mirror of
https://github.com/ilyakooo0/nixpkgs.git
synced 2024-09-20 20:20:26 +03:00
Merge pull request #263203 from nikstur/replace-activation
Replace simple activationScripts
This commit is contained in:
commit
8670794565
@ -429,11 +429,11 @@ in
|
||||
'';
|
||||
};
|
||||
|
||||
# Activation script to append the password from the password file
|
||||
# preStart script to append the password from the password file
|
||||
# to the configuration files. It also fixes the owner of the
|
||||
# libnss-mysql-root.cfg because it is changed to root after the
|
||||
# password is appended.
|
||||
system.activationScripts.mysql-auth-passwords = ''
|
||||
systemd.services.mysql.preStart = ''
|
||||
if [[ -r ${cfg.passwordFile} ]]; then
|
||||
org_umask=$(umask)
|
||||
umask 0077
|
||||
|
@ -97,12 +97,9 @@ in
|
||||
|
||||
nix.settings.nix-path = mkIf (! cfg.channel.enable) (mkDefault "");
|
||||
|
||||
system.activationScripts.nix-channel = mkIf cfg.channel.enable
|
||||
(stringAfter [ "etc" "users" ] ''
|
||||
# Subscribe the root user to the NixOS channel by default.
|
||||
if [ ! -e "/root/.nix-channels" ]; then
|
||||
echo "${config.system.defaultChannel} nixos" > "/root/.nix-channels"
|
||||
fi
|
||||
'');
|
||||
systemd.tmpfiles.rules = lib.mkIf cfg.channel.enable [
|
||||
"f /root/.nix-channels -"
|
||||
''w "/root/.nix-channels" - - - - "${config.system.defaultChannel} nixos\n"''
|
||||
];
|
||||
};
|
||||
}
|
||||
|
@ -193,8 +193,11 @@ in
|
||||
source = "${pkgs.duo-unix.out}/bin/login_duo";
|
||||
};
|
||||
|
||||
system.activationScripts = {
|
||||
login_duo = mkIf cfg.ssh.enable ''
|
||||
systemd.services.login-duo = lib.mkIf cfg.ssh.enable {
|
||||
wantedBy = [ "sysinit.target" ];
|
||||
before = [ "sysinit.target" ];
|
||||
unitConfig.DefaultDependencies = false;
|
||||
script = ''
|
||||
if test -f "${cfg.secretKeyFile}"; then
|
||||
mkdir -m 0755 -p /etc/duo
|
||||
|
||||
@ -209,7 +212,13 @@ in
|
||||
mv -fT "$conf" /etc/duo/login_duo.conf
|
||||
fi
|
||||
'';
|
||||
pam_duo = mkIf cfg.pam.enable ''
|
||||
};
|
||||
|
||||
systemd.services.pam-duo = lib.mkIf cfg.ssh.enable {
|
||||
wantedBy = [ "sysinit.target" ];
|
||||
before = [ "sysinit.target" ];
|
||||
unitConfig.DefaultDependencies = false;
|
||||
script = ''
|
||||
if test -f "${cfg.secretKeyFile}"; then
|
||||
mkdir -m 0755 -p /etc/duo
|
||||
|
||||
|
@ -275,33 +275,38 @@ in
|
||||
mrpx ${wrap.source},
|
||||
'') wrappers;
|
||||
|
||||
###### wrappers activation script
|
||||
system.activationScripts.wrappers =
|
||||
lib.stringAfter [ "specialfs" "users" ]
|
||||
''
|
||||
chmod 755 "${parentWrapperDir}"
|
||||
systemd.services.suid-sgid-wrappers = {
|
||||
description = "Create SUID/SGID Wrappers";
|
||||
wantedBy = [ "sysinit.target" ];
|
||||
before = [ "sysinit.target" ];
|
||||
unitConfig.DefaultDependencies = false;
|
||||
unitConfig.RequiresMountsFor = [ "/nix/store" "/run/wrappers" ];
|
||||
serviceConfig.Type = "oneshot";
|
||||
script = ''
|
||||
chmod 755 "${parentWrapperDir}"
|
||||
|
||||
# We want to place the tmpdirs for the wrappers to the parent dir.
|
||||
wrapperDir=$(mktemp --directory --tmpdir="${parentWrapperDir}" wrappers.XXXXXXXXXX)
|
||||
chmod a+rx "$wrapperDir"
