|
|
@ -125,7 +125,7 @@ let |
|
|
|
}; |
|
|
|
}; |
|
|
|
|
|
|
|
|
|
|
|
initrdBinEnv = pkgs.buildEnv { |
|
|
|
initrdBinEnv = pkgs.buildEnv { |
|
|
|
name = "initrd-emergency-env"; |
|
|
|
name = "initrd-bin-env"; |
|
|
|
paths = map getBin cfg.initrdBin; |
|
|
|
paths = map getBin cfg.initrdBin; |
|
|
|
pathsToLink = ["/bin" "/sbin"]; |
|
|
|
pathsToLink = ["/bin" "/sbin"]; |
|
|
|
postBuild = concatStringsSep "\n" (mapAttrsToList (n: v: "ln -s '${v}' $out/bin/'${n}'") cfg.extraBin); |
|
|
|
postBuild = concatStringsSep "\n" (mapAttrsToList (n: v: "ln -s '${v}' $out/bin/'${n}'") cfg.extraBin); |
|
|
@ -355,8 +355,9 @@ in { |
|
|
|
boot.initrd.availableKernelModules = [ "autofs4" ]; # systemd needs this for some features |
|
|
|
boot.initrd.availableKernelModules = [ "autofs4" ]; # systemd needs this for some features |
|
|
|
|
|
|
|
|
|
|
|
boot.initrd.systemd = { |
|
|
|
boot.initrd.systemd = { |
|
|
|
initrdBin = [pkgs.bash pkgs.coreutils pkgs.kmod cfg.package] ++ config.system.fsPackages; |
|
|
|
initrdBin = [pkgs.bash pkgs.coreutils cfg.package.kmod cfg.package] ++ config.system.fsPackages; |
|
|
|
extraBin = { |
|
|
|
extraBin = { |
|
|
|
|
|
|
|
less = "${pkgs.less}/bin/less"; |
|
|
|
mount = "${cfg.package.util-linux}/bin/mount"; |
|
|
|
mount = "${cfg.package.util-linux}/bin/mount"; |
|
|
|
umount = "${cfg.package.util-linux}/bin/umount"; |
|
|
|
umount = "${cfg.package.util-linux}/bin/umount"; |
|
|
|
}; |
|
|
|
}; |
|
|
@ -367,7 +368,7 @@ in { |
|
|
|
|
|
|
|
|
|
|
|
"/etc/systemd/system.conf".text = '' |
|
|
|
"/etc/systemd/system.conf".text = '' |
|
|
|
[Manager] |
|
|
|
[Manager] |
|
|
|
DefaultEnvironment=PATH=/bin:/sbin |
|
|
|
DefaultEnvironment=PATH=/bin:/sbin ${optionalString (isBool cfg.emergencyAccess && cfg.emergencyAccess) "SYSTEMD_SULOGIN_FORCE=1"} |
|
|
|
''; |
|
|
|
''; |
|
|
|
|
|
|
|
|
|
|
|
"/etc/fstab".source = fstab; |
|
|
|
"/etc/fstab".source = fstab; |
|
|
@ -394,7 +395,9 @@ in { |
|
|
|
"${cfg.package}/lib/systemd/systemd-journald" |
|
|
|
"${cfg.package}/lib/systemd/systemd-journald" |
|
|
|
"${cfg.package}/lib/systemd/systemd-makefs" |
|
|
|
"${cfg.package}/lib/systemd/systemd-makefs" |
|
|
|
"${cfg.package}/lib/systemd/systemd-modules-load" |
|
|
|
"${cfg.package}/lib/systemd/systemd-modules-load" |
|
|
|
|
|
|
|
"${cfg.package}/lib/systemd/systemd-random-seed" |
|
|
|
"${cfg.package}/lib/systemd/systemd-remount-fs" |
|
|
|
"${cfg.package}/lib/systemd/systemd-remount-fs" |
|
|
|
|
|
|
|
"${cfg.package}/lib/systemd/systemd-shutdown" |
|
|
|
"${cfg.package}/lib/systemd/systemd-sulogin-shell" |
|
|
|
"${cfg.package}/lib/systemd/systemd-sulogin-shell" |
|
|
|
"${cfg.package}/lib/systemd/systemd-sysctl" |
|
|
|
"${cfg.package}/lib/systemd/systemd-sysctl" |
|
|
|
"${cfg.package}/lib/systemd/systemd-udevd" |
|
|
|
"${cfg.package}/lib/systemd/systemd-udevd" |
|
|
@ -410,7 +413,7 @@ in { |
|
|
|
"${cfg.package.util-linux}/bin/sulogin" |
|
|
|
"${cfg.package.util-linux}/bin/sulogin" |
|
|
|
|
|
|
|
|
|
|
|
# so NSS can look up usernames |
|
|
|
# so NSS can look up usernames |
|
|
|
"${pkgs.glibc}/lib/libnss_files.so" |
|
|
|
"${pkgs.glibc}/lib/libnss_files.so.2" |
|
|
|
] ++ jobScripts; |
|
|
|
] ++ jobScripts; |
|
|
|
|
|
|
|
|
|
|
|
targets.initrd.aliases = ["default.target"]; |
|
|
|
targets.initrd.aliases = ["default.target"]; |
|
|
@ -428,9 +431,6 @@ in { |
|
|
|
(v: let n = escapeSystemdPath v.where; |
|
|
|
(v: let n = escapeSystemdPath v.where; |
|
|
|
in nameValuePair "${n}.automount" (automountToUnit n v)) cfg.automounts); |
|
|
|
in nameValuePair "${n}.automount" (automountToUnit n v)) cfg.automounts); |
|
|
|
|
|
|
|
|
|
|
|
services.emergency = mkIf (isBool cfg.emergencyAccess && cfg.emergencyAccess) { |
