diff options
Diffstat (limited to 'nixos')
19 files changed, 239 insertions, 75 deletions
diff --git a/nixos/doc/manual/from_md/installation/installing-kexec.section.xml b/nixos/doc/manual/from_md/installation/installing-kexec.section.xml new file mode 100644 index 000000000000..46ea0d59b6c3 --- /dev/null +++ b/nixos/doc/manual/from_md/installation/installing-kexec.section.xml @@ -0,0 +1,94 @@ +<section xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="sec-booting-via-kexec"> + <title><quote>Booting</quote> into NixOS via kexec</title> + <para> + In some cases, your system might already be booted into/preinstalled + with another Linux distribution, and booting NixOS by attaching an + installation image is quite a manual process. + </para> + <para> + This is particularly useful for (cloud) providers where you can’t + boot a custom image, but get some Debian or Ubuntu installation. + </para> + <para> + In these cases, it might be easier to use <literal>kexec</literal> + to <quote>jump into NixOS</quote> from the running system, which + only assumes <literal>bash</literal> and <literal>kexec</literal> to + be installed on the machine. + </para> + <para> + Note that kexec may not work correctly on some hardware, as devices + are not fully re-initialized in the process. In practice, this + however is rarely the case. + </para> + <para> + To build the necessary files from your current version of nixpkgs, + you can run: + </para> + <programlisting> +nix-build -A kexec.x86_64-linux '<nixpkgs/nixos/release.nix>' +</programlisting> + <para> + This will create a <literal>result</literal> directory containing + the following: + </para> + <itemizedlist spacing="compact"> + <listitem> + <para> + <literal>bzImage</literal> (the Linux kernel) + </para> + </listitem> + <listitem> + <para> + <literal>initrd</literal> (the initrd file) + </para> + </listitem> + <listitem> + <para> + <literal>kexec-boot</literal> (a shellscript invoking + <literal>kexec</literal>) + </para> + </listitem> + </itemizedlist> + <para> + These three files are meant to be copied over to the other already + running Linux Distribution. + </para> + <para> + Note it’s symlinks pointing elsewhere, so <literal>cd</literal> in, + and use <literal>scp * root@$destination</literal> to copy it over, + rather than rsync. + </para> + <para> + Once you finished copying, execute <literal>kexec-boot</literal> + <emphasis>on the destination</emphasis>, and after some seconds, the + machine should be booting into an (ephemeral) NixOS installation + medium. + </para> + <para> + In case you want to describe your own system closure to kexec into, + instead of the default installer image, you can build your own + <literal>configuration.nix</literal>: + </para> + <programlisting language="bash"> +{ modulesPath, ... }: { + imports = [ + (modulesPath + "/installer/netboot/netboot-minimal.nix") + ]; + + services.openssh.enable = true; + users.users.root.openssh.authorizedKeys.keys = [ + "my-ssh-pubkey" + ]; +} +</programlisting> + <programlisting> +nix-build '<nixpkgs/nixos>' \ + --arg configuration ./configuration.nix + --attr config.system.build.kexecTree +</programlisting> + <para> + Make sure your <literal>configuration.nix</literal> does still + import <literal>netboot-minimal.nix</literal> (or + <literal>netboot-base.nix</literal>). + </para> +</section> diff --git a/nixos/doc/manual/from_md/installation/installing.chapter.xml b/nixos/doc/manual/from_md/installation/installing.chapter.xml index aee0b30a7076..19ff841f5a67 100644 --- a/nixos/doc/manual/from_md/installation/installing.chapter.xml +++ b/nixos/doc/manual/from_md/installation/installing.chapter.xml @@ -638,6 +638,7 @@ $ passwd eelco <title>Additional installation notes</title> <xi:include href="installing-usb.section.xml" /> <xi:include href="installing-pxe.section.xml" /> + <xi:include href="installing-kexec.section.xml" /> <xi:include href="installing-virtualbox-guest.section.xml" /> <xi:include href="installing-from-other-distro.section.xml" /> <xi:include href="installing-behind-a-proxy.section.xml" /> diff --git a/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml