If you define a unit, and either systemd or a package in
systemd.packages already provides that unit, then we now generate a
file /etc/systemd/system/<unit>.d/overrides.conf. This makes it
possible to use upstream units, while allowing them to be customised
from the NixOS configuration. For instance, the module nix-daemon.nix
now uses the units provided by the Nix package. And all unit
definitions that duplicated upstream systemd units are finally gone.
This makes the baseUnit option unnecessary, so I've removed it.
This creates static device nodes such as /dev/fuse or
/dev/snd/seq. The kernel modules for these devices will be loaded on
demand when the device node is opened.
Using pkgs.lib on the spine of module evaluation is problematic
because the pkgs argument depends on the result of module
evaluation. To prevent an infinite recursion, pkgs and some of the
modules are evaluated twice, which is inefficient. Using ‘with lib’
prevents this problem.
We used to have the configuration of the kernel available in a
somewhat convenient place (/run/booted-system/kernel-modules/config)
but that has disappeared. So instead just make /proc/configs.gz
available. It only eats a few kilobytes.
You can now say:
systemd.containers.foo.config =
{ services.openssh.enable = true;
services.openssh.ports = [ 2022 ];
users.extraUsers.root.openssh.authorizedKeys.keys = [ "ssh-dss ..." ];
};
which defines a NixOS instance with the given configuration running
inside a lightweight container.
You can also manage the configuration of the container independently
from the host:
systemd.containers.foo.path = "/nix/var/nix/profiles/containers/foo";
where "path" is a NixOS system profile. It can be created/updated by
doing:
$ nix-env --set -p /nix/var/nix/profiles/containers/foo \
-f '<nixos>' -A system -I nixos-config=foo.nix
The container configuration (foo.nix) should define
boot.isContainer = true;
to optimise away the building of a kernel and initrd. This is done
automatically when using the "config" route.
On the host, a lightweight container appears as the service
"container-<name>.service". The container is like a regular NixOS
(virtual) machine, except that it doesn't have its own kernel. It has
its own root file system (by default /var/lib/containers/<name>), but
shares the Nix store of the host (as a read-only bind mount). It also
has access to the network devices of the host.
Currently, if the configuration of the container changes, running
"nixos-rebuild switch" on the host will cause the container to be
rebooted. In the future we may want to send some message to the
container so that it can activate the new container configuration
without rebooting.
Containers are not perfectly isolated yet. In particular, the host's
/sys/fs/cgroup is mounted (writable!) in the guest.
It used to be set to 7 (debug) so you get lots of crap on the console.
The new value of 4 is also what Ubuntu uses. Red Hat uses 3.
A nice side effect is that it's more likely that the LUKS passphrase
prompt doesn't get clobbered by kernel log messages.
* Load scsi_wait_scan after all other kernel modules to ensure that
all SCSI device nodes have been created.
* Increase the timeout for the appearance of the root device to 20
seconds.
* Do a "udevadm settle" just after the root device has appeared to
make sure that udev isn't accessing the device anymore (hopefully).
On EC2 (Xen), I've seen fsck on the root fail randomly with "device
in use" errors.
svn path=/nixos/trunk/; revision=33650
reiserfs now have separate modules that are conditional on
boot.supportedFilesystems and boot.initrd.supportedFilesystems.
By default, these include the filesystems specified in the fsType
attribute in fileSystems. Ext2/3/4 support is currently
unconditional.
Also unbreak the installer test (http://hydra.nixos.org/build/2272302).
svn path=/nixos/trunk/; revision=32954
was already the case on Linux 2.6.32, but in newer kernels the CFQ
scheduler is built as a module, so all block devices got the ‘none’
scheduler instead.
svn path=/nixos/trunk/; revision=28972
to the nixpkgs trunk 'kernelPackages'.
Seeing a strange kernelPackages mentioned in installation-cd-rescue (2.6.31_something) I
update that to 2.6.32.
svn path=/nixos/trunk/; revision=19443
William A. Kennington III