Loading nixos/maintainers/scripts/ec2/amazon-image.nix +1 −1 Original line number Diff line number Diff line Loading @@ -66,7 +66,7 @@ in "qcow2" "vpc" ]; default = "vpc"; default = "raw"; description = "The image format to output"; }; }; Loading nixos/modules/image/repart-verity-store.nix +19 −5 Original line number Diff line number Diff line Loading @@ -89,6 +89,12 @@ in }; }; fileSystems."/nix/store" = lib.mkDefault { device = "/usr/nix/store"; fsType = "none"; options = [ "bind" ]; }; image.repart.partitions = { # dm-verity hash partition ${cfg.partitionIds.store-verity}.repartConfig = { Loading @@ -96,6 +102,7 @@ in Verity = "hash"; VerityMatchKey = lib.mkDefault verityMatchKey; Label = lib.mkDefault "store-verity"; Minimize = lib.mkDefault "best"; }; # dm-verity data partition that contains the nix store ${cfg.partitionIds.store} = { Loading @@ -106,23 +113,29 @@ in Format = lib.mkDefault "erofs"; VerityMatchKey = lib.mkDefault verityMatchKey; Label = lib.mkDefault "store"; Minimize = lib.mkDefault "best"; }; }; }; system.build = { finalImage = lib.warn "system.build.finalImage has been renamed to system.build.image" config.system.build.image; # intermediate system image without ESP intermediateImage = (config.system.build.image.override { (config.image.repart.image.override { # always disable compression for the intermediate image compression.enable = false; }).overrideAttrs ( _: previousAttrs: { # make it easier to identify the intermediate image in build logs pname = "${previousAttrs.pname}-intermediate"; name = if previousAttrs ? pname then "${previousAttrs.pname}-${previousAttrs.version}-intermediate" else "${previousAttrs.name}-intermediate"; # do not prepare the ESP, this is done in the final image systemdRepartFlags = previousAttrs.systemdRepartFlags ++ [ "--defer-partitions=esp" ]; Loading Loading @@ -162,8 +175,8 @@ in ); # final system image that is created from the intermediate image by injecting the UKI from above finalImage = (config.system.build.image.override { image = lib.mkOverride 99 ( (config.image.repart.image.override { # continue building with existing intermediate image createEmpty = false; }).overrideAttrs Loading Loading @@ -216,6 +229,7 @@ in rm -v repart-output_orig.json ''; } ) ); }; }; Loading nixos/modules/image/repart.nix +41 −30 Original line number Diff line number Diff line Loading @@ -282,6 +282,15 @@ in ''; }; image = lib.mkOption { type = lib.types.package; internal = true; readOnly = true; description = '' The image built by this module. Used as the default for `system.build.image`. ''; }; assertions = lib.mkOption { type = options.assertions.type; default = [ ]; Loading Loading @@ -356,6 +365,37 @@ in finalPartitions = lib.mapAttrs addClosure cfg.partitions; image = let fileSystems = lib.filter (f: f != null) ( lib.mapAttrsToList (_n: v: v.repartConfig.Format or null) cfg.partitions ); format = pkgs.formats.ini { listsAsDuplicateKeys = true; }; definitionsDirectory = utils.systemdUtils.lib.definitions "repart.d" format ( lib.mapAttrs (_n: v: { Partition = v.repartConfig; }) cfg.finalPartitions ); mkfsEnv = mkfsOptionsToEnv cfg.mkfsOptions; val = pkgs.callPackage ./repart-image.nix { systemd = cfg.package; inherit (config.image) baseName; inherit (cfg) name version compression split seed imageSize sectorSize finalPartitions ; inherit fileSystems definitionsDirectory mkfsEnv; }; in lib.asserts.checkAssertWarn cfg.assertions cfg.warnings val; assertions = lib.mapAttrsToList ( fileName: partitionConfig: let Loading Loading @@ -401,36 +441,7 @@ in ); }; system.build.image = let fileSystems = lib.filter (f: f != null) ( lib.mapAttrsToList (_n: v: v.repartConfig.Format or null) cfg.partitions ); format = pkgs.formats.ini { listsAsDuplicateKeys = true; }; definitionsDirectory = utils.systemdUtils.lib.definitions "repart.d" format ( lib.mapAttrs (_n: v: { Partition = v.repartConfig; }) cfg.finalPartitions ); mkfsEnv = mkfsOptionsToEnv cfg.mkfsOptions; val = pkgs.callPackage ./repart-image.nix { systemd = cfg.package; inherit (config.image) baseName; inherit (cfg) name version compression split seed imageSize