diff options
| author | github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> | 2023-10-31 18:01:02 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-10-31 18:01:02 +0000 |
| commit | 81270bbdcf37beeb451991cf5e96b57d14d38bca (patch) | |
| tree | 91c21889bf9ba5e17b1cf2901b5d5ed114d3c43f /nixos/doc | |
| parent | 2fd5f8dd7ad6c3a83bc960b6ea1f6903141270ea (diff) | |
| parent | 2784272f5baa2ade2347c1e02a9665d85b85d723 (diff) | |
| download | nixpkgs-81270bbdcf37beeb451991cf5e96b57d14d38bca.tar nixpkgs-81270bbdcf37beeb451991cf5e96b57d14d38bca.tar.gz nixpkgs-81270bbdcf37beeb451991cf5e96b57d14d38bca.tar.bz2 nixpkgs-81270bbdcf37beeb451991cf5e96b57d14d38bca.tar.lz nixpkgs-81270bbdcf37beeb451991cf5e96b57d14d38bca.tar.xz nixpkgs-81270bbdcf37beeb451991cf5e96b57d14d38bca.tar.zst nixpkgs-81270bbdcf37beeb451991cf5e96b57d14d38bca.zip | |
Merge master into staging-next
Diffstat (limited to 'nixos/doc')
3 files changed, 144 insertions, 0 deletions
diff --git a/nixos/doc/manual/installation/building-images-via-systemd-repart.chapter.md b/nixos/doc/manual/installation/building-images-via-systemd-repart.chapter.md new file mode 100644 index 00000000000..6d0675f21a0 --- /dev/null +++ b/nixos/doc/manual/installation/building-images-via-systemd-repart.chapter.md @@ -0,0 +1,137 @@ +# Building Images via `systemd-repart` {#sec-image-repart} + +You can build disk images in NixOS with the `image.repart` option provided by +the module [image/repart.nix][]. This module uses `systemd-repart` to build the +images and exposes it's entire interface via the `repartConfig` option. + +[image/repart.nix]: https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/image/repart.nix + +An example of how to build an image: + +```nix +{ config, modulesPath, ... }: { + + imports = [ "${modulesPath}/image/repart.nix" ]; + + image.repart = { + name = "image"; + partitions = { + "esp" = { + contents = { + ... + }; + repartConfig = { + Type = "esp"; + ... + }; + }; + "root" = { + storePaths = [ config.system.build.toplevel ]; + repartConfig = { + Type = "root"; + Label = "nixos"; + ... + }; + }; + }; + }; + +} +``` + +## Nix Store Partition {#sec-image-repart-store-partition} + +You can define a partition that only contains the Nix store and then mount it +under `/nix/store`. Because the `/nix/store` part of the paths is already +determined by the mount point, you have to set `stripNixStorePrefix = true;` so +that the prefix is stripped from the paths before copying them into the image. + +```nix +fileSystems."/nix/store".device = "/dev/disk/by-partlabel/nix-store" + +image.repart.partitions = { + "store" = { + storePaths = [ config.system.build.toplevel ]; + stripNixStorePrefix = true; + repartConfig = { + Type = "linux-generic"; + Label = "nix-store"; + ... + }; + }; +}; +``` + +## Appliance Image {#sec-image-repart-appliance} + +The `image/repart.nix` module can also be used to build self-contained [software +appliances][]. + +[software appliances]: https://en.wikipedia.org/wiki/Software_appliance + +The generation based update mechanism of NixOS is not suited for appliances. +Updates of appliances are usually either performed by replacing the entire +image with a new one or by updating partitions via an A/B scheme. See the +[Chrome OS update process][chrome-os-update] for an example of how to achieve +this. The appliance image built in the following example does not contain a +`configuration.nix` and thus you will not be able to call `nixos-rebuild` from +this system. + +[chrome-os-update]: https://chromium.googlesource.com/aosp/platform/system/update_engine/+/HEAD/README.md + +```nix +let + pkgs = import <nixpkgs> { }; + efiArch = pkgs.stdenv.hostPlatform.efiArch; +in +(pkgs.nixos [ + ({ config, lib, pkgs, modulesPath, ... }: { + + imports = [ "${modulesPath}/image/repart.nix" ]; + + boot.loader.grub.enable = false; + + fileSystems."