nixos/ifstate: fixed initrd usage with cryptsetup (#441561)

pyrox.dev / nixpkgs

fork atom

lol

fork atom

authored by

Sandro and committed by

GitHub 7 months ago 5816a8aa 59330b4e

+40 -43

1 changed file

expand all

nixos

modules

services

networking

ifstate.nix

+40 -43

nixos/modules/services/networking/ifstate.nix

··· 66 66 "wireguard" = [ "wireguard" ]; 67 67 "xfrm" = [ "xfrm_interface" ]; 68 68 }; 69 + # https://github.com/systemd/systemd/blob/main/units/systemd-networkd.service.in 70 + commonServiceConfig = { 71 + after = [ 72 + "systemd-udevd.service" 73 + "network-pre.target" 74 + "systemd-sysusers.service" 75 + "systemd-sysctl.service" 76 + ]; 77 + before = [ 78 + "network.target" 79 + "multi-user.target" 80 + "shutdown.target" 81 + "initrd-switch-root.target" 82 + ]; 83 + conflicts = [ 84 + "shutdown.target" 85 + "initrd-switch-root.target" 86 + ]; 87 + wants = [ 88 + "network.target" 89 + ]; 90 + 91 + unitConfig = { 92 + # Avoid default dependencies like "basic.target", which prevents ifstate from starting before luks is unlocked. 93 + DefaultDependencies = "no"; 94 + }; 95 + }; 69 96 in 70 97 { 71 98 meta.maintainers = with lib.maintainers; [ marcel ]; ··· 150 177 etc."ifstate/ifstate.yaml".source = settingsFormat.generate "ifstate.yaml" cfg.settings cfg.package; 151 178 }; 152 179 153 - systemd.services.ifstate = { 180 + systemd.services.ifstate = commonServiceConfig // { 154 181 description = "IfState"; 155 182 156 183 wantedBy = [ 157 184 "multi-user.target" 158 185 ]; 159 - after = [ 160 - "systemd-udevd.service" 161 - "network-pre.target" 162 - "systemd-sysusers.service" 163 - "systemd-sysctl.service" 164 - ]; 165 - before = [ 166 - "network.target" 167 - "multi-user.target" 168 - "shutdown.target" 169 - "initrd-switch-root.target" 170 - ]; 171 - conflicts = [ 172 - "shutdown.target" 173 - "initrd-switch-root.target" 174 - ]; 175 - wants = [ 176 - "network.target" 177 - ]; 178 186 179 187 # mount is always available on nixos, avoid adding additional store paths to the closure 180 188 path = [ "/run/wrappers" ]; ··· 254 262 ) 255 263 ]; 256 264 257 - services.ifstate-initrd = { 265 + # https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/system/boot/networkd.nix#L3444 266 + additionalUpstreamUnits = [ 267 + "network-online.target" 268 + "network-pre.target" 269 + "network.target" 270 + "nss-lookup.target" 271 + "nss-user-lookup.target" 272 + "remote-fs-pre.target" 273 + "remote-fs.target" 274 + ]; 275 + 276 + services.ifstate-initrd = commonServiceConfig // { 258 277 description = "IfState initrd"; 259 278 260 279 wantedBy = [ 261 280 "initrd.target" 262 281 ]; 263 - after = [ 264 - "systemd-udevd.service" 265 - "network-pre.target" 266 - "systemd-sysusers.service" 267 - "systemd-sysctl.service" 268 - ]; 269 - before = [ 270 - "network.target" 271 - "multi-user.target" 272 - "shutdown.target" 273 - "initrd-switch-root.target" 274 - ]; 275 - conflicts = [ 276 - "shutdown.target" 277 - "initrd-switch-root.target" 278 - ]; 279 - wants = [ 280 - "network.target" 281 - ]; 282 282 283 283 # mount is always available on nixos, avoid adding additional store paths to the closure 284 284 # https://github.com/NixOS/nixpkgs/blob/2b8e2457ebe576ebf41ddfa8452b5b07a8d493ad/nixos/modules/system/boot/systemd/initrd.nix#L550-L551 ··· 291 291 # Otherwise systemd starts ifstate again, after the encryption password was entered by the user 292 292 # and we are able to implement the cleanup using ExecStop rather than a separate unit. 293 293 RemainAfterExit = true; 294 - # When using network namespaces pyroute2 expects this directory to exists. 295 - # @liske is currently investigating whether this should be considered a bug in pyroute2. 296 - ExecStartPre = "${lib.getExe' pkgs.coreutils "mkdir"} /var/run"; 297 294 ExecStart = "${lib.getExe initrdCfg.package} --config ${ 298 295 config.environment.etc."ifstate/ifstate.initrd.yaml".source 299 296 } apply";