commit 01dbf03628fbddff46b60354407d23497c25a566

pyrox.dev / nixpkgs

lol

network-link-*.service: Set stopIfChanged = false

This reduces the time window during which IP addresses are gone during
switch-to-configuration. A complication is that with stopIfChanged =
true, preStop would try to delete the *new* IP addresses rather than
the old one (since the preStop script now runs after the switch to the
new configuration). So we now record the actually configured addresses
in /run/nixos/network/addresses/<interface>. This is more robust in
any case.

Issue https://github.com/NixOS/nixops/issues/640.

Eelco Dolstra 9 years ago 01dbf036 3a9c2178

+20 -13

2 changed files

expand all

unified split

nixos

modules

security

polkit.nix

tasks

network-interfaces-scripted.nix

+1 -1

nixos/modules/security/polkit.nix

··· 64 64 systemd.packages = [ pkgs.polkit.out ]; 65 65 66 66 systemd.services.polkit.restartTriggers = [ config.system.path ]; 67 - systemd.services.polkit.unitConfig.X-StopIfChanged = false; 67 + systemd.services.polkit.stopIfChanged = false; 68 68 69 69 # The polkit daemon reads action/rule files 70 70 environment.pathsToLink = [ "/share/polkit-1" ];

+19 -12

nixos/modules/tasks/network-interfaces-scripted.nix

··· 159 159 after = [ "network-pre.target" ] ++ (deviceDependency i.name); 160 160 serviceConfig.Type = "oneshot"; 161 161 serviceConfig.RemainAfterExit = true; 162 + # Restart rather than stop+start this unit to prevent the 163 + # network from dying during switch-to-configuration. 164 + stopIfChanged = false; 162 165 path = [ pkgs.iproute ]; 163 166 script = 164 167 '' 168 + # FIXME: shouldn't this be done in network-link? 165 169 echo "bringing up interface..." 166 170 ip link set "${i.name}" up 167 171 168 - restart_network_interfaces=false 172 + state="/run/nixos/network/addresses/${i.name}" 173 + 174 + mkdir -p $(dirname "$state") 175 + 169 176 '' + flip concatMapStrings (ips) (ip: 170 177 let 171 178 address = "${ip.address}/${toString ip.prefixLength}"; 172 179 in 173 180 '' 174 - echo "checking ip ${address}..." 181 + echo "${address}" >> $state 175 182 if out=$(ip addr add "${address}" dev "${i.name}" 2>&1); then 176 - echo "added ip ${address}..." 183 + echo "added ip ${address}" 177 184 elif ! echo "$out" | grep "File exists" >/dev/null 2>&1; then 178 185 echo "failed to add ${address}" 179 186 exit 1 180 187 fi 181 188 ''); 182 - preStop = flip concatMapStrings (ips) (ip: 183 - let 184 - address = "${ip.address}/${toString ip.prefixLength}"; 185 - in 186 - '' 187 - echo -n "deleting ${address}..." 188 - ip addr del "${address}" dev "${i.name}" >/dev/null 2>&1 || echo -n " Failed" 189 - echo "" 190 - ''); 189 + preStop = '' 190 + state="/run/nixos/network/addresses/${i.name}" 191 + while read address; do 192 + echo -n "deleting $address..." 193 + ip addr del "$address" dev "${i.name}" >/dev/null 2>&1 || echo -n " Failed" 194 + echo "" 195 + done < "$state" 196 + rm -f "$state" 197 + ''; 191 198 }; 192 199 193 200 createTunDevice = i: nameValuePair "${i.name}-netdev"