diff --git a/modules/config/networking.nix b/modules/config/networking.nix index 757bb9e85e0..a91ce9c59e2 100644 --- a/modules/config/networking.nix +++ b/modules/config/networking.nix @@ -68,6 +68,9 @@ in # Invalidate the nscd cache whenever resolv.conf is # regenerated. libc_restart='${pkgs.systemd}/bin/systemctl start invalidate-nscd.service' + '' + optionalString config.services.bind.enable '' + # This hosts runs a full-blown DNS resolver. + name_servers='127.0.0.1' '' ); target = "resolvconf.conf"; } diff --git a/modules/config/shells.nix b/modules/config/shells.nix index 6286223752a..b0a946a8e6e 100644 --- a/modules/config/shells.nix +++ b/modules/config/shells.nix @@ -13,6 +13,7 @@ with pkgs.lib; { target = "shells"; source = pkgs.writeText "shells" '' + /run/current-system/sw/bin/bash /var/run/current-system/sw/bin/bash /bin/sh ''; diff --git a/modules/config/system-path.nix b/modules/config/system-path.nix index 7651f4760ca..3969be68098 100644 --- a/modules/config/system-path.nix +++ b/modules/config/system-path.nix @@ -1,5 +1,5 @@ # This module defines the packages that appear in -# /var/run/current-system/sw. +# /run/current-system/sw. { config, pkgs, ... }: @@ -64,7 +64,7 @@ let example = "[ pkgs.icecat3 pkgs.thunderbird ]"; description = '' The set of packages that appear in - /var/run/current-system/sw. These packages are + /run/current-system/sw. These packages are automatically available to all users, and are automatically updated every time you rebuild the system configuration. (The latter is the main difference with @@ -79,7 +79,7 @@ let default = []; example = ["/"]; description = " - Lists directories to be symlinked in `/var/run/current-system/sw'. + Lists directories to be symlinked in `/run/current-system/sw'. "; }; }; diff --git a/modules/config/timezone.nix b/modules/config/timezone.nix index 5dcf38c462d..38c698bc21c 100644 --- a/modules/config/timezone.nix +++ b/modules/config/timezone.nix @@ -5,13 +5,21 @@ with pkgs.lib; { options = { - time.timeZone = mkOption { - default = "CET"; - type = with types; uniq string; - example = "America/New_York"; - description = "The time zone used when displaying times and dates."; - }; + time = { + + timeZone = mkOption { + default = "CET"; + type = with types; uniq string; + example = "America/New_York"; + description = "The time zone used when displaying times and dates."; + }; + hardwareClockInLocalTime = mkOption { + default = false; + description = "If set, keep the hardware clock in local time instead of UTC."; + }; + + }; }; config = { diff --git a/modules/config/users-groups.nix b/modules/config/users-groups.nix index beb21734652..598d68eb91d 100644 --- a/modules/config/users-groups.nix +++ b/modules/config/users-groups.nix @@ -48,7 +48,7 @@ let shell = mkOption { type = with types; uniq string; - default = "/var/run/current-system/sw/sbin/nologin"; + default = "/run/current-system/sw/sbin/nologin"; description = "The path to the user's shell."; }; diff --git a/modules/hardware/network/b43.nix b/modules/hardware/network/b43.nix new file mode 100644 index 00000000000..077e0a1e11e --- /dev/null +++ b/modules/hardware/network/b43.nix @@ -0,0 +1,30 @@ +{pkgs, config, ...