diff --git a/modules/config/i18n.nix b/modules/config/i18n.nix
index 0fb91771934..62b01c2221e 100644
--- a/modules/config/i18n.nix
+++ b/modules/config/i18n.nix
@@ -2,11 +2,20 @@
with pkgs.lib;
-###### interface
-
let
+ glibcLocales = pkgs.glibcLocales.override {
+ allLocales = any (x: x == "all") config.i18n.supportedLocales;
+ locales = config.i18n.supportedLocales;
+ };
+
+in
+
+{
+ ###### interface
+
options = {
+
i18n = {
defaultLocale = mkOption {
default = "en_US.UTF-8";
@@ -53,31 +62,26 @@ let
};
-###### implementation
- glibcLocales = pkgs.glibcLocales.override {
- allLocales = any (x: x == "all") config.i18n.supportedLocales;
- locales = config.i18n.supportedLocales;
+ ###### implementation
+
+ config = {
+
+ environment.systemPackages = [ glibcLocales ];
+
+ environment.shellInit =
+ ''
+ export LANG=${config.i18n.defaultLocale}
+ '';
+
+ # ‘/etc/locale.conf’ is used by systemd.
+ environment.etc = singleton
+ { target = "locale.conf";
+ source = pkgs.writeText "locale.conf"
+ ''
+ LANG=${config.i18n.defaultLocale}
+ '';
+ };
+
};
-
-in
-
-{
- require = options;
-
- environment.systemPackages = [ glibcLocales ];
-
- environment.shellInit =
- ''
- export LANG=${config.i18n.defaultLocale}
- '';
-
- # ‘/etc/locale.conf’ is used by systemd.
- environment.etc = singleton
- { target = "locale.conf";
- source = pkgs.writeText "locale.conf"
- ''
- LANG=${config.i18n.defaultLocale}
- '';
- };
}
diff --git a/modules/config/krb5.nix b/modules/config/krb5.nix
index 56854603264..3323046ac5b 100644
--- a/modules/config/krb5.nix
+++ b/modules/config/krb5.nix
@@ -1,12 +1,18 @@
-{pkgs, config, ...}:
+{ config, pkgs, ... }:
+
+with pkgs.lib;
-###### interface
let
- inherit (pkgs.lib) mkOption mkIf;
cfg = config.krb5;
+in
+
+{
+ ###### interface
+
options = {
+
krb5 = {
enable = mkOption {
@@ -35,171 +41,164 @@ let
};
};
+
};
-in
-###### implementation
+ ###### implementation
-mkIf config.krb5.enable {
- require = [
- options
- ];
+ config = mkIf config.krb5.enable {
- environment = {
- systemPackages = [ pkgs.krb5 ];
- etc = [
- { source = pkgs.writeText "krb5.conf"
- ''
-[libdefaults]
- default_realm = ${cfg.defaultRealm}
- encrypt = true
+ environment.systemPackages = [ pkgs.krb5 ];
-# The following krb5.conf variables are only for MIT Kerberos.
- krb4_config = /etc/krb.conf
- krb4_realms = /etc/krb.realms
- kdc_timesync = 1
- ccache_type = 4
- forwardable = true
- proxiable = true
+ environment.etc."krb5.conf".text =
+ ''
+ [libdefaults]
+ default_realm = ${cfg.defaultRealm}
+ encrypt = true
-# The following encryption type specification will be used by MIT Kerberos
-# if uncommented. In general, the defaults in the MIT Kerberos code are
-# correct and overriding these specifications only serves to disable new
-# encryption types as they are added, creating interoperability problems.
+ # The following krb5.conf variables are only for MIT Kerberos.
+ krb4_config = /etc/krb.conf
+ krb4_realms = /etc/krb.realms
+ kdc_timesync = 1
+ ccache_type = 4
+ forwardable = true
+ proxiable = true
-# default_tgs_enctypes = aes256-cts arcfour-hmac-md5 des3-hmac-sha1 des-cbc-crc des-cbc-md5
-# default_tkt_enctypes = aes256-cts arcfour-hmac-md5 des3-hmac-sha1 des-cbc-crc des-cbc-md5
-# permitted_enctypes = aes256-cts arcfour-hmac-md5 des3-hmac-sha1 des-cbc-crc des-cbc-md5
+ # The following encryption type specification will be used by MIT Kerberos
+ # if uncommented. In general, the defaults in the MIT Kerberos code are
+ # correct and overriding these specifications only serves to disable new
+ # encryption types as they are added, creating interoperability problems.
-# The following libdefaults parameters are only for Heimdal Kerberos.
- v4_instance_resolve = false
- v4_name_convert = {
- host = {
- rcmd = host
- ftp = ftp
- }
- plain = {
- something = something-else
- }
- }
- fcc-mit-ticketflags = true
+ # default_tgs_enctypes = aes256-cts arcfour-hmac-md5 des3-hmac-sha1 des-cbc-crc des-cbc-md5
+ # default_tkt_enctypes = aes256-cts arcfour-hmac-md5 des3-hmac-sha1 des-cbc-crc des-cbc-md5
+ # permitted_enctypes = aes256-cts arcfour-hmac-md5 des3-hmac-sha1 des-cbc-crc des-cbc-md5
-[realms]
- ${cfg.defaultRealm} = {
- kdc = ${cfg.kdc}
- admin_server = ${cfg.kerberosAdminServer}
-# kpasswd_server = ${cfg.kerberosAdminServer}
- }
- ATHENA.MIT.EDU = {
- kdc = kerberos.mit.edu:88
- kdc = kerberos-1.mit.edu:88
- kdc = kerberos-2.mit.edu:88
- admin_server = kerberos.mit.edu
- default_domain = mit.edu
- }
- MEDIA-LAB.MIT.EDU = {
- kdc = kerberos.media.mit.edu
- admin_server = kerberos.media.mit.edu
- }
- ZONE.MIT.EDU = {
- kdc = casio.mit.edu
- kdc = seiko.mit.edu
- admin_server = casio.mit.edu
- }
- MOOF.MIT.EDU = {
- kdc = three-headed-dogcow.mit.edu:88
- kdc = three-headed-dogcow-1.mit.edu:88
- admin_server = three-headed-dogcow.mit.edu
- }
- CSAIL.MIT.EDU = {
- kdc = kerberos-1.csail.mit.edu
- kdc = kerberos-2.csail.mit.edu
- admin_server = kerberos.csail.mit.edu
- default_domain = csail.mit.edu
- krb524_server = krb524.csail.mit.edu
- }
- IHTFP.ORG = {
- kdc = kerberos.ihtfp.org
- admin_server = kerberos.ihtfp.org
- }
- GNU.ORG = {
- kdc = kerberos.gnu.org
- kdc = kerberos-2.gnu.org
- kdc = kerberos-3.gnu.org
- admin_server = kerberos.gnu.org
- }
- 1TS.ORG = {
- kdc = kerberos.1ts.org
- admin_server = kerberos.1ts.org
- }
- GRATUITOUS.ORG = {
- kdc = kerberos.gratuitous.org
- admin_server = kerberos.gratuitous.org
- }
- DOOMCOM.ORG = {
- kdc = kerberos.doomcom.org
- admin_server = kerberos.doomcom.org
- }
- ANDREW.CMU.EDU = {
- kdc = vice28.fs.andrew.cmu.edu
- kdc = vice2.fs.andrew.cmu.edu
- kdc = vice11.fs.andrew.cmu.edu
- kdc = vice12.fs.andrew.cmu.edu
- admin_server = vice28.fs.andrew.cmu.edu
- default_domain = andrew.cmu.edu
- }
- CS.CMU.EDU = {
- kdc = kerberos.cs.cmu.edu
- kdc = kerberos-2.srv.cs.cmu.edu
- admin_server = kerberos.cs.cmu.edu
- }
- DEMENTIA.ORG = {
- kdc = kerberos.dementia.org
- kdc = kerberos2.dementia.org
- admin_server = kerberos.dementia.org
- }
- stanford.edu = {
- kdc = krb5auth1.stanford.edu
- kdc = krb5auth2.stanford.edu
- kdc = krb5auth3.stanford.edu
- admin_server = krb5-admin.stanford.edu
- default_domain = stanford.edu
- }
+ # The following libdefaults parameters are only for Heimdal Kerberos.
+ v4_instance_resolve = false
+ v4_name_convert = {
+ host = {
+ rcmd = host
+ ftp = ftp
+ }
+ plain = {
+ something = something-else
+ }
+ }
+ fcc-mit-ticketflags = true
-[domain_realm]
- .${cfg.domainRealm} = ${cfg.defaultRealm}
- ${cfg.domainRealm} = ${cfg.defaultRealm}
- .mit.edu = ATHENA.MIT.EDU
- mit.edu = ATHENA.MIT.EDU
- .media.mit.edu = MEDIA-LAB.MIT.EDU
- media.mit.edu = MEDIA-LAB.MIT.EDU
- .csail.mit.edu = CSAIL.MIT.EDU
- csail.mit.edu = CSAIL.MIT.EDU
- .whoi.edu = ATHENA.MIT.EDU
- whoi.edu = ATHENA.MIT.EDU
- .stanford.edu = stanford.edu
+ [realms]
+ ${cfg.defaultRealm} = {
+ kdc = ${cfg.kdc}
+ admin_server = ${cfg.kerberosAdminServer}
+ #kpasswd_server = ${cfg.kerberosAdminServer}
+ }
+ ATHENA.MIT.EDU = {
+ kdc = kerberos.mit.edu:88
+ kdc = kerberos-1.mit.edu:88
+ kdc = kerberos-2.mit.edu:88
+ admin_server = kerberos.mit.edu
+ default_domain = mit.edu
+ }
+ MEDIA-LAB.MIT.EDU = {
+ kdc = kerberos.media.mit.edu
+ admin_server = kerberos.media.mit.edu
+ }
+ ZONE.MIT.EDU = {
+ kdc = casio.mit.edu
+ kdc = seiko.mit.edu
+ admin_server = casio.mit.edu
+ }
+ MOOF.MIT.EDU = {
+ kdc = three-headed-dogcow.mit.edu:88
+ kdc = three-headed-dogcow-1.mit.edu:88
+ admin_server = three-headed-dogcow.mit.edu
+ }
+ CSAIL.MIT.EDU = {
+ kdc = kerberos-1.csail.mit.edu
+ kdc = kerberos-2.csail.mit.edu
+ admin_server = kerberos.csail.mit.edu
+ default_domain = csail.mit.edu
+ krb524_server = krb524.csail.mit.edu
+ }
+ IHTFP.ORG = {
+ kdc = kerberos.ihtfp.org
+ admin_server = kerberos.ihtfp.org
+ }
+ GNU.ORG = {
+ kdc = kerberos.gnu.org
+ kdc = kerberos-2.gnu.org
+ kdc = kerberos-3.gnu.org
+ admin_server = kerberos.gnu.org
+ }
+ 1TS.ORG = {
+ kdc = kerberos.1ts.org
+ admin_server = kerberos.1ts.org
+ }
+ GRATUITOUS.ORG = {
+ kdc = kerberos.gratuitous.org
+ admin_server = kerberos.gratuitous.org
+ }
+ DOOMCOM.ORG = {
+ kdc = kerberos.doomcom.org
+ admin_server = kerberos.doomcom.org
+ }
+ ANDREW.CMU.EDU = {
+ kdc = vice28.fs.andrew.cmu.edu
+ kdc = vice2.fs.andrew.cmu.edu
+ kdc = vice11.fs.andrew.cmu.edu
+ kdc = vice12.fs.andrew.cmu.edu
+ admin_server = vice28.fs.andrew.cmu.edu
+ default_domain = andrew.cmu.edu
+ }
+ CS.CMU.EDU = {
+ kdc = kerberos.cs.cmu.edu
+ kdc = kerberos-2.srv.cs.cmu.edu
+ admin_server = kerberos.cs.cmu.edu
+ }
+ DEMENTIA.ORG = {
+ kdc = kerberos.dementia.org
+ kdc = kerberos2.dementia.org
+ admin_server = kerberos.dementia.org
+ }
+ stanford.edu = {
+ kdc = krb5auth1.stanford.edu
+ kdc = krb5auth2.stanford.edu
+ kdc = krb5auth3.stanford.edu
+ admin_server = krb5-admin.stanford.edu
+ default_domain = stanford.edu
+ }
-[logging]
- kdc = SYSLOG:INFO:DAEMON
- admin_server = SYSLOG:INFO:DAEMON
- default = SYSLOG:INFO:DAEMON
- krb4_convert = true
- krb4_get_tickets = false
+ [domain_realm]
+ .${cfg.domainRealm} = ${cfg.defaultRealm}
+ ${cfg.domainRealm} = ${cfg.defaultRealm}
+ .mit.edu = ATHENA.MIT.EDU
+ mit.edu = ATHENA.MIT.EDU
+ .media.mit.edu = MEDIA-LAB.MIT.EDU
+ media.mit.edu = MEDIA-LAB.MIT.EDU
+ .csail.mit.edu = CSAIL.MIT.EDU
+ csail.mit.edu = CSAIL.MIT.EDU
+ .whoi.edu = ATHENA.MIT.EDU
+ whoi.edu = ATHENA.MIT.EDU
+ .stanford.edu = stanford.edu
+ [logging]
+ kdc = SYSLOG:INFO:DAEMON
+ admin_server = SYSLOG:INFO:DAEMON
+ default = SYSLOG:INFO:DAEMON
+ krb4_convert = true
+ krb4_get_tickets = false
+
+ [appdefaults]
+ pam = {
+ debug = false
+ ticket_lifetime = 36000
+ renew_lifetime = 36000
+ max_timeout = 30
+ timeout_shift = 2
+ initial_timeout = 1
+ }
+ '';
-[appdefaults]
- pam = {
- debug = false
- ticket_lifetime = 36000
- renew_lifetime = 36000
- max_timeout = 30
- timeout_shift = 2
- initial_timeout = 1
- }
- '';
- target = "krb5.conf";
- }
- ];
};
}
diff --git a/modules/config/ldap.nix b/modules/config/ldap.nix
index 955d28514ea..113f5d8bcbd 100644
--- a/modules/config/ldap.nix
+++ b/modules/config/ldap.nix
@@ -1,150 +1,12 @@
-{pkgs, config, ...}:
+{ config, pkgs, ... }:
with pkgs.lib;
with pkgs;
-###### interface
let
- inherit mkOption mkIf optionalString stringAfter singleton;
cfg = config.users.ldap;
- options = {
- users = {
- ldap = {
-
- enable = mkOption {
- default = false;
- description = "
- Whether to enable authentication against an LDAP server.
- ";
- };
-
- server = mkOption {
- example = "ldap://ldap.example.org/";
- description = "
- The URL of the LDAP server.
- ";
- };
-
- base = mkOption {
- example = "dc=example,dc=org";
- description = "
- The distinguished name of the search base.
- ";
- };
-
- useTLS = mkOption {
- default = false;
- description = "
- If enabled, use TLS (encryption) over an LDAP (port 389)
- connection. The alternative is to specify an LDAPS server (port
- 636) in or to forego
- security.
- ";
- };
-
- timeLimit = mkOption {
- default = 0;
- type = types.int;
- description = "
- Specifies the time limit (in seconds) to use when performing
- searches. A value of zero (0), which is the default, is to
- wait indefinitely for searches to be completed.
