cafkafk/nixpkgs
cafkafk/nixpkgs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2

Merge pull request #271326 from philiptaron/shutdown.target

Browse source 
treewide: depend on `shutdown.target` if `DefaultDependencies=no` in almost every case
This commit is contained in:
nikstur 2023-12-27 08:33:26 +01:00 committed by GitHub
commit c9569af3e0
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
18 changed files with 43 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
nixos/modules/config/swap.nix
View file

@ -258,7 +258,8 @@ in
# avoid this race condition.
after = [ "systemd-modules-load.service" ];
wantedBy = [ "${realDevice'}.swap" ];
before = [ "${realDevice'}.swap" ];
before = [ "${realDevice'}.swap" "shutdown.target"];
conflicts = [ "shutdown.target" ];
path = [ pkgs.util-linux pkgs.e2fsprogs ]
++ optional sw.randomEncryption.enable pkgs.cryptsetup;

3
nixos/modules/security/apparmor.nix
View file

@ -164,7 +164,8 @@ in
"local-fs.target"
"systemd-journald-audit.socket"
];
before = [ "sysinit.target" ];
before = [ "sysinit.target" "shutdown.target" ];
conflicts = [ "shutdown.target" ];
wantedBy = [ "multi-user.target" ];
unitConfig = {
Description="Load AppArmor policies";

4
nixos/modules/security/auditd.nix
View file

@ -13,6 +13,8 @@ with lib;
systemd.services.auditd = {
description = "Linux Audit daemon";
wantedBy = [ "basic.target" ];
before = [ "shutdown.target" ];
conflicts = [ "shutdown.target "];
unitConfig = {
ConditionVirtualization = "!container";
@ -23,7 +25,7 @@ with lib;
path = [ pkgs.audit ];
serviceConfig = {
ExecStartPre="${pkgs.coreutils}/bin/mkdir -p /var/log/audit";
ExecStartPre = "${pkgs.coreutils}/bin/mkdir -p /var/log/audit";
ExecStart = "${pkgs.audit}/bin/auditd -l -n -s nochange";
};
};

6
nixos/modules/security/duosec.nix
View file

@ -195,7 +195,8 @@ in
systemd.services.login-duo = lib.mkIf cfg.ssh.enable {
wantedBy = [ "sysinit.target" ];
before = [ "sysinit.target" ];
before = [ "sysinit.target" "shutdown.target" ];
conflicts = [ "shutdown.target" ];
unitConfig.DefaultDependencies = false;
script = ''
if test -f "${cfg.secretKeyFile}"; then
@ -216,7 +217,8 @@ in
systemd.services.pam-duo = lib.mkIf cfg.ssh.enable {
wantedBy = [ "sysinit.target" ];
before = [ "sysinit.target" ];
before = [ "sysinit.target" "shutdown.target" ];
conflicts = [ "shutdown.target" ];
unitConfig.DefaultDependencies = false;
script = ''
if test -f "${cfg.secretKeyFile}"; then

3
nixos/modules/security/wrappers/default.nix
View file

@ -278,7 +278,8 @@ in
systemd.services.suid-sgid-wrappers = {
description = "Create SUID/SGID Wrappers";
wantedBy = [ "sysinit.target" ];
before = [ "sysinit.target" ];
before = [ "sysinit.target" "shutdown.target" ];
conflicts = [ "shutdown.target" ];
unitConfig.DefaultDependencies = false;
unitConfig.RequiresMountsFor = [ "/nix/store" "/run/wrappers" ];
serviceConfig.Type = "oneshot";

3
nixos/modules/services/networking/firewall-iptables.nix
View file

@ -308,8 +308,9 @@ in
description = "Firewall";
wantedBy = [ "sysinit.target" ];
wants = [ "network-pre.target" ];
before = [ "network-pre.target" ];
after = [ "systemd-modules-load.service" ];
before = [ "network-pre.target" "shutdown.target" ];
conflicts = [ "shutdown.target" ];
path = [ cfg.package ] ++ cfg.extraPackages;

2
nixos/modules/system/boot/grow-partition.nix
View file

@ -25,7 +25,7 @@ with lib;
systemd.services.growpart = {
wantedBy = [ "-.mount" ];
after = [ "-.mount" ];
before = [ "systemd-growfs-root.service" ];
before = [ "systemd-growfs-root.service" "shutdown.target" ];
conflicts = [ "shutdown.target" ];
unitConfig.DefaultDependencies = false;
serviceConfig = {

6
nixos/modules/system/boot/initrd-ssh.nix
View file

@ -243,8 +243,10 @@ in
services.sshd = {
description = "SSH Daemon";
wantedBy = ["initrd.target"];
after = ["network.target" "initrd-nixos-copy-secrets.service"];
wantedBy = [ "initrd.target" ];
after = [ "network.target" "initrd-nixos-copy-secrets.service" ];
before = [ "shutdown.target" ];
conflicts = [ "shutdown.target" ];
# Keys from Nix store are world-readable, which sshd doesn't
# like. If this were a real nix store and not the initrd, we

