diff options
| author | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2013-09-04 13:05:09 +0200 |
|---|---|---|
| committer | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2013-09-04 13:05:09 +0200 |
| commit | 17457297cb05461696cfc36844b88294bd38222d (patch) | |
| tree | 295571acc18df41615e1b9c330260a3af3ae1de5 | |
| parent | 3a23e6dd31d39d0a8ea229661d29855361c143cb (diff) | |
| download | nixpkgs-17457297cb05461696cfc36844b88294bd38222d.tar nixpkgs-17457297cb05461696cfc36844b88294bd38222d.tar.gz nixpkgs-17457297cb05461696cfc36844b88294bd38222d.tar.bz2 nixpkgs-17457297cb05461696cfc36844b88294bd38222d.tar.lz nixpkgs-17457297cb05461696cfc36844b88294bd38222d.tar.xz nixpkgs-17457297cb05461696cfc36844b88294bd38222d.tar.zst nixpkgs-17457297cb05461696cfc36844b88294bd38222d.zip | |
Update all legacy-style modules
I.e., modules that use "require = [options]". Nowadays that should be
written as
{
options = { ... };
config = { ... };
};
Also, use "imports" instead of "require" in places where we actually
import another module.
54 files changed, 1873 insertions, 1980 deletions
diff --git a/modules/config/i18n.nix b/modules/config/i18n.nix index 0fb91771934..62b01c2221e 100644 --- a/modules/config/i18n.nix +++ b/modules/config/i18n.nix @@ -2,11 +2,20 @@ with pkgs.lib; -###### interface - let + glibcLocales = pkgs.glibcLocales.override { + allLocales = any (x: x == "all") config.i18n.supportedLocales; + locales = config.i18n.supportedLocales; + }; + +in + +{ + ###### interface + options = { + i18n = { defaultLocale = mkOption { default = "en_US.UTF-8"; @@ -53,31 +62,26 @@ let }; -###### implementation - glibcLocales = pkgs.glibcLocales.override { - allLocales = any (x: x == "all") config.i18n.supportedLocales; - locales = config.i18n.supportedLocales; - }; + ###### implementation -in + config = { -{ - require = options; + environment.systemPackages = [ glibcLocales ]; - environment.systemPackages = [ glibcLocales ]; + environment.shellInit = + '' + export LANG=${config.i18n.defaultLocale} + ''; - environment.shellInit = - '' - export LANG=${config.i18n.defaultLocale} - ''; + # ‘/etc/locale.conf’ is used by systemd. + environment.etc = singleton + { target = "locale.conf"; + source = pkgs.writeText "locale.conf" + '' + LANG=${config.i18n.defaultLocale} + ''; + }; - # ‘/etc/locale.conf’ is used by systemd. - environment.etc = singleton - { target = "locale.conf"; - source = pkgs.writeText "locale.conf" - '' - LANG=${config.i18n.defaultLocale} - ''; - }; + }; } diff --git a/modules/config/krb5.nix b/modules/config/krb5.nix index 56854603264..3323046ac5b 100644 --- a/modules/config/krb5.nix +++ b/modules/config/krb5.nix @@ -1,12 +1,18 @@ -{pkgs, config, ...}: +{ config, pkgs, ... }: + +with pkgs.lib; -###### interface let - inherit (pkgs.lib) mkOption mkIf; cfg = config.krb5; +in + +{ + ###### interface + options = { + krb5 = { enable = mkOption { @@ -35,171 +41,164 @@ let }; }; + }; -in -###### implementation - -mkIf config.krb5.enable { - require = [ - options - ]; - - environment = { - systemPackages = [ pkgs.krb5 ]; - etc = [ - { source = pkgs.writeText "krb5.conf" - '' -[libdefaults] - default_realm = ${cfg.defaultRealm} - encrypt = true - -# The following krb5.conf variables are only for MIT Kerberos. - krb4_config = /etc/krb.conf - krb4_realms = /etc/krb.realms - kdc_timesync = 1 - ccache_type = 4 - forwardable = true - proxiable = true - -# The following encryption type specification will be used by MIT Kerberos -# if uncommented. In general, the defaults in the MIT Kerberos code are -# correct and overriding these specifications only serves to disable new -# encryption types as they are added, creating interoperability problems. - -# default_tgs_enctypes = aes256-cts arcfour-hmac-md5 des3-hmac-sha1 des-cbc-crc des-cbc-md5 -# default_tkt_enctypes = aes256-cts arcfour-hmac-md5 des3-hmac-sha1 des-cbc-crc des-cbc-md5 -# permitted_enctypes = aes256-cts arcfour-hmac-md5 des3-hmac-sha1 des-cbc-crc des-cbc-md5 - -# The following libdefaults parameters are only for Heimdal Kerberos. - v4_instance_resolve = false - v4_name_convert = { - host = { - rcmd = host - ftp = ftp - } - plain = { - something = something-else - } - } - fcc-mit-ticketflags = true - -[realms] - ${cfg.defaultRealm} = { - kdc = ${cfg.kdc} - admin_server = ${cfg.kerberosAdminServer} -# kpasswd_server = ${cfg.kerberosAdminServer} - } - ATHENA.MIT.EDU = { - kdc = kerberos.mit.edu:88 - kdc = kerberos-1.mit.edu:88 - kdc = kerberos-2.mit.edu:88 - admin_server = kerberos.mit.edu - default_domain = mit.edu - } - MEDIA-LAB.MIT.EDU = { - kdc = kerberos.media.mit.edu - admin_server = kerberos.media.mit.edu - } - ZONE.MIT.EDU = { - kdc = casio.mit.edu - kdc = seiko.mit.edu - admin_server = casio.mit.edu - } - MOOF.MIT.EDU = { - kdc = three-headed-dogcow.mit.edu:88 - kdc = three-headed-dogcow-1.mit.edu:88 - admin_server = three-headed-dogcow.mit.edu - } - CSAIL.MIT.EDU = { - kdc = kerberos-1.csail.mit.edu - kdc = kerberos-2.csail.mit.edu - admin_server = kerberos.csail.mit.edu - default_domain = csail.mit.edu - krb524_server = krb524.csail.mit.edu - } - IHTFP.ORG = { - kdc = kerberos.ihtfp.org - admin_server = kerberos.ihtfp.org - } - GNU.ORG = { - kdc = kerberos.gnu.org - kdc = kerberos-2.gnu.org - kdc = kerberos-3.gnu.org - admin_server = kerberos.gnu.org - } - 1TS.ORG = { - kdc = kerberos.1ts.org - admin_server = kerberos.1ts.org - } - GRATUITOUS.ORG = { - kdc = kerberos.gratuitous.org - admin_server = kerberos.gratuitous.org - } - DOOMCOM.ORG = { - kdc = kerberos.doomcom.org - admin_server = kerberos.doomcom.org - } - ANDREW.CMU.EDU = { - kdc = vice28.fs.andrew.cmu.edu - kdc = vice2.fs.andrew.cmu.edu - kdc = vice11.fs.andrew.cmu.edu - kdc = vice12.fs.andrew.cmu.edu - admin_server = vice28.fs.andrew.cmu.edu - default_domain = andrew.cmu.edu - } - CS.CMU.EDU = { - kdc = kerberos.cs.cmu.edu - kdc = kerberos-2.srv.cs.cmu.edu - admin_server = kerberos.cs.cmu.edu - } - DEMENTIA.ORG = { - kdc = kerberos.dementia.org - kdc = kerberos2.dementia.org - admin_server = kerberos.dementia.org - } - stanford.edu = { - kdc = krb5auth1.stanford.edu - kdc = krb5auth2.stanford.edu - kdc = krb5auth3.stanford.edu - admin_server = krb5-admin.stanford.edu - default_domain = stanford.edu - } - -[domain_realm] - .${cfg.domainRealm} = ${cfg.defaultRealm} - ${cfg.domainRealm} = ${cfg.defaultRealm} - .mit.edu = ATHENA.MIT.EDU - mit.edu = ATHENA.MIT.EDU - .media.mit.edu = MEDIA-LAB.MIT.EDU - media.mit.edu = MEDIA-LAB.MIT.EDU - .csail.mit.edu = CSAIL.MIT.EDU - csail.mit.edu = CSAIL.MIT.EDU - .whoi.edu = ATHENA.MIT.EDU - whoi.edu = ATHENA.MIT.EDU - .stanford.edu = stanford.edu - -[logging] - kdc = SYSLOG:INFO:DAEMON - admin_server = SYSLOG:INFO:DAEMON - default = SYSLOG:INFO:DAEMON - krb4_convert = true - krb4_get_tickets = false - - -[appdefaults] - pam = { - debug = false - ticket_lifetime = 36000 - renew_lifetime = 36000 - max_timeout = 30 - timeout_shift = 2 - initial_timeout = 1 - } - ''; - target = "krb5.conf"; - } - ]; + ###### implementation + + config = mkIf config.krb5.enable { + + environment.systemPackages = [ pkgs.krb5 ]; + + environment.etc."krb5.conf".text = + '' + [libdefaults] + default_realm = ${cfg.defaultRealm} + encrypt = true + + # The following krb5.conf variables are only for MIT Kerberos. + krb4_config = /etc/krb.conf + krb4_realms = /etc/krb.realms + kdc_timesync = 1 + ccache_type = 4 + forwardable = true + proxiable = true + + # The following encryption type specification will be used by MIT Kerberos + # if uncommented. In general, the defaults in the MIT Kerberos code are + # correct and overriding these specifications only serves to disable new + # encryption types as they are added, creating interoperability problems. + + # default_tgs_enctypes = aes256-cts arcfour-hmac-md5 des3-hmac-sha1 des-cbc-crc des-cbc-md5 + # default_tkt_enctypes = aes256-cts arcfour-hmac-md5 des3-hmac-sha1 des-cbc-crc des-cbc-md5 + # permitted_enctypes = aes256-cts arcfour-hmac-md5 des3-hmac-sha1 des-cbc-crc des-cbc-md5 + + # The following libdefaults parameters are only for Heimdal Kerberos. + v4_instance_resolve = false + v4_name_convert = { + host = { + rcmd = host + ftp = ftp + } + plain = { + something = something-else + } + } + fcc-mit-ticketflags = true + + [realms] + ${cfg.defaultRealm} = { + kdc = ${cfg.kdc} + admin_server = ${cfg.kerberosAdminServer} + #kpasswd_server = ${cfg.kerberosAdminServer} + } + ATHENA.MIT.EDU = { + kdc = kerberos.mit.edu:88 + kdc = kerberos-1.mit.edu:88 + kdc = kerberos-2.mit.edu:88 + admin_server = kerberos.mit.edu + default_domain = mit.edu + } + MEDIA-LAB.MIT.EDU = { + kdc = kerberos.media.mit.edu + admin_server = kerberos.media.mit.edu + } + ZONE.MIT.EDU = { + kdc = casio.mit.edu + kdc = seiko.mit.edu + admin_server = casio.mit.edu + } + MOOF.MIT.EDU = { + kdc = three-headed-dogcow.mit.edu:88 + kdc = three-headed-dogcow-1.mit.edu:88 + admin_server = three-headed-dogcow.mit.edu + } + CSAIL.MIT.EDU = { + kdc = kerberos-1.csail.mit.edu + kdc = kerberos-2.csail.mit.edu + admin_server = kerberos.csail.mit.edu + default_domain = csail.mit.edu + krb524_server = krb524.csail.mit.edu + } + IHTFP.ORG = { + kdc = kerberos.ihtfp.org + admin_server = kerberos.ihtfp.org + } + GNU.ORG = { + kdc = kerberos.gnu.org + kdc = kerberos-2.gnu.org + kdc = kerberos-3.gnu.org + admin_server = kerberos.gnu.org + } + 1TS.ORG = { + kdc = kerberos.1ts.org + admin_server = kerberos.1ts.org + } + GRATUITOUS.ORG = { + kdc = kerberos.gratuitous.org + admin_server = kerberos.gratuitous.org + } + DOOMCOM.ORG = { + kdc = kerberos.doomcom.org + admin_server = kerberos.doomcom.org + } + ANDREW.CMU.EDU = { + kdc = vice28.fs.andrew.cmu.edu + kdc = vice2.fs.andrew.cmu.edu + kdc = vice11.fs.andrew.cmu.edu + kdc = vice12.fs.andrew.cmu.edu + admin_server = vice28.fs.andrew.cmu.edu + default_domain = andrew.cmu.edu + } + CS.CMU.EDU = { + kdc = kerberos.cs.cmu.edu + kdc = kerberos-2.srv.cs.cmu.edu + admin_server = kerberos.cs.cmu.edu + } + DEMENTIA.ORG = { + kdc = kerberos.dementia.org + kdc = kerberos2.dementia.org + admin_server = kerberos.dementia.org + } + stanford.edu = { + kdc = krb5auth1.stanford.edu + kdc = krb5auth2.stanford.edu + kdc = krb5auth3.stanford.edu + admin_server = krb5-admin.stanford.edu + default_domain = stanford.edu + } + + [domain_realm] + .${cfg.domainRealm} = ${cfg.defaultRealm} + ${cfg.domainRealm} = ${cfg.defaultRealm} + .mit.edu = ATHENA.MIT.EDU + mit.edu = ATHENA.MIT.EDU + .media.mit.edu = MEDIA-LAB.MIT.EDU + media.mit.edu = MEDIA-LAB.MIT.EDU + .csail.mit.edu = CSAIL.MIT.EDU + csail.mit.edu = CSAIL.MIT.EDU + .whoi.edu = ATHENA.MIT.EDU + whoi.edu = ATHENA.MIT.EDU + .stanford.edu = stanford.edu + + [logging] + kdc = SYSLOG:INFO:DAEMON + admin_server = SYSLOG:INFO:DAEMON + default = SYSLOG:INFO:DAEMON + krb4_convert = true + krb4_get_tickets = false + + [appdefaults] + pam = { + debug = false + ticket_lifetime = 36000 + renew_lifetime = 36000 + max_timeout = 30 + timeout_shift = 2 + initial_timeout = 1 + } + ''; + }; } diff --git a/modules/config/ldap.nix b/modules/config/ldap.nix index 955d28514ea..113f5d8bcbd 100644 --- a/modules/config/ldap.nix +++ b/modules/config/ldap.nix @@ -1,150 +1,12 @@ -{pkgs, config, ...}: +{ config, pkgs, ... }: with pkgs.lib; with pkgs; -###### interface let - inherit mkOption mkIf optionalString stringAfter singleton; cfg = config.users.ldap; - options = { - users = { - ldap = { - - enable = mkOption { - default = false; - description = " - Whether to enable authentication against an LDAP server. - "; - }; - - server = mkOption { - example = "ldap://ldap.example.org/"; - description = " - The URL of the LDAP server. - "; - }; - - base = mkOption { - example = "dc=example,dc=org"; - description = " - The distinguished name of the search base. - "; - }; - - useTLS = mkOption { - default = false; - description = " - If enabled, use TLS (encryption) over an LDAP (port 389) - connection. The alternative is to specify an LDAPS server (port - 636) in <option>users.ldap.server</option> or to forego - security. - "; - }; - - timeLimit = mkOption { - default = 0; - type = types.int; - description = " - Specifies the time limit (in seconds) to use when performing - searches. A value of zero (0), which is the default, is to - wait indefinitely for searches to be completed. - "; - }; - - daemon = { - enable = mkOption { - default = false; - description = '' - Whether to let the nslcd daemon (nss-pam-ldapd) handle the - LDAP lookups for NSS and PAM. This can improve performance, - and if you need to bind to the LDAP server with a password, - it increases security, since only the nslcd user needs to - have access to the bindpw file, not everyone that uses NSS - and/or PAM. If this option is enabled, a local nscd user is - created automatically, and the nslcd service is started - automatically when the network get up. - ''; - }; - - extraConfig = mkOption { - default = ""; - type = types.string; - description = '' - Extra configuration options that will be added verbatim at - the end of the nslcd configuration file (nslcd.conf). - '' ; - } ; - }; - - bind = { - distinguishedName = mkOption { - default = ""; - example = "cn=admin,dc=example,dc=com"; - type = types.string; - description = " - The distinguished name to bind to the LDAP server with. If this - is not specified, an anonymous bind will be done. - "; - }; - - password = mkOption { - default = "/etc/ldap/bind.password"; - type = types.string; - description = " - The path to a file containing the credentials to use when binding - to the LDAP server (if not binding anonymously). - "; - }; - - timeLimit = mkOption { - default = 30; - type = types.int; - description = " - Specifies the time limit (in seconds) to use when connecting - to the directory server. This is distinct from the time limit - specified in <literal>users.ldap.timeLimit</literal> and affects - the initial server connection only. - "; - }; - - policy = mkOption { - default = "hard_open"; - type = types.string; - description = " - Specifies the policy to use for reconnecting to an unavailable - LDAP server. The default is <literal>hard_open</literal>, which - reconnects if opening the connection to the directory server - failed. By contrast, <literal>hard_init</literal> reconnects if - initializing the connection failed. Initializing may not - actually contact the directory server, and it is possible that - a malformed configuration file will trigger reconnection. If - <literal>soft</literal> is specified, then - <literal>nss_ldap</literal> will return immediately on server - failure. All hard reconnect policies block with exponential - backoff before retrying. - "; - }; - }; - - extraConfig = mkOption { - default = "" ; - type = types.string ; - description = '' - Extra configuration options that will be added verbatim at - the end of the ldap configuration file (ldap.conf). - If <literal>users.ldap.daemon</literal> is enabled, this - configuration will not be used. In that case, use - <literal>users.ldap.daemon.extraConfig</literal> instead. - '' ; - }; - - }; - }; - }; - # Careful: OpenLDAP seems to be very picky about the indentation of # this file. Directives HAVE to start in the first column! ldapConfig = { @@ -186,63 +48,199 @@ let in -###### implementation -mkIf cfg.enable { - require = [ - options - ]; - - environment.etc = if cfg.daemon.enable then [nslcdConfig] else [ldapConfig]; - - system.activationScripts = mkIf insertLdapPassword { - ldap = stringAfter [ "etc" "groups" "users" ] '' - if test -f "${cfg.bind.password}" ; then - echo "bindpw "$(cat ${cfg.bind.password})"" | cat ${ldapConfig} - > /etc/ldap.conf.bindpw - mv -fT /etc/ldap.conf.bindpw /etc/ldap.conf - chmod 600 /etc/ldap.conf - fi - ''; - }; +{ - system.nssModules = singleton ( - if