|
|
|
|
|
|
|
environment.SYSTEMD_SULOGIN_FORCE = "1"; |
|
|
|
|
|
|
|
}; |
|
|
|
|
|
|
|
# The unit in /run/systemd/generator shadows the unit in |
|
|
|
# The unit in /run/systemd/generator shadows the unit in |
|
|
|
# /etc/systemd/system, but will still apply drop-ins from |
|
|
|
# /etc/systemd/system, but will still apply drop-ins from |
|
|
|
# /etc/systemd/system/foo.service.d/ |
|
|
|
# /etc/systemd/system/foo.service.d/ |
|
|
@ -445,6 +445,67 @@ in { |
|
|
|
'')]; |
|
|
|
'')]; |
|
|
|
services."systemd-makefs@".unitConfig.IgnoreOnIsolate = true; |
|
|
|
services."systemd-makefs@".unitConfig.IgnoreOnIsolate = true; |
|
|
|
services."systemd-growfs@".unitConfig.IgnoreOnIsolate = true; |
|
|
|
services."systemd-growfs@".unitConfig.IgnoreOnIsolate = true; |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
services.initrd-nixos-activation = { |
|
|
|
|
|
|
|
after = [ "initrd-fs.target" ]; |
|
|
|
|
|
|
|
requiredBy = [ "initrd.target" ]; |
|
|
|
|
|
|
|
unitConfig.AssertPathExists = "/etc/initrd-release"; |
|
|
|
|
|
|
|
serviceConfig.Type = "oneshot"; |
|
|
|
|
|
|
|
description = "NixOS Activation"; |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
script = /* bash */ '' |
|
|
|
|
|
|
|
set -uo pipefail |
|
|
|
|
|
|
|
export PATH="/bin:${cfg.package.util-linux}/bin" |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Figure out what closure to boot |
|
|
|
|
|
|
|
closure= |
|
|
|
|
|
|
|
for o in $(< /proc/cmdline); do |
|
|
|
|
|
|
|
case $o in |
|
|
|
|
|
|
|
init=*) |
|
|
|
|
|
|
|
IFS== read -r -a initParam <<< "$o" |
|
|
|
|
|
|
|
closure="$(dirname "''${initParam[1]}")" |
|
|
|
|
|
|
|
;; |
|
|
|
|
|
|
|
esac |
|
|
|
|
|
|
|
done |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Sanity check |
|
|
|
|
|
|
|
if [ -z "''${closure:-}" ]; then |
|
|
|
|
|
|
|
echo 'No init= parameter on the kernel command line' >&2 |
|
|
|
|
|
|
|
exit 1 |
|
|
|
|
|
|
|
fi |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# If we are not booting a NixOS closure (e.g. init=/bin/sh), |
|
|
|
|
|
|
|
# we don't know what root to prepare so we don't do anything |
|
|
|
|
|
|
|
if ! [ -x "/sysroot$closure/prepare-root" ]; then |
|
|
|
|
|
|
|
echo "NEW_INIT=''${initParam[1]}" > /etc/switch-root.conf |
|
|
|
|
|
|
|
echo "$closure does not look like a NixOS installation - not activating" |
|
|
|
|
|
|
|
exit 0 |
|
|
|
|
|
|
|
fi |
|
|
|
|
|
|
|
echo 'NEW_INIT=' > /etc/switch-root.conf |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# We need to propagate /run for things like /run/booted-system |
|
|
|
|
|
|
|
# and /run/current-system. |
|
|
|
|
|
|
|
mkdir -p /sysroot/run |
|
|
|
|
|
|
|
mount --bind /run /sysroot/run |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Initialize the system |
|
|
|
|
|
|
|
export IN_NIXOS_SYSTEMD_STAGE1=true |
|
|
|
|
|
|
|
exec chroot /sysroot $closure/prepare-root |
|
|
|
|
|
|
|
''; |
|
|
|
|
|
|
|
}; |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# This will either call systemctl with the new init as the last parameter (which |
|
|
|
|
|
|
|
# is the case when not booting a NixOS system) or with an empty string, causing |
|
|
|
|
|
|
|
# systemd to bypass its verification code that checks whether the next file is a systemd |
|
|
|
|
|
|
|
# and using its compiled-in value |
|
|
|
|
|
|
|
services.initrd-switch-root.serviceConfig = { |
|
|
|
|
|
|
|
EnvironmentFile = "-/etc/switch-root.conf"; |
|
|
|
|
|
|
|
ExecStart = [ |
|
|
|
|
|
|
|
"" |
|
|
|
|
|
|
|
''systemctl --no-block switch-root /sysroot "''${NEW_INIT}"'' |
|
|
|
|
|
|
|
]; |
|
|
|
|
|
|
|
}; |
|
|
|
}; |
|
|
|
}; |
|
|
|
}; |
|
|
|
}; |
|
|
|
} |
|
|
|
} |
|
|
|