From bf652b7e2704ebc78102e9df1f0020829718a6d6 Mon Sep 17 00:00:00 2001 From: K900 Date: Fri, 29 Sep 2023 20:51:59 +0300 Subject: cleanup: minor treewide cleanups --- modules/recovery.nix | 4 +--- modules/systemd/default.nix | 2 +- modules/wsl-conf.nix | 2 +- modules/wsl-distro.nix | 2 +- 4 files changed, 4 insertions(+), 6 deletions(-) (limited to 'modules') diff --git a/modules/recovery.nix b/modules/recovery.nix index ec29da6..2352d51 100644 --- a/modules/recovery.nix +++ b/modules/recovery.nix @@ -1,7 +1,5 @@ -{ config, pkgs, lib, ... }: -with lib; +{ config, pkgs, ... }: let - nixos-enter' = config.system.build.nixos-enter.overrideAttrs (_: { runtimeShell = "/bin/bash"; }); diff --git a/modules/systemd/default.nix b/modules/systemd/default.nix index c6c2337..ae87c6b 100644 --- a/modules/systemd/default.nix +++ b/modules/systemd/default.nix @@ -1,4 +1,4 @@ -{ config, pkgs, lib, ... }: +{ config, lib, ... }: with lib; { imports = [ diff --git a/modules/wsl-conf.nix b/modules/wsl-conf.nix index 0058f29..877041a 100644 --- a/modules/wsl-conf.nix +++ b/modules/wsl-conf.nix @@ -1,4 +1,4 @@ -{ lib, pkgs, config, ... }: +{ lib, config, ... }: with lib; { imports = [ diff --git a/modules/wsl-distro.nix b/modules/wsl-distro.nix index 0b7648d..0a2b88b 100644 --- a/modules/wsl-distro.nix +++ b/modules/wsl-distro.nix @@ -1,4 +1,4 @@ -{ lib, pkgs, config, options, ... }: +{ lib, pkgs, config, ... }: with builtins; with lib; -- cgit v1.2.3 From 65ba7e6fb468fe67bff3751d205926bb05e0baff Mon Sep 17 00:00:00 2001 From: K900 Date: Fri, 29 Sep 2023 20:51:59 +0300 Subject: systemd: default to native --- modules/systemd/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/systemd/default.nix b/modules/systemd/default.nix index ae87c6b..9199bcb 100644 --- a/modules/systemd/default.nix +++ b/modules/systemd/default.nix @@ -9,7 +9,7 @@ with lib; { options.wsl = with types; { nativeSystemd = mkOption { type = bool; - default = false; + default = true; description = "Use native WSL systemd support"; }; }; -- cgit v1.2.3 From e6b1129f9d3c2010fba981307c72ad7d15717d3d Mon Sep 17 00:00:00 2001 From: K900 Date: Fri, 29 Sep 2023 20:51:59 +0300 Subject: feat: rewrite tarball generation to use proper nixos-install + nixos-enter Supersedes #243. --- modules/build-tarball.nix | 177 +++++++++++++++++++++------------------------- modules/wsl-distro.nix | 5 -- 2 files changed, 80 insertions(+), 102 deletions(-) (limited to 'modules') diff --git a/modules/build-tarball.nix b/modules/build-tarball.nix index d2e5231..f48c9ce 100644 --- a/modules/build-tarball.nix +++ b/modules/build-tarball.nix @@ -1,112 +1,95 @@ { config, pkgs, lib, ... }: with builtins; with lib; let - cfg = config.wsl.tarball; - - pkgs2storeContents = l: map (x: { object = x; symlink = "none"; }) l; - - nixpkgs = lib.cleanSource pkgs.path; - - channelSources = pkgs.runCommand "nixos-${config.system.nixos.version}" - { preferLocalBuild = true; } - '' - mkdir -p $out - cp -prd ${nixpkgs.outPath} $out/nixos - chmod -R u+w $out/nixos - if [ ! -e $out/nixos/nixpkgs ]; then - ln -s . $out/nixos/nixpkgs - fi - echo -n ${toString config.system.nixos.revision} > $out/nixos/.git-revision - echo -n ${toString config.system.nixos.versionSuffix} > $out/nixos/.version-suffix - echo ${toString config.system.nixos.versionSuffix} | sed -e s/pre// > $out/nixos/svn-revision - ''; - - preparer = pkgs.writeShellScriptBin "wsl-prepare" ('' - set -e - - mkdir -m 0755 ./bin ./etc - mkdir -m 1777 ./tmp - - # WSL requires a /bin/sh - only temporary, NixOS's activate will overwrite - ln -s ${config.users.users.root.shell} ./bin/sh - - # WSL also requires a /bin/mount, otherwise the host fs isn't accessible - ln -s /nix/var/nix/profiles/system/sw/bin/mount ./bin/mount - - # Set system profile - system=${config.system.build.toplevel} - ./$system/sw/bin/nix-store --store `pwd` --load-db < ./nix-path-registration - rm ./nix-path-registration - ./$system/sw/bin/nix-env --store `pwd` -p ./nix/var/nix/profiles/system --set $system - - # Set channel - mkdir -p ./nix/var/nix/profiles/per-user/root - ./$system/sw/bin/nix-env --store `pwd` -p ./nix/var/nix/profiles/per-user/root/channels --set ${channelSources} - mkdir -m 0700 -p ./root/.nix-defexpr - ln -s /nix/var/nix/profiles/per-user/root/channels ./root/.nix-defexpr/channels - - # It's now a NixOS! - touch ./etc/NIXOS - - # Write wsl.conf so that it is present when NixOS is started for the first time - cp ${config.environment.etc."wsl.conf".source} ./etc/wsl.conf - - '' + lib.optionalString cfg.includeConfig '' - ${if cfg.configPath == null then '' - # Copy the system configuration - mkdir -p ./etc/nixos/nixos-wsl - cp -R ${lib.cleanSource ../.}/. ./etc/nixos/nixos-wsl - mv ./etc/nixos/nixos-wsl/configuration.nix ./etc/nixos/configuration.nix - # Patch the import path to avoid having a flake.nix in /etc/nixos - sed -i 's|import \./default\.nix|import \./nixos-wsl|' ./etc/nixos/configuration.nix - '' else '' - mkdir -p ./etc/nixos - cp -R ${lib.cleanSource cfg.configPath}/. ./etc/nixos - ''} - chmod -R u+w etc/nixos - ''); + cfg = config.wsl; -in -{ - - options.wsl.tarball = { - includeConfig = mkOption { - type = types.bool; - default = true; - description = "Whether or not to copy the system configuration into the tarball"; - }; - - configPath = mkOption { - type = types.nullOr types.path; - default = null; - description = "Path to system configuration which is copied into the tarball"; - }; - }; + defaultConfig = pkgs.writeText "default-configuration.nix" '' + # Edit this configuration file to define what should be installed on + # your system. Help is available in the configuration.nix(5) man page, on + # https://search.nixos.org/options and in the NixOS manual (`nixos-help`). + # NixOS-WSL specific options are documented on the NixOS-WSL repository: + # https://github.com/nix-community/NixOS-WSL - config = mkIf config.wsl.enable { - # These options make no sense without the wsl-distro module anyway + { config, lib, pkgs, ... }: - system.build.tarball = pkgs.callPackage "${nixpkgs}/nixos/lib/make-system-tarball.nix" { - - contents = [ - { source = config.users.users.root.shell; target = "/nix/nixos-wsl/entrypoint"; } + { + imports = [ + # include NixOS-WSL modules + ]; - fileName = "nixos-wsl-${pkgs.hostPlatform.system}"; + wsl.enable = true; + wsl.defaultUser = "nixos"; + ${cfg.extraTarballConfig} + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It's perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "${config.system.nixos.release}"; # Did you read the comment? + } + ''; +in +{ + options.wsl.extraTarballConfig = mkOption { + type = types.str; + internal = true; + default = ""; + }; - storeContents = pkgs2storeContents [ - config.system.build.toplevel - channelSources - preparer - ]; + # These options make no sense without the wsl-distro module anyway + config = mkIf cfg.enable { + system.build.tarballBuilder = pkgs.writeShellApplication { + name = "nixos-wsl-tarball-builder"; - extraCommands = "${preparer}/bin/wsl-prepare"; + runtimeInputs = [ + pkgs.coreutils + pkgs.gnutar + pkgs.nixos-install-tools + config.nix.package + ]; - # Use gzip - compressCommand = "gzip"; - compressionExtension = ".gz"; + text = '' + if ! [ $EUID -eq 0 ]; then + echo "This script must be run as root!" + exit 1 + fi + + out=''${1:-nixos-wsl.tar.gz} + + root=$(mktemp -p "''${TMPDIR:-/tmp}" -d nixos-wsl-tarball.XXXXXXXXXX) + # FIXME: fails in CI for some reason, but we don't really care because it's CI + trap 'rm -rf "$root" || true' INT TERM EXIT + + chmod o+rx "$root" + + echo "[NixOS-WSL] Installing..." + nixos-install \ + --root "$root" \ + --no-root-passwd \ + --system ${config.system.build.toplevel} \ + --substituters "" + + echo "[NixOS-WSL] Adding channel..." + nixos-enter --root "$root" --command 'nix-channel --add https://github.com/nix-community/NixOS-WSL/archive/refs/heads/main.tar.gz nixos-wsl' + + echo "[NixOS-WSL] Adding default config..." + install -Dm644 ${defaultConfig} "$root/etc/nixos/configuration.nix" + + echo "[NixOS-WSL] Compressing..." + tar -C "$root" \ + -cz \ + --sort=name \ + --mtime='@1' \ + --owner=0 \ + --group=0 \ + --numeric-owner \ + . \ + > "$out" + ''; }; - }; } diff --git a/modules/wsl-distro.nix b/modules/wsl-distro.nix index 0a2b88b..f2279e3 100644 --- a/modules/wsl-distro.nix +++ b/modules/wsl-distro.nix @@ -132,11 +132,6 @@ in config.wsl.extraBin )} ''); - # TODO: This is only needed for the docker tests, it can be removed when they are moved to something else - update-entrypoint.text = '' - mkdir -p /nix/nixos-wsl - ln -sfn ${config.users.users.root.shell} /nix/nixos-wsl/entrypoint - ''; }; # require people to use lib.mkForce to make it harder to brick their installation -- cgit v1.2.3 From 5f0eb2075bb1ae00496be4deca0c9e5bb848763e Mon Sep 17 00:00:00 2001 From: K900 Date: Fri, 29 Sep 2023 20:51:59 +0300 Subject: cleanup: remove the old installer, now unused --- modules/installer.nix | 72 --------------------------------------------------- 1 file changed, 72 deletions(-) delete mode 100644 modules/installer.nix (limited to 'modules') diff --git a/modules/installer.nix b/modules/installer.nix deleted file mode 100644 index 74cd7b2..0000000 --- a/modules/installer.nix +++ /dev/null @@ -1,72 +0,0 @@ -{ config, lib, pkgs, ... }: -with builtins; with lib; { - - config = mkIf config.wsl.enable ( - let - mkTarball = pkgs.callPackage "${lib.cleanSource pkgs.path}/nixos/lib/make-system-tarball.nix"; - - pkgs2storeContents = map (x: { object = x; symlink = "none"; }); - - rootfs = let tarball = config.system.build.tarball; in "${tarball}/tarball/${tarball.fileName}.tar${tarball.extension}"; - - installer = pkgs.writeScript "installer.sh" '' - #!${pkgs.busybox}/bin/sh - BASEPATH=$PATH - export PATH=$BASEPATH:${pkgs.busybox}/bin # Add busybox to path - - set -e - cd / - - echo "Unpacking root file system..." - ${pkgs.pv}/bin/pv ${rootfs} | tar xz - - echo "Activating nix configuration..." - LANG="C.UTF-8" /nix/var/nix/profiles/system/activate - PATH=$BASEPATH:/run/current-system/sw/bin # Use packages from target system - - echo "Cleaning up installer files..." - nix-collect-garbage - rm /nix-path-registration - - echo "Optimizing store..." - nix-store --optimize - - # Don't package the shell here, it's contained in the rootfs - exec ${builtins.unsafeDiscardStringContext config.users.users.root.shell} "$@" - ''; - - # Set installer.sh as the root