search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
nixos/filesystems: don't silently ignore label when device is set (#361418)
[NixPkgs.git] / pkgs / os-specific / linux / nixos-rebuild / nixos-rebuild.sh
blob9e4fde59172cbb628ccd1aadd1f7c014d2f7b6a5
1 #! @runtimeShell@
2 # shellcheck shell=bash
3
4 if [ -x "@runtimeShell@" ]; then export SHELL="@runtimeShell@"; fi;
5
6 set -e
7 set -o pipefail
8 shopt -s inherit_errexit
9
10 export PATH=@path@:$PATH
11
12 showSyntax() {
13 exec man nixos-rebuild
14 exit 1
15 }
16
17
18 # Parse the command line.
19 origArgs=("$@")
20 copyFlags=()
21 extraBuildFlags=()
22 lockFlags=()
23 flakeFlags=(--extra-experimental-features 'nix-command flakes')
24 action=
25 buildNix=1
26 fast=
27 rollback=
28 upgrade=
29 upgrade_all=
30 profile=/nix/var/nix/profiles/system
31 specialisation=
32 buildHost=
33 targetHost=
34 remoteSudo=
35 noSSHTTY=
36 verboseScript=
37 noFlake=
38 attr=
39 buildFile=default.nix
40 buildingAttribute=1
41 installBootloader=
42 json=
43
44 # log the given argument to stderr
45 log() {
46 echo "$@" >&2
47 }
48
49 while [ "$#" -gt 0 ]; do
50 i="$1"; shift 1
51 case "$i" in
52 --help)
53 showSyntax
54 ;;
55 switch|boot|test|build|edit|repl|dry-build|dry-run|dry-activate|build-vm|build-vm-with-bootloader|list-generations)
56 if [ "$i" = dry-run ]; then i=dry-build; fi
57 if [ "$i" = list-generations ]; then
58 buildNix=
59 fast=1
60 fi
61 # exactly one action mandatory, bail out if multiple are given
62 if [ -n "$action" ]; then showSyntax; fi
63 action="$i"
64 ;;
65 --file|-f)
66 if [ -z "$1" ]; then
67 log "$0: '$i' requires an argument"
68 exit 1
69 fi
70 buildFile="$1"
71 buildingAttribute=
72 shift 1
73 ;;
74 --attr|-A)
75 if [ -z "$1" ]; then
76 log "$0: '$i' requires an argument"
77 exit 1
78 fi
79 attr="$1"
80 buildingAttribute=
81 shift 1
82 ;;
83 --install-grub)
84 log "$0: --install-grub deprecated, use --install-bootloader instead"
85 installBootloader=1
86 ;;
87 --install-bootloader)
88 installBootloader=1
89 ;;
90 --no-build-nix)
91 buildNix=
92 ;;
93 --rollback)
94 rollback=1
95 ;;
96 --upgrade)
97 upgrade=1
98 ;;
99 --upgrade-all)
100 upgrade=1
101 upgrade_all=1
102 ;;
103 --use-substitutes|--substitute-on-destination|-s)
104 copyFlags+=("-s")
105 ;;
106 -I|--builders)
107 j="$1"; shift 1
108 extraBuildFlags+=("$i" "$j")
109 ;;
110 --max-jobs|-j|--cores|--log-format)
111 j="$1"; shift 1
112 extraBuildFlags+=("$i" "$j")
113 copyFlags+=("$i" "$j")
114 ;;
115 --accept-flake-config|-j*|--quiet|--print-build-logs|-L|--no-build-output|-Q|--show-trace|--refresh|--impure|--offline|--no-net)
116 extraBuildFlags+=("$i")
117 ;;
118 --keep-going|-k|--keep-failed|-K|--fallback|--repair)
119 extraBuildFlags+=("$i")
120 copyFlags+=("$i")
121 ;;
122 --verbose|-v|-vv|-vvv|-vvvv|-vvvvv)
123 verboseScript="true"
124 extraBuildFlags+=("$i")
125 copyFlags+=("$i")
126 ;;
127 --option)
128 j="$1"; shift 1
129 k="$1"; shift 1
130 extraBuildFlags+=("$i" "$j" "$k")
131 copyFlags+=("$i" "$j" "$k")
132 ;;
133 --fast)
134 buildNix=
135 fast=1
136 ;;
137 --profile-name|-p)
138 if [ -z "$1" ]; then
