summary refs log blame commit diff
path: root/nixos/modules/system/boot/systemd.nix
blob: 7c6807340fd36e31f799a7a288758124972889b3 (plain) (tree)











































































































{ config, pkgs, utils, ... }:

with pkgs.lib;
with utils;
with import ./systemd-unit-options.nix { inherit config pkgs; };


  cfg = config.systemd;

  systemd = cfg.package;

  makeUnit = name: unit:
    pkgs.runCommand "unit" { inherit (unit) text; preferLocalBuild = true; }
      (if unit.enable then  ''
        mkdir -p $out
        echo -n "$text" > $out/${name}
      '' else ''
        mkdir -p $out
        ln -s /dev/null $out/${name}

  upstreamUnits =
    [ # Targets.

      # Rescue mode.

      # Udev.

      # Hardware (started by udev when a relevant device is plugged in).

      # Login stuff.

      # Journal.

      # SysV init compatibility.

      # Kernel module loading.

      # Filesystems.

      # Hibernate / suspend.

      # Reboot stuff.

      # Password entry.

    ++ optionals cfg.enableEmergencyMode [

  upstreamWants =
    [ #""

  makeJobScript = name: text:
    let x = pkgs.writeTextFile { name = "unit-script"; executable = true; destination = "/bin/${name}"; inherit text; };
    in "${x}/bin/${name}";

  unitConfig = { name, config, ... }: {
    config = {
      unitConfig =
        { Requires = concatStringsSep " " config.requires;
          Wants = concatStringsSep " " config.wants;
          After = concatStringsSep " " config.after;
          Before = concatStringsSep " " config.before;
          BindsTo = concatStringsSep " " config.bindsTo;
          PartOf = concatStringsSep " " config.partOf;
          Conflicts = concatStringsSep " " config.conflicts;
          "X-Restart-Triggers" = toString config.restartTriggers;
        } // optionalAttrs (config.description != "") {
          Description = config.description;

  serviceConfig = { name, config, ... }: {
    config = {
      # Default path for systemd services.  Should be quite minimal.
      path =
        [ pkgs.coreutils

  mountConfig = { name, config, ... }: {
    config = {
      mountConfig =
        { What = config.what;
          Where = config.where;
        } // optionalAttrs (config.type != "") {
          Type = config.type;
        } // optionalAttrs (config.options != "") {
          Options = config.options;

  automountConfig = { name, config, ... }: {
    config = {
      automountConfig =
        { Where = config.where;

  toOption = x:
    if x == true then "true"
    else if x == false then "false"
    else toString x;

  attrsToSection = as:
    concatStrings (concatLists (mapAttrsToList (name: value:
      map (x: ''
          ${name}=${toOption x}
        (if isList value then value else [value]))

  targetToUnit = name: def:
    { inherit (def) wantedBy requiredBy enable;
      text =
          ${attrsToSection def.unitConfig}

  serviceToUnit = name: def:
    { inherit (def) wantedBy requiredBy enable;
      text =
          ${attrsToSection def.unitConfig}

          ${let env = cfg.globalEnvironment // def.environment;
            in concatMapStrings (n: "Environment=\"${n}=${getAttr n env}\"\n") (attrNames env)}
          ${optionalString (!def.restartIfChanged) "X-RestartIfChanged=false"}
          ${optionalString (!def.stopIfChanged) "X-StopIfChanged=false"}

          ${optionalString (def.preStart != "") ''
            ExecStartPre=${makeJobScript "${name}-pre-start" ''
              #! ${} -e

          ${optionalString (def.script != "") ''
            ExecStart=${makeJobScript "${name}-start" ''
              #! ${} -e
            ''} ${def.scriptArgs}

          ${optionalString (def.postStart != "") ''
            ExecStartPost=${makeJobScript "${name}-post-start" ''
              #! ${} -e

          ${optionalString (def.postStop != "") ''
            ExecStopPost=${makeJobScript "${name}-post-stop" ''
              #! ${} -e

          ${attrsToSection def.serviceConfig}

  socketToUnit = name: def:
    { inherit (def) wantedBy requiredBy enable;
      text =
          ${attrsToSection def.unitConfig}

          ${attrsToSection def.socketConfig}
          ${concatStringsSep "\n" (map (s: "ListenStream=${s}") def.listenStreams)}

  timerToUnit = name: def:
    { inherit (def) wantedBy requiredBy enable;
      text =
          ${attrsToSection def.unitConfig}

          ${attrsToSection def.timerConfig}

  mountToUnit = name: def:
    { inherit (def) wantedBy requiredBy enable;
      text =
          ${attrsToSection def.unitConfig}

          ${attrsToSection def.mountConfig}

  automountToUnit = name: def:
    { inherit (def) wantedBy requiredBy enable;
      text =
          ${attrsToSection def.unitConfig}

