diff options
author | Katharina Fey <kookie@spacekookie.de> | 2020-05-20 01:39:43 +0200 |
---|---|---|
committer | Katharina Fey <kookie@spacekookie.de> | 2020-05-20 01:39:43 +0200 |
commit | 1849de11ec1e32e9eebb83f24d5339bea88b7ed7 (patch) | |
tree | 0aaf3cead09c2d55c67c6f6a86ad20af399797d8 /nixpkgs/nixos/modules/system/boot/systemd.nix | |
parent | 304c06d7a7ea3f5c84031d325ece8d38b8c1d829 (diff) | |
parent | 0f5ce2fac0c726036ca69a5524c59a49e2973dd4 (diff) |
Merge commit '0f5ce2fac0c726036ca69a5524c59a49e2973dd4'
Diffstat (limited to 'nixpkgs/nixos/modules/system/boot/systemd.nix')
-rw-r--r-- | nixpkgs/nixos/modules/system/boot/systemd.nix | 109 |
1 files changed, 73 insertions, 36 deletions
diff --git a/nixpkgs/nixos/modules/system/boot/systemd.nix b/nixpkgs/nixos/modules/system/boot/systemd.nix index 7f207e6c7ef..99892a28115 100644 --- a/nixpkgs/nixos/modules/system/boot/systemd.nix +++ b/nixpkgs/nixos/modules/system/boot/systemd.nix @@ -164,7 +164,6 @@ let "systemd-timedated.service" "systemd-localed.service" "systemd-hostnamed.service" - "systemd-binfmt.service" "systemd-exit.service" "systemd-update-done.service" ] ++ optionals config.services.journald.enableHttpGateway [ @@ -201,8 +200,23 @@ let ]; makeJobScript = name: text: - let mkScriptName = s: "unit-script-" + (replaceChars [ "\\" "@" ] [ "-" "_" ] (shellEscape s) ); - in pkgs.writeTextFile { name = mkScriptName name; executable = true; inherit text; }; + let + scriptName = replaceChars [ "\\" "@" ] [ "-" "_" ] (shellEscape name); + out = pkgs.writeTextFile { + # The derivation name is different from the script file name + # to keep the script file name short to avoid cluttering logs. + name = "unit-script-${scriptName}"; + executable = true; + destination = "/bin/${scriptName}"; + text = '' + #!${pkgs.runtimeShell} -e + ${text} + ''; + checkPhase = '' + ${pkgs.stdenv.shell} -n "$out/bin/${scriptName}" + ''; + }; + in "${out}/bin/${scriptName}"; unitConfig = { config, options, ... }: { config = { @@ -250,40 +264,28 @@ let environment.PATH = config.path; } (mkIf (config.preStart != "") - { serviceConfig.ExecStartPre = makeJobScript "${name}-pre-start" '' - #! ${pkgs.runtimeShell} -e - ${config.preStart} - ''; + { serviceConfig.ExecStartPre = + makeJobScript "${name}-pre-start" config.preStart; }) (mkIf (config.script != "") - { serviceConfig.ExecStart = makeJobScript "${name}-start" '' - #! ${pkgs.runtimeShell} -e - ${config.script} - '' + " " + config.scriptArgs; + { serviceConfig.ExecStart = + makeJobScript "${name}-start" config.script + " " + config.scriptArgs; }) (mkIf (config.postStart != "") - { serviceConfig.ExecStartPost = makeJobScript "${name}-post-start" '' - #! ${pkgs.runtimeShell} -e - ${config.postStart} - ''; + { serviceConfig.ExecStartPost = + makeJobScript "${name}-post-start" config.postStart; }) (mkIf (config.reload != "") - { serviceConfig.ExecReload = makeJobScript "${name}-reload" '' - #! ${pkgs.runtimeShell} -e - ${config.reload} - ''; + { serviceConfig.ExecReload = + makeJobScript "${name}-reload" config.reload; }) (mkIf (config.preStop != "") - { serviceConfig.ExecStop = makeJobScript "${name}-pre-stop" '' - #! ${pkgs.runtimeShell} -e - ${config.preStop} - ''; + { serviceConfig.ExecStop = + makeJobScript "${name}-pre-stop" config.preStop; }) (mkIf (config.postStop != "") - { serviceConfig.ExecStopPost = makeJobScript "${name}-post-stop" '' - #! ${pkgs.runtimeShell} -e - ${config.postStop} - ''; + { serviceConfig.ExecStopPost = + makeJobScript "${name}-post-stop" config.postStop; }) ]; }; @@ -405,6 +407,8 @@ let "hibernate" "hybrid-sleep" "suspend-then-hibernate" "lock" ]; + proxy_env = config.networking.proxy.envVars; + in { @@ -593,17 +597,33 @@ in each other's limit. The value may be specified in the following units: s, min, h, ms, us. To turn off any kind of rate limiting, set either value to 0. + + See <option>services.journald.rateLimitBurst</option> for important + considerations when setting this value. ''; }; services.journald.rateLimitBurst = mkOption { - default = 1000; + default = 10000; type = types.int; description = '' Configures the rate limiting burst limit (number of messages per interval) that is applied to all messages generated on the system. This rate limiting is applied per-service, so that two services which log do not interfere with each other's limit. + + Note that the effective rate limit is multiplied by a factor derived + from the available free disk space for the journal as described on + <link xlink:href="https://www.freedesktop.org/software/systemd/man/journald.conf.html"> + journald.conf(5)</link>. + + Note that the total amount of logs stored is limited by journald settings + such as <literal>SystemMaxUse</literal>, which defaults to a 4 GB cap. + + It is thus recommended to compute what period of time that you will be + able to store logs for when an application logs at full burst rate. + With default settings for log lines that are 100 Bytes long, this can + amount to just a few hours. ''; }; @@ -811,6 +831,23 @@ in system.build.units = cfg.units; + system.nssModules = [ systemd.out ]; + system.nssDatabases = { + hosts = (mkMerge [ + [ "mymachines" ] + (mkOrder 1600 [ "myhostname" ] # 1600 to ensure it's always the last + ) + ]); + passwd = (mkMerge [ + [ "mymachines" ] + (mkAfter [ "systemd" ]) + ]); + group = (mkMerge [ + [ "mymachines" ] + (mkAfter [ "systemd" ]) + ]); + }; + environment.systemPackages = [ systemd ]; environment.etc = let @@ -894,6 +931,13 @@ in "sysctl.d/50-coredump.conf".source = "${systemd}/example/sysctl.d/50-coredump.conf"; "sysctl.d/50-default.conf".source = "${systemd}/example/sysctl.d/50-default.conf"; + "tmpfiles.d/00-nixos.conf".text = '' + # This file is created automatically and should not be modified. + # Please change the option ‘systemd.tmpfiles.rules’ instead. + + ${concatStringsSep "\n" cfg.tmpfiles.rules} + ''; + "tmpfiles.d/home.conf".source = "${systemd}/example/tmpfiles.d/home.conf"; "tmpfiles.d/journal-nocow.conf".source = "${systemd}/example/tmpfiles.d/journal-nocow.conf"; "tmpfiles.d/portables.conf".source = "${systemd}/example/tmpfiles.d/portables.conf"; @@ -906,13 +950,6 @@ in "tmpfiles.d/var.conf".source = "${systemd}/example/tmpfiles.d/var.conf"; "tmpfiles.d/x11.conf".source = "${systemd}/example/tmpfiles.d/x11.conf"; - "tmpfiles.d/nixos.conf".text = '' - # This file is created automatically and should not be modified. - # Please change the option ‘systemd.tmpfiles.rules’ instead. - - ${concatStringsSep "\n" cfg.tmpfiles.rules} - ''; - "systemd/system-generators" = { source = hooks "generators" cfg.generators; }; "systemd/system-shutdown" = { source = hooks "shutdown" cfg.shutdown; }; }); @@ -1018,7 +1055,7 @@ in systemd.targets.local-fs.unitConfig.X-StopOnReconfiguration = true; systemd.targets.remote-fs.unitConfig.X-StopOnReconfiguration = true; systemd.targets.network-online.wantedBy = [ "multi-user.target" ]; - systemd.services.systemd-binfmt.wants = [ "proc-sys-fs-binfmt_misc.mount" ]; + systemd.services.systemd-importd.environment = proxy_env; # Don't bother with certain units in containers. systemd.services.systemd-remount-fs.unitConfig.ConditionVirtualization = "!container"; |