commit 15c31afd8ae99e9d3a2d6af0d804f3a53f6aa848 · pyrox.dev/nixpkgs

+39

nixos/doc/manual/development/unit-handling.section.md

···

       63
       63
        
           is **restart**ed with the others. If it is set, both the service and the

     

       64
       64
        
           socket are **stop**ped and the socket is **start**ed, leaving socket

     

       65
       65
        
           activation to start the service when it's needed.

     

       66
       66
       +
       

     

       67
       67
       +
       ## Sysinit reactivation {#sec-sysinit-reactivation}

     

       68
       68
       +
       

     

       69
       69
       +
       [`sysinit.target`](https://www.freedesktop.org/software/systemd/man/latest/systemd.special.html#sysinit.target)

     

       70
       70
       +
       is a systemd target that encodes system initialization (i.e. early startup). A

     

       71
       71
       +
       few units that need to run very early in the bootup process are ordered to

     

       72
       72
       +
       finish before this target is reached. Probably the most notable one of these is

     

       73
       73
       +
       `systemd-tmpfiles-setup.service`. We will refer to these units as "sysinit

     

       74
       74
       +
       units".

     

       75
       75
       +
       

     

       76
       76
       +
       "Normal" systemd units, by default, are ordered AFTER `sysinit.target`. In

     

       77
       77
       +
       other words, these "normal" units expect all services ordered before

     

       78
       78
       +
       `sysinit.target` to have finished without explicity declaring this dependency

     

       79
       79
       +
       relationship for each dependency. See the [systemd

     

       80
       80
       +
       bootup](https://www.freedesktop.org/software/systemd/man/latest/bootup.html)

     

       81
       81
       +
       for more details on the bootup process.

     

       82
       82
       +
       

     

       83
       83
       +
       When restarting both a unit ordered before `sysinit.target` as well as one

     

       84
       84
       +
       after, this presents a problem because they would be started at the same time

     

       85
       85
       +
       as they do not explicitly declare their dependency relations.

     

       86
       86
       +
       

     

       87
       87
       +
       To solve this, NixOS has an artificial `sysinit-reactivation.target` which

     

       88
       88
       +
       allows you to ensure that services ordered before `sysinit.target` are

     

       89
       89
       +
       restarted correctly. This applies both to the ordering between these sysinit

     

       90
       90
       +
       services as well as ensuring that sysinit units are restarted before "normal"

     

       91
       91
       +
       units.

     

       92
       92
       +
       

     

       93
       93
       +
       To make an existing sysinit service restart correctly during system switch, you

     

       94
       94
       +
       have to declare:

     

       95
       95
       +
       

     

       96
       96
       +
       ```nix

     

       97
       97
       +
       systemd.services.my-sysinit = {

     

       98
       98
       +
         requiredBy = [ "sysinit-reactivation.target" ];

     

       99
       99
       +
         before = [ "sysinit-reactivation.target" ];

     

       100
       100
       +
         restartTriggers = [ config.environment.etc."my-sysinit.d".source ];

     

       101
       101
       +
       };

     

       102
       102
       +
       ```

     

       103
       103
       +
       

     

       104
       104
       +
       You need to configure appropriate `restartTriggers` specific to your service.

+1 -1

nixos/doc/manual/development/what-happens-during-a-system-switch.chapter.md

···

       37
       37
        
       - Forget about the failed state of units (`systemctl reset-failed`)

     

       38
       38
        
       - Reload systemd (`systemctl daemon-reload`)

     

       39
       39
        
       - Reload systemd user instances (`systemctl --user daemon-reload`)

     

       40
       40
       -
       - Set up tmpfiles (`systemd-tmpfiles --create`)

     

       40
       40
       +
       - Reactivate sysinit (`systemctl restart sysinit-reactivation.target`)

     

       41
       41
        
       - Reload units (`systemctl reload`)

     

       42
       42
        
       - Restart units (`systemctl restart`)

     

       43
       43
        
       - Start units (`systemctl start`)

nixos/doc/manual/release-notes/rl-2405.section.md

···

       114
       114
        
       

     

       115
       115
        
       - The executable file names for `firefox-devedition`, `firefox-beta`, `firefox-esr` now matches their package names, which is consistent with the `firefox-*-bin` packages. The desktop entries are also updated so that you can have multiple editions of firefox in your app launcher.

     

       116
       116
        
       

     

       117
       117
       +
       - switch-to-configuration does not directly call systemd-tmpfiles anymore.