- ";
- };
-
- daemon = {
- enable = mkOption {
- default = false;
- description = ''
- Whether to let the nslcd daemon (nss-pam-ldapd) handle the
- LDAP lookups for NSS and PAM. This can improve performance,
- and if you need to bind to the LDAP server with a password,
- it increases security, since only the nslcd user needs to
- have access to the bindpw file, not everyone that uses NSS
- and/or PAM. If this option is enabled, a local nscd user is
- created automatically, and the nslcd service is started
- automatically when the network get up.
- '';
- };
-
- extraConfig = mkOption {
- default = "";
- type = types.string;
- description = ''
- Extra configuration options that will be added verbatim at
- the end of the nslcd configuration file (nslcd.conf).
- '' ;
- } ;
- };
-
- bind = {
- distinguishedName = mkOption {
- default = "";
- example = "cn=admin,dc=example,dc=com";
- type = types.string;
- description = "
- The distinguished name to bind to the LDAP server with. If this
- is not specified, an anonymous bind will be done.
- ";
- };
-
- password = mkOption {
- default = "/etc/ldap/bind.password";
- type = types.string;
- description = "
- The path to a file containing the credentials to use when binding
- to the LDAP server (if not binding anonymously).
- ";
- };
-
- timeLimit = mkOption {
- default = 30;
- type = types.int;
- description = "
- Specifies the time limit (in seconds) to use when connecting
- to the directory server. This is distinct from the time limit
- specified in users.ldap.timeLimit and affects
- the initial server connection only.
- ";
- };
-
- policy = mkOption {
- default = "hard_open";
- type = types.string;
- description = "
- Specifies the policy to use for reconnecting to an unavailable
- LDAP server. The default is hard_open, which
- reconnects if opening the connection to the directory server
- failed. By contrast, hard_init reconnects if
- initializing the connection failed. Initializing may not
- actually contact the directory server, and it is possible that
- a malformed configuration file will trigger reconnection. If
- soft is specified, then
- nss_ldap will return immediately on server
- failure. All hard reconnect policies block with exponential
- backoff before retrying.
- ";
- };
- };
-
- extraConfig = mkOption {
- default = "" ;
- type = types.string ;
- description = ''
- Extra configuration options that will be added verbatim at
- the end of the ldap configuration file (ldap.conf).
- If users.ldap.daemon is enabled, this
- configuration will not be used. In that case, use
- users.ldap.daemon.extraConfig instead.
- '' ;
- };
-
- };
- };
- };
-
# Careful: OpenLDAP seems to be very picky about the indentation of
# this file. Directives HAVE to start in the first column!
ldapConfig = {
@@ -186,63 +48,199 @@ let
in
-###### implementation
-mkIf cfg.enable {
- require = [
- options
- ];
+{
- environment.etc = if cfg.daemon.enable then [nslcdConfig] else [ldapConfig];
+ ###### interface
- system.activationScripts = mkIf insertLdapPassword {
- ldap = stringAfter [ "etc" "groups" "users" ] ''
- if test -f "${cfg.bind.password}" ; then
- echo "bindpw "$(cat ${cfg.bind.password})"" | cat ${ldapConfig} - > /etc/ldap.conf.bindpw
- mv -fT /etc/ldap.conf.bindpw /etc/ldap.conf
- chmod 600 /etc/ldap.conf
- fi
- '';
- };
+ options = {
- system.nssModules = singleton (
- if cfg.daemon.enable then nss_pam_ldapd else nss_ldap
- );
+ users.ldap = {
+
+ enable = mkOption {
+ default = false;
+ description = "Whether to enable authentication against an LDAP server.";
+ };
+
+ server = mkOption {
+ example = "ldap://ldap.example.org/";
+ description = "The URL of the LDAP server.";
+ };
+
+ base = mkOption {
+ example = "dc=example,dc=org";
+ description = "The distinguished name of the search base.";
+ };
+
+ useTLS = mkOption {
+ default = false;
+ description = ''
+ If enabled, use TLS (encryption) over an LDAP (port 389)
+ connection. The alternative is to specify an LDAPS server (port
+ 636) in or to forego
+ security.
+ '';
+ };
+
+ timeLimit = mkOption {
+ default = 0;
+ type = types.int;
+ description = ''
+ Specifies the time limit (in seconds) to use when performing
+ searches. A value of zero (0), which is the default, is to
+ wait indefinitely for searches to be completed.
+ '';
+ };
+
+ daemon = {
+ enable = mkOption {
+ default = false;
+ description = ''
+ Whether to let the nslcd daemon (nss-pam-ldapd) handle the
+ LDAP lookups for NSS and PAM. This can improve performance,
+ and if you need to bind to the LDAP server with a password,
+ it increases security, since only the nslcd user needs to
+ have access to the bindpw file, not everyone that uses NSS
+ and/or PAM. If this option is enabled, a local nscd user is
+ created automatically, and the nslcd service is started
+ automatically when the network get up.
+ '';
+ };
+
+ extraConfig = mkOption {
+ default = "";
+ type = types.string;
+ description = ''
+ Extra configuration options that will be added verbatim at
+ the end of the nslcd configuration file (nslcd.conf).
+ '' ;
+ } ;
+ };
+
+ bind = {
+ distinguishedName = mkOption {
+ default = "";
+ example = "cn=admin,dc=example,dc=com";
+ type = types.string;
+ description = ''
+ The distinguished name to bind to the LDAP server with. If this
+ is not specified, an anonymous bind will be done.
+ '';
+ };
+
+ password = mkOption {
+ default = "/etc/ldap/bind.password";
+ type = types.string;
+ description = ''
+ The path to a file containing the credentials to use when binding
+ to the LDAP server (if not binding anonymously).
+ '';
+ };
+
+ timeLimit = mkOption {
+ default = 30;
+ type = types.int;
+ description = ''
+ Specifies the time limit (in seconds) to use when connecting
+ to the directory server. This is distinct from the time limit
+ specified in users.ldap.timeLimit and affects
+ the initial server connection only.
+ '';
+ };
+
+ policy = mkOption {
+ default = "hard_open";
+ type = types.string;
+ description = ''
+ Specifies the policy to use for reconnecting to an unavailable
+ LDAP server. The default is hard_open, which
+ reconnects if opening the connection to the directory server
+ failed. By contrast, hard_init reconnects if
+ initializing the connection failed. Initializing may not
+ actually contact the directory server, and it is possible that
+ a malformed configuration file will trigger reconnection. If
+ soft is specified, then
+ nss_ldap will return immediately on server
+ failure. All hard reconnect policies block with exponential
+ backoff before retrying.
+ '';
+ };
+ };
+
+ extraConfig = mkOption {
+ default = "";
+ type = types.string;
+ description = ''
+ Extra configuration options that will be added verbatim at
+ the end of the ldap configuration file (ldap.conf).
+ If users.ldap.daemon is enabled, this
+ configuration will not be used. In that case, use
+ users.ldap.daemon.extraConfig instead.
+ '' ;
+ };
- users = mkIf cfg.daemon.enable {
- extraGroups.nslcd = {
- gid = config.ids.gids.nslcd;
};
- extraUsers.nslcd = {
- uid = config.ids.uids.nslcd;
- description = "nslcd user.";
- group = "nslcd";
- };
};
- systemd.services = mkIf cfg.daemon.enable {
- nslcd = {
- wantedBy = [ "nss-user-lookup.target" ];
- before = [ "nss-user-lookup.target" ];
- after = [ "network.target" ];
+ ###### implementation
- preStart = ''
- mkdir -p /run/nslcd
- rm -f /run/nslcd/nslcd.pid;
- chown nslcd.nslcd /run/nslcd
- ${optionalString (cfg.bind.distinguishedName != "") ''
- if test -s "${cfg.bind.password}" ; then
- ln -sfT "${cfg.bind.password}" /run/nslcd/bindpw
- fi
- ''}
+ config = mkIf cfg.enable {
+
+ environment.etc = if cfg.daemon.enable then [nslcdConfig] else [ldapConfig];
+
+ system.activationScripts = mkIf insertLdapPassword {
+ ldap = stringAfter [ "etc" "groups" "users" ] ''
+ if test -f "${cfg.bind.password}" ; then
+ echo "bindpw "$(cat ${cfg.bind.password})"" | cat ${ldapConfig} - > /etc/ldap.conf.bindpw
+ mv -fT /etc/ldap.conf.bindpw /etc/ldap.conf
+ chmod 600 /etc/ldap.conf
+ fi
'';
+ };
- serviceConfig = {
- ExecStart = "${nss_pam_ldapd}/sbin/nslcd";
- Type = "forking";
- PIDFile = "/run/nslcd/nslcd.pid";
- Restart = "always";
+ system.nssModules = singleton (
+ if cfg.daemon.enable then nss_pam_ldapd else nss_ldap
+ );
+
+ users = mkIf cfg.daemon.enable {
+ extraGroups.nslcd = {
+ gid = config.ids.gids.nslcd;
+ };
+
+ extraUsers.nslcd = {
+ uid = config.ids.uids.nslcd;
+ description = "nslcd user.";
+ group = "nslcd";
};
};
+
+ systemd.services = mkIf cfg.daemon.enable {
+
+ nslcd = {
+ wantedBy = [ "nss-user-lookup.target" ];
+ before = [ "nss-user-lookup.target" ];
+ after = [ "network.target" ];
+
+ preStart = ''
+ mkdir -p /run/nslcd
+ rm -f /run/nslcd/nslcd.pid;
+ chown nslcd.nslcd /run/nslcd
+ ${optionalString (cfg.bind.distinguishedName != "") ''
+ if test -s "${cfg.bind.password}" ; then
+ ln -sfT "${cfg.bind.password}" /run/nslcd/bindpw
+ fi
+ ''}
+ '';
+
+ serviceConfig = {
+ ExecStart = "${nss_pam_ldapd}/sbin/nslcd";
+ Type = "forking";
+ PIDFile = "/run/nslcd/nslcd.pid";
+ Restart = "always";
+ };
+ };
+
+ };
+
};
}
diff --git a/modules/config/networking.nix b/modules/config/networking.nix
index 799d97a089f..f1bdfd01b24 100644
--- a/modules/config/networking.nix
+++ b/modules/config/networking.nix
@@ -1,6 +1,6 @@
# /etc files related to networking, such as /etc/services.
-{config, pkgs, ...}:
+{ config, pkgs, ... }:
with pkgs.lib;
@@ -8,6 +8,10 @@ let
cfg = config.networking;
+in
+
+{
+
options = {
networking.extraHosts = pkgs.lib.mkOption {
@@ -32,53 +36,53 @@ let
};
-in
+ config = {
-{
- require = [options];
+ environment.etc =
+ { # /etc/services: TCP/UDP port assignments.
+ "services".source = pkgs.iana_etc + "/etc/services";
- environment.etc =
- { # /etc/services: TCP/UDP port assignments.
- "services".source = pkgs.iana_etc + "/etc/services";
+ # /etc/protocols: IP protocol numbers.
+ "protocols".source = pkgs.iana_etc + "/etc/protocols";
- # /etc/protocols: IP protocol numbers.
- "protocols".source = pkgs.iana_etc + "/etc/protocols";
+ # /etc/rpc: RPC program numbers.
+ "rpc".source = pkgs.glibc + "/etc/rpc";
- # /etc/rpc: RPC program numbers.
- "rpc".source = pkgs.glibc + "/etc/rpc";
-
- # /etc/hosts: Hostname-to-IP mappings.
- "hosts".text =
- ''
- 127.0.0.1 localhost
- ${optionalString cfg.enableIPv6 ''
- ::1 localhost
- ''}
- ${cfg.extraHosts}
- '';
-
- # /etc/resolvconf.conf: Configuration for openresolv.
- "resolvconf.conf".text =
+ # /etc/hosts: Hostname-to-IP mappings.
+ "hosts".text =
''
- # This is the default, but we must set it here to prevent
- # a collision with an apparently unrelated environment
- # variable with the same name exported by dhcpcd.
- interface_order='lo lo[0-9]*'
- '' + optionalString config.services.nscd.enable ''
- # Invalidate the nscd cache whenever resolv.conf is
- # regenerated.
- libc_restart='${pkgs.systemd}/bin/systemctl try-restart --no-block nscd.service'
- '' + optionalString cfg.dnsSingleRequest ''
- # only send one DNS request at a time
- resolv_conf_options='single-request'
- '' + optionalString config.services.bind.enable ''
- # This hosts runs a full-blown DNS resolver.
- name_servers='127.0.0.1'
+ 127.0.0.1 localhost
+ ${optionalString cfg.enableIPv6 ''
+ ::1 localhost
+ ''}
+ ${cfg.extraHosts}
'';
- };
- # The ‘ip-up’ target is started when we have IP connectivity. So
- # services that depend on IP connectivity (like ntpd) should be
- # pulled in by this target.
- systemd.targets.ip-up.description = "Services Requiring IP Connectivity";
+ # /etc/resolvconf.conf: Configuration for openresolv.
+ "resolvconf.conf".text =
+ ''
+ # This is the default, but we must set it here to prevent
+ # a collision with an apparently unrelated environment
+ # variable with the same name exported by dhcpcd.
+ interface_order='lo lo[0-9]*'
+ '' + optionalString config.services.nscd.enable ''
+ # Invalidate the nscd cache whenever resolv.conf is
+ # regenerated.
+ libc_restart='${pkgs.systemd}/bin/systemctl try-restart --no-block nscd.service'
+ '' + optionalString cfg.dnsSingleRequest ''
+ # only send one DNS request at a time
+ resolv_conf_options='single-request'
+ '' + optionalString config.services.bind.enable ''
+ # This hosts runs a full-blown DNS resolver.
+ name_servers='127.0.0.1'
+ '';
+ };
+
+ # The ‘ip-up’ target is started when we have IP connectivity. So
+ # services that depend on IP connectivity (like ntpd) should be
+ # pulled in by this target.
+ systemd.targets.ip-up.description = "Services Requiring IP Connectivity";
+
+ };
+
}
diff --git a/modules/config/nsswitch.nix b/modules/config/nsswitch.nix
index 7e989c163e3..0a922756bf9 100644
--- a/modules/config/nsswitch.nix
+++ b/modules/config/nsswitch.nix
@@ -6,17 +6,22 @@ with pkgs.lib;
let
+ inherit (config.services.avahi) nssmdns;
+
+in
+
+{
options = {
# NSS modules. Hacky!
system.nssModules = mkOption {
internal = true;
default = [];
- description = "
+ description = ''
Search path for NSS (Name Service Switch) modules. This allows
several DNS resolution methods to be specified via
/etc/nsswitch.conf.
- ";
+ '';
merge = mergeListOption;
apply = list:
{
@@ -27,34 +32,31 @@ let
};
- inherit (config.services.avahi) nssmdns;
+ config = {
-in
+ environment.etc =
+ [ # Name Service Switch configuration file. Required by the C library.
+ # !!! Factor out the mdns stuff. The avahi module should define
+ # an option used by this module.
+ { source = pkgs.writeText "nsswitch.conf"
+ ''
+ passwd: files ldap
+ group: files ldap
+ shadow: files ldap
+ hosts: files ${optionalString nssmdns "mdns_minimal [NOTFOUND=return]"} dns ${optionalString nssmdns "mdns"} myhostname
+ networks: files dns
+ ethers: files
+ services: files
+ protocols: files
+ '';
+ target = "nsswitch.conf";
+ }
+ ];
-{
- require = [ options ];
+ # Use nss-myhostname to ensure that our hostname always resolves to
+ # a valid IP address. It returns all locally configured IP
+ # addresses, or ::1 and 127.0.0.2 as fallbacks.
