diff options
| author | Vladimír Čunát <v@cunat.cz> | 2019-09-27 22:13:02 +0200 |
|---|---|---|
| committer | Vladimír Čunát <v@cunat.cz> | 2019-09-27 22:13:02 +0200 |
| commit | 217cf982c754f1e8506e180551c73f57c04aed7f (patch) | |
| tree | b816e2671be3cc3d22f165cbf593bb5cce3c4173 /nixos | |
| parent | ab77ea0bf25dd1f193c8dd078ef7e90523366135 (diff) | |
| parent | f9021cc12980370f60cce54ec899b11aebb5ed0b (diff) | |
| download | nixpkgs-217cf982c754f1e8506e180551c73f57c04aed7f.tar nixpkgs-217cf982c754f1e8506e180551c73f57c04aed7f.tar.gz nixpkgs-217cf982c754f1e8506e180551c73f57c04aed7f.tar.bz2 nixpkgs-217cf982c754f1e8506e180551c73f57c04aed7f.tar.lz nixpkgs-217cf982c754f1e8506e180551c73f57c04aed7f.tar.xz nixpkgs-217cf982c754f1e8506e180551c73f57c04aed7f.tar.zst nixpkgs-217cf982c754f1e8506e180551c73f57c04aed7f.zip | |
Merge branch 'master' into staging-next
Diffstat (limited to 'nixos')
12 files changed, 82 insertions, 18 deletions
diff --git a/nixos/doc/manual/configuration/wireless.xml b/nixos/doc/manual/configuration/wireless.xml index 9c0e3a8d7aa..247d29d5831 100644 --- a/nixos/doc/manual/configuration/wireless.xml +++ b/nixos/doc/manual/configuration/wireless.xml @@ -19,10 +19,17 @@ NixOS lets you specify networks for wpa_supplicant declaratively: <programlisting> <xref linkend="opt-networking.wireless.networks"/> = { - echelon = { + echelon = { # SSID with no spaces or special characters psk = "abcdefgh"; }; - "free.wifi" = {}; + "echelon's AP" = { # SSID with spaces and/or special characters + psk = "ijklmnop"; + }; + echelon = { # Hidden SSID + hidden = true; + psk = "qrstuvwx"; + }; + free.wifi = {}; # Public wireless network }; </programlisting> Be aware that keys will be written to the nix store in plaintext! When no diff --git a/nixos/modules/installer/cd-dvd/sd-image-raspberrypi.nix b/nixos/modules/installer/cd-dvd/sd-image-raspberrypi.nix index 2a131d9ce98..ba4127eaa0e 100644 --- a/nixos/modules/installer/cd-dvd/sd-image-raspberrypi.nix +++ b/nixos/modules/installer/cd-dvd/sd-image-raspberrypi.nix @@ -19,7 +19,7 @@ in boot.loader.generic-extlinux-compatible.enable = true; boot.consoleLogLevel = lib.mkDefault 7; - boot.kernelPackages = pkgs.linuxPackages_rpi; + boot.kernelPackages = pkgs.linuxPackages_rpi1; sdImage = { populateFirmwareCommands = let diff --git a/nixos/modules/installer/cd-dvd/sd-image-raspberrypi4.nix b/nixos/modules/installer/cd-dvd/sd-image-raspberrypi4.nix new file mode 100644 index 00000000000..c545a1e7e24 --- /dev/null +++ b/nixos/modules/installer/cd-dvd/sd-image-raspberrypi4.nix @@ -0,0 +1,31 @@ +# To build, use: +# nix-build nixos -I nixos-config=nixos/modules/installer/cd-dvd/sd-image-raspberrypi4.nix -A config.system.build.sdImage +{ config, lib, pkgs, ... }: + +{ + imports = [ + ../../profiles/base.nix + ../../profiles/installation-device.nix + ./sd-image.nix + ]; + + boot.loader.grub.enable = false; + boot.loader.raspberryPi.enable = true; + boot.loader.raspberryPi.version = 4; + boot.kernelPackages = pkgs.linuxPackages_rpi4; + + boot.consoleLogLevel = lib.mkDefault 7; + + sdImage = { + firmwareSize = 128; + # This is a hack to avoid replicating config.txt from boot.loader.raspberryPi + populateFirmwareCommands = + "${config.system.build.installBootLoader} ${config.system.build.toplevel} -d ./firmware"; + # As the boot process is done entirely in the firmware partition. + populateRootCommands = ""; + }; + + # the installation media is also the installation target, + # so we don't want to provide the installation configuration.nix. + installer.cloneConfig = false; +} diff --git a/nixos/modules/services/misc/nix-optimise.nix b/nixos/modules/services/misc/nix-optimise.nix index 416529f690e..e02026d5f76 100644 --- a/nixos/modules/services/misc/nix-optimise.nix +++ b/nixos/modules/services/misc/nix-optimise.nix @@ -40,8 +40,8 @@ in systemd.services.nix-optimise = { description = "Nix Store Optimiser"; - # No point running it inside a