diff --git a/modules/services/networking/ssh/sshd.nix b/modules/services/networking/ssh/sshd.nix index 53efc08cfb8..e4ca7f39a56 100644 --- a/modules/services/networking/ssh/sshd.nix +++ b/modules/services/networking/ssh/sshd.nix @@ -127,6 +127,18 @@ let ${userLoop} ''; + preStart = pkgs.writeScript "openssh-pre-start" + '' + #! ${pkgs.stdenv.shell} + + ${mkAuthkeyScript} + + mkdir -m 0755 -p /etc/ssh + + if ! test -f ${cfg.hostKeyPath}; then + ssh-keygen -t ${hktn} -b ${toString hktb} -f ${cfg.hostKeyPath} -N "" + fi + ''; in @@ -305,9 +317,26 @@ in } ]; - jobs.sshd = { + boot.systemd.units."sshd.service" = + '' + [Unit] + Description=SSH daemon - description = "OpenSSH server"; + [Service] + Environment=PATH=${pkgs.coreutils}/bin:${pkgs.openssh}/bin + ExecStartPre=${preStart} + ExecStart=\ + ${pkgs.openssh}/sbin/sshd -h ${cfg.hostKeyPath} \ + -f ${pkgs.writeText "sshd_config" cfg.extraConfig} + Restart=always + RestartSec=5 + Type=forking + KillMode=process + PIDFile=/run/sshd.pid + ''; + + jobs.sshd = + { description = "OpenSSH server"; startOn = "started network-interfaces"; @@ -343,6 +372,8 @@ in services.openssh.extraConfig = '' + PidFile /run/sshd.pid + Protocol 2 UsePAM ${if cfg.usePAM then "yes" else "no"} diff --git a/modules/services/system/dbus.nix b/modules/services/system/dbus.nix index f7fbb23d0a7..8659c784483 100644 --- a/modules/services/system/dbus.nix +++ b/modules/services/system/dbus.nix @@ -116,6 +116,32 @@ in gid = config.ids.gids.messagebus; }; + # FIXME: these are copied verbatim from the dbus source tree. We + # should install and use the originals. + boot.systemd.units."dbus.socket" = + '' + [Unit] + Description=D-Bus System Message Bus Socket + + [Socket] + ListenStream=/var/run/dbus/system_bus_socket + ''; + + boot.systemd.units."dbus.service" = + '' + [Unit] + Description=D-Bus System Message Bus + Requires=dbus.socket + After=syslog.target + + [Service] + ExecStartPre=${pkgs.dbus_tools}/bin/dbus-uuidgen --ensure + ExecStartPre=-${pkgs.coreutils}/bin/rm -f /var/run/dbus/pid + ExecStart=${pkgs.dbus_daemon}/bin/dbus-daemon --system --address=systemd: --nofork --systemd-activation + ExecReload=${pkgs.dbus_tools}/dbus-send --print-reply --system --type=method_call --dest=org.freedesktop.DBus / org.freedesktop.DBus.ReloadConfig + OOMScoreAdjust=-900 + ''; + jobs.dbus = { startOn = "started udev and started syslogd"; diff --git a/modules/system/boot/stage-2-init.sh b/modules/system/boot/stage-2-init.sh index 9e0ed028d5d..42dd21b6204 100644 --- a/modules/system/boot/stage-2-init.sh +++ b/modules/system/boot/stage-2-init.sh @@ -90,12 +90,13 @@ mkdir -m 0755 -p /dev/pts mount -t devpts -o mode=0600,gid=@ttyGid@ none /dev/pts [ -e /proc/bus/usb ] && mount -t usbfs none /proc/bus/usb # UML doesn't have USB by default mkdir -m 01777 -p /tmp -mkdir -m 0755 -p /var +mkdir -m 0755 -p /var /var/log mkdir -m 0755 -p /nix/var mkdir -m 0700 -p /root mkdir -m 0755 -p /bin # for the /bin/sh symlink mkdir -m 0755 -p /home mkdir -m 0755 -p /etc/nixos +mkdir -m 0700 -p /var/log/journal # Miscellaneous boot time cleanup. @@ -195,4 +196,4 @@ fi # Start systemd. echo "starting systemd..." -PATH=/var/run/current-system/systemd/lib/systemd exec systemd --log-level debug --log-target=console --crash-shell +PATH=/var/run/current-system/systemd/lib/systemd exec systemd --log-target journal --log-level debug --crash-shell diff --git a/modules/system/boot/stage-2.nix b/modules/system/boot/stage-2.nix index 02c061dacde..a5e96cc0f1c 100644 --- a/modules/system/boot/stage-2.nix +++ b/modules/system/boot/stage-2.nix @@ -61,7 +61,6 @@ let isExecutable = true; inherit (config.boot) devShmSize runSize cleanTmpDir; ttyGid = config.ids.gids.tty; - upstart = config.system.build.upstart; path = [ pkgs.coreutils pkgs.utillinux diff --git a/modules/system/boot/systemd.nix b/modules/system/boot/systemd.nix index 3b51ebf43fc..4555b59d278 100644 --- a/modules/system/boot/systemd.nix +++ b/modules/system/boot/systemd.nix @@ -9,106 +9,71 @@ let makeUnit = name: text: pkgs.writeTextFile { name = "unit"; inherit text; destination = "/${name}"; }; - defaultTarget = makeUnit "default.target" - '' - [Unit] - Description=Default System - Requires=getty.target - After=getty.target - Conflicts=rescue.target - AllowIsolate=yes - ''; - - gettyTarget = makeUnit "getty.target" - '' - [Unit] - Description=Login Prompts - Requires=getty@tty1.service getty@tty2.service - After=getty@tty1.service getty@tty2.service - ''; - - gettyService = makeUnit "getty@.service" - '' - [Unit] - Description=Getty on %I - #BindTo=dev-%i.device - #After=dev-%i.device systemd-user-sessions.service plymouth-quit-wait.service - Before=getty.target - - [Service] - Environment=TERM=linux - ExecStart=-${pkgs.utillinux}/sbin/agetty --noclear --login-program ${pkgs.shadow}/bin/login %I 38400 - Restart=always - RestartSec=0 - UtmpIdentifier=%I - TTYPath=/dev/%I - TTYReset=yes - TTYVHangup=yes - TTYVTDisallocate=yes - KillMode=process - IgnoreSIGPIPE=no - - # Unset locale for the console getty since the console has problems - # displaying some internationalized messages. - Environment=LANG= LANGUAGE= LC_CTYPE= LC_NUMERIC= LC_TIME= LC_COLLATE= LC_MONETARY= LC_MESSAGES= LC_PAPER= LC_NAME= LC_ADDRESS= LC_TELEPHONE= LC_MEASUREMENT= LC_IDENTIFICATION= - - # Some login implementations ignore SIGTERM, so we send SIGHUP - # instead, to ensure that login terminates cleanly. - KillSignal=SIGHUP - ''; - - rescueTarget = makeUnit "rescue.target" - '' - [Unit] - Description=Rescue Mode - Requires=rescue.service - After=rescue.service - AllowIsolate=yes - ''; - - rescueService = makeUnit "rescue.service" - '' - [Unit] - Description=Rescue Shell - DefaultDependencies=no - #After=basic.target - #Before=shutdown.target - - [Service] - Environment=HOME=/root - WorkingDirectory=/root - ExecStartPre=-${pkgs.coreutils}/bin/echo 'Welcome to rescue mode. Use "systemctl default" or ^D to enter default mode.' - #ExecStart=-/sbin/sulogin - ExecStart=-${pkgs.bashInteractive}/bin/bash --login - ExecStopPost=-${systemd}/bin/systemctl --fail --no-block default - StandardInput=tty-force - StandardOutput=inherit - StandardError=inherit - KillMode=process - - # Bash ignores SIGTERM, so we send SIGHUP instead, to ensure that bash - # terminates cleanly. - KillSignal=SIGHUP - ''; - upstreamUnits = - [ "systemd-journald.socket" - "systemd-journald.service" + [ # Targets. "basic.target" "sysinit.target" - "sysinit.target.wants" "sockets.target" - "sockets.target.wants" + "graphical.target" + "multi-user.target" + "getty.target" + "rescue.target" + "network.target" + "nss-lookup.target" + "nss-user-lookup.target" + "syslog.target" + "time-sync.target" + # Login stuff. + "systemd-logind.service" + "autovt@.service" + "systemd-vconsole-setup.service" + "systemd-user-sessions.service" + + # Journal. + "systemd-journald.socket" + "systemd-journald.service" + + # SysV init compatibility. + "systemd-initctl.socket" + "systemd-initctl.service" + "runlevel0.target" + "runlevel1.target" + "runlevel2.target" + "runlevel3.target" + "runlevel4.target" + "runlevel5.target" + "runlevel6.target" + + # Random seed. + "systemd-random-seed-load.service" + "systemd-random-seed-save.service" + + # Utmp maintenance. + "systemd-update-utmp-runlevel.service" + "systemd-update-utmp-shutdown.service" + # Filesystems. + "fsck@.service" + "fsck-root.service" + "systemd-remount-fs.service" "local-fs.target" - "local-fs.target.wants" "local-fs-pre.target" "remote-fs.target" "remote-fs-pre.target" "swap.target" - "media.mount" + "dev-hugepages.mount" "dev-mqueue.mount" + "sys-fs-fuse-connections.mount" + "sys-kernel-config.mount" + "sys-kernel-debug.mount" + + # Hibernate / suspend. + "hibernate.target" + "hibernate.service" + "suspend.target" + "suspend.service" + "sleep.target" # Reboot stuff. "reboot.target" @@ -121,18 +86,46 @@ let "shutdown.target" "umount.target" "final.target" + + # Misc. + "syslog.socket" ]; + upstreamWants = + [ "basic.target.wants" + "sysinit.target.wants" + "sockets.target.wants" + "local-fs.target.wants" + "multi-user.target.wants" + "shutdown.target.wants" + ]; + + nixosUnits = mapAttrsToList makeUnit config.boot.systemd.units; + systemUnits = pkgs.runCommand "system-units" { } '' mkdir -p $out/system for i in ${toString upstreamUnits}; do fn=${systemd}/example/systemd/system/$i - echo $fn [ -e $fn ] - ln -s $fn $out/system + if [ -L $fn ]; then + cp -pd $fn $out/system/ + else + ln -s $fn $out/system + fi done - for i in ${toString [ defaultTarget gettyTarget gettyService rescueTarget rescueService ]}; do + for i in ${toString upstreamWants}; do + fn=${systemd}/example/systemd/system/$i + [ -e $fn ] + x=$out/system/$(basename $fn) + mkdir $x + for i in $fn/*; do + y=$x/$(basename $i) + cp -pd $i $y + if ! [ -e $y ]; then rm -v $y; fi + done + done + for i in ${toString nixosUnits}; do cp $i/* $out/system done ''; # */ @@ -141,6 +134,18 @@ in { + ###### interface + + options = { + + boot.systemd.units = mkOption { + default = {} ; + description = "Systemd units."; + }; + + }; + + ###### implementation config = { @@ -152,7 +157,81 @@ in target = "systemd"; } ]; + + boot.systemd.units."default.target" = + '' + [Unit] + Description=Default System + Requires=multi-user.target + After=multi-user.target + Conflicts=rescue.target + AllowIsolate=yes + Wants=sshd.service autovt@tty1.service # FIXME + ''; + boot.systemd.units."getty@.service" = + '' + [Unit] + Description=Getty on %I + Documentation=man:agetty(8) + After=systemd-user-sessions.service plymouth-quit-wait.service + + # If additional gettys are spawned during boot then we should make + # sure that this is synchronized before getty.target, even though + # getty.target didn't actually pull it in. + Before=getty.target + IgnoreOnIsolate=yes + + [Service] + Environment=TERM=linux + ExecStart=-${pkgs.utillinux}/sbin/agetty --noclear --login-program ${pkgs.shadow}/bin/login %I 38400 + Type=idle + Restart=always + RestartSec=0 + UtmpIdentifier=%I + TTYPath=/dev/%I + TTYReset=yes + TTYVHangup=yes + TTYVTDisallocate=yes + KillMode=process + IgnoreSIGPIPE=no + + # Unset locale for the console getty since the console has problems + # displaying some internationalized messages. + Environment=LANG= LANGUAGE= LC_CTYPE= LC_NUMERIC= LC_TIME= LC_COLLATE= LC_MONETARY= LC_MESSAGES= LC_PAPER= LC_NAME= LC_ADDRESS= LC_TELEPHONE= LC_MEASUREMENT= LC_IDENTIFICATION= + + # Some login implementations ignore SIGTERM, so we send SIGHUP + # instead, to ensure that login terminates cleanly. + KillSignal=SIGHUP + ''; + + boot.systemd.units."rescue.service" = + '' + [Unit] + Description=Rescue Shell + DefaultDependencies=no + Conflicts=shutdown.target + After=sysinit.target + Before=shutdown.target + + [Service] + Environment=HOME=/root + WorkingDirectory=/root + ExecStartPre=-${pkgs.coreutils}/bin/echo 'Welcome to rescue mode. Use "systemctl default" or ^D to enter default mode.' + #ExecStart=-/sbin/sulogin + ExecStart=-${pkgs.bashInteractive}/bin/bash --login + ExecStopPost=-${systemd}/bin/systemctl --fail --no-block default + Type=idle + StandardInput=tty-force + StandardOutput=inherit + StandardError=inherit + KillMode=process + + # Bash ignores SIGTERM, so we send SIGHUP instead, to ensure that bash + # terminates cleanly. + KillSignal=SIGHUP + ''; + }; } diff --git a/modules/system/upstart/upstart.nix b/modules/system/upstart/upstart.nix index 1bfde9fc60e..284f1aafd37 100644 --- a/modules/system/upstart/upstart.nix +++ b/modules/system/upstart/upstart.nix @@ -476,6 +476,7 @@ in system.build.upstart = upstart; + /* environment.etc = flip map (attrValues config.jobs) (job: { source = job.jobDrv; @@ -492,6 +493,7 @@ in ${optionalString (job.setuid != "") "chown ${job.setuid} /var/log/upstart/${job.name}"} ${optionalString (job.setgid != "") "chown :${job.setgid} /var/log/upstart/${job.name}"} '') (attrValues config.jobs)); + */ };