sectorSize finalPartitions ; inherit fileSystems definitionsDirectory mkfsEnv; }; in lib.asserts.checkAssertWarn cfg.assertions cfg.warnings val; system.build.image = cfg.image; }; meta.maintainers = with lib.maintainers; [ Loading nixos/modules/services/databases/mysql.nix +1 −13 Original line number Diff line number Diff line Loading @@ -9,9 +9,6 @@ let cfg = config.services.mysql; isMariaDB = lib.getName cfg.package == lib.getName pkgs.mariadb; isOracle = lib.getName cfg.package == lib.getName pkgs.mysql84; # Oracle MySQL has supported "notify" service type since 8.0 hasNotify = isMariaDB || (isOracle && lib.versionAtLeast cfg.package.version "8.0"); mysqldOptions = "--user=${cfg.user} --datadir=${cfg.dataDir} --basedir=${cfg.package}"; Loading Loading @@ -576,15 +573,6 @@ in superUser = if isMariaDB then cfg.user else "root"; in '' ${lib.optionalString (!hasNotify) '' # Wait until the MySQL server is available for use while [ ! -e /run/mysqld/mysqld.sock ] do echo "MySQL daemon not yet started. Waiting for 1 second..." sleep 1 done ''} ${lib.optionalString isMariaDB '' # If MariaDB is used in an Galera cluster, we have to check if the sync is done, # or it will fail to init the database while joining, so we get in an broken non recoverable state Loading Loading @@ -689,7 +677,7 @@ in serviceConfig = lib.mkMerge [ { Type = if hasNotify then "notify" else "simple"; Type = "notify"; Restart = "on-abnormal"; RestartSec = "5s"; Loading nixos/modules/system/boot/luksroot.nix +2 −2 Original line number Diff line number Diff line Loading @@ -214,7 +214,7 @@ let # and try reading it from /dev/console with a timeout IFS= read -t 1 -r passphrase if [ -n "$passphrase" ]; then if [ $? = 0 ]; then ${ if luks.reusePassphrases then '' Loading @@ -232,7 +232,7 @@ let fi done echo -n "Verifying passphrase for ${dev.device}..." echo -n "$passphrase" | ${csopen} --key-file=- echo "$passphrase" | ${csopen} if [ $? == 0 ]; then echo " - success" ${ Loading Loading
nixos/maintainers/scripts/ec2/amazon-image.nix +1 −1 Original line number Diff line number Diff line Loading @@ -66,7 +66,7 @@ in "qcow2" "vpc" ]; default = "vpc"; default = "raw"; description = "The image format to output"; }; }; Loading
nixos/modules/image/repart-verity-store.nix +19 −5 Original line number Diff line number Diff line Loading @@ -89,6 +89,12 @@ in }; }; fileSystems."/nix/store" = lib.mkDefault { device = "/usr/nix/store"; fsType = "none"; options = [ "bind" ]; }; image.repart.partitions = { # dm-verity hash partition ${cfg.partitionIds.store-verity}.repartConfig = { Loading @@ -96,6 +102,7 @@ in Verity = "hash"; VerityMatchKey = lib.mkDefault verityMatchKey; Label = lib.mkDefault "store-verity"; Minimize = lib.mkDefault "best"; }; # dm-verity data partition that contains the nix store ${cfg.partitionIds.store} = { Loading @@ -106,23 +113,29 @@ in Format = lib.mkDefault "erofs"; VerityMatchKey = lib.mkDefault verityMatchKey; Label = lib.mkDefault "store"; Minimize = lib.mkDefault "best"; }; }; }; system.build = { finalImage = lib.warn "system.build.finalImage has been renamed to system.build.image" config.system.build.image; # intermediate system image without ESP intermediateImage = (config.system.build.image.override { (config.image.repart.image.override { # always disable compression for the intermediate image compression.enable = false; }).overrideAttrs ( _: previousAttrs: { # make it easier to identify the intermediate image in build logs pname = "${previousAttrs.pname}-intermediate"; name = if previousAttrs ? pname then "${previousAttrs.pname}-${previousAttrs.version}-intermediate" else "${previousAttrs.name}-intermediate"; # do not prepare the ESP, this is done in the final image systemdRepartFlags = previousAttrs.systemdRepartFlags ++ [ "--defer-partitions=esp" ]; Loading Loading @@ -162,8 +175,8 @@ in ); # final system image that is created from the intermediate image by injecting the UKI from above finalImage = (config.system.build.image.override { image = lib.mkOverride 99 ( (config.image.repart.image.override { # continue building with existing intermediate image createEmpty = false; }).overrideAttrs Loading Loading @@ -216,6 +229,7 @@ in rm -v repart-output_orig.json ''; } ) ); }; }; Loading
