After RFC-0125 implementation, Determinate Systems was pinged multiple
times to transfer the repository ownership of the tooling to a
vendor-neutral repository.
Unfortunately, this never manifested. Additionally, the leadership of
the NixOS project was too dysfunctional to deal with this sort of
problem. It might even still be the case up to this day.
Nonetheless, nixpkgs is about enabling end users to enact their own
policies. It would be better to live in a world where there is one
obvious choice of bootspec tooling, in the meantime, we can live in a
world where people can choose their bootspec tooling.
The Lix forge possess one fork of the Bootspec tooling:
https://git.lix.systems/lix-community/bootspec which will live its own
life from now on.
Change-Id: I00c4dd64e00b4c24f6641472902e7df60ed13b55
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
systemd-repart can be configured to not automatically issue BLKDISCARD commands
to the underlying hardware.
This PR exposes this option in the repart module.
The systemd.tmpfiles.settings.<name>.<path>.<type>.argument option may
contain arbitrary strings. This could allow intentional or unintentional
introduction of new configuration lines.
The argument field cannot be quoted, C‐style \xNN escape sequences are
however permitted. By escaping whitespace and newline characters, the
issue can be mitigated.
Format all Nix files using the officially approved formatter,
making the CI check introduced in the previous commit succeed:
nix-build ci -A fmt.check
This is the next step of the of the [implementation](https://github.com/NixOS/nixfmt/issues/153)
of the accepted [RFC 166](https://github.com/NixOS/rfcs/pull/166).
This commit will lead to merge conflicts for a number of PRs,
up to an estimated ~1100 (~33%) among the PRs with activity in the past 2
months, but that should be lower than what it would be without the previous
[partial treewide format](https://github.com/NixOS/nixpkgs/pull/322537).
Merge conflicts caused by this commit can now automatically be resolved while rebasing using the
[auto-rebase script](8616af08d9/maintainers/scripts/auto-rebase).
If you run into any problems regarding any of this, please reach out to the
[formatting team](https://nixos.org/community/teams/formatting/) by
pinging @NixOS/nix-formatting.
Previously, all generations for the primary system profile
read their data from the currently active one rather than
their own path, and specialisations in general all used
their parent bootspec rather than their own. This fixes both issues.
This commit still uses the parent path's build date for
specialisations, but this is more minor issue and the times
shouldn't be meaningfully different in most cases anyways.
Some upstream systemd units are conditionally installed into the systemd
output, so we must make sure the feature that enables their installation
is enabled on our side prior to trying to use them.
tracefs is a special-purpose filesystem in Linux used for tracing filesystem and kernel operations.
This was added to the kernel back in 2015 to replace debugfs. For security reasons, some system do not mount debugfs at all. Tracefs reduces the attack surface by allowing to trace without mounting debugfs. Additionally it provides features not supported by debugfs (such as calls for mkdir and rmdir
Debian and Arch Linux both enable this by default.
RHEL 8 and later, they enable tracefs by default.
Signed-off-by: John Titor <50095635+JohnRTitor@users.noreply.github.com>
Closes#381822
Apparently, I swapped `path` and `tmpfiles-type` in
2be50b1efe. Sorry about that 🫠
Also giving
`systemd.tmpfiles.settings.<config-name>.<path>.<tmpfiles-type>.type` a
better default in the manual than `‹name›`, i.e. `‹tmpfiles-type›` so
that it corresponds to the placeholders in the attribute path.
We default this option to null ; which is different
from upstream which defaults this to true.
Defaulting this to true leads to log-spam in /dev/kmesg
and thus in our opinion is a bad default https://github.com/systemd/systemd/issues/15324
This allows for instance to reject switching into a configuration, while
still allowing to reboot into that same configuration.
This can be useful for instance to reject switching to a configuration
with a new systemd major version, but setting that same configuration as
the new boot default with `switch-to-configuration boot` is fine.
A couple of improvements:
1. Avoid the generally discouraged apply argument to options, as it has
quite weird semantics
2. Avoid issues when a user calls a preSwitchCheck `script`, which
would've been silently overridden by the existing implementation.
Reliance on a special attribute name like that is bound to lead to a
very-hard-to-debug problem for someone at some point
3. Use writeShellApplication so that the preSwitchChecks are checked by
shellcheck and and so that they run with basic bash guardrails
4. Fix shellcheck issue (testing the value of $?)
5. Add a positive preSwitchCheck to the nixos test, to make sure that
that works as intended
We need to take the "top" mount instead of any mount, which is the last
line printed by findmnt. Additionally, make the regex more strict, so we
don't select mount options ending in ro (like `errors=remount-ro` from
ext4, or overlay paths ending in 'ro') and accidentally leave the Nix
store RW after boot.
Prior to this change a service failure would occur when this tmpfiles
service did not finish fast enough and receive a SIGTERM from systemd.
Additionally, `initrd-nixos-activation` is already ordered with
`After=initrd-switch-root.target`.
By default, systemd-repart refuses to act on empty disk devices, i.e.
those without any existing partition table for safety reasons.
This behaviour can be customized via the `--empty` flag, which we now
expose via the module system. This makes to partition empty disks
on first boot.
These daemons should not be stopped, as they're foundational to a
proper functioning of the system. When switching configurations, they
only need a restart instead of that stop/start cycle.
Helps the following situation:
- SSH in initrd is enabled
- NixOS is waiting for a password to be typed at the console (or
provided via cryptsetup-askpass)
- The user logs in via SSH, but instead of running cryptsetup-askpass,
they run "cryptsetup open" directly (because they don't know that
they need to use NixOS's cryptsetup-askpass script, or because they
want to use a non-trivial unlocking method that is not natively
supported by this module)
Currently, in the above situation, NixOS will keep waiting for a
password to be entered even though the device is already unlocked. If
a password is entered, it will print a confusing "already exists"
error and keep asking for the same password.
We can improve on this by simply checking if the device is already
unlocked in our read loop. In this case, we don't need to do anything
other than return from the function and continue booting.
Removing the splash param only causes plymouth to display console
output by default; it still runs. Systemd stage 1 respects this flag
due to unit conditions preventing plymouth from even running. So this
brings parity to scripted stage 1.
When using nixos-enter (and so also nixos-install) on a system with etc-overlay enabled,
he activation script gets called directly, and there is no systemd running.
This violates a couple of assumptions in the etc-overlay activation script which
assumed that it only ever ran when switching into a new generation and that
the very first /etc would always have been set up by the systemd initrd.
As more and more things are being moved into systemd components (initrd services,
mount units, tmpfiles, etc), I think that it is going to become increasingly
difficult to stay compatible with these tools, but at least for now there is
no real alternative and so we probably want to be able to install systems
with etc-overlay enabled.
This makes it so that the getty units are only included if
`config.console.enable` is set to `true`. Previously, they would be
included, but disabled in that case, which is unnecessary.
The assertion is based on the availability of `move-mount-beneath`, which is only used in re-activation logic for switchable systems. Systems that have `system.switch.enable == false` should be allowed to user older kernels.