139 log "$0: ‘--profile-name’ requires an argument"
140 exit 1
141 fi
142 if [ "$1" != system ]; then
143 profile="/nix/var/nix/profiles/system-profiles/$1"
144 (umask 022 && mkdir -p "$(dirname "$profile")")
145 fi
146 shift 1
147 ;;
148 --specialisation|-c)
149 if [ -z "$1" ]; then
150 log "$0: ‘--specialisation’ requires an argument"
151 exit 1
152 fi
153 specialisation="$1"
154 shift 1
155 ;;
156 --build-host)
157 buildHost="$1"
158 shift 1
159 ;;
160 --target-host)
161 targetHost="$1"
162 shift 1
163 ;;
164 --use-remote-sudo)
165 remoteSudo=1
166 ;;
167 --no-ssh-tty)
168 noSSHTTY=1
169 ;;
170 --flake)
171 flake="$1"
172 shift 1
173 ;;
174 --no-flake)
175 noFlake=1
176 ;;
177 --recreate-lock-file|--no-update-lock-file|--no-write-lock-file|--no-registries|--commit-lock-file)
178 lockFlags+=("$i")
179 ;;
180 --update-input)
181 j="$1"; shift 1
182 lockFlags+=("$i" "$j")
183 ;;
184 --override-input)
185 j="$1"; shift 1
186 k="$1"; shift 1
187 lockFlags+=("$i" "$j" "$k")
188 ;;
189 --json)
190 json=1
191 ;;
192 *)
193 log "$0: unknown option \`$i'"
194 exit 1
195 ;;
196 esac
197 done
198
199 # log the given argument to stderr if verbose mode is on
200 logVerbose() {
201 if [ -n "$verboseScript" ]; then
202 echo "$@" >&2
203 fi
204 }
205
206 # Run a command, logging it first if verbose mode is on
207 runCmd() {
208 logVerbose "$" "$@"
209 "$@"
210 }
211
212 buildHostCmd() {
213 local c
214 if [[ "${useSudo:-x}" = 1 ]]; then
215 c=("sudo")
216 else
217 c=()
218 fi
219
220 if [ -z "$buildHost" ]; then
221 runCmd "$@"
222 elif [ -n "$remoteNix" ]; then
223 runCmd ssh $SSHOPTS "$buildHost" "${c[@]}" env PATH="$remoteNix":'$PATH' "$@"
224 else
225 runCmd ssh $SSHOPTS "$buildHost" "${c[@]}" "$@"
226 fi
227 }
228
229 targetHostCmd() {
230 local c
231 if [[ "${useSudo:-x}" = 1 ]]; then
232 c=("sudo")
233 else
234 c=()
235 fi
236
237 if [ -z "$targetHost" ]; then
238 runCmd "${c[@]}" "$@"
239 else
240 runCmd ssh $SSHOPTS "$targetHost" "${c[@]}" "$@"
241 fi
242 }
243
244 targetHostSudoCmd() {
245 local t=
246 if [[ ! "${noSSHTTY:-x}" = 1 ]]; then
247 t="-t"
248 fi
249
250 if [ -n "$remoteSudo" ]; then
251 useSudo=1 SSHOPTS="$SSHOPTS $t" targetHostCmd "$@"
252 else
253 # While a tty might not be necessary, we apply it to be consistent with
254 # sudo usage, and an experience that is more consistent with local deployment.
255 # But if the user really doesn't want it, don't do it.
256 SSHOPTS="$SSHOPTS $t" targetHostCmd "$@"
257 fi
258 }
259
260 copyToTarget() {
261 if ! [ "$targetHost" = "$buildHost" ]; then
262 if [ -z "$targetHost" ]; then
263 logVerbose "Running nix-copy-closure with these NIX_SSHOPTS: $SSHOPTS"
264 NIX_SSHOPTS=$SSHOPTS runCmd nix-copy-closure "${copyFlags[@]}" --from "$buildHost" "$1"
265 elif [ -z "$buildHost" ]; then
266 logVerbose "Running nix-copy-closure with these NIX_SSHOPTS: $SSHOPTS"
267 NIX_SSHOPTS=$SSHOPTS runCmd nix-copy-closure "${copyFlags[@]}" --to "$targetHost" "$1"
268 else
269 buildHostCmd nix-copy-closure "${copyFlags[@]}" --to "$targetHost" "$1"
270 fi
271 fi
272 }
273
274 nixBuild() {
275 logVerbose "Building in legacy (non-flake) mode."