|
||||
# We want to place the tmpdirs for the wrappers to the parent dir.
|
||||
wrapperDir=$(mktemp --directory --tmpdir="${parentWrapperDir}" wrappers.XXXXXXXXXX)
|
||||
chmod a+rx "$wrapperDir"
|
||||
|
||||
${lib.concatStringsSep "\n" mkWrappedPrograms}
|
||||
${lib.concatStringsSep "\n" mkWrappedPrograms}
|
||||
|
||||
if [ -L ${wrapperDir} ]; then
|
||||
# Atomically replace the symlink
|
||||
# See https://axialcorps.com/2013/07/03/atomically-replacing-files-and-directories/
|
||||
old=$(readlink -f ${wrapperDir})
|
||||
if [ -e "${wrapperDir}-tmp" ]; then
|
||||
rm --force --recursive "${wrapperDir}-tmp"
|
||||
fi
|
||||
ln --symbolic --force --no-dereference "$wrapperDir" "${wrapperDir}-tmp"
|
||||
mv --no-target-directory "${wrapperDir}-tmp" "${wrapperDir}"
|
||||
rm --force --recursive "$old"
|
||||
else
|
||||
# For initial setup
|
||||
ln --symbolic "$wrapperDir" "${wrapperDir}"
|
||||
if [ -L ${wrapperDir} ]; then
|
||||
# Atomically replace the symlink
|
||||
# See https://axialcorps.com/2013/07/03/atomically-replacing-files-and-directories/
|
||||
old=$(readlink -f ${wrapperDir})
|
||||
if [ -e "${wrapperDir}-tmp" ]; then
|
||||
rm --force --recursive "${wrapperDir}-tmp"
|
||||
fi
|
||||
'';
|
||||
ln --symbolic --force --no-dereference "$wrapperDir" "${wrapperDir}-tmp"
|
||||
mv --no-target-directory "${wrapperDir}-tmp" "${wrapperDir}"
|
||||
rm --force --recursive "$old"
|
||||
else
|
||||
# For initial setup
|
||||
ln --symbolic "$wrapperDir" "${wrapperDir}"
|
||||
fi
|
||||
'';
|
||||
};
|
||||
|
||||
###### wrappers consistency checks
|
||||
system.checks = lib.singleton (pkgs.runCommandLocal
|
||||
|
@ -143,13 +143,11 @@ in
|
||||
|
||||
environment.systemPackages = [ pkgs.mlmmj ];
|
||||
|
||||
system.activationScripts.mlmmj = ''
|
||||
${pkgs.coreutils}/bin/mkdir -p ${stateDir} ${spoolDir}/${cfg.listDomain}
|
||||
${pkgs.coreutils}/bin/chown -R ${cfg.user}:${cfg.group} ${spoolDir}
|
||||
${concatMapLines (createList cfg.listDomain) cfg.mailLists}
|
||||
${pkgs.postfix}/bin/postmap /etc/postfix/virtual
|
||||
${pkgs.postfix}/bin/postmap /etc/postfix/transport
|
||||
'';
|
||||
systemd.tmpfiles.rules = [
|
||||
''d "${stateDir}" -''
|
||||
''d "${spoolDir}/${cfg.listDomain}" -''
|
||||
''Z "${spoolDir}" - "${cfg.user}" "${cfg.group}" -''
|
||||
];
|
||||
|
||||
systemd.services.mlmmj-maintd = {
|
||||
description = "mlmmj maintenance daemon";
|
||||
@ -158,6 +156,11 @@ in
|
||||
Group = cfg.group;
|
||||
ExecStart = "${pkgs.mlmmj}/bin/mlmmj-maintd -F -d ${spoolDir}/${cfg.listDomain}";
|
||||
};
|
||||
preStart = ''
|
||||
${concatMapLines (createList cfg.listDomain) cfg.mailLists}
|
||||
${pkgs.postfix}/bin/postmap /etc/postfix/virtual
|
||||
${pkgs.postfix}/bin/postmap /etc/postfix/transport
|
||||
'';
|
||||
};
|
||||
|
||||
systemd.timers.mlmmj-maintd = {
|
||||
|
@ -239,11 +239,9 @@ in
|
||||
|
||||
power.ups.schedulerRules = mkDefault "${pkgs.nut}/etc/upssched.conf.sample";
|
||||
|
||||
system.activationScripts.upsSetup = stringAfter [ "users" "groups" ]
|
||||
''
