|
1 | 1 | { |
2 | 2 | nixosModulesPath, |
3 | 3 | lib, |
| 4 | + pkgs, |
| 5 | + config, |
4 | 6 | ... |
5 | 7 | }: |
| 8 | +let |
| 9 | + modulesTypeDesc = '' |
| 10 | + This can either be a list of modules, or an attrset. In an |
| 11 | + attrset, names that are set to `true` represent modules that will |
| 12 | + be included. Note that setting these names to `false` does not |
| 13 | + prevent the module from being loaded. |
| 14 | + ''; |
| 15 | + kernelModulesConf = pkgs.writeText "nixos.conf" '' |
| 16 | + ${lib.concatStringsSep "\n" config.boot.kernelModules} |
| 17 | + ''; |
| 18 | + attrNamesToTrue = lib.types.coercedTo (lib.types.listOf lib.types.str) ( |
| 19 | + enabledList: lib.genAttrs enabledList (_attrName: true) |
| 20 | + ) (lib.types.attrsOf lib.types.bool); |
| 21 | +in |
6 | 22 | { |
7 | 23 | imports = [ |
8 | 24 | ./firewall.nix |
|
20 | 36 | "/misc/ids.nix" |
21 | 37 | "/security/acme/" |
22 | 38 | "/services/web-servers/nginx/" |
| 39 | + "/config/sysctl.nix" |
23 | 40 | # nix settings |
24 | 41 | "/config/nix.nix" |
25 | 42 | "/services/system/userborn.nix" |
|
29 | 46 | options = |
30 | 47 | # We need to ignore a bunch of options that are used in NixOS modules but |
31 | 48 | # that don't apply to system-manager configs. |
32 | | - # TODO: can we print an informational message for things like kernel modules |
33 | | - # to inform users that they need to be enabled in the host system? |
34 | 49 | { |
35 | 50 | boot = lib.mkOption { |
36 | | - type = lib.types.raw; |
| 51 | + type = lib.types.submodule { |
| 52 | + freeformType = lib.types.attrsOf lib.types.raw; |
| 53 | + options = { |
| 54 | + kernelModules = lib.mkOption { |
| 55 | + type = attrNamesToTrue; |
| 56 | + default = { }; |
| 57 | + description = '' |
| 58 | + The set of kernel modules to be loaded in the second stage of |
| 59 | + the boot process. |
| 60 | +
|
| 61 | + ${modulesTypeDesc} |
| 62 | + ''; |
| 63 | + apply = mods: lib.attrNames (lib.filterAttrs (_: v: v) mods); |
| 64 | + }; |
| 65 | + }; |
| 66 | + }; |
| 67 | + default = { }; |
37 | 68 | }; |
38 | 69 |
|
39 | 70 | # nixos/modules/services/system/userborn.nix still depends on activation scripts |
|
64 | 95 | }; |
65 | 96 | }; |
66 | 97 | }; |
| 98 | + |
| 99 | + config = { |
| 100 | + # Create /etc/modules-load.d/system-manager.conf, which is read by |
| 101 | + # systemd-modules-load.service to load required kernel modules. |
| 102 | + environment.etc = lib.mkIf (config.boot.kernelModules != { }) { |
| 103 | + "modules-load.d/system-manager.conf".source = kernelModulesConf; |
| 104 | + }; |
| 105 | + |
| 106 | + # config/sysctl.nix assumes it can freely configure systemd-sysctl.service. |
| 107 | + # However, in our case, the service is managed by the host system, |
| 108 | + # so we default to enable = false; to avoid unintended interference. |
| 109 | + systemd.services.systemd-sysctl.enable = lib.mkDefault false; |
| 110 | + }; |
67 | 111 | } |
0 commit comments