From 75ece4eb82a59aa78721d35b2f0bbf8285e1ee56 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Janne=20He=C3=9F?= Date: Mon, 4 Apr 2022 12:54:18 +0100 Subject: [PATCH 1/5] nixos/stage-1-systemd: Limit files to the bare necessities --- nixos/modules/system/boot/systemd/initrd.nix | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/nixos/modules/system/boot/systemd/initrd.nix b/nixos/modules/system/boot/systemd/initrd.nix index 30bdc9a3422c..b22432294d16 100644 --- a/nixos/modules/system/boot/systemd/initrd.nix +++ b/nixos/modules/system/boot/systemd/initrd.nix @@ -366,12 +366,28 @@ in { "/sbin".source = "${initrdBinEnv}/sbin"; "/etc/sysctl.d/nixos.conf".text = "kernel.modprobe = /sbin/modprobe"; + "/etc/modprobe.d/systemd.conf".source = "${cfg.package}/lib/modprobe.d/systemd.conf"; }; storePaths = [ - # TODO: Limit this to the bare necessities - "${cfg.package}/lib" + # systemd tooling + "${cfg.package}/lib/systemd/systemd-fsck" + "${cfg.package}/lib/systemd/systemd-growfs" + "${cfg.package}/lib/systemd/systemd-hibernate-resume" + "${cfg.package}/lib/systemd/systemd-journald" + "${cfg.package}/lib/systemd/systemd-makefs" + "${cfg.package}/lib/systemd/systemd-modules-load" + "${cfg.package}/lib/systemd/systemd-remount-fs" + "${cfg.package}/lib/systemd/systemd-sulogin-shell" + "${cfg.package}/lib/systemd/systemd-sysctl" + "${cfg.package}/lib/systemd/systemd-udevd" + "${cfg.package}/lib/systemd/systemd-vconsole-setup" + # additional systemd directories + "${cfg.package}/lib/systemd/system-generators" + "${cfg.package}/lib/udev" + + # utilities needed by systemd "${cfg.package.util-linux}/bin/mount" "${cfg.package.util-linux}/bin/umount" "${cfg.package.util-linux}/bin/sulogin" From bced189985b8666d595f7098ac0a5bc2275dae69 Mon Sep 17 00:00:00 2001 From: Mike Sperber Date: Mon, 4 Apr 2022 18:23:58 +0200 Subject: [PATCH 2/5] scsh: Update to latest head, unbreaking the build The only difference with the previous revision is that the submodule URL is now https: instead of unauthenticated git@ protocol - this pull request: https://github.com/scheme/scsh/pull/44 --- pkgs/development/interpreters/scsh/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/interpreters/scsh/default.nix b/pkgs/development/interpreters/scsh/default.nix index b57cc64fb8d7..45b59124b782 100644 --- a/pkgs/development/interpreters/scsh/default.nix +++ b/pkgs/development/interpreters/scsh/default.nix @@ -7,8 +7,8 @@ stdenv.mkDerivation { src = fetchFromGitHub { owner = "scheme"; repo = "scsh"; - rev = "f99b8c5293628cfeaeb792019072e3a96841104f"; - sha256 = "sha256-vcVtqoUhozdJq1beUN8/rcI2qOJYUN+0CPSiDWGCIjI="; + rev = "4acf6e4ed7b65b46186ef0c9c2a1e10bef8dc052"; + sha256 = "sha256-92NtMK5nVd6+WtHj/Rk6iQEkGsNEZySTVZkkbqKrLYY="; fetchSubmodules = true; }; From 41d3ca0677077cf9d74d4c636f9c300014585c2c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Janne=20He=C3=9F?= Date: Mon, 4 Apr 2022 18:10:43 +0100 Subject: [PATCH 3/5] nixos/systemd-stage-1: Use an own systemd package We need more features than systemdMinimal but less than systemd so we need some own packages :/ --- nixos/modules/system/boot/systemd/initrd.nix | 2 +- pkgs/top-level/all-packages.nix | 11 +++++++++++ 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/nixos/modules/system/boot/systemd/initrd.nix b/nixos/modules/system/boot/systemd/initrd.nix index 36a14d7a8256..d37bdbbcee56 100644 --- a/nixos/modules/system/boot/systemd/initrd.nix +++ b/nixos/modules/system/boot/systemd/initrd.nix @@ -150,7 +150,7 @@ in { ''; package = (mkPackageOption pkgs "systemd" { - default = "systemdMinimal"; + default = "systemdStage1"; }) // { visible = false; }; diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index f0c3fa71a891..dda72f65b179 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -23370,6 +23370,17 @@ with pkgs; libfido2 = null; p11-kit = null; }; + systemdStage1 = systemdMinimal.override { + pname = "systemd-stage-1"; + withCryptsetup = true; + withFido2 = true; + withTpm2Tss = true; + inherit lvm2 libfido2 p11-kit; + }; + systemdStage1Network = systemdStage1.override { + pname = "systemd-stage-1-network"; + withNetworkd = true; + }; udev = systemd; # TODO: change to systemdMinimal From c1af79c69d248d5bc55df8ffbe86a1122a0b897e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B8rn=20Forsman?= Date: Mon, 4 Apr 2022 19:27:06 +0200 Subject: [PATCH 4/5] nixos/ethminer: only pull in nvidia_x11 when needed Only people using CUDA need it. --- nixos/modules/services/misc/ethminer.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/modules/services/misc/ethminer.nix b/nixos/modules/services/misc/ethminer.nix index a6c52e394996..253476d1a23e 100644 --- a/nixos/modules/services/misc/ethminer.nix +++ b/nixos/modules/services/misc/ethminer.nix @@ -97,7 +97,7 @@ in Restart = "always"; }; - environment = { + environment = mkIf (cfg.toolkit == "cuda") { LD_LIBRARY_PATH = "${config.boot.kernelPackages.nvidia_x11}/lib"; }; From c8151fe657612a32307ed17fdc7db2ee52157e69 Mon Sep 17 00:00:00 2001 From: Andrew Childs Date: Mon, 4 Apr 2022 16:29:52 +0900 Subject: [PATCH 5/5] luaPackages.libluv: fix darwin build libluv was recently converted to a pure cmake package and now there's nothing lua related in the build. However an old workaround to force linking against lua on darwin remains. Clean this up. --- pkgs/development/lua-modules/overrides.nix | 3 --- 1 file changed, 3 deletions(-) diff --git a/pkgs/development/lua-modules/overrides.nix b/pkgs/development/lua-modules/overrides.nix index 7f85ddb783a5..656695d69109 100644 --- a/pkgs/development/lua-modules/overrides.nix +++ b/pkgs/development/lua-modules/overrides.nix @@ -296,9 +296,6 @@ with prev; buildInputs = [ pkgs.libuv ]; nativeBuildInputs = [ pkgs.pkg-config pkgs.fixDarwinDylibNames pkgs.cmake ]; - # Fixup linking libluv.dylib, for some reason it's not linked against lua correctly. - NIX_LDFLAGS = pkgs.lib.optionalString pkgs.stdenv.isDarwin - (if isLuaJIT then "-lluajit-${lua.luaversion}" else "-llua"); }; luv = prev.lib.overrideLuarocks prev.luv (drv: {