     

       118
       118
       +
         Instead, the new artificial sysinit-reactivation.target is introduced which

     

       119
       119
       +
         allows to restart multiple services that are ordered before sysinit.target

     

       120
       120
       +
         and respect the ordering between the services.

     

       121
       121
       +
       

     

       117
       122
        
       - The `systemd.oomd` module behavior is changed as:

     

       118
       123
        
       

     

       119
       124
        
         - Raise ManagedOOMMemoryPressureLimit from 50% to 80%. This should make systemd-oomd kill things less often, and fix issues like [this](https://pagure.io/fedora-workstation/issue/358).

+9 -3

nixos/modules/system/activation/switch-to-configuration.pl

···

       889
       889
        
       

     

       890
       890
        
       close($list_active_users) || die("Unable to close the file handle to loginctl");

     

       891
       891
        
       

     

       892
       892
       -
       # Set the new tmpfiles

     

       893
       893
       -
       print STDERR "setting up tmpfiles\n";

     

       894
       894
       -
       system("$new_systemd/bin/systemd-tmpfiles", "--create", "--remove", "--exclude-prefix=/dev") == 0 or $res = 3;

     

       892
       892
       +
       # Restart sysinit-reactivation.target.

     

       893
       893
       +
       # This target only exists to restart services ordered before sysinit.target. We

     

       894
       894
       +
       # cannot use X-StopOnReconfiguration to restart sysinit.target because then ALL

     

       895
       895
       +
       # services of the system would be restarted since all normal services have a

     

       896
       896
       +
       # default dependency on sysinit.target. sysinit-reactivation.target ensures

     

       897
       897
       +
       # that services ordered BEFORE sysinit.target get re-started in the correct

     

       898
       898
       +
       # order. Ordering between these services is respected.

     

       899
       899
       +
       print STDERR "restarting sysinit-reactivation.target\n";

     

       900
       900
       +
       system("$new_systemd/bin/systemctl", "restart", "sysinit-reactivation.target") == 0 or $res = 4;

     

       895
       901
        
       

     

       896
       902
        
       # Before reloading we need to ensure that the units are still active. They may have been

     

       897
       903
        
       # deactivated because one of their requirements got stopped. If they are inactive

nixos/modules/system/boot/systemd.nix

···

       569
       569
        
               unitConfig.X-StopOnReconfiguration = true;

     

       570
       570
        
             };

     

       571
       571
        
       

     

       572
       572
       +
           # This target only exists so that services ordered before sysinit.target

     

       573
       573
       +
           # are restarted in the correct order, notably BEFORE the other services,

     

       574
       574
       +
           # when switching configurations.

     

       575
       575
       +
           systemd.targets.sysinit-reactivation = {

     

       576
       576
       +
             description = "Reactivate sysinit units";

     

       577
       577
       +
           };

     

       578
       578
       +
       

     

       572
       579
        
           systemd.units =

     

       573
       580
        
                mapAttrs' (n: v: nameValuePair "${n}.path"    (pathToUnit    n v)) cfg.paths

     

       574
       581
        
             // mapAttrs' (n: v: nameValuePair "${n}.service" (serviceToUnit n v)) cfg.services

+35

nixos/modules/system/boot/systemd/tmpfiles.nix

···

       150
       150
        
             "systemd-tmpfiles-setup.service"

     

       151
       151
        
           ];

     

       152
       152
        
       

     

       153
       153
       +
           # Allow systemd-tmpfiles to be restarted by switch-to-configuration. This

     

       154
       154
       +
           # service is not pulled into the normal boot process. It only exists for

     

       155
       155
       +
           # switch-to-configuration.

     

       156
       156
       +
           #

     

       157
       157
       +
           # This needs to be a separate unit because it does not execute

     

       158
       158
       +
           # systemd-tmpfiles with `--boot` as that is supposed to only be executed

     

       159
       159
       +
           # once at boot time.

     

       160
       160
       +
           #

     

       161
       161
       +
           # Keep this aligned with the upstream `systemd-tmpfiles-setup.service` unit.

