ghostfox/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

push sheeet
Some checks failed
Periodic Merges (6h) / master → staging-nixos (push) Failing after 12m50s
Details
Periodic Merges (6h) / master → staging-next (push) Failing after 12m54s
Details
Periodic Merges (24h) / merge-base(master,staging) → haskell-updates (push) Failing after 11m54s
Details
Periodic Merges (6h) / staging-next → staging (push) Failing after 12m13s
Details
Periodic Merges (24h) / staging-next-25.05 → staging-25.05 (push) Failing after 13m24s
Details
Periodic Merges (24h) / release-25.05 → staging-next-25.05 (push) Failing after 14m28s
Details

Browse Source
This commit is contained in:
Dark Steveneq
2025-10-09 14:15:47 +02:00
commit 646b892680
49168 changed files with 5897842 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

72
nixos/modules/installer/cd-dvd/channel.nix Normal file
View File

@@ -0,0 +1,72 @@
# Provide an initial copy of the NixOS channel so that the user
# doesn't need to run "nix-channel --update" first.
{
config,
lib,
pkgs,
...
}:
let
# This is copied into the installer image, so it's important that it is filtered
# to avoid including a large .git directory.
# We also want the source name to be normalised to "source" to avoid depending on the
# location of nixpkgs.
# In the future we might want to expose the ISO image from the flake and use
# `self.outPath` directly instead.
nixpkgs = lib.cleanSource pkgs.path;
# We need a copy of the Nix expressions for Nixpkgs and NixOS on the
# CD. These are installed into the "nixos" channel of the root
# user, as expected by nixos-rebuild/nixos-install. FIXME: merge
# with make-channel.nix.
channelSources =
pkgs.runCommand "nixos-${config.system.nixos.version}" { preferLocalBuild = true; }
''
mkdir -p $out
cp -prd ${nixpkgs.outPath} $out/nixos
chmod -R u+w $out/nixos
if [ ! -e $out/nixos/nixpkgs ]; then
ln -s . $out/nixos/nixpkgs
fi
${lib.optionalString (config.system.nixos.revision != null) ''
echo -n ${config.system.nixos.revision} > $out/nixos/.git-revision
''}
echo -n ${config.system.nixos.versionSuffix} > $out/nixos/.version-suffix
echo ${config.system.nixos.versionSuffix} | sed -e s/pre// > $out/nixos/svn-revision
'';
in
{
options.system.installer.channel.enable =
(lib.mkEnableOption "bundling NixOS/Nixpkgs channel in the installer")
// {
default = true;
};
config = lib.mkIf config.system.installer.channel.enable {
# Pin the nixpkgs flake in the installer to our cleaned up nixpkgs source.
# FIXME: this might be surprising and is really only needed for offline installations,
# see discussion in https://github.com/NixOS/nixpkgs/pull/204178#issuecomment-1336289021
nix.registry.nixpkgs.to = {
type = "path";
path = "${channelSources}/nixos";
};
# Provide the NixOS/Nixpkgs sources in /etc/nixos. This is required
# for nixos-install.
boot.postBootCommands = lib.mkAfter ''
if ! [ -e /var/lib/nixos/did-channel-init ]; then
echo "unpacking the NixOS/Nixpkgs sources..."
mkdir -p /nix/var/nix/profiles/per-user/root
${config.nix.package.out}/bin/nix-env -p /nix/var/nix/profiles/per-user/root/channels \
-i ${channelSources} --quiet --option build-use-substitutes false \
${lib.optionalString config.boot.initrd.systemd.enable "--option sandbox false"} # There's an issue with pivot_root
mkdir -m 0700 -p /root/.nix-defexpr
ln -s /nix/var/nix/profiles/per-user/root/channels /root/.nix-defexpr/channels
mkdir -m 0755 -p /var/lib/nixos
touch /var/lib/nixos/did-channel-init
fi
'';
};
}

57
nixos/modules/installer/cd-dvd/installation-cd-base.nix Normal file
View File

@@ -0,0 +1,57 @@
# This module contains the basic configuration for building a NixOS
# installation CD.
{
config,
lib,
options,
pkgs,
...
}:
{
imports = [
./iso-image.nix
# Profiles of this basic installation CD.
../../profiles/base.nix
../../profiles/installation-device.nix
];
hardware.enableAllHardware = true;
# Adds terminus_font for people with HiDPI displays
console.packages = options.console.packages.default ++ [ pkgs.terminus_font ];
# EFI booting
isoImage.makeEfiBootable = true;
# USB booting
isoImage.makeUsbBootable = true;
# Add Memtest86+ to the CD.
boot.loader.grub.memtest86.enable = true;
# An installation media cannot tolerate a host config defined file
# system layout on a fresh machine, before it has been formatted.
swapDevices = lib.mkImageMediaOverride [ ];
fileSystems = lib.mkImageMediaOverride config.lib.isoFileSystems;
boot.initrd.luks.devices = lib.mkImageMediaOverride { };
boot.postBootCommands = ''
for o in $(</proc/cmdline); do
case "$o" in
live.nixos.passwd=*)
set -- $(IFS==; echo $o)
echo "nixos:$2" | ${pkgs.shadow}/bin/chpasswd
;;
esac
done
'';
environment.defaultPackages = with pkgs; [
rsync
];
programs.git.enable = lib.mkDefault true;
system.stateVersion = lib.mkDefault lib.trivial.release;
}

56
nixos/modules/installer/cd-dvd/installation-cd-graphical-base.nix Normal file
View File

@@ -0,0 +1,56 @@
# This module contains the basic configuration for building a graphical NixOS
# installation CD.
{ lib, pkgs, ... }:
{
imports = [ ./installation-cd-base.nix ];
# Whitelist wheel users to do anything
# This is useful for things like pkexec
#
# WARNING: this is dangerous for systems
# outside the installation-cd and shouldn't
# be used anywhere else.
security.polkit.extraConfig = ''
polkit.addRule(function(action, subject) {
if (subject.isInGroup("wheel")) {
return polkit.Result.YES;
}
});
'';
services.xserver.enable = true;
# KDE complains if power management is disabled (to be precise, if
# there is no power management backend such as upower).
powerManagement.enable = true;
# VM guest additions to improve host-guest interaction
services.spice-vdagentd.enable = true;
services.qemuGuest.enable = true;
virtualisation.vmware.guest.enable = pkgs.stdenv.hostPlatform.isx86;
# https://github.com/torvalds/linux/blob/00b827f0cffa50abb6773ad4c34f4cd909dae1c8/drivers/hv/Kconfig#L7-L8
virtualisation.hypervGuest.enable =
pkgs.stdenv.hostPlatform.isx86 || pkgs.stdenv.hostPlatform.isAarch64;
services.xe-guest-utilities.enable = pkgs.stdenv.hostPlatform.isx86;
# The VirtualBox guest additions rely on an out-of-tree kernel module
# which lags behind kernel releases, potentially causing broken builds.
virtualisation.virtualbox.guest.enable = false;
# Enable plymouth
boot.plymouth.enable = true;
environment.defaultPackages = with pkgs; [
# Include gparted for partitioning disks.
gparted
# Include some editors.
vim
nano
# Firefox for reading the manual.
firefox
mesa-demos
];
}

53
nixos/modules/installer/cd-dvd/installation-cd-graphical-calamares-gnome.nix Normal file
View File

@@ -0,0 +1,53 @@
# This module defines a NixOS installation CD that contains GNOME.
{ lib, pkgs, ... }:
{
imports = [ ./installation-cd-graphical-calamares.nix ];
isoImage.edition = lib.mkDefault "gnome";
services.desktopManager.gnome = {
# Add Firefox and other tools useful for installation to the launcher
favoriteAppsOverride = ''
[org.gnome.shell]
favorite-apps=[ 'firefox.desktop', 'nixos-manual.desktop', 'org.gnome.Console.desktop', 'org.gnome.Nautilus.desktop', 'gparted.desktop', 'calamares.desktop' ]
'';
# Override GNOME defaults to disable GNOME tour and disable suspend
extraGSettingsOverrides = ''
[org.gnome.shell]
welcome-dialog-last-shown-version='9999999999'
[org.gnome.desktop.session]
idle-delay=0
[org.gnome.settings-daemon.plugins.power]
sleep-inactive-ac-type='nothing'
sleep-inactive-battery-type='nothing'
'';
extraGSettingsOverridePackages = [ pkgs.gnome-settings-daemon ];
enable = true;
};
# Fix scaling for calamares on wayland
environment.variables = {
QT_QPA_PLATFORM = "$([[ $XDG_SESSION_TYPE = \"wayland\" ]] && echo \"wayland\")";
};
services.displayManager.gdm = {
enable = true;
# autoSuspend makes the machine automatically suspend after inactivity.
# It's possible someone could/try to ssh'd into the machine and obviously
# have issues because it's inactive.
# See:
# * https://github.com/NixOS/nixpkgs/pull/63790
# * https://gitlab.gnome.org/GNOME/gnome-control-center/issues/22
autoSuspend = false;
};
services.displayManager.autoLogin = {
enable = true;
user = "nixos";
};
}

58
nixos/modules/installer/cd-dvd/installation-cd-graphical-calamares-plasma6.nix Normal file
View File

@@ -0,0 +1,58 @@
# This module defines a NixOS installation CD that contains Plasma 6.
{ lib, pkgs, ... }:
{
imports = [ ./installation-cd-graphical-calamares.nix ];
isoImage.edition = lib.mkDefault "plasma6";
services.desktopManager.plasma6.enable = true;
# Automatically login as nixos.
services.displayManager = {
sddm.enable = true;
autoLogin = {
enable = true;
user = "nixos";
};
};
environment.systemPackages = [
# FIXME: using Qt5 builds of Maliit as upstream has not ported to Qt6 yet
pkgs.maliit-framework
pkgs.maliit-keyboard
];
environment.plasma6.excludePackages = [
# Optional wallpapers that add 126 MiB to the graphical installer
# closure. They will still need to be downloaded when installing a
# Plasma system, though.
pkgs.kdePackages.plasma-workspace-wallpapers
];
# Avoid bundling an entire MariaDB installation on the ISO.
programs.kde-pim.enable = false;
system.activationScripts.installerDesktop =
let
# Comes from documentation.nix when xserver and nixos.enable are true.
manualDesktopFile = "/run/current-system/sw/share/applications/nixos-manual.desktop";
homeDir = "/home/nixos/";
desktopDir = homeDir + "Desktop/";
in
''
mkdir -p ${desktopDir}
chown nixos ${homeDir} ${desktopDir}
ln -sfT ${manualDesktopFile} ${desktopDir + "nixos-manual.desktop"}
ln -sfT ${pkgs.gparted}/share/applications/gparted.desktop ${desktopDir + "gparted.desktop"}
ln -sfT ${pkgs.calamares-nixos}/share/applications/calamares.desktop ${
desktopDir + "calamares.desktop"
}
'';
}

28
nixos/modules/installer/cd-dvd/installation-cd-graphical-calamares.nix Normal file
View File

@@ -0,0 +1,28 @@
# This module adds the calamares installer to the basic graphical NixOS
# installation CD.
{ pkgs, ... }:
let
calamares-nixos-autostart = pkgs.makeAutostartItem {
name = "calamares";
package = pkgs.calamares-nixos;
};
in
{
imports = [ ./installation-cd-graphical-base.nix ];
# required for kpmcore to work correctly
programs.partition-manager.enable = true;
environment.systemPackages = with pkgs; [
# Calamares for graphical installation
calamares-nixos
calamares-nixos-autostart
calamares-nixos-extensions
# Get list of locales
glibcLocales
];
# Support choosing from any locale
i18n.supportedLocales = [ "all" ];
}

