Conversation
flokli
left a comment
There was a problem hiding this comment.
I don't quite understand why we can't just also ship all .network and .netdev files in the initrd. Did you run into troubles when doing that?
There was a problem hiding this comment.
This is unrelated to this PR, no?
There was a problem hiding this comment.
Sort of? I needed it because sshd requires the root account to be unlocked.
e9ee154 to
88e7633
Compare
88e7633 to
7a778fd
Compare
There was a problem hiding this comment.
| path = [ cfgc.package pkgs.gawk pkgs.coreutils ]; | |
| path = with pkgs; [ cfgc.package gawk coreutils ]; |
There was a problem hiding this comment.
I'd rather avoid with whenever reasonable. Even in simple examples like this.
There was a problem hiding this comment.
I actually would say we should highly recommend it to be used in small lists with repeating prefixes. With my change it is very easy to see with a glance what packages are added but with the extra pkgs. prefix I can barely parse it.
There was a problem hiding this comment.
On top of the fact that I and many others strongly disagree with that on account of with introducing dynamic scoping that requires logical analysis instead of simpler lexical analysis to understand, this is also not a matter of substance to this PR as the line being commented on is a pre-existing one.
7a778fd to
eaae5cb
Compare
ba27910 to
1ee4193
Compare
1ee4193 to
a76cd70
Compare
|
I've added a warning if no networks are configured, since we don't automatically configure anything like the scripted initrd does. I've also decided not to mangle |
a76cd70 to
a0f0c2d
Compare
a0f0c2d to
63aaff4
Compare
initrd-secrets: Fix service config with systemd-stage-1
4ce87ec to
47c05f9
Compare
|
Rebased on nixos-unstable-small, along with the openvpn |
flokli
left a comment
There was a problem hiding this comment.
I'd personally feel more comfortable if the OpenVPN and flush bits would be separate PRs. It might trigger some more discussion, blocking this PR more than necessary.
There was a problem hiding this comment.
Why do we have OpenVPN both as postCommand forking off and as a systemd unit?
There was a problem hiding this comment.
The network.postCommands part is for scripted stage 1. The systemd stage 1 has been deliberately designed not to implement the boot.initrd.*Commands options, for reasons outlined in the original PR.
There was a problem hiding this comment.
I've pushed changes adopting the convention of using mkIf (!config.boot.initrd.systemd.enable) for these *Commands options in the ssh and openvpn modules, in order to make it clear what they're for, and to help ensure those options are not used at all when systemd initrd is in use.
d310410 to
e94f56b
Compare
lilyinstarlight
left a comment
There was a problem hiding this comment.
This looks pretty fabulous; thank you for this work!
Most of the technical questions I would have had seem to have already been asked or addressed, but I did leave a few review comments
06f89d3 to
0ff1545
Compare
0ff1545 to
3cb9534
Compare
|
🎊 🚀 I've been excited for this one for a while, thank you to everyone! |
Description of changes
Use systemd-networkd for networking in stage 1.
systemd-networkuser/group.networking.interfacesto the same level as scripted initrd.networkctlcan work.Things done
sandbox = trueset innix.conf? (See Nix manual)nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage./result/bin/)nixos/doc/manual/md-to-db.shto update generated release notes