/".device = "/dev/disk/by-label/nixos"; + + image.repart = { + name = "image"; + partitions = { + "esp" = { + contents = { + "/EFI/BOOT/BOOT${lib.toUpper efiArch}.EFI".source = + "${pkgs.systemd}/lib/systemd/boot/efi/systemd-boot${efiArch}.efi"; + + "/loader/entries/nixos.conf".source = pkgs.writeText "nixos.conf" '' + title NixOS + linux /EFI/nixos/kernel.efi + initrd /EFI/nixos/initrd.efi + options init=${config.system.build.toplevel}/init ${toString config.boot.kernelParams} + ''; + + "/EFI/nixos/kernel.efi".source = + "${config.boot.kernelPackages.kernel}/${config.system.boot.loader.kernelFile}"; + + "/EFI/nixos/initrd.efi".source = + "${config.system.build.initialRamdisk}/${config.system.boot.loader.initrdFile}"; + }; + repartConfig = { + Type = "esp"; + Format = "vfat"; + SizeMinBytes = "96M"; + }; + }; + "root" = { + storePaths = [ config.system.build.toplevel ]; + repartConfig = { + Type = "root"; + Format = "ext4"; + Label = "nixos"; + Minimize = "guess"; + }; + }; + }; + }; + + }) +]).image +``` diff --git a/nixos/doc/manual/installation/installation.md b/nixos/doc/manual/installation/installation.md index 14059425660..f3b1773d865 100644 --- a/nixos/doc/manual/installation/installation.md +++ b/nixos/doc/manual/installation/installation.md @@ -8,4 +8,5 @@ installing.chapter.md changing-config.chapter.md upgrading.chapter.md building-nixos.chapter.md +building-images-via-systemd-repart.chapter.md ``` diff --git a/nixos/doc/manual/release-notes/rl-2311.section.md b/nixos/doc/manual/release-notes/rl-2311.section.md index faa3428dd0e..e516e8b1813 100644 --- a/nixos/doc/manual/release-notes/rl-2311.section.md +++ b/nixos/doc/manual/release-notes/rl-2311.section.md @@ -38,6 +38,8 @@ true`. This is generally safe behavior, but for anyone needing to opt out from the check `users.users.${USERNAME}.ignoreShellProgramCheck = true` will do the job. +- Cassandra now defaults to 4.x, updated from 3.11.x. + ## New Services {#sec-release-23.11-new-services} - [MCHPRS](https://github.com/MCHPR/MCHPRS), a multithreaded Minecraft server built for redstone. Available as [services.mchprs](#opt-services.mchprs.enable). @@ -351,6 +353,8 @@ - `service.borgmatic.settings.location` and `services.borgmatic.configurations.<name>.location` are deprecated, please move your options out of sections to the global scope. +- `privacyidea` (and the corresponding `privacyidea-ldap-proxy`) has been removed from nixpkgs because it has severely outdated dependencies that became unmaintainable with nixpkgs' python package-set. + - `dagger` was removed because using a package called `dagger` and packaging it from source violates their trademark policy. - `win-virtio` package was renamed to `virtio-win` to be consistent with the upstream package name. @@ -508,6 +512,8 @@ The module update takes care of the new config syntax and the data itself (user - `fusuma` now enables the following plugins: [appmatcher](https://github.com/iberianpig/fusuma-plugin-appmatcher), [keypress](https://github.com/iberianpig/fusuma-plugin-keypress), [sendkey](https://github.com/iberianpig/fusuma-plugin-sendkey), [tap](https://github.com/iberianpig/fusuma-plugin-tap) and [wmctrl](https://github.com/iberianpig/fusuma-plugin-wmctrl). +- `services.bitcoind` now properly respects the `enable` option. + ## Nixpkgs internals {#sec-release-23.11-nixpkgs-internals} - The use of `sourceRoot = "source";`, `sourceRoot = "source/subdir";`, and similar lines in package derivations using the default `unpackPhase` is deprecated as it requires `unpackPhase` to always produce a directory named "source". Use `sourceRoot = src.name`, `sourceRoot = "${src.name}/subdir";`, or `setSourceRoot = "sourceRoot=$(echo */subdir)";` or similar instead. |