shell - passwd = pkgs.writeText "passwd" '' - root:x:0:0:System administrator:/root:${installer} - ''; - in - { - - system.build.installer = mkTarball { - fileName = "nixos-wsl-installer"; - compressCommand = "gzip"; - compressionExtension = ".gz"; - extraArgs = "--hard-dereference"; - - storeContents = pkgs2storeContents [ installer ]; - - contents = [ - { source = config.environment.etc."wsl.conf".source; target = "/etc/wsl.conf"; } - { source = config.environment.etc."fstab".source; target = "/etc/fstab"; } - { source = passwd; target = "/etc/passwd"; } - { source = "${pkgs.busybox}/bin/busybox"; target = "/bin/sh"; } - { source = "${pkgs.busybox}/bin/busybox"; target = "/bin/mount"; } - { source = "${installer}"; target = "/nix/nixos-wsl/entrypoint"; } - ]; - - extraCommands = pkgs.writeShellScript "prepare" '' - export PATH=$PATH:${pkgs.coreutils}/bin - mkdir -p bin - ln -s /init bin/wslpath - ''; - }; - - } - ); - -} -- cgit v1.2.3 From 83fbe7e22049bc29ab60a46e390018ff6ae340da Mon Sep 17 00:00:00 2001 From: K900 Date: Fri, 29 Sep 2023 20:51:59 +0300 Subject: cleanup: remove old docker-desktop hacks --- modules/default.nix | 3 +-- modules/docker-desktop.nix | 41 +++++++++++++++++++++++++++++++++++++++ modules/docker/default.nix | 6 ------ modules/docker/docker-desktop.nix | 41 --------------------------------------- modules/docker/native.nix | 34 -------------------------------- 5 files changed, 42 insertions(+), 83 deletions(-) create mode 100644 modules/docker-desktop.nix delete mode 100644 modules/docker/default.nix delete mode 100644 modules/docker/docker-desktop.nix delete mode 100644 modules/docker/native.nix (limited to 'modules') diff --git a/modules/default.nix b/modules/default.nix index 0278634..0e5c58f 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -1,8 +1,7 @@ { ... }: { imports = [ ./build-tarball.nix - ./docker - ./installer.nix + ./docker-desktop.nix ./interop.nix ./recovery.nix ./systemd diff --git a/modules/docker-desktop.nix b/modules/docker-desktop.nix new file mode 100644 index 0000000..e2ae076 --- /dev/null +++ b/modules/docker-desktop.nix @@ -0,0 +1,41 @@ +{ config, lib, pkgs, ... }: +with builtins; with lib; { + + imports = [ + (mkRenamedOptionModule [ "wsl" "docker" ] [ "wsl" "docker-desktop" ]) + ]; + + options.wsl.docker-desktop = with types; { + enable = mkEnableOption "Docker Desktop integration"; + }; + + config = + let + cfg = config.wsl.docker-desktop; + in + mkIf (config.wsl.enable && cfg.enable) { + + environment.systemPackages = with pkgs; [ + docker + docker-compose + ]; + + systemd.services.docker-desktop-proxy = { + description = "Docker Desktop proxy"; + script = '' + ${config.wsl.wslConf.automount.root}/wsl/docker-desktop/docker-desktop-user-distro proxy --docker-desktop-root ${config.wsl.wslConf.automount.root}/wsl/docker-desktop + ''; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + Restart = "on-failure"; + RestartSec = "30s"; + }; + }; + + users.groups.docker.members = [ + config.wsl.defaultUser + ]; + + }; + +} diff --git a/modules/docker/default.nix b/modules/docker/default.nix deleted file mode 100644 index 176b95b..0000000 --- a/modules/docker/default.