cfg.daemon.enable then nss_pam_ldapd else nss_ldap - ); + ###### interface - users = mkIf cfg.daemon.enable { - extraGroups.nslcd = { - gid = config.ids.gids.nslcd; - }; + options = { + + users.ldap = { + + enable = mkOption { + default = false; + description = "Whether to enable authentication against an LDAP server."; + }; + + server = mkOption { + example = "ldap://ldap.example.org/"; + description = "The URL of the LDAP server."; + }; + + base = mkOption { + example = "dc=example,dc=org"; + description = "The distinguished name of the search base."; + }; + + useTLS = mkOption { + default = false; + description = '' + If enabled, use TLS (encryption) over an LDAP (port 389) + connection. The alternative is to specify an LDAPS server (port + 636) in <option>users.ldap.server</option> or to forego + security. + ''; + }; + + timeLimit = mkOption { + default = 0; + type = types.int; + description = '' + Specifies the time limit (in seconds) to use when performing + searches. A value of zero (0), which is the default, is to + wait indefinitely for searches to be completed. + ''; + }; + + daemon = { + enable = mkOption { + default = false; + description = '' + Whether to let the nslcd daemon (nss-pam-ldapd) handle the + LDAP lookups for NSS and PAM. This can improve performance, + and if you need to bind to the LDAP server with a password, + it increases security, since only the nslcd user needs to + have access to the bindpw file, not everyone that uses NSS + and/or PAM. If this option is enabled, a local nscd user is + created automatically, and the nslcd service is started + automatically when the network get up. + ''; + }; + + extraConfig = mkOption { + default = ""; + type = types.string; + description = '' + Extra configuration options that will be added verbatim at + the end of the nslcd configuration file (nslcd.conf). + '' ; + } ; + }; + + bind = { + distinguishedName = mkOption { + default = ""; + example = "cn=admin,dc=example,dc=com"; + type = types.string; + description = '' + The distinguished name to bind to the LDAP server with. If this + is not specified, an anonymous bind will be done. + ''; + }; + + password = mkOption { + default = "/etc/ldap/bind.password"; + type = types.string; + description = '' + The path to a file containing the credentials to use when binding + to the LDAP server (if not binding anonymously). + ''; + }; + + timeLimit = mkOption { + default = 30; + type = types.int; + description = '' + Specifies the time limit (in seconds) to use when connecting + to the directory server. This is distinct from the time limit + specified in <literal>users.ldap.timeLimit</literal> and affects + the initial server connection only. + ''; + }; + + policy = mkOption { + default = "hard_open"; + type = types.string; + description = '' + Specifies the policy to use for reconnecting to an unavailable + LDAP server. The default is <literal>hard_open</literal>, which + reconnects if opening the connection to the directory server + failed. By contrast, <literal>hard_init</literal> reconnects if + initializing the connection failed. Initializing may not + actually contact the directory server, and it is possible that + a malformed configuration file will trigger reconnection. If + <literal>soft</literal> is specified, then + <literal>nss_ldap</literal> will return immediately on server + failure. All hard reconnect policies block with exponential + backoff before retrying. + ''; + }; + }; + + extraConfig = mkOption { + default = ""; + type = types.string; + description = '' + Extra configuration options that will be added verbatim at + the end of the ldap configuration file (ldap.conf). + If <literal>users.ldap.daemon</literal> is enabled, this + configuration will not be used. In that case, use + <literal>users.ldap.daemon.extraConfig</literal> instead. + '' ; + }; - extraUsers.nslcd = { - uid = config.ids.uids.nslcd; - description = "nslcd user."; - group = "nslcd"; }; + }; - systemd.services = mkIf cfg.daemon.enable { - nslcd = { - wantedBy = [ "nss-user-lookup.target" ]; - before = [ "nss-user-lookup.target" ]; - after = [ "network.target" ]; - - preStart = '' - mkdir -p /run/nslcd - rm -f /run/nslcd/nslcd.pid; - chown nslcd.nslcd /run/nslcd - ${optionalString (cfg.bind.distinguishedName != "") '' - if test -s "${cfg.bind.password}" ; then - ln -sfT "${cfg.bind.password}" /run/nslcd/bindpw - fi - ''} + ###### implementation + + config = mkIf cfg.enable { + + environment.etc = if cfg.daemon.enable then [nslcdConfig] else [ldapConfig]; + + system.activationScripts = mkIf insertLdapPassword { + ldap = stringAfter [ "etc" "groups" "users" ] '' + if test -f "${cfg.bind.password}" ; then + echo "bindpw "$(cat ${cfg.bind.password})"" | cat ${ldapConfig} - > /etc/ldap.conf.bindpw + mv -fT /etc/ldap.conf.bindpw /etc/ldap.conf + chmod 600 /etc/ldap.conf + fi ''; + }; + + system.nssModules = singleton ( + if cfg.daemon.enable then nss_pam_ldapd else nss_ldap + ); + + users = mkIf cfg.daemon.enable { + extraGroups.nslcd = { + gid = config.ids.gids.nslcd; + }; + + extraUsers.nslcd = { + uid = config.ids.uids.nslcd; + description = "nslcd user."; + group = "nslcd"; + }; + }; - serviceConfig = { - ExecStart = "${nss_pam_ldapd}/sbin/nslcd"; - Type = "forking"; - PIDFile = "/run/nslcd/nslcd.pid"; - Restart = "always"; + systemd.services = mkIf cfg.daemon.enable { + + nslcd = { + wantedBy = [ "nss-user-lookup.target" ]; + before = [ "nss-user-lookup.target" ]; + after = [ "network.target" ]; + + preStart = '' + mkdir -p /run/nslcd + rm -f /run/nslcd/nslcd.pid; + chown nslcd.nslcd /run/nslcd + ${optionalString (cfg.bind.distinguishedName != "") '' + if test -s "${cfg.bind.password}" ; then + ln -sfT "${cfg.bind.password}" /run/nslcd/bindpw + fi + ''} + ''; + + serviceConfig = { + ExecStart = "${nss_pam_ldapd}/sbin/nslcd"; + Type = "forking"; + PIDFile = "/run/nslcd/nslcd.pid"; + Restart = "always"; + }; }; + }; + }; } diff --git a/modules/config/networking.nix b/modules/config/networking.nix index 799d97a089f..f1bdfd01b24 100644 --- a/modules/config/networking.nix +++ b/modules/config/networking.nix @@ -1,6 +1,6 @@ # /etc files related to networking, such as /etc/services. -{config, pkgs, ...}: +{ config, pkgs, ... }: with pkgs.lib; @@ -8,6 +8,10 @@ let cfg = config.networking; +in + +{ + options = { networking.extraHosts = pkgs.lib.mkOption { @@ -32,53 +36,53 @@ let }; -in + config = { -{ - require = [options]; - - environment.etc = - { # /etc/services: TCP/UDP port assignments. - "services".source = pkgs.iana_etc + "/etc/services"; - - # /etc/protocols: IP protocol numbers. - "protocols".source = pkgs.iana_etc + "/etc/protocols"; - - # /etc/rpc: RPC program numbers. - "rpc".source = pkgs.glibc + "/etc/rpc"; - - # /etc/hosts: Hostname-to-IP mappings. - "hosts".text = - '' - 127.0.0.1 localhost - ${optionalString cfg.enableIPv6 '' - ::1 localhost - ''} - ${cfg.extraHosts} - ''; - - # /etc/resolvconf.conf: Configuration for openresolv. - "resolvconf.conf".text = + environment.etc = + { # /etc/services: TCP/UDP port assignments. + "services".source = pkgs.iana_etc + "/etc/services"; + + # /etc/protocols: IP protocol numbers. + "protocols".source = pkgs.iana_etc + "/etc/protocols"; + + # /etc/rpc: RPC program numbers. + "rpc".source = pkgs.glibc + "/etc/rpc"; + + # /etc/hosts: Hostname-to-IP mappings. + "hosts".text = '' - # This is the default, but we must set it here to prevent - # a collision with an apparently unrelated environment - # variable with the same name exported by dhcpcd. - interface_order='lo lo[0-9]*' - '' + optionalString config.services.nscd.enable '' - # Invalidate the nscd cache whenever resolv.conf is - # regenerated. - libc_restart='${pkgs.systemd}/bin/systemctl try-restart --no-block nscd.service' - '' + optionalString cfg.dnsSingleRequest '' - # only send one DNS request at a time - resolv_conf_options='single-request' - '' + optionalString config.services.bind.enable '' - # This hosts runs a full-blown DNS resolver. - name_servers='127.0.0.1' + 127.0.0.1 localhost + ${optionalString cfg.enableIPv6 '' + ::1 localhost + ''} + ${cfg.extraHosts} ''; - }; - # The ‘ip-up’ target is started when we have IP connectivity. So - # services that depend on IP connectivity (like ntpd) should be - # pulled in by this target. - systemd.targets.ip-up.description = "Services Requiring IP Connectivity"; + # /etc/resolvconf.conf: Configuration for openresolv. + "resolvconf.conf".text = + '' + # This is the default, but we must set it here to prevent + # a collision with an apparently unrelated environment + # variable with the same name exported by dhcpcd. + interface_order='lo lo[0-9]*' + '' + optionalString config.services.nscd.enable '' + # Invalidate the nscd cache whenever resolv.conf is + # regenerated. + libc_restart='${pkgs.systemd}/bin/systemctl try-restart --no-block nscd.service' + '' + optionalString cfg.dnsSingleRequest '' + # only send one DNS request at a time + resolv_conf_options='single-request' + '' + optionalString config.services.bind.enable '' + # This hosts runs a full-blown DNS resolver. + name_servers='127.0.0.1' + ''; + }; + + # The ‘ip-up’ target is started when we have IP connectivity. So + # services that depend on IP connectivity (like ntpd) should be + # pulled in by this target. + systemd.targets.ip-up.description = "Services Requiring IP Connectivity"; + + }; + } diff --git a/modules/config/nsswitch.nix b/modules/config/nsswitch.nix index 7e989c163e3..0a922756bf9 100644 --- a/modules/config/nsswitch.nix +++ b/modules/config/nsswitch.nix @@ -6,17 +6,22 @@ with pkgs.lib; let + inherit (config.services.avahi) nssmdns; + +in + +{ options = { # NSS modules. Hacky! system.nssModules = mkOption { internal = true; default = []; - description = " + description = '' Search path for NSS (Name Service Switch) modules. This allows several DNS resolution methods to be specified via <filename>/etc/nsswitch.conf</filename>. - "; + ''; merge = mergeListOption; apply = list: { @@ -27,34 +32,31 @@ let }; - inherit (config.services.avahi) nssmdns; - -in + config = { + + environment.etc = + [ # Name Service Switch configuration file. Required by the C library. + # !!! Factor out the mdns stuff. The avahi module should define + # an option used by this module. + { source = pkgs.writeText "nsswitch.conf" + '' + passwd: files ldap + group: files ldap + shadow: files ldap + hosts: files ${optionalString nssmdns "mdns_minimal [NOTFOUND=return]"} dns ${optionalString nssmdns "mdns"} myhostname + networks: files dns + ethers: files + services: files + protocols: files + ''; + target = "nsswitch.conf"; + } + ]; + + # Use nss-myhostname to ensure that our hostname always resolves to + # a valid IP address. It returns all locally configured IP + # addresses, or ::1 and 127.0.0.2 as fallbacks. + system.nssModules = [ pkgs.systemd ]; -{ - require = [ options ]; - - environment.etc = - [ # Name Service Switch configuration file. Required by the C library. - # !!! Factor out the mdns stuff. The avahi module should define - # an option used by this module. - { source = pkgs.writeText "nsswitch.conf" - '' - passwd: files ldap - group: files ldap - shadow: files ldap - hosts: files ${optionalString nssmdns "mdns_minimal [NOTFOUND=return]"} dns ${optionalString nssmdns "mdns"} myhostname - networks: files dns - ethers: files - services: files - protocols: files - ''; - target = "nsswitch.conf"; - } - ]; - - # Use nss-myhostname to ensure that our hostname always resolves to - # a valid IP address. It returns all locally configured IP - # addresses, or ::1 and 127.0.0.2 as fallbacks. - system.nssModules = [ pkgs.systemd ]; + }; } diff --git a/modules/config/system-path.nix b/modules/config/system-path.nix index 6e73118fe08..e65be03afac 100644 --- a/modules/config/system-path.nix +++ b/modules/config/system-path.nix @@ -54,7 +54,9 @@ let extraManpages ]; +in +{ options = { environment = { @@ -78,9 +80,7 @@ let # to work. default = []; example = ["/"]; - description = " - Lists directories to be symlinked in `/run/current-system/sw'. - "; + description = "List of directories to be symlinked in `/run/current-system/sw'."; }; }; @@ -120,24 +120,23 @@ let }; + config = { -in + environment.systemPackages = requiredPackages; -{ - require = [ options ]; - - environment.systemPackages = requiredPackages; - environment.pathsToLink = [ - "/bin" - "/etc/xdg" - "/info" - "/lib" - "/man" - "/sbin" - "/share/emacs" - "/share/org" - "/share/info" - "/share/terminfo" - "/share/man" - ]; + environment.pathsToLink = + [ "/bin" + "/etc/xdg" + "/info" + "/lib" + "/man" + "/sbin" + "/share/emacs" + "/share/org" + "/share/info" + "/share/terminfo" + "/share/man" + ]; + + }; } diff --git a/modules/config/unix-odbc-drivers.nix b/modules/config/unix-odbc-drivers.nix index 8950898e1dd..0f608469058 100644 --- a/modules/config/unix-odbc-drivers.nix +++ b/modules/config/unix-odbc-drivers.nix @@ -1,43 +1,34 @@ -{pkgs, config, ...}: +{ config, pkgs, ... }: -###### interface -let - inherit (pkgs.lib) mkOption mkIf; +with pkgs.lib; + +# unixODBC drivers (this solution is not perfect.. Because the user has to +# ask the admin to add a driver.. but it's simple and works + +{ + ###### interface options = { - environment = { - unixODBCDrivers = mkOption { - default = []; - example = "map (x : x.ini) (with pkgs.unixODBCDrivers; [ mysql psql psqlng ] )"; - description = '' - specifies unix odbc drivers to be registered at /etc/odbcinst.ini. - Maybe you also want to add pkgs.unixODBC to the system path to get a - command line client t connnect to odbc databases. - ''; - }; + environment.unixODBCDrivers = mkOption { + default = []; + example = literalExample "map (x : x.ini) (with pkgs.unixODBCDrivers; [ mysql psql psqlng ] )"; + description = '' + Specifies Unix ODBC drivers to be registered in + <filename>/etc/odbcinst.ini</filename>. You may also want to + add <literal>pkgs.unixODBC</literal> to the system path to get + a command line client to connnect to ODBC databases. + ''; }; }; -in -###### implementation + ###### implementation + config = mkIf (config.environment.unixODBCDrivers != []) { -# unixODBC drivers (this solution is not perfect.. Because the user has to -# ask the admin to add a driver.. but it's simple and works - -mkIf (config.environment.unixODBCDrivers != []) { + environment.etc."odbcinst.ini".text = + let inis = config.environment.unixODBCDrivers; + in pkgs.lib.concatStringsSep "\n" inis; - require = [ - options - ]; - - environment = { - etc = [ - { source = - let inis = config.environment.unixODBCDrivers; - in pkgs.writeText "odbcinst.ini" (pkgs.lib.concatStringsSep "\n" inis); - target = "odbcinst.ini"; - } - ]; }; + } diff --git a/modules/hardware/pcmcia.nix b/modules/hardware/pcmcia.nix index 0ab5e35ea80..0dba59734ca 100644 --- a/modules/hardware/pcmcia.nix +++ b/modules/hardware/pcmcia.nix @@ -1,61 +1,59 @@ -{pkgs, config, ...