diff options
author | Jan Malakhovski <oxij@oxij.org> | 2015-11-25 19:09:09 +0000 |
---|---|---|
committer | Jan Malakhovski <oxij@oxij.org> | 2016-08-23 18:14:05 +0000 |
commit | 65d26c4dc12f8f0113b6b128573f18492ac5b6f6 (patch) | |
tree | bcd427c83dab4633c9c4b06c338ac10350f0209e | |
parent | 2c8ca0d1bd1df838b3e3b2d2e17c6855b3b520c1 (diff) | |
download | nixpkgs-65d26c4dc12f8f0113b6b128573f18492ac5b6f6.tar nixpkgs-65d26c4dc12f8f0113b6b128573f18492ac5b6f6.tar.gz nixpkgs-65d26c4dc12f8f0113b6b128573f18492ac5b6f6.tar.bz2 nixpkgs-65d26c4dc12f8f0113b6b128573f18492ac5b6f6.tar.lz nixpkgs-65d26c4dc12f8f0113b6b128573f18492ac5b6f6.tar.xz nixpkgs-65d26c4dc12f8f0113b6b128573f18492ac5b6f6.tar.zst nixpkgs-65d26c4dc12f8f0113b6b128573f18492ac5b6f6.zip |
nixos: apply toposort to fileSystems to support bind and move mounts
And use new `config.system.build.fileSystems` property everywhere.
-rw-r--r-- | nixos/lib/utils.nix | 5 | ||||
-rw-r--r-- | nixos/modules/security/grsecurity.nix | 2 | ||||
-rw-r--r-- | nixos/modules/system/boot/stage-1.nix | 23 | ||||
-rw-r--r-- | nixos/modules/tasks/encrypted-devices.nix | 2 | ||||
-rw-r--r-- | nixos/modules/tasks/filesystems.nix | 26 | ||||
-rw-r--r-- | nixos/modules/tasks/filesystems/zfs.nix | 4 |
6 files changed, 43 insertions, 19 deletions
diff --git a/nixos/lib/utils.nix b/nixos/lib/utils.nix index 40d0854d968..56a1e8a1d8b 100644 --- a/nixos/lib/utils.nix +++ b/nixos/lib/utils.nix @@ -2,6 +2,11 @@ pkgs: with pkgs.lib; rec { + # Check whenever `b` depends on `a` as a fileSystem + # FIXME: it's incorrect to simply use hasPrefix here: "/dev/a" is not a parent of "/dev/ab" + fsBefore = a: b: ((any (x: elem x [ "bind" "move" ]) b.options) && (a.mountPoint == b.device)) + || (hasPrefix a.mountPoint b.mountPoint); + # Escape a path according to the systemd rules, e.g. /dev/xyzzy # becomes dev-xyzzy. FIXME: slow. escapeSystemdPath = s: diff --git a/nixos/modules/security/grsecurity.nix b/nixos/modules/security/grsecurity.nix index 9a2f62a1488..c6332ca9f9f 100644 --- a/nixos/modules/security/grsecurity.nix +++ b/nixos/modules/security/grsecurity.nix @@ -12,7 +12,7 @@ let (fs: (fs.neededForBoot || elem fs.mountPoint [ "/" "/nix" "/nix/store" "/var" "/var/log" "/var/lib" "/etc" ]) && fs.fsType == "zfs") - (attrValues config.fileSystems) != []; + config.system.build.fileSystems != []; # Ascertain whether NixOS container support is required containerSupportRequired = diff --git a/nixos/modules/system/boot/stage-1.nix b/nixos/modules/system/boot/stage-1.nix index baeba1d6b31..f26412103ed 100644 --- a/nixos/modules/system/boot/stage-1.nix +++ b/nixos/modules/system/boot/stage-1.nix @@ -3,7 +3,7 @@ # the modules necessary to mount the root file system, then calls the # init in the root file system to start the second boot stage. -{ config, lib, pkgs, ... }: +{ config, lib, utils, pkgs, ... }: with lib; @@ -23,6 +23,14 @@ let }; + # The initrd only has to mount `/` or any FS marked as necessary for + # booting (such as the FS containing `/nix/store`, or an FS needed for + # mounting `/`, like `/` on a loopback). + fileSystems = filter + (fs: fs.neededForBoot || elem fs.mountPoint [ "/" "/nix" "/nix/store" "/var" "/var/log" "/var/lib" "/etc" ]) + config.system.build.fileSystems; + + # Some additional utilities needed in stage 1, like mount, lvm, fsck # etc. We don't want to bring in all of those packages, so we just # copy what we need. Instead of using statically linked binaries, @@ -71,7 +79,7 @@ let ln -sf kmod $out/bin/modprobe # Copy resize2fs if needed. - ${optionalString (any (fs: fs.autoResize) (attrValues config.fileSystems)) '' + ${optionalString (any (fs: fs.autoResize) config.system.build.fileSystems) '' # We need mke2fs in the initrd. copy_bin_and_libs ${pkgs.e2fsprogs}/sbin/resize2fs ''} @@ -128,14 +136,6 @@ let ''; # */ - # The initrd only has to mount / or any FS marked as necessary for - # booting (such as the FS containing /nix/store, or an FS