|
||||
# Used to store pid files of drivers.
|
||||
mkdir -p /var/state/ups
|
||||
'';
|
||||
systemd.tmpfiles.rules = [
|
||||
"d /var/state/ups -"
|
||||
];
|
||||
|
||||
|
||||
/*
|
||||
|
@ -52,25 +52,27 @@ in
|
||||
'';
|
||||
environment.etc."iscsi/initiatorname.iscsi".text = "InitiatorName=${cfg.name}";
|
||||
|
||||
system.activationScripts.iscsid = let
|
||||
extraCfgDumper = optionalString (cfg.extraConfigFile != null) ''
|
||||
if [ -f "${cfg.extraConfigFile}" ]; then
|
||||
printf "\n# The following is from ${cfg.extraConfigFile}:\n"
|
||||
cat "${cfg.extraConfigFile}"
|
||||
else
|
||||
echo "Warning: services.openiscsi.extraConfigFile ${cfg.extraConfigFile} does not exist!" >&2
|
||||
fi
|
||||
'';
|
||||
in ''
|
||||
(
|
||||
cat ${config.environment.etc."iscsi/iscsid.conf.fragment".source}
|
||||
${extraCfgDumper}
|
||||
) > /etc/iscsi/iscsid.conf
|
||||
'';
|
||||
|
||||
systemd.packages = [ cfg.package ];
|
||||
|
||||
systemd.services."iscsid".wantedBy = [ "multi-user.target" ];
|
||||
systemd.services."iscsid" = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
preStart =
|
||||
let
|
||||
extraCfgDumper = optionalString (cfg.extraConfigFile != null) ''
|
||||
if [ -f "${cfg.extraConfigFile}" ]; then
|
||||
printf "\n# The following is from ${cfg.extraConfigFile}:\n"
|
||||
cat "${cfg.extraConfigFile}"
|
||||
else
|
||||
echo "Warning: services.openiscsi.extraConfigFile ${cfg.extraConfigFile} does not exist!" >&2
|
||||
fi
|
||||
'';
|
||||
in ''
|
||||
(
|
||||
cat ${config.environment.etc."iscsi/iscsid.conf.fragment".source}
|
||||
${extraCfgDumper}
|
||||
) > /etc/iscsi/iscsid.conf
|
||||
'';
|
||||
};
|
||||
systemd.sockets."iscsid".wantedBy = [ "sockets.target" ];
|
||||
|
||||
systemd.services."iscsi" = mkIf cfg.enableAutoLoginOut {
|
||||
|
@ -197,8 +197,9 @@ in
|
||||
script = "exec ${pkgs.spiped}/bin/spiped -F `cat /etc/spiped/$1.spec`";
|
||||
};
|
||||
|
||||
system.activationScripts.spiped = optionalString (cfg.config != {})
|
||||
"mkdir -p /var/lib/spiped";
|
||||
systemd.tmpfiles.rules = lib.mkIf (cfg.config != { }) [
|
||||
"d /var/lib/spiped -"
|
||||
];
|
||||
|
||||
# Setup spiped config files
|
||||
environment.etc = mapAttrs' (name: cfg: nameValuePair "spiped/${name}.spec"
|
||||
|
@ -43,21 +43,21 @@ in {
|
||||
|
||||
# The swanctl command complains when the following directories don't exist:
|
||||
# See: https://wiki.strongswan.org/projects/strongswan/wiki/Swanctldirectory
|
||||
system.activationScripts.strongswan-swanctl-etc = stringAfter ["etc"] ''
|
||||
mkdir -p '/etc/swanctl/x509' # Trusted X.509 end entity certificates
|
||||
mkdir -p '/etc/swanctl/x509ca' # Trusted X.509 Certificate Authority certificates
|
||||
mkdir -p '/etc/swanctl/x509ocsp'
|
||||
mkdir -p '/etc/swanctl/x509aa' # Trusted X.509 Attribute Authority certificates
|
||||
mkdir -p '/etc/swanctl/x509ac' # Attribute Certificates
|
||||
mkdir -p '/etc/swanctl/x509crl' # Certificate Revocation Lists
|
||||
mkdir -p '/etc/swanctl/pubkey' # Raw public keys
|
||||
mkdir -p '/etc/swanctl/private' # Private keys in any format
|
||||
mkdir -p '/etc/swanctl/rsa' # PKCS#1 encoded RSA private keys
|
||||
mkdir -p '/etc/swanctl/ecdsa' # Plain ECDSA private keys
