systemd-initrd: OpenVPN · pyrox.dev/nixpkgs@834ec13

pyrox.dev / nixpkgs

fork atom

lol

fork atom

systemd-initrd: OpenVPN

Will Fancher 2 years ago 834ec135 0698a1cf

+37 -3

3 changed files

expand all

nixos

modules

system

boot

initrd-openvpn.nix

tests

all-tests.nix

initrd-network-openvpn

default.nix

+18 -3

nixos/modules/system/boot/initrd-openvpn.nix

··· 51 51 52 52 # Add openvpn and ip binaries to the initrd 53 53 # The shared libraries are required for DNS resolution 54 - boot.initrd.extraUtilsCommands = '' 54 + boot.initrd.extraUtilsCommands = mkIf (!config.boot.initrd.systemd.enable) '' 55 55 copy_bin_and_libs ${pkgs.openvpn}/bin/openvpn 56 56 copy_bin_and_libs ${pkgs.iproute2}/bin/ip 57 57 ··· 59 59 cp -pv ${pkgs.glibc}/lib/libnss_dns.so.2 $out/lib 60 60 ''; 61 61 62 + boot.initrd.systemd.storePaths = [ 63 + "${pkgs.openvpn}/bin/openvpn" 64 + "${pkgs.iproute2}/bin/ip" 65 + "${pkgs.glibc}/lib/libresolv.so.2" 66 + "${pkgs.glibc}/lib/libnss_dns.so.2" 67 + ]; 68 + 62 69 boot.initrd.secrets = { 63 70 "/etc/initrd.ovpn" = cfg.configuration; 64 71 }; 65 72 66 73 # openvpn --version would exit with 1 instead of 0 67 - boot.initrd.extraUtilsCommandsTest = '' 74 + boot.initrd.extraUtilsCommandsTest = mkIf (!config.boot.initrd.systemd.enable) '' 68 75 $out/bin/openvpn --show-gateway 69 76 ''; 70 77 71 - boot.initrd.network.postCommands = '' 78 + boot.initrd.network.postCommands = mkIf (!config.boot.initrd.systemd.enable) '' 72 79 openvpn /etc/initrd.ovpn & 73 80 ''; 81 + 82 + boot.initrd.systemd.services.openvpn = { 83 + wantedBy = [ "initrd.target" ]; 84 + path = [ pkgs.iproute2 ]; 85 + after = [ "network.target" "initrd-nixos-copy-secrets.service" ]; 86 + serviceConfig.ExecStart = "${pkgs.openvpn}/bin/openvpn /etc/initrd.ovpn"; 87 + serviceConfig.Type = "notify"; 88 + }; 74 89 }; 75 90 76 91 }

nixos/tests/all-tests.nix

··· 679 679 systemd-initrd-vconsole = handleTest ./systemd-initrd-vconsole.nix {}; 680 680 systemd-initrd-networkd = handleTest ./systemd-initrd-networkd.nix {}; 681 681 systemd-initrd-networkd-ssh = handleTest ./systemd-initrd-networkd-ssh.nix {}; 682 + systemd-initrd-networkd-openvpn = handleTest ./initrd-network-openvpn { systemdStage1 = true; }; 682 683 systemd-journal = handleTest ./systemd-journal.nix {}; 683 684 systemd-machinectl = handleTest ./systemd-machinectl.nix {}; 684 685 systemd-networkd = handleTest ./systemd-networkd.nix {};

+18

nixos/tests/initrd-network-openvpn/default.nix

··· 1 + { system ? builtins.currentSystem 2 + , config ? {} 3 + , pkgs ? import ../.. { inherit system config; } 4 + , systemdStage1 ? false 5 + }: 6 + 1 7 import ../make-test-python.nix ({ lib, ...}: 2 8 3 9 { ··· 22 28 minimalboot = 23 29 { ... }: 24 30 { 31 + boot.initrd.systemd.enable = systemdStage1; 25 32 boot.initrd.network = { 26 33 enable = true; 27 34 openvpn = { ··· 39 46 virtualisation.vlans = [ 1 ]; 40 47 41 48 boot.initrd = { 49 + systemd.enable = systemdStage1; 50 + systemd.extraBin.nc = "${pkgs.busybox}/bin/nc"; 51 + systemd.services.nc = { 52 + requiredBy = ["initrd.target"]; 53 + after = ["network.target"]; 54 + serviceConfig = { 55 + ExecStart = "/bin/nc -p 1234 -lke /bin/echo TESTVALUE"; 56 + Type = "oneshot"; 57 + }; 58 + }; 59 + 42 60 # This command does not fork to keep the VM in the state where 43 61 # only the initramfs is loaded 44 62 preLVMCommands =