52
nixos/modules/installer/cd-dvd/installation-cd-graphical-combined.nix Normal file
View File

@@ -0,0 +1,52 @@
# This configuration uses a specialisation for each desired boot
# configuration, and a common parent configuration for all of them
# that's hidden. This allows users to import this module alongside
# their own and get the full array of specialisations inheriting the
# users' settings.
{ lib, ... }:
{
imports = [ ./installation-cd-base.nix ];
isoImage.edition = "graphical";
isoImage.showConfiguration = lib.mkDefault false;
specialisation = {
gnome.configuration =
{ config, ... }:
{
imports = [ ./installation-cd-graphical-calamares-gnome.nix ];
isoImage.showConfiguration = true;
isoImage.configurationName = "GNOME (Linux LTS)";
};
gnome_latest_kernel.configuration =
{ config, ... }:
{
imports = [
./installation-cd-graphical-calamares-gnome.nix
./latest-kernel.nix
];
isoImage.showConfiguration = true;
isoImage.configurationName = "GNOME (Linux ${config.boot.kernelPackages.kernel.version})";
};
plasma.configuration =
{ config, ... }:
{
imports = [ ./installation-cd-graphical-calamares-plasma6.nix ];
isoImage.showConfiguration = true;
isoImage.configurationName = "Plasma (Linux LTS)";
};
plasma_latest_kernel.configuration =
{ config, ... }:
{
imports = [
./installation-cd-graphical-calamares-plasma6.nix
./latest-kernel.nix
];
isoImage.showConfiguration = true;
isoImage.configurationName = "Plasma (Linux ${config.boot.kernelPackages.kernel.version})";
};
};
}

34
nixos/modules/installer/cd-dvd/installation-cd-graphical-gnome.nix Normal file
View File

@@ -0,0 +1,34 @@
# This module defines a NixOS installation CD that contains GNOME.
{ lib, ... }:
{
imports = [ ./installation-cd-graphical-base.nix ];
isoImage.edition = lib.mkDefault "gnome";
services.desktopManager.gnome = {
# Add Firefox and other tools useful for installation to the launcher
favoriteAppsOverride = ''
[org.gnome.shell]
favorite-apps=[ 'firefox.desktop', 'nixos-manual.desktop', 'org.gnome.Terminal.desktop', 'org.gnome.Nautilus.desktop', 'gparted.desktop' ]
'';
enable = true;
};
services.displayManager.gdm = {
enable = true;
# autoSuspend makes the machine automatically suspend after inactivity.
# It's possible someone could/try to ssh'd into the machine and obviously
# have issues because it's inactive.
# See:
# * https://github.com/NixOS/nixpkgs/pull/63790
# * https://gitlab.gnome.org/GNOME/gnome-control-center/issues/22
autoSuspend = false;
};
services.displayManager.autoLogin = {
enable = true;
user = "nixos";
};
}

14
nixos/modules/installer/cd-dvd/installation-cd-minimal-combined.nix Normal file
View File

@@ -0,0 +1,14 @@
{ lib, ... }:
{
imports = [ ./installation-cd-minimal.nix ];
isoImage.configurationName = lib.mkDefault "(Linux LTS)";
specialisation.latest_kernel.configuration =
{ config, ... }:
{
imports = [ ./latest-kernel.nix ];
isoImage.configurationName = "(Linux ${config.boot.kernelPackages.kernel.version})";
};
}

7
nixos/modules/installer/cd-dvd/installation-cd-minimal-new-kernel-no-zfs.nix Normal file
View File

@@ -0,0 +1,7 @@
{ lib, ... }:
{
imports = [ ./installation-cd-minimal-new-kernel.nix ];
boot.supportedFilesystems.zfs = lib.mkForce false;
}

7
nixos/modules/installer/cd-dvd/installation-cd-minimal-new-kernel.nix Normal file
View File

@@ -0,0 +1,7 @@
{ pkgs, ... }:
{
imports = [ ./installation-cd-minimal.nix ];
boot.kernelPackages = pkgs.linuxPackages_latest;
}

21
nixos/modules/installer/cd-dvd/installation-cd-minimal.nix Normal file
View File

@@ -0,0 +1,21 @@
# This module defines a small NixOS installation CD. It does not
# contain any graphical stuff.
{ lib, ... }:
{
imports = [
../../profiles/minimal.nix
./installation-cd-base.nix
];
documentation.man.enable = lib.mkOverride 500 true;
# Although we don't really need HTML documentation in the minimal installer,
# not including it may cause annoying cache misses in the case of the NixOS manual.
documentation.doc.enable = lib.mkOverride 500 true;
fonts.fontconfig.enable = lib.mkOverride 500 false;
isoImage.edition = lib.mkOverride 500 "minimal";
}

1069
nixos/modules/installer/cd-dvd/iso-image.nix Normal file
View File

File diff suppressed because it is too large Load Diff

9
nixos/modules/installer/cd-dvd/latest-kernel.nix Normal file
View File

@@ -0,0 +1,9 @@
{ lib, pkgs, ... }:
{
boot.kernelPackages = pkgs.linuxPackages_latest;
boot.supportedFilesystems.zfs = false;
environment.etc."nixos-generate-config.conf".text = ''
[Defaults]
Kernel=latest
'';
}

14
nixos/modules/installer/cd-dvd/sd-image-aarch64-new-kernel.nix Normal file
View File

@@ -0,0 +1,14 @@
{ config, ... }:
{
imports = [
../sd-card/sd-image-aarch64-new-kernel-installer.nix
];
config = {
warnings = [
''
.../cd-dvd/sd-image-aarch64-new-kernel.nix is deprecated and will eventually be removed.
Please switch to .../sd-card/sd-image-aarch64-new-kernel-installer.nix, instead.
''
];
};
}

14
nixos/modules/installer/cd-dvd/sd-image-aarch64.nix Normal file
View File

@@ -0,0 +1,14 @@
{ config, ... }:
{
imports = [
../sd-card/sd-image-aarch64-installer.nix
];
config = {
warnings = [
''
.../cd-dvd/sd-image-aarch64.nix is deprecated and will eventually be removed.
Please switch to .../sd-card/sd-image-aarch64-installer.nix, instead.
''
];
};
}

14
nixos/modules/installer/cd-dvd/sd-image-armv7l-multiplatform.nix Normal file
View File

@@ -0,0 +1,14 @@
{ config, ... }:
{
imports = [
../sd-card/sd-image-armv7l-multiplatform-installer.nix
];
config = {
warnings = [
''
.../cd-dvd/sd-image-armv7l-multiplatform.nix is deprecated and will eventually be removed.
Please switch to .../sd-card/sd-image-armv7l-multiplatform-installer.nix, instead.
''
];
};
}

14
nixos/modules/installer/cd-dvd/sd-image-raspberrypi.nix Normal file
View File

@@ -0,0 +1,14 @@
{ config, ... }:
{
imports = [
../sd-card/sd-image-raspberrypi-installer.nix
];
config = {
warnings = [
''
.../cd-dvd/sd-image-raspberrypi.nix is deprecated and will eventually be removed.
Please switch to .../sd-card/sd-image-raspberrypi-installer.nix, instead.
''
];
};
}

14
nixos/modules/installer/cd-dvd/sd-image.nix Normal file
View File

@@ -0,0 +1,14 @@
{ config, ... }:
{
imports = [
../sd-card/sd-image.nix
];
config = {
warnings = [
''
.../cd-dvd/sd-image.nix is deprecated and will eventually be removed.
Please switch to .../sd-card/sd-image.nix, instead.
''
];
};
}

16
nixos/modules/installer/netboot/netboot-base.nix Normal file
View File

@@ -0,0 +1,16 @@
# This module contains the basic configuration for building netboot
# images
{ lib, ... }:
{
imports = [
./netboot.nix
# Profiles of this basic netboot media
../../profiles/base.nix
../../profiles/installation-device.nix
];
hardware.enableAllHardware = true;
}

15
nixos/modules/installer/netboot/netboot-minimal.nix Normal file
View File

@@ -0,0 +1,15 @@
# This module defines a small netboot environment.
{ lib, ... }:
{
imports = [
./netboot-base.nix
../../profiles/minimal.nix
];
documentation.man.enable = lib.mkOverride 500 true;
hardware.enableRedistributableFirmware = lib.mkOverride 70 false;
system.extraDependencies = lib.mkOverride 70 [ ];
networking.networkmanager.enable = lib.mkOverride 500 false;
}

195
nixos/modules/installer/netboot/netboot.nix Normal file
View File

@@ -0,0 +1,195 @@
# This module creates netboot media containing the given NixOS
# configuration.
{
config,
lib,
pkgs,
modulesPath,
...
}:
with lib;
{
imports = [
../../image/file-options.nix
];
options = {
netboot.squashfsCompression = mkOption {
default = "zstd -Xcompression-level 19";
description = ''
Compression settings to use for the squashfs nix store.
'';
example = "zstd -Xcompression-level 6";
type = types.str;
};
netboot.storeContents = mkOption {
example = literalExpression "[ pkgs.stdenv ]";
description = ''
This option lists additional derivations to be included in the
Nix store in the generated netboot image.
'';
};
};
config = {
# Don't build the GRUB menu builder script, since we don't need it
# here and it causes a cyclic dependency.
boot.loader.grub.enable = false;
fileSystems."/" = mkImageMediaOverride {
fsType = "tmpfs";
options = [ "mode=0755" ];
};
# In stage 1, mount a tmpfs on top of /nix/store (the squashfs
# image) to make this a live CD.
fileSystems."/nix/.ro-store" = mkImageMediaOverride {
fsType = "squashfs";
device = "../nix-store.squashfs";
options = [
"loop"
]
++ lib.optional (config.boot.kernelPackages.kernel.kernelAtLeast "6.2") "threads=multi";
neededForBoot = true;
};
fileSystems."/nix/.rw-store" = mkImageMediaOverride {
fsType = "tmpfs";
options = [ "mode=0755" ];
neededForBoot = true;
};
fileSystems."/nix/store" = mkImageMediaOverride {
overlay = {
lowerdir = [ "/nix/.ro-store" ];
upperdir = "/nix/.rw-store/store";
workdir = "/nix/.rw-store/work";
};
neededForBoot = true;
};
boot.initrd.availableKernelModules = [
"squashfs"
"overlay"
];
boot.initrd.kernelModules = [
"loop"
"overlay"
];
# Closures to be copied to the Nix store, namely the init
# script and the top-level system configuration directory.
netboot.storeContents = [ config.system.build.toplevel ];
# Create the squashfs image that contains the Nix store.
system.build.squashfsStore = pkgs.callPackage ../../../lib/make-squashfs.nix {
storeContents = config.netboot.storeContents;
comp = config.netboot.squashfsCompression;
};
# Create the initrd
system.build.netbootRamdisk = pkgs.makeInitrdNG {
inherit (config.boot.initrd) compressor compressorArgs;
prepend = [ "${config.system.build.initialRamdisk}/initrd" ];
contents = [
{
source = config.system.build.squashfsStore;
target = "/nix-store.squashfs";
}
];
};
system.build.netbootIpxeScript = pkgs.writeTextDir "netboot.ipxe" ''
#!ipxe
# Use the cmdline variable to allow the user to specify custom kernel params
# when chainloading this script from other iPXE scripts like netboot.xyz
kernel ${pkgs.stdenv.hostPlatform.linux-kernel.target} init=${config.system.build.toplevel}/init initrd=initrd ${toString config.boot.kernelParams} ''${cmdline}
initrd initrd
boot
'';
# A script invoking kexec on ./bzImage and ./initrd.gz.
# Usually used through system.build.kexecTree, but exposed here for composability.
system.build.kexecScript = pkgs.writeScript "kexec-boot" ''
#!/usr/bin/env bash
if ! kexec -v >/dev/null 2>&1; then
echo "kexec not found: please install kexec-tools" 2>&1
exit 1
fi
SCRIPT_DIR=$( cd -- "$( dirname -- "''${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
kexec --load ''${SCRIPT_DIR}/bzImage \
--initrd=''${SCRIPT_DIR}/initrd.gz \
--command-line "init=${config.system.build.toplevel}/init ${toString config.boot.kernelParams}"
kexec -e
'';
# A tree containing initrd.gz, bzImage and a kexec-boot script.
system.build.kexecTree = pkgs.linkFarm "kexec-tree" [
{
name = "initrd.gz";
path = "${config.system.build.netbootRamdisk}/initrd";
}
{
name = "bzImage";
path = "${config.system.build.kernel}/${config.system.boot.loader.kernelFile}";
}
{
name = "kexec-boot";
path = config.system.build.kexecScript;
}
];
image.extension = "tar.xz";
image.filePath = "tarball/${config.image.fileName}";
system.nixos.tags = [ "kexec" ];
system.build.image = config.system.build.kexecTarball;
system.build.kexecTarball =
pkgs.callPackage "${toString modulesPath}/../lib/make-system-tarball.nix"
{
fileName = config.image.baseName;
storeContents = [
{
object = config.system.build.kexecScript;
symlink = "/kexec_nixos";
}
];
contents = [ ];
};
boot.loader.timeout = 10;
boot.postBootCommands = ''
# After booting, register the contents of the Nix store
# in the Nix database in the tmpfs.
${config.nix.package}/bin/nix-store --load-db < /nix/store/nix-path-registration
# nixos-rebuild also requires a "system" profile and an
# /etc/NIXOS tag.
touch /etc/NIXOS
${config.nix.package}/bin/nix-env -p /nix/var/nix/profiles/system --set /run/current-system
# Set password for user nixos if specified on cmdline
# Allows using nixos-anywhere in headless environments
for o in $(</proc/cmdline); do
case "$o" in
live.nixos.passwordHash=*)
set -- $(IFS==; echo $o)
${pkgs.gnugrep}/bin/grep -q "root::" /etc/shadow && ${pkgs.shadow}/bin/usermod -p "$2" root
;;
live.nixos.password=*)
set -- $(IFS==; echo $o)
${pkgs.gnugrep}/bin/grep -q "root::" /etc/shadow && echo "root:$2" | ${pkgs.shadow}/bin/chpasswd
;;
esac
done
'';
};
}