          ${attrsToSection def.automountConfig}

  nixosUnits = mapAttrsToList makeUnit cfg.units;

  units = pkgs.runCommand "units" { preferLocalBuild = true; }
      mkdir -p $out
      for i in ${toString upstreamUnits}; do
        if ! [ -e $fn ]; then echo "missing $fn"; false; fi
        if [ -L $fn ]; then
          cp -pd $fn $out/
          ln -s $fn $out/

      for i in ${toString upstreamWants}; do
        if ! [ -e $fn ]; then echo "missing $fn"; false; fi
        x=$out/$(basename $fn)
        mkdir $x
        for i in $fn/*; do
          y=$x/$(basename $i)
          cp -pd $i $y
          if ! [ -e $y ]; then rm -v $y; fi

      for i in ${toString nixosUnits}; do
        ln -s $i/* $out/

      for i in ${toString cfg.packages}; do
        ln -s $i/etc/systemd/system/* $out/

      ${concatStrings (mapAttrsToList (name: unit:
          concatMapStrings (name2: ''
            mkdir -p $out/'${name2}.wants'
            ln -sfn '../${name}' $out/'${name2}.wants'/
          '') unit.wantedBy) cfg.units)}

      ${concatStrings (mapAttrsToList (name: unit:
          concatMapStrings (name2: ''
            mkdir -p $out/'${name2}.requires'
            ln -sfn '../${name}' $out/'${name2}.requires'/
          '') unit.requiredBy) cfg.units)}

      ln -s ${cfg.defaultUnit} $out/

      ln -s $out/

      mkdir -p $out/
      ln -s ../getty@tty1.service $out/

      ln -s ../ ../ ../ ../ \
            ../ ../ $out/
    ''; # */



  ###### interface

  options = {

    systemd.package = mkOption {
      default = pkgs.systemd;
      type = types.package;
      description = "The systemd package.";

    systemd.units = mkOption {
      description = "Definition of systemd units.";
      default = {};
      type = types.attrsOf types.optionSet;
      options = {
        text = mkOption {
          type = types.str;
          description = "Text of this systemd unit.";
        enable = mkOption {
          default = true;
          type = types.bool;
          description = ''
            If set to false, this unit will be a symlink to
            /dev/null. This is primarily useful to prevent specific
            template instances (e.g. <literal>serial-getty@ttyS0</literal>)
            from being started.
        requiredBy = mkOption {
          default = [];
          type = types.listOf types.string;
          description = "Units that require (i.e. depend on and need to go down with) this unit.";
        wantedBy = mkOption {
          default = [];
          type = types.listOf types.string;
          description = "Units that want (i.e. depend on) this unit.";

    systemd.packages = mkOption {
      default = [];
      type = types.listOf types.package;
      description = "Packages providing systemd units.";

    systemd.targets = mkOption {
      default = {};
      type = types.attrsOf types.optionSet;
      options = [ unitOptions unitConfig ];
      description = "Definition of systemd target units.";
    }; = mkOption {
      default = {};
      type = types.attrsOf types.optionSet;
      options = [ serviceOptions unitConfig serviceConfig ];
      description = "Definition of systemd service units.";

    systemd.sockets = mkOption {
      default = {};
      type = types.attrsOf types.optionSet;
      options = [ socketOptions unitConfig ];
      description = "Definition of systemd socket units.";

    systemd.timers = mkOption {
      default = {};
      type = types.attrsOf types.optionSet;
      options = [ timerOptions unitConfig ];
      description = "Definition of systemd timer units.";

    systemd.mounts = mkOption {
      default = [];
      type = types.listOf types.optionSet;
      options = [ mountOptions unitConfig mountConfig ];
      description = ''
        Definition of systemd mount units.
        This is a list instead of an attrSet, because systemd mandates the names to be derived from
        the 'where' attribute.

    systemd.automounts = mkOption {
      default = [];
      type = types.listOf types.optionSet;
      options = [ automountOptions unitConfig automountConfig ];
      description = ''
        Definition of systemd automount units.
        This is a list instead of an attrSet, because systemd mandates the names to be derived from
        the 'where' attribute.

    systemd.defaultUnit = mkOption {
      default = "";
      type = types.str;
      description = "Default unit started when the system boots.";

    systemd.globalEnvironment = mkOption {
      type = types.attrs;
      default = {};
      example = { TZ = "CET"; };
      description = ''
        Environment variables passed to <emphasis>all</emphasis> systemd units.

    services.journald.console = mkOption {
      default = "";
      type = types.str;
      description = "If non-empty, write log messages to the specified TTY device.";

    services.journald.rateLimitInterval = mkOption {
      default = "10s";
      type = types.str;
      description = ''
        Configures the rate limiting interval that is applied to all
        messages generated on the system. This rate limiting is applied
        per-service, so that two services which log do not interfere with
        each other's limit. The value may be specified in the following
        units: s, min, h, ms, us. To turn off any kind of rate limiting,
        set either value to 0.