+ system.nssModules = [ pkgs.systemd ];
- environment.etc =
- [ # Name Service Switch configuration file. Required by the C library.
- # !!! Factor out the mdns stuff. The avahi module should define
- # an option used by this module.
- { source = pkgs.writeText "nsswitch.conf"
- ''
- passwd: files ldap
- group: files ldap
- shadow: files ldap
- hosts: files ${optionalString nssmdns "mdns_minimal [NOTFOUND=return]"} dns ${optionalString nssmdns "mdns"} myhostname
- networks: files dns
- ethers: files
- services: files
- protocols: files
- '';
- target = "nsswitch.conf";
- }
- ];
-
- # Use nss-myhostname to ensure that our hostname always resolves to
- # a valid IP address. It returns all locally configured IP
- # addresses, or ::1 and 127.0.0.2 as fallbacks.
- system.nssModules = [ pkgs.systemd ];
+ };
}
diff --git a/modules/config/system-path.nix b/modules/config/system-path.nix
index 6e73118fe08..e65be03afac 100644
--- a/modules/config/system-path.nix
+++ b/modules/config/system-path.nix
@@ -54,7 +54,9 @@ let
extraManpages
];
+in
+{
options = {
environment = {
@@ -78,9 +80,7 @@ let
# to work.
default = [];
example = ["/"];
- description = "
- Lists directories to be symlinked in `/run/current-system/sw'.
- ";
+ description = "List of directories to be symlinked in `/run/current-system/sw'.";
};
};
@@ -120,24 +120,23 @@ let
};
+ config = {
-in
+ environment.systemPackages = requiredPackages;
-{
- require = [ options ];
+ environment.pathsToLink =
+ [ "/bin"
+ "/etc/xdg"
+ "/info"
+ "/lib"
+ "/man"
+ "/sbin"
+ "/share/emacs"
+ "/share/org"
+ "/share/info"
+ "/share/terminfo"
+ "/share/man"
+ ];
- environment.systemPackages = requiredPackages;
- environment.pathsToLink = [
- "/bin"
- "/etc/xdg"
- "/info"
- "/lib"
- "/man"
- "/sbin"
- "/share/emacs"
- "/share/org"
- "/share/info"
- "/share/terminfo"
- "/share/man"
- ];
+ };
}
diff --git a/modules/config/unix-odbc-drivers.nix b/modules/config/unix-odbc-drivers.nix
index 8950898e1dd..0f608469058 100644
--- a/modules/config/unix-odbc-drivers.nix
+++ b/modules/config/unix-odbc-drivers.nix
@@ -1,43 +1,34 @@
-{pkgs, config, ...}:
-
-###### interface
-let
- inherit (pkgs.lib) mkOption mkIf;
-
- options = {
- environment = {
- unixODBCDrivers = mkOption {
- default = [];
- example = "map (x : x.ini) (with pkgs.unixODBCDrivers; [ mysql psql psqlng ] )";
- description = ''
- specifies unix odbc drivers to be registered at /etc/odbcinst.ini.
- Maybe you also want to add pkgs.unixODBC to the system path to get a
- command line client t connnect to odbc databases.
- '';
- };
- };
- };
-in
-
-###### implementation
+{ config, pkgs, ... }:
+with pkgs.lib;
# unixODBC drivers (this solution is not perfect.. Because the user has to
# ask the admin to add a driver.. but it's simple and works
-mkIf (config.environment.unixODBCDrivers != []) {
+{
+ ###### interface
- require = [
- options
- ];
-
- environment = {
- etc = [
- { source =
- let inis = config.environment.unixODBCDrivers;
- in pkgs.writeText "odbcinst.ini" (pkgs.lib.concatStringsSep "\n" inis);
- target = "odbcinst.ini";
- }
- ];
+ options = {
+ environment.unixODBCDrivers = mkOption {
+ default = [];
+ example = literalExample "map (x : x.ini) (with pkgs.unixODBCDrivers; [ mysql psql psqlng ] )";
+ description = ''
+ Specifies Unix ODBC drivers to be registered in
+ /etc/odbcinst.ini. You may also want to
+ add pkgs.unixODBC to the system path to get
+ a command line client to connnect to ODBC databases.
+ '';
+ };
};
+
+ ###### implementation
+
+ config = mkIf (config.environment.unixODBCDrivers != []) {
+
+ environment.etc."odbcinst.ini".text =
+ let inis = config.environment.unixODBCDrivers;
+ in pkgs.lib.concatStringsSep "\n" inis;
+
+ };
+
}
diff --git a/modules/hardware/pcmcia.nix b/modules/hardware/pcmcia.nix
index 0ab5e35ea80..0dba59734ca 100644
--- a/modules/hardware/pcmcia.nix
+++ b/modules/hardware/pcmcia.nix
@@ -1,61 +1,59 @@
-{pkgs, config, ...}:
+{ config, pkgs, ... }:
+
+with pkgs.lib;
-###### interface
let
- inherit (pkgs.lib) mkOption
- mergeEnableOption mergeListOption;
-
- options = {
- hardware = {
- pcmcia = {
- enable = mkOption {
- default = false;
- merge = mergeEnableOption;
- description = ''
- Enable this option to support PCMCIA card.
- '';
- };
-
- firmware = mkOption {
- default = [];
- merge = mergeListOption;
- description = ''
- List of firmware used to handle specific PCMCIA card.
- '';
- };
-
- config = mkOption {
- default = null;
- description = ''
- Path to the configuration file which map the memory, irq
- and ports used by the PCMCIA hardware.
- '';
- };
- };
- };
- };
-in
-
-###### implementation
-let
- inherit (pkgs.lib) mkIf;
pcmciaUtils = pkgs.pcmciaUtils.passthru.function {
inherit (config.hardware.pcmcia) firmware config;
};
+
in
-mkIf config.hardware.pcmcia.enable {
- require = [
- # ../upstart-jobs/udev.nix
- # ? # config.environment.extraPackages
- options
- ];
+{
+ ###### interface
- boot.kernelModules = [ "pcmcia" ];
+ options = {
- services.udev.packages = [ pcmciaUtils ];
+ hardware.pcmcia = {
+ enable = mkOption {
+ default = false;
+ merge = mergeEnableOption;
+ description = ''
+ Enable this option to support PCMCIA card.
+ '';
+ };
+
+ firmware = mkOption {
+ default = [];
+ merge = mergeListOption;
+ description = ''
+ List of firmware used to handle specific PCMCIA card.
+ '';
+ };
+
+ config = mkOption {
+ default = null;
+ description = ''
+ Path to the configuration file which map the memory, irq
+ and ports used by the PCMCIA hardware.
+ '';
+ };
+ };
+
+ };
+
+ ###### implementation
+
+ config = mkIf config.hardware.pcmcia.enable {
+
+ boot.kernelModules = [ "pcmcia" ];
+
+ services.udev.packages = [ pcmciaUtils ];
+
+ environment.systemPackages = [ pcmciaUtils ];
+
+ };
- environment.systemPackages = [ pcmciaUtils ];
}
diff --git a/modules/installer/cd-dvd/installation-cd-base.nix b/modules/installer/cd-dvd/installation-cd-base.nix
index 5c67c8e2a9d..31f803bac32 100644
--- a/modules/installer/cd-dvd/installation-cd-base.nix
+++ b/modules/installer/cd-dvd/installation-cd-base.nix
@@ -6,7 +6,7 @@
with pkgs.lib;
{
- require =
+ imports =
[ ./memtest.nix
./channel.nix
./iso-image.nix
diff --git a/modules/installer/cd-dvd/installation-cd-efi.nix b/modules/installer/cd-dvd/installation-cd-efi.nix
index d018d6aeaa7..4c15fc76584 100644
--- a/modules/installer/cd-dvd/installation-cd-efi.nix
+++ b/modules/installer/cd-dvd/installation-cd-efi.nix
@@ -1,7 +1,7 @@
{ config, pkgs, ... }:
{
- require = [ ./installation-cd-minimal.nix ];
+ imports = [ ./installation-cd-minimal.nix ];
boot.kernelPackages = pkgs.linuxPackages_3_9;
boot.vesa = false;
diff --git a/modules/installer/cd-dvd/installation-cd-graphical.nix b/modules/installer/cd-dvd/installation-cd-graphical.nix
index 2d3ef844f27..debf3e7db90 100644
--- a/modules/installer/cd-dvd/installation-cd-graphical.nix
+++ b/modules/installer/cd-dvd/installation-cd-graphical.nix
@@ -6,10 +6,7 @@
with pkgs.lib;
{
- require = [
- ./installation-cd-base.nix
- ../../profiles/graphical.nix
- ];
+ imports = [ ./installation-cd-base.nix ../../profiles/graphical.nix ];
# Provide wicd for easy wireless configuration.
#networking.wicd.enable = true;
diff --git a/modules/installer/cd-dvd/installation-cd-minimal-new-kernel.nix b/modules/installer/cd-dvd/installation-cd-minimal-new-kernel.nix
index eb4af233c3e..38d02ffd162 100644
--- a/modules/installer/cd-dvd/installation-cd-minimal-new-kernel.nix
+++ b/modules/installer/cd-dvd/installation-cd-minimal-new-kernel.nix
@@ -1,7 +1,7 @@
{ config, pkgs, ... }:
{
- require = [ ./installation-cd-minimal.nix ];
+ imports = [ ./installation-cd-minimal.nix ];
boot.kernelPackages = pkgs.linuxPackages_3_10;
boot.vesa = false;
diff --git a/modules/installer/cd-dvd/installation-cd-minimal.nix b/modules/installer/cd-dvd/installation-cd-minimal.nix
index f568f2462a0..a7498906a86 100644
--- a/modules/installer/cd-dvd/installation-cd-minimal.nix
+++ b/modules/installer/cd-dvd/installation-cd-minimal.nix
@@ -4,7 +4,7 @@
{ config, pkgs, ... }:
{
- require =
+ imports =
[ ./installation-cd-base.nix
../../profiles/minimal.nix
];
diff --git a/modules/installer/cd-dvd/installation-cd-new-kernel.nix b/modules/installer/cd-dvd/installation-cd-new-kernel.nix
index 058e7ffc899..93bcbf00b25 100644
--- a/modules/installer/cd-dvd/installation-cd-new-kernel.nix
+++ b/modules/installer/cd-dvd/installation-cd-new-kernel.nix
@@ -1,7 +1,7 @@
{ config, pkgs, ... }:
{
- require = [ ./installation-cd-graphical.nix ];
+ imports = [ ./installation-cd-graphical.nix ];
boot.kernelPackages = pkgs.linuxPackages_3_10;
boot.vesa = false;
diff --git a/modules/installer/cd-dvd/iso-image.nix b/modules/installer/cd-dvd/iso-image.nix
index 96a4d411d0b..fdc8e6a6f9f 100644
--- a/modules/installer/cd-dvd/iso-image.nix
+++ b/modules/installer/cd-dvd/iso-image.nix
@@ -8,6 +8,79 @@ with pkgs.lib;
let
+ # The Grub image.
+ grubImage = pkgs.runCommand "grub_eltorito" {}
+ ''
+ ${pkgs.grub2}/bin/grub-mkimage -O i386-pc -o tmp biosdisk iso9660 help linux linux16 chain png jpeg echo gfxmenu reboot
+ cat ${pkgs.grub2}/lib/grub/*/cdboot.img tmp > $out
+ ''; # */
+
+
+ # The configuration file for Grub.
+ grubCfg =
+ ''
+ set default=${builtins.toString config.boot.loader.grub.default}
+ set timeout=${builtins.toString config.boot.loader.grub.timeout}
+
+ if loadfont /boot/grub/unicode.pf2; then
+ set gfxmode=640x480
+ insmod gfxterm
+ insmod vbe
+ terminal_output gfxterm
+
+ insmod png
+ if background_image /boot/grub/splash.png; then
+ set color_normal=white/black
+ set color_highlight=black/white
+ else
+ set menu_color_normal=cyan/blue
+ set menu_color_highlight=white/blue
+ fi
+
+ fi
+
+ ${config.boot.loader.grub.extraEntries}
+ '';
+
+
+ # The efi boot image
+ efiImg = pkgs.runCommand "efi-image_eltorito" {}
+ ''
+ #Let's hope 10M is enough
+ dd bs=2048 count=5120 if=/dev/zero of="$out"
+ ${pkgs.dosfstools}/sbin/mkfs.vfat "$out"
+ ${pkgs.mtools}/bin/mmd -i "$out" efi
+ ${pkgs.mtools}/bin/mmd -i "$out" efi/boot
+ ${pkgs.mtools}/bin/mmd -i "$out" efi/nixos
+ ${pkgs.mtools}/bin/mmd -i "$out" loader
+ ${pkgs.mtools}/bin/mmd -i "$out" loader/entries
+ ${pkgs.mtools}/bin/mcopy -v -i "$out" \
+ ${pkgs.gummiboot}/lib/gummiboot/gummiboot${targetArch}.efi \
+ ::efi/boot/boot${targetArch}.efi
+ ${pkgs.mtools}/bin/mcopy -v -i "$out" \
+ ${config.boot.kernelPackages.kernel + "/bzImage"} ::bzImage
+ ${pkgs.mtools}/bin/mcopy -v -i "$out" \
+ ${config.system.build.initialRamdisk + "/initrd"} ::efi/nixos/initrd
+ echo "title NixOS LiveCD" > boot-params
+ echo "linux /bzImage" >> boot-params
+ echo "initrd /efi/nixos/initrd" >> boot-params
+ echo "options init=${config.system.build.toplevel}/init ${toString config.boot.kernelParams}" >> boot-params
+ ${pkgs.mtools}/bin/mcopy -v -i "$out" boot-params ::loader/entries/nixos-livecd.conf
+ echo "default nixos-livecd" > boot-params
+ echo "timeout 5" >> boot-params
+ ${pkgs.mtools}/bin/mcopy -v -i "$out" boot-params ::loader/loader.conf
+ '';
+
+ targetArch = if pkgs.stdenv.isi686 then
+ "ia32"
+ else if pkgs.stdenv.isx86_64 then
+ "x64"
+ else
+ throw "Unsupported architecture";
+
+in
+
+{
options = {
isoImage.isoName = mkOption {
@@ -84,228 +157,157 @@ let
};
- # The Grub image.
- grubImage = pkgs.runCommand "grub_eltorito" {}
- ''
- ${pkgs.grub2}/bin/grub-mkimage -O i386-pc -o tmp biosdisk iso9660 help linux linux16 chain png jpeg echo gfxmenu reboot
- cat ${pkgs.grub2}/lib/grub/*/cdboot.img tmp > $out
- ''; # */
+ config = {
+ boot.loader.grub.version = 2;
- # The configuration file for Grub.
- grubCfg =
- ''
- set default=${builtins.toString config.boot.loader.grub.default}
- set timeout=${builtins.toString config.boot.loader.grub.timeout}
+ # Don't build the GRUB menu builder script, since we don't need it
+ # here and it causes a cyclic dependency.
+ boot.loader.grub.enable = false;
- if loadfont /boot/grub/unicode.pf2; then
- set gfxmode=640x480
- insmod gfxterm
- insmod vbe
- terminal_output gfxterm
+ # !!! Hack - attributes expected by other modules.
