diff --git a/modules/boot/default.nix b/modules/boot/default.nix index ebb8d28..e93715a 100644 --- a/modules/boot/default.nix +++ b/modules/boot/default.nix @@ -1,12 +1,5 @@ -_: { - lib, - modulesPath, - ... -}: { - disabledModules = ["${modulesPath}/system/boot/stage-2.nix"]; - imports = [ - ./stage-2.nix - ]; +inputs: {lib, ...}: { + imports = [(import ./stage2patch.nix inputs)]; environment.etc = { "issue" = { text = "[?12l[?25h"; diff --git a/modules/boot/stage-2-init.sh b/modules/boot/stage-2-init.sh deleted file mode 100644 index 491ddf3..0000000 --- a/modules/boot/stage-2-init.sh +++ /dev/null @@ -1,131 +0,0 @@ -#! @shell@ -exec 1<&- -exec 1<>/dev/null -systemConfig=@systemConfig@ - -export HOME=/root PATH="@path@" - - -if [ "${IN_NIXOS_SYSTEMD_STAGE1:-}" != true ]; then - # Process the kernel command line. - for o in $(>>\e[0m" - echo - - - # Normally, stage 1 mounts the root filesystem read/writable. - # However, in some environments, stage 2 is executed directly, and the - # root is read-only. So make it writable here. - if [ -z "$container" ]; then - mount -n -o remount,rw none / - fi -fi - - -# Likewise, stage 1 mounts /proc, /dev and /sys, so if we don't have a -# stage 1, we need to do that here. -if [ ! -e /proc/1 ]; then - specialMount() { - local device="$1" - local mountPoint="$2" - local options="$3" - local fsType="$4" - - # We must not overwrite this mount because it's bind-mounted - # from stage 1's /run - if [ "${IN_NIXOS_SYSTEMD_STAGE1:-}" = true ] && [ "${mountPoint}" = /run ]; then - return - fi - - install -m 0755 -d "$mountPoint" - mount -n -t "$fsType" -o "$options" "$device" "$mountPoint" - } - source @earlyMountScript@ -fi - - -if [ "${IN_NIXOS_SYSTEMD_STAGE1:-}" = true ]; then - echo "booting system configuration ${systemConfig}" -else - echo "booting system configuration $systemConfig" > /dev/kmsg -fi - - -# Make /nix/store a read-only bind mount to enforce immutability of -# the Nix store. Note that we can't use "chown root:nixbld" here -# because users/groups might not exist yet. -# Silence chown/chmod to fail gracefully on a readonly filesystem -# like squashfs. -chown -f 0:30000 /nix/store -chmod -f 1775 /nix/store -if [ -n "@readOnlyNixStore@" ]; then - if ! [[ "$(findmnt --noheadings --output OPTIONS /nix/store)" =~ ro(,|$) ]]; then - if [ -z "$container" ]; then - mount --bind /nix/store /nix/store - else - mount --rbind /nix/store /nix/store - fi - mount -o remount,ro,bind /nix/store - fi -fi - - -if [ "${IN_NIXOS_SYSTEMD_STAGE1:-}" != true ]; then - # Use /etc/resolv.conf supplied by systemd-nspawn, if applicable. - if [ -n "@useHostResolvConf@" ] && [ -e /etc/resolv.conf ]; then - resolvconf -m 1000 -a host &1 {logErrFd}>&2 - if test -w /dev/kmsg; then - exec > >(tee -i /proc/self/fd/"$logOutFd" | while read -r line; do - if test -n "$line"; then - echo "<7>stage-2-init: $line" > /dev/kmsg - fi - done) 2>&1 - else - mkdir -p /run/log - exec > >(tee -i /run/log/stage-2-init.log) 2>&1 - fi -fi -# Required by the activation script -install -m 0755 -d /etc /etc/nixos -install -m 01777 -d /tmp -# Run the script that performs all configuration activation that does -# not have to be done at boot time. -echo "running activation script..." -$systemConfig/activate -# Record the boot configuration. -ln -sfn "$systemConfig" /run/booted-system -# Run any user-specified commands. -@shell@ @postBootCommands@ -# Ensure systemd doesn't try to populate /etc, by forcing its first-boot -# heuristic off. It doesn't matter what's in /etc/machine-id for this purpose, -# and systemd will immediately fill in the file when it starts, so just -# creating it is enough. This `: >>` pattern avoids forking