276 if [ -z "$buildHost" ]; then
277 logVerbose "No --build-host given, running nix-build locally"
278 runCmd nix-build "$@"
279 else
280 logVerbose "buildHost set to \"$buildHost\", running nix-build remotely"
281 local instArgs=()
282 local buildArgs=()
283 local drv=
284
285 while [ "$#" -gt 0 ]; do
286 local i="$1"; shift 1
287 case "$i" in
288 -o)
289 local out="$1"; shift 1
290 buildArgs+=("--add-root" "$out" "--indirect")
291 ;;
292 -A)
293 local j="$1"; shift 1
294 instArgs+=("$i" "$j")
295 ;;
296 -I) # We don't want this in buildArgs
297 shift 1
298 ;;
299 --no-out-link) # We don't want this in buildArgs
300 ;;
301 "<"*) # nix paths
302 instArgs+=("$i")
303 ;;
304 *)
305 buildArgs+=("$i")
306 ;;
307 esac
308 done
309
310 if [[ -z $buildingAttribute ]]; then
311 instArgs+=("$buildFile")
312 fi
313
314 drv="$(runCmd nix-instantiate "${instArgs[@]}" "${extraBuildFlags[@]}")"
315 if [ -a "$drv" ]; then
316 logVerbose "Running nix-copy-closure with these NIX_SSHOPTS: $SSHOPTS"
317 NIX_SSHOPTS=$SSHOPTS runCmd nix-copy-closure --to "$buildHost" "$drv"
318 buildHostCmd nix-store -r "$drv" "${buildArgs[@]}"
319 else
320 log "nix-instantiate failed"
321 exit 1
322 fi
323 fi
324 }
325
326 nixFlakeBuild() {
327 logVerbose "Building in flake mode."
328 if [[ -z "$buildHost" && -z "$targetHost" && "$action" != switch && "$action" != boot && "$action" != test && "$action" != dry-activate ]]
329 then
330 runCmd nix "${flakeFlags[@]}" build "$@"
331 readlink -f ./result
332 elif [ -z "$buildHost" ]; then
333 runCmd nix "${flakeFlags[@]}" build "$@" --out-link "${tmpDir}/result"
334 readlink -f "${tmpDir}/result"
335 else
336 local attr="$1"
337 shift 1
338 local evalArgs=()
339 local buildArgs=()
340 local drv=
341
342 while [ "$#" -gt 0 ]; do
343 local i="$1"; shift 1
344 case "$i" in
345 --recreate-lock-file|--no-update-lock-file|--no-write-lock-file|--no-registries|--commit-lock-file)
346 evalArgs+=("$i")
347 ;;
348 --update-input)
349 local j="$1"; shift 1
350 evalArgs+=("$i" "$j")
351 ;;
352 --override-input)
353 local j="$1"; shift 1
354 local k="$1"; shift 1
355 evalArgs+=("$i" "$j" "$k")
356 ;;
357 --impure) # We don't want this in buildArgs, it's only needed at evaluation time, and unsupported during realisation
358 ;;
359 *)
360 buildArgs+=("$i")
361 ;;
362 esac
363 done
364
365 drv="$(runCmd nix "${flakeFlags[@]}" eval --raw "${attr}.drvPath" "${evalArgs[@]}" "${extraBuildFlags[@]}")"
366 if [ -a "$drv" ]; then
367 logVerbose "Running nix with these NIX_SSHOPTS: $SSHOPTS"
368 NIX_SSHOPTS=$SSHOPTS runCmd nix "${flakeFlags[@]}" copy "${copyFlags[@]}" --derivation --to "ssh://$buildHost" "$drv"
369 buildHostCmd nix-store -r "$drv" "${buildArgs[@]}"
370 else
371 log "nix eval failed"
372 exit 1
373 fi
374 fi
375 }
376
377
378 if [ -z "$action" ]; then showSyntax; fi
379
380 # Only run shell scripts from the Nixpkgs tree if the action is
381 # "switch", "boot", or "test". With other actions (such as "build"),
382 # the user may reasonably expect that no code from the Nixpkgs tree is
383 # executed, so it's safe to run nixos-rebuild against a potentially
384 # untrusted tree.
385 canRun=
386 if [[ "$action" = switch || "$action" = boot || "$action" = test ]]; then
387 canRun=1
388 fi
389
390 # Verify that user is not trying to use attribute building and flake
391 # at the same time
392 if [[ -z $buildingAttribute && -n $flake ]]; then
393 log "error: '--flake' cannot be used with '--file' or '--attr'"
394 exit 1
395 fi
396
397 # If ‘--upgrade’ or `--upgrade-all` is given,
398 # run ‘nix-channel --update nixos’.
399 if [[ -n $upgrade && -z $_NIXOS_REBUILD_REEXEC && -z $flake ]]; then
400 # If --upgrade-all is passed, or there are other channels that
401 # contain a file called ".update-on-nixos-rebuild", update them as
402 # well. Also upgrade the nixos channel.