9
nixos/modules/installer/scan/detected.nix Normal file
View File

@@ -0,0 +1,9 @@
# List all devices which are detected by nixos-generate-config.
# Common devices are enabled by default.
{ lib, ... }:
{
config = lib.mkDefault {
# Common firmware, i.e. for wifi cards
hardware.enableRedistributableFirmware = true;
};
}

6
nixos/modules/installer/scan/not-detected.nix Normal file
View File

@@ -0,0 +1,6 @@
# Enables non-free firmware on devices not recognized by `nixos-generate-config`.
{ lib, ... }:
{
hardware.enableRedistributableFirmware = lib.mkDefault true;
}

10
nixos/modules/installer/sd-card/sd-image-aarch64-installer.nix Normal file
View File

@@ -0,0 +1,10 @@
{
imports = [
../../profiles/installation-device.nix
./sd-image-aarch64.nix
];
# the installation media is also the installation target,
# so we don't want to provide the installation configuration.nix.
installer.cloneConfig = false;
}

10
nixos/modules/installer/sd-card/sd-image-aarch64-new-kernel-installer.nix Normal file
View File

@@ -0,0 +1,10 @@
{
imports = [
../../profiles/installation-device.nix
./sd-image-aarch64-new-kernel.nix
];
# the installation media is also the installation target,
# so we don't want to provide the installation configuration.nix.
installer.cloneConfig = false;
}

7
nixos/modules/installer/sd-card/sd-image-aarch64-new-kernel-no-zfs-installer.nix Normal file
View File

@@ -0,0 +1,7 @@
{ lib, ... }:
{
imports = [ ./sd-image-aarch64-new-kernel-installer.nix ];
boot.supportedFilesystems.zfs = lib.mkForce false;
}

7
nixos/modules/installer/sd-card/sd-image-aarch64-new-kernel.nix Normal file
View File

@@ -0,0 +1,7 @@
{ pkgs, ... }:
{
imports = [ ./sd-image-aarch64.nix ];
boot.kernelPackages = pkgs.linuxPackages_latest;
}

103
nixos/modules/installer/sd-card/sd-image-aarch64.nix Normal file
View File

@@ -0,0 +1,103 @@
# To build, use:
# nix-build nixos -I nixos-config=nixos/modules/installer/sd-card/sd-image-aarch64.nix -A config.system.build.sdImage
{
config,
lib,
pkgs,
...
}:
{
imports = [
../../profiles/base.nix
./sd-image.nix
];
boot.loader.grub.enable = false;
boot.loader.generic-extlinux-compatible.enable = true;
boot.consoleLogLevel = lib.mkDefault 7;
# The serial ports listed here are:
# - ttyS0: for Tegra (Jetson TX1)
# - ttyAMA0: for QEMU's -machine virt
boot.kernelParams = [
"console=ttyS0,115200n8"
"console=ttyAMA0,115200n8"
"console=tty0"
];
sdImage = {
populateFirmwareCommands =
let
configTxt = pkgs.writeText "config.txt" ''
[pi3]
kernel=u-boot-rpi3.bin
# Otherwise the serial output will be garbled.
core_freq=250
[pi02]
kernel=u-boot-rpi3.bin
[pi4]
kernel=u-boot-rpi4.bin
enable_gic=1
armstub=armstub8-gic.bin
# Otherwise the resolution will be weird in most cases, compared to
# what the pi3 firmware does by default.
disable_overscan=1
# Supported in newer board revisions
arm_boost=1
[cm4]
# Enable host mode on the 2711 built-in XHCI USB controller.
# This line should be removed if the legacy DWC2 controller is required
# (e.g. for USB device mode) or if USB support is not required.
otg_mode=1
[all]
# Boot in 64-bit mode.
arm_64bit=1
# U-Boot needs this to work, regardless of whether UART is actually used or not.
# Look in arch/arm/mach-bcm283x/Kconfig in the U-Boot tree to see if this is still
# a requirement in the future.
enable_uart=1
# Prevent the firmware from smashing the framebuffer setup done by the mainline kernel
# when attempting to show low-voltage or overtemperature warnings.
avoid_warnings=1
'';
in
''
(cd ${pkgs.raspberrypifw}/share/raspberrypi/boot && cp bootcode.bin fixup*.dat start*.elf $NIX_BUILD_TOP/firmware/)
# Add the config
cp ${configTxt} firmware/config.txt
# Add pi3 specific files
cp ${pkgs.ubootRaspberryPi3_64bit}/u-boot.bin firmware/u-boot-rpi3.bin
cp ${pkgs.raspberrypifw}/share/raspberrypi/boot/bcm2710-rpi-2-b.dtb firmware/
cp ${pkgs.raspberrypifw}/share/raspberrypi/boot/bcm2710-rpi-3-b.dtb firmware/
cp ${pkgs.raspberrypifw}/share/raspberrypi/boot/bcm2710-rpi-3-b-plus.dtb firmware/
cp ${pkgs.raspberrypifw}/share/raspberrypi/boot/bcm2710-rpi-cm3.dtb firmware/
cp ${pkgs.raspberrypifw}/share/raspberrypi/boot/bcm2710-rpi-zero-2.dtb firmware/
cp ${pkgs.raspberrypifw}/share/raspberrypi/boot/bcm2710-rpi-zero-2-w.dtb firmware/
# Add pi4 specific files
cp ${pkgs.ubootRaspberryPi4_64bit}/u-boot.bin firmware/u-boot-rpi4.bin
cp ${pkgs.raspberrypi-armstubs}/armstub8-gic.bin firmware/armstub8-gic.bin
cp ${pkgs.raspberrypifw}/share/raspberrypi/boot/bcm2711-rpi-4-b.dtb firmware/
cp ${pkgs.raspberrypifw}/share/raspberrypi/boot/bcm2711-rpi-400.dtb firmware/
cp ${pkgs.raspberrypifw}/share/raspberrypi/boot/bcm2711-rpi-cm4.dtb firmware/
cp ${pkgs.raspberrypifw}/share/raspberrypi/boot/bcm2711-rpi-cm4s.dtb firmware/
'';
populateRootCommands = ''
mkdir -p ./files/boot
${config.boot.loader.generic-extlinux-compatible.populateCmd} -c ${config.system.build.toplevel} -d ./files/boot
'';
};
}

10
nixos/modules/installer/sd-card/sd-image-armv7l-multiplatform-installer.nix Normal file
View File

@@ -0,0 +1,10 @@
{
imports = [
../../profiles/installation-device.nix
./sd-image-armv7l-multiplatform.nix
];
# the installation media is also the installation target,
# so we don't want to provide the installation configuration.nix.
installer.cloneConfig = false;
}

66
nixos/modules/installer/sd-card/sd-image-armv7l-multiplatform.nix Normal file
View File

@@ -0,0 +1,66 @@
# To build, use:
# nix-build nixos -I nixos-config=nixos/modules/installer/sd-card/sd-image-armv7l-multiplatform.nix -A config.system.build.sdImage
{
config,
lib,
pkgs,
...
}:
{
imports = [
../../profiles/base.nix
./sd-image.nix
];
boot.loader.grub.enable = false;
boot.loader.generic-extlinux-compatible.enable = true;
boot.consoleLogLevel = lib.mkDefault 7;
boot.kernelPackages = pkgs.linuxPackages_latest;
# The serial ports listed here are:
# - ttyS0: for Tegra (Jetson TK1)
# - ttymxc0: for i.MX6 (Wandboard)
# - ttyAMA0: for Allwinner (pcDuino3 Nano) and QEMU's -machine virt
# - ttyO0: for OMAP (BeagleBone Black)
# - ttySAC2: for Exynos (ODROID-XU3)
boot.kernelParams = [
"console=ttyS0,115200n8"
"console=ttymxc0,115200n8"
"console=ttyAMA0,115200n8"
"console=ttyO0,115200n8"
"console=ttySAC2,115200n8"
"console=tty0"
];
sdImage = {
populateFirmwareCommands =
let
configTxt = pkgs.writeText "config.txt" ''
# Prevent the firmware from smashing the framebuffer setup done by the mainline kernel
# when attempting to show low-voltage or overtemperature warnings.
avoid_warnings=1
[pi2]
kernel=u-boot-rpi2.bin
[pi3]
kernel=u-boot-rpi3.bin
# U-Boot used to need this to work, regardless of whether UART is actually used or not.
# TODO: check when/if this can be removed.
enable_uart=1
'';
in
''
(cd ${pkgs.raspberrypifw}/share/raspberrypi/boot && cp bootcode.bin fixup*.dat start*.elf $NIX_BUILD_TOP/firmware/)
cp ${pkgs.ubootRaspberryPi2}/u-boot.bin firmware/u-boot-rpi2.bin
cp ${pkgs.ubootRaspberryPi3_32bit}/u-boot.bin firmware/u-boot-rpi3.bin
cp ${configTxt} firmware/config.txt
'';
populateRootCommands = ''
mkdir -p ./files/boot
${config.boot.loader.generic-extlinux-compatible.populateCmd} -c ${config.system.build.toplevel} -d ./files/boot
'';
};
}

