From effa05c05234c6dfd5c4d336f4331436fe96d83f Mon Sep 17 00:00:00 2001 From: Florian Klink Date: Thu, 20 Apr 2023 21:30:47 +0200 Subject: nixos/firefox: add config option for Web eID support This allows users to set `programs.firefox.nativeMessagingHosts.euwebid = true` to make the native companion app available in Firefox. It's used by the Web eID browser extension (https://addons.mozilla.org/en/firefox/addon/web-eid-webextension/), which can be tried out at https://web-eid.eu/ - pressing the "Authenticate" button there should open a new window. --- nixos/modules/programs/firefox.nix | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'nixos') diff --git a/nixos/modules/programs/firefox.nix b/nixos/modules/programs/firefox.nix index 3a5105c57d767..ead048134d8d3 100644 --- a/nixos/modules/programs/firefox.nix +++ b/nixos/modules/programs/firefox.nix @@ -201,6 +201,7 @@ in nativeMessagingHosts = mapAttrs (_: v: mkEnableOption (mdDoc v)) { browserpass = "Browserpass support"; bukubrow = "Bukubrow support"; + euwebid = "Web eID support"; ff2mpv = "ff2mpv support"; fxCast = "fx_cast support"; gsconnect = "GSConnect support"; @@ -217,6 +218,8 @@ in extraPrefs = cfg.autoConfig; extraNativeMessagingHosts = with pkgs; optionals nmh.ff2mpv [ ff2mpv + ] ++ optionals nmh.euwebid [ + web-eid-app ] ++ optionals nmh.gsconnect [ gnomeExtensions.gsconnect ] ++ optionals nmh.jabref [ @@ -230,6 +233,7 @@ in nixpkgs.config.firefox = { enableBrowserpass = nmh.browserpass; enableBukubrow = nmh.bukubrow; + enableEUWebID = nmh.euwebid; enableTridactylNative = nmh.tridactyl; enableUgetIntegrator = nmh.ugetIntegrator; enableFXCastBridge = nmh.fxCast; -- cgit 1.4.1 From 8f9416e9e3526cddc5faeadd5959b29353caf354 Mon Sep 17 00:00:00 2001 From: Will Fancher Date: Sat, 15 Apr 2023 02:48:25 -0400 Subject: systemd-stage-1: Unhide documentation --- nixos/modules/system/boot/systemd/initrd.nix | 42 +++++++++++++--------------- 1 file changed, 19 insertions(+), 23 deletions(-) (limited to 'nixos') diff --git a/nixos/modules/system/boot/systemd/initrd.nix b/nixos/modules/system/boot/systemd/initrd.nix index d623eddf699f9..f987aca34f18b 100644 --- a/nixos/modules/system/boot/systemd/initrd.nix +++ b/nixos/modules/system/boot/systemd/initrd.nix @@ -126,18 +126,20 @@ in { options.boot.initrd.systemd = { enable = mkEnableOption (lib.mdDoc "systemd in initrd") // { description = lib.mdDoc '' - Whether to enable systemd in initrd. - - Note: This is in very early development and is highly - experimental. Most of the features NixOS supports in initrd are - not yet supported by the intrd generated with this option. + Whether to enable systemd in initrd. The unit options such as + {option}`boot.initrd.systemd.services` are the same as their + stage 2 counterparts such as {option}`systemd.services`, + except that `restartTriggers` and `reloadTriggers` are not + supported. + + Note: This is experimental. Some of the `boot.initrd` options + are not supported when this is enabled, and the options under + `boot.initrd.systemd` are subject to change. ''; }; - package = (mkPackageOptionMD pkgs "systemd" { + package = mkPackageOptionMD pkgs "systemd" { default = "systemdStage1"; - }) // { - visible = false; }; extraConfig = mkOption { @@ -167,7 +169,6 @@ in { "/etc/hostname".text = "mymachine"; } ''; - visible = false; default = {}; type = utils.systemdUtils.types.initrdContents; }; @@ -217,7 +218,6 @@ in { emergencyAccess = mkOption { type = with types; oneOf [ bool (nullOr (passwdEntry str)) ]; - visible = false; description = lib.mdDoc '' Set to true for unauthenticated emergency access, and false for no emergency access. @@ -231,7 +231,6 @@ in { initrdBin = mkOption { type = types.listOf types.package; default = []; - visible = false; description = lib.mdDoc '' Packages to include in /bin for the stage 1 emergency shell. ''; @@ -240,7 +239,6 @@ in { additionalUpstreamUnits = mkOption { default = [ ]; type = types.listOf types.str; - visible = false; example = [ "debug-shell.service" "systemd-quotacheck.service" ]; description = lib.mdDoc '' Additional units shipped with systemd that shall be enabled. @@ -251,7 +249,6 @@ in { default = [ ]; type = types.listOf types.str; example = [ "systemd-backlight@.service" ]; - visible = false; description = lib.mdDoc '' A list of units to skip when generating system systemd configuration directory. This has priority over upstream units, {option}`boot.initrd.systemd.units`, and @@ -264,13 +261,12 @@ in { units = mkOption { description = lib.mdDoc "Definition of systemd units."; default = {}; - visible = false; + visible = "shallow"; type = systemdUtils.types.units; }; packages = mkOption { default = []; - visible = false; type = types.listOf types.package; example = literalExpression "[ pkgs.systemd-cryptsetup-generator ]"; description = lib.mdDoc "Packages providing systemd units and hooks."; @@ -278,7 +274,7 @@ in { targets = mkOption { default = {}; - visible = false; + visible = "shallow"; type = systemdUtils.types.initrdTargets; description = lib.mdDoc "Definition of systemd target units."; }; @@ -286,35 +282,35 @@ in { services = mkOption { default = {}; type = systemdUtils.types.initrdServices; - visible = false; + visible = "shallow"; description = lib.mdDoc "Definition of systemd service units."; }; sockets = mkOption { default = {}; type = systemdUtils.types.initrdSockets; - visible = false; + visible = "shallow"; description = lib.mdDoc "Definition of systemd socket units."; }; timers = mkOption { default = {}; type = systemdUtils.types.initrdTimers; - visible = false; + visible = "shallow"; description = lib.mdDoc "Definition of systemd timer units."; }; paths = mkOption { default = {}; type = systemdUtils.types.initrdPaths; - visible = false; + visible = "shallow"; description = lib.mdDoc "Definition of systemd path units."; }; mounts = mkOption { default = []; type = systemdUtils.types.initrdMounts; - visible = false; + visible = "shallow"; description = lib.mdDoc '' Definition of systemd mount units. This is a list instead of an attrSet, because systemd mandates the names to be derived from @@ -325,7 +321,7 @@ in { automounts = mkOption { default = []; type = systemdUtils.types.automounts; - visible = false; + visible = "shallow"; description = lib.mdDoc '' Definition of systemd automount units. This is a list instead of an attrSet, because systemd mandates the names to be derived from @@ -336,7 +332,7 @@ in { slices = mkOption { default = {}; type = systemdUtils.types.slices; - visible = false; + visible = "shallow"; description = lib.mdDoc "Definition of slice configurations."; }; }; -- cgit 1.4.1 From 5c46e6f4e3b517418c64f32c9a0e0c874e81ee8b Mon Sep 17 00:00:00 2001 From: Will Fancher Date: Sat, 15 Apr 2023 03:12:29 -0400 Subject: systemd-stage-1: Add assertions for unsupported options. --- .../services/networking/iscsi/root-initiator.nix | 4 ++++ nixos/modules/system/boot/grow-partition.nix | 5 +++++ nixos/modules/system/boot/systemd/initrd.nix | 21 ++++++++++++++++++++- 3 files changed, 29 insertions(+), 1 deletion(-) (limited to 'nixos') diff --git a/nixos/modules/services/networking/iscsi/root-initiator.nix b/nixos/modules/services/networking/iscsi/root-initiator.nix index 4434fedce1eb8..895467cc674ab 100644 --- a/nixos/modules/services/networking/iscsi/root-initiator.nix +++ b/nixos/modules/services/networking/iscsi/root-initiator.nix @@ -185,6 +185,10 @@ in assertion = cfg.loginAll -> cfg.target == null; message = "iSCSI target name is set while login on all portals is enabled."; } + { + assertion = !config.boot.initrd.systemd.enable; + message = "systemd stage 1 does not support iscsi yet."; + } ]; }; } diff --git a/nixos/modules/system/boot/grow-partition.nix b/nixos/modules/system/boot/grow-partition.nix index 