}: + +let kernelVersion = config.boot.kernelPackages.kernel.version; in + +{ + + ###### interface + + options = { + + networking.enableB43Firmware = pkgs.lib.mkOption { + default = false; + type = pkgs.lib.types.bool; + description = '' + Turn on this option if you want firmware for the NICs supported by the b43 module. + ''; + }; + + }; + + + ###### implementation + + config = pkgs.lib.mkIf config.networking.enableB43Firmware { + hardware.firmware = if builtins.lessThan (builtins.compareVersions kernelVersion "3.2") 0 then + throw "b43 firmware for kernels older than 3.2 not packaged yet!" else + [ pkgs.b43Firmware_5_1_138 ]; + }; + +} diff --git a/modules/installer/cd-dvd/iso-image.nix b/modules/installer/cd-dvd/iso-image.nix index cf76151c2ae..c1094daa49f 100644 --- a/modules/installer/cd-dvd/iso-image.nix +++ b/modules/installer/cd-dvd/iso-image.nix @@ -122,12 +122,12 @@ let efiShell = if pkgs.stdenv.isi686 then pkgs.fetchurl { url = "https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2/EdkShellBinPkg/FullShell/Ia32/Shell_Full.efi"; - sha256 = "0ymm3mbbwx9f6cq0bp2nr7ikyagxgsg4sjs5q1s4xbnms27slwjq"; + sha256 = "1gv6kyaspczdp7x8qnx5x76ilriaygkfs99ay7ihhdi6riclkhfl"; } else pkgs.fetchurl { url = "https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2/EdkShellBinPkg/FullShell/X64/Shell_Full.efi"; - sha256 = "1xchy8a05mgqzr82mmahdni0jbxsz6xf6vm2bg1bch9i6l72qgmh"; + sha256 = "1g18z84rlavxr5gsrh2g942rfr6znv9fs3fqww5m7dhmnysgyv8p"; }; # The efi boot image @@ -312,7 +312,7 @@ in # nixos-rebuild also requires a "system" profile and an # /etc/NIXOS tag. touch /etc/NIXOS - ${config.environment.nix}/bin/nix-env -p /nix/var/nix/profiles/system --set /var/run/current-system + ${config.environment.nix}/bin/nix-env -p /nix/var/nix/profiles/system --set /run/current-system ''; # Add vfat support to the initrd to enable people to copy the diff --git a/modules/installer/cd-dvd/system-tarball.nix b/modules/installer/cd-dvd/system-tarball.nix index daffb94bc53..e0cbfd6e713 100644 --- a/modules/installer/cd-dvd/system-tarball.nix +++ b/modules/installer/cd-dvd/system-tarball.nix @@ -50,7 +50,7 @@ in # script and the top-level system configuration directory. tarball.storeContents = [ { object = config.system.build.toplevel; - symlink = "/var/run/current-system"; + symlink = "/run/current-system"; } ]; @@ -87,6 +87,6 @@ in # nixos-rebuild also requires a "system" profile and an # /etc/NIXOS tag. touch /etc/NIXOS - ${config.environment.nix}/bin/nix-env -p /nix/var/nix/profiles/system --set /var/run/current-system + ${config.environment.nix}/bin/nix-env -p /nix/var/nix/profiles/system --set /run/current-system ''; } diff --git a/modules/installer/efi-boot-stub/efi-boot-stub.nix b/modules/installer/efi-boot-stub/efi-boot-stub.nix index c12078e2a91..1ca3cb0001e 100644 --- a/modules/installer/efi-boot-stub/efi-boot-stub.nix +++ b/modules/installer/efi-boot-stub/efi-boot-stub.nix @@ -90,12 +90,12 @@ let if pkgs.stdenv.isi686 then pkgs.fetchurl { url = "https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2/EdkShellBinPkg/FullShell/Ia32/Shell_Full.efi"; - sha256 = "0ymm3mbbwx9f6cq0bp2nr7ikyagxgsg4sjs5q1s4xbnms27slwjq"; + sha256 = "1gv6kyaspczdp7x8qnx5x76ilriaygkfs99ay7ihhdi6riclkhfl"; } else pkgs.fetchurl { url = "https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2/EdkShellBinPkg/FullShell/X64/Shell_Full.efi"; - sha256 = "1xchy8a05mgqzr82mmahdni0jbxsz6xf6vm2bg1bch9i6l72qgmh"; + sha256 = "1g18z84rlavxr5gsrh2g942rfr6znv9fs3fqww5m7dhmnysgyv8p"; } else null; diff --git a/modules/installer/tools/nixos-rebuild.sh b/modules/installer/tools/nixos-rebuild.sh index 22aa847e192..72661cf4773 100644 --- a/modules/installer/tools/nixos-rebuild.sh +++ b/modules/installer/tools/nixos-rebuild.sh @@ -128,8 +128,7 @@ if [ -n "$pullManifest" -o "$action" = pull ]; then set -o pipefail manifests=$(nix-instantiate --eval-only --xml --strict '' -A manifests \ | grep ' ${exprToConfig value}"; + + repeatedAttrsToConfig = values: + concatStringsSep "\n" (map valueToConfig values); + + attrsToConfig = attrs: + let + attrToConfig = name: valueToConfig { + inherit name; + value = (getAttr name attrs); + }; + in + concatStringsSep "\n" (map attrToConfig (attrNames attrs)); + + exprToConfig = expr: + let + isCustomType = expr: (isAttrs expr) && (expr ? __type); + + isFloat = expr: (isCustomType expr) && (expr.