54
nixos/modules/installer/sd-card/sd-image-powerpc64le.nix Normal file
View File

@@ -0,0 +1,54 @@
# To build, use:
# nix-build nixos -I nixos-config=nixos/modules/installer/sd-card/sd-image-powerpc64le.nix -A config.system.build.sdImage
{
config,
lib,
pkgs,
...
}:
{
imports = [
../../profiles/base.nix
../../profiles/installation-device.nix
./sd-image.nix
];
boot.loader = {
# powerpc64le-linux typically uses petitboot
grub.enable = false;
generic-extlinux-compatible = {
# petitboot is not does not support all of the extlinux extensions to
# syslinux, but its parser is very forgiving; it essentially ignores
# whatever it doesn't understand. See below for a filename adjustment.
enable = true;
};
};
boot.consoleLogLevel = lib.mkDefault 7;
boot.kernelParams = [ "console=hvc0" ];
sdImage = {
populateFirmwareCommands = "";
populateRootCommands = ''
mkdir -p ./files/boot
${config.boot.loader.generic-extlinux-compatible.populateCmd} \
-c ${config.system.build.toplevel} \
-d ./files/boot
''
# https://github.com/open-power/petitboot/blob/master/discover/syslinux-parser.c
# petitboot will look in these paths (plus all-caps versions of them):
# /boot/syslinux/syslinux.cfg
# /syslinux/syslinux.cfg
# /syslinux.cfg
+ ''
mv ./files/boot/extlinux ./files/boot/syslinux
mv ./files/boot/syslinux/extlinux.conf ./files/boot/syslinux/syslinux.cfg
''
# petitboot does not support relative paths for LINUX or INITRD; it prepends
# a `/` when parsing these fields
+ ''
sed -i 's_^\(\W\W*\(INITRD\|initrd\|LINUX\|linux\)\W\)\.\./_\1/boot/_' ./files/boot/syslinux/syslinux.cfg
'';
};
}

10
nixos/modules/installer/sd-card/sd-image-raspberrypi-installer.nix Normal file
View File

@@ -0,0 +1,10 @@
{
imports = [
../../profiles/installation-device.nix
./sd-image-raspberrypi.nix
];
# the installation media is also the installation target,
# so we don't want to provide the installation configuration.nix.
installer.cloneConfig = false;
}

52
nixos/modules/installer/sd-card/sd-image-raspberrypi.nix Normal file
View File

@@ -0,0 +1,52 @@
# To build, use:
# nix-build nixos -I nixos-config=nixos/modules/installer/sd-card/sd-image-raspberrypi.nix -A config.system.build.sdImage
{
config,
lib,
pkgs,
...
}:
{
imports = [
../../profiles/base.nix
./sd-image.nix
];
boot.loader.grub.enable = false;
boot.loader.generic-extlinux-compatible.enable = true;
boot.consoleLogLevel = lib.mkDefault 7;
boot.kernelPackages = pkgs.linuxKernel.packages.linux_rpi1;
sdImage = {
populateFirmwareCommands =
let
configTxt = pkgs.writeText "config.txt" ''
# u-boot refuses to start (gets stuck at rainbow polygon) without this,
# at least on Raspberry Pi 0.
enable_uart=1
# Prevent the firmware from smashing the framebuffer setup done by the mainline kernel
# when attempting to show low-voltage or overtemperature warnings.
avoid_warnings=1
[pi0]
kernel=u-boot-rpi0.bin
[pi1]
kernel=u-boot-rpi1.bin
'';
in
''
(cd ${pkgs.raspberrypifw}/share/raspberrypi/boot && cp bootcode.bin fixup*.dat start*.elf *.dtb $NIX_BUILD_TOP/firmware/)
cp ${pkgs.ubootRaspberryPiZero}/u-boot.bin firmware/u-boot-rpi0.bin
cp ${pkgs.ubootRaspberryPi}/u-boot.bin firmware/u-boot-rpi1.bin
cp ${configTxt} firmware/config.txt
'';
populateRootCommands = ''
mkdir -p ./files/boot
${config.boot.loader.generic-extlinux-compatible.populateCmd} -c ${config.system.build.toplevel} -d ./files/boot
'';
};
}

10
nixos/modules/installer/sd-card/sd-image-riscv64-qemu-installer.nix Normal file
View File

@@ -0,0 +1,10 @@
{
imports = [
../../profiles/installation-device.nix
./sd-image-riscv64-qemu.nix
];
# the installation media is also the installation target,
# so we don't want to provide the installation configuration.nix.
installer.cloneConfig = false;
}

40
nixos/modules/installer/sd-card/sd-image-riscv64-qemu.nix Normal file
View File

@@ -0,0 +1,40 @@
# To build, use:
# nix-build nixos -I nixos-config=nixos/modules/installer/sd-card/sd-image-riscv64-qemu.nix -A config.system.build.sdImage
{
config,
lib,
pkgs,
...
}:
{
imports = [
../../profiles/base.nix
./sd-image.nix
];
boot.loader = {
grub.enable = false;
generic-extlinux-compatible = {
enable = true;
# Don't even specify FDTDIR - We do not have the correct DT
# The DTB is generated by QEMU at runtime
useGenerationDeviceTree = false;
};
};
boot.consoleLogLevel = lib.mkDefault 7;
boot.kernelParams = [
"console=tty0"
"console=ttyS0,115200n8"
];
sdImage = {
populateFirmwareCommands = "";
populateRootCommands = ''
mkdir -p ./files/boot
${config.boot.loader.generic-extlinux-compatible.populateCmd} -c ${config.system.build.toplevel} -d ./files/boot
'';
};
}

32
nixos/modules/installer/sd-card/sd-image-x86_64.nix Normal file
View File

@@ -0,0 +1,32 @@
# To build, use:
# nix-build nixos -I nixos-config=nixos/modules/installer/sd-card/sd-image-x86_64.nix -A config.system.build.sdImage
# This image is primarily used in NixOS tests (boot.nix) to test `boot.loader.generic-extlinux-compatible`.
{
config,
lib,
pkgs,
...
}:
{
imports = [
../../profiles/base.nix
./sd-image.nix
];
boot.loader = {
grub.enable = false;
generic-extlinux-compatible.enable = true;
};
boot.consoleLogLevel = lib.mkDefault 7;
sdImage = {
populateFirmwareCommands = "";
populateRootCommands = ''
mkdir -p ./files/boot
${config.boot.loader.generic-extlinux-compatible.populateCmd} -c ${config.system.build.toplevel} -d ./files/boot
'';
};
}