403
404 for channelpath in /nix/var/nix/profiles/per-user/root/channels/*; do
405 channel_name=$(basename "$channelpath")
406
407 if [[ "$channel_name" == "nixos" ]]; then
408 runCmd nix-channel --update "$channel_name"
409 elif [ -e "$channelpath/.update-on-nixos-rebuild" ]; then
410 runCmd nix-channel --update "$channel_name"
411 elif [[ -n $upgrade_all ]] ; then
412 runCmd nix-channel --update "$channel_name"
413 fi
414 done
415 fi
416
417 # Make sure that we use the Nix package we depend on, not something
418 # else from the PATH for nix-{env,instantiate,build}. This is
419 # important, because NixOS defaults the architecture of the rebuilt
420 # system to the architecture of the nix-* binaries used. So if on an
421 # amd64 system the user has an i686 Nix package in her PATH, then we
422 # would silently downgrade the whole system to be i686 NixOS on the
423 # next reboot.
424 if [ -z "$_NIXOS_REBUILD_REEXEC" ]; then
425 export PATH=@nix@/bin:$PATH
426 fi
427
428 # Use /etc/nixos/flake.nix if it exists. It can be a symlink to the
429 # actual flake.
430 if [[ -z $flake && -e /etc/nixos/flake.nix && -z $noFlake ]]; then
431 flake="$(dirname "$(readlink -f /etc/nixos/flake.nix)")"
432 fi
433
434 tmpDir=$(mktemp -t -d nixos-rebuild.XXXXXX)
435
436 if [[ ${#tmpDir} -ge 60 ]]; then
437 # Very long tmp dirs lead to "too long for Unix domain socket"
438 # SSH ControlPath errors. Especially macOS sets long TMPDIR paths.
439 rmdir "$tmpDir"
440 tmpDir=$(TMPDIR= mktemp -t -d nixos-rebuild.XXXXXX)
441 fi
442
443 cleanup() {
444 for ctrl in "$tmpDir"/ssh-*; do
445 ssh -o ControlPath="$ctrl" -O exit dummyhost 2>/dev/null || true
446 done
447 rm -rf "$tmpDir"
448 }
449 trap cleanup EXIT
450
451 SSHOPTS="$NIX_SSHOPTS -o ControlMaster=auto -o ControlPath=$tmpDir/ssh-%n -o ControlPersist=60"
452
453 # For convenience, use the hostname as the default configuration to
454 # build from the flake.
455 if [[ -n $flake ]]; then
456 if [[ $flake =~ ^(.*)\#([^\#\"]*)$ ]]; then
457 flake="${BASH_REMATCH[1]}"
458 flakeAttr="${BASH_REMATCH[2]}"
459 fi
460 if [[ -z $flakeAttr ]]; then
461 hostname="$(targetHostCmd cat /proc/sys/kernel/hostname)"
462 if [[ -z $hostname ]]; then
463 hostname=default
464 fi
465 flakeAttr="nixosConfigurations.\"$hostname\""
466 else
467 flakeAttr="nixosConfigurations.\"$flakeAttr\""
468 fi
469 fi
470
471 if [[ ! -z "$specialisation" && ! "$action" = switch && ! "$action" = test ]]; then
472 log "error: ‘--specialisation’ can only be used with ‘switch’ and ‘test’"
473 exit 1
474 fi
475
476
477 # Re-execute nixos-rebuild from the Nixpkgs tree.
478 if [[ -z $_NIXOS_REBUILD_REEXEC && -n $canRun && -z $fast ]]; then
479 if [[ -z $buildingAttribute ]]; then
480 p=$(runCmd nix-build --no-out-link $buildFile -A "${attr:+$attr.}config.system.build.nixos-rebuild" "${extraBuildFlags[@]}")
481 SHOULD_REEXEC=1
482 elif [[ -z $flake ]]; then
483 if p=$(runCmd nix-build --no-out-link --expr 'with import <nixpkgs/nixos> {}; config.system.build.nixos-rebuild' "${extraBuildFlags[@]}"); then
484 SHOULD_REEXEC=1
485 fi
486 else
487 runCmd nix "${flakeFlags[@]}" build --out-link "${tmpDir}/nixos-rebuild" "$flake#$flakeAttr.config.system.build.nixos-rebuild" "${extraBuildFlags[@]}" "${lockFlags[@]}"
488 if p=$(readlink -e "${tmpDir}/nixos-rebuild"); then
489 SHOULD_REEXEC=1
490 fi
491 fi
492
493 if [[ -n $SHOULD_REEXEC ]]; then
494 export _NIXOS_REBUILD_REEXEC=1
495 # Manually call cleanup as the EXIT trap is not triggered when using exec
496 cleanup
497 runCmd exec "$p/bin/nixos-rebuild" "${origArgs[@]}"
498 exit 1
499 fi
500 fi
501
502 # Find configuration.nix and open editor instead of building.