__type == "float"); + + isHash = expr: (isCustomType expr) && (expr.__type == "hash"); + + isRepeatedAttrs = expr: (isCustomType expr) && (expr.__type == "repeated"); + in + if builtins.isBool expr then (if expr then "true" else "false") else + if builtins.isString expr then ''"${expr}"'' else + if builtins.isInt expr then toString expr else + if isFloat expr then expr.value else + if isList expr then listToConfig expr else + if isHash expr then hashToConfig expr.value else + if isRepeatedAttrs expr then repeatedAttrsToConfig expr.values + else attrsToConfig expr; + + mergeConfigs = configs: + let + op = attrs: newAttrs: + let + isRepeated = newAttrs ? __type && newAttrs.__type == "repeated"; + in { + values = attrs.values ++ (if isRepeated then newAttrs.values else + map (name: { inherit name; value = getAttr name newAttrs; }) + (attrNames newAttrs)); + }; + in (foldl op { values = []; } configs) // { __type = "repeated"; }; + +in + +{ + ###### interface + + options = { + services.logstash = { + enable = mkOption { + default = false; + description = '' + Enable logstash. + ''; + }; + + inputConfig = mkOption { + default = {}; + description = '' + An attribute set (or an expression generated by mkNameValuePairs) + representing a logstash configuration's input section. + Logstash configs are name-value pairs, where values can be bools, + strings, numbers, arrays, hashes, or other name-value pairs, + and names are strings that can be repeated. Name-value pairs with no + repeats are represented by attr sets. Bools, strings, ints, and + arrays are mapped directly. Name-value pairs with repeats can be + generated by the config.lib.logstash.mkNameValuePairs function, which + takes a list of attrsets and combines them while preserving attribute + name duplicates if they occur. Similarly, there are the mkFloat and + mkHash functions, which take a string representation of a float and an + attrset, respectively. + ''; + merge = mergeConfigs; + }; + + filterConfig = mkOption { + default = {}; + description = '' + An attribute set (or an expression generated by mkNameValuePairs) + representing a logstash configuration's filter section. + See inputConfig description for details. + ''; + merge = mergeConfigs; + }; + + outputConfig = mkOption { + default = {}; + description = '' + An attribute set (or an expression generated by mkNameValuePairs) + representing a logstash configuration's output section. + See inputConfig description for details. + ''; + merge = mergeConfigs; + }; + }; + }; + + + ###### implementation + + config = mkMerge [ { + lib.logstash = { + mkFloat = stringRep: { __type = "float"; value = stringRep; }; + + mkHash = attrs: { __type = "hash"; value = attrs; }; + + mkNameValuePairs = mergeConfigs; + }; + } ( mkIf cfg.enable { + # Always log to stdout + services.logstash.outputConfig = { stdout = {}; }; + + jobs.logstash = with pkgs; { + description = "Logstash daemon"; + + path = [ jre ]; + + script = "cd /tmp && exec java -jar ${logstash} agent -f ${writeText "logstash.conf" '' + input { + ${exprToConfig cfg.inputConfig} + } + + filter { + ${exprToConfig cfg.filterConfig} + } + + output { + ${exprToConfig cfg.outputConfig} + } + ''}"; + }; + })]; +} diff --git