358
nixos/modules/installer/sd-card/sd-image.nix Normal file
View File

@@ -0,0 +1,358 @@
# This module creates a bootable SD card image containing the given NixOS
# configuration. The generated image is MBR partitioned, with a FAT
# /boot/firmware partition, and ext4 root partition. The generated image
# is sized to fit its contents, and a boot script automatically resizes
# the root partition to fit the device on the first boot.
#
# The firmware partition is built with expectation to hold the Raspberry
# Pi firmware and bootloader, and be removed and replaced with a firmware
# build for the target SoC for other board families.
#
# The derivation for the SD image will be placed in
# config.system.build.sdImage
{
config,
lib,
pkgs,
...
}:
with lib;
let
rootfsImage = pkgs.callPackage ../../../lib/make-ext4-fs.nix (
{
inherit (config.sdImage) storePaths;
compressImage = config.sdImage.compressImage;
populateImageCommands = config.sdImage.populateRootCommands;
volumeLabel = config.sdImage.rootVolumeLabel;
}
// optionalAttrs (config.sdImage.rootPartitionUUID != null) {
uuid = config.sdImage.rootPartitionUUID;
}
);
in
{
imports = [
(mkRemovedOptionModule [ "sdImage" "bootPartitionID" ]
"The FAT partition for SD image now only holds the Raspberry Pi firmware files. Use firmwarePartitionID to configure that partition's ID."
)
(mkRemovedOptionModule [ "sdImage" "bootSize" ]
"The boot files for SD image have been moved to the main ext4 partition. The FAT partition now only holds the Raspberry Pi firmware files. Changing its size may not be required."
)
(lib.mkRenamedOptionModuleWith {
sinceRelease = 2505;
from = [
"sdImage"
"imageBaseName"
];
to = [
"image"
"baseName"
];
})
(lib.mkRenamedOptionModuleWith {
sinceRelease = 2505;
from = [
"sdImage"
"imageName"
];
to = [
"image"
"fileName"
];
})
../../profiles/all-hardware.nix
../../image/file-options.nix
];
options.sdImage = {
storePaths = mkOption {
type = with types; listOf package;
example = literalExpression "[ pkgs.stdenv ]";
description = ''
Derivations to be included in the Nix store in the generated SD image.
'';
};
firmwarePartitionOffset = mkOption {
type = types.int;
default = 8;
description = ''
Gap in front of the /boot/firmware partition, in MiB (1024×1024 bytes).
Can be increased to make more space for boards requiring to dd u-boot
SPL before actual partitions.
Unless you are building your own images pre-configured with an
installed U-Boot, you can instead opt to delete the existing `FIRMWARE`
partition, which is used **only** for the Raspberry Pi family of
hardware.
'';
};
firmwarePartitionID = mkOption {
type = types.str;
default = "0x2178694e";
description = ''
Volume ID for the /boot/firmware partition on the SD card. This value
must be a 32-bit hexadecimal number.
'';
};
firmwarePartitionName = mkOption {
type = types.str;
default = "FIRMWARE";
description = ''
Name of the filesystem which holds the boot firmware.
'';
};
rootPartitionUUID = mkOption {
type = types.nullOr types.str;
default = null;
example = "14e19a7b-0ae0-484d-9d54-43bd6fdc20c7";
description = ''
UUID for the filesystem on the main NixOS partition on the SD card.
'';
};
rootVolumeLabel = mkOption {
type = types.str;
default = "NIXOS_SD";
example = "NIXOS_PENDRIVE";
description = ''
Label for the NixOS root volume.
Usually used when creating a recovery NixOS media installation
that avoids conflicting with previous instalation label.
'';
};
firmwareSize = mkOption {
type = types.int;
# As of 2019-08-18 the Raspberry pi firmware + u-boot takes ~18MiB
default = 30;
description = ''
Size of the /boot/firmware partition, in megabytes.
'';
};
populateFirmwareCommands = mkOption {
example = literalExpression "'' cp \${pkgs.myBootLoader}/u-boot.bin firmware/ ''";
description = ''
Shell commands to populate the ./firmware directory.
All files in that directory are copied to the
/boot/firmware partition on the SD image.
'';
};
populateRootCommands = mkOption {
example = literalExpression "''\${config.boot.loader.generic-extlinux-compatible.populateCmd} -c \${config.system.build.toplevel} -d ./files/boot''";
description = ''
Shell commands to populate the ./files directory.
All files in that directory are copied to the
root (/) partition on the SD image. Use this to
populate the ./files/boot (/boot) directory.
'';
};
postBuildCommands = mkOption {
example = literalExpression "'' dd if=\${pkgs.myBootLoader}/SPL of=$img bs=1024 seek=1 conv=notrunc ''";
default = "";
description = ''
Shell commands to run after the image is built.
Can be used for boards requiring to dd u-boot SPL before actual partitions.
'';
};
compressImage = mkOption {
type = types.bool;
default = true;
description = ''
Whether the SD image should be compressed using
{command}`zstd`.
'';
};
expandOnBoot = mkOption {
type = types.bool;
default = true;
description = ''
Whether to configure the sd image to expand it's partition on boot.
'';
};
nixPathRegistrationFile = mkOption {
type = types.str;
default = "/nix-path-registration";
description = ''
Location of the file containing the input for nix-store --load-db once the machine has booted.
If overriding fileSystems."/" then you should to set this to the root mount + /nix-path-registration
'';
};
};
config = {
hardware.enableAllHardware = true;
fileSystems = {
"/boot/firmware" = {
device = "/dev/disk/by-label/${config.sdImage.firmwarePartitionName}";
fsType = "vfat";
# Alternatively, this could be removed from the configuration.
# The filesystem is not needed at runtime, it could be treated
# as an opaque blob instead of a discrete FAT32 filesystem.
options = [
"nofail"
"noauto"
];
};
"/" = {
device = "/dev/disk/by-label/${config.sdImage.rootVolumeLabel}";
fsType = "ext4";
};
};
sdImage.storePaths = [ config.system.build.toplevel ];
image.extension = if config.sdImage.compressImage then "img.zst" else "img";
image.filePath = "sd-image/${config.image.fileName}";
system.nixos.tags = [ "sd-card" ];
system.build.image = config.system.build.sdImage;
system.build.sdImage = pkgs.callPackage (
{
stdenv,
dosfstools,
e2fsprogs,
mtools,
libfaketime,
util-linux,
zstd,
}:
stdenv.mkDerivation {
name = config.image.fileName;
nativeBuildInputs = [
dosfstools
e2fsprogs
libfaketime
mtools
util-linux
]
++ lib.optional config.sdImage.compressImage zstd;
inherit (config.sdImage) compressImage;
buildCommand = ''
mkdir -p $out/nix-support $out/sd-image
export img=$out/sd-image/${config.image.baseName}.img
echo "${pkgs.stdenv.buildPlatform.system}" > $out/nix-support/system
if test -n "$compressImage"; then
echo "file sd-image $img.zst" >> $out/nix-support/hydra-build-products
else
echo "file sd-image $img" >> $out/nix-support/hydra-build-products
fi
root_fs=${rootfsImage}
${lib.optionalString config.sdImage.compressImage ''
root_fs=./root-fs.img
echo "Decompressing rootfs image"
zstd -d --no-progress "${rootfsImage}" -o $root_fs
''}
# Gap in front of the first partition, in MiB
gap=${toString config.sdImage.firmwarePartitionOffset}
# Create the image file sized to fit /boot/firmware and /, plus slack for the gap.
rootSizeBlocks=$(du -B 512 --apparent-size $root_fs | awk '{ print $1 }')
firmwareSizeBlocks=$((${toString config.sdImage.firmwareSize} * 1024 * 1024 / 512))
imageSize=$((rootSizeBlocks * 512 + firmwareSizeBlocks * 512 + gap * 1024 * 1024))
truncate -s $imageSize $img
# type=b is 'W95 FAT32', type=83 is 'Linux'.
# The "bootable" partition is where u-boot will look file for the bootloader
# information (dtbs, extlinux.conf file).
sfdisk --no-reread --no-tell-kernel $img <<EOF
label: dos
label-id: ${config.sdImage.firmwarePartitionID}
start=''${gap}M, size=$firmwareSizeBlocks, type=b
start=$((gap + ${toString config.sdImage.firmwareSize}))M, type=83, bootable
EOF
# Copy the rootfs into the SD image
eval $(partx $img -o START,SECTORS --nr 2 --pairs)
dd conv=notrunc if=$root_fs of=$img seek=$START count=$SECTORS
# Create a FAT32 /boot/firmware partition of suitable size into firmware_part.img
eval $(partx $img -o START,SECTORS --nr 1 --pairs)
truncate -s $((SECTORS * 512)) firmware_part.img
mkfs.vfat --invariant -i ${config.sdImage.firmwarePartitionID} -n ${config.sdImage.firmwarePartitionName} firmware_part.img
# Populate the files intended for /boot/firmware
mkdir firmware
${config.sdImage.populateFirmwareCommands}
find firmware -exec touch --date=2000-01-01 {} +
# Copy the populated /boot/firmware into the SD image
cd firmware
# Force a fixed order in mcopy for better determinism, and avoid file globbing
for d in $(find . -type d -mindepth 1 | sort); do
faketime "2000-01-01 00:00:00" mmd -i ../firmware_part.img "::/$d"
done
for f in $(find . -type f | sort); do
mcopy -pvm -i ../firmware_part.img "$f" "::/$f"
done
cd ..
# Verify the FAT partition before copying it.
fsck.vfat -vn firmware_part.img
dd conv=notrunc if=firmware_part.img of=$img seek=$START count=$SECTORS
${config.sdImage.postBuildCommands}
if test -n "$compressImage"; then
zstd -T$NIX_BUILD_CORES --rm $img
fi
'';
}
) { };
boot.postBootCommands =
let
expandOnBoot = lib.optionalString config.sdImage.expandOnBoot ''
# Figure out device names for the boot device and root filesystem.
rootPart=$(${pkgs.util-linux}/bin/findmnt -n -o SOURCE /)
bootDevice=$(lsblk -npo PKNAME $rootPart)
partNum=$(lsblk -npo MAJ:MIN $rootPart | ${pkgs.gawk}/bin/awk -F: '{print $2}')
# Resize the root partition and the filesystem to fit the disk
echo ",+," | sfdisk -N$partNum --no-reread $bootDevice
${pkgs.parted}/bin/partprobe
${pkgs.e2fsprogs}/bin/resize2fs $rootPart
'';
nixPathRegistrationFile = config.sdImage.nixPathRegistrationFile;
in
''
# On the first boot do some maintenance tasks
if [ -f ${nixPathRegistrationFile} ]; then
set -euo pipefail
set -x
${expandOnBoot}
# Register the contents of the initial Nix store
${config.nix.package.out}/bin/nix-store --load-db < ${nixPathRegistrationFile}
# nixos-rebuild also requires a "system" profile and an /etc/NIXOS tag.
touch /etc/NIXOS
${config.nix.package.out}/bin/nix-env -p /nix/var/nix/profiles/system --set /run/current-system
# Prevents this from running on later boots.
rm -f ${nixPathRegistrationFile}
fi
'';
};
}

177
nixos/modules/installer/tools/manpages/nixos-generate-config.8 Normal file
View File

@@ -0,0 +1,177 @@
.Dd January 1, 1980
.Dt nixos-generate-config 8
.Os
.Sh NAME
.Nm nixos-generate-config
.Nd generate NixOS configuration modules
.
.
.
.Sh SYNOPSIS
.Nm nixos-generate-config
.Op Fl -force
.Op Fl -root Ar root
.Op Fl -dir Ar dir
.Op Fl -flake
.Op Fl -kernel Ar <lts|latest>
.
.
.
.Sh DESCRIPTION
This command writes two NixOS configuration modules:
.Bl -tag -width indent
.It Pa /etc/nixos/hardware-configuration.nix
This module sets NixOS configuration options based on your current hardware
configuration. In particular, it sets the
.Va fileSystem
option to reflect all currently mounted file systems, the
.Va swapDevices
option to reflect active swap devices, and the
.Va boot.initrd.*
options to ensure that the initial ramdisk contains any kernel modules necessary
for mounting the root file system.
.Pp
If this file already exists, it is overwritten. Thus, you should not modify it
manually. Rather, you should include it from your
.Pa /etc/nixos/configuration.nix Ns
, and re-run
.Nm
to update it whenever your hardware configuration changes.
.
.It Pa /etc/nixos/configuration.nix
This is the main NixOS system configuration module. If it already exists, its
left unchanged. Otherwise,
.Nm
will write a template for you to customise.
.El
.
.
.
.Sh OPTIONS
.Bl -tag -width indent
.It Fl -root Ar root
If this option is given, treat the directory
.Ar root
as the root of the file system. This means that configuration files will be written to
.Ql Ar root Ns /etc/nixos Ns
, and that any file systems outside of
.Ar root
are ignored for the purpose of generating the
.Va fileSystems
option.
.
.It Fl -dir Ar dir
If this option is given, write the configuration files to the directory
.Ar dir
instead of
.Pa /etc/nixos Ns
\&.
.
.It Fl -kernel Ar <lts|latest>
Set the kernel in the generated configuration file.
.
.It Fl -force
Overwrite
.Pa /etc/nixos/configuration.nix
(and
.Pa /etc/nixos/flake.nix
if --flake is passed) if already present.
.
.It Fl -flake
Also generate
.Pa /etc/nixos/flake.nix Ns
\&.
.
.It Fl -no-filesystems
Omit everything concerning file systems and swap devices from the hardware configuration.
.
.It Fl -show-hardware-config
Don't generate
.Pa configuration.nix
or
.Pa hardware-configuration.nix
and print the hardware configuration to stdout only.
.El
.
.
.
.Sh EXAMPLES
This command is typically used during NixOS installation to write initial
configuration modules. For example, if you created and mounted the target file
systems on
.Pa /mnt
and
.Pa /mnt/boot Ns
, you would run:
.Bd -literal -offset indent
$ nixos-generate-config --root /mnt
.Ed
.
.Pp
The resulting file
.Pa /mnt/etc/nixos/hardware-configuration.nix
might look like this:
.Bd -literal -offset indent
# Do not modify this file! It was generated by 'nixos-generate-config'
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, pkgs, ... }:
{
imports =
[ <nixos/modules/installer/scan/not-detected.nix>
];
boot.initrd.availableKernelModules = [ "ehci_hcd" "ahci" ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-label/nixos";
fsType = "ext3";
options = [ "rw" "data=ordered" "relatime" ];
};
fileSystems."/boot" =
{ device = "/dev/sda1";
fsType = "ext3";
options = [ "rw" "errors=continue" "user_xattr" "acl" "barrier=1" "data=writeback" "relatime" ];
};
swapDevices =
[ { device = "/dev/sda2"; }
];
nix.maxJobs = 8;
}
.Ed
.
.Pp
It will also create a basic
.Pa /mnt/etc/nixos/configuration.nix Ns
, which you should edit to customise the logical configuration of your system. \
This file includes the result of the hardware scan as follows:
.Bd -literal -offset indent
imports = [ ./hardware-configuration.nix ];
.Ed
.
.Pp
After installation, if your hardware configuration changes, you can run:
.Bd -literal -offset indent
$ nixos-generate-config
.Ed
.
.Pp
to update
.Pa /etc/nixos/hardware-configuration.nix Ns
\&. Your
.Pa /etc/nixos/configuration.nix
will
.Em not
be overwritten.
.
.Sh AUTHORS
.An -nosplit
.An Eelco Dolstra
and
.An the Nixpkgs/NixOS contributors

