...

author: Gregor Kleen <gkleen@yggdrasil.li> 2023-09-23 16:48:17 +0200
committer: Gregor Kleen <gkleen@yggdrasil.li> 2023-09-23 16:48:17 +0200
commit: ff504f0d6c9f22430412bacc5ae82d5f27ce077f (patch)
tree: 43d34db26cc85a7e34ad6e2a6171f80cccc2a839 /modules
parent: cb118fd08ceac4607bd53298810c5685220f5faf (diff)
download: nixos-ff504f0d6c9f22430412bacc5ae82d5f27ce077f.tar
nixos-ff504f0d6c9f22430412bacc5ae82d5f27ce077f.tar.gz
nixos-ff504f0d6c9f22430412bacc5ae82d5f27ce077f.tar.bz2
nixos-ff504f0d6c9f22430412bacc5ae82d5f27ce077f.tar.xz
nixos-ff504f0d6c9f22430412bacc5ae82d5f27ce077f.zip
2 files changed, 67 insertions, 4 deletions
diff --git a/modules/envfs.nix b/modules/envfs.nix
index 6aa12c1c..1463dce8 100644
--- a/modules/envfs.nix
+++ b/modules/envfs.nix
@@ -1,4 +1,67 @@
-{ lib, ... }:
+{ pkgs, config, lib, ... }:
-{
-  config.services.envfs.enable = lib.mkDefault true;
+let
+  cfg = config.services.envfs;
+  mounts = {
+    "/usr/bin" = {
+      device = "none";
+      fsType = "envfs";
+      options = [
+        "fallback-path=${pkgs.symlinkJoin {
+          name = "fallback-path";
+          inherit (cfg) paths;
+        }}"
+      ];
+    };
+    "/bin" = {
+      device = "/usr/bin";
+      fsType = "none";
+      options = [ "bind" "nofail" ];
+    };
+  };
+in {
+  disabledModules = [ "tasks/filesystems/envfs.nix" ];
+  options = {
+    services.envfs = {
+      enable = lib.mkEnableOption (lib.mdDoc "Envfs filesystem") // {
+        default = true;
+        description = lib.mdDoc ''
+          Fuse filesystem that returns symlinks to executables based on the PATH
+          of the requesting process. This is useful to execute shebangs on NixOS
+          that assume hard coded locations in locations like /bin or /usr/bin
+          etc.
+        '';
+      };
+      package = lib.mkOption {
+        type = lib.types.package;
+        default = pkgs.envfs;
+        defaultText = lib.literalExpression "pkgs.envfs";
+        description = lib.mdDoc "Which package to use for the envfs.";
+      };
+      paths = lib.mkOption {
+        type = lib.types.listOf lib.types.package;
+        default = [
+          (pkgs.runCommand "fallback-path-environment" {} ''
+            mkdir -p $out
+            ln -s ${config.environment.usrbinenv} $out/env
+            ln -s ${config.environment.binsh} $out/sh
+          '')
+        ];
+        description = lib.mdDoc "Extra packages to join into collection of fallback executables in case not other executable is found";
+      };
+    };
+  };
+  config = lib.mkIf (cfg.enable) {
+    environment.systemPackages = [ cfg.package ];
+    # we also want these mounts in virtual machines.
+    fileSystems = if config.virtualisation ? qemu then lib.mkVMOverride mounts else mounts;
+    # We no longer need those when using envfs
+    system.activationScripts.usrbinenv = lib.mkForce "";
+    system.activationScripts.binsh = lib.mkForce "";
+  };
 }
diff --git a/modules/pgbackrest.nix b/modules/pgbackrest.nix
index d4a4f9d6..41a7b381 100644
--- a/modules/pgbackrest.nix
+++ b/modules/pgbackrest.nix
@@ -143,7 +143,7 @@ in {
    environment.systemPackages = [ cfg.package ];
    services.postgresql.settings = mkIf cfg.configurePostgresql.enable {
-      archive_command = "pgbackrest --stanza ${cfg.configurePostgresql.stanza} archive-push %p";
+      archive_command = "pgbackrest --stanza ${escapeSystemdExecArg cfg.configurePostgresql.stanza} archive-push %p";
      archive_mode = true;
      max_wal_senders = mkDefault 3;
      wal_level = "replica";
author	Gregor Kleen <gkleen@yggdrasil.li>	2023-09-23 16:48:17 +0200
committer	Gregor Kleen <gkleen@yggdrasil.li>	2023-09-23 16:48:17 +0200
commit	ff504f0d6c9f22430412bacc5ae82d5f27ce077f (patch)
tree	43d34db26cc85a7e34ad6e2a6171f80cccc2a839 /modules
parent	cb118fd08ceac4607bd53298810c5685220f5faf (diff)
download	nixos-ff504f0d6c9f22430412bacc5ae82d5f27ce077f.tar nixos-ff504f0d6c9f22430412bacc5ae82d5f27ce077f.tar.gz nixos-ff504f0d6c9f22430412bacc5ae82d5f27ce077f.tar.bz2 nixos-ff504f0d6c9f22430412bacc5ae82d5f27ce077f.tar.xz nixos-ff504f0d6c9f22430412bacc5ae82d5f27ce077f.zip

