From d558554243bc22db645792ab6f597d92a700334b Mon Sep 17 00:00:00 2001 From: r-vdp Date: Wed, 4 Sep 2024 11:35:44 +0200 Subject: [PATCH 1/2] initrd: use the new tmpfiles options to create tmpfiles config Otherwise we get a clash when generating the initrd since the initrd tmpfiles options create a symlink at /etc/tmpfiles.d/ and any subsequent writes inside this directory because of initrd.systemd.contents will cause a permission denied error. --- nixos/modules/system/boot/resolved.nix | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/nixos/modules/system/boot/resolved.nix b/nixos/modules/system/boot/resolved.nix index b658a7a2dc05..65c00b694e0f 100644 --- a/nixos/modules/system/boot/resolved.nix +++ b/nixos/modules/system/boot/resolved.nix @@ -205,11 +205,12 @@ in boot.initrd.systemd = { contents = { - "/etc/tmpfiles.d/resolv.conf".text = - "L /etc/resolv.conf - - - - /run/systemd/resolve/stub-resolv.conf"; "/etc/systemd/resolved.conf".text = resolvedConf; }; + tmpfiles.settings.systemd-resolved-stub."/etc/resolv.conf".L.argument = + "/run/systemd/resolve/stub-resolv.conf"; + additionalUpstreamUnits = ["systemd-resolved.service"]; users.systemd-resolve = {}; groups.systemd-resolve = {}; From 6ccc6bf4d2a6fac38236f7453149e402e443721e Mon Sep 17 00:00:00 2001 From: r-vdp Date: Wed, 4 Sep 2024 12:17:39 +0200 Subject: [PATCH 2/2] initrd: emit a warning when tmpfiles config is created manually --- nixos/modules/system/boot/systemd/tmpfiles.nix | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/nixos/modules/system/boot/systemd/tmpfiles.nix b/nixos/modules/system/boot/systemd/tmpfiles.nix index f609da314c86..44c72f2768cc 100644 --- a/nixos/modules/system/boot/systemd/tmpfiles.nix +++ b/nixos/modules/system/boot/systemd/tmpfiles.nix @@ -163,6 +163,20 @@ in }; config = { + warnings = + let + paths = lib.filter (path: + path != null && lib.hasPrefix "/etc/tmpfiles.d/" path + ) (map (path: path.target) config.boot.initrd.systemd.storePaths); + in + lib.optional (lib.length paths > 0) (lib.concatStringsSep " " [ + "Files inside /etc/tmpfiles.d in the initrd need to be created with" + "boot.initrd.systemd.tmpfiles.settings." + "Creating them by hand using boot.initrd.systemd.contents or" + "boot.initrd.systemd.storePaths will lead to errors in the future." + "Found these problematic files: ${lib.concatStringsSep ", " paths}" + ]); + systemd.additionalUpstreamSystemUnits = [ "systemd-tmpfiles-clean.service" "systemd-tmpfiles-clean.timer"