503 if [ "$action" = edit ]; then
504 if [[ -z $buildingAttribute ]]; then
505 log "error: '--file' and '--attr' are not supported with 'edit'"
506 exit 1
507 elif [[ -z $flake ]]; then
508 NIXOS_CONFIG=${NIXOS_CONFIG:-$(runCmd nix-instantiate --find-file nixos-config)}
509 if [[ -d $NIXOS_CONFIG ]]; then
510 NIXOS_CONFIG=$NIXOS_CONFIG/default.nix
511 fi
512 runCmd exec ${EDITOR:-nano} "$NIXOS_CONFIG"
513 else
514 runCmd exec nix "${flakeFlags[@]}" edit "${lockFlags[@]}" -- "$flake#$flakeAttr"
515 fi
516 exit 1
517 fi
518
519 # First build Nix, since NixOS may require a newer version than the
520 # current one.
521 if [[ -n "$rollback" || "$action" = dry-build ]]; then
522 buildNix=
523 fi
524
525 nixSystem() {
526 machine="$(uname -m)"
527 if [[ "$machine" =~ i.86 ]]; then
528 machine=i686
529 fi
530 echo $machine-linux
531 }
532
533 prebuiltNix() {
534 machine="$1"
535 if [ "$machine" = x86_64 ]; then
536 echo @nix_x86_64_linux@
537 elif [[ "$machine" =~ i.86 ]]; then
538 echo @nix_i686_linux@
539 elif [[ "$machine" = aarch64 ]]; then
540 echo @nix_aarch64_linux@
541 else
542 log "$0: unsupported platform"
543 exit 1
544 fi
545 }
546
547 getNixDrv() {
548 nixDrv=
549
550 if [[ -z $buildingAttribute ]]; then
551 if nixDrv="$(runCmd nix-instantiate $buildFile --add-root "$tmpDir/nix.drv" --indirect -A ${attr:+$attr.}config.nix.package.out "${extraBuildFlags[@]}")"; then return; fi
552 fi
553 if nixDrv="$(runCmd nix-instantiate '<nixpkgs/nixos>' --add-root "$tmpDir/nix.drv" --indirect -A config.nix.package.out "${extraBuildFlags[@]}")"; then return; fi
554 if nixDrv="$(runCmd nix-instantiate '<nixpkgs>' --add-root "$tmpDir/nix.drv" --indirect -A nix "${extraBuildFlags[@]}")"; then return; fi
555
556 if ! nixStorePath="$(runCmd nix-instantiate --eval '<nixpkgs/nixos/modules/installer/tools/nix-fallback-paths.nix>' -A "$(nixSystem)" | sed -e 's/^"//' -e 's/"$//')"; then
557 nixStorePath="$(prebuiltNix "$(uname -m)")"
558 fi
559 if ! runCmd nix-store -r "$nixStorePath" --add-root "${tmpDir}/nix" --indirect \
560 --option extra-binary-caches https://cache.nixos.org/; then
561 log "warning: don't know how to get latest Nix"
562 fi
563 # Older version of nix-store -r don't support --add-root.
564 [ -e "$tmpDir/nix" ] || ln -sf "$nixStorePath" "$tmpDir/nix"
565 if [ -n "$buildHost" ]; then
566 remoteNixStorePath="$(runCmd prebuiltNix "$(buildHostCmd uname -m)")"
567 remoteNix="$remoteNixStorePath/bin"
568 if ! buildHostCmd nix-store -r "$remoteNixStorePath" \
569 --option extra-binary-caches https://cache.nixos.org/ >/dev/null; then
570 remoteNix=
571 log "warning: don't know how to get latest Nix"
572 fi
573 fi
574 }
575
576 getVersion() {
577 local dir="$1"
578 local rev=
579 local gitDir="$dir/.git"
580 if [ -e "$gitDir" ]; then
581 if [ -z "$(type -P git)" ]; then
582 echo "warning: Git not found; cannot figure out revision of $dir" >&2
583 return
584 fi
585 cd "$dir"
586 rev=$(git --git-dir="$gitDir" rev-parse --short HEAD)
587 if git --git-dir="$gitDir" describe --always --dirty | grep -q dirty; then
588 rev+=M
589 fi
590 fi
591
592 if [ -n "$rev" ]; then
593 echo ".git.$rev"
594 fi
595 }
596
597
598 if [[ -n $buildNix && -z $flake ]]; then
599 log "building Nix..."
600 getNixDrv
601 if [ -a "$nixDrv" ]; then
602 nix-store -r "$nixDrv"'!'"out" --add-root "$tmpDir/nix" --indirect >/dev/null
603 if [ -n "$buildHost" ]; then
604 nix-copy-closure "${copyFlags[@]}" --to "$buildHost" "$nixDrv"
605 # The nix build produces multiple outputs, we add them all to the remote path
606 for p in $(buildHostCmd nix-store -r "$(readlink "$nixDrv")" "${buildArgs[@]}"); do
607 remoteNix="$remoteNix${remoteNix:+:}$p/bin"
608 done
609 fi
610 fi
611 PATH="$tmpDir/nix/bin:$PATH"
612 fi
613
614
615 # Update the version suffix if we're building from Git (so that
616 # nixos-version shows something useful).
