-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
1,497 changed files
with
185,668 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,18 @@ | ||
| Permission is hereby granted, free of charge, to any person obtaining | ||
| a copy of this software and associated documentation files (the | ||
| "Software"), to deal in the Software without restriction, including | ||
| without limitation the rights to use, copy, modify, merge, publish, | ||
| distribute, sublicense, and/or sell copies of the Software, and to | ||
| permit persons to whom the Software is furnished to do so, subject to | ||
| the following conditions: | ||
|
|
||
| The above copyright notice and this permission notice shall be | ||
| included in all copies or substantial portions of the Software. | ||
|
|
||
| THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, | ||
| EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF | ||
| MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND | ||
| NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE | ||
| LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION | ||
| OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION | ||
| WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,5 @@ | ||
| *** NixOS *** | ||
|
|
||
| NixOS is a Linux distribution based on the purely functional package | ||
| management system Nix. More information can be found at | ||
| http://nixos.org/nixos and in the manual in doc/manual. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,38 @@ | ||
| { configuration ? import ./lib/from-env.nix "NIXOS_CONFIG" <nixos-config> | ||
| , system ? builtins.currentSystem | ||
| }: | ||
|
|
||
| let | ||
|
|
||
| eval = import ./lib/eval-config.nix { | ||
| inherit system; | ||
| modules = [ configuration ]; | ||
| }; | ||
|
|
||
| # This is for `nixos-rebuild build-vm'. | ||
| vmConfig = (import ./lib/eval-config.nix { | ||
| inherit system; | ||
| modules = [ configuration ./modules/virtualisation/qemu-vm.nix ]; | ||
| }).config; | ||
|
|
||
| # This is for `nixos-rebuild build-vm-with-bootloader'. | ||
| vmWithBootLoaderConfig = (import ./lib/eval-config.nix { | ||
| inherit system; | ||
| modules = | ||
| [ configuration | ||
| ./modules/virtualisation/qemu-vm.nix | ||
| { virtualisation.useBootLoader = true; } | ||
| ]; | ||
| }).config; | ||
|
|
||
| in | ||
|
|
||
| { | ||
| inherit (eval) pkgs config options; | ||
|
|
||
| system = eval.config.system.build.toplevel; | ||
|
|
||
| vm = vmConfig.system.build.vm; | ||
|
|
||
| vmWithBootLoader = vmWithBootLoaderConfig.system.build.vm; | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,2 @@ | ||
| generated | ||
| manual-combined.xml |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,29 @@ | ||
| .PHONY: all | ||
| all: manual-combined.xml format | ||
|
|
||
| .PHONY: debug | ||
| debug: generated manual-combined.xml | ||
|
|
||
| manual-combined.xml: generated *.xml **/*.xml | ||
| rm -f ./manual-combined.xml | ||
| nix-shell --packages xmloscopy \ | ||
| --run "xmloscopy --docbook5 ./manual.xml ./manual-combined.xml" | ||
|
|
||
| .PHONY: format | ||
| format: | ||
| find ../../ -iname '*.xml' -type f -print0 | xargs -0 -I{} -n1 \ | ||
| xmlformat --config-file "../xmlformat.conf" -i {} | ||
|
|
||
| .PHONY: fix-misc-xml | ||
| fix-misc-xml: | ||
| find . -iname '*.xml' -type f \ | ||
| -exec ../varlistentry-fixer.rb {} ';' | ||
|
|
||
| .PHONY: clean | ||
| clean: | ||
| rm -f manual-combined.xml generated | ||
|
|
||
| generated: ./options-to-docbook.xsl | ||
| nix-build ../../release.nix \ | ||
| --attr manualGeneratedSources.x86_64-linux \ | ||
| --out-link ./generated |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,12 @@ | ||
| To build the manual, you need Nix installed on your system (no need | ||
| for NixOS). To install Nix, follow the instructions at | ||
|
|
||
| https://nixos.org/nix/download.html | ||
|
|
||
| When you have Nix on your system, in the root directory of the project | ||
| (i.e., `nixpkgs`), run: | ||
|
|
||
| nix-build nixos/release.nix -A manual.x86_64-linux | ||
|
|
||
| When this command successfully finishes, it will tell you where the | ||
| manual got generated. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,90 @@ | ||
| <section xmlns="http://docbook.org/ns/docbook" | ||
| xmlns:xlink="http://www.w3.org/1999/xlink" | ||
| xmlns:xi="http://www.w3.org/2001/XInclude" | ||
| version="5.0" | ||
| xml:id="sec-boot-problems"> | ||
| <title>Boot Problems</title> | ||
|
|
||
| <para> | ||
| If NixOS fails to boot, there are a number of kernel command line parameters | ||
| that may help you to identify or fix the issue. You can add these parameters | ||
| in the GRUB boot menu by pressing “e” to modify the selected boot entry | ||
| and editing the line starting with <literal>linux</literal>. The following | ||
| are some useful kernel command line parameters that are recognised by the | ||
