forked from mirrors/nixpkgs
systemd-initrd: Support secrets when boot loader doesn't
initrd-secrets: Fix service config with systemd-stage-1
This commit is contained in:
parent
71983a6eb5
commit
fef26d88e2
|
@ -19,13 +19,13 @@
|
|||
# drop this service, we'd mount the /run tmpfs over the secret, making it
|
||||
# invisible in stage 2.
|
||||
script = ''
|
||||
for secret in $(cd /.initrd-secrets; find . -type f); do
|
||||
for secret in $(cd /.initrd-secrets; find . -type f -o -type l); do
|
||||
mkdir -p "$(dirname "/$secret")"
|
||||
cp "/.initrd-secrets/$secret" "/$secret"
|
||||
done
|
||||
'';
|
||||
|
||||
unitConfig = {
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
RemainAfterExit = true;
|
||||
};
|
||||
|
|
|
@ -880,6 +880,8 @@ in
|
|||
|
||||
boot.initrd.kernelModules = optionals (cfg.useNixStoreImage && !cfg.writableStore) [ "erofs" ];
|
||||
|
||||
boot.loader.supportsInitrdSecrets = mkIf (!cfg.useBootLoader) (mkVMOverride false);
|
||||
|
||||
boot.initrd.extraUtilsCommands = lib.mkIf (cfg.useDefaultFilesystems && !config.boot.initrd.systemd.enable)
|
||||
''
|
||||
# We need mke2fs in the initrd.
|
||||
|
|
|
@ -26,7 +26,7 @@ import ../make-test-python.nix ({ lib, ...}:
|
|||
enable = true;
|
||||
openvpn = {
|
||||
enable = true;
|
||||
configuration = "/dev/null";
|
||||
configuration = builtins.toFile "initrd.ovpn" "";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
@ -22,10 +22,6 @@ import ../make-test-python.nix ({ lib, ... }:
|
|||
hostKeys = [ ./ssh_host_ed25519_key ];
|
||||
};
|
||||
};
|
||||
boot.initrd.extraUtilsCommands = ''
|
||||
mkdir -p $out/secrets/etc/ssh
|
||||
cat "${./ssh_host_ed25519_key}" > $out/secrets/etc/ssh/sh_host_ed25519_key
|
||||
'';
|
||||
boot.initrd.preLVMCommands = ''
|
||||
while true; do
|
||||
if [ -f fnord ]; then
|
||||
|
|
Loading…
Reference in a new issue