617 if [[ -n $canRun && -z $flake ]]; then
618 if nixpkgs=$(runCmd nix-instantiate --find-file nixpkgs "${extraBuildFlags[@]}"); then
619 suffix=$(getVersion "$nixpkgs" || true)
620 if [ -n "$suffix" ]; then
621 echo -n "$suffix" > "$nixpkgs/.version-suffix" || true
622 fi
623 fi
624 fi
625
626
627 if [ "$action" = dry-build ]; then
628 extraBuildFlags+=(--dry-run)
629 fi
630
631 if [ "$action" = repl ]; then
632 # This is a very end user command, implemented using sub-optimal means.
633 # You should feel free to improve its behavior, as well as resolve tech
634 # debt in "breaking" ways. Humans adapt quite well.
635 if [[ -z $buildingAttribute ]]; then
636 exec nix repl --file $buildFile $attr "${extraBuildFlags[@]}"
637 elif [[ -z $flake ]]; then
638 exec nix repl --file '<nixpkgs/nixos>' "${extraBuildFlags[@]}"
639 else
640 if [[ -n "${lockFlags[0]}" ]]; then
641 # nix repl itself does not support locking flags
642 log "nixos-rebuild repl does not support locking flags yet"
643 exit 1
644 fi
645 d='$'
646 q='"'
647 bold="$(echo -e '\033[1m')"
648 blue="$(echo -e '\033[34;1m')"
649 attention="$(echo -e '\033[35;1m')"
650 reset="$(echo -e '\033[0m')"
651 if [[ -e $flake ]]; then
652 flakePath=$(realpath "$flake")
653 else
654 flakePath=$flake
655 fi
656 # This nix repl invocation is impure, because usually the flakeref is.
657 # For a solution that preserves the motd and custom scope, we need
658 # something like https://github.com/NixOS/nix/issues/8679.
659 exec nix repl --impure --expr "
660 let flake = builtins.getFlake ''$flakePath'';
661 configuration = flake.$flakeAttr;
662 motd = ''
663 $d{$q\n$q}
664 Hello and welcome to the NixOS configuration
665 $flakeAttr
666 in $flake
667
668 The following is loaded into nix repl's scope:
669
670 - ${blue}config${reset} All option values
671 - ${blue}options${reset} Option data and metadata
672 - ${blue}pkgs${reset} Nixpkgs package set
673 - ${blue}lib${reset} Nixpkgs library functions
674 - other module arguments
675
676 - ${blue}flake${reset} Flake outputs, inputs and source info of $flake
677
678 Use tab completion to browse around ${blue}config${reset}.
679
680 Use ${bold}:r${reset} to ${bold}reload${reset} everything after making a change in the flake.
681 (assuming $flake is a mutable flake ref)
682
683 See ${bold}:?${reset} for more repl commands.
684
685 ${attention}warning:${reset} nixos-rebuild repl does not currently enforce pure evaluation.
686 '';
687 scope =
688 assert configuration._type or null == ''configuration'';
689 assert configuration.class or ''nixos'' == ''nixos'';
690 configuration._module.args //
691 configuration._module.specialArgs //
692 {
693 inherit (configuration) config options;
694 lib = configuration.lib or configuration.pkgs.lib;
695 inherit flake;
696 };
697 in builtins.seq scope builtins.trace motd scope
698 " "${extraBuildFlags[@]}"
699 fi
700 fi
701
702 if [ "$action" = list-generations ]; then
703 if [ ! -L "$profile" ]; then
704 log "No profile \`$(basename "$profile")' found"
705 exit 1
706 fi
707
708 generation_from_dir() {
709 generation_dir="$1"
710 generation_base="$(basename "$generation_dir")" # Has the format "system-123-link" for generation 123
711 no_link_gen="${generation_base%-link}" # remove the "-link"
712 echo "${no_link_gen##*-}" # remove everything before the last dash
713 }
714 describe_generation(){
715 generation_dir="$1"
716 generation_number="$(generation_from_dir "$generation_dir")"
717 nixos_version="$(cat "$generation_dir/nixos-version" 2> /dev/null || echo "Unknown")"
718
719 kernel_dir="$(dirname "$(realpath "$generation_dir/kernel")")"
720 kernel_version="$(ls "$kernel_dir/lib/modules" || echo "Unknown")"
721
722 configurationRevision="$("$generation_dir/sw/bin/nixos-version" --configuration-revision 2> /dev/null || true)"
723
724 # Old nixos-version output ignored unknown flags and just printed the version
725 # therefore the following workaround is done not to show the default output
726 nixos_version_default="$("$generation_dir/sw/bin/nixos-version")"
727 if [ "$configurationRevision" == "$nixos_version_default" ]; then
728 configurationRevision=""
729 fi
730
731 # jq automatically quotes the output => don't try to quote it in output!
