd3a5e1d.
2019-08-01 00:55:35 +03:00
Nikolay Amiantov
a304fc5d75 systemd service: add support for shutdown packages
Shutdown hooks are executed right before the shutdown, which is useful
for some applications. Among other things this is needed for mdadm hook
to run.
2019-08-01 00:55:35 +03:00
Nikolay Amiantov
fd405dab3e systemd service: rename generator-packages 2019-08-01 00:55:35 +03:00
Domen Kožar
cfd507d581
system-boot: configurationLimit should be null as default 2019-07-23 10:20:09 +02:00
Matthew Bauer
857f7fb4af nixos/binfmt: update release notes and provide examples 2019-07-17 17:09:20 -04:00
Matthew Bauer
1acc701fdb nixos/binfmt: handle wasm binaries
This adds handling for WASM binaries to binfmt’s emulatedSystems. To
enable, add this to your configuration:

  boot.binfmt.emulatedSystems = [ "wasm32-wasi" ];

After rebuilding with nixos-rebuild switch, you can run wasm binaries
directly.
2019-07-17 17:00:46 -04:00
Nikolay Amiantov
294751a4fc
Merge pull request #62955 from abbradar/resolvconf
resolvconf service: init
2019-07-17 11:07:12 +03:00
Peter Hoeg
db858b4d30
Merge pull request #64806 from peterhoeg/f/exec
nixos/systemd: 242 supports Type = exec
2019-07-17 14:09:20 +07:00
Nikolay Amiantov
01b90dce78 resolvconf service: init
This is a refactor of how resolvconf is managed on NixOS. We split it
into a separate service which is enabled internally depending on whether
we want /etc/resolv.conf to be managed by it. Various services now take
advantage of those configuration options.

We also now use systemd instead of activation scripts to update
resolv.conf.

NetworkManager now uses the right option for rc-manager DNS
automatically, so the configuration option shouldn't be exposed.
2019-07-15 20:25:39 +03:00
Peter Hoeg
eb55dd5e6b nixos/systemd: 242 supports Type = exec 2019-07-15 20:28:26 +08:00
danbst
3b0534310c mass replace "flip map -> foreach"
See `foreach`-introduction commit.
```
rg 'flip map ' --files-with-matches | xargs sed -i 's/flip map /foreach /g'
```
2019-07-14 13:46:10 +03:00
Venkateswara Rao Mandela
7f363b034e nixos/install-grub: include child configs in grub menu
Add configs listed under the fine-tune subdirectory to the grub menu.
Use specified configuration name for the entry if available.
2019-07-11 17:38:25 +05:30
Domen Kožar
224a6562a4
Add configurationLimit to systemd-boot to prevent running out of disk space
Refs #23926
2019-06-22 20:11:11 +02:00
Matthew Bauer
2b8ea614b8
Merge pull request #63090 from NixOS/nomodeset
kernel.nix: boot.vesa implies nomodeset
2019-06-20 15:31:17 -04:00
volth
f3282c8d1e treewide: remove unused variables (#63177)
* treewide: remove unused variables

* making ofborg happy
2019-06-16 19:59:05 +00:00
Frederik Rietdijk
087b87758e Merge master into staging-next 2019-06-15 08:17:58 +02:00
Florian Klink
e0818a1530
nixos/systemd: enable systemd-tmpfiles-setup and -clean for user sessions (#62813)
nixos/systemd: enable systemd-tmpfiles-setup and -clean for user sessions
2019-06-14 22:43:15 +02:00
Wout Mertens
7938c1613d
kernel.nix: boot.vesa implies nomodeset
Without nomodeset the console is reset to 80x25 after Grub
2019-06-13 17:58:08 +02:00
Frederik Rietdijk
7184efb40a Merge master into staging-next 2019-06-12 09:22:07 +02:00
Franz Pletz
9b2ee2c057
Merge pull request #62838 from mayflower/fix/cryptsetup-kernel-crypto
cryptsetup: enable kernel crypto api support again
2019-06-12 05:05:38 +00:00
Frederik Rietdijk
e58f0f6c99 Merge master into staging-next 2019-06-10 10:35:50 +02:00
Roman Volosatovs
8e489018d3
systemd-networkd: Only generate [Match] if present 2019-06-09 19:09:10 +02:00
Frederik Rietdijk
d3afcac771 Merge master into staging-next 2019-06-09 12:28:52 +02:00
Franz Pletz
2587df7f02
cryptsetup: enable kernel crypto api support again
This is needed for tcrypt and the benchmark subcommand. If enabled,
it is also used to unlock LUKS2 volumes and therefore the kernel modules
providing this feature need to be available in our initrd.

Fixes #42163. #54019.
2019-06-07 22:15:35 +02:00
Peter Hoeg
255550e003 nixos/systemd: enable systemd-tmpfiles-setup and -clean for user sessions 2019-06-07 14:52:46 +08:00
Matthew Bauer
f8c12edfdf
Merge pull request #62333 from kampka/buildPackages-for-config-builders
Build packages for config builders
2019-06-05 14:47:16 -04:00
Vladimír Čunát
c0ccf42c69
Merge branch 'staging-next' into staging 2019-06-05 11:12:34 +02:00
Matthew Bauer
22039a182e
Merge pull request #62606 from Shados/fix-62602
nixos/grub: Add defaultText for font option
2019-06-04 14:34:13 -04:00
Andreas Rammhold
024a383d64
nixos/systemd: migrate systemd-timesync state when required
Somewhen between systemd v239 and v242 upstream decided to no longer run
a few system services with `DyanmicUser=1` but failed to provide a
migration path for all the state those services left behind.

For the case of systemd-timesync the state has to be moved from
/var/lib/private/systemd/timesync to /var/lib/systemd/timesync if
/var/lib/systemd/timesync is currently a symlink.

We only do this if the stateVersion is still below 19.09 to avoid
starting to have an ever growing activation script for (then) ancient
systemd migrations that are no longer required.

See https://github.com/systemd/systemd/issues/12131 for details about
the missing migration path and related discussion.
2019-06-03 15:05:19 +02:00