a/modules/services/misc/disnix.nix b/modules/services/misc/disnix.nix index 645e92c39df..8d04c81ad68 100644 --- a/modules/services/misc/disnix.nix +++ b/modules/services/misc/disnix.nix @@ -130,7 +130,7 @@ in script = '' - export PATH=/var/run/current-system/sw/bin:/var/run/current-system/sw/sbin + export PATH=/run/current-system/sw/bin:/run/current-system/sw/sbin export HOME=/root ${pkgs.disnix}/bin/disnix-service --activation-modules-dir=${disnix_activation_scripts}/libexec/disnix/activation-scripts diff --git a/modules/services/monitoring/systemhealth.nix b/modules/services/monitoring/systemhealth.nix index 71389be5b2f..0a3e666ad4e 100644 --- a/modules/services/monitoring/systemhealth.nix +++ b/modules/services/monitoring/systemhealth.nix @@ -86,8 +86,8 @@ in [paths] rrdtool = ${pkgs.rrdtool}/bin/rrdtool loadavg_rrd = loadavg - ps = /var/run/current-system/sw/bin/ps - df = /var/run/current-system/sw/bin/df + ps = /run/current-system/sw/bin/ps + df = /run/current-system/sw/bin/df meminfo_rrd = meminfo uptime_rrd = uptime rrd_path = ${rrdDir} diff --git a/modules/services/network-filesystems/drbd.nix b/modules/services/network-filesystems/drbd.nix index 1c70d44f6ba..1a00ccab0a6 100644 --- a/modules/services/network-filesystems/drbd.nix +++ b/modules/services/network-filesystems/drbd.nix @@ -44,7 +44,7 @@ let cfg = config.services.drbd; in boot.extraModprobeConfig = '' - options drbd usermode_helper=/var/run/current-system/sw/sbin/drbdadm + options drbd usermode_helper=/run/current-system/sw/sbin/drbdadm ''; environment.etc = singleton diff --git a/modules/services/network-filesystems/samba.nix b/modules/services/network-filesystems/samba.nix index 7461d12d78b..2cf4e8c11ff 100644 --- a/modules/services/network-filesystems/samba.nix +++ b/modules/services/network-filesystems/samba.nix @@ -70,7 +70,7 @@ let environment = { LD_LIBRARY_PATH = nssModulesPath; TZ = config.time.timeZone; - LOCALE_ARCHIVE = "/var/run/current-system/sw/lib/locale/locale-archive"; + LOCALE_ARCHIVE = "/run/current-system/sw/lib/locale/locale-archive"; }; daemonType = "fork"; diff --git a/modules/services/networking/ssh/sshd.nix b/modules/services/networking/ssh/sshd.nix index 3bf4bf642fa..d89978a852c 100644 --- a/modules/services/networking/ssh/sshd.nix +++ b/modules/services/networking/ssh/sshd.nix @@ -92,7 +92,7 @@ let userLoop = flip concatMapStrings usersWithKeys (u: let authKeys = concatStringsSep "," u.openssh.authorizedKeys.keys; - authKeyFiles = concatStringsSep " " u.openssh.authorizedKeys.keyFiles; + authKeyFiles = concatStrings (map (x: " ${x}") u.openssh.authorizedKeys.keyFiles); preserveExisting = if u.openssh.authorizedKeys.preserveExistingKeys then "true" else "false"; in '' mkAuthKeysFile "${u.name}" "${authKeys}" "${authKeyFiles}" "${preserveExisting}" @@ -105,25 +105,34 @@ let local authKeyFiles="$3" local preserveExisting="$4" - eval authfile=~$userName/.ssh/authorized_keys - mkdir -p "$(dirname $authfile)" - touch "$authfile" + eval homeDir=~$userName + if ! [ -d "$homeDir" ]; then + echo "User $userName does not exist" + return + fi + if ! [ -d "$homeDir/.ssh" ]; then + mkdir -v -m 700 "$homeDir/.ssh" + chown "$userName":users "$homeDir/.ssh" + fi + local authKeysFile="$homeDir/.ssh/authorized_keys" + touch "$authKeysFile" if [ "$preserveExisting" == false ]; then - rm -f "$authfile" - echo "${marker2}" > "$authfile" + rm -f "$authKeysFile" + echo "${marker2}" > "$authKeysFile" else - sed -i '/${marker1}/ d' "$authfile" + sed -i '/${marker1}/ d' "$authKeysFile" fi IFS=, for f in $authKeys; do - echo "$f ${marker1}" >> "$authfile" + echo "$f ${marker1}" >> "$authKeysFile" done unset IFS for f in $authKeyFiles; do if [ -f "$f" ]; then - echo "$(cat "$f") ${marker1}" >> "$authfile" + echo "$(cat "$f") ${marker1}" >> "$authKeysFile" fi done + chown "$userName" "$authKeysFile" } ${userLoop} @@ -329,7 +338,7 @@ in path = [ pkgs.openssh ]; environment.LD_LIBRARY_PATH = nssModulesPath; - environment.LOCALE_ARCHIVE = "/var/run/current-system/sw/lib/locale/locale-archive"; + environment.LOCALE_ARCHIVE = "/run/current-system/sw/lib/locale/locale-archive"; preStart = '' diff --git a/modules/services/networking/wpa_supplicant.nix b/modules/services/networking/wpa_supplicant.nix index fe4fecaf0ba..5dc203fd177 100644 --- a/modules/services/networking/wpa_supplicant.nix +++ b/modules/services/networking/wpa_supplicant.nix @@ -18,7 +18,7 @@ in ###### interface options = { - + networking.WLANInterface = mkOption { default = ""; description = "Obsolete. Use instead."; @@ -44,7 +44,9 @@ in example = [ "wlan0" "wlan1" ]; description = '' The interfaces wpa_supplicant will use. If empty, it will - automatically use all wireless interfaces. + automatically use all wireless interfaces. (Note that auto-detection is currently + broken on Linux 3.4.x kernels. See http://github.com/NixOS/nixos/issues/10 for + further details.) ''; }; @@ -80,14 +82,14 @@ in ###### implementation - + config = mkIf cfg.enable { environment.systemPackages = [ pkgs.wpa_supplicant ]; services.dbus.packages = [ pkgs.wpa_supplicant ]; - jobs.wpa_supplicant = + jobs.wpa_supplicant = { startOn = "started network-interfaces"; stopOn = "stopping network-interfaces"; @@ -117,13 +119,13 @@ in exec wpa_supplicant -s -u ${optionalString (cfg.driver != "") "-D${cfg.driver}"} -c ${configFile} $ifaces ''; }; - + powerManagement.resumeCommands = '' ${config.system.build.upstart}/sbin/restart wpa_supplicant ''; - assertions = [{ assertion = !cfg.userControlled.enable || cfg.interfaces != []; + assertions = [{ assertion = !cfg.userControlled.enable || cfg.interfaces != []; message = "user controlled wpa_supplicant needs explicit networking.wireless.interfaces";}]; }; diff --git a/modules/services/scheduling/fcron.nix b/modules/services/scheduling/fcron.nix index 6d274bf5973..812af1edfc0 100644 --- a/modules/services/scheduling/fcron.nix +++ b/modules/services/scheduling/fcron.nix @@ -87,7 +87,7 @@ in fcrondeny = /etc/fcron.deny shell = /bin/sh sendmail = /var/setuid-wrappers/sendmail - editor = /var/run/current-system/sw/bin/vi + editor = /run/current-system/sw/bin/vi ''; target = "fcron.conf"; mode = "0600"; # max allowed is 644 @@ -104,7 +104,7 @@ in startOn = "startup and filesystem"; environment = - { PATH = "/var/run/current-system/sw/bin"; + { PATH = "/run/current-system/sw/bin"; }; preStart = diff --git a/modules/services/ttys/agetty.nix b/modules/services/ttys/agetty.nix index 43ee81481bf..42d276c9666 100644 --- a/modules/services/ttys/agetty.nix +++ b/modules/services/ttys/agetty.nix @@ -72,7 +72,7 @@ with pkgs.lib; [Service] Environment=TERM=linux - Environment=LOCALE_ARCHIVE=/var/run/current-system/sw/lib/locale/locale-archive + Environment=LOCALE_ARCHIVE=/run/current-system/sw/lib/locale/locale-archive ExecStart=@${pkgs.utillinux}/sbin/agetty agetty --noclear --login-program ${pkgs.shadow}/bin/login %I 38400 Type=idle Restart=always diff --git a/modules/services/web-servers/apache-httpd/default.nix b/modules/services/web-servers/apache-httpd/default.nix index 259847d0726..ceb93cd8b01 100644 --- a/modules/services/web-servers/apache-httpd/default.nix +++ b/modules/services/web-servers/apache-httpd/default.nix @@ -6,7 +6,9 @@ let mainCfg = config.services.httpd; - httpd = pkgs.apacheHttpd; + httpd = pkgs.apacheHttpd.override { mpm = mainCfg.multiProcessingModule; }; + + php = pkgs.php.override { apacheHttpd = httpd; }; getPort = cfg: if cfg.port != 0 then cfg.port else if cfg.enableSSL then 443 else 80; @@ -105,10 +107,11 @@ let # Other modules. "ext_filter" "include" "log_config" "env" "mime_magic" "cern_meta" "expires" "headers" "usertrack" /* "unique_id" */ "setenvif" - "mime" "dav" "status" "autoindex" "asis" "info" "cgi" "dav_fs" + "mime" "dav" "status" "autoindex" "asis" "info" "dav_fs" "vhost_alias" "negotiation" "dir" "imagemap" "actions" "speling" "userdir" "alias" "rewrite" "proxy" "proxy_http" ] + ++ (if mainCfg.multiProcessingModule == "prefork" then [ "cgi" ] else [ "cgid" ]) ++ optional enableSSL "ssl" ++ extraApacheModules; @@ -283,6 +286,11 @@ let PidFile ${mainCfg.stateDir}/httpd.pid + ${optionalString (mainCfg.multiProcessingModule != "prefork") '' + # mod_cgid requires this. + ScriptSock ${mainCfg.stateDir}/cgisock + ''} + MaxClients ${toString mainCfg.maxClients} MaxRequestsPerChild ${toString mainCfg.maxRequestsPerChild} @@ -302,7 +310,7 @@ let allModules = concatMap (svc: svc.extraModulesPre) allSubservices ++ map (name: {inherit name; path = "${httpd}/modules/mod_${name}.so";}) apacheModules - ++ optional enablePHP { name = "php5"; path = "${pkgs.php}/modules/libphp5.so"; } + ++ optional enablePHP { name = "php5"; path = "${php}/modules/libphp5.so"; } ++ concatMap (svc: svc.extraModules) allSubservices ++ extraForeignModules; in concatMapStrings load allModules @@ -373,7 +381,7 @@ let ([ mainCfg.phpOptions ] ++ (map (svc: svc.phpOptions) allSubservices)); } '' - cat ${pkgs.php}/etc/php-recommended.ini > $out + cat ${php}/etc/php-recommended.ini > $out echo "$options" >> $out ''; @@ -404,7 +412,7 @@ in extraModules = mkOption { default = []; - example = [ "proxy_connect" { name = "php5"; path = "${pkgs.php}/modules/libphp5.so"; } ]; + example = [ "proxy_connect" { name = "php5"; path = "${php}/modules/libphp5.so"; } ]; description = '' Specifies additional Apache modules. These can be specified as a string in the case of modules distributed with Apache, @@ -484,6 +492,23 @@ in "Options appended to the PHP configuration file php.ini."; }; + multiProcessingModule = mkOption { + default = "prefork"; + example = "worker"; + type = types.uniq types.string; + description = + '' + Multi-processing module to be used by Apache. Available + modules are prefork (the default; + handles each request in a separate child process), + worker (hybrid approach that starts a + number of child processes each running a number of + threads) and event (a recent variant of + worker that handles persistent + connections more efficiently). + ''; + }; + maxClients = mkOption { default = 150; example = 8; @@ -558,7 +583,8 @@ in preStart = '' - mkdir -m 0700 -p ${mainCfg.stateDir} + mkdir -m 0750 -p ${mainCfg.stateDir} + chown root.wwwrun ${mainCfg.stateDir} mkdir -m 0700 -p ${mainCfg.logDir} ${optionalString (mainCfg.documentRoot != null) @@ -582,9 +608,7 @@ in done ''; - daemonType = "fork"; - - exec = "httpd -f ${httpdConf}"; + exec = "httpd -f ${httpdConf} -DNO_DETACH"; preStop = '' diff --git a/modules/services/web-servers/apache-httpd/mediawiki.nix b/modules/services/web-servers/apache-httpd/mediawiki.nix index d45d477b671..9f321b173d3 100644 --- a/modules/services/web-servers/apache-httpd/mediawiki.nix +++ b/modules/services/web-servers/apache-httpd/mediawiki.nix @@ -4,16 +4,6 @@ with pkgs.lib; let - src_clean_skin = pkgs.fetchurl { - url = "http://lastlog.de/misc/clean-1.01.tar.gz"; - sha256 = "5fb1736b64b33ca3429d035f1358cf8217da2d02019d8a80b14c7985367f659f"; - }; - - src_nixos_skin = pkgs.fetchurl { - url = "http://lastlog.de/misc/nixos-1.0.tar.gz"; - sha256 = "413b0f451bde81ac2dd0bede17dd088f9abcd0f3cea1722279311ca648a855cf"; - }; - mediawikiConfig = pkgs.writeText "LocalSettings.php" '' /dev/null || echo 0) +oldVersion=$(cat /run/current-system/upstart-interface-version 2> /dev/null || echo 0) newVersion=$(cat @out@/upstart-interface-version 2> /dev/null || echo 0) if test "$oldVersion" -ne "$newVersion"; then diff --git a/modules/system/boot/modprobe.nix b/modules/system/boot/modprobe.nix index 1b34e78ab78..03d9222af21 100644 --- a/modules/system/boot/modprobe.nix +++ b/modules/system/boot/modprobe.nix @@ -23,7 +23,7 @@ with pkgs.lib; # modules in the current configuration don't match the # running kernel. if [ ! -d "$MODULE_DIR/$(${pkgs.coreutils}/bin/uname -r)" ]; then - MODULE_DIR=/var/run/booted-system/kernel-modules/lib/modules/ + MODULE_DIR=/run/booted-system/kernel-modules/lib/modules/ fi exec ${pkgs.kmod}/sbin/modprobe "$@" diff --git a/modules/system/boot/stage-2-init.sh b/modules/system/boot/stage-2-init.sh index 5c915db08e0..e8b01788900 100644 --- a/modules/system/boot/stage-2-init.sh +++ b/modules/system/boot/stage-2-init.sh @@ -143,12 +143,12 @@ $systemConfig/activate # Record the boot configuration. -ln -sfn "$systemConfig" /var/run/booted-system +ln -sfn "$systemConfig" /run/booted-system # Prevent the booted system form being garbage-collected If it weren't # a gcroot, if we were running a different kernel, switched system, # and garbage collected all, we could not load kernel modules anymore. -ln -sfn /var/run/booted-system /nix/var/nix/gcroots/booted-system +ln -sfn /run/booted-system /nix/var/nix/gcroots/booted-system # Run any user-specified commands. @@ -177,6 +177,6 @@ fi # Start systemd. echo "starting systemd..." -PATH=/var/run/current-system/systemd/lib/systemd \ - MODULE_DIR=/var/run/current-system/kernel-modules/lib/modules \ +PATH=/run/current-system/systemd/lib/systemd \ + MODULE_DIR=/run/current-system/kernel-modules/lib/modules \ exec systemd --log-target journal # --log-level debug --crash-shell diff --git a/modules/system/upstart-events/shutdown.nix b/modules/system/upstart-events/shutdown.nix new file mode 100644 index 00000000000..59fbcc0d878 --- /dev/null +++ b/modules/system/upstart-events/shutdown.nix @@ -0,0 +1,162 @@ +{ config, pkgs, ... }: + +with pkgs.lib; + +{ + + jobs.shutdown = + { name = "shutdown"; + + task = true; + + stopOn = ""; # must override the default ("starting shutdown") + + environment = { MODE = "poweroff"; }; + + extraConfig = "console owner"; + + script = + '' + set +e # continue in case of errors + + ${pkgs.kbd}/bin/chvt 1 + + exec < /dev/console > /dev/console 2>&1 + echo "" + if test "$MODE" = maintenance; then + echo "<<< Entering maintenance mode >>>" + else + echo "<<< System shutdown >>>" + fi + echo "" + + ${config.powerManagement.powerDownCommands} + + export PATH=${pkgs.utillinux}/bin:${pkgs.utillinux}/sbin:$PATH + + + # Do an initial sync just in case. + sync + + + # Kill all remaining processes except init, this one and any + # Upstart jobs that don't stop on the "starting shutdown" + # event, as these are necessary to complete the shutdown. + omittedPids=$(initctl list | sed -e 's/.