732 build_date="$(stat "$generation_dir" --format=%W | jq 'todate')"
733
734 pushd "$generation_dir/specialisation/" > /dev/null || :
735 specialisation_list=(*)
736 popd > /dev/null || :
737
738 specialisations="$(jq --compact-output --null-input '$ARGS.positional' --args -- "${specialisation_list[@]}")"
739
740 if [ "$(basename "$generation_dir")" = "$(readlink "$profile")" ]; then
741 current_generation_tag="true"
742 else
743 current_generation_tag="false"
744 fi
745
746 # Escape userdefined strings
747 nixos_version="$(jq -aR <<< "$nixos_version")"
748 kernel_version="$(jq -aR <<< "$kernel_version")"
749 configurationRevision="$(jq -aR <<< "$configurationRevision")"
750 cat << EOF
751 {
752 "generation": $generation_number,
753 "date": $build_date,
754 "nixosVersion": $nixos_version,
755 "kernelVersion": $kernel_version,
756 "configurationRevision": $configurationRevision,
757 "specialisations": $specialisations,
758 "current": $current_generation_tag
759 }
760 EOF
761 }
762
763 find "$(dirname "$profile")" -regex "$profile-[0-9]+-link" |
764 sort -Vr |
765 while read -r generation_dir; do
766 describe_generation "$generation_dir"
767 done |
768 if [ -z "$json" ]; then
769 jq --slurp -r '.[] | [
770 ([.generation, (if .current == true then "current" else "" end)] | join(" ")),
771 (.date | fromdate | strflocaltime("%Y-%m-%d %H:%M:%S")),
772 .nixosVersion, .kernelVersion, .configurationRevision,
773 (.specialisations | join(" "))
774 ] | @tsv' |
775 column --separator $'\t' --table --table-columns "Generation,Build-date,NixOS version,Kernel,Configuration Revision,Specialisation"
776 else
777 jq --slurp .
778 fi
779 exit 0
780 fi
781
782
783 # Either upgrade the configuration in the system profile (for "switch"
784 # or "boot"), or just build it and create a symlink "result" in the
785 # current directory (for "build" and "test").
786 if [ -z "$rollback" ]; then
787 log "building the system configuration..."
788 if [[ "$action" = switch || "$action" = boot ]]; then
789 if [[ -z $buildingAttribute ]]; then
790 pathToConfig="$(nixBuild $buildFile -A "${attr:+$attr.}config.system.build.toplevel" "${extraBuildFlags[@]}")"
791 elif [[ -z $flake ]]; then
792 pathToConfig="$(nixBuild '<nixpkgs/nixos>' --no-out-link -A system "${extraBuildFlags[@]}")"
793 else
794 pathToConfig="$(nixFlakeBuild "$flake#$flakeAttr.config.system.build.toplevel" "${extraBuildFlags[@]}" "${lockFlags[@]}")"
795 fi
796 copyToTarget "$pathToConfig"
797 targetHostSudoCmd nix-env -p "$profile" --set "$pathToConfig"
798 elif [[ "$action" = test || "$action" = build || "$action" = dry-build || "$action" = dry-activate ]]; then
799 if [[ -z $buildingAttribute ]]; then
800 pathToConfig="$(nixBuild $buildFile -A "${attr:+$attr.}config.system.build.toplevel" "${extraBuildFlags[@]}")"
801 elif [[ -z $flake ]]; then
802 pathToConfig="$(nixBuild '<nixpkgs/nixos>' -A system -k "${extraBuildFlags[@]}")"
803 else
804 pathToConfig="$(nixFlakeBuild "$flake#$flakeAttr.config.system.build.toplevel" "${extraBuildFlags[@]}" "${lockFlags[@]}")"
805 fi
806 elif [ "$action" = build-vm ]; then
807 if [[ -z $buildingAttribute ]]; then
808 pathToConfig="$(nixBuild $buildFile -A "${attr:+$attr.}config.system.build.vm" "${extraBuildFlags[@]}")"
809 elif [[ -z $flake ]]; then
810 pathToConfig="$(nixBuild '<nixpkgs/nixos>' -A vm -k "${extraBuildFlags[@]}")"
811 else
812 pathToConfig="$(nixFlakeBuild "$flake#$flakeAttr.config.system.build.vm" "${extraBuildFlags[@]}" "${lockFlags[@]}")"
813 fi
814 elif [ "$action" = build-vm-with-bootloader ]; then
815 if [[ -z $buildingAttribute ]]; then
816 pathToConfig="$(nixBuild $buildFile -A "${attr:+$attr.}config.system.build.vmWithBootLoader" "${extraBuildFlags[@]}")"
817 elif [[ -z $flake ]]; then