index 958000687810..79bba37a1358 100644 --- a/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml +++ b/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml @@ -121,6 +121,14 @@ this version for the entire lifecycle of the 22.11 release. </para> </listitem> + <listitem> + <para> + (Neo)Vim can not be configured with + <literal>configure.pathogen</literal> anymore to reduce + maintainance burden. Use <literal>configure.packages</literal> + instead. + </para> + </listitem> </itemizedlist> </section> <section xml:id="sec-release-22.11-notable-changes"> diff --git a/nixos/doc/manual/installation/installing-kexec.section.md b/nixos/doc/manual/installation/installing-kexec.section.md new file mode 100644 index 000000000000..286cbbda6a69 --- /dev/null +++ b/nixos/doc/manual/installation/installing-kexec.section.md @@ -0,0 +1,64 @@ +# "Booting" into NixOS via kexec {#sec-booting-via-kexec} + +In some cases, your system might already be booted into/preinstalled with +another Linux distribution, and booting NixOS by attaching an installation +image is quite a manual process. + +This is particularly useful for (cloud) providers where you can't boot a custom +image, but get some Debian or Ubuntu installation. + +In these cases, it might be easier to use `kexec` to "jump into NixOS" from the +running system, which only assumes `bash` and `kexec` to be installed on the +machine. + +Note that kexec may not work correctly on some hardware, as devices are not +fully re-initialized in the process. In practice, this however is rarely the +case. + +To build the necessary files from your current version of nixpkgs, +you can run: + +```ShellSession +nix-build -A kexec.x86_64-linux '<nixpkgs/nixos/release.nix>' +``` + +This will create a `result` directory containing the following: + - `bzImage` (the Linux kernel) + - `initrd` (the initrd file) + - `kexec-boot` (a shellscript invoking `kexec`) + +These three files are meant to be copied over to the other already running +Linux Distribution. + +Note it's symlinks pointing elsewhere, so `cd` in, and use +`scp * root@$destination` to copy it over, rather than rsync. + +Once you finished copying, execute `kexec-boot` *on the destination*, and after +some seconds, the machine should be booting into an (ephemeral) NixOS +installation medium. + +In case you want to describe your own system closure to kexec into, instead of +the default installer image, you can build your own `configuration.nix`: + +```nix +{ modulesPath, ... }: { + imports = [ + (modulesPath + "/installer/netboot/netboot-minimal.nix") + ]; + + services.openssh.enable = true; + users.users.root.openssh.authorizedKeys.keys = [ + "my-ssh-pubkey" + ]; +} +``` + + +```ShellSession +nix-build '<nixpkgs/nixos>' \ + --arg configuration ./configuration.nix + --attr config.system.build.kexecTree +``` + +Make sure your `configuration.nix` does still import `netboot-minimal.nix` (or +`netboot-base.nix`). diff --git a/nixos/doc/manual/installation/installing.chapter.md b/nixos/doc/manual/installation/installing.chapter.md index 8a46d68ae3ba..7e830f8e4583 100644 --- a/nixos/doc/manual/installation/installing.chapter.md +++ b/nixos/doc/manual/installation/installing.chapter.md @@ -476,6 +476,7 @@ With a partitioned disk. ```{=docbook} <xi:include href="installing-usb.section.xml" /> <xi:include href="installing-pxe.section.xml" /> +<xi:include href="installing-kexec.section.xml" /> <xi:include href="installing-virtualbox-guest.section.xml" /> <xi:include href="installing-from-other-distro.section.xml" /> <xi:include href="installing-behind-a-proxy.section.xml" /> diff --git a/nixos/doc/manual/release-notes/rl-2211.section.md b/nixos/doc/manual/release-notes/rl-2211.section.md index 1a14885ed8c3..50bf15ca197d 100644 --- a/nixos/doc/manual/release-notes/rl-2211.section.md +++ b/nixos/doc/manual/release-notes/rl-2211.section.md @@ -50,6 +50,9 @@ In addition to numerous new and upgraded packages, this release has the followin - PHP 7.4 is no longer supported due to upstream not supporting this version for the entire lifecycle of the 22.11 release. +- (Neo)Vim can not be configured with `configure.pathogen` anymore to reduce maintainance burden. +Use `configure.packages` instead. + <!