+ system.boot.loader.kernelFile = "bzImage";
+ environment.systemPackages = [ pkgs.grub2 ];
- insmod png
- if background_image /boot/grub/splash.png; then
- set color_normal=white/black
- set color_highlight=black/white
- else
- set menu_color_normal=cyan/blue
- set menu_color_highlight=white/blue
- fi
+ # In stage 1 of the boot, mount the CD as the root FS by label so
+ # that we don't need to know its device. We pass the label of the
+ # root filesystem on the kernel command line, rather than in
+ # `fileSystems' below. This allows CD-to-USB converters such as
+ # UNetbootin to rewrite the kernel command line to pass the label or
+ # UUID of the USB stick. It would be nicer to write
+ # `root=/dev/disk/by-label/...' here, but UNetbootin doesn't
+ # recognise that.
+ boot.kernelParams = [ "root=LABEL=${config.isoImage.volumeID}" ];
- fi
+ # Note that /dev/root is a symlink to the actual root device
+ # specified on the kernel command line, created in the stage 1 init
+ # script.
+ fileSystems."/".device = "/dev/root";
- ${config.boot.loader.grub.extraEntries}
- '';
+ fileSystems."/nix/store" =
+ { fsType = "squashfs";
+ device = "/nix-store.squashfs";
+ options = "loop";
+ };
+ boot.initrd.availableKernelModules = [ "squashfs" "iso9660" ];
- # The efi boot image
- efiImg = pkgs.runCommand "efi-image_eltorito" {}
- ''
- #Let's hope 10M is enough
- dd bs=2048 count=5120 if=/dev/zero of="$out"
- ${pkgs.dosfstools}/sbin/mkfs.vfat "$out"
- ${pkgs.mtools}/bin/mmd -i "$out" efi
- ${pkgs.mtools}/bin/mmd -i "$out" efi/boot
- ${pkgs.mtools}/bin/mmd -i "$out" efi/nixos
- ${pkgs.mtools}/bin/mmd -i "$out" loader
- ${pkgs.mtools}/bin/mmd -i "$out" loader/entries
- ${pkgs.mtools}/bin/mcopy -v -i "$out" \
- ${pkgs.gummiboot}/lib/gummiboot/gummiboot${targetArch}.efi \
- ::efi/boot/boot${targetArch}.efi
- ${pkgs.mtools}/bin/mcopy -v -i "$out" \
- ${config.boot.kernelPackages.kernel + "/bzImage"} ::bzImage
- ${pkgs.mtools}/bin/mcopy -v -i "$out" \
- ${config.system.build.initialRamdisk + "/initrd"} ::efi/nixos/initrd
- echo "title NixOS LiveCD" > boot-params
- echo "linux /bzImage" >> boot-params
- echo "initrd /efi/nixos/initrd" >> boot-params
- echo "options init=${config.system.build.toplevel}/init ${toString config.boot.kernelParams}" >> boot-params
- ${pkgs.mtools}/bin/mcopy -v -i "$out" boot-params ::loader/entries/nixos-livecd.conf
- echo "default nixos-livecd" > boot-params
- echo "timeout 5" >> boot-params
- ${pkgs.mtools}/bin/mcopy -v -i "$out" boot-params ::loader/loader.conf
- '';
+ boot.initrd.kernelModules = [ "loop" ];
- targetArch = if pkgs.stdenv.isi686 then
- "ia32"
- else if pkgs.stdenv.isx86_64 then
- "x64"
- else
- throw "Unsupported architecture";
+ boot.kernelModules = pkgs.stdenv.lib.optional config.isoImage.makeEfiBootable "efivars";
-in
+ # In stage 1, mount a tmpfs on top of / (the ISO image) and
+ # /nix/store (the squashfs image) to make this a live CD.
+ boot.initrd.postMountCommands =
+ ''
+ mkdir -p /unionfs-chroot/ro-root
+ mount --rbind $targetRoot /unionfs-chroot/ro-root
-{
- require = options;
+ mkdir /unionfs-chroot/rw-root
+ mount -t tmpfs -o "mode=755" none /unionfs-chroot/rw-root
+ mkdir /mnt-root-union
+ unionfs -o allow_other,cow,chroot=/unionfs-chroot,max_files=32768 /rw-root=RW:/ro-root=RO /mnt-root-union
+ oldTargetRoot=$targetRoot
+ targetRoot=/mnt-root-union
- boot.loader.grub.version = 2;
+ mkdir /unionfs-chroot/rw-store
+ mount -t tmpfs -o "mode=755" none /unionfs-chroot/rw-store
+ mkdir -p $oldTargetRoot/nix/store
+ unionfs -o allow_other,cow,nonempty,chroot=/unionfs-chroot,max_files=32768 /rw-store=RW:/ro-root/nix/store=RO /mnt-root-union/nix/store
+ '';
- # Don't build the GRUB menu builder script, since we don't need it
- # here and it causes a cyclic dependency.
- boot.loader.grub.enable = false;
+ # Closures to be copied to the Nix store on the CD, namely the init
+ # script and the top-level system configuration directory.
+ isoImage.storeContents =
+ [ config.system.build.toplevel ] ++
+ optional config.isoImage.includeSystemBuildDependencies
+ config.system.build.toplevel.drvPath;
- # !!! Hack - attributes expected by other modules.
- system.boot.loader.kernelFile = "bzImage";
- environment.systemPackages = [ pkgs.grub2 ];
-
- # In stage 1 of the boot, mount the CD as the root FS by label so
- # that we don't need to know its device. We pass the label of the
- # root filesystem on the kernel command line, rather than in
- # `fileSystems' below. This allows CD-to-USB converters such as
- # UNetbootin to rewrite the kernel command line to pass the label or
- # UUID of the USB stick. It would be nicer to write
- # `root=/dev/disk/by-label/...' here, but UNetbootin doesn't
- # recognise that.
- boot.kernelParams = [ "root=LABEL=${config.isoImage.volumeID}" ];
-
- # Note that /dev/root is a symlink to the actual root device
- # specified on the kernel command line, created in the stage 1 init
- # script.
- fileSystems."/".device = "/dev/root";
-
- fileSystems."/nix/store" =
- { fsType = "squashfs";
- device = "/nix-store.squashfs";
- options = "loop";
+ # Create the squashfs image that contains the Nix store.
+ system.build.squashfsStore = import ../../../lib/make-squashfs.nix {
+ inherit (pkgs) stdenv squashfsTools perl pathsFromGraph;
+ storeContents = config.isoImage.storeContents;
};
- boot.initrd.availableKernelModules = [ "squashfs" "iso9660" ];
+ # Individual files to be included on the CD, outside of the Nix
+ # store on the CD.
+ isoImage.contents =
+ [ { source = grubImage;
+ target = "/boot/grub/grub_eltorito";
+ }
+ { source = pkgs.writeText "grub.cfg" grubCfg;
+ target = "/boot/grub/grub.cfg";
+ }
+ { source = config.boot.kernelPackages.kernel + "/bzImage";
+ target = "/boot/bzImage";
+ }
+ { source = config.system.build.initialRamdisk + "/initrd";
+ target = "/boot/initrd";
+ }
+ { source = "${pkgs.grub2}/share/grub/unicode.pf2";
+ target = "/boot/grub/unicode.pf2";
+ }
+ { source = config.boot.loader.grub.splashImage;
+ target = "/boot/grub/splash.png";
+ }
+ { source = config.system.build.squashfsStore;
+ target = "/nix-store.squashfs";
+ }
+ { # Quick hack: need a mount point for the store.
+ source = pkgs.runCommand "empty" {} "ensureDir $out";
+ target = "/nix/store";
+ }
+ ] ++ pkgs.stdenv.lib.optionals config.isoImage.makeEfiBootable [
+ { source = efiImg;
+ target = "/boot/efi.img";
+ }
+ ];
- boot.initrd.kernelModules = [ "loop" ];
+ # The Grub menu.
+ boot.loader.grub.extraEntries =
+ ''
+ menuentry "NixOS Installer / Rescue" {
+ linux /boot/bzImage init=${config.system.build.toplevel}/init ${toString config.boot.kernelParams}
+ initrd /boot/initrd
+ }
- boot.kernelModules = pkgs.stdenv.lib.optional config.isoImage.makeEfiBootable "efivars";
+ menuentry "Boot from hard disk" {
+ set root=(hd0)
+ chainloader +1
+ }
+ '';
- # In stage 1, mount a tmpfs on top of / (the ISO image) and
- # /nix/store (the squashfs image) to make this a live CD.
- boot.initrd.postMountCommands =
- ''
- mkdir -p /unionfs-chroot/ro-root
- mount --rbind $targetRoot /unionfs-chroot/ro-root
+ boot.loader.grub.timeout = 10;
- mkdir /unionfs-chroot/rw-root
- mount -t tmpfs -o "mode=755" none /unionfs-chroot/rw-root
- mkdir /mnt-root-union
- unionfs -o allow_other,cow,chroot=/unionfs-chroot,max_files=32768 /rw-root=RW:/ro-root=RO /mnt-root-union
- oldTargetRoot=$targetRoot
- targetRoot=/mnt-root-union
+ # Create the ISO image.
+ system.build.isoImage = import ../../../lib/make-iso9660-image.nix ({
+ inherit (pkgs) stdenv perl cdrkit pathsFromGraph;
- mkdir /unionfs-chroot/rw-store
- mount -t tmpfs -o "mode=755" none /unionfs-chroot/rw-store
- mkdir -p $oldTargetRoot/nix/store
- unionfs -o allow_other,cow,nonempty,chroot=/unionfs-chroot,max_files=32768 /rw-store=RW:/ro-root/nix/store=RO /mnt-root-union/nix/store
- '';
+ inherit (config.isoImage) isoName compressImage volumeID contents;
- # Closures to be copied to the Nix store on the CD, namely the init
- # script and the top-level system configuration directory.
- isoImage.storeContents =
- [ config.system.build.toplevel ] ++
- optional config.isoImage.includeSystemBuildDependencies
- config.system.build.toplevel.drvPath;
+ bootable = true;
+ bootImage = "/boot/grub/grub_eltorito";
+ } // pkgs.stdenv.lib.optionalAttrs config.isoImage.makeEfiBootable {
+ efiBootable = true;
+ efiBootImage = "boot/efi.img";
+ });
+
+ boot.postBootCommands =
+ ''
+ # After booting, register the contents of the Nix store on the
+ # CD in the Nix database in the tmpfs.
+ ${config.environment.nix}/bin/nix-store --load-db < /nix/store/nix-path-registration
+
+ # nixos-rebuild also requires a "system" profile and an
+ # /etc/NIXOS tag.
+ touch /etc/NIXOS
+ ${config.environment.nix}/bin/nix-env -p /nix/var/nix/profiles/system --set /run/current-system
+ '';
+
+ # Add vfat support to the initrd to enable people to copy the
+ # contents of the CD to a bootable USB stick. Need unionfs-fuse for union mounts
+ boot.initrd.supportedFilesystems = [ "vfat" "unionfs-fuse" ];
- # Create the squashfs image that contains the Nix store.
- system.build.squashfsStore = import ../../../lib/make-squashfs.nix {
- inherit (pkgs) stdenv squashfsTools perl pathsFromGraph;
- storeContents = config.isoImage.storeContents;
};
- # Individual files to be included on the CD, outside of the Nix
- # store on the CD.
- isoImage.contents =
- [ { source = grubImage;
- target = "/boot/grub/grub_eltorito";
- }
- { source = pkgs.writeText "grub.cfg" grubCfg;
- target = "/boot/grub/grub.cfg";
- }
- { source = config.boot.kernelPackages.kernel + "/bzImage";
- target = "/boot/bzImage";
- }
- { source = config.system.build.initialRamdisk + "/initrd";
- target = "/boot/initrd";
- }
- { source = "${pkgs.grub2}/share/grub/unicode.pf2";
- target = "/boot/grub/unicode.pf2";
- }
- { source = config.boot.loader.grub.splashImage;
- target = "/boot/grub/splash.png";
- }
- { source = config.system.build.squashfsStore;
- target = "/nix-store.squashfs";
- }
- { # Quick hack: need a mount point for the store.
- source = pkgs.runCommand "empty" {} "ensureDir $out";
- target = "/nix/store";
- }
- ] ++ pkgs.stdenv.lib.optionals config.isoImage.makeEfiBootable [
- { source = efiImg;
- target = "/boot/efi.img";
- }
- ];
-
- # The Grub menu.
- boot.loader.grub.extraEntries =
- ''
- menuentry "NixOS Installer / Rescue" {
- linux /boot/bzImage init=${config.system.build.toplevel}/init ${toString config.boot.kernelParams}
- initrd /boot/initrd
- }
-
- menuentry "Boot from hard disk" {
- set root=(hd0)
- chainloader +1
- }
- '';
-
- boot.loader.grub.timeout = 10;
-
- # Create the ISO image.
- system.build.isoImage = import ../../../lib/make-iso9660-image.nix ({
- inherit (pkgs) stdenv perl cdrkit pathsFromGraph;
-
- inherit (config.isoImage) isoName compressImage volumeID contents;
-
- bootable = true;
- bootImage = "/boot/grub/grub_eltorito";
- } // pkgs.stdenv.lib.optionalAttrs config.isoImage.makeEfiBootable {
- efiBootable = true;
- efiBootImage = "boot/efi.img";
- });
-
- boot.postBootCommands =
- ''
- # After booting, register the contents of the Nix store on the
- # CD in the Nix database in the tmpfs.
- ${config.environment.nix}/bin/nix-store --load-db < /nix/store/nix-path-registration
-
- # nixos-rebuild also requires a "system" profile and an
- # /etc/NIXOS tag.
