| Age | Commit message (Collapse) | Author |
|---|
|
DefaultBlockIOAccounting=yes is set twice in the same file, remove one
copy.
|
|
Dropbear lags behind OpenSSH significantly in both support for modern
key formats like `ssh-ed25519`, let alone the recently-introduced
U2F/FIDO2-based `sk-ssh-ed25519@openssh.com` (as I found when I switched
my `authorizedKeys` over to it and promptly locked myself out of my
server's initrd SSH, breaking reboots), as well as security features
like multiprocess isolation. Using the same SSH daemon for stage-1 and
the main system ensures key formats will always remain compatible, as
well as more conveniently allowing the sharing of configuration and
host keys.
The main reason to use Dropbear over OpenSSH would be initrd space
concerns, but NixOS initrds are already large (17 MiB currently on my
server), and the size difference between the two isn't huge (the test's
initrd goes from 9.7 MiB to 12 MiB with this change). If the size is
still a problem, then it would be easy to shrink sshd down to a few
hundred kilobytes by using an initrd-specific build that uses musl and
disables things like Kerberos support.
This passes the test and works on my server, but more rigorous testing
and review from people who use initrd SSH would be appreciated!
|
|
`$toplevel/system` of a system closure with `x86_64` kernel and `i686` userland should contain "x86_64-linux".
If `$toplevel/system` contains "i686-linux", the closure will be run using `qemu-system-i386`, which is able to run `x86_64` kernel on most Intel CPU, but fails on AMD.
So this fix is for a rare case of `x86_64` kernel + `i686` userland + AMD CPU
|
|
systemd-networkd
This mirrors the behaviour of systemd - It's udev that parses `.link`
files, not `systemd-networkd`.
This was originally applied in 36ef112a477034fc6d1d9170bf1bcda0140a8d1d,
but was reverted due to 1115959a8d4d73ad73341563dc8bbf52230a281e causing
evaluation errors on hydra.
|
|
nixos/boot: add option to disable initrd
|
|
...even when networkd is disabled
This reverts commit ce78f3ac701017008aa7f1db387b871b7ae65e01, reversing
changes made to dc34da0755b3c36469965659c0ee4a1337e81c05.
I'm sorry; Hydra has been unable to evaluate, always returning
> error: unexpected EOF reading a line
and I've been unable to reproduce the problem locally. Bisecting
pointed to this merge, but I still can't see what exactly was wrong.
|
|
nixos/activation: propagate system to nested configurations
|
|
systemd-networkd
This mirrors the behaviour of systemd - It's udev that parses `.link`
files, not `systemd-networkd`.
|
|
switch-to-configuration: Add new option X-OnlyManualStart
|
|
This is to facilitate units that should _only_ be manually started and
not activated when a configuration is switched to.
More specifically this is to be used by the new Nixops deploy-*
targets created in https://github.com/NixOS/nixops/pull/1245 that are
triggered by Nixops before/after switch-to-configuration is called.
|
|
|
|
This avoids a possible surprise if the user is using `nixpkgs.system`
and `nesting.children`. `nesting.children` is expected to ignore all
parent configuration so we shouldn't propagate the user-facing option
`nixpkgs.system`. To avoid doing so, we introduce a new internal
option for holding the value passed to eval-config.nix, and use that
when recursing for nesting.
|
|
nixos/networkd: add RoutingPolicyRules-related options
|
|
nixos/stage-1: fix predictable interface names in initrd
|
|
|
|
|
|
The current behavior lets `system` default to
`builtins.currentSystem`. The system value specified to
`eval-config.nix` has very low precedence, so this should compose
properly.
Fixes #80806
|
|
This expands the example to something one might actually want to use
to set up a serial console.
|
|
|
|
Deprecate the boot.vesa option
|
|
nixos/grub: make memtest work with EFI
|
|
As outlined in #71447, postCommands should always be run if networking
in initrd is enabled. regardless if the configuration actually
succeeded.
|
|
This apparently has features that the version from Arch's
mkinitcpio-nfs-utils does not have. Fixes #75314.
|
|
Depending on the network management backend being used, if the interface
configuration in stage 1 is not cleared, there might still be some old
addresses or routes from stage 1 present in stage 2 after network
configuration has finished.
|
|
This makes predictable interfaces names available as soon as possible
with udev by adding the default network link units to initrd which are read
by udev. Also adds some udev rules that are needed but which would normally
loaded from the udev store path which is not included in the initrd.
|
|
nixos/systemd: add an option to suppress system units
|
|
In 87a19e9048773d5a363679617406ad148d36c3b8 I merged staging-next into master using the GitHub gui as intended.
In ac241fb7a570d6cf81d229ad22a8889602639160 I merged master into staging-next for the next staging cycle, however, I accidentally pushed it to master.
Thinking this may cause trouble, I reverted it in 0be87c79797a5fa384fbc356c74ed54f9f7829ea. This was however wrong, as it "removed" master.
This reverts commit 0be87c79797a5fa384fbc356c74ed54f9f7829ea.
|
|
I merged master into staging-next but accidentally pushed it to master.
This should get us back to 87a19e9048773d5a363679617406ad148d36c3b8.
This reverts commit ac241fb7a570d6cf81d229ad22a8889602639160, reversing
changes made to 76a439239eb310d9ad76d998b34d5d3bc0e37acb.
|
|
use overlayfs by default for netboot and iso
|
|
|
|
Memtest86+ doesn't support EFI, so unfree Memtest86 is used when EFI
support is enabled (systemd-boot currently also uses Memtest86 when
memtest is enabled).
|
|
Fix boot.loader.grub.extraFiles when used with mirroredBoots
|
|
Substitute @bootPath@ in boot.loader.grub.extraPrepareConfig script
same way as it's done for boot.loader.grub.extraEntries option.
|
|
|
|
This reverts commit af665d822a166ae62547c1c310207f11acaded17, see
https://github.com/NixOS/nixpkgs/pull/78798#issuecomment-580059834 for
the reasons in a similar PR.
|
|
This reverts commit 45db499d2de2235388212a911b8344b58ddfda36.
|
|
nixos/networkd: mark `units` option as internal
|
|
nixos/networkd: add vrfConfig option for netdevs, add simple test
|
|
add config.environment.ld-linux
|
|
nixos/systemd: add all systemd tmpfiles files
|
|
|
|
Especially tmp.conf is important to create /tmp and /var/tmp with the correct
permissions.
|
|
|
|
|
|
systemd-networkd: add configuration for XFRM interfaces
|
|
|
|
In some cases like we've noticed in https://github.com/NixOS/nixpkgs/issues/76169,
having duplicate packages in systemd.packages like
```
systemd.packages = [ gnome-shell gnome-shell gnome-session ];
```
breaks.
Here we use an associative array to ensure no
duplicate paths when we symlink all the units listed
in systemd.packages.
|
|
nixos/systemd: Explicitly put default path packages after others
|
|
|
|
This fixes the dhcpcd issue in https://github.com/NixOS/nixpkgs/issues/76969,
which was exposed by https://github.com/NixOS/nixpkgs/pull/75031
introducing changes in the module ordering and therefore option ordering
too.
The dhcpcd issue would also be fixable by explicitly putting
dhcpcd's paths before others, however it makes more sense for systemd's
default paths to be after all others by default, since they should only
be a fallback, which is how binary finding will work if they come after.
|