|
||||
mkdir -p '/etc/swanctl/bliss'
|
||||
mkdir -p '/etc/swanctl/pkcs8' # PKCS#8 encoded private keys of any type
|
||||
mkdir -p '/etc/swanctl/pkcs12' # PKCS#12 containers
|
||||
'';
|
||||
systemd.tmpfiles.rules = [
|
||||
"d /etc/swanctl/x509 -" # Trusted X.509 end entity certificates
|
||||
"d /etc/swanctl/x509ca -" # Trusted X.509 Certificate Authority certificates
|
||||
"d /etc/swanctl/x509ocsp -"
|
||||
"d /etc/swanctl/x509aa -" # Trusted X.509 Attribute Authority certificates
|
||||
"d /etc/swanctl/x509ac -" # Attribute Certificates
|
||||
"d /etc/swanctl/x509crl -" # Certificate Revocation Lists
|
||||
"d /etc/swanctl/pubkey -" # Raw public keys
|
||||
"d /etc/swanctl/private -" # Private keys in any format
|
||||
"d /etc/swanctl/rsa -" # PKCS#1 encoded RSA private keys
|
||||
"d /etc/swanctl/ecdsa -" # Plain ECDSA private keys
|
||||
"d /etc/swanctl/bliss -"
|
||||
"d /etc/swanctl/pkcs8 -" # PKCS#8 encoded private keys of any type
|
||||
"d /etc/swanctl/pkcs12 -" # PKCS#12 containers
|
||||
];
|
||||
|
||||
systemd.services.strongswan-swanctl = {
|
||||
description = "strongSwan IPsec IKEv1/IKEv2 daemon using swanctl";
|
||||
|
@ -249,11 +249,6 @@ in
|
||||
|
||||
services.xserver.displayManager.hiddenUsers = attrNames nixbldUsers;
|
||||
|
||||
system.activationScripts.nix = stringAfter [ "etc" "users" ]
|
||||
''
|
||||
install -m 0755 -d /nix/var/nix/{gcroots,profiles}/per-user
|
||||
'';
|
||||
|
||||
# Legacy configuration conversion.
|
||||
nix.settings = mkMerge [
|
||||
(mkIf (isNixAtLeast "2.3pre") { sandbox-fallback = false; })
|
||||
|
@ -287,9 +287,9 @@ in
|
||||
|
||||
# The systemd service will fail to execute the preStart hook
|
||||
# if the WorkingDirectory does not exist
|
||||
system.activationScripts.mattermost = ''
|
||||
mkdir -p "${cfg.statePath}"
|
||||
'';
|
||||
systemd.tmpfiles.rules = [
|
||||
''d "${cfg.statePath}" -''
|
||||
];
|
||||
|
||||
systemd.services.mattermost = {
|
||||
description = "Mattermost chat service";
|
||||
|
@ -204,11 +204,9 @@ in
|
||||
};
|
||||
|
||||
# Create default cert store
|
||||
system.activationScripts.makeStargazerCertDir =
|
||||
lib.optionalAttrs (cfg.store == /var/lib/gemini/certs) ''
|
||||
mkdir -p /var/lib/gemini/certs
|
||||
chown -R ${cfg.user}:${cfg.group} /var/lib/gemini/certs
|
||||
'';
|
||||
systemd.tmpfiles.rules = lib.mkIf (cfg.store == /var/lib/gemini/certs) [
|
||||
''d /var/lib/gemini/certs - "${cfg.user}" "${cfg.group}" -''
|
||||
];
|
||||
|
||||
users.users = lib.optionalAttrs (cfg.user == "stargazer") {
|
||||
stargazer = {
|
||||
|
@ -55,10 +55,6 @@ let
|
||||
# used as a garbage collection root.
|
||||
ln -sfn "$(readlink -f "$systemConfig")" /run/current-system
|
||||
|
||||
# Prevent the current configuration from being garbage-collected.
|
||||
mkdir -p /nix/var/nix/gcroots
|
||||
ln -sfn /run/current-system /nix/var/nix/gcroots/current-system
|
||||
|
||||
exit $_status
|
||||
'';
|
||||
|
||||
@ -233,23 +229,16 @@ in
|
||||
config = {
|
||||
|
||||
system.activationScripts.stdio = ""; # obsolete
|
||||
system.activationScripts.var = ""; # obsolete
|
||||
system.activationScripts.specialfs = ""; # obsolete
|
||||
|
||||
system.activationScripts.var =
|
||||
''