- touch /etc/NIXOS
- ${config.environment.nix}/bin/nix-env -p /nix/var/nix/profiles/system --set /run/current-system
- '';
-
- # Add vfat support to the initrd to enable people to copy the
- # contents of the CD to a bootable USB stick. Need unionfs-fuse for union mounts
- boot.initrd.supportedFilesystems = [ "vfat" "unionfs-fuse" ];
-
}
diff --git a/modules/installer/cd-dvd/live-dvd.nix b/modules/installer/cd-dvd/live-dvd.nix
index c5a89a3173e..e57be6d442e 100644
--- a/modules/installer/cd-dvd/live-dvd.nix
+++ b/modules/installer/cd-dvd/live-dvd.nix
@@ -1,11 +1,11 @@
-{config, pkgs, ...}:
+{ config, pkgs, ... }:
{
- require = [./installation-cd-base.nix];
+ imports = [ ./installation-cd-base.nix ];
# Build the build-time dependencies of this configuration on the DVD
# to speed up installation.
- isoImage.storeContents = [config.system.build.toplevel.drvPath];
+ isoImage.storeContents = [ config.system.build.toplevel.drvPath ];
# Include lots of packages.
environment.systemPackages =
diff --git a/modules/installer/cd-dvd/system-tarball-fuloong2f.nix b/modules/installer/cd-dvd/system-tarball-fuloong2f.nix
index 9953d08d698..968605734a1 100644
--- a/modules/installer/cd-dvd/system-tarball-fuloong2f.nix
+++ b/modules/installer/cd-dvd/system-tarball-fuloong2f.nix
@@ -12,15 +12,10 @@ let
# evaluated. So we'll just hope for the best.
dummyConfiguration = pkgs.writeText "configuration.nix"
''
- {config, pkgs, ...}:
+ { config, pkgs, ... }:
- {
- require = [ ];
-
- # Add your own options below
- # E.g.,
+ { # Add your own options below, e.g.:
# services.openssh.enable = true;
-
nixpkgs.config.platform = pkgs.platforms.fuloong2f_n32;
}
'';
@@ -45,11 +40,7 @@ let
in
{
- require =
- [
- ./system-tarball.nix
- ];
-
+ imports = [ ./system-tarball.nix ];
# Disable some other stuff we don't need.
security.sudo.enable = false;
diff --git a/modules/installer/cd-dvd/system-tarball-pc.nix b/modules/installer/cd-dvd/system-tarball-pc.nix
index 91eba4ec852..7619f074b74 100644
--- a/modules/installer/cd-dvd/system-tarball-pc.nix
+++ b/modules/installer/cd-dvd/system-tarball-pc.nix
@@ -65,7 +65,7 @@ let
in
{
- require =
+ imports =
[ ./system-tarball.nix
# Profiles of this basic installation.
diff --git a/modules/installer/cd-dvd/system-tarball-sheevaplug.nix b/modules/installer/cd-dvd/system-tarball-sheevaplug.nix
index 06a02333062..ed78bc2a067 100644
--- a/modules/installer/cd-dvd/system-tarball-sheevaplug.nix
+++ b/modules/installer/cd-dvd/system-tarball-sheevaplug.nix
@@ -15,11 +15,9 @@ let
# evaluated. So we'll just hope for the best.
dummyConfiguration = pkgs.writeText "configuration.nix"
''
- {config, pkgs, ...}:
+ { config, pkgs, ... }:
{
- require = [ ];
-
# Add your own options below and run "nixos-rebuild switch".
# E.g.,
# services.openssh.enable = true;
@@ -39,10 +37,7 @@ let
in
{
- require =
- [
- ./system-tarball.nix
- ];
+ imports = [ ./system-tarball.nix ];
# Disable some other stuff we don't need.
security.sudo.enable = false;
diff --git a/modules/installer/cd-dvd/system-tarball.nix b/modules/installer/cd-dvd/system-tarball.nix
index 95f7582d0ca..6bf8eebdac5 100644
--- a/modules/installer/cd-dvd/system-tarball.nix
+++ b/modules/installer/cd-dvd/system-tarball.nix
@@ -8,6 +8,11 @@ with pkgs.lib;
let
+ versionFile = pkgs.writeText "nixos-version" config.system.nixosVersion;
+
+in
+
+{
options = {
tarball.contents = mkOption {
example =
@@ -31,59 +36,57 @@ let
};
- versionFile = pkgs.writeText "nixos-version" config.system.nixosVersion;
+ config = {
-in
+ # In stage 1 of the boot, mount the CD/DVD as the root FS by label
+ # so that we don't need to know its device.
+ fileSystems = [ ];
-{
- require = options;
+ # boot.initrd.availableKernelModules = [ "mvsdio" "mmc_block" "reiserfs" "ext3" "ext4" ];
- # In stage 1 of the boot, mount the CD/DVD as the root FS by label
- # so that we don't need to know its device.
- fileSystems = [ ];
+ # boot.initrd.kernelModules = [ "rtc_mv" ];
- # boot.initrd.availableKernelModules = [ "mvsdio" "mmc_block" "reiserfs" "ext3" "ext4" ];
+ # Closures to be copied to the Nix store on the CD, namely the init
+ # script and the top-level system configuration directory.
+ tarball.storeContents =
+ [ { object = config.system.build.toplevel;
+ symlink = "/run/current-system";
+ }
+ ];
- # boot.initrd.kernelModules = [ "rtc_mv" ];
+ # Individual files to be included on the CD, outside of the Nix
+ # store on the CD.
+ tarball.contents =
+ [ { source = config.system.build.initialRamdisk + "/initrd";
+ target = "/boot/initrd";
+ }
+ { source = versionFile;
+ target = "/nixos-version.txt";
+ }
+ ];
- # Closures to be copied to the Nix store on the CD, namely the init
- # script and the top-level system configuration directory.
- tarball.storeContents =
- [ { object = config.system.build.toplevel;
- symlink = "/run/current-system";
- }
- ];
+ # Create the tarball
+ system.build.tarball = import ../../../lib/make-system-tarball.nix {
+ inherit (pkgs) stdenv perl xz pathsFromGraph;
- # Individual files to be included on the CD, outside of the Nix
- # store on the CD.
- tarball.contents =
- [ { source = config.system.build.initialRamdisk + "/initrd";
- target = "/boot/initrd";
- }
- { source = versionFile;
- target = "/nixos-version.txt";
- }
- ];
+ inherit (config.tarball) contents storeContents;
+ };
- # Create the tarball
- system.build.tarball = import ../../../lib/make-system-tarball.nix {
- inherit (pkgs) stdenv perl xz pathsFromGraph;
+ boot.postBootCommands =
+ ''
+ # After booting, register the contents of the Nix store on the
+ # CD in the Nix database in the tmpfs.
+ if [ -f /nix-path-registration ]; then
+ ${config.environment.nix}/bin/nix-store --load-db < /nix-path-registration &&
+ rm /nix-path-registration
+ fi
+
+ # nixos-rebuild also requires a "system" profile and an
+ # /etc/NIXOS tag.
+ touch /etc/NIXOS
+ ${config.environment.nix}/bin/nix-env -p /nix/var/nix/profiles/system --set /run/current-system
+ '';
- inherit (config.tarball) contents storeContents;
};
- boot.postBootCommands =
- ''
- # After booting, register the contents of the Nix store on the
- # CD in the Nix database in the tmpfs.
- if [ -f /nix-path-registration ]; then
- ${config.environment.nix}/bin/nix-store --load-db < /nix-path-registration &&
- rm /nix-path-registration
- fi
-
- # nixos-rebuild also requires a "system" profile and an
- # /etc/NIXOS tag.
- touch /etc/NIXOS
- ${config.environment.nix}/bin/nix-env -p /nix/var/nix/profiles/system --set /run/current-system
- '';
}
diff --git a/modules/installer/tools/nixos-hardware-scan.pl b/modules/installer/tools/nixos-hardware-scan.pl
index 5b90607f4b0..3204f3d4051 100644
--- a/modules/installer/tools/nixos-hardware-scan.pl
+++ b/modules/installer/tools/nixos-hardware-scan.pl
@@ -8,7 +8,7 @@ my @attrs = ();
my @kernelModules = ();
my @initrdKernelModules = ();
my @modulePackages = ();
-my @requires = ("");
+my @imports = ("");
sub debug {
@@ -227,7 +227,7 @@ my $initrdKernelModules = toNixExpr(removeDups @initrdKernelModules);
my $kernelModules = toNixExpr(removeDups @kernelModules);
my $modulePackages = toNixExpr(removeDups @modulePackages);
my $attrs = multiLineList(" ", removeDups @attrs);
-my $requires = multiLineList(" ", removeDups @requires);
+my $imports = multiLineList(" ", removeDups @imports);
print < subject "wmii and xrandr" on mailinglist)
- windowManager = {
- session = [{
- name = "wmii";
- start = "
- while :; do
- ${pkgs.wmiiSnap}/bin/wmii && break
- done
- ";
- }];
+ { name = "wmii";
+ start = ''
+ while :; do
+ ${pkgs.wmiiSnap}/bin/wmii && break
+ done
+ '';
};
- };
+ environment.systemPackages = [ pkgs.wmiiSnap ];
+
};
- environment = {
- x11Packages = [
- pkgs.wmiiSnap
- ];
- };
}
diff --git a/modules/system/activation/top-level.nix b/modules/system/activation/top-level.nix
index 9f6a8f8583a..32157e41985 100644
--- a/modules/system/activation/top-level.nix
+++ b/modules/system/activation/top-level.nix
@@ -4,66 +4,6 @@ with pkgs.lib;
let
- options = {
-
- system.build = mkOption {
- default = {};
- description = ''
- Attribute set of derivations used to setup the system.
- '';
- };
-
- nesting.children = mkOption {
- default = [];
- description = ''
- Additional configurations to build.
- '';
- };
-
- nesting.clone = mkOption {
- default = [];
- description = ''
- Additional configurations to build based on the current
- configuration which is has a lower priority.
- '';
- };
-
- system.boot.loader.id = mkOption {
- default = "";
- description = ''
- Id string of the used bootloader.
- '';
- };
-
- system.boot.loader.kernelFile = mkOption {
- default = pkgs.stdenv.platform.kernelTarget;
- type = types.uniq types.string;
- description = ''
- Name of the kernel file to be passed to the bootloader.
- '';
- };
-
- system.copySystemConfiguration = mkOption {
- default = false;
- description = ''
- If enabled, copies the NixOS configuration file
- $NIXOS_CONFIG (usually
- /etc/nixos/configuration.nix)
- to the system store path.
- '';
- };
-
- system.extraSystemBuilderCmds = mkOption {
- default = "";
- internal = true;
- merge = concatStringsSep "\n";
- description = ''
- This code will be added to the builder creating the system store path.
- '';
- };
-
- };
-
# This attribute is responsible for creating boot entries for
# child configuration. They are only (directly) accessible
@@ -176,13 +116,79 @@ let
};
-in {
- require = [options];
+in
- system.extraSystemBuilderCmds =
- optionalString
- config.system.copySystemConfiguration
- "cp ${maybeEnv "NIXOS_CONFIG" "/etc/nixos/configuration.nix"} $out";
+{
+ options = {
+
+ system.build = mkOption {
+ default = {};
+ description = ''
+ Attribute set of derivations used to setup the system.
+ '';
+ };
+
+ nesting.children = mkOption {
+ default = [];
+ description = ''
+ Additional configurations to build.
+ '';
+ };
+
+ nesting.clone = mkOption {
+ default = [];
+ description = ''
+ Additional configurations to build based on the current
+ configuration which is has a lower priority.
+ '';
+ };
+
+ system.boot.loader.id = mkOption {
+ default = "";
+ description = ''
+ Id string of the used bootloader.
+ '';
+ };
+
+ system.boot.loader.kernelFile = mkOption {
+ default = pkgs.stdenv.platform.kernelTarget;
+ type = types.uniq types.string;
+ description = ''
+ Name of the kernel file to be passed to the bootloader.
+ '';
+ };
+
+ system.copySystemConfiguration = mkOption {
+ default = false;
+ description = ''
+ If enabled, copies the NixOS configuration file
+ $NIXOS_CONFIG (usually
+ /etc/nixos/configuration.nix)
+ to the system store path.
+ '';
+ };
+
+ system.extraSystemBuilderCmds = mkOption {
+ default = "";
+ internal = true;
+ merge = concatStringsSep "\n";
+ description = ''
+ This code will be added to the builder creating the system store path.
+ '';
+ };
+
+ };
+
+
+ config = {
+
+ system.extraSystemBuilderCmds =
+ optionalString
+ config.system.copySystemConfiguration
+ "cp ${maybeEnv "NIXOS_CONFIG" "/etc/nixos/configuration.nix"} $out";
+
+ system.build.toplevel = system;
+
+ };
- system.build.toplevel = system;
}
diff --git a/modules/system/boot/loader/generations-dir/generations-dir.nix b/modules/system/boot/loader/generations-dir/generations-dir.nix
index b14f81552ee..9855c8c19dd 100644
--- a/modules/system/boot/loader/generations-dir/generations-dir.nix
+++ b/modules/system/boot/loader/generations-dir/generations-dir.nix
@@ -1,48 +1,9 @@
-{pkgs, config, ...}:
+{ config, pkgs, ... }:
+
+with pkgs.lib;
-###### interface
let
- inherit (pkgs.lib) mkOption mkIf;
- options = {
- boot = {
- loader = {
- generationsDir = {
-
- enable = mkOption {
- default = false;
- description = ''
- Whether to create symlinks to the system generations under
- /boot. When enabled,
- /boot/default/kernel,
- /boot/default/initrd, etc., are updated to
- point to the current generation's kernel image, initial RAM
- disk, and other bootstrap files.
-
- This optional is not necessary with boot loaders such as GNU GRUB
- for which the menu is updated to point to the latest bootstrap
- files. However, it is needed for U-Boot on platforms where the
- boot command line is stored in flash memory rather than in a
- menu file.
- '';
- };
-
- copyKernels = mkOption {
- default = false;
- description = "
- Whether copy the necessary boot files into /boot, so
- /nix/store is not needed by the boot loader.
- ";
- };
- };
- };
- };
- };
-
-in
-
-###### implementation
-let
generationsDirBuilder = pkgs.substituteAll {
src = ./generations-dir-builder.sh;
isExecutable = true;
@@ -53,18 +14,50 @@ let
# Temporary check, for nixos to cope both with nixpkgs stdenv-updates and trunk
platform = pkgs.stdenv.platform;
+
in
+
{
- require = [
- options
+ options = {
- # config.system.build
- # ../system/system-options.nix
- ];
+ boot.loader.generationsDir = {
+
+ enable = mkOption {
+ default = false;
+ description = ''
+ Whether to create symlinks to the system generations under
+ /boot. When enabled,
+ /boot/default/kernel,
+ /boot/default/initrd, etc., are updated to
+ point to the current generation's kernel image, initial RAM
+ disk, and other bootstrap files.
+
+ This optional is not necessary with boot loaders such as GNU GRUB
+ for which the menu is updated to point to the latest bootstrap
+ files. However, it is needed for U-Boot on platforms where the
+ boot command line is stored in flash memory rather than in a
+ menu file.
+ '';
+ };
+
+ copyKernels = mkOption {
+ default = false;
+ description = "
+ Whether copy the necessary boot files into /boot, so
+ /nix/store is not needed by the boot loader.
+ ";
+ };
+
+ };
+
+ };
+
+
+ config = mkIf config.boot.loader.generationsDir.enable {
+
+ system.build.installBootLoader = generationsDirBuilder;
+ system.boot.loader.id = "generationsDir";
+ system.boot.loader.kernelFile = platform.kernelTarget;
- system = mkIf config.boot.loader.generationsDir.enable {
- build.installBootLoader = generationsDirBuilder;
- boot.loader.id = "generationsDir";
- boot.loader.kernelFile = platform.kernelTarget;
};
}
diff --git a/modules/system/boot/loader/raspberrypi/raspberrypi.nix b/modules/system/boot/loader/raspberrypi/raspberrypi.nix
index f083a002b42..5bc856c3df0 100644
--- a/modules/system/boot/loader/raspberrypi/raspberrypi.nix
+++ b/modules/system/boot/loader/raspberrypi/raspberrypi.nix
@@ -1,30 +1,9 @@
-{pkgs, config, ...}:
+{ config, pkgs, ... }:
+
+with pkgs.lib;
-###### interface
let
- inherit (pkgs.lib) mkOption mkIf;
- options = {
- boot = {
- loader = {
- raspberryPi = {
- enable = mkOption {
- default = false;
- description = ''
- Whether to create files with the system generations in
- /boot.
- /boot/old will hold files from old generations.
- '';
- };
- };
- };
- };
- };
-
-in
-
-###### implementation
-let
builder = pkgs.substituteAll {
src = ./builder.sh;
isExecutable = true;
@@ -34,18 +13,26 @@ let
};
platform = pkgs.stdenv.platform;
+
in
+
{
- require = [
- options
+ options = {
- # config.system.build
- # ../system/system-options.nix
- ];
+ boot.loader.raspberryPi.enable = mkOption {
+ default = false;
+ description = ''
+ Whether to create files with the system generations in
+ /boot.
+ /boot/old will hold files from old generations.
