mirror of
https://github.com/NixOS/nixpkgs.git
synced 2024-11-16 06:45:16 +01:00
4c8bdd1c4f
3c74e48d9c
was a bit too much, it updated
permissions of all files recursively, causing files to be readable by
the group.
This isn't a problem immediately after bootup, but on a new activation,
as tmpfiles.d get restarted then, updating the permission bits of
now-existing files.
This updates the `Z` to be a `z` (the non-recursive variant), and adds a
`d` to ensure a directory is created (which should be covered by the
initrd shell script anyway)
331 lines
12 KiB
Nix
331 lines
12 KiB
Nix
{ config, lib, pkgs, utils, ... }:
|
||
|
||
with lib;
|
||
with utils;
|
||
|
||
let
|
||
|
||
addCheckDesc = desc: elemType: check: types.addCheck elemType check
|
||
// { description = "${elemType.description} (with check: ${desc})"; };
|
||
nonEmptyStr = addCheckDesc "non-empty" types.str
|
||
(x: x != "" && ! (all (c: c == " " || c == "\t") (stringToCharacters x)));
|
||
|
||
fileSystems' = toposort fsBefore (attrValues config.fileSystems);
|
||
|
||
fileSystems = if fileSystems' ? result
|
||
then # use topologically sorted fileSystems everywhere
|
||
fileSystems'.result
|
||
else # the assertion below will catch this,
|
||
# but we fall back to the original order
|
||
# anyway so that other modules could check
|
||
# their assertions too
|
||
(attrValues config.fileSystems);
|
||
|
||
prioOption = prio: optionalString (prio != null) " pri=${toString prio}";
|
||
|
||
specialFSTypes = [ "proc" "sysfs" "tmpfs" "ramfs" "devtmpfs" "devpts" ];
|
||
|
||
coreFileSystemOpts = { name, config, ... }: {
|
||
|
||
options = {
|
||
|
||
mountPoint = mkOption {
|
||
example = "/mnt/usb";
|
||
type = nonEmptyStr;
|
||
description = "Location of the mounted the file system.";
|
||
};
|
||
|
||
device = mkOption {
|
||
default = null;
|
||
example = "/dev/sda";
|
||
type = types.nullOr nonEmptyStr;
|
||
description = "Location of the device.";
|
||
};
|
||
|
||
fsType = mkOption {
|
||
default = "auto";
|
||
example = "ext3";
|
||
type = nonEmptyStr;
|
||
description = "Type of the file system.";
|
||
};
|
||
|
||
options = mkOption {
|
||
default = [ "defaults" ];
|
||
example = [ "data=journal" ];
|
||
description = "Options used to mount the file system.";
|
||
type = types.listOf nonEmptyStr;
|
||
};
|
||
|
||
};
|
||
|
||
config = {
|
||
mountPoint = mkDefault name;
|
||
device = mkIf (elem config.fsType specialFSTypes) (mkDefault config.fsType);
|
||
};
|
||
|
||
};
|
||
|
||
fileSystemOpts = { config, ... }: {
|
||
|
||
options = {
|
||
|
||
label = mkOption {
|
||
default = null;
|
||
example = "root-partition";
|
||
type = types.nullOr nonEmptyStr;
|
||
description = "Label of the device (if any).";
|
||
};
|
||
|
||
autoFormat = mkOption {
|
||
default = false;
|
||
type = types.bool;
|
||
description = ''
|
||
If the device does not currently contain a filesystem (as
|
||
determined by <command>blkid</command>, then automatically
|
||
format it with the filesystem type specified in
|
||
<option>fsType</option>. Use with caution.
|
||
'';
|
||
};
|
||
|
||
formatOptions = mkOption {
|
||
default = "";
|
||
type = types.str;
|
||
description = ''
|
||
If <option>autoFormat</option> option is set specifies
|
||
extra options passed to mkfs.
|
||
'';
|
||
};
|
||
|
||
autoResize = mkOption {
|
||
default = false;
|
||
type = types.bool;
|
||
description = ''
|
||
If set, the filesystem is grown to its maximum size before
|
||
being mounted. (This is typically the size of the containing
|
||
partition.) This is currently only supported for ext2/3/4
|
||
filesystems that are mounted during early boot.
|
||
'';
|
||
};
|
||
|
||
noCheck = mkOption {
|
||
default = false;
|
||
type = types.bool;
|
||
description = "Disable running fsck on this filesystem.";
|
||
};
|
||
|
||
};
|
||
|
||
config = let
|
||
defaultFormatOptions =
|
||
# -F needed to allow bare block device without partitions
|
||
if (builtins.substring 0 3 config.fsType) == "ext" then "-F"
|
||
# -q needed for non-interactive operations
|
||
else if config.fsType == "jfs" then "-q"
|
||
# (same here)
|
||
else if config.fsType == "reiserfs" then "-q"
|
||
else null;
|
||
in {
|
||
options = mkIf config.autoResize [ "x-nixos.autoresize" ];
|
||
formatOptions = mkIf (defaultFormatOptions != null) (mkDefault defaultFormatOptions);
|
||
};
|
||
|
||
};