}: +{ config, pkgs, ... }: + +with pkgs.lib; -###### interface let - inherit (pkgs.lib) mkOption - mergeEnableOption mergeListOption; + + pcmciaUtils = pkgs.pcmciaUtils.passthru.function { + inherit (config.hardware.pcmcia) firmware config; + }; + +in + + +{ + ###### interface options = { - hardware = { - pcmcia = { - enable = mkOption { - default = false; - merge = mergeEnableOption; - description = '' - Enable this option to support PCMCIA card. - ''; - }; - - firmware = mkOption { - default = []; - merge = mergeListOption; - description = '' - List of firmware used to handle specific PCMCIA card. - ''; - }; - - config = mkOption { - default = null; - description = '' - Path to the configuration file which map the memory, irq - and ports used by the PCMCIA hardware. - ''; - }; + + hardware.pcmcia = { + enable = mkOption { + default = false; + merge = mergeEnableOption; + description = '' + Enable this option to support PCMCIA card. + ''; + }; + + firmware = mkOption { + default = []; + merge = mergeListOption; + description = '' + List of firmware used to handle specific PCMCIA card. + ''; + }; + + config = mkOption { + default = null; + description = '' + Path to the configuration file which map the memory, irq + and ports used by the PCMCIA hardware. + ''; }; }; + }; -in -###### implementation -let - inherit (pkgs.lib) mkIf; + ###### implementation - pcmciaUtils = pkgs.pcmciaUtils.passthru.function { - inherit (config.hardware.pcmcia) firmware config; - }; -in + config = mkIf config.hardware.pcmcia.enable { + boot.kernelModules = [ "pcmcia" ]; -mkIf config.hardware.pcmcia.enable { - require = [ - # ../upstart-jobs/udev.nix - # ? # config.environment.extraPackages - options - ]; + services.udev.packages = [ pcmciaUtils ]; - boot.kernelModules = [ "pcmcia" ]; + environment.systemPackages = [ pcmciaUtils ]; - services.udev.packages = [ pcmciaUtils ]; + }; - environment.systemPackages = [ pcmciaUtils ]; } diff --git a/modules/installer/cd-dvd/installation-cd-base.nix b/modules/installer/cd-dvd/installation-cd-base.nix index 5c67c8e2a9d..31f803bac32 100644 --- a/modules/installer/cd-dvd/installation-cd-base.nix +++ b/modules/installer/cd-dvd/installation-cd-base.nix @@ -6,7 +6,7 @@ with pkgs.lib; { - require = + imports = [ ./memtest.nix ./channel.nix ./iso-image.nix diff --git a/modules/installer/cd-dvd/installation-cd-efi.nix b/modules/installer/cd-dvd/installation-cd-efi.nix index d018d6aeaa7..4c15fc76584 100644 --- a/modules/installer/cd-dvd/installation-cd-efi.nix +++ b/modules/installer/cd-dvd/installation-cd-efi.nix @@ -1,7 +1,7 @@ { config, pkgs, ... }: { - require = [ ./installation-cd-minimal.nix ]; + imports = [ ./installation-cd-minimal.nix ]; boot.kernelPackages = pkgs.linuxPackages_3_9; boot.vesa = false; diff --git a/modules/installer/cd-dvd/installation-cd-graphical.nix b/modules/installer/cd-dvd/installation-cd-graphical.nix index 2d3ef844f27..debf3e7db90 100644 --- a/modules/installer/cd-dvd/installation-cd-graphical.nix +++ b/modules/installer/cd-dvd/installation-cd-graphical.nix @@ -6,10 +6,7 @@ with pkgs.lib; { - require = [ - ./installation-cd-base.nix - ../../profiles/graphical.nix - ]; + imports = [ ./installation-cd-base.nix ../../profiles/graphical.nix ]; # Provide wicd for easy wireless configuration. #networking.wicd.enable = true; diff --git a/modules/installer/cd-dvd/installation-cd-minimal-new-kernel.nix b/modules/installer/cd-dvd/installation-cd-minimal-new-kernel.nix index eb4af233c3e..38d02ffd162 100644 --- a/modules/installer/cd-dvd/installation-cd-minimal-new-kernel.nix +++ b/modules/installer/cd-dvd/installation-cd-minimal-new-kernel.nix @@ -1,7 +1,7 @@ { config, pkgs, ... }: { - require = [ ./installation-cd-minimal.nix ]; + imports = [ ./installation-cd-minimal.nix ]; boot.kernelPackages = pkgs.linuxPackages_3_10; boot.vesa = false; diff --git a/modules/installer/cd-dvd/installation-cd-minimal.nix b/modules/installer/cd-dvd/installation-cd-minimal.nix index f568f2462a0..a7498906a86 100644 --- a/modules/installer/cd-dvd/installation-cd-minimal.nix +++ b/modules/installer/cd-dvd/installation-cd-minimal.nix @@ -4,7 +4,7 @@ { config, pkgs, ... }: { - require = + imports = [ ./installation-cd-base.nix ../../profiles/minimal.nix ]; diff --git a/modules/installer/cd-dvd/installation-cd-new-kernel.nix b/modules/installer/cd-dvd/installation-cd-new-kernel.nix index 058e7ffc899..93bcbf00b25 100644 --- a/modules/installer/cd-dvd/installation-cd-new-kernel.nix +++ b/modules/installer/cd-dvd/installation-cd-new-kernel.nix @@ -1,7 +1,7 @@ { config, pkgs, ... }: { - require = [ ./installation-cd-graphical.nix ]; + imports = [ ./installation-cd-graphical.nix ]; boot.kernelPackages = pkgs.linuxPackages_3_10; boot.vesa = false; diff --git a/modules/installer/cd-dvd/iso-image.nix b/modules/installer/cd-dvd/iso-image.nix index 96a4d411d0b..fdc8e6a6f9f 100644 --- a/modules/installer/cd-dvd/iso-image.nix +++ b/modules/installer/cd-dvd/iso-image.nix @@ -8,6 +8,79 @@ with pkgs.lib; let + # The Grub image. + grubImage = pkgs.runCommand "grub_eltorito" {} + '' + ${pkgs.grub2}/bin/grub-mkimage -O i386-pc -o tmp biosdisk iso9660 help linux linux16 chain png jpeg echo gfxmenu reboot + cat ${pkgs.grub2}/lib/grub/*/cdboot.img tmp > $out + ''; # */ + + + # The configuration file for Grub. + grubCfg = + '' + set default=${builtins.toString config.boot.loader.grub.default} + set timeout=${builtins.toString config.boot.loader.grub.timeout} + + if loadfont /boot/grub/unicode.pf2; then + set gfxmode=640x480 + insmod gfxterm + insmod vbe + terminal_output gfxterm + + insmod png + if background_image /boot/grub/splash.png; then + set color_normal=white/black + set color_highlight=black/white + else + set menu_color_normal=cyan/blue + set menu_color_highlight=white/blue + fi + + fi + + ${config.boot.loader.grub.extraEntries} + ''; + + + # The efi boot image + efiImg = pkgs.runCommand "efi-image_eltorito" {} + '' + #Let's hope 10M is enough + dd bs=2048 count=5120 if=/dev/zero of="$out" + ${pkgs.dosfstools}/sbin/mkfs.vfat "$out" + ${pkgs.mtools}/bin/mmd -i "$out" efi + ${pkgs.mtools}/bin/mmd -i "$out" efi/boot + ${pkgs.mtools}/bin/mmd -i "$out" efi/nixos + ${pkgs.mtools}/bin/mmd -i "$out" loader + ${pkgs.mtools}/bin/mmd -i "$out" loader/entries + ${pkgs.mtools}/bin/mcopy -v -i "$out" \ + ${pkgs.gummiboot}/lib/gummiboot/gummiboot${targetArch}.efi \ + ::efi/boot/boot${targetArch}.efi + ${pkgs.mtools}/bin/mcopy -v -i "$out" \ + ${config.boot.kernelPackages.kernel + "/bzImage"} ::bzImage + ${pkgs.mtools}/bin/mcopy -v -i "$out" \ + ${config.system.build.initialRamdisk + "/initrd"} ::efi/nixos/initrd + echo "title NixOS LiveCD" > boot-params + echo "linux /bzImage" >> boot-params + echo "initrd /efi/nixos/initrd" >> boot-params + echo "options init=${config.system.build.toplevel}/init ${toString config.boot.kernelParams}" >> boot-params + ${pkgs.mtools}/bin/mcopy -v -i "$out" boot-params ::loader/entries/nixos-livecd.conf + echo "default nixos-livecd" > boot-params + echo "timeout 5" >> boot-params + ${pkgs.mtools}/bin/mcopy -v -i "$out" boot-params ::loader/loader.conf + ''; + + targetArch = if pkgs.stdenv.isi686 then + "ia32" + else if pkgs.stdenv.isx86_64 then + "x64" + else + throw "Unsupported architecture"; + +in + +{ options = { isoImage.isoName = mkOption { @@ -84,228 +157,157 @@ let }; - # The Grub image. - grubImage = pkgs.runCommand "grub_eltorito" {} - '' - ${pkgs.grub2}/bin/grub-mkimage -O i386-pc -o tmp biosdisk iso9660 help linux linux16 chain png jpeg echo gfxmenu reboot - cat ${pkgs.grub2}/lib/grub/*/cdboot.img tmp > $out - ''; # */ + config = { + boot.loader.grub.version = 2; - # The configuration file for Grub. - grubCfg = - '' - set default=${builtins.toString config.boot.loader.grub.default} - set timeout=${builtins.toString config.boot.loader.grub.timeout} + # Don't build the GRUB menu builder script, since we don't need it + # here and it causes a cyclic dependency. + boot.loader.grub.enable = false; - if loadfont /boot/grub/unicode.pf2; then - set gfxmode=640x480 - insmod gfxterm - insmod vbe - terminal_output gfxterm + # !!! Hack - attributes expected by other modules. + system.boot.loader.kernelFile = "bzImage"; + environment.systemPackages = [ pkgs.grub2 ]; - insmod png - if background_image /boot/grub/splash.png; then - set color_normal=white/black - set color_highlight=black/white - else - set menu_color_normal=cyan/blue - set menu_color_highlight=white/blue - fi + # In stage 1 of the boot, mount the CD as the root FS by label so + # that we don't need to know its device. We pass the label of the + # root filesystem on the kernel command line, rather than in + # `fileSystems' below. This allows CD-to-USB converters such as + # UNetbootin to rewrite the kernel command line to pass the label or + # UUID of the USB stick. It would be nicer to write + # `root=/dev/disk/by-label/...' here, but UNetbootin doesn't + # recognise that. + boot.kernelParams = [ "root=LABEL=${config.isoImage.volumeID}" ]; - fi + # Note that /dev/root is a symlink to the actual root device + # specified on the kernel command line, created in the stage 1 init + # script. + fileSystems."/".device = "/dev/root"; - ${config.boot.loader.grub.extraEntries} - ''; + fileSystems."/nix/store" = + { fsType = "squashfs"; + device = "/nix-store.squashfs"; + options = "loop"; + }; + boot.initrd.availableKernelModules = [ "squashfs" "iso9660" ]; - # The efi boot image - efiImg = pkgs.runCommand "efi-image_eltorito" {} - '' - #Let's hope 10M is enough - dd bs=2048 count=5120 if=/dev/zero of="$out" - ${pkgs.dosfstools}/sbin/mkfs.vfat "$out" - ${pkgs.mtools}/bin/mmd -i "$out" efi - ${pkgs.mtools}/bin/mmd -i "$out" efi/boot - ${pkgs.mtools}/bin/mmd -i "$out" efi/nixos - ${pkgs.mtools}/bin/mmd -i "$out" loader - ${pkgs.mtools}/bin/mmd -i "$out" loader/entries - ${pkgs.mtools}/bin/mcopy -v -i "$out" \ - ${pkgs.gummiboot}/lib/gummiboot/gummiboot${targetArch}.efi \ - ::efi/boot/boot${targetArch}.efi - ${pkgs.mtools}/bin/mcopy -v -i "$out" \ - ${config.boot.kernelPackages.kernel + "/bzImage"} ::bzImage - ${pkgs.mtools}/bin/mcopy -v -i "$out" \ - ${config.system.build.initialRamdisk + "/initrd"} ::efi/nixos/initrd - echo "title NixOS LiveCD" > boot-params - echo "linux /bzImage" >> boot-params - echo "initrd /efi/nixos/initrd" >> boot-params - echo "options init=${config.system.build.toplevel}/init ${toString config.boot.kernelParams}" >> boot-params - ${pkgs.mtools}/bin/mcopy -v -i "$out" boot-params ::loader/entries/nixos-livecd.conf - echo "default nixos-livecd" > boot-params - echo "timeout 5" >> boot-params - ${pkgs.mtools}/bin/mcopy -v -i "$out" boot-params ::loader/loader.conf - ''; + boot.initrd.kernelModules = [ "loop" ]; - targetArch = if pkgs.stdenv.isi686 then - "ia32" - else if pkgs.stdenv.isx86_64 then - "x64" - else - throw "Unsupported architecture"; + boot.kernelModules = pkgs.stdenv.lib.optional config.isoImage.makeEfiBootable "efivars"; -in + # In stage 1, mount a tmpfs on top of / (the ISO image) and + # /nix/store (the squashfs image) to make this a live CD. + boot.initrd.postMountCommands = + '' + mkdir -p /unionfs-chroot/ro-root + mount --rbind $targetRoot /unionfs-chroot/ro-root -{ - require = options; - - boot.loader.grub.version = 2; - - # Don't build the GRUB menu builder script, since we don't need it - # here and it causes a cyclic dependency. - boot.loader.grub.enable = false; - - # !!! Hack - attributes expected by other modules. - system.boot.loader.kernelFile = "bzImage"; - environment.systemPackages = [ pkgs.grub2 ]; - - # In stage 1 of the boot, mount the CD as the root FS by label so - # that we don't need to know its device. We pass the label of the - # root filesystem on the kernel command line, rather than in - # `fileSystems' below. This allows CD-to-USB converters such as - # UNetbootin to rewrite the kernel command line to pass the label or - # UUID of the USB stick. It would be nicer to write - # `root=/dev/disk/by-label/...' here, but UNetbootin doesn't - # recognise that. - boot.kernelParams = [ "root=LABEL=${config.isoImage.volumeID}" ]; - - # Note that /dev/root is a symlink to the actual root device - # specified on the kernel command line, created in the stage 1 init - # script. - fileSystems."/".device = "/dev/root"; - - fileSystems."/nix/store" = - { fsType = "squashfs"; - device = "/nix-store.squashfs"; - options = "loop"; - }; + mkdir /unionfs-chroot/rw-root + mount -t tmpfs -o "mode=755" none /unionfs-chroot/rw-root + mkdir /mnt-root-union + unionfs -o allow_other,cow,chroot=/unionfs-chroot,max_files=32768 /rw-root=RW:/ro-root=RO /mnt-root-union + oldTargetRoot=$targetRoot + targetRoot=/mnt-root-union - boot.initrd.availableKernelModules = [ "squashfs" "iso9660" ]; + mkdir /unionfs-chroot/rw-store + mount -t tmpfs -o "mode=755" none /unionfs-chroot/rw-store + mkdir -p $oldTargetRoot/nix/store + unionfs -o allow_other,cow,nonempty,chroot=/unionfs-chroot,max_files=32768 /rw-store=RW:/ro-root/nix/store=RO /mnt-root-union/nix/store + ''; - boot.initrd.kernelModules = [ "loop" ]; + # Closures to be copied to the Nix store on the CD, namely the init + # script and the top-level system configuration directory. + isoImage.storeContents = + [ config.system.build.toplevel ] ++ + optional config.isoImage.includeSystemBuildDependencies + config.system.build.toplevel.drvPath; + + # Create the squashfs image that contains the Nix store. + system.build.squashfsStore = import ../../../lib/make-squashfs.nix { + inherit (pkgs) stdenv squashfsTools perl pathsFromGraph; + storeContents = config.isoImage.storeContents; + }; - boot.kernelModules = pkgs.stdenv.lib.optional config.isoImage.makeEfiBootable "efivars"; + # Individual files to be included on the CD, outside of the Nix + # store on the CD. + isoImage.contents = + [ { source = grubImage; + target = "/boot/grub/grub_eltorito"; + } + { source = pkgs.writeText "grub.cfg" grubCfg; + target = "/boot/grub/grub.cfg"; + } + { source = config.boot.kernelPackages.kernel + "/bzImage"; + target = "/boot/bzImage"; + } + { source = config.system.build.initialRamdisk + "/initrd"; + target = "/boot/initrd"; + } + { source = "${pkgs.grub2}/share/grub/unicode.pf2"; + target = "/boot/grub/unicode.pf2"; + } + { source = config.boot.loader.grub.splashImage; + target = "/boot/grub/splash.png"; + } + { source = config.system.build.squashfsStore; + target = "/nix-store.squashfs"; + } + { # Quick hack: need a mount point for the store. + source = pkgs.runCommand "empty" {} "ensureDir $out"; + target = "/nix/store"; + } + ] ++ pkgs.stdenv.lib.optionals config.isoImage.makeEfiBootable [ + { source = efiImg; + target = "/boot/efi.img"; + } + ]; + + # The Grub menu. + boot.loader.grub.extraEntries = + '' + menuentry "NixOS Installer / Rescue" { + linux /boot/bzImage init=${config.system.build.toplevel}/init ${toString config.boot.kernelParams} + initrd /boot/initrd + } + + menuentry "Boot from hard disk" { + set root=(hd0) + chainloader +1 + } + ''; - # In stage 1, mount a tmpfs on top of / (the ISO image) and - # /nix/store (the squashfs image) to make this a live CD. - boot.initrd.postMountCommands = - '' - mkdir -p /unionfs-chroot/ro-root - mount --rbind $targetRoot /unionfs-chroot/ro-root - - mkdir /unionfs-chroot/rw-root - mount -t tmpfs -o "mode=755" none /unionfs-chroot/rw-root - mkdir /mnt-root-union - unionfs -o allow_other,cow,chroot=/unionfs-chroot,max_files=32768 /rw-root=RW:/ro-root=RO /mnt-root-union - oldTargetRoot=$targetRoot - targetRoot=/mnt-root-union - - mkdir /unionfs-chroot/rw-store - mount -t tmpfs -o "mode=755" none /unionfs-chroot/rw-store - mkdir -p $oldTargetRoot/nix/store - unionfs -o allow_other,cow,nonempty,chroot=/unionfs-chroot,max_files=32768 /rw-store=RW:/ro-root/nix/store=RO /mnt-root-union/nix/store - ''; + boot.loader.grub.timeout = 10; - # Closures to be copied to the Nix store on the CD, namely the init - # script and the top-level system configuration directory. - isoImage.storeContents = - [ config.system.build.toplevel ] ++ - optional config.isoImage.includeSystemBuildDependencies - config.system.build.toplevel.drvPath; - - # Create the squashfs image that contains the Nix store. - system.build.squashfsStore = import ../../../lib/make-squashfs.nix { - inherit (pkgs) stdenv squashfsTools perl pathsFromGraph; - storeContents = config.isoImage.storeContents; - }; + # Create the ISO image. + system.build.isoImage = import ../../../lib/make-iso9660-image.nix ({ + inherit (pkgs) stdenv perl cdrkit pathsFromGraph; - # Individual files to be included on the CD, outside of the Nix - # store on the CD. - isoImage.contents = - [ { source = grubImage; - target = "/boot/grub/grub_eltorito"; - } - { source = pkgs.writeText "grub.cfg" grubCfg; - target = "/boot/grub/grub.cfg"; - } - { source = config.boot.kernelPackages.kernel + "/bzImage"; - target = "/boot/bzImage"; - } - { source = config.system.build.initialRamdisk + "/initrd"; - target = "/boot/initrd"; - } - { source = "${pkgs.grub2}/share/grub/unicode.pf2"; - target = "/boot/grub/unicode.pf2"; - } - { source = config.boot.loader.grub.splashImage; - target = "/boot/grub/splash.png"; - } - { source = config.system.build.squashfsStore; - target = "/nix-store.squashfs"; - } - { # Quick hack: need a mount point for the store. - source = pkgs.runCommand "empty" {} "ensureDir $out"; - target = "/nix/store"; - } - ] ++ pkgs.stdenv.lib.optionals config.isoImage.makeEfiBootable [ - { source = efiImg; - target = "/boot/efi.img"; - } - ]; - - # The Grub menu. - boot.loader.grub.extraEntries = - '' - menuentry "NixOS Installer / Rescue" { - linux /boot/bzImage init=${config.system.build.toplevel}/init ${toString config.boot.kernelParams} - initrd /boot/initrd - } - - menuentry "Boot from hard disk" { - set root=(hd0) - chainloader +1 - } - ''; + inherit (config.isoImage) isoName compressImage volumeID contents; - boot.loader.grub.timeout = 10; + bootable = true; + bootImage = "/boot/grub/grub_eltorito"; + } // pkgs.stdenv.lib.optionalAttrs config.isoImage.makeEfiBootable { + efiBootable = true; + efiBootImage = "boot/efi.img"; + }); - # Create the ISO image. - system.build.isoImage = import ../../../lib/make-iso9660-image.nix ({ - inherit (pkgs) stdenv perl cdrkit pathsFromGraph; + boot.postBootCommands = + '' + # After booting, register the contents of the Nix store on the + # CD in the Nix database in the tmpfs. + ${config.environment.nix}/bin/nix-store --load-db < /nix/store/nix-path-registration - inherit (config.isoImage) isoName compressImage volumeID contents; + # nixos-rebuild also requires a "system" profile and an + # /etc/NIXOS tag. + touch /etc/NIXOS + ${config.environment.nix}/bin/nix-env -p /nix/var/nix/profiles/system --set /run/current-system + ''; - bootable = true; - bootImage = "/boot/grub/grub_eltorito"; - } // pkgs.stdenv.lib.optionalAttrs config.isoImage.makeEfiBootable { - efiBootable = true; - efiBootImage = "boot/efi.img"; - }); + # Add vfat support to the initrd to enable people to copy the + # contents of the CD to a bootable USB stick. Need unionfs-fuse for union mounts + boot.initrd.supportedFilesystems = [ "vfat" "unionfs-fuse" ]; - boot.postBootCommands = - '' - # After booting, register the contents of the Nix store on the - # CD in the Nix database in the tmpfs. - ${config.environment.nix}/bin/nix-store --load-db < /nix/store/nix-path-registration - - # nixos-rebuild also requires a "system" profile and an - # /etc/NIXOS tag. - touch /etc/NIXOS - ${config.environment.nix}/bin/nix-env -p /nix/var/nix/profiles/system --set /run/current-system - ''; + }; - # Add vfat support to the initrd to enable people to copy the - # contents of the CD to a bootable USB stick. Need unionfs-fuse for union mounts - boot.initrd.supportedFilesystems = [ "vfat" "unionfs-fuse" ]; - } diff --git a/modules/installer/cd-dvd/live-dvd.nix b/modules/installer/cd-dvd/live-dvd.nix index c5a89a3173e..e57be6d442e 100644 --- a/modules/installer/cd-dvd/live-dvd.nix +++ b/modules/installer/cd-dvd/live-dvd.nix @@ -1,11 +1,11 @@ -{config, pkgs, ...}: +{ config, pkgs, ... }: { - require = [./installation-cd-base.nix]; + imports = [ ./installation-cd-base.nix ]; # Build the build-time dependencies of this configuration on the DVD # to speed up installation. - isoImage.storeContents = [config.system.build.toplevel.drvPath]; + isoImage.storeContents = [ config.system.build.toplevel.drvPath ]; # Include lots of packages. environment.systemPackages = diff --git a/modules/installer/cd-dvd/system-tarball-fuloong2f.nix b/modules/installer/cd-dvd/system-tarball-fuloong2f.nix index 9953d08d698..968605734a1 100644 --- a/modules/installer/cd-dvd/system-tarball-fuloong2f.nix +++ b/modules/installer/cd-dvd/system-tarball-fuloong2f.nix @@ -12,15 +12,10 @@ let # evaluated. So we'll just hope for the best. dummyConfiguration = pkgs.writeText "configuration.nix" '' - {config, pkgs, ...}: + { config, pkgs, ... }: - { - require = [ ]; - - # Add your own options below - # E.g., + { # Add your own options below, e.g.: # services.openssh.enable = true; - nixpkgs.config.platform = pkgs.platforms.fuloong2f_n32; } ''; @@ -45,11 +40,7 @@ let in { - require = - [ - ./system-tarball.nix - ]; - + imports = [ ./system-tarball.nix ]; # Disable some other stuff we don't need. security.sudo.enable = false; diff --git a/modules/installer/cd-dvd/system-tarball-pc.nix b/modules/installer/cd-dvd/system-tarball-pc.nix index 91eba4ec852..7619f074b74 100644 --- a/modules/installer/cd-dvd/system-tarball-pc.nix +++ b/modules/installer/cd-dvd/system-tarball-pc.nix @@ -65,7 +65,7 @@ let in { - require = + imports = [ ./system-tarball.nix # Profiles of this basic installation. diff --git a/modules/installer/cd-dvd/system-tarball-sheevaplug.nix b/modules/installer/cd-dvd/system-tarball-sheevaplug.nix index 06a02333062..ed78bc2a067 100644 --- a/modules/installer/cd-dvd/system-tarball-sheevaplug.nix +++ b/modules/installer/cd-dvd/system-tarball-sheevaplug.nix @@ -15,11 +15,9 @@ let # evaluated. So we'll just hope for the best. dummyConfiguration = pkgs.writeText "configuration.nix" '' - {config, pkgs, ...}: + { config, pkgs, ... }: { - require = [ ]; - # Add your own options below and run "nixos-rebuild switch". # E.g., # services.openssh.enable = true; @@ -39,10 +37,7 @@ let in { - require = - [ - ./system-tarball.nix - ]; + imports = [ ./system-tarball.nix ]; # Disable some other stuff we don't need. security.sudo.enable = false; diff --git a/modules/installer/cd-dvd/system-tarball.nix b/modules/installer/cd-dvd/system-tarball.nix index 95f7582d0ca..6bf8eebdac5 100644 --- a/modules/installer/cd-dvd/system-tarball.nix +++ b/modules/installer/cd-dvd/system-tarball.nix @@ -8,6 +8,11 @@ with pkgs.lib; let + versionFile = pkgs.writeText "nixos-version" config.system.nixosVersion; + +in + +{ options = { tarball.contents = mkOption { example = @@ -31,59 +36,57 @@ let }; - versionFile = pkgs.writeText "nixos-version" config.system.nixosVersion; + config = { -in + # In stage 1 of the boot, mount the CD/DVD as the root FS by label + # so that we don't need to know its device. + fileSystems = [ ]; + + # boot.initrd.availableKernelModules = [ "mvsdio" "mmc_block" "reiserfs" "ext3" "ext4" ]; + + # boot.initrd.kernelModules = [ "rtc_mv" ]; + + # Closures to be copied to the Nix store on the CD, namely the init + # script and the top-level system configuration directory. + tarball.storeContents = + [ { object = config.system.build.toplevel; + symlink = "/run/current-system"; + } + ]; + + # Individual files to be included on the CD, outside of the Nix + # store on the CD. + tarball.contents = + [ { source = config.system.build.initialRamdisk + "/initrd"; + target = "/boot/initrd"; + } + { source = versionFile; + target = "/nixos-version.txt"; + } + ]; + + # Create the tarball + system.build.tarball = import ../../../lib/make-system-tarball.nix { + inherit (pkgs) stdenv perl xz pathsFromGraph; + + inherit (config.tarball) contents storeContents; + }; + + boot.postBootCommands = + '' + # After booting, register the contents of the Nix store on the + # CD in the Nix database in the tmpfs. + if [ -f /nix-path-registration ]; then + ${config.environment.nix}/bin/nix-store --load-db < /nix-path-registration && + rm /nix-path-registration + fi + + # nixos-rebuild also requires a "system" profile and an + # /etc/NIXOS tag. + touch /etc/NIXOS + ${config.environment.nix}/bin/nix-env -p /nix/var/nix/profiles/system --set /run/current-system + ''; -{ - require = options; - - # In stage 1 of the boot, mount the CD/DVD as the root FS by label - # so that we don't need to know its device. - fileSystems = [ ]; - - # boot.initrd.availableKernelModules = [ "mvsdio" "mmc_block" "reiserfs" "ext3" "ext4" ]; - - # boot.initrd.kernelModules = [ "rtc_mv" ]; - - # Closures to be copied to the Nix store on the CD, namely the init - # script and the top-level system configuration directory. - tarball.storeContents = - [ { object = config.system.build.toplevel; - symlink = "/run/current-system"; - } - ]; - - # Individual files to be included on the CD, outside of the Nix - # store on the CD. - tarball.contents = - [ { source = config.system.build.initialRamdisk + "/initrd"; - target = "/boot/initrd"; - } - { source = versionFile; - target = "/nixos-version.txt"; - } - ]; - - # Create the tarball - system.build.tarball = import ../../../lib/make-system-tarball.nix { - inherit (pkgs) stdenv perl xz pathsFromGraph; - - inherit (config.tarball) contents storeContents; }; - boot.postBootCommands = - '' - # After booting, register the contents of the Nix store on the - # CD in the Nix database in the tmpfs. - if [ -f /nix-path-registration ]; then - ${config.environment.nix}/bin/nix-store --load-db < /nix-path-registration && - rm /nix-path-registration - fi - - # nixos-rebuild also requires a "system" profile and an - # /etc/NIXOS tag. - touch /etc/NIXOS - ${config.environment.nix}/bin/nix-env -p /nix/var/nix/profiles/system --set /run/current-system - ''; } diff --git a/modules/installer/tools/nixos-hardware-scan.pl b/modules/installer/tools/nixos-hardware-scan.pl index 5b90607f4b0..3204f3d4051 100644 --- a/modules/installer/tools/nixos-hardware-scan.pl +++ b/modules/installer/tools/nixos-hardware-scan.pl @@ -8,7 +8,7 @@ my @attrs = (); my @kernelModules = (); my @initrdKernelModules = (); my @modulePackages = (); -my @requires = ("<nixos/modules/installer/scan/not-detected.nix>"); +my @imports = ("<nixos/modules/installer/scan/not-detected.nix>"); sub debug { @@ -227,7 +227,7 @@ my $initrdKernelModules = toNixExpr(removeDups @initrdKernelModules); my $kernelModules = toNixExpr(removeDups @kernelModules); my $modulePackages = toNixExpr(removeDups @modulePackages); my $attrs = multiLineList(" ", removeDups @attrs); -my $requires = multiLineList(" ", removeDups @requires); +my $imports = multiLineList(" ", removeDups @imports); print <<EOF ; @@ -236,7 +236,7 @@ print <<EOF ; { config, pkgs, ... }: { - require = [$requires ]; + imports = [$imports ]; boot.initrd.kernelModules = [$initrdKernelModules ]; boot.kernelModules = [$kernelModules ]; diff --git a/modules/installer/tools/nixos-option.sh b/modules/installer/tools/nixos-option.sh index 4cc6ae64bdc..a542601e57d 100644 --- a/modules/installer/tools/nixos-option.sh +++ b/modules/installer/tools/nixos-option.sh @@ -215,7 +215,7 @@ if $generate; then { config, pkgs, ... }: { - require = + imports = [ # Include the results of the hardware scan. ./hardware-configuration.nix ]; diff --git a/modules/installer/virtualbox-demo.nix b/modules/installer/virtualbox-demo.nix index 3b4238858bd..e3f86edcbf0 100644 --- a/modules/installer/virtualbox-demo.nix +++ b/modules/installer/virtualbox-demo.nix @@ -1,7 +1,7 @@ { config, pkgs, ... }: { - require = + imports = [ ../virtualisation/virtualbox-image.nix ../installer/cd-dvd/channel.nix ../profiles/demo.nix diff --git a/modules/misc/ids.nix b/modules/misc/ids.nix index 6bb98c354db..ca1cc4dc199 100644 --- a/modules/misc/ids.nix +++ b/modules/misc/ids.nix @@ -1,10 +1,9 @@ # This module defines the global list of uids and gids. We keep a # central list to prevent id collisions. -{config, pkgs, ...}: - -let +{ config, pkgs, ... }: +{ options = { ids.uids = pkgs.lib.mkOption { @@ -21,181 +20,181 @@ let }; -in -{ - require = options; + config = { - ids.uids = { - root = 0; - nscd = 1; - sshd = 2; - ntp = 3; - messagebus = 4; # D-Bus - haldaemon = 5; - nagios = 6; - vsftpd = 7; - ftp = 8; - bitlbee = 9; - avahi = 10; - portmap = 11; - atd = 12; - zabbix = 13; - postfix = 14; - dovecot = 15; - tomcat = 16; - pulseaudio = 22; # must match `pulseaudio' GID - gpsd = 23; - polkituser = 28; - uptimed = 29; - ddclient = 30; - davfs2 = 31; - privoxy = 32; - osgi = 34; - tor = 35; - cups = 36; - foldingAtHome = 37; - sabnzbd = 38; - kdm = 39; - ghostOne = 40; - git = 41; - fourStore = 42; - fourStoreEndpoint = 43; - virtuoso = 44; - rtkit = 45; - dovecot2 = 46; - dovenull2 = 47; - unbound = 48; - prayer = 49; - mpd = 50; - clamav = 51; - fprot = 52; - bind = 53; - wwwrun = 54; - spamd = 56; - nslcd = 58; - nginx = 60; - chrony = 61; - smtpd = 63; - smtpq = 64; - supybot = 65; - iodined = 66; - graphite = 68; - statsd = 69; - transmission = 70; - postgres = 71; - smbguest = 74; - varnish = 75; - dd-agent = 76; - lighttpd = 77; - lightdm = 78; - freenet = 79; - ircd = 80; - bacula = 81; - almir = 82; - deluge = 83; - mysql = 84; - rabbitmq = 85; - activemq = 86; - gnunet = 87; - oidentd = 88; - quassel = 89; - amule = 90; - minidlna = 91; - elasticsearch = 92; + ids.uids = { + root = 0; + nscd = 1; + sshd = 2; + ntp = 3; + messagebus = 4; # D-Bus + haldaemon = 5; + nagios = 6; + vsftpd = 7; + ftp = 8; + bitlbee = 9; + avahi = 10; + portmap = 11; + atd = 12; + zabbix = 13; + postfix = 14; + dovecot = 15; + tomcat = 16; + pulseaudio = 22; # must match `pulseaudio' GID + gpsd = 23; + polkituser = 28; + uptimed = 29; + ddclient = 30; + davfs2 = 31; + privoxy = 32; + osgi = 34; + tor = 35; + cups = 36; + foldingAtHome = 37; + sabnzbd = 38; + kdm = 39; + ghostOne = 40; + git = 41; + fourStore = 42; + fourStoreEndpoint = 43; + virtuoso = 44; + rtkit = 45; + dovecot2 = 46; + dovenull2 = 47; + unbound = 48; + prayer = 49; + mpd = 50; + clamav = 51; + fprot = 52; + bind = 53; + wwwrun = 54; + spamd = 56; + nslcd = 58; + nginx = 60; + chrony = 61; + smtpd = 63; + smtpq = 64; + supybot = 65; + iodined = 66; + graphite = 68; + statsd = 69; + transmission = 70; + postgres = 71; + smbguest = 74; + varnish = 75; + dd-agent = 76; + lighttpd = 77; + lightdm = 78; + freenet = 79; + ircd = 80; + bacula = 81; + almir = 82; + deluge = 83; + mysql = 84; + rabbitmq = 85; + activemq = 86; + gnunet = 87; + oidentd = 88; + quassel = 89; + amule = 90; + minidlna = 91; + elasticsearch = 92; - # When adding a uid, make sure it doesn't match an existing gid. + # When adding a uid, make sure it doesn't match an existing gid. - nixbld = 30000; # start of range of uids - nobody = 65534; - }; + nixbld = 30000; # start of range of uids + nobody = 65534; + }; + + ids.gids = { + root = 0; + wheel = 1; + kmem = 2; + tty = 3; + messagebus = 4; # D-Bus + haldaemon = 5; + disk = 6; + vsftpd = 7; + ftp = 8; + bitlbee = 9; + avahi = 10; + portmap = 11; + atd = 12; + postfix = 13; + postdrop = 14; + dovecot = 15; + audio = 17; + floppy = 18; + uucp = 19; + lp = 20; + tomcat = 21; + pulseaudio = 22; # must match `pulseaudio' UID + gpsd = 23; + cdrom = 24; + tape = 25; + video = 26; + dialout = 27; + polkituser = 28; + utmp = 29; + davfs2 = 31; + privoxy = 32; + disnix = 33; + osgi = 34; + ghostOne = 40; + git = 41; + fourStore = 42; + fourStoreEndpoint = 43; + virtuoso = 44; + dovecot2 = 46; + prayer = 49; + mpd = 50; + clamav = 51; + fprot = 52; + wwwrun = 54; + adm = 55; + spamd = 56; + networkmanager = 57; + nslcd = 58; + scanner = 59; + nginx = 60; + systemd-journal = 62; + smtpd = 63; + smtpq = 64; + supybot = 65; + iodined = 66; + libvirtd = 67; + graphite = 68; + transmission = 70; + postgres = 71; + vboxusers = 72; + vboxsf = 73; + smbguest = 74; + varnish = 75; + dd-agent = 76; + lighttpd = 77; + lightdm = 78; + freenet = 79; + ircd = 80; + bacula = 81; + almir = 82; + deluge = 83; + mysql = 84; + rabbitmq = 85; + activemq = 86; + gnunet = 87; + oidentd = 88; + quassel = 89; + amule = 90; + minidlna = 91; - ids.gids = { - root = 0; - wheel = 1; - kmem = 2; - tty = 3; - messagebus = 4; # D-Bus - haldaemon = 5; - disk = 6; - vsftpd = 7; - ftp = 8; - bitlbee = 9; - avahi = 10; - portmap = 11; - atd = 12; - postfix = 13; - postdrop = 14; - dovecot = 15; - audio = 17; - floppy = 18; - uucp = 19; - lp = 20; - tomcat = 21; - pulseaudio = 22; # must match `pulseaudio' UID - gpsd = 23; - cdrom = 24; - tape = 25; - video = 26; - dialout = 27; - polkituser = 28; - utmp = 29; - davfs2 = 31; - privoxy = 32; - disnix = 33; - osgi = 34; - ghostOne = 40; - git = 41; - fourStore = 42; - fourStoreEndpoint = 43; - virtuoso = 44; - dovecot2 = 46; - prayer = 49; - mpd = 50; - clamav = 51; - fprot = 52; - wwwrun = 54; - adm = 55; - spamd = 56; - networkmanager = 57; - nslcd = 58; - scanner = 59; - nginx = 60; - systemd-journal = 62; - smtpd = 63; - smtpq = 64; - supybot = 65; - iodined = 66; - libvirtd = 67; - graphite = 68; - transmission = 70; - postgres = 71; - vboxusers = 72; - vboxsf = 73; - smbguest = 74; - varnish = 75; - dd-agent = 76; - lighttpd = 77; - lightdm = 78; - freenet = 79; - ircd = 80; - bacula = 81; - almir = 82; - deluge = 83; - mysql = 84; - rabbitmq = 85; - activemq = 86; - gnunet = 87; - oidentd = 88; - quassel = 89; - amule = 90; - minidlna = 91; + # When adding a gid, make sure it doesn't match an existing uid. - # When adding a gid, make sure it doesn't match an existing uid. + users = 100; + nixbld = 30000; + nogroup = 65534; + }; - users = 100; - nixbld = 30000; - nogroup = 65534; }; } diff --git a/modules/misc/passthru.nix b/modules/misc/passthru.nix index 9962352a40a..f68adc5e843 100644 --- a/modules/misc/passthru.nix +++ b/modules/misc/passthru.nix @@ -1,21 +1,15 @@ # This module allows you to export something from configuration # Use case: export kernel source expression for ease of configuring -{config, pkgs, ...