     

       162
       162
       +
           systemd.services."systemd-tmpfiles-resetup" = {

     

       163
       163
       +
             description = "Re-setup tmpfiles on a system that is already running.";

     

       164
       164
       +
       

     

       165
       165
       +
             requiredBy = [ "sysinit-reactivation.target" ];

     

       166
       166
       +
             after = [ "local-fs.target" "systemd-sysusers.service" "systemd-journald.service" ];

     

       167
       167
       +
             before = [ "sysinit-reactivation.target" "shutdown.target" ];

     

       168
       168
       +
             conflicts = [ "shutdown.target" ];

     

       169
       169
       +
             restartTriggers = [ config.environment.etc."tmpfiles.d".source ];

     

       170
       170
       +
       

     

       171
       171
       +
             unitConfig.DefaultDependencies = false;

     

       172
       172
       +
       

     

       173
       173
       +
             serviceConfig = {

     

       174
       174
       +
               Type = "oneshot";

     

       175
       175
       +
               RemainAfterExit = true;

     

       176
       176
       +
               ExecStart = "systemd-tmpfiles --create --remove --exclude-prefix=/dev";

     

       177
       177
       +
               SuccessExitStatus = "DATAERR CANTCREAT";

     

       178
       178
       +
               ImportCredential = [

     

       179
       179
       +
                 "tmpfiles.*"

     

       180
       180
       +
                 "loging.motd"

     

       181
       181
       +
                 "login.issue"

     

       182
       182
       +
                 "network.hosts"

     

       183
       183
       +
                 "ssh.authorized_keys.root"

     

       184
       184
       +
               ];

     

       185
       185
       +
             };

     

       186
       186
       +
           };

     

       187
       187
       +
       

     

       153
       188
        
           environment.etc = {

     

       154
       189
        
             "tmpfiles.d".source = (pkgs.symlinkJoin {

     

       155
       190
        
               name = "tmpfiles.d";

nixos/tests/all-tests.nix

···

       819
       819
        
         syncthing-init = handleTest ./syncthing-init.nix {};

     

       820
       820
        
         syncthing-many-devices = handleTest ./syncthing-many-devices.nix {};

     

       821
       821
        
         syncthing-relay = handleTest ./syncthing-relay.nix {};

     

       822
       822
       +
         sysinit-reactivation = runTest ./sysinit-reactivation.nix;

     

       822
       823
        
         systemd = handleTest ./systemd.nix {};

     

       823
       824
        
         systemd-analyze = handleTest ./systemd-analyze.nix {};

     

       824
       825
        
         systemd-binfmt = handleTestOn ["x86_64-linux"] ./systemd-binfmt.nix {};

+107

nixos/tests/sysinit-reactivation.nix

···

       1
       1
       +
       # This runs to two scenarios but in one tests:

     

       2
       2
       +
       # - A post-sysinit service needs to be restarted AFTER tmpfiles was restarted.

     

       3
       3
       +
       # - A service needs to be restarted BEFORE tmpfiles is restarted

     

       4
       4
       +
       

     

       5
       5
       +
       { lib, ... }:

     

       6
       6
       +
       

     

       7
       7
       +
       let

     

       8
       8
       +
         makeGeneration = generation: {

     

       9
       9
       +
           "${generation}".configuration = {

     

       10
       10
       +
             systemd.services.pre-sysinit-before-tmpfiles.environment.USER =

     

       11
       11
       +
               lib.mkForce "${generation}-tmpfiles-user";

     

       12
       12
       +
       

     

       13
       13
       +
             systemd.services.pre-sysinit-after-tmpfiles.environment = {

     

       14
       14
       +
               NEEDED_PATH = lib.mkForce "/run/${generation}-needed-by-pre-sysinit-after-tmpfiles";

     

       15
       15
       +
               PATH_TO_CREATE = lib.mkForce "/run/${generation}-needed-by-post-sysinit";

     

       16
       16
       +
             };

     

       17
       17
       +
       

     

       18
       18
       +
             systemd.services.post-sysinit.environment = {

     

       19
       19
       +
               NEEDED_PATH = lib.mkForce "/run/${generation}-needed-by-post-sysinit";

     

       20
       20
       +
               PATH_TO_CREATE = lib.mkForce "/run/${generation}-created-by-post-sysinit";

     

       21
       21
       +
             };

     

       22
       22
       +
       

     

       23
       23
       +
             systemd.tmpfiles.settings.test = lib.mkForce {

     

       24
       24
       +
               "/run/${generation}-needed-by-pre-sysinit-after-tmpfiles".f.user =

     

       25
       25
       +
                 "${generation}-tmpfiles-user";

     

       26
       26
       +
             };

     

       27
       27
       +
           };

     

       28
       28
       +
         };

     

       29
       29
       +
       in

     

       30
       30
       +
       

     

       31
       31
       +
       {

     

       32
       32
       +
       

     

       33
       33
       +
         name = "sysinit-reactivation";

     

       34
       34
       +
       

     

       35
       35
       +
         meta.maintainers = with lib.maintainers; [ nikstur ];

     

       36
       36
       +
       

     

       37
       37
       +
         nodes.machine = { config, lib, pkgs, ... }: {

     