    services.journald.rateLimitBurst = mkOption {
      default = 100;
      type = types.uniq;
      description = ''
        Configures the rate limiting burst limit (number of messages per
        interval) that is applied to all messages generated on the system.
        This rate limiting is applied per-service, so that two services
        which log do not interfere with each other's limit.

    services.logind.extraConfig = mkOption {
      default = "";
      type = types.str;
      example = "HandleLidSwitch=ignore";
      description = ''
        Extra config options for systemd-logind. See man logind.conf for
        available options.

    systemd.enableEmergencyMode = mkOption {
      default = true;
      type = types.bool;
      description = ''
        Whether to enable emergency mode, which is an
        <command>sulogin</command> shell started on the console if
        mounting a filesystem fails.  Since some machines (like EC2
        instances) have no console of any kind, emergency mode doesn't
        make sense, and it's better to continue with the boot insofar
        as possible.


  ###### implementation

  config = { = units;

    environment.systemPackages = [ systemd ];

    environment.etc."systemd/system".source = units;

    environment.etc."systemd/system.conf".text =

    environment.etc."systemd/journald.conf".text =
        ${optionalString ( != "") ''

    environment.etc."systemd/logind.conf".text =

    environment.etc."systemd/sleep.conf".text =

    system.activationScripts.systemd = stringAfter [ "groups" ]
        mkdir -m 0755 -p /var/lib/udev
        mkdir -p /var/log/journal
        chmod 0755 /var/log/journal

        # Regenerate the hardware database /var/lib/udev/hwdb.bin
        # whenever systemd changes.
        if [ ! -e /var/lib/udev/prev-systemd -o "$(readlink /var/lib/udev/prev-systemd)" != ${systemd} ]; then
          echo "regenerating udev hardware database..."
          ${systemd}/bin/udevadm hwdb --update && ln -sfn ${systemd} /var/lib/udev/prev-systemd

        # Make all journals readable to users in the wheel and adm
        # groups, in addition to those in the systemd-journal group.
        # Users can always read their own journals.
        ${pkgs.acl}/bin/setfacl -nm g:wheel:rx,d:g:wheel:rx,g:adm:rx,d:g:adm:rx /var/log/journal

    # Target for ‘charon send-keys’ to hook into.
    systemd.targets.keys =
      { description = "Security Keys";

    systemd.units =
      mapAttrs' (n: v: nameValuePair "${n}.target" (targetToUnit n v)) cfg.targets
      // mapAttrs' (n: v: nameValuePair "${n}.service" (serviceToUnit n v))
      // mapAttrs' (n: v: nameValuePair "${n}.socket" (socketToUnit n v)) cfg.sockets
      // mapAttrs' (n: v: nameValuePair "${n}.timer" (timerToUnit n v)) cfg.timers
      // listToAttrs (map
                   (v: let n = escapeSystemdPath v.where;
                       in nameValuePair "${n}.mount" (mountToUnit n v)) cfg.mounts)
      // listToAttrs (map
                   (v: let n = escapeSystemdPath v.where;
                       in nameValuePair "${n}.automount" (automountToUnit n v)) cfg.automounts);

    system.requiredKernelConfig = map config.lib.kernelConfig.isEnabled [

    environment.shellAliases =
      { start = "systemctl start";
        stop = "systemctl stop";
        restart = "systemctl restart";
        status = "systemctl status";

    users.extraGroups.systemd-journal.gid = config.ids.gids.systemd-journal;

    # Generate timer units for all services that have a ‘startAt’ value.
    systemd.timers =
      mapAttrs (name: service:
        { wantedBy = [ "" ];
          timerConfig.OnCalendar = service.startAt;
        (filterAttrs (name: service: service.startAt != "");

    # FIXME: These are borrowed from upstream systemd."systemd-update-utmp" =
      { description = "Update UTMP about System Reboot/Shutdown";
        wantedBy = [ "" ];
        after = [ "systemd-remount-fs.service" ];
        before = [ "" "" ];
        conflicts = [ "" ];
        unitConfig = {
          DefaultDependencies = false;
          RequiresMountsFor = "/var/log";
        serviceConfig = {
          Type = "oneshot";
          RemainAfterExit = true;
          ExecStart = "${systemd}/lib/systemd/systemd-update-utmp reboot";
          ExecStop = "${systemd}/lib/systemd/systemd-update-utmp shutdown";
        restartIfChanged = false;
      };"systemd-random-seed" =
      { description = "Load/Save Random Seed";
        wantedBy = [ "" "" ];
        after = [ "systemd-remount-fs.service" ];
        before = [ "" "" ];
        conflicts = [ "" ];
        unitConfig = {
          DefaultDependencies = false;
          RequiresMountsFor = "/var/lib";
        serviceConfig = {
          Type = "oneshot";
          RemainAfterExit = true;
          ExecStart = "${systemd}/lib/systemd/systemd-random-seed load";
          ExecStop = "${systemd}/lib/systemd/systemd-random-seed save";
