pyrox.dev / nixpkgs
lol
fork atom

nixos/boot: add postResumeCommands option

Adds a postResumeCommands option to the initramfs to allow inserting
code to execute after the device has attempted to resume, and before
filesystems are mounted. This allows to inject code for operations like
wiping the rootfs on boot; if those were instead put in
postDeviceCommands, on a hibernated device, they would execute before
the device resumes from hibernation.

Archit Gupta 2a4b82c4 85f1ba3e

options
unified split
Changed files
+12 -1
nixos
modules
system
boot
stage-1-init.sh
stage-1.nix
systemd
initrd.nix
+2
nixos/modules/system/boot/stage-1-init.sh 
···

       
498

       
498

       
 

       
    fi


     

       
499

       
499

       
 

       
fi


     

       
500

       
500

       
 

       



     

       

       
501

       
+

       
@postResumeCommands@


     

       

       
502

       
+

       



     

       
501

       
503

       
 

       
# If we have a path to an iso file, find the iso and link it to /dev/root


     

       
502

       
504

       
 

       
if [ -n "$isoPath" ]; then


     

       
503

       
505

       
 

       
  mkdir -p /findiso
+9 -1
nixos/modules/system/boot/stage-1.nix 
···

       
316

       
316

       
 

       
    inherit (config.system.build) earlyMountScript;


     

       
317

       
317

       
 

       



     

       
318

       
318

       
 

       
    inherit (config.boot.initrd) checkJournalingFS verbose


     

       
319

       

       
-

       
      preLVMCommands preDeviceCommands postDeviceCommands postMountCommands preFailCommands kernelModules;


     

       

       
319

       
+

       
      preLVMCommands preDeviceCommands postDeviceCommands postResumeCommands postMountCommands preFailCommands kernelModules;


     

       
320

       
320

       
 

       



     

       
321

       
321

       
 

       
    resumeDevices = map (sd: if sd ? device then sd.device else "/dev/disk/by-label/${sd.label}")


     

       
322

       
322

       
 

       
                    (filter (sd: hasPrefix "/dev/" sd.device && !sd.randomEncryption.enable


     
···

       
521

       
521

       
 

       
        Shell commands to be executed immediately after stage 1 of the


     

       
522

       
522

       
 

       
        boot has loaded kernel modules and created device nodes in


     

       
523

       
523

       
 

       
        {file}`/dev`.


     

       

       
524

       
+

       
      '';


     

       

       
525

       
+

       
    };


     

       

       
526

       
+

       



     

       

       
527

       
+

       
    boot.initrd.postResumeCommands = mkOption {


     

       

       
528

       
+

       
      default = "";


     

       

       
529

       
+

       
      type = types.lines;


     

       

       
530

       
+

       
      description = lib.mdDoc ''


     

       

       
531

       
+

       
        Shell commands to be executed immediately after attempting to resume.


     

       
524

       
532

       
 

       
      '';


     

       
525

       
533

       
 

       
    };


     

       
526

       
534
+1
nixos/modules/system/boot/systemd/initrd.nix 
···

       
358

       
358

       
 

       
      [ "preDeviceCommands" ]


     

       
359

       
359

       
 

       
      [ "preLVMCommands" ]


     

       
360

       
360

       
 

       
      [ "postDeviceCommands" ]


     

       

       
361

       
+

       
      [ "postResumeCommands" ]


     

       
361

       
362

       
 

       
      [ "postMountCommands" ]


     

       
362

       
363

       
 

       
      [ "extraUdevRulesCommands" ]


     

       
363

       
364

       
 

       
      [ "extraUtilsCommands" ]