nixos/boot: add postResumeCommands option

Adds a postResumeCommands option to the initramfs to allow inserting
code to execute after the device has attempted to resume, and before
filesystems are mounted. This allows to inject code for operations like
wiping the rootfs on boot; if those were instead put in
postDeviceCommands, on a hibernated device, they would execute before
the device resumes from hibernation.
This commit is contained in:
Archit Gupta 2023-06-29 21:24:14 -07:00
parent 85f1ba3e51
commit 2a4b82c461
3 changed files with 12 additions and 1 deletions

View file

@ -498,6 +498,8 @@ if test -e /sys/power/resume -a -e /sys/power/disk; then
fi fi
fi fi
@postResumeCommands@
# If we have a path to an iso file, find the iso and link it to /dev/root # If we have a path to an iso file, find the iso and link it to /dev/root
if [ -n "$isoPath" ]; then if [ -n "$isoPath" ]; then
mkdir -p /findiso mkdir -p /findiso

View file

@ -316,7 +316,7 @@ let
inherit (config.system.build) earlyMountScript; inherit (config.system.build) earlyMountScript;
inherit (config.boot.initrd) checkJournalingFS verbose inherit (config.boot.initrd) checkJournalingFS verbose
preLVMCommands preDeviceCommands postDeviceCommands postMountCommands preFailCommands kernelModules; preLVMCommands preDeviceCommands postDeviceCommands postResumeCommands postMountCommands preFailCommands kernelModules;
resumeDevices = map (sd: if sd ? device then sd.device else "/dev/disk/by-label/${sd.label}") resumeDevices = map (sd: if sd ? device then sd.device else "/dev/disk/by-label/${sd.label}")
(filter (sd: hasPrefix "/dev/" sd.device && !sd.randomEncryption.enable (filter (sd: hasPrefix "/dev/" sd.device && !sd.randomEncryption.enable
@ -524,6 +524,14 @@ in
''; '';
}; };
boot.initrd.postResumeCommands = mkOption {
default = "";
type = types.lines;
description = lib.mdDoc ''
Shell commands to be executed immediately after attempting to resume.
'';
};
boot.initrd.postMountCommands = mkOption { boot.initrd.postMountCommands = mkOption {
default = ""; default = "";
type = types.lines; type = types.lines;

View file

@ -358,6 +358,7 @@ in {
[ "preDeviceCommands" ] [ "preDeviceCommands" ]
[ "preLVMCommands" ] [ "preLVMCommands" ]
[ "postDeviceCommands" ] [ "postDeviceCommands" ]
[ "postResumeCommands" ]
[ "postMountCommands" ] [ "postMountCommands" ]
[ "extraUdevRulesCommands" ] [ "extraUdevRulesCommands" ]
[ "extraUtilsCommands" ] [ "extraUtilsCommands" ]