needed for - # mounting /, like / on a loopback). - fileSystems = filter - (fs: fs.neededForBoot || elem fs.mountPoint [ "/" "/nix" "/nix/store" "/var" "/var/log" "/var/lib" "/etc" ]) - (attrValues config.fileSystems); - - udevRules = pkgs.stdenv.mkDerivation { name = "udev-rules"; allowedReferences = [ extraUtils ]; @@ -398,9 +398,8 @@ in }; config = mkIf (!config.boot.isContainer) { - assertions = [ - { assertion = any (fs: fs.mountPoint == "/") (attrValues config.fileSystems); + { assertion = any (fs: fs.mountPoint == "/") fileSystems; message = "The ‘fileSystems’ option does not specify your root file system."; } { assertion = let inherit (config.boot) resumeDevice; in diff --git a/nixos/modules/tasks/encrypted-devices.nix b/nixos/modules/tasks/encrypted-devices.nix index 457b86e95ab..b1a7711ddcb 100644 --- a/nixos/modules/tasks/encrypted-devices.nix +++ b/nixos/modules/tasks/encrypted-devices.nix @@ -3,7 +3,7 @@ with lib; let - fileSystems = attrValues config.fileSystems ++ config.swapDevices; + fileSystems = config.system.build.fileSystems ++ config.swapDevices; encDevs = filter (dev: dev.encrypted.enable) fileSystems; keyedEncDevs = filter (dev: dev.encrypted.keyFile != null) encDevs; keylessEncDevs = filter (dev: dev.encrypted.keyFile == null) encDevs; diff --git a/nixos/modules/tasks/filesystems.nix b/nixos/modules/tasks/filesystems.nix index b0abf5eda87..78dca662dc9 100644 --- a/nixos/modules/tasks/filesystems.nix +++ b/nixos/modules/tasks/filesystems.nix @@ -5,7 +5,16 @@ with utils; let - fileSystems = attrValues config.fileSystems; + fileSystems' = toposort fsBefore (attrValues config.fileSystems); + + fileSystems = if fileSystems' ? "result" + then # use topologically sorted fileSystems everywhere + fileSystems'.result + else # the assertion below will catch this, + # but we fall back to the original order + # anyway so that other modules could check + # their assertions too + (attrValues config.fileSystems); prioOption = prio: optionalString (prio != null) " pri=${toString prio}"; @@ -162,6 +171,17 @@ in config = { + assertions = let + ls = sep: concatMapStringsSep sep (x: x.mountPoint); + in [ + { assertion = ! (fileSystems' ? "cycle"); + message = "The ‘fileSystems’ option can't be topologically sorted: mountpoint dependency path ${ls " -> " fileSystems'.cycle} loops to ${ls ", " fileSystems'.loops}"; + } + ]; + + # Export for use in other modules + system.build.fileSystems = fileSystems; + boot.supportedFilesystems = map (fs: fs.fsType) fileSystems; # Add the mount helpers to the system path so that `mount' can find them. @@ -177,7 +197,7 @@ in # This is a generated file. Do not edit! # Filesystems. - ${flip concatMapStrings fileSystems (fs: + ${concatMapStrings (fs: (if fs.device != null then fs.device else if fs.label != null then "/dev/disk/by-label/${fs.label}" else throw "No device specified for mount point ‘${fs.mountPoint}’.") @@ -188,7 +208,7 @@ in + " " + (if skipCheck fs then "0" else if fs.mountPoint == "/" then "1" else "2") + "\n" - )} + ) fileSystems} # Swap devices. ${flip concatMapStrings config.swapDevices (sw: diff --git a/nixos/modules/tasks/filesystems/zfs.nix b/nixos/modules/tasks/filesystems/zfs.nix index 4ff3ffc74b1..77059fa43ff 100644 --- a/nixos/modules/tasks/filesystems/zfs.nix +++ b/nixos/modules/tasks/filesystems/zfs.nix @@ -36,7 +36,7 @@ let fsToPool = fs: datasetToPool fs.device; - zfsFilesystems = filter (x: x.fsType == "zfs") (attrValues config.fileSystems); + zfsFilesystems = filter (x: x.fsType == "zfs") config.system.build.fileSystems; isRoot = fs: fs.neededForBoot || elem fs.mountPoint [ "/" "/nix" "/nix/store" "/var" "/var/log" "/var/lib" "/etc" ]; @@ -277,7 +277,7 @@ in systemd.services = let getPoolFilesystems = pool: - filter (x: x.fsType == "zfs" && (fsToPool x) == pool) (attrValues config.fileSystems); + filter (x: x.fsType == "zfs" && (fsToPool x) == pool) config.system.build.fileSystems; getPoolMounts = pool: let |