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ ... }: { - imports = [ - ./docker-desktop.nix - ./native.nix - ]; -} diff --git a/modules/docker/docker-desktop.nix b/modules/docker/docker-desktop.nix deleted file mode 100644 index e2ae076..0000000 --- a/modules/docker/docker-desktop.nix +++ /dev/null @@ -1,41 +0,0 @@ -{ config, lib, pkgs, ... }: -with builtins; with lib; { - - imports = [ - (mkRenamedOptionModule [ "wsl" "docker" ] [ "wsl" "docker-desktop" ]) - ]; - - options.wsl.docker-desktop = with types; { - enable = mkEnableOption "Docker Desktop integration"; - }; - - config = - let - cfg = config.wsl.docker-desktop; - in - mkIf (config.wsl.enable && cfg.enable) { - - environment.systemPackages = with pkgs; [ - docker - docker-compose - ]; - - systemd.services.docker-desktop-proxy = { - description = "Docker Desktop proxy"; - script = '' - ${config.wsl.wslConf.automount.root}/wsl/docker-desktop/docker-desktop-user-distro proxy --docker-desktop-root ${config.wsl.wslConf.automount.root}/wsl/docker-desktop - ''; - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - Restart = "on-failure"; - RestartSec = "30s"; - }; - }; - - users.groups.docker.members = [ - config.wsl.defaultUser - ]; - - }; - -} diff --git a/modules/docker/native.nix b/modules/docker/native.nix deleted file mode 100644 index 88f48d9..0000000 --- a/modules/docker/native.nix +++ /dev/null @@ -1,34 +0,0 @@ -{ config, lib, pkgs, ... }: -with builtins; with lib; { - - options.wsl.docker-native = with types; { - enable = mkEnableOption "Native Docker integration in NixOS."; - - addToDockerGroup = mkOption { - type = bool; - default = config.security.sudo.wheelNeedsPassword; - description = '' - Wether to add the default user to the docker group. - - This is not recommended, if you have a password, because it essentially permits unauthenticated root access. - ''; - }; - }; - - config = - let - cfg = config.wsl.docker-native; - in - mkIf (config.wsl.enable && cfg.enable) { - environment.systemPackages = with pkgs; [ - docker-compose - ]; - - virtualisation.docker.package = (pkgs.docker.override { iptables = pkgs.iptables-legacy; }); - virtualisation.docker.enable = true; - - users.groups.docker.members = lib.mkIf cfg.addToDockerGroup [ - config.wsl.defaultUser - ]; - }; -} -- cgit v1.2.3 From 3fd77209a6cea76cdf43f005abfb71d17ae816e5 Mon Sep 17 00:00:00 2001 From: K900 Date: Fri, 29 Sep 2023 20:51:59 +0300 Subject: cleanup: remove old WSL interop hacks --- modules/interop.nix | 58 ++++++++--------------------------------------------- 1 file changed, 8 insertions(+), 50 deletions(-) (limited to 'modules') diff --git a/modules/interop.nix b/modules/interop.nix index d055d4b..bcd3040 100644 --- a/modules/interop.nix +++ b/modules/interop.nix @@ -1,11 +1,7 @@ -{ lib, pkgs, config, ... }: +{ lib, config, ... }: with builtins; with lib; { - imports = [ - (mkRenamedOptionModule [ "wsl" "compatibility" "interopPreserveArgvZero" ] [ "wsl" "interop" "preserveArgvZero" ]) - ]; - options.wsl.interop = with types; { register = mkOption { type = bool; @@ -18,18 +14,6 @@ with builtins; with lib; default = true; description = "Include Windows PATH in WSL PATH"; }; - - preserveArgvZero = mkOption { - type = nullOr bool; - default = null; - description = '' - Register binfmt interpreter for Windows executables with 'preserves argv[0]' flag. - - Default (null): autodetect, at some performance cost. - To avoid the performance cost, set this to true for WSL Preview 0.58 and up, - or to false for any older versions, including pre-Microsoft Store and Windows 10. - ''; - }; }; config = @@ -39,39 +23,13 @@ with builtins; with lib; mkIf config.wsl.enable { boot.binfmt.registrations = mkIf cfg.register { - WSLInterop = - let - compat = cfg.preserveArgvZero; - - # WSL