86
nixos/modules/installer/tools/manpages/nixos-version.8 Normal file
View File

@@ -0,0 +1,86 @@
.Dd January 1, 1980
.Dt nixos-version 8
.Os
.Sh NAME
.Nm nixos-version
.Nd show the NixOS version
.
.
.
.Sh SYNOPSIS
.Nm nixos-version
.Op Fl -hash
.Op Fl -revision
.Op Fl -configuration-revision
.Op Fl -json
.
.
.
.Sh DESCRIPTION
This command shows the version of the currently active NixOS configuration. For example:
.Bd -literal -offset indent
$ nixos-version
16.03.1011.6317da4 (Emu)
.Ed
.
.Pp
The version consists of the following elements:
.Bl -tag -width indent
.It Ql 16.03
The NixOS release, indicating the year and month in which it was released
(e.g. March 2016).
.It Ql 1011
The number of commits in the Nixpkgs Git repository between the start of the
release branch and the commit from which this version was built. This ensures
that NixOS versions are monotonically increasing. It is
.Ql git
when the current NixOS configuration was built from a checkout of the Nixpkgs
Git repository rather than from a NixOS channel.
.It Ql 6317da4
The first 7 characters of the commit in the Nixpkgs Git repository from which
this version was built.
.It Ql Emu
The code name of the NixOS release. The first letter of the code name indicates
that this is the N'th stable NixOS release; for example, Emu is the fifth
release.
.El
.
.
.
.Sh OPTIONS
.Bl -tag -width indent
.It Fl -hash , -revision
Show the full SHA1 hash of the Git commit from which this configuration was
built, e.g.
.Bd -literal -offset indent
$ nixos-version --hash
6317da40006f6bc2480c6781999c52d88dde2acf
.Ed
.
.It Fl -configuration-revision
Show the configuration revision if available. This could be the full SHA1 hash
of the Git commit of the system flake, if you add
.Bd -literal -offset indent
{ system.configurationRevision = self.rev or "dirty"; }
.Ed
.Pp
to the
.Ql modules
array of your flake.nix system configuration e.g.
.Bd -literal -offset indent
$ nixos-version --configuration-revision
aa314ebd1592f6cdd53cb5bba8bcae97d9323de8
.Ed
.
.It Fl -json
Print a JSON representation of the versions of NixOS and the top-level
configuration flake.
.El
.
.
.
.Sh AUTHORS
.An -nosplit
.An Eelco Dolstra
and
.An the Nixpkgs/NixOS contributors

8
nixos/modules/installer/tools/nix-fallback-paths.nix Normal file
View File

@@ -0,0 +1,8 @@
{
x86_64-linux = "/nix/store/x30lnlgk1s16rynrfslbf8phr6h6rqf2-nix-2.31.2";
i686-linux = "/nix/store/ix94q6rrdg6cr4893cjpzdbmibhlm0dv-nix-2.31.2";
aarch64-linux = "/nix/store/xnybj9lk0kwvmr2va253avanq7m3cpyg-nix-2.31.2";
riscv64-linux = "/nix/store/33as1vqp8mq36nr5bb5gr7ziw1nf4q1v-nix-riscv64-unknown-linux-gnu-2.31.2";
x86_64-darwin = "/nix/store/b9dvary8rcljj7ajv1x64hwwch4cvyvp-nix-2.31.2";
aarch64-darwin = "/nix/store/lvv1j8qbrvlnl3aagcjrhf42d458zgb5-nix-2.31.2";
}