|
||||
# Various log/runtime directories.
|
||||
|
||||
mkdir -p /var/tmp
|
||||
chmod 1777 /var/tmp
|
||||
|
||||
# Empty, immutable home directory of many system accounts.
|
||||
mkdir -p /var/empty
|
||||
# Make sure it's really empty
|
||||
${pkgs.e2fsprogs}/bin/chattr -f -i /var/empty || true
|
||||
find /var/empty -mindepth 1 -delete
|
||||
chmod 0555 /var/empty
|
||||
chown root:root /var/empty
|
||||
${pkgs.e2fsprogs}/bin/chattr -f +i /var/empty || true
|
||||
'';
|
||||
systemd.tmpfiles.rules = [
|
||||
# Prevent the current configuration from being garbage-collected.
|
||||
"d /nix/var/nix/gcroots -"
|
||||
"L+ /nix/var/nix/gcroots/current-system - - - - /run/current-system"
|
||||
"D /var/empty 0555 root root -"
|
||||
"h /var/empty - - - - +i"
|
||||
];
|
||||
|
||||
system.activationScripts.usrbinenv = if config.environment.usrbinenv != null
|
||||
then ''
|
||||
@ -263,25 +252,6 @@ in
|
||||
rmdir --ignore-fail-on-non-empty /usr/bin /usr
|
||||
'';
|
||||
|
||||
system.activationScripts.specialfs =
|
||||
''
|
||||
specialMount() {
|
||||
local device="$1"
|
||||
local mountPoint="$2"
|
||||
local options="$3"
|
||||
local fsType="$4"
|
||||
|
||||
if mountpoint -q "$mountPoint"; then
|
||||
local options="remount,$options"
|
||||
else
|
||||
mkdir -p "$mountPoint"
|
||||
chmod 0755 "$mountPoint"
|
||||
fi
|
||||
mount -t "$fsType" -o "$options" "$device" "$mountPoint"
|
||||
}
|
||||
source ${config.system.build.earlyMountScript}
|
||||
'';
|
||||
|
||||
systemd.user = {
|
||||
services.nixos-activation = {
|
||||
description = "Run user-specific NixOS activation";
|
||||
|
@ -20,17 +20,13 @@ let
|
||||
optionalString fixBinary "F";
|
||||
in ":${name}:${type}:${offset'}:${magicOrExtension}:${mask'}:${interpreter}:${flags}";
|
||||
|
||||
activationSnippet = name: { interpreter, wrapInterpreterInShell, ... }: if wrapInterpreterInShell then ''
|
||||
rm -f /run/binfmt/${name}
|
||||
cat > /run/binfmt/${name} << 'EOF'
|
||||
#!${pkgs.bash}/bin/sh
|
||||
exec -- ${interpreter} "$@"
|
||||
EOF
|
||||
chmod +x /run/binfmt/${name}
|
||||
'' else ''
|
||||
rm -f /run/binfmt/${name}
|
||||
ln -s ${interpreter} /run/binfmt/${name}
|
||||
'';
|
||||
mkInterpreter = name: { interpreter, wrapInterpreterInShell, ... }:
|
||||
if wrapInterpreterInShell
|
||||
then pkgs.writeShellScript "${name}-interpreter" ''
|
||||
#!${pkgs.bash}/bin/sh
|
||||
exec -- ${interpreter} "$@"
|
||||
''
|
||||
else interpreter;
|
||||
|
||||
getEmulator = system: (lib.systems.elaborate { inherit system; }).emulator pkgs;
|
||||
getQemuArch = system: (lib.systems.elaborate { inherit system; }).qemuArch;
|
||||
@ -318,18 +314,25 @@ in {
|
||||
|
||||
environment.etc."binfmt.d/nixos.conf".source = builtins.toFile "binfmt_nixos.conf"
|
||||
(lib.concatStringsSep "\n" (lib.mapAttrsToList makeBinfmtLine config.boot.binfmt.registrations));
|
||||
system.activationScripts.binfmt = stringAfter [ "specialfs" ] ''
|
||||
mkdir -p /run/binfmt
|
||||
chmod 0755 /run/binfmt
|
||||
${lib.concatStringsSep "\n" (lib.mapAttrsToList activationSnippet config.boot.binfmt.registrations)}