}: - -let - -options = { - passthru = pkgs.lib.mkOption { - description = '' - This attribute set will be exported as a system attribute. - You can put whatever you want here. - ''; - }; -}; - -in +{ config, pkgs, ... }: { - require = options; + options = { + passthru = pkgs.lib.mkOption { + description = '' + This attribute set will be exported as a system attribute. + You can put whatever you want here. + ''; + }; + }; } diff --git a/modules/module-list.nix b/modules/module-list.nix index b50be9c34fa..1c863c3d1d7 100644 --- a/modules/module-list.nix +++ b/modules/module-list.nix @@ -224,7 +224,6 @@ #./services/x11/window-managers/compiz.nix ./services/x11/window-managers/default.nix ./services/x11/window-managers/icewm.nix - ./services/x11/window-managers/kwm.nix ./services/x11/window-managers/metacity.nix ./services/x11/window-managers/none.nix ./services/x11/window-managers/twm.nix diff --git a/modules/profiles/all-hardware.nix b/modules/profiles/all-hardware.nix index 2635aa8897d..511c118e2bf 100644 --- a/modules/profiles/all-hardware.nix +++ b/modules/profiles/all-hardware.nix @@ -49,7 +49,7 @@ # Include lots of firmware. hardware.enableAllFirmware = true; - require = + imports = [ ../hardware/network/zydas-zd1211.nix ]; } diff --git a/modules/profiles/clone-config.nix b/modules/profiles/clone-config.nix index 69f8537e133..d7190020e7e 100644 --- a/modules/profiles/clone-config.nix +++ b/modules/profiles/clone-config.nix @@ -47,7 +47,7 @@ let { config, pkgs, ... }: { - require = [ ${toString config.installer.cloneConfigIncludes} ]; + imports = [ ${toString config.installer.cloneConfigIncludes} ]; } ''; diff --git a/modules/profiles/demo.nix b/modules/profiles/demo.nix index e0c6744092b..396dcf6c5d3 100644 --- a/modules/profiles/demo.nix +++ b/modules/profiles/demo.nix @@ -1,7 +1,7 @@ { config, pkgs, ... }: { - require = [ ./graphical.nix ]; + imports = [ ./graphical.nix ]; users.extraUsers.demo = { description = "Demo user account"; diff --git a/modules/programs/bash/bash.nix b/modules/programs/bash/bash.nix index b23d004e532..0d751d1d0d3 100644 --- a/modules/programs/bash/bash.nix +++ b/modules/programs/bash/bash.nix @@ -31,6 +31,9 @@ let mapAttrsFlatten (k: v: "alias ${k}='${v}'") cfg.shellAliases ); +in + +{ options = { environment.promptInit = mkOption { @@ -87,70 +90,65 @@ let }; -in -{ - require = [options]; - - environment.etc = - [ { # Script executed when the shell starts as a login shell. - source = pkgs.substituteAll { - src = ./profile.sh; - wrapperDir = config.security.wrapperDir; - inherit (cfg) shellInit; - }; - target = "profile"; - } - - { # /etc/bashrc: executed every time an interactive bash - # starts. Sources /etc/profile to ensure that the system - # environment is configured properly. - source = pkgs.substituteAll { - src = ./bashrc.sh; - inherit (cfg) interactiveShellInit; - }; - target = "bashrc"; - } - - { # Configuration for readline in bash. - source = ./inputrc; - target = "inputrc"; - } + config = { + + # Script executed when the shell starts as a login shell. + environment.etc."profile".source = + pkgs.substituteAll { + src = ./profile.sh; + wrapperDir = config.security.wrapperDir; + inherit (cfg) shellInit; + }; + + # /etc/bashrc: executed every time an interactive bash + # starts. Sources /etc/profile to ensure that the system + # environment is configured properly. + environment.etc."bashrc".source = + pkgs.substituteAll { + src = ./bashrc.sh; + inherit (cfg) interactiveShellInit; + }; + + # Configuration for readline in bash. + environment.etc."inputrc".source = ./inputrc; + + environment.shellAliases = + { ls = "ls --color=tty"; + ll = "ls -l"; + l = "ls -alh"; + which = "type -P"; + }; + + environment.interactiveShellInit = + '' + # Check the window size after every command. + shopt -s checkwinsize + + ${cfg.promptInit} + ${initBashCompletion} + ${shellAliases} + + # Disable hashing (i.e. caching) of command lookups. + set +h + ''; + + system.build.binsh = pkgs.bashInteractive; + + system.activationScripts.binsh = stringAfter [ "stdio" ] + '' + # Create the required /bin/sh symlink; otherwise lots of things + # (notably the system() function) won't work. + mkdir -m 0755 -p /bin + ln -sfn "${cfg.binsh}" /bin/.sh.tmp + mv /bin/.sh.tmp /bin/sh # atomically replace /bin/sh + ''; + + environment.pathsToLink = optionals cfg.enableBashCompletion [ + "/etc/bash_completion.d" + "/share/bash-completion" ]; - environment.shellAliases = - { ls = "ls --color=tty"; - ll = "ls -l"; - l = "ls -alh"; - which = "type -P"; - }; + }; - environment.interactiveShellInit = - '' - # Check the window size after every command. - shopt -s checkwinsize - - ${cfg.promptInit} - ${initBashCompletion} - ${shellAliases} - - # Disable hashing (i.e. caching) of command lookups. - set +h - ''; - - system.build.binsh = pkgs.bashInteractive; - - system.activationScripts.binsh = stringAfter [ "stdio" ] - '' - # Create the required /bin/sh symlink; otherwise lots of things - # (notably the system() function) won't work. - mkdir -m 0755 -p /bin - ln -sfn "${cfg.binsh}" /bin/.sh.tmp - mv /bin/.sh.tmp /bin/sh # atomically replace /bin/sh - ''; - - environment.pathsToLink = optionals cfg.enableBashCompletion [ - "/etc/bash_completion.d" - "/share/bash-completion" - ]; } diff --git a/modules/programs/ssmtp.nix b/modules/programs/ssmtp.nix index f61d14c2046..904989d57a0 100644 --- a/modules/programs/ssmtp.nix +++ b/modules/programs/ssmtp.nix @@ -3,12 +3,18 @@ # directly to an SMTP server defined in its configuration file, wihout # queueing mail locally. -{config, pkgs, ...}: +{ config, pkgs, ... }: with pkgs.lib; let + cfg = config.networking.defaultMailServer; + +in + +{ + options = { networking.defaultMailServer = { @@ -16,94 +22,90 @@ let directDelivery = mkOption { default = false; example = true; - description = " + description = '' Use the trivial Mail Transfer Agent (MTA) <command>ssmtp</command> package to allow programs to send - e-mail. If you don't want to run a ``real'' MTA like + e-mail. If you don't want to run a “real” MTA like <command>sendmail</command> or <command>postfix</command> on your machine, set this option to <literal>true</literal>, and set the option <option>networking.defaultMailServer.hostName</option> to the host name of your preferred mail server. - "; + ''; }; hostName = mkOption { example = "mail.example.org"; - description = " + description = '' The host name of the default mail server to use to deliver e-mail. - "; + ''; }; domain = mkOption { default = ""; example = "example.org"; - description = " + description = '' The domain from which mail will appear to be sent. - "; + ''; }; useTLS = mkOption { default = false; example = true; - description = " + description = '' Whether TLS should be used to connect to the default mail server. - "; + ''; }; useSTARTTLS = mkOption { default = false; example = true; - description = " + description = '' Whether the STARTTLS should be used to connect to the default mail server. (This is needed for TLS-capable mail servers running on the default SMTP port 25.) - "; + ''; }; authUser = mkOption { default = ""; example = "foo@example.org"; - description = " + description = '' Username used for SMTP auth. Leave blank to disable. - "; + ''; }; authPass = mkOption { default = ""; example = "correctHorseBatteryStaple"; - description = " + description = '' Password used for SMTP auth. (STORED PLAIN TEXT, WORLD-READABLE IN NIX STORE) - "; + ''; }; }; }; - cfg = config.networking.defaultMailServer; -in + config = mkIf cfg.directDelivery { -mkIf cfg.directDelivery { - require = [options]; - - environment.etc = - [ { source = pkgs.writeText "ssmtp.conf" '' - MailHub=${cfg.hostName} - FromLineOverride=YES - ${if cfg.domain != "" then "rewriteDomain=${cfg.domain}" else ""} - UseTLS=${if cfg.useTLS then "YES" else "NO"} - UseSTARTTLS=${if cfg.useSTARTTLS then "YES" else "NO"} - #Debug=YES - ${if cfg.authUser != "" then "AuthUser=${cfg.authUser}" else ""} - ${if cfg.authPass != "" then "AuthPass=${cfg.authPass}" else ""} - ''; - target = "ssmtp/ssmtp.conf"; - } - ]; + environment.etc."ssmtp/ssmtp.conf".text = + '' + MailHub=${cfg.hostName} + FromLineOverride=YES + ${if cfg.domain != "" then "rewriteDomain=${cfg.domain}" else ""} + UseTLS=${if cfg.useTLS then "YES" else "NO"} + UseSTARTTLS=${if cfg.useSTARTTLS then "YES" else "NO"} + #Debug=YES + ${if cfg.authUser != "" then "AuthUser=${cfg.authUser}" else ""} + ${if cfg.authPass != "" then "AuthPass=${cfg.authPass}" else ""} + ''; + + environment.systemPackages = [pkgs.ssmtp]; + + }; - environment.systemPackages = [pkgs.ssmtp]; } diff --git a/modules/services/x11/desktop-managers/gnome.nix b/modules/services/x11/desktop-managers/gnome.nix index 3fa82bae2ba..b0212446ad3 100644 --- a/modules/services/x11/desktop-managers/gnome.nix +++ b/modules/services/x11/desktop-managers/gnome.nix @@ -1,47 +1,42 @@ -{pkgs, config, ...}: +{ config, pkgs, ... }: + +with pkgs.lib; let - inherit (pkgs.lib) mkOption mkIf; + cfg = config.services.xserver.desktopManager.gnome; gnome = pkgs.gnome; - options = { services = { xserver = { desktopManager = { +in - gnome = { - enable = mkOption { - default = false; - example = true; - description = "Enable a gnome terminal as a desktop manager."; - }; - }; +{ - }; }; }; }; -in + options = { -mkIf cfg.enable { - require = options; + services.xserver.desktopManager.gnome.enable = mkOption { + default = false; + example = true; + description = "Enable a gnome terminal as a desktop manager."; + }; + + }; - services = { - xserver = { + config = mkIf cfg.enable { - desktopManager = { - session = [{ - name = "gnome"; - start = '' - ${gnome.gnometerminal}/bin/gnome-terminal -ls & - waitPID=$! - ''; - }]; + services.xserver.desktopManager.session = singleton + { name = "gnome"; + start = '' + ${gnome.gnometerminal}/bin/gnome-terminal -ls & + waitPID=$! + ''; }; - }; - }; + environment.systemPackages = + [ gnome.gnometerminal + gnome.GConf + gnome.gconfeditor + ]; - environment = { - x11Packages = [ - gnome.gnometerminal - gnome.GConf - gnome.gconfeditor - ]; }; + } diff --git a/modules/services/x11/desktop-managers/xterm.nix b/modules/services/x11/desktop-managers/xterm.nix index 7aa70269dc4..edc61c103ea 100644 --- a/modules/services/x11/desktop-managers/xterm.nix +++ b/modules/services/x11/desktop-managers/xterm.nix @@ -1,10 +1,14 @@ -{pkgs, config, ...}: +{ config, pkgs, ... }: + +with pkgs.lib; let - inherit (pkgs.lib) mkOption mkIf; cfg = config.services.xserver.desktopManager.xterm; +in + +{ options = { services.xserver.desktopManager.xterm.enable = mkOption { @@ -15,30 +19,18 @@ let }; -in - -mkIf cfg.enable { - require = options; + config = mkIf cfg.enable { - services = { - xserver = { - - desktopManager = { - session = [{ - name = "xterm"; - start = '' - ${pkgs.xterm}/bin/xterm -ls & - waitPID=$! - ''; - }]; + services.xserver.desktopManager.session = singleton + { name = "xterm"; + start = '' + ${pkgs.xterm}/bin/xterm -ls & + waitPID=$! + ''; }; - }; - }; + environment.systemPackages = [ pkgs.xterm ]; - environment = { - x11Packages = [ - pkgs.xterm - ]; }; + } diff --git a/modules/services/x11/window-managers/default.nix b/modules/services/x11/window-managers/default.nix index 958bf85817e..c201b789ae4 100644 --- a/modules/services/x11/window-managers/default.nix +++ b/modules/services/x11/window-managers/default.nix @@ -1,25 +1,26 @@ -{pkgs, config, ...}: +{ config, pkgs, ... }: + +with pkgs.lib; let - inherit (pkgs.lib) mkOption mergeOneOption any; cfg = config.services.xserver.windowManager; in { - imports = [ - ./compiz.nix - ./openbox.nix - ./kwm.nix - ./metacity.nix - ./none.nix - ./twm.nix - ./wmii.nix - ./xmonad.nix - ./i3.nix - ./xbmc.nix - ]; + imports = + [ ./compiz.nix + ./openbox.nix + ./metacity.nix + ./none.nix + ./twm.nix + ./wmii.nix + ./xmonad.nix + ./i3.nix + ./xbmc.nix + ]; options = { + services.xserver.windowManager = { session = mkOption { @@ -28,11 +29,11 @@ in name = "wmii"; start = "..."; }]; - description = " + description = '' Internal option used to add some common line to window manager scripts before forwarding the value to the <varname>displayManager</varname>. - "; + ''; apply = map (d: d // { manage = "window"; }); @@ -41,9 +42,7 @@ in default = mkOption { default = "none"; example = "wmii"; - description = " - Default window manager loaded if none have been chosen. - "; + description = "Default window manager loaded if none have been chosen."; merge = mergeOneOption; apply = defaultWM: if any (w: w.name == defaultWM) cfg.session then @@ -53,6 +52,7 @@ in }; }; + }; config = { diff --git a/modules/services/x11/window-managers/kwm.nix b/modules/services/x11/window-managers/kwm.nix deleted file mode 100644 index 6488ce3d324..00000000000 --- a/modules/services/x11/window-managers/kwm.nix +++ /dev/null @@ -1,46 +0,0 @@ -{pkgs, config, ...}: - -let - inherit (pkgs.lib) mkOption mkIf; - cfg = config.services.xserver.windowManager.kwm; - - option = { services = { xserver = { windowManager = { - - kwm = { - enable = mkOption { - default = false; - example = true; - description = "Enable the kwm window manager."; - }; - - }; - - }; }; }; }; -in - -mkIf cfg.enable { - require = option; - - services = { - xserver = { - - windowManager = { - session = [{ - name = "kwm"; - start = " - ${pkgs.kde3.kdebase}/bin/kwin & - waitPID=$! - "; - }]; - }; - - }; - }; - - environment = { - x11Packages = [ - pkgs.kde3.kdelibs - pkgs.kde3.kdebase - ]; - }; -} diff --git a/modules/services/x11/window-managers/metacity.nix b/modules/services/x11/window-managers/metacity.nix index ea1dd5a3bde..712e2038594 100644 --- a/modules/services/x11/window-managers/metacity.nix +++ b/modules/services/x11/window-managers/metacity.nix @@ -1,49 +1,42 @@ -{pkgs, config, ...