722
nixos/modules/installer/tools/nixos-generate-config.pl Normal file
View File

@@ -0,0 +1,722 @@
#! @perl@
use strict;
use Cwd 'abs_path';
use File::Spec;
use File::Path;
use File::Basename;
use File::Slurp;
use File::stat;
use Config::IniFiles;
umask(0022);
sub uniq {
my %seen;
my @res = ();
foreach my $s (@_) {
if (!defined $seen{$s}) {
$seen{$s} = 1;
push @res, $s;
}
}
return @res;
}
sub runCommand {
my ($cmd) = @_;
open FILE, "$cmd 2>&1 |" or die "Failed to execute: $cmd\n";
my @ret = <FILE>;
close FILE;
return ($?, @ret);
}
# Process the command line.
my $outDir = "/etc/nixos";
my $rootDir = ""; # = /
my $force = 0;
my $noFilesystems = 0;
my $flake = 0;
my $showHardwareConfig = 0;
my $kernel = "lts";
if (-e "/etc/nixos-generate-config.conf") {
my $cfg = new Config::IniFiles -file => "/etc/nixos-generate-config.conf";
$outDir = $cfg->val("Defaults", "Directory") // $outDir;
if (defined $cfg->val("Defaults", "RootDirectory")) {
$rootDir = $cfg->val("Defaults", "RootDirectory");
$rootDir =~ s/\/*$//; # remove trailing slashes
$rootDir = File::Spec->rel2abs($rootDir); # resolve absolute path
}
$kernel = $cfg->val("Defaults", "Kernel") // $kernel;
$flake = $cfg->val("Defaults", "Flake") // $flake;
}
for (my $n = 0; $n < scalar @ARGV; $n++) {
my $arg = $ARGV[$n];
if ($arg eq "--help") {
exec "man nixos-generate-config" or die;
}
elsif ($arg eq "--dir") {
$n++;
$outDir = $ARGV[$n];
die "$0: --dir requires an argument\n" unless defined $outDir;
}
elsif ($arg eq "--root") {
$n++;
$rootDir = $ARGV[$n];
die "$0: --root requires an argument\n" unless defined $rootDir;
die "$0: no need to specify `/` with `--root`, it is the default\n" if $rootDir eq "/";
$rootDir =~ s/\/*$//; # remove trailing slashes
$rootDir = File::Spec->rel2abs($rootDir); # resolve absolute path
}
elsif ($arg eq "--force") {
$force = 1;
}
elsif ($arg eq "--no-filesystems") {
$noFilesystems = 1;
}
elsif ($arg eq "--show-hardware-config") {
$showHardwareConfig = 1;
}
elsif ($arg eq "--flake") {
$flake = 1;
}
elsif ($arg eq "--kernel") {
$n++;
$kernel = $ARGV[$n];
die "$0: --kernel requires an argument\n" unless defined $kernel;
}
else {
die "$0: unrecognized argument $arg\n";
}
}
die "$0: invalid kernel: '$kernel'" unless $kernel eq "lts" || $kernel eq "latest";
my @attrs = ();
my @kernelModules = ();
my @initrdKernelModules = ();
my @initrdAvailableKernelModules = ();
my @modulePackages = ();
my @imports;
sub debug {
return unless defined $ENV{"DEBUG"};
print STDERR @_;
}
# nixpkgs.system
push @attrs, "nixpkgs.hostPlatform = lib.mkDefault \"@hostPlatformSystem@\";";
my $cpuinfo = read_file "/proc/cpuinfo";
sub hasCPUFeature {
my $feature = shift;
return $cpuinfo =~ /^flags\s*:.* $feature( |$)/m;
}
sub cpuManufacturer {
my $id = shift;
return $cpuinfo =~ /^vendor_id\s*:.* $id$/m;
}
# Virtualization support?
push @kernelModules, "kvm-intel" if hasCPUFeature "vmx";
push @kernelModules, "kvm-amd" if hasCPUFeature "svm";
# Look at the PCI devices and add necessary modules. Note that most
# modules are auto-detected so we don't need to list them here.
# However, some are needed in the initrd to boot the system.
my $videoDriver;
sub pciCheck {
my $path = shift;
my $vendor = read_file "$path/vendor"; chomp $vendor;
my $device = read_file "$path/device"; chomp $device;
my $class = read_file "$path/class"; chomp $class;
my $module;
if (-e "$path/driver/module") {
$module = basename `readlink -f $path/driver/module`;
chomp $module;
}
debug "$path: $vendor $device $class";
debug " $module" if defined $module;
debug "\n";
if (defined $module) {
# See the bottom of https://pciids.sourceforge.net/pci.ids for
# device classes.
if (# Mass-storage controller. Definitely important.
$class =~ /^0x01/ ||
# Firewire controller. A disk might be attached.
$class =~ /^0x0c00/ ||
# USB controller. Needed if we want to use the
# keyboard when things go wrong in the initrd.
$class =~ /^0x0c03/
)
{
push @initrdAvailableKernelModules, $module;
}
}
# broadcom FullMac driver
# list taken from
# https://wireless.wiki.kernel.org/en/users/Drivers/brcm80211#brcmfmac
if ($vendor eq "0x14e4" &&
($device eq "0x43a3" || $device eq "0x43df" || $device eq "0x43ec" ||
$device eq "0x43d3" || $device eq "0x43d9" || $device eq "0x43e9" ||
$device eq "0x43ba" || $device eq "0x43bb" || $device eq "0x43bc" ||
$device eq "0xaa52" || $device eq "0x43ca" || $device eq "0x43cb" ||
$device eq "0x43cc" || $device eq "0x43c3" || $device eq "0x43c4" ||
$device eq "0x43c5"
) )
{
# we need e.g. brcmfmac43602-pcie.bin
push @imports, "(modulesPath + \"/hardware/network/broadcom-43xx.nix\")";
}
# In case this is a virtio scsi device, we need to explicitly make this available.
if ($vendor eq "0x1af4" && ($device eq "0x1004" || $device eq "0x1048") ) {
push @initrdAvailableKernelModules, "virtio_scsi";
}
# Can't rely on $module here, since the module may not be loaded
# due to missing firmware. Ideally we would check modules.pcimap
# here.
push @attrs, "networking.enableIntel2200BGFirmware = true;" if
$vendor eq "0x8086" &&
($device eq "0x1043" || $device eq "0x104f" || $device eq "0x4220" ||
$device eq "0x4221" || $device eq "0x4223" || $device eq "0x4224");
push @attrs, "networking.enableIntel3945ABGFirmware = true;" if
$vendor eq "0x8086" &&
($device eq "0x4229" || $device eq "0x4230" ||
$device eq "0x4222" || $device eq "0x4227");
# Assume that all NVIDIA cards are supported by the NVIDIA driver.
# There may be exceptions (e.g. old cards).
# FIXME: do we want to enable an unfree driver here?
#$videoDriver = "nvidia" if $vendor eq "0x10de" && $class =~ /^0x03/;
}
foreach my $path (glob "/sys/bus/pci/devices/*") {
pciCheck $path;
}
# Idem for USB devices.
sub usbCheck {
my $path = shift;
my $class = read_file "$path/bInterfaceClass"; chomp $class;
my $subclass = read_file "$path/bInterfaceSubClass"; chomp $subclass;
my $protocol = read_file "$path/bInterfaceProtocol"; chomp $protocol;
my $module;
if (-e "$path/driver/module") {
$module = basename `readlink -f $path/driver/module`;
chomp $module;
}
debug "$path: $class $subclass $protocol";
debug " $module" if defined $module;
debug "\n";
if (defined $module) {
if (# Mass-storage controller. Definitely important.
$class eq "08" ||
# Keyboard. Needed if we want to use the
# keyboard when things go wrong in the initrd.
($class eq "03" && $protocol eq "01")
)
{
push @initrdAvailableKernelModules, $module;
}
}
}
foreach my $path (glob "/sys/bus/usb/devices/*") {
if (-e "$path/bInterfaceClass") {
usbCheck $path;
}
}
# Add the modules for all block and MMC devices.
foreach my $path (glob "/sys/class/{block,mmc_host}/*") {
my $module;
if (-e "$path/device/driver/module") {
$module = basename `readlink -f $path/device/driver/module`;
chomp $module;
push @initrdAvailableKernelModules, $module;
}
}
# Add bcache module, if needed.
my @bcacheDevices = glob("/dev/bcache*");
@bcacheDevices = grep(!m#dev/bcachefs.*#, @bcacheDevices);
if (scalar @bcacheDevices > 0) {
push @initrdAvailableKernelModules, "bcache";
}
# Prevent unbootable systems if LVM snapshots are present at boot time.
if (`lsblk -o TYPE` =~ "lvm") {
push @initrdKernelModules, "dm-snapshot";
}
my $virt = `@detectvirt@`;
chomp $virt;
# Check if we're a VirtualBox guest. If so, enable the guest
# additions.
if ($virt eq "oracle") {
push @attrs, "virtualisation.virtualbox.guest.enable = true;"
}
# Check if we're a Parallels guest. If so, enable the guest additions.
# It is blocked by https://github.com/systemd/systemd/pull/23859
if ($virt eq "parallels") {
push @attrs, "hardware.parallels.enable = true;";
push @attrs, "nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ \"prl-tools\" ];";
}
# Likewise for QEMU.
if ($virt eq "qemu" || $virt eq "kvm" || $virt eq "bochs") {
push @imports, "(modulesPath + \"/profiles/qemu-guest.nix\")";
}
# Also for Hyper-V.
if ($virt eq "microsoft") {
push @attrs, "virtualisation.hypervGuest.enable = true;"
}
# Pull in NixOS configuration for containers.
if ($virt eq "systemd-nspawn") {
push @attrs, "boot.isNspawnContainer = true;";
}
# Check if we're on bare metal, not in a VM/container.
if ($virt eq "none") {
# Provide firmware for devices that are not detected by this script.
push @imports, "(modulesPath + \"/installer/scan/not-detected.nix\")";
# Update the microcode.
push @attrs, "hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;" if cpuManufacturer "AuthenticAMD";
push @attrs, "hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;" if cpuManufacturer "GenuineIntel";
}
# For a device name like /dev/sda1, find a more stable path like
# /dev/disk/by-uuid/X or /dev/disk/by-label/Y.
sub findStableDevPath {
my ($dev) = @_;
return $dev if substr($dev, 0, 1) ne "/";
return $dev unless -e $dev;
my $st = stat($dev) or return $dev;
foreach my $dev2 (
glob("/dev/stratis/*/*"),
glob("/dev/mapper/*"),
glob("/dev/disk/by-uuid/*"),
glob("/dev/disk/by-label/*"),
) {
my $st2 = stat($dev2) or next;
return $dev2 if $st->rdev == $st2->rdev;
}
return $dev;
}
push @attrs, "services.xserver.videoDrivers = [ \"$videoDriver\" ];" if $videoDriver;
# Generate the swapDevices option from the currently activated swap
# devices.
my @swaps = read_file("/proc/swaps", err_mode => 'carp');
my @swapDevices;
if (@swaps) {
shift @swaps;
foreach my $swap (@swaps) {
my @fields = split ' ', $swap;
my $swapFilename = $fields[0];
my $swapType = $fields[1];
next unless -e $swapFilename;
my $dev = findStableDevPath $swapFilename;
if ($swapType =~ "partition") {
# zram devices are more likely created by configuration.nix, so
# ignore them here
next if ($swapFilename =~ /^\/dev\/zram/);
push @swapDevices, "{ device = \"$dev\"; }";
} elsif ($swapType =~ "file") {
# swap *files* are more likely specified in configuration.nix, so
# ignore them here.
} else {
die "Unsupported swap type: $swapType\n";
}
}
}
# Generate the fileSystems option from the currently mounted
# filesystems.
sub in {
my ($d1, $d2) = @_;
return $d1 eq $d2 || substr($d1, 0, length($d2) + 1) eq "$d2/";
}
my $fileSystems;
my %fsByDev;
my $useSwraid = 0;
foreach my $fs (read_file("/proc/self/mountinfo")) {
chomp $fs;
my @fields = split / /, $fs;
my $mountPoint = $fields[4];
$mountPoint =~ s/\\040/ /g; # account for mount points with spaces in the name (\040 is the escape character)
$mountPoint =~ s/\\011/\t/g; # account for mount points with tabs in the name (\011 is the escape character)
next unless -d $mountPoint;
my @mountOptions = split /,/, $fields[5];
next if !in($mountPoint, $rootDir);
$mountPoint = substr($mountPoint, length($rootDir)); # strip the root directory (e.g. /mnt)
$mountPoint = "/" if $mountPoint eq "";
# Skip special filesystems.
next if in($mountPoint, "/proc") || in($mountPoint, "/dev") || in($mountPoint, "/sys") || in($mountPoint, "/run") || $mountPoint eq "/var/lib/nfs/rpc_pipefs";
# Skip the optional fields.
my $n = 6; $n++ while $fields[$n] ne "-"; $n++;
my $fsType = $fields[$n];
my $device = $fields[$n + 1];
my @superOptions = split /,/, $fields[$n + 2];
$device =~ s/\\040/ /g; # account for devices with spaces in the name (\040 is the escape character)
$device =~ s/\\011/\t/g; # account for mount points with tabs in the name (\011 is the escape character)
# Skip the read-only bind-mount on /nix/store.
next if $mountPoint eq "/nix/store" && (grep { $_ eq "rw" } @superOptions) && (grep { $_ eq "ro" } @mountOptions);
# Maybe this is a bind-mount of a filesystem we saw earlier?
if (defined $fsByDev{$fields[2]}) {
# Make sure this isn't a btrfs subvolume.
my $msg = `@btrfs@ subvol show $rootDir$mountPoint`;
if ($? != 0 || $msg =~ /ERROR:/s) {
my $path = $fields[3]; $path = "" if $path eq "/";
my $base = $fsByDev{$fields[2]};
$base = "" if $base eq "/";
$fileSystems .= <<EOF;
fileSystems.\"$mountPoint\" =
{ device = \"$base$path\";
fsType = \"none\";
options = \[ \"bind\" \];
};
EOF
next;
}
}
$fsByDev{$fields[2]} = $mountPoint;
# We don't know how to handle FUSE filesystems.
if ($fsType eq "fuseblk" || $fsType eq "fuse") {
print STDERR "warning: don't know how to emit fileSystem option for FUSE filesystem $mountPoint\n";
next;
}
# Is this a mount of a loopback device?
my @extraOptions;
if ($device =~ /\/dev\/loop(\d+)/) {
my $loopnr = $1;
my $backer = read_file "/sys/block/loop$loopnr/loop/backing_file";
if (defined $backer) {
chomp $backer;
$device = $backer;
push @extraOptions, "loop";
}
}
# Is this a btrfs filesystem?
if ($fsType eq "btrfs") {
my ($status, @info) = runCommand("@btrfs@ subvol show $rootDir$mountPoint");
if ($status != 0 || join("", @info) =~ /ERROR:/) {
die "Failed to retrieve subvolume info for $mountPoint\n";
}
my @ids = join("\n", @info) =~ m/^(?!\/\n).*Subvolume ID:[ \t\n]*([0-9]+)/s;
if ($#ids > 0) {
die "Btrfs subvol name for $mountPoint listed multiple times in mount\n"
} elsif ($#ids == 0) {
my @paths = join("", @info) =~ m/^([^\n]*)/;
if ($#paths > 0) {
die "Btrfs returned multiple paths for a single subvolume id, mountpoint $mountPoint\n";
} elsif ($#paths != 0) {
die "Btrfs did not return a path for the subvolume at $mountPoint\n";
}
push @extraOptions, "subvol=$paths[0]";
}
}
# Preserve umask (fmask, dmask) settings for vfat filesystems.
# (The default is to mount these world-readable, but that's a security risk
# for the EFI System Partition.)
if ($fsType eq "vfat") {
for (@superOptions) {
if ($_ =~ /fmask|dmask/) {
push @extraOptions, $_;
}
}
}
# is this a stratis fs?
my $stableDevPath = findStableDevPath $device;
my $stratisPool;
if ($stableDevPath =~ qr#/dev/stratis/(.*)/.*#) {
my $poolName = $1;
my ($header, @lines) = split "\n", qx/stratis pool list/;
my $uuidIndex = index $header, 'UUID';
my ($line) = grep /^$poolName /, @lines;
$stratisPool = substr $line, $uuidIndex - 32, 36;
}
# Don't emit tmpfs entry for /tmp, because it most likely comes from the
# boot.tmp.useTmpfs option in configuration.nix (managed declaratively).
next if ($mountPoint eq "/tmp" && $fsType eq "tmpfs");
# This should work for single and multi-device systems.
# still needs subvolume support
if ($fsType eq "bcachefs") {
my ($status, @info) = runCommand("bcachefs fs usage $rootDir$mountPoint");
my $UUID = $info[0];
if ($status == 0 && $UUID =~ /^Filesystem:[ \t\n]*([0-9a-z-]+)/) {
$stableDevPath = "UUID=$1";
} else {
print STDERR "warning: can't find bcachefs mount UUID falling back to device-path";
}
}
# Emit the filesystem.
$fileSystems .= <<EOF;
fileSystems.\"$mountPoint\" =
{ device = \"$stableDevPath\";
fsType = \"$fsType\";
EOF
if (scalar @extraOptions > 0) {
$fileSystems .= <<EOF;
options = \[ ${\join " ", map { "\"" . $_ . "\"" } uniq(@extraOptions)} \];
EOF
}
if ($stratisPool) {
$fileSystems .= <<EOF;
stratis.poolUuid = "$stratisPool";
EOF
}
$fileSystems .= <<EOF;
};
EOF
# If this filesystem is on a LUKS device, then add a
# boot.initrd.luks.devices entry.
if (-e $device) {
my $deviceName = basename(abs_path($device));
my $dmUuid = read_file("/sys/class/block/$deviceName/dm/uuid", err_mode => 'quiet');
if ($dmUuid =~ /^CRYPT-LUKS/)
{
my @slaves = glob("/sys/class/block/$deviceName/slaves/*");
if (scalar @slaves == 1) {
my $slave = "/dev/" . basename($slaves[0]);
if (-e $slave) {
my $dmName = read_file("/sys/class/block/$deviceName/dm/name");
chomp $dmName;
# Ensure to add an entry only once
my $luksDevice = " boot.initrd.luks.devices.\"$dmName\".device";
if ($fileSystems !~ /^\Q$luksDevice\E/m) {
$fileSystems .= "$luksDevice = \"${\(findStableDevPath $slave)}\";\n\n";
}
}
}
}
if (-e "/sys/class/block/$deviceName/md/uuid") {
$useSwraid = 1;
}
}
}
if ($useSwraid) {
push @attrs, "boot.swraid.enable = true;\n\n";
}
# Generate the hardware configuration file.
sub toNixStringList {
my $res = "";
foreach my $s (@_) {
$res .= " \"$s\"";
}
return $res;
}
sub toNixList {
my $res = "";
foreach my $s (@_) {
$res .= " $s";
}
return $res;
}
sub multiLineList {
my $indent = shift;
return " [ ]" if !@_;
my $res = "\n${indent}[ ";
my $first = 1;
foreach my $s (@_) {
$res .= "$indent " if !$first;
$first = 0;
$res .= "$s\n";
}
$res .= "$indent]";
return $res;
}
my $initrdAvailableKernelModules = toNixStringList(uniq @initrdAvailableKernelModules);
my $initrdKernelModules = toNixStringList(uniq @initrdKernelModules);
my $kernelModules = toNixStringList(uniq @kernelModules);
my $modulePackages = toNixList(uniq @modulePackages);
my $fsAndSwap = "";
if (!$noFilesystems) {
$fsAndSwap = "\n$fileSystems ";
$fsAndSwap .= "swapDevices =" . multiLineList(" ", @swapDevices) . ";\n";
}
my $hwConfig = <<EOF;
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =${\multiLineList(" ", @imports)};
boot.initrd.availableKernelModules = [$initrdAvailableKernelModules ];
boot.initrd.kernelModules = [$initrdKernelModules ];
boot.kernelModules = [$kernelModules ];
boot.extraModulePackages = [$modulePackages ];
$fsAndSwap
${\join "", (map { " $_\n" } (uniq @attrs))}}
EOF
sub generateXserverConfig {
my $xserverEnabled = "@xserverEnabled@";
my $config = "";
if ($xserverEnabled eq "1") {
$config = <<EOF;
# Enable the X11 windowing system.
services.xserver.enable = true;
EOF
} else {
$config = <<EOF;
# Enable the X11 windowing system.
# services.xserver.enable = true;
EOF
}
}
if ($showHardwareConfig) {
print STDOUT $hwConfig;
} else {
if ($outDir eq "/etc/nixos") {
$outDir = "$rootDir$outDir";
} else {
$outDir = File::Spec->rel2abs($outDir);
$outDir =~ s/\/*$//; # remove trailing slashes
}
my $fn = "$outDir/hardware-configuration.nix";
print STDERR "writing $fn...\n";
mkpath($outDir, 0, 0755);
write_file($fn, $hwConfig);
$fn = "$outDir/flake.nix";
if ($flake) {
if ($force || ! -e $fn) {
print STDERR "writing $fn...\n";
mkpath($outDir, 0, 0755);
write_file($fn, <<EOF);
@flake@
EOF
} else {
print STDERR "warning: not overwriting existing $fn\n";
}
}
# Generate a basic configuration.nix, unless one already exists.
$fn = "$outDir/configuration.nix";
if ($force || ! -e $fn) {
print STDERR "writing $fn...\n";
my $bootLoaderConfig = "";
if (-e "/sys/firmware/efi/efivars") {
$bootLoaderConfig = <<EOF;
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
EOF
} elsif (-e "/boot/extlinux") {
$bootLoaderConfig = <<EOF;
# Use the extlinux boot loader. (NixOS wants to enable GRUB by default)
boot.loader.grub.enable = false;
# Enables the generation of /boot/extlinux/extlinux.conf
boot.loader.generic-extlinux-compatible.enable = true;
EOF
} elsif ($virt ne "systemd-nspawn") {
$bootLoaderConfig = <<EOF;
# Use the GRUB 2 boot loader.
boot.loader.grub.enable = true;
# boot.loader.grub.efiSupport = true;
# boot.loader.grub.efiInstallAsRemovable = true;
# boot.loader.efi.efiSysMountPoint = "/boot/efi";
# Define on which hard drive you want to install Grub.
# boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only
EOF
}
if ($kernel eq "latest") {
$bootLoaderConfig .= <<EOF;
# Use latest kernel.
boot.kernelPackages = pkgs.linuxPackages_latest;
EOF
}
my $xserverConfig = generateXserverConfig();
(my $desktopConfiguration = <<EOF)=~s/^/ /gm;
@desktopConfiguration@
EOF
write_file($fn, <<EOF);
@configuration@
EOF
print STDERR "For more hardware-specific settings, see https://github.com/NixOS/nixos-hardware.\n"
} else {
print STDERR "warning: not overwriting existing $fn\n";
}
}
# workaround for a bug in substituteAll