|
||||
'';
|
||||
systemd = lib.mkIf (config.boot.binfmt.registrations != {}) {
|
||||
additionalUpstreamSystemUnits = [
|
||||
"proc-sys-fs-binfmt_misc.automount"
|
||||
"proc-sys-fs-binfmt_misc.mount"
|
||||
"systemd-binfmt.service"
|
||||
];
|
||||
services.systemd-binfmt.restartTriggers = [ (builtins.toJSON config.boot.binfmt.registrations) ];
|
||||
};
|
||||
|
||||
systemd = lib.mkMerge [
|
||||
({ tmpfiles.rules = [
|
||||
"d /run/binfmt 0755 -"
|
||||
] ++ lib.mapAttrsToList
|
||||
(name: interpreter:
|
||||
"L+ /run/binfmt/${name} - - - - ${interpreter}"
|
||||
)
|
||||
(lib.mapAttrs mkInterpreter config.boot.binfmt.registrations);
|
||||
})
|
||||
|
||||
(lib.mkIf (config.boot.binfmt.registrations != {}) {
|
||||
additionalUpstreamSystemUnits = [
|
||||
"proc-sys-fs-binfmt_misc.automount"
|
||||
"proc-sys-fs-binfmt_misc.mount"
|
||||
"systemd-binfmt.service"
|
||||
];
|
||||
services.systemd-binfmt.restartTriggers = [ (builtins.toJSON config.boot.binfmt.registrations) ];
|
||||
})
|
||||
];
|
||||
};
|
||||
}
|
||||
|
@ -46,6 +46,28 @@ with lib;
|
||||
wantedBy = [ "sysinit.target" ];
|
||||
aliases = [ "dbus-org.freedesktop.timesync1.service" ];
|
||||
restartTriggers = [ config.environment.etc."systemd/timesyncd.conf".source ];
|
||||
|
||||
preStart = (
|
||||
# Ensure that we have some stored time to prevent
|
||||
# systemd-timesyncd to resort back to the fallback time. If
|
||||
# the file doesn't exist we assume that our current system
|
||||
# clock is good enough to provide an initial value.
|
||||
''
|
||||
if ! [ -f /var/lib/systemd/timesync/clock ]; then
|
||||
test -d /var/lib/systemd/timesync || mkdir -p /var/lib/systemd/timesync
|
||||
touch /var/lib/systemd/timesync/clock
|
||||
fi
|
||||
'' +
|
||||
# workaround an issue of systemd-timesyncd not starting due to upstream systemd reverting their dynamic users changes
|
||||
# - https://github.com/NixOS/nixpkgs/pull/61321#issuecomment-492423742
|
||||
# - https://github.com/systemd/systemd/issues/12131
|
||||
(lib.optionalString (versionOlder config.system.stateVersion "19.09") ''
|
||||
if [ -L /var/lib/systemd/timesync ]; then
|
||||
rm /var/lib/systemd/timesync
|
||||
mv /var/lib/private/systemd/timesync /var/lib/systemd/timesync
|
||||
fi
|
||||
'')
|
||||
);
|
||||
};
|
||||
|
||||
environment.etc."systemd/timesyncd.conf".text = ''
|
||||
@ -59,28 +81,5 @@ with lib;
|
||||
group = "systemd-timesync";
|
||||
};
|
||||
users.groups.systemd-timesync.gid = config.ids.gids.systemd-timesync;
|
||||
|
||||
system.activationScripts.systemd-timesyncd-migration =
|
||||
# workaround an issue of systemd-timesyncd not starting due to upstream systemd reverting their dynamic users changes
|
||||
# - https://github.com/NixOS/nixpkgs/pull/61321#issuecomment-492423742
|
||||
# - https://github.com/systemd/systemd/issues/12131
|
||||
mkIf (versionOlder config.system.stateVersion "19.09") ''
|
||||
if [ -L /var/lib/systemd/timesync ]; then
|
||||
rm /var/lib/systemd/timesync
|
||||
mv /var/lib/private/systemd/timesync /var/lib/systemd/timesync
|
||||
fi
|
||||
'';
