From 2a4b82c46141a91ca0c4c1401a7b2eb698d7c1c2 Mon Sep 17 00:00:00 2001 From: Archit Gupta Date: Thu, 29 Jun 2023 21:24:14 -0700 Subject: [PATCH] nixos/boot: add postResumeCommands option Adds a postResumeCommands option to the initramfs to allow inserting code to execute after the device has attempted to resume, and before filesystems are mounted. This allows to inject code for operations like wiping the rootfs on boot; if those were instead put in postDeviceCommands, on a hibernated device, they would execute before the device resumes from hibernation. --- nixos/modules/system/boot/stage-1-init.sh | 2 ++ nixos/modules/system/boot/stage-1.nix | 10 +++++++++- nixos/modules/system/boot/systemd/initrd.nix | 1 + 3 files changed, 12 insertions(+), 1 deletion(-) diff --git a/nixos/modules/system/boot/stage-1-init.sh b/nixos/modules/system/boot/stage-1-init.sh index bc2fc7f7b108..06b6aff23272 100644 --- a/nixos/modules/system/boot/stage-1-init.sh +++ b/nixos/modules/system/boot/stage-1-init.sh @@ -498,6 +498,8 @@ if test -e /sys/power/resume -a -e /sys/power/disk; then fi fi +@postResumeCommands@ + # If we have a path to an iso file, find the iso and link it to /dev/root if [ -n "$isoPath" ]; then mkdir -p /findiso diff --git a/nixos/modules/system/boot/stage-1.nix b/nixos/modules/system/boot/stage-1.nix index a3551f68dbe8..f981b4c17aac 100644 --- a/nixos/modules/system/boot/stage-1.nix +++ b/nixos/modules/system/boot/stage-1.nix @@ -316,7 +316,7 @@ let inherit (config.system.build) earlyMountScript; inherit (config.boot.initrd) checkJournalingFS verbose - preLVMCommands preDeviceCommands postDeviceCommands postMountCommands preFailCommands kernelModules; + preLVMCommands preDeviceCommands postDeviceCommands postResumeCommands postMountCommands preFailCommands kernelModules; resumeDevices = map (sd: if sd ? device then sd.device else "/dev/disk/by-label/${sd.label}") (filter (sd: hasPrefix "/dev/" sd.device && !sd.randomEncryption.enable @@ -524,6 +524,14 @@ in ''; }; + boot.initrd.postResumeCommands = mkOption { + default = ""; + type = types.lines; + description = lib.mdDoc '' + Shell commands to be executed immediately after attempting to resume. + ''; + }; + boot.initrd.postMountCommands = mkOption { default = ""; type = types.lines; diff --git a/nixos/modules/system/boot/systemd/initrd.nix b/nixos/modules/system/boot/systemd/initrd.nix index be40b8e969a1..e223451652b2 100644 --- a/nixos/modules/system/boot/systemd/initrd.nix +++ b/nixos/modules/system/boot/systemd/initrd.nix @@ -358,6 +358,7 @@ in { [ "preDeviceCommands" ] [ "preLVMCommands" ] [ "postDeviceCommands" ] + [ "postResumeCommands" ] [ "postMountCommands" ] [ "extraUdevRulesCommands" ] [ "extraUtilsCommands" ]