nixos/modules/image/repart.nix +41 −30 Original line number Diff line number Diff line Loading @@ -282,6 +282,15 @@ in ''; }; image = lib.mkOption { type = lib.types.package; internal = true; readOnly = true; description = '' The image built by this module. Used as the default for `system.build.image`. ''; }; assertions = lib.mkOption { type = options.assertions.type; default = [ ]; Loading Loading @@ -356,6 +365,37 @@ in finalPartitions = lib.mapAttrs addClosure cfg.partitions; image = let fileSystems = lib.filter (f: f != null) ( lib.mapAttrsToList (_n: v: v.repartConfig.Format or null) cfg.partitions ); format = pkgs.formats.ini { listsAsDuplicateKeys = true; }; definitionsDirectory = utils.systemdUtils.lib.definitions "repart.d" format ( lib.mapAttrs (_n: v: { Partition = v.repartConfig; }) cfg.finalPartitions ); mkfsEnv = mkfsOptionsToEnv cfg.mkfsOptions; val = pkgs.callPackage ./repart-image.nix { systemd = cfg.package; inherit (config.image) baseName; inherit (cfg) name version compression split seed imageSize sectorSize finalPartitions ; inherit fileSystems definitionsDirectory mkfsEnv; }; in lib.asserts.checkAssertWarn cfg.assertions cfg.warnings val; assertions = lib.mapAttrsToList ( fileName: partitionConfig: let Loading Loading @@ -401,36 +441,7 @@ in ); }; system.build.image = let fileSystems = lib.filter (f: f != null) ( lib.mapAttrsToList (_n: v: v.repartConfig.Format or null) cfg.partitions ); format = pkgs.formats.ini { listsAsDuplicateKeys = true; }; definitionsDirectory = utils.systemdUtils.lib.definitions "repart.d" format ( lib.mapAttrs (_n: v: { Partition = v.repartConfig; }) cfg.finalPartitions ); mkfsEnv = mkfsOptionsToEnv cfg.mkfsOptions; val = pkgs.callPackage ./repart-image.nix { systemd = cfg.package; inherit (config.image) baseName; inherit (cfg) name version compression split seed imageSize sectorSize finalPartitions ; inherit fileSystems definitionsDirectory mkfsEnv; }; in lib.asserts.checkAssertWarn cfg.assertions cfg.warnings val; system.build.image = cfg.image; }; meta.maintainers = with lib.maintainers; [ Loading
nixos/modules/services/databases/mysql.nix +1 −13 Original line number Diff line number Diff line Loading @@ -9,9 +9,6 @@ let cfg = config.services.mysql; isMariaDB = lib.getName cfg.package == lib.getName pkgs.mariadb; isOracle = lib.getName cfg.package == lib.getName pkgs.mysql84; # Oracle MySQL has supported "notify" service type since 8.0 hasNotify = isMariaDB || (isOracle && lib.versionAtLeast cfg.package.version "8.0"); mysqldOptions = "--user=${cfg.user} --datadir=${cfg.dataDir} --basedir=${cfg.package}"; Loading Loading @@ -576,15 +573,6 @@ in superUser = if isMariaDB then cfg.user else "root"; in '' ${lib.optionalString (!hasNotify) '' # Wait until the MySQL server is available for use while [ ! -e /run/mysqld/mysqld.sock ] do echo "MySQL daemon not yet started. Waiting for 1 second..." sleep 1 done ''} ${lib.optionalString isMariaDB '' # If MariaDB is used in an Galera cluster, we have to check if the sync is done, # or it will fail to init the database while joining, so we get in an broken non recoverable state Loading Loading @@ -689,7 +677,7 @@ in serviceConfig = lib.mkMerge [ { Type = if hasNotify then "notify" else "simple"; Type = "notify"; Restart = "on-abnormal"; RestartSec = "5s"; Loading
nixos/modules/system/boot/luksroot.nix +2 −2 Original line number Diff line number Diff line Loading @@ -214,7 +214,7 @@ let # and try reading it from /dev/console with a timeout IFS= read -t 1 -r passphrase if [ -n "$passphrase" ]; then if [ $? = 0 ]; then ${ if luks.reusePassphrases then '' Loading @@ -232,7 +232,7 @@ let fi done echo -n "Verifying passphrase for ${dev.device}..." echo -n "$passphrase" | ${csopen} --key-file=- echo "$passphrase" | ${csopen} if [ $? == 0 ]; then echo " - success" ${ Loading
![nixpkgs-ci[bot]'s avatar](https://secure.gravatar.com/avatar/21d9e4256a026824783d9069d7622ceb22d44398fd318ddfee596c72e5556369?s=48&d=identicon "nixpkgs-ci[bot]")