|
||||
system.activationScripts.systemd-timesyncd-init-clock =
|
||||
# Ensure that we have some stored time to prevent systemd-timesyncd to
|
||||
# resort back to the fallback time.
|
||||
# If the file doesn't exist we assume that our current system clock is
|
||||
# good enough to provide an initial value.
|
||||
''
|
||||
if ! [ -f /var/lib/systemd/timesync/clock ]; then
|
||||
test -d /var/lib/systemd/timesync || mkdir -p /var/lib/systemd/timesync
|
||||
touch /var/lib/systemd/timesync/clock
|
||||
fi
|
||||
'';
|
||||
};
|
||||
|
||||
}
|
||||
|
@ -1406,18 +1406,12 @@ in
|
||||
val = tempaddrValues.${opt}.sysctl;
|
||||
in nameValuePair "net.ipv6.conf.${replaceStrings ["."] ["/"] i.name}.use_tempaddr" val));
|
||||
|
||||
# Set the host and domain names in the activation script. Don't
|
||||
# clear it if it's not configured in the NixOS configuration,
|
||||
# since it may have been set by dhcpcd in the meantime.
|
||||
system.activationScripts.hostname = let
|
||||
effectiveHostname = config.boot.kernel.sysctl."kernel.hostname" or cfg.hostName;
|
||||
in optionalString (effectiveHostname != "") ''
|
||||
hostname "${effectiveHostname}"
|
||||
'';
|
||||
system.activationScripts.domain =
|
||||
optionalString (cfg.domain != null) ''
|
||||
domainname "${cfg.domain}"
|
||||
'';
|
||||
systemd.services.domainname = lib.mkIf (cfg.domain != null) {
|
||||
wantedBy = [ "sysinit.target" ];
|
||||
before = [ "sysinit.target" ];
|
||||
unitConfig.DefaultDependencies = false;
|
||||
serviceConfig.ExecStart = ''domainname "${cfg.domain}"'';
|
||||
};
|
||||
|
||||
environment.etc.hostid = mkIf (cfg.hostId != null) { source = hostidFile; };
|
||||
boot.initrd.systemd.contents."/etc/hostid" = mkIf (cfg.hostId != null) { source = hostidFile; };
|
||||
|
16
nixos/tests/activation/nix-channel.nix
Normal file
16
nixos/tests/activation/nix-channel.nix
Normal file
@ -0,0 +1,16 @@
|
||||
{ lib, ... }:
|
||||
|
||||
{
|
||||
|
||||
name = "activation-nix-channel";
|
||||
|
||||
meta.maintainers = with lib.maintainers; [ nikstur ];
|
||||
|
||||
nodes.machine = {
|
||||
nix.channel.enable = true;
|
||||
};
|
||||
|
||||
testScript = ''
|
||||
print(machine.succeed("cat /root/.nix-channels"))
|
||||
'';
|
||||
}
|
18
nixos/tests/activation/var.nix
Normal file
18
nixos/tests/activation/var.nix
Normal file
@ -0,0 +1,18 @@
|
||||
{ lib, ... }:
|
||||
|
||||
{
|
||||
|
||||
name = "activation-var";
|
||||
|
||||
meta.maintainers = with lib.maintainers; [ nikstur ];
|
||||
|
||||
nodes.machine = { };
|
||||
|
||||
testScript = ''
|
||||
assert machine.succeed("stat -c '%a' /var/tmp") == "1777\n"
|
||||
assert machine.succeed("stat -c '%a' /var/empty") == "555\n"
|
||||
assert machine.succeed("stat -c '%U' /var/empty") == "root\n"
|
||||
assert machine.succeed("stat -c '%G' /var/empty") == "root\n"
|
||||
assert "i" in machine.succeed("lsattr -d /var/empty")
|
||||
'';
|
||||
}
|
@ -266,6 +266,8 @@ in {
|
||||
esphome = handleTest ./esphome.nix {};
|
||||
etc = pkgs.callPackage ../modules/system/etc/test.nix { inherit evalMinimalConfig; };
|
||||
activation = pkgs.callPackage ../modules/system/activation/test.nix { };
|
||||
activation-var = runTest ./activation/var.nix;
|
||||
activation-nix-channel = runTest ./activation/nix-channel.nix;
|
||||
etcd = handleTestOn ["x86_64-linux"] ./etcd.nix {};
|
||||
etcd-cluster = handleTestOn ["x86_64-linux"] ./etcd-cluster.nix {};
|
||||