+ '';
+ };
- system = mkIf config.boot.loader.raspberryPi.enable {
- build.installBootLoader = builder;
- boot.loader.id = "raspberrypi";
- boot.loader.kernelFile = platform.kernelTarget;
+ };
+
+ config = mkIf config.boot.loader.raspberryPi.enable {
+ system.build.installBootLoader = builder;
+ system.boot.loader.id = "raspberrypi";
+ system.boot.loader.kernelFile = platform.kernelTarget;
};
}
diff --git a/modules/system/boot/stage-1.nix b/modules/system/boot/stage-1.nix
index 9efae22fbdf..ed06e6a38d0 100644
--- a/modules/system/boot/stage-1.nix
+++ b/modules/system/boot/stage-1.nix
@@ -11,116 +11,6 @@ let
udev = config.systemd.package;
- options = {
-
- boot.resumeDevice = mkOption {
- default = "";
- example = "0:0";
- description = "
- Device for manual resume attempt during boot. Looks like
- major:minor. ls -l /dev/SWAP_PARTION shows them.
- ";
- };
-
- boot.initrd.enableSplashScreen = mkOption {
- default = true;
- description = "
- Whether to show a nice splash screen while booting.
- ";
- };
-
- boot.initrd.checkJournalingFS = mkOption {
- default = true;
- type = types.bool;
- description = ''
- Whether to run fsck on journaling filesystems such as ext3.
- '';
- };
-
- boot.initrd.mdadmConf = mkOption {
- default = "";
- type = with types; string;
- description = ''
- Contents of /etc/mdadm.conf at initrd.
- '';
- };
-
- boot.initrd.preLVMCommands = mkOption {
- default = "";
- type = with types; string;
- description = ''
- Shell commands to be executed immediately before lvm discovery.
- '';
- };
-
- boot.initrd.postDeviceCommands = mkOption {
- default = "";
- type = with types; string;
- description = ''
- Shell commands to be executed immediately after stage 1 of the
- boot has loaded kernel modules and created device nodes in
- /dev.
- '';
- };
-
- boot.initrd.postMountCommands = mkOption {
- default = "";
- type = with types; string;
- description = ''
- Shell commands to be executed immediately after the stage 1
- filesystems have been mounted.
- '';
- };
-
- boot.initrd.extraUtilsCommands = mkOption {
- internal = true;
- default = "";
- type = with types; string;
- description = ''
- Shell commands to be executed in the builder of the
- extra-utils derivation. This can be used to provide
- additional utilities in the initial ramdisk.
- '';
- };
-
- boot.initrd.extraUtilsCommandsTest = mkOption {
- internal = true;
- default = "";
- type = with types; string;
- description = ''
- Shell commands to be executed in the builder of the
- extra-utils derivation after patchelf has done its
- job. This can be used to test additional utilities
- copied in extraUtilsCommands.
- '';
- };
-
- boot.initrd.compressor = mkOption {
- default = "gzip -9";
-
- type = types.string;
-
- description = "The compressor to use on the initrd";
-
- example = "xz";
- };
-
- fileSystems = mkOption {
- options.neededForBoot = mkOption {
- default = false;
- type = types.bool;
- description = ''
- If set, this file system will be mounted in the initial
- ramdisk. By default, this applies to the root file system
- and to the file system containing
- /nix/store.
- '';
- };
- };
-
- };
-
-
kernelPackages = config.boot.kernelPackages;
modulesTree = config.system.modulesTree;
@@ -141,14 +31,15 @@ let
&& kernelPackages.kernel.features.needsCifsUtils
&& any (fs: fs.fsType == "cifs") fileSystems;
- busybox = if needsCifsUtils
- then pkgs.busybox.override {
- extraConfig = ''
- CONFIG_FEATURE_MOUNT_CIFS n
- CONFIG_FEATURE_MOUNT_HELPERS y
- '';
- }
- else pkgs.busybox;
+ busybox =
+ if needsCifsUtils
+ then pkgs.busybox.override {
+ extraConfig = ''
+ CONFIG_FEATURE_MOUNT_CIFS n
+ CONFIG_FEATURE_MOUNT_HELPERS y
+ '';
+ }
+ else pkgs.busybox;
# Some additional utilities needed in stage 1, like mount, lvm, fsck
@@ -351,16 +242,128 @@ let
];
};
-in {
+in
- require = [options];
+{
+ options = {
- system.build.bootStage1 = bootStage1;
- system.build.initialRamdisk = initialRamdisk;
- system.build.extraUtils = extraUtils;
+ boot.resumeDevice = mkOption {
+ default = "";
+ example = "0:0";
+ description = "
+ Device for manual resume attempt during boot. Looks like
+ major:minor. ls -l /dev/SWAP_PARTION shows them.
+ ";
+ };
- system.requiredKernelConfig = with config.lib.kernelConfig; [
- (isYes "TMPFS")
- (isYes "BLK_DEV_INITRD")
- ];
+ boot.initrd.enableSplashScreen = mkOption {
+ default = true;
+ description = "
+ Whether to show a nice splash screen while booting.
+ ";
+ };
+
+ boot.initrd.checkJournalingFS = mkOption {
+ default = true;
+ type = types.bool;
+ description = ''
+ Whether to run fsck on journaling filesystems such as ext3.
+ '';
+ };
+
+ boot.initrd.mdadmConf = mkOption {
+ default = "";
+ type = with types; string;
+ description = ''
+ Contents of /etc/mdadm.conf at initrd.
+ '';
+ };
+
+ boot.initrd.preLVMCommands = mkOption {
+ default = "";
+ type = with types; string;
+ description = ''
+ Shell commands to be executed immediately before lvm discovery.
+ '';
+ };
+
+ boot.initrd.postDeviceCommands = mkOption {
+ default = "";
+ type = with types; string;
+ description = ''
+ Shell commands to be executed immediately after stage 1 of the
+ boot has loaded kernel modules and created device nodes in
+ /dev.
+ '';
+ };
+
+ boot.initrd.postMountCommands = mkOption {
+ default = "";
+ type = with types; string;
+ description = ''
+ Shell commands to be executed immediately after the stage 1
+ filesystems have been mounted.
+ '';
+ };
+
+ boot.initrd.extraUtilsCommands = mkOption {
+ internal = true;
+ default = "";
+ type = with types; string;
+ description = ''
+ Shell commands to be executed in the builder of the
+ extra-utils derivation. This can be used to provide
+ additional utilities in the initial ramdisk.
+ '';
+ };
+
+ boot.initrd.extraUtilsCommandsTest = mkOption {
+ internal = true;
+ default = "";
+ type = with types; string;
+ description = ''
+ Shell commands to be executed in the builder of the
+ extra-utils derivation after patchelf has done its
+ job. This can be used to test additional utilities
+ copied in extraUtilsCommands.
+ '';
+ };
+
+ boot.initrd.compressor = mkOption {
+ default = "gzip -9";
+
+ type = types.string;
+
+ description = "The compressor to use on the initrd";
+
+ example = "xz";
+ };
+
+ fileSystems = mkOption {
+ options.neededForBoot = mkOption {
+ default = false;
+ type = types.bool;
+ description = ''
+ If set, this file system will be mounted in the initial
+ ramdisk. By default, this applies to the root file system
+ and to the file system containing
+ /nix/store.
+ '';
+ };
+ };
+
+ };
+
+ config = {
+
+ system.build.bootStage1 = bootStage1;
+ system.build.initialRamdisk = initialRamdisk;
+ system.build.extraUtils = extraUtils;
+
+ system.requiredKernelConfig = with config.lib.kernelConfig; [
+ (isYes "TMPFS")
+ (isYes "BLK_DEV_INITRD")
+ ];
+
+ };
}
diff --git a/modules/system/boot/stage-2.nix b/modules/system/boot/stage-2.nix
index efffb89d732..ff17535e418 100644
--- a/modules/system/boot/stage-2.nix
+++ b/modules/system/boot/stage-2.nix
@@ -4,6 +4,38 @@ with pkgs.lib;
let
+ kernel = config.boot.kernelPackages.kernel;
+ activateConfiguration = config.system.activationScripts.script;
+
+ readonlyMountpoint = pkgs.runCommand "readonly-mountpoint" {} ''
+ mkdir -p $out/bin
+ cc -O3 ${./readonly-mountpoint.c} -o $out/bin/readonly-mountpoint
+ strip -s $out/bin/readonly-mountpoint
+ '';
+
+ bootStage2 = pkgs.substituteAll {
+ src = ./stage-2-init.sh;
+ shellDebug = "${pkgs.bashInteractive}/bin/bash";
+ isExecutable = true;
+ inherit (config.boot) devShmSize runSize cleanTmpDir;
+ inherit (config.nix) readOnlyStore;
+ ttyGid = config.ids.gids.tty;
+ path =
+ [ pkgs.coreutils
+ pkgs.utillinux
+ pkgs.sysvtools
+ ] ++ (optional config.boot.cleanTmpDir pkgs.findutils)
+ ++ optional config.nix.readOnlyStore readonlyMountpoint;
+ postBootCommands = pkgs.writeText "local-cmds"
+ ''
+ ${config.boot.postBootCommands}
+ ${config.powerManagement.powerUpCommands}
+ '';
+ };
+
+in
+
+{
options = {
boot = {
@@ -59,39 +91,10 @@ let
};
- kernel = config.boot.kernelPackages.kernel;
- activateConfiguration = config.system.activationScripts.script;
- readonlyMountpoint = pkgs.runCommand "readonly-mountpoint" {} ''
- mkdir -p $out/bin
- cc -O3 ${./readonly-mountpoint.c} -o $out/bin/readonly-mountpoint
- strip -s $out/bin/readonly-mountpoint
- '';
+ config = {
+
+ system.build.bootStage2 = bootStage2;
- bootStage2 = pkgs.substituteAll {
- src = ./stage-2-init.sh;
- shellDebug = "${pkgs.bashInteractive}/bin/bash";
- isExecutable = true;
- inherit (config.boot) devShmSize runSize cleanTmpDir;
- inherit (config.nix) readOnlyStore;
- ttyGid = config.ids.gids.tty;
- path =
- [ pkgs.coreutils
- pkgs.utillinux
- pkgs.sysvtools
- ] ++ (optional config.boot.cleanTmpDir pkgs.findutils)
- ++ optional config.nix.readOnlyStore readonlyMountpoint;
- postBootCommands = pkgs.writeText "local-cmds"
- ''
- ${config.boot.postBootCommands}
- ${config.powerManagement.powerUpCommands}
- '';
};
-
-in
-
-{
- require = [options];
-
- system.build.bootStage2 = bootStage2;
}
diff --git a/modules/virtualisation/amazon-config.nix b/modules/virtualisation/amazon-config.nix
index 836c46caae8..e816ed2d183 100644
--- a/modules/virtualisation/amazon-config.nix
+++ b/modules/virtualisation/amazon-config.nix
@@ -1,5 +1,5 @@
{ config, pkgs, modulesPath, ... }:
{
- require = [ "${modulesPath}/virtualisation/amazon-image.nix" ];
+ imports = [ "${modulesPath}/virtualisation/amazon-image.nix" ];
}
diff --git a/modules/virtualisation/amazon-image.nix b/modules/virtualisation/amazon-image.nix
index 30b06b9ef24..11939c9ba96 100644
--- a/modules/virtualisation/amazon-image.nix
+++ b/modules/virtualisation/amazon-image.nix
@@ -3,7 +3,7 @@
with pkgs.lib;
{
- require = [ ../profiles/headless.nix ./ec2-data.nix ];
+ imports = [ ../profiles/headless.nix ./ec2-data.nix ];
system.build.amazonImage =
pkgs.vmTools.runInLinuxVM (
@@ -83,7 +83,7 @@ with pkgs.lib;
udevadm control --exit || true
kill -9 -1
'';
-
+
# Mount all formatted ephemeral disks and activate all swap devices.
# We cannot do this with the ‘fileSystems’ and ‘swapDevices’ options
# because the set of devices is dependent on the instance type
diff --git a/modules/virtualisation/ec2-data.nix b/modules/virtualisation/ec2-data.nix
index 42c50d857e4..fccf45e0e19 100644
--- a/modules/virtualisation/ec2-data.nix
+++ b/modules/virtualisation/ec2-data.nix
@@ -5,7 +5,8 @@
{ config, pkgs, ... }:
with pkgs.lib;
-let
+
+{
options = {
ec2.metadata = mkOption {
type = types.bool;
@@ -15,84 +16,84 @@ let
'';
};
};
-in
-{
- require = [options];
- systemd.services."fetch-ec2-data" =
- { description = "Fetch EC2 Data";
+ config = {
- wantedBy = [ "multi-user.target" ];
- before = [ "sshd.service" ];
- after = [ "network.target" ];
+ systemd.services."fetch-ec2-data" =
+ { description = "Fetch EC2 Data";
- path = [ pkgs.curl pkgs.iproute ];
+ wantedBy = [ "multi-user.target" ];
+ before = [ "sshd.service" ];
+ after = [ "network.target" ];
- script =
- ''
- ip route del blackhole 169.254.169.254/32 || true
+ path = [ pkgs.curl pkgs.iproute ];
- curl="curl --retry 3 --retry-delay 0 --fail"
+ script =
+ ''
+ ip route del blackhole 169.254.169.254/32 || true
- echo "setting host name..."
- ${optionalString (config.networking.hostName == "") ''
- ${pkgs.nettools}/bin/hostname $($curl http://169.254.169.254/1.0/meta-data/hostname)
- ''}
+ curl="curl --retry 3 --retry-delay 0 --fail"
- # Don't download the SSH key if it has already been injected
- # into the image (a Nova feature).
- if ! [ -e /root/.ssh/authorized_keys ]; then
- echo "obtaining SSH key..."
- mkdir -p /root/.ssh
- $curl -o /root/key.pub http://169.254.169.254/1.0/meta-data/public-keys/0/openssh-key
- if [ $? -eq 0 -a -e /root/key.pub ]; then
- if ! grep -q -f /root/key.pub /root/.ssh/authorized_keys; then
- cat /root/key.pub >> /root/.ssh/authorized_keys
- echo "new key added to authorized_keys"
- fi
- chmod 600 /root/.ssh/authorized_keys
- rm -f /root/key.pub
- fi
- fi
+ echo "setting host name..."
+ ${optionalString (config.networking.hostName == "") ''
+ ${pkgs.nettools}/bin/hostname $($curl http://169.254.169.254/1.0/meta-data/hostname)
+ ''}
- # Extract the intended SSH host key for this machine from
- # the supplied user data, if available. Otherwise sshd will
- # generate one normally.
- $curl http://169.254.169.254/2011-01-01/user-data > /root/user-data || true
- key="$(sed 's/|/\n/g; s/SSH_HOST_DSA_KEY://; t; d' /root/user-data)"
- key_pub="$(sed 's/SSH_HOST_DSA_KEY_PUB://; t; d' /root/user-data)"
- if [ -n "$key" -a -n "$key_pub" -a ! -e /etc/ssh/ssh_host_dsa_key ]; then
- mkdir -m 0755 -p /etc/ssh
- (umask 077; echo "$key" > /etc/ssh/ssh_host_dsa_key)
- echo "$key_pub" > /etc/ssh/ssh_host_dsa_key.pub
- fi
+ # Don't download the SSH key if it has already been injected
+ # into the image (a Nova feature).
+ if ! [ -e /root/.ssh/authorized_keys ]; then
+ echo "obtaining SSH key..."