Preview 0.58 and up registers the /init binfmt interp for Windows executable - # with the "preserve argv[0]" flag, so if you run `./foo.exe`, the interp gets invoked - # as `/init foo.exe ./foo.exe`. - # argv[0] --^ ^-- actual path - # - # Older versions expect to be called without the argv[0] bit, simply as `/init ./foo.exe`. - # - # We detect that by running `/init /known-not-existing-path.exe` and checking the exit code: - # the new style interp expects at least two arguments, so exits with exit code 1, - # presumably meaning "parsing error"; the old style interp attempts to actually run - # the executable, fails to find it, and exits with 255. - compatWrapper = pkgs.writeShellScript "nixos-wsl-binfmt-hack" '' - /init /nixos-wsl-does-not-exist.exe - [ $? -eq 255 ] && shift - exec /init "$@" - ''; - - # use the autodetect hack if unset, otherwise call /init directly - interpreter = if compat == null then compatWrapper else "/init"; - - # enable for the wrapper and autodetect hack - preserveArgvZero = if compat == false then false else true; - in - { - magicOrExtension = "MZ"; - fixBinary = true; - wrapInterpreterInShell = false; - inherit interpreter preserveArgvZero; - }; + WSLInterop = { + magicOrExtension = "MZ"; + fixBinary = true; + wrapInterpreterInShell = false; + interpreter = "/init"; + preserveArgvZero = true; + }; }; warnings = -- cgit v1.2.3 From d03144f1b642bb1cc93240d8c75aeb35d67084c6 Mon Sep 17 00:00:00 2001 From: K900 Date: Fri, 29 Sep 2023 21:58:02 +0300 Subject: fix: add warnings for old removed options --- modules/default.nix | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/default.nix b/modules/default.nix index 0e5c58f..08a612a 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -1,4 +1,4 @@ -{ ... }: { +{ lib, ... }: { imports = [ ./build-tarball.nix ./docker-desktop.nix @@ -8,5 +8,12 @@ ./version.nix ./wsl-conf.nix ./wsl-distro.nix + + (lib.mkRemovedOptionModule [ "wsl" "docker-native" ] + "Additional workarounds are no longer required for Docker to work. Please use the standard `virtualisation.docker` NixOS options.") + (lib.mkRemovedOptionModule [ "wsl" "interop" "preserveArgvZero" ] + "wsl.interop.preserveArgvZero is now always enabled, as used by modern WSL versions.") + (lib.mkRemovedOptionModule [ "wsl" "tarball" ] + "The tarball is now always generated with a default configuration.nix.") ]; } -- cgit v1.2.3 From ff1413aa34c525bf01145b40b99acfb7868ab285 Mon Sep 17 00:00:00 2001 From: K900 Date: Fri, 29 Sep 2023 23:32:46 +0300 Subject: fix: fix legacy (syschdemd) mode Quoth man mount(2) > EINVAL > > A bind operation (MS_BIND) was requested where source > referred a mount namespace magic link (i.e., a > /proc/pid/ns/mnt magic link or a bind mount to such a > link) and the propagation type of the parent mount of > target was MS_SHARED, but propagation of the requested > bind mount could lead to a circular dependency that might > prevent the mount namespace from ever being freed. --- modules/systemd/syschdemd/syschdemd.sh | 2 ++ 1 file changed, 2 insertions(+) (limited to 'modules') diff --git a/modules/systemd/syschdemd/syschdemd.sh b/modules/systemd/syschdemd/syschdemd.sh index fa0ffe5..75f10aa 100644 --- a/modules/systemd/syschdemd/syschdemd.sh +++ b/modules/systemd/syschdemd/syschdemd.sh @@ -38,6 +38,8 @@ run_in_namespace() { } start_systemd() { + mount --bind --make-private $rundir $rundir + daemonize \ -o $rundir/stdout \ -e $rundir/stderr \ -- cgit v1.2.3