etebase-server = handleTest ./etebase-server.nix {};
|
||||
|
@ -22,15 +22,14 @@ let
|
||||
};
|
||||
};
|
||||
|
||||
system.activationScripts.setup-grafana = {
|
||||
deps = [ "users" ];
|
||||
text = ''
|
||||
mkdir -p /var/lib/grafana/dashboards
|
||||
chown -R grafana:grafana /var/lib/grafana
|
||||
chmod 0700 -R /var/lib/grafana/dashboards
|
||||
cp ${pkgs.writeText "test.json" (builtins.readFile ./test_dashboard.json)} /var/lib/grafana/dashboards/
|
||||
'';
|
||||
};
|
||||
systemd.tmpfiles.rules =
|
||||
let
|
||||
dashboard = pkgs.writeText "test.json" (builtins.readFile ./test_dashboard.json);
|
||||
in
|
||||
[
|
||||
"d /var/lib/grafana/dashboards 0700 grafana grafana -"
|
||||
"C+ /var/lib/grafana/dashboards/test.json - - - - ${dashboard}"
|
||||
];
|
||||
};
|
||||
|
||||
extraNodeConfs = {
|
||||
|
@ -31,14 +31,9 @@ in
|
||||
services.opensearch.dataDir = "/var/opensearch_test";
|
||||
services.opensearch.user = "open_search";
|
||||
services.opensearch.group = "open_search";
|
||||
system.activationScripts.createDirectory = {
|
||||
text = ''
|
||||
mkdir -p "/var/opensearch_test"
|
||||
chown open_search:open_search /var/opensearch_test
|
||||
chmod 0700 /var/opensearch_test
|
||||
'';
|
||||
deps = [ "users" "groups" ];
|
||||
};
|
||||
systemd.tmpfiles.rules = [
|
||||
"d /var/opensearch_test 0700 open_search open_search -"
|
||||
];
|
||||
users = {
|
||||
groups.open_search = {};
|
||||
users.open_search = {
|
||||
|
@ -17,11 +17,16 @@ let
|
||||
};
|
||||
};
|
||||
makeCert = { config, pkgs, ... }: {
|
||||
system.activationScripts.create-test-cert = stringAfter [ "users" ] ''
|
||||
${pkgs.openssl}/bin/openssl req -batch -x509 -newkey rsa -nodes -out /test-cert.pem -keyout /test-key.pem -subj /CN=${config.networking.hostName}
|
||||
( umask 077; cat /test-key.pem /test-cert.pem > /test-key-and-cert.pem )
|
||||
chown stunnel /test-key.pem /test-key-and-cert.pem
|
||||
systemd.services.create-test-cert = {
|
||||
wantedBy = [ "sysinit.target" ];
|
||||
before = [ "sysinit.target" ];
|
||||
unitConfig.DefaultDependencies = false;
|
||||
script = ''
|
||||
${pkgs.openssl}/bin/openssl req -batch -x509 -newkey rsa -nodes -out /test-cert.pem -keyout /test-key.pem -subj /CN=${config.networking.hostName}
|
||||
( umask 077; cat /test-key.pem /test-cert.pem > /test-key-and-cert.pem )
|
||||
chown stunnel /test-key.pem /test-key-and-cert.pem
|
||||
'';
|
||||
};
|
||||
};
|
||||
serverCommon = { pkgs, ... }: {
|
||||
networking.firewall.allowedTCPPorts = [ 443 ];
|
||||
|
@ -15,12 +15,13 @@ in {
|
||||
# create the path that should be migrated by our activation script when
|
||||
# upgrading to a newer nixos version
|
||||
system.stateVersion = "19.03";
|
||||
system.activationScripts.simulate-old-timesync-state-dir = lib.mkBefore ''
|
||||
rm -f /var/lib/systemd/timesync
|
||||
mkdir -p /var/lib/systemd /var/lib/private/systemd/timesync
|
||||
ln -s /var/lib/private/systemd/timesync /var/lib/systemd/timesync
|
||||
chown systemd-timesync: /var/lib/private/systemd/timesync
|
||||
'';
|
||||
systemd.tmpfiles.rules = [
|
||||
"r /var/lib/systemd/timesync -"
|
||||
"d /var/lib/systemd -"
|
||||
"d /var/lib/private/systemd/timesync -"
|
||||
"L /var/lib/systemd/timesync - - - - /var/lib/private/systemd/timesync"
|
||||
"d /var/lib/private/systemd/timesync - systemd-timesync systemd-timesync -"
|
||||
];
|
||||
});
|
||||
};
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user