diff --git a/modules/envfs.nix b/modules/envfs.nix index 6aa12c1c..1463dce8 100644 --- a/modules/envfs.nix +++ b/modules/envfs.nix
@@ -1,4 +1,67 @@
1	{ lib, ... }:	1	{ pkgs, config, lib, ... }:
2	{	2
3	config.services.envfs.enable = lib.mkDefault true;	3	let
		4	cfg = config.services.envfs;
		5	mounts = {
		6	"/usr/bin" = {
		7	device = "none";
		8	fsType = "envfs";
		9	options = [
		10	"fallback-path=${pkgs.symlinkJoin {
		11	name = "fallback-path";
		12	inherit (cfg) paths;
		13	}}"
		14	];
		15	};
		16	"/bin" = {
		17	device = "/usr/bin";
		18	fsType = "none";
		19	options = [ "bind" "nofail" ];
		20	};
		21	};
		22	in {
		23	disabledModules = [ "tasks/filesystems/envfs.nix" ];
		24
		25	options = {
		26	services.envfs = {
		27	enable = lib.mkEnableOption (lib.mdDoc "Envfs filesystem") // {
		28	default = true;
		29	description = lib.mdDoc ''
		30	Fuse filesystem that returns symlinks to executables based on the PATH
		31	of the requesting process. This is useful to execute shebangs on NixOS
		32	that assume hard coded locations in locations like /bin or /usr/bin
		33	etc.
		34	'';
		35	};
		36
		37	package = lib.mkOption {
		38	type = lib.types.package;
		39	default = pkgs.envfs;
		40	defaultText = lib.literalExpression "pkgs.envfs";
		41	description = lib.mdDoc "Which package to use for the envfs.";
		42	};
		43
		44	paths = lib.mkOption {
		45	type = lib.types.listOf lib.types.package;
		46	default = [
		47	(pkgs.runCommand "fallback-path-environment" {} ''
		48	mkdir -p $out
		49	ln -s ${config.environment.usrbinenv} $out/env
		50	ln -s ${config.environment.binsh} $out/sh
		51	'')
		52	];
		53	description = lib.mdDoc "Extra packages to join into collection of fallback executables in case not other executable is found";
		54	};
		55	};
		56	};
		57
		58	config = lib.mkIf (cfg.enable) {
		59	environment.systemPackages = [ cfg.package ];
		60	# we also want these mounts in virtual machines.
		61	fileSystems = if config.virtualisation ? qemu then lib.mkVMOverride mounts else mounts;
		62
		63	# We no longer need those when using envfs
		64	system.activationScripts.usrbinenv = lib.mkForce "";
		65	system.activationScripts.binsh = lib.mkForce "";
		66	};
4	}	67	}


diff --git a/modules/pgbackrest.nix b/modules/pgbackrest.nix index d4a4f9d6..41a7b381 100644 --- a/modules/pgbackrest.nix +++ b/modules/pgbackrest.nix
@@ -143,7 +143,7 @@ in {
143	environment.systemPackages = [ cfg.package ];	143	environment.systemPackages = [ cfg.package ];
144		144
145	services.postgresql.settings = mkIf cfg.configurePostgresql.enable {	145	services.postgresql.settings = mkIf cfg.configurePostgresql.enable {
146	archive_command = "pgbackrest --stanza ${cfg.configurePostgresql.stanza} archive-push %p";	146	archive_command = "pgbackrest --stanza ${escapeSystemdExecArg cfg.configurePostgresql.stanza} archive-push %p";
147	archive_mode = true;	147	archive_mode = true;
148	max_wal_senders = mkDefault 3;	148	max_wal_senders = mkDefault 3;
149	wal_level = "replica";	149	wal_level = "replica";