From 2a37dd8ab3c9fd8f703c7268de3ca3f130904bf8 Mon Sep 17 00:00:00 2001 From: Guillaume Girol Date: Mon, 27 Dec 2021 12:00:00 +0000 Subject: [PATCH] nixos/systemd: validate the values of systemd.services..after and similar option. Notably check that they end with one of .service, .target, etc. --- nixos/lib/systemd-lib.nix | 3 +++ nixos/lib/systemd-unit-options.nix | 24 ++++++++++++------------ 2 files changed, 15 insertions(+), 12 deletions(-) diff --git a/nixos/lib/systemd-lib.nix b/nixos/lib/systemd-lib.nix index 6c4d27018eed..52b33af9322a 100644 --- a/nixos/lib/systemd-lib.nix +++ b/nixos/lib/systemd-lib.nix @@ -11,6 +11,9 @@ in rec { mkPathSafeName = lib.replaceChars ["@" ":" "\\" "[" "]"] ["-" "-" "-" "" ""]; + # a type for options that take a unit name + unitNameType = types.strMatching "[a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"; + makeUnit = name: unit: if unit.enable then pkgs.runCommand "unit-${mkPathSafeName name}" diff --git a/nixos/lib/systemd-unit-options.nix b/nixos/lib/systemd-unit-options.nix index 01f954a4d3e0..14d64e65038c 100644 --- a/nixos/lib/systemd-unit-options.nix +++ b/nixos/lib/systemd-unit-options.nix @@ -45,7 +45,7 @@ in rec { requiredBy = mkOption { default = []; - type = types.listOf types.str; + type = types.listOf unitNameType; description = '' Units that require (i.e. depend on and need to go down with) this unit. The discussion under wantedBy @@ -56,7 +56,7 @@ in rec { wantedBy = mkOption { default = []; - type = types.listOf types.str; + type = types.listOf unitNameType; description = '' Units that want (i.e. depend on) this unit. The standard way to make a unit start by default at boot is to set this option @@ -73,7 +73,7 @@ in rec { aliases = mkOption { default = []; - type = types.listOf types.str; + type = types.listOf unitNameType; description = "Aliases of that unit."; }; @@ -110,7 +110,7 @@ in rec { requires = mkOption { default = []; - type = types.listOf types.str; + type = types.listOf unitNameType; description = '' Start the specified units when this unit is started, and stop this unit when the specified units are stopped or fail. @@ -119,7 +119,7 @@ in rec { wants = mkOption { default = []; - type = types.listOf types.str; + type = types.listOf unitNameType; description = '' Start the specified units when this unit is started. ''; @@ -127,7 +127,7 @@ in rec { after = mkOption { default = []; - type = types.listOf types.str; + type = types.listOf unitNameType; description = '' If the specified units are started at the same time as this unit, delay this unit until they have started. @@ -136,7 +136,7 @@ in rec { before = mkOption { default = []; - type = types.listOf types.str; + type = types.listOf unitNameType; description = '' If the specified units are started at the same time as this unit, delay them until this unit has started. @@ -145,7 +145,7 @@ in rec { bindsTo = mkOption { default = []; - type = types.listOf types.str; + type = types.listOf unitNameType; description = '' Like ‘requires’, but in addition, if the specified units unexpectedly disappear, this unit will be stopped as well. @@ -154,7 +154,7 @@ in rec { partOf = mkOption { default = []; - type = types.listOf types.str; + type = types.listOf unitNameType; description = '' If the specified units are stopped or restarted, then this unit is stopped or restarted as well. @@ -163,7 +163,7 @@ in rec { conflicts = mkOption { default = []; - type = types.listOf types.str; + type = types.listOf unitNameType; description = '' If the specified units are started, then this unit is stopped and vice versa. @@ -172,7 +172,7 @@ in rec { requisite = mkOption { default = []; - type = types.listOf types.str; + type = types.listOf unitNameType; description = '' Similar to requires. However if the units listed are not started, they will not be started and the transaction will fail. @@ -203,7 +203,7 @@ in rec { onFailure = mkOption { default = []; - type = types.listOf types.str; + type = types.listOf unitNameType; description = '' A list of one or more units that are activated when this unit enters the "failed" state.