*process \([0-9]\+\)/-o \1/;t;d') + #echo "saved PIDs: $omittedPids" + + echo "sending the TERM signal to all processes..." + ${pkgs.sysvtools}/bin/killall5 -15 $job $omittedPids + + sleep 1 # wait briefly + + echo "sending the KILL signal to all processes..." + ${pkgs.sysvtools}/bin/killall5 -9 $job $omittedPids + + + # If maintenance mode is requested, start a root shell, and + # afterwards emit the "startup" event to bring everything + # back up. + if test "$MODE" = maintenance; then + echo "" + echo "<<< Maintenance shell >>>" + echo "" + ${pkgs.shadow}/bin/login root + initctl emit -n startup + exit 0 + fi + + + # Write a shutdown record to wtmp while /var/log is still writable. + reboot --wtmp-only + + + # Set the hardware clock to the system time. + echo "setting the hardware clock..." + hwclock --systohc ${if config.time.hardwareClockInLocalTime then "--localtime" else "--utc"} + + + # Stop all swap devices. + swapoff -a + + + # Unmount file systems. We repeat this until no more file systems + # can be unmounted. This is to handle loopback devices, file + # systems mounted on other file systems and so on. + tryAgain=1 + while test -n "$tryAgain"; do + tryAgain= + failed= # list of mount points that couldn't be unmounted/remounted + + # Get rid of loopback devices. + loDevices=$(losetup -a | sed 's#^\(/dev/loop[0-9]\+\).*#\1#') + if [ -n "$loDevices" ]; then + echo "removing loopback devices $loDevices..." + losetup -d $loDevices + fi + + cp /proc/mounts /dev/.mounts # don't read /proc/mounts while it's changing + exec 4< /dev/.mounts + while read -u 4 device mp fstype options rest; do + # Skip various special filesystems. Non-existent + # mount points are typically tmpfs/aufs mounts from + # the initrd. + if [ "$mp" = /proc -o "$mp" = /sys -o "$mp" = /dev -o "$device" = "rootfs" -o "$mp" = /run -o "$mp" = /var/run -o "$mp" = /var/lock -o ! -e "$mp" ]; then continue; fi + + echo "unmounting $mp..." + + # We need to remount,ro before attempting any + # umount, or bind mounts may get confused, with + # the fs not being properly flushed at the end. + + # `-i' is to workaround a bug in mount.cifs (it + # doesn't recognise the `remount' option, and + # instead mounts the FS again). + success= + if mount -t "$fstype" -n -i -o remount,ro "device" "$mp"; then success=1; fi + + # Note: don't use `umount -f'; it's very buggy. + # (For instance, when applied to a bind-mount it + # unmounts the target of the bind-mount.) !!! But + # we should use `-f' for NFS. + if [ "$mp" != / -a "$mp" != /nix -a "$mp" != /nix/store ]; then + if umount -n "$mp"; then success=1; tryAgain=1; fi + fi + + if [ -z "$success" ]; then failed="$failed $mp"; fi + done + done + + + # Warn about filesystems that could not be unmounted or + # remounted read-only. + if [ -n "$failed" ]; then + echo "warning: the following filesystems could not be unmounted:" + for mp in $failed; do echo " $mp"; done + echo Enter 'i' to launch a shell, or wait 10 seconds to continue. + read -t 10 A + if [ "$A" == "i" ]; then + ${pkgs.bashInteractive}/bin/bash -i < /dev/console &> /dev/console + fi + sleep 5 + fi + + + # Final sync. + sync + + + # Either reboot or power-off the system. + if test "$MODE" = reboot; then + echo "rebooting..." + sleep 1 + exec reboot -f + else + echo "powering off..." + sleep 1 + exec halt -f -p + fi + ''; + }; + +} diff --git a/modules/tasks/kbd.nix b/modules/tasks/kbd.nix index b563d33dc5b..dd4b9f382c0 100644 --- a/modules/tasks/kbd.nix +++ b/modules/tasks/kbd.nix @@ -67,7 +67,7 @@ in script = '' export LANG=${defaultLocale} - export LOCALE_ARCHIVE=/var/run/current-system/sw/lib/locale/locale-archive + export LOCALE_ARCHIVE=/run/current-system/sw/lib/locale/locale-archive export PATH=${pkgs.gzip}/bin:$PATH # Needed by setfont set +e # continue in case of errors