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. --> ## Other Notable Changes {#sec-release-22.11-notable-changes} diff --git a/nixos/modules/installer/kexec/kexec-boot.nix b/nixos/modules/installer/kexec/kexec-boot.nix deleted file mode 100644 index 2d062214efc2..000000000000 --- a/nixos/modules/installer/kexec/kexec-boot.nix +++ /dev/null @@ -1,51 +0,0 @@ -# This module exposes a config.system.build.kexecBoot attribute, -# which returns a directory with kernel, initrd and a shell script -# running the necessary kexec commands. - -# It's meant to be scp'ed to a machine with working ssh and kexec binary -# installed. - -# This is useful for (cloud) providers where you can't boot a custom image, but -# get some Debian or Ubuntu installation. - -{ pkgs -, modulesPath -, config -, ... -}: -{ - imports = [ - (modulesPath + "/installer/netboot/netboot-minimal.nix") - ]; - - config = { - system.build.kexecBoot = - let - kexecScript = pkgs.writeScript "kexec-boot" '' - #!/usr/bin/env bash - if ! kexec -v >/dev/null 2>&1; then - echo "kexec not found: please install kexec-tools" 2>&1 - exit 1 - fi - SCRIPT_DIR=$( cd -- "$( dirname -- "''${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) - kexec --load ''${SCRIPT_DIR}/bzImage \ - --initrd=''${SCRIPT_DIR}/initrd.gz \ - --command-line "init=${config.system.build.toplevel}/init ${toString config.boot.kernelParams}" - kexec -e - ''; in - pkgs.linkFarm "kexec-tree" [ - { - name = "initrd.gz"; - path = "${config.system.build.netbootRamdisk}/initrd"; - } - { - name = "bzImage"; - path = "${config.system.build.kernel}/${config.system.boot.loader.kernelFile}"; - } - { - name = "kexec-boot"; - path = kexecScript; - } - ]; - }; -} diff --git a/nixos/modules/installer/netboot/netboot.nix b/nixos/modules/installer/netboot/netboot.nix index a459e7304cd4..3127bdc436f9 100644 --- a/nixos/modules/installer/netboot/netboot.nix +++ b/nixos/modules/installer/netboot/netboot.nix @@ -101,6 +101,37 @@ with lib; boot ''; + # A script invoking kexec on ./bzImage and ./initrd.gz. + # Usually used through system.build.kexecTree, but exposed here for composability. + system.build.kexecScript = pkgs.writeScript "kexec-boot" '' + #!/usr/bin/env bash + if ! kexec -v >/dev/null 2>&1; then + echo "kexec not found: please install kexec-tools" 2>&1 + exit 1 + fi + SCRIPT_DIR=$( cd -- "$( dirname -- "''${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) + kexec --load ''${SCRIPT_DIR}/bzImage \ + --initrd=''${SCRIPT_DIR}/initrd.gz \ + --command-line "init=${config.system.build.toplevel}/init ${toString config.boot.kernelParams}" + kexec -e + ''; + + # A tree containing initrd.gz, bzImage and a kexec-boot script. + system.build.kexecTree = pkgs.linkFarm "kexec-tree" [ + { + name = "initrd.gz"; + path = "${config.system.build.netbootRamdisk}/initrd"; + } + { + name = "bzImage"; + path = "${config.system.build.kernel}/${config.system.boot.loader.kernelFile}"; + } + { + name = "kexec-boot"; + path = config.system.build.kexecScript; + } + ]; + boot.loader.timeout = 10; boot.postBootCommands = diff --git a/nixos/modules/services/audio/mpd.nix b/nixos/modules/services/audio/mpd.nix index 586b9ffa6888..11733d99fca6 100644 --- a/nixos/modules/services/audio/mpd.nix +++ b/nixos/modules/services/audio/mpd.nix @@ -215,6 +215,7 @@ in { systemd.sockets.mpd = mkIf cfg.startWhenNeeded { wantedBy = [ "sockets.target" ]; listenStreams = [ + "" # Note: this is needed to override the upstream unit (if pkgs.lib.hasPrefix "/" cfg.network.listenAddress then cfg.network.listenAddress else "${optionalString (cfg.network.listenAddress != "any") "${cfg.network.listenAddress}:"}${toString cfg.network.port}") diff --git a/nixos/modules/services/databases/openldap.nix b/nixos/modules/services/databases/openldap.nix index 1967a2371bdd..d80d1b07b97c 100644 --- a/nixos/modules/services/databases/openldap.nix +++ b/nixos/modules/services/databases/openldap.nix @@ -312,6 +312,7 @@ in { "-h" (lib.concatStringsSep " " cfg.urlList) ]); Type = "notify"; + NotifyAccess = "all"; PIDFile = cfg.settings.attrs.olcPidFile; }; }; diff --git a/nixos/modules/services/monitoring/grafana.nix b/nixos/modules/services/monitoring/grafana.nix index 497d46741381..68b4796f4f4e 100644 --- a/nixos/modules/services/monitoring/grafana.nix +++ b/nixos/modules/services/monitoring/grafana.nix @@ -124,6 +124,11 @@ let default = 1; description = "Org id. will default to orgId 1 if not specified."; }; + uid = mkOption { + type = types.nullOr types.str; + default = null; + description = "Custom UID which can be used to reference this datasource in other parts of the configuration, if not specified will be generated automatically."; + }; url = mkOption { type = types.str; description = "Url of the datasource."; diff --git a/nixos/modules/services/monitoring/prometheus/exporters/wireguard.nix b/nixos/modules/services/monitoring/prometheus/exporters/wireguard.nix index d4aa69629ec8..2d329a1af1cb 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters/wireguard.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters/wireguard.nix @@ -57,9 +57,9 @@ in { ${pkgs.prometheus-wireguard-exporter}/bin/prometheus_wireguard_exporter \ -p ${toString cfg.port} \ -l ${cfg.listenAddress} \ - ${optionalString cfg.verbose "-v"} \ - ${optionalString cfg.singleSubnetPerField "-s"} \ - ${optionalString cfg.withRemoteIp "-r"} \ + ${optionalString cfg.verbose "-v true"} \ + ${optionalString cfg.singleSubnetPerField "-s true"} \ + ${optionalString cfg.withRemoteIp "-r true"} \ ${optionalString (cfg.wireguardConfig != null) "-n ${escapeShellArg cfg.wireguardConfig}"} ''; RestrictAddressFamilies = [ diff --git a/nixos/modules/services/networking/wpa_supplicant.nix b/nixos/modules/services/networking/wpa_supplicant.nix index c2e1d37e28bf..5a7975ae1782 100644 --- a/nixos/modules/services/networking/wpa_supplicant.nix +++ b/nixos/modules/services/networking/wpa_supplicant.nix @@ -114,7 +114,7 @@ let script = '' - ${optionalString configIsGenerated '' + ${optionalString (configIsGenerated && !cfg.allowAuxiliaryImperativeNetworks) '' if [ -f /etc/wpa_supplicant.conf ]; then echo >&2 "<3>/etc/wpa_supplicant.conf present but ignored. Generated ${configFile} is used instead." fi diff --git a/nixos/modules/system/boot/systemd.nix b/nixos/modules/system/boot/systemd.nix index 679c5210a6b3..645fbc2b713a 100644 --- a/nixos/modules/system/boot/systemd.nix +++ b/nixos/modules/system/boot/systemd.nix @@ -8,8 +8,6 @@ let cfg = config.systemd; - systemd = cfg.package; - inherit (systemdUtils.lib) generateUnits targetToUnit @@ -439,7 +437,7 @@ in system.build.units = cfg.units; - system.nssModules = [ systemd.out ]; + system.nssModules = [ cfg.package.out ]; system.nssDatabases = { hosts = (mkMerge [ (mkOrder 400 ["mymachines"]) # 400 to ensure it comes before resolve (which is mkBefore'd) @@ -453,7 +451,7 @@ in ]); }; - environment.systemPackages = [ systemd ]; + environment.systemPackages = [ cfg.package ]; environment.etc = let # generate contents for /etc/systemd/system-${type} from attrset of links and packages diff --git a/nixos/release.nix b/nixos/release.nix index e0d782bcaec3..beafdf9ff5bc 100644 --- a/nixos/release.nix +++ b/nixos/release.nix @@ -151,6 +151,13 @@ in rec { # Build the initial ramdisk so Hydra can keep track of its size over time. initialRamdisk = buildFromConfig ({ ... }: { }) (config: config.system.build.initialRamdisk); + kexec = forMatchingSystems supportedSystems (system: (import lib/eval-config.nix { + inherit system; + modules = [ + ./modules/installer/netboot/netboot-minimal.nix + ]; + }).config.system.build.kexecTree); + netboot = forMatchingSystems supportedSystems (system: makeNetboot { module = ./modules/installer/netboot/netboot-minimal.nix; inherit system; diff --git a/nixos/tests/jellyfin.nix b/nixos/tests/jellyfin.nix index 4ac378699637..7d3097b58629 100644 --- a/nixos/tests/jellyfin.nix +++ b/nixos/tests/jellyfin.nix @@ -52,18 +52,18 @@ import ./make-test-python.nix ({ lib, pkgs, ... }: machine.succeed(api_post("/Startup/Complete")) with machine.nested("Can login"): - auth_result = machine.succeed( + auth_result_str = machine.succeed( api_post( "/Users/AuthenticateByName", "${payloads.auth}", ) ) - auth_result = json.loads(auth_result) + auth_result = json.loads(auth_result_str) auth_token = auth_result["AccessToken"] auth_header += f", Token={auth_token}" - sessions_result = machine.succeed(api_get("/Sessions")) - sessions_result = json.loads(sessions_result) + sessions_result_str = machine.succeed(api_get("/Sessions")) + sessions_result = json.loads(sessions_result_str) this_session = [ session for session in sessions_result if session["DeviceId"] == "1337" @@ -71,8 +71,8 @@ import ./make-test-python.nix ({ lib, pkgs, ... }: if len(this_session) != 1: raise Exception("Session not created") - me = machine.succeed(api_get("/Users/Me")) - me = json.loads(me)["Id"] + me_str = machine.succeed(api_get("/Users/Me")) + me = json.loads(me_str)["Id"] with machine.nested("Can add library"): tempdir = machine.succeed("mktemp -d -p /var/lib/jellyfin").strip() @@ -100,8 +100,8 @@ import ./make-test-python.nix ({ lib, pkgs, ... }: def is_refreshed(_): - folders = machine.succeed(api_get("/Library/VirtualFolders")) - folders = json.loads(folders) + folders_str = machine.succeed(api_get("/Library/VirtualFolders")) + folders = json.loads(folders_str) print(folders) return all(folder["RefreshStatus"] == "Idle" for folder in folders) @@ -116,10 +116,10 @@ import ./make-test-python.nix ({ lib, pkgs, ... }: def has_movie(_): global items - items = machine.succeed( + items_str = machine.succeed( api_get(f"/Users/{me}/Items?IncludeItemTypes=Movie&Recursive=true") ) - items = json.loads(items)["Items"] + items = json.loads(items_str)["Items"] return len(items) == 1 @@ -127,8 +127,8 @@ import ./make-test-python.nix ({ lib, pkgs, ... }: video = items[0]["Id"] - item_info = machine.succeed(api_get(f"/Users/{me}/Items/{video}")) - item_info = json.loads(item_info) + item_info_str = machine.succeed(api_get(f"/Users/{me}/Items/{video}")) + item_info = json.loads(item_info_str) if item_info["Name"] != "Big Buck Bunny": raise Exception("Jellyfin failed to properly identify file") diff --git a/nixos/tests/kernel-generic.nix b/nixos/tests/kernel-generic.nix index 1e60198abdd0..5e6682d1045d 100644 --- a/nixos/tests/kernel-generic.nix +++ b/nixos/tests/kernel-generic.nix @@ -31,6 +31,7 @@ let linux_5_10_hardened linux_5_15_hardened linux_5_17_hardened + linux_5_18_hardened linux_testing; }; diff --git a/nixos/tests/kexec.nix b/nixos/tests/kexec.nix index 7238a9f58e09..3f5a6f521af0 100644 --- a/nixos/tests/kexec.nix +++ b/nixos/tests/kexec.nix @@ -18,8 +18,7 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: { virtualisation.vlans = [ ]; environment.systemPackages = [ pkgs.hello ]; imports = [ - "${modulesPath}/installer/kexec/kexec-boot.nix" - "${modulesPath}/profiles/minimal.nix" + "${modulesPath}/installer/netboot/netboot-minimal.nix" ]; }; }; @@ -33,14 +32,14 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: { node1.connect() node1.wait_for_unit("multi-user.target") - # Check if the machine with kexec-boot.nix profile boots up + # Check if the machine with netboot-minimal.nix profile boots up node2.wait_for_unit("multi-user.target") node2.shutdown() # Kexec node1 to the toplevel of node2 via the kexec-boot script node1.succeed('touch /run/foo') node1.fail('hello') - node1.execute('${nodes.node2.config.system.build.kexecBoot}/kexec-boot', check_return=False) + node1.execute('${nodes.node2.config.system.build.kexecTree}/kexec-boot', check_return=False) node1.succeed('! test -e /run/foo') node1.succeed('hello') node1.succeed('[ "$(hostname)" = "node2" ]') diff --git a/nixos/tests/terminal-emulators.nix b/nixos/tests/terminal-emulators.nix index 6ea0f1c18725..c724608b9155 100644 --- a/nixos/tests/terminal-emulators.nix +++ b/nixos/tests/terminal-emulators.nix @@ -197,6 +197,7 @@ in mapAttrs (name: { pkg, executable ? name, cmd ? "SHELL=$command ${executable} with subtest("have the terminal display a colour"): # We run this command in the background + assert machine.shell is not None machine.shell.send(b"(run-in-this-term display-colour |& systemd-cat -t terminal) &\n") with machine.nested("Waiting for the screen to have pink on it:"): |