3
nixos/modules/system/boot/systemd/initrd-secrets.nix
View file

@ -11,7 +11,8 @@
description = "Copy secrets into place";
# Run as early as possible
wantedBy = [ "sysinit.target" ];
before = [ "cryptsetup-pre.target" ];
before = [ "cryptsetup-pre.target" "shutdown.target" ];
conflicts = [ "shutdown.target" ];
unitConfig.DefaultDependencies = false;
# We write the secrets to /.initrd-secrets and move them because this allows

3
nixos/modules/tasks/filesystems.nix
View file

@ -406,7 +406,8 @@ in
ConditionVirtualization = "!container";
DefaultDependencies = false; # needed to prevent a cycle
};
before = [ "systemd-pstore.service" ];
before = [ "systemd-pstore.service" "shutdown.target" ];
conflicts = [ "shutdown.target" ];
wantedBy = [ "systemd-pstore.service" ];
};
};

5
nixos/modules/tasks/filesystems/bcachefs.nix
View file

@ -78,9 +78,10 @@ let
value = {
description = "Unlock bcachefs for ${fs.mountPoint}";
requiredBy = [ mountUnit ];
before = [ mountUnit ];
bindsTo = [ deviceUnit ];
after = [ deviceUnit ];
before = [ mountUnit "shutdown.target" ];
bindsTo = [ deviceUnit ];
conflicts = [ "shutdown.target" ];
unitConfig.DefaultDependencies = false;
serviceConfig = {
Type = "oneshot";

3
nixos/modules/tasks/filesystems/zfs.nix
View file

@ -130,7 +130,8 @@ let
"systemd-ask-password-console.service"
] ++ optional (config.boot.initrd.clevis.useTang) "network-online.target";
requiredBy = getPoolMounts prefix pool ++ [ "zfs-import.target" ];
before = getPoolMounts prefix pool ++ [ "zfs-import.target" ];
before = getPoolMounts prefix pool ++ [ "shutdown.target" "zfs-import.target" ];
conflicts = [ "shutdown.target" ];
unitConfig = {
DefaultDependencies = "no";
};

4
nixos/modules/tasks/network-interfaces.nix
View file

@ -1410,9 +1410,11 @@ in
systemd.services.domainname = lib.mkIf (cfg.domain != null) {
wantedBy = [ "sysinit.target" ];
before = [ "sysinit.target" ];
before = [ "sysinit.target" "shutdown.target" ];
conflicts = [ "shutdown.target" ];
unitConfig.DefaultDependencies = false;
serviceConfig.ExecStart = ''${pkgs.nettools}/bin/domainname "${cfg.domain}"'';
serviceConfig.Type = "oneshot";
};
environment.etc.hostid = mkIf (cfg.hostId != null) { source = hostidFile; };

2
nixos/modules/virtualisation/lxd-agent.nix
View file

@ -58,6 +58,8 @@ in {
systemd.services.lxd-agent = {
enable = true;
wantedBy = [ "multi-user.target" ];
before = [ "shutdown.target" ];
conflicts = [ "shutdown.target" ];
path = [ pkgs.kmod pkgs.util-linux ];
preStart = preStartScript;

2
nixos/modules/virtualisation/qemu-vm.nix
View file

@ -1256,6 +1256,8 @@ in
unitConfig.RequiresMountsFor = "/sysroot/nix/.ro-store";
}];
services.rw-store = {
before = [ "shutdown.target" ];
conflicts = [ "shutdown.target" ];
unitConfig = {
DefaultDependencies = false;
RequiresMountsFor = "/sysroot/nix/.rw-store";

2
nixos/tests/dhparams.nix
View file

@ -18,6 +18,8 @@ import ./make-test-python.nix {
systemd.services.foo = {
description = "Check systemd Ordering";
wantedBy = [ "multi-user.target" ];
before = [ "shutdown.target" ];
conflicts = [ "shutdown.target" ];
unitConfig = {
# This is to make sure that the dhparams generation of foo occurs
# before this service so we need this service to start as early as

4
nixos/tests/stunnel.nix
View file

@ -19,8 +19,10 @@ let
makeCert = { config, pkgs, ... }: {
systemd.services.create-test-cert = {
wantedBy = [ "sysinit.target" ];
before = [ "sysinit.target" ];
before = [ "sysinit.target" "shutdown.target" ];
conflicts = [ "shutdown.target" ];
unitConfig.DefaultDependencies = false;
serviceConfig.Type = "oneshot";
script = ''
${pkgs.openssl}/bin/openssl req -batch -x509 -newkey rsa -nodes -out /test-cert.pem -keyout /test-key.pem -subj /CN=${config.networking.hostName}
( umask 077; cat /test-key.pem /test-cert.pem > /test-key-and-cert.pem )

3
nixos/tests/systemd-initrd-networkd.nix
View file

@ -33,7 +33,8 @@ let
boot.initrd.network.flushBeforeStage2 = flush;
systemd.services.check-flush = {
requiredBy = ["multi-user.target"];
before = ["network-pre.target" "multi-user.target"];
before = [ "network-pre.target" "multi-user.target" "shutdown.target" ];
conflicts = [ "shutdown.target" ];
wants = ["network-pre.target"];
unitConfig.DefaultDependencies = false;
serviceConfig.Type = "oneshot";