31
nixos/modules/installer/tools/nixos-version.sh Normal file
View File

@@ -0,0 +1,31 @@
#! @runtimeShell@
# shellcheck shell=bash
case "$1" in
-h|--help)
exec man nixos-version
exit 1
;;
--hash|--revision)
if ! [[ @revision@ =~ ^[0-9a-f]+$ ]]; then
echo "$0: Nixpkgs commit hash is unknown" >&2
exit 1
fi
echo "@revision@"
;;
--configuration-revision)
if [[ "@configurationRevision@" =~ "@" ]]; then
echo "$0: configuration revision is unknown" >&2
exit 1
fi
echo "@configurationRevision@"
;;
--json)
cat <<EOF
@json@
EOF
;;
*)
echo "@version@ (@codeName@)"
;;
esac

346
nixos/modules/installer/tools/tools.nix Normal file
View File

@@ -0,0 +1,346 @@
# This module generates nixos-install, nixos-rebuild,
# nixos-generate-config, etc.
{
config,
lib,
pkgs,
options,
...
}:
let
makeProg =
args:
pkgs.replaceVarsWith (
args
// {
dir = "bin";
isExecutable = true;
nativeBuildInputs = [
pkgs.installShellFiles
];
postInstall = ''
installManPage ${args.manPage}
'';
}
);
nixos-generate-config = makeProg {
name = "nixos-generate-config";
src = ./nixos-generate-config.pl;
replacements = {
perl = "${
pkgs.perl.withPackages (p: [
p.FileSlurp
p.ConfigIniFiles
])
}/bin/perl";
hostPlatformSystem = pkgs.stdenv.hostPlatform.system;
detectvirt = "${config.systemd.package}/bin/systemd-detect-virt";
btrfs = "${pkgs.btrfs-progs}/bin/btrfs";
inherit (config.system.nixos-generate-config) configuration desktopConfiguration flake;
xserverEnabled = config.services.xserver.enable;
};
manPage = ./manpages/nixos-generate-config.8;
};
nixos-version = makeProg {
name = "nixos-version";
src = ./nixos-version.sh;
replacements = {
inherit (pkgs) runtimeShell;
inherit (config.system.nixos) version codeName revision;
inherit (config.system) configurationRevision;
json = builtins.toJSON (
{
nixosVersion = config.system.nixos.version;
}
// lib.optionalAttrs (config.system.nixos.revision != null) {
nixpkgsRevision = config.system.nixos.revision;
}
// lib.optionalAttrs (config.system.configurationRevision != null) {
configurationRevision = config.system.configurationRevision;
}
);
};
manPage = ./manpages/nixos-version.8;
};
nixos-install = pkgs.nixos-install.override { };
nixos-rebuild = pkgs.nixos-rebuild.override { nix = config.nix.package; };
nixos-rebuild-ng = pkgs.nixos-rebuild-ng.override {
nix = config.nix.package;
withNgSuffix = false;
withReexec = true;
};
defaultFlakeTemplate = ''
{
inputs = {
# This is pointing to an unstable release.
# If you prefer a stable release instead, you can this to the latest number shown here: https://nixos.org/download
# i.e. nixos-24.11
# Use `nix flake update` to update the flake to the latest revision of the chosen release channel.
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
};
outputs = inputs\@{ self, nixpkgs, ... }: {
# NOTE: '${options.networking.hostName.default}' is the default hostname
nixosConfigurations.${options.networking.hostName.default} = nixpkgs.lib.nixosSystem {
modules = [ ./configuration.nix ];
};
};
}
'';
defaultConfigTemplate = ''
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{ config, lib, pkgs, ... }:
{
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
];
$bootLoaderConfig
# networking.hostName = "nixos"; # Define your hostname.
# Configure network connections interactively with nmcli or nmtui.
networking.networkmanager.enable = true;
# Set your time zone.
# time.timeZone = "Europe/Amsterdam";
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password\@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Select internationalisation properties.
# i18n.defaultLocale = "en_US.UTF-8";
# console = {
# font = "Lat2-Terminus16";
# keyMap = "us";
# useXkbConfig = true; # use xkb.options in tty.
# };
$xserverConfig
$desktopConfiguration
# Configure keymap in X11
# services.xserver.xkb.layout = "us";
# services.xserver.xkb.options = "eurosign:e,caps:escape";
# Enable CUPS to print documents.
# services.printing.enable = true;
# Enable sound.
# services.pulseaudio.enable = true;
# OR
# services.pipewire = {
# enable = true;
# pulse.enable = true;
# };
# Enable touchpad support (enabled default in most desktopManager).
# services.libinput.enable = true;
# Define a user account. Don't forget to set a password with passwd.
# users.users.alice = {
# isNormalUser = true;
# extraGroups = [ "wheel" ]; # Enable sudo for the user.
# packages = with pkgs; [
# tree
# ];
# };
# programs.firefox.enable = true;
# List packages installed in system profile.
# You can use https://search.nixos.org/ to find more packages (and options).
# environment.systemPackages = with pkgs; [
# vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
# wget
# ];
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
# List services that you want to enable:
# Enable the OpenSSH daemon.
# services.openssh.enable = true;
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
# system.copySystemConfiguration = true;
# This option defines the first version of NixOS you have installed on this particular machine,
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
#
# Most users should NEVER change this value after the initial install, for any reason,
# even if you've upgraded your system to a new NixOS release.
#
# This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
# so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how
# to actually do that.
#
# This value being lower than the current NixOS release does NOT mean your system is
# out of date, out of support, or vulnerable.
#
# Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
# and migrated your data accordingly.
#
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
system.stateVersion = "${config.system.nixos.release}"; # Did you read the comment?
}
'';
in
{
options.system.nixos-generate-config = {
flake = lib.mkOption {
internal = true;
type = lib.types.str;
default = defaultFlakeTemplate;
description = ''
The NixOS module that `nixos-generate-config`
saves to `/etc/nixos/flake.nix` if --flake is set.
This is an internal option. No backward compatibility is guaranteed.
Use at your own risk!
Note that this string gets spliced into a Perl script. The perl
variable `$bootLoaderConfig` can be used to
splice in the boot loader configuration.
'';
};
configuration = lib.mkOption {
internal = true;
type = lib.types.str;
default = defaultConfigTemplate;
description = ''
The NixOS module that `nixos-generate-config`
saves to `/etc/nixos/configuration.nix`.
This is an internal option. No backward compatibility is guaranteed.
Use at your own risk!
Note that this string gets spliced into a Perl script. The perl
variable `$bootLoaderConfig` can be used to
splice in the boot loader configuration.
'';
};
desktopConfiguration = lib.mkOption {
internal = true;
type = lib.types.listOf lib.types.lines;
default = [ ];
description = ''
Text to preseed the desktop configuration that `nixos-generate-config`
saves to `/etc/nixos/configuration.nix`.
This is an internal option. No backward compatibility is guaranteed.
Use at your own risk!
Note that this string gets spliced into a Perl script. The perl
variable `$bootLoaderConfig` can be used to
splice in the boot loader configuration.
'';
};
};
options.system.disableInstallerTools = lib.mkOption {
internal = true;
type = lib.types.bool;
default = false;
description = ''
Disable nixos-rebuild, nixos-generate-config, nixos-installer
and other NixOS tools. This is useful to shrink embedded,
read-only systems which are not expected to rebuild or
reconfigure themselves. Use at your own risk!
'';
};
options.system.rebuild.enableNg = lib.mkEnableOption "" // {
default = true;
description = ''
Whether to use nixos-rebuild-ng in place of nixos-rebuild, the
Python-based re-implementation of the original in Bash.
'';
};
imports =
let
mkToolModule =
{
name,
package ? pkgs.${name},
}:
{ config, ... }:
{
options.system.tools.${name}.enable = lib.mkEnableOption "${name} script" // {
default = config.nix.enable && !config.system.disableInstallerTools;
defaultText = "config.nix.enable && !config.system.disableInstallerTools";
};
config = lib.mkIf config.system.tools.${name}.enable {
environment.systemPackages = [ package ];
};
};
in
[
(mkToolModule { name = "nixos-build-vms"; })
(mkToolModule { name = "nixos-enter"; })
(mkToolModule {
name = "nixos-generate-config";
package = config.system.build.nixos-generate-config;
})
(mkToolModule {
name = "nixos-install";
package = config.system.build.nixos-install;
})
(mkToolModule { name = "nixos-option"; })
(mkToolModule {
name = "nixos-rebuild";
package = config.system.build.nixos-rebuild;
})
(mkToolModule {
name = "nixos-version";
package = nixos-version;
})
];
config = {
documentation.man.man-db.skipPackages = [ nixos-version ];
warnings = lib.optional (!config.system.disableInstallerTools && !config.system.rebuild.enableNg) ''
The Bash implementation of nixos-rebuild will be deprecated and removed in the 26.05 release of NixOS.
Please migrate to the newer implementation by removing 'system.rebuild.enableNg = false' from your configuration.
If you are unable to migrate due to any issues with the new implementation, please create an issue and tag the maintainers of 'nixos-rebuild-ng'.
'';
# These may be used in auxiliary scripts (ie not part of toplevel), so they are defined unconditionally.
system.build = {
inherit nixos-generate-config nixos-install;
nixos-rebuild = if config.system.rebuild.enableNg then nixos-rebuild-ng else nixos-rebuild;
};
};
}