and avoids changing -# the mtime if the file already exists. -: >> /etc/machine-id -# No need to restore the stdout/stderr streams we never redirected and -# especially no need to start systemd -if [ "${IN_NIXOS_SYSTEMD_STAGE1:-}" != true ]; then - # Reset the logging file descriptors. - exec 1>&$logOutFd 2>&$logErrFd - exec {logOutFd}>&- {logErrFd}>&- - # Start systemd in a clean environment. - echo "starting systemd..." - exec @systemdExecutable@ "$@" -fi diff --git a/modules/boot/stage-2.nix b/modules/boot/stage-2.nix deleted file mode 100644 index 3020d2d..0000000 --- a/modules/boot/stage-2.nix +++ /dev/null @@ -1,76 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -with lib; let - useHostResolvConf = config.networking.resolvconf.enable && config.networking.useHostResolvConf; - - bootStage2 = pkgs.substituteAll { - src = ./stage-2-init.sh; - shellDebug = "${pkgs.bashInteractive}/bin/bash"; - shell = "${pkgs.bash}/bin/bash"; - inherit (config.boot) readOnlyNixStore systemdExecutable extraSystemdUnitPaths; - inherit (config.system.nixos) distroName; - isExecutable = true; - inherit useHostResolvConf; - inherit (config.system.build) earlyMountScript; - path = lib.makeBinPath ([ - pkgs.coreutils - pkgs.util-linux - ] - ++ lib.optional useHostResolvConf pkgs.openresolv); - postBootCommands = - pkgs.writeText "local-cmds" - '' - ${config.boot.postBootCommands} - ${config.powerManagement.powerUpCommands} - ''; - }; -in { - options = { - boot = { - postBootCommands = mkOption { - default = ""; - example = "rm -f /var/log/messages"; - type = types.lines; - description = lib.mdDoc '' - Shell commands to be executed just before systemd is started. - ''; - }; - - readOnlyNixStore = mkOption { - type = types.bool; - default = true; - description = lib.mdDoc '' - If set, NixOS will enforce the immutability of the Nix store - by making {file}`/nix/store` a read-only bind - mount. Nix will automatically make the store writable when - needed. - ''; - }; - - systemdExecutable = mkOption { - default = "/run/current-system/systemd/lib/systemd/systemd"; - type = types.str; - description = lib.mdDoc '' - The program to execute to start systemd. - ''; - }; - - extraSystemdUnitPaths = mkOption { - default = []; - type = types.listOf types.str; - description = lib.mdDoc '' - Additional paths that get appended to the SYSTEMD_UNIT_PATH environment variable - that can contain mutable unit files. - ''; - }; - }; - }; - - config = { - system.build.bootStage2 = lib.mkForce bootStage2; - }; -} diff --git a/modules/boot/stage2patch.nix b/modules/boot/stage2patch.nix new file mode 100644 index 0000000..078530c --- /dev/null +++ b/modules/boot/stage2patch.nix @@ -0,0 +1,34 @@ +{unstable, ...}: { + lib, + config, + pkgs, + ... +}: let + useHostResolvConf = config.networking.resolvconf.enable && config.networking.useHostResolvConf; + + bootStage2 = pkgs.substituteAll { + src = pkgs.runCommand "stage-2-init.sh" {} '' + sed '2i exec 1<>/dev/null' ${unstable}/nixos/modules/system/boot/stage-2-init.sh > $out + ''; + shellDebug = "${pkgs.bashInteractive}/bin/bash"; + shell = "${pkgs.bash}/bin/bash"; + inherit (config.boot) readOnlyNixStore systemdExecutable extraSystemdUnitPaths; + inherit (config.system.nixos) distroName; + isExecutable = true; + inherit useHostResolvConf; + inherit (config.system.build) earlyMountScript; + path = lib.makeBinPath ([ + pkgs.coreutils + pkgs.util-linux + ] + ++ lib.optional useHostResolvConf pkgs.openresolv); + postBootCommands = + pkgs.writeText "local-cmds" + '' + ${config.boot.postBootCommands} + ${config.powerManagement.powerUpCommands} + ''; + }; +in { + system.build.bootStage2.src = lib.mkForce bootStage2; +}