3
0
Fork 0
forked from mirrors/nixpkgs

systemd-initrd: Support secrets when boot loader doesn't

initrd-secrets: Fix service config with systemd-stage-1
This commit is contained in:
Will Fancher 2022-08-08 19:09:37 -04:00
parent 71983a6eb5
commit fef26d88e2
4 changed files with 5 additions and 7 deletions

View file

@ -19,13 +19,13 @@
# drop this service, we'd mount the /run tmpfs over the secret, making it
# invisible in stage 2.
script = ''
for secret in $(cd /.initrd-secrets; find . -type f); do
for secret in $(cd /.initrd-secrets; find . -type f -o -type l); do
mkdir -p "$(dirname "/$secret")"
cp "/.initrd-secrets/$secret" "/$secret"
done
'';
unitConfig = {
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};

View file

@ -880,6 +880,8 @@ in
boot.initrd.kernelModules = optionals (cfg.useNixStoreImage && !cfg.writableStore) [ "erofs" ];
boot.loader.supportsInitrdSecrets = mkIf (!cfg.useBootLoader) (mkVMOverride false);
boot.initrd.extraUtilsCommands = lib.mkIf (cfg.useDefaultFilesystems && !config.boot.initrd.systemd.enable)
''
# We need mke2fs in the initrd.

View file

@ -26,7 +26,7 @@ import ../make-test-python.nix ({ lib, ...}:
enable = true;
openvpn = {
enable = true;
configuration = "/dev/null";
configuration = builtins.toFile "initrd.ovpn" "";
};
};
};

View file

@ -22,10 +22,6 @@ import ../make-test-python.nix ({ lib, ... }:
hostKeys = [ ./ssh_host_ed25519_key ];
};
};
boot.initrd.extraUtilsCommands = ''
mkdir -p $out/secrets/etc/ssh
cat "${./ssh_host_ed25519_key}" > $out/secrets/etc/ssh/sh_host_ed25519_key
'';
boot.initrd.preLVMCommands = ''
while true; do
if [ -f fnord ]; then