}: +{ config, pkgs, ... }: + +with pkgs.lib; let - inherit (pkgs.lib) mkOption mkIf; + cfg = config.services.xserver.windowManager.metacity; xorg = config.services.xserver.package; gnome = pkgs.gnome; - option = { services = { xserver = { windowManager = { +in - metacity = { - enable = mkOption { - default = false; - example = true; - description = "Enable the metacity window manager."; - }; +{ + options = { + services.xserver.windowManager.metacity.enable = mkOption { + default = false; + example = true; + description = "Enable the metacity window manager."; }; - }; }; }; }; -in + }; -mkIf cfg.enable { - require = option; - - services = { - xserver = { - - windowManager = { - session = [{ - name = "metacity"; - start = '' - env LD_LIBRARY_PATH=${xorg.libX11}/lib:${xorg.libXext}/lib:/usr/lib/ - # !!! Hack: load the schemas for Metacity. - GCONF_CONFIG_SOURCE=xml::~/.gconf ${gnome.GConf}/bin/gconftool-2 \ - --makefile-install-rule ${gnome.metacity}/etc/gconf/schemas/*.schemas # */ - ${gnome.metacity}/bin/metacity & - waitPID=$! - ''; - }]; + config = mkIf cfg.enable { + + services.xserver.windowManager.session = singleton + { name = "metacity"; + start = '' + env LD_LIBRARY_PATH=${xorg.libX11}/lib:${xorg.libXext}/lib:/usr/lib/ + # !!! Hack: load the schemas for Metacity. + GCONF_CONFIG_SOURCE=xml::~/.gconf ${gnome.GConf}/bin/gconftool-2 \ + --makefile-install-rule ${gnome.metacity}/etc/gconf/schemas/*.schemas # */ + ${gnome.metacity}/bin/metacity & + waitPID=$! + ''; }; - }; - }; + environment.systemPackages = [ gnome.metacity ]; - environment = { - x11Packages = [ gnome.metacity ]; }; + } diff --git a/modules/services/x11/window-managers/wmii.nix b/modules/services/x11/window-managers/wmii.nix index d1ff72092f1..b61521274fb 100644 --- a/modules/services/x11/window-managers/wmii.nix +++ b/modules/services/x11/window-managers/wmii.nix @@ -1,27 +1,27 @@ -{pkgs, config, ...}: +{ config, pkgs, ... }: + +with pkgs.lib; let - inherit (pkgs.lib) mkOption mkIf; + cfg = config.services.xserver.windowManager.wmii; - option = { services = { xserver = { windowManager = { +in - wmii = { - enable = mkOption { - default = false; - example = true; - description = "Enable the wmii window manager."; - }; +{ + options = { + + services.xserver.windowManager.wmii.enable = mkOption { + default = false; + example = true; + description = "Enable the wmii window manager."; }; - }; }; }; }; -in + }; -mkIf cfg.enable { - require = option; + config = mkIf cfg.enable { - services = { - xserver = { + services.xserver.windowManager.session = singleton # stop wmii by # $wmiir xwrite /ctl quit # this will cause wmii exiting with exit code 0 @@ -32,23 +32,16 @@ mkIf cfg.enable { # lost and all applications running on X will terminate. # Another use case is kill -9 wmii; after rotating screen. # Note: we don't like kill for that purpose. But it works (-> subject "wmii and xrandr" on mailinglist) - windowManager = { - session = [{ - name = "wmii"; - start = " - while :; do - ${pkgs.wmiiSnap}/bin/wmii && break - done - "; - }]; + { name = "wmii"; + start = '' + while :; do + ${pkgs.wmiiSnap}/bin/wmii && break + done + ''; }; - }; - }; + environment.systemPackages = [ pkgs.wmiiSnap ]; - environment = { - x11Packages = [ - pkgs.wmiiSnap - ]; }; + } diff --git a/modules/system/activation/top-level.nix b/modules/system/activation/top-level.nix index 9f6a8f8583a..32157e41985 100644 --- a/modules/system/activation/top-level.nix +++ b/modules/system/activation/top-level.nix @@ -4,66 +4,6 @@ with pkgs.lib; let - options = { - - system.build = mkOption { - default = {}; - description = '' - Attribute set of derivations used to setup the system. - ''; - }; - - nesting.children = mkOption { - default = []; - description = '' - Additional configurations to build. - ''; - }; - - nesting.clone = mkOption { - default = []; - description = '' - Additional configurations to build based on the current - configuration which is has a lower priority. - ''; - }; - - system.boot.loader.id = mkOption { - default = ""; - description = '' - Id string of the used bootloader. - ''; - }; - - system.boot.loader.kernelFile = mkOption { - default = pkgs.stdenv.platform.kernelTarget; - type = types.uniq types.string; - description = '' - Name of the kernel file to be passed to the bootloader. - ''; - }; - - system.copySystemConfiguration = mkOption { - default = false; - description = '' - If enabled, copies the NixOS configuration file - <literal>$NIXOS_CONFIG</literal> (usually - <filename>/etc/nixos/configuration.nix</filename>) - to the system store path. - ''; - }; - - system.extraSystemBuilderCmds = mkOption { - default = ""; - internal = true; - merge = concatStringsSep "\n"; - description = '' - This code will be added to the builder creating the system store path. - ''; - }; - - }; - # This attribute is responsible for creating boot entries for # child configuration. They are only (directly) accessible @@ -176,13 +116,79 @@ let }; -in { - require = [options]; +in - system.extraSystemBuilderCmds = - optionalString - config.system.copySystemConfiguration - "cp ${maybeEnv "NIXOS_CONFIG" "/etc/nixos/configuration.nix"} $out"; +{ + options = { + + system.build = mkOption { + default = {}; + description = '' + Attribute set of derivations used to setup the system. + ''; + }; + + nesting.children = mkOption { + default = []; + description = '' + Additional configurations to build. + ''; + }; + + nesting.clone = mkOption { + default = []; + description = '' + Additional configurations to build based on the current + configuration which is has a lower priority. + ''; + }; + + system.boot.loader.id = mkOption { + default = ""; + description = '' + Id string of the used bootloader. + ''; + }; + + system.boot.loader.kernelFile = mkOption { + default = pkgs.stdenv.platform.kernelTarget; + type = types.uniq types.string; + description = '' + Name of the kernel file to be passed to the bootloader. + ''; + }; + + system.copySystemConfiguration = mkOption { + default = false; + description = '' + If enabled, copies the NixOS configuration file + <literal>$NIXOS_CONFIG</literal> (usually + <filename>/etc/nixos/configuration.nix</filename>) + to the system store path. + ''; + }; + + system.extraSystemBuilderCmds = mkOption { + default = ""; + internal = true; + merge = concatStringsSep "\n"; + description = '' + This code will be added to the builder creating the system store path. + ''; + }; + + }; + + + config = { + + system.extraSystemBuilderCmds = + optionalString + config.system.copySystemConfiguration + "cp ${maybeEnv "NIXOS_CONFIG" "/etc/nixos/configuration.nix"} $out"; + + system.build.toplevel = system; + + }; - system.build.toplevel = system; } diff --git a/modules/system/boot/loader/generations-dir/generations-dir.nix b/modules/system/boot/loader/generations-dir/generations-dir.nix index b14f81552ee..9855c8c19dd 100644 --- a/modules/system/boot/loader/generations-dir/generations-dir.nix +++ b/modules/system/boot/loader/generations-dir/generations-dir.nix @@ -1,48 +1,9 @@ -{pkgs, config, ...}: +{ config, pkgs, ... }: -###### interface -let - inherit (pkgs.lib) mkOption mkIf; - - options = { - boot = { - loader = { - generationsDir = { - - enable = mkOption { - default = false; - description = '' - Whether to create symlinks to the system generations under - <literal>/boot</literal>. When enabled, - <literal>/boot/default/kernel</literal>, - <literal>/boot/default/initrd</literal>, etc., are updated to - point to the current generation's kernel image, initial RAM - disk, and other bootstrap files. - - This optional is not necessary with boot loaders such as GNU GRUB - for which the menu is updated to point to the latest bootstrap - files. However, it is needed for U-Boot on platforms where the - boot command line is stored in flash memory rather than in a - menu file. - ''; - }; - - copyKernels = mkOption { - default = false; - description = " - Whether copy the necessary boot files into /boot, so - /nix/store is not needed by the boot loader. - "; - }; - }; - }; - }; - }; +with pkgs.lib; -in - -###### implementation let + generationsDirBuilder = pkgs.substituteAll { src = ./generations-dir-builder.sh; isExecutable = true; @@ -53,18 +14,50 @@ let # Temporary check, for nixos to cope both with nixpkgs stdenv-updates and trunk platform = pkgs.stdenv.platform; + in + { - require = [ - options + options = { + + boot.loader.generationsDir = { + + enable = mkOption { + default = false; + description = '' + Whether to create symlinks to the system generations under + <literal>/boot</literal>. When enabled, + <literal>/boot/default/kernel</literal>, + <literal>/boot/default/initrd</literal>, etc., are updated to + point to the current generation's kernel image, initial RAM + disk, and other bootstrap files. + + This optional is not necessary with boot loaders such as GNU GRUB + for which the menu is updated to point to the latest bootstrap + files. However, it is needed for U-Boot on platforms where the + boot command line is stored in flash memory rather than in a + menu file. + ''; + }; + + copyKernels = mkOption { + default = false; + description = " + Whether copy the necessary boot files into /boot, so + /nix/store is not needed by the boot loader. + "; + }; + + }; + + }; + + + config = mkIf config.boot.loader.generationsDir.enable { - # config.system.build - # ../system/system-options.nix - ]; + system.build.installBootLoader = generationsDirBuilder; + system.boot.loader.id = "generationsDir"; + system.boot.loader.kernelFile = platform.kernelTarget; - system = mkIf config.boot.loader.generationsDir.enable { - build.installBootLoader = generationsDirBuilder; - boot.loader.id = "generationsDir"; - boot.loader.kernelFile = platform.kernelTarget; }; } diff --git a/modules/system/boot/loader/raspberrypi/raspberrypi.nix b/modules/system/boot/loader/raspberrypi/raspberrypi.nix index f083a002b42..5bc856c3df0 100644 --- a/modules/system/boot/loader/raspberrypi/raspberrypi.nix +++ b/modules/system/boot/loader/raspberrypi/raspberrypi.nix @@ -1,30 +1,9 @@ -{pkgs, config, ...}: +{ config, pkgs, ... }: -###### interface -let - inherit (pkgs.lib) mkOption mkIf; - - options = { - boot = { - loader = { - raspberryPi = { - enable = mkOption { - default = false; - description = '' - Whether to create files with the system generations in - <literal>/boot</literal>. - <literal>/boot/old</literal> will hold files from old generations. - ''; - }; - }; - }; - }; - }; - -in +with pkgs.lib; -###### implementation let + builder = pkgs.substituteAll { src = ./builder.sh; isExecutable = true; @@ -34,18 +13,26 @@ let }; platform = pkgs.stdenv.platform; + in + { - require = [ - options + options = { - # config.system.build - # ../system/system-options.nix - ]; + boot.loader.raspberryPi.enable = mkOption { + default = false; + description = '' + Whether to create files with the system generations in + <literal>/boot</literal>. + <literal>/boot/old</literal> will hold files from old generations. + ''; + }; + + }; - system = mkIf config.boot.loader.raspberryPi.enable { - build.installBootLoader = builder; - boot.loader.id = "raspberrypi"; - boot.loader.kernelFile = platform.kernelTarget; + config = mkIf config.boot.loader.raspberryPi.enable { + system.build.installBootLoader = builder; + system.boot.loader.id = "raspberrypi"; + system.boot.loader.kernelFile = platform.kernelTarget; }; } diff --git a/modules/system/boot/stage-1.nix b/modules/system/boot/stage-1.nix index 9efae22fbdf..ed06e6a38d0 100644 --- a/modules/system/boot/stage-1.nix +++ b/modules/system/boot/stage-1.nix @@ -11,116 +11,6 @@ let udev = config.systemd.package; - options = { - - boot.resumeDevice = mkOption { - default = ""; - example = "0:0"; - description = " - Device for manual resume attempt during boot. Looks like - major:minor. ls -l /dev/SWAP_PARTION shows them. - "; - }; - - boot.initrd.enableSplashScreen = mkOption { - default = true; - description = " - Whether to show a nice splash screen while booting. - "; - }; - - boot.initrd.checkJournalingFS = mkOption { - default = true; - type = types.bool; - description = '' - Whether to run fsck on journaling filesystems such as ext3. - ''; - }; - - boot.initrd.mdadmConf = mkOption { - default = ""; - type = with types; string; - description = '' - Contents of /etc/mdadm.conf at initrd. - ''; - }; - - boot.initrd.preLVMCommands = mkOption { - default = ""; - type = with types; string; - description = '' - Shell commands to be executed immediately before lvm discovery. - ''; - }; - - boot.initrd.postDeviceCommands = mkOption { - default = ""; - type = with types; string; - description = '' - Shell commands to be executed immediately after stage 1 of the - boot has loaded kernel modules and created device nodes in - /dev. - ''; - }; - - boot.initrd.postMountCommands = mkOption { - default = ""; - type = with types; string; - description = '' - Shell commands to be executed immediately after the stage 1 - filesystems have been mounted. - ''; - }; - - boot.initrd.extraUtilsCommands = mkOption { - internal = true; - default = ""; - type = with types; string; - description = '' - Shell commands to be executed in the builder of the - extra-utils derivation. This can be used to provide - additional utilities in the initial ramdisk. - ''; - }; - - boot.initrd.extraUtilsCommandsTest = mkOption { - internal = true; - default = ""; - type = with types; string; - description = '' - Shell commands to be executed in the builder of the - extra-utils derivation after patchelf has done its - job. This can be used to test additional utilities - copied in extraUtilsCommands. - ''; - }; - - boot.initrd.compressor = mkOption { - default = "gzip -9"; - - type = types.string; - - description = "The compressor to use on the initrd"; - - example = "xz"; - }; - - fileSystems = mkOption { - options.neededForBoot = mkOption { - default = false; - type = types.bool; - description = '' - If set, this file system will be mounted in the initial - ramdisk. By default, this applies to the root file system - and to the file system containing - <filename>/nix/store</filename>. - ''; - }; - }; - - }; - - kernelPackages = config.boot.kernelPackages; modulesTree = config.system.modulesTree; @@ -141,14 +31,15 @@ let && kernelPackages.kernel.features.needsCifsUtils && any (fs: fs.fsType == "cifs") fileSystems; - busybox = if needsCifsUtils - then pkgs.busybox.override { - extraConfig = '' - CONFIG_FEATURE_MOUNT_CIFS n - CONFIG_FEATURE_MOUNT_HELPERS y - ''; - } - else pkgs.busybox; + busybox = + if needsCifsUtils + then pkgs.busybox.override { + extraConfig = '' + CONFIG_FEATURE_MOUNT_CIFS n + CONFIG_FEATURE_MOUNT_HELPERS y + ''; + } + else pkgs.busybox; # Some additional utilities needed in stage 1, like mount, lvm, fsck @@ -351,16 +242,128 @@ let ]; }; -in { +in - require = [options]; +{ + options = { - system.build.bootStage1 = bootStage1; - system.build.initialRamdisk = initialRamdisk; - system.build.extraUtils = extraUtils; + boot.resumeDevice = mkOption { + default = ""; + example = "0:0"; + description = " + Device for manual resume attempt during boot. Looks like + major:minor. ls -l /dev/SWAP_PARTION shows them. + "; + }; + + boot.initrd.enableSplashScreen = mkOption { + default = true; + description = " + Whether to show a nice splash screen while booting. + "; + }; + + boot.initrd.checkJournalingFS = mkOption { + default = true; + type = types.bool; + description = '' + Whether to run fsck on journaling filesystems such as ext3. + ''; + }; + + boot.initrd.mdadmConf = mkOption { + default = ""; + type = with types; string; + description = '' + Contents of /etc/mdadm.conf at initrd. + ''; + }; + + boot.initrd.preLVMCommands = mkOption { + default = ""; + type = with types; string; + description = '' + Shell commands to be executed immediately before lvm discovery. + ''; + }; + + boot.initrd.postDeviceCommands = mkOption { + default = ""; + type = with types; string; + description = '' + Shell commands to be executed immediately after stage 1 of the + boot has loaded kernel modules and created device nodes in + /dev. + ''; + }; + + boot.initrd.postMountCommands = mkOption { + default = ""; + type = with types; string; + description = '' + Shell commands to be executed immediately after the stage 1 + filesystems have been mounted. + ''; + }; + + boot.initrd.extraUtilsCommands = mkOption { + internal = true; + default = ""; + type = with types; string; + description = '' + Shell commands to be executed in the builder of the + extra-utils derivation. This can be used to provide + additional utilities in the initial ramdisk. + ''; + }; - system.requiredKernelConfig = with config.lib.kernelConfig; [ - (isYes "TMPFS") - (isYes "BLK_DEV_INITRD") - ]; + boot.initrd.extraUtilsCommandsTest = mkOption { + internal = true; + default = ""; + type = with types; string; + description = '' + Shell commands to be executed in the builder of the + extra-utils derivation after patchelf has done its + job. This can be used to test additional utilities + copied in extraUtilsCommands. + ''; + }; + + boot.initrd.compressor = mkOption { + default = "gzip -9"; + + type = types.string; + + description = "The compressor to use on the initrd"; + + example = "xz"; + }; + + fileSystems = mkOption { + options.neededForBoot = mkOption { + default = false; + type = types.bool; + description = '' + If set, this file system will be mounted in the initial + ramdisk. By default, this applies to the root file system + and to the file system containing + <filename>/nix/store</filename>. + ''; + }; + }; + + }; + + config = { + + system.build.bootStage1 = bootStage1; + system.build.initialRamdisk = initialRamdisk; + system.build.extraUtils = extraUtils; + + system.requiredKernelConfig = with config.lib.kernelConfig; [ + (isYes "TMPFS") + (isYes "BLK_DEV_INITRD") + ]; + + }; } diff --git a/modules/system/boot/stage-2.nix b/modules/system/boot/stage-2.nix index efffb89d732..ff17535e418 100644 --- a/modules/system/boot/stage-2.nix +++ b/modules/system/boot/stage-2.nix @@ -4,6 +4,38 @@ with pkgs.lib; let + kernel = config.boot.kernelPackages.kernel; + activateConfiguration = config.system.activationScripts.script; + + readonlyMountpoint = pkgs.runCommand "readonly-mountpoint" {} '' + mkdir -p $out/bin + cc -O3 ${./readonly-mountpoint.c} -o $out/bin/readonly-mountpoint + strip -s $out/bin/readonly-mountpoint + ''; + + bootStage2 = pkgs.substituteAll { + src = ./stage-2-init.sh; + shellDebug = "${pkgs.bashInteractive}/bin/bash"; + isExecutable = true; + inherit (config.boot) devShmSize runSize cleanTmpDir; + inherit (config.nix) readOnlyStore; + ttyGid = config.ids.gids.tty; + path = + [ pkgs.coreutils + pkgs.utillinux + pkgs.sysvtools + ] ++ (optional config.boot.cleanTmpDir pkgs.findutils) + ++ optional config.nix.readOnlyStore readonlyMountpoint; + postBootCommands = pkgs.writeText "local-cmds" + '' + ${config.boot.postBootCommands} + ${config.powerManagement.powerUpCommands} + ''; + }; + +in + +{ options = { boot = { @@ -59,39 +91,10 @@ let }; - kernel = config.boot.kernelPackages.kernel; - activateConfiguration = config.system.activationScripts.script; - readonlyMountpoint = pkgs.runCommand "readonly-mountpoint" {} '' - mkdir -p $out/bin - cc -O3 ${./readonly-mountpoint.c} -o $out/bin/readonly-mountpoint - strip -s $out/bin/readonly-mountpoint - ''; + config = { - bootStage2 = pkgs.substituteAll { - src = ./stage-2-init.sh; - shellDebug = "${pkgs.bashInteractive}/bin/bash"; - isExecutable = true; - inherit (config.boot) devShmSize runSize cleanTmpDir; - inherit (config.nix) readOnlyStore; - ttyGid = config.ids.gids.tty; - path = - [ pkgs.coreutils - pkgs.utillinux - pkgs.sysvtools - ] ++ (optional config.boot.cleanTmpDir pkgs.findutils) - ++ optional config.nix.readOnlyStore readonlyMountpoint; - postBootCommands = pkgs.writeText "local-cmds" - '' - ${config.boot.postBootCommands} - ${config.powerManagement.powerUpCommands} - ''; - }; - -in + system.build.bootStage2 = bootStage2; -{ - require = [options]; - - system.build.bootStage2 = bootStage2; + }; } diff --git a/modules/virtualisation/amazon-config.nix b/modules/virtualisation/amazon-config.nix index 836c46caae8..e816ed2d183 100644 --- a/modules/virtualisation/amazon-config.nix +++ b/modules/virtualisation/amazon-config.nix @@ -1,5 +1,5 @@ { config, pkgs, modulesPath, ... }: { - require = [ "${modulesPath}/virtualisation/amazon-image.nix" ]; + imports = [ "${modulesPath}/virtualisation/amazon-image.nix" ]; } diff --git a/modules/virtualisation/amazon-image.nix b/modules/virtualisation/amazon-image.nix index 30b06b9ef24..11939c9ba96 100644 --- a/modules/virtualisation/amazon-image.nix +++ b/modules/virtualisation/amazon-image.nix @@ -3,7 +3,7 @@ with pkgs.lib; { - require = [ ../profiles/headless.nix ./ec2-data.nix ]; + imports = [ ../profiles/headless.nix ./ec2-data.nix ]; system.build.amazonImage = pkgs.vmTools.runInLinuxVM ( @@ -83,7 +83,7 @@ with pkgs.lib; udevadm control --exit || true kill -9 -1 ''; - + # Mount all formatted ephemeral disks and activate all swap devices. # We cannot do this with the ‘fileSystems’ and ‘swapDevices’ options # because the set of devices is dependent on the instance type diff --git a/modules/virtualisation/ec2-data.nix b/modules/virtualisation/ec2-data.nix index 42c50d857e4..fccf45e0e19 100644 --- a/modules/virtualisation/ec2-data.nix +++ b/modules/virtualisation/ec2-data.nix @@ -5,7 +5,8 @@ { config, pkgs, ... }: with pkgs.lib; -let + +{ options = { ec2.metadata = mkOption { type = types.bool; @@ -15,84 +16,84 @@ let ''; }; }; -in -{ - require = [options]; - - systemd.services."fetch-ec2-data" = - { description = "Fetch EC2 Data"; - - wantedBy = [ "multi-user.target" ]; - before = [ "sshd.service" ]; - after = [ "network.target" ]; - - path = [ pkgs.curl pkgs.iproute ]; - - script = - '' - ip route del blackhole 169.254.169.254/32 || true - - curl="curl --retry 3 --retry-delay 0 --fail" - - echo "setting host name..." - ${optionalString (config.networking.hostName == "") '' - ${pkgs.nettools}/bin/hostname $($curl http://169.254.169.254/1.0/meta-data/hostname) - ''} - - # Don't download the SSH key if it has already been injected - # into the image (a Nova feature). - if ! [ -e /root/.ssh/authorized_keys ]; then - echo "obtaining SSH key..." - mkdir -p /root/.ssh - $curl -o /root/key.pub http://169.254.169.254/1.0/meta-data/public-keys/0/openssh-key - if [ $? -eq 0 -a -e /root/key.pub ]; then - if ! grep -q -f /root/key.pub /root/.ssh/authorized_keys; then - cat /root/key.pub >> /root/.ssh/authorized_keys - echo "new key added to authorized_keys" - fi - chmod 600 /root/.ssh/authorized_keys - rm -f /root/key.pub - fi - fi - - # Extract the intended SSH host key for this machine from - # the supplied user data, if available. Otherwise sshd will - # generate one normally. - $curl http://169.254.169.254/2011-01-01/user-data > /root/user-data || true - key="$(sed 's/|/\n/g; s/SSH_HOST_DSA_KEY://; t; d' /root/user-data)" - key_pub="$(sed 's/SSH_HOST_DSA_KEY_PUB://; t; d' /root/user-data)" - if [ -n "$key" -a -n "$key_pub" -a ! -e /etc/ssh/ssh_host_dsa_key ]; then - mkdir -m 0755 -p /etc/ssh - (umask 077; echo "$key" > /etc/ssh/ssh_host_dsa_key) - echo "$key_pub" > /etc/ssh/ssh_host_dsa_key.pub - fi - - ${optionalString (! config.ec2.metadata) '' - # Since the user data is sensitive, prevent it from being - # accessed from now on. - ip route add blackhole 169.254.169.254/32 - ''} - ''; - - serviceConfig.Type = "oneshot"; - serviceConfig.RemainAfterExit = true; - }; - systemd.services."print-host-key" = - { description = "Print SSH Host Key"; - wantedBy = [ "multi-user.target" ]; - after = [ "sshd.service" ]; - script = - '' - # Print the host public key on the console so that the user - # can obtain it securely by parsing the output of - # ec2-get-console-output. - echo "-----BEGIN SSH HOST KEY FINGERPRINTS-----" > /dev/console - ${pkgs.openssh}/bin/ssh-keygen -l -f /etc/ssh/ssh_host_dsa_key.pub > /dev/console - echo "-----END SSH HOST KEY FINGERPRINTS-----" > /dev/console - ''; - serviceConfig.Type = "oneshot"; - serviceConfig.RemainAfterExit = true; - }; + config = { + + systemd.services."fetch-ec2-data" = + { description = "Fetch EC2 Data"; + + wantedBy = [ "multi-user.target" ]; + before = [ "sshd.service" ]; + after = [ "network.target" ]; + + path = [ pkgs.curl pkgs.iproute ]; + + script = + '' + ip route del blackhole 169.254.169.254/32 || true + curl="curl --retry 3 --retry-delay 0 --fail" + + echo "setting host name..." + ${optionalString (config.networking.hostName == "") '' + ${pkgs.nettools}/bin/hostname $($curl http://169.254.169.254/1.0/meta-data/hostname) + ''} + + # Don't download the SSH key if it has already been injected + # into the image (a Nova feature). + if ! [ -e /root/.ssh/authorized_keys ]; then + echo "obtaining SSH key..." + mkdir -p /root/.ssh + $curl -o /root/key.pub http://169.254.169.254/1.0/meta-data/public-keys/0/openssh-key + if [ $? -eq 0 -a -e /root/key.pub ]; then + if ! grep -q -f /root/key.pub /root/.ssh/authorized_keys; then + cat /root/key.pub >> /root/.ssh/authorized_keys + echo "new key added to authorized_keys" + fi + chmod 600 /root/.ssh/authorized_keys + rm -f /root/key.pub + fi + fi + + # Extract the intended SSH host key for this machine from + # the supplied user data, if available. Otherwise sshd will + # generate one normally. + $curl http://169.254.169.254/2011-01-01/user-data > /root/user-data || true + key="$(sed 's/|/\n/g; s/SSH_HOST_DSA_KEY://; t; d' /root/user-data)" + key_pub="$(sed 's/SSH_HOST_DSA_KEY_PUB://; t; d' /root/user-data)" + if [ -n "$key" -a -n "$key_pub" -a ! -e /etc/ssh/ssh_host_dsa_key ]; then + mkdir -m 0755 -p /etc/ssh + (umask 077; echo "$key" > /etc/ssh/ssh_host_dsa_key) + echo "$key_pub" > /etc/ssh/ssh_host_dsa_key.pub + fi + + ${optionalString (! config.ec2.metadata) '' + # Since the user data is sensitive, prevent it from being + # accessed from now on. + ip route add blackhole 169.254.169.254/32 + ''} + ''; + + serviceConfig.Type = "oneshot"; + serviceConfig.RemainAfterExit = true; + }; + + systemd.services."print-host-key" = + { description = "Print SSH Host Key"; + wantedBy = [ "multi-user.target" ]; + after = [ "sshd.service" ]; + script = + '' + # Print the host public key on the console so that the user + # can obtain it securely by parsing the output of + # ec2-get-console-output. + echo "-----BEGIN SSH HOST KEY FINGERPRINTS-----" > /dev/console + ${pkgs.openssh}/bin/ssh-keygen -l -f /etc/ssh/ssh_host_dsa_key.pub > /dev/console + echo "-----END SSH HOST KEY FINGERPRINTS-----" > /dev/console + ''; + serviceConfig.Type = "oneshot"; + serviceConfig.RemainAfterExit = true; + }; + + }; } diff --git a/modules/virtualisation/nova-config.nix b/modules/virtualisation/nova-config.nix index df41f8f88af..f8239cdec51 100644 --- a/modules/virtualisation/nova-config.nix +++ b/modules/virtualisation/nova-config.nix @@ -1,5 +1,5 @@ { config, pkgs, modulesPath, ... }: { - require = [ "${modulesPath}/virtualisation/nova-image.nix" ]; + imports = [ "${modulesPath}/virtualisation/nova-image.nix" ]; } diff --git a/modules/virtualisation/nova-image.nix b/modules/virtualisation/nova-image.nix index 59b88a54367..ab625dba11d 100644 --- a/modules/virtualisation/nova-image.nix +++ b/modules/virtualisation/nova-image.nix @@ -3,7 +3,7 @@ with pkgs.lib; { - require = [ ../profiles/qemu-guest.nix ../profiles/headless.nix ./ec2-data.nix ]; + imports = [ ../profiles/qemu-guest.nix ../profiles/headless.nix ./ec2-data.nix ]; system.build.novaImage = pkgs.vmTools.runInLinuxVM ( diff --git a/modules/virtualisation/qemu-vm.nix b/modules/virtualisation/qemu-vm.nix index 61d5d20f3be..9476db8076c 100644 --- a/modules/virtualisation/qemu-vm.nix +++ b/modules/virtualisation/qemu-vm.nix @@ -18,6 +18,123 @@ let then "noname" else config.networking.hostName; + cfg = config.virtualisation; + + qemuGraphics = if cfg.graphics then "" else "-nographic"; + kernelConsole = if cfg.graphics then "" else "console=ttyS0"; + ttys = [ "tty1" "tty2" "tty3" "tty4" "tty5" "tty6" ]; + + # Shell script to start the VM. + startVM = + '' + #! ${pkgs.stdenv.shell} + + NIX_DISK_IMAGE=$(readlink -f ''${NIX_DISK_IMAGE:-${config.virtualisation.diskImage}}) + + if ! test -e "$NIX_DISK_IMAGE"; then + ${pkgs.qemu_kvm}/bin/qemu-img create -f qcow2 "$NIX_DISK_IMAGE" \ + ${toString config.virtualisation.diskSize}M || exit 1 + fi + + # Create a directory for exchanging data with the VM. + if [ -z "$TMPDIR" -o -z "$USE_TMPDIR" ]; then + TMPDIR=$(mktemp -d nix-vm.XXXXXXXXXX --tmpdir) + fi + cd $TMPDIR + mkdir -p $TMPDIR/xchg + + idx=2 + extraDisks="" + ${flip concatMapStrings cfg.emptyDiskImages (size: '' + ${pkgs.qemu_kvm}/bin/qemu-img create -f raw "empty$idx" "${toString size}M" + extraDisks="$extraDisks -drive index=$idx,file=$(pwd)/empty$idx,if=virtio,werror=report" + idx=$((idx + 1)) + '')} + + # Start QEMU. + # "-boot menu=on" is there, because I don't know how to make qemu boot from 2nd hd. + exec ${pkgs.qemu_kvm}/bin/qemu-kvm \ + -name ${vmName} \ + -m ${toString config.virtualisation.memorySize} \ + ${optionalString (pkgs.stdenv.system == "x86_64-linux") "-cpu kvm64"} \ + -net nic,vlan=0,model=virtio \ + -net user,vlan=0''${QEMU_NET_OPTS:+,$QEMU_NET_OPTS} \ + -virtfs local,path=/nix/store,security_model=none,mount_tag=store \ + -virtfs local,path=$TMPDIR/xchg,security_model=none,mount_tag=xchg \ + -virtfs local,path=''${SHARED_DIR:-$TMPDIR/xchg},security_model=none,mount_tag=shared \ + ${if cfg.useBootLoader then '' + -drive index=0,id=drive1,file=$NIX_DISK_IMAGE,if=virtio,cache=writeback,werror=report \ + -drive index=1,id=drive2,file=${bootDisk}/disk.img,if=virtio,readonly \ + -boot menu=on + '' else '' + -drive file=$NIX_DISK_IMAGE,if=virtio,cache=writeback,werror=report \ + -kernel ${config.system.build.toplevel}/kernel \ + -initrd ${config.system.build.toplevel}/initrd \ + -append "$(cat ${config.system.build.toplevel}/kernel-params) init=${config.system.build.toplevel}/init regInfo=${regInfo} ${kernelConsole} $QEMU_KERNEL_PARAMS" \ + ''} \ + $extraDisks \ + ${qemuGraphics} \ + ${toString config.virtualisation.qemu.options} \ + $QEMU_OPTS + ''; + + + regInfo = pkgs.runCommand "reginfo" + { exportReferencesGraph = + map (x: [("closure-" + baseNameOf x) x]) config.virtualisation.pathsInNixDB; + buildInputs = [ pkgs.perl ]; + preferLocalBuild = true; + } + '' + printRegistration=1 perl ${pkgs.pathsFromGraph} closure-* > $out + ''; + + + # Generate a hard disk image containing a /boot partition and GRUB + # in the MBR. Used when the `useBootLoader' option is set. + bootDisk = + pkgs.vmTools.runInLinuxVM ( + pkgs.runCommand "nixos-boot-disk" + { preVM = + '' + mkdir $out + diskImage=$out/disk.img + ${pkgs.qemu_kvm}/bin/qemu-img create -f qcow2 $diskImage "32M" + ''; + buildInputs = [ pkgs.utillinux ]; + } + '' + # Create a single /boot partition. + ${pkgs.parted}/sbin/parted /dev/vda mklabel msdos + ${pkgs.parted}/sbin/parted /dev/vda -- mkpart primary ext2 1M -1s + . /sys/class/block/vda1/uevent + mknod /dev/vda1 b $MAJOR $MINOR + . /sys/class/block/vda/uevent + ${pkgs.e2fsprogs}/sbin/mkfs.ext4 -L boot /dev/vda1 + ${pkgs.e2fsprogs}/sbin/tune2fs -c 0 -i 0 /dev/vda1 + + # Mount /boot. + mkdir /boot + mount /dev/vda1 /boot + + # This is needed for GRUB 0.97, which doesn't know about virtio devices. + mkdir /boot/grub + echo '(hd0) /dev/vda' > /boot/grub/device.map + + # Install GRUB and generate the GRUB boot menu. + touch /etc/NIXOS + mkdir -p /nix/var/nix/profiles + ${config.system.build.toplevel}/bin/switch-to-configuration boot + + umount /boot + '' + ); + +in + +{ + imports = [ ../profiles/qemu-guest.nix ]; + options = { virtualisation.memorySize = @@ -154,264 +271,151 @@ let }; - cfg = config.virtualisation; - - qemuGraphics = if cfg.graphics then "" else "-nographic"; - kernelConsole = if cfg.graphics then "" else "console=ttyS0"; - ttys = [ "tty1" "tty2" "tty3" "tty4" "tty5" "tty6" ]; - - # Shell script to start the VM. - startVM = - '' - #! ${pkgs.stdenv.shell} - - NIX_DISK_IMAGE=$(readlink -f ''${NIX_DISK_IMAGE:-${config.virtualisation.diskImage}}) - - if ! test -e "$NIX_DISK_IMAGE"; then - ${pkgs.qemu_kvm}/bin/qemu-img create -f qcow2 "$NIX_DISK_IMAGE" \ - ${toString config.virtualisation.diskSize}M || exit 1 - fi - - # Create a directory for exchanging data with the VM. - if [ -z "$TMPDIR" -o -z "$USE_TMPDIR" ]; then - TMPDIR=$(mktemp -d nix-vm.XXXXXXXXXX --tmpdir) - fi - cd $TMPDIR - mkdir -p $TMPDIR/xchg - - idx=2 - extraDisks="" - ${flip concatMapStrings cfg.emptyDiskImages (size: '' - ${pkgs.qemu_kvm}/bin/qemu-img create -f raw "empty$idx" "${toString size}M" - extraDisks="$extraDisks -drive index=$idx,file=$(pwd)/empty$idx,if=virtio,werror=report" - idx=$((idx + 1)) - '')} - - # Start QEMU. - # "-boot menu=on" is there, because I don't know how to make qemu boot from 2nd hd. - exec ${pkgs.qemu_kvm}/bin/qemu-kvm \ - -name ${vmName} \ - -m ${toString config.virtualisation.memorySize} \ - ${optionalString (pkgs.stdenv.system == "x86_64-linux") "-cpu kvm64"} \ - -net nic,vlan=0,model=virtio \ - -net user,vlan=0''${QEMU_NET_OPTS:+,$QEMU_NET_OPTS} \ - -virtfs local,path=/nix/store,security_model=none,mount_tag=store \ - -virtfs local,path=$TMPDIR/xchg,security_model=none,mount_tag=xchg \ - -virtfs local,path=''${SHARED_DIR:-$TMPDIR/xchg},security_model=none,mount_tag=shared \ - ${if cfg.useBootLoader then '' - -drive index=0,id=drive1,file=$NIX_DISK_IMAGE,if=virtio,cache=writeback,werror=report \ - -drive index=1,id=drive2,file=${bootDisk}/disk.img,if=virtio,readonly \ - -boot menu=on + config = { + + boot.loader.grub.device = mkOverride 50 "/dev/vda"; + + boot.initrd.supportedFilesystems = optional cfg.writableStore "unionfs-fuse"; + + boot.initrd.extraUtilsCommands = + '' + # We need mke2fs in the initrd. + cp ${pkgs.e2fsprogs}/sbin/mke2fs $out/bin + ''; + + boot.initrd.postDeviceCommands = + '' + # If the disk image appears to be empty, run mke2fs to + # initialise. + FSTYPE=$(blkid -o value -s TYPE /dev/vda || true) + if test -z "$FSTYPE"; then + mke2fs -t ext4 /dev/vda + fi + ''; + + boot.initrd.postMountCommands = + '' + # Mark this as a NixOS machinex. + mkdir -p $targetRoot/etc + echo -n > $targetRoot/etc/NIXOS + + # Fix the permissions on /tmp. + chmod 1777 $targetRoot/tmp + + mkdir -p $targetRoot/boot + mount -o remount,ro $targetRoot/nix/store + ${optionalString cfg.writableStore '' + mkdir -p /unionfs-chroot/ro-store + mount --rbind $targetRoot/nix/store /unionfs-chroot/ro-store + + mkdir /unionfs-chroot/rw-store + ${if cfg.writableStoreUseTmpfs then '' + mount -t tmpfs -o "mode=755" none /unionfs-chroot/rw-store '' else '' - -drive file=$NIX_DISK_IMAGE,if=virtio,cache=writeback,werror=report \ - -kernel ${config.system.build.toplevel}/kernel \ - -initrd ${config.system.build.toplevel}/initrd \ - -append "$(cat ${config.system.build.toplevel}/kernel-params) init=${config.system.build.toplevel}/init regInfo=${regInfo} ${kernelConsole} $QEMU_KERNEL_PARAMS" \ - ''} \ - $extraDisks \ - ${qemuGraphics} \ - ${toString config.virtualisation.qemu.options} \ - $QEMU_OPTS - ''; - - - regInfo = pkgs.runCommand "reginfo" - { exportReferencesGraph = - map (x: [("closure-" + baseNameOf x) x]) config.virtualisation.pathsInNixDB; - buildInputs = [ pkgs.perl ]; - preferLocalBuild = true; - } - '' - printRegistration=1 perl ${pkgs.pathsFromGraph} closure-* > $out - ''; - - - # Generate a hard disk image containing a /boot partition and GRUB - # in the MBR. Used when the `useBootLoader' option is set. - bootDisk = - pkgs.vmTools.runInLinuxVM ( - pkgs.runCommand "nixos-boot-disk" - { preVM = - '' - mkdir $out - diskImage=$out/disk.img - ${pkgs.qemu_kvm}/bin/qemu-img create -f qcow2 $diskImage "32M" - ''; - buildInputs = [ pkgs.utillinux ]; - } - '' - # Create a single /boot partition. - ${pkgs.parted}/sbin/parted /dev/vda mklabel msdos - ${pkgs.parted}/sbin/parted /dev/vda -- mkpart primary ext2 1M -1s - . /sys/class/block/vda1/uevent - mknod /dev/vda1 b $MAJOR $MINOR - . /sys/class/block/vda/uevent - ${pkgs.e2fsprogs}/sbin/mkfs.ext4 -L boot /dev/vda1 - ${pkgs.e2fsprogs}/sbin/tune2fs -c 0 -i 0 /dev/vda1 - - # Mount /boot. - mkdir /boot - mount /dev/vda1 /boot - - # This is needed for GRUB 0.97, which doesn't know about virtio devices. - mkdir /boot/grub - echo '(hd0) /dev/vda' > /boot/grub/device.map - - # Install GRUB and generate the GRUB boot menu. - touch /etc/NIXOS - mkdir -p /nix/var/nix/profiles - ${config.system.build.toplevel}/bin/switch-to-configuration boot + mkdir $targetRoot/.nix-rw-store + mount --bind $targetRoot/.nix-rw-store /unionfs-chroot/rw-store + ''} - umount /boot - '' - ); - -in - -{ - require = [ options ../profiles/qemu-guest.nix ]; - - boot.loader.grub.device = mkOverride 50 "/dev/vda"; - - boot.initrd.supportedFilesystems = optional cfg.writableStore "unionfs-fuse"; - - boot.initrd.extraUtilsCommands = - '' - # We need mke2fs in the initrd. - cp ${pkgs.e2fsprogs}/sbin/mke2fs $out/bin - ''; - - boot.initrd.postDeviceCommands = - '' - # If the disk image appears to be empty, run mke2fs to - # initialise. - FSTYPE=$(blkid -o value -s TYPE /dev/vda || true) - if test -z "$FSTYPE"; then - mke2fs -t ext4 /dev/vda - fi - ''; - - boot.initrd.postMountCommands = - '' - # Mark this as a NixOS machinex. - mkdir -p $targetRoot/etc - echo -n > $targetRoot/etc/NIXOS - - # Fix the permissions on /tmp. - chmod 1777 $targetRoot/tmp - - mkdir -p $targetRoot/boot - mount -o remount,ro $targetRoot/nix/store - ${optionalString cfg.writableStore '' - mkdir -p /unionfs-chroot/ro-store - mount --rbind $targetRoot/nix/store /unionfs-chroot/ro-store - - mkdir /unionfs-chroot/rw-store - ${if cfg.writableStoreUseTmpfs then '' - mount -t tmpfs -o "mode=755" none /unionfs-chroot/rw-store - '' else '' - mkdir $targetRoot/.nix-rw-store - mount --bind $targetRoot/.nix-rw-store /unionfs-chroot/rw-store + unionfs -o allow_other,cow,nonempty,chroot=/unionfs-chroot,max_files=32768,hide_meta_files /rw-store=RW:/ro-store=RO $targetRoot/nix/store ''} + ''; + + # After booting, register the closure of the paths in + # `virtualisation.pathsInNixDB' in the Nix database in the VM. This + # allows Nix operations to work in the VM. The path to the + # registration file is passed through the kernel command line to + # allow `system.build.toplevel' to be included. (If we had a direct + # reference to ${regInfo} here, then we would get a cyclic + # dependency.) + boot.postBootCommands = + '' + if [[ "$(cat /proc/cmdline)" =~ regInfo=([^ ]*) ]]; then + ${config.environment.nix}/bin/nix-store --load-db < ''${BASH_REMATCH[1]} + fi + ''; + + virtualisation.pathsInNixDB = [ config.system.build.toplevel ]; + + virtualisation.qemu.options = [ "-vga std" "-usbdevice tablet" ]; + + # Mount the host filesystem via 9P, and bind-mount the Nix store of + # the host into our own filesystem. We use mkOverride to allow this + # module to be applied to "normal" NixOS system configuration, where + # the regular value for the `fileSystems' attribute should be + # disregarded for the purpose of building a VM test image (since + # those filesystems don't exist in the VM). + fileSystems = mkOverride 10 + { "/".device = "/dev/vda"; + "/nix/store" = + { device = "store"; + fsType = "9p"; + options = "trans=virtio,version=9p2000.L,msize=1048576,cache=loose"; + }; + "/tmp/xchg" = + { device = "xchg"; + fsType = "9p"; + options = "trans=virtio,version=9p2000.L,msize=1048576,cache=loose"; + neededForBoot = true; + }; + "/tmp/shared" = + { device = "shared"; + fsType = "9p"; + options = "trans=virtio,version=9p2000.L,msize=1048576"; + neededForBoot = true; + }; + } // optionalAttrs cfg.useBootLoader + { "/boot" = + { device = "/dev/disk/by-label/boot"; + fsType = "ext4"; + options = "ro"; + noCheck = true; # fsck fails on a r/o filesystem + }; + }; - unionfs -o allow_other,cow,nonempty,chroot=/unionfs-chroot,max_files=32768,hide_meta_files /rw-store=RW:/ro-store=RO $targetRoot/nix/store - ''} - ''; - - # After booting, register the closure of the paths in - # `virtualisation.pathsInNixDB' in the Nix database in the VM. This - # allows Nix operations to work in the VM. The path to the - # registration file is passed through the kernel command line to - # allow `system.build.toplevel' to be included. (If we had a direct - # reference to ${regInfo} here, then we would get a cyclic - # dependency.) - boot.postBootCommands = - '' - if [[ "$(cat /proc/cmdline)" =~ regInfo=([^ ]*) ]]; then - ${config.environment.nix}/bin/nix-store --load-db < ''${BASH_REMATCH[1]} - fi - ''; - - virtualisation.pathsInNixDB = [ config.system.build.toplevel ]; - - virtualisation.qemu.options = [ "-vga std" "-usbdevice tablet" ]; - - # Mount the host filesystem via 9P, and bind-mount the Nix store of - # the host into our own filesystem. We use mkOverride to allow this - # module to be applied to "normal" NixOS system configuration, where - # the regular value for the `fileSystems' attribute should be - # disregarded for the purpose of building a VM test image (since - # those filesystems don't exist in the VM). - fileSystems = mkOverride 10 - { "/".device = "/dev/vda"; - "/nix/store" = - { device = "store"; - fsType = "9p"; - options = "trans=virtio,version=9p2000.L,msize=1048576,cache=loose"; - }; - "/tmp/xchg" = - { device = "xchg"; - fsType = "9p"; - options = "trans=virtio,version=9p2000.L,msize=1048576,cache=loose"; - neededForBoot = true; - }; - "/tmp/shared" = - { device = "shared"; - fsType = "9p"; - options = "trans=virtio,version=9p2000.L,msize=1048576"; - neededForBoot = true; - }; - } // optionalAttrs cfg.useBootLoader - { "/boot" = - { device = "/dev/disk/by-label/boot"; - fsType = "ext4"; - options = "ro"; - noCheck = true; # fsck fails on a r/o filesystem - }; - }; - - swapDevices = mkOverride 50 [ ]; - - # Don't run ntpd in the guest. It should get the correct time from KVM. - services.ntp.enable = false; - - system.build.vm = pkgs.runCommand "nixos-vm" { preferLocalBuild = true; } - '' - ensureDir $out/bin - ln -s ${config.system.build.toplevel} $out/system - ln -s ${pkgs.writeScript "run-nixos-vm" startVM} $out/bin/run-${vmName}-vm - ''; + swapDevices = mkOverride 50 [ ]; + + # Don't run ntpd in the guest. It should get the correct time from KVM. + services.ntp.enable = false; + + system.build.vm = pkgs.runCommand "nixos-vm" { preferLocalBuild = true; } + '' + ensureDir $out/bin + ln -s ${config.system.build.toplevel} $out/system + ln -s ${pkgs.writeScript "run-nixos-vm" startVM} $out/bin/run-${vmName}-vm + ''; + + # When building a regular system configuration, override whatever + # video driver the host uses. + services.xserver.videoDriver = mkOverride 50 null; + services.xserver.videoDrivers = mkOverride 50 [ "vesa" ]; + services.xserver.defaultDepth = mkOverride 50 0; + services.xserver.resolutions = mkOverride 50 [ { x = 1024; y = 768; } ]; + services.xserver.monitorSection = + '' + # Set a higher refresh rate so that resolutions > 800x600 work. + HorizSync 30-140 + VertRefresh 50-160 + ''; + + # Wireless won't work in the VM. + networking.wireless.enable = mkOverride 50 false; + + system.requiredKernelConfig = with config.lib.kernelConfig; + [ (isEnabled "VIRTIO_BLK") + (isEnabled "VIRTIO_PCI") + (isEnabled "VIRTIO_NET") + (isEnabled "EXT4_FS") + (isYes "BLK_DEV") + (isYes "PCI") + (isYes "EXPERIMENTAL") + (isYes "NETDEVICES") + (isYes "NET_CORE") + (isYes "INET") + (isYes "NETWORK_FILESYSTEMS") + ] ++ optional (!cfg.graphics) [ + (isYes "SERIAL_8250_CONSOLE") + (isYes "SERIAL_8250") + ]; - # When building a regular system configuration, override whatever - # video driver the host uses. - services.xserver.videoDriver = mkOverride 50 null; - services.xserver.videoDrivers = mkOverride 50 [ "vesa" ]; - services.xserver.defaultDepth = mkOverride 50 0; - services.xserver.resolutions = mkOverride 50 [ { x = 1024; y = 768; } ]; - services.xserver.monitorSection = - '' - # Set a higher refresh rate so that resolutions > 800x600 work. - HorizSync 30-140 - VertRefresh 50-160 - ''; - - # Wireless won't work in the VM. - networking.wireless.enable = mkOverride 50 false; - - system.requiredKernelConfig = with config.lib.kernelConfig; - [ (isEnabled "VIRTIO_BLK") - (isEnabled "VIRTIO_PCI") - (isEnabled "VIRTIO_NET") - (isEnabled "EXT4_FS") - (isYes "BLK_DEV") - (isYes "PCI") - (isYes "EXPERIMENTAL") - (isYes "NETDEVICES") - (isYes "NET_CORE") - (isYes "INET") - (isYes "NETWORK_FILESYSTEMS") - ] ++ optional (!cfg.graphics) [ - (isYes "SERIAL_8250_CONSOLE") - (isYes "SERIAL_8250") - ]; + }; } diff --git a/tests/firefox.nix b/tests/firefox.nix index adb936dc1ae..d6599be13c9 100644 --- a/tests/firefox.nix +++ b/tests/firefox.nix @@ -5,7 +5,7 @@ machine = { config, pkgs, ... }: - { require = [ ./common/x11.nix ]; + { imports = [ ./common/x11.nix ]; environment.systemPackages = [ pkgs.firefox ]; }; diff --git a/tests/installer.nix b/tests/installer.nix index 8488726efe0..5c61439248f 100644 --- a/tests/installer.nix +++ b/tests/installer.nix @@ -37,7 +37,7 @@ let '' { config, pkgs, modulesPath, ... }: - { require = + { imports = [ ./hardware.nix "''${modulesPath}/testing/test-instrumentation.nix" ]; diff --git a/tests/kde4.nix b/tests/kde4.nix index fabad89c342..3fb35bbab09 100644 --- a/tests/kde4.nix +++ b/tests/kde4.nix @@ -5,7 +5,7 @@ machine = { config, pkgs, ... }: - { require = [ ./common/user-account.nix ]; + { imports = [ ./common/user-account.nix ]; virtualisation.memorySize = 768; diff --git a/tests/quake3.nix b/tests/quake3.nix index 041cfdb29ae..92501107780 100644 --- a/tests/quake3.nix +++ b/tests/quake3.nix @@ -17,7 +17,7 @@ rec { client = { config, pkgs, ... }: - { require = [ ./common/x11.nix ]; + { imports = [ ./common/x11.nix ]; services.xserver.driSupport = true; services.xserver.defaultDepth = pkgs.lib.mkOverride 0 16; environment.systemPackages = [ pkgs.quake3demo ]; diff --git a/tests/trac.nix b/tests/trac.nix index 7f05103d754..72442c885ac 100644 --- a/tests/trac.nix +++ b/tests/trac.nix @@ -3,9 +3,8 @@ { nodes = { storage = - {pkgs, config, ...}: - { - services.nfs.server.enable = true; + { config, pkgs, ... }: + { services.nfs.server.enable = true; services.nfs.server.exports = '' /repos 192.168.1.0/255.255.255.0(rw,no_root_squash) ''; @@ -13,10 +12,8 @@ }; postgresql = - {config, pkgs, ...}: - { - services.openssh.enable = true; - services.postgresql.enable = true; + { config, pkgs, ... }: + { services.postgresql.enable = true; services.postgresql.package = pkgs.postgresql92; services.postgresql.enableTCPIP = true; services.postgresql.authentication = '' @@ -29,15 +26,13 @@ }; webserver = - {config, pkgs, ...}: - { - fileSystems = pkgs.lib.mkOverride 50 + { config, pkgs, ... }: + { fileSystems = pkgs.lib.mkOverride 50 [ { mountPoint = "/repos"; device = "storage:/repos"; fsType = "nfs"; } ]; - services.httpd.enable = true; services.httpd.adminAddr = "root@localhost"; services.httpd.extraSubservices = [ { serviceType = "trac"; } ]; @@ -45,9 +40,8 @@ }; client = - {config, pkgs, ...}: - { - require = [ ./common/x11.nix ]; + { config, pkgs, ... }: + { imports = [ ./common/x11.nix ]; services.xserver.desktopManager.kde4.enable = true; }; }; diff --git a/tests/xfce.nix b/tests/xfce.nix index 706456143fb..9f9692f8a01 100644 --- a/tests/xfce.nix +++ b/tests/xfce.nix @@ -5,7 +5,7 @@ machine = { config, pkgs, ... }: - { require = [ ./common/user-account.nix ]; + { imports = [ ./common/user-account.nix ]; services.xserver.enable = true; |