| NixOS boot scripts or by systemd: | ||
| <variablelist> | ||
| <varlistentry> | ||
| <term> | ||
| <literal>boot.shell_on_fail</literal> | ||
| </term> | ||
| <listitem> | ||
| <para> | ||
| Start a root shell if something goes wrong in stage 1 of the boot process | ||
| (the initial ramdisk). This is disabled by default because there is no | ||
| authentication for the root shell. | ||
| </para> | ||
| </listitem> | ||
| </varlistentry> | ||
| <varlistentry> | ||
| <term> | ||
| <literal>boot.debug1</literal> | ||
| </term> | ||
| <listitem> | ||
| <para> | ||
| Start an interactive shell in stage 1 before anything useful has been | ||
| done. That is, no modules have been loaded and no file systems have been | ||
| mounted, except for <filename>/proc</filename> and | ||
| <filename>/sys</filename>. | ||
| </para> | ||
| </listitem> | ||
| </varlistentry> | ||
| <varlistentry> | ||
| <term> | ||
| <literal>boot.trace</literal> | ||
| </term> | ||
| <listitem> | ||
| <para> | ||
| Print every shell command executed by the stage 1 and 2 boot scripts. | ||
| </para> | ||
| </listitem> | ||
| </varlistentry> | ||
| <varlistentry> | ||
| <term> | ||
| <literal>single</literal> | ||
| </term> | ||
| <listitem> | ||
| <para> | ||
| Boot into rescue mode (a.k.a. single user mode). This will cause systemd | ||
| to start nothing but the unit <literal>rescue.target</literal>, which | ||
| runs <command>sulogin</command> to prompt for the root password and start | ||
| a root login shell. Exiting the shell causes the system to continue with | ||
| the normal boot process. | ||
| </para> | ||
| </listitem> | ||
| </varlistentry> | ||
| <varlistentry> | ||
| <term> | ||
| <literal>systemd.log_level=debug systemd.log_target=console</literal> | ||
| </term> | ||
| <listitem> | ||
| <para> | ||
| Make systemd very verbose and send log messages to the console instead of | ||
| the journal. | ||
| </para> | ||
| </listitem> | ||
| </varlistentry> | ||
| </variablelist> | ||
| For more parameters recognised by systemd, see <citerefentry> | ||
| <refentrytitle>systemd</refentrytitle> | ||
| <manvolnum>1</manvolnum></citerefentry>. | ||
| </para> | ||
|
|
||
| <para> | ||
| If no login prompts or X11 login screens appear (e.g. due to hanging | ||
| dependencies), you can press Alt+ArrowUp. If you’re lucky, this will start | ||
| rescue mode (described above). (Also note that since most units have a | ||
| 90-second timeout before systemd gives up on them, the | ||
| <command>agetty</command> login prompts should appear eventually unless | ||
| something is very wrong.) | ||
| </para> | ||
| </section> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,63 @@ | ||
| <chapter xmlns="http://docbook.org/ns/docbook" | ||
| xmlns:xlink="http://www.w3.org/1999/xlink" | ||
| xmlns:xi="http://www.w3.org/2001/XInclude" | ||
| version="5.0" | ||
| xml:id="sec-nix-gc"> | ||
| <title>Cleaning the Nix Store</title> | ||
| <para> | ||
| Nix has a purely functional model, meaning that packages are never upgraded | ||
| in place. Instead new versions of packages end up in a different location in | ||
| the Nix store (<filename>/nix/store</filename>). You should periodically run | ||
| Nix’s <emphasis>garbage collector</emphasis> to remove old, unreferenced | ||
| packages. This is easy: | ||
| <screen> | ||
| $ nix-collect-garbage | ||
| </screen> | ||
| Alternatively, you can use a systemd unit that does the same in the | ||
| background: | ||
| <screen> | ||
| # systemctl start nix-gc.service | ||
| </screen> | ||
| You can tell NixOS in <filename>configuration.nix</filename> to run this unit | ||
| automatically at certain points in time, for instance, every night at 03:15: | ||
| <programlisting> | ||
| <xref linkend="opt-nix.gc.automatic"/> = true; | ||
| <xref linkend="opt-nix.gc.dates"/> = "03:15"; | ||
| </programlisting> | ||
| </para> | ||
| <para> | ||
| The commands above do not remove garbage collector roots, such as old system | ||
| configurations. Thus they do not remove the ability to roll back to previous | ||
| configurations. The following command deletes old roots, removing the ability | ||
| to roll back to them: | ||
| <screen> | ||
| $ nix-collect-garbage -d | ||
| </screen> | ||
| You can also do this for specific profiles, e.g. | ||
| <screen> | ||
| $ nix-env -p /nix/var/nix/profiles/per-user/eelco/profile --delete-generations old | ||
| </screen> | ||
| Note that NixOS system configurations are stored in the profile | ||
| <filename>/nix/var/nix/profiles/system</filename>. | ||
| </para> | ||
| <para> | ||
| Another way to reclaim disk space (often as much as 40% of the size of the | ||
| Nix store) is to run Nix’s store optimiser, which seeks out identical files | ||
| in the store and replaces them with hard links to a single copy. | ||
| <screen> | ||
| $ nix-store --optimise | ||
| </screen> | ||