+ mkdir -p /root/.ssh
+ $curl -o /root/key.pub http://169.254.169.254/1.0/meta-data/public-keys/0/openssh-key
+ if [ $? -eq 0 -a -e /root/key.pub ]; then
+ if ! grep -q -f /root/key.pub /root/.ssh/authorized_keys; then
+ cat /root/key.pub >> /root/.ssh/authorized_keys
+ echo "new key added to authorized_keys"
+ fi
+ chmod 600 /root/.ssh/authorized_keys
+ rm -f /root/key.pub
+ fi
+ fi
- ${optionalString (! config.ec2.metadata) ''
- # Since the user data is sensitive, prevent it from being
- # accessed from now on.
- ip route add blackhole 169.254.169.254/32
- ''}
- '';
+ # Extract the intended SSH host key for this machine from
+ # the supplied user data, if available. Otherwise sshd will
+ # generate one normally.
+ $curl http://169.254.169.254/2011-01-01/user-data > /root/user-data || true
+ key="$(sed 's/|/\n/g; s/SSH_HOST_DSA_KEY://; t; d' /root/user-data)"
+ key_pub="$(sed 's/SSH_HOST_DSA_KEY_PUB://; t; d' /root/user-data)"
+ if [ -n "$key" -a -n "$key_pub" -a ! -e /etc/ssh/ssh_host_dsa_key ]; then
+ mkdir -m 0755 -p /etc/ssh
+ (umask 077; echo "$key" > /etc/ssh/ssh_host_dsa_key)
+ echo "$key_pub" > /etc/ssh/ssh_host_dsa_key.pub
+ fi
- serviceConfig.Type = "oneshot";
- serviceConfig.RemainAfterExit = true;
- };
+ ${optionalString (! config.ec2.metadata) ''
+ # Since the user data is sensitive, prevent it from being
+ # accessed from now on.
+ ip route add blackhole 169.254.169.254/32
+ ''}
+ '';
- systemd.services."print-host-key" =
- { description = "Print SSH Host Key";
- wantedBy = [ "multi-user.target" ];
- after = [ "sshd.service" ];
- script =
- ''
- # Print the host public key on the console so that the user
- # can obtain it securely by parsing the output of
- # ec2-get-console-output.
- echo "-----BEGIN SSH HOST KEY FINGERPRINTS-----" > /dev/console
- ${pkgs.openssh}/bin/ssh-keygen -l -f /etc/ssh/ssh_host_dsa_key.pub > /dev/console
- echo "-----END SSH HOST KEY FINGERPRINTS-----" > /dev/console
- '';
- serviceConfig.Type = "oneshot";
- serviceConfig.RemainAfterExit = true;
- };
+ serviceConfig.Type = "oneshot";
+ serviceConfig.RemainAfterExit = true;
+ };
+ systemd.services."print-host-key" =
+ { description = "Print SSH Host Key";
+ wantedBy = [ "multi-user.target" ];
+ after = [ "sshd.service" ];
+ script =
+ ''
+ # Print the host public key on the console so that the user
+ # can obtain it securely by parsing the output of
+ # ec2-get-console-output.
+ echo "-----BEGIN SSH HOST KEY FINGERPRINTS-----" > /dev/console
+ ${pkgs.openssh}/bin/ssh-keygen -l -f /etc/ssh/ssh_host_dsa_key.pub > /dev/console
+ echo "-----END SSH HOST KEY FINGERPRINTS-----" > /dev/console
+ '';
+ serviceConfig.Type = "oneshot";
+ serviceConfig.RemainAfterExit = true;
+ };
+
+ };
}
diff --git a/modules/virtualisation/nova-config.nix b/modules/virtualisation/nova-config.nix
index df41f8f88af..f8239cdec51 100644
--- a/modules/virtualisation/nova-config.nix
+++ b/modules/virtualisation/nova-config.nix
@@ -1,5 +1,5 @@
{ config, pkgs, modulesPath, ... }:
{
- require = [ "${modulesPath}/virtualisation/nova-image.nix" ];
+ imports = [ "${modulesPath}/virtualisation/nova-image.nix" ];
}
diff --git a/modules/virtualisation/nova-image.nix b/modules/virtualisation/nova-image.nix
index 59b88a54367..ab625dba11d 100644
--- a/modules/virtualisation/nova-image.nix
+++ b/modules/virtualisation/nova-image.nix
@@ -3,7 +3,7 @@
with pkgs.lib;
{
- require = [ ../profiles/qemu-guest.nix ../profiles/headless.nix ./ec2-data.nix ];
+ imports = [ ../profiles/qemu-guest.nix ../profiles/headless.nix ./ec2-data.nix ];
system.build.novaImage =
pkgs.vmTools.runInLinuxVM (
diff --git a/modules/virtualisation/qemu-vm.nix b/modules/virtualisation/qemu-vm.nix
index 61d5d20f3be..9476db8076c 100644
--- a/modules/virtualisation/qemu-vm.nix
+++ b/modules/virtualisation/qemu-vm.nix
@@ -18,6 +18,123 @@ let
then "noname"
else config.networking.hostName;
+ cfg = config.virtualisation;
+
+ qemuGraphics = if cfg.graphics then "" else "-nographic";
+ kernelConsole = if cfg.graphics then "" else "console=ttyS0";
+ ttys = [ "tty1" "tty2" "tty3" "tty4" "tty5" "tty6" ];
+
+ # Shell script to start the VM.
+ startVM =
+ ''
+ #! ${pkgs.stdenv.shell}
+
+ NIX_DISK_IMAGE=$(readlink -f ''${NIX_DISK_IMAGE:-${config.virtualisation.diskImage}})
+
+ if ! test -e "$NIX_DISK_IMAGE"; then
+ ${pkgs.qemu_kvm}/bin/qemu-img create -f qcow2 "$NIX_DISK_IMAGE" \
+ ${toString config.virtualisation.diskSize}M || exit 1
+ fi
+
+ # Create a directory for exchanging data with the VM.
+ if [ -z "$TMPDIR" -o -z "$USE_TMPDIR" ]; then
+ TMPDIR=$(mktemp -d nix-vm.XXXXXXXXXX --tmpdir)
+ fi
+ cd $TMPDIR
+ mkdir -p $TMPDIR/xchg
+
+ idx=2
+ extraDisks=""
+ ${flip concatMapStrings cfg.emptyDiskImages (size: ''
+ ${pkgs.qemu_kvm}/bin/qemu-img create -f raw "empty$idx" "${toString size}M"
+ extraDisks="$extraDisks -drive index=$idx,file=$(pwd)/empty$idx,if=virtio,werror=report"
+ idx=$((idx + 1))
+ '')}
+
+ # Start QEMU.
+ # "-boot menu=on" is there, because I don't know how to make qemu boot from 2nd hd.
+ exec ${pkgs.qemu_kvm}/bin/qemu-kvm \
+ -name ${vmName} \
+ -m ${toString config.virtualisation.memorySize} \
+ ${optionalString (pkgs.stdenv.system == "x86_64-linux") "-cpu kvm64"} \
+ -net nic,vlan=0,model=virtio \
+ -net user,vlan=0''${QEMU_NET_OPTS:+,$QEMU_NET_OPTS} \
+ -virtfs local,path=/nix/store,security_model=none,mount_tag=store \
+ -virtfs local,path=$TMPDIR/xchg,security_model=none,mount_tag=xchg \
+ -virtfs local,path=''${SHARED_DIR:-$TMPDIR/xchg},security_model=none,mount_tag=shared \
+ ${if cfg.useBootLoader then ''
+ -drive index=0,id=drive1,file=$NIX_DISK_IMAGE,if=virtio,cache=writeback,werror=report \
+ -drive index=1,id=drive2,file=${bootDisk}/disk.img,if=virtio,readonly \
+ -boot menu=on
+ '' else ''
+ -drive file=$NIX_DISK_IMAGE,if=virtio,cache=writeback,werror=report \
+ -kernel ${config.system.build.toplevel}/kernel \
+ -initrd ${config.system.build.toplevel}/initrd \
+ -append "$(cat ${config.system.build.toplevel}/kernel-params) init=${config.system.build.toplevel}/init regInfo=${regInfo} ${kernelConsole} $QEMU_KERNEL_PARAMS" \
+ ''} \
+ $extraDisks \
+ ${qemuGraphics} \
+ ${toString config.virtualisation.qemu.options} \
+ $QEMU_OPTS
+ '';
+
+
+ regInfo = pkgs.runCommand "reginfo"
+ { exportReferencesGraph =
+ map (x: [("closure-" + baseNameOf x) x]) config.virtualisation.pathsInNixDB;
+ buildInputs = [ pkgs.perl ];
+ preferLocalBuild = true;
+ }
+ ''
+ printRegistration=1 perl ${pkgs.pathsFromGraph} closure-* > $out
+ '';
+
+
+ # Generate a hard disk image containing a /boot partition and GRUB
+ # in the MBR. Used when the `useBootLoader' option is set.
+ bootDisk =
+ pkgs.vmTools.runInLinuxVM (
+ pkgs.runCommand "nixos-boot-disk"
+ { preVM =
+ ''
+ mkdir $out
+ diskImage=$out/disk.img
+ ${pkgs.qemu_kvm}/bin/qemu-img create -f qcow2 $diskImage "32M"
+ '';
+ buildInputs = [ pkgs.utillinux ];
+ }
+ ''
+ # Create a single /boot partition.
+ ${pkgs.parted}/sbin/parted /dev/vda mklabel msdos
+ ${pkgs.parted}/sbin/parted /dev/vda -- mkpart primary ext2 1M -1s
+ . /sys/class/block/vda1/uevent
+ mknod /dev/vda1 b $MAJOR $MINOR
+ . /sys/class/block/vda/uevent
+ ${pkgs.e2fsprogs}/sbin/mkfs.ext4 -L boot /dev/vda1
+ ${pkgs.e2fsprogs}/sbin/tune2fs -c 0 -i 0 /dev/vda1
+
+ # Mount /boot.
+ mkdir /boot
+ mount /dev/vda1 /boot
+
+ # This is needed for GRUB 0.97, which doesn't know about virtio devices.
+ mkdir /boot/grub
+ echo '(hd0) /dev/vda' > /boot/grub/device.map
+
+ # Install GRUB and generate the GRUB boot menu.
+ touch /etc/NIXOS
+ mkdir -p /nix/var/nix/profiles
+ ${config.system.build.toplevel}/bin/switch-to-configuration boot
+
+ umount /boot
+ ''
+ );
+
+in
+
+{
+ imports = [ ../profiles/qemu-guest.nix ];
+
options = {
virtualisation.memorySize =
@@ -154,264 +271,151 @@ let
};
- cfg = config.virtualisation;
+ config = {
- qemuGraphics = if cfg.graphics then "" else "-nographic";
- kernelConsole = if cfg.graphics then "" else "console=ttyS0";
- ttys = [ "tty1" "tty2" "tty3" "tty4" "tty5" "tty6" ];
+ boot.loader.grub.device = mkOverride 50 "/dev/vda";
- # Shell script to start the VM.
- startVM =
- ''
- #! ${pkgs.stdenv.shell}
+ boot.initrd.supportedFilesystems = optional cfg.writableStore "unionfs-fuse";
- NIX_DISK_IMAGE=$(readlink -f ''${NIX_DISK_IMAGE:-${config.virtualisation.diskImage}})
+ boot.initrd.extraUtilsCommands =
+ ''
+ # We need mke2fs in the initrd.
+ cp ${pkgs.e2fsprogs}/sbin/mke2fs $out/bin
+ '';
- if ! test -e "$NIX_DISK_IMAGE"; then
- ${pkgs.qemu_kvm}/bin/qemu-img create -f qcow2 "$NIX_DISK_IMAGE" \
- ${toString config.virtualisation.diskSize}M || exit 1
- fi
+ boot.initrd.postDeviceCommands =
+ ''
+ # If the disk image appears to be empty, run mke2fs to
+ # initialise.
+ FSTYPE=$(blkid -o value -s TYPE /dev/vda || true)
+ if test -z "$FSTYPE"; then
+ mke2fs -t ext4 /dev/vda
+ fi
+ '';
- # Create a directory for exchanging data with the VM.
- if [ -z "$TMPDIR" -o -z "$USE_TMPDIR" ]; then
- TMPDIR=$(mktemp -d nix-vm.XXXXXXXXXX --tmpdir)
- fi
- cd $TMPDIR
- mkdir -p $TMPDIR/xchg
+ boot.initrd.postMountCommands =
+ ''
+ # Mark this as a NixOS machinex.
+ mkdir -p $targetRoot/etc
+ echo -n > $targetRoot/etc/NIXOS
- idx=2
- extraDisks=""
- ${flip concatMapStrings cfg.emptyDiskImages (size: ''
- ${pkgs.qemu_kvm}/bin/qemu-img create -f raw "empty$idx" "${toString size}M"
- extraDisks="$extraDisks -drive index=$idx,file=$(pwd)/empty$idx,if=virtio,werror=report"
- idx=$((idx + 1))
- '')}
+ # Fix the permissions on /tmp.
+ chmod 1777 $targetRoot/tmp
- # Start QEMU.
- # "-boot menu=on" is there, because I don't know how to make qemu boot from 2nd hd.
- exec ${pkgs.qemu_kvm}/bin/qemu-kvm \
- -name ${vmName} \
- -m ${toString config.virtualisation.memorySize} \
- ${optionalString (pkgs.stdenv.system == "x86_64-linux") "-cpu kvm64"} \
- -net nic,vlan=0,model=virtio \
- -net user,vlan=0''${QEMU_NET_OPTS:+,$QEMU_NET_OPTS} \
- -virtfs local,path=/nix/store,security_model=none,mount_tag=store \
- -virtfs local,path=$TMPDIR/xchg,security_model=none,mount_tag=xchg \
- -virtfs local,path=''${SHARED_DIR:-$TMPDIR/xchg},security_model=none,mount_tag=shared \
- ${if cfg.useBootLoader then ''
- -drive index=0,id=drive1,file=$NIX_DISK_IMAGE,if=virtio,cache=writeback,werror=report \
- -drive index=1,id=drive2,file=${bootDisk}/disk.img,if=virtio,readonly \
- -boot menu=on
+ mkdir -p $targetRoot/boot
+ mount -o remount,ro $targetRoot/nix/store
+ ${optionalString cfg.writableStore ''
+ mkdir -p /unionfs-chroot/ro-store
+ mount --rbind $targetRoot/nix/store /unionfs-chroot/ro-store
+
+ mkdir /unionfs-chroot/rw-store
+ ${if cfg.writableStoreUseTmpfs then ''
+ mount -t tmpfs -o "mode=755" none /unionfs-chroot/rw-store
'' else ''
- -drive file=$NIX_DISK_IMAGE,if=virtio,cache=writeback,werror=report \
- -kernel ${config.system.build.toplevel}/kernel \
- -initrd ${config.system.build.toplevel}/initrd \
- -append "$(cat ${config.system.build.toplevel}/kernel-params) init=${config.system.build.toplevel}/init regInfo=${regInfo} ${kernelConsole} $QEMU_KERNEL_PARAMS" \
- ''} \
- $extraDisks \
- ${qemuGraphics} \
- ${toString config.virtualisation.qemu.options} \
- $QEMU_OPTS
- '';
+ mkdir $targetRoot/.nix-rw-store
+ mount --bind $targetRoot/.nix-rw-store /unionfs-chroot/rw-store
+ ''}
-
- regInfo = pkgs.runCommand "reginfo"
- { exportReferencesGraph =
- map (x: [("closure-" + baseNameOf x) x]) config.virtualisation.pathsInNixDB;
- buildInputs = [ pkgs.perl ];
- preferLocalBuild = true;
- }
- ''
- printRegistration=1 perl ${pkgs.pathsFromGraph} closure-* > $out
- '';
-
-
- # Generate a hard disk image containing a /boot partition and GRUB
- # in the MBR. Used when the `useBootLoader' option is set.