nixos-container. It should be on the host instead. - unitConfig.ConditionVirtualization = "!container"; + # No point this if the nix daemon (and thus the nix store) is outside + unitConfig.ConditionPathIsReadWrite = "/nix/var/nix/daemon-socket"; serviceConfig.ExecStart = "${config.nix.package}/bin/nix-store --optimise"; startAt = optionals cfg.automatic cfg.dates; }; diff --git a/nixos/modules/services/networking/wpa_supplicant.nix b/nixos/modules/services/networking/wpa_supplicant.nix index 63e59e7c8fa..294c0d70ede 100644 --- a/nixos/modules/services/networking/wpa_supplicant.nix +++ b/nixos/modules/services/networking/wpa_supplicant.nix @@ -103,6 +103,13 @@ in { description = '' Set this to <literal>true</literal> if the SSID of the network is hidden. ''; + example = literalExample '' + { echelon = { + hidden = true; + psk = "abcdefgh"; + }; + } + ''; }; priority = mkOption { @@ -146,10 +153,13 @@ in { ''; default = {}; example = literalExample '' - { echelon = { + { echelon = { # SSID with no spaces or special characters psk = "abcdefgh"; }; - "free.wifi" = {}; + "echelon's AP" = { # SSID with spaces and/or special characters + psk = "ijklmnop"; + }; + "free.wifi" = {}; # Public wireless network } ''; }; diff --git a/nixos/modules/services/web-servers/apache-httpd/default.nix b/nixos/modules/services/web-servers/apache-httpd/default.nix index 098160ee369..b0374d949fc 100644 --- a/nixos/modules/services/web-servers/apache-httpd/default.nix +++ b/nixos/modules/services/web-servers/apache-httpd/default.nix @@ -12,7 +12,7 @@ let php = mainCfg.phpPackage.override { apacheHttpd = httpd.dev; /* otherwise it only gets .out */ }; - phpMajorVersion = head (splitString "." php.version); + phpMajorVersion = lib.versions.major (lib.getVersion php); mod_perl = pkgs.apacheHttpdPackages.mod_perl.override { apacheHttpd = httpd; }; diff --git a/nixos/modules/system/boot/loader/raspberrypi/raspberrypi-builder.sh b/nixos/modules/system/boot/loader/raspberrypi/raspberrypi-builder.sh index 0fb07de10c0..c8b5bf2e61a 100644 --- a/nixos/modules/system/boot/loader/raspberrypi/raspberrypi-builder.sh +++ b/nixos/modules/system/boot/loader/raspberrypi/raspberrypi-builder.sh @@ -71,7 +71,7 @@ addEntry() { local kernel=$(readlink -f $path/kernel) local initrd=$(readlink -f $path/initrd) - local dtb_path=$(readlink -f $path/kernel-modules/dtbs) + local dtb_path=$(readlink -f $path/dtbs) if test -n "@copyKernels@"; then copyToKernelsDir $kernel; kernel=$result @@ -113,10 +113,18 @@ done fwdir=@firmware@/share/raspberrypi/boot/ copyForced $fwdir/bootcode.bin $target/bootcode.bin copyForced $fwdir/fixup.dat $target/fixup.dat +copyForced $fwdir/fixup4.dat $target/fixup4.dat +copyForced $fwdir/fixup4cd.dat $target/fixup4cd.dat +copyForced $fwdir/fixup4db.dat $target/fixup4db.dat +copyForced $fwdir/fixup4x.dat $target/fixup4x.dat copyForced $fwdir/fixup_cd.dat $target/fixup_cd.dat copyForced $fwdir/fixup_db.dat $target/fixup_db.dat copyForced $fwdir/fixup_x.dat $target/fixup_x.dat copyForced $fwdir/start.elf $target/start.elf +copyForced $fwdir/start4.elf $target/start4.elf +copyForced $fwdir/start4cd.elf $target/start4cd.elf +copyForced $fwdir/start4db.elf $target/start4db.elf +copyForced $fwdir/start4x.elf $target/start4x.elf copyForced $fwdir/start_cd.elf $target/start_cd.elf copyForced $fwdir/start_db.elf $target/start_db.elf copyForced $fwdir/start_x.elf $target/start_x.elf diff --git a/nixos/modules/system/boot/loader/raspberrypi/raspberrypi.nix b/nixos/modules/system/boot/loader/raspberrypi/raspberrypi.nix index 1c8354e5269..337afe9ef62 100644 --- a/nixos/modules/system/boot/loader/raspberrypi/raspberrypi.nix +++ b/nixos/modules/system/boot/loader/raspberrypi/raspberrypi.nix @@ -59,7 +59,7 @@ in version = mkOption { default = 2; - type = types.enum [ 0 1 2 3 ]; + type = types.enum [ 0 1 2 3 4 ]; description = '' ''; }; @@ -97,8 +97,8 @@ in config = mkIf cfg.enable { assertions = singleton { - assertion = !pkgs.stdenv.hostPlatform.isAarch64 || cfg.version == 3; - message = "Only Raspberry Pi 3 supports aarch64."; + assertion = !pkgs.stdenv.hostPlatform.isAarch64 || cfg.version >= 3; + message = "Only Raspberry Pi >= 3 supports aarch64."; }; system.build.installBootLoader = builder; diff --git a/nixos/modules/system/boot/loader/raspberrypi/uboot-builder.nix b/nixos/modules/system/boot/loader/raspberrypi/uboot-builder.nix index 9d4f8a93d28..1dc397e521b 100644 --- a/nixos/modules/system/boot/loader/raspberrypi/uboot-builder.nix +++ b/nixos/modules/system/boot/loader/raspberrypi/uboot-builder.nix @@ -10,11 +10,13 @@ let pkgs.ubootRaspberryPi else if version == 2 then pkgs.ubootRaspberryPi2 - else + else if version == 3 then if isAarch64 then pkgs.ubootRaspberryPi3_64bit else - pkgs.ubootRaspberryPi3_32bit; + pkgs.ubootRaspberryPi3_32bit + else + throw "U-Boot is not yet supported on the raspberry pi 4."; extlinuxConfBuilder = import ../generic-extlinux-compatible/extlinux-conf-builder.nix { diff --git a/nixos/modules/tasks/network-interfaces.nix b/nixos/modules/tasks/network-interfaces.nix index 5bf7b0d227f..7351f8b6b7e 100644 --- a/nixos/modules/tasks/network-interfaces.nix +++ b/nixos/modules/tasks/network-interfaces.nix @@ -967,9 +967,9 @@ in "net.ipv6.conf.default.disable_ipv6" = mkDefault (!cfg.enableIPv6); "net.ipv6.conf.all.forwarding" = mkDefault (any (i: i.proxyARP) interfaces); } // listToAttrs (flip concatMap (filter (i: i.proxyARP) interfaces) - (i: forEach [ "4" "6" ] (v: nameValuePair "net.ipv${v}.conf.${i.name}.proxy_arp" true))) + (i: forEach [ "4" "6" ] (v: nameValuePair "net.ipv${v}.conf.${replaceChars ["."] ["/"] i.name}.proxy_arp" true))) // listToAttrs (forEach (filter (i: i.preferTempAddress) interfaces) - (i: nameValuePair "net.ipv6.conf.${i.name}.use_tempaddr" 2)); + (i: nameValuePair "net.ipv6.conf.${replaceChars ["."] ["/"] i.name}.use_tempaddr" 2)); # Capabilities won't work unless we have at-least a 4.3 Linux # kernel because we need the ambient capability @@ -1092,7 +1092,7 @@ in destination = "/etc/udev/rules.d/98-${name}"; text = '' # enable and prefer IPv6 privacy addresses by default - ACTION=="add", SUBSYSTEM=="net", RUN+="${pkgs.procps}/bin/sysctl net.ipv6.conf.%k.use_tempaddr=2" + ACTION=="add", SUBSYSTEM=="net", RUN+="${pkgs.coreutils}/bin/echo 2 > /proc/sys/net/ipv6/conf/%k/use_tempaddr" ''; }) (pkgs.writeTextFile rec { @@ -1100,7 +1100,7 @@ in destination = "/etc/udev/rules.d/99-${name}"; text = concatMapStrings (i: '' # enable IPv6 privacy addresses but prefer EUI-64 addresses for ${i.name} - ACTION=="add", SUBSYSTEM=="net", RUN+="${pkgs.procps}/bin/sysctl net.ipv6.conf.${i.name}.use_tempaddr=1" + ACTION=="add", SUBSYSTEM=="net", RUN+="${pkgs.procps}/bin/sysctl net.ipv6.conf.${replaceChars ["."] ["/"] i.name}.use_tempaddr=1" '') (filter (i: !i.preferTempAddress) interfaces); }) ] ++ lib.optional (cfg.wlanInterfaces != {}) diff --git a/nixos/modules/virtualisation/container-config.nix b/nixos/modules/virtualisation/container-config.nix index ca7f126c59f..adb2f78a0a6 100644 --- a/nixos/modules/virtualisation/container-config.nix +++ b/nixos/modules/virtualisation/container-config.nix @@ -7,6 +7,7 @@ with lib; config = mkIf config.boot.isContainer { # Disable some features that are not useful in a container. + nix.optimise.automatic = mkDefault false; # the store is host managed services.udisks2.enable = mkDefault false; powerManagement.enable = mkDefault false; diff --git a/nixos/release.nix b/nixos/release.nix index a4b6b6bb91a..f40b5fa9bd7 100644 --- a/nixos/release.nix +++ b/nixos/release.nix @@ -180,6 +180,11 @@ in rec { inherit system; }); + sd_image_raspberrypi4 = forMatchingSystems [ "aarch64-linux" ] (system: makeSdImage { + module = ./modules/installer/cd-dvd/sd-image-raspberrypi4.nix; + inherit system; + }); + # A bootable VirtualBox virtual appliance as an OVA file (i.e. packaged OVF). ova = forMatchingSystems [ "x86_64-linux" ] (system: |