From 30a00c29c4b0be54cee6f8bcfb2fdde583454407 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Janne=20He=C3=9F?= Date: Fri, 15 Apr 2022 11:23:02 +0100 Subject: [PATCH] nixos/systemd: Properly shut down the system --- .../from_md/release-notes/rl-2205.section.xml | 8 +++++ .../manual/release-notes/rl-2205.section.md | 2 ++ nixos/modules/module-list.nix | 1 + .../modules/system/boot/systemd/shutdown.nix | 32 +++++++++++++++++++ nixos/tests/all-tests.nix | 2 ++ nixos/tests/systemd-shutdown.nix | 21 ++++++++++++ 6 files changed, 66 insertions(+) create mode 100644 nixos/modules/system/boot/systemd/shutdown.nix create mode 100644 nixos/tests/systemd-shutdown.nix diff --git a/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml index 86e952ae70c8..4c1f85cc7920 100644 --- a/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml +++ b/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml @@ -1184,6 +1184,14 @@ systemd.nspawn.<name>.execConfig.PrivateUsers = false + + + systemd-shutdown is now properly linked on + shutdown to unmount all filesystems and device mapper devices + cleanly. This can be disabled using + boot.systemd.shutdown.enable. + + The Tor SOCKS proxy is now actually disabled if diff --git a/nixos/doc/manual/release-notes/rl-2205.section.md b/nixos/doc/manual/release-notes/rl-2205.section.md index 68ca9a6c3c84..4b57b1be0354 100644 --- a/nixos/doc/manual/release-notes/rl-2205.section.md +++ b/nixos/doc/manual/release-notes/rl-2205.section.md @@ -455,6 +455,8 @@ In addition to numerous new and upgraded packages, this release has the followin - `systemd-nspawn@.service` settings have been reverted to the default systemd behaviour. User namespaces are now activated by default. If you want to keep running nspawn containers without user namespaces you need to set `systemd.nspawn..execConfig.PrivateUsers = false` +- `systemd-shutdown` is now properly linked on shutdown to unmount all filesystems and device mapper devices cleanly. This can be disabled using `boot.systemd.shutdown.enable`. + - The Tor SOCKS proxy is now actually disabled if `services.tor.client.enable` is set to `false` (the default). If you are using this functionality but didn't change the setting or set it to `false`, you now need to set it to `true`. - The terraform 0.12 compatibility has been removed and the `terraform.withPlugins` and `terraform-providers.mkProvider` implementations simplified. Providers now need to be stored under diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 05cef36c7820..515e6b6b0f70 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -1184,6 +1184,7 @@ ./system/boot/systemd/journald.nix ./system/boot/systemd/logind.nix ./system/boot/systemd/nspawn.nix + ./system/boot/systemd/shutdown.nix ./system/boot/systemd/tmpfiles.nix ./system/boot/systemd/user.nix ./system/boot/systemd/initrd.nix diff --git a/nixos/modules/system/boot/systemd/shutdown.nix b/nixos/modules/system/boot/systemd/shutdown.nix new file mode 100644 index 000000000000..934269316676 --- /dev/null +++ b/nixos/modules/system/boot/systemd/shutdown.nix @@ -0,0 +1,32 @@ +{ config, lib, ... }: let + + cfg = config.boot.systemd.shutdown; + +in { + options.boot.systemd.shutdown = { + enable = lib.mkEnableOption "pivoting back to an initramfs for shutdown" // { default = true; }; + }; + + config = lib.mkIf cfg.enable { + systemd.services.generate-shutdown-ramfs = { + description = "Generate shutdown ramfs"; + before = [ "shutdown.target" ]; + unitConfig = { + DefaultDependencies = false; + ConditionFileIsExecutable = [ + "!/run/initramfs/shutdown" + "/run/current-system/systemd/lib/systemd/systemd-shutdown" + ]; + }; + + serviceConfig.Type = "oneshot"; + script = '' + mkdir -p /run/initramfs + if ! mountpoint -q /run/initramfs; then + mount -t tmpfs tmpfs /run/initramfs + fi + cp /run/current-system/systemd/lib/systemd/systemd-shutdown /run/initramfs/shutdown + ''; + }; + }; +} diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index cb68ef685300..e4ea75c5db81 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -521,6 +521,7 @@ in systemd-confinement = handleTest ./systemd-confinement.nix {}; systemd-cryptenroll = handleTest ./systemd-cryptenroll.nix {}; systemd-escaping = handleTest ./systemd-escaping.nix {}; + systemd-initrd-shutdown = handleTest ./systemd-shutdown.nix { systemdStage1 = true; }; systemd-initrd-simple = handleTest ./systemd-initrd-simple.nix {}; systemd-initrd-swraid = handleTest ./systemd-initrd-swraid.nix {}; systemd-journal = handleTest ./systemd-journal.nix {}; @@ -531,6 +532,7 @@ in systemd-networkd-ipv6-prefix-delegation = handleTest ./systemd-networkd-ipv6-prefix-delegation.nix {}; systemd-networkd-vrf = handleTest ./systemd-networkd-vrf.nix {}; systemd-nspawn = handleTest ./systemd-nspawn.nix {}; + systemd-shutdown = handleTest ./systemd-shutdown.nix {}; systemd-timesyncd = handleTest ./systemd-timesyncd.nix {}; systemd-misc = handleTest ./systemd-misc.nix {}; taskserver = handleTest ./taskserver.nix {}; diff --git a/nixos/tests/systemd-shutdown.nix b/nixos/tests/systemd-shutdown.nix new file mode 100644 index 000000000000..9283489c2559 --- /dev/null +++ b/nixos/tests/systemd-shutdown.nix @@ -0,0 +1,21 @@ +import ./make-test-python.nix ({ pkgs, systemdStage1 ? false, ...} : { + name = "systemd-shutdown"; + meta = with pkgs.lib.maintainers; { + maintainers = [ das_j ]; + }; + + nodes.machine = { + imports = [ ../modules/profiles/minimal.nix ]; + boot.initrd.systemd.enable = systemdStage1; + }; + + testScript = '' + machine.wait_for_unit("multi-user.target") + # .shutdown() would wait for the machine to power off + machine.succeed("systemctl poweroff") + # Message printed by systemd-shutdown + machine.wait_for_console_text("All filesystems, swaps, loop devices, MD devices and DM devices detached.") + # Don't try to sync filesystems + machine.booted = False + ''; +})