|
||
|
||
# Makes sequence of `specialMount device mountPoint options fsType` commands.
|
||
# `systemMount` should be defined in the sourcing script.
|
||
makeSpecialMounts = mounts:
|
||
pkgs.writeText "mounts.sh" (concatMapStringsSep "\n" (mount: ''
|
||
specialMount "${mount.device}" "${mount.mountPoint}" "${concatStringsSep "," mount.options}" "${mount.fsType}"
|
||
'') mounts);
|
||
|
||
in
|
||
|
||
{
|
||
|
||
###### interface
|
||
|
||
options = {
|
||
|
||
fileSystems = mkOption {
|
||
default = {};
|
||
example = literalExample ''
|
||
{
|
||
"/".device = "/dev/hda1";
|
||
"/data" = {
|
||
device = "/dev/hda2";
|
||
fsType = "ext3";
|
||
options = [ "data=journal" ];
|
||
};
|
||
"/bigdisk".label = "bigdisk";
|
||
}
|
||
'';
|
||
type = types.loaOf (types.submodule [coreFileSystemOpts fileSystemOpts]);
|
||
description = ''
|
||
The file systems to be mounted. It must include an entry for
|
||
the root directory (<literal>mountPoint = "/"</literal>). Each
|
||
entry in the list is an attribute set with the following fields:
|
||
<literal>mountPoint</literal>, <literal>device</literal>,
|
||
<literal>fsType</literal> (a file system type recognised by
|
||
<command>mount</command>; defaults to
|
||
<literal>"auto"</literal>), and <literal>options</literal>
|
||
(the mount options passed to <command>mount</command> using the
|
||
<option>-o</option> flag; defaults to <literal>[ "defaults" ]</literal>).
|
||
|
||
Instead of specifying <literal>device</literal>, you can also
|
||
specify a volume label (<literal>label</literal>) for file
|
||
systems that support it, such as ext2/ext3 (see <command>mke2fs
|
||
-L</command>).
|
||
'';
|
||
};
|
||
|
||
system.fsPackages = mkOption {
|
||
internal = true;
|
||
default = [ ];
|
||
description = "Packages supplying file system mounters and checkers.";
|
||
};
|
||
|
||
boot.supportedFilesystems = mkOption {
|
||
default = [ ];
|
||
example = [ "btrfs" ];
|
||
type = types.listOf types.str;
|
||
description = "Names of supported filesystem types.";
|
||
};
|
||
|
||
boot.specialFileSystems = mkOption {
|
||
default = {};
|
||
type = types.loaOf (types.submodule coreFileSystemOpts);
|
||
internal = true;
|
||
description = ''
|
||
Special filesystems that are mounted very early during boot.
|
||
'';
|
||
};
|
||
|
||
};
|
||
|
||
|
||
###### implementation
|
||
|
||
config = {
|
||
|
||
assertions = let
|
||
ls = sep: concatMapStringsSep sep (x: x.mountPoint);
|
||
notAutoResizable = fs: fs.autoResize && !(hasPrefix "ext" fs.fsType || fs.fsType == "f2fs");
|
||
in [
|
||
{ assertion = ! (fileSystems' ? cycle);
|
||
message = "The ‘fileSystems’ option can't be topologically sorted: mountpoint dependency path ${ls " -> " fileSystems'.cycle} loops to ${ls ", " fileSystems'.loops}";
|
||
}
|
||
{ assertion = ! (any notAutoResizable fileSystems);
|
||
message = let
|
||
fs = head (filter notAutoResizable fileSystems);
|
||
in
|
||
"Mountpoint '${fs.mountPoint}': 'autoResize = true' is not supported for 'fsType = \"${fs.fsType}\"':${if fs.fsType == "auto" then " fsType has to be explicitly set and" else ""} only the ext filesystems and f2fs support it.";
|
||
}
|
||
];
|
||
|
||
# Export for use in other modules
|
||
system.build.fileSystems = fileSystems;
|
||
system.build.earlyMountScript = makeSpecialMounts (toposort fsBefore (attrValues config.boot.specialFileSystems)).result;
|
||
|
||
boot.supportedFilesystems = map (fs: fs.fsType) fileSystems;
|
||
|
||
# Add the mount helpers to the system path so that `mount' can find them.
|
||
system.fsPackages = [ pkgs.dosfstools ];
|
||
|
||
environment.systemPackages = with pkgs; [ fuse3 fuse ] ++ config.system.fsPackages;
|
||
|
||
environment.etc.fstab.text =
|
||
let
|
||
fsToSkipCheck = [ "none" "bindfs" "btrfs" "zfs" "tmpfs" "nfs" "vboxsf" "glusterfs" ];
|
||
skipCheck = fs: fs.noCheck || fs.device == "none" || builtins.elem fs.fsType fsToSkipCheck;
|
||
# https://wiki.archlinux.org/index.php/fstab#Filepath_spaces
|
||
escape = string: builtins.replaceStrings [ " " "\t" ] [ "\\040" "\\011" ] string;
|
||
in ''
|
||
# This is a generated file. Do not edit!
|
||
#
|
||
# To make changes, edit the fileSystems and swapDevices NixOS options
|
||
# in your /etc/nixos/configuration.nix file.
|
||
|
||
# Filesystems.
|
||
${concatMapStrings (fs:
|
||
(if fs.device != null then escape fs.device
|
||
else if fs.label != null then "/dev/disk/by-label/${escape fs.label}"
|
||
else throw "No device specified for mount point ‘${fs.mountPoint}’.")