034b2b9906f55..a2764187a5333 100644 --- a/nixos/modules/system/boot/grow-partition.nix +++ b/nixos/modules/system/boot/grow-partition.nix @@ -17,6 +17,11 @@ with lib; config = mkIf config.boot.growPartition { + assertions = [{ + assertion = !config.boot.initrd.systemd.enable; + message = "systemd stage 1 does not support 'boot.growPartition' yet."; + }]; + boot.initrd.extraUtilsCommands = '' copy_bin_and_libs ${pkgs.gawk}/bin/gawk copy_bin_and_libs ${pkgs.gnused}/bin/sed diff --git a/nixos/modules/system/boot/systemd/initrd.nix b/nixos/modules/system/boot/systemd/initrd.nix index f987aca34f18b..6f991b84bbd03 100644 --- a/nixos/modules/system/boot/systemd/initrd.nix +++ b/nixos/modules/system/boot/systemd/initrd.nix @@ -1,4 +1,4 @@ -{ lib, config, utils, pkgs, ... }: +{ lib, options, config, utils, pkgs, ... }: with lib; @@ -338,6 +338,25 @@ in { }; config = mkIf (config.boot.initrd.enable && cfg.enable) { + assertions = map (name: { + assertion = config.boot.initrd.${name} == ""; + message = '' + systemd stage 1 does not support 'boot.initrd.${name}'. Please + convert it to analogous systemd units in 'boot.initrd.systemd'. + + Definitions: + ${lib.concatMapStringsSep "\n" ({ file, ... }: "- ${file}") options.boot.initrd.${name}.definitionsWithLocations} + ''; + }) [ + "preFailCommands" + "preDeviceCommands" + "preLVMCommands" + "postDeviceCommands" + "postMountCommands" + "extraUtilsCommands" + "extraUtilsCommandsTest" + ]; + system.build = { inherit initialRamdisk; }; boot.initrd.availableKernelModules = [ -- cgit 1.4.1 From 1598338521d64bec008fb727ad0dfd9f82dcb245 Mon Sep 17 00:00:00 2001 From: Will Fancher Date: Fri, 21 Apr 2023 13:34:35 -0400 Subject: systemd-stage-1: Make networkd options shallow --- nixos/modules/system/boot/networkd.nix | 25 +++++++++++++++---------- 1 file changed, 15 insertions(+), 10 deletions(-) (limited to 'nixos') diff --git a/nixos/modules/system/boot/networkd.nix b/nixos/modules/system/boot/networkd.nix index bd2f1cc4374a7..e6b96433e8417 100644 --- a/nixos/modules/system/boot/networkd.nix +++ b/nixos/modules/system/boot/networkd.nix @@ -2944,9 +2944,9 @@ let value.source = "${cfg.units.${name}.unit}/${name}"; }) (attrNames cfg.units)); - commonOptions = { + commonOptions = visible: { - systemd.network.enable = mkOption { + enable = mkOption { default = false; type = types.bool; description = lib.mdDoc '' @@ -2954,31 +2954,35 @@ let ''; }; - systemd.network.links = mkOption { + links = mkOption { default = {}; + inherit visible; type = with types; attrsOf (submodule [ { options = linkOptions; } ]); description = lib.mdDoc "Definition of systemd network links."; }; - systemd.network.netdevs = mkOption { + netdevs = mkOption { default = {}; + inherit visible; type = with types; attrsOf (submodule [ { options = netdevOptions; } ]); description = lib.mdDoc "Definition of systemd network devices."; }; - systemd.network.networks = mkOption { + networks = mkOption { default = {}; + inherit visible; type = with types; attrsOf (submodule [ { options = networkOptions; } networkConfig ]); description = lib.mdDoc "Definition of systemd networks."; }; - systemd.network.config = mkOption { + config = mkOption { default = {}; + inherit visible; type = with types; submodule [ { options = networkdOptions; } networkdConfig ]; description = lib.mdDoc "Definition of global systemd network config."; }; - systemd.network.units = mkOption { + units = mkOption { description = lib.mdDoc "Definition of networkd units."; default = {}; internal = true; @@ -2991,7 +2995,7 @@ let })); }; - systemd.network.wait-online = { + wait-online = { enable = mkOption { type = types.bool; default = true; @@ -3225,8 +3229,9 @@ let in { - options = commonOptions // { - boot.initrd = commonOptions; + options = { + systemd.network = commonOptions true; + boot.initrd.systemd.network = commonOptions "shallow"; }; config = mkMerge [ -- cgit 1.4.1