818 pathToConfig="$(nixBuild '<nixpkgs/nixos>' -A vmWithBootLoader -k "${extraBuildFlags[@]}")"
819 else
820 pathToConfig="$(nixFlakeBuild "$flake#$flakeAttr.config.system.build.vmWithBootLoader" "${extraBuildFlags[@]}" "${lockFlags[@]}")"
821 fi
822 else
823 showSyntax
824 fi
825 # Copy build to target host if we haven't already done it
826 if ! [[ "$action" = switch || "$action" = boot ]]; then
827 copyToTarget "$pathToConfig"
828 fi
829 else # [ -n "$rollback" ]
830 if [[ "$action" = switch || "$action" = boot ]]; then
831 targetHostSudoCmd nix-env --rollback -p "$profile"
832 pathToConfig="$profile"
833 elif [[ "$action" = test || "$action" = build ]]; then
834 systemNumber=$(
835 targetHostCmd nix-env -p "$profile" --list-generations |
836 sed -n '/current/ {g; p;}; s/ *\([0-9]*\).*/\1/; h'
837 )
838 pathToConfig="$profile"-${systemNumber}-link
839 if [ -z "$targetHost" ]; then
840 ln -sT "$pathToConfig" ./result
841 fi
842 else
843 showSyntax
844 fi
845 fi
846
847
848 # If we're not just building, then make the new configuration the boot
849 # default and/or activate it now.
850 if [[ "$action" = switch || "$action" = boot || "$action" = test || "$action" = dry-activate ]]; then
851 # Using systemd-run here to protect against PTY failures/network
852 # disconnections during rebuild.
853 # See: https://github.com/NixOS/nixpkgs/issues/39118
854 cmd=(
855 "systemd-run"
856 "-E" "LOCALE_ARCHIVE" # Will be set to new value early in switch-to-configuration script, but interpreter starts out with old value
857 "-E" "NIXOS_INSTALL_BOOTLOADER=$installBootloader"
858 "--collect"
859 "--no-ask-password"
860 "--pipe"
861 "--quiet"
862 "--service-type=exec"
863 "--unit=nixos-rebuild-switch-to-configuration"
864 "--wait"
865 )
866 # Check if we have a working systemd-run. In chroot environments we may have
867 # a non-working systemd, so we fallback to not using systemd-run.
868 # You may also want to explicitly set NIXOS_SWITCH_USE_DIRTY_ENV environment
869 # variable, since systemd-run runs inside an isolated environment and
870 # this may break some post-switch scripts. However keep in mind that this
871 # may be dangerous in remote access (e.g. SSH).
872 if [[ -n "$NIXOS_SWITCH_USE_DIRTY_ENV" ]]; then
873 log "warning: skipping systemd-run since NIXOS_SWITCH_USE_DIRTY_ENV is set. This environment variable will be ignored in the future"
874 cmd=("env" "NIXOS_INSTALL_BOOTLOADER=$installBootloader")
875 elif ! targetHostSudoCmd "${cmd[@]}" true; then
876 logVerbose "Skipping systemd-run to switch configuration since it is not working in target host."
877 cmd=(
878 "env"
879 "-i"
880 "LOCALE_ARCHIVE=$LOCALE_ARCHIVE"
881 "NIXOS_INSTALL_BOOTLOADER=$installBootloader"
882 )
883 else
884 logVerbose "Using systemd-run to switch configuration."
885 fi
886 if [[ -z "$specialisation" ]]; then
887 cmd+=("$pathToConfig/bin/switch-to-configuration")
888 else
889 cmd+=("$pathToConfig/specialisation/$specialisation/bin/switch-to-configuration")
890
891 if [ -z "$targetHost" ]; then
892 specialisationExists=$(test -f "${cmd[-1]}")
893 else
894 specialisationExists=$(targetHostCmd test -f "${cmd[-1]}")
895 fi
896
897 if ! $specialisationExists; then
898 log "error: specialisation not found: $specialisation"
899 exit 1
900 fi
901 fi
902
903 if ! targetHostSudoCmd "${cmd[@]}" "$action"; then
904 log "warning: error(s) occurred while switching to the new configuration"
905 exit 1
906 fi
907 fi
908
909
910 if [[ "$action" = build-vm || "$action" = build-vm-with-bootloader ]]; then
911 cat >&2 <<EOF
912
913 Done. The virtual machine can be started by running $(echo "${pathToConfig}/bin/"run-*-vm)
914 EOF
915 fi
Nix packages repository - mirror of https://github.com/NixOS/nixpkgs