|
||
+ " " + escape fs.mountPoint
|
||
+ " " + fs.fsType
|
||
+ " " + builtins.concatStringsSep "," fs.options
|
||
+ " 0"
|
||
+ " " + (if skipCheck fs then "0" else
|
||
if fs.mountPoint == "/" then "1" else "2")
|
||
+ "\n"
|
||
) fileSystems}
|
||
|
||
# Swap devices.
|
||
${flip concatMapStrings config.swapDevices (sw:
|
||
"${sw.realDevice} none swap${prioOption sw.priority}\n"
|
||
)}
|
||
'';
|
||
|
||
# Provide a target that pulls in all filesystems.
|
||
systemd.targets.fs =
|
||
{ description = "All File Systems";
|
||
wants = [ "local-fs.target" "remote-fs.target" ];
|
||
};
|
||
|
||
# Emit systemd services to format requested filesystems.
|
||
systemd.services =
|
||
let
|
||
|
||
formatDevice = fs:
|
||
let
|
||
mountPoint' = "${escapeSystemdPath fs.mountPoint}.mount";
|
||
device' = escapeSystemdPath fs.device;
|
||
device'' = "${device'}.device";
|
||
in nameValuePair "mkfs-${device'}"
|
||
{ description = "Initialisation of Filesystem ${fs.device}";
|
||
wantedBy = [ mountPoint' ];
|
||
before = [ mountPoint' "systemd-fsck@${device'}.service" ];
|
||
requires = [ device'' ];
|
||
after = [ device'' ];
|
||
path = [ pkgs.utillinux ] ++ config.system.fsPackages;
|
||
script =
|
||
''
|
||
if ! [ -e "${fs.device}" ]; then exit 1; fi
|
||
# FIXME: this is scary. The test could be more robust.
|
||
type=$(blkid -p -s TYPE -o value "${fs.device}" || true)
|
||
if [ -z "$type" ]; then
|
||
echo "creating ${fs.fsType} filesystem on ${fs.device}..."
|
||
mkfs.${fs.fsType} ${fs.formatOptions} "${fs.device}"
|
||
fi
|
||
'';
|
||
unitConfig.RequiresMountsFor = [ "${dirOf fs.device}" ];
|
||
unitConfig.DefaultDependencies = false; # needed to prevent a cycle
|
||
serviceConfig.Type = "oneshot";
|
||
};
|
||
|
||
in listToAttrs (map formatDevice (filter (fs: fs.autoFormat) fileSystems));
|
||
|
||
systemd.tmpfiles.rules = [
|
||
"d /run/keys 0750 root ${toString config.ids.gids.keys}"
|
||
"z /run/keys 0750 root ${toString config.ids.gids.keys}"
|
||
];
|
||
|
||
# Sync mount options with systemd's src/core/mount-setup.c: mount_table.
|
||
boot.specialFileSystems = {
|
||
"/proc" = { fsType = "proc"; options = [ "nosuid" "noexec" "nodev" ]; };
|
||
"/run" = { fsType = "tmpfs"; options = [ "nosuid" "nodev" "strictatime" "mode=755" "size=${config.boot.runSize}" ]; };
|
||
"/dev" = { fsType = "devtmpfs"; options = [ "nosuid" "strictatime" "mode=755" "size=${config.boot.devSize}" ]; };
|
||
"/dev/shm" = { fsType = "tmpfs"; options = [ "nosuid" "nodev" "strictatime" "mode=1777" "size=${config.boot.devShmSize}" ]; };
|
||
"/dev/pts" = { fsType = "devpts"; options = [ "nosuid" "noexec" "mode=620" "ptmxmode=0666" "gid=${toString config.ids.gids.tty}" ]; };
|
||
|
||
# To hold secrets that shouldn't be written to disk
|
||
"/run/keys" = { fsType = "ramfs"; options = [ "nosuid" "nodev" "mode=750" ]; };
|
||
} // optionalAttrs (!config.boot.isContainer) {
|
||
# systemd-nspawn populates /sys by itself, and remounting it causes all
|
||
# kinds of weird issues (most noticeably, waiting for host disk device
|
||
# nodes).
|
||
"/sys" = { fsType = "sysfs"; options = [ "nosuid" "noexec" "nodev" ]; };
|
||
};
|
||
|
||
};
|
||
|
||
}
|