| Since this command needs to read the entire Nix store, it can take quite a | ||
| while to finish. | ||
| </para> | ||
| <section xml:id="sect-nixos-gc-boot-entries"> | ||
| <title>NixOS Boot Entries</title> | ||
|
|
||
| <para> | ||
| If your <filename>/boot</filename> partition runs out of space, after | ||
| clearing old profiles you must rebuild your system with | ||
| <literal>nixos-rebuild</literal> to update the <filename>/boot</filename> | ||
| partition and clear space. | ||
| </para> | ||
| </section> | ||
| </chapter> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,59 @@ | ||
| <section xmlns="http://docbook.org/ns/docbook" | ||
| xmlns:xlink="http://www.w3.org/1999/xlink" | ||
| xmlns:xi="http://www.w3.org/2001/XInclude" | ||
| version="5.0" | ||
| xml:id="sec-container-networking"> | ||
| <title>Container Networking</title> | ||
|
|
||
| <para> | ||
| When you create a container using <literal>nixos-container create</literal>, | ||
| it gets it own private IPv4 address in the range | ||
| <literal>10.233.0.0/16</literal>. You can get the container’s IPv4 address | ||
| as follows: | ||
| <screen> | ||
| # nixos-container show-ip foo | ||
| 10.233.4.2 | ||
|
|
||
| $ ping -c1 10.233.4.2 | ||
| 64 bytes from 10.233.4.2: icmp_seq=1 ttl=64 time=0.106 ms | ||
| </screen> | ||
| </para> | ||
|
|
||
| <para> | ||
| Networking is implemented using a pair of virtual Ethernet devices. The | ||
| network interface in the container is called <literal>eth0</literal>, while | ||
| the matching interface in the host is called | ||
| <literal>ve-<replaceable>container-name</replaceable></literal> (e.g., | ||
| <literal>ve-foo</literal>). The container has its own network namespace and | ||
| the <literal>CAP_NET_ADMIN</literal> capability, so it can perform arbitrary | ||
| network configuration such as setting up firewall rules, without affecting or | ||
| having access to the host’s network. | ||
| </para> | ||
|
|
||
| <para> | ||
| By default, containers cannot talk to the outside network. If you want that, | ||
| you should set up Network Address Translation (NAT) rules on the host to | ||
| rewrite container traffic to use your external IP address. This can be | ||
| accomplished using the following configuration on the host: | ||
| <programlisting> | ||
| <xref linkend="opt-networking.nat.enable"/> = true; | ||
| <xref linkend="opt-networking.nat.internalInterfaces"/> = ["ve-+"]; | ||
| <xref linkend="opt-networking.nat.externalInterface"/> = "eth0"; | ||
| </programlisting> | ||
| where <literal>eth0</literal> should be replaced with the desired external | ||
| interface. Note that <literal>ve-+</literal> is a wildcard that matches all | ||
| container interfaces. | ||
| </para> | ||
|
|
||
| <para> | ||
| If you are using Network Manager, you need to explicitly prevent it from | ||
| managing container interfaces: | ||
| <programlisting> | ||
| networking.networkmanager.unmanaged = [ "interface-name:ve-*" ]; | ||
| </programlisting> | ||
| </para> | ||
|
|
||
| <para> | ||
| You may need to restart your system for the changes to take effect. | ||
| </para> | ||
| </section> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,34 @@ | ||
| <chapter xmlns="http://docbook.org/ns/docbook" | ||
| xmlns:xlink="http://www.w3.org/1999/xlink" | ||
| xmlns:xi="http://www.w3.org/2001/XInclude" | ||
| version="5.0" | ||
| xml:id="ch-containers"> | ||
| <title>Container Management</title> | ||
| <para> | ||
| NixOS allows you to easily run other NixOS instances as | ||
| <emphasis>containers</emphasis>. Containers are a light-weight approach to | ||
| virtualisation that runs software in the container at the same speed as in | ||
| the host system. NixOS containers share the Nix store of the host, making | ||
| container creation very efficient. | ||
| </para> | ||
| <warning> | ||
| <para> | ||
| Currently, NixOS containers are not perfectly isolated from the host system. | ||
| This means that a user with root access to the container can do things that | ||
| affect the host. So you should not give container root access to untrusted | ||
| users. | ||
| </para> | ||
| </warning> | ||
| <para> | ||
| NixOS containers can be created in two ways: imperatively, using the command | ||
| <command>nixos-container</command>, and declaratively, by specifying them in | ||
| your <filename>configuration.nix</filename>. The declarative approach implies | ||
| that containers get upgraded along with your host system when you run | ||
| <command>nixos-rebuild</command>, which is often not what you want. By | ||
| contrast, in the imperative approach, containers are configured and updated | ||
| independently from the host system. | ||
| </para> | ||
| <xi:include href="imperative-containers.xml" /> | ||
| <xi:include href="declarative-containers.xml" /> | ||
| <xi:include href="container-networking.xml" /> | ||
| </chapter> |
Oops, something went wrong.