- bootDisk =
- pkgs.vmTools.runInLinuxVM (
- pkgs.runCommand "nixos-boot-disk"
- { preVM =
- ''
- mkdir $out
- diskImage=$out/disk.img
- ${pkgs.qemu_kvm}/bin/qemu-img create -f qcow2 $diskImage "32M"
- '';
- buildInputs = [ pkgs.utillinux ];
- }
- ''
- # Create a single /boot partition.
- ${pkgs.parted}/sbin/parted /dev/vda mklabel msdos
- ${pkgs.parted}/sbin/parted /dev/vda -- mkpart primary ext2 1M -1s
- . /sys/class/block/vda1/uevent
- mknod /dev/vda1 b $MAJOR $MINOR
- . /sys/class/block/vda/uevent
- ${pkgs.e2fsprogs}/sbin/mkfs.ext4 -L boot /dev/vda1
- ${pkgs.e2fsprogs}/sbin/tune2fs -c 0 -i 0 /dev/vda1
-
- # Mount /boot.
- mkdir /boot
- mount /dev/vda1 /boot
-
- # This is needed for GRUB 0.97, which doesn't know about virtio devices.
- mkdir /boot/grub
- echo '(hd0) /dev/vda' > /boot/grub/device.map
-
- # Install GRUB and generate the GRUB boot menu.
- touch /etc/NIXOS
- mkdir -p /nix/var/nix/profiles
- ${config.system.build.toplevel}/bin/switch-to-configuration boot
-
- umount /boot
- ''
- );
-
-in
-
-{
- require = [ options ../profiles/qemu-guest.nix ];
-
- boot.loader.grub.device = mkOverride 50 "/dev/vda";
-
- boot.initrd.supportedFilesystems = optional cfg.writableStore "unionfs-fuse";
-
- boot.initrd.extraUtilsCommands =
- ''
- # We need mke2fs in the initrd.
- cp ${pkgs.e2fsprogs}/sbin/mke2fs $out/bin
- '';
-
- boot.initrd.postDeviceCommands =
- ''
- # If the disk image appears to be empty, run mke2fs to
- # initialise.
- FSTYPE=$(blkid -o value -s TYPE /dev/vda || true)
- if test -z "$FSTYPE"; then
- mke2fs -t ext4 /dev/vda
- fi
- '';
-
- boot.initrd.postMountCommands =
- ''
- # Mark this as a NixOS machinex.
- mkdir -p $targetRoot/etc
- echo -n > $targetRoot/etc/NIXOS
-
- # Fix the permissions on /tmp.
- chmod 1777 $targetRoot/tmp
-
- mkdir -p $targetRoot/boot
- mount -o remount,ro $targetRoot/nix/store
- ${optionalString cfg.writableStore ''
- mkdir -p /unionfs-chroot/ro-store
- mount --rbind $targetRoot/nix/store /unionfs-chroot/ro-store
-
- mkdir /unionfs-chroot/rw-store
- ${if cfg.writableStoreUseTmpfs then ''
- mount -t tmpfs -o "mode=755" none /unionfs-chroot/rw-store
- '' else ''
- mkdir $targetRoot/.nix-rw-store
- mount --bind $targetRoot/.nix-rw-store /unionfs-chroot/rw-store
+ unionfs -o allow_other,cow,nonempty,chroot=/unionfs-chroot,max_files=32768,hide_meta_files /rw-store=RW:/ro-store=RO $targetRoot/nix/store
''}
+ '';
- unionfs -o allow_other,cow,nonempty,chroot=/unionfs-chroot,max_files=32768,hide_meta_files /rw-store=RW:/ro-store=RO $targetRoot/nix/store
- ''}
- '';
+ # After booting, register the closure of the paths in
+ # `virtualisation.pathsInNixDB' in the Nix database in the VM. This
+ # allows Nix operations to work in the VM. The path to the
+ # registration file is passed through the kernel command line to
+ # allow `system.build.toplevel' to be included. (If we had a direct
+ # reference to ${regInfo} here, then we would get a cyclic
+ # dependency.)
+ boot.postBootCommands =
+ ''
+ if [[ "$(cat /proc/cmdline)" =~ regInfo=([^ ]*) ]]; then
+ ${config.environment.nix}/bin/nix-store --load-db < ''${BASH_REMATCH[1]}
+ fi
+ '';
- # After booting, register the closure of the paths in
- # `virtualisation.pathsInNixDB' in the Nix database in the VM. This
- # allows Nix operations to work in the VM. The path to the
- # registration file is passed through the kernel command line to
- # allow `system.build.toplevel' to be included. (If we had a direct
- # reference to ${regInfo} here, then we would get a cyclic
- # dependency.)
- boot.postBootCommands =
- ''
- if [[ "$(cat /proc/cmdline)" =~ regInfo=([^ ]*) ]]; then
- ${config.environment.nix}/bin/nix-store --load-db < ''${BASH_REMATCH[1]}
- fi
- '';
+ virtualisation.pathsInNixDB = [ config.system.build.toplevel ];
- virtualisation.pathsInNixDB = [ config.system.build.toplevel ];
+ virtualisation.qemu.options = [ "-vga std" "-usbdevice tablet" ];
- virtualisation.qemu.options = [ "-vga std" "-usbdevice tablet" ];
+ # Mount the host filesystem via 9P, and bind-mount the Nix store of
+ # the host into our own filesystem. We use mkOverride to allow this
+ # module to be applied to "normal" NixOS system configuration, where
+ # the regular value for the `fileSystems' attribute should be
+ # disregarded for the purpose of building a VM test image (since
+ # those filesystems don't exist in the VM).
+ fileSystems = mkOverride 10
+ { "/".device = "/dev/vda";
+ "/nix/store" =
+ { device = "store";
+ fsType = "9p";
+ options = "trans=virtio,version=9p2000.L,msize=1048576,cache=loose";
+ };
+ "/tmp/xchg" =
+ { device = "xchg";
+ fsType = "9p";
+ options = "trans=virtio,version=9p2000.L,msize=1048576,cache=loose";
+ neededForBoot = true;
+ };
+ "/tmp/shared" =
+ { device = "shared";
+ fsType = "9p";
+ options = "trans=virtio,version=9p2000.L,msize=1048576";
+ neededForBoot = true;
+ };
+ } // optionalAttrs cfg.useBootLoader
+ { "/boot" =
+ { device = "/dev/disk/by-label/boot";
+ fsType = "ext4";
+ options = "ro";
+ noCheck = true; # fsck fails on a r/o filesystem
+ };
+ };
- # Mount the host filesystem via 9P, and bind-mount the Nix store of
- # the host into our own filesystem. We use mkOverride to allow this
- # module to be applied to "normal" NixOS system configuration, where
- # the regular value for the `fileSystems' attribute should be
- # disregarded for the purpose of building a VM test image (since
- # those filesystems don't exist in the VM).
- fileSystems = mkOverride 10
- { "/".device = "/dev/vda";
- "/nix/store" =
- { device = "store";
- fsType = "9p";
- options = "trans=virtio,version=9p2000.L,msize=1048576,cache=loose";
- };
- "/tmp/xchg" =
- { device = "xchg";
- fsType = "9p";
- options = "trans=virtio,version=9p2000.L,msize=1048576,cache=loose";
- neededForBoot = true;
- };
- "/tmp/shared" =
- { device = "shared";
- fsType = "9p";
- options = "trans=virtio,version=9p2000.L,msize=1048576";
- neededForBoot = true;
- };
- } // optionalAttrs cfg.useBootLoader
- { "/boot" =
- { device = "/dev/disk/by-label/boot";
- fsType = "ext4";
- options = "ro";
- noCheck = true; # fsck fails on a r/o filesystem
- };
- };
+ swapDevices = mkOverride 50 [ ];
- swapDevices = mkOverride 50 [ ];
+ # Don't run ntpd in the guest. It should get the correct time from KVM.
+ services.ntp.enable = false;
- # Don't run ntpd in the guest. It should get the correct time from KVM.
- services.ntp.enable = false;
+ system.build.vm = pkgs.runCommand "nixos-vm" { preferLocalBuild = true; }
+ ''
+ ensureDir $out/bin
+ ln -s ${config.system.build.toplevel} $out/system
+ ln -s ${pkgs.writeScript "run-nixos-vm" startVM} $out/bin/run-${vmName}-vm
+ '';
- system.build.vm = pkgs.runCommand "nixos-vm" { preferLocalBuild = true; }
- ''
- ensureDir $out/bin
- ln -s ${config.system.build.toplevel} $out/system
- ln -s ${pkgs.writeScript "run-nixos-vm" startVM} $out/bin/run-${vmName}-vm
- '';
+ # When building a regular system configuration, override whatever
+ # video driver the host uses.
+ services.xserver.videoDriver = mkOverride 50 null;
+ services.xserver.videoDrivers = mkOverride 50 [ "vesa" ];
+ services.xserver.defaultDepth = mkOverride 50 0;
+ services.xserver.resolutions = mkOverride 50 [ { x = 1024; y = 768; } ];
+ services.xserver.monitorSection =
+ ''
+ # Set a higher refresh rate so that resolutions > 800x600 work.
+ HorizSync 30-140
+ VertRefresh 50-160
+ '';
- # When building a regular system configuration, override whatever
- # video driver the host uses.
- services.xserver.videoDriver = mkOverride 50 null;
- services.xserver.videoDrivers = mkOverride 50 [ "vesa" ];
- services.xserver.defaultDepth = mkOverride 50 0;
- services.xserver.resolutions = mkOverride 50 [ { x = 1024; y = 768; } ];
- services.xserver.monitorSection =
- ''
- # Set a higher refresh rate so that resolutions > 800x600 work.
- HorizSync 30-140
- VertRefresh 50-160
- '';
+ # Wireless won't work in the VM.
+ networking.wireless.enable = mkOverride 50 false;
- # Wireless won't work in the VM.
- networking.wireless.enable = mkOverride 50 false;
+ system.requiredKernelConfig = with config.lib.kernelConfig;
+ [ (isEnabled "VIRTIO_BLK")
+ (isEnabled "VIRTIO_PCI")
+ (isEnabled "VIRTIO_NET")
+ (isEnabled "EXT4_FS")
+ (isYes "BLK_DEV")
+ (isYes "PCI")
+ (isYes "EXPERIMENTAL")
+ (isYes "NETDEVICES")
+ (isYes "NET_CORE")
+ (isYes "INET")
+ (isYes "NETWORK_FILESYSTEMS")
+ ] ++ optional (!cfg.graphics) [
+ (isYes "SERIAL_8250_CONSOLE")
+ (isYes "SERIAL_8250")
+ ];
- system.requiredKernelConfig = with config.lib.kernelConfig;
- [ (isEnabled "VIRTIO_BLK")
- (isEnabled "VIRTIO_PCI")
- (isEnabled "VIRTIO_NET")
- (isEnabled "EXT4_FS")
- (isYes "BLK_DEV")
- (isYes "PCI")
- (isYes "EXPERIMENTAL")
- (isYes "NETDEVICES")
- (isYes "NET_CORE")
- (isYes "INET")
- (isYes "NETWORK_FILESYSTEMS")
- ] ++ optional (!cfg.graphics) [
- (isYes "SERIAL_8250_CONSOLE")
- (isYes "SERIAL_8250")
- ];
+ };
}
diff --git a/tests/firefox.nix b/tests/firefox.nix
index adb936dc1ae..d6599be13c9 100644
--- a/tests/firefox.nix
+++ b/tests/firefox.nix
@@ -5,7 +5,7 @@
machine =
{ config, pkgs, ... }:
- { require = [ ./common/x11.nix ];
+ { imports = [ ./common/x11.nix ];
environment.systemPackages = [ pkgs.firefox ];
};
diff --git a/tests/installer.nix b/tests/installer.nix
index 8488726efe0..5c61439248f 100644
--- a/tests/installer.nix
+++ b/tests/installer.nix
@@ -37,7 +37,7 @@ let
''
{ config, pkgs, modulesPath, ... }:
- { require =
+ { imports =
[ ./hardware.nix
"''${modulesPath}/testing/test-instrumentation.nix"
];
diff --git a/tests/kde4.nix b/tests/kde4.nix
index fabad89c342..3fb35bbab09 100644
--- a/tests/kde4.nix
+++ b/tests/kde4.nix
@@ -5,7 +5,7 @@
machine =
{ config, pkgs, ... }:
- { require = [ ./common/user-account.nix ];
+ { imports = [ ./common/user-account.nix ];
virtualisation.memorySize = 768;
diff --git a/tests/quake3.nix b/tests/quake3.nix
index 041cfdb29ae..92501107780 100644
--- a/tests/quake3.nix
+++ b/tests/quake3.nix
@@ -17,7 +17,7 @@ rec {
client =
{ config, pkgs, ... }:
- { require = [ ./common/x11.nix ];
+ { imports = [ ./common/x11.nix ];
services.xserver.driSupport = true;
services.xserver.defaultDepth = pkgs.lib.mkOverride 0 16;
environment.systemPackages = [ pkgs.quake3demo ];
diff --git a/tests/trac.nix b/tests/trac.nix
index 7f05103d754..72442c885ac 100644
--- a/tests/trac.nix
+++ b/tests/trac.nix
@@ -3,9 +3,8 @@
{
nodes = {
storage =
- {pkgs, config, ...}:
- {
- services.nfs.server.enable = true;
+ { config, pkgs, ... }:
+ { services.nfs.server.enable = true;
services.nfs.server.exports = ''
/repos 192.168.1.0/255.255.255.0(rw,no_root_squash)
'';
@@ -13,10 +12,8 @@
};
postgresql =
- {config, pkgs, ...}:
- {
- services.openssh.enable = true;
- services.postgresql.enable = true;
+ { config, pkgs, ... }:
+ { services.postgresql.enable = true;
services.postgresql.package = pkgs.postgresql92;
services.postgresql.enableTCPIP = true;
services.postgresql.authentication = ''
@@ -29,15 +26,13 @@
};
webserver =
- {config, pkgs, ...}:
- {
- fileSystems = pkgs.lib.mkOverride 50
+ { config, pkgs, ... }:
+ { fileSystems = pkgs.lib.mkOverride 50
[ { mountPoint = "/repos";
device = "storage:/repos";
fsType = "nfs";
}
];
-
services.httpd.enable = true;
services.httpd.adminAddr = "root@localhost";
services.httpd.extraSubservices = [ { serviceType = "trac"; } ];
@@ -45,9 +40,8 @@
};
client =
- {config, pkgs, ...}:
- {
- require = [ ./common/x11.nix ];
+ { config, pkgs, ... }:
+ { imports = [ ./common/x11.nix ];
services.xserver.desktopManager.kde4.enable = true;
};
};
diff --git a/tests/xfce.nix b/tests/xfce.nix
index 706456143fb..9f9692f8a01 100644
--- a/tests/xfce.nix
+++ b/tests/xfce.nix
@@ -5,7 +5,7 @@
machine =
{ config, pkgs, ... }:
- { require = [ ./common/user-account.nix ];
+ { imports = [ ./common/user-account.nix ];
services.xserver.enable = true;