       38
       38
       +
           systemd.services.pre-sysinit-before-tmpfiles = {

     

       39
       39
       +
             wantedBy = [ "sysinit.target" ];

     

       40
       40
       +
             requiredBy = [ "sysinit-reactivation.target" ];

     

       41
       41
       +
             before = [ "systemd-tmpfiles-setup.service" "systemd-tmpfiles-resetup.service" ];

     

       42
       42
       +
             unitConfig.DefaultDependencies = false;

     

       43
       43
       +
             serviceConfig.Type = "oneshot";

     

       44
       44
       +
             serviceConfig.RemainAfterExit = true;

     

       45
       45
       +
             environment.USER = "tmpfiles-user";

     

       46
       46
       +
             script = "${pkgs.shadow}/bin/useradd $USER";

     

       47
       47
       +
           };

     

       48
       48
       +
       

     

       49
       49
       +
           systemd.services.pre-sysinit-after-tmpfiles = {

     

       50
       50
       +
             wantedBy = [ "sysinit.target" ];

     

       51
       51
       +
             requiredBy = [ "sysinit-reactivation.target" ];

     

       52
       52
       +
             after = [ "systemd-tmpfiles-setup.service" "systemd-tmpfiles-resetup.service" ];

     

       53
       53
       +
             unitConfig.DefaultDependencies = false;

     

       54
       54
       +
             serviceConfig.Type = "oneshot";

     

       55
       55
       +
             serviceConfig.RemainAfterExit = true;

     

       56
       56
       +
             environment = {

     

       57
       57
       +
               NEEDED_PATH = "/run/needed-by-pre-sysinit-after-tmpfiles";

     

       58
       58
       +
               PATH_TO_CREATE = "/run/needed-by-post-sysinit";

     

       59
       59
       +
             };

     

       60
       60
       +
             script = ''

     

       61
       61
       +
               if [[ -e $NEEDED_PATH ]]; then

     

       62
       62
       +
                 touch $PATH_TO_CREATE

     

       63
       63
       +
               fi

     

       64
       64
       +
             '';

     

       65
       65
       +
           };

     

       66
       66
       +
       

     

       67
       67
       +
           systemd.services.post-sysinit = {

     

       68
       68
       +
             wantedBy = [ "default.target" ];

     

       69
       69
       +
             serviceConfig.Type = "oneshot";

     

       70
       70
       +
             serviceConfig.RemainAfterExit = true;

     

       71
       71
       +
             environment = {

     

       72
       72
       +
               NEEDED_PATH = "/run/needed-by-post-sysinit";

     

       73
       73
       +
               PATH_TO_CREATE = "/run/created-by-post-sysinit";

     

       74
       74
       +
             };

     

       75
       75
       +
             script = ''

     

       76
       76
       +
               if [[ -e $NEEDED_PATH ]]; then

     

       77
       77
       +
                 touch $PATH_TO_CREATE

     

       78
       78
       +
               fi

     

       79
       79
       +
             '';

     

       80
       80
       +
           };

     

       81
       81
       +
       

     

       82
       82
       +
           systemd.tmpfiles.settings.test = {

     

       83
       83
       +
             "/run/needed-by-pre-sysinit-after-tmpfiles".f.user =

     

       84
       84
       +
               "tmpfiles-user";

     

       85
       85
       +
           };

     

       86
       86
       +
       

     

       87
       87
       +
           specialisation = lib.mkMerge [

     

       88
       88
       +
             (makeGeneration "second")

     

       89
       89
       +
             (makeGeneration "third")

     

       90
       90
       +
           ];

     

       91
       91
       +
         };

     

       92
       92
       +
       

     

       93
       93
       +
         testScript = { nodes, ... }: ''

     

       94
       94
       +
           def switch(generation):

     

       95
       95
       +
             toplevel = "${nodes.machine.system.build.toplevel}";

     

       96
       96
       +
             machine.succeed(f"{toplevel}/specialisation/{generation}/bin/switch-to-configuration switch")

     

       97
       97
       +
       

     

       98
       98
       +
           machine.wait_for_unit("default.target")

     

       99
       99
       +
           machine.succeed("test -e /run/created-by-post-sysinit")

     

       100
       100
       +
       

     

       101
       101
       +
           switch("second")

     

       102
       102
       +
           machine.succeed("test -e /run/second-created-by-post-sysinit")

     

       103
       103
       +
       

     

       104
       104
       +
           switch("third")

     

       105
       105
       +
           machine.succeed("test -e /run/third-created-by-post-sysinit")

     

       106
       106
       +
         '';

     

       107
       107
       +
       }